diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..7de2940
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/openssl-3.0.1-hobbled.tar.xz
diff --git a/.openssl.metadata b/.openssl.metadata
new file mode 100644
index 0000000..f4d8930
--- /dev/null
+++ b/.openssl.metadata
@@ -0,0 +1 @@
+1170b5119f0e591f6a2515d099abd06d0184f77c SOURCES/openssl-3.0.1-hobbled.tar.xz
diff --git a/SOURCES/0001-Aarch64-and-ppc64le-use-lib64.patch b/SOURCES/0001-Aarch64-and-ppc64le-use-lib64.patch
new file mode 100644
index 0000000..e5d23ba
--- /dev/null
+++ b/SOURCES/0001-Aarch64-and-ppc64le-use-lib64.patch
@@ -0,0 +1,33 @@
+From 603a35802319c0459737e3f067369ceb990fe2e6 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 24 Sep 2020 09:01:41 +0200
+Subject: Aarch64 and ppc64le use lib64
+
+(Was openssl-1.1.1-build.patch)
+---
+ Configurations/10-main.conf | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
+index d7580bf3e1..a7dbfd7f40 100644
+--- a/Configurations/10-main.conf
++++ b/Configurations/10-main.conf
+@@ -723,6 +723,7 @@ my %targets = (
+ lib_cppflags => add("-DL_ENDIAN"),
+ asm_arch => 'ppc64',
+ perlasm_scheme => "linux64le",
++ multilib => "64",
+ },
+
+ "linux-armv4" => {
+@@ -765,6 +766,7 @@ my %targets = (
+ inherit_from => [ "linux-generic64" ],
+ asm_arch => 'aarch64',
+ perlasm_scheme => "linux64",
++ multilib => "64",
+ },
+ "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
+ inherit_from => [ "linux-generic32" ],
+--
+2.26.2
+
diff --git a/SOURCES/0002-Use-more-general-default-values-in-openssl.cnf.patch b/SOURCES/0002-Use-more-general-default-values-in-openssl.cnf.patch
new file mode 100644
index 0000000..83ed599
--- /dev/null
+++ b/SOURCES/0002-Use-more-general-default-values-in-openssl.cnf.patch
@@ -0,0 +1,68 @@
+From 41df9ae215cee9574e17e6f887c96a7c97d588f5 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 24 Sep 2020 09:03:40 +0200
+Subject: Use more general default values in openssl.cnf
+
+Also set sha256 as default hash, although that should not be
+necessary anymore.
+
+(was openssl-1.1.1-defaults.patch)
+---
+ apps/openssl.cnf | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/apps/openssl.cnf b/apps/openssl.cnf
+index 97567a67be..eb25a0ac48 100644
+--- a/apps/openssl.cnf
++++ b/apps/openssl.cnf
+@@ -104,7 +104,7 @@ cert_opt = ca_default # Certificate field options
+
+ default_days = 365 # how long to certify for
+ default_crl_days= 30 # how long before next CRL
+-default_md = default # use public key default MD
++default_md = sha256 # use SHA-256 by default
+ preserve = no # keep passed DN ordering
+
+ # A few difference way of specifying how similar the request should look
+@@ -136,6 +136,7 @@ emailAddress = optional
+ ####################################################################
+ [ req ]
+ default_bits = 2048
++default_md = sha256
+ default_keyfile = privkey.pem
+ distinguished_name = req_distinguished_name
+ attributes = req_attributes
+@@ -158,17 +159,18 @@ string_mask = utf8only
+
+ [ req_distinguished_name ]
+ countryName = Country Name (2 letter code)
+-countryName_default = AU
++countryName_default = XX
+ countryName_min = 2
+ countryName_max = 2
+
+ stateOrProvinceName = State or Province Name (full name)
+-stateOrProvinceName_default = Some-State
++#stateOrProvinceName_default = Default Province
+
+ localityName = Locality Name (eg, city)
++localityName_default = Default City
+
+ 0.organizationName = Organization Name (eg, company)
+-0.organizationName_default = Internet Widgits Pty Ltd
++0.organizationName_default = Default Company Ltd
+
+ # we can do this but it is not needed normally :-)
+ #1.organizationName = Second Organization Name (eg, company)
+@@ -177,7 +179,7 @@ localityName = Locality Name (eg, city)
+ organizationalUnitName = Organizational Unit Name (eg, section)
+ #organizationalUnitName_default =
+
+-commonName = Common Name (e.g. server FQDN or YOUR name)
++commonName = Common Name (eg, your name or your server\'s hostname)
+ commonName_max = 64
+
+ emailAddress = Email Address
+--
+2.26.2
+
diff --git a/SOURCES/0003-Do-not-install-html-docs.patch b/SOURCES/0003-Do-not-install-html-docs.patch
new file mode 100644
index 0000000..66d62e0
--- /dev/null
+++ b/SOURCES/0003-Do-not-install-html-docs.patch
@@ -0,0 +1,26 @@
+From 3d5755df8d09ca841c0aca2d7344db060f6cc97f Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 24 Sep 2020 09:05:55 +0200
+Subject: Do not install html docs
+
+(was openssl-1.1.1-no-html.patch)
+---
+ Configurations/unix-Makefile.tmpl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index 342e46d24d..9f369edf0e 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -554,7 +554,7 @@ install_sw: install_dev install_engines install_modules install_runtime
+
+ uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev
+
+-install_docs: install_man_docs install_html_docs
++install_docs: install_man_docs
+
+ uninstall_docs: uninstall_man_docs uninstall_html_docs
+ $(RM) -r $(DESTDIR)$(DOCDIR)
+--
+2.26.2
+
diff --git a/SOURCES/0004-Override-default-paths-for-the-CA-directory-tree.patch b/SOURCES/0004-Override-default-paths-for-the-CA-directory-tree.patch
new file mode 100644
index 0000000..7c70c60
--- /dev/null
+++ b/SOURCES/0004-Override-default-paths-for-the-CA-directory-tree.patch
@@ -0,0 +1,73 @@
+From 6790960076742a9053c624e26fbb87fcd5789e27 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 24 Sep 2020 09:17:26 +0200
+Subject: Override default paths for the CA directory tree
+
+Also add default section to load crypto-policies configuration
+for TLS.
+
+It needs to be reverted before running tests.
+
+(was openssl-1.1.1-conf-paths.patch)
+---
+ apps/CA.pl.in | 2 +-
+ apps/openssl.cnf | 20 ++++++++++++++++++--
+ 2 files changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/apps/CA.pl.in b/apps/CA.pl.in
+index c0afb96716..d6a5fabd16 100644
+--- a/apps/CA.pl.in
++++ b/apps/CA.pl.in
+@@ -29,7 +29,7 @@ my $X509 = "$openssl x509";
+ my $PKCS12 = "$openssl pkcs12";
+
+ # Default values for various configuration settings.
+-my $CATOP = "./demoCA";
++my $CATOP = "/etc/pki/CA";
+ my $CAKEY = "cakey.pem";
+ my $CAREQ = "careq.pem";
+ my $CACERT = "cacert.pem";
+diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf
+--- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200
++++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200
+@@ -53,6 +53,8 @@ tsa_policy3 = 1.2.3.4.5.7
+
+ [openssl_init]
+ providers = provider_sect
++# Load default TLS policy configuration
++ssl_conf = ssl_module
+
+ # List of providers to load
+ [provider_sect]
+@@ -64,6 +66,13 @@ default = default_sect
+ [default_sect]
+ # activate = 1
+
++[ ssl_module ]
++
++system_default = crypto_policy
++
++[ crypto_policy ]
++
++.include = /etc/crypto-policies/back-ends/opensslcnf.config
+
+ ####################################################################
+ [ ca ]
+@@ -72,7 +81,7 @@ default_ca = CA_default # The default c
+ ####################################################################
+ [ CA_default ]
+
+-dir = ./demoCA # Where everything is kept
++dir = /etc/pki/CA # Where everything is kept
+ certs = $dir/certs # Where the issued certs are kept
+ crl_dir = $dir/crl # Where the issued crl are kept
+ database = $dir/index.txt # database index file.
+@@ -304,7 +313,7 @@ default_tsa = tsa_config1 # the default
+ [ tsa_config1 ]
+
+ # These are used by the TSA reply generation only.
+-dir = ./demoCA # TSA root directory
++dir = /etc/pki/CA # TSA root directory
+ serial = $dir/tsaserial # The current serial number (mandatory)
+ crypto_device = builtin # OpenSSL engine to use for signing
+ signer_cert = $dir/tsacert.pem # The TSA signing certificate
diff --git a/SOURCES/0005-apps-ca-fix-md-option-help-text.patch b/SOURCES/0005-apps-ca-fix-md-option-help-text.patch
new file mode 100644
index 0000000..1fed4c4
--- /dev/null
+++ b/SOURCES/0005-apps-ca-fix-md-option-help-text.patch
@@ -0,0 +1,28 @@
+From 3d8fa9859501b07e02b76b5577e2915d5851e927 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 24 Sep 2020 09:27:18 +0200
+Subject: apps/ca: fix md option help text
+
+upstreamable
+
+(was openssl-1.1.1-apps-dgst.patch)
+---
+ apps/ca.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/apps/ca.c b/apps/ca.c
+index 0f21b4fa1c..3d4b2c1673 100755
+--- a/apps/ca.c
++++ b/apps/ca.c
+@@ -209,7 +209,7 @@ const OPTIONS ca_options[] = {
+ {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
+
+ OPT_SECTION("Signing"),
+- {"md", OPT_MD, 's', "Digest to use, such as sha256"},
++ {"md", OPT_MD, 's', "Digest to use, such as sha256; see openssl help for list"},
+ {"keyfile", OPT_KEYFILE, 's', "The CA private key"},
+ {"keyform", OPT_KEYFORM, 'f',
+ "Private key file format (ENGINE, other values ignored)"},
+--
+2.26.2
+
diff --git a/SOURCES/0006-Disable-signature-verification-with-totally-unsafe-h.patch b/SOURCES/0006-Disable-signature-verification-with-totally-unsafe-h.patch
new file mode 100644
index 0000000..f9dd2dd
--- /dev/null
+++ b/SOURCES/0006-Disable-signature-verification-with-totally-unsafe-h.patch
@@ -0,0 +1,29 @@
+From 3f9deff30ae6efbfe979043b00cdf649b39793c0 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 24 Sep 2020 09:51:34 +0200
+Subject: Disable signature verification with totally unsafe hash algorithms
+
+(was openssl-1.1.1-no-weak-verify.patch)
+---
+ crypto/asn1/a_verify.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
+index b7eed914b0..af62f0ef08 100644
+--- a/crypto/asn1/a_verify.c
++++ b/crypto/asn1/a_verify.c
+@@ -152,6 +152,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
+ ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
+ if (ret <= 1)
+ goto err;
++ } else if ((mdnid == NID_md5
++ && ossl_safe_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
++ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
++ ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
++ goto err;
+ } else {
+ const EVP_MD *type = NULL;
+
+--
+2.26.2
+
diff --git a/SOURCES/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/SOURCES/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
new file mode 100644
index 0000000..9917fcf
--- /dev/null
+++ b/SOURCES/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
@@ -0,0 +1,323 @@
+From 736d709ec194b3a763e004696df22792c62a11fc Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 24 Sep 2020 10:16:46 +0200
+Subject: Add support for PROFILE=SYSTEM system default cipherlist
+
+(was openssl-1.1.1-system-cipherlist.patch)
+---
+ Configurations/unix-Makefile.tmpl | 5 ++
+ Configure | 10 +++-
+ doc/man1/openssl-ciphers.pod.in | 9 ++++
+ include/openssl/ssl.h.in | 5 ++
+ ssl/ssl_ciph.c | 88 +++++++++++++++++++++++++++----
+ ssl/ssl_lib.c | 4 +-
+ test/cipherlist_test.c | 2 +
+ util/libcrypto.num | 1 +
+ 8 files changed, 110 insertions(+), 14 deletions(-)
+
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index 9f369edf0e..c52389f831 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -269,6 +269,10 @@ MANDIR=$(INSTALLTOP)/share/man
+ DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
+ HTMLDIR=$(DOCDIR)/html
+
++{- output_off() if $config{system_ciphers_file} eq ""; "" -}
++SYSTEM_CIPHERS_FILE_DEFINE=-DSYSTEM_CIPHERS_FILE="\"{- $config{system_ciphers_file} -}\""
++{- output_on() if $config{system_ciphers_file} eq ""; "" -}
++
+ # MANSUFFIX is for the benefit of anyone who may want to have a suffix
+ # appended after the manpage file section number. "ssl" is popular,
+ # resulting in files such as config.5ssl rather than config.5.
+@@ -292,6 +296,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
+ CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
+ CPPFLAGS={- our $cppflags1 = join(" ",
+ (map { "-D".$_} @{$config{CPPDEFINES}}),
++ "\$(SYSTEM_CIPHERS_FILE_DEFINE)",
+ (map { "-I".$_} @{$config{CPPINCLUDES}}),
+ @{$config{CPPFLAGS}}) -}
+ CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
+diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
+index b4ed3e51d5..2122e6bdfd 100644
+--- a/doc/man1/openssl-ciphers.pod.in
++++ b/doc/man1/openssl-ciphers.pod.in
+@@ -187,6 +187,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default.
+
+ The cipher suites not enabled by B<ALL>, currently B<eNULL>.
+
++=item B<PROFILE=SYSTEM>
++
++The list of enabled cipher suites will be loaded from the system crypto policy
++configuration file B</etc/crypto-policies/back-ends/openssl.config>.
++See also L<update-crypto-policies(8)>.
++This is the default behavior unless an application explicitly sets a cipher
++list. If used in a cipher list configuration value this string must be at the
++beginning of the cipher list, otherwise it will not be recognized.
++
+ =item B<HIGH>
+
+ "High" encryption cipher suites. This currently means those with key lengths
+diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
+index f9a61609e4..c6f95fed3f 100644
+--- a/include/openssl/ssl.h.in
++++ b/include/openssl/ssl.h.in
+@@ -209,6 +209,11 @@ extern "C" {
+ * throwing out anonymous and unencrypted ciphersuites! (The latter are not
+ * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
+ */
++# ifdef SYSTEM_CIPHERS_FILE
++# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
++# else
++# define SSL_SYSTEM_DEFAULT_CIPHER_LIST OSSL_default_cipher_list()
++# endif
+
+ /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
+ # define SSL_SENT_SHUTDOWN 1
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index b1d3f7919e..f7cc7fed48 100644
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -1411,6 +1411,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
+ return ret;
+ }
+
++#ifdef SYSTEM_CIPHERS_FILE
++static char *load_system_str(const char *suffix)
++{
++ FILE *fp;
++ char buf[1024];
++ char *new_rules;
++ const char *ciphers_path;
++ unsigned len, slen;
++
++ if ((ciphers_path = ossl_safe_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
++ ciphers_path = SYSTEM_CIPHERS_FILE;
++ fp = fopen(ciphers_path, "r");
++ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) {
++ /* cannot open or file is empty */
++ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST);
++ }
++
++ if (fp)
++ fclose(fp);
++
++ slen = strlen(suffix);
++ len = strlen(buf);
++
++ if (buf[len - 1] == '\n') {
++ len--;
++ buf[len] = 0;
++ }
++ if (buf[len - 1] == '\r') {
++ len--;
++ buf[len] = 0;
++ }
++
++ new_rules = OPENSSL_malloc(len + slen + 1);
++ if (new_rules == 0)
++ return NULL;
++
++ memcpy(new_rules, buf, len);
++ if (slen > 0) {
++ memcpy(&new_rules[len], suffix, slen);
++ len += slen;
++ }
++ new_rules[len] = 0;
++
++ return new_rules;
++}
++#endif
++
+ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
+ STACK_OF(SSL_CIPHER) **cipher_list,
+@@ -1425,15 +1472,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
+ const SSL_CIPHER **ca_list = NULL;
+ const SSL_METHOD *ssl_method = ctx->method;
++#ifdef SYSTEM_CIPHERS_FILE
++ char *new_rules = NULL;
++
++ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) {
++ char *p = rule_str + 14;
++
++ new_rules = load_system_str(p);
++ rule_str = new_rules;
++ }
++#endif
+
+ /*
+ * Return with error if nothing to do.
+ */
+ if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
+- return NULL;
++ goto err;
+
+ if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
+- return NULL;
++ goto err;
+
+ /*
+ * To reduce the work to do we only want to process the compiled
+@@ -1456,7 +1513,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
+ if (co_list == NULL) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
+- return NULL; /* Failure */
++ goto err;
+ }
+
+ ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
+@@ -1522,8 +1579,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ * in force within each class
+ */
+ if (!ssl_cipher_strength_sort(&head, &tail)) {
+- OPENSSL_free(co_list);
+- return NULL;
++ goto err;
+ }
+
+ /*
+@@ -1568,9 +1624,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
+ ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
+ if (ca_list == NULL) {
+- OPENSSL_free(co_list);
+ ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
+- return NULL; /* Failure */
++ goto err;
+ }
+ ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
+ disabled_mkey, disabled_auth, disabled_enc,
+@@ -1596,8 +1651,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ OPENSSL_free(ca_list); /* Not needed anymore */
+
+ if (!ok) { /* Rule processing failure */
+- OPENSSL_free(co_list);
+- return NULL;
++ goto err;
+ }
+
+ /*
+@@ -1605,10 +1659,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ * if we cannot get one.
+ */
+ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
+- OPENSSL_free(co_list);
+- return NULL;
++ goto err;
+ }
+
++#ifdef SYSTEM_CIPHERS_FILE
++ OPENSSL_free(new_rules); /* Not needed anymore */
++#endif
++
+ /* Add TLSv1.3 ciphers first - we always prefer those if possible */
+ for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
+ const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
+@@ -1656,6 +1714,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ *cipher_list = cipherstack;
+
+ return cipherstack;
++
++err:
++ OPENSSL_free(co_list);
++#ifdef SYSTEM_CIPHERS_FILE
++ OPENSSL_free(new_rules);
++#endif
++ return NULL;
++
+ }
+
+ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
+diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
+index d14d5819ba..48d491219a 100644
+--- a/ssl/ssl_lib.c
++++ b/ssl/ssl_lib.c
+@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
+ ctx->tls13_ciphersuites,
+ &(ctx->cipher_list),
+ &(ctx->cipher_list_by_id),
+- OSSL_default_cipher_list(), ctx->cert);
++ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert);
+ if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
+ ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+ return 0;
+@@ -3193,7 +3193,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
+ if (!ssl_create_cipher_list(ret,
+ ret->tls13_ciphersuites,
+ &ret->cipher_list, &ret->cipher_list_by_id,
+- OSSL_default_cipher_list(), ret->cert)
++ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert)
+ || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
+ ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
+ goto err2;
+diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
+index 380f0727fc..6922a87c30 100644
+--- a/test/cipherlist_test.c
++++ b/test/cipherlist_test.c
+@@ -244,7 +244,9 @@ end:
+
+ int setup_tests(void)
+ {
++#ifndef SYSTEM_CIPHERS_FILE
+ ADD_TEST(test_default_cipherlist_implicit);
++#endif
+ ADD_TEST(test_default_cipherlist_explicit);
+ ADD_TEST(test_default_cipherlist_clear);
+ return 1;
+diff --git a/util/libcrypto.num b/util/libcrypto.num
+index 404a706fab..e81fa9ec3e 100644
+--- a/util/libcrypto.num
++++ b/util/libcrypto.num
+@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION:
+ ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
+ EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
+ EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
++ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
+--
+2.26.2
+
+diff -up openssl-3.0.0-beta1/Configure.sys-default openssl-3.0.0-beta1/Configure
+--- openssl-3.0.0-beta1/Configure.sys-default 2021-06-29 11:47:58.978144386 +0200
++++ openssl-3.0.0-beta1/Configure 2021-06-29 11:52:01.631126260 +0200
+@@ -27,7 +27,7 @@ use OpenSSL::config;
+ my $orig_death_handler = $SIG{__DIE__};
+ $SIG{__DIE__} = \&death_handler;
+
+-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
++my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+
+ my $banner = <<"EOF";
+
+@@ -61,6 +61,10 @@ EOF
+ # given with --prefix.
+ # This becomes the value of OPENSSLDIR in Makefile and in C.
+ # (Default: PREFIX/ssl)
++#
++# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
++# cipher is specified (default).
++#
+ # --banner=".." Output specified text instead of default completion banner
+ #
+ # -w Don't wait after showing a Configure warning
+@@ -385,6 +389,7 @@ $config{prefix}="";
+ $config{openssldir}="";
+ $config{processor}="";
+ $config{libdir}="";
++$config{system_ciphers_file}="";
+ my $auto_threads=1; # enable threads automatically? true by default
+ my $default_ranlib;
+
+@@ -987,6 +992,10 @@ while (@argvcopy)
+ die "FIPS key too long (64 bytes max)\n"
+ if length $1 > 64;
+ }
++ elsif (/^--system-ciphers-file=(.*)$/)
++ {
++ $config{system_ciphers_file}=$1;
++ }
+ elsif (/^--banner=(.*)$/)
+ {
+ $banner = $1 . "\n";
diff --git a/SOURCES/0008-Add-FIPS_mode-compatibility-macro.patch b/SOURCES/0008-Add-FIPS_mode-compatibility-macro.patch
new file mode 100644
index 0000000..0fac4eb
--- /dev/null
+++ b/SOURCES/0008-Add-FIPS_mode-compatibility-macro.patch
@@ -0,0 +1,87 @@
+From 5b2ec9a54037d7b007324bf53e067e73511cdfe4 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 26 Nov 2020 14:00:16 +0100
+Subject: Add FIPS_mode() compatibility macro
+
+The macro calls EVP_default_properties_is_fips_enabled() on the
+default context.
+---
+ include/openssl/crypto.h.in | 1 +
+ include/openssl/fips.h | 25 +++++++++++++++++++++++++
+ test/property_test.c | 13 +++++++++++++
+ 3 files changed, 39 insertions(+)
+ create mode 100644 include/openssl/fips.h
+
+diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in
+index 1036da9a2b..9d4896fcaf 100644
+--- a/include/openssl/crypto.h.in
++++ b/include/openssl/crypto.h.in
+@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack_macros);
+ # include <openssl/opensslconf.h>
+ # include <openssl/cryptoerr.h>
+ # include <openssl/core.h>
++# include <openssl/fips.h>
+
+ # ifdef CHARSET_EBCDIC
+ # include <openssl/ebcdic.h>
+diff --git a/include/openssl/fips.h b/include/openssl/fips.h
+new file mode 100644
+index 0000000000..c64f0f8e8f
+--- /dev/null
++++ b/include/openssl/fips.h
+@@ -0,0 +1,25 @@
++/*
++ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the Apache License 2.0 (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
++#ifndef OPENSSL_FIPS_H
++# define OPENSSL_FIPS_H
++# pragma once
++
++# include <openssl/macros.h>
++
++# ifdef __cplusplus
++extern "C" {
++# endif
++
++# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
++
++# ifdef __cplusplus
++}
++# endif
++#endif
+diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c
+--- openssl-3.0.0-beta1/test/property_test.c.fips-macro 2021-06-29 12:14:58.851557698 +0200
++++ openssl-3.0.0-beta1/test/property_test.c 2021-06-29 12:17:14.630143832 +0200
+@@ -488,6 +488,18 @@ static int test_property_list_to_string(
+ return ret;
+ }
+
++static int test_downstream_FIPS_mode(void)
++{
++ int ret = 0;
++
++ ret = TEST_true(EVP_set_default_properties(NULL, "fips=yes"))
++ && TEST_true(FIPS_mode())
++ && TEST_true(EVP_set_default_properties(NULL, "fips=no"))
++ && TEST_false(FIPS_mode());
++
++ return ret;
++}
++
+ int setup_tests(void)
+ {
+ ADD_TEST(test_property_string);
+@@ -500,6 +512,7 @@ int setup_tests(void)
+ ADD_TEST(test_property);
+ ADD_TEST(test_query_cache_stochastic);
+ ADD_TEST(test_fips_mode);
++ ADD_TEST(test_downstream_FIPS_mode);
+ ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
+ return 1;
+ }
diff --git a/SOURCES/0009-Add-Kernel-FIPS-mode-flag-support.patch b/SOURCES/0009-Add-Kernel-FIPS-mode-flag-support.patch
new file mode 100644
index 0000000..01bd840
--- /dev/null
+++ b/SOURCES/0009-Add-Kernel-FIPS-mode-flag-support.patch
@@ -0,0 +1,71 @@
+diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c
+--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100
++++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100
+@@ -12,11 +12,46 @@
+ #include "internal/bio.h"
+ #include "internal/provider.h"
+
++# include <sys/types.h>
++# include <sys/stat.h>
++# include <fcntl.h>
++# include <unistd.h>
++# include <openssl/evp.h>
++
+ struct ossl_lib_ctx_onfree_list_st {
+ ossl_lib_ctx_onfree_fn *fn;
+ struct ossl_lib_ctx_onfree_list_st *next;
+ };
+
++# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
++
++static int kernel_fips_flag;
++
++static void read_kernel_fips_flag(void)
++{
++ char buf[2] = "0";
++ int fd;
++
++ if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
++ buf[0] = '1';
++ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
++ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
++ close(fd);
++ }
++
++ if (buf[0] == '1') {
++ kernel_fips_flag = 1;
++ }
++
++ return;
++}
++
++int ossl_get_kernel_fips_flag()
++{
++ return kernel_fips_flag;
++}
++
++
+ struct ossl_lib_ctx_st {
+ CRYPTO_RWLOCK *lock;
+ CRYPTO_EX_DATA data;
+@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte
+
+ DEFINE_RUN_ONCE_STATIC(default_context_do_init)
+ {
++ read_kernel_fips_flag();
+ return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL)
+ && context_init(&default_context_int);
+ }
+diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/include/internal/provider.h
+--- openssl-3.0.1/include/internal/provider.h.embed-fips 2022-01-11 13:13:08.323238760 +0100
++++ openssl-3.0.1/include/internal/provider.h 2022-01-11 13:13:43.522558909 +0100
+@@ -110,6 +110,9 @@ int ossl_provider_init_as_child(OSSL_LIB
+ const OSSL_DISPATCH *in);
+ void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx);
+
++/* FIPS flag access */
++int ossl_get_kernel_fips_flag(void);
++
+ # ifdef __cplusplus
+ }
+ # endif
diff --git a/SOURCES/0011-Remove-EC-curves.patch b/SOURCES/0011-Remove-EC-curves.patch
new file mode 100644
index 0000000..51c9d23
--- /dev/null
+++ b/SOURCES/0011-Remove-EC-curves.patch
@@ -0,0 +1,5013 @@
+diff -up openssl-3.0.0-alpha13/apps/speed.c.ec-curves openssl-3.0.0-alpha13/apps/speed.c
+--- openssl-3.0.0-alpha13/apps/speed.c.ec-curves 2021-04-10 12:12:00.620129302 +0200
++++ openssl-3.0.0-alpha13/apps/speed.c 2021-04-10 12:18:11.872369417 +0200
+@@ -364,68 +364,23 @@ static double ffdh_results[FFDH_NUM][1];
+ #endif /* OPENSSL_NO_DH */
+
+ enum ec_curves_t {
+- R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
+-#ifndef OPENSSL_NO_EC2M
+- R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
+- R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
+-#endif
+- R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1,
+- R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM
++ R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
++ ECDSA_NUM
+ };
+ /* list of ecdsa curves */
+ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
+- {"ecdsap160", R_EC_P160},
+- {"ecdsap192", R_EC_P192},
+ {"ecdsap224", R_EC_P224},
+ {"ecdsap256", R_EC_P256},
+ {"ecdsap384", R_EC_P384},
+ {"ecdsap521", R_EC_P521},
+-#ifndef OPENSSL_NO_EC2M
+- {"ecdsak163", R_EC_K163},
+- {"ecdsak233", R_EC_K233},
+- {"ecdsak283", R_EC_K283},
+- {"ecdsak409", R_EC_K409},
+- {"ecdsak571", R_EC_K571},
+- {"ecdsab163", R_EC_B163},
+- {"ecdsab233", R_EC_B233},
+- {"ecdsab283", R_EC_B283},
+- {"ecdsab409", R_EC_B409},
+- {"ecdsab571", R_EC_B571},
+-#endif
+- {"ecdsabrp256r1", R_EC_BRP256R1},
+- {"ecdsabrp256t1", R_EC_BRP256T1},
+- {"ecdsabrp384r1", R_EC_BRP384R1},
+- {"ecdsabrp384t1", R_EC_BRP384T1},
+- {"ecdsabrp512r1", R_EC_BRP512R1},
+- {"ecdsabrp512t1", R_EC_BRP512T1}
+ };
+ enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM };
+ /* list of ecdh curves, extension of |ecdsa_choices| list above */
+ static const OPT_PAIR ecdh_choices[EC_NUM] = {
+- {"ecdhp160", R_EC_P160},
+- {"ecdhp192", R_EC_P192},
+ {"ecdhp224", R_EC_P224},
+ {"ecdhp256", R_EC_P256},
+ {"ecdhp384", R_EC_P384},
+ {"ecdhp521", R_EC_P521},
+-#ifndef OPENSSL_NO_EC2M
+- {"ecdhk163", R_EC_K163},
+- {"ecdhk233", R_EC_K233},
+- {"ecdhk283", R_EC_K283},
+- {"ecdhk409", R_EC_K409},
+- {"ecdhk571", R_EC_K571},
+- {"ecdhb163", R_EC_B163},
+- {"ecdhb233", R_EC_B233},
+- {"ecdhb283", R_EC_B283},
+- {"ecdhb409", R_EC_B409},
+- {"ecdhb571", R_EC_B571},
+-#endif
+- {"ecdhbrp256r1", R_EC_BRP256R1},
+- {"ecdhbrp256t1", R_EC_BRP256T1},
+- {"ecdhbrp384r1", R_EC_BRP384R1},
+- {"ecdhbrp384t1", R_EC_BRP384T1},
+- {"ecdhbrp512r1", R_EC_BRP512R1},
+- {"ecdhbrp512t1", R_EC_BRP512T1},
+ {"ecdhx25519", R_EC_X25519},
+ {"ecdhx448", R_EC_X448}
+ };
+@@ -1449,31 +1404,10 @@ int speed_main(int argc, char **argv)
+ */
+ static const EC_CURVE ec_curves[EC_NUM] = {
+ /* Prime Curves */
+- {"secp160r1", NID_secp160r1, 160},
+- {"nistp192", NID_X9_62_prime192v1, 192},
+ {"nistp224", NID_secp224r1, 224},
+ {"nistp256", NID_X9_62_prime256v1, 256},
+ {"nistp384", NID_secp384r1, 384},
+ {"nistp521", NID_secp521r1, 521},
+-#ifndef OPENSSL_NO_EC2M
+- /* Binary Curves */
+- {"nistk163", NID_sect163k1, 163},
+- {"nistk233", NID_sect233k1, 233},
+- {"nistk283", NID_sect283k1, 283},
+- {"nistk409", NID_sect409k1, 409},
+- {"nistk571", NID_sect571k1, 571},
+- {"nistb163", NID_sect163r2, 163},
+- {"nistb233", NID_sect233r1, 233},
+- {"nistb283", NID_sect283r1, 283},
+- {"nistb409", NID_sect409r1, 409},
+- {"nistb571", NID_sect571r1, 571},
+-#endif
+- {"brainpoolP256r1", NID_brainpoolP256r1, 256},
+- {"brainpoolP256t1", NID_brainpoolP256t1, 256},
+- {"brainpoolP384r1", NID_brainpoolP384r1, 384},
+- {"brainpoolP384t1", NID_brainpoolP384t1, 384},
+- {"brainpoolP512r1", NID_brainpoolP512r1, 512},
+- {"brainpoolP512t1", NID_brainpoolP512t1, 512},
+ /* Other and ECDH only ones */
+ {"X25519", NID_X25519, 253},
+ {"X448", NID_X448, 448}
+diff -up openssl-3.0.0-alpha13/test/ecdsatest.h.ec-curves openssl-3.0.0-alpha13/test/ecdsatest.h
+--- openssl-3.0.0-alpha13/test/ecdsatest.h.ec-curves 2021-04-10 12:07:43.158013028 +0200
++++ openssl-3.0.0-alpha13/test/ecdsatest.h 2021-04-10 12:11:21.601828737 +0200
+@@ -32,23 +32,6 @@ typedef struct {
+ } ecdsa_cavs_kat_t;
+
+ static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
+- /* prime KATs from X9.62 */
+- {NID_X9_62_prime192v1, NID_sha1,
+- "616263", /* "abc" */
+- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
+- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
+- "5ca5c0d69716dfcb3474373902",
+- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
+- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
+- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
+- {NID_X9_62_prime239v1, NID_sha1,
+- "616263", /* "abc" */
+- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
+- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
+- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
+- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
+- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
+- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
+ /* prime KATs from NIST CAVP */
+ {NID_secp224r1, NID_sha224,
+ "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
+diff -up openssl-3.0.0-alpha13/test/recipes/15-test_genec.t.ec-curves openssl-3.0.0-alpha13/test/recipes/15-test_genec.t
+--- openssl-3.0.0-alpha13/test/recipes/15-test_genec.t.ec-curves 2021-04-10 11:59:37.453332668 +0200
++++ openssl-3.0.0-alpha13/test/recipes/15-test_genec.t 2021-04-10 12:03:43.363538976 +0200
+@@ -41,45 +41,11 @@ plan skip_all => "This test is unsupport
+ if disabled("ec");
+
+ my @prime_curves = qw(
+- secp112r1
+- secp112r2
+- secp128r1
+- secp128r2
+- secp160k1
+- secp160r1
+- secp160r2
+- secp192k1
+- secp224k1
+ secp224r1
+ secp256k1
+ secp384r1
+ secp521r1
+- prime192v1
+- prime192v2
+- prime192v3
+- prime239v1
+- prime239v2
+- prime239v3
+ prime256v1
+- wap-wsg-idm-ecid-wtls6
+- wap-wsg-idm-ecid-wtls7
+- wap-wsg-idm-ecid-wtls8
+- wap-wsg-idm-ecid-wtls9
+- wap-wsg-idm-ecid-wtls12
+- brainpoolP160r1
+- brainpoolP160t1
+- brainpoolP192r1
+- brainpoolP192t1
+- brainpoolP224r1
+- brainpoolP224t1
+- brainpoolP256r1
+- brainpoolP256t1
+- brainpoolP320r1
+- brainpoolP320t1
+- brainpoolP384r1
+- brainpoolP384t1
+- brainpoolP512r1
+- brainpoolP512t1
+ );
+
+ my @binary_curves = qw(
+@@ -136,7 +102,6 @@ push(@other_curves, 'SM2')
+ if !disabled("sm2");
+
+ my @curve_aliases = qw(
+- P-192
+ P-224
+ P-256
+ P-384
+diff -up openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t.ec-curves openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t
+--- openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t.ec-curves 2021-04-10 12:40:59.871858764 +0200
++++ openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t 2021-04-10 12:41:41.140455070 +0200
+@@ -33,7 +33,7 @@ my %certs_info =
+ 'ee-cert-ec-named-explicit' => 'ca-cert-ec-explicit',
+ 'ee-cert-ec-named-named' => 'ca-cert-ec-named',
+ # 'server-ed448-cert' => 'root-ed448-cert'
+- 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert',
++ # 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert',
+ )
+ )
+ );
+diff -up openssl-3.0.0-alpha13/test/recipes/15-test_ec.t.ec-curves openssl-3.0.0-alpha13/test/recipes/15-test_ec.t
+diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t
+diff -up openssl-3.0.0-alpha13/test/recipes/30-test_acvp.t.ec-curves openssl-3.0.0-alpha13/test/recipes/30-test_acvp.t
+diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf
+--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves 2021-04-10 13:21:52.123040226 +0200
++++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf 2021-04-10 13:28:20.856023985 +0200
+@@ -776,14 +776,12 @@ server = 22-ECDSA with brainpool-server
+ client = 22-ECDSA with brainpool-client
+
+ [22-ECDSA with brainpool-server]
+-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ CipherString = DEFAULT
+-Groups = brainpoolP256r1
+-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+
+ [22-ECDSA with brainpool-client]
+ CipherString = aECDSA
+-Groups = brainpoolP256r1
+ MaxProtocol = TLSv1.2
+ RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+@@ -791,9 +789,6 @@ VerifyMode = Peer
+
+ [test-22]
+ ExpectedResult = Success
+-ExpectedServerCANames = empty
+-ExpectedServerCertType = brainpoolP256r1
+-ExpectedServerSignType = EC
+
+
+ # ===========================================================
+@@ -1741,9 +1736,9 @@ server = 53-TLS 1.3 ECDSA with brainpool
+ client = 53-TLS 1.3 ECDSA with brainpool-client
+
+ [53-TLS 1.3 ECDSA with brainpool-server]
+-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ CipherString = DEFAULT
+-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+
+ [53-TLS 1.3 ECDSA with brainpool-client]
+ CipherString = DEFAULT
+@@ -1754,7 +1749,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
+ VerifyMode = Peer
+
+ [test-53]
+-ExpectedResult = ServerFail
++ExpectedResult = Success
+
+
+ # ===========================================================
+diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in
+--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves 2021-04-10 13:22:06.275221662 +0200
++++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in 2021-04-10 13:35:18.774623319 +0200
+@@ -428,21 +428,21 @@ my @tests_non_fips = (
+ {
+ name => "ECDSA with brainpool",
+ server => {
+- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
+- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
+- "Groups" => "brainpoolP256r1",
++ "Certificate" => test_pem("server-ecdsa-cert.pem"),
++ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
++ #"Groups" => "brainpoolP256r1",
+ },
+ client => {
+ "MaxProtocol" => "TLSv1.2",
+ "CipherString" => "aECDSA",
+ "RequestCAFile" => test_pem("root-cert.pem"),
+- "Groups" => "brainpoolP256r1",
++ #"Groups" => "brainpoolP256r1",
+ },
+ test => {
+- "ExpectedServerCertType" =>, "brainpoolP256r1",
+- "ExpectedServerSignType" =>, "EC",
++ #"ExpectedServerCertType" =>, "brainpoolP256r1",
++ #"ExpectedServerSignType" =>, "EC",
+ # Note: certificate_authorities not sent for TLS < 1.3
+- "ExpectedServerCANames" =>, "empty",
++ #"ExpectedServerCANames" =>, "empty",
+ "ExpectedResult" => "Success"
+ },
+ },
+@@ -915,8 +915,8 @@ my @tests_tls_1_3_non_fips = (
+ {
+ name => "TLS 1.3 ECDSA with brainpool",
+ server => {
+- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
+- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
++ "Certificate" => test_pem("server-ecdsa-cert.pem"),
++ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
+ },
+ client => {
+ "RequestCAFile" => test_pem("root-cert.pem"),
+@@ -924,7 +924,7 @@ my @tests_tls_1_3_non_fips = (
+ "MaxProtocol" => "TLSv1.3"
+ },
+ test => {
+- "ExpectedResult" => "ServerFail"
++ "ExpectedResult" => "Success"
+ },
+ },
+ );
+diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t
+--- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves 2021-04-10 14:00:22.482782216 +0200
++++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t 2021-04-10 14:08:50.769727651 +0200
+@@ -158,60 +158,6 @@ sub tsignverify {
+ $testtext);
+ }
+
+-SKIP : {
+- skip "FIPS EC tests because of no ec in this build", 1
+- if disabled("ec");
+-
+- subtest EC => sub {
+- my $testtext_prefix = 'EC';
+- my $a_fips_curve = 'prime256v1';
+- my $fips_key = $testtext_prefix.'.fips.priv.pem';
+- my $fips_pub_key = $testtext_prefix.'.fips.pub.pem';
+- my $a_nonfips_curve = 'brainpoolP256r1';
+- my $nonfips_key = $testtext_prefix.'.nonfips.priv.pem';
+- my $nonfips_pub_key = $testtext_prefix.'.nonfips.pub.pem';
+- my $testtext = '';
+- my $curvename = '';
+-
+- plan tests => 5 + $tsignverify_count;
+-
+- $ENV{OPENSSL_CONF} = $defaultconf;
+- $curvename = $a_nonfips_curve;
+- $testtext = $testtext_prefix.': '.
+- 'Generate a key with a non-FIPS algorithm with the default provider';
+- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC',
+- '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
+- '-out', $nonfips_key])),
+- $testtext);
+-
+- pubfrompriv($testtext_prefix, $nonfips_key, $nonfips_pub_key, "non-FIPS");
+-
+- $ENV{OPENSSL_CONF} = $fipsconf;
+-
+- $curvename = $a_fips_curve;
+- $testtext = $testtext_prefix.': '.
+- 'Generate a key with a FIPS algorithm';
+- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC',
+- '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
+- '-out', $fips_key])),
+- $testtext);
+-
+- pubfrompriv($testtext_prefix, $fips_key, $fips_pub_key, "FIPS");
+-
+- $curvename = $a_nonfips_curve;
+- $testtext = $testtext_prefix.': '.
+- 'Generate a key with a non-FIPS algorithm'.
+- ' (should fail)';
+- ok(!run(app(['openssl', 'genpkey', '-algorithm', 'EC',
+- '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
+- '-out', $testtext_prefix.'.'.$curvename.'.priv.pem'])),
+- $testtext);
+-
+- tsignverify($testtext_prefix, $fips_key, $fips_pub_key, $nonfips_key,
+- $nonfips_pub_key);
+- };
+-}
+-
+ SKIP: {
+ skip "FIPS RSA tests because of no rsa in this build", 1
+ if disabled("rsa");
+diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t
+--- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves 2021-04-10 14:23:09.805468483 +0200
++++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t 2021-04-10 14:23:33.002784265 +0200
+@@ -26,7 +26,7 @@ use platform;
+ my $no_check = disabled("fips") || disabled('fips-securitychecks');
+ plan skip_all => "Test only supported in a fips build with security checks"
+ if $no_check;
+-plan tests => 11;
++plan tests => 10;
+
+ my $fipsmodule = bldtop_file('providers', platform->dso('fips'));
+ my $fipsconf = srctop_file("test", "fips-and-base.cnf");
+diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf
+--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves 2021-04-10 17:52:46.478721611 +0200
++++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf 2021-04-10 17:54:11.371688446 +0200
+@@ -1710,20 +1710,18 @@ server = 52-TLS 1.3 ECDSA with brainpool
+ client = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-client
+
+ [52-TLS 1.3 ECDSA with brainpool but no suitable groups-server]
+-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ CipherString = DEFAULT
+-Groups = brainpoolP256r1
+-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+
+ [52-TLS 1.3 ECDSA with brainpool but no suitable groups-client]
+ CipherString = aECDSA
+-Groups = brainpoolP256r1
+ RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+
+ [test-52]
+-ExpectedResult = ClientFail
++ExpectedResult = Success
+
+
+ # ===========================================================
+diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in
+--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves 2021-04-10 17:53:03.317913390 +0200
++++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in 2021-04-10 17:55:22.507498606 +0200
+@@ -896,20 +896,20 @@ my @tests_tls_1_3_non_fips = (
+ {
+ name => "TLS 1.3 ECDSA with brainpool but no suitable groups",
+ server => {
+- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
+- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
+- "Groups" => "brainpoolP256r1",
++ "Certificate" => test_pem("server-ecdsa-cert.pem"),
++ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
++ #"Groups" => "brainpoolP256r1",
+ },
+ client => {
+ "CipherString" => "aECDSA",
+ "RequestCAFile" => test_pem("root-cert.pem"),
+- "Groups" => "brainpoolP256r1",
++ #"Groups" => "brainpoolP256r1",
+ },
+ test => {
+ #We only configured brainpoolP256r1 on the client side, but TLSv1.3
+ #is enabled and this group is not allowed in TLSv1.3. Therefore this
+ #should fail
+- "ExpectedResult" => "ClientFail"
++ "ExpectedResult" => "Success"
+ },
+ },
+ {
+diff -up openssl-3.0.0-alpha13/crypto/evp/ec_support.c.ec-curves openssl-3.0.0-alpha13/crypto/evp/ec_support.c
+--- openssl-3.0.0-alpha13/crypto/evp/ec_support.c.ec-curves 2021-04-11 11:13:14.236891844 +0200
++++ openssl-3.0.0-alpha13/crypto/evp/ec_support.c 2021-04-11 11:12:05.128098714 +0200
+@@ -20,99 +20,13 @@ typedef struct ec_name2nid_st {
+ static const EC_NAME2NID curve_list[] = {
+ /* prime field curves */
+ /* secg curves */
+- {"secp112r1", NID_secp112r1 },
+- {"secp112r2", NID_secp112r2 },
+- {"secp128r1", NID_secp128r1 },
+- {"secp128r2", NID_secp128r2 },
+- {"secp160k1", NID_secp160k1 },
+- {"secp160r1", NID_secp160r1 },
+- {"secp160r2", NID_secp160r2 },
+- {"secp192k1", NID_secp192k1 },
+ {"secp224k1", NID_secp224k1 },
+ {"secp224r1", NID_secp224r1 },
+ {"secp256k1", NID_secp256k1 },
+ {"secp384r1", NID_secp384r1 },
+ {"secp521r1", NID_secp521r1 },
+ /* X9.62 curves */
+- {"prime192v1", NID_X9_62_prime192v1 },
+- {"prime192v2", NID_X9_62_prime192v2 },
+- {"prime192v3", NID_X9_62_prime192v3 },
+- {"prime239v1", NID_X9_62_prime239v1 },
+- {"prime239v2", NID_X9_62_prime239v2 },
+- {"prime239v3", NID_X9_62_prime239v3 },
+ {"prime256v1", NID_X9_62_prime256v1 },
+- /* characteristic two field curves */
+- /* NIST/SECG curves */
+- {"sect113r1", NID_sect113r1 },
+- {"sect113r2", NID_sect113r2 },
+- {"sect131r1", NID_sect131r1 },
+- {"sect131r2", NID_sect131r2 },
+- {"sect163k1", NID_sect163k1 },
+- {"sect163r1", NID_sect163r1 },
+- {"sect163r2", NID_sect163r2 },
+- {"sect193r1", NID_sect193r1 },
+- {"sect193r2", NID_sect193r2 },
+- {"sect233k1", NID_sect233k1 },
+- {"sect233r1", NID_sect233r1 },
+- {"sect239k1", NID_sect239k1 },
+- {"sect283k1", NID_sect283k1 },
+- {"sect283r1", NID_sect283r1 },
+- {"sect409k1", NID_sect409k1 },
+- {"sect409r1", NID_sect409r1 },
+- {"sect571k1", NID_sect571k1 },
+- {"sect571r1", NID_sect571r1 },
+- /* X9.62 curves */
+- {"c2pnb163v1", NID_X9_62_c2pnb163v1 },
+- {"c2pnb163v2", NID_X9_62_c2pnb163v2 },
+- {"c2pnb163v3", NID_X9_62_c2pnb163v3 },
+- {"c2pnb176v1", NID_X9_62_c2pnb176v1 },
+- {"c2tnb191v1", NID_X9_62_c2tnb191v1 },
+- {"c2tnb191v2", NID_X9_62_c2tnb191v2 },
+- {"c2tnb191v3", NID_X9_62_c2tnb191v3 },
+- {"c2pnb208w1", NID_X9_62_c2pnb208w1 },
+- {"c2tnb239v1", NID_X9_62_c2tnb239v1 },
+- {"c2tnb239v2", NID_X9_62_c2tnb239v2 },
+- {"c2tnb239v3", NID_X9_62_c2tnb239v3 },
+- {"c2pnb272w1", NID_X9_62_c2pnb272w1 },
+- {"c2pnb304w1", NID_X9_62_c2pnb304w1 },
+- {"c2tnb359v1", NID_X9_62_c2tnb359v1 },
+- {"c2pnb368w1", NID_X9_62_c2pnb368w1 },
+- {"c2tnb431r1", NID_X9_62_c2tnb431r1 },
+- /*
+- * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
+- * from X9.62]
+- */
+- {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 },
+- {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 },
+- {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 },
+- {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 },
+- {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 },
+- {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 },
+- {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 },
+- {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 },
+- {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 },
+- {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 },
+- {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 },
+- /* IPSec curves */
+- {"Oakley-EC2N-3", NID_ipsec3 },
+- {"Oakley-EC2N-4", NID_ipsec4 },
+- /* brainpool curves */
+- {"brainpoolP160r1", NID_brainpoolP160r1 },
+- {"brainpoolP160t1", NID_brainpoolP160t1 },
+- {"brainpoolP192r1", NID_brainpoolP192r1 },
+- {"brainpoolP192t1", NID_brainpoolP192t1 },
+- {"brainpoolP224r1", NID_brainpoolP224r1 },
+- {"brainpoolP224t1", NID_brainpoolP224t1 },
+- {"brainpoolP256r1", NID_brainpoolP256r1 },
+- {"brainpoolP256t1", NID_brainpoolP256t1 },
+- {"brainpoolP320r1", NID_brainpoolP320r1 },
+- {"brainpoolP320t1", NID_brainpoolP320t1 },
+- {"brainpoolP384r1", NID_brainpoolP384r1 },
+- {"brainpoolP384t1", NID_brainpoolP384t1 },
+- {"brainpoolP512r1", NID_brainpoolP512r1 },
+- {"brainpoolP512t1", NID_brainpoolP512t1 },
+- /* SM2 curve */
+- {"SM2", NID_sm2 },
+ };
+
+ const char *OSSL_EC_curve_nid2name(int nid)
+diff -up openssl-3.0.0-alpha13/test/acvp_test.inc.ec-curves openssl-3.0.0-alpha13/test/acvp_test.inc
+--- openssl-3.0.0-alpha13/test/acvp_test.inc.ec-curves 2021-04-11 13:46:57.286828933 +0200
++++ openssl-3.0.0-alpha13/test/acvp_test.inc 2021-04-11 13:48:01.356704526 +0200
+@@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_
+ };
+ static const struct ecdsa_sigver_st ecdsa_sigver_data[] = {
+ {
+- "SHA-1",
+- "P-192",
+- ITM(ecdsa_sigver_msg0),
+- ITM(ecdsa_sigver_pub0),
+- ITM(ecdsa_sigver_r0),
+- ITM(ecdsa_sigver_s0),
+- PASS,
+- },
+- {
+ "SHA2-512",
+ "P-521",
+ ITM(ecdsa_sigver_msg1),
+diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t.ec-curves openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t
+--- openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t.ec-curves 2021-04-11 21:45:04.949948725 +0200
++++ openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t 2021-04-11 21:44:09.585283604 +0200
+@@ -7,7 +7,6 @@
+ # this file except in compliance with the License. You can obtain a copy
+ # in the file LICENSE in the source distribution or at
+ # https://www.openssl.org/source/license.html
+-
+ use strict;
+ use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/;
+ use OpenSSL::Test::Utils;
+@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo
+ plan skip_all => "This test is not supported in a shared library build on Windows"
+ if $^O eq 'MSWin32' && !disabled("shared");
+
+-plan tests => 2 + ($no_fips ? 0 : 1); #fips test
++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test
+
+ my @basic_cmd = ("cmp_protect_test",
+ data_file("server.pem"),
+diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t
+--- openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves 2021-04-11 21:45:25.414194574 +0200
++++ openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t 2021-04-11 21:44:40.786658440 +0200
+@@ -7,7 +7,6 @@
+ # this file except in compliance with the License. You can obtain a copy
+ # in the file LICENSE in the source distribution or at
+ # https://www.openssl.org/source/license.html
+-
+ use strict;
+ use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/;
+ use OpenSSL::Test::Utils;
+@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo
+ plan skip_all => "This test is not supported in a no-ec build"
+ if disabled("ec");
+
+-plan tests => 2 + ($no_fips ? 0 : 1); #fips test
++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test
+
+ my @basic_cmd = ("cmp_vfy_test",
+ data_file("server.crt"), data_file("client.crt"),
+diff -up openssl-3.0.0-alpha15/crypto/evp/ec_support.c.ec-curves openssl-3.0.0-alpha15/crypto/evp/ec_support.c
+--- openssl-3.0.0-alpha15/crypto/evp/ec_support.c.ec-curves 2021-04-23 18:15:12.571691284 +0200
++++ openssl-3.0.0-alpha15/crypto/evp/ec_support.c 2021-04-23 18:16:00.803087403 +0200
+@@ -28,7 +28,6 @@ static const EC_NAME2NID curve_list[] =
+ static const EC_NAME2NID curve_list[] = {
+ /* prime field curves */
+ /* secg curves */
+- {"secp224k1", NID_secp224k1 },
+ {"secp224r1", NID_secp224r1 },
+ {"secp256k1", NID_secp256k1 },
+ {"secp384r1", NID_secp384r1 },
+diff -up openssl-3.0.0-alpha15/apps/speed.c.ec-curves openssl-3.0.0-alpha15/apps/speed.c
+--- openssl-3.0.0-alpha15/apps/speed.c.ec-curves 2021-04-26 14:25:44.049991942 +0200
++++ openssl-3.0.0-alpha15/apps/speed.c 2021-04-26 14:36:10.643570273 +0200
+@@ -1439,8 +1439,8 @@ int speed_main(int argc, char **argv)
+ OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448);
+ OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0);
+
+- OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1);
+- OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0);
++ OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_secp521r1);
++ OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsap521") == 0);
+
+ #ifndef OPENSSL_NO_SM2
+ OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2);
+diff -up openssl-3.0.0-alpha16/test/evp_extra_test.c.ec-curves openssl-3.0.0-alpha16/test/evp_extra_test.c
+--- openssl-3.0.0-alpha16/test/evp_extra_test.c.ec-curves 2021-05-10 14:44:28.932751551 +0200
++++ openssl-3.0.0-alpha16/test/evp_extra_test.c 2021-05-10 14:45:21.537238883 +0200
+@@ -2701,13 +2701,12 @@ err:
+
+ #ifndef OPENSSL_NO_EC
+ static int ecpub_nids[] = {
+- NID_brainpoolP256r1, NID_X9_62_prime256v1,
++ NID_X9_62_prime256v1,
+ NID_secp384r1, NID_secp521r1,
+ # ifndef OPENSSL_NO_EC2M
+ NID_sect233k1, NID_sect233r1, NID_sect283r1,
+ NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
+ # endif
+- NID_brainpoolP384r1, NID_brainpoolP512r1
+ };
+
+ static int test_ecpub(int idx)
+diff -up openssl-3.0.0-alpha16/test/recipes/30-test_evp_data/evppkey_mismatch.txt.ec-curves openssl-3.0.0-alpha16/test/recipes/30-test_evp_data/evppkey_mismatch.txt
+--- openssl-3.0.0-alpha16/test/recipes/30-test_evp_data/evppkey_mismatch.txt.ec-curves 2021-05-17 10:45:03.968368782 +0200
++++ openssl-3.0.0-alpha16/test/recipes/30-test_evp_data/evppkey_mismatch.txt 2021-05-17 10:45:54.211747865 +0200
+@@ -31,12 +31,6 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUP
+ x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ==
+ -----END PUBLIC KEY-----
+
+-PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC
+------BEGIN PUBLIC KEY-----
+-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe
+-53YiHHK4SzR844PzgGe4nD6a
+------END PUBLIC KEY-----
+-
+ PrivateKey = RSA-2048
+ -----BEGIN PRIVATE KEY-----
+ MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNAIHqeyrh6gbV
+@@ -77,9 +71,3 @@ Result = KEYPAIR_TYPE_MISMATCH
+
+ PrivPubKeyPair = RSA-2048:P-256-PUBLIC
+ Result = KEYPAIR_TYPE_MISMATCH
+-
+-PrivPubKeyPair = RSA-2048:KAS-ECC-CDH_K-163_C0-PUBLIC
+-Result = KEYPAIR_TYPE_MISMATCH
+-
+-PrivPubKeyPair = Alice-25519:KAS-ECC-CDH_K-163_C0-PUBLIC
+-Result = KEYPAIR_TYPE_MISMATCH
+diff -up openssl-3.0.0-alpha16/test/recipes/30-test_evp.t.ec-curves openssl-3.0.0-alpha16/test/recipes/30-test_evp.t
+--- openssl-3.0.0-alpha16/test/recipes/30-test_evp.t.ec-curves 2021-05-17 10:49:28.050844977 +0200
++++ openssl-3.0.0-alpha16/test/recipes/30-test_evp.t 2021-05-17 10:53:53.480444576 +0200
+@@ -111,7 +111,6 @@ my @defltfiles = qw(
+ evppkey_kdf_tls1_prf.txt
+ evppkey_rsa.txt
+ );
+-push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
+ push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
+
+ plan tests =>
+diff -up openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remove-ec openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt
+--- openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remove-ec 2021-06-29 16:24:56.863303499 +0200
++++ openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt 2021-06-29 16:38:04.189996425 +0200
+@@ -11,1949 +11,6 @@
+ # PrivPubKeyPair Sign Verify VerifyRecover
+ # and continue until a blank line. Lines starting with a pound sign are ignored.
+
+-Title=c2pnb163v1 curve tests
+-
+-PrivateKey=ALICE_cf_c2pnb163v1
+------BEGIN PRIVATE KEY-----
+-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEEHDAaAgEBBBUD1JfG8cLNP9418YW+hVhriqH6O5Y=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_c2pnb163v1_PUB
+------BEGIN PUBLIC KEY-----
+-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBXgoOgVlWTLQnrQZXgQuSBcIS3bQAlXQ+yJhS03B
+-4G8rKQXbrc0mvWsF
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_c2pnb163v1:ALICE_cf_c2pnb163v1_PUB
+-
+-PrivateKey=BOB_cf_c2pnb163v1
+------BEGIN PRIVATE KEY-----
+-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEEHDAaAgEBBBUAc3EaoMmMORTzQhMkhPIXY+/jUSI=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_c2pnb163v1_PUB
+------BEGIN PUBLIC KEY-----
+-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBn9J0jo39aFVZqhBsAKZ6bViAu6zBC8WaFGExnpZ
+-KuBh8tP8VSTHPCHF
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_c2pnb163v1:BOB_cf_c2pnb163v1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb163v1
+-PeerKey=BOB_cf_c2pnb163v1_PUB
+-SharedSecret=065dd38fb6de7f394778e1bf65d840a2c0e7219acd
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb163v1
+-PeerKey=ALICE_cf_c2pnb163v1_PUB
+-SharedSecret=065dd38fb6de7f394778e1bf65d840a2c0e7219acd
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb163v1
+-PeerKey=BOB_cf_c2pnb163v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=066fc46e8cc4327634dd127748020f2de6aab67585
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb163v1
+-PeerKey=ALICE_cf_c2pnb163v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=066fc46e8cc4327634dd127748020f2de6aab67585
+-
+-PublicKey=MALICE_cf_c2pnb163v1_PUB
+------BEGIN PUBLIC KEY-----
+-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8JxepS05nN
+-/piKdhDD3dDKXUih
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb163v1
+-PeerKey=MALICE_cf_c2pnb163v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb163v1
+-PeerKey=MALICE_cf_c2pnb163v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=c2pnb163v2 curve tests
+-
+-PrivateKey=ALICE_cf_c2pnb163v2
+------BEGIN PRIVATE KEY-----
+-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIEHDAaAgEBBBUA4KFv7c1dygtVbdp/g2z2TqLAHkI=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_c2pnb163v2_PUB
+------BEGIN PUBLIC KEY-----
+-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVnlL7lMBaASwCIJaf9x2LgNPVmEAb43huHQlo3Q
+-4PzawHXQoYm/qgDd
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_c2pnb163v2:ALICE_cf_c2pnb163v2_PUB
+-
+-PrivateKey=BOB_cf_c2pnb163v2
+------BEGIN PRIVATE KEY-----
+-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIEHDAaAgEBBBUCEdYqClRWIl2m+X34e+DB2iZSxmQ=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_c2pnb163v2_PUB
+------BEGIN PUBLIC KEY-----
+-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVWNIKn7/WMfzuNnd5ws9J0DI2CfBkEJizZHAFqy
+-kBF3juAQuARgxuT6
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_c2pnb163v2:BOB_cf_c2pnb163v2_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb163v2
+-PeerKey=BOB_cf_c2pnb163v2_PUB
+-SharedSecret=0078ebb986d4f9b0aa0bc4af99e82c2bd24130f3f4
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb163v2
+-PeerKey=ALICE_cf_c2pnb163v2_PUB
+-SharedSecret=0078ebb986d4f9b0aa0bc4af99e82c2bd24130f3f4
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb163v2
+-PeerKey=BOB_cf_c2pnb163v2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=069a80bcd45987fd1c874cd9dc5453207a09b61d41
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb163v2
+-PeerKey=ALICE_cf_c2pnb163v2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=069a80bcd45987fd1c874cd9dc5453207a09b61d41
+-
+-PublicKey=MALICE_cf_c2pnb163v2_PUB
+------BEGIN PUBLIC KEY-----
+-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAABuVBl1V5uysY
+-n6HANPEoMoK+7Sv0
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb163v2
+-PeerKey=MALICE_cf_c2pnb163v2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb163v2
+-PeerKey=MALICE_cf_c2pnb163v2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=c2pnb163v3 curve tests
+-
+-PrivateKey=ALICE_cf_c2pnb163v3
+------BEGIN PRIVATE KEY-----
+-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMEHDAaAgEBBBUBItB0y/QeJ+cCh9yoHf0zqLVyMZc=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_c2pnb163v3_PUB
+------BEGIN PUBLIC KEY-----
+-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEBx1HRyjuBMjt+vlbWaQbKOpNvWKFAslzEbPv6MpK
+-YnObLnq34LRuWznb
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_c2pnb163v3:ALICE_cf_c2pnb163v3_PUB
+-
+-PrivateKey=BOB_cf_c2pnb163v3
+------BEGIN PRIVATE KEY-----
+-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMEHDAaAgEBBBUAXVHUHeP8Ioz7IqXOWbjaUXEHE5M=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_c2pnb163v3_PUB
+------BEGIN PUBLIC KEY-----
+-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEAqXF7rsAZ40Z1PT4TeeC45RKTxP4AJBAdfuknJ/J
+-DZnBLhxBwtqnfUpA
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_c2pnb163v3:BOB_cf_c2pnb163v3_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb163v3
+-PeerKey=BOB_cf_c2pnb163v3_PUB
+-SharedSecret=07fd2ffe9b18973c51caeadbc2154b97a9a0390be9
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb163v3
+-PeerKey=ALICE_cf_c2pnb163v3_PUB
+-SharedSecret=07fd2ffe9b18973c51caeadbc2154b97a9a0390be9
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb163v3
+-PeerKey=BOB_cf_c2pnb163v3_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=06f7daf1c963594e1a13f9f17b62aaab2934872c16
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb163v3
+-PeerKey=ALICE_cf_c2pnb163v3_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=06f7daf1c963594e1a13f9f17b62aaab2934872c16
+-
+-PublicKey=MALICE_cf_c2pnb163v3_PUB
+------BEGIN PUBLIC KEY-----
+-MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7jRlUg9oaLK
+-LwAuHF8g5Y0JjJnI
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb163v3
+-PeerKey=MALICE_cf_c2pnb163v3_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb163v3
+-PeerKey=MALICE_cf_c2pnb163v3_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=c2pnb176v1 curve tests
+-
+-PrivateKey=ALICE_cf_c2pnb176v1
+------BEGIN PRIVATE KEY-----
+-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAQEHDAaAgEBBBUAaZ1jV1jM9meV5iiNGPU/WMSfWOM=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_c2pnb176v1_PUB
+------BEGIN PUBLIC KEY-----
+-MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAEPjME7IV6Tuz2P++wIT60hRxTkk0M0PNgvqYcUoCI
+-iw3girDLhNzOu3IQ8Ac=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_c2pnb176v1:ALICE_cf_c2pnb176v1_PUB
+-
+-PrivateKey=BOB_cf_c2pnb176v1
+------BEGIN PRIVATE KEY-----
+-MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAQEHDAaAgEBBBUAreyYbcF+ONIf64KmeSzV82OI/50=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_c2pnb176v1_PUB
+------BEGIN PUBLIC KEY-----
+-MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAEpJn1IDmFj5LceLGfY2wlhI1VHq5vJ+qNIAOXVZhX
+-uMtp6pzy63rCEK53bgs=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_c2pnb176v1:BOB_cf_c2pnb176v1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb176v1
+-PeerKey=BOB_cf_c2pnb176v1_PUB
+-SharedSecret=3a8021848ee0b2c1c377404267a515225781c181e6ab
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb176v1
+-PeerKey=ALICE_cf_c2pnb176v1_PUB
+-SharedSecret=3a8021848ee0b2c1c377404267a515225781c181e6ab
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb176v1
+-PeerKey=BOB_cf_c2pnb176v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=b06cdc633b56e813d63326c69d2cfa335352279540ac
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb176v1
+-PeerKey=ALICE_cf_c2pnb176v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=b06cdc633b56e813d63326c69d2cfa335352279540ac
+-
+-PublicKey=MALICE_cf_c2pnb176v1_PUB
+------BEGIN PUBLIC KEY-----
+-MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAE4ePri2opCoAUJIUQnaQlvDaxZd9bsdKnjWSvh+FL
+-zXV3l5j8K3pow+GJBE4=
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb176v1
+-PeerKey=MALICE_cf_c2pnb176v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb176v1
+-PeerKey=MALICE_cf_c2pnb176v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=c2pnb208w1 curve tests
+-
+-PrivateKey=ALICE_cf_c2pnb208w1
+------BEGIN PRIVATE KEY-----
+-MDoCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAoEIDAeAgEBBBkAiENroXMYNbK/7DQQwCpbXk00gnVd
+-XF2k
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_c2pnb208w1_PUB
+------BEGIN PUBLIC KEY-----
+-ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAEL+IHOL2IfeLRiE6Wqsc0Frqjq7t/JnBmhN1lMB9Y
+-Yj3+Btcne4CPWf8KvfGjAdMs6JKP4A==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_c2pnb208w1:ALICE_cf_c2pnb208w1_PUB
+-
+-PrivateKey=BOB_cf_c2pnb208w1
+------BEGIN PRIVATE KEY-----
+-MDoCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAoEIDAeAgEBBBkAY1GZLynO/IDWwOOjEWUE7k+I/MkP
+-cJot
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_c2pnb208w1_PUB
+------BEGIN PUBLIC KEY-----
+-ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAENBvdzCDOIvu9zo7reJq1ummhR+0jaDc+EoSlW984
+-cl9FTi/JJznwC+RNgwVfJ1WKJun1YA==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_c2pnb208w1:BOB_cf_c2pnb208w1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb208w1
+-PeerKey=BOB_cf_c2pnb208w1_PUB
+-SharedSecret=ba32bf80c0f7ab53cb083f267a902a1ad6396eb283237fad91cd
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb208w1
+-PeerKey=ALICE_cf_c2pnb208w1_PUB
+-SharedSecret=ba32bf80c0f7ab53cb083f267a902a1ad6396eb283237fad91cd
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb208w1
+-PeerKey=BOB_cf_c2pnb208w1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=f09f5fc8bf20677558bc65939bf1b7fbbbe2579702729304258b
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb208w1
+-PeerKey=ALICE_cf_c2pnb208w1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=f09f5fc8bf20677558bc65939bf1b7fbbbe2579702729304258b
+-
+-PublicKey=MALICE_cf_c2pnb208w1_PUB
+------BEGIN PUBLIC KEY-----
+-ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAEfuWB9pBZQin+VnmqgYVpbUpKxSQsnXxNqiDtVwqJ
+-oPkHxRWnu5e7qI2idMcqaKDeeniUaA==
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb208w1
+-PeerKey=MALICE_cf_c2pnb208w1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb208w1
+-PeerKey=MALICE_cf_c2pnb208w1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=c2pnb272w1 curve tests
+-
+-PrivateKey=ALICE_cf_c2pnb272w1
+------BEGIN PRIVATE KEY-----
+-MEICAQAwEwYHKoZIzj0CAQYIKoZIzj0DABAEKDAmAgEBBCEA0SoHwKAgKb7WQ+s0w1iNBemDZ3+f
+-StHU67fpP7YoF8U=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_c2pnb272w1_PUB
+------BEGIN PUBLIC KEY-----
+-MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAE0IH60bGi46FDzEprGZ8EBK5uMMcVke/txeBRNGHQ
+-DzG68r3EMLZkOfE1+g04MN7HgY7zt3jMYb8ImyLRmvqR2abjs6c=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_c2pnb272w1:ALICE_cf_c2pnb272w1_PUB
+-
+-PrivateKey=BOB_cf_c2pnb272w1
+------BEGIN PRIVATE KEY-----
+-MEICAQAwEwYHKoZIzj0CAQYIKoZIzj0DABAEKDAmAgEBBCEAFqB5GbPJ4d+X7ye7m05l/OirDqfn
+-MOsOJ6xObBph3zQ=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_c2pnb272w1_PUB
+------BEGIN PUBLIC KEY-----
+-MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAEIeIkcMHAuOgvHt2Wp52vVe0DYPNnUX79t/mLSx03
+-cUlDmcxL7vIXdx9hB4OmQBYbm+YLDNfTFGAIlDfr2tELpVVPWPo=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_c2pnb272w1:BOB_cf_c2pnb272w1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb272w1
+-PeerKey=BOB_cf_c2pnb272w1_PUB
+-SharedSecret=cfebd65006520a40f081d8940edf0ebb8e54491ba1499d9f3c63deecee84ddc07142
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb272w1
+-PeerKey=ALICE_cf_c2pnb272w1_PUB
+-SharedSecret=cfebd65006520a40f081d8940edf0ebb8e54491ba1499d9f3c63deecee84ddc07142
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb272w1
+-PeerKey=BOB_cf_c2pnb272w1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=756fc20b27352ac74e5135359c63d375d2732c6d02f25cd526155bac0882a9211dd4
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb272w1
+-PeerKey=ALICE_cf_c2pnb272w1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=756fc20b27352ac74e5135359c63d375d2732c6d02f25cd526155bac0882a9211dd4
+-
+-PublicKey=MALICE_cf_c2pnb272w1_PUB
+------BEGIN PUBLIC KEY-----
+-MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAEvID3AM7qzpKDnOLFY00+E7EKZz/vS/pXgsUA3bWN
+-oJF8ElXFXv59s/SykQBCTHPqzmUbVmrXmtD44Kt1wUBRJfuwxy4=
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb272w1
+-PeerKey=MALICE_cf_c2pnb272w1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb272w1
+-PeerKey=MALICE_cf_c2pnb272w1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=c2pnb304w1 curve tests
+-
+-PrivateKey=ALICE_cf_c2pnb304w1
+------BEGIN PRIVATE KEY-----
+-MEYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABEELDAqAgEBBCUAqJxh50ZIUXOJ1HE3cVkech9OTTPJ
+-8jy/v5cFcO0X6dykHgnZ
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_c2pnb304w1_PUB
+------BEGIN PUBLIC KEY-----
+-MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEvoaqRX6qiNQiFH1BhgLCPTpYszoRhmlLirkvlw/Q
+-iXBlfQ7U4g+iRR/kmu2RlwwOHgNNL+mWcvLkFfS8Kr4jzv1EY1Ecx96n21l0YQ==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_c2pnb304w1:ALICE_cf_c2pnb304w1_PUB
+-
+-PrivateKey=BOB_cf_c2pnb304w1
+------BEGIN PRIVATE KEY-----
+-MEYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABEELDAqAgEBBCUAOScHepX+IwqC8TjyAJI1bkR3cYYt
+-X9BbqYM9GQfVNSLHntTg
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_c2pnb304w1_PUB
+------BEGIN PUBLIC KEY-----
+-MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEYuAq/6Yw5HxMeMohlWmwl+ZK4ZQucfr1tWDKwhDb
+-kAOUO2P/Q/H+uelM3VVwxeu6A1kaX7K0UZpNa96NRBwI4aevc+vOxCgYkGt9BA==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_c2pnb304w1:BOB_cf_c2pnb304w1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb304w1
+-PeerKey=BOB_cf_c2pnb304w1_PUB
+-SharedSecret=bfddf9f923210e8231a702e3a1c987cf27661de1bc243c1890e437d67d9f49c6ccfadc035d9d
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb304w1
+-PeerKey=ALICE_cf_c2pnb304w1_PUB
+-SharedSecret=bfddf9f923210e8231a702e3a1c987cf27661de1bc243c1890e437d67d9f49c6ccfadc035d9d
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb304w1
+-PeerKey=BOB_cf_c2pnb304w1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=0c7afb3143f93ef2166c05437a1757a62c916ff1751c6d456dd7f2356dcbc75df48015eb5ce8
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb304w1
+-PeerKey=ALICE_cf_c2pnb304w1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=0c7afb3143f93ef2166c05437a1757a62c916ff1751c6d456dd7f2356dcbc75df48015eb5ce8
+-
+-PublicKey=MALICE_cf_c2pnb304w1_PUB
+------BEGIN PUBLIC KEY-----
+-MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEBZ5FuthQt0mxTJ8NQWN2J37kYT8ySD893IXEmXYP
+-fMTr+CSNkf/sfF/13GEdVGnHmBgCH61sPWG69RgzdjRPprZFZxXjubIWYkp0DQ==
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb304w1
+-PeerKey=MALICE_cf_c2pnb304w1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb304w1
+-PeerKey=MALICE_cf_c2pnb304w1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=c2pnb368w1 curve tests
+-
+-PrivateKey=ALICE_cf_c2pnb368w1
+------BEGIN PRIVATE KEY-----
+-ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABMENDAyAgEBBC0AXeSTXsHb2PEH12tZL8w2q6evA2mi
+-KfLLIa1c29BTmM//oWdKpqeuvwMIBto=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_c2pnb368w1_PUB
+------BEGIN PUBLIC KEY-----
+-MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEmEBXcvMgnHwJW7wAKM4cqboco6zF01J9ntUwoACI
+-euvf3cpPXBvxUawJXfO9FwFRQabDRagGP99Walidd2JW8nWDWZgZMKj15Wh+4bp2dZHc2tPIIHHd
+-3makbwQ=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_c2pnb368w1:ALICE_cf_c2pnb368w1_PUB
+-
+-PrivateKey=BOB_cf_c2pnb368w1
+------BEGIN PRIVATE KEY-----
+-ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABMENDAyAgEBBC0Aq1R9M/mCMbJMj6VBUpBkS4HXywEz
+-Qun6d6uXgyU4LZRszA7Dz9+eKbXEMsk=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_c2pnb368w1_PUB
+------BEGIN PUBLIC KEY-----
+-MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEJOSnsaXA9wb5p8CGLPvYI47Yf3IdZSbWQ3Sn6G2v
+-At+zYlpzGax1oJ1CW8fGA0Gu0RnvAfDeW9vgrtzshH1Vy/Ni6a7LPho99PtUP2nzUBnv+hfhFSra
+-gqfRaOs=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_c2pnb368w1:BOB_cf_c2pnb368w1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb368w1
+-PeerKey=BOB_cf_c2pnb368w1_PUB
+-SharedSecret=008d20ede3961be3b01051d6fdae63db43865664804d432293a2edb13dcc8be0fe5b0c655297a84b9067a29c2a6f
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb368w1
+-PeerKey=ALICE_cf_c2pnb368w1_PUB
+-SharedSecret=008d20ede3961be3b01051d6fdae63db43865664804d432293a2edb13dcc8be0fe5b0c655297a84b9067a29c2a6f
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb368w1
+-PeerKey=BOB_cf_c2pnb368w1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=df32ddeeffa029aeadabad000a79c3154a0ddd0aeacf4e3de426f5c10096eff8912038c64d4c899131dcd4df2561
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb368w1
+-PeerKey=ALICE_cf_c2pnb368w1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=df32ddeeffa029aeadabad000a79c3154a0ddd0aeacf4e3de426f5c10096eff8912038c64d4c899131dcd4df2561
+-
+-PublicKey=MALICE_cf_c2pnb368w1_PUB
+------BEGIN PUBLIC KEY-----
+-MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEWDn/U9rymClM/a0Q1mawHjQjvpxSehRWstSE+2Sd
+-ubcZowJ+rw5LsEZteQyeVrCpKYUiIBmIVuFb2LDjtNLIJD1lr8C+vdco24ciLS9RzF/Dc9X+tcIj
+-726e1BE=
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_c2pnb368w1
+-PeerKey=MALICE_cf_c2pnb368w1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_c2pnb368w1
+-PeerKey=MALICE_cf_c2pnb368w1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=c2tnb191v1 curve tests
+-
+-PrivateKey=ALICE_cf_c2tnb191v1
+------BEGIN PRIVATE KEY-----
+-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAUEHzAdAgEBBBgXyG7A4BvSmjKEl3aU+FQUt02p9U7x
+-Jk4=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_c2tnb191v1_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEG9iuZmnhz2H/YQKmVUaO//fm7hvV+CP5c2iszpR3
+-7lRimqLWHPyvKgcP+PRCIUom
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_c2tnb191v1:ALICE_cf_c2tnb191v1_PUB
+-
+-PrivateKey=BOB_cf_c2tnb191v1
+------BEGIN PRIVATE KEY-----
+-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAUEHzAdAgEBBBg4+2hv9x9HxFy0c2c1XESDdgOamHu0
+-MTU=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_c2tnb191v1_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEdO/4ii8gi8eQfBrv3XmsOETwIfT8OIpBW/kUoHD+
+-adqalcB6SIWOfoJReDLcpxAD
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_c2tnb191v1:BOB_cf_c2tnb191v1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb191v1
+-PeerKey=BOB_cf_c2tnb191v1_PUB
+-SharedSecret=2ee8a85151c397600984285307c14f0ea0e4c2071d753a99
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb191v1
+-PeerKey=ALICE_cf_c2tnb191v1_PUB
+-SharedSecret=2ee8a85151c397600984285307c14f0ea0e4c2071d753a99
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb191v1
+-PeerKey=BOB_cf_c2tnb191v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=334051dfd62237e69e280ce2fab979bd77260f8dfe4df989
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb191v1
+-PeerKey=ALICE_cf_c2tnb191v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=334051dfd62237e69e280ce2fab979bd77260f8dfe4df989
+-
+-PublicKey=MALICE_cf_c2tnb191v1_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPEwZ1wj
+-iNoFyzyANZl8IDB0fF1RmZD6
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb191v1
+-PeerKey=MALICE_cf_c2tnb191v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb191v1
+-PeerKey=MALICE_cf_c2tnb191v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=c2tnb191v2 curve tests
+-
+-PrivateKey=ALICE_cf_c2tnb191v2
+------BEGIN PRIVATE KEY-----
+-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAYEHzAdAgEBBBgQZHIQIPrAsbJqq4ZX3JdMrZAkaIGP
+-jbo=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_c2tnb191v2_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEAyQdwZYRIiv7O4/WRLDKJ249TM8dr2Y+Oz8rSxCI
+-UVvJT/Jv9m462J6Iz1XOohhP
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_c2tnb191v2:ALICE_cf_c2tnb191v2_PUB
+-
+-PrivateKey=BOB_cf_c2tnb191v2
+------BEGIN PRIVATE KEY-----
+-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAYEHzAdAgEBBBgThhW6d5QDaqM8yhm16q6Pu/VFBpf7
+-wcs=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_c2tnb191v2_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEBVkB4O6fFvGzMHv4BF51muFA0npOGKoOdKbIIMQY
+-JBIoz1RNNXTcgdpguLcrvcPJ
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_c2tnb191v2:BOB_cf_c2tnb191v2_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb191v2
+-PeerKey=BOB_cf_c2tnb191v2_PUB
+-SharedSecret=711f90cb2aaea65e939065cbd1896affe1d490ba14571400
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb191v2
+-PeerKey=ALICE_cf_c2tnb191v2_PUB
+-SharedSecret=711f90cb2aaea65e939065cbd1896affe1d490ba14571400
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb191v2
+-PeerKey=BOB_cf_c2tnb191v2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=1740db5b771fa2889d3ec7c1ba8eeffa7741f0ee62433dce
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb191v2
+-PeerKey=ALICE_cf_c2tnb191v2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=1740db5b771fa2889d3ec7c1ba8eeffa7741f0ee62433dce
+-
+-PublicKey=MALICE_cf_c2tnb191v2_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEA3yPV6Ilx7PU7dWIDzgKzFV07LNsn1EhMyLQaa5U
+-2vqunpWef+/CaO2pFBcwwW+x
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb191v2
+-PeerKey=MALICE_cf_c2tnb191v2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb191v2
+-PeerKey=MALICE_cf_c2tnb191v2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=c2tnb191v3 curve tests
+-
+-PrivateKey=ALICE_cf_c2tnb191v3
+------BEGIN PRIVATE KEY-----
+-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAcEHzAdAgEBBBgTPjf06B01Jq59qU1iczNuA29WfW+b
+-erU=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_c2tnb191v3_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEL4NGEUX2CXY18MyoH1inKq5kde9RGr25ODm/0BEX
+-HWsGvDE2HC+6pL2BMl3MRCty
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_c2tnb191v3:ALICE_cf_c2tnb191v3_PUB
+-
+-PrivateKey=BOB_cf_c2tnb191v3
+------BEGIN PRIVATE KEY-----
+-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAcEHzAdAgEBBBgUC2bC465JTXYLUaaET/r5n7X85gRH
+-iSQ=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_c2tnb191v3_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEPKekNkT9mQ8KRCTR2RwCFkhNvsjL+/mLHYzbMrYe
+-QFIb5QwXAdbg2tEOl7yj9qkk
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_c2tnb191v3:BOB_cf_c2tnb191v3_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb191v3
+-PeerKey=BOB_cf_c2tnb191v3_PUB
+-SharedSecret=196200f7ea06c43c35516b995cf4a4dd4151dbd0ed998561
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb191v3
+-PeerKey=ALICE_cf_c2tnb191v3_PUB
+-SharedSecret=196200f7ea06c43c35516b995cf4a4dd4151dbd0ed998561
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb191v3
+-PeerKey=BOB_cf_c2tnb191v3_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=311939377670a8a1ed1ee17f9dd182167da00c5a19e2e109
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb191v3
+-PeerKey=ALICE_cf_c2tnb191v3_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=311939377670a8a1ed1ee17f9dd182167da00c5a19e2e109
+-
+-PublicKey=MALICE_cf_c2tnb191v3_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAESvPjWlLnANK2j38hHZ0uqueaniovkhwwdJZjrmUk
+-n5vQBTxUzkIkMjL33v6Lr3z7
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb191v3
+-PeerKey=MALICE_cf_c2tnb191v3_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb191v3
+-PeerKey=MALICE_cf_c2tnb191v3_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=c2tnb239v1 curve tests
+-
+-PrivateKey=ALICE_cf_c2tnb239v1
+------BEGIN PRIVATE KEY-----
+-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAsEJTAjAgEBBB4fMJDhCEiuEf/RF6oGjHVcNwN+wCYG
+-rJMnJLIXiCI=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_c2tnb239v1_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEUgG/uMWy4k0R/kbVJEapF6r5ik4Q9WPsDXAd0856
+-dVL8PvBXgixk2tKfyY1xUVebcEVlgdZP1pN1Xyvi
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_c2tnb239v1:ALICE_cf_c2tnb239v1_PUB
+-
+-PrivateKey=BOB_cf_c2tnb239v1
+------BEGIN PRIVATE KEY-----
+-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAsEJTAjAgEBBB4JLDwVJQw3+00FiZBDWFErd7PXnchH
+-sfpZeV3i5FM=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_c2tnb239v1_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEcwKt31cWaoFUd7QxYSdwgMDOqEhjPbD3Z9AfR3tc
+-G77/MY5z1oQegqImBog645vtPWI8lZd1zcl6QYRS
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_c2tnb239v1:BOB_cf_c2tnb239v1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb239v1
+-PeerKey=BOB_cf_c2tnb239v1_PUB
+-SharedSecret=413ea943cdf40c45795c77aeea7099b81cc42566067924d1fdbae42ddf99
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb239v1
+-PeerKey=ALICE_cf_c2tnb239v1_PUB
+-SharedSecret=413ea943cdf40c45795c77aeea7099b81cc42566067924d1fdbae42ddf99
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb239v1
+-PeerKey=BOB_cf_c2tnb239v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=1f1e5a6084492e895c35d76a5d2b4a3fafbd96c4b2230ea71cc1c711fa38
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb239v1
+-PeerKey=ALICE_cf_c2tnb239v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=1f1e5a6084492e895c35d76a5d2b4a3fafbd96c4b2230ea71cc1c711fa38
+-
+-PublicKey=MALICE_cf_c2tnb239v1_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEJFn89FF7xaa5m+XGxWKFwCH+Mu4rbxwi6lvhuEuT
+-Itl/OAosALFh8xpt+N5gmKtUdhpjyok2udC4B/mY
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb239v1
+-PeerKey=MALICE_cf_c2tnb239v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb239v1
+-PeerKey=MALICE_cf_c2tnb239v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=c2tnb239v2 curve tests
+-
+-PrivateKey=ALICE_cf_c2tnb239v2
+------BEGIN PRIVATE KEY-----
+-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAwEJTAjAgEBBB4KU4YKdzFOkl6M1biHkxtVGD2uNXr6
+-GbEcp4PbJKU=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_c2tnb239v2_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAEKzpycflUrsyqVV/+fzvC2+AuX3r0b0Syn8acvn78
+-VnKA9mZKwPLWhnMJcLyzarIzc/6/UcfYGNmTyUlG
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_c2tnb239v2:ALICE_cf_c2tnb239v2_PUB
+-
+-PrivateKey=BOB_cf_c2tnb239v2
+------BEGIN PRIVATE KEY-----
+-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAwEJTAjAgEBBB4HZQLKGKBpIKiyTq6XYZWQNph1oGP+
+-JLwCwn7lYx0=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_c2tnb239v2_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAETPSkhMs3JW3BG66FSfCov76JKdcRiBhMCW453Wku
+-N7yBxBmWjeclHhnXIzfc4qM4qf9n3KzMSXejPVYg
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_c2tnb239v2:BOB_cf_c2tnb239v2_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb239v2
+-PeerKey=BOB_cf_c2tnb239v2_PUB
+-SharedSecret=2e738f14795b2e19ee791c1bf30c5e462ca6c6ed0ec5c6c6402d0730cf4c
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb239v2
+-PeerKey=ALICE_cf_c2tnb239v2_PUB
+-SharedSecret=2e738f14795b2e19ee791c1bf30c5e462ca6c6ed0ec5c6c6402d0730cf4c
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb239v2
+-PeerKey=BOB_cf_c2tnb239v2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=7662d8b94d3f0d20eb8e112ca8b7d5699d81f35902df5b77561977df3946
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb239v2
+-PeerKey=ALICE_cf_c2tnb239v2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=7662d8b94d3f0d20eb8e112ca8b7d5699d81f35902df5b77561977df3946
+-
+-PublicKey=MALICE_cf_c2tnb239v2_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAES8fLc5mtVI0HqgKRJ7mN8MU1B0FBkiim6jCHYJf3
+-JYUX3Gn3Ai11cHie+nVb3z51jSkpDQENHESTv5K2
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb239v2
+-PeerKey=MALICE_cf_c2tnb239v2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb239v2
+-PeerKey=MALICE_cf_c2tnb239v2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=c2tnb239v3 curve tests
+-
+-PrivateKey=ALICE_cf_c2tnb239v3
+------BEGIN PRIVATE KEY-----
+-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAA0EJTAjAgEBBB4BZZXtcMw5GrpgHJLx4D8z7M6ocWdv
+-rDl2fV9ObC8=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_c2tnb239v3_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEOu2HIAUX+r6IbRlrPUJUBDL814dR++maVAAkUIjD
+-H33ewqcI9ZLtpvuR8P8hgRNUTXlh1GWgrB6F21Eo
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_c2tnb239v3:ALICE_cf_c2tnb239v3_PUB
+-
+-PrivateKey=BOB_cf_c2tnb239v3
+------BEGIN PRIVATE KEY-----
+-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAA0EJTAjAgEBBB4BDxw3SA54y6uYOW1n4yZaUK22J9ef
+-XG3HcQX+4i0=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_c2tnb239v3_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEVaEi76wyzlpzkkSElf4SmGZ7kf1ghHMP82HkGk7K
+-BC10zUyppoSOAr0eX4pHAkDUF1m/KGoJa7QcJJww
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_c2tnb239v3:BOB_cf_c2tnb239v3_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb239v3
+-PeerKey=BOB_cf_c2tnb239v3_PUB
+-SharedSecret=6a756022ec2ea89b0fa757824909707102acf3b7da39dc625c6252eb4c48
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb239v3
+-PeerKey=ALICE_cf_c2tnb239v3_PUB
+-SharedSecret=6a756022ec2ea89b0fa757824909707102acf3b7da39dc625c6252eb4c48
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb239v3
+-PeerKey=BOB_cf_c2tnb239v3_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=3240e19dd8c290e5e1749df60ad0166dd9dbfad645e518b4948e14f774ce
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb239v3
+-PeerKey=ALICE_cf_c2tnb239v3_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=3240e19dd8c290e5e1749df60ad0166dd9dbfad645e518b4948e14f774ce
+-
+-PublicKey=MALICE_cf_c2tnb239v3_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAELe/znC87/2ucKX7mXUUyiUvg67slWRdH+WHDct9d
+-LcXDyB342ZN1nm0NCAmBMcLjohX0Zza0ji3YNjT1
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb239v3
+-PeerKey=MALICE_cf_c2tnb239v3_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb239v3
+-PeerKey=MALICE_cf_c2tnb239v3_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=c2tnb359v1 curve tests
+-
+-PrivateKey=ALICE_cf_c2tnb359v1
+------BEGIN PRIVATE KEY-----
+-ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABIENDAyAgEBBC0Afea/a1NrRf6rRRr/UDsI559ADTFP
+-Bd5HaS33laTZkCdNLITw1UUrESUIOiU=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_c2tnb359v1_PUB
+------BEGIN PUBLIC KEY-----
+-MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEZMJU3QF9UJJp2m6qyCnhPuVlPKPHtav3DCgH27SY
+-RLMN7C4rRmqiJakD11QtOforOgbPW5r/v7t4TUWIlq8jV7kapJNtxQtg/S87L0NQGgHBq/lnJL8x
+-fN3Y
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_c2tnb359v1:ALICE_cf_c2tnb359v1_PUB
+-
+-PrivateKey=BOB_cf_c2tnb359v1
+------BEGIN PRIVATE KEY-----
+-ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABIENDAyAgEBBC0Aaw+yr7Atz8CXjLsbI5msXLqxFoMr
+-esHVfU53i6ucCsnPTWSDWSb5CePtI9g=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_c2tnb359v1_PUB
+------BEGIN PUBLIC KEY-----
+-MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEUQde0iyDHbsFJZ459d4zUhsrJYAkqndmEBRwSlg5
+-ZNX8SSS79Zf2HsQl+LWIZyzeYzoHobKXufChw9/H4ThS58VwV5/0hoE929PIgJ1MSEqr5LvJXi+b
+-R8fe
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_c2tnb359v1:BOB_cf_c2tnb359v1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb359v1
+-PeerKey=BOB_cf_c2tnb359v1_PUB
+-SharedSecret=623a71122b5acad467d40d97ef8d8fd46541d8c41d7de6ba181c24e2714c1bc35bcefcf089af69c406eedecc12
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb359v1
+-PeerKey=ALICE_cf_c2tnb359v1_PUB
+-SharedSecret=623a71122b5acad467d40d97ef8d8fd46541d8c41d7de6ba181c24e2714c1bc35bcefcf089af69c406eedecc12
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb359v1
+-PeerKey=BOB_cf_c2tnb359v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=1c9c4cea3251dace2cb763eabf60f106cc1b03f2491e6f20d7bea78e062f8f14c4e82e4d43786eefa44d33f7e9
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb359v1
+-PeerKey=ALICE_cf_c2tnb359v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=1c9c4cea3251dace2cb763eabf60f106cc1b03f2491e6f20d7bea78e062f8f14c4e82e4d43786eefa44d33f7e9
+-
+-PublicKey=MALICE_cf_c2tnb359v1_PUB
+------BEGIN PUBLIC KEY-----
+-MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEDW1DxeJfyPPnxX4WiLM5ZnX9AypqqeKj7FTHxanl
+-++A6FgVFjUCatt8Sr4xnSc3zDE0kh6f/wS9SbtCAi74i8HAX5SJiccCMPRkw6kBuHZgiG8EmFJ53
+-OEQw
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb359v1
+-PeerKey=MALICE_cf_c2tnb359v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb359v1
+-PeerKey=MALICE_cf_c2tnb359v1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=c2tnb431r1 curve tests
+-
+-PrivateKey=ALICE_cf_c2tnb431r1
+------BEGIN PRIVATE KEY-----
+-MFYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABQEPDA6AgEBBDUAG1rgUnH3+PSxqlzt9+QTWv7PrYxz
+-Qgqj5A2Mqi0LbdixVDciVSSgrU6keVu72oCmHVP+OQ==
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_c2tnb431r1_PUB
+------BEGIN PUBLIC KEY-----
+-MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABFcQEDic9pYxtxStk/oBxafqyUux1kvEOOwR4FxJ
+-pGEMTh8B+YfkWuq+IDY5zSqNKtg7cRlAFX2dlHhRSvNxrN3DJCrhe/TQq8SIYawcqEQnM39F8hHM
+-7VQJLEsBpJ/WUonwMJXknjgfONP7GA==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_c2tnb431r1:ALICE_cf_c2tnb431r1_PUB
+-
+-PrivateKey=BOB_cf_c2tnb431r1
+------BEGIN PRIVATE KEY-----
+-MFYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABQEPDA6AgEBBDUBOsZrpI6hTgImR8DBhKOOrh2SvcT/
+-VwmzYnbuCRrtr/zwIQcqKKI1ztlrl+kxFxJfk5L7UQ==
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_c2tnb431r1_PUB
+------BEGIN PUBLIC KEY-----
+-MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABHeTG6xjbsKKxn4oYQt9qUM9LrSPZfY11XsBmROc
+-fb9kEbBLU+QixSbYZOrqPasesDV9dApDXF+w6EfIeNyJEK5Lk+aXamrn7fRMUAQ2m7+Odp87GgA+
+-8Cg6YpgbK314SK5STziqoZwzEISJ9w==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_c2tnb431r1:BOB_cf_c2tnb431r1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb431r1
+-PeerKey=BOB_cf_c2tnb431r1_PUB
+-SharedSecret=1c9a64de0b706f0e562d5144ceeb4806ce8782865dc0e3fab694967955bd40afc79bf9241ef4a173fbf9baeac0d416392fb13bdc6978
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb431r1
+-PeerKey=ALICE_cf_c2tnb431r1_PUB
+-SharedSecret=1c9a64de0b706f0e562d5144ceeb4806ce8782865dc0e3fab694967955bd40afc79bf9241ef4a173fbf9baeac0d416392fb13bdc6978
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb431r1
+-PeerKey=BOB_cf_c2tnb431r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=059e2ea2d0d8bad5005a9401196ebb1633377c7ded8ec58a0398cf1d0f42ea82614f68cb836ecfc33612b8a705b4c3b7b4ed12eb6e22
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb431r1
+-PeerKey=ALICE_cf_c2tnb431r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=059e2ea2d0d8bad5005a9401196ebb1633377c7ded8ec58a0398cf1d0f42ea82614f68cb836ecfc33612b8a705b4c3b7b4ed12eb6e22
+-
+-PublicKey=MALICE_cf_c2tnb431r1_PUB
+------BEGIN PUBLIC KEY-----
+-MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABA/cHJ1bNJ2l3GcrT67WEoU0w/Ajy28T9X4XLv8a
+-5EpnkembeFlRG8ILplDcZimE8kjNQWynAk+NbJRsIU/XLzcm7VXkkqEkx/yCQ/TOcbeB3qrpzWYr
+-F3Cls9x60wuFYNc9d6eIe4B+puz9IQ==
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_c2tnb431r1
+-PeerKey=MALICE_cf_c2tnb431r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_c2tnb431r1
+-PeerKey=MALICE_cf_c2tnb431r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=prime192v2 curve tests
+-
+-PrivateKey=ALICE_cf_prime192v2
+------BEGIN PRIVATE KEY-----
+-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBh6rcgPFDmA2P4CGSrC7ii9DAjepljX
+-sMM=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_prime192v2_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAET6wOPoDU3BeU7VKozsGEvDeJs//9Z/aNEcbbLQ0d
+-g5IzsS/XMJzifjCJZgNsb7mi
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_prime192v2:ALICE_cf_prime192v2_PUB
+-
+-PrivateKey=BOB_cf_prime192v2
+------BEGIN PRIVATE KEY-----
+-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBja4R9iZuiu95XEuM1558ArTwNnAl7M
+-xqI=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_prime192v2_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAEcgWNAOL4pZCmouZl+be+rC0yLAJkm2YuPWs+FX2u
+-Y6OU1aHkkspZTC1uUVWjchy5
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_prime192v2:BOB_cf_prime192v2_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_prime192v2
+-PeerKey=BOB_cf_prime192v2_PUB
+-SharedSecret=ae2ff9f1f9f24e6d281dc78993d9f71913e1e105965000a1
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_prime192v2
+-PeerKey=ALICE_cf_prime192v2_PUB
+-SharedSecret=ae2ff9f1f9f24e6d281dc78993d9f71913e1e105965000a1
+-
+-Title=prime192v3 curve tests
+-
+-PrivateKey=ALICE_cf_prime192v3
+------BEGIN PRIVATE KEY-----
+-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBij5blPQRKM1/9c57YDZXIIue80MDqx
+-Igw=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_prime192v3_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE1+mLeiT/jjHO71IL/C/ZcnF6+yj9FV6eqfuPdHAi
+-MsDRFCB6/h8TcCUFuospu5l0
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_prime192v3:ALICE_cf_prime192v3_PUB
+-
+-PrivateKey=BOB_cf_prime192v3
+------BEGIN PRIVATE KEY-----
+-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBhgFP4fFLtm/yk5tsosBUBKTg370FOu
+-92g=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_prime192v3_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAEv35bOz0xqLeJqpZdZ8LyiUgsJMBEtN2UMJm8blX2
+-vMWAgEeLhzar86BUlS7dZwS7
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_prime192v3:BOB_cf_prime192v3_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_prime192v3
+-PeerKey=BOB_cf_prime192v3_PUB
+-SharedSecret=9e562ecbe29c510a13b0daea822ec864c2a9684d2a382812
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_prime192v3
+-PeerKey=ALICE_cf_prime192v3_PUB
+-SharedSecret=9e562ecbe29c510a13b0daea822ec864c2a9684d2a382812
+-
+-Title=prime239v1 curve tests
+-
+-PrivateKey=ALICE_cf_prime239v1
+------BEGIN PRIVATE KEY-----
+-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5nH2mt/GUx+I/60NlcuQlrdupDXwMY
+-SF/w+SUTNqY=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_prime239v1_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEMqQLCgDR9njkq9QELuOu+J/9YGcxJHULdvxHImLW
+-RXqBUM5Xea+Qk2SKIpWcogxr2zFeQyeLj2bQysuo
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_prime239v1:ALICE_cf_prime239v1_PUB
+-
+-PrivateKey=BOB_cf_prime239v1
+------BEGIN PRIVATE KEY-----
+-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5RZgYV+j+zhwI12zCzB+mdPofMx0kB
+-jZ9gplgXxzk=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_prime239v1_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEBR5m/kllh025oO4GvqALkjRliVv7q4x8ro/tkYnT
+-L2U4hkT6xUeRu9QC4KOz7KUVH+nBbQASL4XQg/3C
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_prime239v1:BOB_cf_prime239v1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_prime239v1
+-PeerKey=BOB_cf_prime239v1_PUB
+-SharedSecret=196b1d0206d4f87c313c266bfb12c90dd1f1f64b89bfc16518086b9801b8
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_prime239v1
+-PeerKey=ALICE_cf_prime239v1_PUB
+-SharedSecret=196b1d0206d4f87c313c266bfb12c90dd1f1f64b89bfc16518086b9801b8
+-
+-Title=prime239v2 curve tests
+-
+-PrivateKey=ALICE_cf_prime239v2
+------BEGIN PRIVATE KEY-----
+-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5uLCwofbD2Suc/iIRhXJsPqZ4me87h
+-+tFevsg1pPE=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_prime239v2_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAETH77jXHBItV673gTNK/HTFldo4VxPiscbideUgKd
+-CWjdVsXebgAZbqQwf0h9QWcIgM7K7ODdW5kCuZ1G
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_prime239v2:ALICE_cf_prime239v2_PUB
+-
+-PrivateKey=BOB_cf_prime239v2
+------BEGIN PRIVATE KEY-----
+-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5nlF+ouuw3Ljkgy3pHkCN+/JoHAMyT
+-KY0wlvJdo/w=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_prime239v2_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAELUQYo0UH8HbK/RMD2jVphBU+iB4OTOfvaaTlHq06
+-dcJ8a9a+mAQKhb1OZVEq1n4nQsgRiI1rPxugVERM
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_prime239v2:BOB_cf_prime239v2_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_prime239v2
+-PeerKey=BOB_cf_prime239v2_PUB
+-SharedSecret=1d18ca6366bceba3c1477daa0e08202088abcf14fc2b8fbf98ba95858fcf
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_prime239v2
+-PeerKey=ALICE_cf_prime239v2_PUB
+-SharedSecret=1d18ca6366bceba3c1477daa0e08202088abcf14fc2b8fbf98ba95858fcf
+-
+-Title=prime239v3 curve tests
+-
+-PrivateKey=ALICE_cf_prime239v3
+------BEGIN PRIVATE KEY-----
+-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5J95JRhBDTzlyAPAfu6T2Pb9vK0NKu
+-Y9AfhA2G+mI=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_prime239v3_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEZEN48pqgLF08Yjj/8BLM2Nr5ZhpYxyBurbzKRuBb
+-GLpzZLteJN9vZjN7ouNpMxLVUFQxTOwpsvUw86Lk
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_prime239v3:ALICE_cf_prime239v3_PUB
+-
+-PrivateKey=BOB_cf_prime239v3
+------BEGIN PRIVATE KEY-----
+-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5Z7rMZML1xeryBaYYr+QuMiQxHT44I
+-d9bmIVvG3dM=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_prime239v3_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEQUWKqohAPAoIYEZOvc1QwSlcB+gW0febaNxGOy47
+-LaIWdsNM7GJVP9xpdSwm/L+Dip/oH4E59f3SiOAd
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_prime239v3:BOB_cf_prime239v3_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_prime239v3
+-PeerKey=BOB_cf_prime239v3_PUB
+-SharedSecret=4dcc2c67c5993162ed71ebb33077bbb85395b0d3eec2311aa404e45901a0
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_prime239v3
+-PeerKey=ALICE_cf_prime239v3_PUB
+-SharedSecret=4dcc2c67c5993162ed71ebb33077bbb85395b0d3eec2311aa404e45901a0
+-
+-Title=secp112r1 curve tests
+-
+-PrivateKey=ALICE_cf_secp112r1
+------BEGIN PRIVATE KEY-----
+-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAYEFTATAgEBBA6zC5ZzEIIdvY4Q7DS0uw==
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_secp112r1_PUB
+------BEGIN PUBLIC KEY-----
+-MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEYIawfjH3qRrJJWwuG3Ys5ZhDJsmdWi34aHgKAA==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_secp112r1:ALICE_cf_secp112r1_PUB
+-
+-PrivateKey=BOB_cf_secp112r1
+------BEGIN PRIVATE KEY-----
+-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAYEFTATAgEBBA6WPx4YxBODium8BKDw0A==
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_secp112r1_PUB
+------BEGIN PUBLIC KEY-----
+-MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEchh3iQdPN1rrzrpdZRQ95G6tvdwEBQ+gfu1tvA==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_secp112r1:BOB_cf_secp112r1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_secp112r1
+-PeerKey=BOB_cf_secp112r1_PUB
+-SharedSecret=4ddd1d504b444d4be67ba2e4610a
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_secp112r1
+-PeerKey=ALICE_cf_secp112r1_PUB
+-SharedSecret=4ddd1d504b444d4be67ba2e4610a
+-
+-Title=secp112r2 curve tests
+-
+-PrivateKey=ALICE_cf_secp112r2
+------BEGIN PRIVATE KEY-----
+-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4GcvIx97ePHdAiH0Z9EA==
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_secp112r2_PUB
+------BEGIN PUBLIC KEY-----
+-MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEHK9uNAILHBmPZdKKh79/nzYE0HbvC//rA7i0Xw==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_secp112r2:ALICE_cf_secp112r2_PUB
+-
+-PrivateKey=BOB_cf_secp112r2
+------BEGIN PRIVATE KEY-----
+-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4WzpVFZnZv9mvtpnYNyw==
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_secp112r2_PUB
+------BEGIN PUBLIC KEY-----
+-MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEUzBLNQupqUpGgmZl9JVjKBpwusl52rFg5OVFJA==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_secp112r2:BOB_cf_secp112r2_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_secp112r2
+-PeerKey=BOB_cf_secp112r2_PUB
+-SharedSecret=a6d05c7ba5128a9685c705b5030b
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_secp112r2
+-PeerKey=ALICE_cf_secp112r2_PUB
+-SharedSecret=a6d05c7ba5128a9685c705b5030b
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_secp112r2
+-PeerKey=BOB_cf_secp112r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=04f3280e92c269d794aa779efcef
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_secp112r2
+-PeerKey=ALICE_cf_secp112r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=04f3280e92c269d794aa779efcef
+-
+-PublicKey=MALICE_cf_secp112r2_PUB
+------BEGIN PUBLIC KEY-----
+-MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEsf2N4SfUZWtXPrUTmEyr71I/JSn8VtzQsFHuqQ==
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_secp112r2
+-PeerKey=MALICE_cf_secp112r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_secp112r2
+-PeerKey=MALICE_cf_secp112r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=secp128r1 curve tests
+-
+-PrivateKey=ALICE_cf_secp128r1
+------BEGIN PRIVATE KEY-----
+-MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBB+RX18d0+gKpdcKbJJTrEZ
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_secp128r1_PUB
+------BEGIN PUBLIC KEY-----
+-MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAEG0XMAdrAZOPUW6L9ADU8XK8sZr7dtIcDinSWU1zSV9s=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_secp128r1:ALICE_cf_secp128r1_PUB
+-
+-PrivateKey=BOB_cf_secp128r1
+------BEGIN PRIVATE KEY-----
+-MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBB/J9/eClt9mimGwOcOsjJF
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_secp128r1_PUB
+------BEGIN PUBLIC KEY-----
+-MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAE82nknsOS+u8mybP0KJqQhvm83gbPNTZOcvm0ZDVR5sU=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_secp128r1:BOB_cf_secp128r1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_secp128r1
+-PeerKey=BOB_cf_secp128r1_PUB
+-SharedSecret=5020f1b759da1f737a61a29a268d7669
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_secp128r1
+-PeerKey=ALICE_cf_secp128r1_PUB
+-SharedSecret=5020f1b759da1f737a61a29a268d7669
+-
+-Title=secp128r2 curve tests
+-
+-PrivateKey=ALICE_cf_secp128r2
+------BEGIN PRIVATE KEY-----
+-MC4CAQAwEAYHKoZIzj0CAQYFK4EEAB0EFzAVAgEBBBALPaUYCnPgNiLhez93Z1Gi
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_secp128r2_PUB
+------BEGIN PUBLIC KEY-----
+-MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAEOKiPRGtZXwxmvTr35NmUkNsAGGk9RKNA4D5BE9ZrjZQ=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_secp128r2:ALICE_cf_secp128r2_PUB
+-
+-PrivateKey=BOB_cf_secp128r2
+------BEGIN PRIVATE KEY-----
+-MC4CAQAwEAYHKoZIzj0CAQYFK4EEAB0EFzAVAgEBBBARg3vb436QgyHdyt6l/b6G
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_secp128r2_PUB
+------BEGIN PUBLIC KEY-----
+-MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAELph7h27BYjIINC2EddcpIOxKbdz8Xe7h3Az1ZuR9bAI=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_secp128r2:BOB_cf_secp128r2_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_secp128r2
+-PeerKey=BOB_cf_secp128r2_PUB
+-SharedSecret=8f4d8c75141e9b084328222440eb5dfa
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_secp128r2
+-PeerKey=ALICE_cf_secp128r2_PUB
+-SharedSecret=8f4d8c75141e9b084328222440eb5dfa
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_secp128r2
+-PeerKey=BOB_cf_secp128r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=baaa0c16e16eef291001475d638e4830
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_secp128r2
+-PeerKey=ALICE_cf_secp128r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=baaa0c16e16eef291001475d638e4830
+-
+-PublicKey=MALICE_cf_secp128r2_PUB
+------BEGIN PUBLIC KEY-----
+-MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAE6h6RzJIp6HLR6RDOPtyzGDurkuE9aAaZqHosPTnkLxQ=
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_secp128r2
+-PeerKey=MALICE_cf_secp128r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_secp128r2
+-PeerKey=MALICE_cf_secp128r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=secp160k1 curve tests
+-
+-PrivateKey=ALICE_cf_secp160k1
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAkEHDAaAgEBBBUAlxTBO50KwFwWKPtk1rutu68m+zI=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_secp160k1_PUB
+------BEGIN PUBLIC KEY-----
+-MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAEcVWIjtPZn1cHckclpn5jKDCphQUVHxFN5tSeFG9wsJZT
+-EvqPyLS64w==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_secp160k1:ALICE_cf_secp160k1_PUB
+-
+-PrivateKey=BOB_cf_secp160k1
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAkEHDAaAgEBBBUAdrPkoNkRVUloiuwzruQszSUuwpY=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_secp160k1_PUB
+------BEGIN PUBLIC KEY-----
+-MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAESGN41cAj8Fg4pAJM7FUKHiawbCR0b9unMpZWxqOKeW1/
+-bxT/CqEkyw==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_secp160k1:BOB_cf_secp160k1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_secp160k1
+-PeerKey=BOB_cf_secp160k1_PUB
+-SharedSecret=b738a0bf17f3271a9a155bfdfe2f0f1d51494d42
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_secp160k1
+-PeerKey=ALICE_cf_secp160k1_PUB
+-SharedSecret=b738a0bf17f3271a9a155bfdfe2f0f1d51494d42
+-
+-Title=secp160r1 curve tests
+-
+-PrivateKey=ALICE_cf_secp160r1
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUAR6m1+jIBuJnSKx9fHmyAYhsnYe8=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_secp160r1_PUB
+------BEGIN PUBLIC KEY-----
+-MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEO78GZuBaCfJjHK97c9N21z+4mm37b5x7/Hr3Xc4pUbtb
+-OoNj/A+W9w==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_secp160r1:ALICE_cf_secp160r1_PUB
+-
+-PrivateKey=BOB_cf_secp160r1
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUATqvd54Jj7TbnrLAd2dMYCpExLws=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_secp160r1_PUB
+------BEGIN PUBLIC KEY-----
+-MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEBKDbBSPTwmb00MFvMtJMxQ2YDmcPOZHE8YbVr5hp8s5J
+-Jwy17FaNNg==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_secp160r1:BOB_cf_secp160r1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_secp160r1
+-PeerKey=BOB_cf_secp160r1_PUB
+-SharedSecret=1912ea7b9bb1de5b8d3cef83e7a6e7a917816541
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_secp160r1
+-PeerKey=ALICE_cf_secp160r1_PUB
+-SharedSecret=1912ea7b9bb1de5b8d3cef83e7a6e7a917816541
+-
+-Title=secp160r2 curve tests
+-
+-PrivateKey=ALICE_cf_secp160r2
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUA3IsVg4R4paXaPATDHvzfnvM+vjQ=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_secp160r2_PUB
+------BEGIN PUBLIC KEY-----
+-MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAE4V+25YCpVkKF6NF/UPc1SYxohYWcf3qT3JDoPRhnm/rj
+-mSqCCA6gUw==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_secp160r2:ALICE_cf_secp160r2_PUB
+-
+-PrivateKey=BOB_cf_secp160r2
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUAYT/5C7UpD17DnZm4ObswmGFMI1Q=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_secp160r2_PUB
+------BEGIN PUBLIC KEY-----
+-MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAEB7YVzBmzhnIdouvN/nb8VMXCqO8dkhmebyVzoD0oAzuH
+-nN+SfWr6aQ==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_secp160r2:BOB_cf_secp160r2_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_secp160r2
+-PeerKey=BOB_cf_secp160r2_PUB
+-SharedSecret=ccb9cae5c9487ff60c487bd1b39a62eb4680e9b6
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_secp160r2
+-PeerKey=ALICE_cf_secp160r2_PUB
+-SharedSecret=ccb9cae5c9487ff60c487bd1b39a62eb4680e9b6
+-
+-Title=secp192k1 curve tests
+-
+-PrivateKey=ALICE_cf_secp192k1
+------BEGIN PRIVATE KEY-----
+-MDYCAQAwEAYHKoZIzj0CAQYFK4EEAB8EHzAdAgEBBBikVZrCZQB7ZtkhNfQYpjKHZ9KxXgooJ90=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_secp192k1_PUB
+------BEGIN PUBLIC KEY-----
+-MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEyV4EzMZglBXtYdn38hNTrCGflAsJprMkxkOlw58chZ25
+-6EAu7gVvYDTpnRkymKyH
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_secp192k1:ALICE_cf_secp192k1_PUB
+-
+-PrivateKey=BOB_cf_secp192k1
+------BEGIN PRIVATE KEY-----
+-MDYCAQAwEAYHKoZIzj0CAQYFK4EEAB8EHzAdAgEBBBiJQ/PunKGk9QPUyqIBGMgHKKg+yxJr5io=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_secp192k1_PUB
+------BEGIN PUBLIC KEY-----
+-MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAE990Tnmh9QQQHVHuLpfrAsgjvB9R2MJXzhBZN1WvtxLqF
+-OZ2oFMP0Kfcr7HbI7a5j
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_secp192k1:BOB_cf_secp192k1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_secp192k1
+-PeerKey=BOB_cf_secp192k1_PUB
+-SharedSecret=a46a6bfb279d4dc30cffac585d1fbec905dbe46aca5e3c9d
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_secp192k1
+-PeerKey=ALICE_cf_secp192k1_PUB
+-SharedSecret=a46a6bfb279d4dc30cffac585d1fbec905dbe46aca5e3c9d
+-
+-Title=secp224k1 curve tests
+-
+-PrivateKey=ALICE_cf_secp224k1
+------BEGIN PRIVATE KEY-----
+-MDsCAQAwEAYHKoZIzj0CAQYFK4EEACAEJDAiAgEBBB0AZPk3TzxGhX7TljBBhJDLBfulAMp6Bh3W
+-w40Qyg==
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_secp224k1_PUB
+------BEGIN PUBLIC KEY-----
+-ME4wEAYHKoZIzj0CAQYFK4EEACADOgAE4o7LGdJDixqJZ5imnqaX4IeE55NG4W0HEe72LVC7pmn2
+-e3m7uC92ZQhduF9lJli4dXD5en/1wkE=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_secp224k1:ALICE_cf_secp224k1_PUB
+-
+-PrivateKey=BOB_cf_secp224k1
+------BEGIN PRIVATE KEY-----
+-MDsCAQAwEAYHKoZIzj0CAQYFK4EEACAEJDAiAgEBBB0AdQ02GguRy3yHOjLkpoWb27QA/L1abfWe
+-q2xUfA==
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_secp224k1_PUB
+------BEGIN PUBLIC KEY-----
+-ME4wEAYHKoZIzj0CAQYFK4EEACADOgAEzp00m0DaADn1mGiDCT7K1LZnoj/vCxHPowUDC9yQd17K
+-KpJM5sGILrTkkgxqtt5pBeYE1NC1QUQ=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_secp224k1:BOB_cf_secp224k1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_secp224k1
+-PeerKey=BOB_cf_secp224k1_PUB
+-SharedSecret=6f7b9d16c9c1d3a5c84b6028f2a4fed9ae8e02455e678a27243bcc48
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_secp224k1
+-PeerKey=ALICE_cf_secp224k1_PUB
+-SharedSecret=6f7b9d16c9c1d3a5c84b6028f2a4fed9ae8e02455e678a27243bcc48
+-
+ Title=secp256k1 curve tests
+
+ PrivateKey=ALICE_cf_secp256k1
+@@ -1998,1323 +55,6 @@ Derive=BOB_cf_secp256k1
+ PeerKey=ALICE_cf_secp256k1_PUB
+ SharedSecret=a4745cc4d19cabb9e5cb0abdd5c604cab2846a4638ad844ed9175f3cadda2da1
+
+-Title=sect113r1 curve tests
+-
+-PrivateKey=ALICE_cf_sect113r1
+------BEGIN PRIVATE KEY-----
+-MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAQEFjAUAgEBBA8ALw9CgsuNBkkhhUHE8bQ=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect113r1_PUB
+------BEGIN PUBLIC KEY-----
+-MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEASO9jcamlg1pRE7JffrTAe9kyRZO2xrymHXoGdnA
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_sect113r1:ALICE_cf_sect113r1_PUB
+-
+-PrivateKey=BOB_cf_sect113r1
+------BEGIN PRIVATE KEY-----
+-MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAQEFjAUAgEBBA8A/9qbs8sTFNkjS9/4CuM=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect113r1_PUB
+------BEGIN PUBLIC KEY-----
+-MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEATykaf/cvJzLOUto1EbbAEz/3++nut6q0dcJOQeV
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_sect113r1:BOB_cf_sect113r1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect113r1
+-PeerKey=BOB_cf_sect113r1_PUB
+-SharedSecret=01ed16f1948dcb368a54004237842d
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect113r1
+-PeerKey=ALICE_cf_sect113r1_PUB
+-SharedSecret=01ed16f1948dcb368a54004237842d
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect113r1
+-PeerKey=BOB_cf_sect113r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=012e5f3e348c2a8a88d9590a639219
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect113r1
+-PeerKey=ALICE_cf_sect113r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=012e5f3e348c2a8a88d9590a639219
+-
+-PublicKey=MALICE_cf_sect113r1_PUB
+------BEGIN PUBLIC KEY-----
+-MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEAAAAAAAAAAAAAAAAAAAAAd+TqiBXnTd/lyA/OFsR
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_sect113r1
+-PeerKey=MALICE_cf_sect113r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_sect113r1
+-PeerKey=MALICE_cf_sect113r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=sect113r2 curve tests
+-
+-PrivateKey=ALICE_cf_sect113r2
+------BEGIN PRIVATE KEY-----
+-MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAUEFjAUAgEBBA8AvovirHrqTxoKJ3l+7y0=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect113r2_PUB
+------BEGIN PUBLIC KEY-----
+-MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAFvQ4JgQTS8kjGeVfuITAS81qNcOQvt3PYa1HuCk
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_sect113r2:ALICE_cf_sect113r2_PUB
+-
+-PrivateKey=BOB_cf_sect113r2
+------BEGIN PRIVATE KEY-----
+-MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAUEFjAUAgEBBA8ArUjgvp/goxRYb4WuQ80=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect113r2_PUB
+------BEGIN PUBLIC KEY-----
+-MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAUoS3of8y28meYu/NoI5AVdhJZCuDjMqFHTriWY4
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_sect113r2:BOB_cf_sect113r2_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect113r2
+-PeerKey=BOB_cf_sect113r2_PUB
+-SharedSecret=0057a287ba1ea05cb4735e673647e1
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect113r2
+-PeerKey=ALICE_cf_sect113r2_PUB
+-SharedSecret=0057a287ba1ea05cb4735e673647e1
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect113r2
+-PeerKey=BOB_cf_sect113r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=00fec2454e46732aca42b22b6d4f13
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect113r2
+-PeerKey=ALICE_cf_sect113r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=00fec2454e46732aca42b22b6d4f13
+-
+-PublicKey=MALICE_cf_sect113r2_PUB
+------BEGIN PUBLIC KEY-----
+-MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAAAAAAAAAAAAAAAAAAAAAR3dbPHrhFekzJ7Azskr
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_sect113r2
+-PeerKey=MALICE_cf_sect113r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_sect113r2
+-PeerKey=MALICE_cf_sect113r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=sect131r1 curve tests
+-
+-PrivateKey=ALICE_cf_sect131r1
+------BEGIN PRIVATE KEY-----
+-MC8CAQAwEAYHKoZIzj0CAQYFK4EEABYEGDAWAgEBBBEA5C6zHMQM7pXPZ6cJz72Niw==
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect131r1_PUB
+------BEGIN PUBLIC KEY-----
+-MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEBXCuXD6wOOif91GUlJNKXf8FBNw8crgqi5aEJEZbCdBJ
+-Ag==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_sect131r1:ALICE_cf_sect131r1_PUB
+-
+-PrivateKey=BOB_cf_sect131r1
+------BEGIN PRIVATE KEY-----
+-MC8CAQAwEAYHKoZIzj0CAQYFK4EEABYEGDAWAgEBBBEDYZmjiokBJ/SnTv8sskBR3A==
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect131r1_PUB
+------BEGIN PUBLIC KEY-----
+-MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEB8vGy3OQXwWKcJUSSJbCtpMBjFgJeZxzAaI420+B1B+1
+-5A==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_sect131r1:BOB_cf_sect131r1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect131r1
+-PeerKey=BOB_cf_sect131r1_PUB
+-SharedSecret=05346248f77f81fff50cc656e119976871
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect131r1
+-PeerKey=ALICE_cf_sect131r1_PUB
+-SharedSecret=05346248f77f81fff50cc656e119976871
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect131r1
+-PeerKey=BOB_cf_sect131r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=01f151ae26efa507acc2597356baf7e8ab
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect131r1
+-PeerKey=ALICE_cf_sect131r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=01f151ae26efa507acc2597356baf7e8ab
+-
+-PublicKey=MALICE_cf_sect131r1_PUB
+------BEGIN PUBLIC KEY-----
+-MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEAAAAAAAAAAAAAAAAAAAAAAABfiJEFG0vRzEGxk2BxjmK
+-zw==
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_sect131r1
+-PeerKey=MALICE_cf_sect131r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_sect131r1
+-PeerKey=MALICE_cf_sect131r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=sect131r2 curve tests
+-
+-PrivateKey=ALICE_cf_sect131r2
+------BEGIN PRIVATE KEY-----
+-MC8CAQAwEAYHKoZIzj0CAQYFK4EEABcEGDAWAgEBBBEBnZRUKAQetk5kyUwhIaAyxg==
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect131r2_PUB
+------BEGIN PUBLIC KEY-----
+-MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEA5+Y20L8q989I4jnKknZ7hcGlQ6RUIGni9RahT88kB/d
+-dw==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_sect131r2:ALICE_cf_sect131r2_PUB
+-
+-PrivateKey=BOB_cf_sect131r2
+------BEGIN PRIVATE KEY-----
+-MC8CAQAwEAYHKoZIzj0CAQYFK4EEABcEGDAWAgEBBBEBnafx9vcMeoCqj/1YNuflzw==
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect131r2_PUB
+------BEGIN PUBLIC KEY-----
+-MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEB2G2uNkhQNjjl0/Ov6UYpxoFaWNXO+qy7poV6cdrFN7z
+-pA==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_sect131r2:BOB_cf_sect131r2_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect131r2
+-PeerKey=BOB_cf_sect131r2_PUB
+-SharedSecret=058d8a8be33068ed8c1dc9f551ef2c3f3c
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect131r2
+-PeerKey=ALICE_cf_sect131r2_PUB
+-SharedSecret=058d8a8be33068ed8c1dc9f551ef2c3f3c
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect131r2
+-PeerKey=BOB_cf_sect131r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=037b16d85f27c2c878ef96c79a536f89a5
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect131r2
+-PeerKey=ALICE_cf_sect131r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=037b16d85f27c2c878ef96c79a536f89a5
+-
+-PublicKey=MALICE_cf_sect131r2_PUB
+------BEGIN PUBLIC KEY-----
+-MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEAAAAAAAAAAAAAAAAAAAAAAAGG5fiIbgziwBZHVzTYqCY
+-1w==
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_sect131r2
+-PeerKey=MALICE_cf_sect131r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_sect131r2
+-PeerKey=MALICE_cf_sect131r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=sect163r1 curve tests
+-
+-PrivateKey=ALICE_cf_sect163r1
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAIEHDAaAgEBBBUAlbn4x1UGJnAimsXufB/UvUaxU5U=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect163r1_PUB
+------BEGIN PUBLIC KEY-----
+-MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEA0f195HCcD4D+7wWyl3QuPkRovG/ATy5l7fpMl4BNIg/
+-sbtEXluCzANF
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_sect163r1:ALICE_cf_sect163r1_PUB
+-
+-PrivateKey=BOB_cf_sect163r1
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAIEHDAaAgEBBBUAoStq6Fjb7nB2PNL6WrzKKqhCGdE=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect163r1_PUB
+------BEGIN PUBLIC KEY-----
+-MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEAul/oBKr9B5MsPHWGF+q07j0JC+WAxj1JzfcIXR98n+r
+-9FHWU5LC5pDM
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_sect163r1:BOB_cf_sect163r1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect163r1
+-PeerKey=BOB_cf_sect163r1_PUB
+-SharedSecret=06135eef489fe613c0d8bd522a2a640ff7ae6fb73d
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect163r1
+-PeerKey=ALICE_cf_sect163r1_PUB
+-SharedSecret=06135eef489fe613c0d8bd522a2a640ff7ae6fb73d
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect163r1
+-PeerKey=BOB_cf_sect163r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=0580f5e8efb242a19ae1023acbcab8702c799751e7
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect163r1
+-PeerKey=ALICE_cf_sect163r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=0580f5e8efb242a19ae1023acbcab8702c799751e7
+-
+-PublicKey=MALICE_cf_sect163r1_PUB
+------BEGIN PUBLIC KEY-----
+-MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJkXolVuGFa8fqmk
+-cs0Bv7iJuVg1
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_sect163r1
+-PeerKey=MALICE_cf_sect163r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_sect163r1
+-PeerKey=MALICE_cf_sect163r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=sect193r1 curve tests
+-
+-PrivateKey=ALICE_cf_sect193r1
+------BEGIN PRIVATE KEY-----
+-MDcCAQAwEAYHKoZIzj0CAQYFK4EEABgEIDAeAgEBBBkACmcvidKWLtPFB2xqg76F8VhM1Njzrkgo
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect193r1_PUB
+------BEGIN PUBLIC KEY-----
+-MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAeqP0VQobenduwtf4MPmlYQVDjUmxKq50QFHnaBfzwXY
+-1TYShZZgBr0R6a5dUGCbiF0=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_sect193r1:ALICE_cf_sect193r1_PUB
+-
+-PrivateKey=BOB_cf_sect193r1
+------BEGIN PRIVATE KEY-----
+-MDcCAQAwEAYHKoZIzj0CAQYFK4EEABgEIDAeAgEBBBkAKlSknQ66vpuLjC1mbQyfHOTdJ5Kw5jMh
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect193r1_PUB
+------BEGIN PUBLIC KEY-----
+-MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAaFZVIeqfV9wbPydaBSJKSWJjVyFVSB/QQB5rHonYQmK
+-f40zok8PJS6ratIcZwk/n20=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_sect193r1:BOB_cf_sect193r1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect193r1
+-PeerKey=BOB_cf_sect193r1_PUB
+-SharedSecret=012b8849991814f8c7ed9d40cf9dc204c3a83e0b10675543a5
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect193r1
+-PeerKey=ALICE_cf_sect193r1_PUB
+-SharedSecret=012b8849991814f8c7ed9d40cf9dc204c3a83e0b10675543a5
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect193r1
+-PeerKey=BOB_cf_sect193r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=0110180a18844859c52f6f012909522a2d87b5ab143bc80a55
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect193r1
+-PeerKey=ALICE_cf_sect193r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=0110180a18844859c52f6f012909522a2d87b5ab143bc80a55
+-
+-PublicKey=MALICE_cf_sect193r1_PUB
+------BEGIN PUBLIC KEY-----
+-MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHeX7PX3e5n
+-zROUg6/STkLp1D+L51L9+wY=
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_sect193r1
+-PeerKey=MALICE_cf_sect193r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_sect193r1
+-PeerKey=MALICE_cf_sect193r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=sect193r2 curve tests
+-
+-PrivateKey=ALICE_cf_sect193r2
+------BEGIN PRIVATE KEY-----
+-MDcCAQAwEAYHKoZIzj0CAQYFK4EEABkEIDAeAgEBBBkAhjkv8lXK/nPp3Qc4IwL/29JUKWi2VBMp
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect193r2_PUB
+------BEGIN PUBLIC KEY-----
+-MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAIn7oSu3adu4ChNXniHKkMIv9gT24rpzzwAeCTDPIkUT
+-kJ+Tit6e4RpgkB/dph4V+uI=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_sect193r2:ALICE_cf_sect193r2_PUB
+-
+-PrivateKey=BOB_cf_sect193r2
+------BEGIN PRIVATE KEY-----
+-MDcCAQAwEAYHKoZIzj0CAQYFK4EEABkEIDAeAgEBBBkAwGkR3qSQdfh7Q6KbJ4lH5FShGsX8o/jD
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect193r2_PUB
+------BEGIN PUBLIC KEY-----
+-MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAFdSLKI0tlwZDpkndutOLsnHii1aJO8snwEJ0m/AZgMp
+-xiDevOQ/xE9SpMX25W7YqkU=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_sect193r2:BOB_cf_sect193r2_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect193r2
+-PeerKey=BOB_cf_sect193r2_PUB
+-SharedSecret=01e2f66a63c24c1de8a399c484228a5ad5b6d911c6e5e83ae3
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect193r2
+-PeerKey=ALICE_cf_sect193r2_PUB
+-SharedSecret=01e2f66a63c24c1de8a399c484228a5ad5b6d911c6e5e83ae3
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect193r2
+-PeerKey=BOB_cf_sect193r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=00bc82d393bd74406683aea003977a86a109f444a833652e43
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect193r2
+-PeerKey=ALICE_cf_sect193r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=00bc82d393bd74406683aea003977a86a109f444a833652e43
+-
+-PublicKey=MALICE_cf_sect193r2_PUB
+------BEGIN PUBLIC KEY-----
+-MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfdLEkrvsO
+-Y7+6QpEvOay9A4MJCUZfZmI=
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_sect193r2
+-PeerKey=MALICE_cf_sect193r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_sect193r2
+-PeerKey=MALICE_cf_sect193r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=sect239k1 curve tests
+-
+-PrivateKey=ALICE_cf_sect239k1
+------BEGIN PRIVATE KEY-----
+-MDwCAQAwEAYHKoZIzj0CAQYFK4EEAAMEJTAjAgEBBB4G4nbQDUtTnkrPOvDGIlhH9XdjirUSbTI5
+-5z6lf7o=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect239k1_PUB
+------BEGIN PUBLIC KEY-----
+-MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEf5paOMjzcnpVAPMQnIkikE4K2jne3ubX2TD1P3aedknF
+-lUr6tOU4BsiUQJACF90rQ9/KdeR5mYvYHzvI
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_sect239k1:ALICE_cf_sect239k1_PUB
+-
+-PrivateKey=BOB_cf_sect239k1
+------BEGIN PRIVATE KEY-----
+-MDwCAQAwEAYHKoZIzj0CAQYFK4EEAAMEJTAjAgEBBB4e0F0NpepAF+iNrEtoZeo4TrQFspkUNLcx
+-Ly4Klfg=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect239k1_PUB
+------BEGIN PUBLIC KEY-----
+-MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEKnjJ4RHe+EiElXMrF4ou7VGy1pn0ZiO17FouF31Zbvjc
+-TcbhfE6ziXM8sekQJBwcwRKQ9+G/Qzq/2A9x
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_sect239k1:BOB_cf_sect239k1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect239k1
+-PeerKey=BOB_cf_sect239k1_PUB
+-SharedSecret=0ef54c7b7dbf55d4278e7a6924dc4833c63ec708e820d501cacdfb4935d5
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect239k1
+-PeerKey=ALICE_cf_sect239k1_PUB
+-SharedSecret=0ef54c7b7dbf55d4278e7a6924dc4833c63ec708e820d501cacdfb4935d5
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect239k1
+-PeerKey=BOB_cf_sect239k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=592e4b33ac99624fe7f2f879cf52f12a70f189c5d90785db26a12e0a46c0
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect239k1
+-PeerKey=ALICE_cf_sect239k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=592e4b33ac99624fe7f2f879cf52f12a70f189c5d90785db26a12e0a46c0
+-
+-PublicKey=MALICE_cf_sect239k1_PUB
+------BEGIN PUBLIC KEY-----
+-MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA
+-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_sect239k1
+-PeerKey=MALICE_cf_sect239k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_sect239k1
+-PeerKey=MALICE_cf_sect239k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=wap-wsg-idm-ecid-wtls10 curve tests
+-
+-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls10
+------BEGIN PRIVATE KEY-----
+-MDsCAQAwEAYHKoZIzj0CAQYFZysBBAoEJDAiAgEBBB1zvDMHGgcytka5KvlvQvJzTA4l2ts2NzBp
+-SJiGyw==
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB
+------BEGIN PUBLIC KEY-----
+-MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAZkrhWBz/Q4GB8DY4Ia114ew6H7Eg7ri2uxwxd3rAZs5
+-/ShvunNyndjCt3Qaq8sulBM0nUyERSDakyD+
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls10:ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB
+-
+-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls10
+------BEGIN PRIVATE KEY-----
+-MDsCAQAwEAYHKoZIzj0CAQYFZysBBAoEJDAiAgEBBB1SowkHU79PqokOfgllN53rNS8a3h1wFBY0
+-dKPkQg==
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB
+------BEGIN PUBLIC KEY-----
+-MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAGavw4ChHCoWplAumMEBwJgJ2aYtw+utu4vhWnscAPIT
+-IJ4IiIGj18rCFBap1sgVbpXjhEBLYg6Itwv2
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls10:BOB_cf_wap-wsg-idm-ecid-wtls10_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10
+-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB
+-SharedSecret=0194ef5d80fdfe9df366b2273b983c3dbd440faf76964fcfc06c509f289d
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls10
+-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB
+-SharedSecret=0194ef5d80fdfe9df366b2273b983c3dbd440faf76964fcfc06c509f289d
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10
+-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=01bedc5cdf63fbf18c3e2bc9765e12f7990c0c0c64f0267ae7c37b9f49f0
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls10
+-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=01bedc5cdf63fbf18c3e2bc9765e12f7990c0c0c64f0267ae7c37b9f49f0
+-
+-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB
+------BEGIN PUBLIC KEY-----
+-MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA
+-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls10
+-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10
+-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=wap-wsg-idm-ecid-wtls11 curve tests
+-
+-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls11
+------BEGIN PRIVATE KEY-----
+-MDwCAQAwEAYHKoZIzj0CAQYFZysBBAsEJTAjAgEBBB4AkzS3zoqHNCLug/nwoYMQW3UigmZ9t56k
+-5jp+FiY=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB
+------BEGIN PUBLIC KEY-----
+-MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEABttgKKYeGZRmcH/5UZR56lOSgbU4TH2AuIhvj88AL6H
+-zTCX9elzXpck+u22bnmkuvL2A8XKB5+fabMR
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls11:ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB
+-
+-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls11
+------BEGIN PRIVATE KEY-----
+-MDwCAQAwEAYHKoZIzj0CAQYFZysBBAsEJTAjAgEBBB4AWU05mbqPxsB749llNON1//l0w8RJJ3z5
+-h/kzfNM=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB
+------BEGIN PUBLIC KEY-----
+-MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEAL6Xj/KCmXAQAAo847t0bl0wqBrteWRg93OvIJsPAAOE
+-ehdIgJyruc3KsH0RFlipu5QD8pnGSIXvif19
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls11:BOB_cf_wap-wsg-idm-ecid-wtls11_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11
+-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB
+-SharedSecret=01ac8a23ddeeafb4d3bb243fe409f2f9c8b1a3fc11d4690da583f2e21637
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls11
+-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB
+-SharedSecret=01ac8a23ddeeafb4d3bb243fe409f2f9c8b1a3fc11d4690da583f2e21637
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11
+-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=01b9992992572d3a59d424f8c9cc195576461ed6c1dadf6fb523717fab19
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls11
+-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=01b9992992572d3a59d424f8c9cc195576461ed6c1dadf6fb523717fab19
+-
+-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB
+------BEGIN PUBLIC KEY-----
+-MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4
+-Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls11
+-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11
+-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=wap-wsg-idm-ecid-wtls12 curve tests
+-
+-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls12
+------BEGIN PRIVATE KEY-----
+-MDoCAQAwEAYHKoZIzj0CAQYFZysBBAwEIzAhAgEBBBxwvll9Eb9mm2Xadq1evIi1zIK+6u0Nv8bP
+-LI9a
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB
+------BEGIN PUBLIC KEY-----
+-ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAE0t0WqG/pFsiCt6agmebw3FCEWAzf9BpNLuzoCkPEe0Li
+-bqn5udrckL6s3stwCTVFaZUfY2qS9QE=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls12:ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB
+-
+-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls12
+------BEGIN PRIVATE KEY-----
+-MDoCAQAwEAYHKoZIzj0CAQYFZysBBAwEIzAhAgEBBBz+5P6gpqXxbeXvvaD5W9Ft69BTxcn7zc6q
+-K3Ax
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls12_PUB
+------BEGIN PUBLIC KEY-----
+-ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAEvyxedqaWkoAOMjaV5W3/tJpheiHAR0zV6BlIeUuGP2mx
+-+xsOK9/QB7hzipq9cXx1K/dXu58EoSY=
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls12:BOB_cf_wap-wsg-idm-ecid-wtls12_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls12
+-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls12_PUB
+-SharedSecret=a3b3f20af8c33a0f5c246b4b9d9dda1cd40c294d1f53365d18a8b54b
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls12
+-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB
+-SharedSecret=a3b3f20af8c33a0f5c246b4b9d9dda1cd40c294d1f53365d18a8b54b
+-
+-Title=wap-wsg-idm-ecid-wtls1 curve tests
+-
+-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls1
+------BEGIN PRIVATE KEY-----
+-MCwCAQAwEAYHKoZIzj0CAQYFZysBBAEEFTATAgEBBA5ZNASTt4/g6XPQwRiQ0Q==
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB
+------BEGIN PUBLIC KEY-----
+-MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEACBNPI48xxsPVQBy07jRAAcWzbIkMo8BQotxpfGJ
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls1:ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB
+-
+-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls1
+------BEGIN PRIVATE KEY-----
+-MCwCAQAwEAYHKoZIzj0CAQYFZysBBAEEFTATAgEBBA6+0x9qk0NIKHSRvlTemQ==
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB
+------BEGIN PUBLIC KEY-----
+-MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEAEeHMSBTx/EtOu+bjBinALHSkQuJyiP3mg1tu+I2
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls1:BOB_cf_wap-wsg-idm-ecid-wtls1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1
+-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB
+-SharedSecret=0040ba2fadc1da97c973e5e59ade31
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls1
+-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB
+-SharedSecret=0040ba2fadc1da97c973e5e59ade31
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1
+-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=008919696215a89e03d6c4c9265d6b
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls1
+-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=008919696215a89e03d6c4c9265d6b
+-
+-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB
+------BEGIN PUBLIC KEY-----
+-MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls1
+-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1
+-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=wap-wsg-idm-ecid-wtls3 curve tests
+-
+-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls3
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAMEHDAaAgEBBBUDO2cHbqQBUxuJBl6UT9UrasuRVrI=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB
+------BEGIN PUBLIC KEY-----
+-MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEBRIzvK9o7eO2NGmtPFV/zo9/1mlvBwjG7+e6hbPG1KdI
+-01f8oGBuXMQH
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls3:ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB
+-
+-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls3
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAMEHDAaAgEBBBUAhZv9WZ00bDnU9MOaqEegP771nes=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB
+------BEGIN PUBLIC KEY-----
+-MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEAYOspjEbzyZw61jCtUrxARr+w66nBH+73QIvlaRVSG/4
+-hlBUf5kmG4Yn
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls3:BOB_cf_wap-wsg-idm-ecid-wtls3_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3
+-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB
+-SharedSecret=0311924428a839b7dcada662722945e62bf1131f4f
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls3
+-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB
+-SharedSecret=0311924428a839b7dcada662722945e62bf1131f4f
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3
+-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=047f1aee6a1a1d7c9c1f0e8dce4349429f737aa658
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls3
+-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=047f1aee6a1a1d7c9c1f0e8dce4349429f737aa658
+-
+-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB
+------BEGIN PUBLIC KEY-----
+-MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-AAAAAAAAAAAB
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls3
+-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3
+-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=wap-wsg-idm-ecid-wtls4 curve tests
+-
+-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls4
+------BEGIN PRIVATE KEY-----
+-MC0CAQAwEAYHKoZIzj0CAQYFZysBBAQEFjAUAgEBBA8ACFOrBbOh5LjNtJQCuEE=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB
+------BEGIN PUBLIC KEY-----
+-MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAW3K4Mus5+KAJVGLzEYrAYuCJSEYXFTo17aW0TwN
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls4:ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB
+-
+-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls4
+------BEGIN PRIVATE KEY-----
+-MC0CAQAwEAYHKoZIzj0CAQYFZysBBAQEFjAUAgEBBA8Auz4XRc3Rg0bNcbrray8=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB
+------BEGIN PUBLIC KEY-----
+-MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAI0F7ixGqOhnYpsuR80nAdTdSXM+YbcUbLe/U/xG
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls4:BOB_cf_wap-wsg-idm-ecid-wtls4_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4
+-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB
+-SharedSecret=0077378ddfdadff704a0b6646949e7
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls4
+-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB
+-SharedSecret=0077378ddfdadff704a0b6646949e7
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4
+-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=008f3713fe1ff1fa5d5041899817d1
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls4
+-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=008f3713fe1ff1fa5d5041899817d1
+-
+-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB
+------BEGIN PUBLIC KEY-----
+-MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAAAAAAAAAAAAAAAAAAAAAd+TqiBXnTd/lyA/OFsR
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls4
+-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4
+-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=wap-wsg-idm-ecid-wtls5 curve tests
+-
+-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls5
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAUEHDAaAgEBBBUD9gVh3zbLTA7BuRVVi9T8QKZ1uco=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB
+------BEGIN PUBLIC KEY-----
+-MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEAH5xyUrvbuN+tWmRhwqrQfFHPHNUBKtAGvJuvSFVwTKk
+-uFzn9fPvIDe6
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls5:ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB
+-
+-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls5
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAUEHDAaAgEBBBUAr9ZlmuO7bNfqB42xUivJXyVHKNI=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB
+------BEGIN PUBLIC KEY-----
+-MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEBdXxEk0L2XAVzRNLPcnMxGXXyDfZAoA1Qw2XpOfVWIVR
+-jdoMGRgUuJmO
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls5:BOB_cf_wap-wsg-idm-ecid-wtls5_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5
+-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB
+-SharedSecret=0190c68d80e94fbe9f193ae7d9a156bf0b8d097c23
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls5
+-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB
+-SharedSecret=0190c68d80e94fbe9f193ae7d9a156bf0b8d097c23
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5
+-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=00aabc9b45c200e41294aa922ab06da6655731e0ea
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls5
+-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=00aabc9b45c200e41294aa922ab06da6655731e0ea
+-
+-PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB
+------BEGIN PUBLIC KEY-----
+-MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8JxepS05nN/piK
+-dhDD3dDKXUih
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls5
+-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5
+-PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=wap-wsg-idm-ecid-wtls6 curve tests
+-
+-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls6
+------BEGIN PRIVATE KEY-----
+-MCwCAQAwEAYHKoZIzj0CAQYFZysBBAYEFTATAgEBBA4ayMbswPbvYMwpwo80jA==
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB
+------BEGIN PUBLIC KEY-----
+-MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAERPw/8Ip/RrXr0gMgLGRQeiQ4Qd6W+Li0ylGKzg==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls6:ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB
+-
+-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls6
+------BEGIN PRIVATE KEY-----
+-MCwCAQAwEAYHKoZIzj0CAQYFZysBBAYEFTATAgEBBA6kbCpFt3tX2hYBQHMXbg==
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls6_PUB
+------BEGIN PUBLIC KEY-----
+-MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAEhJXqpYGxE/l1X/LiBeyRbIcyzqPxUP5Tkv3U3w==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls6:BOB_cf_wap-wsg-idm-ecid-wtls6_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls6
+-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls6_PUB
+-SharedSecret=b4cae255268f11a1e46fecad04c2
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls6
+-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB
+-SharedSecret=b4cae255268f11a1e46fecad04c2
+-
+-Title=wap-wsg-idm-ecid-wtls7 curve tests
+-
+-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls7
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUABcyzh4ot9ck/j4/3ehK0aYngYoM=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB
+------BEGIN PUBLIC KEY-----
+-MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEwQLnZ70n45RLqRtAGNzEa3Rl/9nwyjqYUtw2eeHhnNLT
+-feGY4CNH0w==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls7:ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB
+-
+-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls7
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUAPyrGRY1SR13hKQswS6yXs8w8PUQ=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls7_PUB
+------BEGIN PUBLIC KEY-----
+-MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEZGN44YbN5r3zcNtOHrvbQLt8/lE7BHp4D/9eKLmwFDn1
+-QneRu3xwPA==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls7:BOB_cf_wap-wsg-idm-ecid-wtls7_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls7
+-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls7_PUB
+-SharedSecret=ae9f5bcc6457c0422866bf855921eabc42b7121a
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls7
+-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB
+-SharedSecret=ae9f5bcc6457c0422866bf855921eabc42b7121a
+-
+-Title=wap-wsg-idm-ecid-wtls8 curve tests
+-
+-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls8
+------BEGIN PRIVATE KEY-----
+-MC0CAQAwEAYHKoZIzj0CAQYFZysBBAgEFjAUAgEBBA8AnkC18b3pH2O5TIYIqAQ=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB
+------BEGIN PUBLIC KEY-----
+-MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAEJD0h4HEfchwxqhp9eMHh9gczQKHX4MtWVoAxKQ==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls8:ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB
+-
+-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls8
+------BEGIN PRIVATE KEY-----
+-MC0CAQAwEAYHKoZIzj0CAQYFZysBBAgEFjAUAgEBBA8AXxPMnqbl3rOuIM5nsvc=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls8_PUB
+------BEGIN PUBLIC KEY-----
+-MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAEZawmRmzr9P+jihImUi6ykOzaSH484JhMKNdrgw==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls8:BOB_cf_wap-wsg-idm-ecid-wtls8_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls8
+-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls8_PUB
+-SharedSecret=48baf4f1f5e8a0eb5dae28ef6290
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls8
+-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB
+-SharedSecret=48baf4f1f5e8a0eb5dae28ef6290
+-
+-Title=wap-wsg-idm-ecid-wtls9 curve tests
+-
+-PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls9
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAkEHDAaAgEBBBUALwvuKs3RLthMAsChbqKjXw6vTYo=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB
+------BEGIN PUBLIC KEY-----
+-MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAET0ppOvd9DU4v+tkKDQ5wRBrN1FwD9+F9t5l3Im+mz3rw
+-DB/RYdZuUg==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls9:ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB
+-
+-PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls9
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAkEHDAaAgEBBBUAgeb/vqEM7X5AAAxyBu3M+C8pWLM=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls9_PUB
+------BEGIN PUBLIC KEY-----
+-MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAEWc37LGt6lt90iF4lhtDYNFdjAqoczebuNgzGff/Uq8ov
+-a3EVJ9yK1A==
+------END PUBLIC KEY-----
+-
+-Availablein = default
+-PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls9:BOB_cf_wap-wsg-idm-ecid-wtls9_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_wap-wsg-idm-ecid-wtls9
+-PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls9_PUB
+-SharedSecret=948d3030e95cead39a1bb3d8a01c2be178517ba7
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_wap-wsg-idm-ecid-wtls9
+-PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB
+-SharedSecret=948d3030e95cead39a1bb3d8a01c2be178517ba7
+-
+-# tests: 484
+-
+-Title=zero x-coord regression tests
+-
+-PrivateKey=ALICE_zero_prime192v1
+------BEGIN PRIVATE KEY-----
+-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhaPNk8jG5hSG6y8tUqUoOaNNsZ3APU
+-pps=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_zero_prime192v1_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe2hWBe5g
+-DLNj216pEvK7XjoKLg5gNg8S
+------END PUBLIC KEY-----
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_zero_prime192v1
+-PeerKey=BOB_zero_prime192v1_PUB
+-SharedSecret=baaffd49a8399d2ad52cbbe24d47b67afb4b3cf436f1cd65
+-
+-PrivateKey=ALICE_zero_prime192v2
+ -----BEGIN PRIVATE KEY-----
+ MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBj1AIQMJ7jqYIKCvxYAS+qKMmKmH0to
+ 41k=
+@@ -3422,72 +162,6 @@ Derive=ALICE_zero_prime256v1
+ PeerKey=BOB_zero_prime256v1_PUB
+ SharedSecret=c4f5607deb8501f1a4ba23fce4122a4343a17ada2c86a9c8e0d03d92d4a4c84c
+
+-PrivateKey=ALICE_zero_secp112r2
+------BEGIN PRIVATE KEY-----
+-MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4hh3tRkG3tnA0496ffMw==
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_zero_secp112r2_PUB
+------BEGIN PUBLIC KEY-----
+-MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEAAAAAAAAAAAAAAAAAAAS5eEOWDV/Wk7w4djyDQ==
+------END PUBLIC KEY-----
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_zero_secp112r2
+-PeerKey=BOB_zero_secp112r2_PUB
+-SharedSecret=958cc1cb425713678830a4d7d95e
+-
+-PrivateKey=ALICE_zero_secp128r1
+------BEGIN PRIVATE KEY-----
+-MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBCykSzic/h3T2K6SkSP1SGt
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_zero_secp128r1_PUB
+------BEGIN PUBLIC KEY-----
+-MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAEAAAAAAAAAAAAAAAAAAAAAABya8M5aeOpNG3z799IdHc=
+------END PUBLIC KEY-----
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_zero_secp128r1
+-PeerKey=BOB_zero_secp128r1_PUB
+-SharedSecret=5235d452066f126cd7e99eea00fd3068
+-
+-PrivateKey=ALICE_zero_secp160r1
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUACoRnbig69XLlh5VcRexpbbn5zwA=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_zero_secp160r1_PUB
+------BEGIN PUBLIC KEY-----
+-MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAG/w1po29wYlxlygXs
+-MGfbiGg5ng==
+------END PUBLIC KEY-----
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_zero_secp160r1
+-PeerKey=BOB_zero_secp160r1_PUB
+-SharedSecret=9ccd0ab8d093b6acdb3fe14c3736a0dfe61a4666
+-
+-PrivateKey=ALICE_zero_secp160r2
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUAQFGxInSw1eAvd45E9TUdbXtJGnA=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_zero_secp160r2_PUB
+------BEGIN PUBLIC KEY-----
+-MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAZtSBSZqfmXp47v5z2
+-ZZZl2JFxDg==
+------END PUBLIC KEY-----
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_zero_secp160r2
+-PeerKey=BOB_zero_secp160r2_PUB
+-SharedSecret=303e0a282ac86f463fe834cb51b0057be42ed5ab
+-
+ PrivateKey=ALICE_zero_secp384r1
+ -----BEGIN PRIVATE KEY-----
+ ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDD6kgzKbg28zbQyVTdC0IdHbm0UCQt2Rdbi
+@@ -3526,76 +200,6 @@ Derive=ALICE_zero_secp521r1
+ PeerKey=BOB_zero_secp521r1_PUB
+ SharedSecret=003fc3028f61db94b20c7cd177923b6e73f12f0ab067c9ce8866755e3c82abb39c9863cde74fa80b32520bd7dd0eb156c30c08911503b67b2661f1264d09bb231423
+
+-PrivateKey=ALICE_zero_wap-wsg-idm-ecid-wtls7
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUAoGng7WzYr4P9vtdc3BS/UiNWmc0=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_zero_wap-wsg-idm-ecid-wtls7_PUB
+------BEGIN PUBLIC KEY-----
+-MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAZtSBSZqfmXp47v5z2
+-ZZZl2JFxDg==
+------END PUBLIC KEY-----
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_zero_wap-wsg-idm-ecid-wtls7
+-PeerKey=BOB_zero_wap-wsg-idm-ecid-wtls7_PUB
+-SharedSecret=6582fc03bbb340fcf24a5fe8fcdf722655efa8b9
+-
+-# tests: 14
+-
+-Title=prime192v1 curve tests
+-
+-PrivateKey=ALICE_cf_prime192v1
+------BEGIN PRIVATE KEY-----
+-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhQFYLaobJ47BVWWZv/ByY8Ti69m/U9
+-TeI=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_prime192v1_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEHYbt14KzucSpmKMrlDx1IGz/a28nDs21OjKgx3BK
+-PZ78UrllIr69kgrYUKsRg4sd
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=ALICE_cf_prime192v1:ALICE_cf_prime192v1_PUB
+-
+-PrivateKey=BOB_cf_prime192v1
+------BEGIN PRIVATE KEY-----
+-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhsbmKHAtygIqirkmUXSbniDJOx0/fI
+-CWM=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_prime192v1_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEJA+FQcXq5Axzv8pLDslxq1QVt1hjN2i0TgoO6Yxp
+-bAekMot69VorE8ibSzgJixXJ
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=BOB_cf_prime192v1:BOB_cf_prime192v1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_prime192v1
+-PeerKey=BOB_cf_prime192v1_PUB
+-SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_prime192v1
+-PeerKey=ALICE_cf_prime192v1_PUB
+-SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354
+-
+-# ECDH Bob with Alice peer : curves with less than 112 bits of strength cannot
+-# be used for Key agreement in fips mode
+-Availablein = fips
+-Derive=BOB_cf_prime192v1
+-Securitycheck = 1
+-PeerKey=ALICE_cf_prime192v1_PUB
+-SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354
+-Result = DERIVE_SET_PEER_ERROR
+-
+ Title=prime256v1 curve tests
+
+ PrivateKey=ALICE_cf_prime256v1
+@@ -3759,743 +363,3 @@ SharedSecret=01dd4aa9037bb4ad298b420998d
+ Derive=BOB_cf_secp521r1
+ PeerKey=ALICE_cf_secp521r1_PUB
+ SharedSecret=01dd4aa9037bb4ad298b420998dcd32b3a9af1cda8b7919e372aeb4e54ccfb4d2409a340ed896bfbc5dd462f8d96b8784bc17b29db3ca04700e6ec752f9bec777695
+-
+-Title=sect163k1 curve tests
+-
+-PrivateKey=ALICE_cf_sect163k1
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUB905PYfmej8LzbzX6Bg51GJzXQjQ=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect163k1_PUB
+------BEGIN PUBLIC KEY-----
+-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBfvs5A1hD8YySP9O2ub8GEUfotVuBpfRx4GIHdAfx8wV
+-1UVeTRnyAlWU
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=ALICE_cf_sect163k1:ALICE_cf_sect163k1_PUB
+-
+-PrivateKey=BOB_cf_sect163k1
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUCHPtCjJ4/K8ylQBcLlb5VE0bkaUE=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect163k1_PUB
+------BEGIN PUBLIC KEY-----
+-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBvgfX1mTRlt6Z4TE1D1MNWo4loH4AoeYa6oowK104LKk
+-nsdg7isQ8XBD
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=BOB_cf_sect163k1:BOB_cf_sect163k1_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect163k1
+-PeerKey=BOB_cf_sect163k1_PUB
+-SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect163k1
+-PeerKey=ALICE_cf_sect163k1_PUB
+-SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect163k1
+-PeerKey=BOB_cf_sect163k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect163k1
+-PeerKey=ALICE_cf_sect163k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77
+-
+-PublicKey=MALICE_cf_sect163k1_PUB
+------BEGIN PUBLIC KEY-----
+-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-AAAAAAAAAAAB
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_sect163k1
+-PeerKey=MALICE_cf_sect163k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_sect163k1
+-PeerKey=MALICE_cf_sect163k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=sect163r2 curve tests
+-
+-PrivateKey=ALICE_cf_sect163r2
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBjCs/M3N31jsAueYrOq21vdETwAI=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect163r2_PUB
+------BEGIN PUBLIC KEY-----
+-MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBd8Z1/HpA+89hF4I98EST3svWns3BAEbhWmL/fgxk2uu
+-YwVrmqhgqH/C
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=ALICE_cf_sect163r2:ALICE_cf_sect163r2_PUB
+-
+-PrivateKey=BOB_cf_sect163r2
+------BEGIN PRIVATE KEY-----
+-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBsiouT9Df+mwHWrpPg1JSrY9nqlI=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect163r2_PUB
+------BEGIN PUBLIC KEY-----
+-MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBULqBZ+nhLhDEMYY8NEEzZ126MdxAcFXWv8zmPEH9505
+-8vT5zU3aq6HV
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=BOB_cf_sect163r2:BOB_cf_sect163r2_PUB
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect163r2
+-PeerKey=BOB_cf_sect163r2_PUB
+-SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d
+-
+-# ECDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect163r2
+-PeerKey=ALICE_cf_sect163r2_PUB
+-SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d
+-
+-# ECC CDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_cf_sect163r2
+-PeerKey=BOB_cf_sect163r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f
+-
+-# ECC CDH Bob with Alice peer
+-Availablein = default
+-Derive=BOB_cf_sect163r2
+-PeerKey=ALICE_cf_sect163r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f
+-
+-PublicKey=MALICE_cf_sect163r2_PUB
+------BEGIN PUBLIC KEY-----
+-MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJbhbrfiSdZPSHD
+-ZtqJwDlp802l
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Availablein = default
+-Derive=BOB_cf_sect163r2
+-PeerKey=MALICE_cf_sect163r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Availablein = default
+-Derive=ALICE_cf_sect163r2
+-PeerKey=MALICE_cf_sect163r2_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=sect233k1 curve tests
+-
+-PrivateKey=ALICE_cf_sect233k1
+------BEGIN PRIVATE KEY-----
+-MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB0z/3heNFjJL+2sAT/38yRsN3kt2iXz7u+y
+-Gua8Kw==
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect233k1_PUB
+------BEGIN PUBLIC KEY-----
+-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEALQyn0zJmOrHm4S2EIjxRe899PadBnfpYjLKWGvpAIzf
+-MEG861Nv1IYJkmkO1xlfNHeeRtqFgsQVFKZh
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=ALICE_cf_sect233k1:ALICE_cf_sect233k1_PUB
+-
+-PrivateKey=BOB_cf_sect233k1
+------BEGIN PRIVATE KEY-----
+-MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB1I0ucrC4d9i6Z+0cbar5r7uKpF5iiQkSJA
+-DFMTUA==
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect233k1_PUB
+------BEGIN PUBLIC KEY-----
+-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAatdqazxSghJ568CBFyMXhEvVeAiLewOY/jk9H5DAOB4
+-ufNGbdd131KLaKPivB38a6n5Y+2BVSJangow
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=BOB_cf_sect233k1:BOB_cf_sect233k1_PUB
+-
+-# ECDH Alice with Bob peer
+-Derive=ALICE_cf_sect233k1
+-PeerKey=BOB_cf_sect233k1_PUB
+-SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310
+-
+-# ECDH Bob with Alice peer
+-Derive=BOB_cf_sect233k1
+-PeerKey=ALICE_cf_sect233k1_PUB
+-SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310
+-
+-# ECC CDH Alice with Bob peer
+-Derive=ALICE_cf_sect233k1
+-PeerKey=BOB_cf_sect233k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d
+-
+-# ECC CDH Bob with Alice peer
+-Derive=BOB_cf_sect233k1
+-PeerKey=ALICE_cf_sect233k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d
+-
+-PublicKey=MALICE_cf_sect233k1_PUB
+------BEGIN PUBLIC KEY-----
+-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA
+-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Derive=BOB_cf_sect233k1
+-PeerKey=MALICE_cf_sect233k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Derive=ALICE_cf_sect233k1
+-PeerKey=MALICE_cf_sect233k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=sect233r1 curve tests
+-
+-PrivateKey=ALICE_cf_sect233r1
+------BEGIN PRIVATE KEY-----
+-MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ATcy7zVpIsJ9rl5EIDmzRz5wxjrDIQyDm
+-HP3Pt8Y=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect233r1_PUB
+------BEGIN PUBLIC KEY-----
+-MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAQMQHiJ44LiCnZkEg1zyww1h+idTbsw8E07P33WUAUfD
+-NeQ4hWEhTXPnytIbEhFKpnd3j/FbyZnJqxh8
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=ALICE_cf_sect233r1:ALICE_cf_sect233r1_PUB
+-
+-PrivateKey=BOB_cf_sect233r1
+------BEGIN PRIVATE KEY-----
+-MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ALpOlFn4OfiIAkRAZGOsn7L6W3XoQBSV8
+-mQVC2pw=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect233r1_PUB
+------BEGIN PUBLIC KEY-----
+-MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAJQw+NWqFJXYw4dVMovzvw76OYnYOTaDaEPNW8ECAQbl
+-TzzbBSTp5iqM13mP0/Bo4OO66NS3lA9e/GTO
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=BOB_cf_sect233r1:BOB_cf_sect233r1_PUB
+-
+-# ECDH Alice with Bob peer
+-Derive=ALICE_cf_sect233r1
+-PeerKey=BOB_cf_sect233r1_PUB
+-SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795
+-
+-# ECDH Bob with Alice peer
+-Derive=BOB_cf_sect233r1
+-PeerKey=ALICE_cf_sect233r1_PUB
+-SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795
+-
+-# ECC CDH Alice with Bob peer
+-Derive=ALICE_cf_sect233r1
+-PeerKey=BOB_cf_sect233r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612
+-
+-# ECC CDH Bob with Alice peer
+-Derive=BOB_cf_sect233r1
+-PeerKey=ALICE_cf_sect233r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612
+-
+-PublicKey=MALICE_cf_sect233r1_PUB
+------BEGIN PUBLIC KEY-----
+-MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4
+-Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Derive=BOB_cf_sect233r1
+-PeerKey=MALICE_cf_sect233r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Derive=ALICE_cf_sect233r1
+-PeerKey=MALICE_cf_sect233r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=sect283k1 curve tests
+-
+-PrivateKey=ALICE_cf_sect283k1
+------BEGIN PRIVATE KEY-----
+-MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQAY1Mi9rST7PiP1t03qYRczV/kSZ+VjQu8
+-5EFCgxyvkaLManw=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect283k1_PUB
+------BEGIN PUBLIC KEY-----
+-MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBMjBO8WoxHS/vz8po52WZGxS+RK5yolrUe6tfbAMA3Sd
+-5/JjBDVjOz95vM4gUnqzUWHN5nKBQtj6HiU9Q/R+zqg98OiQKTyA
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=ALICE_cf_sect283k1:ALICE_cf_sect283k1_PUB
+-
+-PrivateKey=BOB_cf_sect283k1
+------BEGIN PRIVATE KEY-----
+-MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQBCZC8Is+YSjgXJBBDioEl6gu14QpGHllD
+-1J6957vBTPSQdH0=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect283k1_PUB
+------BEGIN PUBLIC KEY-----
+-MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAGEQKZVHYAlvtjHrFyZVm12qUb5j+T5/WNoC962+kwUM
+-QkBYA5BpuG8Knlugq1iB31whPAgRCZfdLKHpHRPJSfXvKyUIdeUm
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=BOB_cf_sect283k1:BOB_cf_sect283k1_PUB
+-
+-# ECDH Alice with Bob peer
+-Derive=ALICE_cf_sect283k1
+-PeerKey=BOB_cf_sect283k1_PUB
+-SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c
+-
+-# ECDH Bob with Alice peer
+-Derive=BOB_cf_sect283k1
+-PeerKey=ALICE_cf_sect283k1_PUB
+-SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c
+-
+-# ECC CDH Alice with Bob peer
+-Derive=ALICE_cf_sect283k1
+-PeerKey=BOB_cf_sect283k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169
+-
+-# ECC CDH Bob with Alice peer
+-Derive=BOB_cf_sect283k1
+-PeerKey=ALICE_cf_sect283k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169
+-
+-PublicKey=MALICE_cf_sect283k1_PUB
+------BEGIN PUBLIC KEY-----
+-MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Derive=BOB_cf_sect283k1
+-PeerKey=MALICE_cf_sect283k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Derive=ALICE_cf_sect283k1
+-PeerKey=MALICE_cf_sect283k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=sect283r1 curve tests
+-
+-PrivateKey=ALICE_cf_sect283r1
+------BEGIN PRIVATE KEY-----
+-MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQCQ5pqKvPxDysd1pi2Bv8Z11cFhsRZfuaf
+-4Pi0hpGr4ubZcHE=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect283r1_PUB
+------BEGIN PUBLIC KEY-----
+-MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBcsrGDgO7pbGybQX/00gRHtQq3+X9XrGb7Uzv9Nabwc/
+-kntnBMF0I2KU+aaTjQx1GVtmNf7CvFwPLEBnfKjJAjekjsGyIqoq
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=ALICE_cf_sect283r1:ALICE_cf_sect283r1_PUB
+-
+-PrivateKey=BOB_cf_sect283r1
+------BEGIN PRIVATE KEY-----
+-MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQDxItnY3cDCrX/jGnVuAKDPaySZCr3E83Q
+-UdFnP6YIykt7+Pg=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect283r1_PUB
+------BEGIN PUBLIC KEY-----
+-MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBJ2C9BCkX0YRfs2ufgUKvreUXFWp2AGK+iHlZB4N3LqO
+-PKpmAkrAeCMty6mw2mEnOR5HA1d4Ee+z7/NJgJJ80Ra9bFnreOW3
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=BOB_cf_sect283r1:BOB_cf_sect283r1_PUB
+-
+-# ECDH Alice with Bob peer
+-Derive=ALICE_cf_sect283r1
+-PeerKey=BOB_cf_sect283r1_PUB
+-SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773
+-
+-# ECDH Bob with Alice peer
+-Derive=BOB_cf_sect283r1
+-PeerKey=ALICE_cf_sect283r1_PUB
+-SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773
+-
+-# ECC CDH Alice with Bob peer
+-Derive=ALICE_cf_sect283r1
+-PeerKey=BOB_cf_sect283r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8
+-
+-# ECC CDH Bob with Alice peer
+-Derive=BOB_cf_sect283r1
+-PeerKey=ALICE_cf_sect283r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8
+-
+-PublicKey=MALICE_cf_sect283r1_PUB
+------BEGIN PUBLIC KEY-----
+-MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-AAAAByvMnFeSsevoGYMIn7b4NaL9IgowRCTKF8CCrhdEKu3pubP2
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Derive=BOB_cf_sect283r1
+-PeerKey=MALICE_cf_sect283r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Derive=ALICE_cf_sect283r1
+-PeerKey=MALICE_cf_sect283r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=sect409k1 curve tests
+-
+-PrivateKey=ALICE_cf_sect409k1
+------BEGIN PRIVATE KEY-----
+-MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMOthcLahkXFgM0wjOzm767D1A72sFRGlhb
+-bVH+EB7z2WpIcPX4OD+M4Y1pf/a7wSaoSAo=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect409k1_PUB
+------BEGIN PUBLIC KEY-----
+-MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAbiYYpeFgCMsZFMzQaiwMJDrC+mCMT7KmhYtD5EMMgLW
+-5OvhaqYdpRf49A8LOtVcRT7J5gGcMrXQgmQeS3FenA5owWnB2NIgrTNf5d8AAEtrOupsJ4c3kL6e
+-aAzayZ1+UCEj8skbC9U=
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=ALICE_cf_sect409k1:ALICE_cf_sect409k1_PUB
+-
+-PrivateKey=BOB_cf_sect409k1
+------BEGIN PRIVATE KEY-----
+-MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMO43ldQllTewdZwffH4OEXdzBrLwabKsn4
+-6/hjgIAaYda/pt4yCEQLMp18QgtfMey5ENI=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect409k1_PUB
+------BEGIN PUBLIC KEY-----
+-MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAVTQj6hRizVmOx4Z6vroN/zMkmAY+QhkQ0CnFeJ0AydY
+-Fv+f+/420vMC1Mhqsc9VzPMmIAH6ZrgGKDsd4Ce9JUtYE0rVhGeiG2RaN1U5RlhVK4avkWhFlyQ5
+-vuu4aApQiWE3yQd9v/I=
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=BOB_cf_sect409k1:BOB_cf_sect409k1_PUB
+-
+-# ECDH Alice with Bob peer
+-Derive=ALICE_cf_sect409k1
+-PeerKey=BOB_cf_sect409k1_PUB
+-SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0
+-
+-# ECDH Bob with Alice peer
+-Derive=BOB_cf_sect409k1
+-PeerKey=ALICE_cf_sect409k1_PUB
+-SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0
+-
+-# ECC CDH Alice with Bob peer
+-Derive=ALICE_cf_sect409k1
+-PeerKey=BOB_cf_sect409k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee
+-
+-# ECC CDH Bob with Alice peer
+-Derive=BOB_cf_sect409k1
+-PeerKey=ALICE_cf_sect409k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee
+-
+-PublicKey=MALICE_cf_sect409k1_PUB
+------BEGIN PUBLIC KEY-----
+-MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-AAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-AAAAAAAAAAAAAAAAAAA=
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Derive=BOB_cf_sect409k1
+-PeerKey=MALICE_cf_sect409k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Derive=ALICE_cf_sect409k1
+-PeerKey=MALICE_cf_sect409k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=sect409r1 curve tests
+-
+-PrivateKey=ALICE_cf_sect409r1
+------BEGIN PRIVATE KEY-----
+-MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQAxSC9lST5dtfXQI1Ug9VMMoue3GGni5ON
+-+gieyXK2KKbd29KAPs4/AOd8kX2wQDsZPO7E
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect409r1_PUB
+------BEGIN PUBLIC KEY-----
+-MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEASAvXAM15DJerAu1JttpBuMJK1/fEfFohu2iEpt3r7Ui
+-iQoER6HUsWiw1hhcJyTv7WzpJQHFWrOlJMe/KjmQa/CygSc65YHDzG27oUL+KGdQUGc79ZRSwl/q
+-fGZqa3D+bDVMwrhmZto=
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=ALICE_cf_sect409r1:ALICE_cf_sect409r1_PUB
+-
+-PrivateKey=BOB_cf_sect409r1
+------BEGIN PRIVATE KEY-----
+-MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQARen+1P3JQzBgOv0pUYwsZTPRVLpqqDAU
+-7mKL2lk9eH7zSGmtNoMvP2m1S2dBnXxFY/bV
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect409r1_PUB
+------BEGIN PUBLIC KEY-----
+-MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAbDUw066TtdfOpDvrlKosEyqUNEG7rY+AKvDqKw+HOzf
+-sUTYee6cEf71oqJ1sCKPQiYzlwCu/HLQeWPxISE6Uo+53kkeJml2xpMBwoE25Gq/DSS61dR7SRTZ
+-+sUmumbIuGzbrjtMRmw=
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=BOB_cf_sect409r1:BOB_cf_sect409r1_PUB
+-
+-# ECDH Alice with Bob peer
+-Derive=ALICE_cf_sect409r1
+-PeerKey=BOB_cf_sect409r1_PUB
+-SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1
+-
+-# ECDH Bob with Alice peer
+-Derive=BOB_cf_sect409r1
+-PeerKey=ALICE_cf_sect409r1_PUB
+-SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1
+-
+-# ECC CDH Alice with Bob peer
+-Derive=ALICE_cf_sect409r1
+-PeerKey=BOB_cf_sect409r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad
+-
+-# ECC CDH Bob with Alice peer
+-Derive=BOB_cf_sect409r1
+-PeerKey=ALICE_cf_sect409r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad
+-
+-PublicKey=MALICE_cf_sect409r1_PUB
+------BEGIN PUBLIC KEY-----
+-MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-AAAAAAAAAAAAAAAAAAAAAAAAAACZNffkdo7i7yL5tKKfU8tdk6su0K185XwbJkn96JWVDPZXZ3My
+-bFKKSOJ7hyrM8Lwl1e8=
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Derive=BOB_cf_sect409r1
+-PeerKey=MALICE_cf_sect409r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Derive=ALICE_cf_sect409r1
+-PeerKey=MALICE_cf_sect409r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=sect571k1 curve tests
+-
+-PrivateKey=ALICE_cf_sect571k1
+------BEGIN PRIVATE KEY-----
+-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgB4agvk7Qdf9bVb9aMVdtXL0MuVw6dTleB
+-zrpPMYty/piI5GWkQEGVp4OJSjF1BGgWmtYSYlV0oI8jJ7hfWTjVGfVWix4ipb8=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect571k1_PUB
+------BEGIN PUBLIC KEY-----
+-MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDUZq0ZrgYpTXNpOptjExaur0K9FAYHv1j9cvAptwX
+-dcmQf3VqekMkGZCfNdqNeqCajG3QHRkBHe4FZhWr3FXi8whvvr463lUDf+t46un1kE6FTYfhILGa
+-sBZm7OdfkarYd9TXBbmnkFA+XkyPlkM1+6daM3/WmnegK+TYghFDXLgwiyF8s0ElllF7z38Gmc4=
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=ALICE_cf_sect571k1:ALICE_cf_sect571k1_PUB
+-
+-PrivateKey=BOB_cf_sect571k1
+------BEGIN PRIVATE KEY-----
+-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgA3pINxGOI7L9M+Mil+bm/udPwI4xu7ubJ
+-p3aoOepTXW94laf8wjFLcQnRUwH87Vbq9VLQEfCAFvr2vZoBc+5asnNuDhRNNeQ=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect571k1_PUB
+------BEGIN PUBLIC KEY-----
+-MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDZRr5GCSq2uzGxmWNB+bED7zye18Rr/KehwXrbn1r
+-rKtR8fe+dg2V15FieC3qZe/wCpMtyp79VmEabGi6iGLlAN/rUE81URsA/K7GVpmklslV5gmwryR0
+-3E7jGKPFesun9iNtmpgM18P9y3aJd4Qr4hMlwW2Nyw187l6QB/W2e/i+8vKXFTLHlz5WLAyAcpA=
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=BOB_cf_sect571k1:BOB_cf_sect571k1_PUB
+-
+-# ECDH Alice with Bob peer
+-Derive=ALICE_cf_sect571k1
+-PeerKey=BOB_cf_sect571k1_PUB
+-SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c
+-
+-# ECDH Bob with Alice peer
+-Derive=BOB_cf_sect571k1
+-PeerKey=ALICE_cf_sect571k1_PUB
+-SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c
+-
+-# ECC CDH Alice with Bob peer
+-Derive=ALICE_cf_sect571k1
+-PeerKey=BOB_cf_sect571k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2
+-
+-# ECC CDH Bob with Alice peer
+-Derive=BOB_cf_sect571k1
+-PeerKey=ALICE_cf_sect571k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2
+-
+-PublicKey=MALICE_cf_sect571k1_PUB
+------BEGIN PUBLIC KEY-----
+-MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAA
+-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE=
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Derive=BOB_cf_sect571k1
+-PeerKey=MALICE_cf_sect571k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Derive=ALICE_cf_sect571k1
+-PeerKey=MALICE_cf_sect571k1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-Title=sect571r1 curve tests
+-
+-PrivateKey=ALICE_cf_sect571r1
+------BEGIN PRIVATE KEY-----
+-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAxfL2/gUsmJonvDMR95Azq1ySgXMlKSRk
+-+PL+WaS92ZyOo45HaC7RpH5sdkf4b948u6y1BXOxGZuORXy6lgbgZ1Zx2UgL3cI=
+------END PRIVATE KEY-----
+-
+-PublicKey=ALICE_cf_sect571r1_PUB
+------BEGIN PUBLIC KEY-----
+-MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBK5L9ccIWacU2A1srZ35opPu6kcbEOsBPmvj/rlMS
+-fFrdMOcagOYfcD0/ouYHPhvkHbr9k87IlQJfnV6ZNRA4PmWSp/FjkNwETm/fqTCUQHti/qqnKH7R
+-Ed4fYROLFGvz+PX6E20SryOt1vrmoRyC7Z5FVmgMVOQQ1AaBNAHi3+IPtKx41YdXdbqHJxuI5jE=
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=ALICE_cf_sect571r1:ALICE_cf_sect571r1_PUB
+-
+-PrivateKey=BOB_cf_sect571r1
+------BEGIN PRIVATE KEY-----
+-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAzcRvASPpWi0ybpOGlj0Lozz01C2a5oDA
+-G5alib1EmZKcpVULxJXn75FQlTKpkUEuWUgA4yk5X5DTiScUuh4LDhaF3AFhsEY=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_cf_sect571r1_PUB
+------BEGIN PUBLIC KEY-----
+-MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQH3dnL22NajtqDWTX6qD14w1BOlpHFBUPTr24VySlh
+-kiiBlOF95u7hFr/hSb7gm/3f+IVKyE18Sh2kR4KaxWcPWKY5xKTiqiICT7hCistuzNRt8gR+kNOT
+-c1rETMV6ZruZinwzEWWWjwJf6612oy2HG3CX3B8Rm+a3sS0q6IzowEwqmDv6v9bMTFk8bsCv0Fk=
+------END PUBLIC KEY-----
+-
+-PrivPubKeyPair=BOB_cf_sect571r1:BOB_cf_sect571r1_PUB
+-
+-# ECDH Alice with Bob peer
+-Derive=ALICE_cf_sect571r1
+-PeerKey=BOB_cf_sect571r1_PUB
+-SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827
+-
+-# ECDH Bob with Alice peer
+-Derive=BOB_cf_sect571r1
+-PeerKey=ALICE_cf_sect571r1_PUB
+-SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827
+-
+-# ECC CDH Alice with Bob peer
+-Derive=ALICE_cf_sect571r1
+-PeerKey=BOB_cf_sect571r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0
+-
+-# ECC CDH Bob with Alice peer
+-Derive=BOB_cf_sect571r1
+-PeerKey=ALICE_cf_sect571r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0
+-
+-PublicKey=MALICE_cf_sect571r1_PUB
+------BEGIN PUBLIC KEY-----
+-MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHMtVWZAwgtd1zmgWN/9WC
+-aNQcWRNUKesEHXqhJVkC5jYsSACodKsLYFNrWEYM0gwG8DQONZSn93G+38EM45tkaZsIRDt2HEM=
+------END PUBLIC KEY-----
+-
+-# ECC CDH Bob with Malice peer
+-Derive=BOB_cf_sect571r1
+-PeerKey=MALICE_cf_sect571r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+-
+-# ECC CDH Alice with Malice peer
+-Derive=ALICE_cf_sect571r1
+-PeerKey=MALICE_cf_sect571r1_PUB
+-Ctrl=ecdh_cofactor_mode:1
+-Result=DERIVE_ERROR
+-Reason=point at infinity
+diff -up openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remove-ec openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt
+--- openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remove-ec 2021-06-30 10:51:23.258816802 +0200
++++ openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt 2021-06-30 11:25:33.504721672 +0200
+@@ -1,3 +1,4 @@
++
+ #
+ # Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ #
+@@ -55,151 +56,6 @@ Derive=BOB_cf_secp256k1
+ PeerKey=ALICE_cf_secp256k1_PUB
+ SharedSecret=a4745cc4d19cabb9e5cb0abdd5c604cab2846a4638ad844ed9175f3cadda2da1
+
+------BEGIN PRIVATE KEY-----
+-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBj1AIQMJ7jqYIKCvxYAS+qKMmKmH0to
+-41k=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_zero_prime192v2_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Gj7Qqt
+-2wx/jwFlKgvE4rnd50LspdMk
+------END PUBLIC KEY-----
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_zero_prime192v2
+-PeerKey=BOB_zero_prime192v2_PUB
+-SharedSecret=b8f200a4b87064f2e8600685ca3e69b8e661a117aabc770b
+-
+-PrivateKey=ALICE_zero_prime192v3
+------BEGIN PRIVATE KEY-----
+-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBh/maLQMSlea9BfLqGy5NPuK0YAH/cz
+-GqI=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_zero_prime192v3_PUB
+------BEGIN PUBLIC KEY-----
+-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZEzb63e2
+-3MKatRLR9Y1M5JEdI9jwMocI
+------END PUBLIC KEY-----
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_zero_prime192v3
+-PeerKey=BOB_zero_prime192v3_PUB
+-SharedSecret=b5de857d355bc5b9e270a4c290ea9728d764d8b243ff5d8d
+-
+-PrivateKey=ALICE_zero_prime239v1
+------BEGIN PRIVATE KEY-----
+-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5pYWzRYI+c6O7NXCt0H2kw8XRL3rhe
+-4MrJT8j++CI=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_zero_prime239v1_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-Ox02uwNNLFuvDRn5ip8TxvW0W22R7UzJa9Av6/nh
+------END PUBLIC KEY-----
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_zero_prime239v1
+-PeerKey=BOB_zero_prime239v1_PUB
+-SharedSecret=6b6206408bd05d42daa2cd224c401a1230b44e184f17b82f385f22dac215
+-
+-PrivateKey=ALICE_zero_prime239v2
+------BEGIN PRIVATE KEY-----
+-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5l8bB7Cpmr7vyx9FiOT2wEF3YOFbDG
+-bmRr3Vi/xr4=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_zero_prime239v2_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-IOg3VJGQ89d1GWg4Igxcj5xpDmJiP8tv+e4mxt5U
+------END PUBLIC KEY-----
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_zero_prime239v2
+-PeerKey=BOB_zero_prime239v2_PUB
+-SharedSecret=772c2819c960c78f28f21f6542b7409294fad1f84567c44c4b7678dc0e42
+-
+-PrivateKey=ALICE_zero_prime239v3
+------BEGIN PRIVATE KEY-----
+-MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5HF5FABzUOTYMZg9UdZTx/oRERm/fU
+-M/+otKzpLjA=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_zero_prime239v3_PUB
+------BEGIN PUBLIC KEY-----
+-MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-AsZ4u6r3qQI78EYBpiSgWjqNpoeShjr5piecMBWj
+------END PUBLIC KEY-----
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_zero_prime239v3
+-PeerKey=BOB_zero_prime239v3_PUB
+-SharedSecret=56a71f5dd1611e8032c3e2d8224d86e5e8c2fc6480d74c0e282282decd43
+-
+-PrivateKey=ALICE_zero_prime256v1
+------BEGIN PRIVATE KEY-----
+-MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDXhMb6aR4JR2+l2tmgYqP0r8S4jtym
+-yH++awvF2nGhhg==
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_zero_prime256v1_PUB
+------BEGIN PUBLIC KEY-----
+-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-AABmSFx4Di+D1yQzvV2EoGu2VBwq8x2uhxcov4VqF0+T9A==
+------END PUBLIC KEY-----
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_zero_prime256v1
+-PeerKey=BOB_zero_prime256v1_PUB
+-SharedSecret=c4f5607deb8501f1a4ba23fce4122a4343a17ada2c86a9c8e0d03d92d4a4c84c
+-
+-PrivateKey=ALICE_zero_secp384r1
+------BEGIN PRIVATE KEY-----
+-ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDD6kgzKbg28zbQyVTdC0IdHbm0UCQt2Rdbi
+-VVHJeYRSnNpFOiFLaOsGOmwoeZzj6jc=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_zero_secp384r1_PUB
+------BEGIN PUBLIC KEY-----
+-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-AAAAAAAAAAAAAAAAAAAAPPme8E9RpepjC6P5+WDdWToUyb45/SvSFdO0sIqq+Gu/kn8sRuUqsG+3
+-QriFDlIe
+------END PUBLIC KEY-----
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_zero_secp384r1
+-PeerKey=BOB_zero_secp384r1_PUB
+-SharedSecret=b1cfeaeef51dfd487d3a8b2849f1592e04d63f2d2c88b310a6290ebfe5399f5ffe954eabd0619231393e56c35b242986
+-
+-PrivateKey=ALICE_zero_secp521r1
+------BEGIN PRIVATE KEY-----
+-MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIAbddDLMUWbAsY7l3vbNDmntXuAUcDYPg5
+-w/cgUwSCIvrV9MBeSG8AWqT16riHmHlsn+XI5PAJM6eij3JDahnu9Mo=
+------END PRIVATE KEY-----
+-
+-PublicKey=BOB_zero_secp521r1_PUB
+------BEGIN PUBLIC KEY-----
+-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0g7J/qa1d8ENJsobtEb0CymeZIsa
+-1Qiq0GiJb+4/jmFLxjBU1Xcr8Bpl1BLgvKqOll0vXTMtfzn4RtRArgAfT4c=
+------END PUBLIC KEY-----
+-
+-# ECDH Alice with Bob peer
+-Availablein = default
+-Derive=ALICE_zero_secp521r1
+-PeerKey=BOB_zero_secp521r1_PUB
+-SharedSecret=003fc3028f61db94b20c7cd177923b6e73f12f0ab067c9ce8866755e3c82abb39c9863cde74fa80b32520bd7dd0eb156c30c08911503b67b2661f1264d09bb231423
+-
+ Title=prime256v1 curve tests
+
+ PrivateKey=ALICE_cf_prime256v1
diff --git a/SOURCES/0012-Disable-explicit-ec.patch b/SOURCES/0012-Disable-explicit-ec.patch
new file mode 100644
index 0000000..a1df020
--- /dev/null
+++ b/SOURCES/0012-Disable-explicit-ec.patch
@@ -0,0 +1,80 @@
+diff -up openssl-3.0.1/crypto/ec/ec_lib.c.disable_explicit_ec openssl-3.0.1/crypto/ec/ec_lib.c
+--- openssl-3.0.1/crypto/ec/ec_lib.c.disable_explicit_ec 2022-02-22 09:08:48.557823665 +0100
++++ openssl-3.0.1/crypto/ec/ec_lib.c 2022-02-22 09:09:26.634133847 +0100
+@@ -1458,7 +1458,7 @@ static EC_GROUP *ec_group_explicit_to_na
+ goto err;
+ }
+ } else {
+- ret_group = (EC_GROUP *)group;
++ goto err;
+ }
+ EC_GROUP_free(dup);
+ return ret_group;
+diff -up openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.disable_explicit_ec openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c
+--- openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.disable_explicit_ec 2022-02-22 13:04:16.850856612 +0100
++++ openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c 2022-02-22 14:16:19.848369641 +0100
+@@ -936,11 +936,8 @@ int ec_validate(const void *keydata, int
+ if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
+ int flags = EC_KEY_get_flags(eck);
+
+- if ((flags & EC_FLAG_CHECK_NAMED_GROUP) != 0)
+- ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck),
+- (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx);
+- else
+- ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx);
++ ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck),
++ (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx);
+ }
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
+@@ -1217,6 +1214,10 @@ static int ec_gen_assign_group(EC_KEY *e
+ ERR_raise(ERR_LIB_PROV, PROV_R_NO_PARAMETERS_SET);
+ return 0;
+ }
++ if (EC_GROUP_get_curve_name(group) == NID_undef) {
++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE);
++ return 0;
++ }
+ return EC_KEY_set_group(ec, group) > 0;
+ }
+
+diff -up openssl-3.0.1/providers/common/securitycheck.c.disable_explicit_ec openssl-3.0.1/providers/common/securitycheck.c
+--- openssl-3.0.1/providers/common/securitycheck.c.disable_explicit_ec 2022-02-25 11:44:19.554673396 +0100
++++ openssl-3.0.1/providers/common/securitycheck.c 2022-02-25 12:16:38.168610089 +0100
+@@ -93,22 +93,22 @@ int ossl_rsa_check_key(OSSL_LIB_CTX *ctx
+ int ossl_ec_check_key(OSSL_LIB_CTX *ctx, const EC_KEY *ec, int protect)
+ {
+ # if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
+- if (ossl_securitycheck_enabled(ctx)) {
+- int nid, strength;
+- const char *curve_name;
+- const EC_GROUP *group = EC_KEY_get0_group(ec);
++ int nid, strength;
++ const char *curve_name;
++ const EC_GROUP *group = EC_KEY_get0_group(ec);
+
+- if (group == NULL) {
+- ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, "No group");
+- return 0;
+- }
+- nid = EC_GROUP_get_curve_name(group);
+- if (nid == NID_undef) {
+- ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE,
+- "Explicit curves are not allowed in fips mode");
+- return 0;
+- }
++ if (group == NULL) {
++ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, "No group");
++ return 0;
++ }
++ nid = EC_GROUP_get_curve_name(group);
++ if (nid == NID_undef) {
++ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE,
++ "Explicit curves are not allowed in this build");
++ return 0;
++ }
+
++ if (ossl_securitycheck_enabled(ctx)) {
+ curve_name = EC_curve_nid2nist(nid);
+ if (curve_name == NULL) {
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE,
diff --git a/SOURCES/0024-load-legacy-prov.patch b/SOURCES/0024-load-legacy-prov.patch
new file mode 100644
index 0000000..c7d2958
--- /dev/null
+++ b/SOURCES/0024-load-legacy-prov.patch
@@ -0,0 +1,75 @@
+diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf
+--- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200
++++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200
+@@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1
+ tsa_policy2 = 1.2.3.4.5.6
+ tsa_policy3 = 1.2.3.4.5.7
+
+-# For FIPS
+-# Optionally include a file that is generated by the OpenSSL fipsinstall
+-# application. This file contains configuration data required by the OpenSSL
+-# fips provider. It contains a named section e.g. [fips_sect] which is
+-# referenced from the [provider_sect] below.
+-# Refer to the OpenSSL security policy for more information.
+-# .include fipsmodule.cnf
+-
+ [openssl_init]
+ providers = provider_sect
+ # Load default TLS policy configuration
+ ssl_conf = ssl_module
+
+-# List of providers to load
+-[provider_sect]
+-default = default_sect
+-# The fips section name should match the section name inside the
+-# included fipsmodule.cnf.
+-# fips = fips_sect
++# Uncomment the sections that start with ## below to enable the legacy provider.
++# Loading the legacy provider enables support for the following algorithms:
++# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160
++# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED
++# Key Derivation Function (KDF): PBKDF1
++# In general it is not recommended to use the above mentioned algorithms for
++# security critical operations, as they are cryptographically weak or vulnerable
++# to side-channel attacks and as such have been deprecated.
+
+-# If no providers are activated explicitly, the default one is activated implicitly.
+-# See man 7 OSSL_PROVIDER-default for more details.
+-#
+-# If you add a section explicitly activating any other provider(s), you most
+-# probably need to explicitly activate the default provider, otherwise it
+-# becomes unavailable in openssl. As a consequence applications depending on
+-# OpenSSL may not work correctly which could lead to significant system
+-# problems including inability to remotely access the system.
+-[default_sect]
+-# activate = 1
++[provider_sect]
++default = default_sect
++##legacy = legacy_sect
++##
++[default_sect]
++activate = 1
++
++##[legacy_sect]
++##activate = 1
+
+ [ ssl_module ]
+
+diff -up openssl-3.0.0/doc/man5/config.pod.legacy-prov openssl-3.0.0/doc/man5/config.pod
+--- openssl-3.0.0/doc/man5/config.pod.legacy-prov 2021-09-09 12:09:38.079040853 +0200
++++ openssl-3.0.0/doc/man5/config.pod 2021-09-09 12:11:56.646224876 +0200
+@@ -273,6 +273,14 @@ significant.
+ All parameters in the section as well as sub-sections are made
+ available to the provider.
+
++=head3 Loading the legacy provider
++
++Uncomment the sections that start with ## in openssl.cnf
++to enable the legacy provider.
++Note: In general it is not recommended to use the above mentioned algorithms for
++security critical operations, as they are cryptographically weak or vulnerable
++to side-channel attacks and as such have been deprecated.
++
+ =head3 Default provider and its activation
+
+ If no providers are activated explicitly, the default one is activated implicitly.
diff --git a/SOURCES/0025-for-tests.patch b/SOURCES/0025-for-tests.patch
new file mode 100644
index 0000000..aef200b
--- /dev/null
+++ b/SOURCES/0025-for-tests.patch
@@ -0,0 +1,18 @@
+diff -up openssl-3.0.0/apps/openssl.cnf.xxx openssl-3.0.0/apps/openssl.cnf
+--- openssl-3.0.0/apps/openssl.cnf.xxx 2021-11-23 16:29:50.618691603 +0100
++++ openssl-3.0.0/apps/openssl.cnf 2021-11-23 16:28:16.872882099 +0100
+@@ -55,11 +55,11 @@ providers = provider_sect
+ # to side-channel attacks and as such have been deprecated.
+
+ [provider_sect]
+-default = default_sect
++##default = default_sect
+ ##legacy = legacy_sect
+ ##
+-[default_sect]
+-activate = 1
++##[default_sect]
++##activate = 1
+
+ ##[legacy_sect]
+ ##activate = 1
diff --git a/SOURCES/0031-tmp-Fix-test-names.patch b/SOURCES/0031-tmp-Fix-test-names.patch
new file mode 100644
index 0000000..5c22f24
--- /dev/null
+++ b/SOURCES/0031-tmp-Fix-test-names.patch
@@ -0,0 +1,40 @@
+diff -up openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit openssl-3.0.0/test/recipes/90-test_sslapi.t
+--- openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit 2021-09-22 11:56:49.452507975 +0200
++++ openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-09-22 11:57:19.371764742 +0200
+@@ -40,7 +40,7 @@ unless ($no_fips) {
+ srctop_file("test", "recipes", "90-test_sslapi_data",
+ "passwd.txt"), $tmpfilename, "fips",
+ srctop_file("test", "fips-and-base.cnf")])),
+- "running sslapitest");
++ "running sslapitest - FIPS");
+ }
+
+ unlink $tmpfilename;
+diff --git a/test/sslapitest.c b/test/sslapitest.c
+index e95d2657f46c..7af0eab3fce0 100644
+--- a/test/sslapitest.c
++++ b/test/sslapitest.c
+@@ -1158,6 +1158,11 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls,
+ goto end;
+ }
+
++ if (is_fips && strstr(cipher, "CHACHA") != NULL) {
++ testresult = TEST_skip("CHACHA is not supported in FIPS");
++ goto end;
++ }
++
+ /* Create a session based on SHA-256 */
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
+@@ -1292,6 +1297,11 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher)
+ goto end;
+ }
+
++ if (is_fips && strstr(cipher, "CHACHA") != NULL) {
++ testresult = TEST_skip("CHACHA is not supported in FIPS");
++ goto end;
++ }
++
+ /* Create a session based on SHA-256 */
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(),
diff --git a/SOURCES/0032-Force-fips.patch b/SOURCES/0032-Force-fips.patch
new file mode 100644
index 0000000..9f83fcd
--- /dev/null
+++ b/SOURCES/0032-Force-fips.patch
@@ -0,0 +1,161 @@
+#Note: provider_conf_activate() is introduced in downstream only. It is a rewrite
+#(partial) of the function provider_conf_load() under the 'if (activate) section.
+#If there is any change to this section, after deleting it in provider_conf_load()
+#ensure that you also add those changes to the provider_conf_activate() function.
+#additionally please add this check for cnf explicitly as shown below.
+#'ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;'
+diff -up openssl-3.0.1/crypto/provider_conf.c.fips-FORCE openssl-3.0.1/crypto/provider_conf.c
+--- openssl-3.0.1/crypto/provider_conf.c.fips-FORCE 2022-01-18 15:36:00.956141345 +0100
++++ openssl-3.0.1/crypto/provider_conf.c 2022-01-18 15:42:36.345172203 +0100
+@@ -136,58 +136,18 @@ static int prov_already_activated(const
+ return 0;
+ }
+
+-static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
+- const char *value, const CONF *cnf)
++static int provider_conf_activate(OSSL_LIB_CTX *libctx,const char *name,
++ const char *value, const char *path,
++ int soft, const CONF *cnf)
+ {
+- int i;
+- STACK_OF(CONF_VALUE) *ecmds;
+- int soft = 0;
+- OSSL_PROVIDER *prov = NULL, *actual = NULL;
+- const char *path = NULL;
+- long activate = 0;
+ int ok = 0;
+-
+- name = skip_dot(name);
+- OSSL_TRACE1(CONF, "Configuring provider %s\n", name);
+- /* Value is a section containing PROVIDER commands */
+- ecmds = NCONF_get_section(cnf, value);
+-
+- if (!ecmds) {
+- ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR,
+- "section=%s not found", value);
+- return 0;
+- }
+-
+- /* Find the needed data first */
+- for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
+- CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i);
+- const char *confname = skip_dot(ecmd->name);
+- const char *confvalue = ecmd->value;
+-
+- OSSL_TRACE2(CONF, "Provider command: %s = %s\n",
+- confname, confvalue);
+-
+- /* First handle some special pseudo confs */
+-
+- /* Override provider name to use */
+- if (strcmp(confname, "identity") == 0)
+- name = confvalue;
+- else if (strcmp(confname, "soft_load") == 0)
+- soft = 1;
+- /* Load a dynamic PROVIDER */
+- else if (strcmp(confname, "module") == 0)
+- path = confvalue;
+- else if (strcmp(confname, "activate") == 0)
+- activate = 1;
+- }
+-
+- if (activate) {
+- PROVIDER_CONF_GLOBAL *pcgbl
+- = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
+- &provider_conf_ossl_ctx_method);
++ OSSL_PROVIDER *prov = NULL, *actual = NULL;
++ PROVIDER_CONF_GLOBAL *pcgbl
++ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
++ &provider_conf_ossl_ctx_method);
+
+ if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) {
+- ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
++ ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ if (!prov_already_activated(name, pcgbl->activated_providers)) {
+@@ -216,7 +176,7 @@ static int provider_conf_load(OSSL_LIB_C
+ if (path != NULL)
+ ossl_provider_set_module_path(prov, path);
+
+- ok = provider_conf_params(prov, NULL, NULL, value, cnf);
++ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;
+
+ if (ok) {
+ if (!ossl_provider_activate(prov, 1, 0)) {
+@@ -246,6 +206,55 @@ static int provider_conf_load(OSSL_LIB_C
+ ossl_provider_free(prov);
+ }
+ CRYPTO_THREAD_unlock(pcgbl->lock);
++ return ok;
++}
++
++static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
++ const char *value, const CONF *cnf)
++{
++ int i;
++ STACK_OF(CONF_VALUE) *ecmds;
++ int soft = 0;
++ const char *path = NULL;
++ long activate = 0;
++ int ok = 0;
++
++ name = skip_dot(name);
++ OSSL_TRACE1(CONF, "Configuring provider %s\n", name);
++ /* Value is a section containing PROVIDER commands */
++ ecmds = NCONF_get_section(cnf, value);
++
++ if (!ecmds) {
++ ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR,
++ "section=%s not found", value);
++ return 0;
++ }
++
++ /* Find the needed data first */
++ for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
++ CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i);
++ const char *confname = skip_dot(ecmd->name);
++ const char *confvalue = ecmd->value;
++
++ OSSL_TRACE2(CONF, "Provider command: %s = %s\n",
++ confname, confvalue);
++
++ /* First handle some special pseudo confs */
++
++ /* Override provider name to use */
++ if (strcmp(confname, "identity") == 0)
++ name = confvalue;
++ else if (strcmp(confname, "soft_load") == 0)
++ soft = 1;
++ /* Load a dynamic PROVIDER */
++ else if (strcmp(confname, "module") == 0)
++ path = confvalue;
++ else if (strcmp(confname, "activate") == 0)
++ activate = 1;
++ }
++
++ if (activate) {
++ ok = provider_conf_activate(libctx, name, value, path, soft, cnf);
+ } else {
+ OSSL_PROVIDER_INFO entry;
+
+@@ -306,6 +315,19 @@ static int provider_conf_init(CONF_IMODU
+ return 0;
+ }
+
++ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */
++ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf);
++ PROVIDER_CONF_GLOBAL *pcgbl
++ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
++ &provider_conf_ossl_ctx_method);
++ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1)
++ return 0;
++ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1)
++ return 0;
++ if (EVP_default_properties_enable_fips(libctx, 1) != 1)
++ return 0;
++ }
++
+ return 1;
+ }
+
diff --git a/SOURCES/0033-FIPS-embed-hmac.patch b/SOURCES/0033-FIPS-embed-hmac.patch
new file mode 100644
index 0000000..c788072
--- /dev/null
+++ b/SOURCES/0033-FIPS-embed-hmac.patch
@@ -0,0 +1,223 @@
+diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/providers/fips/self_test.c
+--- openssl-3.0.0/providers/fips/self_test.c.embed-hmac 2021-11-16 13:57:05.127171056 +0100
++++ openssl-3.0.0/providers/fips/self_test.c 2021-11-16 14:07:21.963412455 +0100
+@@ -171,11 +171,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void)
+ }
+ #endif
+
++#define HMAC_LEN 32
++/*
++ * The __attribute__ ensures we've created the .rodata1 section
++ * static ensures it's zero filled
++*/
++static const unsigned char __attribute__ ((section (".rodata1"))) fips_hmac_container[HMAC_LEN] = {0};
++
+ /*
+ * Calculate the HMAC SHA256 of data read using a BIO and read_cb, and verify
+ * the result matches the expected value.
+ * Return 1 if verified, or 0 if it fails.
+ */
++#ifndef __USE_GNU
++#define __USE_GNU
++#include <dlfcn.h>
++#undef __USE_GNU
++#else
++#include <dlfcn.h>
++#endif
++#include <link.h>
++
+ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
+ unsigned char *expected, size_t expected_len,
+ OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
+@@ -183,14 +199,26 @@ static int verify_integrity(OSSL_CORE_BI
+ {
+ int ret = 0, status;
+ unsigned char out[MAX_MD_SIZE];
+- unsigned char buf[INTEGRITY_BUF_SIZE];
++ unsigned char buf[INTEGRITY_BUF_SIZE+HMAC_LEN];
+ size_t bytes_read = 0, out_len = 0;
+ EVP_MAC *mac = NULL;
+ EVP_MAC_CTX *ctx = NULL;
+ OSSL_PARAM params[2], *p = params;
++ Dl_info info;
++ void *extra_info = NULL;
++ struct link_map *lm = NULL;
++ unsigned long paddr;
++ unsigned long off = 0;
++ int have_rest = 0;
+
+ OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
+
++ if (!dladdr1 ((const void *)fips_hmac_container,
++ &info, &extra_info, RTLD_DL_LINKMAP))
++ goto err;
++ lm = extra_info;
++ paddr = (unsigned long)fips_hmac_container - lm->l_addr;
++
+ mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
+ if (mac == NULL)
+ goto err;
+@@ -204,12 +233,53 @@ static int verify_integrity(OSSL_CORE_BI
+ if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
+ goto err;
+
++ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read);
++ if (status != 1 || bytes_read != HMAC_LEN)
++ goto err;
++ off += HMAC_LEN;
++
+ while (1) {
+- status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read);
+- if (status != 1)
++ status = read_ex_cb(bio, buf+HMAC_LEN, INTEGRITY_BUF_SIZE, &bytes_read);
++ if (status != 1) {
++ have_rest = 1;
++ break;
++ }
++
++ if (bytes_read == INTEGRITY_BUF_SIZE) { /* Full block */
++ /* Logic:
++ * We have HMAC_LEN (read before) + INTEGRITY_BUF_SIZE (read now) in buffer
++ * We calculate HMAC from first INTEGRITY_BUF_SIZE bytes
++ * and move last HMAC_LEN bytes to the beginning of the buffer
++ *
++ * If we have read (a part of) buffer fips_hmac_container
++ * we should replace it with zeros.
++ * If it is inside our current buffer, we will update now.
++ * If it intersects the upper bound, we will clean up on the next step.
++ */
++ if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read)
++ memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN);
++ off += bytes_read;
++
++ if (!EVP_MAC_update(ctx, buf, bytes_read))
++ goto err;
++ memcpy (buf, buf+INTEGRITY_BUF_SIZE, HMAC_LEN);
++ } else { /* Final block */
++ /* Logic is basically the same as in previous branch
++ * but we calculate HMAC from HMAC_LEN (rest of previous step)
++ * and bytes_read read on this step
++ * */
++ if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read)
++ memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN);
++ if (!EVP_MAC_update(ctx, buf, bytes_read+HMAC_LEN))
++ goto err;
++ off += bytes_read;
+ break;
+- if (!EVP_MAC_update(ctx, buf, bytes_read))
++ }
++ }
++ if (have_rest) {
++ if (!EVP_MAC_update(ctx, buf, HMAC_LEN))
+ goto err;
++ off += HMAC_LEN;
+ }
+ if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
+ goto err;
+@@ -284,8 +358,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
+ CRYPTO_THREAD_unlock(fips_state_lock);
+ }
+
+- if (st == NULL
+- || st->module_checksum_data == NULL) {
++ if (st == NULL) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
+ goto end;
+ }
+@@ -294,8 +367,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
+ if (ev == NULL)
+ goto end;
+
+- module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data,
+- &checksum_len);
++ module_checksum = fips_hmac_container;
++ checksum_len = sizeof(fips_hmac_container);
++
+ if (module_checksum == NULL) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
+ goto end;
+@@ -357,7 +431,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
+ ok = 1;
+ end:
+ OSSL_SELF_TEST_free(ev);
+- OPENSSL_free(module_checksum);
+ OPENSSL_free(indicator_checksum);
+
+ if (st != NULL) {
+diff -ruN openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t
+--- openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200
++++ openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t 2021-11-18 09:39:53.386817874 +0100
+@@ -20,7 +20,7 @@
+ use lib bldtop_dir('.');
+ use platform;
+
+-my $no_check = disabled("fips");
++my $no_check = 1;
+ plan skip_all => "FIPS module config file only supported in a fips build"
+ if $no_check;
+
+diff -ruN openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t
+--- openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200
++++ openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t 2021-11-18 09:59:02.315619486 +0100
+@@ -23,7 +23,7 @@
+ use lib bldtop_dir('.');
+ use platform;
+
+-my $no_check = disabled("fips");
++my $no_check = 1;
+ plan skip_all => "Test only supported in a fips build"
+ if $no_check;
+ plan tests => 1;
+diff -ruN openssl-3.0.0/test/recipes/03-test_fipsinstall.t openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t
+--- openssl-3.0.0/test/recipes/03-test_fipsinstall.t 2021-09-07 13:46:32.000000000 +0200
++++ openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t 2021-11-18 09:59:55.365072074 +0100
+@@ -22,7 +22,7 @@
+ use lib bldtop_dir('.');
+ use platform;
+
+-plan skip_all => "Test only supported in a fips build" if disabled("fips");
++plan skip_all => "Test only supported in a fips build" if 1;
+
+ plan tests => 29;
+
+diff -ruN openssl-3.0.0/test/recipes/30-test_defltfips.t openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t
+--- openssl-3.0.0/test/recipes/30-test_defltfips.t 2021-09-07 13:46:32.000000000 +0200
++++ openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t 2021-11-18 10:22:54.179659682 +0100
+@@ -21,7 +21,7 @@
+ use lib srctop_dir('Configurations');
+ use lib bldtop_dir('.');
+
+-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
++my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
+
+ plan tests =>
+ ($no_fips ? 1 : 5);
+diff -ruN openssl-3.0.0/test/recipes/80-test_ssl_new.t openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t
+--- openssl-3.0.0/test/recipes/80-test_ssl_new.t 2021-09-07 13:46:32.000000000 +0200
++++ openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t 2021-11-18 10:18:53.391721164 +0100
+@@ -23,7 +23,7 @@
+ use lib srctop_dir('Configurations');
+ use lib bldtop_dir('.');
+
+-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
++my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
+
+ $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
+
+diff -ruN openssl-3.0.0/test/recipes/90-test_sslapi.t openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t
+--- openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-11-18 10:32:17.734196705 +0100
++++ openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t 2021-11-18 10:18:30.695538445 +0100
+@@ -18,7 +18,7 @@
+ use lib srctop_dir('Configurations');
+ use lib bldtop_dir('.');
+
+-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
++my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
+
+ plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
+ if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
+--- /dev/null 2021-11-16 15:27:32.915000000 +0100
++++ openssl-3.0.0/test/fipsmodule.cnf 2021-11-18 11:15:34.538060408 +0100
+@@ -0,0 +1,2 @@
++[fips_sect]
++activate = 1
diff --git a/SOURCES/0034.fipsinstall_disable.patch b/SOURCES/0034.fipsinstall_disable.patch
new file mode 100644
index 0000000..c4f9efd
--- /dev/null
+++ b/SOURCES/0034.fipsinstall_disable.patch
@@ -0,0 +1,406 @@
+diff -up openssl-3.0.0/apps/fipsinstall.c.xxx openssl-3.0.0/apps/fipsinstall.c
+--- openssl-3.0.0/apps/fipsinstall.c.xxx 2021-11-22 13:09:28.232560235 +0100
++++ openssl-3.0.0/apps/fipsinstall.c 2021-11-22 13:12:22.272058910 +0100
+@@ -311,6 +311,9 @@ int fipsinstall_main(int argc, char **ar
+ EVP_MAC *mac = NULL;
+ CONF *conf = NULL;
+
++ BIO_printf(bio_err, "This command is not enabled in the Red Hat Enterprise Linux OpenSSL build, please consult Red Hat documentation to learn how to enable FIPS mode\n");
++ return 1;
++
+ if ((opts = sk_OPENSSL_STRING_new_null()) == NULL)
+ goto end;
+
+diff -up openssl-3.0.0/doc/man1/openssl.pod.xxx openssl-3.0.0/doc/man1/openssl.pod
+--- openssl-3.0.0/doc/man1/openssl.pod.xxx 2021-11-22 13:18:51.081406990 +0100
++++ openssl-3.0.0/doc/man1/openssl.pod 2021-11-22 13:19:02.897508738 +0100
+@@ -158,10 +158,6 @@ Engine (loadable module) information and
+
+ Error Number to Error String Conversion.
+
+-=item B<fipsinstall>
+-
+-FIPS configuration installation.
+-
+ =item B<gendsa>
+
+ Generation of DSA Private Key from Parameters. Superseded by
+diff -up openssl-3.0.0/doc/man5/config.pod.xxx openssl-3.0.0/doc/man5/config.pod
+--- openssl-3.0.0/doc/man5/config.pod.xxx 2021-11-22 13:24:51.359509501 +0100
++++ openssl-3.0.0/doc/man5/config.pod 2021-11-22 13:26:02.360121820 +0100
+@@ -573,7 +573,6 @@ configuration files using that syntax wi
+ =head1 SEE ALSO
+
+ L<openssl-x509(1)>, L<openssl-req(1)>, L<openssl-ca(1)>,
+-L<openssl-fipsinstall(1)>,
+ L<ASN1_generate_nconf(3)>,
+ L<EVP_set_default_properties(3)>,
+ L<CONF_modules_load(3)>,
+diff -up openssl-3.0.0/doc/man5/fips_config.pod.xxx openssl-3.0.0/doc/man5/fips_config.pod
+--- openssl-3.0.0/doc/man5/fips_config.pod.xxx 2021-11-22 13:21:13.812636065 +0100
++++ openssl-3.0.0/doc/man5/fips_config.pod 2021-11-22 13:24:12.278172847 +0100
+@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration
+
+ =head1 DESCRIPTION
+
+-A separate configuration file, using the OpenSSL L<config(5)> syntax,
+-is used to hold information about the FIPS module. This includes a digest
+-of the shared library file, and status about the self-testing.
+-This data is used automatically by the module itself for two
+-purposes:
+-
+-=over 4
+-
+-=item - Run the startup FIPS self-test known answer tests (KATS).
+-
+-This is normally done once, at installation time, but may also be set up to
+-run each time the module is used.
+-
+-=item - Verify the module's checksum.
+-
+-This is done each time the module is used.
+-
+-=back
+-
+-This file is generated by the L<openssl-fipsinstall(1)> program, and
+-used internally by the FIPS module during its initialization.
+-
+-The following options are supported. They should all appear in a section
+-whose name is identified by the B<fips> option in the B<providers>
+-section, as described in L<config(5)/Provider Configuration Module>.
+-
+-=over 4
+-
+-=item B<activate>
+-
+-If present, the module is activated. The value assigned to this name is not
+-significant.
+-
+-=item B<install-version>
+-
+-A version number for the fips install process. Should be 1.
+-
+-=item B<conditional-errors>
+-
+-The FIPS module normally enters an internal error mode if any self test fails.
+-Once this error mode is active, no services or cryptographic algorithms are
+-accessible from this point on.
+-Continuous tests are a subset of the self tests (e.g., a key pair test during key
+-generation, or the CRNG output test).
+-Setting this value to C<0> allows the error mode to not be triggered if any
+-continuous test fails. The default value of C<1> will trigger the error mode.
+-Regardless of the value, the operation (e.g., key generation) that called the
+-continuous test will return an error code if its continuous test fails. The
+-operation may then be retried if the error mode has not been triggered.
+-
+-=item B<security-checks>
+-
+-This indicates if run-time checks related to enforcement of security parameters
+-such as minimum security strength of keys and approved curve names are used.
+-A value of '1' will perform the checks, otherwise if the value is '0' the checks
+-are not performed and FIPS compliance must be done by procedures documented in
+-the relevant Security Policy.
+-
+-=item B<module-mac>
+-
+-The calculated MAC of the FIPS provider file.
+-
+-=item B<install-status>
+-
+-An indicator that the self-tests were successfully run.
+-This should only be written after the module has
+-successfully passed its self tests during installation.
+-If this field is not present, then the self tests will run when the module
+-loads.
+-
+-=item B<install-mac>
+-
+-A MAC of the value of the B<install-status> option, to prevent accidental
+-changes to that value.
+-It is written-to at the same time as B<install-status> is updated.
+-
+-=back
+-
+-For example:
+-
+- [fips_sect]
+- activate = 1
+- install-version = 1
+- conditional-errors = 1
+- security-checks = 1
+- module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
+- install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
+- install-status = INSTALL_SELF_TEST_KATS_RUN
+-
+-=head1 NOTES
+-
+-When using the FIPS provider, it is recommended that the
+-B<config_diagnostics> option is enabled to prevent accidental use of
+-non-FIPS validated algorithms via broken or mistaken configuration.
+-See L<config(5)>.
+-
+-=head1 SEE ALSO
+-
+-L<config(5)>
+-L<openssl-fipsinstall(1)>
++This command is disabled in Red Hat Enterprise Linux. The FIPS provider is
++automatically loaded when the system is booted in FIPS mode, or when the
++environment variable B<OPENSSL_FORCE_FIPS_MODE> is set. See the documentation
++for more information.
+
+ =head1 COPYRIGHT
+
+diff -up openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod
+--- openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx 2021-11-22 13:18:13.850086386 +0100
++++ openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod 2021-11-22 13:18:24.607179038 +0100
+@@ -388,7 +388,6 @@ A simple self test callback is shown bel
+
+ =head1 SEE ALSO
+
+-L<openssl-fipsinstall(1)>,
+ L<fips_config(5)>,
+ L<OSSL_SELF_TEST_set_callback(3)>,
+ L<OSSL_SELF_TEST_new(3)>,
+diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in
+--- openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac 2022-01-11 13:26:33.279906225 +0100
++++ openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in 2022-01-11 13:33:18.757994419 +0100
+@@ -8,236 +8,11 @@ openssl-fipsinstall - perform FIPS confi
+ =head1 SYNOPSIS
+
+ B<openssl fipsinstall>
+-[B<-help>]
+-[B<-in> I<configfilename>]
+-[B<-out> I<configfilename>]
+-[B<-module> I<modulefilename>]
+-[B<-provider_name> I<providername>]
+-[B<-section_name> I<sectionname>]
+-[B<-verify>]
+-[B<-mac_name> I<macname>]
+-[B<-macopt> I<nm>:I<v>]
+-[B<-noout>]
+-[B<-quiet>]
+-[B<-no_conditional_errors>]
+-[B<-no_security_checks>]
+-[B<-self_test_onload>]
+-[B<-corrupt_desc> I<selftest_description>]
+-[B<-corrupt_type> I<selftest_type>]
+-[B<-config> I<parent_config>]
+
+ =head1 DESCRIPTION
+-
+-This command is used to generate a FIPS module configuration file.
+-This configuration file can be used each time a FIPS module is loaded
+-in order to pass data to the FIPS module self tests. The FIPS module always
+-verifies its MAC, but optionally only needs to run the KAT's once,
+-at installation.
+-
+-The generated configuration file consists of:
+-
+-=over 4
+-
+-=item - A MAC of the FIPS module file.
+-
+-=item - A test status indicator.
+-
+-This indicates if the Known Answer Self Tests (KAT's) have successfully run.
+-
+-=item - A MAC of the status indicator.
+-
+-=item - A control for conditional self tests errors.
+-
+-By default if a continuous test (e.g a key pair test) fails then the FIPS module
+-will enter an error state, and no services or cryptographic algorithms will be
+-able to be accessed after this point.
+-The default value of '1' will cause the fips module error state to be entered.
+-If the value is '0' then the module error state will not be entered.
+-Regardless of whether the error state is entered or not, the current operation
+-(e.g. key generation) will return an error. The user is responsible for retrying
+-the operation if the module error state is not entered.
+-
+-=item - A control to indicate whether run-time security checks are done.
+-
+-This indicates if run-time checks related to enforcement of security parameters
+-such as minimum security strength of keys and approved curve names are used.
+-The default value of '1' will perform the checks.
+-If the value is '0' the checks are not performed and FIPS compliance must
+-be done by procedures documented in the relevant Security Policy.
+-
+-=back
+-
+-This file is described in L<fips_config(5)>.
+-
+-=head1 OPTIONS
+-
+-=over 4
+-
+-=item B<-help>
+-
+-Print a usage message.
+-
+-=item B<-module> I<filename>
+-
+-Filename of the FIPS module to perform an integrity check on.
+-The path provided in the filename is used to load the module when it is
+-activated, and this overrides the environment variable B<OPENSSL_MODULES>.
+-
+-=item B<-out> I<configfilename>
+-
+-Filename to output the configuration data to; the default is standard output.
+-
+-=item B<-in> I<configfilename>
+-
+-Input filename to load configuration data from.
+-Must be used if the B<-verify> option is specified.
+-
+-=item B<-verify>
+-
+-Verify that the input configuration file contains the correct information.
+-
+-=item B<-provider_name> I<providername>
+-
+-Name of the provider inside the configuration file.
+-The default value is C<fips>.
+-
+-=item B<-section_name> I<sectionname>
+-
+-Name of the section inside the configuration file.
+-The default value is C<fips_sect>.
+-
+-=item B<-mac_name> I<name>
+-
+-Specifies the name of a supported MAC algorithm which will be used.
+-The MAC mechanisms that are available will depend on the options
+-used when building OpenSSL.
+-To see the list of supported MAC's use the command
+-C<openssl list -mac-algorithms>. The default is B<HMAC>.
+-
+-=item B<-macopt> I<nm>:I<v>
+-
+-Passes options to the MAC algorithm.
+-A comprehensive list of controls can be found in the EVP_MAC implementation
+-documentation.
+-Common control strings used for this command are:
+-
+-=over 4
+-
+-=item B<key>:I<string>
+-
+-Specifies the MAC key as an alphanumeric string (use if the key contains
+-printable characters only).
+-The string length must conform to any restrictions of the MAC algorithm.
+-A key must be specified for every MAC algorithm.
+-If no key is provided, the default that was specified when OpenSSL was
+-configured is used.
+-
+-=item B<hexkey>:I<string>
+-
+-Specifies the MAC key in hexadecimal form (two hex digits per byte).
+-The key length must conform to any restrictions of the MAC algorithm.
+-A key must be specified for every MAC algorithm.
+-If no key is provided, the default that was specified when OpenSSL was
+-configured is used.
+-
+-=item B<digest>:I<string>
+-
+-Used by HMAC as an alphanumeric string (use if the key contains printable
+-characters only).
+-The string length must conform to any restrictions of the MAC algorithm.
+-To see the list of supported digests, use the command
+-C<openssl list -digest-commands>.
+-The default digest is SHA-256.
+-
+-=back
+-
+-=item B<-noout>
+-
+-Disable logging of the self tests.
+-
+-=item B<-no_conditional_errors>
+-
+-Configure the module to not enter an error state if a conditional self test
+-fails as described above.
+-
+-=item B<-no_security_checks>
+-
+-Configure the module to not perform run-time security checks as described above.
+-
+-=item B<-self_test_onload>
+-
+-Do not write the two fields related to the "test status indicator" and
+-"MAC status indicator" to the output configuration file. Without these fields
+-the self tests KATS will run each time the module is loaded. This option could be
+-used for cross compiling, since the self tests need to run at least once on each
+-target machine. Once the self tests have run on the target machine the user
+-could possibly then add the 2 fields into the configuration using some other
+-mechanism.
+-
+-=item B<-quiet>
+-
+-Do not output pass/fail messages. Implies B<-noout>.
+-
+-=item B<-corrupt_desc> I<selftest_description>,
+-B<-corrupt_type> I<selftest_type>
+-
+-The corrupt options can be used to test failure of one or more self tests by
+-name.
+-Either option or both may be used to select the tests to corrupt.
+-Refer to the entries for B<st-desc> and B<st-type> in L<OSSL_PROVIDER-FIPS(7)> for
+-values that can be used.
+-
+-=item B<-config> I<parent_config>
+-
+-Test that a FIPS provider can be loaded from the specified configuration file.
+-A previous call to this application needs to generate the extra configuration
+-data that is included by the base C<parent_config> configuration file.
+-See L<config(5)> for further information on how to set up a provider section.
+-All other options are ignored if '-config' is used.
+-
+-=back
+-
+-=head1 NOTES
+-
+-Self tests results are logged by default if the options B<-quiet> and B<-noout>
+-are not specified, or if either of the options B<-corrupt_desc> or
+-B<-corrupt_type> are used.
+-If the base configuration file is set up to autoload the fips module, then the
+-fips module will be loaded and self tested BEFORE the fipsinstall application
+-has a chance to set up its own self test callback. As a result of this the self
+-test output and the options B<-corrupt_desc> and B<-corrupt_type> will be ignored.
+-For normal usage the base configuration file should use the default provider
+-when generating the fips configuration file.
+-
+-=head1 EXAMPLES
+-
+-Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test
+-for the module, and save the F<fips.cnf> configuration file:
+-
+- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips
+-
+-Verify that the configuration file F<fips.cnf> contains the correct info:
+-
+- openssl fipsinstall -module ./fips.so -in fips.cnf -provider_name fips -verify
+-
+-Corrupt any self tests which have the description C<SHA1>:
+-
+- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \
+- -corrupt_desc 'SHA1'
+-
+-Validate that the fips module can be loaded from a base configuration file:
+-
+- export OPENSSL_CONF_INCLUDE=<path of configuration files>
+- export OPENSSL_MODULES=<provider-path>
+- openssl fipsinstall -config' 'default.cnf'
+-
+-
+-=head1 SEE ALSO
+-
+-L<config(5)>,
+-L<fips_config(5)>,
+-L<OSSL_PROVIDER-FIPS(7)>,
+-L<EVP_MAC(3)>
++This command is disabled.
++Please consult Red Hat Enterprise Linux documentation to learn how to correctly
++enable FIPS mode on Red Hat Enterprise
+
+ =head1 COPYRIGHT
+
diff --git a/SOURCES/0035-speed-skip-unavailable-dgst.patch b/SOURCES/0035-speed-skip-unavailable-dgst.patch
new file mode 100644
index 0000000..6d948dd
--- /dev/null
+++ b/SOURCES/0035-speed-skip-unavailable-dgst.patch
@@ -0,0 +1,26 @@
+diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c
+--- openssl-3.0.0/apps/speed.c.beldmit 2021-12-21 15:14:04.210431584 +0100
++++ openssl-3.0.0/apps/speed.c 2021-12-21 15:46:05.554085125 +0100
+@@ -547,6 +547,9 @@ static int EVP_MAC_loop(int algindex, vo
+ for (count = 0; COND(c[algindex][testnum]); count++) {
+ size_t outl;
+
++ if (mctx == NULL)
++ return -1;
++
+ if (!EVP_MAC_init(mctx, NULL, 0, NULL)
+ || !EVP_MAC_update(mctx, buf, lengths[testnum])
+ || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
+@@ -1922,8 +1925,10 @@ int speed_main(int argc, char **argv)
+ if (loopargs[i].mctx == NULL)
+ goto end;
+
+- if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
+- goto end;
++ if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) {
++ EVP_MAC_CTX_free(loopargs[i].mctx);
++ loopargs[i].mctx = NULL;
++ }
+ }
+ for (testnum = 0; testnum < size_num; testnum++) {
+ print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],
diff --git a/SOURCES/0045-FIPS-services-minimize.patch b/SOURCES/0045-FIPS-services-minimize.patch
new file mode 100644
index 0000000..41b1646
--- /dev/null
+++ b/SOURCES/0045-FIPS-services-minimize.patch
@@ -0,0 +1,137 @@
+diff -up openssl-3.0.0/providers/fips/fipsprov.c.fipsmin openssl-3.0.0/providers/fips/fipsprov.c
+--- openssl-3.0.0/providers/fips/fipsprov.c.fipsmin 2022-01-12 17:17:42.574377550 +0100
++++ openssl-3.0.0/providers/fips/fipsprov.c 2022-01-12 17:19:57.590598279 +0100
+@@ -37,6 +37,9 @@ static OSSL_FUNC_provider_query_operatio
+
+ #define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK }
+ #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
++#define ALGCU(NAMES, FUNC, CHECK) { { NAMES, FIPS_UNAPPROVED_PROPERTIES, FUNC }, CHECK }
++#define ALGU(NAMES, FUNC) ALGCU(NAMES, FUNC, NULL)
++
+
+ extern OSSL_FUNC_core_thread_start_fn *c_thread_start;
+ int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx);
+@@ -177,13 +177,13 @@ static int fips_get_params(void *provctx
+ &fips_prov_ossl_ctx_method);
+
+ p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
+- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "Red Hat Enterprise Linux 9 - OpenSSL FIPS Provider"))
+ return 0;
+ p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
+- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION))
+ return 0;
+ p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
+- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION))
+ return 0;
+ p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS);
+ if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running()))
+@@ -264,9 +267,9 @@ static const OSSL_ALGORITHM fips_digests
+ * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
+ * KMAC128 and KMAC256.
+ */
+- { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES,
++ { PROV_NAMES_KECCAK_KMAC_128, FIPS_UNAPPROVED_PROPERTIES,
+ ossl_keccak_kmac_128_functions },
+- { PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES,
++ { PROV_NAMES_KECCAK_KMAC_256, FIPS_UNAPPROVED_PROPERTIES,
+ ossl_keccak_kmac_256_functions },
+ { NULL, NULL, NULL }
+ };
+@@ -326,8 +329,8 @@ static const OSSL_ALGORITHM_CAPABLE fips
+ ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions,
+ ossl_cipher_capable_aes_cbc_hmac_sha256),
+ #ifndef OPENSSL_NO_DES
+- ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
+- ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions),
++ ALGU(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
++ ALGU(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions),
+ #endif /* OPENSSL_NO_DES */
+ { { NULL, NULL, NULL }, NULL }
+ };
+@@ -339,8 +342,8 @@ static const OSSL_ALGORITHM fips_macs[]
+ #endif
+ { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions },
+ { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions },
+- { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions },
+- { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions },
++ { PROV_NAMES_KMAC_128, FIPS_UNAPPROVED_PROPERTIES, ossl_kmac128_functions },
++ { PROV_NAMES_KMAC_256, FIPS_UNAPPROVED_PROPERTIES, ossl_kmac256_functions },
+ { NULL, NULL, NULL }
+ };
+
+@@ -375,8 +378,8 @@ static const OSSL_ALGORITHM fips_keyexch
+ #endif
+ #ifndef OPENSSL_NO_EC
+ { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions },
+- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions },
+- { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },
++ { PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keyexch_functions },
++ { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keyexch_functions },
+ #endif
+ { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES,
+ ossl_kdf_tls1_prf_keyexch_functions },
+@@ -386,12 +389,12 @@ static const OSSL_ALGORITHM fips_keyexch
+
+ static const OSSL_ALGORITHM fips_signature[] = {
+ #ifndef OPENSSL_NO_DSA
+- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },
++ { PROV_NAMES_DSA, FIPS_UNAPPROVED_PROPERTIES, ossl_dsa_signature_functions },
+ #endif
+ { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions },
+ #ifndef OPENSSL_NO_EC
+- { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions },
+- { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions },
++ { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ossl_ed25519_signature_functions },
++ { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },
+ { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions },
+ #endif
+ { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES,
+@@ -421,7 +424,7 @@ static const OSSL_ALGORITHM fips_keymgmt
+ PROV_DESCS_DHX },
+ #endif
+ #ifndef OPENSSL_NO_DSA
+- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions,
++ { PROV_NAMES_DSA, FIPS_UNAPPROVED_PROPERTIES, ossl_dsa_keymgmt_functions,
+ PROV_DESCS_DSA },
+ #endif
+ { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions,
+@@ -431,13 +434,13 @@ static const OSSL_ALGORITHM fips_keymgmt
+ #ifndef OPENSSL_NO_EC
+ { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions,
+ PROV_DESCS_EC },
+- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions,
++ { PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keymgmt_functions,
+ PROV_DESCS_X25519 },
+- { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions,
++ { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keymgmt_functions,
+ PROV_DESCS_X448 },
+- { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions,
++ { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ossl_ed25519_keymgmt_functions,
+ PROV_DESCS_ED25519 },
+- { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions,
++ { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_keymgmt_functions,
+ PROV_DESCS_ED448 },
+ #endif
+ { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions,
+diff -up openssl-3.0.0/test/acvp_test.c.fipsmin openssl-3.0.0/test/acvp_test.c
+--- openssl-3.0.0/test/acvp_test.c.fipsmin 2022-01-12 18:34:17.283654119 +0100
++++ openssl-3.0.0/test/acvp_test.c 2022-01-12 18:35:46.270430676 +0100
+@@ -1473,6 +1473,7 @@ int setup_tests(void)
+ OSSL_NELEM(dh_safe_prime_keyver_data));
+ #endif /* OPENSSL_NO_DH */
+
++#if 0 /* Red Hat FIPS provider doesn't have fips=yes property on DSA */
+ #ifndef OPENSSL_NO_DSA
+ ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
+ ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
+@@ -1480,6 +1481,7 @@ int setup_tests(void)
+ ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
+ ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
+ #endif /* OPENSSL_NO_DSA */
++#endif
+
+ #ifndef OPENSSL_NO_EC
+ ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
diff --git a/SOURCES/0046-FIPS-s390x-hardening.patch b/SOURCES/0046-FIPS-s390x-hardening.patch
new file mode 100644
index 0000000..f79abf9
--- /dev/null
+++ b/SOURCES/0046-FIPS-s390x-hardening.patch
@@ -0,0 +1,22 @@
+diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
+index 5c70b2d67840..c5726c638bdd 100644
+--- a/crypto/ec/ecp_s390x_nistp.c
++++ b/crypto/ec/ecp_s390x_nistp.c
+@@ -116,7 +116,7 @@ static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r,
+ /* Otherwise use default. */
+ if (rc == -1)
+ rc = ossl_ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+- OPENSSL_cleanse(param + S390X_OFF_SCALAR(len), len);
++ OPENSSL_cleanse(param, sizeof(param));
+ BN_CTX_end(ctx);
+ BN_CTX_free(new_ctx);
+ return rc;
+@@ -212,7 +212,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst,
+
+ ok = 1;
+ ret:
+- OPENSSL_cleanse(param + S390X_OFF_K(len), 2 * len);
++ OPENSSL_cleanse(param, sizeof(param));
+ if (ok != 1) {
+ ECDSA_SIG_free(sig);
+ sig = NULL;
diff --git a/SOURCES/0047-FIPS-early-KATS.patch b/SOURCES/0047-FIPS-early-KATS.patch
new file mode 100644
index 0000000..ef2d081
--- /dev/null
+++ b/SOURCES/0047-FIPS-early-KATS.patch
@@ -0,0 +1,39 @@
+diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/providers/fips/self_test.c
+--- openssl-3.0.1/providers/fips/self_test.c.earlykats 2022-01-19 13:10:00.635830783 +0100
++++ openssl-3.0.1/providers/fips/self_test.c 2022-01-19 13:11:43.309342656 +0100
+@@ -362,6 +362,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
+ if (ev == NULL)
+ goto end;
+
++ /*
++ * Run the KAT's before HMAC verification according to FIPS-140-3 requirements
++ */
++ if (kats_already_passed == 0) {
++ if (!SELF_TEST_kats(ev, st->libctx)) {
++ ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
++ goto end;
++ }
++ }
++
+ module_checksum = fips_hmac_container;
+ checksum_len = sizeof(fips_hmac_container);
+
+@@ -411,18 +421,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
+ kats_already_passed = 1;
+ }
+ }
+-
+- /*
+- * Only runs the KAT's during installation OR on_demand().
+- * NOTE: If the installation option 'self_test_onload' is chosen then this
+- * path will always be run, since kats_already_passed will always be 0.
+- */
+- if (on_demand_test || kats_already_passed == 0) {
+- if (!SELF_TEST_kats(ev, st->libctx)) {
+- ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
+- goto end;
+- }
+- }
+ ok = 1;
+ end:
+ OSSL_SELF_TEST_free(ev);
diff --git a/SOURCES/0048-correctly-handle-records.patch b/SOURCES/0048-correctly-handle-records.patch
new file mode 100644
index 0000000..ecbc09c
--- /dev/null
+++ b/SOURCES/0048-correctly-handle-records.patch
@@ -0,0 +1,52 @@
+diff -up openssl-3.0.1/apps/s_server.c.handle-records openssl-3.0.1/apps/s_server.c
+--- openssl-3.0.1/apps/s_server.c.handle-records 2022-02-03 15:26:16.803434943 +0100
++++ openssl-3.0.1/apps/s_server.c 2022-02-03 15:34:33.358298697 +0100
+@@ -2982,7 +2982,9 @@ static int www_body(int s, int stype, in
+ /* Set width for a select call if needed */
+ width = s + 1;
+
+- buf = app_malloc(bufsize, "server www buffer");
++ /* as we use BIO_gets(), and it always null terminates data, we need
++ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */
++ buf = app_malloc(bufsize + 1, "server www buffer");
+ io = BIO_new(BIO_f_buffer());
+ ssl_bio = BIO_new(BIO_f_ssl());
+ if ((io == NULL) || (ssl_bio == NULL))
+@@ -3047,7 +3049,7 @@ static int www_body(int s, int stype, in
+ }
+
+ for (;;) {
+- i = BIO_gets(io, buf, bufsize - 1);
++ i = BIO_gets(io, buf, bufsize + 1);
+ if (i < 0) { /* error */
+ if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) {
+ if (!s_quiet)
+@@ -3112,7 +3114,7 @@ static int www_body(int s, int stype, in
+ * we're expecting to come from the client. If they haven't
+ * sent one there's not much we can do.
+ */
+- BIO_gets(io, buf, bufsize - 1);
++ BIO_gets(io, buf, bufsize + 1);
+ }
+
+ BIO_puts(io,
+@@ -3401,7 +3403,9 @@ static int rev_body(int s, int stype, in
+ SSL *con;
+ BIO *io, *ssl_bio, *sbio;
+
+- buf = app_malloc(bufsize, "server rev buffer");
++ /* as we use BIO_gets(), and it always null terminates data, we need
++ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */
++ buf = app_malloc(bufsize + 1, "server rev buffer");
+ io = BIO_new(BIO_f_buffer());
+ ssl_bio = BIO_new(BIO_f_ssl());
+ if ((io == NULL) || (ssl_bio == NULL))
+@@ -3476,7 +3480,7 @@ static int rev_body(int s, int stype, in
+ print_ssl_summary(con);
+
+ for (;;) {
+- i = BIO_gets(io, buf, bufsize - 1);
++ i = BIO_gets(io, buf, bufsize + 1);
+ if (i < 0) { /* error */
+ if (!BIO_should_retry(io)) {
+ if (!s_quiet)
diff --git a/SOURCES/0049-Selectively-disallow-SHA1-signatures.patch b/SOURCES/0049-Selectively-disallow-SHA1-signatures.patch
new file mode 100644
index 0000000..18b0183
--- /dev/null
+++ b/SOURCES/0049-Selectively-disallow-SHA1-signatures.patch
@@ -0,0 +1,489 @@
+From 243201772cc6d583fae9eba81cb2c2c7425bc564 Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cllang@redhat.com>
+Date: Mon, 21 Feb 2022 17:24:44 +0100
+Subject: Selectively disallow SHA1 signatures
+
+For RHEL 9.0, we want to phase out SHA1. One of the steps to do that is
+disabling SHA1 signatures. Introduce a new configuration option in the
+alg_section named 'rh-allow-sha1-signatures'. This option defaults to
+false. If set to false (or unset), any signature creation or
+verification operations that involve SHA1 as digest will fail.
+
+This also affects TLS, where the signature_algorithms extension of any
+ClientHello message sent by OpenSSL will no longer include signatures
+with the SHA1 digest if rh-allow-sha1-signatures is false. For servers
+that request a client certificate, the same also applies for
+CertificateRequest messages sent by them.
+
+For signatures created using the EVP_PKEY API, this is a best-effort
+check that will deny signatures in cases where the digest algorithm is
+known. This means, for example, that that following steps will still
+work:
+
+ $> openssl dgst -sha1 -binary -out sha1 infile
+ $> openssl pkeyutl -inkey key.pem -sign -in sha1 -out sha1sig
+ $> openssl pkeyutl -inkey key.pem -verify -sigfile sha1sig -in sha1
+
+whereas these will not:
+
+ $> openssl dgst -sha1 -binary -out sha1 infile
+ $> openssl pkeyutl -inkey kem.pem -sign -in sha1 -out sha1sig -pkeyopt digest:sha1
+ $> openssl pkeyutl -inkey kem.pem -verify -sigfile sha1sig -in sha1 -pkeyopt digest:sha1
+
+This happens because in the first case, OpenSSL's signature
+implementation does not know that it is signing a SHA1 hash (it could be
+signing arbitrary data).
+
+Resolves: rhbz#2031742
+---
+ crypto/evp/evp_cnf.c | 13 ++++
+ crypto/evp/m_sigver.c | 77 +++++++++++++++++++
+ crypto/evp/pmeth_lib.c | 15 ++++
+ doc/man5/config.pod | 11 +++
+ include/internal/cryptlib.h | 3 +-
+ include/internal/sslconf.h | 4 +
+ providers/common/securitycheck.c | 20 +++++
+ providers/common/securitycheck_default.c | 9 ++-
+ providers/implementations/signature/dsa_sig.c | 11 ++-
+ .../implementations/signature/ecdsa_sig.c | 4 +
+ providers/implementations/signature/rsa_sig.c | 20 ++++-
+ ssl/t1_lib.c | 8 ++
+ util/libcrypto.num | 2 +
+ 13 files changed, 188 insertions(+), 9 deletions(-)
+
+diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
+index 0e7fe64cf9..b9d3b6d226 100644
+--- a/crypto/evp/evp_cnf.c
++++ b/crypto/evp/evp_cnf.c
+@@ -10,6 +10,7 @@
+ #include <stdio.h>
+ #include <openssl/crypto.h>
+ #include "internal/cryptlib.h"
++#include "internal/sslconf.h"
+ #include <openssl/conf.h>
+ #include <openssl/x509.h>
+ #include <openssl/x509v3.h>
+@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
+ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
+ return 0;
+ }
++ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) {
++ int m;
++
++ /* Detailed error already reported. */
++ if (!X509V3_get_value_bool(oval, &m))
++ return 0;
++
++ if (!ossl_ctx_legacy_digest_signatures_allowed_set(
++ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) {
++ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
++ return 0;
++ }
+ } else {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
+ "name=%s, value=%s", oval->name, oval->value);
+diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
+index 9188edbc21..db1a1d7bc3 100644
+--- a/crypto/evp/m_sigver.c
++++ b/crypto/evp/m_sigver.c
+@@ -16,6 +16,71 @@
+ #include "internal/numbers.h" /* includes SIZE_MAX */
+ #include "evp_local.h"
+
++typedef struct ossl_legacy_digest_signatures_st {
++ int allowed;
++} OSSL_LEGACY_DIGEST_SIGNATURES;
++
++static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
++{
++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs;
++
++ if (ldsigs != NULL) {
++ OPENSSL_free(ldsigs);
++ }
++}
++
++static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
++{
++ return OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
++}
++
++static const OSSL_LIB_CTX_METHOD ossl_ctx_legacy_digest_signatures_method = {
++ OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
++ ossl_ctx_legacy_digest_signatures_new,
++ ossl_ctx_legacy_digest_signatures_free,
++};
++
++static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures(
++ OSSL_LIB_CTX *libctx, int loadconfig)
++{
++#ifndef FIPS_MODULE
++ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
++ return 0;
++#endif
++
++ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES,
++ &ossl_ctx_legacy_digest_signatures_method);
++}
++
++int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig)
++{
++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
++ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
++
++#ifndef FIPS_MODULE
++ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL)
++ /* used in tests */
++ return 1;
++#endif
++
++ return ldsigs != NULL ? ldsigs->allowed : 0;
++}
++
++int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
++ int loadconfig)
++{
++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
++ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
++
++ if (ldsigs == NULL) {
++ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
++
++ ldsigs->allowed = allow;
++ return 1;
++}
++
+ #ifndef FIPS_MODULE
+
+ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
+@@ -258,6 +323,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+ }
+ }
+
++ if (ctx->reqdigest != NULL
++ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
++ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
++ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) {
++ int mdnid = EVP_MD_nid(ctx->reqdigest);
++ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)
++ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) {
++ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
++ goto err;
++ }
++ }
++
+ if (ver) {
+ if (signature->digest_verify_init == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
+index 2b9c6c2351..3c5a1e6f5d 100644
+--- a/crypto/evp/pmeth_lib.c
++++ b/crypto/evp/pmeth_lib.c
+@@ -33,6 +33,7 @@
+ #include "internal/ffc.h"
+ #include "internal/numbers.h"
+ #include "internal/provider.h"
++#include "internal/sslconf.h"
+ #include "evp_local.h"
+
+ #ifndef FIPS_MODULE
+@@ -946,6 +947,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
+ return -2;
+ }
+
++ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
++ && md != NULL
++ && ctx->pkey != NULL
++ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac)
++ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
++ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
++ int mdnid = EVP_MD_nid(md);
++ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
++ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
++ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
++ return -1;
++ }
++ }
++
+ if (fallback)
+ return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
+
+diff --git a/doc/man5/config.pod b/doc/man5/config.pod
+index 77a8055e81..aa1be5ca7f 100644
+--- a/doc/man5/config.pod
++++ b/doc/man5/config.pod
+@@ -304,6 +304,17 @@ Within the algorithm properties section, the following names have meaning:
+ The value may be anything that is acceptable as a property query
+ string for EVP_set_default_properties().
+
++=item B<rh-allow-sha1-signatures>
++
++The value is a boolean that can be B<yes> or B<no>. If the value is not set,
++it behaves as if it was set to B<no>.
++
++When set to B<no>, any attempt to create or verify a signature with a SHA1
++digest will fail. For compatibility with older versions of OpenSSL, set this
++option to B<yes>. This setting also affects TLS, where signature algorithms
++that use SHA1 as digest will no longer be supported if this option is set to
++B<no>.
++
+ =item B<fips_mode> (deprecated)
+
+ The value is a boolean that can be B<yes> or B<no>. If the value is
+diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
+index 1291299b6e..e234341e6a 100644
+--- a/include/internal/cryptlib.h
++++ b/include/internal/cryptlib.h
+@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st {
+ # define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16
+ # define OSSL_LIB_CTX_BIO_CORE_INDEX 17
+ # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
+-# define OSSL_LIB_CTX_MAX_INDEXES 19
++# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES 19
++# define OSSL_LIB_CTX_MAX_INDEXES 20
+
+ # define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1
+ # define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0
+diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h
+index fd7f7e3331..05464b0655 100644
+--- a/include/internal/sslconf.h
++++ b/include/internal/sslconf.h
+@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx);
+ void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
+ char **arg);
+
++/* Methods to support disabling all signatures with legacy digests */
++int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig);
++int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
++ int loadconfig);
+ #endif
+diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
+index 699ada7c52..e534ad0a5f 100644
+--- a/providers/common/securitycheck.c
++++ b/providers/common/securitycheck.c
+@@ -19,6 +19,7 @@
+ #include <openssl/core_names.h>
+ #include <openssl/obj_mac.h>
+ #include "prov/securitycheck.h"
++#include "internal/sslconf.h"
+
+ /*
+ * FIPS requires a minimum security strength of 112 bits (for encryption or
+@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
+ mdnid = -1; /* disallowed by security checks */
+ }
+ # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
++
++#ifndef FIPS_MODULE
++ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
++ /* SHA1 is globally disabled, check whether we want to locally allow
++ * it. */
++ if (mdnid == NID_sha1 && !sha1_allowed)
++ mdnid = -1;
++#endif
++
+ return mdnid;
+ }
+
+@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
+ if (ossl_securitycheck_enabled(ctx))
+ return ossl_digest_get_approved_nid(md) != NID_undef;
+ # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
++
++#ifndef FIPS_MODULE
++ {
++ int mdnid = EVP_MD_nid(md);
++ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
++ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
++ return 0;
++ }
++#endif
++
+ return 1;
+ }
+diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
+index de7f0d3a0a..ce54a94fbc 100644
+--- a/providers/common/securitycheck_default.c
++++ b/providers/common/securitycheck_default.c
+@@ -15,6 +15,7 @@
+ #include <openssl/obj_mac.h>
+ #include "prov/securitycheck.h"
+ #include "internal/nelem.h"
++#include "internal/sslconf.h"
+
+ /* Disable the security checks in the default provider */
+ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
+@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
+ }
+
+ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
+- ossl_unused int sha1_allowed)
++ int sha1_allowed)
+ {
+ int mdnid;
++ int ldsigs_allowed;
+
+ static const OSSL_ITEM name_to_nid[] = {
+ { NID_md5, OSSL_DIGEST_NAME_MD5 },
+@@ -36,8 +38,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
+ { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
+ };
+
+- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1);
++ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0);
++ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed);
+ if (mdnid == NID_undef)
+ mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
++ if (mdnid == NID_md5_sha1 && !ldsigs_allowed)
++ mdnid = -1;
+ return mdnid;
+ }
+diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
+index 28fd7c498e..fa3822f39f 100644
+--- a/providers/implementations/signature/dsa_sig.c
++++ b/providers/implementations/signature/dsa_sig.c
+@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
+ mdprops = ctx->propq;
+
+ if (mdname != NULL) {
+- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
+ WPACKET pkt;
+ EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
+- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
+- sha1_allowed);
++ int md_nid;
+ size_t mdname_len = strlen(mdname);
++#ifdef FIPS_MODULE
++ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
++#else
++ int sha1_allowed = 0;
++#endif
++ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
++ sha1_allowed);
+
+ if (md == NULL || md_nid < 0) {
+ if (md == NULL)
+diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
+index 865d49d100..99b228e82c 100644
+--- a/providers/implementations/signature/ecdsa_sig.c
++++ b/providers/implementations/signature/ecdsa_sig.c
+@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
+ "%s could not be fetched", mdname);
+ return 0;
+ }
++#ifdef FIPS_MODULE
+ sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
++#else
++ sha1_allowed = 0;
++#endif
+ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
+ sha1_allowed);
+ if (md_nid < 0) {
+diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
+index 325e855333..bea397f0c1 100644
+--- a/providers/implementations/signature/rsa_sig.c
++++ b/providers/implementations/signature/rsa_sig.c
+@@ -26,6 +26,7 @@
+ #include "internal/cryptlib.h"
+ #include "internal/nelem.h"
+ #include "internal/sizes.h"
++#include "internal/sslconf.h"
+ #include "crypto/rsa.h"
+ #include "prov/providercommon.h"
+ #include "prov/implementations.h"
+@@ -34,6 +35,7 @@
+ #include "prov/securitycheck.h"
+
+ #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
++#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256
+
+ static OSSL_FUNC_signature_newctx_fn rsa_newctx;
+ static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
+@@ -289,10 +291,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
+
+ if (mdname != NULL) {
+ EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
++ int md_nid;
++ size_t mdname_len = strlen(mdname);
++#ifdef FIPS_MODULE
+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
+- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
++#else
++ int sha1_allowed = 0;
++#endif
++ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
+ sha1_allowed);
+- size_t mdname_len = strlen(mdname);
+
+ if (md == NULL
+ || md_nid <= 0
+@@ -1348,8 +1355,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
+ prsactx->pad_mode = pad_mode;
+
+ if (prsactx->md == NULL && pmdname == NULL
+- && pad_mode == RSA_PKCS1_PSS_PADDING)
++ && pad_mode == RSA_PKCS1_PSS_PADDING) {
+ pmdname = RSA_DEFAULT_DIGEST_NAME;
++#ifndef FIPS_MODULE
++ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) {
++ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY;
++ }
++#endif
++ }
++
+
+ if (pmgf1mdname != NULL
+ && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index fc32bb3556..4b74ee1a34 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -20,6 +20,7 @@
+ #include <openssl/bn.h>
+ #include <openssl/provider.h>
+ #include <openssl/param_build.h>
++#include "internal/sslconf.h"
+ #include "internal/nelem.h"
+ #include "internal/sizes.h"
+ #include "internal/tlsgroups.h"
+@@ -1145,11 +1146,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
+ = OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl));
+ EVP_PKEY *tmpkey = EVP_PKEY_new();
+ int ret = 0;
++ int ldsigs_allowed;
+
+ if (cache == NULL || tmpkey == NULL)
+ goto err;
+
+ ERR_set_mark();
++ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0);
+ for (i = 0, lu = sigalg_lookup_tbl;
+ i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
+ EVP_PKEY_CTX *pctx;
+@@ -1169,6 +1172,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
+ cache[i].enabled = 0;
+ continue;
+ }
++ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
++ && !ldsigs_allowed) {
++ cache[i].enabled = 0;
++ continue;
++ }
+
+ if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
+ cache[i].enabled = 0;
+diff --git a/util/libcrypto.num b/util/libcrypto.num
+index 10b4e57d79..2d3c363bb0 100644
+--- a/util/libcrypto.num
++++ b/util/libcrypto.num
+@@ -5426,3 +5426,5 @@ ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
+ EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
+ EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
+ ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
++ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
++ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
+--
+2.35.1
+
diff --git a/SOURCES/0050-FIPS-enable-pkcs12-mac.patch b/SOURCES/0050-FIPS-enable-pkcs12-mac.patch
new file mode 100644
index 0000000..1496bb2
--- /dev/null
+++ b/SOURCES/0050-FIPS-enable-pkcs12-mac.patch
@@ -0,0 +1,95 @@
+diff -up openssl-3.0.1/crypto/pkcs12/p12_key.c.pkc12_fips openssl-3.0.1/crypto/pkcs12/p12_key.c
+--- openssl-3.0.1/crypto/pkcs12/p12_key.c.pkc12_fips 2022-02-21 12:35:24.829893907 +0100
++++ openssl-3.0.1/crypto/pkcs12/p12_key.c 2022-02-21 13:01:22.711622967 +0100
+@@ -85,17 +85,41 @@ int PKCS12_key_gen_uni_ex(unsigned char
+ EVP_KDF *kdf;
+ EVP_KDF_CTX *ctx;
+ OSSL_PARAM params[6], *p = params;
++ char *adjusted_propq = NULL;
+
+ if (n <= 0)
+ return 0;
+
+- kdf = EVP_KDF_fetch(libctx, "PKCS12KDF", propq);
+- if (kdf == NULL)
++ if (ossl_get_kernel_fips_flag()) {
++ const char *nofips = "-fips";
++ size_t len = propq ? strlen(propq) + 1 + strlen(nofips) + 1 :
++ strlen(nofips) + 1;
++ char *ptr = NULL;
++
++ adjusted_propq = OPENSSL_zalloc(len);
++ if (adjusted_propq != NULL) {
++ ptr = adjusted_propq;
++ if (propq) {
++ memcpy(ptr, propq, strlen(propq));
++ ptr += strlen(propq);
++ *ptr = ',';
++ ptr++;
++ }
++ memcpy(ptr, nofips, strlen(nofips));
++ }
++ }
++
++ kdf = adjusted_propq ? EVP_KDF_fetch(libctx, "PKCS12KDF", adjusted_propq) : EVP_KDF_fetch(libctx, "PKCS12KDF", propq);
++ if (kdf == NULL) {
++ OPENSSL_free(adjusted_propq);
+ return 0;
++ }
+ ctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
+- if (ctx == NULL)
++ if (ctx == NULL) {
++ OPENSSL_free(adjusted_propq);
+ return 0;
++ }
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+ (char *)EVP_MD_get0_name(md_type),
+@@ -127,6 +149,7 @@ int PKCS12_key_gen_uni_ex(unsigned char
+ } OSSL_TRACE_END(PKCS12_KEYGEN);
+ }
+ EVP_KDF_CTX_free(ctx);
++ OPENSSL_free(adjusted_propq);
+ return res;
+ }
+
+diff -up openssl-3.0.1/apps/pkcs12.c.pkc12_fips_apps openssl-3.0.1/apps/pkcs12.c
+--- openssl-3.0.1/apps/pkcs12.c.pkc12_fips_apps 2022-02-21 16:37:07.908923682 +0100
++++ openssl-3.0.1/apps/pkcs12.c 2022-02-21 17:38:44.555345633 +0100
+@@ -765,15 +765,34 @@ int pkcs12_main(int argc, char **argv)
+ }
+ if (macver) {
+ EVP_KDF *pkcs12kdf;
++ char *adjusted_propq = NULL;
++ const char *nofips = "-fips";
++ size_t len = app_get0_propq() ? strlen(app_get0_propq()) + 1 + strlen(nofips) + 1 :
++ strlen(nofips) + 1;
++ char *ptr = NULL;
++
++ adjusted_propq = OPENSSL_zalloc(len);
++ if (adjusted_propq != NULL) {
++ ptr = adjusted_propq;
++ if (app_get0_propq()) {
++ memcpy(ptr, app_get0_propq(), strlen(app_get0_propq()));
++ ptr += strlen(app_get0_propq());
++ *ptr = ',';
++ ptr++;
++ }
++ memcpy(ptr, nofips, strlen(nofips));
++ }
+
+ pkcs12kdf = EVP_KDF_fetch(app_get0_libctx(), "PKCS12KDF",
+- app_get0_propq());
++ adjusted_propq ? adjusted_propq : app_get0_propq());
+ if (pkcs12kdf == NULL) {
+ BIO_printf(bio_err, "Error verifying PKCS12 MAC; no PKCS12KDF support.\n");
+ BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n");
++ OPENSSL_free(adjusted_propq);
+ goto end;
+ }
+ EVP_KDF_free(pkcs12kdf);
++ OPENSSL_free(adjusted_propq);
+ /* If we enter empty password try no password first */
+ if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
+ /* If mac and crypto pass the same set it to NULL too */
diff --git a/SOURCES/0051-Support-different-R_BITS-lengths-for-KBKDF.patch b/SOURCES/0051-Support-different-R_BITS-lengths-for-KBKDF.patch
new file mode 100644
index 0000000..eb8b5e3
--- /dev/null
+++ b/SOURCES/0051-Support-different-R_BITS-lengths-for-KBKDF.patch
@@ -0,0 +1,2151 @@
+From 0e9a265e42890699dfce82f1ff6905de6aafbd41 Mon Sep 17 00:00:00 2001
+From: Patrick Uiterwijk <puiterwijk@redhat.com>
+Date: Thu, 18 Nov 2021 10:47:14 +0100
+Subject: [PATCH] Support different R_BITS lengths for KBKDF
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17063)
+---
+ doc/man7/EVP_KDF-KB.pod | 7 +
+ include/openssl/core_names.h | 1 +
+ providers/implementations/kdfs/kbkdf.c | 30 +-
+ test/evp_kdf_test.c | 47 +-
+ test/evp_test.c | 6 +
+ test/recipes/30-test_evp.t | 1 +
+ .../30-test_evp_data/evpkdf_kbkdf_counter.txt | 1843 +++++++++++++++++
+ 7 files changed, 1924 insertions(+), 11 deletions(-)
+ create mode 100644 test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt
+
+diff --git a/doc/man7/EVP_KDF-KB.pod b/doc/man7/EVP_KDF-KB.pod
+index d4fad66f7654..a67268afa7d5 100644
+--- a/doc/man7/EVP_KDF-KB.pod
++++ b/doc/man7/EVP_KDF-KB.pod
+@@ -58,6 +58,13 @@ Set to B<0> to disable use of the optional Fixed Input data 'zero separator'
+ (see SP800-108) that is placed between the Label and Context.
+ The default value of B<1> will be used if unspecified.
+
++=item "r" (B<OSSL_KDF_PARAM_KBKDF_R>) <integer>
++
++Set the fixed value 'r', indicating the length of the counter in bits.
++
++Supported values are B<8>, B<16>, B<24>, and B<32>.
++The default value of B<32> will be used if unspecified.
++
+ =back
+
+ Depending on whether mac is CMAC or HMAC, either digest or cipher is required
+diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
+index b549dae9167c..78418dc6e0a2 100644
+--- a/include/openssl/core_names.h
++++ b/include/openssl/core_names.h
+@@ -217,6 +217,7 @@ extern "C" {
+ #define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */
+ #define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */
+ #define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator" /* int */
++#define OSSL_KDF_PARAM_KBKDF_R "r" /* int */
+ #define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
+ #define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+ #define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
+index 01f7f0d4fd2e..a81cc6e0c0d6 100644
+--- a/providers/implementations/kdfs/kbkdf.c
++++ b/providers/implementations/kdfs/kbkdf.c
+@@ -60,6 +60,7 @@ typedef struct {
+ EVP_MAC_CTX *ctx_init;
+
+ /* Names are lowercased versions of those found in SP800-108. */
++ int r;
+ unsigned char *ki;
+ size_t ki_len;
+ unsigned char *label;
+@@ -100,6 +101,7 @@ static uint32_t be32(uint32_t host)
+
+ static void init(KBKDF *ctx)
+ {
++ ctx->r = 32;
+ ctx->use_l = 1;
+ ctx->use_separator = 1;
+ }
+@@ -152,7 +154,7 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv,
+ size_t iv_len, unsigned char *label, size_t label_len,
+ unsigned char *context, size_t context_len,
+ unsigned char *k_i, size_t h, uint32_t l, int has_separator,
+- unsigned char *ko, size_t ko_len)
++ unsigned char *ko, size_t ko_len, int r)
+ {
+ int ret = 0;
+ EVP_MAC_CTX *ctx = NULL;
+@@ -186,7 +188,7 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv,
+ if (mode == FEEDBACK && !EVP_MAC_update(ctx, k_i, k_i_len))
+ goto done;
+
+- if (!EVP_MAC_update(ctx, (unsigned char *)&i, 4)
++ if (!EVP_MAC_update(ctx, 4 - (r / 8) + (unsigned char *)&i, r / 8)
+ || !EVP_MAC_update(ctx, label, label_len)
+ || (has_separator && !EVP_MAC_update(ctx, &zero, 1))
+ || !EVP_MAC_update(ctx, context, context_len)
+@@ -217,6 +219,7 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen,
+ unsigned char *k_i = NULL;
+ uint32_t l = 0;
+ size_t h = 0;
++ uint64_t counter_max;
+
+ if (!ossl_prov_is_running() || !kbkdf_set_ctx_params(ctx, params))
+ return 0;
+@@ -248,6 +251,15 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen,
+ goto done;
+ }
+
++ if (ctx->mode == COUNTER) {
++ /* Fail if keylen is too large for r */
++ counter_max = (uint64_t)1 << (uint64_t)ctx->r;
++ if ((uint64_t)(keylen / h) >= counter_max) {
++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
++ goto done;
++ }
++ }
++
+ if (ctx->use_l != 0)
+ l = be32(keylen * 8);
+
+@@ -257,7 +269,7 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen,
+
+ ret = derive(ctx->ctx_init, ctx->mode, ctx->iv, ctx->iv_len, ctx->label,
+ ctx->label_len, ctx->context, ctx->context_len, k_i, h, l,
+- ctx->use_separator, key, keylen);
++ ctx->use_separator, key, keylen, ctx->r);
+ done:
+ if (ret != 1)
+ OPENSSL_cleanse(key, keylen);
+@@ -328,6 +340,17 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+ if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_l))
+ return 0;
+
++ p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KBKDF_R);
++ if (p != NULL) {
++ int new_r = 0;
++
++ if (!OSSL_PARAM_get_int(p, &new_r))
++ return 0;
++ if (new_r != 8 && new_r != 16 && new_r != 24 && new_r != 32)
++ return 0;
++ ctx->r = new_r;
++ }
++
+ p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR);
+ if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_separator))
+ return 0;
+@@ -354,6 +377,7 @@ static const OSSL_PARAM *kbkdf_settable_ctx_params(ossl_unused void *ctx,
+ OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0),
+ OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_USE_L, NULL),
+ OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR, NULL),
++ OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_R, NULL),
+ OSSL_PARAM_END,
+ };
+ return known_settable_ctx_params;
+diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c
+index 7fde5ea4111c..173d8cb8b87b 100644
+--- a/test/evp_kdf_test.c
++++ b/test/evp_kdf_test.c
+@@ -1068,9 +1068,9 @@ static int test_kdf_kbkdf_6803_256(void)
+ #endif
+
+ static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char *key,
+- size_t keylen, char *salt, char *info)
++ size_t keylen, char *salt, char *info, int *r)
+ {
+- OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 7);
++ OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 8);
+ OSSL_PARAM *p = params;
+
+ if (params == NULL)
+@@ -1088,6 +1088,8 @@ static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char
+ OSSL_KDF_PARAM_SALT, salt, strlen(salt));
+ *p++ = OSSL_PARAM_construct_octet_string(
+ OSSL_KDF_PARAM_INFO, info, strlen(info));
++ *p++ = OSSL_PARAM_construct_int(
++ OSSL_KDF_PARAM_KBKDF_R, r);
+ *p = OSSL_PARAM_construct_end();
+
+ return params;
+@@ -1100,8 +1102,9 @@ static int test_kdf_kbkdf_invalid_digest(void)
+ OSSL_PARAM *params;
+
+ static unsigned char key[] = {0x01};
++ int r = 32;
+
+- params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test");
++ params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test", &r);
+ if (!TEST_ptr(params))
+ return 0;
+
+@@ -1122,8 +1125,9 @@ static int test_kdf_kbkdf_invalid_mac(void)
+ OSSL_PARAM *params;
+
+ static unsigned char key[] = {0x01};
++ int r = 32;
+
+- params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test");
++ params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test", &r);
+ if (!TEST_ptr(params))
+ return 0;
+
+@@ -1137,6 +1141,30 @@ static int test_kdf_kbkdf_invalid_mac(void)
+ return ret;
+ }
+
++static int test_kdf_kbkdf_invalid_r(void)
++{
++ int ret;
++ EVP_KDF_CTX *kctx;
++ OSSL_PARAM *params;
++
++ static unsigned char key[] = {0x01};
++ int r = 31;
++
++ params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r);
++ if (!TEST_ptr(params))
++ return 0;
++
++ /* Negative test case - derive should fail */
++ kctx = get_kdfbyname("KBKDF");
++ ret = TEST_ptr(kctx)
++ && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
++
++ EVP_KDF_CTX_free(kctx);
++ OPENSSL_free(params);
++ return ret;
++}
++
++
+ static int test_kdf_kbkdf_empty_key(void)
+ {
+ int ret;
+@@ -1145,8 +1173,9 @@ static int test_kdf_kbkdf_empty_key(void)
+
+ static unsigned char key[] = {0x01};
+ unsigned char result[32] = { 0 };
++ int r = 32;
+
+- params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test");
++ params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test", &r);
+ if (!TEST_ptr(params))
+ return 0;
+
+@@ -1169,8 +1198,9 @@ static int test_kdf_kbkdf_1byte_key(void)
+
+ static unsigned char key[] = {0x01};
+ unsigned char result[32] = { 0 };
++ int r = 32;
+
+- params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
++ params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r);
+ if (!TEST_ptr(params))
+ return 0;
+
+@@ -1191,8 +1221,9 @@ static int test_kdf_kbkdf_zero_output_size(void)
+
+ static unsigned char key[] = {0x01};
+ unsigned char result[32] = { 0 };
++ int r = 32;
+
+- params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
++ params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r);
+ if (!TEST_ptr(params))
+ return 0;
+
+@@ -1298,7 +1329,6 @@ static int test_kdf_kbkdf_8009_prf2(void)
+ * Test vector taken from
+ * https://csrc.nist.gov/CSRC/media/Projects/
+ * Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip
+- * Note: Only 32 bit counter is supported ([RLEN=32_BITS])
+ */
+ static int test_kdf_kbkdf_fixedinfo(void)
+ {
+@@ -1628,6 +1658,7 @@ int setup_tests(void)
+ #endif
+ ADD_TEST(test_kdf_kbkdf_invalid_digest);
+ ADD_TEST(test_kdf_kbkdf_invalid_mac);
++ ADD_TEST(test_kdf_kbkdf_invalid_r);
+ ADD_TEST(test_kdf_kbkdf_zero_output_size);
+ ADD_TEST(test_kdf_kbkdf_empty_key);
+ ADD_TEST(test_kdf_kbkdf_1byte_key);
+diff --git a/test/evp_test.c b/test/evp_test.c
+index 70996195f0cb..6ae862b04403 100644
+--- a/test/evp_test.c
++++ b/test/evp_test.c
+@@ -2639,6 +2639,12 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
+ TEST_info("skipping, '%s' is disabled", p);
+ t->skip = 1;
+ }
++ if (p != NULL
++ && (strcmp(name, "mac") == 0)
++ && is_mac_disabled(p)) {
++ TEST_info("skipping, '%s' is disabled", p);
++ t->skip = 1;
++ }
+ OPENSSL_free(name);
+ return 1;
+ }
+diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
+index 7ae546e1d70c..7b976c0a1b5e 100644
+--- a/test/recipes/30-test_evp.t
++++ b/test/recipes/30-test_evp.t
+@@ -45,6 +45,7 @@ my @files = qw(
+ evpciph_aes_stitched.txt
+ evpciph_des3_common.txt
+ evpkdf_hkdf.txt
++ evpkdf_kbkdf_counter.txt
+ evpkdf_pbkdf1.txt
+ evpkdf_pbkdf2.txt
+ evpkdf_ss.txt
+diff --git a/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt b/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt
+new file mode 100644
+index 000000000000..04ab8ff0fad7
+--- /dev/null
++++ b/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt
+@@ -0,0 +1,1843 @@
++#
++# Copyright 2021-2021 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the Apache License 2.0 (the "License"). You may not use
++# this file except in compliance with the License. You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++# Tests start with one of these keywords
++# Cipher Decrypt Derive Digest Encoding KDF MAC PBE
++# PrivPubKeyPair Sign Verify VerifyRecover
++# and continue until a blank line. Lines starting with a pound sign are ignored.
++
++Title = KBKDF tests
++
++# Test vectors taken from
++# https://csrc.nist.gov/CSRC/media/Projects/
++# Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip
++
++
++# [PRF=CMAC_AES128]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=8_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES128
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:dff1e50ac0b69dc40f1051d46c2b069c
++Ctrl.hexinfo = hexinfo:c16e6e02c5a3dcc8d78b9ac1306877761310455b4e41469951d9e6c2245a064b33fd8c3b01203a7824485bf0a64060c4648b707d2607935699316ea5
++Output = 8be8f0869b3c0ba97b71863d1b9f7813
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES128
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:682e814d872397eba71170a693514904
++Ctrl.hexinfo = hexinfo:e323cdfa7873a0d72cd86ffb4468744f097db60498f7d0e3a43bafd2d1af675e4a88338723b1236199705357c47bf1d89b2f4617a340980e6331625c
++Output = dac9b6ca405749cfb065a0f1e42c7c4224d3d5db32fdafe9dee6ca193316f2c7
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES128
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:7aa9973481d560f3be217ac3341144d8
++Ctrl.hexinfo = hexinfo:46f88b5af7fb9e29262dd4e010143a0a9c465c627450ec74ab7251889529193e995c4b56ff55bc2fc8992a0df1ee8056f6816b7614fba4c12d3be1a5
++Output = 1746ae4f09903f74bfbe1b8ae2b79d74576a3b09
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES128
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:e91e0d06ab23a4e495bbcc430efddcaf
++Ctrl.hexinfo = hexinfo:24acb8e9227b180f2ccebea48051cbdbcd1be2bf94400d1e92945fe9b887585a295f46c469036107697813a3e12c45ae2ffde9a940f8f8c181018a93
++Output = e81ef2483729d4165aaa4866c17f26496e6c6924e2fe34f608efef0c35835f86df29a1e19ce166a8
++
++
++# [PRF=CMAC_AES128]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=16_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES128
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:30ec5f6fa1def33cff008178c4454211
++Ctrl.hexinfo = hexinfo:c95e7b1d4f2570259abfc05bb00730f0284c3bb9a61d07259848a1cb57c81d8a6c3382c500bf801dfc8f70726b082cf4c3fa34386c1e7bf0e5471438
++Output = 00018fff9574994f5c4457f461c7a67e
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES128
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:145c9e9365041f075ebde8ce26aa2149
++Ctrl.hexinfo = hexinfo:0d39b1c9c34d95b5b521971828c81d9f2dbdbc4af2ddd14f628721117e5c39faa030522b93cc07beb8f142fe36f674942453ec5518ca46c3e6842a73
++Output = 8a204ce7eab882fae3e2b8317fe431dba16dabb8fe5235525e7b61135e1b3c16
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES128
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:6f3f8cbf40d2a694274cfa2eb2f265a3
++Ctrl.hexinfo = hexinfo:e7b88baa4a2c22b3d78f41d509996c95468c8cb834b035dd5e09e0a455da254b8b5687a1433861751d2dd603f69b2d4ba4ae47776335d37c98b44b4b
++Output = d147f1c78121c583cbcb9d4b0d3767a357bd7232
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES128
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:5e534bea459e54c58a6942abfd4df8ab
++Ctrl.hexinfo = hexinfo:e9a5cc15d223aaa74abd122983b2a10512199b9cc87663fd8a62d417cef53770264fc51f683890fe42da2df7be0f60898c5b09d5c4932137b6b1e06e
++Output = 92480eb4860123ceda76f1e6bf2668520bea49ed72bb900ae50725bb8cfcdb733af1a9de71fe1af5
++
++
++# [PRF=CMAC_AES128]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=24_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES128
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:ca1cf43e5ccd512cc719a2f9de41734c
++Ctrl.hexinfo = hexinfo:e3884ac963196f02ddd09fc04c20c88b60faa775b5ef6feb1faf8c5e098b5210e2b4e45d62cc0bf907fd68022ee7b15631b5c8daf903d99642c5b831
++Output = 1cb2b12326cc5ec1eba248167f0efd58
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES128
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:1bfaf4cd6efd25a132e2a1d41b124465
++Ctrl.hexinfo = hexinfo:b933cfbb223ea65ed0e8db822f83be64ee21d3b9ca1eb0bc32f9d77f145a3e4ed4e2cc72cb3d93ea44824ab81eefdf71bbdb62067e0eb34a79914e4f
++Output = 75f4d20c558d71646ec062d2ca75369a218cedb7104be3abf27026af003e98f3
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES128
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:80168f187848a68b0b82a7ef43b4eedc
++Ctrl.hexinfo = hexinfo:9357281df7665ae5ae961fe5f93a3124416cab3deb11583429c5e529af3fc71094aad560cbc279168fe1c3327787f91a414acfff063832bcd78ed1b5
++Output = be4517c9e6de96929e655a08f5b6d5bb77364f85
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES128
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:26fa0e32e7e08f9b157ebae9f579710f
++Ctrl.hexinfo = hexinfo:ceab805efbe0c50a8aef62e59d95e7a54daa74ed86aa9b1ae8abf68b985b5af4b0ee150e83e6c063b59c7bf813ede9826af149237aed85b415898fa8
++Output = f1d9138afcc3db6001eb54c4da567a5db3659fc0ed48e664a0408946bcee0742127c17cabf348c7a
++
++
++# [PRF=CMAC_AES128]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=32_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES128
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:c10b152e8c97b77e18704e0f0bd38305
++Ctrl.hexinfo = hexinfo:98cd4cbbbebe15d17dc86e6dbad800a2dcbd64f7c7ad0e78e9cf94ffdba89d03e97eadf6c4f7b806caf52aa38f09d0eb71d71f497bcc6906b48d36c4
++Output = 26faf61908ad9ee881b8305c221db53f
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES128
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:695f1b1a16c949cea51cdf2554ec9d42
++Ctrl.hexinfo = hexinfo:4fce5942832a390aa1cbe8a0bf9d202cb799e986c9d6b51f45e4d597a6b57f06a4ebfec6467335d116b7f5f9c5b954062f661820f5db2a5bbb3e0625
++Output = d34b601ec18c34dfa0f9e0b7523e218bdddb9befe8d08b6c0202d75ace0dba89
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES128
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:b523ae21fc36bc58cc46e5a3cda97493
++Ctrl.hexinfo = hexinfo:8dbe6d4d9b09b2eabd165b6e6e97e3bc782f8335cb1ea04ad0403affd88a5071db5f36ce2e84ab296261730b2226a9189d867991fbd4ff86f43a3cfb
++Output = 530211df01975dd6c08064c34105f88a6007f2b2
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES128
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:b2fcf854b1029888aeb0274ca09bb21a
++Ctrl.hexinfo = hexinfo:a6b84baae7a6ceb1d63ed704757500c510c0a8bdc22d2f42af09f79c815f37f33b67dad0b30f428fc1e2d355f7f91f65acbedd2fdd5b8c38dd890407
++Output = fe4c2c0242c5a295c008aeb87ae0815171de6173773292347f4f5ec07185c3f860b5667c199aad55
++
++
++# [PRF=CMAC_AES192]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=8_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES192
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:53d1705caab7b06886e2dbb53eea349aa7419a034e2d92b9
++Ctrl.hexinfo = hexinfo:b120f7ce30235784664deae3c40723ca0539b4521b9aece43501366cc5df1d9ea163c602702d0974665277c8a7f6a057733d66f928eb7548cf43e374
++Output = eae32661a323f6d06d0116bb739bd76a
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES192
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:d10046bb18c3f363e87f4e57b961b294d4edf2ca91dc3e38
++Ctrl.hexinfo = hexinfo:2d043069de979bffb1be38a3cef2869dc07d5d3e99bde2e2204f10138081743f423f0c0b1aec0735a25bc61a8e2936dec6a25bb0ae105ab46caf8a2a
++Output = 8991a58882a0488bb5478996f2893989adb66d08d5030ad90f6ce5fdfca7754b
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES192
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:bf0abb70098d6c203074f1bce3d7468116cd1e5e8e618f20
++Ctrl.hexinfo = hexinfo:d9ce030a48668ada6c67a2ac163515ec22383c4b5332e18d06901bacbb63dd649c683cfd4fee2f33346817b23cb4c734060a1c727b0c72c12448f4f9
++Output = ecd1eef152b5835376f1a4324cd968bcb0cf850a
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES192
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:8725918ca07ad8e108473e5ffdf43eb1cf5c44baf0bd1cec
++Ctrl.hexinfo = hexinfo:f4a57b84a881cf282aac5402cfa8fc4ede0db6f8e902d5c0c41c4712077306484e626e3ffc4129d9b43b46cbb6c53d2838a811dc8aedad7253cf94d4
++Output = 5a795fd0d7661968c478860b526cca40eb8702083fdbff3ff8adfa697e795398ca7106bc950fbb45
++
++
++# [PRF=CMAC_AES192]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=16_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES192
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:d7e8eefc503a39e70d931f16645958ad06fb789f0cbc518b
++Ctrl.hexinfo = hexinfo:b10ea2d67904a8b3b7ce5eef7d9ee49768e8deb3506ee74a2ad8dd8661146fde74137a8f6dfc69a370945d15335e0d6403fa029da19d34140c7e3da0
++Output = 95278b8883852f6676c587507b0aa162
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES192
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:5e6695d7c3f5b156c7b457c8c2b801ba2ae30c9c8a36ee61
++Ctrl.hexinfo = hexinfo:1406756f40efb8e29d5455d2da4bf1993b3c3901d67ec90934895f5de7845f573ae8a0dc8a6ad77d80da29e81329440d61d63dda8eaa7851bc7a172d
++Output = 72046d5eed909f6ab25810ead446ace7422fd87e6bd496ff2e84b115b8e0d27e
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES192
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:e3b88f40c9974410955820a8f8392701e9c67cc6efd3b0ff
++Ctrl.hexinfo = hexinfo:a520f36b6b60dfce34dc1d1f6b16132efa82566efa49f3140113fbc59e309c40db42962c06123721f122f433fa417ce3319bca9c58b4184fd8c7be8f
++Output = 134b6236a80c257591cc1437ab007b3fa4bd7191
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES192
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:51574d47f2f1d202a30252823b52ba7858b729d5ed4c92f7
++Ctrl.hexinfo = hexinfo:0819c17dd3f9a68493a958c46152d04ba450043908a0016b99cc124d5e75b0d11e7c26f27365609c110eee7f8baa88a7d99fecc690e617150f93bd6c
++Output = c46db4cd822e9841408fba79932d6c748bc7ab17421ed1ad188aed327c2a0d694e380c0cade8b37f
++
++
++# [PRF=CMAC_AES192]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=24_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES192
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:f7c1e0682a12f1f17d23dc8af5c463b8aa28f87ed82fad22
++Ctrl.hexinfo = hexinfo:890ec4966a8ac3fd635bd264a4c726c87341611c6e282766b7ffe621080d0c00ac9cf8e2784a80166303505f820b2a309e9c3a463d2e3fd4814e3af5
++Output = a71b0cbe30331fdbb63f8d51249ae50b
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES192
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:3eeed1560e17aaffe9f6ca9d81815b89a6879a56ebe4182a
++Ctrl.hexinfo = hexinfo:a643378a557af69ce2c606bc623a04b568a848207534d25bfa22664f9148997a6b4c00f4624b5100b4eb01857240b119876c3a86c1e8b02335475939
++Output = 8a1dc0f616353bf3ecf5553d7a7651e9ea6d884a32172d3391ad342bfaf60785
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES192
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:c984c3f65cdc32e7503678764a9e84292a1f50e335167a36
++Ctrl.hexinfo = hexinfo:0061cd40f9eef84d6c8b04e0142d70aa50d4690e0a1de8e3ff5f5cea10cd2d28281eb1df90c519b8b51f7aa0d63a313ebbf80538b54dd11a66115be6
++Output = afe93ae91930261344e30ef9e1718e76f74225d9
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES192
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:993305e59f34a94f62931fd7662bb5b73c77d8d4bc6a33ba
++Ctrl.hexinfo = hexinfo:fcceb2d7ac6a68717c2490ec95bebea484c4930d156683c43164dc53bff0bafcbfb31e920109927ef08e12f66f258b6f8ba284908faee7d3376e1bac
++Output = 40e358cfdeee0286d152fcb4626ff22e67eea3b65d8750a273001b67645804cbf613832201b0a9ba
++
++
++# [PRF=CMAC_AES192]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=32_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES192
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:f4267280cb8667c2cf82bb37f389da6391f58cc74deba0cc
++Ctrl.hexinfo = hexinfo:34abbc9f7b12622309a827de5abfdd51fb5bb824838fcde88ca7bc5f3953abdcb445147f13e809e294f75e6d4e3f13b66e47f2dfc881ed392e3a1bf6
++Output = 2d1b4b5694b6741b2ed9c02c05474225
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES192
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:dc866a038c4f78f22d46caca65892bcdb15c1eb49b275827
++Ctrl.hexinfo = hexinfo:b4a123bad4890c7a791f5e192bd8b6e9c8c3620329f99249f11e1eb517a5b27b9e5b047a6591b45f6fff53e6d04b32d82e052af2eb8519bd21c10f93
++Output = 731a2e23ab2e58551490254041ee8fabd9c5a1918d76307f1048535be0763b20
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES192
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:dd5e0f1a30b0b722b00626ee663df29601af58082708e18c
++Ctrl.hexinfo = hexinfo:b7c6eb48c80b071080fd07a827d0bfdc781599862084f7ffd968a4cbff0be9a6adef5ea206aa8af4d8a85705953e33cd7c4cbb69969c73698f54c6b8
++Output = 84e1ca286776cda0784c4fc48b054384ca565d17
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES192
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:d64c598436507f4d05d7ebe780092996f281901dc9c8612f
++Ctrl.hexinfo = hexinfo:0ea737cfca2560856917f3a2ff5e2175930d0719bba85a9c8d8cb311a0a1b8caf8ffe03e9a86ab17046670011c9fec5c5cd697d9cd931f615cdfe649
++Output = 3c26968bd3997c653f79bb725c36d784b590d18a64678cf312abe8a57b2891c27282e37b6a49cd73
++
++
++# [PRF=CMAC_AES256]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=8_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES256
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:aeb7201d055f754212b3e497bd0b25789a49e51da9f363df414a0f80e6f4e42c
++Ctrl.hexinfo = hexinfo:11ec30761780d4c44acb1f26ca1eb770f87c0e74505e15b7e456b019ce0c38103c4d14afa1de71d340db51410596627512cf199fffa20ef8c5f4841e
++Output = 2a9e2fe078bd4f5d3076d14d46f39fb2
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES256
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:5402c978955128558789bee7b571465174a60582a7640037387f99ac16683173
++Ctrl.hexinfo = hexinfo:5c7eb447481c2884a5398449eaecbb8b55f1f1981ba0fd187818d8b3581b430c3da52ab83d444e003625ff36fcbd160c67b18d85b6c9d00da1a15d15
++Output = f22a4686abe599c2194d21fc9071ffceb023dd9b24c13f05a3d44cfc77fec44a
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES256
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:cac968a8ffd81c73948bdfb48bf8a29c1378517d3be294df9a8a80724075bdbd
++Ctrl.hexinfo = hexinfo:08817bcd560edf810aa004194c817e455fb66bbc3b84fef1d66df2d1cebb3403c24231fa822f130c5d8fe886217122dcab15cb725197bbcbeb8010f5
++Output = 651c43e113b32026b204119af394301f0cb9831c
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES256
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:9debd1762a9643e967dbc174f2040e177b8053afb0829189a81fed94f8c365ee
++Ctrl.hexinfo = hexinfo:6c4e1e3fdd7f5c97d58bcdda792642cbd271d6968f6a8e368013d88763d0b306c832b7ab46b84d099596972d12220a4e9c81f82d6f5003d18b93c595
++Output = 2518a44ea347e924b03a7b4c966ec4e4bd76c1456d09096be9387638c2737faeebba4e2b921b19db
++
++
++# [PRF=CMAC_AES256]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=16_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES256
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:4df60800bf8e2f6055c5ad6be43ee3deb54e2a445bc88a576e111b9f7f66756f
++Ctrl.hexinfo = hexinfo:962adcaf12764c87dad298dbd9ae234b1ff37fed24baee0649562d466a80c0dcf0a65f04fe5b477fd00db6767199fa4d1b26c68158c8e656e740ab4d
++Output = eca99d4894cdda31fe355b82059a845c
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES256
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:4c30b96d9beff5cc3c37527694eeec8207fae2c13ef295556919a7a46e5b90c1
++Ctrl.hexinfo = hexinfo:86e1ad34bd7a998281a822129a23102f799812864cf5349f3f21cec7729f83ad8c8aa6517fafcc9521cde887686629048159ed3f15c01408984f547e
++Output = 815fe232e0e89f7eeaa87c3ba5007694a43c1577657ccb3018076c5a5c035d95
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES256
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:e508ce78aca2cc50c80a6cbdb2b178f8ee5e315dad71ddfa700eb6cf503239b3
++Ctrl.hexinfo = hexinfo:28c47ddd23d349e3b30bf97975c5fa591f2158e001dae3faa154d93c615c89fc7449c901a2585e618f68a0b2cbd3f35f53424d5ea015cbf7e8e09f68
++Output = 6bc69b4c11aa7c04ac3c03baa44daeac4a047992
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES256
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:ee0a0f88b3b441826264de7a31b890a66edf7c2a28d0286eab285846b586fb8e
++Ctrl.hexinfo = hexinfo:1ea9771ab763056260d885073e80e835e20e5d7ca9659fdf5dd3b7f2ae6286608f8bc7a6728e41346c55544942b1bf06642fb6a6738fb5b7f0128f9c
++Output = 5484f170b6602b505e9e6ccffccf2262b55c3554728244bba94daff0adbc619400b33f38013a2293
++
++
++# [PRF=CMAC_AES256]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=24_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES256
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:1612a40daa7fce6c6788b3b71311188ffb850613fd81d0e87a891831348e2f28
++Ctrl.hexinfo = hexinfo:1696438fcdf9a85284759b2604b64d7ea76199514709e711ecde5a505b5f27ae38d154aba14322481ddc9fd9169364b991460a0c9a05c7fcb2d099c9
++Output = d101f4f2b5e239bae881cb488995bd52
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES256
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:77b50e24b859725d1cab531c885a6e60e7d5b0432f37408185ae688dffa5f6a5
++Ctrl.hexinfo = hexinfo:0b2c907499cddaa1fcfb02002ab8b9756c5f1f9fea482d79b8a6aa9fa2fb48e69df94dca4cb6f2e90a462678279ddaacc482fdd76581996b43974a22
++Output = c2a02b3743d506cdc1a41d4c2ae4c67610c5d607df0c26cbf7f4fe2198cb35f1
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES256
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:18a5c3e669967b42e9a29bad8fe86699f2b5d496ff767cd3171d1c7195ecef59
++Ctrl.hexinfo = hexinfo:33231c50326592c25ec3eee2c61a3ad4c8a23c098dd83eafe5db411d0948eb122bb6eb7a1d04d2dbcd0b98d0b70b7ff305bb3ef6ac9d4e8e3f7ecd4f
++Output = e80afb5cd274cb5fa4952aa95177ae83337f4c8f
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES256
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:0b589e556b7583f0fa9144868603b59262f457dee1e887ffc0e39968218959b9
++Ctrl.hexinfo = hexinfo:1b95b940e0b950a58f09ea09941b80852cb29838940bb146dc3db0ddcd87f72ee28813c09fcef773e95438c0ed3dbcf29e78de0c78377561c5869d5f
++Output = 260aef65eefd58816fe1a77120d047548b00c475c25178a2a33d4c801d49e8a0fb830513d0b3ff17
++
++
++# [PRF=CMAC_AES256]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=32_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES256
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:d0b1b3b70b2393c48ca05159e7e28cbeadea93f28a7cdae964e5136070c45d5c
++Ctrl.hexinfo = hexinfo:dd2f151a3f173492a6fbbb602189d51ddf8ef79fc8e96b8fcbe6dabe73a35b48104f9dff2d63d48786d2b3af177091d646a9efae005bdfacb61a1214
++Output = 8c449fb474d1c1d4d2a33827103b656a
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES256
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:d54b6fd94f7cf98fd955517f937e9927f9536caebe148fba1818c1ba46bba3a4
++Ctrl.hexinfo = hexinfo:94c4a0c69526196c1377cebf0a2ae0fb4b57797c61bea8eeb0518ca08652d14a5e1bd1b116b1794ac8a476acbdbbcd4f6142d7b8515bad09ec72f7af
++Output = 2e1efed4aef3fdd324e098c0a07c0d97f8fd2c748a996ce29861ca042474daea
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES256
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:99f212241a343c1c8c2104ca6d28062413d985c21e6bba27fde0c622e2e4e6b7
++Ctrl.hexinfo = hexinfo:af8dc1cb7d1f82ca834628c20f0fc81920eb3ff3f75d3f4e3000593e9c15872479711d99d1b7be794f58d80a31bb112219dc16e6354111ab1161e21d
++Output = 7f778c625bf0d083169a51584f6683f24af7c35e
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.cipher = cipher:AES256
++Ctrl.mac = mac:CMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:dabde95d751ff1c132bd49f80f4ee347bf39218cf8bfec61bc3ad865d9aa1182
++Ctrl.hexinfo = hexinfo:55da554307ed756764d4e97febb77ce85391b53225ee09417ad57def48ead090e3d1e7c2ed04f02462a6324ea0163b18f86201c69db27fd50b4c42c5
++Output = 5cc29221cfa6f3a4ded7afeef5a59c05bac787fc5e98a35ee0c96ba582b05c42f758966566084f69
++
++
++# [PRF=HMAC_SHA1]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=8_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA1
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:00a39bd547fb88b2d98727cf64c195c61e1cad6c
++Ctrl.hexinfo = hexinfo:98132c1ffaf59ae5cbc0a3133d84c551bb97e0c75ecaddfc30056f6876f59803009bffc7d75c4ed46f40b8f80426750d15bc1ddb14ac5dcb69a68242
++Output = 0611e1903609b47ad7a5fc2c82e47702
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA1
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:1ee222f5cdd60b0ae956eeeaa838c51bd767672c
++Ctrl.hexinfo = hexinfo:4b10500ba5c9391da83d2ef78d01bcdccda32ff6f242960323324474b9d0685d99dc9143ac6d667a5b46dcc89784b3a4af7a7684b01efee41b144f48
++Output = 806e342013853083a3f7294c63a9ec9a6dba75b256c62fac1e480ef26276cd4b
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA1
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:0e71d9e9c9e951978ada75c831d627dd5d3b4c59
++Ctrl.hexinfo = hexinfo:08b6f69698e8eb6c8c63953abd3538531d722cc4e9ca7ffcb68abba4dd4b027b3787efa107902ace8abb54549bede4ffdadabec3f282865b2166d46e
++Output = 86137b96ec15b7954fdc5df8d371ee2d8016e97a
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA1
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:f0e5ad280b3465e719afdf86377bbcda59f5c59b
++Ctrl.hexinfo = hexinfo:231b6d83f0194499f27848108fd1fcdcf9520e67522cf54486fb919a839532d165019388242ce373a89ce644d7818e7415f5730a0b743595ab19add4
++Output = 9a9ddd19818bb085d24e48ee99d6e628235a422fb2ae383282b7bbbf0e5f5edf42d7237b8ed6aa1d
++
++
++# [PRF=HMAC_SHA1]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=16_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA1
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:a510fe5ad1640d345a6dbba65d629c2a2fedd1ae
++Ctrl.hexinfo = hexinfo:9953de43418a85aa8db2278a1e380e83fb1e47744d902e8f0d1b3053f185bbcc734d12f219576e75477d7f7b799b7afed1a4847730be8fd2ef3f342e
++Output = c00707a18c57acdb84f17ef05a322da2
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA1
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:abec6c894ae9df32e5afdf5d06a0434e8940ca71
++Ctrl.hexinfo = hexinfo:9a6574a0ea1123ab9580906f8a2c4a0ecba9a8a84079c37a6e283ad4d4e957c3d16db66ae4be99e688b221c359a8dd2505868beb6a49fd7ce6c35df4
++Output = 5b37675aec199c7d08435ef6321cf6235c12453a4530072d4a73ba0ad34634a5
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA1
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:df4e835a2f201a3d0f840eab38a18adf72adf9eb
++Ctrl.hexinfo = hexinfo:84c6ca541d24a8b419037b9657ee4e0d5ef96d8b198355940a30b09bf8784e81d3b93558de21c46f04aec4afd610c3b230d17473c80b47b5004955e7
++Output = 1202915544844b1f913caab512c582735bf76fed
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA1
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:cbe1d2895640dcd1545e60e04ce9d995707ec539
++Ctrl.hexinfo = hexinfo:c80d735ec5fd0bf811a4a71c55e99373f83f4111194ec24a8e9fe24ef03f56ed15b4e135e02488d96dba8c0d60c26592df55a492691cf3b7eced40d1
++Output = 1fd5a183be95c2d909deed31d686417d5c08bb88e6f75b150df330c8e7703bb8ccdffacb3e9ee3ff
++
++
++# [PRF=HMAC_SHA1]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=24_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA1
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:928c170199473291bf719a1985a13673afb8f298
++Ctrl.hexinfo = hexinfo:f54388503cde2bf544db4c9510ff7a2759ba9b4e66da3baf41c90ce796d5ea7045bc27424afb03e137abfafe95158954c832090abdba02d86bab569d
++Output = 8c01160c72c925178d616a5c953df0a7
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA1
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:df7ecebec20e14be6db5d46af2769fe4e4ed689c
++Ctrl.hexinfo = hexinfo:308ec6953d4945f075d37932d5dd335c7de0d2e7899a8321724a50b52240191fcdf991520c47a25b04ce6eecc835e4265b623c68d687afc615f74ae5
++Output = c2129eeb33ee6783b6b187e5ae884f8f5bd78ca224e5e01c04a68ecef376ea38
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA1
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:2539c58bba8ae61be8b867b767ad698eb1f52a0b
++Ctrl.hexinfo = hexinfo:9f6de21c93176f8814e9290a40149f749f946d376eb65f888eddcc4a24a58dbdbb3222fb53487e0abb08efff6d6a43511b18c40f489abe4013647273
++Output = 20bc5ab8c27dd3f6f6fa5485f2eed8bd8b8b3d35
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA1
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:66002f224106971edc62a7c6957931b2097aabc3
++Ctrl.hexinfo = hexinfo:f5fe599fac3bac5b10a4296b0783e2fc78cb498347ff3f74e2d9d230dfb6653e1a274e7bc37f0319eac2b0b48533b7be9d3633eed32101837ee460ff
++Output = c195b9139fee020eda70b8a161aef28474977412c0612afafe23b16b1594871548b5889b38e0cf2a
++
++
++# [PRF=HMAC_SHA1]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=32_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA1
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:f7591733c856593565130975351954d0155abf3c
++Ctrl.hexinfo = hexinfo:8e347ef55d5f5e99eab6de706b51de7ce004f3882889e259ff4e5cff102167a5a4bd711578d4ce17dd9abe56e51c1f2df950e2fc812ec1b217ca08d6
++Output = 34fe44b0d8c41b93f5fa64fb96f00e5b
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA1
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:c1efb8d25affc61ed060d994fcd5017c2adfc388
++Ctrl.hexinfo = hexinfo:b92fc055057fec71b9c53e7c44872423a57ed186d6ba66d980fecd1253bf71479320b7bf38d505ef79ca4d62d78ca662642cdcedb99503ea04c1dbe8
++Output = 8db784cf90b573b06f9b7c7dca63a1ea16d93ee7d70ff9d87fa2558e83dc4eaa
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA1
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:e02ba5d5c410e855bbd13f840124273e6b864237
++Ctrl.hexinfo = hexinfo:b14e227b4438f973d671141c6246acdc794eee91bc7efd1d5ff02a7b8fb044009fb6f1f0f64f35365fb1098e1995a34f8b70a71ed0265ed17ae7ae40
++Output = f077c2d5d36a658031c74ef5a66aa48b4456530a
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA1
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:693adb9037184627ad300f176985bd379f388a95
++Ctrl.hexinfo = hexinfo:7f09570c2d9304ec743ab845a8761c126c18f5cf72358eada2b5d1deb43dc6a0f4ff8f933bef7af0bcfacb33fa07f8ca04a06afe231835d5075996be
++Output = 52f55f51010e9bd78e4f58cab274ecafa561bd4e0f20da84f0303a1e5ff9bebc514361ec6df5c77e
++
++
++# [PRF=HMAC_SHA224]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=8_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA224
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:7e2f7a5ab3e82ef927a005308456823da473787bf33d18a864aca63f
++Ctrl.hexinfo = hexinfo:b35695a6e23a765105b87756468d442a53a60cd4225186dc94221c06c5d6f1e98462135656ebca90468a939f29112b811413567d498df9867914d94c
++Output = 10ba5c6ea609da8fa8abe8be552c97a1
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA224
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:667f72fc660e32943de386af9670c78e975c838cae91dca97f4f8508
++Ctrl.hexinfo = hexinfo:e713e8c38e92c8ba0f0791cc4a0d00c98d8dda8f3137a775104e7aa65b5f04fed12ee78a88262b2931717b7ac5624162fd5f0307f4faef038dcc210c
++Output = 835b343242a489249eec3cd56384ea2a5b295e29a4430fec2aae0c8b9fa36d20
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA224
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:3344fb80fd655b16f08c78150516cbbc009fbdf1b510905f9113d275
++Ctrl.hexinfo = hexinfo:dc2aa42084d645baeb822c0c1d9b8e200737e9a2c7dcd922d8f056d6c02552295d95a488758919724207eebb4c21887f71b51a2a7ce98827cf7af4bb
++Output = e281d09a31c57d053f0c2f902792c8bbb9a0f443
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA224
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:eb9386450d7b2da5492da5b139cf4b0b951a5b0c7d40c22ae2c20677
++Ctrl.hexinfo = hexinfo:bd8b73969e3e2d7a943b937c3bffe3a9199d1cf27e289bb10c3b88696a5ae36b3b868b4fc6a20ca93dd0b328f3351f71ce656bb558fa33c74741398d
++Output = bc902dfba79fb4084339b6666c7f72b9f47675229dc24ec61068bb05082717eead35647ff147d7de
++
++
++# [PRF=HMAC_SHA224]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=16_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA224
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:093b2ce84c6175d1723fbe94b9ee963b6251d018fcf8c05c2e3e9b0b
++Ctrl.hexinfo = hexinfo:083e114aca1f97166551b03f27b135c0c802294aa4845a46170b26ec0549cb59c70a85557a3fc3a37d23eed6947d50f10c15baf5c52a7b918ca80bf5
++Output = 94ced61c3665616d4a368f83a7283648
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA224
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:ffb5c9d920522477cb2ecf16ae1e075587b7598348e019df85ca3d43
++Ctrl.hexinfo = hexinfo:252743519ab4e03f8bb0ed137e2d315aac5010b951645c7626c6f5a77c4a6c4e0b0b4030abf937141f7142bcd702678b15d2d4e8850e0570ec782c79
++Output = 3d1813da0322201ed45ac2aaf3542843913bb32fd832a33a5dc94bad964bfe56
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA224
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:7f0ea811340cddbbf261d0260b0c98dec790133cffd2b04b8f8be2b1
++Ctrl.hexinfo = hexinfo:0a744543acddf7d8c0a205372a0450e32631a33bb89ad2e3bb2d9766c248ab755fec152a6da866ef50baeab607d88e5177042056970013aa18f9fb1e
++Output = e55120e7848cf61254159e79c2ac47a9a906a73c
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA224
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:6e237178c4884e13470b6b4848b40389d9856311735da4eefa2f6f38
++Ctrl.hexinfo = hexinfo:9cd9f9ad88471668f3b25515851fff63d3a886b8c6cf371eae159bab58f997b83eda5815567a142c4264978d8f24d24fe2d513c0eeaff983b86fdbd8
++Output = 1e6638ea717338cfeb7dea373785c3c763bd5e509358e4940e9a4e4fd0a3e0347973858bc20243b8
++
++
++# [PRF=HMAC_SHA224]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=24_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA224
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:f09e65e8de7500847b43bd95e6c3506e01aadd484e9699b027897542
++Ctrl.hexinfo = hexinfo:c20f6188517b2ca10086b9f7f8d6f2d38d66f24193c037008d035f361c6bd74db26aef588a87aa8a1c3cdad2ba0207f7e7b39def0df797c4cb3bf614
++Output = 73d30c2af54744eb1efb70429f8e303a
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA224
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:6079eafeba179a915e194b14e12ffee1e2bad56a62077897a4654e4b
++Ctrl.hexinfo = hexinfo:87686603814d619107aabfab85b4c4fe38ae1a5c2a4d78df12119871b8a4f85d583e7d842ee15e7fe03f61dd02b10784838ed163dc67cca43586d628
++Output = d888a21e1a698654fa46288509ae7a28dc7b05e6fc696a909451c2437097056b
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA224
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:2efe2905a1b7e1993da0316f2a747be1e91415ca1e6ad14d04341fee
++Ctrl.hexinfo = hexinfo:4d283c0f6d209379facd8a26aa889780863cf6a81893dc3bd2c928a7f8d922ced9c829bf627d2c556441d0d41a1eb00c0deea78349429de56a275f04
++Output = ec162b6ff6413f5eae9336fd489fab538d042db8
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA224
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:0b15638489d3ac7729a7db82797754e7a7c8d52da0cf3638a27a1a9c
++Ctrl.hexinfo = hexinfo:90988848764dacc6eeba817e0b74086b1233bca9d573717b8e3dd3bd23a532aac7db8b196e4c4702f54cc71bb8882dc776b0317457803a632b429776
++Output = 481293e1e621ad8bab5c9f5090594bb2507a1456ee8ffc30db159cb5b02d69110c3e5270880bf4a7
++
++
++# [PRF=HMAC_SHA224]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=32_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA224
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:f5cb7cc6207f5920dd60155ddb68c3fbbdf5104365305d2c1abcd311
++Ctrl.hexinfo = hexinfo:4e5ac7539803da89581ee088c7d10235a10536360054b72b8e9f18f77c25af01019b290656b60428024ce01fccf49022d831941407e6bd27ff9e2d28
++Output = 0adbaab43edd532b560a322c84ac540e
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA224
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:992815121d88ffb26c337606723c02ef317713086e2cfbbd37e1a167
++Ctrl.hexinfo = hexinfo:152d974eb2719b9027d32054a327312361125959df9d96a1832e2056c2571d4f1cf45f6e8f6544c87f15861cef627d2f16e9b0b4ab799bb3362f4aae
++Output = 475eda3a32d569932e043db64dbf0e9bb0945b54dcdfa203be1a28524c147075
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA224
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:2eabb6b922c24326ef9ae3c192dfd341caf57efe15dd649772a2ac3b
++Ctrl.hexinfo = hexinfo:c75f6f5a1561aab39ea0e22702a6cf7dba3ca4dd9f046bb0abea2d3284168fd9fb39ff725523a660d21f8c2ade03d18d4273c52fb6f22c9e39d6bc2e
++Output = ae50acebe308a1cf1747b9b178a0720748fa5fe5
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA224
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:9b75e7fa216c884037c7d6953092ed335c4efd88ca57a742d6ac3221
++Ctrl.hexinfo = hexinfo:12bea97865df99315259ff620302432ecafc9dce2619e87dfb4979410456a524434315dd3920e2b1aa1c79d5e07132a758a7b7b71ef10bcf1bb877f3
++Output = 60071bd0ceea0fe0f879223b940d3de7dde02ca6858f8450fb9c0032e49f968ef9cd9b5703163dbc
++
++
++# [PRF=HMAC_SHA256]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=8_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA256
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:3edc6b5b8f7aadbd713732b482b8f979286e1ea3b8f8f99c30c884cfe3349b83
++Ctrl.hexinfo = hexinfo:98e9988bb4cc8b34d7922e1c68ad692ba2a1d9ae15149571675f17a77ad49e80c8d2a85e831a26445b1f0ff44d7084a17206b4896c8112daad18605a
++Output = 6c037652990674a07844732d0ad985f9
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA256
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:f109513435d72f14863660dfc027118e47e13995ad44a02415c9c8f63d38675c
++Ctrl.hexinfo = hexinfo:53696208d6f42909136a575010e135e142e31f631d72386a631cc704e5ad4049a889422cd6da7f1805e59a273c6f4fa986bc3082952fca658979f1b0
++Output = 1aaf080fd51b37585ea464a9c617bc3ab859cc78cbe1f2d5d557148ee36821a0
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA256
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:6ed1b41a1fc2ca8c7e09d5bccc410661683ec29d41a0fd01dd820a2e824ff672
++Ctrl.hexinfo = hexinfo:f6dc72adbd8ad4ea91259b61237a042a02546f37d58d933d3efadc54a5e1936a8faf70c33e707c473125bd5006b7dfa6883c04bf27cf53010e1d10bc
++Output = 4090ee711fa361f03267a6ff2a5ace977c8c1db5
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA256
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:63a657fb6c5bacb9a124d3e7db8bbb7d42bfdfaf8f04cb6359cd888c70669652
++Ctrl.hexinfo = hexinfo:2697b6ec112cab4d6f1714c991c17d44fb36a0b6ef0b0f5451619ab248950f56f403215c78711aa563683ced05be7246f32574fa294f162dbbeb3dee
++Output = 1992e75756fa64734d5caecc5f6420fcb28b8b90421eee97dc8b6140ce18518405688bea489d2aaa
++
++
++# [PRF=HMAC_SHA256]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=16_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA256
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:743434c930fe923c350ec202bef28b768cd6062cf233324e21a86c31f9406583
++Ctrl.hexinfo = hexinfo:9bdb8a454bd55ab30ced3fd420fde6d946252c875bfe986ed34927c7f7f0b106dab9cc85b4c702804965eb24c37ad883a8f695587a7b6094d3335bbc
++Output = 19c8a56db1d2a9afb793dc96fbde4c31
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA256
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:365592398d23d31f2cac8bf6211f1ad5f52608efcdc5997b144ea6ded3866cf6
++Ctrl.hexinfo = hexinfo:07dce524556d3f68d2d91d4c15c9c6212635e0df1aef54938490db46f98737064d6a5624d7f938c263af01e632c45d9fe7a871b67f7d4bf110796eb4
++Output = 5624c6911dc1b08e090c8c95347adf17895b696aae211932cde3ec8227fcbea8
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA256
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:c104e187e344668997b7bd9c8cdf097320518dd7dbcb541c414418b55b58cbb2
++Ctrl.hexinfo = hexinfo:32f6bd59840c61909f2f92f98f54bd238083577e33c3d071c1abe4c694bd87c1ad235eb9a2d272b3dc67c955574d5e6cad84615120476d6e7e04f51f
++Output = 1b5d9e60aa909aeb973e76d9bf6be208327bb096
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA256
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:d4349c26108719debacc04e166a09063ffb5e17bcbaf8738dc2618aa7d1e97ae
++Ctrl.hexinfo = hexinfo:da1f5ed45ead428689b0ecca9dbc2569e76953cda0df085499cca6d5949d8995e1e42bbdc94b0dd78c164867c364a64c894de85294ad89d267ff443d
++Output = 00550ae0f29a2373269af175e7f829ec32c3d05099a39f8c0e02caa00b68afb7457669334383ffb2
++
++
++# [PRF=HMAC_SHA256]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=24_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA256
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:388e93e0273e62f086f52f6f5369d9e4626d143dce3b6afc7caf2c6e7344276b
++Ctrl.hexinfo = hexinfo:697bb34b3fbe6853864cac3e1bc6c8c44a4335565479403d949fcbb5e2c1795f9a3849df743389d1a99fe75ef566e6227c591104122a6477dd8e8c8e
++Output = d697442b3dd51f96cae949586357b9a6
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA256
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:f5207566ad012002ae6f2b501f0c24180228345889c20616d043b868a76d015a
++Ctrl.hexinfo = hexinfo:f36dbc8d1dfda60d4ba05214f8773aaa9f01944150bca68812d0d8deb5492f3f68f09809ba5e8b89e9dca86c70f6f353b3d5f49ef27e2fd01cfa911d
++Output = 0faed440796a0685a24a1c5e1cacde566c7a1a4189885229251c6308a53c3f6e
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA256
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:e2758918edcf15d957a556055602d283dbdf9c95b6025a3cddf1eeac1e0ac889
++Ctrl.hexinfo = hexinfo:eda2f792580d6129b43e7b89c661786a29ab502ec6198f4a2bec6d0ffca1a75b8807d4313e7bf769a94fbf4b41c4cc309358a211105312c05818d8f3
++Output = 67e3273b2cfa4c663377f5841606679aee420dce
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA256
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:c9063598d6cf8660300073b5c25603baf3ade910c182deea15d8107d6f6be295
++Ctrl.hexinfo = hexinfo:22d27eec90c2dd4ae5cf4a705abecfd781b9051ba512b048ea9499364b791e9cdf63215db43680dacffe6f19d77fc93f8a46d84dd52146389d9ec308
++Output = f3a5b521b435a8c83eaf2d264b5b1a6dcc32c21b4897511203f97f01f2a691eef080b4cd7ca4fc38
++
++
++# [PRF=HMAC_SHA256]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=32_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA256
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:dd1d91b7d90b2bd3138533ce92b272fbf8a369316aefe242e659cc0ae238afe0
++Ctrl.hexinfo = hexinfo:01322b96b30acd197979444e468e1c5c6859bf1b1cf951b7e725303e237e46b864a145fab25e517b08f8683d0315bb2911d80a0e8aba17f3b413faac
++Output = 10621342bfb0fd40046c0e29f2cfdbf0
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA256
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:e204d6d466aad507ffaf6d6dab0a5b26152c9e21e764370464e360c8fbc765c6
++Ctrl.hexinfo = hexinfo:7b03b98d9f94b899e591f3ef264b71b193fba7043c7e953cde23bc5384bc1a6293580115fae3495fd845dadbd02bd6455cf48d0f62b33e62364a3a80
++Output = 770dfab6a6a4a4bee0257ff335213f78d8287b4fd537d5c1fffa956910e7c779
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA256
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:dc60338d884eecb72975c603c27b360605011756c697c4fc388f5176ef81efb1
++Ctrl.hexinfo = hexinfo:44d7aa08feba26093c14979c122c2437c3117b63b78841cd10a4bc5ed55c56586ad8986d55307dca1d198edcffbc516a8fbe6152aa428cdd800c062d
++Output = 29ac07dccf1f28d506cd623e6e3fc2fa255bd60b
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA256
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:c4bedbddb66493e7c7259a3bbbc25f8c7e0ca7fe284d92d431d9cd99a0d214ac
++Ctrl.hexinfo = hexinfo:1c69c54766791e315c2cc5c47ecd3ffab87d0d273dd920e70955814c220eacace6a5946542da3dfe24ff626b4897898cafb7db83bdff3c14fa46fd4b
++Output = 1da47638d6c9c4d04d74d4640bbd42ab814d9e8cc22f4326695239f96b0693f12d0dd1152cf44430
++
++
++# [PRF=HMAC_SHA384]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=8_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA384
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:0be1999848a7a14a555649048fcadf2f644304d163190dc9b23a21b80e3c8c373515d6267d9c5cfd31b560ffd6a2cd5c
++Ctrl.hexinfo = hexinfo:11340cfbdb40f20f84cac4b8455bdd76c730adcecd0484af9011bacd46e22ff2d87755dfb4d5ba7217c37cb83259bdbe0983cc716adc2e6c826ed53c
++Output = c2ea7454de25afb27065f4676a392385
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA384
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:218f47301a3adf39a4e1ddc25a1df2b7db53d7780c207f47ab4cefcaa960ed82cb6cbc34b97b4c332d52ca81cc40cb9a
++Ctrl.hexinfo = hexinfo:60dcb116d7cfd3cca7315c9dc7e9650f886b67d9fbcd98c226239a0f66eff075da23c6cb750a2129ae71b9582934f57423a815249cac2c61f958b35d
++Output = 26b01d94c4dd51a9c8b54f78647257f9e937a8d67dffa78f85749cdfb22db620
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA384
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:426c4facbacecb654555bc9843f9864a53e14c9a5e19600abf57b03cf8b6f825f71191eaaf3cfd70961314acbf1e6e29
++Ctrl.hexinfo = hexinfo:d224dc52dd16bde3391fab24fa875b695d63215e182efa970537904f4cd1d7f929f87c17fa97bd490f10cfc3bb80353ea4a4bb403f79e18677c39d29
++Output = 431c73810e9fe4f4982202f55eb5f0212f302142
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA384
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:522a72c006a6b77911915c78952dd61848725a4b0789b2cfce3b29d947d9faa145417740c0365bd81a860a600012543b
++Ctrl.hexinfo = hexinfo:4a3cd102c4b95fe193660c4c174f02c725207449b785edb8fa8c4404f01a25bef3238637d3bae370758332c678deb578322e031ec3970876600196d2
++Output = 2f5d52226949aecfe6359561a5fdd87a843457019e24faacacedd34177cda6cba18cc78cc8c78cef
++
++
++# [PRF=HMAC_SHA384]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=16_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA384
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:26ef897e4b617b597f766ec8d8ccf44c543e790a7d218f029dcb4a3695ae2caccce9d3e935f6741581f2f53e49cd46f8
++Ctrl.hexinfo = hexinfo:bc2c728f9dc6db426dd4e85fdb493826a31fec0607644209f9bf2264b6401b5db3004c1a76aa08d93f08d3d9e2ba434b682e480004fb0d9271a8e8cd
++Output = a43d31f07f0ee484455ae11805803f60
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA384
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:269cce234dd4783067ceaa04a70deb1c9700acf705548495767c22f78493851ca9c699077a002874caacb760106016c6
++Ctrl.hexinfo = hexinfo:f64bfb4bdaac81b5801d2f9f08bc2e4d009990b67290fd49b3730c3a145696447aceae6a82f7508a19c396a548c9c33d943dab82b2538c18b8eee871
++Output = ab4182261c5d9c0d23a26477f14a507dd7f5e9550d04f48de29e644ed55f3406
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA384
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:ec71de96c9520386f9d11bebe474bae0c0549e2b2e8fda6b2336050ee3acbec38bc57d56e6422d3cd493ead69772a059
++Ctrl.hexinfo = hexinfo:4313d1efba21dded84ce12bf80b1be54400619d3bb1987f18bf85400e335103969e77c819a5360cf1dd3f4addb6b8eec0199508c75adfe2cfc067dc8
++Output = 8e37ecc86dcb5ee7cf48d8a07f06c47cdce624cc
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA384
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:afe2d3a4746792908aca8ece67ba8562382000b4e26122414b3ef2e120511bae68448955cf186be87caf69eaced47e87
++Ctrl.hexinfo = hexinfo:1f6dd0b17fed7f479c4f62927291a95292a4e232441c30ffcaa1d347543e50db939360bb37976eacb911f76c38ad8cce12a0c263875bbcd7f6011ffd
++Output = 17b671ca433cea81384b03b69c26a55257085cdfa48e6d8529431464bd439a881de560294afb0073
++
++
++# [PRF=HMAC_SHA384]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=24_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA384
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:4fab4f1e3512b5f443ec31d2f6425d5f0fc13a5f82c83f72788a48a1bd499495ff18fb7acc0d4c1666c99db12e28f725
++Ctrl.hexinfo = hexinfo:f0f010f99fbd8ec1bd0f23cd12bb41b2b8acb8713bb031f927e439f616e6ae27aed3f5582f8206893deea1204df125cedce35ce2b01b32bcefb388fd
++Output = c3c263b5aa6d0cfe5304a7c9d21a44ba
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA384
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:af3cd100d14dcb5e63f8915eced4b59477936c48e0e2b9232449a97d53d3eddf9e00bf44a8f2370c38a13434c13e0977
++Ctrl.hexinfo = hexinfo:81f178f11615309844af84e163ff694f1936f7528aba6f0e60d41b4afac87e9dd48fbb5aebe534733f576950484aab15b386b468a055a1e0be8982c0
++Output = 0b52be4ebd8b2116df895a42317ac78808993673c99da6391f0eee13cc8470fa
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA384
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:fc3ba84439d8b7ead37ac6c825e088fc80152788bbc9c68569213dd6189d5fd552c37ab73b3d53ee9809a485194fb3cd
++Ctrl.hexinfo = hexinfo:df5728d5d146898b68d8713aa8053d03db52b7227d502d3effcd51a22d52ecd9175a4b01d2f27ecfc8abf02c1dd80f5c90a5e01396c1107dddb02226
++Output = 87ff36ca26778fcaf4f9209d38095c55c40f5e22
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA384
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:08d867a61b13cd8c79d3a1cbec3493925ece900e06993063bc0dfe0247cd059ba50a5fb6afc65ac469793817a1f2dfee
++Ctrl.hexinfo = hexinfo:af0c83a659267869bd7cde387bf1c29c9c0ff3c6cabf512c73fd671748e4e9e49218de9350fc0dde27839eb1e2878f900689abeb7b540c70203e5a95
++Output = 3fef69d875b9b6047c33f295619f6e7c7125c875d55409500100f71bee6551d511327fbde607ac41
++
++
++# [PRF=HMAC_SHA384]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=32_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA384
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:216ed044769c4c3908188ece61601af8819c30f501d12995df608e06f5e0e607ab54f542ee2da41906dfdb4971f20f9d
++Ctrl.hexinfo = hexinfo:638e9506a2c7be69ea346b84629a010c0e225b7548f508162c89f29c1ddbfd70472c2b58e7dc8aa6a5b06602f1c8ed4948cda79c62708218e26ac0e2
++Output = d4b144bb40c7cabed13963d7d4318e72
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA384
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:8fca201473433f2dc8f6ae51e48de1a5654ce687e711d2d65f0dc5da6fee9a6a3db9d8535d3e4455ab53d35850c88272
++Ctrl.hexinfo = hexinfo:195bd88aa2d4211912334fe2fd9bd24522f7d9fb08e04747609bc34f2538089a9d28bbc70b2e1336c3643753cec6e5cd3f246caa915e3c3a6b94d3b6
++Output = f51ac86b0f462388d189ed0197ef99c2ff3a65816d8442e5ea304397b98dd11f
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA384
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:bc3157b8932e88d1b1cf8e4622137010a242d3527b1d23d6d9c0db9cc9edfc20e5135de823977bf4defafae44d6cdab6
++Ctrl.hexinfo = hexinfo:b42a8e43cc2d4e5c69ee5e4f6b19ff6b8071d26bab4dfe45650b92b1f47652d25162d4b61441d8448c54918ae568ae2fb53091c624dbfffacee51d88
++Output = 91314bdf542162031643247d6507838eaba50f1a
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA384
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:582f968a54b8797b9ea8c655b42e397adb73d773b1984b1e1c429cd597b8015d2f91d59e4136a9d523bf6491a4733c7a
++Ctrl.hexinfo = hexinfo:e6d3c193eff34e34f8b7b00e66565aeb01f63206bb27e27aa281592afc06ae1ec5b7eb97a39684ce773d7c3528f2667c1f5d428406e78ce4cf39f652
++Output = 691726c111e5030b5f9657069107861ecc18bc5835a814c3d2e5092c901cb1fb6c1a7cd3eb0be2a7
++
++
++# [PRF=HMAC_SHA512]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=8_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA512
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:6ea2c385bb3e7bbafc2225cee1d3ee103ce300c1fdf033d0c1e99c57e6a596e037020838e857c0434040b58a5ca5410be672b888ef9955bdd54eb6a67416ff6a
++Ctrl.hexinfo = hexinfo:be119901ed8679b243508b97663f35da322774d7d2012d6557da6657c1176a115ebc73b0f1bfa1dba6b8c3b124f0a47cff2998b230c955b0ea809784
++Output = e0755fa6f116ef7a8e8361f47fd57511
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA512
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:0ef984d7b4ee76f5c9e080b27f45ccab4ac2362c4cafa68198786b18e239d0f69ee62148373643ad9aa42474700348ef651fee9973130a42e76b7e7633eba1e9
++Ctrl.hexinfo = hexinfo:56ece7c14c1fc5467f8316f3a931a7ddfa490969f442d7a132f3755809f6ca11dbc9c6493a541c244c32be6656e13ef2868cb79415b807b3882f00d2
++Output = 19aa765affdd3cc7294b2c97e1bd5adc368523a3283c387d0719761e938f83db
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA512
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:a35728d4ec0d7e94019a45d52264e5cd63c7540c21e30a9882d8d531cbb510edaa78e42c03994c18d8efcf7f826a1a9fdbbbacc55c640e7b532cc08e0615a093
++Ctrl.hexinfo = hexinfo:f501cc527bad6fe5d8e4f1f0f53d416ab17235f380f7e0d1c90dca18206af1fb1d977551e2e0e25c1fe41a8f825fbae2c07c94b768e98ad5ab8ddb2e
++Output = 54cf238101418ce050eee03aae0c39c4602ab838
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA512
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:8
++Ctrl.hexkey = hexkey:baed493b0294c9a5dbbe4547a30f0602c6124cedb549b45cff0ee4f3689a7ae5b695e5ecdfebf611bba1174e5e3a8824383e555daef396dc58c2842f77d5a674
++Ctrl.hexinfo = hexinfo:1371182cb0725416b1eccf4ac9fb20cf4e0f77e7d006a531e0ab2b2b46e0859473dad9dcae65ba5eb902228787dae19e735d002c919a4b74012f8904
++Output = 09bb55c9f3cee604f4bc5544a802be8b02b34b99f7928ceee696221975f947905f1b5979d9d4c2a1
++
++
++# [PRF=HMAC_SHA512]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=16_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA512
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:bb0c55c7201ceb2e1369a6c49e2cdc1ae5e4cd1d64638105072c3a9172b2fa6a127c4d6d55132585fb2644b5ae3cf9d347875e0d0bf80945eaabef3b4319605e
++Ctrl.hexinfo = hexinfo:89bf925033f00635c100e2c88a98ad9f08cd6a002b934617d4ebfffc0fe9bca1d19bd942da3704da127c7493cc62c67f507c415e4cb67d7d0be70005
++Output = 05efd62522beb9bfff6492ecd24501a7
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA512
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:393eb889e9c2f251b95aa147d53e4cd029fd0391110be9c6b2f8ba32857864847c448a9a591686de88da7486d0a0f0f8c927560fa8f79c30e66a7efaacaa638f
++Ctrl.hexinfo = hexinfo:116bf7f9e5eb884c86cd0d3a2b33d41de7735677e6bd727e83fbde5c8113de56bf84c9f80610db760ae2df73f4f0db9df0cc1655ea9bc98bb06beeda
++Output = 212e4e4057a6871e166e7563205833bc7f01e86c724b6a61166d9311c55b5044
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA512
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:eeec4383a808fae57f24a7a5eb6157cca66483a613590c89ed39f59617ea97fcfa7cdfc83ba8140fa0d8542263d6423a9bcca70e11addb7a646f194ff0878cac
++Ctrl.hexinfo = hexinfo:b2565a20171eef1eaa04728e6c369405b251062bbd0a2b9171c8c6fedf0ff783691db787f153bbf5167301808f768a03df0deec99f2b9efb90cab571
++Output = 4f31b7bcd54c74d8a7d31aca187b8736f0a59db7
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA512
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:16
++Ctrl.hexkey = hexkey:62690d8ef259d175911d8eb52a331af29a8e3b797c4b315a67fa5cd1b00e585b2f7d97341284d0fcaa15a080732f7958e3b33e938e730623d1e651dbea9b2233
++Ctrl.hexinfo = hexinfo:266535b58de26ed62f936bc7147c8c3b31ee0c1bb92c5ef63699ac7225e01cec5afd2e6e39cf095882324c7dc94b0daa2befc50f790da0547d7c6184
++Output = 9336a88737d9ae01b5c43be5789c8545689557aad295ea3c03d2a2e0143603365fea1656175c20bf
++
++
++# [PRF=HMAC_SHA512]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=24_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA512
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:d10933b0683f6787c33eccea1c311b8444270504fb3980bfd56443ba4068722184c31541d9174f71068b7789440bc34cec456e115067f9c65a5f2883c6868204
++Ctrl.hexinfo = hexinfo:dcb2ea8d715821d6393bd49a3e35f69a6c2519edb614f80fbc3f7ae1d65ff4a04c499e75d08819a09092ddaadba510e03cb2ac898804590dbd61fb7e
++Output = 876d73040d03d569e2fcae33b241d98e
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA512
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:44e6e9abd8572a19ba127dfa2ca6a1b53beaef8c19a1ec5b67f1f6f7919671cd80ade7ded7c0f096525936ef427b152339de915f024964ca9ea908a120e2553a
++Ctrl.hexinfo = hexinfo:c2884a0c3ea2ff5b0bc848698f49f2c59eff511d77caddba897dec7714a0984e54f330dd9e9fdca9c033dfbc36d3293eca0ce7601e316463966ad4fd
++Output = b294537440bec490953bf6e9a77c4510536916b84a5a2f45b5bf9f76666d8f12
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA512
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:a39131ca2f8df817ea2f155aac72d58a696d915b66b7cbe172a0f48a407aa8af0edbaea051eb027fe8fcc435cc7f160feeb57bd39a39d94104fe35167dac1aae
++Ctrl.hexinfo = hexinfo:52b6d1f6381fc3dd44baf1c9d36f0c313e58bf4fdb936b78103afdb90373079de90e4bb7d7089e65e0aef23f2a34df5198b8392aac705eb998c1f8cd
++Output = e707c910b4db3a648815fcad5ca7af18e5354c2e
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA512
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:24
++Ctrl.hexkey = hexkey:af5a39f0303b11bca55584ce24162dabd1625aed14ce54f9e407866e03efb24b12a36e164f96faf36bc92a08acd194285107173fb84caef787672d6471028459
++Ctrl.hexinfo = hexinfo:1cd84829b89d3149948967494aece985f1df3d7ec7735e8cc468bb3e6fdb50964d32dcde5521a82402577371047bf77e34714437e9d213561055b9db
++Output = a0e81b336a6f4ab395aada28314d8ba96b9216ae389b01aaec158e166239e554a217e69f603988fb
++
++
++# [PRF=HMAC_SHA512]
++# [CTRLOCATION=BEFORE_FIXED]
++# [RLEN=32_BITS]
++
++# COUNT=0
++# L = 128
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA512
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:dd5dbd45593ee2ac139748e7645b450f223d2ff297b73fd71cbcebe71d41653c950b88500de5322d99ef18dfdd30428294c4b3094f4c954334e593bd982ec614
++Ctrl.hexinfo = hexinfo:b50b0c963c6b3034b8cf19cd3f5c4ebe4f4985af0c03e575db62e6fdf1ecfe4f28b95d7ce16df85843246e1557ce95bb26cc9a21974bbd2eb69e8355
++Output = e5993bf9bd2aa1c45746042e12598155
++
++# COUNT=10
++# L = 256
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA512
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:5be2bf7f5e2527e15fe65cde4507d98ba55457006867de9e4f36645bcff4ca38754f92898b1c5544718102593b8c26d45d1fceaea27d97ede9de8b9ebfe88093
++Ctrl.hexinfo = hexinfo:004b13c1f628cb7a00d9498937bf437b71fe196cc916c47d298fa296c6b86188073543bbc66b7535eb17b5cf43c37944b6ca1225298a9e563413e5bb
++Output = cee0c11be2d8110b808f738523e718447d785878bbb783fb081a055160590072
++
++# COUNT=20
++# L = 160
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA512
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:9dd03864a31aa4156ca7a12000f541680ce0a5f4775eef1088ac13368200b447a78d0bf14416a1d583c54b0f11200ff4a8983dd775ce9c0302d262483e300ae6
++Ctrl.hexinfo = hexinfo:037369f142d669fca9e87e9f37ae8f2c8d506b753fdfe8a3b72f75cac1c50fa1f8620883b8dcb8dcc67adcc95e70aa624adb9fe1b2cb396692b0d2e8
++Output = 96e8d1bc01dc95c0bf42c3c38fc54c090373ced4
++
++# COUNT=30
++# L = 320
++KDF = KBKDF
++Ctrl.mode = mode:COUNTER
++Ctrl.digest = digest:SHA512
++Ctrl.mac = mac:HMAC
++Ctrl.use-l = use-l:0
++Ctrl.use-separator = use-separator:0
++Ctrl.r = r:32
++Ctrl.hexkey = hexkey:a9f4a2c5af839867f5db5a1e520ab3cca72a166ca60de512fd7fe7e64cf94f92cf1d8b636175f293e003275e021018c3f0ede495997a505ec9a2afeb0495be57
++Ctrl.hexinfo = hexinfo:8e9db3335779db688bcfe096668d9c3bc64e193e3529c430e68d09d56c837dd6c0f94678f121a68ee1feea4735da85a49d34a5290aa39f7b40de435f
++Output = 6db880daac98b078ee389a2164252ded61322d661e2b49247ea921e544675d8f17af2bf66dd40d81
++
diff --git a/SOURCES/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch b/SOURCES/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
new file mode 100644
index 0000000..c7cb9b7
--- /dev/null
+++ b/SOURCES/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
@@ -0,0 +1,206 @@
+From c63599ee9708d543205a9173207ee7167315c624 Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cllang@redhat.com>
+Date: Tue, 1 Mar 2022 15:44:18 +0100
+Subject: [PATCH] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
+
+References: rhbz#2055796
+---
+ crypto/x509/x509_vfy.c | 19 ++++++++++-
+ doc/man5/config.pod | 7 +++-
+ ssl/t1_lib.c | 64 ++++++++++++++++++++++++++++-------
+ test/recipes/25-test_verify.t | 7 ++--
+ 4 files changed, 79 insertions(+), 18 deletions(-)
+
+diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
+index ff3ca83de6..a549c1c111 100644
+--- a/crypto/x509/x509_vfy.c
++++ b/crypto/x509/x509_vfy.c
+@@ -25,6 +25,7 @@
+ #include <openssl/objects.h>
+ #include <openssl/core_names.h>
+ #include "internal/dane.h"
++#include "internal/sslconf.h"
+ #include "crypto/x509.h"
+ #include "x509_local.h"
+
+@@ -3440,14 +3441,30 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
+ {
+ int secbits = -1;
+ int level = ctx->param->auth_level;
++ int nid;
++ OSSL_LIB_CTX *libctx = NULL;
+
+ if (level <= 0)
+ return 1;
+ if (level > NUM_AUTH_LEVELS)
+ level = NUM_AUTH_LEVELS;
+
+- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
++ if (ctx->libctx)
++ libctx = ctx->libctx;
++ else if (cert->libctx)
++ libctx = cert->libctx;
++ else
++ libctx = OSSL_LIB_CTX_get0_global_default();
++
++ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL))
+ return 0;
+
++ if (nid == NID_sha1
++ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
++ && ctx->param->auth_level < 3)
++ /* When rh-allow-sha1-signatures = yes and security level <= 2,
++ * explicitly allow SHA1 for backwards compatibility. */
++ return 1;
++
+ return secbits >= minbits_table[level - 1];
+ }
+diff --git a/doc/man5/config.pod b/doc/man5/config.pod
+index aa1be5ca7f..aa69e2b844 100644
+--- a/doc/man5/config.pod
++++ b/doc/man5/config.pod
+@@ -305,7 +305,12 @@ When set to B<no>, any attempt to create or verify a signature with a SHA1
+ digest will fail. For compatibility with older versions of OpenSSL, set this
+ option to B<yes>. This setting also affects TLS, where signature algorithms
+ that use SHA1 as digest will no longer be supported if this option is set to
+-B<no>.
++B<no>. Note that enabling B<rh-allow-sha1-signatures> will allow TLS signature
++algorithms that use SHA1 in security level 2, despite the definition of
++security level 2 of 112 bits of security, which SHA1 does not meet. Because
++TLS 1.1 or lower use MD5-SHA1 as pseudorandom function (PRF) to derive key
++material, disabling B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or
++newer.
+
+ =item B<fips_mode> (deprecated)
+
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index 4b74ee1a34..5f089de107 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -20,6 +20,7 @@
+ #include <openssl/bn.h>
+ #include <openssl/provider.h>
+ #include <openssl/param_build.h>
++#include "crypto/x509.h"
+ #include "internal/sslconf.h"
+ #include "internal/nelem.h"
+ #include "internal/sizes.h"
+@@ -1561,19 +1562,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
+ return 0;
+ }
+- /*
+- * Make sure security callback allows algorithm. For historical
+- * reasons we have to pass the sigalg as a two byte char array.
+- */
+- sigalgstr[0] = (sig >> 8) & 0xff;
+- sigalgstr[1] = sig & 0xff;
+- secbits = sigalg_security_bits(s->ctx, lu);
+- if (secbits == 0 ||
+- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
+- md != NULL ? EVP_MD_get_type(md) : NID_undef,
+- (void *)sigalgstr)) {
+- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
+- return 0;
++
++ if (lu->hash == NID_sha1
++ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
++ && SSL_get_security_level(s) < 3) {
++ /* when rh-allow-sha1-signatures = yes and security level <= 2,
++ * explicitly allow SHA1 for backwards compatibility */
++ } else {
++ /*
++ * Make sure security callback allows algorithm. For historical
++ * reasons we have to pass the sigalg as a two byte char array.
++ */
++ sigalgstr[0] = (sig >> 8) & 0xff;
++ sigalgstr[1] = sig & 0xff;
++ secbits = sigalg_security_bits(s->ctx, lu);
++ if (secbits == 0 ||
++ !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
++ md != NULL ? EVP_MD_get_type(md) : NID_undef,
++ (void *)sigalgstr)) {
++ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
++ return 0;
++ }
+ }
+ /* Store the sigalg the peer uses */
+ s->s3.tmp.peer_sigalg = lu;
+@@ -2106,6 +2115,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
+ }
+ }
+
++ if (lu->hash == NID_sha1
++ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
++ && SSL_get_security_level(s) < 3) {
++ /* when rh-allow-sha1-signatures = yes and security level <= 2,
++ * explicitly allow SHA1 for backwards compatibility */
++ return 1;
++ }
++
+ /* Finally see if security callback allows it */
+ secbits = sigalg_security_bits(s->ctx, lu);
+ sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
+@@ -2977,6 +2994,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
+ {
+ /* Lookup signature algorithm digest */
+ int secbits, nid, pknid;
++ OSSL_LIB_CTX *libctx = NULL;
++
+ /* Don't check signature if self signed */
+ if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
+ return 1;
+@@ -2985,6 +3004,25 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
+ /* If digest NID not defined use signature NID */
+ if (nid == NID_undef)
+ nid = pknid;
++
++ if (x && x->libctx)
++ libctx = x->libctx;
++ else if (ctx && ctx->libctx)
++ libctx = ctx->libctx;
++ else if (s && s->ctx && s->ctx->libctx)
++ libctx = s->ctx->libctx;
++ else
++ libctx = OSSL_LIB_CTX_get0_global_default();
++
++ if (nid == NID_sha1
++ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
++ && ((s != NULL && SSL_get_security_level(s) < 3)
++ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 3)
++ ))
++ /* When rh-allow-sha1-signatures = yes and security level <= 2,
++ * explicitly allow SHA1 for backwards compatibility. */
++ return 1;
++
+ if (s)
+ return ssl_security(s, op, secbits, nid, x);
+ else
+diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
+index 700bbd849c..2de1d76b5e 100644
+--- a/test/recipes/25-test_verify.t
++++ b/test/recipes/25-test_verify.t
+@@ -29,7 +29,7 @@ sub verify {
+ run(app([@args]));
+ }
+
+-plan tests => 160;
++plan tests => 159;
+
+ # Canonical success
+ ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
+@@ -387,8 +387,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"
+ ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
+ "CA with PSS signature using SHA256");
+
+-ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
+- "Reject PSS signature using SHA1 and auth level 1");
++## rh-allow-sha1-signatures=yes allows this to pass despite -auth_level 1
++#ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
++# "Reject PSS signature using SHA1 and auth level 1");
+
+ ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
+ "PSS signature using SHA256 and auth level 2");
+--
+2.35.1
+
diff --git a/SOURCES/0053-CVE-2022-0778.patch b/SOURCES/0053-CVE-2022-0778.patch
new file mode 100644
index 0000000..4f4bcb5
--- /dev/null
+++ b/SOURCES/0053-CVE-2022-0778.patch
@@ -0,0 +1,188 @@
+From 23f1773ddf92979006d0f438523f3c73320c384f Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Mon, 28 Feb 2022 18:26:30 +0100
+Subject: [PATCH] Add documentation of BN_mod_sqrt()
+
+---
+ doc/man3/BN_add.pod | 15 +++++++++++++--
+ util/missingcrypto.txt | 1 -
+ 2 files changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod
+index 62d3ee7205..cf6c49c0e3 100644
+--- a/doc/man3/BN_add.pod
++++ b/doc/man3/BN_add.pod
+@@ -3,7 +3,7 @@
+ =head1 NAME
+
+ BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
+-BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd -
++BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd -
+ arithmetic operations on BIGNUMs
+
+ =head1 SYNOPSIS
+@@ -36,6 +36,8 @@ arithmetic operations on BIGNUMs
+
+ int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
++ BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
++
+ int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
+
+ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+@@ -87,6 +89,12 @@ L<BN_mod_mul_reciprocal(3)>.
+ BN_mod_sqr() takes the square of I<a> modulo B<m> and places the
+ result in I<r>.
+
++BN_mod_sqrt() returns the modular square root of I<a> such that
++C<in^2 = a (mod p)>. The modulus I<p> must be a
++prime, otherwise an error or an incorrect "result" will be returned.
++The result is stored into I<in> which can be NULL. The result will be
++newly allocated in that case.
++
+ BN_exp() raises I<a> to the I<p>-th power and places the result in I<r>
+ (C<r=a^p>). This function is faster than repeated applications of
+ BN_mul().
+@@ -108,7 +116,10 @@ the arguments.
+
+ =head1 RETURN VALUES
+
+-For all functions, 1 is returned for success, 0 on error. The return
++The BN_mod_sqrt() returns the result (possibly incorrect if I<p> is
++not a prime), or NULL.
++
++For all remaining functions, 1 is returned for success, 0 on error. The return
+ value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>).
+ The error codes can be obtained by L<ERR_get_error(3)>.
+
+diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
+index b61bdeb880..4d2fd7f6b7 100644
+--- a/util/missingcrypto.txt
++++ b/util/missingcrypto.txt
+@@ -264,7 +264,6 @@ BN_mod_lshift(3)
+ BN_mod_lshift1(3)
+ BN_mod_lshift1_quick(3)
+ BN_mod_lshift_quick(3)
+-BN_mod_sqrt(3)
+ BN_mod_sub_quick(3)
+ BN_nist_mod_192(3)
+ BN_nist_mod_224(3)
+
+From 46673310c9a755b2a56f53d115854983d6ada11a Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Mon, 28 Feb 2022 18:26:35 +0100
+Subject: [PATCH] Add a negative testcase for BN_mod_sqrt
+
+---
+ test/bntest.c | 11 ++++++++++-
+ test/recipes/10-test_bn_data/bnmod.txt | 12 ++++++++++++
+ 2 files changed, 22 insertions(+), 1 deletion(-)
+
+diff --git a/test/bntest.c b/test/bntest.c
+index efdb3ef963..d49f87373a 100644
+--- a/test/bntest.c
++++ b/test/bntest.c
+@@ -1732,8 +1732,17 @@ static int file_modsqrt(STANZA *s)
+ || !TEST_ptr(ret2 = BN_new()))
+ goto err;
+
++ if (BN_is_negative(mod_sqrt)) {
++ /* A negative testcase */
++ if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx)))
++ goto err;
++
++ st = 1;
++ goto err;
++ }
++
+ /* There are two possible answers. */
+- if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx))
++ if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx))
+ || !TEST_true(BN_sub(ret2, p, ret)))
+ goto err;
+
+diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt
+index e22d656091..bc8a434ea5 100644
+--- a/test/recipes/10-test_bn_data/bnmod.txt
++++ b/test/recipes/10-test_bn_data/bnmod.txt
+@@ -2799,3 +2799,15 @@ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
+ ModSqrt = a1d52989f12f204d3d2167d9b1e6c8a6174c0c786a979a5952383b7b8bd186
+ A = 2eee37cf06228a387788188e650bc6d8a2ff402931443f69156a29155eca07dcb45f3aac238d92943c0c25c896098716baa433f25bd696a142f5a69d5d937e81
+ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
++
++# Negative testcases for BN_mod_sqrt()
++
++# This one triggers an infinite loop with unfixed implementation
++# It should just fail.
++ModSqrt = -1
++A = 20a7ee
++P = 460201
++
++ModSqrt = -1
++A = 65bebdb00a96fc814ec44b81f98b59fba3c30203928fa5214c51e0a97091645280c947b005847f239758482b9bfc45b066fde340d1fe32fc9c1bf02e1b2d0ed
++P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
+
+From cafcc62d7719dea73f334c9ef763d1e215fcd94d Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Mon, 28 Feb 2022 18:26:21 +0100
+Subject: [PATCH] Fix possible infinite loop in BN_mod_sqrt()
+
+The calculation in some cases does not finish for non-prime p.
+
+This fixes CVE-2022-0778.
+
+Based on patch by David Benjamin <davidben@google.com>.
+---
+ crypto/bn/bn_sqrt.c | 30 ++++++++++++++++++------------
+ 1 file changed, 18 insertions(+), 12 deletions(-)
+
+diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
+index b663ae5ec5..c5ea7ab194 100644
+--- a/crypto/bn/bn_sqrt.c
++++ b/crypto/bn/bn_sqrt.c
+@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+ /*
+ * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks
+ * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number
+- * Theory", algorithm 1.5.1). 'p' must be prime!
++ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or
++ * an incorrect "result" will be returned.
+ */
+ {
+ BIGNUM *ret = in;
+@@ -303,18 +304,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+ goto vrfy;
+ }
+
+- /* find smallest i such that b^(2^i) = 1 */
+- i = 1;
+- if (!BN_mod_sqr(t, b, p, ctx))
+- goto end;
+- while (!BN_is_one(t)) {
+- i++;
+- if (i == e) {
+- ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE);
+- goto end;
++ /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */
++ for (i = 1; i < e; i++) {
++ if (i == 1) {
++ if (!BN_mod_sqr(t, b, p, ctx))
++ goto end;
++
++ } else {
++ if (!BN_mod_mul(t, t, t, p, ctx))
++ goto end;
+ }
+- if (!BN_mod_mul(t, t, t, p, ctx))
+- goto end;
++ if (BN_is_one(t))
++ break;
++ }
++ /* If not found, a is not a square or p is not prime. */
++ if (i >= e) {
++ ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE);
++ goto end;
+ }
+
+ /* t := y^2^(e - i - 1) */
+
diff --git a/SOURCES/Makefile.certificate b/SOURCES/Makefile.certificate
new file mode 100644
index 0000000..cc88c52
--- /dev/null
+++ b/SOURCES/Makefile.certificate
@@ -0,0 +1,82 @@
+UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
+DAYS=365
+KEYLEN=2048
+TYPE=rsa:$(KEYLEN)
+EXTRA_FLAGS=
+ifdef SERIAL
+ EXTRA_FLAGS+=-set_serial $(SERIAL)
+endif
+
+.PHONY: usage
+.SUFFIXES: .key .csr .crt .pem
+.PRECIOUS: %.key %.csr %.crt %.pem
+
+usage:
+ @echo "This makefile allows you to create:"
+ @echo " o public/private key pairs"
+ @echo " o SSL certificate signing requests (CSRs)"
+ @echo " o self-signed SSL test certificates"
+ @echo
+ @echo "To create a key pair, run \"make SOMETHING.key\"."
+ @echo "To create a CSR, run \"make SOMETHING.csr\"."
+ @echo "To create a test certificate, run \"make SOMETHING.crt\"."
+ @echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"."
+ @echo
+ @echo "To create a key for use with Apache, run \"make genkey\"."
+ @echo "To create a CSR for use with Apache, run \"make certreq\"."
+ @echo "To create a test certificate for use with Apache, run \"make testcert\"."
+ @echo
+ @echo "To create a test certificate with serial number other than random, add SERIAL=num"
+ @echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n"
+ @echo "Any additional options can be passed to openssl req via EXTRA_FLAGS"
+ @echo
+ @echo Examples:
+ @echo " make server.key"
+ @echo " make server.csr"
+ @echo " make server.crt"
+ @echo " make stunnel.pem"
+ @echo " make genkey"
+ @echo " make certreq"
+ @echo " make testcert"
+ @echo " make server.crt SERIAL=1"
+ @echo " make stunnel.pem EXTRA_FLAGS=-sha384"
+ @echo " make testcert DAYS=600"
+
+%.pem:
+ umask 77 ; \
+ PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
+ PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
+ /usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \
+ cat $$PEM1 > $@ ; \
+ echo "" >> $@ ; \
+ cat $$PEM2 >> $@ ; \
+ $(RM) $$PEM1 $$PEM2
+
+%.key:
+ umask 77 ; \
+ /usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@
+
+%.csr: %.key
+ umask 77 ; \
+ /usr/bin/openssl req $(UTF8) -new -key $^ -out $@
+
+%.crt: %.key
+ umask 77 ; \
+ /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS)
+
+TLSROOT=/etc/pki/tls
+KEY=$(TLSROOT)/private/localhost.key
+CSR=$(TLSROOT)/certs/localhost.csr
+CRT=$(TLSROOT)/certs/localhost.crt
+
+genkey: $(KEY)
+certreq: $(CSR)
+testcert: $(CRT)
+
+$(CSR): $(KEY)
+ umask 77 ; \
+ /usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)
+
+$(CRT): $(KEY)
+ umask 77 ; \
+ /usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS)
diff --git a/SOURCES/configuration-prefix.h b/SOURCES/configuration-prefix.h
new file mode 100644
index 0000000..13b6e23
--- /dev/null
+++ b/SOURCES/configuration-prefix.h
@@ -0,0 +1,7 @@
+/* Prepended at openssl package build-time. Don't include this file directly,
+ * use <openssl/opensslconf.h> instead. */
+
+#ifndef openssl_conf_multilib_redirection_h
+#error "Don't include this file directly, use <openssl/opensslconf.h> instead!"
+#endif
+
diff --git a/SOURCES/configuration-switch.h b/SOURCES/configuration-switch.h
new file mode 100644
index 0000000..1c4d238
--- /dev/null
+++ b/SOURCES/configuration-switch.h
@@ -0,0 +1,47 @@
+/* This file is here to prevent a file conflict on multiarch systems. A
+ * conflict will frequently occur because arch-specific build-time
+ * configuration options are stored (and used, so they can't just be stripped
+ * out) in configuration.h. The original configuration.h has been renamed.
+ * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
+
+#ifdef openssl_conf_multilib_redirection_h
+#error "Do not define openssl_conf_multilib_redirection_h!"
+#endif
+#define openssl_conf_multilib_redirection_h
+
+#if defined(__i386__)
+#include "configuration-i386.h"
+#elif defined(__ia64__)
+#include "configuration-ia64.h"
+#elif defined(__mips64) && defined(__MIPSEL__)
+#include "configuration-mips64el.h"
+#elif defined(__mips64)
+#include "configuration-mips64.h"
+#elif defined(__mips) && defined(__MIPSEL__)
+#include "configuration-mipsel.h"
+#elif defined(__mips)
+#include "configuration-mips.h"
+#elif defined(__powerpc64__)
+#include <endian.h>
+#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+#include "configuration-ppc64.h"
+#else
+#include "configuration-ppc64le.h"
+#endif
+#elif defined(__powerpc__)
+#include "configuration-ppc.h"
+#elif defined(__s390x__)
+#include "configuration-s390x.h"
+#elif defined(__s390__)
+#include "configuration-s390.h"
+#elif defined(__sparc__) && defined(__arch64__)
+#include "configuration-sparc64.h"
+#elif defined(__sparc__)
+#include "configuration-sparc.h"
+#elif defined(__x86_64__)
+#include "configuration-x86_64.h"
+#else
+#error "The openssl-devel package does not work your architecture?"
+#endif
+
+#undef openssl_conf_multilib_redirection_h
diff --git a/SOURCES/ec_curve.c b/SOURCES/ec_curve.c
new file mode 100644
index 0000000..64ac40b
--- /dev/null
+++ b/SOURCES/ec_curve.c
@@ -0,0 +1,628 @@
+/*
+ * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * ECDSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
+#include <string.h>
+#include "ec_local.h"
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/objects.h>
+#include <openssl/opensslconf.h>
+#include "internal/nelem.h"
+
+typedef struct {
+ int field_type, /* either NID_X9_62_prime_field or
+ * NID_X9_62_characteristic_two_field */
+ seed_len, param_len;
+ unsigned int cofactor; /* promoted to BN_ULONG */
+} EC_CURVE_DATA;
+
+/* the nist prime curves */
+static const struct {
+ EC_CURVE_DATA h;
+ unsigned char data[20 + 28 * 6];
+} _EC_NIST_PRIME_224 = {
+ {
+ NID_X9_62_prime_field, 20, 28, 1
+ },
+ {
+ /* seed */
+ 0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F,
+ 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5,
+ /* p */
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x01,
+ /* a */
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFE,
+ /* b */
+ 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
+ 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
+ 0x23, 0x55, 0xFF, 0xB4,
+ /* x */
+ 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
+ 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
+ 0x11, 0x5C, 0x1D, 0x21,
+ /* y */
+ 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
+ 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
+ 0x85, 0x00, 0x7e, 0x34,
+ /* order */
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
+ 0x5C, 0x5C, 0x2A, 0x3D
+ }
+};
+
+static const struct {
+ EC_CURVE_DATA h;
+ unsigned char data[20 + 48 * 6];
+} _EC_NIST_PRIME_384 = {
+ {
+ NID_X9_62_prime_field, 20, 48, 1
+ },
+ {
+ /* seed */
+ 0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A,
+ 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73,
+ /* p */
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+ /* a */
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC,
+ /* b */
+ 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B,
+ 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12,
+ 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D,
+ 0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF,
+ /* x */
+ 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E,
+ 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98,
+ 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D,
+ 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7,
+ /* y */
+ 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf,
+ 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
+ 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce,
+ 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
+ /* order */
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2,
+ 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73
+ }
+};
+
+static const struct {
+ EC_CURVE_DATA h;
+ unsigned char data[20 + 66 * 6];
+} _EC_NIST_PRIME_521 = {
+ {
+ NID_X9_62_prime_field, 20, 66, 1
+ },
+ {
+ /* seed */
+ 0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17,
+ 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA,
+ /* p */
+ 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ /* a */
+ 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+ /* b */
+ 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A,
+ 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3,
+ 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19,
+ 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1,
+ 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45,
+ 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00,
+ /* x */
+ 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E,
+ 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F,
+ 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B,
+ 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF,
+ 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E,
+ 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66,
+ /* y */
+ 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a,
+ 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
+ 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee,
+ 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
+ 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
+ 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
+ /* order */
+ 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86,
+ 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
+ 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F,
+ 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09
+ }
+};
+
+static const struct {
+ EC_CURVE_DATA h;
+ unsigned char data[20 + 32 * 6];
+} _EC_X9_62_PRIME_256V1 = {
+ {
+ NID_X9_62_prime_field, 20, 32, 1
+ },
+ {
+ /* seed */
+ 0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1,
+ 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90,
+ /* p */
+ 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ /* a */
+ 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+ /* b */
+ 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55,
+ 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6,
+ 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B,
+ /* x */
+ 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5,
+ 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0,
+ 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96,
+ /* y */
+ 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a,
+ 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
+ 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
+ /* order */
+ 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
+ 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
+ }
+};
+
+static const struct {
+ EC_CURVE_DATA h;
+ unsigned char data[0 + 32 * 6];
+} _EC_SECG_PRIME_256K1 = {
+ {
+ NID_X9_62_prime_field, 0, 32, 1
+ },
+ {
+ /* no seed */
+ /* p */
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
+ /* a */
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ /* b */
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
+ /* x */
+ 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95,
+ 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9,
+ 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98,
+ /* y */
+ 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc,
+ 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19,
+ 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8,
+ /* order */
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
+ 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
+ }
+};
+
+typedef struct _ec_list_element_st {
+ int nid;
+ const EC_CURVE_DATA *data;
+ const EC_METHOD *(*meth) (void);
+ const char *comment;
+} ec_list_element;
+
+#ifdef FIPS_MODULE
+static const ec_list_element curve_list[] = {
+ /* prime field curves */
+ /* secg curves */
+ {NID_secp224r1, &_EC_NIST_PRIME_224.h,
+# if !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
+ EC_GFp_nistp224_method,
+# else
+ 0,
+# endif
+ "NIST/SECG curve over a 224 bit prime field"},
+ /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
+ {NID_secp384r1, &_EC_NIST_PRIME_384.h,
+# if defined(S390X_EC_ASM)
+ EC_GFp_s390x_nistp384_method,
+# else
+ 0,
+# endif
+ "NIST/SECG curve over a 384 bit prime field"},
+
+ {NID_secp521r1, &_EC_NIST_PRIME_521.h,
+# if defined(S390X_EC_ASM)
+ EC_GFp_s390x_nistp521_method,
+# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
+ EC_GFp_nistp521_method,
+# else
+ 0,
+# endif
+ "NIST/SECG curve over a 521 bit prime field"},
+
+ /* X9.62 curves */
+ {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
+# if defined(ECP_NISTZ256_ASM)
+ EC_GFp_nistz256_method,
+# elif defined(S390X_EC_ASM)
+ EC_GFp_s390x_nistp256_method,
+# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
+ EC_GFp_nistp256_method,
+# else
+ 0,
+# endif
+ "X9.62/SECG curve over a 256 bit prime field"},
+};
+
+#else
+
+static const ec_list_element curve_list[] = {
+ /* prime field curves */
+ /* secg curves */
+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+ {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
+ "NIST/SECG curve over a 224 bit prime field"},
+# else
+ {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
+ "NIST/SECG curve over a 224 bit prime field"},
+# endif
+ {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
+ "SECG curve over a 256 bit prime field"},
+ /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
+ {NID_secp384r1, &_EC_NIST_PRIME_384.h,
+# if defined(S390X_EC_ASM)
+ EC_GFp_s390x_nistp384_method,
+# else
+ 0,
+# endif
+ "NIST/SECG curve over a 384 bit prime field"},
+ {NID_secp521r1, &_EC_NIST_PRIME_521.h,
+# if defined(S390X_EC_ASM)
+ EC_GFp_s390x_nistp521_method,
+# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
+ EC_GFp_nistp521_method,
+# else
+ 0,
+# endif
+ "NIST/SECG curve over a 521 bit prime field"},
+ /* X9.62 curves */
+ {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
+# if defined(ECP_NISTZ256_ASM)
+ EC_GFp_nistz256_method,
+# elif defined(S390X_EC_ASM)
+ EC_GFp_s390x_nistp256_method,
+# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
+ EC_GFp_nistp256_method,
+# else
+ 0,
+# endif
+ "X9.62/SECG curve over a 256 bit prime field"},
+};
+#endif /* FIPS_MODULE */
+
+#define curve_list_length OSSL_NELEM(curve_list)
+
+static const ec_list_element *ec_curve_nid2curve(int nid)
+{
+ size_t i;
+
+ if (nid <= 0)
+ return NULL;
+
+ for (i = 0; i < curve_list_length; i++) {
+ if (curve_list[i].nid == nid)
+ return &curve_list[i];
+ }
+ return NULL;
+}
+
+static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx,
+ const char *propq,
+ const ec_list_element curve)
+{
+ EC_GROUP *group = NULL;
+ EC_POINT *P = NULL;
+ BN_CTX *ctx = NULL;
+ BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order =
+ NULL;
+ int ok = 0;
+ int seed_len, param_len;
+ const EC_METHOD *meth;
+ const EC_CURVE_DATA *data;
+ const unsigned char *params;
+
+ /* If no curve data curve method must handle everything */
+ if (curve.data == NULL)
+ return ossl_ec_group_new_ex(libctx, propq,
+ curve.meth != NULL ? curve.meth() : NULL);
+
+ if ((ctx = BN_CTX_new_ex(libctx)) == NULL) {
+ ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ data = curve.data;
+ seed_len = data->seed_len;
+ param_len = data->param_len;
+ params = (const unsigned char *)(data + 1); /* skip header */
+ params += seed_len; /* skip seed */
+
+ if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL
+ || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL
+ || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) {
+ ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
+ goto err;
+ }
+
+ if (curve.meth != 0) {
+ meth = curve.meth();
+ if (((group = ossl_ec_group_new_ex(libctx, propq, meth)) == NULL) ||
+ (!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
+ ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
+ goto err;
+ }
+ } else if (data->field_type == NID_X9_62_prime_field) {
+ if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
+ ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+#ifndef OPENSSL_NO_EC2M
+ else { /* field_type ==
+ * NID_X9_62_characteristic_two_field */
+
+ if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
+ ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+#endif
+
+ EC_GROUP_set_curve_name(group, curve.nid);
+
+ if ((P = EC_POINT_new(group)) == NULL) {
+ ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
+ goto err;
+ }
+
+ if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL
+ || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) {
+ ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
+ goto err;
+ }
+ if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
+ ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
+ goto err;
+ }
+ if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL
+ || !BN_set_word(x, (BN_ULONG)data->cofactor)) {
+ ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
+ goto err;
+ }
+ if (!EC_GROUP_set_generator(group, P, order, x)) {
+ ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
+ goto err;
+ }
+ if (seed_len) {
+ if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
+ ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+ ok = 1;
+ err:
+ if (!ok) {
+ EC_GROUP_free(group);
+ group = NULL;
+ }
+ EC_POINT_free(P);
+ BN_CTX_free(ctx);
+ BN_free(p);
+ BN_free(a);
+ BN_free(b);
+ BN_free(order);
+ BN_free(x);
+ BN_free(y);
+ return group;
+}
+
+EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq,
+ int nid)
+{
+ EC_GROUP *ret = NULL;
+ const ec_list_element *curve;
+
+ if ((curve = ec_curve_nid2curve(nid)) == NULL
+ || (ret = ec_group_new_from_data(libctx, propq, *curve)) == NULL) {
+#ifndef FIPS_MODULE
+ ERR_raise_data(ERR_LIB_EC, EC_R_UNKNOWN_GROUP,
+ "name=%s", OBJ_nid2sn(nid));
+#else
+ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
+#endif
+ return NULL;
+ }
+
+ return ret;
+}
+
+#ifndef FIPS_MODULE
+EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
+{
+ return EC_GROUP_new_by_curve_name_ex(NULL, NULL, nid);
+}
+#endif
+
+size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
+{
+ size_t i, min;
+
+ if (r == NULL || nitems == 0)
+ return curve_list_length;
+
+ min = nitems < curve_list_length ? nitems : curve_list_length;
+
+ for (i = 0; i < min; i++) {
+ r[i].nid = curve_list[i].nid;
+ r[i].comment = curve_list[i].comment;
+ }
+
+ return curve_list_length;
+}
+
+const char *EC_curve_nid2nist(int nid)
+{
+ return ossl_ec_curve_nid2nist_int(nid);
+}
+
+int EC_curve_nist2nid(const char *name)
+{
+ return ossl_ec_curve_nist2nid_int(name);
+}
+
+#define NUM_BN_FIELDS 6
+/*
+ * Validates EC domain parameter data for known named curves.
+ * This can be used when a curve is loaded explicitly (without a curve
+ * name) or to validate that domain parameters have not been modified.
+ *
+ * Returns: The nid associated with the found named curve, or NID_undef
+ * if not found. If there was an error it returns -1.
+ */
+int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
+{
+ int ret = -1, nid, len, field_type, param_len;
+ size_t i, seed_len;
+ const unsigned char *seed, *params_seed, *params;
+ unsigned char *param_bytes = NULL;
+ const EC_CURVE_DATA *data;
+ const EC_POINT *generator = NULL;
+ const BIGNUM *cofactor = NULL;
+ /* An array of BIGNUMs for (p, a, b, x, y, order) */
+ BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL};
+
+ /* Use the optional named curve nid as a search field */
+ nid = EC_GROUP_get_curve_name(group);
+ field_type = EC_GROUP_get_field_type(group);
+ seed_len = EC_GROUP_get_seed_len(group);
+ seed = EC_GROUP_get0_seed(group);
+ cofactor = EC_GROUP_get0_cofactor(group);
+
+ BN_CTX_start(ctx);
+
+ /*
+ * The built-in curves contains data fields (p, a, b, x, y, order) that are
+ * all zero-padded to be the same size. The size of the padding is
+ * determined by either the number of bytes in the field modulus (p) or the
+ * EC group order, whichever is larger.
+ */
+ param_len = BN_num_bytes(group->order);
+ len = BN_num_bytes(group->field);
+ if (len > param_len)
+ param_len = len;
+
+ /* Allocate space to store the padded data for (p, a, b, x, y, order) */
+ param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS);
+ if (param_bytes == NULL)
+ goto end;
+
+ /* Create the bignums */
+ for (i = 0; i < NUM_BN_FIELDS; ++i) {
+ if ((bn[i] = BN_CTX_get(ctx)) == NULL)
+ goto end;
+ }
+ /*
+ * Fill in the bn array with the same values as the internal curves
+ * i.e. the values are p, a, b, x, y, order.
+ */
+ /* Get p, a & b */
+ if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx)
+ && ((generator = EC_GROUP_get0_generator(group)) != NULL)
+ /* Get x & y */
+ && EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx)
+ /* Get order */
+ && EC_GROUP_get_order(group, bn[5], ctx)))
+ goto end;
+
+ /*
+ * Convert the bignum array to bytes that are joined together to form
+ * a single buffer that contains data for all fields.
+ * (p, a, b, x, y, order) are all zero padded to be the same size.
+ */
+ for (i = 0; i < NUM_BN_FIELDS; ++i) {
+ if (BN_bn2binpad(bn[i], ¶m_bytes[i*param_len], param_len) <= 0)
+ goto end;
+ }
+
+ for (i = 0; i < curve_list_length; i++) {
+ const ec_list_element curve = curve_list[i];
+
+ data = curve.data;
+ /* Get the raw order byte data */
+ params_seed = (const unsigned char *)(data + 1); /* skip header */
+ params = params_seed + data->seed_len;
+
+ /* Look for unique fields in the fixed curve data */
+ if (data->field_type == field_type
+ && param_len == data->param_len
+ && (nid <= 0 || nid == curve.nid)
+ /* check the optional cofactor (ignore if its zero) */
+ && (BN_is_zero(cofactor)
+ || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor))
+ /* Check the optional seed (ignore if its not set) */
+ && (data->seed_len == 0 || seed_len == 0
+ || ((size_t)data->seed_len == seed_len
+ && memcmp(params_seed, seed, seed_len) == 0))
+ /* Check that the groups params match the built-in curve params */
+ && memcmp(param_bytes, params, param_len * NUM_BN_FIELDS)
+ == 0) {
+ ret = curve.nid;
+ goto end;
+ }
+ }
+ /* Gets here if the group was not found */
+ ret = NID_undef;
+end:
+ OPENSSL_free(param_bytes);
+ BN_CTX_end(ctx);
+ return ret;
+}
diff --git a/SOURCES/ectest.c b/SOURCES/ectest.c
new file mode 100644
index 0000000..2ba662f
--- /dev/null
+++ b/SOURCES/ectest.c
@@ -0,0 +1,2311 @@
+/*
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * EC_KEY low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
+#include <string.h>
+#include "internal/nelem.h"
+#include "testutil.h"
+
+#include <openssl/ec.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#include <openssl/opensslconf.h>
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
+#include <openssl/evp.h>
+
+static size_t crv_len = 0;
+static EC_builtin_curve *curves = NULL;
+
+/* test multiplication with group order, long and negative scalars */
+static int group_order_tests(EC_GROUP *group)
+{
+ BIGNUM *n1 = NULL, *n2 = NULL, *order = NULL;
+ EC_POINT *P = NULL, *Q = NULL, *R = NULL, *S = NULL;
+ const EC_POINT *G = NULL;
+ BN_CTX *ctx = NULL;
+ int i = 0, r = 0;
+
+ if (!TEST_ptr(n1 = BN_new())
+ || !TEST_ptr(n2 = BN_new())
+ || !TEST_ptr(order = BN_new())
+ || !TEST_ptr(ctx = BN_CTX_new())
+ || !TEST_ptr(G = EC_GROUP_get0_generator(group))
+ || !TEST_ptr(P = EC_POINT_new(group))
+ || !TEST_ptr(Q = EC_POINT_new(group))
+ || !TEST_ptr(R = EC_POINT_new(group))
+ || !TEST_ptr(S = EC_POINT_new(group)))
+ goto err;
+
+ if (!TEST_true(EC_GROUP_get_order(group, order, ctx))
+ || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
+ || !TEST_true(EC_POINT_is_at_infinity(group, Q))
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+ || !TEST_true(EC_GROUP_precompute_mult(group, ctx))
+#endif
+ || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
+ || !TEST_true(EC_POINT_is_at_infinity(group, Q))
+ || !TEST_true(EC_POINT_copy(P, G))
+ || !TEST_true(BN_one(n1))
+ || !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx))
+ || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))
+ || !TEST_true(BN_sub(n1, order, n1))
+ || !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx))
+ || !TEST_true(EC_POINT_invert(group, Q, ctx))
+ || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)))
+ goto err;
+
+ for (i = 1; i <= 2; i++) {
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+ const BIGNUM *scalars[6];
+ const EC_POINT *points[6];
+#endif
+
+ if (!TEST_true(BN_set_word(n1, i))
+ /*
+ * If i == 1, P will be the predefined generator for which
+ * EC_GROUP_precompute_mult has set up precomputation.
+ */
+ || !TEST_true(EC_POINT_mul(group, P, n1, NULL, NULL, ctx))
+ || (i == 1 && !TEST_int_eq(0, EC_POINT_cmp(group, P, G, ctx)))
+ || !TEST_true(BN_one(n1))
+ /* n1 = 1 - order */
+ || !TEST_true(BN_sub(n1, n1, order))
+ || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n1, ctx))
+ || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))
+
+ /* n2 = 1 + order */
+ || !TEST_true(BN_add(n2, order, BN_value_one()))
+ || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx))
+ || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))
+
+ /* n2 = (1 - order) * (1 + order) = 1 - order^2 */
+ || !TEST_true(BN_mul(n2, n1, n2, ctx))
+ || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx))
+ || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)))
+ goto err;
+
+ /* n2 = order^2 - 1 */
+ BN_set_negative(n2, 0);
+ if (!TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx))
+ /* Add P to verify the result. */
+ || !TEST_true(EC_POINT_add(group, Q, Q, P, ctx))
+ || !TEST_true(EC_POINT_is_at_infinity(group, Q))
+ || !TEST_false(EC_POINT_is_at_infinity(group, P)))
+ goto err;
+
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+ /* Exercise EC_POINTs_mul, including corner cases. */
+ scalars[0] = scalars[1] = BN_value_one();
+ points[0] = points[1] = P;
+
+ if (!TEST_true(EC_POINTs_mul(group, R, NULL, 2, points, scalars, ctx))
+ || !TEST_true(EC_POINT_dbl(group, S, points[0], ctx))
+ || !TEST_int_eq(0, EC_POINT_cmp(group, R, S, ctx)))
+ goto err;
+
+ scalars[0] = n1;
+ points[0] = Q; /* => infinity */
+ scalars[1] = n2;
+ points[1] = P; /* => -P */
+ scalars[2] = n1;
+ points[2] = Q; /* => infinity */
+ scalars[3] = n2;
+ points[3] = Q; /* => infinity */
+ scalars[4] = n1;
+ points[4] = P; /* => P */
+ scalars[5] = n2;
+ points[5] = Q; /* => infinity */
+ if (!TEST_true(EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx))
+ || !TEST_true(EC_POINT_is_at_infinity(group, P)))
+ goto err;
+#endif
+ }
+
+ r = 1;
+err:
+ if (r == 0 && i != 0)
+ TEST_info(i == 1 ? "allowing precomputation" :
+ "without precomputation");
+ EC_POINT_free(P);
+ EC_POINT_free(Q);
+ EC_POINT_free(R);
+ EC_POINT_free(S);
+ BN_free(n1);
+ BN_free(n2);
+ BN_free(order);
+ BN_CTX_free(ctx);
+ return r;
+}
+
+static int prime_field_tests(void)
+{
+ BN_CTX *ctx = NULL;
+ BIGNUM *p = NULL, *a = NULL, *b = NULL, *scalar3 = NULL;
+ EC_GROUP *group = NULL;
+ EC_POINT *P = NULL, *Q = NULL, *R = NULL;
+ BIGNUM *x = NULL, *y = NULL, *z = NULL, *yplusone = NULL;
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+ const EC_POINT *points[4];
+ const BIGNUM *scalars[4];
+#endif
+ unsigned char buf[100];
+ size_t len, r = 0;
+ int k;
+
+ if (!TEST_ptr(ctx = BN_CTX_new())
+ || !TEST_ptr(p = BN_new())
+ || !TEST_ptr(a = BN_new())
+ || !TEST_ptr(b = BN_new())
+ /*
+ * applications should use EC_GROUP_new_curve_GFp so
+ * that the library gets to choose the EC_METHOD
+ */
+ || !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method())))
+ goto err;
+
+ buf[0] = 0;
+ if (!TEST_ptr(P = EC_POINT_new(group))
+ || !TEST_ptr(Q = EC_POINT_new(group))
+ || !TEST_ptr(R = EC_POINT_new(group))
+ || !TEST_ptr(x = BN_new())
+ || !TEST_ptr(y = BN_new())
+ || !TEST_ptr(z = BN_new())
+ || !TEST_ptr(yplusone = BN_new()))
+ goto err;
+
+ /* Curve P-224 (FIPS PUB 186-2, App. 6) */
+
+ if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFF000000000000000000000001"))
+ || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL))
+ || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"))
+ || !TEST_true(BN_hex2bn(&b, "B4050A850C04B3ABF5413256"
+ "5044B0B7D7BFD8BA270B39432355FFB4"))
+ || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
+ || !TEST_true(BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B9"
+ "4A03C1D356C21122343280D6115C1D21"))
+ || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx))
+ || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
+ || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFF16A2E0B8F03E13DD29455C5C2A3D"))
+ || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
+ || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
+ goto err;
+
+ TEST_info("NIST curve P-224 -- Generator");
+ test_output_bignum("x", x);
+ test_output_bignum("y", y);
+ /* G_y value taken from the standard: */
+ if (!TEST_true(BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6"
+ "CD4375A05A07476444D5819985007E34"))
+ || !TEST_BN_eq(y, z)
+ || !TEST_true(BN_add(yplusone, y, BN_value_one()))
+ /*
+ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
+ * and therefore setting the coordinates should fail.
+ */
+ || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
+ ctx))
+ || !TEST_int_eq(EC_GROUP_get_degree(group), 224)
+ || !group_order_tests(group)
+
+ /* Curve P-256 (FIPS PUB 186-2, App. 6) */
+
+ || !TEST_true(BN_hex2bn(&p, "FFFFFFFF000000010000000000000000"
+ "00000000FFFFFFFFFFFFFFFFFFFFFFFF"))
+ || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL))
+ || !TEST_true(BN_hex2bn(&a, "FFFFFFFF000000010000000000000000"
+ "00000000FFFFFFFFFFFFFFFFFFFFFFFC"))
+ || !TEST_true(BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC"
+ "651D06B0CC53B0F63BCE3C3E27D2604B"))
+ || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
+
+ || !TEST_true(BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F2"
+ "77037D812DEB33A0F4A13945D898C296"))
+ || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx))
+ || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
+ || !TEST_true(BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFF"
+ "BCE6FAADA7179E84F3B9CAC2FC632551"))
+ || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
+ || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
+ goto err;
+
+ TEST_info("NIST curve P-256 -- Generator");
+ test_output_bignum("x", x);
+ test_output_bignum("y", y);
+ /* G_y value taken from the standard: */
+ if (!TEST_true(BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16"
+ "2BCE33576B315ECECBB6406837BF51F5"))
+ || !TEST_BN_eq(y, z)
+ || !TEST_true(BN_add(yplusone, y, BN_value_one()))
+ /*
+ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
+ * and therefore setting the coordinates should fail.
+ */
+ || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
+ ctx))
+ || !TEST_int_eq(EC_GROUP_get_degree(group), 256)
+ || !group_order_tests(group)
+
+ /* Curve P-384 (FIPS PUB 186-2, App. 6) */
+
+ || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
+ "FFFFFFFF0000000000000000FFFFFFFF"))
+ || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL))
+ || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
+ "FFFFFFFF0000000000000000FFFFFFFC"))
+ || !TEST_true(BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19"
+ "181D9C6EFE8141120314088F5013875A"
+ "C656398D8A2ED19D2A85C8EDD3EC2AEF"))
+ || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
+
+ || !TEST_true(BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD74"
+ "6E1D3B628BA79B9859F741E082542A38"
+ "5502F25DBF55296C3A545E3872760AB7"))
+ || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx))
+ || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
+ || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFC7634D81F4372DDF"
+ "581A0DB248B0A77AECEC196ACCC52973"))
+ || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
+ || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
+ goto err;
+
+ TEST_info("NIST curve P-384 -- Generator");
+ test_output_bignum("x", x);
+ test_output_bignum("y", y);
+ /* G_y value taken from the standard: */
+ if (!TEST_true(BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29"
+ "F8F41DBD289A147CE9DA3113B5F0B8C0"
+ "0A60B1CE1D7E819D7A431D7C90EA0E5F"))
+ || !TEST_BN_eq(y, z)
+ || !TEST_true(BN_add(yplusone, y, BN_value_one()))
+ /*
+ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
+ * and therefore setting the coordinates should fail.
+ */
+ || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
+ ctx))
+ || !TEST_int_eq(EC_GROUP_get_degree(group), 384)
+ || !group_order_tests(group)
+
+ /* Curve P-521 (FIPS PUB 186-2, App. 6) */
+ || !TEST_true(BN_hex2bn(&p, "1FF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"))
+ || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL))
+ || !TEST_true(BN_hex2bn(&a, "1FF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC"))
+ || !TEST_true(BN_hex2bn(&b, "051"
+ "953EB9618E1C9A1F929A21A0B68540EE"
+ "A2DA725B99B315F3B8B489918EF109E1"
+ "56193951EC7E937B1652C0BD3BB1BF07"
+ "3573DF883D2C34F1EF451FD46B503F00"))
+ || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
+ || !TEST_true(BN_hex2bn(&x, "C6"
+ "858E06B70404E9CD9E3ECB662395B442"
+ "9C648139053FB521F828AF606B4D3DBA"
+ "A14B5E77EFE75928FE1DC127A2FFA8DE"
+ "3348B3C1856A429BF97E7E31C2E5BD66"))
+ || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx))
+ || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
+ || !TEST_true(BN_hex2bn(&z, "1FF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA"
+ "51868783BF2F966B7FCC0148F709A5D0"
+ "3BB5C9B8899C47AEBB6FB71E91386409"))
+ || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
+ || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
+ goto err;
+
+ TEST_info("NIST curve P-521 -- Generator");
+ test_output_bignum("x", x);
+ test_output_bignum("y", y);
+ /* G_y value taken from the standard: */
+ if (!TEST_true(BN_hex2bn(&z, "118"
+ "39296A789A3BC0045C8A5FB42C7D1BD9"
+ "98F54449579B446817AFBD17273E662C"
+ "97EE72995EF42640C550B9013FAD0761"
+ "353C7086A272C24088BE94769FD16650"))
+ || !TEST_BN_eq(y, z)
+ || !TEST_true(BN_add(yplusone, y, BN_value_one()))
+ /*
+ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
+ * and therefore setting the coordinates should fail.
+ */
+ || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
+ ctx))
+ || !TEST_int_eq(EC_GROUP_get_degree(group), 521)
+ || !group_order_tests(group)
+
+ /* more tests using the last curve */
+
+ /* Restore the point that got mangled in the (x, y + 1) test. */
+ || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx))
+ || !TEST_true(EC_POINT_copy(Q, P))
+ || !TEST_false(EC_POINT_is_at_infinity(group, Q))
+ || !TEST_true(EC_POINT_dbl(group, P, P, ctx))
+ || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
+ || !TEST_true(EC_POINT_invert(group, Q, ctx)) /* P = -2Q */
+ || !TEST_true(EC_POINT_add(group, R, P, Q, ctx))
+ || !TEST_true(EC_POINT_add(group, R, R, Q, ctx))
+ || !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */
+ || !TEST_false(EC_POINT_is_at_infinity(group, Q)))
+ goto err;
+
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+ TEST_note("combined multiplication ...");
+ points[0] = Q;
+ points[1] = Q;
+ points[2] = Q;
+ points[3] = Q;
+
+ if (!TEST_true(EC_GROUP_get_order(group, z, ctx))
+ || !TEST_true(BN_add(y, z, BN_value_one()))
+ || !TEST_BN_even(y)
+ || !TEST_true(BN_rshift1(y, y)))
+ goto err;
+
+ scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
+ scalars[1] = y;
+
+ /* z is still the group order */
+ if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+ || !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
+ || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx))
+ || !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx))
+ || !TEST_true(BN_rand(y, BN_num_bits(y), 0, 0))
+ || !TEST_true(BN_add(z, z, y)))
+ goto err;
+ BN_set_negative(z, 1);
+ scalars[0] = y;
+ scalars[1] = z; /* z = -(order + y) */
+
+ if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+ || !TEST_true(EC_POINT_is_at_infinity(group, P))
+ || !TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0))
+ || !TEST_true(BN_add(z, x, y)))
+ goto err;
+ BN_set_negative(z, 1);
+ scalars[0] = x;
+ scalars[1] = y;
+ scalars[2] = z; /* z = -(x+y) */
+
+ if (!TEST_ptr(scalar3 = BN_new()))
+ goto err;
+ BN_zero(scalar3);
+ scalars[3] = scalar3;
+
+ if (!TEST_true(EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
+ || !TEST_true(EC_POINT_is_at_infinity(group, P)))
+ goto err;
+#endif
+ TEST_note(" ok\n");
+ r = 1;
+err:
+ BN_CTX_free(ctx);
+ BN_free(p);
+ BN_free(a);
+ BN_free(b);
+ EC_GROUP_free(group);
+ EC_POINT_free(P);
+ EC_POINT_free(Q);
+ EC_POINT_free(R);
+ BN_free(x);
+ BN_free(y);
+ BN_free(z);
+ BN_free(yplusone);
+ BN_free(scalar3);
+ return r;
+}
+
+static int internal_curve_test(int n)
+{
+ EC_GROUP *group = NULL;
+ int nid = curves[n].nid;
+
+ if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) {
+ TEST_info("EC_GROUP_new_curve_name() failed with curve %s\n",
+ OBJ_nid2sn(nid));
+ return 0;
+ }
+ if (!TEST_true(EC_GROUP_check(group, NULL))) {
+ TEST_info("EC_GROUP_check() failed with curve %s\n", OBJ_nid2sn(nid));
+ EC_GROUP_free(group);
+ return 0;
+ }
+ EC_GROUP_free(group);
+ return 1;
+}
+
+static int internal_curve_test_method(int n)
+{
+ int r, nid = curves[n].nid;
+ EC_GROUP *group;
+
+ if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) {
+ TEST_info("Curve %s failed\n", OBJ_nid2sn(nid));
+ return 0;
+ }
+ r = group_order_tests(group);
+ EC_GROUP_free(group);
+ return r;
+}
+
+static int group_field_test(void)
+{
+ int r = 1;
+ BIGNUM *secp521r1_field = NULL;
+ BIGNUM *sect163r2_field = NULL;
+ EC_GROUP *secp521r1_group = NULL;
+ EC_GROUP *sect163r2_group = NULL;
+
+ BN_hex2bn(&secp521r1_field,
+ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFF");
+
+
+ BN_hex2bn(§163r2_field,
+ "08000000000000000000000000000000"
+ "00000000C9");
+
+ secp521r1_group = EC_GROUP_new_by_curve_name(NID_secp521r1);
+ if (BN_cmp(secp521r1_field, EC_GROUP_get0_field(secp521r1_group)))
+ r = 0;
+
+ # ifndef OPENSSL_NO_EC2M
+ sect163r2_group = EC_GROUP_new_by_curve_name(NID_sect163r2);
+ if (BN_cmp(sect163r2_field, EC_GROUP_get0_field(sect163r2_group)))
+ r = 0;
+ # endif
+
+ EC_GROUP_free(secp521r1_group);
+ EC_GROUP_free(sect163r2_group);
+ BN_free(secp521r1_field);
+ BN_free(sect163r2_field);
+ return r;
+}
+/*
+ * nistp_test_params contains magic numbers for testing
+ * several NIST curves with characteristic > 3.
+ */
+struct nistp_test_params {
+ const int nid;
+ int degree;
+ /*
+ * Qx, Qy and D are taken from
+ * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
+ * Otherwise, values are standard curve parameters from FIPS 180-3
+ */
+ const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
+};
+
+static const struct nistp_test_params nistp_tests_params[] = {
+ {
+ /* P-224 */
+ NID_secp224r1,
+ 224,
+ /* p */
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+ /* a */
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
+ /* b */
+ "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+ /* Qx */
+ "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E",
+ /* Qy */
+ "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555",
+ /* Gx */
+ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+ /* Gy */
+ "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
+ /* order */
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
+ /* d */
+ "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8",
+ },
+ {
+ /* P-256 */
+ NID_X9_62_prime256v1,
+ 256,
+ /* p */
+ "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
+ /* a */
+ "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
+ /* b */
+ "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
+ /* Qx */
+ "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19",
+ /* Qy */
+ "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09",
+ /* Gx */
+ "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
+ /* Gy */
+ "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
+ /* order */
+ "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
+ /* d */
+ "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96",
+ },
+ {
+ /* P-521 */
+ NID_secp521r1,
+ 521,
+ /* p */
+ "1ff"
+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ /* a */
+ "1ff"
+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+ "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
+ /* b */
+ "051"
+ "953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e1"
+ "56193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
+ /* Qx */
+ "0098"
+ "e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e"
+ "59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4",
+ /* Qy */
+ "0164"
+ "350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8"
+ "554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e",
+ /* Gx */
+ "c6"
+ "858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dba"
+ "a14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
+ /* Gy */
+ "118"
+ "39296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c"
+ "97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
+ /* order */
+ "1ff"
+ "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa"
+ "51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
+ /* d */
+ "0100"
+ "085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eee"
+ "df09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722",
+ },
+};
+
+static int nistp_single_test(int idx)
+{
+ const struct nistp_test_params *test = nistp_tests_params + idx;
+ BN_CTX *ctx = NULL;
+ BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL;
+ BIGNUM *n = NULL, *m = NULL, *order = NULL, *yplusone = NULL;
+ EC_GROUP *NISTP = NULL;
+ EC_POINT *G = NULL, *P = NULL, *Q = NULL, *Q_CHECK = NULL;
+ int r = 0;
+
+ TEST_note("NIST curve P-%d (optimised implementation):",
+ test->degree);
+ if (!TEST_ptr(ctx = BN_CTX_new())
+ || !TEST_ptr(p = BN_new())
+ || !TEST_ptr(a = BN_new())
+ || !TEST_ptr(b = BN_new())
+ || !TEST_ptr(x = BN_new())
+ || !TEST_ptr(y = BN_new())
+ || !TEST_ptr(m = BN_new())
+ || !TEST_ptr(n = BN_new())
+ || !TEST_ptr(order = BN_new())
+ || !TEST_ptr(yplusone = BN_new())
+
+ || !TEST_ptr(NISTP = EC_GROUP_new_by_curve_name(test->nid))
+ || !TEST_true(BN_hex2bn(&p, test->p))
+ || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL))
+ || !TEST_true(BN_hex2bn(&a, test->a))
+ || !TEST_true(BN_hex2bn(&b, test->b))
+ || !TEST_true(EC_GROUP_set_curve(NISTP, p, a, b, ctx))
+ || !TEST_ptr(G = EC_POINT_new(NISTP))
+ || !TEST_ptr(P = EC_POINT_new(NISTP))
+ || !TEST_ptr(Q = EC_POINT_new(NISTP))
+ || !TEST_ptr(Q_CHECK = EC_POINT_new(NISTP))
+ || !TEST_true(BN_hex2bn(&x, test->Qx))
+ || !TEST_true(BN_hex2bn(&y, test->Qy))
+ || !TEST_true(BN_add(yplusone, y, BN_value_one()))
+ /*
+ * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
+ * and therefore setting the coordinates should fail.
+ */
+ || !TEST_false(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x,
+ yplusone, ctx))
+ || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, y,
+ ctx))
+ || !TEST_true(BN_hex2bn(&x, test->Gx))
+ || !TEST_true(BN_hex2bn(&y, test->Gy))
+ || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, G, x, y, ctx))
+ || !TEST_true(BN_hex2bn(&order, test->order))
+ || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
+ || !TEST_int_eq(EC_GROUP_get_degree(NISTP), test->degree))
+ goto err;
+
+ TEST_note("NIST test vectors ... ");
+ if (!TEST_true(BN_hex2bn(&n, test->d)))
+ goto err;
+ /* fixed point multiplication */
+ EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
+ if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
+ goto err;
+ /* random point multiplication */
+ EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
+ if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+
+ /* set generator to P = 2*G, where G is the standard generator */
+ || !TEST_true(EC_POINT_dbl(NISTP, P, G, ctx))
+ || !TEST_true(EC_GROUP_set_generator(NISTP, P, order, BN_value_one()))
+ /* set the scalar to m=n/2, where n is the NIST test scalar */
+ || !TEST_true(BN_rshift(m, n, 1)))
+ goto err;
+
+ /* test the non-standard generator */
+ /* fixed point multiplication */
+ EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
+ if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
+ goto err;
+ /* random point multiplication */
+ EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
+ if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+ /* We have not performed precomp so this should be false */
+ || !TEST_false(EC_GROUP_have_precompute_mult(NISTP))
+ /* now repeat all tests with precomputation */
+ || !TEST_true(EC_GROUP_precompute_mult(NISTP, ctx))
+#endif
+ )
+ goto err;
+
+ /* fixed point multiplication */
+ EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
+ if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
+ goto err;
+ /* random point multiplication */
+ EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
+ if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+
+ /* reset generator */
+ || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one())))
+ goto err;
+ /* fixed point multiplication */
+ EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
+ if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
+ goto err;
+ /* random point multiplication */
+ EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
+ if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
+ goto err;
+
+ /* regression test for felem_neg bug */
+ if (!TEST_true(BN_set_word(m, 32))
+ || !TEST_true(BN_set_word(n, 31))
+ || !TEST_true(EC_POINT_copy(P, G))
+ || !TEST_true(EC_POINT_invert(NISTP, P, ctx))
+ || !TEST_true(EC_POINT_mul(NISTP, Q, m, P, n, ctx))
+ || !TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, G, ctx)))
+ goto err;
+
+ r = 1;
+err:
+ EC_GROUP_free(NISTP);
+ EC_POINT_free(G);
+ EC_POINT_free(P);
+ EC_POINT_free(Q);
+ EC_POINT_free(Q_CHECK);
+ BN_free(n);
+ BN_free(m);
+ BN_free(p);
+ BN_free(a);
+ BN_free(b);
+ BN_free(x);
+ BN_free(y);
+ BN_free(order);
+ BN_free(yplusone);
+ BN_CTX_free(ctx);
+ return r;
+}
+
+static const unsigned char p521_named[] = {
+ 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23,
+};
+
+static const unsigned char p521_explicit[] = {
+ 0x30, 0x82, 0x01, 0xc3, 0x02, 0x01, 0x01, 0x30, 0x4d, 0x06, 0x07, 0x2a,
+ 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x42, 0x01, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0x30, 0x81, 0x9f, 0x04, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xfc, 0x04, 0x42, 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, 0x9a,
+ 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, 0x40, 0xee, 0xa2, 0xda, 0x72,
+ 0x5b, 0x99, 0xb3, 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1, 0x09,
+ 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, 0x93, 0x7b, 0x16, 0x52, 0xc0,
+ 0xbd, 0x3b, 0xb1, 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, 0x34,
+ 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50, 0x3f, 0x00, 0x03, 0x15, 0x00,
+ 0xd0, 0x9e, 0x88, 0x00, 0x29, 0x1c, 0xb8, 0x53, 0x96, 0xcc, 0x67, 0x17,
+ 0x39, 0x32, 0x84, 0xaa, 0xa0, 0xda, 0x64, 0xba, 0x04, 0x81, 0x85, 0x04,
+ 0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, 0xe9, 0xcd, 0x9e, 0x3e,
+ 0xcb, 0x66, 0x23, 0x95, 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f,
+ 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d, 0x3d, 0xba, 0xa1, 0x4b,
+ 0x5e, 0x77, 0xef, 0xe7, 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff,
+ 0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, 0x42, 0x9b, 0xf9, 0x7e,
+ 0x7e, 0x31, 0xc2, 0xe5, 0xbd, 0x66, 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78,
+ 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9,
+ 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17,
+ 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40,
+ 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86,
+ 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
+ 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfa,
+ 0x51, 0x86, 0x87, 0x83, 0xbf, 0x2f, 0x96, 0x6b, 0x7f, 0xcc, 0x01, 0x48,
+ 0xf7, 0x09, 0xa5, 0xd0, 0x3b, 0xb5, 0xc9, 0xb8, 0x89, 0x9c, 0x47, 0xae,
+ 0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01,
+};
+
+/*
+ * This test validates a named curve's group parameters using
+ * EC_GROUP_check_named_curve(). It also checks that modifying any of the
+ * group parameters results in the curve not being valid.
+ */
+static int check_named_curve_test(int id)
+{
+ int ret = 0, nid, field_nid, has_seed;
+ EC_GROUP *group = NULL, *gtest = NULL;
+ const EC_POINT *group_gen = NULL;
+ EC_POINT *other_gen = NULL;
+ BIGNUM *group_p = NULL, *group_a = NULL, *group_b = NULL;
+ BIGNUM *other_p = NULL, *other_a = NULL, *other_b = NULL;
+ BIGNUM *group_cofactor = NULL, *other_cofactor = NULL;
+ BIGNUM *other_order = NULL;
+ const BIGNUM *group_order = NULL;
+ BN_CTX *bn_ctx = NULL;
+ static const unsigned char invalid_seed[] = "THIS IS NOT A VALID SEED";
+ static size_t invalid_seed_len = sizeof(invalid_seed);
+
+ /* Do some setup */
+ nid = curves[id].nid;
+ if (!TEST_ptr(bn_ctx = BN_CTX_new())
+ || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))
+ || !TEST_ptr(gtest = EC_GROUP_dup(group))
+ || !TEST_ptr(group_p = BN_new())
+ || !TEST_ptr(group_a = BN_new())
+ || !TEST_ptr(group_b = BN_new())
+ || !TEST_ptr(group_cofactor = BN_new())
+ || !TEST_ptr(group_gen = EC_GROUP_get0_generator(group))
+ || !TEST_ptr(group_order = EC_GROUP_get0_order(group))
+ || !TEST_true(EC_GROUP_get_cofactor(group, group_cofactor, NULL))
+ || !TEST_true(EC_GROUP_get_curve(group, group_p, group_a, group_b, NULL))
+ || !TEST_ptr(other_gen = EC_POINT_dup(group_gen, group))
+ || !TEST_true(EC_POINT_add(group, other_gen, group_gen, group_gen, NULL))
+ || !TEST_ptr(other_order = BN_dup(group_order))
+ || !TEST_true(BN_add_word(other_order, 1))
+ || !TEST_ptr(other_a = BN_dup(group_a))
+ || !TEST_true(BN_add_word(other_a, 1))
+ || !TEST_ptr(other_b = BN_dup(group_b))
+ || !TEST_true(BN_add_word(other_b, 1))
+ || !TEST_ptr(other_cofactor = BN_dup(group_cofactor))
+ || !TEST_true(BN_add_word(other_cofactor, 1)))
+ goto err;
+
+ /* Determine if the built-in curve has a seed field set */
+ has_seed = (EC_GROUP_get_seed_len(group) > 0);
+ field_nid = EC_GROUP_get_field_type(group);
+ if (field_nid == NID_X9_62_characteristic_two_field) {
+ if (!TEST_ptr(other_p = BN_dup(group_p))
+ || !TEST_true(BN_lshift1(other_p, other_p)))
+ goto err;
+ } else {
+ if (!TEST_ptr(other_p = BN_dup(group_p)))
+ goto err;
+ /*
+ * Just choosing any arbitrary prime does not work..
+ * Setting p via ec_GFp_nist_group_set_curve() needs the prime to be a
+ * nist prime. So only select one of these as an alternate prime.
+ */
+ if (!TEST_ptr(BN_copy(other_p,
+ BN_ucmp(BN_get0_nist_prime_192(), other_p) == 0 ?
+ BN_get0_nist_prime_256() :
+ BN_get0_nist_prime_192())))
+ goto err;
+ }
+
+ /* Passes because this is a valid curve */
+ if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid)
+ /* Only NIST curves pass */
+ || !TEST_int_eq(EC_GROUP_check_named_curve(group, 1, NULL),
+ EC_curve_nid2nist(nid) != NULL ? nid : NID_undef))
+ goto err;
+
+ /* Fail if the curve name doesn't match the parameters */
+ EC_GROUP_set_curve_name(group, nid + 1);
+ ERR_set_mark();
+ if (!TEST_int_le(EC_GROUP_check_named_curve(group, 0, NULL), 0))
+ goto err;
+ ERR_pop_to_mark();
+
+ /* Restore curve name and ensure it's passing */
+ EC_GROUP_set_curve_name(group, nid);
+ if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid))
+ goto err;
+
+ if (!TEST_int_eq(EC_GROUP_set_seed(group, invalid_seed, invalid_seed_len),
+ invalid_seed_len))
+ goto err;
+
+ if (has_seed) {
+ /*
+ * If the built-in curve has a seed and we set the seed to another value
+ * then it will fail the check.
+ */
+ if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), 0))
+ goto err;
+ } else {
+ /*
+ * If the built-in curve does not have a seed then setting the seed will
+ * pass the check (as the seed is optional).
+ */
+ if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid))
+ goto err;
+ }
+ /* Pass if the seed is unknown (as it is optional) */
+ if (!TEST_int_eq(EC_GROUP_set_seed(group, NULL, 0), 1)
+ || !TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid))
+ goto err;
+
+ /* Check that a duped group passes */
+ if (!TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid))
+ goto err;
+
+ /* check that changing any generator parameter fails */
+ if (!TEST_true(EC_GROUP_set_generator(gtest, other_gen, group_order,
+ group_cofactor))
+ || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)
+ || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, other_order,
+ group_cofactor))
+ || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)
+ /* The order is not an optional field, so this should fail */
+ || !TEST_false(EC_GROUP_set_generator(gtest, group_gen, NULL,
+ group_cofactor))
+ || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order,
+ other_cofactor))
+ || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)
+ /* Check that if the cofactor is not set then it still passes */
+ || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order,
+ NULL))
+ || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid)
+ /* check that restoring the generator passes */
+ || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order,
+ group_cofactor))
+ || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid))
+ goto err;
+
+ /*
+ * check that changing any curve parameter fails
+ *
+ * Setting arbitrary p, a or b might fail for some EC_GROUPs
+ * depending on the internal EC_METHOD implementation, hence run
+ * these tests conditionally to the success of EC_GROUP_set_curve().
+ */
+ ERR_set_mark();
+ if (EC_GROUP_set_curve(gtest, other_p, group_a, group_b, NULL)) {
+ if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0))
+ goto err;
+ } else {
+ /* clear the error stack if EC_GROUP_set_curve() failed */
+ ERR_pop_to_mark();
+ ERR_set_mark();
+ }
+ if (EC_GROUP_set_curve(gtest, group_p, other_a, group_b, NULL)) {
+ if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0))
+ goto err;
+ } else {
+ /* clear the error stack if EC_GROUP_set_curve() failed */
+ ERR_pop_to_mark();
+ ERR_set_mark();
+ }
+ if (EC_GROUP_set_curve(gtest, group_p, group_a, other_b, NULL)) {
+ if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0))
+ goto err;
+ } else {
+ /* clear the error stack if EC_GROUP_set_curve() failed */
+ ERR_pop_to_mark();
+ ERR_set_mark();
+ }
+ ERR_pop_to_mark();
+
+ /* Check that restoring the curve parameters passes */
+ if (!TEST_true(EC_GROUP_set_curve(gtest, group_p, group_a, group_b, NULL))
+ || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid))
+ goto err;
+
+ ret = 1;
+err:
+ BN_free(group_p);
+ BN_free(other_p);
+ BN_free(group_a);
+ BN_free(other_a);
+ BN_free(group_b);
+ BN_free(other_b);
+ BN_free(group_cofactor);
+ BN_free(other_cofactor);
+ BN_free(other_order);
+ EC_POINT_free(other_gen);
+ EC_GROUP_free(gtest);
+ EC_GROUP_free(group);
+ BN_CTX_free(bn_ctx);
+ return ret;
+}
+
+/*
+ * This checks the lookup capability of EC_GROUP_check_named_curve()
+ * when the given group was created with explicit parameters.
+ *
+ * It is possible to retrieve an alternative alias that does not match
+ * the original nid in this case.
+ */
+static int check_named_curve_lookup_test(int id)
+{
+ int ret = 0, nid, rv = 0;
+ EC_GROUP *g = NULL , *ga = NULL;
+ ECPARAMETERS *p = NULL, *pa = NULL;
+ BN_CTX *ctx = NULL;
+
+ /* Do some setup */
+ nid = curves[id].nid;
+ if (!TEST_ptr(ctx = BN_CTX_new())
+ || !TEST_ptr(g = EC_GROUP_new_by_curve_name(nid))
+ || !TEST_ptr(p = EC_GROUP_get_ecparameters(g, NULL)))
+ goto err;
+
+ /* replace with group from explicit parameters */
+ EC_GROUP_free(g);
+ if (!TEST_ptr(g = EC_GROUP_new_from_ecparameters(p)))
+ goto err;
+
+ if (!TEST_int_gt(rv = EC_GROUP_check_named_curve(g, 0, NULL), 0))
+ goto err;
+ if (rv != nid) {
+ /*
+ * Found an alias:
+ * fail if the returned nid is not an alias of the original group.
+ *
+ * The comparison here is done by comparing two explicit
+ * parameter EC_GROUPs with EC_GROUP_cmp(), to ensure the
+ * comparison happens with unnamed EC_GROUPs using the same
+ * EC_METHODs.
+ */
+ if (!TEST_ptr(ga = EC_GROUP_new_by_curve_name(rv))
+ || !TEST_ptr(pa = EC_GROUP_get_ecparameters(ga, NULL)))
+ goto err;
+
+ /* replace with group from explicit parameters, then compare */
+ EC_GROUP_free(ga);
+ if (!TEST_ptr(ga = EC_GROUP_new_from_ecparameters(pa))
+ || !TEST_int_eq(EC_GROUP_cmp(g, ga, ctx), 0))
+ goto err;
+ }
+
+ ret = 1;
+
+ err:
+ EC_GROUP_free(g);
+ EC_GROUP_free(ga);
+ ECPARAMETERS_free(p);
+ ECPARAMETERS_free(pa);
+ BN_CTX_free(ctx);
+
+ return ret;
+}
+
+/*
+ * Sometime we cannot compare nids for equality, as the built-in curve table
+ * includes aliases with different names for the same curve.
+ *
+ * This function returns TRUE (1) if the checked nids are identical, or if they
+ * alias to the same curve. FALSE (0) otherwise.
+ */
+static ossl_inline
+int are_ec_nids_compatible(int n1d, int n2d)
+{
+ int ret = 0;
+ switch (n1d) {
+#ifndef OPENSSL_NO_EC2M
+ case NID_sect113r1:
+ case NID_wap_wsg_idm_ecid_wtls4:
+ ret = (n2d == NID_sect113r1 || n2d == NID_wap_wsg_idm_ecid_wtls4);
+ break;
+ case NID_sect163k1:
+ case NID_wap_wsg_idm_ecid_wtls3:
+ ret = (n2d == NID_sect163k1 || n2d == NID_wap_wsg_idm_ecid_wtls3);
+ break;
+ case NID_sect233k1:
+ case NID_wap_wsg_idm_ecid_wtls10:
+ ret = (n2d == NID_sect233k1 || n2d == NID_wap_wsg_idm_ecid_wtls10);
+ break;
+ case NID_sect233r1:
+ case NID_wap_wsg_idm_ecid_wtls11:
+ ret = (n2d == NID_sect233r1 || n2d == NID_wap_wsg_idm_ecid_wtls11);
+ break;
+ case NID_X9_62_c2pnb163v1:
+ case NID_wap_wsg_idm_ecid_wtls5:
+ ret = (n2d == NID_X9_62_c2pnb163v1
+ || n2d == NID_wap_wsg_idm_ecid_wtls5);
+ break;
+#endif /* OPENSSL_NO_EC2M */
+ case NID_secp112r1:
+ case NID_wap_wsg_idm_ecid_wtls6:
+ ret = (n2d == NID_secp112r1 || n2d == NID_wap_wsg_idm_ecid_wtls6);
+ break;
+ case NID_secp160r2:
+ case NID_wap_wsg_idm_ecid_wtls7:
+ ret = (n2d == NID_secp160r2 || n2d == NID_wap_wsg_idm_ecid_wtls7);
+ break;
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+ case NID_secp224r1:
+ case NID_wap_wsg_idm_ecid_wtls12:
+ ret = (n2d == NID_secp224r1 || n2d == NID_wap_wsg_idm_ecid_wtls12);
+ break;
+#else
+ /*
+ * For SEC P-224 we want to ensure that the SECP nid is returned, as
+ * that is associated with a specialized method.
+ */
+ case NID_wap_wsg_idm_ecid_wtls12:
+ ret = (n2d == NID_secp224r1);
+ break;
+#endif /* def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
+
+ default:
+ ret = (n1d == n2d);
+ }
+ return ret;
+}
+
+/*
+ * This checks that EC_GROUP_bew_from_ecparameters() returns a "named"
+ * EC_GROUP for built-in curves.
+ *
+ * Note that it is possible to retrieve an alternative alias that does not match
+ * the original nid.
+ *
+ * Ensure that the OPENSSL_EC_EXPLICIT_CURVE ASN1 flag is set.
+ */
+static int check_named_curve_from_ecparameters(int id)
+{
+ int ret = 0, nid, tnid;
+ EC_GROUP *group = NULL, *tgroup = NULL, *tmpg = NULL;
+ const EC_POINT *group_gen = NULL;
+ EC_POINT *other_gen = NULL;
+ BIGNUM *group_cofactor = NULL, *other_cofactor = NULL;
+ BIGNUM *other_gen_x = NULL, *other_gen_y = NULL;
+ const BIGNUM *group_order = NULL;
+ BIGNUM *other_order = NULL;
+ BN_CTX *bn_ctx = NULL;
+ static const unsigned char invalid_seed[] = "THIS IS NOT A VALID SEED";
+ static size_t invalid_seed_len = sizeof(invalid_seed);
+ ECPARAMETERS *params = NULL, *other_params = NULL;
+ EC_GROUP *g_ary[8] = {NULL};
+ EC_GROUP **g_next = &g_ary[0];
+ ECPARAMETERS *p_ary[8] = {NULL};
+ ECPARAMETERS **p_next = &p_ary[0];
+
+ /* Do some setup */
+ nid = curves[id].nid;
+ TEST_note("Curve %s", OBJ_nid2sn(nid));
+ if (!TEST_ptr(bn_ctx = BN_CTX_new()))
+ return ret;
+ BN_CTX_start(bn_ctx);
+
+ if (/* Allocations */
+ !TEST_ptr(group_cofactor = BN_CTX_get(bn_ctx))
+ || !TEST_ptr(other_gen_x = BN_CTX_get(bn_ctx))
+ || !TEST_ptr(other_gen_y = BN_CTX_get(bn_ctx))
+ || !TEST_ptr(other_order = BN_CTX_get(bn_ctx))
+ || !TEST_ptr(other_cofactor = BN_CTX_get(bn_ctx))
+ /* Generate reference group and params */
+ || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))
+ || !TEST_ptr(params = EC_GROUP_get_ecparameters(group, NULL))
+ || !TEST_ptr(group_gen = EC_GROUP_get0_generator(group))
+ || !TEST_ptr(group_order = EC_GROUP_get0_order(group))
+ || !TEST_true(EC_GROUP_get_cofactor(group, group_cofactor, NULL))
+ /* compute `other_*` values */
+ || !TEST_ptr(tmpg = EC_GROUP_dup(group))
+ || !TEST_ptr(other_gen = EC_POINT_dup(group_gen, group))
+ || !TEST_true(EC_POINT_add(group, other_gen, group_gen, group_gen, NULL))
+ || !TEST_true(EC_POINT_get_affine_coordinates(group, other_gen,
+ other_gen_x, other_gen_y, bn_ctx))
+ || !TEST_true(BN_copy(other_order, group_order))
+ || !TEST_true(BN_add_word(other_order, 1))
+ || !TEST_true(BN_copy(other_cofactor, group_cofactor))
+ || !TEST_true(BN_add_word(other_cofactor, 1)))
+ goto err;
+
+ EC_POINT_free(other_gen);
+ other_gen = NULL;
+
+ if (!TEST_ptr(other_gen = EC_POINT_new(tmpg))
+ || !TEST_true(EC_POINT_set_affine_coordinates(tmpg, other_gen,
+ other_gen_x, other_gen_y,
+ bn_ctx)))
+ goto err;
+
+ /*
+ * ###########################
+ * # Actual tests start here #
+ * ###########################
+ */
+
+ /*
+ * Creating a group from built-in explicit parameters returns a
+ * "named" EC_GROUP
+ */
+ if (!TEST_ptr(tgroup = *g_next++ = EC_GROUP_new_from_ecparameters(params))
+ || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef))
+ goto err;
+ /*
+ * We cannot always guarantee the names match, as the built-in table
+ * contains aliases for the same curve with different names.
+ */
+ if (!TEST_true(are_ec_nids_compatible(nid, tnid))) {
+ TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid));
+ goto err;
+ }
+ /* Ensure that the OPENSSL_EC_EXPLICIT_CURVE ASN1 flag is set. */
+ if (!TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), OPENSSL_EC_EXPLICIT_CURVE))
+ goto err;
+
+ /*
+ * An invalid seed in the parameters should be ignored: expect a "named"
+ * group.
+ */
+ if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, invalid_seed, invalid_seed_len),
+ invalid_seed_len)
+ || !TEST_ptr(other_params = *p_next++ =
+ EC_GROUP_get_ecparameters(tmpg, NULL))
+ || !TEST_ptr(tgroup = *g_next++ =
+ EC_GROUP_new_from_ecparameters(other_params))
+ || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)
+ || !TEST_true(are_ec_nids_compatible(nid, tnid))
+ || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup),
+ OPENSSL_EC_EXPLICIT_CURVE)) {
+ TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid));
+ goto err;
+ }
+
+ /*
+ * A null seed in the parameters should be ignored, as it is optional:
+ * expect a "named" group.
+ */
+ if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, NULL, 0), 1)
+ || !TEST_ptr(other_params = *p_next++ =
+ EC_GROUP_get_ecparameters(tmpg, NULL))
+ || !TEST_ptr(tgroup = *g_next++ =
+ EC_GROUP_new_from_ecparameters(other_params))
+ || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)
+ || !TEST_true(are_ec_nids_compatible(nid, tnid))
+ || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup),
+ OPENSSL_EC_EXPLICIT_CURVE)) {
+ TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid));
+ goto err;
+ }
+
+ /*
+ * Check that changing any of the generator parameters does not yield a
+ * match with the built-in curves
+ */
+ if (/* Other gen, same group order & cofactor */
+ !TEST_true(EC_GROUP_set_generator(tmpg, other_gen, group_order,
+ group_cofactor))
+ || !TEST_ptr(other_params = *p_next++ =
+ EC_GROUP_get_ecparameters(tmpg, NULL))
+ || !TEST_ptr(tgroup = *g_next++ =
+ EC_GROUP_new_from_ecparameters(other_params))
+ || !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)
+ /* Same gen & cofactor, different order */
+ || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, other_order,
+ group_cofactor))
+ || !TEST_ptr(other_params = *p_next++ =
+ EC_GROUP_get_ecparameters(tmpg, NULL))
+ || !TEST_ptr(tgroup = *g_next++ =
+ EC_GROUP_new_from_ecparameters(other_params))
+ || !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)
+ /* The order is not an optional field, so this should fail */
+ || !TEST_false(EC_GROUP_set_generator(tmpg, group_gen, NULL,
+ group_cofactor))
+ /* Check that a wrong cofactor is ignored, and we still match */
+ || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order,
+ other_cofactor))
+ || !TEST_ptr(other_params = *p_next++ =
+ EC_GROUP_get_ecparameters(tmpg, NULL))
+ || !TEST_ptr(tgroup = *g_next++ =
+ EC_GROUP_new_from_ecparameters(other_params))
+ || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)
+ || !TEST_true(are_ec_nids_compatible(nid, tnid))
+ || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup),
+ OPENSSL_EC_EXPLICIT_CURVE)
+ /* Check that if the cofactor is not set then it still matches */
+ || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order,
+ NULL))
+ || !TEST_ptr(other_params = *p_next++ =
+ EC_GROUP_get_ecparameters(tmpg, NULL))
+ || !TEST_ptr(tgroup = *g_next++ =
+ EC_GROUP_new_from_ecparameters(other_params))
+ || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)
+ || !TEST_true(are_ec_nids_compatible(nid, tnid))
+ || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup),
+ OPENSSL_EC_EXPLICIT_CURVE)
+ /* check that restoring the generator passes */
+ || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order,
+ group_cofactor))
+ || !TEST_ptr(other_params = *p_next++ =
+ EC_GROUP_get_ecparameters(tmpg, NULL))
+ || !TEST_ptr(tgroup = *g_next++ =
+ EC_GROUP_new_from_ecparameters(other_params))
+ || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)
+ || !TEST_true(are_ec_nids_compatible(nid, tnid))
+ || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup),
+ OPENSSL_EC_EXPLICIT_CURVE))
+ goto err;
+
+ ret = 1;
+err:
+ for (g_next = &g_ary[0]; g_next < g_ary + OSSL_NELEM(g_ary); g_next++)
+ EC_GROUP_free(*g_next);
+ for (p_next = &p_ary[0]; p_next < p_ary + OSSL_NELEM(g_ary); p_next++)
+ ECPARAMETERS_free(*p_next);
+ ECPARAMETERS_free(params);
+ EC_POINT_free(other_gen);
+ EC_GROUP_free(tmpg);
+ EC_GROUP_free(group);
+ BN_CTX_end(bn_ctx);
+ BN_CTX_free(bn_ctx);
+ return ret;
+}
+
+
+static int parameter_test(void)
+{
+ EC_GROUP *group = NULL, *group2 = NULL;
+ ECPARAMETERS *ecparameters = NULL;
+ unsigned char *buf = NULL;
+ int r = 0, len;
+ if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp384r1))
+ || !TEST_ptr(ecparameters = EC_GROUP_get_ecparameters(group, NULL))
+ || !TEST_ptr(group2 = EC_GROUP_new_from_ecparameters(ecparameters))
+ || !TEST_int_eq(EC_GROUP_cmp(group, group2, NULL), 0))
+ goto err;
+
+ EC_GROUP_free(group);
+ group = NULL;
+
+ /* Test the named curve encoding, which should be default. */
+ if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp521r1))
+ || !TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0)
+ || !TEST_mem_eq(buf, len, p521_named, sizeof(p521_named)))
+ goto err;
+
+ OPENSSL_free(buf);
+ buf = NULL;
+
+ /*
+ * Test the explicit encoding. P-521 requires correctly zero-padding the
+ * curve coefficients.
+ */
+ EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
+ if (!TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0)
+ || !TEST_mem_eq(buf, len, p521_explicit, sizeof(p521_explicit)))
+ goto err;
+
+ r = 1;
+err:
+ EC_GROUP_free(group);
+ EC_GROUP_free(group2);
+ ECPARAMETERS_free(ecparameters);
+ OPENSSL_free(buf);
+ return r;
+}
+
+/*-
+ * random 256-bit explicit parameters curve, cofactor absent
+ * order: 0x0c38d96a9f892b88772ec2e39614a82f4f (132 bit)
+ * cofactor: 0x12bc94785251297abfafddf1565100da (125 bit)
+ */
+static const unsigned char params_cf_pass[] = {
+ 0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xe5, 0x00, 0x1f, 0xc5,
+ 0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d,
+ 0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93,
+ 0x44, 0x88, 0xe6, 0x91, 0x30, 0x44, 0x04, 0x20, 0xe5, 0x00, 0x1f, 0xc5,
+ 0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d,
+ 0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93,
+ 0x44, 0x88, 0xe6, 0x8e, 0x04, 0x20, 0x18, 0x8c, 0x59, 0x57, 0xc4, 0xbc,
+ 0x85, 0x57, 0xc3, 0x66, 0x9f, 0x89, 0xd5, 0x92, 0x0d, 0x7e, 0x42, 0x27,
+ 0x07, 0x64, 0xaa, 0x26, 0xed, 0x89, 0xc4, 0x09, 0x05, 0x4d, 0xc7, 0x23,
+ 0x47, 0xda, 0x04, 0x41, 0x04, 0x1b, 0x6b, 0x41, 0x0b, 0xf9, 0xfb, 0x77,
+ 0xfd, 0x50, 0xb7, 0x3e, 0x23, 0xa3, 0xec, 0x9a, 0x3b, 0x09, 0x31, 0x6b,
+ 0xfa, 0xf6, 0xce, 0x1f, 0xff, 0xeb, 0x57, 0x93, 0x24, 0x70, 0xf3, 0xf4,
+ 0xba, 0x7e, 0xfa, 0x86, 0x6e, 0x19, 0x89, 0xe3, 0x55, 0x6d, 0x5a, 0xe9,
+ 0xc0, 0x3d, 0xbc, 0xfb, 0xaf, 0xad, 0xd4, 0x7e, 0xa6, 0xe5, 0xfa, 0x1a,
+ 0x58, 0x07, 0x9e, 0x8f, 0x0d, 0x3b, 0xf7, 0x38, 0xca, 0x02, 0x11, 0x0c,
+ 0x38, 0xd9, 0x6a, 0x9f, 0x89, 0x2b, 0x88, 0x77, 0x2e, 0xc2, 0xe3, 0x96,
+ 0x14, 0xa8, 0x2f, 0x4f
+};
+
+/*-
+ * random 256-bit explicit parameters curve, cofactor absent
+ * order: 0x045a75c0c17228ebd9b169a10e34a22101 (131 bit)
+ * cofactor: 0x2e134b4ede82649f67a2e559d361e5fe (126 bit)
+ */
+static const unsigned char params_cf_fail[] = {
+ 0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xc8, 0x95, 0x27, 0x37,
+ 0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b,
+ 0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0,
+ 0x33, 0xc2, 0xea, 0x13, 0x30, 0x44, 0x04, 0x20, 0xc8, 0x95, 0x27, 0x37,
+ 0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b,
+ 0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0,
+ 0x33, 0xc2, 0xea, 0x10, 0x04, 0x20, 0xbf, 0xa6, 0xa8, 0x05, 0x1d, 0x09,
+ 0xac, 0x70, 0x39, 0xbb, 0x4d, 0xb2, 0x90, 0x8a, 0x15, 0x41, 0x14, 0x1d,
+ 0x11, 0x86, 0x9f, 0x13, 0xa2, 0x63, 0x1a, 0xda, 0x95, 0x22, 0x4d, 0x02,
+ 0x15, 0x0a, 0x04, 0x41, 0x04, 0xaf, 0x16, 0x71, 0xf9, 0xc4, 0xc8, 0x59,
+ 0x1d, 0xa3, 0x6f, 0xe7, 0xc3, 0x57, 0xa1, 0xfa, 0x9f, 0x49, 0x7c, 0x11,
+ 0x27, 0x05, 0xa0, 0x7f, 0xff, 0xf9, 0xe0, 0xe7, 0x92, 0xdd, 0x9c, 0x24,
+ 0x8e, 0xc7, 0xb9, 0x52, 0x71, 0x3f, 0xbc, 0x7f, 0x6a, 0x9f, 0x35, 0x70,
+ 0xe1, 0x27, 0xd5, 0x35, 0x8a, 0x13, 0xfa, 0xa8, 0x33, 0x3e, 0xd4, 0x73,
+ 0x1c, 0x14, 0x58, 0x9e, 0xc7, 0x0a, 0x87, 0x65, 0x8d, 0x02, 0x11, 0x04,
+ 0x5a, 0x75, 0xc0, 0xc1, 0x72, 0x28, 0xeb, 0xd9, 0xb1, 0x69, 0xa1, 0x0e,
+ 0x34, 0xa2, 0x21, 0x01
+};
+
+/*-
+ * Test two random 256-bit explicit parameters curves with absent cofactor.
+ * The two curves are chosen to roughly straddle the bounds at which the lib
+ * can compute the cofactor automatically, roughly 4*sqrt(p). So test that:
+ *
+ * - params_cf_pass: order is sufficiently close to p to compute cofactor
+ * - params_cf_fail: order is too far away from p to compute cofactor
+ *
+ * For standards-compliant curves, cofactor is chosen as small as possible.
+ * So you can see neither of these curves are fit for cryptographic use.
+ *
+ * Some standards even mandate an upper bound on the cofactor, e.g. SECG1 v2:
+ * h <= 2**(t/8) where t is the security level of the curve, for which the lib
+ * will always succeed in computing the cofactor. Neither of these curves
+ * conform to that -- this is just robustness testing.
+ */
+static int cofactor_range_test(void)
+{
+ EC_GROUP *group = NULL;
+ BIGNUM *cf = NULL;
+ int ret = 0;
+ const unsigned char *b1 = (const unsigned char *)params_cf_fail;
+ const unsigned char *b2 = (const unsigned char *)params_cf_pass;
+
+ if (!TEST_ptr(group = d2i_ECPKParameters(NULL, &b1, sizeof(params_cf_fail)))
+ || !TEST_BN_eq_zero(EC_GROUP_get0_cofactor(group))
+ || !TEST_ptr(group = d2i_ECPKParameters(&group, &b2,
+ sizeof(params_cf_pass)))
+ || !TEST_int_gt(BN_hex2bn(&cf, "12bc94785251297abfafddf1565100da"), 0)
+ || !TEST_BN_eq(cf, EC_GROUP_get0_cofactor(group)))
+ goto err;
+ ret = 1;
+ err:
+ BN_free(cf);
+ EC_GROUP_free(group);
+ return ret;
+}
+
+/*-
+ * For named curves, test that:
+ * - the lib correctly computes the cofactor if passed a NULL or zero cofactor
+ * - a nonsensical cofactor throws an error (negative test)
+ * - nonsensical orders throw errors (negative tests)
+ */
+static int cardinality_test(int n)
+{
+ int ret = 0, is_binary = 0;
+ int nid = curves[n].nid;
+ BN_CTX *ctx = NULL;
+ EC_GROUP *g1 = NULL, *g2 = NULL;
+ EC_POINT *g2_gen = NULL;
+ BIGNUM *g1_p = NULL, *g1_a = NULL, *g1_b = NULL, *g1_x = NULL, *g1_y = NULL,
+ *g1_order = NULL, *g1_cf = NULL, *g2_cf = NULL;
+
+ TEST_info("Curve %s cardinality test", OBJ_nid2sn(nid));
+
+ if (!TEST_ptr(ctx = BN_CTX_new())
+ || !TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid))) {
+ BN_CTX_free(ctx);
+ return 0;
+ }
+
+ is_binary = (EC_GROUP_get_field_type(g1) == NID_X9_62_characteristic_two_field);
+
+ BN_CTX_start(ctx);
+ g1_p = BN_CTX_get(ctx);
+ g1_a = BN_CTX_get(ctx);
+ g1_b = BN_CTX_get(ctx);
+ g1_x = BN_CTX_get(ctx);
+ g1_y = BN_CTX_get(ctx);
+ g1_order = BN_CTX_get(ctx);
+ g1_cf = BN_CTX_get(ctx);
+
+ if (!TEST_ptr(g2_cf = BN_CTX_get(ctx))
+ /* pull out the explicit curve parameters */
+ || !TEST_true(EC_GROUP_get_curve(g1, g1_p, g1_a, g1_b, ctx))
+ || !TEST_true(EC_POINT_get_affine_coordinates(g1,
+ EC_GROUP_get0_generator(g1), g1_x, g1_y, ctx))
+ || !TEST_true(BN_copy(g1_order, EC_GROUP_get0_order(g1)))
+ || !TEST_true(EC_GROUP_get_cofactor(g1, g1_cf, ctx))
+ /* construct g2 manually with g1 parameters */
+#ifndef OPENSSL_NO_EC2M
+ || !TEST_ptr(g2 = (is_binary) ?
+ EC_GROUP_new_curve_GF2m(g1_p, g1_a, g1_b, ctx) :
+ EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx))
+#else
+ || !TEST_int_eq(0, is_binary)
+ || !TEST_ptr(g2 = EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx))
+#endif
+ || !TEST_ptr(g2_gen = EC_POINT_new(g2))
+ || !TEST_true(EC_POINT_set_affine_coordinates(g2, g2_gen, g1_x, g1_y, ctx))
+ /* pass NULL cofactor: lib should compute it */
+ || !TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))
+ || !TEST_true(EC_GROUP_get_cofactor(g2, g2_cf, ctx))
+ || !TEST_BN_eq(g1_cf, g2_cf)
+ /* pass zero cofactor: lib should compute it */
+ || !TEST_true(BN_set_word(g2_cf, 0))
+ || !TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf))
+ || !TEST_true(EC_GROUP_get_cofactor(g2, g2_cf, ctx))
+ || !TEST_BN_eq(g1_cf, g2_cf)
+ /* negative test for invalid cofactor */
+ || !TEST_true(BN_set_word(g2_cf, 0))
+ || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one()))
+ || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf))
+ /* negative test for NULL order */
+ || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, NULL, NULL))
+ /* negative test for zero order */
+ || !TEST_true(BN_set_word(g1_order, 0))
+ || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))
+ /* negative test for negative order */
+ || !TEST_true(BN_set_word(g2_cf, 0))
+ || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one()))
+ || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))
+ /* negative test for too large order */
+ || !TEST_true(BN_lshift(g1_order, g1_p, 2))
+ || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)))
+ goto err;
+ ret = 1;
+ err:
+ EC_POINT_free(g2_gen);
+ EC_GROUP_free(g1);
+ EC_GROUP_free(g2);
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return ret;
+}
+
+static int check_ec_key_field_public_range_test(int id)
+{
+ int ret = 0, type = 0;
+ const EC_POINT *pub = NULL;
+ const EC_GROUP *group = NULL;
+ const BIGNUM *field = NULL;
+ BIGNUM *x = NULL, *y = NULL;
+ EC_KEY *key = NULL;
+
+ if (!TEST_ptr(x = BN_new())
+ || !TEST_ptr(y = BN_new())
+ || !TEST_ptr(key = EC_KEY_new_by_curve_name(curves[id].nid))
+ || !TEST_ptr(group = EC_KEY_get0_group(key))
+ || !TEST_ptr(field = EC_GROUP_get0_field(group))
+ || !TEST_int_gt(EC_KEY_generate_key(key), 0)
+ || !TEST_int_gt(EC_KEY_check_key(key), 0)
+ || !TEST_ptr(pub = EC_KEY_get0_public_key(key))
+ || !TEST_int_gt(EC_POINT_get_affine_coordinates(group, pub, x, y,
+ NULL), 0))
+ goto err;
+
+ /*
+ * Make the public point out of range by adding the field (which will still
+ * be the same point on the curve). The add is different for char2 fields.
+ */
+ type = EC_GROUP_get_field_type(group);
+#ifndef OPENSSL_NO_EC2M
+ if (type == NID_X9_62_characteristic_two_field) {
+ /* test for binary curves */
+ if (!TEST_true(BN_GF2m_add(x, x, field)))
+ goto err;
+ } else
+#endif
+ if (type == NID_X9_62_prime_field) {
+ /* test for prime curves */
+ if (!TEST_true(BN_add(x, x, field)))
+ goto err;
+ } else {
+ /* this should never happen */
+ TEST_error("Unsupported EC_METHOD field_type");
+ goto err;
+ }
+ if (!TEST_int_le(EC_KEY_set_public_key_affine_coordinates(key, x, y), 0))
+ goto err;
+
+ ret = 1;
+err:
+ BN_free(x);
+ BN_free(y);
+ EC_KEY_free(key);
+ return ret;
+}
+
+/*
+ * Helper for ec_point_hex2point_test
+ *
+ * Self-tests EC_POINT_point2hex() against EC_POINT_hex2point() for the given
+ * (group,P) pair.
+ *
+ * If P is NULL use point at infinity.
+ */
+static ossl_inline
+int ec_point_hex2point_test_helper(const EC_GROUP *group, const EC_POINT *P,
+ point_conversion_form_t form,
+ BN_CTX *bnctx)
+{
+ int ret = 0;
+ EC_POINT *Q = NULL, *Pinf = NULL;
+ char *hex = NULL;
+
+ if (P == NULL) {
+ /* If P is NULL use point at infinity. */
+ if (!TEST_ptr(Pinf = EC_POINT_new(group))
+ || !TEST_true(EC_POINT_set_to_infinity(group, Pinf)))
+ goto err;
+ P = Pinf;
+ }
+
+ if (!TEST_ptr(hex = EC_POINT_point2hex(group, P, form, bnctx))
+ || !TEST_ptr(Q = EC_POINT_hex2point(group, hex, NULL, bnctx))
+ || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, bnctx)))
+ goto err;
+
+ /*
+ * The next check is most likely superfluous, as EC_POINT_cmp should already
+ * cover this.
+ * Nonetheless it increases the test coverage for EC_POINT_is_at_infinity,
+ * so we include it anyway!
+ */
+ if (Pinf != NULL
+ && !TEST_true(EC_POINT_is_at_infinity(group, Q)))
+ goto err;
+
+ ret = 1;
+
+ err:
+ EC_POINT_free(Pinf);
+ OPENSSL_free(hex);
+ EC_POINT_free(Q);
+
+ return ret;
+}
+
+/*
+ * This test self-validates EC_POINT_hex2point() and EC_POINT_point2hex()
+ */
+static int ec_point_hex2point_test(int id)
+{
+ int ret = 0, nid;
+ EC_GROUP *group = NULL;
+ const EC_POINT *G = NULL;
+ EC_POINT *P = NULL;
+ BN_CTX * bnctx = NULL;
+
+ /* Do some setup */
+ nid = curves[id].nid;
+ if (!TEST_ptr(bnctx = BN_CTX_new())
+ || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))
+ || !TEST_ptr(G = EC_GROUP_get0_generator(group))
+ || !TEST_ptr(P = EC_POINT_dup(G, group)))
+ goto err;
+
+ if (!TEST_true(ec_point_hex2point_test_helper(group, P,
+ POINT_CONVERSION_COMPRESSED,
+ bnctx))
+ || !TEST_true(ec_point_hex2point_test_helper(group, NULL,
+ POINT_CONVERSION_COMPRESSED,
+ bnctx))
+ || !TEST_true(ec_point_hex2point_test_helper(group, P,
+ POINT_CONVERSION_UNCOMPRESSED,
+ bnctx))
+ || !TEST_true(ec_point_hex2point_test_helper(group, NULL,
+ POINT_CONVERSION_UNCOMPRESSED,
+ bnctx))
+ || !TEST_true(ec_point_hex2point_test_helper(group, P,
+ POINT_CONVERSION_HYBRID,
+ bnctx))
+ || !TEST_true(ec_point_hex2point_test_helper(group, NULL,
+ POINT_CONVERSION_HYBRID,
+ bnctx)))
+ goto err;
+
+ ret = 1;
+
+ err:
+ EC_POINT_free(P);
+ EC_GROUP_free(group);
+ BN_CTX_free(bnctx);
+
+ return ret;
+}
+
+static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
+ unsigned char *gen, int gen_size)
+{
+ int ret = 0, i_out;
+ EVP_PKEY_CTX *pctx = NULL;
+ EVP_PKEY *pkeyparam = NULL;
+ OSSL_PARAM_BLD *bld = NULL;
+ const char *field_name;
+ OSSL_PARAM *params = NULL;
+ const OSSL_PARAM *gettable;
+ BIGNUM *p, *a, *b;
+ BIGNUM *p_out = NULL, *a_out = NULL, *b_out = NULL;
+ BIGNUM *order_out = NULL, *cofactor_out = NULL;
+ char name[80];
+ unsigned char buf[1024];
+ size_t buf_len, name_len;
+#ifndef OPENSSL_NO_EC2M
+ unsigned int k1 = 0, k2 = 0, k3 = 0;
+ const char *basis_name = NULL;
+#endif
+
+ p = BN_CTX_get(ctx);
+ a = BN_CTX_get(ctx);
+ b = BN_CTX_get(ctx);
+
+ if (!TEST_ptr(b)
+ || !TEST_ptr(bld = OSSL_PARAM_BLD_new()))
+ goto err;
+
+ if (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field) {
+ field_name = SN_X9_62_prime_field;
+ } else {
+ field_name = SN_X9_62_characteristic_two_field;
+#ifndef OPENSSL_NO_EC2M
+ if (EC_GROUP_get_basis_type(group) == NID_X9_62_tpBasis) {
+ basis_name = SN_X9_62_tpBasis;
+ if (!TEST_true(EC_GROUP_get_trinomial_basis(group, &k1)))
+ goto err;
+ } else {
+ basis_name = SN_X9_62_ppBasis;
+ if (!TEST_true(EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)))
+ goto err;
+ }
+#endif /* OPENSSL_NO_EC2M */
+ }
+ if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx))
+ || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
+ OSSL_PKEY_PARAM_EC_FIELD_TYPE, field_name, 0))
+ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, p))
+ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
+ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b)))
+ goto err;
+
+ if (EC_GROUP_get0_seed(group) != NULL) {
+ if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
+ OSSL_PKEY_PARAM_EC_SEED, EC_GROUP_get0_seed(group),
+ EC_GROUP_get_seed_len(group))))
+ goto err;
+ }
+ if (EC_GROUP_get0_cofactor(group) != NULL) {
+ if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
+ EC_GROUP_get0_cofactor(group))))
+ goto err;
+ }
+
+ if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
+ OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_size))
+ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_ORDER,
+ EC_GROUP_get0_order(group))))
+ goto err;
+
+ if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
+ || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL))
+ || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
+ || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam,
+ EVP_PKEY_KEY_PARAMETERS, params), 0))
+ goto err;
+
+ /*- Check that all the set values are retrievable -*/
+
+ /* There should be no match to a group name since the generator changed */
+ if (!TEST_false(EVP_PKEY_get_utf8_string_param(pkeyparam,
+ OSSL_PKEY_PARAM_GROUP_NAME, name, sizeof(name),
+ &name_len)))
+ goto err;
+
+ /* The encoding should be explicit as it has no group */
+ if (!TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_ENCODING,
+ name, sizeof(name), &name_len))
+ || !TEST_str_eq(name, OSSL_PKEY_EC_ENCODING_EXPLICIT))
+ goto err;
+
+ if (!TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_FIELD_TYPE, name, sizeof(name),
+ &name_len))
+ || !TEST_str_eq(name, field_name))
+ goto err;
+
+ if (!TEST_true(EVP_PKEY_get_octet_string_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_GENERATOR, buf, sizeof(buf), &buf_len))
+ || !TEST_mem_eq(buf, (int)buf_len, gen, gen_size))
+ goto err;
+
+ if (!TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_P, &p_out))
+ || !TEST_BN_eq(p_out, p)
+ || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_A,
+ &a_out))
+ || !TEST_BN_eq(a_out, a)
+ || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_B,
+ &b_out))
+ || !TEST_BN_eq(b_out, b)
+ || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_ORDER,
+ &order_out))
+ || !TEST_BN_eq(order_out, EC_GROUP_get0_order(group)))
+ goto err;
+
+ if (EC_GROUP_get0_cofactor(group) != NULL) {
+ if (!TEST_true(EVP_PKEY_get_bn_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_COFACTOR, &cofactor_out))
+ || !TEST_BN_eq(cofactor_out, EC_GROUP_get0_cofactor(group)))
+ goto err;
+ }
+ if (EC_GROUP_get0_seed(group) != NULL) {
+ if (!TEST_true(EVP_PKEY_get_octet_string_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_SEED, buf, sizeof(buf), &buf_len))
+ || !TEST_mem_eq(buf, buf_len, EC_GROUP_get0_seed(group),
+ EC_GROUP_get_seed_len(group)))
+ goto err;
+ }
+
+ if (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field) {
+ /* No extra fields should be set for a prime field */
+ if (!TEST_false(EVP_PKEY_get_int_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_CHAR2_M, &i_out))
+ || !TEST_false(EVP_PKEY_get_int_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out))
+ || !TEST_false(EVP_PKEY_get_int_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out))
+ || !TEST_false(EVP_PKEY_get_int_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out))
+ || !TEST_false(EVP_PKEY_get_int_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out))
+ || !TEST_false(EVP_PKEY_get_utf8_string_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_CHAR2_TYPE, name, sizeof(name),
+ &name_len)))
+ goto err;
+ } else {
+#ifndef OPENSSL_NO_EC2M
+ if (!TEST_true(EVP_PKEY_get_int_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_CHAR2_M, &i_out))
+ || !TEST_int_eq(EC_GROUP_get_degree(group), i_out)
+ || !TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_CHAR2_TYPE, name, sizeof(name),
+ &name_len))
+ || !TEST_str_eq(name, basis_name))
+ goto err;
+
+ if (EC_GROUP_get_basis_type(group) == NID_X9_62_tpBasis) {
+ if (!TEST_true(EVP_PKEY_get_int_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out))
+ || !TEST_int_eq(k1, i_out)
+ || !TEST_false(EVP_PKEY_get_int_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out))
+ || !TEST_false(EVP_PKEY_get_int_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out))
+ || !TEST_false(EVP_PKEY_get_int_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out)))
+ goto err;
+ } else {
+ if (!TEST_false(EVP_PKEY_get_int_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out))
+ || !TEST_true(EVP_PKEY_get_int_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out))
+ || !TEST_int_eq(k1, i_out)
+ || !TEST_true(EVP_PKEY_get_int_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out))
+ || !TEST_int_eq(k2, i_out)
+ || !TEST_true(EVP_PKEY_get_int_param(pkeyparam,
+ OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out))
+ || !TEST_int_eq(k3, i_out))
+ goto err;
+ }
+#endif /* OPENSSL_NO_EC2M */
+ }
+ if (!TEST_ptr(gettable = EVP_PKEY_gettable_params(pkeyparam))
+ || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_GROUP_NAME))
+ || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_ENCODING))
+ || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_FIELD_TYPE))
+ || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_P))
+ || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_A))
+ || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_B))
+ || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_GENERATOR))
+ || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_ORDER))
+ || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_COFACTOR))
+ || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_SEED))
+#ifndef OPENSSL_NO_EC2M
+ || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_M))
+ || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_TYPE))
+ || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS))
+ || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_PP_K1))
+ || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_PP_K2))
+ || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_PP_K3))
+#endif
+ )
+ goto err;
+ ret = 1;
+err:
+ BN_free(order_out);
+ BN_free(cofactor_out);
+ BN_free(a_out);
+ BN_free(b_out);
+ BN_free(p_out);
+ OSSL_PARAM_free(params);
+ OSSL_PARAM_BLD_free(bld);
+ EVP_PKEY_free(pkeyparam);
+ EVP_PKEY_CTX_free(pctx);
+ return ret;
+}
+
+/*
+ * check the EC_METHOD respects the supplied EC_GROUP_set_generator G
+ */
+static int custom_generator_test(int id)
+{
+ int ret = 0, nid, bsize;
+ EC_GROUP *group = NULL;
+ EC_POINT *G2 = NULL, *Q1 = NULL, *Q2 = NULL;
+ BN_CTX *ctx = NULL;
+ BIGNUM *k = NULL;
+ unsigned char *b1 = NULL, *b2 = NULL;
+
+ /* Do some setup */
+ nid = curves[id].nid;
+ TEST_note("Curve %s", OBJ_nid2sn(nid));
+ if (!TEST_ptr(ctx = BN_CTX_new()))
+ return 0;
+
+ BN_CTX_start(ctx);
+
+ if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)))
+ goto err;
+
+ /* expected byte length of encoded points */
+ bsize = (EC_GROUP_get_degree(group) + 7) / 8;
+ bsize = 1 + 2 * bsize; /* UNCOMPRESSED_POINT format */
+
+ if (!TEST_ptr(k = BN_CTX_get(ctx))
+ /* fetch a testing scalar k != 0,1 */
+ || !TEST_true(BN_rand(k, EC_GROUP_order_bits(group) - 1,
+ BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+ /* make k even */
+ || !TEST_true(BN_clear_bit(k, 0))
+ || !TEST_ptr(G2 = EC_POINT_new(group))
+ || !TEST_ptr(Q1 = EC_POINT_new(group))
+ /* Q1 := kG */
+ || !TEST_true(EC_POINT_mul(group, Q1, k, NULL, NULL, ctx))
+ /* pull out the bytes of that */
+ || !TEST_int_eq(EC_POINT_point2oct(group, Q1,
+ POINT_CONVERSION_UNCOMPRESSED, NULL,
+ 0, ctx), bsize)
+ || !TEST_ptr(b1 = OPENSSL_malloc(bsize))
+ || !TEST_int_eq(EC_POINT_point2oct(group, Q1,
+ POINT_CONVERSION_UNCOMPRESSED, b1,
+ bsize, ctx), bsize)
+ /* new generator is G2 := 2G */
+ || !TEST_true(EC_POINT_dbl(group, G2, EC_GROUP_get0_generator(group),
+ ctx))
+ || !TEST_true(EC_GROUP_set_generator(group, G2,
+ EC_GROUP_get0_order(group),
+ EC_GROUP_get0_cofactor(group)))
+ || !TEST_ptr(Q2 = EC_POINT_new(group))
+ || !TEST_true(BN_rshift1(k, k))
+ /* Q2 := k/2 G2 */
+ || !TEST_true(EC_POINT_mul(group, Q2, k, NULL, NULL, ctx))
+ || !TEST_int_eq(EC_POINT_point2oct(group, Q2,
+ POINT_CONVERSION_UNCOMPRESSED, NULL,
+ 0, ctx), bsize)
+ || !TEST_ptr(b2 = OPENSSL_malloc(bsize))
+ || !TEST_int_eq(EC_POINT_point2oct(group, Q2,
+ POINT_CONVERSION_UNCOMPRESSED, b2,
+ bsize, ctx), bsize)
+ /* Q1 = kG = k/2 G2 = Q2 should hold */
+ || !TEST_mem_eq(b1, bsize, b2, bsize))
+ goto err;
+
+ if (!do_test_custom_explicit_fromdata(group, ctx, b1, bsize))
+ goto err;
+
+ ret = 1;
+
+ err:
+ EC_POINT_free(Q1);
+ EC_POINT_free(Q2);
+ EC_POINT_free(G2);
+ EC_GROUP_free(group);
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ OPENSSL_free(b1);
+ OPENSSL_free(b2);
+
+ return ret;
+}
+
+/*
+ * check creation of curves from explicit params through the public API
+ */
+static int custom_params_test(int id)
+{
+ int ret = 0, nid, bsize;
+ const char *curve_name = NULL;
+ EC_GROUP *group = NULL, *altgroup = NULL;
+ EC_POINT *G2 = NULL, *Q1 = NULL, *Q2 = NULL;
+ const EC_POINT *Q = NULL;
+ BN_CTX *ctx = NULL;
+ BIGNUM *k = NULL;
+ unsigned char *buf1 = NULL, *buf2 = NULL;
+ const BIGNUM *z = NULL, *cof = NULL, *priv1 = NULL;
+ BIGNUM *p = NULL, *a = NULL, *b = NULL;
+ int is_prime = 0;
+ EC_KEY *eckey1 = NULL, *eckey2 = NULL;
+ EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
+ EVP_PKEY_CTX *pctx1 = NULL, *pctx2 = NULL;
+ size_t sslen, t;
+ unsigned char *pub1 = NULL , *pub2 = NULL;
+ OSSL_PARAM_BLD *param_bld = NULL;
+ OSSL_PARAM *params1 = NULL, *params2 = NULL;
+
+ /* Do some setup */
+ nid = curves[id].nid;
+ curve_name = OBJ_nid2sn(nid);
+ TEST_note("Curve %s", curve_name);
+
+ if (nid == NID_sm2)
+ return TEST_skip("custom params not supported with SM2");
+
+ if (!TEST_ptr(ctx = BN_CTX_new()))
+ return 0;
+
+ if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)))
+ goto err;
+
+ is_prime = EC_GROUP_get_field_type(group) == NID_X9_62_prime_field;
+#ifdef OPENSSL_NO_EC2M
+ if (!is_prime) {
+ ret = TEST_skip("binary curves not supported in this build");
+ goto err;
+ }
+#endif
+
+ BN_CTX_start(ctx);
+ if (!TEST_ptr(p = BN_CTX_get(ctx))
+ || !TEST_ptr(a = BN_CTX_get(ctx))
+ || !TEST_ptr(b = BN_CTX_get(ctx))
+ || !TEST_ptr(k = BN_CTX_get(ctx)))
+ goto err;
+
+ /* expected byte length of encoded points */
+ bsize = (EC_GROUP_get_degree(group) + 7) / 8;
+ bsize = 1 + 2 * bsize; /* UNCOMPRESSED_POINT format */
+
+ /* extract parameters from built-in curve */
+ if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx))
+ || !TEST_ptr(G2 = EC_POINT_new(group))
+ /* new generator is G2 := 2G */
+ || !TEST_true(EC_POINT_dbl(group, G2,
+ EC_GROUP_get0_generator(group), ctx))
+ /* pull out the bytes of that */
+ || !TEST_int_eq(EC_POINT_point2oct(group, G2,
+ POINT_CONVERSION_UNCOMPRESSED,
+ NULL, 0, ctx), bsize)
+ || !TEST_ptr(buf1 = OPENSSL_malloc(bsize))
+ || !TEST_int_eq(EC_POINT_point2oct(group, G2,
+ POINT_CONVERSION_UNCOMPRESSED,
+ buf1, bsize, ctx), bsize)
+ || !TEST_ptr(z = EC_GROUP_get0_order(group))
+ || !TEST_ptr(cof = EC_GROUP_get0_cofactor(group))
+ )
+ goto err;
+
+ /* create a new group using same params (but different generator) */
+ if (is_prime) {
+ if (!TEST_ptr(altgroup = EC_GROUP_new_curve_GFp(p, a, b, ctx)))
+ goto err;
+ }
+#ifndef OPENSSL_NO_EC2M
+ else {
+ if (!TEST_ptr(altgroup = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
+ goto err;
+ }
+#endif
+
+ /* set 2*G as the generator of altgroup */
+ EC_POINT_free(G2); /* discard G2 as it refers to the original group */
+ if (!TEST_ptr(G2 = EC_POINT_new(altgroup))
+ || !TEST_true(EC_POINT_oct2point(altgroup, G2, buf1, bsize, ctx))
+ || !TEST_int_eq(EC_POINT_is_on_curve(altgroup, G2, ctx), 1)
+ || !TEST_true(EC_GROUP_set_generator(altgroup, G2, z, cof))
+ )
+ goto err;
+
+ /* verify math checks out */
+ if (/* allocate temporary points on group and altgroup */
+ !TEST_ptr(Q1 = EC_POINT_new(group))
+ || !TEST_ptr(Q2 = EC_POINT_new(altgroup))
+ /* fetch a testing scalar k != 0,1 */
+ || !TEST_true(BN_rand(k, EC_GROUP_order_bits(group) - 1,
+ BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+ /* make k even */
+ || !TEST_true(BN_clear_bit(k, 0))
+ /* Q1 := kG on group */
+ || !TEST_true(EC_POINT_mul(group, Q1, k, NULL, NULL, ctx))
+ /* pull out the bytes of that */
+ || !TEST_int_eq(EC_POINT_point2oct(group, Q1,
+ POINT_CONVERSION_UNCOMPRESSED,
+ NULL, 0, ctx), bsize)
+ || !TEST_int_eq(EC_POINT_point2oct(group, Q1,
+ POINT_CONVERSION_UNCOMPRESSED,
+ buf1, bsize, ctx), bsize)
+ /* k := k/2 */
+ || !TEST_true(BN_rshift1(k, k))
+ /* Q2 := k/2 G2 on altgroup */
+ || !TEST_true(EC_POINT_mul(altgroup, Q2, k, NULL, NULL, ctx))
+ /* pull out the bytes of that */
+ || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q2,
+ POINT_CONVERSION_UNCOMPRESSED,
+ NULL, 0, ctx), bsize)
+ || !TEST_ptr(buf2 = OPENSSL_malloc(bsize))
+ || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q2,
+ POINT_CONVERSION_UNCOMPRESSED,
+ buf2, bsize, ctx), bsize)
+ /* Q1 = kG = k/2 G2 = Q2 should hold */
+ || !TEST_mem_eq(buf1, bsize, buf2, bsize))
+ goto err;
+
+ /* create two `EC_KEY`s on altgroup */
+ if (!TEST_ptr(eckey1 = EC_KEY_new())
+ || !TEST_true(EC_KEY_set_group(eckey1, altgroup))
+ || !TEST_true(EC_KEY_generate_key(eckey1))
+ || !TEST_ptr(eckey2 = EC_KEY_new())
+ || !TEST_true(EC_KEY_set_group(eckey2, altgroup))
+ || !TEST_true(EC_KEY_generate_key(eckey2)))
+ goto err;
+
+ /* retrieve priv1 for later */
+ if (!TEST_ptr(priv1 = EC_KEY_get0_private_key(eckey1)))
+ goto err;
+
+ /*
+ * retrieve bytes for pub1 for later
+ *
+ * We compute the pub key in the original group as we will later use it to
+ * define a provider key in the built-in group.
+ */
+ if (!TEST_true(EC_POINT_mul(group, Q1, priv1, NULL, NULL, ctx))
+ || !TEST_int_eq(EC_POINT_point2oct(group, Q1,
+ POINT_CONVERSION_UNCOMPRESSED,
+ NULL, 0, ctx), bsize)
+ || !TEST_ptr(pub1 = OPENSSL_malloc(bsize))
+ || !TEST_int_eq(EC_POINT_point2oct(group, Q1,
+ POINT_CONVERSION_UNCOMPRESSED,
+ pub1, bsize, ctx), bsize))
+ goto err;
+
+ /* retrieve bytes for pub2 for later */
+ if (!TEST_ptr(Q = EC_KEY_get0_public_key(eckey2))
+ || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q,
+ POINT_CONVERSION_UNCOMPRESSED,
+ NULL, 0, ctx), bsize)
+ || !TEST_ptr(pub2 = OPENSSL_malloc(bsize))
+ || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q,
+ POINT_CONVERSION_UNCOMPRESSED,
+ pub2, bsize, ctx), bsize))
+ goto err;
+
+ /* create two `EVP_PKEY`s from the `EC_KEY`s */
+ if(!TEST_ptr(pkey1 = EVP_PKEY_new())
+ || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey1, eckey1), 1))
+ goto err;
+ eckey1 = NULL; /* ownership passed to pkey1 */
+ if(!TEST_ptr(pkey2 = EVP_PKEY_new())
+ || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey2, eckey2), 1))
+ goto err;
+ eckey2 = NULL; /* ownership passed to pkey2 */
+
+ /* Compute keyexchange in both directions */
+ if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL))
+ || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1)
+ || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
+ || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1)
+ || !TEST_int_gt(bsize, sslen)
+ || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1))
+ goto err;
+ if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL))
+ || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1)
+ || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
+ || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1)
+ || !TEST_int_gt(bsize, t)
+ || !TEST_int_le(sslen, t)
+ || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1))
+ goto err;
+
+ /* Both sides should expect the same shared secret */
+ if (!TEST_mem_eq(buf1, sslen, buf2, t))
+ goto err;
+
+ /* Build parameters for provider-native keys */
+ if (!TEST_ptr(param_bld = OSSL_PARAM_BLD_new())
+ || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(param_bld,
+ OSSL_PKEY_PARAM_GROUP_NAME,
+ curve_name, 0))
+ || !TEST_true(OSSL_PARAM_BLD_push_octet_string(param_bld,
+ OSSL_PKEY_PARAM_PUB_KEY,
+ pub1, bsize))
+ || !TEST_true(OSSL_PARAM_BLD_push_BN(param_bld,
+ OSSL_PKEY_PARAM_PRIV_KEY,
+ priv1))
+ || !TEST_ptr(params1 = OSSL_PARAM_BLD_to_param(param_bld)))
+ goto err;
+
+ OSSL_PARAM_BLD_free(param_bld);
+ if (!TEST_ptr(param_bld = OSSL_PARAM_BLD_new())
+ || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(param_bld,
+ OSSL_PKEY_PARAM_GROUP_NAME,
+ curve_name, 0))
+ || !TEST_true(OSSL_PARAM_BLD_push_octet_string(param_bld,
+ OSSL_PKEY_PARAM_PUB_KEY,
+ pub2, bsize))
+ || !TEST_ptr(params2 = OSSL_PARAM_BLD_to_param(param_bld)))
+ goto err;
+
+ /* create two new provider-native `EVP_PKEY`s */
+ EVP_PKEY_CTX_free(pctx2);
+ if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL))
+ || !TEST_true(EVP_PKEY_fromdata_init(pctx2))
+ || !TEST_true(EVP_PKEY_fromdata(pctx2, &pkey1, EVP_PKEY_KEYPAIR,
+ params1))
+ || !TEST_true(EVP_PKEY_fromdata(pctx2, &pkey2, EVP_PKEY_PUBLIC_KEY,
+ params2)))
+ goto err;
+
+ /* compute keyexchange once more using the provider keys */
+ EVP_PKEY_CTX_free(pctx1);
+ if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL))
+ || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1)
+ || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
+ || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &t), 1)
+ || !TEST_int_gt(bsize, t)
+ || !TEST_int_le(sslen, t)
+ || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &t), 1)
+ /* compare with previous result */
+ || !TEST_mem_eq(buf1, t, buf2, sslen))
+ goto err;
+
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ OSSL_PARAM_BLD_free(param_bld);
+ OSSL_PARAM_free(params1);
+ OSSL_PARAM_free(params2);
+ EC_POINT_free(Q1);
+ EC_POINT_free(Q2);
+ EC_POINT_free(G2);
+ EC_GROUP_free(group);
+ EC_GROUP_free(altgroup);
+ OPENSSL_free(buf1);
+ OPENSSL_free(buf2);
+ OPENSSL_free(pub1);
+ OPENSSL_free(pub2);
+ EC_KEY_free(eckey1);
+ EC_KEY_free(eckey2);
+ EVP_PKEY_free(pkey1);
+ EVP_PKEY_free(pkey2);
+ EVP_PKEY_CTX_free(pctx1);
+ EVP_PKEY_CTX_free(pctx2);
+
+ return ret;
+}
+
+int setup_tests(void)
+{
+ crv_len = EC_get_builtin_curves(NULL, 0);
+ if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len))
+ || !TEST_true(EC_get_builtin_curves(curves, crv_len)))
+ return 0;
+
+ ADD_TEST(parameter_test);
+ ADD_TEST(cofactor_range_test);
+ ADD_ALL_TESTS(cardinality_test, crv_len);
+ ADD_TEST(prime_field_tests);
+#ifndef OPENSSL_NO_EC2M
+ ADD_TEST(char2_field_tests);
+ ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests));
+#endif
+ ADD_ALL_TESTS(nistp_single_test, OSSL_NELEM(nistp_tests_params));
+ ADD_ALL_TESTS(internal_curve_test, crv_len);
+ ADD_ALL_TESTS(internal_curve_test_method, crv_len);
+ ADD_TEST(group_field_test);
+ ADD_ALL_TESTS(check_named_curve_test, crv_len);
+ ADD_ALL_TESTS(check_named_curve_lookup_test, crv_len);
+ ADD_ALL_TESTS(check_ec_key_field_public_range_test, crv_len);
+ ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len);
+ ADD_ALL_TESTS(ec_point_hex2point_test, crv_len);
+ /* ADD_ALL_TESTS(custom_generator_test, crv_len);
+ ADD_ALL_TESTS(custom_params_test, crv_len); */
+ return 1;
+}
+
+void cleanup_tests(void)
+{
+ OPENSSL_free(curves);
+}
diff --git a/SOURCES/genpatches b/SOURCES/genpatches
new file mode 100755
index 0000000..60c36a4
--- /dev/null
+++ b/SOURCES/genpatches
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+if [ $# -ne 2 ] ; then
+ echo "Usage:"
+ echo " $0 <git-dir> <base-tag>"
+ exit 1
+fi
+
+git_dir="$1"
+base_tag="$2"
+
+target_dir="$(pwd)"
+
+pushd "$git_dir" >/dev/null
+git format-patch -k -o "$target_dir" "$base_tag" >/dev/null
+popd >/dev/null
+
+echo "# Patches exported from source git"
+
+i=1
+for p in *.patch ; do
+ printf "# "
+ sed '/^Subject:/{s/^Subject: //;p};d' "$p"
+ printf "Patch%s: %s\n" $i "$p"
+ i=$(($i + 1))
+done
diff --git a/SOURCES/hobble-openssl b/SOURCES/hobble-openssl
new file mode 100755
index 0000000..9a23ca6
--- /dev/null
+++ b/SOURCES/hobble-openssl
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+# Quit out if anything fails.
+set -e
+
+# Clean out patent-or-otherwise-encumbered code.
+# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
+# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore
+# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore
+# EC: ????????? ??/??/2020
+# SRP: ????????? ??/??/2017 - expired, we do not remove it anymore
+
+# Remove assembler portions of IDEA, MDC2, and RC5.
+# (find crypto/rc5/asm -type f | xargs -r rm -fv)
+
+for c in `find crypto/bn -name "*gf2m.c"`; do
+ echo Destroying $c
+ > $c
+done
+
+for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c"`; do
+ echo Destroying $c
+ > $c
+done
+
+for c in `find test -name "ectest.c"`; do
+ echo Destroying $c
+ > $c
+done
+
+for h in `find crypto ssl apps test -name "*.h"` ; do
+ echo Removing EC2M references from $h
+ cat $h | \
+ awk 'BEGIN {ech=1;} \
+ /^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
+ /^#[ \t]*if/ {if(ech < 1) ech--;} \
+ {if(ech>0) {;print $0};} \
+ /^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
+ mv $h.hobbled $h
+done
diff --git a/SOURCES/make-dummy-cert b/SOURCES/make-dummy-cert
new file mode 100755
index 0000000..f5f0453
--- /dev/null
+++ b/SOURCES/make-dummy-cert
@@ -0,0 +1,28 @@
+#!/bin/sh
+umask 077
+
+answers() {
+ echo --
+ echo SomeState
+ echo SomeCity
+ echo SomeOrganization
+ echo SomeOrganizationalUnit
+ echo localhost.localdomain
+ echo root@localhost.localdomain
+}
+
+if [ $# -eq 0 ] ; then
+ echo $"Usage: `basename $0` filename [...]"
+ exit 0
+fi
+
+for target in $@ ; do
+ PEM1=`/bin/mktemp /tmp/openssl.XXXXXX`
+ PEM2=`/bin/mktemp /tmp/openssl.XXXXXX`
+ trap "rm -f $PEM1 $PEM2" SIGINT
+ answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null
+ cat $PEM1 > ${target}
+ echo "" >> ${target}
+ cat $PEM2 >> ${target}
+ rm -f $PEM1 $PEM2
+done
diff --git a/SOURCES/renew-dummy-cert b/SOURCES/renew-dummy-cert
new file mode 100755
index 0000000..92e271c
--- /dev/null
+++ b/SOURCES/renew-dummy-cert
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+if [ $# -eq 0 ]; then
+ echo $"Usage: `basename $0` filename" 1>&2
+ exit 1
+fi
+
+PEM=$1
+REQ=`/bin/mktemp /tmp/openssl.XXXXXX`
+KEY=`/bin/mktemp /tmp/openssl.XXXXXX`
+CRT=`/bin/mktemp /tmp/openssl.XXXXXX`
+NEW=${PEM}_
+
+trap "rm -f $REQ $KEY $CRT $NEW" SIGINT
+
+if [ ! -f $PEM ]; then
+ echo "$PEM: file not found" 1>&2
+ exit 1
+fi
+
+umask 077
+
+OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'`
+
+openssl rsa -inform pem -in $PEM -out $KEY
+openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ
+openssl x509 -req -in $REQ -signkey $KEY -days 365 \
+ -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT
+
+(cat $KEY ; echo "" ; cat $CRT) > $NEW
+
+chown $OWNER $NEW
+
+mv -f $NEW $PEM
+
+rm -f $REQ $KEY $CRT
+
+exit 0
+
diff --git a/SPECS/openssl.spec b/SPECS/openssl.spec
new file mode 100644
index 0000000..6846c0b
--- /dev/null
+++ b/SPECS/openssl.spec
@@ -0,0 +1,632 @@
+# For the curious:
+# 0.9.8jk + EAP-FAST soversion = 8
+# 1.0.0 soversion = 10
+# 1.1.0 soversion = 1.1 (same as upstream although presence of some symbols
+# depends on build configuration options)
+# 3.0.0 soversion = 3 (same as upstream)
+%define soversion 3
+
+# Arches on which we need to prevent arch conflicts on opensslconf.h, must
+# also be handled in opensslconf-new.h.
+%define multilib_arches %{ix86} ia64 %{mips} ppc ppc64 s390 s390x sparcv9 sparc64 x86_64
+
+%global _performance_build 1
+
+Summary: Utilities from the general purpose cryptography library with TLS implementation
+Name: openssl
+Version: 3.0.1
+Release: 20%{?dist}
+Epoch: 1
+# We have to remove certain patented algorithms from the openssl source
+# tarball with the hobble-openssl script which is included below.
+# The original openssl upstream tarball cannot be shipped in the .src.rpm.
+Source: openssl-%{version}-hobbled.tar.xz
+Source1: hobble-openssl
+Source2: Makefile.certificate
+Source3: genpatches
+Source6: make-dummy-cert
+Source7: renew-dummy-cert
+Source9: configuration-switch.h
+Source10: configuration-prefix.h
+Source12: ec_curve.c
+Source13: ectest.c
+Source14: 0025-for-tests.patch
+
+# Patches exported from source git
+# Aarch64 and ppc64le use lib64
+Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch
+# Use more general default values in openssl.cnf
+Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch
+# Do not install html docs
+Patch3: 0003-Do-not-install-html-docs.patch
+# Override default paths for the CA directory tree
+Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch
+# apps/ca: fix md option help text
+Patch5: 0005-apps-ca-fix-md-option-help-text.patch
+# Disable signature verification with totally unsafe hash algorithms
+Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch
+# Add support for PROFILE=SYSTEM system default cipherlist
+Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
+# Add FIPS_mode() compatibility macro
+Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
+# Add check to see if fips flag is enabled in kernel
+Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
+# remove unsupported EC curves
+Patch11: 0011-Remove-EC-curves.patch
+# Disable explicit EC curves
+# https://bugzilla.redhat.com/show_bug.cgi?id=1977867
+Patch12: 0012-Disable-explicit-ec.patch
+# Instructions to load legacy provider in openssl.cnf
+Patch24: 0024-load-legacy-prov.patch
+# Tmp: test name change
+Patch31: 0031-tmp-Fix-test-names.patch
+# We load FIPS provider and set FIPS properties implicitly
+Patch32: 0032-Force-fips.patch
+# Embed HMAC into the fips.so
+Patch33: 0033-FIPS-embed-hmac.patch
+# Comment out fipsinstall command-line utility
+Patch34: 0034.fipsinstall_disable.patch
+# Skip unavailable algorithms running `openssl speed`
+Patch35: 0035-speed-skip-unavailable-dgst.patch
+# Minimize fips services
+Patch45: 0045-FIPS-services-minimize.patch
+# Backport of s390x hardening, https://github.com/openssl/openssl/pull/17486
+Patch46: 0046-FIPS-s390x-hardening.patch
+# Execute KATS before HMAC verification
+Patch47: 0047-FIPS-early-KATS.patch
+# Backport of correctly handle 2^14 byte long records #17538
+Patch48: 0048-correctly-handle-records.patch
+# Selectively disallow SHA1 signatures
+Patch49: 0049-Selectively-disallow-SHA1-signatures.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2049265
+Patch50: 0050-FIPS-enable-pkcs12-mac.patch
+# Backport of patch for RHEL for Edge rhbz #2027261
+Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
+# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
+Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
+# CVE 2022-0778
+Patch53: 0053-CVE-2022-0778.patch
+
+License: ASL 2.0
+URL: http://www.openssl.org/
+BuildRequires: gcc g++
+BuildRequires: coreutils, perl-interpreter, sed, zlib-devel, /usr/bin/cmp
+BuildRequires: lksctp-tools-devel
+BuildRequires: /usr/bin/rename
+BuildRequires: /usr/bin/pod2man
+BuildRequires: /usr/sbin/sysctl
+BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt)
+BuildRequires: perl(Module::Load::Conditional), perl(File::Temp)
+BuildRequires: perl(Time::HiRes), perl(IPC::Cmd), perl(Pod::Html), perl(Digest::SHA)
+BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy), perl(bigint)
+BuildRequires: git-core
+Requires: coreutils
+Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
+
+%description
+The OpenSSL toolkit provides support for secure communications between
+machines. OpenSSL includes a certificate management tool and shared
+libraries which provide various cryptographic algorithms and
+protocols.
+
+%package libs
+Summary: A general purpose cryptography library with TLS implementation
+Requires: ca-certificates >= 2008-5
+Requires: crypto-policies >= 20180730
+Recommends: openssl-pkcs11%{?_isa}
+
+%description libs
+OpenSSL is a toolkit for supporting cryptography. The openssl-libs
+package contains the libraries that are used by various applications which
+support cryptographic algorithms and protocols.
+
+%package devel
+Summary: Files for development of applications which will use OpenSSL
+Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
+Requires: pkgconfig
+
+%description devel
+OpenSSL is a toolkit for supporting cryptography. The openssl-devel
+package contains include files needed to develop applications which
+support various cryptographic algorithms and protocols.
+
+%package perl
+Summary: Perl scripts provided with OpenSSL
+Requires: perl-interpreter
+Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
+
+%description perl
+OpenSSL is a toolkit for supporting cryptography. The openssl-perl
+package provides Perl scripts for converting certificates and keys
+from other formats to the formats used by the OpenSSL toolkit.
+
+%prep
+%autosetup -S git -n %{name}-%{version}
+
+# The hobble_openssl is called here redundantly, just to be sure.
+# The tarball has already the sources removed.
+%{SOURCE1} > /dev/null
+
+cp %{SOURCE12} crypto/ec/
+cp %{SOURCE13} test/
+
+%build
+# Figure out which flags we want to use.
+# default
+sslarch=%{_os}-%{_target_cpu}
+%ifarch %ix86
+sslarch=linux-elf
+if ! echo %{_target} | grep -q i686 ; then
+ sslflags="no-asm 386"
+fi
+%endif
+%ifarch x86_64
+sslflags=enable-ec_nistp_64_gcc_128
+%endif
+%ifarch sparcv9
+sslarch=linux-sparcv9
+sslflags=no-asm
+%endif
+%ifarch sparc64
+sslarch=linux64-sparcv9
+sslflags=no-asm
+%endif
+%ifarch alpha alphaev56 alphaev6 alphaev67
+sslarch=linux-alpha-gcc
+%endif
+%ifarch s390 sh3eb sh4eb
+sslarch="linux-generic32 -DB_ENDIAN"
+%endif
+%ifarch s390x
+sslarch="linux64-s390x"
+%endif
+%ifarch %{arm}
+sslarch=linux-armv4
+%endif
+%ifarch aarch64
+sslarch=linux-aarch64
+sslflags=enable-ec_nistp_64_gcc_128
+%endif
+%ifarch sh3 sh4
+sslarch=linux-generic32
+%endif
+%ifarch ppc64 ppc64p7
+sslarch=linux-ppc64
+%endif
+%ifarch ppc64le
+sslarch="linux-ppc64le"
+sslflags=enable-ec_nistp_64_gcc_128
+%endif
+%ifarch mips mipsel
+sslarch="linux-mips32 -mips32r2"
+%endif
+%ifarch mips64 mips64el
+sslarch="linux64-mips64 -mips64r2"
+%endif
+%ifarch mips64el
+sslflags=enable-ec_nistp_64_gcc_128
+%endif
+%ifarch riscv64
+sslarch=linux-generic64
+%endif
+
+# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
+# marked as not requiring an executable stack.
+# Also add -DPURIFY to make using valgrind with openssl easier as we do not
+# want to depend on the uninitialized memory as a source of entropy anyway.
+RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS"
+
+export HASHBANGPERL=/usr/bin/perl
+
+%define fips %{version}-%(date +%Y%m%d)
+# ia64, x86_64, ppc are OK by default
+# Configure the build tree. Override OpenSSL defaults with known-good defaults
+# usable on all platforms. The Configure script already knows to use -fPIC and
+# RPM_OPT_FLAGS, so we can skip specifiying them here.
+./Configure \
+ --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
+ --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
+ zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
+ enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\
+ no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\
+ shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'
+
+# Do not run this in a production package the FIPS symbols must be patched-in
+#util/mkdef.pl crypto update
+
+make %{?_smp_mflags} all
+
+# Clean up the .pc files
+for i in libcrypto.pc libssl.pc openssl.pc ; do
+ sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i
+done
+
+%check
+# Verify that what was compiled actually works.
+
+# Hack - either enable SCTP AUTH chunks in kernel or disable sctp for check
+(sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \
+(echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' &&
+ sed '/"msan" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \
+ touch -r configdata.pm configdata.pm.new && \
+ mv -f configdata.pm.new configdata.pm)
+
+# We must revert patch4 before tests otherwise they will fail
+patch -p1 -R < %{PATCH4}
+#We must disable default provider before tests otherwise they will fail
+patch -p1 < %{SOURCE14}
+
+OPENSSL_ENABLE_MD5_VERIFY=
+export OPENSSL_ENABLE_MD5_VERIFY
+OPENSSL_ENABLE_SHA1_SIGNATURES=
+export OPENSSL_ENABLE_SHA1_SIGNATURES
+OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
+export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
+#embed HMAC into fips provider for test run
+LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac
+objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac
+mv providers/fips.so.mac providers/fips.so
+#run tests itself
+make test HARNESS_JOBS=8
+
+# Add generation of HMAC checksum of the final stripped library
+# We manually copy standard definition of __spec_install_post
+# and add hmac calculation/embedding to fips.so
+%define __spec_install_post \
+ %{?__debug_package:%{__debug_install_post}} \
+ %{__arch_install_post} \
+ %{__os_install_post} \
+ LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so > $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
+ objcopy --update-section .rodata1=$RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac \
+ mv $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so \
+ rm $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
+%{nil}
+
+%define __provides_exclude_from %{_libdir}/openssl
+
+%install
+[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
+# Install OpenSSL.
+install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl,%{_pkgdocdir}}
+%make_install
+rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
+for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
+ chmod 755 ${lib}
+ ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
+ ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
+done
+
+# Remove static libraries
+for lib in $RPM_BUILD_ROOT%{_libdir}/*.a ; do
+ rm -f ${lib}
+done
+
+# Install a makefile for generating keys and self-signed certs, and a script
+# for generating them on the fly.
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
+install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate
+install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_bindir}/make-dummy-cert
+install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/renew-dummy-cert
+
+# Move runable perl scripts to bindir
+mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/*.pl $RPM_BUILD_ROOT%{_bindir}
+mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir}
+
+# Rename man pages so that they don't conflict with other system man pages.
+pushd $RPM_BUILD_ROOT%{_mandir}
+mv man5/config.5ossl man5/openssl.cnf.5
+popd
+
+mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA
+mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private
+mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/certs
+mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/crl
+mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts
+
+# Ensure the config file timestamps are identical across builds to avoid
+# mulitlib conflicts and unnecessary renames on upgrade
+touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf
+touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf
+
+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
+#we don't use native fipsmodule.cnf because FIPS module is loaded automatically
+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/fipsmodule.cnf
+
+# Determine which arch opensslconf.h is going to try to #include.
+basearch=%{_arch}
+%ifarch %{ix86}
+basearch=i386
+%endif
+%ifarch sparcv9
+basearch=sparc
+%endif
+%ifarch sparc64
+basearch=sparc64
+%endif
+
+# Next step of gradual disablement of SSL3.
+# Make SSL3 disappear to newly built dependencies.
+sed -i '/^\#ifndef OPENSSL_NO_SSL_TRACE/i\
+#ifndef OPENSSL_NO_SSL3\
+# define OPENSSL_NO_SSL3\
+#endif' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h
+
+%ifarch %{multilib_arches}
+# Do an configuration.h switcheroo to avoid file conflicts on systems where you
+# can have both a 32- and 64-bit version of the library, and they each need
+# their own correct-but-different versions of opensslconf.h to be usable.
+install -m644 %{SOURCE10} \
+ $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration-${basearch}.h
+cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h >> \
+ $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration-${basearch}.h
+install -m644 %{SOURCE9} \
+ $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h
+%endif
+
+%files
+%{!?_licensedir:%global license %%doc}
+%license LICENSE.txt
+%doc NEWS.md README.md
+%{_bindir}/make-dummy-cert
+%{_bindir}/renew-dummy-cert
+%{_bindir}/openssl
+%{_mandir}/man1/*
+%{_mandir}/man5/*
+%{_mandir}/man7/*
+%{_pkgdocdir}/Makefile.certificate
+%exclude %{_mandir}/man1/*.pl*
+%exclude %{_mandir}/man1/tsget*
+
+%files libs
+%{!?_licensedir:%global license %%doc}
+%license LICENSE.txt
+%dir %{_sysconfdir}/pki/tls
+%dir %{_sysconfdir}/pki/tls/certs
+%dir %{_sysconfdir}/pki/tls/misc
+%dir %{_sysconfdir}/pki/tls/private
+%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
+%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
+%attr(0755,root,root) %{_libdir}/libcrypto.so.%{version}
+%{_libdir}/libcrypto.so.%{soversion}
+%attr(0755,root,root) %{_libdir}/libssl.so.%{version}
+%{_libdir}/libssl.so.%{soversion}
+%attr(0755,root,root) %{_libdir}/engines-%{soversion}
+%attr(0755,root,root) %{_libdir}/ossl-modules
+
+%files devel
+%doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el
+%{_prefix}/include/openssl
+%{_libdir}/*.so
+%{_mandir}/man3/*
+%{_libdir}/pkgconfig/*.pc
+
+%files perl
+%{_bindir}/c_rehash
+%{_bindir}/*.pl
+%{_bindir}/tsget
+%{_mandir}/man1/*.pl*
+%{_mandir}/man1/tsget*
+%dir %{_sysconfdir}/pki/CA
+%dir %{_sysconfdir}/pki/CA/private
+%dir %{_sysconfdir}/pki/CA/certs
+%dir %{_sysconfdir}/pki/CA/crl
+%dir %{_sysconfdir}/pki/CA/newcerts
+
+%ldconfig_scriptlets libs
+
+%changelog
+* Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-20
+- Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when
+ no OpenSSL library context is set
+- Resolves: rhbz#2063306
+
+* Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-19
+- Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes
+- Resolves: rhbz#2063306
+
+* Wed Mar 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-18
+- CVE-2022-0778 fix
+- Resolves: rhbz#2062314
+
+* Thu Mar 10 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-15.1
+- Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before
+ setting an allowed digest with EVP_PKEY_CTX_set_signature_md()
+- Resolves: rhbz#2061607
+
+* Tue Mar 01 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-14.1
+- Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes
+- Resolves: rhbz#2031742
+
+* Fri Feb 25 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-14
+- Prevent use of SHA1 with ECDSA
+- Resolves: rhbz#2031742
+
+* Fri Feb 25 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-13
+- OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
+- Resolves: rhbz#1977867
+
+* Thu Feb 24 2022 Peter Robinson <pbrobinson@fedoraproject.org> - 1:3.0.1-12
+- Support KBKDF (NIST SP800-108) with an R value of 8bits
+- Resolves: rhbz#2027261
+
+* Wed Feb 23 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-11
+- Allow SHA1 usage in MGF1 for RSASSA-PSS signatures
+- Resolves: rhbz#2031742
+
+* Wed Feb 23 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-10
+- rebuilt
+
+* Tue Feb 22 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-9
+- Allow SHA1 usage in HMAC in TLS
+- Resolves: rhbz#2031742
+
+* Tue Feb 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-8
+- OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
+- Resolves: rhbz#1977867
+- pkcs12 export broken in FIPS mode
+- Resolves: rhbz#2049265
+
+* Tue Feb 22 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-8
+- Disable SHA1 signature creation and verification by default
+- Set rh-allow-sha1-signatures = yes to re-enable
+- Resolves: rhbz#2031742
+
+* Thu Feb 03 2022 Sahana Prasad <sahana@redhat.com> - 1:3.0.1-7
+- s_server: correctly handle 2^14 byte long records
+- Resolves: rhbz#2042011
+
+* Tue Feb 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-6
+- Adjust FIPS provider version
+- Related: rhbz#2026445
+
+* Wed Jan 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-5
+- On the s390x, zeroize all the copies of TLS premaster secret
+- Related: rhbz#2040448
+
+* Fri Jan 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-4
+- rebuilt
+
+* Fri Jan 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-3
+- KATS tests should be executed before HMAC verification
+- Restoring fips=yes for SHA1
+- Related: rhbz#2026445, rhbz#2041994
+
+* Thu Jan 20 2022 Sahana Prasad <sahana@redhat.com> - 1:3.0.1-2
+- Add enable-buildtest-c++ to the configure options.
+- Related: rhbz#1990814
+
+* Tue Jan 18 2022 Sahana Prasad <sahana@redhat.com> - 1:3.0.1-1
+- Rebase to upstream version 3.0.1
+- Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl
+- Resolves: rhbz#2038910, rhbz#2035148
+
+* Mon Jan 17 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-7
+- Remove algorithms we don't plan to certify from fips module
+- Remove native fipsmodule.cnf
+- Related: rhbz#2026445
+
+* Tue Dec 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-6
+- openssl speed should run in FIPS mode
+- Related: rhbz#1977318
+
+* Wed Nov 24 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-5
+- rebuilt for spec cleanup
+- Related: rhbz#1985362
+
+* Thu Nov 18 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-4
+- Embed FIPS HMAC in fips.so
+- Enforce loading FIPS provider when FIPS kernel flag is on
+- Related: rhbz#1985362
+
+* Thu Oct 07 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-3
+- Fix memory leak in s_client
+- Related: rhbz#1996092
+
+* Mon Sep 20 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-2
+- Avoid double-free on error seeding the RNG.
+- KTLS and FIPS may interfere, so tests need to be tuned
+- Resolves: rhbz#1952844, rhbz#1961643
+
+* Thu Sep 09 2021 Sahana Prasad <sahana@redhat.com> - 1:3.0.0-1
+- Rebase to upstream version 3.0.0
+- Related: rhbz#1990814
+
+* Wed Aug 25 2021 Sahana Prasad <sahana@redhat.com> - 1:3.0.0-0.beta2.7
+- Removes the dual-abi build as it not required anymore. The mass rebuild
+ was completed and all packages are rebuilt against Beta version.
+- Resolves: rhbz#1984097
+
+* Mon Aug 23 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-0.beta2.6
+- Correctly process CMS reading from /dev/stdin
+- Resolves: rhbz#1986315
+
+* Mon Aug 16 2021 Sahana Prasad <sahana@redhat.com> - 3.0.0-0.beta2.5
+- Add instruction for loading legacy provider in openssl.cnf
+- Resolves: rhbz#1975836
+
+* Mon Aug 16 2021 Sahana Prasad <sahana@redhat.com> - 3.0.0-0.beta2.4
+- Adds support for IDEA encryption.
+- Resolves: rhbz#1990602
+
+* Tue Aug 10 2021 Sahana Prasad <sahana@redhat.com> - 3.0.0-0.beta2.3
+- Fixes core dump in openssl req -modulus
+- Fixes 'openssl req' to not ask for password when non-encrypted private key
+ is used
+- cms: Do not try to check binary format on stdin and -rctform fix
+- Resolves: rhbz#1988137, rhbz#1988468, rhbz#1988137
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:3.0.0-0.beta2.2.1
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+ Related: rhbz#1991688
+
+* Wed Aug 04 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 3.0.0-0.beta2.2
+- When signature_algorithm extension is omitted, use more relevant alerts
+- Resolves: rhbz#1965017
+
+* Tue Aug 03 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta2.1
+- Rebase to upstream version beta2
+- Related: rhbz#1903209
+
+* Thu Jul 22 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.5
+- Prevents creation of duplicate cert entries in PKCS #12 files
+- Resolves: rhbz#1978670
+
+* Wed Jul 21 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.4
+- NVR bump to update to OpenSSL 3.0 Beta1
+
+* Mon Jul 19 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.3
+- Update patch dual-abi.patch to add the #define macros in implementation
+ files instead of public header files
+
+* Wed Jul 14 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.2
+- Removes unused patch dual-abi.patch
+
+* Wed Jul 14 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.1
+- Update to Beta1 version
+- Includes a patch to support dual-ABI, as Beta1 brekas ABI with alpha16
+
+* Tue Jul 06 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.7
+- Fixes override of openssl_conf in openssl.cnf
+- Use AI_ADDRCONFIG only when explicit host name is given
+- Temporarily remove fipsmodule.cnf for arch i686
+- Fixes segmentation fault in BN_lebin2bn
+- Resolves: rhbz#1975847, rhbz#1976845, rhbz#1973477, rhbz#1975855
+
+* Fri Jul 02 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.6
+- Adds FIPS mode compatibility patch (sahana@redhat.com)
+- Related: rhbz#1977318
+
+* Fri Jul 02 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.5
+- Fixes system hang issue when booted in FIPS mode (sahana@redhat.com)
+- Temporarily disable downstream FIPS patches
+- Related: rhbz#1977318
+
+* Fri Jun 11 2021 Mohan Boddu <mboddu@redhat.com> 3.0.0-0.alpha16.4
+- Speeding up building openssl (dbelyavs@redhat.com)
+ Resolves: rhbz#1903209
+
+* Fri Jun 04 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.3
+- Fix reading SPKAC data from stdin
+- Fix incorrect OSSL_PKEY_PARAM_MAX_SIZE for ed25519 and ed448
+- Return 0 after cleanup in OPENSSL_init_crypto()
+- Cleanup the peer point formats on regotiation
+- Fix default digest to SHA256
+
+* Thu May 27 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.2
+- Enable FIPS via config options
+
+* Mon May 17 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.1
+- Update to alpha 16 version
+ Resolves: rhbz#1952901 openssl sends alert after orderly connection close
+
+* Mon Apr 26 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha15.1
+- Update to alpha 15 version
+ Resolves: rhbz#1903209, rhbz#1952598,
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:3.0.0-0.alpha13.1.1
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Fri Apr 09 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha13.1
+- Update to new major release OpenSSL 3.0.0 alpha 13
+ Resolves: rhbz#1903209