summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--providers/common/include/prov/provider_util.h4
-rw-r--r--providers/common/provider_util.c59
-rw-r--r--providers/implementations/signature/rsa.c111
-rw-r--r--test/recipes/30-test_evp.t3
-rw-r--r--test/recipes/30-test_evp_data/evppkey_rsa.txt1095
-rw-r--r--test/recipes/30-test_evp_data/evppkey_rsa_common.txt1323
-rw-r--r--test/recipes/80-test_cms.t2
7 files changed, 1466 insertions, 1131 deletions
diff --git a/providers/common/include/prov/provider_util.h b/providers/common/include/prov/provider_util.h
index d964f832ad..7306e6aa8c 100644
--- a/providers/common/include/prov/provider_util.h
+++ b/providers/common/include/prov/provider_util.h
@@ -128,3 +128,7 @@ typedef struct ag_capable_st {
*/
void ossl_prov_cache_exported_algorithms(const OSSL_ALGORITHM_CAPABLE *in,
OSSL_ALGORITHM *out);
+
+int ossl_prov_digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it,
+ size_t it_len);
+int ossl_prov_digest_get_approved_nid(const EVP_MD *md, int sha1_allowed);
diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c
index 1bd514221f..51ade22a37 100644
--- a/providers/common/provider_util.c
+++ b/providers/common/provider_util.c
@@ -14,6 +14,8 @@
#include <openssl/core_names.h>
#include <openssl/err.h>
#include "prov/provider_util.h"
+#include "prov/providercommonerr.h"
+#include "internal/nelem.h"
void ossl_prov_cipher_reset(PROV_CIPHER *pc)
{
@@ -294,3 +296,60 @@ void ossl_prov_cache_exported_algorithms(const OSSL_ALGORITHM_CAPABLE *in,
out[j++] = in[i].alg;
}
}
+
+/*
+ * Internal library code deals with NIDs, so we need to translate from a name.
+ * We do so using EVP_MD_is_a(), and therefore need a name to NID map.
+ */
+int ossl_prov_digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it,
+ size_t it_len)
+{
+ size_t i;
+ int mdnid = NID_undef;
+
+ if (md == NULL)
+ goto end;
+
+ for (i = 0; i < it_len; i++) {
+ if (EVP_MD_is_a(md, it[i].ptr)) {
+ mdnid = (int)it[i].id;
+ break;
+ }
+ }
+ end:
+ return mdnid;
+}
+
+/*
+ * Retrieve one of the FIPs approved hash algorithms by nid.
+ * See FIPS 180-4 "Secure Hash Standard" and
+ * FIPS 202 - SHA-3.
+ *
+ * NOTE: For some operations SHA1 is not allowed. This check is only enabled
+ * for the FIPS_MODULE.
+ */
+int ossl_prov_digest_get_approved_nid(const EVP_MD *md, int sha1_allowed)
+{
+ int mdnid;
+
+ static const OSSL_ITEM name_to_nid[] = {
+ { NID_sha1, OSSL_DIGEST_NAME_SHA1 },
+ { NID_sha224, OSSL_DIGEST_NAME_SHA2_224 },
+ { NID_sha256, OSSL_DIGEST_NAME_SHA2_256 },
+ { NID_sha384, OSSL_DIGEST_NAME_SHA2_384 },
+ { NID_sha512, OSSL_DIGEST_NAME_SHA2_512 },
+ { NID_sha512_224, OSSL_DIGEST_NAME_SHA2_512_224 },
+ { NID_sha512_256, OSSL_DIGEST_NAME_SHA2_512_256 },
+ { NID_sha3_224, OSSL_DIGEST_NAME_SHA3_224 },
+ { NID_sha3_256, OSSL_DIGEST_NAME_SHA3_256 },
+ { NID_sha3_384, OSSL_DIGEST_NAME_SHA3_384 },
+ { NID_sha3_512, OSSL_DIGEST_NAME_SHA3_512 },
+ };
+
+ mdnid = ossl_prov_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
+#ifdef FIPS_MODULE
+ if (mdnid == NID_sha1 && !sha1_allowed)
+ mdnid = NID_undef;
+#endif
+ return mdnid;
+}
diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c
index 678d3e7b66..c7f3f6f6cd 100644
--- a/providers/implementations/signature/rsa.c
+++ b/providers/implementations/signature/rsa.c
@@ -30,6 +30,9 @@
#include "prov/implementations.h"
#include "prov/provider_ctx.h"
#include "prov/der_rsa.h"
+#include "prov/provider_util.h"
+
+#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
static OSSL_FUNC_signature_newctx_fn rsa_newctx;
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
@@ -84,7 +87,7 @@ typedef struct {
*/
unsigned int flag_allow_md : 1;
- /* The Algorithm Identifier of the combined signature agorithm */
+ /* The Algorithm Identifier of the combined signature algorithm */
unsigned char aid_buf[128];
unsigned char *aid;
size_t aid_len;
@@ -117,49 +120,58 @@ static size_t rsa_get_md_size(const PROV_RSA_CTX *prsactx)
return 0;
}
-static int rsa_get_md_nid(const EVP_MD *md)
+static int rsa_get_md_nid_check(const PROV_RSA_CTX *ctx, const EVP_MD *md,
+ int sha1_allowed)
{
- /*
- * Because the RSA library deals with NIDs, we need to translate.
- * We do so using EVP_MD_is_a(), and therefore need a name to NID
- * map.
- */
+ int mdnid = NID_undef;
+
+ #ifndef FIPS_MODULE
static const OSSL_ITEM name_to_nid[] = {
- { NID_sha1, OSSL_DIGEST_NAME_SHA1 },
- { NID_sha224, OSSL_DIGEST_NAME_SHA2_224 },
- { NID_sha256, OSSL_DIGEST_NAME_SHA2_256 },
- { NID_sha384, OSSL_DIGEST_NAME_SHA2_384 },
- { NID_sha512, OSSL_DIGEST_NAME_SHA2_512 },
- { NID_sha512_224, OSSL_DIGEST_NAME_SHA2_512_224 },
- { NID_sha512_256, OSSL_DIGEST_NAME_SHA2_512_256 },
{ NID_md5, OSSL_DIGEST_NAME_MD5 },
{ NID_md5_sha1, OSSL_DIGEST_NAME_MD5_SHA1 },
{ NID_md2, OSSL_DIGEST_NAME_MD2 },
{ NID_md4, OSSL_DIGEST_NAME_MD4 },
{ NID_mdc2, OSSL_DIGEST_NAME_MDC2 },
{ NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
- { NID_sha3_224, OSSL_DIGEST_NAME_SHA3_224 },
- { NID_sha3_256, OSSL_DIGEST_NAME_SHA3_256 },
- { NID_sha3_384, OSSL_DIGEST_NAME_SHA3_384 },
- { NID_sha3_512, OSSL_DIGEST_NAME_SHA3_512 },
};
- size_t i;
- int mdnid = NID_undef;
+ #endif
if (md == NULL)
goto end;
- for (i = 0; i < OSSL_NELEM(name_to_nid); i++) {
- if (EVP_MD_is_a(md, name_to_nid[i].ptr)) {
- mdnid = (int)name_to_nid[i].id;
- break;
- }
- }
+ mdnid = ossl_prov_digest_get_approved_nid(md, sha1_allowed);
- end:
+ #ifndef FIPS_MODULE
+ if (mdnid == NID_undef)
+ mdnid = ossl_prov_digest_md_to_nid(md, name_to_nid,
+ OSSL_NELEM(name_to_nid));
+ #endif
+ end:
return mdnid;
}
+static int rsa_get_md_nid(const PROV_RSA_CTX *ctx, const EVP_MD *md)
+{
+ return rsa_get_md_nid_check(ctx, md, ctx->operation != EVP_PKEY_OP_SIGN);
+}
+
+static int rsa_get_md_mgf1_nid(const PROV_RSA_CTX *ctx, const EVP_MD *md)
+{
+ /* The default for mgf1 is SHA1 - so allow this */
+ return rsa_get_md_nid_check(ctx, md, 1);
+}
+
+static int rsa_check_key_size(const PROV_RSA_CTX *prsactx)
+{
+#ifdef FIPS_MODULE
+ int sz = RSA_bits(prsactx->rsa);
+
+ return (prsactx->operation == EVP_PKEY_OP_SIGN) ? (sz >= 2048) : (sz >= 1024);
+#else
+ return 1;
+#endif
+}
+
static int rsa_check_padding(int mdnid, int padding)
{
if (padding == RSA_NO_PADDING) {
@@ -226,9 +238,9 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
mdprops = ctx->propq;
if (mdname != NULL) {
- EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
- int md_nid = rsa_get_md_nid(md);
WPACKET pkt;
+ EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
+ int md_nid = rsa_get_md_nid(ctx, md);
size_t mdname_len = strlen(mdname);
if (md == NULL
@@ -281,6 +293,7 @@ static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname,
const char *mdprops)
{
size_t len;
+ EVP_MD *md = NULL;
if (mdprops == NULL)
mdprops = ctx->propq;
@@ -288,11 +301,18 @@ static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname,
if (ctx->mgf1_mdname[0] != '\0')
EVP_MD_free(ctx->mgf1_md);
- if ((ctx->mgf1_md = EVP_MD_fetch(ctx->libctx, mdname, mdprops)) == NULL) {
+ if ((md = EVP_MD_fetch(ctx->libctx, mdname, mdprops)) == NULL) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
"%s could not be fetched", mdname);
return 0;
}
+ if (rsa_get_md_mgf1_nid(ctx, md) == NID_undef) {
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
+ "digest=%s", mdname);
+ EVP_MD_free(md);
+ return 0;
+ }
+ ctx->mgf1_md = md;
len = OPENSSL_strlcpy(ctx->mgf1_mdname, mdname, sizeof(ctx->mgf1_mdname));
if (len >= sizeof(ctx->mgf1_mdname)) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
@@ -303,7 +323,7 @@ static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname,
return 1;
}
-static int rsa_signature_init(void *vprsactx, void *vrsa, int operation)
+static int rsa_signverify_init(void *vprsactx, void *vrsa, int operation)
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
@@ -317,6 +337,11 @@ static int rsa_signature_init(void *vprsactx, void *vrsa, int operation)
prsactx->rsa = vrsa;
prsactx->operation = operation;
+ if (!rsa_check_key_size(prsactx)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
+
/* Maximum for sign, auto for verify */
prsactx->saltlen = RSA_PSS_SALTLEN_AUTO;
prsactx->min_saltlen = -1;
@@ -413,7 +438,7 @@ static int rsa_sign_init(void *vprsactx, void *vrsa)
{
if (!ossl_prov_is_running())
return 0;
- return rsa_signature_init(vprsactx, vrsa, EVP_PKEY_OP_SIGN);
+ return rsa_signverify_init(vprsactx, vrsa, EVP_PKEY_OP_SIGN);
}
static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen,
@@ -566,7 +591,7 @@ static int rsa_verify_recover_init(void *vprsactx, void *vrsa)
{
if (!ossl_prov_is_running())
return 0;
- return rsa_signature_init(vprsactx, vrsa, EVP_PKEY_OP_VERIFYRECOVER);
+ return rsa_signverify_init(vprsactx, vrsa, EVP_PKEY_OP_VERIFYRECOVER);
}
static int rsa_verify_recover(void *vprsactx,
@@ -657,7 +682,7 @@ static int rsa_verify_init(void *vprsactx, void *vrsa)
{
if (!ossl_prov_is_running())
return 0;
- return rsa_signature_init(vprsactx, vrsa, EVP_PKEY_OP_VERIFY);
+ return rsa_signverify_init(vprsactx, vrsa, EVP_PKEY_OP_VERIFY);
}
static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen,
@@ -751,7 +776,7 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname,
if (prsactx != NULL)
prsactx->flag_allow_md = 0;
- if (!rsa_signature_init(vprsactx, vrsa, operation)
+ if (!rsa_signverify_init(vprsactx, vrsa, operation)
|| !rsa_setup_md(prsactx, mdname, NULL)) /* TODO RL */
return 0;
@@ -813,9 +838,8 @@ static int rsa_digest_sign_final(void *vprsactx, unsigned char *sig,
*/
if (sig != NULL) {
/*
- * TODO(3.0): There is the possibility that some externally provided
- * digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow -
- * but that problem is much larger than just in RSA.
+ * The digests used here are all known (see rsa_get_md_nid()), so they
+ * should not exceed the internal buffer size of EVP_MAX_MD_SIZE.
*/
if (!EVP_DigestFinal_ex(prsactx->mdctx, digest, &dlen))
return 0;
@@ -850,9 +874,8 @@ int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig,
return 0;
/*
- * TODO(3.0): There is the possibility that some externally provided
- * digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow -
- * but that problem is much larger than just in RSA.
+ * The digests used here are all known (see rsa_get_md_nid()), so they
+ * should not exceed the internal buffer size of EVP_MAX_MD_SIZE.
*/
if (!EVP_DigestFinal_ex(prsactx->mdctx, digest, &dlen))
return 0;
@@ -1021,7 +1044,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_END
};
-static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *provctx)
+static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vctx)
{
return known_gettable_ctx_params;
}
@@ -1112,7 +1135,7 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
goto bad_pad;
}
if (prsactx->md == NULL
- && !rsa_setup_md(prsactx, OSSL_DIGEST_NAME_SHA1, NULL)) {
+ && !rsa_setup_md(prsactx, RSA_DEFAULT_DIGEST_NAME, NULL)) {
return 0;
}
break;
@@ -1271,7 +1294,7 @@ static const OSSL_PARAM known_settable_ctx_params[] = {
OSSL_PARAM_END
};
-static const OSSL_PARAM *rsa_settable_ctx_params(ossl_unused void *provctx)
+static const OSSL_PARAM *rsa_settable_ctx_params(void *provctx)
{
/*
* TODO(3.0): Should this function return a different set of settable ctx
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
index c80fdd9a87..4d9e9fd372 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -55,7 +55,7 @@ my @files = qw(
evppkey_kas.txt
evppkey_kdf_hkdf.txt
evppkey_mismatch.txt
- evppkey_rsa.txt
+ evppkey_rsa_common.txt
evprand.txt
);
@@ -96,6 +96,7 @@ my @defltfiles = qw(
evppkey_brainpool.txt
evppkey_kdf_scrypt.txt
evppkey_kdf_tls1_prf.txt
+ evppkey_rsa.txt
evppkey_sm2.txt
);
diff --git a/test/recipes/30-test_evp_data/evppkey_rsa.txt b/test/recipes/30-test_evp_data/evppkey_rsa.txt
index 34310be740..15065cee77 100644
--- a/test/recipes/30-test_evp_data/evppkey_rsa.txt
+++ b/test/recipes/30-test_evp_data/evppkey_rsa.txt
@@ -14,6 +14,8 @@
# Private keys used for PKEY operations.
+# Any Tests that keys <2048 bits OR sign with SHA1 are in this file.
+
# RSA 2048 bit key.
PrivateKey = RSA-2048
@@ -68,39 +70,6 @@ Ctrl = digest:SHA1
Input = "0123456789ABCDEF1234"
Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
-Verify = RSA-2048
-Ctrl = digest:SHA1
-Input = "0123456789ABCDEF1234"
-Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
-
-# Truncated digest
-Sign = RSA-2048
-Ctrl = digest:SHA512-224
-Input = "0123456789ABCDEF123456789ABC"
-Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17
-
-Verify = RSA-2048
-Ctrl = digest:SHA512-224
-Input = "0123456789ABCDEF123456789ABC"
-Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17
-
-VerifyRecover = RSA-2048
-Ctrl = digest:SHA1
-Input = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
-Output = "0123456789ABCDEF1234"
-
-# Leading zero in the signature
-Verify = RSA-2048
-Ctrl = digest:SHA1
-Input = "0123456789ABCDEF1234"
-Output = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
-Result = VERIFY_ERROR
-
-VerifyRecover = RSA-2048
-Ctrl = digest:SHA1
-Input = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
-Result = KEYOP_ERROR
-
# Digest too long
Sign = RSA-2048
Ctrl = digest:SHA1
@@ -115,91 +84,23 @@ Input = "0123456789ABCDEF12345"
Output = 00
Result = KEYOP_ERROR
-# Mismatched digest
-Verify = RSA-2048
-Ctrl = digest:SHA1
-Input = "0123456789ABCDEF1233"
-Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
-Result = VERIFY_ERROR
-
-# Corrupted signature
-Verify = RSA-2048
-Ctrl = digest:SHA1
-Input = "0123456789ABCDEF1233"
-Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ae
-Result = VERIFY_ERROR
-
-# parameter is not NULLt
-Verify = RSA-2048
-Ctrl = digest:sha1
-Input = "0123456789ABCDEF1234"
-Output = 3ec3fc29eb6e122bd7aa361cd09fe1bcbe85311096a7b9e4799cedfb2351ce0ab7fe4e75b4f6b37f67edd9c60c800f9ab941c0c157d7d880ca9de40c951d60fd293ae220d4bc510b1572d6e85a1bbbd8605b52e05f1c64fafdae59a1c2fbed214b7844d0134619de62851d5a0522e32e556e5950f3f97b8150e3f0dffee612c924201c27cd9bc8b423a71533380c276d3d59fcba35a2e80a1a192ec266a6c2255012cd86a349fe90a542b355fa3355b04da6cdf1df77f0e7bd44a90e880e1760266d233e465226f5db1c68857847d82072861ee266ddfc2e596845b77e1803274a579835ab5e4975d81d20b7df9cec7795489e4a2bdb8c1cf6a6b359945ac92c
-Result = VERIFY_ERROR
-
-# embedded digest too long
-Verify = RSA-2048
-Ctrl = digest:sha1
-Input = "0123456789ABCDEF1234"
-Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
-Result = VERIFY_ERROR
-
-VerifyRecover = RSA-2048
-Ctrl = digest:sha1
-Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
-Result = KEYOP_ERROR
-
-# embedded digest too short
-Verify = RSA-2048
-Ctrl = digest:sha1
-Input = "0123456789ABCDEF1234"
-Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
-Result = VERIFY_ERROR
-
-VerifyRecover = RSA-2048
-Ctrl = digest:sha1
-Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
-Result = KEYOP_ERROR
-
-# Garbage after DigestInfo
-Verify = RSA-2048
-Ctrl = digest:sha1
-Input = "0123456789ABCDEF1234"
-Output = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274
-Result = VERIFY_ERROR
-
-VerifyRecover = RSA-2048
-Ctrl = digest:sha1
-Input = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274
-Result = KEYOP_ERROR
-
-# invalid tag for parameter
-Verify = RSA-2048
-Ctrl = digest:sha1
-Input = "0123456789ABCDEF1234"
-Output = 49525db4d44c755e560cba980b1d85ea604b0e077fcadd4ba44072a3487bbddb835016200a7d8739cce2dc3223d9c20cbdd25059ab02277f1f21318efd18e21038ec89aa9d40680987129e8b41ba33bceb86518bdf47268b921cce2037acabca6575d832499538d6f40cdba0d40bd7f4d8ea6ca6e2eec87f294efc971407857f5d7db09f6a7b31e301f571c6d82a5e3d08d2bb3a36e673d28b910f5bec57f0fcc4d968fd7c94d0b9226dec17f5192ad8b42bcab6f26e1bea1fdc3b958199acb00f14ebcb2a352f3afcedd4c09000128a603bbeb9696dea13040445253972d46237a25c7845e3b464e6984c2348ea1f1210a9ff0b00d2d72b50db00c009bb39f9
-Result = VERIFY_ERROR
-
-Availablein = default
VerifyRecover = RSA-2048
Ctrl = digest:sha1
Input = 49525db4d44c755e560cba980b1d85ea604b0e077fcadd4ba44072a3487bbddb835016200a7d8739cce2dc3223d9c20cbdd25059ab02277f1f21318efd18e21038ec89aa9d40680987129e8b41ba33bceb86518bdf47268b921cce2037acabca6575d832499538d6f40cdba0d40bd7f4d8ea6ca6e2eec87f294efc971407857f5d7db09f6a7b31e301f571c6d82a5e3d08d2bb3a36e673d28b910f5bec57f0fcc4d968fd7c94d0b9226dec17f5192ad8b42bcab6f26e1bea1fdc3b958199acb00f14ebcb2a352f3afcedd4c09000128a603bbeb9696dea13040445253972d46237a25c7845e3b464e6984c2348ea1f1210a9ff0b00d2d72b50db00c009bb39f9
Result = KEYOP_ERROR
# MD5/SHA-1 combination
-Availablein = default
Verify = RSA-2048
Ctrl = digest:MD5-SHA1
Input = "0123456789ABCDEF0123456789ABCDEF0123"
Output = 7b80e0d4d2a6b7f4b018ce164bc0be21a0604b1b05e91c6204372458b05a0e4dbf0b36b3f80dbf04b278ad1fcf7ff6d982d5ca5d98b13b68240d846d400b8db6675b1a5fcbe2256322c5f691378bc941785326030fa835d240e334e2a4d35b17c1149b59dbb6e6d53b44326ebfc371f754449d36bad3722c1878af1699bb0a00c28e37162f99aba550b7c333228a70c906e3701c519a460a14fac29ff164ca9413efd19b431b31a9ad2988662cdbda9cdcff85f294b4be2cf072caceb1d3f52642edafea2e1d1e495061f18b5b3a130d2242cec830e44d506590e5df69bb974879a35e6bdc1ad00e3e31b362f2f5cdeabd8a0dfddfdb66a7c43993a3e189b80d
-Availablein = default
VerifyRecover = RSA-2048
Ctrl = digest:MD5-SHA1
Input = 7b80e0d4d2a6b7f4b018ce164bc0be21a0604b1b05e91c6204372458b05a0e4dbf0b36b3f80dbf04b278ad1fcf7ff6d982d5ca5d98b13b68240d846d400b8db6675b1a5fcbe2256322c5f691378bc941785326030fa835d240e334e2a4d35b17c1149b59dbb6e6d53b44326ebfc371f754449d36bad3722c1878af1699bb0a00c28e37162f99aba550b7c333228a70c906e3701c519a460a14fac29ff164ca9413efd19b431b31a9ad2988662cdbda9cdcff85f294b4be2cf072caceb1d3f52642edafea2e1d1e495061f18b5b3a130d2242cec830e44d506590e5df69bb974879a35e6bdc1ad00e3e31b362f2f5cdeabd8a0dfddfdb66a7c43993a3e189b80d
Output = "0123456789ABCDEF0123456789ABCDEF0123"
# MD5/SHA-1 combination, digest mismatch
-Availablein = default
Verify = RSA-2048
Ctrl = digest:MD5-SHA1
Input = "000000000000000000000000000000000000"
@@ -207,21 +108,18 @@ Output = 7b80e0d4d2a6b7f4b018ce164bc0be21a0604b1b05e91c6204372458b05a0e4dbf0b36b
Result = VERIFY_ERROR
# MD5/SHA-1 combination, wrong signature digest length
-Availablein = default
Verify = RSA-2048
Ctrl = digest:MD5-SHA1
Input = "0123456789ABCDEF0123456789ABCDEF0123"
Output = 6c13511f97ffb8137545fce551a43cf2b5b3dbdd5c3ceaaccd4620a6a373f3c38cc523d95bbdd810c852743b981bc4393c6b0cdfb0da5e77a8cc0108b05ff95e0f4dd7a0125b7390af1408dca6ddefac3b05b768de7b0c3df3c74e5f102f62743d67813beee1777036078da4cff5b29f49f01a6df3a2e709c37a83737108517687fe754d9ee908cb36c55e88f67c0b537108707347d16049f5dfac3d400ea367222d36627937a7f822f451c3d2c2dbc9e2202bffd3dc1b22213e17270a6b657619c6f44cbf66b077d548cfc9e1a114f8b853412470f2bf8d828f04d0d9f1aef260d216acb0911329fb5bdc48c2be3b198bf6f96e1c3fb116ad4430140d0640d4
Result = VERIFY_ERROR
-Availablein = default
VerifyRecover = RSA-2048
Ctrl = digest:MD5-SHA1
Input = 6c13511f97ffb8137545fce551a43cf2b5b3dbdd5c3ceaaccd4620a6a373f3c38cc523d95bbdd810c852743b981bc4393c6b0cdfb0da5e77a8cc0108b05ff95e0f4dd7a0125b7390af1408dca6ddefac3b05b768de7b0c3df3c74e5f102f62743d67813beee1777036078da4cff5b29f49f01a6df3a2e709c37a83737108517687fe754d9ee908cb36c55e88f67c0b537108707347d16049f5dfac3d400ea367222d36627937a7f822f451c3d2c2dbc9e2202bffd3dc1b22213e17270a6b657619c6f44cbf66b077d548cfc9e1a114f8b853412470f2bf8d828f04d0d9f1aef260d216acb0911329fb5bdc48c2be3b198bf6f96e1c3fb116ad4430140d0640d4
Result = KEYOP_ERROR
# MD5/SHA-1 combination, wrong input digest length
-Availablein = default
Verify = RSA-2048
Ctrl = digest:MD5-SHA1
Input = "0123456789ABCDEF0123456789ABCDEF012"
@@ -229,7 +127,6 @@ Output = 7b80e0d4d2a6b7f4b018ce164bc0be21a0604b1b05e91c6204372458b05a0e4dbf0b36b
Result = VERIFY_ERROR
# MD5/SHA-1 combination, wrong input and signature digest length
-Availablein = default
Verify = RSA-2048
Ctrl = digest:MD5-SHA1
Input = "0123456789ABCDEF0123456789ABCDEF012"
@@ -237,14 +134,12 @@ Output = 6c13511f97ffb8137545fce551a43cf2b5b3dbdd5c3ceaaccd4620a6a373f3c38cc523d
Result = VERIFY_ERROR
# DigestInfo-wrapped MDC-2 signature
-Availablein = default
Availablein = legacy
Verify = RSA-2048
Ctrl = digest:MDC2
Input = "0123456789ABCDEF"
Output = 3a46e5e80635d3b5586187b44b08fd02ca0bd36a637a8afeb46a1c1eb18d05b3196e00edf85378109015bcd3d0cfcefc2919c5b8e3ac42884b360188b1395ed34df7d2749f36b91c320d290311d78b36f390481eff42ace0275385c05176d022e4b625cf0ed85082d4b25da9e8a86011f6ac1cb8d8b812cc2bbd6c240caa8445aa74f8e971c935dbf3447df0411eb9e5cdee0851d1e0fea7041916c77efc09dc54e8dd4b7ba8f8d85ef43d4f12abde99886f4ebd5f021fc1b476cc23dc6a94fbbe77c954eee496fb6b4b5c534daa4e819143ce8de511a8bcb65759750c17edaca6fb31ac271c1ca3a27705f780ae86c67009e76fcba9067dde3556ff59c44111
-Availablein = default
Availablein = legacy
VerifyRecover = RSA-2048
Ctrl = digest:MDC2
@@ -252,14 +147,12 @@ Input = 3a46e5e80635d3b5586187b44b08fd02ca0bd36a637a8afeb46a1c1eb18d05b3196e00ed
Output = "0123456789ABCDEF"
# Legacy OCTET STRING MDC-2 signature
-Availablein = default
Availablein = legacy
Verify = RSA-2048
Ctrl = digest:MDC2
Input = "0123456789ABCDEF"
Output = 6cde46bbfc6a3b772c3d884640709be9f2fb70fcf199c14eaff7811369ea99733f984a9c48cd372578fa37cedeef24c93286d6d64f438df051e625ab2e125a7d9974a76240873e43efc3acbcbdccc2ee63769cdbf983b334ccb982273315c222b3bbdc3e928ac8a141a7412f1f794cfcabcc069a2ae4975d7bb68bea145d789634c9e0b02d324b5efd599c9bf2b1d32d077aba59aa0ad4a82cbbb90eaa9214e4f57104cf049c4139e2ddecf6edf219cd986f4d79cf25128c58667562c9d22be0291430d6cc7dad977d56e08315fcec133ea95d8db550f89735b4d5f233eaff0c86fce2b99f3f508e920f882c31f3e13f8775a3c8fa585c4f4c69eca89f648b7e
-Availablein = default
Availablein = legacy
VerifyRecover = RSA-2048
Ctrl = digest:MDC2
@@ -267,7 +160,6 @@ Input = 6cde46bbfc6a3b772c3d884640709be9f2fb70fcf199c14eaff7811369ea99733f984a9c
Output = "0123456789ABCDEF"
# Legacy OCTET STRING MDC-2 signature, digest mismatch
-Availablein = default
Availablein = legacy
Verify = RSA-2048
Ctrl = digest:MDC2
@@ -276,7 +168,6 @@ Output = 6cde46bbfc6a3b772c3d884640709be9f2fb70fcf199c14eaff7811369ea99733f984a9
Result = VERIFY_ERROR
# Legacy OCTET STRING MDC-2 signature, wrong input digest length
-Availablein = default
Availablein = legacy
Verify = RSA-2048
Ctrl = digest:MDC2
@@ -285,7 +176,6 @@ Output = 6cde46bbfc6a3b772c3d884640709be9f2fb70fcf199c14eaff7811369ea99733f984a9
Result = VERIFY_ERROR
# Legacy OCTET STRING MDC-2 signature, wrong signature digest length
-Availablein = default
Availablein = legacy
Verify = RSA-2048
Ctrl = digest:MDC2
@@ -301,7 +191,6 @@ Input = 08da512483ece70be57f28a75271612800ae30ffbadc62609bc88b80d497a1fc13c300fd
Result = KEYOP_ERROR
# Legacy OCTET STRING MDC-2 signature, wrong input and signature digest length
-Availablein = default
Availablein = legacy
Verify = RSA-2048
Ctrl = digest:MDC2
@@ -309,43 +198,6 @@ Input = "0123456789ABCDE"
Output = 08da512483ece70be57f28a75271612800ae30ffbadc62609bc88b80d497a1fc13c300fdfcab6dc80cf55373c10adcc249ae80479b87fa3e391a2cd4a74babd1c22a4976812d544dcd6729b161bbc48fd067cf635b05f9edaddaeb6f67f2117d6b54a23c5e6f08a246abfe0356a67d7f3929306515e6d9962f8ce205120ecdcd2d4e3783cd0b4a1f0196a1b13924d0d3649233312695c3c336ae04e0b1efddabcc878b57622db60f6f747a1124c38426dacf1425c92d304c2bb1052f987c1dd73e4cc4b20d23396d4f05f52f98cf5065c3fb7dc319425f1f6f1878b87f57afbd24fbff98909494581aadd04d80a639b85ce8684ea58409d8dbbbaacf256bb5c4
Result = VERIFY_ERROR
-# Verify using public key
-
-Verify = RSA-2048-PUBLIC
-Ctrl = digest:SHA1
-Input = "0123456789ABCDEF1234"
-Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
-
-# RSA decrypt
-
-Decrypt = RSA-2048
-Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
-Output = "Hello World"
-
-# Corrupted ciphertext
-Decrypt = RSA-2048
-Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79
-Output = "Hello World"
-Result = KEYOP_ERROR
-
-# OAEP padding
-Decrypt = RSA-2048
-Ctrl = rsa_padding_mode:oaep
-Input = 458708DFBD42A1297CE7A9C86C7087AB80B1754810929B89C5107CA55368587686986FCE94D86CC1595B3FB736223A656EC0F34D18BA1CC5665593610F56C58E26B272D584F3D983A5C91085700755AEBD921FB280BBA3EDA7046EC07B43E7298E52D59EDC92BE4639A8CE08B2F85976ECF6D98CC469EEB9D5D8E2A32EA8A6626EDAFE1038B3DF455668A9F3C77CAD8B92FB872E00058C3D2A7EDE1A1F03FC5622084AE04D9D24F6BF0995C58D35B93B699B9763595E123F2AB0863CC9229EB290E2EDE7715C7A8F39E0B9A3E2E1B56EBB62F1CBFBB5986FB212EBD785B83D01D968B11D1756C7337F70C1F1A63BFF03608E24F3A2FD44E67F832A8701C5D5AF
-Output = "Hello World"
-
-# OAEP padding, corrupted ciphertext
-Decrypt = RSA-2048
-Ctrl = rsa_padding_mode:oaep
-Input = 458708DFBD42A1297CE7A9C86C7087AB80B1754810929B89C5107CA55368587686986FCE94D86CC1595B3FB736223A656EC0F34D18BA1CC5665593610F56C58E26B272D584F3D983A5C91085700755AEBD921FB280BBA3EDA7046EC07B43E7298E52D59EDC92BE4639A8CE08B2F85976ECF6D98CC469EEB9D5D8E2A32EA8A6626EDAFE1038B3DF455668A9F3C77CAD8B92FB872E00058C3D2A7EDE1A1F03FC5622084AE04D9D24F6BF0995C58D35B93B699B9763595E123F2AB0863CC9229EB290E2EDE7715C7A8F39E0B9A3E2E1B56EBB62F1CBFBB5986FB212EBD785B83D01D968B11D1756C7337F70C1F1A63BFF03608E24F3A2FD44E67F832A8701C5D5AC
-Output = "Hello World"
-Result = KEYOP_ERROR
-
-# Illegal RSA key derivation
-Derive = RSA-2048
-Result = KEYOP_INIT_ERROR
-Reason = operation not supported for this keytype
-
Sign = RSA-2048
Ctrl = rsa_mgf1_md:sha1
Result = PKEY_CTRL_ERROR
@@ -398,84 +250,6 @@ TwIDAQAB
PrivPubKeyPair = RSA-PSS:RSA-PSS-DEFAULT
-# Key with invalid negative minimum salt length
-PublicKey = RSA-PSS-BAD
------BEGIN PUBLIC KEY-----
-MIIBJzASBgkqhkiG9w0BAQowBaIDAgH/A4IBDwAwggEKAoIBAQDNAIHqeyrh6gbV
-n3xz2f+5SglhXC5Lp8Y2zvCN01M+wxhVJbAVx2m5mnfWclv5w1Mqm25fZifV+4UW
-B2jT3anL01l0URcX3D0wnS/EfuQfl+Mq23+d2GShxHZ6Zm7NcbwarPXnUX9LOFlP
-6psF5C1a2pkSAIAT5FMWpNm7jtCGuI0odYusr5ItRqhotIXSOcm66w4rZFknEPQr
-LR6gpLSALAvsqzKPimiwBzvbVG/uqYCdKEmRKzkMFTK8finHZY+BdfrkbzQzL/h7
-yrPkBkm5hXeGnaDqcYNT8HInVIhpE2SHYNEivmduD8SD3SD/wxvalqMZZsmqLnWt
-A95H4cRPAgMBAAE=
------END PUBLIC KEY-----
-
-PrivPubKeyPair = RSA-PSS:RSA-PSS-BAD
-
-
-# Key with minimum salt length exceeding maximum permitted value
-PublicKey = RSA-PSS-BAD2
------BEGIN PUBLIC KEY-----
-MIIBKDATBgkqhkiG9w0BAQowBqIEAgIBAAOCAQ8AMIIBCgKCAQEAzQCB6nsq4eoG
-1Z98c9n/uUoJYVwuS6fGNs7wjdNTPsMYVSWwFcdpuZp31nJb+cNTKptuX2Yn1fuF
-Fgdo092py9NZdFEXF9w9MJ0vxH7kH5fjKtt/ndhkocR2emZuzXG8Gqz151F/SzhZ
-T+qbBeQtWtqZEgCAE+RTFqTZu47QhriNKHWLrK+SLUaoaLSF0jnJuusOK2RZJxD0
-Ky0eoKS0gCwL7Ksyj4posAc721Rv7qmAnShJkSs5DBUyvH4px2WPgXX65G80My/4
-e8qz5AZJuYV3hp2g6nGDU/ByJ1SIaRNkh2DRIr5nbg/Eg90g/8Mb2pajGWbJqi51
-rQPeR+HETwIDAQAB
------END PUBLIC KEY-----
-
-PrivPubKeyPair = RSA-PSS:RSA-PSS-BAD2
-
-# Zero salt length makes output deterministic
-Sign = RSA-2048
-Ctrl = rsa_padding_mode:pss
-Ctrl = rsa_pss_saltlen:0
-Ctrl = digest:sha256
-Input="0123456789ABCDEF0123456789ABCDEF"
-Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
-
-# Verify of above signature
-Verify = RSA-2048-PUBLIC
-Ctrl = rsa_padding_mode:pss
-Ctrl = rsa_pss_saltlen:0
-Ctrl = digest:sha256
-Input="0123456789ABCDEF0123456789ABCDEF"
-Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
-
-# Verify using salt length auto detect
-Verify = RSA-2048-PUBLIC
-Ctrl = rsa_padding_mode:pss
-Ctrl = rsa_pss_saltlen:auto
-Input="0123456789ABCDEF0123"
-Output = 6BF7EDC63A0BA184EEEC7F3020FEC8F5EBF38C2B76481881F48BCCE5796E7AB294548BA9AE810457C7723CABD1BDE94CF59CF7C0FC7461B22760C8ED703DD98E97BFDD61FA8D1181C411F6DEE5FF159F4850746D78EDEE385A363DC28E2CB373D5CAD7953F3BD5E639BE345732C03A1BDEA268814DA036EB1891C82D4012F3B903D86636055F87B96FC98806AD1B217685A4D754046A5DE0B0D7870664BE07902153EC85BA457BE7D7F89D7FE0F626D02A9CBBB2BB479DDA1A5CAE75247FB7BF6BFB15C1D3FD9E6B1573CCDBC72011C3B97716058BB11C7EA2E4E56ADAFE1F5DE6A7FD405AC5890100F9C3408EFFB5C73BF73F48177FF743B4B819D0699D507B
-
-# Digest too short
-Verify = RSA-2048-PUBLIC
-Ctrl = rsa_padding_mode:pss
-Ctrl = rsa_pss_saltlen:0
-Ctrl = digest:sha256
-Input="0123456789ABCDEF0123456789ABCDE"
-Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
-Result = VERIFY_ERROR