summaryrefslogtreecommitdiff
path: root/src/regress
diff options
context:
space:
mode:
Diffstat (limited to 'src/regress')
-rw-r--r--src/regress/lib/libc/Makefile10
-rw-r--r--src/regress/lib/libc/elf_aux_info/elf_aux_info.c3
-rw-r--r--src/regress/lib/libc/explicit_bzero/explicit_bzero.c4
-rw-r--r--src/regress/lib/libc/hash/hash_test.c6
-rw-r--r--src/regress/lib/libc/illumos/Makefile7
-rw-r--r--src/regress/lib/libc/illumos/Makefile.inc9
-rw-r--r--src/regress/lib/libc/illumos/oclo/Makefile18
-rw-r--r--src/regress/lib/libc/malloc/malloc_errs/malloc_errs.c15
-rw-r--r--src/regress/lib/libc/malloc/malloc_general/malloc_general.c10
-rw-r--r--src/regress/lib/libc/malloc/malloc_ulimit1/malloc_ulimit1.c4
-rw-r--r--src/regress/lib/libc/stdio/Makefile29
-rw-r--r--src/regress/lib/libc/stdio/test___fpending.c58
-rw-r--r--src/regress/lib/libc/stdio/test___freadahead.c71
-rw-r--r--src/regress/lib/libc/stdio/test___freading.c125
-rw-r--r--src/regress/lib/libc/stdio/test___freadptr.c78
-rw-r--r--src/regress/lib/libc/stdio/test___fseterr.c60
-rw-r--r--src/regress/lib/libc/stdio/test___fwriting.c83
-rw-r--r--src/regress/lib/libc/stdio/test_fflush.c345
-rw-r--r--src/regress/lib/libc/stdio/test_ungetwc.c90
-rw-r--r--src/regress/lib/libc/sys/t_fork.c6
-rw-r--r--src/regress/lib/libc/sys/t_getrusage.c4
-rw-r--r--src/regress/lib/libc/time/time_conversion/timetest.c158
-rw-r--r--src/regress/lib/libcrypto/aes/aes_test.c303
-rw-r--r--src/regress/lib/libcrypto/asn1/Makefile2
-rw-r--r--src/regress/lib/libcrypto/asn1/asn1basic.c494
-rw-r--r--src/regress/lib/libcrypto/asn1/asn1complex.c8
-rw-r--r--src/regress/lib/libcrypto/asn1/asn1time.c26
-rw-r--r--src/regress/lib/libcrypto/bio/bio_dump.c4
-rw-r--r--src/regress/lib/libcrypto/bn/bn_mul_div.c15
-rw-r--r--src/regress/lib/libcrypto/bn/bn_print.c4
-rw-r--r--src/regress/lib/libcrypto/bn/bn_test.c17
-rw-r--r--src/regress/lib/libcrypto/bn/bn_word.c4
-rw-r--r--src/regress/lib/libcrypto/c2sp/Makefile13
-rw-r--r--src/regress/lib/libcrypto/certs/Makefile19
-rw-r--r--src/regress/lib/libcrypto/des/destest.c14
-rw-r--r--src/regress/lib/libcrypto/ec/Makefile9
-rw-r--r--src/regress/lib/libcrypto/ec/ec_arithmetic.c210
-rw-r--r--src/regress/lib/libcrypto/ec/ec_asn1_test.c337
-rw-r--r--src/regress/lib/libcrypto/ec/ectest.c9
-rw-r--r--src/regress/lib/libcrypto/evp/evp_pkey_cleanup.c4
-rw-r--r--src/regress/lib/libcrypto/evp/evp_test.c82
-rw-r--r--src/regress/lib/libcrypto/free/Makefile6
-rw-r--r--src/regress/lib/libcrypto/free/freenull.c.head3
-rw-r--r--src/regress/lib/libcrypto/gcm128/gcm128test.c32
-rwxr-xr-xsrc/regress/lib/libcrypto/man/check_complete.pl20
-rw-r--r--src/regress/lib/libcrypto/md/Makefile18
-rw-r--r--src/regress/lib/libcrypto/md/md_test.c210
-rw-r--r--src/regress/lib/libcrypto/mlkem/Makefile4
-rw-r--r--src/regress/lib/libcrypto/mlkem/mlkem768_encap_tests.txt20
-rw-r--r--src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c180
-rw-r--r--src/regress/lib/libcrypto/mlkem/mlkem_tests.c298
-rw-r--r--src/regress/lib/libcrypto/mlkem/mlkem_tests_util.c213
-rw-r--r--src/regress/lib/libcrypto/mlkem/mlkem_tests_util.h63
-rw-r--r--src/regress/lib/libcrypto/mlkem/mlkem_unittest.c312
-rw-r--r--src/regress/lib/libcrypto/mlkem/parse_test_file.c11
-rw-r--r--src/regress/lib/libcrypto/rsa/rsa_method_test.c4
-rw-r--r--src/regress/lib/libcrypto/sha/Makefile8
-rw-r--r--src/regress/lib/libcrypto/sha/sha_test.c286
-rw-r--r--src/regress/lib/libcrypto/symbols/symbols.awk10
-rw-r--r--src/regress/lib/libcrypto/test/test.c226
-rw-r--r--src/regress/lib/libcrypto/test/test.h137
-rw-r--r--src/regress/lib/libcrypto/test/test_util.c51
-rw-r--r--src/regress/lib/libcrypto/wycheproof/Makefile12
-rw-r--r--src/regress/lib/libcrypto/wycheproof/wycheproof-json.pl4
-rw-r--r--src/regress/lib/libcrypto/wycheproof/wycheproof-primes.c23
-rw-r--r--src/regress/lib/libcrypto/wycheproof/wycheproof.go819
-rw-r--r--src/regress/lib/libcrypto/x509/bettertls/Makefile8
-rw-r--r--src/regress/lib/libcrypto/x509/x509_extensions_test.c4
-rw-r--r--src/regress/lib/libssl/asn1/asn1test.c24
-rw-r--r--src/regress/lib/libssl/client/clienttest.c360
-rw-r--r--src/regress/lib/libssl/interop/Makefile4
-rw-r--r--src/regress/lib/libssl/interop/botan/Makefile9
-rw-r--r--src/regress/lib/libssl/interop/cert/Makefile9
-rw-r--r--src/regress/lib/libssl/interop/cipher/Makefile17
-rw-r--r--src/regress/lib/libssl/interop/netcat/Makefile9
-rw-r--r--src/regress/lib/libssl/interop/openssl33/Makefile44
-rw-r--r--src/regress/lib/libssl/interop/openssl34/Makefile44
-rw-r--r--src/regress/lib/libssl/interop/openssl35/Makefile44
-rw-r--r--src/regress/lib/libssl/interop/session/Makefile9
-rw-r--r--src/regress/lib/libssl/interop/version/Makefile12
-rw-r--r--src/regress/lib/libssl/openssl-ruby/Makefile23
-rw-r--r--src/regress/lib/libssl/tlsext/tlsexttest.c10
-rw-r--r--src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py308
-rw-r--r--src/regress/lib/libssl/unit/Makefile4
-rw-r--r--src/regress/lib/libssl/unit/ssl_verify_param.c5
-rw-r--r--src/regress/lib/libtls/tls/tlstest.c139
-rwxr-xr-xsrc/regress/usr.bin/openssl/appstest.sh21
87 files changed, 5088 insertions, 1756 deletions
diff --git a/src/regress/lib/libc/Makefile b/src/regress/lib/libc/Makefile
index 81d8779db0..7a8db225ef 100644
--- a/src/regress/lib/libc/Makefile
+++ b/src/regress/lib/libc/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.60 2025/04/14 17:33:48 tb Exp $ 1# $OpenBSD: Makefile,v 1.62 2025/08/04 06:10:40 tb Exp $
2 2
3SUBDIR+= _setjmp 3SUBDIR+= _setjmp
4SUBDIR+= alloca arc4random-fork atexit 4SUBDIR+= alloca arc4random-fork atexit
@@ -11,7 +11,7 @@ SUBDIR+= ffs fmemopen fnmatch fpclassify fread
11SUBDIR+= gcvt getaddrinfo getcap getopt getopt_long glob 11SUBDIR+= gcvt getaddrinfo getcap getopt getopt_long glob
12SUBDIR+= hash 12SUBDIR+= hash
13SUBDIR+= hsearch 13SUBDIR+= hsearch
14SUBDIR+= ieeefp ifnameindex 14SUBDIR+= ieeefp ifnameindex illumos
15SUBDIR+= ldexp locale longjmp 15SUBDIR+= ldexp locale longjmp
16SUBDIR+= malloc mkstemp modf 16SUBDIR+= malloc mkstemp modf
17SUBDIR+= netdb 17SUBDIR+= netdb
@@ -19,9 +19,9 @@ SUBDIR+= open_memstream orientation
19SUBDIR+= popen printf 19SUBDIR+= popen printf
20SUBDIR+= qsort 20SUBDIR+= qsort
21SUBDIR+= regex 21SUBDIR+= regex
22SUBDIR+= setjmp setjmp-signal sigsetjmp sigthr sleep sprintf stdio_threading 22SUBDIR+= setjmp setjmp-signal sigsetjmp sigthr sleep sprintf stdio
23SUBDIR+= stpncpy strchr strerror strlcat strlcpy strnlen strtod strtol strtonum 23SUBDIR+= stdio_threading stpncpy strchr strerror strlcat strlcpy strnlen
24SUBDIR+= sys 24SUBDIR+= strtod strtol strtonum sys
25SUBDIR+= telldir time timingsafe 25SUBDIR+= telldir time timingsafe
26SUBDIR+= uuid 26SUBDIR+= uuid
27SUBDIR+= vis 27SUBDIR+= vis
diff --git a/src/regress/lib/libc/elf_aux_info/elf_aux_info.c b/src/regress/lib/libc/elf_aux_info/elf_aux_info.c
index 14870e253c..e78d282283 100644
--- a/src/regress/lib/libc/elf_aux_info/elf_aux_info.c
+++ b/src/regress/lib/libc/elf_aux_info/elf_aux_info.c
@@ -9,6 +9,7 @@ main(void)
9 int ret = 0; 9 int ret = 0;
10 int a; 10 int a;
11 unsigned long b; 11 unsigned long b;
12 unsigned long long c;
12 13
13 /* Should always succeed */ 14 /* Should always succeed */
14 if (elf_aux_info(AT_PAGESZ, &a, sizeof(a))) 15 if (elf_aux_info(AT_PAGESZ, &a, sizeof(a)))
@@ -17,7 +18,7 @@ main(void)
17 fprintf(stderr, "AT_PAGESZ %d\n", a); 18 fprintf(stderr, "AT_PAGESZ %d\n", a);
18 19
19 /* Wrong size */ 20 /* Wrong size */
20 if (elf_aux_info(AT_PAGESZ, &b, sizeof(b)) != EINVAL) 21 if (elf_aux_info(AT_PAGESZ, &c, sizeof(c)) != EINVAL)
21 ret |= 2; 22 ret |= 2;
22 23
23 /* Invalid request */ 24 /* Invalid request */
diff --git a/src/regress/lib/libc/explicit_bzero/explicit_bzero.c b/src/regress/lib/libc/explicit_bzero/explicit_bzero.c
index 496bafb208..30c86290e8 100644
--- a/src/regress/lib/libc/explicit_bzero/explicit_bzero.c
+++ b/src/regress/lib/libc/explicit_bzero/explicit_bzero.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: explicit_bzero.c,v 1.9 2022/02/10 08:39:32 tb Exp $ */ 1/* $OpenBSD: explicit_bzero.c,v 1.10 2025/05/31 15:31:40 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Google Inc. 3 * Copyright (c) 2014 Google Inc.
4 * 4 *
@@ -28,9 +28,11 @@
28 28
29#if defined(__has_feature) 29#if defined(__has_feature)
30#if __has_feature(address_sanitizer) 30#if __has_feature(address_sanitizer)
31#ifndef __SANITIZE_ADDRESS__
31#define __SANITIZE_ADDRESS__ 32#define __SANITIZE_ADDRESS__
32#endif 33#endif
33#endif 34#endif
35#endif
34#ifdef __SANITIZE_ADDRESS__ 36#ifdef __SANITIZE_ADDRESS__
35#define ATTRIBUTE_NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address)) 37#define ATTRIBUTE_NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address))
36#else 38#else
diff --git a/src/regress/lib/libc/hash/hash_test.c b/src/regress/lib/libc/hash/hash_test.c
index f9dc641186..c04a0458fe 100644
--- a/src/regress/lib/libc/hash/hash_test.c
+++ b/src/regress/lib/libc/hash/hash_test.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: hash_test.c,v 1.2 2025/04/14 18:33:56 tb Exp $ */ 1/* $OpenBSD: hash_test.c,v 1.3 2025/08/02 06:05:13 tb Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2025 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2025 Theo Buehler <tb@openbsd.org>
@@ -757,7 +757,7 @@ struct hash_ctx {
757 void *ctx; 757 void *ctx;
758 void (*init)(void *); 758 void (*init)(void *);
759 void (*update)(void *, const uint8_t *, size_t); 759 void (*update)(void *, const uint8_t *, size_t);
760 void (*final)(void *, void *final); 760 void (*final)(void *, void *);
761}; 761};
762 762
763static const struct hash_tests { 763static const struct hash_tests {
@@ -814,7 +814,7 @@ hash_test_case(struct hash_ctx *ctx, const struct hash_test_case *tc,
814 size_t in_len = tc->in != NULL ? strlen(tc->in) : 0; 814 size_t in_len = tc->in != NULL ? strlen(tc->in) : 0;
815 815
816 ctx->init(ctx->ctx); 816 ctx->init(ctx->ctx);
817 ctx->update(ctx->ctx, (uint8_t *)tc->in, in_len); 817 ctx->update(ctx->ctx, (const uint8_t *)tc->in, in_len);
818 ctx->final(ctx->digest, ctx->ctx); 818 ctx->final(ctx->digest, ctx->ctx);
819 819
820 if (memcmp(tc->out, ctx->digest, ctx->digest_len) != 0) { 820 if (memcmp(tc->out, ctx->digest, ctx->digest_len) != 0) {
diff --git a/src/regress/lib/libc/illumos/Makefile b/src/regress/lib/libc/illumos/Makefile
new file mode 100644
index 0000000000..cf2d22eb44
--- /dev/null
+++ b/src/regress/lib/libc/illumos/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2025/08/02 06:16:34 tb Exp $
2
3SUBDIR += oclo
4
5install:
6
7.include <bsd.subdir.mk>
diff --git a/src/regress/lib/libc/illumos/Makefile.inc b/src/regress/lib/libc/illumos/Makefile.inc
new file mode 100644
index 0000000000..4296b6e690
--- /dev/null
+++ b/src/regress/lib/libc/illumos/Makefile.inc
@@ -0,0 +1,9 @@
1# $OpenBSD: Makefile.inc,v 1.1.1.1 2025/08/02 06:16:34 tb Exp $
2
3ILLUMOS_OS_TESTDIR = /usr/local/share/illumos-os-tests
4
5.if !exists(${ILLUMOS_OS_TESTDIR})
6regress:
7 @echo package illumos-os-tests is required for this regress
8 @echo SKIPPED
9.endif
diff --git a/src/regress/lib/libc/illumos/oclo/Makefile b/src/regress/lib/libc/illumos/oclo/Makefile
new file mode 100644
index 0000000000..284e49dc73
--- /dev/null
+++ b/src/regress/lib/libc/illumos/oclo/Makefile
@@ -0,0 +1,18 @@
1# $OpenBSD: Makefile,v 1.2 2025/08/09 18:17:42 anton Exp $
2
3.if exists(/usr/local/share/illumos-os-tests)
4
5PROGS = oclo
6PROGS += oclo_errors
7PROGS += ocloexec_verify
8
9LDADD_ocloexec_verify = -lkvm
10
11WARNINGS = yes
12
13regress: ${PROGS}
14
15.PATH: /usr/local/share/illumos-os-tests/tests/oclo
16.endif
17
18.include <bsd.regress.mk>
diff --git a/src/regress/lib/libc/malloc/malloc_errs/malloc_errs.c b/src/regress/lib/libc/malloc/malloc_errs/malloc_errs.c
index 486c247f0d..57d799f49d 100644
--- a/src/regress/lib/libc/malloc/malloc_errs/malloc_errs.c
+++ b/src/regress/lib/libc/malloc/malloc_errs/malloc_errs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: malloc_errs.c,v 1.5 2024/04/14 17:47:41 otto Exp $ */ 1/* $OpenBSD: malloc_errs.c,v 1.6 2025/05/24 06:40:29 otto Exp $ */
2/* 2/*
3 * Copyright (c) 2023 Otto Moerbeek <otto@drijf.net> 3 * Copyright (c) 2023 Otto Moerbeek <otto@drijf.net>
4 * 4 *
@@ -286,11 +286,10 @@ int main(int argc, char *argv[])
286 int i, status; 286 int i, status;
287 pid_t pid; 287 pid_t pid;
288 char num[10]; 288 char num[10];
289 char options[10]; 289 char options[40];
290 extern char* malloc_options; 290 char const *env[2];
291 291
292 if (argc == 3) { 292 if (argc == 2) {
293 malloc_options = argv[2];
294 /* prevent coredumps */ 293 /* prevent coredumps */
295 setrlimit(RLIMIT_CORE, &lim); 294 setrlimit(RLIMIT_CORE, &lim);
296 i = atoi(argv[1]); 295 i = atoi(argv[1]);
@@ -303,9 +302,11 @@ int main(int argc, char *argv[])
303 pid = fork(); 302 pid = fork();
304 switch (pid) { 303 switch (pid) {
305 case 0: 304 case 0:
306 snprintf(options, sizeof(options), "us%s", tests[i].flags); 305 snprintf(options, sizeof(options), "MALLOC_OPTIONS=us%s", tests[i].flags);
307 snprintf(num, sizeof(num), "%d", i); 306 snprintf(num, sizeof(num), "%d", i);
308 execl(argv[0], argv[0], num, options, NULL); 307 env[0] = options;
308 env[1] = NULL;
309 execle(argv[0], argv[0], num, NULL, env);
309 err(1, "exec"); 310 err(1, "exec");
310 break; 311 break;
311 case -1: 312 case -1:
diff --git a/src/regress/lib/libc/malloc/malloc_general/malloc_general.c b/src/regress/lib/libc/malloc/malloc_general/malloc_general.c
index b243787bcf..b0387ce64e 100644
--- a/src/regress/lib/libc/malloc/malloc_general/malloc_general.c
+++ b/src/regress/lib/libc/malloc/malloc_general/malloc_general.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: malloc_general.c,v 1.7 2022/01/09 07:18:50 otto Exp $ */ 1/* $OpenBSD: malloc_general.c,v 1.8 2025/10/26 21:25:12 miod Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Otto Moerbeek <otto@drijf.net> 3 * Copyright (c) 2017 Otto Moerbeek <otto@drijf.net>
4 * 4 *
@@ -24,6 +24,12 @@
24 24
25#define N 1000 25#define N 1000
26 26
27#if defined(_LP64)
28#define COUNT 800000
29#else
30#define COUNT 20000
31#endif
32
27size_t 33size_t
28size(void) 34size(void)
29{ 35{
@@ -59,7 +65,7 @@ main(int argc, char *argv[])
59 void * q; 65 void * q;
60 size_t sz; 66 size_t sz;
61 67
62 for (count = 0; count < 800000; count++) { 68 for (count = 0; count < COUNT; count++) {
63 if (count % 10000 == 0) { 69 if (count % 10000 == 0) {
64 printf("."); 70 printf(".");
65 fflush(stdout); 71 fflush(stdout);
diff --git a/src/regress/lib/libc/malloc/malloc_ulimit1/malloc_ulimit1.c b/src/regress/lib/libc/malloc/malloc_ulimit1/malloc_ulimit1.c
index 799d2b9117..7e53c32dbc 100644
--- a/src/regress/lib/libc/malloc/malloc_ulimit1/malloc_ulimit1.c
+++ b/src/regress/lib/libc/malloc/malloc_ulimit1/malloc_ulimit1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: malloc_ulimit1.c,v 1.5 2019/06/12 11:31:36 bluhm Exp $ */ 1/* $OpenBSD: malloc_ulimit1.c,v 1.6 2025/05/24 06:47:27 otto Exp $ */
2 2
3/* Public Domain, 2006, Otto Moerbeek <otto@drijf.net> */ 3/* Public Domain, 2006, Otto Moerbeek <otto@drijf.net> */
4 4
@@ -23,7 +23,7 @@
23#define FACTOR 1024 23#define FACTOR 1024
24 24
25/* This test takes forever with junking turned on. */ 25/* This test takes forever with junking turned on. */
26char *malloc_options = "jj"; 26const char * const malloc_options = "jj";
27 27
28int 28int
29main() 29main()
diff --git a/src/regress/lib/libc/stdio/Makefile b/src/regress/lib/libc/stdio/Makefile
new file mode 100644
index 0000000000..f1e980f688
--- /dev/null
+++ b/src/regress/lib/libc/stdio/Makefile
@@ -0,0 +1,29 @@
1# $OpenBSD: Makefile,v 1.4 2025/06/03 14:35:27 yasuoka Exp $
2
3PROGS= test_fflush
4CLEANFILES= test_fflush.tmp
5
6PROGS+= test_ungetwc
7CLEANFILES+= test_ungetwc.tmp
8
9PROGS+= test___freading
10CLEANFILES+= test___freading.tmp
11
12PROGS+= test___fwriting
13CLEANFILES+= test___fwriting.tmp
14
15PROGS+= test___fpending
16CLEANFILES+= test___fpending.tmp
17
18PROGS+= test___freadahead
19CLEANFILES+= test___freadahead.tmp
20
21PROGS+= test___freadptr
22CLEANFILES+= test___freadptr.tmp
23
24PROGS+= test___fseterr
25CLEANFILES+= test___fseterr.tmp
26
27WARNINGS= yes
28
29.include <bsd.regress.mk>
diff --git a/src/regress/lib/libc/stdio/test___fpending.c b/src/regress/lib/libc/stdio/test___fpending.c
new file mode 100644
index 0000000000..96ace2e481
--- /dev/null
+++ b/src/regress/lib/libc/stdio/test___fpending.c
@@ -0,0 +1,58 @@
1/* $OpenBSD: test___fpending.c,v 1.1 2025/05/25 00:20:54 yasuoka Exp $ */
2
3/*
4 * Copyright (c) 2025 YASUOKA Masahiko <yasuoka@yasuoka.net>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <assert.h>
20#include <stdio.h>
21#include <stdio_ext.h>
22#include <stdlib.h>
23
24/* we use assert() */
25#undef NDEBUG
26
27#define TMPFILENAME "test___fpending.tmp"
28
29void test___fpending0(void);
30
31void
32test___fpending0(void)
33{
34 FILE *fp;
35 int r;
36 size_t s;
37
38 fp = fopen(TMPFILENAME, "w");
39 assert(fp != NULL);
40 r = fputs("Hello world", fp);
41 assert(r >= 0);
42 s = __fpending(fp);
43 assert(s > 0); /* assume buffered */
44 r = fflush(fp);
45 assert(r == 0);
46 s = __fpending(fp);
47 assert(s == 0); /* buffer must be 0 */
48 r = fclose(fp);
49 assert(r == 0);
50}
51
52int
53main(int argc, char *argv[])
54{
55 test___fpending0();
56
57 exit(0);
58}
diff --git a/src/regress/lib/libc/stdio/test___freadahead.c b/src/regress/lib/libc/stdio/test___freadahead.c
new file mode 100644
index 0000000000..66d5e3492a
--- /dev/null
+++ b/src/regress/lib/libc/stdio/test___freadahead.c
@@ -0,0 +1,71 @@
1/* $OpenBSD: test___freadahead.c,v 1.2 2025/06/03 14:35:27 yasuoka Exp $ */
2
3/*
4 * Copyright (c) 2025 YASUOKA Masahiko <yasuoka@yasuoka.net>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <assert.h>
20#include <errno.h>
21#include <stdio.h>
22#include <stdio_ext.h>
23#include <stdlib.h>
24
25/* we use assert() */
26#undef NDEBUG
27
28#define TMPFILENAME "test___freadahead.tmp"
29
30void test___freadahead0(void);
31
32void
33test___freadahead0(void)
34{
35 FILE *fp;
36 int r;
37 size_t s;
38
39 fp = fopen(TMPFILENAME, "w");
40 assert(fp != NULL);
41 r = fputs("Hello world", fp);
42 assert(r >= 0);
43 r = fclose(fp);
44
45 fp = fopen(TMPFILENAME, "r");
46 s = __freadahead(fp);
47 assert(s == 0);
48 assert(fgetc(fp) == 'H');
49 s = __freadahead(fp);
50 assert(s == 10);
51 r = fflush(fp);
52#if 0
53 /* fflush() to reading file is not supported (yet) */
54 assert(errno == EBADF);
55#else
56 assert(r == 0);
57 s = __freadahead(fp);
58 assert(s == 0);
59#endif
60
61 r = fclose(fp);
62 assert(r == 0);
63}
64
65int
66main(int argc, char *argv[])
67{
68 test___freadahead0();
69
70 exit(0);
71}
diff --git a/src/regress/lib/libc/stdio/test___freading.c b/src/regress/lib/libc/stdio/test___freading.c
new file mode 100644
index 0000000000..f74eb78d35
--- /dev/null
+++ b/src/regress/lib/libc/stdio/test___freading.c
@@ -0,0 +1,125 @@
1/* $OpenBSD: test___freading.c,v 1.2 2025/06/12 07:39:26 yasuoka Exp $ */
2
3/*
4 * Copyright (c) 2025 YASUOKA Masahiko <yasuoka@yasuoka.net>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <assert.h>
20#include <stdio.h>
21#include <stdio_ext.h>
22#include <stdlib.h>
23#include <string.h>
24#include <unistd.h>
25
26/* we use assert() */
27#undef NDEBUG
28
29#define TMPFILENAME "test___freading.tmp"
30
31void setup(void);
32
33void test___freading0(void);
34void test___freading1(void);
35void test___freading2(void);
36
37void
38setup(void)
39{
40 FILE *fp;
41
42 /* common setup */
43 unlink(TMPFILENAME);
44 fp = fopen(TMPFILENAME, "w+");
45 assert(fp != NULL);
46 fputs("Hello world\n", fp);
47 fclose(fp);
48}
49
50void
51test___freading0(void)
52{
53 FILE *fp;
54 int r;
55 char buf[80];
56
57 fp = popen("echo Hello world", "r");
58 assert(fp != NULL);
59 assert(__freading(fp) != 0);
60 assert(fgets(buf, sizeof(buf), fp) != NULL);
61 assert(strcmp(buf, "Hello world\n") == 0);
62 r = pclose(fp);
63 assert(r == 0);
64}
65
66void
67test___freading1(void)
68{
69 FILE *fp;
70 int r;
71
72 /* when the last operaiton is read, __freading() returns true */
73 fp = fopen(TMPFILENAME, "w+");
74 assert(fp != NULL);
75 assert(__freading(fp) == 0);
76 r = fputs("Hello world\n", fp);
77 assert(r >= 0);
78 assert(__freading(fp) == 0);
79 rewind(fp);
80 assert(fgetc(fp) == 'H');
81 assert(__freading(fp) != 0);
82 /* write */
83 fseek(fp, 0, SEEK_END);
84 r = fputs("\n", fp);
85 assert(__freading(fp) == 0);
86 /* ungetc */
87 rewind(fp);
88 assert(ungetc('X', fp) != 0);
89 assert(__freading(fp) != 0); /* reading */
90
91 r = fclose(fp);
92 assert(r == 0);
93}
94
95void
96test___freading2(void)
97{
98 int r;
99 FILE *fp;
100
101 /*
102 * until v1.10 of fpurge.c mistakenly enables the writing buffer
103 * without _SRD flag set.
104 */
105 fp = fopen(TMPFILENAME, "r+");
106 assert(fp != NULL);
107 assert(fgetc(fp) == 'H');
108 fpurge(fp);
109 fseek(fp, 0, SEEK_CUR);
110 assert(fputc('X', fp) == 'X');
111 assert(__freading(fp) == 0);
112
113 r = fclose(fp);
114 assert(r == 0);
115}
116
117int
118main(int argc, char *argv[])
119{
120 test___freading0();
121 test___freading1();
122 test___freading2();
123
124 exit(0);
125}
diff --git a/src/regress/lib/libc/stdio/test___freadptr.c b/src/regress/lib/libc/stdio/test___freadptr.c
new file mode 100644
index 0000000000..cce362f2ae
--- /dev/null
+++ b/src/regress/lib/libc/stdio/test___freadptr.c
@@ -0,0 +1,78 @@
1/* $OpenBSD: test___freadptr.c,v 1.1 2025/05/25 00:20:54 yasuoka Exp $ */
2
3/*
4 * Copyright (c) 2025 YASUOKA Masahiko <yasuoka@yasuoka.net>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <sys/types.h>
20#include <assert.h>
21#include <stdio.h>
22#include <stdio_ext.h>
23#include <stdlib.h>
24#include <string.h>
25
26/* we use assert() */
27#undef NDEBUG
28
29#define TMPFILENAME "test___freadptr.tmp"
30
31void test___freadptr0(void);
32
33/* test __freadptr() and __freadptrinc() */
34void
35test___freadptr0(void)
36{
37 FILE *fp;
38 int r;
39 ssize_t s;
40 const char *p;
41
42 fp = fopen(TMPFILENAME, "w");
43 assert(fp != NULL);
44 r = fputs("Hello world", fp);
45 assert(r >= 0);
46 r = fclose(fp);
47
48 fp = fopen(TMPFILENAME, "r");
49 assert(fgetc(fp) == 'H');
50 p = __freadptr(fp, &s);
51 assert(p != NULL);
52 assert(s > 4); /* this test assume this (not by the spec) */
53 assert(*p == 'e');
54 assert(strncmp(p, "ello world", s) == 0);
55
56 __freadptrinc(fp, 4);
57 assert(fgetc(fp) == ' ');
58
59 ungetc('A', fp);
60 ungetc('A', fp);
61 ungetc('A', fp);
62 p = __freadptr(fp, &s);
63 assert(s > 0);
64 assert(*p == 'A');
65 /* ptr will contains only the pushback buffer */
66 assert(strncmp(p, "AAAworld", s) == 0);
67
68 r = fclose(fp);
69 assert(r == 0);
70}
71
72int
73main(int argc, char *argv[])
74{
75 test___freadptr0();
76
77 exit(0);
78}
diff --git a/src/regress/lib/libc/stdio/test___fseterr.c b/src/regress/lib/libc/stdio/test___fseterr.c
new file mode 100644
index 0000000000..70fb491c6c
--- /dev/null
+++ b/src/regress/lib/libc/stdio/test___fseterr.c
@@ -0,0 +1,60 @@
1/* $OpenBSD: test___fseterr.c,v 1.1 2025/05/25 00:20:54 yasuoka Exp $ */
2
3/*
4 * Copyright (c) 2025 YASUOKA Masahiko <yasuoka@yasuoka.net>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <assert.h>
20#include <stdio.h>
21#include <stdio_ext.h>
22#include <stdlib.h>
23
24/* we use assert() */
25#undef NDEBUG
26
27#define TMPFILENAME "test___fseterr.tmp"
28
29void test___fseterr0(void);
30
31void
32test___fseterr0(void)
33{
34 FILE *fp;
35 int r;
36
37 fp = fopen(TMPFILENAME, "w+");
38 assert(fp != NULL);
39
40 assert(!ferror(fp));
41
42 r = fprintf(fp, "hello world\n");
43 assert(r > 0);
44
45 __fseterr(fp);
46 assert(ferror(fp));
47
48 r = fprintf(fp, "hello world\n");
49 assert(r == -1);
50
51 fclose(fp);
52}
53
54int
55main(int argc, char *argv[])
56{
57 test___fseterr0();
58
59 exit(0);
60}
diff --git a/src/regress/lib/libc/stdio/test___fwriting.c b/src/regress/lib/libc/stdio/test___fwriting.c
new file mode 100644
index 0000000000..eb4671d3cf
--- /dev/null
+++ b/src/regress/lib/libc/stdio/test___fwriting.c
@@ -0,0 +1,83 @@
1/* $OpenBSD: test___fwriting.c,v 1.1 2025/05/25 00:20:54 yasuoka Exp $ */
2
3/*
4 * Copyright (c) 2025 YASUOKA Masahiko <yasuoka@yasuoka.net>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <assert.h>
20#include <stdio.h>
21#include <stdio_ext.h>
22#include <stdlib.h>
23
24/* we use assert() */
25#undef NDEBUG
26
27#define TMPFILENAME "test___fwriting.tmp"
28
29void test___fwriting0(void);
30void test___fwriting1(void);
31
32void
33test___fwriting0(void)
34{
35 FILE *fp;
36 int r;
37
38 fp = fopen(TMPFILENAME, "w"); /* write only */
39 assert(fp != NULL);
40 assert(__fwriting(fp) != 0); /* writing is true immediately */
41 r = fputs("Hello world\n", fp);
42 assert(r >= 0);
43 r = fclose(fp);
44 assert(r == 0);
45
46 fp = fopen(TMPFILENAME, "a"); /* append only */
47 assert(fp != NULL);
48 assert(__fwriting(fp) != 0); /* writing immediately */
49 r = fclose(fp);
50 assert(r == 0);
51}
52
53void
54test___fwriting1(void)
55{
56 FILE *fp;
57 int r;
58
59 fp = fopen(TMPFILENAME, "w+"); /* read / write */
60 assert(fp != NULL);
61 r = fputs("Hello world\n", fp);
62 assert(r >= 0);
63 assert(__fwriting(fp) != 0);
64 rewind(fp);
65 assert(fgetc(fp) == 'H'); /* read */
66 assert(__fwriting(fp) == 0); /* writing becomes false */
67 fputc('e', fp);
68 assert(__fwriting(fp) != 0); /* writing becomes true */
69 ungetc('e', fp);
70 assert(__fwriting(fp) == 0); /* ungetc -> writing becomes false */
71
72 r = fclose(fp);
73 assert(r == 0);
74}
75
76int
77main(int argc, char *argv[])
78{
79 test___fwriting0();
80 test___fwriting1();
81
82 exit(0);
83}
diff --git a/src/regress/lib/libc/stdio/test_fflush.c b/src/regress/lib/libc/stdio/test_fflush.c
new file mode 100644
index 0000000000..a0586b7d14
--- /dev/null
+++ b/src/regress/lib/libc/stdio/test_fflush.c
@@ -0,0 +1,345 @@
1/* $OpenBSD: test_fflush.c,v 1.3 2025/06/08 08:53:53 yasuoka Exp $ */
2
3/*
4 * Copyright (c) 2025 YASUOKA Masahiko <yasuoka@yasuoka.net>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <assert.h>
20#include <locale.h>
21#include <stdio.h>
22#include <stdlib.h>
23#include <string.h>
24#include <unistd.h>
25#include <wchar.h>
26
27/* we use assert() */
28#undef NDEBUG
29
30#define TMPFILENAME "test_fflush.tmp"
31
32void setup(void);
33
34void test_fflush_read0(void);
35void test_fflush_read1(void);
36void test_fflush_read2(void);
37void test_fflush_read3(void);
38void test_fflush_read4(void);
39void setupw(void);
40void test_fflush_read5(void);
41void test_fflush_read6(void);
42
43void
44setup(void)
45{
46 FILE *fp;
47
48 /* common setup */
49 unlink(TMPFILENAME);
50 fp = fopen(TMPFILENAME, "w+");
51 assert(fp != NULL);
52 fputs("Hello world\n", fp);
53 fclose(fp);
54}
55
56/* fflush work with reading file and seekable */
57void
58test_fflush_read0(void)
59{
60 int r;
61 char buf[80];
62 FILE *fp;
63
64 setup();
65
66 /* In POSIX 2008, fflush() must work with the file object for reading */
67 fp = fopen(TMPFILENAME, "r");
68 assert(fp != NULL);
69 assert(fgetc(fp) == 'H');
70 r = fflush(fp);
71 assert(r == 0);
72
73 /* the position is moved to 1 */
74 assert(ftell(fp) == 1);
75
76 /* can read rest of that */
77 fgets(buf, sizeof(buf), fp);
78 assert(strcmp(buf, "ello world\n") == 0);
79 r = fclose(fp);
80 assert(r == 0);
81}
82
83/* fflush work with reading file and seekable + unget */
84void
85test_fflush_read1(void)
86{
87 int r;
88 char buf[80];
89 FILE *fp;
90
91 setup();
92
93 fp = fopen(TMPFILENAME, "r");
94 assert(fp != NULL);
95 assert(fgetc(fp) == 'H');
96 assert(fgetc(fp) == 'e');
97 assert(fgetc(fp) == 'l');
98 assert(fgetc(fp) == 'l');
99 assert(fgetc(fp) == 'o');
100
101 /* push the 'AAAA' back */
102 ungetc('A', fp);
103 ungetc('A', fp);
104 ungetc('A', fp);
105 ungetc('A', fp);
106
107 /* can read rest of that */
108 fgets(buf, sizeof(buf), fp);
109 assert(strcmp(buf, "AAAA world\n") == 0);
110 r = fclose(fp);
111 assert(r == 0);
112
113 /* do the same thing + fflush */
114
115 fp = fopen(TMPFILENAME, "r");
116 assert(fp != NULL);
117 assert(fgetc(fp) == 'H');
118 assert(fgetc(fp) == 'e');
119 assert(fgetc(fp) == 'l');
120 assert(fgetc(fp) == 'l');
121 assert(fgetc(fp) == 'o');
122
123 /* push 'AAAA' back */
124 ungetc('A', fp);
125 ungetc('A', fp);
126 ungetc('A', fp);
127 ungetc('A', fp);
128
129 /* then fflush */
130 r = fflush(fp);
131 assert(r == 0);
132
133 /* fllush() clears the all pushed back chars */
134
135 /* can read rest of that */
136 fgets(buf, sizeof(buf), fp);
137 assert(strcmp(buf, " world\n") == 0);
138 r = fclose(fp);
139 assert(r == 0);
140}
141
142/* fflush() to reading and non-seekable stream */
143void
144test_fflush_read2(void)
145{
146 int r;
147 FILE *fp;
148 char buf[80];
149
150 /* In POSIX-2008, fflush() must work with the file object for reading */
151 fp = popen("echo Hello world", "r");
152 assert(fp != NULL);
153 assert(fgetc(fp) == 'H');
154 r = fflush(fp);
155 assert(r == 0);
156
157 /*
158 * FILE object for read and NOT seekable. In that case, fflush does
159 * nothing, but must keep the buffer.
160 */
161
162 /* can read rest of that */
163 fgets(buf, sizeof(buf), fp);
164 assert(strcmp(buf, "ello world\n") == 0);
165 r = pclose(fp);
166 assert(r == 0);
167}
168
169/* fflush() to the file which doesn't have any buffer */
170void
171test_fflush_read3(void)
172{
173 int r;
174 FILE *fp;
175
176 setup();
177
178 /* In POSIX-2008, fflush() must work with the file object for reading */
179 fp = fopen(TMPFILENAME, "r");
180 assert(fp != NULL);
181 r = fflush(fp);
182 assert(r == 0);
183 r = fclose(fp);
184 assert(r == 0);
185}
186
187/* freopen() should call fflush() internal */
188void
189test_fflush_read4(void)
190{
191 int r;
192 FILE *fp;
193 off_t pos;
194 char buf[80];
195
196 setup();
197
198 /* In POSIX-2008, fflush() must work with the file object for reading */
199 fp = fopen(TMPFILENAME, "r");
200 assert(fp != NULL);
201
202 assert(fgetc(fp) == 'H'); /* read 1 */
203
204 pos = lseek(fileno(fp), 0, SEEK_CUR);
205 assert(pos >= 1);
206 assert(pos > 1); /* this test assume the buffer is used */
207
208 /* freopen() should call fflush() internal */
209 fp = freopen(TMPFILENAME, "r", fp);
210 assert(fp != NULL);
211
212 /* can read rest of that on fp */
213 fgets(buf, sizeof(buf), fp);
214 assert(strcmp(buf, "Hello world\n") == 0);
215
216 r = fclose(fp);
217 assert(r == 0);
218}
219
220void
221setupw(void)
222{
223 FILE *fp;
224
225 /* common setup */
226 unlink(TMPFILENAME);
227 fp = fopen(TMPFILENAME, "w+");
228 assert(fp != NULL);
229 /* Konnitiwa Sekai(in Kanji) */
230 fputws(L"\u3053\u3093\u306b\u3061\u308f \u4e16\u754c\n", fp);
231 fclose(fp);
232}
233
234/* fflush work with reading file and seekable + ungetwc */
235void
236test_fflush_read5(void)
237{
238 int r;
239 wchar_t buf[80];
240 FILE *fp;
241
242 setupw();
243
244 fp = fopen(TMPFILENAME, "r");
245
246 assert(fp != NULL);
247 assert(fgetwc(fp) == L'\u3053'); /* Ko */
248 assert(fgetwc(fp) == L'\u3093'); /* N */
249 assert(fgetwc(fp) == L'\u306b'); /* Ni */
250 assert(fgetwc(fp) == L'\u3061'); /* Ti */
251 assert(fgetwc(fp) == L'\u308f'); /* Wa */
252
253 /* push 263A(smile) back */
254 assert(ungetwc(L'\u263a', fp));
255
256 /* we support 1 push back wchar_t */
257 assert(fgetwc(fp) == L'\u263a');
258
259 /* can read reset of that */
260 fgetws(buf, sizeof(buf), fp);
261 assert(wcscmp(buf, L" \u4e16\u754c\n") == 0);
262
263 r = fclose(fp);
264 assert(r == 0);
265
266 /* do the same thing + fflush */
267 fp = fopen(TMPFILENAME, "r");
268
269 assert(fp != NULL);
270 assert(fgetwc(fp) == L'\u3053'); /* Ko */
271 assert(fgetwc(fp) == L'\u3093'); /* N */
272 assert(fgetwc(fp) == L'\u306b'); /* Ni */
273 assert(fgetwc(fp) == L'\u3061'); /* Ti */
274 assert(fgetwc(fp) == L'\u308f'); /* Wa */
275
276 /* push 263A(smile) back */
277 assert(ungetwc(L'\u263a', fp));
278
279 /* we support 1 push back wchar_t */
280 assert(fgetwc(fp) == L'\u263a');
281
282 /* then fflush */
283 r = fflush(fp);
284 assert(r == 0);
285
286 /* fllush() clears the all pushed back chars */
287
288 /* can read rest of that */
289 fgetws(buf, sizeof(buf), fp);
290 assert(wcscmp(buf, L" \u4e16\u754c\n") == 0);
291 r = fclose(fp);
292 assert(r == 0);
293}
294
295void
296test_fflush_read6(void)
297{
298 int r, c;
299 FILE *fp;
300
301 setup();
302 fp = fopen(TMPFILENAME, "r");
303 assert(fp != NULL);
304
305 /*
306 * https://pubs.opengroup.org/onlinepubs/9699919799/functions/fflush.html
307 * .. any characters pushed back onto the stream by ungetc() or ungetwc()
308 * that have not subsequently been read from the stream shall be discarded
309 * (without further changing the file offset).
310 */
311
312 assert(fgetc(fp) == 'H');
313 c = getc(fp);
314 ungetc(c, fp); /* push back the character has been read */
315 r = fflush(fp);
316 assert(r == 0);
317 assert(getc(fp) == c);
318
319 fseek(fp, 0, SEEK_SET);
320 assert(fgetc(fp) == 'H');
321 c = getc(fp);
322 ungetc('X', fp); /* push back the character has not been read */
323 r = fflush(fp);
324 assert(r == 0);
325 assert(getc(fp) == 'l');
326
327 r = fclose(fp);
328 assert(r == 0);
329}
330
331int
332main(int argc, char *argv[])
333{
334 setlocale(LC_ALL, "C.UTF-8");
335
336 test_fflush_read0();
337 test_fflush_read1();
338 test_fflush_read2();
339 test_fflush_read3();
340 test_fflush_read4();
341 test_fflush_read5();
342 test_fflush_read6();
343
344 exit(0);
345}
diff --git a/src/regress/lib/libc/stdio/test_ungetwc.c b/src/regress/lib/libc/stdio/test_ungetwc.c
new file mode 100644
index 0000000000..bb4e853020
--- /dev/null
+++ b/src/regress/lib/libc/stdio/test_ungetwc.c
@@ -0,0 +1,90 @@
1/* $OpenBSD: test_ungetwc.c,v 1.1 2025/05/25 05:32:45 yasuoka Exp $ */
2
3/*
4 * Copyright (c) 2025 YASUOKA Masahiko <yasuoka@yasuoka.net>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <assert.h>
20#include <stdio.h>
21#include <stdlib.h>
22#include <string.h>
23#include <unistd.h>
24#include <locale.h>
25#include <wchar.h>
26
27/* we use assert() */
28#undef NDEBUG
29
30#define TMPFILENAME "test_ungetwc.tmp"
31
32void setupw(void);
33void test_fflush_ungetwc0(void);
34
35void
36setupw(void)
37{
38 FILE *fp;
39
40 /* common setup */
41 unlink(TMPFILENAME);
42 fp = fopen(TMPFILENAME, "w+");
43 assert(fp != NULL);
44 /* Konnitiwa Sekai(in Kanji) */
45 fputws(L"\u3053\u3093\u306b\u3061\u308f \u4e16\u754c\n", fp);
46 fclose(fp);
47}
48
49/* fflush work with reading file and seekable + ungetwc */
50void
51test_fflush_ungetwc0(void)
52{
53 int r;
54 wchar_t buf[80];
55 FILE *fp;
56
57 setupw();
58
59 fp = fopen(TMPFILENAME, "r");
60
61 assert(fp != NULL);
62 assert(fgetwc(fp) == L'\u3053'); /* Ko */
63 assert(fgetwc(fp) == L'\u3093'); /* N */
64 assert(fgetwc(fp) == L'\u306b'); /* Ni */
65 assert(fgetwc(fp) == L'\u3061'); /* Ti */
66 assert(fgetwc(fp) == L'\u308f'); /* Wa */
67
68 /* push 263A(smile) back */
69 assert(ungetwc(L'\u263a', fp));
70
71 /* we support 1 push back wchar_t */
72 assert(fgetwc(fp) == L'\u263a');
73
74 /* can read reset of that */
75 fgetws(buf, sizeof(buf), fp);
76 assert(wcscmp(buf, L" \u4e16\u754c\n") == 0);
77
78 r = fclose(fp);
79 assert(r == 0);
80}
81
82int
83main(int argc, char *argv[])
84{
85 setlocale(LC_ALL, "C.UTF-8");
86
87 test_fflush_ungetwc0();
88
89 exit(0);
90}
diff --git a/src/regress/lib/libc/sys/t_fork.c b/src/regress/lib/libc/sys/t_fork.c
index b55b557824..1084855aee 100644
--- a/src/regress/lib/libc/sys/t_fork.c
+++ b/src/regress/lib/libc/sys/t_fork.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t_fork.c,v 1.5 2021/12/13 16:56:48 deraadt Exp $ */ 1/* $OpenBSD: t_fork.c,v 1.6 2025/10/31 17:14:46 miod Exp $ */
2/* $NetBSD: t_fork.c,v 1.4 2019/04/06 15:41:54 kamil Exp $ */ 2/* $NetBSD: t_fork.c,v 1.4 2019/04/06 15:41:54 kamil Exp $ */
3 3
4/*- 4/*-
@@ -28,7 +28,7 @@
28 */ 28 */
29#include "macros.h" 29#include "macros.h"
30 30
31#include <sys/types.h> 31#include <sys/param.h> /* for MACHINE_STACK_GROWS_UP */
32#include <sys/signal.h> 32#include <sys/signal.h>
33#ifdef __OpenBSD__ 33#ifdef __OpenBSD__
34#include <sys/proc.h> 34#include <sys/proc.h>
@@ -282,7 +282,7 @@ nested_raw(const char *fn, volatile int flags)
282 stack = malloc(stack_size); 282 stack = malloc(stack_size);
283 ATF_REQUIRE(stack != NULL); 283 ATF_REQUIRE(stack != NULL);
284 284
285#ifdef __MACHINE_STACK_GROWS_UP 285#ifdef MACHINE_STACK_GROWS_UP
286 stack_base = stack; 286 stack_base = stack;
287#else 287#else
288 stack_base = (char *)stack + stack_size; 288 stack_base = (char *)stack + stack_size;
diff --git a/src/regress/lib/libc/sys/t_getrusage.c b/src/regress/lib/libc/sys/t_getrusage.c
index 1a9e3d139c..04ad7e4e87 100644
--- a/src/regress/lib/libc/sys/t_getrusage.c
+++ b/src/regress/lib/libc/sys/t_getrusage.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t_getrusage.c,v 1.3 2021/12/13 16:56:48 deraadt Exp $ */ 1/* $OpenBSD: t_getrusage.c,v 1.4 2025/11/06 12:56:58 miod Exp $ */
2/* $NetBSD: t_getrusage.c,v 1.8 2018/05/09 08:45:03 mrg Exp $ */ 2/* $NetBSD: t_getrusage.c,v 1.8 2018/05/09 08:45:03 mrg Exp $ */
3 3
4/*- 4/*-
@@ -68,6 +68,8 @@ work(void)
68 asm volatile("l.nop"); /* Do something. */ 68 asm volatile("l.nop"); /* Do something. */
69#elif defined(__ia64__) 69#elif defined(__ia64__)
70 asm volatile("nop 0"); /* Do something. */ 70 asm volatile("nop 0"); /* Do something. */
71#elif defined(__m88k)
72 asm volatile("or %r0, %r0, %r0"); /* Do something. */
71#else 73#else
72 asm volatile("nop"); /* Do something. */ 74 asm volatile("nop"); /* Do something. */
73#endif 75#endif
diff --git a/src/regress/lib/libc/time/time_conversion/timetest.c b/src/regress/lib/libc/time/time_conversion/timetest.c
index 0706704ee1..1405f1c6a5 100644
--- a/src/regress/lib/libc/time/time_conversion/timetest.c
+++ b/src/regress/lib/libc/time/time_conversion/timetest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: timetest.c,v 1.4 2023/04/13 11:32:06 mbuhl Exp $ */ 1/* $OpenBSD: timetest.c,v 1.5 2025/08/17 08:43:03 phessler Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2022 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
@@ -79,12 +79,12 @@ struct timetest timetests[] = {
79 .tm_yday=171, 79 .tm_yday=171,
80 .tm_isdst=0, 80 .tm_isdst=0,
81 .tm_gmtoff=0, 81 .tm_gmtoff=0,
82 .tm_zone="GMT" 82 .tm_zone="UTC"
83 }, 83 },
84 }, 84 },
85 { 85 {
86 .descr="moon", 86 .descr="moon",
87 .timezone="right/UTC", 87 .timezone="right/GMT",
88 .time=-16751025, 88 .time=-16751025,
89 .local_tm= { 89 .local_tm= {
90 .tm_year=69, 90 .tm_year=69,
@@ -97,7 +97,7 @@ struct timetest timetests[] = {
97 .tm_yday=171, 97 .tm_yday=171,
98 .tm_isdst=0, 98 .tm_isdst=0,
99 .tm_gmtoff=0, 99 .tm_gmtoff=0,
100 .tm_zone="UTC" 100 .tm_zone="GMT"
101 }, 101 },
102 .gmt_tm= { 102 .gmt_tm= {
103 .tm_year=69, 103 .tm_year=69,
@@ -110,7 +110,7 @@ struct timetest timetests[] = {
110 .tm_yday=171, 110 .tm_yday=171,
111 .tm_isdst=0, 111 .tm_isdst=0,
112 .tm_gmtoff=0, 112 .tm_gmtoff=0,
113 .tm_zone="GMT" 113 .tm_zone="UTC"
114 }, 114 },
115 }, 115 },
116 { 116 {
@@ -141,7 +141,7 @@ struct timetest timetests[] = {
141 .tm_yday=171, 141 .tm_yday=171,
142 .tm_isdst=0, 142 .tm_isdst=0,
143 .tm_gmtoff=0, 143 .tm_gmtoff=0,
144 .tm_zone="GMT" 144 .tm_zone="UTC"
145 }, 145 },
146 }, 146 },
147 { 147 {
@@ -172,12 +172,12 @@ struct timetest timetests[] = {
172 .tm_yday=0, 172 .tm_yday=0,
173 .tm_isdst=0, 173 .tm_isdst=0,
174 .tm_gmtoff=0, 174 .tm_gmtoff=0,
175 .tm_zone="GMT" 175 .tm_zone="UTC"
176 }, 176 },
177 }, 177 },
178 { 178 {
179 .descr="epoch", 179 .descr="epoch",
180 .timezone="right/UTC", 180 .timezone="right/GMT",
181 .time=0, 181 .time=0,
182 .local_tm= { 182 .local_tm= {
183 .tm_year=70, 183 .tm_year=70,
@@ -190,7 +190,7 @@ struct timetest timetests[] = {
190 .tm_yday=0, 190 .tm_yday=0,
191 .tm_isdst=0, 191 .tm_isdst=0,
192 .tm_gmtoff=0, 192 .tm_gmtoff=0,
193 .tm_zone="UTC" 193 .tm_zone="GMT"
194 }, 194 },
195 .gmt_tm= { 195 .gmt_tm= {
196 .tm_year=70, 196 .tm_year=70,
@@ -203,7 +203,7 @@ struct timetest timetests[] = {
203 .tm_yday=0, 203 .tm_yday=0,
204 .tm_isdst=0, 204 .tm_isdst=0,
205 .tm_gmtoff=0, 205 .tm_gmtoff=0,
206 .tm_zone="GMT" 206 .tm_zone="UTC"
207 }, 207 },
208 }, 208 },
209 { 209 {
@@ -234,7 +234,7 @@ struct timetest timetests[] = {
234 .tm_yday=0, 234 .tm_yday=0,
235 .tm_isdst=0, 235 .tm_isdst=0,
236 .tm_gmtoff=0, 236 .tm_gmtoff=0,
237 .tm_zone="GMT" 237 .tm_zone="UTC"
238 }, 238 },
239 }, 239 },
240 { 240 {
@@ -265,12 +265,12 @@ struct timetest timetests[] = {
265 .tm_yday=364, 265 .tm_yday=364,
266 .tm_isdst=0, 266 .tm_isdst=0,
267 .tm_gmtoff=0, 267 .tm_gmtoff=0,
268 .tm_zone="GMT" 268 .tm_zone="UTC"
269 }, 269 },
270 }, 270 },
271 { 271 {
272 .descr="epoch - 1", 272 .descr="epoch - 1",
273 .timezone="right/UTC", 273 .timezone="right/GMT",
274 .time=-1, 274 .time=-1,
275 .local_tm= { 275 .local_tm= {
276 .tm_year=69, 276 .tm_year=69,
@@ -283,7 +283,7 @@ struct timetest timetests[] = {
283 .tm_yday=364, 283 .tm_yday=364,
284 .tm_isdst=0, 284 .tm_isdst=0,
285 .tm_gmtoff=0, 285 .tm_gmtoff=0,
286 .tm_zone="UTC" 286 .tm_zone="GMT"
287 }, 287 },
288 .gmt_tm= { 288 .gmt_tm= {
289 .tm_year=69, 289 .tm_year=69,
@@ -296,7 +296,7 @@ struct timetest timetests[] = {
296 .tm_yday=364, 296 .tm_yday=364,
297 .tm_isdst=0, 297 .tm_isdst=0,
298 .tm_gmtoff=0, 298 .tm_gmtoff=0,
299 .tm_zone="GMT" 299 .tm_zone="UTC"
300 }, 300 },
301 }, 301 },
302 { 302 {
@@ -327,7 +327,7 @@ struct timetest timetests[] = {
327 .tm_yday=364, 327 .tm_yday=364,
328 .tm_isdst=0, 328 .tm_isdst=0,
329 .tm_gmtoff=0, 329 .tm_gmtoff=0,
330 .tm_zone="GMT" 330 .tm_zone="UTC"
331 }, 331 },
332 }, 332 },
333 { 333 {
@@ -358,12 +358,12 @@ struct timetest timetests[] = {
358 .tm_yday=346, 358 .tm_yday=346,
359 .tm_isdst=0, 359 .tm_isdst=0,
360 .tm_gmtoff=0, 360 .tm_gmtoff=0,
361 .tm_zone="GMT" 361 .tm_zone="UTC"
362 }, 362 },
363 }, 363 },
364 { 364 {
365 .descr="legacy min", 365 .descr="legacy min",
366 .timezone="right/UTC", 366 .timezone="right/GMT",
367 .time=-2147483648, 367 .time=-2147483648,
368 .local_tm= { 368 .local_tm= {
369 .tm_year=1, 369 .tm_year=1,
@@ -376,7 +376,7 @@ struct timetest timetests[] = {
376 .tm_yday=346, 376 .tm_yday=346,
377 .tm_isdst=0, 377 .tm_isdst=0,
378 .tm_gmtoff=0, 378 .tm_gmtoff=0,
379 .tm_zone="UTC" 379 .tm_zone="GMT"
380 }, 380 },
381 .gmt_tm= { 381 .gmt_tm= {
382 .tm_year=1, 382 .tm_year=1,
@@ -389,7 +389,7 @@ struct timetest timetests[] = {
389 .tm_yday=346, 389 .tm_yday=346,
390 .tm_isdst=0, 390 .tm_isdst=0,
391 .tm_gmtoff=0, 391 .tm_gmtoff=0,
392 .tm_zone="GMT" 392 .tm_zone="UTC"
393 }, 393 },
394 }, 394 },
395 { 395 {
@@ -420,12 +420,12 @@ struct timetest timetests[] = {
420 .tm_yday=346, 420 .tm_yday=346,
421 .tm_isdst=0, 421 .tm_isdst=0,
422 .tm_gmtoff=0, 422 .tm_gmtoff=0,
423 .tm_zone="GMT" 423 .tm_zone="UTC"
424 }, 424 },
425 }, 425 },
426 { 426 {
427 .descr="legacy min - 1", 427 .descr="legacy min - 1",
428 .timezone="right/UTC", 428 .timezone="right/GMT",
429 .time=-2147483649, 429 .time=-2147483649,
430 .local_tm= { 430 .local_tm= {
431 .tm_year=1, 431 .tm_year=1,
@@ -438,7 +438,7 @@ struct timetest timetests[] = {
438 .tm_yday=346, 438 .tm_yday=346,
439 .tm_isdst=0, 439 .tm_isdst=0,
440 .tm_gmtoff=0, 440 .tm_gmtoff=0,
441 .tm_zone="UTC" 441 .tm_zone="GMT"
442 }, 442 },
443 .gmt_tm= { 443 .gmt_tm= {
444 .tm_year=1, 444 .tm_year=1,
@@ -451,7 +451,7 @@ struct timetest timetests[] = {
451 .tm_yday=346, 451 .tm_yday=346,
452 .tm_isdst=0, 452 .tm_isdst=0,
453 .tm_gmtoff=0, 453 .tm_gmtoff=0,
454 .tm_zone="GMT" 454 .tm_zone="UTC"
455 }, 455 },
456 }, 456 },
457 { 457 {
@@ -482,12 +482,12 @@ struct timetest timetests[] = {
482 .tm_yday=18, 482 .tm_yday=18,
483 .tm_isdst=0, 483 .tm_isdst=0,
484 .tm_gmtoff=0, 484 .tm_gmtoff=0,
485 .tm_zone="GMT" 485 .tm_zone="UTC"
486 }, 486 },
487 }, 487 },
488 { 488 {
489 .descr="legacy max", 489 .descr="legacy max",
490 .timezone="right/UTC", 490 .timezone="right/GMT",
491 .time=2147483647, 491 .time=2147483647,
492 .local_tm= { 492 .local_tm= {
493 .tm_year=138, 493 .tm_year=138,
@@ -500,7 +500,7 @@ struct timetest timetests[] = {
500 .tm_yday=18, 500 .tm_yday=18,
501 .tm_isdst=0, 501 .tm_isdst=0,
502 .tm_gmtoff=0, 502 .tm_gmtoff=0,
503 .tm_zone="UTC" 503 .tm_zone="GMT"
504 }, 504 },
505 .gmt_tm= { 505 .gmt_tm= {
506 .tm_year=138, 506 .tm_year=138,
@@ -513,7 +513,7 @@ struct timetest timetests[] = {
513 .tm_yday=18, 513 .tm_yday=18,
514 .tm_isdst=0, 514 .tm_isdst=0,
515 .tm_gmtoff=0, 515 .tm_gmtoff=0,
516 .tm_zone="GMT" 516 .tm_zone="UTC"
517 }, 517 },
518 }, 518 },
519 { 519 {
@@ -544,12 +544,12 @@ struct timetest timetests[] = {
544 .tm_yday=18, 544 .tm_yday=18,
545 .tm_isdst=0, 545 .tm_isdst=0,
546 .tm_gmtoff=0, 546 .tm_gmtoff=0,
547 .tm_zone="GMT" 547 .tm_zone="UTC"
548 }, 548 },
549 }, 549 },
550 { 550 {
551 .descr="legacy max + 1", 551 .descr="legacy max + 1",
552 .timezone="right/UTC", 552 .timezone="right/GMT",
553 .time=2147483648, 553 .time=2147483648,
554 .local_tm= { 554 .local_tm= {
555 .tm_year=138, 555 .tm_year=138,
@@ -562,7 +562,7 @@ struct timetest timetests[] = {
562 .tm_yday=18, 562 .tm_yday=18,
563 .tm_isdst=0, 563 .tm_isdst=0,
564 .tm_gmtoff=0, 564 .tm_gmtoff=0,
565 .tm_zone="UTC" 565 .tm_zone="GMT"
566 }, 566 },
567 .gmt_tm= { 567 .gmt_tm= {
568 .tm_year=138, 568 .tm_year=138,
@@ -575,7 +575,7 @@ struct timetest timetests[] = {
575 .tm_yday=18, 575 .tm_yday=18,
576 .tm_isdst=0, 576 .tm_isdst=0,
577 .tm_gmtoff=0, 577 .tm_gmtoff=0,
578 .tm_zone="GMT" 578 .tm_zone="UTC"
579 }, 579 },
580 }, 580 },
581 { 581 {
@@ -611,7 +611,7 @@ struct timetest timetests[] = {
611 }, 611 },
612 { 612 {
613 .descr="min", 613 .descr="min",
614 .timezone="right/UTC", 614 .timezone="right/GMT",
615 .time=INT64_MIN, 615 .time=INT64_MIN,
616 .local_tm= { 616 .local_tm= {
617 .tm_year=0, 617 .tm_year=0,
@@ -704,7 +704,7 @@ struct timetest timetests[] = {
704 }, 704 },
705 { 705 {
706 .descr="max", 706 .descr="max",
707 .timezone="right/UTC", 707 .timezone="right/GMT",
708 .time=9223372036854775807, 708 .time=9223372036854775807,
709 .local_tm= { 709 .local_tm= {
710 .tm_year=0, 710 .tm_year=0,
@@ -792,7 +792,7 @@ struct timetest timetests[] = {
792 .tm_yday=30, 792 .tm_yday=30,
793 .tm_isdst=0, 793 .tm_isdst=0,
794 .tm_gmtoff=0, 794 .tm_gmtoff=0,
795 .tm_zone="GMT" 795 .tm_zone="UTC"
796 }, 796 },
797 }, 797 },
798 { 798 {
@@ -823,12 +823,12 @@ struct timetest timetests[] = {
823 .tm_yday=30, 823 .tm_yday=30,
824 .tm_isdst=0, 824 .tm_isdst=0,
825 .tm_gmtoff=0, 825 .tm_gmtoff=0,
826 .tm_zone="GMT" 826 .tm_zone="UTC"
827 }, 827 },
828 }, 828 },
829 { 829 {
830 .descr="maxint struct tm", 830 .descr="maxint struct tm",
831 .timezone="right/UTC", 831 .timezone="right/GMT",
832 .time=67767976204675199, 832 .time=67767976204675199,
833 .local_tm= { 833 .local_tm= {
834 .tm_year=2147481747, 834 .tm_year=2147481747,
@@ -841,7 +841,7 @@ struct timetest timetests[] = {
841 .tm_yday=30, 841 .tm_yday=30,
842 .tm_isdst=0, 842 .tm_isdst=0,
843 .tm_gmtoff=0, 843 .tm_gmtoff=0,
844 .tm_zone="UTC" 844 .tm_zone="GMT"
845 }, 845 },
846 .gmt_tm= { 846 .gmt_tm= {
847 .tm_year=2147481747, 847 .tm_year=2147481747,
@@ -854,12 +854,12 @@ struct timetest timetests[] = {
854 .tm_yday=30, 854 .tm_yday=30,
855 .tm_isdst=0, 855 .tm_isdst=0,
856 .tm_gmtoff=0, 856 .tm_gmtoff=0,
857 .tm_zone="GMT" 857 .tm_zone="UTC"
858 }, 858 },
859 }, 859 },
860 { 860 {
861 .descr="minint struct tm", 861 .descr="minint struct tm",
862 .timezone="right/UTC", 862 .timezone="right/GMT",
863 .time=-67768038398073601, 863 .time=-67768038398073601,
864 .local_tm= { 864 .local_tm= {
865 .tm_year=-2147483578, 865 .tm_year=-2147483578,
@@ -872,7 +872,7 @@ struct timetest timetests[] = {
872 .tm_yday=30, 872 .tm_yday=30,
873 .tm_isdst=0, 873 .tm_isdst=0,
874 .tm_gmtoff=0, 874 .tm_gmtoff=0,
875 .tm_zone="UTC" 875 .tm_zone="GMT"
876 }, 876 },
877 .gmt_tm= { 877 .gmt_tm= {
878 .tm_year=-2147483578, 878 .tm_year=-2147483578,
@@ -885,7 +885,7 @@ struct timetest timetests[] = {
885 .tm_yday=30, 885 .tm_yday=30,
886 .tm_isdst=0, 886 .tm_isdst=0,
887 .tm_gmtoff=0, 887 .tm_gmtoff=0,
888 .tm_zone="GMT" 888 .tm_zone="UTC"
889 }, 889 },
890 }, 890 },
891 { 891 {
@@ -916,12 +916,12 @@ struct timetest timetests[] = {
916 .tm_yday=0, 916 .tm_yday=0,
917 .tm_isdst=0, 917 .tm_isdst=0,
918 .tm_gmtoff=0, 918 .tm_gmtoff=0,
919 .tm_zone="GMT" 919 .tm_zone="UTC"
920 }, 920 },
921 }, 921 },
922 { 922 {
923 .descr="0000", 923 .descr="0000",
924 .timezone="right/UTC", 924 .timezone="right/GMT",
925 .time=-62167219200, 925 .time=-62167219200,
926 .local_tm= { 926 .local_tm= {
927 .tm_year=-1900, 927 .tm_year=-1900,
@@ -934,7 +934,7 @@ struct timetest timetests[] = {
934 .tm_yday=0, 934 .tm_yday=0,
935 .tm_isdst=0, 935 .tm_isdst=0,
936 .tm_gmtoff=0, 936 .tm_gmtoff=0,
937 .tm_zone="UTC" 937 .tm_zone="GMT"
938 }, 938 },
939 .gmt_tm= { 939 .gmt_tm= {
940 .tm_year=-1900, 940 .tm_year=-1900,
@@ -947,7 +947,7 @@ struct timetest timetests[] = {
947 .tm_yday=0, 947 .tm_yday=0,
948 .tm_isdst=0, 948 .tm_isdst=0,
949 .tm_gmtoff=0, 949 .tm_gmtoff=0,
950 .tm_zone="GMT" 950 .tm_zone="UTC"
951 }, 951 },
952 }, 952 },
953 { 953 {
@@ -978,7 +978,7 @@ struct timetest timetests[] = {
978 .tm_yday=0, 978 .tm_yday=0,
979 .tm_isdst=0, 979 .tm_isdst=0,
980 .tm_gmtoff=0, 980 .tm_gmtoff=0,
981 .tm_zone="GMT" 981 .tm_zone="UTC"
982 }, 982 },
983 }, 983 },
984 { 984 {
@@ -1009,12 +1009,12 @@ struct timetest timetests[] = {
1009 .tm_yday=364, 1009 .tm_yday=364,
1010 .tm_isdst=0, 1010 .tm_isdst=0,
1011 .tm_gmtoff=0, 1011 .tm_gmtoff=0,
1012 .tm_zone="GMT" 1012 .tm_zone="UTC"
1013 }, 1013 },
1014 }, 1014 },
1015 { 1015 {
1016 .descr="9999", 1016 .descr="9999",
1017 .timezone="right/UTC", 1017 .timezone="right/GMT",
1018 .time=253402300799, 1018 .time=253402300799,
1019 .local_tm= { 1019 .local_tm= {
1020 .tm_year=8099, 1020 .tm_year=8099,
@@ -1027,7 +1027,7 @@ struct timetest timetests[] = {
1027 .tm_yday=364, 1027 .tm_yday=364,
1028 .tm_isdst=0, 1028 .tm_isdst=0,
1029 .tm_gmtoff=0, 1029 .tm_gmtoff=0,
1030 .tm_zone="UTC" 1030 .tm_zone="GMT"
1031 }, 1031 },
1032 .gmt_tm= { 1032 .gmt_tm= {
1033 .tm_year=8099, 1033 .tm_year=8099,
@@ -1040,7 +1040,7 @@ struct timetest timetests[] = {
1040 .tm_yday=364, 1040 .tm_yday=364,
1041 .tm_isdst=0, 1041 .tm_isdst=0,
1042 .tm_gmtoff=0, 1042 .tm_gmtoff=0,
1043 .tm_zone="GMT" 1043 .tm_zone="UTC"
1044 }, 1044 },
1045 }, 1045 },
1046 { 1046 {
@@ -1071,7 +1071,7 @@ struct timetest timetests[] = {
1071 .tm_yday=364, 1071 .tm_yday=364,
1072 .tm_isdst=0, 1072 .tm_isdst=0,
1073 .tm_gmtoff=0, 1073 .tm_gmtoff=0,
1074 .tm_zone="GMT" 1074 .tm_zone="UTC"
1075 }, 1075 },
1076 }, 1076 },
1077 { 1077 {
@@ -1102,7 +1102,7 @@ struct timetest timetests[] = {
1102 .tm_yday=0, 1102 .tm_yday=0,
1103 .tm_isdst=0, 1103 .tm_isdst=0,
1104 .tm_gmtoff=0, 1104 .tm_gmtoff=0,
1105 .tm_zone="GMT" 1105 .tm_zone="UTC"
1106 }, 1106 },
1107 }, 1107 },
1108 { 1108 {
@@ -1133,7 +1133,7 @@ struct timetest timetests[] = {
1133 .tm_yday=0, 1133 .tm_yday=0,
1134 .tm_isdst=0, 1134 .tm_isdst=0,
1135 .tm_gmtoff=0, 1135 .tm_gmtoff=0,
1136 .tm_zone="GMT" 1136 .tm_zone="UTC"
1137 }, 1137 },
1138 }, 1138 },
1139 { 1139 {
@@ -1164,12 +1164,12 @@ struct timetest timetests[] = {
1164 .tm_yday=0, 1164 .tm_yday=0,
1165 .tm_isdst=0, 1165 .tm_isdst=0,
1166 .tm_gmtoff=0, 1166 .tm_gmtoff=0,
1167 .tm_zone="GMT" 1167 .tm_zone="UTC"
1168 }, 1168 },
1169 }, 1169 },
1170 { 1170 {
1171 .descr="leap second - 1", 1171 .descr="leap second - 1",
1172 .timezone="right/UTC", 1172 .timezone="right/GMT",
1173 .time=1483228825, 1173 .time=1483228825,
1174 .local_tm= { 1174 .local_tm= {
1175 .tm_year=116, 1175 .tm_year=116,
@@ -1182,7 +1182,7 @@ struct timetest timetests[] = {
1182 .tm_yday=365, 1182 .tm_yday=365,
1183 .tm_isdst=0, 1183 .tm_isdst=0,
1184 .tm_gmtoff=0, 1184 .tm_gmtoff=0,
1185 .tm_zone="UTC" 1185 .tm_zone="GMT"
1186 }, 1186 },
1187 .gmt_tm= { 1187 .gmt_tm= {
1188 .tm_year=117, 1188 .tm_year=117,
@@ -1195,12 +1195,12 @@ struct timetest timetests[] = {
1195 .tm_yday=0, 1195 .tm_yday=0,
1196 .tm_isdst=0, 1196 .tm_isdst=0,
1197 .tm_gmtoff=0, 1197 .tm_gmtoff=0,
1198 .tm_zone="GMT" 1198 .tm_zone="UTC"
1199 }, 1199 },
1200 }, 1200 },
1201 { 1201 {
1202 .descr="leap second", 1202 .descr="leap second",
1203 .timezone="right/UTC", 1203 .timezone="right/GMT",
1204 .time=1483228826, 1204 .time=1483228826,
1205 .local_tm= { 1205 .local_tm= {
1206 .tm_year=116, 1206 .tm_year=116,
@@ -1213,7 +1213,7 @@ struct timetest timetests[] = {
1213 .tm_yday=365, 1213 .tm_yday=365,
1214 .tm_isdst=0, 1214 .tm_isdst=0,
1215 .tm_gmtoff=0, 1215 .tm_gmtoff=0,
1216 .tm_zone="UTC" 1216 .tm_zone="GMT"
1217 }, 1217 },
1218 .gmt_tm= { 1218 .gmt_tm= {
1219 .tm_year=117, 1219 .tm_year=117,
@@ -1226,12 +1226,12 @@ struct timetest timetests[] = {
1226 .tm_yday=0, 1226 .tm_yday=0,
1227 .tm_isdst=0, 1227 .tm_isdst=0,
1228 .tm_gmtoff=0, 1228 .tm_gmtoff=0,
1229 .tm_zone="GMT" 1229 .tm_zone="UTC"
1230 }, 1230 },
1231 }, 1231 },
1232 { 1232 {
1233 .descr="leap second + 1", 1233 .descr="leap second + 1",
1234 .timezone="right/UTC", 1234 .timezone="right/GMT",
1235 .time=1483228827, 1235 .time=1483228827,
1236 .local_tm= { 1236 .local_tm= {
1237 .tm_year=117, 1237 .tm_year=117,
@@ -1244,7 +1244,7 @@ struct timetest timetests[] = {
1244 .tm_yday=0, 1244 .tm_yday=0,
1245 .tm_isdst=0, 1245 .tm_isdst=0,
1246 .tm_gmtoff=0, 1246 .tm_gmtoff=0,
1247 .tm_zone="UTC" 1247 .tm_zone="GMT"
1248 }, 1248 },
1249 .gmt_tm= { 1249 .gmt_tm= {
1250 .tm_year=117, 1250 .tm_year=117,
@@ -1257,7 +1257,7 @@ struct timetest timetests[] = {
1257 .tm_yday=0, 1257 .tm_yday=0,
1258 .tm_isdst=0, 1258 .tm_isdst=0,
1259 .tm_gmtoff=0, 1259 .tm_gmtoff=0,
1260 .tm_zone="GMT" 1260 .tm_zone="UTC"
1261 }, 1261 },
1262 }, 1262 },
1263 { 1263 {
@@ -1288,7 +1288,7 @@ struct timetest timetests[] = {
1288 .tm_yday=0, 1288 .tm_yday=0,
1289 .tm_isdst=0, 1289 .tm_isdst=0,
1290 .tm_gmtoff=0, 1290 .tm_gmtoff=0,
1291 .tm_zone="GMT" 1291 .tm_zone="UTC"
1292 }, 1292 },
1293 }, 1293 },
1294 { 1294 {
@@ -1319,7 +1319,7 @@ struct timetest timetests[] = {
1319 .tm_yday=0, 1319 .tm_yday=0,
1320 .tm_isdst=0, 1320 .tm_isdst=0,
1321 .tm_gmtoff=0, 1321 .tm_gmtoff=0,
1322 .tm_zone="GMT" 1322 .tm_zone="UTC"
1323 }, 1323 },
1324 }, 1324 },
1325 { 1325 {
@@ -1350,7 +1350,7 @@ struct timetest timetests[] = {
1350 .tm_yday=0, 1350 .tm_yday=0,
1351 .tm_isdst=0, 1351 .tm_isdst=0,
1352 .tm_gmtoff=0, 1352 .tm_gmtoff=0,
1353 .tm_zone="GMT" 1353 .tm_zone="UTC"
1354 }, 1354 },
1355 }, 1355 },
1356 { 1356 {
@@ -1381,7 +1381,7 @@ struct timetest timetests[] = {
1381 .tm_yday=72, 1381 .tm_yday=72,
1382 .tm_isdst=0, 1382 .tm_isdst=0,
1383 .tm_gmtoff=0, 1383 .tm_gmtoff=0,
1384 .tm_zone="GMT" 1384 .tm_zone="UTC"
1385 }, 1385 },
1386 }, 1386 },
1387 { 1387 {
@@ -1412,7 +1412,7 @@ struct timetest timetests[] = {
1412 .tm_yday=72, 1412 .tm_yday=72,
1413 .tm_isdst=0, 1413 .tm_isdst=0,
1414 .tm_gmtoff=0, 1414 .tm_gmtoff=0,
1415 .tm_zone="GMT" 1415 .tm_zone="UTC"
1416 }, 1416 },
1417 }, 1417 },
1418 { 1418 {
@@ -1443,7 +1443,7 @@ struct timetest timetests[] = {
1443 .tm_yday=72, 1443 .tm_yday=72,
1444 .tm_isdst=0, 1444 .tm_isdst=0,
1445 .tm_gmtoff=0, 1445 .tm_gmtoff=0,
1446 .tm_zone="GMT" 1446 .tm_zone="UTC"
1447 }, 1447 },
1448 }, 1448 },
1449 { 1449 {
@@ -1474,7 +1474,7 @@ struct timetest timetests[] = {
1474 .tm_yday=72, 1474 .tm_yday=72,
1475 .tm_isdst=0, 1475 .tm_isdst=0,
1476 .tm_gmtoff=0, 1476 .tm_gmtoff=0,
1477 .tm_zone="GMT" 1477 .tm_zone="UTC"
1478 }, 1478 },
1479 }, 1479 },
1480 { 1480 {
@@ -1505,7 +1505,7 @@ struct timetest timetests[] = {
1505 .tm_yday=72, 1505 .tm_yday=72,
1506 .tm_isdst=0, 1506 .tm_isdst=0,
1507 .tm_gmtoff=0, 1507 .tm_gmtoff=0,
1508 .tm_zone="GMT" 1508 .tm_zone="UTC"
1509 }, 1509 },
1510 }, 1510 },
1511 { 1511 {
@@ -1536,7 +1536,7 @@ struct timetest timetests[] = {
1536 .tm_yday=72, 1536 .tm_yday=72,
1537 .tm_isdst=0, 1537 .tm_isdst=0,
1538 .tm_gmtoff=0, 1538 .tm_gmtoff=0,
1539 .tm_zone="GMT" 1539 .tm_zone="UTC"
1540 }, 1540 },
1541 }, 1541 },
1542 { 1542 {
@@ -1567,7 +1567,7 @@ struct timetest timetests[] = {
1567 .tm_yday=310, 1567 .tm_yday=310,
1568 .tm_isdst=0, 1568 .tm_isdst=0,
1569 .tm_gmtoff=0, 1569 .tm_gmtoff=0,
1570 .tm_zone="GMT" 1570 .tm_zone="UTC"
1571 }, 1571 },
1572 }, 1572 },
1573 { 1573 {
@@ -1598,7 +1598,7 @@ struct timetest timetests[] = {
1598 .tm_yday=310, 1598 .tm_yday=310,
1599 .tm_isdst=0, 1599 .tm_isdst=0,
1600 .tm_gmtoff=0, 1600 .tm_gmtoff=0,
1601 .tm_zone="GMT" 1601 .tm_zone="UTC"
1602 }, 1602 },
1603 }, 1603 },
1604 { 1604 {
@@ -1629,7 +1629,7 @@ struct timetest timetests[] = {
1629 .tm_yday=310, 1629 .tm_yday=310,
1630 .tm_isdst=0, 1630 .tm_isdst=0,
1631 .tm_gmtoff=0, 1631 .tm_gmtoff=0,
1632 .tm_zone="GMT" 1632 .tm_zone="UTC"
1633 }, 1633 },
1634 }, 1634 },
1635 { 1635 {
@@ -1660,7 +1660,7 @@ struct timetest timetests[] = {
1660 .tm_yday=310, 1660 .tm_yday=310,
1661 .tm_isdst=0, 1661 .tm_isdst=0,
1662 .tm_gmtoff=0, 1662 .tm_gmtoff=0,
1663 .tm_zone="GMT" 1663 .tm_zone="UTC"
1664 }, 1664 },
1665 }, 1665 },
1666 { 1666 {
@@ -1691,7 +1691,7 @@ struct timetest timetests[] = {
1691 .tm_yday=310, 1691 .tm_yday=310,
1692 .tm_isdst=0, 1692 .tm_isdst=0,
1693 .tm_gmtoff=0, 1693 .tm_gmtoff=0,
1694 .tm_zone="GMT" 1694 .tm_zone="UTC"
1695 }, 1695 },
1696 }, 1696 },
1697 { 1697 {
@@ -1722,7 +1722,7 @@ struct timetest timetests[] = {
1722 .tm_yday=310, 1722 .tm_yday=310,
1723 .tm_isdst=0, 1723 .tm_isdst=0,
1724 .tm_gmtoff=0, 1724 .tm_gmtoff=0,
1725 .tm_zone="GMT" 1725 .tm_zone="UTC"
1726 }, 1726 },
1727 }, 1727 },
1728 { 1728 {
diff --git a/src/regress/lib/libcrypto/aes/aes_test.c b/src/regress/lib/libcrypto/aes/aes_test.c
index 37bee05ca7..8d5947a031 100644
--- a/src/regress/lib/libcrypto/aes/aes_test.c
+++ b/src/regress/lib/libcrypto/aes/aes_test.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: aes_test.c,v 1.3 2023/09/28 08:21:43 tb Exp $ */ 1/* $OpenBSD: aes_test.c,v 1.5 2025/07/05 14:32:47 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2022 Joshua Sing <joshua@hypera.dev> 3 * Copyright (c) 2022 Joshua Sing <joshua@hypera.dev>
4 * 4 *
@@ -524,6 +524,161 @@ static const struct aes_test aes_tests[] = {
524 }, 524 },
525 .out_len = 64, 525 .out_len = 64,
526 }, 526 },
527
528 /* XTS128 - Test vectors from NIST SP 800-38A */
529 {
530 /* XTSGenAES128 1 */
531 .mode = NID_aes_128_xts,
532 .key = {
533 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
534 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
535 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
536 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f,
537 },
538 .iv = {
539 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
540 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5,
541 },
542 .iv_len = 16,
543 .in = {
544 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
545 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
546 },
547 .in_len = 16,
548 .out = {
549 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
550 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63,
551 },
552 .out_len = 16,
553 },
554 {
555 /* XTSGenAES128 385 */
556 .mode = NID_aes_128_xts,
557 .key = {
558 0xb8, 0xdb, 0x0b, 0x9e, 0x63, 0xf5, 0xf0, 0xe6,
559 0x60, 0x97, 0x98, 0xa6, 0xcb, 0x42, 0xbb, 0x5b,
560 0x5d, 0x71, 0x39, 0xbb, 0x95, 0x57, 0x99, 0xf5,
561 0x2a, 0x7c, 0x58, 0x1f, 0x84, 0x63, 0x31, 0x76,
562 },
563 .iv = {
564 0x8d, 0x46, 0xf9, 0x67, 0x01, 0x16, 0x7a, 0x1d,
565 0x77, 0xcd, 0x1e, 0x44, 0xda, 0x92, 0xf3, 0xa8,
566 },
567 .iv_len = 16,
568 .in = {
569 0xb4, 0x64, 0x4d, 0xc1, 0xb3, 0x8d, 0xd5, 0x98,
570 0xca, 0x84, 0x0a, 0x82, 0xd4, 0xd9, 0xc0, 0x65,
571 0x67, 0x23, 0xb1, 0x58, 0x01, 0xaa, 0x18, 0xe6,
572 0x6e,
573 },
574 .in_len = 25,
575 .out = {
576 0x09, 0x28, 0x8c, 0xf5, 0x1f, 0x1e, 0xb4, 0xad,
577 0xb8, 0x54, 0x23, 0xd0, 0xe0, 0xd6, 0xe9, 0x58,
578 0x18, 0x87, 0x06, 0xaf, 0x26, 0x0e, 0x24, 0x67,
579 0x4e,
580 },
581 .out_len = 25,
582 },
583 {
584 /* XTSGenAES128 404 */
585 .mode = NID_aes_128_xts,
586 .key = {
587 0xbe, 0x5c, 0xf1, 0xf9, 0x9d, 0x51, 0x59, 0xf2,
588 0x11, 0xdb, 0xc4, 0xc1, 0x47, 0xf7, 0x9c, 0x55,
589 0x6b, 0x2d, 0xa5, 0xc6, 0x91, 0xde, 0xed, 0x74,
590 0x0d, 0x01, 0x57, 0xea, 0xb8, 0xc9, 0xc8, 0x9a,
591 },
592 .iv = {
593 0x89, 0x24, 0x86, 0x24, 0xb6, 0x96, 0xcf, 0x9c,
594 0xb1, 0xb5, 0x77, 0x9c, 0xdc, 0xbc, 0xfe, 0x1c,
595 },
596 .iv_len = 16,
597 .in = {
598 0x3b, 0x80, 0xf8, 0x22, 0xc4, 0xee, 0xe1, 0x31,
599 0x3f, 0x79, 0xca, 0x3d, 0xb1, 0x34, 0xd9, 0xca,
600 0x8b, 0x09, 0xa3, 0x53, 0x4d, 0x4e, 0x18, 0xe6,
601 0x43, 0x9e, 0x1c, 0xdb, 0x86, 0x18, 0x2a, 0x4f,
602 },
603 .in_len = 32,
604 .out = {
605 0x4b, 0x6a, 0xf4, 0x3a, 0x88, 0xb6, 0x33, 0xeb,
606 0xd1, 0xe1, 0x27, 0xc1, 0xec, 0x90, 0xcc, 0x47,
607 0xa2, 0xf1, 0x6e, 0x3b, 0xc7, 0x9f, 0x88, 0x45,
608 0xe3, 0xbd, 0x00, 0x25, 0xda, 0x87, 0x26, 0x45,
609 },
610 .out_len = 32,
611 },
612 {
613 /* XTSGenAES256 1 */
614 .mode = NID_aes_256_xts,
615 .key = {
616 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
617 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
618 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
619 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
620 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
621 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
622 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
623 0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08,
624 },
625 .iv = {
626 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
627 0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64,
628 },
629 .iv_len = 16,
630 .in = {
631 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1,
632 0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64,
633 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
634 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e,
635 },
636 .in_len = 32,
637 .out = {
638 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5,
639 0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13,
640 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
641 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb,
642 },
643 .out_len = 32,
644 },
645 {
646 /* XTSGenAES256 172 */
647 .mode = NID_aes_256_xts,
648 .key= {
649 0x5c, 0x7f, 0x7a, 0x36, 0x08, 0x01, 0x78, 0x43,
650 0x00, 0x83, 0xff, 0x54, 0x92, 0xef, 0x77, 0x26,
651 0x0f, 0x68, 0x0a, 0x15, 0xa7, 0x66, 0x24, 0xb8,
652 0x9e, 0x85, 0x4c, 0x94, 0xf0, 0x48, 0x8a, 0x9e,
653 0x7d, 0xaa, 0x4f, 0x33, 0x01, 0x1f, 0x91, 0xdf,
654 0x5e, 0x33, 0x80, 0x53, 0xf4, 0x6c, 0xee, 0x65,
655 0x0f, 0xb0, 0xee, 0x69, 0xf8, 0xc2, 0x15, 0x75,
656 0x5a, 0x4a, 0x63, 0xcd, 0x42, 0x28, 0xc2, 0x19,
657 },
658 .iv = {
659 0xa4, 0x01, 0xd7, 0x3c, 0x88, 0x75, 0xe7, 0x59,
660 0xaa, 0x3e, 0xef, 0x53, 0xe0, 0xfb, 0x62, 0x63,
661 },
662 .iv_len = 16,
663 .in = {
664 0xb1, 0xe6, 0x29, 0xa6, 0x2a, 0x03, 0xca, 0x96,
665 0x9b, 0x16, 0x91, 0x52, 0x02, 0xbc, 0xaa, 0x09,
666 0xe7, 0x8a, 0xe1, 0x85, 0x1b, 0xc8, 0x85, 0x81,
667 0x16, 0x49, 0x68, 0xa5, 0x65, 0x6c, 0x82, 0xc0,
668 0xe5, 0xc4, 0x03, 0xba, 0x54, 0xb9, 0xb5, 0xed,
669 0x9b, 0xab, 0xe8, 0xb0, 0x75, 0x1d, 0x1b, 0x34,
670 },
671 .in_len = 48,
672 .out = {
673 0xf5, 0xbc, 0xa6, 0x0f, 0xb9, 0x35, 0x2b, 0x1d,
674 0xe0, 0x4d, 0x71, 0x29, 0x40, 0x56, 0x26, 0xb3,
675 0xa4, 0x74, 0xa2, 0x64, 0xfb, 0xac, 0x2d, 0x6b,
676 0xe1, 0x19, 0xe1, 0xd5, 0x7a, 0xa9, 0x98, 0xd0,
677 0xe0, 0xe4, 0xd9, 0xf9, 0xc9, 0x76, 0x21, 0x0d,
678 0x93, 0xc4, 0x65, 0xa3, 0xe3, 0x60, 0xcd, 0x92,
679 },
680 .out_len = 48,
681 },
527}; 682};
528 683
529#define N_AES_TESTS (sizeof(aes_tests) / sizeof(aes_tests[0])) 684#define N_AES_TESTS (sizeof(aes_tests) / sizeof(aes_tests[0]))
@@ -542,7 +697,10 @@ aes_ecb_test(size_t test_number, const char *label, int key_bits,
542 697
543 /* Encryption */ 698 /* Encryption */
544 memset(out, 0, sizeof(out)); 699 memset(out, 0, sizeof(out));
545 AES_set_encrypt_key(at->key, key_bits, &key); 700 if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
701 fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
702 return 0;
703 }
546 AES_ecb_encrypt(at->in, out, &key, 1); 704 AES_ecb_encrypt(at->in, out, &key, 1);
547 705
548 if (memcmp(at->out, out, at->out_len) != 0) { 706 if (memcmp(at->out, out, at->out_len) != 0) {
@@ -553,7 +711,10 @@ aes_ecb_test(size_t test_number, const char *label, int key_bits,
553 711
554 /* Decryption */ 712 /* Decryption */
555 memset(out, 0, sizeof(out)); 713 memset(out, 0, sizeof(out));
556 AES_set_decrypt_key(at->key, key_bits, &key); 714 if (AES_set_decrypt_key(at->key, key_bits, &key) != 0) {
715 fprintf(stderr, "FAIL (%s:%zu): AES_set_decrypt_key failed\n", label, test_number);
716 return 0;
717 }
557 AES_ecb_encrypt(at->out, out, &key, 0); 718 AES_ecb_encrypt(at->out, out, &key, 0);
558 719
559 if (memcmp(at->in, out, at->in_len) != 0) { 720 if (memcmp(at->in, out, at->in_len) != 0) {
@@ -582,7 +743,10 @@ aes_cbc_test(size_t test_number, const char *label, int key_bits,
582 /* Encryption */ 743 /* Encryption */
583 memset(out, 0, sizeof(out)); 744 memset(out, 0, sizeof(out));
584 memcpy(iv, at->iv, at->iv_len); 745 memcpy(iv, at->iv, at->iv_len);
585 AES_set_encrypt_key(at->key, key_bits, &key); 746 if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
747 fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
748 return 0;
749 }
586 AES_cbc_encrypt(at->in, out, at->in_len, &key, iv, 1); 750 AES_cbc_encrypt(at->in, out, at->in_len, &key, iv, 1);
587 751
588 if (memcmp(at->out, out, at->out_len) != 0) { 752 if (memcmp(at->out, out, at->out_len) != 0) {
@@ -594,7 +758,10 @@ aes_cbc_test(size_t test_number, const char *label, int key_bits,
594 /* Decryption */ 758 /* Decryption */
595 memset(out, 0, sizeof(out)); 759 memset(out, 0, sizeof(out));
596 memcpy(iv, at->iv, at->iv_len); 760 memcpy(iv, at->iv, at->iv_len);
597 AES_set_decrypt_key(at->key, key_bits, &key); 761 if (AES_set_decrypt_key(at->key, key_bits, &key) != 0) {
762 fprintf(stderr, "FAIL (%s:%zu): AES_set_decrypt_key failed\n", label, test_number);
763 return 0;
764 }
598 AES_cbc_encrypt(at->out, out, at->out_len, &key, iv, 0); 765 AES_cbc_encrypt(at->out, out, at->out_len, &key, iv, 0);
599 766
600 if (memcmp(at->in, out, at->in_len) != 0) { 767 if (memcmp(at->in, out, at->in_len) != 0) {
@@ -607,6 +774,96 @@ aes_cbc_test(size_t test_number, const char *label, int key_bits,
607} 774}
608 775
609static int 776static int
777aes_cfb128_test(size_t test_number, const char *label, int key_bits,
778 const struct aes_test *at)
779{
780 AES_KEY key;
781 uint8_t out[64];
782 uint8_t iv[16];
783 int num = 0;
784
785 /* CFB mode has no padding */
786
787 /* Encryption */
788 memset(out, 0, sizeof(out));
789 memcpy(iv, at->iv, at->iv_len);
790 if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
791 fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
792 return 0;
793 }
794 AES_cfb128_encrypt(at->in, out, at->in_len, &key, iv, &num, AES_ENCRYPT);
795
796 if (memcmp(at->out, out, at->out_len) != 0) {
797 fprintf(stderr, "FAIL (%s:%zu): encryption mismatch\n",
798 label, test_number);
799 return 0;
800 }
801
802 /* Decryption */
803 memset(out, 0, sizeof(out));
804 memcpy(iv, at->iv, at->iv_len);
805 num = 0;
806 if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
807 fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
808 return 0;
809 }
810 AES_cfb128_encrypt(at->out, out, at->out_len, &key, iv, &num, AES_DECRYPT);
811
812 if (memcmp(at->in, out, at->in_len) != 0) {
813 fprintf(stderr, "FAIL (%s:%zu): decryption mismatch\n",
814 label, test_number);
815 return 0;
816 }
817
818 return 1;
819}
820
821static int
822aes_ofb128_test(size_t test_number, const char *label, int key_bits,
823 const struct aes_test *at)
824{
825 AES_KEY key;
826 uint8_t out[64];
827 uint8_t iv[16];
828 int num = 0;
829
830 /* OFB mode has no padding */
831
832 /* Encryption */
833 memset(out, 0, sizeof(out));
834 memcpy(iv, at->iv, at->iv_len);
835 if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
836 fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
837 return 0;
838 }
839 AES_ofb128_encrypt(at->in, out, at->in_len, &key, iv, &num);
840
841 if (memcmp(at->out, out, at->out_len) != 0) {
842 fprintf(stderr, "FAIL (%s:%zu): encryption mismatch\n",
843 label, test_number);
844 return 0;
845 }
846
847 /* Decryption */
848 memset(out, 0, sizeof(out));
849 memcpy(iv, at->iv, at->iv_len);
850 num = 0;
851 if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
852 fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
853 return 0;
854 }
855 AES_ofb128_encrypt(at->out, out, at->out_len, &key, iv, &num);
856
857 if (memcmp(at->in, out, at->in_len) != 0) {
858 fprintf(stderr, "FAIL (%s:%zu): decryption mismatch\n",
859 label, test_number);
860 return 0;
861 }
862
863 return 1;
864}
865
866static int
610aes_evp_test(size_t test_number, const struct aes_test *at, const char *label, 867aes_evp_test(size_t test_number, const struct aes_test *at, const char *label,
611 int key_bits, const EVP_CIPHER *cipher) 868 int key_bits, const EVP_CIPHER *cipher)
612{ 869{
@@ -649,6 +906,10 @@ aes_evp_test(size_t test_number, const struct aes_test *at, const char *label,
649 if (in_len > at->in_len - i) 906 if (in_len > at->in_len - i)
650 in_len = at->in_len - i; 907 in_len = at->in_len - i;
651 908
909 /* XTS needs to be single shot. */
910 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_XTS_MODE)
911 in_len = at->in_len;
912
652 if (!EVP_EncryptUpdate(ctx, out + total_len, &out_len, 913 if (!EVP_EncryptUpdate(ctx, out + total_len, &out_len,
653 at->in + i, in_len)) { 914 at->in + i, in_len)) {
654 fprintf(stderr, 915 fprintf(stderr,
@@ -715,6 +976,10 @@ aes_evp_test(size_t test_number, const struct aes_test *at, const char *label,
715 if (in_len > at->out_len - i) 976 if (in_len > at->out_len - i)
716 in_len = at->out_len - i; 977 in_len = at->out_len - i;
717 978
979 /* XTS needs to be single shot. */
980 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_XTS_MODE)
981 in_len = at->in_len;
982
718 if (!EVP_DecryptUpdate(ctx, out + total_len, &out_len, 983 if (!EVP_DecryptUpdate(ctx, out + total_len, &out_len,
719 at->out + i, in_len)) { 984 at->out + i, in_len)) {
720 fprintf(stderr, 985 fprintf(stderr,
@@ -881,6 +1146,16 @@ aes_cipher_from_nid(int nid, const char **out_label,
881 *out_cipher = EVP_aes_256_ccm(); 1146 *out_cipher = EVP_aes_256_ccm();
882 break; 1147 break;
883 1148
1149 /* XTS */
1150 case NID_aes_128_xts:
1151 *out_label = SN_aes_128_xts;
1152 *out_cipher = EVP_aes_128_xts();
1153 break;
1154 case NID_aes_256_xts:
1155 *out_label = SN_aes_256_xts;
1156 *out_cipher = EVP_aes_256_xts();
1157 break;
1158
884 /* Unknown */ 1159 /* Unknown */
885 default: 1160 default:
886 return 0; 1161 return 0;
@@ -902,8 +1177,10 @@ aes_test(void)
902 for (i = 0; i < N_AES_TESTS; i++) { 1177 for (i = 0; i < N_AES_TESTS; i++) {
903 at = &aes_tests[i]; 1178 at = &aes_tests[i];
904 key_bits = aes_key_bits_from_nid(at->mode); 1179 key_bits = aes_key_bits_from_nid(at->mode);
905 if (!aes_cipher_from_nid(at->mode, &label, &cipher)) 1180 if (!aes_cipher_from_nid(at->mode, &label, &cipher)) {
1181 fprintf(stderr, "unknown cipher\n");
906 goto failed; 1182 goto failed;
1183 }
907 1184
908 switch (at->mode) { 1185 switch (at->mode) {
909 /* ECB */ 1186 /* ECB */
@@ -926,14 +1203,16 @@ aes_test(void)
926 case NID_aes_128_cfb128: 1203 case NID_aes_128_cfb128:
927 case NID_aes_192_cfb128: 1204 case NID_aes_192_cfb128:
928 case NID_aes_256_cfb128: 1205 case NID_aes_256_cfb128:
929 /* XXX - CFB128 non-EVP tests */ 1206 if (!aes_cfb128_test(i, label, key_bits, at))
1207 goto failed;
930 break; 1208 break;
931 1209
932 /* OFB128 */ 1210 /* OFB128 */
933 case NID_aes_128_ofb128: 1211 case NID_aes_128_ofb128:
934 case NID_aes_192_ofb128: 1212 case NID_aes_192_ofb128:
935 case NID_aes_256_ofb128: 1213 case NID_aes_256_ofb128:
936 /* XXX - OFB128 non-EVP tests */ 1214 if (!aes_ofb128_test(i, label, key_bits, at))
1215 goto failed;
937 break; 1216 break;
938 1217
939 /* GCM */ 1218 /* GCM */
@@ -947,7 +1226,13 @@ aes_test(void)
947 case NID_aes_128_ccm: 1226 case NID_aes_128_ccm:
948 case NID_aes_192_ccm: 1227 case NID_aes_192_ccm:
949 case NID_aes_256_ccm: 1228 case NID_aes_256_ccm:
950 /* XXX - CCM non-EVP tests */ 1229 /* CCM is EVP-only */
1230 break;
1231
1232 /* XTS */
1233 case NID_aes_128_xts:
1234 case NID_aes_256_xts:
1235 /* XTS is EVP-only */
951 break; 1236 break;
952 1237
953 /* Unknown */ 1238 /* Unknown */
diff --git a/src/regress/lib/libcrypto/asn1/Makefile b/src/regress/lib/libcrypto/asn1/Makefile
index 1ba2fecf23..23a01ab600 100644
--- a/src/regress/lib/libcrypto/asn1/Makefile
+++ b/src/regress/lib/libcrypto/asn1/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.28 2024/02/29 20:03:47 tb Exp $ 1# $OpenBSD: Makefile,v 1.30 2026/01/04 09:51:42 tb Exp $
2 2
3PROGS = \ 3PROGS = \
4 asn1api \ 4 asn1api \
diff --git a/src/regress/lib/libcrypto/asn1/asn1basic.c b/src/regress/lib/libcrypto/asn1/asn1basic.c
index 1a873bf25d..0666e5b061 100644
--- a/src/regress/lib/libcrypto/asn1/asn1basic.c
+++ b/src/regress/lib/libcrypto/asn1/asn1basic.c
@@ -1,6 +1,7 @@
1/* $OpenBSD: asn1basic.c,v 1.16 2024/02/04 13:07:02 tb Exp $ */ 1/* $OpenBSD: asn1basic.c,v 1.20 2026/01/04 09:43:52 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2017, 2021 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017, 2021 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2021 Google, Inc
4 * Copyright (c) 2023 Theo Buehler <tb@openbsd.org> 5 * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
5 * 6 *
6 * Permission to use, copy, modify, and distribute this software for any 7 * Permission to use, copy, modify, and distribute this software for any
@@ -65,6 +66,14 @@ const uint8_t asn1_bit_string_primitive[] = {
65 0x04, 0x0a, 0x3b, 0x5f, 0x29, 0x1c, 0xd0, 66 0x04, 0x0a, 0x3b, 0x5f, 0x29, 0x1c, 0xd0,
66}; 67};
67 68
69static const uint8_t asn1_bit_string_trailing_zeroes[] = {
70 0x04, 0x00
71};
72
73static const uint8_t asn1_bit_string_trailing_zeroes_encoded[] = {
74 0x03, 0x02, 0x02, 0x04,
75};
76
68static int 77static int
69asn1_bit_string_test(void) 78asn1_bit_string_test(void)
70{ 79{
@@ -165,6 +174,35 @@ asn1_bit_string_test(void)
165 sizeof(asn1_bit_string_primitive))) 174 sizeof(asn1_bit_string_primitive)))
166 goto failed; 175 goto failed;
167 176
177 /*
178 * ASN1_STRING_set() truncates and determines unused bits
179 */
180
181 ASN1_BIT_STRING_free(abs);
182 abs = NULL;
183 if ((abs = ASN1_BIT_STRING_new()) == NULL) {
184 fprintf(stderr, "FAIL: ASN1_BIT_STRING_new\n");
185 goto failed;
186 }
187
188 if (!ASN1_STRING_set(abs, asn1_bit_string_trailing_zeroes,
189 sizeof(asn1_bit_string_trailing_zeroes))) {
190 fprintf(stderr, "FAIL: BIT STRING ASN1_BIT_STRING_set trailing zeroes\n");
191 goto failed;
192 }
193
194 freezero(p, len);
195 p = NULL;
196 if ((len = i2d_ASN1_BIT_STRING(abs, &p)) <= 0) {
197 fprintf(stderr, "FAIL: i2d_ASN1_BIT_STRING\n");
198 len = 0;
199 goto failed;
200 }
201 if (!asn1_compare_bytes("BIT STRING trailing zeroes", p, len,
202 asn1_bit_string_trailing_zeroes_encoded,
203 sizeof(asn1_bit_string_trailing_zeroes_encoded)))
204 goto failed;
205
168 failed = 0; 206 failed = 0;
169 207
170 failed: 208 failed:
@@ -174,6 +212,459 @@ asn1_bit_string_test(void)
174 return failed; 212 return failed;
175} 213}
176 214
215static const uint8_t asn1_bit_string_empty[] = {
216 0x03, 0x01, 0x00,
217};
218
219static const uint8_t asn1_bit_string_1101[] = {
220 0x03, 0x02, 0x04, 0xd0,
221};
222
223static const uint8_t asn1_bit_string_1001[] = {
224 0x03, 0x02, 0x04, 0x90,
225};
226
227static const uint8_t asn1_bit_string_1[] = {
228 0x03, 0x02, 0x07, 0x80,
229};
230
231static const uint8_t asn1_bit_string_1zeroes1[] = {
232 0x03, 0x09, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00,
233 0x00, 0x00, 0x01,
234};
235
236static const uint8_t asn1_bit_string_10010[] = {
237 0x03, 0x02, 0x03, 0x90,
238};
239
240static const uint8_t asn1_bit_string_zeroes[64] = { 0 };
241
242static int
243asn1_bit_string_set_bit_test(void)
244{
245 ASN1_BIT_STRING *abs;
246 const unsigned char *p;
247 unsigned char *der = NULL;
248 int der_len = 0;
249 int p_len;
250 int got;
251 int failed = 1;
252
253 /*
254 * A new ASN1_BIT_STRING serializes to the empty BIT STRING
255 */
256
257 if ((abs = ASN1_BIT_STRING_new()) == NULL) {
258 fprintf(stderr, "FAIL: ASN1_BIT_STRING_new()\n");
259 goto failed;
260 }
261
262 freezero(der, der_len);
263 der = NULL;
264 if ((der_len = i2d_ASN1_BIT_STRING(abs, &der)) <= 0) {
265 fprintf(stderr, "FAIL: i2d_ASN1_BIT_STRING\n");
266 der_len = 0;
267 goto failed;
268 }
269 if (!asn1_compare_bytes("new BIT STRING", der, der_len,
270 asn1_bit_string_empty, sizeof(asn1_bit_string_empty)))
271 goto failed;
272
273 if ((got = ASN1_BIT_STRING_get_bit(abs, 0)) != 0) {
274 fprintf(stderr, "FAIL: new BIT STRING bit 0: want %d, got %d\n",
275 0, got);
276 goto failed;
277 }
278 if ((got = ASN1_BIT_STRING_get_bit(abs, 100)) != 0) {
279 fprintf(stderr, "FAIL: new BIT STRING bit 100: want %d, got %d\n",
280 0, got);
281 goto failed;
282 }
283
284 /*
285 * Now set a few bits via ASN1_BIT_STRING_set_bit()
286 */
287
288 if (!ASN1_BIT_STRING_set_bit(abs, 0, 1) ||
289 !ASN1_BIT_STRING_set_bit(abs, 1, 1) ||
290 !ASN1_BIT_STRING_set_bit(abs, 2, 0) ||
291 !ASN1_BIT_STRING_set_bit(abs, 3, 1)) {
292 fprintf(stderr, "FAIL: BIT STRING 1101 ASN1_BIT_STRING_set_bit\n");
293 goto failed;
294 }
295
296 freezero(der, der_len);
297 der = NULL;
298 if ((der_len = i2d_ASN1_BIT_STRING(abs, &der)) <= 0) {
299 fprintf(stderr, "FAIL: i2d_ASN1_BIT_STRING\n");
300 der_len = 0;
301 goto failed;
302 }
303 if (!asn1_compare_bytes("BIT STRING 1101", der, der_len,
304 asn1_bit_string_1101, sizeof(asn1_bit_string_1101)))
305 goto failed;
306
307 if ((got = ASN1_BIT_STRING_get_bit(abs, 0)) != 1) {
308 fprintf(stderr, "FAIL: BIT STRING 1101 bit 0: want %d, got %d\n",
309 1, got);
310 goto failed;
311 }
312 if ((got = ASN1_BIT_STRING_get_bit(abs, 1)) != 1) {
313 fprintf(stderr, "FAIL: BIT STRING 1101 bit 1: want %d, got %d\n",
314 1, got);
315 goto failed;
316 }
317 if ((got = ASN1_BIT_STRING_get_bit(abs, 2)) != 0) {
318 fprintf(stderr, "FAIL: BIT STRING 1101 bit 2: want %d, got %d\n",
319 0, got);
320 goto failed;
321 }
322 if ((got = ASN1_BIT_STRING_get_bit(abs, 3)) != 1) {
323 fprintf(stderr, "FAIL: BIT STRING 1101 bit 3: want %d, got %d\n",
324 1, got);
325 goto failed;
326 }
327 if ((got = ASN1_BIT_STRING_get_bit(abs, 4)) != 0) {
328 fprintf(stderr, "FAIL: BIT STRING 1101 bit 4: want %d, got %d\n",
329 0, got);
330 goto failed;
331 }
332
333 /*
334 * Bits that were set may be cleared.
335 */
336
337 if (!ASN1_BIT_STRING_set_bit(abs, 1, 0)) {
338 fprintf(stderr, "FAIL: BIT STRING 1101, clear bit 1\n");
339 goto failed;
340 }
341
342 freezero(der, der_len);
343 der = NULL;
344 if ((der_len = i2d_ASN1_BIT_STRING(abs, &der)) <= 0) {
345 fprintf(stderr, "FAIL: i2d_ASN1_BIT_STRING\n");
346 der_len = 0;
347 goto failed;
348 }
349 if (!asn1_compare_bytes("BIT STRING 1001", der, der_len,
350 asn1_bit_string_1001, sizeof(asn1_bit_string_1001)))
351 goto failed;
352
353 if ((got = ASN1_BIT_STRING_get_bit(abs, 0)) != 1) {
354 fprintf(stderr, "FAIL: BIT STRING 1001 bit 0: want %d, got %d\n",
355 1, got);
356 goto failed;
357 }
358 if ((got = ASN1_BIT_STRING_get_bit(abs, 1)) != 0) {
359 fprintf(stderr, "FAIL: BIT STRING 1001 bit 1: want %d, got %d\n",
360 0, got);
361 goto failed;
362 }
363 if ((got = ASN1_BIT_STRING_get_bit(abs, 2)) != 0) {
364 fprintf(stderr, "FAIL: BIT STRING 1001 bit 2: want %d, got %d\n",
365 0, got);
366 goto failed;
367 }
368 if ((got = ASN1_BIT_STRING_get_bit(abs, 3)) != 1) {
369 fprintf(stderr, "FAIL: BIT STRING 1001 bit 3: want %d, got %d\n",
370 1, got);
371 goto failed;
372 }
373 if ((got = ASN1_BIT_STRING_get_bit(abs, 4)) != 0) {
374 fprintf(stderr, "FAIL: BIT STRING 1001 bit 4: want %d, got %d\n",
375 0, got);
376 goto failed;
377 }
378
379 /*
380 * Clearing trailing bits truncates the string.
381 */
382
383 if (!ASN1_BIT_STRING_set_bit(abs, 3, 0)) {
384 fprintf(stderr, "FAIL: BIT STRING 1001, clear bit 3\n");
385 goto failed;
386 }
387
388 freezero(der, der_len);
389 der = NULL;
390 if ((der_len = i2d_ASN1_BIT_STRING(abs, &der)) <= 0) {
391 fprintf(stderr, "FAIL: i2d_ASN1_BIT_STRING\n");
392 der_len = 0;
393 goto failed;
394 }
395 if (!asn1_compare_bytes("BIT STRING 1", der, der_len,
396 asn1_bit_string_1, sizeof(asn1_bit_string_1)))
397 goto failed;
398
399 if ((got = ASN1_BIT_STRING_get_bit(abs, 0)) != 1) {
400 fprintf(stderr, "FAIL: BIT STRING 1 bit 0: want %d, got %d\n",
401 1, got);
402 goto failed;
403 }
404 if ((got = ASN1_BIT_STRING_get_bit(abs, 1)) != 0) {
405 fprintf(stderr, "FAIL: BIT STRING 1 bit 1: want %d, got %d\n",
406 0, got);
407 goto failed;
408 }
409 if ((got = ASN1_BIT_STRING_get_bit(abs, 2)) != 0) {
410 fprintf(stderr, "FAIL: BIT STRING 1 bit 2: want %d, got %d\n",
411 0, got);
412 goto failed;
413 }
414 if ((got = ASN1_BIT_STRING_get_bit(abs, 3)) != 0) {
415 fprintf(stderr, "FAIL: BIT STRING 1 bit 3: want %d, got %d\n",
416 0, got);
417 goto failed;
418 }
419 if ((got = ASN1_BIT_STRING_get_bit(abs, 4)) != 0) {
420 fprintf(stderr, "FAIL: BIT STRING 1 bit 4: want %d, got %d\n",
421 0, got);
422 goto failed;
423 }
424
425 /*
426 * Bits may be set beyond the end of the string.
427 */
428
429 if (!ASN1_BIT_STRING_set_bit(abs, 63, 1)) {
430 fprintf(stderr, "FAIL: BIT STRING 1 set bit 63\n");
431 goto failed;
432 }
433
434 freezero(der, der_len);
435 der = NULL;
436 if ((der_len = i2d_ASN1_BIT_STRING(abs, &der)) <= 0) {
437 fprintf(stderr, "FAIL: i2d_ASN1_BIT_STRING\n");
438 der_len = 0;
439 goto failed;
440 }
441 if (!asn1_compare_bytes("BIT STRING 1zeroes1", der, der_len,
442 asn1_bit_string_1zeroes1, sizeof(asn1_bit_string_1zeroes1)))
443 goto failed;
444
445 if ((got = ASN1_BIT_STRING_get_bit(abs, 0)) != 1) {
446 fprintf(stderr, "FAIL: BIT STRING 1zeroes1 bit 0: want %d, got %d\n",
447 1, got);
448 goto failed;
449 }
450 if ((got = ASN1_BIT_STRING_get_bit(abs, 1)) != 0) {
451 fprintf(stderr, "FAIL: BIT STRING 1zeroes1 bit 1: want %d, got %d\n",
452 0, got);
453 goto failed;
454 }
455 if ((got = ASN1_BIT_STRING_get_bit(abs, 62)) != 0) {
456 fprintf(stderr, "FAIL: BIT STRING 1zeroes1 bit 62: want %d, got %d\n",
457 0, got);
458 goto failed;
459 }
460 if ((got = ASN1_BIT_STRING_get_bit(abs, 63)) != 1) {
461 fprintf(stderr, "FAIL: BIT STRING 1zeroes1 bit 63: want %d, got %d\n",
462 1, got);
463 goto failed;
464 }
465 if ((got = ASN1_BIT_STRING_get_bit(abs, 64)) != 0) {
466 fprintf(stderr, "FAIL: BIT STRING 1zeroes1 bit 64: want %d, got %d\n",
467 0, got);
468 goto failed;
469 }
470
471 /*
472 * We can truncate the string back down again.
473 */
474
475 if (!ASN1_BIT_STRING_set_bit(abs, 63, 0)) {
476 fprintf(stderr, "FAIL: BIT STRING 1zeroes1, clear bit 63\n");
477 goto failed;
478 }
479
480 freezero(der, der_len);
481 der = NULL;
482 if ((der_len = i2d_ASN1_BIT_STRING(abs, &der)) <= 0) {
483 fprintf(stderr, "FAIL: i2d_ASN1_BIT_STRING\n");
484 der_len = 0;
485 goto failed;
486 }
487 if (!asn1_compare_bytes("BIT STRING 1zeroes", der, der_len,
488 asn1_bit_string_1, sizeof(asn1_bit_string_1)))
489 goto failed;
490
491 if ((got = ASN1_BIT_STRING_get_bit(abs, 0)) != 1) {
492 fprintf(stderr, "FAIL: BIT STRING 1zeroes bit 0: want %d, got %d\n",
493 1, got);
494 goto failed;
495 }
496 if ((got = ASN1_BIT_STRING_get_bit(abs, 1)) != 0) {
497 fprintf(stderr, "FAIL: BIT STRING 1zeroes bit 1: want %d, got %d\n",
498 0, got);
499 goto failed;
500 }
501 if ((got = ASN1_BIT_STRING_get_bit(abs, 62)) != 0) {
502 fprintf(stderr, "FAIL: BIT STRING 1zeroes bit 62: want %d, got %d\n",
503 0, got);
504 goto failed;
505 }
506 if ((got = ASN1_BIT_STRING_get_bit(abs, 63)) != 0) {
507 fprintf(stderr, "FAIL: BIT STRING 1zeroes bit 63: want %d, got %d\n",
508 0, got);
509 goto failed;
510 }
511 if ((got = ASN1_BIT_STRING_get_bit(abs, 64)) != 0) {
512 fprintf(stderr, "FAIL: BIT STRING 1zeroes bit 64: want %d, got %d\n",
513 0, got);
514 goto failed;
515 }
516
517 /*
518 * ASN1_BIT_STRING_set_bit() truncation also happens for a parsed string.
519 */
520
521 ASN1_BIT_STRING_free(abs);
522 abs = NULL;
523
524 p = asn1_bit_string_1zeroes1;
525 p_len = sizeof(asn1_bit_string_1zeroes1);
526 if ((abs = d2i_ASN1_BIT_STRING(NULL, &p, p_len)) == NULL) {
527 fprintf(stderr, "FAIL: BIT STRING 1zereos1 d2i_ASN1_BIT_STRING\n");
528 goto failed;
529 }
530
531 freezero(der, der_len);
532 der = NULL;
533 if ((der_len = i2d_ASN1_BIT_STRING(abs, &der)) <= 0) {
534 fprintf(stderr, "FAIL: i2d_ASN1_BIT_STRING\n");
535 der_len = 0;
536 goto failed;
537 }
538 if (!asn1_compare_bytes("BIT STRING 1zeroes1 (after d2i)", der, der_len,
539 asn1_bit_string_1zeroes1, sizeof(asn1_bit_string_1zeroes1)))
540 goto failed;
541
542 if (!ASN1_BIT_STRING_set_bit(abs, 63, 0)) {
543 fprintf(stderr, "FAIL: BIT STRING 1zeroes1 (after d2i), clear bit 63\n");
544 goto failed;
545 }
546
547 freezero(der, der_len);
548 der = NULL;
549 if ((der_len = i2d_ASN1_BIT_STRING(abs, &der)) <= 0) {
550 fprintf(stderr, "FAIL: i2d_ASN1_BIT_STRING\n");
551 der_len = 0;
552 goto failed;
553 }
554 if (!asn1_compare_bytes("BIT STRING 1zeroes (after d2i)", der, der_len,
555 asn1_bit_string_1, sizeof(asn1_bit_string_1)))
556 goto failed;
557
558 if ((got = ASN1_BIT_STRING_get_bit(abs, 0)) != 1) {
559 fprintf(stderr, "FAIL: BIT STRING 1zeroes (after d2i) bit 0: want %d, got %d\n",
560 1, got);
561 goto failed;
562 }
563 if ((got = ASN1_BIT_STRING_get_bit(abs, 1)) != 0) {
564 fprintf(stderr, "FAIL: BIT STRING 1zeroes (after d2i) bit 1: want %d, got %d\n",
565 0, got);
566 goto failed;
567 }
568 if ((got = ASN1_BIT_STRING_get_bit(abs, 62)) != 0) {
569 fprintf(stderr, "FAIL: BIT STRING 1zeroes (after d2i) bit 62: want %d, got %d\n",
570 0, got);
571 goto failed;
572 }
573 if ((got = ASN1_BIT_STRING_get_bit(abs, 63)) != 0) {
574 fprintf(stderr, "FAIL: BIT STRING 1zeroes (after d2i) bit 63: want %d, got %d\n",
575 0, got);
576 goto failed;
577 }
578 if ((got = ASN1_BIT_STRING_get_bit(abs, 64)) != 0) {
579 fprintf(stderr, "FAIL: BIT STRING 1zeroes (after d2i) bit 64: want %d, got %d\n",
580 0, got);
581 goto failed;
582 }
583
584 /*
585 * A parsed bit string keeps its trailing zero bits.
586 */
587
588 ASN1_BIT_STRING_free(abs);
589 abs = NULL;
590
591 p = asn1_bit_string_10010;
592 p_len = sizeof(asn1_bit_string_10010);
593 if ((abs = d2i_ASN1_BIT_STRING(NULL, &p, p_len)) == NULL) {
594 fprintf(stderr, "FAIL: BIT STRING 10010 d2i_ASN1_BIT_STRING\n");
595 goto failed;
596 }
597
598 freezero(der, der_len);
599 der = NULL;
600 if ((der_len = i2d_ASN1_BIT_STRING(abs, &der)) <= 0) {
601 fprintf(stderr, "FAIL: i2d_ASN1_BIT_STRING\n");
602 der_len = 0;
603 goto failed;
604 }
605 if (!asn1_compare_bytes("BIT STRING 10010", der, der_len,
606 asn1_bit_string_10010, sizeof(asn1_bit_string_10010)))
607 goto failed;
608
609 /*
610 * Of course, ASN1_BIT_STRING_set_bit() still truncates, even if it's
611 * a noop.
612 */
613
614 if (!ASN1_BIT_STRING_set_bit(abs, 0, 1)) {
615 fprintf(stderr, "FAIL: BIT STRING 10010 set bit 0 to 1\n");
616 goto failed;
617 }
618
619 freezero(der, der_len);
620 der = NULL;
621 if ((der_len = i2d_ASN1_BIT_STRING(abs, &der)) <= 0) {
622 fprintf(stderr, "FAIL: i2d_ASN1_BIT_STRING\n");
623 der_len = 0;
624 goto failed;
625 }
626 if (!asn1_compare_bytes("BIT STRING 10010 after set bit", der, der_len,
627 asn1_bit_string_1001, sizeof(asn1_bit_string_1001)))
628 goto failed;
629
630 /*
631 * ASN1_BIT_STRING_set() also truncates
632 */
633
634 ASN1_BIT_STRING_free(abs);
635 abs = NULL;
636
637 if ((abs = ASN1_BIT_STRING_new()) == NULL) {
638 fprintf(stderr, "FAIL: ASN1_BIT_STRING_new\n");
639 goto failed;
640 }
641
642 if (!ASN1_STRING_set(abs, asn1_bit_string_zeroes,
643 sizeof(asn1_bit_string_zeroes))) {
644 fprintf(stderr, "FAIL: ASN1_BIT_STRING_set zeroes\n");
645 goto failed;
646 }
647
648 freezero(der, der_len);
649 der = NULL;
650 if ((der_len = i2d_ASN1_BIT_STRING(abs, &der)) <= 0) {
651 fprintf(stderr, "FAIL: i2d_ASN1_BIT_STRING\n");
652 der_len = 0;
653 goto failed;
654 }
655 if (!asn1_compare_bytes("BIT STRING all zeroes", der, der_len,
656 asn1_bit_string_empty, sizeof(asn1_bit_string_empty)))
657 goto failed;
658
659 failed = 0;
660
661 failed:
662 ASN1_BIT_STRING_free(abs);
663 freezero(der, der_len);
664
665 return failed;
666}
667
177const uint8_t asn1_boolean_false[] = { 668const uint8_t asn1_boolean_false[] = {
178 0x01, 0x01, 0x00, 669 0x01, 0x01, 0x00,
179}; 670};
@@ -1129,6 +1620,7 @@ main(int argc, char **argv)
1129 int failed = 0; 1620 int failed = 0;
1130 1621
1131 failed |= asn1_bit_string_test(); 1622 failed |= asn1_bit_string_test();
1623 failed |= asn1_bit_string_set_bit_test();
1132 failed |= asn1_boolean_test(); 1624 failed |= asn1_boolean_test();
1133 failed |= asn1_integer_test(); 1625 failed |= asn1_integer_test();
1134 failed |= asn1_string_test(); 1626 failed |= asn1_string_test();
diff --git a/src/regress/lib/libcrypto/asn1/asn1complex.c b/src/regress/lib/libcrypto/asn1/asn1complex.c
index 6f34154b7f..0e2f50212c 100644
--- a/src/regress/lib/libcrypto/asn1/asn1complex.c
+++ b/src/regress/lib/libcrypto/asn1/asn1complex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: asn1complex.c,v 1.4 2022/09/05 21:06:31 tb Exp $ */ 1/* $OpenBSD: asn1complex.c,v 1.5 2025/12/07 09:35:20 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2017, 2021 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017, 2021 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -190,7 +190,7 @@ do_asn1_constructed_test(const struct asn1_constructed_test *act)
190 ERR_print_errors_fp(stderr); 190 ERR_print_errors_fp(stderr);
191 goto failed; 191 goto failed;
192 } 192 }
193 if (!asn1_compare_bytes(act->name, ASN1_STRING_data(aos), 193 if (!asn1_compare_bytes(act->name, ASN1_STRING_get0_data(aos),
194 ASN1_STRING_length(aos), act->want, act->want_len)) 194 ASN1_STRING_length(aos), act->want, act->want_len))
195 goto failed; 195 goto failed;
196 196
@@ -285,7 +285,7 @@ do_asn1_sequence_string_tests(void)
285 goto failed; 285 goto failed;
286 } 286 }
287 287
288 if (!asn1_compare_bytes("sequence", ASN1_STRING_data(astr), 288 if (!asn1_compare_bytes("sequence", ASN1_STRING_get0_data(astr),
289 ASN1_STRING_length(astr), asn1_sequence_content, 289 ASN1_STRING_length(astr), asn1_sequence_content,
290 sizeof(asn1_sequence_content))) 290 sizeof(asn1_sequence_content)))
291 goto failed; 291 goto failed;
@@ -299,7 +299,7 @@ do_asn1_sequence_string_tests(void)
299 goto failed; 299 goto failed;
300 } 300 }
301 301
302 if (!asn1_compare_bytes("sequence indefinite", ASN1_STRING_data(astr), 302 if (!asn1_compare_bytes("sequence indefinite", ASN1_STRING_get0_data(astr),
303 ASN1_STRING_length(astr), asn1_sequence_indefinite_content, 303 ASN1_STRING_length(astr), asn1_sequence_indefinite_content,
304 sizeof(asn1_sequence_indefinite_content))) 304 sizeof(asn1_sequence_indefinite_content)))
305 goto failed; 305 goto failed;
diff --git a/src/regress/lib/libcrypto/asn1/asn1time.c b/src/regress/lib/libcrypto/asn1/asn1time.c
index 7223ad9c9b..e0e5139808 100644
--- a/src/regress/lib/libcrypto/asn1/asn1time.c
+++ b/src/regress/lib/libcrypto/asn1/asn1time.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: asn1time.c,v 1.30 2024/07/21 13:25:11 tb Exp $ */ 1/* $OpenBSD: asn1time.c,v 1.31 2025/05/22 04:54:14 joshua Exp $ */
2/* 2/*
3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2024 Google Inc. 4 * Copyright (c) 2024 Google Inc.
@@ -33,6 +33,7 @@ struct asn1_time_test {
33 const char *data; 33 const char *data;
34 const unsigned char der[32]; 34 const unsigned char der[32];
35 time_t time; 35 time_t time;
36 int generalized_time;
36}; 37};
37 38
38static const struct asn1_time_test asn1_invtime_tests[] = { 39static const struct asn1_time_test asn1_invtime_tests[] = {
@@ -73,20 +74,19 @@ static const struct asn1_time_test asn1_invtime_tests[] = {
73 { 74 {
74 .str = "aaaaaaaaaaaaaaZ", 75 .str = "aaaaaaaaaaaaaaZ",
75 }, 76 },
76 /* utc time with omitted seconds, should fail */
77 { 77 {
78 /* UTC time with omitted seconds, should fail */
78 .str = "1609082343Z", 79 .str = "1609082343Z",
79 }, 80 },
80};
81
82static const struct asn1_time_test asn1_invgentime_tests[] = {
83 /* Generalized time with omitted seconds, should fail */
84 { 81 {
82 /* Generalized time with omitted seconds, should fail */
85 .str = "201612081934Z", 83 .str = "201612081934Z",
84 .generalized_time = 1,
86 }, 85 },
87 /* Valid UTC time, should fail as a generalized time */
88 { 86 {
87 /* Valid UTC time, should fail as a generalized time */
89 .str = "160908234300Z", 88 .str = "160908234300Z",
89 .generalized_time = 1,
90 }, 90 },
91}; 91};
92 92
@@ -235,7 +235,7 @@ asn1_compare_str(int test_no, const struct asn1_string_st *asn1str,
235} 235}
236 236
237static int 237static int
238asn1_invtime_test(int test_no, const struct asn1_time_test *att, int gen) 238asn1_invtime_test(int test_no, const struct asn1_time_test *att)
239{ 239{
240 ASN1_GENERALIZEDTIME *gt = NULL; 240 ASN1_GENERALIZEDTIME *gt = NULL;
241 ASN1_UTCTIME *ut = NULL; 241 ASN1_UTCTIME *ut = NULL;
@@ -255,7 +255,7 @@ asn1_invtime_test(int test_no, const struct asn1_time_test *att, int gen)
255 goto done; 255 goto done;
256 } 256 }
257 257
258 if (gen) { 258 if (att->generalized_time) {
259 failure = 0; 259 failure = 0;
260 goto done; 260 goto done;
261 } 261 }
@@ -842,13 +842,7 @@ main(int argc, char **argv)
842 fprintf(stderr, "Invalid time tests...\n"); 842 fprintf(stderr, "Invalid time tests...\n");
843 for (i = 0; i < N_INVTIME_TESTS; i++) { 843 for (i = 0; i < N_INVTIME_TESTS; i++) {
844 att = &asn1_invtime_tests[i]; 844 att = &asn1_invtime_tests[i];
845 failed |= asn1_invtime_test(i, att, 0); 845 failed |= asn1_invtime_test(i, att);
846 }
847
848 fprintf(stderr, "Invalid generalized time tests...\n");
849 for (i = 0; i < N_INVGENTIME_TESTS; i++) {
850 att = &asn1_invgentime_tests[i];
851 failed |= asn1_invtime_test(i, att, 1);
852 } 846 }
853 847
854 fprintf(stderr, "GENERALIZEDTIME tests...\n"); 848 fprintf(stderr, "GENERALIZEDTIME tests...\n");
diff --git a/src/regress/lib/libcrypto/bio/bio_dump.c b/src/regress/lib/libcrypto/bio/bio_dump.c
index 22db80fa3d..fd2bb285fb 100644
--- a/src/regress/lib/libcrypto/bio/bio_dump.c
+++ b/src/regress/lib/libcrypto/bio/bio_dump.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bio_dump.c,v 1.4 2024/02/09 12:48:32 tb Exp $ */ 1/* $OpenBSD: bio_dump.c,v 1.5 2025/05/18 06:41:51 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org> 3 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
4 * 4 *
@@ -809,7 +809,7 @@ bio_dump_test(const struct bio_dump_testcase *tc)
809 tc->indent, ret, got_len, strlen(tc->output)); 809 tc->indent, ret, got_len, strlen(tc->output));
810 goto err; 810 goto err;
811 } 811 }
812 if (strncmp(tc->output, got, got_len) != 0) { 812 if (got_len > 0 && strncmp(tc->output, got, got_len) != 0) {
813 fprintf(stderr, "%d: mismatch\n", tc->indent); 813 fprintf(stderr, "%d: mismatch\n", tc->indent);
814 goto err; 814 goto err;
815 } 815 }
diff --git a/src/regress/lib/libcrypto/bn/bn_mul_div.c b/src/regress/lib/libcrypto/bn/bn_mul_div.c
index 625d5e318e..dbad01004e 100644
--- a/src/regress/lib/libcrypto/bn/bn_mul_div.c
+++ b/src/regress/lib/libcrypto/bn/bn_mul_div.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_mul_div.c,v 1.7 2023/06/21 07:18:10 jsing Exp $ */ 1/* $OpenBSD: bn_mul_div.c,v 1.8 2025/08/12 10:29:35 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2023 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -233,6 +233,13 @@ struct benchmark benchmarks[] = {
233 .b_bits = 256, 233 .b_bits = 256,
234 }, 234 },
235 { 235 {
236 .desc = "BN_mul (384 bit x 384 bit)",
237 .setup = benchmark_bn_mul_setup,
238 .run_once = benchmark_bn_mul_run_once,
239 .a_bits = 384,
240 .b_bits = 384,
241 },
242 {
236 .desc = "BN_mul (512 bit x 512 bit)", 243 .desc = "BN_mul (512 bit x 512 bit)",
237 .setup = benchmark_bn_mul_setup, 244 .setup = benchmark_bn_mul_setup,
238 .run_once = benchmark_bn_mul_run_once, 245 .run_once = benchmark_bn_mul_run_once,
@@ -294,6 +301,12 @@ struct benchmark benchmarks[] = {
294 .a_bits = 256, 301 .a_bits = 256,
295 }, 302 },
296 { 303 {
304 .desc = "BN_sqr (384 bit)",
305 .setup = benchmark_bn_sqr_setup,
306 .run_once = benchmark_bn_sqr_run_once,
307 .a_bits = 384,
308 },
309 {
297 .desc = "BN_sqr (512 bit)", 310 .desc = "BN_sqr (512 bit)",
298 .setup = benchmark_bn_sqr_setup, 311 .setup = benchmark_bn_sqr_setup,
299 .run_once = benchmark_bn_sqr_run_once, 312 .run_once = benchmark_bn_sqr_run_once,
diff --git a/src/regress/lib/libcrypto/bn/bn_print.c b/src/regress/lib/libcrypto/bn/bn_print.c
index a3118869fc..d3e1e83464 100644
--- a/src/regress/lib/libcrypto/bn/bn_print.c
+++ b/src/regress/lib/libcrypto/bn/bn_print.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_print.c,v 1.5 2023/07/27 06:41:39 tb Exp $ */ 1/* $OpenBSD: bn_print.c,v 1.6 2025/11/05 11:40:47 jsing Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2023 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
@@ -51,7 +51,7 @@ const struct print_test {
51 .desc = "minus one", 51 .desc = "minus one",
52 .want = " mana mana -1 (-0x1)\n", 52 .want = " mana mana -1 (-0x1)\n",
53 }, 53 },
54#ifdef _LP64 54#if BN_BYTES == 8
55 { 55 {
56 .desc = "largest word", 56 .desc = "largest word",
57 .want = " mana mana 18446744073709551615 " 57 .want = " mana mana 18446744073709551615 "
diff --git a/src/regress/lib/libcrypto/bn/bn_test.c b/src/regress/lib/libcrypto/bn/bn_test.c
index 5348788f50..b32b9e81e2 100644
--- a/src/regress/lib/libcrypto/bn/bn_test.c
+++ b/src/regress/lib/libcrypto/bn/bn_test.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_test.c,v 1.23 2025/02/12 21:22:15 tb Exp $ */ 1/* $OpenBSD: bn_test.c,v 1.25 2025/11/15 16:30:10 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -69,7 +69,9 @@
69 * 69 *
70 */ 70 */
71 71
72#include <inttypes.h>
72#include <stdio.h> 73#include <stdio.h>
74#include <stdint.h>
73#include <stdlib.h> 75#include <stdlib.h>
74#include <string.h> 76#include <string.h>
75 77
@@ -474,18 +476,7 @@ test_div(BIO *bp, BN_CTX *ctx)
474static void 476static void
475print_word(BIO *bp, BN_ULONG w) 477print_word(BIO *bp, BN_ULONG w)
476{ 478{
477#ifdef SIXTY_FOUR_BIT 479 BIO_printf(bp, "%" PRIX64, (uint64_t)w);
478 if (sizeof(w) > sizeof(unsigned long)) {
479 unsigned long h = (unsigned long)(w >> 32), l = (unsigned long)(w);
480
481 if (h)
482 BIO_printf(bp, "%lX%08lX", h, l);
483 else
484 BIO_printf(bp, "%lX", l);
485 return;
486 }
487#endif
488 BIO_printf(bp, BN_HEX_FMT1, w);
489} 480}
490 481
491int 482int
diff --git a/src/regress/lib/libcrypto/bn/bn_word.c b/src/regress/lib/libcrypto/bn/bn_word.c
index 2ec518ed1b..433a8a3ba6 100644
--- a/src/regress/lib/libcrypto/bn/bn_word.c
+++ b/src/regress/lib/libcrypto/bn/bn_word.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_word.c,v 1.2 2024/08/23 12:56:26 anton Exp $ */ 1/* $OpenBSD: bn_word.c,v 1.3 2025/12/05 14:07:01 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2023 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -20,6 +20,8 @@
20 20
21#include <openssl/bn.h> 21#include <openssl/bn.h>
22 22
23#include "bn_local.h"
24
23struct bn_word_test { 25struct bn_word_test {
24 const char *in_hex; 26 const char *in_hex;
25 BN_ULONG in_word; 27 BN_ULONG in_word;
diff --git a/src/regress/lib/libcrypto/c2sp/Makefile b/src/regress/lib/libcrypto/c2sp/Makefile
index d16d06975b..73ee0b8c22 100644
--- a/src/regress/lib/libcrypto/c2sp/Makefile
+++ b/src/regress/lib/libcrypto/c2sp/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.5 2025/04/27 08:51:24 tb Exp $ 1# $OpenBSD: Makefile,v 1.7 2025/07/23 07:35:21 tb Exp $
2 2
3C2SP_TESTVECTORS = /usr/local/share/c2sp-testvectors/ 3C2SP_TESTVECTORS = /usr/local/share/c2sp-testvectors/
4 4
@@ -13,12 +13,12 @@ PROGS += cctv
13SRCS_cctv = 13SRCS_cctv =
14 14
15cctv: cctv.go 15cctv: cctv.go
16 go build -o $@ ${.CURDIR}/cctv.go 16 env GOCACHE=${.OBJDIR}/go-build go build -o $@ ${.CURDIR}/cctv.go
17 17
18OSSL_LIB = /usr/local/lib/eopenssl 18OSSL_LIB = /usr/local/lib/eopenssl
19OSSL_INC = /usr/local/include/eopenssl 19OSSL_INC = /usr/local/include/eopenssl
20 20
21. for V in 33 34 35 21. for V in 35
22. if exists(/usr/local/bin/eopenssl$V) 22. if exists(/usr/local/bin/eopenssl$V)
23PROGS += cctv-openssl$V 23PROGS += cctv-openssl$V
24SRCS_cctv-openssl$V = 24SRCS_cctv-openssl$V =
@@ -29,10 +29,17 @@ CGO_LDFLAGS_$V += -L${OSSL_LIB}$V
29 29
30cctv-openssl$V: cctv.go 30cctv-openssl$V: cctv.go
31 env CGO_CFLAGS="${CGO_CFLAGS_$V}" CGO_LDFLAGS="${CGO_LDFLAGS_$V}" \ 31 env CGO_CFLAGS="${CGO_CFLAGS_$V}" CGO_LDFLAGS="${CGO_LDFLAGS_$V}" \
32 GOCACHE=${.OBJDIR}/go-build \
32 go build -o $@ ${.CURDIR}/cctv.go 33 go build -o $@ ${.CURDIR}/cctv.go
33. endif 34. endif
34. endfor 35. endfor
35 36
37REGRESS_CLEANUP = clean-go-cache
38
39clean-go-cache:
40 env GOCACHE=${.OBJDIR}/go-build go clean -cache
41 rm -rf ${.OBJDIR}/go-build
42
36.endif 43.endif
37 44
38.include <bsd.regress.mk> 45.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/certs/Makefile b/src/regress/lib/libcrypto/certs/Makefile
index 621c60907f..f7ba9fcad8 100644
--- a/src/regress/lib/libcrypto/certs/Makefile
+++ b/src/regress/lib/libcrypto/certs/Makefile
@@ -1,21 +1,24 @@
1# $OpenBSD: Makefile,v 1.1 2020/07/14 18:27:28 jsing Exp $ 1# $OpenBSD: Makefile,v 1.2 2025/07/09 05:04:35 tb Exp $
2 2
3.if ! (make(clean) || make(cleandir) || make(obj)) 3.if !exists(/usr/local/bin/go)
4GO_VERSION != sh -c "(go version) 2>/dev/null || true"
5.endif
6
7.if empty(GO_VERSION)
8regress: 4regress:
9 @echo package go is required for this regress 5 @echo package go is required for this regress
10 @echo SKIPPED 6 @echo SKIPPED
11.endif 7.else
12 8
13REGRESS_TARGETS=regress-go-verify 9REGRESS_TARGETS=regress-go-verify
10REGRESS_CLEANUP=clean-go-cache
14 11
15certs: 12certs:
16 cd ${.CURDIR} && sh ./make-certs.sh 13 cd ${.CURDIR} && sh ./make-certs.sh
17 14
18regress-go-verify: 15regress-go-verify:
19 cd ${.CURDIR} && go test -test.v . 16 cd ${.CURDIR} && env GOCACHE=${.OBJDIR}/go-build go test -test.v .
17
18clean-go-cache:
19 env GOCACHE=${.OBJDIR}/go-build go clean -cache
20 rm -rf ${.OBJDIR}/go-build
21
22.endif
20 23
21.include <bsd.regress.mk> 24.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/des/destest.c b/src/regress/lib/libcrypto/des/destest.c
index ebc67f3107..8a2b94d2d6 100644
--- a/src/regress/lib/libcrypto/des/destest.c
+++ b/src/regress/lib/libcrypto/des/destest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: destest.c,v 1.4 2018/07/17 17:06:49 tb Exp $ */ 1/* $OpenBSD: destest.c,v 1.5 2025/12/26 19:11:01 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -233,24 +233,12 @@ static unsigned char cbc_ok[32]={
233 0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68, 233 0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,
234 0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; 234 0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
235 235
236#ifdef SCREW_THE_PARITY
237#error "SCREW_THE_PARITY is not ment to be defined."
238#error "Original vectors are preserved for reference only."
239static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
240static unsigned char xcbc_ok[32]={
241 0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48,
242 0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD,
243 0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76,
244 0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2,
245 };
246#else
247static unsigned char xcbc_ok[32]={ 236static unsigned char xcbc_ok[32]={
248 0x84,0x6B,0x29,0x14,0x85,0x1E,0x9A,0x29, 237 0x84,0x6B,0x29,0x14,0x85,0x1E,0x9A,0x29,
249 0x54,0x73,0x2F,0x8A,0xA0,0xA6,0x11,0xC1, 238 0x54,0x73,0x2F,0x8A,0xA0,0xA6,0x11,0xC1,
250 0x15,0xCD,0xC2,0xD7,0x95,0x1B,0x10,0x53, 239 0x15,0xCD,0xC2,0xD7,0x95,0x1B,0x10,0x53,
251 0xA6,0x3C,0x5E,0x03,0xB2,0x1A,0xA3,0xC4, 240 0xA6,0x3C,0x5E,0x03,0xB2,0x1A,0xA3,0xC4,
252 }; 241 };
253#endif
254 242
255static unsigned char cbc3_ok[32]={ 243static unsigned char cbc3_ok[32]={
256 0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0, 244 0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,
diff --git a/src/regress/lib/libcrypto/ec/Makefile b/src/regress/lib/libcrypto/ec/Makefile
index b21eacb4bc..1d976c77d0 100644
--- a/src/regress/lib/libcrypto/ec/Makefile
+++ b/src/regress/lib/libcrypto/ec/Makefile
@@ -1,12 +1,13 @@
1# $OpenBSD: Makefile,v 1.11 2025/03/08 20:09:35 tb Exp $ 1# $OpenBSD: Makefile,v 1.13 2025/08/03 08:29:39 jsing Exp $
2 2
3.ifdef EOPENSSL33 3.ifdef EOPENSSL35
4LDADD += -Wl,-rpath,/usr/local/lib/eopenssl33 -L/usr/local/lib/eopenssl33 4LDADD += -Wl,-rpath,/usr/local/lib/eopenssl35 -L/usr/local/lib/eopenssl35
5CFLAGS += -I/usr/local/include/eopenssl33/ 5CFLAGS += -I/usr/local/include/eopenssl35/
6CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED 6CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED
7.endif 7.endif
8 8
9PROGS += ectest 9PROGS += ectest
10PROGS += ec_arithmetic
10PROGS += ec_asn1_test 11PROGS += ec_asn1_test
11PROGS += ec_point_conversion 12PROGS += ec_point_conversion
12 13
diff --git a/src/regress/lib/libcrypto/ec/ec_arithmetic.c b/src/regress/lib/libcrypto/ec/ec_arithmetic.c
new file mode 100644
index 0000000000..c6f7cd4f8c
--- /dev/null
+++ b/src/regress/lib/libcrypto/ec/ec_arithmetic.c
@@ -0,0 +1,210 @@
1/* $OpenBSD: ec_arithmetic.c,v 1.1 2025/08/03 08:29:39 jsing Exp $ */
2/*
3 * Copyright (c) 2022,2025 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/time.h>
19
20#include <err.h>
21#include <signal.h>
22#include <stdio.h>
23#include <string.h>
24#include <time.h>
25#include <unistd.h>
26
27#include <openssl/bn.h>
28#include <openssl/ec.h>
29#include <openssl/objects.h>
30
31static void
32benchmark_ec_point_add(const EC_GROUP *group, EC_POINT *result,
33 const BIGNUM *scalar, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
34{
35 if (!EC_POINT_add(group, result, a, b, ctx))
36 errx(1, "EC_POINT_add");
37}
38
39static void
40benchmark_ec_point_dbl(const EC_GROUP *group, EC_POINT *result,
41 const BIGNUM *scalar, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
42{
43 if (!EC_POINT_dbl(group, result, a, ctx))
44 errx(1, "EC_POINT_dbl");
45}
46
47static void
48benchmark_ec_point_mul_generator(const EC_GROUP *group, EC_POINT *result,
49 const BIGNUM *scalar, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
50{
51 if (!EC_POINT_mul(group, result, scalar, NULL, NULL, ctx))
52 errx(1, "EC_POINT_mul");
53}
54
55struct benchmark {
56 int curve;
57 const char *desc;
58 void (*func)(const EC_GROUP *, EC_POINT *, const BIGNUM *,
59 const EC_POINT *, const EC_POINT *, BN_CTX *);
60};
61
62static const struct benchmark benchmarks[] = {
63 {
64 .curve = NID_X9_62_prime256v1,
65 .desc = "EC_POINT_add() p256",
66 .func = benchmark_ec_point_add,
67 },
68 {
69 .curve = NID_secp384r1,
70 .desc = "EC_POINT_add() p384",
71 .func = benchmark_ec_point_add,
72 },
73 {
74 .curve = NID_secp521r1,
75 .desc = "EC_POINT_add() p521",
76 .func = benchmark_ec_point_add,
77 },
78 {
79 .curve = NID_X9_62_prime256v1,
80 .desc = "EC_POINT_dbl() p256",
81 .func = benchmark_ec_point_dbl,
82 },
83 {
84 .curve = NID_secp384r1,
85 .desc = "EC_POINT_dbl() p384",
86 .func = benchmark_ec_point_dbl,
87 },
88 {
89 .curve = NID_secp521r1,
90 .desc = "EC_POINT_dbl() p521",
91 .func = benchmark_ec_point_dbl,
92 },
93 {
94 .curve = NID_X9_62_prime256v1,
95 .desc = "EC_POINT_mul() generator p256",
96 .func = benchmark_ec_point_mul_generator,
97 },
98 {
99 .curve = NID_secp384r1,
100 .desc = "EC_POINT_mul() generator p384",
101 .func = benchmark_ec_point_mul_generator,
102 },
103 {
104 .curve = NID_secp521r1,
105 .desc = "EC_POINT_mul() generator p521",
106 .func = benchmark_ec_point_mul_generator,
107 },
108};
109
110#define N_BENCHMARKS (sizeof(benchmarks) / sizeof(benchmarks[0]))
111
112static volatile sig_atomic_t benchmark_stop;
113
114static void
115benchmark_sig_alarm(int sig)
116{
117 benchmark_stop = 1;
118}
119
120static void
121benchmark_run(const struct benchmark *bm, int seconds)
122{
123 struct timespec start, end, duration;
124 EC_GROUP *group = NULL;
125 EC_POINT *a = NULL, *b = NULL, *result = NULL;
126 BIGNUM *order = NULL, *scalar = NULL;
127 BN_CTX *ctx = NULL;
128 int i;
129
130 signal(SIGALRM, benchmark_sig_alarm);
131
132 if ((ctx = BN_CTX_new()) == NULL)
133 errx(1, "BN_CTX_new");
134
135 if ((group = EC_GROUP_new_by_curve_name(bm->curve)) == NULL)
136 errx(1, "EC_GROUP_new_by_curve_name");
137 if ((order = BN_new()) == NULL)
138 errx(1, "BN_new");
139 if (!EC_GROUP_get_order(group, order, ctx))
140 errx(1, "EC_GROUP_get_order");
141
142 if ((scalar = BN_new()) == NULL)
143 errx(1, "BN_new");
144 if (!BN_rand_range(scalar, order))
145 errx(1, "BN_rand_range");
146 if (!BN_set_bit(scalar, EC_GROUP_order_bits(group) - 1))
147 errx(1, "BN_set_bit");
148
149 if ((result = EC_POINT_new(group)) == NULL)
150 errx(1, "EC_POINT_new");
151 if ((a = EC_POINT_new(group)) == NULL)
152 errx(1, "EC_POINT_new");
153 if ((b = EC_POINT_new(group)) == NULL)
154 errx(1, "EC_POINT_new");
155
156 if (!EC_POINT_mul(group, a, scalar, NULL, NULL, ctx))
157 errx(1, "EC_POINT_mul");
158 if (!EC_POINT_mul(group, b, scalar, NULL, NULL, ctx))
159 errx(1, "EC_POINT_mul");
160
161 benchmark_stop = 0;
162 i = 0;
163 alarm(seconds);
164
165 clock_gettime(CLOCK_MONOTONIC, &start);
166
167 fprintf(stderr, "Benchmarking %s for %ds: ", bm->desc, seconds);
168 while (!benchmark_stop) {
169 bm->func(group, result, scalar, a, b, ctx);
170 i++;
171 }
172 clock_gettime(CLOCK_MONOTONIC, &end);
173 timespecsub(&end, &start, &duration);
174 fprintf(stderr, "%d iterations in %f seconds\n", i,
175 duration.tv_sec + duration.tv_nsec / 1000000000.0);
176
177 EC_GROUP_free(group);
178 EC_POINT_free(result);
179 EC_POINT_free(a);
180 EC_POINT_free(b);
181 BN_free(order);
182 BN_free(scalar);
183 BN_CTX_free(ctx);
184}
185
186static void
187benchmark_ec_mul_single(void)
188{
189 const struct benchmark *bm;
190 size_t i;
191
192 for (i = 0; i < N_BENCHMARKS; i++) {
193 bm = &benchmarks[i];
194 benchmark_run(bm, 5);
195 }
196}
197
198int
199main(int argc, char **argv)
200{
201 int benchmark = 0, failed = 0;
202
203 if (argc == 2 && strcmp(argv[1], "--benchmark") == 0)
204 benchmark = 1;
205
206 if (benchmark && !failed)
207 benchmark_ec_mul_single();
208
209 return failed;
210}
diff --git a/src/regress/lib/libcrypto/ec/ec_asn1_test.c b/src/regress/lib/libcrypto/ec/ec_asn1_test.c
index d9501922de..4dfe681dbd 100644
--- a/src/regress/lib/libcrypto/ec/ec_asn1_test.c
+++ b/src/regress/lib/libcrypto/ec/ec_asn1_test.c
@@ -1,7 +1,7 @@
1/* $OpenBSD: ec_asn1_test.c,v 1.33 2025/05/04 05:00:03 tb Exp $ */ 1/* $OpenBSD: ec_asn1_test.c,v 1.41 2025/12/07 11:39:00 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2017, 2021 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017, 2021 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2024, 2025 Theo Buehler <tb@openbsd.org>
5 * 5 *
6 * Permission to use, copy, modify, and distribute this software for any 6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above 7 * purpose with or without fee is hereby granted, provided that the above
@@ -17,12 +17,17 @@
17 */ 17 */
18 18
19#include <err.h> 19#include <err.h>
20#include <stdio.h>
21#include <stdint.h>
22#include <stdlib.h>
20#include <string.h> 23#include <string.h>
21 24
22#include <openssl/bio.h> 25#include <openssl/bio.h>
26#include <openssl/bn.h>
23#include <openssl/ec.h> 27#include <openssl/ec.h>
24#include <openssl/err.h> 28#include <openssl/err.h>
25#include <openssl/objects.h> 29#include <openssl/objects.h>
30#include <openssl/sha.h>
26 31
27#include "ec_local.h" 32#include "ec_local.h"
28 33
@@ -730,6 +735,82 @@ static const struct curve secp256k1_m = {
730 .param_len = sizeof(ec_secp256k1_m_pkparameters_parameters), 735 .param_len = sizeof(ec_secp256k1_m_pkparameters_parameters),
731}; 736};
732 737
738/*
739 * From https://eips.ethereum.org/EIPS/eip-2539
740 */
741
742static const uint8_t ec_bls12_377_pkparameters_named_curve[] = {
743 0x06, 0x04, 0x29, 0x01, 0x01, 0x01,
744};
745
746static const uint8_t ec_bls12_377_pkparameters_parameters[] = {
747 0x30, 0x82, 0x01, 0x3d, 0x02, 0x01, 0x01, 0x30,
748 0x3b, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d,
749 0x01, 0x01, 0x02, 0x30, 0x01, 0xae, 0x3a, 0x46,
750 0x17, 0xc5, 0x10, 0xea, 0xc6, 0x3b, 0x05, 0xc0,
751 0x6c, 0xa1, 0x49, 0x3b, 0x1a, 0x22, 0xd9, 0xf3,
752 0x00, 0xf5, 0x13, 0x8f, 0x1e, 0xf3, 0x62, 0x2f,
753 0xba, 0x09, 0x48, 0x00, 0x17, 0x0b, 0x5d, 0x44,
754 0x30, 0x00, 0x00, 0x00, 0x85, 0x08, 0xc0, 0x00,
755 0x00, 0x00, 0x00, 0x01, 0x30, 0x64, 0x04, 0x30,
756 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
757 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
758 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
759 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
760 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
761 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
762 0x04, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
763 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
764 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
765 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
766 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
767 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
768 0x00, 0x01, 0x04, 0x61, 0x04, 0x00, 0x88, 0x48,
769 0xde, 0xfe, 0x74, 0x0a, 0x67, 0xc8, 0xfc, 0x62,
770 0x25, 0xbf, 0x87, 0xff, 0x54, 0x85, 0x95, 0x1e,
771 0x2c, 0xaa, 0x9d, 0x41, 0xbb, 0x18, 0x82, 0x82,
772 0xc8, 0xbd, 0x37, 0xcb, 0x5c, 0xd5, 0x48, 0x15,
773 0x12, 0xff, 0xcd, 0x39, 0x4e, 0xea, 0xb9, 0xb1,
774 0x6e, 0xb2, 0x1b, 0xe9, 0xef, 0x01, 0x91, 0x4a,
775 0x69, 0xc5, 0x10, 0x2e, 0xff, 0x1f, 0x67, 0x4f,
776 0x5d, 0x30, 0xaf, 0xee, 0xc4, 0xbd, 0x7f, 0xb3,
777 0x48, 0xca, 0x3e, 0x52, 0xd9, 0x6d, 0x18, 0x2a,
778 0xd4, 0x4f, 0xb8, 0x23, 0x05, 0xc2, 0xfe, 0x3d,
779 0x36, 0x34, 0xa9, 0x59, 0x1a, 0xfd, 0x82, 0xde,
780 0x55, 0x55, 0x9c, 0x8e, 0xa6, 0x02, 0x20, 0x12,
781 0xab, 0x65, 0x5e, 0x9a, 0x2c, 0xa5, 0x56, 0x60,
782 0xb4, 0x4d, 0x1e, 0x5c, 0x37, 0xb0, 0x01, 0x59,
783 0xaa, 0x76, 0xfe, 0xd0, 0x00, 0x00, 0x01, 0x0a,
784 0x11, 0x80, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02,
785 0x10, 0x17, 0x0b, 0x5d, 0x44, 0x30, 0x00, 0x00,
786 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
787 0x00,
788};
789
790static const struct curve bls12_377 = {
791 .descr = "BLS12-377",
792 .oid = "1.1.1.1.1", /* XXX */
793 .sn = "BLS12-377",
794 .p = "01ae3a46" "17c510ea" "c63b05c0" "6ca1493b"
795 "1a22d9f3" "00f5138f" "1ef3622f" "ba094800"
796 "170b5d44" "30000000" "8508c000" "00000001",
797 .a = "0",
798 .b = "1",
799 .x = "008848de" "fe740a67" "c8fc6225" "bf87ff54"
800 "85951e2c" "aa9d41bb" "188282c8" "bd37cb5c"
801 "d5481512" "ffcd394e" "eab9b16e" "b21be9ef",
802 .y = "01914a69" "c5102eff" "1f674f5d" "30afeec4"
803 "bd7fb348" "ca3e52d9" "6d182ad4" "4fb82305"
804 "c2fe3d36" "34a9591a" "fd82de55" "559c8ea6",
805 .order = "12ab655e" "9a2ca556" "60b44d1e" "5c37b001"
806 "59aa76fe" "d0000001" "0a118000" "00000001",
807 .cofactor = "170b5d44" "30000000" "00000000" "00000000",
808 .named = ec_bls12_377_pkparameters_named_curve,
809 .named_len = sizeof(ec_bls12_377_pkparameters_named_curve),
810 .param = ec_bls12_377_pkparameters_parameters,
811 .param_len = sizeof(ec_bls12_377_pkparameters_parameters),
812};
813
733static EC_GROUP * 814static EC_GROUP *
734ec_group_from_curve_method(const struct curve *curve, const EC_METHOD *method, 815ec_group_from_curve_method(const struct curve *curve, const EC_METHOD *method,
735 BN_CTX *ctx) 816 BN_CTX *ctx)
@@ -1020,6 +1101,65 @@ ec_group_non_builtin_curves(void)
1020 failed |= ec_group_non_builtin_curve(&secp256k1_m, EC_GFp_mont_method(), ctx); 1101 failed |= ec_group_non_builtin_curve(&secp256k1_m, EC_GFp_mont_method(), ctx);
1021 failed |= ec_group_non_builtin_curve(&secp256k1_m, EC_GFp_simple_method(), ctx); 1102 failed |= ec_group_non_builtin_curve(&secp256k1_m, EC_GFp_simple_method(), ctx);
1022 1103
1104 failed |= ec_group_non_builtin_curve(&bls12_377, EC_GFp_mont_method(), ctx);
1105 failed |= ec_group_non_builtin_curve(&bls12_377, EC_GFp_simple_method(), ctx);
1106
1107 BN_CTX_free(ctx);
1108
1109 return failed;
1110}
1111
1112static int
1113ec_group_check_prime_order(EC_builtin_curve *curve, BN_CTX *ctx)
1114{
1115 EC_GROUP *group;
1116 BIGNUM *order;
1117 int rv;
1118 int failed = 0;
1119
1120 if ((group = EC_GROUP_new_by_curve_name(curve->nid)) == NULL)
1121 errx(1, "EC_GROUP_new_by_curve_name");
1122
1123 BN_CTX_start(ctx);
1124
1125 if ((order = BN_CTX_get(ctx)) == NULL)
1126 errx(1, "order = BN_CTX_get()");
1127
1128 if (!EC_GROUP_get_order(group, order, ctx))
1129 errx(1, "EC_GROUP_get_order");
1130
1131 if ((rv = BN_is_prime_ex(order, 0, ctx, NULL)) != 1) {
1132 fprintf(stderr, "%s: nid %d: BN_is_prime_ex() returned %d, want 1\n",
1133 __func__, curve->nid, rv);
1134 failed = 1;
1135 }
1136
1137 BN_CTX_end(ctx);
1138 EC_GROUP_free(group);
1139
1140 return failed;
1141}
1142
1143static int
1144ec_group_builtin_curves_have_prime_order(void)
1145{
1146 BN_CTX *ctx = NULL;
1147 EC_builtin_curve *all_curves = NULL;
1148 size_t curve_id, ncurves;
1149 int failed = 0;
1150
1151 if ((ctx = BN_CTX_new()) == NULL)
1152 errx(1, "BN_CTX_new");
1153
1154 ncurves = EC_get_builtin_curves(NULL, 0);
1155 if ((all_curves = calloc(ncurves, sizeof(*all_curves))) == NULL)
1156 err(1, "calloc builtin curves");
1157 EC_get_builtin_curves(all_curves, ncurves);
1158
1159 for (curve_id = 0; curve_id < ncurves; curve_id++)
1160 failed |= ec_group_check_prime_order(&all_curves[curve_id], ctx);
1161
1162 free(all_curves);
1023 BN_CTX_free(ctx); 1163 BN_CTX_free(ctx);
1024 1164
1025 return failed; 1165 return failed;
@@ -2348,6 +2488,197 @@ ec_group_check_private_keys(void)
2348 return failed; 2488 return failed;
2349} 2489}
2350 2490
2491static void
2492ec_group_sha1_bignum(BIGNUM *out, const BIGNUM *in)
2493{
2494 char md[SHA_DIGEST_LENGTH];
2495 unsigned char *bin;
2496 size_t bin_len;
2497
2498 if (BN_num_bytes(in) <= 0)
2499 errx(1, "%s: invalid bignum", __func__);
2500
2501 bin_len = BN_num_bytes(in);
2502 if ((bin = calloc(1, bin_len)) == NULL)
2503 err(1, "calloc");
2504 if (BN_bn2bin(in, bin) <= 0)
2505 errx(1, "BN_bn2bin");
2506
2507 SHA1(bin, bin_len, md);
2508 free(bin);
2509
2510 if (BN_bin2bn(md, sizeof(md), out) == NULL)
2511 errx(1, "BN_bin2bn");
2512}
2513
2514static int
2515ec_group_check_seed(const EC_builtin_curve *curve, BN_CTX *ctx)
2516{
2517 EC_GROUP *group = NULL;
2518 BIGNUM *p, *a, *b, *pow2, *r, *seed_bn, *w;
2519 const unsigned char *seed;
2520 size_t seed_len;
2521 int i, g, h, s, t;
2522 int failed = 1;
2523
2524 if ((group = EC_GROUP_new_by_curve_name(curve->nid)) == NULL)
2525 errx(1, "EC_GROUP_new_by_curve_name");
2526
2527 BN_CTX_start(ctx);
2528
2529 if ((p = BN_CTX_get(ctx)) == NULL)
2530 errx(1, "p = BN_CTX_get()");
2531 if ((a = BN_CTX_get(ctx)) == NULL)
2532 errx(1, "a = BN_CTX_get()");
2533 if ((b = BN_CTX_get(ctx)) == NULL)
2534 errx(1, "b = BN_CTX_get()");
2535 if ((r = BN_CTX_get(ctx)) == NULL)
2536 errx(1, "r = BN_CTX_get()");
2537 if ((pow2 = BN_CTX_get(ctx)) == NULL)
2538 errx(1, "pow2 = BN_CTX_get()");
2539 if ((seed_bn = BN_CTX_get(ctx)) == NULL)
2540 errx(1, "seed_bn = BN_CTX_get()");
2541 if ((w = BN_CTX_get(ctx)) == NULL)
2542 errx(1, "w = BN_CTX_get()");
2543
2544 /*
2545 * If the curve has a seed, verify that its parameters a and b have
2546 * been selected using that seed, loosely following X9.62, F.3.4.b.
2547 * Otherwise there's nothing to do.
2548 */
2549 if ((seed = EC_GROUP_get0_seed(group)) == NULL)
2550 goto done;
2551 seed_len = EC_GROUP_get_seed_len(group);
2552
2553 /*
2554 * This isn't a requirement but happens to be the case for NIST
2555 * curves - the only built-in curves that have a seed.
2556 */
2557 if (seed_len != SHA_DIGEST_LENGTH) {
2558 fprintf(stderr, "%s FAIL: unexpected seed length. "
2559 "want %d, got %zu\n", __func__, SHA_DIGEST_LENGTH, seed_len);
2560 goto err;
2561 }
2562
2563 /* Seed length in bits, per F.3.3.b. */
2564 g = 8 * seed_len;
2565
2566 /*
2567 * Prepare to build the verifiably random element r of GFp by
2568 * concatenating the SHA-1 of modifications of the seed as a number.
2569 */
2570 if (BN_bin2bn(seed, seed_len, seed_bn) == NULL)
2571 errx(1, "BN_bin2bn");
2572
2573 if (!EC_GROUP_get_curve(group, p, a, b, ctx))
2574 errx(1, "EC_GROUP_get_curve");
2575
2576 t = BN_num_bits(p); /* bit length needed. */
2577 s = (t - 1) / 160; /* number of SHA-1 fitting in bit length. */
2578 h = t - 160 * s; /* remaining number of bits in r. */
2579
2580 /*
2581 * Steps 1 - 3: compute hash of the seed and take h - 1 rightmost bits.
2582 */
2583
2584 ec_group_sha1_bignum(r, seed_bn);
2585 BN_zero(pow2);
2586 if (!BN_set_bit(pow2, h - 1))
2587 errx(1, "BN_set_bit");
2588 if (!BN_mod(r, r, pow2, ctx))
2589 errx(1, "BN_nnmod");
2590
2591 /*
2592 * Steps 4 - 6: for i from 1 to s do Wi = SHA-1(SEED + i mod 2^g).
2593 * With W0 = r as already computed, let r = W0 || W1 || ... || Ws.
2594 */
2595
2596 BN_zero(pow2);
2597 if (!BN_set_bit(pow2, g))
2598 errx(1, "BN_set_bit");
2599
2600 for (i = 0; i < s; i++) {
2601 /*
2602 * This is a bit silly since the seed isn't going to have all
2603 * its bits set, so BN_add_word(seed_bn, 1) would do, but for
2604 * the sake of correctness...
2605 */
2606 if (!BN_mod_add(seed_bn, seed_bn, BN_value_one(), pow2, ctx))
2607 errx(1, "BN_mod_add");
2608
2609 ec_group_sha1_bignum(w, seed_bn);
2610
2611 if (!BN_lshift(r, r, 8 * SHA_DIGEST_LENGTH))
2612 errx(1, "BN_lshift");
2613 if (!BN_add(r, r, w))
2614 errx(1, "BN_add");
2615 }
2616
2617 /*
2618 * Step 7: check that r * b^2 == a^3 (mod p)
2619 */
2620
2621 /* Compute r = r * b^2 (mod p). */
2622 if (!BN_mod_sqr(b, b, p, ctx))
2623 errx(1, "BN_mod_sqr");
2624 if (!BN_mod_mul(r, r, b, p, ctx))
2625 errx(1, "BN_mod_mul");
2626
2627 /* Compute a = a^3 (mod p). */
2628 if (!BN_mod_sqr(b, a, p, ctx))
2629 errx(1, "BN_mod_sqr");
2630 if (!BN_mod_mul(a, a, b, p, ctx))
2631 errx(1, "BN_mod_mul");
2632
2633 /*
2634 * XXX - this assumes that a, b, p >= 0, so the results are in [0, p).
2635 * This is currently enforced in the EC code.
2636 */
2637 if (BN_cmp(r, a) != 0) {
2638 fprintf(stderr, "FAIL: %s verification failed for %s\nr * b^2:\t",
2639 __func__, curve->comment);
2640 BN_print_fp(stderr, r);
2641 fprintf(stderr, "\na^3:\t\t");
2642 BN_print_fp(stderr, a);
2643 fprintf(stderr, "\n");
2644 goto err;
2645 }
2646
2647 done:
2648 failed = 0;
2649
2650 err:
2651 BN_CTX_end(ctx);
2652 EC_GROUP_free(group);
2653
2654 return failed;
2655}
2656
2657static int
2658ec_group_check_seeds(void)
2659{
2660 BN_CTX *ctx = NULL;
2661 EC_builtin_curve *all_curves = NULL;
2662 size_t curve_id, ncurves;
2663 int failed = 0;
2664
2665 if ((ctx = BN_CTX_new()) == NULL)
2666 errx(1, "BN_CTX_new");
2667
2668 ncurves = EC_get_builtin_curves(NULL, 0);
2669 if ((all_curves = calloc(ncurves, sizeof(*all_curves))) == NULL)
2670 err(1, "calloc builtin curves");
2671 EC_get_builtin_curves(all_curves, ncurves);
2672
2673 for (curve_id = 0; curve_id < ncurves; curve_id++)
2674 failed |= ec_group_check_seed(&all_curves[curve_id], ctx);
2675
2676 free(all_curves);
2677 BN_CTX_free(ctx);
2678
2679 return failed;
2680}
2681
2351int 2682int
2352main(int argc, char **argv) 2683main(int argc, char **argv)
2353{ 2684{
@@ -2358,7 +2689,9 @@ main(int argc, char **argv)
2358 failed |= ec_group_pkparameters_correct_padding_test(); 2689 failed |= ec_group_pkparameters_correct_padding_test();
2359 failed |= ec_group_roundtrip_builtin_curves(); 2690 failed |= ec_group_roundtrip_builtin_curves();
2360 failed |= ec_group_non_builtin_curves(); 2691 failed |= ec_group_non_builtin_curves();
2692 failed |= ec_group_builtin_curves_have_prime_order();
2361 failed |= ec_group_check_private_keys(); 2693 failed |= ec_group_check_private_keys();
2694 failed |= ec_group_check_seeds();
2362 2695
2363 return failed; 2696 return failed;
2364} 2697}
diff --git a/src/regress/lib/libcrypto/ec/ectest.c b/src/regress/lib/libcrypto/ec/ectest.c
index fc44f9c886..3e81954174 100644
--- a/src/regress/lib/libcrypto/ec/ectest.c
+++ b/src/regress/lib/libcrypto/ec/ectest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ectest.c,v 1.35 2025/01/24 11:49:13 tb Exp $ */ 1/* $OpenBSD: ectest.c,v 1.36 2025/07/23 07:40:07 tb Exp $ */
2/* 2/*
3 * Originally written by Bodo Moeller for the OpenSSL project. 3 * Originally written by Bodo Moeller for the OpenSSL project.
4 */ 4 */
@@ -71,14 +71,11 @@
71 71
72#include <stdio.h> 72#include <stdio.h>
73#include <stdlib.h> 73#include <stdlib.h>
74#include <string.h>
75#include <time.h>
76 74
75#include <openssl/bn.h>
76#include <openssl/crypto.h>
77#include <openssl/ec.h> 77#include <openssl/ec.h>
78#include <openssl/err.h> 78#include <openssl/err.h>
79#include <openssl/obj_mac.h>
80#include <openssl/objects.h>
81#include <openssl/bn.h>
82#include <openssl/opensslconf.h> 79#include <openssl/opensslconf.h>
83 80
84#define ABORT do { \ 81#define ABORT do { \
diff --git a/src/regress/lib/libcrypto/evp/evp_pkey_cleanup.c b/src/regress/lib/libcrypto/evp/evp_pkey_cleanup.c
index d4825f68e8..1d2fa60be7 100644
--- a/src/regress/lib/libcrypto/evp/evp_pkey_cleanup.c
+++ b/src/regress/lib/libcrypto/evp/evp_pkey_cleanup.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: evp_pkey_cleanup.c,v 1.5 2024/02/29 20:02:00 tb Exp $ */ 1/* $OpenBSD: evp_pkey_cleanup.c,v 1.6 2025/05/21 03:53:20 kenjiro Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2022 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
@@ -38,6 +38,8 @@ int pkey_ids[] = {
38 EVP_PKEY_RSA, 38 EVP_PKEY_RSA,
39 EVP_PKEY_RSA_PSS, 39 EVP_PKEY_RSA_PSS,
40 EVP_PKEY_X25519, 40 EVP_PKEY_X25519,
41 EVP_PKEY_HKDF,
42 EVP_PKEY_TLS1_PRF,
41}; 43};
42 44
43static const size_t N_PKEY_IDS = sizeof(pkey_ids) / sizeof(pkey_ids[0]); 45static const size_t N_PKEY_IDS = sizeof(pkey_ids) / sizeof(pkey_ids[0]);
diff --git a/src/regress/lib/libcrypto/evp/evp_test.c b/src/regress/lib/libcrypto/evp/evp_test.c
index a699832c45..0bd8b4d092 100644
--- a/src/regress/lib/libcrypto/evp/evp_test.c
+++ b/src/regress/lib/libcrypto/evp/evp_test.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: evp_test.c,v 1.20 2024/07/09 17:24:12 tb Exp $ */ 1/* $OpenBSD: evp_test.c,v 1.21 2025/05/22 00:13:47 kenjiro Exp $ */
2/* 2/*
3 * Copyright (c) 2017, 2022 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017, 2022 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2023, 2024 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2023, 2024 Theo Buehler <tb@openbsd.org>
@@ -802,6 +802,85 @@ kdf_compare_bytes(const char *label, const unsigned char *d1, int len1,
802} 802}
803 803
804static int 804static int
805evp_kdf_hkdf_basic(void)
806{
807 EVP_PKEY_CTX *pctx;
808 unsigned char out[42];
809 size_t outlen = sizeof(out);
810 int failed = 1;
811
812 /* Test vector from RFC 5869, Appendix A.1. */
813 const unsigned char ikm[] = {
814 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
815 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
816 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
817 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
818 0x0b, 0x0b,
819 };
820 const unsigned char salt[] = {
821 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
822 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
823 0x0c,
824 };
825 const unsigned char info[] = {
826 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5,
827 0xf6, 0xf7, 0xf8, 0xf9,
828 };
829 const unsigned char expected[42] = {
830 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
831 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
832 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
833 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
834 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
835 0x58, 0x65,
836 };
837
838 if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)) == NULL) {
839 fprintf(stderr, "FAIL: EVP_PKEY_CTX_new_id\n");
840 goto err;
841 }
842
843 if (EVP_PKEY_derive_init(pctx) <= 0) {
844 fprintf(stderr, "FAIL: EVP_PKEY_derive_init\n");
845 goto err;
846 }
847
848 if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) {
849 fprintf(stderr, "FAIL: EVP_PKEY_CTX_set_hkdf_md\n");
850 goto err;
851 }
852
853 if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, sizeof(salt)) <= 0) {
854 fprintf(stderr, "FAIL: EVP_PKEY_CTX_set1_hkdf_salt\n");
855 goto err;
856 }
857
858 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, ikm, sizeof(ikm)) <= 0) {
859 fprintf(stderr, "FAIL: EVP_PKEY_CTX_set1_hkdf_key\n");
860 goto err;
861 }
862
863 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, sizeof(info)) <= 0) {
864 fprintf(stderr, "FAIL: EVP_PKEY_CTX_add1_hkdf_info\n");
865 goto err;
866 }
867
868 if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
869 fprintf(stderr, "FAIL: EVP_PKEY_derive\n");
870 goto err;
871 }
872
873 if (!kdf_compare_bytes("HKDF test", out, outlen, expected, sizeof(expected)))
874 goto err;
875
876 failed = 0;
877
878 err:
879 EVP_PKEY_CTX_free(pctx);
880 return failed;
881}
882
883static int
805evp_kdf_tls1_prf_basic(void) 884evp_kdf_tls1_prf_basic(void)
806{ 885{
807 EVP_PKEY_CTX *pctx; 886 EVP_PKEY_CTX *pctx;
@@ -1038,6 +1117,7 @@ main(int argc, char **argv)
1038 failed |= obj_name_do_all_test(); 1117 failed |= obj_name_do_all_test();
1039 failed |= evp_get_cipherbyname_test(); 1118 failed |= evp_get_cipherbyname_test();
1040 failed |= evp_get_digestbyname_test(); 1119 failed |= evp_get_digestbyname_test();
1120 failed |= evp_kdf_hkdf_basic();
1041 failed |= evp_kdf_tls1_prf_basic(); 1121 failed |= evp_kdf_tls1_prf_basic();
1042 failed |= evp_kdf_tls1_prf(); 1122 failed |= evp_kdf_tls1_prf();
1043 1123
diff --git a/src/regress/lib/libcrypto/free/Makefile b/src/regress/lib/libcrypto/free/Makefile
index 21516f1172..9171393c0f 100644
--- a/src/regress/lib/libcrypto/free/Makefile
+++ b/src/regress/lib/libcrypto/free/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.5 2023/04/15 14:10:09 tb Exp $ 1# $OpenBSD: Makefile,v 1.6 2025/08/25 06:08:33 tb Exp $
2 2
3TESTS = \ 3TESTS = \
4 freenull 4 freenull
@@ -10,9 +10,11 @@ REGRESS_TARGETS= all_tests
10LDADD= -lcrypto 10LDADD= -lcrypto
11DPADD= ${LIBCRYPTO} 11DPADD= ${LIBCRYPTO}
12 12
13CFLAGS+= -Wall -Werror
14
13CLEANFILES+= freenull.c freenull.c.body freenull.c.tmp 15CLEANFILES+= freenull.c freenull.c.body freenull.c.tmp
14 16
15freenull.c: freenull.awk ../../../../lib/libcrypto/Symbols.list 17freenull.c: freenull.awk freenull.c.head freenull.c.tail ../../../../lib/libcrypto/Symbols.list
16 awk -f ${.CURDIR}/freenull.awk \ 18 awk -f ${.CURDIR}/freenull.awk \
17 < ${BSDSRCDIR}/lib/libcrypto/Symbols.list > freenull.c.body 19 < ${BSDSRCDIR}/lib/libcrypto/Symbols.list > freenull.c.body
18 cat ${.CURDIR}/freenull.c.head freenull.c.body \ 20 cat ${.CURDIR}/freenull.c.head freenull.c.body \
diff --git a/src/regress/lib/libcrypto/free/freenull.c.head b/src/regress/lib/libcrypto/free/freenull.c.head
index db652bfb01..747f174a4c 100644
--- a/src/regress/lib/libcrypto/free/freenull.c.head
+++ b/src/regress/lib/libcrypto/free/freenull.c.head
@@ -1,4 +1,4 @@
1/* $OpenBSD: freenull.c.head,v 1.10 2024/08/30 05:00:38 tb Exp $ */ 1/* $OpenBSD: freenull.c.head,v 1.11 2025/08/25 06:01:33 tb Exp $ */
2 2
3#include <openssl/asn1.h> 3#include <openssl/asn1.h>
4#include <openssl/cmac.h> 4#include <openssl/cmac.h>
@@ -10,6 +10,7 @@
10#include <openssl/gost.h> 10#include <openssl/gost.h>
11#endif 11#endif
12#include <openssl/hmac.h> 12#include <openssl/hmac.h>
13#include <openssl/mlkem.h>
13#include <openssl/ocsp.h> 14#include <openssl/ocsp.h>
14#include <openssl/pkcs12.h> 15#include <openssl/pkcs12.h>
15#include <openssl/ts.h> 16#include <openssl/ts.h>
diff --git a/src/regress/lib/libcrypto/gcm128/gcm128test.c b/src/regress/lib/libcrypto/gcm128/gcm128test.c
index def7653c7b..78631979fe 100644
--- a/src/regress/lib/libcrypto/gcm128/gcm128test.c
+++ b/src/regress/lib/libcrypto/gcm128/gcm128test.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gcm128test.c,v 1.7 2022/09/05 21:06:31 tb Exp $ */ 1/* $OpenBSD: gcm128test.c,v 1.8 2025/05/16 14:03:49 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2010 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -57,11 +57,6 @@
57#include <openssl/aes.h> 57#include <openssl/aes.h>
58#include <openssl/modes.h> 58#include <openssl/modes.h>
59 59
60/* XXX - something like this should be in the public headers. */
61struct gcm128_context {
62 uint64_t opaque[64];
63};
64
65struct gcm128_test { 60struct gcm128_test {
66 const uint8_t K[128]; 61 const uint8_t K[128];
67 size_t K_len; 62 size_t K_len;
@@ -856,7 +851,7 @@ struct gcm128_test gcm128_tests[] = {
856static int 851static int
857do_gcm128_test(int test_no, struct gcm128_test *tv) 852do_gcm128_test(int test_no, struct gcm128_test *tv)
858{ 853{
859 GCM128_CONTEXT ctx; 854 GCM128_CONTEXT *ctx;
860 AES_KEY key; 855 AES_KEY key;
861 uint8_t *out = NULL; 856 uint8_t *out = NULL;
862 size_t out_len; 857 size_t out_len;
@@ -873,13 +868,16 @@ do_gcm128_test(int test_no, struct gcm128_test *tv)
873 868
874 if (out_len != 0) 869 if (out_len != 0)
875 memset(out, 0, out_len); 870 memset(out, 0, out_len);
876 CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt); 871
877 CRYPTO_gcm128_setiv(&ctx, tv->IV, tv->IV_len); 872 if ((ctx = CRYPTO_gcm128_new(&key, (block128_f)AES_encrypt)) == NULL)
873 err(1, "CRYPTO_gcm128_new");
874
875 CRYPTO_gcm128_setiv(ctx, tv->IV, tv->IV_len);
878 if (tv->A_len > 0) 876 if (tv->A_len > 0)
879 CRYPTO_gcm128_aad(&ctx, tv->A, tv->A_len); 877 CRYPTO_gcm128_aad(ctx, tv->A, tv->A_len);
880 if (tv->P_len > 0) 878 if (tv->P_len > 0)
881 CRYPTO_gcm128_encrypt(&ctx, tv->P, out, out_len); 879 CRYPTO_gcm128_encrypt(ctx, tv->P, out, out_len);
882 if (CRYPTO_gcm128_finish(&ctx, tv->T, 16)) { 880 if (CRYPTO_gcm128_finish(ctx, tv->T, 16)) {
883 fprintf(stderr, "TEST %d: CRYPTO_gcm128_finish failed\n", 881 fprintf(stderr, "TEST %d: CRYPTO_gcm128_finish failed\n",
884 test_no); 882 test_no);
885 goto fail; 883 goto fail;
@@ -891,12 +889,12 @@ do_gcm128_test(int test_no, struct gcm128_test *tv)
891 889
892 if (out_len != 0) 890 if (out_len != 0)
893 memset(out, 0, out_len); 891 memset(out, 0, out_len);
894 CRYPTO_gcm128_setiv(&ctx, tv->IV, tv->IV_len); 892 CRYPTO_gcm128_setiv(ctx, tv->IV, tv->IV_len);
895 if (tv->A_len > 0) 893 if (tv->A_len > 0)
896 CRYPTO_gcm128_aad(&ctx, tv->A, tv->A_len); 894 CRYPTO_gcm128_aad(ctx, tv->A, tv->A_len);
897 if (tv->C_len > 0) 895 if (tv->C_len > 0)
898 CRYPTO_gcm128_decrypt(&ctx, tv->C, out, out_len); 896 CRYPTO_gcm128_decrypt(ctx, tv->C, out, out_len);
899 if (CRYPTO_gcm128_finish(&ctx, tv->T, 16)) { 897 if (CRYPTO_gcm128_finish(ctx, tv->T, 16)) {
900 fprintf(stderr, "TEST %d: CRYPTO_gcm128_finish failed\n", 898 fprintf(stderr, "TEST %d: CRYPTO_gcm128_finish failed\n",
901 test_no); 899 test_no);
902 goto fail; 900 goto fail;
@@ -909,6 +907,8 @@ do_gcm128_test(int test_no, struct gcm128_test *tv)
909 ret = 0; 907 ret = 0;
910 908
911fail: 909fail:
910 CRYPTO_gcm128_release(ctx);
911
912 free(out); 912 free(out);
913 return (ret); 913 return (ret);
914} 914}
diff --git a/src/regress/lib/libcrypto/man/check_complete.pl b/src/regress/lib/libcrypto/man/check_complete.pl
index 5f2d12ec73..dbce9b74ec 100755
--- a/src/regress/lib/libcrypto/man/check_complete.pl
+++ b/src/regress/lib/libcrypto/man/check_complete.pl
@@ -1,6 +1,6 @@
1#!/usr/bin/perl 1#!/usr/bin/perl
2# 2#
3# Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org> 3# Copyright (c) 2021,2022,2023,2024,2025 Ingo Schwarze <schwarze@openbsd.org>
4# 4#
5# Permission to use, copy, modify, and distribute this software for any 5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above 6# purpose with or without fee is hereby granted, provided that the above
@@ -25,10 +25,10 @@ my %internal = (
25 CHARTYPE_FIRST_ESC_2253 CHARTYPE_LAST_ESC_2253 CHARTYPE_PRINTABLESTRING 25 CHARTYPE_FIRST_ESC_2253 CHARTYPE_LAST_ESC_2253 CHARTYPE_PRINTABLESTRING
26 )], 26 )],
27 bn => [qw( 27 bn => [qw(
28 BN_BITS BN_BITS4 BN_BYTES 28 BN_BYTES BN_LLONG BN_ULLONG
29 BN_DEC_CONV BN_DEC_FMT1 BN_DEC_FMT2 BN_DEC_NUM BN_LLONG BN_LONG 29 )],
30 BN_MASK2 BN_MASK2h BN_MASK2h1 BN_MASK2l 30 conf => [qw(
31 BN_TBIT BN_ULLONG 31 conf_st conf_method_st
32 )], 32 )],
33 evp => [qw( 33 evp => [qw(
34 ASN1_PKEY_CTRL_CMS_ENVELOPE ASN1_PKEY_CTRL_CMS_RI_TYPE 34 ASN1_PKEY_CTRL_CMS_ENVELOPE ASN1_PKEY_CTRL_CMS_RI_TYPE
@@ -55,7 +55,6 @@ my %obsolete = (
55 ASN1_dup ASN1_d2i_bio ASN1_d2i_bio_of ASN1_d2i_fp ASN1_d2i_fp_of 55 ASN1_dup ASN1_d2i_bio ASN1_d2i_bio_of ASN1_d2i_fp ASN1_d2i_fp_of
56 ASN1_i2d_bio ASN1_i2d_bio_of ASN1_i2d_bio_of_const 56 ASN1_i2d_bio ASN1_i2d_bio_of ASN1_i2d_bio_of_const
57 ASN1_i2d_fp ASN1_i2d_fp_of ASN1_i2d_fp_of_const 57 ASN1_i2d_fp ASN1_i2d_fp_of ASN1_i2d_fp_of_const
58 ASN1_LONG_UNDEF
59 BIT_STRING_BITNAME 58 BIT_STRING_BITNAME
60 V_ASN1_PRIMATIVE_TAG 59 V_ASN1_PRIMATIVE_TAG
61 X509_algor_st 60 X509_algor_st
@@ -69,9 +68,6 @@ my %obsolete = (
69 BIO_set_filter_bio BIO_set_no_connect_return BIO_set_proxies 68 BIO_set_filter_bio BIO_set_no_connect_return BIO_set_proxies
70 BIO_set_proxy_cb BIO_set_proxy_header BIO_set_url 69 BIO_set_proxy_cb BIO_set_proxy_header BIO_set_url
71 )], 70 )],
72 bn => [qw(
73 BN_HEX_FMT1 BN_HEX_FMT2 BN_MASK
74 )],
75 evp => [qw( 71 evp => [qw(
76 EVP_CIPH_FLAG_FIPS EVP_CIPH_FLAG_NON_FIPS_ALLOW 72 EVP_CIPH_FLAG_FIPS EVP_CIPH_FLAG_NON_FIPS_ALLOW
77 EVP_CTRL_AEAD_SET_MAC_KEY EVP_CTRL_AEAD_TLS1_AAD 73 EVP_CTRL_AEAD_SET_MAC_KEY EVP_CTRL_AEAD_TLS1_AAD
@@ -116,7 +112,7 @@ my %postponed = (
116 112
117my $MANW = 'man -M /usr/share/man -w'; 113my $MANW = 'man -M /usr/share/man -w';
118my $srcdir = '/usr/src/lib/libcrypto/man'; 114my $srcdir = '/usr/src/lib/libcrypto/man';
119my $hfile = '/usr/include/openssl'; 115my $hfile = '/usr/include';
120 116
121my $in_cplusplus = 0; 117my $in_cplusplus = 0;
122my $in_comment = 0; 118my $in_comment = 0;
@@ -133,6 +129,7 @@ if (defined $ARGV[0] && $ARGV[0] eq '-v') {
133 shift @ARGV; 129 shift @ARGV;
134} 130}
135$#ARGV == 0 or die "usage: $0 [-v] headername"; 131$#ARGV == 0 or die "usage: $0 [-v] headername";
132$hfile .= "/openssl" unless $ARGV[0] eq 'tls';
136$hfile .= "/$ARGV[0].h"; 133$hfile .= "/$ARGV[0].h";
137open my $in_fh, '<', $hfile or die "$hfile: $!"; 134open my $in_fh, '<', $hfile or die "$hfile: $!";
138 135
@@ -236,6 +233,7 @@ try_again:
236 # Uninteresting lines. 233 # Uninteresting lines.
237 234
238 if (/^\s*$/ || 235 if (/^\s*$/ ||
236 /^DECLARE_LHASH_OF\(\w+\);$/ ||
239 /^DECLARE_STACK_OF\(\w+\)$/ || 237 /^DECLARE_STACK_OF\(\w+\)$/ ||
240 /^DECLARE_PKCS12_STACK_OF\(\w+\)$/ || 238 /^DECLARE_PKCS12_STACK_OF\(\w+\)$/ ||
241 /^TYPEDEF_D2I2D_OF\(\w+\);$/ || 239 /^TYPEDEF_D2I2D_OF\(\w+\);$/ ||
@@ -288,7 +286,7 @@ try_again:
288 print "D- $line\n" if $verbose; 286 print "D- $line\n" if $verbose;
289 next; 287 next;
290 } 288 }
291 if ($id =~ /^(?:ASN1|BIO|BN|EVP|X509(?:V3)?)_[FR]_\w+$/) { 289 if ($id =~ /^(?:ASN1|BIO|BN|CONF|EVP|X509(?:V3)?)_[FR]_\w+$/) {
292 print "D- $line\n" if $verbose; 290 print "D- $line\n" if $verbose;
293 next; 291 next;
294 } 292 }
diff --git a/src/regress/lib/libcrypto/md/Makefile b/src/regress/lib/libcrypto/md/Makefile
index 94bec95e05..1df57283b2 100644
--- a/src/regress/lib/libcrypto/md/Makefile
+++ b/src/regress/lib/libcrypto/md/Makefile
@@ -1,9 +1,15 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2022/09/02 13:34:48 tb Exp $ 1# $OpenBSD: Makefile,v 1.2 2025/05/22 03:24:47 joshua Exp $
2 2
3PROG= md_test 3PROG = md_test
4LDADD= -lcrypto 4LDADD = -lcrypto
5DPADD= ${LIBCRYPTO} 5DPADD = ${LIBCRYPTO}
6WARNINGS= Yes 6WARNINGS = Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror 7CFLAGS += -DLIBRESSL_INTERNAL -Werror
8CFLAGS += -I${.CURDIR}/../test
9SRCS += md_test.c
10SRCS += test.c
11SRCS += test_util.c
12
13.PATH: ${.CURDIR}/../test
8 14
9.include <bsd.regress.mk> 15.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/md/md_test.c b/src/regress/lib/libcrypto/md/md_test.c
index 590bb50ee3..752f2e4958 100644
--- a/src/regress/lib/libcrypto/md/md_test.c
+++ b/src/regress/lib/libcrypto/md/md_test.c
@@ -1,6 +1,6 @@
1/* $OpenBSD: md_test.c,v 1.3 2025/01/19 10:17:39 tb Exp $ */ 1/* $OpenBSD: md_test.c,v 1.4 2025/05/22 03:24:47 joshua Exp $ */
2/* 2/*
3 * Copyright (c) 2022 Joshua Sing <joshua@hypera.dev> 3 * Copyright (c) 2022, 2025 Joshua Sing <joshua@joshuasing.dev>
4 * 4 *
5 * Permission to use, copy, modify, and distribute this software for any 5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above 6 * purpose with or without fee is hereby granted, provided that the above
@@ -22,6 +22,8 @@
22#include <stdint.h> 22#include <stdint.h>
23#include <string.h> 23#include <string.h>
24 24
25#include "test.h"
26
25struct md_test { 27struct md_test {
26 const int algorithm; 28 const int algorithm;
27 const uint8_t in[128]; 29 const uint8_t in[128];
@@ -30,7 +32,7 @@ struct md_test {
30}; 32};
31 33
32static const struct md_test md_tests[] = { 34static const struct md_test md_tests[] = {
33 /* MD4 (RFC 1320 test vectors) */ 35 /* MD4 (RFC 1320 test vectors) */
34 { 36 {
35 .algorithm = NID_md4, 37 .algorithm = NID_md4,
36 .in = "", 38 .in = "",
@@ -99,7 +101,7 @@ static const struct md_test md_tests[] = {
99 } 101 }
100 }, 102 },
101 103
102 /* MD5 (RFC 1321 test vectors) */ 104 /* MD5 (RFC 1321 test vectors) */
103 { 105 {
104 .algorithm = NID_md5, 106 .algorithm = NID_md5,
105 .in = "", 107 .in = "",
@@ -175,25 +177,21 @@ typedef unsigned char *(*md_hash_func)(const unsigned char *, size_t,
175 unsigned char *); 177 unsigned char *);
176 178
177static int 179static int
178md_hash_from_algorithm(int algorithm, const char **out_label, 180md_hash_from_algorithm(int algorithm, md_hash_func *out_func,
179 md_hash_func *out_func, const EVP_MD **out_md, size_t *out_len) 181 const EVP_MD **out_md, size_t *out_len)
180{ 182{
181 switch (algorithm) { 183 switch (algorithm) {
182 case NID_md4: 184 case NID_md4:
183 *out_label = SN_md4;
184 *out_func = MD4; 185 *out_func = MD4;
185 *out_md = EVP_md4(); 186 *out_md = EVP_md4();
186 *out_len = MD4_DIGEST_LENGTH; 187 *out_len = MD4_DIGEST_LENGTH;
187 break; 188 break;
188 case NID_md5: 189 case NID_md5:
189 *out_label = SN_md5;
190 *out_func = MD5; 190 *out_func = MD5;
191 *out_md = EVP_md5(); 191 *out_md = EVP_md5();
192 *out_len = MD5_DIGEST_LENGTH; 192 *out_len = MD5_DIGEST_LENGTH;
193 break; 193 break;
194 default: 194 default:
195 fprintf(stderr, "FAIL: unknown algorithm (%d)\n",
196 algorithm);
197 return 0; 195 return 0;
198 } 196 }
199 197
@@ -201,108 +199,100 @@ md_hash_from_algorithm(int algorithm, const char **out_label,
201} 199}
202 200
203static void 201static void
204hexdump(const unsigned char *buf, size_t len) 202test_md_tv(struct test *t, const void *arg)
205{
206 size_t i;
207
208 for (i = 1; i <= len; i++)
209 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
210
211 fprintf(stderr, "\n");
212}
213
214static int
215md_test(void)
216{ 203{
217 unsigned char *(*md_func)(const unsigned char *, size_t, unsigned char *); 204 const struct md_test *st = arg;
218 const struct md_test *st; 205 md_hash_func md_func;
219 EVP_MD_CTX *hash = NULL;
220 const EVP_MD *md; 206 const EVP_MD *md;
207 EVP_MD_CTX *hash = NULL;
221 uint8_t out[EVP_MAX_MD_SIZE]; 208 uint8_t out[EVP_MAX_MD_SIZE];
222 size_t in_len, out_len; 209 size_t in_len, out_len;
223 size_t i;
224 const char *label;
225 int failed = 1;
226 210
227 if ((hash = EVP_MD_CTX_new()) == NULL) { 211 if (!md_hash_from_algorithm(st->algorithm, &md_func, &md, &out_len)) {
228 fprintf(stderr, "FAIL: EVP_MD_CTX_new() failed\n"); 212 test_errorf(t, "md_hash_from_algorithm: unknown algorithm: %d",
229 goto failed; 213 st->algorithm);
214 goto fail;
230 } 215 }
231 216
232 for (i = 0; i < N_MD_TESTS; i++) { 217 if ((hash = EVP_MD_CTX_new()) == NULL) {
233 st = &md_tests[i]; 218 test_errorf(t, "EVP_MD_CTX_new()");
234 if (!md_hash_from_algorithm(st->algorithm, &label, &md_func, 219 goto fail;
235 &md, &out_len)) 220 }
236 goto failed;
237
238 /* Digest */
239 memset(out, 0, sizeof(out));
240 md_func(st->in, st->in_len, out);
241 if (memcmp(st->out, out, out_len) != 0) {
242 fprintf(stderr, "FAIL (%s): mismatch\n", label);
243 goto failed;
244 }
245 221
246 /* EVP single-shot digest */ 222 /* Digest */
247 memset(out, 0, sizeof(out)); 223 memset(out, 0, sizeof(out));
248 if (!EVP_Digest(st->in, st->in_len, out, NULL, md, NULL)) { 224 md_func(st->in, st->in_len, out);
249 fprintf(stderr, "FAIL (%s): EVP_Digest failed\n", 225 if (memcmp(st->out, out, out_len) != 0) {
250 label); 226 test_errorf(t, "MD: digest output mismatch");
251 goto failed; 227 test_hexdiff(t, out, out_len, st->out);
252 } 228 }
253 229
254 if (memcmp(st->out, out, out_len) != 0) { 230 /* EVP single-shot digest */
255 fprintf(stderr, "FAIL (%s): EVP single-shot mismatch\n", 231 memset(out, 0, sizeof(out));
256 label); 232 if (!EVP_Digest(st->in, st->in_len, out, NULL, md, NULL)) {
257 goto failed; 233 test_errorf(t, "EVP_Digest()");
258 } 234 goto fail;
235 }
236 if (memcmp(st->out, out, out_len) != 0) {
237 test_errorf(t, "EVP_Digest: digest output mismatch");
238 test_hexdiff(t, out, out_len, st->out);
239 }
259 240
260 /* EVP digest */ 241 /* EVP digest */
261 memset(out, 0, sizeof(out)); 242 memset(out, 0, sizeof(out));
262 if (!EVP_DigestInit_ex(hash, md, NULL)) { 243 if (!EVP_DigestInit_ex(hash, md, NULL)) {
263 fprintf(stderr, "FAIL (%s): EVP_DigestInit_ex failed\n", 244 test_errorf(t, "EVP_DigestInit_ex()");
264 label); 245 goto fail;
265 goto failed; 246 }
266 }
267 247
268 in_len = st->in_len / 2; 248 in_len = st->in_len / 2;
269 if (!EVP_DigestUpdate(hash, st->in, in_len)) { 249 if (!EVP_DigestUpdate(hash, st->in, in_len)) {
270 fprintf(stderr, 250 test_errorf(t, "EVP_DigestUpdate: first half failed");
271 "FAIL (%s): EVP_DigestUpdate first half failed\n", 251 goto fail;
272 label); 252 }
273 goto failed;
274 }
275 253
276 if (!EVP_DigestUpdate(hash, st->in + in_len, 254 if (!EVP_DigestUpdate(hash, st->in + in_len,
277 st->in_len - in_len)) { 255 st->in_len - in_len)) {
278 fprintf(stderr, 256 test_errorf(t, "EVP_DigestUpdate: second half failed");
279 "FAIL (%s): EVP_DigestUpdate second half failed\n", 257 goto fail;
280 label); 258 }
281 goto failed;
282 }
283 259
284 if (!EVP_DigestFinal_ex(hash, out, NULL)) { 260 if (!EVP_DigestFinal_ex(hash, out, NULL)) {
285 fprintf(stderr, 261 test_errorf(t, "EVP_DigestFinal_ex()");
286 "FAIL (%s): EVP_DigestFinal_ex failed\n", 262 goto fail;
287 label); 263 }
288 goto failed;
289 }
290 264
291 if (memcmp(st->out, out, out_len) != 0) { 265 if (memcmp(st->out, out, out_len) != 0) {
292 fprintf(stderr, "FAIL (%s): EVP mismatch\n", label); 266 test_errorf(t, "EVP: digest output mismatch");
293 goto failed; 267 test_hexdiff(t, out, out_len, st->out);
294 }
295 } 268 }
296 269
297 failed = 0;
298 270
299 failed: 271 fail:
300 EVP_MD_CTX_free(hash); 272 EVP_MD_CTX_free(hash);
301 return failed;
302} 273}
303 274
304static int 275static void
305md5_large_test(void) 276test_md(struct test *t, const void *arg)
277{
278 const struct md_test *st;
279 size_t i;
280 char *name;
281
282 for (i = 0; i < N_MD_TESTS; i++) {
283 st = &md_tests[i];
284 if (asprintf(&name, "%s: '%s'", OBJ_nid2sn(st->algorithm), st->in) == -1) {
285 test_errorf(t, "create test name");
286 return;
287 }
288
289 test_run(t, name, test_md_tv, st);
290 free(name);
291 }
292}
293
294static void
295test_md5_large(struct test *t, const void *arg)
306{ 296{
307 MD5_CTX ctx; 297 MD5_CTX ctx;
308 uint8_t in[1024]; 298 uint8_t in[1024];
@@ -310,12 +300,10 @@ md5_large_test(void)
310 unsigned int out_len; 300 unsigned int out_len;
311 size_t in_len; 301 size_t in_len;
312 size_t i; 302 size_t i;
313 const char *label;
314 uint8_t want[] = { 303 uint8_t want[] = {
315 0xd8, 0xbc, 0xae, 0x13, 0xb5, 0x5a, 0xb0, 0xfc, 304 0xd8, 0xbc, 0xae, 0x13, 0xb5, 0x5a, 0xb0, 0xfc,
316 0x7f, 0x8a, 0xe1, 0x78, 0x27, 0x8d, 0x44, 0x1b, 305 0x7f, 0x8a, 0xe1, 0x78, 0x27, 0x8d, 0x44, 0x1b,
317 }; 306 };
318 int failed = 1;
319 307
320 memset(in, 'A', sizeof(in)); 308 memset(in, 'A', sizeof(in));
321 in_len = sizeof(in); 309 in_len = sizeof(in);
@@ -323,44 +311,34 @@ md5_large_test(void)
323 memset(out, 0, sizeof(out)); 311 memset(out, 0, sizeof(out));
324 out_len = 16; 312 out_len = 16;
325 313
326 label = "md5";
327
328 MD5_Init(&ctx); 314 MD5_Init(&ctx);
329 315
330 for (i = 0; i < (1<<29) + 1; i += in_len) { 316 for (i = 0; i < (1<<29) + 1; i += in_len) {
331 if (!MD5_Update(&ctx, in, in_len)) { 317 if (!MD5_Update(&ctx, in, in_len)) {
332 fprintf(stderr, "FAIL (%s): MD5_Update failed\n", label); 318 test_errorf(t, "MD5_Update()");
333 goto failed; 319 return;
334 } 320 }
335 } 321 }
336 if (!MD5_Final(out, &ctx)) { 322 if (!MD5_Final(out, &ctx)) {
337 fprintf(stderr, "FAIL (%s): MD5_Final failed\n", label); 323 test_errorf(t, "MD5_Final()");
338 goto failed; 324 return;
339 } 325 }
340 326
341 if (memcmp(out, want, out_len) != 0) { 327 if (memcmp(out, want, out_len) != 0) {
342 fprintf(stderr, "FAIL (%s): MD5 mismatch\n", label); 328 test_errorf(t, "MD5 digest output mismatch");
343 hexdump(out, out_len); 329 test_hexdump(t, out, out_len);
344 goto failed;
345 } 330 }
346 if (ctx.Nh != 0x1 || ctx.Nl != 0x2000) { 331 if (ctx.Nh != 0x1 || ctx.Nl != 0x2000)
347 fprintf(stderr, "FAIL (%s): MD5 incorrect bit length\n", label); 332 test_errorf(t, "MD5 incorrect bit length");
348 goto failed;
349 }
350
351 failed = 0;
352
353 failed:
354 return failed;
355} 333}
356 334
357int 335int
358main(int argc, char **argv) 336main(int argc, char **argv)
359{ 337{
360 int failed = 0; 338 struct test *t = test_init();
361 339
362 failed |= md_test(); 340 test_run(t, "md", test_md, NULL);
363 failed |= md5_large_test(); 341 test_run(t, "md5 large", test_md5_large, NULL);
364 342
365 return failed; 343 return test_result(t);
366} 344}
diff --git a/src/regress/lib/libcrypto/mlkem/Makefile b/src/regress/lib/libcrypto/mlkem/Makefile
index a08623c90a..3acaf78e63 100644
--- a/src/regress/lib/libcrypto/mlkem/Makefile
+++ b/src/regress/lib/libcrypto/mlkem/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.9 2024/12/29 20:14:15 tb Exp $ 1# $OpenBSD: Makefile,v 1.10 2025/08/15 14:46:37 tb Exp $
2 2
3REGRESS_SLOW_TARGETS += run-regress-mlkem_iteration_tests 3REGRESS_SLOW_TARGETS += run-regress-mlkem_iteration_tests
4 4
@@ -22,7 +22,7 @@ run-regress-mlkem_tests: mlkem_tests
22 ./mlkem_tests $f ${.CURDIR}/$f.txt 22 ./mlkem_tests $f ${.CURDIR}/$f.txt
23.endfor 23.endfor
24 24
25SRCS_mlkem_tests = mlkem_tests.c mlkem_tests_util.c parse_test_file.c 25SRCS_mlkem_tests = mlkem_tests.c parse_test_file.c
26SRCS_mlkem_iteration_tests = mlkem_iteration_tests.c mlkem_tests_util.c 26SRCS_mlkem_iteration_tests = mlkem_iteration_tests.c mlkem_tests_util.c
27SRCS_mlkem_unittest = mlkem_unittest.c mlkem_tests_util.c 27SRCS_mlkem_unittest = mlkem_unittest.c mlkem_tests_util.c
28 28
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem768_encap_tests.txt b/src/regress/lib/libcrypto/mlkem/mlkem768_encap_tests.txt
index 76b0cbdef3..bf37654e0c 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem768_encap_tests.txt
+++ b/src/regress/lib/libcrypto/mlkem/mlkem768_encap_tests.txt
@@ -1769,70 +1769,70 @@ result: pass
1769ciphertext: bb7e0dca6eca3ef57e945d921c2f80875556f7786d6bcca1312f86b3bea6d0f0a73f7d6036a7c38c62d4e356961ec6a28d8026a2d915d9721ef815147fc09ca65a3394aa5dc14c08d41cbe932337b9a531ddf68df20b6aea297194ac398f15919830e3ee6c20145c0aae7a2cd276ccad7b5c414212f0c0ae7106333868938a6a00da19377d996c7796d400606007dff30fe554a5fef86944d43ba047a00da5c2c2a1aad053aeafcc75a1e826a417b4c320e60a68e63dd7b54827f5b8b0063a00043f29ce8975d95bd418eb2ed29db0d9263c67fdcc153ba9b5a33279becb7ab193c2f257bd660fd7012712be3fdc2e52490ade145e8e030ba1ee5368791e6f3efe00deb34cb454cbf7fdae3a507261d9fce66ab58998ca19380187e3455d425977a8396cee3442935e24347aed45fba9b323a289f1b98691e35017ecfd7a423cd8d0149432a2063e0786c2f912e1134ebed188511c905a1a9890cd55d496e8441ccf637b4d660d93c7a46c3e17219167c3b4740878ae35766470b5eff3c6b1fc8c30e5c9645a94ebd48d2d40fbd4baf9d822deb26c089da84043340a564e6c311bca18c7a2c868831fbb866d89652556b53297b9c0040e98a692fa536af4c9a7aa09321ca27068ca66c665b1121ee4529cb3e6d899964de759ab915b0d2c571c5aa76cd64df4a4e55d9de59eca7b4379b30f8559db41e804a18b8771f594b9bee3de9ae98a003430aac58c141e6f0b7b1e5e08e27d1127b682882be055ba31e280dbace7878ae60426626ea4c5bc034a9206e27f578edd17fa6c33180b649bc7bd437b2c86ef4e0f4583071f99090b95db1e415d21ddd88a910b1fd10e3a04e391d947558a6619683ae070be04cab88300614839503f088e2f04cc4a7d091af9833a4f957cfdc574b1c994673ea14dce6ad89adebf5130d266c1440b3f544eea380ba245e21651f1f2aeb2b3d578000a87683dec69ccac18b0702d3d030077981076766e7e5f3ae1174eaf21bf03662c6bda5fd209da19ff6792c0bbc5d210851061dcdd2e4794d2c3c0c531e92a2c4a23556878d3e890b65289a6a02530bbd40ed66db3bb220aeb71fcc3c0b5d5b3afc71377746b22ce636dba028bc052c219783d468fac1d4eed555c1b4676705c8d27aa8a09c6fd8640a6f7b6790ff173ac39b5f3c709281df4274cccdc1e3b690ac0a77f7ece34cdf3216d2b6058baf5f649ff5036360dff99334ff06a366785c0404c584f623801190082fe5cdf88f9cf41032681e8fd6b84d127add01d4b2286af648b83fe69aa8d109c9320bd40621cf75adff8603e3da00be36f03ed7925f19b2e913d756e952a9402cd4fbffc0428cd7eebdd7fc7d3b4cde181b16b26811cd53d9f5d85d37c1670b957d4b3d04fd06567ac68d3f9dbdd45d182619180cf9292e86f42bcc213e94900e0c759e051bc0e30ffbdb91a2493913dc8b81ba4c3e8ba0e7277dc38dc91eb2b27823dac71b6f1c47e2a04136e2c0474fe070e2e4bf8e6fc98e73143ead3c5f778ce8a4efde4 1769ciphertext: bb7e0dca6eca3ef57e945d921c2f80875556f7786d6bcca1312f86b3bea6d0f0a73f7d6036a7c38c62d4e356961ec6a28d8026a2d915d9721ef815147fc09ca65a3394aa5dc14c08d41cbe932337b9a531ddf68df20b6aea297194ac398f15919830e3ee6c20145c0aae7a2cd276ccad7b5c414212f0c0ae7106333868938a6a00da19377d996c7796d400606007dff30fe554a5fef86944d43ba047a00da5c2c2a1aad053aeafcc75a1e826a417b4c320e60a68e63dd7b54827f5b8b0063a00043f29ce8975d95bd418eb2ed29db0d9263c67fdcc153ba9b5a33279becb7ab193c2f257bd660fd7012712be3fdc2e52490ade145e8e030ba1ee5368791e6f3efe00deb34cb454cbf7fdae3a507261d9fce66ab58998ca19380187e3455d425977a8396cee3442935e24347aed45fba9b323a289f1b98691e35017ecfd7a423cd8d0149432a2063e0786c2f912e1134ebed188511c905a1a9890cd55d496e8441ccf637b4d660d93c7a46c3e17219167c3b4740878ae35766470b5eff3c6b1fc8c30e5c9645a94ebd48d2d40fbd4baf9d822deb26c089da84043340a564e6c311bca18c7a2c868831fbb866d89652556b53297b9c0040e98a692fa536af4c9a7aa09321ca27068ca66c665b1121ee4529cb3e6d899964de759ab915b0d2c571c5aa76cd64df4a4e55d9de59eca7b4379b30f8559db41e804a18b8771f594b9bee3de9ae98a003430aac58c141e6f0b7b1e5e08e27d1127b682882be055ba31e280dbace7878ae60426626ea4c5bc034a9206e27f578edd17fa6c33180b649bc7bd437b2c86ef4e0f4583071f99090b95db1e415d21ddd88a910b1fd10e3a04e391d947558a6619683ae070be04cab88300614839503f088e2f04cc4a7d091af9833a4f957cfdc574b1c994673ea14dce6ad89adebf5130d266c1440b3f544eea380ba245e21651f1f2aeb2b3d578000a87683dec69ccac18b0702d3d030077981076766e7e5f3ae1174eaf21bf03662c6bda5fd209da19ff6792c0bbc5d210851061dcdd2e4794d2c3c0c531e92a2c4a23556878d3e890b65289a6a02530bbd40ed66db3bb220aeb71fcc3c0b5d5b3afc71377746b22ce636dba028bc052c219783d468fac1d4eed555c1b4676705c8d27aa8a09c6fd8640a6f7b6790ff173ac39b5f3c709281df4274cccdc1e3b690ac0a77f7ece34cdf3216d2b6058baf5f649ff5036360dff99334ff06a366785c0404c584f623801190082fe5cdf88f9cf41032681e8fd6b84d127add01d4b2286af648b83fe69aa8d109c9320bd40621cf75adff8603e3da00be36f03ed7925f19b2e913d756e952a9402cd4fbffc0428cd7eebdd7fc7d3b4cde181b16b26811cd53d9f5d85d37c1670b957d4b3d04fd06567ac68d3f9dbdd45d182619180cf9292e86f42bcc213e94900e0c759e051bc0e30ffbdb91a2493913dc8b81ba4c3e8ba0e7277dc38dc91eb2b27823dac71b6f1c47e2a04136e2c0474fe070e2e4bf8e6fc98e73143ead3c5f778ce8a4efde4
1770shared_secret: 5b357f714a293b6724c0dc2e2c5509676782a9dddb050d88e6efa0a6d09d20b7 1770shared_secret: 5b357f714a293b6724c0dc2e2c5509676782a9dddb050d88e6efa0a6d09d20b7
1771 1771
1772# Rho leads to a matrix with unusally large entries 1772# Rho leads to a matrix with unusually large entries
1773entropy: adf510dc0e997af14f96e4863f316475be59850bc861ca0d1b057d6b94c3b5d6 1773entropy: adf510dc0e997af14f96e4863f316475be59850bc861ca0d1b057d6b94c3b5d6
1774public_key = d7dab73b47cd1ca43c7e036d41c94f8f31a0de404fa38a1da0992933d752acc0407234883488a581e340bf5a8dd7112099259ebfdb0cb094c8d592485f25729e1844870a3d57d63fe9c1295fc2c4a374508f359a7e9b062348c6c807322f1a2dc887a20ff1b8e951b103698492504dd86babc01339f5b0c9bdb01b65514c8df3a61abb7941da84b8005648fa0e5b094e54e56a56e8c840371349820dc3f48ef0fa488f180f57b5c0ad663512467836d6765f6517ebd0172d886430357baec25c709b3abb9c01dda27e2ac7c17cac7511726a39050fe92399e14780e3288ae775612b2c4baaa032af561d0356c43175c6263c5d9cbc62f57194c9f76fb5293e86d9a95a641325013dee98067d513525eb5d2f7cb5783915d0917faee635bcdab95a61592fdb1de202c439dba37a235e3888134249044519732701111385b9c91c2fc96b039d6483c6d1bba2223cb0f612c3f7c6dc62bf64a04b349a0fab73290acbb15ce1cfaa15c68d896493e67dd9a518782b35fe141a4d70bf33e97a616c51193b711b04a40c9634bb62726f748572155667146d311016880c670067c653e9a8dc0bc32865adbf41ba99f19b2dd9ac7998bfc8679c689a05a5038042885742a68ef84c429984588995a6cee077c3a099caa7a5d3761cb4411d1dab8fe7258c75903ef515b6b0629ff659436ff687e6625d2080671e0cbe0cb624bf8b367e780452ea3713804e083aa6e0c7adc15618cf223b3587a364320d56c58be8f037f89cae0be209ded78cbae29ed73767ede6793f0051cd5692f63661a257ccd9d859a92ac08784070bfa7ede4577e7ab1ff6c7b159089b8dbcc5ba56357b2659a7a04c8748a86991b2b775c2015a4c12341ebb419e1244396c233c161495366104b8e29979e571c9614fe10c868db56cd934c5b2d04986a70be8dc25d61cb6f0054d5e4000ef72557b712658d962b1e673a07222d59bcbc4e8339bb5b37cc1c2bbd38780f8233843ad420782b4951c3321888fc3b488897c8bab046f79cc456bba9f666ba261284a1285bf1a9a9d274d9b87788c225c0ffa20388183f35817e5825d450a1eee881f94a5a129e688ce6664021356580190a3ec5ed220b8a5878068ec5cd485816f8c1ee05c3c23ec0d0aab7f73aac249142d8992678b38410d41be710a285d3b593a8245e514a870c3c348fa45f99aacc464b399ecc0cb3c306c273e5f4c671b806864120a88c07caa53a550d52c5641203a7927b40631e21344a9337da2d128dbbb5f97b68b8e57cfbb1a67ca7741c60c2533e49ece409b0492a2e81523e6b6ad655a6dd1870b5de3690de3369c898b557886c4877ad1d67a1583bc70502b32a44afb9b60f88838eae005e2703ca26355ddc479bdf1a93756af16b7789a3221fed9a4e468b710035060752e884c56034b768d0a7106a4bebde7622bb46b6649195301192c498bb555c653c42f6d84883be82e8fa56ea303caac534014b6bbf38a9f73283e5a40b36e36c9d8b1a9856aa7d9913b22c40cb103b74853c53c3ab4ce895388aca8584449fae927b16534f48b3aaf350030a8460c8572bcc527f1f62bf1c5a9bb8ccf3ee66f66dc19286782911a6765c72db77ac0e976a2bc114a1b11000000000000000000000000000000000000000000000000000000 1774public_key = d7dab73b47cd1ca43c7e036d41c94f8f31a0de404fa38a1da0992933d752acc0407234883488a581e340bf5a8dd7112099259ebfdb0cb094c8d592485f25729e1844870a3d57d63fe9c1295fc2c4a374508f359a7e9b062348c6c807322f1a2dc887a20ff1b8e951b103698492504dd86babc01339f5b0c9bdb01b65514c8df3a61abb7941da84b8005648fa0e5b094e54e56a56e8c840371349820dc3f48ef0fa488f180f57b5c0ad663512467836d6765f6517ebd0172d886430357baec25c709b3abb9c01dda27e2ac7c17cac7511726a39050fe92399e14780e3288ae775612b2c4baaa032af561d0356c43175c6263c5d9cbc62f57194c9f76fb5293e86d9a95a641325013dee98067d513525eb5d2f7cb5783915d0917faee635bcdab95a61592fdb1de202c439dba37a235e3888134249044519732701111385b9c91c2fc96b039d6483c6d1bba2223cb0f612c3f7c6dc62bf64a04b349a0fab73290acbb15ce1cfaa15c68d896493e67dd9a518782b35fe141a4d70bf33e97a616c51193b711b04a40c9634bb62726f748572155667146d311016880c670067c653e9a8dc0bc32865adbf41ba99f19b2dd9ac7998bfc8679c689a05a5038042885742a68ef84c429984588995a6cee077c3a099caa7a5d3761cb4411d1dab8fe7258c75903ef515b6b0629ff659436ff687e6625d2080671e0cbe0cb624bf8b367e780452ea3713804e083aa6e0c7adc15618cf223b3587a364320d56c58be8f037f89cae0be209ded78cbae29ed73767ede6793f0051cd5692f63661a257ccd9d859a92ac08784070bfa7ede4577e7ab1ff6c7b159089b8dbcc5ba56357b2659a7a04c8748a86991b2b775c2015a4c12341ebb419e1244396c233c161495366104b8e29979e571c9614fe10c868db56cd934c5b2d04986a70be8dc25d61cb6f0054d5e4000ef72557b712658d962b1e673a07222d59bcbc4e8339bb5b37cc1c2bbd38780f8233843ad420782b4951c3321888fc3b488897c8bab046f79cc456bba9f666ba261284a1285bf1a9a9d274d9b87788c225c0ffa20388183f35817e5825d450a1eee881f94a5a129e688ce6664021356580190a3ec5ed220b8a5878068ec5cd485816f8c1ee05c3c23ec0d0aab7f73aac249142d8992678b38410d41be710a285d3b593a8245e514a870c3c348fa45f99aacc464b399ecc0cb3c306c273e5f4c671b806864120a88c07caa53a550d52c5641203a7927b40631e21344a9337da2d128dbbb5f97b68b8e57cfbb1a67ca7741c60c2533e49ece409b0492a2e81523e6b6ad655a6dd1870b5de3690de3369c898b557886c4877ad1d67a1583bc70502b32a44afb9b60f88838eae005e2703ca26355ddc479bdf1a93756af16b7789a3221fed9a4e468b710035060752e884c56034b768d0a7106a4bebde7622bb46b6649195301192c498bb555c653c42f6d84883be82e8fa56ea303caac534014b6bbf38a9f73283e5a40b36e36c9d8b1a9856aa7d9913b22c40cb103b74853c53c3ab4ce895388aca8584449fae927b16534f48b3aaf350030a8460c8572bcc527f1f62bf1c5a9bb8ccf3ee66f66dc19286782911a6765c72db77ac0e976a2bc114a1b11000000000000000000000000000000000000000000000000000000
1775result: pass 1775result: pass
1776ciphertext: 1a2dd390e05984bfc0f55ef96da5050fd9bb03891d4d2ddea46c463aab28fdfaf63d4b2e0c9af992e4f1421efc26ae86c2b296f6851bbe2e898b8bdf4057e875d4a98469b7d2646edb86a5eb5259341e0d14986a8ccf93563bc6ac067f8ff6997c2e7bbd897f02e844f180769fec5af9d6fa017022cb0af622b6e4f7a69d73ab01d3d09067b118d51805e1b6413b7a9e0ef292a6fca18a8828912a2db675f0244cd63d9340aa3ca00dc5d70c915b0061664b1e1d64d3d4dced3ef739302f1063442569efed0dfbe8c019c27823a3aabd865a47600ff9e24f748302bfca1bb60faf4105889a548be9ecaf266d8f02d3aa4997202477a70ee71b6e79dd1609acb4dabab72a38448758d8debf55369c5d3e0870ca193018e0ae6d0ffa33b93e962598b43e89d5978a9d55a608b98ceae5e897363f8a9e253acf8af560c57e07c4c4bde807620b6deb76d581bf92b7f514509446f5c4e4d09430b1855e62854988302c931b9e624644a636ab8acaec56d7673b26852c692e8325fa1b6215f24ebfb388ad1022fedc0bef272c87e10dca97df1e63f1a0e9582daae0f49e30c6acd119f7c4eef59d47443f491df846431cfbd23900341086a304589f52de1d862c26af32095e922b92650c68facfc13892430d428f626fba00cf9501e1e4646e55f5304c806b5acafe100084d7635702139725561522632e7e3871effe883298a7264a411484cdef78f9e721c0e5f3937f2fb7d40bb91620e473f9b97adddea69b3ac682e8aea2513b985fbae268176c1bff90e401a31e729fe8b76d13b5c8c85ed833d9b076b5e11acecbf0e96edcf8ff562255124edbeb5b9117cf486f30d7883aa353b9e433a77ac6912cc8e5093c12385ad926be1d0893afc7e64fb9ec55d3285e01a3ca63f3c07b95399bb4411c3f820f53d8350d1979ee9cc6bbf2d7c92d0cb2fd0a1de910d92589cf1aac29992489bc179676c31ae768869398fda50ff14860a1b4dd3bb2e4ba8b2c87aef7ee00d375956a62dc1e5d548a59f209448e62c4b1221631d4776dd5192154d637217d31feea1c4cb3ef1903b8987f4c184cf3d6b5355ad53c7bd3e0ae5373d9971115698214a93e12b98489cdd75028cf22c1da41096daca95854b35d8bbf7d0d4ca2727aa511eeb6cec5352ed487bd3b00b261cbabcfa9f082ba7300610c6f92725d532a86e00b2ed1929a8be7a342c079835a2285569dca92a808049f170fba39d990884ef39ca511aaf9a713b8d78973b4f4a2fde7ca8b6adbdc5a70241fe3ea7d005b33e48cc9fe6ce5bc2bae0746827e548332adf83f8aa707e703fd688c494136d8dfa50961a9e5b69b542ed6ae0e70ae159df95dd9d4789e284a675fe048585214047f7f6819f7f011141d265de9fd4c04f4ed5dead63fa4c8938b2f42108d263d5394d164b3254294402cbeb48663cf1ab2c296d6ada107e8aa5b505da49af96e1cebc6b302faa148216d38b9e8130cc654974ce299172cb875742e62c32c063ffe7535db2726f65fc8f600d4dbb1a20f 1776ciphertext: 1a2dd390e05984bfc0f55ef96da5050fd9bb03891d4d2ddea46c463aab28fdfaf63d4b2e0c9af992e4f1421efc26ae86c2b296f6851bbe2e898b8bdf4057e875d4a98469b7d2646edb86a5eb5259341e0d14986a8ccf93563bc6ac067f8ff6997c2e7bbd897f02e844f180769fec5af9d6fa017022cb0af622b6e4f7a69d73ab01d3d09067b118d51805e1b6413b7a9e0ef292a6fca18a8828912a2db675f0244cd63d9340aa3ca00dc5d70c915b0061664b1e1d64d3d4dced3ef739302f1063442569efed0dfbe8c019c27823a3aabd865a47600ff9e24f748302bfca1bb60faf4105889a548be9ecaf266d8f02d3aa4997202477a70ee71b6e79dd1609acb4dabab72a38448758d8debf55369c5d3e0870ca193018e0ae6d0ffa33b93e962598b43e89d5978a9d55a608b98ceae5e897363f8a9e253acf8af560c57e07c4c4bde807620b6deb76d581bf92b7f514509446f5c4e4d09430b1855e62854988302c931b9e624644a636ab8acaec56d7673b26852c692e8325fa1b6215f24ebfb388ad1022fedc0bef272c87e10dca97df1e63f1a0e9582daae0f49e30c6acd119f7c4eef59d47443f491df846431cfbd23900341086a304589f52de1d862c26af32095e922b92650c68facfc13892430d428f626fba00cf9501e1e4646e55f5304c806b5acafe100084d7635702139725561522632e7e3871effe883298a7264a411484cdef78f9e721c0e5f3937f2fb7d40bb91620e473f9b97adddea69b3ac682e8aea2513b985fbae268176c1bff90e401a31e729fe8b76d13b5c8c85ed833d9b076b5e11acecbf0e96edcf8ff562255124edbeb5b9117cf486f30d7883aa353b9e433a77ac6912cc8e5093c12385ad926be1d0893afc7e64fb9ec55d3285e01a3ca63f3c07b95399bb4411c3f820f53d8350d1979ee9cc6bbf2d7c92d0cb2fd0a1de910d92589cf1aac29992489bc179676c31ae768869398fda50ff14860a1b4dd3bb2e4ba8b2c87aef7ee00d375956a62dc1e5d548a59f209448e62c4b1221631d4776dd5192154d637217d31feea1c4cb3ef1903b8987f4c184cf3d6b5355ad53c7bd3e0ae5373d9971115698214a93e12b98489cdd75028cf22c1da41096daca95854b35d8bbf7d0d4ca2727aa511eeb6cec5352ed487bd3b00b261cbabcfa9f082ba7300610c6f92725d532a86e00b2ed1929a8be7a342c079835a2285569dca92a808049f170fba39d990884ef39ca511aaf9a713b8d78973b4f4a2fde7ca8b6adbdc5a70241fe3ea7d005b33e48cc9fe6ce5bc2bae0746827e548332adf83f8aa707e703fd688c494136d8dfa50961a9e5b69b542ed6ae0e70ae159df95dd9d4789e284a675fe048585214047f7f6819f7f011141d265de9fd4c04f4ed5dead63fa4c8938b2f42108d263d5394d164b3254294402cbeb48663cf1ab2c296d6ada107e8aa5b505da49af96e1cebc6b302faa148216d38b9e8130cc654974ce299172cb875742e62c32c063ffe7535db2726f65fc8f600d4dbb1a20f
1777shared_secret: 54c35602dafe572b99aedb7069a59c4f7818c860b27a947347657ac1954d6454 1777shared_secret: 54c35602dafe572b99aedb7069a59c4f7818c860b27a947347657ac1954d6454
1778 1778
1779# Rho leads to a matrix with unusally large entries 1779# Rho leads to a matrix with unusually large entries
1780entropy: 3983da6a4615805f6d55c14ba582d59a40e646c7ae77f4835a51afc6c37f11f3 1780entropy: 3983da6a4615805f6d55c14ba582d59a40e646c7ae77f4835a51afc6c37f11f3
1781public_key = 47340db6d04313d3a689b357566b9743cace5d5b906a39249f1c2bcdf335f37aac2565932631ac318bbb7ca75db36ac198ac6b15a02173049721d10f7521a52f358f35f3719269a695a4b0fa03b32d8a209aa12a5d786d8dea4ba05498ba222eadd647dd5a397e655ed309883d76326231a6764a7ba4226567022d70fa20cc53a045cc5a1fc54abe0189a4a2b6bf8a969d61706944bc59c6add2992b6e562e9732973d32b97956203dbc523803ca0a462ae118633483cab85c645ee3ad51682c0596378dea5e93bc7ab652648cf1954745172a75c2bf6a3177a7841b089b6ee911149871a9d987c6d499b6e0c4d15c9b74685401b680d3e112d6d70bdad6a3f9954b0057335ca36823328ac4e124d55b9932d548f58b85a32844e9f0260d8a4339285ab46152bbc05a967c5f16072f16178687b0bc06b621f5a4a14ef86b9cf1bade0185c5c52b3f2c407479467e5516ab9a1128260317605d4db250e8f4b59bf28a6ac2606d280af28664b75092fdea1fe9374976722dff579728e121fc1944891c586625a880a7bd154aace3e919b841b1f5f8c0fb841d1eac1fb18002ece216d42cb401dc1681836c1198653456c9392944054200a3b95b986a396d443a306b66018b525fbbb042e662ec108f6b872749d3287440c12bd07d1061a524a01ad7342d74f8a4b76222c5a439eef4235d51c9494602f6624dee256ea7fc09ceba9877f9332bf195c43502ee43c75e78720c306c2fa47f4ef6b7d69038dbcb8272b334c98cb665b306c04252fad3559eda4b96c14bf50b78d4a9a37081a2d61cad33b3b9418bba25409fbf4a5bb3c775a43b39520b37b5b82191b4983398858bbb0c6c8031b9736a5f76cab0e647443cb6d983a5e0a6c27756cbf471baa17870015566db8c8a51aba969e976a1c6cb2be166f20680893950ddf09cf8e3827a2a884a7a65d61c7c70a522d17ac0939625fe63958741255b012712e76fa8da809a8cb447d730d4097bd3e86471019dc8897bfc82c3804a76a38919f7cb50ce79bc13ec4bdda215bda9789503aa822c71ad8107a35818a7cb055b303338e465933565b94950c11836e8e33ae8093b0aa0c5d5d555cbec5eb4190eecaa1525014e8a341e9400180937afeb126c278a5bc4713fe9c417c50c1e47c8756fbb6a6b265bdffb4c1456c5b7d7a895b6932dd9a55623341354549283ccfb36abb3068b2db7348bdb1172318357bac12422ab93a32b453bcc0faa4e8e595b05a145e614aded6bb77278bd78907b828b18a22aabea48bdd69cab061522a618cf39406f6c78cb983354384415d8b857cb451e01b24f489a3133070d775307fb61a0f6d56d1255c4d4e18c62e57d8422080cebc919b81e67c4304cdb560ab16d929413af650a53f870e8017e90096452ca3ea648ca644010d34bb79c5898b775b197189a55840f43371dd9cccb7b4a28a66309a515658f06acdddc47042acee250a37632b42af51adf1c0666902fe0acbfc8f59127753a40161de4ca07a5c8bec0d8ad3141487da4a842147b9de945e4962699033375548d680b88ae8354d6114efe284517778eb9b7957eecaf5b4165424a5f82f100d02b7d39968b98f69c2cea1a0b39394f49265b492ea8f4000000000000000000000000000000000000000000000000000000 1781public_key = 47340db6d04313d3a689b357566b9743cace5d5b906a39249f1c2bcdf335f37aac2565932631ac318bbb7ca75db36ac198ac6b15a02173049721d10f7521a52f358f35f3719269a695a4b0fa03b32d8a209aa12a5d786d8dea4ba05498ba222eadd647dd5a397e655ed309883d76326231a6764a7ba4226567022d70fa20cc53a045cc5a1fc54abe0189a4a2b6bf8a969d61706944bc59c6add2992b6e562e9732973d32b97956203dbc523803ca0a462ae118633483cab85c645ee3ad51682c0596378dea5e93bc7ab652648cf1954745172a75c2bf6a3177a7841b089b6ee911149871a9d987c6d499b6e0c4d15c9b74685401b680d3e112d6d70bdad6a3f9954b0057335ca36823328ac4e124d55b9932d548f58b85a32844e9f0260d8a4339285ab46152bbc05a967c5f16072f16178687b0bc06b621f5a4a14ef86b9cf1bade0185c5c52b3f2c407479467e5516ab9a1128260317605d4db250e8f4b59bf28a6ac2606d280af28664b75092fdea1fe9374976722dff579728e121fc1944891c586625a880a7bd154aace3e919b841b1f5f8c0fb841d1eac1fb18002ece216d42cb401dc1681836c1198653456c9392944054200a3b95b986a396d443a306b66018b525fbbb042e662ec108f6b872749d3287440c12bd07d1061a524a01ad7342d74f8a4b76222c5a439eef4235d51c9494602f6624dee256ea7fc09ceba9877f9332bf195c43502ee43c75e78720c306c2fa47f4ef6b7d69038dbcb8272b334c98cb665b306c04252fad3559eda4b96c14bf50b78d4a9a37081a2d61cad33b3b9418bba25409fbf4a5bb3c775a43b39520b37b5b82191b4983398858bbb0c6c8031b9736a5f76cab0e647443cb6d983a5e0a6c27756cbf471baa17870015566db8c8a51aba969e976a1c6cb2be166f20680893950ddf09cf8e3827a2a884a7a65d61c7c70a522d17ac0939625fe63958741255b012712e76fa8da809a8cb447d730d4097bd3e86471019dc8897bfc82c3804a76a38919f7cb50ce79bc13ec4bdda215bda9789503aa822c71ad8107a35818a7cb055b303338e465933565b94950c11836e8e33ae8093b0aa0c5d5d555cbec5eb4190eecaa1525014e8a341e9400180937afeb126c278a5bc4713fe9c417c50c1e47c8756fbb6a6b265bdffb4c1456c5b7d7a895b6932dd9a55623341354549283ccfb36abb3068b2db7348bdb1172318357bac12422ab93a32b453bcc0faa4e8e595b05a145e614aded6bb77278bd78907b828b18a22aabea48bdd69cab061522a618cf39406f6c78cb983354384415d8b857cb451e01b24f489a3133070d775307fb61a0f6d56d1255c4d4e18c62e57d8422080cebc919b81e67c4304cdb560ab16d929413af650a53f870e8017e90096452ca3ea648ca644010d34bb79c5898b775b197189a55840f43371dd9cccb7b4a28a66309a515658f06acdddc47042acee250a37632b42af51adf1c0666902fe0acbfc8f59127753a40161de4ca07a5c8bec0d8ad3141487da4a842147b9de945e4962699033375548d680b88ae8354d6114efe284517778eb9b7957eecaf5b4165424a5f82f100d02b7d39968b98f69c2cea1a0b39394f49265b492ea8f4000000000000000000000000000000000000000000000000000000
1782result: pass 1782result: pass
1783ciphertext: bc07d2caff561b4645e3878d1de0730a88c05f46348526829a396f05a0a00603f0e2fc79e13beaacbe903827c20d9d687f3fb4eb2a8e9335459fb21380b8bf3734518778d8cfae9524ead1427c6a2dc379ddd2e985e2977bb63e932ed59c83a8b9a593e2adba0cc5f106620fc8c6c4cba5106bfdb4105def0c1d7b6800327cacb964e1d4ebbddfaa15b279115a1d05754c0c8a715fc2fe5aa09af7b96d5a93e758458aa5af8cba03b942f4d3c0fbbc2a45d3f7af5818d67219a72f4f538883ee2d3e507e2dbf4f7748446443bb71bfbb4eff0f57d8154d29f5cb26cfb52c51b676e9b1ac08786d5f475cbbfb49697a748b7902a83da49d285a48c7e9cae74b66a30b02a353a287b40a66a0663e7a71adab7d03272f2ec32d47097d4c303396db3e7b7a947f467a70646777cda227d72310806107b5dc16cfb36918e88784524e3a46c30242a40811593aa8f72c742f885a9623534753b2bac5e29110a1a854646abe1c0337251e85987aa612f3a095409a5a632af14acd19491577223c278b18a9c3ffa7f72ae49b89df6dc45ebb2803ece96cfa94ef9ef5b24fbe686ff90d130d3ae953a4f9ee6581a346b0612f84cb6ccad4fe94a53602817d67c61a9604d288319f5933f4a97dcc6ffc36cf14db593fe27f873be712186a6695d949d4552dab37e36e2e0ced229ea9dccd6d3bae22f9fb888ef400b594ec08a15972e8d2478e50f11947b52bf384c731b0e50dcd4ba116abab8af3b880c54badb11d83b4266d3e5fc25c2c8dbbba12fee2fa5c2017987f31277a67ac702b8dbe110894a8c81011c7c662ce9ab96a2e25cf5056a3e202dbf6bd5bef2347537f7811637e932d13ce02283d48d032c284b6cfb84fd813b6c3421017a7527eafcd3fbc5d4324b5351b30abcf1b366f424a8a0b5edf6bc1f3e8702b03eff875687c6caebd7bc15f1118696cc63859e3aab75aa9acc58484da7f2bc9a120844e4830429c0eee2b2324890bde302bc93f661edd9c04e1183528482f9950654e8c267234245aa9482d94e90e00e929b65431f986e7bb34524cc41f4b4443646713c7abe6c4131a2d67f3bf42f0a7f2eddf82b5c08a94d99a0a7d14c1b0b375fc158b7d4276eab22efb438f0d0a9b30e9dc127026181e42643af8da0b24bd10a532069392724948ad722b25477b481006fc1fd030aa62b217e6695dd4c7ad34dbfb75aff1df5774b061a4ea8526e9bcdf9679405c0d2e40dca00c9e80840e832fd663596dc55f602d094253893405a02d4414f119d23c4544cf832888db5ae8494dd2e8ee357753515d929b8a37b5b45446ffac20fb204b5c937f6344c453ffa449fe839b4afe1da61301057338fe29df93aa962a7374a2ec181ffff9252c8af5c3f75ebee02fba58a76066df4c6acfd5d1c18390652eb2f469d35dd708e63a498c08c5241b2717333904ba0e6e0845dca8c9608f28bd1046805cf7b220498145b23cb18184a259458dd2fbaeb1c383005a0d289562b0a9daf7d1e320aa302fd3d9a02c65fa901d46d4 1783ciphertext: bc07d2caff561b4645e3878d1de0730a88c05f46348526829a396f05a0a00603f0e2fc79e13beaacbe903827c20d9d687f3fb4eb2a8e9335459fb21380b8bf3734518778d8cfae9524ead1427c6a2dc379ddd2e985e2977bb63e932ed59c83a8b9a593e2adba0cc5f106620fc8c6c4cba5106bfdb4105def0c1d7b6800327cacb964e1d4ebbddfaa15b279115a1d05754c0c8a715fc2fe5aa09af7b96d5a93e758458aa5af8cba03b942f4d3c0fbbc2a45d3f7af5818d67219a72f4f538883ee2d3e507e2dbf4f7748446443bb71bfbb4eff0f57d8154d29f5cb26cfb52c51b676e9b1ac08786d5f475cbbfb49697a748b7902a83da49d285a48c7e9cae74b66a30b02a353a287b40a66a0663e7a71adab7d03272f2ec32d47097d4c303396db3e7b7a947f467a70646777cda227d72310806107b5dc16cfb36918e88784524e3a46c30242a40811593aa8f72c742f885a9623534753b2bac5e29110a1a854646abe1c0337251e85987aa612f3a095409a5a632af14acd19491577223c278b18a9c3ffa7f72ae49b89df6dc45ebb2803ece96cfa94ef9ef5b24fbe686ff90d130d3ae953a4f9ee6581a346b0612f84cb6ccad4fe94a53602817d67c61a9604d288319f5933f4a97dcc6ffc36cf14db593fe27f873be712186a6695d949d4552dab37e36e2e0ced229ea9dccd6d3bae22f9fb888ef400b594ec08a15972e8d2478e50f11947b52bf384c731b0e50dcd4ba116abab8af3b880c54badb11d83b4266d3e5fc25c2c8dbbba12fee2fa5c2017987f31277a67ac702b8dbe110894a8c81011c7c662ce9ab96a2e25cf5056a3e202dbf6bd5bef2347537f7811637e932d13ce02283d48d032c284b6cfb84fd813b6c3421017a7527eafcd3fbc5d4324b5351b30abcf1b366f424a8a0b5edf6bc1f3e8702b03eff875687c6caebd7bc15f1118696cc63859e3aab75aa9acc58484da7f2bc9a120844e4830429c0eee2b2324890bde302bc93f661edd9c04e1183528482f9950654e8c267234245aa9482d94e90e00e929b65431f986e7bb34524cc41f4b4443646713c7abe6c4131a2d67f3bf42f0a7f2eddf82b5c08a94d99a0a7d14c1b0b375fc158b7d4276eab22efb438f0d0a9b30e9dc127026181e42643af8da0b24bd10a532069392724948ad722b25477b481006fc1fd030aa62b217e6695dd4c7ad34dbfb75aff1df5774b061a4ea8526e9bcdf9679405c0d2e40dca00c9e80840e832fd663596dc55f602d094253893405a02d4414f119d23c4544cf832888db5ae8494dd2e8ee357753515d929b8a37b5b45446ffac20fb204b5c937f6344c453ffa449fe839b4afe1da61301057338fe29df93aa962a7374a2ec181ffff9252c8af5c3f75ebee02fba58a76066df4c6acfd5d1c18390652eb2f469d35dd708e63a498c08c5241b2717333904ba0e6e0845dca8c9608f28bd1046805cf7b220498145b23cb18184a259458dd2fbaeb1c383005a0d289562b0a9daf7d1e320aa302fd3d9a02c65fa901d46d4
1784shared_secret: 7e1b4195e9cb70e6884d3d00f0b3f0a66b4d8c00ce112e1e79a1dd236ab62b26 1784shared_secret: 7e1b4195e9cb70e6884d3d00f0b3f0a66b4d8c00ce112e1e79a1dd236ab62b26
1785 1785
1786# Rho leads to a matrix with unusally large entries 1786# Rho leads to a matrix with unusually large entries
1787entropy: 2676b8426b9d6a30af007094bb76d65d388c2b3da938215dd6f6987206400e13 1787entropy: 2676b8426b9d6a30af007094bb76d65d388c2b3da938215dd6f6987206400e13
1788public_key = ddabceea01649d9c6588d68c05e93cb6959fbe348468cb6e7f482d2b0507a097625325a7ff5740086bc203410414845a177c578698b313842dd2737d79806fdc8aa4ad8b91b514b6aab60885a49be68ba60d05891dd1cb47c1850b0105ec15a95c93136f22a170e346d2256a0cea672941335423cde35492967759b4317981c34fb0d759a2b08aeb411c362b2630c4b8ef342cf844206d7a5a3934bdfda95ba9fac912fb1844a0bb62041868ba0e3660a5551951b39880eac2959b5028eaa765492416ecf7a05102450eb20eb2a28be460972066b41ac87abcc28b38a7c92d91779e0c7cc8b42f107b48269521edf0c558a1b767536d295c3a7e60b9de6a8f299563be7c4d33d33940234af8c7764b181fb7b5af1dc88e4e830725533656520af7344e4ab40f6df34a90a898c672b854021d0631c1b1e9999d8176b22a5ce829a240642e19472e635a83c5086f87872f72a62e5fa038481a6861141227666f9203675db45a444c6310518d86a9221c9b6bedd753bb7914f7995e39031963ea056536a96c9b14598c95652091dba9210168467d7388b73770aa905052645eaa877c6f8a45acbb775d080521479314e214a5217835667dc2cc67dac17b0103b1049a03585b30631c6dac53b6d4056e5877786b295fe94c8804b57a027609bee938a8812666d12345e04c92469463443fad1c2188c951cfc6a06c3b8c3ad8856ef26a67b7841428a1f5b69a3fb82cad843a55645b78219d6de824701b0b1f192d4f816f45032b1cd5b465d33b3a9cb2fb04cb271a3cc74a8bf7ab6ac7a00e8ce6a0486c660680219c6ace0917b31595584f4756c9c5273ee36c37d25d5da146e57613edd34795b9cf61bbb7ebc441d575631215a87c4070159136348854c297cf3ca44fb2814448e30eb2c555aa2393bee966ceec0221a278f048aaa6d09b1d801aa0fb369ae4480f051329390af222712c61a59f98a31a03ba90c1a6c34c1c98c0be7bf59fd717ad9894786acb1cd081405c66a2e79a1fd77cad853761461c99218aca3cf4920703654fb9529c106f41a78b259294709bbc91679d0442bb383c28d64683ebdc7b94f4592c8ba2c1126c9dba9377040d3a124176fa33a3905cbb96764bc89a69480b74e38f558b422ef22e390bbc76e048c01129c97c26125bb2f86c4bcd274816265d8c41167223b0a22406d2a193ad3b1083b0cb75f9542e55b9aac02845f59618b5aa580b5b2bb44c192a906ce61b8c368278618d8ca8409fc02bb9b097acb208e3c2a9b651a316b70cafe6b9bdb32ad794b4f018b66ce55639e5558f5a3990475794bcaa06f17093d490fa583e6fd9596b40958359a30f813b940b1e1e4223d3857cfea691eeca944de845c2fb502e35a5f1a3750454593fe1c41662a3b3da407aa269c43167acc98f5f3c662d6177d3594d0cb800087c6a525c586d86c12e941b046625d90c8ec6dc8a5c546abb19a0b585aef39379db926691124265103bbb49cfc4e9100c803b4ef68a904273a6c899e48609bca003bcea9cf82203d52b5f9b65c409ba9503b3b16c7077465aae45d2cd4ada79ca43a9e99a124b7c9fa24a323f6c6bc18b81d9a6161191561f3776740b539479582a46bd913ad73e09000000000000000000000000000000000000000000000000000000 1788public_key = ddabceea01649d9c6588d68c05e93cb6959fbe348468cb6e7f482d2b0507a097625325a7ff5740086bc203410414845a177c578698b313842dd2737d79806fdc8aa4ad8b91b514b6aab60885a49be68ba60d05891dd1cb47c1850b0105ec15a95c93136f22a170e346d2256a0cea672941335423cde35492967759b4317981c34fb0d759a2b08aeb411c362b2630c4b8ef342cf844206d7a5a3934bdfda95ba9fac912fb1844a0bb62041868ba0e3660a5551951b39880eac2959b5028eaa765492416ecf7a05102450eb20eb2a28be460972066b41ac87abcc28b38a7c92d91779e0c7cc8b42f107b48269521edf0c558a1b767536d295c3a7e60b9de6a8f299563be7c4d33d33940234af8c7764b181fb7b5af1dc88e4e830725533656520af7344e4ab40f6df34a90a898c672b854021d0631c1b1e9999d8176b22a5ce829a240642e19472e635a83c5086f87872f72a62e5fa038481a6861141227666f9203675db45a444c6310518d86a9221c9b6bedd753bb7914f7995e39031963ea056536a96c9b14598c95652091dba9210168467d7388b73770aa905052645eaa877c6f8a45acbb775d080521479314e214a5217835667dc2cc67dac17b0103b1049a03585b30631c6dac53b6d4056e5877786b295fe94c8804b57a027609bee938a8812666d12345e04c92469463443fad1c2188c951cfc6a06c3b8c3ad8856ef26a67b7841428a1f5b69a3fb82cad843a55645b78219d6de824701b0b1f192d4f816f45032b1cd5b465d33b3a9cb2fb04cb271a3cc74a8bf7ab6ac7a00e8ce6a0486c660680219c6ace0917b31595584f4756c9c5273ee36c37d25d5da146e57613edd34795b9cf61bbb7ebc441d575631215a87c4070159136348854c297cf3ca44fb2814448e30eb2c555aa2393bee966ceec0221a278f048aaa6d09b1d801aa0fb369ae4480f051329390af222712c61a59f98a31a03ba90c1a6c34c1c98c0be7bf59fd717ad9894786acb1cd081405c66a2e79a1fd77cad853761461c99218aca3cf4920703654fb9529c106f41a78b259294709bbc91679d0442bb383c28d64683ebdc7b94f4592c8ba2c1126c9dba9377040d3a124176fa33a3905cbb96764bc89a69480b74e38f558b422ef22e390bbc76e048c01129c97c26125bb2f86c4bcd274816265d8c41167223b0a22406d2a193ad3b1083b0cb75f9542e55b9aac02845f59618b5aa580b5b2bb44c192a906ce61b8c368278618d8ca8409fc02bb9b097acb208e3c2a9b651a316b70cafe6b9bdb32ad794b4f018b66ce55639e5558f5a3990475794bcaa06f17093d490fa583e6fd9596b40958359a30f813b940b1e1e4223d3857cfea691eeca944de845c2fb502e35a5f1a3750454593fe1c41662a3b3da407aa269c43167acc98f5f3c662d6177d3594d0cb800087c6a525c586d86c12e941b046625d90c8ec6dc8a5c546abb19a0b585aef39379db926691124265103bbb49cfc4e9100c803b4ef68a904273a6c899e48609bca003bcea9cf82203d52b5f9b65c409ba9503b3b16c7077465aae45d2cd4ada79ca43a9e99a124b7c9fa24a323f6c6bc18b81d9a6161191561f3776740b539479582a46bd913ad73e09000000000000000000000000000000000000000000000000000000
1789result: pass 1789result: pass
1790ciphertext: 79efa2d537baa2b87a787317162d3dbcb40cb3c25f540ddb91aea6cea9870bbc5a5f86f8900b913fd4154bcfc7c8a463b9b66118c502ddad539186fcb079664f44a5363cc8d80d6a4c09f28cf8952157526cfef7bad2fc2cb69ff03ac39e37d47faab64cf54f63919303badeaab9e59df7040511ae335c5230e46e00a666b994d647d11cb032e7ee235b5e18b1894621ae93ee129823334580381b857cf0360196cb75180410f9fe7558d0e189502a5dbac5b4f0597cb3d1d201f89de26f7b4ec0d200a418a26cfb82cd4496c3ee22f6eb60f3ad2e1af981c238da13063d1746d65f77ce0ef30894468b687b31443c7acacfc3b3878fc9ec56878e7bd1a9f72ecb1706a4e5face0a83282cbc2bd15c89afbe3c97dfaf395a96ffbe1a3f75af03311afc69dbc01b11ffed2aeb8906505e910105806febc6e1298fbb5c0bf501232b888b7e8b285953d250b866a20cfdc7833a732966b3a03485ae2852d0a3fbeec6dfd0ec8015db5de69e55f091e956ab4392834c5128417105541b1145b27175fe35efbf3102277b35e42bd83aac25e25da6c55c28a03b9e2a8135871b4cc49fbfd5598c9eaa2482f249c0b6332a6999306be55921a3016499bc63a072a6e9eac894a3ec209177d07208d0d271c47f8065d0facd2e975011944f7884088768fdc053cf86f31f6d348222c06467fcf8ce0d404a2558e8cc422521a4e249549037d3e8a29e03a9a9bb511d9ffef4c5185a380d874732c9e862a6e8fa3fb72b213dab2ad0d91b047440b1d334660067566e6d2e14765d8fd0a45b9b8e8566419a6d7138e5a106c31b1278d50027d152bc8658d7045cb2297bb8382585b38be2d5fafaa7e8c867c74be013793874f181a9798193dee26fd5812eb469d1b842a969cda65d3440c67b00e6d1c3ae8630165499c1b4cf3153fb5731916ab779a2562ec62637d747d61342d832aed330e5cd794de900fa507d4b5fbdbc5f3ec1aa69d0319b3644d46d9502d435c1b5a329c0d3524611a145e3024595e91c2afd577a422d59d4d54a430f439534003be467b6f018736c4bebceaf7c83c799c2b7745ce7498dc84b9e455b96410dba1a0a5720fe703b7c0d859a42445eee7ca3353f294438a7d463fc3e98f4403f93b5fc4add88cc22db7bba150a2988639ba96cba8e2a0c980c9bf8cebdb5beb262d79e86cceb774750cd9a192ae93d85e60722ec6590beb7df8e4d036837c97dc05c7964dab00034683a576da5b51aa8a0622edc27975978c7daf1b942285572b09c170dd332a99bbf703d84becc6a96373fd1c0b355f063e4c2c6e59f5437802676000a819b9b99418df893b98a8e6ca22d95da2c151fb24a3a0e5944ac4ca6376e6c281b275589a3907c0473282967a121f1792d09a15e9d71e71e73f9f627ef0dd478061cf053af434b0663624c3bbafe0f37d7a32504e9c686f41bf48e287aaa8fadb73fece907f26a9576611ab2176a58e5c1f3e98ec0248a15774434c2a81c7a8f57f9950b83c0d3770d17c4e57582387d6f19bd 1790ciphertext: 79efa2d537baa2b87a787317162d3dbcb40cb3c25f540ddb91aea6cea9870bbc5a5f86f8900b913fd4154bcfc7c8a463b9b66118c502ddad539186fcb079664f44a5363cc8d80d6a4c09f28cf8952157526cfef7bad2fc2cb69ff03ac39e37d47faab64cf54f63919303badeaab9e59df7040511ae335c5230e46e00a666b994d647d11cb032e7ee235b5e18b1894621ae93ee129823334580381b857cf0360196cb75180410f9fe7558d0e189502a5dbac5b4f0597cb3d1d201f89de26f7b4ec0d200a418a26cfb82cd4496c3ee22f6eb60f3ad2e1af981c238da13063d1746d65f77ce0ef30894468b687b31443c7acacfc3b3878fc9ec56878e7bd1a9f72ecb1706a4e5face0a83282cbc2bd15c89afbe3c97dfaf395a96ffbe1a3f75af03311afc69dbc01b11ffed2aeb8906505e910105806febc6e1298fbb5c0bf501232b888b7e8b285953d250b866a20cfdc7833a732966b3a03485ae2852d0a3fbeec6dfd0ec8015db5de69e55f091e956ab4392834c5128417105541b1145b27175fe35efbf3102277b35e42bd83aac25e25da6c55c28a03b9e2a8135871b4cc49fbfd5598c9eaa2482f249c0b6332a6999306be55921a3016499bc63a072a6e9eac894a3ec209177d07208d0d271c47f8065d0facd2e975011944f7884088768fdc053cf86f31f6d348222c06467fcf8ce0d404a2558e8cc422521a4e249549037d3e8a29e03a9a9bb511d9ffef4c5185a380d874732c9e862a6e8fa3fb72b213dab2ad0d91b047440b1d334660067566e6d2e14765d8fd0a45b9b8e8566419a6d7138e5a106c31b1278d50027d152bc8658d7045cb2297bb8382585b38be2d5fafaa7e8c867c74be013793874f181a9798193dee26fd5812eb469d1b842a969cda65d3440c67b00e6d1c3ae8630165499c1b4cf3153fb5731916ab779a2562ec62637d747d61342d832aed330e5cd794de900fa507d4b5fbdbc5f3ec1aa69d0319b3644d46d9502d435c1b5a329c0d3524611a145e3024595e91c2afd577a422d59d4d54a430f439534003be467b6f018736c4bebceaf7c83c799c2b7745ce7498dc84b9e455b96410dba1a0a5720fe703b7c0d859a42445eee7ca3353f294438a7d463fc3e98f4403f93b5fc4add88cc22db7bba150a2988639ba96cba8e2a0c980c9bf8cebdb5beb262d79e86cceb774750cd9a192ae93d85e60722ec6590beb7df8e4d036837c97dc05c7964dab00034683a576da5b51aa8a0622edc27975978c7daf1b942285572b09c170dd332a99bbf703d84becc6a96373fd1c0b355f063e4c2c6e59f5437802676000a819b9b99418df893b98a8e6ca22d95da2c151fb24a3a0e5944ac4ca6376e6c281b275589a3907c0473282967a121f1792d09a15e9d71e71e73f9f627ef0dd478061cf053af434b0663624c3bbafe0f37d7a32504e9c686f41bf48e287aaa8fadb73fece907f26a9576611ab2176a58e5c1f3e98ec0248a15774434c2a81c7a8f57f9950b83c0d3770d17c4e57582387d6f19bd
1791shared_secret: 2522e72d308dc9d7d701e0b024af9e15627572f13573b27c406fa750df9636fd 1791shared_secret: 2522e72d308dc9d7d701e0b024af9e15627572f13573b27c406fa750df9636fd
1792 1792
1793# Rho leads to a matrix with unusally large entries 1793# Rho leads to a matrix with unusually large entries
1794entropy: 319c51bcb76124b92f39820a5653c0ecfba79ec91d632b0488f4020e5df4e37a 1794entropy: 319c51bcb76124b92f39820a5653c0ecfba79ec91d632b0488f4020e5df4e37a
1795public_key = e2c1184862562b91806efa62f1b72a8ec43e70663de1f66a59687ae0cc1d9de1ce69244fccb0841b4b1de2e964e29408094a1ac0a9b4daa836e94454ebb942c6e9ac66f39abae73f61a99834292ada3c824bb53c8e67912a07377da92e63087f8d947f59d94a842b7aa8832b2c3c1aa957577f55027e76c106f86946f036804671b0e0416cf62e70eb8194d88030e2b38585181c4ab1fd8165a821bd68dc8fb3b403016ba5fd129bb9d23182029c4a292433087632816c009a237a608e65cbae17d688a326bd6c1ab4634576fdab2322b983f29c3e63b31303cc386bc90641c84965572c49a91f4e8258764834f38ca7f869cddbb10674d4296e5205ad805ac48462d3b31a9e6067fc0a27470aa593b896c3c319357b9bdf0632bf0786fadb0ac242609462a06f82460ea75762a678fcb07c350649d13c24c9e33200c9ca0e9bb87dd2c8578c7c4e27b1b75681a0b6aec6a55e767c4e14820f2ea609a16b862d5695556b0937f53e0ae370086c8f771295b1a09f0003a07bf512c4272f7241752a6603f8f51ea9a088e5263a59eb0b13b87a1d2929c2c29557681f180261f46c294de4aeaf380ca5f79efa2c64ed3131272ba489494ddbea14c69c46fd6346a7ec9f72d89559435e139a67bc3240bca29b3774127dd85d53c20bef719724612c462bc598c54738c87a00a9cb8c4b44e4e7ad4573afd9324fcab820cbf2091fd83fea52adc1b82b3f6c86369aa358498197631a20d40c790c2ddc66b0871c1ef882305bd978055bb934467d3ffc0359c2b31748cb19f615a63262fdf695f555be1ac432126b08e4a97acc18b8606ab6adc5cbe4589389e1121d737ba2b3a84d02bfbaa669f3a06b1be13fafd42a1773c830749cad35456e956c0ee64a5fcc46f1763c3b0c0d3de5c296a28f61194ae72979add8c7ce710d4ee846af81cba3e18d5e459addea9fb565b010e9ceed5798155227dcab155984635d7539d68c9f0d30537ce8b573b6bef1170540d0c10528737d6a5b219b2d96e5709a721b40536ee3c416fcec0bdba013b0fc0e786c9765d312692a80a5c9a3d65a6662788d194722d63b4bdcaa700e4c3daeb911e4d45674c3720be35269a21c0717a4c3aa2f3e1ab4f20a885cac44228138ebb70bb4548dedf8678d2163c339c1a9c719c2f1a51748571358c1451b0ced7b90109c98591126fbe57e1c913b5a935eff14450a22c4a108108b99b6efcc9bfd8438b5024677144885f1886ba068a6191ae17b9ffac1087bc94badf510095baa7167a7fe245a89a2a627d2631706a15d5aa081d037a4101b217c1c45fa0d83dc790447121cd9a533592cf8ac424de8770b45307f0aab484467c4acaa82a5669f7621e8ca42ec0b9222766b52775173b288ff5b01d70a60a853aa44917b8cd09a4b666138e91a3206c97877c96d690957b58553018f55f168c1c51bd9a48ae762a65dc73f366c79e77c42e793750924bcc1472cd5e552e20868a42047593842619c2e0fd40a3c7bba9557bb5c71185430a0158b9b95d04fefa266005141ffb4ba5160a5eee1499c09b11c549bc88cc501dc94a0a5828ee8a776a2a4aba3bafd410cc8354216cc3a93a457e9847af39b898b04b60a0c661a72a2df2b000000000000000000000000000000000000000000000000000000 1795public_key = e2c1184862562b91806efa62f1b72a8ec43e70663de1f66a59687ae0cc1d9de1ce69244fccb0841b4b1de2e964e29408094a1ac0a9b4daa836e94454ebb942c6e9ac66f39abae73f61a99834292ada3c824bb53c8e67912a07377da92e63087f8d947f59d94a842b7aa8832b2c3c1aa957577f55027e76c106f86946f036804671b0e0416cf62e70eb8194d88030e2b38585181c4ab1fd8165a821bd68dc8fb3b403016ba5fd129bb9d23182029c4a292433087632816c009a237a608e65cbae17d688a326bd6c1ab4634576fdab2322b983f29c3e63b31303cc386bc90641c84965572c49a91f4e8258764834f38ca7f869cddbb10674d4296e5205ad805ac48462d3b31a9e6067fc0a27470aa593b896c3c319357b9bdf0632bf0786fadb0ac242609462a06f82460ea75762a678fcb07c350649d13c24c9e33200c9ca0e9bb87dd2c8578c7c4e27b1b75681a0b6aec6a55e767c4e14820f2ea609a16b862d5695556b0937f53e0ae370086c8f771295b1a09f0003a07bf512c4272f7241752a6603f8f51ea9a088e5263a59eb0b13b87a1d2929c2c29557681f180261f46c294de4aeaf380ca5f79efa2c64ed3131272ba489494ddbea14c69c46fd6346a7ec9f72d89559435e139a67bc3240bca29b3774127dd85d53c20bef719724612c462bc598c54738c87a00a9cb8c4b44e4e7ad4573afd9324fcab820cbf2091fd83fea52adc1b82b3f6c86369aa358498197631a20d40c790c2ddc66b0871c1ef882305bd978055bb934467d3ffc0359c2b31748cb19f615a63262fdf695f555be1ac432126b08e4a97acc18b8606ab6adc5cbe4589389e1121d737ba2b3a84d02bfbaa669f3a06b1be13fafd42a1773c830749cad35456e956c0ee64a5fcc46f1763c3b0c0d3de5c296a28f61194ae72979add8c7ce710d4ee846af81cba3e18d5e459addea9fb565b010e9ceed5798155227dcab155984635d7539d68c9f0d30537ce8b573b6bef1170540d0c10528737d6a5b219b2d96e5709a721b40536ee3c416fcec0bdba013b0fc0e786c9765d312692a80a5c9a3d65a6662788d194722d63b4bdcaa700e4c3daeb911e4d45674c3720be35269a21c0717a4c3aa2f3e1ab4f20a885cac44228138ebb70bb4548dedf8678d2163c339c1a9c719c2f1a51748571358c1451b0ced7b90109c98591126fbe57e1c913b5a935eff14450a22c4a108108b99b6efcc9bfd8438b5024677144885f1886ba068a6191ae17b9ffac1087bc94badf510095baa7167a7fe245a89a2a627d2631706a15d5aa081d037a4101b217c1c45fa0d83dc790447121cd9a533592cf8ac424de8770b45307f0aab484467c4acaa82a5669f7621e8ca42ec0b9222766b52775173b288ff5b01d70a60a853aa44917b8cd09a4b666138e91a3206c97877c96d690957b58553018f55f168c1c51bd9a48ae762a65dc73f366c79e77c42e793750924bcc1472cd5e552e20868a42047593842619c2e0fd40a3c7bba9557bb5c71185430a0158b9b95d04fefa266005141ffb4ba5160a5eee1499c09b11c549bc88cc501dc94a0a5828ee8a776a2a4aba3bafd410cc8354216cc3a93a457e9847af39b898b04b60a0c661a72a2df2b000000000000000000000000000000000000000000000000000000
1796result: pass 1796result: pass
1797ciphertext: b0e578cabf9deab616e52934955f42eec74bde5ea98acb022c427e08232142dd08f9120eefe5f455c8f120e672cb68f3a146c3aa457b637d0901fe2b4cd45e8b208e06823b8aae09778cd00fff5bed5232d219a2c33645f2dc30593e591f697118a8472eadbce05c9fbbc5d4b717b880065173cc0854182555376dbbe39194e4204067358808c890e5fe96028921fca344e3500b615f2201a1c4e4d13dcc889cc9b1ac72429074c21a52f4c78ea2c467d65cd2c9ed682f21f31b27af4eb5cad33dd633185bf32e726fe6e57b03168803f693bd85f5a9f2c3ec6944e9ded2b8f3270a89139ce50ba6ded6bc6b0be8893f44aa5856acda60dc1c4c0834d45574ecb6183d6e59a183c0125ff45c718be2cf85b5ce6daae6e37336ea63856561f1bd4404df725d5ed9263038d1c623b2e1aeb35924b79de474407168834891af783fe5d83a631eb14d7cfa949d698ffa45e7d8c46ed4abf75cc666b78526c9b95ebb2920c77c56227eae6c893b57f9f463ff2ebc9acddb2f7ad543c5b2259047a4cc87ad05c08bbf02e8bb267bc490c4b67106fb598d42135c927fef3397f4c3f6838776787f23a9759dd3214075e79eb3929932becde84e82c257e4638a19e1e3312cfe09d4ac681d653d749c8fa6efa6dac35ad59399f1e233540fa354681ca55db90007039b7e504e2e4082aa3e4d672019741aa02a281454d4e1c73a1c7d0b5449c2e143ceaa3b18cb9a74a89f1ba74963dc5dd4155a356211277af3a267947700a2cfd84a605ab02d37bd6faa8a26b50f7b3d9bdc79913272c31dcc0f0183d05933a9f233504ddee2dd851529667ec5174a3d23bfca197538ebacda36bc29ca675384c0b3f45e4f67fb66d8dd4aa57b7da50ead391e6b663af173e7f4d46139f5d0f4cea84dd32e4e718967c6b93617271224f2fb3a1ca5febff5f26c4edc60e9acdd9e464ebb4571dced645814e1038a50515a7e06501adb2de19fec4119dec7548c41097964c3151226153ccac24abd1415579ba1c37c805a5827332d97ba90713829fb30b7b09b275d75bc10d4a26b33980a0ccd4b00844d9f379551bd0170ee895286526ea9625a72b6cb8decd9cf18e57262f8102a025025e8168465a65a7c7e4d5fc8742781acdc16171085d51dd5ec9f4f71f58cfaf4557a55d07e7c164ccf7eb427145c7f9a800e9bd9192ec0f74d19fc17d3881b1d55e8600aa55abf78fd1e226d9dd6e8da2bea15712f5f43325d4b9c083d6e37d35c043f2bc8c796ade072555263331bee7fffa54e2099135ea363575847abb770322376cbfd3f1b7980a1857c55fc82aa80bdcd701c7b7d66221f08492efb5438a04d041b485bcb61f6fd306e96cfe758d99ca1cee70b200eedee86145fe37ab7aafcfbb2df694361fe9923e754187c3277cc895c4a53732ee118c7b6156b55b30847a6e828b7069a5d4be623abff66ba87bff49294dd9b1f698ba445d610973d052a80691c9968e3179aa3eea5b0bccb3cf674c5cfe7d2c14d7b6daa7a4813abcd56ef930099 1797ciphertext: b0e578cabf9deab616e52934955f42eec74bde5ea98acb022c427e08232142dd08f9120eefe5f455c8f120e672cb68f3a146c3aa457b637d0901fe2b4cd45e8b208e06823b8aae09778cd00fff5bed5232d219a2c33645f2dc30593e591f697118a8472eadbce05c9fbbc5d4b717b880065173cc0854182555376dbbe39194e4204067358808c890e5fe96028921fca344e3500b615f2201a1c4e4d13dcc889cc9b1ac72429074c21a52f4c78ea2c467d65cd2c9ed682f21f31b27af4eb5cad33dd633185bf32e726fe6e57b03168803f693bd85f5a9f2c3ec6944e9ded2b8f3270a89139ce50ba6ded6bc6b0be8893f44aa5856acda60dc1c4c0834d45574ecb6183d6e59a183c0125ff45c718be2cf85b5ce6daae6e37336ea63856561f1bd4404df725d5ed9263038d1c623b2e1aeb35924b79de474407168834891af783fe5d83a631eb14d7cfa949d698ffa45e7d8c46ed4abf75cc666b78526c9b95ebb2920c77c56227eae6c893b57f9f463ff2ebc9acddb2f7ad543c5b2259047a4cc87ad05c08bbf02e8bb267bc490c4b67106fb598d42135c927fef3397f4c3f6838776787f23a9759dd3214075e79eb3929932becde84e82c257e4638a19e1e3312cfe09d4ac681d653d749c8fa6efa6dac35ad59399f1e233540fa354681ca55db90007039b7e504e2e4082aa3e4d672019741aa02a281454d4e1c73a1c7d0b5449c2e143ceaa3b18cb9a74a89f1ba74963dc5dd4155a356211277af3a267947700a2cfd84a605ab02d37bd6faa8a26b50f7b3d9bdc79913272c31dcc0f0183d05933a9f233504ddee2dd851529667ec5174a3d23bfca197538ebacda36bc29ca675384c0b3f45e4f67fb66d8dd4aa57b7da50ead391e6b663af173e7f4d46139f5d0f4cea84dd32e4e718967c6b93617271224f2fb3a1ca5febff5f26c4edc60e9acdd9e464ebb4571dced645814e1038a50515a7e06501adb2de19fec4119dec7548c41097964c3151226153ccac24abd1415579ba1c37c805a5827332d97ba90713829fb30b7b09b275d75bc10d4a26b33980a0ccd4b00844d9f379551bd0170ee895286526ea9625a72b6cb8decd9cf18e57262f8102a025025e8168465a65a7c7e4d5fc8742781acdc16171085d51dd5ec9f4f71f58cfaf4557a55d07e7c164ccf7eb427145c7f9a800e9bd9192ec0f74d19fc17d3881b1d55e8600aa55abf78fd1e226d9dd6e8da2bea15712f5f43325d4b9c083d6e37d35c043f2bc8c796ade072555263331bee7fffa54e2099135ea363575847abb770322376cbfd3f1b7980a1857c55fc82aa80bdcd701c7b7d66221f08492efb5438a04d041b485bcb61f6fd306e96cfe758d99ca1cee70b200eedee86145fe37ab7aafcfbb2df694361fe9923e754187c3277cc895c4a53732ee118c7b6156b55b30847a6e828b7069a5d4be623abff66ba87bff49294dd9b1f698ba445d610973d052a80691c9968e3179aa3eea5b0bccb3cf674c5cfe7d2c14d7b6daa7a4813abcd56ef930099
1798shared_secret: 1cffb3d6d9dd9cf90d79fb2c5c974818c5bd6f32ea4d44c302337c4cbea44334 1798shared_secret: 1cffb3d6d9dd9cf90d79fb2c5c974818c5bd6f32ea4d44c302337c4cbea44334
1799 1799
1800# Rho leads to a matrix with unusally large entries 1800# Rho leads to a matrix with unusually large entries
1801entropy: 00ff48b3769ffaf4e91c1c9110eb8ce9e2cb99f060b486b37035407d2f4ca517 1801entropy: 00ff48b3769ffaf4e91c1c9110eb8ce9e2cb99f060b486b37035407d2f4ca517
1802public_key = e8014b4f4687bb6670b1c2a29ba577100943d5b926cb396423663f710328a8b536403530eee05006e7a7cd679ea44c29146494f1775cddd3b43ce6a903283f7890979ee98842d5a76f93777297abffccc0b8faace8f362c081aa435c32a5c31773bc046e61921f1a5707579fe36067588a0f32e2cbf91aa3ca6b38a0e12ffdf8685874869028775fcb7d7fd7a1e37c611316515638a510a13e950960e6f39395e436821165e734837ed575ad510d4fba6c3ad67e039b71a9b6c2a7ac240ccb3742d65b4b1c50a6a1a496995da77921ce33624fc48135e88c59caa47b299605ac1c79009dabb2062e375547ec907590b9bec52c86a6b9e394ba5f02401e4545c462c5f320939075b516c4a5dd0aa5d879456449a115125369584a609a83df8685ed2ab45f038559dc6b0ea170b09680e7e747cc7246b6c182d9199941847d9c1168a84400da2a98215a9e96f6bc869035a8822b27d459cb52147d966e0c354b70ecbe46daa9034074019acdac30055d8a1a02741ed8e602e2cb3185ea44c9e61fab637188554c8b12cc5abb9073b35108f59f6832112ff23b00acb0936594c00c0534a8c4c11cae4787092bf497b60b4a44116156e8368c0c950f3677f6424690803ee92373ed5c13d84c355bf041edcc872965816d6723b344244d0a54f8ecb0f1703ac251293503baac445996a1c9bd6ab851eb52f042692a2b10e4b9b44dc9625973af03fba67a3a93ff849dbea64739f643bfb803ea8653c2b9ab9639614000994bf48a8024c4e61c8a07a5c79b19540084bc7664ad44122e46ca1fbd517c8e68aeb3d835e53846848742a9fc2a4058047969bc11a773e623462c7bac66a34c62db861ef64dedf23c0b7441f6b75b4e60b86fe309b1b7746d558987f6a92cb8513792360ef76cb6548f0813ae8dbac418c25a1d95b06c530d79c6751e7569a2027f8a5354de3a70752764fabc632f3a1bf2473e8aa2a5cf815b3856a89afc122d98ba3f74185a3b2c09049601e23ee226329f024ac2692adccb2018b22a592a450b4a5819b2a498738d29f7145e534e527c859f05ad96cb963314c58a5a6b050ac6ead9adc4782859e3383170cabe4871cfc17a30ea4ac55cb998e77e1a26662a255f99f4ac7b98723341b2c7134adcdcab12a473bfe001127bcb01f84df31384af06171776263085bed1aa3374da7136648608b569a88663d2122e84b4b946b35c1f24a836e924202b7c7828c15507b17f906bc0e4b28c230134d90655696edde11a32c7a70303aaae3363e2a6947b4bccefe9ce62953f92521029959096a8910e71c51b69a0615ac790341c0ac3a574a79d34c11b4a974ffd7cccb05995d4089f8186b545b80a166982cb53123ef644e82897c77889ef91bd8c5a4ed1a4a414389d77307d53487940fa32782061e8458e0c601c884321d121b48ec04bca78c60d39b0c4bc9291945ae18224ec73ab7a451b9cb511bae34a20e326a497cb6ce46b5848c289da630f497ea3975eda79489f18a405e91bde288379f291f538c1a1426cf1634bc033098bbc9958f7af6e408354314e7221c37c1610bf904cf9e7807ad327f0f316761939674867ec7223f06a245711b0d47832b1a699badc8e1217798c0d000000000000000000000000000000000000000000000000000000 1802public_key = e8014b4f4687bb6670b1c2a29ba577100943d5b926cb396423663f710328a8b536403530eee05006e7a7cd679ea44c29146494f1775cddd3b43ce6a903283f7890979ee98842d5a76f93777297abffccc0b8faace8f362c081aa435c32a5c31773bc046e61921f1a5707579fe36067588a0f32e2cbf91aa3ca6b38a0e12ffdf8685874869028775fcb7d7fd7a1e37c611316515638a510a13e950960e6f39395e436821165e734837ed575ad510d4fba6c3ad67e039b71a9b6c2a7ac240ccb3742d65b4b1c50a6a1a496995da77921ce33624fc48135e88c59caa47b299605ac1c79009dabb2062e375547ec907590b9bec52c86a6b9e394ba5f02401e4545c462c5f320939075b516c4a5dd0aa5d879456449a115125369584a609a83df8685ed2ab45f038559dc6b0ea170b09680e7e747cc7246b6c182d9199941847d9c1168a84400da2a98215a9e96f6bc869035a8822b27d459cb52147d966e0c354b70ecbe46daa9034074019acdac30055d8a1a02741ed8e602e2cb3185ea44c9e61fab637188554c8b12cc5abb9073b35108f59f6832112ff23b00acb0936594c00c0534a8c4c11cae4787092bf497b60b4a44116156e8368c0c950f3677f6424690803ee92373ed5c13d84c355bf041edcc872965816d6723b344244d0a54f8ecb0f1703ac251293503baac445996a1c9bd6ab851eb52f042692a2b10e4b9b44dc9625973af03fba67a3a93ff849dbea64739f643bfb803ea8653c2b9ab9639614000994bf48a8024c4e61c8a07a5c79b19540084bc7664ad44122e46ca1fbd517c8e68aeb3d835e53846848742a9fc2a4058047969bc11a773e623462c7bac66a34c62db861ef64dedf23c0b7441f6b75b4e60b86fe309b1b7746d558987f6a92cb8513792360ef76cb6548f0813ae8dbac418c25a1d95b06c530d79c6751e7569a2027f8a5354de3a70752764fabc632f3a1bf2473e8aa2a5cf815b3856a89afc122d98ba3f74185a3b2c09049601e23ee226329f024ac2692adccb2018b22a592a450b4a5819b2a498738d29f7145e534e527c859f05ad96cb963314c58a5a6b050ac6ead9adc4782859e3383170cabe4871cfc17a30ea4ac55cb998e77e1a26662a255f99f4ac7b98723341b2c7134adcdcab12a473bfe001127bcb01f84df31384af06171776263085bed1aa3374da7136648608b569a88663d2122e84b4b946b35c1f24a836e924202b7c7828c15507b17f906bc0e4b28c230134d90655696edde11a32c7a70303aaae3363e2a6947b4bccefe9ce62953f92521029959096a8910e71c51b69a0615ac790341c0ac3a574a79d34c11b4a974ffd7cccb05995d4089f8186b545b80a166982cb53123ef644e82897c77889ef91bd8c5a4ed1a4a414389d77307d53487940fa32782061e8458e0c601c884321d121b48ec04bca78c60d39b0c4bc9291945ae18224ec73ab7a451b9cb511bae34a20e326a497cb6ce46b5848c289da630f497ea3975eda79489f18a405e91bde288379f291f538c1a1426cf1634bc033098bbc9958f7af6e408354314e7221c37c1610bf904cf9e7807ad327f0f316761939674867ec7223f06a245711b0d47832b1a699badc8e1217798c0d000000000000000000000000000000000000000000000000000000
1803result: pass 1803result: pass
1804ciphertext: 3159aa52482f4262cee553f9eb6d853d091a507831f5ed1af37b9c55f217eb1e87e8b0dfb653932c27e9e9f2c4d45cf89e9cfe9ba0d5175be56b7fe3751a4255649cfabdf0cbd5a8704d58511acf6e0580eed572561fab262b24d39c3a430a4e54fca969394037df12fd8cd71b7b6ec3d8f7345b05d4c16c5871b686690cee9804012a3379bbcf720f405c3c83f59aa391cefd8b00a73b41147d42c8b7820b0e779c44e032209067349fa4cd35e83850ae37ee73f96fc6bc5b71ff9b0462604b4e07be60cc76903175b045b908c9b8e7e94c6bc7c48ffd49698873913f9132025e51614317d27a874e319d802923804d1ce1626420d5794bbbe5e077cbd7fa3d958fb2d9608a3d41f605908d21fc7f942e3152337115a28b661f76405620b056692bfcc066f370449628f8e31b7453e5b7b10702f7c195dfb779fb3253f86acbaf4444ba9ce01c9b043133a233030247f8fc44d5b8c9b024ee83c186a62ba9fa5a3e45389217884a478f238d6a9b8eaf3d87b7b4b4375d4d5226dfb80255faab42380365b5511567978be9726d21178eced7294463a348b1e976d800b1114fb8230115b28e51f628a31aa8cf2e3253a7dccaa37f975fa2b8d32a6b6147033cfcbde33ab8857e3a6af95e4cd0db62fc020f55c2d6c9204a05835e2cf878c66502f572016d95b30c45c2ef6048471ad0cb7fe14250dddcb4014c392c22fb1dce1adc8e02f416d3e9b417f41c1b4065b975de472d0e9fd5b3a012ee9bf6311345b4968f6f18262bfc2a38d56d911f9efb981813f77a8a8d6af0618e015b8b005e7ea957f89f140192c7442a645ea7012b5ea2ba9f8cd2fea2ad3e41c6a57582237d53444fceaa933d61eac36d03a2865bfb7f12fd8cf451edb5050a35a75c95dd328296dc32daf61622ce0cc457c5968414b634b3e12a0ce45bbd733e3982c087a037d89cc86d546007bd92eef33949d19dbd4daa18e59c7ea3572bf3155a9a46af527347f4f4dcc2be3cc285d65f2f86c681a137850431ce8d2f76e295e74bd0b3c88f1b68885522dadb99fe1c8e40d938c9610e466770d62c34e9393241907d9cd7bfa470cb8fc149306d9450a7a1887d03cddad3fcdeda1ea54d3f126bb29a1ac3d7c5a60ead90d74ccbf1a75b4289a74a49e0a7c4006ab76a83915ebd4a95a471525444dd2c3e748b1bd347774e2cf01f90f05a1672c58f4f563e4da083e95e0fadd4ba57acebcb45611a3923da1d0d73f5c9a55489fb0097e123694e413460252892a0c6317dcb56efa834f7a51db4a413976afcb30ab4dafbe737f43da11c1b08a2472cdff3995dd7d23382b866873624fedee76823d37ec230dee2107258993d5b802fadeb89c9469a33c66c91567ea92581e0c2c1eaa2e2a4696b024c7c6009687d07769438a8b2ba75a7bfb32841dab8acfb8cbd4d1e26c5eb68bc49bb394b178e6f89dde843f4e2c5353b04390c245a0bddd1aeaefb87528b719fe42b35ad2a89ef34826d9e23f95b1bd3c3b24f785985e10dcaf0eb33f5f71f5cbe55 1804ciphertext: 3159aa52482f4262cee553f9eb6d853d091a507831f5ed1af37b9c55f217eb1e87e8b0dfb653932c27e9e9f2c4d45cf89e9cfe9ba0d5175be56b7fe3751a4255649cfabdf0cbd5a8704d58511acf6e0580eed572561fab262b24d39c3a430a4e54fca969394037df12fd8cd71b7b6ec3d8f7345b05d4c16c5871b686690cee9804012a3379bbcf720f405c3c83f59aa391cefd8b00a73b41147d42c8b7820b0e779c44e032209067349fa4cd35e83850ae37ee73f96fc6bc5b71ff9b0462604b4e07be60cc76903175b045b908c9b8e7e94c6bc7c48ffd49698873913f9132025e51614317d27a874e319d802923804d1ce1626420d5794bbbe5e077cbd7fa3d958fb2d9608a3d41f605908d21fc7f942e3152337115a28b661f76405620b056692bfcc066f370449628f8e31b7453e5b7b10702f7c195dfb779fb3253f86acbaf4444ba9ce01c9b043133a233030247f8fc44d5b8c9b024ee83c186a62ba9fa5a3e45389217884a478f238d6a9b8eaf3d87b7b4b4375d4d5226dfb80255faab42380365b5511567978be9726d21178eced7294463a348b1e976d800b1114fb8230115b28e51f628a31aa8cf2e3253a7dccaa37f975fa2b8d32a6b6147033cfcbde33ab8857e3a6af95e4cd0db62fc020f55c2d6c9204a05835e2cf878c66502f572016d95b30c45c2ef6048471ad0cb7fe14250dddcb4014c392c22fb1dce1adc8e02f416d3e9b417f41c1b4065b975de472d0e9fd5b3a012ee9bf6311345b4968f6f18262bfc2a38d56d911f9efb981813f77a8a8d6af0618e015b8b005e7ea957f89f140192c7442a645ea7012b5ea2ba9f8cd2fea2ad3e41c6a57582237d53444fceaa933d61eac36d03a2865bfb7f12fd8cf451edb5050a35a75c95dd328296dc32daf61622ce0cc457c5968414b634b3e12a0ce45bbd733e3982c087a037d89cc86d546007bd92eef33949d19dbd4daa18e59c7ea3572bf3155a9a46af527347f4f4dcc2be3cc285d65f2f86c681a137850431ce8d2f76e295e74bd0b3c88f1b68885522dadb99fe1c8e40d938c9610e466770d62c34e9393241907d9cd7bfa470cb8fc149306d9450a7a1887d03cddad3fcdeda1ea54d3f126bb29a1ac3d7c5a60ead90d74ccbf1a75b4289a74a49e0a7c4006ab76a83915ebd4a95a471525444dd2c3e748b1bd347774e2cf01f90f05a1672c58f4f563e4da083e95e0fadd4ba57acebcb45611a3923da1d0d73f5c9a55489fb0097e123694e413460252892a0c6317dcb56efa834f7a51db4a413976afcb30ab4dafbe737f43da11c1b08a2472cdff3995dd7d23382b866873624fedee76823d37ec230dee2107258993d5b802fadeb89c9469a33c66c91567ea92581e0c2c1eaa2e2a4696b024c7c6009687d07769438a8b2ba75a7bfb32841dab8acfb8cbd4d1e26c5eb68bc49bb394b178e6f89dde843f4e2c5353b04390c245a0bddd1aeaefb87528b719fe42b35ad2a89ef34826d9e23f95b1bd3c3b24f785985e10dcaf0eb33f5f71f5cbe55
1805shared_secret: fd9e333ac811ae8be12c052c65131e3a7a32ce82e39055012ea564e10acaa85e 1805shared_secret: fd9e333ac811ae8be12c052c65131e3a7a32ce82e39055012ea564e10acaa85e
1806 1806
1807# Rho leads to a matrix with unusally large entries 1807# Rho leads to a matrix with unusually large entries
1808entropy: 4960ccb1276f96d7aa55885b6ae6f90343d42e1391e8241b5952931a979837e1 1808entropy: 4960ccb1276f96d7aa55885b6ae6f90343d42e1391e8241b5952931a979837e1
1809public_key = f6513e1ec8234bc145eba3446eec18b3826b2ae709792648e071a7c4627e4ac7716db5b1d6040ba7b8ac39b347ef721a99c879453846e1aa591b8495e19003df973580d4192cabb72ae2b1f498bae9b3cfffc8bbce09122cd1910a406574106810dc556894777f35316c992f3b902186dba411ca3462b927688c81f7269b7c2770de5aaf90c81f752a3ec77942729a68fcb38a62946c601c945249bf0e280b66764ba71a44134ba84df1400bebccc61456fdf3bf50aa85e8e60f491ac1c1317d831ba5db6601133883fda81115c67fe4691d9df01fd3732b336bbc3899cf067b9e3905294902ca5686480cc94eb4e98260408b4dd060cf4b5344380c89d564b31158ce098ce1e06b91446c4189c6a4d89aa7e81befa900b250a7060406e25725e09399963c5e3e04219d390e6c28983e335646485023312c4d5bcad9aa7ee683b935d71af1908703fa2c9d66c8b6c55049b3319d39c047b5824d04975a9034e8ca1a9e1a5b0bcb222c5b5c848818d14503c31270d4f8446d013d4ecbc250b72dc25934726b426afc85631ca1065ca6e957ba00f1176a6a45b68a5e93274423e642451129ce83b7de439963c0c4e5d8b25f3b74fc053151610b4263725fe51423e886bed19c534165b4cc90fbd67256839b9371290af9853c948251c768e157041ac91fe6649bd1b1855dc417624b8ca0d798b1947c720b3414db56f01500fba30207322ede05612bb6505818a9a68538c9eb98f2b0a83dd38b765891f0d01f1db768d2355fc6b7a47414527c92ba104637072a72a6c0ce74772664e68660c9c0c28347315b17273a6846a79904a04b90a60c5b15973630209d9460365529bb72524404b3d9cacc013b0a7355a7eb2172d317cd356a07e5a341bab7c33db5a48fca4b1600443df6bf441983cc05125f6aa94f114a8c3ccea3f9c498c1126c072f27e97555456114f6bb3244c4698c3f6091864274a16bd82aaf0711eb8c4fd86a11b35b3b8b0528cefc253d7906b6b05382e37428253ebda5b48b6a068354381b24348dec73c279010bd32e41431d139a021a398f0e5c7fc1a98863f069b9d42a96b029455670caa89e0b867781f73fb7549392124485cb032a008d63812f832cab899a8d5d24b403e76d17d6ccb56c729e15abb2e04e32928c9b8971be6a4c70b15bee620eef375489347df7c622d9a803a86c2a9ec5a7a0554ff763912bcb7f57eb8b8633cf6ef39556162eadf8c285b61a53f4837c8c9ef48c3a58b3b6c31b8227c98df0b9057d452df2c258da8a1de1b99449c0054c48a0bc61a2336323367077cee252d366661904b12ea6215b3ba55aab06f60a517704a4046312731325df563cbed805e2c7b2a5848fa1cb97e17a2f926664c2947a2fdb56ed1b3c5e084a680073669b2b9e888ee010410acba461910795958e7c0c98294865cc700315e86a5c54912dc2affc2469244912d8180eab244332a00b7536c4cab62345872dc31ca3c0d2078d07beda4431f278aeaf2482cde53afc56352a894dfe3948fc14956917a4dc836f54369eacd4af052b4aa6b60af5e86bc868be275abd1118a83e5acfdcd4c92a3c2e2b13cce7101a9d303339f0b2dd4a282499579b803ede0b26c75eb8af34000000000000000000000000000000000000000000000000000000 1809public_key = f6513e1ec8234bc145eba3446eec18b3826b2ae709792648e071a7c4627e4ac7716db5b1d6040ba7b8ac39b347ef721a99c879453846e1aa591b8495e19003df973580d4192cabb72ae2b1f498bae9b3cfffc8bbce09122cd1910a406574106810dc556894777f35316c992f3b902186dba411ca3462b927688c81f7269b7c2770de5aaf90c81f752a3ec77942729a68fcb38a62946c601c945249bf0e280b66764ba71a44134ba84df1400bebccc61456fdf3bf50aa85e8e60f491ac1c1317d831ba5db6601133883fda81115c67fe4691d9df01fd3732b336bbc3899cf067b9e3905294902ca5686480cc94eb4e98260408b4dd060cf4b5344380c89d564b31158ce098ce1e06b91446c4189c6a4d89aa7e81befa900b250a7060406e25725e09399963c5e3e04219d390e6c28983e335646485023312c4d5bcad9aa7ee683b935d71af1908703fa2c9d66c8b6c55049b3319d39c047b5824d04975a9034e8ca1a9e1a5b0bcb222c5b5c848818d14503c31270d4f8446d013d4ecbc250b72dc25934726b426afc85631ca1065ca6e957ba00f1176a6a45b68a5e93274423e642451129ce83b7de439963c0c4e5d8b25f3b74fc053151610b4263725fe51423e886bed19c534165b4cc90fbd67256839b9371290af9853c948251c768e157041ac91fe6649bd1b1855dc417624b8ca0d798b1947c720b3414db56f01500fba30207322ede05612bb6505818a9a68538c9eb98f2b0a83dd38b765891f0d01f1db768d2355fc6b7a47414527c92ba104637072a72a6c0ce74772664e68660c9c0c28347315b17273a6846a79904a04b90a60c5b15973630209d9460365529bb72524404b3d9cacc013b0a7355a7eb2172d317cd356a07e5a341bab7c33db5a48fca4b1600443df6bf441983cc05125f6aa94f114a8c3ccea3f9c498c1126c072f27e97555456114f6bb3244c4698c3f6091864274a16bd82aaf0711eb8c4fd86a11b35b3b8b0528cefc253d7906b6b05382e37428253ebda5b48b6a068354381b24348dec73c279010bd32e41431d139a021a398f0e5c7fc1a98863f069b9d42a96b029455670caa89e0b867781f73fb7549392124485cb032a008d63812f832cab899a8d5d24b403e76d17d6ccb56c729e15abb2e04e32928c9b8971be6a4c70b15bee620eef375489347df7c622d9a803a86c2a9ec5a7a0554ff763912bcb7f57eb8b8633cf6ef39556162eadf8c285b61a53f4837c8c9ef48c3a58b3b6c31b8227c98df0b9057d452df2c258da8a1de1b99449c0054c48a0bc61a2336323367077cee252d366661904b12ea6215b3ba55aab06f60a517704a4046312731325df563cbed805e2c7b2a5848fa1cb97e17a2f926664c2947a2fdb56ed1b3c5e084a680073669b2b9e888ee010410acba461910795958e7c0c98294865cc700315e86a5c54912dc2affc2469244912d8180eab244332a00b7536c4cab62345872dc31ca3c0d2078d07beda4431f278aeaf2482cde53afc56352a894dfe3948fc14956917a4dc836f54369eacd4af052b4aa6b60af5e86bc868be275abd1118a83e5acfdcd4c92a3c2e2b13cce7101a9d303339f0b2dd4a282499579b803ede0b26c75eb8af34000000000000000000000000000000000000000000000000000000
1810result: pass 1810result: pass
1811ciphertext: 5ab063c95a541d1be3fa0744e0db7e0ece17b6b47cca0fa41d08e7969fe87de63f319f80b9a31ff01e203de6e518e62e6133edd108e5a3e08d3f8ae0556cfd36b399dc1ebf3b229bc5013d06d7550512280bad2b27657d3ca0679d9fc62f0bf875dd0b326008a89b4f29e97211ee7ec75108a9e4a320a34daed15fd7ad394a1747e4e35bbe4f1118703c330aea81bef3e3883fd41c3efc3423ab46b553c7587894ad64db57bb0fe4d289d54c8ba78d40683bdf6330ccecbacd3f7f41541f1f2b1a7626d3969df6586b4214c02f921451f6adc04f5e8de1e3beda82e4aebc5e06abb33f4cd8a3b3b5741617b6a385739133cf5b77dd5607a5c8721d5b51c6c0b6df551a5b440082093f49f31910a04e4226b9ae6f41383672e0694bc4075207034e39c40668aa3174cfc8a75fb1a474485e9aff01f3572a5c7e4914e7519344c8ce7b81377d8c2af66bebc558359601b21beb984c1f00564d46585b4bf02c958c6b348642be25119b12f34a6e5755588f649837ba53c0efaa4c6c95d109a4ce1f761c1dcecb84cce8376cb1c4e34ff932408ccd2d06f20c5397f6277bf9c3234b20cedd45afecb7e87793d85af15909546c6ee41987f36d85865c8c1e281e13d9575abb9a9f215c08d89420535f73643dc584707deb7d5275252e862393fb6493f9e126c651b7981f26af8daf978153fa4476d615183bf147629fe36de7cceaa670dab930ba8a684b0bee24b55961ea556123b34e29491704d2122e46bed0f6fd50601e13a5d46c907b915f3b8e695e0bbf474aab6e082d156e79e59572731b48338892f2268dcbb8fc21cfd537979278ceb210fe3efd052365fa249c97e8e596ae6225839e5b8b296770f3b42240b8727a0a730534d0f42f8c6ef148fc04e4285e1aecf060c3666fc17a1ff794f584b26b0b1c41f0fcca249935cd411a151932b09402016a99832850b3f56c4846145738f709f5e11e28a90d9137e4e43f03dd1ddb6565c67c2a138aca59e8aebcfa61984bc7ac13a60ddd2c1f0fa84fcf9264ad5049c888b9f555e024f0fa685474e083025da168e3b9c4ad91f074e7e711f84bb808604114e09d1ceb83b697cc0f045b5089b0bf7381ff2efc08e7316ddb7eb7be47a1d82cf533ea898e668f0da124d2e87fef2b558f877b50b13a08641c74e2726b19fa7c0f33ab213f403c328ea60d08c07155ca0c19bb75f7f6716de89e34c20f9d15ba8aebcb98e9b6461477f56f9c65ea7e8744a4d7306e216f806ea8f9f1dc45781c1adba44319031fb9e81c6d33bb317d959bc53a677270f13d96da19833965aea9a18172f6f975bc4d03036b1239e7c315ecacec35cc0f788be1220c0497844fe7c989fff5ef7fcdf89c261a0fed3915cbfae94b1fba22827daaaaa0f968f1ac71e9772aed587d607d5d3f57c1500b6e08760e0b971c1999d01553bf87f55fbad96ce61d0750d75180623543f40e5b0cee74bb429edbed1b4c2a3e1aab86c8dc7381afb0b9e7d4151a3f76b7dec4199b97304d7b3845788e19126e 1811ciphertext: 5ab063c95a541d1be3fa0744e0db7e0ece17b6b47cca0fa41d08e7969fe87de63f319f80b9a31ff01e203de6e518e62e6133edd108e5a3e08d3f8ae0556cfd36b399dc1ebf3b229bc5013d06d7550512280bad2b27657d3ca0679d9fc62f0bf875dd0b326008a89b4f29e97211ee7ec75108a9e4a320a34daed15fd7ad394a1747e4e35bbe4f1118703c330aea81bef3e3883fd41c3efc3423ab46b553c7587894ad64db57bb0fe4d289d54c8ba78d40683bdf6330ccecbacd3f7f41541f1f2b1a7626d3969df6586b4214c02f921451f6adc04f5e8de1e3beda82e4aebc5e06abb33f4cd8a3b3b5741617b6a385739133cf5b77dd5607a5c8721d5b51c6c0b6df551a5b440082093f49f31910a04e4226b9ae6f41383672e0694bc4075207034e39c40668aa3174cfc8a75fb1a474485e9aff01f3572a5c7e4914e7519344c8ce7b81377d8c2af66bebc558359601b21beb984c1f00564d46585b4bf02c958c6b348642be25119b12f34a6e5755588f649837ba53c0efaa4c6c95d109a4ce1f761c1dcecb84cce8376cb1c4e34ff932408ccd2d06f20c5397f6277bf9c3234b20cedd45afecb7e87793d85af15909546c6ee41987f36d85865c8c1e281e13d9575abb9a9f215c08d89420535f73643dc584707deb7d5275252e862393fb6493f9e126c651b7981f26af8daf978153fa4476d615183bf147629fe36de7cceaa670dab930ba8a684b0bee24b55961ea556123b34e29491704d2122e46bed0f6fd50601e13a5d46c907b915f3b8e695e0bbf474aab6e082d156e79e59572731b48338892f2268dcbb8fc21cfd537979278ceb210fe3efd052365fa249c97e8e596ae6225839e5b8b296770f3b42240b8727a0a730534d0f42f8c6ef148fc04e4285e1aecf060c3666fc17a1ff794f584b26b0b1c41f0fcca249935cd411a151932b09402016a99832850b3f56c4846145738f709f5e11e28a90d9137e4e43f03dd1ddb6565c67c2a138aca59e8aebcfa61984bc7ac13a60ddd2c1f0fa84fcf9264ad5049c888b9f555e024f0fa685474e083025da168e3b9c4ad91f074e7e711f84bb808604114e09d1ceb83b697cc0f045b5089b0bf7381ff2efc08e7316ddb7eb7be47a1d82cf533ea898e668f0da124d2e87fef2b558f877b50b13a08641c74e2726b19fa7c0f33ab213f403c328ea60d08c07155ca0c19bb75f7f6716de89e34c20f9d15ba8aebcb98e9b6461477f56f9c65ea7e8744a4d7306e216f806ea8f9f1dc45781c1adba44319031fb9e81c6d33bb317d959bc53a677270f13d96da19833965aea9a18172f6f975bc4d03036b1239e7c315ecacec35cc0f788be1220c0497844fe7c989fff5ef7fcdf89c261a0fed3915cbfae94b1fba22827daaaaa0f968f1ac71e9772aed587d607d5d3f57c1500b6e08760e0b971c1999d01553bf87f55fbad96ce61d0750d75180623543f40e5b0cee74bb429edbed1b4c2a3e1aab86c8dc7381afb0b9e7d4151a3f76b7dec4199b97304d7b3845788e19126e
1812shared_secret: b4b4634ad37852e19175ccfb5eca50093291da8f76b86be7511379188bc20d92 1812shared_secret: b4b4634ad37852e19175ccfb5eca50093291da8f76b86be7511379188bc20d92
1813 1813
1814# Rho leads to a matrix with unusally large entries 1814# Rho leads to a matrix with unusually large entries
1815entropy: 456be124e7f43803de5f734ea016455d68164a7f054c003f4ef49e46f42dd8d0 1815entropy: 456be124e7f43803de5f734ea016455d68164a7f054c003f4ef49e46f42dd8d0
1816public_key = b0abba905c1559715f25f720b7b745a52332355154e60577e598c754b6346b335b0195ac305268bae78bb4617807ca4666738ca81515bb041d43a4188003c52ac4ae4b3808d8c755d3e99d00537249d39d4cc02ed9f98ed4106895666c47538f79e30f5104adab1540a1fc58d1a857a1a4611257be37e0327491aa4b543aa6322ef7816a5c9a55eb3bc8604b15540b62c3405b861a84218211c20bc3d35a8a506b0153306fa98b9488a7841d85197c170f84c380098077e42cafdf1913df369f37f3291ec47289710c57f152b74572c23324f83618fd281f5e41976e77097a570a991b3bc623ad6331a1bb34673b1c328319758ed731ca2981b50a5a2cf8c66d31b10e88c95ffc27c3b6aabe8b207e6cb4373464b1b83f4a5a9806449bf7fb622360bf9f098b56729c5738191d57492b377ca8f989a87922a7368d724b07b7e36133620fa0735d60f5be8b51c19ed1655de5108681cb27273d511c643b7867516c2982a74f62e4cb759bb1f5f0808cc90e1baab60365722293bb07841803076504d00e6fbaae853749fc322e3458810ea41d832b35bf05a10e62a4ff8317b506b9af7216c445663c9061cc62914b0b72b5989d7d9c2b761c2fc5a28b5839bee5596c0de25c10a15776447e17770edb666249a2310962152059c5ed5738741a29e899072427891fb53606ab8b5dd06c005d239adb7bc368b10b74508c45c4aca726fe59c7729cc1ad617236e1b75c760e47815df33297c084429ca371c16c5761c9a23ebbcc2cb43ae9734ba9495d5a86a89e75aef50b9e73470d8d9974cf27a961c0cb2c180ff36140818b005f05afaabc86d8b8bf5c2a62f0632ebeca0c9c567514c9311ba6216fb13f1603c77656cced520d977ac75031044c8790d1b4c97dd38b2aa43dd8808a79e406f8e01503db8f7b51cc1e4265ee830461f41cec398251ea60d2c573ec59b4d28b09dc9446bb972f6d134e2e192e987153b39538e1f631bd81b2e65c2c5c68a96d1b78360889efa4c692b7cc374160e8dc485f47a676d77706e047d3e717386bb49cd942e4c05374b3a1cca148535a3ff1085102f4a7077b5f9c7b1a9ed651edb32691037f9388b672a662bc247beed215d51b414d3530c6b0631999663fd7c0e5da7e411c32c506476fd08a09d499ba3c27bbf6a804cc7e8be5c1f3f97d7aac085dbb3bd1076a69db89bc990efe59b00ca943ef8560642176e926af342b48e8002f6d1aa99b58cd013b03e0d285455786b54a4be3c581419730081361c04697b1b2c07df068621213c8ca6554b5982d5a1aaa113ed9343a56101aec68b838a37ef2c8a15d0504c672b278556b40c766c2066ac995caa32676da182545773881545cd58b71d3d7a02a209bc7407f420a830513b9d9d6c93c56571e42c8bf154afa060667a46d13cc542429c9d1a35be012cd3c9abc2bb7484fc89a4a83a20f7c2bb088793dab732ff370cbab614aa851fb77ce176b8f806c4f2e6068235b93d08c39e96badb37a457e8a790b2b8ef00b0b9e941592373fd2caa3ec3477c6c440d0daa755ac0ad2285754ac64b0852086112b0c9794f1657916fc173209a40425afc9b19946c529ca95154f24ca3cda5f9547c429836c377123c6ec000000000000000000000000000000000000000000000000000000 1816public_key = b0abba905c1559715f25f720b7b745a52332355154e60577e598c754b6346b335b0195ac305268bae78bb4617807ca4666738ca81515bb041d43a4188003c52ac4ae4b3808d8c755d3e99d00537249d39d4cc02ed9f98ed4106895666c47538f79e30f5104adab1540a1fc58d1a857a1a4611257be37e0327491aa4b543aa6322ef7816a5c9a55eb3bc8604b15540b62c3405b861a84218211c20bc3d35a8a506b0153306fa98b9488a7841d85197c170f84c380098077e42cafdf1913df369f37f3291ec47289710c57f152b74572c23324f83618fd281f5e41976e77097a570a991b3bc623ad6331a1bb34673b1c328319758ed731ca2981b50a5a2cf8c66d31b10e88c95ffc27c3b6aabe8b207e6cb4373464b1b83f4a5a9806449bf7fb622360bf9f098b56729c5738191d57492b377ca8f989a87922a7368d724b07b7e36133620fa0735d60f5be8b51c19ed1655de5108681cb27273d511c643b7867516c2982a74f62e4cb759bb1f5f0808cc90e1baab60365722293bb07841803076504d00e6fbaae853749fc322e3458810ea41d832b35bf05a10e62a4ff8317b506b9af7216c445663c9061cc62914b0b72b5989d7d9c2b761c2fc5a28b5839bee5596c0de25c10a15776447e17770edb666249a2310962152059c5ed5738741a29e899072427891fb53606ab8b5dd06c005d239adb7bc368b10b74508c45c4aca726fe59c7729cc1ad617236e1b75c760e47815df33297c084429ca371c16c5761c9a23ebbcc2cb43ae9734ba9495d5a86a89e75aef50b9e73470d8d9974cf27a961c0cb2c180ff36140818b005f05afaabc86d8b8bf5c2a62f0632ebeca0c9c567514c9311ba6216fb13f1603c77656cced520d977ac75031044c8790d1b4c97dd38b2aa43dd8808a79e406f8e01503db8f7b51cc1e4265ee830461f41cec398251ea60d2c573ec59b4d28b09dc9446bb972f6d134e2e192e987153b39538e1f631bd81b2e65c2c5c68a96d1b78360889efa4c692b7cc374160e8dc485f47a676d77706e047d3e717386bb49cd942e4c05374b3a1cca148535a3ff1085102f4a7077b5f9c7b1a9ed651edb32691037f9388b672a662bc247beed215d51b414d3530c6b0631999663fd7c0e5da7e411c32c506476fd08a09d499ba3c27bbf6a804cc7e8be5c1f3f97d7aac085dbb3bd1076a69db89bc990efe59b00ca943ef8560642176e926af342b48e8002f6d1aa99b58cd013b03e0d285455786b54a4be3c581419730081361c04697b1b2c07df068621213c8ca6554b5982d5a1aaa113ed9343a56101aec68b838a37ef2c8a15d0504c672b278556b40c766c2066ac995caa32676da182545773881545cd58b71d3d7a02a209bc7407f420a830513b9d9d6c93c56571e42c8bf154afa060667a46d13cc542429c9d1a35be012cd3c9abc2bb7484fc89a4a83a20f7c2bb088793dab732ff370cbab614aa851fb77ce176b8f806c4f2e6068235b93d08c39e96badb37a457e8a790b2b8ef00b0b9e941592373fd2caa3ec3477c6c440d0daa755ac0ad2285754ac64b0852086112b0c9794f1657916fc173209a40425afc9b19946c529ca95154f24ca3cda5f9547c429836c377123c6ec000000000000000000000000000000000000000000000000000000
1817result: pass 1817result: pass
1818ciphertext: 925fde875ae198cfea88c4eeb3a0091897e25a793672df1de3f24ab4fd3edb2cad0b07e698f35dc97bfd1d551fcace3282c8c3d8131857d96ee9986da7b79a02ddc6cfc9fb7f2b809a8e5511b1c1256dbab33e7606d8a5fc048b36f6ee53c7f556efadf94494595a549ca260ac9c45bf9962bf406610ca58dc286a9eeccc447a767b6db3ab009f5848558acea4503de747d72d43218babd6f68c091b4581f4e41f2e850047f5f543a02407e7331202b0eac7bed180061bb53f4dd3504ccbd3f298d96b43bbaf8f0c2545be54c59830e1f343ca88bb9c6812c66bfbb59a6d68298985767a73d34fa69b52cea98d95d8305f97c4d4fd643b56c60fe31e3c2ee7e938ac2e4a5da2297e670931c1dea5fcbe9cf118c62a76a461495f10f640fb416ff7bc2478c0e8a1356bb840345f3d43476bc4cd990eb7f7cde7ccb96452d055397ee402be2ce395a29a4f4061ec3d85b99f086341441022435b636028a1a04c5d787abe1c24a5a55653b7063b1cacdaee40ae0de77b4034b9ac0e860a90c8834b352c71e353c02b1f46b135fa68fa7a5c1c719896987d79f3174b8d0b0c28ed64cf9f2907924497e35bf519d519a9199a4dd68025992c6f466604bb2ec3d7b13eba76e4803fb73bb125b83413998ae86691a0b35c0054e1418898f435ab26cc12a12fd4dcfa9e80887af7ebb6c856a7fc010cfcaef9e1c5a4dc24a91a622fb7307521faff0b8e8e966b7b6ae849ccc75d31c8d700a3b6a9c3f646b2a88d1e9391c2ddc6c9ff15db961874c87dd94bf0165cfc8f719806539a8beb8e28350610461b1252872f0f3ac273b3366abd78d9fe8868dca1a5eecb683ab8b50ced8cf4a5ed3b721e0fe6b205fb191985ca745ff5dae0010493f8296b6586e1c96f7f23fcb4ac4dda15eab811107c977aa0a16439b06986a9027640cf7a01051934dfc758215d22c6f06866d5b871dfdb6ed240a73dfde43f7f89c0ce6909b54b0a633a25f7253c10906166f81ae91a1419028d6182c1f277dc7872b824c7a5a22bc7afc02afeaa9ba4c271ee68882397e6cec34a955cfc672f4e6f5ed870a35ebce97f34542cf0a162938c91922230ee3fe9ed9a166a790ccf450b80cb5f483c3c6ae5b2e52e907824b45e69e5ab38226cbd6519de995e1a62a910fd45ed189540e0b4058ff01edbc6ba4eebd58d55c0e33702de299eb53d6518254b8471f282779533eaaef90602e52373be8b519c56a2f6fac0953c0f84135715c5674e45d15804fb94d9e0525ab493aa625fbf73ebdf74f0a1246e1eb0e4e2e261b24ab81d8da6e1770634c747542450cf0a2af23507f8b6766a16dbb2e67b2c94859228b91eec6c59f5a271902b340320412ae947398ad102073f8b9b8c021f81f786622c3483e61f812aa76232e6f9453eae044c5e918e6e4e0e18a78efaf6cb36f7b75929d0036c44edf928d6efe1ddc87b96288c7c624655d302b98865978ed7bc779c800e6113a0484dd225aef29796c8ba300b3f48dd566fd877dfeb5d25f96da5d07e643c5d 1818ciphertext: 925fde875ae198cfea88c4eeb3a0091897e25a793672df1de3f24ab4fd3edb2cad0b07e698f35dc97bfd1d551fcace3282c8c3d8131857d96ee9986da7b79a02ddc6cfc9fb7f2b809a8e5511b1c1256dbab33e7606d8a5fc048b36f6ee53c7f556efadf94494595a549ca260ac9c45bf9962bf406610ca58dc286a9eeccc447a767b6db3ab009f5848558acea4503de747d72d43218babd6f68c091b4581f4e41f2e850047f5f543a02407e7331202b0eac7bed180061bb53f4dd3504ccbd3f298d96b43bbaf8f0c2545be54c59830e1f343ca88bb9c6812c66bfbb59a6d68298985767a73d34fa69b52cea98d95d8305f97c4d4fd643b56c60fe31e3c2ee7e938ac2e4a5da2297e670931c1dea5fcbe9cf118c62a76a461495f10f640fb416ff7bc2478c0e8a1356bb840345f3d43476bc4cd990eb7f7cde7ccb96452d055397ee402be2ce395a29a4f4061ec3d85b99f086341441022435b636028a1a04c5d787abe1c24a5a55653b7063b1cacdaee40ae0de77b4034b9ac0e860a90c8834b352c71e353c02b1f46b135fa68fa7a5c1c719896987d79f3174b8d0b0c28ed64cf9f2907924497e35bf519d519a9199a4dd68025992c6f466604bb2ec3d7b13eba76e4803fb73bb125b83413998ae86691a0b35c0054e1418898f435ab26cc12a12fd4dcfa9e80887af7ebb6c856a7fc010cfcaef9e1c5a4dc24a91a622fb7307521faff0b8e8e966b7b6ae849ccc75d31c8d700a3b6a9c3f646b2a88d1e9391c2ddc6c9ff15db961874c87dd94bf0165cfc8f719806539a8beb8e28350610461b1252872f0f3ac273b3366abd78d9fe8868dca1a5eecb683ab8b50ced8cf4a5ed3b721e0fe6b205fb191985ca745ff5dae0010493f8296b6586e1c96f7f23fcb4ac4dda15eab811107c977aa0a16439b06986a9027640cf7a01051934dfc758215d22c6f06866d5b871dfdb6ed240a73dfde43f7f89c0ce6909b54b0a633a25f7253c10906166f81ae91a1419028d6182c1f277dc7872b824c7a5a22bc7afc02afeaa9ba4c271ee68882397e6cec34a955cfc672f4e6f5ed870a35ebce97f34542cf0a162938c91922230ee3fe9ed9a166a790ccf450b80cb5f483c3c6ae5b2e52e907824b45e69e5ab38226cbd6519de995e1a62a910fd45ed189540e0b4058ff01edbc6ba4eebd58d55c0e33702de299eb53d6518254b8471f282779533eaaef90602e52373be8b519c56a2f6fac0953c0f84135715c5674e45d15804fb94d9e0525ab493aa625fbf73ebdf74f0a1246e1eb0e4e2e261b24ab81d8da6e1770634c747542450cf0a2af23507f8b6766a16dbb2e67b2c94859228b91eec6c59f5a271902b340320412ae947398ad102073f8b9b8c021f81f786622c3483e61f812aa76232e6f9453eae044c5e918e6e4e0e18a78efaf6cb36f7b75929d0036c44edf928d6efe1ddc87b96288c7c624655d302b98865978ed7bc779c800e6113a0484dd225aef29796c8ba300b3f48dd566fd877dfeb5d25f96da5d07e643c5d
1819shared_secret: d4b9a0f77a52d4f8b9c95951257348d1931725c27eede694ecc09204a931daf7 1819shared_secret: d4b9a0f77a52d4f8b9c95951257348d1931725c27eede694ecc09204a931daf7
1820 1820
1821# Rho leads to a matrix with unusally large entries 1821# Rho leads to a matrix with unusually large entries
1822entropy: e8ac9e76377d67d84f85a142383e777157805be0d0f679ba89cefdfa61583780 1822entropy: e8ac9e76377d67d84f85a142383e777157805be0d0f679ba89cefdfa61583780
1823public_key = 038c5d80656805b427d0b9167abb3697444af88a0f3eb48bf658be44f36b01233902291860215084ec7bb3e170e517c65c623ecf4a488f69923f9045ea18334d5c8ee847381b5a8903a6233796b1def36e46d343cd3547f4a757d82c262278432bd555fb5430e7f936affb453ac1a031c70cb1b3a8f3762dbe226461501d13d10052fb621be30b8ce63ce93591979863816397f0d198a6c534b55213d778ae7bb1a20ef1809ec37b08382c43e82b4a758458d7758d23a350538b3e524d27c9074d1cc4e3e1a17a6b06fd71178c5b18803b1c439b9e903a0d63018d2f765fa7426a0684793ea789c30435657b9aed58886cb8788e14426ea0295da18293024eb1a39eb99a20619a3e2db48a93eb90dbf42b84fbcec1f0b9571946b6f150ef5a672686a30e52be2d536bf3664550f60c99a89b81f3c911784d8a371ebea0b97ff50e2af68f822a72e9a76cf473bcc1cb81fe2a03051771b1c91f1e1a444ab6119c0a83b25a434fd598bc767315881aef9cb4d4c51ceadbb3b1a1142e0b87d5826b161233ce253d2adc9a00bd00e3cc21fff09abd919b54e09ba6b505601a358e50593dfa117eb2b8d7458745a25e7c7321cda0c432aa5bb41aab60eb3dc7e03ce4017b245809a534c3dfa49e97f4474689901e814a97fc0892ca04d0c00e3dfc836b36bbf74256e77525a031160fb3bf8ac31502c049d0a264140104c7488e36a46d23a76f4535b5902677cb98a5abec57b9357b0cb3b36b68349b273a2f8396e6c8594b4a32f0aa8a622378b3ca0426f44443942c02162907b2651ac2168fd1279b040192716bb584211df4ba36cb363b8c3adc39b410977ae3cac26c21470426837a43b821f65d8ee1950c87b4765a034aba1a35579f4148b8c2f39949812cf9d850d5e25be7713ce62ba31366737c03ad45f23e9b226d1835c5ab01c081063dc193630d72821cfa2a56d16108c40ffc483177d075b6a7a1bbf5cac7da0834d755acd10b9b9850a7c97d90a1061ce94efa4b0c0707339dbc7f160a45eeec022815a4494334254c08ade388c07c34e3a07e51ea60fdeb9b20b4b9afdc6c3c2b63e872aac9b2a90b798bc2dc8d585c69c1b33c1d51372c583e835b9ed561c218a2968c044051f8a969a7b2db6a7031d20cc9e024bbaab4385a3ae13ca264c25f6c5b4170b5c0da13044664a10f335ae9045bd6319abe139bb2b8b635bb06e2f48427e256a16a0f71f119230a9acfb19f0fe07c71828063f42a844a5c703aab9a844f689944ead511d8c97127d99429fc87ede190e0fa002261494076b7a10496dbe12919f585685733ae780eab3ac168287aae3842cfb637a94483f68170f6a3092d51b82ef10496a6374572a527aa7a7d1a99315953f625842ec0bc8851180b98cbe411453027c9b8a4a07fc3bbe32b897fc09e5e65a0457556a8b28e5b7c8b28db24e5431893953c912c195ca52db5d125c3f595f2ea75a63b6c83c8cbca257824ac60ce16bb5be02b30488974a22a66d37b19531e3cf17b59bb43d738cea25326dbd6355243ceff3caae98446927351ff623260472f8c7a715016ca5480af5cecc001c6b65f41221b16bfa61863e225709775b5e6393e4b71920c0c539c6bc5ec5c609466000000000000000000000000000000000000000000000000000000 1823public_key = 038c5d80656805b427d0b9167abb3697444af88a0f3eb48bf658be44f36b01233902291860215084ec7bb3e170e517c65c623ecf4a488f69923f9045ea18334d5c8ee847381b5a8903a6233796b1def36e46d343cd3547f4a757d82c262278432bd555fb5430e7f936affb453ac1a031c70cb1b3a8f3762dbe226461501d13d10052fb621be30b8ce63ce93591979863816397f0d198a6c534b55213d778ae7bb1a20ef1809ec37b08382c43e82b4a758458d7758d23a350538b3e524d27c9074d1cc4e3e1a17a6b06fd71178c5b18803b1c439b9e903a0d63018d2f765fa7426a0684793ea789c30435657b9aed58886cb8788e14426ea0295da18293024eb1a39eb99a20619a3e2db48a93eb90dbf42b84fbcec1f0b9571946b6f150ef5a672686a30e52be2d536bf3664550f60c99a89b81f3c911784d8a371ebea0b97ff50e2af68f822a72e9a76cf473bcc1cb81fe2a03051771b1c91f1e1a444ab6119c0a83b25a434fd598bc767315881aef9cb4d4c51ceadbb3b1a1142e0b87d5826b161233ce253d2adc9a00bd00e3cc21fff09abd919b54e09ba6b505601a358e50593dfa117eb2b8d7458745a25e7c7321cda0c432aa5bb41aab60eb3dc7e03ce4017b245809a534c3dfa49e97f4474689901e814a97fc0892ca04d0c00e3dfc836b36bbf74256e77525a031160fb3bf8ac31502c049d0a264140104c7488e36a46d23a76f4535b5902677cb98a5abec57b9357b0cb3b36b68349b273a2f8396e6c8594b4a32f0aa8a622378b3ca0426f44443942c02162907b2651ac2168fd1279b040192716bb584211df4ba36cb363b8c3adc39b410977ae3cac26c21470426837a43b821f65d8ee1950c87b4765a034aba1a35579f4148b8c2f39949812cf9d850d5e25be7713ce62ba31366737c03ad45f23e9b226d1835c5ab01c081063dc193630d72821cfa2a56d16108c40ffc483177d075b6a7a1bbf5cac7da0834d755acd10b9b9850a7c97d90a1061ce94efa4b0c0707339dbc7f160a45eeec022815a4494334254c08ade388c07c34e3a07e51ea60fdeb9b20b4b9afdc6c3c2b63e872aac9b2a90b798bc2dc8d585c69c1b33c1d51372c583e835b9ed561c218a2968c044051f8a969a7b2db6a7031d20cc9e024bbaab4385a3ae13ca264c25f6c5b4170b5c0da13044664a10f335ae9045bd6319abe139bb2b8b635bb06e2f48427e256a16a0f71f119230a9acfb19f0fe07c71828063f42a844a5c703aab9a844f689944ead511d8c97127d99429fc87ede190e0fa002261494076b7a10496dbe12919f585685733ae780eab3ac168287aae3842cfb637a94483f68170f6a3092d51b82ef10496a6374572a527aa7a7d1a99315953f625842ec0bc8851180b98cbe411453027c9b8a4a07fc3bbe32b897fc09e5e65a0457556a8b28e5b7c8b28db24e5431893953c912c195ca52db5d125c3f595f2ea75a63b6c83c8cbca257824ac60ce16bb5be02b30488974a22a66d37b19531e3cf17b59bb43d738cea25326dbd6355243ceff3caae98446927351ff623260472f8c7a715016ca5480af5cecc001c6b65f41221b16bfa61863e225709775b5e6393e4b71920c0c539c6bc5ec5c609466000000000000000000000000000000000000000000000000000000
1824result: pass 1824result: pass
1825ciphertext: 7c06bbeca8b58423e2ad420ec36064ed42c881e3655668f8865a2d643ecd1a4eecf915b6c64b37c98947f06c3ccc8e00bbd16017c246db88cc83f12c887aaad7db61b4d567c285841689169c3f928f1d178a0ddae50d8c46cfd95258667d6239c300595738defd2e806637ca46baa4c6c7b97f1a9b47d53cba9ffe074f88d104c4971d250d085b1800fcbd91584d8cc48e145fc81438290d74765e7ee8c1605e8048b37b9d22b050791fe008b9b84b7f23b0f49955e32c0eef78d7a3a0b2effe8b37d124e19d4cb6f6914204598a525239d9baa116e1c9c39c47f9f37f965941b2aef8519782c65f3ad3a6509d1e31e7efb67db21911e4edeb1f7e9c37b3f852c81d63a95e4775e3f2a8ff315a214680adf44d290e42ebab8ca95bf471140b9d7e03f5e9f97864289a0ae8c9a105e00409f714e413b69be366303b4a138ed51264ab0e5cca5f6dc9387c6608109e8859893efa3bc7384e9f418468b1078807dadb768e254094039d1b807d67353c8e0b5a03d28b8e41ffa0eb3ce0837a132144597908f7a059a097b79a1bac323757324e907b445d064e25c378d2069e7c5d671036871e4fe36705747635e40c6e835319e3ff81714cacc44515d671b703c5581dc76afca0b881f37c1ffc93f2e4afab1e8ac776ca883f3adf7f9ab99396f7e19541c26342a7d5618958523b81871326c357ad84ccc6d3574d97cbd875524e7b08a102263d80f318a48e510c22126568f76936c904c231700ad042d73137eec741c827a082de4a45d296745c55b8367719dd08b8295e38d8d3894b9f8e2f9b483b266e1fc71d6374353ca7d9ed1c6b73ab5a42f6abff7b2ba8fd484d1ae6928b5ea92ea3577be01dc1e88abcd0886eb771dca4d36e91c45bca4807c89736b7d6a927cf64b22c5f323077f5488f6044976f310b4b99f7d486335dcca60571157ac0e480a4dba79a826b4bac3dcb7327a33b16381eb41e1d39915e91a58750ceb71098ec7f1a2d7e44d4bab75bb7482eec277df206502c497eaa345109a145a4da6bed1900b680ad12fb028d33563bfb204ecf66e6ead587c5fe27f8a2eb0e27471925ea0f35eb9d5e53ef801eba3acaaa7790b105eb6128ace992668181c1d7cf203afdccdfefbac67dbd97cad05d499239df84e4cf7372117932c973957e5c70a8520f822be430758990296877df62069d818768513d14df0568be8e63e123bdde35036dcc69a98197f52dfbaae5e5e0cee4a48c67fdda605dad8a27651625c2b35e81dfcacd2a41a6d17f6d7067a67faf2479b3868673b248270f4a2d8ee26de9c787ce966ecf186c1401ad9d3bbf2c43b1d5de32bdd77f5433f4325427254a13985d733ab0863e62a4f3d484ab3f5d3b88f23049079143b058babffc8367cebdd9d2468d7af782979a3ef12841370da6ef2db03679e6bca0db72166c361adfbfc02234119abaf98d4fea8ddc6e8490c2fb5a1be4806a61bc7b36884cf4631cfd53138a23fdda11e597aed323748314282672473a1819ef2b9488f6744544ad 1825ciphertext: 7c06bbeca8b58423e2ad420ec36064ed42c881e3655668f8865a2d643ecd1a4eecf915b6c64b37c98947f06c3ccc8e00bbd16017c246db88cc83f12c887aaad7db61b4d567c285841689169c3f928f1d178a0ddae50d8c46cfd95258667d6239c300595738defd2e806637ca46baa4c6c7b97f1a9b47d53cba9ffe074f88d104c4971d250d085b1800fcbd91584d8cc48e145fc81438290d74765e7ee8c1605e8048b37b9d22b050791fe008b9b84b7f23b0f49955e32c0eef78d7a3a0b2effe8b37d124e19d4cb6f6914204598a525239d9baa116e1c9c39c47f9f37f965941b2aef8519782c65f3ad3a6509d1e31e7efb67db21911e4edeb1f7e9c37b3f852c81d63a95e4775e3f2a8ff315a214680adf44d290e42ebab8ca95bf471140b9d7e03f5e9f97864289a0ae8c9a105e00409f714e413b69be366303b4a138ed51264ab0e5cca5f6dc9387c6608109e8859893efa3bc7384e9f418468b1078807dadb768e254094039d1b807d67353c8e0b5a03d28b8e41ffa0eb3ce0837a132144597908f7a059a097b79a1bac323757324e907b445d064e25c378d2069e7c5d671036871e4fe36705747635e40c6e835319e3ff81714cacc44515d671b703c5581dc76afca0b881f37c1ffc93f2e4afab1e8ac776ca883f3adf7f9ab99396f7e19541c26342a7d5618958523b81871326c357ad84ccc6d3574d97cbd875524e7b08a102263d80f318a48e510c22126568f76936c904c231700ad042d73137eec741c827a082de4a45d296745c55b8367719dd08b8295e38d8d3894b9f8e2f9b483b266e1fc71d6374353ca7d9ed1c6b73ab5a42f6abff7b2ba8fd484d1ae6928b5ea92ea3577be01dc1e88abcd0886eb771dca4d36e91c45bca4807c89736b7d6a927cf64b22c5f323077f5488f6044976f310b4b99f7d486335dcca60571157ac0e480a4dba79a826b4bac3dcb7327a33b16381eb41e1d39915e91a58750ceb71098ec7f1a2d7e44d4bab75bb7482eec277df206502c497eaa345109a145a4da6bed1900b680ad12fb028d33563bfb204ecf66e6ead587c5fe27f8a2eb0e27471925ea0f35eb9d5e53ef801eba3acaaa7790b105eb6128ace992668181c1d7cf203afdccdfefbac67dbd97cad05d499239df84e4cf7372117932c973957e5c70a8520f822be430758990296877df62069d818768513d14df0568be8e63e123bdde35036dcc69a98197f52dfbaae5e5e0cee4a48c67fdda605dad8a27651625c2b35e81dfcacd2a41a6d17f6d7067a67faf2479b3868673b248270f4a2d8ee26de9c787ce966ecf186c1401ad9d3bbf2c43b1d5de32bdd77f5433f4325427254a13985d733ab0863e62a4f3d484ab3f5d3b88f23049079143b058babffc8367cebdd9d2468d7af782979a3ef12841370da6ef2db03679e6bca0db72166c361adfbfc02234119abaf98d4fea8ddc6e8490c2fb5a1be4806a61bc7b36884cf4631cfd53138a23fdda11e597aed323748314282672473a1819ef2b9488f6744544ad
1826shared_secret: c9d0cf3edb1172344364afec3615ba98477ce9316f92ca46ca5f42b73553a9f5 1826shared_secret: c9d0cf3edb1172344364afec3615ba98477ce9316f92ca46ca5f42b73553a9f5
1827 1827
1828# Rho leads to a matrix with unusally large entries 1828# Rho leads to a matrix with unusually large entries
1829entropy: 2fe6b9cf4510f212839e348d671b3345da68a477f57513ce363414e87299a717 1829entropy: 2fe6b9cf4510f212839e348d671b3345da68a477f57513ce363414e87299a717
1830public_key = 7dd722a23522b0d8cb522a67d63a75af305c05f3659bc496f1c47e410582a0e58bbba80751bb2f5ab71414051627f46a78f9708e3139f8950b999378df4709a08b9b511982ab1b2cc4d51d177578ef263c8e12752f914733023d9e8068d4fc1aac34106fa72197f6b4e4bb26ab29ab64d7c848f98ef5557ec2b35edea70b67c084193921d8cb52e132a24372be7046aa2af66696007e2e0830df1c7b4396bcc8f27aca46932c463b49db0ed88882f3a45901a4b96ee3b74e78afb8dbae7bc653be895179f208c27c6ecd60c26e54152aecbc13bb5ece39840574c56fb39fd2385c76d62c59a41b3311702d5a99e366467b6c4f6c252a95db32e5096e61d1ba872924d358b346dc099a485c3df72a94e437a82a6cd778888995c473c203e091309ba42511950c19db3acbc5987259bea952b5a549839f197d7bf64ca0772cc1dc89572a0e04690fe651a79ffb3dc07388c30c06711c6b25572bbc83ba868a379d54c6439754bcd67c9b0364ab3790967a062948084ab33a80ac5971fa99830aa7d1e9263e7087af67ab6a83ab34f405dbd72b3fe46e9f2114e26cc6643b6d3adb9de63090394213e72b64ecbb2242266139579ea9cab2e51868ef82ababaac38e7ca0b9554d665365dd8b0b58f3020cc9218b866955f54d9f7b9af9634ab995a0b5e234fcc78cd1594e1cb8a845ca0cdbc82e3fbb35414c53423b76875ab267a702d51710149061e7655a0168695053aa61b990fa9439883640e7600345033ca90678925b1d632962deaa0ef5642b870610be3387eda90cf608254dc2b000c06632331680e12e9b277597d07633a31f6445318ac7b9cc1b087cb58bddd30a07ea6e1b1429950b7e7efb1a6b88b037c92cf987c904268ce39cba4bd3c163f5a8bdb9698488152a18b02bc98a83fb6c28a55a018b48979660ad5b42281b8745a4bdcb02cabd16735ab1523916adcb031e34ccbf4c50bf61bb7d562804d4104d3f6ac183f447e6608acb0bc40a34ada4897e9a91c542571877931864b612cec01c88010cbe039d42540835422f5900c944c7025ba3365543536d093a68c27abe1175bc227faa590f8fb8ca9ab1a87366574422379fd8659fe5bb5ec76e179666adebcedc7b54f1aa9388b2907a4ba5c48441ad90499c64a57768631d4a961d88976c816adb897da7715a100c75099cc122f3b1df183385673a3bbc98cbb0ccb0b090b3517993815e3f6b26b984bdda32c11947b2fa5411004c2c41f2a646036b86bba618e72be7f97ec6369af5ca2ab2dc9493d9078a0c8598841385205177c80a3be42a31d1166b02cd1dd2871148033c794242962e8645ae2e4867a3e5c74f71a1d978379ad45f7fa5c70066cbfc4cbfbe05cf23612b2dea551cc52dd90a8468ec771ff071371544e96400e288a82e9c9eefe807d6f4903ac567741abeaec9707533b38dd8c4366bb33cf86f77272478e43a2d8061293332c8d805a4516238d5ad1934a9683655674aa6b6d91610d4c82e966d74c41dfe7ac18e993c22d59b2d286a0b5272cd44988510b9b342405757a25731729e934c58c601f5c311a244a24dbcc772088a20dac4c8410167304fda18445f6c6126b9645d4042d6033419d246968848e1f5000000000000000000000000000000000000000000000000000000 1830public_key = 7dd722a23522b0d8cb522a67d63a75af305c05f3659bc496f1c47e410582a0e58bbba80751bb2f5ab71414051627f46a78f9708e3139f8950b999378df4709a08b9b511982ab1b2cc4d51d177578ef263c8e12752f914733023d9e8068d4fc1aac34106fa72197f6b4e4bb26ab29ab64d7c848f98ef5557ec2b35edea70b67c084193921d8cb52e132a24372be7046aa2af66696007e2e0830df1c7b4396bcc8f27aca46932c463b49db0ed88882f3a45901a4b96ee3b74e78afb8dbae7bc653be895179f208c27c6ecd60c26e54152aecbc13bb5ece39840574c56fb39fd2385c76d62c59a41b3311702d5a99e366467b6c4f6c252a95db32e5096e61d1ba872924d358b346dc099a485c3df72a94e437a82a6cd778888995c473c203e091309ba42511950c19db3acbc5987259bea952b5a549839f197d7bf64ca0772cc1dc89572a0e04690fe651a79ffb3dc07388c30c06711c6b25572bbc83ba868a379d54c6439754bcd67c9b0364ab3790967a062948084ab33a80ac5971fa99830aa7d1e9263e7087af67ab6a83ab34f405dbd72b3fe46e9f2114e26cc6643b6d3adb9de63090394213e72b64ecbb2242266139579ea9cab2e51868ef82ababaac38e7ca0b9554d665365dd8b0b58f3020cc9218b866955f54d9f7b9af9634ab995a0b5e234fcc78cd1594e1cb8a845ca0cdbc82e3fbb35414c53423b76875ab267a702d51710149061e7655a0168695053aa61b990fa9439883640e7600345033ca90678925b1d632962deaa0ef5642b870610be3387eda90cf608254dc2b000c06632331680e12e9b277597d07633a31f6445318ac7b9cc1b087cb58bddd30a07ea6e1b1429950b7e7efb1a6b88b037c92cf987c904268ce39cba4bd3c163f5a8bdb9698488152a18b02bc98a83fb6c28a55a018b48979660ad5b42281b8745a4bdcb02cabd16735ab1523916adcb031e34ccbf4c50bf61bb7d562804d4104d3f6ac183f447e6608acb0bc40a34ada4897e9a91c542571877931864b612cec01c88010cbe039d42540835422f5900c944c7025ba3365543536d093a68c27abe1175bc227faa590f8fb8ca9ab1a87366574422379fd8659fe5bb5ec76e179666adebcedc7b54f1aa9388b2907a4ba5c48441ad90499c64a57768631d4a961d88976c816adb897da7715a100c75099cc122f3b1df183385673a3bbc98cbb0ccb0b090b3517993815e3f6b26b984bdda32c11947b2fa5411004c2c41f2a646036b86bba618e72be7f97ec6369af5ca2ab2dc9493d9078a0c8598841385205177c80a3be42a31d1166b02cd1dd2871148033c794242962e8645ae2e4867a3e5c74f71a1d978379ad45f7fa5c70066cbfc4cbfbe05cf23612b2dea551cc52dd90a8468ec771ff071371544e96400e288a82e9c9eefe807d6f4903ac567741abeaec9707533b38dd8c4366bb33cf86f77272478e43a2d8061293332c8d805a4516238d5ad1934a9683655674aa6b6d91610d4c82e966d74c41dfe7ac18e993c22d59b2d286a0b5272cd44988510b9b342405757a25731729e934c58c601f5c311a244a24dbcc772088a20dac4c8410167304fda18445f6c6126b9645d4042d6033419d246968848e1f5000000000000000000000000000000000000000000000000000000
1831result: pass 1831result: pass
1832ciphertext: 83ea5ed982570cd981b7430de924469d4e2faba68e03261a74f5114ab8c448376cfcd1b9cb3e72bb031bf0fefe772bc40888abc6acffc1d335d46d267acde2cb89cf1b3c67a139796d6a5763805d5edcebb81070b44ffe021b6c2b3c6c3d5dfb6d9e546930223ab0139990c6c5d6257520fe394a3aa30c6a71d47f415ac86b68eb8c83b131a3c5cbf051971fef5ef3bda355d3868e71ed8a0e2c6de8a759bc0c9e760277cc2c04c783d29d1ad3d3385accb85cc88c39bc8348f84dd8c714c5feda50b0770414a333136d6678be6ccbc5df488bafdcade883fbb310c99cc648493aed72680fe1e43c0cf523d3dd06417d29dd97c98ce53089505d36a476c0ae6d89b165c3ff6b2c62ba954fb81ac5782ae648a6802bc057c64fabd3726559ba79de9c144aaa525f6a840ed55abf21b37231c6c4cbb0110fdbcd0004f6f4974ec644c33a8aea34ef4a0a146f7502650c3def5a313d2f309cb428880502d3bdf39196a99bee296f9231d87972efd1159d3cf59bea05f0d0373a0e218ee5e0528e1ac7132440980d1153b9423bb2e099d05fbc8241ec1f316bf0add575a69982f546e99c64457c12ac83951ad46a5f024f6a61c91b7d3853ba1fa41d5a95f6ca811610ba3f32addf011ea4091ef217cdd126ec5e45cc40ec6f1292602b16c02718419646370e5b2c7c55c1128fc5d6c767cc75248b79e2379d40f91a8617e8a3db43c42cabb5cd39a7a7969147f30344c4b03de7034b12d8a1c3639697c97c4483e4191ca0fa81d8659f40e31b899b4ef4610644b1314ab2ef14b8dd8dc0082826fe65dc17211572cb14fa376f1b1784a00033c8dcddc44d6a1128a200eea668b6516ba42585cbb2e2be2a42148120013d0a9378ed7c185071fa8fdc09102164c63a665fd09c08d34104c9abb64e394b2e2a00dd834f7c7f5de16f6c02906ae37acc923dd76e530c78f2143396bfc371d14e6c48bec072b6b4e18eeae967456beb3f897a06eae17de174cf09be1435e691350632c0b1eac69dd66549c1d980fb147fa295ca6f21b5dc398e63a7c4263c75b55c85b4f38fbd7cc0fad84aba90dda1f2c9ca88d88905602096162486dba1ed0a8caa6b897c99e25934152a35fd0d476de09fb211abf36565af3744f3fb737247f5d8f172fbf438ed04422a6b3e17bdfe2cb0f09a1d57f1f1a113a768697f23d61ab288f15abc760feb0f5c5d4d5c0b1c891d3dad6089a3b7e54516b8f9755d38430312cf17b21efeeecbfd2719b62480225b9b3ee8940b1f1784ed5630d152635a1233acdd16e5489a9a15eafa7bec99aff25b18d9cac1e726c9e424773a7083f213cea53dcd310b0037aecbde1d584657f32cf548a6872c6f5a1a3a70d4db29ee3773291c94b00b5a596e1691f7752e246ca0960561cd233ec7d5f54496d34ba65b359a856315f02d16c990cdf3db2051b17bf283fed1b808ac79a9ce8250c806896bf75f2cfe76465c09360aba4c9688acea341fe755363abe41c0cba3ebad00c6c7bcc3f7ce091f87079f60094b92 1832ciphertext: 83ea5ed982570cd981b7430de924469d4e2faba68e03261a74f5114ab8c448376cfcd1b9cb3e72bb031bf0fefe772bc40888abc6acffc1d335d46d267acde2cb89cf1b3c67a139796d6a5763805d5edcebb81070b44ffe021b6c2b3c6c3d5dfb6d9e546930223ab0139990c6c5d6257520fe394a3aa30c6a71d47f415ac86b68eb8c83b131a3c5cbf051971fef5ef3bda355d3868e71ed8a0e2c6de8a759bc0c9e760277cc2c04c783d29d1ad3d3385accb85cc88c39bc8348f84dd8c714c5feda50b0770414a333136d6678be6ccbc5df488bafdcade883fbb310c99cc648493aed72680fe1e43c0cf523d3dd06417d29dd97c98ce53089505d36a476c0ae6d89b165c3ff6b2c62ba954fb81ac5782ae648a6802bc057c64fabd3726559ba79de9c144aaa525f6a840ed55abf21b37231c6c4cbb0110fdbcd0004f6f4974ec644c33a8aea34ef4a0a146f7502650c3def5a313d2f309cb428880502d3bdf39196a99bee296f9231d87972efd1159d3cf59bea05f0d0373a0e218ee5e0528e1ac7132440980d1153b9423bb2e099d05fbc8241ec1f316bf0add575a69982f546e99c64457c12ac83951ad46a5f024f6a61c91b7d3853ba1fa41d5a95f6ca811610ba3f32addf011ea4091ef217cdd126ec5e45cc40ec6f1292602b16c02718419646370e5b2c7c55c1128fc5d6c767cc75248b79e2379d40f91a8617e8a3db43c42cabb5cd39a7a7969147f30344c4b03de7034b12d8a1c3639697c97c4483e4191ca0fa81d8659f40e31b899b4ef4610644b1314ab2ef14b8dd8dc0082826fe65dc17211572cb14fa376f1b1784a00033c8dcddc44d6a1128a200eea668b6516ba42585cbb2e2be2a42148120013d0a9378ed7c185071fa8fdc09102164c63a665fd09c08d34104c9abb64e394b2e2a00dd834f7c7f5de16f6c02906ae37acc923dd76e530c78f2143396bfc371d14e6c48bec072b6b4e18eeae967456beb3f897a06eae17de174cf09be1435e691350632c0b1eac69dd66549c1d980fb147fa295ca6f21b5dc398e63a7c4263c75b55c85b4f38fbd7cc0fad84aba90dda1f2c9ca88d88905602096162486dba1ed0a8caa6b897c99e25934152a35fd0d476de09fb211abf36565af3744f3fb737247f5d8f172fbf438ed04422a6b3e17bdfe2cb0f09a1d57f1f1a113a768697f23d61ab288f15abc760feb0f5c5d4d5c0b1c891d3dad6089a3b7e54516b8f9755d38430312cf17b21efeeecbfd2719b62480225b9b3ee8940b1f1784ed5630d152635a1233acdd16e5489a9a15eafa7bec99aff25b18d9cac1e726c9e424773a7083f213cea53dcd310b0037aecbde1d584657f32cf548a6872c6f5a1a3a70d4db29ee3773291c94b00b5a596e1691f7752e246ca0960561cd233ec7d5f54496d34ba65b359a856315f02d16c990cdf3db2051b17bf283fed1b808ac79a9ce8250c806896bf75f2cfe76465c09360aba4c9688acea341fe755363abe41c0cba3ebad00c6c7bcc3f7ce091f87079f60094b92
1833shared_secret: 4bb6a6b27596869efae3d411c69c593afff99b1a703ee1f4ff3e0e7e9756e75b 1833shared_secret: 4bb6a6b27596869efae3d411c69c593afff99b1a703ee1f4ff3e0e7e9756e75b
1834 1834
1835# Rho leads to a matrix with unusally large entries 1835# Rho leads to a matrix with unusually large entries
1836entropy: 86630b4f72820d19e9941784183b3a0d770609becd6fe0dc463cb6edac432d59 1836entropy: 86630b4f72820d19e9941784183b3a0d770609becd6fe0dc463cb6edac432d59
1837public_key = 59b479b444b510d9b6d89b7001b237f4a34c57509f69208c7e6b956144bedc8b2d19b12c1baa725dd106f5418ed943370050808ed2636fa634add059541a7a8c7976b0990e59c20c00343d1c37bc3ab587e312991bb88a74227651b340346c58bbb174ac18c204f37445681bc5905354d834f86016d0921219fb467d829daf24901815666d664b8c4aae307485cb95885b7cb9125a14d4d988d3a42c0816ba7ef14de9b622e08871988b8c02d857626b65065551d5bcc81112384f979cd8d2b9ecb55c6afaa700e92e3ecbb285c01112a19cbdb90b8af135b235914c901e2314902a43c939d065481128f83ac801dc2fa69c912f2b69189736d72414df12646680c9c858a9afaa28b994531960b0f2b82fc6b9c6f10706930786ab5c6b0da61ae813cdb7387c27324499b111c6ca5767056070e608cf421af52cb45a842da82560dd86acf45a7e70245e0b535f7559a9fceb9369c44032c09302438cb4670925c7a831d52f083a7919e575be844d9e6a009957c15e6c5f84f050cc4801561876f9f483ded505b3c77a4a97788358801f012b59d716fed55975f8abd3464420d849d89c16dd2a95c372cf631a93a8897ddda2a038070adc2a97b5538778c0215cea399deb8279b2ade6c5ab84bbc8c6e181c091b7002a4d5f395bb60c817e03966b63ba76e88fb05b79d126ab0975c995b5bb2ae6550af78d80b96af40c9514f945d72b0c9602412242c81b60b2df97999fbbaec0404056195879535041231803aa7cf064b5fdfc8b86344d65eb30e52cc0d5b86947b8051ea93008d789914493b58abbd5395b657560f5823c387574db554118d06b26ba14b9660b4b390f8b828ba8a852870cba24a114a68094cf0168b721af8f0998e599b5db2135a3e9360b5754dd49155eea830f0035c2c116dbc9039cf69034c505ed998f8460a170eb5f09786d902664c8135ad77101d0b802248b6f3165a847b5c989131d7ee3135cbcb48b3cabfd100074c00f2e7bc85d4c84bec8980a6920e6f318a4bc805900b548fc7d98316c1b3c3b49f6c5d90595ff7a7b56465385620544aa3f39114e53581e851849726023d953b5df56b87be98854b253a39297f060449fc1c02725c3442a4ed8624f7f6abf3854cf04166b24c3b5a38358bae933ee4777df09720415314b152efc0b175b664c0c0a3521cac1817314d1e69fe03b351fe211c4c44639622a73a4547ef52d46b033aa52a79182baf49a8808fb259c048a04cc03f8a1038e9112eb30965c797f90c277b3549df4f757526351bd1a100767b4bcfa7489c17cb181b707986b9af85e766aa1f99b08aa2a7bc8a385d294277cb00d705b4ce2583e61c16be2b18445d051d7f0cee51703db3162bdd328cf0b0b24a424bd830c6574091088ab746a291c737e8cd595d1b51f9646c7813a8991f89c168489d1a3b61a82466d98ac9de55b4d5aa020243e638328fedbc93d341e1fdc7eb861bba3783a57c86a7184aaa7d5051b7018f3f18b40b69fd7780ae9609194db70123801729c561e973dff3a7ea5ba9045b24e5fe5bc63ea858c687184a8276612c80ab600cc37699583b9ffa8c5a1b7934f3c12873522dd1c4f976b73121bb79766803d247de1dff18807000000000000000000000000000000000000000000000000000000 1837public_key = 59b479b444b510d9b6d89b7001b237f4a34c57509f69208c7e6b956144bedc8b2d19b12c1baa725dd106f5418ed943370050808ed2636fa634add059541a7a8c7976b0990e59c20c00343d1c37bc3ab587e312991bb88a74227651b340346c58bbb174ac18c204f37445681bc5905354d834f86016d0921219fb467d829daf24901815666d664b8c4aae307485cb95885b7cb9125a14d4d988d3a42c0816ba7ef14de9b622e08871988b8c02d857626b65065551d5bcc81112384f979cd8d2b9ecb55c6afaa700e92e3ecbb285c01112a19cbdb90b8af135b235914c901e2314902a43c939d065481128f83ac801dc2fa69c912f2b69189736d72414df12646680c9c858a9afaa28b994531960b0f2b82fc6b9c6f10706930786ab5c6b0da61ae813cdb7387c27324499b111c6ca5767056070e608cf421af52cb45a842da82560dd86acf45a7e70245e0b535f7559a9fceb9369c44032c09302438cb4670925c7a831d52f083a7919e575be844d9e6a009957c15e6c5f84f050cc4801561876f9f483ded505b3c77a4a97788358801f012b59d716fed55975f8abd3464420d849d89c16dd2a95c372cf631a93a8897ddda2a038070adc2a97b5538778c0215cea399deb8279b2ade6c5ab84bbc8c6e181c091b7002a4d5f395bb60c817e03966b63ba76e88fb05b79d126ab0975c995b5bb2ae6550af78d80b96af40c9514f945d72b0c9602412242c81b60b2df97999fbbaec0404056195879535041231803aa7cf064b5fdfc8b86344d65eb30e52cc0d5b86947b8051ea93008d789914493b58abbd5395b657560f5823c387574db554118d06b26ba14b9660b4b390f8b828ba8a852870cba24a114a68094cf0168b721af8f0998e599b5db2135a3e9360b5754dd49155eea830f0035c2c116dbc9039cf69034c505ed998f8460a170eb5f09786d902664c8135ad77101d0b802248b6f3165a847b5c989131d7ee3135cbcb48b3cabfd100074c00f2e7bc85d4c84bec8980a6920e6f318a4bc805900b548fc7d98316c1b3c3b49f6c5d90595ff7a7b56465385620544aa3f39114e53581e851849726023d953b5df56b87be98854b253a39297f060449fc1c02725c3442a4ed8624f7f6abf3854cf04166b24c3b5a38358bae933ee4777df09720415314b152efc0b175b664c0c0a3521cac1817314d1e69fe03b351fe211c4c44639622a73a4547ef52d46b033aa52a79182baf49a8808fb259c048a04cc03f8a1038e9112eb30965c797f90c277b3549df4f757526351bd1a100767b4bcfa7489c17cb181b707986b9af85e766aa1f99b08aa2a7bc8a385d294277cb00d705b4ce2583e61c16be2b18445d051d7f0cee51703db3162bdd328cf0b0b24a424bd830c6574091088ab746a291c737e8cd595d1b51f9646c7813a8991f89c168489d1a3b61a82466d98ac9de55b4d5aa020243e638328fedbc93d341e1fdc7eb861bba3783a57c86a7184aaa7d5051b7018f3f18b40b69fd7780ae9609194db70123801729c561e973dff3a7ea5ba9045b24e5fe5bc63ea858c687184a8276612c80ab600cc37699583b9ffa8c5a1b7934f3c12873522dd1c4f976b73121bb79766803d247de1dff18807000000000000000000000000000000000000000000000000000000
1838result: pass 1838result: pass
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c b/src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c
index 5a61248090..d6451fafb8 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c
+++ b/src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mlkem_iteration_tests.c,v 1.2 2024/12/26 07:26:45 tb Exp $ */ 1/* $OpenBSD: mlkem_iteration_tests.c,v 1.9 2026/01/01 12:47:52 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2024 Google Inc. 3 * Copyright (c) 2024 Google Inc.
4 * Copyright (c) 2024 Bob Beck <beck@obtuse.com> 4 * Copyright (c) 2024 Bob Beck <beck@obtuse.com>
@@ -22,7 +22,7 @@
22#include <stdio.h> 22#include <stdio.h>
23#include <stdlib.h> 23#include <stdlib.h>
24 24
25#include "mlkem.h" 25#include <openssl/mlkem.h>
26 26
27#include "mlkem_internal.h" 27#include "mlkem_internal.h"
28#include "mlkem_tests_util.h" 28#include "mlkem_tests_util.h"
@@ -63,46 +63,49 @@ const uint8_t kExpectedAdam1024[32] = {
63 0x04, 0xab, 0xdb, 0x94, 0x8b, 0x90, 0x8b, 0x75, 0xba, 0xd5 63 0x04, 0xab, 0xdb, 0x94, 0x8b, 0x90, 0x8b, 0x75, 0xba, 0xd5
64}; 64};
65 65
66struct iteration_ctx {
67 uint8_t *encoded_public_key;
68 size_t encoded_public_key_len;
69 uint8_t *ciphertext;
70 size_t ciphertext_len;
71 uint8_t *invalid_ciphertext;
72 size_t invalid_ciphertext_len;
73 void *priv;
74 void *pub;
75
76 mlkem_encode_private_key_fn encode_private_key;
77 mlkem_encap_external_entropy_fn encap_external_entropy;
78 mlkem_generate_key_external_entropy_fn generate_key_external_entropy;
79 mlkem_public_from_private_fn public_from_private;
80 mlkem_decap_fn decap;
81
82 const uint8_t *start;
83 size_t start_len;
84
85 const uint8_t *expected;
86 size_t expected_len;
87};
88
89static int 66static int
90MlkemIterativeTest(struct iteration_ctx *ctx) 67MlkemIterativeTest(int rank)
91{ 68{
92 uint8_t shared_secret[MLKEM_SHARED_SECRET_BYTES]; 69 const uint8_t *start, *expected;
70 size_t start_len;
93 uint8_t encap_entropy[MLKEM_ENCAP_ENTROPY]; 71 uint8_t encap_entropy[MLKEM_ENCAP_ENTROPY];
94 uint8_t seed[MLKEM_SEED_BYTES] = {0}; 72 uint8_t seed[MLKEM_SEED_LENGTH] = {0};
73 uint8_t *shared_secret = NULL;
95 sha3_ctx drng, results; 74 sha3_ctx drng, results;
96 uint8_t out[32]; 75 uint8_t out[32];
97 int i; 76 int i;
98 77
78 start = kExpectedSeedStart;
79 start_len = sizeof(kExpectedSeedStart);
80 switch(rank){
81 case MLKEM768_RANK:
82 expected = kExpectedAdam768;
83 break;
84 case MLKEM1024_RANK:
85 expected = kExpectedAdam1024;
86 break;
87 default:
88 errx(1, "invalid rank %d", rank);
89 }
90
99 shake128_init(&drng); 91 shake128_init(&drng);
100 shake128_init(&results); 92 shake128_init(&results);
101 93
102 shake_xof(&drng); 94 shake_xof(&drng);
103 for (i = 0; i < 10000; i++) { 95 for (i = 0; i < 10000; i++) {
104 uint8_t *encoded_private_key = NULL; 96 uint8_t *encoded_public_key = NULL, *ciphertext = NULL,
105 size_t encoded_private_key_len; 97 *encoded_private_key = NULL, *invalid_ciphertext = NULL;
98 size_t encoded_public_key_len, ciphertext_len,
99 encoded_private_key_len, invalid_ciphertext_len;
100 MLKEM_private_key *priv;
101 MLKEM_public_key *pub;
102 size_t s_len = 0;
103
104 /* allocate keys for this iteration */
105 if ((priv = MLKEM_private_key_new(rank)) == NULL)
106 errx(1, "malloc");
107 if ((pub = MLKEM_public_key_new(rank)) == NULL)
108 errx(1, "malloc");
106 109
107 /* 110 /*
108 * This should draw both d and z from DRNG concatenating in 111 * This should draw both d and z from DRNG concatenating in
@@ -110,118 +113,91 @@ MlkemIterativeTest(struct iteration_ctx *ctx)
110 */ 113 */
111 shake_out(&drng, seed, sizeof(seed)); 114 shake_out(&drng, seed, sizeof(seed));
112 if (i == 0) { 115 if (i == 0) {
113 if (compare_data(seed, ctx->start, ctx->start_len, 116 if (compare_data(seed, start, start_len,
114 "seed start") != 0) 117 "seed start") != 0)
115 errx(1, "compare_data"); 118 errx(1, "compare_data");
116 } 119 }
117 120
118 /* generate ek as encoded_public_key */ 121 /* generate ek as encoded_public_key */
119 ctx->generate_key_external_entropy(ctx->encoded_public_key, 122 if (!MLKEM_generate_key_external_entropy(priv,
120 ctx->priv, seed); 123 &encoded_public_key, &encoded_public_key_len,
121 ctx->public_from_private(ctx->pub, ctx->priv); 124 seed))
125 errx(1, "generate_key_external_entropy");
126
127 if (!MLKEM_public_from_private(priv, pub))
128 errx(1, "public_from_private");
122 129
123 /* hash in ek */ 130 /* hash in ek */
124 shake_update(&results, ctx->encoded_public_key, 131 shake_update(&results, encoded_public_key,
125 ctx->encoded_public_key_len); 132 encoded_public_key_len);
126 133
127 /* marshal priv to dk as encoded_private_key */ 134 /* marshal priv to dk as encoded_private_key */
128 if (!ctx->encode_private_key(ctx->priv, &encoded_private_key, 135 if (!MLKEM_marshal_private_key(priv, &encoded_private_key,
129 &encoded_private_key_len)) 136 &encoded_private_key_len))
130 errx(1, "encode private key"); 137 errx(1, "marshal private key");
131 138
132 /* hash in dk */ 139 /* hash in dk */
133 shake_update(&results, encoded_private_key, 140 shake_update(&results, encoded_private_key,
134 encoded_private_key_len); 141 encoded_private_key_len);
135 142
136 free(encoded_private_key); 143 freezero(encoded_private_key, encoded_private_key_len);
137 144
138 /* draw m as encap entropy from DRNG */ 145 /* draw m as encap entropy from DRNG */
139 shake_out(&drng, encap_entropy, sizeof(encap_entropy)); 146 shake_out(&drng, encap_entropy, sizeof(encap_entropy));
140 147
141 /* generate ct as ciphertext, k as shared_secret */ 148 /* generate ct as ciphertext, k as shared_secret */
142 ctx->encap_external_entropy(ctx->ciphertext, shared_secret, 149 if (!MLKEM_encap_external_entropy(pub, encap_entropy,
143 ctx->pub, encap_entropy); 150 &ciphertext, &ciphertext_len, &shared_secret, &s_len))
151 errx(1, "encap_external_entropy");
144 152
145 /* hash in ct */ 153 /* hash in ct */
146 shake_update(&results, ctx->ciphertext, ctx->ciphertext_len); 154 shake_update(&results, ciphertext, ciphertext_len);
147 /* hash in k */ 155 /* hash in k */
148 shake_update(&results, shared_secret, sizeof(shared_secret)); 156 shake_update(&results, shared_secret, s_len);
157
158 freezero(shared_secret, s_len);
159 shared_secret = NULL;
160
161 invalid_ciphertext_len = ciphertext_len;
162 if ((invalid_ciphertext = calloc(1, invalid_ciphertext_len))
163 == NULL)
164 errx(1, "malloc");
149 165
150 /* draw ct as invalid_ciphertxt from DRNG */ 166 /* draw ct as invalid_ciphertxt from DRNG */
151 shake_out(&drng, ctx->invalid_ciphertext, 167 shake_out(&drng, invalid_ciphertext, invalid_ciphertext_len);
152 ctx->invalid_ciphertext_len);
153 168
154 /* generate k as shared secret from invalid ciphertext */ 169 /* generate k as shared secret from invalid ciphertext */
155 if (!ctx->decap(shared_secret, ctx->invalid_ciphertext, 170 if (!MLKEM_decap(priv, invalid_ciphertext,
156 ctx->invalid_ciphertext_len, ctx->priv)) 171 invalid_ciphertext_len, &shared_secret, &s_len))
157 errx(1, "decap failed"); 172 errx(1, "decap failed, iteration %d", i);
158 173
159 /* hash in k */ 174 /* hash in k */
160 shake_update(&results, shared_secret, sizeof(shared_secret)); 175 shake_update(&results, shared_secret, s_len);
176
177 freezero(shared_secret, s_len);
178 shared_secret = NULL;
179 freezero(invalid_ciphertext, invalid_ciphertext_len);
180 invalid_ciphertext = NULL;
181
182 /* free keys and intermediate products for this iteration */
183 MLKEM_private_key_free(priv);
184 MLKEM_public_key_free(pub);
185 freezero(encoded_public_key, encoded_public_key_len);
186 freezero(ciphertext, ciphertext_len);
161 } 187 }
162 shake_xof(&results); 188 shake_xof(&results);
163 shake_out(&results, out, sizeof(out)); 189 shake_out(&results, out, sizeof(out));
164 190
165 return compare_data(ctx->expected, out, sizeof(out), "final result hash"); 191 return compare_data(expected, out, sizeof(out), "final result hash");
166} 192}
167 193
168int 194int
169main(void) 195main(void)
170{ 196{
171 uint8_t encoded_public_key768[MLKEM768_PUBLIC_KEY_BYTES];
172 uint8_t ciphertext768[MLKEM768_CIPHERTEXT_BYTES];
173 uint8_t invalid_ciphertext768[MLKEM768_CIPHERTEXT_BYTES];
174 struct MLKEM768_private_key priv768;
175 struct MLKEM768_public_key pub768;
176 struct iteration_ctx iteration768 = {
177 .encoded_public_key = encoded_public_key768,
178 .encoded_public_key_len = sizeof(encoded_public_key768),
179 .ciphertext = ciphertext768,
180 .ciphertext_len = sizeof(ciphertext768),
181 .invalid_ciphertext = invalid_ciphertext768,
182 .invalid_ciphertext_len = sizeof(invalid_ciphertext768),
183 .priv = &priv768,
184 .pub = &pub768,
185 .encap_external_entropy = mlkem768_encap_external_entropy,
186 .encode_private_key = mlkem768_encode_private_key,
187 .generate_key_external_entropy =
188 mlkem768_generate_key_external_entropy,
189 .public_from_private = mlkem768_public_from_private,
190 .decap = mlkem768_decap,
191 .start = kExpectedSeedStart,
192 .start_len = sizeof(kExpectedSeedStart),
193 .expected = kExpectedAdam768,
194 .expected_len = sizeof(kExpectedAdam768),
195 };
196 uint8_t encoded_public_key1024[MLKEM1024_PUBLIC_KEY_BYTES];
197 uint8_t ciphertext1024[MLKEM1024_CIPHERTEXT_BYTES];
198 uint8_t invalid_ciphertext1024[MLKEM1024_CIPHERTEXT_BYTES];
199 struct MLKEM1024_private_key priv1024;
200 struct MLKEM1024_public_key pub1024;
201 struct iteration_ctx iteration1024 = {
202 .encoded_public_key = encoded_public_key1024,
203 .encoded_public_key_len = sizeof(encoded_public_key1024),
204 .ciphertext = ciphertext1024,
205 .ciphertext_len = sizeof(ciphertext1024),
206 .invalid_ciphertext = invalid_ciphertext1024,
207 .invalid_ciphertext_len = sizeof(invalid_ciphertext1024),
208 .priv = &priv1024,
209 .pub = &pub1024,
210 .encap_external_entropy = mlkem1024_encap_external_entropy,
211 .encode_private_key = mlkem1024_encode_private_key,
212 .generate_key_external_entropy =
213 mlkem1024_generate_key_external_entropy,
214 .public_from_private = mlkem1024_public_from_private,
215 .decap = mlkem1024_decap,
216 .start = kExpectedSeedStart,
217 .start_len = sizeof(kExpectedSeedStart),
218 .expected = kExpectedAdam1024,
219 .expected_len = sizeof(kExpectedAdam1024),
220 };
221 int failed = 0; 197 int failed = 0;
222 198
223 failed |= MlkemIterativeTest(&iteration768); 199 failed |= MlkemIterativeTest(MLKEM768_RANK);
224 failed |= MlkemIterativeTest(&iteration1024); 200 failed |= MlkemIterativeTest(MLKEM1024_RANK);
225 201
226 return failed; 202 return failed;
227} 203}
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_tests.c b/src/regress/lib/libcrypto/mlkem/mlkem_tests.c
index e9ae417887..5e8441307c 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem_tests.c
+++ b/src/regress/lib/libcrypto/mlkem/mlkem_tests.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mlkem_tests.c,v 1.3 2025/05/03 08:34:07 tb Exp $ */ 1/* $OpenBSD: mlkem_tests.c,v 1.11 2026/01/01 12:47:52 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2024 Google Inc. 3 * Copyright (c) 2024 Google Inc.
4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
@@ -23,12 +23,11 @@
23#include <stdlib.h> 23#include <stdlib.h>
24#include <string.h> 24#include <string.h>
25 25
26#include "bytestring.h" 26#include <openssl/mlkem.h>
27#include "mlkem.h"
28 27
28#include "bytestring.h"
29#include "mlkem_internal.h" 29#include "mlkem_internal.h"
30 30
31#include "mlkem_tests_util.h"
32#include "parse_test_file.h" 31#include "parse_test_file.h"
33 32
34enum test_type { 33enum test_type {
@@ -39,11 +38,7 @@ enum test_type {
39struct decap_ctx { 38struct decap_ctx {
40 struct parse *parse_ctx; 39 struct parse *parse_ctx;
41 40
42 void *private_key; 41 int rank;
43 size_t private_key_len;
44
45 mlkem_parse_private_key_fn parse_private_key;
46 mlkem_decap_fn decap;
47}; 42};
48 43
49enum decap_states { 44enum decap_states {
@@ -102,8 +97,10 @@ static int
102MlkemDecapFileTest(struct decap_ctx *decap) 97MlkemDecapFileTest(struct decap_ctx *decap)
103{ 98{
104 struct parse *p = decap->parse_ctx; 99 struct parse *p = decap->parse_ctx;
105 uint8_t shared_secret_buf[MLKEM_SHARED_SECRET_BYTES]; 100 MLKEM_private_key *priv_key = NULL;
106 CBS ciphertext, shared_secret, private_key; 101 CBS ciphertext, shared_secret, private_key;
102 uint8_t *shared_secret_buf = NULL;
103 size_t shared_secret_buf_len = 0;
107 int should_fail; 104 int should_fail;
108 int failed = 1; 105 int failed = 1;
109 106
@@ -112,20 +109,31 @@ MlkemDecapFileTest(struct decap_ctx *decap)
112 parse_get_cbs(p, DECAP_PRIVATE_KEY, &private_key); 109 parse_get_cbs(p, DECAP_PRIVATE_KEY, &private_key);
113 parse_get_int(p, DECAP_RESULT, &should_fail); 110 parse_get_int(p, DECAP_RESULT, &should_fail);
114 111
115 if (!decap->parse_private_key(decap->private_key, &private_key)) { 112 if ((priv_key = MLKEM_private_key_new(decap->rank)) == NULL)
113 parse_errx(p, "MLKEM_private_key_new");
114
115 if (!MLKEM_parse_private_key(priv_key,
116 CBS_data(&private_key), CBS_len(&private_key))) {
116 if ((failed = !should_fail)) 117 if ((failed = !should_fail))
117 parse_info(p, "parse private key"); 118 parse_info(p, "parse private key");
118 goto err; 119 goto err;
119 } 120 }
120 if (!decap->decap(shared_secret_buf, 121 if (!MLKEM_decap(priv_key, CBS_data(&ciphertext), CBS_len(&ciphertext),
121 CBS_data(&ciphertext), CBS_len(&ciphertext), decap->private_key)) { 122 &shared_secret_buf, &shared_secret_buf_len)) {
122 if ((failed = !should_fail)) 123 if ((failed = !should_fail))
123 parse_info(p, "decap"); 124 parse_info(p, "decap");
124 goto err; 125 goto err;
125 } 126 }
126 127
128 if (shared_secret_buf_len != MLKEM_SHARED_SECRET_LENGTH) {
129 if ((failed = !should_fail))
130 parse_info(p, "shared secret length %zu != %d",
131 shared_secret_buf_len, MLKEM_SHARED_SECRET_LENGTH);
132 goto err;
133 }
134
127 failed = !parse_data_equal(p, "shared_secret", &shared_secret, 135 failed = !parse_data_equal(p, "shared_secret", &shared_secret,
128 shared_secret_buf, sizeof(shared_secret_buf)); 136 shared_secret_buf, shared_secret_buf_len);
129 137
130 if (should_fail != failed) { 138 if (should_fail != failed) {
131 parse_info(p, "FAIL: should_fail %d, failed %d", 139 parse_info(p, "FAIL: should_fail %d, failed %d",
@@ -134,6 +142,9 @@ MlkemDecapFileTest(struct decap_ctx *decap)
134 } 142 }
135 143
136 err: 144 err:
145 MLKEM_private_key_free(priv_key);
146 freezero(shared_secret_buf, shared_secret_buf_len);
147
137 return failed; 148 return failed;
138} 149}
139 150
@@ -192,35 +203,49 @@ static int
192MlkemNistDecapFileTest(struct decap_ctx *decap) 203MlkemNistDecapFileTest(struct decap_ctx *decap)
193{ 204{
194 struct parse *p = decap->parse_ctx; 205 struct parse *p = decap->parse_ctx;
195 uint8_t shared_secret[MLKEM_SHARED_SECRET_BYTES]; 206 MLKEM_private_key *priv_key = NULL;
196 CBS dk, c, k; 207 CBS dk, c, k;
208 uint8_t *shared_secret = NULL;
209 size_t shared_secret_len = 0;
197 int failed = 1; 210 int failed = 1;
198 211
199 parse_instruction_get_cbs(p, NIST_DECAP_DK, &dk); 212 parse_instruction_get_cbs(p, NIST_DECAP_DK, &dk);
200 parse_get_cbs(p, NIST_DECAP_C, &c); 213 parse_get_cbs(p, NIST_DECAP_C, &c);
201 parse_get_cbs(p, NIST_DECAP_K, &k); 214 parse_get_cbs(p, NIST_DECAP_K, &k);
202 215
216 if ((priv_key = MLKEM_private_key_new(decap->rank)) == NULL)
217 parse_errx(p, "MLKEM_private_key_new");
218
203 if (!parse_length_equal(p, "private key", 219 if (!parse_length_equal(p, "private key",
204 decap->private_key_len, CBS_len(&dk))) 220 MLKEM_private_key_encoded_length(priv_key), CBS_len(&dk)))
205 goto err; 221 goto err;
206 if (!parse_length_equal(p, "shared secret", 222 if (!parse_length_equal(p, "shared secret",
207 MLKEM_SHARED_SECRET_BYTES, CBS_len(&k))) 223 MLKEM_SHARED_SECRET_LENGTH, CBS_len(&k)))
208 goto err; 224 goto err;
209 225
210 if (!decap->parse_private_key(decap->private_key, &dk)) { 226 if (!MLKEM_parse_private_key(priv_key, CBS_data(&dk), CBS_len(&dk))) {
211 parse_info(p, "parse private key"); 227 parse_info(p, "parse private key");
212 goto err; 228 goto err;
213 } 229 }
214 if (!decap->decap(shared_secret, CBS_data(&c), CBS_len(&c), 230 if (!MLKEM_decap(priv_key, CBS_data(&c), CBS_len(&c),
215 decap->private_key)) { 231 &shared_secret, &shared_secret_len)) {
216 parse_info(p, "decap"); 232 parse_info(p, "decap");
217 goto err; 233 goto err;
218 } 234 }
219 235
236 if (shared_secret_len != MLKEM_SHARED_SECRET_LENGTH) {
237 parse_info(p, "shared secret length %zu != %d",
238 shared_secret_len, MLKEM_SHARED_SECRET_LENGTH);
239 goto err;
240 }
241
220 failed = !parse_data_equal(p, "shared secret", &k, 242 failed = !parse_data_equal(p, "shared secret", &k,
221 shared_secret, MLKEM_SHARED_SECRET_BYTES); 243 shared_secret, shared_secret_len);
222 244
223 err: 245 err:
246 MLKEM_private_key_free(priv_key);
247 freezero(shared_secret, shared_secret_len);
248
224 return failed; 249 return failed;
225} 250}
226 251
@@ -244,46 +269,24 @@ static const struct test_parse nist_decap_parse = {
244}; 269};
245 270
246static int 271static int
247mlkem_decap_tests(const char *fn, size_t size, enum test_type test_type) 272mlkem_decap_tests(const char *fn, int rank, enum test_type test_type)
248{ 273{
249 struct MLKEM768_private_key private_key768; 274 struct decap_ctx decap = {
250 struct decap_ctx decap768 = { 275 .rank = rank,
251 .private_key = &private_key768,
252 .private_key_len = MLKEM768_PRIVATE_KEY_BYTES,
253
254 .parse_private_key = mlkem768_parse_private_key,
255 .decap = mlkem768_decap,
256 }; 276 };
257 struct MLKEM1024_private_key private_key1024;
258 struct decap_ctx decap1024 = {
259 .private_key = &private_key1024,
260 .private_key_len = MLKEM1024_PRIVATE_KEY_BYTES,
261 277
262 .parse_private_key = mlkem1024_parse_private_key, 278 if (test_type == TEST_TYPE_NORMAL)
263 .decap = mlkem1024_decap, 279 return parse_test_file(fn, &decap_parse, &decap);
264 }; 280 if (test_type == TEST_TYPE_NIST)
265 281 return parse_test_file(fn, &nist_decap_parse, &decap);
266 if (size == 768 && test_type == TEST_TYPE_NORMAL)
267 return parse_test_file(fn, &decap_parse, &decap768);
268 if (size == 768 && test_type == TEST_TYPE_NIST)
269 return parse_test_file(fn, &nist_decap_parse, &decap768);
270 if (size == 1024 && test_type == TEST_TYPE_NORMAL)
271 return parse_test_file(fn, &decap_parse, &decap1024);
272 if (size == 1024 && test_type == TEST_TYPE_NIST)
273 return parse_test_file(fn, &nist_decap_parse, &decap1024);
274 282
275 errx(1, "unknown decap test: size %zu, type %d", size, test_type); 283 errx(1, "unknown decap test: rank %d, type %d", rank, test_type);
276} 284}
277 285
278struct encap_ctx { 286struct encap_ctx {
279 struct parse *parse_ctx; 287 struct parse *parse_ctx;
280 288
281 void *public_key; 289 int rank;
282 uint8_t *ciphertext;
283 size_t ciphertext_len;
284
285 mlkem_parse_public_key_fn parse_public_key;
286 mlkem_encap_external_entropy_fn encap_external_entropy;
287}; 290};
288 291
289enum encap_states { 292enum encap_states {
@@ -349,8 +352,12 @@ static int
349MlkemEncapFileTest(struct encap_ctx *encap) 352MlkemEncapFileTest(struct encap_ctx *encap)
350{ 353{
351 struct parse *p = encap->parse_ctx; 354 struct parse *p = encap->parse_ctx;
352 uint8_t shared_secret_buf[MLKEM_SHARED_SECRET_BYTES]; 355 MLKEM_public_key *pub_key = NULL;
353 CBS entropy, public_key, ciphertext, shared_secret; 356 CBS entropy, public_key, ciphertext, shared_secret;
357 uint8_t *ciphertext_buf = NULL;
358 size_t ciphertext_buf_len = 0;
359 uint8_t *shared_secret_buf = NULL;
360 size_t shared_secret_buf_len = 0;
354 int should_fail; 361 int should_fail;
355 int failed = 1; 362 int failed = 1;
356 363
@@ -360,18 +367,34 @@ MlkemEncapFileTest(struct encap_ctx *encap)
360 parse_get_cbs(p, ENCAP_SHARED_SECRET, &shared_secret); 367 parse_get_cbs(p, ENCAP_SHARED_SECRET, &shared_secret);
361 parse_get_int(p, ENCAP_RESULT, &should_fail); 368 parse_get_int(p, ENCAP_RESULT, &should_fail);
362 369
363 if (!encap->parse_public_key(encap->public_key, &public_key)) { 370 if ((pub_key = MLKEM_public_key_new(encap->rank)) == NULL)
371 parse_errx(p, "MLKEM_public_key_new");
372
373 if (!MLKEM_parse_public_key(pub_key,
374 CBS_data(&public_key), CBS_len(&public_key))) {
364 if ((failed = !should_fail)) 375 if ((failed = !should_fail))
365 parse_info(p, "parse public key"); 376 parse_info(p, "parse public key");
366 goto err; 377 goto err;
367 } 378 }
368 encap->encap_external_entropy(encap->ciphertext, shared_secret_buf, 379 if (!MLKEM_encap_external_entropy(pub_key, CBS_data(&entropy),
369 encap->public_key, CBS_data(&entropy)); 380 &ciphertext_buf, &ciphertext_buf_len,
381 &shared_secret_buf, &shared_secret_buf_len)) {
382 if ((failed = !should_fail))
383 parse_info(p, "encap_external_entropy");
384 goto err;
385 }
386
387 if (shared_secret_buf_len != MLKEM_SHARED_SECRET_LENGTH) {
388 if ((failed = !should_fail))
389 parse_info(p, "shared secret length %zu != %d",
390 shared_secret_buf_len, MLKEM_SHARED_SECRET_LENGTH);
391 goto err;
392 }
370 393
371 failed = !parse_data_equal(p, "shared_secret", &shared_secret, 394 failed = !parse_data_equal(p, "shared_secret", &shared_secret,
372 shared_secret_buf, sizeof(shared_secret_buf)); 395 shared_secret_buf, shared_secret_buf_len);
373 failed |= !parse_data_equal(p, "ciphertext", &ciphertext, 396 failed |= !parse_data_equal(p, "ciphertext", &ciphertext,
374 encap->ciphertext, encap->ciphertext_len); 397 ciphertext_buf, ciphertext_buf_len);
375 398
376 if (should_fail != failed) { 399 if (should_fail != failed) {
377 parse_info(p, "FAIL: should_fail %d, failed %d", 400 parse_info(p, "FAIL: should_fail %d, failed %d",
@@ -380,6 +403,10 @@ MlkemEncapFileTest(struct encap_ctx *encap)
380 } 403 }
381 404
382 err: 405 err:
406 MLKEM_public_key_free(pub_key);
407 freezero(ciphertext_buf, ciphertext_buf_len);
408 freezero(shared_secret_buf, shared_secret_buf_len);
409
383 return failed; 410 return failed;
384} 411}
385 412
@@ -400,48 +427,19 @@ static const struct test_parse encap_parse = {
400}; 427};
401 428
402static int 429static int
403mlkem_encap_tests(const char *fn, size_t size) 430mlkem_encap_tests(const char *fn, int rank)
404{ 431{
405 struct MLKEM768_public_key public_key768; 432 struct encap_ctx encap = {
406 uint8_t ciphertext768[MLKEM768_CIPHERTEXT_BYTES]; 433 .rank = rank,
407 struct encap_ctx encap768 = {
408 .public_key = &public_key768,
409 .ciphertext = ciphertext768,
410 .ciphertext_len = sizeof(ciphertext768),
411
412 .parse_public_key = mlkem768_parse_public_key,
413 .encap_external_entropy = mlkem768_encap_external_entropy,
414 };
415 struct MLKEM1024_public_key public_key1024;
416 uint8_t ciphertext1024[MLKEM1024_CIPHERTEXT_BYTES];
417 struct encap_ctx encap1024 = {
418 .public_key = &public_key1024,
419 .ciphertext = ciphertext1024,
420 .ciphertext_len = sizeof(ciphertext1024),
421
422 .parse_public_key = mlkem1024_parse_public_key,
423 .encap_external_entropy = mlkem1024_encap_external_entropy,
424 }; 434 };
425 435
426 if (size == 768) 436 return parse_test_file(fn, &encap_parse, &encap);
427 return parse_test_file(fn, &encap_parse, &encap768);
428 if (size == 1024)
429 return parse_test_file(fn, &encap_parse, &encap1024);
430
431 errx(1, "unknown encap test: size %zu", size);
432} 437}
433 438
434struct keygen_ctx { 439struct keygen_ctx {
435 struct parse *parse_ctx; 440 struct parse *parse_ctx;
436 441
437 void *private_key; 442 int rank;
438 void *encoded_public_key;
439 size_t encoded_public_key_len;
440 size_t private_key_len;
441 size_t public_key_len;
442
443 mlkem_generate_key_external_entropy_fn generate_key_external_entropy;
444 mlkem_encode_private_key_fn encode_private_key;
445}; 443};
446 444
447enum keygen_states { 445enum keygen_states {
@@ -492,27 +490,38 @@ static int
492MlkemKeygenFileTest(struct keygen_ctx *keygen) 490MlkemKeygenFileTest(struct keygen_ctx *keygen)
493{ 491{
494 struct parse *p = keygen->parse_ctx; 492 struct parse *p = keygen->parse_ctx;
493 MLKEM_private_key *priv_key = NULL;
495 CBS seed, public_key, private_key; 494 CBS seed, public_key, private_key;
496 uint8_t *encoded_private_key = NULL; 495 uint8_t *encoded_private_key = NULL;
497 size_t encoded_private_key_len = 0; 496 size_t encoded_private_key_len = 0;
497 uint8_t *encoded_public_key = NULL;
498 size_t encoded_public_key_len = 0;
498 int failed = 1; 499 int failed = 1;
499 500
500 parse_get_cbs(p, KEYGEN_SEED, &seed); 501 parse_get_cbs(p, KEYGEN_SEED, &seed);
501 parse_get_cbs(p, KEYGEN_PUBLIC_KEY, &public_key); 502 parse_get_cbs(p, KEYGEN_PUBLIC_KEY, &public_key);
502 parse_get_cbs(p, KEYGEN_PRIVATE_KEY, &private_key); 503 parse_get_cbs(p, KEYGEN_PRIVATE_KEY, &private_key);
503 504
504 if (!parse_length_equal(p, "seed", MLKEM_SEED_BYTES, CBS_len(&seed))) 505 if (!parse_length_equal(p, "seed", MLKEM_SEED_LENGTH, CBS_len(&seed)))
505 goto err; 506 goto err;
507
508 if ((priv_key = MLKEM_private_key_new(keygen->rank)) == NULL)
509 parse_errx(p, "MLKEM_public_key_free");
510
511 if (!MLKEM_generate_key_external_entropy(priv_key,
512 &encoded_public_key, &encoded_public_key_len, CBS_data(&seed))) {
513 parse_info(p, "generate_key_external_entropy");
514 goto err;
515 }
516
506 if (!parse_length_equal(p, "public key", 517 if (!parse_length_equal(p, "public key",
507 keygen->public_key_len, CBS_len(&public_key))) 518 encoded_public_key_len, CBS_len(&public_key)))
508 goto err; 519 goto err;
509 if (!parse_length_equal(p, "private key", 520 if (!parse_length_equal(p, "private key",
510 keygen->private_key_len, CBS_len(&private_key))) 521 MLKEM_private_key_encoded_length(priv_key), CBS_len(&private_key)))
511 goto err; 522 goto err;
512 523
513 keygen->generate_key_external_entropy(keygen->encoded_public_key, 524 if (!MLKEM_marshal_private_key(priv_key,
514 keygen->private_key, CBS_data(&seed));
515 if (!keygen->encode_private_key(keygen->private_key,
516 &encoded_private_key, &encoded_private_key_len)) { 525 &encoded_private_key, &encoded_private_key_len)) {
517 parse_info(p, "encode private key"); 526 parse_info(p, "encode private key");
518 goto err; 527 goto err;
@@ -521,10 +530,12 @@ MlkemKeygenFileTest(struct keygen_ctx *keygen)
521 failed = !parse_data_equal(p, "private key", &private_key, 530 failed = !parse_data_equal(p, "private key", &private_key,
522 encoded_private_key, encoded_private_key_len); 531 encoded_private_key, encoded_private_key_len);
523 failed |= !parse_data_equal(p, "public key", &public_key, 532 failed |= !parse_data_equal(p, "public key", &public_key,
524 keygen->encoded_public_key, keygen->encoded_public_key_len); 533 encoded_public_key, encoded_public_key_len);
525 534
526 err: 535 err:
536 MLKEM_private_key_free(priv_key);
527 freezero(encoded_private_key, encoded_private_key_len); 537 freezero(encoded_private_key, encoded_private_key_len);
538 freezero(encoded_public_key, encoded_public_key_len);
528 539
529 return failed; 540 return failed;
530} 541}
@@ -584,12 +595,15 @@ static int
584MlkemNistKeygenFileTest(struct keygen_ctx *keygen) 595MlkemNistKeygenFileTest(struct keygen_ctx *keygen)
585{ 596{
586 struct parse *p = keygen->parse_ctx; 597 struct parse *p = keygen->parse_ctx;
598 MLKEM_private_key *priv_key = NULL;
587 CBB seed_cbb; 599 CBB seed_cbb;
588 CBS z, d, ek, dk; 600 CBS z, d, ek, dk;
589 uint8_t seed[MLKEM_SEED_BYTES]; 601 uint8_t seed[MLKEM_SEED_LENGTH];
590 size_t seed_len; 602 size_t seed_len;
591 uint8_t *encoded_private_key = NULL; 603 uint8_t *encoded_private_key = NULL;
592 size_t encoded_private_key_len = 0; 604 size_t encoded_private_key_len = 0;
605 uint8_t *encoded_public_key = NULL;
606 size_t encoded_public_key_len = 0;
593 int failed = 1; 607 int failed = 1;
594 608
595 parse_get_cbs(p, NIST_KEYGEN_Z, &z); 609 parse_get_cbs(p, NIST_KEYGEN_Z, &z);
@@ -606,24 +620,33 @@ MlkemNistKeygenFileTest(struct keygen_ctx *keygen)
606 if (!CBB_finish(&seed_cbb, NULL, &seed_len)) 620 if (!CBB_finish(&seed_cbb, NULL, &seed_len))
607 parse_errx(p, "CBB_finish"); 621 parse_errx(p, "CBB_finish");
608 622
609 if (!parse_length_equal(p, "bogus z or d", MLKEM_SEED_BYTES, seed_len)) 623 if (!parse_length_equal(p, "bogus z or d", MLKEM_SEED_LENGTH, seed_len))
610 goto err; 624 goto err;
611 625
612 keygen->generate_key_external_entropy(keygen->encoded_public_key, 626 if ((priv_key = MLKEM_private_key_new(keygen->rank)) == NULL)
613 keygen->private_key, seed); 627 parse_errx(p, "MLKEM_private_key_new");
614 if (!keygen->encode_private_key(keygen->private_key, 628
629 if (!MLKEM_generate_key_external_entropy(priv_key,
630 &encoded_public_key, &encoded_public_key_len, seed)) {
631 parse_info(p, "MLKEM_generate_key_external_entropy");
632 goto err;
633 }
634
635 if (!MLKEM_marshal_private_key(priv_key,
615 &encoded_private_key, &encoded_private_key_len)) { 636 &encoded_private_key, &encoded_private_key_len)) {
616 parse_info(p, "encode private key"); 637 parse_info(p, "encode private key");
617 goto err; 638 goto err;
618 } 639 }
619 640
620 failed = !parse_data_equal(p, "public key", &ek, 641 failed = !parse_data_equal(p, "public key", &ek,
621 keygen->encoded_public_key, keygen->encoded_public_key_len); 642 encoded_public_key, encoded_public_key_len);
622 failed |= !parse_data_equal(p, "private key", &dk, 643 failed |= !parse_data_equal(p, "private key", &dk,
623 encoded_private_key, encoded_private_key_len); 644 encoded_private_key, encoded_private_key_len);
624 645
625 err: 646 err:
647 MLKEM_private_key_free(priv_key);
626 freezero(encoded_private_key, encoded_private_key_len); 648 freezero(encoded_private_key, encoded_private_key_len);
649 freezero(encoded_public_key, encoded_public_key_len);
627 650
628 return failed; 651 return failed;
629} 652}
@@ -645,74 +668,45 @@ static const struct test_parse nist_keygen_parse = {
645}; 668};
646 669
647static int 670static int
648mlkem_keygen_tests(const char *fn, size_t size, enum test_type test_type) 671mlkem_keygen_tests(const char *fn, int rank, enum test_type test_type)
649{ 672{
650 struct MLKEM768_private_key private_key768; 673 struct keygen_ctx keygen = {
651 uint8_t encoded_public_key768[MLKEM768_PUBLIC_KEY_BYTES]; 674 .rank = rank,
652 struct keygen_ctx keygen768 = {
653 .private_key = &private_key768,
654 .encoded_public_key = encoded_public_key768,
655 .encoded_public_key_len = sizeof(encoded_public_key768),
656 .private_key_len = MLKEM768_PRIVATE_KEY_BYTES,
657 .public_key_len = MLKEM768_PUBLIC_KEY_BYTES,
658
659 .generate_key_external_entropy =
660 mlkem768_generate_key_external_entropy,
661 .encode_private_key =
662 mlkem768_encode_private_key,
663 };
664 struct MLKEM1024_private_key private_key1024;
665 uint8_t encoded_public_key1024[MLKEM1024_PUBLIC_KEY_BYTES];
666 struct keygen_ctx keygen1024 = {
667 .private_key = &private_key1024,
668 .encoded_public_key = encoded_public_key1024,
669 .encoded_public_key_len = sizeof(encoded_public_key1024),
670 .private_key_len = MLKEM1024_PRIVATE_KEY_BYTES,
671 .public_key_len = MLKEM1024_PUBLIC_KEY_BYTES,
672
673 .generate_key_external_entropy =
674 mlkem1024_generate_key_external_entropy,
675 .encode_private_key =
676 mlkem1024_encode_private_key,
677 }; 675 };
678 676
679 if (size == 768 && test_type == TEST_TYPE_NORMAL) 677 if (test_type == TEST_TYPE_NORMAL)
680 return parse_test_file(fn, &keygen_parse, &keygen768); 678 return parse_test_file(fn, &keygen_parse, &keygen);
681 if (size == 768 && test_type == TEST_TYPE_NIST) 679 if (test_type == TEST_TYPE_NIST)
682 return parse_test_file(fn, &nist_keygen_parse, &keygen768); 680 return parse_test_file(fn, &nist_keygen_parse, &keygen);
683 if (size == 1024 && test_type == TEST_TYPE_NORMAL)
684 return parse_test_file(fn, &keygen_parse, &keygen1024);
685 if (size == 1024 && test_type == TEST_TYPE_NIST)
686 return parse_test_file(fn, &nist_keygen_parse, &keygen1024);
687 681
688 errx(1, "unknown keygen test: size %zu, type %d", size, test_type); 682 errx(1, "unknown keygen test: rank %d, type %d", rank, test_type);
689} 683}
690 684
691static int 685static int
692run_mlkem_test(const char *test, const char *fn) 686run_mlkem_test(const char *test, const char *fn)
693{ 687{
694 if (strcmp(test, "mlkem768_decap_tests") == 0) 688 if (strcmp(test, "mlkem768_decap_tests") == 0)
695 return mlkem_decap_tests(fn, 768, TEST_TYPE_NORMAL); 689 return mlkem_decap_tests(fn, MLKEM768_RANK, TEST_TYPE_NORMAL);
696 if (strcmp(test, "mlkem768_nist_decap_tests") == 0) 690 if (strcmp(test, "mlkem768_nist_decap_tests") == 0)
697 return mlkem_decap_tests(fn, 768, TEST_TYPE_NIST); 691 return mlkem_decap_tests(fn, MLKEM768_RANK, TEST_TYPE_NIST);
698 if (strcmp(test, "mlkem1024_decap_tests") == 0) 692 if (strcmp(test, "mlkem1024_decap_tests") == 0)
699 return mlkem_decap_tests(fn, 1024, TEST_TYPE_NORMAL); 693 return mlkem_decap_tests(fn, MLKEM1024_RANK, TEST_TYPE_NORMAL);
700 if (strcmp(test, "mlkem1024_nist_decap_tests") == 0) 694 if (strcmp(test, "mlkem1024_nist_decap_tests") == 0)
701 return mlkem_decap_tests(fn, 1024, TEST_TYPE_NIST); 695 return mlkem_decap_tests(fn, MLKEM1024_RANK, TEST_TYPE_NIST);
702 696
703 if (strcmp(test, "mlkem768_encap_tests") == 0) 697 if (strcmp(test, "mlkem768_encap_tests") == 0)
704 return mlkem_encap_tests(fn, 768); 698 return mlkem_encap_tests(fn, MLKEM768_RANK);
705 if (strcmp(test, "mlkem1024_encap_tests") == 0) 699 if (strcmp(test, "mlkem1024_encap_tests") == 0)
706 return mlkem_encap_tests(fn, 1024); 700 return mlkem_encap_tests(fn, MLKEM1024_RANK);
707 701
708 if (strcmp(test, "mlkem768_keygen_tests") == 0) 702 if (strcmp(test, "mlkem768_keygen_tests") == 0)
709 return mlkem_keygen_tests(fn, 768, TEST_TYPE_NORMAL); 703 return mlkem_keygen_tests(fn, MLKEM768_RANK, TEST_TYPE_NORMAL);
710 if (strcmp(test, "mlkem768_nist_keygen_tests") == 0) 704 if (strcmp(test, "mlkem768_nist_keygen_tests") == 0)
711 return mlkem_keygen_tests(fn, 768, TEST_TYPE_NIST); 705 return mlkem_keygen_tests(fn, MLKEM768_RANK, TEST_TYPE_NIST);
712 if (strcmp(test, "mlkem1024_keygen_tests") == 0) 706 if (strcmp(test, "mlkem1024_keygen_tests") == 0)
713 return mlkem_keygen_tests(fn, 1024, TEST_TYPE_NORMAL); 707 return mlkem_keygen_tests(fn, MLKEM1024_RANK, TEST_TYPE_NORMAL);
714 if (strcmp(test, "mlkem1024_nist_keygen_tests") == 0) 708 if (strcmp(test, "mlkem1024_nist_keygen_tests") == 0)
715 return mlkem_keygen_tests(fn, 1024, TEST_TYPE_NIST); 709 return mlkem_keygen_tests(fn, MLKEM1024_RANK, TEST_TYPE_NIST);
716 710
717 errx(1, "unknown test %s (test file %s)", test, fn); 711 errx(1, "unknown test %s (test file %s)", test, fn);
718} 712}
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.c b/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.c
index 1bb2ed3a8b..d2e0fbd7c7 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.c
+++ b/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mlkem_tests_util.c,v 1.5 2024/12/26 00:04:24 tb Exp $ */ 1/* $OpenBSD: mlkem_tests_util.c,v 1.10 2025/08/15 14:47:54 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2024 Google Inc. 3 * Copyright (c) 2024 Google Inc.
4 * Copyright (c) 2024 Bob Beck <beck@obtuse.com> 4 * Copyright (c) 2024 Bob Beck <beck@obtuse.com>
@@ -22,11 +22,6 @@
22#include <stdio.h> 22#include <stdio.h>
23#include <string.h> 23#include <string.h>
24 24
25#include "bytestring.h"
26#include "mlkem.h"
27
28#include "mlkem_internal.h"
29
30#include "mlkem_tests_util.h" 25#include "mlkem_tests_util.h"
31 26
32static void 27static void
@@ -59,209 +54,3 @@ compare_data(const uint8_t *want, const uint8_t *got, size_t len, const char *ms
59 54
60 return 1; 55 return 1;
61} 56}
62
63int
64mlkem768_encode_private_key(const void *private_key, uint8_t **out_buf,
65 size_t *out_len)
66{
67 CBB cbb;
68 int ret = 0;
69
70 if (!CBB_init(&cbb, MLKEM768_PUBLIC_KEY_BYTES))
71 goto err;
72 if (!MLKEM768_marshal_private_key(&cbb, private_key))
73 goto err;
74 if (!CBB_finish(&cbb, out_buf, out_len))
75 goto err;
76
77 ret = 1;
78
79 err:
80 CBB_cleanup(&cbb);
81
82 return ret;
83}
84
85int
86mlkem768_encode_public_key(const void *public_key, uint8_t **out_buf,
87 size_t *out_len)
88{
89 CBB cbb;
90 int ret = 0;
91
92 if (!CBB_init(&cbb, MLKEM768_PUBLIC_KEY_BYTES))
93 goto err;
94 if (!MLKEM768_marshal_public_key(&cbb, public_key))
95 goto err;
96 if (!CBB_finish(&cbb, out_buf, out_len))
97 goto err;
98
99 ret = 1;
100
101 err:
102 CBB_cleanup(&cbb);
103
104 return ret;
105}
106
107int
108mlkem1024_encode_private_key(const void *private_key, uint8_t **out_buf,
109 size_t *out_len)
110{
111 CBB cbb;
112 int ret = 0;
113
114 if (!CBB_init(&cbb, MLKEM1024_PUBLIC_KEY_BYTES))
115 goto err;
116 if (!MLKEM1024_marshal_private_key(&cbb, private_key))
117 goto err;
118 if (!CBB_finish(&cbb, out_buf, out_len))
119 goto err;
120
121 ret = 1;
122
123 err:
124 CBB_cleanup(&cbb);
125
126 return ret;
127}
128
129int
130mlkem1024_encode_public_key(const void *public_key, uint8_t **out_buf,
131 size_t *out_len)
132{
133 CBB cbb;
134 int ret = 0;
135
136 if (!CBB_init(&cbb, MLKEM1024_PUBLIC_KEY_BYTES))
137 goto err;
138 if (!MLKEM1024_marshal_public_key(&cbb, public_key))
139 goto err;
140 if (!CBB_finish(&cbb, out_buf, out_len))
141 goto err;
142
143 ret = 1;
144
145 err:
146 CBB_cleanup(&cbb);
147
148 return ret;
149}
150
151int
152mlkem768_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
153 const uint8_t *ciphertext, size_t ciphertext_len, const void *private_key)
154{
155 return MLKEM768_decap(out_shared_secret, ciphertext, ciphertext_len,
156 private_key);
157}
158
159void
160mlkem768_encap(uint8_t *out_ciphertext,
161 uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
162 const void *public_key)
163{
164 MLKEM768_encap(out_ciphertext, out_shared_secret, public_key);
165}
166
167void
168mlkem768_encap_external_entropy(uint8_t *out_ciphertext,
169 uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
170 const void *public_key, const uint8_t entropy[MLKEM_ENCAP_ENTROPY])
171{
172 MLKEM768_encap_external_entropy(out_ciphertext, out_shared_secret,
173 public_key, entropy);
174}
175
176void
177mlkem768_generate_key(uint8_t *out_encoded_public_key,
178 uint8_t optional_out_seed[MLKEM_SEED_BYTES], void *out_private_key)
179{
180 MLKEM768_generate_key(out_encoded_public_key, optional_out_seed,
181 out_private_key);
182}
183
184void
185mlkem768_generate_key_external_entropy(uint8_t *out_encoded_public_key,
186 void *out_private_key, const uint8_t entropy[MLKEM_SEED_BYTES])
187{
188 MLKEM768_generate_key_external_entropy(out_encoded_public_key,
189 out_private_key, entropy);
190}
191
192int
193mlkem768_parse_private_key(void *out_private_key, CBS *private_key_cbs)
194{
195 return MLKEM768_parse_private_key(out_private_key, private_key_cbs);
196}
197
198int
199mlkem768_parse_public_key(void *out_public_key, CBS *public_key_cbs)
200{
201 return MLKEM768_parse_public_key(out_public_key, public_key_cbs);
202}
203
204void
205mlkem768_public_from_private(void *out_public_key, const void *private_key)
206{
207 MLKEM768_public_from_private(out_public_key, private_key);
208}
209
210int
211mlkem1024_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
212 const uint8_t *ciphertext, size_t ciphertext_len, const void *private_key)
213{
214 return MLKEM1024_decap(out_shared_secret, ciphertext, ciphertext_len,
215 private_key);
216}
217
218void
219mlkem1024_encap(uint8_t *out_ciphertext,
220 uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
221 const void *public_key)
222{
223 MLKEM1024_encap(out_ciphertext, out_shared_secret, public_key);
224}
225
226void
227mlkem1024_encap_external_entropy(uint8_t *out_ciphertext,
228 uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
229 const void *public_key, const uint8_t entropy[MLKEM_ENCAP_ENTROPY])
230{
231 MLKEM1024_encap_external_entropy(out_ciphertext, out_shared_secret,
232 public_key, entropy);
233}
234
235void
236mlkem1024_generate_key(uint8_t *out_encoded_public_key,
237 uint8_t optional_out_seed[MLKEM_SEED_BYTES], void *out_private_key)
238{
239 MLKEM1024_generate_key(out_encoded_public_key, optional_out_seed,
240 out_private_key);
241}
242
243void
244mlkem1024_generate_key_external_entropy(uint8_t *out_encoded_public_key,
245 void *out_private_key, const uint8_t entropy[MLKEM_SEED_BYTES])
246{
247 MLKEM1024_generate_key_external_entropy(out_encoded_public_key,
248 out_private_key, entropy);
249}
250
251int
252mlkem1024_parse_private_key(void *out_private_key, CBS *private_key_cbs)
253{
254 return MLKEM1024_parse_private_key(out_private_key, private_key_cbs);
255}
256
257void
258mlkem1024_public_from_private(void *out_public_key, const void *private_key)
259{
260 MLKEM1024_public_from_private(out_public_key, private_key);
261}
262
263int
264mlkem1024_parse_public_key(void *out_public_key, CBS *public_key_cbs)
265{
266 return MLKEM1024_parse_public_key(out_public_key, public_key_cbs);
267}
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.h b/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.h
index 7fbe6f76a9..514a309112 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.h
+++ b/src/regress/lib/libcrypto/mlkem/mlkem_tests_util.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: mlkem_tests_util.h,v 1.4 2024/12/26 00:04:24 tb Exp $ */ 1/* $OpenBSD: mlkem_tests_util.h,v 1.9 2025/08/15 14:47:54 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2024 Bob Beck <beck@obtuse.com> 3 * Copyright (c) 2024 Bob Beck <beck@obtuse.com>
4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
@@ -22,68 +22,7 @@
22#include <stddef.h> 22#include <stddef.h>
23#include <stdint.h> 23#include <stdint.h>
24 24
25#include "bytestring.h"
26
27#include "mlkem.h"
28#include "mlkem_internal.h"
29
30int compare_data(const uint8_t *want, const uint8_t *got, size_t len, 25int compare_data(const uint8_t *want, const uint8_t *got, size_t len,
31 const char *msg); 26 const char *msg);
32 27
33int mlkem768_encode_private_key(const void *priv, uint8_t **out_buf,
34 size_t *out_len);
35int mlkem768_encode_public_key(const void *pub, uint8_t **out_buf,
36 size_t *out_len);
37int mlkem1024_encode_private_key(const void *priv, uint8_t **out_buf,
38 size_t *out_len);
39int mlkem1024_encode_public_key(const void *pub, uint8_t **out_buf,
40 size_t *out_len);
41
42int mlkem768_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
43 const uint8_t *ciphertext, size_t ciphertext_len, const void *priv);
44void mlkem768_encap(uint8_t *out_ciphertext,
45 uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], const void *pub);
46void mlkem768_encap_external_entropy(uint8_t *out_ciphertext,
47 uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], const void *pub,
48 const uint8_t entropy[MLKEM_ENCAP_ENTROPY]);
49void mlkem768_generate_key(uint8_t *out_encoded_public_key,
50 uint8_t optional_out_seed[MLKEM_SEED_BYTES], void *out_private_key);
51void mlkem768_generate_key_external_entropy(uint8_t *out_encoded_public_key,
52 void *out_private_key, const uint8_t entropy[MLKEM_SEED_BYTES]);
53int mlkem768_parse_private_key(void *priv, CBS *private_key_cbs);
54int mlkem768_parse_public_key(void *pub, CBS *in);
55void mlkem768_public_from_private(void *out_public_key, const void *private_key);
56
57int mlkem1024_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
58 const uint8_t *ciphertext, size_t ciphertext_len, const void *priv);
59void mlkem1024_encap(uint8_t *out_ciphertext,
60 uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], const void *pub);
61void mlkem1024_encap_external_entropy(uint8_t *out_ciphertext,
62 uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], const void *pub,
63 const uint8_t entropy[MLKEM_ENCAP_ENTROPY]);
64void mlkem1024_generate_key(uint8_t *out_encoded_public_key,
65 uint8_t optional_out_seed[MLKEM_SEED_BYTES], void *out_private_key);
66void mlkem1024_generate_key_external_entropy(uint8_t *out_encoded_public_key,
67 void *out_private_key, const uint8_t entropy[MLKEM_SEED_BYTES]);
68int mlkem1024_parse_private_key(void *priv, CBS *private_key_cbs);
69int mlkem1024_parse_public_key(void *pub, CBS *in);
70void mlkem1024_public_from_private(void *out_public_key, const void *private_key);
71
72typedef int (*mlkem_encode_private_key_fn)(const void *, uint8_t **, size_t *);
73typedef int (*mlkem_encode_public_key_fn)(const void *, uint8_t **, size_t *);
74typedef int (*mlkem_decap_fn)(uint8_t [MLKEM_SHARED_SECRET_BYTES],
75 const uint8_t *, size_t, const void *);
76typedef void (*mlkem_encap_fn)(uint8_t *, uint8_t [MLKEM_SHARED_SECRET_BYTES],
77 const void *);
78typedef void (*mlkem_encap_external_entropy_fn)(uint8_t *,
79 uint8_t [MLKEM_SHARED_SECRET_BYTES], const void *,
80 const uint8_t [MLKEM_ENCAP_ENTROPY]);
81typedef void (*mlkem_generate_key_fn)(uint8_t *, uint8_t *, void *);
82typedef void (*mlkem_generate_key_external_entropy_fn)(uint8_t *, void *,
83 const uint8_t [MLKEM_SEED_BYTES]);
84typedef int (*mlkem_parse_private_key_fn)(void *, CBS *);
85typedef int (*mlkem_parse_public_key_fn)(void *, CBS *);
86typedef void (*mlkem_public_from_private_fn)(void *out_public_key,
87 const void *private_key);
88
89#endif /* MLKEM_TEST_UTIL_H */ 28#endif /* MLKEM_TEST_UTIL_H */
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
index 597297b8cc..1d8149b523 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
+++ b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mlkem_unittest.c,v 1.7 2025/05/03 08:34:55 tb Exp $ */ 1/* $OpenBSD: mlkem_unittest.c,v 1.16 2026/01/01 12:47:52 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2024 Google Inc. 3 * Copyright (c) 2024 Google Inc.
4 * Copyright (c) 2024 Bob Beck <beck@obtuse.com> 4 * Copyright (c) 2024 Bob Beck <beck@obtuse.com>
@@ -22,132 +22,201 @@
22#include <stdlib.h> 22#include <stdlib.h>
23#include <string.h> 23#include <string.h>
24 24
25#include "bytestring.h" 25#include <openssl/mlkem.h>
26#include "mlkem.h"
27 26
27#include "mlkem_internal.h"
28#include "mlkem_tests_util.h" 28#include "mlkem_tests_util.h"
29 29
30struct unittest_ctx {
31 void *priv;
32 void *pub;
33 void *priv2;
34 void *pub2;
35 uint8_t *encoded_public_key;
36 size_t encoded_public_key_len;
37 uint8_t *ciphertext;
38 size_t ciphertext_len;
39 mlkem_decap_fn decap;
40 mlkem_encap_fn encap;
41 mlkem_generate_key_fn generate_key;
42 mlkem_parse_private_key_fn parse_private_key;
43 mlkem_parse_public_key_fn parse_public_key;
44 mlkem_encode_private_key_fn encode_private_key;
45 mlkem_encode_public_key_fn encode_public_key;
46 mlkem_public_from_private_fn public_from_private;
47};
48
49static int 30static int
50MlKemUnitTest(struct unittest_ctx *ctx) 31MlKemUnitTest(int rank)
51{ 32{
52 uint8_t shared_secret1[MLKEM_SHARED_SECRET_BYTES]; 33 MLKEM_private_key *priv = NULL, *priv2 = NULL, *priv3 = NULL;
53 uint8_t shared_secret2[MLKEM_SHARED_SECRET_BYTES]; 34 MLKEM_public_key *pub = NULL, *pub2 = NULL, *pub3 = NULL;
35 uint8_t *encoded_public_key = NULL, *ciphertext = NULL,
36 *shared_secret2 = NULL, *shared_secret1 = NULL,
37 *encoded_private_key = NULL, *tmp_buf = NULL, *seed_buf = NULL;
38 size_t encoded_public_key_len, ciphertext_len,
39 encoded_private_key_len, tmp_buf_len;
54 uint8_t first_two_bytes[2]; 40 uint8_t first_two_bytes[2];
55 uint8_t *encoded_private_key = NULL, *tmp_buf = NULL; 41 size_t s_len = 0;
56 size_t encoded_private_key_len, tmp_buf_len;
57 CBS cbs;
58 int failed = 0; 42 int failed = 0;
59 43
60 ctx->generate_key(ctx->encoded_public_key, NULL, ctx->priv); 44 if ((pub = MLKEM_public_key_new(rank)) == NULL) {
45 warnx("public_key_new");
46 failed |= 1;
47 }
48
49 if ((pub2 = MLKEM_public_key_new(rank)) == NULL) {
50 warnx("public_key_new");
51 failed |= 1;
52 }
53
54 if ((priv = MLKEM_private_key_new(rank)) == NULL) {
55 warnx("private_key_new");
56 failed |= 1;
57 }
58
59 if ((priv2 = MLKEM_private_key_new(rank)) == NULL) {
60 warnx("private_key_new");
61 failed |= 1;
62 }
63
64 if (!MLKEM_generate_key(priv, &encoded_public_key,
65 &encoded_public_key_len, &seed_buf, &s_len)) {
66 warnx("generate_key failed");
67 failed |= 1;
68 }
69
70 if (s_len != MLKEM_SEED_LENGTH) {
71 warnx("seed length %zu != %d", s_len, MLKEM_SEED_LENGTH);
72 failed |= 1;
73 }
74
75 if ((priv3 = MLKEM_private_key_new(rank)) == NULL) {
76 warnx("private_key_new");
77 failed |= 1;
78 }
79
80 if ((pub3 = MLKEM_public_key_new(rank)) == NULL) {
81 warnx("public_key_new");
82 failed |= 1;
83 }
84
85 if (!MLKEM_private_key_from_seed(priv3, seed_buf, s_len)) {
86 warnx("private_key_from_seed failed");
87 failed |= 1;
88 }
89
90 free(seed_buf);
91 seed_buf = NULL;
61 92
62 memcpy(first_two_bytes, ctx->encoded_public_key, sizeof(first_two_bytes)); 93 if (!MLKEM_public_from_private(priv3, pub3)) {
63 memset(ctx->encoded_public_key, 0xff, sizeof(first_two_bytes)); 94 warnx("public_from_private");
95 failed |= 1;
96 }
64 97
65 CBS_init(&cbs, ctx->encoded_public_key, ctx->encoded_public_key_len); 98 memcpy(first_two_bytes, encoded_public_key, sizeof(first_two_bytes));
99 memset(encoded_public_key, 0xff, sizeof(first_two_bytes));
66 100
67 /* Parsing should fail because the first coefficient is >= kPrime. */ 101 /* Parsing should fail because the first coefficient is >= kPrime. */
68 if (ctx->parse_public_key(ctx->pub, &cbs)) { 102 if (MLKEM_parse_public_key(pub, encoded_public_key,
103 encoded_public_key_len)) {
69 warnx("parse_public_key should have failed"); 104 warnx("parse_public_key should have failed");
70 failed |= 1; 105 failed |= 1;
71 } 106 }
72 107
73 memcpy(ctx->encoded_public_key, first_two_bytes, sizeof(first_two_bytes)); 108 memcpy(encoded_public_key, first_two_bytes, sizeof(first_two_bytes));
74 CBS_init(&cbs, ctx->encoded_public_key, ctx->encoded_public_key_len); 109
75 if (!ctx->parse_public_key(ctx->pub, &cbs)) { 110 MLKEM_public_key_free(pub);
76 warnx("MLKEM768_parse_public_key"); 111 if ((pub = MLKEM_public_key_new(rank)) == NULL) {
112 warnx("public_key_new");
113 failed |= 1;
114 }
115 if (!MLKEM_parse_public_key(pub, encoded_public_key,
116 encoded_public_key_len)) {
117 warnx("MLKEM_parse_public_key");
77 failed |= 1; 118 failed |= 1;
78 } 119 }
79 120
80 if (CBS_len(&cbs) != 0u) { 121 if (!MLKEM_marshal_public_key(pub, &tmp_buf, &tmp_buf_len)) {
81 warnx("CBS_len must be 0"); 122 warnx("marshal_public_key");
123 failed |= 1;
124 }
125 if (encoded_public_key_len != tmp_buf_len) {
126 warnx("encoded public key lengths differ %d != %d",
127 (int) encoded_public_key_len, (int) tmp_buf_len);
82 failed |= 1; 128 failed |= 1;
83 } 129 }
84 130
85 if (!ctx->encode_public_key(ctx->pub, &tmp_buf, &tmp_buf_len)) { 131 if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len,
86 warnx("encode_public_key"); 132 "encoded public keys") != 0) {
133 warnx("compare_data");
87 failed |= 1; 134 failed |= 1;
88 } 135 }
89 if (ctx->encoded_public_key_len != tmp_buf_len) { 136 free(tmp_buf);
90 warnx("encoded public key lengths differ"); 137 tmp_buf = NULL;
138 tmp_buf_len = 0;
139
140 if (!MLKEM_marshal_public_key(pub3, &tmp_buf, &tmp_buf_len)) {
141 warnx("marshal_public_key");
142 failed |= 1;
143 }
144 if (encoded_public_key_len != tmp_buf_len) {
145 warnx("encoded public key lengths differ %d != %d",
146 (int) encoded_public_key_len, (int) tmp_buf_len);
91 failed |= 1; 147 failed |= 1;
92 } 148 }
93 149
94 if (compare_data(ctx->encoded_public_key, tmp_buf, tmp_buf_len, 150 if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len,
95 "encoded public keys") != 0) { 151 "encoded public keys") != 0) {
96 warnx("compare_data"); 152 warnx("compare_data");
97 failed |= 1; 153 failed |= 1;
98 } 154 }
99 free(tmp_buf); 155 free(tmp_buf);
100 tmp_buf = NULL; 156 tmp_buf = NULL;
157 tmp_buf_len = 0;
101 158
102 ctx->public_from_private(ctx->pub2, ctx->priv); 159 if (!MLKEM_public_from_private(priv, pub2)) {
103 if (!ctx->encode_public_key(ctx->pub2, &tmp_buf, &tmp_buf_len)) { 160 warnx("public_from_private");
104 warnx("encode_public_key"); 161 failed |= 1;
162 }
163 if (!MLKEM_marshal_public_key(pub2, &tmp_buf, &tmp_buf_len)) {
164 warnx("marshal_public_key");
105 failed |= 1; 165 failed |= 1;
106 } 166 }
107 if (ctx->encoded_public_key_len != tmp_buf_len) { 167 if (encoded_public_key_len != tmp_buf_len) {
108 warnx("encoded public key lengths differ"); 168 warnx("encoded public key lengths differ %d %d",
169 (int) encoded_public_key_len, (int) tmp_buf_len);
109 failed |= 1; 170 failed |= 1;
110 } 171 }
111 172
112 if (compare_data(ctx->encoded_public_key, tmp_buf, tmp_buf_len, 173 if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len,
113 "encoded public keys") != 0) { 174 "encoded public keys") != 0) {
114 warnx("compare_data"); 175 warnx("compare_data");
115 failed |= 1; 176 failed |= 1;
116 } 177 }
117 free(tmp_buf); 178 free(tmp_buf);
118 tmp_buf = NULL; 179 tmp_buf = NULL;
180 tmp_buf_len = 0;
119 181
120 if (!ctx->encode_private_key(ctx->priv, &encoded_private_key, 182 if (!MLKEM_marshal_private_key(priv, &encoded_private_key,
121 &encoded_private_key_len)) { 183 &encoded_private_key_len)) {
122 warnx("mlkem768_encode_private_key"); 184 warnx("marshal_private_key");
123 failed |= 1; 185 failed |= 1;
124 } 186 }
125 187
126 memcpy(first_two_bytes, encoded_private_key, sizeof(first_two_bytes)); 188 memcpy(first_two_bytes, encoded_private_key, sizeof(first_two_bytes));
127 memset(encoded_private_key, 0xff, sizeof(first_two_bytes)); 189 memset(encoded_private_key, 0xff, sizeof(first_two_bytes));
128 CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
129 190
130 /* Parsing should fail because the first coefficient is >= kPrime. */ 191 /* Parsing should fail because the first coefficient is >= kPrime. */
131 if (ctx->parse_private_key(ctx->priv2, &cbs)) { 192 if (MLKEM_parse_private_key(priv2, encoded_private_key,
132 warnx("MLKEM768_parse_private_key should have failed"); 193 encoded_private_key_len)) {
194 warnx("parse_private_key should have failed");
133 failed |= 1; 195 failed |= 1;
134 } 196 }
135 197
136 memcpy(encoded_private_key, first_two_bytes, sizeof(first_two_bytes)); 198 memcpy(encoded_private_key, first_two_bytes, sizeof(first_two_bytes));
137 CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
138 199
139 if (!ctx->parse_private_key(ctx->priv2, &cbs)) { 200 MLKEM_private_key_free(priv2);
140 warnx("MLKEM768_parse_private_key"); 201 priv2 = NULL;
202
203 if ((priv2 = MLKEM_private_key_new(rank)) == NULL) {
204 warnx("private_key_new");
205 failed |= 1;
206 }
207 if (!MLKEM_parse_private_key(priv2, encoded_private_key,
208 encoded_private_key_len)) {
209 warnx("parse_private_key");
141 failed |= 1; 210 failed |= 1;
142 } 211 }
143 212
144 if (!ctx->encode_private_key(ctx->priv2, &tmp_buf, &tmp_buf_len)) { 213 if (!MLKEM_marshal_private_key(priv2, &tmp_buf, &tmp_buf_len)) {
145 warnx("encode_private_key"); 214 warnx("marshal_private_key");
146 failed |= 1; 215 failed |= 1;
147 } 216 }
148 217
149 if (encoded_private_key_len != tmp_buf_len) { 218 if (encoded_private_key_len != tmp_buf_len) {
150 warnx("encode private key lengths differ"); 219 warnx("encoded private key lengths differ");
151 failed |= 1; 220 failed |= 1;
152 } 221 }
153 222
@@ -160,106 +229,79 @@ MlKemUnitTest(struct unittest_ctx *ctx)
160 free(tmp_buf); 229 free(tmp_buf);
161 tmp_buf = NULL; 230 tmp_buf = NULL;
162 231
163 ctx->encap(ctx->ciphertext, shared_secret1, ctx->pub); 232 if (!MLKEM_encap(pub, &ciphertext, &ciphertext_len, &shared_secret1,
164 if (!ctx->decap(shared_secret2, ctx->ciphertext, ctx->ciphertext_len, 233 &s_len)) {
165 ctx->priv)) { 234 warnx("encap failed using pub");
235 failed |= 1;
236 }
237
238 if (s_len != MLKEM_SHARED_SECRET_LENGTH) {
239 warnx("seed length %zu != %d", s_len,
240 MLKEM_SHARED_SECRET_LENGTH);
241 failed |= 1;
242 }
243
244 if (!MLKEM_decap(priv, ciphertext, ciphertext_len,
245 &shared_secret2, &s_len)) {
166 warnx("decap() failed using priv"); 246 warnx("decap() failed using priv");
167 failed |= 1; 247 failed |= 1;
168 } 248 }
169 if (compare_data(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES, 249
250 if (s_len != MLKEM_SHARED_SECRET_LENGTH) {
251 warnx("seed length %zu != %d", s_len,
252 MLKEM_SHARED_SECRET_LENGTH);
253 failed |= 1;
254 }
255
256 if (compare_data(shared_secret1, shared_secret2, s_len,
170 "shared secrets with priv") != 0) { 257 "shared secrets with priv") != 0) {
171 warnx("compare_data"); 258 warnx("compare_data");
172 failed |= 1; 259 failed |= 1;
173 } 260 }
174 261
175 if (!ctx->decap(shared_secret2, ctx->ciphertext, ctx->ciphertext_len, 262 free(shared_secret2);
176 ctx->priv2)) { 263 shared_secret2 = NULL;
264
265 if (!MLKEM_decap(priv2, ciphertext, ciphertext_len,
266 &shared_secret2, &s_len)){
177 warnx("decap() failed using priv2"); 267 warnx("decap() failed using priv2");
178 failed |= 1; 268 failed |= 1;
179 } 269 }
180 if (compare_data(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES, 270
271 if (s_len != MLKEM_SHARED_SECRET_LENGTH) {
272 warnx("seed length %zu != %d", s_len,
273 MLKEM_SHARED_SECRET_LENGTH);
274 failed |= 1;
275 }
276
277 if (compare_data(shared_secret1, shared_secret2, s_len,
181 "shared secrets with priv2") != 0) { 278 "shared secrets with priv2") != 0) {
182 warnx("compare_data"); 279 warnx("compare_data");
183 failed |= 1; 280 failed |= 1;
184 } 281 }
185 282
283 MLKEM_public_key_free(pub);
284 MLKEM_public_key_free(pub2);
285 MLKEM_public_key_free(pub3);
286 MLKEM_private_key_free(priv);
287 MLKEM_private_key_free(priv2);
288 MLKEM_private_key_free(priv3);
289 free(encoded_public_key);
290 free(ciphertext);
186 free(encoded_private_key); 291 free(encoded_private_key);
292 free(shared_secret1);
293 free(shared_secret2);
187 294
188 return failed; 295 return failed;
189} 296}
190 297
191static int
192mlkem768_unittest(void)
193{
194 struct MLKEM768_private_key mlkem768_priv, mlkem768_priv2;
195 struct MLKEM768_public_key mlkem768_pub, mlkem768_pub2;
196 uint8_t mlkem768_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES];
197 uint8_t mlkem768_ciphertext[MLKEM768_CIPHERTEXT_BYTES];
198 struct unittest_ctx mlkem768_test = {
199 .priv = &mlkem768_priv,
200 .pub = &mlkem768_pub,
201 .priv2 = &mlkem768_priv2,
202 .pub2 = &mlkem768_pub2,
203 .encoded_public_key = mlkem768_encoded_public_key,
204 .encoded_public_key_len = sizeof(mlkem768_encoded_public_key),
205 .ciphertext = mlkem768_ciphertext,
206 .ciphertext_len = sizeof(mlkem768_ciphertext),
207 .decap = mlkem768_decap,
208 .encap = mlkem768_encap,
209 .generate_key = mlkem768_generate_key,
210 .parse_private_key = mlkem768_parse_private_key,
211 .parse_public_key = mlkem768_parse_public_key,
212 .encode_private_key = mlkem768_encode_private_key,
213 .encode_public_key = mlkem768_encode_public_key,
214 .public_from_private = mlkem768_public_from_private,
215 };
216
217 return MlKemUnitTest(&mlkem768_test);
218}
219
220static int
221mlkem1024_unittest(void)
222{
223 struct MLKEM1024_private_key mlkem1024_priv, mlkem1024_priv2;
224 struct MLKEM1024_public_key mlkem1024_pub, mlkem1024_pub2;
225 uint8_t mlkem1024_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES];
226 uint8_t mlkem1024_ciphertext[MLKEM1024_CIPHERTEXT_BYTES];
227 struct unittest_ctx mlkem1024_test = {
228 .priv = &mlkem1024_priv,
229 .pub = &mlkem1024_pub,
230 .priv2 = &mlkem1024_priv2,
231 .pub2 = &mlkem1024_pub2,
232 .encoded_public_key = mlkem1024_encoded_public_key,
233 .encoded_public_key_len = sizeof(mlkem1024_encoded_public_key),
234 .ciphertext = mlkem1024_ciphertext,
235 .ciphertext_len = sizeof(mlkem1024_ciphertext),
236 .decap = mlkem1024_decap,
237 .encap = mlkem1024_encap,
238 .generate_key = mlkem1024_generate_key,
239 .parse_private_key = mlkem1024_parse_private_key,
240 .parse_public_key = mlkem1024_parse_public_key,
241 .encode_private_key = mlkem1024_encode_private_key,
242 .encode_public_key = mlkem1024_encode_public_key,
243 .public_from_private = mlkem1024_public_from_private,
244 };
245
246 return MlKemUnitTest(&mlkem1024_test);
247}
248
249int 298int
250main(void) 299main(void)
251{ 300{
252 int failed = 0; 301 int failed = 0;
253 302
254 /* 303 failed |= MlKemUnitTest(MLKEM768_RANK);
255 * XXX - this is split into two helper functions since having a few 304 failed |= MlKemUnitTest(MLKEM1024_RANK);
256 * ML-KEM key blobs on the stack makes Emscripten's stack explode,
257 * leading to inscrutable silent failures unles ASAN is enabled.
258 * Go figure.
259 */
260
261 failed |= mlkem768_unittest();
262 failed |= mlkem1024_unittest();
263 305
264 return failed; 306 return failed;
265} 307}
diff --git a/src/regress/lib/libcrypto/mlkem/parse_test_file.c b/src/regress/lib/libcrypto/mlkem/parse_test_file.c
index b68dc50431..9f3e5f3a1a 100644
--- a/src/regress/lib/libcrypto/mlkem/parse_test_file.c
+++ b/src/regress/lib/libcrypto/mlkem/parse_test_file.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: parse_test_file.c,v 1.4 2025/04/13 09:14:56 tb Exp $ */ 1/* $OpenBSD: parse_test_file.c,v 1.6 2025/06/03 10:29:37 tb Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
@@ -646,7 +646,8 @@ parse_reinit(struct parse *p)
646 p->state.running_test_case = 0; 646 p->state.running_test_case = 0;
647 parse_line_data_clear(p); 647 parse_line_data_clear(p);
648 tctx->finish(p->ctx); 648 tctx->finish(p->ctx);
649 tctx->init(p->ctx, p); 649 if (!tctx->init(p->ctx, p))
650 parse_errx(p, "init failed");
650} 651}
651 652
652static int 653static int
@@ -708,7 +709,8 @@ parse_init(struct parse *p, const char *fn, const struct test_parse *tctx,
708 parse_state_init(&p->state, tctx->num_states, tctx->num_instructions); 709 parse_state_init(&p->state, tctx->num_states, tctx->num_instructions);
709 p->tctx = tctx; 710 p->tctx = tctx;
710 p->ctx = ctx; 711 p->ctx = ctx;
711 tctx->init(ctx, p); 712 if (!tctx->init(p->ctx, p))
713 parse_errx(p, "init failed");
712} 714}
713 715
714static int 716static int
@@ -734,7 +736,10 @@ parse_next_line(struct parse *p)
734static void 736static void
735parse_finish(struct parse *p) 737parse_finish(struct parse *p)
736{ 738{
739 const struct test_parse *tctx = p->tctx;
740
737 parse_state_finish(&p->state); 741 parse_state_finish(&p->state);
742 tctx->finish(p->ctx);
738 743
739 free(p->buf); 744 free(p->buf);
740 745
diff --git a/src/regress/lib/libcrypto/rsa/rsa_method_test.c b/src/regress/lib/libcrypto/rsa/rsa_method_test.c
index d9c1cc4f9a..9d0a4c3592 100644
--- a/src/regress/lib/libcrypto/rsa/rsa_method_test.c
+++ b/src/regress/lib/libcrypto/rsa/rsa_method_test.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_method_test.c,v 1.5 2025/01/05 18:21:36 tb Exp $ */ 1/* $OpenBSD: rsa_method_test.c,v 1.6 2025/08/26 05:07:50 tb Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2025 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2025 Theo Buehler <tb@openbsd.org>
@@ -221,7 +221,7 @@ sign_and_verify_test(void)
221 errx(1, "%s: RSA_set_ex_data", __func__); 221 errx(1, "%s: RSA_set_ex_data", __func__);
222 222
223 if ((sign_verify_method = RSA_meth_dup(RSA_get_default_method())) == NULL) 223 if ((sign_verify_method = RSA_meth_dup(RSA_get_default_method())) == NULL)
224 errx(1, "%s: RSA_get_default_method", __func__); 224 errx(1, "%s: RSA_meth_dup", __func__);
225 if (!RSA_meth_set0_app_data(sign_verify_method, rsa_priv)) 225 if (!RSA_meth_set0_app_data(sign_verify_method, rsa_priv))
226 errx(1, "%s: RSA_meth_set0_app_data", __func__); 226 errx(1, "%s: RSA_meth_set0_app_data", __func__);
227 227
diff --git a/src/regress/lib/libcrypto/sha/Makefile b/src/regress/lib/libcrypto/sha/Makefile
index 6ec223116d..c6ab0398ba 100644
--- a/src/regress/lib/libcrypto/sha/Makefile
+++ b/src/regress/lib/libcrypto/sha/Makefile
@@ -1,9 +1,15 @@
1# $OpenBSD: Makefile,v 1.5 2022/09/01 14:02:41 tb Exp $ 1# $OpenBSD: Makefile,v 1.6 2025/05/22 03:35:40 joshua Exp $
2 2
3PROG = sha_test 3PROG = sha_test
4LDADD = -lcrypto 4LDADD = -lcrypto
5DPADD = ${LIBCRYPTO} 5DPADD = ${LIBCRYPTO}
6WARNINGS = Yes 6WARNINGS = Yes
7CFLAGS += -DLIBRESSL_INTERNAL -Werror 7CFLAGS += -DLIBRESSL_INTERNAL -Werror
8CFLAGS += -I${.CURDIR}/../test
9SRCS += sha_test.c
10SRCS += test.c
11SRCS += test_util.c
12
13.PATH: ${.CURDIR}/../test
8 14
9.include <bsd.regress.mk> 15.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/sha/sha_test.c b/src/regress/lib/libcrypto/sha/sha_test.c
index 82a0c4cceb..904924c890 100644
--- a/src/regress/lib/libcrypto/sha/sha_test.c
+++ b/src/regress/lib/libcrypto/sha/sha_test.c
@@ -1,6 +1,6 @@
1/* $OpenBSD: sha_test.c,v 1.6 2023/07/19 15:11:42 joshua Exp $ */ 1/* $OpenBSD: sha_test.c,v 1.7 2025/05/22 03:35:40 joshua Exp $ */
2/* 2/*
3 * Copyright (c) 2022, 2023 Joshua Sing <joshua@hypera.dev> 3 * Copyright (c) 2022, 2023, 2025 Joshua Sing <joshua@joshuasing.dev>
4 * 4 *
5 * Permission to use, copy, modify, and distribute this software for any 5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above 6 * purpose with or without fee is hereby granted, provided that the above
@@ -21,6 +21,8 @@
21#include <stdint.h> 21#include <stdint.h>
22#include <string.h> 22#include <string.h>
23 23
24#include "test.h"
25
24struct sha_test { 26struct sha_test {
25 const int algorithm; 27 const int algorithm;
26 const uint8_t in[128]; 28 const uint8_t in[128];
@@ -677,260 +679,240 @@ typedef unsigned char *(*sha_hash_func)(const unsigned char *, size_t,
677 unsigned char *); 679 unsigned char *);
678 680
679static int 681static int
680sha_hash_from_algorithm(int algorithm, const char **out_label, 682sha_hash_from_algorithm(int algorithm, sha_hash_func *out_func,
681 sha_hash_func *out_func, const EVP_MD **out_md, size_t *out_len) 683 const EVP_MD **out_md)
682{ 684{
683 const char *label;
684 sha_hash_func sha_func; 685 sha_hash_func sha_func;
685 const EVP_MD *md; 686 const EVP_MD *md;
686 size_t len;
687 687
688 switch (algorithm) { 688 switch (algorithm) {
689 case NID_sha1: 689 case NID_sha1:
690 label = SN_sha1;
691 sha_func = SHA1; 690 sha_func = SHA1;
692 md = EVP_sha1(); 691 md = EVP_sha1();
693 len = SHA_DIGEST_LENGTH;
694 break; 692 break;
695 case NID_sha224: 693 case NID_sha224:
696 label = SN_sha224;
697 sha_func = SHA224; 694 sha_func = SHA224;
698 md = EVP_sha224(); 695 md = EVP_sha224();
699 len = SHA224_DIGEST_LENGTH;
700 break; 696 break;
701 case NID_sha256: 697 case NID_sha256:
702 label = SN_sha256;
703 sha_func = SHA256; 698 sha_func = SHA256;
704 md = EVP_sha256(); 699 md = EVP_sha256();
705 len = SHA256_DIGEST_LENGTH;
706 break; 700 break;
707 case NID_sha384: 701 case NID_sha384:
708 label = SN_sha384;
709 sha_func = SHA384; 702 sha_func = SHA384;
710 md = EVP_sha384(); 703 md = EVP_sha384();
711 len = SHA384_DIGEST_LENGTH;
712 break; 704 break;
713 case NID_sha512: 705 case NID_sha512:
714 label = SN_sha512;
715 sha_func = SHA512; 706 sha_func = SHA512;
716 md = EVP_sha512(); 707 md = EVP_sha512();
717 len = SHA512_DIGEST_LENGTH;
718 break; 708 break;
719 case NID_sha3_224: 709 case NID_sha3_224:
720 label = SN_sha3_224;
721 sha_func = NULL; 710 sha_func = NULL;
722 md = EVP_sha3_224(); 711 md = EVP_sha3_224();
723 len = 224 / 8;
724 break; 712 break;
725 case NID_sha3_256: 713 case NID_sha3_256:
726 label = SN_sha3_256;
727 sha_func = NULL; 714 sha_func = NULL;
728 md = EVP_sha3_256(); 715 md = EVP_sha3_256();
729 len = 256 / 8;
730 break; 716 break;
731 case NID_sha3_384: 717 case NID_sha3_384:
732 label = SN_sha3_384;
733 sha_func = NULL; 718 sha_func = NULL;
734 md = EVP_sha3_384(); 719 md = EVP_sha3_384();
735 len = 384 / 8;
736 break; 720 break;
737 case NID_sha3_512: 721 case NID_sha3_512:
738 label = SN_sha3_512;
739 sha_func = NULL; 722 sha_func = NULL;
740 md = EVP_sha3_512(); 723 md = EVP_sha3_512();
741 len = 512 / 8;
742 break; 724 break;
743 default: 725 default:
744 fprintf(stderr, "FAIL: unknown algorithm (%d)\n",
745 algorithm);
746 return 0; 726 return 0;
747 } 727 }
748 728
749 if (out_label != NULL)
750 *out_label = label;
751 if (out_func != NULL) 729 if (out_func != NULL)
752 *out_func = sha_func; 730 *out_func = sha_func;
753 if (out_md != NULL) 731 if (out_md != NULL)
754 *out_md = md; 732 *out_md = md;
755 if (out_len != NULL)
756 *out_len = len;
757 733
758 return 1; 734 return 1;
759} 735}
760 736
761static int 737static void
762sha_test(void) 738test_sha_tv(struct test *t, const void *arg)
763{ 739{
740 const struct sha_test *st = arg;
764 sha_hash_func sha_func; 741 sha_hash_func sha_func;
765 const struct sha_test *st;
766 EVP_MD_CTX *hash = NULL; 742 EVP_MD_CTX *hash = NULL;
767 const EVP_MD *md; 743 const EVP_MD *md;
768 uint8_t out[EVP_MAX_MD_SIZE]; 744 uint8_t out[EVP_MAX_MD_SIZE];
769 size_t in_len, out_len; 745 size_t in_len, out_len;
770 size_t i;
771 const char *label;
772 int failed = 1;
773 746
774 if ((hash = EVP_MD_CTX_new()) == NULL) { 747 if ((hash = EVP_MD_CTX_new()) == NULL) {
775 fprintf(stderr, "FAIL: EVP_MD_CTX_new() failed\n"); 748 test_errorf(t, "EVP_MD_CTX_new()");
776 goto failed; 749 goto fail;
777 } 750 }
778 751
779 for (i = 0; i < N_SHA_TESTS; i++) { 752 if (!sha_hash_from_algorithm(st->algorithm, &sha_func, &md))
780 st = &sha_tests[i]; 753 goto fail;
781 if (!sha_hash_from_algorithm(st->algorithm, &label, &sha_func,
782 &md, &out_len))
783 goto failed;
784
785 /* Digest */
786 if (sha_func != NULL) {
787 memset(out, 0, sizeof(out));
788 sha_func(st->in, st->in_len, out);
789 if (memcmp(st->out, out, out_len) != 0) {
790 fprintf(stderr, "FAIL (%s:%zu): mismatch\n",
791 label, i);
792 goto failed;
793 }
794 }
795 754
796 /* EVP single-shot digest */ 755 out_len = EVP_MD_size(md);
797 memset(out, 0, sizeof(out));
798 if (!EVP_Digest(st->in, st->in_len, out, NULL, md, NULL)) {
799 fprintf(stderr, "FAIL (%s:%zu): EVP_Digest failed\n",
800 label, i);
801 goto failed;
802 }
803 756
757 /* Digest */
758 if (sha_func != NULL) {
759 memset(out, 0, sizeof(out));
760 sha_func(st->in, st->in_len, out);
804 if (memcmp(st->out, out, out_len) != 0) { 761 if (memcmp(st->out, out, out_len) != 0) {
805 fprintf(stderr, 762 test_errorf(t, "SHA: digest output mismatch");
806 "FAIL (%s:%zu): EVP single-shot mismatch\n", 763 test_hexdiff(t, out, out_len, st->out);
807 label, i);
808 goto failed;
809 } 764 }
765 }
810 766
811 /* EVP digest */ 767 /* EVP single-shot digest */
812 memset(out, 0, sizeof(out)); 768 memset(out, 0, sizeof(out));
813 if (!EVP_DigestInit_ex(hash, md, NULL)) { 769 if (!EVP_Digest(st->in, st->in_len, out, NULL, md, NULL)) {
814 fprintf(stderr, 770 test_errorf(t, "EVP_Digest()");
815 "FAIL (%s:%zu): EVP_DigestInit_ex failed\n", 771 goto fail;
816 label, i); 772 }
817 goto failed;
818 }
819 773
820 in_len = st->in_len / 2; 774 if (memcmp(st->out, out, out_len) != 0) {
821 if (!EVP_DigestUpdate(hash, st->in, in_len)) { 775 test_errorf(t, "EVP single-shot: output diget mismatch");
822 fprintf(stderr, 776 test_hexdiff(t, out, out_len, st->out);
823 "FAIL (%s:%zu): EVP_DigestUpdate first half " 777 }
824 "failed\n", label, i);
825 goto failed;
826 }
827 778
828 if (!EVP_DigestUpdate(hash, st->in + in_len, 779 /* EVP digest */
829 st->in_len - in_len)) { 780 memset(out, 0, sizeof(out));
830 fprintf(stderr, 781 if (!EVP_DigestInit_ex(hash, md, NULL)) {
831 "FAIL (%s:%zu): EVP_DigestUpdate second half " 782 test_errorf(t, "EVP_DigestInit_ex() ");
832 "failed\n", label, i); 783 goto fail;
833 goto failed; 784 }
834 }
835 785
836 if (!EVP_DigestFinal_ex(hash, out, NULL)) { 786 in_len = st->in_len / 2;
837 fprintf(stderr, 787 if (!EVP_DigestUpdate(hash, st->in, in_len)) {
838 "FAIL (%s:%zu): EVP_DigestFinal_ex failed\n", 788 test_errorf(t, "EVP_DigestUpdate() first half");
839 label, i); 789 goto fail;
840 goto failed; 790 }
841 }
842 791
843 if (memcmp(st->out, out, out_len) != 0) { 792 if (!EVP_DigestUpdate(hash, st->in + in_len,
844 fprintf(stderr, "FAIL (%s:%zu): EVP mismatch\n", 793 st->in_len - in_len)) {
845 label, i); 794 test_errorf(t, "EVP_DigestUpdate() second half");
846 goto failed; 795 goto fail;
847 }
848 } 796 }
849 797
850 failed = 0; 798 if (!EVP_DigestFinal_ex(hash, out, NULL)) {
799 test_errorf(t, "EVP_DigestFinal_ex()");
800 goto fail;
801 }
851 802
852 failed: 803 if (memcmp(st->out, out, out_len) != 0) {
804 test_errorf(t, "EVP: digest output mismatch");
805 test_hexdiff(t, out, out_len, st->out);
806 }
807
808
809 fail:
853 EVP_MD_CTX_free(hash); 810 EVP_MD_CTX_free(hash);
854 return failed;
855} 811}
856 812
857static int 813static void
858sha_repetition_test(void) 814test_sha(struct test *t, const void *arg)
859{ 815{
860 const struct sha_repetition_test *st; 816 const struct sha_test *st;
817 size_t i;
818 char *name;
819
820 for (i = 0; i < N_SHA_TESTS; i++) {
821 st = &sha_tests[i];
822 if (asprintf(&name, "%s: '%s'", OBJ_nid2sn(st->algorithm), st->in) == -1) {
823 test_errorf(t, "create test name failed");
824 return;
825 }
826
827 test_run(t, name, test_sha_tv, st);
828 free(name);
829 }
830}
831
832static void
833test_sha_repetition_tv(struct test *t, const void *arg)
834{
835 const struct sha_repetition_test *st = arg;
861 EVP_MD_CTX *hash = NULL; 836 EVP_MD_CTX *hash = NULL;
862 const EVP_MD *md; 837 const EVP_MD *md;
863 uint8_t buf[1024]; 838 uint8_t buf[1024];
864 uint8_t out[EVP_MAX_MD_SIZE]; 839 uint8_t out[EVP_MAX_MD_SIZE];
865 size_t out_len, part_len; 840 size_t out_len, part_len;
866 size_t i, j; 841 size_t i;
867 const char *label;
868 int failed = 1;
869 842
870 if ((hash = EVP_MD_CTX_new()) == NULL) { 843 if ((hash = EVP_MD_CTX_new()) == NULL) {
871 fprintf(stderr, "FAIL: EVP_MD_CTX_new() failed\n"); 844 test_errorf(t, "EVP_MD_CTX_new()");
872 goto failed; 845 goto fail;
873 } 846 }
874 847
875 for (i = 0; i < N_SHA_REPETITION_TESTS; i++) { 848 if (!sha_hash_from_algorithm(st->algorithm, NULL, &md))
876 st = &sha_repetition_tests[i]; 849 goto fail;
877 if (!sha_hash_from_algorithm(st->algorithm, &label, NULL, &md,
878 &out_len))
879 goto failed;
880
881 /* EVP digest */
882 if (!EVP_DigestInit_ex(hash, md, NULL)) {
883 fprintf(stderr,
884 "FAIL (%s:%zu): EVP_DigestInit_ex failed\n",
885 label, i);
886 goto failed;
887 }
888 850
889 memset(buf, st->in, sizeof(buf)); 851 out_len = EVP_MD_size(md);
890 852
891 for (j = 0; j < st->in_repetitions;) { 853 /* EVP digest */
892 part_len = arc4random_uniform(sizeof(buf)); 854 if (!EVP_DigestInit_ex(hash, md, NULL)) {
893 if (part_len > st->in_repetitions - j) 855 test_errorf(t, "EVP_DigestInit_ex()");
894 part_len = st->in_repetitions - j; 856 goto fail;
857 }
895 858
896 if (!EVP_DigestUpdate(hash, buf, part_len)) { 859 memset(buf, st->in, sizeof(buf));
897 fprintf(stderr,
898 "FAIL (%s:%zu): EVP_DigestUpdate failed\n",
899 label, i);
900 goto failed;
901 }
902 860
903 j += part_len; 861 for (i = 0; i < st->in_repetitions;) {
904 } 862 part_len = arc4random_uniform(sizeof(buf));
863 if (part_len > st->in_repetitions - i)
864 part_len = st->in_repetitions - i;
905 865
906 if (!EVP_DigestFinal_ex(hash, out, NULL)) { 866 if (!EVP_DigestUpdate(hash, buf, part_len)) {
907 fprintf(stderr, 867 test_errorf(t, "EVP_DigestUpdate()");
908 "FAIL (%s:%zu): EVP_DigestFinal_ex failed\n", 868 goto fail;
909 label, i);
910 goto failed;
911 } 869 }
912 870
913 if (memcmp(st->out, out, out_len) != 0) { 871 i += part_len;
914 fprintf(stderr, "FAIL (%s:%zu): EVP mismatch\n", 872 }
915 label, i); 873
916 goto failed; 874 if (!EVP_DigestFinal_ex(hash, out, NULL)) {
917 } 875 test_errorf(t, "EVP_DigestFinal_ex()");
876 goto fail;
918 } 877 }
919 878
920 failed = 0; 879 if (memcmp(st->out, out, out_len) != 0) {
880 test_errorf(t, "EVP: digest output mismatch");
881 test_hexdiff(t, out, out_len, st->out);
882 goto fail;
883 }
921 884
922 failed: 885 fail:
923 EVP_MD_CTX_free(hash); 886 EVP_MD_CTX_free(hash);
924 return failed; 887}
888
889static void
890test_sha_repetition(struct test *t, const void *arg)
891{
892 const struct sha_repetition_test *st;
893 size_t i;
894 char *name;
895
896 for (i = 0; i < N_SHA_REPETITION_TESTS; i++) {
897 st = &sha_repetition_tests[i];
898 if (asprintf(&name, "%s: '%hhu' x %zu", OBJ_nid2sn(st->algorithm),
899 st->in, st->in_repetitions) == -1) {
900 test_errorf(t, "create test name failed");
901 return;
902 }
903
904 test_run(t, name, test_sha_repetition_tv, st);
905 free(name);
906 }
925} 907}
926 908
927int 909int
928main(int argc, char **argv) 910main(int argc, char **argv)
929{ 911{
930 int failed = 0; 912 struct test *t = test_init();
931 913
932 failed |= sha_test(); 914 test_run(t, "sha", test_sha, NULL);
933 failed |= sha_repetition_test(); 915 test_run(t, "sha repetition", test_sha_repetition, NULL);
934 916
935 return failed; 917 return test_result(t);
936} 918}
diff --git a/src/regress/lib/libcrypto/symbols/symbols.awk b/src/regress/lib/libcrypto/symbols/symbols.awk
index 8ea68b681e..253658e7a0 100644
--- a/src/regress/lib/libcrypto/symbols/symbols.awk
+++ b/src/regress/lib/libcrypto/symbols/symbols.awk
@@ -1,4 +1,4 @@
1# $OpenBSD: symbols.awk,v 1.13 2024/09/01 17:20:37 tb Exp $ 1# $OpenBSD: symbols.awk,v 1.15 2025/08/22 15:52:34 tb Exp $
2 2
3# Copyright (c) 2018,2020 Theo Buehler <tb@openbsd.org> 3# Copyright (c) 2018,2020 Theo Buehler <tb@openbsd.org>
4# 4#
@@ -26,7 +26,7 @@ BEGIN {
26 # Undefine aliases, so we don't accidentally leave them in Symbols.list. 26 # Undefine aliases, so we don't accidentally leave them in Symbols.list.
27 printf("#ifdef %s\n#undef %s\n#endif\n", $0, $0) 27 printf("#ifdef %s\n#undef %s\n#endif\n", $0, $0)
28 28
29 printf("static typeof(%s) *_libre_%s;\n", $0, $0); 29 printf("extern typeof(%s) *_libre_%s;\n", $0, $0);
30} 30}
31 31
32END { 32END {
@@ -51,8 +51,12 @@ END {
51 51
52 printf("\t\};\n\n") 52 printf("\t\};\n\n")
53 53
54 printf("\tfor (i = 0; i < sizeof(symbols) / sizeof(symbols[0]); i++)\n") 54 printf("\tfor (i = 0; i < sizeof(symbols) / sizeof(symbols[0]); i++) {\n")
55 printf("\t\tfprintf(stderr, \"%%s: %%p\\n\", symbols[i].name, symbols[i].addr);\n") 55 printf("\t\tfprintf(stderr, \"%%s: %%p\\n\", symbols[i].name, symbols[i].addr);\n")
56 printf("#if defined(USE_LIBRESSL_NAMESPACE)\n")
57 printf("\t\tfprintf(stderr, \"_libre_%%s: %%p\\n\", symbols[i].name, symbols[i].libre_addr);\n")
58 printf("#endif\n")
59 printf("\t}\n")
56 printf("\n\tprintf(\"OK\\n\");\n") 60 printf("\n\tprintf(\"OK\\n\");\n")
57 printf("\n\treturn 0;\n}\n") 61 printf("\n\treturn 0;\n}\n")
58} 62}
diff --git a/src/regress/lib/libcrypto/test/test.c b/src/regress/lib/libcrypto/test/test.c
new file mode 100644
index 0000000000..c99e2c6acc
--- /dev/null
+++ b/src/regress/lib/libcrypto/test/test.c
@@ -0,0 +1,226 @@
1/* $OpenBSD: test.c,v 1.6 2025/10/07 15:41:19 tb Exp $ */
2/*
3 * Copyright (c) 2025 Joshua Sing <joshua@joshuasing.dev>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdarg.h>
20#include <stdio.h>
21#include <stdlib.h>
22#include <string.h>
23#include <unistd.h>
24
25#include "test.h"
26
27struct test {
28 struct test *parent;
29 char *name;
30 FILE *out;
31 int skipped;
32 int failed;
33};
34
35static struct test *
36test_new(struct test *pt, const char *name)
37{
38 struct test *t;
39
40 if ((t = calloc(1, sizeof(*t))) == NULL)
41 err(1, "calloc");
42
43 if (name != NULL) {
44 if ((t->name = strdup(name)) == NULL)
45 err(1, "strdup");
46 }
47
48 if (pt != NULL)
49 t->out = pt->out;
50 t->parent = pt;
51
52 return t;
53}
54
55struct test *
56test_init(void)
57{
58 struct test *t;
59 char *tmp_file;
60 int out_fd;
61 char *v;
62
63 t = test_new(NULL, NULL);
64 t->out = stderr;
65
66 if (((v = getenv("TEST_VERBOSE")) != NULL) && strcmp(v, "0") != 0)
67 return t;
68
69 /* Create a temporary file for logging in non-verbose mode */
70 if ((tmp_file = strdup("/tmp/libressl-test.XXXXXXXX")) == NULL)
71 err(1, "strdup");
72 if ((out_fd = mkstemp(tmp_file)) == -1)
73 err(1, "mkstemp");
74
75 unlink(tmp_file);
76 free(tmp_file);
77 if ((t->out = fdopen(out_fd, "w+")) == NULL)
78 err(1, "fdopen");
79
80 return t;
81}
82
83static void
84test_cleanup(struct test *t)
85{
86 free(t->name);
87 free(t);
88}
89
90int
91test_result(struct test *t)
92{
93 int failed = t->failed;
94
95 if (t->parent == NULL && t->out != stderr)
96 fclose(t->out);
97
98 test_cleanup(t);
99
100 return failed;
101}
102
103void
104test_fail(struct test *t)
105{
106 t->failed = 1;
107
108 /* Also fail parent. */
109 if (t->parent != NULL)
110 test_fail(t->parent);
111}
112
113static void
114test_vprintf(struct test *t, const char *fmt, va_list ap)
115{
116 if (vfprintf(t->out, fmt, ap) == -1)
117 err(1, "vfprintf");
118}
119
120void
121test_printf(struct test *t, const char *fmt, ...)
122{
123 va_list ap;
124
125 va_start(ap, fmt);
126 test_vprintf(t, fmt, ap);
127 va_end(ap);
128}
129
130static void
131test_vlogf_internal(struct test *t, const char *label, const char *func,
132 const char *file, int line, const char *fmt, va_list ap)
133{
134 char *msg = NULL;
135 char *l = ": ";
136 const char *filename;
137
138 if (label == NULL) {
139 label = "";
140 l = "";
141 }
142
143 if (vasprintf(&msg, fmt, ap) == -1)
144 err(1, "vasprintf");
145
146 if ((filename = strrchr(file, '/')) != NULL)
147 filename++;
148 else
149 filename = file;
150
151 test_printf(t, "%s [%s:%d]%s%s: %s\n",
152 func, filename, line, l, label, msg);
153
154 free(msg);
155}
156
157void
158test_logf_internal(struct test *t, const char *label, const char *func,
159 const char *file, int line, const char *fmt, ...)
160{
161 va_list ap;
162
163 va_start(ap, fmt);
164 test_vlogf_internal(t, label, func, file, line, fmt, ap);
165 va_end(ap);
166}
167
168void
169test_skip(struct test *t, const char *reason)
170{
171 t->skipped = 1;
172 test_printf(t, "%s\n", reason);
173}
174
175void
176test_skipf(struct test *t, const char *fmt, ...)
177{
178 va_list ap;
179
180 t->skipped = 1;
181
182 va_start(ap, fmt);
183 test_vprintf(t, fmt, ap);
184 if (fputc('\n', t->out) == EOF)
185 err(1, "fputc");
186 va_end(ap);
187}
188
189void
190test_run(struct test *pt, const char *name, test_run_func *fn, const void *arg)
191{
192 struct test *t = test_new(pt, name);
193 char *status = "PASS";
194 char buf[1024];
195 size_t buflen;
196 int ferr;
197
198 /* Run test */
199 test_printf(t, "=== RUN %s\n", t->name);
200 fn(t, arg);
201
202 if (t->skipped)
203 status = "SKIP";
204 if (t->failed)
205 status = "FAIL";
206
207 test_printf(t, "--- %s: %s\n\n", status, t->name);
208
209 /* Print result of test */
210 if (t->failed && t->out != stderr) {
211 /* Copy logs to stderr */
212 rewind(t->out);
213 while ((buflen = fread(buf, 1, sizeof(buf), t->out)) > 0)
214 fwrite(buf, 1, buflen, stderr);
215 if ((ferr = ferror(t->out)) != 0)
216 errx(1, "ferror: %d", ferr);
217 }
218
219 if (t->out != NULL && t->out != stderr) {
220 /* Reset output file */
221 rewind(t->out);
222 ftruncate(fileno(t->out), 0);
223 }
224
225 test_cleanup(t);
226}
diff --git a/src/regress/lib/libcrypto/test/test.h b/src/regress/lib/libcrypto/test/test.h
new file mode 100644
index 0000000000..5df19b9be4
--- /dev/null
+++ b/src/regress/lib/libcrypto/test/test.h
@@ -0,0 +1,137 @@
1/* $OpenBSD: test.h,v 1.5 2025/12/25 02:40:53 tb Exp $ */
2/*
3 * Copyright (c) 2025 Joshua Sing <joshua@joshuasing.dev>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#ifndef HEADER_TEST_H
19#define HEADER_TEST_H
20
21#include <stddef.h>
22#include <stdint.h>
23
24struct test;
25
26/*
27 * test_init creates a new root test struct.
28 *
29 * Additional tests may be run under the root test struct by calling test_run.
30 *
31 * If the TEST_VERBOSE environment variable is set and not equal to "0", then
32 * verbose mode will be enabled and all test logs will be written to stderr.
33 */
34struct test *test_init(void);
35
36/*
37 * test_result cleans up after all tests have completed and returns an
38 * appropriate exit code indicating the result of the tests.
39 */
40int test_result(struct test *_t);
41
42/*
43 * test_run_func is an individual test function. It is passed the test struct
44 * and an arbitrary argument which may be passed when test_run is called.
45 */
46typedef void (test_run_func)(struct test *_t, const void *_arg);
47
48/*
49 * test_fail marks the test and its parents as failed.
50 */
51void test_fail(struct test *_t);
52
53/*
54 * test_printf prints a test log message. When in verbose mode, the log message
55 * will be written to stderr, otherwise it will be buffered and only written to
56 * stderr if the test fails.
57 *
58 * This printf will write directly, without any additional formatting.
59 */
60void test_printf(struct test *_t, const char *_fmt, ...)
61 __attribute__((__format__ (printf, 2, 3)))
62 __attribute__((__nonnull__ (2)));
63
64/*
65 * test_logf_internal prints a test log message. When in verbose mode, the
66 * log message will be written to stderr, otherwise it will be buffered and
67 * only written to stderr if the test fails.
68 *
69 * label is an optional label indicating the severity of the log.
70 * func, file and line are used to show where the log comes from and are
71 * automatically set in the test log macros.
72 *
73 * This function should never be called directly.
74 */
75void test_logf_internal(struct test *_t, const char *_label, const char *_func,
76 const char *_file, int _line, const char *_fmt, ...)
77 __attribute__((__format__ (printf, 6, 7)))
78 __attribute__((__nonnull__ (6)));
79
80/*
81 * test_logf prints an informational log message. When in verbose mode, the log
82 * will be written to stderr, otherwise it will be buffered and only written to
83 * stderr if the test fails.
84 */
85#define test_logf(t, fmt, ...) \
86 do { \
87 test_logf_internal(t, NULL, __func__, __FILE__, __LINE__, fmt, ##__VA_ARGS__); \
88 } while (0)
89
90/*
91 * test_errorf prints an error message. It will also cause the test to fail.
92 * If the test cannot proceed, it is recommended to return or goto a cleanup
93 * label.
94 *
95 * Tests should not fail-fast if continuing will provide more detailed
96 * information about what is broken.
97 */
98#define test_errorf(t, fmt, ...) \
99 do { \
100 test_logf_internal(t, "ERROR", __func__, __FILE__, __LINE__, fmt, ##__VA_ARGS__); \
101 test_fail(t); \
102 } while (0)
103
104/*
105 * test_skip marks the test as skipped. Once called, the test should return.
106 */
107void test_skip(struct test *_t, const char *_reason);
108
109/*
110 * test_skipf marks the test as skipped with a formatted reason. Once called,
111 * the test should return.
112 */
113void test_skipf(struct test *_t, const char *_fmt, ...)
114 __attribute__((__format__ (printf, 2, 3)))
115 __attribute__((__nonnull__ (2)));
116
117/*
118 * test_run runs a test function. It will create a new test struct with the
119 * given test as the parent. An argument may be provided to pass data to the
120 * test function, otherwise NULL should be passed.
121 *
122 * Each test should have a unique and informational name.
123 */
124void test_run(struct test *_t, const char *_name, test_run_func *_fn, const void *_arg);
125
126/*
127 * test_hexdump prints the given data as hexadecimal.
128 */
129void test_hexdump(struct test *_t, const unsigned char *_buf, size_t _len);
130
131/*
132 * test_hexdiff prints the given data as hexadecimal. If a second comparison
133 * buffer is not NULL, any differing bytes will be marked with an asterisk.
134 */
135void test_hexdiff(struct test *_t, const uint8_t *_buf, size_t _len, const uint8_t *_compare);
136
137#endif /* HEADER_TEST_H */
diff --git a/src/regress/lib/libcrypto/test/test_util.c b/src/regress/lib/libcrypto/test/test_util.c
new file mode 100644
index 0000000000..6ecb574788
--- /dev/null
+++ b/src/regress/lib/libcrypto/test/test_util.c
@@ -0,0 +1,51 @@
1/* $OpenBSD: test_util.c,v 1.1 2025/05/21 08:57:13 joshua Exp $ */
2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <stdio.h>
20#include <stdint.h>
21
22#include "test.h"
23
24void
25test_hexdump(struct test *t, const unsigned char *buf, size_t len)
26{
27 size_t i;
28
29 for (i = 1; i <= len; i++)
30 test_printf(t, " 0x%02x,%s", buf[i - 1], i % 8 ? "" : "\n");
31
32 if ((len % 8) != 0)
33 test_printf(t, "\n");
34}
35
36void
37test_hexdiff(struct test *t, const uint8_t *buf, size_t len, const uint8_t *compare)
38{
39 const char *mark = "", *newline;
40 size_t i;
41
42 for (i = 1; i <= len; i++) {
43 if (compare != NULL)
44 mark = (buf[i - 1] != compare[i - 1]) ? "*" : " ";
45 newline = i % 8 ? "" : "\n";
46 test_printf(t, " %s0x%02x,%s", mark, buf[i - 1], newline);
47 }
48
49 if ((len % 8) != 0)
50 test_printf(t, "\n");
51}
diff --git a/src/regress/lib/libcrypto/wycheproof/Makefile b/src/regress/lib/libcrypto/wycheproof/Makefile
index f2f7910b5b..ec737822b5 100644
--- a/src/regress/lib/libcrypto/wycheproof/Makefile
+++ b/src/regress/lib/libcrypto/wycheproof/Makefile
@@ -1,6 +1,6 @@
1# $OpenBSD: Makefile,v 1.9 2023/07/08 19:41:07 tb Exp $ 1# $OpenBSD: Makefile,v 1.11 2025/09/05 14:41:29 tb Exp $
2 2
3WYCHEPROOF_TESTVECTORS = /usr/local/share/wycheproof/testvectors/ 3WYCHEPROOF_TESTVECTORS = /usr/local/share/wycheproof/testvectors_v1/
4 4
5.if !exists(${WYCHEPROOF_TESTVECTORS}) 5.if !exists(${WYCHEPROOF_TESTVECTORS})
6regress: 6regress:
@@ -18,11 +18,17 @@ REGRESS_TARGETS += regress-wycheproof
18CLEANFILES += wycheproof 18CLEANFILES += wycheproof
19 19
20wycheproof: wycheproof.go 20wycheproof: wycheproof.go
21 go build -o wycheproof ${.CURDIR}/wycheproof.go 21 env GOCACHE=${.OBJDIR}/go-build go build -o wycheproof ${.CURDIR}/wycheproof.go
22 22
23regress-wycheproof: wycheproof 23regress-wycheproof: wycheproof
24 ./wycheproof 24 ./wycheproof
25 25
26REGRESS_CLEANUP = clean-go-cache
27
28clean-go-cache:
29 env GOCACHE=${.OBJDIR}/go-build go clean -cache
30 rm -rf ${.OBJDIR}/go-build
31
26. endif 32. endif
27 33
28PROGS += wycheproof-primes 34PROGS += wycheproof-primes
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof-json.pl b/src/regress/lib/libcrypto/wycheproof/wycheproof-json.pl
index 45c7542b59..0eea14752c 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof-json.pl
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof-json.pl
@@ -1,4 +1,4 @@
1# $OpenBSD: wycheproof-json.pl,v 1.2 2022/07/08 14:33:56 tb Exp $ 1# $OpenBSD: wycheproof-json.pl,v 1.3 2025/09/05 14:36:03 tb Exp $
2 2
3# Copyright (c) 2022 Joel Sing <jsing@openbsd.org> 3# Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
4# Copyright (c) 2022 Theo Buehler <tb@openbsd.org> 4# Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
@@ -17,7 +17,7 @@
17 17
18use JSON::PP; 18use JSON::PP;
19 19
20$test_vector_path = "/usr/local/share/wycheproof/testvectors"; 20$test_vector_path = "/usr/local/share/wycheproof/testvectors_v1";
21 21
22open JSON, "$test_vector_path/primality_test.json" or die; 22open JSON, "$test_vector_path/primality_test.json" or die;
23@json = <JSON>; 23@json = <JSON>;
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof-primes.c b/src/regress/lib/libcrypto/wycheproof/wycheproof-primes.c
index 57bd7a53da..e54fd484f9 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof-primes.c
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof-primes.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: wycheproof-primes.c,v 1.2 2022/12/01 13:49:12 tb Exp $ */ 1/* $OpenBSD: wycheproof-primes.c,v 1.3 2025/09/05 14:36:03 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2022 Theo Buehler <tb@openbsd.org> 3 * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
4 * 4 *
@@ -16,7 +16,9 @@
16 */ 16 */
17 17
18#include <err.h> 18#include <err.h>
19#include <limits.h>
19#include <stdio.h> 20#include <stdio.h>
21#include <string.h>
20 22
21#include <openssl/bn.h> 23#include <openssl/bn.h>
22 24
@@ -26,12 +28,31 @@ int
26primality_test(struct wycheproof_testcase *test) 28primality_test(struct wycheproof_testcase *test)
27{ 29{
28 BIGNUM *value = NULL; 30 BIGNUM *value = NULL;
31 size_t len;
29 int ret; 32 int ret;
30 int failed = 1; 33 int failed = 1;
31 34
32 if (!BN_hex2bn(&value, test->value)) 35 if (!BN_hex2bn(&value, test->value))
33 errx(1, "%d: failed to set value \"%s\"", test->id, test->value); 36 errx(1, "%d: failed to set value \"%s\"", test->id, test->value);
34 37
38 if ((len = strlen(test->value)) > INT_MAX / 4)
39 errx(1, "%d: overlong test string %zu", test->id, len);
40
41 if (len > 0 && test->value[0] >= '8') {
42 BIGNUM *pow2;
43
44 if ((pow2 = BN_new()) == NULL)
45 errx(1, "BN_new");
46
47 if (!BN_set_bit(pow2, 4 * len))
48 errx(1, "BN_set_bit");
49
50 if (!BN_sub(value, value, pow2))
51 errx(1, "BN_sub");
52
53 BN_free(pow2);
54 }
55
35 if ((ret = BN_is_prime_ex(value, BN_prime_checks, NULL, NULL)) < 0) 56 if ((ret = BN_is_prime_ex(value, BN_prime_checks, NULL, NULL)) < 0)
36 errx(1, "%d: BN_is_prime_ex errored", test->id); 57 errx(1, "%d: BN_is_prime_ex errored", test->id);
37 58
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index 8f0dfc8b2e..397958ac15 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,7 +1,7 @@
1/* $OpenBSD: wycheproof.go,v 1.161 2024/11/24 10:13:16 tb Exp $ */ 1/* $OpenBSD: wycheproof.go,v 1.196 2026/01/01 12:47:52 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2018,2019,2022-2024 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2018,2019,2022-2025 Theo Buehler <tb@openbsd.org>
5 * 5 *
6 * Permission to use, copy, modify, and distribute this software for any 6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above 7 * purpose with or without fee is hereby granted, provided that the above
@@ -36,6 +36,7 @@ package main
36#include <openssl/evp.h> 36#include <openssl/evp.h>
37#include <openssl/kdf.h> 37#include <openssl/kdf.h>
38#include <openssl/hmac.h> 38#include <openssl/hmac.h>
39#include <openssl/mlkem.h>
39#include <openssl/objects.h> 40#include <openssl/objects.h>
40#include <openssl/pem.h> 41#include <openssl/pem.h>
41#include <openssl/x509.h> 42#include <openssl/x509.h>
@@ -81,16 +82,16 @@ import (
81 "fmt" 82 "fmt"
82 "io/ioutil" 83 "io/ioutil"
83 "log" 84 "log"
85 "math/big"
84 "os" 86 "os"
85 "path/filepath" 87 "path/filepath"
86 "regexp"
87 "runtime" 88 "runtime"
88 "strings" 89 "strings"
89 "sync" 90 "sync"
90 "unsafe" 91 "unsafe"
91) 92)
92 93
93const testVectorPath = "/usr/local/share/wycheproof/testvectors" 94const testVectorPath = "/usr/local/share/wycheproof/testvectors_v1"
94 95
95type testVariant int 96type testVariant int
96 97
@@ -125,6 +126,59 @@ func wycheproofFormatTestCase(tcid int, comment string, flags []string, result s
125 126
126var testc *testCoordinator 127var testc *testCoordinator
127 128
129type BigInt struct {
130 *big.Int
131}
132
133func mustConvertBigIntToBigNum(bi *BigInt) *C.BIGNUM {
134 value := bi.Bytes()
135 if len(value) == 0 {
136 value = append(value, 0)
137 }
138 bn := C.BN_new()
139 if bn == nil {
140 log.Fatal("BN_new failed")
141 }
142 if C.BN_bin2bn((*C.uchar)(unsafe.Pointer(&value[0])), C.int(len(value)), bn) == nil {
143 log.Fatal("BN_bin2bn failed")
144 }
145 if bi.Sign() == -1 {
146 C.BN_set_negative(bn, C.int(1))
147 }
148 return bn
149}
150
151func (bi *BigInt) UnmarshalJSON(data []byte) error {
152 if len(data) < 2 || data[0] != '"' || data[len(data)-1] != '"' {
153 log.Fatalf("Failed to decode %q: too short or unquoted", data)
154 }
155 data = data[1 : len(data)-1]
156 if len(data)%2 == 1 {
157 pad := make([]byte, 1, len(data)+1)
158 if data[0] >= '0' && data[0] <= '7' {
159 pad[0] = '0'
160 } else {
161 pad[0] = 'f'
162 }
163 data = append(pad, data...)
164 }
165
166 src := make([]byte, hex.DecodedLen(len(data)))
167 _, err := hex.Decode(src, data)
168 if err != nil {
169 log.Fatalf("Failed to decode %q: %v", data, err)
170 }
171
172 bi.Int = &big.Int{}
173 bi.Int.SetBytes(src)
174 if data[0] >= '8' {
175 y := &big.Int{}
176 y.SetBit(y, 4*len(data), 1)
177 bi.Int.Sub(bi.Int, y)
178 }
179 return nil
180}
181
128type wycheproofJWKPublic struct { 182type wycheproofJWKPublic struct {
129 Crv string `json:"crv"` 183 Crv string `json:"crv"`
130 KID string `json:"kid"` 184 KID string `json:"kid"`
@@ -236,9 +290,9 @@ func (wt *wycheproofTestDSA) String() string {
236} 290}
237 291
238type wycheproofTestGroupDSA struct { 292type wycheproofTestGroupDSA struct {
239 Key *wycheproofDSAKey `json:"key"` 293 Key *wycheproofDSAKey `json:"publicKey"`
240 KeyDER string `json:"keyDer"` 294 KeyDER string `json:"publicKeyDer"`
241 KeyPEM string `json:"keyPem"` 295 KeyPEM string `json:"publicKeyPem"`
242 SHA string `json:"sha"` 296 SHA string `json:"sha"`
243 Type string `json:"type"` 297 Type string `json:"type"`
244 Tests []*wycheproofTestDSA `json:"tests"` 298 Tests []*wycheproofTestDSA `json:"tests"`
@@ -309,22 +363,38 @@ func (wt *wycheproofTestECDSA) String() string {
309} 363}
310 364
311type wycheproofTestGroupECDSA struct { 365type wycheproofTestGroupECDSA struct {
312 Key *wycheproofECDSAKey `json:"key"` 366 Key *wycheproofECDSAKey `json:"publicKey"`
313 KeyDER string `json:"keyDer"` 367 KeyDER string `json:"publicKeyDer"`
314 KeyPEM string `json:"keyPem"` 368 KeyPEM string `json:"publicKeyPem"`
315 SHA string `json:"sha"` 369 SHA string `json:"sha"`
316 Type string `json:"type"` 370 Type string `json:"type"`
317 Tests []*wycheproofTestECDSA `json:"tests"` 371 Tests []*wycheproofTestECDSA `json:"tests"`
318} 372}
319 373
320type wycheproofTestGroupECDSAWebCrypto struct { 374type wycheproofTestEcCurve struct {
321 JWK *wycheproofJWKPublic `json:"jwk"` 375 TCID int `json:"tcId"`
322 Key *wycheproofECDSAKey `json:"key"` 376 Comment string `json:"comment"`
323 KeyDER string `json:"keyDer"` 377 Flags []string `json:"flags"`
324 KeyPEM string `json:"keyPem"` 378 Name string `json:"name"`
325 SHA string `json:"sha"` 379 OID string `json:"oid"`
326 Type string `json:"type"` 380 Ref string `json:"ref"`
327 Tests []*wycheproofTestECDSA `json:"tests"` 381 P *BigInt `json:"p"`
382 N *BigInt `json:"n"`
383 A *BigInt `json:"a"`
384 B *BigInt `json:"b"`
385 Gx *BigInt `json:"gx"`
386 Gy *BigInt `json:"gy"`
387 H int `json:"h"`
388 Result string `json:"result"`
389}
390
391func (wt *wycheproofTestEcCurve) String() string {
392 return wycheproofFormatTestCase(wt.TCID, wt.Comment, wt.Flags, wt.Result)
393}
394
395type wycheproofTestGroupEcCurve struct {
396 Type string `json:"type"`
397 Tests []*wycheproofTestEcCurve `json:"tests"`
328} 398}
329 399
330type wycheproofJWKEdDSA struct { 400type wycheproofJWKEdDSA struct {
@@ -357,10 +427,10 @@ func (wt *wycheproofTestEdDSA) String() string {
357} 427}
358 428
359type wycheproofTestGroupEdDSA struct { 429type wycheproofTestGroupEdDSA struct {
360 JWK *wycheproofJWKEdDSA `json:"jwk"` 430 JWK *wycheproofJWKEdDSA `json:"publicKeyJwk"`
361 Key *wycheproofEdDSAKey `json:"key"` 431 Key *wycheproofEdDSAKey `json:"publicKey"`
362 KeyDer string `json:"keyDer"` 432 KeyDer string `json:"publicKeyDer"`
363 KeyPem string `json:"keyPem"` 433 KeyPem string `json:"publicKeyPem"`
364 Type string `json:"type"` 434 Type string `json:"type"`
365 Tests []*wycheproofTestEdDSA `json:"tests"` 435 Tests []*wycheproofTestEdDSA `json:"tests"`
366} 436}
@@ -428,10 +498,54 @@ type wycheproofTestGroupKW struct {
428 Tests []*wycheproofTestKW `json:"tests"` 498 Tests []*wycheproofTestKW `json:"tests"`
429} 499}
430 500
501type wycheproofTestMLKEM struct {
502 TCID int `json:"tcId"`
503 Comment string `json:"comment"`
504 Seed string `json:"seed"`
505 Ek string `json:"ek"`
506 Dk string `json:"dk"`
507 M string `json:"m"`
508 C string `json:"c"`
509 K string `json:"K"`
510 Result string `json:"result"`
511 Flags []string `json:"flags"`
512}
513
514func (wt *wycheproofTestMLKEM) String() string {
515 return wycheproofFormatTestCase(wt.TCID, wt.Comment, wt.Flags, wt.Result)
516}
517
518type wycheproofTestGroupMLKEM struct {
519 Type string `json:"type"`
520 ParameterSet string `json:"parameterSet"`
521 Tests []*wycheproofTestMLKEM `json:"tests"`
522}
523
524type wycheproofTestPbkdf struct {
525 TCID int `json:"tcId"`
526 Comment string `json:"comment"`
527 Flags []string `json:"string"`
528 Password string `json:"password"`
529 Salt string `json:"salt"`
530 IterationCount int `json:"iterationCount"`
531 DkLen int `json:"dkLen"`
532 Dk string `json:"dk"`
533 Result string `json:"result"`
534}
535
536func (wt *wycheproofTestPbkdf) String() string {
537 return wycheproofFormatTestCase(wt.TCID, wt.Comment, wt.Flags, wt.Result)
538}
539
540type wycheproofTestGroupPbkdf2HmacSha struct {
541 Type string `json:"type"`
542 Tests []*wycheproofTestPbkdf `json:"tests"`
543}
544
431type wycheproofTestPrimality struct { 545type wycheproofTestPrimality struct {
432 TCID int `json:"tcId"` 546 TCID int `json:"tcId"`
433 Comment string `json:"comment"` 547 Comment string `json:"comment"`
434 Value string `json:"value"` 548 Value *BigInt `json:"value"`
435 Result string `json:"result"` 549 Result string `json:"result"`
436 Flags []string `json:"flags"` 550 Flags []string `json:"flags"`
437} 551}
@@ -460,15 +574,31 @@ func (wt *wycheproofTestRSA) String() string {
460} 574}
461 575
462type wycheproofTestGroupRSA struct { 576type wycheproofTestGroupRSA struct {
463 E string `json:"e"` 577 PrivateKey *wycheproofRSAPrivateKey `json:"privateKey"`
464 KeyASN string `json:"keyAsn"` 578 PublicKey *wycheproofRSAPublicKey `json:"publicKey"`
465 KeyDER string `json:"keyDer"` 579 KeyASN string `json:"keyAsn"`
466 KeyPEM string `json:"keyPem"` 580 KeyDER string `json:"keyDer"`
467 KeySize int `json:"keysize"` 581 KeyPEM string `json:"keyPem"`
468 N string `json:"n"` 582 KeySize int `json:"keysize"`
469 SHA string `json:"sha"` 583 SHA string `json:"sha"`
470 Type string `json:"type"` 584 Type string `json:"type"`
471 Tests []*wycheproofTestRSA `json:"tests"` 585 Tests []*wycheproofTestRSA `json:"tests"`
586}
587
588type wycheproofRSAPublicKey struct {
589 Modulus string `json:"modulus"`
590 PublicExponent string `json:"publicExponent"`
591}
592
593type wycheproofRSAPrivateKey struct {
594 Modulus string `json:"modulus"`
595 PrivateExponent string `json:"privateExponent"`
596 PublicExponent string `json:"publicExponent"`
597 Prime1 string `json:"prime1"`
598 Prime2 string `json:"prime2"`
599 Exponent1 string `json:"exponent1"`
600 Exponent2 string `json:"exponent2"`
601 Coefficient string `json:"coefficient"`
472} 602}
473 603
474type wycheproofPrivateKeyJwk struct { 604type wycheproofPrivateKeyJwk struct {
@@ -500,29 +630,25 @@ func (wt *wycheproofTestRsaes) String() string {
500} 630}
501 631
502type wycheproofTestGroupRsaesOaep struct { 632type wycheproofTestGroupRsaesOaep struct {
503 D string `json:"d"` 633 Type string `json:"type"`
504 E string `json:"e"`
505 KeySize int `json:"keysize"` 634 KeySize int `json:"keysize"`
635 SHA string `json:"sha"`
506 MGF string `json:"mgf"` 636 MGF string `json:"mgf"`
507 MGFSHA string `json:"mgfSha"` 637 MGFSHA string `json:"mgfSha"`
508 N string `json:"n"` 638 PrivateKey *wycheproofRSAPrivateKey `json:"privateKey"`
509 PrivateKeyJwk *wycheproofPrivateKeyJwk `json:"privateKeyJwk"` 639 PrivateKeyJwk *wycheproofPrivateKeyJwk `json:"privateKeyJwk"`
510 PrivateKeyPem string `json:"privateKeyPem"` 640 PrivateKeyPem string `json:"privateKeyPem"`
511 PrivateKeyPkcs8 string `json:"privateKeyPkcs8"` 641 PrivateKeyPkcs8 string `json:"privateKeyPkcs8"`
512 SHA string `json:"sha"`
513 Type string `json:"type"`
514 Tests []*wycheproofTestRsaes `json:"tests"` 642 Tests []*wycheproofTestRsaes `json:"tests"`
515} 643}
516 644
517type wycheproofTestGroupRsaesPkcs1 struct { 645type wycheproofTestGroupRsaesPkcs1 struct {
518 D string `json:"d"` 646 Type string `json:"type"`
519 E string `json:"e"` 647 PrivateKey *wycheproofRSAPrivateKey `json:"privateKey"`
520 KeySize int `json:"keysize"`
521 N string `json:"n"`
522 PrivateKeyJwk *wycheproofPrivateKeyJwk `json:"privateKeyJwk"` 648 PrivateKeyJwk *wycheproofPrivateKeyJwk `json:"privateKeyJwk"`
523 PrivateKeyPem string `json:"privateKeyPem"` 649 PrivateKeyPem string `json:"privateKeyPem"`
524 PrivateKeyPkcs8 string `json:"privateKeyPkcs8"` 650 PrivateKeyPkcs8 string `json:"privateKeyPkcs8"`
525 Type string `json:"type"` 651 KeySize int `json:"keysize"`
526 Tests []*wycheproofTestRsaes `json:"tests"` 652 Tests []*wycheproofTestRsaes `json:"tests"`
527} 653}
528 654
@@ -540,18 +666,18 @@ func (wt *wycheproofTestRsassa) String() string {
540} 666}
541 667
542type wycheproofTestGroupRsassa struct { 668type wycheproofTestGroupRsassa struct {
543 E string `json:"e"` 669 PrivateKey *wycheproofRSAPrivateKey `json:"privateKey"`
544 KeyASN string `json:"keyAsn"` 670 PublicKey *wycheproofRSAPublicKey `json:"publicKey"`
545 KeyDER string `json:"keyDer"` 671 KeyASN string `json:"keyAsn"`
546 KeyPEM string `json:"keyPem"` 672 KeyDER string `json:"keyDer"`
547 KeySize int `json:"keysize"` 673 KeyPEM string `json:"keyPem"`
548 MGF string `json:"mgf"` 674 KeySize int `json:"keysize"`
549 MGFSHA string `json:"mgfSha"` 675 MGF string `json:"mgf"`
550 N string `json:"n"` 676 MGFSHA string `json:"mgfSha"`
551 SLen int `json:"sLen"` 677 SLen int `json:"sLen"`
552 SHA string `json:"sha"` 678 SHA string `json:"sha"`
553 Type string `json:"type"` 679 Type string `json:"type"`
554 Tests []*wycheproofTestRsassa `json:"tests"` 680 Tests []*wycheproofTestRsassa `json:"tests"`
555} 681}
556 682
557type wycheproofTestX25519 struct { 683type wycheproofTestX25519 struct {
@@ -578,13 +704,13 @@ type wycheproofTestGroupRunner interface {
578 run(string, testVariant) bool 704 run(string, testVariant) bool
579} 705}
580 706
581type wycheproofTestVectors struct { 707type wycheproofTestVectorsV1 struct {
582 Algorithm string `json:"algorithm"` 708 Algorithm string `json:"algorithm"`
583 GeneratorVersion string `json:"generatorVersion"` 709 Schema string `json:"schema"`
584 Notes map[string]string `json:"notes"` 710 NumberOfTests int `json:"numberOfTests"`
585 NumberOfTests int `json:"numberOfTests"` 711 Header []string `json:"header"`
586 // Header 712 Notes json.RawMessage `json:"notes"`
587 TestGroups []json.RawMessage `json:"testGroups"` 713 TestGroups []json.RawMessage `json:"testGroups"`
588} 714}
589 715
590var nids = map[string]int{ 716var nids = map[string]int{
@@ -641,10 +767,16 @@ func nidFromString(ns string) (int, error) {
641 return -1, fmt.Errorf("unknown NID %q", ns) 767 return -1, fmt.Errorf("unknown NID %q", ns)
642} 768}
643 769
644func skipSmallCurve(nid int) bool { 770func skipHash(hash string) bool {
771 return hash == "SHAKE128" || hash == "SHAKE256"
772}
773
774func skipCurve(nid int) bool {
645 switch C.int(nid) { 775 switch C.int(nid) {
646 case C.NID_secp160k1, C.NID_secp160r1, C.NID_secp160r2, C.NID_secp192k1, C.NID_X9_62_prime192v1: 776 case C.NID_secp160k1, C.NID_secp160r1, C.NID_secp160r2, C.NID_secp192k1, C.NID_X9_62_prime192v1:
647 return true 777 return true
778 case C.NID_sect283k1, C.NID_sect283r1, C.NID_sect409k1, C.NID_sect409r1, C.NID_sect571k1, C.NID_sect571r1:
779 return true
648 } 780 }
649 return false 781 return false
650} 782}
@@ -661,6 +793,7 @@ var evpMds = map[string]*C.EVP_MD{
661 "SHA3-256": C.EVP_sha3_256(), 793 "SHA3-256": C.EVP_sha3_256(),
662 "SHA3-384": C.EVP_sha3_384(), 794 "SHA3-384": C.EVP_sha3_384(),
663 "SHA3-512": C.EVP_sha3_512(), 795 "SHA3-512": C.EVP_sha3_512(),
796 "SM3": C.EVP_sm3(),
664} 797}
665 798
666func hashEvpMdFromString(hs string) (*C.EVP_MD, error) { 799func hashEvpMdFromString(hs string) (*C.EVP_MD, error) {
@@ -1266,7 +1399,7 @@ func runEvpChaCha20Poly1305Test(ctx *C.EVP_CIPHER_CTX, algorithm string, wt *wyc
1266 log.Fatal("Failed EVP_EncryptUpdate aad") 1399 log.Fatal("Failed EVP_EncryptUpdate aad")
1267 } 1400 }
1268 1401
1269 sealed := make([]byte, ctLen + tagLen) 1402 sealed := make([]byte, ctLen+tagLen)
1270 copy(sealed, msg) 1403 copy(sealed, msg)
1271 if C.EVP_EncryptUpdate(ctx, (*C.uchar)(unsafe.Pointer(&sealed[0])), (*C.int)(unsafe.Pointer(&len)), (*C.uchar)(unsafe.Pointer(&sealed[0])), (C.int)(msgLen)) != 1 { 1404 if C.EVP_EncryptUpdate(ctx, (*C.uchar)(unsafe.Pointer(&sealed[0])), (*C.int)(unsafe.Pointer(&len)), (*C.uchar)(unsafe.Pointer(&sealed[0])), (C.int)(msgLen)) != 1 {
1272 log.Fatal("Failed EVP_EncryptUpdate msg") 1405 log.Fatal("Failed EVP_EncryptUpdate msg")
@@ -1281,7 +1414,7 @@ func runEvpChaCha20Poly1305Test(ctx *C.EVP_CIPHER_CTX, algorithm string, wt *wyc
1281 } 1414 }
1282 outLen += (C.int)(tagLen) 1415 outLen += (C.int)(tagLen)
1283 1416
1284 if (C.int)(ctLen + tagLen) != outLen { 1417 if (C.int)(ctLen+tagLen) != outLen {
1285 fmt.Printf("%s\n", wt) 1418 fmt.Printf("%s\n", wt)
1286 } 1419 }
1287 1420
@@ -1290,7 +1423,7 @@ func runEvpChaCha20Poly1305Test(ctx *C.EVP_CIPHER_CTX, algorithm string, wt *wyc
1290 tagMatch := bytes.Equal(tag, sealed[ctLen:]) 1423 tagMatch := bytes.Equal(tag, sealed[ctLen:])
1291 if (ctMatch && tagMatch) == (wt.Result != "invalid") { 1424 if (ctMatch && tagMatch) == (wt.Result != "invalid") {
1292 sealSuccess = true 1425 sealSuccess = true
1293 } else { 1426 } else {
1294 fmt.Printf("%s - ct match: %t tag match: %t\n", wt, ctMatch, tagMatch) 1427 fmt.Printf("%s - ct match: %t tag match: %t\n", wt, ctMatch, tagMatch)
1295 } 1428 }
1296 1429
@@ -1316,9 +1449,9 @@ func runEvpChaCha20Poly1305Test(ctx *C.EVP_CIPHER_CTX, algorithm string, wt *wyc
1316 ct = append(ct, 0) 1449 ct = append(ct, 0)
1317 } 1450 }
1318 1451
1319 opened := make([]byte, msgLen + tagLen) 1452 opened := make([]byte, msgLen+tagLen)
1320 copy(opened, ct) 1453 copy(opened, ct)
1321 if msgLen + aadLen == 0 { 1454 if msgLen+aadLen == 0 {
1322 opened = append(opened, 0) 1455 opened = append(opened, 0)
1323 } 1456 }
1324 1457
@@ -1622,7 +1755,7 @@ func runECDHTest(nid int, variant testVariant, wt *wycheproofTestECDH) bool {
1622 1755
1623 shared, sharedLen := mustDecodeHexString(wt.Shared, "shared secret") 1756 shared, sharedLen := mustDecodeHexString(wt.Shared, "shared secret")
1624 1757
1625 // XXX The shared fields of the secp224k1 test cases have a 0 byte preprended. 1758 // XXX The shared fields of the secp224k1 test cases have a 0 byte prepended.
1626 if sharedLen == int(secLen)+1 && shared[0] == 0 { 1759 if sharedLen == int(secLen)+1 && shared[0] == 0 {
1627 fmt.Printf("INFO: %s - prepending 0 byte.\n", wt) 1760 fmt.Printf("INFO: %s - prepending 0 byte.\n", wt)
1628 // shared = shared[1:]; 1761 // shared = shared[1:];
@@ -1645,7 +1778,7 @@ func (wtg *wycheproofTestGroupECDH) run(algorithm string, variant testVariant) b
1645 if err != nil { 1778 if err != nil {
1646 log.Fatalf("Failed to get nid for curve: %v", err) 1779 log.Fatalf("Failed to get nid for curve: %v", err)
1647 } 1780 }
1648 if skipSmallCurve(nid) { 1781 if skipCurve(nid) {
1649 return true 1782 return true
1650 } 1783 }
1651 1784
@@ -1766,7 +1899,16 @@ func runECDSATest(ecKey *C.EC_KEY, md *C.EVP_MD, nid int, variant testVariant, w
1766 msg, msgLen := mustHashHexMessage(md, wt.Msg) 1899 msg, msgLen := mustHashHexMessage(md, wt.Msg)
1767 1900
1768 var ret C.int 1901 var ret C.int
1769 if variant == Webcrypto || variant == P1363 { 1902 if variant == P1363 {
1903 order_bytes := int((C.EC_GROUP_order_bits(C.EC_KEY_get0_group(ecKey)) + 7) / 8)
1904 if len(wt.Sig)/2 != 2*order_bytes {
1905 if wt.Result == "valid" {
1906 fmt.Printf("FAIL: %s - incorrect signature length, %d, %d\n", wt, len(wt.Sig)/2, 2*order_bytes)
1907 return false
1908 }
1909 return true
1910 }
1911
1770 cDer, derLen := encodeECDSAWebCryptoSig(wt.Sig) 1912 cDer, derLen := encodeECDSAWebCryptoSig(wt.Sig)
1771 if cDer == nil { 1913 if cDer == nil {
1772 fmt.Print("FAIL: unable to decode signature") 1914 fmt.Print("FAIL: unable to decode signature")
@@ -1797,7 +1939,10 @@ func (wtg *wycheproofTestGroupECDSA) run(algorithm string, variant testVariant)
1797 if err != nil { 1939 if err != nil {
1798 log.Fatalf("Failed to get nid for curve: %v", err) 1940 log.Fatalf("Failed to get nid for curve: %v", err)
1799 } 1941 }
1800 if skipSmallCurve(nid) { 1942 if skipCurve(nid) {
1943 return true
1944 }
1945 if skipHash(wtg.SHA) {
1801 return true 1946 return true
1802 } 1947 }
1803 ecKey := C.EC_KEY_new_by_curve_name(C.int(nid)) 1948 ecKey := C.EC_KEY_new_by_curve_name(C.int(nid))
@@ -1892,55 +2037,73 @@ func encodeECDSAWebCryptoSig(wtSig string) (*C.uchar, C.int) {
1892 return cDer, derLen 2037 return cDer, derLen
1893} 2038}
1894 2039
1895func (wtg *wycheproofTestGroupECDSAWebCrypto) run(algorithm string, variant testVariant) bool { 2040func runEcCurveTest(wt *wycheproofTestEcCurve) bool {
1896 fmt.Printf("Running %v test group %v with curve %v, key size %d and %v...\n", algorithm, wtg.Type, wtg.Key.Curve, wtg.Key.KeySize, wtg.SHA) 2041 oid := C.CString(wt.OID)
2042 defer C.free(unsafe.Pointer(oid))
1897 2043
1898 nid, err := nidFromString(wtg.JWK.Crv) 2044 nid := C.OBJ_txt2nid(oid)
1899 if err != nil { 2045 if nid == C.NID_undef {
1900 log.Fatalf("Failed to get nid for curve: %v", err) 2046 fmt.Printf("INFO: %s: %s: unknown OID %s\n", wt, wt.Name, wt.OID)
1901 } 2047 return false
1902 ecKey := C.EC_KEY_new_by_curve_name(C.int(nid))
1903 if ecKey == nil {
1904 log.Fatal("EC_KEY_new_by_curve_name failed")
1905 } 2048 }
1906 defer C.EC_KEY_free(ecKey)
1907 2049
1908 x, err := base64.RawURLEncoding.DecodeString(wtg.JWK.X) 2050 builtinGroup := C.EC_GROUP_new_by_curve_name(nid)
1909 if err != nil { 2051 defer C.EC_GROUP_free(builtinGroup)
1910 log.Fatalf("Failed to base64 decode X: %v", err) 2052
1911 } 2053 if builtinGroup == nil {
1912 bnX := C.BN_bin2bn((*C.uchar)(unsafe.Pointer(&x[0])), C.int(len(x)), nil) 2054 fmt.Printf("INFO: %s: %s: no builtin curve for OID %s\n", wt, wt.Name, wt.OID)
1913 if bnX == nil { 2055 return true
1914 log.Fatal("Failed to decode X")
1915 } 2056 }
1916 defer C.BN_free(bnX)
1917 2057
1918 y, err := base64.RawURLEncoding.DecodeString(wtg.JWK.Y) 2058 p := mustConvertBigIntToBigNum(wt.P)
1919 if err != nil { 2059 defer C.BN_free(p)
1920 log.Fatalf("Failed to base64 decode Y: %v", err) 2060 a := mustConvertBigIntToBigNum(wt.A)
2061 defer C.BN_free(a)
2062 b := mustConvertBigIntToBigNum(wt.B)
2063 defer C.BN_free(b)
2064 n := mustConvertBigIntToBigNum(wt.N)
2065 defer C.BN_free(n)
2066 x := mustConvertBigIntToBigNum(wt.Gx)
2067 defer C.BN_free(x)
2068 y := mustConvertBigIntToBigNum(wt.Gy)
2069 defer C.BN_free(y)
2070
2071 group := C.EC_GROUP_new_curve_GFp(p, a, b, (*C.BN_CTX)(nil))
2072 defer C.EC_GROUP_free(group)
2073
2074 if group == nil {
2075 log.Fatalf("EC_GROUP_new_curve_GFp failed")
1921 } 2076 }
1922 bnY := C.BN_bin2bn((*C.uchar)(unsafe.Pointer(&y[0])), C.int(len(y)), nil) 2077
1923 if bnY == nil { 2078 point := C.EC_POINT_new(group)
1924 log.Fatal("Failed to decode Y") 2079 defer C.EC_POINT_free(point)
2080
2081 if point == nil {
2082 log.Fatalf("EC_POINT_new failed")
1925 } 2083 }
1926 defer C.BN_free(bnY)
1927 2084
1928 if C.EC_KEY_set_public_key_affine_coordinates(ecKey, bnX, bnY) != 1 { 2085 if C.EC_POINT_set_affine_coordinates(group, point, x, y, (*C.BN_CTX)(nil)) == 0 {
1929 log.Fatal("Failed to set EC public key") 2086 log.Fatalf("EC_POINT_set_affine_coordinates failed")
1930 } 2087 }
1931 2088
1932 nid, err = nidFromString(wtg.SHA) 2089 if C.EC_GROUP_set_generator(group, point, n, (*C.BIGNUM)(nil)) == 0 {
1933 if err != nil { 2090 log.Fatalf("EC_POINT_set_generator failed")
1934 log.Fatalf("Failed to get MD NID: %v", err)
1935 } 2091 }
1936 md, err := hashEvpMdFromString(wtg.SHA) 2092
1937 if err != nil { 2093 success := true
1938 log.Fatalf("Failed to get hash: %v", err) 2094 if C.EC_GROUP_cmp(group, builtinGroup, (*C.BN_CTX)(nil)) != 0 {
2095 fmt.Printf("FAIL: %s %s builtin curve has wrong parameters\n", wt, wt.Name)
2096 success = false
1939 } 2097 }
2098 return success
2099}
2100
2101func (wtg *wycheproofTestGroupEcCurve) run(algorithm string, variant testVariant) bool {
2102 fmt.Printf("Running %v test group %v...\n", algorithm, wtg.Type)
1940 2103
1941 success := true 2104 success := true
1942 for _, wt := range wtg.Tests { 2105 for _, wt := range wtg.Tests {
1943 if !runECDSATest(ecKey, md, nid, Webcrypto, wt) { 2106 if !runEcCurveTest(wt) {
1944 success = false 2107 success = false
1945 } 2108 }
1946 } 2109 }
@@ -1972,11 +2135,11 @@ func runEdDSATest(pkey *C.EVP_PKEY, wt *wycheproofTestEdDSA) bool {
1972} 2135}
1973 2136
1974func (wtg *wycheproofTestGroupEdDSA) run(algorithm string, variant testVariant) bool { 2137func (wtg *wycheproofTestGroupEdDSA) run(algorithm string, variant testVariant) bool {
1975 fmt.Printf("Running %v test group %v...\n", algorithm, wtg.Type) 2138 if wtg.Key.Curve == "edwards25519" {
1976 2139 fmt.Printf("Running %v test group %v...\n", algorithm, wtg.Type)
1977 if wtg.Key.Curve != "edwards25519" || wtg.Key.KeySize != 255 { 2140 } else {
1978 fmt.Printf("INFO: Unexpected curve or key size. want (\"edwards25519\", 255), got (%q, %d)\n", wtg.Key.Curve, wtg.Key.KeySize) 2141 fmt.Printf("INFO: Skipping %v test group %v for %v...\n", algorithm, wtg.Type, wtg.Key.Curve)
1979 return false 2142 return true
1980 } 2143 }
1981 2144
1982 pubKey, pubKeyLen := mustDecodeHexString(wtg.Key.Pk, "pubkey") 2145 pubKey, pubKeyLen := mustDecodeHexString(wtg.Key.Pk, "pubkey")
@@ -2110,6 +2273,10 @@ func (wtg *wycheproofTestGroupHmac) run(algorithm string, variant testVariant) b
2110 if strings.HasPrefix(algorithm, "HMACSHA3-") { 2273 if strings.HasPrefix(algorithm, "HMACSHA3-") {
2111 prefix = "SHA" 2274 prefix = "SHA"
2112 } 2275 }
2276 if algorithm == "HMACSM3" {
2277 prefix = ""
2278 algorithm = "SM3"
2279 }
2113 md, err := hashEvpMdFromString(prefix + strings.TrimPrefix(algorithm, "HMACSHA")) 2280 md, err := hashEvpMdFromString(prefix + strings.TrimPrefix(algorithm, "HMACSHA"))
2114 if err != nil { 2281 if err != nil {
2115 log.Fatalf("Failed to get hash: %v", err) 2282 log.Fatalf("Failed to get hash: %v", err)
@@ -2204,13 +2371,163 @@ func (wtg *wycheproofTestGroupKW) run(algorithm string, variant testVariant) boo
2204 return success 2371 return success
2205} 2372}
2206 2373
2207func runPrimalityTest(wt *wycheproofTestPrimality) bool { 2374func runMLKEMTestGroup(rank C.int, wt *wycheproofTestMLKEM) bool {
2208 var bnValue *C.BIGNUM 2375 privKey := C.MLKEM_private_key_new(rank)
2209 value := C.CString(wt.Value) 2376 defer C.MLKEM_private_key_free(privKey)
2210 if C.BN_hex2bn(&bnValue, value) == 0 { 2377 if privKey == nil {
2211 log.Fatal("Failed to set bnValue") 2378 log.Fatal("MLKEM_private_key_new failed")
2212 } 2379 }
2213 C.free(unsafe.Pointer(value)) 2380 pubKey := C.MLKEM_public_key_new(rank)
2381 defer C.MLKEM_public_key_free(pubKey)
2382 if pubKey == nil {
2383 log.Fatal("MLKEM_public_key_new failed")
2384 }
2385
2386 seed, seedLen := mustDecodeHexString(wt.Seed, "seed")
2387 ek, _ := mustDecodeHexString(wt.Ek, "ek")
2388
2389 if C.MLKEM_private_key_from_seed(privKey, (*C.uchar)(unsafe.Pointer(&seed[0])), C.size_t(seedLen)) != 1 {
2390 fmt.Printf("%s - MLKEM_private_key_from_seed failed\n", wt)
2391 return false
2392 }
2393
2394 if C.MLKEM_public_from_private(privKey, pubKey) != 1 {
2395 fmt.Printf("%s - MLKEM_public_from_private failed\n", wt)
2396 return false
2397 }
2398
2399 var marshalledPubKey *C.uchar
2400 var marshalledPubKeyLen C.size_t
2401 defer C.free(unsafe.Pointer(marshalledPubKey))
2402 if C.MLKEM_marshal_public_key(pubKey, (**C.uchar)(unsafe.Pointer(&marshalledPubKey)), (*C.size_t)(unsafe.Pointer(&marshalledPubKeyLen))) != 1 {
2403 fmt.Printf("%s - MLKEM_marshal_private_key failed\n", wt)
2404 return false
2405 }
2406 gotEk := unsafe.Slice((*byte)(unsafe.Pointer(marshalledPubKey)), marshalledPubKeyLen)
2407
2408 if !bytes.Equal(ek, gotEk) {
2409 fmt.Printf("FAIL: %s marshalledPubKey mismatch\n", wt)
2410 return false
2411 }
2412
2413 c, cLen := mustDecodeHexString(wt.C, "c")
2414
2415 var sharedSecret *C.uchar
2416 var sharedSecretLen C.size_t
2417 defer C.free(unsafe.Pointer(sharedSecret))
2418 if C.MLKEM_decap(privKey, (*C.uchar)(unsafe.Pointer(&c[0])), C.size_t(cLen), (**C.uchar)(unsafe.Pointer(&sharedSecret)), (*C.size_t)(unsafe.Pointer(&sharedSecretLen))) != 1 {
2419 fmt.Printf("%s - MLKEM_decap failed\n", wt)
2420 return false
2421 }
2422 gotK := unsafe.Slice((*byte)(unsafe.Pointer(sharedSecret)), sharedSecretLen)
2423
2424 k, _ := mustDecodeHexString(wt.K, "K")
2425
2426 if !bytes.Equal(k, gotK) {
2427 fmt.Printf("FAIL: %s sharedSecret mismatch\n", wt)
2428 return false
2429 }
2430
2431 return true
2432}
2433
2434func runMLKEMEncapsTestGroup(rank C.int, wt *wycheproofTestMLKEM) bool {
2435 pubKey := C.MLKEM_public_key_new(rank)
2436 defer C.MLKEM_public_key_free(pubKey)
2437 if pubKey == nil {
2438 log.Fatal("MLKEM_public_key_new failed")
2439 }
2440
2441 ek, ekLen := mustDecodeHexString(wt.C, "eK")
2442
2443 if C.MLKEM_parse_public_key(pubKey, (*C.uchar)(unsafe.Pointer(&ek[0])), (C.size_t)(ekLen)) != 0 || wt.Result != "invalid" {
2444 fmt.Printf("FAIL: %s MLKEM_parse_public_key succeeded\n", wt)
2445 return false
2446 }
2447
2448 return true
2449}
2450
2451func runMLKEMDecapsValidationTest(rank C.int, wt *wycheproofTestMLKEM) bool {
2452 return true
2453}
2454
2455func (wtg *wycheproofTestGroupMLKEM) run(algorithm string, variant testVariant) bool {
2456 var rank C.int
2457
2458 switch wtg.ParameterSet {
2459 case "ML-KEM-512":
2460 fmt.Printf("INFO: skipping %v test group of type %v for %s\n", algorithm, wtg.Type, wtg.ParameterSet)
2461 return true
2462 case "ML-KEM-768":
2463 rank = C.MLKEM768_RANK
2464 case "ML-KEM-1024":
2465 rank = C.MLKEM1024_RANK
2466 default:
2467 log.Fatalf("Unknown ML-KEM parameterSet %v", wtg.ParameterSet)
2468 }
2469 fmt.Printf("Running %v test group of type %v\n", algorithm, wtg.Type)
2470
2471 type MLKEMTestFunc func(C.int, *wycheproofTestMLKEM) bool
2472 var runTest MLKEMTestFunc
2473
2474 switch wtg.Type {
2475 case "MLKEMTest":
2476 runTest = runMLKEMTestGroup
2477 case "MLKEMEncapsTest":
2478 runTest = runMLKEMEncapsTestGroup
2479 case "MLKEMDecapsValidationTest":
2480 runTest = runMLKEMDecapsValidationTest
2481 default:
2482 log.Fatalf("Unknown ML-KEM test type %v", wtg.Type)
2483 }
2484
2485 success := true
2486 for _, wt := range wtg.Tests {
2487 if !runTest(rank, wt) {
2488 success = false
2489 }
2490 }
2491 return success
2492}
2493
2494func runPbkdfTest(md *C.EVP_MD, wt *wycheproofTestPbkdf) bool {
2495 pw, pwLen := mustDecodeHexString(wt.Password, "password")
2496 salt, saltLen := mustDecodeHexString(wt.Salt, "salt")
2497 dk, _ := mustDecodeHexString(wt.Dk, "dk")
2498
2499 out := make([]byte, wt.DkLen)
2500
2501 ret := C.PKCS5_PBKDF2_HMAC((*C.char)(unsafe.Pointer(&pw[0])), C.int(pwLen), (*C.uchar)(unsafe.Pointer(&salt[0])), C.int(saltLen), C.int(wt.IterationCount), md, C.int(wt.DkLen), (*C.uchar)(unsafe.Pointer(&out[0])))
2502
2503 success := true
2504 if ret != 1 || !bytes.Equal(dk, out) || wt.Result != "valid" {
2505 fmt.Printf("%s - %d\n", wt, int(ret))
2506 success = false
2507 }
2508
2509 return success
2510}
2511
2512func (wtg *wycheproofTestGroupPbkdf2HmacSha) run(algorithm string, variant testVariant) bool {
2513 fmt.Printf("Running %v test group of type %v...\n", algorithm, wtg.Type)
2514
2515 md, err := hashEvpMdFromString("SHA-" + strings.TrimPrefix(algorithm, "PBKDF2-HMACSHA"))
2516 if err != nil {
2517 log.Fatalf("Failed to get hash: %v", err)
2518 }
2519
2520 success := true
2521 for _, wt := range wtg.Tests {
2522 if !runPbkdfTest(md, wt) {
2523 success = false
2524 }
2525 }
2526 return success
2527}
2528
2529func runPrimalityTest(wt *wycheproofTestPrimality) bool {
2530 bnValue := mustConvertBigIntToBigNum(wt.Value)
2214 defer C.BN_free(bnValue) 2531 defer C.BN_free(bnValue)
2215 2532
2216 ret := C.BN_is_prime_ex(bnValue, C.BN_prime_checks, (*C.BN_CTX)(unsafe.Pointer(nil)), (*C.BN_GENCB)(unsafe.Pointer(nil))) 2533 ret := C.BN_is_prime_ex(bnValue, C.BN_prime_checks, (*C.BN_CTX)(unsafe.Pointer(nil)), (*C.BN_GENCB)(unsafe.Pointer(nil)))
@@ -2280,13 +2597,17 @@ func runRsaesOaepTest(rsa *C.RSA, sha *C.EVP_MD, mgfSha *C.EVP_MD, wt *wycheproo
2280func (wtg *wycheproofTestGroupRsaesOaep) run(algorithm string, variant testVariant) bool { 2597func (wtg *wycheproofTestGroupRsaesOaep) run(algorithm string, variant testVariant) bool {
2281 fmt.Printf("Running %v test group %v with key size %d MGF %v and %v...\n", algorithm, wtg.Type, wtg.KeySize, wtg.MGFSHA, wtg.SHA) 2598 fmt.Printf("Running %v test group %v with key size %d MGF %v and %v...\n", algorithm, wtg.Type, wtg.KeySize, wtg.MGFSHA, wtg.SHA)
2282 2599
2600 if skipHash(wtg.SHA) {
2601 return true
2602 }
2603
2283 rsa := C.RSA_new() 2604 rsa := C.RSA_new()
2284 if rsa == nil { 2605 if rsa == nil {
2285 log.Fatal("RSA_new failed") 2606 log.Fatal("RSA_new failed")
2286 } 2607 }
2287 defer C.RSA_free(rsa) 2608 defer C.RSA_free(rsa)
2288 2609
2289 d := C.CString(wtg.D) 2610 d := C.CString(wtg.PrivateKey.PrivateExponent)
2290 var rsaD *C.BIGNUM 2611 var rsaD *C.BIGNUM
2291 defer C.BN_free(rsaD) 2612 defer C.BN_free(rsaD)
2292 if C.BN_hex2bn(&rsaD, d) == 0 { 2613 if C.BN_hex2bn(&rsaD, d) == 0 {
@@ -2294,7 +2615,7 @@ func (wtg *wycheproofTestGroupRsaesOaep) run(algorithm string, variant testVaria
2294 } 2615 }
2295 C.free(unsafe.Pointer(d)) 2616 C.free(unsafe.Pointer(d))
2296 2617
2297 e := C.CString(wtg.E) 2618 e := C.CString(wtg.PrivateKey.PublicExponent)
2298 var rsaE *C.BIGNUM 2619 var rsaE *C.BIGNUM
2299 defer C.BN_free(rsaE) 2620 defer C.BN_free(rsaE)
2300 if C.BN_hex2bn(&rsaE, e) == 0 { 2621 if C.BN_hex2bn(&rsaE, e) == 0 {
@@ -2302,7 +2623,7 @@ func (wtg *wycheproofTestGroupRsaesOaep) run(algorithm string, variant testVaria
2302 } 2623 }
2303 C.free(unsafe.Pointer(e)) 2624 C.free(unsafe.Pointer(e))
2304 2625
2305 n := C.CString(wtg.N) 2626 n := C.CString(wtg.PrivateKey.Modulus)
2306 var rsaN *C.BIGNUM 2627 var rsaN *C.BIGNUM
2307 defer C.BN_free(rsaN) 2628 defer C.BN_free(rsaN)
2308 if C.BN_hex2bn(&rsaN, n) == 0 { 2629 if C.BN_hex2bn(&rsaN, n) == 0 {
@@ -2376,7 +2697,7 @@ func (wtg *wycheproofTestGroupRsaesPkcs1) run(algorithm string, variant testVari
2376 } 2697 }
2377 defer C.RSA_free(rsa) 2698 defer C.RSA_free(rsa)
2378 2699
2379 d := C.CString(wtg.D) 2700 d := C.CString(wtg.PrivateKey.PrivateExponent)
2380 var rsaD *C.BIGNUM 2701 var rsaD *C.BIGNUM
2381 defer C.BN_free(rsaD) 2702 defer C.BN_free(rsaD)
2382 if C.BN_hex2bn(&rsaD, d) == 0 { 2703 if C.BN_hex2bn(&rsaD, d) == 0 {
@@ -2384,7 +2705,7 @@ func (wtg *wycheproofTestGroupRsaesPkcs1) run(algorithm string, variant testVari
2384 } 2705 }
2385 C.free(unsafe.Pointer(d)) 2706 C.free(unsafe.Pointer(d))
2386 2707
2387 e := C.CString(wtg.E) 2708 e := C.CString(wtg.PrivateKey.PublicExponent)
2388 var rsaE *C.BIGNUM 2709 var rsaE *C.BIGNUM
2389 defer C.BN_free(rsaE) 2710 defer C.BN_free(rsaE)
2390 if C.BN_hex2bn(&rsaE, e) == 0 { 2711 if C.BN_hex2bn(&rsaE, e) == 0 {
@@ -2392,7 +2713,7 @@ func (wtg *wycheproofTestGroupRsaesPkcs1) run(algorithm string, variant testVari
2392 } 2713 }
2393 C.free(unsafe.Pointer(e)) 2714 C.free(unsafe.Pointer(e))
2394 2715
2395 n := C.CString(wtg.N) 2716 n := C.CString(wtg.PrivateKey.Modulus)
2396 var rsaN *C.BIGNUM 2717 var rsaN *C.BIGNUM
2397 defer C.BN_free(rsaN) 2718 defer C.BN_free(rsaN)
2398 if C.BN_hex2bn(&rsaN, n) == 0 { 2719 if C.BN_hex2bn(&rsaN, n) == 0 {
@@ -2451,13 +2772,30 @@ func runRsassaTest(rsa *C.RSA, sha *C.EVP_MD, mgfSha *C.EVP_MD, sLen int, wt *wy
2451 2772
2452func (wtg *wycheproofTestGroupRsassa) run(algorithm string, variant testVariant) bool { 2773func (wtg *wycheproofTestGroupRsassa) run(algorithm string, variant testVariant) bool {
2453 fmt.Printf("Running %v test group %v with key size %d and %v...\n", algorithm, wtg.Type, wtg.KeySize, wtg.SHA) 2774 fmt.Printf("Running %v test group %v with key size %d and %v...\n", algorithm, wtg.Type, wtg.KeySize, wtg.SHA)
2775
2776 if skipHash(wtg.SHA) {
2777 return true
2778 }
2779
2454 rsa := C.RSA_new() 2780 rsa := C.RSA_new()
2455 if rsa == nil { 2781 if rsa == nil {
2456 log.Fatal("RSA_new failed") 2782 log.Fatal("RSA_new failed")
2457 } 2783 }
2458 defer C.RSA_free(rsa) 2784 defer C.RSA_free(rsa)
2459 2785
2460 e := C.CString(wtg.E) 2786 var publicExponent, modulus string
2787 if wtg.PublicKey != nil {
2788 publicExponent = wtg.PublicKey.PublicExponent
2789 modulus = wtg.PublicKey.Modulus
2790 } else if wtg.PrivateKey != nil {
2791 publicExponent = wtg.PrivateKey.PublicExponent
2792 modulus = wtg.PrivateKey.Modulus
2793 }
2794 if publicExponent == "" || modulus == "" {
2795 return true
2796 }
2797
2798 e := C.CString(publicExponent)
2461 var rsaE *C.BIGNUM 2799 var rsaE *C.BIGNUM
2462 defer C.BN_free(rsaE) 2800 defer C.BN_free(rsaE)
2463 if C.BN_hex2bn(&rsaE, e) == 0 { 2801 if C.BN_hex2bn(&rsaE, e) == 0 {
@@ -2465,7 +2803,7 @@ func (wtg *wycheproofTestGroupRsassa) run(algorithm string, variant testVariant)
2465 } 2803 }
2466 C.free(unsafe.Pointer(e)) 2804 C.free(unsafe.Pointer(e))
2467 2805
2468 n := C.CString(wtg.N) 2806 n := C.CString(modulus)
2469 var rsaN *C.BIGNUM 2807 var rsaN *C.BIGNUM
2470 defer C.BN_free(rsaN) 2808 defer C.BN_free(rsaN)
2471 if C.BN_hex2bn(&rsaN, n) == 0 { 2809 if C.BN_hex2bn(&rsaN, n) == 0 {
@@ -2522,7 +2860,19 @@ func (wtg *wycheproofTestGroupRSA) run(algorithm string, variant testVariant) bo
2522 } 2860 }
2523 defer C.RSA_free(rsa) 2861 defer C.RSA_free(rsa)
2524 2862
2525 e := C.CString(wtg.E) 2863 var publicExponent, modulus string
2864 if wtg.PublicKey != nil {
2865 publicExponent = wtg.PublicKey.PublicExponent
2866 modulus = wtg.PublicKey.Modulus
2867 } else if wtg.PrivateKey != nil {
2868 publicExponent = wtg.PrivateKey.PublicExponent
2869 modulus = wtg.PrivateKey.Modulus
2870 }
2871 if publicExponent == "" || modulus == "" {
2872 return true
2873 }
2874
2875 e := C.CString(publicExponent)
2526 var rsaE *C.BIGNUM 2876 var rsaE *C.BIGNUM
2527 defer C.BN_free(rsaE) 2877 defer C.BN_free(rsaE)
2528 if C.BN_hex2bn(&rsaE, e) == 0 { 2878 if C.BN_hex2bn(&rsaE, e) == 0 {
@@ -2530,7 +2880,7 @@ func (wtg *wycheproofTestGroupRSA) run(algorithm string, variant testVariant) bo
2530 } 2880 }
2531 C.free(unsafe.Pointer(e)) 2881 C.free(unsafe.Pointer(e))
2532 2882
2533 n := C.CString(wtg.N) 2883 n := C.CString(modulus)
2534 var rsaN *C.BIGNUM 2884 var rsaN *C.BIGNUM
2535 defer C.BN_free(rsaN) 2885 defer C.BN_free(rsaN)
2536 if C.BN_hex2bn(&rsaN, n) == 0 { 2886 if C.BN_hex2bn(&rsaN, n) == 0 {
@@ -2586,7 +2936,12 @@ func runX25519Test(wt *wycheproofTestX25519) bool {
2586} 2936}
2587 2937
2588func (wtg *wycheproofTestGroupX25519) run(algorithm string, variant testVariant) bool { 2938func (wtg *wycheproofTestGroupX25519) run(algorithm string, variant testVariant) bool {
2589 fmt.Printf("Running %v test group with curve %v...\n", algorithm, wtg.Curve) 2939 if wtg.Curve == "curve25519" {
2940 fmt.Printf("Running %v test group with curve %v...\n", algorithm, wtg.Curve)
2941 } else {
2942 fmt.Printf("INFO: Skipping %v test group with curve %v...\n", algorithm, wtg.Curve)
2943 return true
2944 }
2590 2945
2591 success := true 2946 success := true
2592 for _, wt := range wtg.Tests { 2947 for _, wt := range wtg.Tests {
@@ -2597,59 +2952,119 @@ func (wtg *wycheproofTestGroupX25519) run(algorithm string, variant testVariant)
2597 return success 2952 return success
2598} 2953}
2599 2954
2600func testGroupFromAlgorithm(algorithm string, variant testVariant) wycheproofTestGroupRunner { 2955func testGroupFromTestVector(wtv *wycheproofTestVectorsV1) (wycheproofTestGroupRunner, testVariant) {
2601 if algorithm == "ECDH" && variant == Webcrypto { 2956 variant := Normal
2602 return &wycheproofTestGroupECDHWebCrypto{} 2957
2603 } 2958 switch wtv.Algorithm {
2604 if algorithm == "ECDSA" && variant == Webcrypto { 2959 case "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512":
2605 return &wycheproofTestGroupECDSAWebCrypto{} 2960 return nil, Skip
2606 } 2961 case "AEGIS128", "AEGIS128L", "AEGIS256":
2607 switch algorithm { 2962 return nil, Skip
2963 case "AEAD-AES-SIV-CMAC":
2964 return nil, Skip
2608 case "AES-CBC-PKCS5": 2965 case "AES-CBC-PKCS5":
2609 return &wycheproofTestGroupAesCbcPkcs5{} 2966 return &wycheproofTestGroupAesCbcPkcs5{}, variant
2610 case "AES-CCM", "AES-GCM": 2967 case "AES-CCM", "AES-GCM":
2611 return &wycheproofTestGroupAesAead{} 2968 return &wycheproofTestGroupAesAead{}, variant
2612 case "AES-CMAC": 2969 case "AES-CMAC":
2613 return &wycheproofTestGroupAesCmac{} 2970 return &wycheproofTestGroupAesCmac{}, variant
2971 case "AES-EAX", "AES-FF1", "AES-GCM-SIV", "AES-GMAC", "AES-KWP", "AES-SIV-CMAC", "AES-XTS":
2972 return nil, Skip
2973 case "AES-WRAP":
2974 return &wycheproofTestGroupKW{}, variant
2975 case "ARIA-CBC-PKCS5", "ARIA-CCM", "ARIA-CMAC", "ARIA-GCM", "ARIA-KWP", "ARIA-WRAP":
2976 return nil, Skip
2977 case "ASCON128", "ASCON128A", "ASCON80PQ":
2978 return nil, Skip
2979 case "CAMELLIA-CBC-PKCS5", "CAMELLIA-CCM", "CAMELLIA-CMAC", "CAMELLIA-WRAP":
2980 return nil, Skip
2614 case "CHACHA20-POLY1305", "XCHACHA20-POLY1305": 2981 case "CHACHA20-POLY1305", "XCHACHA20-POLY1305":
2615 return &wycheproofTestGroupChaCha{} 2982 return &wycheproofTestGroupChaCha{}, variant
2616 case "DSA": 2983 case "DSA":
2617 return &wycheproofTestGroupDSA{} 2984 if wtv.Schema == "dsa_p1363_verify_schema_v1.json" {
2985 variant = P1363
2986 }
2987 return &wycheproofTestGroupDSA{}, variant
2988 case "EcCurveTest":
2989 return &wycheproofTestGroupEcCurve{}, variant
2618 case "ECDH": 2990 case "ECDH":
2619 return &wycheproofTestGroupECDH{} 2991 if wtv.Schema == "ecdh_webcrypto_test_schema_v1.json" {
2992 return &wycheproofTestGroupECDHWebCrypto{}, Webcrypto
2993 }
2994 if wtv.Schema == "ecdh_ecpoint_test_schema_v1.json" {
2995 variant = EcPoint
2996 }
2997 if wtv.Schema == "ecdh_pem_test_schema_v1.json" {
2998 variant = Skip
2999 }
3000 return &wycheproofTestGroupECDH{}, variant
2620 case "ECDSA": 3001 case "ECDSA":
2621 return &wycheproofTestGroupECDSA{} 3002 if wtv.Schema == "ecdsa_bitcoin_verify_schema.json" {
3003 variant = Skip
3004 }
3005 if wtv.Schema == "ecdsa_p1363_verify_schema_v1.json" {
3006 variant = P1363
3007 }
3008 return &wycheproofTestGroupECDSA{}, variant
2622 case "EDDSA": 3009 case "EDDSA":
2623 return &wycheproofTestGroupEdDSA{} 3010 return &wycheproofTestGroupEdDSA{}, variant
2624 case "HKDF-SHA-1", "HKDF-SHA-256", "HKDF-SHA-384", "HKDF-SHA-512": 3011 case "HKDF-SHA-1", "HKDF-SHA-256", "HKDF-SHA-384", "HKDF-SHA-512":
2625 return &wycheproofTestGroupHkdf{} 3012 return &wycheproofTestGroupHkdf{}, variant
2626 case "HMACSHA1", "HMACSHA224", "HMACSHA256", "HMACSHA384", "HMACSHA512", "HMACSHA3-224", "HMACSHA3-256", "HMACSHA3-384", "HMACSHA3-512": 3013 case "HMACSHA1", "HMACSHA224", "HMACSHA256", "HMACSHA384", "HMACSHA512", "HMACSHA512/224", "HMACSHA512/256", "HMACSHA3-224", "HMACSHA3-256", "HMACSHA3-384", "HMACSHA3-512", "HMACSM3":
2627 return &wycheproofTestGroupHmac{} 3014 return &wycheproofTestGroupHmac{}, variant
2628 case "KW": 3015 case "KMAC128", "KMAC256":
2629 return &wycheproofTestGroupKW{} 3016 return nil, Skip
3017 case "ML-DSA-44", "ML-DSA-65", "ML-DSA-87":
3018 return nil, Skip
3019 case "ML-KEM":
3020 return &wycheproofTestGroupMLKEM{}, Normal
3021 case "MORUS640", "MORUS1280":
3022 return nil, Skip
3023 case "PbeWithHmacSha1AndAes_128", "PbeWithHmacSha1AndAes_192", "PbeWithHmacSha1AndAes_256", "PbeWithHmacSha224AndAes_128", "PbeWithHmacSha224AndAes_192", "PbeWithHmacSha224AndAes_256", "PbeWithHmacSha256AndAes_128", "PbeWithHmacSha256AndAes_192", "PbeWithHmacSha256AndAes_256", "PbeWithHmacSha384AndAes_128", "PbeWithHmacSha384AndAes_192", "PbeWithHmacSha384AndAes_256", "PbeWithHmacSha512AndAes_128", "PbeWithHmacSha512AndAes_192", "PbeWithHmacSha512AndAes_256":
3024 return nil, Skip
3025 case "PBKDF2-HMACSHA1", "PBKDF2-HMACSHA224", "PBKDF2-HMACSHA256", "PBKDF2-HMACSHA384", "PBKDF2-HMACSHA512":
3026 return &wycheproofTestGroupPbkdf2HmacSha{}, Skip
2630 case "PrimalityTest": 3027 case "PrimalityTest":
2631 return &wycheproofTestGroupPrimality{} 3028 return &wycheproofTestGroupPrimality{}, variant
2632 case "RSAES-OAEP": 3029 case "RSAES-OAEP":
2633 return &wycheproofTestGroupRsaesOaep{} 3030 return &wycheproofTestGroupRsaesOaep{}, variant
2634 case "RSAES-PKCS1-v1_5": 3031 case "RSAES-PKCS1-v1_5":
2635 return &wycheproofTestGroupRsaesPkcs1{} 3032 return &wycheproofTestGroupRsaesPkcs1{}, variant
2636 case "RSASSA-PSS": 3033 case "RSASSA-PSS":
2637 return &wycheproofTestGroupRsassa{} 3034 return &wycheproofTestGroupRsassa{}, variant
2638 case "RSASSA-PKCS1-v1_5", "RSASig": 3035 case "RSASSA-PKCS1-v1_5", "RSASig":
2639 return &wycheproofTestGroupRSA{} 3036 return &wycheproofTestGroupRSA{}, variant
2640 case "XDH", "X25519": 3037 case "SEED-CCM", "SEED-GCM", "SEED-WRAP":
2641 return &wycheproofTestGroupX25519{} 3038 return nil, Skip
3039 case "SipHash-1-3", "SipHash-2-4", "SipHash-4-8", "SipHashX-2-4", "SipHashX-4-8":
3040 return nil, Skip
3041 case "SM4-CCM", "SM4-GCM":
3042 return nil, Skip
3043 case "VMAC-AES":
3044 return nil, Skip
3045 case "XDH":
3046 switch wtv.Schema {
3047 case "xdh_asn_comp_schema_v1.json", "xdh_jwk_comp_schema_v1.json", "xdh_pem_comp_schema_v1.json":
3048 variant = Skip
3049 case "xdh_comp_schema_v1.json":
3050 variant = Normal
3051 }
3052 return &wycheproofTestGroupX25519{}, variant
2642 default: 3053 default:
2643 return nil 3054 // XXX - JOSE tests don't set an Algorithm...
3055 if strings.HasPrefix(wtv.Schema, "json_web_") {
3056 return nil, Skip
3057 }
3058 return nil, Normal
2644 } 3059 }
2645} 3060}
2646 3061
2647func runTestVectors(path string, variant testVariant) bool { 3062func runTestVectors(path string) bool {
2648 b, err := ioutil.ReadFile(path) 3063 b, err := ioutil.ReadFile(path)
2649 if err != nil { 3064 if err != nil {
2650 log.Fatalf("Failed to read test vectors: %v", err) 3065 log.Fatalf("Failed to read test vectors: %v", err)
2651 } 3066 }
2652 wtv := &wycheproofTestVectors{} 3067 wtv := &wycheproofTestVectorsV1{}
2653 if err := json.Unmarshal(b, wtv); err != nil { 3068 if err := json.Unmarshal(b, wtv); err != nil {
2654 log.Fatalf("Failed to unmarshal JSON: %v", err) 3069 log.Fatalf("Failed to unmarshal JSON: %v", err)
2655 } 3070 }
@@ -2657,10 +3072,13 @@ func runTestVectors(path string, variant testVariant) bool {
2657 3072
2658 success := true 3073 success := true
2659 for _, tg := range wtv.TestGroups { 3074 for _, tg := range wtv.TestGroups {
2660 wtg := testGroupFromAlgorithm(wtv.Algorithm, variant) 3075 wtg, variant := testGroupFromTestVector(wtv)
3076 if variant == Skip {
3077 fmt.Printf("INFO: Skipping tests from \"%s\"\n", filepath.Base(path))
3078 return true
3079 }
2661 if wtg == nil { 3080 if wtg == nil {
2662 log.Printf("INFO: Unknown test vector algorithm %q", wtv.Algorithm) 3081 log.Fatalf("INFO: Unknown test vector algorithm %qin \"%s\"", wtv.Algorithm, filepath.Base(path))
2663 return false
2664 } 3082 }
2665 if err := json.Unmarshal(tg, wtg); err != nil { 3083 if err := json.Unmarshal(tg, wtg); err != nil {
2666 log.Fatalf("Failed to unmarshal test groups JSON: %v", err) 3084 log.Fatalf("Failed to unmarshal test groups JSON: %v", err)
@@ -2714,44 +3132,13 @@ func (tc *testCoordinator) shutdown() {
2714} 3132}
2715 3133
2716func main() { 3134func main() {
2717 if _, err := os.Stat(testVectorPath); os.IsNotExist(err) { 3135 path := testVectorPath
3136 if _, err := os.Stat(path); os.IsNotExist(err) {
2718 fmt.Printf("package wycheproof-testvectors is required for this regress\n") 3137 fmt.Printf("package wycheproof-testvectors is required for this regress\n")
2719 fmt.Printf("SKIPPED\n") 3138 fmt.Printf("SKIPPED\n")
2720 os.Exit(0) 3139 os.Exit(0)
2721 } 3140 }
2722 3141
2723 tests := []struct {
2724 name string
2725 pattern string
2726 variant testVariant
2727 }{
2728 {"AES", "aes_[cg]*[^xv]_test.json", Normal}, // Skip AES-EAX, AES-GCM-SIV and AES-SIV-CMAC.
2729 {"ChaCha20-Poly1305", "chacha20_poly1305_test.json", Normal},
2730 {"DSA", "dsa_*test.json", Normal},
2731 {"DSA", "dsa_*_p1363_test.json", P1363},
2732 {"ECDH", "ecdh_test.json", Normal},
2733 {"ECDH", "ecdh_[^w_]*_test.json", Normal},
2734 {"ECDH EcPoint", "ecdh_*_ecpoint_test.json", EcPoint},
2735 {"ECDH webcrypto", "ecdh_webcrypto_test.json", Webcrypto},
2736 {"ECDSA", "ecdsa_test.json", Normal},
2737 {"ECDSA", "ecdsa_[^w]*test.json", Normal},
2738 {"ECDSA P1363", "ecdsa_*_p1363_test.json", P1363},
2739 {"ECDSA webcrypto", "ecdsa_webcrypto_test.json", Webcrypto},
2740 {"EDDSA", "eddsa_test.json", Normal},
2741 {"ED448", "ed448_test.json", Skip},
2742 {"HKDF", "hkdf_sha*_test.json", Normal},
2743 {"HMAC", "hmac_sha*_test.json", Normal},
2744 {"JSON webcrypto", "json_web_*_test.json", Skip},
2745 {"KW", "kw_test.json", Normal},
2746 {"Primality test", "primality_test.json", Normal},
2747 {"RSA", "rsa_*test.json", Normal},
2748 {"X25519", "x25519_test.json", Normal},
2749 {"X25519 ASN", "x25519_asn_test.json", Skip},
2750 {"X25519 JWK", "x25519_jwk_test.json", Skip},
2751 {"X25519 PEM", "x25519_pem_test.json", Skip},
2752 {"XCHACHA20-POLY1305", "xchacha20_poly1305_test.json", Normal},
2753 }
2754
2755 success := true 3142 success := true
2756 3143
2757 var wg sync.WaitGroup 3144 var wg sync.WaitGroup
@@ -2764,33 +3151,25 @@ func main() {
2764 3151
2765 testc = newTestCoordinator() 3152 testc = newTestCoordinator()
2766 3153
2767 skipNormal := regexp.MustCompile(`_(ecpoint|p1363|sect\d{3}[rk]1|secp(160|192))_`) 3154 tvs, err := filepath.Glob(filepath.Join(path, "*.json"))
2768 3155 if err != nil {
2769 for _, test := range tests { 3156 log.Fatalf("Failed to glob test vectors: %v", err)
2770 tvs, err := filepath.Glob(filepath.Join(testVectorPath, test.pattern)) 3157 }
2771 if err != nil { 3158 if len(tvs) == 0 {
2772 log.Fatalf("Failed to glob %v test vectors: %v", test.name, err) 3159 log.Fatalf("Failed to find test vectors at %q\n", path)
2773 } 3160 }
2774 if len(tvs) == 0 { 3161 for _, tv := range tvs {
2775 log.Fatalf("Failed to find %v test vectors at %q\n", test.name, testVectorPath) 3162 wg.Add(1)
2776 } 3163 <-vectorsRateLimitCh
2777 for _, tv := range tvs { 3164 go func(tv string) {
2778 if test.variant == Skip || (test.variant == Normal && skipNormal.Match([]byte(tv))) { 3165 select {
2779 fmt.Printf("INFO: Skipping tests from \"%s\"\n", strings.TrimPrefix(tv, testVectorPath+"/")) 3166 case resultCh <- runTestVectors(tv):
2780 continue 3167 default:
3168 log.Fatal("result channel is full")
2781 } 3169 }
2782 wg.Add(1) 3170 vectorsRateLimitCh <- true
2783 <-vectorsRateLimitCh 3171 wg.Done()
2784 go func(tv string, variant testVariant) { 3172 }(tv)
2785 select {
2786 case resultCh <- runTestVectors(tv, variant):
2787 default:
2788 log.Fatal("result channel is full")
2789 }
2790 vectorsRateLimitCh <- true
2791 wg.Done()
2792 }(tv, test.variant)
2793 }
2794 } 3173 }
2795 3174
2796 wg.Wait() 3175 wg.Wait()
diff --git a/src/regress/lib/libcrypto/x509/bettertls/Makefile b/src/regress/lib/libcrypto/x509/bettertls/Makefile
index 2724140635..2a06239fc5 100644
--- a/src/regress/lib/libcrypto/x509/bettertls/Makefile
+++ b/src/regress/lib/libcrypto/x509/bettertls/Makefile
@@ -1,10 +1,10 @@
1# $OpenBSD: Makefile,v 1.6 2024/12/27 08:02:27 tb Exp $ 1# $OpenBSD: Makefile,v 1.7 2025/07/23 07:46:12 tb Exp $
2 2
3PROGS = verify 3PROGS = verify
4 4
5.ifdef EOPENSSL33 5.ifdef EOPENSSL35
6LDADD += -Wl,-rpath,/usr/local/lib/eopenssl33 -L/usr/local/lib/eopenssl33 6LDADD += -Wl,-rpath,/usr/local/lib/eopenssl35 -L/usr/local/lib/eopenssl35
7CFLAGS += -I/usr/local/include/eopenssl33/ 7CFLAGS += -I/usr/local/include/eopenssl35/
8.endif 8.endif
9 9
10LDADD += -lcrypto 10LDADD += -lcrypto
diff --git a/src/regress/lib/libcrypto/x509/x509_extensions_test.c b/src/regress/lib/libcrypto/x509/x509_extensions_test.c
index 2961b0612b..1a7dfe2019 100644
--- a/src/regress/lib/libcrypto/x509/x509_extensions_test.c
+++ b/src/regress/lib/libcrypto/x509/x509_extensions_test.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_extensions_test.c,v 1.3 2024/06/17 05:04:54 tb Exp $ */ 1/* $OpenBSD: x509_extensions_test.c,v 1.4 2025/12/31 17:04:22 tb Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
@@ -215,7 +215,7 @@ test_x509v3_add1_i2d_single_nid(STACK_OF(X509_EXTENSION) **extensions)
215 } 215 }
216 216
217 if ((got = X509v3_get_ext_count(*extensions)) != 1) { 217 if ((got = X509v3_get_ext_count(*extensions)) != 1) {
218 fprintf(stderr, "%s: FAIL: X509V3_ADD_DEFAULT second contraints " 218 fprintf(stderr, "%s: FAIL: X509V3_ADD_DEFAULT second constraints "
219 "expected 1 extension, have %d.\n", __func__, got); 219 "expected 1 extension, have %d.\n", __func__, got);
220 goto err; 220 goto err;
221 } 221 }
diff --git a/src/regress/lib/libssl/asn1/asn1test.c b/src/regress/lib/libssl/asn1/asn1test.c
index a81c502655..ad2301eace 100644
--- a/src/regress/lib/libssl/asn1/asn1test.c
+++ b/src/regress/lib/libssl/asn1/asn1test.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: asn1test.c,v 1.13 2024/07/22 14:50:45 jsing Exp $ */ 1/* $OpenBSD: asn1test.c,v 1.14 2025/10/24 11:45:08 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2014, 2016 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014, 2016 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -371,7 +371,7 @@ session_cmp(SSL_SESSION *s1, SSL_SESSION *s2)
371static int 371static int
372do_ssl_asn1_test(int test_no, struct ssl_asn1_test *sat) 372do_ssl_asn1_test(int test_no, struct ssl_asn1_test *sat)
373{ 373{
374 SSL_SESSION *sp = NULL; 374 SSL_SESSION *sp = NULL, *sp_copy = NULL;
375 unsigned char *ap, *asn1 = NULL; 375 unsigned char *ap, *asn1 = NULL;
376 const unsigned char *pp; 376 const unsigned char *pp;
377 int i, len, rv = 1; 377 int i, len, rv = 1;
@@ -440,11 +440,31 @@ do_ssl_asn1_test(int test_no, struct ssl_asn1_test *sat)
440 goto failed; 440 goto failed;
441 } 441 }
442 442
443 if ((sp_copy = SSL_SESSION_dup(sp)) == NULL) {
444 fprintf(stderr, "FAIL: test %d - session dup failed\n", test_no);
445 goto failed;
446 }
447
448 if (session_cmp(sp, sp_copy) != 0) {
449 fprintf(stderr, "FAIL: test %d - sp and sp_dup differ\n", test_no);
450 goto failed;
451 }
452
453 /*
454 * session_cmp() checks that the certs compare as equal. Part of the
455 * documented API contract is that the certs are equal as pointers.
456 */
457 if (SSL_SESSION_get0_peer(sp) != SSL_SESSION_get0_peer(sp_copy)) {
458 fprintf(stderr, "FAIL: test %d - peer certs differ\n", test_no);
459 goto failed;
460 }
461
443 rv = 0; 462 rv = 0;
444 463
445 failed: 464 failed:
446 ERR_print_errors_fp(stderr); 465 ERR_print_errors_fp(stderr);
447 SSL_SESSION_free(sp); 466 SSL_SESSION_free(sp);
467 SSL_SESSION_free(sp_copy);
448 free(asn1); 468 free(asn1);
449 469
450 return (rv); 470 return (rv);
diff --git a/src/regress/lib/libssl/client/clienttest.c b/src/regress/lib/libssl/client/clienttest.c
index 7e96944fce..f9258105f8 100644
--- a/src/regress/lib/libssl/client/clienttest.c
+++ b/src/regress/lib/libssl/client/clienttest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clienttest.c,v 1.45 2024/08/31 12:47:24 jsing Exp $ */ 1/* $OpenBSD: clienttest.c,v 1.46 2025/12/04 21:16:17 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -36,8 +36,8 @@
36#define TLS13_RANDOM_OFFSET (TLS13_HM_OFFSET + 2) 36#define TLS13_RANDOM_OFFSET (TLS13_HM_OFFSET + 2)
37#define TLS13_SESSION_OFFSET (TLS13_HM_OFFSET + 34) 37#define TLS13_SESSION_OFFSET (TLS13_HM_OFFSET + 34)
38#define TLS13_CIPHER_OFFSET (TLS13_HM_OFFSET + 69) 38#define TLS13_CIPHER_OFFSET (TLS13_HM_OFFSET + 69)
39#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 198) 39#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 200)
40#define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 112) 40#define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 114)
41 41
42#define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000) 42#define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000)
43 43
@@ -265,8 +265,8 @@ static const uint8_t cipher_list_tls13_chacha[] = {
265}; 265};
266 266
267static const uint8_t client_hello_tls13[] = { 267static const uint8_t client_hello_tls13[] = {
268 0x16, 0x03, 0x03, 0x01, 0x10, 0x01, 0x00, 0x01, 268 0x16, 0x03, 0x03, 0x05, 0xd6, 0x01, 0x00, 0x05,
269 0x0c, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 269 0xd2, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
270 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 270 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
271 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 271 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
272 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 272 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -286,20 +286,173 @@ static const uint8_t client_hello_tls13[] = {
286 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 286 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
287 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 287 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
288 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 288 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
289 0x00, 0x0a, 0x01, 0x00, 0x00, 0x67, 0x00, 0x2b, 289 0x00, 0x0a, 0x01, 0x00, 0x05, 0x2d, 0x00, 0x2b,
290 0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03, 0x00, 290 0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03, 0x00,
291 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 291 0x0a, 0x00, 0x0c, 0x00, 0x0a, 0x11, 0xec, 0x00,
292 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x33, 0x00, 292 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
293 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0x00, 293 0x33, 0x04, 0xea, 0x04, 0xe8, 0x11, 0xec, 0x04,
294 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
294 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 295 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
295 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 296 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
296 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 297 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
297 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 298 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
298 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 299 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
299 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 300 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
300 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 301 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
301 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 302 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
302 0x03, 0x02, 0x01, 0x02, 0x03, 303 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
304 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
305 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
306 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
307 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
308 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
309 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
310 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
311 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
312 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
313 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
314 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
315 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
316 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
317 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
318 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
319 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
320 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
321 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
322 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
323 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
324 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
325 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
326 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
327 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
328 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
329 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
330 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
331 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
332 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
333 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
334 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
335 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
336 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
337 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
338 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
339 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
340 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
341 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
342 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
343 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
344 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
345 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
346 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
347 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
348 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
349 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
350 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
351 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
352 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
353 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
354 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
355 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
356 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
357 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
358 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
359 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
360 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
361 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
362 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
363 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
364 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
365 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
366 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
367 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
368 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
369 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
370 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
371 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
372 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
373 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
374 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
375 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
376 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
377 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
378 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
379 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
380 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
381 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
382 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
383 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
384 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
385 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
386 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
387 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
388 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
389 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
390 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
391 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
392 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
393 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
394 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
395 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
396 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
397 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
398 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
399 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
400 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
401 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
402 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
403 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
404 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
405 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
406 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
407 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
408 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
409 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
410 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
411 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
412 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
413 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
414 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
415 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
416 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
417 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
418 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
419 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
420 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
421 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
422 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
423 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
424 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
425 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
426 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
427 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
428 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
429 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
430 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
431 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
432 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
433 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
434 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
435 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
436 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
437 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
438 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
439 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
440 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
441 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
442 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
443 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
444 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
445 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
446 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
447 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
448 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
449 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
450 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00,
451 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00,
452 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 0x06,
453 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05,
454 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02,
455 0x01, 0x02, 0x03,
303}; 456};
304 457
305static const uint8_t cipher_list_tls13_only_aes[] = { 458static const uint8_t cipher_list_tls13_only_aes[] = {
@@ -311,8 +464,8 @@ static const uint8_t cipher_list_tls13_only_chacha[] = {
311}; 464};
312 465
313static const uint8_t client_hello_tls13_only[] = { 466static const uint8_t client_hello_tls13_only[] = {
314 0x16, 0x03, 0x03, 0x00, 0xb6, 0x01, 0x00, 0x00, 467 0x16, 0x03, 0x03, 0x05, 0x7c, 0x01, 0x00, 0x05,
315 0xb2, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 468 0x78, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
316 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 469 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
317 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 470 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
318 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 471 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -322,19 +475,172 @@ static const uint8_t client_hello_tls13_only[] = {
322 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 475 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
323 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x13, 0x03, 476 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x13, 0x03,
324 0x13, 0x02, 0x13, 0x01, 0x00, 0xff, 0x01, 0x00, 477 0x13, 0x02, 0x13, 0x01, 0x00, 0xff, 0x01, 0x00,
325 0x00, 0x61, 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 478 0x05, 0x27, 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03,
326 0x04, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 479 0x04, 0x00, 0x0a, 0x00, 0x0c, 0x00, 0x0a, 0x11,
327 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 480 0xec, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00,
328 0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00, 481 0x19, 0x00, 0x33, 0x04, 0xea, 0x04, 0xe8, 0x11,
329 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 482 0xec, 0x04, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00,
330 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 483 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
331 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 484 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
332 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 485 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
333 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 486 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
334 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 487 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
335 0x12, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 488 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
336 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 489 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
337 0x01, 0x04, 0x03, 490 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
491 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
492 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
493 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
494 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
495 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
496 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
497 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
498 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
499 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
500 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
501 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
502 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
503 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
504 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
505 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
506 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
507 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
508 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
509 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
510 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
511 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
512 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
513 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
514 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
515 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
516 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
517 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
518 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
519 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
520 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
521 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
522 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
523 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
524 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
525 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
526 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
527 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
528 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
529 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
530 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
531 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
532 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
533 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
534 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
535 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
536 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
537 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
538 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
539 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
540 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
541 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
542 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
543 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
544 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
545 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
546 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
547 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
548 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
549 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
550 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
551 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
552 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
553 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
554 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
555 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
556 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
557 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
558 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
559 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
560 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
561 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
562 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
563 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
564 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
565 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
566 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
567 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
568 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
569 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
570 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
571 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
572 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
573 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
574 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
575 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
576 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
577 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
578 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
579 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
580 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
581 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
582 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
583 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
584 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
585 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
586 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
587 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
588 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
589 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
590 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
591 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
592 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
593 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
594 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
595 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
596 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
597 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
598 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
599 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
600 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
601 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
602 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
603 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
604 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
605 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
606 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
607 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
608 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
609 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
610 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
611 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
612 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
613 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
614 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
615 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
616 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
617 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
618 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
619 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
620 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
621 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
622 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
623 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
624 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
625 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
626 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
627 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
628 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
629 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
630 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
631 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
632 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
633 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
634 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
635 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
636 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
637 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
638 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
639 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
640 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x08,
641 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05,
642 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04,
643 0x03,
338}; 644};
339 645
340struct client_hello_test { 646struct client_hello_test {
@@ -702,7 +1008,7 @@ client_hello_test(int testno, const struct client_hello_test *cht)
702 memset(&wbuf[cht->session_start + 1], 0, session_len); 1008 memset(&wbuf[cht->session_start + 1], 0, session_len);
703 } 1009 }
704 if (cht->key_share_start > 0) 1010 if (cht->key_share_start > 0)
705 memset(&wbuf[cht->key_share_start], 0, 32); 1011 memset(&wbuf[cht->key_share_start], 0, 1252);
706 1012
707 if (memcmp(client_hello, wbuf, client_hello_len) != 0) { 1013 if (memcmp(client_hello, wbuf, client_hello_len) != 0) {
708 fprintf(stderr, "FAIL: ClientHello differs:\n"); 1014 fprintf(stderr, "FAIL: ClientHello differs:\n");
diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile
index bdc67f627a..e1e9633d37 100644
--- a/src/regress/lib/libssl/interop/Makefile
+++ b/src/regress/lib/libssl/interop/Makefile
@@ -1,6 +1,6 @@
1# $OpenBSD: Makefile,v 1.21 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.23 2025/07/25 16:33:15 tb Exp $
2 2
3SUBDIR = libressl openssl33 openssl34 3SUBDIR = libressl openssl35
4 4
5# the above binaries must have been built before we can continue 5# the above binaries must have been built before we can continue
6SUBDIR += netcat 6SUBDIR += netcat
diff --git a/src/regress/lib/libssl/interop/botan/Makefile b/src/regress/lib/libssl/interop/botan/Makefile
index 85877d4290..56bcdaf4bd 100644
--- a/src/regress/lib/libssl/interop/botan/Makefile
+++ b/src/regress/lib/libssl/interop/botan/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
2 2
3.include <bsd.own.mk> 3.include <bsd.own.mk>
4 4
@@ -20,11 +20,8 @@ CXX = /usr/local/bin/eg++
20.endif 20.endif
21 21
22LIBRARIES = libressl 22LIBRARIES = libressl
23.if exists(/usr/local/bin/eopenssl33) 23.if exists(/usr/local/bin/eopenssl35)
24LIBRARIES += openssl33 24LIBRARIES += openssl35
25.endif
26.if exists(/usr/local/bin/eopenssl34)
27LIBRARIES += openssl34
28.endif 25.endif
29 26
30PROGS = client 27PROGS = client
diff --git a/src/regress/lib/libssl/interop/cert/Makefile b/src/regress/lib/libssl/interop/cert/Makefile
index 74c63c86a8..9698c56acd 100644
--- a/src/regress/lib/libssl/interop/cert/Makefile
+++ b/src/regress/lib/libssl/interop/cert/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.14 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.16 2025/07/25 16:33:15 tb Exp $
2 2
3# Connect a client to a server. Both can be current libressl, or 3# Connect a client to a server. Both can be current libressl, or
4# openssl 3.x. Create client and server certificates 4# openssl 3.x. Create client and server certificates
@@ -7,11 +7,8 @@
7# and check the result of certificate verification. 7# and check the result of certificate verification.
8 8
9LIBRARIES = libressl 9LIBRARIES = libressl
10.if exists(/usr/local/bin/eopenssl33) 10.if exists(/usr/local/bin/eopenssl35)
11LIBRARIES += openssl33 11LIBRARIES += openssl35
12.endif
13.if exists(/usr/local/bin/eopenssl34)
14LIBRARIES += openssl34
15.endif 12.endif
16 13
17.for cca in noca ca fakeca 14.for cca in noca ca fakeca
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
index fa7e25f9ee..5bdc9089fe 100644
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ b/src/regress/lib/libssl/interop/cipher/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.17 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.19 2025/07/25 16:33:15 tb Exp $
2 2
3# Connect a client to a server. Both can be current libressl, or 3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.1 or 3.0. Create lists of supported ciphers 4# openssl 1.1 or 3.0. Create lists of supported ciphers
@@ -7,11 +7,8 @@
7# have used correct cipher by grepping in their session print out. 7# have used correct cipher by grepping in their session print out.
8 8
9LIBRARIES = libressl 9LIBRARIES = libressl
10.if exists(/usr/local/bin/eopenssl33) 10.if exists(/usr/local/bin/eopenssl35)
11LIBRARIES += openssl33 11LIBRARIES += openssl35
12.endif
13.if exists(/usr/local/bin/eopenssl34)
14LIBRARIES += openssl34
15.endif 12.endif
16 13
17CLEANFILES = *.tmp *.ciphers ciphers.mk 14CLEANFILES = *.tmp *.ciphers ciphers.mk
@@ -41,8 +38,7 @@ client-${clib}-server-${slib}.ciphers: \
41 uniq -d <$@.tmp >$@ 38 uniq -d <$@.tmp >$@
42 # we are only interested in ciphers supported by libressl 39 # we are only interested in ciphers supported by libressl
43 sort $@ client-libressl.ciphers >$@.tmp 40 sort $@ client-libressl.ciphers >$@.tmp
44. if "${clib}" == "openssl33" || "${slib}" == "openssl33" || \ 41. if "${clib}" == "openssl35" || "${slib}" == "openssl35"
45 "${clib}" == "openssl34" || "${slib}" == "openssl34"
46 # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers 42 # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
47 sed -i '/^TLS_/d' $@.tmp 43 sed -i '/^TLS_/d' $@.tmp
48. endif 44. endif
@@ -70,8 +66,7 @@ regress: ciphers.mk
70.endif 66.endif
71 67
72LEVEL_libressl = 68LEVEL_libressl =
73LEVEL_openssl33 = ,@SECLEVEL=0 69LEVEL_openssl35 = ,@SECLEVEL=0
74LEVEL_openssl34 = ,@SECLEVEL=0
75 70
76.for clib in ${LIBRARIES} 71.for clib in ${LIBRARIES}
77.for slib in ${LIBRARIES} 72.for slib in ${LIBRARIES}
@@ -132,7 +127,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \
132. endif 127. endif
133. if "${clib}" == "libressl" 128. if "${clib}" == "libressl"
134 # libressl client may prefer chacha-poly if aes-ni is not supported 129 # libressl client may prefer chacha-poly if aes-ni is not supported
135. if "${slib}" == "openssl33" || "${slib}" == "openssl34" 130. if "${slib}" == "openssl35"
136 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out 131 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
137. else 132. else
138 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out 133 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
diff --git a/src/regress/lib/libssl/interop/netcat/Makefile b/src/regress/lib/libssl/interop/netcat/Makefile
index 3b8e3f95be..cff6b7ea76 100644
--- a/src/regress/lib/libssl/interop/netcat/Makefile
+++ b/src/regress/lib/libssl/interop/netcat/Makefile
@@ -1,11 +1,8 @@
1# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
2 2
3LIBRARIES = libressl 3LIBRARIES = libressl
4.if exists(/usr/local/bin/eopenssl33) 4.if exists(/usr/local/bin/eopenssl35)
5LIBRARIES += openssl33 5LIBRARIES += openssl35
6.endif
7.if exists(/usr/local/bin/eopenssl34)
8LIBRARIES += openssl34
9.endif 6.endif
10 7
11# run netcat server and connect with test client 8# run netcat server and connect with test client
diff --git a/src/regress/lib/libssl/interop/openssl33/Makefile b/src/regress/lib/libssl/interop/openssl33/Makefile
deleted file mode 100644
index eff61704d0..0000000000
--- a/src/regress/lib/libssl/interop/openssl33/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2025/01/15 10:54:17 tb Exp $
2
3.if ! exists(/usr/local/bin/eopenssl33)
4regress:
5 # install openssl-3.3 from ports for interop tests
6 @echo 'Run "pkg_add openssl--%3.3" to run tests against OpenSSL 3.3'
7 @echo SKIPPED
8.else
9
10PROGS = client server
11CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED
12CPPFLAGS = -I /usr/local/include/eopenssl33
13LDFLAGS = -L /usr/local/lib/eopenssl33
14LDADD = -lssl -lcrypto
15DPADD = /usr/local/lib/eopenssl33/libssl.a \
16 /usr/local/lib/eopenssl33/libcrypto.a
17LD_LIBRARY_PATH = /usr/local/lib/eopenssl33
18REGRESS_TARGETS = run-self-client-server
19.for p in ${PROGS}
20REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
21.endfor
22
23.for p in ${PROGS}
24
25run-ldd-$p: ldd-$p.out
26 # check that $p is linked with OpenSSL 3.3
27 grep -q /usr/local/lib/eopenssl33/libcrypto.so ldd-$p.out
28 grep -q /usr/local/lib/eopenssl33/libssl.so ldd-$p.out
29 # check that $p is not linked with LibreSSL
30 ! grep -v libc.so ldd-$p.out | grep /usr/lib/
31
32run-version-$p: $p-self.out
33 # check that runtime version is OpenSSL 3.3
34 grep 'SSLEAY_VERSION: OpenSSL 3.3' $p-self.out
35
36run-protocol-$p: $p-self.out
37 # check that OpenSSL 3.3 protocol version is TLS 1.3
38 grep 'Protocol *: TLSv1.3' $p-self.out
39
40.endfor
41
42.endif # exists(/usr/local/bin/eopenssl33)
43
44.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl34/Makefile b/src/regress/lib/libssl/interop/openssl34/Makefile
deleted file mode 100644
index 72246bb621..0000000000
--- a/src/regress/lib/libssl/interop/openssl34/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2025/01/15 10:54:17 tb Exp $
2
3.if ! exists(/usr/local/bin/eopenssl34)
4regress:
5 # install openssl-3.4 from ports for interop tests
6 @echo 'Run "pkg_add openssl--%3.4" to run tests against OpenSSL 3.4'
7 @echo SKIPPED
8.else
9
10PROGS = client server
11CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED
12CPPFLAGS = -I /usr/local/include/eopenssl34
13LDFLAGS = -L /usr/local/lib/eopenssl34
14LDADD = -lssl -lcrypto
15DPADD = /usr/local/lib/eopenssl34/libssl.a \
16 /usr/local/lib/eopenssl34/libcrypto.a
17LD_LIBRARY_PATH = /usr/local/lib/eopenssl34
18REGRESS_TARGETS = run-self-client-server
19.for p in ${PROGS}
20REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
21.endfor
22
23.for p in ${PROGS}
24
25run-ldd-$p: ldd-$p.out
26 # check that $p is linked with OpenSSL 3.4
27 grep -q /usr/local/lib/eopenssl34/libcrypto.so ldd-$p.out
28 grep -q /usr/local/lib/eopenssl34/libssl.so ldd-$p.out
29 # check that $p is not linked with LibreSSL
30 ! grep -v libc.so ldd-$p.out | grep /usr/lib/
31
32run-version-$p: $p-self.out
33 # check that runtime version is OpenSSL 3.4
34 grep 'SSLEAY_VERSION: OpenSSL 3.4' $p-self.out
35
36run-protocol-$p: $p-self.out
37 # check that OpenSSL 3.4 protocol version is TLS 1.3
38 grep 'Protocol *: TLSv1.3' $p-self.out
39
40.endfor
41
42.endif # exists(/usr/local/bin/eopenssl34)
43
44.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl35/Makefile b/src/regress/lib/libssl/interop/openssl35/Makefile
new file mode 100644
index 0000000000..e11ad5dd20
--- /dev/null
+++ b/src/regress/lib/libssl/interop/openssl35/Makefile
@@ -0,0 +1,44 @@
1# $OpenBSD: Makefile,v 1.1 2025/07/09 17:48:02 tb Exp $
2
3.if ! exists(/usr/local/bin/eopenssl35)
4regress:
5 # install openssl-3.5 from ports for interop tests
6 @echo 'Run "pkg_add openssl--%3.5" to run tests against OpenSSL 3.5'
7 @echo SKIPPED
8.else
9
10PROGS = client server
11CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED
12CPPFLAGS = -I /usr/local/include/eopenssl35
13LDFLAGS = -L /usr/local/lib/eopenssl35
14LDADD = -lssl -lcrypto
15DPADD = /usr/local/lib/eopenssl35/libssl.a \
16 /usr/local/lib/eopenssl35/libcrypto.a
17LD_LIBRARY_PATH = /usr/local/lib/eopenssl35
18REGRESS_TARGETS = run-self-client-server
19.for p in ${PROGS}
20REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
21.endfor
22
23.for p in ${PROGS}
24
25run-ldd-$p: ldd-$p.out
26 # check that $p is linked with OpenSSL 3.5
27 grep -q /usr/local/lib/eopenssl35/libcrypto.so ldd-$p.out
28 grep -q /usr/local/lib/eopenssl35/libssl.so ldd-$p.out
29 # check that $p is not linked with LibreSSL
30 ! grep -v -e libc.so -e libpthread.so ldd-$p.out | grep /usr/lib/
31
32run-version-$p: $p-self.out
33 # check that runtime version is OpenSSL 3.5
34 grep 'SSLEAY_VERSION: OpenSSL 3.5' $p-self.out
35
36run-protocol-$p: $p-self.out
37 # check that OpenSSL 3.5 protocol version is TLS 1.3
38 grep 'Protocol *: TLSv1.3' $p-self.out
39
40.endfor
41
42.endif # exists(/usr/local/bin/eopenssl35)
43
44.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/session/Makefile b/src/regress/lib/libssl/interop/session/Makefile
index e9a353f99e..fff66b169b 100644
--- a/src/regress/lib/libssl/interop/session/Makefile
+++ b/src/regress/lib/libssl/interop/session/Makefile
@@ -1,11 +1,8 @@
1# $OpenBSD: Makefile,v 1.12 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.14 2025/07/25 16:33:15 tb Exp $
2 2
3LIBRARIES = libressl 3LIBRARIES = libressl
4.if exists(/usr/local/bin/eopenssl33) 4.if exists(/usr/local/bin/eopenssl35)
5#LIBRARIES += openssl33 5#LIBRARIES += openssl35
6.endif
7.if exists(/usr/local/bin/eopenssl34)
8#LIBRARIES += openssl34
9.endif 6.endif
10 7
11run-session-client-libressl-server-libressl: 8run-session-client-libressl-server-libressl:
diff --git a/src/regress/lib/libssl/interop/version/Makefile b/src/regress/lib/libssl/interop/version/Makefile
index 605fba252f..5ee7d4c4f3 100644
--- a/src/regress/lib/libssl/interop/version/Makefile
+++ b/src/regress/lib/libssl/interop/version/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
2 2
3# Connect a client to a server. Both can be current libressl, or 3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS 4# openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS
@@ -7,11 +7,8 @@
7# print out. 7# print out.
8 8
9LIBRARIES = libressl 9LIBRARIES = libressl
10.if exists(/usr/local/bin/eopenssl33) 10.if exists(/usr/local/bin/eopenssl35)
11LIBRARIES += openssl33 11LIBRARIES += openssl35
12.endif
13.if exists(/usr/local/bin/eopenssl34)
14LIBRARIES += openssl34
15.endif 12.endif
16 13
17VERSIONS = any TLS1_2 TLS1_3 14VERSIONS = any TLS1_2 TLS1_3
@@ -29,8 +26,7 @@ FAIL_${cver}_${sver} = !
29.for slib in ${LIBRARIES} 26.for slib in ${LIBRARIES}
30 27
31.if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \ 28.if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \
32 ((("${clib}" != openssl33 && "${slib}" != openssl33)) || \ 29 ((("${clib}" != openssl35 && "${slib}" != openssl35)) || \
33 (("${clib}" != openssl34 && "${slib}" != openssl34)) || \
34 (("${cver}" != any && "${sver}" != any) && \ 30 (("${cver}" != any && "${sver}" != any) && \
35 ("${cver}" != TLS1 && "${sver}" != TLS1) && \ 31 ("${cver}" != TLS1 && "${sver}" != TLS1) && \
36 ("${cver}" != TLS1_1 && "${sver}" != TLS1_1))) 32 ("${cver}" != TLS1_1 && "${sver}" != TLS1_1)))
diff --git a/src/regress/lib/libssl/openssl-ruby/Makefile b/src/regress/lib/libssl/openssl-ruby/Makefile
index af8083f662..19d2f2fc40 100644
--- a/src/regress/lib/libssl/openssl-ruby/Makefile
+++ b/src/regress/lib/libssl/openssl-ruby/Makefile
@@ -1,10 +1,10 @@
1# $OpenBSD: Makefile,v 1.14 2024/08/31 11:14:58 tb Exp $ 1# $OpenBSD: Makefile,v 1.17 2025/06/27 03:32:08 tb Exp $
2 2
3OPENSSL_RUBY_TESTS = /usr/local/share/openssl-ruby-tests 3OPENSSL_RUBY_TESTS = /usr/local/share/openssl-ruby-tests
4.if exists(/usr/local/bin/ruby32) 4.if exists(/usr/local/bin/ruby33)
5RUBY_BINREV = 32
6.else
7RUBY_BINREV = 33 5RUBY_BINREV = 33
6.else
7RUBY_BINREV = 34
8.endif 8.endif
9RUBY = ruby${RUBY_BINREV} 9RUBY = ruby${RUBY_BINREV}
10 10
@@ -71,6 +71,21 @@ ${_t}: ${_BUILD_COOKIE}
71 -n ${_t} 71 -n ${_t}
72.endfor 72.endfor
73 73
74# These tests can be a pain to run. To run a small set of individual
75# ssl tests, set the test names separated by spaces in the environment
76# variable RUBY_SSL_TEST_TARGETS - then you can type "make <test_name>"
77# to run a single ruby ssl test.
78.for _t in ${RUBY_SSL_TEST_TARGETS}
79REGRESS_TARGETS += ${_t}
80REGRESS_EXPECTED_FAILURES += ${_t}
81${_t}: ${_BUILD_COOKIE}
82 cd ${BUILDDIR} && \
83 ${RUBY} -I. -I${OPENSSL_RUBY_TESTS}/test/openssl \
84 -I${OPENSSL_RUBY_TESTS}/lib \
85 ${OPENSSL_RUBY_TESTS}/test/openssl/test_ssl.rb \
86 -n ${_t}
87.endfor
88
74CLEANFILES += ${_BUILD_COOKIE} ${_TEST_COOKIE} ${_BUILDDIR_COOKIE} 89CLEANFILES += ${_BUILD_COOKIE} ${_TEST_COOKIE} ${_BUILDDIR_COOKIE}
75 90
76. if make(clean) || make(cleandir) 91. if make(clean) || make(cleandir)
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 68584998ce..4c3701a63d 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tlsexttest.c,v 1.94 2025/05/03 08:37:28 tb Exp $ */ 1/* $OpenBSD: tlsexttest.c,v 1.95 2025/12/04 21:03:42 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -3665,7 +3665,7 @@ test_tlsext_keyshare_client(void)
3665 if ((ssl->s3->hs.key_share = 3665 if ((ssl->s3->hs.key_share =
3666 tls_key_share_new_nid(NID_X25519)) == NULL) 3666 tls_key_share_new_nid(NID_X25519)) == NULL)
3667 errx(1, "failed to create key share"); 3667 errx(1, "failed to create key share");
3668 if (!tls_key_share_generate(ssl->s3->hs.key_share)) 3668 if (!tls_key_share_client_generate(ssl->s3->hs.key_share))
3669 errx(1, "failed to generate key share"); 3669 errx(1, "failed to generate key share");
3670 3670
3671 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; 3671 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
@@ -3890,14 +3890,14 @@ test_tlsext_keyshare_server(void)
3890 goto done; 3890 goto done;
3891 } 3891 }
3892 3892
3893 if (!tls_key_share_generate(ssl->s3->hs.key_share)) { 3893 if (!tls_key_share_server_generate(ssl->s3->hs.key_share)) {
3894 FAIL("failed to generate key share"); 3894 FAIL("failed to generate key share");
3895 goto done; 3895 goto done;
3896 } 3896 }
3897 3897
3898 CBS_init(&cbs, bogokey, sizeof(bogokey)); 3898 CBS_init(&cbs, bogokey, sizeof(bogokey));
3899 3899
3900 if (!tls_key_share_peer_public(ssl->s3->hs.key_share, &cbs, 3900 if (!tls_key_share_server_peer_public(ssl->s3->hs.key_share, &cbs,
3901 &decode_error, NULL)) { 3901 &decode_error, NULL)) {
3902 FAIL("failed to load peer public key\n"); 3902 FAIL("failed to load peer public key\n");
3903 goto done; 3903 goto done;
@@ -3926,7 +3926,7 @@ test_tlsext_keyshare_server(void)
3926 FAIL("failed to create key share"); 3926 FAIL("failed to create key share");
3927 goto done; 3927 goto done;
3928 } 3928 }
3929 if (!tls_key_share_generate(ssl->s3->hs.key_share)) { 3929 if (!tls_key_share_server_generate(ssl->s3->hs.key_share)) {
3930 FAIL("failed to generate key share"); 3930 FAIL("failed to generate key share");
3931 goto done; 3931 goto done;
3932 } 3932 }
diff --git a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py b/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
index 91aedad165..ff678ec9a8 100644
--- a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
+++ b/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
@@ -1,4 +1,4 @@
1# $OpenBSD: tlsfuzzer.py,v 1.56 2024/09/18 19:12:37 tb Exp $ 1# $OpenBSD: tlsfuzzer.py,v 1.57 2025/06/15 09:44:57 tb Exp $
2# 2#
3# Copyright (c) 2020 Theo Buehler <tb@openbsd.org> 3# Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
4# 4#
@@ -72,7 +72,7 @@ def substitute_alert(want, got):
72 return f"Expected alert description \"{want}\" " \ 72 return f"Expected alert description \"{want}\" " \
73 + f"does not match received \"{got}\"" 73 + f"does not match received \"{got}\""
74 74
75# test-tls13-finished.py has 70 failing tests that expect a "decode_error" 75# test_tls13_finished.py has 70 failing tests that expect a "decode_error"
76# instead of the "decrypt_error" sent by tls13_server_finished_recv(). 76# instead of the "decrypt_error" sent by tls13_server_finished_recv().
77# Both alerts appear to be reasonable in this context, so work around this 77# Both alerts appear to be reasonable in this context, so work around this
78# in the test instead of the library. 78# in the test instead of the library.
@@ -164,46 +164,46 @@ def generate_test_tls13_finished_args():
164 return args 164 return args
165 165
166tls13_tests = TestGroup("TLSv1.3 tests", [ 166tls13_tests = TestGroup("TLSv1.3 tests", [
167 Test("test-tls13-ccs.py"), 167 Test("test_tls13_ccs.py"),
168 Test("test-tls13-conversation.py"), 168 Test("test_tls13_conversation.py"),
169 Test("test-tls13-count-tickets.py"), 169 Test("test_tls13_count_tickets.py"),
170 Test("test-tls13-empty-alert.py"), 170 Test("test_tls13_empty_alert.py"),
171 Test("test-tls13-finished.py", generate_test_tls13_finished_args()), 171 Test("test_tls13_finished.py", generate_test_tls13_finished_args()),
172 Test("test-tls13-finished-plaintext.py"), 172 Test("test_tls13_finished_plaintext.py"),
173 Test("test-tls13-hrr.py"), 173 Test("test_tls13_hrr.py"),
174 Test("test-tls13-keyshare-omitted.py"), 174 Test("test_tls13_keyshare_omitted.py"),
175 Test("test-tls13-legacy-version.py"), 175 Test("test_tls13_legacy_version.py"),
176 Test("test-tls13-nociphers.py"), 176 Test("test_tls13_nociphers.py"),
177 Test("test-tls13-record-padding.py"), 177 Test("test_tls13_record_padding.py"),
178 # Exclude QUIC transport parameters 178 # Exclude QUIC transport parameters
179 Test("test-tls13-shuffled-extentions.py", [ "--exc", "57" ]), 179 Test("test_tls13_shuffled_extentions.py", [ "--exc", "57" ]),
180 Test("test-tls13-zero-content-type.py"), 180 Test("test_tls13_zero_content_type.py"),
181 181
182 # The skipped tests fail due to a bug in BIO_gets() which masks the retry 182 # The skipped tests fail due to a bug in BIO_gets() which masks the retry
183 # signalled from an SSL_read() failure. Testing with httpd(8) shows we're 183 # signalled from an SSL_read() failure. Testing with httpd(8) shows we're
184 # handling these corner cases correctly since tls13_record_layer.c -r1.47. 184 # handling these corner cases correctly since tls13_record_layer.c -r1.47.
185 Test("test-tls13-zero-length-data.py", [ 185 Test("test_tls13_zero_length_data.py", [
186 "-e", "zero-length app data", 186 "-e", "zero-length app data",
187 "-e", "zero-length app data with large padding", 187 "-e", "zero-length app data with large padding",
188 "-e", "zero-length app data with padding", 188 "-e", "zero-length app data with padding",
189 ]), 189 ]),
190 190
191 # We don't currently handle NSTs 191 # We don't currently handle NSTs
192 Test("test-tls13-connection-abort.py", ["-e", "After NewSessionTicket"]), 192 Test("test_tls13_connection_abort.py", ["-e", "After NewSessionTicket"]),
193]) 193])
194 194
195# Tests that take a lot of time (> ~30s on an x280) 195# Tests that take a lot of time (> ~30s on an x280)
196tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [ 196tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [
197 # XXX: Investigate the occasional message 197 # XXX: Investigate the occasional message
198 # "Got shared secret with 1 most significant bytes equal to zero." 198 # "Got shared secret with 1 most significant bytes equal to zero."
199 Test("test-tls13-dhe-shared-secret-padding.py", tls13_unsupported_ciphers), 199 Test("test_tls13_dhe_shared_secret_padding.py", tls13_unsupported_ciphers),
200 200
201 Test("test-tls13-invalid-ciphers.py"), 201 Test("test_tls13_invalid_ciphers.py"),
202 Test("test-tls13-serverhello-random.py", tls13_unsupported_ciphers), 202 Test("test_tls13_serverhello_random.py", tls13_unsupported_ciphers),
203 203
204 # Mark two tests cases as xfail for now. The tests expect an arguably 204 # Mark two tests cases as xfail for now. The tests expect an arguably
205 # correct decode_error while we send a decrypt_error (like fizz/boring). 205 # correct decode_error while we send a decrypt_error (like fizz/boring).
206 Test("test-tls13-record-layer-limits.py", [ 206 Test("test_tls13_record_layer_limits.py", [
207 "-x", "max size payload (2**14) of Finished msg, with 16348 bytes of left padding, cipher TLS_AES_128_GCM_SHA256", 207 "-x", "max size payload (2**14) of Finished msg, with 16348 bytes of left padding, cipher TLS_AES_128_GCM_SHA256",
208 "-X", substitute_alert("decode_error", "decrypt_error"), 208 "-X", substitute_alert("decode_error", "decrypt_error"),
209 "-x", "max size payload (2**14) of Finished msg, with 16348 bytes of left padding, cipher TLS_CHACHA20_POLY1305_SHA256", 209 "-x", "max size payload (2**14) of Finished msg, with 16348 bytes of left padding, cipher TLS_CHACHA20_POLY1305_SHA256",
@@ -212,22 +212,22 @@ tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [
212 # We don't accept an empty ECPF extension since it must advertise the 212 # We don't accept an empty ECPF extension since it must advertise the
213 # uncompressed point format. Exclude this extension type from the test. 213 # uncompressed point format. Exclude this extension type from the test.
214 Test( 214 Test(
215 "test-tls13-large-number-of-extensions.py", 215 "test_tls13_large_number_of_extensions.py",
216 tls13_args = ["--exc", "11"], 216 tls13_args = ["--exc", "11"],
217 ), 217 ),
218]) 218])
219 219
220tls13_extra_cert_tests = TestGroup("TLSv1.3 certificate tests", [ 220tls13_extra_cert_tests = TestGroup("TLSv1.3 certificate tests", [
221 # need to set up client certs to run these 221 # need to set up client certs to run these
222 Test("test-tls13-certificate-request.py"), 222 Test("test_tls13_certificate_request.py"),
223 Test("test-tls13-certificate-verify.py"), 223 Test("test_tls13_certificate_verify.py"),
224 Test("test-tls13-ecdsa-in-certificate-verify.py"), 224 Test("test_tls13_ecdsa_in_certificate_verify.py"),
225 Test("test-tls13-eddsa-in-certificate-verify.py"), 225 Test("test_tls13_eddsa_in_certificate_verify.py"),
226 226
227 # Test expects the server to have installed three certificates: 227 # Test expects the server to have installed three certificates:
228 # with P-256, P-384 and P-521 curve. Also SHA1+ECDSA is verified 228 # with P-256, P-384 and P-521 curve. Also SHA1+ECDSA is verified
229 # to not work. 229 # to not work.
230 Test("test-tls13-ecdsa-support.py"), 230 Test("test_tls13_ecdsa_support.py"),
231]) 231])
232 232
233tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [ 233tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
@@ -235,7 +235,7 @@ tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
235 # With X25519, we accept weak peer public keys and fail when we actually 235 # With X25519, we accept weak peer public keys and fail when we actually
236 # compute the keyshare. Other tests seem to indicate that we could be 236 # compute the keyshare. Other tests seem to indicate that we could be
237 # stricter about what keyshares we accept. 237 # stricter about what keyshares we accept.
238 Test("test-tls13-crfg-curves.py", [ 238 Test("test_tls13_crfg_curves.py", [
239 '-e', 'all zero x448 key share', 239 '-e', 'all zero x448 key share',
240 '-e', 'empty x448 key share', 240 '-e', 'empty x448 key share',
241 '-e', 'sanity x448 with compression ansiX962_compressed_char2', 241 '-e', 'sanity x448 with compression ansiX962_compressed_char2',
@@ -245,7 +245,7 @@ tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
245 '-e', 'too small x448 key share', 245 '-e', 'too small x448 key share',
246 '-e', 'x448 key share of "1"', 246 '-e', 'x448 key share of "1"',
247 ]), 247 ]),
248 Test("test-tls13-ecdhe-curves.py", [ 248 Test("test_tls13_ecdhe_curves.py", [
249 '-e', 'sanity - x448', 249 '-e', 'sanity - x448',
250 '-e', 'x448 - key share from other curve', 250 '-e', 'x448 - key share from other curve',
251 '-e', 'x448 - point at infinity', 251 '-e', 'x448 - point at infinity',
@@ -258,21 +258,21 @@ tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
258 # We have the logic corresponding to NSS's fix for CVE-2020-25648 258 # We have the logic corresponding to NSS's fix for CVE-2020-25648
259 # https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361 259 # https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
260 # so should not be affected by this issue. 260 # so should not be affected by this issue.
261 Test("test-tls13-multiple-ccs-messages.py"), 261 Test("test_tls13_multiple_ccs_messages.py"),
262 262
263 # https://github.com/openssl/openssl/issues/8369 263 # https://github.com/openssl/openssl/issues/8369
264 Test("test-tls13-obsolete-curves.py"), 264 Test("test_tls13_obsolete_curves.py"),
265 265
266 # 3 failing rsa_pss_pss tests 266 # 3 failing rsa_pss_pss tests
267 Test("test-tls13-rsa-signatures.py"), 267 Test("test_tls13_rsa_signatures.py"),
268 268
269 # The failing tests all expect an ri extension. What's up with that? 269 # The failing tests all expect an ri extension. What's up with that?
270 Test("test-tls13-version-negotiation.py"), 270 Test("test_tls13_version_negotiation.py"),
271]) 271])
272 272
273tls13_slow_failing_tests = TestGroup("slow, failing TLSv1.3 tests", [ 273tls13_slow_failing_tests = TestGroup("slow, failing TLSv1.3 tests", [
274 # Other test failures bugs in keyshare/tlsext negotiation? 274 # Other test failures bugs in keyshare/tlsext negotiation?
275 Test("test-tls13-unrecognised-groups.py"), # unexpected closure 275 Test("test_tls13_unrecognised_groups.py"), # unexpected closure
276 276
277 # 5 occasional failures: 277 # 5 occasional failures:
278 # 'app data split, conversation with KeyUpdate msg' 278 # 'app data split, conversation with KeyUpdate msg'
@@ -280,43 +280,43 @@ tls13_slow_failing_tests = TestGroup("slow, failing TLSv1.3 tests", [
280 # 'multiple KeyUpdate messages' 280 # 'multiple KeyUpdate messages'
281 # 'post-handshake KeyUpdate msg with update_not_request' 281 # 'post-handshake KeyUpdate msg with update_not_request'
282 # 'post-handshake KeyUpdate msg with update_request' 282 # 'post-handshake KeyUpdate msg with update_request'
283 Test("test-tls13-keyupdate.py"), 283 Test("test_tls13_keyupdate.py"),
284 284
285 Test("test-tls13-symetric-ciphers.py"), # unexpected message from peer 285 Test("test_tls13_symetric_ciphers.py"), # unexpected message from peer
286 286
287 # 6 tests fail: 'rsa_pkcs1_{md5,sha{1,224,256,384,512}} signature' 287 # 6 tests fail: 'rsa_pkcs1_{md5,sha{1,224,256,384,512}} signature'
288 # We send server hello, but the test expects handshake_failure 288 # We send server hello, but the test expects handshake_failure
289 Test("test-tls13-pkcs-signature.py"), 289 Test("test_tls13_pkcs_signature.py"),
290 # 8 tests fail: 'tls13 signature rsa_pss_{pss,rsae}_sha{256,384,512} 290 # 8 tests fail: 'tls13 signature rsa_pss_{pss,rsae}_sha{256,384,512}
291 Test("test-tls13-rsapss-signatures.py"), 291 Test("test_tls13_rsapss_signatures.py"),
292]) 292])
293 293
294tls13_unsupported_tests = TestGroup("TLSv1.3 tests for unsupported features", [ 294tls13_unsupported_tests = TestGroup("TLSv1.3 tests for unsupported features", [
295 # Tests for features we don't support 295 # Tests for features we don't support
296 Test("test-tls13-0rtt-garbage.py"), 296 Test("test_tls13_0rtt_garbage.py"),
297 Test("test-tls13-ffdhe-groups.py"), 297 Test("test_tls13_ffdhe_groups.py"),
298 Test("test-tls13-ffdhe-sanity.py"), 298 Test("test_tls13_ffdhe_sanity.py"),
299 Test("test-tls13-psk_dhe_ke.py"), 299 Test("test_tls13_psk_dhe_ke.py"),
300 Test("test-tls13-psk_ke.py"), 300 Test("test_tls13_psk_ke.py"),
301 301
302 # need server to react to HTTP GET for /keyupdate 302 # need server to react to HTTP GET for /keyupdate
303 Test("test-tls13-keyupdate-from-server.py"), 303 Test("test_tls13_keyupdate_from_server.py"),
304 304
305 # needs an echo server 305 # needs an echo server
306 Test("test-tls13-lengths.py"), 306 Test("test_tls13_lengths.py"),
307 307
308 # Weird test: tests servers that don't support 1.3 308 # Weird test: tests servers that don't support 1.3
309 Test("test-tls13-non-support.py"), 309 Test("test_tls13_non_support.py"),
310 310
311 # broken test script 311 # broken test script
312 # UnboundLocalError: local variable 'cert' referenced before assignment 312 # UnboundLocalError: local variable 'cert' referenced before assignment
313 Test("test-tls13-post-handshake-auth.py"), 313 Test("test_tls13_post_handshake_auth.py"),
314 314
315 # ExpectNewSessionTicket 315 # ExpectNewSessionTicket
316 Test("test-tls13-session-resumption.py"), 316 Test("test_tls13_session_resumption.py"),
317 317
318 # Server must be configured to support only rsa_pss_rsae_sha512 318 # Server must be configured to support only rsa_pss_rsae_sha512
319 Test("test-tls13-signature-algorithms.py"), 319 Test("test_tls13_signature_algorithms.py"),
320]) 320])
321 321
322tls12_exclude_legacy_protocols = [ 322tls12_exclude_legacy_protocols = [
@@ -345,52 +345,52 @@ tls12_exclude_legacy_protocols = [
345 345
346tls12_tests = TestGroup("TLSv1.2 tests", [ 346tls12_tests = TestGroup("TLSv1.2 tests", [
347 # Tests that pass as they are. 347 # Tests that pass as they are.
348 Test("test-aes-gcm-nonces.py"), 348 Test("test_aes_gcm_nonces.py"),
349 Test("test-connection-abort.py"), 349 Test("test_connection_abort.py"),
350 Test("test-conversation.py"), 350 Test("test_conversation.py"),
351 Test("test-cve-2016-2107.py"), 351 Test("test_cve_2016_2107.py"),
352 Test("test-cve-2016-6309.py"), 352 Test("test_cve_2016_6309.py"),
353 Test("test-dhe-rsa-key-exchange.py"), 353 Test("test_dhe_rsa_key_exchange.py"),
354 Test("test-early-application-data.py"), 354 Test("test_early_application_data.py"),
355 Test("test-empty-extensions.py"), 355 Test("test_empty_extensions.py"),
356 Test("test-extensions.py"), 356 Test("test_extensions.py"),
357 Test("test-fuzzed-MAC.py"), 357 Test("test_fuzzed_MAC.py"),
358 Test("test-fuzzed-ciphertext.py"), 358 Test("test_fuzzed_ciphertext.py"),
359 Test("test-fuzzed-finished.py"), 359 Test("test_fuzzed_finished.py"),
360 Test("test-fuzzed-padding.py"), 360 Test("test_fuzzed_padding.py"),
361 Test("test-fuzzed-plaintext.py"), # fails once in a while 361 Test("test_fuzzed_plaintext.py"), # fails once in a while
362 Test("test-hello-request-by-client.py"), 362 Test("test_hello_request_by_client.py"),
363 Test("test-invalid-cipher-suites.py"), 363 Test("test_invalid_cipher_suites.py"),
364 Test("test-invalid-content-type.py"), 364 Test("test_invalid_content_type.py"),
365 Test("test-invalid-session-id.py"), 365 Test("test_invalid_session_id.py"),
366 Test("test-invalid-version.py"), 366 Test("test_invalid_version.py"),
367 Test("test-large-number-of-extensions.py"), 367 Test("test_large_number_of_extensions.py"),
368 Test("test-lucky13.py"), 368 Test("test_lucky13.py"),
369 Test("test-message-skipping.py"), 369 Test("test_message_skipping.py"),
370 Test("test-no-heartbeat.py"), 370 Test("test_no_heartbeat.py"),
371 Test("test-record-layer-fragmentation.py"), 371 Test("test_record_layer_fragmentation.py"),
372 Test("test-sslv2-connection.py"), 372 Test("test_sslv2_connection.py"),
373 Test("test-truncating-of-finished.py"), 373 Test("test_truncating_of_finished.py"),
374 Test("test-truncating-of-kRSA-client-key-exchange.py"), 374 Test("test_truncating_of_kRSA_client_key_exchange.py"),
375 Test("test-unsupported-curve-fallback.py"), 375 Test("test_unsupported_curve_fallback.py"),
376 Test("test-version-numbers.py"), 376 Test("test_version_numbers.py"),
377 Test("test-zero-length-data.py"), 377 Test("test_zero_length_data.py"),
378 378
379 # Tests that need tweaking for unsupported features and ciphers. 379 # Tests that need tweaking for unsupported features and ciphers.
380 Test( 380 Test(
381 "test-atypical-padding.py", [ 381 "test_atypical_padding.py", [
382 "-e", "sanity - encrypt then MAC", 382 "-e", "sanity - encrypt then MAC",
383 "-e", "2^14 bytes of AppData with 256 bytes of padding (SHA1 + Encrypt then MAC)", 383 "-e", "2^14 bytes of AppData with 256 bytes of padding (SHA1 + Encrypt then MAC)",
384 ] 384 ]
385 ), 385 ),
386 Test( 386 Test(
387 "test-ccs.py", [ 387 "test_ccs.py", [
388 "-x", "two bytes long CCS", 388 "-x", "two bytes long CCS",
389 "-X", substitute_alert("unexpected_message", "decode_error"), 389 "-X", substitute_alert("unexpected_message", "decode_error"),
390 ] 390 ]
391 ), 391 ),
392 Test( 392 Test(
393 "test-dhe-rsa-key-exchange-signatures.py", [ 393 "test_dhe_rsa_key_exchange_signatures.py", [
394 "-e", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha224 signature", 394 "-e", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha224 signature",
395 "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 sha224 signature", 395 "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 sha224 signature",
396 "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA sha224 signature", 396 "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA sha224 signature",
@@ -398,14 +398,14 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
398 "-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA sha224 signature", 398 "-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA sha224 signature",
399 ] 399 ]
400 ), 400 ),
401 Test("test-dhe-rsa-key-exchange-with-bad-messages.py", [ 401 Test("test_dhe_rsa_key_exchange_with_bad_messages.py", [
402 "-x", "invalid dh_Yc value - missing", 402 "-x", "invalid dh_Yc value - missing",
403 "-X", substitute_alert("decode_error", "illegal_parameter"), 403 "-X", substitute_alert("decode_error", "illegal_parameter"),
404 ]), 404 ]),
405 Test("test-dhe-key-share-random.py", tls12_exclude_legacy_protocols), 405 Test("test_dhe_key_share_random.py", tls12_exclude_legacy_protocols),
406 Test("test-export-ciphers-rejected.py", ["--min-ver", "TLSv1.2"]), 406 Test("test_export_ciphers_rejected.py", ["--min-ver", "TLSv1.2"]),
407 Test( 407 Test(
408 "test-downgrade-protection.py", 408 "test_downgrade_protection.py",
409 tls12_args = ["--server-max-protocol", "TLSv1.2"], 409 tls12_args = ["--server-max-protocol", "TLSv1.2"],
410 tls13_args = [ 410 tls13_args = [
411 "--server-max-protocol", "TLSv1.3", 411 "--server-max-protocol", "TLSv1.3",
@@ -414,7 +414,7 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
414 ] 414 ]
415 ), 415 ),
416 Test( 416 Test(
417 "test-fallback-scsv.py", 417 "test_fallback_scsv.py",
418 tls13_args = [ 418 tls13_args = [
419 "--tls-1.3", 419 "--tls-1.3",
420 "-e", "FALLBACK - hello TLSv1.1 - pos 0", 420 "-e", "FALLBACK - hello TLSv1.1 - pos 0",
@@ -428,7 +428,7 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
428 ] 428 ]
429 ), 429 ),
430 430
431 Test("test-invalid-compression-methods.py", [ 431 Test("test_invalid_compression_methods.py", [
432 "-x", "invalid compression methods", 432 "-x", "invalid compression methods",
433 "-X", substitute_alert("illegal_parameter", "decode_error"), 433 "-X", substitute_alert("illegal_parameter", "decode_error"),
434 "-x", "only deflate compression method", 434 "-x", "only deflate compression method",
@@ -437,134 +437,134 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
437 437
438 # Skip extended_master_secret test. Since we don't support this 438 # Skip extended_master_secret test. Since we don't support this
439 # extension, we don't notice that it was dropped. 439 # extension, we don't notice that it was dropped.
440 Test("test-renegotiation-changed-clienthello.py", [ 440 Test("test_renegotiation_changed_clienthello.py", [
441 "-e", "drop extended_master_secret in renegotiation", 441 "-e", "drop extended_master_secret in renegotiation",
442 ]), 442 ]),
443 443
444 Test("test-sessionID-resumption.py", [ 444 Test("test_sessionID_resumption.py", [
445 "-x", "Client Hello too long session ID", 445 "-x", "Client Hello too long session ID",
446 "-X", substitute_alert("decode_error", "illegal_parameter"), 446 "-X", substitute_alert("decode_error", "illegal_parameter"),
447 ]), 447 ]),
448 448
449 # Without --sig-algs-drop-ok, two tests fail since we do not currently 449 # Without --sig-algs-drop-ok, two tests fail since we do not currently
450 # implement the signature_algorithms_cert extension (although we MUST). 450 # implement the signature_algorithms_cert extension (although we MUST).
451 Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]), 451 Test("test_sig_algs_renegotiation_resumption.py", ["--sig-algs-drop-ok"]),
452 452
453 Test("test-serverhello-random.py", args = tls12_exclude_legacy_protocols), 453 Test("test_serverhello_random.py", args = tls12_exclude_legacy_protocols),
454 454
455 Test("test-chacha20.py", [ "-e", "Chacha20 in TLS1.1" ]), 455 Test("test_chacha20.py", [ "-e", "Chacha20 in TLS1.1" ]),
456]) 456])
457 457
458tls12_slow_tests = TestGroup("slow TLSv1.2 tests", [ 458tls12_slow_tests = TestGroup("slow TLSv1.2 tests", [
459 Test("test-cve-2016-7054.py"), 459 Test("test_cve_2016_7054.py"),
460 Test("test-dhe-no-shared-secret-padding.py", tls12_exclude_legacy_protocols), 460 Test("test_dhe_no_shared_secret_padding.py", tls12_exclude_legacy_protocols),
461 Test("test-ecdhe-padded-shared-secret.py", tls12_exclude_legacy_protocols), 461 Test("test_ecdhe_padded_shared_secret.py", tls12_exclude_legacy_protocols),
462 Test("test-ecdhe-rsa-key-share-random.py", tls12_exclude_legacy_protocols), 462 Test("test_ecdhe_rsa_key_share_random.py", tls12_exclude_legacy_protocols),
463 # Start at extension number 58 to avoid QUIC transport parameters (57) 463 # Start at extension number 58 to avoid QUIC transport parameters (57)
464 Test("test-large-hello.py", [ "-m", "58" ]), 464 Test("test_large_hello.py", [ "-m", "58" ]),
465]) 465])
466 466
467tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [ 467tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
468 # no shared cipher 468 # no shared cipher
469 Test("test-aesccm.py"), 469 Test("test_aesccm.py"),
470 # need server to set up alpn 470 # need server to set up alpn
471 Test("test-alpn-negotiation.py"), 471 Test("test_alpn_negotiation.py"),
472 # Failing on TLS_RSA_WITH_AES_128_CBC_SHA because server does not support it. 472 # Failing on TLS_RSA_WITH_AES_128_CBC_SHA because server does not support it.
473 Test("test-bleichenbacher-timing-pregenerate.py"), 473 Test("test_bleichenbacher_timing_pregenerate.py"),
474 # many tests fail due to unexpected server_name extension 474 # many tests fail due to unexpected server_name extension
475 Test("test-bleichenbacher-workaround.py"), 475 Test("test_bleichenbacher_workaround.py"),
476 476
477 # need client key and cert plus extra server setup 477 # need client key and cert plus extra server setup
478 Test("test-certificate-malformed.py"), 478 Test("test_certificate_malformed.py"),
479 Test("test-certificate-request.py"), 479 Test("test_certificate_request.py"),
480 Test("test-certificate-verify-malformed-sig.py"), 480 Test("test_certificate_verify_malformed_sig.py"),
481 Test("test-certificate-verify-malformed.py"), 481 Test("test_certificate_verify_malformed.py"),
482 Test("test-certificate-verify.py"), 482 Test("test_certificate_verify.py"),
483 Test("test-ecdsa-in-certificate-verify.py"), 483 Test("test_ecdsa_in_certificate_verify.py"),
484 Test("test-eddsa-in-certificate-verify.py"), 484 Test("test_eddsa_in_certificate_verify.py"),
485 Test("test-renegotiation-disabled-client-cert.py"), 485 Test("test_renegotiation_disabled_client_cert.py"),
486 Test("test-rsa-pss-sigs-on-certificate-verify.py"), 486 Test("test_rsa_pss_sigs_on_certificate_verify.py"),
487 Test("test-rsa-sigs-on-certificate-verify.py"), 487 Test("test_rsa_sigs_on_certificate_verify.py"),
488 488
489 # test doesn't expect session ticket 489 # test doesn't expect session ticket
490 Test("test-client-compatibility.py"), 490 Test("test_client_compatibility.py"),
491 # abrupt closure 491 # abrupt closure
492 Test("test-client-hello-max-size.py"), 492 Test("test_client_hello_max_size.py"),
493 # unknown signature algorithms 493 # unknown signature algorithms
494 Test("test-clienthello-md5.py"), 494 Test("test_clienthello_md5.py"),
495 495
496 # Tests expect an illegal_parameter or a decode_error alert. Should be 496 # Tests expect an illegal_parameter or a decode_error alert. Should be
497 # added to ssl3_get_client_key_exchange on kex function failure. 497 # added to ssl3_get_client_key_exchange on kex function failure.
498 Test("test-ecdhe-rsa-key-exchange-with-bad-messages.py"), 498 Test("test_ecdhe_rsa_key_exchange_with_bad_messages.py"),
499 499
500 # We send a handshake_failure due to no shared ciphers while the 500 # We send a handshake_failure due to no shared ciphers while the
501 # test expects to succeed. 501 # test expects to succeed.
502 Test("test-ecdhe-rsa-key-exchange.py"), 502 Test("test_ecdhe_rsa_key_exchange.py"),
503 503
504 # no shared cipher 504 # no shared cipher
505 Test("test-ecdsa-sig-flexibility.py"), 505 Test("test_ecdsa_sig_flexibility.py"),
506 506
507 # Tests expect SH but we send unexpected_message or handshake_failure 507 # Tests expect SH but we send unexpected_message or handshake_failure
508 # 'Application data inside Client Hello' 508 # 'Application data inside Client Hello'
509 # 'Application data inside Client Key Exchange' 509 # 'Application data inside Client Key Exchange'
510 # 'Application data inside Finished' 510 # 'Application data inside Finished'
511 Test("test-interleaved-application-data-and-fragmented-handshakes-in-renegotiation.py"), 511 Test("test_interleaved_application_data_and_fragmented_handshakes_in_renegotiation.py"),
512 # Tests expect SH but we send handshake_failure 512 # Tests expect SH but we send handshake_failure
513 # 'Application data before Change Cipher Spec' 513 # 'Application data before Change Cipher Spec'
514 # 'Application data before Client Key Exchange' 514 # 'Application data before Client Key Exchange'
515 # 'Application data before Finished' 515 # 'Application data before Finished'
516 Test("test-interleaved-application-data-in-renegotiation.py"), 516 Test("test_interleaved_application_data_in_renegotiation.py"),
517 517
518 # broken test script 518 # broken test script
519 # TypeError: '<' not supported between instances of 'int' and 'NoneType' 519 # TypeError: '<' not supported between instances of 'int' and 'NoneType'
520 Test("test-invalid-client-hello-w-record-overflow.py"), 520 Test("test_invalid_client_hello_w_record_overflow.py"),
521 521
522 # Lots of failures. abrupt closure 522 # Lots of failures. abrupt closure
523 Test("test-invalid-client-hello.py"), 523 Test("test_invalid_client_hello.py"),
524 524
525 # abrupt closure 525 # abrupt closure
526 # 'encrypted premaster set to all zero (n)' n in 256 384 512 526 # 'encrypted premaster set to all zero (n)' n in 256 384 512
527 Test("test-invalid-rsa-key-exchange-messages.py"), 527 Test("test_invalid_rsa_key_exchange_messages.py"),
528 528
529 # test expects illegal_parameter, we send unrecognized_name (which seems 529 # test expects illegal_parameter, we send unrecognized_name (which seems
530 # correct according to rfc 6066?) 530 # correct according to rfc 6066?)
531 Test("test-invalid-server-name-extension-resumption.py"), 531 Test("test_invalid_server_name_extension_resumption.py"),
532 # let through some server names without sending an alert 532 # let through some server names without sending an alert
533 # again illegal_parameter vs unrecognized_name 533 # again illegal_parameter vs unrecognized_name
534 Test("test-invalid-server-name-extension.py"), 534 Test("test_invalid_server_name_extension.py"),
535 535
536 # 4 failures: 536 # 4 failures:
537 # 'insecure (legacy) renegotiation with GET after 2nd handshake' 537 # 'insecure (legacy) renegotiation with GET after 2nd handshake'
538 # 'insecure (legacy) renegotiation with incomplete GET' 538 # 'insecure (legacy) renegotiation with incomplete GET'
539 # 'secure renegotiation with GET after 2nd handshake' 539 # 'secure renegotiation with GET after 2nd handshake'
540 # 'secure renegotiation with incomplete GET' 540 # 'secure renegotiation with incomplete GET'
541 Test("test-legacy-renegotiation.py"), 541 Test("test_legacy_renegotiation.py"),
542 542
543 # 1 failure (timeout): we don't send the unexpected_message alert 543 # 1 failure (timeout): we don't send the unexpected_message alert
544 # 'duplicate change cipher spec after Finished' 544 # 'duplicate change cipher spec after Finished'
545 Test("test-message-duplication.py"), 545 Test("test_message_duplication.py"),
546 546
547 # server should send status_request 547 # server should send status_request
548 Test("test-ocsp-stapling.py"), 548 Test("test_ocsp_stapling.py"),
549 549
550 # unexpected closure 550 # unexpected closure
551 Test("test-openssl-3712.py"), 551 Test("test_openssl_3712.py"),
552 552
553 # failed: 3 (expect an alert, we send AD) 553 # failed: 3 (expect an alert, we send AD)
554 # 'try insecure (legacy) renegotiation with incomplete GET' 554 # 'try insecure (legacy) renegotiation with incomplete GET'
555 # 'try secure renegotiation with GET after 2nd CH' 555 # 'try secure renegotiation with GET after 2nd CH'
556 # 'try secure renegotiation with incomplete GET' 556 # 'try secure renegotiation with incomplete GET'
557 Test("test-renegotiation-disabled.py"), 557 Test("test_renegotiation_disabled.py"),
558 558
559 # 'resumption of safe session with NULL cipher' 559 # 'resumption of safe session with NULL cipher'
560 # 'resumption with cipher from old CH but not selected by server' 560 # 'resumption with cipher from old CH but not selected by server'
561 Test("test-resumption-with-wrong-ciphers.py"), 561 Test("test_resumption_with_wrong_ciphers.py"),
562 562
563 # 'session resumption with empty session_id' 563 # 'session resumption with empty session_id'
564 # 'session resumption with random session_id' 564 # 'session resumption with random session_id'
565 # 'session resumption with renegotiation' 565 # 'session resumption with renegotiation'
566 # AssertionError: Server did not send extension(s): session_ticket 566 # AssertionError: Server did not send extension(s): session_ticket
567 Test("test-session-ticket-resumption.py"), 567 Test("test_session_ticket_resumption.py"),
568 568
569 # 5 failures: 569 # 5 failures:
570 # 'empty sigalgs' 570 # 'empty sigalgs'
@@ -572,7 +572,7 @@ tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
572 # 'rsa_pss_pss_sha256 only' 572 # 'rsa_pss_pss_sha256 only'
573 # 'rsa_pss_pss_sha384 only' 573 # 'rsa_pss_pss_sha384 only'
574 # 'rsa_pss_pss_sha512 only' 574 # 'rsa_pss_pss_sha512 only'
575 Test("test-sig-algs.py"), 575 Test("test_sig_algs.py"),
576 576
577 # 13 failures: 577 # 13 failures:
578 # 'duplicated n non-rsa schemes' for n in 202 2342 8119 23741 32744 578 # 'duplicated n non-rsa schemes' for n in 202 2342 8119 23741 32744
@@ -581,51 +581,51 @@ tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
581 # 'tolerance 32758 methods with sig_alg_cert' 581 # 'tolerance 32758 methods with sig_alg_cert'
582 # 'tolerance max 32744 number of methods with sig_alg_cert' 582 # 'tolerance max 32744 number of methods with sig_alg_cert'
583 # 'tolerance max (32760) number of methods' 583 # 'tolerance max (32760) number of methods'
584 Test("test-signature-algorithms.py"), 584 Test("test_signature_algorithms.py"),
585 585
586 # times out 586 # times out
587 Test("test-ssl-death-alert.py"), 587 Test("test_ssl_death_alert.py"),
588 588
589 # 17 pass, 13 fail. padding and truncation 589 # 17 pass, 13 fail. padding and truncation
590 Test("test-truncating-of-client-hello.py"), 590 Test("test_truncating_of_client_hello.py"),
591 591
592 # x448 tests need disabling plus x25519 corner cases need sorting out 592 # x448 tests need disabling plus x25519 corner cases need sorting out
593 Test("test-x25519.py"), 593 Test("test_x25519.py"),
594 594
595 # Needs TLS 1.0 or 1.1 595 # Needs TLS 1.0 or 1.1
596 Test("test-TLSv1_2-rejected-without-TLSv1_2.py"), 596 Test("test_TLSv1_2_rejected_without_TLSv1_2.py"),
597]) 597])
598 598
599tls12_unsupported_tests = TestGroup("TLSv1.2 for unsupported features", [ 599tls12_unsupported_tests = TestGroup("TLSv1.2 for unsupported features", [
600 # protocol_version 600 # protocol_version
601 Test("test-SSLv3-padding.py"), 601 Test("test_SSLv3_padding.py"),
602 # we don't do RSA key exchanges 602 # we don't do RSA key exchanges
603 Test("test-bleichenbacher-timing.py"), 603 Test("test_bleichenbacher_timing.py"),
604 # no encrypt-then-mac 604 # no encrypt-then-mac
605 Test("test-encrypt-then-mac-renegotiation.py"), 605 Test("test_encrypt_then_mac_renegotiation.py"),
606 Test("test-encrypt-then-mac.py"), 606 Test("test_encrypt_then_mac.py"),
607 # no EME support 607 # no EME support
608 Test("test-extended-master-secret-extension-with-client-cert.py"), 608 Test("test_extended_master_secret_extension_with_client_cert.py"),
609 Test("test-extended-master-secret-extension.py"), 609 Test("test_extended_master_secret_extension.py"),
610 # no ffdhe 610 # no ffdhe
611 Test("test-ffdhe-expected-params.py"), 611 Test("test_ffdhe_expected_params.py"),
612 Test("test-ffdhe-negotiation.py"), 612 Test("test_ffdhe_negotiation.py"),
613 # record_size_limit/max_fragment_length extension (RFC 8449) 613 # record_size_limit/max_fragment_length extension (RFC 8449)
614 Test("test-record-size-limit.py"), 614 Test("test_record_size_limit.py"),
615 # expects the server to send the heartbeat extension 615 # expects the server to send the heartbeat extension
616 Test("test-heartbeat.py"), 616 Test("test_heartbeat.py"),
617 # needs an echo server 617 # needs an echo server
618 Test("test-lengths.py"), 618 Test("test_lengths.py"),
619]) 619])
620 620
621# These tests take a ton of time to fail against an 1.3 server, 621# These tests take a ton of time to fail against an 1.3 server,
622# so don't run them against 1.3 pending further investigation. 622# so don't run them against 1.3 pending further investigation.
623legacy_tests = TestGroup("Legacy protocol tests", [ 623legacy_tests = TestGroup("Legacy protocol tests", [
624 Test("test-sslv2-force-cipher-3des.py"), 624 Test("test_sslv2_force_cipher_3des.py"),
625 Test("test-sslv2-force-cipher-non3des.py"), 625 Test("test_sslv2_force_cipher_non3des.py"),
626 Test("test-sslv2-force-cipher.py"), 626 Test("test_sslv2_force_cipher.py"),
627 Test("test-sslv2-force-export-cipher.py"), 627 Test("test_sslv2_force_export_cipher.py"),
628 Test("test-sslv2hello-protocol.py"), 628 Test("test_sslv2hello_protocol.py"),
629]) 629])
630 630
631all_groups = [ 631all_groups = [
diff --git a/src/regress/lib/libssl/unit/Makefile b/src/regress/lib/libssl/unit/Makefile
index 6a925069ca..edc0d910c4 100644
--- a/src/regress/lib/libssl/unit/Makefile
+++ b/src/regress/lib/libssl/unit/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.16 2023/05/24 09:15:14 tb Exp $ 1# $OpenBSD: Makefile,v 1.17 2025/10/24 11:44:08 tb Exp $
2 2
3PROGS += cipher_list 3PROGS += cipher_list
4PROGS += ssl_get_shared_ciphers 4PROGS += ssl_get_shared_ciphers
@@ -16,6 +16,4 @@ CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
16CFLAGS+= -DCERTSDIR=\"${.CURDIR}/../certs\" 16CFLAGS+= -DCERTSDIR=\"${.CURDIR}/../certs\"
17CFLAGS+= -I${.CURDIR}/../../../../lib/libssl 17CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
18 18
19LDADD_ssl_verify_param = ${LIBSSL} ${CRYPTO_INT}
20
21.include <bsd.regress.mk> 19.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/unit/ssl_verify_param.c b/src/regress/lib/libssl/unit/ssl_verify_param.c
index cdb52c56a8..05af9be2be 100644
--- a/src/regress/lib/libssl/unit/ssl_verify_param.c
+++ b/src/regress/lib/libssl/unit/ssl_verify_param.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_verify_param.c,v 1.1 2023/05/24 08:54:59 tb Exp $ */ 1/* $OpenBSD: ssl_verify_param.c,v 1.3 2025/10/24 11:43:34 tb Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2023 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
@@ -20,10 +20,9 @@
20#include <stdio.h> 20#include <stdio.h>
21 21
22#include <openssl/ssl.h> 22#include <openssl/ssl.h>
23#include <openssl/x509_vfy.h>
23#include <openssl/x509v3.h> 24#include <openssl/x509v3.h>
24 25
25unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param);
26
27static int 26static int
28ssl_verify_param_flags_inherited(void) 27ssl_verify_param_flags_inherited(void)
29{ 28{
diff --git a/src/regress/lib/libtls/tls/tlstest.c b/src/regress/lib/libtls/tls/tlstest.c
index b675c798b4..d52156128d 100644
--- a/src/regress/lib/libtls/tls/tlstest.c
+++ b/src/regress/lib/libtls/tls/tlstest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tlstest.c,v 1.16 2024/08/02 15:02:22 tb Exp $ */ 1/* $OpenBSD: tlstest.c,v 1.17 2025/06/04 10:28:00 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -531,6 +531,142 @@ do_tls_version_tests(void)
531 return failure; 531 return failure;
532} 532}
533 533
534static int
535test_tls_alpn(const char *client_alpn, const char *server_alpn,
536 const char *selected)
537{
538 struct tls_config *client_cfg, *server_cfg;
539 struct tls *client, *server, *server_cctx;
540 const char *got_server, *got_client;
541 int failed = 1;
542
543 if ((client = tls_client()) == NULL)
544 errx(1, "failed to create tls client");
545 if ((client_cfg = tls_config_new()) == NULL)
546 errx(1, "failed to create tls client config");
547 tls_config_insecure_noverifyname(client_cfg);
548 if (tls_config_set_alpn(client_cfg, client_alpn) == -1)
549 errx(1, "failed to set alpn: %s", tls_config_error(client_cfg));
550 if (tls_config_set_ca_file(client_cfg, cafile) == -1)
551 errx(1, "failed to set ca: %s", tls_config_error(client_cfg));
552
553 if ((server = tls_server()) == NULL)
554 errx(1, "failed to create tls server");
555 if ((server_cfg = tls_config_new()) == NULL)
556 errx(1, "failed to create tls server config");
557 if (tls_config_set_alpn(server_cfg, server_alpn) == -1)
558 errx(1, "failed to set alpn: %s", tls_config_error(server_cfg));
559 if (tls_config_set_keypair_file(server_cfg, certfile, keyfile) == -1)
560 errx(1, "failed to set keypair: %s",
561 tls_config_error(server_cfg));
562
563 if (tls_configure(client, client_cfg) == -1)
564 errx(1, "failed to configure client: %s", tls_error(client));
565 tls_reset(server);
566 if (tls_configure(server, server_cfg) == -1)
567 errx(1, "failed to configure server: %s", tls_error(server));
568
569 tls_config_free(client_cfg);
570 tls_config_free(server_cfg);
571
572 circular_init();
573
574 if (tls_accept_cbs(server, &server_cctx, server_read, server_write,
575 NULL) == -1)
576 errx(1, "failed to accept: %s", tls_error(server));
577
578 if (tls_connect_cbs(client, client_read, client_write, NULL,
579 "test") == -1)
580 errx(1, "failed to connect: %s", tls_error(client));
581
582 if (do_client_server_test("alpn", client, server_cctx) != 0)
583 goto fail;
584
585 got_server = tls_conn_alpn_selected(server_cctx);
586 got_client = tls_conn_alpn_selected(client);
587
588 if (got_server == NULL || got_client == NULL) {
589 printf("FAIL: expected ALPN for server and client, got "
590 "server: %p, client %p\n", got_server, got_client);
591 goto fail;
592 }
593
594 if (strcmp(got_server, got_client) != 0) {
595 printf("FAIL: ALPN mismatch: server %s, client %s\n",
596 got_server, got_client);
597 goto fail;
598 }
599
600 if (strcmp(selected, got_server) != 0) {
601 printf("FAIL: ALPN mismatch: want %s, got %s\n",
602 selected, got_server);
603 goto fail;
604 }
605
606 failed = 0;
607
608 fail:
609 tls_free(client);
610 tls_free(server);
611 tls_free(server_cctx);
612
613 return (failed);
614}
615
616static const struct test_alpn {
617 const char *client;
618 const char *server;
619 const char *selected;
620} tls_test_alpn[] = {
621 {
622 .client = "http/2,http/1.1",
623 .server = "http/1.1",
624 .selected = "http/1.1",
625 },
626 {
627 .client = "http/2,http/1.1",
628 .server = "http/2,http/1.1",
629 .selected = "http/2",
630 },
631 {
632 .client = "http/1.1,http/2",
633 .server = "http/2,http/1.1",
634 .selected = "http/2",
635 },
636 {
637 .client = "http/2,http/1.1",
638 .server = "http/1.1,http/2",
639 .selected = "http/1.1",
640 },
641 {
642 .client = "http/1.1",
643 .server = "http/2,http/1.1",
644 .selected = "http/1.1",
645 },
646};
647
648#define N_TLS_ALPN_TESTS (sizeof(tls_test_alpn) / sizeof(tls_test_alpn[0]))
649
650static int
651do_tls_alpn_tests(void)
652{
653 const struct test_alpn *ta;
654 int failure = 0;
655 size_t i;
656
657 printf("== TLS alpn tests ==\n");
658
659 for (i = 0; i < N_TLS_ALPN_TESTS; i++) {
660 ta = &tls_test_alpn[i];
661 printf("INFO: alpn test %zu - client alpn '%s' "
662 "and server alpn '%s'\n", i, ta->client, ta->server);
663 failure |= test_tls_alpn(ta->client, ta->server, ta->selected);
664 printf("\n");
665 }
666
667 return failure;
668}
669
534int 670int
535main(int argc, char **argv) 671main(int argc, char **argv)
536{ 672{
@@ -549,6 +685,7 @@ main(int argc, char **argv)
549 failure |= do_tls_tests(); 685 failure |= do_tls_tests();
550 failure |= do_tls_ordering_tests(); 686 failure |= do_tls_ordering_tests();
551 failure |= do_tls_version_tests(); 687 failure |= do_tls_version_tests();
688 failure |= do_tls_alpn_tests();
552 689
553 return (failure); 690 return (failure);
554} 691}
diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh
index e394102f0d..d878a44a6a 100755
--- a/src/regress/usr.bin/openssl/appstest.sh
+++ b/src/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
1#!/bin/sh 1#!/bin/sh
2# 2#
3# $OpenBSD: appstest.sh,v 1.67 2025/01/19 11:04:35 tb Exp $ 3# $OpenBSD: appstest.sh,v 1.69 2025/12/20 07:04:28 tb Exp $
4# 4#
5# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> 5# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
6# 6#
@@ -1189,10 +1189,6 @@ __EOF__
1189 diff -b $cms_dgv $cms_txt 1189 diff -b $cms_dgv $cms_txt
1190 check_exit_status $? 1190 check_exit_status $?
1191 1191
1192 # compress
1193
1194 # uncompress
1195
1196 # EncryptedData_encrypt 1192 # EncryptedData_encrypt
1197 start_message "cms ... EncryptedData_encrypt" 1193 start_message "cms ... EncryptedData_encrypt"
1198 1194
@@ -1456,13 +1452,14 @@ function test_sc_by_protocol_version {
1456 check_exit_status $? 1452 check_exit_status $?
1457 fi 1453 fi
1458 1454
1459 # check HRR hash 1455# This breaks since we added mlkem, I believe because the HRR value has changed.
1460 if [ $ver = "tls1_3" ] ; then 1456# # check HRR hash
1461 perl -0ne \ 1457# if [ $ver = "tls1_3" ] ; then
1462 'exit (!/ServerHello\n.*cf 21 ad 74 e5 9a 61 11 be 1d\n.*8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c 5e 07 9e\n.*09 e2 c8 a8 33 9c/m)' \ 1458# perl -0ne \
1463 $s_client_out 1459## 'exit (!/ServerHello\n.*cf 21 ad 74 e5 9a 61 11 be 1d\n.*8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c #5e 07 9e\n.*09 e2 c8 a8 33 9c/m)' \
1464 check_exit_status $? 1460# $s_client_out
1465 fi 1461# check_exit_status $?
1462# fi
1466 1463
1467 if [ $ver = "tls1_3" ] ; then 1464 if [ $ver = "tls1_3" ] ; then
1468 grep 'Server Temp Key: ECDH, .*384.*, 384 bits' $s_client_out \ 1465 grep 'Server Temp Key: ECDH, .*384.*, 384 bits' $s_client_out \
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-18 21:33:35 +0000