[openssl] master update
Richard Levitte
levitte at openssl.org
Thu Sep 3 16:04:44 UTC 2020
The branch master has been updated
via d55d0935deb1a8af9cb9a76bf4ca21da47ba8184 (commit)
via 5045abb2e92f9370b05f5e9c6f116fb01bf9e4fe (commit)
via 7192e4dfa104f83e54c37e6acfa49fb6a3e1a5dd (commit)
via 96b924105fd5069875cefcc7e0aca03e2daf1348 (commit)
via 4feda976de1291d9e0d2bbb4d87b39b89dfe6dcd (commit)
via 88c1d0c1daa93571570cdaac04bb9e3dae8b971f (commit)
via c2150f73571fbcf150d0a7e5eaef537fd43857fa (commit)
via 67b640135696d4426475fb0c455c094a6c33ee45 (commit)
via 7a3068109568cefdb0d63be1d0c83251c621156e (commit)
via a10847c427744fb7e7d29953dee130a52251c027 (commit)
via b5275648843ace1a441521823913ccbbebb8769c (commit)
via 7620d89c3f2f420ea951fb5b48f976079bfc7429 (commit)
via a1447076beee138cab1cc4b277aae189defffdf4 (commit)
via 63f187cfedd21550094b5d69a52f7f617545b209 (commit)
via 16feca71544681cabf873fecd3f860f9853bdf07 (commit)
via bd7a6f16eb52c5c022b2555810efd99006db0a02 (commit)
via a9556761418c432844d95e3988b41f19b7c7b56a (commit)
from 0bc193dd05fa0f5580706f34994beb74baf3d531 (commit)
- Log -----------------------------------------------------------------
commit d55d0935deb1a8af9cb9a76bf4ca21da47ba8184
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Sep 1 17:56:11 2020 +0200
ASN1: Make ASN1_item_verify_ctx() work with provider-native keys
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
commit 5045abb2e92f9370b05f5e9c6f116fb01bf9e4fe
Author: Richard Levitte <levitte at openssl.org>
Date: Sun Aug 30 11:46:45 2020 +0200
EC: Remove one error record that shadows another
In EC_GROUP_new_from_params(), ERR_R_EC_LIB was reported if
group_new_from_name() returned NULL. However, this shadows a possible
EC_R_INVALID_CURVE, making that harder to detect, which happens to be
important to do in test/evp_test.c.
This also extends key_unsupported() in test/evp_test.c to check for
this error alongside the check for EC_R_UNKNOWN_GROUP.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
commit 7192e4dfa104f83e54c37e6acfa49fb6a3e1a5dd
Author: Richard Levitte <levitte at openssl.org>
Date: Sun Aug 30 09:53:22 2020 +0200
TEST: Ensure that the base provider i activated when needed
The fips providers can't be activated alone if encoding, decoding or
STORE are going to be used.
To enable this, we selectively use test/fips-and-base.cnf instead of
test/fips.cnf in our test recipes.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
commit 96b924105fd5069875cefcc7e0aca03e2daf1348
Author: Richard Levitte <levitte at openssl.org>
Date: Sat Aug 29 15:08:05 2020 +0200
Revert "TEST: separate out NIST ECC tests from non-NIST"
This file split turned out to be a mistake as soon as the fetching
error reporting got properly sorted.
This reverts commit e6ed04a9dcc2ead94e35c4a7400b9c998b5ad9ac.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
commit 4feda976de1291d9e0d2bbb4d87b39b89dfe6dcd
Author: Richard Levitte <levitte at openssl.org>
Date: Sat Aug 29 20:48:51 2020 +0200
EVP: Don't report malloc failure in new_raw_key_int()
On failure by EVP_PKEY_CTX_new_from_name(), this function reported
ERR_R_MALLOC_FAILURE. However, that's not necessarily true, as it can
fail because the algorithm isn't present.
Either way, EVP_PKEY_CTX_new_from_name() records more accurate errors
on its own, and one of them - EVP_R_FETCH_FAILED - is significant for
test/evp_test.c.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
commit 88c1d0c1daa93571570cdaac04bb9e3dae8b971f
Author: Richard Levitte <levitte at openssl.org>
Date: Sat Aug 29 20:38:25 2020 +0200
TEST: have key_unsupported() in evp_test.c look at the last error
key_unsupported() looked at the first error in the queue to see if a
key algorithm is supported or not. However, there are situations
where the errors it looks for is preceded by others. It's much safer
to look at the last recorded error.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
commit c2150f73571fbcf150d0a7e5eaef537fd43857fa
Author: Richard Levitte <levitte at openssl.org>
Date: Sat Aug 29 09:40:31 2020 +0200
STORE: Stop the flood of errors
The old 'file:' loader was recently changed to stop the flood of
repeated nested ASN.1 errors when trying to decode a DER blob in
diverse ways.
That is now reproduced in ossl_store_handle_load_result()
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
commit 67b640135696d4426475fb0c455c094a6c33ee45
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Aug 28 13:07:35 2020 +0200
CORE: Fix small bug in passphrase caching
Passphrase caching didn't allocate memory when it got to cache an
empty string, leading to a crash.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
commit 7a3068109568cefdb0d63be1d0c83251c621156e
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Aug 26 07:04:53 2020 +0200
STORE: Fix potential memory leak
When closing an OSSL_STORE_CTX, also clear the passphrase data.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
commit a10847c427744fb7e7d29953dee130a52251c027
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Aug 5 10:28:51 2020 +0200
"Downgrade" provider-native keys to legacy where needed
Some sub-systems and openssl sub-commands do not yet deal cleanly with
purely provider-native EVP_PKEYs. We compensate that by "downgrading"
keys in select places, or ensure that the 'file:' scheme ENGINE loader
is activated.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
commit b5275648843ace1a441521823913ccbbebb8769c
Author: Richard Levitte <levitte at openssl.org>
Date: Sun Aug 2 16:41:04 2020 +0200
EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8()
EVP_PKEY2PKCS8() relies on the presence of an EVP_PKEY_ASN1_METHOD,
which requires "downgrading" the EVP_PKEY to have a legacy internal
key.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
commit 7620d89c3f2f420ea951fb5b48f976079bfc7429
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Jul 23 17:34:26 2020 +0200
TEST: Modify test/recipes/90-test_store.t for use with different 'file:' loaders
We want to perform the same tests with a provider implementation, and
also make sure that an ENGINE implementation works as advertised.
OSSL_STORE_open() / OSSL_STORE_open_wirh_libctx() work in such a way
that they look for internal / engine implementations first, and only
failing that, they will try to fetch a provider implementation. This
ensures that when we do specify an engine, it gets exceptional priority.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
commit a1447076beee138cab1cc4b277aae189defffdf4
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Jul 23 23:06:27 2020 +0200
STORE: Deprecate legacy / ENGINE functions
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
commit 63f187cfedd21550094b5d69a52f7f617545b209
Author: Richard Levitte <levitte at openssl.org>
Date: Sun Aug 2 12:46:00 2020 +0200
STORE: Add a built-in 'file:' storemgmt implementation (loader)
This replaces the older 'file:' loader that is now an engine.
It's still possible to use the older 'file:' loader by explicitly
using the engine, and tests will remain for it as long as ENGINEs are
still supported (even through deprecated).
To support this storemgmt implementation, a few internal OSSL_DECODER
modifications are needed:
- An internal function that implements most of
OSSL_DECODER_CTX_new_by_EVP_PKEY(), but operates on an already
existing OSSL_DECODER_CTX instead of allocating a new one.
- Allow direct creation of a OSSL_DECODER from an OSSL_ALGORITHM.
It isn't attached to any provider, and is only used internally, to
simply catch any DER encoded object to be passed back to the
object callback with no further checking. This implementation
becomes the last resort decoder, when all "normal"
decodation attempts (i.e. those that are supposed to result
in an OpenSSL object of some sort) have failed.
Because file_store_attach() uses BIO_tell(), we must also support
BIO_ctrl() as a libcrypto upcall.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
commit 16feca71544681cabf873fecd3f860f9853bdf07
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Jul 23 16:56:59 2020 +0200
STORE: Move the built-in 'file:' loader to become an engine module
From this point on, this engine must be specifically specified.
To replace the internal EMBEDDED hack with something unique for the
new module, functions to create application specific OSSL_STORE_INFO
types were added.
Furthermore, the following function had to be exported:
ossl_do_blob_header()
ossl_do_PVK_header()
asn1_d2i_read_bio()
Finally, evp_pkcs82pkey_int() has become public under a new name,
EVP_PKCS82PKEY_with_libctx()
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
commit bd7a6f16eb52c5c022b2555810efd99006db0a02
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Aug 21 13:08:18 2020 +0200
OSSL_ENCODER / OSSL_DECODER post-rename cleanup
There are a few remaining spots where 'deser' wasn't changed to 'decoder'
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
commit a9556761418c432844d95e3988b41f19b7c7b56a
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Jul 23 16:30:38 2020 +0200
ASN1: Fix d2i_KeyParams() to advance |pp| like all other d2i functions do
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
-----------------------------------------------------------------------
Summary of changes:
Configurations/unix-Makefile.tmpl | 2 +
apps/cms.c | 15 +
apps/smime.c | 16 +
crypto/asn1/a_d2i_fp.c | 1 +
crypto/asn1/a_verify.c | 2 +-
crypto/asn1/d2i_param.c | 6 +-
crypto/asn1/d2i_pr.c | 4 +-
crypto/ec/ec_lib.c | 2 -
crypto/encode_decode/decoder_lib.c | 122 +-
crypto/encode_decode/decoder_meth.c | 24 +-
crypto/encode_decode/decoder_pkey.c | 46 +-
crypto/encode_decode/encoder_local.h | 12 +-
crypto/encode_decode/encoder_meth.c | 6 +-
crypto/encode_decode/encoder_pkey.c | 9 +-
crypto/err/openssl.txt | 4 +
crypto/evp/evp_pkey.c | 11 +-
crypto/evp/p_lib.c | 4 +-
crypto/init.c | 3 +
crypto/passphrase.c | 3 +-
crypto/pem/pem_pkey.c | 7 +-
crypto/pkcs7/pk7_lib.c | 11 +
crypto/provider_core.c | 1 +
crypto/store/build.info | 7 +-
crypto/store/store_init.c | 3 +-
crypto/store/store_lib.c | 85 +-
crypto/store/store_local.h | 31 +-
crypto/store/store_result.c | 43 +-
crypto/x509/x_all.c | 2 +-
doc/man3/OSSL_STORE_INFO.pod | 23 +-
doc/man3/OSSL_STORE_LOADER.pod | 13 +-
doc/man3/OSSL_STORE_SEARCH.pod | 12 +-
doc/man3/OSSL_STORE_open.pod | 19 +-
engines/build.info | 10 +-
.../loader_file.c => engines/e_loader_attic.c | 419 +++---
engines/e_loader_attic.ec | 3 +
engines/e_loader_attic.txt | 23 +
engines/e_loader_attic_err.c | 73 ++
engines/e_loader_attic_err.h | 43 +
include/crypto/asn1.h | 2 -
include/crypto/decoder.h | 40 +
include/crypto/evp.h | 2 -
include/internal/asn1.h | 15 +
include/openssl/core_dispatch.h | 3 +
include/openssl/err.h | 5 +-
include/openssl/store.h | 92 +-
include/openssl/x509.h | 2 +
providers/baseprov.c | 11 +
providers/common/bio_prov.c | 16 +-
providers/common/include/prov/bio.h | 1 +
providers/common/include/prov/providercommonerr.h | 3 +
providers/common/provider_err.c | 6 +
providers/defltprov.c | 11 +
providers/implementations/build.info | 2 +-
.../implementations/encode_decode/decode_common.c | 2 +-
.../implementations/include/prov/implementations.h | 2 +
providers/implementations/storemgmt/build.info | 6 +
providers/implementations/storemgmt/file_store.c | 920 ++++++++++++++
.../implementations/storemgmt/file_store_der2obj.c | 119 ++
.../implementations/storemgmt/file_store_local.h | 11 +
providers/stores.inc | 14 +
test/evp_extra_test.c | 13 +
test/evp_test.c | 5 +-
test/recipes/15-test_genrsa.t | 3 +-
test/recipes/15-test_rsaoaep.t | 2 +-
test/recipes/20-test_pkeyutl.t | 11 +-
test/recipes/25-test_req.t | 30 +-
test/recipes/30-test_evp.t | 8 +-
test/recipes/30-test_evp_data/evppkey_ecc.txt | 932 ++++++++++++++
test/recipes/30-test_evp_data/evppkey_ecc_nist.txt | 945 --------------
test/recipes/30-test_evp_data/evppkey_ecdh.txt | 1341 ++++++++++++++++++--
.../recipes/30-test_evp_data/evppkey_ecdh_nist.txt | 1177 -----------------
test/recipes/65-test_cmp_client.t | 2 +-
test/recipes/65-test_cmp_msg.t | 3 +-
test/recipes/65-test_cmp_protect.t | 3 +-
test/recipes/80-test_cms.t | 2 +-
test/recipes/80-test_ssl_new.t | 2 +-
test/recipes/80-test_ssl_old.t | 3 +-
test/recipes/90-test_sslapi.t | 2 +-
test/recipes/90-test_store.t | 321 ++---
util/libcrypto.num | 44 +-
util/missingcrypto-internal.txt | 5 +
util/missingcrypto.txt | 1 +
82 files changed, 4453 insertions(+), 2807 deletions(-)
rename crypto/store/loader_file.c => engines/e_loader_attic.c (82%)
create mode 100644 engines/e_loader_attic.ec
create mode 100644 engines/e_loader_attic.txt
create mode 100644 engines/e_loader_attic_err.c
create mode 100644 engines/e_loader_attic_err.h
create mode 100644 include/crypto/decoder.h
create mode 100644 include/internal/asn1.h
create mode 100644 providers/implementations/storemgmt/build.info
create mode 100644 providers/implementations/storemgmt/file_store.c
create mode 100644 providers/implementations/storemgmt/file_store_der2obj.c
create mode 100644 providers/implementations/storemgmt/file_store_local.h
create mode 100644 providers/stores.inc
delete mode 100644 test/recipes/30-test_evp_data/evppkey_ecc_nist.txt
delete mode 100644 test/recipes/30-test_evp_data/evppkey_ecdh_nist.txt
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 441f83c345..ff4803be74 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1075,6 +1075,8 @@ errors:
include/internal/o_dir.h
include/internal/err.h
include/internal/evp.h
+ include/internal/pem.h
+ include/internal/asn1.h
include/internal/sslconf.h );
our @cryptoskipheaders = ( @sslheaders,
qw( include/openssl/conf_api.h
diff --git a/apps/cms.c b/apps/cms.c
index bcf2f44ce5..d154f460b3 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -866,6 +866,13 @@ int cms_main(int argc, char **argv)
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
if (key == NULL)
goto end;
+
+ /*
+ * TODO: Remove this when CMS has full support for provider-native
+ * EVP_PKEYs
+ */
+ if (EVP_PKEY_get0(key) == NULL)
+ goto end;
}
in = bio_open_default(infile, 'r', informat);
@@ -1064,6 +1071,14 @@ int cms_main(int argc, char **argv)
ret = 2;
goto end;
}
+
+ /*
+ * TODO: Remove this when CMS has full support for provider-native
+ * EVP_PKEYs
+ */
+ if (EVP_PKEY_get0(key) == NULL)
+ goto end;
+
for (kparam = key_first; kparam; kparam = kparam->next) {
if (kparam->idx == i) {
tflags |= CMS_KEY_PARAM;
diff --git a/apps/smime.c b/apps/smime.c
index 5ecdc019d2..dbfcdbeb5a 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -477,6 +477,14 @@ int smime_main(int argc, char **argv)
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
if (key == NULL)
goto end;
+
+ /*
+ * TODO: Remove this when CMS has full support for provider-native
+ * EVP_PKEYs
+ */
+ if (EVP_PKEY_get0(key) == NULL)
+ goto end;
+
}
in = bio_open_default(infile, 'r', informat);
@@ -571,6 +579,14 @@ int smime_main(int argc, char **argv)
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
if (key == NULL)
goto end;
+
+ /*
+ * TODO: Remove this when CMS has full support for provider-native
+ * EVP_PKEYs
+ */
+ if (EVP_PKEY_get0(key) == NULL)
+ goto end;
+
if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags))
goto end;
X509_free(signer);
diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
index 186e7ec413..249e6294c8 100644
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -13,6 +13,7 @@
#include "internal/numbers.h"
#include <openssl/buffer.h>
#include <openssl/asn1.h>
+#include "internal/asn1.h"
#include "crypto/asn1.h"
#ifndef NO_OLD_ASN1
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index 2b2c46a854..e3471c8141 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -163,7 +163,7 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
}
/* Check public key OID matches public key type */
- if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
+ if (!EVP_PKEY_is_a(pkey, OBJ_nid2sn(pknid))) {
ASN1err(0, ASN1_R_WRONG_PUBLIC_KEY_TYPE);
goto err;
}
diff --git a/crypto/asn1/d2i_param.c b/crypto/asn1/d2i_param.c
index c82b4a8fa8..f0217b47f6 100644
--- a/crypto/asn1/d2i_param.c
+++ b/crypto/asn1/d2i_param.c
@@ -11,14 +11,14 @@
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include <openssl/asn1.h>
-#include "crypto/evp.h"
+#include "internal/asn1.h"
#include "crypto/asn1.h"
+#include "crypto/evp.h"
EVP_PKEY *d2i_KeyParams(int type, EVP_PKEY **a, const unsigned char **pp,
long length)
{
EVP_PKEY *ret = NULL;
- const unsigned char *p = *pp;
if ((a == NULL) || (*a == NULL)) {
if ((ret = EVP_PKEY_new()) == NULL)
@@ -34,7 +34,7 @@ EVP_PKEY *d2i_KeyParams(int type, EVP_PKEY **a, const unsigned char **pp,
goto err;
}
- if (!ret->ameth->param_decode(ret, &p, length))
+ if (!ret->ameth->param_decode(ret, pp, length))
goto err;
if (a != NULL)
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index a4d240e7c4..ba81782698 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -55,7 +55,7 @@ EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp,
p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
if (p8 == NULL)
goto err;
- tmp = evp_pkcs82pkey_int(p8, libctx, propq);
+ tmp = EVP_PKCS82PKEY_with_libctx(p8, libctx, propq);
PKCS8_PRIV_KEY_INFO_free(p8);
if (tmp == NULL)
goto err;
@@ -122,7 +122,7 @@ EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp,
ASN1err(0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
return NULL;
}
- ret = evp_pkcs82pkey_int(p8, libctx, propq);
+ ret = EVP_PKCS82PKEY_with_libctx(p8, libctx, propq);
PKCS8_PRIV_KEY_INFO_free(p8);
if (ret == NULL)
return NULL;
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index d9298f62d0..d7752e953f 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1552,8 +1552,6 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
group = group_new_from_name(ptmp, libctx, propq);
if (group != NULL)
EC_GROUP_set_asn1_flag(group, encoding_flag);
- else
- ECerr(0, ERR_R_EC_LIB);
return group;
}
bnctx = BN_CTX_new_ex(libctx);
diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c
index 5d18ef1eff..9eeff20f7c 100644
--- a/crypto/encode_decode/decoder_lib.c
+++ b/crypto/encode_decode/decoder_lib.c
@@ -12,6 +12,7 @@
#include <openssl/params.h>
#include <openssl/provider.h>
#include "internal/passphrase.h"
+#include "crypto/decoder.h"
#include "encoder_local.h"
#include "e_os.h"
@@ -22,7 +23,7 @@ struct decoder_process_data_st {
BIO *bio;
/* Index of the current decoder instance to be processed */
- size_t current_deser_inst_index;
+ size_t current_decoder_inst_index;
};
static int decoder_process(const OSSL_PARAM params[], void *arg);
@@ -89,14 +90,13 @@ int OSSL_DECODER_CTX_set_input_type(OSSL_DECODER_CTX *ctx,
return 1;
}
-int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder)
+OSSL_DECODER_INSTANCE *ossl_decoder_instance_new(OSSL_DECODER *decoder,
+ void *decoderctx)
{
OSSL_DECODER_INSTANCE *decoder_inst = NULL;
- const OSSL_PROVIDER *prov = NULL;
OSSL_PARAM params[2];
- void *provctx = NULL;
- if (!ossl_assert(ctx != NULL) || !ossl_assert(decoder != NULL)) {
+ if (!ossl_assert(decoder != NULL)) {
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
@@ -107,12 +107,6 @@ int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder)
return 0;
}
- if (ctx->decoder_insts == NULL
- && (ctx->decoder_insts =
- sk_OSSL_DECODER_INSTANCE_new_null()) == NULL) {
- ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE);
- return 0;
- }
if ((decoder_inst = OPENSSL_zalloc(sizeof(*decoder_inst))) == NULL) {
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE);
return 0;
@@ -121,10 +115,6 @@ int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder)
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_INTERNAL_ERROR);
goto err;
}
- decoder_inst->decoder = decoder;
-
- prov = OSSL_DECODER_provider(decoder_inst->decoder);
- provctx = OSSL_PROVIDER_get0_provider_ctx(prov);
/* Cache the input type for this encoder */
params[0] =
@@ -132,25 +122,74 @@ int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder)
(char **)&decoder_inst->input_type, 0);
params[1] = OSSL_PARAM_construct_end();
- if (!decoder_inst->decoder->get_params(params)
+ if (!decoder->get_params(params)
|| !OSSL_PARAM_modified(¶ms[0]))
goto err;
- if ((decoder_inst->deserctx = decoder_inst->decoder->newctx(provctx))
- == NULL)
- goto err;
-
- if (sk_OSSL_DECODER_INSTANCE_push(ctx->decoder_insts, decoder_inst) <= 0)
- goto err;
-
- return 1;
+ decoder_inst->decoder = decoder;
+ decoder_inst->decoderctx = decoderctx;
+ return decoder_inst;
err:
+ ossl_decoder_instance_free(decoder_inst);
+ return NULL;
+}
+
+void ossl_decoder_instance_free(OSSL_DECODER_INSTANCE *decoder_inst)
+{
if (decoder_inst != NULL) {
if (decoder_inst->decoder != NULL)
- decoder_inst->decoder->freectx(decoder_inst->deserctx);
+ decoder_inst->decoder->freectx(decoder_inst->decoderctx);
+ decoder_inst->decoderctx = NULL;
OSSL_DECODER_free(decoder_inst->decoder);
+ decoder_inst->decoder = NULL;
OPENSSL_free(decoder_inst);
}
+}
+
+int ossl_decoder_ctx_add_decoder_inst(OSSL_DECODER_CTX *ctx,
+ OSSL_DECODER_INSTANCE *di)
+{
+ if (ctx->decoder_insts == NULL
+ && (ctx->decoder_insts =
+ sk_OSSL_DECODER_INSTANCE_new_null()) == NULL) {
+ ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ return (sk_OSSL_DECODER_INSTANCE_push(ctx->decoder_insts, di) > 0);
+}
+
+int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx,
+ OSSL_DECODER *decoder)
+{
+ OSSL_DECODER_INSTANCE *decoder_inst = NULL;
+ const OSSL_PROVIDER *prov = NULL;
+ void *decoderctx = NULL;
+ void *provctx = NULL;
+
+ if (!ossl_assert(ctx != NULL) || !ossl_assert(decoder != NULL)) {
+ ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
+ prov = OSSL_DECODER_provider(decoder);
+ provctx = OSSL_PROVIDER_get0_provider_ctx(prov);
+
+ if ((decoderctx = decoder->newctx(provctx)) == NULL
+ || (decoder_inst =
+ ossl_decoder_instance_new(decoder, decoderctx)) == NULL)
+ goto err;
+ /* Avoid double free of decoderctx on further errors */
+ decoderctx = NULL;
+
+ if (!ossl_decoder_ctx_add_decoder_inst(ctx, decoder_inst))
+ goto err;
+
+ return 1;
+ err:
+ ossl_decoder_instance_free(decoder_inst);
+ if (decoderctx != NULL)
+ decoder->freectx(decoderctx);
return 0;
}
@@ -344,7 +383,7 @@ int OSSL_DECODER_export(OSSL_DECODER_INSTANCE *decoder_inst,
return 0;
}
- return decoder_inst->decoder->export_object(decoder_inst->deserctx,
+ return decoder_inst->decoder->export_object(decoder_inst->decoderctx,
reference, reference_sz,
export_cb, export_cbarg);
}
@@ -360,7 +399,7 @@ void *OSSL_DECODER_INSTANCE_decoder_ctx(OSSL_DECODER_INSTANCE *decoder_inst)
{
if (decoder_inst == NULL)
return NULL;
- return decoder_inst->deserctx;
+ return decoder_inst->decoderctx;
}
static int decoder_process(const OSSL_PARAM params[], void *arg)
@@ -382,7 +421,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg)
if (params == NULL) {
/* First iteration, where we prepare for what is to come */
- data->current_deser_inst_index =
+ data->current_decoder_inst_index =
OSSL_DECODER_CTX_num_decoders(ctx);
bio = data->bio;
@@ -391,7 +430,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg)
decoder_inst =
sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts,
- data->current_deser_inst_index);
+ data->current_decoder_inst_index);
decoder = OSSL_DECODER_INSTANCE_decoder(decoder_inst);
if (ctx->construct != NULL
@@ -422,7 +461,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg)
* If we have no more decoders to look through at this point,
* we failed
*/
- if (data->current_deser_inst_index == 0)
+ if (data->current_decoder_inst_index == 0)
goto end;
if ((loc = BIO_tell(bio)) < 0) {
@@ -430,11 +469,11 @@ static int decoder_process(const OSSL_PARAM params[], void *arg)
goto end;
}
- for (i = data->current_deser_inst_index; i-- > 0;) {
- OSSL_DECODER_INSTANCE *new_deser_inst =
+ for (i = data->current_decoder_inst_index; i-- > 0;) {
+ OSSL_DECODER_INSTANCE *new_decoder_inst =
sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i);
- OSSL_DECODER *new_deser =
- OSSL_DECODER_INSTANCE_decoder(new_deser_inst);
+ OSSL_DECODER *new_decoder =
+ OSSL_DECODER_INSTANCE_decoder(new_decoder_inst);
/*
* If |decoder| is NULL, it means we've just started, and the caller
@@ -443,7 +482,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg)
*/
if (decoder == NULL && ctx->start_input_type != NULL
&& strcasecmp(ctx->start_input_type,
- new_deser_inst->input_type) != 0)
+ new_decoder_inst->input_type) != 0)
continue;
/*
@@ -453,7 +492,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg)
* value for that decoder.
*/
if (decoder != NULL
- && !OSSL_DECODER_is_a(decoder, new_deser_inst->input_type))
+ && !OSSL_DECODER_is_a(decoder, new_decoder_inst->input_type))
continue;
/*
@@ -471,11 +510,12 @@ static int decoder_process(const OSSL_PARAM params[], void *arg)
goto end;
/* Recurse */
- new_data.current_deser_inst_index = i;
- ok = new_deser->decode(new_deser_inst->deserctx, (OSSL_CORE_BIO *)bio,
- decoder_process, &new_data,
- ossl_pw_passphrase_callback_dec,
- &new_data.ctx->pwdata);
+ new_data.current_decoder_inst_index = i;
+ ok = new_decoder->decode(new_decoder_inst->decoderctx,
+ (OSSL_CORE_BIO *)bio,
+ decoder_process, &new_data,
+ ossl_pw_passphrase_callback_dec,
+ &new_data.ctx->pwdata);
if (ok)
break;
}
diff --git a/crypto/encode_decode/decoder_meth.c b/crypto/encode_decode/decoder_meth.c
index 409bb1aa54..235899b6ce 100644
--- a/crypto/encode_decode/decoder_meth.c
+++ b/crypto/encode_decode/decoder_meth.c
@@ -15,11 +15,9 @@
#include "internal/namemap.h"
#include "internal/property.h"
#include "internal/provider.h"
-#include "crypto/encoder.h"
+#include "crypto/decoder.h"
#include "encoder_local.h"
-static void OSSL_DECODER_INSTANCE_free(OSSL_DECODER_INSTANCE *instance);
-
/*
* Decoder can have multiple names, separated with colons in a name string
*/
@@ -159,8 +157,8 @@ static int put_decoder_in_store(OPENSSL_CTX *libctx, void *store,
}
/* Create and populate a decoder method */
-static void *decoder_from_dispatch(int id, const OSSL_ALGORITHM *algodef,
- OSSL_PROVIDER *prov)
+void *ossl_decoder_from_dispatch(int id, const OSSL_ALGORITHM *algodef,
+ OSSL_PROVIDER *prov)
{
OSSL_DECODER *decoder = NULL;
const OSSL_DISPATCH *fns = algodef->implementation;
@@ -236,7 +234,7 @@ static void *decoder_from_dispatch(int id, const OSSL_ALGORITHM *algodef,
/*
* The core fetching functionality passes the names of the implementation.
* This function is responsible to getting an identity number for them,
- * then call decoder_from_dispatch() with that identity number.
+ * then call ossl_decoder_from_dispatch() with that identity number.
*/
static void *construct_decoder(const OSSL_ALGORITHM *algodef,
OSSL_PROVIDER *prov, void *unused)
@@ -254,7 +252,7 @@ static void *construct_decoder(const OSSL_ALGORITHM *algodef,
void *method = NULL;
if (id != 0)
- method = decoder_from_dispatch(id, algodef, prov);
+ method = ossl_decoder_from_dispatch(id, algodef, prov);
return method;
}
@@ -407,8 +405,7 @@ static void decoder_do_one(OSSL_PROVIDER *provider,
void *method = NULL;
if (id != 0)
- method =
- decoder_from_dispatch(id, algodef, provider);
+ method = ossl_decoder_from_dispatch(id, algodef, provider);
if (method != NULL) {
data->user_fn(method, data->user_arg);
@@ -514,10 +511,11 @@ int OSSL_DECODER_CTX_set_params(OSSL_DECODER_CTX *ctx,
OSSL_DECODER_INSTANCE *decoder_inst =
sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i);
- if (decoder_inst->deserctx == NULL
+ if (decoder_inst->decoderctx == NULL
|| decoder_inst->decoder->set_ctx_params == NULL)
continue;
- if (!decoder_inst->decoder->set_ctx_params(decoder_inst->deserctx, params))
+ if (!decoder_inst->decoder->set_ctx_params(decoder_inst->decoderctx,
+ params))
return 0;
}
return 1;
@@ -528,8 +526,8 @@ OSSL_DECODER_INSTANCE_free(OSSL_DECODER_INSTANCE *decoder_inst)
{
if (decoder_inst != NULL) {
if (decoder_inst->decoder->freectx != NULL)
- decoder_inst->decoder->freectx(decoder_inst->deserctx);
- decoder_inst->deserctx = NULL;
+ decoder_inst->decoder->freectx(decoder_inst->decoderctx);
+ decoder_inst->decoderctx = NULL;
OSSL_DECODER_free(decoder_inst->decoder);
decoder_inst->decoder = NULL;
OPENSSL_free(decoder_inst);
diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c
index 0bb548abce..64ea4e2c3f 100644
--- a/crypto/encode_decode/decoder_pkey.c
+++ b/crypto/encode_decode/decoder_pkey.c
@@ -14,6 +14,7 @@
#include <openssl/decoder.h>
#include <openssl/safestack.h>
#include "crypto/evp.h"
+#include "crypto/decoder.h"
#include "encoder_local.h"
int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx,
@@ -63,7 +64,7 @@ static int decoder_construct_EVP_PKEY(OSSL_DECODER_INSTANCE *decoder_inst,
struct decoder_EVP_PKEY_data_st *data = construct_data;
OSSL_DECODER *decoder =
OSSL_DECODER_INSTANCE_decoder(decoder_inst);
- void *deserctx = OSSL_DECODER_INSTANCE_decoder_ctx(decoder_inst);
+ void *decoderctx = OSSL_DECODER_INSTANCE_decoder_ctx(decoder_inst);
size_t i, end_i;
/*
* |object_ref| points to a provider reference to an object, its exact
@@ -150,7 +151,8 @@ static int decoder_construct_EVP_PKEY(OSSL_DECODER_INSTANCE *decoder_inst,
* No need to check for errors here, the value of
* |import_data.keydata| is as much an indicator.
*/
- (void)decoder->export_object(deserctx, object_ref, object_ref_sz,
+ (void)decoder->export_object(decoderctx,
+ object_ref, object_ref_sz,
&evp_keymgmt_util_try_import,
&import_data);
keydata = import_data.keydata;
@@ -253,17 +255,16 @@ static void collect_decoder(OSSL_DECODER *decoder, void *arg)
data->error_occured = 0; /* All is good now */
}
-OSSL_DECODER_CTX *OSSL_DECODER_CTX_new_by_EVP_PKEY(EVP_PKEY **pkey,
- const char *input_type,
- OPENSSL_CTX *libctx,
- const char *propquery)
+int ossl_decoder_ctx_setup_for_EVP_PKEY(OSSL_DECODER_CTX *ctx,
+ EVP_PKEY **pkey,
+ OPENSSL_CTX *libctx,
+ const char *propquery)
{
- OSSL_DECODER_CTX *ctx = NULL;
struct collected_data_st *data = NULL;
size_t i, end_i;
+ int ok = 0;
- if ((ctx = OSSL_DECODER_CTX_new()) == NULL
- || (data = OPENSSL_zalloc(sizeof(*data))) == NULL
+ if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL
|| (data->process_data =
OPENSSL_zalloc(sizeof(*data->process_data))) == NULL
|| (data->process_data->keymgmts
@@ -274,7 +275,6 @@ OSSL_DECODER_CTX *OSSL_DECODER_CTX_new_by_EVP_PKEY(EVP_PKEY **pkey,
}
data->process_data->object = (void **)pkey;
data->ctx = ctx;
- OSSL_DECODER_CTX_set_input_type(ctx, input_type);
/* First, find all keymgmts to form goals */
EVP_KEYMGMT_do_all_provided(libctx, collect_keymgmt, data);
@@ -307,9 +307,6 @@ OSSL_DECODER_CTX *OSSL_DECODER_CTX_new_by_EVP_PKEY(EVP_PKEY **pkey,
if (OSSL_DECODER_CTX_num_decoders(ctx) == 0)
goto err;
- /* Finally, collect extra decoders based on what we already have */
- (void)OSSL_DECODER_CTX_add_extra(ctx, libctx, propquery);
-
if (!OSSL_DECODER_CTX_set_construct(ctx, decoder_construct_EVP_PKEY)
|| !OSSL_DECODER_CTX_set_construct_data(ctx, data->process_data)
|| !OSSL_DECODER_CTX_set_cleanup(ctx,
@@ -317,11 +314,32 @@ OSSL_DECODER_CTX *OSSL_DECODER_CTX_new_by_EVP_PKEY(EVP_PKEY **pkey,
goto err;
data->process_data = NULL;
+ ok = 1;
err:
if (data != NULL) {
decoder_clean_EVP_PKEY_construct_arg(data->process_data);
sk_OPENSSL_CSTRING_free(data->names);
OPENSSL_free(data);
}
- return ctx;
+ return ok;
+}
+
+OSSL_DECODER_CTX *OSSL_DECODER_CTX_new_by_EVP_PKEY(EVP_PKEY **pkey,
+ const char *input_type,
+ OPENSSL_CTX *libctx,
+ const char *propquery)
+{
+ OSSL_DECODER_CTX *ctx = NULL;
+
+ if ((ctx = OSSL_DECODER_CTX_new()) == NULL) {
+ ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ if (OSSL_DECODER_CTX_set_input_type(ctx, input_type)
+ && ossl_decoder_ctx_setup_for_EVP_PKEY(ctx, pkey, libctx, propquery)
+ && OSSL_DECODER_CTX_add_extra(ctx, libctx, propquery))
+ return ctx;
+
+ OSSL_DECODER_CTX_free(ctx);
+ return NULL;
}
diff --git a/crypto/encode_decode/encoder_local.h b/crypto/encode_decode/encoder_local.h
index 749b2688e4..e707be19ff 100644
--- a/crypto/encode_decode/encoder_local.h
+++ b/crypto/encode_decode/encoder_local.h
@@ -16,7 +16,7 @@
#include "internal/passphrase.h"
#include "internal/refcount.h"
-struct ossl_serdes_base_st {
+struct ossl_endecode_base_st {
OSSL_PROVIDER *prov;
int id;
const char *propdef;
@@ -26,7 +26,7 @@ struct ossl_serdes_base_st {
};
struct ossl_encoder_st {
- struct ossl_serdes_base_st base;
+ struct ossl_endecode_base_st base;
OSSL_FUNC_encoder_newctx_fn *newctx;
OSSL_FUNC_encoder_freectx_fn *freectx;
OSSL_FUNC_encoder_set_ctx_params_fn *set_ctx_params;
@@ -36,7 +36,7 @@ struct ossl_encoder_st {
};
struct ossl_decoder_st {
- struct ossl_serdes_base_st base;
+ struct ossl_endecode_base_st base;
OSSL_FUNC_decoder_newctx_fn *newctx;
OSSL_FUNC_decoder_freectx_fn *freectx;
OSSL_FUNC_decoder_get_params_fn *get_params;
@@ -49,7 +49,7 @@ struct ossl_decoder_st {
struct ossl_encoder_ctx_st {
OSSL_ENCODER *encoder;
- void *serctx;
+ void *encoderctx;
int selection;
@@ -69,8 +69,8 @@ struct ossl_encoder_ctx_st {
};
struct ossl_decoder_instance_st {
- OSSL_DECODER *decoder; /* Never NULL */
- void *deserctx; /* Never NULL */
+ OSSL_DECODER *decoder; /* Never NULL */
+ void *decoderctx; /* Never NULL */
const char *input_type; /* Never NULL */
};
diff --git a/crypto/encode_decode/encoder_meth.c b/crypto/encode_decode/encoder_meth.c
index 81bc5c47b9..62342f511a 100644
--- a/crypto/encode_decode/encoder_meth.c
+++ b/crypto/encode_decode/encoder_meth.c
@@ -475,7 +475,7 @@ OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new(OSSL_ENCODER *encoder)
void *provctx = ossl_provider_ctx(prov);
if (OSSL_ENCODER_up_ref(encoder)) {
- ctx->serctx = encoder->newctx(provctx);
+ ctx->encoderctx = encoder->newctx(provctx);
} else {
OSSL_ENCODER_free(encoder);
OPENSSL_free(ctx);
@@ -507,7 +507,7 @@ int OSSL_ENCODER_CTX_set_params(OSSL_ENCODER_CTX *ctx,
}
if (ctx->encoder != NULL && ctx->encoder->set_ctx_params != NULL)
- return ctx->encoder->set_ctx_params(ctx->serctx, params);
+ return ctx->encoder->set_ctx_params(ctx->encoderctx, params);
return 0;
}
@@ -515,7 +515,7 @@ void OSSL_ENCODER_CTX_free(OSSL_ENCODER_CTX *ctx)
{
if (ctx != NULL) {
if (ctx->encoder != NULL && ctx->encoder->freectx != NULL)
- ctx->encoder->freectx(ctx->serctx);
+ ctx->encoder->freectx(ctx->encoderctx);
OSSL_ENCODER_free(ctx->encoder);
ossl_pw_clear_passphrase_data(&ctx->pwdata);
OPENSSL_free(ctx);
diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c
index 6664f589b4..176f4fab95 100644
--- a/crypto/encode_decode/encoder_pkey.c
+++ b/crypto/encode_decode/encoder_pkey.c
@@ -96,7 +96,8 @@ static int encoder_write_cb(const OSSL_PARAM params[], void *arg)
OSSL_ENCODER_CTX *ctx = write_data->ctx;
BIO *out = write_data->out;
- return ctx->encoder->encode_data(ctx->serctx, params, (OSSL_CORE_BIO *)out,
+ return ctx->encoder->encode_data(ctx->encoderctx, params,
+ (OSSL_CORE_BIO *)out,
ossl_pw_passphrase_callback_enc,
&ctx->pwdata);
}
@@ -135,7 +136,7 @@ static int encoder_EVP_PKEY_to_bio(OSSL_ENCODER_CTX *ctx, BIO *out)
&encoder_write_cb, &write_data);
}
- return ctx->encoder->encode_object(ctx->serctx, keydata,
+ return ctx->encoder->encode_object(ctx->encoderctx, keydata,
(OSSL_CORE_BIO *)out,
ossl_pw_passphrase_callback_enc,
&ctx->pwdata);
@@ -172,8 +173,8 @@ OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new_by_EVP_PKEY(const EVP_PKEY *pkey,
* Select the encoder in two steps. First, get the names of all of
* the encoders. Then determine which is the best one to use.
* This has to be broken because it isn't possible to fetch the
- * serialisers inside EVP_KEYMGMT_names_do_all() due to locking
- * order inversions with the store lock.
+ * encoders inside EVP_KEYMGMT_names_do_all() due to locking order
+ * inversions with the store lock.
*/
sel_data.error = 0;
sel_data.names = sk_OPENSSL_CSTRING_new_null();
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 643bf6b278..592fb6b50a 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2936,12 +2936,15 @@ PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:178:\
PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small
PROV_R_PARENT_LOCKING_NOT_ENABLED:182:parent locking not enabled
PROV_R_PARENT_STRENGTH_TOO_WEAK:194:parent strength too weak
+PROV_R_PATH_MUST_BE_ABSOLUTE:219:path must be absolute
PROV_R_PERSONALISATION_STRING_TOO_LONG:195:personalisation string too long
PROV_R_PSS_SALTLEN_TOO_SMALL:172:pss saltlen too small
PROV_R_READ_KEY:159:read key
PROV_R_REQUEST_TOO_LARGE_FOR_DRBG:196:request too large for drbg
PROV_R_REQUIRE_CTR_MODE_CIPHER:206:require ctr mode cipher
PROV_R_RESEED_ERROR:197:reseed error
+PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES:222:\
+ search only supported for directories
PROV_R_SELF_TEST_KAT_FAILURE:215:self test kat failure
PROV_R_SELF_TEST_POST_FAILURE:216:self test post failure
PROV_R_TAG_NOTSET:119:tag notset
@@ -2963,6 +2966,7 @@ PROV_R_UNSUPPORTED_CEK_ALG:145:unsupported cek alg
PROV_R_UNSUPPORTED_KEY_SIZE:153:unsupported key size
PROV_R_UNSUPPORTED_MAC_TYPE:137:unsupported mac type
PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS:152:unsupported number of rounds
+PROV_R_URI_AUTHORITY_UNSUPPORTED:223:uri authority unsupported
PROV_R_VALUE_ERROR:138:value error
PROV_R_WRONG_FINAL_BLOCK_LENGTH:107:wrong final block length
PROV_R_WRONG_OUTPUT_BUFFER_SIZE:139:wrong output buffer size
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index cfe0544ed6..d435c86087 100644
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -18,8 +18,8 @@
/* Extract a private key from a PKCS8 structure */
-EVP_PKEY *evp_pkcs82pkey_int(const PKCS8_PRIV_KEY_INFO *p8, OPENSSL_CTX *libctx,
- const char *propq)
+EVP_PKEY *EVP_PKCS82PKEY_with_libctx(const PKCS8_PRIV_KEY_INFO *p8,
+ OPENSSL_CTX *libctx, const char *propq)
{
EVP_PKEY *pkey = NULL;
const ASN1_OBJECT *algoid;
@@ -64,7 +64,7 @@ EVP_PKEY *evp_pkcs82pkey_int(const PKCS8_PRIV_KEY_INFO *p8, OPENSSL_CTX *libctx,
EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8)
{
- return evp_pkcs82pkey_int(p8, NULL, NULL);
+ return EVP_PKCS82PKEY_with_libctx(p8, NULL, NULL);
}
/* Turn a private key into a PKCS8 structure */
@@ -77,6 +77,11 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey)
return NULL;
}
+ /* Force a key downgrade if that's possible */
+ /* TODO(3.0) Is there a better way for provider-native keys? */
+ if (EVP_PKEY_get0(pkey) == NULL)
+ return NULL;
+
if (pkey->ameth) {
if (pkey->ameth->priv_encode) {
if (!pkey->ameth->priv_encode(p8, pkey)) {
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 16c674d920..fd2a6c5abc 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -381,10 +381,8 @@ static EVP_PKEY *new_raw_key_int(OPENSSL_CTX *libctx,
strtype != NULL ? strtype
: OBJ_nid2sn(nidtype),
propq);
- if (ctx == NULL) {
- EVPerr(0, ERR_R_MALLOC_FAILURE);
+ if (ctx == NULL)
goto err;
- }
/* May fail if no provider available */
ERR_set_mark();
if (EVP_PKEY_key_fromdata_init(ctx) == 1) {
diff --git a/crypto/init.c b/crypto/init.c
index 34dd724bc5..fec178c389 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -412,8 +412,11 @@ void OPENSSL_cleanup(void)
OSSL_TRACE(INIT, "OPENSSL_cleanup: engine_cleanup_int()\n");
engine_cleanup_int();
#endif
+
+#ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_store_cleanup_int()\n");
ossl_store_cleanup_int();
+#endif
OSSL_TRACE(INIT, "OPENSSL_cleanup: openssl_ctx_default_deinit()\n");
openssl_ctx_default_deinit();
diff --git a/crypto/passphrase.c b/crypto/passphrase.c
index ac352697db..170374f9d9 100644
--- a/crypto/passphrase.c
+++ b/crypto/passphrase.c
@@ -273,7 +273,8 @@ int ossl_pw_get_passphrase(char *pass, size_t pass_size, size_t *pass_len,
do_cache:
if (ret && data->flag_cache_passphrase) {
- if (*pass_len > data->cached_passphrase_len) {
+ if (data->cached_passphrase == NULL
+ || *pass_len > data->cached_passphrase_len) {
void *new_cache =
OPENSSL_clear_realloc(data->cached_passphrase,
data->cached_passphrase_len,
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 8aee82ea80..8b9bfe101e 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -7,6 +7,9 @@
* https://www.openssl.org/source/license.html
*/
+/* We need to use some STORE deprecated APIs */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
@@ -58,11 +61,13 @@ static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x,
NULL, NULL)) == NULL)
goto err;
#ifndef OPENSSL_NO_SECURE_HEAP
- if (try_secure) {
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+ if (try_secure) {
int on = 1;
if (!OSSL_STORE_ctrl(ctx, OSSL_STORE_C_USE_SECMEM, &on))
goto err;
}
+# endif
#endif
while (!OSSL_STORE_eof(ctx)
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index 797d1d2c25..d891ca22e8 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -319,6 +319,17 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
ASN1_INTEGER_dup(X509_get0_serialNumber(x509))))
goto err;
+ /*
+ * TODO(3.0) Adapt for provider-native keys
+ * Meanwhile, we downgrade the key.
+ * #legacy
+ */
+ if (!evp_pkey_downgrade(pkey)) {
+ PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
+ PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+ goto err;
+ }
+
/* lets keep the pkey around for a while */
EVP_PKEY_up_ref(pkey);
p7i->pkey = pkey;
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index f282071e2d..754f6df1a4 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -1094,6 +1094,7 @@ static const OSSL_DISPATCH core_dispatch_[] = {
{ OSSL_FUNC_BIO_WRITE_EX, (void (*)(void))BIO_write_ex },
{ OSSL_FUNC_BIO_GETS, (void (*)(void))BIO_gets },
{ OSSL_FUNC_BIO_PUTS, (void (*)(void))BIO_puts },
+ { OSSL_FUNC_BIO_CTRL, (void (*)(void))BIO_ctrl },
{ OSSL_FUNC_BIO_FREE, (void (*)(void))BIO_free },
{ OSSL_FUNC_BIO_VPRINTF, (void (*)(void))BIO_vprintf },
{ OSSL_FUNC_BIO_VSNPRINTF, (void (*)(void))BIO_vsnprintf },
diff --git a/crypto/store/build.info b/crypto/store/build.info
index 33b59f0fae..43d9e544a0 100644
--- a/crypto/store/build.info
+++ b/crypto/store/build.info
@@ -1,4 +1,7 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
- store_err.c store_lib.c store_result.c store_strings.c store_meth.c \
- store_init.c store_register.c loader_file.c
+ store_err.c store_lib.c store_result.c store_strings.c store_meth.c
+
+IF[{- !$disabled{'deprecated-3.0'} -}]
+ SOURCE[../../libcrypto]=store_init.c store_register.c
+ENDIF
diff --git a/crypto/store/store_init.c b/crypto/store/store_init.c
index b87730736d..4d434eb57b 100644
--- a/crypto/store/store_init.c
+++ b/crypto/store/store_init.c
@@ -14,8 +14,7 @@
static CRYPTO_ONCE store_init = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(do_store_init)
{
- return OPENSSL_init_crypto(0, NULL)
- && ossl_store_file_loader_init();
+ return OPENSSL_init_crypto(0, NULL);
}
int ossl_store_init_once(void)
diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index d0fdb38cd8..89efe691da 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -11,6 +11,9 @@
#include <string.h>
#include <assert.h>
+/* We need to use some STORE deprecated APIs */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include "e_os.h"
#include <openssl/crypto.h>
@@ -80,6 +83,7 @@ OSSL_STORE_open_with_libctx(const char *uri,
*/
for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
OSSL_TRACE1(STORE, "Looking up scheme %s\n", schemes[i]);
+#ifndef OPENSSL_NO_DEPRECATED_3_0
if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL) {
if (loader->open_with_libctx != NULL)
loader_ctx = loader->open_with_libctx(loader, uri, libctx, propq,
@@ -87,6 +91,7 @@ OSSL_STORE_open_with_libctx(const char *uri,
else
loader_ctx = loader->open(loader, uri, ui_method, ui_data);
}
+#endif
if (loader == NULL
&& (fetched_loader =
OSSL_STORE_LOADER_fetch(schemes[i], libctx, propq)) != NULL) {
@@ -186,6 +191,7 @@ OSSL_STORE_CTX *OSSL_STORE_open(const char *uri,
post_process, post_process_data);
}
+#ifndef OPENSSL_NO_DEPRECATED_3_0
int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
{
va_list args;
@@ -229,6 +235,7 @@ int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
*/
return 1;
}
+#endif
int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
{
@@ -333,12 +340,14 @@ int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search)
OPENSSL_free(name_der);
BN_free(number);
} else {
+#ifndef OPENSSL_NO_DEPRECATED_3_0
/* legacy loader section */
if (ctx->loader->find == NULL) {
ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
return 0;
}
ret = ctx->loader->find(ctx->loader_ctx, search);
+#endif
}
return ret;
@@ -382,10 +391,12 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
}
v = load_data.v;
}
+#ifndef OPENSSL_NO_DEPRECATED_3_0
if (ctx->fetched_loader == NULL)
v = ctx->loader->load(ctx->loader_ctx,
ctx->pwdata._.ui_method.ui_method,
ctx->pwdata._.ui_method.ui_method_data);
+#endif
}
if (ctx->post_process != NULL && v != NULL) {
@@ -424,8 +435,10 @@ int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
if (ctx->fetched_loader != NULL)
ret = ctx->error_flag;
+#ifndef OPENSSL_NO_DEPRECATED_3_0
if (ctx->fetched_loader == NULL)
ret = ctx->loader->error(ctx->loader_ctx);
+#endif
return ret;
}
@@ -435,8 +448,10 @@ int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
if (ctx->fetched_loader != NULL)
ret = ctx->loader->p_eof(ctx->loader_ctx);
+#ifndef OPENSSL_NO_DEPRECATED_3_0
if (ctx->fetched_loader == NULL)
ret = ctx->loader->eof(ctx->loader_ctx);
+#endif
return ret;
}
@@ -450,12 +465,15 @@ static int ossl_store_close_it(OSSL_STORE_CTX *ctx)
if (ctx->fetched_loader != NULL)
ret = ctx->loader->p_close(ctx->loader_ctx);
+#ifndef OPENSSL_NO_DEPRECATED_3_0
if (ctx->fetched_loader == NULL)
ret = ctx->loader->close(ctx->loader_ctx);
+#endif
sk_OSSL_STORE_INFO_pop_free(ctx->cached_info, OSSL_STORE_INFO_free);
OSSL_STORE_LOADER_free(ctx->fetched_loader);
OPENSSL_free(ctx->properties);
+ ossl_pw_clear_passphrase_data(&ctx->pwdata);
return ret;
}
@@ -474,7 +492,7 @@ int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
* In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
* and will therefore be freed when the OSSL_STORE_INFO is freed.
*/
-static OSSL_STORE_INFO *store_info_new(int type, void *data)
+OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data)
{
OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
@@ -488,7 +506,7 @@ static OSSL_STORE_INFO *store_info_new(int type, void *data)
OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
{
- OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL);
+ OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_NAME, NULL);
if (info == NULL) {
ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
@@ -514,7 +532,7 @@ int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
}
OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
{
- OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params);
+ OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PARAMS, params);
if (info == NULL)
ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
@@ -523,7 +541,7 @@ OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pkey)
{
- OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PUBKEY, pkey);
+ OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PUBKEY, pkey);
if (info == NULL)
ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
@@ -532,7 +550,7 @@ OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pkey)
OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
{
- OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey);
+ OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PKEY, pkey);
if (info == NULL)
ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
@@ -541,7 +559,7 @@ OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
{
- OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509);
+ OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CERT, x509);
if (info == NULL)
ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
@@ -550,7 +568,7 @@ OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
{
- OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl);
+ OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CRL, crl);
if (info == NULL)
ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
@@ -565,6 +583,13 @@ int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
return info->type;
}
+void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info)
+{
+ if (info->type == type)
+ return info->_.data;
+ return NULL;
+}
+
const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
{
if (info->type == OSSL_STORE_INFO_NAME)
@@ -698,10 +723,6 @@ void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
{
if (info != NULL) {
switch (info->type) {
- case OSSL_STORE_INFO_EMBEDDED:
- BUF_MEM_free(info->_.embedded.blob);
- OPENSSL_free(info->_.embedded.pem_name);
- break;
case OSSL_STORE_INFO_NAME:
OPENSSL_free(info->_.name.name);
OPENSSL_free(info->_.name.desc);
@@ -766,6 +787,7 @@ int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
break;
}
}
+#ifndef OPENSSL_NO_DEPRECATED_3_0
if (ctx->fetched_loader == NULL) {
OSSL_STORE_SEARCH tmp_search;
@@ -774,6 +796,7 @@ int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
tmp_search.search_type = search_type;
ret = ctx->loader->find(NULL, &tmp_search);
}
+#endif
return ret;
}
@@ -889,44 +912,6 @@ const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
return criterion->digest;
}
-/* Internal functions */
-OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
- BUF_MEM *embedded)
-{
- OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL);
-
- if (info == NULL) {
- ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- info->_.embedded.blob = embedded;
- info->_.embedded.pem_name =
- new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name);
-
- if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) {
- ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
- OSSL_STORE_INFO_free(info);
- info = NULL;
- }
-
- return info;
-}
-
-BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info)
-{
- if (info->type == OSSL_STORE_INFO_EMBEDDED)
- return info->_.embedded.blob;
- return NULL;
-}
-
-char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info)
-{
- if (info->type == OSSL_STORE_INFO_EMBEDDED)
- return info->_.embedded.pem_name;
- return NULL;
-}
-
OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
OPENSSL_CTX *libctx, const char *propq,
const UI_METHOD *ui_method, void *ui_data,
@@ -942,9 +927,11 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
scheme = "file";
OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme);
+#ifndef OPENSSL_NO_DEPRECATED_3_0
if ((loader = ossl_store_get0_loader_int(scheme)) != NULL)
loader_ctx = loader->attach(loader, bp, libctx, propq,
ui_method, ui_data);
+#endif
if (loader == NULL
&& (fetched_loader =
OSSL_STORE_LOADER_fetch(scheme, libctx, propq)) != NULL) {
diff --git a/crypto/store/store_local.h b/crypto/store/store_local.h
index 619e547aae..ef9815fa69 100644
--- a/crypto/store/store_local.h
+++ b/crypto/store/store_local.h
@@ -28,11 +28,6 @@ struct ossl_store_info_st {
union {
void *data; /* used internally as generic pointer */
- struct {
- BUF_MEM *blob;
- char *pem_name;
- } embedded; /* when type == OSSL_STORE_INFO_EMBEDDED */
-
struct {
char *name;
char *desc;
@@ -45,26 +40,8 @@ struct ossl_store_info_st {
X509_CRL *crl; /* when type == OSSL_STORE_INFO_CRL */
} _;
};
-
DEFINE_STACK_OF(OSSL_STORE_INFO)
-/*
- * EMBEDDED is a special type of OSSL_STORE_INFO, specially for the file
- * handlers. It should never reach a calling application or any engine.
- * However, it can be used by a FILE_HANDLER's try_decode function to signal
- * that it has decoded the incoming blob into a new blob, and that the
- * attempted decoding should be immediately restarted with the new blob, using
- * the new PEM name.
- */
-/*
- * Because this is an internal type, we don't make it public.
- */
-#define OSSL_STORE_INFO_EMBEDDED -1
-OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
- BUF_MEM *embedded);
-BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info);
-char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info);
-
/*-
* OSSL_STORE_SEARCH stuff
* -----------------------
@@ -103,6 +80,7 @@ OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme);
/* loader stuff */
struct ossl_store_loader_st {
+#ifndef OPENSSL_NO_DEPRECATED_3_0
/* Legacy stuff */
const char *scheme;
ENGINE *engine;
@@ -116,6 +94,7 @@ struct ossl_store_loader_st {
OSSL_STORE_error_fn error;
OSSL_STORE_close_fn close;
OSSL_STORE_open_with_libctx_fn open_with_libctx;
+#endif
/* Provider stuff */
OSSL_PROVIDER *prov;
@@ -139,6 +118,11 @@ DEFINE_LHASH_OF(OSSL_STORE_LOADER);
const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme);
void ossl_store_destroy_loaders_int(void);
+#ifdef OPENSSL_NO_DEPRECATED_3_0
+/* struct ossl_store_loader_ctx_st is defined differently by each loader */
+typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX;
+#endif
+
/*-
* OSSL_STORE_CTX stuff
* ---------------------
@@ -174,7 +158,6 @@ struct ossl_store_ctx_st {
*/
int ossl_store_init_once(void);
-int ossl_store_file_loader_init(void);
/*-
* 'file' scheme stuff
diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index 74aeaf543b..47dd21acb9 100644
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -83,6 +83,23 @@ static int try_crl(struct extracted_param_data_st *, OSSL_STORE_INFO **,
static int try_pkcs12(struct extracted_param_data_st *, OSSL_STORE_INFO **,
OSSL_STORE_CTX *, OPENSSL_CTX *, const char *);
+#define SET_ERR_MARK() ERR_set_mark()
+#define CLEAR_ERR_MARK() \
+ do { \
+ int err = ERR_peek_last_error(); \
+ \
+ if (ERR_GET_LIB(err) == ERR_LIB_ASN1 \
+ && ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR) \
+ ERR_pop_to_mark(); \
+ else \
+ ERR_clear_last_mark(); \
+ } while(0)
+#define RESET_ERR_MARK() \
+ do { \
+ CLEAR_ERR_MARK(); \
+ SET_ERR_MARK(); \
+ } while(0)
+
int ossl_store_handle_load_result(const OSSL_PARAM params[], void *arg)
{
struct ossl_load_result_data_st *cbdata = arg;
@@ -123,14 +140,26 @@ int ossl_store_handle_load_result(const OSSL_PARAM params[], void *arg)
* The helper functions return 0 on actual errors, otherwise 1, even if
* they didn't fill out |*v|.
*/
- if (!try_name(&helper_data, v)
- || !try_key(&helper_data, v, ctx, provider, libctx, propq)
- || !try_cert(&helper_data, v, libctx, propq)
- || !try_crl(&helper_data, v, libctx, propq)
- || !try_pkcs12(&helper_data, v, ctx, libctx, propq))
- return 0;
+ SET_ERR_MARK();
+ if (!try_name(&helper_data, v))
+ goto err;
+ RESET_ERR_MARK();
+ if (!try_key(&helper_data, v, ctx, provider, libctx, propq))
+ goto err;
+ RESET_ERR_MARK();
+ if (!try_cert(&helper_data, v, libctx, propq))
+ goto err;
+ RESET_ERR_MARK();
+ if (!try_crl(&helper_data, v, libctx, propq))
+ goto err;
+ RESET_ERR_MARK();
+ if (!try_pkcs12(&helper_data, v, ctx, libctx, propq))
+ goto err;
+ CLEAR_ERR_MARK();
return (*v != NULL);
+ err:
+ return 0;
}
static int try_name(struct extracted_param_data_st *data, OSSL_STORE_INFO **v)
@@ -302,7 +331,7 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data,
derp = der;
p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, der_len);
if (p8info != NULL) {
- pk = evp_pkcs82pkey_int(p8info, libctx, propq);
+ pk = EVP_PKCS82PKEY_with_libctx(p8info, libctx, propq);
PKCS8_PRIV_KEY_INFO_free(p8info);
}
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index a8ad292074..3e7dc42ef1 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -23,7 +23,7 @@
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/x509v3.h>
-#include "crypto/asn1.h"
+#include "internal/asn1.h"
#include "crypto/pkcs7.h"
#include "crypto/x509.h"
diff --git a/doc/man3/OSSL_STORE_INFO.pod b/doc/man3/OSSL_STORE_INFO.pod
index bc965a77bd..8c811ec1f3 100644
--- a/doc/man3/OSSL_STORE_INFO.pod
+++ b/doc/man3/OSSL_STORE_INFO.pod
@@ -12,7 +12,8 @@ OSSL_STORE_INFO_get1_PKEY, OSSL_STORE_INFO_get1_CERT, OSSL_STORE_INFO_get1_CRL,
OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free,
OSSL_STORE_INFO_new_NAME, OSSL_STORE_INFO_set0_NAME_description,
OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PUBKEY,
-OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, OSSL_STORE_INFO_new_CRL
+OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, OSSL_STORE_INFO_new_CRL,
+OSSL_STORE_INFO_new, OSSL_STORE_INFO_get0_data
- Functions to manipulate OSSL_STORE_INFO objects
=head1 SYNOPSIS
@@ -50,6 +51,9 @@ OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, OSSL_STORE_INFO_new_CRL
OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509);
OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl);
+ OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data);
+ void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info);
+
=head1 DESCRIPTION
These functions are primarily useful for applications to retrieve
@@ -110,6 +114,19 @@ description.
This description is meant to be human readable and should be used for
information printout.
+OSSL_STORE_INFO_new() creates a B<OSSL_STORE_INFO> with an arbitrary I<type>
+number and I<data> structure. It's the responsibility of the caller to
+define type numbers other than the ones defined by F<< <openssl/store.h> >>,
+and to handle freeing the associated data structure on their own.
+I<Using type numbers that are defined by F<< <openssl/store.h> >> may cause
+undefined behaviours, including crashes>.
+
+OSSL_STORE_INFO_get0_data() returns the data pointer that was passed to
+OSSL_STORE_INFO_new() if I<type> matches the type number in I<info>.
+
+OSSL_STORE_INFO_new() and OSSL_STORE_INFO_get0_data() may be useful for
+applications that define their own STORE data, but must be used with care.
+
=head1 SUPPORTED OBJECTS
Currently supported object types are:
@@ -177,13 +194,13 @@ OSSL_STORE_INFO_get1_PARAMS(), OSSL_STORE_INFO_get1_PKEY(),
OSSL_STORE_INFO_get1_CERT() and OSSL_STORE_INFO_get1_CRL() all return
a pointer to a duplicate of the OpenSSL object on success, NULL otherwise.
-OSSL_STORE_INFO_type_string() returns a string on success, or B<NULL> on
+OSSL_STORE_INFO_type_string() returns a string on success, or NULL on
failure.
OSSL_STORE_INFO_new_NAME(), OSSL_STORE_INFO_new_PARAMS(),
OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and
OSSL_STORE_INFO_new_CRL() return a B<OSSL_STORE_INFO>
-pointer on success, or B<NULL> on failure.
+pointer on success, or NULL on failure.
OSSL_STORE_INFO_set0_NAME_description() returns 1 on success, or 0 on
failure.
diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod
index 4e25f79f9e..12e3748c47 100644
--- a/doc/man3/OSSL_STORE_LOADER.pod
+++ b/doc/man3/OSSL_STORE_LOADER.pod
@@ -52,8 +52,9 @@ unregister STORE loaders for different URI schemes
void (*fn)(const char *name, void *data),
void *data);
-Legacy functions, still present to support B<OSSL_STORE_LOADER>s provided
-by B<ENGINE>:
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme);
const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER
@@ -146,11 +147,11 @@ I<data> as arguments.
OSSL_STORE_LOADER_names_do_all() traverses all names for the given
I<loader>, and calls I<fn> with each name and I<data>.
-=head2 Legacy Types and Functions
+=head2 Legacy Types and Functions (deprecated)
These functions help applications and engines to create loaders for
-schemes they support. These are all discouraged in favour of provider
-implementations, see L<provider-storemgmt(7)>.
+schemes they support. These are all deprecated and discouraged in favour of
+provider implementations, see L<provider-storemgmt(7)>.
B<OSSL_STORE_LOADER_CTX> is a type template, to be defined by each loader
using C<struct ossl_store_loader_ctx_st { ... }>.
@@ -366,7 +367,7 @@ OSSL_STORE_LOADER_set_eof(), OSSL_STORE_LOADER_set_close(),
OSSL_STORE_LOADER_free(), OSSL_STORE_register_loader(),
OSSL_STORE_unregister_loader(), OSSL_STORE_open_fn(), OSSL_STORE_ctrl_fn(),
OSSL_STORE_load_fn(), OSSL_STORE_eof_fn() and OSSL_STORE_close_fn()
-were added in OpenSSL 1.1.1.
+were added in OpenSSL 1.1.1, and became deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
diff --git a/doc/man3/OSSL_STORE_SEARCH.pod b/doc/man3/OSSL_STORE_SEARCH.pod
index 7dc84227f9..82ff05f9ef 100644
--- a/doc/man3/OSSL_STORE_SEARCH.pod
+++ b/doc/man3/OSSL_STORE_SEARCH.pod
@@ -139,27 +139,27 @@ OSSL_STORE_SEARCH_by_name(),
OSSL_STORE_SEARCH_by_issuer_serial(),
OSSL_STORE_SEARCH_by_key_fingerprint(),
and OSSL_STORE_SEARCH_by_alias()
-return a B<OSSL_STORE_SEARCH> pointer on success, or B<NULL> on failure.
+return a B<OSSL_STORE_SEARCH> pointer on success, or NULL on failure.
OSSL_STORE_SEARCH_get_type() returns the criterion type of the given
B<OSSL_STORE_SEARCH>.
There is no error value.
OSSL_STORE_SEARCH_get0_name() returns a B<X509_NAME> pointer on success,
-or B<NULL> when the given B<OSSL_STORE_SEARCH> was of a different type.
+or NULL when the given B<OSSL_STORE_SEARCH> was of a different type.
OSSL_STORE_SEARCH_get0_serial() returns a B<ASN1_INTEGER> pointer on success,
-or B<NULL> when the given B<OSSL_STORE_SEARCH> was of a different type.
+or NULL when the given B<OSSL_STORE_SEARCH> was of a different type.
OSSL_STORE_SEARCH_get0_bytes() returns a B<const unsigned char> pointer and
-sets B<*length> to the strings length on success, or B<NULL> when the given
+sets I<*length> to the strings length on success, or NULL when the given
B<OSSL_STORE_SEARCH> was of a different type.
OSSL_STORE_SEARCH_get0_string() returns a B<const char> pointer on success,
-or B<NULL> when the given B<OSSL_STORE_SEARCH> was of a different type.
+or NULL when the given B<OSSL_STORE_SEARCH> was of a different type.
OSSL_STORE_SEARCH_get0_digest() returns a B<const EVP_MD> pointer.
-B<NULL> is a valid value and means that the store loader default will
+NULL is a valid value and means that the store loader default will
be used when applicable.
=head1 SEE ALSO
diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod
index 0f7bf9c0d3..4269dea20a 100644
--- a/doc/man3/OSSL_STORE_open.pod
+++ b/doc/man3/OSSL_STORE_open.pod
@@ -27,18 +27,23 @@ OSSL_STORE_error, OSSL_STORE_close
const UI_METHOD *ui_method, void *ui_data,
OSSL_STORE_post_process_info_fn post_process,
void *post_process_data);
- int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */);
+
OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
int OSSL_STORE_eof(OSSL_STORE_CTX *ctx);
int OSSL_STORE_error(OSSL_STORE_CTX *ctx);
int OSSL_STORE_close(OSSL_STORE_CTX *ctx);
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
+ int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */);
+
=head1 DESCRIPTION
These functions help the application to fetch supported objects (see
L<OSSL_STORE_INFO(3)/SUPPORTED OBJECTS> for information on which those are)
-from a given URI (see L</SUPPORTED SCHEMES> for more information on
-the supported URI schemes).
+from a given URI.
The general method to do so is to "open" the URI using OSSL_STORE_open(),
read each available and supported object using OSSL_STORE_load() as long as
OSSL_STORE_eof() hasn't been reached, and finish it off with OSSL_STORE_close().
@@ -110,12 +115,6 @@ by OSSL_STORE_open() and frees all other information that was stored in the
B<OSSL_STORE_CTX>, as well as the B<OSSL_STORE_CTX> itself.
If I<ctx> is NULL it does nothing.
-=head1 SUPPORTED SCHEMES
-
-The basic supported scheme is B<file:>.
-Any other scheme can be added dynamically, using
-OSSL_STORE_register_loader().
-
=head1 NOTES
A string without a scheme prefix (that is, a non-URI string) is
@@ -171,6 +170,8 @@ was introduced in OpenSSL 1.1.1h.
OSSL_STORE_open_with_libctx() was added in OpenSSL 3.0.
+OSSL_STORE_ctrl() and OSSL_STORE_vctrl() were deprecated in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/engines/build.info b/engines/build.info
index 3bfe1dc057..4e83dbf9bc 100644
--- a/engines/build.info
+++ b/engines/build.info
@@ -70,7 +70,7 @@ IF[{- !$disabled{"engine"} -}]
ENDIF
ENDIF
- MODULES{noinst,engine}=ossltest dasync
+ MODULES{noinst,engine}=ossltest dasync loader_attic
SOURCE[dasync]=e_dasync.c
DEPEND[dasync]=../libcrypto
INCLUDE[dasync]=../include
@@ -86,6 +86,14 @@ IF[{- !$disabled{"engine"} -}]
SOURCE[ossltest]=ossltest.ld
GENERATE[ossltest.ld]=../util/engines.num
ENDIF
+
+ SOURCE[loader_attic]=e_loader_attic.c
+ DEPEND[loader_attic]=../libcrypto
+ INCLUDE[loader_attic]=../include
+ IF[{- defined $target{shared_defflag} -}]
+ SOURCE[loader_attic]=loader_attic.ld
+ GENERATE[loader_attic.ld]=../util/engines.num
+ ENDIF
ENDIF
GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl
GENERATE[e_padlock-x86_64.s]=asm/e_padlock-x86_64.pl
diff --git a/crypto/store/loader_file.c b/engines/e_loader_attic.c
similarity index 82%
rename from crypto/store/loader_file.c
rename to engines/e_loader_attic.c
index 25ce9ba92e..581bfb0285 100644
--- a/crypto/store/loader_file.c
+++ b/engines/e_loader_attic.c
@@ -7,10 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+/* THIS ENGINE IS FOR TESTING PURPOSES ONLY. */
+
/* We need to use some engine deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED
-#include "e_os.h"
+/* #include "e_os.h" */
#include <string.h>
#include <sys/stat.h>
#include <ctype.h>
@@ -21,25 +23,26 @@
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
-#include "internal/pem.h"
#include <openssl/pkcs12.h> /* For the PKCS8 stuff o.O */
#include <openssl/rsa.h> /* For d2i_RSAPrivateKey */
#include <openssl/safestack.h>
#include <openssl/store.h>
#include <openssl/ui.h>
+#include <openssl/engine.h>
#include <openssl/x509.h> /* For the PKCS8 stuff o.O */
-#include "crypto/asn1.h"
-#include "crypto/ctype.h"
+#include "internal/asn1.h" /* For asn1_d2i_read_bio */
+#include "internal/pem.h" /* For PVK and "blob" PEM headers */
#include "internal/o_dir.h"
#include "internal/cryptlib.h"
-#include "crypto/store.h"
-#include "crypto/evp.h"
-#include "store_local.h"
+
+#include "e_loader_attic_err.c"
DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(OSSL_STORE_INFO)
#ifdef _WIN32
# define stat _stat
+# define strncasecmp _strnicmp
#endif
#ifndef S_ISDIR
@@ -59,7 +62,7 @@ static char *file_get_pass(const UI_METHOD *ui_method, char *pass,
char *prompt = NULL;
if (ui == NULL) {
- OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE);
+ ATTICerr(0, ERR_R_MALLOC_FAILURE);
return NULL;
}
@@ -68,21 +71,20 @@ static char *file_get_pass(const UI_METHOD *ui_method, char *pass,
UI_add_user_data(ui, data);
if ((prompt = UI_construct_prompt(ui, desc, info)) == NULL) {
- OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE);
+ ATTICerr(0, ERR_R_MALLOC_FAILURE);
pass = NULL;
} else if (!UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD,
pass, 0, maxsize - 1)) {
- OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB);
+ ATTICerr(0, ERR_R_UI_LIB);
pass = NULL;
} else {
switch (UI_process(ui)) {
case -2:
- OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS,
- OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED);
+ ATTICerr(0, ATTIC_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED);
pass = NULL;
break;
case -1:
- OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB);
+ ATTICerr(0, ERR_R_UI_LIB);
pass = NULL;
break;
default:
@@ -126,6 +128,91 @@ static int file_get_pem_pass(char *buf, int num, int w, void *data)
return pass == NULL ? 0 : strlen(pass);
}
+/*
+ * Check if |str| ends with |suffix| preceded by a space, and if it does,
+ * return the index of that space. If there is no such suffix in |str|,
+ * return -1.
+ * For |str| == "FOO BAR" and |suffix| == "BAR", the returned value is 3.
+ */
+static int check_suffix(const char *str, const char *suffix)
+{
+ int str_len = strlen(str);
+ int suffix_len = strlen(suffix) + 1;
+ const char *p = NULL;
+
+ if (suffix_len >= str_len)
+ return -1;
+ p = str + str_len - suffix_len;
+ if (*p != ' '
+ || strcmp(p + 1, suffix) != 0)
+ return -1;
+ return p - str;
+}
+
+/*
+ * EMBEDDED is a special type of OSSL_STORE_INFO, specially for the file
+ * handlers, so we define it internally. This uses the possibility to
+ * create an OSSL_STORE_INFO with a generic data pointer and arbitrary
+ * type number.
+ *
+ * This is used by a FILE_HANDLER's try_decode function to signal that it
+ * has decoded the incoming blob into a new blob, and that the attempted
+ * decoding should be immediately restarted with the new blob, using the
+ * new PEM name.
+ */
+/* Negative numbers are never used for public OSSL_STORE_INFO types */
+#define STORE_INFO_EMBEDDED -1
+
+/* This is the embedded data */
+struct embedded_st {
+ BUF_MEM *blob;
+ char *pem_name;
+};
+
+/* Helper functions */
+static struct embedded_st *get0_EMBEDDED(OSSL_STORE_INFO *info)
+{
+ return OSSL_STORE_INFO_get0_data(STORE_INFO_EMBEDDED, info);
+}
+
+static void store_info_free(OSSL_STORE_INFO *info)
+{
+ struct embedded_st *data;
+
+ if (info != NULL && (data = get0_EMBEDDED(info)) != NULL) {
+ BUF_MEM_free(data->blob);
+ OPENSSL_free(data->pem_name);
+ OPENSSL_free(data);
+ }
+ OSSL_STORE_INFO_free(info);
+}
+
+static OSSL_STORE_INFO *new_EMBEDDED(const char *new_pem_name,
+ BUF_MEM *embedded)
+{
+ OSSL_STORE_INFO *info = NULL;
+ struct embedded_st *data = NULL;
+
+ if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL
+ || (info = OSSL_STORE_INFO_new(STORE_INFO_EMBEDDED, data)) == NULL) {
+ ATTICerr(0, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(data);
+ return NULL;
+ }
+
+ data->pem_name =
+ new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name);
+
+ if (new_pem_name != NULL && data->pem_name == NULL) {
+ ATTICerr(0, ERR_R_MALLOC_FAILURE);
+ store_info_free(info);
+ info = NULL;
+ }
+ data->blob = embedded;
+
+ return info;
+}
+
/*-
* The file scheme decoders
* ------------------------
@@ -243,13 +330,11 @@ static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name,
if ((pass = file_get_pass(ui_method, tpass, PEM_BUFSIZE,
"PKCS12 import pass phrase", uri,
ui_data)) == NULL) {
- OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12,
- OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR);
+ ATTICerr(0, ATTIC_R_PASSPHRASE_CALLBACK_ERROR);
goto p12_end;
}
if (!PKCS12_verify_mac(p12, pass, strlen(pass))) {
- OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12,
- OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC);
+ ATTICerr(0, ATTIC_R_ERROR_VERIFYING_PKCS12_MAC);
goto p12_end;
}
}
@@ -293,11 +378,11 @@ static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name,
EVP_PKEY_free(pkey);
X509_free(cert);
sk_X509_pop_free(chain, X509_free);
- OSSL_STORE_INFO_free(osi_pkey);
- OSSL_STORE_INFO_free(osi_cert);
- OSSL_STORE_INFO_free(osi_ca);
+ store_info_free(osi_pkey);
+ store_info_free(osi_cert);
+ store_info_free(osi_ca);
if (!ok) {
- sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free);
+ sk_OSSL_STORE_INFO_pop_free(ctx, store_info_free);
ctx = NULL;
}
*pctx = ctx;
@@ -325,7 +410,7 @@ static void destroy_ctx_PKCS12(void **pctx)
{
STACK_OF(OSSL_STORE_INFO) *ctx = *pctx;
- sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free);
+ sk_OSSL_STORE_INFO_pop_free(ctx, store_info_free);
*pctx = NULL;
}
@@ -375,16 +460,14 @@ static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name,
*matchcount = 1;
if ((mem = BUF_MEM_new()) == NULL) {
- OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
- ERR_R_MALLOC_FAILURE);
+ ATTICerr(0, ERR_R_MALLOC_FAILURE);
goto nop8;
}
if ((pass = file_get_pass(ui_method, kbuf, PEM_BUFSIZE,
"PKCS8 decrypt pass phrase", uri,
ui_data)) == NULL) {
- OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
- OSSL_STORE_R_BAD_PASSWORD_READ);
+ ATTICerr(0, ATTIC_R_BAD_PASSWORD_READ);
goto nop8;
}
@@ -397,10 +480,9 @@ static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name,
mem->max = mem->length = (size_t)new_data_len;
X509_SIG_free(p8);
- store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem);
+ store_info = new_EMBEDDED(PEM_STRING_PKCS8INF, mem);
if (store_info == NULL) {
- OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
- ERR_R_MALLOC_FAILURE);
+ ATTICerr(0, ERR_R_MALLOC_FAILURE);
goto nop8;
}
@@ -421,7 +503,6 @@ static FILE_HANDLER PKCS8Encrypted_handler = {
* encoded ones and old style PEM ones (with the key type is encoded into
* the PEM name).
*/
-int pem_check_suffix(const char *pem_str, const char *suffix);
static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name,
const char *pem_header,
const unsigned char *blob,
@@ -443,16 +524,19 @@ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name,
*matchcount = 1;
if (p8inf != NULL)
- pkey = evp_pkcs82pkey_int(p8inf, libctx, propq);
+ pkey = EVP_PKCS82PKEY_with_libctx(p8inf, libctx, propq);
PKCS8_PRIV_KEY_INFO_free(p8inf);
} else {
int slen;
+ int pkey_id;
- if ((slen = pem_check_suffix(pem_name, "PRIVATE KEY")) > 0
+ if ((slen = check_suffix(pem_name, "PRIVATE KEY")) > 0
&& (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name,
- slen)) != NULL) {
+ slen)) != NULL
+ && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
+ ameth)) {
*matchcount = 1;
- pkey = d2i_PrivateKey_ex(ameth->pkey_id, NULL, &blob, len,
+ pkey = d2i_PrivateKey_ex(pkey_id, NULL, &blob, len,
libctx, propq);
}
}
@@ -473,17 +557,19 @@ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name,
EVP_PKEY_ASN1_METHOD *ameth2 = NULL;
EVP_PKEY *tmp_pkey = NULL;
const unsigned char *tmp_blob = blob;
+ int pkey_id, pkey_flags;
- if (!asn1meths(curengine, &ameth2, NULL, nids[i]))
- continue;
- if (ameth2 == NULL
- || ameth2->pkey_flags & ASN1_PKEY_ALIAS)
+ if (!asn1meths(curengine, &ameth2, NULL, nids[i])
+ || !EVP_PKEY_asn1_get0_info(&pkey_id, NULL,
+ &pkey_flags, NULL, NULL,
+ ameth2)
+ || (pkey_flags & ASN1_PKEY_ALIAS) != 0)
continue;
ERR_set_mark(); /* prevent flooding error queue */
- tmp_pkey =
- d2i_PrivateKey_ex(ameth2->pkey_id, NULL,
- &tmp_blob, len, libctx, propq);
+ tmp_pkey = d2i_PrivateKey_ex(pkey_id, NULL,
+ &tmp_blob, len,
+ libctx, propq);
if (tmp_pkey != NULL) {
if (pkey != NULL)
EVP_PKEY_free(tmp_pkey);
@@ -501,13 +587,16 @@ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name,
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
EVP_PKEY *tmp_pkey = NULL;
const unsigned char *tmp_blob = blob;
+ int pkey_id, pkey_flags;
ameth = EVP_PKEY_asn1_get0(i);
- if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
+ if (!EVP_PKEY_asn1_get0_info(&pkey_id, NULL, &pkey_flags, NULL,
+ NULL, ameth)
+ || (pkey_flags & ASN1_PKEY_ALIAS) != 0)
continue;
ERR_set_mark(); /* prevent flooding error queue */
- tmp_pkey = d2i_PrivateKey_ex(ameth->pkey_id, NULL, &tmp_blob, len,
+ tmp_pkey = d2i_PrivateKey_ex(pkey_id, NULL, &tmp_blob, len,
libctx, propq);
if (tmp_pkey != NULL) {
if (pkey != NULL)
@@ -590,69 +679,58 @@ static OSSL_STORE_INFO *try_decode_params(const char *pem_name,
const char *propq)
{
OSSL_STORE_INFO *store_info = NULL;
- int slen = 0;
EVP_PKEY *pkey = NULL;
const EVP_PKEY_ASN1_METHOD *ameth = NULL;
- int ok = 0;
if (pem_name != NULL) {
- if ((slen = pem_check_suffix(pem_name, "PARAMETERS")) == 0)
- return NULL;
- *matchcount = 1;
- }
+ int slen;
+ int pkey_id;
- if (slen > 0) {
- if ((pkey = EVP_PKEY_new()) == NULL) {
- OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB);
- return NULL;
+ if ((slen = check_suffix(pem_name, "PARAMETERS")) > 0
+ && (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name, slen)) != NULL
+ && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
+ ameth)) {
+ *matchcount = 1;
+ pkey = d2i_KeyParams(pkey_id, NULL, &blob, len);
}
-
-
- if (EVP_PKEY_set_type_str(pkey, pem_name, slen)
- && (ameth = EVP_PKEY_get0_asn1(pkey)) != NULL
- && ameth->param_decode != NULL
- && ameth->param_decode(pkey, &blob, len))
- ok = 1;
} else {
int i;
- EVP_PKEY *tmp_pkey = NULL;
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+ EVP_PKEY *tmp_pkey = NULL;
const unsigned char *tmp_blob = blob;
-
- if (tmp_pkey == NULL && (tmp_pkey = EVP_PKEY_new()) == NULL) {
- OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB);
- break;
- }
+ int pkey_id, pkey_flags;
ameth = EVP_PKEY_asn1_get0(i);
- if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
+ if (!EVP_PKEY_asn1_get0_info(&pkey_id, NULL, &pkey_flags, NULL,
+ NULL, ameth)
+ || (pkey_flags & ASN1_PKEY_ALIAS) != 0)
continue;
ERR_set_mark(); /* prevent flooding error queue */
- if (EVP_PKEY_set_type(tmp_pkey, ameth->pkey_id)
- && (ameth = EVP_PKEY_get0_asn1(tmp_pkey)) != NULL
- && ameth->param_decode != NULL
- && ameth->param_decode(tmp_pkey, &tmp_blob, len)) {
+ tmp_pkey = d2i_KeyParams(pkey_id, NULL, &tmp_blob, len);
+
+ if (tmp_pkey != NULL) {
if (pkey != NULL)
EVP_PKEY_free(tmp_pkey);
else
pkey = tmp_pkey;
- tmp_pkey = NULL;
(*matchcount)++;
}
ERR_pop_to_mark();
}
- EVP_PKEY_free(tmp_pkey);
- if (*matchcount == 1) {
- ok = 1;
+ if (*matchcount > 1) {
+ EVP_PKEY_free(pkey);
+ pkey = NULL;
}
}
+ if (pkey == NULL)
+ /* No match */
+ return NULL;
- if (ok)
- store_info = OSSL_STORE_INFO_new_PARAMS(pkey);
+ store_info = OSSL_STORE_INFO_new_PARAMS(pkey);
if (store_info == NULL)
EVP_PKEY_free(pkey);
@@ -824,6 +902,7 @@ struct ossl_store_loader_ctx_st {
/* Expected object type. May be unspecified */
int expected_type;
+
OPENSSL_CTX *libctx;
char *propq;
};
@@ -898,7 +977,7 @@ static OSSL_STORE_LOADER_CTX *file_open_with_libctx
} else if (uri[7] == '/') {
p = &uri[7];
} else {
- OSSL_STOREerr(0, OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED);
+ ATTICerr(0, ATTIC_R_URI_AUTHORITY_UNSUPPORTED);
return NULL;
}
}
@@ -907,7 +986,7 @@ static OSSL_STORE_LOADER_CTX *file_open_with_libctx
#ifdef _WIN32
/* Windows file: URIs with a drive letter start with a / */
if (p[0] == '/' && p[2] == ':' && p[3] == '/') {
- char c = ossl_tolower(p[1]);
+ char c = tolower(p[1]);
if (c >= 'a' && c <= 'z') {
p++;
@@ -926,7 +1005,7 @@ static OSSL_STORE_LOADER_CTX *file_open_with_libctx
* be absolute. So says RFC 8089
*/
if (path_data[i].check_absolute && path_data[i].path[0] != '/') {
- OSSL_STOREerr(0, OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE);
+ ATTICerr(0, ATTIC_R_PATH_MUST_BE_ABSOLUTE);
ERR_add_error_data(1, path_data[i].path);
return NULL;
}
@@ -947,12 +1026,12 @@ static OSSL_STORE_LOADER_CTX *file_open_with_libctx
ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx == NULL) {
- OSSL_STOREerr(0, ERR_R_MALLOC_FAILURE);
+ ATTICerr(0, ERR_R_MALLOC_FAILURE);
return NULL;
}
ctx->uri = OPENSSL_strdup(uri);
if (ctx->uri == NULL) {
- OSSL_STOREerr(0, ERR_R_MALLOC_FAILURE);
+ ATTICerr(0, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -962,11 +1041,7 @@ static OSSL_STORE_LOADER_CTX *file_open_with_libctx
ctx->_.dir.last_errno = errno;
if (ctx->_.dir.last_entry == NULL) {
if (ctx->_.dir.last_errno != 0) {
- char errbuf[256];
- OSSL_STOREerr(0, ERR_R_SYS_LIB);
- errno = ctx->_.dir.last_errno;
- if (openssl_strerror_r(errno, errbuf, sizeof(errbuf)))
- ERR_add_error_data(1, errbuf);
+ ERR_raise(ERR_LIB_SYS, ctx->_.dir.last_errno);
goto err;
}
ctx->_.dir.end_reached = 1;
@@ -979,7 +1054,7 @@ static OSSL_STORE_LOADER_CTX *file_open_with_libctx
if (propq != NULL) {
ctx->propq = OPENSSL_strdup(propq);
if (ctx->propq == NULL) {
- OSSL_STOREerr(0, ERR_R_MALLOC_FAILURE);
+ ATTICerr(0, ERR_R_MALLOC_FAILURE);
goto err;
}
}
@@ -1005,17 +1080,11 @@ static OSSL_STORE_LOADER_CTX *file_attach
{
OSSL_STORE_LOADER_CTX *ctx = NULL;
- if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
- OSSL_STOREerr(0, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (propq != NULL) {
- ctx->propq = OPENSSL_strdup(propq);
- if (ctx->propq == NULL) {
- OSSL_STOREerr(0, ERR_R_MALLOC_FAILURE);
- goto err;
- }
+ if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL
+ || (propq != NULL && (ctx->propq = OPENSSL_strdup(propq)) == NULL)) {
+ ATTICerr(0, ERR_R_MALLOC_FAILURE);
+ OSSL_STORE_LOADER_CTX_free(ctx);
+ return NULL;
}
ctx->libctx = libctx;
ctx->flags |= FILE_FLAG_ATTACHED;
@@ -1048,7 +1117,7 @@ static int file_ctrl(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args)
ctx->flags |= FILE_FLAG_SECMEM;
break;
default:
- OSSL_STOREerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
+ ATTICerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
ret = 0;
break;
}
@@ -1082,8 +1151,7 @@ static int file_find(OSSL_STORE_LOADER_CTX *ctx,
return 1;
if (ctx->type != is_dir) {
- OSSL_STOREerr(OSSL_STORE_F_FILE_FIND,
- OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES);
+ ATTICerr(0, ATTIC_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES);
return 0;
}
@@ -1094,8 +1162,7 @@ static int file_find(OSSL_STORE_LOADER_CTX *ctx,
}
if (ctx != NULL)
- OSSL_STOREerr(OSSL_STORE_F_FILE_FIND,
- OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE);
+ ATTICerr(0, ATTIC_R_UNSUPPORTED_SEARCH_TYPE);
return 0;
}
@@ -1120,8 +1187,7 @@ static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx,
* OSSL_NELEM(file_handlers));
if (matching_handlers == NULL) {
- OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD_TRY_DECODE,
- ERR_R_MALLOC_FAILURE);
+ ATTICerr(0, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -1157,8 +1223,8 @@ static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx,
if ((*matchcount += try_matchcount) > 1) {
/* more than one match => ambiguous, kill any result */
- OSSL_STORE_INFO_free(result);
- OSSL_STORE_INFO_free(tmp_result);
+ store_info_free(result);
+ store_info_free(tmp_result);
if (handler->destroy_ctx != NULL)
handler->destroy_ctx(&handler_ctx);
handler_ctx = NULL;
@@ -1183,13 +1249,18 @@ static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx,
BUF_MEM_free(new_mem);
if (result != NULL
- && (t = OSSL_STORE_INFO_get_type(result)) == OSSL_STORE_INFO_EMBEDDED) {
- pem_name = new_pem_name =
- ossl_store_info_get0_EMBEDDED_pem_name(result);
- new_mem = ossl_store_info_get0_EMBEDDED_buffer(result);
+ && (t = OSSL_STORE_INFO_get_type(result)) == STORE_INFO_EMBEDDED) {
+ struct embedded_st *embedded = get0_EMBEDDED(result);
+
+ /* "steal" the embedded data */
+ pem_name = new_pem_name = embedded->pem_name;
+ new_mem = embedded->blob;
data = (unsigned char *)new_mem->data;
len = new_mem->length;
- OPENSSL_free(result);
+ embedded->pem_name = NULL;
+ embedded->blob = NULL;
+
+ store_info_free(result);
result = NULL;
goto again;
}
@@ -1380,7 +1451,7 @@ static int file_name_to_uri(OSSL_STORE_LOADER_CTX *ctx, const char *name,
*data = OPENSSL_zalloc(calculated_length);
if (*data == NULL) {
- OSSL_STOREerr(OSSL_STORE_F_FILE_NAME_TO_URI, ERR_R_MALLOC_FAILURE);
+ ATTICerr(0, ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -1431,9 +1502,9 @@ static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name)
* Last, check that the rest of the extension is a decimal number, at
* least one digit long.
*/
- if (!ossl_isdigit(*p))
+ if (!isdigit(*p))
return 0;
- while (ossl_isdigit(*p))
+ while (isdigit(*p))
p++;
#ifdef __VMS
@@ -1469,13 +1540,9 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx,
if (ctx->_.dir.last_entry == NULL) {
if (!ctx->_.dir.end_reached) {
- char errbuf[256];
assert(ctx->_.dir.last_errno != 0);
- OSSL_STOREerr(0, ERR_R_SYS_LIB);
- errno = ctx->_.dir.last_errno;
+ ERR_raise(ERR_LIB_SYS, ctx->_.dir.last_errno);
ctx->errcnt++;
- if (openssl_strerror_r(errno, errbuf, sizeof(errbuf)))
- ERR_add_error_data(1, errbuf);
}
return NULL;
}
@@ -1499,7 +1566,7 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx,
if (newname != NULL
&& (result = OSSL_STORE_INFO_new_NAME(newname)) == NULL) {
OPENSSL_free(newname);
- OSSL_STOREerr(0, ERR_R_OSSL_STORE_LIB);
+ ATTICerr(0, ERR_R_OSSL_STORE_LIB);
return NULL;
}
} while (result == NULL && !file_eof(ctx));
@@ -1558,14 +1625,14 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx,
}
if (matchcount > 1) {
- OSSL_STOREerr(0, OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE);
+ ATTICerr(0, ATTIC_R_AMBIGUOUS_CONTENT_TYPE);
} else if (matchcount == 1) {
/*
* If there are other errors on the stack, they already show
* what the problem is.
*/
if (ERR_peek_error() == 0) {
- OSSL_STOREerr(0, OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE);
+ ATTICerr(0, ATTIC_R_UNSUPPORTED_CONTENT_TYPE);
if (pem_name != NULL)
ERR_add_error_data(3, "PEM type is '", pem_name, "'");
}
@@ -1581,14 +1648,14 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx,
/* We bail out on ambiguity */
if (matchcount > 1) {
- OSSL_STORE_INFO_free(result);
+ store_info_free(result);
return NULL;
}
if (result != NULL
&& ctx->expected_type != 0
&& ctx->expected_type != OSSL_STORE_INFO_get_type(result)) {
- OSSL_STORE_INFO_free(result);
+ store_info_free(result);
goto again;
}
}
@@ -1637,31 +1704,87 @@ static int file_close(OSSL_STORE_LOADER_CTX *ctx)
return 1;
}
-static OSSL_STORE_LOADER file_loader =
- {
- "file",
- NULL,
- file_open,
- file_attach,
- file_ctrl,
- file_expect,
- file_find,
- file_load,
- file_eof,
- file_error,
- file_close,
- file_open_with_libctx,
- };
-
-static void store_file_loader_deinit(void)
+/*-
+ * ENGINE management
+ */
+
+static const char *loader_attic_id = "loader_attic";
+static const char *loader_attic_name = "'file:' loader";
+
+static OSSL_STORE_LOADER *loader_attic = NULL;
+
+static int loader_attic_init(ENGINE *e)
{
- ossl_store_unregister_loader_int(file_loader.scheme);
+ return 1;
}
-int ossl_store_file_loader_init(void)
+
+static int loader_attic_finish(ENGINE *e)
{
- int ret = ossl_store_register_loader_int(&file_loader);
+ return 1;
+}
- OPENSSL_atexit(store_file_loader_deinit);
- return ret;
+
+static int loader_attic_destroy(ENGINE *e)
+{
+ OSSL_STORE_LOADER *loader = OSSL_STORE_unregister_loader("file");
+
+ if (loader == NULL)
+ return 0;
+
+ ERR_unload_ATTIC_strings();
+ OSSL_STORE_LOADER_free(loader);
+ return 1;
+}
+
+static int bind_loader_attic(ENGINE *e)
+{
+
+ /* Ensure the ATTIC error handdling is set up on best effort basis */
+ ERR_load_ATTIC_strings();
+
+ if (/* Create the OSSL_STORE_LOADER */
+ (loader_attic = OSSL_STORE_LOADER_new(e, "file")) == NULL
+ || !OSSL_STORE_LOADER_set_open_with_libctx(loader_attic,
+ file_open_with_libctx)
+ || !OSSL_STORE_LOADER_set_open(loader_attic, file_open)
+ || !OSSL_STORE_LOADER_set_attach(loader_attic, file_attach)
+ || !OSSL_STORE_LOADER_set_ctrl(loader_attic, file_ctrl)
+ || !OSSL_STORE_LOADER_set_expect(loader_attic, file_expect)
+ || !OSSL_STORE_LOADER_set_find(loader_attic, file_find)
+ || !OSSL_STORE_LOADER_set_load(loader_attic, file_load)
+ || !OSSL_STORE_LOADER_set_eof(loader_attic, file_eof)
+ || !OSSL_STORE_LOADER_set_error(loader_attic, file_error)
+ || !OSSL_STORE_LOADER_set_close(loader_attic, file_close)
+ /* Init the engine itself */
+ || !ENGINE_set_id(e, loader_attic_id)
+ || !ENGINE_set_name(e, loader_attic_name)
+ || !ENGINE_set_destroy_function(e, loader_attic_destroy)
+ || !ENGINE_set_init_function(e, loader_attic_init)
+ || !ENGINE_set_finish_function(e, loader_attic_finish)
+ /* Finally, register the method with libcrypto */
+ || !OSSL_STORE_register_loader(loader_attic)) {
+ OSSL_STORE_LOADER_free(loader_attic);
+ loader_attic = NULL;
+ ATTICerr(0, ATTIC_R_INIT_FAILED);
+ return 0;
+ }
+
+ return 1;
+}
+
+#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+# error "Only allowed as dynamically shared object"
+#endif
+
+static int bind_helper(ENGINE *e, const char *id)
+{
+ if (id && (strcmp(id, loader_attic_id) != 0))
+ return 0;
+ if (!bind_loader_attic(e))
+ return 0;
+ return 1;
}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
diff --git a/engines/e_loader_attic.ec b/engines/e_loader_attic.ec
new file mode 100644
index 0000000000..525a689fe5
--- /dev/null
+++ b/engines/e_loader_attic.ec
@@ -0,0 +1,3 @@
+# The INPUT HEADER is scanned for declarations
+# LIBNAME INPUT HEADER ERROR-TABLE FILE
+L ATTIC e_loader_attic_err.h e_loader_attic_err.c
diff --git a/engines/e_loader_attic.txt b/engines/e_loader_attic.txt
new file mode 100644
index 0000000000..db1a996a33
--- /dev/null
+++ b/engines/e_loader_attic.txt
@@ -0,0 +1,23 @@
+# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Function codes
+
+#Reason codes
+ATTIC_R_AMBIGUOUS_CONTENT_TYPE:100:ambiguous content type
+ATTIC_R_BAD_PASSWORD_READ:101:bad password read
+ATTIC_R_ERROR_VERIFYING_PKCS12_MAC:102:error verifying pkcs12 mac
+ATTIC_R_INIT_FAILED:103:init failed
+ATTIC_R_PASSPHRASE_CALLBACK_ERROR:104:passphrase callback error
+ATTIC_R_PATH_MUST_BE_ABSOLUTE:105:path must be absolute
+ATTIC_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES:106:\
+ search only supported for directories
+ATTIC_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED:107:\
+ ui process interrupted or cancelled
+ATTIC_R_UNSUPPORTED_CONTENT_TYPE:108:unsupported content type
+ATTIC_R_UNSUPPORTED_SEARCH_TYPE:109:unsupported search type
+ATTIC_R_URI_AUTHORITY_UNSUPPORTED:110:uri authority unsupported
diff --git a/engines/e_loader_attic_err.c b/engines/e_loader_attic_err.c
new file mode 100644
index 0000000000..2bc4e854c8
--- /dev/null
+++ b/engines/e_loader_attic_err.c
@@ -0,0 +1,73 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "e_loader_attic_err.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static ERR_STRING_DATA ATTIC_str_reasons[] = {
+ {ERR_PACK(0, 0, ATTIC_R_AMBIGUOUS_CONTENT_TYPE), "ambiguous content type"},
+ {ERR_PACK(0, 0, ATTIC_R_BAD_PASSWORD_READ), "bad password read"},
+ {ERR_PACK(0, 0, ATTIC_R_ERROR_VERIFYING_PKCS12_MAC),
+ "error verifying pkcs12 mac"},
+ {ERR_PACK(0, 0, ATTIC_R_INIT_FAILED), "init failed"},
+ {ERR_PACK(0, 0, ATTIC_R_PASSPHRASE_CALLBACK_ERROR),
+ "passphrase callback error"},
+ {ERR_PACK(0, 0, ATTIC_R_PATH_MUST_BE_ABSOLUTE), "path must be absolute"},
+ {ERR_PACK(0, 0, ATTIC_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES),
+ "search only supported for directories"},
+ {ERR_PACK(0, 0, ATTIC_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED),
+ "ui process interrupted or cancelled"},
+ {ERR_PACK(0, 0, ATTIC_R_UNSUPPORTED_CONTENT_TYPE),
+ "unsupported content type"},
+ {ERR_PACK(0, 0, ATTIC_R_UNSUPPORTED_SEARCH_TYPE),
+ "unsupported search type"},
+ {ERR_PACK(0, 0, ATTIC_R_URI_AUTHORITY_UNSUPPORTED),
+ "uri authority unsupported"},
+ {0, NULL}
+};
+
+#endif
+
+static int lib_code = 0;
+static int error_loaded = 0;
+
+static int ERR_load_ATTIC_strings(void)
+{
+ if (lib_code == 0)
+ lib_code = ERR_get_next_error_library();
+
+ if (!error_loaded) {
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(lib_code, ATTIC_str_reasons);
+#endif
+ error_loaded = 1;
+ }
+ return 1;
+}
+
+static void ERR_unload_ATTIC_strings(void)
+{
+ if (error_loaded) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(lib_code, ATTIC_str_reasons);
+#endif
+ error_loaded = 0;
+ }
+}
+
+static void ERR_ATTIC_error(int function, int reason, char *file, int line)
+{
+ if (lib_code == 0)
+ lib_code = ERR_get_next_error_library();
+ ERR_raise(lib_code, reason);
+ ERR_set_debug(file, line, NULL);
+}
diff --git a/engines/e_loader_attic_err.h b/engines/e_loader_attic_err.h
new file mode 100644
index 0000000000..115e0ea6f6
--- /dev/null
+++ b/engines/e_loader_attic_err.h
@@ -0,0 +1,43 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_ATTICERR_H
+# define OPENSSL_ATTICERR_H
+# pragma once
+
+# include <openssl/opensslconf.h>
+# include <openssl/symhacks.h>
+
+
+# define ATTICerr(f, r) ERR_ATTIC_error(0, (r), OPENSSL_FILE, OPENSSL_LINE)
+
+
+/*
+ * ATTIC function codes.
+ */
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# endif
+
+/*
+ * ATTIC reason codes.
+ */
+# define ATTIC_R_AMBIGUOUS_CONTENT_TYPE 100
+# define ATTIC_R_BAD_PASSWORD_READ 101
+# define ATTIC_R_ERROR_VERIFYING_PKCS12_MAC 102
+# define ATTIC_R_INIT_FAILED 103
+# define ATTIC_R_PASSPHRASE_CALLBACK_ERROR 104
+# define ATTIC_R_PATH_MUST_BE_ABSOLUTE 105
+# define ATTIC_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 106
+# define ATTIC_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 107
+# define ATTIC_R_UNSUPPORTED_CONTENT_TYPE 108
+# define ATTIC_R_UNSUPPORTED_SEARCH_TYPE 109
+# define ATTIC_R_URI_AUTHORITY_UNSUPPORTED 110
+
+#endif
diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h
index 041642f022..624df3cb05 100644
--- a/include/crypto/asn1.h
+++ b/include/crypto/asn1.h
@@ -124,5 +124,3 @@ struct asn1_pctx_st {
unsigned long oid_flags;
unsigned long str_flags;
} /* ASN1_PCTX */ ;
-
-int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
diff --git a/include/crypto/decoder.h b/include/crypto/decoder.h
new file mode 100644
index 0000000000..b465752971
--- /dev/null
+++ b/include/crypto/decoder.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DECODER_H
+# define OSSL_CRYPTO_DECODER_H
+
+# include <openssl/decoder.h>
+
+OSSL_DECODER *ossl_decoder_fetch_by_number(OPENSSL_CTX *libctx,
+ int id,
+ const char *properties);
+
+/*
+ * These are specially made for the 'file:' provider-native loader, which
+ * uses this to install a DER to anything decoder, which doesn't do much
+ * except read a DER blob and pass it on as a provider object abstraction
+ * (provider-object(7)).
+ */
+void *ossl_decoder_from_dispatch(int id, const OSSL_ALGORITHM *algodef,
+ OSSL_PROVIDER *prov);
+
+OSSL_DECODER_INSTANCE *
+ossl_decoder_instance_new(OSSL_DECODER *decoder, void *decoderctx);
+void ossl_decoder_instance_free(OSSL_DECODER_INSTANCE *decoder_inst);
+int ossl_decoder_ctx_add_decoder_inst(OSSL_DECODER_CTX *ctx,
+ OSSL_DECODER_INSTANCE *di);
+
+int ossl_decoder_ctx_setup_for_EVP_PKEY(OSSL_DECODER_CTX *ctx,
+ EVP_PKEY **pkey,
+ OPENSSL_CTX *libctx,
+ const char *propquery);
+
+#endif
+
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 634eb86425..b00634234c 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -763,8 +763,6 @@ int pkcs5_pbkdf2_hmac_with_libctx(const char *pass, int passlen,
int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
-EVP_PKEY *evp_pkcs82pkey_int(const PKCS8_PRIV_KEY_INFO *p8, OPENSSL_CTX *libctx,
- const char *propq);
EVP_MD_CTX *evp_md_ctx_new_with_libctx(EVP_PKEY *pkey,
const ASN1_OCTET_STRING *id,
OPENSSL_CTX *libctx, const char *propq);
diff --git a/include/internal/asn1.h b/include/internal/asn1.h
new file mode 100644
index 0000000000..8448786919
--- /dev/null
+++ b/include/internal/asn1.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_INTERNAL_ASN1_H
+# define OSSL_INTERNAL_ASN1_H
+
+int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
+
+#endif
diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h
index b21fe559f7..ac83f88cc4 100644
--- a/include/openssl/core_dispatch.h
+++ b/include/openssl/core_dispatch.h
@@ -137,6 +137,7 @@ OSSL_CORE_MAKE_FUNC(void,
#define OSSL_FUNC_BIO_VSNPRINTF 46
#define OSSL_FUNC_BIO_PUTS 47
#define OSSL_FUNC_BIO_GETS 48
+#define OSSL_FUNC_BIO_CTRL 49
OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_file, (const char *filename,
@@ -153,6 +154,8 @@ OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO *bio, const char *format,
va_list args))
OSSL_CORE_MAKE_FUNC(int, BIO_vsnprintf,
(char *buf, size_t n, const char *fmt, va_list args))
+OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO *bio,
+ int cmd, long num, void *ptr))
#define OSSL_FUNC_SELF_TEST_CB 100
OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb,
diff --git a/include/openssl/err.h b/include/openssl/err.h
index 497436d2c5..3e3b64b158 100644
--- a/include/openssl/err.h
+++ b/include/openssl/err.h
@@ -113,8 +113,8 @@ struct err_state_st {
# define ERR_LIB_CRMF 56
# define ERR_LIB_PROV 57
# define ERR_LIB_CMP 58
-# define ERR_LIB_OSSL_ENCODER 59
-# define ERR_LIB_OSSL_DECODER 60
+# define ERR_LIB_OSSL_ENCODER 59
+# define ERR_LIB_OSSL_DECODER 60
# define ERR_LIB_HTTP 61
# define ERR_LIB_USER 128
@@ -304,6 +304,7 @@ static ossl_inline int ERR_FATAL_ERROR(unsigned long errcode)
# define ERR_R_UI_LIB ERR_LIB_UI/* 40 */
# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */
# define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */
+# define ERR_R_OSSL_DECODER_LIB ERR_LIB_OSSL_DECODER/* 60 */
/*
* global reason codes, range 64..99 (sub-system specific codes start at 100)
diff --git a/include/openssl/store.h b/include/openssl/store.h
index 9a2b423371..8fc035c2e3 100644
--- a/include/openssl/store.h
+++ b/include/openssl/store.h
@@ -69,8 +69,12 @@ OSSL_STORE_open_with_libctx(const char *uri,
* determine which loader is used), except for common commands (see below).
* Each command takes different arguments.
*/
-int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */);
-int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args);
+DEPRECATEDIN_3_0(int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd,
+ ... /* args */))
+DEPRECATEDIN_3_0(int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
+ va_list args))
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
/*
* Common ctrl commands that different loaders may choose to support.
@@ -80,6 +84,8 @@ int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args);
/* Where custom commands start */
# define OSSL_STORE_C_CUSTOM_START 100
+# endif
+
/*
* Read one data item (a key, a cert, a CRL) that is supported by the OSSL_STORE
* functionality, given a context.
@@ -151,6 +157,7 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, const char *scheme,
* In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
* and will therefore be freed when the OSSL_STORE_INFO is freed.
*/
+OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data);
OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name);
int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc);
OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params);
@@ -163,6 +170,7 @@ OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl);
* Functions to try to extract data from a OSSL_STORE_INFO.
*/
int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info);
+void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info);
const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info);
char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info);
const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info);
@@ -269,6 +277,8 @@ void OSSL_STORE_LOADER_names_do_all(const OSSL_STORE_LOADER *loader,
* scheme.
*/
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+
/* struct ossl_store_loader_ctx_st is defined differently by each loader */
typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX;
typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)
@@ -295,42 +305,58 @@ typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx);
typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx);
typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx);
-OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme);
-int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader,
- OSSL_STORE_open_fn open_function);
-int OSSL_STORE_LOADER_set_open_with_libctx
- (OSSL_STORE_LOADER *loader,
- OSSL_STORE_open_with_libctx_fn open_with_libctx_function);
-int OSSL_STORE_LOADER_set_attach(OSSL_STORE_LOADER *loader,
- OSSL_STORE_attach_fn attach_function);
-int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader,
- OSSL_STORE_ctrl_fn ctrl_function);
-int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader,
- OSSL_STORE_expect_fn expect_function);
-int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader,
- OSSL_STORE_find_fn find_function);
-int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader,
- OSSL_STORE_load_fn load_function);
-int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader,
- OSSL_STORE_eof_fn eof_function);
-int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader,
- OSSL_STORE_error_fn error_function);
-int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
- OSSL_STORE_close_fn close_function);
-
-const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
-const char * OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
-
-int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
-OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme);
+# endif
+
+DEPRECATEDIN_3_0(OSSL_STORE_LOADER *OSSL_STORE_LOADER_new
+ (ENGINE *e, const char *scheme))
+DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_open
+ (OSSL_STORE_LOADER *loader,
+ OSSL_STORE_open_fn open_function))
+DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_open_with_libctx
+ (OSSL_STORE_LOADER *loader,
+ OSSL_STORE_open_with_libctx_fn open_with_libctx_function))
+DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_attach
+ (OSSL_STORE_LOADER *loader,
+ OSSL_STORE_attach_fn attach_function))
+DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_ctrl
+ (OSSL_STORE_LOADER *loader,
+ OSSL_STORE_ctrl_fn ctrl_function))
+DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_expect
+ (OSSL_STORE_LOADER *loader,
+ OSSL_STORE_expect_fn expect_function))
+DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_find
+ (OSSL_STORE_LOADER *loader,
+ OSSL_STORE_find_fn find_function))
+DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_load
+ (OSSL_STORE_LOADER *loader,
+ OSSL_STORE_load_fn load_function))
+DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_eof
+ (OSSL_STORE_LOADER *loader,
+ OSSL_STORE_eof_fn eof_function))
+DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_error
+ (OSSL_STORE_LOADER *loader,
+ OSSL_STORE_error_fn error_function))
+DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_close
+ (OSSL_STORE_LOADER *loader,
+ OSSL_STORE_close_fn close_function))
+
+DEPRECATEDIN_3_0(const ENGINE *OSSL_STORE_LOADER_get0_engine
+ (const OSSL_STORE_LOADER *loader))
+DEPRECATEDIN_3_0(const char * OSSL_STORE_LOADER_get0_scheme
+ (const OSSL_STORE_LOADER *loader))
+
+DEPRECATEDIN_3_0(int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader))
+DEPRECATEDIN_3_0(OSSL_STORE_LOADER *OSSL_STORE_unregister_loader
+ (const char *scheme))
/*-
* Functions to list STORE loaders
* -------------------------------
*/
-int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER
- *loader, void *do_arg),
- void *do_arg);
+DEPRECATEDIN_3_0(int OSSL_STORE_do_all_loaders
+ (void (*do_function)(const OSSL_STORE_LOADER *loader,
+ void *do_arg),
+ void *do_arg))
# ifdef __cplusplus
}
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 9aef28c954..d243fda94c 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -1035,6 +1035,8 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8);
+EVP_PKEY *EVP_PKCS82PKEY_with_libctx(const PKCS8_PRIV_KEY_INFO *p8,
+ OPENSSL_CTX *libctx, const char *propq);
PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey);
int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
diff --git a/providers/baseprov.c b/providers/baseprov.c
index dcea2ad93e..38d9090bb3 100644
--- a/providers/baseprov.c
+++ b/providers/baseprov.c
@@ -86,6 +86,15 @@ static const OSSL_ALGORITHM base_decoder[] = {
};
#undef DECODER
+static const OSSL_ALGORITHM base_store[] = {
+#define STORE(name, fips, func_table) \
+ { name, "provider=base,fips=" fips, (func_table) },
+
+#include "stores.inc"
+ { NULL, NULL, NULL }
+#undef STORE
+};
+
static const OSSL_ALGORITHM *base_query(void *provctx, int operation_id,
int *no_cache)
{
@@ -95,6 +104,8 @@ static const OSSL_ALGORITHM *base_query(void *provctx, int operation_id,
return base_encoder;
case OSSL_OP_DECODER:
return base_decoder;
+ case OSSL_OP_STORE:
+ return base_store;
}
return NULL;
}
diff --git a/providers/common/bio_prov.c b/providers/common/bio_prov.c
index fc1f8b2b26..c049795cd1 100644
--- a/providers/common/bio_prov.c
+++ b/providers/common/bio_prov.c
@@ -18,6 +18,7 @@ static OSSL_FUNC_BIO_read_ex_fn *c_bio_read_ex = NULL;
static OSSL_FUNC_BIO_write_ex_fn *c_bio_write_ex = NULL;
static OSSL_FUNC_BIO_gets_fn *c_bio_gets = NULL;
static OSSL_FUNC_BIO_puts_fn *c_bio_puts = NULL;
+static OSSL_FUNC_BIO_ctrl_fn *c_bio_ctrl = NULL;
static OSSL_FUNC_BIO_free_fn *c_bio_free = NULL;
static OSSL_FUNC_BIO_vprintf_fn *c_bio_vprintf = NULL;
@@ -49,6 +50,10 @@ int ossl_prov_bio_from_dispatch(const OSSL_DISPATCH *fns)
if (c_bio_puts == NULL)
c_bio_puts = OSSL_FUNC_BIO_puts(fns);
break;
+ case OSSL_FUNC_BIO_CTRL:
+ if (c_bio_ctrl == NULL)
+ c_bio_ctrl = OSSL_FUNC_BIO_ctrl(fns);
+ break;
case OSSL_FUNC_BIO_FREE:
if (c_bio_free == NULL)
c_bio_free = OSSL_FUNC_BIO_free(fns);
@@ -107,6 +112,13 @@ int ossl_prov_bio_puts(OSSL_CORE_BIO *bio, const char *str)
return c_bio_puts(bio, str);
}
+int ossl_prov_bio_ctrl(OSSL_CORE_BIO *bio, int cmd, long num, void *ptr)
+{
+ if (c_bio_ctrl == NULL)
+ return -1;
+ return c_bio_ctrl(bio, cmd, num, ptr);
+}
+
int ossl_prov_bio_free(OSSL_CORE_BIO *bio)
{
if (c_bio_free == NULL)
@@ -151,9 +163,7 @@ static int bio_core_write_ex(BIO *bio, const char *data, size_t data_len,
static long bio_core_ctrl(BIO *bio, int cmd, long num, void *ptr)
{
- /* We don't support this */
- assert(0);
- return 0;
+ return ossl_prov_bio_ctrl(BIO_get_data(bio), cmd, num, ptr);
}
static int bio_core_gets(BIO *bio, char *buf, int size)
diff --git a/providers/common/include/prov/bio.h b/providers/common/include/prov/bio.h
index 3cef89ce18..9dd9f44bad 100644
--- a/providers/common/include/prov/bio.h
+++ b/providers/common/include/prov/bio.h
@@ -22,6 +22,7 @@ int ossl_prov_bio_write_ex(OSSL_CORE_BIO *bio, const void *data, size_t data_len
size_t *written);
int ossl_prov_bio_gets(OSSL_CORE_BIO *bio, char *buf, int size);
int ossl_prov_bio_puts(OSSL_CORE_BIO *bio, const char *str);
+int ossl_prov_bio_ctrl(OSSL_CORE_BIO *bio, int cmd, long num, void *ptr);
int ossl_prov_bio_free(OSSL_CORE_BIO *bio);
int ossl_prov_bio_vprintf(OSSL_CORE_BIO *bio, const char *format, va_list ap);
int ossl_prov_bio_printf(OSSL_CORE_BIO *bio, const char *format, ...);
diff --git a/providers/common/include/prov/providercommonerr.h b/providers/common/include/prov/providercommonerr.h
index 4c356fc5c6..82eea21049 100644
--- a/providers/common/include/prov/providercommonerr.h
+++ b/providers/common/include/prov/providercommonerr.h
@@ -139,12 +139,14 @@ int ERR_load_PROV_strings(void);
# define PROV_R_OUTPUT_BUFFER_TOO_SMALL 106
# define PROV_R_PARENT_LOCKING_NOT_ENABLED 182
# define PROV_R_PARENT_STRENGTH_TOO_WEAK 194
+# define PROV_R_PATH_MUST_BE_ABSOLUTE 219
# define PROV_R_PERSONALISATION_STRING_TOO_LONG 195
# define PROV_R_PSS_SALTLEN_TOO_SMALL 172
# define PROV_R_READ_KEY 159
# define PROV_R_REQUEST_TOO_LARGE_FOR_DRBG 196
# define PROV_R_REQUIRE_CTR_MODE_CIPHER 206
# define PROV_R_RESEED_ERROR 197
+# define PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 222
# define PROV_R_SELF_TEST_KAT_FAILURE 215
# define PROV_R_SELF_TEST_POST_FAILURE 216
# define PROV_R_TAG_NOTSET 119
@@ -165,6 +167,7 @@ int ERR_load_PROV_strings(void);
# define PROV_R_UNSUPPORTED_KEY_SIZE 153
# define PROV_R_UNSUPPORTED_MAC_TYPE 137
# define PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS 152
+# define PROV_R_URI_AUTHORITY_UNSUPPORTED 223
# define PROV_R_VALUE_ERROR 138
# define PROV_R_WRONG_FINAL_BLOCK_LENGTH 107
# define PROV_R_WRONG_OUTPUT_BUFFER_SIZE 139
diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c
index 3ea41f3c25..6d6a254dd6 100644
--- a/providers/common/provider_err.c
+++ b/providers/common/provider_err.c
@@ -149,6 +149,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
"parent locking not enabled"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PARENT_STRENGTH_TOO_WEAK),
"parent strength too weak"},
+ {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PATH_MUST_BE_ABSOLUTE),
+ "path must be absolute"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PERSONALISATION_STRING_TOO_LONG),
"personalisation string too long"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PSS_SALTLEN_TOO_SMALL),
@@ -159,6 +161,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_REQUIRE_CTR_MODE_CIPHER),
"require ctr mode cipher"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_RESEED_ERROR), "reseed error"},
+ {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES),
+ "search only supported for directories"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SELF_TEST_KAT_FAILURE),
"self test kat failure"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SELF_TEST_POST_FAILURE),
@@ -196,6 +200,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
"unsupported mac type"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS),
"unsupported number of rounds"},
+ {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_URI_AUTHORITY_UNSUPPORTED),
+ "uri authority unsupported"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_VALUE_ERROR), "value error"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_WRONG_FINAL_BLOCK_LENGTH),
"wrong final block length"},
diff --git a/providers/defltprov.c b/providers/defltprov.c
index 855497be06..beaf60bb1e 100644
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -433,6 +433,15 @@ static const OSSL_ALGORITHM deflt_decoder[] = {
};
#undef DECODER
+static const OSSL_ALGORITHM deflt_store[] = {
+#define STORE(name, fips, func_table) \
+ { name, "provider=default,fips=" fips, (func_table) },
+
+#include "stores.inc"
+ { NULL, NULL, NULL }
+#undef STORE
+};
+
static const OSSL_ALGORITHM *deflt_query(void *provctx, int operation_id,
int *no_cache)
{
@@ -461,6 +470,8 @@ static const OSSL_ALGORITHM *deflt_query(void *provctx, int operation_id,
return deflt_encoder;
case OSSL_OP_DECODER:
return deflt_decoder;
+ case OSSL_OP_STORE:
+ return deflt_store;
}
return NULL;
}
diff --git a/providers/implementations/build.info b/providers/implementations/build.info
index 54392cf68b..fe67e59401 100644
--- a/providers/implementations/build.info
+++ b/providers/implementations/build.info
@@ -1,2 +1,2 @@
SUBDIRS=digests ciphers rands macs kdfs exchange keymgmt signature asymciphers \
- encode_decode
+ encode_decode storemgmt
diff --git a/providers/implementations/encode_decode/decode_common.c b/providers/implementations/encode_decode/decode_common.c
index 2277c150c1..798d8f10b2 100644
--- a/providers/implementations/encode_decode/decode_common.c
+++ b/providers/implementations/encode_decode/decode_common.c
@@ -15,7 +15,7 @@
#include <openssl/pkcs12.h>
#include "internal/pem.h" /* For internal PVK and "blob" functions */
#include "internal/cryptlib.h"
-#include "crypto/asn1.h"
+#include "internal/asn1.h"
#include "internal/passphrase.h"
#include "prov/bio.h" /* ossl_prov_bio_printf() */
#include "prov/providercommonerr.h" /* PROV_R_READ_KEY */
diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h
index 1b8642415f..7060a4b839 100644
--- a/providers/implementations/include/prov/implementations.h
+++ b/providers/implementations/include/prov/implementations.h
@@ -385,3 +385,5 @@ extern const OSSL_DISPATCH der_to_rsapss_decoder_functions[];
extern const OSSL_DISPATCH msblob_to_rsa_decoder_functions[];
extern const OSSL_DISPATCH pvk_to_rsa_decoder_functions[];
extern const OSSL_DISPATCH pem_to_der_decoder_functions[];
+
+extern const OSSL_DISPATCH file_store_functions[];
diff --git a/providers/implementations/storemgmt/build.info b/providers/implementations/storemgmt/build.info
new file mode 100644
index 0000000000..89939cce54
--- /dev/null
+++ b/providers/implementations/storemgmt/build.info
@@ -0,0 +1,6 @@
+# We make separate GOAL variables for each algorithm, to make it easy to
+# switch each to the Legacy provider when needed.
+
+$STORE_GOAL=../../libimplementations.a
+
+SOURCE[$STORE_GOAL]=file_store.c file_store_der2obj.c
diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
new file mode 100644
index 0000000000..70dbac600b
--- /dev/null
+++ b/providers/implementations/storemgmt/file_store.c
@@ -0,0 +1,920 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h" /* To get strncasecmp() on Windows */
+#include <string.h>
+#include <sys/stat.h>
+#include <ctype.h>
+#include <assert.h>
+
+#include <openssl/core.h>
+#include <openssl/core_dispatch.h>
+#include <openssl/core_names.h>
+#include <openssl/core_object.h>
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/buffer.h>
+#include <openssl/params.h>
+#include <openssl/decoder.h>
+#include <openssl/store.h> /* The OSSL_STORE_INFO type numbers */
+#include "internal/o_dir.h"
+#include "internal/pem.h" /* For PVK and "blob" PEM headers */
+#include "crypto/decoder.h"
+#include "prov/implementations.h"
+#include "prov/bio.h"
+#include "prov/provider_ctx.h"
+#include "prov/providercommonerr.h"
+#include "file_store_local.h"
+
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(OSSL_STORE_INFO)
+
+#ifdef _WIN32
+# define stat _stat
+#endif
+
+#ifndef S_ISDIR
+# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
+#endif
+
+static OSSL_FUNC_store_open_fn file_open;
+static OSSL_FUNC_store_attach_fn file_attach;
+static OSSL_FUNC_store_settable_ctx_params_fn file_settable_ctx_params;
+static OSSL_FUNC_store_set_ctx_params_fn file_set_ctx_params;
+static OSSL_FUNC_store_load_fn file_load;
+static OSSL_FUNC_store_eof_fn file_eof;
+static OSSL_FUNC_store_close_fn file_close;
+
+/*
+ * This implementation makes full use of OSSL_DECODER, and then some.
+ * It uses its own internal decoder implementation that reads DER and
+ * passes that on to the data callback; this decoder is created with
+ * internal OpenSSL functions, thereby bypassing the need for a surrounding
+ * provider. This is ok, since this is a local decoder, not meant for
+ * public consumption. It also uses the libcrypto internal decoder
+ * setup function ossl_decoder_ctx_setup_for_EVP_PKEY(), to allow the
+ * last resort decoder to be added first (and thereby be executed last).
+ * Finally, it sets up its own construct and cleanup functions.
+ *
+ * Essentially, that makes this implementation a kind of glorified decoder.
+ */
+
+struct file_ctx_st {
+ void *provctx;
+ char *uri; /* The URI we currently try to load */
+ enum {
+ IS_FILE = 0, /* Read file and pass results */
+ IS_DIR /* Pass directory entry names */
+ } type;
+
+ /* Flag bits */
+ unsigned int flag_attached:1;
+ unsigned int flag_buffered:1;
+
+ union {
+ /* Used with |IS_FILE| */
+ struct {
+ BIO *file;
+
+ OSSL_DECODER_CTX *decoderctx;
+ char *input_type;
+ char *propq; /* The properties we got as a parameter */
+ } file;
+
+ /* Used with |IS_DIR| */
+ struct {
+ OPENSSL_DIR_CTX *ctx;
+ int end_reached;
+
+ /*
+ * When a search expression is given, these are filled in.
+ * |search_name| contains the file basename to look for.
+ * The string is exactly 8 characters long.
+ */
+ char search_name[9];
+
+ /*
+ * The directory reading utility we have combines opening with
+ * reading the first name. To make sure we can detect the end
+ * at the right time, we read early and cache the name.
+ */
+ const char *last_entry;
+ int last_errno;
+ } dir;
+ } _;
+
+ /* Expected object type. May be unspecified */
+ int expected_type;
+};
+
+static void free_file_ctx(struct file_ctx_st *ctx)
+{
+ if (ctx == NULL)
+ return;
+
+ OPENSSL_free(ctx->uri);
+ if (ctx->type != IS_DIR) {
+ OSSL_DECODER_CTX_free(ctx->_.file.decoderctx);
+ OPENSSL_free(ctx->_.file.propq);
+ OPENSSL_free(ctx->_.file.input_type);
+ }
+ OPENSSL_free(ctx);
+}
+
+static struct file_ctx_st *new_file_ctx(int type, const char *uri,
+ void *provctx)
+{
+ struct file_ctx_st *ctx = NULL;
+
+ if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) != NULL
+ && (uri == NULL || (ctx->uri = OPENSSL_strdup(uri)) != NULL)) {
+ ctx->type = type;
+ ctx->provctx = provctx;
+ return ctx;
+ }
+ free_file_ctx(ctx);
+ return NULL;
+}
+
+static OSSL_DECODER_CONSTRUCT file_load_construct;
+static OSSL_DECODER_CLEANUP file_load_cleanup;
+
+/*-
+ * Opening / attaching streams and directories
+ * -------------------------------------------
+ */
+
+/*
+ * Function to service both file_open() and file_attach()
+ *
+ *
+ */
+static struct file_ctx_st *file_open_stream(BIO *source, const char *uri,
+ const char *input_type,
+ void *provctx)
+{
+ struct file_ctx_st *ctx;
+
+ if ((ctx = new_file_ctx(IS_FILE, uri, provctx)) == NULL
+ || (input_type != NULL
+ && (ctx->_.file.input_type =
+ OPENSSL_strdup(input_type)) == NULL)) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ ctx->_.file.file = source;
+
+ return ctx;
+ err:
+ free_file_ctx(ctx);
+ return NULL;
+}
+
+static void *file_open_dir(const char *path, const char *uri, void *provctx)
+{
+ struct file_ctx_st *ctx;
+
+ if ((ctx = new_file_ctx(IS_DIR, uri, provctx)) == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path);
+ ctx->_.dir.last_errno = errno;
+ if (ctx->_.dir.last_entry == NULL) {
+ if (ctx->_.dir.last_errno != 0) {
+ ERR_raise_data(ERR_LIB_SYS, ctx->_.dir.last_errno,
+ "Calling OPENSSL_DIR_read(\"%s\")", path);
+ goto err;
+ }
+ ctx->_.dir.end_reached = 1;
+ }
+ return ctx;
+ err:
+ file_close(ctx);
+ return NULL;
+}
+
+static void *file_open(void *provctx, const char *uri)
+{
+ struct file_ctx_st *ctx = NULL;
+ struct stat st;
+ struct {
+ const char *path;
+ unsigned int check_absolute:1;
+ } path_data[2];
+ size_t path_data_n = 0, i;
+ const char *path;
+ BIO *bio;
+
+ ERR_set_mark();
+
+ /*
+ * First step, just take the URI as is.
+ */
+ path_data[path_data_n].check_absolute = 0;
+ path_data[path_data_n++].path = uri;
+
+ /*
+ * Second step, if the URI appears to start with the 'file' scheme,
+ * extract the path and make that the second path to check.
+ * There's a special case if the URI also contains an authority, then
+ * the full URI shouldn't be used as a path anywhere.
+ */
+ if (strncasecmp(uri, "file:", 5) == 0) {
+ const char *p = &uri[5];
+
+ if (strncmp(&uri[5], "//", 2) == 0) {
+ path_data_n--; /* Invalidate using the full URI */
+ if (strncasecmp(&uri[7], "localhost/", 10) == 0) {
+ p = &uri[16];
+ } else if (uri[7] == '/') {
+ p = &uri[7];
+ } else {
+ ERR_clear_last_mark();
+ ERR_raise(ERR_LIB_PROV, PROV_R_URI_AUTHORITY_UNSUPPORTED);
+ return NULL;
+ }
+ }
+
+ path_data[path_data_n].check_absolute = 1;
+#ifdef _WIN32
+ /* Windows file: URIs with a drive letter start with a / */
+ if (p[0] == '/' && p[2] == ':' && p[3] == '/') {
+ char c = tolower(p[1]);
+
+ if (c >= 'a' && c <= 'z') {
+ p++;
+ /* We know it's absolute, so no need to check */
+ path_data[path_data_n].check_absolute = 0;
+ }
+ }
+#endif
+ path_data[path_data_n++].path = p;
+ }
+
+
+ for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) {
+ /*
+ * If the scheme "file" was an explicit part of the URI, the path must
+ * be absolute. So says RFC 8089
+ */
+ if (path_data[i].check_absolute && path_data[i].path[0] != '/') {
+ ERR_clear_last_mark();
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_PATH_MUST_BE_ABSOLUTE,
+ "Given path=%s", path_data[i].path);
+ return NULL;
+ }
+
+ if (stat(path_data[i].path, &st) < 0) {
+ ERR_raise_data(ERR_LIB_SYS, errno,
+ "calling stat(%s)",
+ path_data[i].path);
+ } else {
+ path = path_data[i].path;
+ }
+ }
+ if (path == NULL) {
+ ERR_clear_last_mark();
+ return NULL;
+ }
+
+ /* Successfully found a working path, clear possible collected errors */
+ ERR_pop_to_mark();
+
+ if (S_ISDIR(st.st_mode))
+ ctx = file_open_dir(path, uri, provctx);
+ else if ((bio = BIO_new_file(path, "rb")) == NULL
+ || (ctx = file_open_stream(bio, uri, NULL, provctx)) == NULL)
+ BIO_free_all(bio);
+
+ return ctx;
+}
+
+/*
+ * Attached input streams must be treated very very carefully to avoid
+ * nasty surprises.
+ *
+ * This implementation tries to support input streams that can't be reset,
+ * such as standard input. However, OSSL_DECODER assumes resettable streams,
+ * and because the PEM decoder may read quite a bit of the input file to skip
+ * past any non-PEM text that precedes the PEM block, we may need to detect
+ * if the input stream is a PEM file early.
+ *
+ * If the input stream supports BIO_tell(), we assume that it also supports
+ * BIO_seek(), making it a resettable stream and therefore safe to fully
+ * unleash OSSL_DECODER.
+ *
+ * If the input stream doesn't support BIO_tell(), we must assume that we
+ * have a non-resettable stream, and must tread carefully. We do so by
+ * trying to detect if the input is PEM, MSBLOB or PVK, and if not, we
+ * assume that it's DER.
+ *
+ * To detect if an input stream is PEM, MSBLOB or PVK, we use the buffer BIO
+ * filter, which allows us a 4KiB resettable read-ahead. We *hope* that 4KiB
+ * will be enough to find the start of the PEM block.
+ *
+ * It should be possible to use this same technique to detect other file
+ * types as well.
+ *
+ * An alternative technique would be to have an endlessly caching BIO filter.
+ * That would take away the need for all the detection here, and simply leave
+ * it for OSSL_DECODER to find out on its own while supporting its demand for
+ * resettable input streams.
+ * That's a possible future development.
+ */
+
+# define INPUT_TYPE_ANY NULL
+# define INPUT_TYPE_DER "DER"
+# define INPUT_TYPE_PEM "PEM"
+# define INPUT_TYPE_MSBLOB "MSBLOB"
+# define INPUT_TYPE_PVK "PVK"
+
+void *file_attach(void *provctx, OSSL_CORE_BIO *cin)
+{
+ BIO *new_bio = bio_new_from_core_bio(provctx, cin);
+ BIO *new_bio_tmp = NULL;
+ BIO *buff = NULL;
+ char peekbuf[4096] = { 0, };
+ int loc;
+ const char *input_type = NULL;
+ unsigned int flag_attached = 1;
+ unsigned int flag_buffered = 0;
+ struct file_ctx_st *ctx = NULL;
+
+ if (new_bio == NULL)
+ return 0;
+
+ /* Try to get the current position */
+ loc = BIO_tell(new_bio);
+
+ if ((buff = BIO_new(BIO_f_buffer())) == NULL
+ || (new_bio_tmp = BIO_push(buff, new_bio)) == NULL)
+ goto err;
+
+ /* Assumption, if we can't detect PEM */
+ input_type = INPUT_TYPE_DER;
+ flag_buffered = 1;
+ new_bio = new_bio_tmp;
+
+ if (BIO_buffer_peek(new_bio, peekbuf, sizeof(peekbuf) - 1) > 0) {
+#ifndef OPENSSL_NO_DSA
+ const unsigned char *p = NULL;
+ unsigned int magic = 0, bitlen = 0;
+ int isdss = 0, ispub = -1;
+# ifndef OPENSSL_NO_RC4
+ unsigned int saltlen = 0, keylen = 0;
+# endif
+#endif
+
+ peekbuf[sizeof(peekbuf) - 1] = '\0';
+ if (strstr(peekbuf, "-----BEGIN ") != NULL)
+ input_type = INPUT_TYPE_PEM;
+#ifndef OPENSSL_NO_DSA
+ else if (p = (unsigned char *)peekbuf,
+ ossl_do_blob_header(&p, sizeof(peekbuf), &magic, &bitlen,
+ &isdss, &ispub))
+ input_type = INPUT_TYPE_MSBLOB;
+# ifndef OPENSSL_NO_RC4
+ else if (p = (unsigned char *)peekbuf,
+ ossl_do_PVK_header(&p, sizeof(peekbuf), 0, &saltlen, &keylen))
+ input_type = INPUT_TYPE_PVK;
+# endif
+#endif
+ }
+
+ /*
+ * After peeking, we know that the underlying source BIO has moved ahead
+ * from its earlier position and that if it supports BIO_tell(), that
+ * should be a number that differs from |loc|. Otherwise, we will get
+ * the same value, which may one of:
+ *
+ * - zero (the source BIO doesn't support BIO_tell() / BIO_seek() /
+ * BIO_reset())
+ * - -1 (the underlying operating system / C library routines do not
+ * support BIO_tell() / BIO_seek() / BIO_reset())
+ *
+ * If it turns out that the source BIO does support BIO_tell(), we pop
+ * the buffer BIO filter and mark this input as |INPUT_TYPE_ANY|, which
+ * fully unleashes OSSL_DECODER to do its thing.
+ */
+ if (BIO_tell(new_bio) != loc) {
+ /* In this case, anything goes */
+ input_type = INPUT_TYPE_ANY;
+
+ /* Restore the source BIO like it was when entering this function */
+ new_bio = BIO_pop(buff);
+ BIO_free(buff);
+ (void)BIO_seek(new_bio, loc);
+
+ flag_buffered = 0;
+ }
+
+ if ((ctx = file_open_stream(new_bio, NULL, input_type, provctx)) == NULL)
+ goto err;
+
+ ctx->flag_attached = flag_attached;
+ ctx->flag_buffered = flag_buffered;
+
+ return ctx;
+ err:
+ if (flag_buffered) {
+ new_bio = BIO_pop(buff);
+ BIO_free(buff);
+ }
+ BIO_free(new_bio); /* Removes the provider BIO filter */
+ return NULL;
+}
+
+/*-
+ * Setting parameters
+ * ------------------
+ */
+
+static const OSSL_PARAM *file_settable_ctx_params(void *provctx)
+{
+ static const OSSL_PARAM known_settable_ctx_params[] = {
+ OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES, NULL, 0),
+ OSSL_PARAM_int(OSSL_STORE_PARAM_EXPECT, NULL),
+ OSSL_PARAM_octet_string(OSSL_STORE_PARAM_SUBJECT, NULL, 0),
+ OSSL_PARAM_END
+ };
+ return known_settable_ctx_params;
+}
+
+static int file_set_ctx_params(void *loaderctx, const OSSL_PARAM params[])
+{
+ struct file_ctx_st *ctx = loaderctx;
+ const OSSL_PARAM *p;
+
+ p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_PROPERTIES);
+ if (p != NULL) {
+ OPENSSL_free(ctx->_.file.propq);
+ ctx->_.file.propq = NULL;
+ if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.propq, 0))
+ return 0;
+ }
+ p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_EXPECT);
+ if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->expected_type))
+ return 0;
+ p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT);
+ if (p != NULL) {
+ const unsigned char *der = NULL;
+ size_t der_len = 0;
+ X509_NAME *x509_name;
+ unsigned long hash;
+
+ if (ctx->type != IS_DIR) {
+ ERR_raise(ERR_LIB_PROV,
+ PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES);
+ return 0;
+ }
+
+ if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&der, &der_len)
+ || (x509_name = d2i_X509_NAME(NULL, &der, der_len)) == NULL)
+ return 0;
+ hash = X509_NAME_hash(x509_name);
+ BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name),
+ "%08lx", hash);
+ X509_NAME_free(x509_name);
+ }
+ return 1;
+}
+
+/*-
+ * Loading an object from a stream
+ * -------------------------------
+ */
+
+struct file_load_data_st {
+ OSSL_CALLBACK *object_cb;
+ void *object_cbarg;
+};
+
+static int file_load_construct(OSSL_DECODER_INSTANCE *decoder_inst,
+ const OSSL_PARAM *params, void *construct_data)
+{
+ struct file_load_data_st *data = construct_data;
+
+ /*
+ * At some point, we may find it justifiable to recognise PKCS#12 and
+ * handle it specially here, making |file_load()| return pass its
+ * contents one piece at ta time, like |e_loader_attic.c| does.
+ *
+ * However, that currently means parsing them out, which converts the
+ * DER encoded PKCS#12 into a bunch of EVP_PKEYs and X509s, just to
+ * have to re-encode them into DER to create an object abstraction for
+ * each of them.
+ * It's much simpler (less churn) to pass on the object abstraction we
+ * get to the load_result callback and leave it to that one to do the
+ * work. If that's libcrypto code, we know that it has much better
+ * possibilities to handle the EVP_PKEYs and X509s without the extra
+ * churn.
+ */
+
+ return data->object_cb(params, data->object_cbarg);
+}
+
+void file_load_cleanup(void *construct_data)
+{
+ /* Nothing to do */
+}
+
+static int file_setup_decoders(struct file_ctx_st *ctx)
+{
+ EVP_PKEY *dummy; /* for OSSL_DECODER_CTX_new_by_EVP_PKEY() */
+ OPENSSL_CTX *libctx = PROV_CTX_get0_library_context(ctx->provctx);
+ OSSL_DECODER *to_obj = NULL; /* Last resort decoder */
+ OSSL_DECODER_INSTANCE *to_obj_inst = NULL;
+ OSSL_DECODER_CLEANUP *old_cleanup = NULL;
+ void *old_construct_data = NULL;
+ int ok = 0;
+
+ /* Setup for this session, so only if not already done */
+ if (ctx->_.file.decoderctx == NULL) {
+ if ((ctx->_.file.decoderctx = OSSL_DECODER_CTX_new()) == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* Make sure the input type is set */
+ if (!OSSL_DECODER_CTX_set_input_type(ctx->_.file.decoderctx,
+ ctx->_.file.input_type)) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
+ goto err;
+ }
+
+ /*
+ * Create the internal last resort decoder implementation together
+ * with a "decoder instance".
+ * The decoder doesn't need any identification or to be attached to
+ * any provider, since it's only used locally.
+ */
+ to_obj = ossl_decoder_from_dispatch(0, &der_to_obj_algorithm, NULL);
+ if (to_obj == NULL)
+ goto err;
+ to_obj_inst = ossl_decoder_instance_new(to_obj, ctx->provctx);
+ if (to_obj_inst == NULL)
+ goto err;
+
+ if (!ossl_decoder_ctx_add_decoder_inst(ctx->_.file.decoderctx,
+ to_obj_inst)) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
+ goto err;
+ }
+
+ /*
+ * OSSL_DECODER_INSTANCE shouldn't be freed from this point on.
+ * That's going to happen whenever the OSSL_DECODER_CTX is freed.
+ */
+ to_obj_inst = NULL;
+
+ /*
+ * Add on the usual decoder context for keys, with a dummy object.
+ * Since we're setting up our own constructor, we don't need to care
+ * more than that...
+ */
+ if (!ossl_decoder_ctx_setup_for_EVP_PKEY(ctx->_.file.decoderctx, &dummy,
+ libctx, ctx->_.file.propq)
+ || !OSSL_DECODER_CTX_add_extra(ctx->_.file.decoderctx,
+ libctx, ctx->_.file.propq)) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
+ goto err;
+ }
+
+ /*
+ * Then we throw away the installed finalizer data, and install our
+ * own instead.
+ */
+ old_cleanup = OSSL_DECODER_CTX_get_cleanup(ctx->_.file.decoderctx);
+ old_construct_data =
+ OSSL_DECODER_CTX_get_construct_data(ctx->_.file.decoderctx);
+ if (old_cleanup != NULL)
+ old_cleanup(old_construct_data);
+
+ /*
+ * Set the hooks.
+ */
+ if (!OSSL_DECODER_CTX_set_construct(ctx->_.file.decoderctx,
+ file_load_construct)
+ || !OSSL_DECODER_CTX_set_cleanup(ctx->_.file.decoderctx,
+ file_load_cleanup)) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
+ goto err;
+ }
+ }
+
+ ok = 1;
+ err:
+ OSSL_DECODER_free(to_obj);
+ return ok;
+}
+
+static int file_load_file(struct file_ctx_st *ctx,
+ OSSL_CALLBACK *object_cb, void *object_cbarg,
+ OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
+{
+ struct file_load_data_st data;
+
+ /* Setup the decoders (one time shot per session */
+
+ if (!file_setup_decoders(ctx))
+ return 0;
+
+ /* Setup for this object */
+
+ data.object_cb = object_cb;
+ data.object_cbarg = object_cbarg;
+ OSSL_DECODER_CTX_set_construct_data(ctx->_.file.decoderctx, &data);
+ OSSL_DECODER_CTX_set_passphrase_cb(ctx->_.file.decoderctx, pw_cb, pw_cbarg);
+
+ /* Launch */
+
+ return OSSL_DECODER_from_bio(ctx->_.file.decoderctx, ctx->_.file.file);
+}
+
+/*-
+ * Loading a name object from a directory
+ * --------------------------------------
+ */
+
+static int ends_with_dirsep(const char *uri)
+{
+ if (*uri != '\0')
+ uri += strlen(uri) - 1;
+#if defined(__VMS)
+ if (*uri == ']' || *uri == '>' || *uri == ':')
+ return 1;
+#elif defined(_WIN32)
+ if (*uri == '\\')
+ return 1;
+#endif
+ return *uri == '/';
+}
+
+static char *file_name_to_uri(struct file_ctx_st *ctx, const char *name)
+{
+ char *data = NULL;
+
+ assert(name != NULL);
+ {
+ const char *pathsep = ends_with_dirsep(ctx->uri) ? "" : "/";
+ long calculated_length = strlen(ctx->uri) + strlen(pathsep)
+ + strlen(name) + 1 /* \0 */;
+
+ data = OPENSSL_zalloc(calculated_length);
+ if (data == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ OPENSSL_strlcat(data, ctx->uri, calculated_length);
+ OPENSSL_strlcat(data, pathsep, calculated_length);
+ OPENSSL_strlcat(data, name, calculated_length);
+ }
+ return data;
+}
+
+static int file_name_check(struct file_ctx_st *ctx, const char *name)
+{
+ const char *p = NULL;
+
+ /* If there are no search criteria, all names are accepted */
+ if (ctx->_.dir.search_name[0] == '\0')
+ return 1;
+
+ /* If the expected type isn't supported, no name is accepted */
+ if (ctx->expected_type != 0
+ && ctx->expected_type != OSSL_STORE_INFO_CERT
+ && ctx->expected_type != OSSL_STORE_INFO_CRL)
+ return 0;
+
+ /*
+ * First, check the basename
+ */
+ if (strncasecmp(name, ctx->_.dir.search_name,
+ sizeof(ctx->_.dir.search_name) - 1) != 0
+ || name[sizeof(ctx->_.dir.search_name) - 1] != '.')
+ return 0;
+ p = &name[sizeof(ctx->_.dir.search_name)];
+
+ /*
+ * Then, if the expected type is a CRL, check that the extension starts
+ * with 'r'
+ */
+ if (*p == 'r') {
+ p++;
+ if (ctx->expected_type != 0
+ && ctx->expected_type != OSSL_STORE_INFO_CRL)
+ return 0;
+ } else if (ctx->expected_type == OSSL_STORE_INFO_CRL) {
+ return 0;
+ }
+
+ /*
+ * Last, check that the rest of the extension is a decimal number, at
+ * least one digit long.
+ */
+ if (!isdigit(*p))
+ return 0;
+ while (isdigit(*p))
+ p++;
+
+#ifdef __VMS
+ /*
+ * One extra step here, check for a possible generation number.
+ */
+ if (*p == ';')
+ for (p++; *p != '\0'; p++)
+ if (!ossl_isdigit(*p))
+ break;
+#endif
+
+ /*
+ * If we've reached the end of the string at this point, we've successfully
+ * found a fitting file name.
+ */
+ return *p == '\0';
+}
+
+static int file_load_dir_entry(struct file_ctx_st *ctx,
+ OSSL_CALLBACK *object_cb, void *object_cbarg,
+ OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
+{
+ /* Prepare as much as possible in advance */
+ static const int object_type = OSSL_OBJECT_NAME;
+ OSSL_PARAM object[] = {
+ OSSL_PARAM_int(OSSL_OBJECT_PARAM_TYPE, (int *)&object_type),
+ OSSL_PARAM_utf8_string(OSSL_OBJECT_PARAM_DATA, NULL, 0),
+ OSSL_PARAM_END
+ };
+ char *newname = NULL;
+ int ok;
+
+ /* Loop until we get an error or until we have a suitable name */
+ do {
+ if (ctx->_.dir.last_entry == NULL) {
+ if (!ctx->_.dir.end_reached) {
+ assert(ctx->_.dir.last_errno != 0);
+ ERR_raise(ERR_LIB_SYS, ctx->_.dir.last_errno);
+ }
+ /* file_eof() will tell if EOF was reached */
+ return 0;
+ }
+
+ /* flag acceptable names */
+ if (ctx->_.dir.last_entry[0] != '.'
+ && file_name_check(ctx, ctx->_.dir.last_entry)) {
+
+ /* If we can't allocate the new name, we fail */
+ if ((newname =
+ file_name_to_uri(ctx, ctx->_.dir.last_entry)) == NULL)
+ return 0;
+ }
+
+ /*
+ * On the first call (with a NULL context), OPENSSL_DIR_read()
+ * cares about the second argument. On the following calls, it
+ * only cares that it isn't NULL. Therefore, we can safely give
+ * it our URI here.
+ */
+ ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, ctx->uri);
+ ctx->_.dir.last_errno = errno;
+ if (ctx->_.dir.last_entry == NULL && ctx->_.dir.last_errno == 0)
+ ctx->_.dir.end_reached = 1;
+ } while (newname == NULL);
+
+ object[1].data = newname;
+ object[1].data_size = strlen(newname);
+ ok = object_cb(object, object_cbarg);
+ OPENSSL_free(newname);
+ return ok;
+}
+
+/*-
+ * Loading, local dispatcher
+ * -------------------------
+ */
+
+static int file_load(void *loaderctx,
+ OSSL_CALLBACK *object_cb, void *object_cbarg,
+ OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
+{
+ struct file_ctx_st *ctx = loaderctx;
+
+ switch (ctx->type) {
+ case IS_FILE:
+ return file_load_file(ctx, object_cb, object_cbarg, pw_cb, pw_cbarg);
+ case IS_DIR:
+ return
+ file_load_dir_entry(ctx, object_cb, object_cbarg, pw_cb, pw_cbarg);
+ default:
+ break;
+ }
+
+ /* ctx->type has an unexpected value */
+ assert(0);
+ return 0;
+}
+
+/*-
+ * Eof detection and closing
+ * -------------------------
+ */
+
+static int file_eof(void *loaderctx)
+{
+ struct file_ctx_st *ctx = loaderctx;
+
+ switch (ctx->type) {
+ case IS_DIR:
+ return ctx->_.dir.end_reached;
+ case IS_FILE:
+ /*
+ * BIO_pending() checks any filter BIO.
+ * BIO_eof() checks the source BIO.
+ */
+ return !BIO_pending(ctx->_.file.file)
+ && BIO_eof(ctx->_.file.file);
+ }
+
+ /* ctx->type has an unexpected value */
+ assert(0);
+ return 1;
+}
+
+static int file_close_dir(struct file_ctx_st *ctx)
+{
+ if (ctx->_.dir.ctx != NULL)
+ OPENSSL_DIR_end(&ctx->_.dir.ctx);
+ free_file_ctx(ctx);
+ return 1;
+}
+
+static int file_close_stream(struct file_ctx_st *ctx)
+{
+ if (ctx->flag_buffered) {
+ /*
+ * file_attach() pushed a BIO_f_buffer() on top of the regular BIO.
+ * Drop it.
+ */
+ BIO *buff = ctx->_.file.file;
+
+ /* Detach buff */
+ ctx->_.file.file = BIO_pop(ctx->_.file.file);
+
+ BIO_free(buff);
+ }
+
+ /*
+ * If it was attached, we only free the top, as that's the provider BIO
+ * filter. Otherwise, it was entirely allocated by this implementation,
+ * and can safely be completely freed.
+ */
+ if (ctx->flag_attached)
+ BIO_free(ctx->_.file.file);
+ else
+ BIO_free_all(ctx->_.file.file);
+
+ /* To avoid double free */
+ ctx->_.file.file = NULL;
+
+ free_file_ctx(ctx);
+ return 1;
+}
+
+static int file_close(void *loaderctx)
+{
+ struct file_ctx_st *ctx = loaderctx;
+
+ switch (ctx->type) {
+ case IS_DIR:
+ return file_close_dir(ctx);
+ case IS_FILE:
+ return file_close_stream(ctx);
+ }
+
+ /* ctx->type has an unexpected value */
+ assert(0);
+ return 1;
+}
+
+const OSSL_DISPATCH file_store_functions[] = {
+ { OSSL_FUNC_STORE_OPEN, (void (*)(void))file_open },
+ { OSSL_FUNC_STORE_ATTACH, (void (*)(void))file_attach },
+ { OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS,
+ (void (*)(void))file_settable_ctx_params },
+ { OSSL_FUNC_STORE_SET_CTX_PARAMS, (void (*)(void))file_set_ctx_params },
+ { OSSL_FUNC_STORE_LOAD, (void (*)(void))file_load },
+ { OSSL_FUNC_STORE_EOF, (void (*)(void))file_eof },
+ { OSSL_FUNC_STORE_CLOSE, (void (*)(void))file_close },
+ { 0, NULL },
+};
diff --git a/providers/implementations/storemgmt/file_store_der2obj.c b/providers/implementations/storemgmt/file_store_der2obj.c
new file mode 100644
index 0000000000..c7388a9d14
--- /dev/null
+++ b/providers/implementations/storemgmt/file_store_der2obj.c
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This is a decoder that's completely internal to the 'file:' store
+ * implementation. Only code in file_store.c know about this one. Because
+ * of this close relationship, we can cut certain corners, such as making
+ * assumptions about the "provider context", which is currently simply the
+ * provider context that the file_store.c code operates within.
+ *
+ * All this does is to read DER from the input if it can, and passes it on
+ * to the data callback as an object abstraction, leaving it to the callback
+ * to figure out what it actually is.
+ *
+ * This MUST be made the last decoder in a chain, leaving it to other more
+ * specialized decoders to recognise and process their stuff first.
+ */
+
+#include <openssl/core_dispatch.h>
+#include <openssl/core_names.h>
+#include <openssl/core_object.h>
+#include <openssl/bio.h>
+#include <openssl/buffer.h>
+#include <openssl/params.h>
+#include "internal/asn1.h"
+#include "prov/bio.h"
+#include "file_store_local.h"
+
+/*
+ * newctx and freectx are not strictly necessary. However, the method creator,
+ * ossl_decoder_from_dispatch(), demands that they exist, so we make sure to
+ * oblige.
+ */
+
+static OSSL_FUNC_decoder_newctx_fn der2obj_newctx;
+static OSSL_FUNC_decoder_freectx_fn der2obj_freectx;
+
+static void *der2obj_newctx(void *provctx)
+{
+ return provctx;
+}
+
+static void der2obj_freectx(void *vctx)
+{
+}
+
+static OSSL_FUNC_decoder_gettable_params_fn der2obj_gettable_params;
+static OSSL_FUNC_decoder_get_params_fn der2obj_get_params;
+static OSSL_FUNC_decoder_decode_fn der2obj_decode;
+
+static const OSSL_PARAM *der2obj_gettable_params(void *provctx)
+{
+ static const OSSL_PARAM gettables[] = {
+ { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
+ OSSL_PARAM_END,
+ };
+
+ return gettables;
+}
+
+static int der2obj_get_params(OSSL_PARAM params[])
+{
+ OSSL_PARAM *p;
+
+ p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_TYPE);
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "DER"))
+ return 0;
+
+ return 1;
+}
+
+static int der2obj_decode(void *provctx, OSSL_CORE_BIO *cin,
+ OSSL_CALLBACK *data_cb, void *data_cbarg,
+ OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
+{
+ /*
+ * We're called from file_store.c, so we know that OSSL_CORE_BIO is a
+ * BIO in this case.
+ */
+ BIO *in = (BIO *)cin;
+ BUF_MEM *mem = NULL;
+ int ok = (asn1_d2i_read_bio(in, &mem) >= 0);
+
+ if (ok) {
+ OSSL_PARAM params[3];
+ int object_type = OSSL_OBJECT_UNKNOWN;
+
+ params[0] =
+ OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);
+ params[1] =
+ OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA,
+ mem->data, mem->length);
+ params[2] = OSSL_PARAM_construct_end();
+
+ ok = data_cb(params, data_cbarg);
+ OPENSSL_free(mem->data);
+ OPENSSL_free(mem);
+ }
+ return ok;
+}
+
+static const OSSL_DISPATCH der_to_obj_decoder_functions[] = {
+ { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))der2obj_newctx },
+ { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))der2obj_freectx },
+ { OSSL_FUNC_DECODER_GETTABLE_PARAMS,
+ (void (*)(void))der2obj_gettable_params },
+ { OSSL_FUNC_DECODER_GET_PARAMS, (void (*)(void))der2obj_get_params },
+ { OSSL_FUNC_DECODER_DECODE, (void (*)(void))der2obj_decode },
+ { 0, NULL }
+};
+
+const OSSL_ALGORITHM der_to_obj_algorithm =
+ { "obj", NULL, der_to_obj_decoder_functions };
diff --git a/providers/implementations/storemgmt/file_store_local.h b/providers/implementations/storemgmt/file_store_local.h
new file mode 100644
index 0000000000..a95f5fe87c
--- /dev/null
+++ b/providers/implementations/storemgmt/file_store_local.h
@@ -0,0 +1,11 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+extern const OSSL_ALGORITHM der_to_obj_algorithm;
+
diff --git a/providers/stores.inc b/providers/stores.inc
new file mode 100644
index 0000000000..ecf3ca123b
--- /dev/null
+++ b/providers/stores.inc
@@ -0,0 +1,14 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef STORE
+# error Macro STORE undefined
+#endif
+
+STORE("file", "yes", file_store_functions)
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index bae6f2339b..f62e26c290 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -33,6 +33,14 @@
#include "internal/sizes.h"
#include "crypto/evp.h"
+#ifndef OPENSSL_NO_SM2
+/*
+ * TODO(3.0) remove when provider SM2 keymgmt is implemented and
+ * EVP_PKEY_set_alias_type() works with provider-native keys.
+ */
+# define TMP_SM2_HACK
+#endif
+
static OPENSSL_CTX *testctx = NULL;
/*
@@ -881,6 +889,11 @@ static int test_EVP_SM2_verify(void)
if (!TEST_true(pkey != NULL))
goto done;
+#ifdef TMP_SM2_HACK
+ if (!TEST_ptr(EVP_PKEY_get0(pkey)))
+ goto done;
+#endif
+
if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
goto done;
diff --git a/test/evp_test.c b/test/evp_test.c
index 238bbaf3d5..52e1dd2e51 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -3253,7 +3253,7 @@ static void free_key_list(KEY_LIST *lst)
*/
static int key_unsupported(void)
{
- long err = ERR_peek_error();
+ long err = ERR_peek_last_error();
if (ERR_GET_LIB(err) == ERR_LIB_EVP
&& (ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM
@@ -3268,7 +3268,8 @@ static int key_unsupported(void)
* disabled).
*/
if (ERR_GET_LIB(err) == ERR_LIB_EC
- && ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP) {
+ && (ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP
+ || ERR_GET_REASON(err) == EC_R_INVALID_CURVE)) {
ERR_clear_error();
return 1;
}
diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
index 90880be9fc..ffa334f15e 100644
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -117,10 +117,9 @@ ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
}
unless ($no_fips) {
- my $provconf = srctop_file("test", "fips.cnf");
+ my $provconf = srctop_file("test", "fips-and-base.cnf");
my $provpath = bldtop_dir("providers");
my @prov = ( "-provider-path", $provpath,
- "-provider", "base",
"-config", $provconf);
my $infile = bldtop_file('providers', platform->dso('fips'));
diff --git a/test/recipes/15-test_rsaoaep.t b/test/recipes/15-test_rsaoaep.t
index 60d9b44f4f..59646bd223 100644
--- a/test/recipes/15-test_rsaoaep.t
+++ b/test/recipes/15-test_rsaoaep.t
@@ -27,7 +27,7 @@ plan tests =>
+ 9;
my @prov = ( );
-my $provconf = srctop_file("test", "fips.cnf");
+my $provconf = srctop_file("test", "fips-and-base.cnf");
my $provpath = bldtop_dir("providers");
my $msg_file = data_file("plain_text");
my $enc1_file = "enc1.bin";
diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t
index 543038cab9..3c135630f7 100644
--- a/test/recipes/20-test_pkeyutl.t
+++ b/test/recipes/20-test_pkeyutl.t
@@ -24,14 +24,21 @@ SKIP: {
skip "Skipping tests that require EC, SM2 or SM3", 2
if disabled("ec") || disabled("sm2") || disabled("sm3");
+ # TODO(3.0) Remove this when we have a SM2 keymgmt and decoder
+ my @tmp_sm2_hack = qw(-engine loader_attic)
+ unless disabled('dynamic-engine') || disabled('deprecated-3.0');
+ skip "Skipping tests that require dynamic enginess (temporary meaasure)", 2
+ unless @tmp_sm2_hack;
+
# SM2
- ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign',
+ ok_nofips(run(app(([ 'openssl', 'pkeyutl', @tmp_sm2_hack, '-sign',
'-in', srctop_file('test', 'certs', 'sm2.pem'),
'-inkey', srctop_file('test', 'certs', 'sm2.key'),
'-out', 'sm2.sig', '-rawin',
'-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
"Sign a piece of data using SM2");
- ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin',
+ ok_nofips(run(app(([ 'openssl', 'pkeyutl', @tmp_sm2_hack,
+ '-verify', '-certin',
'-in', srctop_file('test', 'certs', 'sm2.pem'),
'-inkey', srctop_file('test', 'certs', 'sm2.pem'),
'-sigfile', 'sm2.sig', '-rawin',
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index 8d26be2bf0..544d32963c 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -29,6 +29,14 @@ if (disabled("rsa")) {
note("There should not be more that at most 80 per line");
}
+# TODO(3.0) This should be removed as soon as missing support is added
+# Identified problems:
+# - SM2 lacks provider-native keymgmt and decoder
+# - ED25519, ED448, X25519 and X448 signature implementations do not
+# respond to the "algorithm-id" parameter request.
+my @tmp_loader_hack = qw(-engine loader_attic)
+ unless disabled('dynamic-engine') || disabled('deprecated-3.0');
+
# Check for duplicate -addext parameters, and one "working" case.
my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
"-config", srctop_file("test", "test.cnf"), @req_new );
@@ -135,15 +143,15 @@ subtest "generating certificate requests with Ed25519" => sub {
SKIP: {
skip "Ed25519 is not supported by this OpenSSL build", 2
- if disabled("ec");
+ if disabled("ec") || !@tmp_loader_hack;
- ok(run(app(["openssl", "req",
+ ok(run(app(["openssl", "req", @tmp_loader_hack,
"-config", srctop_file("test", "test.cnf"),
"-new", "-out", "testreq-ed25519.pem", "-utf8",
"-key", srctop_file("test", "tested25519.pem")])),
"Generating request");
- ok(run(app(["openssl", "req",
+ ok(run(app(["openssl", "req", @tmp_loader_hack,
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq-ed25519.pem", "-noout"])),
"Verifying signature on request");
@@ -155,15 +163,15 @@ subtest "generating certificate requests with Ed448" => sub {
SKIP: {
skip "Ed448 is not supported by this OpenSSL build", 2
- if disabled("ec");
+ if disabled("ec") || !@tmp_loader_hack;
- ok(run(app(["openssl", "req",
+ ok(run(app(["openssl", "req", @tmp_loader_hack,
"-config", srctop_file("test", "test.cnf"),
"-new", "-out", "testreq-ed448.pem", "-utf8",
"-key", srctop_file("test", "tested448.pem")])),
"Generating request");
- ok(run(app(["openssl", "req",
+ ok(run(app(["openssl", "req", @tmp_loader_hack,
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq-ed448.pem", "-noout"])),
"Verifying signature on request");
@@ -187,28 +195,28 @@ subtest "generating SM2 certificate requests" => sub {
SKIP: {
skip "SM2 is not supported by this OpenSSL build", 4
- if disabled("sm2");
- ok(run(app(["openssl", "req",
+ if disabled("sm2") || !@tmp_loader_hack;
+ ok(run(app(["openssl", "req", @tmp_loader_hack,
"-config", srctop_file("test", "test.cnf"),
"-new", "-key", srctop_file("test", "certs", "sm2.key"),
"-sigopt", "distid:1234567812345678",
"-out", "testreq-sm2.pem", "-sm3"])),
"Generating SM2 certificate request");
- ok(run(app(["openssl", "req",
+ ok(run(app(["openssl", "req", @tmp_loader_hack,
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq-sm2.pem", "-noout",
"-vfyopt", "distid:1234567812345678", "-sm3"])),
"Verifying signature on SM2 certificate request");
- ok(run(app(["openssl", "req",
+ ok(run(app(["openssl", "req", @tmp_loader_hack,
"-config", srctop_file("test", "test.cnf"),
"-new", "-key", srctop_file("test", "certs", "sm2.key"),
"-sigopt", "hexdistid:DEADBEEF",
"-out", "testreq-sm2.pem", "-sm3"])),
"Generating SM2 certificate request with hex id");
- ok(run(app(["openssl", "req",
+ ok(run(app(["openssl", "req", @tmp_loader_hack,
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq-sm2.pem", "-noout",
"-vfyopt", "hexdistid:DEADBEEF", "-sm3"])),
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
index 3978fa4835..c80fdd9a87 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -29,7 +29,7 @@ my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
my @configs = ( $defaultcnf );
# Only add the FIPS config if the FIPS module has been built
-push @configs, 'fips.cnf' unless $no_fips;
+push @configs, 'fips-and-base.cnf' unless $no_fips;
# A list of tests that run with both the default and fips provider.
my @files = qw(
@@ -47,8 +47,8 @@ my @files = qw(
evpmd_sha.txt
evppbe_pbkdf2.txt
evppkey_dsa.txt
- evppkey_ecc_nist.txt
- evppkey_ecdh_nist.txt
+ evppkey_ecc.txt
+ evppkey_ecdh.txt
evppkey_ecdsa.txt
evppkey_ecx.txt
evppkey_ffdhe.txt
@@ -93,8 +93,6 @@ my @defltfiles = qw(
evpmd_whirlpool.txt
evppbe_scrypt.txt
evppbe_pkcs12.txt
- evppkey_ecc.txt
- evppkey_ecdh.txt
evppkey_brainpool.txt
evppkey_kdf_scrypt.txt
evppkey_kdf_tls1_prf.txt
diff --git a/test/recipes/30-test_evp_data/evppkey_ecc.txt b/test/recipes/30-test_evp_data/evppkey_ecc.txt
index ea24f9d433..f0ae1081c4 100644
--- a/test/recipes/30-test_evp_data/evppkey_ecc.txt
+++ b/test/recipes/30-test_evp_data/evppkey_ecc.txt
@@ -1164,6 +1164,46 @@ Ctrl=ecdh_cofactor_mode:1
Result=DERIVE_ERROR
Reason=point at infinity
+Title=prime192v1 curve tests
+
+PrivateKey=ALICE_cf_prime192v1
+-----BEGIN PRIVATE KEY-----
+MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhQFYLaobJ47BVWWZv/ByY8Ti69m/U9
+TeI=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_cf_prime192v1_PUB
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEHYbt14KzucSpmKMrlDx1IGz/a28nDs21OjKgx3BK
+PZ78UrllIr69kgrYUKsRg4sd
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=ALICE_cf_prime192v1:ALICE_cf_prime192v1_PUB
+
+PrivateKey=BOB_cf_prime192v1
+-----BEGIN PRIVATE KEY-----
+MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhsbmKHAtygIqirkmUXSbniDJOx0/fI
+CWM=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_cf_prime192v1_PUB
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEJA+FQcXq5Axzv8pLDslxq1QVt1hjN2i0TgoO6Yxp
+bAekMot69VorE8ibSzgJixXJ
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=BOB_cf_prime192v1:BOB_cf_prime192v1_PUB
+
+# ECDH Alice with Bob peer
+Derive=ALICE_cf_prime192v1
+PeerKey=BOB_cf_prime192v1_PUB
+SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354
+
+# ECDH Bob with Alice peer
+Derive=BOB_cf_prime192v1
+PeerKey=ALICE_cf_prime192v1_PUB
+SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354
+
Title=prime192v2 curve tests
PrivateKey=ALICE_cf_prime192v2
@@ -1364,6 +1404,46 @@ Derive=BOB_cf_prime239v3
PeerKey=ALICE_cf_prime239v3_PUB
SharedSecret=4dcc2c67c5993162ed71ebb33077bbb85395b0d3eec2311aa404e45901a0
+Title=prime256v1 curve tests
+
+PrivateKey=ALICE_cf_prime256v1
+-----BEGIN PRIVATE KEY-----
+MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDZE0NZiGAFJX6JQxumKTFRT+XFCQqJ
+gHCUxmU2fRcn9Q==
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_cf_prime256v1_PUB
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5kDOrX6kmk1/jHfEdMBluFos6dyCbzKVOX3v2aa2
+y5IhlhTKtCJdydX+XWLDXWW9sbtIRNP94R3iOOpRPBqpGg==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=ALICE_cf_prime256v1:ALICE_cf_prime256v1_PUB
+
+PrivateKey=BOB_cf_prime256v1
+-----BEGIN PRIVATE KEY-----
+MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCAxJgV1dLJw/o2Dmh1fIY1KpBd88WCP
+23wZzR8DzhyCrA==
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_cf_prime256v1_PUB
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5J6yA+j0zrGi6RilUhjrcL7OUMzYTwpnw5DdRXr0
+creHgE03EFV//7xqadB4BDwFIGM9MV2sE6qREEomWhZFeg==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=BOB_cf_prime256v1:BOB_cf_prime256v1_PUB
+
+# ECDH Alice with Bob peer
+Derive=ALICE_cf_prime256v1
+PeerKey=BOB_cf_prime256v1_PUB
+SharedSecret=ee63690b553dcd9bccb066137725f0489395a83f4d280f309339d606c969734a
+
+# ECDH Bob with Alice peer
+Derive=BOB_cf_prime256v1
+PeerKey=ALICE_cf_prime256v1_PUB
+SharedSecret=ee63690b553dcd9bccb066137725f0489395a83f4d280f309339d606c969734a
+
Title=secp112r1 curve tests
PrivateKey=ALICE_cf_secp112r1
@@ -1762,6 +1842,46 @@ Derive=BOB_cf_secp224k1
PeerKey=ALICE_cf_secp224k1_PUB
SharedSecret=6f7b9d16c9c1d3a5c84b6028f2a4fed9ae8e02455e678a27243bcc48
+Title=secp224r1 curve tests
+
+PrivateKey=ALICE_cf_secp224r1
+-----BEGIN PRIVATE KEY-----
+MDoCAQAwEAYHKoZIzj0CAQYFK4EEACEEIzAhAgEBBBzeo7Y0HMfrIqKNm3r997jcfVAa4osa0AR2
+JA28
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_cf_secp224r1_PUB
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAExZc6o84XjBGLOosGj2t0QctgiyzF3NcVgy+DeW7stkVs
+yS2tRzMPBpwnApRzoRsdJR99sb3eM2s=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=ALICE_cf_secp224r1:ALICE_cf_secp224r1_PUB
+
+PrivateKey=BOB_cf_secp224r1
+-----BEGIN PRIVATE KEY-----
+MDoCAQAwEAYHKoZIzj0CAQYFK4EEACEEIzAhAgEBBBy2LsqxHhdlSiAmMYKQAEmjJWT22T42GYKo
+ZvXM
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_cf_secp224r1_PUB
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAE71Eh6hwTKUrmyl2PdkY787GwxiohIcaqB4eK2Mwg6tU4
+LeJHWcgY18CgPKCaeldUgnkMcJzKj20=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=BOB_cf_secp224r1:BOB_cf_secp224r1_PUB
+
+# ECDH Alice with Bob peer
+Derive=ALICE_cf_secp224r1
+PeerKey=BOB_cf_secp224r1_PUB
+SharedSecret=29d8b75934d74d5153bbb94e0370437c63ecc30bf3d2800ed1cb7eb5
+
+# ECDH Bob with Alice peer
+Derive=BOB_cf_secp224r1
+PeerKey=ALICE_cf_secp224r1_PUB
+SharedSecret=29d8b75934d74d5153bbb94e0370437c63ecc30bf3d2800ed1cb7eb5
+
Title=secp256k1 curve tests
PrivateKey=ALICE_cf_secp256k1
@@ -1802,6 +1922,90 @@ Derive=BOB_cf_secp256k1
PeerKey=ALICE_cf_secp256k1_PUB
SharedSecret=a4745cc4d19cabb9e5cb0abdd5c604cab2846a4638ad844ed9175f3cadda2da1
+Title=secp384r1 curve tests
+
+PrivateKey=ALICE_cf_secp384r1
+-----BEGIN PRIVATE KEY-----
+ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDAp1ErG6wVjuJs90qVbUBxNpQK1wtV4ieX1
+bIU/4HssZK6WjOOTyYguyEBCOf/rUnw=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_cf_secp384r1_PUB
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEx5rt+yujIuPoIXpHGmExKSi/P+58sGYoqgdpdOJUXzn2
+Rc4alCpSxVJeC55xvwaFHc3pzNyRGwnhPmN6oU/KMP6XjBvR4wq35mr/Sym5s0B2blAzkJU37idq
+nTi3xGHx
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=ALICE_cf_secp384r1:ALICE_cf_secp384r1_PUB
+
+PrivateKey=BOB_cf_secp384r1
+-----BEGIN PRIVATE KEY-----
+ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDAUjVgPpiI+xXye0nfRhc8+12hLdWY4fpsO
+Jq2MCp+W85xJwtXsEPrHj1XFnKVpM4c=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_cf_secp384r1_PUB
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE+JUBXRSHixH0TrcvYvIzep7+/WNpEhWdCPsLMygigW5j
+pzP30MF41GnQYgfJu5wI/gu1C/jFTv1X6Dgmla3JxBYlPeD+1L0lEMT3evmHKMM/BFe3WKBuXyhP
+ilrNtfee
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=BOB_cf_secp384r1:BOB_cf_secp384r1_PUB
+
+# ECDH Alice with Bob peer
+Derive=ALICE_cf_secp384r1
+PeerKey=BOB_cf_secp384r1_PUB
+SharedSecret=b3cfe488126e2731fb7c19f82e94fcc05e1dd303649a9257e858030b795c2d344a054b0c44a24fd7f5821f531a9b8cfb
+
+# ECDH Bob with Alice peer
+Derive=BOB_cf_secp384r1
+PeerKey=ALICE_cf_secp384r1_PUB
+SharedSecret=b3cfe488126e2731fb7c19f82e94fcc05e1dd303649a9257e858030b795c2d344a054b0c44a24fd7f5821f531a9b8cfb
+
+Title=secp521r1 curve tests
+
+PrivateKey=ALICE_cf_secp521r1
+-----BEGIN PRIVATE KEY-----
+MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIBsYIcUKeN2evB626LCdYWH/xzUiEDCdRP
+rEENsC8//dowKnOCtlLtawh0DXTIZ/HhpUREuaoffdsmYb6+Oq1TRjc=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_cf_secp521r1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBufYxJf/4Ds6g7LlFRVS62ljm3xApV2T79hfWH8Lv
+iroIaCFjLBIfOVDF8jvj2PO1ar3yCLiSA2RiLZz1Y+tv/tcATHE0nS7l3SfGiGmEnVycEnhgqlKM
+UM3kpdd7eNkQn5/GO8KAPQqA/sOnvTavg5S01t0ub+PY/w0Y6oBgthaUAW0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=ALICE_cf_secp521r1:ALICE_cf_secp521r1_PUB
+
+PrivateKey=BOB_cf_secp521r1
+-----BEGIN PRIVATE KEY-----
+MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIB+3/adZnNwr6GFUzZpi8So7pC/5FYQ0+0
+lMmoUjGvy8DNADcHaPpW68hX/M+z7LrK0Jpnonb9JSEXlgjOPVe4Ea8=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_cf_secp521r1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBLq2fjyCalnvr24tjaz87ijIWlLMoCH7Hmyq1t2l8
+PFbyBIZbngDC0gwFM5ZI582QSWlW79G3clJP9VxlJOsms50BYBYgd6o2JF4w8AnShVXxFSJU1py4
+klCDNhTFybRHFXpujfuUeNnFxAGIUb4edJ0fAqqc7kkERhYe8EPEZYMKp3Q=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=BOB_cf_secp521r1:BOB_cf_secp521r1_PUB
+
+# ECDH Alice with Bob peer
+Derive=ALICE_cf_secp521r1
+PeerKey=BOB_cf_secp521r1_PUB
+SharedSecret=01dd4aa9037bb4ad298b420998dcd32b3a9af1cda8b7919e372aeb4e54ccfb4d2409a340ed896bfbc5dd462f8d96b8784bc17b29db3ca04700e6ec752f9bec777695
+
+# ECDH Bob with Alice peer
+Derive=BOB_cf_secp521r1
+PeerKey=ALICE_cf_secp521r1_PUB
+SharedSecret=01dd4aa9037bb4ad298b420998dcd32b3a9af1cda8b7919e372aeb4e54ccfb4d2409a340ed896bfbc5dd462f8d96b8784bc17b29db3ca04700e6ec752f9bec777695
+
Title=sect113r1 curve tests
PrivateKey=ALICE_cf_sect113r1
@@ -2076,6 +2280,76 @@ Ctrl=ecdh_cofactor_mode:1
Result=DERIVE_ERROR
Reason=point at infinity
+Title=sect163k1 curve tests
+
+PrivateKey=ALICE_cf_sect163k1
+-----BEGIN PRIVATE KEY-----
+MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUB905PYfmej8LzbzX6Bg51GJzXQjQ=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_cf_sect163k1_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBfvs5A1hD8YySP9O2ub8GEUfotVuBpfRx4GIHdAfx8wV
+1UVeTRnyAlWU
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=ALICE_cf_sect163k1:ALICE_cf_sect163k1_PUB
+
+PrivateKey=BOB_cf_sect163k1
+-----BEGIN PRIVATE KEY-----
+MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUCHPtCjJ4/K8ylQBcLlb5VE0bkaUE=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_cf_sect163k1_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBvgfX1mTRlt6Z4TE1D1MNWo4loH4AoeYa6oowK104LKk
+nsdg7isQ8XBD
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=BOB_cf_sect163k1:BOB_cf_sect163k1_PUB
+
+# ECDH Alice with Bob peer
+Derive=ALICE_cf_sect163k1
+PeerKey=BOB_cf_sect163k1_PUB
+SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b
+
+# ECDH Bob with Alice peer
+Derive=BOB_cf_sect163k1
+PeerKey=ALICE_cf_sect163k1_PUB
+SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b
+
+# ECC CDH Alice with Bob peer
+Derive=ALICE_cf_sect163k1
+PeerKey=BOB_cf_sect163k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77
+
+# ECC CDH Bob with Alice peer
+Derive=BOB_cf_sect163k1
+PeerKey=ALICE_cf_sect163k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77
+
+PublicKey=MALICE_cf_sect163k1_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAB
+-----END PUBLIC KEY-----
+
+# ECC CDH Bob with Malice peer
+Derive=BOB_cf_sect163k1
+PeerKey=MALICE_cf_sect163k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
+# ECC CDH Alice with Malice peer
+Derive=ALICE_cf_sect163k1
+PeerKey=MALICE_cf_sect163k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
Title=sect163r1 curve tests
PrivateKey=ALICE_cf_sect163r1
@@ -2146,6 +2420,76 @@ Ctrl=ecdh_cofactor_mode:1
Result=DERIVE_ERROR
Reason=point at infinity
+Title=sect163r2 curve tests
+
+PrivateKey=ALICE_cf_sect163r2
+-----BEGIN PRIVATE KEY-----
+MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBjCs/M3N31jsAueYrOq21vdETwAI=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_cf_sect163r2_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBd8Z1/HpA+89hF4I98EST3svWns3BAEbhWmL/fgxk2uu
+YwVrmqhgqH/C
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=ALICE_cf_sect163r2:ALICE_cf_sect163r2_PUB
+
+PrivateKey=BOB_cf_sect163r2
+-----BEGIN PRIVATE KEY-----
+MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBsiouT9Df+mwHWrpPg1JSrY9nqlI=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_cf_sect163r2_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBULqBZ+nhLhDEMYY8NEEzZ126MdxAcFXWv8zmPEH9505
+8vT5zU3aq6HV
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=BOB_cf_sect163r2:BOB_cf_sect163r2_PUB
+
+# ECDH Alice with Bob peer
+Derive=ALICE_cf_sect163r2
+PeerKey=BOB_cf_sect163r2_PUB
+SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d
+
+# ECDH Bob with Alice peer
+Derive=BOB_cf_sect163r2
+PeerKey=ALICE_cf_sect163r2_PUB
+SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d
+
+# ECC CDH Alice with Bob peer
+Derive=ALICE_cf_sect163r2
+PeerKey=BOB_cf_sect163r2_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f
+
+# ECC CDH Bob with Alice peer
+Derive=BOB_cf_sect163r2
+PeerKey=ALICE_cf_sect163r2_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f
+
+PublicKey=MALICE_cf_sect163r2_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJbhbrfiSdZPSHD
+ZtqJwDlp802l
+-----END PUBLIC KEY-----
+
+# ECC CDH Bob with Malice peer
+Derive=BOB_cf_sect163r2
+PeerKey=MALICE_cf_sect163r2_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
+# ECC CDH Alice with Malice peer
+Derive=ALICE_cf_sect163r2
+PeerKey=MALICE_cf_sect163r2_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
Title=sect193r1 curve tests
PrivateKey=ALICE_cf_sect193r1
@@ -2286,6 +2630,150 @@ Ctrl=ecdh_cofactor_mode:1
Result=DERIVE_ERROR
Reason=point at infinity
+Title=sect233k1 curve tests
+
+PrivateKey=ALICE_cf_sect233k1
+-----BEGIN PRIVATE KEY-----
+MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB0z/3heNFjJL+2sAT/38yRsN3kt2iXz7u+y
+Gua8Kw==
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_cf_sect233k1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEALQyn0zJmOrHm4S2EIjxRe899PadBnfpYjLKWGvpAIzf
+MEG861Nv1IYJkmkO1xlfNHeeRtqFgsQVFKZh
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=ALICE_cf_sect233k1:ALICE_cf_sect233k1_PUB
+
+PrivateKey=BOB_cf_sect233k1
+-----BEGIN PRIVATE KEY-----
+MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB1I0ucrC4d9i6Z+0cbar5r7uKpF5iiQkSJA
+DFMTUA==
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_cf_sect233k1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAatdqazxSghJ568CBFyMXhEvVeAiLewOY/jk9H5DAOB4
+ufNGbdd131KLaKPivB38a6n5Y+2BVSJangow
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=BOB_cf_sect233k1:BOB_cf_sect233k1_PUB
+
+# ECDH Alice with Bob peer
+Derive=ALICE_cf_sect233k1
+PeerKey=BOB_cf_sect233k1_PUB
+SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310
+
+# ECDH Bob with Alice peer
+Derive=BOB_cf_sect233k1
+PeerKey=ALICE_cf_sect233k1_PUB
+SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310
+
+# ECC CDH Alice with Bob peer
+Derive=ALICE_cf_sect233k1
+PeerKey=BOB_cf_sect233k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d
+
+# ECC CDH Bob with Alice peer
+Derive=BOB_cf_sect233k1
+PeerKey=ALICE_cf_sect233k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d
+
+PublicKey=MALICE_cf_sect233k1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-----END PUBLIC KEY-----
+
+# ECC CDH Bob with Malice peer
+Derive=BOB_cf_sect233k1
+PeerKey=MALICE_cf_sect233k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
+# ECC CDH Alice with Malice peer
+Derive=ALICE_cf_sect233k1
+PeerKey=MALICE_cf_sect233k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
+Title=sect233r1 curve tests
+
+PrivateKey=ALICE_cf_sect233r1
+-----BEGIN PRIVATE KEY-----
+MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ATcy7zVpIsJ9rl5EIDmzRz5wxjrDIQyDm
+HP3Pt8Y=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_cf_sect233r1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAQMQHiJ44LiCnZkEg1zyww1h+idTbsw8E07P33WUAUfD
+NeQ4hWEhTXPnytIbEhFKpnd3j/FbyZnJqxh8
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=ALICE_cf_sect233r1:ALICE_cf_sect233r1_PUB
+
+PrivateKey=BOB_cf_sect233r1
+-----BEGIN PRIVATE KEY-----
+MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ALpOlFn4OfiIAkRAZGOsn7L6W3XoQBSV8
+mQVC2pw=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_cf_sect233r1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAJQw+NWqFJXYw4dVMovzvw76OYnYOTaDaEPNW8ECAQbl
+TzzbBSTp5iqM13mP0/Bo4OO66NS3lA9e/GTO
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=BOB_cf_sect233r1:BOB_cf_sect233r1_PUB
+
+# ECDH Alice with Bob peer
+Derive=ALICE_cf_sect233r1
+PeerKey=BOB_cf_sect233r1_PUB
+SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795
+
+# ECDH Bob with Alice peer
+Derive=BOB_cf_sect233r1
+PeerKey=ALICE_cf_sect233r1_PUB
+SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795
+
+# ECC CDH Alice with Bob peer
+Derive=ALICE_cf_sect233r1
+PeerKey=BOB_cf_sect233r1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612
+
+# ECC CDH Bob with Alice peer
+Derive=BOB_cf_sect233r1
+PeerKey=ALICE_cf_sect233r1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612
+
+PublicKey=MALICE_cf_sect233r1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4
+Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4
+-----END PUBLIC KEY-----
+
+# ECC CDH Bob with Malice peer
+Derive=BOB_cf_sect233r1
+PeerKey=MALICE_cf_sect233r1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
+# ECC CDH Alice with Malice peer
+Derive=ALICE_cf_sect233r1
+PeerKey=MALICE_cf_sect233r1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
Title=sect239k1 curve tests
PrivateKey=ALICE_cf_sect239k1
@@ -2358,6 +2846,450 @@ Ctrl=ecdh_cofactor_mode:1
Result=DERIVE_ERROR
Reason=point at infinity
+Title=sect283k1 curve tests
+
+PrivateKey=ALICE_cf_sect283k1
+-----BEGIN PRIVATE KEY-----
+MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQAY1Mi9rST7PiP1t03qYRczV/kSZ+VjQu8
+5EFCgxyvkaLManw=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_cf_sect283k1_PUB
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBMjBO8WoxHS/vz8po52WZGxS+RK5yolrUe6tfbAMA3Sd
+5/JjBDVjOz95vM4gUnqzUWHN5nKBQtj6HiU9Q/R+zqg98OiQKTyA
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=ALICE_cf_sect283k1:ALICE_cf_sect283k1_PUB
+
+PrivateKey=BOB_cf_sect283k1
+-----BEGIN PRIVATE KEY-----
+MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQBCZC8Is+YSjgXJBBDioEl6gu14QpGHllD
+1J6957vBTPSQdH0=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_cf_sect283k1_PUB
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAGEQKZVHYAlvtjHrFyZVm12qUb5j+T5/WNoC962+kwUM
+QkBYA5BpuG8Knlugq1iB31whPAgRCZfdLKHpHRPJSfXvKyUIdeUm
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=BOB_cf_sect283k1:BOB_cf_sect283k1_PUB
+
+# ECDH Alice with Bob peer
+Derive=ALICE_cf_sect283k1
+PeerKey=BOB_cf_sect283k1_PUB
+SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c
+
+# ECDH Bob with Alice peer
+Derive=BOB_cf_sect283k1
+PeerKey=ALICE_cf_sect283k1_PUB
+SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c
+
+# ECC CDH Alice with Bob peer
+Derive=ALICE_cf_sect283k1
+PeerKey=BOB_cf_sect283k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169
+
+# ECC CDH Bob with Alice peer
+Derive=BOB_cf_sect283k1
+PeerKey=ALICE_cf_sect283k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169
+
+PublicKey=MALICE_cf_sect283k1_PUB
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB
+-----END PUBLIC KEY-----
+
+# ECC CDH Bob with Malice peer
+Derive=BOB_cf_sect283k1
+PeerKey=MALICE_cf_sect283k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
+# ECC CDH Alice with Malice peer
+Derive=ALICE_cf_sect283k1
+PeerKey=MALICE_cf_sect283k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
+Title=sect283r1 curve tests
+
+PrivateKey=ALICE_cf_sect283r1
+-----BEGIN PRIVATE KEY-----
+MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQCQ5pqKvPxDysd1pi2Bv8Z11cFhsRZfuaf
+4Pi0hpGr4ubZcHE=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_cf_sect283r1_PUB
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBcsrGDgO7pbGybQX/00gRHtQq3+X9XrGb7Uzv9Nabwc/
+kntnBMF0I2KU+aaTjQx1GVtmNf7CvFwPLEBnfKjJAjekjsGyIqoq
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=ALICE_cf_sect283r1:ALICE_cf_sect283r1_PUB
+
+PrivateKey=BOB_cf_sect283r1
+-----BEGIN PRIVATE KEY-----
+MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQDxItnY3cDCrX/jGnVuAKDPaySZCr3E83Q
+UdFnP6YIykt7+Pg=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_cf_sect283r1_PUB
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBJ2C9BCkX0YRfs2ufgUKvreUXFWp2AGK+iHlZB4N3LqO
+PKpmAkrAeCMty6mw2mEnOR5HA1d4Ee+z7/NJgJJ80Ra9bFnreOW3
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=BOB_cf_sect283r1:BOB_cf_sect283r1_PUB
+
+# ECDH Alice with Bob peer
+Derive=ALICE_cf_sect283r1
+PeerKey=BOB_cf_sect283r1_PUB
+SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773
+
+# ECDH Bob with Alice peer
+Derive=BOB_cf_sect283r1
+PeerKey=ALICE_cf_sect283r1_PUB
+SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773
+
+# ECC CDH Alice with Bob peer
+Derive=ALICE_cf_sect283r1
+PeerKey=BOB_cf_sect283r1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8
+
+# ECC CDH Bob with Alice peer
+Derive=BOB_cf_sect283r1
+PeerKey=ALICE_cf_sect283r1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8
+
+PublicKey=MALICE_cf_sect283r1_PUB
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAByvMnFeSsevoGYMIn7b4NaL9IgowRCTKF8CCrhdEKu3pubP2
+-----END PUBLIC KEY-----
+
+# ECC CDH Bob with Malice peer
+Derive=BOB_cf_sect283r1
+PeerKey=MALICE_cf_sect283r1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
+# ECC CDH Alice with Malice peer
+Derive=ALICE_cf_sect283r1
+PeerKey=MALICE_cf_sect283r1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
+Title=sect409k1 curve tests
+
+PrivateKey=ALICE_cf_sect409k1
+-----BEGIN PRIVATE KEY-----
+MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMOthcLahkXFgM0wjOzm767D1A72sFRGlhb
+bVH+EB7z2WpIcPX4OD+M4Y1pf/a7wSaoSAo=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_cf_sect409k1_PUB
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAbiYYpeFgCMsZFMzQaiwMJDrC+mCMT7KmhYtD5EMMgLW
+5OvhaqYdpRf49A8LOtVcRT7J5gGcMrXQgmQeS3FenA5owWnB2NIgrTNf5d8AAEtrOupsJ4c3kL6e
+aAzayZ1+UCEj8skbC9U=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=ALICE_cf_sect409k1:ALICE_cf_sect409k1_PUB
+
+PrivateKey=BOB_cf_sect409k1
+-----BEGIN PRIVATE KEY-----
+MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMO43ldQllTewdZwffH4OEXdzBrLwabKsn4
+6/hjgIAaYda/pt4yCEQLMp18QgtfMey5ENI=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_cf_sect409k1_PUB
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAVTQj6hRizVmOx4Z6vroN/zMkmAY+QhkQ0CnFeJ0AydY
+Fv+f+/420vMC1Mhqsc9VzPMmIAH6ZrgGKDsd4Ce9JUtYE0rVhGeiG2RaN1U5RlhVK4avkWhFlyQ5
+vuu4aApQiWE3yQd9v/I=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=BOB_cf_sect409k1:BOB_cf_sect409k1_PUB
+
+# ECDH Alice with Bob peer
+Derive=ALICE_cf_sect409k1
+PeerKey=BOB_cf_sect409k1_PUB
+SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0
+
+# ECDH Bob with Alice peer
+Derive=BOB_cf_sect409k1
+PeerKey=ALICE_cf_sect409k1_PUB
+SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0
+
+# ECC CDH Alice with Bob peer
+Derive=ALICE_cf_sect409k1
+PeerKey=BOB_cf_sect409k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee
+
+# ECC CDH Bob with Alice peer
+Derive=BOB_cf_sect409k1
+PeerKey=ALICE_cf_sect409k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee
+
+PublicKey=MALICE_cf_sect409k1_PUB
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAA=
+-----END PUBLIC KEY-----
+
+# ECC CDH Bob with Malice peer
+Derive=BOB_cf_sect409k1
+PeerKey=MALICE_cf_sect409k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
+# ECC CDH Alice with Malice peer
+Derive=ALICE_cf_sect409k1
+PeerKey=MALICE_cf_sect409k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
+Title=sect409r1 curve tests
+
+PrivateKey=ALICE_cf_sect409r1
+-----BEGIN PRIVATE KEY-----
+MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQAxSC9lST5dtfXQI1Ug9VMMoue3GGni5ON
++gieyXK2KKbd29KAPs4/AOd8kX2wQDsZPO7E
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_cf_sect409r1_PUB
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEASAvXAM15DJerAu1JttpBuMJK1/fEfFohu2iEpt3r7Ui
+iQoER6HUsWiw1hhcJyTv7WzpJQHFWrOlJMe/KjmQa/CygSc65YHDzG27oUL+KGdQUGc79ZRSwl/q
+fGZqa3D+bDVMwrhmZto=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=ALICE_cf_sect409r1:ALICE_cf_sect409r1_PUB
+
+PrivateKey=BOB_cf_sect409r1
+-----BEGIN PRIVATE KEY-----
+MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQARen+1P3JQzBgOv0pUYwsZTPRVLpqqDAU
+7mKL2lk9eH7zSGmtNoMvP2m1S2dBnXxFY/bV
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_cf_sect409r1_PUB
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAbDUw066TtdfOpDvrlKosEyqUNEG7rY+AKvDqKw+HOzf
+sUTYee6cEf71oqJ1sCKPQiYzlwCu/HLQeWPxISE6Uo+53kkeJml2xpMBwoE25Gq/DSS61dR7SRTZ
++sUmumbIuGzbrjtMRmw=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=BOB_cf_sect409r1:BOB_cf_sect409r1_PUB
+
+# ECDH Alice with Bob peer
+Derive=ALICE_cf_sect409r1
+PeerKey=BOB_cf_sect409r1_PUB
+SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1
+
+# ECDH Bob with Alice peer
+Derive=BOB_cf_sect409r1
+PeerKey=ALICE_cf_sect409r1_PUB
+SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1
+
+# ECC CDH Alice with Bob peer
+Derive=ALICE_cf_sect409r1
+PeerKey=BOB_cf_sect409r1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad
+
+# ECC CDH Bob with Alice peer
+Derive=BOB_cf_sect409r1
+PeerKey=ALICE_cf_sect409r1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad
+
+PublicKey=MALICE_cf_sect409r1_PUB
+-----BEGIN PUBLIC KEY-----
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAACZNffkdo7i7yL5tKKfU8tdk6su0K185XwbJkn96JWVDPZXZ3My
+bFKKSOJ7hyrM8Lwl1e8=
+-----END PUBLIC KEY-----
+
+# ECC CDH Bob with Malice peer
+Derive=BOB_cf_sect409r1
+PeerKey=MALICE_cf_sect409r1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
+# ECC CDH Alice with Malice peer
+Derive=ALICE_cf_sect409r1
+PeerKey=MALICE_cf_sect409r1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
+Title=sect571k1 curve tests
+
+PrivateKey=ALICE_cf_sect571k1
+-----BEGIN PRIVATE KEY-----
+MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgB4agvk7Qdf9bVb9aMVdtXL0MuVw6dTleB
+zrpPMYty/piI5GWkQEGVp4OJSjF1BGgWmtYSYlV0oI8jJ7hfWTjVGfVWix4ipb8=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_cf_sect571k1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDUZq0ZrgYpTXNpOptjExaur0K9FAYHv1j9cvAptwX
+dcmQf3VqekMkGZCfNdqNeqCajG3QHRkBHe4FZhWr3FXi8whvvr463lUDf+t46un1kE6FTYfhILGa
+sBZm7OdfkarYd9TXBbmnkFA+XkyPlkM1+6daM3/WmnegK+TYghFDXLgwiyF8s0ElllF7z38Gmc4=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=ALICE_cf_sect571k1:ALICE_cf_sect571k1_PUB
+
+PrivateKey=BOB_cf_sect571k1
+-----BEGIN PRIVATE KEY-----
+MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgA3pINxGOI7L9M+Mil+bm/udPwI4xu7ubJ
+p3aoOepTXW94laf8wjFLcQnRUwH87Vbq9VLQEfCAFvr2vZoBc+5asnNuDhRNNeQ=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_cf_sect571k1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDZRr5GCSq2uzGxmWNB+bED7zye18Rr/KehwXrbn1r
+rKtR8fe+dg2V15FieC3qZe/wCpMtyp79VmEabGi6iGLlAN/rUE81URsA/K7GVpmklslV5gmwryR0
+3E7jGKPFesun9iNtmpgM18P9y3aJd4Qr4hMlwW2Nyw187l6QB/W2e/i+8vKXFTLHlz5WLAyAcpA=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=BOB_cf_sect571k1:BOB_cf_sect571k1_PUB
+
+# ECDH Alice with Bob peer
+Derive=ALICE_cf_sect571k1
+PeerKey=BOB_cf_sect571k1_PUB
+SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c
+
+# ECDH Bob with Alice peer
+Derive=BOB_cf_sect571k1
+PeerKey=ALICE_cf_sect571k1_PUB
+SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c
+
+# ECC CDH Alice with Bob peer
+Derive=ALICE_cf_sect571k1
+PeerKey=BOB_cf_sect571k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2
+
+# ECC CDH Bob with Alice peer
+Derive=BOB_cf_sect571k1
+PeerKey=ALICE_cf_sect571k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2
+
+PublicKey=MALICE_cf_sect571k1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE=
+-----END PUBLIC KEY-----
+
+# ECC CDH Bob with Malice peer
+Derive=BOB_cf_sect571k1
+PeerKey=MALICE_cf_sect571k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
+# ECC CDH Alice with Malice peer
+Derive=ALICE_cf_sect571k1
+PeerKey=MALICE_cf_sect571k1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
+Title=sect571r1 curve tests
+
+PrivateKey=ALICE_cf_sect571r1
+-----BEGIN PRIVATE KEY-----
+MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAxfL2/gUsmJonvDMR95Azq1ySgXMlKSRk
++PL+WaS92ZyOo45HaC7RpH5sdkf4b948u6y1BXOxGZuORXy6lgbgZ1Zx2UgL3cI=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_cf_sect571r1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBK5L9ccIWacU2A1srZ35opPu6kcbEOsBPmvj/rlMS
+fFrdMOcagOYfcD0/ouYHPhvkHbr9k87IlQJfnV6ZNRA4PmWSp/FjkNwETm/fqTCUQHti/qqnKH7R
+Ed4fYROLFGvz+PX6E20SryOt1vrmoRyC7Z5FVmgMVOQQ1AaBNAHi3+IPtKx41YdXdbqHJxuI5jE=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=ALICE_cf_sect571r1:ALICE_cf_sect571r1_PUB
+
+PrivateKey=BOB_cf_sect571r1
+-----BEGIN PRIVATE KEY-----
+MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAzcRvASPpWi0ybpOGlj0Lozz01C2a5oDA
+G5alib1EmZKcpVULxJXn75FQlTKpkUEuWUgA4yk5X5DTiScUuh4LDhaF3AFhsEY=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_cf_sect571r1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQH3dnL22NajtqDWTX6qD14w1BOlpHFBUPTr24VySlh
+kiiBlOF95u7hFr/hSb7gm/3f+IVKyE18Sh2kR4KaxWcPWKY5xKTiqiICT7hCistuzNRt8gR+kNOT
+c1rETMV6ZruZinwzEWWWjwJf6612oy2HG3CX3B8Rm+a3sS0q6IzowEwqmDv6v9bMTFk8bsCv0Fk=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=BOB_cf_sect571r1:BOB_cf_sect571r1_PUB
+
+# ECDH Alice with Bob peer
+Derive=ALICE_cf_sect571r1
+PeerKey=BOB_cf_sect571r1_PUB
+SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827
+
+# ECDH Bob with Alice peer
+Derive=BOB_cf_sect571r1
+PeerKey=ALICE_cf_sect571r1_PUB
+SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827
+
+# ECC CDH Alice with Bob peer
+Derive=ALICE_cf_sect571r1
+PeerKey=BOB_cf_sect571r1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0
+
+# ECC CDH Bob with Alice peer
+Derive=BOB_cf_sect571r1
+PeerKey=ALICE_cf_sect571r1_PUB
+Ctrl=ecdh_cofactor_mode:1
+SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0
+
+PublicKey=MALICE_cf_sect571r1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHMtVWZAwgtd1zmgWN/9WC
+aNQcWRNUKesEHXqhJVkC5jYsSACodKsLYFNrWEYM0gwG8DQONZSn93G+38EM45tkaZsIRDt2HEM=
+-----END PUBLIC KEY-----
+
+# ECC CDH Bob with Malice peer
+Derive=BOB_cf_sect571r1
+PeerKey=MALICE_cf_sect571r1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
+# ECC CDH Alice with Malice peer
+Derive=ALICE_cf_sect571r1
+PeerKey=MALICE_cf_sect571r1_PUB
+Ctrl=ecdh_cofactor_mode:1
+Result=DERIVE_ERROR
+Reason=point at infinity
+
Title=wap-wsg-idm-ecid-wtls10 curve tests
PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls10
diff --git a/test/recipes/30-test_evp_data/evppkey_ecc_nist.txt b/test/recipes/30-test_evp_data/evppkey_ecc_nist.txt
deleted file mode 100644
index ffaa04233e..0000000000
--- a/test/recipes/30-test_evp_data/evppkey_ecc_nist.txt
+++ /dev/null
@@ -1,945 +0,0 @@
-#
-# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License"). You may not use
-# this file except in compliance with the License. You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-# Tests start with one of these keywords
-# Cipher Decrypt Derive Digest Encoding KDF MAC PBE
-# PrivPubKeyPair Sign Verify VerifyRecover
-# and continue until a blank line. Lines starting with a pound sign are ignored.
-
-Title=prime192v1 curve tests
-
-PrivateKey=ALICE_cf_prime192v1
------BEGIN PRIVATE KEY-----
-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhQFYLaobJ47BVWWZv/ByY8Ti69m/U9
-TeI=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_cf_prime192v1_PUB
------BEGIN PUBLIC KEY-----
-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEHYbt14KzucSpmKMrlDx1IGz/a28nDs21OjKgx3BK
-PZ78UrllIr69kgrYUKsRg4sd
------END PUBLIC KEY-----
-
-PrivPubKeyPair=ALICE_cf_prime192v1:ALICE_cf_prime192v1_PUB
-
-PrivateKey=BOB_cf_prime192v1
------BEGIN PRIVATE KEY-----
-MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhsbmKHAtygIqirkmUXSbniDJOx0/fI
-CWM=
------END PRIVATE KEY-----
-
-PublicKey=BOB_cf_prime192v1_PUB
------BEGIN PUBLIC KEY-----
-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEJA+FQcXq5Axzv8pLDslxq1QVt1hjN2i0TgoO6Yxp
-bAekMot69VorE8ibSzgJixXJ
------END PUBLIC KEY-----
-
-PrivPubKeyPair=BOB_cf_prime192v1:BOB_cf_prime192v1_PUB
-
-# ECDH Alice with Bob peer
-Derive=ALICE_cf_prime192v1
-PeerKey=BOB_cf_prime192v1_PUB
-SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354
-
-# ECDH Bob with Alice peer
-Derive=BOB_cf_prime192v1
-PeerKey=ALICE_cf_prime192v1_PUB
-SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354
-
-Title=prime256v1 curve tests
-
-PrivateKey=ALICE_cf_prime256v1
------BEGIN PRIVATE KEY-----
-MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDZE0NZiGAFJX6JQxumKTFRT+XFCQqJ
-gHCUxmU2fRcn9Q==
------END PRIVATE KEY-----
-
-PublicKey=ALICE_cf_prime256v1_PUB
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5kDOrX6kmk1/jHfEdMBluFos6dyCbzKVOX3v2aa2
-y5IhlhTKtCJdydX+XWLDXWW9sbtIRNP94R3iOOpRPBqpGg==
------END PUBLIC KEY-----
-
-PrivPubKeyPair=ALICE_cf_prime256v1:ALICE_cf_prime256v1_PUB
-
-PrivateKey=BOB_cf_prime256v1
------BEGIN PRIVATE KEY-----
-MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCAxJgV1dLJw/o2Dmh1fIY1KpBd88WCP
-23wZzR8DzhyCrA==
------END PRIVATE KEY-----
-
-PublicKey=BOB_cf_prime256v1_PUB
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5J6yA+j0zrGi6RilUhjrcL7OUMzYTwpnw5DdRXr0
-creHgE03EFV//7xqadB4BDwFIGM9MV2sE6qREEomWhZFeg==
------END PUBLIC KEY-----
-
-PrivPubKeyPair=BOB_cf_prime256v1:BOB_cf_prime256v1_PUB
-
-# ECDH Alice with Bob peer
-Derive=ALICE_cf_prime256v1
-PeerKey=BOB_cf_prime256v1_PUB
-SharedSecret=ee63690b553dcd9bccb066137725f0489395a83f4d280f309339d606c969734a
-
-# ECDH Bob with Alice peer
-Derive=BOB_cf_prime256v1
-PeerKey=ALICE_cf_prime256v1_PUB
-SharedSecret=ee63690b553dcd9bccb066137725f0489395a83f4d280f309339d606c969734a
-
-Title=secp224r1 curve tests
-
-PrivateKey=ALICE_cf_secp224r1
------BEGIN PRIVATE KEY-----
-MDoCAQAwEAYHKoZIzj0CAQYFK4EEACEEIzAhAgEBBBzeo7Y0HMfrIqKNm3r997jcfVAa4osa0AR2
-JA28
------END PRIVATE KEY-----
-
-PublicKey=ALICE_cf_secp224r1_PUB
------BEGIN PUBLIC KEY-----
-ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAExZc6o84XjBGLOosGj2t0QctgiyzF3NcVgy+DeW7stkVs
-yS2tRzMPBpwnApRzoRsdJR99sb3eM2s=
------END PUBLIC KEY-----
-
-PrivPubKeyPair=ALICE_cf_secp224r1:ALICE_cf_secp224r1_PUB
-
-PrivateKey=BOB_cf_secp224r1
------BEGIN PRIVATE KEY-----
-MDoCAQAwEAYHKoZIzj0CAQYFK4EEACEEIzAhAgEBBBy2LsqxHhdlSiAmMYKQAEmjJWT22T42GYKo
-ZvXM
------END PRIVATE KEY-----
-
-PublicKey=BOB_cf_secp224r1_PUB
------BEGIN PUBLIC KEY-----
-ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAE71Eh6hwTKUrmyl2PdkY787GwxiohIcaqB4eK2Mwg6tU4
-LeJHWcgY18CgPKCaeldUgnkMcJzKj20=
------END PUBLIC KEY-----
-
-PrivPubKeyPair=BOB_cf_secp224r1:BOB_cf_secp224r1_PUB
-
-# ECDH Alice with Bob peer
-Derive=ALICE_cf_secp224r1
-PeerKey=BOB_cf_secp224r1_PUB
-SharedSecret=29d8b75934d74d5153bbb94e0370437c63ecc30bf3d2800ed1cb7eb5
-
-# ECDH Bob with Alice peer
-Derive=BOB_cf_secp224r1
-PeerKey=ALICE_cf_secp224r1_PUB
-SharedSecret=29d8b75934d74d5153bbb94e0370437c63ecc30bf3d2800ed1cb7eb5
-
-Title=secp384r1 curve tests
-
-PrivateKey=ALICE_cf_secp384r1
------BEGIN PRIVATE KEY-----
-ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDAp1ErG6wVjuJs90qVbUBxNpQK1wtV4ieX1
-bIU/4HssZK6WjOOTyYguyEBCOf/rUnw=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_cf_secp384r1_PUB
------BEGIN PUBLIC KEY-----
-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEx5rt+yujIuPoIXpHGmExKSi/P+58sGYoqgdpdOJUXzn2
-Rc4alCpSxVJeC55xvwaFHc3pzNyRGwnhPmN6oU/KMP6XjBvR4wq35mr/Sym5s0B2blAzkJU37idq
-nTi3xGHx
------END PUBLIC KEY-----
-
-PrivPubKeyPair=ALICE_cf_secp384r1:ALICE_cf_secp384r1_PUB
-
-PrivateKey=BOB_cf_secp384r1
------BEGIN PRIVATE KEY-----
-ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDAUjVgPpiI+xXye0nfRhc8+12hLdWY4fpsO
-Jq2MCp+W85xJwtXsEPrHj1XFnKVpM4c=
------END PRIVATE KEY-----
-
-PublicKey=BOB_cf_secp384r1_PUB
------BEGIN PUBLIC KEY-----
-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE+JUBXRSHixH0TrcvYvIzep7+/WNpEhWdCPsLMygigW5j
-pzP30MF41GnQYgfJu5wI/gu1C/jFTv1X6Dgmla3JxBYlPeD+1L0lEMT3evmHKMM/BFe3WKBuXyhP
-ilrNtfee
------END PUBLIC KEY-----
-
-PrivPubKeyPair=BOB_cf_secp384r1:BOB_cf_secp384r1_PUB
-
-# ECDH Alice with Bob peer
-Derive=ALICE_cf_secp384r1
-PeerKey=BOB_cf_secp384r1_PUB
-SharedSecret=b3cfe488126e2731fb7c19f82e94fcc05e1dd303649a9257e858030b795c2d344a054b0c44a24fd7f5821f531a9b8cfb
-
-# ECDH Bob with Alice peer
-Derive=BOB_cf_secp384r1
-PeerKey=ALICE_cf_secp384r1_PUB
-SharedSecret=b3cfe488126e2731fb7c19f82e94fcc05e1dd303649a9257e858030b795c2d344a054b0c44a24fd7f5821f531a9b8cfb
-
-Title=secp521r1 curve tests
-
-PrivateKey=ALICE_cf_secp521r1
------BEGIN PRIVATE KEY-----
-MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIBsYIcUKeN2evB626LCdYWH/xzUiEDCdRP
-rEENsC8//dowKnOCtlLtawh0DXTIZ/HhpUREuaoffdsmYb6+Oq1TRjc=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_cf_secp521r1_PUB
------BEGIN PUBLIC KEY-----
-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBufYxJf/4Ds6g7LlFRVS62ljm3xApV2T79hfWH8Lv
-iroIaCFjLBIfOVDF8jvj2PO1ar3yCLiSA2RiLZz1Y+tv/tcATHE0nS7l3SfGiGmEnVycEnhgqlKM
-UM3kpdd7eNkQn5/GO8KAPQqA/sOnvTavg5S01t0ub+PY/w0Y6oBgthaUAW0=
------END PUBLIC KEY-----
-
-PrivPubKeyPair=ALICE_cf_secp521r1:ALICE_cf_secp521r1_PUB
-
-PrivateKey=BOB_cf_secp521r1
------BEGIN PRIVATE KEY-----
-MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIB+3/adZnNwr6GFUzZpi8So7pC/5FYQ0+0
-lMmoUjGvy8DNADcHaPpW68hX/M+z7LrK0Jpnonb9JSEXlgjOPVe4Ea8=
------END PRIVATE KEY-----
-
-PublicKey=BOB_cf_secp521r1_PUB
------BEGIN PUBLIC KEY-----
-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBLq2fjyCalnvr24tjaz87ijIWlLMoCH7Hmyq1t2l8
-PFbyBIZbngDC0gwFM5ZI582QSWlW79G3clJP9VxlJOsms50BYBYgd6o2JF4w8AnShVXxFSJU1py4
-klCDNhTFybRHFXpujfuUeNnFxAGIUb4edJ0fAqqc7kkERhYe8EPEZYMKp3Q=
------END PUBLIC KEY-----
-
-PrivPubKeyPair=BOB_cf_secp521r1:BOB_cf_secp521r1_PUB
-
-# ECDH Alice with Bob peer
-Derive=ALICE_cf_secp521r1
-PeerKey=BOB_cf_secp521r1_PUB
-SharedSecret=01dd4aa9037bb4ad298b420998dcd32b3a9af1cda8b7919e372aeb4e54ccfb4d2409a340ed896bfbc5dd462f8d96b8784bc17b29db3ca04700e6ec752f9bec777695
-
-# ECDH Bob with Alice peer
-Derive=BOB_cf_secp521r1
-PeerKey=ALICE_cf_secp521r1_PUB
-SharedSecret=01dd4aa9037bb4ad298b420998dcd32b3a9af1cda8b7919e372aeb4e54ccfb4d2409a340ed896bfbc5dd462f8d96b8784bc17b29db3ca04700e6ec752f9bec777695
-
-Title=sect163k1 curve tests
-
-PrivateKey=ALICE_cf_sect163k1
------BEGIN PRIVATE KEY-----
-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUB905PYfmej8LzbzX6Bg51GJzXQjQ=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_cf_sect163k1_PUB
------BEGIN PUBLIC KEY-----
-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBfvs5A1hD8YySP9O2ub8GEUfotVuBpfRx4GIHdAfx8wV
-1UVeTRnyAlWU
------END PUBLIC KEY-----
-
-PrivPubKeyPair=ALICE_cf_sect163k1:ALICE_cf_sect163k1_PUB
-
-PrivateKey=BOB_cf_sect163k1
------BEGIN PRIVATE KEY-----
-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUCHPtCjJ4/K8ylQBcLlb5VE0bkaUE=
------END PRIVATE KEY-----
-
-PublicKey=BOB_cf_sect163k1_PUB
------BEGIN PUBLIC KEY-----
-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBvgfX1mTRlt6Z4TE1D1MNWo4loH4AoeYa6oowK104LKk
-nsdg7isQ8XBD
------END PUBLIC KEY-----
-
-PrivPubKeyPair=BOB_cf_sect163k1:BOB_cf_sect163k1_PUB
-
-# ECDH Alice with Bob peer
-Derive=ALICE_cf_sect163k1
-PeerKey=BOB_cf_sect163k1_PUB
-SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b
-
-# ECDH Bob with Alice peer
-Derive=BOB_cf_sect163k1
-PeerKey=ALICE_cf_sect163k1_PUB
-SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b
-
-# ECC CDH Alice with Bob peer
-Derive=ALICE_cf_sect163k1
-PeerKey=BOB_cf_sect163k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77
-
-# ECC CDH Bob with Alice peer
-Derive=BOB_cf_sect163k1
-PeerKey=ALICE_cf_sect163k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77
-
-PublicKey=MALICE_cf_sect163k1_PUB
------BEGIN PUBLIC KEY-----
-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAB
------END PUBLIC KEY-----
-
-# ECC CDH Bob with Malice peer
-Derive=BOB_cf_sect163k1
-PeerKey=MALICE_cf_sect163k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-# ECC CDH Alice with Malice peer
-Derive=ALICE_cf_sect163k1
-PeerKey=MALICE_cf_sect163k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-Title=sect163r2 curve tests
-
-PrivateKey=ALICE_cf_sect163r2
------BEGIN PRIVATE KEY-----
-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBjCs/M3N31jsAueYrOq21vdETwAI=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_cf_sect163r2_PUB
------BEGIN PUBLIC KEY-----
-MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBd8Z1/HpA+89hF4I98EST3svWns3BAEbhWmL/fgxk2uu
-YwVrmqhgqH/C
------END PUBLIC KEY-----
-
-PrivPubKeyPair=ALICE_cf_sect163r2:ALICE_cf_sect163r2_PUB
-
-PrivateKey=BOB_cf_sect163r2
------BEGIN PRIVATE KEY-----
-MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBsiouT9Df+mwHWrpPg1JSrY9nqlI=
------END PRIVATE KEY-----
-
-PublicKey=BOB_cf_sect163r2_PUB
------BEGIN PUBLIC KEY-----
-MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBULqBZ+nhLhDEMYY8NEEzZ126MdxAcFXWv8zmPEH9505
-8vT5zU3aq6HV
------END PUBLIC KEY-----
-
-PrivPubKeyPair=BOB_cf_sect163r2:BOB_cf_sect163r2_PUB
-
-# ECDH Alice with Bob peer
-Derive=ALICE_cf_sect163r2
-PeerKey=BOB_cf_sect163r2_PUB
-SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d
-
-# ECDH Bob with Alice peer
-Derive=BOB_cf_sect163r2
-PeerKey=ALICE_cf_sect163r2_PUB
-SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d
-
-# ECC CDH Alice with Bob peer
-Derive=ALICE_cf_sect163r2
-PeerKey=BOB_cf_sect163r2_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f
-
-# ECC CDH Bob with Alice peer
-Derive=BOB_cf_sect163r2
-PeerKey=ALICE_cf_sect163r2_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f
-
-PublicKey=MALICE_cf_sect163r2_PUB
------BEGIN PUBLIC KEY-----
-MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJbhbrfiSdZPSHD
-ZtqJwDlp802l
------END PUBLIC KEY-----
-
-# ECC CDH Bob with Malice peer
-Derive=BOB_cf_sect163r2
-PeerKey=MALICE_cf_sect163r2_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-# ECC CDH Alice with Malice peer
-Derive=ALICE_cf_sect163r2
-PeerKey=MALICE_cf_sect163r2_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-Title=sect233k1 curve tests
-
-PrivateKey=ALICE_cf_sect233k1
------BEGIN PRIVATE KEY-----
-MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB0z/3heNFjJL+2sAT/38yRsN3kt2iXz7u+y
-Gua8Kw==
------END PRIVATE KEY-----
-
-PublicKey=ALICE_cf_sect233k1_PUB
------BEGIN PUBLIC KEY-----
-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEALQyn0zJmOrHm4S2EIjxRe899PadBnfpYjLKWGvpAIzf
-MEG861Nv1IYJkmkO1xlfNHeeRtqFgsQVFKZh
------END PUBLIC KEY-----
-
-PrivPubKeyPair=ALICE_cf_sect233k1:ALICE_cf_sect233k1_PUB
-
-PrivateKey=BOB_cf_sect233k1
------BEGIN PRIVATE KEY-----
-MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB1I0ucrC4d9i6Z+0cbar5r7uKpF5iiQkSJA
-DFMTUA==
------END PRIVATE KEY-----
-
-PublicKey=BOB_cf_sect233k1_PUB
------BEGIN PUBLIC KEY-----
-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAatdqazxSghJ568CBFyMXhEvVeAiLewOY/jk9H5DAOB4
-ufNGbdd131KLaKPivB38a6n5Y+2BVSJangow
------END PUBLIC KEY-----
-
-PrivPubKeyPair=BOB_cf_sect233k1:BOB_cf_sect233k1_PUB
-
-# ECDH Alice with Bob peer
-Derive=ALICE_cf_sect233k1
-PeerKey=BOB_cf_sect233k1_PUB
-SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310
-
-# ECDH Bob with Alice peer
-Derive=BOB_cf_sect233k1
-PeerKey=ALICE_cf_sect233k1_PUB
-SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310
-
-# ECC CDH Alice with Bob peer
-Derive=ALICE_cf_sect233k1
-PeerKey=BOB_cf_sect233k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d
-
-# ECC CDH Bob with Alice peer
-Derive=BOB_cf_sect233k1
-PeerKey=ALICE_cf_sect233k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d
-
-PublicKey=MALICE_cf_sect233k1_PUB
------BEGIN PUBLIC KEY-----
-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
------END PUBLIC KEY-----
-
-# ECC CDH Bob with Malice peer
-Derive=BOB_cf_sect233k1
-PeerKey=MALICE_cf_sect233k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-# ECC CDH Alice with Malice peer
-Derive=ALICE_cf_sect233k1
-PeerKey=MALICE_cf_sect233k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-Title=sect233r1 curve tests
-
-PrivateKey=ALICE_cf_sect233r1
------BEGIN PRIVATE KEY-----
-MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ATcy7zVpIsJ9rl5EIDmzRz5wxjrDIQyDm
-HP3Pt8Y=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_cf_sect233r1_PUB
------BEGIN PUBLIC KEY-----
-MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAQMQHiJ44LiCnZkEg1zyww1h+idTbsw8E07P33WUAUfD
-NeQ4hWEhTXPnytIbEhFKpnd3j/FbyZnJqxh8
------END PUBLIC KEY-----
-
-PrivPubKeyPair=ALICE_cf_sect233r1:ALICE_cf_sect233r1_PUB
-
-PrivateKey=BOB_cf_sect233r1
------BEGIN PRIVATE KEY-----
-MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ALpOlFn4OfiIAkRAZGOsn7L6W3XoQBSV8
-mQVC2pw=
------END PRIVATE KEY-----
-
-PublicKey=BOB_cf_sect233r1_PUB
------BEGIN PUBLIC KEY-----
-MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAJQw+NWqFJXYw4dVMovzvw76OYnYOTaDaEPNW8ECAQbl
-TzzbBSTp5iqM13mP0/Bo4OO66NS3lA9e/GTO
------END PUBLIC KEY-----
-
-PrivPubKeyPair=BOB_cf_sect233r1:BOB_cf_sect233r1_PUB
-
-# ECDH Alice with Bob peer
-Derive=ALICE_cf_sect233r1
-PeerKey=BOB_cf_sect233r1_PUB
-SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795
-
-# ECDH Bob with Alice peer
-Derive=BOB_cf_sect233r1
-PeerKey=ALICE_cf_sect233r1_PUB
-SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795
-
-# ECC CDH Alice with Bob peer
-Derive=ALICE_cf_sect233r1
-PeerKey=BOB_cf_sect233r1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612
-
-# ECC CDH Bob with Alice peer
-Derive=BOB_cf_sect233r1
-PeerKey=ALICE_cf_sect233r1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612
-
-PublicKey=MALICE_cf_sect233r1_PUB
------BEGIN PUBLIC KEY-----
-MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4
-Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4
------END PUBLIC KEY-----
-
-# ECC CDH Bob with Malice peer
-Derive=BOB_cf_sect233r1
-PeerKey=MALICE_cf_sect233r1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-# ECC CDH Alice with Malice peer
-Derive=ALICE_cf_sect233r1
-PeerKey=MALICE_cf_sect233r1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-Title=sect283k1 curve tests
-
-PrivateKey=ALICE_cf_sect283k1
------BEGIN PRIVATE KEY-----
-MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQAY1Mi9rST7PiP1t03qYRczV/kSZ+VjQu8
-5EFCgxyvkaLManw=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_cf_sect283k1_PUB
------BEGIN PUBLIC KEY-----
-MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBMjBO8WoxHS/vz8po52WZGxS+RK5yolrUe6tfbAMA3Sd
-5/JjBDVjOz95vM4gUnqzUWHN5nKBQtj6HiU9Q/R+zqg98OiQKTyA
------END PUBLIC KEY-----
-
-PrivPubKeyPair=ALICE_cf_sect283k1:ALICE_cf_sect283k1_PUB
-
-PrivateKey=BOB_cf_sect283k1
------BEGIN PRIVATE KEY-----
-MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQBCZC8Is+YSjgXJBBDioEl6gu14QpGHllD
-1J6957vBTPSQdH0=
------END PRIVATE KEY-----
-
-PublicKey=BOB_cf_sect283k1_PUB
------BEGIN PUBLIC KEY-----
-MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAGEQKZVHYAlvtjHrFyZVm12qUb5j+T5/WNoC962+kwUM
-QkBYA5BpuG8Knlugq1iB31whPAgRCZfdLKHpHRPJSfXvKyUIdeUm
------END PUBLIC KEY-----
-
-PrivPubKeyPair=BOB_cf_sect283k1:BOB_cf_sect283k1_PUB
-
-# ECDH Alice with Bob peer
-Derive=ALICE_cf_sect283k1
-PeerKey=BOB_cf_sect283k1_PUB
-SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c
-
-# ECDH Bob with Alice peer
-Derive=BOB_cf_sect283k1
-PeerKey=ALICE_cf_sect283k1_PUB
-SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c
-
-# ECC CDH Alice with Bob peer
-Derive=ALICE_cf_sect283k1
-PeerKey=BOB_cf_sect283k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169
-
-# ECC CDH Bob with Alice peer
-Derive=BOB_cf_sect283k1
-PeerKey=ALICE_cf_sect283k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169
-
-PublicKey=MALICE_cf_sect283k1_PUB
------BEGIN PUBLIC KEY-----
-MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB
------END PUBLIC KEY-----
-
-# ECC CDH Bob with Malice peer
-Derive=BOB_cf_sect283k1
-PeerKey=MALICE_cf_sect283k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-# ECC CDH Alice with Malice peer
-Derive=ALICE_cf_sect283k1
-PeerKey=MALICE_cf_sect283k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-Title=sect283r1 curve tests
-
-PrivateKey=ALICE_cf_sect283r1
------BEGIN PRIVATE KEY-----
-MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQCQ5pqKvPxDysd1pi2Bv8Z11cFhsRZfuaf
-4Pi0hpGr4ubZcHE=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_cf_sect283r1_PUB
------BEGIN PUBLIC KEY-----
-MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBcsrGDgO7pbGybQX/00gRHtQq3+X9XrGb7Uzv9Nabwc/
-kntnBMF0I2KU+aaTjQx1GVtmNf7CvFwPLEBnfKjJAjekjsGyIqoq
------END PUBLIC KEY-----
-
-PrivPubKeyPair=ALICE_cf_sect283r1:ALICE_cf_sect283r1_PUB
-
-PrivateKey=BOB_cf_sect283r1
------BEGIN PRIVATE KEY-----
-MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQDxItnY3cDCrX/jGnVuAKDPaySZCr3E83Q
-UdFnP6YIykt7+Pg=
------END PRIVATE KEY-----
-
-PublicKey=BOB_cf_sect283r1_PUB
------BEGIN PUBLIC KEY-----
-MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBJ2C9BCkX0YRfs2ufgUKvreUXFWp2AGK+iHlZB4N3LqO
-PKpmAkrAeCMty6mw2mEnOR5HA1d4Ee+z7/NJgJJ80Ra9bFnreOW3
------END PUBLIC KEY-----
-
-PrivPubKeyPair=BOB_cf_sect283r1:BOB_cf_sect283r1_PUB
-
-# ECDH Alice with Bob peer
-Derive=ALICE_cf_sect283r1
-PeerKey=BOB_cf_sect283r1_PUB
-SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773
-
-# ECDH Bob with Alice peer
-Derive=BOB_cf_sect283r1
-PeerKey=ALICE_cf_sect283r1_PUB
-SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773
-
-# ECC CDH Alice with Bob peer
-Derive=ALICE_cf_sect283r1
-PeerKey=BOB_cf_sect283r1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8
-
-# ECC CDH Bob with Alice peer
-Derive=BOB_cf_sect283r1
-PeerKey=ALICE_cf_sect283r1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8
-
-PublicKey=MALICE_cf_sect283r1_PUB
------BEGIN PUBLIC KEY-----
-MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAByvMnFeSsevoGYMIn7b4NaL9IgowRCTKF8CCrhdEKu3pubP2
------END PUBLIC KEY-----
-
-# ECC CDH Bob with Malice peer
-Derive=BOB_cf_sect283r1
-PeerKey=MALICE_cf_sect283r1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-# ECC CDH Alice with Malice peer
-Derive=ALICE_cf_sect283r1
-PeerKey=MALICE_cf_sect283r1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-Title=sect409k1 curve tests
-
-PrivateKey=ALICE_cf_sect409k1
------BEGIN PRIVATE KEY-----
-MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMOthcLahkXFgM0wjOzm767D1A72sFRGlhb
-bVH+EB7z2WpIcPX4OD+M4Y1pf/a7wSaoSAo=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_cf_sect409k1_PUB
------BEGIN PUBLIC KEY-----
-MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAbiYYpeFgCMsZFMzQaiwMJDrC+mCMT7KmhYtD5EMMgLW
-5OvhaqYdpRf49A8LOtVcRT7J5gGcMrXQgmQeS3FenA5owWnB2NIgrTNf5d8AAEtrOupsJ4c3kL6e
-aAzayZ1+UCEj8skbC9U=
------END PUBLIC KEY-----
-
-PrivPubKeyPair=ALICE_cf_sect409k1:ALICE_cf_sect409k1_PUB
-
-PrivateKey=BOB_cf_sect409k1
------BEGIN PRIVATE KEY-----
-MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMO43ldQllTewdZwffH4OEXdzBrLwabKsn4
-6/hjgIAaYda/pt4yCEQLMp18QgtfMey5ENI=
------END PRIVATE KEY-----
-
-PublicKey=BOB_cf_sect409k1_PUB
------BEGIN PUBLIC KEY-----
-MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAVTQj6hRizVmOx4Z6vroN/zMkmAY+QhkQ0CnFeJ0AydY
-Fv+f+/420vMC1Mhqsc9VzPMmIAH6ZrgGKDsd4Ce9JUtYE0rVhGeiG2RaN1U5RlhVK4avkWhFlyQ5
-vuu4aApQiWE3yQd9v/I=
------END PUBLIC KEY-----
-
-PrivPubKeyPair=BOB_cf_sect409k1:BOB_cf_sect409k1_PUB
-
-# ECDH Alice with Bob peer
-Derive=ALICE_cf_sect409k1
-PeerKey=BOB_cf_sect409k1_PUB
-SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0
-
-# ECDH Bob with Alice peer
-Derive=BOB_cf_sect409k1
-PeerKey=ALICE_cf_sect409k1_PUB
-SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0
-
-# ECC CDH Alice with Bob peer
-Derive=ALICE_cf_sect409k1
-PeerKey=BOB_cf_sect409k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee
-
-# ECC CDH Bob with Alice peer
-Derive=BOB_cf_sect409k1
-PeerKey=ALICE_cf_sect409k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee
-
-PublicKey=MALICE_cf_sect409k1_PUB
------BEGIN PUBLIC KEY-----
-MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAA=
------END PUBLIC KEY-----
-
-# ECC CDH Bob with Malice peer
-Derive=BOB_cf_sect409k1
-PeerKey=MALICE_cf_sect409k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-# ECC CDH Alice with Malice peer
-Derive=ALICE_cf_sect409k1
-PeerKey=MALICE_cf_sect409k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-Title=sect409r1 curve tests
-
-PrivateKey=ALICE_cf_sect409r1
------BEGIN PRIVATE KEY-----
-MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQAxSC9lST5dtfXQI1Ug9VMMoue3GGni5ON
-+gieyXK2KKbd29KAPs4/AOd8kX2wQDsZPO7E
------END PRIVATE KEY-----
-
-PublicKey=ALICE_cf_sect409r1_PUB
------BEGIN PUBLIC KEY-----
-MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEASAvXAM15DJerAu1JttpBuMJK1/fEfFohu2iEpt3r7Ui
-iQoER6HUsWiw1hhcJyTv7WzpJQHFWrOlJMe/KjmQa/CygSc65YHDzG27oUL+KGdQUGc79ZRSwl/q
-fGZqa3D+bDVMwrhmZto=
------END PUBLIC KEY-----
-
-PrivPubKeyPair=ALICE_cf_sect409r1:ALICE_cf_sect409r1_PUB
-
-PrivateKey=BOB_cf_sect409r1
------BEGIN PRIVATE KEY-----
-MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQARen+1P3JQzBgOv0pUYwsZTPRVLpqqDAU
-7mKL2lk9eH7zSGmtNoMvP2m1S2dBnXxFY/bV
------END PRIVATE KEY-----
-
-PublicKey=BOB_cf_sect409r1_PUB
------BEGIN PUBLIC KEY-----
-MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAbDUw066TtdfOpDvrlKosEyqUNEG7rY+AKvDqKw+HOzf
-sUTYee6cEf71oqJ1sCKPQiYzlwCu/HLQeWPxISE6Uo+53kkeJml2xpMBwoE25Gq/DSS61dR7SRTZ
-+sUmumbIuGzbrjtMRmw=
------END PUBLIC KEY-----
-
-PrivPubKeyPair=BOB_cf_sect409r1:BOB_cf_sect409r1_PUB
-
-# ECDH Alice with Bob peer
-Derive=ALICE_cf_sect409r1
-PeerKey=BOB_cf_sect409r1_PUB
-SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1
-
-# ECDH Bob with Alice peer
-Derive=BOB_cf_sect409r1
-PeerKey=ALICE_cf_sect409r1_PUB
-SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1
-
-# ECC CDH Alice with Bob peer
-Derive=ALICE_cf_sect409r1
-PeerKey=BOB_cf_sect409r1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad
-
-# ECC CDH Bob with Alice peer
-Derive=BOB_cf_sect409r1
-PeerKey=ALICE_cf_sect409r1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad
-
-PublicKey=MALICE_cf_sect409r1_PUB
------BEGIN PUBLIC KEY-----
-MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAACZNffkdo7i7yL5tKKfU8tdk6su0K185XwbJkn96JWVDPZXZ3My
-bFKKSOJ7hyrM8Lwl1e8=
------END PUBLIC KEY-----
-
-# ECC CDH Bob with Malice peer
-Derive=BOB_cf_sect409r1
-PeerKey=MALICE_cf_sect409r1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-# ECC CDH Alice with Malice peer
-Derive=ALICE_cf_sect409r1
-PeerKey=MALICE_cf_sect409r1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-Title=sect571k1 curve tests
-
-PrivateKey=ALICE_cf_sect571k1
------BEGIN PRIVATE KEY-----
-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgB4agvk7Qdf9bVb9aMVdtXL0MuVw6dTleB
-zrpPMYty/piI5GWkQEGVp4OJSjF1BGgWmtYSYlV0oI8jJ7hfWTjVGfVWix4ipb8=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_cf_sect571k1_PUB
------BEGIN PUBLIC KEY-----
-MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDUZq0ZrgYpTXNpOptjExaur0K9FAYHv1j9cvAptwX
-dcmQf3VqekMkGZCfNdqNeqCajG3QHRkBHe4FZhWr3FXi8whvvr463lUDf+t46un1kE6FTYfhILGa
-sBZm7OdfkarYd9TXBbmnkFA+XkyPlkM1+6daM3/WmnegK+TYghFDXLgwiyF8s0ElllF7z38Gmc4=
------END PUBLIC KEY-----
-
-PrivPubKeyPair=ALICE_cf_sect571k1:ALICE_cf_sect571k1_PUB
-
-PrivateKey=BOB_cf_sect571k1
------BEGIN PRIVATE KEY-----
-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgA3pINxGOI7L9M+Mil+bm/udPwI4xu7ubJ
-p3aoOepTXW94laf8wjFLcQnRUwH87Vbq9VLQEfCAFvr2vZoBc+5asnNuDhRNNeQ=
------END PRIVATE KEY-----
-
-PublicKey=BOB_cf_sect571k1_PUB
------BEGIN PUBLIC KEY-----
-MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDZRr5GCSq2uzGxmWNB+bED7zye18Rr/KehwXrbn1r
-rKtR8fe+dg2V15FieC3qZe/wCpMtyp79VmEabGi6iGLlAN/rUE81URsA/K7GVpmklslV5gmwryR0
-3E7jGKPFesun9iNtmpgM18P9y3aJd4Qr4hMlwW2Nyw187l6QB/W2e/i+8vKXFTLHlz5WLAyAcpA=
------END PUBLIC KEY-----
-
-PrivPubKeyPair=BOB_cf_sect571k1:BOB_cf_sect571k1_PUB
-
-# ECDH Alice with Bob peer
-Derive=ALICE_cf_sect571k1
-PeerKey=BOB_cf_sect571k1_PUB
-SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c
-
-# ECDH Bob with Alice peer
-Derive=BOB_cf_sect571k1
-PeerKey=ALICE_cf_sect571k1_PUB
-SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c
-
-# ECC CDH Alice with Bob peer
-Derive=ALICE_cf_sect571k1
-PeerKey=BOB_cf_sect571k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2
-
-# ECC CDH Bob with Alice peer
-Derive=BOB_cf_sect571k1
-PeerKey=ALICE_cf_sect571k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2
-
-PublicKey=MALICE_cf_sect571k1_PUB
------BEGIN PUBLIC KEY-----
-MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE=
------END PUBLIC KEY-----
-
-# ECC CDH Bob with Malice peer
-Derive=BOB_cf_sect571k1
-PeerKey=MALICE_cf_sect571k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-# ECC CDH Alice with Malice peer
-Derive=ALICE_cf_sect571k1
-PeerKey=MALICE_cf_sect571k1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-Title=sect571r1 curve tests
-
-PrivateKey=ALICE_cf_sect571r1
------BEGIN PRIVATE KEY-----
-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAxfL2/gUsmJonvDMR95Azq1ySgXMlKSRk
-+PL+WaS92ZyOo45HaC7RpH5sdkf4b948u6y1BXOxGZuORXy6lgbgZ1Zx2UgL3cI=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_cf_sect571r1_PUB
------BEGIN PUBLIC KEY-----
-MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBK5L9ccIWacU2A1srZ35opPu6kcbEOsBPmvj/rlMS
-fFrdMOcagOYfcD0/ouYHPhvkHbr9k87IlQJfnV6ZNRA4PmWSp/FjkNwETm/fqTCUQHti/qqnKH7R
-Ed4fYROLFGvz+PX6E20SryOt1vrmoRyC7Z5FVmgMVOQQ1AaBNAHi3+IPtKx41YdXdbqHJxuI5jE=
------END PUBLIC KEY-----
-
-PrivPubKeyPair=ALICE_cf_sect571r1:ALICE_cf_sect571r1_PUB
-
-PrivateKey=BOB_cf_sect571r1
------BEGIN PRIVATE KEY-----
-MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAzcRvASPpWi0ybpOGlj0Lozz01C2a5oDA
-G5alib1EmZKcpVULxJXn75FQlTKpkUEuWUgA4yk5X5DTiScUuh4LDhaF3AFhsEY=
------END PRIVATE KEY-----
-
-PublicKey=BOB_cf_sect571r1_PUB
------BEGIN PUBLIC KEY-----
-MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQH3dnL22NajtqDWTX6qD14w1BOlpHFBUPTr24VySlh
-kiiBlOF95u7hFr/hSb7gm/3f+IVKyE18Sh2kR4KaxWcPWKY5xKTiqiICT7hCistuzNRt8gR+kNOT
-c1rETMV6ZruZinwzEWWWjwJf6612oy2HG3CX3B8Rm+a3sS0q6IzowEwqmDv6v9bMTFk8bsCv0Fk=
------END PUBLIC KEY-----
-
-PrivPubKeyPair=BOB_cf_sect571r1:BOB_cf_sect571r1_PUB
-
-# ECDH Alice with Bob peer
-Derive=ALICE_cf_sect571r1
-PeerKey=BOB_cf_sect571r1_PUB
-SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827
-
-# ECDH Bob with Alice peer
-Derive=BOB_cf_sect571r1
-PeerKey=ALICE_cf_sect571r1_PUB
-SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827
-
-# ECC CDH Alice with Bob peer
-Derive=ALICE_cf_sect571r1
-PeerKey=BOB_cf_sect571r1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0
-
-# ECC CDH Bob with Alice peer
-Derive=BOB_cf_sect571r1
-PeerKey=ALICE_cf_sect571r1_PUB
-Ctrl=ecdh_cofactor_mode:1
-SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0
-
-PublicKey=MALICE_cf_sect571r1_PUB
------BEGIN PUBLIC KEY-----
-MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHMtVWZAwgtd1zmgWN/9WC
-aNQcWRNUKesEHXqhJVkC5jYsSACodKsLYFNrWEYM0gwG8DQONZSn93G+38EM45tkaZsIRDt2HEM=
------END PUBLIC KEY-----
-
-# ECC CDH Bob with Malice peer
-Derive=BOB_cf_sect571r1
-PeerKey=MALICE_cf_sect571r1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
-# ECC CDH Alice with Malice peer
-Derive=ALICE_cf_sect571r1
-PeerKey=MALICE_cf_sect571r1_PUB
-Ctrl=ecdh_cofactor_mode:1
-Result=DERIVE_ERROR
-Reason=point at infinity
-
diff --git a/test/recipes/30-test_evp_data/evppkey_ecdh.txt b/test/recipes/30-test_evp_data/evppkey_ecdh.txt
index f60df1d259..35b507896e 100644
--- a/test/recipes/30-test_evp_data/evppkey_ecdh.txt
+++ b/test/recipes/30-test_evp_data/evppkey_ecdh.txt
@@ -17,6 +17,53 @@
# Private keys used for PKEY operations.
+# EC P-256 key
+
+PrivateKey=P-256
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiocvtiiTxNH/xbnw
++RdYBp+DUuCPoFpJ+NuSbLVyhyWhRANCAAQsFQ9CnOcPIWwlLPXgYs4fY5zV0WXH
++JQkBywnGX14szuSDpXNtmTpkNzwz+oNlOKo5q+dDlgFbmUxBJJbn+bJ
+-----END PRIVATE KEY-----
+
+# EC public key for above
+
+PublicKey=P-256-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUPQpznDyFsJSz14GLOH2Oc1dFl
+x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = P-256:P-256-PUBLIC
+
+# Additional EC key for ECDH
+PrivateKey=P-256-Peer
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/URzu1TDNwUFWZ3i
+dLISAZpEY0vfJ2pLB7f+Xnjyl2OhRANCAAQgBuXhSgeKpz+4piXlYSVLvy0NT+wK
+uZWUI3LqUUCV07wg+RLLMY8yNK9kjqcgZDs/cB+bet64nQq+dNnvtpxG
+-----END PRIVATE KEY-----
+
+PublicKey=P-256-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIAbl4UoHiqc/uKYl5WElS78tDU/s
+CrmVlCNy6lFAldO8IPkSyzGPMjSvZI6nIGQ7P3Afm3reuJ0KvnTZ77acRg==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = P-256-Peer:P-256-Peer-PUBLIC
+
+Title = ECDH tests
+
+
+Derive=P-256
+PeerKey=P-256-Peer-PUBLIC
+SharedSecret=E3CC07DFBDDE76A1139811DB9FF5FAF9D17EF39944F1E77D1F6A208524BF7B1B
+
+
+Derive=P-256-Peer
+PeerKey=P-256-PUBLIC
+SharedSecret=E3CC07DFBDDE76A1139811DB9FF5FAF9D17EF39944F1E77D1F6A208524BF7B1B
+
Title = ECDH tests (with random keys)
# TEST CURVE secp112r1
@@ -423,6 +470,52 @@ Derive=BOB_secp224k1
PeerKey=ALICE_secp224k1_PUB
SharedSecret=80b65e65fe29c779213dd31189d371ff57b0b2bf08c6458ed142399a
+# TEST CURVE secp224r1
+
+PrivateKey=ALICE_secp224r1
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBxLKkXFJXYqGUlTsmgjlesi
+kwqejrekrkSTbehyoTwDOgAEUcEh0Ggy/rD+Nj9JQozzI+qzPtiU7b2D2HtdCa4h
+fbVPXngcRH2B2xN8W+dcHoIxrxO2UFXy4xo=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_secp224r1_PUB
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEUcEh0Ggy/rD+Nj9JQozzI+qzPtiU7b2D
+2HtdCa4hfbVPXngcRH2B2xN8W+dcHoIxrxO2UFXy4xo=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_secp224r1:ALICE_secp224r1_PUB
+
+
+PrivateKey=BOB_secp224r1
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBzOHGGUR3fZYg3GSaUN6pxo
+NQtAlOzM3UclEhMzoTwDOgAEdwFklK/YoDRU6bM7X2ulNLwqx9TUETMFUM6VV9DB
+4YcvAzv6pQgVwYEU7IahmSKpX19chbPt2I0=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_secp224r1_PUB
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEdwFklK/YoDRU6bM7X2ulNLwqx9TUETMF
+UM6VV9DB4YcvAzv6pQgVwYEU7IahmSKpX19chbPt2I0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_secp224r1:BOB_secp224r1_PUB
+
+
+# ECDH Alice with Bob peer
+
+Derive=ALICE_secp224r1
+PeerKey=BOB_secp224r1_PUB
+SharedSecret=34ea06d16d82f0d1725de47f3639ac0c23db7d7ed68f01488539a2a5
+
+# ECDH Bob with Alice peer
+
+Derive=BOB_secp224r1
+PeerKey=ALICE_secp224r1_PUB
+SharedSecret=34ea06d16d82f0d1725de47f3639ac0c23db7d7ed68f01488539a2a5
+
# TEST CURVE secp256k1
PrivateKey=ALICE_secp256k1
@@ -469,6 +562,158 @@ Derive=BOB_secp256k1
PeerKey=ALICE_secp256k1_PUB
SharedSecret=af43b52790082fd87afb1d14b883c12d12bb9e554080d1f8e527920676e31f3e
+# TEST CURVE secp384r1
+
+PrivateKey=ALICE_secp384r1
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCxE7Q4m1dsK7M3Otxo
+cgY/ejX9JOKKdAtSnRiU4bnK3eFmALkMN7XIveQnWLB1PEKhZANiAAQaUsvUFr/u
+ISpAmYqYZIme4VassCtb0tNGU97s3qt4ozcogZ4z+fIzXZ4YXqfGoEa57+uQDgqr
++jNOTji7Gxopt6AqZ9EvwuVaCuunUi0pcx6cc8IuUfrwMwSFovV/7sM=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_secp384r1_PUB
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGlLL1Ba/7iEqQJmKmGSJnuFWrLArW9LT
+RlPe7N6reKM3KIGeM/nyM12eGF6nxqBGue/rkA4Kq/ozTk44uxsaKbegKmfRL8Ll
+Wgrrp1ItKXMenHPCLlH68DMEhaL1f+7D
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_secp384r1:ALICE_secp384r1_PUB
+
+
+PrivateKey=BOB_secp384r1
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBRiGXRsb5sUq0b3/dg
+Z+pA9kbrSivBMCUCXVwxno1d/30hI/Yy0Z5PWwbBgwTFprWhZANiAASp1FeUOBJF
+mzQCNbGiOz8He0kF+KIf24UGYVO5MC7u5rV9hpoYsbcgmwxALskPN18os2ygK1Pn
+f/h+WALIsG2RknSTbiyvBYkoIhJV9cflvEDpMeaWSLF7qJ5YjEIf9PM=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_secp384r1_PUB
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEqdRXlDgSRZs0AjWxojs/B3tJBfiiH9uF
+BmFTuTAu7ua1fYaaGLG3IJsMQC7JDzdfKLNsoCtT53/4flgCyLBtkZJ0k24srwWJ
+KCISVfXH5bxA6THmlkixe6ieWIxCH/Tz
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_secp384r1:BOB_secp384r1_PUB
+
+
+# ECDH Alice with Bob peer
+
+Derive=ALICE_secp384r1
+PeerKey=BOB_secp384r1_PUB
+SharedSecret=2006ed49acbb991b8fbf8a15c3f263542496eaefe1e2952591b72fb929463eac7a403a5419cebbfb73734918eaed59fd
+
+# ECDH Bob with Alice peer
+
+Derive=BOB_secp384r1
+PeerKey=ALICE_secp384r1_PUB
+SharedSecret=2006ed49acbb991b8fbf8a15c3f263542496eaefe1e2952591b72fb929463eac7a403a5419cebbfb73734918eaed59fd
+
+# TEST CURVE secp521r1
+
+PrivateKey=ALICE_secp521r1
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAFBIz3FLAuX8VCWzM
+wu1f/tm8pf1QqnsdLqaIWCQAJa2W5ldpJTYfkj1gGxM44AD3qHnkXISvNLwwuxI1
+hr2+pOGhgYkDgYYABACWlOOFYk/p3AS2LxEQWBuMm6uIjo3XArjh1QrsLcUc5hhi
+82CIz6kKwKjCnYRDHq4iv1x63rVEzGGhQOM1g+cRVwHSpfbBpaxK7bMLkVFOOavv
+OdcdyRHaHsvxw2pREmdS/GwtfgT8odQrG06KMIwVeL+H08fGJSbPX0Zock0DOPCp
+aw==
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_secp521r1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAlpTjhWJP6dwEti8REFgbjJuriI6N
+1wK44dUK7C3FHOYYYvNgiM+pCsCowp2EQx6uIr9cet61RMxhoUDjNYPnEVcB0qX2
+waWsSu2zC5FRTjmr7znXHckR2h7L8cNqURJnUvxsLX4E/KHUKxtOijCMFXi/h9PH
+xiUmz19GaHJNAzjwqWs=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_secp521r1:ALICE_secp521r1_PUB
+
+
+PrivateKey=BOB_secp521r1
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA9C/sMWveRlHPr9P5
+cc3U+1L2/zB0VtHewKSQRWZ67SmS4+m7uXTqUVSLRHiQEgQid0cg77gSxXPlmV+z
+y0f3zd+hgYkDgYYABAE18N3SwDGtea3IOqUdh3j0JtnMeP41i/agEBlxK8/iEBXc
+Q61mkIrQIKcabRhoylEugXHiyNnqNQOD4DUa0bTKzAHtJ4UqqbEVno6byRmcUQwb
+mvG89eS8GLEmk5X/O2atHU4yIGTuTRQWn/BTJUCS+OgJz4FZdadscc5Z640EZqSD
+iw==
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_secp521r1_PUB
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBNfDd0sAxrXmtyDqlHYd49CbZzHj+
+NYv2oBAZcSvP4hAV3EOtZpCK0CCnGm0YaMpRLoFx4sjZ6jUDg+A1GtG0yswB7SeF
+KqmxFZ6Om8kZnFEMG5rxvPXkvBixJpOV/ztmrR1OMiBk7k0UFp/wUyVAkvjoCc+B
+WXWnbHHOWeuNBGakg4s=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_secp521r1:BOB_secp521r1_PUB
+
+
+# ECDH Alice with Bob peer
+
+Derive=ALICE_secp521r1
+PeerKey=BOB_secp521r1_PUB
+SharedSecret=018c8f33e544a0fa8854dcd96bdba75b7687d1c42b2ff1bf0a06d49c424fee96d8a7f3af3119dcbfabc1c147477c50f7c72971956f9bb17ddec6d02b2187f06cf4be
+
+# ECDH Bob with Alice peer
+
+Derive=BOB_secp521r1
+PeerKey=ALICE_secp521r1_PUB
+SharedSecret=018c8f33e544a0fa8854dcd96bdba75b7687d1c42b2ff1bf0a06d49c424fee96d8a7f3af3119dcbfabc1c147477c50f7c72971956f9bb17ddec6d02b2187f06cf4be
+
+# TEST CURVE prime192v1
+
+PrivateKey=ALICE_prime192v1
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBjxfXvSFNqD2UzFVN1L
+bQrPlzop7dxQq/ehNAMyAATibpGuYzCjkT1tWLYEogpKz74WqhvbQtZPkCYQCin1
+cmZuNW+BZ0jyVEpGlpnZPMg=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_prime192v1_PUB
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE4m6RrmMwo5E9bVi2BKIKSs++Fqob
+20LWT5AmEAop9XJmbjVvgWdI8lRKRpaZ2TzI
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_prime192v1:ALICE_prime192v1_PUB
+
+
+PrivateKey=BOB_prime192v1
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhewaqXNZlYyqnmuEEE
+Y/oUXe3/jpzhmyGhNAMyAASkpwNJEP/1FuuWKCDDUm26iyqrs+zKwayZnaF77YC6
+qCtgia7yNcSl9tlWHh3gQgw=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_prime192v1_PUB
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEpKcDSRD/9Rbrliggw1Jtuosqq7Ps
+ysGsmZ2he+2AuqgrYImu8jXEpfbZVh4d4EIM
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_prime192v1:BOB_prime192v1_PUB
+
+
+# ECDH Alice with Bob peer
+
+Derive=ALICE_prime192v1
+PeerKey=BOB_prime192v1_PUB
+SharedSecret=be2a779b587f8f5d7c9d8f006e0a6d0e996c9c63c255f861
+
+# ECDH Bob with Alice peer
+
+Derive=BOB_prime192v1
+PeerKey=ALICE_prime192v1_PUB
+SharedSecret=be2a779b587f8f5d7c9d8f006e0a6d0e996c9c63c255f861
+
# TEST CURVE prime192v2
PrivateKey=ALICE_prime192v2
@@ -699,6 +944,52 @@ Derive=BOB_prime239v3
PeerKey=ALICE_prime239v3_PUB
SharedSecret=78e80ae760061178bd005e9e3634333971468bc6d3f82baee238c5ed32f9
+# TEST CURVE prime256v1
+
+PrivateKey=ALICE_prime256v1
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQglUPDk8gQ8lMj38V7
+0jPBZDfQUx5pNOVSKOMTqlh04POhRANCAARq87w+K0q9b1mzJGh309kjNvYTS02m
+YkHKxAewiZwmt/5w+5uywz/+0130SdAWbXtECjaHUK94YEHzp0G/PCl5
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_prime256v1_PUB
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEavO8PitKvW9ZsyRod9PZIzb2E0tN
+pmJBysQHsImcJrf+cPubssM//tNd9EnQFm17RAo2h1CveGBB86dBvzwpeQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_prime256v1:ALICE_prime256v1_PUB
+
+
+PrivateKey=BOB_prime256v1
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgNsLfn/sRZfm9ZcM7
+xURiUHT7+w8Jgk9SbwTVDjpLYYmhRANCAASRmyKNgUbADGxkIOAVh9T7IXv2ZDT6
+I5YMW6wOs27VMOAD0AiNLrv7sW1TdqxkUtF17/GFpLvFOuZcbdX4p3i/
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_prime256v1_PUB
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkZsijYFGwAxsZCDgFYfU+yF79mQ0
++iOWDFusDrNu1TDgA9AIjS67+7FtU3asZFLRde/xhaS7xTrmXG3V+Kd4vw==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_prime256v1:BOB_prime256v1_PUB
+
+
+# ECDH Alice with Bob peer
+
+Derive=ALICE_prime256v1
+PeerKey=BOB_prime256v1_PUB
+SharedSecret=390021fbca00d959c1adaf7e9cedef0e65a582489eab9adbe739ef66bf82adb4
+
+# ECDH Bob with Alice peer
+
+Derive=BOB_prime256v1
+PeerKey=ALICE_prime256v1_PUB
+SharedSecret=390021fbca00d959c1adaf7e9cedef0e65a582489eab9adbe739ef66bf82adb4
+
# TEST CURVE sect113r1
PrivateKey=ALICE_sect113r1
@@ -875,189 +1166,685 @@ Derive=BOB_sect131r2
PeerKey=ALICE_sect131r2_PUB
SharedSecret=03cbec3a3050c7f13d4801ad692d61c417
+# TEST CURVE sect163k1
+
+PrivateKey=ALICE_sect163k1
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUBxkeGOXE86PAijpk8trN/
+f3kl4UmhLgMsAAQD1hrDCJ2MSFKZ6Q11cTllX/l5HY0Hg5XZCxMFC84AaczwPtNJ
+YNCxfCk=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect163k1_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEA9YawwidjEhSmekNdXE5ZV/5eR2NB4OV
+2QsTBQvOAGnM8D7TSWDQsXwp
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect163k1:ALICE_sect163k1_PUB
+
+
+PrivateKey=BOB_sect163k1
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUCUJ5kItSfXidHXsgokcS7
+nzPFbOShLgMsAAQGrYNJ1qgdb3A9ISOmTujfS+WYFKwBXXrJEluAkeNh3jXnDq8X
++XBB0k8=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect163k1_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBq2DSdaoHW9wPSEjpk7o30vlmBSsAV16
+yRJbgJHjYd415w6vF/lwQdJP
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect163k1:BOB_sect163k1_PUB
+
+
+# ECDH Alice with Bob peer
+
+Derive=ALICE_sect163k1
+PeerKey=BOB_sect163k1_PUB
+SharedSecret=07bfdf00759b383aa7741ae4634400f8ddf2047092
+
+# ECDH Bob with Alice peer
+
+Derive=BOB_sect163k1
+PeerKey=ALICE_sect163k1_PUB
+SharedSecret=07bfdf00759b383aa7741ae4634400f8ddf2047092
+
# TEST CURVE sect163r1
-PrivateKey=ALICE_sect163r1
+PrivateKey=ALICE_sect163r1
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAIETDBKAgEBBBUBl9zmlPmFF5v9h1IIENAx
+1b8tj0+hLgMsAAQE3j8Jn58CCtEDwvOZ5DwgYGBYvIECz1zN8UwPfTFSdXjTWQcr
+9gWxNMA=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect163r1_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEBN4/CZ+fAgrRA8LzmeQ8IGBgWLyBAs9c
+zfFMD30xUnV401kHK/YFsTTA
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect163r1:ALICE_sect163r1_PUB
+
+
+PrivateKey=BOB_sect163r1
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAIETDBKAgEBBBUA/nzN5yCavvZlXyDGEihW
+rwG360+hLgMsAAQDt6XZHfzXABSTnGhzfoPtfdLZgaoGhBdeWz+318vNmC6AMJP+
+PntHzsA=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect163r1_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEA7el2R381wAUk5xoc36D7X3S2YGqBoQX
+Xls/t9fLzZgugDCT/j57R87A
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect163r1:BOB_sect163r1_PUB
+
+
+# ECDH Alice with Bob peer
+
+Derive=ALICE_sect163r1
+PeerKey=BOB_sect163r1_PUB
+SharedSecret=02355c765bbc07fcc44bb1496e490912f6df56e6d4
+
+# ECDH Bob with Alice peer
+
+Derive=BOB_sect163r1
+PeerKey=ALICE_sect163r1_PUB
+SharedSecret=02355c765bbc07fcc44bb1496e490912f6df56e6d4
+
+# TEST CURVE sect163r2
+
+PrivateKey=ALICE_sect163r2
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDjH2G7BkPTBM4VtljaQr8
+sXVLNOqhLgMsAAQHHqWxJWR2KrHCPp/PSjZIdK88ET0A323/UOTxhYHwsLpR7rp3
+ahq1lQ8=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect163r2_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBx6lsSVkdiqxwj6fz0o2SHSvPBE9AN9t
+/1Dk8YWB8LC6Ue66d2oatZUP
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect163r2:ALICE_sect163r2_PUB
+
+
+PrivateKey=BOB_sect163r2
+-----BEGIN PRIVATE KEY-----
+MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUBXOM9Tm6sKXUlRLlW0HgC
+NTDxW2ihLgMsAAQGxa8xRcC+TIcDgGtehDVEV1PoBokBwtILj16NPYC0aBZI8/nF
+F4jhgmc=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect163r2_PUB
+-----BEGIN PUBLIC KEY-----
+MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBsWvMUXAvkyHA4BrXoQ1RFdT6AaJAcLS
+C49ejT2AtGgWSPP5xReI4YJn
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect163r2:BOB_sect163r2_PUB
+
+
+# ECDH Alice with Bob peer
+
+Derive=ALICE_sect163r2
+PeerKey=BOB_sect163r2_PUB
+SharedSecret=040df54e6df412790ef5c0fafbbfcba5136b872951
+
+# ECDH Bob with Alice peer
+
+Derive=BOB_sect163r2
+PeerKey=ALICE_sect163r2_PUB
+SharedSecret=040df54e6df412790ef5c0fafbbfcba5136b872951
+
+# TEST CURVE sect193r1
+
+PrivateKey=ALICE_sect193r1
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEAYHKoZIzj0CAQYFK4EEABgEWDBWAgEBBBkAEQlofBlvj8zDK5o4CCfA
+aOQOmlAyTimBoTYDNAAEAKBcyRBxQDZTvpPM39ZVXYQS5aJwZfUnNwBn5T26m15R
+M4MLnYGdklcAM8oMOML999w=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect193r1_PUB
+-----BEGIN PUBLIC KEY-----
+MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAKBcyRBxQDZTvpPM39ZVXYQS5aJwZfUn
+NwBn5T26m15RM4MLnYGdklcAM8oMOML999w=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect193r1:ALICE_sect193r1_PUB
+
+
+PrivateKey=BOB_sect193r1
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEAYHKoZIzj0CAQYFK4EEABgEWDBWAgEBBBkAnxvYLKZaw4Rj24WTRBfg
+iar5vp3R3pCJoTYDNAAEAXw0PWt3PtZT5v9aH0o6WnFtFGOBNEUpYQE/jBjzUHIC
+qMNZTHy9gT2R9yc0GBZ/Dic=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect193r1_PUB
+-----BEGIN PUBLIC KEY-----
+MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAXw0PWt3PtZT5v9aH0o6WnFtFGOBNEUp
+YQE/jBjzUHICqMNZTHy9gT2R9yc0GBZ/Dic=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect193r1:BOB_sect193r1_PUB
+
+
+# ECDH Alice with Bob peer
+
+Derive=ALICE_sect193r1
+PeerKey=BOB_sect193r1_PUB
+SharedSecret=00458b4c5ad122de5a377bea0adf1ab87bcb961b24ed764f47
+
+# ECDH Bob with Alice peer
+
+Derive=BOB_sect193r1
+PeerKey=ALICE_sect193r1_PUB
+SharedSecret=00458b4c5ad122de5a377bea0adf1ab87bcb961b24ed764f47
+
+# TEST CURVE sect193r2
+
+PrivateKey=ALICE_sect193r2
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEAYHKoZIzj0CAQYFK4EEABkEWDBWAgEBBBkAj54XQW+b3bnX9duvqaa+
+lPTNcvOlxRAvoTYDNAAEAHhW6xjH4TNPs/e12tsZcsGD+a92kAWkwQFc4m1ISx4o
+mtNyCVI7FXV5zNnaGWVACT4=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect193r2_PUB
+-----BEGIN PUBLIC KEY-----
+MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAHhW6xjH4TNPs/e12tsZcsGD+a92kAWk
+wQFc4m1ISx4omtNyCVI7FXV5zNnaGWVACT4=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect193r2:ALICE_sect193r2_PUB
+
+
+PrivateKey=BOB_sect193r2
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEAYHKoZIzj0CAQYFK4EEABkEWDBWAgEBBBkAvMiVR0abk6pHoeOIBESL
+fB9B4gsZJjLsoTYDNAAEADtKDcwL660+Mm11Vl254GI3TnD+fragdwF+wY5qlMu5
+VtrUDMHuAP0q3eGQUsrzNo0=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect193r2_PUB
+-----BEGIN PUBLIC KEY-----
+MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEADtKDcwL660+Mm11Vl254GI3TnD+frag
+dwF+wY5qlMu5VtrUDMHuAP0q3eGQUsrzNo0=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect193r2:BOB_sect193r2_PUB
+
+
+# ECDH Alice with Bob peer
+
+Derive=ALICE_sect193r2
+PeerKey=BOB_sect193r2_PUB
+SharedSecret=019d1f316d204a9cd1b9632cebb4accddb204158be3e435891
+
+# ECDH Bob with Alice peer
+
+Derive=BOB_sect193r2
+PeerKey=ALICE_sect193r2_PUB
+SharedSecret=019d1f316d204a9cd1b9632cebb4accddb204158be3e435891
+
+# TEST CURVE sect233k1
+
+PrivateKey=ALICE_sect233k1
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB1aR7qaKm1vmZWK2bGsJ1rX
+mH6BpTkW4t1L4zSf/KFAAz4ABADcDiv+bTvPVViqYLNz06VO5wodry+sGi6fnJIr
+QQCTfZ9d5whiIsbY5Thlcm7I0A/cIGoShA/6LumOVA==
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect233k1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEANwOK/5tO89VWKpgs3PTpU7nCh2vL6wa
+Lp+ckitBAJN9n13nCGIixtjlOGVybsjQD9wgahKED/ou6Y5U
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect233k1:ALICE_sect233k1_PUB
+
+
+PrivateKey=BOB_sect233k1
+-----BEGIN PRIVATE KEY-----
+MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0oa5BrzYxm6mn51Xyphn6X
+OUjKc9oMDHCowAyHTaFAAz4ABAGKiFuFJVQeymHYRVnt2LNF2MSaTMcL9JGSPn2z
+OwBis5MS4kgEFakWQl7KpGiy3vS89wmpblvHLJ/+IQ==
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect233k1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAYqIW4UlVB7KYdhFWe3Ys0XYxJpMxwv0
+kZI+fbM7AGKzkxLiSAQVqRZCXsqkaLLe9Lz3CaluW8csn/4h
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect233k1:BOB_sect233k1_PUB
+
+
+# ECDH Alice with Bob peer
+
+Derive=ALICE_sect233k1
+PeerKey=BOB_sect233k1_PUB
+SharedSecret=00a5e5f2e992f4360d530dd365d14f5c6013212e14f4ea258c91c71f1512
+
+# ECDH Bob with Alice peer
+
+Derive=BOB_sect233k1
+PeerKey=ALICE_sect233k1_PUB
+SharedSecret=00a5e5f2e992f4360d530dd365d14f5c6013212e14f4ea258c91c71f1512
+
+# TEST CURVE sect233r1
+
+PrivateKey=ALICE_sect233r1
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AEN6fePR2gizyXzU6kIgU
+Gijp5+IQAXoNBfKnVeChQAM+AAQB0kEwu2fwQWo1v1j7XQ8uJT3iMwRC8w+cxgxx
+GQ4B/FyjrhIUpEDWaMqfV23McZ6WdbIUe3MZ7K5pG38=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect233r1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAdJBMLtn8EFqNb9Y+10PLiU94jMEQvMP
+nMYMcRkOAfxco64SFKRA1mjKn1dtzHGelnWyFHtzGeyuaRt/
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect233r1:ALICE_sect233r1_PUB
+
+
+PrivateKey=BOB_sect233r1
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AXHWOeS6fG0XCH3FnHDuS
+IcELUeDG+AYNNeLVZd6hQAM+AAQAYRRYH017uxcaMPF3GOsL4bvodW1yZLEtL3pm
+CkcAfqJI/4niCr8uHKh0gBa2JBjBWMV1u8Mpf60uvok=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect233r1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAGEUWB9Ne7sXGjDxdxjrC+G76HVtcmSx
+LS96ZgpHAH6iSP+J4gq/LhyodIAWtiQYwVjFdbvDKX+tLr6J
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect233r1:BOB_sect233r1_PUB
+
+
+# ECDH Alice with Bob peer
+
+Derive=ALICE_sect233r1
+PeerKey=BOB_sect233r1_PUB
+SharedSecret=01625f3fcd367ee7cd74c67cca02dccfce6c3b19ef07e358ed943d17a8e2
+
+# ECDH Bob with Alice peer
+
+Derive=BOB_sect233r1
+PeerKey=ALICE_sect233r1_PUB
+SharedSecret=01625f3fcd367ee7cd74c67cca02dccfce6c3b19ef07e358ed943d17a8e2
+
+# TEST CURVE sect239k1
+
+PrivateKey=ALICE_sect239k1
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEAAMEZzBlAgEBBB4MhpuQTtDeLBboZgiW11d/
+KBlgUL4YvTjZ8zg4HR2hQAM+AAQafRD6X3L/7c/FN69KuA04a4bhxHZezmz1G15m
+tltwl8zlWsR5+GNToxV0OBLbStAQbXxqBa2Gg83B0oc=
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect239k1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEGn0Q+l9y/+3PxTevSrgNOGuG4cR2Xs5s
+9RteZrZbcJfM5VrEefhjU6MVdDgS20rQEG18agWthoPNwdKH
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect239k1:ALICE_sect239k1_PUB
+
+
+PrivateKey=BOB_sect239k1
+-----BEGIN PRIVATE KEY-----
+MH4CAQAwEAYHKoZIzj0CAQYFK4EEAAMEZzBlAgEBBB4FBG477KvylisppUFwbDl/
+SRGnX5FFmfw/xWIiEMehQAM+AAQFii094UX6F5m8Dk0eI/DhF3+IDUu7h81hTdyZ
+xxET0IokxFkTUf/re9WPA7LxPOCuiIPZUNVCRxRWSuU=
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect239k1_PUB
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEBYotPeFF+heZvA5NHiPw4Rd/iA1Lu4fN
+YU3cmccRE9CKJMRZE1H/63vVjwOy8TzgroiD2VDVQkcUVkrl
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect239k1:BOB_sect239k1_PUB
+
+
+# ECDH Alice with Bob peer
+
+Derive=ALICE_sect239k1
+PeerKey=BOB_sect239k1_PUB
+SharedSecret=4d1c9a8ae73f754d0a593d6e426114f4f67d7c8082ccc4e04a72b0d2aff8
+
+# ECDH Bob with Alice peer
+
+Derive=BOB_sect239k1
+PeerKey=ALICE_sect239k1_PUB
+SharedSecret=4d1c9a8ae73f754d0a593d6e426114f4f67d7c8082ccc4e04a72b0d2aff8
+
+# TEST CURVE sect283k1
+
+PrivateKey=ALICE_sect283k1
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAGhnsmZ2UDKV3QKmq3k+
+33LQ6n5aCYvKXcMgiZlBS/RrVgIRoUwDSgAEBSgpOw5TMTc4O8HHhw5atJl5mrnW
+uC6oWVYRYpD1IMvPNTRsAYo4SYRmPIfgzVv/ESVcHVaD1lPNo+eq0HN1qhvRX+4r
+mGO7
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect283k1_PUB
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBSgpOw5TMTc4O8HHhw5atJl5mrnWuC6o
+WVYRYpD1IMvPNTRsAYo4SYRmPIfgzVv/ESVcHVaD1lPNo+eq0HN1qhvRX+4rmGO7
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect283k1:ALICE_sect283k1_PUB
+
+
+PrivateKey=BOB_sect283k1
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAAJXIwfWjYbiM5jEcNw8
+8/1kbEnhVjWGivO7zDPts7AuKSMkoUwDSgAEA5Ause5pdH6ks7PdyPeoPbYAkz6V
+D5v8KTV1b97PiYmZNDeoBY78FQyHRSvdSo+oRew2RacpaCAntRoiWHyN1nAdDSzj
+CN/m
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect283k1_PUB
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEA5Ause5pdH6ks7PdyPeoPbYAkz6VD5v8
+KTV1b97PiYmZNDeoBY78FQyHRSvdSo+oRew2RacpaCAntRoiWHyN1nAdDSzjCN/m
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect283k1:BOB_sect283k1_PUB
+
+
+# ECDH Alice with Bob peer
+
+Derive=ALICE_sect283k1
+PeerKey=BOB_sect283k1_PUB
+SharedSecret=02f2e682c2f60d7261624f3661a5e85fca920443b72aa4dd5a540082e65e552302d8f825
+
+# ECDH Bob with Alice peer
+
+Derive=BOB_sect283k1
+PeerKey=ALICE_sect283k1_PUB
+SharedSecret=02f2e682c2f60d7261624f3661a5e85fca920443b72aa4dd5a540082e65e552302d8f825
+
+# TEST CURVE sect283r1
+
+PrivateKey=ALICE_sect283r1
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAi4Jrhu19kt7H8jw1FO7
+VzCxh6p0pI0ogl3q9ev5NFkufZkZoUwDSgAEAHx6cwnWw+9l3oZHpx+R8nu7SLqU
+S40TU2uL0W6VTNANIvcJB1b++3okH0FJgFAahbaotafYTyfqCoY11VaxnVqU5/aE
+7jsD
+-----END PRIVATE KEY-----
+
+PublicKey=ALICE_sect283r1_PUB
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAHx6cwnWw+9l3oZHpx+R8nu7SLqUS40T
+U2uL0W6VTNANIvcJB1b++3okH0FJgFAahbaotafYTyfqCoY11VaxnVqU5/aE7jsD
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = ALICE_sect283r1:ALICE_sect283r1_PUB
+
+
+PrivateKey=BOB_sect283r1
+-----BEGIN PRIVATE KEY-----
+MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkACD04gJaVfVxK/Dpbxjq
+rzZWc6B76a23MK/IQD1jMlGPQzzxoUwDSgAEA13mIYMvik12DBp8JkdETMB1ewOw
+22C/xhnzLEHmgrG0ewxeANVAoIZy2uv5t0VUJIp4PYdLNaqIguN+9v6U78O4lass
+Iq5I
+-----END PRIVATE KEY-----
+
+PublicKey=BOB_sect283r1_PUB
+-----BEGIN PUBLIC KEY-----
+MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEA13mIYMvik12DBp8JkdETMB1ewOw22C/
+xhnzLEHmgrG0ewxeANVAoIZy2uv5t0VUJIp4PYdLNaqIguN+9v6U78O4lassIq5I
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = BOB_sect283r1:BOB_sect283r1_PUB
+
+
+# ECDH Alice with Bob peer
+
+Derive=ALICE_sect283r1
+PeerKey=BOB_sect283r1_PUB
+SharedSecret=05778bc1afcf38d7dddb2150cacbfe4d38dc588968fd8b2e859c28ae2629d3435f89f6cc
+
+# ECDH Bob with Alice peer
+
+Derive=BOB_sect283r1
+PeerKey=ALICE_sect283r1_PUB
+SharedSecret=05778bc1afcf38d7dddb2150cacbfe4d38dc588968fd8b2e859c28ae2629d3435f89f6cc
+
+# TEST CURVE sect409k1
+
+PrivateKey=ALICE_sect409k1
-----BEGIN PRIVATE KEY-----
-MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAIETDBKAgEBBBUBl9zmlPmFF5v9h1IIENAx
-1b8tj0+hLgMsAAQE3j8Jn58CCtEDwvOZ5DwgYGBYvIECz1zN8UwPfTFSdXjTWQcr
-9gWxNMA=
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMg1vV7wiPe1ovX+ukz
+VfwPZoqvyj/vdif04Opi9PcjV5mPBEZgSFBg8hbutNxZJdVLrxShbANqAAQACe1I
+J5ilSk1pPLvbcjEZIE6abC9LZ9WmHuNJxM9LAW1OuLvJGi72AsGYUOGpX0WGmK6C
+AYaqZb2Qeedq/yUIljDHYi66J+26owYl7lOMpRzZ9U2QDJrZ7TYuxeMUui6re0B+
+JuZdYw==
-----END PRIVATE KEY-----
-PublicKey=ALICE_sect163r1_PUB
+PublicKey=ALICE_sect409k1_PUB
-----BEGIN PUBLIC KEY-----
-MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEBN4/CZ+fAgrRA8LzmeQ8IGBgWLyBAs9c
-zfFMD30xUnV401kHK/YFsTTA
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAntSCeYpUpNaTy723IxGSBOmmwvS2fV
+ph7jScTPSwFtTri7yRou9gLBmFDhqV9FhpiuggGGqmW9kHnnav8lCJYwx2Iuuift
+uqMGJe5TjKUc2fVNkAya2e02LsXjFLouq3tAfibmXWM=
-----END PUBLIC KEY-----
-PrivPubKeyPair = ALICE_sect163r1:ALICE_sect163r1_PUB
+PrivPubKeyPair = ALICE_sect409k1:ALICE_sect409k1_PUB
-PrivateKey=BOB_sect163r1
+PrivateKey=BOB_sect409k1
-----BEGIN PRIVATE KEY-----
-MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAIETDBKAgEBBBUA/nzN5yCavvZlXyDGEihW
-rwG360+hLgMsAAQDt6XZHfzXABSTnGhzfoPtfdLZgaoGhBdeWz+318vNmC6AMJP+
-PntHzsA=
+MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMIYBGZZcZz4qCdhAV9
+vqpfe8vV+vJEhjawR52JUV1rumWEBPAx0o6E+gaxHBr5hzVGkIKhbANqAAQAAQKK
+s60CTUUkltsT+lIBukjz850pkGGLltJ4eaZn4k9AtN/lFTCq6Vgqe2sDrjA3b45q
+AdWjf1vRaP0wawJ13SjApJmyXg5hQks6d0Zqz2OHYhGEGiM159VtTlStK067dVe1
+fGVDeg==
-----END PRIVATE KEY-----
-PublicKey=BOB_sect163r1_PUB
+PublicKey=BOB_sect409k1_PUB
-----BEGIN PUBLIC KEY-----
-MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEA7el2R381wAUk5xoc36D7X3S2YGqBoQX
-Xls/t9fLzZgugDCT/j57R87A
+MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAECirOtAk1FJJbbE/pSAbpI8/OdKZBh
+i5bSeHmmZ+JPQLTf5RUwqulYKntrA64wN2+OagHVo39b0Wj9MGsCdd0owKSZsl4O
+YUJLOndGas9jh2IRhBojNefVbU5UrStOu3VXtXxlQ3o=
-----END PUBLIC KEY-----
-PrivPubKeyPair = BOB_sect163r1:BOB_sect163r1_PUB
+PrivPubKeyPair = BOB_sect409k1:BOB_sect409k1_PUB
# ECDH Alice with Bob peer
-Derive=ALICE_sect163r1
-PeerKey=BOB_sect163r1_PUB
-SharedSecret=02355c765bbc07fcc44bb1496e490912f6df56e6d4
+Derive=ALICE_sect409k1
+PeerKey=BOB_sect409k1_PUB
+SharedSecret=01523ec40ad40226a57281a4c423801ae9495dcf736eddd667023b1390977d018ce79313fb99c503f39cbee80f5c1968f3bd02e0
# ECDH Bob with Alice peer
-Derive=BOB_sect163r1
-PeerKey=ALICE_sect163r1_PUB
-SharedSecret=02355c765bbc07fcc44bb1496e490912f6df56e6d4
+Derive=BOB_sect409k1
+PeerKey=ALICE_sect409k1_PUB
+SharedSecret=01523ec40ad40226a57281a4c423801ae9495dcf736eddd667023b1390977d018ce79313fb99c503f39cbee80f5c1968f3bd02e0
-# TEST CURVE sect193r1
+# TEST CURVE sect409r1
-PrivateKey=ALICE_sect193r1
+PrivateKey=ALICE_sect409r1
-----BEGIN PRIVATE KEY-----
-MG8CAQAwEAYHKoZIzj0CAQYFK4EEABgEWDBWAgEBBBkAEQlofBlvj8zDK5o4CCfA
-aOQOmlAyTimBoTYDNAAEAKBcyRBxQDZTvpPM39ZVXYQS5aJwZfUnNwBn5T26m15R
-M4MLnYGdklcAM8oMOML999w=
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAYTMsTpey51D2ULnd
+pN+AAWnJLy9pTerziakhjii8OyWKpUVfpDFNneCCd2oQTDcPX5vdoWwDagAEAYfk
+3ZejxpVYCG7dYHTVhhcqILEyTYoQa4YehGPxKcbmgpqW4Wev1tEDVI3JIowICYGU
+owHXXzgDXoJeR79wgb7ySAlXJXgQ8Ficr7i0CaqyAuIpFw9FWJT3jheFwnbpDTvI
+eIozlf4=
-----END PRIVATE KEY-----
-PublicKey=ALICE_sect193r1_PUB
+PublicKey=ALICE_sect409r1_PUB
-----BEGIN PUBLIC KEY-----
-MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAKBcyRBxQDZTvpPM39ZVXYQS5aJwZfUn
-NwBn5T26m15RM4MLnYGdklcAM8oMOML999w=
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAYfk3ZejxpVYCG7dYHTVhhcqILEyTYoQ
+a4YehGPxKcbmgpqW4Wev1tEDVI3JIowICYGUowHXXzgDXoJeR79wgb7ySAlXJXgQ
+8Ficr7i0CaqyAuIpFw9FWJT3jheFwnbpDTvIeIozlf4=
-----END PUBLIC KEY-----
-PrivPubKeyPair = ALICE_sect193r1:ALICE_sect193r1_PUB
+PrivPubKeyPair = ALICE_sect409r1:ALICE_sect409r1_PUB
-PrivateKey=BOB_sect193r1
+PrivateKey=BOB_sect409r1
-----BEGIN PRIVATE KEY-----
-MG8CAQAwEAYHKoZIzj0CAQYFK4EEABgEWDBWAgEBBBkAnxvYLKZaw4Rj24WTRBfg
-iar5vp3R3pCJoTYDNAAEAXw0PWt3PtZT5v9aH0o6WnFtFGOBNEUpYQE/jBjzUHIC
-qMNZTHy9gT2R9yc0GBZ/Dic=
+MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAsCs1nRgwW97TdKIH
+PRcsqmK1e8TIZ00e6rqLb3nD4sIe+Gw/fGhSUER9akQ7lAluEUnfoWwDagAEAfM2
+fvBEic+7jV4oC+v8GfsunD9Zp9rzNgMp3dJ+ZU7r6Bp+ZH3dL9Uvv8kUiB89UlDl
+LwBm/W6TlzGuh1FnzXYKVnhnXpzSlRZQsPCceKukbV46Asl8O23b2+DPJgQBGbMf
+WsgK+KA=
-----END PRIVATE KEY-----
-PublicKey=BOB_sect193r1_PUB
+PublicKey=BOB_sect409r1_PUB
-----BEGIN PUBLIC KEY-----
-MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAXw0PWt3PtZT5v9aH0o6WnFtFGOBNEUp
-YQE/jBjzUHICqMNZTHy9gT2R9yc0GBZ/Dic=
+MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAfM2fvBEic+7jV4oC+v8GfsunD9Zp9rz
+NgMp3dJ+ZU7r6Bp+ZH3dL9Uvv8kUiB89UlDlLwBm/W6TlzGuh1FnzXYKVnhnXpzS
+lRZQsPCceKukbV46Asl8O23b2+DPJgQBGbMfWsgK+KA=
-----END PUBLIC KEY-----
-PrivPubKeyPair = BOB_sect193r1:BOB_sect193r1_PUB
+PrivPubKeyPair = BOB_sect409r1:BOB_sect409r1_PUB
# ECDH Alice with Bob peer
-Derive=ALICE_sect193r1
-PeerKey=BOB_sect193r1_PUB
-SharedSecret=00458b4c5ad122de5a377bea0adf1ab87bcb961b24ed764f47
+Derive=ALICE_sect409r1
+PeerKey=BOB_sect409r1_PUB
+SharedSecret=019dc849870dc6f79978aca8e1fc6aa6836c8fcb25bbfe3d5ab41ea53eae2c7329952280efb30f9097a31a774191e476dbd842d5
# ECDH Bob with Alice peer
-Derive=BOB_sect193r1
-PeerKey=ALICE_sect193r1_PUB
-SharedSecret=00458b4c5ad122de5a377bea0adf1ab87bcb961b24ed764f47
+Derive=BOB_sect409r1
+PeerKey=ALICE_sect409r1_PUB
+SharedSecret=019dc849870dc6f79978aca8e1fc6aa6836c8fcb25bbfe3d5ab41ea53eae2c7329952280efb30f9097a31a774191e476dbd842d5
-# TEST CURVE sect193r2
+# TEST CURVE sect571k1
-PrivateKey=ALICE_sect193r2
+PrivateKey=ALICE_sect571k1
-----BEGIN PRIVATE KEY-----
-MG8CAQAwEAYHKoZIzj0CAQYFK4EEABkEWDBWAgEBBBkAj54XQW+b3bnX9duvqaa+
-lPTNcvOlxRAvoTYDNAAEAHhW6xjH4TNPs/e12tsZcsGD+a92kAWkwQFc4m1ISx4o
-mtNyCVI7FXV5zNnaGWVACT4=
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIARO8hI8j6TZ556/d
+RcdGYvdblnALD2XZCKu2c3C5yQIeA8Tidi+f8n6cCnb5FtJNTYKqP8tRfHlwAZtW
+/giXi/4yF5K2twS3oYGVA4GSAAQAtiuUbz7v6njhujnDhanD4iV84K0LQd9wP1+k
+v0Bn833nKtFrZComgrip2SwUaEYOE6IcPyCJ48vWOKvIR6fU11tWwsFRPU0Cct0S
+qVbANAJzwL1umwuKNPblJ6ZEwcBdgw7hWFL6sh+0ayAQ3a8zOizhViJPCnaKR/Oo
+AtaUpCWLSTHDF1gK4/kmlwEx+8o=
-----END PRIVATE KEY-----
-PublicKey=ALICE_sect193r2_PUB
+PublicKey=ALICE_sect571k1_PUB
-----BEGIN PUBLIC KEY-----
-MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAHhW6xjH4TNPs/e12tsZcsGD+a92kAWk
-wQFc4m1ISx4omtNyCVI7FXV5zNnaGWVACT4=
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAtiuUbz7v6njhujnDhanD4iV84K0L
+Qd9wP1+kv0Bn833nKtFrZComgrip2SwUaEYOE6IcPyCJ48vWOKvIR6fU11tWwsFR
+PU0Cct0SqVbANAJzwL1umwuKNPblJ6ZEwcBdgw7hWFL6sh+0ayAQ3a8zOizhViJP
+CnaKR/OoAtaUpCWLSTHDF1gK4/kmlwEx+8o=
-----END PUBLIC KEY-----
-PrivPubKeyPair = ALICE_sect193r2:ALICE_sect193r2_PUB
+PrivPubKeyPair = ALICE_sect571k1:ALICE_sect571k1_PUB
-PrivateKey=BOB_sect193r2
+PrivateKey=BOB_sect571k1
-----BEGIN PRIVATE KEY-----
-MG8CAQAwEAYHKoZIzj0CAQYFK4EEABkEWDBWAgEBBBkAvMiVR0abk6pHoeOIBESL
-fB9B4gsZJjLsoTYDNAAEADtKDcwL660+Mm11Vl254GI3TnD+fragdwF+wY5qlMu5
-VtrUDMHuAP0q3eGQUsrzNo0=
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAVZT4tnX9dMWS6Vd
+YCoYRl9o/j/Hz7KGqF4Ujk9n9b4+mXbJ37tobpjnpNqKlJfI04w80JPp+NxpoBR3
+8p1bcc9iL4Smh48YoYGVA4GSAAQARzAx9yVkHL8pbe1myosILIhhLLURYRDHmopO
+IijLQmTATV9pYO7CrFBPBjaKNRjPpw/cVOs89X9Jdzx/bolkGqVAsjLN1tsCrqET
+31F4mpnfsPwcM6zbp6lE4N2gL5cakKMmyPNM4d3m8xl1f6e56LBYfaxOaqcYzbXC
+Q/Aiij13H06qKhuFM4iiB/0D164=
-----END PRIVATE KEY-----
-PublicKey=BOB_sect193r2_PUB
+PublicKey=BOB_sect571k1_PUB
-----BEGIN PUBLIC KEY-----
-MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEADtKDcwL660+Mm11Vl254GI3TnD+frag
-dwF+wY5qlMu5VtrUDMHuAP0q3eGQUsrzNo0=
+MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQARzAx9yVkHL8pbe1myosILIhhLLUR
+YRDHmopOIijLQmTATV9pYO7CrFBPBjaKNRjPpw/cVOs89X9Jdzx/bolkGqVAsjLN
+1tsCrqET31F4mpnfsPwcM6zbp6lE4N2gL5cakKMmyPNM4d3m8xl1f6e56LBYfaxO
+aqcYzbXCQ/Aiij13H06qKhuFM4iiB/0D164=
-----END PUBLIC KEY-----
-PrivPubKeyPair = BOB_sect193r2:BOB_sect193r2_PUB
+PrivPubKeyPair = BOB_sect571k1:BOB_sect571k1_PUB
# ECDH Alice with Bob peer
-Derive=ALICE_sect193r2
-PeerKey=BOB_sect193r2_PUB
-SharedSecret=019d1f316d204a9cd1b9632cebb4accddb204158be3e435891
+Derive=ALICE_sect571k1
+PeerKey=BOB_sect571k1_PUB
+SharedSecret=05a423515fcc91b3171c83edd5c4085ff729a8ff0a3fa1578ebf769523ded0f5c1e387cf63109f2fbd95e117345b788b4577fdc6b6e727230bfc73eae0d4e851cb6f6e616eddb13e
# ECDH Bob with Alice peer
-Derive=BOB_sect193r2
-PeerKey=ALICE_sect193r2_PUB
-SharedSecret=019d1f316d204a9cd1b9632cebb4accddb204158be3e435891
+Derive=BOB_sect571k1
+PeerKey=ALICE_sect571k1_PUB
+SharedSecret=05a423515fcc91b3171c83edd5c4085ff729a8ff0a3fa1578ebf769523ded0f5c1e387cf63109f2fbd95e117345b788b4577fdc6b6e727230bfc73eae0d4e851cb6f6e616eddb13e
-# TEST CURVE sect239k1
+# TEST CURVE sect571r1
-PrivateKey=ALICE_sect239k1
+PrivateKey=ALICE_sect571r1
-----BEGIN PRIVATE KEY-----
-MH4CAQAwEAYHKoZIzj0CAQYFK4EEAAMEZzBlAgEBBB4MhpuQTtDeLBboZgiW11d/
-KBlgUL4YvTjZ8zg4HR2hQAM+AAQafRD6X3L/7c/FN69KuA04a4bhxHZezmz1G15m
-tltwl8zlWsR5+GNToxV0OBLbStAQbXxqBa2Gg83B0oc=
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIArsi//Zp9veeURYV
+zGYHn4MlNIxNt6U6vtmTPS/NaoiaavxbOimpHgxYPCjpoPYhM33Z2VBh7pl2aoRW
+3GBepLFLoF8oiQaLoYGVA4GSAAQDRG2b7KCUKbGDTWVgW0qqNC3oYcz4f/AwTHmo
+US1mzdRZj/Sf6IU+7mITGnQ6lg1EkTas/X6TK1hNMV7tAjSeowdN75wzd8YF32SF
+HMIcWew5g56oF961qv3IvICZnRAOmWyGHeHdYwHxMBSBPNgua42QGoJz6J6dYAUe
+vE+F3N29p/tRBGNzMFIqoDdW+NA=
-----END PRIVATE KEY-----
-PublicKey=ALICE_sect239k1_PUB
+PublicKey=ALICE_sect571r1_PUB
-----BEGIN PUBLIC KEY-----
-MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEGn0Q+l9y/+3PxTevSrgNOGuG4cR2Xs5s
-9RteZrZbcJfM5VrEefhjU6MVdDgS20rQEG18agWthoPNwdKH
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQDRG2b7KCUKbGDTWVgW0qqNC3oYcz4
+f/AwTHmoUS1mzdRZj/Sf6IU+7mITGnQ6lg1EkTas/X6TK1hNMV7tAjSeowdN75wz
+d8YF32SFHMIcWew5g56oF961qv3IvICZnRAOmWyGHeHdYwHxMBSBPNgua42QGoJz
+6J6dYAUevE+F3N29p/tRBGNzMFIqoDdW+NA=
-----END PUBLIC KEY-----
-PrivPubKeyPair = ALICE_sect239k1:ALICE_sect239k1_PUB
+PrivPubKeyPair = ALICE_sect571r1:ALICE_sect571r1_PUB
-PrivateKey=BOB_sect239k1
+PrivateKey=BOB_sect571r1
-----BEGIN PRIVATE KEY-----
-MH4CAQAwEAYHKoZIzj0CAQYFK4EEAAMEZzBlAgEBBB4FBG477KvylisppUFwbDl/
-SRGnX5FFmfw/xWIiEMehQAM+AAQFii094UX6F5m8Dk0eI/DhF3+IDUu7h81hTdyZ
-xxET0IokxFkTUf/re9WPA7LxPOCuiIPZUNVCRxRWSuU=
+MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAYj65N5XJTQusn+h
+Z9xj/dgZ4qR1GDC1Ij7jYuow+TvGrG2wz/WT76/lLNtlCLfDW2kODDUmDAJeK/e+
+VMO7suJTXGnrGFHioYGVA4GSAAQGxykYFxqz7jZxcBbiPLYfJEhXlf2SYmMKve74
+trOT+qjIm35+uUAcg2krOzH7X/8wH6bVSn/UKG/k27wZrAnWzZ5XKd8QI70H8aHv
+LgrCoMoqOno+h6J4TgvlDq7FIGZ8fvDaM7YJ8dHPX5FC8Vyphu82TcNdnNATBqom
+6WDWc7RTFZ4sijL5ywVhovwJ1gA=
-----END PRIVATE KEY-----
-PublicKey=BOB_sect239k1_PUB
+PublicKey=BOB_sect571r1_PUB
-----BEGIN PUBLIC KEY-----
-MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEBYotPeFF+heZvA5NHiPw4Rd/iA1Lu4fN
-YU3cmccRE9CKJMRZE1H/63vVjwOy8TzgroiD2VDVQkcUVkrl
+MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQGxykYFxqz7jZxcBbiPLYfJEhXlf2S
+YmMKve74trOT+qjIm35+uUAcg2krOzH7X/8wH6bVSn/UKG/k27wZrAnWzZ5XKd8Q
+I70H8aHvLgrCoMoqOno+h6J4TgvlDq7FIGZ8fvDaM7YJ8dHPX5FC8Vyphu82TcNd
+nNATBqom6WDWc7RTFZ4sijL5ywVhovwJ1gA=
-----END PUBLIC KEY-----
-PrivPubKeyPair = BOB_sect239k1:BOB_sect239k1_PUB
+PrivPubKeyPair = BOB_sect571r1:BOB_sect571r1_PUB
# ECDH Alice with Bob peer
-Derive=ALICE_sect239k1
-PeerKey=BOB_sect239k1_PUB
-SharedSecret=4d1c9a8ae73f754d0a593d6e426114f4f67d7c8082ccc4e04a72b0d2aff8
+Derive=ALICE_sect571r1
+PeerKey=BOB_sect571r1_PUB
+SharedSecret=004b397e564055e2c7d87648183c948655ccb0ebb20bd441f9b11635cf461cb5815ff060eab33091b9f7aed67bec8ba1bb7b22437ece3c92c7cf76124408fb951595dfb4a512b2ae
# ECDH Bob with Alice peer
-Derive=BOB_sect239k1
-PeerKey=ALICE_sect239k1_PUB
-SharedSecret=4d1c9a8ae73f754d0a593d6e426114f4f67d7c8082ccc4e04a72b0d2aff8
+Derive=BOB_sect571r1
+PeerKey=ALICE_sect571r1_PUB
+SharedSecret=004b397e564055e2c7d87648183c948655ccb0ebb20bd441f9b11635cf461cb5815ff060eab33091b9f7aed67bec8ba1bb7b22437ece3c92c7cf76124408fb951595dfb4a512b2ae
# TEST CURVE c2pnb163v1
@@ -2309,3 +3096,375 @@ SharedSecret=c75a8283a73312de82c8f99d41a9173a43b8f921e8161dd140131b36
Derive=BOB_wap-wsg-idm-ecid-wtls12
PeerKey=ALICE_wap-wsg-idm-ecid-wtls12_PUB
SharedSecret=c75a8283a73312de82c8f99d41a9173a43b8f921e8161dd140131b36
+
+
+Title = ECDH KATs (from RFC 5114, 5903, 7027)
+
+# Keys and shared secrets from RFC 5114
+PrivateKey=PRIME192V1_RFC5114
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBgyP6MWnY6cZZP1lHa8
+FCAAq1vg4knENCahNAMyAATNRkiez9bBBeez0yVm4rEi4kmrqt2HBhJoiHtId99R
+3U3D1v0R8KJvj9OEQxeRbpo=
+-----END PRIVATE KEY-----
+
+PublicKey=PRIME192V1_RFC5114-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEzUZIns/WwQXns9MlZuKxIuJJq6rd
+hwYSaIh7SHffUd1Nw9b9EfCib4/ThEMXkW6a
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = PRIME192V1_RFC5114:PRIME192V1_RFC5114-PUBLIC
+
+
+PrivateKey=PRIME192V1_RFC5114-Peer
+-----BEGIN PRIVATE KEY-----
+MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhjH5W7SmdjLJxHbu6a
+tpWrJAoEmTB/z2KhNAMyAARRmhIWgOAEVGa6Id8u7kf1lztQBXfvE9X/YTq01kzu
+OiCHW9sQ+VP2swygcsYKpX8=
+-----END PRIVATE KEY-----
+
+PublicKey=PRIME192V1_RFC5114-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEUZoSFoDgBFRmuiHfLu5H9Zc7UAV3
+7xPV/2E6tNZM7jogh1vbEPlT9rMMoHLGCqV/
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = PRIME192V1_RFC5114-Peer:PRIME192V1_RFC5114-Peer-PUBLIC
+
+
+
+Derive=PRIME192V1_RFC5114
+PeerKey=PRIME192V1_RFC5114-Peer-PUBLIC
+SharedSecret=AD420182633F8526BFE954ACDA376F05E5FF4F837F54FEBE
+
+Derive=PRIME192V1_RFC5114-Peer
+PeerKey=PRIME192V1_RFC5114-PUBLIC
+SharedSecret=AD420182633F8526BFE954ACDA376F05E5FF4F837F54FEBE
+
+PrivateKey=SECP224R1_RFC5114
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBy1WOtsKI2nB7u0+PuuKrnp
+y2LjvFx1c+IuJtN/oTwDOgAESd/vMJ+BSIwwTP9as+5aIVQ2fceDMVDgpR8+608r
+XuRXYsT2VMGgxn9Uz4iwFrUbzj18Io1XrbQ=
+-----END PRIVATE KEY-----
+
+PublicKey=SECP224R1_RFC5114-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAESd/vMJ+BSIwwTP9as+5aIVQ2fceDMVDg
+pR8+608rXuRXYsT2VMGgxn9Uz4iwFrUbzj18Io1XrbQ=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP224R1_RFC5114:SECP224R1_RFC5114-PUBLIC
+
+
+PrivateKey=SECP224R1_RFC5114-Peer
+-----BEGIN PRIVATE KEY-----
+MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBysOxrdPZdw5vanCO6fO44K
+s7SA6fJ/hciLXm0YoTwDOgAEazrJao0M3mpVmb6AMu3xDBYtCorSGVBtzUKiB9SR
+vpnCE6fRyjcG3r/jBfNhr8uzPiYJyLFhitU=
+-----END PRIVATE KEY-----
+
+PublicKey=SECP224R1_RFC5114-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEazrJao0M3mpVmb6AMu3xDBYtCorSGVBt
+zUKiB9SRvpnCE6fRyjcG3r/jBfNhr8uzPiYJyLFhitU=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP224R1_RFC5114-Peer:SECP224R1_RFC5114-Peer-PUBLIC
+
+
+
+
+Derive=SECP224R1_RFC5114
+PeerKey=SECP224R1_RFC5114-Peer-PUBLIC
+SharedSecret=52272F50F46F4EDC9151569092F46DF2D96ECC3B6DC1714A4EA949FA
+
+
+Derive=SECP224R1_RFC5114-Peer
+PeerKey=SECP224R1_RFC5114-PUBLIC
+SharedSecret=52272F50F46F4EDC9151569092F46DF2D96ECC3B6DC1714A4EA949FA
+
+PrivateKey=PRIME256V1_RFC5114
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQggUJkFF8vVvLpao4z
+ehKEmT+vQypavOWehntykdUHo6+hRANCAAQq9QLzvolS8sm1qNQWDQnpcWW+ULxC
+rkpejTtLqDrrFesPr0yphsTThoGg+YctedVnlb1L/25t48D1AV7OXv2F
+-----END PRIVATE KEY-----
+
+PublicKey=PRIME256V1_RFC5114-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKvUC876JUvLJtajUFg0J6XFlvlC8
+Qq5KXo07S6g66xXrD69MqYbE04aBoPmHLXnVZ5W9S/9ubePA9QFezl79hQ==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = PRIME256V1_RFC5114:PRIME256V1_RFC5114-PUBLIC
+
+
+PrivateKey=PRIME256V1_RFC5114-Peer
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgLOF4jsGX4JbblaIA
+zAqyahnOa8ytViuO7htZN2HPf0GhRANCAASxIN5Ko2SSeVNG6N5sLIZGrgaq6ief
+p3WzqwcV9s5RsJ8bfuziDXte2OxoX6Pwcdg3JwJwkqhBE4XDTd5XCLK2
+-----END PRIVATE KEY-----
+
+PublicKey=PRIME256V1_RFC5114-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsSDeSqNkknlTRujebCyGRq4Gquon
+n6d1s6sHFfbOUbCfG37s4g17XtjsaF+j8HHYNycCcJKoQROFw03eVwiytg==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = PRIME256V1_RFC5114-Peer:PRIME256V1_RFC5114-Peer-PUBLIC
+
+
+
+
+Derive=PRIME256V1_RFC5114
+PeerKey=PRIME256V1_RFC5114-Peer-PUBLIC
+SharedSecret=DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788
+
+
+Derive=PRIME256V1_RFC5114-Peer
+PeerKey=PRIME256V1_RFC5114-PUBLIC
+SharedSecret=DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788
+
+PrivateKey=SECP384R1_RFC5114
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDSczXqcWZK8kTdFOn9
+EmBxXf2KeWVXHEjXCe56eWKhVtcGqQy8td8phvBf6tuTdvGhZANiAAR5MUjxeHY0
+1dpMbZB0QX0F4FerYvggVNEO5rBAPWJ5VH5qjqnR/XdCfQFv4nqLjGbGxBKUMx0j
+5vSA9PtM1AUEyUc5LpT0w/BrjzmLsp5CNo96aFkj3jtnus7SFKGh0Sg=
+-----END PRIVATE KEY-----
+
+PublicKey=SECP384R1_RFC5114-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEeTFI8Xh2NNXaTG2QdEF9BeBXq2L4IFTR
+DuawQD1ieVR+ao6p0f13Qn0Bb+J6i4xmxsQSlDMdI+b0gPT7TNQFBMlHOS6U9MPw
+a485i7KeQjaPemhZI947Z7rO0hShodEo
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP384R1_RFC5114:SECP384R1_RFC5114-PUBLIC
+
+
+PrivateKey=SECP384R1_RFC5114-Peer
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBS0Xkf20tw+JwPANRW
+wvcCO2ElJiw2p98fgCMRIczj05vlLgDBlKQTLEpsdovNlNKhZANiAARc1Cq5xBtT
+R/dLjU77cIs9WzbbZZFTWbRKvBdke2uZmXidcqhIZa4vIj8StaGrwSDhcUWP6qk5
+qqOov6xGtAS9j21bNIwPpNgM7KFjVsqTMkC96HI0Fajs4DWw7fNnVd4=
+-----END PRIVATE KEY-----
+
+PublicKey=SECP384R1_RFC5114-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEXNQqucQbU0f3S41O+3CLPVs222WRU1m0
+SrwXZHtrmZl4nXKoSGWuLyI/ErWhq8Eg4XFFj+qpOaqjqL+sRrQEvY9tWzSMD6TY
+DOyhY1bKkzJAvehyNBWo7OA1sO3zZ1Xe
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP384R1_RFC5114-Peer:SECP384R1_RFC5114-Peer-PUBLIC
+
+
+
+
+Derive=SECP384R1_RFC5114
+PeerKey=SECP384R1_RFC5114-Peer-PUBLIC
+SharedSecret=5EA1FC4AF7256D2055981B110575E0A8CAE53160137D904C59D926EB1B8456E427AA8A4540884C37DE159A58028ABC0E
+
+
+Derive=SECP384R1_RFC5114-Peer
+PeerKey=SECP384R1_RFC5114-PUBLIC
+SharedSecret=5EA1FC4AF7256D2055981B110575E0A8CAE53160137D904C59D926EB1B8456E427AA8A4540884C37DE159A58028ABC0E
+
+PrivateKey=SECP521R1_RFC5114
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBE/gtqCVzXj2XJ2aD
+srdCd7rSczXqcWZK8kMMxPM0WblmnueLP/ubhoMBXTRNy/72+5r0xsRwviVFFs08
+Gh+0c2KhgYkDgYYABAHrs03XVyGr+K3J2+0XiJy7l2XZCnxg8s7wB7sPKybhSIH9
+RELmidYcst0EbuMOP/0g+aRbvfZBPVg6Lb9Zkk/TXAD2tjLRlMA4jiLYQ35VjFUq
+4ZWt/RU/ktdJCDUbL4xO2pTtsJFtG1PAILXuyu0aX8OKIz5IMFh7su40ibO0KlqG
+pA==
+-----END PRIVATE KEY-----
+
+PublicKey=SECP521R1_RFC5114-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB67NN11chq/itydvtF4icu5dl2Qp8
+YPLO8Ae7Dysm4UiB/URC5onWHLLdBG7jDj/9IPmkW732QT1YOi2/WZJP01wA9rYy
+0ZTAOI4i2EN+VYxVKuGVrf0VP5LXSQg1Gy+MTtqU7bCRbRtTwCC17srtGl/DiiM+
+SDBYe7LuNImztCpahqQ=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP521R1_RFC5114:SECP521R1_RFC5114-PUBLIC
+
+
+PrivateKey=SECP521R1_RFC5114-Peer
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAzuNIDYZFoX0knyd2
+0ouuYWlS0Xkf20tw98M3hzKqGyKShEi80dwkltQ1sBBIBm6+T3KQPDYbGp3BGT3C
+ydCJG5ahgYkDgYYABAEOv6/G6F4I0kv//MGkUR2w5jS+6xtt7IxZOa5EdmIBr2IA
+QwupfIrGoOnwizPOfp/utbpO5eDYFRDCQpW4oI0CNQCkpuwwDfniV7A3K156v+8J
+NDZxmneIfrsLGM+Ambn0IStuMKFBnBjgKdNoY8ydRI9Nuk0qDmBxG+VykV+9T+8m
+lQ==
+-----END PRIVATE KEY-----
+
+PublicKey=SECP521R1_RFC5114-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBDr+vxuheCNJL//zBpFEdsOY0vusb
+beyMWTmuRHZiAa9iAEMLqXyKxqDp8Iszzn6f7rW6TuXg2BUQwkKVuKCNAjUApKbs
+MA354lewNyteer/vCTQ2cZp3iH67CxjPgJm59CErbjChQZwY4CnTaGPMnUSPTbpN
+Kg5gcRvlcpFfvU/vJpU=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP521R1_RFC5114-Peer:SECP521R1_RFC5114-Peer-PUBLIC
+
+
+
+
+Derive=SECP521R1_RFC5114
+PeerKey=SECP521R1_RFC5114-Peer-PUBLIC
+SharedSecret=00CDEA89621CFA46B132F9E4CFE2261CDE2D4368EB5656634C7CC98C7A00CDE54ED1866A0DD3E6126C9D2F845DAFF82CEB1DA08F5D87521BB0EBECA77911169C20CC
+
+
+Derive=SECP521R1_RFC5114-Peer
+PeerKey=SECP521R1_RFC5114-PUBLIC
+SharedSecret=00CDEA89621CFA46B132F9E4CFE2261CDE2D4368EB5656634C7CC98C7A00CDE54ED1866A0DD3E6126C9D2F845DAFF82CEB1DA08F5D87521BB0EBECA77911169C20CC
+
+# Keys and shared secrets from RFC 5903
+PrivateKey=PRIME256V1_RFC5903
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgyI8B9RDZrD9wopLa
+ojFt5UTpqriv6EBJxiqcV4YtFDOhRANCAATa0LZTlCIc+bBR4f7KV4fQmN/mN/yQ
+ue+UXQw3clgRgFJxoEYc24JS1h8cRW+j5Zqx9FszrM9fWDieBXe4mQuz
+-----END PRIVATE KEY-----
+
+PublicKey=PRIME256V1_RFC5903-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2tC2U5QiHPmwUeH+yleH0Jjf5jf8
+kLnvlF0MN3JYEYBScaBGHNuCUtYfHEVvo+WasfRbM6zPX1g4ngV3uJkLsw==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = PRIME256V1_RFC5903:PRIME256V1_RFC5903-PUBLIC
+
+
+PrivateKey=PRIME256V1_RFC5903-Peer
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgxu+cXXiuASoBEWSs
+s5fOIIhoXY8Gv5vgsoOrRkdr7lOhRANCAATRLftSicjU+BIItwJwOYw0IpaXCgvM
+t0xzb8dVRJS/Y1b788o2bMI+gVeFTBPFjWqsI/BGraMPg1PnTzMDmHKr
+-----END PRIVATE KEY-----
+
+PublicKey=PRIME256V1_RFC5903-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0S37UonI1PgSCLcCcDmMNCKWlwoL
+zLdMc2/HVUSUv2NW+/PKNmzCPoFXhUwTxY1qrCPwRq2jD4NT508zA5hyqw==
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = PRIME256V1_RFC5903-Peer:PRIME256V1_RFC5903-Peer-PUBLIC
+
+
+
+
+Derive=PRIME256V1_RFC5903
+PeerKey=PRIME256V1_RFC5903-Peer-PUBLIC
+SharedSecret=D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE
+
+
+Derive=PRIME256V1_RFC5903-Peer
+PeerKey=PRIME256V1_RFC5903-PUBLIC
+SharedSecret=D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE
+
+PrivateKey=SECP384R1_RFC5903
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAJnzxwNNSixpmITXOj
+daZ/diTvfGs8DxYGR7Z0FNzmVeNbU4BB5knuP674lng6sZShZANiAARmeELX0YCs
+LN5vdPN1UfVXVcdkXCDvc+MWNP5ytMVe5t46yAistL20yIcyrulfQaqUgu0fwO65
+yvxJhGJcz8I/ZQMhSeDhRK2gJBgVNaDzjuufz/PCyUfa5ptMY0VzqBw=
+-----END PRIVATE KEY-----
+
+PublicKey=SECP384R1_RFC5903-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZnhC19GArCzeb3TzdVH1V1XHZFwg73Pj
+FjT+crTFXubeOsgIrLS9tMiHMq7pX0GqlILtH8Duucr8SYRiXM/CP2UDIUng4USt
+oCQYFTWg847rn8/zwslH2uabTGNFc6gc
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP384R1_RFC5903:SECP384R1_RFC5903-PUBLIC
+
+
+PrivateKey=SECP384R1_RFC5903-Peer
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBBywd5tL24XUeEZyX7
+7DyUMPq0bMjcUGCFXMm9oKopQuAwgxKRa47Slg5L1Vp0SPyhZANiAATlWNvvU+7N
+49P8z8GuoIqJqYdHXRL9lQ2Dz6QXMrxQnQ0axDoDNt75b9pB0HdKNXHc++x6rPMZ
+ZHIWnoOEMDZ/Zu6+PG5wxBbdXwxodZ3R//g/pAFCIJ3/XqrZbbnmOGw=
+-----END PRIVATE KEY-----
+
+PublicKey=SECP384R1_RFC5903-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE5Vjb71PuzePT/M/BrqCKiamHR10S/ZUN
+g8+kFzK8UJ0NGsQ6Azbe+W/aQdB3SjVx3PvseqzzGWRyFp6DhDA2f2buvjxucMQW
+3V8MaHWd0f/4P6QBQiCd/16q2W255jhs
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP384R1_RFC5903-Peer:SECP384R1_RFC5903-Peer-PUBLIC
+
+
+
+Derive=SECP384R1_RFC5903
+PeerKey=SECP384R1_RFC5903-Peer-PUBLIC
+SharedSecret=11187331C279962D93D604243FD592CB9D0A926F422E47187521287E7156C5C4D603135569B9E9D09CF5D4A270F59746
+
+
+Derive=SECP384R1_RFC5903-Peer
+PeerKey=SECP384R1_RFC5903-PUBLIC
+SharedSecret=11187331C279962D93D604243FD592CB9D0A926F422E47187521287E7156C5C4D603135569B9E9D09CF5D4A270F59746
+
+PrivateKey=SECP521R1_RFC5903
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAN63pMZqJ9Nq9s+9B
+GqzMpRI8YayrV7U5Pc5HYIFyoJWqhaMP4cKVLGdx2Te6l3f1lXsmObqwckYvaMJ6
+VzgtSlKhgYkDgYYABAAVQX6E2/KMCtPCeHEzSdx98VPIl6GJG9mLq0NXyey+4eO/
+QuALjjgK6uV8LRB1ZJQYhZQq9af0YBcjxBldF2ztPgF8riC2ZB0u62lXhtjJRhRi
+OdCZ4Y4dWlFMc518tKEK2KeIAVrEBdd5ncdee31bbPImGmp/FQdDi/Ab62yjkm+V
+gg==
+-----END PRIVATE KEY-----
+
+PublicKey=SECP521R1_RFC5903-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAFUF+hNvyjArTwnhxM0ncffFTyJeh
+iRvZi6tDV8nsvuHjv0LgC444CurlfC0QdWSUGIWUKvWn9GAXI8QZXRds7T4BfK4g
+tmQdLutpV4bYyUYUYjnQmeGOHVpRTHOdfLShCtiniAFaxAXXeZ3HXnt9W2zyJhpq
+fxUHQ4vwG+tso5JvlYI=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP521R1_RFC5903:SECP521R1_RFC5903-PUBLIC
+
+
+PrivateKey=SECP521R1_RFC5903-Peer
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBRbqZqEevQ3k/3Q6H
+LnzfoWvjD9x4D5e8zD8Hg4AgHpxnfWALNDdXo72/KjFj5ML4acynRYqkpO/8MR9c
+sVFoXrmhgYkDgYYABADQs5daxLeZ9b6hbV4T6a+XHV6bmEyfOXKLXlc5c1ohm5fD
+VkNq3G6VuwNS9r5kpsKRLU7y0EM87SthcWQAEtlGDwFcaCJjg5VuO9Bm55e2I8J8
+4OrC9VGhDCxyTZhSB3uHIgtlNsXECKHSrruOhtZ4rknLVwkfRzIpZXmrRPzRfw/F
+ag==
+-----END PRIVATE KEY-----
+
+PublicKey=SECP521R1_RFC5903-Peer-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA0LOXWsS3mfW+oW1eE+mvlx1em5hM
+nzlyi15XOXNaIZuXw1ZDatxulbsDUva+ZKbCkS1O8tBDPO0rYXFkABLZRg8BXGgi
+Y4OVbjvQZueXtiPCfODqwvVRoQwsck2YUgd7hyILZTbFxAih0q67jobWeK5Jy1cJ
+H0cyKWV5q0T80X8PxWo=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair = SECP521R1_RFC5903-Peer:SECP521R1_RFC5903-Peer-PUBLIC
+
+
+Derive=SECP521R1_RFC5903
+PeerKey=SECP521R1_RFC5903-Peer-PUBLIC
+SharedSecret=01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3DDEA
+
+
+Derive=SECP521R1_RFC5903-Peer
+PeerKey=SECP521R1_RFC5903-PUBLIC
+SharedSecret=01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3DDEA
diff --git a/test/recipes/30-test_evp_data/evppkey_ecdh_nist.txt b/test/recipes/30-test_evp_data/evppkey_ecdh_nist.txt
deleted file mode 100644
index d7dec1d0e7..0000000000
--- a/test/recipes/30-test_evp_data/evppkey_ecdh_nist.txt
+++ /dev/null
@@ -1,1177 +0,0 @@
-#
-# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License"). You may not use
-# this file except in compliance with the License. You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-# Tests start with one of these keywords
-# Cipher Decrypt Derive Digest Encoding KDF MAC PBE
-# PrivPubKeyPair Sign Verify VerifyRecover
-# and continue until a blank line. Lines starting with a pound sign are ignored.
-
-
-# Public key algorithm tests
-
-# Private keys used for PKEY operations.
-
-
-# EC P-256 key
-
-PrivateKey=P-256
------BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiocvtiiTxNH/xbnw
-+RdYBp+DUuCPoFpJ+NuSbLVyhyWhRANCAAQsFQ9CnOcPIWwlLPXgYs4fY5zV0WXH
-+JQkBywnGX14szuSDpXNtmTpkNzwz+oNlOKo5q+dDlgFbmUxBJJbn+bJ
------END PRIVATE KEY-----
-
-# EC public key for above
-
-PublicKey=P-256-PUBLIC
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUPQpznDyFsJSz14GLOH2Oc1dFl
-x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ==
------END PUBLIC KEY-----
-
-PrivPubKeyPair = P-256:P-256-PUBLIC
-
-# Additional EC key for ECDH
-PrivateKey=P-256-Peer
------BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/URzu1TDNwUFWZ3i
-dLISAZpEY0vfJ2pLB7f+Xnjyl2OhRANCAAQgBuXhSgeKpz+4piXlYSVLvy0NT+wK
-uZWUI3LqUUCV07wg+RLLMY8yNK9kjqcgZDs/cB+bet64nQq+dNnvtpxG
------END PRIVATE KEY-----
-
-PublicKey=P-256-Peer-PUBLIC
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIAbl4UoHiqc/uKYl5WElS78tDU/s
-CrmVlCNy6lFAldO8IPkSyzGPMjSvZI6nIGQ7P3Afm3reuJ0KvnTZ77acRg==
------END PUBLIC KEY-----
-
-PrivPubKeyPair = P-256-Peer:P-256-Peer-PUBLIC
-
-Title = ECDH tests
-
-
-Derive=P-256
-PeerKey=P-256-Peer-PUBLIC
-SharedSecret=E3CC07DFBDDE76A1139811DB9FF5FAF9D17EF39944F1E77D1F6A208524BF7B1B
-
-
-Derive=P-256-Peer
-PeerKey=P-256-PUBLIC
-SharedSecret=E3CC07DFBDDE76A1139811DB9FF5FAF9D17EF39944F1E77D1F6A208524BF7B1B
-
-# TEST CURVE secp224r1
-
-PrivateKey=ALICE_secp224r1
------BEGIN PRIVATE KEY-----
-MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBxLKkXFJXYqGUlTsmgjlesi
-kwqejrekrkSTbehyoTwDOgAEUcEh0Ggy/rD+Nj9JQozzI+qzPtiU7b2D2HtdCa4h
-fbVPXngcRH2B2xN8W+dcHoIxrxO2UFXy4xo=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_secp224r1_PUB
------BEGIN PUBLIC KEY-----
-ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEUcEh0Ggy/rD+Nj9JQozzI+qzPtiU7b2D
-2HtdCa4hfbVPXngcRH2B2xN8W+dcHoIxrxO2UFXy4xo=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = ALICE_secp224r1:ALICE_secp224r1_PUB
-
-
-PrivateKey=BOB_secp224r1
------BEGIN PRIVATE KEY-----
-MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBzOHGGUR3fZYg3GSaUN6pxo
-NQtAlOzM3UclEhMzoTwDOgAEdwFklK/YoDRU6bM7X2ulNLwqx9TUETMFUM6VV9DB
-4YcvAzv6pQgVwYEU7IahmSKpX19chbPt2I0=
------END PRIVATE KEY-----
-
-PublicKey=BOB_secp224r1_PUB
------BEGIN PUBLIC KEY-----
-ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEdwFklK/YoDRU6bM7X2ulNLwqx9TUETMF
-UM6VV9DB4YcvAzv6pQgVwYEU7IahmSKpX19chbPt2I0=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = BOB_secp224r1:BOB_secp224r1_PUB
-
-
-# ECDH Alice with Bob peer
-
-Derive=ALICE_secp224r1
-PeerKey=BOB_secp224r1_PUB
-SharedSecret=34ea06d16d82f0d1725de47f3639ac0c23db7d7ed68f01488539a2a5
-
-# ECDH Bob with Alice peer
-
-Derive=BOB_secp224r1
-PeerKey=ALICE_secp224r1_PUB
-SharedSecret=34ea06d16d82f0d1725de47f3639ac0c23db7d7ed68f01488539a2a5
-
-# TEST CURVE secp384r1
-
-PrivateKey=ALICE_secp384r1
------BEGIN PRIVATE KEY-----
-MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCxE7Q4m1dsK7M3Otxo
-cgY/ejX9JOKKdAtSnRiU4bnK3eFmALkMN7XIveQnWLB1PEKhZANiAAQaUsvUFr/u
-ISpAmYqYZIme4VassCtb0tNGU97s3qt4ozcogZ4z+fIzXZ4YXqfGoEa57+uQDgqr
-+jNOTji7Gxopt6AqZ9EvwuVaCuunUi0pcx6cc8IuUfrwMwSFovV/7sM=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_secp384r1_PUB
------BEGIN PUBLIC KEY-----
-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGlLL1Ba/7iEqQJmKmGSJnuFWrLArW9LT
-RlPe7N6reKM3KIGeM/nyM12eGF6nxqBGue/rkA4Kq/ozTk44uxsaKbegKmfRL8Ll
-Wgrrp1ItKXMenHPCLlH68DMEhaL1f+7D
------END PUBLIC KEY-----
-
-PrivPubKeyPair = ALICE_secp384r1:ALICE_secp384r1_PUB
-
-
-PrivateKey=BOB_secp384r1
------BEGIN PRIVATE KEY-----
-MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBRiGXRsb5sUq0b3/dg
-Z+pA9kbrSivBMCUCXVwxno1d/30hI/Yy0Z5PWwbBgwTFprWhZANiAASp1FeUOBJF
-mzQCNbGiOz8He0kF+KIf24UGYVO5MC7u5rV9hpoYsbcgmwxALskPN18os2ygK1Pn
-f/h+WALIsG2RknSTbiyvBYkoIhJV9cflvEDpMeaWSLF7qJ5YjEIf9PM=
------END PRIVATE KEY-----
-
-PublicKey=BOB_secp384r1_PUB
------BEGIN PUBLIC KEY-----
-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEqdRXlDgSRZs0AjWxojs/B3tJBfiiH9uF
-BmFTuTAu7ua1fYaaGLG3IJsMQC7JDzdfKLNsoCtT53/4flgCyLBtkZJ0k24srwWJ
-KCISVfXH5bxA6THmlkixe6ieWIxCH/Tz
------END PUBLIC KEY-----
-
-PrivPubKeyPair = BOB_secp384r1:BOB_secp384r1_PUB
-
-
-# ECDH Alice with Bob peer
-
-Derive=ALICE_secp384r1
-PeerKey=BOB_secp384r1_PUB
-SharedSecret=2006ed49acbb991b8fbf8a15c3f263542496eaefe1e2952591b72fb929463eac7a403a5419cebbfb73734918eaed59fd
-
-# ECDH Bob with Alice peer
-
-Derive=BOB_secp384r1
-PeerKey=ALICE_secp384r1_PUB
-SharedSecret=2006ed49acbb991b8fbf8a15c3f263542496eaefe1e2952591b72fb929463eac7a403a5419cebbfb73734918eaed59fd
-
-# TEST CURVE secp521r1
-
-PrivateKey=ALICE_secp521r1
------BEGIN PRIVATE KEY-----
-MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAFBIz3FLAuX8VCWzM
-wu1f/tm8pf1QqnsdLqaIWCQAJa2W5ldpJTYfkj1gGxM44AD3qHnkXISvNLwwuxI1
-hr2+pOGhgYkDgYYABACWlOOFYk/p3AS2LxEQWBuMm6uIjo3XArjh1QrsLcUc5hhi
-82CIz6kKwKjCnYRDHq4iv1x63rVEzGGhQOM1g+cRVwHSpfbBpaxK7bMLkVFOOavv
-OdcdyRHaHsvxw2pREmdS/GwtfgT8odQrG06KMIwVeL+H08fGJSbPX0Zock0DOPCp
-aw==
------END PRIVATE KEY-----
-
-PublicKey=ALICE_secp521r1_PUB
------BEGIN PUBLIC KEY-----
-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAlpTjhWJP6dwEti8REFgbjJuriI6N
-1wK44dUK7C3FHOYYYvNgiM+pCsCowp2EQx6uIr9cet61RMxhoUDjNYPnEVcB0qX2
-waWsSu2zC5FRTjmr7znXHckR2h7L8cNqURJnUvxsLX4E/KHUKxtOijCMFXi/h9PH
-xiUmz19GaHJNAzjwqWs=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = ALICE_secp521r1:ALICE_secp521r1_PUB
-
-
-PrivateKey=BOB_secp521r1
------BEGIN PRIVATE KEY-----
-MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA9C/sMWveRlHPr9P5
-cc3U+1L2/zB0VtHewKSQRWZ67SmS4+m7uXTqUVSLRHiQEgQid0cg77gSxXPlmV+z
-y0f3zd+hgYkDgYYABAE18N3SwDGtea3IOqUdh3j0JtnMeP41i/agEBlxK8/iEBXc
-Q61mkIrQIKcabRhoylEugXHiyNnqNQOD4DUa0bTKzAHtJ4UqqbEVno6byRmcUQwb
-mvG89eS8GLEmk5X/O2atHU4yIGTuTRQWn/BTJUCS+OgJz4FZdadscc5Z640EZqSD
-iw==
------END PRIVATE KEY-----
-
-PublicKey=BOB_secp521r1_PUB
------BEGIN PUBLIC KEY-----
-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBNfDd0sAxrXmtyDqlHYd49CbZzHj+
-NYv2oBAZcSvP4hAV3EOtZpCK0CCnGm0YaMpRLoFx4sjZ6jUDg+A1GtG0yswB7SeF
-KqmxFZ6Om8kZnFEMG5rxvPXkvBixJpOV/ztmrR1OMiBk7k0UFp/wUyVAkvjoCc+B
-WXWnbHHOWeuNBGakg4s=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = BOB_secp521r1:BOB_secp521r1_PUB
-
-
-# ECDH Alice with Bob peer
-
-Derive=ALICE_secp521r1
-PeerKey=BOB_secp521r1_PUB
-SharedSecret=018c8f33e544a0fa8854dcd96bdba75b7687d1c42b2ff1bf0a06d49c424fee96d8a7f3af3119dcbfabc1c147477c50f7c72971956f9bb17ddec6d02b2187f06cf4be
-
-# ECDH Bob with Alice peer
-
-Derive=BOB_secp521r1
-PeerKey=ALICE_secp521r1_PUB
-SharedSecret=018c8f33e544a0fa8854dcd96bdba75b7687d1c42b2ff1bf0a06d49c424fee96d8a7f3af3119dcbfabc1c147477c50f7c72971956f9bb17ddec6d02b2187f06cf4be
-
-# TEST CURVE prime192v1
-
-PrivateKey=ALICE_prime192v1
------BEGIN PRIVATE KEY-----
-MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBjxfXvSFNqD2UzFVN1L
-bQrPlzop7dxQq/ehNAMyAATibpGuYzCjkT1tWLYEogpKz74WqhvbQtZPkCYQCin1
-cmZuNW+BZ0jyVEpGlpnZPMg=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_prime192v1_PUB
------BEGIN PUBLIC KEY-----
-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE4m6RrmMwo5E9bVi2BKIKSs++Fqob
-20LWT5AmEAop9XJmbjVvgWdI8lRKRpaZ2TzI
------END PUBLIC KEY-----
-
-PrivPubKeyPair = ALICE_prime192v1:ALICE_prime192v1_PUB
-
-
-PrivateKey=BOB_prime192v1
------BEGIN PRIVATE KEY-----
-MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhewaqXNZlYyqnmuEEE
-Y/oUXe3/jpzhmyGhNAMyAASkpwNJEP/1FuuWKCDDUm26iyqrs+zKwayZnaF77YC6
-qCtgia7yNcSl9tlWHh3gQgw=
------END PRIVATE KEY-----
-
-PublicKey=BOB_prime192v1_PUB
------BEGIN PUBLIC KEY-----
-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEpKcDSRD/9Rbrliggw1Jtuosqq7Ps
-ysGsmZ2he+2AuqgrYImu8jXEpfbZVh4d4EIM
------END PUBLIC KEY-----
-
-PrivPubKeyPair = BOB_prime192v1:BOB_prime192v1_PUB
-
-
-# ECDH Alice with Bob peer
-
-Derive=ALICE_prime192v1
-PeerKey=BOB_prime192v1_PUB
-SharedSecret=be2a779b587f8f5d7c9d8f006e0a6d0e996c9c63c255f861
-
-# ECDH Bob with Alice peer
-
-Derive=BOB_prime192v1
-PeerKey=ALICE_prime192v1_PUB
-SharedSecret=be2a779b587f8f5d7c9d8f006e0a6d0e996c9c63c255f861
-
-# TEST CURVE prime256v1
-
-PrivateKey=ALICE_prime256v1
------BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQglUPDk8gQ8lMj38V7
-0jPBZDfQUx5pNOVSKOMTqlh04POhRANCAARq87w+K0q9b1mzJGh309kjNvYTS02m
-YkHKxAewiZwmt/5w+5uywz/+0130SdAWbXtECjaHUK94YEHzp0G/PCl5
------END PRIVATE KEY-----
-
-PublicKey=ALICE_prime256v1_PUB
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEavO8PitKvW9ZsyRod9PZIzb2E0tN
-pmJBysQHsImcJrf+cPubssM//tNd9EnQFm17RAo2h1CveGBB86dBvzwpeQ==
------END PUBLIC KEY-----
-
-PrivPubKeyPair = ALICE_prime256v1:ALICE_prime256v1_PUB
-
-
-PrivateKey=BOB_prime256v1
------BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgNsLfn/sRZfm9ZcM7
-xURiUHT7+w8Jgk9SbwTVDjpLYYmhRANCAASRmyKNgUbADGxkIOAVh9T7IXv2ZDT6
-I5YMW6wOs27VMOAD0AiNLrv7sW1TdqxkUtF17/GFpLvFOuZcbdX4p3i/
------END PRIVATE KEY-----
-
-PublicKey=BOB_prime256v1_PUB
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkZsijYFGwAxsZCDgFYfU+yF79mQ0
-+iOWDFusDrNu1TDgA9AIjS67+7FtU3asZFLRde/xhaS7xTrmXG3V+Kd4vw==
------END PUBLIC KEY-----
-
-PrivPubKeyPair = BOB_prime256v1:BOB_prime256v1_PUB
-
-
-# ECDH Alice with Bob peer
-
-Derive=ALICE_prime256v1
-PeerKey=BOB_prime256v1_PUB
-SharedSecret=390021fbca00d959c1adaf7e9cedef0e65a582489eab9adbe739ef66bf82adb4
-
-# ECDH Bob with Alice peer
-
-Derive=BOB_prime256v1
-PeerKey=ALICE_prime256v1_PUB
-SharedSecret=390021fbca00d959c1adaf7e9cedef0e65a582489eab9adbe739ef66bf82adb4
-
-# TEST CURVE sect163k1
-
-PrivateKey=ALICE_sect163k1
------BEGIN PRIVATE KEY-----
-MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUBxkeGOXE86PAijpk8trN/
-f3kl4UmhLgMsAAQD1hrDCJ2MSFKZ6Q11cTllX/l5HY0Hg5XZCxMFC84AaczwPtNJ
-YNCxfCk=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_sect163k1_PUB
------BEGIN PUBLIC KEY-----
-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEA9YawwidjEhSmekNdXE5ZV/5eR2NB4OV
-2QsTBQvOAGnM8D7TSWDQsXwp
------END PUBLIC KEY-----
-
-PrivPubKeyPair = ALICE_sect163k1:ALICE_sect163k1_PUB
-
-
-PrivateKey=BOB_sect163k1
------BEGIN PRIVATE KEY-----
-MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUCUJ5kItSfXidHXsgokcS7
-nzPFbOShLgMsAAQGrYNJ1qgdb3A9ISOmTujfS+WYFKwBXXrJEluAkeNh3jXnDq8X
-+XBB0k8=
------END PRIVATE KEY-----
-
-PublicKey=BOB_sect163k1_PUB
------BEGIN PUBLIC KEY-----
-MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBq2DSdaoHW9wPSEjpk7o30vlmBSsAV16
-yRJbgJHjYd415w6vF/lwQdJP
------END PUBLIC KEY-----
-
-PrivPubKeyPair = BOB_sect163k1:BOB_sect163k1_PUB
-
-
-# ECDH Alice with Bob peer
-
-Derive=ALICE_sect163k1
-PeerKey=BOB_sect163k1_PUB
-SharedSecret=07bfdf00759b383aa7741ae4634400f8ddf2047092
-
-# ECDH Bob with Alice peer
-
-Derive=BOB_sect163k1
-PeerKey=ALICE_sect163k1_PUB
-SharedSecret=07bfdf00759b383aa7741ae4634400f8ddf2047092
-
-# TEST CURVE sect163r2
-
-PrivateKey=ALICE_sect163r2
------BEGIN PRIVATE KEY-----
-MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDjH2G7BkPTBM4VtljaQr8
-sXVLNOqhLgMsAAQHHqWxJWR2KrHCPp/PSjZIdK88ET0A323/UOTxhYHwsLpR7rp3
-ahq1lQ8=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_sect163r2_PUB
------BEGIN PUBLIC KEY-----
-MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBx6lsSVkdiqxwj6fz0o2SHSvPBE9AN9t
-/1Dk8YWB8LC6Ue66d2oatZUP
------END PUBLIC KEY-----
-
-PrivPubKeyPair = ALICE_sect163r2:ALICE_sect163r2_PUB
-
-
-PrivateKey=BOB_sect163r2
------BEGIN PRIVATE KEY-----
-MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUBXOM9Tm6sKXUlRLlW0HgC
-NTDxW2ihLgMsAAQGxa8xRcC+TIcDgGtehDVEV1PoBokBwtILj16NPYC0aBZI8/nF
-F4jhgmc=
------END PRIVATE KEY-----
-
-PublicKey=BOB_sect163r2_PUB
------BEGIN PUBLIC KEY-----
-MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBsWvMUXAvkyHA4BrXoQ1RFdT6AaJAcLS
-C49ejT2AtGgWSPP5xReI4YJn
------END PUBLIC KEY-----
-
-PrivPubKeyPair = BOB_sect163r2:BOB_sect163r2_PUB
-
-
-# ECDH Alice with Bob peer
-
-Derive=ALICE_sect163r2
-PeerKey=BOB_sect163r2_PUB
-SharedSecret=040df54e6df412790ef5c0fafbbfcba5136b872951
-
-# ECDH Bob with Alice peer
-
-Derive=BOB_sect163r2
-PeerKey=ALICE_sect163r2_PUB
-SharedSecret=040df54e6df412790ef5c0fafbbfcba5136b872951
-
-# TEST CURVE sect233k1
-
-PrivateKey=ALICE_sect233k1
------BEGIN PRIVATE KEY-----
-MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB1aR7qaKm1vmZWK2bGsJ1rX
-mH6BpTkW4t1L4zSf/KFAAz4ABADcDiv+bTvPVViqYLNz06VO5wodry+sGi6fnJIr
-QQCTfZ9d5whiIsbY5Thlcm7I0A/cIGoShA/6LumOVA==
------END PRIVATE KEY-----
-
-PublicKey=ALICE_sect233k1_PUB
------BEGIN PUBLIC KEY-----
-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEANwOK/5tO89VWKpgs3PTpU7nCh2vL6wa
-Lp+ckitBAJN9n13nCGIixtjlOGVybsjQD9wgahKED/ou6Y5U
------END PUBLIC KEY-----
-
-PrivPubKeyPair = ALICE_sect233k1:ALICE_sect233k1_PUB
-
-
-PrivateKey=BOB_sect233k1
------BEGIN PRIVATE KEY-----
-MH0CAQAwEAYHKoZIzj0CAQYFK4EEABoEZjBkAgEBBB0oa5BrzYxm6mn51Xyphn6X
-OUjKc9oMDHCowAyHTaFAAz4ABAGKiFuFJVQeymHYRVnt2LNF2MSaTMcL9JGSPn2z
-OwBis5MS4kgEFakWQl7KpGiy3vS89wmpblvHLJ/+IQ==
------END PRIVATE KEY-----
-
-PublicKey=BOB_sect233k1_PUB
------BEGIN PUBLIC KEY-----
-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAYqIW4UlVB7KYdhFWe3Ys0XYxJpMxwv0
-kZI+fbM7AGKzkxLiSAQVqRZCXsqkaLLe9Lz3CaluW8csn/4h
------END PUBLIC KEY-----
-
-PrivPubKeyPair = BOB_sect233k1:BOB_sect233k1_PUB
-
-
-# ECDH Alice with Bob peer
-
-Derive=ALICE_sect233k1
-PeerKey=BOB_sect233k1_PUB
-SharedSecret=00a5e5f2e992f4360d530dd365d14f5c6013212e14f4ea258c91c71f1512
-
-# ECDH Bob with Alice peer
-
-Derive=BOB_sect233k1
-PeerKey=ALICE_sect233k1_PUB
-SharedSecret=00a5e5f2e992f4360d530dd365d14f5c6013212e14f4ea258c91c71f1512
-
-# TEST CURVE sect233r1
-
-PrivateKey=ALICE_sect233r1
------BEGIN PRIVATE KEY-----
-MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AEN6fePR2gizyXzU6kIgU
-Gijp5+IQAXoNBfKnVeChQAM+AAQB0kEwu2fwQWo1v1j7XQ8uJT3iMwRC8w+cxgxx
-GQ4B/FyjrhIUpEDWaMqfV23McZ6WdbIUe3MZ7K5pG38=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_sect233r1_PUB
------BEGIN PUBLIC KEY-----
-MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAdJBMLtn8EFqNb9Y+10PLiU94jMEQvMP
-nMYMcRkOAfxco64SFKRA1mjKn1dtzHGelnWyFHtzGeyuaRt/
------END PUBLIC KEY-----
-
-PrivPubKeyPair = ALICE_sect233r1:ALICE_sect233r1_PUB
-
-
-PrivateKey=BOB_sect233r1
------BEGIN PRIVATE KEY-----
-MH4CAQAwEAYHKoZIzj0CAQYFK4EEABsEZzBlAgEBBB4AXHWOeS6fG0XCH3FnHDuS
-IcELUeDG+AYNNeLVZd6hQAM+AAQAYRRYH017uxcaMPF3GOsL4bvodW1yZLEtL3pm
-CkcAfqJI/4niCr8uHKh0gBa2JBjBWMV1u8Mpf60uvok=
------END PRIVATE KEY-----
-
-PublicKey=BOB_sect233r1_PUB
------BEGIN PUBLIC KEY-----
-MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAGEUWB9Ne7sXGjDxdxjrC+G76HVtcmSx
-LS96ZgpHAH6iSP+J4gq/LhyodIAWtiQYwVjFdbvDKX+tLr6J
------END PUBLIC KEY-----
-
-PrivPubKeyPair = BOB_sect233r1:BOB_sect233r1_PUB
-
-
-# ECDH Alice with Bob peer
-
-Derive=ALICE_sect233r1
-PeerKey=BOB_sect233r1_PUB
-SharedSecret=01625f3fcd367ee7cd74c67cca02dccfce6c3b19ef07e358ed943d17a8e2
-
-# ECDH Bob with Alice peer
-
-Derive=BOB_sect233r1
-PeerKey=ALICE_sect233r1_PUB
-SharedSecret=01625f3fcd367ee7cd74c67cca02dccfce6c3b19ef07e358ed943d17a8e2
-
-# TEST CURVE sect283k1
-
-PrivateKey=ALICE_sect283k1
------BEGIN PRIVATE KEY-----
-MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAGhnsmZ2UDKV3QKmq3k+
-33LQ6n5aCYvKXcMgiZlBS/RrVgIRoUwDSgAEBSgpOw5TMTc4O8HHhw5atJl5mrnW
-uC6oWVYRYpD1IMvPNTRsAYo4SYRmPIfgzVv/ESVcHVaD1lPNo+eq0HN1qhvRX+4r
-mGO7
------END PRIVATE KEY-----
-
-PublicKey=ALICE_sect283k1_PUB
------BEGIN PUBLIC KEY-----
-MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBSgpOw5TMTc4O8HHhw5atJl5mrnWuC6o
-WVYRYpD1IMvPNTRsAYo4SYRmPIfgzVv/ESVcHVaD1lPNo+eq0HN1qhvRX+4rmGO7
------END PUBLIC KEY-----
-
-PrivPubKeyPair = ALICE_sect283k1:ALICE_sect283k1_PUB
-
-
-PrivateKey=BOB_sect283k1
------BEGIN PRIVATE KEY-----
-MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAAJXIwfWjYbiM5jEcNw8
-8/1kbEnhVjWGivO7zDPts7AuKSMkoUwDSgAEA5Ause5pdH6ks7PdyPeoPbYAkz6V
-D5v8KTV1b97PiYmZNDeoBY78FQyHRSvdSo+oRew2RacpaCAntRoiWHyN1nAdDSzj
-CN/m
------END PRIVATE KEY-----
-
-PublicKey=BOB_sect283k1_PUB
------BEGIN PUBLIC KEY-----
-MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEA5Ause5pdH6ks7PdyPeoPbYAkz6VD5v8
-KTV1b97PiYmZNDeoBY78FQyHRSvdSo+oRew2RacpaCAntRoiWHyN1nAdDSzjCN/m
------END PUBLIC KEY-----
-
-PrivPubKeyPair = BOB_sect283k1:BOB_sect283k1_PUB
-
-
-# ECDH Alice with Bob peer
-
-Derive=ALICE_sect283k1
-PeerKey=BOB_sect283k1_PUB
-SharedSecret=02f2e682c2f60d7261624f3661a5e85fca920443b72aa4dd5a540082e65e552302d8f825
-
-# ECDH Bob with Alice peer
-
-Derive=BOB_sect283k1
-PeerKey=ALICE_sect283k1_PUB
-SharedSecret=02f2e682c2f60d7261624f3661a5e85fca920443b72aa4dd5a540082e65e552302d8f825
-
-# TEST CURVE sect283r1
-
-PrivateKey=ALICE_sect283r1
------BEGIN PRIVATE KEY-----
-MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAi4Jrhu19kt7H8jw1FO7
-VzCxh6p0pI0ogl3q9ev5NFkufZkZoUwDSgAEAHx6cwnWw+9l3oZHpx+R8nu7SLqU
-S40TU2uL0W6VTNANIvcJB1b++3okH0FJgFAahbaotafYTyfqCoY11VaxnVqU5/aE
-7jsD
------END PRIVATE KEY-----
-
-PublicKey=ALICE_sect283r1_PUB
------BEGIN PUBLIC KEY-----
-MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAHx6cwnWw+9l3oZHpx+R8nu7SLqUS40T
-U2uL0W6VTNANIvcJB1b++3okH0FJgFAahbaotafYTyfqCoY11VaxnVqU5/aE7jsD
------END PUBLIC KEY-----
-
-PrivPubKeyPair = ALICE_sect283r1:ALICE_sect283r1_PUB
-
-
-PrivateKey=BOB_sect283r1
------BEGIN PRIVATE KEY-----
-MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkACD04gJaVfVxK/Dpbxjq
-rzZWc6B76a23MK/IQD1jMlGPQzzxoUwDSgAEA13mIYMvik12DBp8JkdETMB1ewOw
-22C/xhnzLEHmgrG0ewxeANVAoIZy2uv5t0VUJIp4PYdLNaqIguN+9v6U78O4lass
-Iq5I
------END PRIVATE KEY-----
-
-PublicKey=BOB_sect283r1_PUB
------BEGIN PUBLIC KEY-----
-MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEA13mIYMvik12DBp8JkdETMB1ewOw22C/
-xhnzLEHmgrG0ewxeANVAoIZy2uv5t0VUJIp4PYdLNaqIguN+9v6U78O4lassIq5I
------END PUBLIC KEY-----
-
-PrivPubKeyPair = BOB_sect283r1:BOB_sect283r1_PUB
-
-
-# ECDH Alice with Bob peer
-
-Derive=ALICE_sect283r1
-PeerKey=BOB_sect283r1_PUB
-SharedSecret=05778bc1afcf38d7dddb2150cacbfe4d38dc588968fd8b2e859c28ae2629d3435f89f6cc
-
-# ECDH Bob with Alice peer
-
-Derive=BOB_sect283r1
-PeerKey=ALICE_sect283r1_PUB
-SharedSecret=05778bc1afcf38d7dddb2150cacbfe4d38dc588968fd8b2e859c28ae2629d3435f89f6cc
-
-# TEST CURVE sect409k1
-
-PrivateKey=ALICE_sect409k1
------BEGIN PRIVATE KEY-----
-MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMg1vV7wiPe1ovX+ukz
-VfwPZoqvyj/vdif04Opi9PcjV5mPBEZgSFBg8hbutNxZJdVLrxShbANqAAQACe1I
-J5ilSk1pPLvbcjEZIE6abC9LZ9WmHuNJxM9LAW1OuLvJGi72AsGYUOGpX0WGmK6C
-AYaqZb2Qeedq/yUIljDHYi66J+26owYl7lOMpRzZ9U2QDJrZ7TYuxeMUui6re0B+
-JuZdYw==
------END PRIVATE KEY-----
-
-PublicKey=ALICE_sect409k1_PUB
------BEGIN PUBLIC KEY-----
-MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAntSCeYpUpNaTy723IxGSBOmmwvS2fV
-ph7jScTPSwFtTri7yRou9gLBmFDhqV9FhpiuggGGqmW9kHnnav8lCJYwx2Iuuift
-uqMGJe5TjKUc2fVNkAya2e02LsXjFLouq3tAfibmXWM=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = ALICE_sect409k1:ALICE_sect409k1_PUB
-
-
-PrivateKey=BOB_sect409k1
------BEGIN PRIVATE KEY-----
-MIHBAgEAMBAGByqGSM49AgEGBSuBBAAkBIGpMIGmAgEBBDMIYBGZZcZz4qCdhAV9
-vqpfe8vV+vJEhjawR52JUV1rumWEBPAx0o6E+gaxHBr5hzVGkIKhbANqAAQAAQKK
-s60CTUUkltsT+lIBukjz850pkGGLltJ4eaZn4k9AtN/lFTCq6Vgqe2sDrjA3b45q
-AdWjf1vRaP0wawJ13SjApJmyXg5hQks6d0Zqz2OHYhGEGiM159VtTlStK067dVe1
-fGVDeg==
------END PRIVATE KEY-----
-
-PublicKey=BOB_sect409k1_PUB
------BEGIN PUBLIC KEY-----
-MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAECirOtAk1FJJbbE/pSAbpI8/OdKZBh
-i5bSeHmmZ+JPQLTf5RUwqulYKntrA64wN2+OagHVo39b0Wj9MGsCdd0owKSZsl4O
-YUJLOndGas9jh2IRhBojNefVbU5UrStOu3VXtXxlQ3o=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = BOB_sect409k1:BOB_sect409k1_PUB
-
-
-# ECDH Alice with Bob peer
-
-Derive=ALICE_sect409k1
-PeerKey=BOB_sect409k1_PUB
-SharedSecret=01523ec40ad40226a57281a4c423801ae9495dcf736eddd667023b1390977d018ce79313fb99c503f39cbee80f5c1968f3bd02e0
-
-# ECDH Bob with Alice peer
-
-Derive=BOB_sect409k1
-PeerKey=ALICE_sect409k1_PUB
-SharedSecret=01523ec40ad40226a57281a4c423801ae9495dcf736eddd667023b1390977d018ce79313fb99c503f39cbee80f5c1968f3bd02e0
-
-# TEST CURVE sect409r1
-
-PrivateKey=ALICE_sect409r1
------BEGIN PRIVATE KEY-----
-MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAYTMsTpey51D2ULnd
-pN+AAWnJLy9pTerziakhjii8OyWKpUVfpDFNneCCd2oQTDcPX5vdoWwDagAEAYfk
-3ZejxpVYCG7dYHTVhhcqILEyTYoQa4YehGPxKcbmgpqW4Wev1tEDVI3JIowICYGU
-owHXXzgDXoJeR79wgb7ySAlXJXgQ8Ficr7i0CaqyAuIpFw9FWJT3jheFwnbpDTvI
-eIozlf4=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_sect409r1_PUB
------BEGIN PUBLIC KEY-----
-MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAYfk3ZejxpVYCG7dYHTVhhcqILEyTYoQ
-a4YehGPxKcbmgpqW4Wev1tEDVI3JIowICYGUowHXXzgDXoJeR79wgb7ySAlXJXgQ
-8Ficr7i0CaqyAuIpFw9FWJT3jheFwnbpDTvIeIozlf4=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = ALICE_sect409r1:ALICE_sect409r1_PUB
-
-
-PrivateKey=BOB_sect409r1
------BEGIN PRIVATE KEY-----
-MIHCAgEAMBAGByqGSM49AgEGBSuBBAAlBIGqMIGnAgEBBDQAsCs1nRgwW97TdKIH
-PRcsqmK1e8TIZ00e6rqLb3nD4sIe+Gw/fGhSUER9akQ7lAluEUnfoWwDagAEAfM2
-fvBEic+7jV4oC+v8GfsunD9Zp9rzNgMp3dJ+ZU7r6Bp+ZH3dL9Uvv8kUiB89UlDl
-LwBm/W6TlzGuh1FnzXYKVnhnXpzSlRZQsPCceKukbV46Asl8O23b2+DPJgQBGbMf
-WsgK+KA=
------END PRIVATE KEY-----
-
-PublicKey=BOB_sect409r1_PUB
------BEGIN PUBLIC KEY-----
-MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAfM2fvBEic+7jV4oC+v8GfsunD9Zp9rz
-NgMp3dJ+ZU7r6Bp+ZH3dL9Uvv8kUiB89UlDlLwBm/W6TlzGuh1FnzXYKVnhnXpzS
-lRZQsPCceKukbV46Asl8O23b2+DPJgQBGbMfWsgK+KA=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = BOB_sect409r1:BOB_sect409r1_PUB
-
-
-# ECDH Alice with Bob peer
-
-Derive=ALICE_sect409r1
-PeerKey=BOB_sect409r1_PUB
-SharedSecret=019dc849870dc6f79978aca8e1fc6aa6836c8fcb25bbfe3d5ab41ea53eae2c7329952280efb30f9097a31a774191e476dbd842d5
-
-# ECDH Bob with Alice peer
-
-Derive=BOB_sect409r1
-PeerKey=ALICE_sect409r1_PUB
-SharedSecret=019dc849870dc6f79978aca8e1fc6aa6836c8fcb25bbfe3d5ab41ea53eae2c7329952280efb30f9097a31a774191e476dbd842d5
-
-# TEST CURVE sect571k1
-
-PrivateKey=ALICE_sect571k1
------BEGIN PRIVATE KEY-----
-MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIARO8hI8j6TZ556/d
-RcdGYvdblnALD2XZCKu2c3C5yQIeA8Tidi+f8n6cCnb5FtJNTYKqP8tRfHlwAZtW
-/giXi/4yF5K2twS3oYGVA4GSAAQAtiuUbz7v6njhujnDhanD4iV84K0LQd9wP1+k
-v0Bn833nKtFrZComgrip2SwUaEYOE6IcPyCJ48vWOKvIR6fU11tWwsFRPU0Cct0S
-qVbANAJzwL1umwuKNPblJ6ZEwcBdgw7hWFL6sh+0ayAQ3a8zOizhViJPCnaKR/Oo
-AtaUpCWLSTHDF1gK4/kmlwEx+8o=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_sect571k1_PUB
------BEGIN PUBLIC KEY-----
-MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAtiuUbz7v6njhujnDhanD4iV84K0L
-Qd9wP1+kv0Bn833nKtFrZComgrip2SwUaEYOE6IcPyCJ48vWOKvIR6fU11tWwsFR
-PU0Cct0SqVbANAJzwL1umwuKNPblJ6ZEwcBdgw7hWFL6sh+0ayAQ3a8zOizhViJP
-CnaKR/OoAtaUpCWLSTHDF1gK4/kmlwEx+8o=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = ALICE_sect571k1:ALICE_sect571k1_PUB
-
-
-PrivateKey=BOB_sect571k1
------BEGIN PRIVATE KEY-----
-MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJgSB6DCB5QIBAQRIAVZT4tnX9dMWS6Vd
-YCoYRl9o/j/Hz7KGqF4Ujk9n9b4+mXbJ37tobpjnpNqKlJfI04w80JPp+NxpoBR3
-8p1bcc9iL4Smh48YoYGVA4GSAAQARzAx9yVkHL8pbe1myosILIhhLLURYRDHmopO
-IijLQmTATV9pYO7CrFBPBjaKNRjPpw/cVOs89X9Jdzx/bolkGqVAsjLN1tsCrqET
-31F4mpnfsPwcM6zbp6lE4N2gL5cakKMmyPNM4d3m8xl1f6e56LBYfaxOaqcYzbXC
-Q/Aiij13H06qKhuFM4iiB/0D164=
------END PRIVATE KEY-----
-
-PublicKey=BOB_sect571k1_PUB
------BEGIN PUBLIC KEY-----
-MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQARzAx9yVkHL8pbe1myosILIhhLLUR
-YRDHmopOIijLQmTATV9pYO7CrFBPBjaKNRjPpw/cVOs89X9Jdzx/bolkGqVAsjLN
-1tsCrqET31F4mpnfsPwcM6zbp6lE4N2gL5cakKMmyPNM4d3m8xl1f6e56LBYfaxO
-aqcYzbXCQ/Aiij13H06qKhuFM4iiB/0D164=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = BOB_sect571k1:BOB_sect571k1_PUB
-
-
-# ECDH Alice with Bob peer
-
-Derive=ALICE_sect571k1
-PeerKey=BOB_sect571k1_PUB
-SharedSecret=05a423515fcc91b3171c83edd5c4085ff729a8ff0a3fa1578ebf769523ded0f5c1e387cf63109f2fbd95e117345b788b4577fdc6b6e727230bfc73eae0d4e851cb6f6e616eddb13e
-
-# ECDH Bob with Alice peer
-
-Derive=BOB_sect571k1
-PeerKey=ALICE_sect571k1_PUB
-SharedSecret=05a423515fcc91b3171c83edd5c4085ff729a8ff0a3fa1578ebf769523ded0f5c1e387cf63109f2fbd95e117345b788b4577fdc6b6e727230bfc73eae0d4e851cb6f6e616eddb13e
-
-# TEST CURVE sect571r1
-
-PrivateKey=ALICE_sect571r1
------BEGIN PRIVATE KEY-----
-MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIArsi//Zp9veeURYV
-zGYHn4MlNIxNt6U6vtmTPS/NaoiaavxbOimpHgxYPCjpoPYhM33Z2VBh7pl2aoRW
-3GBepLFLoF8oiQaLoYGVA4GSAAQDRG2b7KCUKbGDTWVgW0qqNC3oYcz4f/AwTHmo
-US1mzdRZj/Sf6IU+7mITGnQ6lg1EkTas/X6TK1hNMV7tAjSeowdN75wzd8YF32SF
-HMIcWew5g56oF961qv3IvICZnRAOmWyGHeHdYwHxMBSBPNgua42QGoJz6J6dYAUe
-vE+F3N29p/tRBGNzMFIqoDdW+NA=
------END PRIVATE KEY-----
-
-PublicKey=ALICE_sect571r1_PUB
------BEGIN PUBLIC KEY-----
-MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQDRG2b7KCUKbGDTWVgW0qqNC3oYcz4
-f/AwTHmoUS1mzdRZj/Sf6IU+7mITGnQ6lg1EkTas/X6TK1hNMV7tAjSeowdN75wz
-d8YF32SFHMIcWew5g56oF961qv3IvICZnRAOmWyGHeHdYwHxMBSBPNgua42QGoJz
-6J6dYAUevE+F3N29p/tRBGNzMFIqoDdW+NA=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = ALICE_sect571r1:ALICE_sect571r1_PUB
-
-
-PrivateKey=BOB_sect571r1
------BEGIN PRIVATE KEY-----
-MIIBAAIBADAQBgcqhkjOPQIBBgUrgQQAJwSB6DCB5QIBAQRIAYj65N5XJTQusn+h
-Z9xj/dgZ4qR1GDC1Ij7jYuow+TvGrG2wz/WT76/lLNtlCLfDW2kODDUmDAJeK/e+
-VMO7suJTXGnrGFHioYGVA4GSAAQGxykYFxqz7jZxcBbiPLYfJEhXlf2SYmMKve74
-trOT+qjIm35+uUAcg2krOzH7X/8wH6bVSn/UKG/k27wZrAnWzZ5XKd8QI70H8aHv
-LgrCoMoqOno+h6J4TgvlDq7FIGZ8fvDaM7YJ8dHPX5FC8Vyphu82TcNdnNATBqom
-6WDWc7RTFZ4sijL5ywVhovwJ1gA=
------END PRIVATE KEY-----
-
-PublicKey=BOB_sect571r1_PUB
------BEGIN PUBLIC KEY-----
-MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQGxykYFxqz7jZxcBbiPLYfJEhXlf2S
-YmMKve74trOT+qjIm35+uUAcg2krOzH7X/8wH6bVSn/UKG/k27wZrAnWzZ5XKd8Q
-I70H8aHvLgrCoMoqOno+h6J4TgvlDq7FIGZ8fvDaM7YJ8dHPX5FC8Vyphu82TcNd
-nNATBqom6WDWc7RTFZ4sijL5ywVhovwJ1gA=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = BOB_sect571r1:BOB_sect571r1_PUB
-
-
-# ECDH Alice with Bob peer
-
-Derive=ALICE_sect571r1
-PeerKey=BOB_sect571r1_PUB
-SharedSecret=004b397e564055e2c7d87648183c948655ccb0ebb20bd441f9b11635cf461cb5815ff060eab33091b9f7aed67bec8ba1bb7b22437ece3c92c7cf76124408fb951595dfb4a512b2ae
-
-# ECDH Bob with Alice peer
-
-Derive=BOB_sect571r1
-PeerKey=ALICE_sect571r1_PUB
-SharedSecret=004b397e564055e2c7d87648183c948655ccb0ebb20bd441f9b11635cf461cb5815ff060eab33091b9f7aed67bec8ba1bb7b22437ece3c92c7cf76124408fb951595dfb4a512b2ae
-
-
-Title = ECDH KATs (from RFC 5114, 5903, 7027)
-
-# Keys and shared secrets from RFC 5114
-PrivateKey=PRIME192V1_RFC5114
------BEGIN PRIVATE KEY-----
-MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBgyP6MWnY6cZZP1lHa8
-FCAAq1vg4knENCahNAMyAATNRkiez9bBBeez0yVm4rEi4kmrqt2HBhJoiHtId99R
-3U3D1v0R8KJvj9OEQxeRbpo=
------END PRIVATE KEY-----
-
-PublicKey=PRIME192V1_RFC5114-PUBLIC
------BEGIN PUBLIC KEY-----
-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEzUZIns/WwQXns9MlZuKxIuJJq6rd
-hwYSaIh7SHffUd1Nw9b9EfCib4/ThEMXkW6a
------END PUBLIC KEY-----
-
-PrivPubKeyPair = PRIME192V1_RFC5114:PRIME192V1_RFC5114-PUBLIC
-
-
-PrivateKey=PRIME192V1_RFC5114-Peer
------BEGIN PRIVATE KEY-----
-MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhjH5W7SmdjLJxHbu6a
-tpWrJAoEmTB/z2KhNAMyAARRmhIWgOAEVGa6Id8u7kf1lztQBXfvE9X/YTq01kzu
-OiCHW9sQ+VP2swygcsYKpX8=
------END PRIVATE KEY-----
-
-PublicKey=PRIME192V1_RFC5114-Peer-PUBLIC
------BEGIN PUBLIC KEY-----
-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEUZoSFoDgBFRmuiHfLu5H9Zc7UAV3
-7xPV/2E6tNZM7jogh1vbEPlT9rMMoHLGCqV/
------END PUBLIC KEY-----
-
-PrivPubKeyPair = PRIME192V1_RFC5114-Peer:PRIME192V1_RFC5114-Peer-PUBLIC
-
-
-
-Derive=PRIME192V1_RFC5114
-PeerKey=PRIME192V1_RFC5114-Peer-PUBLIC
-SharedSecret=AD420182633F8526BFE954ACDA376F05E5FF4F837F54FEBE
-
-Derive=PRIME192V1_RFC5114-Peer
-PeerKey=PRIME192V1_RFC5114-PUBLIC
-SharedSecret=AD420182633F8526BFE954ACDA376F05E5FF4F837F54FEBE
-
-PrivateKey=SECP224R1_RFC5114
------BEGIN PRIVATE KEY-----
-MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBy1WOtsKI2nB7u0+PuuKrnp
-y2LjvFx1c+IuJtN/oTwDOgAESd/vMJ+BSIwwTP9as+5aIVQ2fceDMVDgpR8+608r
-XuRXYsT2VMGgxn9Uz4iwFrUbzj18Io1XrbQ=
------END PRIVATE KEY-----
-
-PublicKey=SECP224R1_RFC5114-PUBLIC
------BEGIN PUBLIC KEY-----
-ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAESd/vMJ+BSIwwTP9as+5aIVQ2fceDMVDg
-pR8+608rXuRXYsT2VMGgxn9Uz4iwFrUbzj18Io1XrbQ=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = SECP224R1_RFC5114:SECP224R1_RFC5114-PUBLIC
-
-
-PrivateKey=SECP224R1_RFC5114-Peer
------BEGIN PRIVATE KEY-----
-MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBysOxrdPZdw5vanCO6fO44K
-s7SA6fJ/hciLXm0YoTwDOgAEazrJao0M3mpVmb6AMu3xDBYtCorSGVBtzUKiB9SR
-vpnCE6fRyjcG3r/jBfNhr8uzPiYJyLFhitU=
------END PRIVATE KEY-----
-
-PublicKey=SECP224R1_RFC5114-Peer-PUBLIC
------BEGIN PUBLIC KEY-----
-ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAEazrJao0M3mpVmb6AMu3xDBYtCorSGVBt
-zUKiB9SRvpnCE6fRyjcG3r/jBfNhr8uzPiYJyLFhitU=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = SECP224R1_RFC5114-Peer:SECP224R1_RFC5114-Peer-PUBLIC
-
-
-
-
-Derive=SECP224R1_RFC5114
-PeerKey=SECP224R1_RFC5114-Peer-PUBLIC
-SharedSecret=52272F50F46F4EDC9151569092F46DF2D96ECC3B6DC1714A4EA949FA
-
-
-Derive=SECP224R1_RFC5114-Peer
-PeerKey=SECP224R1_RFC5114-PUBLIC
-SharedSecret=52272F50F46F4EDC9151569092F46DF2D96ECC3B6DC1714A4EA949FA
-
-PrivateKey=PRIME256V1_RFC5114
------BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQggUJkFF8vVvLpao4z
-ehKEmT+vQypavOWehntykdUHo6+hRANCAAQq9QLzvolS8sm1qNQWDQnpcWW+ULxC
-rkpejTtLqDrrFesPr0yphsTThoGg+YctedVnlb1L/25t48D1AV7OXv2F
------END PRIVATE KEY-----
-
-PublicKey=PRIME256V1_RFC5114-PUBLIC
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKvUC876JUvLJtajUFg0J6XFlvlC8
-Qq5KXo07S6g66xXrD69MqYbE04aBoPmHLXnVZ5W9S/9ubePA9QFezl79hQ==
------END PUBLIC KEY-----
-
-PrivPubKeyPair = PRIME256V1_RFC5114:PRIME256V1_RFC5114-PUBLIC
-
-
-PrivateKey=PRIME256V1_RFC5114-Peer
------BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgLOF4jsGX4JbblaIA
-zAqyahnOa8ytViuO7htZN2HPf0GhRANCAASxIN5Ko2SSeVNG6N5sLIZGrgaq6ief
-p3WzqwcV9s5RsJ8bfuziDXte2OxoX6Pwcdg3JwJwkqhBE4XDTd5XCLK2
------END PRIVATE KEY-----
-
-PublicKey=PRIME256V1_RFC5114-Peer-PUBLIC
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsSDeSqNkknlTRujebCyGRq4Gquon
-n6d1s6sHFfbOUbCfG37s4g17XtjsaF+j8HHYNycCcJKoQROFw03eVwiytg==
------END PUBLIC KEY-----
-
-PrivPubKeyPair = PRIME256V1_RFC5114-Peer:PRIME256V1_RFC5114-Peer-PUBLIC
-
-
-
-
-Derive=PRIME256V1_RFC5114
-PeerKey=PRIME256V1_RFC5114-Peer-PUBLIC
-SharedSecret=DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788
-
-
-Derive=PRIME256V1_RFC5114-Peer
-PeerKey=PRIME256V1_RFC5114-PUBLIC
-SharedSecret=DD0F5396219D1EA393310412D19A08F1F5811E9DC8EC8EEA7F80D21C820C2788
-
-PrivateKey=SECP384R1_RFC5114
------BEGIN PRIVATE KEY-----
-MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDSczXqcWZK8kTdFOn9
-EmBxXf2KeWVXHEjXCe56eWKhVtcGqQy8td8phvBf6tuTdvGhZANiAAR5MUjxeHY0
-1dpMbZB0QX0F4FerYvggVNEO5rBAPWJ5VH5qjqnR/XdCfQFv4nqLjGbGxBKUMx0j
-5vSA9PtM1AUEyUc5LpT0w/BrjzmLsp5CNo96aFkj3jtnus7SFKGh0Sg=
------END PRIVATE KEY-----
-
-PublicKey=SECP384R1_RFC5114-PUBLIC
------BEGIN PUBLIC KEY-----
-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEeTFI8Xh2NNXaTG2QdEF9BeBXq2L4IFTR
-DuawQD1ieVR+ao6p0f13Qn0Bb+J6i4xmxsQSlDMdI+b0gPT7TNQFBMlHOS6U9MPw
-a485i7KeQjaPemhZI947Z7rO0hShodEo
------END PUBLIC KEY-----
-
-PrivPubKeyPair = SECP384R1_RFC5114:SECP384R1_RFC5114-PUBLIC
-
-
-PrivateKey=SECP384R1_RFC5114-Peer
------BEGIN PRIVATE KEY-----
-MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBS0Xkf20tw+JwPANRW
-wvcCO2ElJiw2p98fgCMRIczj05vlLgDBlKQTLEpsdovNlNKhZANiAARc1Cq5xBtT
-R/dLjU77cIs9WzbbZZFTWbRKvBdke2uZmXidcqhIZa4vIj8StaGrwSDhcUWP6qk5
-qqOov6xGtAS9j21bNIwPpNgM7KFjVsqTMkC96HI0Fajs4DWw7fNnVd4=
------END PRIVATE KEY-----
-
-PublicKey=SECP384R1_RFC5114-Peer-PUBLIC
------BEGIN PUBLIC KEY-----
-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEXNQqucQbU0f3S41O+3CLPVs222WRU1m0
-SrwXZHtrmZl4nXKoSGWuLyI/ErWhq8Eg4XFFj+qpOaqjqL+sRrQEvY9tWzSMD6TY
-DOyhY1bKkzJAvehyNBWo7OA1sO3zZ1Xe
------END PUBLIC KEY-----
-
-PrivPubKeyPair = SECP384R1_RFC5114-Peer:SECP384R1_RFC5114-Peer-PUBLIC
-
-
-
-
-Derive=SECP384R1_RFC5114
-PeerKey=SECP384R1_RFC5114-Peer-PUBLIC
-SharedSecret=5EA1FC4AF7256D2055981B110575E0A8CAE53160137D904C59D926EB1B8456E427AA8A4540884C37DE159A58028ABC0E
-
-
-Derive=SECP384R1_RFC5114-Peer
-PeerKey=SECP384R1_RFC5114-PUBLIC
-SharedSecret=5EA1FC4AF7256D2055981B110575E0A8CAE53160137D904C59D926EB1B8456E427AA8A4540884C37DE159A58028ABC0E
-
-PrivateKey=SECP521R1_RFC5114
------BEGIN PRIVATE KEY-----
-MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBE/gtqCVzXj2XJ2aD
-srdCd7rSczXqcWZK8kMMxPM0WblmnueLP/ubhoMBXTRNy/72+5r0xsRwviVFFs08
-Gh+0c2KhgYkDgYYABAHrs03XVyGr+K3J2+0XiJy7l2XZCnxg8s7wB7sPKybhSIH9
-RELmidYcst0EbuMOP/0g+aRbvfZBPVg6Lb9Zkk/TXAD2tjLRlMA4jiLYQ35VjFUq
-4ZWt/RU/ktdJCDUbL4xO2pTtsJFtG1PAILXuyu0aX8OKIz5IMFh7su40ibO0KlqG
-pA==
------END PRIVATE KEY-----
-
-PublicKey=SECP521R1_RFC5114-PUBLIC
------BEGIN PUBLIC KEY-----
-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB67NN11chq/itydvtF4icu5dl2Qp8
-YPLO8Ae7Dysm4UiB/URC5onWHLLdBG7jDj/9IPmkW732QT1YOi2/WZJP01wA9rYy
-0ZTAOI4i2EN+VYxVKuGVrf0VP5LXSQg1Gy+MTtqU7bCRbRtTwCC17srtGl/DiiM+
-SDBYe7LuNImztCpahqQ=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = SECP521R1_RFC5114:SECP521R1_RFC5114-PUBLIC
-
-
-PrivateKey=SECP521R1_RFC5114-Peer
------BEGIN PRIVATE KEY-----
-MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAzuNIDYZFoX0knyd2
-0ouuYWlS0Xkf20tw98M3hzKqGyKShEi80dwkltQ1sBBIBm6+T3KQPDYbGp3BGT3C
-ydCJG5ahgYkDgYYABAEOv6/G6F4I0kv//MGkUR2w5jS+6xtt7IxZOa5EdmIBr2IA
-QwupfIrGoOnwizPOfp/utbpO5eDYFRDCQpW4oI0CNQCkpuwwDfniV7A3K156v+8J
-NDZxmneIfrsLGM+Ambn0IStuMKFBnBjgKdNoY8ydRI9Nuk0qDmBxG+VykV+9T+8m
-lQ==
------END PRIVATE KEY-----
-
-PublicKey=SECP521R1_RFC5114-Peer-PUBLIC
------BEGIN PUBLIC KEY-----
-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBDr+vxuheCNJL//zBpFEdsOY0vusb
-beyMWTmuRHZiAa9iAEMLqXyKxqDp8Iszzn6f7rW6TuXg2BUQwkKVuKCNAjUApKbs
-MA354lewNyteer/vCTQ2cZp3iH67CxjPgJm59CErbjChQZwY4CnTaGPMnUSPTbpN
-Kg5gcRvlcpFfvU/vJpU=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = SECP521R1_RFC5114-Peer:SECP521R1_RFC5114-Peer-PUBLIC
-
-
-
-
-Derive=SECP521R1_RFC5114
-PeerKey=SECP521R1_RFC5114-Peer-PUBLIC
-SharedSecret=00CDEA89621CFA46B132F9E4CFE2261CDE2D4368EB5656634C7CC98C7A00CDE54ED1866A0DD3E6126C9D2F845DAFF82CEB1DA08F5D87521BB0EBECA77911169C20CC
-
-
-Derive=SECP521R1_RFC5114-Peer
-PeerKey=SECP521R1_RFC5114-PUBLIC
-SharedSecret=00CDEA89621CFA46B132F9E4CFE2261CDE2D4368EB5656634C7CC98C7A00CDE54ED1866A0DD3E6126C9D2F845DAFF82CEB1DA08F5D87521BB0EBECA77911169C20CC
-
-# Keys and shared secrets from RFC 5903
-PrivateKey=PRIME256V1_RFC5903
------BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgyI8B9RDZrD9wopLa
-ojFt5UTpqriv6EBJxiqcV4YtFDOhRANCAATa0LZTlCIc+bBR4f7KV4fQmN/mN/yQ
-ue+UXQw3clgRgFJxoEYc24JS1h8cRW+j5Zqx9FszrM9fWDieBXe4mQuz
------END PRIVATE KEY-----
-
-PublicKey=PRIME256V1_RFC5903-PUBLIC
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2tC2U5QiHPmwUeH+yleH0Jjf5jf8
-kLnvlF0MN3JYEYBScaBGHNuCUtYfHEVvo+WasfRbM6zPX1g4ngV3uJkLsw==
------END PUBLIC KEY-----
-
-PrivPubKeyPair = PRIME256V1_RFC5903:PRIME256V1_RFC5903-PUBLIC
-
-
-PrivateKey=PRIME256V1_RFC5903-Peer
------BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgxu+cXXiuASoBEWSs
-s5fOIIhoXY8Gv5vgsoOrRkdr7lOhRANCAATRLftSicjU+BIItwJwOYw0IpaXCgvM
-t0xzb8dVRJS/Y1b788o2bMI+gVeFTBPFjWqsI/BGraMPg1PnTzMDmHKr
------END PRIVATE KEY-----
-
-PublicKey=PRIME256V1_RFC5903-Peer-PUBLIC
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0S37UonI1PgSCLcCcDmMNCKWlwoL
-zLdMc2/HVUSUv2NW+/PKNmzCPoFXhUwTxY1qrCPwRq2jD4NT508zA5hyqw==
------END PUBLIC KEY-----
-
-PrivPubKeyPair = PRIME256V1_RFC5903-Peer:PRIME256V1_RFC5903-Peer-PUBLIC
-
-
-
-
-Derive=PRIME256V1_RFC5903
-PeerKey=PRIME256V1_RFC5903-Peer-PUBLIC
-SharedSecret=D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE
-
-
-Derive=PRIME256V1_RFC5903-Peer
-PeerKey=PRIME256V1_RFC5903-PUBLIC
-SharedSecret=D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE
-
-PrivateKey=SECP384R1_RFC5903
------BEGIN PRIVATE KEY-----
-MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAJnzxwNNSixpmITXOj
-daZ/diTvfGs8DxYGR7Z0FNzmVeNbU4BB5knuP674lng6sZShZANiAARmeELX0YCs
-LN5vdPN1UfVXVcdkXCDvc+MWNP5ytMVe5t46yAistL20yIcyrulfQaqUgu0fwO65
-yvxJhGJcz8I/ZQMhSeDhRK2gJBgVNaDzjuufz/PCyUfa5ptMY0VzqBw=
------END PRIVATE KEY-----
-
-PublicKey=SECP384R1_RFC5903-PUBLIC
------BEGIN PUBLIC KEY-----
-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEZnhC19GArCzeb3TzdVH1V1XHZFwg73Pj
-FjT+crTFXubeOsgIrLS9tMiHMq7pX0GqlILtH8Duucr8SYRiXM/CP2UDIUng4USt
-oCQYFTWg847rn8/zwslH2uabTGNFc6gc
------END PUBLIC KEY-----
-
-PrivPubKeyPair = SECP384R1_RFC5903:SECP384R1_RFC5903-PUBLIC
-
-
-PrivateKey=SECP384R1_RFC5903-Peer
------BEGIN PRIVATE KEY-----
-MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBBywd5tL24XUeEZyX7
-7DyUMPq0bMjcUGCFXMm9oKopQuAwgxKRa47Slg5L1Vp0SPyhZANiAATlWNvvU+7N
-49P8z8GuoIqJqYdHXRL9lQ2Dz6QXMrxQnQ0axDoDNt75b9pB0HdKNXHc++x6rPMZ
-ZHIWnoOEMDZ/Zu6+PG5wxBbdXwxodZ3R//g/pAFCIJ3/XqrZbbnmOGw=
------END PRIVATE KEY-----
-
-PublicKey=SECP384R1_RFC5903-Peer-PUBLIC
------BEGIN PUBLIC KEY-----
-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE5Vjb71PuzePT/M/BrqCKiamHR10S/ZUN
-g8+kFzK8UJ0NGsQ6Azbe+W/aQdB3SjVx3PvseqzzGWRyFp6DhDA2f2buvjxucMQW
-3V8MaHWd0f/4P6QBQiCd/16q2W255jhs
------END PUBLIC KEY-----
-
-PrivPubKeyPair = SECP384R1_RFC5903-Peer:SECP384R1_RFC5903-Peer-PUBLIC
-
-
-
-Derive=SECP384R1_RFC5903
-PeerKey=SECP384R1_RFC5903-Peer-PUBLIC
-SharedSecret=11187331C279962D93D604243FD592CB9D0A926F422E47187521287E7156C5C4D603135569B9E9D09CF5D4A270F59746
-
-
-Derive=SECP384R1_RFC5903-Peer
-PeerKey=SECP384R1_RFC5903-PUBLIC
-SharedSecret=11187331C279962D93D604243FD592CB9D0A926F422E47187521287E7156C5C4D603135569B9E9D09CF5D4A270F59746
-
-PrivateKey=SECP521R1_RFC5903
------BEGIN PRIVATE KEY-----
-MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAN63pMZqJ9Nq9s+9B
-GqzMpRI8YayrV7U5Pc5HYIFyoJWqhaMP4cKVLGdx2Te6l3f1lXsmObqwckYvaMJ6
-VzgtSlKhgYkDgYYABAAVQX6E2/KMCtPCeHEzSdx98VPIl6GJG9mLq0NXyey+4eO/
-QuALjjgK6uV8LRB1ZJQYhZQq9af0YBcjxBldF2ztPgF8riC2ZB0u62lXhtjJRhRi
-OdCZ4Y4dWlFMc518tKEK2KeIAVrEBdd5ncdee31bbPImGmp/FQdDi/Ab62yjkm+V
-gg==
------END PRIVATE KEY-----
-
-PublicKey=SECP521R1_RFC5903-PUBLIC
------BEGIN PUBLIC KEY-----
-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAFUF+hNvyjArTwnhxM0ncffFTyJeh
-iRvZi6tDV8nsvuHjv0LgC444CurlfC0QdWSUGIWUKvWn9GAXI8QZXRds7T4BfK4g
-tmQdLutpV4bYyUYUYjnQmeGOHVpRTHOdfLShCtiniAFaxAXXeZ3HXnt9W2zyJhpq
-fxUHQ4vwG+tso5JvlYI=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = SECP521R1_RFC5903:SECP521R1_RFC5903-PUBLIC
-
-
-PrivateKey=SECP521R1_RFC5903-Peer
------BEGIN PRIVATE KEY-----
-MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBRbqZqEevQ3k/3Q6H
-LnzfoWvjD9x4D5e8zD8Hg4AgHpxnfWALNDdXo72/KjFj5ML4acynRYqkpO/8MR9c
-sVFoXrmhgYkDgYYABADQs5daxLeZ9b6hbV4T6a+XHV6bmEyfOXKLXlc5c1ohm5fD
-VkNq3G6VuwNS9r5kpsKRLU7y0EM87SthcWQAEtlGDwFcaCJjg5VuO9Bm55e2I8J8
-4OrC9VGhDCxyTZhSB3uHIgtlNsXECKHSrruOhtZ4rknLVwkfRzIpZXmrRPzRfw/F
-ag==
------END PRIVATE KEY-----
-
-PublicKey=SECP521R1_RFC5903-Peer-PUBLIC
------BEGIN PUBLIC KEY-----
-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA0LOXWsS3mfW+oW1eE+mvlx1em5hM
-nzlyi15XOXNaIZuXw1ZDatxulbsDUva+ZKbCkS1O8tBDPO0rYXFkABLZRg8BXGgi
-Y4OVbjvQZueXtiPCfODqwvVRoQwsck2YUgd7hyILZTbFxAih0q67jobWeK5Jy1cJ
-H0cyKWV5q0T80X8PxWo=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = SECP521R1_RFC5903-Peer:SECP521R1_RFC5903-Peer-PUBLIC
-
-
-Derive=SECP521R1_RFC5903
-PeerKey=SECP521R1_RFC5903-Peer-PUBLIC
-SharedSecret=01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3DDEA
-
-
-Derive=SECP521R1_RFC5903-Peer
-PeerKey=SECP521R1_RFC5903-PUBLIC
-SharedSecret=01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3DDEA
diff --git a/test/recipes/65-test_cmp_client.t b/test/recipes/65-test_cmp_client.t
index de60599cf0..a25be81996 100644
--- a/test/recipes/65-test_cmp_client.t
+++ b/test/recipes/65-test_cmp_client.t
@@ -44,5 +44,5 @@ unless ($no_fips) {
'-module', bldtop_file('providers', platform->dso('fips'))])),
"fipsinstall");
- ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")])));
+ ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips-and-base.cnf")])));
}
diff --git a/test/recipes/65-test_cmp_msg.t b/test/recipes/65-test_cmp_msg.t
index 0347c1a2a9..b74b2dc2ed 100644
--- a/test/recipes/65-test_cmp_msg.t
+++ b/test/recipes/65-test_cmp_msg.t
@@ -42,5 +42,6 @@ unless ($no_fips) {
'-module', bldtop_file('providers', platform->dso('fips'))])),
"fipsinstall");
- ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")])));
+ ok(run(test([@basic_cmd,
+ "fips", srctop_file("test", "fips-and-base.cnf")])));
}
diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t
index 19185e112b..eb8e75d485 100644
--- a/test/recipes/65-test_cmp_protect.t
+++ b/test/recipes/65-test_cmp_protect.t
@@ -52,5 +52,6 @@ unless ($no_fips) {
'-module', bldtop_file('providers', platform->dso('fips'))])),
"fipsinstall");
- ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")])));
+ ok(run(test([@basic_cmd,
+ "fips", srctop_file("test", "fips-and-base.cnf")])));
}
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index cdd5ec15a8..1edddb2a82 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -59,7 +59,7 @@ unless ($no_fips) {
'-out', bldtop_file('providers', 'fipsmodule.cnf'),
'-module', $infile])),
"fipsinstall");
- @config = ( "-config", srctop_file("test", "fips.cnf") );
+ @config = ( "-config", srctop_file("test", "fips-and-base.cnf") );
$provname = 'fips';
}
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index 6051adbfb2..e2b9349d04 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -171,7 +171,7 @@ sub test_conf {
if ($provider eq "fips") {
ok(run(test(["ssl_test", $output_file, $provider,
- srctop_file("test", "fips.cnf")])),
+ srctop_file("test", "fips-and-base.cnf")])),
"running ssl_test $conf");
} else {
ok(run(test(["ssl_test", $output_file, $provider])),
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 210346cb70..a4d84c9b5c 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -106,7 +106,8 @@ subtest 'test_ss' => sub {
note('test_ssl -- key U');
testssl("keyU.ss", $Ucert, $CAcert, "default", srctop_file("test","default.cnf"));
unless ($no_fips) {
- testssl("keyU.ss", $Ucert, $CAcert, "fips", srctop_file("test","fips.cnf"));
+ testssl("keyU.ss", $Ucert, $CAcert, "fips",
+ srctop_file("test","fips-and-base.cnf"));
}
# -----------
diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t
index 9af8435f6e..8cef077a66 100644
--- a/test/recipes/90-test_sslapi.t
+++ b/test/recipes/90-test_sslapi.t
@@ -45,7 +45,7 @@ unless ($no_fips) {
ok(run(test(["sslapitest", srctop_dir("test", "certs"),
srctop_file("test", "recipes", "90-test_sslapi_data",
"passwd.txt"), $tmpfilename, "fips",
- srctop_file("test", "fips.cnf")])),
+ srctop_file("test", "fips-and-base.cnf")])),
"running sslapitest");
}
diff --git a/test/recipes/90-test_store.t b/test/recipes/90-test_store.t
index 57c2e6e9c2..05e4b341f5 100644
--- a/test/recipes/90-test_store.t
+++ b/test/recipes/90-test_store.t
@@ -86,13 +86,27 @@ my @noexist_file_files =
( "file:blahdiblah.pem",
"file:test/blahdibleh.der" );
-my $n = (3 * scalar @noexist_files)
- + (6 * scalar @src_files)
- + (4 * scalar @generated_files)
- + (scalar keys %generated_file_files)
- + (scalar @noexist_file_files)
- + 3
- + 11;
+# There is more than one method to get a 'file:' loader.
+# The default is a built-in provider implementation.
+# However, there is also an engine, specially for testing purposes.
+#
+# @methods is a collection of extra 'openssl storeutl' arguments used to
+# try the different methods.
+my @methods;
+push @methods, [qw(-provider default -provider legacy)];
+push @methods, [qw(-engine loader_attic)]
+ unless disabled('dynamic-engine') || disabled('deprecated-3.0');
+
+my $n = scalar @methods
+ * ( (3 * scalar @noexist_files)
+ + (6 * scalar @src_files)
+ + (4 * scalar @generated_files)
+ + (scalar keys %generated_file_files)
+ + (scalar @noexist_file_files)
+ + 3
+ + 11 );
+
+plan skip_all => "No plan" if $n == 0;
plan tests => $n;
@@ -103,132 +117,134 @@ indir "store_$$" => sub {
my $rehash = init_rehash();
- foreach (@noexist_files) {
- my $file = srctop_file($_);
+ foreach my $method (@methods) {
+ my @storeutl = ( qw(openssl storeutl), @$method );
- ok(!run(app(["openssl", "storeutl", "-noout", $file])));
- ok(!run(app(["openssl", "storeutl", "-noout",
- to_abs_file($file)])));
- {
- local $ENV{MSYS2_ARG_CONV_EXCL} = "file:";
+ foreach (@noexist_files) {
+ my $file = srctop_file($_);
- ok(!run(app(["openssl", "storeutl", "-noout",
- to_abs_file_uri($file)])));
- }
- }
- foreach (@src_files) {
- my $file = srctop_file($_);
+ ok(!run(app([@storeutl, "-noout", $file])));
+ ok(!run(app([@storeutl, "-noout", to_abs_file($file)])));
+ {
+ local $ENV{MSYS2_ARG_CONV_EXCL} = "file:";
- ok(run(app(["openssl", "storeutl", "-noout", $file])));
- ok(run(app(["openssl", "storeutl", "-noout", to_abs_file($file)])));
- SKIP:
- {
- skip "file: tests disabled on MingW", 4 if $mingw;
-
- ok(run(app(["openssl", "storeutl", "-noout",
- to_abs_file_uri($file)])));
- ok(run(app(["openssl", "storeutl", "-noout",
- to_abs_file_uri($file, 0, "")])));
- ok(run(app(["openssl", "storeutl", "-noout",
- to_abs_file_uri($file, 0, "localhost")])));
- ok(!run(app(["openssl", "storeutl", "-noout",
- to_abs_file_uri($file, 0, "dummy")])));
+ ok(!run(app([@storeutl, "-noout",
+ to_abs_file_uri($file)])));
+ }
}
- }
- foreach (@generated_files) {
- ok(run(app(["openssl", "storeutl", "-noout", "-passin",
- "pass:password", $_])));
- ok(run(app(["openssl", "storeutl", "-noout", "-passin",
- "pass:password", to_abs_file($_)])));
-
- SKIP:
- {
- skip "file: tests disabled on MingW", 2 if $mingw;
-
- ok(run(app(["openssl", "storeutl", "-noout", "-passin",
- "pass:password", to_abs_file_uri($_)])));
- ok(!run(app(["openssl", "storeutl", "-noout", "-passin",
- "pass:password", to_file_uri($_)])));
+ foreach (@src_files) {
+ my $file = srctop_file($_);
+
+ ok(run(app([@storeutl, "-noout", $file])));
+ ok(run(app([@storeutl, "-noout", to_abs_file($file)])));
+ SKIP:
+ {
+ skip "file: tests disabled on MingW", 4 if $mingw;
+
+ ok(run(app([@storeutl, "-noout",
+ to_abs_file_uri($file)])));
+ ok(run(app([@storeutl, "-noout",
+ to_abs_file_uri($file, 0, "")])));
+ ok(run(app([@storeutl, "-noout",
+ to_abs_file_uri($file, 0, "localhost")])));
+ ok(!run(app([@storeutl, "-noout",
+ to_abs_file_uri($file, 0, "dummy")])));
+ }
}
- }
- foreach (values %generated_file_files) {
- SKIP:
- {
- skip "file: tests disabled on MingW", 1 if $mingw;
-
- ok(run(app(["openssl", "storeutl", "-noout", $_])));
+ foreach (@generated_files) {
+ ok(run(app([@storeutl, "-noout", "-passin",
+ "pass:password", $_])));
+ ok(run(app([@storeutl, "-noout", "-passin",
+ "pass:password", to_abs_file($_)])));
+
+ SKIP:
+ {
+ skip "file: tests disabled on MingW", 2 if $mingw;
+
+ ok(run(app([@storeutl, "-noout", "-passin",
+ "pass:password", to_abs_file_uri($_)])));
+ ok(!run(app([@storeutl, "-noout", "-passin",
+ "pass:password", to_file_uri($_)])));
+ }
}
- }
- foreach (@noexist_file_files) {
- SKIP:
- {
- skip "file: tests disabled on MingW", 1 if $mingw;
+ foreach (values %generated_file_files) {
+ SKIP:
+ {
+ skip "file: tests disabled on MingW", 1 if $mingw;
- ok(!run(app(["openssl", "storeutl", "-noout", $_])));
+ ok(run(app([@storeutl, "-noout", $_])));
+ }
}
- }
- {
- my $dir = srctop_dir("test", "certs");
+ foreach (@noexist_file_files) {
+ SKIP:
+ {
+ skip "file: tests disabled on MingW", 1 if $mingw;
- ok(run(app(["openssl", "storeutl", "-noout", $dir])));
- ok(run(app(["openssl", "storeutl", "-noout",
- to_abs_file($dir, 1)])));
- SKIP:
+ ok(!run(app([@storeutl, "-noout", $_])));
+ }
+ }
{
- skip "file: tests disabled on MingW", 1 if $mingw;
+ my $dir = srctop_dir("test", "certs");
+
+ ok(run(app([@storeutl, "-noout", $dir])));
+ ok(run(app([@storeutl, "-noout", to_abs_file($dir, 1)])));
+ SKIP:
+ {
+ skip "file: tests disabled on MingW", 1 if $mingw;
- ok(run(app(["openssl", "storeutl", "-noout",
- to_abs_file_uri($dir, 1)])));
+ ok(run(app([@storeutl, "-noout",
+ to_abs_file_uri($dir, 1)])));
+ }
}
- }
- ok(!run(app(['openssl', 'storeutl', '-noout',
- '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
- srctop_file('test', 'testx509.pem')])),
- "Checking that -subject can't be used with a single file");
-
- ok(run(app(['openssl', 'storeutl', '-certs', '-noout',
- srctop_file('test', 'testx509.pem')])),
- "Checking that -certs returns 1 object on a certificate file");
- ok(run(app(['openssl', 'storeutl', '-certs', '-noout',
- srctop_file('test', 'testcrl.pem')])),
- "Checking that -certs returns 0 objects on a CRL file");
-
- ok(run(app(['openssl', 'storeutl', '-crls', '-noout',
- srctop_file('test', 'testx509.pem')])),
- "Checking that -crls returns 0 objects on a certificate file");
- ok(run(app(['openssl', 'storeutl', '-crls', '-noout',
- srctop_file('test', 'testcrl.pem')])),
- "Checking that -crls returns 1 object on a CRL file");
-
- SKIP: {
- skip "failed rehash initialisation", 6 unless $rehash;
-
- # subject from testx509.pem:
- # '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert'
- # issuer from testcrl.pem:
- # '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority'
- ok(run(app(['openssl', 'storeutl', '-noout',
- '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
- catdir(curdir(), 'rehash')])));
- ok(run(app(['openssl', 'storeutl', '-noout',
- '-subject',
- '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority',
- catdir(curdir(), 'rehash')])));
- ok(run(app(['openssl', 'storeutl', '-noout', '-certs',
- '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
- catdir(curdir(), 'rehash')])));
- ok(run(app(['openssl', 'storeutl', '-noout', '-crls',
- '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
- catdir(curdir(), 'rehash')])));
- ok(run(app(['openssl', 'storeutl', '-noout', '-certs',
- '-subject',
- '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority',
- catdir(curdir(), 'rehash')])));
- ok(run(app(['openssl', 'storeutl', '-noout', '-crls',
- '-subject',
- '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority',
- catdir(curdir(), 'rehash')])));
+ ok(!run(app([@storeutl, '-noout',
+ '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
+ srctop_file('test', 'testx509.pem')])),
+ "Checking that -subject can't be used with a single file");
+
+ ok(run(app([@storeutl, '-certs', '-noout',
+ srctop_file('test', 'testx509.pem')])),
+ "Checking that -certs returns 1 object on a certificate file");
+ ok(run(app([@storeutl, '-certs', '-noout',
+ srctop_file('test', 'testcrl.pem')])),
+ "Checking that -certs returns 0 objects on a CRL file");
+
+ ok(run(app([@storeutl, '-crls', '-noout',
+ srctop_file('test', 'testx509.pem')])),
+ "Checking that -crls returns 0 objects on a certificate file");
+ ok(run(app([@storeutl, '-crls', '-noout',
+ srctop_file('test', 'testcrl.pem')])),
+ "Checking that -crls returns 1 object on a CRL file");
+
+ SKIP: {
+ skip "failed rehash initialisation", 6 unless $rehash;
+
+ # subject from testx509.pem:
+ # '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert'
+ # issuer from testcrl.pem:
+ # '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority'
+ ok(run(app([@storeutl, '-noout',
+ '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
+ catdir(curdir(), 'rehash')])));
+ ok(run(app([@storeutl, '-noout',
+ '-subject',
+ '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority',
+ catdir(curdir(), 'rehash')])));
+ ok(run(app([@storeutl, '-noout', '-certs',
+ '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
+ catdir(curdir(), 'rehash')])));
+ ok(run(app([@storeutl, '-noout', '-crls',
+ '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert',
+ catdir(curdir(), 'rehash')])));
+ ok(run(app([@storeutl, '-noout', '-certs',
+ '-subject',
+ '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority',
+ catdir(curdir(), 'rehash')])));
+ ok(run(app([@storeutl, '-noout', '-crls',
+ '-subject',
+ '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority',
+ catdir(curdir(), 'rehash')])));
+ }
}
}
}, create => 1, cleanup => 1;
@@ -236,39 +252,47 @@ indir "store_$$" => sub {
sub init {
my $cnf = srctop_file('test', 'ca-and-certs.cnf');
my $cakey = srctop_file('test', 'certs', 'ca-key.pem');
+ my @std_args = qw(-provider default -provider legacy);
return (
# rsa-key-pkcs1.pem
- run(app(["openssl", "pkey",
+ run(app(["openssl", "pkey", @std_args,
"-in", data_file("rsa-key-2432.pem"),
"-out", "rsa-key-pkcs1.pem"]))
# rsa-key-pkcs1-aes128.pem
- && run(app(["openssl", "rsa", "-passout", "pass:password", "-aes128",
+ && run(app(["openssl", "rsa", @std_args,
+ "-passout", "pass:password", "-aes128",
"-in", "rsa-key-pkcs1.pem",
"-out", "rsa-key-pkcs1-aes128.pem"]))
# dsa-key-pkcs1.pem
- && (!$use_dsa || run(app(["openssl", "gendsa",
- "-out", "dsa-key-pkcs1.pem",
- data_file("dsaparam.pem")])))
+ && (!$use_dsa
+ || run(app(["openssl", "gendsa", @std_args,
+ "-out", "dsa-key-pkcs1.pem",
+ data_file("dsaparam.pem")])))
# dsa-key-pkcs1-aes128.pem
- && (!$use_dsa || run(app(["openssl", "dsa",
- "-passout", "pass:password", "-aes128",
- "-in", "dsa-key-pkcs1.pem",
- "-out", "dsa-key-pkcs1-aes128.pem"])))
+ && (!$use_dsa
+ || run(app(["openssl", "dsa", @std_args,
+ "-passout", "pass:password", "-aes128",
+ "-in", "dsa-key-pkcs1.pem",
+ "-out", "dsa-key-pkcs1-aes128.pem"])))
# ec-key-pkcs1.pem (one might think that 'genec' would be practical)
- && (!$use_ecc || run(app(["openssl", "ecparam", "-genkey",
- "-name", "prime256v1",
- "-out", "ec-key-pkcs1.pem"])))
+ && (!$use_ecc
+ || run(app(["openssl", "ecparam", @std_args,
+ "-genkey",
+ "-name", "prime256v1",
+ "-out", "ec-key-pkcs1.pem"])))
# ec-key-pkcs1-aes128.pem
- && (!$use_ecc || run(app(["openssl", "ec",
- "-passout", "pass:password", "-aes128",
- "-in", "ec-key-pkcs1.pem",
- "-out", "ec-key-pkcs1-aes128.pem"])))
+ && (!$use_ecc
+ || run(app(["openssl", "ec", @std_args,
+ "-passout", "pass:password", "-aes128",
+ "-in", "ec-key-pkcs1.pem",
+ "-out", "ec-key-pkcs1-aes128.pem"])))
# *-key-pkcs8.pem
&& runall(sub {
my $dstfile = shift;
(my $srcfile = $dstfile)
=~ s/-key-pkcs8\.pem$/-key-pkcs1.pem/i;
- run(app(["openssl", "pkcs8", "-topk8", "-nocrypt",
+ run(app(["openssl", "pkcs8", @std_args,
+ "-topk8", "-nocrypt",
"-in", $srcfile, "-out", $dstfile]));
}, grep(/-key-pkcs8\.pem$/, @generated_files))
# *-key-pkcs8-pbes1-sha1-3des.pem
@@ -277,7 +301,8 @@ sub init {
(my $srcfile = $dstfile)
=~ s/-key-pkcs8-pbes1-sha1-3des\.pem$
/-key-pkcs8.pem/ix;
- run(app(["openssl", "pkcs8", "-topk8",
+ run(app(["openssl", "pkcs8", @std_args,
+ "-topk8",
"-passout", "pass:password",
"-v1", "pbeWithSHA1And3-KeyTripleDES-CBC",
"-in", $srcfile, "-out", $dstfile]));
@@ -288,7 +313,8 @@ sub init {
(my $srcfile = $dstfile)
=~ s/-key-pkcs8-pbes1-md5-des\.pem$
/-key-pkcs8.pem/ix;
- run(app(["openssl", "pkcs8", "-topk8",
+ run(app(["openssl", "pkcs8", @std_args,
+ "-topk8",
"-passout", "pass:password",
"-v1", "pbeWithSHA1And3-KeyTripleDES-CBC",
"-in", $srcfile, "-out", $dstfile]));
@@ -299,7 +325,8 @@ sub init {
(my $srcfile = $dstfile)
=~ s/-key-pkcs8-pbes2-sha1\.pem$
/-key-pkcs8.pem/ix;
- run(app(["openssl", "pkcs8", "-topk8",
+ run(app(["openssl", "pkcs8", @std_args,
+ "-topk8",
"-passout", "pass:password",
"-v2", "aes256", "-v2prf", "hmacWithSHA1",
"-in", $srcfile, "-out", $dstfile]));
@@ -310,13 +337,14 @@ sub init {
(my $srcfile = $dstfile)
=~ s/-key-pkcs8-pbes2-sha256\.pem$
/-key-pkcs8.pem/ix;
- run(app(["openssl", "pkcs8", "-topk8",
+ run(app(["openssl", "pkcs8", @std_args,
+ "-topk8",
"-passout", "pass:password",
"-v2", "aes256", "-v2prf", "hmacWithSHA256",
"-in", $srcfile, "-out", $dstfile]));
}, grep(/-key-pkcs8-pbes2-sha256\.pem$/, @generated_files))
# *-cert.pem (intermediary for the .p12 inits)
- && run(app(["openssl", "req", "-x509",
+ && run(app(["openssl", "req", "-x509", @std_args,
"-config", $cnf, "-noenc",
"-key", $cakey, "-out", "cacert.pem"]))
&& runall(sub {
@@ -324,11 +352,12 @@ sub init {
(my $dstfile = $srckey) =~ s|-key-pkcs8\.|-cert.|;
(my $csr = $dstfile) =~ s|\.pem|.csr|;
- (run(app(["openssl", "req", "-new",
+ (run(app(["openssl", "req", "-new", @std_args,
"-config", $cnf, "-section", "userreq",
"-key", $srckey, "-out", $csr]))
&&
- run(app(["openssl", "x509", "-days", "3650",
+ run(app(["openssl", "x509", @std_args,
+ "-days", "3650",
"-CA", "cacert.pem",
"-CAkey", $cakey,
"-set_serial", time(), "-req",
@@ -380,9 +409,7 @@ sub init {
print STDERR "(destination file was $dstfile)\n";
return 0;
}
- run(app(["openssl", "pkcs12",
- "-provider", "default",
- "-provider", "legacy",
+ run(app(["openssl", "pkcs12", @std_args,
"-inkey", $srckey,
"-in", $srccert, "-passout", "pass:password",
"-chain", "-CAfile", "cacert.pem",
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 96f834500d..d5e7ab423e 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4154,18 +4154,18 @@ ERR_load_strings_const 4242 3_0_0 EXIST::FUNCTION:
ASN1_TIME_to_tm 4243 3_0_0 EXIST::FUNCTION:
ASN1_TIME_set_string_X509 4244 3_0_0 EXIST::FUNCTION:
OCSP_resp_get1_id 4245 3_0_0 EXIST::FUNCTION:OCSP
-OSSL_STORE_register_loader 4246 3_0_0 EXIST::FUNCTION:
-OSSL_STORE_LOADER_set_error 4247 3_0_0 EXIST::FUNCTION:
+OSSL_STORE_register_loader 4246 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
+OSSL_STORE_LOADER_set_error 4247 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OSSL_STORE_INFO_get0_PKEY 4248 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_get_type 4249 3_0_0 EXIST::FUNCTION:
ERR_load_OSSL_STORE_strings 4250 3_0_0 EXIST::FUNCTION:
OSSL_STORE_LOADER_free 4251 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_get1_PKEY 4252 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_free 4253 3_0_0 EXIST::FUNCTION:
-OSSL_STORE_LOADER_set_eof 4255 3_0_0 EXIST::FUNCTION:
-OSSL_STORE_LOADER_new 4256 3_0_0 EXIST::FUNCTION:
+OSSL_STORE_LOADER_set_eof 4255 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
+OSSL_STORE_LOADER_new 4256 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OSSL_STORE_INFO_get0_CERT 4257 3_0_0 EXIST::FUNCTION:
-OSSL_STORE_LOADER_set_close 4258 3_0_0 EXIST::FUNCTION:
+OSSL_STORE_LOADER_set_close 4258 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OSSL_STORE_INFO_new_PARAMS 4259 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_new_PKEY 4260 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_get1_PARAMS 4261 3_0_0 EXIST::FUNCTION:
@@ -4175,26 +4175,26 @@ OSSL_STORE_INFO_get1_CERT 4264 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_get0_PARAMS 4265 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_type_string 4266 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_get1_NAME 4267 3_0_0 EXIST::FUNCTION:
-OSSL_STORE_LOADER_set_load 4268 3_0_0 EXIST::FUNCTION:
-OSSL_STORE_LOADER_get0_scheme 4269 3_0_0 EXIST::FUNCTION:
+OSSL_STORE_LOADER_set_load 4268 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
+OSSL_STORE_LOADER_get0_scheme 4269 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OSSL_STORE_open 4270 3_0_0 EXIST::FUNCTION:
OSSL_STORE_close 4271 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_new_CERT 4272 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_get0_CRL 4273 3_0_0 EXIST::FUNCTION:
OSSL_STORE_load 4274 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_get0_NAME 4275 3_0_0 EXIST::FUNCTION:
-OSSL_STORE_unregister_loader 4276 3_0_0 EXIST::FUNCTION:
+OSSL_STORE_unregister_loader 4276 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OSSL_STORE_INFO_new_CRL 4277 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_new_NAME 4278 3_0_0 EXIST::FUNCTION:
OSSL_STORE_eof 4279 3_0_0 EXIST::FUNCTION:
-OSSL_STORE_LOADER_set_open 4280 3_0_0 EXIST::FUNCTION:
-OSSL_STORE_LOADER_set_ctrl 4281 3_0_0 EXIST::FUNCTION:
-OSSL_STORE_ctrl 4282 3_0_0 EXIST::FUNCTION:
+OSSL_STORE_LOADER_set_open 4280 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
+OSSL_STORE_LOADER_set_ctrl 4281 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
+OSSL_STORE_ctrl 4282 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OSSL_STORE_INFO_get0_NAME_description 4283 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_set0_NAME_description 4284 3_0_0 EXIST::FUNCTION:
OSSL_STORE_INFO_get1_NAME_description 4285 3_0_0 EXIST::FUNCTION:
-OSSL_STORE_do_all_loaders 4286 3_0_0 EXIST::FUNCTION:
-OSSL_STORE_LOADER_get0_engine 4287 3_0_0 EXIST::FUNCTION:
+OSSL_STORE_do_all_loaders 4286 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
+OSSL_STORE_LOADER_get0_engine 4287 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OPENSSL_fork_prepare 4288 3_0_0 EXIST:UNIX:FUNCTION:
OPENSSL_fork_parent 4289 3_0_0 EXIST:UNIX:FUNCTION:
OPENSSL_fork_child 4290 3_0_0 EXIST:UNIX:FUNCTION:
@@ -4333,10 +4333,10 @@ EVP_sha512_256 4428 3_0_0 EXIST::FUNCTION:
EVP_sha512_224 4429 3_0_0 EXIST::FUNCTION:
OCSP_basic_sign_ctx 4430 3_0_0 EXIST::FUNCTION:OCSP
RAND_DRBG_bytes 4431 3_0_0 NOEXIST::FUNCTION:
-OSSL_STORE_vctrl 4433 3_0_0 EXIST::FUNCTION:
+OSSL_STORE_vctrl 4433 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OSSL_STORE_SEARCH_by_alias 4434 3_0_0 EXIST::FUNCTION:
BIO_bind 4435 3_0_0 EXIST::FUNCTION:SOCK
-OSSL_STORE_LOADER_set_expect 4436 3_0_0 EXIST::FUNCTION:
+OSSL_STORE_LOADER_set_expect 4436 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OSSL_STORE_expect 4437 3_0_0 EXIST::FUNCTION:
OSSL_STORE_SEARCH_by_key_fingerprint 4438 3_0_0 EXIST::FUNCTION:
OSSL_STORE_SEARCH_get0_serial 4439 3_0_0 EXIST::FUNCTION:
@@ -4349,7 +4349,7 @@ OSSL_STORE_SEARCH_get0_string 4445 3_0_0 EXIST::FUNCTION:
OSSL_STORE_SEARCH_by_issuer_serial 4446 3_0_0 EXIST::FUNCTION:
OSSL_STORE_SEARCH_get0_name 4447 3_0_0 EXIST::FUNCTION:
X509_get0_authority_key_id 4448 3_0_0 EXIST::FUNCTION:
-OSSL_STORE_LOADER_set_find 4449 3_0_0 EXIST::FUNCTION:
+OSSL_STORE_LOADER_set_find 4449 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OSSL_STORE_SEARCH_free 4450 3_0_0 EXIST::FUNCTION:
OSSL_STORE_SEARCH_get0_digest 4451 3_0_0 EXIST::FUNCTION:
RAND_DRBG_set_reseed_defaults 4452 3_0_0 NOEXIST::FUNCTION:
@@ -5126,7 +5126,7 @@ OSSL_PARAM_construct_time_t ? 3_0_0 EXIST::FUNCTION:
OSSL_PARAM_get_time_t ? 3_0_0 EXIST::FUNCTION:
OSSL_PARAM_set_time_t ? 3_0_0 EXIST::FUNCTION:
OSSL_STORE_attach ? 3_0_0 EXIST::FUNCTION:
-OSSL_STORE_LOADER_set_attach ? 3_0_0 EXIST::FUNCTION:
+OSSL_STORE_LOADER_set_attach ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen ? 3_0_0 EXIST::FUNCTION:RSA
EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md ? 3_0_0 EXIST::FUNCTION:RSA
EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name ? 3_0_0 EXIST::FUNCTION:RSA
@@ -5272,7 +5272,7 @@ PEM_read_bio_PUBKEY_ex ? 3_0_0 EXIST::FUNCTION:
PEM_read_PUBKEY_ex ? 3_0_0 EXIST::FUNCTION:STDIO
PEM_read_bio_Parameters_ex ? 3_0_0 EXIST::FUNCTION:
EC_GROUP_new_from_params ? 3_0_0 EXIST::FUNCTION:EC
-OSSL_STORE_LOADER_set_open_with_libctx ? 3_0_0 EXIST::FUNCTION:
+OSSL_STORE_LOADER_set_open_with_libctx ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
OSSL_STORE_LOADER_fetch ? 3_0_0 EXIST::FUNCTION:
OSSL_STORE_LOADER_up_ref ? 3_0_0 EXIST::FUNCTION:
OSSL_STORE_LOADER_provider ? 3_0_0 EXIST::FUNCTION:
@@ -5286,3 +5286,11 @@ OSSL_PARAM_get_octet_string_ptr ? 3_0_0 EXIST::FUNCTION:
OSSL_DECODER_CTX_set_passphrase_cb ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_set_mac_key ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_new_CMAC_key_with_libctx ? 3_0_0 EXIST::FUNCTION:
+OSSL_STORE_INFO_new ? 3_0_0 EXIST::FUNCTION:
+OSSL_STORE_INFO_get0_data ? 3_0_0 EXIST::FUNCTION:
+ossl_do_blob_header ? 3_0_0 EXIST::FUNCTION:DSA
+ossl_do_PVK_header ? 3_0_0 EXIST::FUNCTION:DSA,RC4
+asn1_d2i_read_bio ? 3_0_0 EXIST::FUNCTION:
+EVP_PKCS82PKEY_with_libctx ? 3_0_0 EXIST::FUNCTION:
+ossl_b2i ? 3_0_0 EXIST::FUNCTION:DSA
+ossl_b2i_bio ? 3_0_0 EXIST::FUNCTION:DSA
diff --git a/util/missingcrypto-internal.txt b/util/missingcrypto-internal.txt
index 4c90857035..54e1bc9ba7 100644
--- a/util/missingcrypto-internal.txt
+++ b/util/missingcrypto-internal.txt
@@ -1,3 +1,8 @@
WPACKET(3)
WPACKET_init_der(3)
WPACKET_init_null_der(3)
+asn1_d2i_read_bio(3)
+ossl_do_PVK_header(3)
+ossl_do_blob_header(3)
+ossl_b2i(3)
+ossl_b2i_bio(3)
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index 54ff9cc1b7..783df1203f 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -673,6 +673,7 @@ EVP_PBE_find(3)
EVP_PBE_get(3)
EVP_PBE_scrypt(3)
EVP_PKCS82PKEY(3)
+EVP_PKCS82PKEY_with_libctx(3)
EVP_PKEY2PKCS8(3)
EVP_PKEY_CTX_get0_peerkey(3)
EVP_PKEY_CTX_get0_pkey(3)
More information about the openssl-commits
mailing list