diff --git a/.gitignore b/.gitignore index 6209f99..7cdad35 100644 --- a/.gitignore +++ b/.gitignore @@ -52,3 +52,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-1.1.1i-hobbled.tar.xz /openssl-1.1.1j-hobbled.tar.xz /openssl-1.1.1k-hobbled.tar.xz +/openssl-3.0.0-hobbled.tar.xz diff --git a/0001-Aarch64-and-ppc64le-use-lib64.patch b/0001-Aarch64-and-ppc64le-use-lib64.patch new file mode 100644 index 0000000..e5d23ba --- /dev/null +++ b/0001-Aarch64-and-ppc64le-use-lib64.patch @@ -0,0 +1,33 @@ +From 603a35802319c0459737e3f067369ceb990fe2e6 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:01:41 +0200 +Subject: Aarch64 and ppc64le use lib64 + +(Was openssl-1.1.1-build.patch) +--- + Configurations/10-main.conf | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf +index d7580bf3e1..a7dbfd7f40 100644 +--- a/Configurations/10-main.conf ++++ b/Configurations/10-main.conf +@@ -723,6 +723,7 @@ my %targets = ( + lib_cppflags => add("-DL_ENDIAN"), + asm_arch => 'ppc64', + perlasm_scheme => "linux64le", ++ multilib => "64", + }, + + "linux-armv4" => { +@@ -765,6 +766,7 @@ my %targets = ( + inherit_from => [ "linux-generic64" ], + asm_arch => 'aarch64', + perlasm_scheme => "linux64", ++ multilib => "64", + }, + "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 + inherit_from => [ "linux-generic32" ], +-- +2.26.2 + diff --git a/openssl-1.1.1-defaults.patch b/0002-Use-more-general-default-values-in-openssl.cnf.patch similarity index 66% rename from openssl-1.1.1-defaults.patch rename to 0002-Use-more-general-default-values-in-openssl.cnf.patch index 291ed88..83ed599 100644 --- a/openssl-1.1.1-defaults.patch +++ b/0002-Use-more-general-default-values-in-openssl.cnf.patch @@ -1,7 +1,21 @@ -diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cnf ---- openssl-1.1.1a/apps/openssl.cnf.defaults 2018-11-20 14:35:37.000000000 +0100 -+++ openssl-1.1.1a/apps/openssl.cnf 2019-01-15 13:56:50.841719776 +0100 -@@ -74,7 +74,7 @@ cert_opt = ca_default # Certificate fi +From 41df9ae215cee9574e17e6f887c96a7c97d588f5 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:03:40 +0200 +Subject: Use more general default values in openssl.cnf + +Also set sha256 as default hash, although that should not be +necessary anymore. + +(was openssl-1.1.1-defaults.patch) +--- + apps/openssl.cnf | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/apps/openssl.cnf b/apps/openssl.cnf +index 97567a67be..eb25a0ac48 100644 +--- a/apps/openssl.cnf ++++ b/apps/openssl.cnf +@@ -104,7 +104,7 @@ cert_opt = ca_default # Certificate field options default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL @@ -10,7 +24,7 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look -@@ -106,6 +106,7 @@ emailAddress = optional +@@ -136,6 +136,7 @@ emailAddress = optional #################################################################### [ req ] default_bits = 2048 @@ -18,7 +32,7 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes -@@ -128,17 +129,18 @@ string_mask = utf8only +@@ -158,17 +159,18 @@ string_mask = utf8only [ req_distinguished_name ] countryName = Country Name (2 letter code) @@ -40,7 +54,7 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn # we can do this but it is not needed normally :-) #1.organizationName = Second Organization Name (eg, company) -@@ -147,7 +149,7 @@ localityName = Locality Name (eg, city +@@ -177,7 +179,7 @@ localityName = Locality Name (eg, city) organizationalUnitName = Organizational Unit Name (eg, section) #organizationalUnitName_default = @@ -49,3 +63,6 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn commonName_max = 64 emailAddress = Email Address +-- +2.26.2 + diff --git a/0003-Do-not-install-html-docs.patch b/0003-Do-not-install-html-docs.patch new file mode 100644 index 0000000..66d62e0 --- /dev/null +++ b/0003-Do-not-install-html-docs.patch @@ -0,0 +1,26 @@ +From 3d5755df8d09ca841c0aca2d7344db060f6cc97f Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:05:55 +0200 +Subject: Do not install html docs + +(was openssl-1.1.1-no-html.patch) +--- + Configurations/unix-Makefile.tmpl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index 342e46d24d..9f369edf0e 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -554,7 +554,7 @@ install_sw: install_dev install_engines install_modules install_runtime + + uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev + +-install_docs: install_man_docs install_html_docs ++install_docs: install_man_docs + + uninstall_docs: uninstall_man_docs uninstall_html_docs + $(RM) -r $(DESTDIR)$(DOCDIR) +-- +2.26.2 + diff --git a/openssl-1.1.1-conf-paths.patch b/0004-Override-default-paths-for-the-CA-directory-tree.patch similarity index 55% rename from openssl-1.1.1-conf-paths.patch rename to 0004-Override-default-paths-for-the-CA-directory-tree.patch index 819007b..88832a2 100644 --- a/openssl-1.1.1-conf-paths.patch +++ b/0004-Override-default-paths-for-the-CA-directory-tree.patch @@ -1,19 +1,37 @@ -diff -up openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths openssl-1.1.1-pre8/apps/CA.pl.in ---- openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths 2018-06-20 16:48:09.000000000 +0200 -+++ openssl-1.1.1-pre8/apps/CA.pl.in 2018-07-25 17:26:58.388624296 +0200 -@@ -33,7 +33,7 @@ my $X509 = "$openssl x509"; +From 6790960076742a9053c624e26fbb87fcd5789e27 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:17:26 +0200 +Subject: Override default paths for the CA directory tree + +Also add default section to load crypto-policies configuration +for TLS. + +It needs to be reverted before running tests. + +(was openssl-1.1.1-conf-paths.patch) +--- + apps/CA.pl.in | 2 +- + apps/openssl.cnf | 20 ++++++++++++++++++-- + 2 files changed, 19 insertions(+), 3 deletions(-) + +diff --git a/apps/CA.pl.in b/apps/CA.pl.in +index c0afb96716..d6a5fabd16 100644 +--- a/apps/CA.pl.in ++++ b/apps/CA.pl.in +@@ -29,7 +29,7 @@ my $X509 = "$openssl x509"; my $PKCS12 = "$openssl pkcs12"; - # default openssl.cnf file has setup as per the following + # Default values for various configuration settings. -my $CATOP = "./demoCA"; +my $CATOP = "/etc/pki/CA"; my $CAKEY = "cakey.pem"; my $CAREQ = "careq.pem"; my $CACERT = "cacert.pem"; -diff -up openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths openssl-1.1.1-pre8/apps/openssl.cnf ---- openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths 2018-07-25 17:26:58.378624057 +0200 -+++ openssl-1.1.1-pre8/apps/openssl.cnf 2018-07-27 13:20:08.198513471 +0200 -@@ -23,6 +23,22 @@ oid_section = new_oids +diff --git a/apps/openssl.cnf b/apps/openssl.cnf +index eb25a0ac48..2479943fde 100644 +--- a/apps/openssl.cnf ++++ b/apps/openssl.cnf +@@ -31,6 +31,22 @@ oid_section = new_oids # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) @@ -34,9 +52,9 @@ diff -up openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths openssl-1.1.1-pre8/apps/ +.include = /etc/crypto-policies/back-ends/opensslcnf.config + [ new_oids ] - # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. -@@ -43,7 +59,7 @@ default_ca = CA_default # The default c + # Add a simple OID like this: +@@ -72,7 +88,7 @@ default_ca = CA_default # The default ca section #################################################################### [ CA_default ] @@ -45,7 +63,7 @@ diff -up openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths openssl-1.1.1-pre8/apps/ certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. -@@ -329,7 +345,7 @@ default_tsa = tsa_config1 # the default +@@ -304,7 +320,7 @@ default_tsa = tsa_config1 # the default TSA section [ tsa_config1 ] # These are used by the TSA reply generation only. @@ -54,3 +72,6 @@ diff -up openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths openssl-1.1.1-pre8/apps/ serial = $dir/tsaserial # The current serial number (mandatory) crypto_device = builtin # OpenSSL engine to use for signing signer_cert = $dir/tsacert.pem # The TSA signing certificate +-- +2.26.2 + diff --git a/0005-apps-ca-fix-md-option-help-text.patch b/0005-apps-ca-fix-md-option-help-text.patch new file mode 100644 index 0000000..1fed4c4 --- /dev/null +++ b/0005-apps-ca-fix-md-option-help-text.patch @@ -0,0 +1,28 @@ +From 3d8fa9859501b07e02b76b5577e2915d5851e927 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:27:18 +0200 +Subject: apps/ca: fix md option help text + +upstreamable + +(was openssl-1.1.1-apps-dgst.patch) +--- + apps/ca.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/apps/ca.c b/apps/ca.c +index 0f21b4fa1c..3d4b2c1673 100755 +--- a/apps/ca.c ++++ b/apps/ca.c +@@ -209,7 +209,7 @@ const OPTIONS ca_options[] = { + {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"}, + + OPT_SECTION("Signing"), +- {"md", OPT_MD, 's', "Digest to use, such as sha256"}, ++ {"md", OPT_MD, 's', "Digest to use, such as sha256; see openssl help for list"}, + {"keyfile", OPT_KEYFILE, 's', "The CA private key"}, + {"keyform", OPT_KEYFORM, 'f', + "Private key file format (ENGINE, other values ignored)"}, +-- +2.26.2 + diff --git a/0006-Disable-signature-verification-with-totally-unsafe-h.patch b/0006-Disable-signature-verification-with-totally-unsafe-h.patch new file mode 100644 index 0000000..467a8e7 --- /dev/null +++ b/0006-Disable-signature-verification-with-totally-unsafe-h.patch @@ -0,0 +1,29 @@ +From 3f9deff30ae6efbfe979043b00cdf649b39793c0 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 09:51:34 +0200 +Subject: Disable signature verification with totally unsafe hash algorithms + +(was openssl-1.1.1-no-weak-verify.patch) +--- + crypto/asn1/a_verify.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c +index b7eed914b0..af62f0ef08 100644 +--- a/crypto/asn1/a_verify.c ++++ b/crypto/asn1/a_verify.c +@@ -152,6 +152,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, + ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); + if (ret <= 1) + goto err; ++ } else if ((mdnid == NID_md5 ++ && ossl_safe_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) || ++ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) { ++ ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); ++ goto err; + } else { + const EVP_MD *type = EVP_get_digestbynid(mdnid); + +-- +2.26.2 + diff --git a/openssl-1.1.1-system-cipherlist.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch similarity index 62% rename from openssl-1.1.1-system-cipherlist.patch rename to 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch index a70f20b..6b8117e 100644 --- a/openssl-1.1.1-system-cipherlist.patch +++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -1,7 +1,25 @@ -diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.1c/Configurations/unix-Makefile.tmpl ---- openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist 2019-05-29 15:42:27.951329271 +0200 -+++ openssl-1.1.1c/Configurations/unix-Makefile.tmpl 2019-05-29 15:42:27.974328867 +0200 -@@ -180,6 +180,10 @@ MANDIR=$(INSTALLTOP)/share/man +From 736d709ec194b3a763e004696df22792c62a11fc Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 24 Sep 2020 10:16:46 +0200 +Subject: Add support for PROFILE=SYSTEM system default cipherlist + +(was openssl-1.1.1-system-cipherlist.patch) +--- + Configurations/unix-Makefile.tmpl | 5 ++ + Configure | 10 +++- + doc/man1/openssl-ciphers.pod.in | 9 ++++ + include/openssl/ssl.h.in | 5 ++ + ssl/ssl_ciph.c | 88 +++++++++++++++++++++++++++---- + ssl/ssl_lib.c | 4 +- + test/cipherlist_test.c | 2 + + util/libcrypto.num | 1 + + 8 files changed, 110 insertions(+), 14 deletions(-) + +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index 9f369edf0e..c52389f831 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -269,6 +269,10 @@ MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) HTMLDIR=$(DOCDIR)/html @@ -12,7 +30,7 @@ diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist open # MANSUFFIX is for the benefit of anyone who may want to have a suffix # appended after the manpage file section number. "ssl" is popular, # resulting in files such as config.5ssl rather than config.5. -@@ -203,6 +207,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -} +@@ -292,6 +296,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -} CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -} CPPFLAGS={- our $cppflags1 = join(" ", (map { "-D".$_} @{$config{CPPDEFINES}}), @@ -20,10 +38,11 @@ diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist open (map { "-I".$_} @{$config{CPPINCLUDES}}), @{$config{CPPFLAGS}}) -} CFLAGS={- join(' ', @{$config{CFLAGS}}) -} -diff -up openssl-1.1.1c/Configure.system-cipherlist openssl-1.1.1c/Configure ---- openssl-1.1.1c/Configure.system-cipherlist 2019-05-28 15:12:21.000000000 +0200 -+++ openssl-1.1.1c/Configure 2019-05-29 15:45:10.465469533 +0200 -@@ -24,7 +24,7 @@ use OpenSSL::Glob; +diff --git a/Configure b/Configure +index dfad3fe7a5..dc6d5d4d73 100755 +--- a/Configure ++++ b/Configure +@@ -27,7 +27,7 @@ use OpenSSL::config; my $orig_death_handler = $SIG{__DIE__}; $SIG{__DIE__} = \&death_handler; @@ -32,7 +51,7 @@ diff -up openssl-1.1.1c/Configure.system-cipherlist openssl-1.1.1c/Configure # Options: # -@@ -41,6 +41,9 @@ my $usage="Usage: Configure [no- +@@ -44,6 +44,9 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # This becomes the value of OPENSSLDIR in Makefile and in C. # (Default: PREFIX/ssl) # @@ -41,8 +60,8 @@ diff -up openssl-1.1.1c/Configure.system-cipherlist openssl-1.1.1c/Configure +# # --cross-compile-prefix Add specified prefix to binutils components. # - # --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for -@@ -295,6 +298,7 @@ $config{prefix}=""; + # --api One of 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, or 3.0 +@@ -367,6 +370,7 @@ $config{prefix}=""; $config{openssldir}=""; $config{processor}=""; $config{libdir}=""; @@ -50,9 +69,9 @@ diff -up openssl-1.1.1c/Configure.system-cipherlist openssl-1.1.1c/Configure my $auto_threads=1; # enable threads automatically? true by default my $default_ranlib; -@@ -824,6 +828,10 @@ while (@argvcopy) - push @seed_sources, $x; - } +@@ -957,6 +961,10 @@ while (@argvcopy) + die "FIPS key too long (64 bytes max)\n" + if length $1 > 64; } + elsif (/^--system-ciphers-file=(.*)$/) + { @@ -61,19 +80,11 @@ diff -up openssl-1.1.1c/Configure.system-cipherlist openssl-1.1.1c/Configure elsif (/^--cross-compile-prefix=(.*)$/) { $user{CROSS_COMPILE}=$1; -@@ -1016,6 +1024,8 @@ if ($target eq "HASH") { - exit 0; - } - -+chop $config{system_ciphers_file} if $config{system_ciphers_file} =~ /\/$/; -+ - print "Configuring OpenSSL version $config{version} ($config{version_num}) "; - print "for $target\n"; - -diff -up openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1c/doc/man1/ciphers.pod ---- openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist 2019-05-28 15:12:21.000000000 +0200 -+++ openssl-1.1.1c/doc/man1/ciphers.pod 2019-05-29 15:42:27.975328849 +0200 -@@ -182,6 +182,15 @@ As of OpenSSL 1.0.0, the B cipher s +diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in +index b4ed3e51d5..2122e6bdfd 100644 +--- a/doc/man1/openssl-ciphers.pod.in ++++ b/doc/man1/openssl-ciphers.pod.in +@@ -187,6 +187,15 @@ As of OpenSSL 1.0.0, the B cipher suites are sensibly ordered by default. The cipher suites not enabled by B, currently B. @@ -89,34 +100,27 @@ diff -up openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1c/do =item B "High" encryption cipher suites. This currently means those with key lengths -diff -up openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist openssl-1.1.1c/include/openssl/ssl.h ---- openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist 2019-05-28 15:12:21.000000000 +0200 -+++ openssl-1.1.1c/include/openssl/ssl.h 2019-05-29 15:42:27.975328849 +0200 -@@ -186,6 +186,11 @@ extern "C" { +diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in +index f9a61609e4..c6f95fed3f 100644 +--- a/include/openssl/ssl.h.in ++++ b/include/openssl/ssl.h.in +@@ -209,6 +209,11 @@ extern "C" { * throwing out anonymous and unencrypted ciphersuites! (The latter are not * actually enabled by ALL, but "ALL:RSA" would enable some of them.) */ +# ifdef SYSTEM_CIPHERS_FILE +# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM" +# else -+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST ++# define SSL_SYSTEM_DEFAULT_CIPHER_LIST OSSL_default_cipher_list() +# endif /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 -diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ciph.c ---- openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200 -+++ openssl-1.1.1c/ssl/ssl_ciph.c 2019-05-29 15:42:27.976328831 +0200 -@@ -9,6 +9,8 @@ - * https://www.openssl.org/source/license.html - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include - #include - #include -@@ -1399,6 +1401,53 @@ int SSL_set_ciphersuites(SSL *s, const c +diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c +index b1d3f7919e..f7cc7fed48 100644 +--- a/ssl/ssl_ciph.c ++++ b/ssl/ssl_ciph.c +@@ -1411,6 +1411,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str) return ret; } @@ -129,7 +133,7 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ + const char *ciphers_path; + unsigned len, slen; + -+ if ((ciphers_path = secure_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL) ++ if ((ciphers_path = ossl_safe_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL) + ciphers_path = SYSTEM_CIPHERS_FILE; + fp = fopen(ciphers_path, "r"); + if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) { @@ -167,19 +171,19 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ +} +#endif + - STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, + STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) **cipher_list, -@@ -1412,15 +1461,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ - const char *rule_p; +@@ -1425,15 +1472,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; const SSL_CIPHER **ca_list = NULL; + const SSL_METHOD *ssl_method = ctx->method; +#ifdef SYSTEM_CIPHERS_FILE + char *new_rules = NULL; + + if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) { + char *p = rule_str + 14; -+ ++ + new_rules = load_system_str(p); + rule_str = new_rules; + } @@ -191,23 +195,23 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) - return NULL; + goto err; - #ifndef OPENSSL_NO_EC + if (!check_suiteb_cipher_list(ssl_method, c, &rule_str)) - return NULL; + goto err; - #endif /* -@@ -1443,7 +1502,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + * To reduce the work to do we only want to process the compiled +@@ -1456,7 +1513,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); if (co_list == NULL) { - SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); - return NULL; /* Failure */ + goto err; } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, -@@ -1509,8 +1568,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1522,8 +1579,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * in force within each class */ if (!ssl_cipher_strength_sort(&head, &tail)) { @@ -217,18 +221,18 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ } /* -@@ -1555,9 +1613,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1568,9 +1624,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); if (ca_list == NULL) { - OPENSSL_free(co_list); - SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); - return NULL; /* Failure */ + goto err; } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mkey, disabled_auth, disabled_enc, -@@ -1583,8 +1640,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1596,8 +1651,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, OPENSSL_free(ca_list); /* Not needed anymore */ if (!ok) { /* Rule processing failure */ @@ -238,7 +242,7 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ } /* -@@ -1592,14 +1648,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1605,10 +1659,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * if we cannot get one. */ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { @@ -253,13 +257,16 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ + /* Add TLSv1.3 ciphers first - we always prefer those if possible */ for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { - if (!sk_SSL_CIPHER_push(cipherstack, - sk_SSL_CIPHER_value(tls13_ciphersuites, i))) { -+ OPENSSL_free(co_list); + const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); +@@ -1622,6 +1679,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + + if (!sk_SSL_CIPHER_push(cipherstack, sslc)) { sk_SSL_CIPHER_free(cipherstack); ++ OPENSSL_free(co_list); return NULL; } -@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + } +@@ -1656,6 +1714,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, *cipher_list = cipherstack; return cipherstack; @@ -274,31 +281,33 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ } char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) -diff -up openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1c/ssl/ssl_lib.c ---- openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist 2019-05-29 15:42:27.970328937 +0200 -+++ openssl-1.1.1c/ssl/ssl_lib.c 2019-05-29 15:42:27.977328814 +0200 -@@ -662,7 +662,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index d14d5819ba..48d491219a 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) ctx->tls13_ciphersuites, &(ctx->cipher_list), &(ctx->cipher_list_by_id), -- SSL_DEFAULT_CIPHER_LIST, ctx->cert); +- OSSL_default_cipher_list(), ctx->cert); + SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { - SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); + ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return 0; -@@ -2954,7 +2954,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m - if (!ssl_create_cipher_list(ret->method, +@@ -3193,7 +3193,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, + if (!ssl_create_cipher_list(ret, ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, -- SSL_DEFAULT_CIPHER_LIST, ret->cert) +- OSSL_default_cipher_list(), ret->cert) + SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert) || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); + ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; -diff -up openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist openssl-1.1.1c/test/cipherlist_test.c ---- openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200 -+++ openssl-1.1.1c/test/cipherlist_test.c 2019-05-29 15:42:27.977328814 +0200 -@@ -251,7 +251,9 @@ end: +diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c +index 380f0727fc..6922a87c30 100644 +--- a/test/cipherlist_test.c ++++ b/test/cipherlist_test.c +@@ -244,7 +244,9 @@ end: int setup_tests(void) { @@ -308,3 +317,15 @@ diff -up openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist openssl-1.1.1c/ ADD_TEST(test_default_cipherlist_explicit); ADD_TEST(test_default_cipherlist_clear); return 1; +diff --git a/util/libcrypto.num b/util/libcrypto.num +index 404a706fab..e81fa9ec3e 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION: + RAND_set_DRBG_type ? 3_0_0 EXIST::FUNCTION: + RAND_set_seed_source_type ? 3_0_0 EXIST::FUNCTION: + BIO_f_readbuffer ? 3_0_0 EXIST::FUNCTION: ++ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: +-- +2.26.2 + diff --git a/0008-Add-FIPS_mode-compatibility-macro.patch b/0008-Add-FIPS_mode-compatibility-macro.patch new file mode 100644 index 0000000..5f953d2 --- /dev/null +++ b/0008-Add-FIPS_mode-compatibility-macro.patch @@ -0,0 +1,90 @@ +From 5b2ec9a54037d7b007324bf53e067e73511cdfe4 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 26 Nov 2020 14:00:16 +0100 +Subject: Add FIPS_mode() compatibility macro + +The macro calls EVP_default_properties_is_fips_enabled() on the +default context. +--- + include/openssl/crypto.h.in | 1 + + include/openssl/fips.h | 25 +++++++++++++++++++++++++ + test/property_test.c | 13 +++++++++++++ + 3 files changed, 39 insertions(+) + create mode 100644 include/openssl/fips.h + +diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in +index 1036da9a2b..9d4896fcaf 100644 +--- a/include/openssl/crypto.h.in ++++ b/include/openssl/crypto.h.in +@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack_macros); + # include + # include + # include ++# include + + # ifdef CHARSET_EBCDIC + # include +diff --git a/include/openssl/fips.h b/include/openssl/fips.h +new file mode 100644 +index 0000000000..c64f0f8e8f +--- /dev/null ++++ b/include/openssl/fips.h +@@ -0,0 +1,25 @@ ++/* ++ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#ifndef OPENSSL_FIPS_H ++# define OPENSSL_FIPS_H ++# pragma once ++ ++# include ++ ++# ifdef __cplusplus ++extern "C" { ++# endif ++ ++# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL) ++ ++# ifdef __cplusplus ++} ++# endif ++#endif +diff --git a/test/property_test.c b/test/property_test.c +index ab61d01107..1cedc85f78 100644 +--- a/test/property_test.c ++++ b/test/property_test.c +@@ -412,6 +412,18 @@ err: + return ret; + } + ++static int test_downstream_FIPS_mode(void) ++{ ++ int ret = 0; ++ ++ ret = TEST_true(EVP_set_default_properties(NULL, "fips=yes")) ++ && TEST_true(FIPS_mode()) ++ && TEST_true(EVP_set_default_properties(NULL, "fips=no")) ++ && TEST_false(FIPS_mode()); ++ ++ return ret; ++} ++ + + int setup_tests(void) + { +@@ -424,5 +436,6 @@ int setup_tests(void) + ADD_TEST(test_property); + ADD_TEST(test_query_cache_stochastic); + ADD_TEST(test_fips_mode); ++ ADD_TEST(test_downstream_FIPS_mode); + return 1; + } +-- +2.26.2 + diff --git a/0009-Add-Kernel-FIPS-mode-flag-support.patch b/0009-Add-Kernel-FIPS-mode-flag-support.patch new file mode 100644 index 0000000..c05febf --- /dev/null +++ b/0009-Add-Kernel-FIPS-mode-flag-support.patch @@ -0,0 +1,79 @@ +diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c +--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100 ++++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100 +@@ -12,11 +12,54 @@ + #include "internal/thread_once.h" + #include "internal/property.h" + ++#ifndef FIPS_MODULE ++# include ++# include ++# include ++# include ++# include ++#endif ++ + struct ossl_lib_ctx_onfree_list_st { + ossl_lib_ctx_onfree_fn *fn; + struct ossl_lib_ctx_onfree_list_st *next; + }; + ++# ifndef FIPS_MODULE ++# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" ++ ++static int kernel_fips_flag; ++ ++static void read_kernel_fips_flag(void) ++{ ++ char buf[2] = "0"; ++ int fd; ++ ++ if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { ++ buf[0] = '1'; ++ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { ++ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; ++ close(fd); ++ } ++ ++ if (buf[0] == '1') { ++ kernel_fips_flag = 1; ++ } ++ ++ return; ++} ++ ++static int apply_kernel_fips_flag(OSSL_LIB_CTX *ctx) ++{ ++ if (kernel_fips_flag) { ++ return EVP_default_properties_enable_fips(ctx, 1); ++ } ++ ++ return 1; ++} ++# endif ++ ++ + struct ossl_lib_ctx_st { + CRYPTO_RWLOCK *lock; + CRYPTO_EX_DATA data; +@@ -74,6 +117,12 @@ static int context_init(OSSL_LIB_CTX *ct + if (!ossl_property_parse_init(ctx)) + goto err; + ++# ifndef FIPS_MODULE ++ /* Preset the fips=yes default property with kernel FIPS mode */ ++ if (!apply_kernel_fips_flag(ctx)) ++ goto err; ++# endif ++ + return 1; + err: + if (exdata_done) +@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte + + DEFINE_RUN_ONCE_STATIC(default_context_do_init) + { ++ read_kernel_fips_flag(); + return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL) + && context_init(&default_context_int); + } diff --git a/0010-Fix-EVP-extra-test-with-OPENSSL_NO_EC2M.patch b/0010-Fix-EVP-extra-test-with-OPENSSL_NO_EC2M.patch new file mode 100644 index 0000000..d82d757 --- /dev/null +++ b/0010-Fix-EVP-extra-test-with-OPENSSL_NO_EC2M.patch @@ -0,0 +1,16 @@ +diff -up openssl-3.0.0-alpha13/test/evp_extra_test.c.diff openssl-3.0.0-alpha13/test/evp_extra_test.c +--- openssl-3.0.0-alpha13/test/evp_extra_test.c.diff 2021-04-01 17:59:42.096566581 +0200 ++++ openssl-3.0.0-alpha13/test/evp_extra_test.c 2021-04-01 18:21:38.433182330 +0200 +@@ -2415,8 +2415,11 @@ err: + + #ifndef OPENSSL_NO_EC + static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1, +- NID_secp384r1, NID_secp521r1, NID_sect233k1, NID_sect233r1, NID_sect283r1, ++ NID_secp384r1, NID_secp521r1, ++#ifndef OPENSSL_NO_EC2M ++ NID_sect233k1, NID_sect233r1, NID_sect283r1, + NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, ++#endif + NID_brainpoolP384r1, NID_brainpoolP512r1}; + + static int test_ecpub(int idx) diff --git a/0011-Remove-EC-curves.patch b/0011-Remove-EC-curves.patch new file mode 100644 index 0000000..ba86314 --- /dev/null +++ b/0011-Remove-EC-curves.patch @@ -0,0 +1,621 @@ +diff -up openssl-3.0.0-alpha13/apps/speed.c.ec-curves openssl-3.0.0-alpha13/apps/speed.c +--- openssl-3.0.0-alpha13/apps/speed.c.ec-curves 2021-04-10 12:12:00.620129302 +0200 ++++ openssl-3.0.0-alpha13/apps/speed.c 2021-04-10 12:18:11.872369417 +0200 +@@ -364,68 +364,23 @@ static double ffdh_results[FFDH_NUM][1]; + #endif /* OPENSSL_NO_DH */ + + enum ec_curves_t { +- R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, +-#ifndef OPENSSL_NO_EC2M +- R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, +- R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, +-#endif +- R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1, +- R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM ++ R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, ++ ECDSA_NUM + }; + /* list of ecdsa curves */ + static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { +- {"ecdsap160", R_EC_P160}, +- {"ecdsap192", R_EC_P192}, + {"ecdsap224", R_EC_P224}, + {"ecdsap256", R_EC_P256}, + {"ecdsap384", R_EC_P384}, + {"ecdsap521", R_EC_P521}, +-#ifndef OPENSSL_NO_EC2M +- {"ecdsak163", R_EC_K163}, +- {"ecdsak233", R_EC_K233}, +- {"ecdsak283", R_EC_K283}, +- {"ecdsak409", R_EC_K409}, +- {"ecdsak571", R_EC_K571}, +- {"ecdsab163", R_EC_B163}, +- {"ecdsab233", R_EC_B233}, +- {"ecdsab283", R_EC_B283}, +- {"ecdsab409", R_EC_B409}, +- {"ecdsab571", R_EC_B571}, +-#endif +- {"ecdsabrp256r1", R_EC_BRP256R1}, +- {"ecdsabrp256t1", R_EC_BRP256T1}, +- {"ecdsabrp384r1", R_EC_BRP384R1}, +- {"ecdsabrp384t1", R_EC_BRP384T1}, +- {"ecdsabrp512r1", R_EC_BRP512R1}, +- {"ecdsabrp512t1", R_EC_BRP512T1} + }; + enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM }; + /* list of ecdh curves, extension of |ecdsa_choices| list above */ + static const OPT_PAIR ecdh_choices[EC_NUM] = { +- {"ecdhp160", R_EC_P160}, +- {"ecdhp192", R_EC_P192}, + {"ecdhp224", R_EC_P224}, + {"ecdhp256", R_EC_P256}, + {"ecdhp384", R_EC_P384}, + {"ecdhp521", R_EC_P521}, +-#ifndef OPENSSL_NO_EC2M +- {"ecdhk163", R_EC_K163}, +- {"ecdhk233", R_EC_K233}, +- {"ecdhk283", R_EC_K283}, +- {"ecdhk409", R_EC_K409}, +- {"ecdhk571", R_EC_K571}, +- {"ecdhb163", R_EC_B163}, +- {"ecdhb233", R_EC_B233}, +- {"ecdhb283", R_EC_B283}, +- {"ecdhb409", R_EC_B409}, +- {"ecdhb571", R_EC_B571}, +-#endif +- {"ecdhbrp256r1", R_EC_BRP256R1}, +- {"ecdhbrp256t1", R_EC_BRP256T1}, +- {"ecdhbrp384r1", R_EC_BRP384R1}, +- {"ecdhbrp384t1", R_EC_BRP384T1}, +- {"ecdhbrp512r1", R_EC_BRP512R1}, +- {"ecdhbrp512t1", R_EC_BRP512T1}, + {"ecdhx25519", R_EC_X25519}, + {"ecdhx448", R_EC_X448} + }; +@@ -1449,31 +1404,10 @@ int speed_main(int argc, char **argv) + */ + static const EC_CURVE ec_curves[EC_NUM] = { + /* Prime Curves */ +- {"secp160r1", NID_secp160r1, 160}, +- {"nistp192", NID_X9_62_prime192v1, 192}, + {"nistp224", NID_secp224r1, 224}, + {"nistp256", NID_X9_62_prime256v1, 256}, + {"nistp384", NID_secp384r1, 384}, + {"nistp521", NID_secp521r1, 521}, +-#ifndef OPENSSL_NO_EC2M +- /* Binary Curves */ +- {"nistk163", NID_sect163k1, 163}, +- {"nistk233", NID_sect233k1, 233}, +- {"nistk283", NID_sect283k1, 283}, +- {"nistk409", NID_sect409k1, 409}, +- {"nistk571", NID_sect571k1, 571}, +- {"nistb163", NID_sect163r2, 163}, +- {"nistb233", NID_sect233r1, 233}, +- {"nistb283", NID_sect283r1, 283}, +- {"nistb409", NID_sect409r1, 409}, +- {"nistb571", NID_sect571r1, 571}, +-#endif +- {"brainpoolP256r1", NID_brainpoolP256r1, 256}, +- {"brainpoolP256t1", NID_brainpoolP256t1, 256}, +- {"brainpoolP384r1", NID_brainpoolP384r1, 384}, +- {"brainpoolP384t1", NID_brainpoolP384t1, 384}, +- {"brainpoolP512r1", NID_brainpoolP512r1, 512}, +- {"brainpoolP512t1", NID_brainpoolP512t1, 512}, + /* Other and ECDH only ones */ + {"X25519", NID_X25519, 253}, + {"X448", NID_X448, 448} +diff -up openssl-3.0.0-alpha13/test/ecdsatest.h.ec-curves openssl-3.0.0-alpha13/test/ecdsatest.h +--- openssl-3.0.0-alpha13/test/ecdsatest.h.ec-curves 2021-04-10 12:07:43.158013028 +0200 ++++ openssl-3.0.0-alpha13/test/ecdsatest.h 2021-04-10 12:11:21.601828737 +0200 +@@ -32,23 +32,6 @@ typedef struct { + } ecdsa_cavs_kat_t; + + static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = { +- /* prime KATs from X9.62 */ +- {NID_X9_62_prime192v1, NID_sha1, +- "616263", /* "abc" */ +- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb", +- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e" +- "5ca5c0d69716dfcb3474373902", +- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e", +- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead", +- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"}, +- {NID_X9_62_prime239v1, NID_sha1, +- "616263", /* "abc" */ +- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d", +- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e" +- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee", +- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", +- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0", +- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"}, + /* prime KATs from NIST CAVP */ + {NID_secp224r1, NID_sha224, + "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" +diff -up openssl-3.0.0-alpha13/test/recipes/15-test_genec.t.ec-curves openssl-3.0.0-alpha13/test/recipes/15-test_genec.t +--- openssl-3.0.0-alpha13/test/recipes/15-test_genec.t.ec-curves 2021-04-10 11:59:37.453332668 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/15-test_genec.t 2021-04-10 12:03:43.363538976 +0200 +@@ -41,45 +41,11 @@ plan skip_all => "This test is unsupport + if disabled("ec"); + + my @prime_curves = qw( +- secp112r1 +- secp112r2 +- secp128r1 +- secp128r2 +- secp160k1 +- secp160r1 +- secp160r2 +- secp192k1 +- secp224k1 + secp224r1 + secp256k1 + secp384r1 + secp521r1 +- prime192v1 +- prime192v2 +- prime192v3 +- prime239v1 +- prime239v2 +- prime239v3 + prime256v1 +- wap-wsg-idm-ecid-wtls6 +- wap-wsg-idm-ecid-wtls7 +- wap-wsg-idm-ecid-wtls8 +- wap-wsg-idm-ecid-wtls9 +- wap-wsg-idm-ecid-wtls12 +- brainpoolP160r1 +- brainpoolP160t1 +- brainpoolP192r1 +- brainpoolP192t1 +- brainpoolP224r1 +- brainpoolP224t1 +- brainpoolP256r1 +- brainpoolP256t1 +- brainpoolP320r1 +- brainpoolP320t1 +- brainpoolP384r1 +- brainpoolP384t1 +- brainpoolP512r1 +- brainpoolP512t1 + ); + + my @binary_curves = qw( +@@ -136,7 +102,6 @@ push(@other_curves, 'SM2') + if !disabled("sm2"); + + my @curve_aliases = qw( +- P-192 + P-224 + P-256 + P-384 +diff -up openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t.ec-curves openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t +--- openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t.ec-curves 2021-04-10 12:40:59.871858764 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/06-test_algorithmid.t 2021-04-10 12:41:41.140455070 +0200 +@@ -33,7 +33,7 @@ my %certs_info = + 'ee-cert-ec-named-explicit' => 'ca-cert-ec-explicit', + 'ee-cert-ec-named-named' => 'ca-cert-ec-named', + # 'server-ed448-cert' => 'root-ed448-cert' +- 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert', ++ # 'server-ecdsa-brainpoolP256r1-cert' => 'rootcert', + ) + ) + ); +diff -up openssl-3.0.0-alpha13/test/recipes/15-test_ec.t.ec-curves openssl-3.0.0-alpha13/test/recipes/15-test_ec.t +diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t +diff -up openssl-3.0.0-alpha13/test/recipes/30-test_acvp.t.ec-curves openssl-3.0.0-alpha13/test/recipes/30-test_acvp.t +diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf +--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves 2021-04-10 13:21:52.123040226 +0200 ++++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf 2021-04-10 13:28:20.856023985 +0200 +@@ -776,14 +776,12 @@ server = 22-ECDSA with brainpool-server + client = 22-ECDSA with brainpool-client + + [22-ECDSA with brainpool-server] +-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem ++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem + CipherString = DEFAULT +-Groups = brainpoolP256r1 +-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem ++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem + + [22-ECDSA with brainpool-client] + CipherString = aECDSA +-Groups = brainpoolP256r1 + MaxProtocol = TLSv1.2 + RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -791,9 +789,6 @@ VerifyMode = Peer + + [test-22] + ExpectedResult = Success +-ExpectedServerCANames = empty +-ExpectedServerCertType = brainpoolP256r1 +-ExpectedServerSignType = EC + + + # =========================================================== +@@ -1741,9 +1736,9 @@ server = 53-TLS 1.3 ECDSA with brainpool + client = 53-TLS 1.3 ECDSA with brainpool-client + + [53-TLS 1.3 ECDSA with brainpool-server] +-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem ++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem + CipherString = DEFAULT +-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem ++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem + + [53-TLS 1.3 ECDSA with brainpool-client] + CipherString = DEFAULT +@@ -1754,7 +1749,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro + VerifyMode = Peer + + [test-53] +-ExpectedResult = ServerFail ++ExpectedResult = Success + + + # =========================================================== +diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in +--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves 2021-04-10 13:22:06.275221662 +0200 ++++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in 2021-04-10 13:35:18.774623319 +0200 +@@ -428,21 +428,21 @@ my @tests_non_fips = ( + { + name => "ECDSA with brainpool", + server => { +- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), +- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), +- "Groups" => "brainpoolP256r1", ++ "Certificate" => test_pem("server-ecdsa-cert.pem"), ++ "PrivateKey" => test_pem("server-ecdsa-key.pem"), ++ #"Groups" => "brainpoolP256r1", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "aECDSA", + "RequestCAFile" => test_pem("root-cert.pem"), +- "Groups" => "brainpoolP256r1", ++ #"Groups" => "brainpoolP256r1", + }, + test => { +- "ExpectedServerCertType" =>, "brainpoolP256r1", +- "ExpectedServerSignType" =>, "EC", ++ #"ExpectedServerCertType" =>, "brainpoolP256r1", ++ #"ExpectedServerSignType" =>, "EC", + # Note: certificate_authorities not sent for TLS < 1.3 +- "ExpectedServerCANames" =>, "empty", ++ #"ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, +@@ -915,8 +915,8 @@ my @tests_tls_1_3_non_fips = ( + { + name => "TLS 1.3 ECDSA with brainpool", + server => { +- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), +- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), ++ "Certificate" => test_pem("server-ecdsa-cert.pem"), ++ "PrivateKey" => test_pem("server-ecdsa-key.pem"), + }, + client => { + "RequestCAFile" => test_pem("root-cert.pem"), +@@ -924,7 +924,7 @@ my @tests_tls_1_3_non_fips = ( + "MaxProtocol" => "TLSv1.3" + }, + test => { +- "ExpectedResult" => "ServerFail" ++ "ExpectedResult" => "Success" + }, + }, + ); +diff -up openssl-3.0.0-alpha13/test/evp_extra_test.c.ec-curves openssl-3.0.0-alpha13/test/evp_extra_test.c +--- openssl-3.0.0-alpha13/test/evp_extra_test.c.ec-curves 2021-04-10 13:49:53.381742691 +0200 ++++ openssl-3.0.0-alpha13/test/evp_extra_test.c 2021-04-10 13:56:11.742776705 +0200 +@@ -2414,13 +2414,13 @@ err: + } + + #ifndef OPENSSL_NO_EC +-static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1, ++static int ecpub_nids[] = {NID_X9_62_prime256v1, + NID_secp384r1, NID_secp521r1, + #ifndef OPENSSL_NO_EC2M + NID_sect233k1, NID_sect233r1, NID_sect283r1, + NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, + #endif +- NID_brainpoolP384r1, NID_brainpoolP512r1}; ++ }; + + static int test_ecpub(int idx) + { +diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t +--- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves 2021-04-10 14:00:22.482782216 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t 2021-04-10 14:08:50.769727651 +0200 +@@ -158,60 +158,6 @@ sub tsignverify { + $testtext); + } + +-SKIP : { +- skip "FIPS EC tests because of no ec in this build", 1 +- if disabled("ec"); +- +- subtest EC => sub { +- my $testtext_prefix = 'EC'; +- my $a_fips_curve = 'prime256v1'; +- my $fips_key = $testtext_prefix.'.fips.priv.pem'; +- my $fips_pub_key = $testtext_prefix.'.fips.pub.pem'; +- my $a_nonfips_curve = 'brainpoolP256r1'; +- my $nonfips_key = $testtext_prefix.'.nonfips.priv.pem'; +- my $nonfips_pub_key = $testtext_prefix.'.nonfips.pub.pem'; +- my $testtext = ''; +- my $curvename = ''; +- +- plan tests => 5 + $tsignverify_count; +- +- $ENV{OPENSSL_CONF} = $defaultconf; +- $curvename = $a_nonfips_curve; +- $testtext = $testtext_prefix.': '. +- 'Generate a key with a non-FIPS algorithm with the default provider'; +- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC', +- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, +- '-out', $nonfips_key])), +- $testtext); +- +- pubfrompriv($testtext_prefix, $nonfips_key, $nonfips_pub_key, "non-FIPS"); +- +- $ENV{OPENSSL_CONF} = $fipsconf; +- +- $curvename = $a_fips_curve; +- $testtext = $testtext_prefix.': '. +- 'Generate a key with a FIPS algorithm'; +- ok(run(app(['openssl', 'genpkey', '-algorithm', 'EC', +- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, +- '-out', $fips_key])), +- $testtext); +- +- pubfrompriv($testtext_prefix, $fips_key, $fips_pub_key, "FIPS"); +- +- $curvename = $a_nonfips_curve; +- $testtext = $testtext_prefix.': '. +- 'Generate a key with a non-FIPS algorithm'. +- ' (should fail)'; +- ok(!run(app(['openssl', 'genpkey', '-algorithm', 'EC', +- '-pkeyopt', 'ec_paramgen_curve:'.$curvename, +- '-out', $testtext_prefix.'.'.$curvename.'.priv.pem'])), +- $testtext); +- +- tsignverify($testtext_prefix, $fips_key, $fips_pub_key, $nonfips_key, +- $nonfips_pub_key); +- }; +-} +- + SKIP: { + skip "FIPS RSA tests because of no rsa in this build", 1 + if disabled("rsa"); +diff -up openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t +--- openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t.ec-curves 2021-04-10 14:23:09.805468483 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/20-test_cli_fips.t 2021-04-10 14:23:33.002784265 +0200 +@@ -26,7 +26,7 @@ use platform; + my $no_check = disabled("fips") || disabled('fips-securitychecks'); + plan skip_all => "Test only supported in a fips build with security checks" + if $no_check; +-plan tests => 11; ++plan tests => 10; + + my $fipsmodule = bldtop_file('providers', platform->dso('fips')); + my $fipsconf = srctop_file("test", "fips-and-base.cnf"); +diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf +--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.ec-curves 2021-04-10 17:52:46.478721611 +0200 ++++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf 2021-04-10 17:54:11.371688446 +0200 +@@ -1710,20 +1710,18 @@ server = 52-TLS 1.3 ECDSA with brainpool + client = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-client + + [52-TLS 1.3 ECDSA with brainpool but no suitable groups-server] +-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem ++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem + CipherString = DEFAULT +-Groups = brainpoolP256r1 +-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem ++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem + + [52-TLS 1.3 ECDSA with brainpool but no suitable groups-client] + CipherString = aECDSA +-Groups = brainpoolP256r1 + RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + + [test-52] +-ExpectedResult = ClientFail ++ExpectedResult = Success + + + # =========================================================== +diff -up openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in +--- openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in.ec-curves 2021-04-10 17:53:03.317913390 +0200 ++++ openssl-3.0.0-alpha13/test/ssl-tests/20-cert-select.cnf.in 2021-04-10 17:55:22.507498606 +0200 +@@ -896,20 +896,20 @@ my @tests_tls_1_3_non_fips = ( + { + name => "TLS 1.3 ECDSA with brainpool but no suitable groups", + server => { +- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), +- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), +- "Groups" => "brainpoolP256r1", ++ "Certificate" => test_pem("server-ecdsa-cert.pem"), ++ "PrivateKey" => test_pem("server-ecdsa-key.pem"), ++ #"Groups" => "brainpoolP256r1", + }, + client => { + "CipherString" => "aECDSA", + "RequestCAFile" => test_pem("root-cert.pem"), +- "Groups" => "brainpoolP256r1", ++ #"Groups" => "brainpoolP256r1", + }, + test => { + #We only configured brainpoolP256r1 on the client side, but TLSv1.3 + #is enabled and this group is not allowed in TLSv1.3. Therefore this + #should fail +- "ExpectedResult" => "ClientFail" ++ "ExpectedResult" => "Success" + }, + }, + { +diff -up openssl-3.0.0-alpha13/crypto/evp/ec_support.c.ec-curves openssl-3.0.0-alpha13/crypto/evp/ec_support.c +--- openssl-3.0.0-alpha13/crypto/evp/ec_support.c.ec-curves 2021-04-11 11:13:14.236891844 +0200 ++++ openssl-3.0.0-alpha13/crypto/evp/ec_support.c 2021-04-11 11:12:05.128098714 +0200 +@@ -20,99 +20,13 @@ typedef struct ec_name2nid_st { + static const EC_NAME2NID curve_list[] = { + /* prime field curves */ + /* secg curves */ +- {"secp112r1", NID_secp112r1 }, +- {"secp112r2", NID_secp112r2 }, +- {"secp128r1", NID_secp128r1 }, +- {"secp128r2", NID_secp128r2 }, +- {"secp160k1", NID_secp160k1 }, +- {"secp160r1", NID_secp160r1 }, +- {"secp160r2", NID_secp160r2 }, +- {"secp192k1", NID_secp192k1 }, + {"secp224k1", NID_secp224k1 }, + {"secp224r1", NID_secp224r1 }, + {"secp256k1", NID_secp256k1 }, + {"secp384r1", NID_secp384r1 }, + {"secp521r1", NID_secp521r1 }, + /* X9.62 curves */ +- {"prime192v1", NID_X9_62_prime192v1 }, +- {"prime192v2", NID_X9_62_prime192v2 }, +- {"prime192v3", NID_X9_62_prime192v3 }, +- {"prime239v1", NID_X9_62_prime239v1 }, +- {"prime239v2", NID_X9_62_prime239v2 }, +- {"prime239v3", NID_X9_62_prime239v3 }, + {"prime256v1", NID_X9_62_prime256v1 }, +- /* characteristic two field curves */ +- /* NIST/SECG curves */ +- {"sect113r1", NID_sect113r1 }, +- {"sect113r2", NID_sect113r2 }, +- {"sect131r1", NID_sect131r1 }, +- {"sect131r2", NID_sect131r2 }, +- {"sect163k1", NID_sect163k1 }, +- {"sect163r1", NID_sect163r1 }, +- {"sect163r2", NID_sect163r2 }, +- {"sect193r1", NID_sect193r1 }, +- {"sect193r2", NID_sect193r2 }, +- {"sect233k1", NID_sect233k1 }, +- {"sect233r1", NID_sect233r1 }, +- {"sect239k1", NID_sect239k1 }, +- {"sect283k1", NID_sect283k1 }, +- {"sect283r1", NID_sect283r1 }, +- {"sect409k1", NID_sect409k1 }, +- {"sect409r1", NID_sect409r1 }, +- {"sect571k1", NID_sect571k1 }, +- {"sect571r1", NID_sect571r1 }, +- /* X9.62 curves */ +- {"c2pnb163v1", NID_X9_62_c2pnb163v1 }, +- {"c2pnb163v2", NID_X9_62_c2pnb163v2 }, +- {"c2pnb163v3", NID_X9_62_c2pnb163v3 }, +- {"c2pnb176v1", NID_X9_62_c2pnb176v1 }, +- {"c2tnb191v1", NID_X9_62_c2tnb191v1 }, +- {"c2tnb191v2", NID_X9_62_c2tnb191v2 }, +- {"c2tnb191v3", NID_X9_62_c2tnb191v3 }, +- {"c2pnb208w1", NID_X9_62_c2pnb208w1 }, +- {"c2tnb239v1", NID_X9_62_c2tnb239v1 }, +- {"c2tnb239v2", NID_X9_62_c2tnb239v2 }, +- {"c2tnb239v3", NID_X9_62_c2tnb239v3 }, +- {"c2pnb272w1", NID_X9_62_c2pnb272w1 }, +- {"c2pnb304w1", NID_X9_62_c2pnb304w1 }, +- {"c2tnb359v1", NID_X9_62_c2tnb359v1 }, +- {"c2pnb368w1", NID_X9_62_c2pnb368w1 }, +- {"c2tnb431r1", NID_X9_62_c2tnb431r1 }, +- /* +- * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves +- * from X9.62] +- */ +- {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 }, +- {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 }, +- {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 }, +- {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 }, +- {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 }, +- {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 }, +- {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 }, +- {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 }, +- {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 }, +- {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 }, +- {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 }, +- /* IPSec curves */ +- {"Oakley-EC2N-3", NID_ipsec3 }, +- {"Oakley-EC2N-4", NID_ipsec4 }, +- /* brainpool curves */ +- {"brainpoolP160r1", NID_brainpoolP160r1 }, +- {"brainpoolP160t1", NID_brainpoolP160t1 }, +- {"brainpoolP192r1", NID_brainpoolP192r1 }, +- {"brainpoolP192t1", NID_brainpoolP192t1 }, +- {"brainpoolP224r1", NID_brainpoolP224r1 }, +- {"brainpoolP224t1", NID_brainpoolP224t1 }, +- {"brainpoolP256r1", NID_brainpoolP256r1 }, +- {"brainpoolP256t1", NID_brainpoolP256t1 }, +- {"brainpoolP320r1", NID_brainpoolP320r1 }, +- {"brainpoolP320t1", NID_brainpoolP320t1 }, +- {"brainpoolP384r1", NID_brainpoolP384r1 }, +- {"brainpoolP384t1", NID_brainpoolP384t1 }, +- {"brainpoolP512r1", NID_brainpoolP512r1 }, +- {"brainpoolP512t1", NID_brainpoolP512t1 }, +- /* SM2 curve */ +- {"SM2", NID_sm2 }, + }; + + const char *ossl_ec_curve_nid2name(int nid) +diff -up openssl-3.0.0-alpha13/test/acvp_test.inc.ec-curves openssl-3.0.0-alpha13/test/acvp_test.inc +--- openssl-3.0.0-alpha13/test/acvp_test.inc.ec-curves 2021-04-11 13:46:57.286828933 +0200 ++++ openssl-3.0.0-alpha13/test/acvp_test.inc 2021-04-11 13:48:01.356704526 +0200 +@@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_ + }; + static const struct ecdsa_sigver_st ecdsa_sigver_data[] = { + { +- "SHA-1", +- "P-192", +- ITM(ecdsa_sigver_msg0), +- ITM(ecdsa_sigver_pub0), +- ITM(ecdsa_sigver_r0), +- ITM(ecdsa_sigver_s0), +- PASS, +- }, +- { + "SHA2-512", + "P-521", + ITM(ecdsa_sigver_msg1), +diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t.ec-curves openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t +--- openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t.ec-curves 2021-04-11 21:45:04.949948725 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/65-test_cmp_protect.t 2021-04-11 21:44:09.585283604 +0200 +@@ -7,7 +7,6 @@ + # this file except in compliance with the License. You can obtain a copy + # in the file LICENSE in the source distribution or at + # https://www.openssl.org/source/license.html +- + use strict; + use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/; + use OpenSSL::Test::Utils; +@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo + plan skip_all => "This test is not supported in a shared library build on Windows" + if $^O eq 'MSWin32' && !disabled("shared"); + +-plan tests => 2 + ($no_fips ? 0 : 1); #fips test ++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test + + my @basic_cmd = ("cmp_protect_test", + data_file("server.pem"), +diff -up openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t +--- openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t.ec-curves 2021-04-11 21:45:25.414194574 +0200 ++++ openssl-3.0.0-alpha13/test/recipes/65-test_cmp_vfy.t 2021-04-11 21:44:40.786658440 +0200 +@@ -7,7 +7,6 @@ + # this file except in compliance with the License. You can obtain a copy + # in the file LICENSE in the source distribution or at + # https://www.openssl.org/source/license.html +- + use strict; + use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/; + use OpenSSL::Test::Utils; +@@ -27,7 +26,7 @@ plan skip_all => "This test is not suppo + plan skip_all => "This test is not supported in a no-ec build" + if disabled("ec"); + +-plan tests => 2 + ($no_fips ? 0 : 1); #fips test ++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test + + my @basic_cmd = ("cmp_vfy_test", + data_file("server.crt"), data_file("client.crt"), diff --git a/README.FIPS b/README.FIPS deleted file mode 100644 index a36c547..0000000 --- a/README.FIPS +++ /dev/null @@ -1,72 +0,0 @@ -User guide for the FIPS Red Hat Enterprise Linux - OpenSSL Module -================================================================= - -This package contains libraries which comprise the FIPS 140-2 -Red Hat Enterprise Linux - OPENSSL Module. - -The module files -================ -/usr/lib[64]/libcrypto.so.1.1.0 -/usr/lib[64]/libssl.so.1.1.0 -/usr/lib[64]/.libcrypto.so.1.1.0.hmac -/usr/lib[64]/.libssl.so.1.1.0.hmac - -Dependencies -============ - -The approved mode of operation requires kernel with /dev/urandom RNG running -with properties as defined in the security policy of the module. This is -provided by kernel packages with validated Red Hat Enterprise Linux Kernel -Crytographic Module. - -Installation -============ - -The RPM package of the module can be installed by standard tools recommended -for installation of RPM packages on the Red Hat Enterprise Linux system (yum, -rpm, RHN remote management tool). - -The RPM package dracut-fips must be installed for the approved mode of -operation. - -Usage and API -============= - -The module respects kernel command line FIPS setting. If the kernel command -line contains option fips=1 the module will initialize in the FIPS approved -mode of operation automatically. To allow for the automatic initialization the -application using the module has to call one of the following API calls: - -- void OPENSSL_init_library(void) - this will do only a basic initialization -of the library and does initialization of the FIPS approved mode without setting -up EVP API with supported algorithms. - -- void OPENSSL_add_all_algorithms(void) - this API function calls -OPENSSL_init() implicitly and also adds all approved algorithms to the EVP API -in the approved mode - -- void SSL_library_init(void) - it calls OPENSSL_init() implicitly and also -adds algorithms which are necessary for TLS protocol support and initializes -the SSL library. - -To explicitely put the library to the approved mode the application can call -the following function: - -- int FIPS_mode_set(int on) - if called with 1 as a parameter it will switch -the library from the non-approved to the approved mode. If any of the selftests -and integrity verification tests fail, the library is put into the error state -and 0 is returned. If they succeed the return value is 1. - -To query the module whether it is in the approved mode or not: - -- int FIPS_mode(void) - returns 1 if the module is in the approved mode, -0 otherwise. - -To query whether the module is in the error state: - -- int FIPS_selftest_failed(void) - returns 1 if the module is in the error -state, 0 otherwise. - -To zeroize the FIPS RNG key and internal state the application calls: - -- void RAND_cleanup(void) diff --git a/opensslconf-new-warning.h b/configuration-prefix.h similarity index 80% rename from opensslconf-new-warning.h rename to configuration-prefix.h index de091c8..13b6e23 100644 --- a/opensslconf-new-warning.h +++ b/configuration-prefix.h @@ -1,7 +1,7 @@ /* Prepended at openssl package build-time. Don't include this file directly, * use instead. */ -#ifndef openssl_opensslconf_multilib_redirection_h +#ifndef openssl_conf_multilib_redirection_h #error "Don't include this file directly, use instead!" #endif diff --git a/configuration-switch.h b/configuration-switch.h new file mode 100644 index 0000000..1c4d238 --- /dev/null +++ b/configuration-switch.h @@ -0,0 +1,47 @@ +/* This file is here to prevent a file conflict on multiarch systems. A + * conflict will frequently occur because arch-specific build-time + * configuration options are stored (and used, so they can't just be stripped + * out) in configuration.h. The original configuration.h has been renamed. + * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */ + +#ifdef openssl_conf_multilib_redirection_h +#error "Do not define openssl_conf_multilib_redirection_h!" +#endif +#define openssl_conf_multilib_redirection_h + +#if defined(__i386__) +#include "configuration-i386.h" +#elif defined(__ia64__) +#include "configuration-ia64.h" +#elif defined(__mips64) && defined(__MIPSEL__) +#include "configuration-mips64el.h" +#elif defined(__mips64) +#include "configuration-mips64.h" +#elif defined(__mips) && defined(__MIPSEL__) +#include "configuration-mipsel.h" +#elif defined(__mips) +#include "configuration-mips.h" +#elif defined(__powerpc64__) +#include +#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +#include "configuration-ppc64.h" +#else +#include "configuration-ppc64le.h" +#endif +#elif defined(__powerpc__) +#include "configuration-ppc.h" +#elif defined(__s390x__) +#include "configuration-s390x.h" +#elif defined(__s390__) +#include "configuration-s390.h" +#elif defined(__sparc__) && defined(__arch64__) +#include "configuration-sparc64.h" +#elif defined(__sparc__) +#include "configuration-sparc.h" +#elif defined(__x86_64__) +#include "configuration-x86_64.h" +#else +#error "The openssl-devel package does not work your architecture?" +#endif + +#undef openssl_conf_multilib_redirection_h diff --git a/ec_curve.c b/ec_curve.c index 9171ed4..64ac40b 100644 --- a/ec_curve.c +++ b/ec_curve.c @@ -1,17 +1,24 @@ /* - * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ +/* + * ECDSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include "ec_local.h" #include #include +#include #include #include "internal/nelem.h" @@ -242,43 +249,115 @@ typedef struct _ec_list_element_st { const char *comment; } ec_list_element; +#ifdef FIPS_MODULE static const ec_list_element curve_list[] = { /* prime field curves */ /* secg curves */ -#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 - {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, + {NID_secp224r1, &_EC_NIST_PRIME_224.h, +# if !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp224_method, +# else + 0, +# endif "NIST/SECG curve over a 224 bit prime field"}, + /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ + {NID_secp384r1, &_EC_NIST_PRIME_384.h, +# if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp384_method, +# else + 0, +# endif + "NIST/SECG curve over a 384 bit prime field"}, + + {NID_secp521r1, &_EC_NIST_PRIME_521.h, +# if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp521_method, +# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp521_method, +# else + 0, +# endif + "NIST/SECG curve over a 521 bit prime field"}, + + /* X9.62 curves */ + {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, +# if defined(ECP_NISTZ256_ASM) + EC_GFp_nistz256_method, +# elif defined(S390X_EC_ASM) + EC_GFp_s390x_nistp256_method, +# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp256_method, +# else + 0, +# endif + "X9.62/SECG curve over a 256 bit prime field"}, +}; + #else + +static const ec_list_element curve_list[] = { + /* prime field curves */ + /* secg curves */ +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, + "NIST/SECG curve over a 224 bit prime field"}, +# else {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, "NIST/SECG curve over a 224 bit prime field"}, -#endif +# endif {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, "SECG curve over a 256 bit prime field"}, /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ - {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, + {NID_secp384r1, &_EC_NIST_PRIME_384.h, +# if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp384_method, +# else + 0, +# endif "NIST/SECG curve over a 384 bit prime field"}, -#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 - {NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method, - "NIST/SECG curve over a 521 bit prime field"}, -#else - {NID_secp521r1, &_EC_NIST_PRIME_521.h, 0, + {NID_secp521r1, &_EC_NIST_PRIME_521.h, +# if defined(S390X_EC_ASM) + EC_GFp_s390x_nistp521_method, +# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp521_method, +# else + 0, +# endif "NIST/SECG curve over a 521 bit prime field"}, -#endif /* X9.62 curves */ {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, -#if defined(ECP_NISTZ256_ASM) +# if defined(ECP_NISTZ256_ASM) EC_GFp_nistz256_method, -#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) +# elif defined(S390X_EC_ASM) + EC_GFp_s390x_nistp256_method, +# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) EC_GFp_nistp256_method, -#else +# else 0, -#endif +# endif "X9.62/SECG curve over a 256 bit prime field"}, }; +#endif /* FIPS_MODULE */ #define curve_list_length OSSL_NELEM(curve_list) -static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) +static const ec_list_element *ec_curve_nid2curve(int nid) +{ + size_t i; + + if (nid <= 0) + return NULL; + + for (i = 0; i < curve_list_length; i++) { + if (curve_list[i].nid == nid) + return &curve_list[i]; + } + return NULL; +} + +static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx, + const char *propq, + const ec_list_element curve) { EC_GROUP *group = NULL; EC_POINT *P = NULL; @@ -293,10 +372,11 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) /* If no curve data curve method must handle everything */ if (curve.data == NULL) - return EC_GROUP_new(curve.meth != NULL ? curve.meth() : NULL); + return ossl_ec_group_new_ex(libctx, propq, + curve.meth != NULL ? curve.meth() : NULL); - if ((ctx = BN_CTX_new()) == NULL) { - ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); + if ((ctx = BN_CTX_new_ex(libctx)) == NULL) { + ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); goto err; } @@ -309,20 +389,20 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) { - ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); + ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); goto err; } if (curve.meth != 0) { meth = curve.meth(); - if (((group = EC_GROUP_new(meth)) == NULL) || + if (((group = ossl_ec_group_new_ex(libctx, propq, meth)) == NULL) || (!(group->meth->group_set_curve(group, p, a, b, ctx)))) { - ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); goto err; } } else if (data->field_type == NID_X9_62_prime_field) { if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { - ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); goto err; } } @@ -331,7 +411,7 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) * NID_X9_62_characteristic_two_field */ if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) { - ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); goto err; } } @@ -340,31 +420,31 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) EC_GROUP_set_curve_name(group, curve.nid); if ((P = EC_POINT_new(group)) == NULL) { - ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); goto err; } if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) { - ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); + ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); goto err; } if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) { - ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); goto err; } if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL || !BN_set_word(x, (BN_ULONG)data->cofactor)) { - ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); + ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); goto err; } if (!EC_GROUP_set_generator(group, P, order, x)) { - ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); goto err; } if (seed_len) { if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) { - ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); goto err; } } @@ -385,28 +465,33 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) return group; } -EC_GROUP *EC_GROUP_new_by_curve_name(int nid) +EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq, + int nid) { - size_t i; EC_GROUP *ret = NULL; + const ec_list_element *curve; - if (nid <= 0) - return NULL; - - for (i = 0; i < curve_list_length; i++) - if (curve_list[i].nid == nid) { - ret = ec_group_new_from_data(curve_list[i]); - break; - } - - if (ret == NULL) { - ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP); + if ((curve = ec_curve_nid2curve(nid)) == NULL + || (ret = ec_group_new_from_data(libctx, propq, *curve)) == NULL) { +#ifndef FIPS_MODULE + ERR_raise_data(ERR_LIB_EC, EC_R_UNKNOWN_GROUP, + "name=%s", OBJ_nid2sn(nid)); +#else + ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP); +#endif return NULL; } return ret; } +#ifndef FIPS_MODULE +EC_GROUP *EC_GROUP_new_by_curve_name(int nid) +{ + return EC_GROUP_new_by_curve_name_ex(NULL, NULL, nid); +} +#endif + size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) { size_t i, min; @@ -424,49 +509,14 @@ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) return curve_list_length; } -/* Functions to translate between common NIST curve names and NIDs */ - -typedef struct { - const char *name; /* NIST Name of curve */ - int nid; /* Curve NID */ -} EC_NIST_NAME; - -static EC_NIST_NAME nist_curves[] = { - {"B-163", NID_sect163r2}, - {"B-233", NID_sect233r1}, - {"B-283", NID_sect283r1}, - {"B-409", NID_sect409r1}, - {"B-571", NID_sect571r1}, - {"K-163", NID_sect163k1}, - {"K-233", NID_sect233k1}, - {"K-283", NID_sect283k1}, - {"K-409", NID_sect409k1}, - {"K-571", NID_sect571k1}, - {"P-192", NID_X9_62_prime192v1}, - {"P-224", NID_secp224r1}, - {"P-256", NID_X9_62_prime256v1}, - {"P-384", NID_secp384r1}, - {"P-521", NID_secp521r1} -}; - const char *EC_curve_nid2nist(int nid) { - size_t i; - for (i = 0; i < OSSL_NELEM(nist_curves); i++) { - if (nist_curves[i].nid == nid) - return nist_curves[i].name; - } - return NULL; + return ossl_ec_curve_nid2nist_int(nid); } int EC_curve_nist2nid(const char *name) { - size_t i; - for (i = 0; i < OSSL_NELEM(nist_curves); i++) { - if (strcmp(nist_curves[i].name, name) == 0) - return nist_curves[i].nid; - } - return NID_undef; + return ossl_ec_curve_nist2nid_int(name); } #define NUM_BN_FIELDS 6 @@ -478,7 +528,7 @@ int EC_curve_nist2nid(const char *name) * Returns: The nid associated with the found named curve, or NID_undef * if not found. If there was an error it returns -1. */ -int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx) +int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx) { int ret = -1, nid, len, field_type, param_len; size_t i, seed_len; @@ -486,17 +536,13 @@ int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx) unsigned char *param_bytes = NULL; const EC_CURVE_DATA *data; const EC_POINT *generator = NULL; - const EC_METHOD *meth; const BIGNUM *cofactor = NULL; /* An array of BIGNUMs for (p, a, b, x, y, order) */ BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL}; - meth = EC_GROUP_method_of(group); - if (meth == NULL) - return -1; /* Use the optional named curve nid as a search field */ nid = EC_GROUP_get_curve_name(group); - field_type = EC_METHOD_get_field_type(meth); + field_type = EC_GROUP_get_field_type(group); seed_len = EC_GROUP_get_seed_len(group); seed = EC_GROUP_get0_seed(group); cofactor = EC_GROUP_get0_cofactor(group); diff --git a/ectest.c b/ectest.c index e4fd45b..8e64f36 100644 --- a/ectest.c +++ b/ectest.c @@ -1,27 +1,36 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ +/* + * EC_KEY low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + +#include #include "internal/nelem.h" #include "testutil.h" -#ifndef OPENSSL_NO_EC -# include -# ifndef OPENSSL_NO_ENGINE -# include -# endif -# include -# include -# include -# include -# include -# include +#include +#ifndef OPENSSL_NO_ENGINE +# include +#endif +#include +#include +#include +#include +#include +#include +#include "openssl/core_names.h" +#include "openssl/param_build.h" +#include "openssl/evp.h" static size_t crv_len = 0; static EC_builtin_curve *curves = NULL; @@ -49,7 +58,9 @@ static int group_order_tests(EC_GROUP *group) if (!TEST_true(EC_GROUP_get_order(group, order, ctx)) || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) || !TEST_true(EC_POINT_is_at_infinity(group, Q)) +#ifndef OPENSSL_NO_DEPRECATED_3_0 || !TEST_true(EC_GROUP_precompute_mult(group, ctx)) +#endif || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) || !TEST_true(EC_POINT_is_at_infinity(group, Q)) || !TEST_true(EC_POINT_copy(P, G)) @@ -63,8 +74,10 @@ static int group_order_tests(EC_GROUP *group) goto err; for (i = 1; i <= 2; i++) { +#ifndef OPENSSL_NO_DEPRECATED_3_0 const BIGNUM *scalars[6]; const EC_POINT *points[6]; +#endif if (!TEST_true(BN_set_word(n1, i)) /* @@ -96,11 +109,11 @@ static int group_order_tests(EC_GROUP *group) /* Add P to verify the result. */ || !TEST_true(EC_POINT_add(group, Q, Q, P, ctx)) || !TEST_true(EC_POINT_is_at_infinity(group, Q)) - - /* Exercise EC_POINTs_mul, including corner cases. */ || !TEST_false(EC_POINT_is_at_infinity(group, P))) goto err; +#ifndef OPENSSL_NO_DEPRECATED_3_0 + /* Exercise EC_POINTs_mul, including corner cases. */ scalars[0] = scalars[1] = BN_value_one(); points[0] = points[1] = P; @@ -124,6 +137,7 @@ static int group_order_tests(EC_GROUP *group) if (!TEST_true(EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) || !TEST_true(EC_POINT_is_at_infinity(group, P))) goto err; +#endif } r = 1; @@ -146,13 +160,13 @@ static int prime_field_tests(void) { BN_CTX *ctx = NULL; BIGNUM *p = NULL, *a = NULL, *b = NULL, *scalar3 = NULL; - EC_GROUP *group = NULL, *tmp = NULL; - EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, - *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; + EC_GROUP *group = NULL; EC_POINT *P = NULL, *Q = NULL, *R = NULL; BIGNUM *x = NULL, *y = NULL, *z = NULL, *yplusone = NULL; +#ifndef OPENSSL_NO_DEPRECATED_3_0 const EC_POINT *points[4]; const BIGNUM *scalars[4]; +#endif unsigned char buf[100]; size_t len, r = 0; int k; @@ -165,13 +179,8 @@ static int prime_field_tests(void) * applications should use EC_GROUP_new_curve_GFp so * that the library gets to choose the EC_METHOD */ - || !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method())) - || !TEST_ptr(tmp = EC_GROUP_new(EC_GROUP_method_of(group))) - || !TEST_true(EC_GROUP_copy(tmp, group))) + || !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method()))) goto err; - EC_GROUP_free(group); - group = tmp; - tmp = NULL; buf[0] = 0; if (!TEST_ptr(P = EC_POINT_new(group)) @@ -187,7 +196,7 @@ static int prime_field_tests(void) if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFF000000000000000000000001")) - || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) || !TEST_true(BN_hex2bn(&b, "B4050A850C04B3ABF5413256" @@ -219,14 +228,12 @@ static int prime_field_tests(void) ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 224) || !group_order_tests(group) - || !TEST_ptr(P_224 = EC_GROUP_new(EC_GROUP_method_of(group))) - || !TEST_true(EC_GROUP_copy(P_224, group)) /* Curve P-256 (FIPS PUB 186-2, App. 6) */ || !TEST_true(BN_hex2bn(&p, "FFFFFFFF000000010000000000000000" "00000000FFFFFFFFFFFFFFFFFFFFFFFF")) - || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) || !TEST_true(BN_hex2bn(&a, "FFFFFFFF000000010000000000000000" "00000000FFFFFFFFFFFFFFFFFFFFFFFC")) || !TEST_true(BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC" @@ -259,15 +266,13 @@ static int prime_field_tests(void) ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 256) || !group_order_tests(group) - || !TEST_ptr(P_256 = EC_GROUP_new(EC_GROUP_method_of(group))) - || !TEST_true(EC_GROUP_copy(P_256, group)) /* Curve P-384 (FIPS PUB 186-2, App. 6) */ || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" "FFFFFFFF0000000000000000FFFFFFFF")) - || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" "FFFFFFFF0000000000000000FFFFFFFC")) @@ -305,8 +310,6 @@ static int prime_field_tests(void) ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 384) || !group_order_tests(group) - || !TEST_ptr(P_384 = EC_GROUP_new(EC_GROUP_method_of(group))) - || !TEST_true(EC_GROUP_copy(P_384, group)) /* Curve P-521 (FIPS PUB 186-2, App. 6) */ || !TEST_true(BN_hex2bn(&p, "1FF" @@ -314,7 +317,7 @@ static int prime_field_tests(void) "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")) - || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) || !TEST_true(BN_hex2bn(&a, "1FF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" @@ -361,8 +364,6 @@ static int prime_field_tests(void) ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 521) || !group_order_tests(group) - || !TEST_ptr(P_521 = EC_GROUP_new(EC_GROUP_method_of(group))) - || !TEST_true(EC_GROUP_copy(P_521, group)) /* more tests using the last curve */ @@ -378,6 +379,9 @@ static int prime_field_tests(void) || !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */ || !TEST_false(EC_POINT_is_at_infinity(group, Q))) goto err; + +#ifndef OPENSSL_NO_DEPRECATED_3_0 + TEST_note("combined multiplication ..."); points[0] = Q; points[1] = Q; points[2] = Q; @@ -388,11 +392,10 @@ static int prime_field_tests(void) || !TEST_BN_even(y) || !TEST_true(BN_rshift1(y, y))) goto err; + scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ scalars[1] = y; - TEST_note("combined multiplication ..."); - /* z is still the group order */ if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) || !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) @@ -423,10 +426,8 @@ static int prime_field_tests(void) if (!TEST_true(EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) || !TEST_true(EC_POINT_is_at_infinity(group, P))) goto err; - +#endif TEST_note(" ok\n"); - - r = 1; err: BN_CTX_free(ctx); @@ -434,7 +435,6 @@ err: BN_free(a); BN_free(b); EC_GROUP_free(group); - EC_GROUP_free(tmp); EC_POINT_free(P); EC_POINT_free(Q); EC_POINT_free(R); @@ -443,11 +443,6 @@ err: BN_free(z); BN_free(yplusone); BN_free(scalar3); - - EC_GROUP_free(P_224); - EC_GROUP_free(P_256); - EC_GROUP_free(P_384); - EC_GROUP_free(P_521); return r; } @@ -484,13 +479,48 @@ static int internal_curve_test_method(int n) return r; } -# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +static int group_field_test(void) +{ + int r = 1; + BIGNUM *secp521r1_field = NULL; + BIGNUM *sect163r2_field = NULL; + EC_GROUP *secp521r1_group = NULL; + EC_GROUP *sect163r2_group = NULL; + + BN_hex2bn(&secp521r1_field, + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFF"); + + + BN_hex2bn(§163r2_field, + "08000000000000000000000000000000" + "00000000C9"); + + secp521r1_group = EC_GROUP_new_by_curve_name(NID_secp521r1); + if (BN_cmp(secp521r1_field, EC_GROUP_get0_field(secp521r1_group))) + r = 0; + + # ifndef OPENSSL_NO_EC2M + sect163r2_group = EC_GROUP_new_by_curve_name(NID_sect163r2); + if (BN_cmp(sect163r2_field, EC_GROUP_get0_field(sect163r2_group))) + r = 0; + # endif + + EC_GROUP_free(secp521r1_group); + EC_GROUP_free(sect163r2_group); + BN_free(secp521r1_field); + BN_free(sect163r2_field); + return r; +} /* - * nistp_test_params contains magic numbers for testing our optimized - * implementations of several NIST curves with characteristic > 3. + * nistp_test_params contains magic numbers for testing + * several NIST curves with characteristic > 3. */ struct nistp_test_params { - const EC_METHOD *(*meth) (void); + const int nid; int degree; /* * Qx, Qy and D are taken from @@ -503,7 +533,7 @@ struct nistp_test_params { static const struct nistp_test_params nistp_tests_params[] = { { /* P-224 */ - EC_GFp_nistp224_method, + NID_secp224r1, 224, /* p */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", @@ -526,7 +556,7 @@ static const struct nistp_test_params nistp_tests_params[] = { }, { /* P-256 */ - EC_GFp_nistp256_method, + NID_X9_62_prime256v1, 256, /* p */ "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", @@ -549,7 +579,7 @@ static const struct nistp_test_params nistp_tests_params[] = { }, { /* P-521 */ - EC_GFp_nistp521_method, + NID_secp521r1, 521, /* p */ "1ff" @@ -613,9 +643,9 @@ static int nistp_single_test(int idx) || !TEST_ptr(order = BN_new()) || !TEST_ptr(yplusone = BN_new()) - || !TEST_ptr(NISTP = EC_GROUP_new(test->meth())) + || !TEST_ptr(NISTP = EC_GROUP_new_by_curve_name(test->nid)) || !TEST_true(BN_hex2bn(&p, test->p)) - || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) || !TEST_true(BN_hex2bn(&a, test->a)) || !TEST_true(BN_hex2bn(&b, test->b)) || !TEST_true(EC_GROUP_set_curve(NISTP, p, a, b, ctx)) @@ -668,16 +698,13 @@ static int nistp_single_test(int idx) /* random point multiplication */ EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - - /* - * We have not performed precomputation so have_precompute mult should be - * false - */ +#ifndef OPENSSL_NO_DEPRECATED_3_0 + /* We have not performed precomp so this should be false */ || !TEST_false(EC_GROUP_have_precompute_mult(NISTP)) - - /* now repeat all tests with precomputation */ + /* now repeat all tests with precomputation */ || !TEST_true(EC_GROUP_precompute_mult(NISTP, ctx)) - || !TEST_true(EC_GROUP_have_precompute_mult(NISTP))) +#endif + ) goto err; /* fixed point multiplication */ @@ -709,7 +736,7 @@ static int nistp_single_test(int idx) || !TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, G, ctx))) goto err; - r = group_order_tests(NISTP); + r = 1; err: EC_GROUP_free(NISTP); EC_POINT_free(G); @@ -729,76 +756,6 @@ err: return r; } -/* - * Tests a point known to cause an incorrect underflow in an old version of - * ecp_nist521.c - */ -static int underflow_test(void) -{ - BN_CTX *ctx = NULL; - EC_GROUP *grp = NULL; - EC_POINT *P = NULL, *Q = NULL, *R = NULL; - BIGNUM *x1 = NULL, *y1 = NULL, *z1 = NULL, *x2 = NULL, *y2 = NULL; - BIGNUM *k = NULL; - int testresult = 0; - const char *x1str = - "1534f0077fffffe87e9adcfe000000000000000000003e05a21d2400002e031b1f4" - "b80000c6fafa4f3c1288798d624a247b5e2ffffffffffffffefe099241900004"; - const char *p521m1 = - "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe"; - - ctx = BN_CTX_new(); - if (!TEST_ptr(ctx)) - return 0; - - BN_CTX_start(ctx); - x1 = BN_CTX_get(ctx); - y1 = BN_CTX_get(ctx); - z1 = BN_CTX_get(ctx); - x2 = BN_CTX_get(ctx); - y2 = BN_CTX_get(ctx); - k = BN_CTX_get(ctx); - if (!TEST_ptr(k)) - goto err; - - grp = EC_GROUP_new_by_curve_name(NID_secp521r1); - P = EC_POINT_new(grp); - Q = EC_POINT_new(grp); - R = EC_POINT_new(grp); - if (!TEST_ptr(grp) || !TEST_ptr(P) || !TEST_ptr(Q) || !TEST_ptr(R)) - goto err; - - if (!TEST_int_gt(BN_hex2bn(&x1, x1str), 0) - || !TEST_int_gt(BN_hex2bn(&y1, p521m1), 0) - || !TEST_int_gt(BN_hex2bn(&z1, p521m1), 0) - || !TEST_int_gt(BN_hex2bn(&k, "02"), 0) - || !TEST_true(EC_POINT_set_Jprojective_coordinates_GFp(grp, P, x1, - y1, z1, ctx)) - || !TEST_true(EC_POINT_mul(grp, Q, NULL, P, k, ctx)) - || !TEST_true(EC_POINT_get_affine_coordinates(grp, Q, x1, y1, ctx)) - || !TEST_true(EC_POINT_dbl(grp, R, P, ctx)) - || !TEST_true(EC_POINT_get_affine_coordinates(grp, R, x2, y2, ctx))) - goto err; - - if (!TEST_int_eq(BN_cmp(x1, x2), 0) - || !TEST_int_eq(BN_cmp(y1, y2), 0)) - goto err; - - testresult = 1; - - err: - BN_CTX_end(ctx); - EC_POINT_free(P); - EC_POINT_free(Q); - EC_POINT_free(R); - EC_GROUP_free(grp); - BN_CTX_free(ctx); - - return testresult; -} -# endif - static const unsigned char p521_named[] = { 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, }; @@ -844,6 +801,261 @@ static const unsigned char p521_explicit[] = { 0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01, }; +/* + * This test validates a named curve's group parameters using + * EC_GROUP_check_named_curve(). It also checks that modifying any of the + * group parameters results in the curve not being valid. + */ +static int check_named_curve_test(int id) +{ + int ret = 0, nid, field_nid, has_seed; + EC_GROUP *group = NULL, *gtest = NULL; + const EC_POINT *group_gen = NULL; + EC_POINT *other_gen = NULL; + BIGNUM *group_p = NULL, *group_a = NULL, *group_b = NULL; + BIGNUM *other_p = NULL, *other_a = NULL, *other_b = NULL; + BIGNUM *group_cofactor = NULL, *other_cofactor = NULL; + BIGNUM *other_order = NULL; + const BIGNUM *group_order = NULL; + BN_CTX *bn_ctx = NULL; + static const unsigned char invalid_seed[] = "THIS IS NOT A VALID SEED"; + static size_t invalid_seed_len = sizeof(invalid_seed); + + /* Do some setup */ + nid = curves[id].nid; + if (!TEST_ptr(bn_ctx = BN_CTX_new()) + || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(gtest = EC_GROUP_dup(group)) + || !TEST_ptr(group_p = BN_new()) + || !TEST_ptr(group_a = BN_new()) + || !TEST_ptr(group_b = BN_new()) + || !TEST_ptr(group_cofactor = BN_new()) + || !TEST_ptr(group_gen = EC_GROUP_get0_generator(group)) + || !TEST_ptr(group_order = EC_GROUP_get0_order(group)) + || !TEST_true(EC_GROUP_get_cofactor(group, group_cofactor, NULL)) + || !TEST_true(EC_GROUP_get_curve(group, group_p, group_a, group_b, NULL)) + || !TEST_ptr(other_gen = EC_POINT_dup(group_gen, group)) + || !TEST_true(EC_POINT_add(group, other_gen, group_gen, group_gen, NULL)) + || !TEST_ptr(other_order = BN_dup(group_order)) + || !TEST_true(BN_add_word(other_order, 1)) + || !TEST_ptr(other_a = BN_dup(group_a)) + || !TEST_true(BN_add_word(other_a, 1)) + || !TEST_ptr(other_b = BN_dup(group_b)) + || !TEST_true(BN_add_word(other_b, 1)) + || !TEST_ptr(other_cofactor = BN_dup(group_cofactor)) + || !TEST_true(BN_add_word(other_cofactor, 1))) + goto err; + + /* Determine if the built-in curve has a seed field set */ + has_seed = (EC_GROUP_get_seed_len(group) > 0); + field_nid = EC_GROUP_get_field_type(group); + if (field_nid == NID_X9_62_characteristic_two_field) { + if (!TEST_ptr(other_p = BN_dup(group_p)) + || !TEST_true(BN_lshift1(other_p, other_p))) + goto err; + } else { + if (!TEST_ptr(other_p = BN_dup(group_p))) + goto err; + /* + * Just choosing any arbitrary prime does not work.. + * Setting p via ec_GFp_nist_group_set_curve() needs the prime to be a + * nist prime. So only select one of these as an alternate prime. + */ + if (!TEST_ptr(BN_copy(other_p, + BN_ucmp(BN_get0_nist_prime_192(), other_p) == 0 ? + BN_get0_nist_prime_256() : + BN_get0_nist_prime_192()))) + goto err; + } + + /* Passes because this is a valid curve */ + if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid) + /* Only NIST curves pass */ + || !TEST_int_eq(EC_GROUP_check_named_curve(group, 1, NULL), + EC_curve_nid2nist(nid) != NULL ? nid : NID_undef)) + goto err; + + /* Fail if the curve name doesn't match the parameters */ + EC_GROUP_set_curve_name(group, nid + 1); + ERR_set_mark(); + if (!TEST_int_le(EC_GROUP_check_named_curve(group, 0, NULL), 0)) + goto err; + ERR_pop_to_mark(); + + /* Restore curve name and ensure it's passing */ + EC_GROUP_set_curve_name(group, nid); + if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid)) + goto err; + + if (!TEST_int_eq(EC_GROUP_set_seed(group, invalid_seed, invalid_seed_len), + invalid_seed_len)) + goto err; + + if (has_seed) { + /* + * If the built-in curve has a seed and we set the seed to another value + * then it will fail the check. + */ + if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), 0)) + goto err; + } else { + /* + * If the built-in curve does not have a seed then setting the seed will + * pass the check (as the seed is optional). + */ + if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid)) + goto err; + } + /* Pass if the seed is unknown (as it is optional) */ + if (!TEST_int_eq(EC_GROUP_set_seed(group, NULL, 0), 1) + || !TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid)) + goto err; + + /* Check that a duped group passes */ + if (!TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid)) + goto err; + + /* check that changing any generator parameter fails */ + if (!TEST_true(EC_GROUP_set_generator(gtest, other_gen, group_order, + group_cofactor)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) + || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, other_order, + group_cofactor)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) + /* The order is not an optional field, so this should fail */ + || !TEST_false(EC_GROUP_set_generator(gtest, group_gen, NULL, + group_cofactor)) + || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, + other_cofactor)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) + /* Check that if the cofactor is not set then it still passes */ + || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, + NULL)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid) + /* check that restoring the generator passes */ + || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, + group_cofactor)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid)) + goto err; + + /* + * check that changing any curve parameter fails + * + * Setting arbitrary p, a or b might fail for some EC_GROUPs + * depending on the internal EC_METHOD implementation, hence run + * these tests conditionally to the success of EC_GROUP_set_curve(). + */ + ERR_set_mark(); + if (EC_GROUP_set_curve(gtest, other_p, group_a, group_b, NULL)) { + if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)) + goto err; + } else { + /* clear the error stack if EC_GROUP_set_curve() failed */ + ERR_pop_to_mark(); + ERR_set_mark(); + } + if (EC_GROUP_set_curve(gtest, group_p, other_a, group_b, NULL)) { + if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)) + goto err; + } else { + /* clear the error stack if EC_GROUP_set_curve() failed */ + ERR_pop_to_mark(); + ERR_set_mark(); + } + if (EC_GROUP_set_curve(gtest, group_p, group_a, other_b, NULL)) { + if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)) + goto err; + } else { + /* clear the error stack if EC_GROUP_set_curve() failed */ + ERR_pop_to_mark(); + ERR_set_mark(); + } + ERR_pop_to_mark(); + + /* Check that restoring the curve parameters passes */ + if (!TEST_true(EC_GROUP_set_curve(gtest, group_p, group_a, group_b, NULL)) + || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid)) + goto err; + + ret = 1; +err: + BN_free(group_p); + BN_free(other_p); + BN_free(group_a); + BN_free(other_a); + BN_free(group_b); + BN_free(other_b); + BN_free(group_cofactor); + BN_free(other_cofactor); + BN_free(other_order); + EC_POINT_free(other_gen); + EC_GROUP_free(gtest); + EC_GROUP_free(group); + BN_CTX_free(bn_ctx); + return ret; +} + +/* + * This checks the lookup capability of EC_GROUP_check_named_curve() + * when the given group was created with explicit parameters. + * + * It is possible to retrieve an alternative alias that does not match + * the original nid in this case. + */ +static int check_named_curve_lookup_test(int id) +{ + int ret = 0, nid, rv = 0; + EC_GROUP *g = NULL , *ga = NULL; + ECPARAMETERS *p = NULL, *pa = NULL; + BN_CTX *ctx = NULL; + + /* Do some setup */ + nid = curves[id].nid; + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(g = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(p = EC_GROUP_get_ecparameters(g, NULL))) + goto err; + + /* replace with group from explicit parameters */ + EC_GROUP_free(g); + if (!TEST_ptr(g = EC_GROUP_new_from_ecparameters(p))) + goto err; + + if (!TEST_int_gt(rv = EC_GROUP_check_named_curve(g, 0, NULL), 0)) + goto err; + if (rv != nid) { + /* + * Found an alias: + * fail if the returned nid is not an alias of the original group. + * + * The comparison here is done by comparing two explicit + * parameter EC_GROUPs with EC_GROUP_cmp(), to ensure the + * comparison happens with unnamed EC_GROUPs using the same + * EC_METHODs. + */ + if (!TEST_ptr(ga = EC_GROUP_new_by_curve_name(rv)) + || !TEST_ptr(pa = EC_GROUP_get_ecparameters(ga, NULL))) + goto err; + + /* replace with group from explicit parameters, then compare */ + EC_GROUP_free(ga); + if (!TEST_ptr(ga = EC_GROUP_new_from_ecparameters(pa)) + || !TEST_int_eq(EC_GROUP_cmp(g, ga, ctx), 0)) + goto err; + } + + ret = 1; + + err: + EC_GROUP_free(g); + EC_GROUP_free(ga); + ECPARAMETERS_free(p); + ECPARAMETERS_free(pa); + BN_CTX_free(ctx); + + return ret; +} + /* * Sometime we cannot compare nids for equality, as the built-in curve table * includes aliases with different names for the same curve. @@ -856,7 +1068,7 @@ int are_ec_nids_compatible(int n1d, int n2d) { int ret = 0; switch (n1d) { -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M case NID_sect113r1: case NID_wap_wsg_idm_ecid_wtls4: ret = (n2d == NID_sect113r1 || n2d == NID_wap_wsg_idm_ecid_wtls4); @@ -878,7 +1090,7 @@ int are_ec_nids_compatible(int n1d, int n2d) ret = (n2d == NID_X9_62_c2pnb163v1 || n2d == NID_wap_wsg_idm_ecid_wtls5); break; -# endif /* OPENSSL_NO_EC2M */ +#endif /* OPENSSL_NO_EC2M */ case NID_secp112r1: case NID_wap_wsg_idm_ecid_wtls6: ret = (n2d == NID_secp112r1 || n2d == NID_wap_wsg_idm_ecid_wtls6); @@ -887,12 +1099,12 @@ int are_ec_nids_compatible(int n1d, int n2d) case NID_wap_wsg_idm_ecid_wtls7: ret = (n2d == NID_secp160r2 || n2d == NID_wap_wsg_idm_ecid_wtls7); break; -# ifdef OPENSSL_NO_EC_NISTP_64_GCC_128 +#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128 case NID_secp224r1: case NID_wap_wsg_idm_ecid_wtls12: ret = (n2d == NID_secp224r1 || n2d == NID_wap_wsg_idm_ecid_wtls12); break; -# else +#else /* * For SEC P-224 we want to ensure that the SECP nid is returned, as * that is associated with a specialized method. @@ -900,7 +1112,7 @@ int are_ec_nids_compatible(int n1d, int n2d) case NID_wap_wsg_idm_ecid_wtls12: ret = (n2d == NID_secp224r1); break; -# endif /* def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ +#endif /* def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ default: ret = (n1d == n2d); @@ -1109,15 +1321,14 @@ err: return ret; } + static int parameter_test(void) { EC_GROUP *group = NULL, *group2 = NULL; ECPARAMETERS *ecparameters = NULL; unsigned char *buf = NULL; int r = 0, len; - - /* must use a curve without a special group method */ - if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp256k1)) + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp384r1)) || !TEST_ptr(ecparameters = EC_GROUP_get_ecparameters(group, NULL)) || !TEST_ptr(group2 = EC_GROUP_new_from_ecparameters(ecparameters)) || !TEST_int_eq(EC_GROUP_cmp(group, group2, NULL), 0)) @@ -1251,7 +1462,7 @@ static int cofactor_range_test(void) */ static int cardinality_test(int n) { - int ret = 0; + int ret = 0, is_binary = 0; int nid = curves[n].nid; BN_CTX *ctx = NULL; EC_GROUP *g1 = NULL, *g2 = NULL; @@ -1262,14 +1473,13 @@ static int cardinality_test(int n) TEST_info("Curve %s cardinality test", OBJ_nid2sn(nid)); if (!TEST_ptr(ctx = BN_CTX_new()) - || !TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid)) - || !TEST_ptr(g2 = EC_GROUP_new(EC_GROUP_method_of(g1)))) { - EC_GROUP_free(g1); - EC_GROUP_free(g2); + || !TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid))) { BN_CTX_free(ctx); return 0; } + is_binary = (EC_GROUP_get_field_type(g1) == NID_X9_62_characteristic_two_field); + BN_CTX_start(ctx); g1_p = BN_CTX_get(ctx); g1_a = BN_CTX_get(ctx); @@ -1287,7 +1497,14 @@ static int cardinality_test(int n) || !TEST_true(BN_copy(g1_order, EC_GROUP_get0_order(g1))) || !TEST_true(EC_GROUP_get_cofactor(g1, g1_cf, ctx)) /* construct g2 manually with g1 parameters */ - || !TEST_true(EC_GROUP_set_curve(g2, g1_p, g1_a, g1_b, ctx)) +#ifndef OPENSSL_NO_EC2M + || !TEST_ptr(g2 = (is_binary) ? + EC_GROUP_new_curve_GF2m(g1_p, g1_a, g1_b, ctx) : + EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx)) +#else + || !TEST_int_eq(0, is_binary) + || !TEST_ptr(g2 = EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx)) +#endif || !TEST_ptr(g2_gen = EC_POINT_new(g2)) || !TEST_true(EC_POINT_set_affine_coordinates(g2, g2_gen, g1_x, g1_y, ctx)) /* pass NULL cofactor: lib should compute it */ @@ -1326,6 +1543,59 @@ static int cardinality_test(int n) return ret; } +static int check_ec_key_field_public_range_test(int id) +{ + int ret = 0, type = 0; + const EC_POINT *pub = NULL; + const EC_GROUP *group = NULL; + const BIGNUM *field = NULL; + BIGNUM *x = NULL, *y = NULL; + EC_KEY *key = NULL; + + if (!TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(key = EC_KEY_new_by_curve_name(curves[id].nid)) + || !TEST_ptr(group = EC_KEY_get0_group(key)) + || !TEST_ptr(field = EC_GROUP_get0_field(group)) + || !TEST_int_gt(EC_KEY_generate_key(key), 0) + || !TEST_int_gt(EC_KEY_check_key(key), 0) + || !TEST_ptr(pub = EC_KEY_get0_public_key(key)) + || !TEST_int_gt(EC_POINT_get_affine_coordinates(group, pub, x, y, + NULL), 0)) + goto err; + + /* + * Make the public point out of range by adding the field (which will still + * be the same point on the curve). The add is different for char2 fields. + */ + type = EC_GROUP_get_field_type(group); +#ifndef OPENSSL_NO_EC2M + if (type == NID_X9_62_characteristic_two_field) { + /* test for binary curves */ + if (!TEST_true(BN_GF2m_add(x, x, field))) + goto err; + } else +#endif + if (type == NID_X9_62_prime_field) { + /* test for prime curves */ + if (!TEST_true(BN_add(x, x, field))) + goto err; + } else { + /* this should never happen */ + TEST_error("Unsupported EC_METHOD field_type"); + goto err; + } + if (!TEST_int_le(EC_KEY_set_public_key_affine_coordinates(key, x, y), 0)) + goto err; + + ret = 1; +err: + BN_free(x); + BN_free(y); + EC_KEY_free(key); + return ret; +} + /* * Helper for ec_point_hex2point_test * @@ -1425,6 +1695,226 @@ static int ec_point_hex2point_test(int id) return ret; } +static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx, + unsigned char *gen, int gen_size) +{ + int ret = 0, i_out; + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *pkeyparam = NULL; + OSSL_PARAM_BLD *bld = NULL; + const char *field_name; + OSSL_PARAM *params = NULL; + const OSSL_PARAM *gettable; + BIGNUM *p, *a, *b; + BIGNUM *p_out = NULL, *a_out = NULL, *b_out = NULL; + BIGNUM *order_out = NULL, *cofactor_out = NULL; + char name[80]; + unsigned char buf[1024]; + size_t buf_len, name_len; +#ifndef OPENSSL_NO_EC2M + unsigned int k1 = 0, k2 = 0, k3 = 0; + const char *basis_name = NULL; +#endif + + p = BN_CTX_get(ctx); + a = BN_CTX_get(ctx); + b = BN_CTX_get(ctx); + + if (!TEST_ptr(b) + || !TEST_ptr(bld = OSSL_PARAM_BLD_new())) + goto err; + + if (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field) { + field_name = SN_X9_62_prime_field; + } else { + field_name = SN_X9_62_characteristic_two_field; +#ifndef OPENSSL_NO_EC2M + if (EC_GROUP_get_basis_type(group) == NID_X9_62_tpBasis) { + basis_name = SN_X9_62_tpBasis; + if (!TEST_true(EC_GROUP_get_trinomial_basis(group, &k1))) + goto err; + } else { + basis_name = SN_X9_62_ppBasis; + if (!TEST_true(EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))) + goto err; + } +#endif /* OPENSSL_NO_EC2M */ + } + if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx)) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, + OSSL_PKEY_PARAM_EC_FIELD_TYPE, field_name, 0)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, p)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))) + goto err; + + if (EC_GROUP_get0_seed(group) != NULL) { + if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, + OSSL_PKEY_PARAM_EC_SEED, EC_GROUP_get0_seed(group), + EC_GROUP_get_seed_len(group)))) + goto err; + } + if (EC_GROUP_get0_cofactor(group) != NULL) { + if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, + EC_GROUP_get0_cofactor(group)))) + goto err; + } + + if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, + OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_size)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_ORDER, + EC_GROUP_get0_order(group)))) + goto err; + + if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) + || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) + || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam, + EVP_PKEY_KEY_PARAMETERS, params), 0)) + goto err; + + /*- Check that all the set values are retrievable -*/ + + /* There should be no match to a group name since the generator changed */ + if (!TEST_false(EVP_PKEY_get_utf8_string_param(pkeyparam, + OSSL_PKEY_PARAM_GROUP_NAME, name, sizeof(name), + &name_len))) + goto err; + + /* The encoding should be explicit as it has no group */ + if (!TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_ENCODING, + name, sizeof(name), &name_len)) + || !TEST_str_eq(name, OSSL_PKEY_EC_ENCODING_EXPLICIT)) + goto err; + + if (!TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_FIELD_TYPE, name, sizeof(name), + &name_len)) + || !TEST_str_eq(name, field_name)) + goto err; + + if (!TEST_true(EVP_PKEY_get_octet_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_GENERATOR, buf, sizeof(buf), &buf_len)) + || !TEST_mem_eq(buf, (int)buf_len, gen, gen_size)) + goto err; + + if (!TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_P, &p_out)) + || !TEST_BN_eq(p_out, p) + || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_A, + &a_out)) + || !TEST_BN_eq(a_out, a) + || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_B, + &b_out)) + || !TEST_BN_eq(b_out, b) + || !TEST_true(EVP_PKEY_get_bn_param(pkeyparam, OSSL_PKEY_PARAM_EC_ORDER, + &order_out)) + || !TEST_BN_eq(order_out, EC_GROUP_get0_order(group))) + goto err; + + if (EC_GROUP_get0_cofactor(group) != NULL) { + if (!TEST_true(EVP_PKEY_get_bn_param(pkeyparam, + OSSL_PKEY_PARAM_EC_COFACTOR, &cofactor_out)) + || !TEST_BN_eq(cofactor_out, EC_GROUP_get0_cofactor(group))) + goto err; + } + if (EC_GROUP_get0_seed(group) != NULL) { + if (!TEST_true(EVP_PKEY_get_octet_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_SEED, buf, sizeof(buf), &buf_len)) + || !TEST_mem_eq(buf, buf_len, EC_GROUP_get0_seed(group), + EC_GROUP_get_seed_len(group))) + goto err; + } + + if (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field) { + /* No extra fields should be set for a prime field */ + if (!TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_M, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out)) + || !TEST_false(EVP_PKEY_get_utf8_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_TYPE, name, sizeof(name), + &name_len))) + goto err; + } else { +#ifndef OPENSSL_NO_EC2M + if (!TEST_true(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_M, &i_out)) + || !TEST_int_eq(EC_GROUP_get_degree(group), i_out) + || !TEST_true(EVP_PKEY_get_utf8_string_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_TYPE, name, sizeof(name), + &name_len)) + || !TEST_str_eq(name, basis_name)) + goto err; + + if (EC_GROUP_get_basis_type(group) == NID_X9_62_tpBasis) { + if (!TEST_true(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) + || !TEST_int_eq(k1, i_out) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) + || !TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out))) + goto err; + } else { + if (!TEST_false(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS, &i_out)) + || !TEST_true(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K1, &i_out)) + || !TEST_int_eq(k1, i_out) + || !TEST_true(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K2, &i_out)) + || !TEST_int_eq(k2, i_out) + || !TEST_true(EVP_PKEY_get_int_param(pkeyparam, + OSSL_PKEY_PARAM_EC_CHAR2_PP_K3, &i_out)) + || !TEST_int_eq(k3, i_out)) + goto err; + } +#endif /* OPENSSL_NO_EC2M */ + } + if (!TEST_ptr(gettable = EVP_PKEY_gettable_params(pkeyparam)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_GROUP_NAME)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_ENCODING)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_FIELD_TYPE)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_P)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_A)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_B)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_GENERATOR)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_ORDER)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_COFACTOR)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_SEED)) +#ifndef OPENSSL_NO_EC2M + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_M)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_TYPE)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_TP_BASIS)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_PP_K1)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_PP_K2)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_CHAR2_PP_K3)) +#endif + ) + goto err; + ret = 1; +err: + BN_free(order_out); + BN_free(cofactor_out); + BN_free(a_out); + BN_free(b_out); + BN_free(p_out); + OSSL_PARAM_BLD_free_params(params); + OSSL_PARAM_BLD_free(bld); + EVP_PKEY_free(pkeyparam); + EVP_PKEY_CTX_free(pctx); + return ret; +} + /* * check the EC_METHOD respects the supplied EC_GROUP_set_generator G */ @@ -1450,7 +1940,7 @@ static int custom_generator_test(int id) /* expected byte length of encoded points */ bsize = (EC_GROUP_get_degree(group) + 7) / 8; - bsize = 2 * bsize + 1; + bsize = 1 + 2 * bsize; /* UNCOMPRESSED_POINT format */ if (!TEST_ptr(k = BN_CTX_get(ctx)) /* fetch a testing scalar k != 0,1 */ @@ -1488,17 +1978,20 @@ static int custom_generator_test(int id) POINT_CONVERSION_UNCOMPRESSED, b2, bsize, ctx), bsize) /* Q1 = kG = k/2 G2 = Q2 should hold */ - || !TEST_int_eq(CRYPTO_memcmp(b1, b2, bsize), 0)) + || !TEST_mem_eq(b1, bsize, b2, bsize)) + goto err; + + if (!do_test_custom_explicit_fromdata(group, ctx, b1, bsize)) goto err; ret = 1; err: - BN_CTX_end(ctx); EC_POINT_free(Q1); EC_POINT_free(Q2); EC_POINT_free(G2); EC_GROUP_free(group); + BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_free(b1); OPENSSL_free(b2); @@ -1506,11 +1999,285 @@ static int custom_generator_test(int id) return ret; } -#endif /* OPENSSL_NO_EC */ +/* + * check creation of curves from explicit params through the public API + */ +static int custom_params_test(int id) +{ + int ret = 0, nid, bsize; + const char *curve_name = NULL; + EC_GROUP *group = NULL, *altgroup = NULL; + EC_POINT *G2 = NULL, *Q1 = NULL, *Q2 = NULL; + const EC_POINT *Q = NULL; + BN_CTX *ctx = NULL; + BIGNUM *k = NULL; + unsigned char *buf1 = NULL, *buf2 = NULL; + const BIGNUM *z = NULL, *cof = NULL, *priv1 = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL; + int is_prime = 0; + EC_KEY *eckey1 = NULL, *eckey2 = NULL; + EVP_PKEY *pkey1 = NULL, *pkey2 = NULL; + EVP_PKEY_CTX *pctx1 = NULL, *pctx2 = NULL; + size_t sslen, t; + unsigned char *pub1 = NULL , *pub2 = NULL; + OSSL_PARAM_BLD *param_bld = NULL; + OSSL_PARAM *params1 = NULL, *params2 = NULL; + + /* Do some setup */ + nid = curves[id].nid; + curve_name = OBJ_nid2sn(nid); + TEST_note("Curve %s", curve_name); + + if (nid == NID_sm2) + return TEST_skip("custom params not supported with SM2"); + + if (!TEST_ptr(ctx = BN_CTX_new())) + return 0; + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) + goto err; + + is_prime = EC_GROUP_get_field_type(group) == NID_X9_62_prime_field; +#ifdef OPENSSL_NO_EC2M + if (!is_prime) { + ret = TEST_skip("binary curves not supported in this build"); + goto err; + } +#endif + + BN_CTX_start(ctx); + if (!TEST_ptr(p = BN_CTX_get(ctx)) + || !TEST_ptr(a = BN_CTX_get(ctx)) + || !TEST_ptr(b = BN_CTX_get(ctx)) + || !TEST_ptr(k = BN_CTX_get(ctx))) + goto err; + + /* expected byte length of encoded points */ + bsize = (EC_GROUP_get_degree(group) + 7) / 8; + bsize = 1 + 2 * bsize; /* UNCOMPRESSED_POINT format */ + + /* extract parameters from built-in curve */ + if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx)) + || !TEST_ptr(G2 = EC_POINT_new(group)) + /* new generator is G2 := 2G */ + || !TEST_true(EC_POINT_dbl(group, G2, + EC_GROUP_get0_generator(group), ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(group, G2, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_ptr(buf1 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, G2, + POINT_CONVERSION_UNCOMPRESSED, + buf1, bsize, ctx), bsize) + || !TEST_ptr(z = EC_GROUP_get0_order(group)) + || !TEST_ptr(cof = EC_GROUP_get0_cofactor(group)) + ) + goto err; + + /* create a new group using same params (but different generator) */ + if (is_prime) { + if (!TEST_ptr(altgroup = EC_GROUP_new_curve_GFp(p, a, b, ctx))) + goto err; + } +#ifndef OPENSSL_NO_EC2M + else { + if (!TEST_ptr(altgroup = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) + goto err; + } +#endif + + /* set 2*G as the generator of altgroup */ + EC_POINT_free(G2); /* discard G2 as it refers to the original group */ + if (!TEST_ptr(G2 = EC_POINT_new(altgroup)) + || !TEST_true(EC_POINT_oct2point(altgroup, G2, buf1, bsize, ctx)) + || !TEST_int_eq(EC_POINT_is_on_curve(altgroup, G2, ctx), 1) + || !TEST_true(EC_GROUP_set_generator(altgroup, G2, z, cof)) + ) + goto err; + + /* verify math checks out */ + if (/* allocate temporary points on group and altgroup */ + !TEST_ptr(Q1 = EC_POINT_new(group)) + || !TEST_ptr(Q2 = EC_POINT_new(altgroup)) + /* fetch a testing scalar k != 0,1 */ + || !TEST_true(BN_rand(k, EC_GROUP_order_bits(group) - 1, + BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + /* make k even */ + || !TEST_true(BN_clear_bit(k, 0)) + /* Q1 := kG on group */ + || !TEST_true(EC_POINT_mul(group, Q1, k, NULL, NULL, ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + buf1, bsize, ctx), bsize) + /* k := k/2 */ + || !TEST_true(BN_rshift1(k, k)) + /* Q2 := k/2 G2 on altgroup */ + || !TEST_true(EC_POINT_mul(altgroup, Q2, k, NULL, NULL, ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q2, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_ptr(buf2 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q2, + POINT_CONVERSION_UNCOMPRESSED, + buf2, bsize, ctx), bsize) + /* Q1 = kG = k/2 G2 = Q2 should hold */ + || !TEST_mem_eq(buf1, bsize, buf2, bsize)) + goto err; + + /* create two `EC_KEY`s on altgroup */ + if (!TEST_ptr(eckey1 = EC_KEY_new()) + || !TEST_true(EC_KEY_set_group(eckey1, altgroup)) + || !TEST_true(EC_KEY_generate_key(eckey1)) + || !TEST_ptr(eckey2 = EC_KEY_new()) + || !TEST_true(EC_KEY_set_group(eckey2, altgroup)) + || !TEST_true(EC_KEY_generate_key(eckey2))) + goto err; + + /* retrieve priv1 for later */ + if (!TEST_ptr(priv1 = EC_KEY_get0_private_key(eckey1))) + goto err; + + /* + * retrieve bytes for pub1 for later + * + * We compute the pub key in the original group as we will later use it to + * define a provider key in the built-in group. + */ + if (!TEST_true(EC_POINT_mul(group, Q1, priv1, NULL, NULL, ctx)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_ptr(pub1 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, + pub1, bsize, ctx), bsize)) + goto err; + + /* retrieve bytes for pub2 for later */ + if (!TEST_ptr(Q = EC_KEY_get0_public_key(eckey2)) + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q, + POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), bsize) + || !TEST_ptr(pub2 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(altgroup, Q, + POINT_CONVERSION_UNCOMPRESSED, + pub2, bsize, ctx), bsize)) + goto err; + + /* create two `EVP_PKEY`s from the `EC_KEY`s */ + if(!TEST_ptr(pkey1 = EVP_PKEY_new()) + || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey1, eckey1), 1)) + goto err; + eckey1 = NULL; /* ownership passed to pkey1 */ + if(!TEST_ptr(pkey2 = EVP_PKEY_new()) + || !TEST_int_eq(EVP_PKEY_assign_EC_KEY(pkey2, eckey2), 1)) + goto err; + eckey2 = NULL; /* ownership passed to pkey2 */ + + /* Compute keyexchange in both directions */ + if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL)) + || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) + || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1) + || !TEST_int_gt(bsize, sslen) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)) + goto err; + if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL)) + || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1) + || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1) + || !TEST_int_gt(bsize, t) + || !TEST_int_le(sslen, t) + || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1)) + goto err; + + /* Both sides should expect the same shared secret */ + if (!TEST_mem_eq(buf1, sslen, buf2, t)) + goto err; + + /* Build parameters for provider-native keys */ + if (!TEST_ptr(param_bld = OSSL_PARAM_BLD_new()) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(param_bld, + OSSL_PKEY_PARAM_GROUP_NAME, + curve_name, 0)) + || !TEST_true(OSSL_PARAM_BLD_push_octet_string(param_bld, + OSSL_PKEY_PARAM_PUB_KEY, + pub1, bsize)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(param_bld, + OSSL_PKEY_PARAM_PRIV_KEY, + priv1)) + || !TEST_ptr(params1 = OSSL_PARAM_BLD_to_param(param_bld))) + goto err; + + OSSL_PARAM_BLD_free(param_bld); + if (!TEST_ptr(param_bld = OSSL_PARAM_BLD_new()) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(param_bld, + OSSL_PKEY_PARAM_GROUP_NAME, + curve_name, 0)) + || !TEST_true(OSSL_PARAM_BLD_push_octet_string(param_bld, + OSSL_PKEY_PARAM_PUB_KEY, + pub2, bsize)) + || !TEST_ptr(params2 = OSSL_PARAM_BLD_to_param(param_bld))) + goto err; + + /* create two new provider-native `EVP_PKEY`s */ + EVP_PKEY_CTX_free(pctx2); + if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) + || !TEST_true(EVP_PKEY_fromdata_init(pctx2)) + || !TEST_true(EVP_PKEY_fromdata(pctx2, &pkey1, EVP_PKEY_KEYPAIR, + params1)) + || !TEST_true(EVP_PKEY_fromdata(pctx2, &pkey2, EVP_PKEY_PUBLIC_KEY, + params2))) + goto err; + + /* compute keyexchange once more using the provider keys */ + EVP_PKEY_CTX_free(pctx1); + if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL)) + || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) + || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &t), 1) + || !TEST_int_gt(bsize, t) + || !TEST_int_le(sslen, t) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &t), 1) + /* compare with previous result */ + || !TEST_mem_eq(buf1, t, buf2, sslen)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + OSSL_PARAM_BLD_free(param_bld); + OSSL_PARAM_BLD_free_params(params1); + OSSL_PARAM_BLD_free_params(params2); + EC_POINT_free(Q1); + EC_POINT_free(Q2); + EC_POINT_free(G2); + EC_GROUP_free(group); + EC_GROUP_free(altgroup); + OPENSSL_free(buf1); + OPENSSL_free(buf2); + OPENSSL_free(pub1); + OPENSSL_free(pub2); + EC_KEY_free(eckey1); + EC_KEY_free(eckey2); + EVP_PKEY_free(pkey1); + EVP_PKEY_free(pkey2); + EVP_PKEY_CTX_free(pctx1); + EVP_PKEY_CTX_free(pctx2); + + return ret; +} int setup_tests(void) { -#ifndef OPENSSL_NO_EC crv_len = EC_get_builtin_curves(NULL, 0); if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len)) || !TEST_true(EC_get_builtin_curves(curves, crv_len))) @@ -1520,27 +2287,25 @@ int setup_tests(void) ADD_TEST(cofactor_range_test); ADD_ALL_TESTS(cardinality_test, crv_len); ADD_TEST(prime_field_tests); -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M ADD_TEST(char2_field_tests); ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests)); -# endif -# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +#endif ADD_ALL_TESTS(nistp_single_test, OSSL_NELEM(nistp_tests_params)); - ADD_TEST(underflow_test); -# endif ADD_ALL_TESTS(internal_curve_test, crv_len); ADD_ALL_TESTS(internal_curve_test_method, crv_len); - + ADD_TEST(group_field_test); + ADD_ALL_TESTS(check_named_curve_test, crv_len); + ADD_ALL_TESTS(check_named_curve_lookup_test, crv_len); + ADD_ALL_TESTS(check_ec_key_field_public_range_test, crv_len); ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len); ADD_ALL_TESTS(ec_point_hex2point_test, crv_len); ADD_ALL_TESTS(custom_generator_test, crv_len); -#endif /* OPENSSL_NO_EC */ + ADD_ALL_TESTS(custom_params_test, crv_len); return 1; } void cleanup_tests(void) { -#ifndef OPENSSL_NO_EC OPENSSL_free(curves); -#endif } diff --git a/fixpatch b/fixpatch deleted file mode 100755 index bf5eb67..0000000 --- a/fixpatch +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -# Fixes patch from upstream tracker view -gawk ' -BEGIN { - dir="" -} -/^Index: openssl\// { - dir = $2 -} -/^(---|\+\+\+)/ { - $2 = dir -} -{ - print -}' diff --git a/genpatches b/genpatches new file mode 100755 index 0000000..60c36a4 --- /dev/null +++ b/genpatches @@ -0,0 +1,26 @@ +#!/bin/bash + +if [ $# -ne 2 ] ; then + echo "Usage:" + echo " $0 " + exit 1 +fi + +git_dir="$1" +base_tag="$2" + +target_dir="$(pwd)" + +pushd "$git_dir" >/dev/null +git format-patch -k -o "$target_dir" "$base_tag" >/dev/null +popd >/dev/null + +echo "# Patches exported from source git" + +i=1 +for p in *.patch ; do + printf "# " + sed '/^Subject:/{s/^Subject: //;p};d' "$p" + printf "Patch%s: %s\n" $i "$p" + i=$(($i + 1)) +done diff --git a/openssl-1.1.1-alpn-cb.patch b/openssl-1.1.1-alpn-cb.patch deleted file mode 100644 index 465f7b8..0000000 --- a/openssl-1.1.1-alpn-cb.patch +++ /dev/null @@ -1,27 +0,0 @@ -commit 9e885a707d604e9528b5491b78fb9c00f41193fc -Author: Tomas Mraz -Date: Thu Mar 26 15:59:00 2020 +0100 - - s_server: Properly indicate ALPN protocol mismatch - - Return SSL_TLSEXT_ERR_ALERT_FATAL from alpn_select_cb so that - an alert is sent to the client on ALPN protocol mismatch. - - Fixes: #2708 - - Reviewed-by: Matt Caswell - (Merged from https://github.com/openssl/openssl/pull/11415) - -diff --git a/apps/s_server.c b/apps/s_server.c -index bcc83e562c..591c6c19c5 100644 ---- a/apps/s_server.c -+++ b/apps/s_server.c -@@ -707,7 +707,7 @@ static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen, - if (SSL_select_next_proto - ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in, - inlen) != OPENSSL_NPN_NEGOTIATED) { -- return SSL_TLSEXT_ERR_NOACK; -+ return SSL_TLSEXT_ERR_ALERT_FATAL; - } - - if (!s_quiet) { diff --git a/openssl-1.1.1-apps-dgst.patch b/openssl-1.1.1-apps-dgst.patch deleted file mode 100644 index 655b6e2..0000000 --- a/openssl-1.1.1-apps-dgst.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssl-1.1.1b/apps/ca.c.dgst openssl-1.1.1b/apps/ca.c ---- openssl-1.1.1b/apps/ca.c.dgst 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/apps/ca.c 2019-03-15 15:53:46.622267688 +0100 -@@ -169,7 +169,7 @@ const OPTIONS ca_options[] = { - {"enddate", OPT_ENDDATE, 's', - "YYMMDDHHMMSSZ cert notAfter (overrides -days)"}, - {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"}, -- {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"}, -+ {"md", OPT_MD, 's', "md to use; see openssl help for list"}, - {"policy", OPT_POLICY, 's', "The CA 'policy' to support"}, - {"keyfile", OPT_KEYFILE, 's', "Private key"}, - {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"}, diff --git a/openssl-1.1.1-arm-update.patch b/openssl-1.1.1-arm-update.patch deleted file mode 100644 index 2b8c549..0000000 --- a/openssl-1.1.1-arm-update.patch +++ /dev/null @@ -1,3706 +0,0 @@ -diff -up openssl-1.1.1i/crypto/aes/asm/aesv8-armx.pl.arm-update openssl-1.1.1i/crypto/aes/asm/aesv8-armx.pl ---- openssl-1.1.1i/crypto/aes/asm/aesv8-armx.pl.arm-update 2020-12-08 14:20:59.000000000 +0100 -+++ openssl-1.1.1i/crypto/aes/asm/aesv8-armx.pl 2020-12-09 10:39:50.645705385 +0100 -@@ -27,44 +27,72 @@ - # CBC encrypt case. On Cortex-A57 parallelizable mode performance - # seems to be limited by sheer amount of NEON instructions... - # -+# April 2019 -+# -+# Key to performance of parallelize-able modes is round instruction -+# interleaving. But which factor to use? There is optimal one for -+# each combination of instruction latency and issue rate, beyond -+# which increasing interleave factor doesn't pay off. While on cons -+# side we have code size increase and resource waste on platforms for -+# which interleave factor is too high. In other words you want it to -+# be just right. So far interleave factor of 3x was serving well all -+# platforms. But for ThunderX2 optimal interleave factor was measured -+# to be 5x... -+# - # Performance in cycles per byte processed with 128-bit key: - # - # CBC enc CBC dec CTR - # Apple A7 2.39 1.20 1.20 --# Cortex-A53 1.32 1.29 1.46 --# Cortex-A57(*) 1.95 0.85 0.93 --# Denver 1.96 0.86 0.80 --# Mongoose 1.33 1.20 1.20 --# Kryo 1.26 0.94 1.00 -+# Cortex-A53 1.32 1.17/1.29(**) 1.36/1.46 -+# Cortex-A57(*) 1.95 0.82/0.85 0.89/0.93 -+# Cortex-A72 1.33 0.85/0.88 0.92/0.96 -+# Denver 1.96 0.65/0.86 0.76/0.80 -+# Mongoose 1.33 1.23/1.20 1.30/1.20 -+# Kryo 1.26 0.87/0.94 1.00/1.00 -+# ThunderX2 5.95 1.25 1.30 - # - # (*) original 3.64/1.34/1.32 results were for r0p0 revision - # and are still same even for updated module; -+# (**) numbers after slash are for 32-bit code, which is 3x- -+# interleaved; - --$flavour = shift; --$output = shift; -+# $output is the last argument if it looks like a file (it has an extension) -+# $flavour is the first argument if it doesn't look like a file -+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -+$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or - ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - --open OUT,"| \"$^X\" $xlate $flavour $output"; -+open OUT,"| \"$^X\" $xlate $flavour \"$output\"" -+ or die "can't call $xlate: $!"; - *STDOUT=*OUT; - - $prefix="aes_v8"; - -+$_byte = ($flavour =~ /win/ ? "DCB" : ".byte"); -+ - $code=<<___; - #include "arm_arch.h" - - #if __ARM_MAX_ARCH__>=7 --.text - ___ --$code.=".arch armv8-a+crypto\n" if ($flavour =~ /64/); -+$code.=".arch armv8-a+crypto\n.text\n" if ($flavour =~ /64/); - $code.=<<___ if ($flavour !~ /64/); - .arch armv7-a // don't confuse not-so-latest binutils with argv8 :-) - .fpu neon -+#ifdef __thumb2__ -+.syntax unified -+.thumb -+# define INST(a,b,c,d) $_byte c,d|0xc,a,b -+#else - .code 32 --#undef __thumb2__ -+# define INST(a,b,c,d) $_byte a,b,c,d -+#endif -+ -+.text - ___ - - # Assembler mnemonics are an eclectic mix of 32- and 64-bit syntax, -@@ -361,6 +389,836 @@ ___ - &gen_block("en"); - &gen_block("de"); - }}} -+ -+# Performance in cycles per byte. -+# Processed with AES-ECB different key size. -+# It shows the value before and after optimization as below: -+# (before/after): -+# -+# AES-128-ECB AES-192-ECB AES-256-ECB -+# Cortex-A57 1.85/0.82 2.16/0.96 2.47/1.10 -+# Cortex-A72 1.64/0.85 1.82/0.99 2.13/1.14 -+ -+# Optimization is implemented by loop unrolling and interleaving. -+# Commonly, we choose the unrolling factor as 5, if the input -+# data size smaller than 5 blocks, but not smaller than 3 blocks, -+# choose 3 as the unrolling factor. -+# If the input data size dsize >= 5*16 bytes, then take 5 blocks -+# as one iteration, every loop the left size lsize -= 5*16. -+# If 5*16 > lsize >= 3*16 bytes, take 3 blocks as one iteration, -+# every loop lsize -=3*16. -+# If lsize < 3*16 bytes, treat them as the tail, interleave the -+# two blocks AES instructions. -+# There is one special case, if the original input data size dsize -+# = 16 bytes, we will treat it seperately to improve the -+# performance: one independent code block without LR, FP load and -+# store, just looks like what the original ECB implementation does. -+ -+{{{ -+my ($inp,$out,$len,$key)=map("x$_",(0..3)); -+my ($enc,$rounds,$cnt,$key_,$step)=("w4","w5","w6","x7","x8"); -+my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$tmp2,$rndlast)=map("q$_",(0..7)); -+ -+my ($dat,$tmp,$rndzero_n_last)=($dat0,$tmp0,$tmp1); -+ -+### q7 last round key -+### q10-q15 q7 Last 7 round keys -+### q8-q9 preloaded round keys except last 7 keys for big size -+### q5, q6, q8-q9 preloaded round keys except last 7 keys for only 16 byte -+ -+{ -+my ($dat2,$in2,$tmp2)=map("q$_",(10,11,9)); -+ -+my ($dat3,$in3,$tmp3); # used only in 64-bit mode -+my ($dat4,$in4,$tmp4); -+if ($flavour =~ /64/) { -+ ($dat2,$dat3,$dat4,$in2,$in3,$in4,$tmp3,$tmp4)=map("q$_",(16..23)); -+} -+ -+$code.=<<___; -+.globl ${prefix}_ecb_encrypt -+.type ${prefix}_ecb_encrypt,%function -+.align 5 -+${prefix}_ecb_encrypt: -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ subs $len,$len,#16 -+ // Original input data size bigger than 16, jump to big size processing. -+ b.ne .Lecb_big_size -+ vld1.8 {$dat0},[$inp] -+ cmp $enc,#0 // en- or decrypting? -+ ldr $rounds,[$key,#240] -+ vld1.32 {q5-q6},[$key],#32 // load key schedule... -+ -+ b.eq .Lecb_small_dec -+ aese $dat0,q5 -+ aesmc $dat0,$dat0 -+ vld1.32 {q8-q9},[$key],#32 // load key schedule... -+ aese $dat0,q6 -+ aesmc $dat0,$dat0 -+ subs $rounds,$rounds,#10 // if rounds==10, jump to aes-128-ecb processing -+ b.eq .Lecb_128_enc -+.Lecb_round_loop: -+ aese $dat0,q8 -+ aesmc $dat0,$dat0 -+ vld1.32 {q8},[$key],#16 // load key schedule... -+ aese $dat0,q9 -+ aesmc $dat0,$dat0 -+ vld1.32 {q9},[$key],#16 // load key schedule... -+ subs $rounds,$rounds,#2 // bias -+ b.gt .Lecb_round_loop -+.Lecb_128_enc: -+ vld1.32 {q10-q11},[$key],#32 // load key schedule... -+ aese $dat0,q8 -+ aesmc $dat0,$dat0 -+ aese $dat0,q9 -+ aesmc $dat0,$dat0 -+ vld1.32 {q12-q13},[$key],#32 // load key schedule... -+ aese $dat0,q10 -+ aesmc $dat0,$dat0 -+ aese $dat0,q11 -+ aesmc $dat0,$dat0 -+ vld1.32 {q14-q15},[$key],#32 // load key schedule... -+ aese $dat0,q12 -+ aesmc $dat0,$dat0 -+ aese $dat0,q13 -+ aesmc $dat0,$dat0 -+ vld1.32 {$rndlast},[$key] -+ aese $dat0,q14 -+ aesmc $dat0,$dat0 -+ aese $dat0,q15 -+ veor $dat0,$dat0,$rndlast -+ vst1.8 {$dat0},[$out] -+ b .Lecb_Final_abort -+.Lecb_small_dec: -+ aesd $dat0,q5 -+ aesimc $dat0,$dat0 -+ vld1.32 {q8-q9},[$key],#32 // load key schedule... -+ aesd $dat0,q6 -+ aesimc $dat0,$dat0 -+ subs $rounds,$rounds,#10 // bias -+ b.eq .Lecb_128_dec -+.Lecb_dec_round_loop: -+ aesd $dat0,q8 -+ aesimc $dat0,$dat0 -+ vld1.32 {q8},[$key],#16 // load key schedule... -+ aesd $dat0,q9 -+ aesimc $dat0,$dat0 -+ vld1.32 {q9},[$key],#16 // load key schedule... -+ subs $rounds,$rounds,#2 // bias -+ b.gt .Lecb_dec_round_loop -+.Lecb_128_dec: -+ vld1.32 {q10-q11},[$key],#32 // load key schedule... -+ aesd $dat0,q8 -+ aesimc $dat0,$dat0 -+ aesd $dat0,q9 -+ aesimc $dat0,$dat0 -+ vld1.32 {q12-q13},[$key],#32 // load key schedule... -+ aesd $dat0,q10 -+ aesimc $dat0,$dat0 -+ aesd $dat0,q11 -+ aesimc $dat0,$dat0 -+ vld1.32 {q14-q15},[$key],#32 // load key schedule... -+ aesd $dat0,q12 -+ aesimc $dat0,$dat0 -+ aesd $dat0,q13 -+ aesimc $dat0,$dat0 -+ vld1.32 {$rndlast},[$key] -+ aesd $dat0,q14 -+ aesimc $dat0,$dat0 -+ aesd $dat0,q15 -+ veor $dat0,$dat0,$rndlast -+ vst1.8 {$dat0},[$out] -+ b .Lecb_Final_abort -+.Lecb_big_size: -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ stp x29,x30,[sp,#-16]! -+ add x29,sp,#0 -+___ -+$code.=<<___ if ($flavour !~ /64/); -+ mov ip,sp -+ stmdb sp!,{r4-r8,lr} -+ vstmdb sp!,{d8-d15} @ ABI specification says so -+ ldmia ip,{r4-r5} @ load remaining args -+ subs $len,$len,#16 -+___ -+$code.=<<___; -+ mov $step,#16 -+ b.lo .Lecb_done -+ cclr $step,eq -+ -+ cmp $enc,#0 // en- or decrypting? -+ ldr $rounds,[$key,#240] -+ and $len,$len,#-16 -+ vld1.8 {$dat},[$inp],$step -+ -+ vld1.32 {q8-q9},[$key] // load key schedule... -+ sub $rounds,$rounds,#6 -+ add $key_,$key,x5,lsl#4 // pointer to last 7 round keys -+ sub $rounds,$rounds,#2 -+ vld1.32 {q10-q11},[$key_],#32 -+ vld1.32 {q12-q13},[$key_],#32 -+ vld1.32 {q14-q15},[$key_],#32 -+ vld1.32 {$rndlast},[$key_] -+ -+ add $key_,$key,#32 -+ mov $cnt,$rounds -+ b.eq .Lecb_dec -+ -+ vld1.8 {$dat1},[$inp],#16 -+ subs $len,$len,#32 // bias -+ add $cnt,$rounds,#2 -+ vorr $in1,$dat1,$dat1 -+ vorr $dat2,$dat1,$dat1 -+ vorr $dat1,$dat,$dat -+ b.lo .Lecb_enc_tail -+ -+ vorr $dat1,$in1,$in1 -+ vld1.8 {$dat2},[$inp],#16 -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ cmp $len,#32 -+ b.lo .Loop3x_ecb_enc -+ -+ vld1.8 {$dat3},[$inp],#16 -+ vld1.8 {$dat4},[$inp],#16 -+ sub $len,$len,#32 // bias -+ mov $cnt,$rounds -+ -+.Loop5x_ecb_enc: -+ aese $dat0,q8 -+ aesmc $dat0,$dat0 -+ aese $dat1,q8 -+ aesmc $dat1,$dat1 -+ aese $dat2,q8 -+ aesmc $dat2,$dat2 -+ aese $dat3,q8 -+ aesmc $dat3,$dat3 -+ aese $dat4,q8 -+ aesmc $dat4,$dat4 -+ vld1.32 {q8},[$key_],#16 -+ subs $cnt,$cnt,#2 -+ aese $dat0,q9 -+ aesmc $dat0,$dat0 -+ aese $dat1,q9 -+ aesmc $dat1,$dat1 -+ aese $dat2,q9 -+ aesmc $dat2,$dat2 -+ aese $dat3,q9 -+ aesmc $dat3,$dat3 -+ aese $dat4,q9 -+ aesmc $dat4,$dat4 -+ vld1.32 {q9},[$key_],#16 -+ b.gt .Loop5x_ecb_enc -+ -+ aese $dat0,q8 -+ aesmc $dat0,$dat0 -+ aese $dat1,q8 -+ aesmc $dat1,$dat1 -+ aese $dat2,q8 -+ aesmc $dat2,$dat2 -+ aese $dat3,q8 -+ aesmc $dat3,$dat3 -+ aese $dat4,q8 -+ aesmc $dat4,$dat4 -+ cmp $len,#0x40 // because .Lecb_enc_tail4x -+ sub $len,$len,#0x50 -+ -+ aese $dat0,q9 -+ aesmc $dat0,$dat0 -+ aese $dat1,q9 -+ aesmc $dat1,$dat1 -+ aese $dat2,q9 -+ aesmc $dat2,$dat2 -+ aese $dat3,q9 -+ aesmc $dat3,$dat3 -+ aese $dat4,q9 -+ aesmc $dat4,$dat4 -+ csel x6,xzr,$len,gt // borrow x6, $cnt, "gt" is not typo -+ mov $key_,$key -+ -+ aese $dat0,q10 -+ aesmc $dat0,$dat0 -+ aese $dat1,q10 -+ aesmc $dat1,$dat1 -+ aese $dat2,q10 -+ aesmc $dat2,$dat2 -+ aese $dat3,q10 -+ aesmc $dat3,$dat3 -+ aese $dat4,q10 -+ aesmc $dat4,$dat4 -+ add $inp,$inp,x6 // $inp is adjusted in such way that -+ // at exit from the loop $dat1-$dat4 -+ // are loaded with last "words" -+ add x6,$len,#0x60 // because .Lecb_enc_tail4x -+ -+ aese $dat0,q11 -+ aesmc $dat0,$dat0 -+ aese $dat1,q11 -+ aesmc $dat1,$dat1 -+ aese $dat2,q11 -+ aesmc $dat2,$dat2 -+ aese $dat3,q11 -+ aesmc $dat3,$dat3 -+ aese $dat4,q11 -+ aesmc $dat4,$dat4 -+ -+ aese $dat0,q12 -+ aesmc $dat0,$dat0 -+ aese $dat1,q12 -+ aesmc $dat1,$dat1 -+ aese $dat2,q12 -+ aesmc $dat2,$dat2 -+ aese $dat3,q12 -+ aesmc $dat3,$dat3 -+ aese $dat4,q12 -+ aesmc $dat4,$dat4 -+ -+ aese $dat0,q13 -+ aesmc $dat0,$dat0 -+ aese $dat1,q13 -+ aesmc $dat1,$dat1 -+ aese $dat2,q13 -+ aesmc $dat2,$dat2 -+ aese $dat3,q13 -+ aesmc $dat3,$dat3 -+ aese $dat4,q13 -+ aesmc $dat4,$dat4 -+ -+ aese $dat0,q14 -+ aesmc $dat0,$dat0 -+ aese $dat1,q14 -+ aesmc $dat1,$dat1 -+ aese $dat2,q14 -+ aesmc $dat2,$dat2 -+ aese $dat3,q14 -+ aesmc $dat3,$dat3 -+ aese $dat4,q14 -+ aesmc $dat4,$dat4 -+ -+ aese $dat0,q15 -+ vld1.8 {$in0},[$inp],#16 -+ aese $dat1,q15 -+ vld1.8 {$in1},[$inp],#16 -+ aese $dat2,q15 -+ vld1.8 {$in2},[$inp],#16 -+ aese $dat3,q15 -+ vld1.8 {$in3},[$inp],#16 -+ aese $dat4,q15 -+ vld1.8 {$in4},[$inp],#16 -+ cbz x6,.Lecb_enc_tail4x -+ vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] -+ veor $tmp0,$rndlast,$dat0 -+ vorr $dat0,$in0,$in0 -+ veor $tmp1,$rndlast,$dat1 -+ vorr $dat1,$in1,$in1 -+ veor $tmp2,$rndlast,$dat2 -+ vorr $dat2,$in2,$in2 -+ veor $tmp3,$rndlast,$dat3 -+ vorr $dat3,$in3,$in3 -+ veor $tmp4,$rndlast,$dat4 -+ vst1.8 {$tmp0},[$out],#16 -+ vorr $dat4,$in4,$in4 -+ vst1.8 {$tmp1},[$out],#16 -+ mov $cnt,$rounds -+ vst1.8 {$tmp2},[$out],#16 -+ vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] -+ vst1.8 {$tmp3},[$out],#16 -+ vst1.8 {$tmp4},[$out],#16 -+ b.hs .Loop5x_ecb_enc -+ -+ add $len,$len,#0x50 -+ cbz $len,.Lecb_done -+ -+ add $cnt,$rounds,#2 -+ subs $len,$len,#0x30 -+ vorr $dat0,$in2,$in2 -+ vorr $dat1,$in3,$in3 -+ vorr $dat2,$in4,$in4 -+ b.lo .Lecb_enc_tail -+ -+ b .Loop3x_ecb_enc -+ -+.align 4 -+.Lecb_enc_tail4x: -+ veor $tmp1,$rndlast,$dat1 -+ veor $tmp2,$rndlast,$dat2 -+ veor $tmp3,$rndlast,$dat3 -+ veor $tmp4,$rndlast,$dat4 -+ vst1.8 {$tmp1},[$out],#16 -+ vst1.8 {$tmp2},[$out],#16 -+ vst1.8 {$tmp3},[$out],#16 -+ vst1.8 {$tmp4},[$out],#16 -+ -+ b .Lecb_done -+.align 4 -+___ -+$code.=<<___; -+.Loop3x_ecb_enc: -+ aese $dat0,q8 -+ aesmc $dat0,$dat0 -+ aese $dat1,q8 -+ aesmc $dat1,$dat1 -+ aese $dat2,q8 -+ aesmc $dat2,$dat2 -+ vld1.32 {q8},[$key_],#16 -+ subs $cnt,$cnt,#2 -+ aese $dat0,q9 -+ aesmc $dat0,$dat0 -+ aese $dat1,q9 -+ aesmc $dat1,$dat1 -+ aese $dat2,q9 -+ aesmc $dat2,$dat2 -+ vld1.32 {q9},[$key_],#16 -+ b.gt .Loop3x_ecb_enc -+ -+ aese $dat0,q8 -+ aesmc $dat0,$dat0 -+ aese $dat1,q8 -+ aesmc $dat1,$dat1 -+ aese $dat2,q8 -+ aesmc $dat2,$dat2 -+ subs $len,$len,#0x30 -+ mov.lo x6,$len // x6, $cnt, is zero at this point -+ aese $dat0,q9 -+ aesmc $dat0,$dat0 -+ aese $dat1,q9 -+ aesmc $dat1,$dat1 -+ aese $dat2,q9 -+ aesmc $dat2,$dat2 -+ add $inp,$inp,x6 // $inp is adjusted in such way that -+ // at exit from the loop $dat1-$dat2 -+ // are loaded with last "words" -+ mov $key_,$key -+ aese $dat0,q12 -+ aesmc $dat0,$dat0 -+ aese $dat1,q12 -+ aesmc $dat1,$dat1 -+ aese $dat2,q12 -+ aesmc $dat2,$dat2 -+ vld1.8 {$in0},[$inp],#16 -+ aese $dat0,q13 -+ aesmc $dat0,$dat0 -+ aese $dat1,q13 -+ aesmc $dat1,$dat1 -+ aese $dat2,q13 -+ aesmc $dat2,$dat2 -+ vld1.8 {$in1},[$inp],#16 -+ aese $dat0,q14 -+ aesmc $dat0,$dat0 -+ aese $dat1,q14 -+ aesmc $dat1,$dat1 -+ aese $dat2,q14 -+ aesmc $dat2,$dat2 -+ vld1.8 {$in2},[$inp],#16 -+ aese $dat0,q15 -+ aese $dat1,q15 -+ aese $dat2,q15 -+ vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] -+ add $cnt,$rounds,#2 -+ veor $tmp0,$rndlast,$dat0 -+ veor $tmp1,$rndlast,$dat1 -+ veor $dat2,$dat2,$rndlast -+ vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] -+ vst1.8 {$tmp0},[$out],#16 -+ vorr $dat0,$in0,$in0 -+ vst1.8 {$tmp1},[$out],#16 -+ vorr $dat1,$in1,$in1 -+ vst1.8 {$dat2},[$out],#16 -+ vorr $dat2,$in2,$in2 -+ b.hs .Loop3x_ecb_enc -+ -+ cmn $len,#0x30 -+ b.eq .Lecb_done -+ nop -+ -+.Lecb_enc_tail: -+ aese $dat1,q8 -+ aesmc $dat1,$dat1 -+ aese $dat2,q8 -+ aesmc $dat2,$dat2 -+ vld1.32 {q8},[$key_],#16 -+ subs $cnt,$cnt,#2 -+ aese $dat1,q9 -+ aesmc $dat1,$dat1 -+ aese $dat2,q9 -+ aesmc $dat2,$dat2 -+ vld1.32 {q9},[$key_],#16 -+ b.gt .Lecb_enc_tail -+ -+ aese $dat1,q8 -+ aesmc $dat1,$dat1 -+ aese $dat2,q8 -+ aesmc $dat2,$dat2 -+ aese $dat1,q9 -+ aesmc $dat1,$dat1 -+ aese $dat2,q9 -+ aesmc $dat2,$dat2 -+ aese $dat1,q12 -+ aesmc $dat1,$dat1 -+ aese $dat2,q12 -+ aesmc $dat2,$dat2 -+ cmn $len,#0x20 -+ aese $dat1,q13 -+ aesmc $dat1,$dat1 -+ aese $dat2,q13 -+ aesmc $dat2,$dat2 -+ aese $dat1,q14 -+ aesmc $dat1,$dat1 -+ aese $dat2,q14 -+ aesmc $dat2,$dat2 -+ aese $dat1,q15 -+ aese $dat2,q15 -+ b.eq .Lecb_enc_one -+ veor $tmp1,$rndlast,$dat1 -+ veor $tmp2,$rndlast,$dat2 -+ vst1.8 {$tmp1},[$out],#16 -+ vst1.8 {$tmp2},[$out],#16 -+ b .Lecb_done -+ -+.Lecb_enc_one: -+ veor $tmp1,$rndlast,$dat2 -+ vst1.8 {$tmp1},[$out],#16 -+ b .Lecb_done -+___ -+ -+$code.=<<___; -+.align 5 -+.Lecb_dec: -+ vld1.8 {$dat1},[$inp],#16 -+ subs $len,$len,#32 // bias -+ add $cnt,$rounds,#2 -+ vorr $in1,$dat1,$dat1 -+ vorr $dat2,$dat1,$dat1 -+ vorr $dat1,$dat,$dat -+ b.lo .Lecb_dec_tail -+ -+ vorr $dat1,$in1,$in1 -+ vld1.8 {$dat2},[$inp],#16 -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ cmp $len,#32 -+ b.lo .Loop3x_ecb_dec -+ -+ vld1.8 {$dat3},[$inp],#16 -+ vld1.8 {$dat4},[$inp],#16 -+ sub $len,$len,#32 // bias -+ mov $cnt,$rounds -+ -+.Loop5x_ecb_dec: -+ aesd $dat0,q8 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q8 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q8 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q8 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q8 -+ aesimc $dat4,$dat4 -+ vld1.32 {q8},[$key_],#16 -+ subs $cnt,$cnt,#2 -+ aesd $dat0,q9 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q9 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q9 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q9 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q9 -+ aesimc $dat4,$dat4 -+ vld1.32 {q9},[$key_],#16 -+ b.gt .Loop5x_ecb_dec -+ -+ aesd $dat0,q8 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q8 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q8 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q8 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q8 -+ aesimc $dat4,$dat4 -+ cmp $len,#0x40 // because .Lecb_tail4x -+ sub $len,$len,#0x50 -+ -+ aesd $dat0,q9 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q9 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q9 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q9 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q9 -+ aesimc $dat4,$dat4 -+ csel x6,xzr,$len,gt // borrow x6, $cnt, "gt" is not typo -+ mov $key_,$key -+ -+ aesd $dat0,q10 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q10 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q10 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q10 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q10 -+ aesimc $dat4,$dat4 -+ add $inp,$inp,x6 // $inp is adjusted in such way that -+ // at exit from the loop $dat1-$dat4 -+ // are loaded with last "words" -+ add x6,$len,#0x60 // because .Lecb_tail4x -+ -+ aesd $dat0,q11 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q11 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q11 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q11 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q11 -+ aesimc $dat4,$dat4 -+ -+ aesd $dat0,q12 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q12 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q12 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q12 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q12 -+ aesimc $dat4,$dat4 -+ -+ aesd $dat0,q13 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q13 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q13 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q13 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q13 -+ aesimc $dat4,$dat4 -+ -+ aesd $dat0,q14 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q14 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q14 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q14 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q14 -+ aesimc $dat4,$dat4 -+ -+ aesd $dat0,q15 -+ vld1.8 {$in0},[$inp],#16 -+ aesd $dat1,q15 -+ vld1.8 {$in1},[$inp],#16 -+ aesd $dat2,q15 -+ vld1.8 {$in2},[$inp],#16 -+ aesd $dat3,q15 -+ vld1.8 {$in3},[$inp],#16 -+ aesd $dat4,q15 -+ vld1.8 {$in4},[$inp],#16 -+ cbz x6,.Lecb_tail4x -+ vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] -+ veor $tmp0,$rndlast,$dat0 -+ vorr $dat0,$in0,$in0 -+ veor $tmp1,$rndlast,$dat1 -+ vorr $dat1,$in1,$in1 -+ veor $tmp2,$rndlast,$dat2 -+ vorr $dat2,$in2,$in2 -+ veor $tmp3,$rndlast,$dat3 -+ vorr $dat3,$in3,$in3 -+ veor $tmp4,$rndlast,$dat4 -+ vst1.8 {$tmp0},[$out],#16 -+ vorr $dat4,$in4,$in4 -+ vst1.8 {$tmp1},[$out],#16 -+ mov $cnt,$rounds -+ vst1.8 {$tmp2},[$out],#16 -+ vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] -+ vst1.8 {$tmp3},[$out],#16 -+ vst1.8 {$tmp4},[$out],#16 -+ b.hs .Loop5x_ecb_dec -+ -+ add $len,$len,#0x50 -+ cbz $len,.Lecb_done -+ -+ add $cnt,$rounds,#2 -+ subs $len,$len,#0x30 -+ vorr $dat0,$in2,$in2 -+ vorr $dat1,$in3,$in3 -+ vorr $dat2,$in4,$in4 -+ b.lo .Lecb_dec_tail -+ -+ b .Loop3x_ecb_dec -+ -+.align 4 -+.Lecb_tail4x: -+ veor $tmp1,$rndlast,$dat1 -+ veor $tmp2,$rndlast,$dat2 -+ veor $tmp3,$rndlast,$dat3 -+ veor $tmp4,$rndlast,$dat4 -+ vst1.8 {$tmp1},[$out],#16 -+ vst1.8 {$tmp2},[$out],#16 -+ vst1.8 {$tmp3},[$out],#16 -+ vst1.8 {$tmp4},[$out],#16 -+ -+ b .Lecb_done -+.align 4 -+___ -+$code.=<<___; -+.Loop3x_ecb_dec: -+ aesd $dat0,q8 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q8 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q8 -+ aesimc $dat2,$dat2 -+ vld1.32 {q8},[$key_],#16 -+ subs $cnt,$cnt,#2 -+ aesd $dat0,q9 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q9 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q9 -+ aesimc $dat2,$dat2 -+ vld1.32 {q9},[$key_],#16 -+ b.gt .Loop3x_ecb_dec -+ -+ aesd $dat0,q8 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q8 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q8 -+ aesimc $dat2,$dat2 -+ subs $len,$len,#0x30 -+ mov.lo x6,$len // x6, $cnt, is zero at this point -+ aesd $dat0,q9 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q9 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q9 -+ aesimc $dat2,$dat2 -+ add $inp,$inp,x6 // $inp is adjusted in such way that -+ // at exit from the loop $dat1-$dat2 -+ // are loaded with last "words" -+ mov $key_,$key -+ aesd $dat0,q12 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q12 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q12 -+ aesimc $dat2,$dat2 -+ vld1.8 {$in0},[$inp],#16 -+ aesd $dat0,q13 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q13 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q13 -+ aesimc $dat2,$dat2 -+ vld1.8 {$in1},[$inp],#16 -+ aesd $dat0,q14 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q14 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q14 -+ aesimc $dat2,$dat2 -+ vld1.8 {$in2},[$inp],#16 -+ aesd $dat0,q15 -+ aesd $dat1,q15 -+ aesd $dat2,q15 -+ vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] -+ add $cnt,$rounds,#2 -+ veor $tmp0,$rndlast,$dat0 -+ veor $tmp1,$rndlast,$dat1 -+ veor $dat2,$dat2,$rndlast -+ vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] -+ vst1.8 {$tmp0},[$out],#16 -+ vorr $dat0,$in0,$in0 -+ vst1.8 {$tmp1},[$out],#16 -+ vorr $dat1,$in1,$in1 -+ vst1.8 {$dat2},[$out],#16 -+ vorr $dat2,$in2,$in2 -+ b.hs .Loop3x_ecb_dec -+ -+ cmn $len,#0x30 -+ b.eq .Lecb_done -+ nop -+ -+.Lecb_dec_tail: -+ aesd $dat1,q8 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q8 -+ aesimc $dat2,$dat2 -+ vld1.32 {q8},[$key_],#16 -+ subs $cnt,$cnt,#2 -+ aesd $dat1,q9 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q9 -+ aesimc $dat2,$dat2 -+ vld1.32 {q9},[$key_],#16 -+ b.gt .Lecb_dec_tail -+ -+ aesd $dat1,q8 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q8 -+ aesimc $dat2,$dat2 -+ aesd $dat1,q9 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q9 -+ aesimc $dat2,$dat2 -+ aesd $dat1,q12 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q12 -+ aesimc $dat2,$dat2 -+ cmn $len,#0x20 -+ aesd $dat1,q13 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q13 -+ aesimc $dat2,$dat2 -+ aesd $dat1,q14 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q14 -+ aesimc $dat2,$dat2 -+ aesd $dat1,q15 -+ aesd $dat2,q15 -+ b.eq .Lecb_dec_one -+ veor $tmp1,$rndlast,$dat1 -+ veor $tmp2,$rndlast,$dat2 -+ vst1.8 {$tmp1},[$out],#16 -+ vst1.8 {$tmp2},[$out],#16 -+ b .Lecb_done -+ -+.Lecb_dec_one: -+ veor $tmp1,$rndlast,$dat2 -+ vst1.8 {$tmp1},[$out],#16 -+ -+.Lecb_done: -+___ -+} -+$code.=<<___ if ($flavour !~ /64/); -+ vldmia sp!,{d8-d15} -+ ldmia sp!,{r4-r8,pc} -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ ldr x29,[sp],#16 -+___ -+$code.=<<___ if ($flavour =~ /64/); -+.Lecb_Final_abort: -+ ret -+___ -+$code.=<<___; -+.size ${prefix}_ecb_encrypt,.-${prefix}_ecb_encrypt -+___ -+}}} - {{{ - my ($inp,$out,$len,$key,$ivp)=map("x$_",(0..4)); my $enc="w5"; - my ($rounds,$cnt,$key_,$step,$step1)=($enc,"w6","x7","x8","x12"); -@@ -519,6 +1377,13 @@ $code.=<<___; - ___ - { - my ($dat2,$in2,$tmp2)=map("q$_",(10,11,9)); -+ -+my ($dat3,$in3,$tmp3); # used only in 64-bit mode -+my ($dat4,$in4,$tmp4); -+if ($flavour =~ /64/) { -+ ($dat2,$dat3,$dat4,$in2,$in3,$in4,$tmp3,$tmp4)=map("q$_",(16..23)); -+} -+ - $code.=<<___; - .align 5 - .Lcbc_dec: -@@ -535,7 +1400,196 @@ $code.=<<___; - vorr $in0,$dat,$dat - vorr $in1,$dat1,$dat1 - vorr $in2,$dat2,$dat2 -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ cmp $len,#32 -+ b.lo .Loop3x_cbc_dec -+ -+ vld1.8 {$dat3},[$inp],#16 -+ vld1.8 {$dat4},[$inp],#16 -+ sub $len,$len,#32 // bias -+ mov $cnt,$rounds -+ vorr $in3,$dat3,$dat3 -+ vorr $in4,$dat4,$dat4 -+ -+.Loop5x_cbc_dec: -+ aesd $dat0,q8 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q8 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q8 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q8 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q8 -+ aesimc $dat4,$dat4 -+ vld1.32 {q8},[$key_],#16 -+ subs $cnt,$cnt,#2 -+ aesd $dat0,q9 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q9 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q9 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q9 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q9 -+ aesimc $dat4,$dat4 -+ vld1.32 {q9},[$key_],#16 -+ b.gt .Loop5x_cbc_dec -+ -+ aesd $dat0,q8 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q8 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q8 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q8 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q8 -+ aesimc $dat4,$dat4 -+ cmp $len,#0x40 // because .Lcbc_tail4x -+ sub $len,$len,#0x50 -+ -+ aesd $dat0,q9 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q9 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q9 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q9 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q9 -+ aesimc $dat4,$dat4 -+ csel x6,xzr,$len,gt // borrow x6, $cnt, "gt" is not typo -+ mov $key_,$key -+ -+ aesd $dat0,q10 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q10 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q10 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q10 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q10 -+ aesimc $dat4,$dat4 -+ add $inp,$inp,x6 // $inp is adjusted in such way that -+ // at exit from the loop $dat1-$dat4 -+ // are loaded with last "words" -+ add x6,$len,#0x60 // because .Lcbc_tail4x -+ -+ aesd $dat0,q11 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q11 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q11 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q11 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q11 -+ aesimc $dat4,$dat4 -+ -+ aesd $dat0,q12 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q12 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q12 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q12 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q12 -+ aesimc $dat4,$dat4 -+ -+ aesd $dat0,q13 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q13 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q13 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q13 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q13 -+ aesimc $dat4,$dat4 -+ -+ aesd $dat0,q14 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q14 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q14 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q14 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q14 -+ aesimc $dat4,$dat4 - -+ veor $tmp0,$ivec,$rndlast -+ aesd $dat0,q15 -+ veor $tmp1,$in0,$rndlast -+ vld1.8 {$in0},[$inp],#16 -+ aesd $dat1,q15 -+ veor $tmp2,$in1,$rndlast -+ vld1.8 {$in1},[$inp],#16 -+ aesd $dat2,q15 -+ veor $tmp3,$in2,$rndlast -+ vld1.8 {$in2},[$inp],#16 -+ aesd $dat3,q15 -+ veor $tmp4,$in3,$rndlast -+ vld1.8 {$in3},[$inp],#16 -+ aesd $dat4,q15 -+ vorr $ivec,$in4,$in4 -+ vld1.8 {$in4},[$inp],#16 -+ cbz x6,.Lcbc_tail4x -+ vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] -+ veor $tmp0,$tmp0,$dat0 -+ vorr $dat0,$in0,$in0 -+ veor $tmp1,$tmp1,$dat1 -+ vorr $dat1,$in1,$in1 -+ veor $tmp2,$tmp2,$dat2 -+ vorr $dat2,$in2,$in2 -+ veor $tmp3,$tmp3,$dat3 -+ vorr $dat3,$in3,$in3 -+ veor $tmp4,$tmp4,$dat4 -+ vst1.8 {$tmp0},[$out],#16 -+ vorr $dat4,$in4,$in4 -+ vst1.8 {$tmp1},[$out],#16 -+ mov $cnt,$rounds -+ vst1.8 {$tmp2},[$out],#16 -+ vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] -+ vst1.8 {$tmp3},[$out],#16 -+ vst1.8 {$tmp4},[$out],#16 -+ b.hs .Loop5x_cbc_dec -+ -+ add $len,$len,#0x50 -+ cbz $len,.Lcbc_done -+ -+ add $cnt,$rounds,#2 -+ subs $len,$len,#0x30 -+ vorr $dat0,$in2,$in2 -+ vorr $in0,$in2,$in2 -+ vorr $dat1,$in3,$in3 -+ vorr $in1,$in3,$in3 -+ vorr $dat2,$in4,$in4 -+ vorr $in2,$in4,$in4 -+ b.lo .Lcbc_dec_tail -+ -+ b .Loop3x_cbc_dec -+ -+.align 4 -+.Lcbc_tail4x: -+ veor $tmp1,$tmp0,$dat1 -+ veor $tmp2,$tmp2,$dat2 -+ veor $tmp3,$tmp3,$dat3 -+ veor $tmp4,$tmp4,$dat4 -+ vst1.8 {$tmp1},[$out],#16 -+ vst1.8 {$tmp2},[$out],#16 -+ vst1.8 {$tmp3},[$out],#16 -+ vst1.8 {$tmp4},[$out],#16 -+ -+ b .Lcbc_done -+.align 4 -+___ -+$code.=<<___; - .Loop3x_cbc_dec: - aesd $dat0,q8 - aesimc $dat0,$dat0 -@@ -696,6 +1750,9 @@ my $step="x12"; # aliases with $tctr2 - my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7)); - my ($dat2,$in2,$tmp2)=map("q$_",(10,11,9)); - -+# used only in 64-bit mode... -+my ($dat3,$dat4,$in3,$in4)=map("q$_",(16..23)); -+ - my ($dat,$tmp)=($dat0,$tmp0); - - ### q8-q15 preloaded key schedule -@@ -751,6 +1808,175 @@ $code.=<<___; - vmov.32 ${ivec}[3],$tctr2 - sub $len,$len,#3 // bias - vorr $dat2,$ivec,$ivec -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ cmp $len,#2 -+ b.lo .Loop3x_ctr32 -+ -+ add w13,$ctr,#1 -+ add w14,$ctr,#2 -+ vorr $dat3,$dat0,$dat0 -+ rev w13,w13 -+ vorr $dat4,$dat0,$dat0 -+ rev w14,w14 -+ vmov.32 ${dat3}[3],w13 -+ sub $len,$len,#2 // bias -+ vmov.32 ${dat4}[3],w14 -+ add $ctr,$ctr,#2 -+ b .Loop5x_ctr32 -+ -+.align 4 -+.Loop5x_ctr32: -+ aese $dat0,q8 -+ aesmc $dat0,$dat0 -+ aese $dat1,q8 -+ aesmc $dat1,$dat1 -+ aese $dat2,q8 -+ aesmc $dat2,$dat2 -+ aese $dat3,q8 -+ aesmc $dat3,$dat3 -+ aese $dat4,q8 -+ aesmc $dat4,$dat4 -+ vld1.32 {q8},[$key_],#16 -+ subs $cnt,$cnt,#2 -+ aese $dat0,q9 -+ aesmc $dat0,$dat0 -+ aese $dat1,q9 -+ aesmc $dat1,$dat1 -+ aese $dat2,q9 -+ aesmc $dat2,$dat2 -+ aese $dat3,q9 -+ aesmc $dat3,$dat3 -+ aese $dat4,q9 -+ aesmc $dat4,$dat4 -+ vld1.32 {q9},[$key_],#16 -+ b.gt .Loop5x_ctr32 -+ -+ mov $key_,$key -+ aese $dat0,q8 -+ aesmc $dat0,$dat0 -+ aese $dat1,q8 -+ aesmc $dat1,$dat1 -+ aese $dat2,q8 -+ aesmc $dat2,$dat2 -+ aese $dat3,q8 -+ aesmc $dat3,$dat3 -+ aese $dat4,q8 -+ aesmc $dat4,$dat4 -+ vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] -+ -+ aese $dat0,q9 -+ aesmc $dat0,$dat0 -+ aese $dat1,q9 -+ aesmc $dat1,$dat1 -+ aese $dat2,q9 -+ aesmc $dat2,$dat2 -+ aese $dat3,q9 -+ aesmc $dat3,$dat3 -+ aese $dat4,q9 -+ aesmc $dat4,$dat4 -+ vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] -+ -+ aese $dat0,q12 -+ aesmc $dat0,$dat0 -+ add $tctr0,$ctr,#1 -+ add $tctr1,$ctr,#2 -+ aese $dat1,q12 -+ aesmc $dat1,$dat1 -+ add $tctr2,$ctr,#3 -+ add w13,$ctr,#4 -+ aese $dat2,q12 -+ aesmc $dat2,$dat2 -+ add w14,$ctr,#5 -+ rev $tctr0,$tctr0 -+ aese $dat3,q12 -+ aesmc $dat3,$dat3 -+ rev $tctr1,$tctr1 -+ rev $tctr2,$tctr2 -+ aese $dat4,q12 -+ aesmc $dat4,$dat4 -+ rev w13,w13 -+ rev w14,w14 -+ -+ aese $dat0,q13 -+ aesmc $dat0,$dat0 -+ aese $dat1,q13 -+ aesmc $dat1,$dat1 -+ aese $dat2,q13 -+ aesmc $dat2,$dat2 -+ aese $dat3,q13 -+ aesmc $dat3,$dat3 -+ aese $dat4,q13 -+ aesmc $dat4,$dat4 -+ -+ aese $dat0,q14 -+ aesmc $dat0,$dat0 -+ vld1.8 {$in0},[$inp],#16 -+ aese $dat1,q14 -+ aesmc $dat1,$dat1 -+ vld1.8 {$in1},[$inp],#16 -+ aese $dat2,q14 -+ aesmc $dat2,$dat2 -+ vld1.8 {$in2},[$inp],#16 -+ aese $dat3,q14 -+ aesmc $dat3,$dat3 -+ vld1.8 {$in3},[$inp],#16 -+ aese $dat4,q14 -+ aesmc $dat4,$dat4 -+ vld1.8 {$in4},[$inp],#16 -+ -+ aese $dat0,q15 -+ veor $in0,$in0,$rndlast -+ aese $dat1,q15 -+ veor $in1,$in1,$rndlast -+ aese $dat2,q15 -+ veor $in2,$in2,$rndlast -+ aese $dat3,q15 -+ veor $in3,$in3,$rndlast -+ aese $dat4,q15 -+ veor $in4,$in4,$rndlast -+ -+ veor $in0,$in0,$dat0 -+ vorr $dat0,$ivec,$ivec -+ veor $in1,$in1,$dat1 -+ vorr $dat1,$ivec,$ivec -+ veor $in2,$in2,$dat2 -+ vorr $dat2,$ivec,$ivec -+ veor $in3,$in3,$dat3 -+ vorr $dat3,$ivec,$ivec -+ veor $in4,$in4,$dat4 -+ vorr $dat4,$ivec,$ivec -+ -+ vst1.8 {$in0},[$out],#16 -+ vmov.32 ${dat0}[3],$tctr0 -+ vst1.8 {$in1},[$out],#16 -+ vmov.32 ${dat1}[3],$tctr1 -+ vst1.8 {$in2},[$out],#16 -+ vmov.32 ${dat2}[3],$tctr2 -+ vst1.8 {$in3},[$out],#16 -+ vmov.32 ${dat3}[3],w13 -+ vst1.8 {$in4},[$out],#16 -+ vmov.32 ${dat4}[3],w14 -+ -+ mov $cnt,$rounds -+ cbz $len,.Lctr32_done -+ -+ add $ctr,$ctr,#5 -+ subs $len,$len,#5 -+ b.hs .Loop5x_ctr32 -+ -+ add $len,$len,#5 -+ sub $ctr,$ctr,#5 -+ -+ cmp $len,#2 -+ mov $step,#16 -+ cclr $step,lo -+ b.ls .Lctr32_tail -+ -+ sub $len,$len,#3 // bias -+ add $ctr,$ctr,#3 -+___ -+$code.=<<___; - b .Loop3x_ctr32 - - .align 4 -@@ -905,6 +2131,1432 @@ $code.=<<___; - .size ${prefix}_ctr32_encrypt_blocks,.-${prefix}_ctr32_encrypt_blocks - ___ - }}} -+# Performance in cycles per byte. -+# Processed with AES-XTS different key size. -+# It shows the value before and after optimization as below: -+# (before/after): -+# -+# AES-128-XTS AES-256-XTS -+# Cortex-A57 3.36/1.09 4.02/1.37 -+# Cortex-A72 3.03/1.02 3.28/1.33 -+ -+# Optimization is implemented by loop unrolling and interleaving. -+# Commonly, we choose the unrolling factor as 5, if the input -+# data size smaller than 5 blocks, but not smaller than 3 blocks, -+# choose 3 as the unrolling factor. -+# If the input data size dsize >= 5*16 bytes, then take 5 blocks -+# as one iteration, every loop the left size lsize -= 5*16. -+# If lsize < 5*16 bytes, treat them as the tail. Note: left 4*16 bytes -+# will be processed specially, which be integrated into the 5*16 bytes -+# loop to improve the efficiency. -+# There is one special case, if the original input data size dsize -+# = 16 bytes, we will treat it seperately to improve the -+# performance: one independent code block without LR, FP load and -+# store. -+# Encryption will process the (length -tailcnt) bytes as mentioned -+# previously, then encrypt the composite block as last second -+# cipher block. -+# Decryption will process the (length -tailcnt -1) bytes as mentioned -+# previously, then decrypt the last second cipher block to get the -+# last plain block(tail), decrypt the composite block as last second -+# plain text block. -+ -+{{{ -+my ($inp,$out,$len,$key1,$key2,$ivp)=map("x$_",(0..5)); -+my ($rounds0,$rounds,$key_,$step,$ivl,$ivh)=("w5","w6","x7","x8","x9","x10"); -+my ($tmpoutp,$loutp,$l2outp,$tmpinp)=("x13","w14","w15","x20"); -+my ($tailcnt,$midnum,$midnumx,$constnum,$constnumx)=("x21","w22","x22","w19","x19"); -+my ($xoffset,$tmpmx,$tmpmw)=("x6","x11","w11"); -+my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$tmp2,$rndlast)=map("q$_",(0..7)); -+my ($iv0,$iv1,$iv2,$iv3,$iv4)=("v6.16b","v8.16b","v9.16b","v10.16b","v11.16b"); -+my ($ivd00,$ivd01,$ivd20,$ivd21)=("d6","v6.d[1]","d9","v9.d[1]"); -+my ($ivd10,$ivd11,$ivd30,$ivd31,$ivd40,$ivd41)=("d8","v8.d[1]","d10","v10.d[1]","d11","v11.d[1]"); -+ -+my ($tmpin)=("v26.16b"); -+my ($dat,$tmp,$rndzero_n_last)=($dat0,$tmp0,$tmp1); -+ -+# q7 last round key -+# q10-q15, q7 Last 7 round keys -+# q8-q9 preloaded round keys except last 7 keys for big size -+# q20, q21, q8-q9 preloaded round keys except last 7 keys for only 16 byte -+ -+ -+my ($dat2,$in2,$tmp2)=map("q$_",(10,11,9)); -+ -+my ($dat3,$in3,$tmp3); # used only in 64-bit mode -+my ($dat4,$in4,$tmp4); -+if ($flavour =~ /64/) { -+ ($dat2,$dat3,$dat4,$in2,$in3,$in4,$tmp3,$tmp4)=map("q$_",(16..23)); -+} -+ -+$code.=<<___ if ($flavour =~ /64/); -+.globl ${prefix}_xts_encrypt -+.type ${prefix}_xts_encrypt,%function -+.align 5 -+${prefix}_xts_encrypt: -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ cmp $len,#16 -+ // Original input data size bigger than 16, jump to big size processing. -+ b.ne .Lxts_enc_big_size -+ // Encrypt the iv with key2, as the first XEX iv. -+ ldr $rounds,[$key2,#240] -+ vld1.8 {$dat},[$key2],#16 -+ vld1.8 {$iv0},[$ivp] -+ sub $rounds,$rounds,#2 -+ vld1.8 {$dat1},[$key2],#16 -+ -+.Loop_enc_iv_enc: -+ aese $iv0,$dat -+ aesmc $iv0,$iv0 -+ vld1.32 {$dat},[$key2],#16 -+ subs $rounds,$rounds,#2 -+ aese $iv0,$dat1 -+ aesmc $iv0,$iv0 -+ vld1.32 {$dat1},[$key2],#16 -+ b.gt .Loop_enc_iv_enc -+ -+ aese $iv0,$dat -+ aesmc $iv0,$iv0 -+ vld1.32 {$dat},[$key2] -+ aese $iv0,$dat1 -+ veor $iv0,$iv0,$dat -+ -+ vld1.8 {$dat0},[$inp] -+ veor $dat0,$iv0,$dat0 -+ -+ ldr $rounds,[$key1,#240] -+ vld1.32 {q20-q21},[$key1],#32 // load key schedule... -+ -+ aese $dat0,q20 -+ aesmc $dat0,$dat0 -+ vld1.32 {q8-q9},[$key1],#32 // load key schedule... -+ aese $dat0,q21 -+ aesmc $dat0,$dat0 -+ subs $rounds,$rounds,#10 // if rounds==10, jump to aes-128-xts processing -+ b.eq .Lxts_128_enc -+.Lxts_enc_round_loop: -+ aese $dat0,q8 -+ aesmc $dat0,$dat0 -+ vld1.32 {q8},[$key1],#16 // load key schedule... -+ aese $dat0,q9 -+ aesmc $dat0,$dat0 -+ vld1.32 {q9},[$key1],#16 // load key schedule... -+ subs $rounds,$rounds,#2 // bias -+ b.gt .Lxts_enc_round_loop -+.Lxts_128_enc: -+ vld1.32 {q10-q11},[$key1],#32 // load key schedule... -+ aese $dat0,q8 -+ aesmc $dat0,$dat0 -+ aese $dat0,q9 -+ aesmc $dat0,$dat0 -+ vld1.32 {q12-q13},[$key1],#32 // load key schedule... -+ aese $dat0,q10 -+ aesmc $dat0,$dat0 -+ aese $dat0,q11 -+ aesmc $dat0,$dat0 -+ vld1.32 {q14-q15},[$key1],#32 // load key schedule... -+ aese $dat0,q12 -+ aesmc $dat0,$dat0 -+ aese $dat0,q13 -+ aesmc $dat0,$dat0 -+ vld1.32 {$rndlast},[$key1] -+ aese $dat0,q14 -+ aesmc $dat0,$dat0 -+ aese $dat0,q15 -+ veor $dat0,$dat0,$rndlast -+ veor $dat0,$dat0,$iv0 -+ vst1.8 {$dat0},[$out] -+ b .Lxts_enc_final_abort -+ -+.align 4 -+.Lxts_enc_big_size: -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ stp $constnumx,$tmpinp,[sp,#-64]! -+ stp $tailcnt,$midnumx,[sp,#48] -+ stp $ivd10,$ivd20,[sp,#32] -+ stp $ivd30,$ivd40,[sp,#16] -+ -+ // tailcnt store the tail value of length%16. -+ and $tailcnt,$len,#0xf -+ and $len,$len,#-16 -+ subs $len,$len,#16 -+ mov $step,#16 -+ b.lo .Lxts_abort -+ csel $step,xzr,$step,eq -+ -+ // Firstly, encrypt the iv with key2, as the first iv of XEX. -+ ldr $rounds,[$key2,#240] -+ vld1.32 {$dat},[$key2],#16 -+ vld1.8 {$iv0},[$ivp] -+ sub $rounds,$rounds,#2 -+ vld1.32 {$dat1},[$key2],#16 -+ -+.Loop_iv_enc: -+ aese $iv0,$dat -+ aesmc $iv0,$iv0 -+ vld1.32 {$dat},[$key2],#16 -+ subs $rounds,$rounds,#2 -+ aese $iv0,$dat1 -+ aesmc $iv0,$iv0 -+ vld1.32 {$dat1},[$key2],#16 -+ b.gt .Loop_iv_enc -+ -+ aese $iv0,$dat -+ aesmc $iv0,$iv0 -+ vld1.32 {$dat},[$key2] -+ aese $iv0,$dat1 -+ veor $iv0,$iv0,$dat -+ -+ // The iv for second block -+ // $ivl- iv(low), $ivh - iv(high) -+ // the five ivs stored into, $iv0,$iv1,$iv2,$iv3,$iv4 -+ fmov $ivl,$ivd00 -+ fmov $ivh,$ivd01 -+ mov $constnum,#0x87 -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr#31 -+ eor $ivl,$tmpmx,$ivl,lsl#1 -+ fmov $ivd10,$ivl -+ fmov $ivd11,$ivh -+ -+ ldr $rounds0,[$key1,#240] // next starting point -+ vld1.8 {$dat},[$inp],$step -+ -+ vld1.32 {q8-q9},[$key1] // load key schedule... -+ sub $rounds0,$rounds0,#6 -+ add $key_,$key1,$ivp,lsl#4 // pointer to last 7 round keys -+ sub $rounds0,$rounds0,#2 -+ vld1.32 {q10-q11},[$key_],#32 -+ vld1.32 {q12-q13},[$key_],#32 -+ vld1.32 {q14-q15},[$key_],#32 -+ vld1.32 {$rndlast},[$key_] -+ -+ add $key_,$key1,#32 -+ mov $rounds,$rounds0 -+ -+ // Encryption -+.Lxts_enc: -+ vld1.8 {$dat2},[$inp],#16 -+ subs $len,$len,#32 // bias -+ add $rounds,$rounds0,#2 -+ vorr $in1,$dat,$dat -+ vorr $dat1,$dat,$dat -+ vorr $in3,$dat,$dat -+ vorr $in2,$dat2,$dat2 -+ vorr $in4,$dat2,$dat2 -+ b.lo .Lxts_inner_enc_tail -+ veor $dat,$dat,$iv0 // before encryption, xor with iv -+ veor $dat2,$dat2,$iv1 -+ -+ // The iv for third block -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr#31 -+ eor $ivl,$tmpmx,$ivl,lsl#1 -+ fmov $ivd20,$ivl -+ fmov $ivd21,$ivh -+ -+ -+ vorr $dat1,$dat2,$dat2 -+ vld1.8 {$dat2},[$inp],#16 -+ vorr $in0,$dat,$dat -+ vorr $in1,$dat1,$dat1 -+ veor $in2,$dat2,$iv2 // the third block -+ veor $dat2,$dat2,$iv2 -+ cmp $len,#32 -+ b.lo .Lxts_outer_enc_tail -+ -+ // The iv for fourth block -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr#31 -+ eor $ivl,$tmpmx,$ivl,lsl#1 -+ fmov $ivd30,$ivl -+ fmov $ivd31,$ivh -+ -+ vld1.8 {$dat3},[$inp],#16 -+ // The iv for fifth block -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr#31 -+ eor $ivl,$tmpmx,$ivl,lsl#1 -+ fmov $ivd40,$ivl -+ fmov $ivd41,$ivh -+ -+ vld1.8 {$dat4},[$inp],#16 -+ veor $dat3,$dat3,$iv3 // the fourth block -+ veor $dat4,$dat4,$iv4 -+ sub $len,$len,#32 // bias -+ mov $rounds,$rounds0 -+ b .Loop5x_xts_enc -+ -+.align 4 -+.Loop5x_xts_enc: -+ aese $dat0,q8 -+ aesmc $dat0,$dat0 -+ aese $dat1,q8 -+ aesmc $dat1,$dat1 -+ aese $dat2,q8 -+ aesmc $dat2,$dat2 -+ aese $dat3,q8 -+ aesmc $dat3,$dat3 -+ aese $dat4,q8 -+ aesmc $dat4,$dat4 -+ vld1.32 {q8},[$key_],#16 -+ subs $rounds,$rounds,#2 -+ aese $dat0,q9 -+ aesmc $dat0,$dat0 -+ aese $dat1,q9 -+ aesmc $dat1,$dat1 -+ aese $dat2,q9 -+ aesmc $dat2,$dat2 -+ aese $dat3,q9 -+ aesmc $dat3,$dat3 -+ aese $dat4,q9 -+ aesmc $dat4,$dat4 -+ vld1.32 {q9},[$key_],#16 -+ b.gt .Loop5x_xts_enc -+ -+ aese $dat0,q8 -+ aesmc $dat0,$dat0 -+ aese $dat1,q8 -+ aesmc $dat1,$dat1 -+ aese $dat2,q8 -+ aesmc $dat2,$dat2 -+ aese $dat3,q8 -+ aesmc $dat3,$dat3 -+ aese $dat4,q8 -+ aesmc $dat4,$dat4 -+ subs $len,$len,#0x50 // because .Lxts_enc_tail4x -+ -+ aese $dat0,q9 -+ aesmc $dat0,$dat0 -+ aese $dat1,q9 -+ aesmc $dat1,$dat1 -+ aese $dat2,q9 -+ aesmc $dat2,$dat2 -+ aese $dat3,q9 -+ aesmc $dat3,$dat3 -+ aese $dat4,q9 -+ aesmc $dat4,$dat4 -+ csel $xoffset,xzr,$len,gt // borrow x6, w6, "gt" is not typo -+ mov $key_,$key1 -+ -+ aese $dat0,q10 -+ aesmc $dat0,$dat0 -+ aese $dat1,q10 -+ aesmc $dat1,$dat1 -+ aese $dat2,q10 -+ aesmc $dat2,$dat2 -+ aese $dat3,q10 -+ aesmc $dat3,$dat3 -+ aese $dat4,q10 -+ aesmc $dat4,$dat4 -+ add $inp,$inp,$xoffset // x0 is adjusted in such way that -+ // at exit from the loop v1.16b-v26.16b -+ // are loaded with last "words" -+ add $xoffset,$len,#0x60 // because .Lxts_enc_tail4x -+ -+ aese $dat0,q11 -+ aesmc $dat0,$dat0 -+ aese $dat1,q11 -+ aesmc $dat1,$dat1 -+ aese $dat2,q11 -+ aesmc $dat2,$dat2 -+ aese $dat3,q11 -+ aesmc $dat3,$dat3 -+ aese $dat4,q11 -+ aesmc $dat4,$dat4 -+ -+ aese $dat0,q12 -+ aesmc $dat0,$dat0 -+ aese $dat1,q12 -+ aesmc $dat1,$dat1 -+ aese $dat2,q12 -+ aesmc $dat2,$dat2 -+ aese $dat3,q12 -+ aesmc $dat3,$dat3 -+ aese $dat4,q12 -+ aesmc $dat4,$dat4 -+ -+ aese $dat0,q13 -+ aesmc $dat0,$dat0 -+ aese $dat1,q13 -+ aesmc $dat1,$dat1 -+ aese $dat2,q13 -+ aesmc $dat2,$dat2 -+ aese $dat3,q13 -+ aesmc $dat3,$dat3 -+ aese $dat4,q13 -+ aesmc $dat4,$dat4 -+ -+ aese $dat0,q14 -+ aesmc $dat0,$dat0 -+ aese $dat1,q14 -+ aesmc $dat1,$dat1 -+ aese $dat2,q14 -+ aesmc $dat2,$dat2 -+ aese $dat3,q14 -+ aesmc $dat3,$dat3 -+ aese $dat4,q14 -+ aesmc $dat4,$dat4 -+ -+ veor $tmp0,$rndlast,$iv0 -+ aese $dat0,q15 -+ // The iv for first block of one iteration -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr#31 -+ eor $ivl,$tmpmx,$ivl,lsl#1 -+ fmov $ivd00,$ivl -+ fmov $ivd01,$ivh -+ veor $tmp1,$rndlast,$iv1 -+ vld1.8 {$in0},[$inp],#16 -+ aese $dat1,q15 -+ // The iv for second block -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr#31 -+ eor $ivl,$tmpmx,$ivl,lsl#1 -+ fmov $ivd10,$ivl -+ fmov $ivd11,$ivh -+ veor $tmp2,$rndlast,$iv2 -+ vld1.8 {$in1},[$inp],#16 -+ aese $dat2,q15 -+ // The iv for third block -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr#31 -+ eor $ivl,$tmpmx,$ivl,lsl#1 -+ fmov $ivd20,$ivl -+ fmov $ivd21,$ivh -+ veor $tmp3,$rndlast,$iv3 -+ vld1.8 {$in2},[$inp],#16 -+ aese $dat3,q15 -+ // The iv for fourth block -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr#31 -+ eor $ivl,$tmpmx,$ivl,lsl#1 -+ fmov $ivd30,$ivl -+ fmov $ivd31,$ivh -+ veor $tmp4,$rndlast,$iv4 -+ vld1.8 {$in3},[$inp],#16 -+ aese $dat4,q15 -+ -+ // The iv for fifth block -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr #31 -+ eor $ivl,$tmpmx,$ivl,lsl #1 -+ fmov $ivd40,$ivl -+ fmov $ivd41,$ivh -+ -+ vld1.8 {$in4},[$inp],#16 -+ cbz $xoffset,.Lxts_enc_tail4x -+ vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] -+ veor $tmp0,$tmp0,$dat0 -+ veor $dat0,$in0,$iv0 -+ veor $tmp1,$tmp1,$dat1 -+ veor $dat1,$in1,$iv1 -+ veor $tmp2,$tmp2,$dat2 -+ veor $dat2,$in2,$iv2 -+ veor $tmp3,$tmp3,$dat3 -+ veor $dat3,$in3,$iv3 -+ veor $tmp4,$tmp4,$dat4 -+ vst1.8 {$tmp0},[$out],#16 -+ veor $dat4,$in4,$iv4 -+ vst1.8 {$tmp1},[$out],#16 -+ mov $rounds,$rounds0 -+ vst1.8 {$tmp2},[$out],#16 -+ vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] -+ vst1.8 {$tmp3},[$out],#16 -+ vst1.8 {$tmp4},[$out],#16 -+ b.hs .Loop5x_xts_enc -+ -+ -+ // If left 4 blocks, borrow the five block's processing. -+ cmn $len,#0x10 -+ b.ne .Loop5x_enc_after -+ vorr $iv4,$iv3,$iv3 -+ vorr $iv3,$iv2,$iv2 -+ vorr $iv2,$iv1,$iv1 -+ vorr $iv1,$iv0,$iv0 -+ fmov $ivl,$ivd40 -+ fmov $ivh,$ivd41 -+ veor $dat0,$iv0,$in0 -+ veor $dat1,$iv1,$in1 -+ veor $dat2,$in2,$iv2 -+ veor $dat3,$in3,$iv3 -+ veor $dat4,$in4,$iv4 -+ b.eq .Loop5x_xts_enc -+ -+.Loop5x_enc_after: -+ add $len,$len,#0x50 -+ cbz $len,.Lxts_enc_done -+ -+ add $rounds,$rounds0,#2 -+ subs $len,$len,#0x30 -+ b.lo .Lxts_inner_enc_tail -+ -+ veor $dat0,$iv0,$in2 -+ veor $dat1,$iv1,$in3 -+ veor $dat2,$in4,$iv2 -+ b .Lxts_outer_enc_tail -+ -+.align 4 -+.Lxts_enc_tail4x: -+ add $inp,$inp,#16 -+ veor $tmp1,$dat1,$tmp1 -+ vst1.8 {$tmp1},[$out],#16 -+ veor $tmp2,$dat2,$tmp2 -+ vst1.8 {$tmp2},[$out],#16 -+ veor $tmp3,$dat3,$tmp3 -+ veor $tmp4,$dat4,$tmp4 -+ vst1.8 {$tmp3-$tmp4},[$out],#32 -+ -+ b .Lxts_enc_done -+.align 4 -+.Lxts_outer_enc_tail: -+ aese $dat0,q8 -+ aesmc $dat0,$dat0 -+ aese $dat1,q8 -+ aesmc $dat1,$dat1 -+ aese $dat2,q8 -+ aesmc $dat2,$dat2 -+ vld1.32 {q8},[$key_],#16 -+ subs $rounds,$rounds,#2 -+ aese $dat0,q9 -+ aesmc $dat0,$dat0 -+ aese $dat1,q9 -+ aesmc $dat1,$dat1 -+ aese $dat2,q9 -+ aesmc $dat2,$dat2 -+ vld1.32 {q9},[$key_],#16 -+ b.gt .Lxts_outer_enc_tail -+ -+ aese $dat0,q8 -+ aesmc $dat0,$dat0 -+ aese $dat1,q8 -+ aesmc $dat1,$dat1 -+ aese $dat2,q8 -+ aesmc $dat2,$dat2 -+ veor $tmp0,$iv0,$rndlast -+ subs $len,$len,#0x30 -+ // The iv for first block -+ fmov $ivl,$ivd20 -+ fmov $ivh,$ivd21 -+ //mov $constnum,#0x87 -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr#31 -+ eor $ivl,$tmpmx,$ivl,lsl#1 -+ fmov $ivd00,$ivl -+ fmov $ivd01,$ivh -+ veor $tmp1,$iv1,$rndlast -+ csel $xoffset,$len,$xoffset,lo // x6, w6, is zero at this point -+ aese $dat0,q9 -+ aesmc $dat0,$dat0 -+ aese $dat1,q9 -+ aesmc $dat1,$dat1 -+ aese $dat2,q9 -+ aesmc $dat2,$dat2 -+ veor $tmp2,$iv2,$rndlast -+ -+ add $xoffset,$xoffset,#0x20 -+ add $inp,$inp,$xoffset -+ mov $key_,$key1 -+ -+ aese $dat0,q12 -+ aesmc $dat0,$dat0 -+ aese $dat1,q12 -+ aesmc $dat1,$dat1 -+ aese $dat2,q12 -+ aesmc $dat2,$dat2 -+ aese $dat0,q13 -+ aesmc $dat0,$dat0 -+ aese $dat1,q13 -+ aesmc $dat1,$dat1 -+ aese $dat2,q13 -+ aesmc $dat2,$dat2 -+ aese $dat0,q14 -+ aesmc $dat0,$dat0 -+ aese $dat1,q14 -+ aesmc $dat1,$dat1 -+ aese $dat2,q14 -+ aesmc $dat2,$dat2 -+ aese $dat0,q15 -+ aese $dat1,q15 -+ aese $dat2,q15 -+ vld1.8 {$in2},[$inp],#16 -+ add $rounds,$rounds0,#2 -+ vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] -+ veor $tmp0,$tmp0,$dat0 -+ veor $tmp1,$tmp1,$dat1 -+ veor $dat2,$dat2,$tmp2 -+ vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] -+ vst1.8 {$tmp0},[$out],#16 -+ vst1.8 {$tmp1},[$out],#16 -+ vst1.8 {$dat2},[$out],#16 -+ cmn $len,#0x30 -+ b.eq .Lxts_enc_done -+.Lxts_encxor_one: -+ vorr $in3,$in1,$in1 -+ vorr $in4,$in2,$in2 -+ nop -+ -+.Lxts_inner_enc_tail: -+ cmn $len,#0x10 -+ veor $dat1,$in3,$iv0 -+ veor $dat2,$in4,$iv1 -+ b.eq .Lxts_enc_tail_loop -+ veor $dat2,$in4,$iv0 -+.Lxts_enc_tail_loop: -+ aese $dat1,q8 -+ aesmc $dat1,$dat1 -+ aese $dat2,q8 -+ aesmc $dat2,$dat2 -+ vld1.32 {q8},[$key_],#16 -+ subs $rounds,$rounds,#2 -+ aese $dat1,q9 -+ aesmc $dat1,$dat1 -+ aese $dat2,q9 -+ aesmc $dat2,$dat2 -+ vld1.32 {q9},[$key_],#16 -+ b.gt .Lxts_enc_tail_loop -+ -+ aese $dat1,q8 -+ aesmc $dat1,$dat1 -+ aese $dat2,q8 -+ aesmc $dat2,$dat2 -+ aese $dat1,q9 -+ aesmc $dat1,$dat1 -+ aese $dat2,q9 -+ aesmc $dat2,$dat2 -+ aese $dat1,q12 -+ aesmc $dat1,$dat1 -+ aese $dat2,q12 -+ aesmc $dat2,$dat2 -+ cmn $len,#0x20 -+ aese $dat1,q13 -+ aesmc $dat1,$dat1 -+ aese $dat2,q13 -+ aesmc $dat2,$dat2 -+ veor $tmp1,$iv0,$rndlast -+ aese $dat1,q14 -+ aesmc $dat1,$dat1 -+ aese $dat2,q14 -+ aesmc $dat2,$dat2 -+ veor $tmp2,$iv1,$rndlast -+ aese $dat1,q15 -+ aese $dat2,q15 -+ b.eq .Lxts_enc_one -+ veor $tmp1,$tmp1,$dat1 -+ vst1.8 {$tmp1},[$out],#16 -+ veor $tmp2,$tmp2,$dat2 -+ vorr $iv0,$iv1,$iv1 -+ vst1.8 {$tmp2},[$out],#16 -+ fmov $ivl,$ivd10 -+ fmov $ivh,$ivd11 -+ mov $constnum,#0x87 -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr #31 -+ eor $ivl,$tmpmx,$ivl,lsl #1 -+ fmov $ivd00,$ivl -+ fmov $ivd01,$ivh -+ b .Lxts_enc_done -+ -+.Lxts_enc_one: -+ veor $tmp1,$tmp1,$dat2 -+ vorr $iv0,$iv0,$iv0 -+ vst1.8 {$tmp1},[$out],#16 -+ fmov $ivl,$ivd00 -+ fmov $ivh,$ivd01 -+ mov $constnum,#0x87 -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr #31 -+ eor $ivl,$tmpmx,$ivl,lsl #1 -+ fmov $ivd00,$ivl -+ fmov $ivd01,$ivh -+ b .Lxts_enc_done -+.align 5 -+.Lxts_enc_done: -+ // Process the tail block with cipher stealing. -+ tst $tailcnt,#0xf -+ b.eq .Lxts_abort -+ -+ mov $tmpinp,$inp -+ mov $tmpoutp,$out -+ sub $out,$out,#16 -+.composite_enc_loop: -+ subs $tailcnt,$tailcnt,#1 -+ ldrb $l2outp,[$out,$tailcnt] -+ ldrb $loutp,[$tmpinp,$tailcnt] -+ strb $l2outp,[$tmpoutp,$tailcnt] -+ strb $loutp,[$out,$tailcnt] -+ b.gt .composite_enc_loop -+.Lxts_enc_load_done: -+ vld1.8 {$tmpin},[$out] -+ veor $tmpin,$tmpin,$iv0 -+ -+ // Encrypt the composite block to get the last second encrypted text block -+ ldr $rounds,[$key1,#240] // load key schedule... -+ vld1.8 {$dat},[$key1],#16 -+ sub $rounds,$rounds,#2 -+ vld1.8 {$dat1},[$key1],#16 // load key schedule... -+.Loop_final_enc: -+ aese $tmpin,$dat0 -+ aesmc $tmpin,$tmpin -+ vld1.32 {$dat0},[$key1],#16 -+ subs $rounds,$rounds,#2 -+ aese $tmpin,$dat1 -+ aesmc $tmpin,$tmpin -+ vld1.32 {$dat1},[$key1],#16 -+ b.gt .Loop_final_enc -+ -+ aese $tmpin,$dat0 -+ aesmc $tmpin,$tmpin -+ vld1.32 {$dat0},[$key1] -+ aese $tmpin,$dat1 -+ veor $tmpin,$tmpin,$dat0 -+ veor $tmpin,$tmpin,$iv0 -+ vst1.8 {$tmpin},[$out] -+ -+.Lxts_abort: -+ ldp $tailcnt,$midnumx,[sp,#48] -+ ldp $ivd10,$ivd20,[sp,#32] -+ ldp $ivd30,$ivd40,[sp,#16] -+ ldp $constnumx,$tmpinp,[sp],#64 -+.Lxts_enc_final_abort: -+ ret -+.size ${prefix}_xts_encrypt,.-${prefix}_xts_encrypt -+___ -+ -+}}} -+{{{ -+my ($inp,$out,$len,$key1,$key2,$ivp)=map("x$_",(0..5)); -+my ($rounds0,$rounds,$key_,$step,$ivl,$ivh)=("w5","w6","x7","x8","x9","x10"); -+my ($tmpoutp,$loutp,$l2outp,$tmpinp)=("x13","w14","w15","x20"); -+my ($tailcnt,$midnum,$midnumx,$constnum,$constnumx)=("x21","w22","x22","w19","x19"); -+my ($xoffset,$tmpmx,$tmpmw)=("x6","x11","w11"); -+my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$tmp2,$rndlast)=map("q$_",(0..7)); -+my ($iv0,$iv1,$iv2,$iv3,$iv4,$tmpin)=("v6.16b","v8.16b","v9.16b","v10.16b","v11.16b","v26.16b"); -+my ($ivd00,$ivd01,$ivd20,$ivd21)=("d6","v6.d[1]","d9","v9.d[1]"); -+my ($ivd10,$ivd11,$ivd30,$ivd31,$ivd40,$ivd41)=("d8","v8.d[1]","d10","v10.d[1]","d11","v11.d[1]"); -+ -+my ($dat,$tmp,$rndzero_n_last)=($dat0,$tmp0,$tmp1); -+ -+# q7 last round key -+# q10-q15, q7 Last 7 round keys -+# q8-q9 preloaded round keys except last 7 keys for big size -+# q20, q21, q8-q9 preloaded round keys except last 7 keys for only 16 byte -+ -+{ -+my ($dat2,$in2,$tmp2)=map("q$_",(10,11,9)); -+ -+my ($dat3,$in3,$tmp3); # used only in 64-bit mode -+my ($dat4,$in4,$tmp4); -+if ($flavour =~ /64/) { -+ ($dat2,$dat3,$dat4,$in2,$in3,$in4,$tmp3,$tmp4)=map("q$_",(16..23)); -+} -+ -+$code.=<<___ if ($flavour =~ /64/); -+.globl ${prefix}_xts_decrypt -+.type ${prefix}_xts_decrypt,%function -+.align 5 -+${prefix}_xts_decrypt: -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ cmp $len,#16 -+ // Original input data size bigger than 16, jump to big size processing. -+ b.ne .Lxts_dec_big_size -+ // Encrypt the iv with key2, as the first XEX iv. -+ ldr $rounds,[$key2,#240] -+ vld1.8 {$dat},[$key2],#16 -+ vld1.8 {$iv0},[$ivp] -+ sub $rounds,$rounds,#2 -+ vld1.8 {$dat1},[$key2],#16 -+ -+.Loop_dec_small_iv_enc: -+ aese $iv0,$dat -+ aesmc $iv0,$iv0 -+ vld1.32 {$dat},[$key2],#16 -+ subs $rounds,$rounds,#2 -+ aese $iv0,$dat1 -+ aesmc $iv0,$iv0 -+ vld1.32 {$dat1},[$key2],#16 -+ b.gt .Loop_dec_small_iv_enc -+ -+ aese $iv0,$dat -+ aesmc $iv0,$iv0 -+ vld1.32 {$dat},[$key2] -+ aese $iv0,$dat1 -+ veor $iv0,$iv0,$dat -+ -+ vld1.8 {$dat0},[$inp] -+ veor $dat0,$iv0,$dat0 -+ -+ ldr $rounds,[$key1,#240] -+ vld1.32 {q20-q21},[$key1],#32 // load key schedule... -+ -+ aesd $dat0,q20 -+ aesimc $dat0,$dat0 -+ vld1.32 {q8-q9},[$key1],#32 // load key schedule... -+ aesd $dat0,q21 -+ aesimc $dat0,$dat0 -+ subs $rounds,$rounds,#10 // bias -+ b.eq .Lxts_128_dec -+.Lxts_dec_round_loop: -+ aesd $dat0,q8 -+ aesimc $dat0,$dat0 -+ vld1.32 {q8},[$key1],#16 // load key schedule... -+ aesd $dat0,q9 -+ aesimc $dat0,$dat0 -+ vld1.32 {q9},[$key1],#16 // load key schedule... -+ subs $rounds,$rounds,#2 // bias -+ b.gt .Lxts_dec_round_loop -+.Lxts_128_dec: -+ vld1.32 {q10-q11},[$key1],#32 // load key schedule... -+ aesd $dat0,q8 -+ aesimc $dat0,$dat0 -+ aesd $dat0,q9 -+ aesimc $dat0,$dat0 -+ vld1.32 {q12-q13},[$key1],#32 // load key schedule... -+ aesd $dat0,q10 -+ aesimc $dat0,$dat0 -+ aesd $dat0,q11 -+ aesimc $dat0,$dat0 -+ vld1.32 {q14-q15},[$key1],#32 // load key schedule... -+ aesd $dat0,q12 -+ aesimc $dat0,$dat0 -+ aesd $dat0,q13 -+ aesimc $dat0,$dat0 -+ vld1.32 {$rndlast},[$key1] -+ aesd $dat0,q14 -+ aesimc $dat0,$dat0 -+ aesd $dat0,q15 -+ veor $dat0,$dat0,$rndlast -+ veor $dat0,$iv0,$dat0 -+ vst1.8 {$dat0},[$out] -+ b .Lxts_dec_final_abort -+.Lxts_dec_big_size: -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ stp $constnumx,$tmpinp,[sp,#-64]! -+ stp $tailcnt,$midnumx,[sp,#48] -+ stp $ivd10,$ivd20,[sp,#32] -+ stp $ivd30,$ivd40,[sp,#16] -+ -+ and $tailcnt,$len,#0xf -+ and $len,$len,#-16 -+ subs $len,$len,#16 -+ mov $step,#16 -+ b.lo .Lxts_dec_abort -+ -+ // Encrypt the iv with key2, as the first XEX iv -+ ldr $rounds,[$key2,#240] -+ vld1.8 {$dat},[$key2],#16 -+ vld1.8 {$iv0},[$ivp] -+ sub $rounds,$rounds,#2 -+ vld1.8 {$dat1},[$key2],#16 -+ -+.Loop_dec_iv_enc: -+ aese $iv0,$dat -+ aesmc $iv0,$iv0 -+ vld1.32 {$dat},[$key2],#16 -+ subs $rounds,$rounds,#2 -+ aese $iv0,$dat1 -+ aesmc $iv0,$iv0 -+ vld1.32 {$dat1},[$key2],#16 -+ b.gt .Loop_dec_iv_enc -+ -+ aese $iv0,$dat -+ aesmc $iv0,$iv0 -+ vld1.32 {$dat},[$key2] -+ aese $iv0,$dat1 -+ veor $iv0,$iv0,$dat -+ -+ // The iv for second block -+ // $ivl- iv(low), $ivh - iv(high) -+ // the five ivs stored into, $iv0,$iv1,$iv2,$iv3,$iv4 -+ fmov $ivl,$ivd00 -+ fmov $ivh,$ivd01 -+ mov $constnum,#0x87 -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr #31 -+ eor $ivl,$tmpmx,$ivl,lsl #1 -+ fmov $ivd10,$ivl -+ fmov $ivd11,$ivh -+ -+ ldr $rounds0,[$key1,#240] // load rounds number -+ -+ // The iv for third block -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr #31 -+ eor $ivl,$tmpmx,$ivl,lsl #1 -+ fmov $ivd20,$ivl -+ fmov $ivd21,$ivh -+ -+ vld1.32 {q8-q9},[$key1] // load key schedule... -+ sub $rounds0,$rounds0,#6 -+ add $key_,$key1,$ivp,lsl#4 // pointer to last 7 round keys -+ sub $rounds0,$rounds0,#2 -+ vld1.32 {q10-q11},[$key_],#32 // load key schedule... -+ vld1.32 {q12-q13},[$key_],#32 -+ vld1.32 {q14-q15},[$key_],#32 -+ vld1.32 {$rndlast},[$key_] -+ -+ // The iv for fourth block -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr #31 -+ eor $ivl,$tmpmx,$ivl,lsl #1 -+ fmov $ivd30,$ivl -+ fmov $ivd31,$ivh -+ -+ add $key_,$key1,#32 -+ mov $rounds,$rounds0 -+ b .Lxts_dec -+ -+ // Decryption -+.align 5 -+.Lxts_dec: -+ tst $tailcnt,#0xf -+ b.eq .Lxts_dec_begin -+ subs $len,$len,#16 -+ csel $step,xzr,$step,eq -+ vld1.8 {$dat},[$inp],#16 -+ b.lo .Lxts_done -+ sub $inp,$inp,#16 -+.Lxts_dec_begin: -+ vld1.8 {$dat},[$inp],$step -+ subs $len,$len,#32 // bias -+ add $rounds,$rounds0,#2 -+ vorr $in1,$dat,$dat -+ vorr $dat1,$dat,$dat -+ vorr $in3,$dat,$dat -+ vld1.8 {$dat2},[$inp],#16 -+ vorr $in2,$dat2,$dat2 -+ vorr $in4,$dat2,$dat2 -+ b.lo .Lxts_inner_dec_tail -+ veor $dat,$dat,$iv0 // before decryt, xor with iv -+ veor $dat2,$dat2,$iv1 -+ -+ vorr $dat1,$dat2,$dat2 -+ vld1.8 {$dat2},[$inp],#16 -+ vorr $in0,$dat,$dat -+ vorr $in1,$dat1,$dat1 -+ veor $in2,$dat2,$iv2 // third block xox with third iv -+ veor $dat2,$dat2,$iv2 -+ cmp $len,#32 -+ b.lo .Lxts_outer_dec_tail -+ -+ vld1.8 {$dat3},[$inp],#16 -+ -+ // The iv for fifth block -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr #31 -+ eor $ivl,$tmpmx,$ivl,lsl #1 -+ fmov $ivd40,$ivl -+ fmov $ivd41,$ivh -+ -+ vld1.8 {$dat4},[$inp],#16 -+ veor $dat3,$dat3,$iv3 // the fourth block -+ veor $dat4,$dat4,$iv4 -+ sub $len,$len,#32 // bias -+ mov $rounds,$rounds0 -+ b .Loop5x_xts_dec -+ -+.align 4 -+.Loop5x_xts_dec: -+ aesd $dat0,q8 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q8 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q8 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q8 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q8 -+ aesimc $dat4,$dat4 -+ vld1.32 {q8},[$key_],#16 // load key schedule... -+ subs $rounds,$rounds,#2 -+ aesd $dat0,q9 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q9 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q9 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q9 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q9 -+ aesimc $dat4,$dat4 -+ vld1.32 {q9},[$key_],#16 // load key schedule... -+ b.gt .Loop5x_xts_dec -+ -+ aesd $dat0,q8 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q8 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q8 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q8 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q8 -+ aesimc $dat4,$dat4 -+ subs $len,$len,#0x50 // because .Lxts_dec_tail4x -+ -+ aesd $dat0,q9 -+ aesimc $dat0,$dat -+ aesd $dat1,q9 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q9 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q9 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q9 -+ aesimc $dat4,$dat4 -+ csel $xoffset,xzr,$len,gt // borrow x6, w6, "gt" is not typo -+ mov $key_,$key1 -+ -+ aesd $dat0,q10 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q10 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q10 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q10 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q10 -+ aesimc $dat4,$dat4 -+ add $inp,$inp,$xoffset // x0 is adjusted in such way that -+ // at exit from the loop v1.16b-v26.16b -+ // are loaded with last "words" -+ add $xoffset,$len,#0x60 // because .Lxts_dec_tail4x -+ -+ aesd $dat0,q11 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q11 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q11 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q11 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q11 -+ aesimc $dat4,$dat4 -+ -+ aesd $dat0,q12 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q12 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q12 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q12 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q12 -+ aesimc $dat4,$dat4 -+ -+ aesd $dat0,q13 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q13 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q13 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q13 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q13 -+ aesimc $dat4,$dat4 -+ -+ aesd $dat0,q14 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q14 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q14 -+ aesimc $dat2,$dat2 -+ aesd $dat3,q14 -+ aesimc $dat3,$dat3 -+ aesd $dat4,q14 -+ aesimc $dat4,$dat4 -+ -+ veor $tmp0,$rndlast,$iv0 -+ aesd $dat0,q15 -+ // The iv for first block of next iteration. -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr #31 -+ eor $ivl,$tmpmx,$ivl,lsl #1 -+ fmov $ivd00,$ivl -+ fmov $ivd01,$ivh -+ veor $tmp1,$rndlast,$iv1 -+ vld1.8 {$in0},[$inp],#16 -+ aesd $dat1,q15 -+ // The iv for second block -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr #31 -+ eor $ivl,$tmpmx,$ivl,lsl #1 -+ fmov $ivd10,$ivl -+ fmov $ivd11,$ivh -+ veor $tmp2,$rndlast,$iv2 -+ vld1.8 {$in1},[$inp],#16 -+ aesd $dat2,q15 -+ // The iv for third block -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr #31 -+ eor $ivl,$tmpmx,$ivl,lsl #1 -+ fmov $ivd20,$ivl -+ fmov $ivd21,$ivh -+ veor $tmp3,$rndlast,$iv3 -+ vld1.8 {$in2},[$inp],#16 -+ aesd $dat3,q15 -+ // The iv for fourth block -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr #31 -+ eor $ivl,$tmpmx,$ivl,lsl #1 -+ fmov $ivd30,$ivl -+ fmov $ivd31,$ivh -+ veor $tmp4,$rndlast,$iv4 -+ vld1.8 {$in3},[$inp],#16 -+ aesd $dat4,q15 -+ -+ // The iv for fifth block -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr #31 -+ eor $ivl,$tmpmx,$ivl,lsl #1 -+ fmov $ivd40,$ivl -+ fmov $ivd41,$ivh -+ -+ vld1.8 {$in4},[$inp],#16 -+ cbz $xoffset,.Lxts_dec_tail4x -+ vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] -+ veor $tmp0,$tmp0,$dat0 -+ veor $dat0,$in0,$iv0 -+ veor $tmp1,$tmp1,$dat1 -+ veor $dat1,$in1,$iv1 -+ veor $tmp2,$tmp2,$dat2 -+ veor $dat2,$in2,$iv2 -+ veor $tmp3,$tmp3,$dat3 -+ veor $dat3,$in3,$iv3 -+ veor $tmp4,$tmp4,$dat4 -+ vst1.8 {$tmp0},[$out],#16 -+ veor $dat4,$in4,$iv4 -+ vst1.8 {$tmp1},[$out],#16 -+ mov $rounds,$rounds0 -+ vst1.8 {$tmp2},[$out],#16 -+ vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] -+ vst1.8 {$tmp3},[$out],#16 -+ vst1.8 {$tmp4},[$out],#16 -+ b.hs .Loop5x_xts_dec -+ -+ cmn $len,#0x10 -+ b.ne .Loop5x_dec_after -+ // If x2($len) equal to -0x10, the left blocks is 4. -+ // After specially processing, utilize the five blocks processing again. -+ // It will use the following IVs: $iv0,$iv0,$iv1,$iv2,$iv3. -+ vorr $iv4,$iv3,$iv3 -+ vorr $iv3,$iv2,$iv2 -+ vorr $iv2,$iv1,$iv1 -+ vorr $iv1,$iv0,$iv0 -+ fmov $ivl,$ivd40 -+ fmov $ivh,$ivd41 -+ veor $dat0,$iv0,$in0 -+ veor $dat1,$iv1,$in1 -+ veor $dat2,$in2,$iv2 -+ veor $dat3,$in3,$iv3 -+ veor $dat4,$in4,$iv4 -+ b.eq .Loop5x_xts_dec -+ -+.Loop5x_dec_after: -+ add $len,$len,#0x50 -+ cbz $len,.Lxts_done -+ -+ add $rounds,$rounds0,#2 -+ subs $len,$len,#0x30 -+ b.lo .Lxts_inner_dec_tail -+ -+ veor $dat0,$iv0,$in2 -+ veor $dat1,$iv1,$in3 -+ veor $dat2,$in4,$iv2 -+ b .Lxts_outer_dec_tail -+ -+.align 4 -+.Lxts_dec_tail4x: -+ add $inp,$inp,#16 -+ vld1.32 {$dat0},[$inp],#16 -+ veor $tmp1,$dat1,$tmp0 -+ vst1.8 {$tmp1},[$out],#16 -+ veor $tmp2,$dat2,$tmp2 -+ vst1.8 {$tmp2},[$out],#16 -+ veor $tmp3,$dat3,$tmp3 -+ veor $tmp4,$dat4,$tmp4 -+ vst1.8 {$tmp3-$tmp4},[$out],#32 -+ -+ b .Lxts_done -+.align 4 -+.Lxts_outer_dec_tail: -+ aesd $dat0,q8 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q8 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q8 -+ aesimc $dat2,$dat2 -+ vld1.32 {q8},[$key_],#16 -+ subs $rounds,$rounds,#2 -+ aesd $dat0,q9 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q9 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q9 -+ aesimc $dat2,$dat2 -+ vld1.32 {q9},[$key_],#16 -+ b.gt .Lxts_outer_dec_tail -+ -+ aesd $dat0,q8 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q8 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q8 -+ aesimc $dat2,$dat2 -+ veor $tmp0,$iv0,$rndlast -+ subs $len,$len,#0x30 -+ // The iv for first block -+ fmov $ivl,$ivd20 -+ fmov $ivh,$ivd21 -+ mov $constnum,#0x87 -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr #31 -+ eor $ivl,$tmpmx,$ivl,lsl #1 -+ fmov $ivd00,$ivl -+ fmov $ivd01,$ivh -+ veor $tmp1,$iv1,$rndlast -+ csel $xoffset,$len,$xoffset,lo // x6, w6, is zero at this point -+ aesd $dat0,q9 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q9 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q9 -+ aesimc $dat2,$dat2 -+ veor $tmp2,$iv2,$rndlast -+ // The iv for second block -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr #31 -+ eor $ivl,$tmpmx,$ivl,lsl #1 -+ fmov $ivd10,$ivl -+ fmov $ivd11,$ivh -+ -+ add $xoffset,$xoffset,#0x20 -+ add $inp,$inp,$xoffset // $inp is adjusted to the last data -+ -+ mov $key_,$key1 -+ -+ // The iv for third block -+ extr $midnumx,$ivh,$ivh,#32 -+ extr $ivh,$ivh,$ivl,#63 -+ and $tmpmw,$constnum,$midnum,asr #31 -+ eor $ivl,$tmpmx,$ivl,lsl #1 -+ fmov $ivd20,$ivl -+ fmov $ivd21,$ivh -+ -+ aesd $dat0,q12 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q12 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q12 -+ aesimc $dat2,$dat2 -+ aesd $dat0,q13 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q13 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q13 -+ aesimc $dat2,$dat2 -+ aesd $dat0,q14 -+ aesimc $dat0,$dat0 -+ aesd $dat1,q14 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q14 -+ aesimc $dat2,$dat2 -+ vld1.8 {$in2},[$inp],#16 -+ aesd $dat0,q15 -+ aesd $dat1,q15 -+ aesd $dat2,q15 -+ vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] -+ add $rounds,$rounds0,#2 -+ veor $tmp0,$tmp0,$dat0 -+ veor $tmp1,$tmp1,$dat1 -+ veor $dat2,$dat2,$tmp2 -+ vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] -+ vst1.8 {$tmp0},[$out],#16 -+ vst1.8 {$tmp1},[$out],#16 -+ vst1.8 {$dat2},[$out],#16 -+ -+ cmn $len,#0x30 -+ add $len,$len,#0x30 -+ b.eq .Lxts_done -+ sub $len,$len,#0x30 -+ vorr $in3,$in1,$in1 -+ vorr $in4,$in2,$in2 -+ nop -+ -+.Lxts_inner_dec_tail: -+ // $len == -0x10 means two blocks left. -+ cmn $len,#0x10 -+ veor $dat1,$in3,$iv0 -+ veor $dat2,$in4,$iv1 -+ b.eq .Lxts_dec_tail_loop -+ veor $dat2,$in4,$iv0 -+.Lxts_dec_tail_loop: -+ aesd $dat1,q8 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q8 -+ aesimc $dat2,$dat2 -+ vld1.32 {q8},[$key_],#16 -+ subs $rounds,$rounds,#2 -+ aesd $dat1,q9 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q9 -+ aesimc $dat2,$dat2 -+ vld1.32 {q9},[$key_],#16 -+ b.gt .Lxts_dec_tail_loop -+ -+ aesd $dat1,q8 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q8 -+ aesimc $dat2,$dat2 -+ aesd $dat1,q9 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q9 -+ aesimc $dat2,$dat2 -+ aesd $dat1,q12 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q12 -+ aesimc $dat2,$dat2 -+ cmn $len,#0x20 -+ aesd $dat1,q13 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q13 -+ aesimc $dat2,$dat2 -+ veor $tmp1,$iv0,$rndlast -+ aesd $dat1,q14 -+ aesimc $dat1,$dat1 -+ aesd $dat2,q14 -+ aesimc $dat2,$dat2 -+ veor $tmp2,$iv1,$rndlast -+ aesd $dat1,q15 -+ aesd $dat2,q15 -+ b.eq .Lxts_dec_one -+ veor $tmp1,$tmp1,$dat1 -+ veor $tmp2,$tmp2,$dat2 -+ vorr $iv0,$iv2,$iv2 -+ vorr $iv1,$iv3,$iv3 -+ vst1.8 {$tmp1},[$out],#16 -+ vst1.8 {$tmp2},[$out],#16 -+ add $len,$len,#16 -+ b .Lxts_done -+ -+.Lxts_dec_one: -+ veor $tmp1,$tmp1,$dat2 -+ vorr $iv0,$iv1,$iv1 -+ vorr $iv1,$iv2,$iv2 -+ vst1.8 {$tmp1},[$out],#16 -+ add $len,$len,#32 -+ -+.Lxts_done: -+ tst $tailcnt,#0xf -+ b.eq .Lxts_dec_abort -+ // Processing the last two blocks with cipher stealing. -+ mov x7,x3 -+ cbnz x2,.Lxts_dec_1st_done -+ vld1.32 {$dat0},[$inp],#16 -+ -+ // Decrypt the last secod block to get the last plain text block -+.Lxts_dec_1st_done: -+ eor $tmpin,$dat0,$iv1 -+ ldr $rounds,[$key1,#240] -+ vld1.32 {$dat0},[$key1],#16 -+ sub $rounds,$rounds,#2 -+ vld1.32 {$dat1},[$key1],#16 -+.Loop_final_2nd_dec: -+ aesd $tmpin,$dat0 -+ aesimc $tmpin,$tmpin -+ vld1.32 {$dat0},[$key1],#16 // load key schedule... -+ subs $rounds,$rounds,#2 -+ aesd $tmpin,$dat1 -+ aesimc $tmpin,$tmpin -+ vld1.32 {$dat1},[$key1],#16 // load key schedule... -+ b.gt .Loop_final_2nd_dec -+ -+ aesd $tmpin,$dat0 -+ aesimc $tmpin,$tmpin -+ vld1.32 {$dat0},[$key1] -+ aesd $tmpin,$dat1 -+ veor $tmpin,$tmpin,$dat0 -+ veor $tmpin,$tmpin,$iv1 -+ vst1.8 {$tmpin},[$out] -+ -+ mov $tmpinp,$inp -+ add $tmpoutp,$out,#16 -+ -+ // Composite the tailcnt "16 byte not aligned block" into the last second plain blocks -+ // to get the last encrypted block. -+.composite_dec_loop: -+ subs $tailcnt,$tailcnt,#1 -+ ldrb $l2outp,[$out,$tailcnt] -+ ldrb $loutp,[$tmpinp,$tailcnt] -+ strb $l2outp,[$tmpoutp,$tailcnt] -+ strb $loutp,[$out,$tailcnt] -+ b.gt .composite_dec_loop -+.Lxts_dec_load_done: -+ vld1.8 {$tmpin},[$out] -+ veor $tmpin,$tmpin,$iv0 -+ -+ // Decrypt the composite block to get the last second plain text block -+ ldr $rounds,[$key_,#240] -+ vld1.8 {$dat},[$key_],#16 -+ sub $rounds,$rounds,#2 -+ vld1.8 {$dat1},[$key_],#16 -+.Loop_final_dec: -+ aesd $tmpin,$dat0 -+ aesimc $tmpin,$tmpin -+ vld1.32 {$dat0},[$key_],#16 // load key schedule... -+ subs $rounds,$rounds,#2 -+ aesd $tmpin,$dat1 -+ aesimc $tmpin,$tmpin -+ vld1.32 {$dat1},[$key_],#16 // load key schedule... -+ b.gt .Loop_final_dec -+ -+ aesd $tmpin,$dat0 -+ aesimc $tmpin,$tmpin -+ vld1.32 {$dat0},[$key_] -+ aesd $tmpin,$dat1 -+ veor $tmpin,$tmpin,$dat0 -+ veor $tmpin,$tmpin,$iv0 -+ vst1.8 {$tmpin},[$out] -+ -+.Lxts_dec_abort: -+ ldp $tailcnt,$midnumx,[sp,#48] -+ ldp $ivd10,$ivd20,[sp,#32] -+ ldp $ivd30,$ivd40,[sp,#16] -+ ldp $constnumx,$tmpinp,[sp],#64 -+ -+.Lxts_dec_final_abort: -+ ret -+.size ${prefix}_xts_decrypt,.-${prefix}_xts_decrypt -+___ -+} -+}}} - $code.=<<___; - #endif - ___ -@@ -963,7 +3615,7 @@ if ($flavour =~ /64/) { ######## 64-bi - # since ARMv7 instructions are always encoded little-endian. - # correct solution is to use .inst directive, but older - # assemblers don't implement it:-( -- sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s", -+ sprintf "INST(0x%02x,0x%02x,0x%02x,0x%02x)\t@ %s %s", - $word&0xff,($word>>8)&0xff, - ($word>>16)&0xff,($word>>24)&0xff, - $mnemonic,$arg; -@@ -1004,14 +3656,17 @@ if ($flavour =~ /64/) { ######## 64-bi - s/\],#[0-9]+/]!/o; - - s/[v]?(aes\w+)\s+([qv].*)/unaes($1,$2)/geo or -- s/cclr\s+([^,]+),\s*([a-z]+)/mov$2 $1,#0/o or -+ s/cclr\s+([^,]+),\s*([a-z]+)/mov.$2 $1,#0/o or - s/vtbl\.8\s+(.*)/unvtbl($1)/geo or - s/vdup\.32\s+(.*)/unvdup32($1)/geo or - s/vmov\.32\s+(.*)/unvmov32($1)/geo or - s/^(\s+)b\./$1b/o or -- s/^(\s+)mov\./$1mov/o or - s/^(\s+)ret/$1bx\tlr/o; - -+ if (s/^(\s+)mov\.([a-z]+)/$1mov$2/) { -+ print " it $2\n"; -+ } -+ - print $_,"\n"; - } - } -diff -up openssl-1.1.1i/crypto/aes/asm/vpaes-armv8.pl.arm-update openssl-1.1.1i/crypto/aes/asm/vpaes-armv8.pl ---- openssl-1.1.1i/crypto/aes/asm/vpaes-armv8.pl.arm-update 2020-12-08 14:20:59.000000000 +0100 -+++ openssl-1.1.1i/crypto/aes/asm/vpaes-armv8.pl 2020-12-09 10:37:38.405558929 +0100 -@@ -30,6 +30,7 @@ - # Denver(***) 16.6(**) 15.1/17.8(**) [8.80/9.93 ] - # Apple A7(***) 22.7(**) 10.9/14.3 [8.45/10.0 ] - # Mongoose(***) 26.3(**) 21.0/25.0(**) [13.3/16.8 ] -+# ThunderX2(***) 39.4(**) 33.8/48.6(**) - # - # (*) ECB denotes approximate result for parallelizable modes - # such as CBC decrypt, CTR, etc.; -diff -up openssl-1.1.1i/crypto/chacha/asm/chacha-armv8.pl.arm-update openssl-1.1.1i/crypto/chacha/asm/chacha-armv8.pl ---- openssl-1.1.1i/crypto/chacha/asm/chacha-armv8.pl.arm-update 2020-12-08 14:20:59.000000000 +0100 -+++ openssl-1.1.1i/crypto/chacha/asm/chacha-armv8.pl 2020-12-09 10:40:57.922288627 +0100 -@@ -18,32 +18,44 @@ - # - # ChaCha20 for ARMv8. - # -+# April 2019 -+# -+# Replace 3xNEON+1xIALU code path with 4+1. 4+1 is actually fastest -+# option on most(*), but not all, processors, yet 6+2 is retained. -+# This is because penalties are considered tolerable in comparison to -+# improvement on processors where 6+2 helps. Most notably +37% on -+# ThunderX2. It's server-oriented processor which will have to serve -+# as many requests as possible. While others are mostly clients, when -+# performance doesn't have to be absolute top-notch, just fast enough, -+# as majority of time is spent "entertaining" relatively slow human. -+# - # Performance in cycles per byte out of large buffer. - # --# IALU/gcc-4.9 3xNEON+1xIALU 6xNEON+2xIALU -+# IALU/gcc-4.9 4xNEON+1xIALU 6xNEON+2xIALU - # --# Apple A7 5.50/+49% 3.33 1.70 --# Cortex-A53 8.40/+80% 4.72 4.72(*) --# Cortex-A57 8.06/+43% 4.90 4.43(**) --# Denver 4.50/+82% 2.63 2.67(*) --# X-Gene 9.50/+46% 8.82 8.89(*) --# Mongoose 8.00/+44% 3.64 3.25 --# Kryo 8.17/+50% 4.83 4.65 -+# Apple A7 5.50/+49% 2.72 1.60 -+# Cortex-A53 8.40/+80% 4.06 4.45(*) -+# Cortex-A57 8.06/+43% 4.15 4.40(*) -+# Denver 4.50/+82% 2.30 2.70(*) -+# X-Gene 9.50/+46% 8.20 8.90(*) -+# Mongoose 8.00/+44% 2.74 3.12(*) -+# Kryo 8.17/+50% 4.47 4.65(*) -+# ThunderX2 7.22/+48% 5.64 4.10 - # --# (*) it's expected that doubling interleave factor doesn't help --# all processors, only those with higher NEON latency and --# higher instruction issue rate; --# (**) expected improvement was actually higher; -+# (*) slower than 4+1:-( - --$flavour=shift; --$output=shift; -+# $output is the last argument if it looks like a file (it has an extension) -+# $flavour is the first argument if it doesn't look like a file -+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -+$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or - ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - --open OUT,"| \"$^X\" $xlate $flavour $output"; -+open OUT,"| \"$^X\" $xlate $flavour \"$output\"" -+ or die "can't call $xlate: $!"; - *STDOUT=*OUT; - - sub AUTOLOAD() # thunk [simplified] x86-style perlasm -@@ -120,42 +132,37 @@ my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1) - } - - $code.=<<___; --#include "arm_arch.h" -- --.text -- -+#ifndef __KERNEL__ -+# include "arm_arch.h" - .extern OPENSSL_armcap_P - .hidden OPENSSL_armcap_P -+#endif -+ -+.text - - .align 5 - .Lsigma: - .quad 0x3320646e61707865,0x6b20657479622d32 // endian-neutral - .Lone: --.long 1,0,0,0 --.LOPENSSL_armcap_P: --#ifdef __ILP32__ --.long OPENSSL_armcap_P-. --#else --.quad OPENSSL_armcap_P-. --#endif --.asciz "ChaCha20 for ARMv8, CRYPTOGAMS by " -+.long 1,2,3,4 -+.Lrot24: -+.long 0x02010003,0x06050407,0x0a09080b,0x0e0d0c0f -+.asciz "ChaCha20 for ARMv8, CRYPTOGAMS by \@dot-asm" - - .globl ChaCha20_ctr32 - .type ChaCha20_ctr32,%function - .align 5 - ChaCha20_ctr32: - cbz $len,.Labort -- adr @x[0],.LOPENSSL_armcap_P - cmp $len,#192 - b.lo .Lshort --#ifdef __ILP32__ -- ldrsw @x[1],[@x[0]] --#else -- ldr @x[1],[@x[0]] --#endif -- ldr w17,[@x[1],@x[0]] -+ -+#ifndef __KERNEL__ -+ adrp x17,OPENSSL_armcap_P -+ ldr w17,[x17,#:lo12:OPENSSL_armcap_P] - tst w17,#ARMV7_NEON -- b.ne ChaCha20_neon -+ b.ne .LChaCha20_neon -+#endif - - .Lshort: - .inst 0xd503233f // paciasp -@@ -174,7 +181,7 @@ ChaCha20_ctr32: - ldp @d[2],@d[3],[$key] // load key - ldp @d[4],@d[5],[$key,#16] - ldp @d[6],@d[7],[$ctr] // load counter --#ifdef __ARMEB__ -+#ifdef __AARCH64EB__ - ror @d[2],@d[2],#32 - ror @d[3],@d[3],#32 - ror @d[4],@d[4],#32 -@@ -243,7 +250,7 @@ $code.=<<___; - add @x[14],@x[14],@x[15],lsl#32 - ldp @x[13],@x[15],[$inp,#48] - add $inp,$inp,#64 --#ifdef __ARMEB__ -+#ifdef __AARCH64EB__ - rev @x[0],@x[0] - rev @x[2],@x[2] - rev @x[4],@x[4] -@@ -300,7 +307,7 @@ $code.=<<___; - add @x[10],@x[10],@x[11],lsl#32 - add @x[12],@x[12],@x[13],lsl#32 - add @x[14],@x[14],@x[15],lsl#32 --#ifdef __ARMEB__ -+#ifdef __AARCH64EB__ - rev @x[0],@x[0] - rev @x[2],@x[2] - rev @x[4],@x[4] -@@ -341,46 +348,91 @@ $code.=<<___; - ___ - - {{{ --my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2,$T0,$T1,$T2,$T3) = -- map("v$_.4s",(0..7,16..23)); --my (@K)=map("v$_.4s",(24..30)); --my $ONE="v31.4s"; -+my @K = map("v$_.4s",(0..3)); -+my ($xt0,$xt1,$xt2,$xt3, $CTR,$ROT24) = map("v$_.4s",(4..9)); -+my @X = map("v$_.4s",(16,20,24,28, 17,21,25,29, 18,22,26,30, 19,23,27,31)); -+my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, -+ $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3) = @X; - --sub NEONROUND { --my $odd = pop; --my ($a,$b,$c,$d,$t)=@_; -+sub NEON_lane_ROUND { -+my ($a0,$b0,$c0,$d0)=@_; -+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); -+my @x=map("'$_'",@X); - - ( -- "&add ('$a','$a','$b')", -- "&eor ('$d','$d','$a')", -- "&rev32_16 ('$d','$d')", # vrot ($d,16) -- -- "&add ('$c','$c','$d')", -- "&eor ('$t','$b','$c')", -- "&ushr ('$b','$t',20)", -- "&sli ('$b','$t',12)", -- -- "&add ('$a','$a','$b')", -- "&eor ('$t','$d','$a')", -- "&ushr ('$d','$t',24)", -- "&sli ('$d','$t',8)", -- -- "&add ('$c','$c','$d')", -- "&eor ('$t','$b','$c')", -- "&ushr ('$b','$t',25)", -- "&sli ('$b','$t',7)", -- -- "&ext ('$c','$c','$c',8)", -- "&ext ('$d','$d','$d',$odd?4:12)", -- "&ext ('$b','$b','$b',$odd?12:4)" -+ "&add (@x[$a0],@x[$a0],@x[$b0])", # Q1 -+ "&add (@x[$a1],@x[$a1],@x[$b1])", # Q2 -+ "&add (@x[$a2],@x[$a2],@x[$b2])", # Q3 -+ "&add (@x[$a3],@x[$a3],@x[$b3])", # Q4 -+ "&eor (@x[$d0],@x[$d0],@x[$a0])", -+ "&eor (@x[$d1],@x[$d1],@x[$a1])", -+ "&eor (@x[$d2],@x[$d2],@x[$a2])", -+ "&eor (@x[$d3],@x[$d3],@x[$a3])", -+ "&rev32_16 (@x[$d0],@x[$d0])", -+ "&rev32_16 (@x[$d1],@x[$d1])", -+ "&rev32_16 (@x[$d2],@x[$d2])", -+ "&rev32_16 (@x[$d3],@x[$d3])", -+ -+ "&add (@x[$c0],@x[$c0],@x[$d0])", -+ "&add (@x[$c1],@x[$c1],@x[$d1])", -+ "&add (@x[$c2],@x[$c2],@x[$d2])", -+ "&add (@x[$c3],@x[$c3],@x[$d3])", -+ "&eor ('$xt0',@x[$b0],@x[$c0])", -+ "&eor ('$xt1',@x[$b1],@x[$c1])", -+ "&eor ('$xt2',@x[$b2],@x[$c2])", -+ "&eor ('$xt3',@x[$b3],@x[$c3])", -+ "&ushr (@x[$b0],'$xt0',20)", -+ "&ushr (@x[$b1],'$xt1',20)", -+ "&ushr (@x[$b2],'$xt2',20)", -+ "&ushr (@x[$b3],'$xt3',20)", -+ "&sli (@x[$b0],'$xt0',12)", -+ "&sli (@x[$b1],'$xt1',12)", -+ "&sli (@x[$b2],'$xt2',12)", -+ "&sli (@x[$b3],'$xt3',12)", -+ -+ "&add (@x[$a0],@x[$a0],@x[$b0])", -+ "&add (@x[$a1],@x[$a1],@x[$b1])", -+ "&add (@x[$a2],@x[$a2],@x[$b2])", -+ "&add (@x[$a3],@x[$a3],@x[$b3])", -+ "&eor ('$xt0',@x[$d0],@x[$a0])", -+ "&eor ('$xt1',@x[$d1],@x[$a1])", -+ "&eor ('$xt2',@x[$d2],@x[$a2])", -+ "&eor ('$xt3',@x[$d3],@x[$a3])", -+ "&tbl (@x[$d0],'{$xt0}','$ROT24')", -+ "&tbl (@x[$d1],'{$xt1}','$ROT24')", -+ "&tbl (@x[$d2],'{$xt2}','$ROT24')", -+ "&tbl (@x[$d3],'{$xt3}','$ROT24')", -+ -+ "&add (@x[$c0],@x[$c0],@x[$d0])", -+ "&add (@x[$c1],@x[$c1],@x[$d1])", -+ "&add (@x[$c2],@x[$c2],@x[$d2])", -+ "&add (@x[$c3],@x[$c3],@x[$d3])", -+ "&eor ('$xt0',@x[$b0],@x[$c0])", -+ "&eor ('$xt1',@x[$b1],@x[$c1])", -+ "&eor ('$xt2',@x[$b2],@x[$c2])", -+ "&eor ('$xt3',@x[$b3],@x[$c3])", -+ "&ushr (@x[$b0],'$xt0',25)", -+ "&ushr (@x[$b1],'$xt1',25)", -+ "&ushr (@x[$b2],'$xt2',25)", -+ "&ushr (@x[$b3],'$xt3',25)", -+ "&sli (@x[$b0],'$xt0',7)", -+ "&sli (@x[$b1],'$xt1',7)", -+ "&sli (@x[$b2],'$xt2',7)", -+ "&sli (@x[$b3],'$xt3',7)" - ); - } - - $code.=<<___; - -+#ifdef __KERNEL__ -+.globl ChaCha20_neon -+#endif - .type ChaCha20_neon,%function - .align 5 - ChaCha20_neon: -+.LChaCha20_neon: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-96]! - add x29,sp,#0 -@@ -403,8 +455,9 @@ ChaCha20_neon: - ld1 {@K[1],@K[2]},[$key] - ldp @d[6],@d[7],[$ctr] // load counter - ld1 {@K[3]},[$ctr] -- ld1 {$ONE},[@x[0]] --#ifdef __ARMEB__ -+ stp d8,d9,[sp] // meet ABI requirements -+ ld1 {$CTR,$ROT24},[@x[0]] -+#ifdef __AARCH64EB__ - rev64 @K[0],@K[0] - ror @d[2],@d[2],#32 - ror @d[3],@d[3],#32 -@@ -413,115 +466,129 @@ ChaCha20_neon: - ror @d[6],@d[6],#32 - ror @d[7],@d[7],#32 - #endif -- add @K[3],@K[3],$ONE // += 1 -- add @K[4],@K[3],$ONE -- add @K[5],@K[4],$ONE -- shl $ONE,$ONE,#2 // 1 -> 4 - - .Loop_outer_neon: -- mov.32 @x[0],@d[0] // unpack key block -- lsr @x[1],@d[0],#32 -- mov $A0,@K[0] -- mov.32 @x[2],@d[1] -- lsr @x[3],@d[1],#32 -- mov $A1,@K[0] -- mov.32 @x[4],@d[2] -- lsr @x[5],@d[2],#32 -- mov $A2,@K[0] -- mov.32 @x[6],@d[3] -- mov $B0,@K[1] -- lsr @x[7],@d[3],#32 -- mov $B1,@K[1] -- mov.32 @x[8],@d[4] -- mov $B2,@K[1] -- lsr @x[9],@d[4],#32 -- mov $D0,@K[3] -- mov.32 @x[10],@d[5] -- mov $D1,@K[4] -- lsr @x[11],@d[5],#32 -- mov $D2,@K[5] -- mov.32 @x[12],@d[6] -- mov $C0,@K[2] -- lsr @x[13],@d[6],#32 -- mov $C1,@K[2] -- mov.32 @x[14],@d[7] -- mov $C2,@K[2] -- lsr @x[15],@d[7],#32 -+ dup $xa0,@{K[0]}[0] // unpack key block -+ mov.32 @x[0],@d[0] -+ dup $xa1,@{K[0]}[1] -+ lsr @x[1],@d[0],#32 -+ dup $xa2,@{K[0]}[2] -+ mov.32 @x[2],@d[1] -+ dup $xa3,@{K[0]}[3] -+ lsr @x[3],@d[1],#32 -+ dup $xb0,@{K[1]}[0] -+ mov.32 @x[4],@d[2] -+ dup $xb1,@{K[1]}[1] -+ lsr @x[5],@d[2],#32 -+ dup $xb2,@{K[1]}[2] -+ mov.32 @x[6],@d[3] -+ dup $xb3,@{K[1]}[3] -+ lsr @x[7],@d[3],#32 -+ dup $xd0,@{K[3]}[0] -+ mov.32 @x[8],@d[4] -+ dup $xd1,@{K[3]}[1] -+ lsr @x[9],@d[4],#32 -+ dup $xd2,@{K[3]}[2] -+ mov.32 @x[10],@d[5] -+ dup $xd3,@{K[3]}[3] -+ lsr @x[11],@d[5],#32 -+ add $xd0,$xd0,$CTR -+ mov.32 @x[12],@d[6] -+ dup $xc0,@{K[2]}[0] -+ lsr @x[13],@d[6],#32 -+ dup $xc1,@{K[2]}[1] -+ mov.32 @x[14],@d[7] -+ dup $xc2,@{K[2]}[2] -+ lsr @x[15],@d[7],#32 -+ dup $xc3,@{K[2]}[3] - - mov $ctr,#10 -- subs $len,$len,#256 -+ subs $len,$len,#320 - .Loop_neon: - sub $ctr,$ctr,#1 - ___ -- my @thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,0); -- my @thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,0); -- my @thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,0); -- my @thread3=&ROUND(0,4,8,12); -- -- foreach (@thread0) { -- eval; eval(shift(@thread3)); -- eval(shift(@thread1)); eval(shift(@thread3)); -- eval(shift(@thread2)); eval(shift(@thread3)); -- } -- -- @thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,1); -- @thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,1); -- @thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,1); -- @thread3=&ROUND(0,5,10,15); -+ my @plus_one=&ROUND(0,4,8,12); -+ foreach (&NEON_lane_ROUND(0,4,8,12)) { eval; eval(shift(@plus_one)); } - -- foreach (@thread0) { -- eval; eval(shift(@thread3)); -- eval(shift(@thread1)); eval(shift(@thread3)); -- eval(shift(@thread2)); eval(shift(@thread3)); -- } -+ @plus_one=&ROUND(0,5,10,15); -+ foreach (&NEON_lane_ROUND(0,5,10,15)) { eval; eval(shift(@plus_one)); } - $code.=<<___; - cbnz $ctr,.Loop_neon - -- add.32 @x[0],@x[0],@d[0] // accumulate key block -- add $A0,$A0,@K[0] -- add @x[1],@x[1],@d[0],lsr#32 -- add $A1,$A1,@K[0] -- add.32 @x[2],@x[2],@d[1] -- add $A2,$A2,@K[0] -- add @x[3],@x[3],@d[1],lsr#32 -- add $C0,$C0,@K[2] -- add.32 @x[4],@x[4],@d[2] -- add $C1,$C1,@K[2] -- add @x[5],@x[5],@d[2],lsr#32 -- add $C2,$C2,@K[2] -- add.32 @x[6],@x[6],@d[3] -- add $D0,$D0,@K[3] -- add @x[7],@x[7],@d[3],lsr#32 -- add.32 @x[8],@x[8],@d[4] -- add $D1,$D1,@K[4] -- add @x[9],@x[9],@d[4],lsr#32 -- add.32 @x[10],@x[10],@d[5] -- add $D2,$D2,@K[5] -- add @x[11],@x[11],@d[5],lsr#32 -- add.32 @x[12],@x[12],@d[6] -- add $B0,$B0,@K[1] -- add @x[13],@x[13],@d[6],lsr#32 -- add.32 @x[14],@x[14],@d[7] -- add $B1,$B1,@K[1] -- add @x[15],@x[15],@d[7],lsr#32 -- add $B2,$B2,@K[1] -+ add $xd0,$xd0,$CTR -+ -+ zip1 $xt0,$xa0,$xa1 // transpose data -+ zip1 $xt1,$xa2,$xa3 -+ zip2 $xt2,$xa0,$xa1 -+ zip2 $xt3,$xa2,$xa3 -+ zip1.64 $xa0,$xt0,$xt1 -+ zip2.64 $xa1,$xt0,$xt1 -+ zip1.64 $xa2,$xt2,$xt3 -+ zip2.64 $xa3,$xt2,$xt3 -+ -+ zip1 $xt0,$xb0,$xb1 -+ zip1 $xt1,$xb2,$xb3 -+ zip2 $xt2,$xb0,$xb1 -+ zip2 $xt3,$xb2,$xb3 -+ zip1.64 $xb0,$xt0,$xt1 -+ zip2.64 $xb1,$xt0,$xt1 -+ zip1.64 $xb2,$xt2,$xt3 -+ zip2.64 $xb3,$xt2,$xt3 -+ -+ zip1 $xt0,$xc0,$xc1 -+ add.32 @x[0],@x[0],@d[0] // accumulate key block -+ zip1 $xt1,$xc2,$xc3 -+ add @x[1],@x[1],@d[0],lsr#32 -+ zip2 $xt2,$xc0,$xc1 -+ add.32 @x[2],@x[2],@d[1] -+ zip2 $xt3,$xc2,$xc3 -+ add @x[3],@x[3],@d[1],lsr#32 -+ zip1.64 $xc0,$xt0,$xt1 -+ add.32 @x[4],@x[4],@d[2] -+ zip2.64 $xc1,$xt0,$xt1 -+ add @x[5],@x[5],@d[2],lsr#32 -+ zip1.64 $xc2,$xt2,$xt3 -+ add.32 @x[6],@x[6],@d[3] -+ zip2.64 $xc3,$xt2,$xt3 -+ add @x[7],@x[7],@d[3],lsr#32 -+ -+ zip1 $xt0,$xd0,$xd1 -+ add.32 @x[8],@x[8],@d[4] -+ zip1 $xt1,$xd2,$xd3 -+ add @x[9],@x[9],@d[4],lsr#32 -+ zip2 $xt2,$xd0,$xd1 -+ add.32 @x[10],@x[10],@d[5] -+ zip2 $xt3,$xd2,$xd3 -+ add @x[11],@x[11],@d[5],lsr#32 -+ zip1.64 $xd0,$xt0,$xt1 -+ add.32 @x[12],@x[12],@d[6] -+ zip2.64 $xd1,$xt0,$xt1 -+ add @x[13],@x[13],@d[6],lsr#32 -+ zip1.64 $xd2,$xt2,$xt3 -+ add.32 @x[14],@x[14],@d[7] -+ zip2.64 $xd3,$xt2,$xt3 -+ add @x[15],@x[15],@d[7],lsr#32 - - b.lo .Ltail_neon - - add @x[0],@x[0],@x[1],lsl#32 // pack - add @x[2],@x[2],@x[3],lsl#32 - ldp @x[1],@x[3],[$inp,#0] // load input -+ add $xa0,$xa0,@K[0] // accumulate key block - add @x[4],@x[4],@x[5],lsl#32 - add @x[6],@x[6],@x[7],lsl#32 - ldp @x[5],@x[7],[$inp,#16] -+ add $xb0,$xb0,@K[1] - add @x[8],@x[8],@x[9],lsl#32 - add @x[10],@x[10],@x[11],lsl#32 - ldp @x[9],@x[11],[$inp,#32] -+ add $xc0,$xc0,@K[2] - add @x[12],@x[12],@x[13],lsl#32 - add @x[14],@x[14],@x[15],lsl#32 - ldp @x[13],@x[15],[$inp,#48] -+ add $xd0,$xd0,@K[3] - add $inp,$inp,#64 --#ifdef __ARMEB__ -+#ifdef __AARCH64EB__ - rev @x[0],@x[0] - rev @x[2],@x[2] - rev @x[4],@x[4] -@@ -531,48 +598,68 @@ $code.=<<___; - rev @x[12],@x[12] - rev @x[14],@x[14] - #endif -- ld1.8 {$T0-$T3},[$inp],#64 -+ ld1.8 {$xt0-$xt3},[$inp],#64 - eor @x[0],@x[0],@x[1] -+ add $xa1,$xa1,@K[0] - eor @x[2],@x[2],@x[3] -+ add $xb1,$xb1,@K[1] - eor @x[4],@x[4],@x[5] -+ add $xc1,$xc1,@K[2] - eor @x[6],@x[6],@x[7] -+ add $xd1,$xd1,@K[3] - eor @x[8],@x[8],@x[9] -- eor $A0,$A0,$T0 -+ eor $xa0,$xa0,$xt0 -+ movi $xt0,#5 - eor @x[10],@x[10],@x[11] -- eor $B0,$B0,$T1 -+ eor $xb0,$xb0,$xt1 - eor @x[12],@x[12],@x[13] -- eor $C0,$C0,$T2 -+ eor $xc0,$xc0,$xt2 - eor @x[14],@x[14],@x[15] -- eor $D0,$D0,$T3 -- ld1.8 {$T0-$T3},[$inp],#64 -+ eor $xd0,$xd0,$xt3 -+ add $CTR,$CTR,$xt0 // += 5 -+ ld1.8 {$xt0-$xt3},[$inp],#64 - - stp @x[0],@x[2],[$out,#0] // store output -- add @d[6],@d[6],#4 // increment counter -+ add @d[6],@d[6],#5 // increment counter - stp @x[4],@x[6],[$out,#16] -- add @K[3],@K[3],$ONE // += 4 - stp @x[8],@x[10],[$out,#32] -- add @K[4],@K[4],$ONE - stp @x[12],@x[14],[$out,#48] -- add @K[5],@K[5],$ONE - add $out,$out,#64 - -- st1.8 {$A0-$D0},[$out],#64 -- ld1.8 {$A0-$D0},[$inp],#64 -- -- eor $A1,$A1,$T0 -- eor $B1,$B1,$T1 -- eor $C1,$C1,$T2 -- eor $D1,$D1,$T3 -- st1.8 {$A1-$D1},[$out],#64 -- -- eor $A2,$A2,$A0 -- eor $B2,$B2,$B0 -- eor $C2,$C2,$C0 -- eor $D2,$D2,$D0 -- st1.8 {$A2-$D2},[$out],#64 -+ st1.8 {$xa0-$xd0},[$out],#64 -+ add $xa2,$xa2,@K[0] -+ add $xb2,$xb2,@K[1] -+ add $xc2,$xc2,@K[2] -+ add $xd2,$xd2,@K[3] -+ ld1.8 {$xa0-$xd0},[$inp],#64 -+ -+ eor $xa1,$xa1,$xt0 -+ eor $xb1,$xb1,$xt1 -+ eor $xc1,$xc1,$xt2 -+ eor $xd1,$xd1,$xt3 -+ st1.8 {$xa1-$xd1},[$out],#64 -+ add $xa3,$xa3,@K[0] -+ add $xb3,$xb3,@K[1] -+ add $xc3,$xc3,@K[2] -+ add $xd3,$xd3,@K[3] -+ ld1.8 {$xa1-$xd1},[$inp],#64 -+ -+ eor $xa2,$xa2,$xa0 -+ eor $xb2,$xb2,$xb0 -+ eor $xc2,$xc2,$xc0 -+ eor $xd2,$xd2,$xd0 -+ st1.8 {$xa2-$xd2},[$out],#64 -+ -+ eor $xa3,$xa3,$xa1 -+ eor $xb3,$xb3,$xb1 -+ eor $xc3,$xc3,$xc1 -+ eor $xd3,$xd3,$xd1 -+ st1.8 {$xa3-$xd3},[$out],#64 - - b.hi .Loop_outer_neon - -+ ldp d8,d9,[sp] // meet ABI requirements -+ - ldp x19,x20,[x29,#16] - add sp,sp,#64 - ldp x21,x22,[x29,#32] -@@ -583,8 +670,10 @@ $code.=<<___; - .inst 0xd50323bf // autiasp - ret - -+.align 4 - .Ltail_neon: -- add $len,$len,#256 -+ add $len,$len,#320 -+ ldp d8,d9,[sp] // meet ABI requirements - cmp $len,#64 - b.lo .Less_than_64 - -@@ -601,7 +690,7 @@ $code.=<<___; - add @x[14],@x[14],@x[15],lsl#32 - ldp @x[13],@x[15],[$inp,#48] - add $inp,$inp,#64 --#ifdef __ARMEB__ -+#ifdef __AARCH64EB__ - rev @x[0],@x[0] - rev @x[2],@x[2] - rev @x[4],@x[4] -@@ -621,48 +710,68 @@ $code.=<<___; - eor @x[14],@x[14],@x[15] - - stp @x[0],@x[2],[$out,#0] // store output -- add @d[6],@d[6],#4 // increment counter -+ add $xa0,$xa0,@K[0] // accumulate key block - stp @x[4],@x[6],[$out,#16] -+ add $xb0,$xb0,@K[1] - stp @x[8],@x[10],[$out,#32] -+ add $xc0,$xc0,@K[2] - stp @x[12],@x[14],[$out,#48] -+ add $xd0,$xd0,@K[3] - add $out,$out,#64 - b.eq .Ldone_neon - sub $len,$len,#64 - cmp $len,#64 -- b.lo .Less_than_128 -+ b.lo .Last_neon - -- ld1.8 {$T0-$T3},[$inp],#64 -- eor $A0,$A0,$T0 -- eor $B0,$B0,$T1 -- eor $C0,$C0,$T2 -- eor $D0,$D0,$T3 -- st1.8 {$A0-$D0},[$out],#64 -+ ld1.8 {$xt0-$xt3},[$inp],#64 -+ eor $xa0,$xa0,$xt0 -+ eor $xb0,$xb0,$xt1 -+ eor $xc0,$xc0,$xt2 -+ eor $xd0,$xd0,$xt3 -+ st1.8 {$xa0-$xd0},[$out],#64 - b.eq .Ldone_neon -+ -+ add $xa0,$xa1,@K[0] -+ add $xb0,$xb1,@K[1] - sub $len,$len,#64 -+ add $xc0,$xc1,@K[2] - cmp $len,#64 -- b.lo .Less_than_192 -+ add $xd0,$xd1,@K[3] -+ b.lo .Last_neon - -- ld1.8 {$T0-$T3},[$inp],#64 -- eor $A1,$A1,$T0 -- eor $B1,$B1,$T1 -- eor $C1,$C1,$T2 -- eor $D1,$D1,$T3 -- st1.8 {$A1-$D1},[$out],#64 -+ ld1.8 {$xt0-$xt3},[$inp],#64 -+ eor $xa1,$xa0,$xt0 -+ eor $xb1,$xb0,$xt1 -+ eor $xc1,$xc0,$xt2 -+ eor $xd1,$xd0,$xt3 -+ st1.8 {$xa1-$xd1},[$out],#64 - b.eq .Ldone_neon -+ -+ add $xa0,$xa2,@K[0] -+ add $xb0,$xb2,@K[1] - sub $len,$len,#64 -+ add $xc0,$xc2,@K[2] -+ cmp $len,#64 -+ add $xd0,$xd2,@K[3] -+ b.lo .Last_neon - -- st1.8 {$A2-$D2},[sp] -- b .Last_neon -+ ld1.8 {$xt0-$xt3},[$inp],#64 -+ eor $xa2,$xa0,$xt0 -+ eor $xb2,$xb0,$xt1 -+ eor $xc2,$xc0,$xt2 -+ eor $xd2,$xd0,$xt3 -+ st1.8 {$xa2-$xd2},[$out],#64 -+ b.eq .Ldone_neon - --.Less_than_128: -- st1.8 {$A0-$D0},[sp] -- b .Last_neon --.Less_than_192: -- st1.8 {$A1-$D1},[sp] -- b .Last_neon -+ add $xa0,$xa3,@K[0] -+ add $xb0,$xb3,@K[1] -+ add $xc0,$xc3,@K[2] -+ add $xd0,$xd3,@K[3] -+ sub $len,$len,#64 - --.align 4 - .Last_neon: -+ st1.8 {$xa0-$xd0},[sp] -+ - sub $out,$out,#1 - add $inp,$inp,$len - add $out,$out,$len -@@ -695,9 +804,41 @@ $code.=<<___; - .size ChaCha20_neon,.-ChaCha20_neon - ___ - { -+my @K = map("v$_.4s",(0..6)); - my ($T0,$T1,$T2,$T3,$T4,$T5)=@K; - my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2, -- $A3,$B3,$C3,$D3,$A4,$B4,$C4,$D4,$A5,$B5,$C5,$D5) = map("v$_.4s",(0..23)); -+ $A3,$B3,$C3,$D3,$A4,$B4,$C4,$D4,$A5,$B5,$C5,$D5) = map("v$_.4s",(8..31)); -+my $rot24 = @K[6]; -+my $ONE = "v7.4s"; -+ -+sub NEONROUND { -+my $odd = pop; -+my ($a,$b,$c,$d,$t)=@_; -+ -+ ( -+ "&add ('$a','$a','$b')", -+ "&eor ('$d','$d','$a')", -+ "&rev32_16 ('$d','$d')", # vrot ($d,16) -+ -+ "&add ('$c','$c','$d')", -+ "&eor ('$t','$b','$c')", -+ "&ushr ('$b','$t',20)", -+ "&sli ('$b','$t',12)", -+ -+ "&add ('$a','$a','$b')", -+ "&eor ('$d','$d','$a')", -+ "&tbl ('$d','{$d}','$rot24')", -+ -+ "&add ('$c','$c','$d')", -+ "&eor ('$t','$b','$c')", -+ "&ushr ('$b','$t',25)", -+ "&sli ('$b','$t',7)", -+ -+ "&ext ('$c','$c','$c',8)", -+ "&ext ('$d','$d','$d',$odd?4:12)", -+ "&ext ('$b','$b','$b',$odd?12:4)" -+ ); -+} - - $code.=<<___; - .type ChaCha20_512_neon,%function -@@ -717,6 +858,7 @@ ChaCha20_512_neon: - .L512_or_more_neon: - sub sp,sp,#128+64 - -+ eor $ONE,$ONE,$ONE - ldp @d[0],@d[1],[@x[0]] // load sigma - ld1 {@K[0]},[@x[0]],#16 - ldp @d[2],@d[3],[$key] // load key -@@ -724,8 +866,9 @@ ChaCha20_512_neon: - ld1 {@K[1],@K[2]},[$key] - ldp @d[6],@d[7],[$ctr] // load counter - ld1 {@K[3]},[$ctr] -- ld1 {$ONE},[@x[0]] --#ifdef __ARMEB__ -+ ld1 {$ONE}[0],[@x[0]] -+ add $key,@x[0],#16 // .Lrot24 -+#ifdef __AARCH64EB__ - rev64 @K[0],@K[0] - ror @d[2],@d[2],#32 - ror @d[3],@d[3],#32 -@@ -792,9 +935,10 @@ ChaCha20_512_neon: - mov $C4,@K[2] - stp @K[3],@K[4],[sp,#48] // off-load key block, variable part - mov $C5,@K[2] -- str @K[5],[sp,#80] -+ stp @K[5],@K[6],[sp,#80] - - mov $ctr,#5 -+ ld1 {$rot24},[$key] - subs $len,$len,#512 - .Loop_upper_neon: - sub $ctr,$ctr,#1 -@@ -867,7 +1011,7 @@ $code.=<<___; - add @x[14],@x[14],@x[15],lsl#32 - ldp @x[13],@x[15],[$inp,#48] - add $inp,$inp,#64 --#ifdef __ARMEB__ -+#ifdef __AARCH64EB__ - rev @x[0],@x[0] - rev @x[2],@x[2] - rev @x[4],@x[4] -@@ -956,6 +1100,7 @@ $code.=<<___; - add.32 @x[2],@x[2],@d[1] - ldp @K[4],@K[5],[sp,#64] - add @x[3],@x[3],@d[1],lsr#32 -+ ldr @K[6],[sp,#96] - add $A0,$A0,@K[0] - add.32 @x[4],@x[4],@d[2] - add $A1,$A1,@K[0] -@@ -1008,7 +1153,7 @@ $code.=<<___; - add $inp,$inp,#64 - add $B5,$B5,@K[1] - --#ifdef __ARMEB__ -+#ifdef __AARCH64EB__ - rev @x[0],@x[0] - rev @x[2],@x[2] - rev @x[4],@x[4] -@@ -1086,26 +1231,26 @@ $code.=<<___; - b.hs .Loop_outer_512_neon - - adds $len,$len,#512 -- ushr $A0,$ONE,#2 // 4 -> 1 -+ ushr $ONE,$ONE,#1 // 4 -> 2 - -- ldp d8,d9,[sp,#128+0] // meet ABI requirements - ldp d10,d11,[sp,#128+16] - ldp d12,d13,[sp,#128+32] - ldp d14,d15,[sp,#128+48] - -- stp @K[0],$ONE,[sp,#0] // wipe off-load area -- stp @K[0],$ONE,[sp,#32] -- stp @K[0],$ONE,[sp,#64] -+ stp @K[0],@K[0],[sp,#0] // wipe off-load area -+ stp @K[0],@K[0],[sp,#32] -+ stp @K[0],@K[0],[sp,#64] - - b.eq .Ldone_512_neon - -+ sub $key,$key,#16 // .Lone - cmp $len,#192 -- sub @K[3],@K[3],$A0 // -= 1 -- sub @K[4],@K[4],$A0 -- sub @K[5],@K[5],$A0 - add sp,sp,#128 -+ sub @K[3],@K[3],$ONE // -= 2 -+ ld1 {$CTR,$ROT24},[$key] - b.hs .Loop_outer_neon - -+ ldp d8,d9,[sp,#0] // meet ABI requirements - eor @K[1],@K[1],@K[1] - eor @K[2],@K[2],@K[2] - eor @K[3],@K[3],@K[3] -@@ -1115,6 +1260,7 @@ $code.=<<___; - b .Loop_outer - - .Ldone_512_neon: -+ ldp d8,d9,[sp,#128+0] // meet ABI requirements - ldp x19,x20,[x29,#16] - add sp,sp,#128+64 - ldp x21,x22,[x29,#32] -@@ -1133,9 +1279,11 @@ foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/geo; - - (s/\b([a-z]+)\.32\b/$1/ and (s/x([0-9]+)/w$1/g or 1)) or -- (m/\b(eor|ext|mov)\b/ and (s/\.4s/\.16b/g or 1)) or -+ (m/\b(eor|ext|mov|tbl)\b/ and (s/\.4s/\.16b/g or 1)) or - (s/\b((?:ld|st)1)\.8\b/$1/ and (s/\.4s/\.16b/g or 1)) or - (m/\b(ld|st)[rp]\b/ and (s/v([0-9]+)\.4s/q$1/g or 1)) or -+ (m/\b(dup|ld1)\b/ and (s/\.4(s}?\[[0-3]\])/.$1/g or 1)) or -+ (s/\b(zip[12])\.64\b/$1/ and (s/\.4s/\.2d/g or 1)) or - (s/\brev32\.16\b/rev32/ and (s/\.4s/\.8h/g or 1)); - - #s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo; -diff -up openssl-1.1.1i/crypto/modes/asm/ghashv8-armx.pl.arm-update openssl-1.1.1i/crypto/modes/asm/ghashv8-armx.pl ---- openssl-1.1.1i/crypto/modes/asm/ghashv8-armx.pl.arm-update 2020-12-08 14:20:59.000000000 +0100 -+++ openssl-1.1.1i/crypto/modes/asm/ghashv8-armx.pl 2020-12-09 10:37:38.408558954 +0100 -@@ -42,6 +42,7 @@ - # Denver 0.51 0.65 6.02 - # Mongoose 0.65 1.10 8.06 - # Kryo 0.76 1.16 8.00 -+# ThunderX2 1.05 - # - # (*) presented for reference/comparison purposes; - -diff -up openssl-1.1.1i/crypto/poly1305/asm/poly1305-armv8.pl.arm-update openssl-1.1.1i/crypto/poly1305/asm/poly1305-armv8.pl ---- openssl-1.1.1i/crypto/poly1305/asm/poly1305-armv8.pl.arm-update 2020-12-08 14:20:59.000000000 +0100 -+++ openssl-1.1.1i/crypto/poly1305/asm/poly1305-armv8.pl 2020-12-09 10:37:38.408558954 +0100 -@@ -29,6 +29,7 @@ - # X-Gene 2.13/+68% 2.27 - # Mongoose 1.77/+75% 1.12 - # Kryo 2.70/+55% 1.13 -+# ThunderX2 1.17/+95% 1.36 - # - # (*) estimate based on resources availability is less than 1.0, - # i.e. measured result is worse than expected, presumably binary -diff -up openssl-1.1.1i/crypto/sha/asm/keccak1600-armv8.pl.arm-update openssl-1.1.1i/crypto/sha/asm/keccak1600-armv8.pl ---- openssl-1.1.1i/crypto/sha/asm/keccak1600-armv8.pl.arm-update 2020-12-08 14:20:59.000000000 +0100 -+++ openssl-1.1.1i/crypto/sha/asm/keccak1600-armv8.pl 2020-12-09 10:37:38.408558954 +0100 -@@ -51,6 +51,7 @@ - # Kryo 12 - # Denver 7.8 - # Apple A7 7.2 -+# ThunderX2 9.7 - # - # (*) Corresponds to SHA3-256. No improvement coefficients are listed - # because they vary too much from compiler to compiler. Newer -diff -up openssl-1.1.1i/crypto/sha/asm/sha1-armv8.pl.arm-update openssl-1.1.1i/crypto/sha/asm/sha1-armv8.pl ---- openssl-1.1.1i/crypto/sha/asm/sha1-armv8.pl.arm-update 2020-12-08 14:20:59.000000000 +0100 -+++ openssl-1.1.1i/crypto/sha/asm/sha1-armv8.pl 2020-12-09 10:37:38.408558954 +0100 -@@ -27,6 +27,7 @@ - # X-Gene 8.80 (+200%) - # Mongoose 2.05 6.50 (+160%) - # Kryo 1.88 8.00 (+90%) -+# ThunderX2 2.64 6.36 (+150%) - # - # (*) Software results are presented mostly for reference purposes. - # (**) Keep in mind that Denver relies on binary translation, which -diff -up openssl-1.1.1i/crypto/sha/asm/sha512-armv8.pl.arm-update openssl-1.1.1i/crypto/sha/asm/sha512-armv8.pl ---- openssl-1.1.1i/crypto/sha/asm/sha512-armv8.pl.arm-update 2020-12-08 14:20:59.000000000 +0100 -+++ openssl-1.1.1i/crypto/sha/asm/sha512-armv8.pl 2020-12-09 10:37:38.408558954 +0100 -@@ -28,6 +28,7 @@ - # X-Gene 20.0 (+100%) 12.8 (+300%(***)) - # Mongoose 2.36 13.0 (+50%) 8.36 (+33%) - # Kryo 1.92 17.4 (+30%) 11.2 (+8%) -+# ThunderX2 2.54 13.2 (+40%) 8.40 (+18%) - # - # (*) Software SHA256 results are of lesser relevance, presented - # mostly for informational purposes. diff --git a/openssl-1.1.1-build.patch b/openssl-1.1.1-build.patch deleted file mode 100644 index c0ef62b..0000000 --- a/openssl-1.1.1-build.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff -up openssl-1.1.1f/Configurations/10-main.conf.build openssl-1.1.1f/Configurations/10-main.conf ---- openssl-1.1.1f/Configurations/10-main.conf.build 2020-03-31 14:17:45.000000000 +0200 -+++ openssl-1.1.1f/Configurations/10-main.conf 2020-04-07 16:42:10.920546387 +0200 -@@ -678,6 +678,7 @@ my %targets = ( - cxxflags => add("-m64"), - lib_cppflags => add("-DL_ENDIAN"), - perlasm_scheme => "linux64le", -+ multilib => "64", - }, - - "linux-armv4" => { -@@ -718,6 +719,7 @@ my %targets = ( - "linux-aarch64" => { - inherit_from => [ "linux-generic64", asm("aarch64_asm") ], - perlasm_scheme => "linux64", -+ multilib => "64", - }, - "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 - inherit_from => [ "linux-generic32", asm("aarch64_asm") ], -diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build openssl-1.1.1f/Configurations/unix-Makefile.tmpl ---- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build 2020-04-07 16:42:10.920546387 +0200 -+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-04-07 16:44:23.539142108 +0200 -@@ -823,7 +823,7 @@ uninstall_runtime_libs: - install_man_docs: - @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(ECHO) "*** Installing manpages" -- $(PERL) $(SRCDIR)/util/process_docs.pl \ -+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ - "--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX) - - uninstall_man_docs: -@@ -835,7 +835,7 @@ uninstall_man_docs: - install_html_docs: - @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(ECHO) "*** Installing HTML manpages" -- $(PERL) $(SRCDIR)/util/process_docs.pl \ -+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ - "--destdir=$(DESTDIR)$(HTMLDIR)" --type=html - - uninstall_html_docs: diff --git a/openssl-1.1.1-disable-ssl3.patch b/openssl-1.1.1-disable-ssl3.patch deleted file mode 100644 index fdec0a8..0000000 --- a/openssl-1.1.1-disable-ssl3.patch +++ /dev/null @@ -1,91 +0,0 @@ -diff -up openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_client.c ---- openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200 -+++ openssl-1.1.1-pre8/apps/s_client.c 2018-07-16 18:16:40.070186323 +0200 -@@ -1681,6 +1681,9 @@ int s_client_main(int argc, char **argv) - if (sdebug) - ssl_ctx_security_debug(ctx, sdebug); - -+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION) -+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); -+ - if (!config_ctx(cctx, ssl_args, ctx)) - goto end; - -diff -up openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_server.c ---- openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200 -+++ openssl-1.1.1-pre8/apps/s_server.c 2018-07-16 18:17:17.300055551 +0200 -@@ -1760,6 +1760,9 @@ int s_server_main(int argc, char *argv[] - if (sdebug) - ssl_ctx_security_debug(ctx, sdebug); - -+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION) -+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); -+ - if (!config_ctx(cctx, ssl_args, ctx)) - goto end; - -diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.1-pre8/ssl/ssl_lib.c ---- openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 2018-06-20 16:48:13.000000000 +0200 -+++ openssl-1.1.1-pre8/ssl/ssl_lib.c 2018-07-16 18:08:20.001487652 +0200 -@@ -3016,6 +3016,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m - */ - ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT; - -+ if (meth->version != SSL3_VERSION) { -+ /* -+ * Disable SSLv3 by default. Applications can -+ * re-enable it by configuring -+ * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); -+ * or by using the SSL_CONF API. -+ */ -+ ret->options |= SSL_OP_NO_SSLv3; -+ } -+ - ret->ext.status_type = TLSEXT_STATUSTYPE_nothing; - - /* -diff -up openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 openssl-1.1.1-pre8/test/ssl_test.c ---- openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200 -+++ openssl-1.1.1-pre8/test/ssl_test.c 2018-07-16 18:18:34.806865121 +0200 -@@ -443,6 +443,7 @@ static int test_handshake(int idx) - SSL_TEST_SERVERNAME_CB_NONE) { - if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method()))) - goto err; -+ SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3); - if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, - TLS_MAX_VERSION))) - goto err; -@@ -464,6 +465,8 @@ static int test_handshake(int idx) - if (!TEST_ptr(resume_server_ctx) - || !TEST_ptr(resume_client_ctx)) - goto err; -+ SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3); -+ SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3); - } - } - -@@ -477,6 +480,9 @@ static int test_handshake(int idx) - || !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0)) - goto err; - -+ SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3); -+ SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3); -+ - if (!SSL_CTX_config(server_ctx, "server") - || !SSL_CTX_config(client_ctx, "client")) { - goto err; -diff -up openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 openssl-1.1.1-pre8/test/ssltest_old.c ---- openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200 -+++ openssl-1.1.1-pre8/test/ssltest_old.c 2018-07-16 18:08:20.002487676 +0200 -@@ -1358,6 +1358,11 @@ int main(int argc, char *argv[]) - ERR_print_errors(bio_err); - goto end; - } -+ -+ SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3); -+ SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3); -+ SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3); -+ - /* - * Since we will use low security ciphersuites and keys for testing set - * security level to zero by default. Tests can override this by adding diff --git a/openssl-1.1.1-ec-curves.patch b/openssl-1.1.1-ec-curves.patch deleted file mode 100644 index 27f23ca..0000000 --- a/openssl-1.1.1-ec-curves.patch +++ /dev/null @@ -1,266 +0,0 @@ -diff -up openssl-1.1.1h/apps/speed.c.curves openssl-1.1.1h/apps/speed.c ---- openssl-1.1.1h/apps/speed.c.curves 2020-09-22 14:55:07.000000000 +0200 -+++ openssl-1.1.1h/apps/speed.c 2020-11-06 13:27:15.659288431 +0100 -@@ -490,90 +490,30 @@ static double rsa_results[RSA_NUM][2]; - #endif /* OPENSSL_NO_RSA */ - - enum { -- R_EC_P160, -- R_EC_P192, - R_EC_P224, - R_EC_P256, - R_EC_P384, - R_EC_P521, --#ifndef OPENSSL_NO_EC2M -- R_EC_K163, -- R_EC_K233, -- R_EC_K283, -- R_EC_K409, -- R_EC_K571, -- R_EC_B163, -- R_EC_B233, -- R_EC_B283, -- R_EC_B409, -- R_EC_B571, --#endif -- R_EC_BRP256R1, -- R_EC_BRP256T1, -- R_EC_BRP384R1, -- R_EC_BRP384T1, -- R_EC_BRP512R1, -- R_EC_BRP512T1, - R_EC_X25519, - R_EC_X448 - }; - - #ifndef OPENSSL_NO_EC - static OPT_PAIR ecdsa_choices[] = { -- {"ecdsap160", R_EC_P160}, -- {"ecdsap192", R_EC_P192}, - {"ecdsap224", R_EC_P224}, - {"ecdsap256", R_EC_P256}, - {"ecdsap384", R_EC_P384}, - {"ecdsap521", R_EC_P521}, --# ifndef OPENSSL_NO_EC2M -- {"ecdsak163", R_EC_K163}, -- {"ecdsak233", R_EC_K233}, -- {"ecdsak283", R_EC_K283}, -- {"ecdsak409", R_EC_K409}, -- {"ecdsak571", R_EC_K571}, -- {"ecdsab163", R_EC_B163}, -- {"ecdsab233", R_EC_B233}, -- {"ecdsab283", R_EC_B283}, -- {"ecdsab409", R_EC_B409}, -- {"ecdsab571", R_EC_B571}, --# endif -- {"ecdsabrp256r1", R_EC_BRP256R1}, -- {"ecdsabrp256t1", R_EC_BRP256T1}, -- {"ecdsabrp384r1", R_EC_BRP384R1}, -- {"ecdsabrp384t1", R_EC_BRP384T1}, -- {"ecdsabrp512r1", R_EC_BRP512R1}, -- {"ecdsabrp512t1", R_EC_BRP512T1} - }; - # define ECDSA_NUM OSSL_NELEM(ecdsa_choices) - - static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */ - - static const OPT_PAIR ecdh_choices[] = { -- {"ecdhp160", R_EC_P160}, -- {"ecdhp192", R_EC_P192}, - {"ecdhp224", R_EC_P224}, - {"ecdhp256", R_EC_P256}, - {"ecdhp384", R_EC_P384}, - {"ecdhp521", R_EC_P521}, --# ifndef OPENSSL_NO_EC2M -- {"ecdhk163", R_EC_K163}, -- {"ecdhk233", R_EC_K233}, -- {"ecdhk283", R_EC_K283}, -- {"ecdhk409", R_EC_K409}, -- {"ecdhk571", R_EC_K571}, -- {"ecdhb163", R_EC_B163}, -- {"ecdhb233", R_EC_B233}, -- {"ecdhb283", R_EC_B283}, -- {"ecdhb409", R_EC_B409}, -- {"ecdhb571", R_EC_B571}, --# endif -- {"ecdhbrp256r1", R_EC_BRP256R1}, -- {"ecdhbrp256t1", R_EC_BRP256T1}, -- {"ecdhbrp384r1", R_EC_BRP384R1}, -- {"ecdhbrp384t1", R_EC_BRP384T1}, -- {"ecdhbrp512r1", R_EC_BRP512R1}, -- {"ecdhbrp512t1", R_EC_BRP512T1}, - {"ecdhx25519", R_EC_X25519}, - {"ecdhx448", R_EC_X448} - }; -@@ -1502,31 +1442,10 @@ int speed_main(int argc, char **argv) - unsigned int bits; - } test_curves[] = { - /* Prime Curves */ -- {"secp160r1", NID_secp160r1, 160}, -- {"nistp192", NID_X9_62_prime192v1, 192}, - {"nistp224", NID_secp224r1, 224}, - {"nistp256", NID_X9_62_prime256v1, 256}, - {"nistp384", NID_secp384r1, 384}, - {"nistp521", NID_secp521r1, 521}, --# ifndef OPENSSL_NO_EC2M -- /* Binary Curves */ -- {"nistk163", NID_sect163k1, 163}, -- {"nistk233", NID_sect233k1, 233}, -- {"nistk283", NID_sect283k1, 283}, -- {"nistk409", NID_sect409k1, 409}, -- {"nistk571", NID_sect571k1, 571}, -- {"nistb163", NID_sect163r2, 163}, -- {"nistb233", NID_sect233r1, 233}, -- {"nistb283", NID_sect283r1, 283}, -- {"nistb409", NID_sect409r1, 409}, -- {"nistb571", NID_sect571r1, 571}, --# endif -- {"brainpoolP256r1", NID_brainpoolP256r1, 256}, -- {"brainpoolP256t1", NID_brainpoolP256t1, 256}, -- {"brainpoolP384r1", NID_brainpoolP384r1, 384}, -- {"brainpoolP384t1", NID_brainpoolP384t1, 384}, -- {"brainpoolP512r1", NID_brainpoolP512r1, 512}, -- {"brainpoolP512t1", NID_brainpoolP512t1, 512}, - /* Other and ECDH only ones */ - {"X25519", NID_X25519, 253}, - {"X448", NID_X448, 448} -@@ -2026,9 +1945,9 @@ int speed_main(int argc, char **argv) - # endif - - # ifndef OPENSSL_NO_EC -- ecdsa_c[R_EC_P160][0] = count / 1000; -- ecdsa_c[R_EC_P160][1] = count / 1000 / 2; -- for (i = R_EC_P192; i <= R_EC_P521; i++) { -+ ecdsa_c[R_EC_P224][0] = count / 1000; -+ ecdsa_c[R_EC_P224][1] = count / 1000 / 2; -+ for (i = R_EC_P256; i <= R_EC_P521; i++) { - ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2; - ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2; - if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0) -@@ -2040,7 +1959,7 @@ int speed_main(int argc, char **argv) - } - } - } --# ifndef OPENSSL_NO_EC2M -+# if 0 - ecdsa_c[R_EC_K163][0] = count / 1000; - ecdsa_c[R_EC_K163][1] = count / 1000 / 2; - for (i = R_EC_K233; i <= R_EC_K571; i++) { -@@ -2071,8 +1990,8 @@ int speed_main(int argc, char **argv) - } - # endif - -- ecdh_c[R_EC_P160][0] = count / 1000; -- for (i = R_EC_P192; i <= R_EC_P521; i++) { -+ ecdh_c[R_EC_P224][0] = count / 1000; -+ for (i = R_EC_P256; i <= R_EC_P521; i++) { - ecdh_c[i][0] = ecdh_c[i - 1][0] / 2; - if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0) - ecdh_doit[i] = 0; -@@ -2082,7 +2001,7 @@ int speed_main(int argc, char **argv) - } - } - } --# ifndef OPENSSL_NO_EC2M -+# if 0 - ecdh_c[R_EC_K163][0] = count / 1000; - for (i = R_EC_K233; i <= R_EC_K571; i++) { - ecdh_c[i][0] = ecdh_c[i - 1][0] / 2; -diff -up openssl-1.1.1h/crypto/ec/ecp_smpl.c.curves openssl-1.1.1h/crypto/ec/ecp_smpl.c ---- openssl-1.1.1h/crypto/ec/ecp_smpl.c.curves 2020-09-22 14:55:07.000000000 +0200 -+++ openssl-1.1.1h/crypto/ec/ecp_smpl.c 2020-11-06 13:27:15.659288431 +0100 -@@ -145,6 +145,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO - return 0; - } - -+ if (BN_num_bits(p) < 224) { -+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); -+ return 0; -+ } -+ - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) -diff -up openssl-1.1.1h/test/ecdsatest.h.curves openssl-1.1.1h/test/ecdsatest.h ---- openssl-1.1.1h/test/ecdsatest.h.curves 2020-11-06 13:27:15.627288114 +0100 -+++ openssl-1.1.1h/test/ecdsatest.h 2020-11-06 13:27:15.660288441 +0100 -@@ -32,23 +32,6 @@ typedef struct { - } ecdsa_cavs_kat_t; - - static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = { -- /* prime KATs from X9.62 */ -- {NID_X9_62_prime192v1, NID_sha1, -- "616263", /* "abc" */ -- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb", -- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e" -- "5ca5c0d69716dfcb3474373902", -- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e", -- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead", -- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"}, -- {NID_X9_62_prime239v1, NID_sha1, -- "616263", /* "abc" */ -- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d", -- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e" -- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee", -- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", -- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0", -- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"}, - /* prime KATs from NIST CAVP */ - {NID_secp224r1, NID_sha224, - "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" ---- openssl-1.1.1h/test/recipes/15-test_genec.t.ec-curves 2020-11-06 13:58:36.402895540 +0100 -+++ openssl-1.1.1h/test/recipes/15-test_genec.t 2020-11-06 13:59:38.508484498 +0100 -@@ -20,45 +20,11 @@ plan skip_all => "This test is unsupport - if disabled("ec"); - - my @prime_curves = qw( -- secp112r1 -- secp112r2 -- secp128r1 -- secp128r2 -- secp160k1 -- secp160r1 -- secp160r2 -- secp192k1 -- secp224k1 - secp224r1 - secp256k1 - secp384r1 - secp521r1 -- prime192v1 -- prime192v2 -- prime192v3 -- prime239v1 -- prime239v2 -- prime239v3 - prime256v1 -- wap-wsg-idm-ecid-wtls6 -- wap-wsg-idm-ecid-wtls7 -- wap-wsg-idm-ecid-wtls8 -- wap-wsg-idm-ecid-wtls9 -- wap-wsg-idm-ecid-wtls12 -- brainpoolP160r1 -- brainpoolP160t1 -- brainpoolP192r1 -- brainpoolP192t1 -- brainpoolP224r1 -- brainpoolP224t1 -- brainpoolP256r1 -- brainpoolP256t1 -- brainpoolP320r1 -- brainpoolP320t1 -- brainpoolP384r1 -- brainpoolP384t1 -- brainpoolP512r1 -- brainpoolP512t1 - ); - - my @binary_curves = qw( -@@ -115,7 +81,6 @@ push(@other_curves, 'SM2') - if !disabled("sm2"); - - my @curve_aliases = qw( -- P-192 - P-224 - P-256 - P-384 diff --git a/openssl-1.1.1-edk2-build.patch b/openssl-1.1.1-edk2-build.patch deleted file mode 100644 index b13708e..0000000 --- a/openssl-1.1.1-edk2-build.patch +++ /dev/null @@ -1,57 +0,0 @@ -diff -up openssl-1.1.1g/crypto/evp/pkey_kdf.c.edk2-build openssl-1.1.1g/crypto/evp/pkey_kdf.c ---- openssl-1.1.1g/crypto/evp/pkey_kdf.c.edk2-build 2020-05-18 12:55:53.299548432 +0200 -+++ openssl-1.1.1g/crypto/evp/pkey_kdf.c 2020-05-18 12:55:53.340548788 +0200 -@@ -12,6 +12,7 @@ - #include - #include - #include -+#include "internal/numbers.h" - #include "crypto/evp.h" - - static int pkey_kdf_init(EVP_PKEY_CTX *ctx) -diff -up openssl-1.1.1g/crypto/kdf/hkdf.c.edk2-build openssl-1.1.1g/crypto/kdf/hkdf.c ---- openssl-1.1.1g/crypto/kdf/hkdf.c.edk2-build 2020-05-18 12:55:53.340548788 +0200 -+++ openssl-1.1.1g/crypto/kdf/hkdf.c 2020-05-18 12:57:18.648288904 +0200 -@@ -13,6 +13,7 @@ - #include - #include - #include -+#include "internal/numbers.h" - #include "internal/cryptlib.h" - #include "crypto/evp.h" - #include "kdf_local.h" -diff -up openssl-1.1.1g/crypto/rand/rand_unix.c.edk2-build openssl-1.1.1g/crypto/rand/rand_unix.c ---- openssl-1.1.1g/crypto/rand/rand_unix.c.edk2-build 2020-05-18 12:56:05.646655554 +0200 -+++ openssl-1.1.1g/crypto/rand/rand_unix.c 2020-05-18 12:58:51.088090896 +0200 -@@ -20,7 +20,7 @@ - #include "crypto/fips.h" - #include - #include "internal/dso.h" --#ifdef __linux -+#if defined(__linux) && !defined(OPENSSL_SYS_UEFI) - # include - # include - # ifdef DEVRANDOM_WAIT -diff -up openssl-1.1.1g/include/crypto/fips.h.edk2-build openssl-1.1.1g/include/crypto/fips.h ---- openssl-1.1.1g/include/crypto/fips.h.edk2-build 2020-05-18 12:55:53.296548406 +0200 -+++ openssl-1.1.1g/include/crypto/fips.h 2020-05-18 12:55:53.340548788 +0200 -@@ -50,10 +50,6 @@ - #include - #include - --#ifndef OPENSSL_FIPS --# error FIPS is disabled. --#endif -- - #ifdef OPENSSL_FIPS - - int FIPS_module_mode_set(int onoff); -@@ -97,4 +93,8 @@ void fips_set_selftest_fail(void); - - void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); - -+#else -+ -+# define fips_in_post() 0 -+ - #endif diff --git a/openssl-1.1.1-evp-kdf.patch b/openssl-1.1.1-evp-kdf.patch deleted file mode 100644 index 6145753..0000000 --- a/openssl-1.1.1-evp-kdf.patch +++ /dev/null @@ -1,5238 +0,0 @@ -diff -up openssl-1.1.1j/crypto/err/openssl.txt.evp-kdf openssl-1.1.1j/crypto/err/openssl.txt ---- openssl-1.1.1j/crypto/err/openssl.txt.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/err/openssl.txt 2021-03-03 14:10:13.729466935 +0100 -@@ -748,6 +748,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn - EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate - EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex - EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate -+EVP_F_EVP_KDF_CTRL:224:EVP_KDF_ctrl -+EVP_F_EVP_KDF_CTRL_STR:225:EVP_KDF_ctrl_str -+EVP_F_EVP_KDF_CTX_NEW_ID:226:EVP_KDF_CTX_new_id - EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex - EVP_F_EVP_MD_SIZE:162:EVP_MD_size - EVP_F_EVP_OPENINIT:102:EVP_OpenInit -@@ -810,12 +813,31 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k - EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen - EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen - EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen -+EVP_F_PKEY_KDF_CTRL:227:pkey_kdf_ctrl - EVP_F_PKEY_SET_TYPE:158:pkey_set_type - EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth - EVP_F_RC5_CTRL:125:rc5_ctrl - EVP_F_R_32_12_16_INIT_KEY:242:r_32_12_16_init_key - EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_gcm_ctrl -+EVP_F_SCRYPT_ALG:228:scrypt_alg - EVP_F_UPDATE:173:update -+KDF_F_HKDF_EXTRACT:112:HKDF_Extract -+KDF_F_KDF_HKDF_DERIVE:113:kdf_hkdf_derive -+KDF_F_KDF_HKDF_NEW:114:kdf_hkdf_new -+KDF_F_KDF_HKDF_SIZE:115:kdf_hkdf_size -+KDF_F_KDF_MD2CTRL:116:kdf_md2ctrl -+KDF_F_KDF_PBKDF2_CTRL_STR:117:kdf_pbkdf2_ctrl_str -+KDF_F_KDF_PBKDF2_DERIVE:118:kdf_pbkdf2_derive -+KDF_F_KDF_PBKDF2_NEW:119:kdf_pbkdf2_new -+KDF_F_KDF_SCRYPT_CTRL_STR:120:kdf_scrypt_ctrl_str -+KDF_F_KDF_SCRYPT_CTRL_UINT32:121:kdf_scrypt_ctrl_uint32 -+KDF_F_KDF_SCRYPT_CTRL_UINT64:122:kdf_scrypt_ctrl_uint64 -+KDF_F_KDF_SCRYPT_DERIVE:123:kdf_scrypt_derive -+KDF_F_KDF_SCRYPT_NEW:124:kdf_scrypt_new -+KDF_F_KDF_TLS1_PRF_CTRL_STR:125:kdf_tls1_prf_ctrl_str -+KDF_F_KDF_TLS1_PRF_DERIVE:126:kdf_tls1_prf_derive -+KDF_F_KDF_TLS1_PRF_NEW:127:kdf_tls1_prf_new -+KDF_F_PBKDF2_SET_MEMBUF:128:pbkdf2_set_membuf - KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str - KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive - KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init -@@ -827,6 +849,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc - KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str - KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive - KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init -+KDF_F_SCRYPT_SET_MEMBUF:129:scrypt_set_membuf - KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg - OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object - OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid -@@ -2284,6 +2307,7 @@ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_K - operation not supported for this keytype - EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized - EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow -+EVP_R_PARAMETER_TOO_LARGE:187:parameter too large - EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers - EVP_R_PBKDF2_ERROR:181:pbkdf2 error - EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ -@@ -2320,6 +2344,7 @@ KDF_R_MISSING_SEED:106:missing seed - KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type - KDF_R_VALUE_ERROR:108:value error - KDF_R_VALUE_MISSING:102:value missing -+KDF_R_WRONG_OUTPUT_BUFFER_SIZE:112:wrong output buffer size - OBJ_R_OID_EXISTS:102:oid exists - OBJ_R_UNKNOWN_NID:101:unknown nid - OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error -diff -up openssl-1.1.1j/crypto/evp/build.info.evp-kdf openssl-1.1.1j/crypto/evp/build.info ---- openssl-1.1.1j/crypto/evp/build.info.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/evp/build.info 2021-03-03 14:08:02.490294839 +0100 -@@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\ - p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ - bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ - c_allc.c c_alld.c evp_lib.c bio_ok.c \ -- evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \ -+ evp_pkey.c kdf_lib.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \ -+ pkey_kdf.c \ - e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ - e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \ - e_chacha20_poly1305.c cmeth_lib.c -diff -up openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c ---- openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c 2021-03-03 14:08:02.490294839 +0100 -@@ -14,9 +14,9 @@ - - # include - # include --# include "evp_local.h" - # include "crypto/evp.h" - # include "crypto/chacha.h" -+# include "evp_local.h" - - typedef struct { - union { -diff -up openssl-1.1.1j/crypto/evp/encode.c.evp-kdf openssl-1.1.1j/crypto/evp/encode.c ---- openssl-1.1.1j/crypto/evp/encode.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/evp/encode.c 2021-03-03 14:08:02.491294847 +0100 -@@ -11,8 +11,8 @@ - #include - #include "internal/cryptlib.h" - #include --#include "evp_local.h" - #include "crypto/evp.h" -+#include "evp_local.h" - - static unsigned char conv_ascii2bin(unsigned char a, - const unsigned char *table); -diff -up openssl-1.1.1j/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1j/crypto/evp/evp_err.c ---- openssl-1.1.1j/crypto/evp/evp_err.c.evp-kdf 2021-03-03 14:08:02.469294651 +0100 -+++ openssl-1.1.1j/crypto/evp/evp_err.c 2021-03-03 14:12:08.272351600 +0100 -@@ -60,6 +60,9 @@ static const ERR_STRING_DATA EVP_str_fun - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0), - "EVP_EncryptFinal_ex"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTUPDATE, 0), "EVP_EncryptUpdate"}, -+ {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_KDF_CTRL, 0), "EVP_KDF_ctrl"}, -+ {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_KDF_CTRL_STR, 0), "EVP_KDF_ctrl_str"}, -+ {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_KDF_CTX_NEW_ID, 0), "EVP_KDF_CTX_new_id"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_CTX_COPY_EX, 0), "EVP_MD_CTX_copy_ex"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_SIZE, 0), "EVP_MD_size"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_OPENINIT, 0), "EVP_OpenInit"}, -@@ -151,12 +154,14 @@ static const ERR_STRING_DATA EVP_str_fun - "PKCS5_v2_PBKDF2_keyivgen"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, 0), - "PKCS5_v2_scrypt_keyivgen"}, -+ {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_KDF_CTRL, 0), "pkey_kdf_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_R_32_12_16_INIT_KEY, 0), - "r_32_12_16_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"}, -+ {ERR_PACK(ERR_LIB_EVP, EVP_F_SCRYPT_ALG, 0), "scrypt_alg"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"}, - {0, NULL} - }; -@@ -243,6 +248,8 @@ static const ERR_STRING_DATA EVP_str_rea - "operaton not initialized"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW), - "output would overflow"}, -+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARAMETER_TOO_LARGE), -+ "parameter too large"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), - "partially overlapping buffers"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, -diff -up openssl-1.1.1j/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1j/crypto/evp/evp_local.h ---- openssl-1.1.1j/crypto/evp/evp_local.h.evp-kdf 2021-03-03 14:08:02.362293695 +0100 -+++ openssl-1.1.1j/crypto/evp/evp_local.h 2021-03-03 14:08:02.491294847 +0100 -@@ -41,6 +41,11 @@ struct evp_cipher_ctx_st { - unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ - } /* EVP_CIPHER_CTX */ ; - -+struct evp_kdf_ctx_st { -+ const EVP_KDF_METHOD *kmeth; -+ EVP_KDF_IMPL *impl; /* Algorithm-specific data */ -+} /* EVP_KDF_CTX */ ; -+ - int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, -diff -up openssl-1.1.1j/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1j/crypto/evp/evp_pbe.c ---- openssl-1.1.1j/crypto/evp/evp_pbe.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/evp/evp_pbe.c 2021-03-03 14:08:02.491294847 +0100 -@@ -12,6 +12,7 @@ - #include - #include - #include -+#include "crypto/evp.h" - #include "evp_local.h" - - /* Password based encryption (PBE) functions */ -diff -up openssl-1.1.1j/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1j/crypto/evp/kdf_lib.c ---- openssl-1.1.1j/crypto/evp/kdf_lib.c.evp-kdf 2021-03-03 14:08:02.491294847 +0100 -+++ openssl-1.1.1j/crypto/evp/kdf_lib.c 2021-03-03 14:08:02.491294847 +0100 -@@ -0,0 +1,165 @@ -+/* -+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#include -+#include -+#include "internal/cryptlib.h" -+#include -+#include -+#include -+#include -+#include "crypto/asn1.h" -+#include "crypto/evp.h" -+#include "internal/numbers.h" -+#include "evp_local.h" -+ -+typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); -+ -+/* This array needs to be in order of NIDs */ -+static const EVP_KDF_METHOD *standard_methods[] = { -+ &pbkdf2_kdf_meth, -+#ifndef OPENSSL_NO_SCRYPT -+ &scrypt_kdf_meth, -+#endif -+ &tls1_prf_kdf_meth, -+ &hkdf_kdf_meth -+}; -+ -+DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *, -+ kmeth); -+ -+static int kmeth_cmp(const EVP_KDF_METHOD *const *a, -+ const EVP_KDF_METHOD *const *b) -+{ -+ return ((*a)->type - (*b)->type); -+} -+ -+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *, -+ kmeth); -+ -+static const EVP_KDF_METHOD *kdf_meth_find(int type) -+{ -+ EVP_KDF_METHOD tmp; -+ const EVP_KDF_METHOD *t = &tmp, **ret; -+ -+ tmp.type = type; -+ ret = OBJ_bsearch_kmeth(&t, standard_methods, -+ OSSL_NELEM(standard_methods)); -+ if (ret == NULL || *ret == NULL) -+ return NULL; -+ -+ return *ret; -+} -+ -+EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id) -+{ -+ EVP_KDF_CTX *ret; -+ const EVP_KDF_METHOD *kmeth; -+ -+ kmeth = kdf_meth_find(id); -+ if (kmeth == NULL) { -+ EVPerr(EVP_F_EVP_KDF_CTX_NEW_ID, EVP_R_UNSUPPORTED_ALGORITHM); -+ return NULL; -+ } -+ -+ ret = OPENSSL_zalloc(sizeof(*ret)); -+ if (ret == NULL) { -+ EVPerr(EVP_F_EVP_KDF_CTX_NEW_ID, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ -+ if (kmeth->new != NULL && (ret->impl = kmeth->new()) == NULL) { -+ EVP_KDF_CTX_free(ret); -+ return NULL; -+ } -+ -+ ret->kmeth = kmeth; -+ return ret; -+} -+ -+void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx) -+{ -+ if (ctx == NULL) -+ return; -+ -+ ctx->kmeth->free(ctx->impl); -+ OPENSSL_free(ctx); -+} -+ -+void EVP_KDF_reset(EVP_KDF_CTX *ctx) -+{ -+ if (ctx == NULL) -+ return; -+ -+ if (ctx->kmeth->reset != NULL) -+ ctx->kmeth->reset(ctx->impl); -+} -+ -+int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...) -+{ -+ int ret; -+ va_list args; -+ -+ va_start(args, cmd); -+ ret = EVP_KDF_vctrl(ctx, cmd, args); -+ va_end(args); -+ -+ if (ret == -2) -+ EVPerr(EVP_F_EVP_KDF_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); -+ -+ return ret; -+} -+ -+int EVP_KDF_vctrl(EVP_KDF_CTX *ctx, int cmd, va_list args) -+{ -+ if (ctx == NULL) -+ return 0; -+ -+ return ctx->kmeth->ctrl(ctx->impl, cmd, args); -+} -+ -+int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value) -+{ -+ int ret; -+ -+ if (ctx == NULL) -+ return 0; -+ -+ if (ctx->kmeth->ctrl_str == NULL) { -+ EVPerr(EVP_F_EVP_KDF_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); -+ return -2; -+ } -+ -+ ret = ctx->kmeth->ctrl_str(ctx->impl, type, value); -+ if (ret == -2) -+ EVPerr(EVP_F_EVP_KDF_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); -+ -+ return ret; -+} -+ -+size_t EVP_KDF_size(EVP_KDF_CTX *ctx) -+{ -+ if (ctx == NULL) -+ return 0; -+ -+ if (ctx->kmeth->size == NULL) -+ return SIZE_MAX; -+ -+ return ctx->kmeth->size(ctx->impl); -+} -+ -+int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen) -+{ -+ if (ctx == NULL) -+ return 0; -+ -+ return ctx->kmeth->derive(ctx->impl, key, keylen); -+} -+ -diff -up openssl-1.1.1j/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1j/crypto/evp/p5_crpt2.c ---- openssl-1.1.1j/crypto/evp/p5_crpt2.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/evp/p5_crpt2.c 2021-03-03 14:08:02.491294847 +0100 -@@ -1,5 +1,5 @@ - /* -- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -10,105 +10,51 @@ - #include - #include - #include "internal/cryptlib.h" --# include --# include --# include --# include "evp_local.h" -+#include -+#include -+#include -+#include -+#include "crypto/evp.h" -+#include "evp_local.h" - - /* set this to print out info about the keygen algorithm */ - /* #define OPENSSL_DEBUG_PKCS5V2 */ - --# ifdef OPENSSL_DEBUG_PKCS5V2 -+#ifdef OPENSSL_DEBUG_PKCS5V2 - static void h__dump(const unsigned char *p, int len); --# endif -- --/* -- * This is an implementation of PKCS#5 v2.0 password based encryption key -- * derivation function PBKDF2. SHA1 version verified against test vectors -- * posted by Peter Gutmann to the PKCS-TNG mailing list. -- */ -+#endif - - int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, - const unsigned char *salt, int saltlen, int iter, - const EVP_MD *digest, int keylen, unsigned char *out) - { - const char *empty = ""; -- unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; -- int cplen, j, k, tkeylen, mdlen; -- unsigned long i = 1; -- HMAC_CTX *hctx_tpl = NULL, *hctx = NULL; -- -- mdlen = EVP_MD_size(digest); -- if (mdlen < 0) -- return 0; -+ int rv = 1; -+ EVP_KDF_CTX *kctx; - -- hctx_tpl = HMAC_CTX_new(); -- if (hctx_tpl == NULL) -- return 0; -- p = out; -- tkeylen = keylen; -+ /* Keep documented behaviour. */ - if (pass == NULL) { - pass = empty; - passlen = 0; - } else if (passlen == -1) { - passlen = strlen(pass); - } -- if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) { -- HMAC_CTX_free(hctx_tpl); -- return 0; -- } -- hctx = HMAC_CTX_new(); -- if (hctx == NULL) { -- HMAC_CTX_free(hctx_tpl); -+ if (salt == NULL && saltlen == 0) -+ salt = (unsigned char *)empty; -+ -+ kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2); -+ if (kctx == NULL) - return 0; -- } -- while (tkeylen) { -- if (tkeylen > mdlen) -- cplen = mdlen; -- else -- cplen = tkeylen; -- /* -- * We are unlikely to ever use more than 256 blocks (5120 bits!) but -- * just in case... -- */ -- itmp[0] = (unsigned char)((i >> 24) & 0xff); -- itmp[1] = (unsigned char)((i >> 16) & 0xff); -- itmp[2] = (unsigned char)((i >> 8) & 0xff); -- itmp[3] = (unsigned char)(i & 0xff); -- if (!HMAC_CTX_copy(hctx, hctx_tpl)) { -- HMAC_CTX_free(hctx); -- HMAC_CTX_free(hctx_tpl); -- return 0; -- } -- if (!HMAC_Update(hctx, salt, saltlen) -- || !HMAC_Update(hctx, itmp, 4) -- || !HMAC_Final(hctx, digtmp, NULL)) { -- HMAC_CTX_free(hctx); -- HMAC_CTX_free(hctx_tpl); -- return 0; -- } -- memcpy(p, digtmp, cplen); -- for (j = 1; j < iter; j++) { -- if (!HMAC_CTX_copy(hctx, hctx_tpl)) { -- HMAC_CTX_free(hctx); -- HMAC_CTX_free(hctx_tpl); -- return 0; -- } -- if (!HMAC_Update(hctx, digtmp, mdlen) -- || !HMAC_Final(hctx, digtmp, NULL)) { -- HMAC_CTX_free(hctx); -- HMAC_CTX_free(hctx_tpl); -- return 0; -- } -- for (k = 0; k < cplen; k++) -- p[k] ^= digtmp[k]; -- } -- tkeylen -= cplen; -- i++; -- p += cplen; -- } -- HMAC_CTX_free(hctx); -- HMAC_CTX_free(hctx_tpl); -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, pass, (size_t)passlen) != 1 -+ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, -+ salt, (size_t)saltlen) != 1 -+ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, iter) != 1 -+ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, digest) != 1 -+ || EVP_KDF_derive(kctx, out, keylen) != 1) -+ rv = 0; -+ -+ EVP_KDF_CTX_free(kctx); -+ - # ifdef OPENSSL_DEBUG_PKCS5V2 - fprintf(stderr, "Password:\n"); - h__dump(pass, passlen); -@@ -118,7 +64,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, - fprintf(stderr, "Key:\n"); - h__dump(out, keylen); - # endif -- return 1; -+ return rv; - } - - int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, -diff -up openssl-1.1.1j/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1j/crypto/evp/pbe_scrypt.c ---- openssl-1.1.1j/crypto/evp/pbe_scrypt.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/evp/pbe_scrypt.c 2021-03-03 14:08:02.491294847 +0100 -@@ -7,135 +7,12 @@ - * https://www.openssl.org/source/license.html - */ - --#include --#include --#include - #include - #include --#include "internal/numbers.h" -+#include - - #ifndef OPENSSL_NO_SCRYPT - --#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) --static void salsa208_word_specification(uint32_t inout[16]) --{ -- int i; -- uint32_t x[16]; -- memcpy(x, inout, sizeof(x)); -- for (i = 8; i > 0; i -= 2) { -- x[4] ^= R(x[0] + x[12], 7); -- x[8] ^= R(x[4] + x[0], 9); -- x[12] ^= R(x[8] + x[4], 13); -- x[0] ^= R(x[12] + x[8], 18); -- x[9] ^= R(x[5] + x[1], 7); -- x[13] ^= R(x[9] + x[5], 9); -- x[1] ^= R(x[13] + x[9], 13); -- x[5] ^= R(x[1] + x[13], 18); -- x[14] ^= R(x[10] + x[6], 7); -- x[2] ^= R(x[14] + x[10], 9); -- x[6] ^= R(x[2] + x[14], 13); -- x[10] ^= R(x[6] + x[2], 18); -- x[3] ^= R(x[15] + x[11], 7); -- x[7] ^= R(x[3] + x[15], 9); -- x[11] ^= R(x[7] + x[3], 13); -- x[15] ^= R(x[11] + x[7], 18); -- x[1] ^= R(x[0] + x[3], 7); -- x[2] ^= R(x[1] + x[0], 9); -- x[3] ^= R(x[2] + x[1], 13); -- x[0] ^= R(x[3] + x[2], 18); -- x[6] ^= R(x[5] + x[4], 7); -- x[7] ^= R(x[6] + x[5], 9); -- x[4] ^= R(x[7] + x[6], 13); -- x[5] ^= R(x[4] + x[7], 18); -- x[11] ^= R(x[10] + x[9], 7); -- x[8] ^= R(x[11] + x[10], 9); -- x[9] ^= R(x[8] + x[11], 13); -- x[10] ^= R(x[9] + x[8], 18); -- x[12] ^= R(x[15] + x[14], 7); -- x[13] ^= R(x[12] + x[15], 9); -- x[14] ^= R(x[13] + x[12], 13); -- x[15] ^= R(x[14] + x[13], 18); -- } -- for (i = 0; i < 16; ++i) -- inout[i] += x[i]; -- OPENSSL_cleanse(x, sizeof(x)); --} -- --static void scryptBlockMix(uint32_t *B_, uint32_t *B, uint64_t r) --{ -- uint64_t i, j; -- uint32_t X[16], *pB; -- -- memcpy(X, B + (r * 2 - 1) * 16, sizeof(X)); -- pB = B; -- for (i = 0; i < r * 2; i++) { -- for (j = 0; j < 16; j++) -- X[j] ^= *pB++; -- salsa208_word_specification(X); -- memcpy(B_ + (i / 2 + (i & 1) * r) * 16, X, sizeof(X)); -- } -- OPENSSL_cleanse(X, sizeof(X)); --} -- --static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N, -- uint32_t *X, uint32_t *T, uint32_t *V) --{ -- unsigned char *pB; -- uint32_t *pV; -- uint64_t i, k; -- -- /* Convert from little endian input */ -- for (pV = V, i = 0, pB = B; i < 32 * r; i++, pV++) { -- *pV = *pB++; -- *pV |= *pB++ << 8; -- *pV |= *pB++ << 16; -- *pV |= (uint32_t)*pB++ << 24; -- } -- -- for (i = 1; i < N; i++, pV += 32 * r) -- scryptBlockMix(pV, pV - 32 * r, r); -- -- scryptBlockMix(X, V + (N - 1) * 32 * r, r); -- -- for (i = 0; i < N; i++) { -- uint32_t j; -- j = X[16 * (2 * r - 1)] % N; -- pV = V + 32 * r * j; -- for (k = 0; k < 32 * r; k++) -- T[k] = X[k] ^ *pV++; -- scryptBlockMix(X, T, r); -- } -- /* Convert output to little endian */ -- for (i = 0, pB = B; i < 32 * r; i++) { -- uint32_t xtmp = X[i]; -- *pB++ = xtmp & 0xff; -- *pB++ = (xtmp >> 8) & 0xff; -- *pB++ = (xtmp >> 16) & 0xff; -- *pB++ = (xtmp >> 24) & 0xff; -- } --} -- --#ifndef SIZE_MAX --# define SIZE_MAX ((size_t)-1) --#endif -- --/* -- * Maximum power of two that will fit in uint64_t: this should work on -- * most (all?) platforms. -- */ -- --#define LOG2_UINT64_MAX (sizeof(uint64_t) * 8 - 1) -- --/* -- * Maximum value of p * r: -- * p <= ((2^32-1) * hLen) / MFLen => -- * p <= ((2^32-1) * 32) / (128 * r) => -- * p * r <= (2^30-1) -- * -- */ -- --#define SCRYPT_PR_MAX ((1 << 30) - 1) -- - /* - * Maximum permitted memory allow this to be overridden with Configuration - * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible. -@@ -160,107 +37,43 @@ int EVP_PBE_scrypt(const char *pass, siz - uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, - unsigned char *key, size_t keylen) - { -- int rv = 0; -- unsigned char *B; -- uint32_t *X, *V, *T; -- uint64_t i, Blen, Vlen; -- -- /* Sanity check parameters */ -- /* initial check, r,p must be non zero, N >= 2 and a power of 2 */ -- if (r == 0 || p == 0 || N < 2 || (N & (N - 1))) -- return 0; -- /* Check p * r < SCRYPT_PR_MAX avoiding overflow */ -- if (p > SCRYPT_PR_MAX / r) { -- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); -- return 0; -- } -- -- /* -- * Need to check N: if 2^(128 * r / 8) overflows limit this is -- * automatically satisfied since N <= UINT64_MAX. -- */ -- -- if (16 * r <= LOG2_UINT64_MAX) { -- if (N >= (((uint64_t)1) << (16 * r))) { -- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); -- return 0; -- } -- } -+ const char *empty = ""; -+ int rv = 1; -+ EVP_KDF_CTX *kctx; - -- /* Memory checks: check total allocated buffer size fits in uint64_t */ -- -- /* -- * B size in section 5 step 1.S -- * Note: we know p * 128 * r < UINT64_MAX because we already checked -- * p * r < SCRYPT_PR_MAX -- */ -- Blen = p * 128 * r; -- /* -- * Yet we pass it as integer to PKCS5_PBKDF2_HMAC... [This would -- * have to be revised when/if PKCS5_PBKDF2_HMAC accepts size_t.] -- */ -- if (Blen > INT_MAX) { -- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); -+ if (r > UINT32_MAX || p > UINT32_MAX) { -+ EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE); - return 0; - } - -- /* -- * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in uint64_t -- * This is combined size V, X and T (section 4) -- */ -- i = UINT64_MAX / (32 * sizeof(uint32_t)); -- if (N + 2 > i / r) { -- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); -- return 0; -+ /* Maintain existing behaviour. */ -+ if (pass == NULL) { -+ pass = empty; -+ passlen = 0; - } -- Vlen = 32 * r * (N + 2) * sizeof(uint32_t); -- -- /* check total allocated size fits in uint64_t */ -- if (Blen > UINT64_MAX - Vlen) { -- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); -- return 0; -+ if (salt == NULL) { -+ salt = (const unsigned char *)empty; -+ saltlen = 0; - } -- - if (maxmem == 0) - maxmem = SCRYPT_MAX_MEM; - -- /* Check that the maximum memory doesn't exceed a size_t limits */ -- if (maxmem > SIZE_MAX) -- maxmem = SIZE_MAX; -- -- if (Blen + Vlen > maxmem) { -- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); -+ kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT); -+ if (kctx == NULL) - return 0; -- } - -- /* If no key return to indicate parameters are OK */ -- if (key == NULL) -- return 1; -- -- B = OPENSSL_malloc((size_t)(Blen + Vlen)); -- if (B == NULL) { -- EVPerr(EVP_F_EVP_PBE_SCRYPT, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- X = (uint32_t *)(B + Blen); -- T = X + 32 * r; -- V = T + 32 * r; -- if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(), -- (int)Blen, B) == 0) -- goto err; -- -- for (i = 0; i < p; i++) -- scryptROMix(B + 128 * r * i, r, N, X, T, V); -- -- if (PKCS5_PBKDF2_HMAC(pass, passlen, B, (int)Blen, 1, EVP_sha256(), -- keylen, key) == 0) -- goto err; -- rv = 1; -- err: -- if (rv == 0) -- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PBKDF2_ERROR); -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, pass, (size_t)passlen) != 1 -+ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, -+ salt, (size_t)saltlen) != 1 -+ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, N) != 1 -+ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, (uint32_t)r) != 1 -+ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, (uint32_t)p) != 1 -+ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, maxmem) != 1 -+ || EVP_KDF_derive(kctx, key, keylen) != 1) -+ rv = 0; - -- OPENSSL_clear_free(B, (size_t)(Blen + Vlen)); -+ EVP_KDF_CTX_free(kctx); - return rv; - } -+ - #endif -diff -up openssl-1.1.1j/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1j/crypto/evp/pkey_kdf.c ---- openssl-1.1.1j/crypto/evp/pkey_kdf.c.evp-kdf 2021-03-03 14:08:02.491294847 +0100 -+++ openssl-1.1.1j/crypto/evp/pkey_kdf.c 2021-03-03 14:08:02.491294847 +0100 -@@ -0,0 +1,255 @@ -+/* -+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#include -+#include -+#include -+#include -+#include "crypto/evp.h" -+ -+static int pkey_kdf_init(EVP_PKEY_CTX *ctx) -+{ -+ EVP_KDF_CTX *kctx; -+ -+ kctx = EVP_KDF_CTX_new_id(ctx->pmeth->pkey_id); -+ if (kctx == NULL) -+ return 0; -+ -+ ctx->data = kctx; -+ return 1; -+} -+ -+static void pkey_kdf_cleanup(EVP_PKEY_CTX *ctx) -+{ -+ EVP_KDF_CTX *kctx = ctx->data; -+ -+ EVP_KDF_CTX_free(kctx); -+} -+ -+static int pkey_kdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -+{ -+ EVP_KDF_CTX *kctx = ctx->data; -+ uint64_t u64_value; -+ int cmd; -+ int ret; -+ -+ switch (type) { -+ case EVP_PKEY_CTRL_PASS: -+ cmd = EVP_KDF_CTRL_SET_PASS; -+ break; -+ case EVP_PKEY_CTRL_HKDF_SALT: -+ case EVP_PKEY_CTRL_SCRYPT_SALT: -+ cmd = EVP_KDF_CTRL_SET_SALT; -+ break; -+ case EVP_PKEY_CTRL_TLS_MD: -+ case EVP_PKEY_CTRL_HKDF_MD: -+ cmd = EVP_KDF_CTRL_SET_MD; -+ break; -+ case EVP_PKEY_CTRL_TLS_SECRET: -+ cmd = EVP_KDF_CTRL_SET_TLS_SECRET; -+ ret = EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_RESET_TLS_SEED); -+ if (ret < 1) -+ return ret; -+ break; -+ case EVP_PKEY_CTRL_TLS_SEED: -+ cmd = EVP_KDF_CTRL_ADD_TLS_SEED; -+ break; -+ case EVP_PKEY_CTRL_HKDF_KEY: -+ cmd = EVP_KDF_CTRL_SET_KEY; -+ break; -+ case EVP_PKEY_CTRL_HKDF_INFO: -+ cmd = EVP_KDF_CTRL_ADD_HKDF_INFO; -+ break; -+ case EVP_PKEY_CTRL_HKDF_MODE: -+ cmd = EVP_KDF_CTRL_SET_HKDF_MODE; -+ break; -+ case EVP_PKEY_CTRL_SCRYPT_N: -+ cmd = EVP_KDF_CTRL_SET_SCRYPT_N; -+ break; -+ case EVP_PKEY_CTRL_SCRYPT_R: -+ cmd = EVP_KDF_CTRL_SET_SCRYPT_R; -+ break; -+ case EVP_PKEY_CTRL_SCRYPT_P: -+ cmd = EVP_KDF_CTRL_SET_SCRYPT_P; -+ break; -+ case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES: -+ cmd = EVP_KDF_CTRL_SET_MAXMEM_BYTES; -+ break; -+ default: -+ return -2; -+ } -+ -+ switch (cmd) { -+ case EVP_KDF_CTRL_SET_PASS: -+ case EVP_KDF_CTRL_SET_SALT: -+ case EVP_KDF_CTRL_SET_KEY: -+ case EVP_KDF_CTRL_SET_TLS_SECRET: -+ case EVP_KDF_CTRL_ADD_TLS_SEED: -+ case EVP_KDF_CTRL_ADD_HKDF_INFO: -+ return EVP_KDF_ctrl(kctx, cmd, (const unsigned char *)p2, (size_t)p1); -+ -+ case EVP_KDF_CTRL_SET_MD: -+ return EVP_KDF_ctrl(kctx, cmd, (const EVP_MD *)p2); -+ -+ case EVP_KDF_CTRL_SET_HKDF_MODE: -+ return EVP_KDF_ctrl(kctx, cmd, (int)p1); -+ -+ case EVP_KDF_CTRL_SET_SCRYPT_R: -+ case EVP_KDF_CTRL_SET_SCRYPT_P: -+ u64_value = *(uint64_t *)p2; -+ if (u64_value > UINT32_MAX) { -+ EVPerr(EVP_F_PKEY_KDF_CTRL, EVP_R_PARAMETER_TOO_LARGE); -+ return 0; -+ } -+ -+ return EVP_KDF_ctrl(kctx, cmd, (uint32_t)u64_value); -+ -+ case EVP_KDF_CTRL_SET_SCRYPT_N: -+ case EVP_KDF_CTRL_SET_MAXMEM_BYTES: -+ return EVP_KDF_ctrl(kctx, cmd, *(uint64_t *)p2); -+ -+ default: -+ return 0; -+ } -+} -+ -+static int pkey_kdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, -+ const char *value) -+{ -+ EVP_KDF_CTX *kctx = ctx->data; -+ -+ if (strcmp(type, "md") == 0) -+ return EVP_KDF_ctrl_str(kctx, "digest", value); -+ return EVP_KDF_ctrl_str(kctx, type, value); -+} -+ -+static int pkey_kdf_derive_init(EVP_PKEY_CTX *ctx) -+{ -+ EVP_KDF_CTX *kctx = ctx->data; -+ -+ EVP_KDF_reset(kctx); -+ return 1; -+} -+ -+/* -+ * For fixed-output algorithms the keylen parameter is an "out" parameter -+ * otherwise it is an "in" parameter. -+ */ -+static int pkey_kdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, -+ size_t *keylen) -+{ -+ EVP_KDF_CTX *kctx = ctx->data; -+ size_t outlen = EVP_KDF_size(kctx); -+ -+ if (outlen == 0 || outlen == SIZE_MAX) { -+ /* Variable-output algorithm */ -+ if (key == NULL) -+ return 0; -+ } else { -+ /* Fixed-output algorithm */ -+ *keylen = outlen; -+ if (key == NULL) -+ return 1; -+ } -+ return EVP_KDF_derive(kctx, key, *keylen); -+} -+ -+#ifndef OPENSSL_NO_SCRYPT -+const EVP_PKEY_METHOD scrypt_pkey_meth = { -+ EVP_PKEY_SCRYPT, -+ 0, -+ pkey_kdf_init, -+ 0, -+ pkey_kdf_cleanup, -+ -+ 0, 0, -+ 0, 0, -+ -+ 0, -+ 0, -+ -+ 0, -+ 0, -+ -+ 0, 0, -+ -+ 0, 0, 0, 0, -+ -+ 0, 0, -+ -+ 0, 0, -+ -+ pkey_kdf_derive_init, -+ pkey_kdf_derive, -+ pkey_kdf_ctrl, -+ pkey_kdf_ctrl_str -+}; -+#endif -+ -+const EVP_PKEY_METHOD tls1_prf_pkey_meth = { -+ EVP_PKEY_TLS1_PRF, -+ EVP_PKEY_FLAG_FIPS, -+ pkey_kdf_init, -+ 0, -+ pkey_kdf_cleanup, -+ -+ 0, 0, -+ 0, 0, -+ -+ 0, -+ 0, -+ -+ 0, -+ 0, -+ -+ 0, 0, -+ -+ 0, 0, 0, 0, -+ -+ 0, 0, -+ -+ 0, 0, -+ -+ pkey_kdf_derive_init, -+ pkey_kdf_derive, -+ pkey_kdf_ctrl, -+ pkey_kdf_ctrl_str -+}; -+ -+const EVP_PKEY_METHOD hkdf_pkey_meth = { -+ EVP_PKEY_HKDF, -+ EVP_PKEY_FLAG_FIPS, -+ pkey_kdf_init, -+ 0, -+ pkey_kdf_cleanup, -+ -+ 0, 0, -+ 0, 0, -+ -+ 0, -+ 0, -+ -+ 0, -+ 0, -+ -+ 0, 0, -+ -+ 0, 0, 0, 0, -+ -+ 0, 0, -+ -+ 0, 0, -+ -+ pkey_kdf_derive_init, -+ pkey_kdf_derive, -+ pkey_kdf_ctrl, -+ pkey_kdf_ctrl_str -+}; -+ -diff -up openssl-1.1.1j/crypto/kdf/build.info.evp-kdf openssl-1.1.1j/crypto/kdf/build.info ---- openssl-1.1.1j/crypto/kdf/build.info.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/kdf/build.info 2021-03-03 14:08:02.491294847 +0100 -@@ -1,3 +1,3 @@ - LIBS=../../libcrypto - SOURCE[../../libcrypto]=\ -- tls1_prf.c kdf_err.c hkdf.c scrypt.c -+ tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c -diff -up openssl-1.1.1j/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1j/crypto/kdf/hkdf.c ---- openssl-1.1.1j/crypto/kdf/hkdf.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/kdf/hkdf.c 2021-03-03 14:08:02.492294856 +0100 -@@ -8,32 +8,33 @@ - */ - - #include -+#include - #include - #include - #include - #include - #include "internal/cryptlib.h" - #include "crypto/evp.h" -+#include "kdf_local.h" - - #define HKDF_MAXBUF 1024 - --static unsigned char *HKDF(const EVP_MD *evp_md, -- const unsigned char *salt, size_t salt_len, -- const unsigned char *key, size_t key_len, -- const unsigned char *info, size_t info_len, -- unsigned char *okm, size_t okm_len); -- --static unsigned char *HKDF_Extract(const EVP_MD *evp_md, -- const unsigned char *salt, size_t salt_len, -- const unsigned char *key, size_t key_len, -- unsigned char *prk, size_t *prk_len); -- --static unsigned char *HKDF_Expand(const EVP_MD *evp_md, -- const unsigned char *prk, size_t prk_len, -- const unsigned char *info, size_t info_len, -- unsigned char *okm, size_t okm_len); -+static void kdf_hkdf_reset(EVP_KDF_IMPL *impl); -+static int HKDF(const EVP_MD *evp_md, -+ const unsigned char *salt, size_t salt_len, -+ const unsigned char *key, size_t key_len, -+ const unsigned char *info, size_t info_len, -+ unsigned char *okm, size_t okm_len); -+static int HKDF_Extract(const EVP_MD *evp_md, -+ const unsigned char *salt, size_t salt_len, -+ const unsigned char *key, size_t key_len, -+ unsigned char *prk, size_t prk_len); -+static int HKDF_Expand(const EVP_MD *evp_md, -+ const unsigned char *prk, size_t prk_len, -+ const unsigned char *info, size_t info_len, -+ unsigned char *okm, size_t okm_len); - --typedef struct { -+struct evp_kdf_impl_st { - int mode; - const EVP_MD *md; - unsigned char *salt; -@@ -42,230 +43,208 @@ typedef struct { - size_t key_len; - unsigned char info[HKDF_MAXBUF]; - size_t info_len; --} HKDF_PKEY_CTX; -+}; - --static int pkey_hkdf_init(EVP_PKEY_CTX *ctx) -+static EVP_KDF_IMPL *kdf_hkdf_new(void) - { -- HKDF_PKEY_CTX *kctx; -- -- if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) { -- KDFerr(KDF_F_PKEY_HKDF_INIT, ERR_R_MALLOC_FAILURE); -- return 0; -- } -+ EVP_KDF_IMPL *impl; - -- ctx->data = kctx; -+ if ((impl = OPENSSL_zalloc(sizeof(*impl))) == NULL) -+ KDFerr(KDF_F_KDF_HKDF_NEW, ERR_R_MALLOC_FAILURE); -+ return impl; -+} - -- return 1; -+static void kdf_hkdf_free(EVP_KDF_IMPL *impl) -+{ -+ kdf_hkdf_reset(impl); -+ OPENSSL_free(impl); - } - --static void pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx) -+static void kdf_hkdf_reset(EVP_KDF_IMPL *impl) - { -- HKDF_PKEY_CTX *kctx = ctx->data; -- OPENSSL_clear_free(kctx->salt, kctx->salt_len); -- OPENSSL_clear_free(kctx->key, kctx->key_len); -- OPENSSL_cleanse(kctx->info, kctx->info_len); -- OPENSSL_free(kctx); -+ OPENSSL_free(impl->salt); -+ OPENSSL_clear_free(impl->key, impl->key_len); -+ OPENSSL_cleanse(impl->info, impl->info_len); -+ memset(impl, 0, sizeof(*impl)); - } - --static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -+static int kdf_hkdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) - { -- HKDF_PKEY_CTX *kctx = ctx->data; -+ const unsigned char *p; -+ size_t len; -+ const EVP_MD *md; - -- switch (type) { -- case EVP_PKEY_CTRL_HKDF_MD: -- if (p2 == NULL) -+ switch (cmd) { -+ case EVP_KDF_CTRL_SET_MD: -+ md = va_arg(args, const EVP_MD *); -+ if (md == NULL) - return 0; - -- kctx->md = p2; -+ impl->md = md; - return 1; - -- case EVP_PKEY_CTRL_HKDF_MODE: -- kctx->mode = p1; -+ case EVP_KDF_CTRL_SET_HKDF_MODE: -+ impl->mode = va_arg(args, int); - return 1; - -- case EVP_PKEY_CTRL_HKDF_SALT: -- if (p1 == 0 || p2 == NULL) -+ case EVP_KDF_CTRL_SET_SALT: -+ p = va_arg(args, const unsigned char *); -+ len = va_arg(args, size_t); -+ if (len == 0 || p == NULL) - return 1; - -- if (p1 < 0) -+ OPENSSL_free(impl->salt); -+ impl->salt = OPENSSL_memdup(p, len); -+ if (impl->salt == NULL) - return 0; - -- if (kctx->salt != NULL) -- OPENSSL_clear_free(kctx->salt, kctx->salt_len); -- -- kctx->salt = OPENSSL_memdup(p2, p1); -- if (kctx->salt == NULL) -- return 0; -- -- kctx->salt_len = p1; -+ impl->salt_len = len; - return 1; - -- case EVP_PKEY_CTRL_HKDF_KEY: -- if (p1 < 0) -+ case EVP_KDF_CTRL_SET_KEY: -+ p = va_arg(args, const unsigned char *); -+ len = va_arg(args, size_t); -+ OPENSSL_clear_free(impl->key, impl->key_len); -+ impl->key = OPENSSL_memdup(p, len); -+ if (impl->key == NULL) - return 0; - -- if (kctx->key != NULL) -- OPENSSL_clear_free(kctx->key, kctx->key_len); -- -- kctx->key = OPENSSL_memdup(p2, p1); -- if (kctx->key == NULL) -- return 0; -+ impl->key_len = len; -+ return 1; - -- kctx->key_len = p1; -+ case EVP_KDF_CTRL_RESET_HKDF_INFO: -+ OPENSSL_cleanse(impl->info, impl->info_len); -+ impl->info_len = 0; - return 1; - -- case EVP_PKEY_CTRL_HKDF_INFO: -- if (p1 == 0 || p2 == NULL) -+ case EVP_KDF_CTRL_ADD_HKDF_INFO: -+ p = va_arg(args, const unsigned char *); -+ len = va_arg(args, size_t); -+ if (len == 0 || p == NULL) - return 1; - -- if (p1 < 0 || p1 > (int)(HKDF_MAXBUF - kctx->info_len)) -+ if (len > (HKDF_MAXBUF - impl->info_len)) - return 0; - -- memcpy(kctx->info + kctx->info_len, p2, p1); -- kctx->info_len += p1; -+ memcpy(impl->info + impl->info_len, p, len); -+ impl->info_len += len; - return 1; - - default: - return -2; -- - } - } - --static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, -- const char *value) -+static int kdf_hkdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type, -+ const char *value) - { - if (strcmp(type, "mode") == 0) { - int mode; - - if (strcmp(value, "EXTRACT_AND_EXPAND") == 0) -- mode = EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND; -+ mode = EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND; - else if (strcmp(value, "EXTRACT_ONLY") == 0) -- mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY; -+ mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; - else if (strcmp(value, "EXPAND_ONLY") == 0) -- mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY; -+ mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY; - else - return 0; - -- return EVP_PKEY_CTX_hkdf_mode(ctx, mode); -+ return call_ctrl(kdf_hkdf_ctrl, impl, EVP_KDF_CTRL_SET_HKDF_MODE, mode); - } - -- if (strcmp(type, "md") == 0) -- return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_DERIVE, -- EVP_PKEY_CTRL_HKDF_MD, value); -+ if (strcmp(type, "digest") == 0) -+ return kdf_md2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_MD, value); - - if (strcmp(type, "salt") == 0) -- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value); -+ return kdf_str2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_SALT, value); - - if (strcmp(type, "hexsalt") == 0) -- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value); -+ return kdf_hex2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_SALT, value); - - if (strcmp(type, "key") == 0) -- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value); -+ return kdf_str2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_KEY, value); - - if (strcmp(type, "hexkey") == 0) -- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value); -+ return kdf_hex2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_KEY, value); - - if (strcmp(type, "info") == 0) -- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value); -+ return kdf_str2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_ADD_HKDF_INFO, -+ value); - - if (strcmp(type, "hexinfo") == 0) -- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value); -+ return kdf_hex2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_ADD_HKDF_INFO, -+ value); - -- KDFerr(KDF_F_PKEY_HKDF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE); - return -2; - } - --static int pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx) -+static size_t kdf_hkdf_size(EVP_KDF_IMPL *impl) - { -- HKDF_PKEY_CTX *kctx = ctx->data; -+ if (impl->mode != EVP_KDF_HKDF_MODE_EXTRACT_ONLY) -+ return SIZE_MAX; - -- OPENSSL_clear_free(kctx->key, kctx->key_len); -- OPENSSL_clear_free(kctx->salt, kctx->salt_len); -- OPENSSL_cleanse(kctx->info, kctx->info_len); -- memset(kctx, 0, sizeof(*kctx)); -- -- return 1; -+ if (impl->md == NULL) { -+ KDFerr(KDF_F_KDF_HKDF_SIZE, KDF_R_MISSING_MESSAGE_DIGEST); -+ return 0; -+ } -+ return EVP_MD_size(impl->md); - } - --static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, -- size_t *keylen) -+static int kdf_hkdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, -+ size_t keylen) - { -- HKDF_PKEY_CTX *kctx = ctx->data; -- -- if (kctx->md == NULL) { -- KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); -+ if (impl->md == NULL) { -+ KDFerr(KDF_F_KDF_HKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); - return 0; - } -- if (kctx->key == NULL) { -- KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_KEY); -+ if (impl->key == NULL) { -+ KDFerr(KDF_F_KDF_HKDF_DERIVE, KDF_R_MISSING_KEY); - return 0; - } - -- switch (kctx->mode) { -- case EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND: -- return HKDF(kctx->md, kctx->salt, kctx->salt_len, kctx->key, -- kctx->key_len, kctx->info, kctx->info_len, key, -- *keylen) != NULL; -- -- case EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY: -- if (key == NULL) { -- *keylen = EVP_MD_size(kctx->md); -- return 1; -- } -- return HKDF_Extract(kctx->md, kctx->salt, kctx->salt_len, kctx->key, -- kctx->key_len, key, keylen) != NULL; -- -- case EVP_PKEY_HKDEF_MODE_EXPAND_ONLY: -- return HKDF_Expand(kctx->md, kctx->key, kctx->key_len, kctx->info, -- kctx->info_len, key, *keylen) != NULL; -+ switch (impl->mode) { -+ case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND: -+ return HKDF(impl->md, impl->salt, impl->salt_len, impl->key, -+ impl->key_len, impl->info, impl->info_len, key, -+ keylen); -+ -+ case EVP_KDF_HKDF_MODE_EXTRACT_ONLY: -+ return HKDF_Extract(impl->md, impl->salt, impl->salt_len, impl->key, -+ impl->key_len, key, keylen); -+ -+ case EVP_KDF_HKDF_MODE_EXPAND_ONLY: -+ return HKDF_Expand(impl->md, impl->key, impl->key_len, impl->info, -+ impl->info_len, key, keylen); - - default: - return 0; - } - } - --const EVP_PKEY_METHOD hkdf_pkey_meth = { -- EVP_PKEY_HKDF, -- 0, -- pkey_hkdf_init, -- 0, -- pkey_hkdf_cleanup, -- -- 0, 0, -- 0, 0, -- -- 0, -- 0, -- -- 0, -- 0, -- -- 0, 0, -- -- 0, 0, 0, 0, -- -- 0, 0, -- -- 0, 0, -- -- pkey_hkdf_derive_init, -- pkey_hkdf_derive, -- pkey_hkdf_ctrl, -- pkey_hkdf_ctrl_str -+const EVP_KDF_METHOD hkdf_kdf_meth = { -+ EVP_KDF_HKDF, -+ kdf_hkdf_new, -+ kdf_hkdf_free, -+ kdf_hkdf_reset, -+ kdf_hkdf_ctrl, -+ kdf_hkdf_ctrl_str, -+ kdf_hkdf_size, -+ kdf_hkdf_derive - }; - --static unsigned char *HKDF(const EVP_MD *evp_md, -- const unsigned char *salt, size_t salt_len, -- const unsigned char *key, size_t key_len, -- const unsigned char *info, size_t info_len, -- unsigned char *okm, size_t okm_len) -+static int HKDF(const EVP_MD *evp_md, -+ const unsigned char *salt, size_t salt_len, -+ const unsigned char *key, size_t key_len, -+ const unsigned char *info, size_t info_len, -+ unsigned char *okm, size_t okm_len) - { - unsigned char prk[EVP_MAX_MD_SIZE]; -- unsigned char *ret; -- size_t prk_len; -+ int ret; -+ size_t prk_len = EVP_MD_size(evp_md); - -- if (!HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, &prk_len)) -- return NULL; -+ if (!HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, prk_len)) -+ return 0; - - ret = HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len); - OPENSSL_cleanse(prk, sizeof(prk)); -@@ -273,43 +252,38 @@ static unsigned char *HKDF(const EVP_MD - return ret; - } - --static unsigned char *HKDF_Extract(const EVP_MD *evp_md, -- const unsigned char *salt, size_t salt_len, -- const unsigned char *key, size_t key_len, -- unsigned char *prk, size_t *prk_len) -+static int HKDF_Extract(const EVP_MD *evp_md, -+ const unsigned char *salt, size_t salt_len, -+ const unsigned char *key, size_t key_len, -+ unsigned char *prk, size_t prk_len) - { -- unsigned int tmp_len; -- -- if (!HMAC(evp_md, salt, salt_len, key, key_len, prk, &tmp_len)) -- return NULL; -- -- *prk_len = tmp_len; -- return prk; -+ if (prk_len != (size_t)EVP_MD_size(evp_md)) { -+ KDFerr(KDF_F_HKDF_EXTRACT, KDF_R_WRONG_OUTPUT_BUFFER_SIZE); -+ return 0; -+ } -+ return HMAC(evp_md, salt, salt_len, key, key_len, prk, NULL) != NULL; - } - --static unsigned char *HKDF_Expand(const EVP_MD *evp_md, -- const unsigned char *prk, size_t prk_len, -- const unsigned char *info, size_t info_len, -- unsigned char *okm, size_t okm_len) -+static int HKDF_Expand(const EVP_MD *evp_md, -+ const unsigned char *prk, size_t prk_len, -+ const unsigned char *info, size_t info_len, -+ unsigned char *okm, size_t okm_len) - { - HMAC_CTX *hmac; -- unsigned char *ret = NULL; -- -+ int ret = 0; - unsigned int i; -- - unsigned char prev[EVP_MAX_MD_SIZE]; -- - size_t done_len = 0, dig_len = EVP_MD_size(evp_md); -- - size_t n = okm_len / dig_len; -+ - if (okm_len % dig_len) - n++; - - if (n > 255 || okm == NULL) -- return NULL; -+ return 0; - - if ((hmac = HMAC_CTX_new()) == NULL) -- return NULL; -+ return 0; - - if (!HMAC_Init_ex(hmac, prk, prk_len, evp_md, NULL)) - goto err; -@@ -343,7 +317,7 @@ static unsigned char *HKDF_Expand(const - - done_len += copy_len; - } -- ret = okm; -+ ret = 1; - - err: - OPENSSL_cleanse(prev, sizeof(prev)); -diff -up openssl-1.1.1j/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_err.c ---- openssl-1.1.1j/crypto/kdf/kdf_err.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/kdf/kdf_err.c 2021-03-03 14:08:02.492294856 +0100 -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -14,6 +14,29 @@ - #ifndef OPENSSL_NO_ERR - - static const ERR_STRING_DATA KDF_str_functs[] = { -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_HKDF_EXTRACT, 0), "HKDF_Extract"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_HKDF_DERIVE, 0), "kdf_hkdf_derive"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_HKDF_NEW, 0), "kdf_hkdf_new"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_HKDF_SIZE, 0), "kdf_hkdf_size"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_MD2CTRL, 0), "kdf_md2ctrl"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_PBKDF2_CTRL_STR, 0), -+ "kdf_pbkdf2_ctrl_str"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_PBKDF2_DERIVE, 0), "kdf_pbkdf2_derive"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_PBKDF2_NEW, 0), "kdf_pbkdf2_new"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_CTRL_STR, 0), -+ "kdf_scrypt_ctrl_str"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_CTRL_UINT32, 0), -+ "kdf_scrypt_ctrl_uint32"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_CTRL_UINT64, 0), -+ "kdf_scrypt_ctrl_uint64"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_DERIVE, 0), "kdf_scrypt_derive"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_NEW, 0), "kdf_scrypt_new"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_CTRL_STR, 0), -+ "kdf_tls1_prf_ctrl_str"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_DERIVE, 0), -+ "kdf_tls1_prf_derive"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_NEW, 0), "kdf_tls1_prf_new"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_PBKDF2_SET_MEMBUF, 0), "pbkdf2_set_membuf"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_CTRL_STR, 0), "pkey_hkdf_ctrl_str"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_INIT, 0), "pkey_hkdf_init"}, -@@ -30,6 +53,7 @@ static const ERR_STRING_DATA KDF_str_fun - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0), - "pkey_tls1_prf_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_INIT, 0), "pkey_tls1_prf_init"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_SCRYPT_SET_MEMBUF, 0), "scrypt_set_membuf"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_TLS1_PRF_ALG, 0), "tls1_prf_alg"}, - {0, NULL} - }; -@@ -50,6 +74,8 @@ static const ERR_STRING_DATA KDF_str_rea - "unknown parameter type"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_ERROR), "value error"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_MISSING), "value missing"}, -+ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_WRONG_OUTPUT_BUFFER_SIZE), -+ "wrong output buffer size"}, - {0, NULL} - }; - -diff -up openssl-1.1.1j/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_local.h ---- openssl-1.1.1j/crypto/kdf/kdf_local.h.evp-kdf 2021-03-03 14:08:02.492294856 +0100 -+++ openssl-1.1.1j/crypto/kdf/kdf_local.h 2021-03-03 14:08:02.492294856 +0100 -@@ -0,0 +1,22 @@ -+/* -+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+int call_ctrl(int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), -+ EVP_KDF_IMPL *impl, int cmd, ...); -+int kdf_str2ctrl(EVP_KDF_IMPL *impl, -+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), -+ int cmd, const char *str); -+int kdf_hex2ctrl(EVP_KDF_IMPL *impl, -+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), -+ int cmd, const char *hex); -+int kdf_md2ctrl(EVP_KDF_IMPL *impl, -+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), -+ int cmd, const char *md_name); -+ -diff -up openssl-1.1.1j/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_util.c ---- openssl-1.1.1j/crypto/kdf/kdf_util.c.evp-kdf 2021-03-03 14:08:02.492294856 +0100 -+++ openssl-1.1.1j/crypto/kdf/kdf_util.c 2021-03-03 14:08:02.492294856 +0100 -@@ -0,0 +1,73 @@ -+/* -+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#include -+#include -+#include -+#include -+#include "internal/cryptlib.h" -+#include "crypto/evp.h" -+#include "internal/numbers.h" -+#include "kdf_local.h" -+ -+int call_ctrl(int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), -+ EVP_KDF_IMPL *impl, int cmd, ...) -+{ -+ int ret; -+ va_list args; -+ -+ va_start(args, cmd); -+ ret = ctrl(impl, cmd, args); -+ va_end(args); -+ -+ return ret; -+} -+ -+/* Utility functions to send a string or hex string to a ctrl */ -+ -+int kdf_str2ctrl(EVP_KDF_IMPL *impl, -+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), -+ int cmd, const char *str) -+{ -+ return call_ctrl(ctrl, impl, cmd, (const unsigned char *)str, strlen(str)); -+} -+ -+int kdf_hex2ctrl(EVP_KDF_IMPL *impl, -+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), -+ int cmd, const char *hex) -+{ -+ unsigned char *bin; -+ long binlen; -+ int ret = -1; -+ -+ bin = OPENSSL_hexstr2buf(hex, &binlen); -+ if (bin == NULL) -+ return 0; -+ -+ if (binlen <= INT_MAX) -+ ret = call_ctrl(ctrl, impl, cmd, bin, (size_t)binlen); -+ OPENSSL_free(bin); -+ return ret; -+} -+ -+/* Pass a message digest to a ctrl */ -+int kdf_md2ctrl(EVP_KDF_IMPL *impl, -+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), -+ int cmd, const char *md_name) -+{ -+ const EVP_MD *md; -+ -+ if (md_name == NULL || (md = EVP_get_digestbyname(md_name)) == NULL) { -+ KDFerr(KDF_F_KDF_MD2CTRL, KDF_R_INVALID_DIGEST); -+ return 0; -+ } -+ return call_ctrl(ctrl, impl, cmd, md); -+} -+ -diff -up openssl-1.1.1j/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1j/crypto/kdf/pbkdf2.c ---- openssl-1.1.1j/crypto/kdf/pbkdf2.c.evp-kdf 2021-03-03 14:08:02.492294856 +0100 -+++ openssl-1.1.1j/crypto/kdf/pbkdf2.c 2021-03-03 14:08:02.492294856 +0100 -@@ -0,0 +1,264 @@ -+/* -+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include "internal/cryptlib.h" -+#include "crypto/evp.h" -+#include "kdf_local.h" -+ -+static void kdf_pbkdf2_reset(EVP_KDF_IMPL *impl); -+static void kdf_pbkdf2_init(EVP_KDF_IMPL *impl); -+static int pkcs5_pbkdf2_alg(const char *pass, size_t passlen, -+ const unsigned char *salt, int saltlen, int iter, -+ const EVP_MD *digest, unsigned char *key, -+ size_t keylen); -+ -+struct evp_kdf_impl_st { -+ unsigned char *pass; -+ size_t pass_len; -+ unsigned char *salt; -+ size_t salt_len; -+ int iter; -+ const EVP_MD *md; -+}; -+ -+static EVP_KDF_IMPL *kdf_pbkdf2_new(void) -+{ -+ EVP_KDF_IMPL *impl; -+ -+ impl = OPENSSL_zalloc(sizeof(*impl)); -+ if (impl == NULL) { -+ KDFerr(KDF_F_KDF_PBKDF2_NEW, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ kdf_pbkdf2_init(impl); -+ return impl; -+} -+ -+static void kdf_pbkdf2_free(EVP_KDF_IMPL *impl) -+{ -+ kdf_pbkdf2_reset(impl); -+ OPENSSL_free(impl); -+} -+ -+static void kdf_pbkdf2_reset(EVP_KDF_IMPL *impl) -+{ -+ OPENSSL_free(impl->salt); -+ OPENSSL_clear_free(impl->pass, impl->pass_len); -+ memset(impl, 0, sizeof(*impl)); -+ kdf_pbkdf2_init(impl); -+} -+ -+static void kdf_pbkdf2_init(EVP_KDF_IMPL *impl) -+{ -+ impl->iter = PKCS5_DEFAULT_ITER; -+ impl->md = EVP_sha1(); -+} -+ -+static int pbkdf2_set_membuf(unsigned char **buffer, size_t *buflen, -+ const unsigned char *new_buffer, -+ size_t new_buflen) -+{ -+ if (new_buffer == NULL) -+ return 1; -+ -+ OPENSSL_clear_free(*buffer, *buflen); -+ -+ if (new_buflen > 0) { -+ *buffer = OPENSSL_memdup(new_buffer, new_buflen); -+ } else { -+ *buffer = OPENSSL_malloc(1); -+ } -+ if (*buffer == NULL) { -+ KDFerr(KDF_F_PBKDF2_SET_MEMBUF, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ -+ *buflen = new_buflen; -+ return 1; -+} -+ -+static int kdf_pbkdf2_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) -+{ -+ int iter; -+ const unsigned char *p; -+ size_t len; -+ const EVP_MD *md; -+ -+ switch (cmd) { -+ case EVP_KDF_CTRL_SET_PASS: -+ p = va_arg(args, const unsigned char *); -+ len = va_arg(args, size_t); -+ return pbkdf2_set_membuf(&impl->pass, &impl->pass_len, p, len); -+ -+ case EVP_KDF_CTRL_SET_SALT: -+ p = va_arg(args, const unsigned char *); -+ len = va_arg(args, size_t); -+ return pbkdf2_set_membuf(&impl->salt, &impl->salt_len, p, len); -+ -+ case EVP_KDF_CTRL_SET_ITER: -+ iter = va_arg(args, int); -+ if (iter < 1) -+ return 0; -+ -+ impl->iter = iter; -+ return 1; -+ -+ case EVP_KDF_CTRL_SET_MD: -+ md = va_arg(args, const EVP_MD *); -+ if (md == NULL) -+ return 0; -+ -+ impl->md = md; -+ return 1; -+ -+ default: -+ return -2; -+ } -+} -+ -+static int kdf_pbkdf2_ctrl_str(EVP_KDF_IMPL *impl, const char *type, -+ const char *value) -+{ -+ if (value == NULL) { -+ KDFerr(KDF_F_KDF_PBKDF2_CTRL_STR, KDF_R_VALUE_MISSING); -+ return 0; -+ } -+ -+ if (strcmp(type, "pass") == 0) -+ return kdf_str2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_PASS, -+ value); -+ -+ if (strcmp(type, "hexpass") == 0) -+ return kdf_hex2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_PASS, -+ value); -+ -+ if (strcmp(type, "salt") == 0) -+ return kdf_str2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_SALT, -+ value); -+ -+ if (strcmp(type, "hexsalt") == 0) -+ return kdf_hex2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_SALT, -+ value); -+ -+ if (strcmp(type, "iter") == 0) -+ return call_ctrl(kdf_pbkdf2_ctrl, impl, EVP_KDF_CTRL_SET_ITER, -+ atoi(value)); -+ -+ if (strcmp(type, "digest") == 0) -+ return kdf_md2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_MD, value); -+ -+ return -2; -+} -+ -+static int kdf_pbkdf2_derive(EVP_KDF_IMPL *impl, unsigned char *key, -+ size_t keylen) -+{ -+ if (impl->pass == NULL) { -+ KDFerr(KDF_F_KDF_PBKDF2_DERIVE, KDF_R_MISSING_PASS); -+ return 0; -+ } -+ -+ if (impl->salt == NULL) { -+ KDFerr(KDF_F_KDF_PBKDF2_DERIVE, KDF_R_MISSING_SALT); -+ return 0; -+ } -+ -+ return pkcs5_pbkdf2_alg((char *)impl->pass, impl->pass_len, -+ impl->salt, impl->salt_len, impl->iter, -+ impl->md, key, keylen); -+} -+ -+const EVP_KDF_METHOD pbkdf2_kdf_meth = { -+ EVP_KDF_PBKDF2, -+ kdf_pbkdf2_new, -+ kdf_pbkdf2_free, -+ kdf_pbkdf2_reset, -+ kdf_pbkdf2_ctrl, -+ kdf_pbkdf2_ctrl_str, -+ NULL, -+ kdf_pbkdf2_derive -+}; -+ -+/* -+ * This is an implementation of PKCS#5 v2.0 password based encryption key -+ * derivation function PBKDF2. SHA1 version verified against test vectors -+ * posted by Peter Gutmann to the PKCS-TNG mailing list. -+ */ -+ -+static int pkcs5_pbkdf2_alg(const char *pass, size_t passlen, -+ const unsigned char *salt, int saltlen, int iter, -+ const EVP_MD *digest, unsigned char *key, -+ size_t keylen) -+{ -+ int ret = 0; -+ unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; -+ int cplen, j, k, tkeylen, mdlen; -+ unsigned long i = 1; -+ HMAC_CTX *hctx_tpl = NULL, *hctx = NULL; -+ -+ mdlen = EVP_MD_size(digest); -+ if (mdlen < 0) -+ return 0; -+ -+ hctx_tpl = HMAC_CTX_new(); -+ if (hctx_tpl == NULL) -+ return 0; -+ p = key; -+ tkeylen = keylen; -+ if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) -+ goto err; -+ hctx = HMAC_CTX_new(); -+ if (hctx == NULL) -+ goto err; -+ while (tkeylen) { -+ if (tkeylen > mdlen) -+ cplen = mdlen; -+ else -+ cplen = tkeylen; -+ /* -+ * We are unlikely to ever use more than 256 blocks (5120 bits!) but -+ * just in case... -+ */ -+ itmp[0] = (unsigned char)((i >> 24) & 0xff); -+ itmp[1] = (unsigned char)((i >> 16) & 0xff); -+ itmp[2] = (unsigned char)((i >> 8) & 0xff); -+ itmp[3] = (unsigned char)(i & 0xff); -+ if (!HMAC_CTX_copy(hctx, hctx_tpl)) -+ goto err; -+ if (!HMAC_Update(hctx, salt, saltlen) -+ || !HMAC_Update(hctx, itmp, 4) -+ || !HMAC_Final(hctx, digtmp, NULL)) -+ goto err; -+ memcpy(p, digtmp, cplen); -+ for (j = 1; j < iter; j++) { -+ if (!HMAC_CTX_copy(hctx, hctx_tpl)) -+ goto err; -+ if (!HMAC_Update(hctx, digtmp, mdlen) -+ || !HMAC_Final(hctx, digtmp, NULL)) -+ goto err; -+ for (k = 0; k < cplen; k++) -+ p[k] ^= digtmp[k]; -+ } -+ tkeylen -= cplen; -+ i++; -+ p += cplen; -+ } -+ ret = 1; -+ -+err: -+ HMAC_CTX_free(hctx); -+ HMAC_CTX_free(hctx_tpl); -+ return ret; -+} -diff -up openssl-1.1.1j/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1j/crypto/kdf/scrypt.c ---- openssl-1.1.1j/crypto/kdf/scrypt.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/kdf/scrypt.c 2021-03-03 14:08:02.492294856 +0100 -@@ -8,25 +8,35 @@ - */ - - #include -+#include - #include - #include - #include - #include --#include "internal/cryptlib.h" -+#include - #include "crypto/evp.h" -+#include "internal/numbers.h" -+#include "kdf_local.h" - - #ifndef OPENSSL_NO_SCRYPT - -+static void kdf_scrypt_reset(EVP_KDF_IMPL *impl); -+static void kdf_scrypt_init(EVP_KDF_IMPL *impl); - static int atou64(const char *nptr, uint64_t *result); -+static int scrypt_alg(const char *pass, size_t passlen, -+ const unsigned char *salt, size_t saltlen, -+ uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, -+ unsigned char *key, size_t keylen); - --typedef struct { -+struct evp_kdf_impl_st { - unsigned char *pass; - size_t pass_len; - unsigned char *salt; - size_t salt_len; -- uint64_t N, r, p; -+ uint64_t N; -+ uint32_t r, p; - uint64_t maxmem_bytes; --} SCRYPT_PKEY_CTX; -+}; - - /* Custom uint64_t parser since we do not have strtoull */ - static int atou64(const char *nptr, uint64_t *result) -@@ -53,51 +63,53 @@ static int atou64(const char *nptr, uint - return 1; - } - --static int pkey_scrypt_init(EVP_PKEY_CTX *ctx) -+static EVP_KDF_IMPL *kdf_scrypt_new(void) - { -- SCRYPT_PKEY_CTX *kctx; -+ EVP_KDF_IMPL *impl; - -- kctx = OPENSSL_zalloc(sizeof(*kctx)); -- if (kctx == NULL) { -- KDFerr(KDF_F_PKEY_SCRYPT_INIT, ERR_R_MALLOC_FAILURE); -- return 0; -+ impl = OPENSSL_zalloc(sizeof(*impl)); -+ if (impl == NULL) { -+ KDFerr(KDF_F_KDF_SCRYPT_NEW, ERR_R_MALLOC_FAILURE); -+ return NULL; - } -+ kdf_scrypt_init(impl); -+ return impl; -+} - -- /* Default values are the most conservative recommendation given in the -- * original paper of C. Percival. Derivation uses roughly 1 GiB of memory -- * for this parameter choice (approx. 128 * r * (N + p) bytes). -- */ -- kctx->N = 1 << 20; -- kctx->r = 8; -- kctx->p = 1; -- kctx->maxmem_bytes = 1025 * 1024 * 1024; -- -- ctx->data = kctx; -- -- return 1; -+static void kdf_scrypt_free(EVP_KDF_IMPL *impl) -+{ -+ kdf_scrypt_reset(impl); -+ OPENSSL_free(impl); - } - --static void pkey_scrypt_cleanup(EVP_PKEY_CTX *ctx) -+static void kdf_scrypt_reset(EVP_KDF_IMPL *impl) - { -- SCRYPT_PKEY_CTX *kctx = ctx->data; -+ OPENSSL_free(impl->salt); -+ OPENSSL_clear_free(impl->pass, impl->pass_len); -+ memset(impl, 0, sizeof(*impl)); -+ kdf_scrypt_init(impl); -+} - -- OPENSSL_clear_free(kctx->salt, kctx->salt_len); -- OPENSSL_clear_free(kctx->pass, kctx->pass_len); -- OPENSSL_free(kctx); -+static void kdf_scrypt_init(EVP_KDF_IMPL *impl) -+{ -+ /* Default values are the most conservative recommendation given in the -+ * original paper of C. Percival. Derivation uses roughly 1 GiB of memory -+ * for this parameter choice (approx. 128 * r * N * p bytes). -+ */ -+ impl->N = 1 << 20; -+ impl->r = 8; -+ impl->p = 1; -+ impl->maxmem_bytes = 1025 * 1024 * 1024; - } - --static int pkey_scrypt_set_membuf(unsigned char **buffer, size_t *buflen, -- const unsigned char *new_buffer, -- const int new_buflen) -+static int scrypt_set_membuf(unsigned char **buffer, size_t *buflen, -+ const unsigned char *new_buffer, -+ size_t new_buflen) - { - if (new_buffer == NULL) - return 1; - -- if (new_buflen < 0) -- return 0; -- -- if (*buffer != NULL) -- OPENSSL_clear_free(*buffer, *buflen); -+ OPENSSL_clear_free(*buffer, *buflen); - - if (new_buflen > 0) { - *buffer = OPENSSL_memdup(new_buffer, new_buflen); -@@ -105,7 +117,7 @@ static int pkey_scrypt_set_membuf(unsign - *buffer = OPENSSL_malloc(1); - } - if (*buffer == NULL) { -- KDFerr(KDF_F_PKEY_SCRYPT_SET_MEMBUF, ERR_R_MALLOC_FAILURE); -+ KDFerr(KDF_F_SCRYPT_SET_MEMBUF, ERR_R_MALLOC_FAILURE); - return 0; - } - -@@ -118,149 +130,378 @@ static int is_power_of_two(uint64_t valu - return (value != 0) && ((value & (value - 1)) == 0); - } - --static int pkey_scrypt_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -+static int kdf_scrypt_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) - { -- SCRYPT_PKEY_CTX *kctx = ctx->data; - uint64_t u64_value; -+ uint32_t value; -+ const unsigned char *p; -+ size_t len; -+ -+ switch (cmd) { -+ case EVP_KDF_CTRL_SET_PASS: -+ p = va_arg(args, const unsigned char *); -+ len = va_arg(args, size_t); -+ return scrypt_set_membuf(&impl->pass, &impl->pass_len, p, len); -+ -+ case EVP_KDF_CTRL_SET_SALT: -+ p = va_arg(args, const unsigned char *); -+ len = va_arg(args, size_t); -+ return scrypt_set_membuf(&impl->salt, &impl->salt_len, p, len); - -- switch (type) { -- case EVP_PKEY_CTRL_PASS: -- return pkey_scrypt_set_membuf(&kctx->pass, &kctx->pass_len, p2, p1); -- -- case EVP_PKEY_CTRL_SCRYPT_SALT: -- return pkey_scrypt_set_membuf(&kctx->salt, &kctx->salt_len, p2, p1); -- -- case EVP_PKEY_CTRL_SCRYPT_N: -- u64_value = *((uint64_t *)p2); -+ case EVP_KDF_CTRL_SET_SCRYPT_N: -+ u64_value = va_arg(args, uint64_t); - if ((u64_value <= 1) || !is_power_of_two(u64_value)) - return 0; -- kctx->N = u64_value; -+ -+ impl->N = u64_value; - return 1; - -- case EVP_PKEY_CTRL_SCRYPT_R: -- u64_value = *((uint64_t *)p2); -- if (u64_value < 1) -+ case EVP_KDF_CTRL_SET_SCRYPT_R: -+ value = va_arg(args, uint32_t); -+ if (value < 1) - return 0; -- kctx->r = u64_value; -+ -+ impl->r = value; - return 1; - -- case EVP_PKEY_CTRL_SCRYPT_P: -- u64_value = *((uint64_t *)p2); -- if (u64_value < 1) -+ case EVP_KDF_CTRL_SET_SCRYPT_P: -+ value = va_arg(args, uint32_t); -+ if (value < 1) - return 0; -- kctx->p = u64_value; -+ -+ impl->p = value; - return 1; - -- case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES: -- u64_value = *((uint64_t *)p2); -+ case EVP_KDF_CTRL_SET_MAXMEM_BYTES: -+ u64_value = va_arg(args, uint64_t); - if (u64_value < 1) - return 0; -- kctx->maxmem_bytes = u64_value; -+ -+ impl->maxmem_bytes = u64_value; - return 1; - - default: - return -2; -+ } -+} - -+static int kdf_scrypt_ctrl_uint32(EVP_KDF_IMPL *impl, int cmd, -+ const char *value) -+{ -+ int int_value = atoi(value); -+ -+ if (int_value < 0 || (uint64_t)int_value > UINT32_MAX) { -+ KDFerr(KDF_F_KDF_SCRYPT_CTRL_UINT32, KDF_R_VALUE_ERROR); -+ return 0; - } -+ return call_ctrl(kdf_scrypt_ctrl, impl, cmd, (uint32_t)int_value); - } - --static int pkey_scrypt_ctrl_uint64(EVP_PKEY_CTX *ctx, int type, -- const char *value) -+static int kdf_scrypt_ctrl_uint64(EVP_KDF_IMPL *impl, int cmd, -+ const char *value) - { -- uint64_t int_value; -+ uint64_t u64_value; - -- if (!atou64(value, &int_value)) { -- KDFerr(KDF_F_PKEY_SCRYPT_CTRL_UINT64, KDF_R_VALUE_ERROR); -+ if (!atou64(value, &u64_value)) { -+ KDFerr(KDF_F_KDF_SCRYPT_CTRL_UINT64, KDF_R_VALUE_ERROR); - return 0; - } -- return pkey_scrypt_ctrl(ctx, type, 0, &int_value); -+ return call_ctrl(kdf_scrypt_ctrl, impl, cmd, u64_value); - } - --static int pkey_scrypt_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, -- const char *value) -+static int kdf_scrypt_ctrl_str(EVP_KDF_IMPL *impl, const char *type, -+ const char *value) - { - if (value == NULL) { -- KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_VALUE_MISSING); -+ KDFerr(KDF_F_KDF_SCRYPT_CTRL_STR, KDF_R_VALUE_MISSING); - return 0; - } - - if (strcmp(type, "pass") == 0) -- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_PASS, value); -+ return kdf_str2ctrl(impl, kdf_scrypt_ctrl, EVP_KDF_CTRL_SET_PASS, -+ value); - - if (strcmp(type, "hexpass") == 0) -- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_PASS, value); -+ return kdf_hex2ctrl(impl, kdf_scrypt_ctrl, EVP_KDF_CTRL_SET_PASS, -+ value); - - if (strcmp(type, "salt") == 0) -- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value); -+ return kdf_str2ctrl(impl, kdf_scrypt_ctrl, EVP_KDF_CTRL_SET_SALT, -+ value); - - if (strcmp(type, "hexsalt") == 0) -- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value); -+ return kdf_hex2ctrl(impl, kdf_scrypt_ctrl, EVP_KDF_CTRL_SET_SALT, -+ value); - - if (strcmp(type, "N") == 0) -- return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_N, value); -+ return kdf_scrypt_ctrl_uint64(impl, EVP_KDF_CTRL_SET_SCRYPT_N, value); - - if (strcmp(type, "r") == 0) -- return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_R, value); -+ return kdf_scrypt_ctrl_uint32(impl, EVP_KDF_CTRL_SET_SCRYPT_R, value); - - if (strcmp(type, "p") == 0) -- return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_P, value); -+ return kdf_scrypt_ctrl_uint32(impl, EVP_KDF_CTRL_SET_SCRYPT_P, value); - - if (strcmp(type, "maxmem_bytes") == 0) -- return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, -- value); -+ return kdf_scrypt_ctrl_uint64(impl, EVP_KDF_CTRL_SET_MAXMEM_BYTES, -+ value); - -- KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE); - return -2; - } - --static int pkey_scrypt_derive(EVP_PKEY_CTX *ctx, unsigned char *key, -- size_t *keylen) -+static int kdf_scrypt_derive(EVP_KDF_IMPL *impl, unsigned char *key, -+ size_t keylen) - { -- SCRYPT_PKEY_CTX *kctx = ctx->data; -- -- if (kctx->pass == NULL) { -- KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_PASS); -+ if (impl->pass == NULL) { -+ KDFerr(KDF_F_KDF_SCRYPT_DERIVE, KDF_R_MISSING_PASS); - return 0; - } - -- if (kctx->salt == NULL) { -- KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_SALT); -+ if (impl->salt == NULL) { -+ KDFerr(KDF_F_KDF_SCRYPT_DERIVE, KDF_R_MISSING_SALT); - return 0; - } - -- return EVP_PBE_scrypt((char *)kctx->pass, kctx->pass_len, kctx->salt, -- kctx->salt_len, kctx->N, kctx->r, kctx->p, -- kctx->maxmem_bytes, key, *keylen); -+ return scrypt_alg((char *)impl->pass, impl->pass_len, impl->salt, -+ impl->salt_len, impl->N, impl->r, impl->p, -+ impl->maxmem_bytes, key, keylen); - } - --const EVP_PKEY_METHOD scrypt_pkey_meth = { -- EVP_PKEY_SCRYPT, -- 0, -- pkey_scrypt_init, -- 0, -- pkey_scrypt_cleanup, -+const EVP_KDF_METHOD scrypt_kdf_meth = { -+ EVP_KDF_SCRYPT, -+ kdf_scrypt_new, -+ kdf_scrypt_free, -+ kdf_scrypt_reset, -+ kdf_scrypt_ctrl, -+ kdf_scrypt_ctrl_str, -+ NULL, -+ kdf_scrypt_derive -+}; - -- 0, 0, -- 0, 0, -+#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) -+static void salsa208_word_specification(uint32_t inout[16]) -+{ -+ int i; -+ uint32_t x[16]; - -- 0, -- 0, -+ memcpy(x, inout, sizeof(x)); -+ for (i = 8; i > 0; i -= 2) { -+ x[4] ^= R(x[0] + x[12], 7); -+ x[8] ^= R(x[4] + x[0], 9); -+ x[12] ^= R(x[8] + x[4], 13); -+ x[0] ^= R(x[12] + x[8], 18); -+ x[9] ^= R(x[5] + x[1], 7); -+ x[13] ^= R(x[9] + x[5], 9); -+ x[1] ^= R(x[13] + x[9], 13); -+ x[5] ^= R(x[1] + x[13], 18); -+ x[14] ^= R(x[10] + x[6], 7); -+ x[2] ^= R(x[14] + x[10], 9); -+ x[6] ^= R(x[2] + x[14], 13); -+ x[10] ^= R(x[6] + x[2], 18); -+ x[3] ^= R(x[15] + x[11], 7); -+ x[7] ^= R(x[3] + x[15], 9); -+ x[11] ^= R(x[7] + x[3], 13); -+ x[15] ^= R(x[11] + x[7], 18); -+ x[1] ^= R(x[0] + x[3], 7); -+ x[2] ^= R(x[1] + x[0], 9); -+ x[3] ^= R(x[2] + x[1], 13); -+ x[0] ^= R(x[3] + x[2], 18); -+ x[6] ^= R(x[5] + x[4], 7); -+ x[7] ^= R(x[6] + x[5], 9); -+ x[4] ^= R(x[7] + x[6], 13); -+ x[5] ^= R(x[4] + x[7], 18); -+ x[11] ^= R(x[10] + x[9], 7); -+ x[8] ^= R(x[11] + x[10], 9); -+ x[9] ^= R(x[8] + x[11], 13); -+ x[10] ^= R(x[9] + x[8], 18); -+ x[12] ^= R(x[15] + x[14], 7); -+ x[13] ^= R(x[12] + x[15], 9); -+ x[14] ^= R(x[13] + x[12], 13); -+ x[15] ^= R(x[14] + x[13], 18); -+ } -+ for (i = 0; i < 16; ++i) -+ inout[i] += x[i]; -+ OPENSSL_cleanse(x, sizeof(x)); -+} - -- 0, -- 0, -+static void scryptBlockMix(uint32_t *B_, uint32_t *B, uint64_t r) -+{ -+ uint64_t i, j; -+ uint32_t X[16], *pB; - -- 0, 0, -+ memcpy(X, B + (r * 2 - 1) * 16, sizeof(X)); -+ pB = B; -+ for (i = 0; i < r * 2; i++) { -+ for (j = 0; j < 16; j++) -+ X[j] ^= *pB++; -+ salsa208_word_specification(X); -+ memcpy(B_ + (i / 2 + (i & 1) * r) * 16, X, sizeof(X)); -+ } -+ OPENSSL_cleanse(X, sizeof(X)); -+} - -- 0, 0, 0, 0, -+static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N, -+ uint32_t *X, uint32_t *T, uint32_t *V) -+{ -+ unsigned char *pB; -+ uint32_t *pV; -+ uint64_t i, k; -+ -+ /* Convert from little endian input */ -+ for (pV = V, i = 0, pB = B; i < 32 * r; i++, pV++) { -+ *pV = *pB++; -+ *pV |= *pB++ << 8; -+ *pV |= *pB++ << 16; -+ *pV |= (uint32_t)*pB++ << 24; -+ } - -- 0, 0, -+ for (i = 1; i < N; i++, pV += 32 * r) -+ scryptBlockMix(pV, pV - 32 * r, r); - -- 0, 0, -+ scryptBlockMix(X, V + (N - 1) * 32 * r, r); - -- 0, -- pkey_scrypt_derive, -- pkey_scrypt_ctrl, -- pkey_scrypt_ctrl_str --}; -+ for (i = 0; i < N; i++) { -+ uint32_t j; -+ j = X[16 * (2 * r - 1)] % N; -+ pV = V + 32 * r * j; -+ for (k = 0; k < 32 * r; k++) -+ T[k] = X[k] ^ *pV++; -+ scryptBlockMix(X, T, r); -+ } -+ /* Convert output to little endian */ -+ for (i = 0, pB = B; i < 32 * r; i++) { -+ uint32_t xtmp = X[i]; -+ *pB++ = xtmp & 0xff; -+ *pB++ = (xtmp >> 8) & 0xff; -+ *pB++ = (xtmp >> 16) & 0xff; -+ *pB++ = (xtmp >> 24) & 0xff; -+ } -+} -+ -+#ifndef SIZE_MAX -+# define SIZE_MAX ((size_t)-1) -+#endif -+ -+/* -+ * Maximum power of two that will fit in uint64_t: this should work on -+ * most (all?) platforms. -+ */ -+ -+#define LOG2_UINT64_MAX (sizeof(uint64_t) * 8 - 1) -+ -+/* -+ * Maximum value of p * r: -+ * p <= ((2^32-1) * hLen) / MFLen => -+ * p <= ((2^32-1) * 32) / (128 * r) => -+ * p * r <= (2^30-1) -+ */ -+ -+#define SCRYPT_PR_MAX ((1 << 30) - 1) -+ -+static int scrypt_alg(const char *pass, size_t passlen, -+ const unsigned char *salt, size_t saltlen, -+ uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, -+ unsigned char *key, size_t keylen) -+{ -+ int rv = 0; -+ unsigned char *B; -+ uint32_t *X, *V, *T; -+ uint64_t i, Blen, Vlen; -+ -+ /* Sanity check parameters */ -+ /* initial check, r,p must be non zero, N >= 2 and a power of 2 */ -+ if (r == 0 || p == 0 || N < 2 || (N & (N - 1))) -+ return 0; -+ /* Check p * r < SCRYPT_PR_MAX avoiding overflow */ -+ if (p > SCRYPT_PR_MAX / r) { -+ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED); -+ return 0; -+ } -+ -+ /* -+ * Need to check N: if 2^(128 * r / 8) overflows limit this is -+ * automatically satisfied since N <= UINT64_MAX. -+ */ -+ -+ if (16 * r <= LOG2_UINT64_MAX) { -+ if (N >= (((uint64_t)1) << (16 * r))) { -+ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED); -+ return 0; -+ } -+ } -+ -+ /* Memory checks: check total allocated buffer size fits in uint64_t */ -+ -+ /* -+ * B size in section 5 step 1.S -+ * Note: we know p * 128 * r < UINT64_MAX because we already checked -+ * p * r < SCRYPT_PR_MAX -+ */ -+ Blen = p * 128 * r; -+ /* -+ * Yet we pass it as integer to PKCS5_PBKDF2_HMAC... [This would -+ * have to be revised when/if PKCS5_PBKDF2_HMAC accepts size_t.] -+ */ -+ if (Blen > INT_MAX) { -+ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED); -+ return 0; -+ } -+ -+ /* -+ * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in uint64_t -+ * This is combined size V, X and T (section 4) -+ */ -+ i = UINT64_MAX / (32 * sizeof(uint32_t)); -+ if (N + 2 > i / r) { -+ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED); -+ return 0; -+ } -+ Vlen = 32 * r * (N + 2) * sizeof(uint32_t); -+ -+ /* check total allocated size fits in uint64_t */ -+ if (Blen > UINT64_MAX - Vlen) { -+ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED); -+ return 0; -+ } -+ -+ /* Check that the maximum memory doesn't exceed a size_t limits */ -+ if (maxmem > SIZE_MAX) -+ maxmem = SIZE_MAX; -+ -+ if (Blen + Vlen > maxmem) { -+ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED); -+ return 0; -+ } -+ -+ /* If no key return to indicate parameters are OK */ -+ if (key == NULL) -+ return 1; -+ -+ B = OPENSSL_malloc((size_t)(Blen + Vlen)); -+ if (B == NULL) { -+ EVPerr(EVP_F_SCRYPT_ALG, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ X = (uint32_t *)(B + Blen); -+ T = X + 32 * r; -+ V = T + 32 * r; -+ if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(), -+ (int)Blen, B) == 0) -+ goto err; -+ -+ for (i = 0; i < p; i++) -+ scryptROMix(B + 128 * r * i, r, N, X, T, V); -+ -+ if (PKCS5_PBKDF2_HMAC(pass, passlen, B, (int)Blen, 1, EVP_sha256(), -+ keylen, key) == 0) -+ goto err; -+ rv = 1; -+ err: -+ if (rv == 0) -+ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_PBKDF2_ERROR); -+ -+ OPENSSL_clear_free(B, (size_t)(Blen + Vlen)); -+ return rv; -+} - - #endif -diff -up openssl-1.1.1j/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1j/crypto/kdf/tls1_prf.c ---- openssl-1.1.1j/crypto/kdf/tls1_prf.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/kdf/tls1_prf.c 2021-03-03 14:08:02.492294856 +0100 -@@ -8,11 +8,15 @@ - */ - - #include -+#include -+#include - #include "internal/cryptlib.h" - #include - #include - #include "crypto/evp.h" -+#include "kdf_local.h" - -+static void kdf_tls1_prf_reset(EVP_KDF_IMPL *impl); - static int tls1_prf_alg(const EVP_MD *md, - const unsigned char *sec, size_t slen, - const unsigned char *seed, size_t seed_len, -@@ -20,9 +24,9 @@ static int tls1_prf_alg(const EVP_MD *md - - #define TLS1_PRF_MAXBUF 1024 - --/* TLS KDF pkey context structure */ -+/* TLS KDF kdf context structure */ - --typedef struct { -+struct evp_kdf_impl_st { - /* Digest to use for PRF */ - const EVP_MD *md; - /* Secret value to use for PRF */ -@@ -31,145 +35,137 @@ typedef struct { - /* Buffer of concatenated seed data */ - unsigned char seed[TLS1_PRF_MAXBUF]; - size_t seedlen; --} TLS1_PRF_PKEY_CTX; -+}; - --static int pkey_tls1_prf_init(EVP_PKEY_CTX *ctx) -+static EVP_KDF_IMPL *kdf_tls1_prf_new(void) - { -- TLS1_PRF_PKEY_CTX *kctx; -+ EVP_KDF_IMPL *impl; - -- if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) { -- KDFerr(KDF_F_PKEY_TLS1_PRF_INIT, ERR_R_MALLOC_FAILURE); -- return 0; -- } -- ctx->data = kctx; -+ if ((impl = OPENSSL_zalloc(sizeof(*impl))) == NULL) -+ KDFerr(KDF_F_KDF_TLS1_PRF_NEW, ERR_R_MALLOC_FAILURE); -+ return impl; -+} - -- return 1; -+static void kdf_tls1_prf_free(EVP_KDF_IMPL *impl) -+{ -+ kdf_tls1_prf_reset(impl); -+ OPENSSL_free(impl); - } - --static void pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx) -+static void kdf_tls1_prf_reset(EVP_KDF_IMPL *impl) - { -- TLS1_PRF_PKEY_CTX *kctx = ctx->data; -- OPENSSL_clear_free(kctx->sec, kctx->seclen); -- OPENSSL_cleanse(kctx->seed, kctx->seedlen); -- OPENSSL_free(kctx); -+ OPENSSL_clear_free(impl->sec, impl->seclen); -+ OPENSSL_cleanse(impl->seed, impl->seedlen); -+ memset(impl, 0, sizeof(*impl)); - } - --static int pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -+static int kdf_tls1_prf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) - { -- TLS1_PRF_PKEY_CTX *kctx = ctx->data; -- switch (type) { -- case EVP_PKEY_CTRL_TLS_MD: -- kctx->md = p2; -- return 1; -+ const unsigned char *p; -+ size_t len; -+ const EVP_MD *md; - -- case EVP_PKEY_CTRL_TLS_SECRET: -- if (p1 < 0) -+ switch (cmd) { -+ case EVP_KDF_CTRL_SET_MD: -+ md = va_arg(args, const EVP_MD *); -+ if (md == NULL) - return 0; -- if (kctx->sec != NULL) -- OPENSSL_clear_free(kctx->sec, kctx->seclen); -- OPENSSL_cleanse(kctx->seed, kctx->seedlen); -- kctx->seedlen = 0; -- kctx->sec = OPENSSL_memdup(p2, p1); -- if (kctx->sec == NULL) -+ -+ impl->md = md; -+ return 1; -+ -+ case EVP_KDF_CTRL_SET_TLS_SECRET: -+ p = va_arg(args, const unsigned char *); -+ len = va_arg(args, size_t); -+ OPENSSL_clear_free(impl->sec, impl->seclen); -+ impl->sec = OPENSSL_memdup(p, len); -+ if (impl->sec == NULL) - return 0; -- kctx->seclen = p1; -+ -+ impl->seclen = len; -+ return 1; -+ -+ case EVP_KDF_CTRL_RESET_TLS_SEED: -+ OPENSSL_cleanse(impl->seed, impl->seedlen); -+ impl->seedlen = 0; - return 1; - -- case EVP_PKEY_CTRL_TLS_SEED: -- if (p1 == 0 || p2 == NULL) -+ case EVP_KDF_CTRL_ADD_TLS_SEED: -+ p = va_arg(args, const unsigned char *); -+ len = va_arg(args, size_t); -+ if (len == 0 || p == NULL) - return 1; -- if (p1 < 0 || p1 > (int)(TLS1_PRF_MAXBUF - kctx->seedlen)) -+ -+ if (len > (TLS1_PRF_MAXBUF - impl->seedlen)) - return 0; -- memcpy(kctx->seed + kctx->seedlen, p2, p1); -- kctx->seedlen += p1; -+ -+ memcpy(impl->seed + impl->seedlen, p, len); -+ impl->seedlen += len; - return 1; - - default: - return -2; -- - } - } - --static int pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx, -- const char *type, const char *value) -+static int kdf_tls1_prf_ctrl_str(EVP_KDF_IMPL *impl, -+ const char *type, const char *value) - { - if (value == NULL) { -- KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_VALUE_MISSING); -+ KDFerr(KDF_F_KDF_TLS1_PRF_CTRL_STR, KDF_R_VALUE_MISSING); - return 0; - } -- if (strcmp(type, "md") == 0) { -- TLS1_PRF_PKEY_CTX *kctx = ctx->data; -+ if (strcmp(type, "digest") == 0) -+ return kdf_md2ctrl(impl, kdf_tls1_prf_ctrl, EVP_KDF_CTRL_SET_MD, value); - -- const EVP_MD *md = EVP_get_digestbyname(value); -- if (md == NULL) { -- KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_INVALID_DIGEST); -- return 0; -- } -- kctx->md = md; -- return 1; -- } - if (strcmp(type, "secret") == 0) -- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value); -+ return kdf_str2ctrl(impl, kdf_tls1_prf_ctrl, -+ EVP_KDF_CTRL_SET_TLS_SECRET, value); -+ - if (strcmp(type, "hexsecret") == 0) -- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value); -+ return kdf_hex2ctrl(impl, kdf_tls1_prf_ctrl, -+ EVP_KDF_CTRL_SET_TLS_SECRET, value); -+ - if (strcmp(type, "seed") == 0) -- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value); -+ return kdf_str2ctrl(impl, kdf_tls1_prf_ctrl, EVP_KDF_CTRL_ADD_TLS_SEED, -+ value); -+ - if (strcmp(type, "hexseed") == 0) -- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value); -+ return kdf_hex2ctrl(impl, kdf_tls1_prf_ctrl, EVP_KDF_CTRL_ADD_TLS_SEED, -+ value); - -- KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE); - return -2; - } - --static int pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, -- size_t *keylen) -+static int kdf_tls1_prf_derive(EVP_KDF_IMPL *impl, unsigned char *key, -+ size_t keylen) - { -- TLS1_PRF_PKEY_CTX *kctx = ctx->data; -- if (kctx->md == NULL) { -- KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); -+ if (impl->md == NULL) { -+ KDFerr(KDF_F_KDF_TLS1_PRF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); - return 0; - } -- if (kctx->sec == NULL) { -- KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SECRET); -+ if (impl->sec == NULL) { -+ KDFerr(KDF_F_KDF_TLS1_PRF_DERIVE, KDF_R_MISSING_SECRET); - return 0; - } -- if (kctx->seedlen == 0) { -- KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SEED); -+ if (impl->seedlen == 0) { -+ KDFerr(KDF_F_KDF_TLS1_PRF_DERIVE, KDF_R_MISSING_SEED); - return 0; - } -- return tls1_prf_alg(kctx->md, kctx->sec, kctx->seclen, -- kctx->seed, kctx->seedlen, -- key, *keylen); -+ return tls1_prf_alg(impl->md, impl->sec, impl->seclen, -+ impl->seed, impl->seedlen, -+ key, keylen); - } - --const EVP_PKEY_METHOD tls1_prf_pkey_meth = { -- EVP_PKEY_TLS1_PRF, -- 0, -- pkey_tls1_prf_init, -- 0, -- pkey_tls1_prf_cleanup, -- -- 0, 0, -- 0, 0, -- -- 0, -- 0, -- -- 0, -- 0, -- -- 0, 0, -- -- 0, 0, 0, 0, -- -- 0, 0, -- -- 0, 0, -- -- 0, -- pkey_tls1_prf_derive, -- pkey_tls1_prf_ctrl, -- pkey_tls1_prf_ctrl_str -+const EVP_KDF_METHOD tls1_prf_kdf_meth = { -+ EVP_KDF_TLS1_PRF, -+ kdf_tls1_prf_new, -+ kdf_tls1_prf_free, -+ kdf_tls1_prf_reset, -+ kdf_tls1_prf_ctrl, -+ kdf_tls1_prf_ctrl_str, -+ NULL, -+ kdf_tls1_prf_derive - }; - - static int tls1_prf_P_hash(const EVP_MD *md, -@@ -249,12 +245,11 @@ static int tls1_prf_alg(const EVP_MD *md - const unsigned char *seed, size_t seed_len, - unsigned char *out, size_t olen) - { -- - if (EVP_MD_type(md) == NID_md5_sha1) { - size_t i; - unsigned char *tmp; - if (!tls1_prf_P_hash(EVP_md5(), sec, slen/2 + (slen & 1), -- seed, seed_len, out, olen)) -+ seed, seed_len, out, olen)) - return 0; - - if ((tmp = OPENSSL_malloc(olen)) == NULL) { -@@ -262,7 +257,7 @@ static int tls1_prf_alg(const EVP_MD *md - return 0; - } - if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2, slen/2 + (slen & 1), -- seed, seed_len, tmp, olen)) { -+ seed, seed_len, tmp, olen)) { - OPENSSL_clear_free(tmp, olen); - return 0; - } -diff -up openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod ---- openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod.evp-kdf 2021-03-03 14:08:02.492294856 +0100 -+++ openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod 2021-03-03 14:08:02.492294856 +0100 -@@ -0,0 +1,217 @@ -+=pod -+ -+=head1 NAME -+ -+EVP_KDF_CTX, EVP_KDF_CTX_new_id, EVP_KDF_CTX_free, EVP_KDF_reset, -+EVP_KDF_ctrl, EVP_KDF_vctrl, EVP_KDF_ctrl_str, EVP_KDF_size, -+EVP_KDF_derive - EVP KDF routines -+ -+=head1 SYNOPSIS -+ -+ #include -+ -+ typedef struct evp_kdf_ctx_st EVP_KDF_CTX; -+ -+ EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id); -+ void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); -+ void EVP_KDF_reset(EVP_KDF_CTX *ctx); -+ int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...); -+ int EVP_KDF_vctrl(EVP_KDF_CTX *ctx, int cmd, va_list args); -+ int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value); -+ size_t EVP_KDF_size(EVP_KDF_CTX *ctx); -+ int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); -+ -+=head1 DESCRIPTION -+ -+The EVP KDF routines are a high level interface to Key Derivation Function -+algorithms and should be used instead of algorithm-specific functions. -+ -+After creating a C for the required algorithm using -+EVP_KDF_CTX_new_id(), inputs to the algorithm are supplied using calls to -+EVP_KDF_ctrl(), EVP_KDF_vctrl() or EVP_KDF_ctrl_str() before calling -+EVP_KDF_derive() to derive the key. -+ -+=head2 Types -+ -+B is a context type that holds the algorithm inputs. -+ -+=head2 Context manipulation functions -+ -+EVP_KDF_CTX_new_id() creates a KDF context for the algorithm identified by the -+specified NID. -+ -+EVP_KDF_CTX_free() frees up the context C. If C is C, nothing -+is done. -+ -+=head2 Computing functions -+ -+EVP_KDF_reset() resets the context to the default state as if the context -+had just been created. -+ -+EVP_KDF_ctrl() is used to provide inputs to the KDF algorithm prior to -+EVP_KDF_derive() being called. The inputs that may be provided will vary -+depending on the KDF algorithm or its implementation. This functions takes -+variable arguments, the exact expected arguments depend on C. -+See L below for a description of standard controls. -+ -+EVP_KDF_vctrl() is the variant of EVP_KDF_ctrl() that takes a C -+argument instead of variadic arguments. -+ -+EVP_KDF_ctrl_str() allows an application to send an algorithm specific control -+operation to a context C in string form. This is intended to be used for -+options specified on the command line or in text files. -+ -+EVP_KDF_size() returns the output size if the algorithm produces a fixed amount -+of output and C otherwise. If an error occurs then 0 is returned. -+For some algorithms an error may result if input parameters necessary to -+calculate a fixed output size have not yet been supplied. -+ -+EVP_KDF_derive() derives C bytes of key material and places it in the -+C buffer. If the algorithm produces a fixed amount of output then an -+error will occur unless the C parameter is equal to that output size, -+as returned by EVP_KDF_size(). -+ -+=head1 CONTROLS -+ -+The standard controls are: -+ -+=over 4 -+ -+=item B -+ -+This control expects two arguments: C, C -+ -+Some KDF implementations require a password. For those KDF implementations -+that support it, this control sets the password. -+ -+EVP_KDF_ctrl_str() takes two type strings for this control: -+ -+=over 4 -+ -+=item "pass" -+ -+The value string is used as is. -+ -+=item "hexpass" -+ -+The value string is expected to be a hexadecimal number, which will be -+decoded before being passed on as the control value. -+ -+=back -+ -+=item B -+ -+This control expects two arguments: C, C -+ -+Some KDF implementations can take a salt. For those KDF implementations that -+support it, this control sets the salt. -+ -+The default value, if any, is implementation dependent. -+ -+EVP_KDF_ctrl_str() takes two type strings for this control: -+ -+=over 4 -+ -+=item "salt" -+ -+The value string is used as is. -+ -+=item "hexsalt" -+ -+The value string is expected to be a hexadecimal number, which will be -+decoded before being passed on as the control value. -+ -+=back -+ -+=item B -+ -+This control expects one argument: C -+ -+Some KDF implementations require an iteration count. For those KDF implementations that support it, this control sets the iteration count. -+ -+The default value, if any, is implementation dependent. -+ -+EVP_KDF_ctrl_str() type string: "iter" -+ -+The value string is expected to be a decimal number. -+ -+=item B -+ -+This control expects one argument: C -+ -+For MAC implementations that use a message digest as an underlying computation -+algorithm, this control set what the digest algorithm should be. -+ -+EVP_KDF_ctrl_str() type string: "md" -+ -+The value string is expected to be the name of a digest. -+ -+=item B -+ -+This control expects two arguments: C, C -+ -+Some KDF implementations require a key. For those KDF implementations that -+support it, this control sets the key. -+ -+EVP_KDF_ctrl_str() takes two type strings for this control: -+ -+=over 4 -+ -+=item "key" -+ -+The value string is used as is. -+ -+=item "hexkey" -+ -+The value string is expected to be a hexadecimal number, which will be -+decoded before being passed on as the control value. -+ -+=back -+ -+=item B -+ -+This control expects one argument: C -+ -+Memory-hard password-based KDF algorithms, such as scrypt, use an amount of -+memory that depends on the load factors provided as input. For those KDF -+implementations that support it, this control sets an upper limit on the amount -+of memory that may be consumed while performing a key derivation. If this -+memory usage limit is exceeded because the load factors are chosen too high, -+the key derivation will fail. -+ -+The default value is implementation dependent. -+ -+EVP_KDF_ctrl_str() type string: "maxmem_bytes" -+ -+The value string is expected to be a decimal number. -+ -+=back -+ -+=head1 RETURN VALUES -+ -+EVP_KDF_CTX_new_id() returns either the newly allocated C -+structure or C if an error occurred. -+ -+EVP_KDF_CTX_free() and EVP_KDF_reset() do not return a value. -+ -+EVP_KDF_size() returns the output size. C is returned to indicate -+that the algorithm produces a variable amount of output; 0 to indicate failure. -+ -+The remaining functions return 1 for success and 0 or a negative value for -+failure. In particular, a return value of -2 indicates the operation is not -+supported by the KDF algorithm. -+ -+=head1 SEE ALSO -+ -+L -+ -+=head1 COPYRIGHT -+ -+Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -+ -+Licensed under the Apache License 2.0 (the "License"). You may not use -+this file except in compliance with the License. You can obtain a copy -+in the file LICENSE in the source distribution or at -+L. -+ -+=cut -diff -up openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod ---- openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod.evp-kdf 2021-03-03 14:08:02.493294865 +0100 -+++ openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod 2021-03-03 14:08:02.493294865 +0100 -@@ -0,0 +1,180 @@ -+=pod -+ -+=head1 NAME -+ -+EVP_KDF_HKDF - The HKDF EVP_KDF implementation -+ -+=head1 DESCRIPTION -+ -+Support for computing the B KDF through the B API. -+ -+The EVP_KDF_HKDF algorithm implements the HKDF key derivation function. -+HKDF follows the "extract-then-expand" paradigm, where the KDF logically -+consists of two modules. The first stage takes the input keying material -+and "extracts" from it a fixed-length pseudorandom key K. The second stage -+"expands" the key K into several additional pseudorandom keys (the output -+of the KDF). -+ -+=head2 Numeric identity -+ -+B is the numeric identity for this implementation; it -+can be used with the EVP_KDF_CTX_new_id() function. -+ -+=head2 Supported controls -+ -+The supported controls are: -+ -+=over 4 -+ -+=item B -+ -+=item B -+ -+=item B -+ -+These controls work as described in L. -+ -+=item B -+ -+This control does not expect any arguments. -+ -+Resets the context info buffer to zero length. -+ -+=item B -+ -+This control expects two arguments: C, C -+ -+Sets the info value to the first B bytes of the buffer B. If a -+value is already set, the contents of the buffer are appended to the existing -+value. -+ -+The total length of the context info buffer cannot exceed 1024 bytes; -+this should be more than enough for any normal use of HKDF. -+ -+EVP_KDF_ctrl_str() takes two type strings for this control: -+ -+=over 4 -+ -+=item "info" -+ -+The value string is used as is. -+ -+=item "hexinfo" -+ -+The value string is expected to be a hexadecimal number, which will be -+decoded before being passed on as the control value. -+ -+=back -+ -+=item B -+ -+This control expects one argument: C -+ -+Sets the mode for the HKDF operation. There are three modes that are currently -+defined: -+ -+=over 4 -+ -+=item EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND -+ -+This is the default mode. Calling L on an EVP_KDF_CTX set -+up for HKDF will perform an extract followed by an expand operation in one go. -+The derived key returned will be the result after the expand operation. The -+intermediate fixed-length pseudorandom key K is not returned. -+ -+In this mode the digest, key, salt and info values must be set before a key is -+derived otherwise an error will occur. -+ -+=item EVP_KDF_HKDF_MODE_EXTRACT_ONLY -+ -+In this mode calling L will just perform the extract -+operation. The value returned will be the intermediate fixed-length pseudorandom -+key K. The C parameter must match the size of K, which can be looked -+up by calling EVP_KDF_size() after setting the mode and digest. -+ -+The digest, key and salt values must be set before a key is derived otherwise -+an error will occur. -+ -+=item EVP_KDF_HKDF_MODE_EXPAND_ONLY -+ -+In this mode calling L will just perform the expand -+operation. The input key should be set to the intermediate fixed-length -+pseudorandom key K returned from a previous extract operation. -+ -+The digest, key and info values must be set before a key is derived otherwise -+an error will occur. -+ -+=back -+ -+EVP_KDF_ctrl_str() type string: "mode" -+ -+The value string is expected to be one of: "EXTRACT_AND_EXPAND", "EXTRACT_ONLY" -+or "EXPAND_ONLY". -+ -+=back -+ -+=head1 NOTES -+ -+A context for HKDF can be obtained by calling: -+ -+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF); -+ -+The output length of an HKDF expand operation is specified via the C -+parameter to the L function. When using -+EVP_KDF_HKDF_MODE_EXTRACT_ONLY the C parameter must equal the size of -+the intermediate fixed-length pseudorandom key otherwise an error will occur. -+For that mode, the fixed output size can be looked up by calling EVP_KDF_size() -+after setting the mode and digest on the C. -+ -+=head1 EXAMPLE -+ -+This example derives 10 bytes using SHA-256 with the secret key "secret", -+salt value "salt" and info value "label": -+ -+ EVP_KDF_CTX *kctx; -+ unsigned char out[10]; -+ -+ kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF); -+ -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { -+ error("EVP_KDF_CTRL_SET_MD"); -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) { -+ error("EVP_KDF_CTRL_SET_SALT"); -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) { -+ error("EVP_KDF_CTRL_SET_KEY"); -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO, "label", (size_t)5) <= 0) { -+ error("EVP_KDF_CTRL_ADD_HKDF_INFO"); -+ } -+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { -+ error("EVP_KDF_derive"); -+ } -+ -+ EVP_KDF_CTX_free(kctx); -+ -+=head1 CONFORMING TO -+ -+RFC 5869 -+ -+=head1 SEE ALSO -+ -+L, -+L, -+L, -+L, -+L, -+L, -+L -+ -+=head1 COPYRIGHT -+ -+Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. -+ -+Licensed under the Apache License 2.0 (the "License"). You may not use -+this file except in compliance with the License. You can obtain a copy -+in the file LICENSE in the source distribution or at -+L. -+ -+=cut -diff -up openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod ---- openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf 2021-03-03 14:08:02.493294865 +0100 -+++ openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod 2021-03-03 14:08:02.493294865 +0100 -@@ -0,0 +1,78 @@ -+=pod -+ -+=head1 NAME -+ -+EVP_KDF_PBKDF2 - The PBKDF2 EVP_KDF implementation -+ -+=head1 DESCRIPTION -+ -+Support for computing the B password-based KDF through the B -+API. -+ -+The EVP_KDF_PBKDF2 algorithm implements the PBKDF2 password-based key -+derivation function, as described in RFC 2898; it derives a key from a password -+using a salt and iteration count. -+ -+=head2 Numeric identity -+ -+B is the numeric identity for this implementation; it -+can be used with the EVP_KDF_CTX_new_id() function. -+ -+=head2 Supported controls -+ -+The supported controls are: -+ -+=over 4 -+ -+=item B -+ -+=item B -+ -+=item B -+ -+=item B -+ -+These controls work as described in L. -+ -+B is the iteration count and its value should be greater than or equal to -+1. RFC 2898 suggests an iteration count of at least 1000. The default value is -+2048. Any B less than 1 is treated as a single iteration. -+ -+=back -+ -+=head1 NOTES -+ -+A typical application of this algorithm is to derive keying material for an -+encryption algorithm from a password in the B, a salt in B, -+and an iteration count. -+ -+Increasing the B parameter slows down the algorithm which makes it -+harder for an attacker to perform a brute force attack using a large number -+of candidate passwords. -+ -+No assumption is made regarding the given password; it is simply treated as a -+byte sequence. -+ -+=head1 CONFORMING TO -+ -+RFC 2898 -+ -+=head1 SEE ALSO -+ -+L, -+L, -+L, -+L, -+L, -+L -+ -+=head1 COPYRIGHT -+ -+Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -+ -+Licensed under the Apache License 2.0 (the "License"). You may not use -+this file except in compliance with the License. You can obtain a copy -+in the file LICENSE in the source distribution or at -+L. -+ -+=cut -diff -up openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod ---- openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf 2021-03-03 14:08:02.493294865 +0100 -+++ openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod 2021-03-03 14:08:02.493294865 +0100 -@@ -0,0 +1,149 @@ -+=pod -+ -+=head1 NAME -+ -+EVP_KDF_SCRYPT - The scrypt EVP_KDF implementation -+ -+=head1 DESCRIPTION -+ -+Support for computing the B password-based KDF through the B -+API. -+ -+The EVP_KDF_SCRYPT algorithm implements the scrypt password-based key -+derivation function, as described in RFC 7914. It is memory-hard in the sense -+that it deliberately requires a significant amount of RAM for efficient -+computation. The intention of this is to render brute forcing of passwords on -+systems that lack large amounts of main memory (such as GPUs or ASICs) -+computationally infeasible. -+ -+scrypt provides three work factors that can be customized: N, r and p. N, which -+has to be a positive power of two, is the general work factor and scales CPU -+time in an approximately linear fashion. r is the block size of the internally -+used hash function and p is the parallelization factor. Both r and p need to be -+greater than zero. The amount of RAM that scrypt requires for its computation -+is roughly (128 * N * r * p) bytes. -+ -+In the original paper of Colin Percival ("Stronger Key Derivation via -+Sequential Memory-Hard Functions", 2009), the suggested values that give a -+computation time of less than 5 seconds on a 2.5 GHz Intel Core 2 Duo are N = -+2^20 = 1048576, r = 8, p = 1. Consequently, the required amount of memory for -+this computation is roughly 1 GiB. On a more recent CPU (Intel i7-5930K at 3.5 -+GHz), this computation takes about 3 seconds. When N, r or p are not specified, -+they default to 1048576, 8, and 1, respectively. The maximum amount of RAM that -+may be used by scrypt defaults to 1025 MiB. -+ -+=head2 Numeric identity -+ -+B is the numeric identity for this implementation; it -+can be used with the EVP_KDF_CTX_new_id() function. -+ -+=head2 Supported controls -+ -+The supported controls are: -+ -+=over 4 -+ -+=item B -+ -+=item B -+ -+These controls work as described in L. -+ -+=item B -+ -+=item B -+ -+=item B -+ -+B expects one argument: C -+ -+B expects one argument: C -+ -+B expects one argument: C -+ -+These controls configure the scrypt work factors N, r and p. -+ -+EVP_KDF_ctrl_str() type strings: "N", "r" and "p", respectively. -+ -+The corresponding value strings are expected to be decimal numbers. -+ -+=back -+ -+=head1 NOTES -+ -+A context for scrypt can be obtained by calling: -+ -+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT); -+ -+The output length of an scrypt key derivation is specified via the -+B parameter to the L function. -+ -+=head1 EXAMPLE -+ -+This example derives a 64-byte long test vector using scrypt with the password -+"password", salt "NaCl" and N = 1024, r = 8, p = 16. -+ -+ EVP_KDF_CTX *kctx; -+ unsigned char out[64]; -+ -+ kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT); -+ -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) { -+ error("EVP_KDF_CTRL_SET_PASS"); -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "NaCl", (size_t)4) <= 0) { -+ error("EVP_KDF_CTRL_SET_SALT"); -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, (uint64_t)1024) <= 0) { -+ error("EVP_KDF_CTRL_SET_SCRYPT_N"); -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, (uint32_t)8) <= 0) { -+ error("EVP_KDF_CTRL_SET_SCRYPT_R"); -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, (uint32_t)16) <= 0) { -+ error("EVP_KDF_CTRL_SET_SCRYPT_P"); -+ } -+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { -+ error("EVP_KDF_derive"); -+ } -+ -+ { -+ const unsigned char expected[sizeof(out)] = { -+ 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, -+ 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, -+ 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, -+ 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, -+ 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, -+ 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, -+ 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, -+ 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 -+ }; -+ -+ assert(!memcmp(out, expected, sizeof(out))); -+ } -+ -+ EVP_KDF_CTX_free(kctx); -+ -+=head1 CONFORMING TO -+ -+RFC 7914 -+ -+=head1 SEE ALSO -+ -+L, -+L, -+L, -+L, -+L, -+L -+ -+=head1 COPYRIGHT -+ -+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. -+ -+Licensed under the OpenSSL license (the "License"). You may not use -+this file except in compliance with the License. You can obtain a copy -+in the file LICENSE in the source distribution or at -+L. -+ -+=cut -diff -up openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod ---- openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf 2021-03-03 14:08:02.493294865 +0100 -+++ openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod 2021-03-03 14:08:02.493294865 +0100 -@@ -0,0 +1,142 @@ -+=pod -+ -+=head1 NAME -+ -+EVP_KDF_TLS1_PRF - The TLS1 PRF EVP_KDF implementation -+ -+=head1 DESCRIPTION -+ -+Support for computing the B PRF through the B API. -+ -+The EVP_KDF_TLS1_PRF algorithm implements the PRF used by TLS versions up to -+and including TLS 1.2. -+ -+=head2 Numeric identity -+ -+B is the numeric identity for this implementation; it -+can be used with the EVP_KDF_CTX_new_id() function. -+ -+=head2 Supported controls -+ -+The supported controls are: -+ -+=over 4 -+ -+=item B -+ -+This control works as described in L. -+ -+The C control is used to set the message digest associated -+with the TLS PRF. EVP_md5_sha1() is treated as a special case which uses the -+PRF algorithm using both B and B as used in TLS 1.0 and 1.1. -+ -+=item B -+ -+This control expects two arguments: C, C -+ -+Sets the secret value of the TLS PRF to B bytes of the buffer B. -+Any existing secret value is replaced. -+ -+EVP_KDF_ctrl_str() takes two type strings for this control: -+ -+=over 4 -+ -+=item "secret" -+ -+The value string is used as is. -+ -+=item "hexsecret" -+ -+The value string is expected to be a hexadecimal number, which will be -+decoded before being passed on as the control value. -+ -+=back -+ -+=item B -+ -+This control does not expect any arguments. -+ -+Resets the context seed buffer to zero length. -+ -+=item B -+ -+This control expects two arguments: C, C -+ -+Sets the seed to B bytes of B. If a seed is already set it is -+appended to the existing value. -+ -+The total length of the context seed buffer cannot exceed 1024 bytes; -+this should be more than enough for any normal use of the TLS PRF. -+ -+EVP_KDF_ctrl_str() takes two type strings for this control: -+ -+=over 4 -+ -+=item "seed" -+ -+The value string is used as is. -+ -+=item "hexseed" -+ -+The value string is expected to be a hexadecimal number, which will be -+decoded before being passed on as the control value. -+ -+=back -+ -+=back -+ -+=head1 NOTES -+ -+A context for the TLS PRF can be obtained by calling: -+ -+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF, NULL); -+ -+The digest, secret value and seed must be set before a key is derived otherwise -+an error will occur. -+ -+The output length of the PRF is specified by the C parameter to the -+EVP_KDF_derive() function. -+ -+=head1 EXAMPLE -+ -+This example derives 10 bytes using SHA-256 with the secret key "secret" -+and seed value "seed": -+ -+ EVP_KDF_CTX *kctx; -+ unsigned char out[10]; -+ -+ kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF); -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { -+ error("EVP_KDF_CTRL_SET_MD"); -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET, -+ "secret", (size_t)6) <= 0) { -+ error("EVP_KDF_CTRL_SET_TLS_SECRET"); -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed", (size_t)4) <= 0) { -+ error("EVP_KDF_CTRL_ADD_TLS_SEED"); -+ } -+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { -+ error("EVP_KDF_derive"); -+ } -+ EVP_KDF_CTX_free(kctx); -+ -+=head1 SEE ALSO -+ -+L, -+L, -+L, -+L, -+L, -+L -+ -+=head1 COPYRIGHT -+ -+Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -+ -+Licensed under the Apache License 2.0 (the "License"). You may not use -+this file except in compliance with the License. You can obtain a copy -+in the file LICENSE in the source distribution or at -+L. -+ -+=cut -diff -up openssl-1.1.1j/include/crypto/evp.h.evp-kdf openssl-1.1.1j/include/crypto/evp.h ---- openssl-1.1.1j/include/crypto/evp.h.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/include/crypto/evp.h 2021-03-03 14:08:02.493294865 +0100 -@@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m - extern const EVP_PKEY_METHOD poly1305_pkey_meth; - extern const EVP_PKEY_METHOD siphash_pkey_meth; - -+/* struct evp_kdf_impl_st is defined by the implementation */ -+typedef struct evp_kdf_impl_st EVP_KDF_IMPL; -+typedef struct { -+ int type; -+ EVP_KDF_IMPL *(*new) (void); -+ void (*free) (EVP_KDF_IMPL *impl); -+ void (*reset) (EVP_KDF_IMPL *impl); -+ int (*ctrl) (EVP_KDF_IMPL *impl, int cmd, va_list args); -+ int (*ctrl_str) (EVP_KDF_IMPL *impl, const char *type, const char *value); -+ size_t (*size) (EVP_KDF_IMPL *impl); -+ int (*derive) (EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen); -+} EVP_KDF_METHOD; -+ -+extern const EVP_KDF_METHOD pbkdf2_kdf_meth; -+extern const EVP_KDF_METHOD scrypt_kdf_meth; -+extern const EVP_KDF_METHOD tls1_prf_kdf_meth; -+extern const EVP_KDF_METHOD hkdf_kdf_meth; -+ - struct evp_md_st { - int type; - int pkey_type; -diff -up openssl-1.1.1j/include/openssl/evperr.h.evp-kdf openssl-1.1.1j/include/openssl/evperr.h ---- openssl-1.1.1j/include/openssl/evperr.h.evp-kdf 2021-03-03 14:08:02.477294722 +0100 -+++ openssl-1.1.1j/include/openssl/evperr.h 2021-03-03 14:13:37.587003722 +0100 -@@ -56,6 +56,9 @@ int ERR_load_EVP_strings(void); - # define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219 - # define EVP_F_EVP_ENCRYPTFINAL_EX 127 - # define EVP_F_EVP_ENCRYPTUPDATE 167 -+# define EVP_F_EVP_KDF_CTRL 224 -+# define EVP_F_EVP_KDF_CTRL_STR 225 -+# define EVP_F_EVP_KDF_CTX_NEW_ID 226 - # define EVP_F_EVP_MD_CTX_COPY_EX 110 - # define EVP_F_EVP_MD_SIZE 162 - # define EVP_F_EVP_OPENINIT 102 -@@ -118,11 +121,13 @@ int ERR_load_EVP_strings(void); - # define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 - # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 - # define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 -+# define EVP_F_PKEY_KDF_CTRL 227 - # define EVP_F_PKEY_SET_TYPE 158 - # define EVP_F_RC2_MAGIC_TO_METH 109 - # define EVP_F_RC5_CTRL 125 - # define EVP_F_R_32_12_16_INIT_KEY 242 - # define EVP_F_S390X_AES_GCM_CTRL 201 -+# define EVP_F_SCRYPT_ALG 228 - # define EVP_F_UPDATE 173 - - /* -@@ -179,6 +184,7 @@ int ERR_load_EVP_strings(void); - # define EVP_R_ONLY_ONESHOT_SUPPORTED 177 - # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 - # define EVP_R_OPERATON_NOT_INITIALIZED 151 -+# define EVP_R_PARAMETER_TOO_LARGE 187 - # define EVP_R_OUTPUT_WOULD_OVERFLOW 184 - # define EVP_R_PARTIALLY_OVERLAPPING 162 - # define EVP_R_PBKDF2_ERROR 181 -diff -up openssl-1.1.1j/include/openssl/kdferr.h.evp-kdf openssl-1.1.1j/include/openssl/kdferr.h ---- openssl-1.1.1j/include/openssl/kdferr.h.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/include/openssl/kdferr.h 2021-03-03 14:08:02.493294865 +0100 -@@ -23,6 +23,23 @@ int ERR_load_KDF_strings(void); - /* - * KDF function codes. - */ -+# define KDF_F_HKDF_EXTRACT 112 -+# define KDF_F_KDF_HKDF_DERIVE 113 -+# define KDF_F_KDF_HKDF_NEW 114 -+# define KDF_F_KDF_HKDF_SIZE 115 -+# define KDF_F_KDF_MD2CTRL 116 -+# define KDF_F_KDF_PBKDF2_CTRL_STR 117 -+# define KDF_F_KDF_PBKDF2_DERIVE 118 -+# define KDF_F_KDF_PBKDF2_NEW 119 -+# define KDF_F_KDF_SCRYPT_CTRL_STR 120 -+# define KDF_F_KDF_SCRYPT_CTRL_UINT32 121 -+# define KDF_F_KDF_SCRYPT_CTRL_UINT64 122 -+# define KDF_F_KDF_SCRYPT_DERIVE 123 -+# define KDF_F_KDF_SCRYPT_NEW 124 -+# define KDF_F_KDF_TLS1_PRF_CTRL_STR 125 -+# define KDF_F_KDF_TLS1_PRF_DERIVE 126 -+# define KDF_F_KDF_TLS1_PRF_NEW 127 -+# define KDF_F_PBKDF2_SET_MEMBUF 128 - # define KDF_F_PKEY_HKDF_CTRL_STR 103 - # define KDF_F_PKEY_HKDF_DERIVE 102 - # define KDF_F_PKEY_HKDF_INIT 108 -@@ -34,6 +51,7 @@ int ERR_load_KDF_strings(void); - # define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 - # define KDF_F_PKEY_TLS1_PRF_DERIVE 101 - # define KDF_F_PKEY_TLS1_PRF_INIT 110 -+# define KDF_F_SCRYPT_SET_MEMBUF 129 - # define KDF_F_TLS1_PRF_ALG 111 - - /* -@@ -51,5 +69,6 @@ int ERR_load_KDF_strings(void); - # define KDF_R_UNKNOWN_PARAMETER_TYPE 103 - # define KDF_R_VALUE_ERROR 108 - # define KDF_R_VALUE_MISSING 102 -+# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112 - - #endif -diff -up openssl-1.1.1j/include/openssl/kdf.h.evp-kdf openssl-1.1.1j/include/openssl/kdf.h ---- openssl-1.1.1j/include/openssl/kdf.h.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/include/openssl/kdf.h 2021-03-03 14:08:02.493294865 +0100 -@@ -10,10 +10,50 @@ - #ifndef HEADER_KDF_H - # define HEADER_KDF_H - -+# include - # include --#ifdef __cplusplus -+# ifdef __cplusplus - extern "C" { --#endif -+# endif -+ -+# define EVP_KDF_PBKDF2 NID_id_pbkdf2 -+# define EVP_KDF_SCRYPT NID_id_scrypt -+# define EVP_KDF_TLS1_PRF NID_tls1_prf -+# define EVP_KDF_HKDF NID_hkdf -+ -+EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id); -+void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); -+ -+void EVP_KDF_reset(EVP_KDF_CTX *ctx); -+int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...); -+int EVP_KDF_vctrl(EVP_KDF_CTX *ctx, int cmd, va_list args); -+int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value); -+size_t EVP_KDF_size(EVP_KDF_CTX *ctx); -+int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); -+ -+ -+# define EVP_KDF_CTRL_SET_PASS 0x01 /* unsigned char *, size_t */ -+# define EVP_KDF_CTRL_SET_SALT 0x02 /* unsigned char *, size_t */ -+# define EVP_KDF_CTRL_SET_ITER 0x03 /* int */ -+# define EVP_KDF_CTRL_SET_MD 0x04 /* EVP_MD * */ -+# define EVP_KDF_CTRL_SET_KEY 0x05 /* unsigned char *, size_t */ -+# define EVP_KDF_CTRL_SET_MAXMEM_BYTES 0x06 /* uint64_t */ -+# define EVP_KDF_CTRL_SET_TLS_SECRET 0x07 /* unsigned char *, size_t */ -+# define EVP_KDF_CTRL_RESET_TLS_SEED 0x08 -+# define EVP_KDF_CTRL_ADD_TLS_SEED 0x09 /* unsigned char *, size_t */ -+# define EVP_KDF_CTRL_RESET_HKDF_INFO 0x0a -+# define EVP_KDF_CTRL_ADD_HKDF_INFO 0x0b /* unsigned char *, size_t */ -+# define EVP_KDF_CTRL_SET_HKDF_MODE 0x0c /* int */ -+# define EVP_KDF_CTRL_SET_SCRYPT_N 0x0d /* uint64_t */ -+# define EVP_KDF_CTRL_SET_SCRYPT_R 0x0e /* uint32_t */ -+# define EVP_KDF_CTRL_SET_SCRYPT_P 0x0f /* uint32_t */ -+ -+# define EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND 0 -+# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 -+# define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 -+ -+ -+/**** The legacy PKEY-based KDF API follows. ****/ - - # define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) - # define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) -@@ -30,9 +70,12 @@ extern "C" { - # define EVP_PKEY_CTRL_SCRYPT_P (EVP_PKEY_ALG_CTRL + 12) - # define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES (EVP_PKEY_ALG_CTRL + 13) - --# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0 --# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1 --# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2 -+# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND \ -+ EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND -+# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY \ -+ EVP_KDF_HKDF_MODE_EXTRACT_ONLY -+# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY \ -+ EVP_KDF_HKDF_MODE_EXPAND_ONLY - - # define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \ - EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ -@@ -91,7 +134,7 @@ extern "C" { - EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes) - - --# ifdef __cplusplus -+# ifdef __cplusplus - } - # endif - #endif -diff -up openssl-1.1.1j/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1j/include/openssl/ossl_typ.h ---- openssl-1.1.1j/include/openssl/ossl_typ.h.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/include/openssl/ossl_typ.h 2021-03-03 14:08:02.493294865 +0100 -@@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E - typedef struct evp_pkey_method_st EVP_PKEY_METHOD; - typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; - -+typedef struct evp_kdf_ctx_st EVP_KDF_CTX; -+ - typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; - - typedef struct hmac_ctx_st HMAC_CTX; -diff -up openssl-1.1.1j/test/build.info.evp-kdf openssl-1.1.1j/test/build.info ---- openssl-1.1.1j/test/build.info.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/test/build.info 2021-03-03 14:08:02.493294865 +0100 -@@ -44,7 +44,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I - ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ - bio_callback_test bio_memleak_test \ - bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \ -- pkey_meth_test pkey_meth_kdf_test uitest cipherbytes_test \ -+ pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \ -+ cipherbytes_test \ - asn1_encode_test asn1_decode_test asn1_string_table_test \ - x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \ - recordlentest drbgtest sslbuffertest \ -@@ -336,6 +337,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I - INCLUDE[pkey_meth_kdf_test]=../include - DEPEND[pkey_meth_kdf_test]=../libcrypto libtestutil.a - -+ SOURCE[evp_kdf_test]=evp_kdf_test.c -+ INCLUDE[evp_kdf_test]=../include -+ DEPEND[evp_kdf_test]=../libcrypto libtestutil.a -+ - SOURCE[x509_time_test]=x509_time_test.c - INCLUDE[x509_time_test]=../include - DEPEND[x509_time_test]=../libcrypto libtestutil.a -diff -up openssl-1.1.1j/test/evp_kdf_test.c.evp-kdf openssl-1.1.1j/test/evp_kdf_test.c ---- openssl-1.1.1j/test/evp_kdf_test.c.evp-kdf 2021-03-03 14:08:02.494294874 +0100 -+++ openssl-1.1.1j/test/evp_kdf_test.c 2021-03-03 14:08:02.494294874 +0100 -@@ -0,0 +1,237 @@ -+/* -+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+/* Tests of the EVP_KDF_CTX APIs */ -+ -+#include -+#include -+ -+#include -+#include -+#include "testutil.h" -+ -+static int test_kdf_tls1_prf(void) -+{ -+ int ret = 0; -+ EVP_KDF_CTX *kctx; -+ unsigned char out[16]; -+ -+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF)) == NULL) { -+ TEST_error("EVP_KDF_TLS1_PRF"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_MD"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET, -+ "secret", (size_t)6) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_TLS_SECRET"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed", (size_t)4) <= 0) { -+ TEST_error("EVP_KDF_CTRL_ADD_TLS_SEED"); -+ goto err; -+ } -+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { -+ TEST_error("EVP_KDF_derive"); -+ goto err; -+ } -+ -+ { -+ const unsigned char expected[sizeof(out)] = { -+ 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0, -+ 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc -+ }; -+ if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { -+ goto err; -+ } -+ } -+ ret = 1; -+err: -+ EVP_KDF_CTX_free(kctx); -+ return ret; -+} -+ -+static int test_kdf_hkdf(void) -+{ -+ int ret = 0; -+ EVP_KDF_CTX *kctx; -+ unsigned char out[10]; -+ -+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF)) == NULL) { -+ TEST_error("EVP_KDF_HKDF"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_MD"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_SALT"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KEY"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO, -+ "label", (size_t)5) <= 0) { -+ TEST_error("EVP_KDF_CTRL_ADD_HKDF_INFO"); -+ goto err; -+ } -+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { -+ TEST_error("EVP_KDF_derive"); -+ goto err; -+ } -+ -+ { -+ const unsigned char expected[sizeof(out)] = { -+ 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13 -+ }; -+ if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { -+ goto err; -+ } -+ } -+ ret = 1; -+err: -+ EVP_KDF_CTX_free(kctx); -+ return ret; -+} -+ -+static int test_kdf_pbkdf2(void) -+{ -+ int ret = 0; -+ EVP_KDF_CTX *kctx; -+ unsigned char out[32]; -+ -+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) { -+ TEST_error("EVP_KDF_PBKDF2"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_PASS"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_SALT"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_ITER"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_MD"); -+ goto err; -+ } -+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { -+ TEST_error("EVP_KDF_derive"); -+ goto err; -+ } -+ -+ { -+ const unsigned char expected[sizeof(out)] = { -+ 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3, -+ 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0, -+ 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf, -+ 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43 -+ }; -+ if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { -+ goto err; -+ } -+ } -+ ret = 1; -+err: -+ EVP_KDF_CTX_free(kctx); -+ return ret; -+} -+ -+#ifndef OPENSSL_NO_SCRYPT -+static int test_kdf_scrypt(void) -+{ -+ int ret = 0; -+ EVP_KDF_CTX *kctx; -+ unsigned char out[64]; -+ -+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT)) == NULL) { -+ TEST_error("EVP_KDF_SCRYPT"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_PASS"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "NaCl", (size_t)4) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_SALT"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, (uint64_t)1024) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_SCRYPT_N"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, (uint32_t)8) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_SCRYPT_R"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, (uint32_t)16) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_SCRYPT_P"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, (uint64_t)16) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_MAXMEM_BYTES"); -+ goto err; -+ } -+ if (EVP_KDF_derive(kctx, out, sizeof(out)) > 0) { -+ TEST_error("EVP_KDF_derive should have failed"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, -+ (uint64_t)(10 * 1024 * 1024)) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_MAXMEM_BYTES"); -+ goto err; -+ } -+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { -+ TEST_error("EVP_KDF_derive"); -+ goto err; -+ } -+ -+ { -+ const unsigned char expected[sizeof(out)] = { -+ 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, -+ 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, -+ 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, -+ 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, -+ 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, -+ 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, -+ 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, -+ 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 -+ }; -+ if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { -+ goto err; -+ } -+ } -+ ret = 1; -+err: -+ EVP_KDF_CTX_free(kctx); -+ return ret; -+} -+#endif -+ -+int setup_tests(void) -+{ -+ ADD_TEST(test_kdf_tls1_prf); -+ ADD_TEST(test_kdf_hkdf); -+ ADD_TEST(test_kdf_pbkdf2); -+#ifndef OPENSSL_NO_SCRYPT -+ ADD_TEST(test_kdf_scrypt); -+#endif -+ return 1; -+} -diff -up openssl-1.1.1j/test/evp_test.c.evp-kdf openssl-1.1.1j/test/evp_test.c ---- openssl-1.1.1j/test/evp_test.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/test/evp_test.c 2021-03-03 14:08:02.494294874 +0100 -@@ -1705,13 +1705,14 @@ static const EVP_TEST_METHOD encode_test - encode_test_run, - }; - -+ - /** - *** KDF TESTS - **/ - - typedef struct kdf_data_st { - /* Context for this operation */ -- EVP_PKEY_CTX *ctx; -+ EVP_KDF_CTX *ctx; - /* Expected output */ - unsigned char *output; - size_t output_len; -@@ -1738,16 +1739,11 @@ static int kdf_test_init(EVP_TEST *t, co - - if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) - return 0; -- kdata->ctx = EVP_PKEY_CTX_new_id(kdf_nid, NULL); -+ kdata->ctx = EVP_KDF_CTX_new_id(kdf_nid); - if (kdata->ctx == NULL) { - OPENSSL_free(kdata); - return 0; - } -- if (EVP_PKEY_derive_init(kdata->ctx) <= 0) { -- EVP_PKEY_CTX_free(kdata->ctx); -- OPENSSL_free(kdata); -- return 0; -- } - t->data = kdata; - return 1; - } -@@ -1756,7 +1752,42 @@ static void kdf_test_cleanup(EVP_TEST *t - { - KDF_DATA *kdata = t->data; - OPENSSL_free(kdata->output); -- EVP_PKEY_CTX_free(kdata->ctx); -+ EVP_KDF_CTX_free(kdata->ctx); -+} -+ -+static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, -+ const char *value) -+{ -+ int rv; -+ char *p, *tmpval; -+ -+ if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) -+ return 0; -+ p = strchr(tmpval, ':'); -+ if (p != NULL) -+ *p++ = '\0'; -+ rv = EVP_KDF_ctrl_str(kctx, tmpval, p); -+ if (rv == -2) { -+ t->err = "KDF_CTRL_INVALID"; -+ rv = 1; -+ } else if (p != NULL && rv <= 0) { -+ /* If p has an OID and lookup fails assume disabled algorithm */ -+ int nid = OBJ_sn2nid(p); -+ -+ if (nid == NID_undef) -+ nid = OBJ_ln2nid(p); -+ if (nid != NID_undef -+ && EVP_get_digestbynid(nid) == NULL -+ && EVP_get_cipherbynid(nid) == NULL) { -+ t->skip = 1; -+ rv = 1; -+ } else { -+ t->err = "KDF_CTRL_ERROR"; -+ rv = 1; -+ } -+ } -+ OPENSSL_free(tmpval); -+ return rv > 0; - } - - static int kdf_test_parse(EVP_TEST *t, -@@ -1767,7 +1798,7 @@ static int kdf_test_parse(EVP_TEST *t, - if (strcmp(keyword, "Output") == 0) - return parse_bin(value, &kdata->output, &kdata->output_len); - if (strncmp(keyword, "Ctrl", 4) == 0) -- return pkey_test_ctrl(t, kdata->ctx, value); -+ return kdf_test_ctrl(t, kdata->ctx, value); - return 0; - } - -@@ -1781,7 +1812,7 @@ static int kdf_test_run(EVP_TEST *t) - t->err = "INTERNAL_ERROR"; - goto err; - } -- if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) { -+ if (EVP_KDF_derive(expected->ctx, got, got_len) <= 0) { - t->err = "KDF_DERIVE_ERROR"; - goto err; - } -@@ -1807,6 +1838,106 @@ static const EVP_TEST_METHOD kdf_test_me - - - /** -+*** PKEY KDF TESTS -+**/ -+ -+typedef struct pkey_kdf_data_st { -+ /* Context for this operation */ -+ EVP_PKEY_CTX *ctx; -+ /* Expected output */ -+ unsigned char *output; -+ size_t output_len; -+} PKEY_KDF_DATA; -+ -+/* -+ * Perform public key operation setup: lookup key, allocated ctx and call -+ * the appropriate initialisation function -+ */ -+static int pkey_kdf_test_init(EVP_TEST *t, const char *name) -+{ -+ PKEY_KDF_DATA *kdata; -+ int kdf_nid = OBJ_sn2nid(name); -+ -+#ifdef OPENSSL_NO_SCRYPT -+ if (strcmp(name, "scrypt") == 0) { -+ t->skip = 1; -+ return 1; -+ } -+#endif -+ -+ if (kdf_nid == NID_undef) -+ kdf_nid = OBJ_ln2nid(name); -+ -+ if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) -+ return 0; -+ kdata->ctx = EVP_PKEY_CTX_new_id(kdf_nid, NULL); -+ if (kdata->ctx == NULL) { -+ OPENSSL_free(kdata); -+ return 0; -+ } -+ if (EVP_PKEY_derive_init(kdata->ctx) <= 0) { -+ EVP_PKEY_CTX_free(kdata->ctx); -+ OPENSSL_free(kdata); -+ return 0; -+ } -+ t->data = kdata; -+ return 1; -+} -+ -+static void pkey_kdf_test_cleanup(EVP_TEST *t) -+{ -+ PKEY_KDF_DATA *kdata = t->data; -+ OPENSSL_free(kdata->output); -+ EVP_PKEY_CTX_free(kdata->ctx); -+} -+ -+static int pkey_kdf_test_parse(EVP_TEST *t, -+ const char *keyword, const char *value) -+{ -+ PKEY_KDF_DATA *kdata = t->data; -+ -+ if (strcmp(keyword, "Output") == 0) -+ return parse_bin(value, &kdata->output, &kdata->output_len); -+ if (strncmp(keyword, "Ctrl", 4) == 0) -+ return pkey_test_ctrl(t, kdata->ctx, value); -+ return 0; -+} -+ -+static int pkey_kdf_test_run(EVP_TEST *t) -+{ -+ PKEY_KDF_DATA *expected = t->data; -+ unsigned char *got = NULL; -+ size_t got_len = expected->output_len; -+ -+ if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { -+ t->err = "INTERNAL_ERROR"; -+ goto err; -+ } -+ if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) { -+ t->err = "KDF_DERIVE_ERROR"; -+ goto err; -+ } -+ if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) { -+ t->err = "KDF_MISMATCH"; -+ goto err; -+ } -+ t->err = NULL; -+ -+ err: -+ OPENSSL_free(got); -+ return 1; -+} -+ -+static const EVP_TEST_METHOD pkey_kdf_test_method = { -+ "PKEYKDF", -+ pkey_kdf_test_init, -+ pkey_kdf_test_cleanup, -+ pkey_kdf_test_parse, -+ pkey_kdf_test_run -+}; -+ -+ -+/** - *** KEYPAIR TESTS - **/ - -@@ -2310,6 +2441,7 @@ static const EVP_TEST_METHOD *evp_test_l - &digestverify_test_method, - &encode_test_method, - &kdf_test_method, -+ &pkey_kdf_test_method, - &keypair_test_method, - &keygen_test_method, - &mac_test_method, -diff -up openssl-1.1.1j/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1j/test/pkey_meth_kdf_test.c ---- openssl-1.1.1j/test/pkey_meth_kdf_test.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/test/pkey_meth_kdf_test.c 2021-03-03 14:08:02.494294874 +0100 -@@ -1,5 +1,5 @@ - /* -- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -18,30 +18,34 @@ - - static int test_kdf_tls1_prf(void) - { -+ int ret = 0; - EVP_PKEY_CTX *pctx; - unsigned char out[16]; - size_t outlen = sizeof(out); -- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); - -+ if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL)) == NULL) { -+ TEST_error("EVP_PKEY_TLS1_PRF"); -+ goto err; -+ } - if (EVP_PKEY_derive_init(pctx) <= 0) { - TEST_error("EVP_PKEY_derive_init"); -- return 0; -+ goto err; - } - if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) { - TEST_error("EVP_PKEY_CTX_set_tls1_prf_md"); -- return 0; -+ goto err; - } - if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0) { - TEST_error("EVP_PKEY_CTX_set1_tls1_prf_secret"); -- return 0; -+ goto err; - } - if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0) { - TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); -- return 0; -+ goto err; - } - if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { - TEST_error("EVP_PKEY_derive"); -- return 0; -+ goto err; - } - - { -@@ -50,43 +54,49 @@ static int test_kdf_tls1_prf(void) - 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc - }; - if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { -- return 0; -+ goto err; - } - } -+ ret = 1; -+err: - EVP_PKEY_CTX_free(pctx); -- return 1; -+ return ret; - } - - static int test_kdf_hkdf(void) - { -+ int ret = 0; - EVP_PKEY_CTX *pctx; - unsigned char out[10]; - size_t outlen = sizeof(out); -- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); - -+ if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)) == NULL) { -+ TEST_error("EVP_PKEY_HKDF"); -+ goto err; -+ } - if (EVP_PKEY_derive_init(pctx) <= 0) { - TEST_error("EVP_PKEY_derive_init"); -- return 0; -+ goto err; - } - if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) { - TEST_error("EVP_PKEY_CTX_set_hkdf_md"); -- return 0; -+ goto err; - } - if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0) { - TEST_error("EVP_PKEY_CTX_set1_hkdf_salt"); -- return 0; -+ goto err; - } - if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0) { - TEST_error("EVP_PKEY_CTX_set1_hkdf_key"); -- return 0; -+ goto err; - } - if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 5) <= 0) { - TEST_error("EVP_PKEY_CTX_set1_hkdf_info"); -- return 0; -+ goto err; - } - if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { - TEST_error("EVP_PKEY_derive"); -- return 0; -+ goto err; - } - - { -@@ -94,60 +104,66 @@ static int test_kdf_hkdf(void) - 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13 - }; - if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { -- return 0; -+ goto err; - } - } -+ ret = 1; -+err: - EVP_PKEY_CTX_free(pctx); -- return 1; -+ return ret; - } - - #ifndef OPENSSL_NO_SCRYPT - static int test_kdf_scrypt(void) - { -+ int ret = 0; - EVP_PKEY_CTX *pctx; - unsigned char out[64]; - size_t outlen = sizeof(out); -- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL); - -+ if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL)) == NULL) { -+ TEST_error("EVP_PKEY_SCRYPT"); -+ goto err; -+ } - if (EVP_PKEY_derive_init(pctx) <= 0) { - TEST_error("EVP_PKEY_derive_init"); -- return 0; -+ goto err; - } - if (EVP_PKEY_CTX_set1_pbe_pass(pctx, "password", 8) <= 0) { - TEST_error("EVP_PKEY_CTX_set1_pbe_pass"); -- return 0; -+ goto err; - } - if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, "NaCl", 4) <= 0) { - TEST_error("EVP_PKEY_CTX_set1_scrypt_salt"); -- return 0; -+ goto err; - } - if (EVP_PKEY_CTX_set_scrypt_N(pctx, 1024) <= 0) { - TEST_error("EVP_PKEY_CTX_set_scrypt_N"); -- return 0; -+ goto err; - } - if (EVP_PKEY_CTX_set_scrypt_r(pctx, 8) <= 0) { - TEST_error("EVP_PKEY_CTX_set_scrypt_r"); -- return 0; -+ goto err; - } - if (EVP_PKEY_CTX_set_scrypt_p(pctx, 16) <= 0) { - TEST_error("EVP_PKEY_CTX_set_scrypt_p"); -- return 0; -+ goto err; - } - if (EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, 16) <= 0) { - TEST_error("EVP_PKEY_CTX_set_maxmem_bytes"); -- return 0; -+ goto err; - } - if (EVP_PKEY_derive(pctx, out, &outlen) > 0) { - TEST_error("EVP_PKEY_derive should have failed"); -- return 0; -+ goto err; - } - if (EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, 10 * 1024 * 1024) <= 0) { - TEST_error("EVP_PKEY_CTX_set_maxmem_bytes"); -- return 0; -+ goto err; - } - if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { - TEST_error("EVP_PKEY_derive"); -- return 0; -+ goto err; - } - - { -@@ -162,11 +178,13 @@ static int test_kdf_scrypt(void) - 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 - }; - if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { -- return 0; -+ goto err; - } - } -+ ret = 1; -+err: - EVP_PKEY_CTX_free(pctx); -- return 1; -+ return ret; - } - #endif - -diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt ---- openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt 2021-03-03 14:08:02.494294874 +0100 -@@ -1,5 +1,5 @@ - # --# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. -+# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. - # - # Licensed under the OpenSSL license (the "License"). You may not use - # this file except in compliance with the License. You can obtain a copy -@@ -15,7 +15,7 @@ - Title = TLS1 PRF tests (from NIST test vectors) - - KDF=TLS1-PRF --Ctrl.md = md:MD5-SHA1 -+Ctrl.digest = digest:MD5-SHA1 - Ctrl.Secret = hexsecret:bded7fa5c1699c010be23dd06ada3a48349f21e5f86263d512c0c5cc379f0e780ec55d9844b2f1db02a96453513568d0 - Ctrl.label = seed:master secret - Ctrl.client_random = hexseed:e5acaf549cd25c22d964c0d930fa4b5261d2507fad84c33715b7b9a864020693 -@@ -23,7 +23,7 @@ Ctrl.server_random = hexseed:135e4d557fd - Output = 2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62 - - KDF=TLS1-PRF --Ctrl.md = md:MD5-SHA1 -+Ctrl.digest = digest:MD5-SHA1 - Ctrl.Secret = hexsecret:2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62 - Ctrl.label = seed:key expansion - Ctrl.server_random = hexseed:67267e650eb32444119d222a368c191af3082888dc35afe8368e638c828874be -@@ -31,7 +31,7 @@ Ctrl.client_random = hexseed:d58a7b1cd4f - Output = 3088825988e77fce68d19f756e18e43eb7fe672433504feaf99b3c503d9091b164f166db301d70c9fc0870b4a94563907bee1a61fb786cb717576890bcc51cb9ead97e01d0a2fea99c953377b195205ff07b369589178796edc963fd80fdbe518a2fc1c35c18ae8d - - KDF=TLS1-PRF --Ctrl.md = md:SHA256 -+Ctrl.digest = digest:SHA256 - Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc - Ctrl.label = seed:master secret - Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c -@@ -39,7 +39,7 @@ Ctrl.server_random = hexseed:f6c9575ed7d - Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf - - KDF=TLS1-PRF --Ctrl.md = md:SHA256 -+Ctrl.digest = digest:SHA256 - Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf - Ctrl.label = seed:key expansion - Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868 -@@ -48,7 +48,7 @@ Output = d06139889fffac1e3a71865f504aa5d - - # As above but use long name for KDF - KDF=tls1-prf --Ctrl.md = md:SHA256 -+Ctrl.digest = digest:SHA256 - Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf - Ctrl.label = seed:key expansion - Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868 -@@ -64,7 +64,7 @@ Result = KDF_DERIVE_ERROR - - # Missing secret. - KDF=TLS1-PRF --Ctrl.md = md:MD5-SHA1 -+Ctrl.digest = digest:MD5-SHA1 - Ctrl.Seed = hexseed:02 - Output = 03 - Result = KDF_DERIVE_ERROR -@@ -72,7 +72,7 @@ Result = KDF_DERIVE_ERROR - Title = HKDF tests (from RFC5869 test vectors) - - KDF = HKDF --Ctrl.md = md:SHA256 -+Ctrl.digest = digest:SHA256 - Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b - Ctrl.salt = hexsalt:000102030405060708090a0b0c - Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 -@@ -80,20 +80,20 @@ Output = 3cb25f25faacd57a90434f64d0362f2 - - KDF = HKDF - Ctrl.mode = mode:EXTRACT_ONLY --Ctrl.md = md:SHA256 -+Ctrl.digest = digest:SHA256 - Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b - Ctrl.salt = hexsalt:000102030405060708090a0b0c - Output = 077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5 - - KDF = HKDF - Ctrl.mode = mode:EXPAND_ONLY --Ctrl.md = md:SHA256 -+Ctrl.digest = digest:SHA256 - Ctrl.IKM = hexkey:077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5 - Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 - Output = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865 - - KDF = HKDF --Ctrl.md = md:SHA256 -+Ctrl.digest = digest:SHA256 - Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f - Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf - Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -@@ -101,20 +101,20 @@ Output = b11e398dc80327a1c8e7f78c596a493 - - KDF = HKDF - Ctrl.mode = mode:EXTRACT_ONLY --Ctrl.md = md:SHA256 -+Ctrl.digest = digest:SHA256 - Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f - Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf - Output = 06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244 - - KDF = HKDF - Ctrl.mode = mode:EXPAND_ONLY --Ctrl.md = md:SHA256 -+Ctrl.digest = digest:SHA256 - Ctrl.IKM = hexkey:06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244 - Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff - Output = b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87 - - KDF = HKDF --Ctrl.md = md:SHA256 -+Ctrl.digest = digest:SHA256 - Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b - Ctrl.salt = salt: - Ctrl.info = info: -@@ -122,7 +122,7 @@ Output = 8da4e775a563c18f715f802a063c5a3 - - KDF = HKDF - Ctrl.mode = mode:EXTRACT_ONLY --Ctrl.md = md:SHA256 -+Ctrl.digest = digest:SHA256 - Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b - Ctrl.salt = salt: - Ctrl.info = info: -@@ -130,13 +130,13 @@ Output = 19ef24a32c717b167f33a91d6f648bd - - KDF = HKDF - Ctrl.mode = mode:EXPAND_ONLY --Ctrl.md = md:SHA256 -+Ctrl.digest = digest:SHA256 - Ctrl.IKM = hexkey:19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04 - Ctrl.info = info: - Output = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8 - - KDF = HKDF --Ctrl.md = md:SHA1 -+Ctrl.digest = digest:SHA1 - Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b - Ctrl.salt = hexsalt:000102030405060708090a0b0c - Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 -@@ -144,20 +144,20 @@ Output = 085a01ea1b10f36933068b56efa5ad8 - - KDF = HKDF - Ctrl.mode = mode:EXTRACT_ONLY --Ctrl.md = md:SHA1 -+Ctrl.digest = digest:SHA1 - Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b - Ctrl.salt = hexsalt:000102030405060708090a0b0c - Output = 9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243 - - KDF = HKDF - Ctrl.mode = mode:EXPAND_ONLY --Ctrl.md = md:SHA1 -+Ctrl.digest = digest:SHA1 - Ctrl.IKM = hexkey:9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243 - Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 - Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896 - - KDF = HKDF --Ctrl.md = md:SHA1 -+Ctrl.digest = digest:SHA1 - Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f - Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf - Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -@@ -165,20 +165,20 @@ Output = 0bd770a74d1160f7c9f12cd5912a06e - - KDF = HKDF - Ctrl.mode = mode:EXTRACT_ONLY --Ctrl.md = md:SHA1 -+Ctrl.digest = digest:SHA1 - Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f - Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf - Output = 8adae09a2a307059478d309b26c4115a224cfaf6 - - KDF = HKDF - Ctrl.mode = mode:EXPAND_ONLY --Ctrl.md = md:SHA1 -+Ctrl.digest = digest:SHA1 - Ctrl.IKM = hexkey:8adae09a2a307059478d309b26c4115a224cfaf6 - Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff - Output = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4 - - KDF = HKDF --Ctrl.md = md:SHA1 -+Ctrl.digest = digest:SHA1 - Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b - Ctrl.salt = salt: - Ctrl.info = info: -@@ -186,20 +186,20 @@ Output = 0ac1af7002b3d761d1e55298da9d050 - - KDF = HKDF - Ctrl.mode = mode:EXTRACT_ONLY --Ctrl.md = md:SHA1 -+Ctrl.digest = digest:SHA1 - Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b - Ctrl.salt = salt: - Output = da8c8a73c7fa77288ec6f5e7c297786aa0d32d01 - - KDF = HKDF - Ctrl.mode = mode:EXPAND_ONLY --Ctrl.md = md:SHA1 -+Ctrl.digest = digest:SHA1 - Ctrl.IKM = hexkey:da8c8a73c7fa77288ec6f5e7c297786aa0d32d01 - Ctrl.info = info: - Output = 0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918 - - KDF = HKDF --Ctrl.md = md:SHA1 -+Ctrl.digest = digest:SHA1 - Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c - Ctrl.salt = salt: - Ctrl.info = info: -@@ -207,14 +207,14 @@ Output = 2c91117204d745f3500d636a62f64f0 - - KDF = HKDF - Ctrl.mode = mode:EXTRACT_ONLY --Ctrl.md = md:SHA1 -+Ctrl.digest = digest:SHA1 - Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c - Ctrl.salt = salt: - Output = 2adccada18779e7c2077ad2eb19d3f3e731385dd - - KDF = HKDF - Ctrl.mode = mode:EXPAND_ONLY --Ctrl.md = md:SHA1 -+Ctrl.digest = digest:SHA1 - Ctrl.IKM = hexkey:2adccada18779e7c2077ad2eb19d3f3e731385dd - Ctrl.info = info: - Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 -@@ -227,27 +227,27 @@ Output = 00 - Result = KDF_DERIVE_ERROR - - KDF = HKDF --Ctrl.md = md:SHA1 -+Ctrl.digest = digest:SHA1 - Ctrl.salt = salt: - Ctrl.info = info: - Output = 00 - Result = KDF_DERIVE_ERROR - - KDF = HKDF --Ctrl.md = md:SHA1 -+Ctrl.digest = digest:SHA1 - Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c - Ctrl.info = info: - Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 - - KDF = HKDF --Ctrl.md = md:SHA1 -+Ctrl.digest = digest:SHA1 - Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c - Ctrl.salt = salt: - Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 - - KDF = HKDF - Ctrl.mode = mode:EXTRACT_AND_EXPAND --Ctrl.md = md:SHA1 -+Ctrl.digest = digest:SHA1 - Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c - Ctrl.salt = salt: - Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 -@@ -303,3 +303,133 @@ Ctrl.r = r:8 - Ctrl.p = p:1 - Result = INTERNAL_ERROR - -+Title = PBKDF2 tests -+ -+KDF = PBKDF2 -+Ctrl.pass = pass:password -+Ctrl.salt = salt:salt -+Ctrl.iter = iter:1 -+Ctrl.digest = digest:sha1 -+Output = 0c60c80f961f0e71f3a9b524af6012062fe037a6 -+ -+KDF = PBKDF2 -+Ctrl.pass = pass:password -+Ctrl.salt = salt:salt -+Ctrl.iter = iter:1 -+Ctrl.digest = digest:sha256 -+Output = 120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b -+ -+KDF = PBKDF2 -+Ctrl.pass = pass:password -+Ctrl.salt = salt:salt -+Ctrl.iter = iter:1 -+Ctrl.digest = digest:sha512 -+Output = 867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d470a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce -+ -+KDF = PBKDF2 -+Ctrl.pass = pass:password -+Ctrl.salt = salt:salt -+Ctrl.iter = iter:2 -+Ctrl.digest = digest:sha1 -+Output = ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957 -+ -+KDF = PBKDF2 -+Ctrl.pass = pass:password -+Ctrl.salt = salt:salt -+Ctrl.iter = iter:2 -+Ctrl.digest = digest:sha256 -+Output = ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43 -+ -+KDF = PBKDF2 -+Ctrl.pass = pass:password -+Ctrl.salt = salt:salt -+Ctrl.iter = iter:2 -+Ctrl.digest = digest:sha512 -+Output = e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e -+ -+KDF = PBKDF2 -+Ctrl.pass = pass:password -+Ctrl.salt = salt:salt -+Ctrl.iter = iter:4096 -+Ctrl.digest = digest:sha1 -+Output = 4b007901b765489abead49d926f721d065a429c1 -+ -+KDF = PBKDF2 -+Ctrl.pass = pass:password -+Ctrl.salt = salt:salt -+Ctrl.iter = iter:4096 -+Ctrl.digest = digest:sha256 -+Output = c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a -+ -+KDF = PBKDF2 -+Ctrl.pass = pass:password -+Ctrl.salt = salt:salt -+Ctrl.iter = iter:4096 -+Ctrl.digest = digest:sha512 -+Output = d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5 -+ -+KDF = PBKDF2 -+Ctrl.pass = pass:passwordPASSWORDpassword -+Ctrl.salt = salt:saltSALTsaltSALTsaltSALTsaltSALTsalt -+Ctrl.iter = iter:4096 -+Ctrl.digest = digest:sha1 -+Output = 3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038 -+ -+KDF = PBKDF2 -+Ctrl.pass = pass:passwordPASSWORDpassword -+Ctrl.salt = salt:saltSALTsaltSALTsaltSALTsaltSALTsalt -+Ctrl.iter = iter:4096 -+Ctrl.digest = digest:sha256 -+Output = 348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c635518c7dac47e9 -+ -+KDF = PBKDF2 -+Ctrl.pass = pass:passwordPASSWORDpassword -+Ctrl.salt = salt:saltSALTsaltSALTsaltSALTsaltSALTsalt -+Ctrl.iter = iter:4096 -+Ctrl.digest = digest:sha512 -+Output = 8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8 -+ -+KDF = PBKDF2 -+Ctrl.hexpass = hexpass:7061737300776f7264 -+Ctrl.hexsalt = hexsalt:7361006c74 -+Ctrl.iter = iter:4096 -+Ctrl.digest = digest:sha1 -+Output = 56fa6aa75548099dcc37d7f03425e0c3 -+ -+KDF = PBKDF2 -+Ctrl.hexpass = hexpass:7061737300776f7264 -+Ctrl.hexsalt = hexsalt:7361006c74 -+Ctrl.iter = iter:4096 -+Ctrl.digest = digest:sha256 -+Output = 89b69d0516f829893c696226650a8687 -+ -+KDF = PBKDF2 -+Ctrl.hexpass = hexpass:7061737300776f7264 -+Ctrl.hexsalt = hexsalt:7361006c74 -+Ctrl.iter = iter:4096 -+Ctrl.digest = digest:sha512 -+Output = 9d9e9c4cd21fe4be24d5b8244c759665 -+ -+Title = PBKDF2 tests for empty inputs -+ -+KDF = PBKDF2 -+Ctrl.pass = pass: -+Ctrl.salt = salt:salt -+Ctrl.iter = iter:1 -+Ctrl.digest = digest:sha1 -+Output = a33dddc30478185515311f8752895d36ea4363a2 -+ -+KDF = PBKDF2 -+Ctrl.pass = pass: -+Ctrl.salt = salt:salt -+Ctrl.iter = iter:1 -+Ctrl.digest = digest:sha256 -+Output = f135c27993baf98773c5cdb40a5706ce6a345cde -+ -+KDF = PBKDF2 -+Ctrl.pass = pass: -+Ctrl.salt = salt:salt -+Ctrl.iter = iter:1 -+Ctrl.digest = digest:sha512 -+Output = 00ef42cdbfc98d29db20976608e455567fdddf14 -+ -diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt ---- openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf 2021-03-03 14:08:02.494294874 +0100 -+++ openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt 2021-03-03 14:08:02.494294874 +0100 -@@ -0,0 +1,305 @@ -+# -+# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+# Tests start with one of these keywords -+# Cipher Decrypt Derive Digest Encoding KDF PKEYKDF MAC PBE -+# PrivPubKeyPair Sign Verify VerifyRecover -+# and continue until a blank line. Lines starting with a pound sign, -+# like this prolog, are ignored. -+ -+Title = TLS1 PRF tests (from NIST test vectors) -+ -+PKEYKDF=TLS1-PRF -+Ctrl.md = md:MD5-SHA1 -+Ctrl.Secret = hexsecret:bded7fa5c1699c010be23dd06ada3a48349f21e5f86263d512c0c5cc379f0e780ec55d9844b2f1db02a96453513568d0 -+Ctrl.label = seed:master secret -+Ctrl.client_random = hexseed:e5acaf549cd25c22d964c0d930fa4b5261d2507fad84c33715b7b9a864020693 -+Ctrl.server_random = hexseed:135e4d557fdf3aa6406d82975d5c606a9734c9334b42136e96990fbd5358cdb2 -+Output = 2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62 -+ -+PKEYKDF=TLS1-PRF -+Ctrl.md = md:MD5-SHA1 -+Ctrl.Secret = hexsecret:2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62 -+Ctrl.label = seed:key expansion -+Ctrl.server_random = hexseed:67267e650eb32444119d222a368c191af3082888dc35afe8368e638c828874be -+Ctrl.client_random = hexseed:d58a7b1cd4fedaa232159df652ce188f9d997e061b9bf48e83b62990440931f6 -+Output = 3088825988e77fce68d19f756e18e43eb7fe672433504feaf99b3c503d9091b164f166db301d70c9fc0870b4a94563907bee1a61fb786cb717576890bcc51cb9ead97e01d0a2fea99c953377b195205ff07b369589178796edc963fd80fdbe518a2fc1c35c18ae8d -+ -+PKEYKDF=TLS1-PRF -+Ctrl.md = md:SHA256 -+Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc -+Ctrl.label = seed:master secret -+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c -+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce -+Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf -+ -+PKEYKDF=TLS1-PRF -+Ctrl.md = md:SHA256 -+Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf -+Ctrl.label = seed:key expansion -+Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868 -+Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616 -+Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928 -+ -+# As above but use long name for KDF -+PKEYKDF=tls1-prf -+Ctrl.md = md:SHA256 -+Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf -+Ctrl.label = seed:key expansion -+Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868 -+Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616 -+Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928 -+ -+# Missing digest. -+PKEYKDF=TLS1-PRF -+Ctrl.Secret = hexsecret:01 -+Ctrl.Seed = hexseed:02 -+Output = 03 -+Result = KDF_DERIVE_ERROR -+ -+# Missing secret. -+PKEYKDF=TLS1-PRF -+Ctrl.md = md:MD5-SHA1 -+Ctrl.Seed = hexseed:02 -+Output = 03 -+Result = KDF_DERIVE_ERROR -+ -+Title = HKDF tests (from RFC5869 test vectors) -+ -+PKEYKDF = HKDF -+Ctrl.md = md:SHA256 -+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b -+Ctrl.salt = hexsalt:000102030405060708090a0b0c -+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 -+Output = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865 -+ -+PKEYKDF = HKDF -+Ctrl.mode = mode:EXTRACT_ONLY -+Ctrl.md = md:SHA256 -+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b -+Ctrl.salt = hexsalt:000102030405060708090a0b0c -+Output = 077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5 -+ -+PKEYKDF = HKDF -+Ctrl.mode = mode:EXPAND_ONLY -+Ctrl.md = md:SHA256 -+Ctrl.IKM = hexkey:077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5 -+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 -+Output = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865 -+ -+PKEYKDF = HKDF -+Ctrl.md = md:SHA256 -+Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f -+Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf -+Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -+Output = b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87 -+ -+PKEYKDF = HKDF -+Ctrl.mode = mode:EXTRACT_ONLY -+Ctrl.md = md:SHA256 -+Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f -+Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf -+Output = 06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244 -+ -+PKEYKDF = HKDF -+Ctrl.mode = mode:EXPAND_ONLY -+Ctrl.md = md:SHA256 -+Ctrl.IKM = hexkey:06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244 -+Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -+Output = b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87 -+ -+PKEYKDF = HKDF -+Ctrl.md = md:SHA256 -+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b -+Ctrl.salt = salt: -+Ctrl.info = info: -+Output = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8 -+ -+PKEYKDF = HKDF -+Ctrl.mode = mode:EXTRACT_ONLY -+Ctrl.md = md:SHA256 -+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b -+Ctrl.salt = salt: -+Ctrl.info = info: -+Output = 19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04 -+ -+PKEYKDF = HKDF -+Ctrl.mode = mode:EXPAND_ONLY -+Ctrl.md = md:SHA256 -+Ctrl.IKM = hexkey:19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04 -+Ctrl.info = info: -+Output = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8 -+ -+PKEYKDF = HKDF -+Ctrl.md = md:SHA1 -+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b -+Ctrl.salt = hexsalt:000102030405060708090a0b0c -+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 -+Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896 -+ -+PKEYKDF = HKDF -+Ctrl.mode = mode:EXTRACT_ONLY -+Ctrl.md = md:SHA1 -+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b -+Ctrl.salt = hexsalt:000102030405060708090a0b0c -+Output = 9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243 -+ -+PKEYKDF = HKDF -+Ctrl.mode = mode:EXPAND_ONLY -+Ctrl.md = md:SHA1 -+Ctrl.IKM = hexkey:9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243 -+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 -+Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896 -+ -+PKEYKDF = HKDF -+Ctrl.md = md:SHA1 -+Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f -+Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf -+Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -+Output = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4 -+ -+PKEYKDF = HKDF -+Ctrl.mode = mode:EXTRACT_ONLY -+Ctrl.md = md:SHA1 -+Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f -+Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf -+Output = 8adae09a2a307059478d309b26c4115a224cfaf6 -+ -+PKEYKDF = HKDF -+Ctrl.mode = mode:EXPAND_ONLY -+Ctrl.md = md:SHA1 -+Ctrl.IKM = hexkey:8adae09a2a307059478d309b26c4115a224cfaf6 -+Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -+Output = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4 -+ -+PKEYKDF = HKDF -+Ctrl.md = md:SHA1 -+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b -+Ctrl.salt = salt: -+Ctrl.info = info: -+Output = 0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918 -+ -+PKEYKDF = HKDF -+Ctrl.mode = mode:EXTRACT_ONLY -+Ctrl.md = md:SHA1 -+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b -+Ctrl.salt = salt: -+Output = da8c8a73c7fa77288ec6f5e7c297786aa0d32d01 -+ -+PKEYKDF = HKDF -+Ctrl.mode = mode:EXPAND_ONLY -+Ctrl.md = md:SHA1 -+Ctrl.IKM = hexkey:da8c8a73c7fa77288ec6f5e7c297786aa0d32d01 -+Ctrl.info = info: -+Output = 0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918 -+ -+PKEYKDF = HKDF -+Ctrl.md = md:SHA1 -+Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c -+Ctrl.salt = salt: -+Ctrl.info = info: -+Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 -+ -+PKEYKDF = HKDF -+Ctrl.mode = mode:EXTRACT_ONLY -+Ctrl.md = md:SHA1 -+Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c -+Ctrl.salt = salt: -+Output = 2adccada18779e7c2077ad2eb19d3f3e731385dd -+ -+PKEYKDF = HKDF -+Ctrl.mode = mode:EXPAND_ONLY -+Ctrl.md = md:SHA1 -+Ctrl.IKM = hexkey:2adccada18779e7c2077ad2eb19d3f3e731385dd -+Ctrl.info = info: -+Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 -+ -+PKEYKDF = HKDF -+Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c -+Ctrl.salt = salt: -+Ctrl.info = info: -+Output = 00 -+Result = KDF_DERIVE_ERROR -+ -+PKEYKDF = HKDF -+Ctrl.md = md:SHA1 -+Ctrl.salt = salt: -+Ctrl.info = info: -+Output = 00 -+Result = KDF_DERIVE_ERROR -+ -+PKEYKDF = HKDF -+Ctrl.md = md:SHA1 -+Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c -+Ctrl.info = info: -+Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 -+ -+PKEYKDF = HKDF -+Ctrl.md = md:SHA1 -+Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c -+Ctrl.salt = salt: -+Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 -+ -+PKEYKDF = HKDF -+Ctrl.mode = mode:EXTRACT_AND_EXPAND -+Ctrl.md = md:SHA1 -+Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c -+Ctrl.salt = salt: -+Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 -+ -+Title = id-scrypt tests (from draft-josefsson-id-scrypt-kdf-03 and others) -+ -+PKEYKDF = scrypt -+Ctrl.pass = pass: -+Ctrl.salt = salt: -+Ctrl.N = N:16 -+Ctrl.r = r:1 -+Ctrl.p = p:1 -+Output = 77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906 -+ -+PKEYKDF = scrypt -+Ctrl.pass = pass:password -+Ctrl.salt = salt:NaCl -+Ctrl.N = N:1024 -+Ctrl.r = r:8 -+Ctrl.p = p:16 -+Output = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640 -+ -+PKEYKDF = scrypt -+Ctrl.hexpass = hexpass:70617373776f7264 -+Ctrl.salt = salt:NaCl -+Ctrl.N = N:1024 -+Ctrl.r = r:8 -+Ctrl.p = p:16 -+Output = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640 -+ -+PKEYKDF = scrypt -+Ctrl.pass = pass:password -+Ctrl.hexsalt = hexsalt:4e61436c -+Ctrl.N = N:1024 -+Ctrl.r = r:8 -+Ctrl.p = p:16 -+Output = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640 -+ -+PKEYKDF = scrypt -+Ctrl.pass = pass:pleaseletmein -+Ctrl.salt = salt:SodiumChloride -+Ctrl.N = N:16384 -+Ctrl.r = r:8 -+Ctrl.p = p:1 -+Output = 7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887 -+ -+# Out of memory -+PKEYKDF = scrypt -+Ctrl.pass = pass:pleaseletmein -+Ctrl.salt = salt:SodiumChloride -+Ctrl.N = N:1048576 -+Ctrl.r = r:8 -+Ctrl.p = p:1 -+Result = INTERNAL_ERROR -+ -diff -up openssl-1.1.1j/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_kdf.t ---- openssl-1.1.1j/test/recipes/30-test_evp_kdf.t.evp-kdf 2021-03-03 14:08:02.494294874 +0100 -+++ openssl-1.1.1j/test/recipes/30-test_evp_kdf.t 2021-03-03 14:08:02.494294874 +0100 -@@ -0,0 +1,13 @@ -+#! /usr/bin/env perl -+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -+# Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+ -+use OpenSSL::Test::Simple; -+ -+simple_test("test_evp_kdf", "evp_kdf_test"); -diff -up openssl-1.1.1j/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp.t ---- openssl-1.1.1j/test/recipes/30-test_evp.t.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/test/recipes/30-test_evp.t 2021-03-03 14:08:02.495294883 +0100 -@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/ - setup("test_evp"); - - my @files = ( "evpciph.txt", "evpdigest.txt", "evpencod.txt", "evpkdf.txt", -- "evpmac.txt", "evppbe.txt", "evppkey.txt", "evppkey_ecc.txt", -+ "evppkey_kdf.txt", "evpmac.txt", "evppbe.txt", "evppkey.txt", "evppkey_ecc.txt", - "evpcase.txt", "evpccmcavs.txt" ); - - plan tests => scalar(@files); -diff -up openssl-1.1.1j/util/libcrypto.num.evp-kdf openssl-1.1.1j/util/libcrypto.num ---- openssl-1.1.1j/util/libcrypto.num.evp-kdf 2021-03-03 14:08:02.481294758 +0100 -+++ openssl-1.1.1j/util/libcrypto.num 2021-03-03 14:08:02.495294883 +0100 -@@ -4626,3 +4626,11 @@ FIPS_drbg_get_strength - FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION: - FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION: - FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION: -+EVP_KDF_CTX_new_id 6590 1_1_1b EXIST::FUNCTION: -+EVP_KDF_CTX_free 6591 1_1_1b EXIST::FUNCTION: -+EVP_KDF_reset 6592 1_1_1b EXIST::FUNCTION: -+EVP_KDF_ctrl 6593 1_1_1b EXIST::FUNCTION: -+EVP_KDF_vctrl 6594 1_1_1b EXIST::FUNCTION: -+EVP_KDF_ctrl_str 6595 1_1_1b EXIST::FUNCTION: -+EVP_KDF_size 6596 1_1_1b EXIST::FUNCTION: -+EVP_KDF_derive 6597 1_1_1b EXIST::FUNCTION: -diff -up openssl-1.1.1j/util/private.num.evp-kdf openssl-1.1.1j/util/private.num ---- openssl-1.1.1j/util/private.num.evp-kdf 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/util/private.num 2021-03-03 14:08:02.495294883 +0100 -@@ -21,6 +21,7 @@ CRYPTO_EX_dup - CRYPTO_EX_free datatype - CRYPTO_EX_new datatype - DTLS_timer_cb datatype -+EVP_KDF_CTX datatype - EVP_PKEY_gen_cb datatype - EVP_PKEY_METHOD datatype - EVP_PKEY_ASN1_METHOD datatype diff --git a/openssl-1.1.1-fips-crng-test.patch b/openssl-1.1.1-fips-crng-test.patch deleted file mode 100644 index 267a3ea..0000000 --- a/openssl-1.1.1-fips-crng-test.patch +++ /dev/null @@ -1,408 +0,0 @@ -diff -up openssl-1.1.1g/crypto/rand/build.info.crng-test openssl-1.1.1g/crypto/rand/build.info ---- openssl-1.1.1g/crypto/rand/build.info.crng-test 2020-04-23 13:30:45.863389837 +0200 -+++ openssl-1.1.1g/crypto/rand/build.info 2020-04-23 13:31:55.847069892 +0200 -@@ -1,6 +1,6 @@ - LIBS=../../libcrypto - SOURCE[../../libcrypto]=\ -- randfile.c rand_lib.c rand_err.c rand_egd.c \ -+ randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \ - rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c - - INCLUDE[drbg_ctr.o]=../modes -diff -up openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1g/crypto/rand/drbg_lib.c ---- openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test 2020-04-23 13:30:45.818390686 +0200 -+++ openssl-1.1.1g/crypto/rand/drbg_lib.c 2020-04-23 13:30:45.864389819 +0200 -@@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg; - - - /* NIST SP 800-90A DRBG recommends the use of a personalization string. */ --static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG"; -+static const char ossl_pers_string[] = DRBG_DEFAULT_PERS_STRING; - - static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT; - -@@ -201,8 +201,13 @@ static RAND_DRBG *rand_drbg_new(int secu - drbg->parent = parent; - - if (parent == NULL) { -+#ifdef OPENSSL_FIPS -+ drbg->get_entropy = rand_crngt_get_entropy; -+ drbg->cleanup_entropy = rand_crngt_cleanup_entropy; -+#else - drbg->get_entropy = rand_drbg_get_entropy; - drbg->cleanup_entropy = rand_drbg_cleanup_entropy; -+#endif - #ifndef RAND_DRBG_GET_RANDOM_NONCE - drbg->get_nonce = rand_drbg_get_nonce; - drbg->cleanup_nonce = rand_drbg_cleanup_nonce; -diff -up openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1g/crypto/rand/rand_crng_test.c ---- openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test 2020-04-23 13:30:45.864389819 +0200 -+++ openssl-1.1.1g/crypto/rand/rand_crng_test.c 2020-04-23 13:30:45.864389819 +0200 -@@ -0,0 +1,118 @@ -+/* -+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+/* -+ * Implementation of the FIPS 140-2 section 4.9.2 Conditional Tests. -+ */ -+ -+#include -+#include -+#include "crypto/rand.h" -+#include "internal/thread_once.h" -+#include "rand_local.h" -+ -+static RAND_POOL *crngt_pool; -+static unsigned char crngt_prev[EVP_MAX_MD_SIZE]; -+ -+int (*crngt_get_entropy)(unsigned char *, unsigned char *, unsigned int *) -+ = &rand_crngt_get_entropy_cb; -+ -+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md, -+ unsigned int *md_size) -+{ -+ int r; -+ size_t n; -+ unsigned char *p; -+ -+ n = rand_pool_acquire_entropy(crngt_pool); -+ if (n >= CRNGT_BUFSIZ) { -+ p = rand_pool_detach(crngt_pool); -+ r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL); -+ if (r != 0) -+ memcpy(buf, p, CRNGT_BUFSIZ); -+ rand_pool_reattach(crngt_pool, p); -+ return r; -+ } -+ return 0; -+} -+ -+void rand_crngt_cleanup(void) -+{ -+ rand_pool_free(crngt_pool); -+ crngt_pool = NULL; -+} -+ -+int rand_crngt_init(void) -+{ -+ unsigned char buf[CRNGT_BUFSIZ]; -+ -+ if ((crngt_pool = rand_pool_new(0, 1, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL) -+ return 0; -+ if (crngt_get_entropy(buf, crngt_prev, NULL)) { -+ OPENSSL_cleanse(buf, sizeof(buf)); -+ return 1; -+ } -+ rand_crngt_cleanup(); -+ return 0; -+} -+ -+static CRYPTO_ONCE rand_crngt_init_flag = CRYPTO_ONCE_STATIC_INIT; -+DEFINE_RUN_ONCE_STATIC(do_rand_crngt_init) -+{ -+ return OPENSSL_init_crypto(0, NULL) -+ && rand_crngt_init() -+ && OPENSSL_atexit(&rand_crngt_cleanup); -+} -+ -+int rand_crngt_single_init(void) -+{ -+ return RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init); -+} -+ -+size_t rand_crngt_get_entropy(RAND_DRBG *drbg, -+ unsigned char **pout, -+ int entropy, size_t min_len, size_t max_len, -+ int prediction_resistance) -+{ -+ unsigned char buf[CRNGT_BUFSIZ], md[EVP_MAX_MD_SIZE]; -+ unsigned int sz; -+ RAND_POOL *pool; -+ size_t q, r = 0, s, t = 0; -+ int attempts = 3; -+ -+ if (!RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init)) -+ return 0; -+ -+ if ((pool = rand_pool_new(entropy, 1, min_len, max_len)) == NULL) -+ return 0; -+ -+ while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) { -+ s = q > sizeof(buf) ? sizeof(buf) : q; -+ if (!crngt_get_entropy(buf, md, &sz) -+ || memcmp(crngt_prev, md, sz) == 0 -+ || !rand_pool_add(pool, buf, s, s * 8)) -+ goto err; -+ memcpy(crngt_prev, md, sz); -+ t += s; -+ attempts++; -+ } -+ r = t; -+ *pout = rand_pool_detach(pool); -+err: -+ OPENSSL_cleanse(buf, sizeof(buf)); -+ rand_pool_free(pool); -+ return r; -+} -+ -+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg, -+ unsigned char *out, size_t outlen) -+{ -+ OPENSSL_secure_clear_free(out, outlen); -+} -diff -up openssl-1.1.1g/crypto/rand/rand_local.h.crng-test openssl-1.1.1g/crypto/rand/rand_local.h ---- openssl-1.1.1g/crypto/rand/rand_local.h.crng-test 2020-04-23 13:30:45.470397250 +0200 -+++ openssl-1.1.1g/crypto/rand/rand_local.h 2020-04-23 13:30:45.864389819 +0200 -@@ -33,7 +33,15 @@ - # define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */ - # define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */ - -- -+/* -+ * The number of bytes that constitutes an atomic lump of entropy with respect -+ * to the FIPS 140-2 section 4.9.2 Conditional Tests. The size is somewhat -+ * arbitrary, the smaller the value, the less entropy is consumed on first -+ * read but the higher the probability of the test failing by accident. -+ * -+ * The value is in bytes. -+ */ -+#define CRNGT_BUFSIZ 16 - - /* - * Maximum input size for the DRBG (entropy, nonce, personalization string) -@@ -44,6 +52,8 @@ - */ - # define DRBG_MAX_LENGTH INT32_MAX - -+/* The default nonce */ -+# define DRBG_DEFAULT_PERS_STRING "OpenSSL NIST SP 800-90A DRBG" - - /* - * Maximum allocation size for RANDOM_POOL buffers -@@ -296,4 +306,22 @@ int rand_drbg_enable_locking(RAND_DRBG * - /* initializes the AES-CTR DRBG implementation */ - int drbg_ctr_init(RAND_DRBG *drbg); - -+/* -+ * Entropy call back for the FIPS 140-2 section 4.9.2 Conditional Tests. -+ * These need to be exposed for the unit tests. -+ */ -+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md, -+ unsigned int *md_size); -+extern int (*crngt_get_entropy)(unsigned char *buf, unsigned char *md, -+ unsigned int *md_size); -+int rand_crngt_init(void); -+void rand_crngt_cleanup(void); -+ -+/* -+ * Expose the run once initialisation function for the unit tests because. -+ * they need to restart from scratch to validate the first block is skipped -+ * properly. -+ */ -+int rand_crngt_single_init(void); -+ - #endif -diff -up openssl-1.1.1g/include/crypto/rand.h.crng-test openssl-1.1.1g/include/crypto/rand.h ---- openssl-1.1.1g/include/crypto/rand.h.crng-test 2020-04-23 13:30:45.824390573 +0200 -+++ openssl-1.1.1g/include/crypto/rand.h 2020-04-23 13:30:45.864389819 +0200 -@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN - - void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out); - -+/* CRNG test entropy filter callbacks. */ -+size_t rand_crngt_get_entropy(RAND_DRBG *drbg, -+ unsigned char **pout, -+ int entropy, size_t min_len, size_t max_len, -+ int prediction_resistance); -+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg, -+ unsigned char *out, size_t outlen); -+ - /* - * RAND_POOL functions - */ -diff -up openssl-1.1.1g/test/drbgtest.c.crng-test openssl-1.1.1g/test/drbgtest.c ---- openssl-1.1.1g/test/drbgtest.c.crng-test 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/test/drbgtest.c 2020-04-23 13:30:45.865389800 +0200 -@@ -150,6 +150,31 @@ static size_t kat_nonce(RAND_DRBG *drbg, - return t->noncelen; - } - -+ /* -+ * Disable CRNG testing if it is enabled. -+ * If the DRBG is ready or in an error state, this means an instantiate cycle -+ * for which the default personalisation string is used. -+ */ -+static int disable_crngt(RAND_DRBG *drbg) -+{ -+ static const char pers[] = DRBG_DEFAULT_PERS_STRING; -+ const int instantiate = drbg->state != DRBG_UNINITIALISED; -+ -+ if (drbg->get_entropy != rand_crngt_get_entropy) -+ return 1; -+ -+ if ((instantiate && !RAND_DRBG_uninstantiate(drbg)) -+ || !TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_drbg_get_entropy, -+ &rand_drbg_cleanup_entropy, -+ &rand_drbg_get_nonce, -+ &rand_drbg_cleanup_nonce)) -+ || (instantiate -+ && !RAND_DRBG_instantiate(drbg, (const unsigned char *)pers, -+ sizeof(pers) - 1))) -+ return 0; -+ return 1; -+} -+ - static int uninstantiate(RAND_DRBG *drbg) - { - int ret = drbg == NULL ? 1 : RAND_DRBG_uninstantiate(drbg); -@@ -175,7 +200,8 @@ static int single_kat(DRBG_SELFTEST_DATA - if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL))) - return 0; - if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL, -- kat_nonce, NULL))) { -+ kat_nonce, NULL)) -+ || !TEST_true(disable_crngt(drbg))) { - failures++; - goto err; - } -@@ -293,7 +319,8 @@ static int error_check(DRBG_SELFTEST_DAT - unsigned int reseed_counter_tmp; - int ret = 0; - -- if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL))) -+ if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL)) -+ || !TEST_true(disable_crngt(drbg))) - goto err; - - /* -@@ -740,6 +767,10 @@ static int test_rand_drbg_reseed(void) - || !TEST_ptr_eq(private->parent, master)) - return 0; - -+ /* Disable CRNG testing for the master DRBG */ -+ if (!TEST_true(disable_crngt(master))) -+ return 0; -+ - /* uninstantiate the three global DRBGs */ - RAND_DRBG_uninstantiate(private); - RAND_DRBG_uninstantiate(public); -@@ -964,7 +995,8 @@ static int test_rand_seed(void) - size_t rand_buflen; - size_t required_seed_buflen = 0; - -- if (!TEST_ptr(master = RAND_DRBG_get0_master())) -+ if (!TEST_ptr(master = RAND_DRBG_get0_master()) -+ || !TEST_true(disable_crngt(master))) - return 0; - - #ifdef OPENSSL_RAND_SEED_NONE -@@ -1013,6 +1045,95 @@ static int test_rand_add(void) - return 1; - } - -+/* -+ * A list of the FIPS DRGB types. -+ */ -+static const struct s_drgb_types { -+ int nid; -+ int flags; -+} drgb_types[] = { -+ { NID_aes_128_ctr, 0 }, -+ { NID_aes_192_ctr, 0 }, -+ { NID_aes_256_ctr, 0 }, -+}; -+ -+/* Six cases for each covers seed sizes up to 32 bytes */ -+static const size_t crngt_num_cases = 6; -+ -+static size_t crngt_case, crngt_idx; -+ -+static int crngt_entropy_cb(unsigned char *buf, unsigned char *md, -+ unsigned int *md_size) -+{ -+ size_t i, z; -+ -+ if (!TEST_int_lt(crngt_idx, crngt_num_cases)) -+ return 0; -+ /* Generate a block of unique data unless this is the duplication point */ -+ z = crngt_idx++; -+ if (z > 0 && crngt_case == z) -+ z--; -+ for (i = 0; i < CRNGT_BUFSIZ; i++) -+ buf[i] = (unsigned char)(i + 'A' + z); -+ return EVP_Digest(buf, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL); -+} -+ -+static int test_crngt(int n) -+{ -+ const struct s_drgb_types *dt = drgb_types + n / crngt_num_cases; -+ RAND_DRBG *drbg = NULL; -+ unsigned char buff[100]; -+ size_t ent; -+ int res = 0; -+ int expect; -+ -+ if (!TEST_true(rand_crngt_single_init())) -+ return 0; -+ rand_crngt_cleanup(); -+ -+ if (!TEST_ptr(drbg = RAND_DRBG_new(dt->nid, dt->flags, NULL))) -+ return 0; -+ ent = (drbg->min_entropylen + CRNGT_BUFSIZ - 1) / CRNGT_BUFSIZ; -+ crngt_case = n % crngt_num_cases; -+ crngt_idx = 0; -+ crngt_get_entropy = &crngt_entropy_cb; -+ if (!TEST_true(rand_crngt_init())) -+ goto err; -+#ifndef OPENSSL_FIPS -+ if (!TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_crngt_get_entropy, -+ &rand_crngt_cleanup_entropy, -+ &rand_drbg_get_nonce, -+ &rand_drbg_cleanup_nonce))) -+ goto err; -+#endif -+ expect = crngt_case == 0 || crngt_case > ent; -+ if (!TEST_int_eq(RAND_DRBG_instantiate(drbg, NULL, 0), expect)) -+ goto err; -+ if (!expect) -+ goto fin; -+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0))) -+ goto err; -+ -+ expect = crngt_case == 0 || crngt_case > 2 * ent; -+ if (!TEST_int_eq(RAND_DRBG_reseed(drbg, NULL, 0, 0), expect)) -+ goto err; -+ if (!expect) -+ goto fin; -+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0))) -+ goto err; -+ -+fin: -+ res = 1; -+err: -+ if (!res) -+ TEST_note("DRBG %zd case %zd block %zd", n / crngt_num_cases, -+ crngt_case, crngt_idx); -+ uninstantiate(drbg); -+ RAND_DRBG_free(drbg); -+ crngt_get_entropy = &rand_crngt_get_entropy_cb; -+ return res; -+} -+ - int setup_tests(void) - { - app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL); -@@ -1025,5 +1146,6 @@ int setup_tests(void) - #if defined(OPENSSL_THREADS) - ADD_TEST(test_multi_thread); - #endif -+ ADD_ALL_TESTS(test_crngt, crngt_num_cases * OSSL_NELEM(drgb_types)); - return 1; - } diff --git a/openssl-1.1.1-fips-curves.patch b/openssl-1.1.1-fips-curves.patch deleted file mode 100644 index 33e9fc5..0000000 --- a/openssl-1.1.1-fips-curves.patch +++ /dev/null @@ -1,200 +0,0 @@ -diff -up openssl-1.1.1g/crypto/ec/ec_curve.c.fips-curves openssl-1.1.1g/crypto/ec/ec_curve.c ---- openssl-1.1.1g/crypto/ec/ec_curve.c.fips-curves 2020-05-18 12:59:54.839643980 +0200 -+++ openssl-1.1.1g/crypto/ec/ec_curve.c 2020-05-18 12:59:54.852644093 +0200 -@@ -13,6 +13,7 @@ - #include - #include - #include -+#include - #include "internal/nelem.h" - - typedef struct { -@@ -237,6 +238,7 @@ static const struct { - - typedef struct _ec_list_element_st { - int nid; -+ int fips_allowed; - const EC_CURVE_DATA *data; - const EC_METHOD *(*meth) (void); - const char *comment; -@@ -246,23 +248,23 @@ static const ec_list_element curve_list[ - /* prime field curves */ - /* secg curves */ - #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 -- {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, -+ {NID_secp224r1, 1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, - "NIST/SECG curve over a 224 bit prime field"}, - #else -- {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, -+ {NID_secp224r1, 1, &_EC_NIST_PRIME_224.h, 0, - "NIST/SECG curve over a 224 bit prime field"}, - #endif -- {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, -+ {NID_secp256k1, 0, &_EC_SECG_PRIME_256K1.h, 0, - "SECG curve over a 256 bit prime field"}, - /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ -- {NID_secp384r1, &_EC_NIST_PRIME_384.h, -+ {NID_secp384r1, 1, &_EC_NIST_PRIME_384.h, - # if defined(S390X_EC_ASM) - EC_GFp_s390x_nistp384_method, - # else - 0, - # endif - "NIST/SECG curve over a 384 bit prime field"}, -- {NID_secp521r1, &_EC_NIST_PRIME_521.h, -+ {NID_secp521r1, 1, &_EC_NIST_PRIME_521.h, - # if defined(S390X_EC_ASM) - EC_GFp_s390x_nistp521_method, - # elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) -@@ -272,7 +274,7 @@ static const ec_list_element curve_list[ - # endif - "NIST/SECG curve over a 521 bit prime field"}, - /* X9.62 curves */ -- {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, -+ {NID_X9_62_prime256v1, 1, &_EC_X9_62_PRIME_256V1.h, - #if defined(ECP_NISTZ256_ASM) - EC_GFp_nistz256_method, - # elif defined(S390X_EC_ASM) -@@ -404,6 +406,10 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int - - for (i = 0; i < curve_list_length; i++) - if (curve_list[i].nid == nid) { -+ if (!curve_list[i].fips_allowed && FIPS_mode()) { -+ ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_NOT_A_NIST_PRIME); -+ return NULL; -+ } - ret = ec_group_new_from_data(curve_list[i]); - break; - } -@@ -418,19 +424,31 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int - - size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) - { -- size_t i, min; -+ size_t i, j, num; -+ int fips_mode = FIPS_mode(); - -- if (r == NULL || nitems == 0) -- return curve_list_length; -+ num = curve_list_length; -+ if (fips_mode) -+ for (i = 0; i < curve_list_length; i++) { -+ if (!curve_list[i].fips_allowed) -+ --num; -+ } - -- min = nitems < curve_list_length ? nitems : curve_list_length; -+ if (r == NULL || nitems == 0) { -+ return num; -+ } - -- for (i = 0; i < min; i++) { -- r[i].nid = curve_list[i].nid; -- r[i].comment = curve_list[i].comment; -+ for (i = 0, j = 0; i < curve_list_length; i++) { -+ if (j >= nitems) -+ break; -+ if (!fips_mode || curve_list[i].fips_allowed) { -+ r[j].nid = curve_list[i].nid; -+ r[j].comment = curve_list[i].comment; -+ ++j; -+ } - } - -- return curve_list_length; -+ return num; - } - - /* Functions to translate between common NIST curve names and NIDs */ -diff -up openssl-1.1.1g/ssl/t1_lib.c.fips-curves openssl-1.1.1g/ssl/t1_lib.c ---- openssl-1.1.1g/ssl/t1_lib.c.fips-curves 2020-05-18 12:59:54.797643616 +0200 -+++ openssl-1.1.1g/ssl/t1_lib.c 2020-05-18 13:03:54.748725463 +0200 -@@ -678,6 +678,36 @@ static const uint16_t tls12_sigalgs[] = - #endif - }; - -+static const uint16_t tls12_fips_sigalgs[] = { -+#ifndef OPENSSL_NO_EC -+ TLSEXT_SIGALG_ecdsa_secp256r1_sha256, -+ TLSEXT_SIGALG_ecdsa_secp384r1_sha384, -+ TLSEXT_SIGALG_ecdsa_secp521r1_sha512, -+#endif -+ -+ TLSEXT_SIGALG_rsa_pss_pss_sha256, -+ TLSEXT_SIGALG_rsa_pss_pss_sha384, -+ TLSEXT_SIGALG_rsa_pss_pss_sha512, -+ TLSEXT_SIGALG_rsa_pss_rsae_sha256, -+ TLSEXT_SIGALG_rsa_pss_rsae_sha384, -+ TLSEXT_SIGALG_rsa_pss_rsae_sha512, -+ -+ TLSEXT_SIGALG_rsa_pkcs1_sha256, -+ TLSEXT_SIGALG_rsa_pkcs1_sha384, -+ TLSEXT_SIGALG_rsa_pkcs1_sha512, -+ -+#ifndef OPENSSL_NO_EC -+ TLSEXT_SIGALG_ecdsa_sha224, -+#endif -+ TLSEXT_SIGALG_rsa_pkcs1_sha224, -+#ifndef OPENSSL_NO_DSA -+ TLSEXT_SIGALG_dsa_sha224, -+ TLSEXT_SIGALG_dsa_sha256, -+ TLSEXT_SIGALG_dsa_sha384, -+ TLSEXT_SIGALG_dsa_sha512, -+#endif -+}; -+ - #ifndef OPENSSL_NO_EC - static const uint16_t suiteb_sigalgs[] = { - TLSEXT_SIGALG_ecdsa_secp256r1_sha256, -@@ -894,6 +924,8 @@ static const SIGALG_LOOKUP *tls1_get_leg - } - if (idx < 0 || idx >= (int)OSSL_NELEM(tls_default_sigalg)) - return NULL; -+ if (FIPS_mode()) /* We do not allow legacy SHA1 signatures in FIPS mode */ -+ return NULL; - if (SSL_USE_SIGALGS(s) || idx != SSL_PKEY_RSA) { - const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(tls_default_sigalg[idx]); - -@@ -954,6 +986,9 @@ size_t tls12_get_psigalgs(SSL *s, int se - } else if (s->cert->conf_sigalgs) { - *psigs = s->cert->conf_sigalgs; - return s->cert->conf_sigalgslen; -+ } else if (FIPS_mode()) { -+ *psigs = tls12_fips_sigalgs; -+ return OSSL_NELEM(tls12_fips_sigalgs); - } else { - *psigs = tls12_sigalgs; - return OSSL_NELEM(tls12_sigalgs); -@@ -973,6 +1008,9 @@ int tls_check_sigalg_curve(const SSL *s, - if (s->cert->conf_sigalgs) { - sigs = s->cert->conf_sigalgs; - siglen = s->cert->conf_sigalgslen; -+ } else if (FIPS_mode()) { -+ sigs = tls12_fips_sigalgs; -+ siglen = OSSL_NELEM(tls12_fips_sigalgs); - } else { - sigs = tls12_sigalgs; - siglen = OSSL_NELEM(tls12_sigalgs); -@@ -1617,6 +1655,8 @@ static int tls12_sigalg_allowed(const SS - if (lu->sig == NID_id_GostR3410_2012_256 - || lu->sig == NID_id_GostR3410_2012_512 - || lu->sig == NID_id_GostR3410_2001) { -+ if (FIPS_mode()) -+ return 0; - /* We never allow GOST sig algs on the server with TLSv1.3 */ - if (s->server && SSL_IS_TLS13(s)) - return 0; -@@ -2842,6 +2882,13 @@ int tls_choose_sigalg(SSL *s, int fatale - const uint16_t *sent_sigs; - size_t sent_sigslen; - -+ if (fatalerrs && FIPS_mode()) { -+ /* There are no suitable legacy algorithms in FIPS mode */ -+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, -+ SSL_F_TLS_CHOOSE_SIGALG, -+ SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); -+ return 0; -+ } - if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { - if (!fatalerrs) - return 1; diff --git a/openssl-1.1.1-fips-dh.patch b/openssl-1.1.1-fips-dh.patch deleted file mode 100644 index e1c739b..0000000 --- a/openssl-1.1.1-fips-dh.patch +++ /dev/null @@ -1,2730 +0,0 @@ -diff -up openssl-1.1.1j/crypto/bn/bn_const.c.fips-dh openssl-1.1.1j/crypto/bn/bn_const.c ---- openssl-1.1.1j/crypto/bn/bn_const.c.fips-dh 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/bn/bn_const.c 2021-03-03 14:23:27.403092418 +0100 -@@ -1,13 +1,17 @@ - /* -- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -+ * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - - #include -+#include "crypto/bn_dh.h" -+ -+#define COPY_BN(dst, src) (dst != NULL) ? BN_copy(dst, &src) : BN_dup(&src) -+ - - /*- - * "First Oakley Default Group" from RFC2409, section 6.1. -@@ -80,33 +84,7 @@ BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM - - BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) - { -- static const unsigned char RFC3526_PRIME_1536[] = { -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, -- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, -- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, -- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, -- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, -- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, -- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, -- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, -- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, -- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, -- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, -- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, -- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x23, 0x73, 0x27, -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- }; -- return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), bn); -+ return COPY_BN(bn, _bignum_modp_1536_p); - } - - /*- -@@ -119,41 +97,7 @@ BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM - - BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) - { -- static const unsigned char RFC3526_PRIME_2048[] = { -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, -- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, -- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, -- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, -- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, -- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, -- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, -- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, -- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, -- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, -- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, -- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, -- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, -- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, -- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, -- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, -- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, -- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- }; -- return BN_bin2bn(RFC3526_PRIME_2048, sizeof(RFC3526_PRIME_2048), bn); -+ return COPY_BN(bn, _bignum_modp_2048_p); - } - - /*- -@@ -166,57 +110,7 @@ BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM - - BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) - { -- static const unsigned char RFC3526_PRIME_3072[] = { -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, -- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, -- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, -- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, -- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, -- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, -- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, -- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, -- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, -- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, -- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, -- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, -- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, -- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, -- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, -- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, -- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, -- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, -- 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, -- 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, -- 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, -- 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, -- 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, -- 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, -- 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, -- 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, -- 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, -- 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, -- 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -- 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, -- 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, -- 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, -- 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, -- 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- }; -- return BN_bin2bn(RFC3526_PRIME_3072, sizeof(RFC3526_PRIME_3072), bn); -+ return COPY_BN(bn, _bignum_modp_3072_p); - } - - /*- -@@ -229,73 +123,7 @@ BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM - - BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) - { -- static const unsigned char RFC3526_PRIME_4096[] = { -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, -- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, -- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, -- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, -- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, -- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, -- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, -- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, -- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, -- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, -- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, -- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, -- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, -- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, -- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, -- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, -- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, -- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, -- 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, -- 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, -- 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, -- 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, -- 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, -- 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, -- 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, -- 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, -- 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, -- 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, -- 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -- 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, -- 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, -- 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, -- 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, -- 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, -- 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, -- 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, -- 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, -- 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, -- 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, -- 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, -- 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, -- 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, -- 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, -- 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, -- 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, -- 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, -- 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, -- 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, -- 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, -- 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- }; -- return BN_bin2bn(RFC3526_PRIME_4096, sizeof(RFC3526_PRIME_4096), bn); -+ return COPY_BN(bn, _bignum_modp_4096_p); - } - - /*- -@@ -308,105 +136,7 @@ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM - - BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) - { -- static const unsigned char RFC3526_PRIME_6144[] = { -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, -- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, -- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, -- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, -- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, -- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, -- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, -- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, -- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, -- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, -- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, -- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, -- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, -- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, -- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, -- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, -- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, -- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, -- 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, -- 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, -- 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, -- 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, -- 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, -- 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, -- 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, -- 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, -- 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, -- 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, -- 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -- 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, -- 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, -- 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, -- 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, -- 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, -- 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, -- 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, -- 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, -- 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, -- 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, -- 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, -- 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, -- 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, -- 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, -- 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, -- 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, -- 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, -- 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, -- 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, -- 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, -- 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, -- 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, -- 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE, -- 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, -- 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, -- 0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE, -- 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, -- 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, -- 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED, -- 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, -- 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, -- 0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42, -- 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, -- 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, -- 0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, -- 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, -- 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, -- 0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E, -- 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, -- 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, -- 0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, -- 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, -- 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, -- 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0, -- 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, -- 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, -- 0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, -- 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, -- 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, -- 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68, -- 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, -- 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, -- 0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xCC, 0x40, 0x24, -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- }; -- return BN_bin2bn(RFC3526_PRIME_6144, sizeof(RFC3526_PRIME_6144), bn); -+ return COPY_BN(bn, _bignum_modp_6144_p); - } - - /*- -@@ -419,135 +149,5 @@ BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM - - BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn) - { -- static const unsigned char RFC3526_PRIME_8192[] = { -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, -- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -- 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, -- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, -- 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, -- 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, -- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -- 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, -- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, -- 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, -- 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, -- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -- 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, -- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, -- 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, -- 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, -- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -- 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, -- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, -- 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, -- 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, -- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -- 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, -- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, -- 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, -- 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, -- 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, -- 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, -- 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, -- 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, -- 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, -- 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, -- 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, -- 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, -- 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, -- 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -- 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, -- 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, -- 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, -- 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, -- 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, -- 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, -- 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, -- 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, -- 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, -- 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, -- 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, -- 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, -- 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, -- 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, -- 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, -- 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, -- 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, -- 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, -- 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, -- 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, -- 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, -- 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, -- 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE, -- 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, -- 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, -- 0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE, -- 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, -- 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, -- 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED, -- 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, -- 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, -- 0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42, -- 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, -- 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, -- 0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, -- 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, -- 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, -- 0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E, -- 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, -- 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, -- 0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, -- 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, -- 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, -- 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0, -- 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, -- 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, -- 0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, -- 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, -- 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, -- 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68, -- 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, -- 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, -- 0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xBE, 0x11, 0x59, -- 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4, -- 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, -- 0xD8, 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA, -- 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00, -- 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, -- 0x25, 0x76, 0xF6, 0x93, 0x6B, 0xA4, 0x24, 0x66, -- 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68, -- 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, -- 0x23, 0x8F, 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D, -- 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9, -- 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, -- 0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, 0xF0, 0xC7, -- 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B, -- 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, -- 0xFA, 0x9D, 0x4B, 0x7F, 0xA2, 0xC0, 0x87, 0xE8, -- 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A, -- 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, -- 0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, 0x2D, -- 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36, -- 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, -- 0x64, 0xF3, 0x1C, 0xC5, 0x08, 0x46, 0x85, 0x1D, -- 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1, -- 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, -- 0xFA, 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68, -- 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92, -- 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, -- 0x88, 0x9A, 0x00, 0x2E, 0xD5, 0xEE, 0x38, 0x2B, -- 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47, -- 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, -- 0x9E, 0x30, 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF, -- 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71, -- 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, -- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- }; -- return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn); -+ return COPY_BN(bn, _bignum_modp_8192_p); - } -diff -up openssl-1.1.1j/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1j/crypto/bn/bn_dh.c ---- openssl-1.1.1j/crypto/bn/bn_dh.c.fips-dh 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/bn/bn_dh.c 2021-03-03 14:23:27.404092427 +0100 -@@ -1,7 +1,7 @@ - /* -- * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -+ * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html -@@ -11,474 +11,995 @@ - #include "internal/nelem.h" - - #ifndef OPENSSL_NO_DH --#include --#include "crypto/bn_dh.h" --/* DH parameters from RFC5114 */ -+# include -+# include "crypto/bn_dh.h" - - # if BN_BITS2 == 64 --static const BN_ULONG dh1024_160_p[] = { -- 0xDF1FB2BC2E4A4371ULL, 0xE68CFDA76D4DA708ULL, 0x45BF37DF365C1A65ULL, -- 0xA151AF5F0DC8B4BDULL, 0xFAA31A4FF55BCCC0ULL, 0x4EFFD6FAE5644738ULL, -- 0x98488E9C219A7372ULL, 0xACCBDD7D90C4BD70ULL, 0x24975C3CD49B83BFULL, -- 0x13ECB4AEA9061123ULL, 0x9838EF1E2EE652C0ULL, 0x6073E28675A23D18ULL, -- 0x9A6A9DCA52D23B61ULL, 0x52C99FBCFB06A3C6ULL, 0xDE92DE5EAE5D54ECULL, -- 0xB10B8F96A080E01DULL --}; -- --static const BN_ULONG dh1024_160_g[] = { -- 0x855E6EEB22B3B2E5ULL, 0x858F4DCEF97C2A24ULL, 0x2D779D5918D08BC8ULL, -- 0xD662A4D18E73AFA3ULL, 0x1DBF0A0169B6A28AULL, 0xA6A24C087A091F53ULL, -- 0x909D0D2263F80A76ULL, 0xD7FBD7D3B9A92EE1ULL, 0x5E91547F9E2749F4ULL, -- 0x160217B4B01B886AULL, 0x777E690F5504F213ULL, 0x266FEA1E5C41564BULL, -- 0xD6406CFF14266D31ULL, 0xF8104DD258AC507FULL, 0x6765A442EFB99905ULL, -- 0xA4D1CBD5C3FD3412ULL --}; -- --static const BN_ULONG dh1024_160_q[] = { -- 0x64B7CB9D49462353ULL, 0x81A8DF278ABA4E7DULL, 0x00000000F518AA87ULL --}; -- --static const BN_ULONG dh2048_224_p[] = { -- 0x0AC4DFFE0C10E64FULL, 0xCF9DE5384E71B81CULL, 0x7EF363E2FFA31F71ULL, -- 0xE3FB73C16B8E75B9ULL, 0xC9B53DCF4BA80A29ULL, 0x23F10B0E16E79763ULL, -- 0xC52172E413042E9BULL, 0xBE60E69CC928B2B9ULL, 0x80CD86A1B9E587E8ULL, -- 0x315D75E198C641A4ULL, 0xCDF93ACC44328387ULL, 0x15987D9ADC0A486DULL, -- 0x7310F7121FD5A074ULL, 0x278273C7DE31EFDCULL, 0x1602E714415D9330ULL, -- 0x81286130BC8985DBULL, 0xB3BF8A3170918836ULL, 0x6A00E0A0B9C49708ULL, -- 0xC6BA0B2C8BBC27BEULL, 0xC9F98D11ED34DBF6ULL, 0x7AD5B7D0B6C12207ULL, -- 0xD91E8FEF55B7394BULL, 0x9037C9EDEFDA4DF8ULL, 0x6D3F8152AD6AC212ULL, -- 0x1DE6B85A1274A0A6ULL, 0xEB3D688A309C180EULL, 0xAF9A3C407BA1DF15ULL, -- 0xE6FA141DF95A56DBULL, 0xB54B1597B61D0A75ULL, 0xA20D64E5683B9FD1ULL, -- 0xD660FAA79559C51FULL, 0xAD107E1E9123A9D0ULL --}; -- --static const BN_ULONG dh2048_224_g[] = { -- 0x84B890D3191F2BFAULL, 0x81BC087F2A7065B3ULL, 0x19C418E1F6EC0179ULL, -- 0x7B5A0F1C71CFFF4CULL, 0xEDFE72FE9B6AA4BDULL, 0x81E1BCFE94B30269ULL, -- 0x566AFBB48D6C0191ULL, 0xB539CCE3409D13CDULL, 0x6AA21E7F5F2FF381ULL, -- 0xD9E263E4770589EFULL, 0x10E183EDD19963DDULL, 0xB70A8137150B8EEBULL, -- 0x051AE3D428C8F8ACULL, 0xBB77A86F0C1AB15BULL, 0x6E3025E316A330EFULL, -- 0x19529A45D6F83456ULL, 0xF180EB34118E98D1ULL, 0xB5F6C6B250717CBEULL, -- 0x09939D54DA7460CDULL, 0xE247150422EA1ED4ULL, 0xB8A762D0521BC98AULL, -- 0xF4D027275AC1348BULL, 0xC17669101999024AULL, 0xBE5E9001A8D66AD7ULL, -- 0xC57DB17C620A8652ULL, 0xAB739D7700C29F52ULL, 0xDD921F01A70C4AFAULL, -- 0xA6824A4E10B9A6F0ULL, 0x74866A08CFE4FFE3ULL, 0x6CDEBE7B89998CAFULL, -- 0x9DF30B5C8FFDAC50ULL, 0xAC4032EF4F2D9AE3ULL --}; -- --static const BN_ULONG dh2048_224_q[] = { -- 0xBF389A99B36371EBULL, 0x1F80535A4738CEBCULL, 0xC58D93FE99717710ULL, -- 0x00000000801C0D34ULL --}; -- --static const BN_ULONG dh2048_256_p[] = { -- 0xDB094AE91E1A1597ULL, 0x693877FAD7EF09CAULL, 0x6116D2276E11715FULL, -- 0xA4B54330C198AF12ULL, 0x75F26375D7014103ULL, 0xC3A3960A54E710C3ULL, -- 0xDED4010ABD0BE621ULL, 0xC0B857F689962856ULL, 0xB3CA3F7971506026ULL, -- 0x1CCACB83E6B486F6ULL, 0x67E144E514056425ULL, 0xF6A167B5A41825D9ULL, -- 0x3AD8347796524D8EULL, 0xF13C6D9A51BFA4ABULL, 0x2D52526735488A0EULL, -- 0xB63ACAE1CAA6B790ULL, 0x4FDB70C581B23F76ULL, 0xBC39A0BF12307F5CULL, -- 0xB941F54EB1E59BB8ULL, 0x6C5BFC11D45F9088ULL, 0x22E0B1EF4275BF7BULL, -- 0x91F9E6725B4758C0ULL, 0x5A8A9D306BCF67EDULL, 0x209E0C6497517ABDULL, -- 0x3BF4296D830E9A7CULL, 0x16C3D91134096FAAULL, 0xFAF7DF4561B2AA30ULL, -- 0xE00DF8F1D61957D4ULL, 0x5D2CEED4435E3B00ULL, 0x8CEEF608660DD0F2ULL, -- 0xFFBBD19C65195999ULL, 0x87A8E61DB4B6663CULL --}; -+# define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo -+# else -+# define BN_DEF(lo, hi) lo, hi -+# endif - --static const BN_ULONG dh2048_256_g[] = { -- 0x664B4C0F6CC41659ULL, 0x5E2327CFEF98C582ULL, 0xD647D148D4795451ULL, -- 0x2F63078490F00EF8ULL, 0x184B523D1DB246C3ULL, 0xC7891428CDC67EB6ULL, -- 0x7FD028370DF92B52ULL, 0xB3353BBB64E0EC37ULL, 0xECD06E1557CD0915ULL, -- 0xB7D2BBD2DF016199ULL, 0xC8484B1E052588B9ULL, 0xDB2A3B7313D3FE14ULL, -- 0xD052B985D182EA0AULL, 0xA4BD1BFFE83B9C80ULL, 0xDFC967C1FB3F2E55ULL, -- 0xB5045AF2767164E1ULL, 0x1D14348F6F2F9193ULL, 0x64E67982428EBC83ULL, -- 0x8AC376D282D6ED38ULL, 0x777DE62AAAB8A862ULL, 0xDDF463E5E9EC144BULL, -- 0x0196F931C77A57F2ULL, 0xA55AE31341000A65ULL, 0x901228F8C28CBB18ULL, -- 0xBC3773BF7E8C6F62ULL, 0xBE3A6C1B0C6B47B1ULL, 0xFF4FED4AAC0BB555ULL, -- 0x10DBC15077BE463FULL, 0x07F4793A1A0BA125ULL, 0x4CA7B18F21EF2054ULL, -- 0x2E77506660EDBD48ULL, 0x3FB32C9B73134D0BULL --}; -+/* DH parameters from RFC3526 */ - --static const BN_ULONG dh2048_256_q[] = { -- 0xA308B0FE64F5FBD3ULL, 0x99B1A47D1EB3750BULL, 0xB447997640129DA2ULL, -- 0x8CF83642A709A097ULL -+/* -+ * "1536-bit MODP Group" from RFC3526, Section 2. -+ * -+ * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } -+ * -+ * RFC3526 specifies a generator of 2. -+ * RFC2312 specifies a generator of 22. -+ */ -+static const BN_ULONG modp_1536_p[] = { -+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xCA237327, 0xF1746C08), -+ BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907), -+ BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23), -+ BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836), -+ BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651), -+ BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB), -+ BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9), -+ BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D), -+ BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3), -+ BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6), -+ BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B), -+ BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -+}; -+/* q = (p - 1) / 2 */ -+static const BN_ULONG modp_1536_q[] = { -+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x6511B993, 0x78BA3604), -+ BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483), -+ BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91), -+ BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B), -+ BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328), -+ BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD), -+ BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174), -+ BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6), -+ BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9), -+ BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53), -+ BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), -+ BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF) - }; - --/* Primes from RFC 7919 */ --static const BN_ULONG ffdhe2048_p[] = { -- 0xFFFFFFFFFFFFFFFFULL, 0x886B423861285C97ULL, 0xC6F34A26C1B2EFFAULL, -- 0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL, -- 0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL, -- 0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL, -- 0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL, -- 0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL, -- 0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL, -- 0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL, -- 0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL, -- 0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL, -- 0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL -+/*- -+ * "2048-bit MODP Group" from RFC3526, Section 3. -+ * -+ * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 } -+ * -+ * RFC3526 specifies a generator of 2. -+ */ -+static const BN_ULONG modp_2048_p[] = { -+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x8AACAA68, 0x15728E5A), -+ BN_DEF(0x98FA0510, 0x15D22618), BN_DEF(0xEA956AE5, 0x3995497C), -+ BN_DEF(0x95581718, 0xDE2BCBF6), BN_DEF(0x6F4C52C9, 0xB5C55DF0), -+ BN_DEF(0xEC07A28F, 0x9B2783A2), BN_DEF(0x180E8603, 0xE39E772C), -+ BN_DEF(0x2E36CE3B, 0x32905E46), BN_DEF(0xCA18217C, 0xF1746C08), -+ BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907), -+ BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23), -+ BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836), -+ BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651), -+ BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB), -+ BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9), -+ BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D), -+ BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3), -+ BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6), -+ BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B), -+ BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -+}; -+/* q = (p - 1) / 2 */ -+static const BN_ULONG modp_2048_q[] = { -+ BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x45565534, 0x0AB9472D), -+ BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE), -+ BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8), -+ BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96), -+ BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604), -+ BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483), -+ BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91), -+ BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B), -+ BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328), -+ BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD), -+ BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174), -+ BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6), -+ BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9), -+ BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53), -+ BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), -+ BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), - }; - --static const BN_ULONG ffdhe3072_p[] = { -- 0xFFFFFFFFFFFFFFFFULL, 0x25E41D2B66C62E37ULL, 0x3C1B20EE3FD59D7CULL, -- 0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL, -- 0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL, -- 0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL, 0xAEFE130985139270ULL, -- 0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL, -- 0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL, -- 0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL, -- 0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL, -- 0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL, -- 0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL, -- 0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL, -- 0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL, -- 0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL, -- 0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL, -- 0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL, -- 0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL -+/*- -+ * "3072-bit MODP Group" from RFC3526, Section 4. -+ * -+ * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 } -+ * -+ * RFC3526 specifies a generator of 2. -+ */ -+static const BN_ULONG modp_3072_p[] = { -+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xA93AD2CA, 0x4B82D120), -+ BN_DEF(0xE0FD108E, 0x43DB5BFC), BN_DEF(0x74E5AB31, 0x08E24FA0), -+ BN_DEF(0xBAD946E2, 0x770988C0), BN_DEF(0x7A615D6C, 0xBBE11757), -+ BN_DEF(0x177B200C, 0x521F2B18), BN_DEF(0x3EC86A64, 0xD8760273), -+ BN_DEF(0xD98A0864, 0xF12FFA06), BN_DEF(0x1AD2EE6B, 0xCEE3D226), -+ BN_DEF(0x4A25619D, 0x1E8C94E0), BN_DEF(0xDB0933D7, 0xABF5AE8C), -+ BN_DEF(0xA6E1E4C7, 0xB3970F85), BN_DEF(0x5D060C7D, 0x8AEA7157), -+ BN_DEF(0x58DBEF0A, 0xECFB8504), BN_DEF(0xDF1CBA64, 0xA85521AB), -+ BN_DEF(0x04507A33, 0xAD33170D), BN_DEF(0x8AAAC42D, 0x15728E5A), -+ BN_DEF(0x98FA0510, 0x15D22618), BN_DEF(0xEA956AE5, 0x3995497C), -+ BN_DEF(0x95581718, 0xDE2BCBF6), BN_DEF(0x6F4C52C9, 0xB5C55DF0), -+ BN_DEF(0xEC07A28F, 0x9B2783A2), BN_DEF(0x180E8603, 0xE39E772C), -+ BN_DEF(0x2E36CE3B, 0x32905E46), BN_DEF(0xCA18217C, 0xF1746C08), -+ BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907), -+ BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23), -+ BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836), -+ BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651), -+ BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB), -+ BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9), -+ BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D), -+ BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3), -+ BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6), -+ BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B), -+ BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -+}; -+/* q = (p - 1) / 2 */ -+static const BN_ULONG modp_3072_q[] = { -+ BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x549D6965, 0x25C16890), -+ BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0), -+ BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB), -+ BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139), -+ BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913), -+ BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746), -+ BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB), -+ BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5), -+ BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D), -+ BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE), -+ BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8), -+ BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96), -+ BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604), -+ BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483), -+ BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91), -+ BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B), -+ BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328), -+ BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD), -+ BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174), -+ BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6), -+ BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9), -+ BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53), -+ BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), -+ BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), - }; - --static const BN_ULONG ffdhe4096_p[] = { -- 0xFFFFFFFFFFFFFFFFULL, 0xC68A007E5E655F6AULL, 0x4DB5A851F44182E1ULL, -- 0x8EC9B55A7F88A46BULL, 0x0A8291CDCEC97DCFULL, 0x2A4ECEA9F98D0ACCULL, -- 0x1A1DB93D7140003CULL, 0x092999A333CB8B7AULL, 0x6DC778F971AD0038ULL, -- 0xA907600A918130C4ULL, 0xED6A1E012D9E6832ULL, 0x7135C886EFB4318AULL, -- 0x87F55BA57E31CC7AULL, 0x7763CF1D55034004ULL, 0xAC7D5F42D69F6D18ULL, -- 0x7930E9E4E58857B6ULL, 0x6E6F52C3164DF4FBULL, 0x25E41D2B669E1EF1ULL, -- 0x3C1B20EE3FD59D7CULL, 0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL, -- 0xABC521979B0DEADAULL, 0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL, -- 0x64F2E21E71F54BFFULL, 0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL, -- 0xAEFE130985139270ULL, 0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL, -- 0x61B46FC9D6E6C907ULL, 0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL, -- 0x886B4238611FCFDCULL, 0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL, -- 0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL, -- 0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL, -- 0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL, -- 0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL, -- 0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL, -- 0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL, -- 0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL, -- 0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL, -- 0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL, -- 0xFFFFFFFFFFFFFFFFULL -+/*- -+ * "4096-bit MODP Group" from RFC3526, Section 5. -+ * -+ * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 } -+ * -+ * RFC3526 specifies a generator of 2. -+ */ -+static const BN_ULONG modp_4096_p[] = { -+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x34063199, 0x4DF435C9), -+ BN_DEF(0x90A6C08F, 0x86FFB7DC), BN_DEF(0x8D8FDDC1, 0x93B4EA98), -+ BN_DEF(0xD5B05AA9, 0xD0069127), BN_DEF(0x2170481C, 0xB81BDD76), -+ BN_DEF(0xCEE2D7AF, 0x1F612970), BN_DEF(0x515BE7ED, 0x233BA186), -+ BN_DEF(0xA090C3A2, 0x99B2964F), BN_DEF(0x4E6BC05D, 0x287C5947), -+ BN_DEF(0x1FBECAA6, 0x2E8EFC14), BN_DEF(0x04DE8EF9, 0xDBBBC2DB), -+ BN_DEF(0x2AD44CE8, 0x2583E9CA), BN_DEF(0xB6150BDA, 0x1A946834), -+ BN_DEF(0x6AF4E23C, 0x99C32718), BN_DEF(0xBDBA5B26, 0x88719A10), -+ BN_DEF(0xA787E6D7, 0x1A723C12), BN_DEF(0xA9210801, 0x4B82D120), -+ BN_DEF(0xE0FD108E, 0x43DB5BFC), BN_DEF(0x74E5AB31, 0x08E24FA0), -+ BN_DEF(0xBAD946E2, 0x770988C0), BN_DEF(0x7A615D6C, 0xBBE11757), -+ BN_DEF(0x177B200C, 0x521F2B18), BN_DEF(0x3EC86A64, 0xD8760273), -+ BN_DEF(0xD98A0864, 0xF12FFA06), BN_DEF(0x1AD2EE6B, 0xCEE3D226), -+ BN_DEF(0x4A25619D, 0x1E8C94E0), BN_DEF(0xDB0933D7, 0xABF5AE8C), -+ BN_DEF(0xA6E1E4C7, 0xB3970F85), BN_DEF(0x5D060C7D, 0x8AEA7157), -+ BN_DEF(0x58DBEF0A, 0xECFB8504), BN_DEF(0xDF1CBA64, 0xA85521AB), -+ BN_DEF(0x04507A33, 0xAD33170D), BN_DEF(0x8AAAC42D, 0x15728E5A), -+ BN_DEF(0x98FA0510, 0x15D22618), BN_DEF(0xEA956AE5, 0x3995497C), -+ BN_DEF(0x95581718, 0xDE2BCBF6), BN_DEF(0x6F4C52C9, 0xB5C55DF0), -+ BN_DEF(0xEC07A28F, 0x9B2783A2), BN_DEF(0x180E8603, 0xE39E772C), -+ BN_DEF(0x2E36CE3B, 0x32905E46), BN_DEF(0xCA18217C, 0xF1746C08), -+ BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907), -+ BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23), -+ BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836), -+ BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651), -+ BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB), -+ BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9), -+ BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D), -+ BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3), -+ BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6), -+ BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B), -+ BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -+}; -+/* q = (p - 1) / 2 */ -+static const BN_ULONG modp_4096_q[] = { -+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x9A0318CC, 0xA6FA1AE4), -+ BN_DEF(0x48536047, 0xC37FDBEE), BN_DEF(0x46C7EEE0, 0xC9DA754C), -+ BN_DEF(0xEAD82D54, 0x68034893), BN_DEF(0x10B8240E, 0xDC0DEEBB), -+ BN_DEF(0x67716BD7, 0x8FB094B8), BN_DEF(0x28ADF3F6, 0x119DD0C3), -+ BN_DEF(0xD04861D1, 0xCCD94B27), BN_DEF(0xA735E02E, 0x143E2CA3), -+ BN_DEF(0x0FDF6553, 0x97477E0A), BN_DEF(0x826F477C, 0x6DDDE16D), -+ BN_DEF(0x156A2674, 0x12C1F4E5), BN_DEF(0x5B0A85ED, 0x0D4A341A), -+ BN_DEF(0x357A711E, 0x4CE1938C), BN_DEF(0x5EDD2D93, 0xC438CD08), -+ BN_DEF(0x53C3F36B, 0x8D391E09), BN_DEF(0x54908400, 0x25C16890), -+ BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0), -+ BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB), -+ BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139), -+ BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913), -+ BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746), -+ BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB), -+ BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5), -+ BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D), -+ BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE), -+ BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8), -+ BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96), -+ BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604), -+ BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483), -+ BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91), -+ BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B), -+ BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328), -+ BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD), -+ BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174), -+ BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6), -+ BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9), -+ BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53), -+ BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), -+ BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), - }; - --static const BN_ULONG ffdhe6144_p[] = { -- 0xFFFFFFFFFFFFFFFFULL, 0xA40E329CD0E40E65ULL, 0xA41D570D7938DAD4ULL, -- 0x62A69526D43161C1ULL, 0x3FDD4A8E9ADB1E69ULL, 0x5B3B71F9DC6B80D6ULL, -- 0xEC9D1810C6272B04ULL, 0x8CCF2DD5CACEF403ULL, 0xE49F5235C95B9117ULL, -- 0x505DC82DB854338AULL, 0x62292C311562A846ULL, 0xD72B03746AE77F5EULL, -- 0xF9C9091B462D538CULL, 0x0AE8DB5847A67CBEULL, 0xB3A739C122611682ULL, -- 0xEEAAC0232A281BF6ULL, 0x94C6651E77CAF992ULL, 0x763E4E4B94B2BBC1ULL, -- 0x587E38DA0077D9B4ULL, 0x7FB29F8C183023C3ULL, 0x0ABEC1FFF9E3A26EULL, -- 0xA00EF092350511E3ULL, 0xB855322EDB6340D8ULL, 0xA52471F7A9A96910ULL, -- 0x388147FB4CFDB477ULL, 0x9B1F5C3E4E46041FULL, 0xCDAD0657FCCFEC71ULL, -- 0xB38E8C334C701C3AULL, 0x917BDD64B1C0FD4CULL, 0x3BB454329B7624C8ULL, -- 0x23BA4442CAF53EA6ULL, 0x4E677D2C38532A3AULL, 0x0BFD64B645036C7AULL, -- 0xC68A007E5E0DD902ULL, 0x4DB5A851F44182E1ULL, 0x8EC9B55A7F88A46BULL, -- 0x0A8291CDCEC97DCFULL, 0x2A4ECEA9F98D0ACCULL, 0x1A1DB93D7140003CULL, -- 0x092999A333CB8B7AULL, 0x6DC778F971AD0038ULL, 0xA907600A918130C4ULL, -- 0xED6A1E012D9E6832ULL, 0x7135C886EFB4318AULL, 0x87F55BA57E31CC7AULL, -- 0x7763CF1D55034004ULL, 0xAC7D5F42D69F6D18ULL, 0x7930E9E4E58857B6ULL, -- 0x6E6F52C3164DF4FBULL, 0x25E41D2B669E1EF1ULL, 0x3C1B20EE3FD59D7CULL, -- 0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL, -- 0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL, -- 0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL, 0xAEFE130985139270ULL, -- 0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL, -- 0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL, -- 0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL, -- 0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL, -- 0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL, -- 0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL, -- 0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL, -- 0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL, -- 0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL, -- 0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL, -- 0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL, -- 0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL -+/*- -+ * "6144-bit MODP Group" from RFC3526, Section 6. -+ * -+ * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 } -+ * -+ * RFC3526 specifies a generator of 2. -+ */ -+static const BN_ULONG modp_6144_p[] = { -+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x6DCC4024, 0xE694F91E), -+ BN_DEF(0x0B7474D6, 0x12BF2D5B), BN_DEF(0x3F4860EE, 0x043E8F66), -+ BN_DEF(0x6E3C0468, 0x387FE8D7), BN_DEF(0x2EF29632, 0xDA56C9EC), -+ BN_DEF(0xA313D55C, 0xEB19CCB1), BN_DEF(0x8A1FBFF0, 0xF550AA3D), -+ BN_DEF(0xB7C5DA76, 0x06A1D58B), BN_DEF(0xF29BE328, 0xA79715EE), -+ BN_DEF(0x0F8037E0, 0x14CC5ED2), BN_DEF(0xBF48E1D8, 0xCC8F6D7E), -+ BN_DEF(0x2B4154AA, 0x4BD407B2), BN_DEF(0xFF585AC5, 0x0F1D45B7), -+ BN_DEF(0x36CC88BE, 0x23A97A7E), BN_DEF(0xBEC7E8F3, 0x59E7C97F), -+ BN_DEF(0x900B1C9E, 0xB5A84031), BN_DEF(0x46980C82, 0xD55E702F), -+ BN_DEF(0x6E74FEF6, 0xF482D7CE), BN_DEF(0xD1721D03, 0xF032EA15), -+ BN_DEF(0xC64B92EC, 0x5983CA01), BN_DEF(0x378CD2BF, 0x6FB8F401), -+ BN_DEF(0x2BD7AF42, 0x33205151), BN_DEF(0xE6CC254B, 0xDB7F1447), -+ BN_DEF(0xCED4BB1B, 0x44CE6CBA), BN_DEF(0xCF9B14ED, 0xDA3EDBEB), -+ BN_DEF(0x865A8918, 0x179727B0), BN_DEF(0x9027D831, 0xB06A53ED), -+ BN_DEF(0x413001AE, 0xE5DB382F), BN_DEF(0xAD9E530E, 0xF8FF9406), -+ BN_DEF(0x3DBA37BD, 0xC9751E76), BN_DEF(0x602646DE, 0xC1D4DCB2), -+ BN_DEF(0xD27C7026, 0x36C3FAB4), BN_DEF(0x34028492, 0x4DF435C9), -+ BN_DEF(0x90A6C08F, 0x86FFB7DC), BN_DEF(0x8D8FDDC1, 0x93B4EA98), -+ BN_DEF(0xD5B05AA9, 0xD0069127), BN_DEF(0x2170481C, 0xB81BDD76), -+ BN_DEF(0xCEE2D7AF, 0x1F612970), BN_DEF(0x515BE7ED, 0x233BA186), -+ BN_DEF(0xA090C3A2, 0x99B2964F), BN_DEF(0x4E6BC05D, 0x287C5947), -+ BN_DEF(0x1FBECAA6, 0x2E8EFC14), BN_DEF(0x04DE8EF9, 0xDBBBC2DB), -+ BN_DEF(0x2AD44CE8, 0x2583E9CA), BN_DEF(0xB6150BDA, 0x1A946834), -+ BN_DEF(0x6AF4E23C, 0x99C32718), BN_DEF(0xBDBA5B26, 0x88719A10), -+ BN_DEF(0xA787E6D7, 0x1A723C12), BN_DEF(0xA9210801, 0x4B82D120), -+ BN_DEF(0xE0FD108E, 0x43DB5BFC), BN_DEF(0x74E5AB31, 0x08E24FA0), -+ BN_DEF(0xBAD946E2, 0x770988C0), BN_DEF(0x7A615D6C, 0xBBE11757), -+ BN_DEF(0x177B200C, 0x521F2B18), BN_DEF(0x3EC86A64, 0xD8760273), -+ BN_DEF(0xD98A0864, 0xF12FFA06), BN_DEF(0x1AD2EE6B, 0xCEE3D226), -+ BN_DEF(0x4A25619D, 0x1E8C94E0), BN_DEF(0xDB0933D7, 0xABF5AE8C), -+ BN_DEF(0xA6E1E4C7, 0xB3970F85), BN_DEF(0x5D060C7D, 0x8AEA7157), -+ BN_DEF(0x58DBEF0A, 0xECFB8504), BN_DEF(0xDF1CBA64, 0xA85521AB), -+ BN_DEF(0x04507A33, 0xAD33170D), BN_DEF(0x8AAAC42D, 0x15728E5A), -+ BN_DEF(0x98FA0510, 0x15D22618), BN_DEF(0xEA956AE5, 0x3995497C), -+ BN_DEF(0x95581718, 0xDE2BCBF6), BN_DEF(0x6F4C52C9, 0xB5C55DF0), -+ BN_DEF(0xEC07A28F, 0x9B2783A2), BN_DEF(0x180E8603, 0xE39E772C), -+ BN_DEF(0x2E36CE3B, 0x32905E46), BN_DEF(0xCA18217C, 0xF1746C08), -+ BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907), -+ BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23), -+ BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836), -+ BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651), -+ BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB), -+ BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9), -+ BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D), -+ BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3), -+ BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6), -+ BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B), -+ BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -+}; -+/* q = (p - 1) / 2 */ -+static const BN_ULONG modp_6144_q[] = { -+ BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x36E62012, 0x734A7C8F), -+ BN_DEF(0x85BA3A6B, 0x095F96AD), BN_DEF(0x1FA43077, 0x021F47B3), -+ BN_DEF(0xB71E0234, 0x1C3FF46B), BN_DEF(0x17794B19, 0x6D2B64F6), -+ BN_DEF(0xD189EAAE, 0x758CE658), BN_DEF(0xC50FDFF8, 0x7AA8551E), -+ BN_DEF(0xDBE2ED3B, 0x0350EAC5), BN_DEF(0x794DF194, 0x53CB8AF7), -+ BN_DEF(0x07C01BF0, 0x0A662F69), BN_DEF(0x5FA470EC, 0x6647B6BF), -+ BN_DEF(0x15A0AA55, 0xA5EA03D9), BN_DEF(0xFFAC2D62, 0x078EA2DB), -+ BN_DEF(0x1B66445F, 0x91D4BD3F), BN_DEF(0xDF63F479, 0x2CF3E4BF), -+ BN_DEF(0xC8058E4F, 0x5AD42018), BN_DEF(0xA34C0641, 0x6AAF3817), -+ BN_DEF(0x373A7F7B, 0xFA416BE7), BN_DEF(0xE8B90E81, 0x7819750A), -+ BN_DEF(0xE325C976, 0xACC1E500), BN_DEF(0x9BC6695F, 0x37DC7A00), -+ BN_DEF(0x95EBD7A1, 0x999028A8), BN_DEF(0xF36612A5, 0xEDBF8A23), -+ BN_DEF(0x676A5D8D, 0xA267365D), BN_DEF(0xE7CD8A76, 0x6D1F6DF5), -+ BN_DEF(0x432D448C, 0x8BCB93D8), BN_DEF(0xC813EC18, 0x583529F6), -+ BN_DEF(0xA09800D7, 0x72ED9C17), BN_DEF(0x56CF2987, 0xFC7FCA03), -+ BN_DEF(0x1EDD1BDE, 0x64BA8F3B), BN_DEF(0x3013236F, 0x60EA6E59), -+ BN_DEF(0x693E3813, 0x1B61FD5A), BN_DEF(0x9A014249, 0xA6FA1AE4), -+ BN_DEF(0x48536047, 0xC37FDBEE), BN_DEF(0x46C7EEE0, 0xC9DA754C), -+ BN_DEF(0xEAD82D54, 0x68034893), BN_DEF(0x10B8240E, 0xDC0DEEBB), -+ BN_DEF(0x67716BD7, 0x8FB094B8), BN_DEF(0x28ADF3F6, 0x119DD0C3), -+ BN_DEF(0xD04861D1, 0xCCD94B27), BN_DEF(0xA735E02E, 0x143E2CA3), -+ BN_DEF(0x0FDF6553, 0x97477E0A), BN_DEF(0x826F477C, 0x6DDDE16D), -+ BN_DEF(0x156A2674, 0x12C1F4E5), BN_DEF(0x5B0A85ED, 0x0D4A341A), -+ BN_DEF(0x357A711E, 0x4CE1938C), BN_DEF(0x5EDD2D93, 0xC438CD08), -+ BN_DEF(0x53C3F36B, 0x8D391E09), BN_DEF(0x54908400, 0x25C16890), -+ BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0), -+ BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB), -+ BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139), -+ BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913), -+ BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746), -+ BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB), -+ BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5), -+ BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D), -+ BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE), -+ BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8), -+ BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96), -+ BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604), -+ BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483), -+ BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91), -+ BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B), -+ BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328), -+ BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD), -+ BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174), -+ BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6), -+ BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9), -+ BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53), -+ BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), -+ BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), - }; - --static const BN_ULONG ffdhe8192_p[] = { -- 0xFFFFFFFFFFFFFFFFULL, 0xD68C8BB7C5C6424CULL, 0x011E2A94838FF88CULL, -- 0x0822E506A9F4614EULL, 0x97D11D49F7A8443DULL, 0xA6BBFDE530677F0DULL, -- 0x2F741EF8C1FE86FEULL, 0xFAFABE1C5D71A87EULL, 0xDED2FBABFBE58A30ULL, -- 0xB6855DFE72B0A66EULL, 0x1EFC8CE0BA8A4FE8ULL, 0x83F81D4A3F2FA457ULL, -- 0xA1FE3075A577E231ULL, 0xD5B8019488D9C0A0ULL, 0x624816CDAD9A95F9ULL, -- 0x99E9E31650C1217BULL, 0x51AA691E0E423CFCULL, 0x1C217E6C3826E52CULL, -- 0x51A8A93109703FEEULL, 0xBB7099876A460E74ULL, 0x541FC68C9C86B022ULL, -- 0x59160CC046FD8251ULL, 0x2846C0BA35C35F5CULL, 0x54504AC78B758282ULL, -- 0x29388839D2AF05E4ULL, 0xCB2C0F1CC01BD702ULL, 0x555B2F747C932665ULL, -- 0x86B63142A3AB8829ULL, 0x0B8CC3BDF64B10EFULL, 0x687FEB69EDD1CC5EULL, -- 0xFDB23FCEC9509D43ULL, 0x1E425A31D951AE64ULL, 0x36AD004CF600C838ULL, -- 0xA40E329CCFF46AAAULL, 0xA41D570D7938DAD4ULL, 0x62A69526D43161C1ULL, -- 0x3FDD4A8E9ADB1E69ULL, 0x5B3B71F9DC6B80D6ULL, 0xEC9D1810C6272B04ULL, -- 0x8CCF2DD5CACEF403ULL, 0xE49F5235C95B9117ULL, 0x505DC82DB854338AULL, -- 0x62292C311562A846ULL, 0xD72B03746AE77F5EULL, 0xF9C9091B462D538CULL, -- 0x0AE8DB5847A67CBEULL, 0xB3A739C122611682ULL, 0xEEAAC0232A281BF6ULL, -- 0x94C6651E77CAF992ULL, 0x763E4E4B94B2BBC1ULL, 0x587E38DA0077D9B4ULL, -- 0x7FB29F8C183023C3ULL, 0x0ABEC1FFF9E3A26EULL, 0xA00EF092350511E3ULL, -- 0xB855322EDB6340D8ULL, 0xA52471F7A9A96910ULL, 0x388147FB4CFDB477ULL, -- 0x9B1F5C3E4E46041FULL, 0xCDAD0657FCCFEC71ULL, 0xB38E8C334C701C3AULL, -- 0x917BDD64B1C0FD4CULL, 0x3BB454329B7624C8ULL, 0x23BA4442CAF53EA6ULL, -- 0x4E677D2C38532A3AULL, 0x0BFD64B645036C7AULL, 0xC68A007E5E0DD902ULL, -- 0x4DB5A851F44182E1ULL, 0x8EC9B55A7F88A46BULL, 0x0A8291CDCEC97DCFULL, -- 0x2A4ECEA9F98D0ACCULL, 0x1A1DB93D7140003CULL, 0x092999A333CB8B7AULL, -- 0x6DC778F971AD0038ULL, 0xA907600A918130C4ULL, 0xED6A1E012D9E6832ULL, -- 0x7135C886EFB4318AULL, 0x87F55BA57E31CC7AULL, 0x7763CF1D55034004ULL, -- 0xAC7D5F42D69F6D18ULL, 0x7930E9E4E58857B6ULL, 0x6E6F52C3164DF4FBULL, -- 0x25E41D2B669E1EF1ULL, 0x3C1B20EE3FD59D7CULL, 0x0ABCD06BFA53DDEFULL, -- 0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL, 0xE86D2BC522363A0DULL, -- 0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL, 0xF4FD4452E2D74DD3ULL, -- 0xB4130C93BC437944ULL, 0xAEFE130985139270ULL, 0x598CB0FAC186D91CULL, -- 0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL, 0xBC34F4DEF99C0238ULL, -- 0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL, 0xC6F34A26C1B2EFFAULL, -- 0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL, -- 0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL, -- 0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL, -- 0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL, -- 0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL, -- 0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL, -- 0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL, -- 0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL, -- 0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL, -- 0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL -+/* -+ * "8192-bit MODP Group" from RFC3526, Section 7. -+ * -+ * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 } -+ * -+ * RFC3526 specifies a generator of 2. -+ */ -+static const BN_ULONG modp_8192_p[] = { -+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x98EDD3DF, 0x60C980DD), -+ BN_DEF(0x80B96E71, 0xC81F56E8), BN_DEF(0x765694DF, 0x9E3050E2), -+ BN_DEF(0x5677E9AA, 0x9558E447), BN_DEF(0xFC026E47, 0xC9190DA6), -+ BN_DEF(0xD5EE382B, 0x889A002E), BN_DEF(0x481C6CD7, 0x4009438B), -+ BN_DEF(0xEB879F92, 0x359046F4), BN_DEF(0x1ECFA268, 0xFAF36BC3), -+ BN_DEF(0x7EE74D73, 0xB1D510BD), BN_DEF(0x5DED7EA1, 0xF9AB4819), -+ BN_DEF(0x0846851D, 0x64F31CC5), BN_DEF(0xA0255DC1, 0x4597E899), -+ BN_DEF(0x74AB6A36, 0xDF310EE0), BN_DEF(0x3F44F82D, 0x6D2A13F8), -+ BN_DEF(0xB3A278A6, 0x062B3CF5), BN_DEF(0xED5BDD3A, 0x79683303), -+ BN_DEF(0xA2C087E8, 0xFA9D4B7F), BN_DEF(0x2F8385DD, 0x4BCBC886), -+ BN_DEF(0x6CEA306B, 0x3473FC64), BN_DEF(0x1A23F0C7, 0x13EB57A8), -+ BN_DEF(0xA4037C07, 0x22222E04), BN_DEF(0xFC848AD9, 0xE3FDB8BE), -+ BN_DEF(0xE39D652D, 0x238F16CB), BN_DEF(0x2BF1C978, 0x3423B474), -+ BN_DEF(0x5AE4F568, 0x3AAB639C), BN_DEF(0x6BA42466, 0x2576F693), -+ BN_DEF(0x8AFC47ED, 0x741FA7BF), BN_DEF(0x8D9DD300, 0x3BC832B6), -+ BN_DEF(0x73B931BA, 0xD8BEC4D0), BN_DEF(0xA932DF8C, 0x38777CB6), -+ BN_DEF(0x12FEE5E4, 0x74A3926F), BN_DEF(0x6DBE1159, 0xE694F91E), -+ BN_DEF(0x0B7474D6, 0x12BF2D5B), BN_DEF(0x3F4860EE, 0x043E8F66), -+ BN_DEF(0x6E3C0468, 0x387FE8D7), BN_DEF(0x2EF29632, 0xDA56C9EC), -+ BN_DEF(0xA313D55C, 0xEB19CCB1), BN_DEF(0x8A1FBFF0, 0xF550AA3D), -+ BN_DEF(0xB7C5DA76, 0x06A1D58B), BN_DEF(0xF29BE328, 0xA79715EE), -+ BN_DEF(0x0F8037E0, 0x14CC5ED2), BN_DEF(0xBF48E1D8, 0xCC8F6D7E), -+ BN_DEF(0x2B4154AA, 0x4BD407B2), BN_DEF(0xFF585AC5, 0x0F1D45B7), -+ BN_DEF(0x36CC88BE, 0x23A97A7E), BN_DEF(0xBEC7E8F3, 0x59E7C97F), -+ BN_DEF(0x900B1C9E, 0xB5A84031), BN_DEF(0x46980C82, 0xD55E702F), -+ BN_DEF(0x6E74FEF6, 0xF482D7CE), BN_DEF(0xD1721D03, 0xF032EA15), -+ BN_DEF(0xC64B92EC, 0x5983CA01), BN_DEF(0x378CD2BF, 0x6FB8F401), -+ BN_DEF(0x2BD7AF42, 0x33205151), BN_DEF(0xE6CC254B, 0xDB7F1447), -+ BN_DEF(0xCED4BB1B, 0x44CE6CBA), BN_DEF(0xCF9B14ED, 0xDA3EDBEB), -+ BN_DEF(0x865A8918, 0x179727B0), BN_DEF(0x9027D831, 0xB06A53ED), -+ BN_DEF(0x413001AE, 0xE5DB382F), BN_DEF(0xAD9E530E, 0xF8FF9406), -+ BN_DEF(0x3DBA37BD, 0xC9751E76), BN_DEF(0x602646DE, 0xC1D4DCB2), -+ BN_DEF(0xD27C7026, 0x36C3FAB4), BN_DEF(0x34028492, 0x4DF435C9), -+ BN_DEF(0x90A6C08F, 0x86FFB7DC), BN_DEF(0x8D8FDDC1, 0x93B4EA98), -+ BN_DEF(0xD5B05AA9, 0xD0069127), BN_DEF(0x2170481C, 0xB81BDD76), -+ BN_DEF(0xCEE2D7AF, 0x1F612970), BN_DEF(0x515BE7ED, 0x233BA186), -+ BN_DEF(0xA090C3A2, 0x99B2964F), BN_DEF(0x4E6BC05D, 0x287C5947), -+ BN_DEF(0x1FBECAA6, 0x2E8EFC14), BN_DEF(0x04DE8EF9, 0xDBBBC2DB), -+ BN_DEF(0x2AD44CE8, 0x2583E9CA), BN_DEF(0xB6150BDA, 0x1A946834), -+ BN_DEF(0x6AF4E23C, 0x99C32718), BN_DEF(0xBDBA5B26, 0x88719A10), -+ BN_DEF(0xA787E6D7, 0x1A723C12), BN_DEF(0xA9210801, 0x4B82D120), -+ BN_DEF(0xE0FD108E, 0x43DB5BFC), BN_DEF(0x74E5AB31, 0x08E24FA0), -+ BN_DEF(0xBAD946E2, 0x770988C0), BN_DEF(0x7A615D6C, 0xBBE11757), -+ BN_DEF(0x177B200C, 0x521F2B18), BN_DEF(0x3EC86A64, 0xD8760273), -+ BN_DEF(0xD98A0864, 0xF12FFA06), BN_DEF(0x1AD2EE6B, 0xCEE3D226), -+ BN_DEF(0x4A25619D, 0x1E8C94E0), BN_DEF(0xDB0933D7, 0xABF5AE8C), -+ BN_DEF(0xA6E1E4C7, 0xB3970F85), BN_DEF(0x5D060C7D, 0x8AEA7157), -+ BN_DEF(0x58DBEF0A, 0xECFB8504), BN_DEF(0xDF1CBA64, 0xA85521AB), -+ BN_DEF(0x04507A33, 0xAD33170D), BN_DEF(0x8AAAC42D, 0x15728E5A), -+ BN_DEF(0x98FA0510, 0x15D22618), BN_DEF(0xEA956AE5, 0x3995497C), -+ BN_DEF(0x95581718, 0xDE2BCBF6), BN_DEF(0x6F4C52C9, 0xB5C55DF0), -+ BN_DEF(0xEC07A28F, 0x9B2783A2), BN_DEF(0x180E8603, 0xE39E772C), -+ BN_DEF(0x2E36CE3B, 0x32905E46), BN_DEF(0xCA18217C, 0xF1746C08), -+ BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907), -+ BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23), -+ BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836), -+ BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651), -+ BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB), -+ BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9), -+ BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D), -+ BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3), -+ BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6), -+ BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B), -+ BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -+}; -+/* q = (p - 1) / 2 */ -+static const BN_ULONG modp_8192_q[] = { -+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xCC76E9EF, 0xB064C06E), -+ BN_DEF(0x405CB738, 0xE40FAB74), BN_DEF(0x3B2B4A6F, 0x4F182871), -+ BN_DEF(0xAB3BF4D5, 0xCAAC7223), BN_DEF(0x7E013723, 0xE48C86D3), -+ BN_DEF(0x6AF71C15, 0xC44D0017), BN_DEF(0xA40E366B, 0x2004A1C5), -+ BN_DEF(0x75C3CFC9, 0x1AC8237A), BN_DEF(0x8F67D134, 0xFD79B5E1), -+ BN_DEF(0xBF73A6B9, 0xD8EA885E), BN_DEF(0xAEF6BF50, 0xFCD5A40C), -+ BN_DEF(0x8423428E, 0xB2798E62), BN_DEF(0xD012AEE0, 0x22CBF44C), -+ BN_DEF(0x3A55B51B, 0xEF988770), BN_DEF(0x1FA27C16, 0x369509FC), -+ BN_DEF(0xD9D13C53, 0x03159E7A), BN_DEF(0xF6ADEE9D, 0x3CB41981), -+ BN_DEF(0xD16043F4, 0xFD4EA5BF), BN_DEF(0x17C1C2EE, 0xA5E5E443), -+ BN_DEF(0x36751835, 0x9A39FE32), BN_DEF(0x0D11F863, 0x89F5ABD4), -+ BN_DEF(0x5201BE03, 0x91111702), BN_DEF(0x7E42456C, 0xF1FEDC5F), -+ BN_DEF(0xF1CEB296, 0x11C78B65), BN_DEF(0x15F8E4BC, 0x1A11DA3A), -+ BN_DEF(0x2D727AB4, 0x1D55B1CE), BN_DEF(0xB5D21233, 0x92BB7B49), -+ BN_DEF(0xC57E23F6, 0x3A0FD3DF), BN_DEF(0x46CEE980, 0x1DE4195B), -+ BN_DEF(0x39DC98DD, 0x6C5F6268), BN_DEF(0x54996FC6, 0x1C3BBE5B), -+ BN_DEF(0x897F72F2, 0xBA51C937), BN_DEF(0x36DF08AC, 0x734A7C8F), -+ BN_DEF(0x85BA3A6B, 0x095F96AD), BN_DEF(0x1FA43077, 0x021F47B3), -+ BN_DEF(0xB71E0234, 0x1C3FF46B), BN_DEF(0x17794B19, 0x6D2B64F6), -+ BN_DEF(0xD189EAAE, 0x758CE658), BN_DEF(0xC50FDFF8, 0x7AA8551E), -+ BN_DEF(0xDBE2ED3B, 0x0350EAC5), BN_DEF(0x794DF194, 0x53CB8AF7), -+ BN_DEF(0x07C01BF0, 0x0A662F69), BN_DEF(0x5FA470EC, 0x6647B6BF), -+ BN_DEF(0x15A0AA55, 0xA5EA03D9), BN_DEF(0xFFAC2D62, 0x078EA2DB), -+ BN_DEF(0x1B66445F, 0x91D4BD3F), BN_DEF(0xDF63F479, 0x2CF3E4BF), -+ BN_DEF(0xC8058E4F, 0x5AD42018), BN_DEF(0xA34C0641, 0x6AAF3817), -+ BN_DEF(0x373A7F7B, 0xFA416BE7), BN_DEF(0xE8B90E81, 0x7819750A), -+ BN_DEF(0xE325C976, 0xACC1E500), BN_DEF(0x9BC6695F, 0x37DC7A00), -+ BN_DEF(0x95EBD7A1, 0x999028A8), BN_DEF(0xF36612A5, 0xEDBF8A23), -+ BN_DEF(0x676A5D8D, 0xA267365D), BN_DEF(0xE7CD8A76, 0x6D1F6DF5), -+ BN_DEF(0x432D448C, 0x8BCB93D8), BN_DEF(0xC813EC18, 0x583529F6), -+ BN_DEF(0xA09800D7, 0x72ED9C17), BN_DEF(0x56CF2987, 0xFC7FCA03), -+ BN_DEF(0x1EDD1BDE, 0x64BA8F3B), BN_DEF(0x3013236F, 0x60EA6E59), -+ BN_DEF(0x693E3813, 0x1B61FD5A), BN_DEF(0x9A014249, 0xA6FA1AE4), -+ BN_DEF(0x48536047, 0xC37FDBEE), BN_DEF(0x46C7EEE0, 0xC9DA754C), -+ BN_DEF(0xEAD82D54, 0x68034893), BN_DEF(0x10B8240E, 0xDC0DEEBB), -+ BN_DEF(0x67716BD7, 0x8FB094B8), BN_DEF(0x28ADF3F6, 0x119DD0C3), -+ BN_DEF(0xD04861D1, 0xCCD94B27), BN_DEF(0xA735E02E, 0x143E2CA3), -+ BN_DEF(0x0FDF6553, 0x97477E0A), BN_DEF(0x826F477C, 0x6DDDE16D), -+ BN_DEF(0x156A2674, 0x12C1F4E5), BN_DEF(0x5B0A85ED, 0x0D4A341A), -+ BN_DEF(0x357A711E, 0x4CE1938C), BN_DEF(0x5EDD2D93, 0xC438CD08), -+ BN_DEF(0x53C3F36B, 0x8D391E09), BN_DEF(0x54908400, 0x25C16890), -+ BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0), -+ BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB), -+ BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139), -+ BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913), -+ BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746), -+ BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB), -+ BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5), -+ BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D), -+ BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE), -+ BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8), -+ BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96), -+ BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604), -+ BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483), -+ BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91), -+ BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B), -+ BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328), -+ BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD), -+ BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174), -+ BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6), -+ BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9), -+ BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53), -+ BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), -+ BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), - }; - --# elif BN_BITS2 == 32 -- -+/* DH parameters from RFC5114 */ - static const BN_ULONG dh1024_160_p[] = { -- 0x2E4A4371, 0xDF1FB2BC, 0x6D4DA708, 0xE68CFDA7, 0x365C1A65, 0x45BF37DF, -- 0x0DC8B4BD, 0xA151AF5F, 0xF55BCCC0, 0xFAA31A4F, 0xE5644738, 0x4EFFD6FA, -- 0x219A7372, 0x98488E9C, 0x90C4BD70, 0xACCBDD7D, 0xD49B83BF, 0x24975C3C, -- 0xA9061123, 0x13ECB4AE, 0x2EE652C0, 0x9838EF1E, 0x75A23D18, 0x6073E286, -- 0x52D23B61, 0x9A6A9DCA, 0xFB06A3C6, 0x52C99FBC, 0xAE5D54EC, 0xDE92DE5E, -- 0xA080E01D, 0xB10B8F96 -+ BN_DEF(0x2E4A4371, 0xDF1FB2BC), BN_DEF(0x6D4DA708, 0xE68CFDA7), -+ BN_DEF(0x365C1A65, 0x45BF37DF), BN_DEF(0x0DC8B4BD, 0xA151AF5F), -+ BN_DEF(0xF55BCCC0, 0xFAA31A4F), BN_DEF(0xE5644738, 0x4EFFD6FA), -+ BN_DEF(0x219A7372, 0x98488E9C), BN_DEF(0x90C4BD70, 0xACCBDD7D), -+ BN_DEF(0xD49B83BF, 0x24975C3C), BN_DEF(0xA9061123, 0x13ECB4AE), -+ BN_DEF(0x2EE652C0, 0x9838EF1E), BN_DEF(0x75A23D18, 0x6073E286), -+ BN_DEF(0x52D23B61, 0x9A6A9DCA), BN_DEF(0xFB06A3C6, 0x52C99FBC), -+ BN_DEF(0xAE5D54EC, 0xDE92DE5E), BN_DEF(0xA080E01D, 0xB10B8F96) - }; -- --static const BN_ULONG dh1024_160_g[] = { -- 0x22B3B2E5, 0x855E6EEB, 0xF97C2A24, 0x858F4DCE, 0x18D08BC8, 0x2D779D59, -- 0x8E73AFA3, 0xD662A4D1, 0x69B6A28A, 0x1DBF0A01, 0x7A091F53, 0xA6A24C08, -- 0x63F80A76, 0x909D0D22, 0xB9A92EE1, 0xD7FBD7D3, 0x9E2749F4, 0x5E91547F, -- 0xB01B886A, 0x160217B4, 0x5504F213, 0x777E690F, 0x5C41564B, 0x266FEA1E, -- 0x14266D31, 0xD6406CFF, 0x58AC507F, 0xF8104DD2, 0xEFB99905, 0x6765A442, -- 0xC3FD3412, 0xA4D1CBD5 --}; -- - static const BN_ULONG dh1024_160_q[] = { -- 0x49462353, 0x64B7CB9D, 0x8ABA4E7D, 0x81A8DF27, 0xF518AA87 -+ BN_DEF(0x49462353, 0x64B7CB9D), BN_DEF(0x8ABA4E7D, 0x81A8DF27), -+ (BN_ULONG)0xF518AA87 - }; -- --static const BN_ULONG dh2048_224_p[] = { -- 0x0C10E64F, 0x0AC4DFFE, 0x4E71B81C, 0xCF9DE538, 0xFFA31F71, 0x7EF363E2, -- 0x6B8E75B9, 0xE3FB73C1, 0x4BA80A29, 0xC9B53DCF, 0x16E79763, 0x23F10B0E, -- 0x13042E9B, 0xC52172E4, 0xC928B2B9, 0xBE60E69C, 0xB9E587E8, 0x80CD86A1, -- 0x98C641A4, 0x315D75E1, 0x44328387, 0xCDF93ACC, 0xDC0A486D, 0x15987D9A, -- 0x1FD5A074, 0x7310F712, 0xDE31EFDC, 0x278273C7, 0x415D9330, 0x1602E714, -- 0xBC8985DB, 0x81286130, 0x70918836, 0xB3BF8A31, 0xB9C49708, 0x6A00E0A0, -- 0x8BBC27BE, 0xC6BA0B2C, 0xED34DBF6, 0xC9F98D11, 0xB6C12207, 0x7AD5B7D0, -- 0x55B7394B, 0xD91E8FEF, 0xEFDA4DF8, 0x9037C9ED, 0xAD6AC212, 0x6D3F8152, -- 0x1274A0A6, 0x1DE6B85A, 0x309C180E, 0xEB3D688A, 0x7BA1DF15, 0xAF9A3C40, -- 0xF95A56DB, 0xE6FA141D, 0xB61D0A75, 0xB54B1597, 0x683B9FD1, 0xA20D64E5, -- 0x9559C51F, 0xD660FAA7, 0x9123A9D0, 0xAD107E1E -+static const BN_ULONG dh1024_160_g[] = { -+ BN_DEF(0x22B3B2E5, 0x855E6EEB), BN_DEF(0xF97C2A24, 0x858F4DCE), -+ BN_DEF(0x18D08BC8, 0x2D779D59), BN_DEF(0x8E73AFA3, 0xD662A4D1), -+ BN_DEF(0x69B6A28A, 0x1DBF0A01), BN_DEF(0x7A091F53, 0xA6A24C08), -+ BN_DEF(0x63F80A76, 0x909D0D22), BN_DEF(0xB9A92EE1, 0xD7FBD7D3), -+ BN_DEF(0x9E2749F4, 0x5E91547F), BN_DEF(0xB01B886A, 0x160217B4), -+ BN_DEF(0x5504F213, 0x777E690F), BN_DEF(0x5C41564B, 0x266FEA1E), -+ BN_DEF(0x14266D31, 0xD6406CFF), BN_DEF(0x58AC507F, 0xF8104DD2), -+ BN_DEF(0xEFB99905, 0x6765A442), BN_DEF(0xC3FD3412, 0xA4D1CBD5) - }; - --static const BN_ULONG dh2048_224_g[] = { -- 0x191F2BFA, 0x84B890D3, 0x2A7065B3, 0x81BC087F, 0xF6EC0179, 0x19C418E1, -- 0x71CFFF4C, 0x7B5A0F1C, 0x9B6AA4BD, 0xEDFE72FE, 0x94B30269, 0x81E1BCFE, -- 0x8D6C0191, 0x566AFBB4, 0x409D13CD, 0xB539CCE3, 0x5F2FF381, 0x6AA21E7F, -- 0x770589EF, 0xD9E263E4, 0xD19963DD, 0x10E183ED, 0x150B8EEB, 0xB70A8137, -- 0x28C8F8AC, 0x051AE3D4, 0x0C1AB15B, 0xBB77A86F, 0x16A330EF, 0x6E3025E3, -- 0xD6F83456, 0x19529A45, 0x118E98D1, 0xF180EB34, 0x50717CBE, 0xB5F6C6B2, -- 0xDA7460CD, 0x09939D54, 0x22EA1ED4, 0xE2471504, 0x521BC98A, 0xB8A762D0, -- 0x5AC1348B, 0xF4D02727, 0x1999024A, 0xC1766910, 0xA8D66AD7, 0xBE5E9001, -- 0x620A8652, 0xC57DB17C, 0x00C29F52, 0xAB739D77, 0xA70C4AFA, 0xDD921F01, -- 0x10B9A6F0, 0xA6824A4E, 0xCFE4FFE3, 0x74866A08, 0x89998CAF, 0x6CDEBE7B, -- 0x8FFDAC50, 0x9DF30B5C, 0x4F2D9AE3, 0xAC4032EF -+static const BN_ULONG dh2048_224_p[] = { -+ BN_DEF(0x0C10E64F, 0x0AC4DFFE), BN_DEF(0x4E71B81C, 0xCF9DE538), -+ BN_DEF(0xFFA31F71, 0x7EF363E2), BN_DEF(0x6B8E75B9, 0xE3FB73C1), -+ BN_DEF(0x4BA80A29, 0xC9B53DCF), BN_DEF(0x16E79763, 0x23F10B0E), -+ BN_DEF(0x13042E9B, 0xC52172E4), BN_DEF(0xC928B2B9, 0xBE60E69C), -+ BN_DEF(0xB9E587E8, 0x80CD86A1), BN_DEF(0x98C641A4, 0x315D75E1), -+ BN_DEF(0x44328387, 0xCDF93ACC), BN_DEF(0xDC0A486D, 0x15987D9A), -+ BN_DEF(0x1FD5A074, 0x7310F712), BN_DEF(0xDE31EFDC, 0x278273C7), -+ BN_DEF(0x415D9330, 0x1602E714), BN_DEF(0xBC8985DB, 0x81286130), -+ BN_DEF(0x70918836, 0xB3BF8A31), BN_DEF(0xB9C49708, 0x6A00E0A0), -+ BN_DEF(0x8BBC27BE, 0xC6BA0B2C), BN_DEF(0xED34DBF6, 0xC9F98D11), -+ BN_DEF(0xB6C12207, 0x7AD5B7D0), BN_DEF(0x55B7394B, 0xD91E8FEF), -+ BN_DEF(0xEFDA4DF8, 0x9037C9ED), BN_DEF(0xAD6AC212, 0x6D3F8152), -+ BN_DEF(0x1274A0A6, 0x1DE6B85A), BN_DEF(0x309C180E, 0xEB3D688A), -+ BN_DEF(0x7BA1DF15, 0xAF9A3C40), BN_DEF(0xF95A56DB, 0xE6FA141D), -+ BN_DEF(0xB61D0A75, 0xB54B1597), BN_DEF(0x683B9FD1, 0xA20D64E5), -+ BN_DEF(0x9559C51F, 0xD660FAA7), BN_DEF(0x9123A9D0, 0xAD107E1E) - }; -- - static const BN_ULONG dh2048_224_q[] = { -- 0xB36371EB, 0xBF389A99, 0x4738CEBC, 0x1F80535A, 0x99717710, 0xC58D93FE, -- 0x801C0D34 -+ BN_DEF(0xB36371EB, 0xBF389A99), BN_DEF(0x4738CEBC, 0x1F80535A), -+ BN_DEF(0x99717710, 0xC58D93FE), (BN_ULONG)0x801C0D34 - }; -- --static const BN_ULONG dh2048_256_p[] = { -- 0x1E1A1597, 0xDB094AE9, 0xD7EF09CA, 0x693877FA, 0x6E11715F, 0x6116D227, -- 0xC198AF12, 0xA4B54330, 0xD7014103, 0x75F26375, 0x54E710C3, 0xC3A3960A, -- 0xBD0BE621, 0xDED4010A, 0x89962856, 0xC0B857F6, 0x71506026, 0xB3CA3F79, -- 0xE6B486F6, 0x1CCACB83, 0x14056425, 0x67E144E5, 0xA41825D9, 0xF6A167B5, -- 0x96524D8E, 0x3AD83477, 0x51BFA4AB, 0xF13C6D9A, 0x35488A0E, 0x2D525267, -- 0xCAA6B790, 0xB63ACAE1, 0x81B23F76, 0x4FDB70C5, 0x12307F5C, 0xBC39A0BF, -- 0xB1E59BB8, 0xB941F54E, 0xD45F9088, 0x6C5BFC11, 0x4275BF7B, 0x22E0B1EF, -- 0x5B4758C0, 0x91F9E672, 0x6BCF67ED, 0x5A8A9D30, 0x97517ABD, 0x209E0C64, -- 0x830E9A7C, 0x3BF4296D, 0x34096FAA, 0x16C3D911, 0x61B2AA30, 0xFAF7DF45, -- 0xD61957D4, 0xE00DF8F1, 0x435E3B00, 0x5D2CEED4, 0x660DD0F2, 0x8CEEF608, -- 0x65195999, 0xFFBBD19C, 0xB4B6663C, 0x87A8E61D -+static const BN_ULONG dh2048_224_g[] = { -+ BN_DEF(0x191F2BFA, 0x84B890D3), BN_DEF(0x2A7065B3, 0x81BC087F), -+ BN_DEF(0xF6EC0179, 0x19C418E1), BN_DEF(0x71CFFF4C, 0x7B5A0F1C), -+ BN_DEF(0x9B6AA4BD, 0xEDFE72FE), BN_DEF(0x94B30269, 0x81E1BCFE), -+ BN_DEF(0x8D6C0191, 0x566AFBB4), BN_DEF(0x409D13CD, 0xB539CCE3), -+ BN_DEF(0x5F2FF381, 0x6AA21E7F), BN_DEF(0x770589EF, 0xD9E263E4), -+ BN_DEF(0xD19963DD, 0x10E183ED), BN_DEF(0x150B8EEB, 0xB70A8137), -+ BN_DEF(0x28C8F8AC, 0x051AE3D4), BN_DEF(0x0C1AB15B, 0xBB77A86F), -+ BN_DEF(0x16A330EF, 0x6E3025E3), BN_DEF(0xD6F83456, 0x19529A45), -+ BN_DEF(0x118E98D1, 0xF180EB34), BN_DEF(0x50717CBE, 0xB5F6C6B2), -+ BN_DEF(0xDA7460CD, 0x09939D54), BN_DEF(0x22EA1ED4, 0xE2471504), -+ BN_DEF(0x521BC98A, 0xB8A762D0), BN_DEF(0x5AC1348B, 0xF4D02727), -+ BN_DEF(0x1999024A, 0xC1766910), BN_DEF(0xA8D66AD7, 0xBE5E9001), -+ BN_DEF(0x620A8652, 0xC57DB17C), BN_DEF(0x00C29F52, 0xAB739D77), -+ BN_DEF(0xA70C4AFA, 0xDD921F01), BN_DEF(0x10B9A6F0, 0xA6824A4E), -+ BN_DEF(0xCFE4FFE3, 0x74866A08), BN_DEF(0x89998CAF, 0x6CDEBE7B), -+ BN_DEF(0x8FFDAC50, 0x9DF30B5C), BN_DEF(0x4F2D9AE3, 0xAC4032EF) - }; - --static const BN_ULONG dh2048_256_g[] = { -- 0x6CC41659, 0x664B4C0F, 0xEF98C582, 0x5E2327CF, 0xD4795451, 0xD647D148, -- 0x90F00EF8, 0x2F630784, 0x1DB246C3, 0x184B523D, 0xCDC67EB6, 0xC7891428, -- 0x0DF92B52, 0x7FD02837, 0x64E0EC37, 0xB3353BBB, 0x57CD0915, 0xECD06E15, -- 0xDF016199, 0xB7D2BBD2, 0x052588B9, 0xC8484B1E, 0x13D3FE14, 0xDB2A3B73, -- 0xD182EA0A, 0xD052B985, 0xE83B9C80, 0xA4BD1BFF, 0xFB3F2E55, 0xDFC967C1, -- 0x767164E1, 0xB5045AF2, 0x6F2F9193, 0x1D14348F, 0x428EBC83, 0x64E67982, -- 0x82D6ED38, 0x8AC376D2, 0xAAB8A862, 0x777DE62A, 0xE9EC144B, 0xDDF463E5, -- 0xC77A57F2, 0x0196F931, 0x41000A65, 0xA55AE313, 0xC28CBB18, 0x901228F8, -- 0x7E8C6F62, 0xBC3773BF, 0x0C6B47B1, 0xBE3A6C1B, 0xAC0BB555, 0xFF4FED4A, -- 0x77BE463F, 0x10DBC150, 0x1A0BA125, 0x07F4793A, 0x21EF2054, 0x4CA7B18F, -- 0x60EDBD48, 0x2E775066, 0x73134D0B, 0x3FB32C9B -+static const BN_ULONG dh2048_256_p[] = { -+ BN_DEF(0x1E1A1597, 0xDB094AE9), BN_DEF(0xD7EF09CA, 0x693877FA), -+ BN_DEF(0x6E11715F, 0x6116D227), BN_DEF(0xC198AF12, 0xA4B54330), -+ BN_DEF(0xD7014103, 0x75F26375), BN_DEF(0x54E710C3, 0xC3A3960A), -+ BN_DEF(0xBD0BE621, 0xDED4010A), BN_DEF(0x89962856, 0xC0B857F6), -+ BN_DEF(0x71506026, 0xB3CA3F79), BN_DEF(0xE6B486F6, 0x1CCACB83), -+ BN_DEF(0x14056425, 0x67E144E5), BN_DEF(0xA41825D9, 0xF6A167B5), -+ BN_DEF(0x96524D8E, 0x3AD83477), BN_DEF(0x51BFA4AB, 0xF13C6D9A), -+ BN_DEF(0x35488A0E, 0x2D525267), BN_DEF(0xCAA6B790, 0xB63ACAE1), -+ BN_DEF(0x81B23F76, 0x4FDB70C5), BN_DEF(0x12307F5C, 0xBC39A0BF), -+ BN_DEF(0xB1E59BB8, 0xB941F54E), BN_DEF(0xD45F9088, 0x6C5BFC11), -+ BN_DEF(0x4275BF7B, 0x22E0B1EF), BN_DEF(0x5B4758C0, 0x91F9E672), -+ BN_DEF(0x6BCF67ED, 0x5A8A9D30), BN_DEF(0x97517ABD, 0x209E0C64), -+ BN_DEF(0x830E9A7C, 0x3BF4296D), BN_DEF(0x34096FAA, 0x16C3D911), -+ BN_DEF(0x61B2AA30, 0xFAF7DF45), BN_DEF(0xD61957D4, 0xE00DF8F1), -+ BN_DEF(0x435E3B00, 0x5D2CEED4), BN_DEF(0x660DD0F2, 0x8CEEF608), -+ BN_DEF(0x65195999, 0xFFBBD19C), BN_DEF(0xB4B6663C, 0x87A8E61D) - }; -- - static const BN_ULONG dh2048_256_q[] = { -- 0x64F5FBD3, 0xA308B0FE, 0x1EB3750B, 0x99B1A47D, 0x40129DA2, 0xB4479976, -- 0xA709A097, 0x8CF83642 -+ BN_DEF(0x64F5FBD3, 0xA308B0FE), BN_DEF(0x1EB3750B, 0x99B1A47D), -+ BN_DEF(0x40129DA2, 0xB4479976), BN_DEF(0xA709A097, 0x8CF83642) -+}; -+static const BN_ULONG dh2048_256_g[] = { -+ BN_DEF(0x6CC41659, 0x664B4C0F), BN_DEF(0xEF98C582, 0x5E2327CF), -+ BN_DEF(0xD4795451, 0xD647D148), BN_DEF(0x90F00EF8, 0x2F630784), -+ BN_DEF(0x1DB246C3, 0x184B523D), BN_DEF(0xCDC67EB6, 0xC7891428), -+ BN_DEF(0x0DF92B52, 0x7FD02837), BN_DEF(0x64E0EC37, 0xB3353BBB), -+ BN_DEF(0x57CD0915, 0xECD06E15), BN_DEF(0xDF016199, 0xB7D2BBD2), -+ BN_DEF(0x052588B9, 0xC8484B1E), BN_DEF(0x13D3FE14, 0xDB2A3B73), -+ BN_DEF(0xD182EA0A, 0xD052B985), BN_DEF(0xE83B9C80, 0xA4BD1BFF), -+ BN_DEF(0xFB3F2E55, 0xDFC967C1), BN_DEF(0x767164E1, 0xB5045AF2), -+ BN_DEF(0x6F2F9193, 0x1D14348F), BN_DEF(0x428EBC83, 0x64E67982), -+ BN_DEF(0x82D6ED38, 0x8AC376D2), BN_DEF(0xAAB8A862, 0x777DE62A), -+ BN_DEF(0xE9EC144B, 0xDDF463E5), BN_DEF(0xC77A57F2, 0x0196F931), -+ BN_DEF(0x41000A65, 0xA55AE313), BN_DEF(0xC28CBB18, 0x901228F8), -+ BN_DEF(0x7E8C6F62, 0xBC3773BF), BN_DEF(0x0C6B47B1, 0xBE3A6C1B), -+ BN_DEF(0xAC0BB555, 0xFF4FED4A), BN_DEF(0x77BE463F, 0x10DBC150), -+ BN_DEF(0x1A0BA125, 0x07F4793A), BN_DEF(0x21EF2054, 0x4CA7B18F), -+ BN_DEF(0x60EDBD48, 0x2E775066), BN_DEF(0x73134D0B, 0x3FB32C9B) - }; - - /* Primes from RFC 7919 */ -- - static const BN_ULONG ffdhe2048_p[] = { -- 0xFFFFFFFF, 0xFFFFFFFF, 0x61285C97, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26, -- 0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B, -- 0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD, -- 0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7, -- 0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B, -- 0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1, -- 0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E, -- 0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5, -- 0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE, -- 0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620, -- 0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF -+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x61285C97, 0x886B4238), -+ BN_DEF(0xC1B2EFFA, 0xC6F34A26), BN_DEF(0x7D1683B2, 0xC58EF183), -+ BN_DEF(0x2EC22005, 0x3BB5FCBC), BN_DEF(0x4C6FAD73, 0xC3FE3B1B), -+ BN_DEF(0xEEF28183, 0x8E4F1232), BN_DEF(0xE98583FF, 0x9172FE9C), -+ BN_DEF(0x28342F61, 0xC03404CD), BN_DEF(0xCDF7E2EC, 0x9E02FCE1), -+ BN_DEF(0xEE0A6D70, 0x0B07A7C8), BN_DEF(0x6372BB19, 0xAE56EDE7), -+ BN_DEF(0xDE394DF4, 0x1D4F42A3), BN_DEF(0x60D7F468, 0xB96ADAB7), -+ BN_DEF(0xB2C8E3FB, 0xD108A94B), BN_DEF(0xB324FB61, 0xBC0AB182), -+ BN_DEF(0x483A797A, 0x30ACCA4F), BN_DEF(0x36ADE735, 0x1DF158A1), -+ BN_DEF(0xF3EFE872, 0xE2A689DA), BN_DEF(0xE0E68B77, 0x984F0C70), -+ BN_DEF(0x7F57C935, 0xB557135E), BN_DEF(0x3DED1AF3, 0x85636555), -+ BN_DEF(0x5F066ED0, 0x2433F51F), BN_DEF(0xD5FD6561, 0xD3DF1ED5), -+ BN_DEF(0xAEC4617A, 0xF681B202), BN_DEF(0x630C75D8, 0x7D2FE363), -+ BN_DEF(0x249B3EF9, 0xCC939DCE), BN_DEF(0x146433FB, 0xA9E13641), -+ BN_DEF(0xCE2D3695, 0xD8B9C583), BN_DEF(0x273D3CF1, 0xAFDC5620), -+ BN_DEF(0xA2BB4A9A, 0xADF85458), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -+}; -+/* q = (p - 1) / 2 */ -+static const BN_ULONG ffdhe2048_q[] = { -+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x30942E4B, 0x4435A11C), -+ BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1), -+ BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D), -+ BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E), -+ BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70), -+ BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3), -+ BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B), -+ BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1), -+ BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50), -+ BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638), -+ BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA), -+ BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A), -+ BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1), -+ BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20), -+ BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10), -+ BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), - }; - - static const BN_ULONG ffdhe3072_p[] = { -- 0xFFFFFFFF, 0xFFFFFFFF, 0x66C62E37, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE, -- 0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197, -- 0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E, -- 0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309, -- 0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9, -- 0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238, -- 0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC, -- 0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C, -- 0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8, -- 0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7, -- 0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F, -- 0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70, -- 0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F, -- 0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363, -- 0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583, -- 0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF -+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x66C62E37, 0x25E41D2B), -+ BN_DEF(0x3FD59D7C, 0x3C1B20EE), BN_DEF(0xFA53DDEF, 0x0ABCD06B), -+ BN_DEF(0xD5C4484E, 0x1DBF9A42), BN_DEF(0x9B0DEADA, 0xABC52197), -+ BN_DEF(0x22363A0D, 0xE86D2BC5), BN_DEF(0x9C9DF69E, 0x5CAE82AB), -+ BN_DEF(0x71F54BFF, 0x64F2E21E), BN_DEF(0xE2D74DD3, 0xF4FD4452), -+ BN_DEF(0xBC437944, 0xB4130C93), BN_DEF(0x85139270, 0xAEFE1309), -+ BN_DEF(0xC186D91C, 0x598CB0FA), BN_DEF(0x91F7F7EE, 0x7AD91D26), -+ BN_DEF(0xD6E6C907, 0x61B46FC9), BN_DEF(0xF99C0238, 0xBC34F4DE), -+ BN_DEF(0x6519035B, 0xDE355B3B), BN_DEF(0x611FCFDC, 0x886B4238), -+ BN_DEF(0xC1B2EFFA, 0xC6F34A26), BN_DEF(0x7D1683B2, 0xC58EF183), -+ BN_DEF(0x2EC22005, 0x3BB5FCBC), BN_DEF(0x4C6FAD73, 0xC3FE3B1B), -+ BN_DEF(0xEEF28183, 0x8E4F1232), BN_DEF(0xE98583FF, 0x9172FE9C), -+ BN_DEF(0x28342F61, 0xC03404CD), BN_DEF(0xCDF7E2EC, 0x9E02FCE1), -+ BN_DEF(0xEE0A6D70, 0x0B07A7C8), BN_DEF(0x6372BB19, 0xAE56EDE7), -+ BN_DEF(0xDE394DF4, 0x1D4F42A3), BN_DEF(0x60D7F468, 0xB96ADAB7), -+ BN_DEF(0xB2C8E3FB, 0xD108A94B), BN_DEF(0xB324FB61, 0xBC0AB182), -+ BN_DEF(0x483A797A, 0x30ACCA4F), BN_DEF(0x36ADE735, 0x1DF158A1), -+ BN_DEF(0xF3EFE872, 0xE2A689DA), BN_DEF(0xE0E68B77, 0x984F0C70), -+ BN_DEF(0x7F57C935, 0xB557135E), BN_DEF(0x3DED1AF3, 0x85636555), -+ BN_DEF(0x5F066ED0, 0x2433F51F), BN_DEF(0xD5FD6561, 0xD3DF1ED5), -+ BN_DEF(0xAEC4617A, 0xF681B202), BN_DEF(0x630C75D8, 0x7D2FE363), -+ BN_DEF(0x249B3EF9, 0xCC939DCE), BN_DEF(0x146433FB, 0xA9E13641), -+ BN_DEF(0xCE2D3695, 0xD8B9C583), BN_DEF(0x273D3CF1, 0xAFDC5620), -+ BN_DEF(0xA2BB4A9A, 0xADF85458), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -+}; -+/* q = (p - 1) / 2 */ -+static const BN_ULONG ffdhe3072_q[] = { -+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xB363171B, 0x12F20E95), -+ BN_DEF(0x1FEACEBE, 0x9E0D9077), BN_DEF(0xFD29EEF7, 0x055E6835), -+ BN_DEF(0x6AE22427, 0x0EDFCD21), BN_DEF(0xCD86F56D, 0xD5E290CB), -+ BN_DEF(0x911B1D06, 0x743695E2), BN_DEF(0xCE4EFB4F, 0xAE574155), -+ BN_DEF(0x38FAA5FF, 0xB279710F), BN_DEF(0x716BA6E9, 0x7A7EA229), -+ BN_DEF(0xDE21BCA2, 0x5A098649), BN_DEF(0xC289C938, 0x577F0984), -+ BN_DEF(0x60C36C8E, 0x2CC6587D), BN_DEF(0x48FBFBF7, 0xBD6C8E93), -+ BN_DEF(0xEB736483, 0x30DA37E4), BN_DEF(0x7CCE011C, 0xDE1A7A6F), -+ BN_DEF(0xB28C81AD, 0x6F1AAD9D), BN_DEF(0x308FE7EE, 0x4435A11C), -+ BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1), -+ BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D), -+ BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E), -+ BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70), -+ BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3), -+ BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B), -+ BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1), -+ BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50), -+ BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638), -+ BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA), -+ BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A), -+ BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1), -+ BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20), -+ BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10), -+ BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), - }; - - static const BN_ULONG ffdhe4096_p[] = { -- 0xFFFFFFFF, 0xFFFFFFFF, 0x5E655F6A, 0xC68A007E, 0xF44182E1, 0x4DB5A851, -- 0x7F88A46B, 0x8EC9B55A, 0xCEC97DCF, 0x0A8291CD, 0xF98D0ACC, 0x2A4ECEA9, -- 0x7140003C, 0x1A1DB93D, 0x33CB8B7A, 0x092999A3, 0x71AD0038, 0x6DC778F9, -- 0x918130C4, 0xA907600A, 0x2D9E6832, 0xED6A1E01, 0xEFB4318A, 0x7135C886, -- 0x7E31CC7A, 0x87F55BA5, 0x55034004, 0x7763CF1D, 0xD69F6D18, 0xAC7D5F42, -- 0xE58857B6, 0x7930E9E4, 0x164DF4FB, 0x6E6F52C3, 0x669E1EF1, 0x25E41D2B, -- 0x3FD59D7C, 0x3C1B20EE, 0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42, -- 0x9B0DEADA, 0xABC52197, 0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB, -- 0x71F54BFF, 0x64F2E21E, 0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93, -- 0x85139270, 0xAEFE1309, 0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26, -- 0xD6E6C907, 0x61B46FC9, 0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B, -- 0x611FCFDC, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183, -- 0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232, -- 0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1, -- 0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3, -- 0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182, -- 0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA, -- 0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555, -- 0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202, -- 0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641, -- 0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458, -- 0xFFFFFFFF, 0xFFFFFFFF -+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x5E655F6A, 0xC68A007E), -+ BN_DEF(0xF44182E1, 0x4DB5A851), BN_DEF(0x7F88A46B, 0x8EC9B55A), -+ BN_DEF(0xCEC97DCF, 0x0A8291CD), BN_DEF(0xF98D0ACC, 0x2A4ECEA9), -+ BN_DEF(0x7140003C, 0x1A1DB93D), BN_DEF(0x33CB8B7A, 0x092999A3), -+ BN_DEF(0x71AD0038, 0x6DC778F9), BN_DEF(0x918130C4, 0xA907600A), -+ BN_DEF(0x2D9E6832, 0xED6A1E01), BN_DEF(0xEFB4318A, 0x7135C886), -+ BN_DEF(0x7E31CC7A, 0x87F55BA5), BN_DEF(0x55034004, 0x7763CF1D), -+ BN_DEF(0xD69F6D18, 0xAC7D5F42), BN_DEF(0xE58857B6, 0x7930E9E4), -+ BN_DEF(0x164DF4FB, 0x6E6F52C3), BN_DEF(0x669E1EF1, 0x25E41D2B), -+ BN_DEF(0x3FD59D7C, 0x3C1B20EE), BN_DEF(0xFA53DDEF, 0x0ABCD06B), -+ BN_DEF(0xD5C4484E, 0x1DBF9A42), BN_DEF(0x9B0DEADA, 0xABC52197), -+ BN_DEF(0x22363A0D, 0xE86D2BC5), BN_DEF(0x9C9DF69E, 0x5CAE82AB), -+ BN_DEF(0x71F54BFF, 0x64F2E21E), BN_DEF(0xE2D74DD3, 0xF4FD4452), -+ BN_DEF(0xBC437944, 0xB4130C93), BN_DEF(0x85139270, 0xAEFE1309), -+ BN_DEF(0xC186D91C, 0x598CB0FA), BN_DEF(0x91F7F7EE, 0x7AD91D26), -+ BN_DEF(0xD6E6C907, 0x61B46FC9), BN_DEF(0xF99C0238, 0xBC34F4DE), -+ BN_DEF(0x6519035B, 0xDE355B3B), BN_DEF(0x611FCFDC, 0x886B4238), -+ BN_DEF(0xC1B2EFFA, 0xC6F34A26), BN_DEF(0x7D1683B2, 0xC58EF183), -+ BN_DEF(0x2EC22005, 0x3BB5FCBC), BN_DEF(0x4C6FAD73, 0xC3FE3B1B), -+ BN_DEF(0xEEF28183, 0x8E4F1232), BN_DEF(0xE98583FF, 0x9172FE9C), -+ BN_DEF(0x28342F61, 0xC03404CD), BN_DEF(0xCDF7E2EC, 0x9E02FCE1), -+ BN_DEF(0xEE0A6D70, 0x0B07A7C8), BN_DEF(0x6372BB19, 0xAE56EDE7), -+ BN_DEF(0xDE394DF4, 0x1D4F42A3), BN_DEF(0x60D7F468, 0xB96ADAB7), -+ BN_DEF(0xB2C8E3FB, 0xD108A94B), BN_DEF(0xB324FB61, 0xBC0AB182), -+ BN_DEF(0x483A797A, 0x30ACCA4F), BN_DEF(0x36ADE735, 0x1DF158A1), -+ BN_DEF(0xF3EFE872, 0xE2A689DA), BN_DEF(0xE0E68B77, 0x984F0C70), -+ BN_DEF(0x7F57C935, 0xB557135E), BN_DEF(0x3DED1AF3, 0x85636555), -+ BN_DEF(0x5F066ED0, 0x2433F51F), BN_DEF(0xD5FD6561, 0xD3DF1ED5), -+ BN_DEF(0xAEC4617A, 0xF681B202), BN_DEF(0x630C75D8, 0x7D2FE363), -+ BN_DEF(0x249B3EF9, 0xCC939DCE), BN_DEF(0x146433FB, 0xA9E13641), -+ BN_DEF(0xCE2D3695, 0xD8B9C583), BN_DEF(0x273D3CF1, 0xAFDC5620), -+ BN_DEF(0xA2BB4A9A, 0xADF85458), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -+}; -+/* q = (p - 1) / 2 */ -+static const BN_ULONG ffdhe4096_q[] = { -+ BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x2F32AFB5, 0xE345003F), -+ BN_DEF(0xFA20C170, 0xA6DAD428), BN_DEF(0x3FC45235, 0xC764DAAD), -+ BN_DEF(0xE764BEE7, 0x054148E6), BN_DEF(0xFCC68566, 0x15276754), -+ BN_DEF(0xB8A0001E, 0x0D0EDC9E), BN_DEF(0x99E5C5BD, 0x0494CCD1), -+ BN_DEF(0xB8D6801C, 0x36E3BC7C), BN_DEF(0x48C09862, 0x5483B005), -+ BN_DEF(0x96CF3419, 0x76B50F00), BN_DEF(0x77DA18C5, 0x389AE443), -+ BN_DEF(0xBF18E63D, 0x43FAADD2), BN_DEF(0xAA81A002, 0x3BB1E78E), -+ BN_DEF(0x6B4FB68C, 0x563EAFA1), BN_DEF(0x72C42BDB, 0xBC9874F2), -+ BN_DEF(0x8B26FA7D, 0xB737A961), BN_DEF(0xB34F0F78, 0x12F20E95), -+ BN_DEF(0x1FEACEBE, 0x9E0D9077), BN_DEF(0xFD29EEF7, 0x055E6835), -+ BN_DEF(0x6AE22427, 0x0EDFCD21), BN_DEF(0xCD86F56D, 0xD5E290CB), -+ BN_DEF(0x911B1D06, 0x743695E2), BN_DEF(0xCE4EFB4F, 0xAE574155), -+ BN_DEF(0x38FAA5FF, 0xB279710F), BN_DEF(0x716BA6E9, 0x7A7EA229), -+ BN_DEF(0xDE21BCA2, 0x5A098649), BN_DEF(0xC289C938, 0x577F0984), -+ BN_DEF(0x60C36C8E, 0x2CC6587D), BN_DEF(0x48FBFBF7, 0xBD6C8E93), -+ BN_DEF(0xEB736483, 0x30DA37E4), BN_DEF(0x7CCE011C, 0xDE1A7A6F), -+ BN_DEF(0xB28C81AD, 0x6F1AAD9D), BN_DEF(0x308FE7EE, 0x4435A11C), -+ BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1), -+ BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D), -+ BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E), -+ BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70), -+ BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3), -+ BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B), -+ BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1), -+ BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50), -+ BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638), -+ BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA), -+ BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A), -+ BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1), -+ BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20), -+ BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10), -+ BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), - }; - - static const BN_ULONG ffdhe6144_p[] = { -- 0xFFFFFFFF, 0xFFFFFFFF, 0xD0E40E65, 0xA40E329C, 0x7938DAD4, 0xA41D570D, -- 0xD43161C1, 0x62A69526, 0x9ADB1E69, 0x3FDD4A8E, 0xDC6B80D6, 0x5B3B71F9, -- 0xC6272B04, 0xEC9D1810, 0xCACEF403, 0x8CCF2DD5, 0xC95B9117, 0xE49F5235, -- 0xB854338A, 0x505DC82D, 0x1562A846, 0x62292C31, 0x6AE77F5E, 0xD72B0374, -- 0x462D538C, 0xF9C9091B, 0x47A67CBE, 0x0AE8DB58, 0x22611682, 0xB3A739C1, -- 0x2A281BF6, 0xEEAAC023, 0x77CAF992, 0x94C6651E, 0x94B2BBC1, 0x763E4E4B, -- 0x0077D9B4, 0x587E38DA, 0x183023C3, 0x7FB29F8C, 0xF9E3A26E, 0x0ABEC1FF, -- 0x350511E3, 0xA00EF092, 0xDB6340D8, 0xB855322E, 0xA9A96910, 0xA52471F7, -- 0x4CFDB477, 0x388147FB, 0x4E46041F, 0x9B1F5C3E, 0xFCCFEC71, 0xCDAD0657, -- 0x4C701C3A, 0xB38E8C33, 0xB1C0FD4C, 0x917BDD64, 0x9B7624C8, 0x3BB45432, -- 0xCAF53EA6, 0x23BA4442, 0x38532A3A, 0x4E677D2C, 0x45036C7A, 0x0BFD64B6, -- 0x5E0DD902, 0xC68A007E, 0xF44182E1, 0x4DB5A851, 0x7F88A46B, 0x8EC9B55A, -- 0xCEC97DCF, 0x0A8291CD, 0xF98D0ACC, 0x2A4ECEA9, 0x7140003C, 0x1A1DB93D, -- 0x33CB8B7A, 0x092999A3, 0x71AD0038, 0x6DC778F9, 0x918130C4, 0xA907600A, -- 0x2D9E6832, 0xED6A1E01, 0xEFB4318A, 0x7135C886, 0x7E31CC7A, 0x87F55BA5, -- 0x55034004, 0x7763CF1D, 0xD69F6D18, 0xAC7D5F42, 0xE58857B6, 0x7930E9E4, -- 0x164DF4FB, 0x6E6F52C3, 0x669E1EF1, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE, -- 0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197, -- 0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E, -- 0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309, -- 0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9, -- 0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238, -- 0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC, -- 0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C, -- 0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8, -- 0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7, -- 0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F, -- 0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70, -- 0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F, -- 0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363, -- 0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583, -- 0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF -+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xD0E40E65, 0xA40E329C), -+ BN_DEF(0x7938DAD4, 0xA41D570D), BN_DEF(0xD43161C1, 0x62A69526), -+ BN_DEF(0x9ADB1E69, 0x3FDD4A8E), BN_DEF(0xDC6B80D6, 0x5B3B71F9), -+ BN_DEF(0xC6272B04, 0xEC9D1810), BN_DEF(0xCACEF403, 0x8CCF2DD5), -+ BN_DEF(0xC95B9117, 0xE49F5235), BN_DEF(0xB854338A, 0x505DC82D), -+ BN_DEF(0x1562A846, 0x62292C31), BN_DEF(0x6AE77F5E, 0xD72B0374), -+ BN_DEF(0x462D538C, 0xF9C9091B), BN_DEF(0x47A67CBE, 0x0AE8DB58), -+ BN_DEF(0x22611682, 0xB3A739C1), BN_DEF(0x2A281BF6, 0xEEAAC023), -+ BN_DEF(0x77CAF992, 0x94C6651E), BN_DEF(0x94B2BBC1, 0x763E4E4B), -+ BN_DEF(0x0077D9B4, 0x587E38DA), BN_DEF(0x183023C3, 0x7FB29F8C), -+ BN_DEF(0xF9E3A26E, 0x0ABEC1FF), BN_DEF(0x350511E3, 0xA00EF092), -+ BN_DEF(0xDB6340D8, 0xB855322E), BN_DEF(0xA9A96910, 0xA52471F7), -+ BN_DEF(0x4CFDB477, 0x388147FB), BN_DEF(0x4E46041F, 0x9B1F5C3E), -+ BN_DEF(0xFCCFEC71, 0xCDAD0657), BN_DEF(0x4C701C3A, 0xB38E8C33), -+ BN_DEF(0xB1C0FD4C, 0x917BDD64), BN_DEF(0x9B7624C8, 0x3BB45432), -+ BN_DEF(0xCAF53EA6, 0x23BA4442), BN_DEF(0x38532A3A, 0x4E677D2C), -+ BN_DEF(0x45036C7A, 0x0BFD64B6), BN_DEF(0x5E0DD902, 0xC68A007E), -+ BN_DEF(0xF44182E1, 0x4DB5A851), BN_DEF(0x7F88A46B, 0x8EC9B55A), -+ BN_DEF(0xCEC97DCF, 0x0A8291CD), BN_DEF(0xF98D0ACC, 0x2A4ECEA9), -+ BN_DEF(0x7140003C, 0x1A1DB93D), BN_DEF(0x33CB8B7A, 0x092999A3), -+ BN_DEF(0x71AD0038, 0x6DC778F9), BN_DEF(0x918130C4, 0xA907600A), -+ BN_DEF(0x2D9E6832, 0xED6A1E01), BN_DEF(0xEFB4318A, 0x7135C886), -+ BN_DEF(0x7E31CC7A, 0x87F55BA5), BN_DEF(0x55034004, 0x7763CF1D), -+ BN_DEF(0xD69F6D18, 0xAC7D5F42), BN_DEF(0xE58857B6, 0x7930E9E4), -+ BN_DEF(0x164DF4FB, 0x6E6F52C3), BN_DEF(0x669E1EF1, 0x25E41D2B), -+ BN_DEF(0x3FD59D7C, 0x3C1B20EE), BN_DEF(0xFA53DDEF, 0x0ABCD06B), -+ BN_DEF(0xD5C4484E, 0x1DBF9A42), BN_DEF(0x9B0DEADA, 0xABC52197), -+ BN_DEF(0x22363A0D, 0xE86D2BC5), BN_DEF(0x9C9DF69E, 0x5CAE82AB), -+ BN_DEF(0x71F54BFF, 0x64F2E21E), BN_DEF(0xE2D74DD3, 0xF4FD4452), -+ BN_DEF(0xBC437944, 0xB4130C93), BN_DEF(0x85139270, 0xAEFE1309), -+ BN_DEF(0xC186D91C, 0x598CB0FA), BN_DEF(0x91F7F7EE, 0x7AD91D26), -+ BN_DEF(0xD6E6C907, 0x61B46FC9), BN_DEF(0xF99C0238, 0xBC34F4DE), -+ BN_DEF(0x6519035B, 0xDE355B3B), BN_DEF(0x611FCFDC, 0x886B4238), -+ BN_DEF(0xC1B2EFFA, 0xC6F34A26), BN_DEF(0x7D1683B2, 0xC58EF183), -+ BN_DEF(0x2EC22005, 0x3BB5FCBC), BN_DEF(0x4C6FAD73, 0xC3FE3B1B), -+ BN_DEF(0xEEF28183, 0x8E4F1232), BN_DEF(0xE98583FF, 0x9172FE9C), -+ BN_DEF(0x28342F61, 0xC03404CD), BN_DEF(0xCDF7E2EC, 0x9E02FCE1), -+ BN_DEF(0xEE0A6D70, 0x0B07A7C8), BN_DEF(0x6372BB19, 0xAE56EDE7), -+ BN_DEF(0xDE394DF4, 0x1D4F42A3), BN_DEF(0x60D7F468, 0xB96ADAB7), -+ BN_DEF(0xB2C8E3FB, 0xD108A94B), BN_DEF(0xB324FB61, 0xBC0AB182), -+ BN_DEF(0x483A797A, 0x30ACCA4F), BN_DEF(0x36ADE735, 0x1DF158A1), -+ BN_DEF(0xF3EFE872, 0xE2A689DA), BN_DEF(0xE0E68B77, 0x984F0C70), -+ BN_DEF(0x7F57C935, 0xB557135E), BN_DEF(0x3DED1AF3, 0x85636555), -+ BN_DEF(0x5F066ED0, 0x2433F51F), BN_DEF(0xD5FD6561, 0xD3DF1ED5), -+ BN_DEF(0xAEC4617A, 0xF681B202), BN_DEF(0x630C75D8, 0x7D2FE363), -+ BN_DEF(0x249B3EF9, 0xCC939DCE), BN_DEF(0x146433FB, 0xA9E13641), -+ BN_DEF(0xCE2D3695, 0xD8B9C583), BN_DEF(0x273D3CF1, 0xAFDC5620), -+ BN_DEF(0xA2BB4A9A, 0xADF85458), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -+}; -+/* q = (p - 1) / 2 */ -+static const BN_ULONG ffdhe6144_q[] = { -+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x68720732, 0x5207194E), -+ BN_DEF(0xBC9C6D6A, 0xD20EAB86), BN_DEF(0x6A18B0E0, 0xB1534A93), -+ BN_DEF(0x4D6D8F34, 0x1FEEA547), BN_DEF(0xEE35C06B, 0x2D9DB8FC), -+ BN_DEF(0x63139582, 0xF64E8C08), BN_DEF(0xE5677A01, 0xC66796EA), -+ BN_DEF(0xE4ADC88B, 0x724FA91A), BN_DEF(0xDC2A19C5, 0x282EE416), -+ BN_DEF(0x8AB15423, 0x31149618), BN_DEF(0x3573BFAF, 0x6B9581BA), -+ BN_DEF(0xA316A9C6, 0x7CE4848D), BN_DEF(0x23D33E5F, 0x05746DAC), -+ BN_DEF(0x91308B41, 0x59D39CE0), BN_DEF(0x95140DFB, 0x77556011), -+ BN_DEF(0x3BE57CC9, 0xCA63328F), BN_DEF(0xCA595DE0, 0x3B1F2725), -+ BN_DEF(0x003BECDA, 0xAC3F1C6D), BN_DEF(0x0C1811E1, 0x3FD94FC6), -+ BN_DEF(0xFCF1D137, 0x855F60FF), BN_DEF(0x1A8288F1, 0x50077849), -+ BN_DEF(0x6DB1A06C, 0x5C2A9917), BN_DEF(0xD4D4B488, 0xD29238FB), -+ BN_DEF(0xA67EDA3B, 0x9C40A3FD), BN_DEF(0x2723020F, 0xCD8FAE1F), -+ BN_DEF(0xFE67F638, 0x66D6832B), BN_DEF(0xA6380E1D, 0x59C74619), -+ BN_DEF(0x58E07EA6, 0x48BDEEB2), BN_DEF(0x4DBB1264, 0x1DDA2A19), -+ BN_DEF(0x657A9F53, 0x11DD2221), BN_DEF(0x1C29951D, 0x2733BE96), -+ BN_DEF(0x2281B63D, 0x05FEB25B), BN_DEF(0x2F06EC81, 0xE345003F), -+ BN_DEF(0xFA20C170, 0xA6DAD428), BN_DEF(0x3FC45235, 0xC764DAAD), -+ BN_DEF(0xE764BEE7, 0x054148E6), BN_DEF(0xFCC68566, 0x15276754), -+ BN_DEF(0xB8A0001E, 0x0D0EDC9E), BN_DEF(0x99E5C5BD, 0x0494CCD1), -+ BN_DEF(0xB8D6801C, 0x36E3BC7C), BN_DEF(0x48C09862, 0x5483B005), -+ BN_DEF(0x96CF3419, 0x76B50F00), BN_DEF(0x77DA18C5, 0x389AE443), -+ BN_DEF(0xBF18E63D, 0x43FAADD2), BN_DEF(0xAA81A002, 0x3BB1E78E), -+ BN_DEF(0x6B4FB68C, 0x563EAFA1), BN_DEF(0x72C42BDB, 0xBC9874F2), -+ BN_DEF(0x8B26FA7D, 0xB737A961), BN_DEF(0xB34F0F78, 0x12F20E95), -+ BN_DEF(0x1FEACEBE, 0x9E0D9077), BN_DEF(0xFD29EEF7, 0x055E6835), -+ BN_DEF(0x6AE22427, 0x0EDFCD21), BN_DEF(0xCD86F56D, 0xD5E290CB), -+ BN_DEF(0x911B1D06, 0x743695E2), BN_DEF(0xCE4EFB4F, 0xAE574155), -+ BN_DEF(0x38FAA5FF, 0xB279710F), BN_DEF(0x716BA6E9, 0x7A7EA229), -+ BN_DEF(0xDE21BCA2, 0x5A098649), BN_DEF(0xC289C938, 0x577F0984), -+ BN_DEF(0x60C36C8E, 0x2CC6587D), BN_DEF(0x48FBFBF7, 0xBD6C8E93), -+ BN_DEF(0xEB736483, 0x30DA37E4), BN_DEF(0x7CCE011C, 0xDE1A7A6F), -+ BN_DEF(0xB28C81AD, 0x6F1AAD9D), BN_DEF(0x308FE7EE, 0x4435A11C), -+ BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1), -+ BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D), -+ BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E), -+ BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70), -+ BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3), -+ BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B), -+ BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1), -+ BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50), -+ BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638), -+ BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA), -+ BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A), -+ BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1), -+ BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20), -+ BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10), -+ BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), - }; - - static const BN_ULONG ffdhe8192_p[] = { -- 0xFFFFFFFF, 0xFFFFFFFF, 0xC5C6424C, 0xD68C8BB7, 0x838FF88C, 0x011E2A94, -- 0xA9F4614E, 0x0822E506, 0xF7A8443D, 0x97D11D49, 0x30677F0D, 0xA6BBFDE5, -- 0xC1FE86FE, 0x2F741EF8, 0x5D71A87E, 0xFAFABE1C, 0xFBE58A30, 0xDED2FBAB, -- 0x72B0A66E, 0xB6855DFE, 0xBA8A4FE8, 0x1EFC8CE0, 0x3F2FA457, 0x83F81D4A, -- 0xA577E231, 0xA1FE3075, 0x88D9C0A0, 0xD5B80194, 0xAD9A95F9, 0x624816CD, -- 0x50C1217B, 0x99E9E316, 0x0E423CFC, 0x51AA691E, 0x3826E52C, 0x1C217E6C, -- 0x09703FEE, 0x51A8A931, 0x6A460E74, 0xBB709987, 0x9C86B022, 0x541FC68C, -- 0x46FD8251, 0x59160CC0, 0x35C35F5C, 0x2846C0BA, 0x8B758282, 0x54504AC7, -- 0xD2AF05E4, 0x29388839, 0xC01BD702, 0xCB2C0F1C, 0x7C932665, 0x555B2F74, -- 0xA3AB8829, 0x86B63142, 0xF64B10EF, 0x0B8CC3BD, 0xEDD1CC5E, 0x687FEB69, -- 0xC9509D43, 0xFDB23FCE, 0xD951AE64, 0x1E425A31, 0xF600C838, 0x36AD004C, -- 0xCFF46AAA, 0xA40E329C, 0x7938DAD4, 0xA41D570D, 0xD43161C1, 0x62A69526, -- 0x9ADB1E69, 0x3FDD4A8E, 0xDC6B80D6, 0x5B3B71F9, 0xC6272B04, 0xEC9D1810, -- 0xCACEF403, 0x8CCF2DD5, 0xC95B9117, 0xE49F5235, 0xB854338A, 0x505DC82D, -- 0x1562A846, 0x62292C31, 0x6AE77F5E, 0xD72B0374, 0x462D538C, 0xF9C9091B, -- 0x47A67CBE, 0x0AE8DB58, 0x22611682, 0xB3A739C1, 0x2A281BF6, 0xEEAAC023, -- 0x77CAF992, 0x94C6651E, 0x94B2BBC1, 0x763E4E4B, 0x0077D9B4, 0x587E38DA, -- 0x183023C3, 0x7FB29F8C, 0xF9E3A26E, 0x0ABEC1FF, 0x350511E3, 0xA00EF092, -- 0xDB6340D8, 0xB855322E, 0xA9A96910, 0xA52471F7, 0x4CFDB477, 0x388147FB, -- 0x4E46041F, 0x9B1F5C3E, 0xFCCFEC71, 0xCDAD0657, 0x4C701C3A, 0xB38E8C33, -- 0xB1C0FD4C, 0x917BDD64, 0x9B7624C8, 0x3BB45432, 0xCAF53EA6, 0x23BA4442, -- 0x38532A3A, 0x4E677D2C, 0x45036C7A, 0x0BFD64B6, 0x5E0DD902, 0xC68A007E, -- 0xF44182E1, 0x4DB5A851, 0x7F88A46B, 0x8EC9B55A, 0xCEC97DCF, 0x0A8291CD, -- 0xF98D0ACC, 0x2A4ECEA9, 0x7140003C, 0x1A1DB93D, 0x33CB8B7A, 0x092999A3, -- 0x71AD0038, 0x6DC778F9, 0x918130C4, 0xA907600A, 0x2D9E6832, 0xED6A1E01, -- 0xEFB4318A, 0x7135C886, 0x7E31CC7A, 0x87F55BA5, 0x55034004, 0x7763CF1D, -- 0xD69F6D18, 0xAC7D5F42, 0xE58857B6, 0x7930E9E4, 0x164DF4FB, 0x6E6F52C3, -- 0x669E1EF1, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE, 0xFA53DDEF, 0x0ABCD06B, -- 0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197, 0x22363A0D, 0xE86D2BC5, -- 0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E, 0xE2D74DD3, 0xF4FD4452, -- 0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309, 0xC186D91C, 0x598CB0FA, -- 0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9, 0xF99C0238, 0xBC34F4DE, -- 0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26, -- 0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B, -- 0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD, -- 0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7, -- 0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B, -- 0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1, -- 0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E, -- 0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5, -- 0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE, -- 0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620, -- 0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF -+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xC5C6424C, 0xD68C8BB7), -+ BN_DEF(0x838FF88C, 0x011E2A94), BN_DEF(0xA9F4614E, 0x0822E506), -+ BN_DEF(0xF7A8443D, 0x97D11D49), BN_DEF(0x30677F0D, 0xA6BBFDE5), -+ BN_DEF(0xC1FE86FE, 0x2F741EF8), BN_DEF(0x5D71A87E, 0xFAFABE1C), -+ BN_DEF(0xFBE58A30, 0xDED2FBAB), BN_DEF(0x72B0A66E, 0xB6855DFE), -+ BN_DEF(0xBA8A4FE8, 0x1EFC8CE0), BN_DEF(0x3F2FA457, 0x83F81D4A), -+ BN_DEF(0xA577E231, 0xA1FE3075), BN_DEF(0x88D9C0A0, 0xD5B80194), -+ BN_DEF(0xAD9A95F9, 0x624816CD), BN_DEF(0x50C1217B, 0x99E9E316), -+ BN_DEF(0x0E423CFC, 0x51AA691E), BN_DEF(0x3826E52C, 0x1C217E6C), -+ BN_DEF(0x09703FEE, 0x51A8A931), BN_DEF(0x6A460E74, 0xBB709987), -+ BN_DEF(0x9C86B022, 0x541FC68C), BN_DEF(0x46FD8251, 0x59160CC0), -+ BN_DEF(0x35C35F5C, 0x2846C0BA), BN_DEF(0x8B758282, 0x54504AC7), -+ BN_DEF(0xD2AF05E4, 0x29388839), BN_DEF(0xC01BD702, 0xCB2C0F1C), -+ BN_DEF(0x7C932665, 0x555B2F74), BN_DEF(0xA3AB8829, 0x86B63142), -+ BN_DEF(0xF64B10EF, 0x0B8CC3BD), BN_DEF(0xEDD1CC5E, 0x687FEB69), -+ BN_DEF(0xC9509D43, 0xFDB23FCE), BN_DEF(0xD951AE64, 0x1E425A31), -+ BN_DEF(0xF600C838, 0x36AD004C), BN_DEF(0xCFF46AAA, 0xA40E329C), -+ BN_DEF(0x7938DAD4, 0xA41D570D), BN_DEF(0xD43161C1, 0x62A69526), -+ BN_DEF(0x9ADB1E69, 0x3FDD4A8E), BN_DEF(0xDC6B80D6, 0x5B3B71F9), -+ BN_DEF(0xC6272B04, 0xEC9D1810), BN_DEF(0xCACEF403, 0x8CCF2DD5), -+ BN_DEF(0xC95B9117, 0xE49F5235), BN_DEF(0xB854338A, 0x505DC82D), -+ BN_DEF(0x1562A846, 0x62292C31), BN_DEF(0x6AE77F5E, 0xD72B0374), -+ BN_DEF(0x462D538C, 0xF9C9091B), BN_DEF(0x47A67CBE, 0x0AE8DB58), -+ BN_DEF(0x22611682, 0xB3A739C1), BN_DEF(0x2A281BF6, 0xEEAAC023), -+ BN_DEF(0x77CAF992, 0x94C6651E), BN_DEF(0x94B2BBC1, 0x763E4E4B), -+ BN_DEF(0x0077D9B4, 0x587E38DA), BN_DEF(0x183023C3, 0x7FB29F8C), -+ BN_DEF(0xF9E3A26E, 0x0ABEC1FF), BN_DEF(0x350511E3, 0xA00EF092), -+ BN_DEF(0xDB6340D8, 0xB855322E), BN_DEF(0xA9A96910, 0xA52471F7), -+ BN_DEF(0x4CFDB477, 0x388147FB), BN_DEF(0x4E46041F, 0x9B1F5C3E), -+ BN_DEF(0xFCCFEC71, 0xCDAD0657), BN_DEF(0x4C701C3A, 0xB38E8C33), -+ BN_DEF(0xB1C0FD4C, 0x917BDD64), BN_DEF(0x9B7624C8, 0x3BB45432), -+ BN_DEF(0xCAF53EA6, 0x23BA4442), BN_DEF(0x38532A3A, 0x4E677D2C), -+ BN_DEF(0x45036C7A, 0x0BFD64B6), BN_DEF(0x5E0DD902, 0xC68A007E), -+ BN_DEF(0xF44182E1, 0x4DB5A851), BN_DEF(0x7F88A46B, 0x8EC9B55A), -+ BN_DEF(0xCEC97DCF, 0x0A8291CD), BN_DEF(0xF98D0ACC, 0x2A4ECEA9), -+ BN_DEF(0x7140003C, 0x1A1DB93D), BN_DEF(0x33CB8B7A, 0x092999A3), -+ BN_DEF(0x71AD0038, 0x6DC778F9), BN_DEF(0x918130C4, 0xA907600A), -+ BN_DEF(0x2D9E6832, 0xED6A1E01), BN_DEF(0xEFB4318A, 0x7135C886), -+ BN_DEF(0x7E31CC7A, 0x87F55BA5), BN_DEF(0x55034004, 0x7763CF1D), -+ BN_DEF(0xD69F6D18, 0xAC7D5F42), BN_DEF(0xE58857B6, 0x7930E9E4), -+ BN_DEF(0x164DF4FB, 0x6E6F52C3), BN_DEF(0x669E1EF1, 0x25E41D2B), -+ BN_DEF(0x3FD59D7C, 0x3C1B20EE), BN_DEF(0xFA53DDEF, 0x0ABCD06B), -+ BN_DEF(0xD5C4484E, 0x1DBF9A42), BN_DEF(0x9B0DEADA, 0xABC52197), -+ BN_DEF(0x22363A0D, 0xE86D2BC5), BN_DEF(0x9C9DF69E, 0x5CAE82AB), -+ BN_DEF(0x71F54BFF, 0x64F2E21E), BN_DEF(0xE2D74DD3, 0xF4FD4452), -+ BN_DEF(0xBC437944, 0xB4130C93), BN_DEF(0x85139270, 0xAEFE1309), -+ BN_DEF(0xC186D91C, 0x598CB0FA), BN_DEF(0x91F7F7EE, 0x7AD91D26), -+ BN_DEF(0xD6E6C907, 0x61B46FC9), BN_DEF(0xF99C0238, 0xBC34F4DE), -+ BN_DEF(0x6519035B, 0xDE355B3B), BN_DEF(0x611FCFDC, 0x886B4238), -+ BN_DEF(0xC1B2EFFA, 0xC6F34A26), BN_DEF(0x7D1683B2, 0xC58EF183), -+ BN_DEF(0x2EC22005, 0x3BB5FCBC), BN_DEF(0x4C6FAD73, 0xC3FE3B1B), -+ BN_DEF(0xEEF28183, 0x8E4F1232), BN_DEF(0xE98583FF, 0x9172FE9C), -+ BN_DEF(0x28342F61, 0xC03404CD), BN_DEF(0xCDF7E2EC, 0x9E02FCE1), -+ BN_DEF(0xEE0A6D70, 0x0B07A7C8), BN_DEF(0x6372BB19, 0xAE56EDE7), -+ BN_DEF(0xDE394DF4, 0x1D4F42A3), BN_DEF(0x60D7F468, 0xB96ADAB7), -+ BN_DEF(0xB2C8E3FB, 0xD108A94B), BN_DEF(0xB324FB61, 0xBC0AB182), -+ BN_DEF(0x483A797A, 0x30ACCA4F), BN_DEF(0x36ADE735, 0x1DF158A1), -+ BN_DEF(0xF3EFE872, 0xE2A689DA), BN_DEF(0xE0E68B77, 0x984F0C70), -+ BN_DEF(0x7F57C935, 0xB557135E), BN_DEF(0x3DED1AF3, 0x85636555), -+ BN_DEF(0x5F066ED0, 0x2433F51F), BN_DEF(0xD5FD6561, 0xD3DF1ED5), -+ BN_DEF(0xAEC4617A, 0xF681B202), BN_DEF(0x630C75D8, 0x7D2FE363), -+ BN_DEF(0x249B3EF9, 0xCC939DCE), BN_DEF(0x146433FB, 0xA9E13641), -+ BN_DEF(0xCE2D3695, 0xD8B9C583), BN_DEF(0x273D3CF1, 0xAFDC5620), -+ BN_DEF(0xA2BB4A9A, 0xADF85458), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -+}; -+/* q = (p - 1) / 2 */ -+static const BN_ULONG ffdhe8192_q[] = { -+ BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0xE2E32126, 0x6B4645DB), -+ BN_DEF(0x41C7FC46, 0x008F154A), BN_DEF(0x54FA30A7, 0x84117283), -+ BN_DEF(0xFBD4221E, 0xCBE88EA4), BN_DEF(0x9833BF86, 0x535DFEF2), -+ BN_DEF(0x60FF437F, 0x17BA0F7C), BN_DEF(0x2EB8D43F, 0x7D7D5F0E), -+ BN_DEF(0xFDF2C518, 0x6F697DD5), BN_DEF(0x39585337, 0x5B42AEFF), -+ BN_DEF(0x5D4527F4, 0x8F7E4670), BN_DEF(0x1F97D22B, 0xC1FC0EA5), -+ BN_DEF(0xD2BBF118, 0x50FF183A), BN_DEF(0x446CE050, 0xEADC00CA), -+ BN_DEF(0xD6CD4AFC, 0xB1240B66), BN_DEF(0x286090BD, 0x4CF4F18B), -+ BN_DEF(0x07211E7E, 0x28D5348F), BN_DEF(0x1C137296, 0x0E10BF36), -+ BN_DEF(0x84B81FF7, 0x28D45498), BN_DEF(0xB523073A, 0x5DB84CC3), -+ BN_DEF(0x4E435811, 0xAA0FE346), BN_DEF(0x237EC128, 0x2C8B0660), -+ BN_DEF(0x1AE1AFAE, 0x1423605D), BN_DEF(0xC5BAC141, 0x2A282563), -+ BN_DEF(0xE95782F2, 0x149C441C), BN_DEF(0x600DEB81, 0xE596078E), -+ BN_DEF(0x3E499332, 0xAAAD97BA), BN_DEF(0x51D5C414, 0xC35B18A1), -+ BN_DEF(0xFB258877, 0x05C661DE), BN_DEF(0xF6E8E62F, 0xB43FF5B4), -+ BN_DEF(0x64A84EA1, 0x7ED91FE7), BN_DEF(0xECA8D732, 0x0F212D18), -+ BN_DEF(0x7B00641C, 0x1B568026), BN_DEF(0x67FA3555, 0x5207194E), -+ BN_DEF(0xBC9C6D6A, 0xD20EAB86), BN_DEF(0x6A18B0E0, 0xB1534A93), -+ BN_DEF(0x4D6D8F34, 0x1FEEA547), BN_DEF(0xEE35C06B, 0x2D9DB8FC), -+ BN_DEF(0x63139582, 0xF64E8C08), BN_DEF(0xE5677A01, 0xC66796EA), -+ BN_DEF(0xE4ADC88B, 0x724FA91A), BN_DEF(0xDC2A19C5, 0x282EE416), -+ BN_DEF(0x8AB15423, 0x31149618), BN_DEF(0x3573BFAF, 0x6B9581BA), -+ BN_DEF(0xA316A9C6, 0x7CE4848D), BN_DEF(0x23D33E5F, 0x05746DAC), -+ BN_DEF(0x91308B41, 0x59D39CE0), BN_DEF(0x95140DFB, 0x77556011), -+ BN_DEF(0x3BE57CC9, 0xCA63328F), BN_DEF(0xCA595DE0, 0x3B1F2725), -+ BN_DEF(0x003BECDA, 0xAC3F1C6D), BN_DEF(0x0C1811E1, 0x3FD94FC6), -+ BN_DEF(0xFCF1D137, 0x855F60FF), BN_DEF(0x1A8288F1, 0x50077849), -+ BN_DEF(0x6DB1A06C, 0x5C2A9917), BN_DEF(0xD4D4B488, 0xD29238FB), -+ BN_DEF(0xA67EDA3B, 0x9C40A3FD), BN_DEF(0x2723020F, 0xCD8FAE1F), -+ BN_DEF(0xFE67F638, 0x66D6832B), BN_DEF(0xA6380E1D, 0x59C74619), -+ BN_DEF(0x58E07EA6, 0x48BDEEB2), BN_DEF(0x4DBB1264, 0x1DDA2A19), -+ BN_DEF(0x657A9F53, 0x11DD2221), BN_DEF(0x1C29951D, 0x2733BE96), -+ BN_DEF(0x2281B63D, 0x05FEB25B), BN_DEF(0x2F06EC81, 0xE345003F), -+ BN_DEF(0xFA20C170, 0xA6DAD428), BN_DEF(0x3FC45235, 0xC764DAAD), -+ BN_DEF(0xE764BEE7, 0x054148E6), BN_DEF(0xFCC68566, 0x15276754), -+ BN_DEF(0xB8A0001E, 0x0D0EDC9E), BN_DEF(0x99E5C5BD, 0x0494CCD1), -+ BN_DEF(0xB8D6801C, 0x36E3BC7C), BN_DEF(0x48C09862, 0x5483B005), -+ BN_DEF(0x96CF3419, 0x76B50F00), BN_DEF(0x77DA18C5, 0x389AE443), -+ BN_DEF(0xBF18E63D, 0x43FAADD2), BN_DEF(0xAA81A002, 0x3BB1E78E), -+ BN_DEF(0x6B4FB68C, 0x563EAFA1), BN_DEF(0x72C42BDB, 0xBC9874F2), -+ BN_DEF(0x8B26FA7D, 0xB737A961), BN_DEF(0xB34F0F78, 0x12F20E95), -+ BN_DEF(0x1FEACEBE, 0x9E0D9077), BN_DEF(0xFD29EEF7, 0x055E6835), -+ BN_DEF(0x6AE22427, 0x0EDFCD21), BN_DEF(0xCD86F56D, 0xD5E290CB), -+ BN_DEF(0x911B1D06, 0x743695E2), BN_DEF(0xCE4EFB4F, 0xAE574155), -+ BN_DEF(0x38FAA5FF, 0xB279710F), BN_DEF(0x716BA6E9, 0x7A7EA229), -+ BN_DEF(0xDE21BCA2, 0x5A098649), BN_DEF(0xC289C938, 0x577F0984), -+ BN_DEF(0x60C36C8E, 0x2CC6587D), BN_DEF(0x48FBFBF7, 0xBD6C8E93), -+ BN_DEF(0xEB736483, 0x30DA37E4), BN_DEF(0x7CCE011C, 0xDE1A7A6F), -+ BN_DEF(0xB28C81AD, 0x6F1AAD9D), BN_DEF(0x308FE7EE, 0x4435A11C), -+ BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1), -+ BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D), -+ BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E), -+ BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70), -+ BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3), -+ BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B), -+ BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1), -+ BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50), -+ BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638), -+ BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA), -+ BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A), -+ BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1), -+ BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20), -+ BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10), -+ BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), - }; - --# else --# error "unsupported BN_BITS2" --# endif -- - /* Macro to make a BIGNUM from static data */ - - # define make_dh_bn(x) extern const BIGNUM _bignum_##x; \ -@@ -489,24 +1010,42 @@ static const BN_ULONG ffdhe8192_p[] = { - - static const BN_ULONG value_2 = 2; - --const BIGNUM _bignum_const_2 = -- { (BN_ULONG *)&value_2, 1, 1, 0, BN_FLG_STATIC_DATA }; -+const BIGNUM _bignum_const_2 = { -+ (BN_ULONG *)&value_2, 1, 1, 0, BN_FLG_STATIC_DATA -+}; - - make_dh_bn(dh1024_160_p) --make_dh_bn(dh1024_160_g) - make_dh_bn(dh1024_160_q) -+make_dh_bn(dh1024_160_g) - make_dh_bn(dh2048_224_p) --make_dh_bn(dh2048_224_g) - make_dh_bn(dh2048_224_q) -+make_dh_bn(dh2048_224_g) - make_dh_bn(dh2048_256_p) --make_dh_bn(dh2048_256_g) - make_dh_bn(dh2048_256_q) -+make_dh_bn(dh2048_256_g) - - make_dh_bn(ffdhe2048_p) -+make_dh_bn(ffdhe2048_q) - make_dh_bn(ffdhe3072_p) -+make_dh_bn(ffdhe3072_q) - make_dh_bn(ffdhe4096_p) -+make_dh_bn(ffdhe4096_q) - make_dh_bn(ffdhe6144_p) -+make_dh_bn(ffdhe6144_q) - make_dh_bn(ffdhe8192_p) -+make_dh_bn(ffdhe8192_q) - -+make_dh_bn(modp_1536_p) -+make_dh_bn(modp_1536_q) -+make_dh_bn(modp_2048_p) -+make_dh_bn(modp_2048_q) -+make_dh_bn(modp_3072_p) -+make_dh_bn(modp_3072_q) -+make_dh_bn(modp_4096_p) -+make_dh_bn(modp_4096_q) -+make_dh_bn(modp_6144_p) -+make_dh_bn(modp_6144_q) -+make_dh_bn(modp_8192_p) -+make_dh_bn(modp_8192_q) - --#endif -+#endif /* OPENSSL_NO_DH */ -diff -up openssl-1.1.1j/crypto/dh/dh_check.c.fips-dh openssl-1.1.1j/crypto/dh/dh_check.c ---- openssl-1.1.1j/crypto/dh/dh_check.c.fips-dh 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/dh/dh_check.c 2021-03-03 14:23:27.404092427 +0100 -@@ -10,6 +10,7 @@ - #include - #include "internal/cryptlib.h" - #include -+#include - #include "dh_local.h" - - # define DH_NUMBER_ITERATIONS_FOR_PRIME 64 -@@ -41,6 +42,12 @@ int DH_check_params(const DH *dh, int *r - BIGNUM *tmp = NULL; - BN_CTX *ctx = NULL; - -+ if (FIPS_mode()) { -+ int nid = dh->nid == NID_undef ? DH_get_nid(dh) : dh->nid; -+ -+ return nid != NID_undef; -+ } -+ - *ret = 0; - ctx = BN_CTX_new(); - if (ctx == NULL) -@@ -95,6 +102,7 @@ int DH_check_ex(const DH *dh) - return errflags == 0; - } - -+/* Note: according to documentation - this only checks the params */ - int DH_check(const DH *dh, int *ret) - { - int ok = 0, r; -@@ -104,6 +112,9 @@ int DH_check(const DH *dh, int *ret) - if (!DH_check_params(dh, ret)) - return 0; - -+ if (FIPS_mode()) /* we allow only well-known params */ -+ return 1; -+ - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; -@@ -177,7 +188,7 @@ int DH_check_pub_key_ex(const DH *dh, co - return errflags == 0; - } - --int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) -+static int dh_check_pub_key_int(const DH *dh, const BIGNUM *q, const BIGNUM *pub_key, int *ret) - { - int ok = 0; - BIGNUM *tmp = NULL; -@@ -198,9 +209,9 @@ int DH_check_pub_key(const DH *dh, const - if (BN_cmp(pub_key, tmp) >= 0) - *ret |= DH_CHECK_PUBKEY_TOO_LARGE; - -- if (dh->q != NULL) { -+ if (q != NULL) { - /* Check pub_key^q == 1 mod p */ -- if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx)) -+ if (!BN_mod_exp(tmp, pub_key, q, dh->p, ctx)) - goto err; - if (!BN_is_one(tmp)) - *ret |= DH_CHECK_PUBKEY_INVALID; -@@ -212,3 +223,23 @@ int DH_check_pub_key(const DH *dh, const - BN_CTX_free(ctx); - return ok; - } -+ -+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) -+{ -+ return dh_check_pub_key_int(dh, dh->q, pub_key, ret); -+} -+ -+int dh_check_pub_key_full(const DH *dh, const BIGNUM *pub_key, int *ret) -+{ -+ BIGNUM *q = dh->q; -+ -+ if (q == NULL) { -+ if (dh_get_known_q(dh, &q) == 0) { -+ *ret |= DH_CHECK_INVALID_Q_VALUE; -+ return 0; -+ } -+ } -+ -+ return dh_check_pub_key_int(dh, q, pub_key, ret); -+} -+ -diff -up openssl-1.1.1j/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1j/crypto/dh/dh_gen.c ---- openssl-1.1.1j/crypto/dh/dh_gen.c.fips-dh 2021-03-03 14:23:27.338091859 +0100 -+++ openssl-1.1.1j/crypto/dh/dh_gen.c 2021-03-03 14:23:27.404092427 +0100 -@@ -27,8 +27,7 @@ int DH_generate_parameters_ex(DH *ret, i - BN_GENCB *cb) - { - #ifdef OPENSSL_FIPS -- if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD) -- && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW)) { -+ if (FIPS_mode()) { - DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD); - return 0; - } -@@ -75,18 +74,6 @@ static int dh_builtin_genparams(DH *ret, - int g, ok = -1; - BN_CTX *ctx = NULL; - --#ifdef OPENSSL_FIPS -- if (FIPS_selftest_failed()) { -- FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS, FIPS_R_FIPS_SELFTEST_FAILED); -- return 0; -- } -- -- if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN)) { -- DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); -- goto err; -- } --#endif -- - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; -diff -up openssl-1.1.1j/crypto/dh/dh_key.c.fips-dh openssl-1.1.1j/crypto/dh/dh_key.c ---- openssl-1.1.1j/crypto/dh/dh_key.c.fips-dh 2021-03-03 14:23:27.338091859 +0100 -+++ openssl-1.1.1j/crypto/dh/dh_key.c 2021-03-03 14:51:36.235296236 +0100 -@@ -120,10 +120,18 @@ static int generate_key(DH *dh) - BIGNUM *pub_key = NULL, *priv_key = NULL; - - #ifdef OPENSSL_FIPS -- if (FIPS_mode() -- && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) { -- DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL); -- return 0; -+ if (FIPS_mode()) { -+ if (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS) { -+ DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL); -+ return 0; -+ } -+ if (dh->nid == NID_undef) -+ dh_cache_nid(dh); -+ if (dh->nid == NID_undef || dh->length > BN_num_bits(dh->p) - 2 -+ || dh->length < 224) { -+ DHerr(DH_F_GENERATE_KEY, DH_R_NON_FIPS_METHOD); -+ return 0; -+ } - } - #endif - -@@ -159,7 +167,15 @@ static int generate_key(DH *dh) - } - - if (generate_new_key) { -- if (dh->q) { -+ if (FIPS_mode()) { -+ do { -+ if (!BN_priv_rand(priv_key, dh->length, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) -+ goto err; -+ if (!BN_add_word(priv_key, 1)) -+ goto err; -+ } -+ while (BN_num_bits(priv_key) > dh->length); -+ } else if (dh->q) { - do { - if (!BN_priv_rand_range(priv_key, dh->q)) - goto err; -@@ -195,6 +211,15 @@ static int generate_key(DH *dh) - } - /* We MUST free prk before any further use of priv_key */ - BN_clear_free(prk); -+ -+ if (FIPS_mode()) { -+ int check_result; -+ -+ if (!dh_check_pub_key_full(dh, pub_key, &check_result) || check_result) { -+ DHerr(DH_F_GENERATE_KEY, DH_R_INVALID_PUBKEY); -+ goto err; -+ } -+ } - } - - dh->pub_key = pub_key; -@@ -217,6 +242,7 @@ static int compute_key(unsigned char *ke - BN_CTX *ctx = NULL; - BN_MONT_CTX *mont = NULL; - BIGNUM *tmp; -+ BIGNUM *p1; - int ret = -1; - int check_result; - -@@ -263,6 +289,18 @@ static int compute_key(unsigned char *ke - DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB); - goto err; - } -+ -+ if (BN_is_zero(tmp) || BN_is_one(tmp) || BN_is_negative(tmp)) { -+ DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } -+ -+ if ((p1 = BN_CTX_get(ctx)) == NULL -+ || !BN_sub(p1, dh->p, BN_value_one()) -+ || BN_cmp(p1, tmp) <= 0) { -+ DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB); -+ goto err; -+ } - - ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p)); - err: -diff -up openssl-1.1.1j/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1j/crypto/dh/dh_lib.c ---- openssl-1.1.1j/crypto/dh/dh_lib.c.fips-dh 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/dh/dh_lib.c 2021-03-03 14:23:27.405092436 +0100 -@@ -8,6 +8,7 @@ - */ - - #include -+#include - #include "internal/cryptlib.h" - #include "internal/refcount.h" - #include -@@ -86,6 +87,8 @@ DH *DH_new_method(ENGINE *engine) - goto err; - } - -+ ret->nid = NID_undef; -+ - return ret; - - err: -@@ -205,7 +208,10 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNU - dh->g = g; - } - -- if (q != NULL) { -+ dh->nid = NID_undef; -+ dh_cache_nid(dh); -+ -+ if (q != NULL && dh->nid == NID_undef) { - dh->length = BN_num_bits(q); - } - -diff -up openssl-1.1.1j/crypto/dh/dh_local.h.fips-dh openssl-1.1.1j/crypto/dh/dh_local.h ---- openssl-1.1.1j/crypto/dh/dh_local.h.fips-dh 2021-03-03 14:23:27.202090689 +0100 -+++ openssl-1.1.1j/crypto/dh/dh_local.h 2021-03-03 14:23:27.405092436 +0100 -@@ -35,6 +35,7 @@ struct dh_st { - const DH_METHOD *meth; - ENGINE *engine; - CRYPTO_RWLOCK *lock; -+ int nid; - }; - - struct dh_method { -@@ -55,3 +56,10 @@ struct dh_method { - int (*generate_params) (DH *dh, int prime_len, int generator, - BN_GENCB *cb); - }; -+ -+void dh_cache_nid(DH *dh); -+/* Obtain known q value based on nid or p */ -+int dh_get_known_q(const DH *dh, BIGNUM **q); -+/* FIPS mode only check which requires nid set and looks up q based on it. */ -+int dh_check_pub_key_full(const DH *dh, const BIGNUM *pub_key, int *ret); -+ -diff -up openssl-1.1.1j/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1j/crypto/dh/dh_rfc7919.c ---- openssl-1.1.1j/crypto/dh/dh_rfc7919.c.fips-dh 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/dh/dh_rfc7919.c 2021-03-03 14:23:27.405092436 +0100 -@@ -7,6 +7,8 @@ - * https://www.openssl.org/source/license.html - */ - -+/* DH parameters from RFC7919 and RFC3526 */ -+ - #include - #include "internal/cryptlib.h" - #include "dh_local.h" -@@ -14,14 +16,19 @@ - #include - #include "crypto/bn_dh.h" - --static DH *dh_param_init(const BIGNUM *p, int32_t nbits) -+static DH *dh_param_init(int nid, const BIGNUM *p, const BIGNUM *q, int32_t nbits) - { - DH *dh = DH_new(); - if (dh == NULL) - return NULL; - dh->p = (BIGNUM *)p; -+ /* -+ * We do not set q as it would enable the inefficient and -+ * unnecessary pubkey modular exponentiation check. -+ */ - dh->g = (BIGNUM *)&_bignum_const_2; - dh->length = nbits; -+ dh->nid = nid; - return dh; - } - -@@ -29,46 +36,121 @@ DH *DH_new_by_nid(int nid) - { - switch (nid) { - case NID_ffdhe2048: -- return dh_param_init(&_bignum_ffdhe2048_p, 225); -+ return dh_param_init(nid, &_bignum_ffdhe2048_p, &_bignum_ffdhe2048_q, 225); - case NID_ffdhe3072: -- return dh_param_init(&_bignum_ffdhe3072_p, 275); -+ return dh_param_init(nid, &_bignum_ffdhe3072_p, &_bignum_ffdhe3072_q, 275); - case NID_ffdhe4096: -- return dh_param_init(&_bignum_ffdhe4096_p, 325); -+ return dh_param_init(nid, &_bignum_ffdhe4096_p, &_bignum_ffdhe4096_q, 325); - case NID_ffdhe6144: -- return dh_param_init(&_bignum_ffdhe6144_p, 375); -+ return dh_param_init(nid, &_bignum_ffdhe6144_p, &_bignum_ffdhe6144_q, 375); - case NID_ffdhe8192: -- return dh_param_init(&_bignum_ffdhe8192_p, 400); -+ return dh_param_init(nid, &_bignum_ffdhe8192_p, &_bignum_ffdhe8192_q, 400); -+ case NID_modp_2048: -+ return dh_param_init(nid, &_bignum_modp_2048_p, &_bignum_modp_2048_q, 225); -+ case NID_modp_3072: -+ return dh_param_init(nid, &_bignum_modp_3072_p, &_bignum_modp_3072_q, 275); -+ case NID_modp_4096: -+ return dh_param_init(nid, &_bignum_modp_4096_p, &_bignum_modp_4096_q, 325); -+ case NID_modp_6144: -+ return dh_param_init(nid, &_bignum_modp_6144_p, &_bignum_modp_6144_q, 375); -+ case NID_modp_8192: -+ return dh_param_init(nid, &_bignum_modp_8192_p, &_bignum_modp_8192_q, 400); -+ case NID_modp_1536: -+ if (!FIPS_mode()) -+ return dh_param_init(nid, &_bignum_modp_1536_p, &_bignum_modp_1536_q, 175); -+ /* fallthrough */ - default: - DHerr(DH_F_DH_NEW_BY_NID, DH_R_INVALID_PARAMETER_NID); - return NULL; - } - } - --int DH_get_nid(const DH *dh) -+static int dh_match_group(const DH *dh, BIGNUM **qout, int *lout) - { - int nid; -+ const BIGNUM *q; -+ int length; - - if (BN_get_word(dh->g) != 2) - return NID_undef; -- if (!BN_cmp(dh->p, &_bignum_ffdhe2048_p)) -+ -+ if (dh->nid == NID_ffdhe2048 || !BN_cmp(dh->p, &_bignum_ffdhe2048_p)) { - nid = NID_ffdhe2048; -- else if (!BN_cmp(dh->p, &_bignum_ffdhe3072_p)) -+ q = &_bignum_ffdhe2048_q; -+ length = 225; -+ } else if (dh->nid == NID_ffdhe3072 || !BN_cmp(dh->p, &_bignum_ffdhe3072_p)) { - nid = NID_ffdhe3072; -- else if (!BN_cmp(dh->p, &_bignum_ffdhe4096_p)) -+ q = &_bignum_ffdhe3072_q; -+ length = 275; -+ } else if (dh->nid == NID_ffdhe4096 || !BN_cmp(dh->p, &_bignum_ffdhe4096_p)) { - nid = NID_ffdhe4096; -- else if (!BN_cmp(dh->p, &_bignum_ffdhe6144_p)) -+ q = &_bignum_ffdhe4096_q; -+ length = 325; -+ } else if (dh->nid == NID_ffdhe6144 || !BN_cmp(dh->p, &_bignum_ffdhe6144_p)) { - nid = NID_ffdhe6144; -- else if (!BN_cmp(dh->p, &_bignum_ffdhe8192_p)) -+ q = &_bignum_ffdhe6144_q; -+ length = 375; -+ } else if (dh->nid == NID_ffdhe8192 || !BN_cmp(dh->p, &_bignum_ffdhe8192_p)) { - nid = NID_ffdhe8192; -- else -+ q = &_bignum_ffdhe8192_q; -+ length = 400; -+ } else if (dh->nid == NID_modp_2048 || !BN_cmp(dh->p, &_bignum_modp_2048_p)) { -+ nid = NID_modp_2048; -+ q = &_bignum_modp_2048_q; -+ length = 225; -+ } else if (dh->nid == NID_modp_3072 || !BN_cmp(dh->p, &_bignum_modp_3072_p)) { -+ nid = NID_modp_3072; -+ q = &_bignum_modp_3072_q; -+ length = 275; -+ } else if (dh->nid == NID_modp_4096 || !BN_cmp(dh->p, &_bignum_modp_4096_p)) { -+ nid = NID_modp_4096; -+ q = &_bignum_modp_4096_q; -+ length = 325; -+ } else if (dh->nid == NID_modp_6144 || !BN_cmp(dh->p, &_bignum_modp_6144_p)) { -+ nid = NID_modp_6144; -+ q = &_bignum_modp_6144_q; -+ length = 375; -+ } else if (dh->nid == NID_modp_8192 || !BN_cmp(dh->p, &_bignum_modp_8192_p)) { -+ nid = NID_modp_8192; -+ q = &_bignum_modp_8192_q; -+ length = 400; -+ } else if (!FIPS_mode() && (dh->nid == NID_modp_1536 || !BN_cmp(dh->p, &_bignum_modp_1536_p))) { -+ nid = NID_modp_1536; -+ q = &_bignum_modp_1536_q; -+ length = 175; -+ } else { - return NID_undef; -+ } -+ - if (dh->q != NULL) { -- BIGNUM *q = BN_dup(dh->p); -+ /* Check that q matches the known q. */ -+ if (BN_cmp(dh->q, q)) -+ return NID_undef; -+ } else if (qout != NULL) { -+ *qout = (BIGNUM *)q; -+ } - -- /* Check q = p * 2 + 1 we already know q is odd, so just shift right */ -- if (q == NULL || !BN_rshift1(q, q) || !BN_cmp(dh->q, q)) -- nid = NID_undef; -- BN_free(q); -+ if (lout != NULL) { -+ *lout = length; - } - return nid; - } -+ -+int DH_get_nid(const DH *dh) -+{ -+ if (dh->nid != NID_undef) { -+ return dh->nid; -+ } -+ return dh_match_group(dh, NULL, NULL); -+} -+ -+void dh_cache_nid(DH *dh) -+{ -+ dh->nid = dh_match_group(dh, NULL, &dh->length); -+} -+ -+int dh_get_known_q(const DH *dh, BIGNUM **q) -+{ -+ return dh_match_group(dh, q, NULL) != NID_undef; -+} -+ -diff -up openssl-1.1.1j/crypto/ec/ec_key.c.fips-dh openssl-1.1.1j/crypto/ec/ec_key.c ---- openssl-1.1.1j/crypto/ec/ec_key.c.fips-dh 2021-03-03 14:23:27.339091868 +0100 -+++ openssl-1.1.1j/crypto/ec/ec_key.c 2021-03-03 14:23:27.405092436 +0100 -@@ -281,9 +281,18 @@ int ec_key_simple_generate_key(EC_KEY *e - if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) - goto err; - -- eckey->priv_key = priv_key; - eckey->pub_key = pub_key; - -+ if (FIPS_mode()) { -+ eckey->priv_key = NULL; -+ if (EC_KEY_check_key(eckey) <= 0) { -+ eckey->pub_key = NULL; -+ goto err; -+ } -+ } -+ -+ eckey->priv_key = priv_key; -+ - ok = 1; - - err: -@@ -297,8 +306,23 @@ int ec_key_simple_generate_key(EC_KEY *e - - int ec_key_simple_generate_public_key(EC_KEY *eckey) - { -- return EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL, -+ BIGNUM *priv_key; -+ int ret = EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL, - NULL, NULL); -+ -+ if (ret <= 0 || !FIPS_mode()) -+ return ret; -+ -+ /* no need to perform private key test, temporarily hide it */ -+ priv_key = eckey->priv_key; -+ eckey->priv_key = NULL; -+ ret = EC_KEY_check_key(eckey); -+ eckey->priv_key = priv_key; -+ -+ if (ret <= 0) -+ EC_POINT_set_to_infinity(eckey->group, eckey->pub_key); -+ -+ return ret; - } - - int EC_KEY_check_key(const EC_KEY *eckey) -diff -up openssl-1.1.1j/crypto/evp/p_lib.c.fips-dh openssl-1.1.1j/crypto/evp/p_lib.c ---- openssl-1.1.1j/crypto/evp/p_lib.c.fips-dh 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/evp/p_lib.c 2021-03-03 14:23:27.405092436 +0100 -@@ -540,7 +540,8 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *p - - int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) - { -- int type = DH_get0_q(key) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX; -+ int type = DH_get0_q(key) == NULL || DH_get_nid(key) != NID_undef ? -+ EVP_PKEY_DH : EVP_PKEY_DHX; - int ret = EVP_PKEY_assign(pkey, type, key); - - if (ret) -diff -up openssl-1.1.1j/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1j/crypto/objects/obj_dat.h ---- openssl-1.1.1j/crypto/objects/obj_dat.h.fips-dh 2021-03-03 14:23:27.394092341 +0100 -+++ openssl-1.1.1j/crypto/objects/obj_dat.h 2021-03-03 14:23:27.406092444 +0100 -@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = { - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */ - }; - --#define NUM_NID 1199 -+#define NUM_NID 1205 - static const ASN1_OBJECT nid_objs[NUM_NID] = { - {"UNDEF", "undefined", NID_undef}, - {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, -@@ -2279,9 +2279,15 @@ static const ASN1_OBJECT nid_objs[NUM_NI - {"KBKDF", "kbkdf", NID_kbkdf}, - {"KRB5KDF", "krb5kdf", NID_krb5kdf}, - {"SSKDF", "sskdf", NID_sskdf}, -+ {"modp_1536", "modp_1536", NID_modp_1536}, -+ {"modp_2048", "modp_2048", NID_modp_2048}, -+ {"modp_3072", "modp_3072", NID_modp_3072}, -+ {"modp_4096", "modp_4096", NID_modp_4096}, -+ {"modp_6144", "modp_6144", NID_modp_6144}, -+ {"modp_8192", "modp_8192", NID_modp_8192}, - }; - --#define NUM_SN 1190 -+#define NUM_SN 1196 - static const unsigned int sn_objs[NUM_SN] = { - 364, /* "AD_DVCS" */ - 419, /* "AES-128-CBC" */ -@@ -3127,6 +3133,12 @@ static const unsigned int sn_objs[NUM_SN - 506, /* "mime-mhs-bodies" */ - 505, /* "mime-mhs-headings" */ - 488, /* "mobileTelephoneNumber" */ -+ 1199, /* "modp_1536" */ -+ 1200, /* "modp_2048" */ -+ 1201, /* "modp_3072" */ -+ 1202, /* "modp_4096" */ -+ 1203, /* "modp_6144" */ -+ 1204, /* "modp_8192" */ - 136, /* "msCTLSign" */ - 135, /* "msCodeCom" */ - 134, /* "msCodeInd" */ -@@ -3475,7 +3487,7 @@ static const unsigned int sn_objs[NUM_SN - 1093, /* "x509ExtAdmission" */ - }; - --#define NUM_LN 1190 -+#define NUM_LN 1196 - static const unsigned int ln_objs[NUM_LN] = { - 363, /* "AD Time Stamping" */ - 405, /* "ANSI X9.62" */ -@@ -4313,6 +4325,12 @@ static const unsigned int ln_objs[NUM_LN - 506, /* "mime-mhs-bodies" */ - 505, /* "mime-mhs-headings" */ - 488, /* "mobileTelephoneNumber" */ -+ 1199, /* "modp_1536" */ -+ 1200, /* "modp_2048" */ -+ 1201, /* "modp_3072" */ -+ 1202, /* "modp_4096" */ -+ 1203, /* "modp_6144" */ -+ 1204, /* "modp_8192" */ - 481, /* "nSRecord" */ - 173, /* "name" */ - 681, /* "onBasis" */ -diff -up openssl-1.1.1j/crypto/objects/objects.txt.fips-dh openssl-1.1.1j/crypto/objects/objects.txt ---- openssl-1.1.1j/crypto/objects/objects.txt.fips-dh 2021-03-03 14:23:27.395092350 +0100 -+++ openssl-1.1.1j/crypto/objects/objects.txt 2021-03-03 14:23:27.406092444 +0100 -@@ -1657,6 +1657,13 @@ id-pkinit 5 : pkInit - : ffdhe4096 - : ffdhe6144 - : ffdhe8192 -+# NIDs for RFC3526 DH parameters -+ : modp_1536 -+ : modp_2048 -+ : modp_3072 -+ : modp_4096 -+ : modp_6144 -+ : modp_8192 - - # OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17) - -diff -up openssl-1.1.1j/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1j/crypto/objects/obj_mac.num ---- openssl-1.1.1j/crypto/objects/obj_mac.num.fips-dh 2021-03-03 14:23:27.395092350 +0100 -+++ openssl-1.1.1j/crypto/objects/obj_mac.num 2021-03-03 14:23:27.406092444 +0100 -@@ -1196,3 +1196,9 @@ sshkdf 1195 - kbkdf 1196 - krb5kdf 1197 - sskdf 1198 -+modp_1536 1199 -+modp_2048 1200 -+modp_3072 1201 -+modp_4096 1202 -+modp_6144 1203 -+modp_8192 1204 -diff -up openssl-1.1.1j/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1j/doc/man3/DH_new_by_nid.pod ---- openssl-1.1.1j/doc/man3/DH_new_by_nid.pod.fips-dh 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/doc/man3/DH_new_by_nid.pod 2021-03-03 14:23:27.406092444 +0100 -@@ -8,13 +8,15 @@ DH_new_by_nid, DH_get_nid - get or find - - #include - DH *DH_new_by_nid(int nid); -- int *DH_get_nid(const DH *dh); -+ int DH_get_nid(const DH *dh); - - =head1 DESCRIPTION - - DH_new_by_nid() creates and returns a DH structure containing named parameters - B. Currently B must be B, B, --B, B or B. -+B, B, B, -+B, B, B, -+B, B or B. - - DH_get_nid() determines if the parameters contained in B match - any named set. It returns the NID corresponding to the matching parameters or -diff -up openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod ---- openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod 2021-03-03 14:23:27.406092444 +0100 -@@ -294,10 +294,11 @@ The EVP_PKEY_CTX_set_dh_pad() macro sets - If B is zero (the default) then no padding is performed. - - EVP_PKEY_CTX_set_dh_nid() sets the DH parameters to values corresponding to --B as defined in RFC7919. The B parameter must be B, --B, B, B, B --or B to clear the stored value. This macro can be called during --parameter or key generation. -+I as defined in RFC7919 or RFC3526. The I parameter must be -+B, B, B, B, -+B, B, B, B, -+B, B, B or B to clear -+the stored value. This macro can be called during parameter or key generation. - The nid parameter and the rfc5114 parameter are mutually exclusive. - - The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are -diff -up openssl-1.1.1j/include/crypto/bn_dh.h.fips-dh openssl-1.1.1j/include/crypto/bn_dh.h ---- openssl-1.1.1j/include/crypto/bn_dh.h.fips-dh 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/include/crypto/bn_dh.h 2021-03-03 14:23:27.406092444 +0100 -@@ -1,7 +1,7 @@ - /* -- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. - * -- * Licensed under the OpenSSL license (the "License"). You may not use -+ * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html -@@ -9,16 +9,35 @@ - - #define declare_dh_bn(x) \ - extern const BIGNUM _bignum_dh##x##_p; \ -+ extern const BIGNUM _bignum_dh##x##_q; \ - extern const BIGNUM _bignum_dh##x##_g; \ -- extern const BIGNUM _bignum_dh##x##_q; - - declare_dh_bn(1024_160) - declare_dh_bn(2048_224) - declare_dh_bn(2048_256) - -+extern const BIGNUM _bignum_const_2; -+ - extern const BIGNUM _bignum_ffdhe2048_p; - extern const BIGNUM _bignum_ffdhe3072_p; - extern const BIGNUM _bignum_ffdhe4096_p; - extern const BIGNUM _bignum_ffdhe6144_p; - extern const BIGNUM _bignum_ffdhe8192_p; --extern const BIGNUM _bignum_const_2; -+extern const BIGNUM _bignum_ffdhe2048_q; -+extern const BIGNUM _bignum_ffdhe3072_q; -+extern const BIGNUM _bignum_ffdhe4096_q; -+extern const BIGNUM _bignum_ffdhe6144_q; -+extern const BIGNUM _bignum_ffdhe8192_q; -+ -+extern const BIGNUM _bignum_modp_1536_p; -+extern const BIGNUM _bignum_modp_2048_p; -+extern const BIGNUM _bignum_modp_3072_p; -+extern const BIGNUM _bignum_modp_4096_p; -+extern const BIGNUM _bignum_modp_6144_p; -+extern const BIGNUM _bignum_modp_8192_p; -+extern const BIGNUM _bignum_modp_1536_q; -+extern const BIGNUM _bignum_modp_2048_q; -+extern const BIGNUM _bignum_modp_3072_q; -+extern const BIGNUM _bignum_modp_4096_q; -+extern const BIGNUM _bignum_modp_6144_q; -+extern const BIGNUM _bignum_modp_8192_q; -diff -up openssl-1.1.1j/include/openssl/obj_mac.h.fips-dh openssl-1.1.1j/include/openssl/obj_mac.h ---- openssl-1.1.1j/include/openssl/obj_mac.h.fips-dh 2021-03-03 14:23:27.396092358 +0100 -+++ openssl-1.1.1j/include/openssl/obj_mac.h 2021-03-03 14:23:27.407092453 +0100 -@@ -5115,6 +5115,24 @@ - #define SN_ffdhe8192 "ffdhe8192" - #define NID_ffdhe8192 1130 - -+#define SN_modp_1536 "modp_1536" -+#define NID_modp_1536 1199 -+ -+#define SN_modp_2048 "modp_2048" -+#define NID_modp_2048 1200 -+ -+#define SN_modp_3072 "modp_3072" -+#define NID_modp_3072 1201 -+ -+#define SN_modp_4096 "modp_4096" -+#define NID_modp_4096 1202 -+ -+#define SN_modp_6144 "modp_6144" -+#define NID_modp_6144 1203 -+ -+#define SN_modp_8192 "modp_8192" -+#define NID_modp_8192 1204 -+ - #define SN_ISO_UA "ISO-UA" - #define NID_ISO_UA 1150 - #define OBJ_ISO_UA OBJ_member_body,804L -diff -up openssl-1.1.1j/ssl/s3_lib.c.fips-dh openssl-1.1.1j/ssl/s3_lib.c ---- openssl-1.1.1j/ssl/s3_lib.c.fips-dh 2021-03-03 14:23:27.354091997 +0100 -+++ openssl-1.1.1j/ssl/s3_lib.c 2021-03-03 14:23:27.407092453 +0100 -@@ -4849,13 +4849,51 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey - EVP_PKEY *ssl_dh_to_pkey(DH *dh) - { - EVP_PKEY *ret; -+ DH *dhp = NULL; -+ - if (dh == NULL) - return NULL; -+ -+ if (FIPS_mode() && DH_get_nid(dh) == NID_undef) { -+ int bits = DH_bits(dh); -+ BIGNUM *p, *g; -+ -+ dhp = DH_new(); -+ if (dhp == NULL) -+ return NULL; -+ g = BN_new(); -+ if (g == NULL || !BN_set_word(g, 2)) { -+ DH_free(dhp); -+ BN_free(g); -+ return NULL; -+ } -+ -+ if (bits >= 7000) -+ p = BN_get_rfc3526_prime_8192(NULL); -+ else if (bits >= 5000) -+ p = BN_get_rfc3526_prime_6144(NULL); -+ else if (bits >= 3800) -+ p = BN_get_rfc3526_prime_4096(NULL); -+ else if (bits >= 2500) -+ p = BN_get_rfc3526_prime_3072(NULL); -+ else -+ p = BN_get_rfc3526_prime_2048(NULL); -+ if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { -+ DH_free(dhp); -+ BN_free(p); -+ BN_free(g); -+ return NULL; -+ } -+ dh = dhp; -+ } -+ - ret = EVP_PKEY_new(); - if (EVP_PKEY_set1_DH(ret, dh) <= 0) { -+ DH_free(dhp); - EVP_PKEY_free(ret); - return NULL; - } -+ DH_free(dhp); - return ret; - } - #endif -diff -up openssl-1.1.1j/ssl/t1_lib.c.fips-dh openssl-1.1.1j/ssl/t1_lib.c ---- openssl-1.1.1j/ssl/t1_lib.c.fips-dh 2021-03-03 14:23:27.401092401 +0100 -+++ openssl-1.1.1j/ssl/t1_lib.c 2021-03-03 14:23:27.407092453 +0100 -@@ -2542,7 +2542,7 @@ DH *ssl_get_auto_dh(SSL *s) - p = BN_get_rfc3526_prime_4096(NULL); - else if (dh_secbits >= 128) - p = BN_get_rfc3526_prime_3072(NULL); -- else if (dh_secbits >= 112) -+ else if (dh_secbits >= 112 || FIPS_mode()) - p = BN_get_rfc3526_prime_2048(NULL); - else - p = BN_get_rfc2409_prime_1024(NULL); diff --git a/openssl-1.1.1-fips-drbg-selftest.patch b/openssl-1.1.1-fips-drbg-selftest.patch deleted file mode 100644 index b800c06..0000000 --- a/openssl-1.1.1-fips-drbg-selftest.patch +++ /dev/null @@ -1,587 +0,0 @@ -diff -up openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest openssl-1.1.1g/crypto/fips/fips_post.c ---- openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest 2020-04-23 13:33:12.500624151 +0200 -+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-04-23 13:33:12.618621925 +0200 -@@ -67,12 +67,18 @@ - - # include - # include "crypto/fips.h" -+# include "crypto/rand.h" - # include "fips_locl.h" - - /* Run all selftests */ - int FIPS_selftest(void) - { - int rv = 1; -+ if (!rand_drbg_selftest()) { -+ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_TEST_FAILURE); -+ ERR_add_error_data(2, "Type=", "rand_drbg_selftest"); -+ rv = 0; -+ } - if (!FIPS_selftest_drbg()) - rv = 0; - if (!FIPS_selftest_sha1()) -diff -up openssl-1.1.1g/crypto/rand/build.info.drbg-selftest openssl-1.1.1g/crypto/rand/build.info ---- openssl-1.1.1g/crypto/rand/build.info.drbg-selftest 2020-04-23 13:33:12.619621907 +0200 -+++ openssl-1.1.1g/crypto/rand/build.info 2020-04-23 13:34:10.857523497 +0200 -@@ -1,6 +1,6 @@ - LIBS=../../libcrypto - SOURCE[../../libcrypto]=\ - randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \ -- rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c -+ rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c drbg_selftest.c - - INCLUDE[drbg_ctr.o]=../modes -diff -up openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest openssl-1.1.1g/crypto/rand/drbg_selftest.c ---- openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest 2020-04-23 13:33:12.619621907 +0200 -+++ openssl-1.1.1g/crypto/rand/drbg_selftest.c 2020-04-23 13:33:12.619621907 +0200 -@@ -0,0 +1,537 @@ -+/* -+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the OpenSSL license (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#include -+#include -+#include "internal/nelem.h" -+#include -+#include -+#include -+#include -+#include "internal/thread_once.h" -+#include "crypto/rand.h" -+ -+typedef struct test_ctx_st { -+ const unsigned char *entropy; -+ size_t entropylen; -+ int entropycnt; -+ const unsigned char *nonce; -+ size_t noncelen; -+ int noncecnt; -+} TEST_CTX; -+ -+static int app_data_index = -1; -+static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT; -+DEFINE_RUN_ONCE_STATIC(drbg_app_data_index_init) -+{ -+ app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL); -+ -+ return 1; -+} -+ -+enum drbg_kat_type { -+ NO_RESEED, -+ PR_FALSE, -+ PR_TRUE -+}; -+ -+enum drbg_df { -+ USE_DF, -+ NO_DF, -+ NA -+}; -+ -+struct drbg_kat_no_reseed { -+ size_t count; -+ const unsigned char *entropyin; -+ const unsigned char *nonce; -+ const unsigned char *persstr; -+ const unsigned char *addin1; -+ const unsigned char *addin2; -+ const unsigned char *retbytes; -+}; -+ -+struct drbg_kat_pr_false { -+ size_t count; -+ const unsigned char *entropyin; -+ const unsigned char *nonce; -+ const unsigned char *persstr; -+ const unsigned char *entropyinreseed; -+ const unsigned char *addinreseed; -+ const unsigned char *addin1; -+ const unsigned char *addin2; -+ const unsigned char *retbytes; -+}; -+ -+struct drbg_kat_pr_true { -+ size_t count; -+ const unsigned char *entropyin; -+ const unsigned char *nonce; -+ const unsigned char *persstr; -+ const unsigned char *entropyinpr1; -+ const unsigned char *addin1; -+ const unsigned char *entropyinpr2; -+ const unsigned char *addin2; -+ const unsigned char *retbytes; -+}; -+ -+struct drbg_kat { -+ enum drbg_kat_type type; -+ enum drbg_df df; -+ int nid; -+ -+ size_t entropyinlen; -+ size_t noncelen; -+ size_t persstrlen; -+ size_t addinlen; -+ size_t retbyteslen; -+ -+ const void *t; -+}; -+ -+/* -+ * Excerpt from test/drbg_cavs_data.c -+ * DRBG test vectors from: -+ * https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/ -+ */ -+ -+static const unsigned char kat1308_entropyin[] = { -+ 0x7c, 0x5d, 0x90, 0x70, 0x3b, 0x8a, 0xc7, 0x0f, 0x23, 0x73, 0x24, 0x9c, -+ 0xa7, 0x15, 0x41, 0x71, 0x7a, 0x31, 0xea, 0x32, 0xfc, 0x28, 0x0d, 0xd7, -+ 0x5b, 0x09, 0x01, 0x98, 0x1b, 0xe2, 0xa5, 0x53, 0xd9, 0x05, 0x32, 0x97, -+ 0xec, 0xbe, 0x86, 0xfd, 0x1c, 0x1c, 0x71, 0x4c, 0x52, 0x29, 0x9e, 0x52, -+}; -+static const unsigned char kat1308_nonce[] = {0}; -+static const unsigned char kat1308_persstr[] = { -+ 0xdc, 0x07, 0x2f, 0x68, 0xfa, 0x77, 0x03, 0x23, 0x42, 0xb0, 0xf5, 0xa2, -+ 0xd9, 0xad, 0xa1, 0xd0, 0xad, 0xa2, 0x14, 0xb4, 0xd0, 0x8e, 0xfb, 0x39, -+ 0xdd, 0xc2, 0xac, 0xfb, 0x98, 0xdf, 0x7f, 0xce, 0x4c, 0x75, 0x56, 0x45, -+ 0xcd, 0x86, 0x93, 0x74, 0x90, 0x6e, 0xf6, 0x9e, 0x85, 0x7e, 0xfb, 0xc3, -+}; -+static const unsigned char kat1308_addin0[] = { -+ 0x52, 0x25, 0xc4, 0x2f, 0x03, 0xce, 0x29, 0x71, 0xc5, 0x0b, 0xc3, 0x4e, -+ 0xad, 0x8d, 0x6f, 0x17, 0x82, 0xe1, 0xf3, 0xfd, 0xfd, 0x9b, 0x94, 0x9a, -+ 0x1d, 0xac, 0xd0, 0xd4, 0x3f, 0x2b, 0xe3, 0xab, 0x7c, 0x3d, 0x3e, 0x5a, -+ 0x68, 0xbb, 0xa4, 0x74, 0x68, 0x1a, 0xc6, 0x27, 0xff, 0xe0, 0xc0, 0x6c, -+}; -+static const unsigned char kat1308_addin1[] = { -+ 0xdc, 0x91, 0xd7, 0xb7, 0xb9, 0x94, 0x79, 0x0f, 0x06, 0xc4, 0x70, 0x19, -+ 0x33, 0x25, 0x7c, 0x96, 0x01, 0xa0, 0x62, 0xb0, 0x50, 0xe6, 0xc0, 0x3a, -+ 0x56, 0x8f, 0xc5, 0x50, 0x48, 0xc6, 0xf4, 0x49, 0xe5, 0x70, 0x16, 0x2e, -+ 0xae, 0xf2, 0x99, 0xb4, 0x2d, 0x70, 0x18, 0x16, 0xcd, 0xe0, 0x24, 0xe4, -+}; -+static const unsigned char kat1308_retbits[] = { -+ 0xde, 0xf8, 0x91, 0x1b, 0xf1, 0xe1, 0xa9, 0x97, 0xd8, 0x61, 0x84, 0xe2, -+ 0xdb, 0x83, 0x3e, 0x60, 0x45, 0xcd, 0xc8, 0x66, 0x93, 0x28, 0xc8, 0x92, -+ 0xbc, 0x25, 0xae, 0xe8, 0xb0, 0xed, 0xed, 0x16, 0x3d, 0xa5, 0xf9, 0x0f, -+ 0xb3, 0x72, 0x08, 0x84, 0xac, 0x3c, 0x3b, 0xaa, 0x5f, 0xf9, 0x7d, 0x63, -+ 0x3e, 0xde, 0x59, 0x37, 0x0e, 0x40, 0x12, 0x2b, 0xbc, 0x6c, 0x96, 0x53, -+ 0x26, 0x32, 0xd0, 0xb8, -+}; -+static const struct drbg_kat_no_reseed kat1308_t = { -+ 2, kat1308_entropyin, kat1308_nonce, kat1308_persstr, -+ kat1308_addin0, kat1308_addin1, kat1308_retbits -+}; -+static const struct drbg_kat kat1308 = { -+ NO_RESEED, NO_DF, NID_aes_256_ctr, 48, 0, 48, 48, 64, &kat1308_t -+}; -+ -+static const unsigned char kat1465_entropyin[] = { -+ 0xc9, 0x96, 0x3a, 0x15, 0x51, 0x76, 0x4f, 0xe0, 0x45, 0x82, 0x8a, 0x64, -+ 0x87, 0xbe, 0xaa, 0xc0, -+}; -+static const unsigned char kat1465_nonce[] = { -+ 0x08, 0xcd, 0x69, 0x39, 0xf8, 0x58, 0x9a, 0x85, -+}; -+static const unsigned char kat1465_persstr[] = {0}; -+static const unsigned char kat1465_entropyinreseed[] = { -+ 0x16, 0xcc, 0x35, 0x15, 0xb1, 0x17, 0xf5, 0x33, 0x80, 0x9a, 0x80, 0xc5, -+ 0x1f, 0x4b, 0x7b, 0x51, -+}; -+static const unsigned char kat1465_addinreseed[] = { -+ 0xf5, 0x3d, 0xf1, 0x2e, 0xdb, 0x28, 0x1c, 0x00, 0x7b, 0xcb, 0xb6, 0x12, -+ 0x61, 0x9f, 0x26, 0x5f, -+}; -+static const unsigned char kat1465_addin0[] = { -+ 0xe2, 0x67, 0x06, 0x62, 0x09, 0xa7, 0xcf, 0xd6, 0x84, 0x8c, 0x20, 0xf6, -+ 0x10, 0x5a, 0x73, 0x9c, -+}; -+static const unsigned char kat1465_addin1[] = { -+ 0x26, 0xfa, 0x50, 0xe1, 0xb3, 0xcb, 0x65, 0xed, 0xbc, 0x6d, 0xda, 0x18, -+ 0x47, 0x99, 0x1f, 0xeb, -+}; -+static const unsigned char kat1465_retbits[] = { -+ 0xf9, 0x47, 0xc6, 0xb0, 0x58, 0xa8, 0x66, 0x8a, 0xf5, 0x2b, 0x2a, 0x6d, -+ 0x4e, 0x24, 0x6f, 0x65, 0xbf, 0x51, 0x22, 0xbf, 0xe8, 0x8d, 0x6c, 0xeb, -+ 0xf9, 0x68, 0x7f, 0xed, 0x3b, 0xdd, 0x6b, 0xd5, 0x28, 0x47, 0x56, 0x52, -+ 0xda, 0x50, 0xf0, 0x90, 0x73, 0x95, 0x06, 0x58, 0xaf, 0x08, 0x98, 0x6e, -+ 0x24, 0x18, 0xfd, 0x2f, 0x48, 0x72, 0x57, 0xd6, 0x59, 0xab, 0xe9, 0x41, -+ 0x58, 0xdb, 0x27, 0xba, -+}; -+static const struct drbg_kat_pr_false kat1465_t = { -+ 9, kat1465_entropyin, kat1465_nonce, kat1465_persstr, -+ kat1465_entropyinreseed, kat1465_addinreseed, kat1465_addin0, -+ kat1465_addin1, kat1465_retbits -+}; -+static const struct drbg_kat kat1465 = { -+ PR_FALSE, USE_DF, NID_aes_128_ctr, 16, 8, 0, 16, 64, &kat1465_t -+}; -+ -+static const unsigned char kat3146_entropyin[] = { -+ 0xd7, 0x08, 0x42, 0x82, 0xc2, 0xd2, 0xd1, 0xde, 0x01, 0xb4, 0x36, 0xb3, -+ 0x7f, 0xbd, 0xd3, 0xdd, 0xb3, 0xc4, 0x31, 0x4f, 0x8f, 0xa7, 0x10, 0xf4, -+}; -+static const unsigned char kat3146_nonce[] = { -+ 0x7b, 0x9e, 0xcd, 0x49, 0x4f, 0x46, 0xa0, 0x08, 0x32, 0xff, 0x2e, 0xc3, -+ 0x50, 0x86, 0xca, 0xca, -+}; -+static const unsigned char kat3146_persstr[] = {0}; -+static const unsigned char kat3146_entropyinpr1[] = { -+ 0x68, 0xd0, 0x7b, 0xa4, 0xe7, 0x22, 0x19, 0xe6, 0xb6, 0x46, 0x6a, 0xda, -+ 0x8e, 0x67, 0xea, 0x63, 0x3f, 0xaf, 0x2f, 0x6c, 0x9d, 0x5e, 0x48, 0x15, -+}; -+static const unsigned char kat3146_addinpr1[] = { -+ 0x70, 0x0f, 0x54, 0xf4, 0x53, 0xde, 0xca, 0x61, 0x5c, 0x49, 0x51, 0xd1, -+ 0x41, 0xc4, 0xf1, 0x2f, 0x65, 0xfb, 0x7e, 0xbc, 0x9b, 0x14, 0xba, 0x90, -+ 0x05, 0x33, 0x7e, 0x64, 0xb7, 0x2b, 0xaf, 0x99, -+}; -+static const unsigned char kat3146_entropyinpr2[] = { -+ 0xeb, 0x77, 0xb0, 0xe9, 0x2d, 0x31, 0xc8, 0x66, 0xc5, 0xc4, 0xa7, 0xf7, -+ 0x6c, 0xb2, 0x74, 0x36, 0x4b, 0x25, 0x78, 0x04, 0xd8, 0xd7, 0xd2, 0x34, -+}; -+static const unsigned char kat3146_addinpr2[] = { -+ 0x05, 0xcd, 0x2a, 0x97, 0x5a, 0x5d, 0xfb, 0x98, 0xc1, 0xf1, 0x00, 0x0c, -+ 0xed, 0xe6, 0x2a, 0xba, 0xf0, 0x89, 0x1f, 0x5a, 0x4f, 0xd7, 0x48, 0xb3, -+ 0x24, 0xc0, 0x8a, 0x3d, 0x60, 0x59, 0x5d, 0xb6, -+}; -+static const unsigned char kat3146_retbits[] = { -+ 0x29, 0x94, 0xa4, 0xa8, 0x17, 0x3e, 0x62, 0x2f, 0x94, 0xdd, 0x40, 0x1f, -+ 0xe3, 0x7e, 0x77, 0xd4, 0x38, 0xbc, 0x0e, 0x49, 0x46, 0xf6, 0x0e, 0x28, -+ 0x91, 0xc6, 0x9c, 0xc4, 0xa6, 0xa1, 0xf8, 0x9a, 0x64, 0x5e, 0x99, 0x76, -+ 0xd0, 0x2d, 0xee, 0xde, 0xe1, 0x2c, 0x93, 0x29, 0x4b, 0x12, 0xcf, 0x87, -+ 0x03, 0x98, 0xb9, 0x74, 0x41, 0xdb, 0x3a, 0x49, 0x9f, 0x92, 0xd0, 0x45, -+ 0xd4, 0x30, 0x73, 0xbb, -+}; -+static const struct drbg_kat_pr_true kat3146_t = { -+ 10, kat3146_entropyin, kat3146_nonce, kat3146_persstr, -+ kat3146_entropyinpr1, kat3146_addinpr1, kat3146_entropyinpr2, -+ kat3146_addinpr2, kat3146_retbits -+}; -+static const struct drbg_kat kat3146 = { -+ PR_TRUE, USE_DF, NID_aes_192_ctr, 24, 16, 0, 32, 64, &kat3146_t -+}; -+ -+static const struct drbg_kat *drbg_test[] = { &kat1308, &kat1465, &kat3146 }; -+ -+static const size_t drbg_test_nelem = OSSL_NELEM(drbg_test); -+ -+static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout, -+ int entropy, size_t min_len, size_t max_len, -+ int prediction_resistance) -+{ -+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index); -+ -+ t->entropycnt++; -+ *pout = (unsigned char *)t->entropy; -+ return t->entropylen; -+} -+ -+static size_t kat_nonce(RAND_DRBG *drbg, unsigned char **pout, -+ int entropy, size_t min_len, size_t max_len) -+{ -+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index); -+ -+ t->noncecnt++; -+ *pout = (unsigned char *)t->nonce; -+ return t->noncelen; -+} -+ -+/* -+ * Do a single NO_RESEED KAT: -+ * -+ * Instantiate -+ * Generate Random Bits (pr=false) -+ * Generate Random Bits (pr=false) -+ * Uninstantiate -+ * -+ * Return 0 on failure. -+ */ -+static int single_kat_no_reseed(const struct drbg_kat *td) -+{ -+ struct drbg_kat_no_reseed *data = (struct drbg_kat_no_reseed *)td->t; -+ RAND_DRBG *drbg = NULL; -+ unsigned char *buff = NULL; -+ unsigned int flags = 0; -+ int failures = 0; -+ TEST_CTX t; -+ -+ if (td->df != USE_DF) -+ flags |= RAND_DRBG_FLAG_CTR_NO_DF; -+ -+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL) -+ return 0; -+ -+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL, -+ kat_nonce, NULL)) { -+ failures++; -+ goto err; -+ } -+ memset(&t, 0, sizeof(t)); -+ t.entropy = data->entropyin; -+ t.entropylen = td->entropyinlen; -+ t.nonce = data->nonce; -+ t.noncelen = td->noncelen; -+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t); -+ -+ buff = OPENSSL_malloc(td->retbyteslen); -+ if (buff == NULL) { -+ failures++; -+ goto err; -+ } -+ -+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen) -+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0, -+ data->addin1, td->addinlen) -+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0, -+ data->addin2, td->addinlen) -+ || memcmp(data->retbytes, buff, -+ td->retbyteslen) != 0) -+ failures++; -+ -+err: -+ OPENSSL_free(buff); -+ RAND_DRBG_uninstantiate(drbg); -+ RAND_DRBG_free(drbg); -+ return failures == 0; -+} -+ -+/*- -+ * Do a single PR_FALSE KAT: -+ * -+ * Instantiate -+ * Reseed -+ * Generate Random Bits (pr=false) -+ * Generate Random Bits (pr=false) -+ * Uninstantiate -+ * -+ * Return 0 on failure. -+ */ -+static int single_kat_pr_false(const struct drbg_kat *td) -+{ -+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t; -+ RAND_DRBG *drbg = NULL; -+ unsigned char *buff = NULL; -+ unsigned int flags = 0; -+ int failures = 0; -+ TEST_CTX t; -+ -+ if (td->df != USE_DF) -+ flags |= RAND_DRBG_FLAG_CTR_NO_DF; -+ -+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL) -+ return 0; -+ -+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL, -+ kat_nonce, NULL)) { -+ failures++; -+ goto err; -+ } -+ memset(&t, 0, sizeof(t)); -+ t.entropy = data->entropyin; -+ t.entropylen = td->entropyinlen; -+ t.nonce = data->nonce; -+ t.noncelen = td->noncelen; -+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t); -+ -+ buff = OPENSSL_malloc(td->retbyteslen); -+ if (buff == NULL) { -+ failures++; -+ goto err; -+ } -+ -+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)) -+ failures++; -+ -+ t.entropy = data->entropyinreseed; -+ t.entropylen = td->entropyinlen; -+ -+ if (!RAND_DRBG_reseed(drbg, data->addinreseed, td->addinlen, 0) -+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0, -+ data->addin1, td->addinlen) -+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0, -+ data->addin2, td->addinlen) -+ || memcmp(data->retbytes, buff, -+ td->retbyteslen) != 0) -+ failures++; -+ -+err: -+ OPENSSL_free(buff); -+ RAND_DRBG_uninstantiate(drbg); -+ RAND_DRBG_free(drbg); -+ return failures == 0; -+} -+ -+/*- -+ * Do a single PR_TRUE KAT: -+ * -+ * Instantiate -+ * Generate Random Bits (pr=true) -+ * Generate Random Bits (pr=true) -+ * Uninstantiate -+ * -+ * Return 0 on failure. -+ */ -+static int single_kat_pr_true(const struct drbg_kat *td) -+{ -+ struct drbg_kat_pr_true *data = (struct drbg_kat_pr_true *)td->t; -+ RAND_DRBG *drbg = NULL; -+ unsigned char *buff = NULL; -+ unsigned int flags = 0; -+ int failures = 0; -+ TEST_CTX t; -+ -+ if (td->df != USE_DF) -+ flags |= RAND_DRBG_FLAG_CTR_NO_DF; -+ -+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL) -+ return 0; -+ -+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL, -+ kat_nonce, NULL)) { -+ failures++; -+ goto err; -+ } -+ memset(&t, 0, sizeof(t)); -+ t.nonce = data->nonce; -+ t.noncelen = td->noncelen; -+ t.entropy = data->entropyin; -+ t.entropylen = td->entropyinlen; -+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t); -+ -+ buff = OPENSSL_malloc(td->retbyteslen); -+ if (buff == NULL) { -+ failures++; -+ goto err; -+ } -+ -+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)) -+ failures++; -+ -+ t.entropy = data->entropyinpr1; -+ t.entropylen = td->entropyinlen; -+ -+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1, -+ data->addin1, td->addinlen)) -+ failures++; -+ -+ t.entropy = data->entropyinpr2; -+ t.entropylen = td->entropyinlen; -+ -+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1, -+ data->addin2, td->addinlen) -+ || memcmp(data->retbytes, buff, -+ td->retbyteslen) != 0) -+ failures++; -+ -+err: -+ OPENSSL_free(buff); -+ RAND_DRBG_uninstantiate(drbg); -+ RAND_DRBG_free(drbg); -+ return failures == 0; -+} -+ -+static int test_kats(int i) -+{ -+ const struct drbg_kat *td = drbg_test[i]; -+ int rv = 0; -+ -+ switch (td->type) { -+ case NO_RESEED: -+ if (!single_kat_no_reseed(td)) -+ goto err; -+ break; -+ case PR_FALSE: -+ if (!single_kat_pr_false(td)) -+ goto err; -+ break; -+ case PR_TRUE: -+ if (!single_kat_pr_true(td)) -+ goto err; -+ break; -+ default: /* cant happen */ -+ goto err; -+ } -+ rv = 1; -+err: -+ return rv; -+} -+ -+/*- -+ * Do one expected-error test: -+ * -+ * Instantiate with no entropy supplied -+ * -+ * Return 0 on failure. -+ */ -+static int test_drbg_sanity(const struct drbg_kat *td) -+{ -+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t; -+ RAND_DRBG *drbg = NULL; -+ unsigned int flags = 0; -+ int failures = 0; -+ TEST_CTX t; -+ -+ if (td->df != USE_DF) -+ flags |= RAND_DRBG_FLAG_CTR_NO_DF; -+ -+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL) -+ return 0; -+ -+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL, -+ kat_nonce, NULL)) { -+ failures++; -+ goto err; -+ } -+ memset(&t, 0, sizeof(t)); -+ t.entropy = data->entropyin; -+ t.entropylen = 0; /* No entropy */ -+ t.nonce = data->nonce; -+ t.noncelen = td->noncelen; -+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t); -+ -+ ERR_set_mark(); -+ /* This must fail. */ -+ if (RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)) -+ failures++; -+ RAND_DRBG_uninstantiate(drbg); -+ ERR_pop_to_mark(); -+ -+err: -+ RAND_DRBG_free(drbg); -+ return failures == 0; -+} -+ -+ -+int rand_drbg_selftest(void) -+{ -+ int i; -+ -+ if (!RUN_ONCE(&get_index_once, drbg_app_data_index_init)) -+ return 0; -+ -+ for (i = 0; i < drbg_test_nelem; i++) { -+ if (test_kats(i) <= 0) -+ return 0; -+ } -+ -+ if (test_drbg_sanity(&kat1465) <= 0) -+ return 0; -+ -+ return 1; -+} -diff -up openssl-1.1.1g/include/crypto/rand.h.drbg-selftest openssl-1.1.1g/include/crypto/rand.h ---- openssl-1.1.1g/include/crypto/rand.h.drbg-selftest 2020-04-23 13:33:12.587622510 +0200 -+++ openssl-1.1.1g/include/crypto/rand.h 2020-04-23 13:33:12.619621907 +0200 -@@ -140,4 +140,9 @@ void rand_pool_cleanup(void); - */ - void rand_pool_keep_random_devices_open(int keep); - -+/* -+ * Perform the DRBG KAT selftests -+ */ -+int rand_drbg_selftest(void); -+ - #endif diff --git a/openssl-1.1.1-fips-post-rand.patch b/openssl-1.1.1-fips-post-rand.patch deleted file mode 100644 index 027dc55..0000000 --- a/openssl-1.1.1-fips-post-rand.patch +++ /dev/null @@ -1,189 +0,0 @@ -diff -up openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand openssl-1.1.1i/crypto/fips/fips.c ---- openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand 2020-12-09 10:26:41.634106328 +0100 -+++ openssl-1.1.1i/crypto/fips/fips.c 2020-12-09 10:26:41.652106475 +0100 -@@ -68,6 +68,7 @@ - - # include - # include "internal/thread_once.h" -+# include "crypto/rand.h" - - # ifndef PATH_MAX - # define PATH_MAX 1024 -@@ -76,6 +77,7 @@ - static int fips_selftest_fail = 0; - static int fips_mode = 0; - static int fips_started = 0; -+static int fips_post = 0; - - static int fips_is_owning_thread(void); - static int fips_set_owning_thread(void); -@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void) - fips_selftest_fail = 1; - } - -+int fips_in_post(void) -+{ -+ return fips_post; -+} -+ - /* we implement what libfipscheck does ourselves */ - - static int -@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff) - } - # endif - -+ fips_post = 1; -+ - if (!FIPS_selftest()) { - fips_selftest_fail = 1; - ret = 0; -@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff) - goto end; - } - -+ fips_post = 0; -+ - fips_set_mode(onoff); -+ /* force RNG reseed with entropy from getrandom() on next call */ -+ rand_force_reseed(); -+ - ret = 1; - goto end; - } -diff -up openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1i/crypto/rand/drbg_lib.c ---- openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand 2020-12-08 14:20:59.000000000 +0100 -+++ openssl-1.1.1i/crypto/rand/drbg_lib.c 2020-12-09 10:26:41.652106475 +0100 -@@ -1005,6 +1005,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg - return min_entropy > min_entropylen ? min_entropy : min_entropylen; - } - -+void rand_force_reseed(void) -+{ -+ RAND_DRBG *drbg; -+ -+ drbg = RAND_DRBG_get0_master(); -+ drbg->fork_id = 0; -+ -+ drbg = RAND_DRBG_get0_private(); -+ drbg->fork_id = 0; -+ -+ drbg = RAND_DRBG_get0_public(); -+ drbg->fork_id = 0; -+} -+ - /* Implements the default OpenSSL RAND_add() method */ - static int drbg_add(const void *buf, int num, double randomness) - { -diff -up openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1i/crypto/rand/rand_unix.c ---- openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand 2020-12-08 14:20:59.000000000 +0100 -+++ openssl-1.1.1i/crypto/rand/rand_unix.c 2020-12-09 10:36:59.531221903 +0100 -@@ -17,10 +17,12 @@ - #include - #include "rand_local.h" - #include "crypto/rand.h" -+#include "crypto/fips.h" - #include - #include "internal/dso.h" - #ifdef __linux - # include -+# include - # ifdef DEVRANDOM_WAIT - # include - # include -@@ -344,7 +346,7 @@ static ssize_t sysctl_random(char *buf, - * syscall_random(): Try to get random data using a system call - * returns the number of bytes returned in buf, or < 0 on error. - */ --static ssize_t syscall_random(void *buf, size_t buflen) -+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock) - { - /* - * Note: 'buflen' equals the size of the buffer which is used by the -@@ -369,6 +371,7 @@ static ssize_t syscall_random(void *buf, - * Note: Sometimes getentropy() can be provided but not implemented - * internally. So we need to check errno for ENOSYS - */ -+# if 0 - # if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) - extern int getentropy(void *buffer, size_t length) __attribute__((weak)); - -@@ -394,10 +397,10 @@ static ssize_t syscall_random(void *buf, - if (p_getentropy.p != NULL) - return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; - # endif -- -+# endif - /* Linux supports this since version 3.17 */ --# if defined(__linux) && defined(__NR_getrandom) -- return syscall(__NR_getrandom, buf, buflen, 0); -+# if defined(__linux) && defined(SYS_getrandom) -+ return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0); - # elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) - return sysctl_random(buf, buflen); - # else -@@ -633,6 +636,9 @@ size_t rand_pool_acquire_entropy(RAND_PO - size_t entropy_available; - - # if defined(OPENSSL_RAND_SEED_GETRANDOM) -+ int in_post; -+ -+ for (in_post = fips_in_post(); in_post >= 0; --in_post) { - { - size_t bytes_needed; - unsigned char *buffer; -@@ -643,7 +649,7 @@ size_t rand_pool_acquire_entropy(RAND_PO - bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); - while (bytes_needed != 0 && attempts-- > 0) { - buffer = rand_pool_add_begin(pool, bytes_needed); -- bytes = syscall_random(buffer, bytes_needed); -+ bytes = syscall_random(buffer, bytes_needed, in_post); - if (bytes > 0) { - rand_pool_add_end(pool, bytes, 8 * bytes); - bytes_needed -= bytes; -@@ -678,8 +684,10 @@ size_t rand_pool_acquire_entropy(RAND_PO - int attempts = 3; - const int fd = get_random_device(i); - -- if (fd == -1) -+ if (fd == -1) { -+ OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]); - continue; -+ } - - while (bytes_needed != 0 && attempts-- > 0) { - buffer = rand_pool_add_begin(pool, bytes_needed); -@@ -742,7 +750,9 @@ size_t rand_pool_acquire_entropy(RAND_PO - return entropy_available; - } - # endif -- -+# ifdef OPENSSL_RAND_SEED_GETRANDOM -+ } -+# endif - return rand_pool_entropy_available(pool); - # endif - } -diff -up openssl-1.1.1i/include/crypto/fips.h.fips-post-rand openssl-1.1.1i/include/crypto/fips.h ---- openssl-1.1.1i/include/crypto/fips.h.fips-post-rand 2020-12-09 10:26:41.639106369 +0100 -+++ openssl-1.1.1i/include/crypto/fips.h 2020-12-09 10:26:41.657106516 +0100 -@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void); - int FIPS_selftest_drbg(void); - int FIPS_selftest_cmac(void); - -+int fips_in_post(void); -+ - int fips_pkey_signature_test(EVP_PKEY *pkey, - const unsigned char *tbs, int tbslen, - const unsigned char *kat, -diff -up openssl-1.1.1i/include/crypto/rand.h.fips-post-rand openssl-1.1.1i/include/crypto/rand.h ---- openssl-1.1.1i/include/crypto/rand.h.fips-post-rand 2020-12-08 14:20:59.000000000 +0100 -+++ openssl-1.1.1i/include/crypto/rand.h 2020-12-09 10:26:41.657106516 +0100 -@@ -24,6 +24,7 @@ - typedef struct rand_pool_st RAND_POOL; - - void rand_cleanup_int(void); -+void rand_force_reseed(void); - void rand_drbg_cleanup_int(void); - void drbg_delete_thread_state(void); - diff --git a/openssl-1.1.1-fips.patch b/openssl-1.1.1-fips.patch deleted file mode 100644 index aa3d33d..0000000 --- a/openssl-1.1.1-fips.patch +++ /dev/null @@ -1,11635 +0,0 @@ -diff -up openssl-1.1.1j/apps/pkcs12.c.fips openssl-1.1.1j/apps/pkcs12.c ---- openssl-1.1.1j/apps/pkcs12.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/apps/pkcs12.c 2021-03-03 12:57:42.194734484 +0100 -@@ -123,7 +123,7 @@ int pkcs12_main(int argc, char **argv) - int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0; - int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER; - #ifndef OPENSSL_NO_RC2 -- int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; -+ int cert_pbe = FIPS_mode() ? NID_pbe_WithSHA1And3_Key_TripleDES_CBC : NID_pbe_WithSHA1And40BitRC2_CBC; - #else - int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - #endif -diff -up openssl-1.1.1j/apps/speed.c.fips openssl-1.1.1j/apps/speed.c ---- openssl-1.1.1j/apps/speed.c.fips 2021-03-03 12:57:42.185734409 +0100 -+++ openssl-1.1.1j/apps/speed.c 2021-03-03 12:57:42.195734492 +0100 -@@ -1593,7 +1593,8 @@ int speed_main(int argc, char **argv) - continue; - if (strcmp(*argv, "rsa") == 0) { - for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++) -- rsa_doit[loop] = 1; -+ if (!FIPS_mode() || loop != R_RSA_512) -+ rsa_doit[loop] = 1; - continue; - } - if (found(*argv, rsa_choices, &i)) { -@@ -1603,7 +1604,9 @@ int speed_main(int argc, char **argv) - #endif - #ifndef OPENSSL_NO_DSA - if (strcmp(*argv, "dsa") == 0) { -- dsa_doit[R_DSA_512] = dsa_doit[R_DSA_1024] = -+ if (!FIPS_mode()) -+ dsa_doit[R_DSA_512] = 1; -+ dsa_doit[R_DSA_1024] = - dsa_doit[R_DSA_2048] = 1; - continue; - } -@@ -1634,19 +1637,21 @@ int speed_main(int argc, char **argv) - } - if (strcmp(*argv, "ecdh") == 0) { - for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) -- ecdh_doit[loop] = 1; -+ if(!FIPS_mode() || (loop != R_EC_X25519 && loop != R_EC_X448)) -+ ecdh_doit[loop] = 1; - continue; - } - if (found(*argv, ecdh_choices, &i)) { -- ecdh_doit[i] = 2; -+ if(!FIPS_mode() || (i != R_EC_X25519 && i != R_EC_X448)) -+ ecdh_doit[i] = 2; - continue; - } -- if (strcmp(*argv, "eddsa") == 0) { -+ if (!FIPS_mode() && strcmp(*argv, "eddsa") == 0) { - for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++) - eddsa_doit[loop] = 1; - continue; - } -- if (found(*argv, eddsa_choices, &i)) { -+ if (!FIPS_mode() && found(*argv, eddsa_choices, &i)) { - eddsa_doit[i] = 2; - continue; - } -@@ -1735,23 +1740,31 @@ int speed_main(int argc, char **argv) - /* No parameters; turn on everything. */ - if ((argc == 0) && !doit[D_EVP]) { - for (i = 0; i < ALGOR_NUM; i++) -- if (i != D_EVP) -+ if (i != D_EVP && -+ (!FIPS_mode() || (i != D_WHIRLPOOL && -+ i != D_MD2 && i != D_MD4 && -+ i != D_MD5 && i != D_MDC2 && -+ i != D_RMD160))) - doit[i] = 1; - #ifndef OPENSSL_NO_RSA - for (i = 0; i < RSA_NUM; i++) -- rsa_doit[i] = 1; -+ if (!FIPS_mode() || i != R_RSA_512) -+ rsa_doit[i] = 1; - #endif - #ifndef OPENSSL_NO_DSA - for (i = 0; i < DSA_NUM; i++) -- dsa_doit[i] = 1; -+ if (!FIPS_mode() || i != R_DSA_512) -+ dsa_doit[i] = 1; - #endif - #ifndef OPENSSL_NO_EC - for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++) - ecdsa_doit[loop] = 1; - for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) -- ecdh_doit[loop] = 1; -- for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++) -- eddsa_doit[loop] = 1; -+ if(!FIPS_mode() || (loop != R_EC_X25519 && loop != R_EC_X448)) -+ ecdh_doit[loop] = 1; -+ if (!FIPS_mode()) -+ for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++) -+ eddsa_doit[loop] = 1; - #endif - } - for (i = 0; i < ALGOR_NUM; i++) -@@ -1799,30 +1812,46 @@ int speed_main(int argc, char **argv) - AES_set_encrypt_key(key24, 192, &aes_ks2); - AES_set_encrypt_key(key32, 256, &aes_ks3); - #ifndef OPENSSL_NO_CAMELLIA -- Camellia_set_key(key16, 128, &camellia_ks1); -- Camellia_set_key(ckey24, 192, &camellia_ks2); -- Camellia_set_key(ckey32, 256, &camellia_ks3); -+ if (doit[D_CBC_128_CML] || doit[D_CBC_192_CML] || doit[D_CBC_256_CML]) { -+ Camellia_set_key(key16, 128, &camellia_ks1); -+ Camellia_set_key(ckey24, 192, &camellia_ks2); -+ Camellia_set_key(ckey32, 256, &camellia_ks3); -+ } - #endif - #ifndef OPENSSL_NO_IDEA -- IDEA_set_encrypt_key(key16, &idea_ks); -+ if (doit[D_CBC_IDEA]) { -+ IDEA_set_encrypt_key(key16, &idea_ks); -+ } - #endif - #ifndef OPENSSL_NO_SEED -- SEED_set_key(key16, &seed_ks); -+ if (doit[D_CBC_SEED]) { -+ SEED_set_key(key16, &seed_ks); -+ } - #endif - #ifndef OPENSSL_NO_RC4 -- RC4_set_key(&rc4_ks, 16, key16); -+ if (doit[D_RC4]) { -+ RC4_set_key(&rc4_ks, 16, key16); -+ } - #endif - #ifndef OPENSSL_NO_RC2 -- RC2_set_key(&rc2_ks, 16, key16, 128); -+ if (doit[D_CBC_RC2]) { -+ RC2_set_key(&rc2_ks, 16, key16, 128); -+ } - #endif - #ifndef OPENSSL_NO_RC5 -- RC5_32_set_key(&rc5_ks, 16, key16, 12); -+ if (doit[D_CBC_RC5]) { -+ RC5_32_set_key(&rc5_ks, 16, key16, 12); -+ } - #endif - #ifndef OPENSSL_NO_BF -- BF_set_key(&bf_ks, 16, key16); -+ if (doit[D_CBC_BF]) { -+ BF_set_key(&bf_ks, 16, key16); -+ } - #endif - #ifndef OPENSSL_NO_CAST -- CAST_set_key(&cast_ks, 16, key16); -+ if (doit[D_CBC_CAST]) { -+ CAST_set_key(&cast_ks, 16, key16); -+ } - #endif - #ifndef SIGALRM - # ifndef OPENSSL_NO_DES -@@ -2120,6 +2149,7 @@ int speed_main(int argc, char **argv) - - for (i = 0; i < loopargs_len; i++) { - loopargs[i].hctx = HMAC_CTX_new(); -+ HMAC_CTX_set_flags(loopargs[i].hctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - if (loopargs[i].hctx == NULL) { - BIO_printf(bio_err, "HMAC malloc failure, exiting..."); - exit(1); -diff -up openssl-1.1.1j/Configure.fips openssl-1.1.1j/Configure ---- openssl-1.1.1j/Configure.fips 2021-03-03 12:57:42.192734467 +0100 -+++ openssl-1.1.1j/Configure 2021-03-03 12:57:42.195734492 +0100 -@@ -329,7 +329,7 @@ $config{sdirs} = [ - "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3", - "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes", - "bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine", -- "buffer", "bio", "stack", "lhash", "rand", "err", -+ "buffer", "bio", "stack", "lhash", "rand", "err", "fips", - "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", - "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store" - ]; -diff -up openssl-1.1.1j/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1j/crypto/cmac/cm_pmeth.c ---- openssl-1.1.1j/crypto/cmac/cm_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/cmac/cm_pmeth.c 2021-03-03 12:57:42.195734492 +0100 -@@ -129,7 +129,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C - - const EVP_PKEY_METHOD cmac_pkey_meth = { - EVP_PKEY_CMAC, -- EVP_PKEY_FLAG_SIGCTX_CUSTOM, -+ EVP_PKEY_FLAG_SIGCTX_CUSTOM | EVP_PKEY_FLAG_FIPS, - pkey_cmac_init, - pkey_cmac_copy, - pkey_cmac_cleanup, -diff -up openssl-1.1.1j/crypto/dh/dh_err.c.fips openssl-1.1.1j/crypto/dh/dh_err.c ---- openssl-1.1.1j/crypto/dh/dh_err.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/dh/dh_err.c 2021-03-03 12:57:42.195734492 +0100 -@@ -25,6 +25,9 @@ static const ERR_STRING_DATA DH_str_func - {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0), - "dh_cms_set_shared_info"}, -+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_COMPUTE_KEY, 0), "DH_compute_key"}, -+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_KEY, 0), "DH_generate_key"}, -+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_PARAMETERS_EX, 0), "DH_generate_parameters_ex"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_DUP, 0), "DH_meth_dup"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_NEW, 0), "DH_meth_new"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_SET1_NAME, 0), "DH_meth_set1_name"}, -@@ -72,12 +75,14 @@ static const ERR_STRING_DATA DH_str_reas - {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PUBKEY), "invalid public key"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEYS_NOT_SET), "keys not set"}, -+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEY_SIZE_TOO_SMALL), "key size too small"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR), - "not suitable generator"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"}, -+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_NON_FIPS_METHOD), "non FIPS method"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), - "parameter encoding error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, -diff -up openssl-1.1.1j/crypto/dh/dh_gen.c.fips openssl-1.1.1j/crypto/dh/dh_gen.c ---- openssl-1.1.1j/crypto/dh/dh_gen.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/dh/dh_gen.c 2021-03-03 12:57:42.195734492 +0100 -@@ -16,6 +16,9 @@ - #include "internal/cryptlib.h" - #include - #include "dh_local.h" -+#ifdef OPENSSL_FIPS -+# include -+#endif - - static int dh_builtin_genparams(DH *ret, int prime_len, int generator, - BN_GENCB *cb); -@@ -23,6 +26,13 @@ static int dh_builtin_genparams(DH *ret, - int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, - BN_GENCB *cb) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD) -+ && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW)) { -+ DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD); -+ return 0; -+ } -+#endif - if (ret->meth->generate_params) - return ret->meth->generate_params(ret, prime_len, generator, cb); - return dh_builtin_genparams(ret, prime_len, generator, cb); -@@ -65,6 +75,18 @@ static int dh_builtin_genparams(DH *ret, - int g, ok = -1; - BN_CTX *ctx = NULL; - -+#ifdef OPENSSL_FIPS -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS, FIPS_R_FIPS_SELFTEST_FAILED); -+ return 0; -+ } -+ -+ if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN)) { -+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); -+ goto err; -+ } -+#endif -+ - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; -diff -up openssl-1.1.1j/crypto/dh/dh_key.c.fips openssl-1.1.1j/crypto/dh/dh_key.c ---- openssl-1.1.1j/crypto/dh/dh_key.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/dh/dh_key.c 2021-03-03 13:02:45.963247596 +0100 -@@ -11,6 +11,9 @@ - #include "internal/cryptlib.h" - #include "dh_local.h" - #include "crypto/bn.h" -+#ifdef OPENSSL_FIPS -+# include -+#endif - - static int generate_key(DH *dh); - static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); -@@ -34,6 +37,13 @@ int DH_compute_key(unsigned char *key, c - int ret = 0, i; - volatile size_t npad = 0, mask = 1; - -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) -+ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) { -+ DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD); -+ return 0; -+ } -+#endif - /* compute the key; ret is constant unless compute_key is external */ - if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0) - return ret; -@@ -109,6 +119,14 @@ static int generate_key(DH *dh) - BN_MONT_CTX *mont = NULL; - BIGNUM *pub_key = NULL, *priv_key = NULL; - -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() -+ && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) { -+ DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL); -+ return 0; -+ } -+#endif -+ - if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { - DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); - return 0; -@@ -206,6 +224,13 @@ static int compute_key(unsigned char *ke - DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); - goto err; - } -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() -+ && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) { -+ DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL); -+ goto err; -+ } -+#endif - - ctx = BN_CTX_new(); - if (ctx == NULL) -@@ -255,6 +280,9 @@ static int dh_bn_mod_exp(const DH *dh, B - - static int dh_init(DH *dh) - { -+#ifdef OPENSSL_FIPS -+ FIPS_selftest_check(); -+#endif - dh->flags |= DH_FLAG_CACHE_MONT_P; - return 1; - } -diff -up openssl-1.1.1j/crypto/dh/dh_pmeth.c.fips openssl-1.1.1j/crypto/dh/dh_pmeth.c ---- openssl-1.1.1j/crypto/dh/dh_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/dh/dh_pmeth.c 2021-03-03 12:57:42.196734500 +0100 -@@ -480,7 +480,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX * - - const EVP_PKEY_METHOD dh_pkey_meth = { - EVP_PKEY_DH, -- 0, -+ EVP_PKEY_FLAG_FIPS, - pkey_dh_init, - pkey_dh_copy, - pkey_dh_cleanup, -@@ -514,7 +514,7 @@ const EVP_PKEY_METHOD dh_pkey_meth = { - - const EVP_PKEY_METHOD dhx_pkey_meth = { - EVP_PKEY_DHX, -- 0, -+ EVP_PKEY_FLAG_FIPS, - pkey_dh_init, - pkey_dh_copy, - pkey_dh_cleanup, -diff -up openssl-1.1.1j/crypto/dsa/dsa_err.c.fips openssl-1.1.1j/crypto/dsa/dsa_err.c ---- openssl-1.1.1j/crypto/dsa/dsa_err.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/dsa/dsa_err.c 2021-03-03 12:57:42.196734500 +0100 -@@ -16,12 +16,15 @@ - static const ERR_STRING_DATA DSA_str_functs[] = { - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT_FP, 0), "DSAparams_print_fp"}, -+ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_KEYGEN, 0), "dsa_builtin_keygen"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN, 0), - "dsa_builtin_paramgen"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN2, 0), - "dsa_builtin_paramgen2"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, 0), "DSA_do_sign"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_VERIFY, 0), "DSA_do_verify"}, -+ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_KEY, 0), "DSA_generate_key"}, -+ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_PARAMETERS_EX, 0), "DSA_generate_parameters_ex"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"}, - {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"}, -@@ -51,11 +54,14 @@ static const ERR_STRING_DATA DSA_str_rea - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE), - "invalid digest type"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"}, -+ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_KEY_SIZE_INVALID), "key size invalid"}, -+ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY), - "missing private key"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"}, -+ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NON_FIPS_DSA_METHOD), "non FIPS DSA method"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), - "parameter encoding error"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"}, -diff -up openssl-1.1.1j/crypto/dsa/dsa_gen.c.fips openssl-1.1.1j/crypto/dsa/dsa_gen.c ---- openssl-1.1.1j/crypto/dsa/dsa_gen.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/dsa/dsa_gen.c 2021-03-03 12:57:42.196734500 +0100 -@@ -22,12 +22,22 @@ - #include - #include - #include "dsa_local.h" -+#ifdef OPENSSL_FIPS -+# include -+#endif - - int DSA_generate_parameters_ex(DSA *ret, int bits, - const unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, - BN_GENCB *cb) - { -+# ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD) -+ && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW)) { -+ DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD); -+ return 0; -+ } -+# endif - if (ret->meth->dsa_paramgen) - return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, - counter_ret, h_ret, cb); -@@ -35,9 +45,15 @@ int DSA_generate_parameters_ex(DSA *ret, - const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1(); - size_t qbits = EVP_MD_size(evpmd) * 8; - -+# ifdef OPENSSL_FIPS -+ return dsa_builtin_paramgen2(ret, bits, qbits, evpmd, -+ seed_in, seed_len, -1, NULL, counter_ret, -+ h_ret, cb); -+# else - return dsa_builtin_paramgen(ret, bits, qbits, evpmd, - seed_in, seed_len, NULL, counter_ret, - h_ret, cb); -+# endif - } - } - -@@ -309,7 +325,7 @@ int dsa_builtin_paramgen2(DSA *ret, size - int *counter_ret, unsigned long *h_ret, - BN_GENCB *cb) - { -- int ok = -1; -+ int ok = 0; - unsigned char *seed = NULL, *seed_tmp = NULL; - unsigned char md[EVP_MAX_MD_SIZE]; - int mdsize; -@@ -332,6 +348,20 @@ int dsa_builtin_paramgen2(DSA *ret, size - goto err; - } - -+# ifdef OPENSSL_FIPS -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN2, FIPS_R_FIPS_SELFTEST_FAILED); -+ goto err; -+ } -+ -+ if (FIPS_mode() && -+ (L != 2048 || N != 224) && (L != 2048 || N != 256) && -+ (L != 3072 || N != 256)) { -+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_KEY_SIZE_INVALID); -+ goto err; -+ } -+# endif -+ - if (evpmd == NULL) { - if (N == 160) - evpmd = EVP_sha1(); -@@ -432,9 +462,10 @@ int dsa_builtin_paramgen2(DSA *ret, size - goto err; - /* Provided seed didn't produce a prime: error */ - if (seed_in) { -- ok = 0; -- DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_Q_NOT_PRIME); -- goto err; -+ /* Different seed_out will indicate that seed_in -+ * did not generate primes. -+ */ -+ seed_in = NULL; - } - - /* do a callback call */ -@@ -520,11 +551,14 @@ int dsa_builtin_paramgen2(DSA *ret, size - if (counter >= (int)(4 * L)) - break; - } -+#if 0 -+ /* Cannot happen */ - if (seed_in) { - ok = 0; - DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); - goto err; - } -+#endif - } - end: - if (!BN_GENCB_call(cb, 2, 1)) -@@ -595,7 +629,7 @@ int dsa_builtin_paramgen2(DSA *ret, size - BN_free(ret->g); - ret->g = BN_dup(g); - if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { -- ok = -1; -+ ok = 0; - goto err; - } - if (counter_ret != NULL) -@@ -612,3 +646,53 @@ int dsa_builtin_paramgen2(DSA *ret, size - EVP_MD_CTX_free(mctx); - return ok; - } -+ -+#ifdef OPENSSL_FIPS -+ -+int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, -+ const EVP_MD *evpmd, const unsigned char *seed_in, -+ size_t seed_len, int idx, unsigned char *seed_out, -+ int *counter_ret, unsigned long *h_ret, -+ BN_GENCB *cb) -+{ -+ return dsa_builtin_paramgen2(ret, L, N, evpmd, seed_in, seed_len, -+ idx, seed_out, counter_ret, h_ret, cb); -+} -+ -+int FIPS_dsa_paramgen_check_g(DSA *dsa) -+{ -+ BN_CTX *ctx; -+ BIGNUM *tmp; -+ BN_MONT_CTX *mont = NULL; -+ int rv = -1; -+ -+ ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return -1; -+ if (BN_cmp(dsa->g, BN_value_one()) <= 0) -+ return 0; -+ if (BN_cmp(dsa->g, dsa->p) >= 0) -+ return 0; -+ BN_CTX_start(ctx); -+ tmp = BN_CTX_get(ctx); -+ if (tmp == NULL) -+ goto err; -+ if ((mont=BN_MONT_CTX_new()) == NULL) -+ goto err; -+ if (!BN_MONT_CTX_set(mont,dsa->p,ctx)) -+ goto err; -+ /* Work out g^q mod p */ -+ if (!BN_mod_exp_mont(tmp,dsa->g,dsa->q, dsa->p, ctx, mont)) -+ goto err; -+ if (!BN_cmp(tmp, BN_value_one())) -+ rv = 1; -+ else -+ rv = 0; -+ err: -+ BN_CTX_end(ctx); -+ BN_MONT_CTX_free(mont); -+ BN_CTX_free(ctx); -+ return rv; -+} -+ -+#endif -diff -up openssl-1.1.1j/crypto/dsa/dsa_key.c.fips openssl-1.1.1j/crypto/dsa/dsa_key.c ---- openssl-1.1.1j/crypto/dsa/dsa_key.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/dsa/dsa_key.c 2021-03-03 12:57:42.196734500 +0100 -@@ -13,10 +13,49 @@ - #include - #include "dsa_local.h" - -+#ifdef OPENSSL_FIPS -+# include -+# include "crypto/fips.h" -+ -+static int fips_check_dsa(DSA *dsa) -+{ -+ EVP_PKEY *pk; -+ unsigned char tbs[] = "DSA Pairwise Check Data"; -+ int ret = 0; -+ -+ if ((pk = EVP_PKEY_new()) == NULL) -+ goto err; -+ -+ EVP_PKEY_set1_DSA(pk, dsa); -+ -+ if (fips_pkey_signature_test(pk, tbs, -1, NULL, 0, NULL, 0, NULL)) -+ ret = 1; -+ -+ err: -+ if (ret == 0) { -+ FIPSerr(FIPS_F_FIPS_CHECK_DSA, FIPS_R_PAIRWISE_TEST_FAILED); -+ fips_set_selftest_fail(); -+ } -+ -+ if (pk) -+ EVP_PKEY_free(pk); -+ -+ return ret; -+} -+ -+#endif -+ - static int dsa_builtin_keygen(DSA *dsa); - - int DSA_generate_key(DSA *dsa) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD) -+ && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { -+ DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD); -+ return 0; -+ } -+#endif - if (dsa->meth->dsa_keygen) - return dsa->meth->dsa_keygen(dsa); - return dsa_builtin_keygen(dsa); -@@ -28,6 +67,14 @@ static int dsa_builtin_keygen(DSA *dsa) - BN_CTX *ctx = NULL; - BIGNUM *pub_key = NULL, *priv_key = NULL; - -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) -+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN)) { -+ DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL); -+ goto err; -+ } -+#endif -+ - if ((ctx = BN_CTX_new()) == NULL) - goto err; - -@@ -65,6 +112,13 @@ static int dsa_builtin_keygen(DSA *dsa) - - dsa->priv_key = priv_key; - dsa->pub_key = pub_key; -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !fips_check_dsa(dsa)) { -+ dsa->pub_key = NULL; -+ dsa->priv_key = NULL; -+ goto err; -+ } -+#endif - ok = 1; - - err: -diff -up openssl-1.1.1j/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1j/crypto/dsa/dsa_ossl.c ---- openssl-1.1.1j/crypto/dsa/dsa_ossl.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/dsa/dsa_ossl.c 2021-03-03 12:57:42.196734500 +0100 -@@ -14,6 +14,9 @@ - #include - #include "dsa_local.h" - #include -+#ifdef OPENSSL_FIPS -+# include -+#endif - - static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); - static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, -@@ -77,6 +80,19 @@ static DSA_SIG *dsa_do_sign(const unsign - goto err; - } - -+#ifdef OPENSSL_FIPS -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_DSA_DO_SIGN, FIPS_R_FIPS_SELFTEST_FAILED); -+ return NULL; -+ } -+ -+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) -+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) { -+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL); -+ return NULL; -+ } -+#endif -+ - ret = DSA_SIG_new(); - if (ret == NULL) - goto err; -@@ -315,6 +331,18 @@ static int dsa_do_verify(const unsigned - DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE); - return -1; - } -+#ifdef OPENSSL_FIPS -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_DSA_DO_VERIFY, FIPS_R_FIPS_SELFTEST_FAILED); -+ return -1; -+ } -+ -+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) -+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) { -+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL); -+ return -1; -+ } -+#endif - - if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { - DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE); -@@ -403,6 +431,9 @@ static int dsa_do_verify(const unsigned - - static int dsa_init(DSA *dsa) - { -+#ifdef OPENSSL_FIPS -+ FIPS_selftest_check(); -+#endif - dsa->flags |= DSA_FLAG_CACHE_MONT_P; - return 1; - } -diff -up openssl-1.1.1j/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1j/crypto/dsa/dsa_pmeth.c ---- openssl-1.1.1j/crypto/dsa/dsa_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/dsa/dsa_pmeth.c 2021-03-03 12:57:42.196734500 +0100 -@@ -211,8 +211,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT - BN_GENCB_free(pcb); - return 0; - } -- ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, -- NULL, 0, NULL, NULL, NULL, pcb); -+ ret = dsa_builtin_paramgen2(dsa, dctx->nbits, dctx->qbits, dctx->pmd, -+ NULL, 0, -1, NULL, NULL, NULL, pcb); - BN_GENCB_free(pcb); - if (ret) - EVP_PKEY_assign_DSA(pkey, dsa); -@@ -241,7 +241,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX - - const EVP_PKEY_METHOD dsa_pkey_meth = { - EVP_PKEY_DSA, -- EVP_PKEY_FLAG_AUTOARGLEN, -+ EVP_PKEY_FLAG_AUTOARGLEN | EVP_PKEY_FLAG_FIPS, - pkey_dsa_init, - pkey_dsa_copy, - pkey_dsa_cleanup, -diff -up openssl-1.1.1j/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1j/crypto/ec/ecdh_ossl.c ---- openssl-1.1.1j/crypto/ec/ecdh_ossl.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/ec/ecdh_ossl.c 2021-03-03 12:57:42.196734500 +0100 -@@ -19,9 +19,20 @@ - #include - #include "ec_local.h" - -+#ifdef OPENSSL_FIPS -+# include -+#endif -+ - int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen, - const EC_POINT *pub_key, const EC_KEY *ecdh) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_ECDH_COMPUTE_KEY, FIPS_R_FIPS_SELFTEST_FAILED); -+ return -1; -+ } -+#endif -+ - if (ecdh->group->meth->ecdh_compute_key == NULL) { - ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); - return 0; -diff -up openssl-1.1.1j/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1j/crypto/ec/ecdsa_ossl.c ---- openssl-1.1.1j/crypto/ec/ecdsa_ossl.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/ec/ecdsa_ossl.c 2021-03-03 12:57:42.196734500 +0100 -@@ -14,6 +14,10 @@ - #include "crypto/bn.h" - #include "ec_local.h" - -+#ifdef OPENSSL_FIPS -+# include -+#endif -+ - int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) -@@ -163,6 +167,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns - ECDSA_SIG *ret; - const BIGNUM *priv_key; - -+#ifdef OPENSSL_FIPS -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_OSSL_ECDSA_SIGN_SIG, FIPS_R_FIPS_SELFTEST_FAILED); -+ return NULL; -+ } -+#endif -+ - group = EC_KEY_get0_group(eckey); - priv_key = EC_KEY_get0_private_key(eckey); - -@@ -325,6 +336,13 @@ int ossl_ecdsa_verify_sig(const unsigned - const EC_GROUP *group; - const EC_POINT *pub_key; - -+#ifdef OPENSSL_FIPS -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_OSSL_ECDSA_VERIFY_SIG, FIPS_R_FIPS_SELFTEST_FAILED); -+ return -1; -+ } -+#endif -+ - /* check input values */ - if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || - (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -diff -up openssl-1.1.1j/crypto/ec/ec_key.c.fips openssl-1.1.1j/crypto/ec/ec_key.c ---- openssl-1.1.1j/crypto/ec/ec_key.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/ec/ec_key.c 2021-03-03 12:57:42.196734500 +0100 -@@ -179,14 +179,62 @@ ENGINE *EC_KEY_get0_engine(const EC_KEY - return eckey->engine; - } - -+#ifdef OPENSSL_FIPS -+ -+# include -+# include "crypto/fips.h" -+ -+static int fips_check_ec(EC_KEY *key) -+{ -+ EVP_PKEY *pk; -+ unsigned char tbs[] = "ECDSA Pairwise Check Data"; -+ int ret = 0; -+ -+ if (!EC_KEY_can_sign(key)) /* no test for non-signing keys */ -+ return 1; -+ -+ if ((pk = EVP_PKEY_new()) == NULL) -+ goto err; -+ -+ EVP_PKEY_set1_EC_KEY(pk, key); -+ -+ if (fips_pkey_signature_test(pk, tbs, -1, NULL, 0, NULL, 0, NULL)) -+ ret = 1; -+ -+ err: -+ if (ret == 0) { -+ FIPSerr(FIPS_F_FIPS_CHECK_EC, FIPS_R_PAIRWISE_TEST_FAILED); -+ fips_set_selftest_fail(); -+ } -+ if (pk) -+ EVP_PKEY_free(pk); -+ return ret; -+} -+ -+#endif -+ - int EC_KEY_generate_key(EC_KEY *eckey) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_selftest_failed()) { -+ ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_NOT_INITIALIZED); -+ return 0; -+ } -+#endif - if (eckey == NULL || eckey->group == NULL) { - ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } -- if (eckey->meth->keygen != NULL) -- return eckey->meth->keygen(eckey); -+ if (eckey->meth->keygen != NULL) { -+ int rv = eckey->meth->keygen(eckey); -+ -+#ifdef OPENSSL_FIPS -+ if (rv > 0 && FIPS_mode()) { -+ rv = fips_check_ec(eckey); -+ } -+#endif -+ return rv; -+ } - ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); - return 0; - } -diff -up openssl-1.1.1j/crypto/ec/ec_pmeth.c.fips openssl-1.1.1j/crypto/ec/ec_pmeth.c ---- openssl-1.1.1j/crypto/ec/ec_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/ec/ec_pmeth.c 2021-03-03 12:57:42.197734509 +0100 -@@ -438,7 +438,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX * - - const EVP_PKEY_METHOD ec_pkey_meth = { - EVP_PKEY_EC, -- 0, -+ EVP_PKEY_FLAG_FIPS, - pkey_ec_init, - pkey_ec_copy, - pkey_ec_cleanup, -diff -up openssl-1.1.1j/crypto/evp/digest.c.fips openssl-1.1.1j/crypto/evp/digest.c ---- openssl-1.1.1j/crypto/evp/digest.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/evp/digest.c 2021-03-03 12:57:42.197734509 +0100 -@@ -14,6 +14,9 @@ - #include - #include "crypto/evp.h" - #include "evp_local.h" -+#ifdef OPENSSL_FIPS -+# include -+#endif - - /* This call frees resources associated with the context */ - int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) -@@ -66,6 +69,12 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons - int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) - { - EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); -+#ifdef OPENSSL_FIPS -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_EVP_DIGESTINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED); -+ return 0; -+ } -+#endif - #ifndef OPENSSL_NO_ENGINE - /* - * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so -@@ -119,6 +128,15 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c - } - #endif - if (ctx->digest != type) { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode()) { -+ if (!(type->flags & EVP_MD_FLAG_FIPS) -+ && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) { -+ EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); -+ return 0; -+ } -+ } -+#endif - if (ctx->digest && ctx->digest->ctx_size) { - OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); - ctx->md_data = NULL; -@@ -150,6 +168,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c - - int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) - { -+#ifdef OPENSSL_FIPS -+ FIPS_selftest_check(); -+#endif -+ - if (count == 0) - return 1; - -@@ -170,6 +192,9 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, - { - int ret; - -+#ifdef OPENSSL_FIPS -+ FIPS_selftest_check(); -+#endif - OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); - ret = ctx->digest->final(ctx, md); - if (size != NULL) -diff -up openssl-1.1.1j/crypto/evp/e_aes.c.fips openssl-1.1.1j/crypto/evp/e_aes.c ---- openssl-1.1.1j/crypto/evp/e_aes.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/evp/e_aes.c 2021-03-03 12:57:42.197734509 +0100 -@@ -397,7 +397,7 @@ static int aesni_xts_init_key(EVP_CIPHER - * This addresses Rogaway's vulnerability. - * See comment in aes_xts_init_key() below. - */ -- if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { -+ if (CRYPTO_memcmp(key, key + bytes, bytes) == 0) { - EVPerr(EVP_F_AESNI_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); - return 0; - } -@@ -817,7 +817,7 @@ static int aes_t4_xts_init_key(EVP_CIPHE - * This addresses Rogaway's vulnerability. - * See comment in aes_xts_init_key() below. - */ -- if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { -+ if (CRYPTO_memcmp(key, key + bytes, bytes) == 0) { - EVPerr(EVP_F_AES_T4_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); - return 0; - } -@@ -2833,9 +2833,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX - return 1; - } - --BLOCK_CIPHER_generic_pack(NID_aes, 128, 0) -- BLOCK_CIPHER_generic_pack(NID_aes, 192, 0) -- BLOCK_CIPHER_generic_pack(NID_aes, 256, 0) -+BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS) -+ BLOCK_CIPHER_generic_pack(NID_aes, 192, EVP_CIPH_FLAG_FIPS) -+ BLOCK_CIPHER_generic_pack(NID_aes, 256, EVP_CIPH_FLAG_FIPS) - - static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) - { -@@ -2869,6 +2869,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * - case EVP_CTRL_AEAD_SET_IVLEN: - if (arg <= 0) - return 0; -+# ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) -+ && arg < 12) -+ return 0; -+# endif - /* Allocate memory for IV if needed */ - if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { - if (gctx->iv != c->iv) -@@ -3318,11 +3323,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX - | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_CUSTOM_IV_LENGTH) - - BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | -+ CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | -+ CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | -+ CUSTOM_FLAGS) - - static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - { -@@ -3380,7 +3388,7 @@ static int aes_xts_init_key(EVP_CIPHER_C - * BEFORE using the keys in the XTS-AES algorithm to process - * data with them." - */ -- if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { -+ if (CRYPTO_memcmp(key, key + bytes, bytes) == 0) { - EVPerr(EVP_F_AES_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); - return 0; - } -@@ -3484,6 +3492,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX - return 0; - if (!out || !in || len < AES_BLOCK_SIZE) - return 0; -+# ifdef OPENSSL_FIPS -+ /* Requirement of SP800-38E */ -+ if (FIPS_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && -+ (len > (1UL << 20) * 16)) { -+ EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE); -+ return 0; -+ } -+# endif - if (xctx->stream) - (*xctx->stream) (in, out, len, - xctx->xts.key1, xctx->xts.key2, -@@ -3501,8 +3517,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY) - --BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS) -- BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS) -+BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, -+ EVP_CIPH_FLAG_FIPS | XTS_FLAGS) -+ BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, -+ EVP_CIPH_FLAG_FIPS | XTS_FLAGS) - - static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - { -@@ -3772,11 +3790,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX - #define aes_ccm_cleanup NULL - - BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - - typedef struct { - union { -@@ -3869,7 +3887,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT - return rv ? (int)rv : -1; - } - --#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE \ -+#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_FLAG_FIPS \ - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) - -diff -up openssl-1.1.1j/crypto/evp/e_des3.c.fips openssl-1.1.1j/crypto/evp/e_des3.c ---- openssl-1.1.1j/crypto/evp/e_des3.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/evp/e_des3.c 2021-03-03 12:57:42.197734509 +0100 -@@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, - # define des_ede3_cbc_cipher des_ede_cbc_cipher - # define des_ede3_ecb_cipher des_ede_ecb_cipher - BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, -- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, -- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) -+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | -+ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, -+ des3_ctrl) - - BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, -- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, -- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) -+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | -+ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, -+ NULL, des3_ctrl) - - BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, -- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, -- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) -+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | -+ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, -+ NULL, des3_ctrl) - - static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -diff -up openssl-1.1.1j/crypto/evp/e_null.c.fips openssl-1.1.1j/crypto/evp/e_null.c ---- openssl-1.1.1j/crypto/evp/e_null.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/evp/e_null.c 2021-03-03 12:57:42.197734509 +0100 -@@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c - const unsigned char *in, size_t inl); - static const EVP_CIPHER n_cipher = { - NID_undef, -- 1, 0, 0, 0, -+ 1, 0, 0, -+ EVP_CIPH_FLAG_FIPS, - null_init_key, - null_cipher, - NULL, -diff -up openssl-1.1.1j/crypto/evp/evp_enc.c.fips openssl-1.1.1j/crypto/evp/evp_enc.c ---- openssl-1.1.1j/crypto/evp/evp_enc.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/evp/evp_enc.c 2021-03-03 12:57:42.197734509 +0100 -@@ -18,9 +18,18 @@ - #include - #include "crypto/evp.h" - #include "evp_local.h" -+#ifdef OPENSSL_FIPS -+# include -+#endif - - int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_EVP_CIPHER_CTX_RESET, FIPS_R_FIPS_SELFTEST_FAILED); -+ return 0; -+ } -+#endif - if (c == NULL) - return 1; - if (c->cipher != NULL) { -@@ -40,6 +49,12 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX - - EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_EVP_CIPHER_CTX_NEW, FIPS_R_FIPS_SELFTEST_FAILED); -+ return NULL; -+ } -+#endif - return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX)); - } - -@@ -68,6 +83,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct - enc = 1; - ctx->encrypt = enc; - } -+#ifdef OPENSSL_FIPS -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_EVP_CIPHERINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED); -+ return 0; -+ } -+#endif - #ifndef OPENSSL_NO_ENGINE - /* - * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so -@@ -137,7 +158,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct - } - ctx->key_len = cipher->key_len; - /* Preserve wrap enable flag, zero everything else */ -- ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; -+ ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW | EVP_CIPH_FLAG_NON_FIPS_ALLOW; - if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { - ctx->cipher = NULL; -@@ -196,6 +217,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct - return 0; - } - } -+#ifdef OPENSSL_FIPS -+ /* After 'key' is set no further parameters changes are permissible. -+ * So only check for non FIPS enabling at this point. -+ */ -+ if (key && FIPS_mode()) { -+ if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS) -+ & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) { -+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS); -+ return 0; -+ } -+ } -+#endif - - if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { - if (!ctx->cipher->init(ctx, key, iv, enc)) -diff -up openssl-1.1.1j/crypto/evp/evp_err.c.fips openssl-1.1.1j/crypto/evp/evp_err.c ---- openssl-1.1.1j/crypto/evp/evp_err.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/evp/evp_err.c 2021-03-03 12:57:42.198734517 +0100 -@@ -23,6 +23,7 @@ static const ERR_STRING_DATA EVP_str_fun - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_XTS_INIT_KEY, 0), - "aes_t4_xts_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"}, -+ {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_CIPHER, 0), "aes_xts_cipher"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_INIT_KEY, 0), "aes_xts_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"}, -@@ -186,6 +187,7 @@ static const ERR_STRING_DATA EVP_str_rea - "different key types"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS), - "different parameters"}, -+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DISABLED_FOR_FIPS), "disabled for FIPS"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION), - "error loading section"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE), -@@ -251,6 +253,7 @@ static const ERR_STRING_DATA EVP_str_rea - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR), - "private key encode error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, -+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_TOO_LARGE), "too large"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"}, -@@ -276,6 +279,8 @@ static const ERR_STRING_DATA EVP_str_rea - "wrap mode not allowed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH), - "wrong final block length"}, -+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE), -+ "xts data unit is too large"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS), - "xts duplicated keys"}, - {0, NULL} -diff -up openssl-1.1.1j/crypto/evp/evp_lib.c.fips openssl-1.1.1j/crypto/evp/evp_lib.c ---- openssl-1.1.1j/crypto/evp/evp_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/evp/evp_lib.c 2021-03-03 12:57:42.198734517 +0100 -@@ -192,6 +192,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C - int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) - { -+#ifdef OPENSSL_FIPS -+ FIPS_selftest_check(); -+#endif - return ctx->cipher->do_cipher(ctx, out, in, inl); - } - -diff -up openssl-1.1.1j/crypto/evp/m_sha1.c.fips openssl-1.1.1j/crypto/evp/m_sha1.c ---- openssl-1.1.1j/crypto/evp/m_sha1.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/evp/m_sha1.c 2021-03-03 12:57:42.198734517 +0100 -@@ -95,7 +95,7 @@ static const EVP_MD sha1_md = { - NID_sha1, - NID_sha1WithRSAEncryption, - SHA_DIGEST_LENGTH, -- EVP_MD_FLAG_DIGALGID_ABSENT, -+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, - init, - update, - final, -@@ -145,7 +145,7 @@ static const EVP_MD sha224_md = { - NID_sha224, - NID_sha224WithRSAEncryption, - SHA224_DIGEST_LENGTH, -- EVP_MD_FLAG_DIGALGID_ABSENT, -+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, - init224, - update224, - final224, -@@ -164,7 +164,7 @@ static const EVP_MD sha256_md = { - NID_sha256, - NID_sha256WithRSAEncryption, - SHA256_DIGEST_LENGTH, -- EVP_MD_FLAG_DIGALGID_ABSENT, -+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, - init256, - update256, - final256, -@@ -224,7 +224,7 @@ static const EVP_MD sha512_224_md = { - NID_sha512_224, - NID_sha512_224WithRSAEncryption, - SHA224_DIGEST_LENGTH, -- EVP_MD_FLAG_DIGALGID_ABSENT, -+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, - init512_224, - update512, - final512, -@@ -243,7 +243,7 @@ static const EVP_MD sha512_256_md = { - NID_sha512_256, - NID_sha512_256WithRSAEncryption, - SHA256_DIGEST_LENGTH, -- EVP_MD_FLAG_DIGALGID_ABSENT, -+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, - init512_256, - update512, - final512, -@@ -262,7 +262,7 @@ static const EVP_MD sha384_md = { - NID_sha384, - NID_sha384WithRSAEncryption, - SHA384_DIGEST_LENGTH, -- EVP_MD_FLAG_DIGALGID_ABSENT, -+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, - init384, - update384, - final384, -@@ -281,7 +281,7 @@ static const EVP_MD sha512_md = { - NID_sha512, - NID_sha512WithRSAEncryption, - SHA512_DIGEST_LENGTH, -- EVP_MD_FLAG_DIGALGID_ABSENT, -+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, - init512, - update512, - final512, -diff -up openssl-1.1.1j/crypto/evp/m_sha3.c.fips openssl-1.1.1j/crypto/evp/m_sha3.c ---- openssl-1.1.1j/crypto/evp/m_sha3.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/evp/m_sha3.c 2021-03-03 12:57:42.198734517 +0100 -@@ -295,7 +295,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) - NID_sha3_##bitlen, \ - NID_RSA_SHA3_##bitlen, \ - bitlen / 8, \ -- EVP_MD_FLAG_DIGALGID_ABSENT, \ -+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, \ - s390x_sha3_init, \ - s390x_sha3_update, \ - s390x_sha3_final, \ -@@ -308,7 +308,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) - NID_sha3_##bitlen, \ - NID_RSA_SHA3_##bitlen, \ - bitlen / 8, \ -- EVP_MD_FLAG_DIGALGID_ABSENT, \ -+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, \ - sha3_init, \ - sha3_update, \ - sha3_final, \ -@@ -329,7 +329,7 @@ const EVP_MD *EVP_shake##bitlen(void) - NID_shake##bitlen, \ - 0, \ - bitlen / 8, \ -- EVP_MD_FLAG_XOF, \ -+ EVP_MD_FLAG_XOF | EVP_MD_FLAG_FIPS, \ - s390x_shake_init, \ - s390x_sha3_update, \ - s390x_shake_final, \ -@@ -343,7 +343,7 @@ const EVP_MD *EVP_shake##bitlen(void) - NID_shake##bitlen, \ - 0, \ - bitlen / 8, \ -- EVP_MD_FLAG_XOF, \ -+ EVP_MD_FLAG_XOF | EVP_MD_FLAG_FIPS, \ - shake_init, \ - sha3_update, \ - sha3_final, \ -@@ -367,7 +367,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) - NID_sha3_##bitlen, \ - NID_RSA_SHA3_##bitlen, \ - bitlen / 8, \ -- EVP_MD_FLAG_DIGALGID_ABSENT, \ -+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, \ - sha3_init, \ - sha3_update, \ - sha3_final, \ -@@ -386,7 +386,7 @@ const EVP_MD *EVP_shake##bitlen(void) - NID_shake##bitlen, \ - 0, \ - bitlen / 8, \ -- EVP_MD_FLAG_XOF, \ -+ EVP_MD_FLAG_XOF | EVP_MD_FLAG_FIPS, \ - shake_init, \ - sha3_update, \ - sha3_final, \ -diff -up openssl-1.1.1j/crypto/evp/pmeth_lib.c.fips openssl-1.1.1j/crypto/evp/pmeth_lib.c ---- openssl-1.1.1j/crypto/evp/pmeth_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/evp/pmeth_lib.c 2021-03-03 12:57:42.198734517 +0100 -@@ -131,7 +131,15 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKE - pmeth = ENGINE_get_pkey_meth(e, id); - else - #endif -+ { - pmeth = EVP_PKEY_meth_find(id); -+#ifdef OPENSSL_FIPS -+ if (pmeth && !(pmeth->flags & EVP_PKEY_FLAG_FIPS) && FIPS_mode()) { -+ EVPerr(EVP_F_INT_CTX_NEW, EVP_R_DISABLED_FOR_FIPS); -+ return NULL; -+ } -+#endif -+ } - - if (pmeth == NULL) { - #ifndef OPENSSL_NO_ENGINE -diff -up openssl-1.1.1j/crypto/fips/build.info.fips openssl-1.1.1j/crypto/fips/build.info ---- openssl-1.1.1j/crypto/fips/build.info.fips 2021-03-03 12:57:42.198734517 +0100 -+++ openssl-1.1.1j/crypto/fips/build.info 2021-03-03 12:57:42.198734517 +0100 -@@ -0,0 +1,15 @@ -+LIBS=../../libcrypto -+SOURCE[../../libcrypto]=\ -+ fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c \ -+ fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c \ -+ fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ -+ fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \ -+ fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \ -+ fips_dh_selftest.c fips_ers.c -+ -+PROGRAMS_NO_INST=\ -+ fips_standalone_hmac -+ -+SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c -+INCLUDE[fips_standalone_hmac]=../../include -+DEPEND[fips_standalone_hmac]=../../libcrypto -diff -up openssl-1.1.1j/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_aes_selftest.c ---- openssl-1.1.1j/crypto/fips/fips_aes_selftest.c.fips 2021-03-03 12:57:42.198734517 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_aes_selftest.c 2021-03-03 12:57:42.198734517 +0100 -@@ -0,0 +1,372 @@ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include -+#include -+#ifdef OPENSSL_FIPS -+# include -+# include "crypto/fips.h" -+#endif -+ -+#ifdef OPENSSL_FIPS -+static const struct { -+ const unsigned char key[16]; -+ const unsigned char plaintext[16]; -+ const unsigned char ciphertext[16]; -+} tests[] = { -+ { -+ { -+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}, { -+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, -+ 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF}, { -+0x69, 0xC4, 0xE0, 0xD8, 0x6A, 0x7B, 0x04, 0x30, -+ 0xD8, 0xCD, 0xB7, 0x80, 0x70, 0xB4, 0xC5, 0x5A},},}; -+ -+int FIPS_selftest_aes() -+{ -+ int n; -+ int ret = 0; -+ EVP_CIPHER_CTX *ctx; -+ -+ ctx = EVP_CIPHER_CTX_new(); -+ if (ctx == NULL) -+ goto err; -+ -+ for (n = 0; n < 1; ++n) { -+ unsigned char key[16]; -+ -+ memcpy(key, tests[n].key, sizeof(key)); -+ if (fips_cipher_test(ctx, EVP_aes_128_ecb(), -+ key, NULL, -+ tests[n].plaintext, -+ tests[n].ciphertext, 16) <= 0) -+ goto err; -+ } -+ ret = 1; -+ err: -+ EVP_CIPHER_CTX_free(ctx); -+ if (ret == 0) -+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES, FIPS_R_SELFTEST_FAILED); -+ return ret; -+} -+ -+/* AES-CCM test data from NIST public test vectors */ -+ -+static const unsigned char ccm_key[] = { -+ 0xce, 0xb0, 0x09, 0xae, 0xa4, 0x45, 0x44, 0x51, 0xfe, 0xad, 0xf0, 0xe6, -+ 0xb3, 0x6f, 0x45, 0x55, 0x5d, 0xd0, 0x47, 0x23, 0xba, 0xa4, 0x48, 0xe8 -+}; -+ -+static const unsigned char ccm_nonce[] = { -+ 0x76, 0x40, 0x43, 0xc4, 0x94, 0x60, 0xb7 -+}; -+ -+static const unsigned char ccm_adata[] = { -+ 0x6e, 0x80, 0xdd, 0x7f, 0x1b, 0xad, 0xf3, 0xa1, 0xc9, 0xab, 0x25, 0xc7, -+ 0x5f, 0x10, 0xbd, 0xe7, 0x8c, 0x23, 0xfa, 0x0e, 0xb8, 0xf9, 0xaa, 0xa5, -+ 0x3a, 0xde, 0xfb, 0xf4, 0xcb, 0xf7, 0x8f, 0xe4 -+}; -+ -+static const unsigned char ccm_pt[] = { -+ 0xc8, 0xd2, 0x75, 0xf9, 0x19, 0xe1, 0x7d, 0x7f, 0xe6, 0x9c, 0x2a, 0x1f, -+ 0x58, 0x93, 0x9d, 0xfe, 0x4d, 0x40, 0x37, 0x91, 0xb5, 0xdf, 0x13, 0x10 -+}; -+ -+static const unsigned char ccm_ct[] = { -+ 0x8a, 0x0f, 0x3d, 0x82, 0x29, 0xe4, 0x8e, 0x74, 0x87, 0xfd, 0x95, 0xa2, -+ 0x8a, 0xd3, 0x92, 0xc8, 0x0b, 0x36, 0x81, 0xd4, 0xfb, 0xc7, 0xbb, 0xfd -+}; -+ -+static const unsigned char ccm_tag[] = { -+ 0x2d, 0xd6, 0xef, 0x1c, 0x45, 0xd4, 0xcc, 0xb7, 0x23, 0xdc, 0x07, 0x44, -+ 0x14, 0xdb, 0x50, 0x6d -+}; -+ -+int FIPS_selftest_aes_ccm(void) -+{ -+ int ret = 0; -+ unsigned char out[128], tag[16]; -+ EVP_CIPHER_CTX *ctx; -+ -+ ctx = EVP_CIPHER_CTX_new(); -+ if (ctx == NULL) -+ goto err; -+ -+ memset(out, 0, sizeof(out)); -+ if (!EVP_CipherInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 1)) -+ goto err; -+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, -+ sizeof(ccm_nonce), NULL)) -+ goto err; -+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, -+ sizeof(ccm_tag), NULL)) -+ goto err; -+ if (!EVP_CipherInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce, 1)) -+ goto err; -+ if (EVP_Cipher(ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt)) -+ goto err; -+ if (EVP_Cipher(ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0) -+ goto err; -+ if (EVP_Cipher(ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct)) -+ goto err; -+ -+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, 16, tag)) -+ goto err; -+ if (memcmp(tag, ccm_tag, sizeof(ccm_tag)) -+ || memcmp(out, ccm_ct, sizeof(ccm_ct))) -+ goto err; -+ -+ memset(out, 0, sizeof(out)); -+ -+ if (!EVP_CipherInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 0)) -+ goto err; -+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, -+ sizeof(ccm_nonce), NULL)) -+ goto err; -+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, 16, tag)) -+ goto err; -+ if (!EVP_CipherInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce, 0)) -+ goto err; -+ if (EVP_Cipher(ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct)) -+ goto err; -+ if (EVP_Cipher(ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0) -+ goto err; -+ if (EVP_Cipher(ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt)) -+ goto err; -+ -+ if (memcmp(out, ccm_pt, sizeof(ccm_pt))) -+ goto err; -+ -+ ret = 1; -+ -+ err: -+ EVP_CIPHER_CTX_free(ctx); -+ -+ if (ret == 0) { -+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM, FIPS_R_SELFTEST_FAILED); -+ return 0; -+ } else -+ return ret; -+ -+} -+ -+/* AES-GCM test data from NIST public test vectors */ -+ -+static const unsigned char gcm_key[] = { -+ 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66, -+ 0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69, -+ 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f -+}; -+ -+static const unsigned char gcm_iv[] = { -+ 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84 -+}; -+ -+static const unsigned char gcm_pt[] = { -+ 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, 0xeb, 0x31, 0xb2, 0xea, -+ 0xcc, 0x2b, 0xf2, 0xa5 -+}; -+ -+static const unsigned char gcm_aad[] = { -+ 0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, 0xdb, 0x37, 0x0c, 0x43, -+ 0x7f, 0xec, 0x78, 0xde -+}; -+ -+static const unsigned char gcm_ct[] = { -+ 0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, 0xd5, 0x36, 0x86, 0x7e, -+ 0xb9, 0xf2, 0x17, 0x36 -+}; -+ -+static const unsigned char gcm_tag[] = { -+ 0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, 0xd7, 0x37, 0xee, 0x62, -+ 0x98, 0xf7, 0x7e, 0x0c -+}; -+ -+int FIPS_selftest_aes_gcm(void) -+{ -+ int ret = 0; -+ unsigned char out[128], tag[16]; -+ EVP_CIPHER_CTX *ctx; -+ -+ ctx = EVP_CIPHER_CTX_new(); -+ if (ctx == NULL) -+ goto err; -+ -+ memset(out, 0, sizeof(out)); -+ memset(tag, 0, sizeof(tag)); -+ if (!EVP_CipherInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 1)) -+ goto err; -+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, -+ sizeof(gcm_iv), NULL)) -+ goto err; -+ if (!EVP_CipherInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv, 1)) -+ goto err; -+ if (EVP_Cipher(ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0) -+ goto err; -+ if (EVP_Cipher(ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct)) -+ goto err; -+ if (EVP_Cipher(ctx, NULL, NULL, 0) < 0) -+ goto err; -+ -+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) -+ goto err; -+ -+ if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16)) -+ goto err; -+ -+ memset(out, 0, sizeof(out)); -+ -+ if (!EVP_CipherInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 0)) -+ goto err; -+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, -+ sizeof(gcm_iv), NULL)) -+ goto err; -+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag)) -+ goto err; -+ if (!EVP_CipherInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv, 0)) -+ goto err; -+ if (EVP_Cipher(ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0) -+ goto err; -+ if (EVP_Cipher(ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt)) -+ goto err; -+ if (EVP_Cipher(ctx, NULL, NULL, 0) < 0) -+ goto err; -+ -+ if (memcmp(out, gcm_pt, 16)) -+ goto err; -+ -+ ret = 1; -+ -+ err: -+ EVP_CIPHER_CTX_free(ctx); -+ -+ if (ret == 0) { -+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM, FIPS_R_SELFTEST_FAILED); -+ return 0; -+ } else -+ return ret; -+ -+} -+ -+static const unsigned char XTS_128_key[] = { -+ 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35, 0x3b, 0x2c, 0x34, 0x38, -+ 0x76, 0x08, 0x17, 0x62, 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18, -+ 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f -+}; -+ -+static const unsigned char XTS_128_i[] = { -+ 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, 0x6e, 0x4b, 0x92, 0x01, -+ 0x3e, 0x76, 0x8a, 0xd5 -+}; -+ -+static const unsigned char XTS_128_pt[] = { -+ 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, 0x6f, 0xb3, 0x50, 0x39, -+ 0x07, 0x90, 0x31, 0x1c -+}; -+ -+static const unsigned char XTS_128_ct[] = { -+ 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a, 0x82, 0x50, 0x81, 0xd5, -+ 0xbe, 0x47, 0x1c, 0x63 -+}; -+ -+static const unsigned char XTS_256_key[] = { -+ 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e, 0x48, 0x01, 0xe4, 0x2f, -+ 0x4b, 0x09, 0x47, 0x14, 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7, -+ 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c, 0xd6, 0xe1, 0x3f, 0xfd, -+ 0xf2, 0x41, 0x8d, 0x8d, 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3, -+ 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58, 0x31, 0x8e, 0xea, 0x39, -+ 0x2c, 0xf4, 0x1b, 0x08 -+}; -+ -+static const unsigned char XTS_256_i[] = { -+ 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2, 0xf0, 0x42, 0x8e, 0x84, -+ 0xa9, 0xf8, 0x75, 0x64 -+}; -+ -+static const unsigned char XTS_256_pt[] = { -+ 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1, 0xac, 0xc6, 0x47, 0xe8, -+ 0x10, 0xbb, 0xc3, 0x64, 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3, -+ 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e -+}; -+ -+static const unsigned char XTS_256_ct[] = { -+ 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5, 0x0b, 0x37, 0xf9, 0x34, -+ 0xd4, 0x6a, 0x9b, 0x13, 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a, -+ 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb -+}; -+ -+int FIPS_selftest_aes_xts() -+{ -+ int ret = 1; -+ EVP_CIPHER_CTX *ctx; -+ -+ ctx = EVP_CIPHER_CTX_new(); -+ if (ctx == NULL) -+ goto err; -+ -+ if (fips_cipher_test(ctx, EVP_aes_128_xts(), -+ XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct, -+ sizeof(XTS_128_pt)) <= 0) -+ ret = 0; -+ -+ if (fips_cipher_test(ctx, EVP_aes_256_xts(), -+ XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct, -+ sizeof(XTS_256_pt)) <= 0) -+ ret = 0; -+ -+ EVP_CIPHER_CTX_free(ctx); -+ -+ err: -+ if (ret == 0) -+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS, FIPS_R_SELFTEST_FAILED); -+ return ret; -+} -+ -+#endif -diff -up openssl-1.1.1j/crypto/fips/fips.c.fips openssl-1.1.1j/crypto/fips/fips.c ---- openssl-1.1.1j/crypto/fips/fips.c.fips 2021-03-03 12:57:42.198734517 +0100 -+++ openssl-1.1.1j/crypto/fips/fips.c 2021-03-03 12:57:42.198734517 +0100 -@@ -0,0 +1,526 @@ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#define _GNU_SOURCE -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "fips_locl.h" -+ -+#ifdef OPENSSL_FIPS -+ -+# include -+# include "internal/thread_once.h" -+ -+# ifndef PATH_MAX -+# define PATH_MAX 1024 -+# endif -+ -+static int fips_selftest_fail = 0; -+static int fips_mode = 0; -+static int fips_started = 0; -+ -+static int fips_is_owning_thread(void); -+static int fips_set_owning_thread(void); -+static int fips_clear_owning_thread(void); -+ -+static CRYPTO_RWLOCK *fips_lock = NULL; -+static CRYPTO_RWLOCK *fips_owning_lock = NULL; -+static CRYPTO_ONCE fips_lock_init = CRYPTO_ONCE_STATIC_INIT; -+ -+DEFINE_RUN_ONCE_STATIC(do_fips_lock_init) -+{ -+ fips_lock = CRYPTO_THREAD_lock_new(); -+ fips_owning_lock = CRYPTO_THREAD_lock_new(); -+ return fips_lock != NULL && fips_owning_lock != NULL; -+} -+ -+# define fips_w_lock() CRYPTO_THREAD_write_lock(fips_lock) -+# define fips_w_unlock() CRYPTO_THREAD_unlock(fips_lock) -+# define fips_r_lock() CRYPTO_THREAD_read_lock(fips_lock) -+# define fips_r_unlock() CRYPTO_THREAD_unlock(fips_lock) -+ -+static void fips_set_mode(int onoff) -+{ -+ int owning_thread = fips_is_owning_thread(); -+ -+ if (fips_started) { -+ if (!owning_thread) -+ fips_w_lock(); -+ fips_mode = onoff; -+ if (!owning_thread) -+ fips_w_unlock(); -+ } -+} -+ -+int FIPS_module_mode(void) -+{ -+ int ret = 0; -+ int owning_thread = fips_is_owning_thread(); -+ -+ if (fips_started) { -+ if (!owning_thread) -+ fips_r_lock(); -+ ret = fips_mode; -+ if (!owning_thread) -+ fips_r_unlock(); -+ } -+ return ret; -+} -+ -+/* just a compat symbol - return NULL */ -+int FIPS_selftest_failed(void) -+{ -+ int ret = 0; -+ if (fips_started) { -+ int owning_thread = fips_is_owning_thread(); -+ -+ if (!owning_thread) -+ fips_r_lock(); -+ ret = fips_selftest_fail; -+ if (!owning_thread) -+ fips_r_unlock(); -+ } -+ return ret; -+} -+ -+/* Selftest failure fatal exit routine. This will be called -+ * during *any* cryptographic operation. It has the minimum -+ * overhead possible to avoid too big a performance hit. -+ */ -+ -+void FIPS_selftest_check(void) -+{ -+ if (fips_selftest_fail) { -+ OpenSSLDie(__FILE__, __LINE__, "FATAL FIPS SELFTEST FAILURE"); -+ } -+} -+ -+void fips_set_selftest_fail(void) -+{ -+ fips_selftest_fail = 1; -+} -+ -+/* we implement what libfipscheck does ourselves */ -+ -+static int -+get_library_path(const char *libname, const char *symbolname, char *path, -+ size_t pathlen) -+{ -+ Dl_info info; -+ void *dl, *sym; -+ int rv = -1; -+ -+ dl = dlopen(libname, RTLD_LAZY); -+ if (dl == NULL) { -+ return -1; -+ } -+ -+ sym = dlsym(dl, symbolname); -+ -+ if (sym != NULL && dladdr(sym, &info)) { -+ strncpy(path, info.dli_fname, pathlen - 1); -+ path[pathlen - 1] = '\0'; -+ rv = 0; -+ } -+ -+ dlclose(dl); -+ -+ return rv; -+} -+ -+static const char conv[] = "0123456789abcdef"; -+ -+static char *bin2hex(void *buf, size_t len) -+{ -+ char *hex, *p; -+ unsigned char *src = buf; -+ -+ hex = malloc(len * 2 + 1); -+ if (hex == NULL) -+ return NULL; -+ -+ p = hex; -+ -+ while (len > 0) { -+ unsigned c; -+ -+ c = *src; -+ src++; -+ -+ *p = conv[c >> 4]; -+ ++p; -+ *p = conv[c & 0x0f]; -+ ++p; -+ --len; -+ } -+ *p = '\0'; -+ return hex; -+} -+ -+# define HMAC_PREFIX "." -+# ifndef HMAC_SUFFIX -+# define HMAC_SUFFIX ".hmac" -+# endif -+# define READ_BUFFER_LENGTH 16384 -+ -+static char *make_hmac_path(const char *origpath) -+{ -+ char *path, *p; -+ const char *fn; -+ -+ path = -+ malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath)); -+ if (path == NULL) { -+ return NULL; -+ } -+ -+ fn = strrchr(origpath, '/'); -+ if (fn == NULL) { -+ fn = origpath; -+ } else { -+ ++fn; -+ } -+ -+ strncpy(path, origpath, fn - origpath); -+ p = path + (fn - origpath); -+ p = stpcpy(p, HMAC_PREFIX); -+ p = stpcpy(p, fn); -+ p = stpcpy(p, HMAC_SUFFIX); -+ -+ return path; -+} -+ -+static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP"; -+ -+static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen) -+{ -+ FILE *f = NULL; -+ int rv = -1; -+ unsigned char rbuf[READ_BUFFER_LENGTH]; -+ size_t len; -+ unsigned int hlen; -+ HMAC_CTX *c; -+ -+ c = HMAC_CTX_new(); -+ if (c == NULL) -+ return rv; -+ -+ f = fopen(path, "r"); -+ -+ if (f == NULL) { -+ goto end; -+ } -+ -+ if (HMAC_Init_ex(c, hmackey, sizeof(hmackey) - 1, EVP_sha256(), NULL) <= 0) { -+ goto end; -+ } -+ -+ while ((len = fread(rbuf, 1, sizeof(rbuf), f)) != 0) { -+ if (HMAC_Update(c, rbuf, len) <= 0) { -+ goto end; -+ } -+ } -+ -+ len = sizeof(rbuf); -+ /* reuse rbuf for hmac */ -+ if (HMAC_Final(c, rbuf, &hlen) <= 0) { -+ goto end; -+ } -+ -+ *buf = malloc(hlen); -+ if (*buf == NULL) { -+ goto end; -+ } -+ -+ *hmaclen = hlen; -+ -+ memcpy(*buf, rbuf, hlen); -+ -+ rv = 0; -+ end: -+ HMAC_CTX_free(c); -+ -+ if (f) -+ fclose(f); -+ -+ return rv; -+} -+ -+static int FIPSCHECK_verify(const char *path) -+{ -+ int rv = 0; -+ FILE *hf; -+ char *hmacpath, *p; -+ char *hmac = NULL; -+ size_t n; -+ -+ hmacpath = make_hmac_path(path); -+ if (hmacpath == NULL) -+ return 0; -+ -+ hf = fopen(hmacpath, "r"); -+ if (hf == NULL) { -+ free(hmacpath); -+ return 0; -+ } -+ -+ if (getline(&hmac, &n, hf) > 0) { -+ void *buf; -+ size_t hmaclen; -+ char *hex; -+ -+ if ((p = strchr(hmac, '\n')) != NULL) -+ *p = '\0'; -+ -+ if (compute_file_hmac(path, &buf, &hmaclen) < 0) { -+ rv = -4; -+ goto end; -+ } -+ -+ if ((hex = bin2hex(buf, hmaclen)) == NULL) { -+ free(buf); -+ rv = -5; -+ goto end; -+ } -+ -+ if (strcmp(hex, hmac) != 0) { -+ rv = -1; -+ } -+ free(buf); -+ free(hex); -+ } else { -+ rv = -1; -+ } -+ -+ end: -+ free(hmac); -+ free(hmacpath); -+ fclose(hf); -+ -+ if (rv < 0) -+ return 0; -+ -+ /* check successful */ -+ return 1; -+} -+ -+static int verify_checksums(void) -+{ -+ int rv; -+ char path[PATH_MAX + 1]; -+ char *p; -+ -+ /* we need to avoid dlopening libssl, assume both libcrypto and libssl -+ are in the same directory */ -+ -+ rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER, -+ "FIPS_mode_set", path, sizeof(path)); -+ if (rv < 0) -+ return 0; -+ -+ rv = FIPSCHECK_verify(path); -+ if (!rv) -+ return 0; -+ -+ /* replace libcrypto with libssl */ -+ while ((p = strstr(path, "libcrypto.so")) != NULL) { -+ p = stpcpy(p, "libssl"); -+ memmove(p, p + 3, strlen(p + 2)); -+ } -+ -+ rv = FIPSCHECK_verify(path); -+ if (!rv) -+ return 0; -+ return 1; -+} -+ -+# ifndef FIPS_MODULE_PATH -+# define FIPS_MODULE_PATH "/etc/system-fips" -+# endif -+ -+int FIPS_module_installed(void) -+{ -+ int rv; -+ rv = access(FIPS_MODULE_PATH, F_OK); -+ if (rv < 0 && errno != ENOENT) -+ rv = 0; -+ -+ /* Installed == true */ -+ return !rv || FIPS_module_mode(); -+} -+ -+int FIPS_module_mode_set(int onoff) -+{ -+ int ret = 0; -+ -+ if (!RUN_ONCE(&fips_lock_init, do_fips_lock_init)) -+ return 0; -+ -+ fips_w_lock(); -+ fips_started = 1; -+ fips_set_owning_thread(); -+ -+ if (onoff) { -+ -+ fips_selftest_fail = 0; -+ -+ /* Don't go into FIPS mode twice, just so we can do automagic -+ seeding */ -+ if (FIPS_module_mode()) { -+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET, -+ FIPS_R_FIPS_MODE_ALREADY_SET); -+ fips_selftest_fail = 1; -+ ret = 0; -+ goto end; -+ } -+# ifdef OPENSSL_IA32_SSE2 -+ { -+ extern unsigned int OPENSSL_ia32cap_P[2]; -+ if ((OPENSSL_ia32cap_P[0] & (1 << 25 | 1 << 26)) != -+ (1 << 25 | 1 << 26)) { -+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET, -+ FIPS_R_UNSUPPORTED_PLATFORM); -+ fips_selftest_fail = 1; -+ ret = 0; -+ goto end; -+ } -+ } -+# endif -+ -+ if (!FIPS_selftest()) { -+ fips_selftest_fail = 1; -+ ret = 0; -+ goto end; -+ } -+ -+ if (!verify_checksums()) { -+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET, -+ FIPS_R_FINGERPRINT_DOES_NOT_MATCH); -+ fips_selftest_fail = 1; -+ ret = 0; -+ goto end; -+ } -+ -+ fips_set_mode(onoff); -+ ret = 1; -+ goto end; -+ } -+ fips_set_mode(0); -+ fips_selftest_fail = 0; -+ ret = 1; -+ end: -+ fips_clear_owning_thread(); -+ fips_w_unlock(); -+ return ret; -+} -+ -+static CRYPTO_THREAD_ID fips_threadid; -+static int fips_thread_set = 0; -+ -+static int fips_is_owning_thread(void) -+{ -+ int ret = 0; -+ -+ if (fips_started) { -+ CRYPTO_THREAD_read_lock(fips_owning_lock); -+ if (fips_thread_set) { -+ CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id(); -+ if (CRYPTO_THREAD_compare_id(fips_threadid, cur)) -+ ret = 1; -+ } -+ CRYPTO_THREAD_unlock(fips_owning_lock); -+ } -+ return ret; -+} -+ -+int fips_set_owning_thread(void) -+{ -+ int ret = 0; -+ -+ if (fips_started) { -+ CRYPTO_THREAD_write_lock(fips_owning_lock); -+ if (!fips_thread_set) { -+ fips_threadid = CRYPTO_THREAD_get_current_id(); -+ ret = 1; -+ fips_thread_set = 1; -+ } -+ CRYPTO_THREAD_unlock(fips_owning_lock); -+ } -+ return ret; -+} -+ -+int fips_clear_owning_thread(void) -+{ -+ int ret = 0; -+ -+ if (fips_started) { -+ CRYPTO_THREAD_write_lock(fips_owning_lock); -+ if (fips_thread_set) { -+ CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id(); -+ if (CRYPTO_THREAD_compare_id(fips_threadid, cur)) -+ fips_thread_set = 0; -+ } -+ CRYPTO_THREAD_unlock(fips_owning_lock); -+ } -+ return ret; -+} -+ -+#endif -diff -up openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c ---- openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c.fips 2021-03-03 12:57:42.199734525 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c 2021-03-03 12:57:42.199734525 +0100 -@@ -0,0 +1,156 @@ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include -+#include -+#include -+#include "crypto/fips.h" -+#include -+#include "fips_locl.h" -+ -+#ifdef OPENSSL_FIPS -+typedef struct { -+ int nid; -+ const unsigned char key[EVP_MAX_KEY_LENGTH]; -+ size_t keysize; -+ const unsigned char msg[64]; -+ size_t msgsize; -+ const unsigned char mac[32]; -+ size_t macsize; -+} CMAC_KAT; -+ -+/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */ -+static const CMAC_KAT vector[] = { -+ {NID_aes_128_cbc, /* Count = 32 from CMACGenAES128.txt */ -+ {0x77, 0xa7, 0x7f, 0xaf, 0x29, 0x0c, 0x1f, 0xa3, -+ 0x0c, 0x68, 0x3d, 0xf1, 0x6b, 0xa7, 0xa7, 0x7b,}, 128, -+ {0x02, 0x06, 0x83, 0xe1, 0xf0, 0x39, 0x2f, 0x4c, -+ 0xac, 0x54, 0x31, 0x8b, 0x60, 0x29, 0x25, 0x9e, -+ 0x9c, 0x55, 0x3d, 0xbc, 0x4b, 0x6a, 0xd9, 0x98, -+ 0xe6, 0x4d, 0x58, 0xe4, 0xe7, 0xdc, 0x2e, 0x13,}, 256, -+ {0xfb, 0xfe, 0xa4, 0x1b,}, 32}, -+ {NID_aes_192_cbc, /* Count = 23 from CMACGenAES192.txt */ -+ {0x7b, 0x32, 0x39, 0x13, 0x69, 0xaa, 0x4c, 0xa9, -+ 0x75, 0x58, 0x09, 0x5b, 0xe3, 0xc3, 0xec, 0x86, -+ 0x2b, 0xd0, 0x57, 0xce, 0xf1, 0xe3, 0x2d, 0x62,}, 192, -+ {0x0}, 0, -+ {0xe4, 0xd9, 0x34, 0x0b, 0x03, 0xe6, 0x7d, 0xef, -+ 0xd4, 0x96, 0x9c, 0xc1, 0xed, 0x37, 0x35, 0xe6,}, 128, -+ }, -+ {NID_aes_256_cbc, /* Count = 33 from CMACGenAES256.txt */ -+ {0x0b, 0x12, 0x2a, 0xc8, 0xf3, 0x4e, 0xd1, 0xfe, -+ 0x08, 0x2a, 0x36, 0x25, 0xd1, 0x57, 0x56, 0x14, -+ 0x54, 0x16, 0x7a, 0xc1, 0x45, 0xa1, 0x0b, 0xbf, -+ 0x77, 0xc6, 0xa7, 0x05, 0x96, 0xd5, 0x74, 0xf1,}, 256, -+ {0x49, 0x8b, 0x53, 0xfd, 0xec, 0x87, 0xed, 0xcb, -+ 0xf0, 0x70, 0x97, 0xdc, 0xcd, 0xe9, 0x3a, 0x08, -+ 0x4b, 0xad, 0x75, 0x01, 0xa2, 0x24, 0xe3, 0x88, -+ 0xdf, 0x34, 0x9c, 0xe1, 0x89, 0x59, 0xfe, 0x84, -+ 0x85, 0xf8, 0xad, 0x15, 0x37, 0xf0, 0xd8, 0x96, -+ 0xea, 0x73, 0xbe, 0xdc, 0x72, 0x14, 0x71, 0x3f,}, 384, -+ {0xf6, 0x2c, 0x46, 0x32, 0x9b,}, 40, -+ }, -+ {NID_des_ede3_cbc, /* Count = 41 from CMACGenTDES3.req */ -+ {0x89, 0xbc, 0xd9, 0x52, 0xa8, 0xc8, 0xab, 0x37, -+ 0x1a, 0xf4, 0x8a, 0xc7, 0xd0, 0x70, 0x85, 0xd5, -+ 0xef, 0xf7, 0x02, 0xe6, 0xd6, 0x2c, 0xdc, 0x23,}, 192, -+ {0xfa, 0x62, 0x0c, 0x1b, 0xbe, 0x97, 0x31, 0x9e, -+ 0x9a, 0x0c, 0xf0, 0x49, 0x21, 0x21, 0xf7, 0xa2, -+ 0x0e, 0xb0, 0x8a, 0x6a, 0x70, 0x9d, 0xcb, 0xd0, -+ 0x0a, 0xaf, 0x38, 0xe4, 0xf9, 0x9e, 0x75, 0x4e,}, 256, -+ {0x8f, 0x49, 0xa1, 0xb7, 0xd6, 0xaa, 0x22, 0x58,}, 64, -+ }, -+}; -+ -+int FIPS_selftest_cmac() -+{ -+ size_t n, outlen; -+ unsigned char out[32]; -+ const EVP_CIPHER *cipher; -+ CMAC_CTX *ctx = CMAC_CTX_new(); -+ const CMAC_KAT *t; -+ int rv = 1; -+ -+ for (n = 0, t = vector; n < sizeof(vector) / sizeof(vector[0]); n++, t++) { -+ cipher = EVP_get_cipherbynid(t->nid); -+ if (!cipher) { -+ rv = -1; -+ goto err; -+ } -+ if (!CMAC_Init(ctx, t->key, t->keysize / 8, cipher, 0)) { -+ rv = -1; -+ goto err; -+ } -+ if (!CMAC_Update(ctx, t->msg, t->msgsize / 8)) { -+ rv = -1; -+ goto err; -+ } -+ -+ if (!CMAC_Final(ctx, out, &outlen)) { -+ rv = -1; -+ goto err; -+ } -+ -+ if (outlen < t->macsize / 8 || memcmp(out, t->mac, t->macsize / 8)) { -+ rv = 0; -+ } -+ } -+ -+ err: -+ CMAC_CTX_free(ctx); -+ -+ if (rv == -1) { -+ rv = 0; -+ } -+ if (!rv) -+ FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC, FIPS_R_SELFTEST_FAILED); -+ -+ return rv; -+} -+#endif -diff -up openssl-1.1.1j/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_des_selftest.c ---- openssl-1.1.1j/crypto/fips/fips_des_selftest.c.fips 2021-03-03 12:57:42.199734525 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_des_selftest.c 2021-03-03 12:57:42.199734525 +0100 -@@ -0,0 +1,133 @@ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include -+#include -+#ifdef OPENSSL_FIPS -+# include -+# include "crypto/fips.h" -+#endif -+#include -+ -+#ifdef OPENSSL_FIPS -+ -+static const struct { -+ const unsigned char key[16]; -+ const unsigned char plaintext[8]; -+ const unsigned char ciphertext[8]; -+} tests2[] = { -+ { -+ { -+ 0x7c, 0x4f, 0x6e, 0xf7, 0xa2, 0x04, 0x16, 0xec, -+ 0x0b, 0x6b, 0x7c, 0x9e, 0x5e, 0x19, 0xa7, 0xc4}, { -+ 0x06, 0xa7, 0xd8, 0x79, 0xaa, 0xce, 0x69, 0xef}, { -+ 0x4c, 0x11, 0x17, 0x55, 0xbf, 0xc4, 0x4e, 0xfd} -+ }, { -+ { -+ 0x5d, 0x9e, 0x01, 0xd3, 0x25, 0xc7, 0x3e, 0x34, -+ 0x01, 0x16, 0x7c, 0x85, 0x23, 0xdf, 0xe0, 0x68}, { -+ 0x9c, 0x50, 0x09, 0x0f, 0x5e, 0x7d, 0x69, 0x7e}, { -+ 0xd2, 0x0b, 0x18, 0xdf, 0xd9, 0x0d, 0x9e, 0xff},} -+}; -+ -+static const struct { -+ const unsigned char key[24]; -+ const unsigned char plaintext[8]; -+ const unsigned char ciphertext[8]; -+} tests3[] = { -+ { -+ { -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, -+ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0}, { -+ 0x8f, 0x8f, 0xbf, 0x9b, 0x5d, 0x48, 0xb4, 0x1c}, { -+ 0x59, 0x8c, 0xe5, 0xd3, 0x6c, 0xa2, 0xea, 0x1b},}, { -+ { -+ 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0xFE, -+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, -+ 0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4}, { -+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, { -+0x11, 0x25, 0xb0, 0x35, 0xbe, 0xa0, 0x82, 0x86},},}; -+ -+int FIPS_selftest_des() -+{ -+ int n, ret = 0; -+ EVP_CIPHER_CTX *ctx; -+ -+ ctx = EVP_CIPHER_CTX_new(); -+ if (ctx == NULL) -+ goto err; -+ -+ /* Encrypt/decrypt with 2-key 3DES and compare to known answers */ -+ for (n = 0; n < 2; ++n) { -+ unsigned char plaintext[8]; -+ -+ memcpy(plaintext, tests2[n].plaintext, sizeof(plaintext)); -+ if (!fips_cipher_test(ctx, EVP_des_ede_ecb(), -+ tests2[n].key, NULL, -+ plaintext, tests2[n].ciphertext, 8)) -+ goto err; -+ } -+ -+ /* Encrypt/decrypt with 3DES and compare to known answers */ -+ for (n = 0; n < 2; ++n) { -+ if (!fips_cipher_test(ctx, EVP_des_ede3_ecb(), -+ tests3[n].key, NULL, -+ tests3[n].plaintext, tests3[n].ciphertext, 8)) -+ goto err; -+ } -+ ret = 1; -+ err: -+ EVP_CIPHER_CTX_free(ctx); -+ if (ret == 0) -+ FIPSerr(FIPS_F_FIPS_SELFTEST_DES, FIPS_R_SELFTEST_FAILED); -+ -+ return ret; -+} -+#endif -diff -up openssl-1.1.1j/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_dh_selftest.c ---- openssl-1.1.1j/crypto/fips/fips_dh_selftest.c.fips 2021-03-03 12:57:42.199734525 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_dh_selftest.c 2021-03-03 12:57:42.199734525 +0100 -@@ -0,0 +1,180 @@ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * Copyright (c) 2013 Red Hat, Inc. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "fips_locl.h" -+ -+#ifdef OPENSSL_FIPS -+ -+static const unsigned char dh_test_2048_p[] = { -+ 0xAE, 0xEC, 0xEE, 0x22, 0xFA, 0x3A, 0xA5, 0x22, 0xC0, 0xDE, 0x0F, 0x09, -+ 0x7E, 0x17, 0xC0, 0x05, 0xF9, 0xF1, 0xE7, 0xC6, 0x87, 0x14, 0x6D, 0x11, -+ 0xE7, 0xAE, 0xED, 0x2F, 0x72, 0x59, 0xC5, 0xA9, 0x9B, 0xB8, 0x02, 0xA5, -+ 0xF3, 0x69, 0x70, 0xD6, 0xDD, 0x90, 0xF9, 0x19, 0x79, 0xBE, 0x60, 0x8F, -+ 0x25, 0x92, 0x30, 0x1C, 0x51, 0x51, 0x38, 0x26, 0x82, 0x25, 0xE6, 0xFC, -+ 0xED, 0x65, 0x96, 0x8F, 0x57, 0xE5, 0x53, 0x8B, 0x38, 0x63, 0xC7, 0xCE, -+ 0xBC, 0x1B, 0x4D, 0x18, 0x2A, 0x5B, 0x04, 0x3F, 0x6A, 0x3C, 0x94, 0x39, -+ 0xAE, 0x36, 0xD6, 0x5E, 0x0F, 0xA2, 0xCC, 0xD0, 0xD4, 0xD5, 0xC6, 0x1E, -+ 0xF6, 0xA0, 0xF5, 0x89, 0x4E, 0xB4, 0x0B, 0xA4, 0xB3, 0x2B, 0x3D, 0xE2, -+ 0x4E, 0xE1, 0x49, 0x25, 0x99, 0x5F, 0x32, 0x16, 0x33, 0x32, 0x1B, 0x7A, -+ 0xA5, 0x5C, 0x6B, 0x34, 0x0D, 0x39, 0x99, 0xDC, 0xF0, 0x76, 0xE5, 0x5A, -+ 0xD4, 0x71, 0x00, 0xED, 0x5A, 0x73, 0xFB, 0xC8, 0x01, 0xAD, 0x99, 0xCF, -+ 0x99, 0x52, 0x7C, 0x9C, 0x64, 0xC6, 0x76, 0x40, 0x57, 0xAF, 0x59, 0xD7, -+ 0x38, 0x0B, 0x40, 0xDE, 0x33, 0x0D, 0xB8, 0x76, 0xEC, 0xA9, 0xD8, 0x73, -+ 0xF8, 0xEF, 0x26, 0x66, 0x06, 0x27, 0xDD, 0x7C, 0xA4, 0x10, 0x9C, 0xA6, -+ 0xAA, 0xF9, 0x53, 0x62, 0x73, 0x1D, 0xBA, 0x1C, 0xF1, 0x67, 0xF4, 0x35, -+ 0xED, 0x6F, 0x37, 0x92, 0xE8, 0x4F, 0x6C, 0xBA, 0x52, 0x6E, 0xA1, 0xED, -+ 0xDA, 0x9F, 0x85, 0x11, 0x82, 0x52, 0x62, 0x08, 0x44, 0xF1, 0x30, 0x03, -+ 0xC3, 0x38, 0x2C, 0x79, 0xBD, 0xD4, 0x43, 0x45, 0xEE, 0x8E, 0x50, 0xFC, -+ 0x29, 0x46, 0x9A, 0xFE, 0x54, 0x1A, 0x19, 0x8F, 0x4B, 0x84, 0x08, 0xDE, -+ 0x20, 0x62, 0x73, 0xCC, 0xDD, 0x7E, 0xF0, 0xEF, 0xA2, 0xFD, 0x86, 0x58, -+ 0x4B, 0xD8, 0x37, 0xEB -+}; -+ -+static const unsigned char dh_test_2048_g[] = { -+ 0x02 -+}; -+ -+static const unsigned char dh_test_2048_pub_key[] = { -+ 0xA0, 0x39, 0x11, 0x77, 0x9A, 0xC1, 0x30, 0x1F, 0xBE, 0x48, 0xA7, 0xAA, -+ 0xA0, 0x84, 0x54, 0x64, 0xAD, 0x1B, 0x70, 0xFA, 0x13, 0x55, 0x63, 0xD2, -+ 0x1F, 0x62, 0x32, 0x93, 0x8E, 0xC9, 0x3E, 0x09, 0xA7, 0x64, 0xE4, 0x12, -+ 0x6E, 0x1B, 0xF2, 0x92, 0x3B, 0xB9, 0xCB, 0x56, 0xEA, 0x07, 0x88, 0xB5, -+ 0xA6, 0xBC, 0x16, 0x1F, 0x27, 0xFE, 0xD8, 0xAA, 0x40, 0xB2, 0xB0, 0x2D, -+ 0x37, 0x76, 0xA6, 0xA4, 0x82, 0x2C, 0x0E, 0x22, 0x64, 0x9D, 0xCB, 0xD1, -+ 0x00, 0xB7, 0x89, 0x14, 0x72, 0x4E, 0xBE, 0x48, 0x41, 0xF8, 0xB2, 0x51, -+ 0x11, 0x09, 0x4B, 0x22, 0x01, 0x23, 0x39, 0x96, 0xE0, 0x15, 0xD7, 0x9F, -+ 0x60, 0xD1, 0xB7, 0xAE, 0xFE, 0x5F, 0xDB, 0xE7, 0x03, 0x17, 0x97, 0xA6, -+ 0x16, 0x74, 0xBD, 0x53, 0x81, 0x19, 0xC5, 0x47, 0x5E, 0xCE, 0x8D, 0xED, -+ 0x45, 0x5D, 0x3C, 0x00, 0xA0, 0x0A, 0x68, 0x6A, 0xE0, 0x8E, 0x06, 0x46, -+ 0x6F, 0xD7, 0xF9, 0xDF, 0x31, 0x7E, 0x77, 0x44, 0x0D, 0x98, 0xE0, 0xCA, -+ 0x98, 0x09, 0x52, 0x04, 0x90, 0xEA, 0x6D, 0xF4, 0x30, 0x69, 0x8F, 0xB1, -+ 0x9B, 0xC1, 0x43, 0xDB, 0xD5, 0x8D, 0xC8, 0x8E, 0xB6, 0x0B, 0x05, 0xBE, -+ 0x0E, 0xC5, 0x99, 0xC8, 0x6E, 0x4E, 0xF3, 0xCB, 0xC3, 0x5E, 0x9B, 0x53, -+ 0xF7, 0x06, 0x1C, 0x4F, 0xC7, 0xB8, 0x6E, 0x30, 0x18, 0xCA, 0x9B, 0xB9, -+ 0xBC, 0x5F, 0x17, 0x72, 0x29, 0x5A, 0xE5, 0xD9, 0x96, 0xB7, 0x0B, 0xF3, -+ 0x2D, 0x8C, 0xF1, 0xE1, 0x0E, 0x0D, 0x74, 0xD5, 0x9D, 0xF0, 0x06, 0xA9, -+ 0xB4, 0x95, 0x63, 0x76, 0x46, 0x55, 0x48, 0x82, 0x39, 0x90, 0xEF, 0x56, -+ 0x75, 0x34, 0xB8, 0x34, 0xC3, 0x18, 0x6E, 0x1E, 0xAD, 0xE3, 0x48, 0x7E, -+ 0x93, 0x2C, 0x23, 0xE7, 0xF8, 0x90, 0x73, 0xB1, 0x77, 0x80, 0x67, 0xA9, -+ 0x36, 0x9E, 0xDA, 0xD2 -+}; -+ -+static const unsigned char dh_test_2048_priv_key[] = { -+ 0x0C, 0x4B, 0x30, 0x89, 0xD1, 0xB8, 0x62, 0xCB, 0x3C, 0x43, 0x64, 0x91, -+ 0xF0, 0x91, 0x54, 0x70, 0xC5, 0x27, 0x96, 0xE3, 0xAC, 0xBE, 0xE8, 0x00, -+ 0xEC, 0x55, 0xF6, 0xCC -+}; -+ -+int FIPS_selftest_dh() -+{ -+ DH *dh = NULL; -+ int ret = 0; -+ void *pub_key_bin = NULL; -+ int len; -+ BIGNUM *p = NULL, *g = NULL, *priv_key = NULL, *tmp_pub_key = NULL; -+ const BIGNUM *pub_key; -+ -+ fips_load_key_component(p, dh_test_2048); -+ fips_load_key_component(g, dh_test_2048); -+ /* note that the private key is much shorter than normally used -+ * but still g ** priv_key > p -+ */ -+ fips_load_key_component(priv_key, dh_test_2048); -+ if ((tmp_pub_key = BN_new()) == NULL) -+ goto err; -+ -+ dh = DH_new(); -+ -+ if (dh == NULL) -+ goto err; -+ -+ DH_set0_pqg(dh, p, NULL, g); -+ DH_set0_key(dh, tmp_pub_key, priv_key); -+ -+ if (DH_generate_key(dh) <= 0) -+ goto err; -+ -+ DH_get0_key(dh, &pub_key, NULL); -+ -+ if (pub_key == NULL) -+ goto err; -+ -+ len = BN_num_bytes(pub_key); -+ if ((pub_key_bin = OPENSSL_malloc(len)) == NULL) -+ goto err; -+ BN_bn2bin(pub_key, pub_key_bin); -+ -+ if (len != sizeof(dh_test_2048_pub_key) || -+ memcmp(pub_key_bin, dh_test_2048_pub_key, len) != 0) -+ goto err; -+ -+ ret = 1; -+ -+ err: -+ if (dh) -+ DH_free(dh); -+ else { -+ BN_free(p); -+ BN_free(g); -+ BN_free(priv_key); -+ BN_free(tmp_pub_key); -+ } -+ -+ OPENSSL_free(pub_key_bin); -+ return ret; -+} -+#endif -diff -up openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c ---- openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c.fips 2021-03-03 12:57:42.199734525 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c 2021-03-03 12:57:42.199734525 +0100 -@@ -0,0 +1,406 @@ -+/* fips/rand/fips_drbg_ctr.c */ -+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include "fips_rand_lcl.h" -+ -+static void inc_128(DRBG_CTR_CTX * cctx) -+{ -+ int i; -+ unsigned char c; -+ unsigned char *p = cctx->V + 15; -+ for (i = 0; i < 16; i++) { -+ c = *p; -+ c++; -+ *p = c; -+ if (c) -+ return; -+ p--; -+ } -+} -+ -+static void ctr_XOR(DRBG_CTR_CTX * cctx, const unsigned char *in, -+ size_t inlen) -+{ -+ size_t i, n; -+ /* Any zero padding will have no effect on the result as we -+ * are XORing. So just process however much input we have. -+ */ -+ -+ if (!in || !inlen) -+ return; -+ -+ if (inlen < cctx->keylen) -+ n = inlen; -+ else -+ n = cctx->keylen; -+ -+ for (i = 0; i < n; i++) -+ cctx->K[i] ^= in[i]; -+ if (inlen <= cctx->keylen) -+ return; -+ -+ n = inlen - cctx->keylen; -+ /* Should never happen */ -+ if (n > 16) -+ n = 16; -+ for (i = 0; i < 16; i++) -+ cctx->V[i] ^= in[i + cctx->keylen]; -+} -+ -+/* Process a complete block using BCC algorithm of SPP 800-90 10.4.3 */ -+ -+static void ctr_BCC_block(DRBG_CTR_CTX * cctx, unsigned char *out, -+ const unsigned char *in) -+{ -+ int i; -+ for (i = 0; i < 16; i++) -+ out[i] ^= in[i]; -+ AES_encrypt(out, out, &cctx->df_ks); -+#if 0 -+ fprintf(stderr, "BCC in+out\n"); -+ BIO_dump_fp(stderr, in, 16); -+ BIO_dump_fp(stderr, out, 16); -+#endif -+} -+ -+/* Handle several BCC operations for as much data as we need for K and X */ -+static void ctr_BCC_blocks(DRBG_CTR_CTX * cctx, const unsigned char *in) -+{ -+ ctr_BCC_block(cctx, cctx->KX, in); -+ ctr_BCC_block(cctx, cctx->KX + 16, in); -+ if (cctx->keylen != 16) -+ ctr_BCC_block(cctx, cctx->KX + 32, in); -+} -+ -+/* Initialise BCC blocks: these have the value 0,1,2 in leftmost positions: -+ * see 10.4.2 stage 7. -+ */ -+static void ctr_BCC_init(DRBG_CTR_CTX * cctx) -+{ -+ memset(cctx->KX, 0, 48); -+ memset(cctx->bltmp, 0, 16); -+ ctr_BCC_block(cctx, cctx->KX, cctx->bltmp); -+ cctx->bltmp[3] = 1; -+ ctr_BCC_block(cctx, cctx->KX + 16, cctx->bltmp); -+ if (cctx->keylen != 16) { -+ cctx->bltmp[3] = 2; -+ ctr_BCC_block(cctx, cctx->KX + 32, cctx->bltmp); -+ } -+} -+ -+/* Process several blocks into BCC algorithm, some possibly partial */ -+static void ctr_BCC_update(DRBG_CTR_CTX * cctx, -+ const unsigned char *in, size_t inlen) -+{ -+ if (!in || !inlen) -+ return; -+ /* If we have partial block handle it first */ -+ if (cctx->bltmp_pos) { -+ size_t left = 16 - cctx->bltmp_pos; -+ /* If we now have a complete block process it */ -+ if (inlen >= left) { -+ memcpy(cctx->bltmp + cctx->bltmp_pos, in, left); -+ ctr_BCC_blocks(cctx, cctx->bltmp); -+ cctx->bltmp_pos = 0; -+ inlen -= left; -+ in += left; -+ } -+ } -+ /* Process zero or more complete blocks */ -+ while (inlen >= 16) { -+ ctr_BCC_blocks(cctx, in); -+ in += 16; -+ inlen -= 16; -+ } -+ /* Copy any remaining partial block to the temporary buffer */ -+ if (inlen > 0) { -+ memcpy(cctx->bltmp + cctx->bltmp_pos, in, inlen); -+ cctx->bltmp_pos += inlen; -+ } -+} -+ -+static void ctr_BCC_final(DRBG_CTR_CTX * cctx) -+{ -+ if (cctx->bltmp_pos) { -+ memset(cctx->bltmp + cctx->bltmp_pos, 0, 16 - cctx->bltmp_pos); -+ ctr_BCC_blocks(cctx, cctx->bltmp); -+ } -+} -+ -+static void ctr_df(DRBG_CTR_CTX * cctx, -+ const unsigned char *in1, size_t in1len, -+ const unsigned char *in2, size_t in2len, -+ const unsigned char *in3, size_t in3len) -+{ -+ size_t inlen; -+ unsigned char *p = cctx->bltmp; -+ static unsigned char c80 = 0x80; -+ -+ ctr_BCC_init(cctx); -+ if (!in1) -+ in1len = 0; -+ if (!in2) -+ in2len = 0; -+ if (!in3) -+ in3len = 0; -+ inlen = in1len + in2len + in3len; -+ /* Initialise L||N in temporary block */ -+ *p++ = (inlen >> 24) & 0xff; -+ *p++ = (inlen >> 16) & 0xff; -+ *p++ = (inlen >> 8) & 0xff; -+ *p++ = inlen & 0xff; -+ /* NB keylen is at most 32 bytes */ -+ *p++ = 0; -+ *p++ = 0; -+ *p++ = 0; -+ *p = (unsigned char)((cctx->keylen + 16) & 0xff); -+ cctx->bltmp_pos = 8; -+ ctr_BCC_update(cctx, in1, in1len); -+ ctr_BCC_update(cctx, in2, in2len); -+ ctr_BCC_update(cctx, in3, in3len); -+ ctr_BCC_update(cctx, &c80, 1); -+ ctr_BCC_final(cctx); -+ /* Set up key K */ -+ AES_set_encrypt_key(cctx->KX, cctx->keylen * 8, &cctx->df_kxks); -+ /* X follows key K */ -+ AES_encrypt(cctx->KX + cctx->keylen, cctx->KX, &cctx->df_kxks); -+ AES_encrypt(cctx->KX, cctx->KX + 16, &cctx->df_kxks); -+ if (cctx->keylen != 16) -+ AES_encrypt(cctx->KX + 16, cctx->KX + 32, &cctx->df_kxks); -+#if 0 -+ fprintf(stderr, "Output of ctr_df:\n"); -+ BIO_dump_fp(stderr, cctx->KX, cctx->keylen + 16); -+#endif -+} -+ -+/* NB the no-df Update in SP800-90 specifies a constant input length -+ * of seedlen, however other uses of this algorithm pad the input with -+ * zeroes if necessary and have up to two parameters XORed together, -+ * handle both cases in this function instead. -+ */ -+ -+static void ctr_Update(DRBG_CTX *dctx, -+ const unsigned char *in1, size_t in1len, -+ const unsigned char *in2, size_t in2len, -+ const unsigned char *nonce, size_t noncelen) -+{ -+ DRBG_CTR_CTX *cctx = &dctx->d.ctr; -+ /* ks is already setup for correct key */ -+ inc_128(cctx); -+ AES_encrypt(cctx->V, cctx->K, &cctx->ks); -+ /* If keylen longer than 128 bits need extra encrypt */ -+ if (cctx->keylen != 16) { -+ inc_128(cctx); -+ AES_encrypt(cctx->V, cctx->K + 16, &cctx->ks); -+ } -+ inc_128(cctx); -+ AES_encrypt(cctx->V, cctx->V, &cctx->ks); -+ /* If 192 bit key part of V is on end of K */ -+ if (cctx->keylen == 24) { -+ memcpy(cctx->V + 8, cctx->V, 8); -+ memcpy(cctx->V, cctx->K + 24, 8); -+ } -+ -+ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) { -+ /* If no input reuse existing derived value */ -+ if (in1 || nonce || in2) -+ ctr_df(cctx, in1, in1len, nonce, noncelen, in2, in2len); -+ /* If this a reuse input in1len != 0 */ -+ if (in1len) -+ ctr_XOR(cctx, cctx->KX, dctx->seedlen); -+ } else { -+ ctr_XOR(cctx, in1, in1len); -+ ctr_XOR(cctx, in2, in2len); -+ } -+ -+ AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks); -+#if 0 -+ fprintf(stderr, "K+V after update is:\n"); -+ BIO_dump_fp(stderr, cctx->K, cctx->keylen); -+ BIO_dump_fp(stderr, cctx->V, 16); -+#endif -+} -+ -+static int drbg_ctr_instantiate(DRBG_CTX *dctx, -+ const unsigned char *ent, size_t entlen, -+ const unsigned char *nonce, size_t noncelen, -+ const unsigned char *pers, size_t perslen) -+{ -+ DRBG_CTR_CTX *cctx = &dctx->d.ctr; -+ memset(cctx->K, 0, sizeof(cctx->K)); -+ memset(cctx->V, 0, sizeof(cctx->V)); -+ AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks); -+ ctr_Update(dctx, ent, entlen, pers, perslen, nonce, noncelen); -+ return 1; -+} -+ -+static int drbg_ctr_reseed(DRBG_CTX *dctx, -+ const unsigned char *ent, size_t entlen, -+ const unsigned char *adin, size_t adinlen) -+{ -+ ctr_Update(dctx, ent, entlen, adin, adinlen, NULL, 0); -+ return 1; -+} -+ -+static int drbg_ctr_generate(DRBG_CTX *dctx, -+ unsigned char *out, size_t outlen, -+ const unsigned char *adin, size_t adinlen) -+{ -+ DRBG_CTR_CTX *cctx = &dctx->d.ctr; -+ if (adin && adinlen) { -+ ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0); -+ /* This means we reuse derived value */ -+ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) { -+ adin = NULL; -+ adinlen = 1; -+ } -+ } else -+ adinlen = 0; -+ -+ for (;;) { -+ inc_128(cctx); -+ if (outlen < 16) { -+ /* Use K as temp space as it will be updated */ -+ AES_encrypt(cctx->V, cctx->K, &cctx->ks); -+ memcpy(out, cctx->K, outlen); -+ break; -+ } -+ AES_encrypt(cctx->V, out, &cctx->ks); -+ out += 16; -+ outlen -= 16; -+ if (outlen == 0) -+ break; -+ } -+ -+ ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0); -+ -+ return 1; -+ -+} -+ -+static int drbg_ctr_uninstantiate(DRBG_CTX *dctx) -+{ -+ memset(&dctx->d.ctr, 0, sizeof(DRBG_CTR_CTX)); -+ return 1; -+} -+ -+int fips_drbg_ctr_init(DRBG_CTX *dctx) -+{ -+ DRBG_CTR_CTX *cctx = &dctx->d.ctr; -+ -+ size_t keylen; -+ -+ switch (dctx->type) { -+ case NID_aes_128_ctr: -+ keylen = 16; -+ break; -+ -+ case NID_aes_192_ctr: -+ keylen = 24; -+ break; -+ -+ case NID_aes_256_ctr: -+ keylen = 32; -+ break; -+ -+ default: -+ return -2; -+ } -+ -+ dctx->instantiate = drbg_ctr_instantiate; -+ dctx->reseed = drbg_ctr_reseed; -+ dctx->generate = drbg_ctr_generate; -+ dctx->uninstantiate = drbg_ctr_uninstantiate; -+ -+ cctx->keylen = keylen; -+ dctx->strength = keylen * 8; -+ dctx->blocklength = 16; -+ dctx->seedlen = keylen + 16; -+ -+ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) { -+ /* df initialisation */ -+ static unsigned char df_key[32] = { -+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, -+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, -+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f -+ }; -+ /* Set key schedule for df_key */ -+ AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks); -+ -+ dctx->min_entropy = cctx->keylen; -+ dctx->max_entropy = DRBG_MAX_LENGTH; -+ dctx->min_nonce = dctx->min_entropy / 2; -+ dctx->max_nonce = DRBG_MAX_LENGTH; -+ dctx->max_pers = DRBG_MAX_LENGTH; -+ dctx->max_adin = DRBG_MAX_LENGTH; -+ } else { -+ dctx->min_entropy = dctx->seedlen; -+ dctx->max_entropy = dctx->seedlen; -+ /* Nonce not used */ -+ dctx->min_nonce = 0; -+ dctx->max_nonce = 0; -+ dctx->max_pers = dctx->seedlen; -+ dctx->max_adin = dctx->seedlen; -+ } -+ -+ dctx->max_request = 1 << 16; -+ dctx->reseed_interval = 1 << 24; -+ -+ return 1; -+} -diff -up openssl-1.1.1j/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_hash.c ---- openssl-1.1.1j/crypto/fips/fips_drbg_hash.c.fips 2021-03-03 12:57:42.199734525 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_drbg_hash.c 2021-03-03 12:57:42.199734525 +0100 -@@ -0,0 +1,354 @@ -+/* fips/rand/fips_drbg_hash.c */ -+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ */ -+ -+#define OPENSSL_FIPSAPI -+ -+#include -+#include -+#include -+#include -+#include "crypto/fips.h" -+#include -+#include "fips_rand_lcl.h" -+ -+/* This is Hash_df from SP 800-90 10.4.1 */ -+ -+static int hash_df(DRBG_CTX *dctx, unsigned char *out, -+ const unsigned char *in1, size_t in1len, -+ const unsigned char *in2, size_t in2len, -+ const unsigned char *in3, size_t in3len, -+ const unsigned char *in4, size_t in4len) -+{ -+ EVP_MD_CTX *mctx = dctx->d.hash.mctx; -+ unsigned char *vtmp = dctx->d.hash.vtmp; -+ unsigned char tmp[6]; -+ /* Standard only ever needs seedlen bytes which is always less than -+ * maximum permitted so no need to check length. -+ */ -+ size_t outlen = dctx->seedlen; -+ tmp[0] = 1; -+ tmp[1] = ((outlen * 8) >> 24) & 0xff; -+ tmp[2] = ((outlen * 8) >> 16) & 0xff; -+ tmp[3] = ((outlen * 8) >> 8) & 0xff; -+ tmp[4] = (outlen * 8) & 0xff; -+ if (!in1) { -+ tmp[5] = (unsigned char)in1len; -+ in1 = tmp + 5; -+ in1len = 1; -+ } -+ for (;;) { -+ if (!FIPS_digestinit(mctx, dctx->d.hash.md)) -+ return 0; -+ if (!FIPS_digestupdate(mctx, tmp, 5)) -+ return 0; -+ if (in1 && !FIPS_digestupdate(mctx, in1, in1len)) -+ return 0; -+ if (in2 && !FIPS_digestupdate(mctx, in2, in2len)) -+ return 0; -+ if (in3 && !FIPS_digestupdate(mctx, in3, in3len)) -+ return 0; -+ if (in4 && !FIPS_digestupdate(mctx, in4, in4len)) -+ return 0; -+ if (outlen < dctx->blocklength) { -+ if (!FIPS_digestfinal(mctx, vtmp, NULL)) -+ return 0; -+ memcpy(out, vtmp, outlen); -+ OPENSSL_cleanse(vtmp, dctx->blocklength); -+ return 1; -+ } else if (!FIPS_digestfinal(mctx, out, NULL)) -+ return 0; -+ -+ outlen -= dctx->blocklength; -+ if (outlen == 0) -+ return 1; -+ tmp[0]++; -+ out += dctx->blocklength; -+ } -+} -+ -+/* Add an unsigned buffer to the buf value, storing the result in buf. For -+ * this algorithm the length of input never exceeds the seed length. -+ */ -+ -+static void ctx_add_buf(DRBG_CTX *dctx, unsigned char *buf, -+ unsigned char *in, size_t inlen) -+{ -+ size_t i = inlen; -+ const unsigned char *q; -+ unsigned char c, *p; -+ p = buf + dctx->seedlen; -+ q = in + inlen; -+ -+ OPENSSL_assert(i <= dctx->seedlen); -+ -+ /* Special case: zero length, just increment buffer */ -+ if (i) -+ c = 0; -+ else -+ c = 1; -+ -+ while (i) { -+ int r; -+ p--; -+ q--; -+ r = *p + *q + c; -+ /* Carry */ -+ if (r > 0xff) -+ c = 1; -+ else -+ c = 0; -+ *p = r & 0xff; -+ i--; -+ } -+ -+ i = dctx->seedlen - inlen; -+ -+ /* If not adding whole buffer handle final carries */ -+ if (c && i) { -+ do { -+ p--; -+ c = *p; -+ c++; -+ *p = c; -+ if (c) -+ return; -+ } while (i--); -+ } -+} -+ -+/* Finalise and add hash to V */ -+ -+static int ctx_add_md(DRBG_CTX *dctx) -+{ -+ if (!FIPS_digestfinal(dctx->d.hash.mctx, dctx->d.hash.vtmp, NULL)) -+ return 0; -+ ctx_add_buf(dctx, dctx->d.hash.V, dctx->d.hash.vtmp, dctx->blocklength); -+ return 1; -+} -+ -+static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen) -+{ -+ DRBG_HASH_CTX *hctx = &dctx->d.hash; -+ if (outlen == 0) -+ return 1; -+ memcpy(hctx->vtmp, hctx->V, dctx->seedlen); -+ for (;;) { -+ FIPS_digestinit(hctx->mctx, hctx->md); -+ FIPS_digestupdate(hctx->mctx, hctx->vtmp, dctx->seedlen); -+ if (outlen < dctx->blocklength) { -+ FIPS_digestfinal(hctx->mctx, hctx->vtmp, NULL); -+ memcpy(out, hctx->vtmp, outlen); -+ return 1; -+ } else { -+ FIPS_digestfinal(hctx->mctx, out, NULL); -+ outlen -= dctx->blocklength; -+ if (outlen == 0) -+ return 1; -+ out += dctx->blocklength; -+ } -+ ctx_add_buf(dctx, hctx->vtmp, NULL, 0); -+ } -+} -+ -+static int drbg_hash_instantiate(DRBG_CTX *dctx, -+ const unsigned char *ent, size_t ent_len, -+ const unsigned char *nonce, size_t nonce_len, -+ const unsigned char *pstr, size_t pstr_len) -+{ -+ DRBG_HASH_CTX *hctx = &dctx->d.hash; -+ if (!hash_df(dctx, hctx->V, -+ ent, ent_len, nonce, nonce_len, pstr, pstr_len, NULL, 0)) -+ return 0; -+ if (!hash_df(dctx, hctx->C, -+ NULL, 0, hctx->V, dctx->seedlen, NULL, 0, NULL, 0)) -+ return 0; -+ -+#ifdef HASH_DRBG_TRACE -+ fprintf(stderr, "V+C after instantiate:\n"); -+ hexprint(stderr, hctx->V, dctx->seedlen); -+ hexprint(stderr, hctx->C, dctx->seedlen); -+#endif -+ return 1; -+} -+ -+static int drbg_hash_reseed(DRBG_CTX *dctx, -+ const unsigned char *ent, size_t ent_len, -+ const unsigned char *adin, size_t adin_len) -+{ -+ DRBG_HASH_CTX *hctx = &dctx->d.hash; -+ /* V about to be updated so use C as output instead */ -+ if (!hash_df(dctx, hctx->C, -+ NULL, 1, hctx->V, dctx->seedlen, -+ ent, ent_len, adin, adin_len)) -+ return 0; -+ memcpy(hctx->V, hctx->C, dctx->seedlen); -+ if (!hash_df(dctx, hctx->C, NULL, 0, -+ hctx->V, dctx->seedlen, NULL, 0, NULL, 0)) -+ return 0; -+#ifdef HASH_DRBG_TRACE -+ fprintf(stderr, "V+C after reseed:\n"); -+ hexprint(stderr, hctx->V, dctx->seedlen); -+ hexprint(stderr, hctx->C, dctx->seedlen); -+#endif -+ return 1; -+} -+ -+static int drbg_hash_generate(DRBG_CTX *dctx, -+ unsigned char *out, size_t outlen, -+ const unsigned char *adin, size_t adin_len) -+{ -+ DRBG_HASH_CTX *hctx = &dctx->d.hash; -+ EVP_MD_CTX *mctx = hctx->mctx; -+ unsigned char tmp[4]; -+ if (adin && adin_len) { -+ tmp[0] = 2; -+ if (!FIPS_digestinit(mctx, hctx->md)) -+ return 0; -+ if (!EVP_DigestUpdate(mctx, tmp, 1)) -+ return 0; -+ if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen)) -+ return 0; -+ if (!EVP_DigestUpdate(mctx, adin, adin_len)) -+ return 0; -+ if (!ctx_add_md(dctx)) -+ return 0; -+ } -+ if (!hash_gen(dctx, out, outlen)) -+ return 0; -+ -+ tmp[0] = 3; -+ if (!FIPS_digestinit(mctx, hctx->md)) -+ return 0; -+ if (!EVP_DigestUpdate(mctx, tmp, 1)) -+ return 0; -+ if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen)) -+ return 0; -+ -+ if (!ctx_add_md(dctx)) -+ return 0; -+ -+ ctx_add_buf(dctx, hctx->V, hctx->C, dctx->seedlen); -+ -+ tmp[0] = (dctx->reseed_counter >> 24) & 0xff; -+ tmp[1] = (dctx->reseed_counter >> 16) & 0xff; -+ tmp[2] = (dctx->reseed_counter >> 8) & 0xff; -+ tmp[3] = dctx->reseed_counter & 0xff; -+ ctx_add_buf(dctx, hctx->V, tmp, 4); -+#ifdef HASH_DRBG_TRACE -+ fprintf(stderr, "V+C after generate:\n"); -+ hexprint(stderr, hctx->V, dctx->seedlen); -+ hexprint(stderr, hctx->C, dctx->seedlen); -+#endif -+ return 1; -+} -+ -+static int drbg_hash_uninstantiate(DRBG_CTX *dctx) -+{ -+ EVP_MD_CTX_free(dctx->d.hash.mctx); -+ OPENSSL_cleanse(&dctx->d.hash, sizeof(DRBG_HASH_CTX)); -+ return 1; -+} -+ -+int fips_drbg_hash_init(DRBG_CTX *dctx) -+{ -+ const EVP_MD *md; -+ DRBG_HASH_CTX *hctx = &dctx->d.hash; -+ md = EVP_get_digestbynid(dctx->type); -+ if (!md) -+ return -2; -+ switch (dctx->type) { -+ case NID_sha1: -+ dctx->strength = 128; -+ break; -+ -+ case NID_sha224: -+ dctx->strength = 192; -+ break; -+ -+ default: -+ dctx->strength = 256; -+ break; -+ } -+ -+ dctx->instantiate = drbg_hash_instantiate; -+ dctx->reseed = drbg_hash_reseed; -+ dctx->generate = drbg_hash_generate; -+ dctx->uninstantiate = drbg_hash_uninstantiate; -+ -+ dctx->d.hash.md = md; -+ hctx->mctx = EVP_MD_CTX_new(); -+ if (hctx->mctx == NULL) -+ return -1; -+ -+ /* These are taken from SP 800-90 10.1 table 2 */ -+ -+ dctx->blocklength = EVP_MD_size(md); -+ if (dctx->blocklength > 32) -+ dctx->seedlen = 111; -+ else -+ dctx->seedlen = 55; -+ -+ dctx->min_entropy = dctx->strength / 8; -+ dctx->max_entropy = DRBG_MAX_LENGTH; -+ -+ dctx->min_nonce = dctx->min_entropy / 2; -+ dctx->max_nonce = DRBG_MAX_LENGTH; -+ -+ dctx->max_pers = DRBG_MAX_LENGTH; -+ dctx->max_adin = DRBG_MAX_LENGTH; -+ -+ dctx->max_request = 1 << 16; -+ dctx->reseed_interval = 1 << 24; -+ -+ return 1; -+} -diff -up openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c ---- openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c.fips 2021-03-03 12:57:42.199734525 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c 2021-03-03 12:57:42.199734525 +0100 -@@ -0,0 +1,262 @@ -+/* fips/rand/fips_drbg_hmac.c */ -+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "fips_rand_lcl.h" -+ -+static int drbg_hmac_update(DRBG_CTX *dctx, -+ const unsigned char *in1, size_t in1len, -+ const unsigned char *in2, size_t in2len, -+ const unsigned char *in3, size_t in3len) -+{ -+ static unsigned char c0 = 0, c1 = 1; -+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac; -+ HMAC_CTX *hctx = hmac->hctx; -+ -+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL)) -+ return 0; -+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength)) -+ return 0; -+ if (!HMAC_Update(hctx, &c0, 1)) -+ return 0; -+ if (in1len && !HMAC_Update(hctx, in1, in1len)) -+ return 0; -+ if (in2len && !HMAC_Update(hctx, in2, in2len)) -+ return 0; -+ if (in3len && !HMAC_Update(hctx, in3, in3len)) -+ return 0; -+ -+ if (!HMAC_Final(hctx, hmac->K, NULL)) -+ return 0; -+ -+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL)) -+ return 0; -+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength)) -+ return 0; -+ -+ if (!HMAC_Final(hctx, hmac->V, NULL)) -+ return 0; -+ -+ if (!in1len && !in2len && !in3len) -+ return 1; -+ -+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL)) -+ return 0; -+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength)) -+ return 0; -+ if (!HMAC_Update(hctx, &c1, 1)) -+ return 0; -+ if (in1len && !HMAC_Update(hctx, in1, in1len)) -+ return 0; -+ if (in2len && !HMAC_Update(hctx, in2, in2len)) -+ return 0; -+ if (in3len && !HMAC_Update(hctx, in3, in3len)) -+ return 0; -+ -+ if (!HMAC_Final(hctx, hmac->K, NULL)) -+ return 0; -+ -+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL)) -+ return 0; -+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength)) -+ return 0; -+ -+ if (!HMAC_Final(hctx, hmac->V, NULL)) -+ return 0; -+ -+ return 1; -+ -+} -+ -+static int drbg_hmac_instantiate(DRBG_CTX *dctx, -+ const unsigned char *ent, size_t ent_len, -+ const unsigned char *nonce, size_t nonce_len, -+ const unsigned char *pstr, size_t pstr_len) -+{ -+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac; -+ memset(hmac->K, 0, dctx->blocklength); -+ memset(hmac->V, 1, dctx->blocklength); -+ if (!drbg_hmac_update(dctx, -+ ent, ent_len, nonce, nonce_len, pstr, pstr_len)) -+ return 0; -+ -+#ifdef HMAC_DRBG_TRACE -+ fprintf(stderr, "K+V after instantiate:\n"); -+ hexprint(stderr, hmac->K, hmac->blocklength); -+ hexprint(stderr, hmac->V, hmac->blocklength); -+#endif -+ return 1; -+} -+ -+static int drbg_hmac_reseed(DRBG_CTX *dctx, -+ const unsigned char *ent, size_t ent_len, -+ const unsigned char *adin, size_t adin_len) -+{ -+ if (!drbg_hmac_update(dctx, ent, ent_len, adin, adin_len, NULL, 0)) -+ return 0; -+ -+#ifdef HMAC_DRBG_TRACE -+ { -+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac; -+ fprintf(stderr, "K+V after reseed:\n"); -+ hexprint(stderr, hmac->K, hmac->blocklength); -+ hexprint(stderr, hmac->V, hmac->blocklength); -+ } -+#endif -+ return 1; -+} -+ -+static int drbg_hmac_generate(DRBG_CTX *dctx, -+ unsigned char *out, size_t outlen, -+ const unsigned char *adin, size_t adin_len) -+{ -+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac; -+ HMAC_CTX *hctx = hmac->hctx; -+ const unsigned char *Vtmp = hmac->V; -+ if (adin_len && !drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0)) -+ return 0; -+ for (;;) { -+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL)) -+ return 0; -+ if (!HMAC_Update(hctx, Vtmp, dctx->blocklength)) -+ return 0; -+ if (outlen > dctx->blocklength) { -+ if (!HMAC_Final(hctx, out, NULL)) -+ return 0; -+ Vtmp = out; -+ } else { -+ if (!HMAC_Final(hctx, hmac->V, NULL)) -+ return 0; -+ memcpy(out, hmac->V, outlen); -+ break; -+ } -+ out += dctx->blocklength; -+ outlen -= dctx->blocklength; -+ } -+ if (!drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0)) -+ return 0; -+ -+ return 1; -+} -+ -+static int drbg_hmac_uninstantiate(DRBG_CTX *dctx) -+{ -+ HMAC_CTX_free(dctx->d.hmac.hctx); -+ OPENSSL_cleanse(&dctx->d.hmac, sizeof(DRBG_HMAC_CTX)); -+ return 1; -+} -+ -+int fips_drbg_hmac_init(DRBG_CTX *dctx) -+{ -+ const EVP_MD *md = NULL; -+ DRBG_HMAC_CTX *hctx = &dctx->d.hmac; -+ dctx->strength = 256; -+ switch (dctx->type) { -+ case NID_hmacWithSHA1: -+ md = EVP_sha1(); -+ dctx->strength = 128; -+ break; -+ -+ case NID_hmacWithSHA224: -+ md = EVP_sha224(); -+ dctx->strength = 192; -+ break; -+ -+ case NID_hmacWithSHA256: -+ md = EVP_sha256(); -+ break; -+ -+ case NID_hmacWithSHA384: -+ md = EVP_sha384(); -+ break; -+ -+ case NID_hmacWithSHA512: -+ md = EVP_sha512(); -+ break; -+ -+ default: -+ dctx->strength = 0; -+ return -2; -+ } -+ dctx->instantiate = drbg_hmac_instantiate; -+ dctx->reseed = drbg_hmac_reseed; -+ dctx->generate = drbg_hmac_generate; -+ dctx->uninstantiate = drbg_hmac_uninstantiate; -+ hctx->hctx = HMAC_CTX_new(); -+ if (hctx->hctx == NULL) -+ return -1; -+ hctx->md = md; -+ dctx->blocklength = M_EVP_MD_size(md); -+ dctx->seedlen = M_EVP_MD_size(md); -+ -+ dctx->min_entropy = dctx->strength / 8; -+ dctx->max_entropy = DRBG_MAX_LENGTH; -+ -+ dctx->min_nonce = dctx->min_entropy / 2; -+ dctx->max_nonce = DRBG_MAX_LENGTH; -+ -+ dctx->max_pers = DRBG_MAX_LENGTH; -+ dctx->max_adin = DRBG_MAX_LENGTH; -+ -+ dctx->max_request = 1 << 16; -+ dctx->reseed_interval = 1 << 24; -+ -+ return 1; -+} -diff -up openssl-1.1.1j/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_lib.c ---- openssl-1.1.1j/crypto/fips/fips_drbg_lib.c.fips 2021-03-03 12:57:42.199734525 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_drbg_lib.c 2021-03-03 12:57:42.199734525 +0100 -@@ -0,0 +1,528 @@ -+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ */ -+ -+#include -+#include -+#include -+#include -+#include "crypto/fips.h" -+#include -+#include "fips_locl.h" -+#include "fips_rand_lcl.h" -+ -+/* Support framework for SP800-90 DRBGs */ -+ -+int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags) -+{ -+ int rv; -+ memset(dctx, 0, sizeof(DRBG_CTX)); -+ dctx->status = DRBG_STATUS_UNINITIALISED; -+ dctx->xflags = flags; -+ dctx->type = type; -+ -+ dctx->iflags = 0; -+ dctx->entropy_blocklen = 0; -+ dctx->health_check_cnt = 0; -+ dctx->health_check_interval = DRBG_HEALTH_INTERVAL; -+ -+ rv = fips_drbg_hash_init(dctx); -+ -+ if (rv == -2) -+ rv = fips_drbg_ctr_init(dctx); -+ if (rv == -2) -+ rv = fips_drbg_hmac_init(dctx); -+ -+ if (rv <= 0) { -+ if (rv == -2) -+ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_UNSUPPORTED_DRBG_TYPE); -+ else -+ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_ERROR_INITIALISING_DRBG); -+ } -+ -+ /* If not in test mode run selftests on DRBG of the same type */ -+ -+ if (!(dctx->xflags & DRBG_FLAG_TEST)) { -+ if (!FIPS_drbg_health_check(dctx)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE); -+ return 0; -+ } -+ } -+ -+ return rv; -+} -+ -+DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags) -+{ -+ DRBG_CTX *dctx; -+ dctx = OPENSSL_malloc(sizeof(DRBG_CTX)); -+ if (!dctx) { -+ FIPSerr(FIPS_F_FIPS_DRBG_NEW, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ -+ if (type == 0) { -+ memset(dctx, 0, sizeof(DRBG_CTX)); -+ dctx->type = 0; -+ dctx->status = DRBG_STATUS_UNINITIALISED; -+ return dctx; -+ } -+ -+ if (FIPS_drbg_init(dctx, type, flags) <= 0) { -+ OPENSSL_free(dctx); -+ return NULL; -+ } -+ -+ return dctx; -+} -+ -+void FIPS_drbg_free(DRBG_CTX *dctx) -+{ -+ if (dctx->uninstantiate) -+ dctx->uninstantiate(dctx); -+ /* Don't free up default DRBG */ -+ if (dctx == FIPS_get_default_drbg()) { -+ memset(dctx, 0, sizeof(DRBG_CTX)); -+ dctx->type = 0; -+ dctx->status = DRBG_STATUS_UNINITIALISED; -+ } else { -+ OPENSSL_cleanse(&dctx->d, sizeof(dctx->d)); -+ OPENSSL_free(dctx); -+ } -+} -+ -+static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout, -+ int entropy, size_t min_len, size_t max_len) -+{ -+ unsigned char *tout, *p; -+ size_t bl = dctx->entropy_blocklen, rv; -+ if (!dctx->get_entropy) -+ return 0; -+ if (dctx->xflags & DRBG_FLAG_TEST || !bl) -+ return dctx->get_entropy(dctx, pout, entropy, min_len, max_len); -+ rv = dctx->get_entropy(dctx, &tout, entropy + bl, -+ min_len + bl, max_len + bl); -+ if (tout == NULL) -+ return 0; -+ *pout = tout + bl; -+ if (rv < (min_len + bl) || (rv % bl)) -+ return 0; -+ /* Compare consecutive blocks for continuous PRNG test */ -+ for (p = tout; p < tout + rv - bl; p += bl) { -+ if (!memcmp(p, p + bl, bl)) { -+ FIPSerr(FIPS_F_FIPS_GET_ENTROPY, FIPS_R_ENTROPY_SOURCE_STUCK); -+ return 0; -+ } -+ } -+ rv -= bl; -+ if (rv > max_len) -+ return max_len; -+ return rv; -+} -+ -+static void fips_cleanup_entropy(DRBG_CTX *dctx, -+ unsigned char *out, size_t olen) -+{ -+ size_t bl; -+ if (dctx->xflags & DRBG_FLAG_TEST) -+ bl = 0; -+ else -+ bl = dctx->entropy_blocklen; -+ /* Call cleanup with original arguments */ -+ dctx->cleanup_entropy(dctx, out - bl, olen + bl); -+} -+ -+int FIPS_drbg_instantiate(DRBG_CTX *dctx, -+ const unsigned char *pers, size_t perslen) -+{ -+ size_t entlen = 0, noncelen = 0; -+ unsigned char *nonce = NULL, *entropy = NULL; -+ -+#if 0 -+ /* Put here so error script picks them up */ -+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, -+ FIPS_R_PERSONALISATION_STRING_TOO_LONG); -+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_IN_ERROR_STATE); -+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ALREADY_INSTANTIATED); -+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY); -+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE); -+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR); -+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED); -+#endif -+ -+ int r = 0; -+ -+ if (perslen > dctx->max_pers) { -+ r = FIPS_R_PERSONALISATION_STRING_TOO_LONG; -+ goto end; -+ } -+ -+ if (!dctx->instantiate) { -+ r = FIPS_R_DRBG_NOT_INITIALISED; -+ goto end; -+ } -+ -+ if (dctx->status != DRBG_STATUS_UNINITIALISED) { -+ if (dctx->status == DRBG_STATUS_ERROR) -+ r = FIPS_R_IN_ERROR_STATE; -+ else -+ r = FIPS_R_ALREADY_INSTANTIATED; -+ goto end; -+ } -+ -+ dctx->status = DRBG_STATUS_ERROR; -+ -+ entlen = fips_get_entropy(dctx, &entropy, dctx->strength, -+ dctx->min_entropy, dctx->max_entropy); -+ -+ if (entlen < dctx->min_entropy || entlen > dctx->max_entropy) { -+ r = FIPS_R_ERROR_RETRIEVING_ENTROPY; -+ goto end; -+ } -+ -+ if (dctx->max_nonce > 0 && dctx->get_nonce) { -+ noncelen = dctx->get_nonce(dctx, &nonce, -+ dctx->strength / 2, -+ dctx->min_nonce, dctx->max_nonce); -+ -+ if (noncelen < dctx->min_nonce || noncelen > dctx->max_nonce) { -+ r = FIPS_R_ERROR_RETRIEVING_NONCE; -+ goto end; -+ } -+ -+ } -+ -+ if (!dctx->instantiate(dctx, -+ entropy, entlen, nonce, noncelen, pers, perslen)) { -+ r = FIPS_R_ERROR_INSTANTIATING_DRBG; -+ goto end; -+ } -+ -+ dctx->status = DRBG_STATUS_READY; -+ if (!(dctx->iflags & DRBG_CUSTOM_RESEED)) -+ dctx->reseed_counter = 1; -+ -+ end: -+ -+ if (entropy && dctx->cleanup_entropy) -+ fips_cleanup_entropy(dctx, entropy, entlen); -+ -+ if (nonce && dctx->cleanup_nonce) -+ dctx->cleanup_nonce(dctx, nonce, noncelen); -+ -+ if (dctx->status == DRBG_STATUS_READY) -+ return 1; -+ -+ if (r && !(dctx->iflags & DRBG_FLAG_NOERR)) -+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, r); -+ -+ return 0; -+ -+} -+ -+static int drbg_reseed(DRBG_CTX *dctx, -+ const unsigned char *adin, size_t adinlen, int hcheck) -+{ -+ unsigned char *entropy = NULL; -+ size_t entlen = 0; -+ int r = 0; -+ -+#if 0 -+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_NOT_INSTANTIATED); -+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG); -+#endif -+ if (dctx->status != DRBG_STATUS_READY -+ && dctx->status != DRBG_STATUS_RESEED) { -+ if (dctx->status == DRBG_STATUS_ERROR) -+ r = FIPS_R_IN_ERROR_STATE; -+ else if (dctx->status == DRBG_STATUS_UNINITIALISED) -+ r = FIPS_R_NOT_INSTANTIATED; -+ goto end; -+ } -+ -+ if (!adin) -+ adinlen = 0; -+ else if (adinlen > dctx->max_adin) { -+ r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG; -+ goto end; -+ } -+ -+ dctx->status = DRBG_STATUS_ERROR; -+ /* Peform health check on all reseed operations if not a prediction -+ * resistance request and not in test mode. -+ */ -+ if (hcheck && !(dctx->xflags & DRBG_FLAG_TEST)) { -+ if (!FIPS_drbg_health_check(dctx)) { -+ r = FIPS_R_SELFTEST_FAILURE; -+ goto end; -+ } -+ } -+ -+ entlen = fips_get_entropy(dctx, &entropy, dctx->strength, -+ dctx->min_entropy, dctx->max_entropy); -+ -+ if (entlen < dctx->min_entropy || entlen > dctx->max_entropy) { -+ r = FIPS_R_ERROR_RETRIEVING_ENTROPY; -+ goto end; -+ } -+ -+ if (!dctx->reseed(dctx, entropy, entlen, adin, adinlen)) -+ goto end; -+ -+ dctx->status = DRBG_STATUS_READY; -+ if (!(dctx->iflags & DRBG_CUSTOM_RESEED)) -+ dctx->reseed_counter = 1; -+ end: -+ -+ if (entropy && dctx->cleanup_entropy) -+ fips_cleanup_entropy(dctx, entropy, entlen); -+ -+ if (dctx->status == DRBG_STATUS_READY) -+ return 1; -+ -+ if (r && !(dctx->iflags & DRBG_FLAG_NOERR)) -+ FIPSerr(FIPS_F_DRBG_RESEED, r); -+ -+ return 0; -+} -+ -+int FIPS_drbg_reseed(DRBG_CTX *dctx, -+ const unsigned char *adin, size_t adinlen) -+{ -+ return drbg_reseed(dctx, adin, adinlen, 1); -+} -+ -+static int fips_drbg_check(DRBG_CTX *dctx) -+{ -+ if (dctx->xflags & DRBG_FLAG_TEST) -+ return 1; -+ dctx->health_check_cnt++; -+ if (dctx->health_check_cnt >= dctx->health_check_interval) { -+ if (!FIPS_drbg_health_check(dctx)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE); -+ return 0; -+ } -+ } -+ return 1; -+} -+ -+int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen, -+ int prediction_resistance, -+ const unsigned char *adin, size_t adinlen) -+{ -+ int r = 0; -+ -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_SELFTEST_FAILED); -+ return 0; -+ } -+ -+ if (!fips_drbg_check(dctx)) -+ return 0; -+ -+ if (dctx->status != DRBG_STATUS_READY -+ && dctx->status != DRBG_STATUS_RESEED) { -+ if (dctx->status == DRBG_STATUS_ERROR) -+ r = FIPS_R_IN_ERROR_STATE; -+ else if (dctx->status == DRBG_STATUS_UNINITIALISED) -+ r = FIPS_R_NOT_INSTANTIATED; -+ goto end; -+ } -+ -+ if (outlen > dctx->max_request) { -+ r = FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG; -+ return 0; -+ } -+ -+ if (adinlen > dctx->max_adin) { -+ r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG; -+ goto end; -+ } -+ -+ if (dctx->iflags & DRBG_CUSTOM_RESEED) -+ dctx->generate(dctx, NULL, outlen, NULL, 0); -+ else if (dctx->reseed_counter >= dctx->reseed_interval) -+ dctx->status = DRBG_STATUS_RESEED; -+ -+ if (dctx->status == DRBG_STATUS_RESEED || prediction_resistance) { -+ /* If prediction resistance request don't do health check */ -+ int hcheck = prediction_resistance ? 0 : 1; -+ -+ if (!drbg_reseed(dctx, adin, adinlen, hcheck)) { -+ r = FIPS_R_RESEED_ERROR; -+ goto end; -+ } -+ adin = NULL; -+ adinlen = 0; -+ } -+ -+ if (!dctx->generate(dctx, out, outlen, adin, adinlen)) { -+ r = FIPS_R_GENERATE_ERROR; -+ dctx->status = DRBG_STATUS_ERROR; -+ goto end; -+ } -+ if (!(dctx->iflags & DRBG_CUSTOM_RESEED)) { -+ if (dctx->reseed_counter >= dctx->reseed_interval) -+ dctx->status = DRBG_STATUS_RESEED; -+ else -+ dctx->reseed_counter++; -+ } -+ -+ end: -+ if (r) { -+ if (!(dctx->iflags & DRBG_FLAG_NOERR)) -+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, r); -+ return 0; -+ } -+ -+ return 1; -+} -+ -+int FIPS_drbg_uninstantiate(DRBG_CTX *dctx) -+{ -+ int rv; -+ if (!dctx->uninstantiate) -+ rv = 1; -+ else -+ rv = dctx->uninstantiate(dctx); -+ /* Although we'd like to cleanse here we can't because we have to -+ * test the uninstantiate really zeroes the data. -+ */ -+ memset(&dctx->d, 0, sizeof(dctx->d)); -+ dctx->status = DRBG_STATUS_UNINITIALISED; -+ /* If method has problems uninstantiating, return error */ -+ return rv; -+} -+ -+int FIPS_drbg_set_callbacks(DRBG_CTX *dctx, -+ size_t (*get_entropy) (DRBG_CTX *ctx, -+ unsigned char **pout, -+ int entropy, -+ size_t min_len, -+ size_t max_len), -+ void (*cleanup_entropy) (DRBG_CTX *ctx, -+ unsigned char *out, -+ size_t olen), -+ size_t entropy_blocklen, -+ size_t (*get_nonce) (DRBG_CTX *ctx, -+ unsigned char **pout, -+ int entropy, size_t min_len, -+ size_t max_len), -+ void (*cleanup_nonce) (DRBG_CTX *ctx, -+ unsigned char *out, -+ size_t olen)) -+{ -+ if (dctx->status != DRBG_STATUS_UNINITIALISED) -+ return 0; -+ dctx->entropy_blocklen = entropy_blocklen; -+ dctx->get_entropy = get_entropy; -+ dctx->cleanup_entropy = cleanup_entropy; -+ dctx->get_nonce = get_nonce; -+ dctx->cleanup_nonce = cleanup_nonce; -+ return 1; -+} -+ -+int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx, -+ size_t (*get_adin) (DRBG_CTX *ctx, -+ unsigned char **pout), -+ void (*cleanup_adin) (DRBG_CTX *ctx, -+ unsigned char *out, -+ size_t olen), -+ int (*rand_seed_cb) (DRBG_CTX *ctx, -+ const void *buf, -+ int num), -+ int (*rand_add_cb) (DRBG_CTX *ctx, -+ const void *buf, int num, -+ double entropy)) -+{ -+ if (dctx->status != DRBG_STATUS_UNINITIALISED) -+ return 0; -+ dctx->get_adin = get_adin; -+ dctx->cleanup_adin = cleanup_adin; -+ dctx->rand_seed_cb = rand_seed_cb; -+ dctx->rand_add_cb = rand_add_cb; -+ return 1; -+} -+ -+void *FIPS_drbg_get_app_data(DRBG_CTX *dctx) -+{ -+ return dctx->app_data; -+} -+ -+void FIPS_drbg_set_app_data(DRBG_CTX *dctx, void *app_data) -+{ -+ dctx->app_data = app_data; -+} -+ -+size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx) -+{ -+ return dctx->blocklength; -+} -+ -+int FIPS_drbg_get_strength(DRBG_CTX *dctx) -+{ -+ return dctx->strength; -+} -+ -+void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval) -+{ -+ dctx->health_check_interval = interval; -+} -+ -+void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval) -+{ -+ dctx->reseed_interval = interval; -+} -+ -+void FIPS_drbg_stick(int onoff) -+{ -+ /* Just backwards compatibility API call with no effect. */ -+} -diff -up openssl-1.1.1j/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_rand.c ---- openssl-1.1.1j/crypto/fips/fips_drbg_rand.c.fips 2021-03-03 12:57:42.199734525 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_drbg_rand.c 2021-03-03 12:57:42.199734525 +0100 -@@ -0,0 +1,185 @@ -+/* fips/rand/fips_drbg_rand.c */ -+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ */ -+ -+#include -+#include -+#include "internal/thread_once.h" -+#include -+#include -+#include -+#include -+#include "fips_rand_lcl.h" -+ -+/* Mapping of SP800-90 DRBGs to OpenSSL RAND_METHOD */ -+ -+/* Since we only have one global PRNG used at any time in OpenSSL use a global -+ * variable to store context. -+ */ -+ -+static DRBG_CTX ossl_dctx; -+ -+static CRYPTO_RWLOCK *fips_rand_lock = NULL; -+static CRYPTO_ONCE fips_rand_lock_init = CRYPTO_ONCE_STATIC_INIT; -+ -+DEFINE_RUN_ONCE_STATIC(do_fips_rand_lock_init) -+{ -+ fips_rand_lock = CRYPTO_THREAD_lock_new(); -+ return fips_rand_lock != NULL; -+} -+ -+DRBG_CTX *FIPS_get_default_drbg(void) -+{ -+ if (!RUN_ONCE(&fips_rand_lock_init, do_fips_rand_lock_init)) -+ return NULL; -+ return &ossl_dctx; -+} -+ -+static int fips_drbg_bytes(unsigned char *out, int count) -+{ -+ DRBG_CTX *dctx = &ossl_dctx; -+ int rv = 0; -+ unsigned char *adin = NULL; -+ size_t adinlen = 0; -+ CRYPTO_THREAD_write_lock(fips_rand_lock); -+ do { -+ size_t rcnt; -+ if (count > (int)dctx->max_request) -+ rcnt = dctx->max_request; -+ else -+ rcnt = count; -+ if (dctx->get_adin) { -+ adinlen = dctx->get_adin(dctx, &adin); -+ if (adinlen && !adin) { -+ FIPSerr(FIPS_F_FIPS_DRBG_BYTES, -+ FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT); -+ goto err; -+ } -+ } -+ rv = FIPS_drbg_generate(dctx, out, rcnt, 0, adin, adinlen); -+ if (adin) { -+ if (dctx->cleanup_adin) -+ dctx->cleanup_adin(dctx, adin, adinlen); -+ adin = NULL; -+ } -+ if (!rv) -+ goto err; -+ out += rcnt; -+ count -= rcnt; -+ } -+ while (count); -+ rv = 1; -+ err: -+ CRYPTO_THREAD_unlock(fips_rand_lock); -+ return rv; -+} -+ -+static int fips_drbg_pseudo(unsigned char *out, int count) -+{ -+ if (fips_drbg_bytes(out, count) <= 0) -+ return -1; -+ return 1; -+} -+ -+static int fips_drbg_status(void) -+{ -+ DRBG_CTX *dctx = &ossl_dctx; -+ int rv; -+ CRYPTO_THREAD_read_lock(fips_rand_lock); -+ rv = dctx->status == DRBG_STATUS_READY ? 1 : 0; -+ CRYPTO_THREAD_unlock(fips_rand_lock); -+ return rv; -+} -+ -+static void fips_drbg_cleanup(void) -+{ -+ DRBG_CTX *dctx = &ossl_dctx; -+ CRYPTO_THREAD_write_lock(fips_rand_lock); -+ FIPS_drbg_uninstantiate(dctx); -+ CRYPTO_THREAD_unlock(fips_rand_lock); -+} -+ -+static int fips_drbg_seed(const void *seed, int seedlen) -+{ -+ DRBG_CTX *dctx = &ossl_dctx; -+ int ret = 1; -+ CRYPTO_THREAD_write_lock(fips_rand_lock); -+ if (dctx->rand_seed_cb) -+ ret = dctx->rand_seed_cb(dctx, seed, seedlen); -+ CRYPTO_THREAD_unlock(fips_rand_lock); -+ return ret; -+} -+ -+static int fips_drbg_add(const void *seed, int seedlen, double add_entropy) -+{ -+ DRBG_CTX *dctx = &ossl_dctx; -+ int ret = 1; -+ CRYPTO_THREAD_write_lock(fips_rand_lock); -+ if (dctx->rand_add_cb) -+ ret = dctx->rand_add_cb(dctx, seed, seedlen, add_entropy); -+ CRYPTO_THREAD_unlock(fips_rand_lock); -+ return ret; -+} -+ -+static const RAND_METHOD rand_drbg_meth = { -+ fips_drbg_seed, -+ fips_drbg_bytes, -+ fips_drbg_cleanup, -+ fips_drbg_add, -+ fips_drbg_pseudo, -+ fips_drbg_status -+}; -+ -+const RAND_METHOD *FIPS_drbg_method(void) -+{ -+ return &rand_drbg_meth; -+} -diff -up openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c ---- openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c.fips 2021-03-03 12:57:42.200734534 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c 2021-03-03 12:57:42.200734534 +0100 -@@ -0,0 +1,828 @@ -+/* fips/rand/fips_drbg_selftest.c */ -+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include "fips_rand_lcl.h" -+#include "fips_locl.h" -+ -+#include "fips_drbg_selftest.h" -+ -+typedef struct { -+ int post; -+ int nid; -+ unsigned int flags; -+ -+ /* KAT data for no PR */ -+ const unsigned char *ent; -+ size_t entlen; -+ const unsigned char *nonce; -+ size_t noncelen; -+ const unsigned char *pers; -+ size_t perslen; -+ const unsigned char *adin; -+ size_t adinlen; -+ const unsigned char *entreseed; -+ size_t entreseedlen; -+ const unsigned char *adinreseed; -+ size_t adinreseedlen; -+ const unsigned char *adin2; -+ size_t adin2len; -+ const unsigned char *kat; -+ size_t katlen; -+ const unsigned char *kat2; -+ size_t kat2len; -+ -+ /* KAT data for PR */ -+ const unsigned char *ent_pr; -+ size_t entlen_pr; -+ const unsigned char *nonce_pr; -+ size_t noncelen_pr; -+ const unsigned char *pers_pr; -+ size_t perslen_pr; -+ const unsigned char *adin_pr; -+ size_t adinlen_pr; -+ const unsigned char *entpr_pr; -+ size_t entprlen_pr; -+ const unsigned char *ading_pr; -+ size_t adinglen_pr; -+ const unsigned char *entg_pr; -+ size_t entglen_pr; -+ const unsigned char *kat_pr; -+ size_t katlen_pr; -+ const unsigned char *kat2_pr; -+ size_t kat2len_pr; -+ -+} DRBG_SELFTEST_DATA; -+ -+#define make_drbg_test_data(nid, flag, pr, p) {p, nid, flag | DRBG_FLAG_TEST, \ -+ pr##_entropyinput, sizeof(pr##_entropyinput), \ -+ pr##_nonce, sizeof(pr##_nonce), \ -+ pr##_personalizationstring, sizeof(pr##_personalizationstring), \ -+ pr##_additionalinput, sizeof(pr##_additionalinput), \ -+ pr##_entropyinputreseed, sizeof(pr##_entropyinputreseed), \ -+ pr##_additionalinputreseed, sizeof(pr##_additionalinputreseed), \ -+ pr##_additionalinput2, sizeof(pr##_additionalinput2), \ -+ pr##_int_returnedbits, sizeof(pr##_int_returnedbits), \ -+ pr##_returnedbits, sizeof(pr##_returnedbits), \ -+ pr##_pr_entropyinput, sizeof(pr##_pr_entropyinput), \ -+ pr##_pr_nonce, sizeof(pr##_pr_nonce), \ -+ pr##_pr_personalizationstring, sizeof(pr##_pr_personalizationstring), \ -+ pr##_pr_additionalinput, sizeof(pr##_pr_additionalinput), \ -+ pr##_pr_entropyinputpr, sizeof(pr##_pr_entropyinputpr), \ -+ pr##_pr_additionalinput2, sizeof(pr##_pr_additionalinput2), \ -+ pr##_pr_entropyinputpr2, sizeof(pr##_pr_entropyinputpr2), \ -+ pr##_pr_int_returnedbits, sizeof(pr##_pr_int_returnedbits), \ -+ pr##_pr_returnedbits, sizeof(pr##_pr_returnedbits), \ -+ } -+ -+#define make_drbg_test_data_df(nid, pr, p) \ -+ make_drbg_test_data(nid, DRBG_FLAG_CTR_USE_DF, pr, p) -+ -+#define make_drbg_test_data_ec(curve, md, pr, p) \ -+ make_drbg_test_data((curve << 16) | md , 0, pr, p) -+ -+static DRBG_SELFTEST_DATA drbg_test[] = { -+ make_drbg_test_data_df(NID_aes_128_ctr, aes_128_use_df, 0), -+ make_drbg_test_data_df(NID_aes_192_ctr, aes_192_use_df, 0), -+ make_drbg_test_data_df(NID_aes_256_ctr, aes_256_use_df, 1), -+ make_drbg_test_data(NID_aes_128_ctr, 0, aes_128_no_df, 0), -+ make_drbg_test_data(NID_aes_192_ctr, 0, aes_192_no_df, 0), -+ make_drbg_test_data(NID_aes_256_ctr, 0, aes_256_no_df, 1), -+ make_drbg_test_data(NID_sha1, 0, sha1, 0), -+ make_drbg_test_data(NID_sha224, 0, sha224, 0), -+ make_drbg_test_data(NID_sha256, 0, sha256, 1), -+ make_drbg_test_data(NID_sha384, 0, sha384, 0), -+ make_drbg_test_data(NID_sha512, 0, sha512, 0), -+ make_drbg_test_data(NID_hmacWithSHA1, 0, hmac_sha1, 0), -+ make_drbg_test_data(NID_hmacWithSHA224, 0, hmac_sha224, 0), -+ make_drbg_test_data(NID_hmacWithSHA256, 0, hmac_sha256, 1), -+ make_drbg_test_data(NID_hmacWithSHA384, 0, hmac_sha384, 0), -+ make_drbg_test_data(NID_hmacWithSHA512, 0, hmac_sha512, 0), -+ {0, 0, 0} -+}; -+ -+typedef struct { -+ const unsigned char *ent; -+ size_t entlen; -+ int entcnt; -+ const unsigned char *nonce; -+ size_t noncelen; -+ int noncecnt; -+} TEST_ENT; -+ -+static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout, -+ int entropy, size_t min_len, size_t max_len) -+{ -+ TEST_ENT *t = FIPS_drbg_get_app_data(dctx); -+ *pout = (unsigned char *)t->ent; -+ t->entcnt++; -+ return t->entlen; -+} -+ -+static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout, -+ int entropy, size_t min_len, size_t max_len) -+{ -+ TEST_ENT *t = FIPS_drbg_get_app_data(dctx); -+ *pout = (unsigned char *)t->nonce; -+ t->noncecnt++; -+ return t->noncelen; -+} -+ -+static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td, -+ int quick) -+{ -+ TEST_ENT t; -+ int rv = 0; -+ size_t adinlen; -+ unsigned char randout[1024]; -+ -+ /* Initial test without PR */ -+ -+ /* Instantiate DRBG with test entropy, nonce and personalisation -+ * string. -+ */ -+ -+ if (!FIPS_drbg_init(dctx, td->nid, td->flags)) -+ return 0; -+ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0)) -+ return 0; -+ -+ FIPS_drbg_set_app_data(dctx, &t); -+ -+ t.ent = td->ent; -+ t.entlen = td->entlen; -+ t.nonce = td->nonce; -+ t.noncelen = td->noncelen; -+ t.entcnt = 0; -+ t.noncecnt = 0; -+ -+ if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen)) -+ goto err; -+ -+ /* Note for CTR without DF some additional input values -+ * ignore bytes after the keylength: so reduce adinlen -+ * to half to ensure invalid data is fed in. -+ */ -+ if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags)) -+ adinlen = td->adinlen / 2; -+ else -+ adinlen = td->adinlen; -+ -+ /* Generate with no PR and verify output matches expected data */ -+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, td->adin, adinlen)) -+ goto err; -+ -+ if (memcmp(randout, td->kat, td->katlen)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST1_FAILURE); -+ goto err2; -+ } -+ /* If abbreviated POST end of test */ -+ if (quick) { -+ rv = 1; -+ goto err; -+ } -+ /* Reseed DRBG with test entropy and additional input */ -+ t.ent = td->entreseed; -+ t.entlen = td->entreseedlen; -+ -+ if (!FIPS_drbg_reseed(dctx, td->adinreseed, td->adinreseedlen)) -+ goto err; -+ -+ /* Generate with no PR and verify output matches expected data */ -+ if (!FIPS_drbg_generate(dctx, randout, td->kat2len, 0, -+ td->adin2, td->adin2len)) -+ goto err; -+ -+ if (memcmp(randout, td->kat2, td->kat2len)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST2_FAILURE); -+ goto err2; -+ } -+ -+ FIPS_drbg_uninstantiate(dctx); -+ -+ /* Now test with PR */ -+ -+ /* Instantiate DRBG with test entropy, nonce and personalisation -+ * string. -+ */ -+ if (!FIPS_drbg_init(dctx, td->nid, td->flags)) -+ return 0; -+ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0)) -+ return 0; -+ -+ FIPS_drbg_set_app_data(dctx, &t); -+ -+ t.ent = td->ent_pr; -+ t.entlen = td->entlen_pr; -+ t.nonce = td->nonce_pr; -+ t.noncelen = td->noncelen_pr; -+ t.entcnt = 0; -+ t.noncecnt = 0; -+ -+ if (!FIPS_drbg_instantiate(dctx, td->pers_pr, td->perslen_pr)) -+ goto err; -+ -+ /* Now generate with PR: we need to supply entropy as this will -+ * perform a reseed operation. Check output matches expected value. -+ */ -+ -+ t.ent = td->entpr_pr; -+ t.entlen = td->entprlen_pr; -+ -+ /* Note for CTR without DF some additional input values -+ * ignore bytes after the keylength: so reduce adinlen -+ * to half to ensure invalid data is fed in. -+ */ -+ if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags)) -+ adinlen = td->adinlen_pr / 2; -+ else -+ adinlen = td->adinlen_pr; -+ if (!FIPS_drbg_generate(dctx, randout, td->katlen_pr, 1, -+ td->adin_pr, adinlen)) -+ goto err; -+ -+ if (memcmp(randout, td->kat_pr, td->katlen_pr)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST1_FAILURE); -+ goto err2; -+ } -+ -+ /* Now generate again with PR: supply new entropy again. -+ * Check output matches expected value. -+ */ -+ -+ t.ent = td->entg_pr; -+ t.entlen = td->entglen_pr; -+ -+ if (!FIPS_drbg_generate(dctx, randout, td->kat2len_pr, 1, -+ td->ading_pr, td->adinglen_pr)) -+ goto err; -+ -+ if (memcmp(randout, td->kat2_pr, td->kat2len_pr)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST2_FAILURE); -+ goto err2; -+ } -+ /* All OK, test complete */ -+ rv = 1; -+ -+ err: -+ if (rv == 0) -+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_SELFTEST_FAILED); -+ err2: -+ FIPS_drbg_uninstantiate(dctx); -+ -+ return rv; -+ -+} -+ -+/* Initialise a DRBG based on selftest data */ -+ -+static int do_drbg_init(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td, TEST_ENT * t) -+{ -+ -+ if (!FIPS_drbg_init(dctx, td->nid, td->flags)) -+ return 0; -+ -+ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0)) -+ return 0; -+ -+ FIPS_drbg_set_app_data(dctx, t); -+ -+ t->ent = td->ent; -+ t->entlen = td->entlen; -+ t->nonce = td->nonce; -+ t->noncelen = td->noncelen; -+ t->entcnt = 0; -+ t->noncecnt = 0; -+ return 1; -+} -+ -+/* Initialise and instantiate DRBG based on selftest data */ -+static int do_drbg_instantiate(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td, -+ TEST_ENT * t) -+{ -+ if (!do_drbg_init(dctx, td, t)) -+ return 0; -+ if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen)) -+ return 0; -+ -+ return 1; -+} -+ -+/* This function performs extensive error checking as required by SP800-90. -+ * Induce several failure modes and check an error condition is set. -+ * This function along with fips_drbg_single_kat peforms the health checking -+ * operation. -+ */ -+ -+static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td) -+{ -+ unsigned char randout[1024]; -+ TEST_ENT t; -+ size_t i; -+ unsigned int reseed_counter_tmp; -+ unsigned char *p = (unsigned char *)dctx; -+ -+ /* Initialise DRBG */ -+ -+ if (!do_drbg_init(dctx, td, &t)) -+ goto err; -+ -+ /* Don't report induced errors */ -+ dctx->iflags |= DRBG_FLAG_NOERR; -+ -+ /* Personalisation string tests */ -+ -+ /* Test detection of too large personlisation string */ -+ -+ if (FIPS_drbg_instantiate(dctx, td->pers, dctx->max_pers + 1) > 0) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_PERSONALISATION_ERROR_UNDETECTED); -+ goto err; -+ } -+ -+ /* Entropy source tests */ -+ -+ /* Test entropy source failure detecion: i.e. returns no data */ -+ -+ t.entlen = 0; -+ -+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_ENTROPY_ERROR_UNDETECTED); -+ goto err; -+ } -+ -+ /* Try to generate output from uninstantiated DRBG */ -+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 0, -+ td->adin, td->adinlen)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_GENERATE_ERROR_UNDETECTED); -+ goto err; -+ } -+ -+ dctx->iflags &= ~DRBG_FLAG_NOERR; -+ if (!FIPS_drbg_uninstantiate(dctx)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); -+ goto err; -+ } -+ -+ if (!do_drbg_init(dctx, td, &t)) -+ goto err; -+ -+ dctx->iflags |= DRBG_FLAG_NOERR; -+ -+ /* Test insufficient entropy */ -+ -+ t.entlen = dctx->min_entropy - 1; -+ -+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_ENTROPY_ERROR_UNDETECTED); -+ goto err; -+ } -+ -+ dctx->iflags &= ~DRBG_FLAG_NOERR; -+ if (!FIPS_drbg_uninstantiate(dctx)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); -+ goto err; -+ } -+ -+ /* Test too much entropy */ -+ -+ if (!do_drbg_init(dctx, td, &t)) -+ goto err; -+ -+ dctx->iflags |= DRBG_FLAG_NOERR; -+ -+ t.entlen = dctx->max_entropy + 1; -+ -+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_ENTROPY_ERROR_UNDETECTED); -+ goto err; -+ } -+ -+ dctx->iflags &= ~DRBG_FLAG_NOERR; -+ if (!FIPS_drbg_uninstantiate(dctx)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); -+ goto err; -+ } -+ -+ /* Nonce tests */ -+ -+ /* Test too small nonce */ -+ -+ if (dctx->min_nonce) { -+ -+ if (!do_drbg_init(dctx, td, &t)) -+ goto err; -+ -+ dctx->iflags |= DRBG_FLAG_NOERR; -+ -+ t.noncelen = dctx->min_nonce - 1; -+ -+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_NONCE_ERROR_UNDETECTED); -+ goto err; -+ } -+ -+ dctx->iflags &= ~DRBG_FLAG_NOERR; -+ if (!FIPS_drbg_uninstantiate(dctx)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); -+ goto err; -+ } -+ -+ } -+ -+ /* Test too large nonce */ -+ -+ if (dctx->max_nonce) { -+ -+ if (!do_drbg_init(dctx, td, &t)) -+ goto err; -+ -+ dctx->iflags |= DRBG_FLAG_NOERR; -+ -+ t.noncelen = dctx->max_nonce + 1; -+ -+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_NONCE_ERROR_UNDETECTED); -+ goto err; -+ } -+ -+ dctx->iflags &= ~DRBG_FLAG_NOERR; -+ if (!FIPS_drbg_uninstantiate(dctx)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); -+ goto err; -+ } -+ -+ } -+ -+ /* Instantiate with valid data. */ -+ if (!do_drbg_instantiate(dctx, td, &t)) -+ goto err; -+ -+ /* Check generation is now OK */ -+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, -+ td->adin, td->adinlen)) -+ goto err; -+ -+ dctx->iflags |= DRBG_FLAG_NOERR; -+ -+ /* Request too much data for one request */ -+ if (FIPS_drbg_generate(dctx, randout, dctx->max_request + 1, 0, -+ td->adin, td->adinlen)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED); -+ goto err; -+ } -+ -+ /* Try too large additional input */ -+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 0, -+ td->adin, dctx->max_adin + 1)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED); -+ goto err; -+ } -+ -+ /* Check prediction resistance request fails if entropy source -+ * failure. -+ */ -+ -+ t.entlen = 0; -+ -+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 1, -+ td->adin, td->adinlen)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_ENTROPY_ERROR_UNDETECTED); -+ goto err; -+ } -+ -+ dctx->iflags &= ~DRBG_FLAG_NOERR; -+ if (!FIPS_drbg_uninstantiate(dctx)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); -+ goto err; -+ } -+ -+ /* Instantiate again with valid data */ -+ -+ if (!do_drbg_instantiate(dctx, td, &t)) -+ goto err; -+ /* Test reseed counter works */ -+ /* Save initial reseed counter */ -+ reseed_counter_tmp = dctx->reseed_counter; -+ /* Set reseed counter to beyond interval */ -+ dctx->reseed_counter = dctx->reseed_interval; -+ -+ /* Generate output and check entropy has been requested for reseed */ -+ t.entcnt = 0; -+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, -+ td->adin, td->adinlen)) -+ goto err; -+ if (t.entcnt != 1) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED); -+ goto err; -+ } -+ /* Check reseed counter has been reset */ -+ if (dctx->reseed_counter != reseed_counter_tmp + 1) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR); -+ goto err; -+ } -+ -+ dctx->iflags &= ~DRBG_FLAG_NOERR; -+ if (!FIPS_drbg_uninstantiate(dctx)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); -+ goto err; -+ } -+ -+ /* Check prediction resistance request fails if entropy source -+ * failure. -+ */ -+ -+ t.entlen = 0; -+ -+ dctx->iflags |= DRBG_FLAG_NOERR; -+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 1, -+ td->adin, td->adinlen)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_ENTROPY_ERROR_UNDETECTED); -+ goto err; -+ } -+ -+ dctx->iflags &= ~DRBG_FLAG_NOERR; -+ -+ if (!FIPS_drbg_uninstantiate(dctx)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); -+ goto err; -+ } -+ -+ if (!do_drbg_instantiate(dctx, td, &t)) -+ goto err; -+ /* Test reseed counter works */ -+ /* Save initial reseed counter */ -+ reseed_counter_tmp = dctx->reseed_counter; -+ /* Set reseed counter to beyond interval */ -+ dctx->reseed_counter = dctx->reseed_interval; -+ -+ /* Generate output and check entropy has been requested for reseed */ -+ t.entcnt = 0; -+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, -+ td->adin, td->adinlen)) -+ goto err; -+ if (t.entcnt != 1) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED); -+ goto err; -+ } -+ /* Check reseed counter has been reset */ -+ if (dctx->reseed_counter != reseed_counter_tmp + 1) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR); -+ goto err; -+ } -+ -+ dctx->iflags &= ~DRBG_FLAG_NOERR; -+ if (!FIPS_drbg_uninstantiate(dctx)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); -+ goto err; -+ } -+ -+ /* Explicit reseed tests */ -+ -+ /* Test explicit reseed with too large additional input */ -+ if (!do_drbg_init(dctx, td, &t)) -+ goto err; -+ -+ dctx->iflags |= DRBG_FLAG_NOERR; -+ -+ if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED); -+ goto err; -+ } -+ -+ /* Test explicit reseed with entropy source failure */ -+ -+ t.entlen = 0; -+ -+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_ENTROPY_ERROR_UNDETECTED); -+ goto err; -+ } -+ -+ if (!FIPS_drbg_uninstantiate(dctx)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); -+ goto err; -+ } -+ -+ /* Test explicit reseed with too much entropy */ -+ -+ if (!do_drbg_init(dctx, td, &t)) -+ goto err; -+ -+ dctx->iflags |= DRBG_FLAG_NOERR; -+ -+ t.entlen = dctx->max_entropy + 1; -+ -+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_ENTROPY_ERROR_UNDETECTED); -+ goto err; -+ } -+ -+ if (!FIPS_drbg_uninstantiate(dctx)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); -+ goto err; -+ } -+ -+ /* Test explicit reseed with too little entropy */ -+ -+ if (!do_drbg_init(dctx, td, &t)) -+ goto err; -+ -+ dctx->iflags |= DRBG_FLAG_NOERR; -+ -+ t.entlen = dctx->min_entropy - 1; -+ -+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_ENTROPY_ERROR_UNDETECTED); -+ goto err; -+ } -+ -+ if (!FIPS_drbg_uninstantiate(dctx)) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); -+ goto err; -+ } -+ -+ p = (unsigned char *)&dctx->d; -+ /* Standard says we have to check uninstantiate really zeroes -+ * the data... -+ */ -+ for (i = 0; i < sizeof(dctx->d); i++) { -+ if (*p != 0) { -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, -+ FIPS_R_UNINSTANTIATE_ZEROISE_ERROR); -+ goto err; -+ } -+ p++; -+ } -+ -+ return 1; -+ -+ err: -+ /* A real error as opposed to an induced one: underlying function will -+ * indicate the error. -+ */ -+ if (!(dctx->iflags & DRBG_FLAG_NOERR)) -+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_FUNCTION_ERROR); -+ FIPS_drbg_uninstantiate(dctx); -+ return 0; -+ -+} -+ -+int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags) -+{ -+ DRBG_SELFTEST_DATA *td; -+ flags |= DRBG_FLAG_TEST; -+ for (td = drbg_test; td->nid != 0; td++) { -+ if (td->nid == nid && td->flags == flags) { -+ if (!fips_drbg_single_kat(dctx, td, 0)) -+ return 0; -+ return fips_drbg_error_check(dctx, td); -+ } -+ } -+ return 0; -+} -+ -+int FIPS_drbg_health_check(DRBG_CTX *dctx) -+{ -+ int rv; -+ DRBG_CTX *tctx = NULL; -+ tctx = FIPS_drbg_new(0, 0); -+ fips_post_started(FIPS_TEST_DRBG, dctx->type, &dctx->xflags); -+ if (!tctx) -+ return 0; -+ rv = fips_drbg_kat(tctx, dctx->type, dctx->xflags); -+ if (tctx) -+ FIPS_drbg_free(tctx); -+ if (rv) -+ fips_post_success(FIPS_TEST_DRBG, dctx->type, &dctx->xflags); -+ else -+ fips_post_failed(FIPS_TEST_DRBG, dctx->type, &dctx->xflags); -+ if (!rv) -+ dctx->status = DRBG_STATUS_ERROR; -+ else -+ dctx->health_check_cnt = 0; -+ return rv; -+} -+ -+int FIPS_selftest_drbg(void) -+{ -+ DRBG_CTX *dctx; -+ DRBG_SELFTEST_DATA *td; -+ int rv = 1; -+ dctx = FIPS_drbg_new(0, 0); -+ if (!dctx) -+ return 0; -+ for (td = drbg_test; td->nid != 0; td++) { -+ if (td->post != 1) -+ continue; -+ if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags)) -+ return 1; -+ if (!fips_drbg_single_kat(dctx, td, 1)) { -+ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags); -+ rv = 0; -+ continue; -+ } -+ if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags)) -+ return 0; -+ } -+ FIPS_drbg_free(dctx); -+ return rv; -+} -+ -+int FIPS_selftest_drbg_all(void) -+{ -+ DRBG_CTX *dctx; -+ DRBG_SELFTEST_DATA *td; -+ int rv = 1; -+ dctx = FIPS_drbg_new(0, 0); -+ if (!dctx) -+ return 0; -+ for (td = drbg_test; td->nid != 0; td++) { -+ if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags)) -+ return 1; -+ if (!fips_drbg_single_kat(dctx, td, 0)) { -+ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags); -+ rv = 0; -+ continue; -+ } -+ if (!fips_drbg_error_check(dctx, td)) { -+ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags); -+ rv = 0; -+ continue; -+ } -+ if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags)) -+ return 0; -+ } -+ FIPS_drbg_free(dctx); -+ return rv; -+} -diff -up openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h ---- openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h.fips 2021-03-03 12:57:42.200734534 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h 2021-03-03 12:57:42.200734534 +0100 -@@ -0,0 +1,1791 @@ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+/* Selftest and health check data for the SP800-90 DRBG */ -+ -+#define __fips_constseg -+ -+/* AES-128 use df PR */ -+__fips_constseg static const unsigned char aes_128_use_df_pr_entropyinput[] = { -+ 0x61, 0x52, 0x7c, 0xe3, 0x23, 0x7d, 0x0a, 0x07, 0x10, 0x0c, 0x50, 0x33, -+ 0xc8, 0xdb, 0xff, 0x12 -+}; -+ -+__fips_constseg static const unsigned char aes_128_use_df_pr_nonce[] = { -+ 0x51, 0x0d, 0x85, 0x77, 0xed, 0x22, 0x97, 0x28 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_128_use_df_pr_personalizationstring[] = { -+ 0x59, 0x9f, 0xbb, 0xcd, 0xd5, 0x25, 0x69, 0xb5, 0xcb, 0xb5, 0x03, 0xfe, -+ 0xd7, 0xd7, 0x01, 0x67 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_128_use_df_pr_additionalinput[] = { -+ 0xef, 0x88, 0x76, 0x01, 0xaf, 0x3c, 0xfe, 0x8b, 0xaf, 0x26, 0x06, 0x9e, -+ 0x9a, 0x47, 0x08, 0x76 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_128_use_df_pr_entropyinputpr[] = { -+ 0xe2, 0x76, 0xf9, 0xf6, 0x3a, 0xba, 0x10, 0x9f, 0xbf, 0x47, 0x0e, 0x51, -+ 0x09, 0xfb, 0xa3, 0xb6 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_128_use_df_pr_int_returnedbits[] = { -+ 0xd4, 0x98, 0x8a, 0x46, 0x80, 0x4c, 0xdb, 0xa3, 0x59, 0x02, 0x57, 0x52, -+ 0x66, 0x1c, 0xea, 0x5b -+}; -+ -+__fips_constseg -+ static const unsigned char aes_128_use_df_pr_additionalinput2[] = { -+ 0x88, 0x8c, 0x91, 0xd6, 0xbe, 0x56, 0x6e, 0x08, 0x9a, 0x62, 0x2b, 0x11, -+ 0x3f, 0x5e, 0x31, 0x06 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_128_use_df_pr_entropyinputpr2[] = { -+ 0xc0, 0x5c, 0x6b, 0x98, 0x01, 0x0d, 0x58, 0x18, 0x51, 0x18, 0x96, 0xae, -+ 0xa7, 0xe3, 0xa8, 0x67 -+}; -+ -+__fips_constseg static const unsigned char aes_128_use_df_pr_returnedbits[] = { -+ 0xcf, 0x01, 0xac, 0x22, 0x31, 0x06, 0x8e, 0xfc, 0xce, 0x56, 0xea, 0x24, -+ 0x0f, 0x38, 0x43, 0xc6 -+}; -+ -+/* AES-128 use df No PR */ -+__fips_constseg static const unsigned char aes_128_use_df_entropyinput[] = { -+ 0x1f, 0x8e, 0x34, 0x82, 0x0c, 0xb7, 0xbe, 0xc5, 0x01, 0x3e, 0xd0, 0xa3, -+ 0x9d, 0x7d, 0x1c, 0x9b -+}; -+ -+__fips_constseg static const unsigned char aes_128_use_df_nonce[] = { -+ 0xd5, 0x4d, 0xbd, 0x4a, 0x93, 0x7f, 0xb8, 0x96 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_128_use_df_personalizationstring[] = { -+ 0xab, 0xd6, 0x3f, 0x04, 0xfe, 0x27, 0x6b, 0x2d, 0xd7, 0xc3, 0x1c, 0xf3, -+ 0x38, 0x66, 0xba, 0x1b -+}; -+ -+__fips_constseg static const unsigned char aes_128_use_df_additionalinput[] = { -+ 0xfe, 0xf4, 0x09, 0xa8, 0xb7, 0x73, 0x27, 0x9c, 0x5f, 0xa7, 0xea, 0x46, -+ 0xb5, 0xe2, 0xb2, 0x41 -+}; -+ -+__fips_constseg static const unsigned char aes_128_use_df_int_returnedbits[] = { -+ 0x42, 0xe4, 0x4e, 0x7b, 0x27, 0xdd, 0xcb, 0xbc, 0x0a, 0xcf, 0xa6, 0x67, -+ 0xe7, 0x57, 0x11, 0xb4 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_128_use_df_entropyinputreseed[] = { -+ 0x14, 0x26, 0x69, 0xd9, 0xf3, 0x65, 0x03, 0xd6, 0x6b, 0xb9, 0x44, 0x0b, -+ 0xc7, 0xc4, 0x9e, 0x39 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_128_use_df_additionalinputreseed[] = { -+ 0x55, 0x2e, 0x60, 0x9a, 0x05, 0x72, 0x8a, 0xa8, 0xef, 0x22, 0x81, 0x5a, -+ 0xc8, 0x93, 0xfa, 0x84 -+}; -+ -+__fips_constseg static const unsigned char aes_128_use_df_additionalinput2[] = { -+ 0x3c, 0x40, 0xc8, 0xc4, 0x16, 0x0c, 0x21, 0xa4, 0x37, 0x2c, 0x8f, 0xa5, -+ 0x06, 0x0c, 0x15, 0x2c -+}; -+ -+__fips_constseg static const unsigned char aes_128_use_df_returnedbits[] = { -+ 0xe1, 0x3e, 0x99, 0x98, 0x86, 0x67, 0x0b, 0x63, 0x7b, 0xbe, 0x3f, 0x88, -+ 0x46, 0x81, 0xc7, 0x19 -+}; -+ -+/* AES-192 use df PR */ -+__fips_constseg static const unsigned char aes_192_use_df_pr_entropyinput[] = { -+ 0x2b, 0x4e, 0x8b, 0xe1, 0xf1, 0x34, 0x80, 0x56, 0x81, 0xf9, 0x74, 0xec, -+ 0x17, 0x44, 0x2a, 0xf1, 0x14, 0xb0, 0xbf, 0x97, 0x39, 0xb7, 0x04, 0x7d -+}; -+ -+__fips_constseg static const unsigned char aes_192_use_df_pr_nonce[] = { -+ 0xd6, 0x9d, 0xeb, 0x14, 0x4e, 0x6c, 0x30, 0x1e, 0x39, 0x55, 0x73, 0xd0, -+ 0xd1, 0x80, 0x78, 0xfa -+}; -+ -+__fips_constseg -+ static const unsigned char aes_192_use_df_pr_personalizationstring[] = { -+ 0xfc, 0x43, 0x4a, 0xf8, 0x9a, 0x55, 0xb3, 0x53, 0x83, 0xe2, 0x18, 0x16, -+ 0x0c, 0xdc, 0xcd, 0x5e, 0x4f, 0xa0, 0x03, 0x01, 0x2b, 0x9f, 0xe4, 0xd5, -+ 0x7d, 0x49, 0xf0, 0x41, 0x9e, 0x3d, 0x99, 0x04 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_192_use_df_pr_additionalinput[] = { -+ 0x5e, 0x9f, 0x49, 0x6f, 0x21, 0x8b, 0x1d, 0x32, 0xd5, 0x84, 0x5c, 0xac, -+ 0xaf, 0xdf, 0xe4, 0x79, 0x9e, 0xaf, 0xa9, 0x82, 0xd0, 0xf8, 0x4f, 0xcb, -+ 0x69, 0x10, 0x0a, 0x7e, 0x81, 0x57, 0xb5, 0x36 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_192_use_df_pr_entropyinputpr[] = { -+ 0xd4, 0x81, 0x0c, 0xd7, 0x66, 0x39, 0xec, 0x42, 0x53, 0x87, 0x41, 0xa5, -+ 0x1e, 0x7d, 0x80, 0x91, 0x8e, 0xbb, 0xed, 0xac, 0x14, 0x02, 0x1a, 0xd5 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_192_use_df_pr_int_returnedbits[] = { -+ 0xdf, 0x1d, 0x39, 0x45, 0x7c, 0x9b, 0xc6, 0x2b, 0x7d, 0x8c, 0x93, 0xe9, -+ 0x19, 0x30, 0x6b, 0x67 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_192_use_df_pr_additionalinput2[] = { -+ 0x00, 0x71, 0x27, 0x4e, 0xd3, 0x14, 0xf1, 0x20, 0x7f, 0x4a, 0x41, 0x32, -+ 0x2a, 0x97, 0x11, 0x43, 0x8f, 0x4a, 0x15, 0x7b, 0x9b, 0x51, 0x79, 0xda, -+ 0x49, 0x3d, 0xde, 0xe8, 0xbc, 0x93, 0x91, 0x99 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_192_use_df_pr_entropyinputpr2[] = { -+ 0x90, 0xee, 0x76, 0xa1, 0x45, 0x8d, 0xb7, 0x40, 0xb0, 0x11, 0xbf, 0xd0, -+ 0x65, 0xd7, 0x3c, 0x7c, 0x4f, 0x20, 0x3f, 0x4e, 0x11, 0x9d, 0xb3, 0x5e -+}; -+ -+__fips_constseg static const unsigned char aes_192_use_df_pr_returnedbits[] = { -+ 0x24, 0x3b, 0x20, 0xa4, 0x37, 0x66, 0xba, 0x72, 0x39, 0x3f, 0xcf, 0x3c, -+ 0x7e, 0x1a, 0x2b, 0x83 -+}; -+ -+/* AES-192 use df No PR */ -+__fips_constseg static const unsigned char aes_192_use_df_entropyinput[] = { -+ 0x8d, 0x74, 0xa4, 0x50, 0x1a, 0x02, 0x68, 0x0c, 0x2a, 0x69, 0xc4, 0x82, -+ 0x3b, 0xbb, 0xda, 0x0e, 0x7f, 0x77, 0xa3, 0x17, 0x78, 0x57, 0xb2, 0x7b -+}; -+ -+__fips_constseg static const unsigned char aes_192_use_df_nonce[] = { -+ 0x75, 0xd5, 0x1f, 0xac, 0xa4, 0x8d, 0x42, 0x78, 0xd7, 0x69, 0x86, 0x9d, -+ 0x77, 0xd7, 0x41, 0x0e -+}; -+ -+__fips_constseg -+ static const unsigned char aes_192_use_df_personalizationstring[] = { -+ 0x4e, 0x33, 0x41, 0x3c, 0x9c, 0xc2, 0xd2, 0x53, 0xaf, 0x90, 0xea, 0xcf, -+ 0x19, 0x50, 0x1e, 0xe6, 0x6f, 0x63, 0xc8, 0x32, 0x22, 0xdc, 0x07, 0x65, -+ 0x9c, 0xd3, 0xf8, 0x30, 0x9e, 0xed, 0x35, 0x70 -+}; -+ -+__fips_constseg static const unsigned char aes_192_use_df_additionalinput[] = { -+ 0x5d, 0x8b, 0x8c, 0xc1, 0xdf, 0x0e, 0x02, 0x78, 0xfb, 0x19, 0xb8, 0x69, -+ 0x78, 0x4e, 0x9c, 0x52, 0xbc, 0xc7, 0x20, 0xc9, 0xe6, 0x5e, 0x77, 0x22, -+ 0x28, 0x3d, 0x0c, 0x9e, 0x68, 0xa8, 0x45, 0xd7 -+}; -+ -+__fips_constseg static const unsigned char aes_192_use_df_int_returnedbits[] = { -+ 0xd5, 0xe7, 0x08, 0xc5, 0x19, 0x99, 0xd5, 0x31, 0x03, 0x0a, 0x74, 0xb6, -+ 0xb7, 0xed, 0xe9, 0xea -+}; -+ -+__fips_constseg -+ static const unsigned char aes_192_use_df_entropyinputreseed[] = { -+ 0x9c, 0x26, 0xda, 0xf1, 0xac, 0xd9, 0x5a, 0xd6, 0xa8, 0x65, 0xf5, 0x02, -+ 0x8f, 0xdc, 0xa2, 0x09, 0x54, 0xa6, 0xe2, 0xa4, 0xde, 0x32, 0xe0, 0x01 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_192_use_df_additionalinputreseed[] = { -+ 0x9b, 0x90, 0xb0, 0x3a, 0x0e, 0x3a, 0x80, 0x07, 0x4a, 0xf4, 0xda, 0x76, -+ 0x28, 0x30, 0x3c, 0xee, 0x54, 0x1b, 0x94, 0x59, 0x51, 0x43, 0x56, 0x77, -+ 0xaf, 0x88, 0xdd, 0x63, 0x89, 0x47, 0x06, 0x65 -+}; -+ -+__fips_constseg static const unsigned char aes_192_use_df_additionalinput2[] = { -+ 0x3c, 0x11, 0x64, 0x7a, 0x96, 0xf5, 0xd8, 0xb8, 0xae, 0xd6, 0x70, 0x4e, -+ 0x16, 0x96, 0xde, 0xe9, 0x62, 0xbc, 0xee, 0x28, 0x2f, 0x26, 0xa6, 0xf0, -+ 0x56, 0xef, 0xa3, 0xf1, 0x6b, 0xa1, 0xb1, 0x77 -+}; -+ -+__fips_constseg static const unsigned char aes_192_use_df_returnedbits[] = { -+ 0x0b, 0xe2, 0x56, 0x03, 0x1e, 0xdb, 0x2c, 0x6d, 0x7f, 0x1b, 0x15, 0x58, -+ 0x1a, 0xf9, 0x13, 0x28 -+}; -+ -+/* AES-256 use df PR */ -+__fips_constseg static const unsigned char aes_256_use_df_pr_entropyinput[] = { -+ 0x61, 0x68, 0xfc, 0x1a, 0xf0, 0xb5, 0x95, 0x6b, 0x85, 0x09, 0x9b, 0x74, -+ 0x3f, 0x13, 0x78, 0x49, 0x3b, 0x85, 0xec, 0x93, 0x13, 0x3b, 0xa9, 0x4f, -+ 0x96, 0xab, 0x2c, 0xe4, 0xc8, 0x8f, 0xdd, 0x6a -+}; -+ -+__fips_constseg static const unsigned char aes_256_use_df_pr_nonce[] = { -+ 0xad, 0xd2, 0xbb, 0xba, 0xb7, 0x65, 0x89, 0xc3, 0x21, 0x6c, 0x55, 0x33, -+ 0x2b, 0x36, 0xff, 0xa4 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_256_use_df_pr_personalizationstring[] = { -+ 0x6e, 0xca, 0xe7, 0x20, 0x72, 0xd3, 0x84, 0x5a, 0x32, 0xd3, 0x4b, 0x24, -+ 0x72, 0xc4, 0x63, 0x2b, 0x9d, 0x12, 0x24, 0x0c, 0x23, 0x26, 0x8e, 0x83, -+ 0x16, 0x37, 0x0b, 0xd1, 0x06, 0x4f, 0x68, 0x6d -+}; -+ -+__fips_constseg -+ static const unsigned char aes_256_use_df_pr_additionalinput[] = { -+ 0x7e, 0x08, 0x4a, 0xbb, 0xe3, 0x21, 0x7c, 0xc9, 0x23, 0xd2, 0xf8, 0xb0, -+ 0x73, 0x98, 0xba, 0x84, 0x74, 0x23, 0xab, 0x06, 0x8a, 0xe2, 0x22, 0xd3, -+ 0x7b, 0xce, 0x9b, 0xd2, 0x4a, 0x76, 0xb8, 0xde -+}; -+ -+__fips_constseg -+ static const unsigned char aes_256_use_df_pr_entropyinputpr[] = { -+ 0x0b, 0x23, 0xaf, 0xdf, 0xf1, 0x62, 0xd7, 0xd3, 0x43, 0x97, 0xf8, 0x77, -+ 0x04, 0xa8, 0x42, 0x20, 0xbd, 0xf6, 0x0f, 0xc1, 0x17, 0x2f, 0x9f, 0x54, -+ 0xbb, 0x56, 0x17, 0x86, 0x68, 0x0e, 0xba, 0xa9 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_256_use_df_pr_int_returnedbits[] = { -+ 0x31, 0x8e, 0xad, 0xaf, 0x40, 0xeb, 0x6b, 0x74, 0x31, 0x46, 0x80, 0xc7, -+ 0x17, 0xab, 0x3c, 0x7a -+}; -+ -+__fips_constseg -+ static const unsigned char aes_256_use_df_pr_additionalinput2[] = { -+ 0x94, 0x6b, 0xc9, 0x9f, 0xab, 0x8d, 0xc5, 0xec, 0x71, 0x88, 0x1d, 0x00, -+ 0x8c, 0x89, 0x68, 0xe4, 0xc8, 0x07, 0x77, 0x36, 0x17, 0x6d, 0x79, 0x78, -+ 0xc7, 0x06, 0x4e, 0x99, 0x04, 0x28, 0x29, 0xc3 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_256_use_df_pr_entropyinputpr2[] = { -+ 0xbf, 0x6c, 0x59, 0x2a, 0x0d, 0x44, 0x0f, 0xae, 0x9a, 0x5e, 0x03, 0x73, -+ 0xd8, 0xa6, 0xe1, 0xcf, 0x25, 0x61, 0x38, 0x24, 0x86, 0x9e, 0x53, 0xe8, -+ 0xa4, 0xdf, 0x56, 0xf4, 0x06, 0x07, 0x9c, 0x0f -+}; -+ -+__fips_constseg static const unsigned char aes_256_use_df_pr_returnedbits[] = { -+ 0x22, 0x4a, 0xb4, 0xb8, 0xb6, 0xee, 0x7d, 0xb1, 0x9e, 0xc9, 0xf9, 0xa0, -+ 0xd9, 0xe2, 0x97, 0x00 -+}; -+ -+/* AES-256 use df No PR */ -+__fips_constseg static const unsigned char aes_256_use_df_entropyinput[] = { -+ 0xa5, 0x3e, 0x37, 0x10, 0x17, 0x43, 0x91, 0x93, 0x59, 0x1e, 0x47, 0x50, -+ 0x87, 0xaa, 0xdd, 0xd5, 0xc1, 0xc3, 0x86, 0xcd, 0xca, 0x0d, 0xdb, 0x68, -+ 0xe0, 0x02, 0xd8, 0x0f, 0xdc, 0x40, 0x1a, 0x47 -+}; -+ -+__fips_constseg static const unsigned char aes_256_use_df_nonce[] = { -+ 0xa9, 0x4d, 0xa5, 0x5a, 0xfd, 0xc5, 0x0c, 0xe5, 0x1c, 0x9a, 0x3b, 0x8a, -+ 0x4c, 0x44, 0x84, 0x40 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_256_use_df_personalizationstring[] = { -+ 0x8b, 0x52, 0xa2, 0x4a, 0x93, 0xc3, 0x4e, 0xa7, 0x1e, 0x1c, 0xa7, 0x05, -+ 0xeb, 0x82, 0x9b, 0xa6, 0x5d, 0xe4, 0xd4, 0xe0, 0x7f, 0xa3, 0xd8, 0x6b, -+ 0x37, 0x84, 0x5f, 0xf1, 0xc7, 0xd5, 0xf6, 0xd2 -+}; -+ -+__fips_constseg static const unsigned char aes_256_use_df_additionalinput[] = { -+ 0x20, 0xf4, 0x22, 0xed, 0xf8, 0x5c, 0xa1, 0x6a, 0x01, 0xcf, 0xbe, 0x5f, -+ 0x8d, 0x6c, 0x94, 0x7f, 0xae, 0x12, 0xa8, 0x57, 0xdb, 0x2a, 0xa9, 0xbf, -+ 0xc7, 0xb3, 0x65, 0x81, 0x80, 0x8d, 0x0d, 0x46 -+}; -+ -+__fips_constseg static const unsigned char aes_256_use_df_int_returnedbits[] = { -+ 0x4e, 0x44, 0xfd, 0xf3, 0x9e, 0x29, 0xa2, 0xb8, 0x0f, 0x5d, 0x6c, 0xe1, -+ 0x28, 0x0c, 0x3b, 0xc1 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_256_use_df_entropyinputreseed[] = { -+ 0xdd, 0x40, 0xe5, 0x98, 0x7b, 0x27, 0x16, 0x73, 0x15, 0x68, 0xd2, 0x76, -+ 0xbf, 0x0c, 0x67, 0x15, 0x75, 0x79, 0x03, 0xd3, 0xde, 0xde, 0x91, 0x46, -+ 0x42, 0xdd, 0xd4, 0x67, 0xc8, 0x79, 0xc8, 0x1e -+}; -+ -+__fips_constseg -+ static const unsigned char aes_256_use_df_additionalinputreseed[] = { -+ 0x7f, 0xd8, 0x1f, 0xbd, 0x2a, 0xb5, 0x1c, 0x11, 0x5d, 0x83, 0x4e, 0x99, -+ 0xf6, 0x5c, 0xa5, 0x40, 0x20, 0xed, 0x38, 0x8e, 0xd5, 0x9e, 0xe0, 0x75, -+ 0x93, 0xfe, 0x12, 0x5e, 0x5d, 0x73, 0xfb, 0x75 -+}; -+ -+__fips_constseg static const unsigned char aes_256_use_df_additionalinput2[] = { -+ 0xcd, 0x2c, 0xff, 0x14, 0x69, 0x3e, 0x4c, 0x9e, 0xfd, 0xfe, 0x26, 0x0d, -+ 0xe9, 0x86, 0x00, 0x49, 0x30, 0xba, 0xb1, 0xc6, 0x50, 0x57, 0x77, 0x2a, -+ 0x62, 0x39, 0x2c, 0x3b, 0x74, 0xeb, 0xc9, 0x0d -+}; -+ -+__fips_constseg static const unsigned char aes_256_use_df_returnedbits[] = { -+ 0x4f, 0x78, 0xbe, 0xb9, 0x4d, 0x97, 0x8c, 0xe9, 0xd0, 0x97, 0xfe, 0xad, -+ 0xfa, 0xfd, 0x35, 0x5e -+}; -+ -+/* AES-128 no df PR */ -+__fips_constseg static const unsigned char aes_128_no_df_pr_entropyinput[] = { -+ 0x9a, 0x25, 0x65, 0x10, 0x67, 0xd5, 0xb6, 0x6b, 0x70, 0xa1, 0xb3, 0xa4, -+ 0x43, 0x95, 0x80, 0xc0, 0x84, 0x0a, 0x79, 0xb0, 0x88, 0x74, 0xf2, 0xbf, -+ 0x31, 0x6c, 0x33, 0x38, 0x0b, 0x00, 0xb2, 0x5a -+}; -+ -+__fips_constseg static const unsigned char aes_128_no_df_pr_nonce[] = { -+ 0x78, 0x47, 0x6b, 0xf7, 0x90, 0x8e, 0x87, 0xf1 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_128_no_df_pr_personalizationstring[] = { -+ 0xf7, 0x22, 0x1d, 0x3a, 0xbe, 0x1d, 0xca, 0x32, 0x1b, 0xbd, 0x87, 0x0c, -+ 0x51, 0x24, 0x19, 0xee, 0xa3, 0x23, 0x09, 0x63, 0x33, 0x3d, 0xa8, 0x0c, -+ 0x1c, 0xfa, 0x42, 0x89, 0xcc, 0x6f, 0xa0, 0xa8 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_128_no_df_pr_additionalinput[] = { -+ 0xc9, 0xe0, 0x80, 0xbf, 0x8c, 0x45, 0x58, 0x39, 0xff, 0x00, 0xab, 0x02, -+ 0x4c, 0x3e, 0x3a, 0x95, 0x9b, 0x80, 0xa8, 0x21, 0x2a, 0xee, 0xba, 0x73, -+ 0xb1, 0xd9, 0xcf, 0x28, 0xf6, 0x8f, 0x9b, 0x12 -+}; -+ -+__fips_constseg static const unsigned char aes_128_no_df_pr_entropyinputpr[] = { -+ 0x4c, 0xa8, 0xc5, 0xf0, 0x59, 0x9e, 0xa6, 0x8d, 0x26, 0x53, 0xd7, 0x8a, -+ 0xa9, 0xd8, 0xf7, 0xed, 0xb2, 0xf9, 0x12, 0x42, 0xe1, 0xe5, 0xbd, 0xe7, -+ 0xe7, 0x1d, 0x74, 0x99, 0x00, 0x9d, 0x31, 0x3e -+}; -+ -+__fips_constseg -+ static const unsigned char aes_128_no_df_pr_int_returnedbits[] = { -+ 0xe2, 0xac, 0x20, 0xf0, 0x80, 0xe7, 0xbc, 0x7e, 0x9c, 0x7b, 0x65, 0x71, -+ 0xaf, 0x19, 0x32, 0x16 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_128_no_df_pr_additionalinput2[] = { -+ 0x32, 0x7f, 0x38, 0x8b, 0x73, 0x0a, 0x78, 0x83, 0xdc, 0x30, 0xbe, 0x9f, -+ 0x10, 0x1f, 0xf5, 0x1f, 0xca, 0x00, 0xb5, 0x0d, 0xd6, 0x9d, 0x60, 0x83, -+ 0x51, 0x54, 0x7d, 0x38, 0x23, 0x3a, 0x52, 0x50 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_128_no_df_pr_entropyinputpr2[] = { -+ 0x18, 0x61, 0x53, 0x56, 0xed, 0xed, 0xd7, 0x20, 0xfb, 0x71, 0x04, 0x7a, -+ 0xb2, 0xac, 0xc1, 0x28, 0xcd, 0xf2, 0xc2, 0xfc, 0xaa, 0xb1, 0x06, 0x07, -+ 0xe9, 0x46, 0x95, 0x02, 0x48, 0x01, 0x78, 0xf9 -+}; -+ -+__fips_constseg static const unsigned char aes_128_no_df_pr_returnedbits[] = { -+ 0x29, 0xc8, 0x1b, 0x15, 0xb1, 0xd1, 0xc2, 0xf6, 0x71, 0x86, 0x68, 0x33, -+ 0x57, 0x82, 0x33, 0xaf -+}; -+ -+/* AES-128 no df No PR */ -+__fips_constseg static const unsigned char aes_128_no_df_entropyinput[] = { -+ 0xc9, 0xc5, 0x79, 0xbc, 0xe8, 0xc5, 0x19, 0xd8, 0xbc, 0x66, 0x73, 0x67, -+ 0xf6, 0xd3, 0x72, 0xaa, 0xa6, 0x16, 0xb8, 0x50, 0xb7, 0x47, 0x3a, 0x42, -+ 0xab, 0xf4, 0x16, 0xb2, 0x96, 0xd2, 0xb6, 0x60 -+}; -+ -+__fips_constseg static const unsigned char aes_128_no_df_nonce[] = { -+ 0x5f, 0xbf, 0x97, 0x0c, 0x4b, 0xa4, 0x87, 0x13 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_128_no_df_personalizationstring[] = { -+ 0xce, 0xfb, 0x7b, 0x3f, 0xd4, 0x6b, 0x29, 0x0d, 0x69, 0x06, 0xff, 0xbb, -+ 0xf2, 0xe5, 0xc6, 0x6c, 0x0a, 0x10, 0xa0, 0xcf, 0x1a, 0x48, 0xc7, 0x8b, -+ 0x3c, 0x16, 0x88, 0xed, 0x50, 0x13, 0x81, 0xce -+}; -+ -+__fips_constseg static const unsigned char aes_128_no_df_additionalinput[] = { -+ 0x4b, 0x22, 0x46, 0x18, 0x02, 0x7b, 0xd2, 0x1b, 0x22, 0x42, 0x7c, 0x37, -+ 0xd9, 0xf6, 0xe8, 0x9b, 0x12, 0x30, 0x5f, 0xe9, 0x90, 0xe8, 0x08, 0x24, -+ 0x4f, 0x06, 0x66, 0xdb, 0x19, 0x2b, 0x13, 0x95 -+}; -+ -+__fips_constseg static const unsigned char aes_128_no_df_int_returnedbits[] = { -+ 0x2e, 0x96, 0x70, 0x64, 0xfa, 0xdf, 0xdf, 0x57, 0xb5, 0x82, 0xee, 0xd6, -+ 0xed, 0x3e, 0x65, 0xc2 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_128_no_df_entropyinputreseed[] = { -+ 0x26, 0xc0, 0x72, 0x16, 0x3a, 0x4b, 0xb7, 0x99, 0xd4, 0x07, 0xaf, 0x66, -+ 0x62, 0x36, 0x96, 0xa4, 0x51, 0x17, 0xfa, 0x07, 0x8b, 0x17, 0x5e, 0xa1, -+ 0x2f, 0x3c, 0x10, 0xe7, 0x90, 0xd0, 0x46, 0x00 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_128_no_df_additionalinputreseed[] = { -+ 0x83, 0x39, 0x37, 0x7b, 0x02, 0x06, 0xd2, 0x12, 0x13, 0x8d, 0x8b, 0xf2, -+ 0xf0, 0xf6, 0x26, 0xeb, 0xa4, 0x22, 0x7b, 0xc2, 0xe7, 0xba, 0x79, 0xe4, -+ 0x3b, 0x77, 0x5d, 0x4d, 0x47, 0xb2, 0x2d, 0xb4 -+}; -+ -+__fips_constseg static const unsigned char aes_128_no_df_additionalinput2[] = { -+ 0x0b, 0xb9, 0x67, 0x37, 0xdb, 0x83, 0xdf, 0xca, 0x81, 0x8b, 0xf9, 0x3f, -+ 0xf1, 0x11, 0x1b, 0x2f, 0xf0, 0x61, 0xa6, 0xdf, 0xba, 0xa3, 0xb1, 0xac, -+ 0xd3, 0xe6, 0x09, 0xb8, 0x2c, 0x6a, 0x67, 0xd6 -+}; -+ -+__fips_constseg static const unsigned char aes_128_no_df_returnedbits[] = { -+ 0x1e, 0xa7, 0xa4, 0xe4, 0xe1, 0xa6, 0x7c, 0x69, 0x9a, 0x44, 0x6c, 0x36, -+ 0x81, 0x37, 0x19, 0xd4 -+}; -+ -+/* AES-192 no df PR */ -+__fips_constseg static const unsigned char aes_192_no_df_pr_entropyinput[] = { -+ 0x9d, 0x2c, 0xd2, 0x55, 0x66, 0xea, 0xe0, 0xbe, 0x18, 0xb7, 0x76, 0xe7, -+ 0x73, 0x35, 0xd8, 0x1f, 0xad, 0x3a, 0xe3, 0x81, 0x0e, 0x92, 0xd0, 0x61, -+ 0xc9, 0x12, 0x26, 0xf6, 0x1c, 0xdf, 0xfe, 0x47, 0xaa, 0xfe, 0x7d, 0x5a, -+ 0x17, 0x1f, 0x8d, 0x9a -+}; -+ -+__fips_constseg static const unsigned char aes_192_no_df_pr_nonce[] = { -+ 0x44, 0x82, 0xed, 0xe8, 0x4c, 0x28, 0x5a, 0x14, 0xff, 0x88, 0x8d, 0x19, -+ 0x61, 0x5c, 0xee, 0x0f -+}; -+ -+__fips_constseg -+ static const unsigned char aes_192_no_df_pr_personalizationstring[] = { -+ 0x47, 0xd7, 0x9b, 0x99, 0xaa, 0xcb, 0xe7, 0xd2, 0x57, 0x66, 0x2c, 0xe1, -+ 0x78, 0xd6, 0x2c, 0xea, 0xa3, 0x23, 0x5f, 0x2a, 0xc1, 0x3a, 0xf0, 0xa4, -+ 0x20, 0x3b, 0xfa, 0x07, 0xd5, 0x05, 0x02, 0xe4, 0x57, 0x01, 0xb6, 0x10, -+ 0x57, 0x2e, 0xe7, 0x55 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_192_no_df_pr_additionalinput[] = { -+ 0x4b, 0x74, 0x0b, 0x40, 0xce, 0x6b, 0xc2, 0x6a, 0x24, 0xb4, 0xf3, 0xad, -+ 0x7a, 0xa5, 0x7a, 0xa2, 0x15, 0xe2, 0xc8, 0x61, 0x15, 0xc6, 0xb7, 0x85, -+ 0x69, 0x11, 0xad, 0x7b, 0x14, 0xd2, 0xf6, 0x12, 0xa1, 0x95, 0x5d, 0x3f, -+ 0xe2, 0xd0, 0x0c, 0x2f -+}; -+ -+__fips_constseg static const unsigned char aes_192_no_df_pr_entropyinputpr[] = { -+ 0x0c, 0x9c, 0xad, 0x05, 0xee, 0xae, 0x48, 0x23, 0x89, 0x59, 0xa1, 0x94, -+ 0xd7, 0xd8, 0x75, 0xd5, 0x54, 0x93, 0xc7, 0x4a, 0xd9, 0x26, 0xde, 0xeb, -+ 0xba, 0xb0, 0x7e, 0x30, 0x1d, 0x5f, 0x69, 0x40, 0x9c, 0x3b, 0x17, 0x58, -+ 0x1d, 0x30, 0xb3, 0x78 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_192_no_df_pr_int_returnedbits[] = { -+ 0xf7, 0x93, 0xb0, 0x6d, 0x77, 0x83, 0xd5, 0x38, 0x01, 0xe1, 0x52, 0x40, -+ 0x7e, 0x3e, 0x0c, 0x26 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_192_no_df_pr_additionalinput2[] = { -+ 0xbc, 0x4b, 0x37, 0x44, 0x1c, 0xc5, 0x45, 0x5f, 0x8f, 0x51, 0x62, 0x8a, -+ 0x85, 0x30, 0x1d, 0x7c, 0xe4, 0xcf, 0xf7, 0x44, 0xce, 0x32, 0x3e, 0x57, -+ 0x95, 0xa4, 0x2a, 0xdf, 0xfd, 0x9e, 0x38, 0x41, 0xb3, 0xf6, 0xc5, 0xee, -+ 0x0c, 0x4b, 0xee, 0x6e -+}; -+ -+__fips_constseg -+ static const unsigned char aes_192_no_df_pr_entropyinputpr2[] = { -+ 0xec, 0xaf, 0xf6, 0x4f, 0xb1, 0xa0, 0x54, 0xb5, 0x5b, 0xe3, 0x46, 0xb0, -+ 0x76, 0x5a, 0x7c, 0x3f, 0x7b, 0x94, 0x69, 0x21, 0x51, 0x02, 0xe5, 0x9f, -+ 0x04, 0x59, 0x02, 0x98, 0xc6, 0x43, 0x2c, 0xcc, 0x26, 0x4c, 0x87, 0x6b, -+ 0x8e, 0x0a, 0x83, 0xdf -+}; -+ -+__fips_constseg static const unsigned char aes_192_no_df_pr_returnedbits[] = { -+ 0x74, 0x45, 0xfb, 0x53, 0x84, 0x96, 0xbe, 0xff, 0x15, 0xcc, 0x41, 0x91, -+ 0xb9, 0xa1, 0x21, 0x68 -+}; -+ -+/* AES-192 no df No PR */ -+__fips_constseg static const unsigned char aes_192_no_df_entropyinput[] = { -+ 0x3c, 0x7d, 0xb5, 0xe0, 0x54, 0xd9, 0x6e, 0x8c, 0xa9, 0x86, 0xce, 0x4e, -+ 0x6b, 0xaf, 0xeb, 0x2f, 0xe7, 0x75, 0xe0, 0x8b, 0xa4, 0x3b, 0x07, 0xfe, -+ 0xbe, 0x33, 0x75, 0x93, 0x80, 0x27, 0xb5, 0x29, 0x47, 0x8b, 0xc7, 0x28, -+ 0x94, 0xc3, 0x59, 0x63 -+}; -+ -+__fips_constseg static const unsigned char aes_192_no_df_nonce[] = { -+ 0x43, 0xf1, 0x7d, 0xb8, 0xc3, 0xfe, 0xd0, 0x23, 0x6b, 0xb4, 0x92, 0xdb, -+ 0x29, 0xfd, 0x45, 0x71 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_192_no_df_personalizationstring[] = { -+ 0x9f, 0x24, 0x29, 0x99, 0x9e, 0x01, 0xab, 0xe9, 0x19, 0xd8, 0x23, 0x08, -+ 0xb7, 0xd6, 0x7e, 0x8c, 0xc0, 0x9e, 0x7f, 0x6e, 0x5b, 0x33, 0x20, 0x96, -+ 0x0b, 0x23, 0x2c, 0xa5, 0x6a, 0xf8, 0x1b, 0x04, 0x26, 0xdb, 0x2e, 0x2b, -+ 0x3b, 0x88, 0xce, 0x35 -+}; -+ -+__fips_constseg static const unsigned char aes_192_no_df_additionalinput[] = { -+ 0x94, 0xe9, 0x7c, 0x3d, 0xa7, 0xdb, 0x60, 0x83, 0x1f, 0x98, 0x3f, 0x0b, -+ 0x88, 0x59, 0x57, 0x51, 0x88, 0x9f, 0x76, 0x49, 0x9f, 0xa6, 0xda, 0x71, -+ 0x1d, 0x0d, 0x47, 0x16, 0x63, 0xc5, 0x68, 0xe4, 0x5d, 0x39, 0x69, 0xb3, -+ 0x3e, 0xbe, 0xd4, 0x8e -+}; -+ -+__fips_constseg static const unsigned char aes_192_no_df_int_returnedbits[] = { -+ 0xf9, 0xd7, 0xad, 0x69, 0xab, 0x8f, 0x23, 0x56, 0x70, 0x17, 0x4f, 0x2a, -+ 0x45, 0xe7, 0x4a, 0xc5 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_192_no_df_entropyinputreseed[] = { -+ 0xa6, 0x71, 0x6a, 0x3d, 0xba, 0xd1, 0xe8, 0x66, 0xa6, 0xef, 0xb2, 0x0e, -+ 0xa8, 0x9c, 0xaa, 0x4e, 0xaf, 0x17, 0x89, 0x50, 0x00, 0xda, 0xa1, 0xb1, -+ 0x0b, 0xa4, 0xd9, 0x35, 0x89, 0xc8, 0xe5, 0xb0, 0xd9, 0xb7, 0xc4, 0x33, -+ 0x9b, 0xcb, 0x7e, 0x75 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_192_no_df_additionalinputreseed[] = { -+ 0x27, 0x21, 0xfc, 0xc2, 0xbd, 0xf3, 0x3c, 0xce, 0xc3, 0xca, 0xc1, 0x01, -+ 0xe0, 0xff, 0x93, 0x12, 0x7d, 0x54, 0x42, 0xe3, 0x9f, 0x03, 0xdf, 0x27, -+ 0x04, 0x07, 0x3c, 0x53, 0x7f, 0xa8, 0x66, 0xc8, 0x97, 0x4b, 0x61, 0x40, -+ 0x5d, 0x7a, 0x25, 0x79 -+}; -+ -+__fips_constseg static const unsigned char aes_192_no_df_additionalinput2[] = { -+ 0x2d, 0x8e, 0x16, 0x5d, 0x0b, 0x9f, 0xeb, 0xaa, 0xd6, 0xec, 0x28, 0x71, -+ 0x7c, 0x0b, 0xc1, 0x1d, 0xd4, 0x44, 0x19, 0x47, 0xfd, 0x1d, 0x7c, 0xe5, -+ 0xf3, 0x27, 0xe1, 0xb6, 0x72, 0x0a, 0xe0, 0xec, 0x0e, 0xcd, 0xef, 0x1a, -+ 0x91, 0x6a, 0xe3, 0x5f -+}; -+ -+__fips_constseg static const unsigned char aes_192_no_df_returnedbits[] = { -+ 0xe5, 0xda, 0xb8, 0xe0, 0x63, 0x59, 0x5a, 0xcc, 0x3d, 0xdc, 0x9f, 0xe8, -+ 0x66, 0x67, 0x2c, 0x92 -+}; -+ -+/* AES-256 no df PR */ -+__fips_constseg static const unsigned char aes_256_no_df_pr_entropyinput[] = { -+ 0x15, 0xc7, 0x5d, 0xcb, 0x41, 0x4b, 0x16, 0x01, 0x3a, 0xd1, 0x44, 0xe8, -+ 0x22, 0x32, 0xc6, 0x9c, 0x3f, 0xe7, 0x43, 0xf5, 0x9a, 0xd3, 0xea, 0xf2, -+ 0xd7, 0x4e, 0x6e, 0x6a, 0x55, 0x73, 0x40, 0xef, 0x89, 0xad, 0x0d, 0x03, -+ 0x96, 0x7e, 0x78, 0x81, 0x2f, 0x91, 0x1b, 0x44, 0xb0, 0x02, 0xba, 0x1c -+}; -+ -+__fips_constseg static const unsigned char aes_256_no_df_pr_nonce[] = { -+ 0xdc, 0xe4, 0xd4, 0x27, 0x7a, 0x90, 0xd7, 0x99, 0x43, 0xa1, 0x3c, 0x30, -+ 0xcc, 0x4b, 0xee, 0x2e -+}; -+ -+__fips_constseg -+ static const unsigned char aes_256_no_df_pr_personalizationstring[] = { -+ 0xe3, 0xe6, 0xb9, 0x11, 0xe4, 0x7a, 0xa4, 0x40, 0x6b, 0xf8, 0x73, 0xf7, -+ 0x7e, 0xec, 0xc7, 0xb9, 0x97, 0xbf, 0xf8, 0x25, 0x7b, 0xbe, 0x11, 0x9b, -+ 0x5b, 0x6a, 0x0c, 0x2e, 0x2b, 0x01, 0x51, 0xcd, 0x41, 0x4b, 0x6b, 0xac, -+ 0x31, 0xa8, 0x0b, 0xf7, 0xe6, 0x59, 0x42, 0xb8, 0x03, 0x0c, 0xf8, 0x06 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_256_no_df_pr_additionalinput[] = { -+ 0x6a, 0x9f, 0x00, 0x91, 0xae, 0xfe, 0xcf, 0x84, 0x99, 0xce, 0xb1, 0x40, -+ 0x6d, 0x5d, 0x33, 0x28, 0x84, 0xf4, 0x8c, 0x63, 0x4c, 0x7e, 0xbd, 0x2c, -+ 0x80, 0x76, 0xee, 0x5a, 0xaa, 0x15, 0x07, 0x31, 0xd8, 0xbb, 0x8c, 0x69, -+ 0x9d, 0x9d, 0xbc, 0x7e, 0x49, 0xae, 0xec, 0x39, 0x6b, 0xd1, 0x1f, 0x7e -+}; -+ -+__fips_constseg static const unsigned char aes_256_no_df_pr_entropyinputpr[] = { -+ 0xf3, 0xb9, 0x75, 0x9c, 0xbd, 0x88, 0xea, 0xa2, 0x50, 0xad, 0xd6, 0x16, -+ 0x1a, 0x12, 0x3c, 0x86, 0x68, 0xaf, 0x6f, 0xbe, 0x19, 0xf2, 0xee, 0xcc, -+ 0xa5, 0x70, 0x84, 0x53, 0x50, 0xcb, 0x9f, 0x14, 0xa9, 0xe5, 0xee, 0xb9, -+ 0x48, 0x45, 0x40, 0xe2, 0xc7, 0xc9, 0x9a, 0x74, 0xff, 0x8c, 0x99, 0x1f -+}; -+ -+__fips_constseg -+ static const unsigned char aes_256_no_df_pr_int_returnedbits[] = { -+ 0x2e, 0xf2, 0x45, 0x4c, 0x62, 0x2e, 0x0a, 0xb9, 0x6b, 0xa2, 0xfd, 0x56, -+ 0x79, 0x60, 0x93, 0xcf -+}; -+ -+__fips_constseg -+ static const unsigned char aes_256_no_df_pr_additionalinput2[] = { -+ 0xaf, 0x69, 0x20, 0xe9, 0x3b, 0x37, 0x9d, 0x3f, 0xb4, 0x80, 0x02, 0x7a, -+ 0x25, 0x7d, 0xb8, 0xde, 0x71, 0xc5, 0x06, 0x0c, 0xb4, 0xe2, 0x8f, 0x35, -+ 0xd8, 0x14, 0x0d, 0x7f, 0x76, 0x63, 0x4e, 0xb5, 0xee, 0xe9, 0x6f, 0x34, -+ 0xc7, 0x5f, 0x56, 0x14, 0x4a, 0xe8, 0x73, 0x95, 0x5b, 0x1c, 0xb9, 0xcb -+}; -+ -+__fips_constseg -+ static const unsigned char aes_256_no_df_pr_entropyinputpr2[] = { -+ 0xe5, 0xb0, 0x2e, 0x7e, 0x52, 0x30, 0xe3, 0x63, 0x82, 0xb6, 0x44, 0xd3, -+ 0x25, 0x19, 0x05, 0x24, 0x9a, 0x9f, 0x5f, 0x27, 0x6a, 0x29, 0xab, 0xfa, -+ 0x07, 0xa2, 0x42, 0x0f, 0xc5, 0xa8, 0x94, 0x7c, 0x17, 0x7b, 0x85, 0x83, -+ 0x0c, 0x25, 0x0e, 0x63, 0x0b, 0xe9, 0x12, 0x60, 0xcd, 0xef, 0x80, 0x0f -+}; -+ -+__fips_constseg static const unsigned char aes_256_no_df_pr_returnedbits[] = { -+ 0x5e, 0xf2, 0x26, 0xef, 0x9f, 0x58, 0x5d, 0xd5, 0x4a, 0x10, 0xfe, 0xa7, -+ 0x2d, 0x5f, 0x4a, 0x46 -+}; -+ -+/* AES-256 no df No PR */ -+__fips_constseg static const unsigned char aes_256_no_df_entropyinput[] = { -+ 0xfb, 0xcf, 0x1b, 0x61, 0x16, 0x89, 0x78, 0x23, 0xf5, 0xd8, 0x96, 0xe3, -+ 0x4e, 0x64, 0x0b, 0x29, 0x9a, 0x3f, 0xf8, 0xa5, 0xed, 0xf2, 0xfe, 0xdb, -+ 0x16, 0xca, 0x7f, 0x10, 0xfa, 0x5e, 0x18, 0x76, 0x2c, 0x63, 0x5e, 0x96, -+ 0xcf, 0xb3, 0xd6, 0xfc, 0xaf, 0x99, 0x39, 0x28, 0x9c, 0x61, 0xe8, 0xb3 -+}; -+ -+__fips_constseg static const unsigned char aes_256_no_df_nonce[] = { -+ 0x12, 0x96, 0xf0, 0x52, 0xf3, 0x8d, 0x81, 0xcf, 0xde, 0x86, 0xf2, 0x99, -+ 0x43, 0x96, 0xb9, 0xf0 -+}; -+ -+__fips_constseg -+ static const unsigned char aes_256_no_df_personalizationstring[] = { -+ 0x63, 0x0d, 0x78, 0xf5, 0x90, 0x8e, 0x32, 0x47, 0xb0, 0x4d, 0x37, 0x60, -+ 0x09, 0x96, 0xbc, 0xbf, 0x97, 0x7a, 0x62, 0x14, 0x45, 0xbd, 0x8d, 0xcc, -+ 0x69, 0xfb, 0x03, 0xe1, 0x80, 0x1c, 0xc7, 0xe2, 0x2a, 0xf9, 0x37, 0x3f, -+ 0x66, 0x4d, 0x62, 0xd9, 0x10, 0xe0, 0xad, 0xc8, 0x9a, 0xf0, 0xa8, 0x6d -+}; -+ -+__fips_constseg static const unsigned char aes_256_no_df_additionalinput[] = { -+ 0x36, 0xc6, 0x13, 0x60, 0xbb, 0x14, 0xad, 0x22, 0xb0, 0x38, 0xac, 0xa6, -+ 0x18, 0x16, 0x93, 0x25, 0x86, 0xb7, 0xdc, 0xdc, 0x36, 0x98, 0x2b, 0xf9, -+ 0x68, 0x33, 0xd3, 0xc6, 0xff, 0xce, 0x8d, 0x15, 0x59, 0x82, 0x76, 0xed, -+ 0x6f, 0x8d, 0x49, 0x74, 0x2f, 0xda, 0xdc, 0x1f, 0x17, 0xd0, 0xde, 0x17 -+}; -+ -+__fips_constseg static const unsigned char aes_256_no_df_int_returnedbits[] = { -+ 0x16, 0x2f, 0x8e, 0x3f, 0x21, 0x7a, 0x1c, 0x20, 0x56, 0xd1, 0x92, 0xf6, -+ 0xd2, 0x25, 0x75, 0x0e -+}; -+ -+__fips_constseg -+ static const unsigned char aes_256_no_df_entropyinputreseed[] = { -+ 0x91, 0x79, 0x76, 0xee, 0xe0, 0xcf, 0x9e, 0xc2, 0xd5, 0xd4, 0x23, 0x9b, -+ 0x12, 0x8c, 0x7e, 0x0a, 0xb7, 0xd2, 0x8b, 0xd6, 0x7c, 0xa3, 0xc6, 0xe5, -+ 0x0e, 0xaa, 0xc7, 0x6b, 0xae, 0x0d, 0xfa, 0x53, 0x06, 0x79, 0xa1, 0xed, -+ 0x4d, 0x6a, 0x0e, 0xd8, 0x9d, 0xbe, 0x1b, 0x31, 0x93, 0x7b, 0xec, 0xfb -+}; -+ -+__fips_constseg -+ static const unsigned char aes_256_no_df_additionalinputreseed[] = { -+ 0xd2, 0x46, 0x50, 0x22, 0x10, 0x14, 0x63, 0xf7, 0xea, 0x0f, 0xb9, 0x7e, -+ 0x0d, 0xe1, 0x94, 0x07, 0xaf, 0x09, 0x44, 0x31, 0xea, 0x64, 0xa4, 0x18, -+ 0x5b, 0xf9, 0xd8, 0xc2, 0xfa, 0x03, 0x47, 0xc5, 0x39, 0x43, 0xd5, 0x3b, -+ 0x62, 0x86, 0x64, 0xea, 0x2c, 0x73, 0x8c, 0xae, 0x9d, 0x98, 0x98, 0x29 -+}; -+ -+__fips_constseg static const unsigned char aes_256_no_df_additionalinput2[] = { -+ 0x8c, 0xab, 0x18, 0xf8, 0xc3, 0xec, 0x18, 0x5c, 0xb3, 0x1e, 0x9d, 0xbe, -+ 0x3f, 0x03, 0xb4, 0x00, 0x98, 0x9d, 0xae, 0xeb, 0xf4, 0x94, 0xf8, 0x42, -+ 0x8f, 0xe3, 0x39, 0x07, 0xe1, 0xc9, 0xad, 0x0b, 0x1f, 0xed, 0xc0, 0xba, -+ 0xf6, 0xd1, 0xec, 0x27, 0x86, 0x7b, 0xd6, 0x55, 0x9b, 0x60, 0xa5, 0xc6 -+}; -+ -+__fips_constseg static const unsigned char aes_256_no_df_returnedbits[] = { -+ 0xef, 0xd2, 0xd8, 0x5c, 0xdc, 0x62, 0x25, 0x9f, 0xaa, 0x1e, 0x2c, 0x67, -+ 0xf6, 0x02, 0x32, 0xe2 -+}; -+ -+/* SHA-1 PR */ -+__fips_constseg static const unsigned char sha1_pr_entropyinput[] = { -+ 0xd2, 0x36, 0xa5, 0x27, 0x31, 0x73, 0xdd, 0x11, 0x4f, 0x93, 0xbd, 0xe2, -+ 0x31, 0xa5, 0x91, 0x13 -+}; -+ -+__fips_constseg static const unsigned char sha1_pr_nonce[] = { -+ 0xb5, 0xb3, 0x60, 0xef, 0xf7, 0x63, 0x31, 0xf3 -+}; -+ -+__fips_constseg static const unsigned char sha1_pr_personalizationstring[] = { -+ 0xd4, 0xbb, 0x02, 0x10, 0xb2, 0x71, 0xdb, 0x81, 0xd6, 0xf0, 0x42, 0x60, -+ 0xda, 0xea, 0x77, 0x52 -+}; -+ -+__fips_constseg static const unsigned char sha1_pr_additionalinput[] = { -+ 0x4d, 0xd2, 0x6c, 0x87, 0xfb, 0x2c, 0x4f, 0xa6, 0x8d, 0x16, 0x63, 0x22, -+ 0x6a, 0x51, 0xe3, 0xf8 -+}; -+ -+__fips_constseg static const unsigned char sha1_pr_entropyinputpr[] = { -+ 0xc9, 0x83, 0x9e, 0x16, 0xf6, 0x1c, 0x0f, 0xb2, 0xec, 0x60, 0x31, 0xa9, -+ 0xcb, 0xa9, 0x36, 0x7a -+}; -+ -+__fips_constseg static const unsigned char sha1_pr_int_returnedbits[] = { -+ 0xa8, 0x13, 0x4f, 0xf4, 0x31, 0x02, 0x44, 0xe3, 0xd3, 0x3d, 0x61, 0x9e, -+ 0xe5, 0xc6, 0x3e, 0x89, 0xb5, 0x9b, 0x0f, 0x35 -+}; -+ -+__fips_constseg static const unsigned char sha1_pr_additionalinput2[] = { -+ 0xf9, 0xe8, 0xd2, 0x72, 0x13, 0x34, 0x95, 0x6f, 0x15, 0x49, 0x47, 0x99, -+ 0x16, 0x03, 0x19, 0x47 -+}; -+ -+__fips_constseg static const unsigned char sha1_pr_entropyinputpr2[] = { -+ 0x4e, 0x8c, 0x49, 0x9b, 0x4a, 0x5c, 0x9b, 0x9c, 0x3a, 0xee, 0xfb, 0xd2, -+ 0xae, 0xcd, 0x8c, 0xc4 -+}; -+ -+__fips_constseg static const unsigned char sha1_pr_returnedbits[] = { -+ 0x50, 0xb4, 0xb4, 0xcd, 0x68, 0x57, 0xfc, 0x2e, 0xc1, 0x52, 0xcc, 0xf6, -+ 0x68, 0xa4, 0x81, 0xed, 0x7e, 0xe4, 0x1d, 0x87 -+}; -+ -+/* SHA-1 No PR */ -+__fips_constseg static const unsigned char sha1_entropyinput[] = { -+ 0xa9, 0x47, 0x1b, 0x29, 0x2d, 0x1c, 0x05, 0xdf, 0x76, 0xd0, 0x62, 0xf9, -+ 0xe2, 0x7f, 0x4c, 0x7b -+}; -+ -+__fips_constseg static const unsigned char sha1_nonce[] = { -+ 0x53, 0x23, 0x24, 0xe3, 0xec, 0x0c, 0x54, 0x14 -+}; -+ -+__fips_constseg static const unsigned char sha1_personalizationstring[] = { -+ 0x7a, 0x87, 0xa1, 0xac, 0x1c, 0xfd, 0xab, 0xae, 0xf7, 0xd6, 0xfb, 0x76, -+ 0x28, 0xec, 0x6d, 0xca -+}; -+ -+__fips_constseg static const unsigned char sha1_additionalinput[] = { -+ 0xfc, 0x92, 0x35, 0xd6, 0x7e, 0xb7, 0x24, 0x65, 0xfd, 0x12, 0x27, 0x35, -+ 0xc0, 0x72, 0xca, 0x28 -+}; -+ -+__fips_constseg static const unsigned char sha1_int_returnedbits[] = { -+ 0x57, 0x88, 0x82, 0xe5, 0x25, 0xa5, 0x2c, 0x4a, 0x06, 0x20, 0x6c, 0x72, -+ 0x55, 0x61, 0xdd, 0x90, 0x71, 0x9f, 0x95, 0xea -+}; -+ -+__fips_constseg static const unsigned char sha1_entropyinputreseed[] = { -+ 0x69, 0xa5, 0x40, 0x62, 0x98, 0x47, 0x56, 0x73, 0x4a, 0x8f, 0x60, 0x96, -+ 0xd6, 0x99, 0x27, 0xed -+}; -+ -+__fips_constseg static const unsigned char sha1_additionalinputreseed[] = { -+ 0xe5, 0x40, 0x4e, 0xbd, 0x50, 0x00, 0xf5, 0x15, 0xa6, 0xee, 0x45, 0xda, -+ 0x84, 0x3d, 0xd4, 0xc0 -+}; -+ -+__fips_constseg static const unsigned char sha1_additionalinput2[] = { -+ 0x11, 0x51, 0x14, 0xf0, 0x09, 0x1b, 0x4e, 0x56, 0x0d, 0xe9, 0xf6, 0x1e, -+ 0x52, 0x65, 0xcd, 0x96 -+}; -+ -+__fips_constseg static const unsigned char sha1_returnedbits[] = { -+ 0xa1, 0x9c, 0x94, 0x6e, 0x29, 0xe1, 0x33, 0x0d, 0x32, 0xd6, 0xaa, 0xce, -+ 0x71, 0x3f, 0x52, 0x72, 0x8b, 0x42, 0xa8, 0xd7 -+}; -+ -+/* SHA-224 PR */ -+__fips_constseg static const unsigned char sha224_pr_entropyinput[] = { -+ 0x12, 0x69, 0x32, 0x4f, 0x83, 0xa6, 0xf5, 0x14, 0xe3, 0x49, 0x3e, 0x75, -+ 0x3e, 0xde, 0xad, 0xa1, 0x29, 0xc3, 0xf3, 0x19, 0x20, 0xb5, 0x4c, 0xd9 -+}; -+ -+__fips_constseg static const unsigned char sha224_pr_nonce[] = { -+ 0x6a, 0x78, 0xd0, 0xeb, 0xbb, 0x5a, 0xf0, 0xee, 0xe8, 0xc3, 0xba, 0x71 -+}; -+ -+__fips_constseg static const unsigned char sha224_pr_personalizationstring[] = { -+ 0xd5, 0xb8, 0xb6, 0xbc, 0xc1, 0x5b, 0x60, 0x31, 0x3c, 0xf5, 0xe5, 0xc0, -+ 0x8e, 0x52, 0x7a, 0xbd, 0xea, 0x47, 0xa9, 0x5f, 0x8f, 0xf9, 0x8b, 0xae -+}; -+ -+__fips_constseg static const unsigned char sha224_pr_additionalinput[] = { -+ 0x1f, 0x55, 0xec, 0xae, 0x16, 0x12, 0x84, 0xba, 0x84, 0x16, 0x19, 0x88, -+ 0x8e, 0xb8, 0x33, 0x25, 0x54, 0xff, 0xca, 0x79, 0xaf, 0x07, 0x25, 0x50 -+}; -+ -+__fips_constseg static const unsigned char sha224_pr_entropyinputpr[] = { -+ 0x92, 0xa3, 0x32, 0xa8, 0x9a, 0x0a, 0x58, 0x7c, 0x1d, 0x5a, 0x7e, 0xe1, -+ 0xb2, 0x73, 0xab, 0x0e, 0x16, 0x79, 0x23, 0xd3, 0x29, 0x89, 0x81, 0xe1 -+}; -+ -+__fips_constseg static const unsigned char sha224_pr_int_returnedbits[] = { -+ 0xf3, 0x38, 0x91, 0x40, 0x37, 0x7a, 0x51, 0x72, 0x42, 0x74, 0x78, 0x0a, -+ 0x69, 0xfd, 0xa6, 0x44, 0x43, 0x45, 0x6c, 0x0c, 0x5a, 0x19, 0xff, 0xf1, -+ 0x54, 0x60, 0xee, 0x6a -+}; -+ -+__fips_constseg static const unsigned char sha224_pr_additionalinput2[] = { -+ 0x75, 0xf3, 0x04, 0x25, 0xdd, 0x36, 0xa8, 0x37, 0x46, 0xae, 0x0c, 0x52, -+ 0x05, 0x79, 0x4c, 0x26, 0xdb, 0xe9, 0x71, 0x16, 0x4c, 0x0a, 0xf2, 0x60 -+}; -+ -+__fips_constseg static const unsigned char sha224_pr_entropyinputpr2[] = { -+ 0xea, 0xc5, 0x03, 0x0a, 0x4f, 0xb0, 0x38, 0x8d, 0x23, 0xd4, 0xc8, 0x77, -+ 0xe2, 0x6d, 0x9c, 0x0b, 0x44, 0xf7, 0x2d, 0x5b, 0xbf, 0x5d, 0x2a, 0x11 -+}; -+ -+__fips_constseg static const unsigned char sha224_pr_returnedbits[] = { -+ 0x60, 0x50, 0x2b, 0xe7, 0x86, 0xd8, 0x26, 0x73, 0xe3, 0x1d, 0x95, 0x20, -+ 0xb3, 0x2c, 0x32, 0x1c, 0xf5, 0xce, 0x57, 0xa6, 0x67, 0x2b, 0xdc, 0x4e, -+ 0xdd, 0x11, 0x4c, 0xc4 -+}; -+ -+/* SHA-224 No PR */ -+__fips_constseg static const unsigned char sha224_entropyinput[] = { -+ 0xb2, 0x1c, 0x77, 0x4d, 0xf6, 0xd3, 0xb6, 0x40, 0xb7, 0x30, 0x3e, 0x29, -+ 0xb0, 0x85, 0x1c, 0xbe, 0x4a, 0xea, 0x6b, 0x5a, 0xb5, 0x8a, 0x97, 0xeb -+}; -+ -+__fips_constseg static const unsigned char sha224_nonce[] = { -+ 0x42, 0x02, 0x0a, 0x1c, 0x98, 0x9a, 0x77, 0x9e, 0x9f, 0x80, 0xba, 0xe0 -+}; -+ -+__fips_constseg static const unsigned char sha224_personalizationstring[] = { -+ 0x98, 0xb8, 0x04, 0x41, 0xfc, 0xc1, 0x5d, 0xc5, 0xe9, 0xb9, 0x08, 0xda, -+ 0xf9, 0xfa, 0x0d, 0x90, 0xce, 0xdf, 0x1d, 0x10, 0xa9, 0x8d, 0x50, 0x0c -+}; -+ -+__fips_constseg static const unsigned char sha224_additionalinput[] = { -+ 0x9a, 0x8d, 0x39, 0x49, 0x42, 0xd5, 0x0b, 0xae, 0xe1, 0xaf, 0xb7, 0x00, -+ 0x02, 0xfa, 0x96, 0xb1, 0xa5, 0x1d, 0x2d, 0x25, 0x78, 0xee, 0x83, 0x3f -+}; -+ -+__fips_constseg static const unsigned char sha224_int_returnedbits[] = { -+ 0xe4, 0xf5, 0x53, 0x79, 0x5a, 0x97, 0x58, 0x06, 0x08, 0xba, 0x7b, 0xfa, -+ 0xf0, 0x83, 0x05, 0x8c, 0x22, 0xc0, 0xc9, 0xdb, 0x15, 0xe7, 0xde, 0x20, -+ 0x55, 0x22, 0x9a, 0xad -+}; -+ -+__fips_constseg static const unsigned char sha224_entropyinputreseed[] = { -+ 0x67, 0x09, 0x48, 0xaa, 0x07, 0x16, 0x99, 0x89, 0x7f, 0x6d, 0xa0, 0xe5, -+ 0x8f, 0xdf, 0xbc, 0xdb, 0xfe, 0xe5, 0x6c, 0x7a, 0x95, 0x4a, 0x66, 0x17 -+}; -+ -+__fips_constseg static const unsigned char sha224_additionalinputreseed[] = { -+ 0x0f, 0x4b, 0x1c, 0x6f, 0xb7, 0xe3, 0x47, 0xe5, 0x5d, 0x7d, 0x38, 0xd6, -+ 0x28, 0x9b, 0xeb, 0x55, 0x63, 0x09, 0x3e, 0x7c, 0x56, 0xea, 0xf8, 0x19 -+}; -+ -+__fips_constseg static const unsigned char sha224_additionalinput2[] = { -+ 0x2d, 0x26, 0x7c, 0x37, 0xe4, 0x7a, 0x28, 0x5e, 0x5a, 0x3c, 0xaf, 0x3d, -+ 0x5a, 0x8e, 0x55, 0xa2, 0x1a, 0x6e, 0xc0, 0xe5, 0xf6, 0x21, 0xd3, 0xf6 -+}; -+ -+__fips_constseg static const unsigned char sha224_returnedbits[] = { -+ 0x4d, 0x83, 0x35, 0xdf, 0x67, 0xa9, 0xfc, 0x17, 0xda, 0x70, 0xcc, 0x8b, -+ 0x7f, 0x77, 0xae, 0xa2, 0x5f, 0xb9, 0x7e, 0x74, 0x4c, 0x26, 0xc1, 0x7a, -+ 0x3b, 0xa7, 0x5c, 0x93 -+}; -+ -+/* SHA-256 PR */ -+__fips_constseg static const unsigned char sha256_pr_entropyinput[] = { -+ 0xce, 0x49, 0x00, 0x7a, 0x56, 0xe3, 0x67, 0x8f, 0xe1, 0xb6, 0xa7, 0xd4, -+ 0x4f, 0x08, 0x7a, 0x1b, 0x01, 0xf4, 0xfa, 0x6b, 0xef, 0xb7, 0xe5, 0xeb, -+ 0x07, 0x3d, 0x11, 0x0d, 0xc8, 0xea, 0x2b, 0xfe -+}; -+ -+__fips_constseg static const unsigned char sha256_pr_nonce[] = { -+ 0x73, 0x41, 0xc8, 0x92, 0x94, 0xe2, 0xc5, 0x5f, 0x93, 0xfd, 0x39, 0x5d, -+ 0x2b, 0x91, 0x4d, 0x38 -+}; -+ -+__fips_constseg static const unsigned char sha256_pr_personalizationstring[] = { -+ 0x50, 0x6d, 0x01, 0x01, 0x07, 0x5a, 0x80, 0x35, 0x7a, 0x56, 0x1a, 0x56, -+ 0x2f, 0x9a, 0x0b, 0x35, 0xb2, 0xb1, 0xc9, 0xe5, 0xca, 0x69, 0x61, 0x48, -+ 0xff, 0xfb, 0x0f, 0xd9, 0x4b, 0x79, 0x1d, 0xba -+}; -+ -+__fips_constseg static const unsigned char sha256_pr_additionalinput[] = { -+ 0x20, 0xb8, 0xdf, 0x44, 0x77, 0x5a, 0xb8, 0xd3, 0xbf, 0xf6, 0xcf, 0xac, -+ 0x5e, 0xa6, 0x96, 0x62, 0x73, 0x44, 0x40, 0x4a, 0x30, 0xfb, 0x38, 0xa5, -+ 0x7b, 0x0d, 0xe4, 0x0d, 0xc6, 0xe4, 0x9a, 0x1f -+}; -+ -+__fips_constseg static const unsigned char sha256_pr_entropyinputpr[] = { -+ 0x04, 0xc4, 0x65, 0xf4, 0xd3, 0xbf, 0x83, 0x4b, 0xab, 0xc8, 0x41, 0xa8, -+ 0xc2, 0xe0, 0x44, 0x63, 0x77, 0x4c, 0x6f, 0x6c, 0x49, 0x46, 0xff, 0x94, -+ 0x17, 0xea, 0xe6, 0x1a, 0x9d, 0x5e, 0x66, 0x78 -+}; -+ -+__fips_constseg static const unsigned char sha256_pr_int_returnedbits[] = { -+ 0x07, 0x4d, 0xac, 0x9b, 0x86, 0xca, 0x4a, 0xaa, 0x6e, 0x7a, 0x03, 0xa2, -+ 0x5d, 0x10, 0xea, 0x0b, 0xf9, 0x83, 0xcc, 0xd1, 0xfc, 0xe2, 0x07, 0xc7, -+ 0x06, 0x34, 0x60, 0x6f, 0x83, 0x94, 0x99, 0x76 -+}; -+ -+__fips_constseg static const unsigned char sha256_pr_additionalinput2[] = { -+ 0x89, 0x4e, 0x45, 0x8c, 0x11, 0xf9, 0xbc, 0x5b, 0xac, 0x74, 0x8b, 0x4b, -+ 0x5f, 0xf7, 0x19, 0xf3, 0xf5, 0x24, 0x54, 0x14, 0xd1, 0x15, 0xb1, 0x43, -+ 0x12, 0xa4, 0x5f, 0xd4, 0xec, 0xfc, 0xcd, 0x09 -+}; -+ -+__fips_constseg static const unsigned char sha256_pr_entropyinputpr2[] = { -+ 0x0e, 0xeb, 0x1f, 0xd7, 0xfc, 0xd1, 0x9d, 0xd4, 0x05, 0x36, 0x8b, 0xb2, -+ 0xfb, 0xe4, 0xf4, 0x51, 0x0c, 0x87, 0x9b, 0x02, 0x44, 0xd5, 0x92, 0x4d, -+ 0x44, 0xfe, 0x1a, 0x03, 0x43, 0x56, 0xbd, 0x86 -+}; -+ -+__fips_constseg static const unsigned char sha256_pr_returnedbits[] = { -+ 0x02, 0xaa, 0xb6, 0x1d, 0x7e, 0x2a, 0x40, 0x03, 0x69, 0x2d, 0x49, 0xa3, -+ 0x41, 0xe7, 0x44, 0x0b, 0xaf, 0x7b, 0x85, 0xe4, 0x5f, 0x53, 0x3b, 0x64, -+ 0xbc, 0x89, 0xc8, 0x82, 0xd4, 0x78, 0x37, 0xa2 -+}; -+ -+/* SHA-256 No PR */ -+__fips_constseg static const unsigned char sha256_entropyinput[] = { -+ 0x5b, 0x1b, 0xec, 0x4d, 0xa9, 0x38, 0x74, 0x5a, 0x34, 0x0b, 0x7b, 0xc5, -+ 0xe5, 0xd7, 0x66, 0x7c, 0xbc, 0x82, 0xb9, 0x0e, 0x2d, 0x1f, 0x92, 0xd7, -+ 0xc1, 0xbc, 0x67, 0x69, 0xec, 0x6b, 0x03, 0x3c -+}; -+ -+__fips_constseg static const unsigned char sha256_nonce[] = { -+ 0xa4, 0x0c, 0xd8, 0x9c, 0x61, 0xd8, 0xc3, 0x54, 0xfe, 0x53, 0xc9, 0xe5, -+ 0x5d, 0x6f, 0x6d, 0x35 -+}; -+ -+__fips_constseg static const unsigned char sha256_personalizationstring[] = { -+ 0x22, 0x5e, 0x62, 0x93, 0x42, 0x83, 0x78, 0x24, 0xd8, 0x40, 0x8c, 0xde, -+ 0x6f, 0xf9, 0xa4, 0x7a, 0xc5, 0xa7, 0x3b, 0x88, 0xa3, 0xee, 0x42, 0x20, -+ 0xfd, 0x61, 0x56, 0xc6, 0x4c, 0x13, 0x41, 0x9c -+}; -+ -+__fips_constseg static const unsigned char sha256_additionalinput[] = { -+ 0xbf, 0x74, 0x5b, 0xf6, 0xc5, 0x64, 0x5e, 0x99, 0x34, 0x8f, 0xbc, 0xa4, -+ 0xe2, 0xbd, 0xd8, 0x85, 0x26, 0x37, 0xea, 0xba, 0x4f, 0xf2, 0x9a, 0x9a, -+ 0x66, 0xfc, 0xdf, 0x63, 0x26, 0x26, 0x19, 0x87 -+}; -+ -+__fips_constseg static const unsigned char sha256_int_returnedbits[] = { -+ 0xb3, 0xc6, 0x07, 0x07, 0xd6, 0x75, 0xf6, 0x2b, 0xd6, 0x21, 0x96, 0xf1, -+ 0xae, 0xdb, 0x2b, 0xac, 0x25, 0x2a, 0xae, 0xae, 0x41, 0x72, 0x03, 0x5e, -+ 0xbf, 0xd3, 0x64, 0xbc, 0x59, 0xf9, 0xc0, 0x76 -+}; -+ -+__fips_constseg static const unsigned char sha256_entropyinputreseed[] = { -+ 0xbf, 0x20, 0x33, 0x56, 0x29, 0xa8, 0x37, 0x04, 0x1f, 0x78, 0x34, 0x3d, -+ 0x81, 0x2a, 0xc9, 0x86, 0xc6, 0x7a, 0x2f, 0x88, 0x5e, 0xd5, 0xbe, 0x34, -+ 0x46, 0x20, 0xa4, 0x35, 0xeb, 0xc7, 0xe2, 0x9d -+}; -+ -+__fips_constseg static const unsigned char sha256_additionalinputreseed[] = { -+ 0x9b, 0xae, 0x2d, 0x2d, 0x61, 0xa4, 0x89, 0xeb, 0x43, 0x46, 0xa7, 0xda, -+ 0xef, 0x40, 0xca, 0x4a, 0x99, 0x11, 0x41, 0xdc, 0x5c, 0x94, 0xe9, 0xac, -+ 0xd4, 0xd0, 0xe6, 0xbd, 0xfb, 0x03, 0x9c, 0xa8 -+}; -+ -+__fips_constseg static const unsigned char sha256_additionalinput2[] = { -+ 0x23, 0xaa, 0x0c, 0xbd, 0x28, 0x33, 0xe2, 0x51, 0xfc, 0x71, 0xd2, 0x15, -+ 0x1f, 0x76, 0xfd, 0x0d, 0xe0, 0xb7, 0xb5, 0x84, 0x75, 0x5b, 0xbe, 0xf3, -+ 0x5c, 0xca, 0xc5, 0x30, 0xf2, 0x75, 0x1f, 0xda -+}; -+ -+__fips_constseg static const unsigned char sha256_returnedbits[] = { -+ 0x90, 0x3c, 0xc1, 0x10, 0x8c, 0x12, 0x01, 0xc6, 0xa6, 0x3a, 0x0f, 0x4d, -+ 0xb6, 0x3a, 0x4f, 0x41, 0x9c, 0x61, 0x75, 0x84, 0xe9, 0x74, 0x75, 0xfd, -+ 0xfe, 0xf2, 0x1f, 0x43, 0xd8, 0x5e, 0x24, 0xa3 -+}; -+ -+/* SHA-384 PR */ -+__fips_constseg static const unsigned char sha384_pr_entropyinput[] = { -+ 0x71, 0x9d, 0xb2, 0x5a, 0x71, 0x6d, 0x04, 0xe9, 0x1e, 0xc7, 0x92, 0x24, -+ 0x6e, 0x12, 0x33, 0xa9, 0x52, 0x64, 0x31, 0xef, 0x71, 0xeb, 0x22, 0x55, -+ 0x28, 0x97, 0x06, 0x6a, 0xc0, 0x0c, 0xa0, 0x7e -+}; -+ -+__fips_constseg static const unsigned char sha384_pr_nonce[] = { -+ 0xf5, 0x0d, 0xfa, 0xb0, 0xec, 0x6a, 0x7c, 0xd6, 0xbd, 0x9b, 0x05, 0xfd, -+ 0x38, 0x3e, 0x2e, 0x56 -+}; -+ -+__fips_constseg static const unsigned char sha384_pr_personalizationstring[] = { -+ 0x74, 0xac, 0x7e, 0x6d, 0xb1, 0xa4, 0xe7, 0x21, 0xd1, 0x1e, 0x6e, 0x96, -+ 0x6d, 0x4d, 0x53, 0x46, 0x82, 0x96, 0x6e, 0xcf, 0xaa, 0x81, 0x8d, 0x7d, -+ 0x9e, 0xe1, 0x0f, 0x15, 0xea, 0x41, 0xbf, 0xe3 -+}; -+ -+__fips_constseg static const unsigned char sha384_pr_additionalinput[] = { -+ 0xda, 0x95, 0xd4, 0xd0, 0xb8, 0x11, 0xd3, 0x49, 0x27, 0x5d, 0xa9, 0x39, -+ 0x68, 0xf3, 0xa8, 0xe9, 0x5d, 0x19, 0x8a, 0x2b, 0x66, 0xe8, 0x69, 0x06, -+ 0x7c, 0x9e, 0x03, 0xa1, 0x8b, 0x26, 0x2d, 0x6e -+}; -+ -+__fips_constseg static const unsigned char sha384_pr_entropyinputpr[] = { -+ 0x49, 0xdf, 0x44, 0x00, 0xe4, 0x1c, 0x75, 0x0b, 0x26, 0x5a, 0x59, 0x64, -+ 0x1f, 0x4e, 0xb1, 0xb2, 0x13, 0xf1, 0x22, 0x4e, 0xb4, 0x6d, 0x9a, 0xcc, -+ 0xa0, 0x48, 0xe6, 0xcf, 0x1d, 0xd1, 0x92, 0x0d -+}; -+ -+__fips_constseg static const unsigned char sha384_pr_int_returnedbits[] = { -+ 0xc8, 0x52, 0xae, 0xbf, 0x04, 0x3c, 0x27, 0xb7, 0x78, 0x18, 0xaa, 0x8f, -+ 0xff, 0xcf, 0xa4, 0xf1, 0xcc, 0xe7, 0x68, 0xfa, 0x22, 0xa2, 0x13, 0x45, -+ 0xe8, 0xdd, 0x87, 0xe6, 0xf2, 0x6e, 0xdd, 0xc7, 0x52, 0x90, 0x9f, 0x7b, -+ 0xfa, 0x61, 0x2d, 0x9d, 0x9e, 0xcf, 0x98, 0xac, 0x52, 0x40, 0xce, 0xaf -+}; -+ -+__fips_constseg static const unsigned char sha384_pr_additionalinput2[] = { -+ 0x61, 0x7c, 0x03, 0x9a, 0x3e, 0x50, 0x57, 0x60, 0xc5, 0x83, 0xc9, 0xb2, -+ 0xd1, 0x87, 0x85, 0x66, 0x92, 0x5d, 0x84, 0x0e, 0x53, 0xfb, 0x70, 0x03, -+ 0x72, 0xfd, 0xba, 0xae, 0x9c, 0x8f, 0xf8, 0x18 -+}; -+ -+__fips_constseg static const unsigned char sha384_pr_entropyinputpr2[] = { -+ 0xf8, 0xeb, 0x89, 0xb1, 0x8d, 0x78, 0xbe, 0x21, 0xe0, 0xbb, 0x9d, 0xb7, -+ 0x95, 0x0e, 0xd9, 0x46, 0x0c, 0x8c, 0xe2, 0x63, 0xb7, 0x9d, 0x67, 0x90, -+ 0xbd, 0xc7, 0x0b, 0xa5, 0xce, 0xb2, 0x65, 0x81 -+}; -+ -+__fips_constseg static const unsigned char sha384_pr_returnedbits[] = { -+ 0xe6, 0x9f, 0xfe, 0x68, 0xd6, 0xb5, 0x79, 0xf1, 0x06, 0x5f, 0xa3, 0xbb, -+ 0x23, 0x85, 0xd8, 0xf0, 0x29, 0x5a, 0x68, 0x9e, 0xf5, 0xf4, 0xa6, 0x12, -+ 0xe0, 0x9a, 0xe2, 0xac, 0x00, 0x1d, 0x98, 0x26, 0xfc, 0x53, 0x95, 0x53, -+ 0xe4, 0x3e, 0x17, 0xd5, 0x08, 0x0b, 0x70, 0x3d, 0x67, 0x99, 0xac, 0x66 -+}; -+ -+/* SHA-384 No PR */ -+__fips_constseg static const unsigned char sha384_entropyinput[] = { -+ 0x07, 0x15, 0x27, 0x2a, 0xaf, 0x74, 0x24, 0x37, 0xbc, 0xd5, 0x14, 0x69, -+ 0xce, 0x11, 0xff, 0xa2, 0x6b, 0xb8, 0x05, 0x67, 0x34, 0xf8, 0xbd, 0x6d, -+ 0x6a, 0xcc, 0xcd, 0x60, 0xa3, 0x68, 0xca, 0xf4 -+}; -+ -+__fips_constseg static const unsigned char sha384_nonce[] = { -+ 0x70, 0x17, 0xc2, 0x5b, 0x5d, 0x22, 0x0b, 0x06, 0x15, 0x54, 0x78, 0x77, -+ 0x44, 0xaf, 0x2f, 0x09 -+}; -+ -+__fips_constseg static const unsigned char sha384_personalizationstring[] = { -+ 0x89, 0x39, 0x28, 0xb0, 0x60, 0xeb, 0x3d, 0xdc, 0x55, 0x75, 0x86, 0xeb, -+ 0xae, 0xa2, 0x8f, 0xbc, 0x1b, 0x75, 0xd4, 0xe1, 0x0f, 0xaa, 0x38, 0xca, -+ 0x62, 0x8b, 0xcb, 0x2c, 0x26, 0xf6, 0xbc, 0xb1 -+}; -+ -+__fips_constseg static const unsigned char sha384_additionalinput[] = { -+ 0x30, 0x2b, 0x42, 0x35, 0xef, 0xda, 0x40, 0x55, 0x28, 0xc6, 0x95, 0xfb, -+ 0x54, 0x01, 0x62, 0xd7, 0x87, 0x14, 0x48, 0x6d, 0x90, 0x4c, 0xa9, 0x02, -+ 0x54, 0x40, 0x22, 0xc8, 0x66, 0xa5, 0x48, 0x48 -+}; -+ -+__fips_constseg static const unsigned char sha384_int_returnedbits[] = { -+ 0x82, 0xc4, 0xa1, 0x9c, 0x21, 0xd2, 0xe7, 0xa5, 0xa6, 0xf6, 0x5f, 0x04, -+ 0x5c, 0xc7, 0x31, 0x9d, 0x8d, 0x59, 0x74, 0x50, 0x19, 0x89, 0x2f, 0x63, -+ 0xd5, 0xb7, 0x7e, 0xeb, 0x15, 0xe3, 0x70, 0x83, 0xa1, 0x24, 0x59, 0xfa, -+ 0x2c, 0x56, 0xf6, 0x88, 0x3a, 0x92, 0x93, 0xa1, 0xfb, 0x79, 0xc1, 0x7a -+}; -+ -+__fips_constseg static const unsigned char sha384_entropyinputreseed[] = { -+ 0x39, 0xa6, 0xe8, 0x5c, 0x82, 0x17, 0x71, 0x26, 0x57, 0x4f, 0x9f, 0xc2, -+ 0x55, 0xff, 0x5c, 0x9b, 0x53, 0x1a, 0xd1, 0x5f, 0xbc, 0x62, 0xe4, 0x27, -+ 0x2d, 0x32, 0xf0, 0xe4, 0x52, 0x8c, 0xc5, 0x0c -+}; -+ -+__fips_constseg static const unsigned char sha384_additionalinputreseed[] = { -+ 0x8d, 0xcb, 0x8d, 0xce, 0x08, 0xea, 0x80, 0xe8, 0x9b, 0x61, 0xa8, 0x0f, -+ 0xaf, 0x49, 0x20, 0x9e, 0x74, 0xcb, 0x57, 0x80, 0x42, 0xb0, 0x84, 0x5e, -+ 0x30, 0x2a, 0x67, 0x08, 0xf4, 0xe3, 0x40, 0x22 -+}; -+ -+__fips_constseg static const unsigned char sha384_additionalinput2[] = { -+ 0x7c, 0x8f, 0xc2, 0xae, 0x22, 0x4a, 0xd6, 0xf6, 0x05, 0xa4, 0x7a, 0xea, -+ 0xbb, 0x25, 0xd0, 0xb7, 0x5a, 0xd6, 0xcf, 0x9d, 0xf3, 0x6c, 0xe2, 0xb2, -+ 0x4e, 0xb4, 0xbd, 0xf4, 0xe5, 0x40, 0x80, 0x94 -+}; -+ -+__fips_constseg static const unsigned char sha384_returnedbits[] = { -+ 0x9e, 0x7e, 0xfb, 0x59, 0xbb, 0xaa, 0x3c, 0xf7, 0xe1, 0xf8, 0x76, 0xdd, -+ 0x63, 0x5f, 0xaf, 0x23, 0xd6, 0x64, 0x61, 0xc0, 0x9a, 0x09, 0x47, 0xc9, -+ 0x33, 0xdf, 0x6d, 0x55, 0x91, 0x34, 0x79, 0x70, 0xc4, 0x99, 0x6e, 0x54, -+ 0x09, 0x64, 0x21, 0x1a, 0xbd, 0x1e, 0x80, 0x40, 0x34, 0xad, 0xfa, 0xd7 -+}; -+ -+/* SHA-512 PR */ -+__fips_constseg static const unsigned char sha512_pr_entropyinput[] = { -+ 0x13, 0xf7, 0x61, 0x75, 0x65, 0x28, 0xa2, 0x59, 0x13, 0x5a, 0x4a, 0x4f, -+ 0x56, 0x60, 0x8c, 0x53, 0x7d, 0xb0, 0xbd, 0x06, 0x4f, 0xed, 0xcc, 0xd2, -+ 0xa2, 0xb5, 0xfd, 0x5b, 0x3a, 0xab, 0xec, 0x28 -+}; -+ -+__fips_constseg static const unsigned char sha512_pr_nonce[] = { -+ 0xbe, 0xa3, 0x91, 0x93, 0x1d, 0xc3, 0x31, 0x3a, 0x23, 0x33, 0x50, 0x67, -+ 0x88, 0xc7, 0xa2, 0xc4 -+}; -+ -+__fips_constseg static const unsigned char sha512_pr_personalizationstring[] = { -+ 0x1f, 0x59, 0x4d, 0x7b, 0xe6, 0x46, 0x91, 0x48, 0xc1, 0x25, 0xfa, 0xff, -+ 0x89, 0x12, 0x77, 0x35, 0xdf, 0x3e, 0xf4, 0x80, 0x5f, 0xd9, 0xb0, 0x07, -+ 0x22, 0x41, 0xdd, 0x48, 0x78, 0x6b, 0x77, 0x2b -+}; -+ -+__fips_constseg static const unsigned char sha512_pr_additionalinput[] = { -+ 0x30, 0xff, 0x63, 0x6f, 0xac, 0xd9, 0x84, 0x39, 0x6f, 0xe4, 0x99, 0xce, -+ 0x91, 0x7d, 0x7e, 0xc8, 0x58, 0xf2, 0x12, 0xc3, 0xb6, 0xad, 0xda, 0x22, -+ 0x04, 0xa0, 0xd2, 0x21, 0xfe, 0xf2, 0x95, 0x1d -+}; -+ -+__fips_constseg static const unsigned char sha512_pr_entropyinputpr[] = { -+ 0x64, 0x54, 0x13, 0xec, 0x4f, 0x77, 0xda, 0xb2, 0x92, 0x2e, 0x52, 0x80, -+ 0x11, 0x10, 0xc2, 0xf8, 0xe6, 0xa7, 0xcd, 0x4b, 0xfc, 0x32, 0x2e, 0x9e, -+ 0xeb, 0xbb, 0xb1, 0xbf, 0x15, 0x5c, 0x73, 0x08 -+}; -+ -+__fips_constseg static const unsigned char sha512_pr_int_returnedbits[] = { -+ 0xef, 0x1e, 0xdc, 0x0a, 0xa4, 0x36, 0x91, 0x9c, 0x3d, 0x27, 0x97, 0x50, -+ 0x8d, 0x36, 0x29, 0x8d, 0xce, 0x6a, 0x0c, 0xf7, 0x21, 0xc0, 0x91, 0xae, -+ 0x0c, 0x96, 0x72, 0xbd, 0x52, 0x81, 0x58, 0xfc, 0x6d, 0xe5, 0xf7, 0xa5, -+ 0xfd, 0x5d, 0xa7, 0x58, 0x68, 0xc8, 0x99, 0x58, 0x8e, 0xc8, 0xce, 0x95, -+ 0x01, 0x7d, 0xff, 0xa4, 0xc8, 0xf7, 0x63, 0xfe, 0x5f, 0x69, 0x83, 0x53, -+ 0xe2, 0xc6, 0x8b, 0xc3 -+}; -+ -+__fips_constseg static const unsigned char sha512_pr_additionalinput2[] = { -+ 0xe6, 0x9b, 0xc4, 0x88, 0x34, 0xca, 0xea, 0x29, 0x2f, 0x98, 0x05, 0xa4, -+ 0xd3, 0xc0, 0x7b, 0x11, 0xe8, 0xbb, 0x75, 0xf2, 0xbd, 0x29, 0xb7, 0x40, -+ 0x25, 0x7f, 0xc1, 0xb7, 0xb1, 0xf1, 0x25, 0x61 -+}; -+ -+__fips_constseg static const unsigned char sha512_pr_entropyinputpr2[] = { -+ 0x23, 0x6d, 0xff, 0xde, 0xfb, 0xd1, 0xba, 0x33, 0x18, 0xe6, 0xbe, 0xb5, -+ 0x48, 0x77, 0x6d, 0x7f, 0xa7, 0xe1, 0x4d, 0x48, 0x1e, 0x3c, 0xa7, 0x34, -+ 0x1a, 0xc8, 0x60, 0xdb, 0x8f, 0x99, 0x15, 0x99 -+}; -+ -+__fips_constseg static const unsigned char sha512_pr_returnedbits[] = { -+ 0x70, 0x27, 0x31, 0xdb, 0x92, 0x70, 0x21, 0xfe, 0x16, 0xb6, 0xc8, 0x51, -+ 0x34, 0x87, 0x65, 0xd0, 0x4e, 0xfd, 0xfe, 0x68, 0xec, 0xac, 0xdc, 0x93, -+ 0x41, 0x38, 0x92, 0x90, 0xb4, 0x94, 0xf9, 0x0d, 0xa4, 0xf7, 0x4e, 0x80, -+ 0x92, 0x67, 0x48, 0x40, 0xa7, 0x08, 0xc7, 0xbc, 0x66, 0x00, 0xfd, 0xf7, -+ 0x4c, 0x8b, 0x17, 0x6e, 0xd1, 0x8f, 0x9b, 0xf3, 0x6f, 0xf6, 0x34, 0xdd, -+ 0x67, 0xf7, 0x68, 0xdd -+}; -+ -+/* SHA-512 No PR */ -+__fips_constseg static const unsigned char sha512_entropyinput[] = { -+ 0xb6, 0x0b, 0xb7, 0xbc, 0x84, 0x56, 0xf6, 0x12, 0xaf, 0x45, 0x67, 0x17, -+ 0x7c, 0xd1, 0xb2, 0x78, 0x2b, 0xa0, 0xf2, 0xbe, 0xb6, 0x6d, 0x8b, 0x56, -+ 0xc6, 0xbc, 0x4d, 0xe1, 0xf7, 0xbe, 0xce, 0xbd -+}; -+ -+__fips_constseg static const unsigned char sha512_nonce[] = { -+ 0x9d, 0xed, 0xc0, 0xe5, 0x5a, 0x98, 0x6a, 0xcb, 0x51, 0x7d, 0x76, 0x31, -+ 0x5a, 0x64, 0xf0, 0xf7 -+}; -+ -+__fips_constseg static const unsigned char sha512_personalizationstring[] = { -+ 0xc2, 0x6d, 0xa3, 0xc3, 0x06, 0x74, 0xe5, 0x01, 0x5c, 0x10, 0x17, 0xc7, -+ 0xaf, 0x83, 0x9d, 0x59, 0x8d, 0x2d, 0x29, 0x38, 0xc5, 0x59, 0x70, 0x8b, -+ 0x46, 0x48, 0x2d, 0xcf, 0x36, 0x7d, 0x59, 0xc0 -+}; -+ -+__fips_constseg static const unsigned char sha512_additionalinput[] = { -+ 0xec, 0x8c, 0xd4, 0xf7, 0x61, 0x6e, 0x0d, 0x95, 0x79, 0xb7, 0x28, 0xad, -+ 0x5f, 0x69, 0x74, 0x5f, 0x2d, 0x36, 0x06, 0x8a, 0x6b, 0xac, 0x54, 0x97, -+ 0xc4, 0xa1, 0x12, 0x85, 0x0a, 0xdf, 0x4b, 0x34 -+}; -+ -+__fips_constseg static const unsigned char sha512_int_returnedbits[] = { -+ 0x84, 0x2f, 0x1f, 0x68, 0x6a, 0xa3, 0xad, 0x1e, 0xfb, 0xf4, 0x15, 0xbd, -+ 0xde, 0x38, 0xd4, 0x30, 0x80, 0x51, 0xe9, 0xd3, 0xc7, 0x20, 0x88, 0xe9, -+ 0xf5, 0xcc, 0xdf, 0x57, 0x5c, 0x47, 0x2f, 0x57, 0x3c, 0x5f, 0x13, 0x56, -+ 0xcc, 0xc5, 0x4f, 0x84, 0xf8, 0x10, 0x41, 0xd5, 0x7e, 0x58, 0x6e, 0x19, -+ 0x19, 0x9e, 0xaf, 0xc2, 0x22, 0x58, 0x41, 0x50, 0x79, 0xc2, 0xd8, 0x04, -+ 0x28, 0xd4, 0x39, 0x9a -+}; -+ -+__fips_constseg static const unsigned char sha512_entropyinputreseed[] = { -+ 0xfa, 0x7f, 0x46, 0x51, 0x83, 0x62, 0x98, 0x16, 0x9a, 0x19, 0xa2, 0x49, -+ 0xa9, 0xe6, 0x4a, 0xd8, 0x85, 0xe7, 0xd4, 0x3b, 0x2c, 0x82, 0xc5, 0x82, -+ 0xbf, 0x11, 0xf9, 0x9e, 0xbc, 0xd0, 0x01, 0xee -+}; -+ -+__fips_constseg static const unsigned char sha512_additionalinputreseed[] = { -+ 0xb9, 0x12, 0xe0, 0x4f, 0xf7, 0xa7, 0xc4, 0xd8, 0xd0, 0x8e, 0x99, 0x29, -+ 0x7c, 0x9a, 0xe9, 0xcf, 0xc4, 0x6c, 0xf8, 0xc3, 0xa7, 0x41, 0x83, 0xd6, -+ 0x2e, 0xfa, 0xb8, 0x5e, 0x8e, 0x6b, 0x78, 0x20 -+}; -+ -+__fips_constseg static const unsigned char sha512_additionalinput2[] = { -+ 0xd7, 0x07, 0x52, 0xb9, 0x83, 0x2c, 0x03, 0x71, 0xee, 0xc9, 0xc0, 0x85, -+ 0xe1, 0x57, 0xb2, 0xcd, 0x3a, 0xf0, 0xc9, 0x34, 0x24, 0x41, 0x1c, 0x42, -+ 0x99, 0xb2, 0x84, 0xe9, 0x17, 0xd2, 0x76, 0x92 -+}; -+ -+__fips_constseg static const unsigned char sha512_returnedbits[] = { -+ 0x36, 0x17, 0x5d, 0x98, 0x2b, 0x65, 0x25, 0x8e, 0xc8, 0x29, 0xdf, 0x27, -+ 0x05, 0x36, 0x26, 0x12, 0x8a, 0x68, 0x74, 0x27, 0x37, 0xd4, 0x7f, 0x32, -+ 0xb1, 0x12, 0xd6, 0x85, 0x83, 0xeb, 0x2e, 0xa0, 0xed, 0x4b, 0xb5, 0x7b, -+ 0x6f, 0x39, 0x3c, 0x71, 0x77, 0x02, 0x12, 0xcc, 0x2c, 0x3a, 0x8e, 0x63, -+ 0xdf, 0x4a, 0xbd, 0x6f, 0x6e, 0x2e, 0xed, 0x0a, 0x85, 0xa5, 0x2f, 0xa2, -+ 0x68, 0xde, 0x42, 0xb5 -+}; -+ -+/* HMAC SHA-1 PR */ -+__fips_constseg static const unsigned char hmac_sha1_pr_entropyinput[] = { -+ 0x26, 0x5f, 0x36, 0x14, 0xff, 0x3d, 0x83, 0xfa, 0x73, 0x5e, 0x75, 0xdc, -+ 0x2c, 0x18, 0x17, 0x1b -+}; -+ -+__fips_constseg static const unsigned char hmac_sha1_pr_nonce[] = { -+ 0xc8, 0xe3, 0x57, 0xa5, 0x7b, 0x74, 0x86, 0x6e -+}; -+ -+__fips_constseg -+ static const unsigned char hmac_sha1_pr_personalizationstring[] = { -+ 0x6e, 0xdb, 0x0d, 0xfe, 0x7d, 0xac, 0x79, 0xd0, 0xa5, 0x3a, 0x48, 0x85, -+ 0x80, 0xe2, 0x7f, 0x2a -+}; -+ -+__fips_constseg static const unsigned char hmac_sha1_pr_additionalinput[] = { -+ 0x31, 0xcd, 0x5e, 0x43, 0xdc, 0xfb, 0x7a, 0x79, 0xca, 0x88, 0xde, 0x1f, -+ 0xd7, 0xbb, 0x42, 0x09 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha1_pr_entropyinputpr[] = { -+ 0x7c, 0x23, 0x95, 0x38, 0x00, 0x95, 0xc1, 0x78, 0x1f, 0x8f, 0xd7, 0x63, -+ 0x23, 0x87, 0x2a, 0xed -+}; -+ -+__fips_constseg static const unsigned char hmac_sha1_pr_int_returnedbits[] = { -+ 0xbb, 0x34, 0xe7, 0x93, 0xa3, 0x02, 0x2c, 0x4a, 0xd0, 0x89, 0xda, 0x7f, -+ 0xed, 0xf4, 0x4c, 0xde, 0x17, 0xec, 0xe5, 0x6c -+}; -+ -+__fips_constseg static const unsigned char hmac_sha1_pr_additionalinput2[] = { -+ 0x49, 0xbc, 0x2d, 0x2c, 0xb7, 0x32, 0xcb, 0x20, 0xdf, 0xf5, 0x77, 0x58, -+ 0xa0, 0x4b, 0x93, 0x6e -+}; -+ -+__fips_constseg static const unsigned char hmac_sha1_pr_entropyinputpr2[] = { -+ 0x3c, 0xaa, 0xb0, 0x21, 0x42, 0xb0, 0xdd, 0x34, 0xf0, 0x16, 0x7f, 0x0c, -+ 0x0f, 0xff, 0x2e, 0xaf -+}; -+ -+__fips_constseg static const unsigned char hmac_sha1_pr_returnedbits[] = { -+ 0x8e, 0xcb, 0xa3, 0x64, 0xb2, 0xb8, 0x33, 0x6c, 0x64, 0x3b, 0x78, 0x16, -+ 0x99, 0x35, 0xc8, 0x30, 0xcb, 0x3e, 0xa0, 0xd8 -+}; -+ -+/* HMAC SHA-1 No PR */ -+__fips_constseg static const unsigned char hmac_sha1_entropyinput[] = { -+ 0x32, 0x9a, 0x2a, 0x87, 0x7b, 0x89, 0x7c, 0xf6, 0xcb, 0x95, 0xd5, 0x40, -+ 0x17, 0xfe, 0x47, 0x70 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha1_nonce[] = { -+ 0x16, 0xd8, 0xe0, 0xc7, 0x52, 0xcf, 0x4a, 0x25 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha1_personalizationstring[] = { -+ 0x35, 0x35, 0xa9, 0xa5, 0x40, 0xbe, 0x9b, 0xd1, 0x56, 0xdd, 0x44, 0x00, -+ 0x72, 0xf7, 0xd3, 0x5e -+}; -+ -+__fips_constseg static const unsigned char hmac_sha1_additionalinput[] = { -+ 0x1b, 0x2c, 0x84, 0x2d, 0x4a, 0x89, 0x8f, 0x69, 0x19, 0xf1, 0xf3, 0xdb, -+ 0xbb, 0xe3, 0xaa, 0xea -+}; -+ -+__fips_constseg static const unsigned char hmac_sha1_int_returnedbits[] = { -+ 0xcf, 0xfa, 0x7d, 0x72, 0x0f, 0xe6, 0xc7, 0x96, 0xa0, 0x69, 0x31, 0x11, -+ 0x9b, 0x0b, 0x1a, 0x20, 0x1f, 0x3f, 0xaa, 0xd1 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha1_entropyinputreseed[] = { -+ 0x90, 0x75, 0x15, 0x04, 0x95, 0xf1, 0xba, 0x81, 0x0c, 0x37, 0x94, 0x6f, -+ 0x86, 0x52, 0x6d, 0x9c -+}; -+ -+__fips_constseg static const unsigned char hmac_sha1_additionalinputreseed[] = { -+ 0x5b, 0x40, 0xba, 0x5f, 0x17, 0x70, 0xf0, 0x4b, 0xdf, 0xc9, 0x97, 0x92, -+ 0x79, 0xc5, 0x82, 0x28 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha1_additionalinput2[] = { -+ 0x97, 0xc8, 0x80, 0x90, 0xb3, 0xaa, 0x6e, 0x60, 0xea, 0x83, 0x7a, 0xe3, -+ 0x8a, 0xca, 0xa4, 0x7f -+}; -+ -+__fips_constseg static const unsigned char hmac_sha1_returnedbits[] = { -+ 0x90, 0xbd, 0x05, 0x56, 0x6d, 0xb5, 0x22, 0xd5, 0xb9, 0x5a, 0x29, 0x2d, -+ 0xe9, 0x0b, 0xe1, 0xac, 0xde, 0x27, 0x0b, 0xb0 -+}; -+ -+/* HMAC SHA-224 PR */ -+__fips_constseg static const unsigned char hmac_sha224_pr_entropyinput[] = { -+ 0x17, 0x32, 0x2b, 0x2e, 0x6f, 0x1b, 0x9c, 0x6d, 0x31, 0xe0, 0x34, 0x07, -+ 0xcf, 0xed, 0xf6, 0xb6, 0x5a, 0x76, 0x4c, 0xbc, 0x62, 0x85, 0x01, 0x90 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha224_pr_nonce[] = { -+ 0x38, 0xbf, 0x5f, 0x20, 0xb3, 0x68, 0x2f, 0x43, 0x61, 0x05, 0x8f, 0x23 -+}; -+ -+__fips_constseg -+ static const unsigned char hmac_sha224_pr_personalizationstring[] = { -+ 0xc0, 0xc9, 0x45, 0xac, 0x8d, 0x27, 0x77, 0x08, 0x0b, 0x17, 0x6d, 0xed, -+ 0xc1, 0x7d, 0xd5, 0x07, 0x9d, 0x6e, 0xf8, 0x23, 0x2a, 0x22, 0x13, 0xbd -+}; -+ -+__fips_constseg static const unsigned char hmac_sha224_pr_additionalinput[] = { -+ 0xa4, 0x3c, 0xe7, 0x3b, 0xea, 0x19, 0x45, 0x32, 0xc2, 0x83, 0x6d, 0x21, -+ 0x8a, 0xc0, 0xee, 0x67, 0x45, 0xde, 0x13, 0x7d, 0x9d, 0x61, 0x00, 0x3b -+}; -+ -+__fips_constseg static const unsigned char hmac_sha224_pr_entropyinputpr[] = { -+ 0x15, 0x05, 0x74, 0x4a, 0x7f, 0x8d, 0x5c, 0x60, 0x16, 0xe5, 0x7b, 0xad, -+ 0xf5, 0x41, 0x8f, 0x55, 0x60, 0xc4, 0x09, 0xee, 0x1e, 0x11, 0x81, 0xab -+}; -+ -+__fips_constseg static const unsigned char hmac_sha224_pr_int_returnedbits[] = { -+ 0x6f, 0xf5, 0x9a, 0xe2, 0x54, 0x53, 0x30, 0x3d, 0x5a, 0x27, 0x29, 0x38, -+ 0x27, 0xf2, 0x0d, 0x05, 0xe9, 0x26, 0xcb, 0x16, 0xc3, 0x51, 0x5f, 0x13, -+ 0x41, 0xfe, 0x99, 0xf2 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha224_pr_additionalinput2[] = { -+ 0x73, 0x81, 0x88, 0x84, 0x8f, 0xed, 0x6f, 0x10, 0x9f, 0x93, 0xbf, 0x17, -+ 0x35, 0x7c, 0xef, 0xd5, 0x8d, 0x26, 0xa6, 0x7a, 0xe8, 0x09, 0x36, 0x4f -+}; -+ -+__fips_constseg static const unsigned char hmac_sha224_pr_entropyinputpr2[] = { -+ 0xe6, 0xcf, 0xcf, 0x7e, 0x12, 0xe5, 0x43, 0xd2, 0x38, 0xd8, 0x24, 0x6f, -+ 0x5a, 0x37, 0x68, 0xbf, 0x4f, 0xa0, 0xff, 0xd5, 0x61, 0x8a, 0x93, 0xe0 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha224_pr_returnedbits[] = { -+ 0xaf, 0xf9, 0xd8, 0x19, 0x91, 0x30, 0x82, 0x6f, 0xa9, 0x1e, 0x9d, 0xd7, -+ 0xf3, 0x50, 0xe0, 0xc7, 0xd5, 0x64, 0x96, 0x7d, 0x4c, 0x4d, 0x78, 0x03, -+ 0x6d, 0xd8, 0x9e, 0x72 -+}; -+ -+/* HMAC SHA-224 No PR */ -+__fips_constseg static const unsigned char hmac_sha224_entropyinput[] = { -+ 0x11, 0x82, 0xfd, 0xd9, 0x42, 0xf4, 0xfa, 0xc8, 0xf2, 0x41, 0xe6, 0x54, -+ 0x01, 0xae, 0x22, 0x6e, 0xc6, 0xaf, 0xaf, 0xd0, 0xa6, 0xb2, 0xe2, 0x6d -+}; -+ -+__fips_constseg static const unsigned char hmac_sha224_nonce[] = { -+ 0xa9, 0x48, 0xd7, 0x92, 0x39, 0x7e, 0x2a, 0xdc, 0x30, 0x1f, 0x0e, 0x2b -+}; -+ -+__fips_constseg -+ static const unsigned char hmac_sha224_personalizationstring[] = { -+ 0x11, 0xd5, 0xf4, 0xbd, 0x67, 0x8c, 0x31, 0xcf, 0xa3, 0x3f, 0x1e, 0x6b, -+ 0xa8, 0x07, 0x02, 0x0b, 0xc8, 0x2e, 0x6c, 0x64, 0x41, 0x5b, 0xc8, 0x37 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha224_additionalinput[] = { -+ 0x68, 0x18, 0xc2, 0x06, 0xeb, 0x3e, 0x04, 0x95, 0x44, 0x5e, 0xfb, 0xe6, -+ 0x41, 0xc1, 0x5c, 0xcc, 0x40, 0x2f, 0xb7, 0xd2, 0x0f, 0xf3, 0x6b, 0xe7 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha224_int_returnedbits[] = { -+ 0x7f, 0x45, 0xc7, 0x5d, 0x32, 0xe6, 0x17, 0x60, 0xba, 0xdc, 0xb8, 0x42, -+ 0x1b, 0x9c, 0xf1, 0xfa, 0x3b, 0x4d, 0x29, 0x54, 0xc6, 0x90, 0xff, 0x5c, -+ 0xcd, 0xd6, 0xa9, 0xcc -+}; -+ -+__fips_constseg static const unsigned char hmac_sha224_entropyinputreseed[] = { -+ 0xc4, 0x8e, 0x37, 0x95, 0x69, 0x53, 0x28, 0xd7, 0x37, 0xbb, 0x70, 0x95, -+ 0x1c, 0x07, 0x1d, 0xd9, 0xb7, 0xe6, 0x1b, 0xbb, 0xfe, 0x41, 0xeb, 0xc9 -+}; -+ -+__fips_constseg -+ static const unsigned char hmac_sha224_additionalinputreseed[] = { -+ 0x53, 0x17, 0xa1, 0x6a, 0xfa, 0x77, 0x47, 0xb0, 0x95, 0x56, 0x9a, 0x20, -+ 0x57, 0xde, 0x5c, 0x89, 0x9f, 0x7f, 0xe2, 0xde, 0x17, 0x3a, 0x50, 0x23 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha224_additionalinput2[] = { -+ 0x3a, 0x32, 0xf9, 0x85, 0x0c, 0xc1, 0xed, 0x76, 0x2d, 0xdf, 0x40, 0xc3, -+ 0x06, 0x22, 0x66, 0xd4, 0x9a, 0x9a, 0xff, 0x5a, 0x7e, 0x7a, 0xf3, 0x96 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha224_returnedbits[] = { -+ 0x43, 0xb4, 0x57, 0x5c, 0x38, 0x25, 0x9d, 0xae, 0xec, 0x96, 0xd1, 0x85, -+ 0x3a, 0x84, 0x8d, 0xfe, 0x68, 0xd5, 0x0e, 0x5c, 0x8f, 0x65, 0xa5, 0x4e, -+ 0x45, 0x84, 0xa8, 0x94 -+}; -+ -+/* HMAC SHA-256 PR */ -+__fips_constseg static const unsigned char hmac_sha256_pr_entropyinput[] = { -+ 0x4d, 0xb0, 0x43, 0xd8, 0x34, 0x4b, 0x10, 0x70, 0xb1, 0x8b, 0xed, 0xea, -+ 0x07, 0x92, 0x9f, 0x6c, 0x79, 0x31, 0xaf, 0x81, 0x29, 0xeb, 0x6e, 0xca, -+ 0x32, 0x48, 0x28, 0xe7, 0x02, 0x5d, 0xa6, 0xa6 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha256_pr_nonce[] = { -+ 0x3a, 0xae, 0x15, 0xa9, 0x99, 0xdc, 0xe4, 0x67, 0x34, 0x3b, 0x70, 0x15, -+ 0xaa, 0xd3, 0x30, 0x9a -+}; -+ -+__fips_constseg -+ static const unsigned char hmac_sha256_pr_personalizationstring[] = { -+ 0x13, 0x1d, 0x24, 0x04, 0xb0, 0x18, 0x81, 0x15, 0x21, 0x51, 0x2a, 0x24, -+ 0x52, 0x61, 0xbe, 0x64, 0x82, 0x6b, 0x55, 0x2f, 0xe2, 0xf1, 0x40, 0x7d, -+ 0x71, 0xd8, 0x01, 0x86, 0x15, 0xb7, 0x8b, 0xb5 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha256_pr_additionalinput[] = { -+ 0x8f, 0xa6, 0x54, 0x5f, 0xb1, 0xd0, 0xd8, 0xc3, 0xe7, 0x0c, 0x15, 0xa9, -+ 0x23, 0x6e, 0xfe, 0xfb, 0x93, 0xf7, 0x3a, 0xbd, 0x59, 0x01, 0xfa, 0x18, -+ 0x8e, 0xe9, 0x1a, 0xa9, 0x78, 0xfc, 0x79, 0x0b -+}; -+ -+__fips_constseg static const unsigned char hmac_sha256_pr_entropyinputpr[] = { -+ 0xcf, 0x24, 0xb9, 0xeb, 0xb3, 0xd4, 0xcd, 0x17, 0x37, 0x38, 0x75, 0x79, -+ 0x15, 0xcb, 0x2d, 0x75, 0x51, 0xf1, 0xcc, 0xaa, 0x32, 0xa4, 0xa7, 0x36, -+ 0x7c, 0x5c, 0xe4, 0x47, 0xf1, 0x3e, 0x1d, 0xe5 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha256_pr_int_returnedbits[] = { -+ 0x52, 0x42, 0xfa, 0xeb, 0x85, 0xe0, 0x30, 0x22, 0x79, 0x00, 0x16, 0xb2, -+ 0x88, 0x2f, 0x14, 0x6a, 0xb7, 0xfc, 0xb7, 0x53, 0xdc, 0x4a, 0x12, 0xef, -+ 0x54, 0xd6, 0x33, 0xe9, 0x20, 0xd6, 0xfd, 0x56 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha256_pr_additionalinput2[] = { -+ 0xf4, 0xf6, 0x49, 0xa1, 0x2d, 0x64, 0x2b, 0x30, 0x58, 0xf8, 0xbd, 0xb8, -+ 0x75, 0xeb, 0xbb, 0x5e, 0x1c, 0x9b, 0x81, 0x6a, 0xda, 0x14, 0x86, 0x6e, -+ 0xd0, 0xda, 0x18, 0xb7, 0x88, 0xfb, 0x59, 0xf3 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha256_pr_entropyinputpr2[] = { -+ 0x21, 0xcd, 0x6e, 0x46, 0xad, 0x99, 0x07, 0x17, 0xb4, 0x3d, 0x76, 0x0a, -+ 0xff, 0x5b, 0x52, 0x50, 0x78, 0xdf, 0x1f, 0x24, 0x06, 0x0d, 0x3f, 0x74, -+ 0xa9, 0xc9, 0x37, 0xcf, 0xd8, 0x26, 0x25, 0x91 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha256_pr_returnedbits[] = { -+ 0xa7, 0xaf, 0x2f, 0x29, 0xe0, 0x3a, 0x72, 0x95, 0x96, 0x1c, 0xa9, 0xf0, -+ 0x4a, 0x17, 0x4d, 0x66, 0x06, 0x10, 0xbf, 0x39, 0x89, 0x88, 0xb8, 0x91, -+ 0x37, 0x18, 0x99, 0xcf, 0x8c, 0x53, 0x3b, 0x7e -+}; -+ -+/* HMAC SHA-256 No PR */ -+__fips_constseg static const unsigned char hmac_sha256_entropyinput[] = { -+ 0x96, 0xb7, 0x53, 0x22, 0x1e, 0x52, 0x2a, 0x96, 0xb1, 0x15, 0x3c, 0x35, -+ 0x5a, 0x8b, 0xd3, 0x4a, 0xa6, 0x6c, 0x83, 0x0a, 0x7d, 0xa3, 0x23, 0x3d, -+ 0x43, 0xa1, 0x07, 0x2c, 0x2d, 0xe3, 0x81, 0xcc -+}; -+ -+__fips_constseg static const unsigned char hmac_sha256_nonce[] = { -+ 0xf1, 0xac, 0x97, 0xcb, 0x5e, 0x06, 0x48, 0xd2, 0x94, 0xbe, 0x15, 0x2e, -+ 0xc7, 0xfc, 0xc2, 0x01 -+}; -+ -+__fips_constseg -+ static const unsigned char hmac_sha256_personalizationstring[] = { -+ 0x98, 0xc5, 0x1e, 0x35, 0x5e, 0x89, 0x0d, 0xce, 0x64, 0x6d, 0x18, 0xa7, -+ 0x5a, 0xc6, 0xf3, 0xe7, 0xd6, 0x9e, 0xc0, 0xea, 0xb7, 0x3a, 0x8d, 0x65, -+ 0xb8, 0xeb, 0x10, 0xd7, 0x57, 0x18, 0xa0, 0x32 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha256_additionalinput[] = { -+ 0x1b, 0x10, 0xaf, 0xac, 0xd0, 0x65, 0x95, 0xad, 0x04, 0xad, 0x03, 0x1c, -+ 0xe0, 0x40, 0xd6, 0x3e, 0x1c, 0x46, 0x53, 0x39, 0x7c, 0xe2, 0xbc, 0xda, -+ 0x8c, 0xa2, 0x33, 0xa7, 0x9a, 0x26, 0xd3, 0x27 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha256_int_returnedbits[] = { -+ 0xba, 0x61, 0x0e, 0x55, 0xfe, 0x11, 0x8a, 0x9e, 0x0f, 0x80, 0xdf, 0x1d, -+ 0x03, 0x0a, 0xfe, 0x15, 0x94, 0x28, 0x4b, 0xba, 0xf4, 0x9f, 0x51, 0x25, -+ 0x88, 0xe5, 0x4e, 0xfb, 0xaf, 0xce, 0x69, 0x90 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha256_entropyinputreseed[] = { -+ 0x62, 0x7f, 0x1e, 0x6b, 0xe8, 0x8e, 0xe1, 0x35, 0x7d, 0x9b, 0x4f, 0xc7, -+ 0xec, 0xc8, 0xac, 0xef, 0x6b, 0x13, 0x9e, 0x05, 0x56, 0xc1, 0x08, 0xf9, -+ 0x2f, 0x0f, 0x27, 0x9c, 0xd4, 0x15, 0xed, 0x2d -+}; -+ -+__fips_constseg -+ static const unsigned char hmac_sha256_additionalinputreseed[] = { -+ 0xc7, 0x76, 0x6e, 0xa9, 0xd2, 0xb2, 0x76, 0x40, 0x82, 0x25, 0x2c, 0xb3, -+ 0x6f, 0xac, 0xe9, 0x74, 0xef, 0x8f, 0x3c, 0x8e, 0xcd, 0xf1, 0xbf, 0xb3, -+ 0x49, 0x77, 0x34, 0x88, 0x52, 0x36, 0xe6, 0x2e -+}; -+ -+__fips_constseg static const unsigned char hmac_sha256_additionalinput2[] = { -+ 0x8d, 0xb8, 0x0c, 0xd1, 0xbf, 0x70, 0xf6, 0x19, 0xc3, 0x41, 0x80, 0x9f, -+ 0xe1, 0xa5, 0xa4, 0x1f, 0x2c, 0x26, 0xb1, 0xe5, 0xd8, 0xeb, 0xbe, 0xf8, -+ 0xdf, 0x88, 0x6a, 0x89, 0xd6, 0x05, 0xd8, 0x9d -+}; -+ -+__fips_constseg static const unsigned char hmac_sha256_returnedbits[] = { -+ 0x43, 0x12, 0x2a, 0x2c, 0x40, 0x53, 0x2e, 0x7c, 0x66, 0x34, 0xac, 0xc3, -+ 0x43, 0xe3, 0xe0, 0x6a, 0xfc, 0xfa, 0xea, 0x87, 0x21, 0x1f, 0xe2, 0x26, -+ 0xc4, 0xf9, 0x09, 0x9a, 0x0d, 0x6e, 0x7f, 0xe0 -+}; -+ -+/* HMAC SHA-384 PR */ -+__fips_constseg static const unsigned char hmac_sha384_pr_entropyinput[] = { -+ 0x69, 0x81, 0x98, 0x88, 0x44, 0xf5, 0xd6, 0x2e, 0x00, 0x08, 0x3b, 0xc5, -+ 0xfb, 0xd7, 0x8e, 0x6f, 0x23, 0xf8, 0x6d, 0x09, 0xd6, 0x85, 0x49, 0xd1, -+ 0xf8, 0x6d, 0xa4, 0x58, 0x54, 0xfd, 0x88, 0xa9 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha384_pr_nonce[] = { -+ 0x6e, 0x38, 0x81, 0xca, 0xb7, 0xe8, 0x6e, 0x66, 0x49, 0x8a, 0xb2, 0x59, -+ 0xee, 0x16, 0xc9, 0xde -+}; -+ -+__fips_constseg -+ static const unsigned char hmac_sha384_pr_personalizationstring[] = { -+ 0xfe, 0x4c, 0xd9, 0xf4, 0x78, 0x3b, 0x08, 0x41, 0x8d, 0x8f, 0x55, 0xc4, -+ 0x43, 0x56, 0xb6, 0x12, 0x36, 0x6b, 0x30, 0xb7, 0x5e, 0xe1, 0xb9, 0x47, -+ 0x04, 0xb1, 0x4e, 0xa9, 0x00, 0xa1, 0x52, 0xa1 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha384_pr_additionalinput[] = { -+ 0x89, 0xe9, 0xcc, 0x8f, 0x27, 0x3c, 0x26, 0xd1, 0x95, 0xc8, 0x7d, 0x0f, -+ 0x5b, 0x1a, 0xf0, 0x78, 0x39, 0x56, 0x6f, 0xa4, 0x23, 0xe7, 0xd1, 0xda, -+ 0x7c, 0x66, 0x33, 0xa0, 0x90, 0xc9, 0x92, 0x88 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha384_pr_entropyinputpr[] = { -+ 0xbe, 0x3d, 0x7c, 0x0d, 0xca, 0xda, 0x7c, 0x49, 0xb8, 0x12, 0x36, 0xc0, -+ 0xdb, 0xad, 0x35, 0xa8, 0xc7, 0x0b, 0x2a, 0x2c, 0x69, 0x6d, 0x25, 0x56, -+ 0x63, 0x82, 0x11, 0x3e, 0xa7, 0x33, 0x70, 0x72 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha384_pr_int_returnedbits[] = { -+ 0x82, 0x3d, 0xe6, 0x54, 0x80, 0x42, 0xf8, 0xba, 0x90, 0x4f, 0x06, 0xa6, -+ 0xd2, 0x7f, 0xbf, 0x79, 0x7c, 0x12, 0x7d, 0xa6, 0xa2, 0x66, 0xe8, 0xa6, -+ 0xc0, 0xd6, 0x4a, 0x55, 0xbf, 0xd8, 0x0a, 0xc5, 0xf8, 0x03, 0x88, 0xdd, -+ 0x8e, 0x87, 0xd1, 0x5a, 0x48, 0x26, 0x72, 0x2a, 0x8e, 0xcf, 0xee, 0xba -+}; -+ -+__fips_constseg static const unsigned char hmac_sha384_pr_additionalinput2[] = { -+ 0x8f, 0xff, 0xd9, 0x84, 0xbb, 0x85, 0x3a, 0x66, 0xa1, 0x21, 0xce, 0xb2, -+ 0x3a, 0x3a, 0x17, 0x22, 0x19, 0xae, 0xc7, 0xb6, 0x63, 0x81, 0xd5, 0xff, -+ 0x0d, 0xc8, 0xe1, 0xaf, 0x57, 0xd2, 0xcb, 0x60 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha384_pr_entropyinputpr2[] = { -+ 0xd7, 0xfb, 0xc9, 0xe8, 0xe2, 0xf2, 0xaa, 0x4c, 0xb8, 0x51, 0x2f, 0xe1, -+ 0x22, 0xba, 0xf3, 0xda, 0x0a, 0x19, 0x76, 0x71, 0x57, 0xb2, 0x1d, 0x94, -+ 0x09, 0x69, 0x6c, 0xd3, 0x97, 0x51, 0x81, 0x87 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha384_pr_returnedbits[] = { -+ 0xe6, 0x19, 0x28, 0xa8, 0x21, 0xce, 0x5e, 0xdb, 0x24, 0x79, 0x8c, 0x76, -+ 0x5d, 0x73, 0xb2, 0xdf, 0xac, 0xef, 0x85, 0xa7, 0x3b, 0x19, 0x09, 0x8b, -+ 0x7f, 0x98, 0x28, 0xa9, 0x93, 0xd8, 0x7a, 0xad, 0x55, 0x8b, 0x24, 0x9d, -+ 0xe6, 0x98, 0xfe, 0x47, 0xd5, 0x48, 0xc1, 0x23, 0xd8, 0x1d, 0x62, 0x75 -+}; -+ -+/* HMAC SHA-384 No PR */ -+__fips_constseg static const unsigned char hmac_sha384_entropyinput[] = { -+ 0xc3, 0x56, 0x2b, 0x1d, 0xc2, 0xbb, 0xa8, 0xf0, 0xae, 0x1b, 0x0d, 0xd3, -+ 0x5a, 0x6c, 0xda, 0x57, 0x8e, 0xa5, 0x8a, 0x0d, 0x6c, 0x4b, 0x18, 0xb1, -+ 0x04, 0x3e, 0xb4, 0x99, 0x35, 0xc4, 0xc0, 0x5f -+}; -+ -+__fips_constseg static const unsigned char hmac_sha384_nonce[] = { -+ 0xc5, 0x49, 0x1e, 0x66, 0x27, 0x92, 0xbe, 0xec, 0xb5, 0x1e, 0x4b, 0xb1, -+ 0x38, 0xe3, 0xeb, 0x62 -+}; -+ -+__fips_constseg -+ static const unsigned char hmac_sha384_personalizationstring[] = { -+ 0xbe, 0xe7, 0x6b, 0x57, 0xde, 0x88, 0x11, 0x96, 0x9b, 0x6e, 0xea, 0xe5, -+ 0x63, 0x83, 0x4c, 0xb6, 0x8d, 0x66, 0xaa, 0x1f, 0x8b, 0x54, 0xe7, 0x62, -+ 0x6d, 0x5a, 0xfc, 0xbf, 0x97, 0xba, 0xcd, 0x77 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha384_additionalinput[] = { -+ 0xe5, 0x28, 0x5f, 0x43, 0xf5, 0x83, 0x6e, 0x0a, 0x83, 0x5c, 0xe3, 0x81, -+ 0x03, 0xf2, 0xf8, 0x78, 0x00, 0x7c, 0x95, 0x87, 0x16, 0xd6, 0x6c, 0x58, -+ 0x33, 0x6c, 0x53, 0x35, 0x0d, 0x66, 0xe3, 0xce -+}; -+ -+__fips_constseg static const unsigned char hmac_sha384_int_returnedbits[] = { -+ 0xe2, 0x1f, 0xf3, 0xda, 0x0d, 0x19, 0x99, 0x87, 0xc4, 0x90, 0xa2, 0x31, -+ 0xca, 0x2a, 0x89, 0x58, 0x43, 0x44, 0xb8, 0xde, 0xcf, 0xa4, 0xbe, 0x3b, -+ 0x53, 0x26, 0x22, 0x31, 0x76, 0x41, 0x22, 0xb5, 0xa8, 0x70, 0x2f, 0x4b, -+ 0x64, 0x95, 0x4d, 0x48, 0x96, 0x35, 0xe6, 0xbd, 0x3c, 0x34, 0xdb, 0x1b -+}; -+ -+__fips_constseg static const unsigned char hmac_sha384_entropyinputreseed[] = { -+ 0x77, 0x61, 0xba, 0xbc, 0xf2, 0xc1, 0xf3, 0x4b, 0x86, 0x65, 0xfd, 0x48, -+ 0x0e, 0x3c, 0x02, 0x5e, 0xa2, 0x7a, 0x6b, 0x7c, 0xed, 0x21, 0x5e, 0xf9, -+ 0xcd, 0xcd, 0x77, 0x07, 0x2b, 0xbe, 0xc5, 0x5c -+}; -+ -+__fips_constseg -+ static const unsigned char hmac_sha384_additionalinputreseed[] = { -+ 0x18, 0x24, 0x5f, 0xc6, 0x84, 0xd1, 0x67, 0xc3, 0x9a, 0x11, 0xa5, 0x8c, -+ 0x07, 0x39, 0x21, 0x83, 0x4d, 0x04, 0xc4, 0x6a, 0x28, 0x19, 0xcf, 0x92, -+ 0x21, 0xd9, 0x9e, 0x41, 0x72, 0x6c, 0x9e, 0x63 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha384_additionalinput2[] = { -+ 0x96, 0x67, 0x41, 0x28, 0x9b, 0xb7, 0x92, 0x8d, 0x64, 0x3b, 0xe4, 0xcf, -+ 0x7e, 0xaa, 0x1e, 0xb1, 0x4b, 0x1d, 0x09, 0x56, 0x67, 0x9c, 0xc6, 0x6d, -+ 0x3b, 0xe8, 0x91, 0x9d, 0xe1, 0x8a, 0xb7, 0x32 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha384_returnedbits[] = { -+ 0xe3, 0x59, 0x61, 0x38, 0x92, 0xec, 0xe2, 0x3c, 0xff, 0xb7, 0xdb, 0x19, -+ 0x0f, 0x5b, 0x93, 0x68, 0x0d, 0xa4, 0x94, 0x40, 0x72, 0x0b, 0xe0, 0xed, -+ 0x4d, 0xcd, 0x68, 0xa0, 0x1e, 0xfe, 0x67, 0xb2, 0xfa, 0x21, 0x56, 0x74, -+ 0xa4, 0xad, 0xcf, 0xb7, 0x60, 0x66, 0x2e, 0x40, 0xde, 0x82, 0xca, 0xfb -+}; -+ -+/* HMAC SHA-512 PR */ -+__fips_constseg static const unsigned char hmac_sha512_pr_entropyinput[] = { -+ 0xaa, 0x9e, 0x45, 0x67, 0x0e, 0x00, 0x2a, 0x67, 0x98, 0xd6, 0xda, 0x0b, -+ 0x0f, 0x17, 0x7e, 0xac, 0xfd, 0x27, 0xc4, 0xca, 0x84, 0xdf, 0xde, 0xba, -+ 0x85, 0xd9, 0xbe, 0x8f, 0xf3, 0xff, 0x91, 0x4d -+}; -+ -+__fips_constseg static const unsigned char hmac_sha512_pr_nonce[] = { -+ 0x8c, 0x49, 0x2f, 0x58, 0x1e, 0x7a, 0xda, 0x4b, 0x7e, 0x8a, 0x30, 0x7b, -+ 0x86, 0xea, 0xaf, 0xa2 -+}; -+ -+__fips_constseg -+ static const unsigned char hmac_sha512_pr_personalizationstring[] = { -+ 0x71, 0xe1, 0xbb, 0xad, 0xa7, 0x4b, 0x2e, 0x31, 0x3b, 0x0b, 0xec, 0x24, -+ 0x99, 0x38, 0xbc, 0xaa, 0x05, 0x4c, 0x46, 0x44, 0xfa, 0xad, 0x8e, 0x02, -+ 0xc1, 0x7e, 0xad, 0xec, 0x54, 0xa6, 0xd0, 0xad -+}; -+ -+__fips_constseg static const unsigned char hmac_sha512_pr_additionalinput[] = { -+ 0x3d, 0x6e, 0xa6, 0xa8, 0x29, 0x2a, 0xb2, 0xf5, 0x98, 0x42, 0xe4, 0x92, -+ 0x78, 0x22, 0x67, 0xfd, 0x1b, 0x15, 0x1e, 0x29, 0xaa, 0x71, 0x3c, 0x3c, -+ 0xe7, 0x05, 0x20, 0xa9, 0x29, 0xc6, 0x75, 0x71 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha512_pr_entropyinputpr[] = { -+ 0xab, 0xb9, 0x16, 0xd8, 0x55, 0x35, 0x54, 0xb7, 0x97, 0x3f, 0x94, 0xbc, -+ 0x2f, 0x7c, 0x70, 0xc7, 0xd0, 0xed, 0xb7, 0x4b, 0xf7, 0xf6, 0x6c, 0x03, -+ 0x0c, 0xb0, 0x03, 0xd8, 0xbb, 0x71, 0xd9, 0x10 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha512_pr_int_returnedbits[] = { -+ 0x8e, 0xd3, 0xfd, 0x52, 0x9e, 0x83, 0x08, 0x49, 0x18, 0x6e, 0x23, 0x56, -+ 0x5c, 0x45, 0x93, 0x34, 0x05, 0xe2, 0x98, 0x8f, 0x0c, 0xd4, 0x32, 0x0c, -+ 0xfd, 0xda, 0x5f, 0x92, 0x3a, 0x8c, 0x81, 0xbd, 0xf6, 0x6c, 0x55, 0xfd, -+ 0xb8, 0x20, 0xce, 0x8d, 0x97, 0x27, 0xe8, 0xe8, 0xe0, 0xb3, 0x85, 0x50, -+ 0xa2, 0xc2, 0xb2, 0x95, 0x1d, 0x48, 0xd3, 0x7b, 0x4b, 0x78, 0x13, 0x35, -+ 0x05, 0x17, 0xbe, 0x0d -+}; -+ -+__fips_constseg static const unsigned char hmac_sha512_pr_additionalinput2[] = { -+ 0xc3, 0xfc, 0x95, 0xaa, 0x69, 0x06, 0xae, 0x59, 0x41, 0xce, 0x26, 0x08, -+ 0x29, 0x6d, 0x45, 0xda, 0xe8, 0xb3, 0x6c, 0x95, 0x60, 0x0f, 0x70, 0x2c, -+ 0x10, 0xba, 0x38, 0x8c, 0xcf, 0x29, 0x99, 0xaa -+}; -+ -+__fips_constseg static const unsigned char hmac_sha512_pr_entropyinputpr2[] = { -+ 0x3b, 0x9a, 0x25, 0xce, 0xd7, 0xf9, 0x5c, 0xd1, 0x3a, 0x3e, 0xaa, 0x71, -+ 0x14, 0x3e, 0x19, 0xe8, 0xce, 0xe6, 0xfe, 0x51, 0x84, 0xe9, 0x1b, 0xfe, -+ 0x3f, 0xa7, 0xf2, 0xfd, 0x76, 0x5f, 0x6a, 0xe7 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha512_pr_returnedbits[] = { -+ 0xb7, 0x82, 0xa9, 0x57, 0x81, 0x67, 0x53, 0xb5, 0xa1, 0xe9, 0x3d, 0x35, -+ 0xf9, 0xe4, 0x97, 0xbe, 0xa6, 0xca, 0xf1, 0x01, 0x13, 0x09, 0xe7, 0x21, -+ 0xc0, 0xed, 0x93, 0x5d, 0x4b, 0xf4, 0xeb, 0x8d, 0x53, 0x25, 0x8a, 0xc4, -+ 0xb1, 0x6f, 0x6e, 0x37, 0xcd, 0x2e, 0xac, 0x39, 0xb2, 0xb6, 0x99, 0xa3, -+ 0x82, 0x00, 0xb0, 0x21, 0xf0, 0xc7, 0x2f, 0x4c, 0x73, 0x92, 0xfd, 0x00, -+ 0xb6, 0xaf, 0xbc, 0xd3 -+}; -+ -+/* HMAC SHA-512 No PR */ -+__fips_constseg static const unsigned char hmac_sha512_entropyinput[] = { -+ 0x6e, 0x85, 0xe6, 0x25, 0x96, 0x29, 0xa7, 0x52, 0x5b, 0x60, 0xba, 0xaa, -+ 0xde, 0xdb, 0x36, 0x0a, 0x51, 0x9a, 0x15, 0xae, 0x6e, 0x18, 0xd3, 0xfe, -+ 0x39, 0xb9, 0x4a, 0x96, 0xf8, 0x77, 0xcb, 0x95 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha512_nonce[] = { -+ 0xe0, 0xa6, 0x5d, 0x08, 0xc3, 0x7c, 0xae, 0x25, 0x2e, 0x80, 0xd1, 0x3e, -+ 0xd9, 0xaf, 0x43, 0x3c -+}; -+ -+__fips_constseg -+ static const unsigned char hmac_sha512_personalizationstring[] = { -+ 0x53, 0x99, 0x52, 0x5f, 0x11, 0xa9, 0x64, 0x66, 0x20, 0x5e, 0x1b, 0x5f, -+ 0x42, 0xb3, 0xf4, 0xda, 0xed, 0xbb, 0x63, 0xc1, 0x23, 0xaf, 0xd0, 0x01, -+ 0x90, 0x3b, 0xd0, 0x78, 0xe4, 0x0b, 0xa7, 0x20 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha512_additionalinput[] = { -+ 0x85, 0x90, 0x80, 0xd3, 0x98, 0xf1, 0x53, 0x6d, 0x68, 0x15, 0x8f, 0xe5, -+ 0x60, 0x3f, 0x17, 0x29, 0x55, 0x8d, 0x33, 0xb1, 0x45, 0x64, 0x64, 0x8d, -+ 0x50, 0x21, 0x89, 0xae, 0xf6, 0xfd, 0x32, 0x73 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha512_int_returnedbits[] = { -+ 0x28, 0x56, 0x30, 0x6f, 0xf4, 0xa1, 0x48, 0xe0, 0xc9, 0xf5, 0x75, 0x90, -+ 0xcc, 0xfb, 0xdf, 0xdf, 0x71, 0x3d, 0x0a, 0x9a, 0x03, 0x65, 0x3b, 0x18, -+ 0x61, 0xe3, 0xd1, 0xda, 0xcc, 0x4a, 0xfe, 0x55, 0x38, 0xf8, 0x21, 0x6b, -+ 0xfa, 0x18, 0x01, 0x42, 0x39, 0x2f, 0x99, 0x53, 0x38, 0x15, 0x82, 0x34, -+ 0xc5, 0x93, 0x92, 0xbc, 0x4d, 0x75, 0x1a, 0x5f, 0x21, 0x27, 0xcc, 0xa1, -+ 0xb1, 0x57, 0x69, 0xe8 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha512_entropyinputreseed[] = { -+ 0x8c, 0x52, 0x7e, 0x77, 0x72, 0x3f, 0xa3, 0x04, 0x97, 0x10, 0x9b, 0x41, -+ 0xbd, 0xe8, 0xff, 0x89, 0xed, 0x80, 0xe3, 0xbd, 0xaa, 0x12, 0x2d, 0xca, -+ 0x75, 0x82, 0x36, 0x77, 0x88, 0xcd, 0xa6, 0x73 -+}; -+ -+__fips_constseg -+ static const unsigned char hmac_sha512_additionalinputreseed[] = { -+ 0x7e, 0x32, 0xe3, 0x69, 0x69, 0x07, 0x34, 0xa2, 0x16, 0xa2, 0x5d, 0x1a, -+ 0x10, 0x91, 0xd3, 0xe2, 0x21, 0xa2, 0xa3, 0xdd, 0xcd, 0x0c, 0x09, 0x86, -+ 0x11, 0xe1, 0x50, 0xff, 0x5c, 0xb7, 0xeb, 0x5c -+}; -+ -+__fips_constseg static const unsigned char hmac_sha512_additionalinput2[] = { -+ 0x7f, 0x78, 0x66, 0xd8, 0xfb, 0x67, 0xcf, 0x8d, 0x8c, 0x08, 0x30, 0xa5, -+ 0xf8, 0x7d, 0xcf, 0x44, 0x59, 0xce, 0xf8, 0xdf, 0x58, 0xd3, 0x60, 0xcb, -+ 0xa8, 0x60, 0xb9, 0x07, 0xc4, 0xb1, 0x95, 0x48 -+}; -+ -+__fips_constseg static const unsigned char hmac_sha512_returnedbits[] = { -+ 0xdf, 0xa7, 0x36, 0xd4, 0xdc, 0x5d, 0x4d, 0x31, 0xad, 0x69, 0x46, 0x9f, -+ 0xf1, 0x7c, 0xd7, 0x3b, 0x4f, 0x55, 0xf2, 0xd7, 0xb9, 0x9d, 0xad, 0x7a, -+ 0x79, 0x08, 0x59, 0xa5, 0xdc, 0x74, 0xf5, 0x9b, 0x73, 0xd2, 0x13, 0x25, -+ 0x0b, 0x81, 0x08, 0x08, 0x25, 0xfb, 0x39, 0xf2, 0xf0, 0xa3, 0xa4, 0x8d, -+ 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, -+ 0xc2, 0xd6, 0xfd, 0xa5 -+}; -diff -up openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c ---- openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c.fips 2021-03-03 12:57:42.200734534 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c 2021-03-03 12:57:42.200734534 +0100 -@@ -0,0 +1,195 @@ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include -+#include -+#include -+#include -+#include "crypto/fips.h" -+#include -+#include -+#include -+#include "fips_locl.h" -+ -+#ifdef OPENSSL_FIPS -+ -+static const unsigned char dsa_test_2048_p[] = { -+ 0xa8, 0x53, 0x78, 0xd8, 0xfd, 0x3f, 0x8d, 0x72, 0xec, 0x74, 0x18, 0x08, -+ 0x0d, 0xa2, 0x13, 0x17, 0xe4, 0x3e, 0xc4, 0xb6, 0x2b, 0xa8, 0xc8, 0x62, -+ 0x3b, 0x7e, 0x4d, 0x04, 0x44, 0x1d, 0xd1, 0xa0, 0x65, 0x86, 0x62, 0x59, -+ 0x64, 0x93, 0xca, 0x8e, 0x9e, 0x8f, 0xbb, 0x7e, 0x34, 0xaa, 0xdd, 0xb6, -+ 0x2e, 0x5d, 0x67, 0xb6, 0xd0, 0x9a, 0x6e, 0x61, 0xb7, 0x69, 0xe7, 0xc3, -+ 0x52, 0xaa, 0x2b, 0x10, 0xe2, 0x0c, 0xa0, 0x63, 0x69, 0x63, 0xb5, 0x52, -+ 0x3e, 0x86, 0x47, 0x0d, 0xec, 0xbb, 0xed, 0xa0, 0x27, 0xe7, 0x97, 0xe7, -+ 0xb6, 0x76, 0x35, 0xd4, 0xd4, 0x9c, 0x30, 0x70, 0x0e, 0x74, 0xaf, 0x8a, -+ 0x0f, 0xf1, 0x56, 0xa8, 0x01, 0xaf, 0x57, 0xa2, 0x6e, 0x70, 0x78, 0xf1, -+ 0xd8, 0x2f, 0x74, 0x90, 0x8e, 0xcb, 0x6d, 0x07, 0xe7, 0x0b, 0x35, 0x03, -+ 0xee, 0xd9, 0x4f, 0xa3, 0x2c, 0xf1, 0x7a, 0x7f, 0xc3, 0xd6, 0xcf, 0x40, -+ 0xdc, 0x7b, 0x00, 0x83, 0x0e, 0x6a, 0x25, 0x66, 0xdc, 0x07, 0x3e, 0x34, -+ 0x33, 0x12, 0x51, 0x7c, 0x6a, 0xa5, 0x15, 0x2b, 0x4b, 0xfe, 0xcd, 0x2e, -+ 0x55, 0x1f, 0xee, 0x34, 0x63, 0x18, 0xa1, 0x53, 0x42, 0x3c, 0x99, 0x6b, -+ 0x0d, 0x5d, 0xcb, 0x91, 0x02, 0xae, 0xdd, 0x38, 0x79, 0x86, 0x16, 0xf1, -+ 0xf1, 0xe0, 0xd6, 0xc4, 0x03, 0x52, 0x5b, 0x1f, 0x9b, 0x3d, 0x4d, 0xc7, -+ 0x66, 0xde, 0x2d, 0xfc, 0x4a, 0x56, 0xd7, 0xb8, 0xba, 0x59, 0x63, 0xd6, -+ 0x0f, 0x3e, 0x16, 0x31, 0x88, 0x70, 0xad, 0x43, 0x69, 0x52, 0xe5, 0x57, -+ 0x65, 0x37, 0x4e, 0xab, 0x85, 0xe8, 0xec, 0x17, 0xd6, 0xb9, 0xa4, 0x54, -+ 0x7b, 0x9b, 0x5f, 0x27, 0x52, 0xf3, 0x10, 0x5b, 0xe8, 0x09, 0xb2, 0x3a, -+ 0x2c, 0x8d, 0x74, 0x69, 0xdb, 0x02, 0xe2, 0x4d, 0x59, 0x23, 0x94, 0xa7, -+ 0xdb, 0xa0, 0x69, 0xe9 -+}; -+ -+static const unsigned char dsa_test_2048_q[] = { -+ 0xd2, 0x77, 0x04, 0x4e, 0x50, 0xf5, 0xa4, 0xe3, 0xf5, 0x10, 0xa5, 0x0a, -+ 0x0b, 0x84, 0xfd, 0xff, 0xbc, 0xa0, 0x47, 0xed, 0x27, 0x60, 0x20, 0x56, -+ 0x74, 0x41, 0xa0, 0xa5 -+}; -+ -+static const unsigned char dsa_test_2048_g[] = { -+ 0x13, 0xd7, 0x54, 0xe2, 0x1f, 0xd2, 0x41, 0x65, 0x5d, 0xa8, 0x91, 0xc5, -+ 0x22, 0xa6, 0x5a, 0x72, 0xa8, 0x9b, 0xdc, 0x64, 0xec, 0x9b, 0x54, 0xa8, -+ 0x21, 0xed, 0x4a, 0x89, 0x8b, 0x49, 0x0e, 0x0c, 0x4f, 0xcb, 0x72, 0x19, -+ 0x2a, 0x4a, 0x20, 0xf5, 0x41, 0xf3, 0xf2, 0x92, 0x53, 0x99, 0xf0, 0xba, -+ 0xec, 0xf9, 0x29, 0xaa, 0xfb, 0xf7, 0x9d, 0xfe, 0x43, 0x32, 0x39, 0x3b, -+ 0x32, 0xcd, 0x2e, 0x2f, 0xcf, 0x27, 0x2f, 0x32, 0xa6, 0x27, 0x43, 0x4a, -+ 0x0d, 0xf2, 0x42, 0xb7, 0x5b, 0x41, 0x4d, 0xf3, 0x72, 0x12, 0x1e, 0x53, -+ 0xa5, 0x53, 0xf2, 0x22, 0xf8, 0x36, 0xb0, 0x00, 0xf0, 0x16, 0x48, 0x5b, -+ 0x6b, 0xd0, 0x89, 0x84, 0x51, 0x80, 0x1d, 0xcd, 0x8d, 0xe6, 0x4c, 0xd5, -+ 0x36, 0x56, 0x96, 0xff, 0xc5, 0x32, 0xd5, 0x28, 0xc5, 0x06, 0x62, 0x0a, -+ 0x94, 0x2a, 0x03, 0x05, 0x04, 0x6d, 0x8f, 0x18, 0x76, 0x34, 0x1f, 0x1e, -+ 0x57, 0x0b, 0xc3, 0x97, 0x4b, 0xa6, 0xb9, 0xa4, 0x38, 0xe9, 0x70, 0x23, -+ 0x02, 0xa2, 0xe6, 0xe6, 0x7b, 0xfd, 0x06, 0xd3, 0x2b, 0xc6, 0x79, 0x96, -+ 0x22, 0x71, 0xd7, 0xb4, 0x0c, 0xd7, 0x2f, 0x38, 0x6e, 0x64, 0xe0, 0xd7, -+ 0xef, 0x86, 0xca, 0x8c, 0xa5, 0xd1, 0x42, 0x28, 0xdc, 0x2a, 0x4f, 0x16, -+ 0xe3, 0x18, 0x98, 0x86, 0xb5, 0x99, 0x06, 0x74, 0xf4, 0x20, 0x0f, 0x3a, -+ 0x4c, 0xf6, 0x5a, 0x3f, 0x0d, 0xdb, 0xa1, 0xfa, 0x67, 0x2d, 0xff, 0x2f, -+ 0x5e, 0x14, 0x3d, 0x10, 0xe4, 0xe9, 0x7a, 0xe8, 0x4f, 0x6d, 0xa0, 0x95, -+ 0x35, 0xd5, 0xb9, 0xdf, 0x25, 0x91, 0x81, 0xa7, 0x9b, 0x63, 0xb0, 0x69, -+ 0xe9, 0x49, 0x97, 0x2b, 0x02, 0xba, 0x36, 0xb3, 0x58, 0x6a, 0xab, 0x7e, -+ 0x45, 0xf3, 0x22, 0xf8, 0x2e, 0x4e, 0x85, 0xca, 0x3a, 0xb8, 0x55, 0x91, -+ 0xb3, 0xc2, 0xa9, 0x66 -+}; -+ -+static const unsigned char dsa_test_2048_pub_key[] = { -+ 0x24, 0x52, 0xf3, 0xcc, 0xbe, 0x9e, 0xd5, 0xca, 0x7d, 0xc7, 0x4c, 0x60, -+ 0x2b, 0x99, 0x22, 0x6e, 0x8f, 0x2f, 0xab, 0x38, 0xe7, 0xd7, 0xdd, 0xfb, -+ 0x75, 0x53, 0x9b, 0x17, 0x15, 0x5e, 0x9f, 0xcf, 0xd1, 0xab, 0xa5, 0x64, -+ 0xeb, 0x85, 0x35, 0xd8, 0x12, 0xc9, 0xc2, 0xdc, 0xf9, 0x72, 0x84, 0x44, -+ 0x1b, 0xc4, 0x82, 0x24, 0x36, 0x24, 0xc7, 0xf4, 0x57, 0x58, 0x0c, 0x1c, -+ 0x38, 0xa5, 0x7c, 0x46, 0xc4, 0x57, 0x39, 0x24, 0x70, 0xed, 0xb5, 0x2c, -+ 0xb5, 0xa6, 0xe0, 0x3f, 0xe6, 0x28, 0x7b, 0xb6, 0xf4, 0x9a, 0x42, 0xa2, -+ 0x06, 0x5a, 0x05, 0x4f, 0x03, 0x08, 0x39, 0xdf, 0x1f, 0xd3, 0x14, 0x9c, -+ 0x4c, 0xa0, 0x53, 0x1d, 0xd8, 0xca, 0x8a, 0xaa, 0x9c, 0xc7, 0x33, 0x71, -+ 0x93, 0x38, 0x73, 0x48, 0x33, 0x61, 0x18, 0x22, 0x45, 0x45, 0xe8, 0x8c, -+ 0x80, 0xff, 0xd8, 0x76, 0x5d, 0x74, 0x36, 0x03, 0x33, 0xcc, 0xab, 0x99, -+ 0x72, 0x77, 0x9b, 0x65, 0x25, 0xa6, 0x5b, 0xdd, 0x0d, 0x10, 0xc6, 0x75, -+ 0xc1, 0x09, 0xbb, 0xd3, 0xe5, 0xbe, 0x4d, 0x72, 0xef, 0x6e, 0xba, 0x6e, -+ 0x43, 0x8d, 0x52, 0x26, 0x23, 0x7d, 0xb8, 0x88, 0x37, 0x9c, 0x5f, 0xcc, -+ 0x47, 0xa3, 0x84, 0x7f, 0xf6, 0x37, 0x11, 0xba, 0xed, 0x6d, 0x03, 0xaf, -+ 0xe8, 0x1e, 0x69, 0x4a, 0x41, 0x3b, 0x68, 0x0b, 0xd3, 0x8a, 0xb4, 0x90, -+ 0x3f, 0x83, 0x70, 0xa7, 0x07, 0xef, 0x55, 0x1d, 0x49, 0x41, 0x02, 0x6d, -+ 0x95, 0x79, 0xd6, 0x91, 0xde, 0x8e, 0xda, 0xa1, 0x61, 0x05, 0xeb, 0x9d, -+ 0xba, 0x3c, 0x2f, 0x4c, 0x1b, 0xec, 0x50, 0x82, 0x75, 0xaa, 0x02, 0x07, -+ 0xe2, 0x51, 0xb5, 0xec, 0xcb, 0x28, 0x6a, 0x4b, 0x01, 0xd4, 0x49, 0xd3, -+ 0x0a, 0xcb, 0x67, 0x37, 0x17, 0xa0, 0xd2, 0xfb, 0x3b, 0x50, 0xc8, 0x93, -+ 0xf7, 0xda, 0xb1, 0x4f -+}; -+ -+static const unsigned char dsa_test_2048_priv_key[] = { -+ 0x0c, 0x4b, 0x30, 0x89, 0xd1, 0xb8, 0x62, 0xcb, 0x3c, 0x43, 0x64, 0x91, -+ 0xf0, 0x91, 0x54, 0x70, 0xc5, 0x27, 0x96, 0xe3, 0xac, 0xbe, 0xe8, 0x00, -+ 0xec, 0x55, 0xf6, 0xcc -+}; -+ -+int FIPS_selftest_dsa() -+{ -+ DSA *dsa = NULL; -+ EVP_PKEY *pk = NULL; -+ int ret = 0; -+ BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL; -+ -+ fips_load_key_component(p, dsa_test_2048); -+ fips_load_key_component(q, dsa_test_2048); -+ fips_load_key_component(g, dsa_test_2048); -+ fips_load_key_component(pub_key, dsa_test_2048); -+ fips_load_key_component(priv_key, dsa_test_2048); -+ -+ dsa = DSA_new(); -+ -+ if (dsa == NULL) -+ goto err; -+ -+ DSA_set0_pqg(dsa, p, q, g); -+ -+ DSA_set0_key(dsa, pub_key, priv_key); -+ -+ if ((pk = EVP_PKEY_new()) == NULL) -+ goto err; -+ -+ EVP_PKEY_assign_DSA(pk, dsa); -+ -+ if (!fips_pkey_signature_test(pk, NULL, 0, -+ NULL, 0, EVP_sha256(), 0, "DSA SHA256")) -+ goto err; -+ ret = 1; -+ -+ err: -+ if (pk) -+ EVP_PKEY_free(pk); -+ else if (dsa) -+ DSA_free(dsa); -+ else { -+ BN_free(p); -+ BN_free(q); -+ BN_free(g); -+ BN_free(pub_key); -+ BN_free(priv_key); -+ } -+ return ret; -+} -+#endif -diff -up openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c ---- openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c.fips 2021-03-03 12:57:42.200734534 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c 2021-03-03 12:57:42.200734534 +0100 -@@ -0,0 +1,242 @@ -+/* fips/ecdh/fips_ecdh_selftest.c */ -+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project 2011. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ */ -+ -+#define OPENSSL_FIPSAPI -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#ifdef OPENSSL_FIPS -+ -+# include "fips_locl.h" -+ -+static const unsigned char p256_qcavsx[] = { -+ 0x52, 0xc6, 0xa5, 0x75, 0xf3, 0x04, 0x98, 0xb3, 0x29, 0x66, 0x0c, 0x62, -+ 0x18, 0x60, 0x55, 0x41, 0x59, 0xd4, 0x60, 0x85, 0x99, 0xc1, 0x51, 0x13, -+ 0x6f, 0x97, 0x85, 0x93, 0x33, 0x34, 0x07, 0x50 -+}; -+ -+static const unsigned char p256_qcavsy[] = { -+ 0x6f, 0x69, 0x24, 0xeb, 0xe9, 0x3b, 0xa7, 0xcc, 0x47, 0x17, 0xaa, 0x3f, -+ 0x70, 0xfc, 0x10, 0x73, 0x0a, 0xcd, 0x21, 0xee, 0x29, 0x19, 0x1f, 0xaf, -+ 0xb4, 0x1c, 0x1e, 0xc2, 0x8e, 0x97, 0x81, 0x6e -+}; -+ -+static const unsigned char p256_qiutx[] = { -+ 0x71, 0x46, 0x88, 0x08, 0x92, 0x21, 0x1b, 0x10, 0x21, 0x74, 0xff, 0x0c, -+ 0x94, 0xde, 0x34, 0x7c, 0x86, 0x74, 0xbe, 0x67, 0x41, 0x68, 0xd4, 0xc1, -+ 0xe5, 0x75, 0x63, 0x9c, 0xa7, 0x46, 0x93, 0x6f -+}; -+ -+static const unsigned char p256_qiuty[] = { -+ 0x33, 0x40, 0xa9, 0x6a, 0xf5, 0x20, 0xb5, 0x9e, 0xfc, 0x60, 0x1a, 0xae, -+ 0x3d, 0xf8, 0x21, 0xd2, 0xa7, 0xca, 0x52, 0x34, 0xb9, 0x5f, 0x27, 0x75, -+ 0x6c, 0x81, 0xbe, 0x32, 0x4d, 0xba, 0xbb, 0xf8 -+}; -+ -+static const unsigned char p256_qiutd[] = { -+ 0x1a, 0x48, 0x55, 0x6b, 0x11, 0xbe, 0x92, 0xd4, 0x1c, 0xd7, 0x45, 0xc3, -+ 0x82, 0x81, 0x51, 0xf1, 0x23, 0x40, 0xb7, 0x83, 0xfd, 0x01, 0x6d, 0xbc, -+ 0xa1, 0x66, 0xaf, 0x0a, 0x03, 0x23, 0xcd, 0xc8 -+}; -+ -+static const unsigned char p256_ziut[] = { -+ 0x77, 0x2a, 0x1e, 0x37, 0xee, 0xe6, 0x51, 0x02, 0x71, 0x40, 0xf8, 0x6a, -+ 0x36, 0xf8, 0x65, 0x61, 0x2b, 0x18, 0x71, 0x82, 0x23, 0xe6, 0xf2, 0x77, -+ 0xce, 0xec, 0xb8, 0x49, 0xc7, 0xbf, 0x36, 0x4f -+}; -+ -+typedef struct { -+ int curve; -+ const unsigned char *x1; -+ size_t x1len; -+ const unsigned char *y1; -+ size_t y1len; -+ const unsigned char *d1; -+ size_t d1len; -+ const unsigned char *x2; -+ size_t x2len; -+ const unsigned char *y2; -+ size_t y2len; -+ const unsigned char *z; -+ size_t zlen; -+} ECDH_SELFTEST_DATA; -+ -+# define make_ecdh_test(nid, pr) { nid, \ -+ pr##_qiutx, sizeof(pr##_qiutx), \ -+ pr##_qiuty, sizeof(pr##_qiuty), \ -+ pr##_qiutd, sizeof(pr##_qiutd), \ -+ pr##_qcavsx, sizeof(pr##_qcavsx), \ -+ pr##_qcavsy, sizeof(pr##_qcavsy), \ -+ pr##_ziut, sizeof(pr##_ziut) } -+ -+static ECDH_SELFTEST_DATA test_ecdh_data[] = { -+ make_ecdh_test(NID_X9_62_prime256v1, p256), -+}; -+ -+int FIPS_selftest_ecdh(void) -+{ -+ EC_KEY *ec1 = NULL, *ec2 = NULL; -+ const EC_POINT *ecp = NULL; -+ BIGNUM *x = NULL, *y = NULL, *d = NULL; -+ unsigned char *ztmp = NULL; -+ int rv = 1; -+ size_t i; -+ -+ for (i = 0; i < sizeof(test_ecdh_data) / sizeof(ECDH_SELFTEST_DATA); i++) { -+ ECDH_SELFTEST_DATA *ecd = test_ecdh_data + i; -+ if (!fips_post_started(FIPS_TEST_ECDH, ecd->curve, 0)) -+ continue; -+ ztmp = OPENSSL_malloc(ecd->zlen); -+ -+ x = BN_bin2bn(ecd->x1, ecd->x1len, x); -+ y = BN_bin2bn(ecd->y1, ecd->y1len, y); -+ d = BN_bin2bn(ecd->d1, ecd->d1len, d); -+ -+ if (!x || !y || !d || !ztmp) { -+ rv = 0; -+ goto err; -+ } -+ -+ ec1 = EC_KEY_new_by_curve_name(ecd->curve); -+ if (!ec1) { -+ rv = 0; -+ goto err; -+ } -+ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH); -+ -+ if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y)) { -+ rv = 0; -+ goto err; -+ } -+ -+ if (!EC_KEY_set_private_key(ec1, d)) { -+ rv = 0; -+ goto err; -+ } -+ -+ x = BN_bin2bn(ecd->x2, ecd->x2len, x); -+ y = BN_bin2bn(ecd->y2, ecd->y2len, y); -+ -+ if (!x || !y) { -+ rv = 0; -+ goto err; -+ } -+ -+ ec2 = EC_KEY_new_by_curve_name(ecd->curve); -+ if (!ec2) { -+ rv = 0; -+ goto err; -+ } -+ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH); -+ -+ if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y)) { -+ rv = 0; -+ goto err; -+ } -+ -+ ecp = EC_KEY_get0_public_key(ec2); -+ if (!ecp) { -+ rv = 0; -+ goto err; -+ } -+ -+ if (!ECDH_compute_key(ztmp, ecd->zlen, ecp, ec1, 0)) { -+ rv = 0; -+ goto err; -+ } -+ -+ if (!fips_post_corrupt(FIPS_TEST_ECDH, ecd->curve, NULL)) -+ ztmp[0] ^= 0x1; -+ -+ if (memcmp(ztmp, ecd->z, ecd->zlen)) { -+ fips_post_failed(FIPS_TEST_ECDH, ecd->curve, 0); -+ rv = 0; -+ } else if (!fips_post_success(FIPS_TEST_ECDH, ecd->curve, 0)) -+ goto err; -+ -+ EC_KEY_free(ec1); -+ ec1 = NULL; -+ EC_KEY_free(ec2); -+ ec2 = NULL; -+ OPENSSL_free(ztmp); -+ ztmp = NULL; -+ } -+ -+ err: -+ -+ if (x) -+ BN_clear_free(x); -+ if (y) -+ BN_clear_free(y); -+ if (d) -+ BN_clear_free(d); -+ if (ec1) -+ EC_KEY_free(ec1); -+ if (ec2) -+ EC_KEY_free(ec2); -+ if (ztmp) -+ OPENSSL_free(ztmp); -+ -+ return rv; -+ -+} -+ -+#endif -diff -up openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c ---- openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c.fips 2021-03-03 12:57:42.200734534 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c 2021-03-03 12:57:42.200734534 +0100 -@@ -0,0 +1,166 @@ -+/* fips/ecdsa/fips_ecdsa_selftest.c */ -+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project 2011. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ */ -+ -+#define OPENSSL_FIPSAPI -+ -+#include -+#include -+#include -+#include -+#include -+#include "crypto/fips.h" -+#include -+#include -+#include -+ -+#ifdef OPENSSL_FIPS -+ -+static const char P_256_name[] = "ECDSA P-256"; -+ -+static const unsigned char P_256_d[] = { -+ 0x51, 0xbd, 0x06, 0xa1, 0x1c, 0xda, 0xe2, 0x12, 0x99, 0xc9, 0x52, 0x3f, -+ 0xea, 0xa4, 0xd2, 0xd1, 0xf4, 0x7f, 0xd4, 0x3e, 0xbd, 0xf8, 0xfc, 0x87, -+ 0xdc, 0x82, 0x53, 0x21, 0xee, 0xa0, 0xdc, 0x64 -+}; -+ -+static const unsigned char P_256_qx[] = { -+ 0x23, 0x89, 0xe0, 0xf4, 0x69, 0xe0, 0x49, 0xe5, 0xc7, 0xe5, 0x40, 0x6e, -+ 0x8f, 0x25, 0xdd, 0xad, 0x11, 0x16, 0x14, 0x9b, 0xab, 0x44, 0x06, 0x31, -+ 0xbf, 0x5e, 0xa6, 0x44, 0xac, 0x86, 0x00, 0x07 -+}; -+ -+static const unsigned char P_256_qy[] = { -+ 0xb3, 0x05, 0x0d, 0xd0, 0xdc, 0xf7, 0x40, 0xe6, 0xf9, 0xd8, 0x6d, 0x7b, -+ 0x63, 0xca, 0x97, 0xe6, 0x12, 0xf9, 0xd4, 0x18, 0x59, 0xbe, 0xb2, 0x5e, -+ 0x4a, 0x6a, 0x77, 0x23, 0xf4, 0x11, 0x9d, 0xeb -+}; -+ -+typedef struct { -+ int curve; -+ const char *name; -+ const unsigned char *x; -+ size_t xlen; -+ const unsigned char *y; -+ size_t ylen; -+ const unsigned char *d; -+ size_t dlen; -+} EC_SELFTEST_DATA; -+ -+# define make_ecdsa_test(nid, pr) { nid, pr##_name, \ -+ pr##_qx, sizeof(pr##_qx), \ -+ pr##_qy, sizeof(pr##_qy), \ -+ pr##_d, sizeof(pr##_d)} -+ -+static EC_SELFTEST_DATA test_ec_data[] = { -+ make_ecdsa_test(NID_X9_62_prime256v1, P_256), -+}; -+ -+int FIPS_selftest_ecdsa() -+{ -+ EC_KEY *ec = NULL; -+ BIGNUM *x = NULL, *y = NULL, *d = NULL; -+ EVP_PKEY *pk = NULL; -+ int rv = 0; -+ size_t i; -+ -+ for (i = 0; i < sizeof(test_ec_data) / sizeof(EC_SELFTEST_DATA); i++) { -+ EC_SELFTEST_DATA *ecd = test_ec_data + i; -+ -+ x = BN_bin2bn(ecd->x, ecd->xlen, x); -+ y = BN_bin2bn(ecd->y, ecd->ylen, y); -+ d = BN_bin2bn(ecd->d, ecd->dlen, d); -+ -+ if (!x || !y || !d) -+ goto err; -+ -+ ec = EC_KEY_new_by_curve_name(ecd->curve); -+ if (!ec) -+ goto err; -+ -+ if (!EC_KEY_set_public_key_affine_coordinates(ec, x, y)) -+ goto err; -+ -+ if (!EC_KEY_set_private_key(ec, d)) -+ goto err; -+ -+ if ((pk = EVP_PKEY_new()) == NULL) -+ goto err; -+ -+ EVP_PKEY_assign_EC_KEY(pk, ec); -+ -+ if (!fips_pkey_signature_test(pk, NULL, 0, -+ NULL, 0, EVP_sha256(), 0, ecd->name)) -+ goto err; -+ } -+ -+ rv = 1; -+ -+ err: -+ -+ if (x) -+ BN_clear_free(x); -+ if (y) -+ BN_clear_free(y); -+ if (d) -+ BN_clear_free(d); -+ if (pk) -+ EVP_PKEY_free(pk); -+ else if (ec) -+ EC_KEY_free(ec); -+ -+ return rv; -+ -+} -+ -+#endif -diff -up openssl-1.1.1j/crypto/fips/fips_err.h.fips openssl-1.1.1j/crypto/fips/fips_err.h ---- openssl-1.1.1j/crypto/fips/fips_err.h.fips 2021-03-03 12:57:42.201734542 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_err.h 2021-03-03 12:57:42.201734542 +0100 -@@ -0,0 +1,197 @@ -+/* crypto/fips_err.h */ -+/* ==================================================================== -+ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+ -+/* -+ * NOTE: this file was auto generated by the mkerr.pl script: any changes -+ * made to it will be overwritten when the script next updates this file, -+ * only reason strings will be preserved. -+ */ -+ -+#include -+#include -+#include -+ -+/* BEGIN ERROR CODES */ -+#ifndef OPENSSL_NO_ERR -+ -+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_FIPS,func,0) -+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_FIPS,0,reason) -+ -+static ERR_STRING_DATA FIPS_str_functs[] = { -+ {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "dh_builtin_genparams"}, -+ {ERR_FUNC(FIPS_F_DRBG_RESEED), "drbg_reseed"}, -+ {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2), "dsa_builtin_paramgen2"}, -+ {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"}, -+ {ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"}, -+ {ERR_FUNC(FIPS_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"}, -+ {ERR_FUNC(FIPS_F_EVP_CIPHER_CTX_NEW), "EVP_CIPHER_CTX_new"}, -+ {ERR_FUNC(FIPS_F_EVP_CIPHER_CTX_RESET), "EVP_CIPHER_CTX_reset"}, -+ {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "fips_check_dsa"}, -+ {ERR_FUNC(FIPS_F_FIPS_CHECK_EC), "fips_check_ec"}, -+ {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "fips_check_rsa"}, -+ {ERR_FUNC(FIPS_F_FIPS_DRBG_BYTES), "fips_drbg_bytes"}, -+ {ERR_FUNC(FIPS_F_FIPS_DRBG_CHECK), "fips_drbg_check"}, -+ {ERR_FUNC(FIPS_F_FIPS_DRBG_CPRNG_TEST), "fips_drbg_cprng_test"}, -+ {ERR_FUNC(FIPS_F_FIPS_DRBG_ERROR_CHECK), "fips_drbg_error_check"}, -+ {ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE), "FIPS_drbg_generate"}, -+ {ERR_FUNC(FIPS_F_FIPS_DRBG_INIT), "FIPS_drbg_init"}, -+ {ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE), "FIPS_drbg_instantiate"}, -+ {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW), "FIPS_drbg_new"}, -+ {ERR_FUNC(FIPS_F_FIPS_DRBG_RESEED), "FIPS_drbg_reseed"}, -+ {ERR_FUNC(FIPS_F_FIPS_DRBG_SINGLE_KAT), "FIPS_DRBG_SINGLE_KAT"}, -+ {ERR_FUNC(FIPS_F_FIPS_GET_ENTROPY), "fips_get_entropy"}, -+ {ERR_FUNC(FIPS_F_FIPS_MODULE_MODE_SET), "FIPS_module_mode_set"}, -+ {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST), "fips_pkey_signature_test"}, -+ {ERR_FUNC(FIPS_F_FIPS_RAND_BYTES), "FIPS_rand_bytes"}, -+ {ERR_FUNC(FIPS_F_FIPS_RAND_SEED), "FIPS_rand_seed"}, -+ {ERR_FUNC(FIPS_F_FIPS_RAND_SET_METHOD), "FIPS_rand_set_method"}, -+ {ERR_FUNC(FIPS_F_FIPS_RAND_STATUS), "FIPS_rand_status"}, -+ {ERR_FUNC(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN), "fips_rsa_builtin_keygen"}, -+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST), "FIPS_selftest"}, -+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES), "FIPS_selftest_aes"}, -+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_CCM), "FIPS_selftest_aes_ccm"}, -+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_GCM), "FIPS_selftest_aes_gcm"}, -+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_XTS), "FIPS_selftest_aes_xts"}, -+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_CMAC), "FIPS_selftest_cmac"}, -+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES), "FIPS_selftest_des"}, -+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"}, -+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_ECDSA), "FIPS_selftest_ecdsa"}, -+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"}, -+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"}, -+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA2), "FIPS_selftest_sha2"}, -+ {ERR_FUNC(FIPS_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"}, -+ {ERR_FUNC(FIPS_F_OSSL_ECDSA_VERIFY_SIG), "ossl_ecdsa_verify_sig"}, -+ {ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN), "rsa_builtin_keygen"}, -+ {ERR_FUNC(FIPS_F_RSA_OSSL_INIT), "rsa_ossl_init"}, -+ {ERR_FUNC(FIPS_F_RSA_OSSL_PRIVATE_DECRYPT), "rsa_ossl_private_decrypt"}, -+ {ERR_FUNC(FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT), "rsa_ossl_private_encrypt"}, -+ {ERR_FUNC(FIPS_F_RSA_OSSL_PUBLIC_DECRYPT), "rsa_ossl_public_decrypt"}, -+ {ERR_FUNC(FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT), "rsa_ossl_public_encrypt"}, -+ {0, NULL} -+}; -+ -+static ERR_STRING_DATA FIPS_str_reasons[] = { -+ {ERR_REASON(FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED), -+ "additional input error undetected"}, -+ {ERR_REASON(FIPS_R_ADDITIONAL_INPUT_TOO_LONG), -+ "additional input too long"}, -+ {ERR_REASON(FIPS_R_ALREADY_INSTANTIATED), "already instantiated"}, -+ {ERR_REASON(FIPS_R_DRBG_NOT_INITIALISED), "drbg not initialised"}, -+ {ERR_REASON(FIPS_R_DRBG_STUCK), "drbg stuck"}, -+ {ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED), "entropy error undetected"}, -+ {ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED), -+ "entropy not requested for reseed"}, -+ {ERR_REASON(FIPS_R_ENTROPY_SOURCE_STUCK), "entropy source stuck"}, -+ {ERR_REASON(FIPS_R_ERROR_INITIALISING_DRBG), "error initialising drbg"}, -+ {ERR_REASON(FIPS_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"}, -+ {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT), -+ "error retrieving additional input"}, -+ {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ENTROPY), "error retrieving entropy"}, -+ {ERR_REASON(FIPS_R_ERROR_RETRIEVING_NONCE), "error retrieving nonce"}, -+ {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH), -+ "fingerprint does not match"}, -+ {ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET), "fips mode already set"}, -+ {ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED), "fips selftest failed"}, -+ {ERR_REASON(FIPS_R_FUNCTION_ERROR), "function error"}, -+ {ERR_REASON(FIPS_R_GENERATE_ERROR), "generate error"}, -+ {ERR_REASON(FIPS_R_GENERATE_ERROR_UNDETECTED), -+ "generate error undetected"}, -+ {ERR_REASON(FIPS_R_INSTANTIATE_ERROR), "instantiate error"}, -+ {ERR_REASON(FIPS_R_INTERNAL_ERROR), "internal error"}, -+ {ERR_REASON(FIPS_R_INVALID_KEY_LENGTH), "invalid key length"}, -+ {ERR_REASON(FIPS_R_IN_ERROR_STATE), "in error state"}, -+ {ERR_REASON(FIPS_R_KEY_TOO_SHORT), "key too short"}, -+ {ERR_REASON(FIPS_R_NONCE_ERROR_UNDETECTED), "nonce error undetected"}, -+ {ERR_REASON(FIPS_R_NON_FIPS_METHOD), "non fips method"}, -+ {ERR_REASON(FIPS_R_NOPR_TEST1_FAILURE), "nopr test1 failure"}, -+ {ERR_REASON(FIPS_R_NOPR_TEST2_FAILURE), "nopr test2 failure"}, -+ {ERR_REASON(FIPS_R_NOT_INSTANTIATED), "not instantiated"}, -+ {ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED), "pairwise test failed"}, -+ {ERR_REASON(FIPS_R_PERSONALISATION_ERROR_UNDETECTED), -+ "personalisation error undetected"}, -+ {ERR_REASON(FIPS_R_PERSONALISATION_STRING_TOO_LONG), -+ "personalisation string too long"}, -+ {ERR_REASON(FIPS_R_PR_TEST1_FAILURE), "pr test1 failure"}, -+ {ERR_REASON(FIPS_R_PR_TEST2_FAILURE), "pr test2 failure"}, -+ {ERR_REASON(FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED), -+ "request length error undetected"}, -+ {ERR_REASON(FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG), -+ "request too large for drbg"}, -+ {ERR_REASON(FIPS_R_RESEED_COUNTER_ERROR), "reseed counter error"}, -+ {ERR_REASON(FIPS_R_RESEED_ERROR), "reseed error"}, -+ {ERR_REASON(FIPS_R_SELFTEST_FAILED), "selftest failed"}, -+ {ERR_REASON(FIPS_R_SELFTEST_FAILURE), "selftest failure"}, -+ {ERR_REASON(FIPS_R_TEST_FAILURE), "test failure"}, -+ {ERR_REASON(FIPS_R_UNINSTANTIATE_ERROR), "uninstantiate error"}, -+ {ERR_REASON(FIPS_R_UNINSTANTIATE_ZEROISE_ERROR), -+ "uninstantiate zeroise error"}, -+ {ERR_REASON(FIPS_R_UNSUPPORTED_DRBG_TYPE), "unsupported drbg type"}, -+ {ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM), "unsupported platform"}, -+ {0, NULL} -+}; -+ -+#endif -+ -+int ERR_load_FIPS_strings(void) -+{ -+#ifndef OPENSSL_NO_ERR -+ -+ if (ERR_func_error_string(FIPS_str_functs[0].error) == NULL) { -+ ERR_load_strings(0, FIPS_str_functs); -+ ERR_load_strings(0, FIPS_str_reasons); -+ } -+#endif -+ return 1; -+} -diff -up openssl-1.1.1j/crypto/fips/fips_ers.c.fips openssl-1.1.1j/crypto/fips/fips_ers.c ---- openssl-1.1.1j/crypto/fips/fips_ers.c.fips 2021-03-03 12:57:42.201734542 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_ers.c 2021-03-03 12:57:42.201734542 +0100 -@@ -0,0 +1,7 @@ -+#include -+ -+#ifdef OPENSSL_FIPS -+# include "fips_err.h" -+#else -+static void *dummy = &dummy; -+#endif -diff -up openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c ---- openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c.fips 2021-03-03 12:57:42.201734542 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c 2021-03-03 12:57:42.201734542 +0100 -@@ -0,0 +1,134 @@ -+/* ==================================================================== -+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include -+#include -+#ifdef OPENSSL_FIPS -+# include -+#endif -+#include -+ -+#ifdef OPENSSL_FIPS -+typedef struct { -+ const EVP_MD *(*alg) (void); -+ const char *key, *iv; -+ unsigned char kaval[EVP_MAX_MD_SIZE]; -+} HMAC_KAT; -+ -+static const HMAC_KAT vector[] = { -+ {EVP_sha1, -+ /* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */ -+ "0123456789:;<=>?@ABC", -+ "Sample #2", -+ {0x09, 0x22, 0xd3, 0x40, 0x5f, 0xaa, 0x3d, 0x19, -+ 0x4f, 0x82, 0xa4, 0x58, 0x30, 0x73, 0x7d, 0x5c, -+ 0xc6, 0xc7, 0x5d, 0x24} -+ }, -+ {EVP_sha224, -+ /* just keep extending the above... */ -+ "0123456789:;<=>?@ABC", -+ "Sample #2", -+ {0xdd, 0xef, 0x0a, 0x40, 0xcb, 0x7d, 0x50, 0xfb, -+ 0x6e, 0xe6, 0xce, 0xa1, 0x20, 0xba, 0x26, 0xaa, -+ 0x08, 0xf3, 0x07, 0x75, 0x87, 0xb8, 0xad, 0x1b, -+ 0x8c, 0x8d, 0x12, 0xc7} -+ }, -+ {EVP_sha256, -+ "0123456789:;<=>?@ABC", -+ "Sample #2", -+ {0xb8, 0xf2, 0x0d, 0xb5, 0x41, 0xea, 0x43, 0x09, -+ 0xca, 0x4e, 0xa9, 0x38, 0x0c, 0xd0, 0xe8, 0x34, -+ 0xf7, 0x1f, 0xbe, 0x91, 0x74, 0xa2, 0x61, 0x38, -+ 0x0d, 0xc1, 0x7e, 0xae, 0x6a, 0x34, 0x51, 0xd9} -+ }, -+ {EVP_sha384, -+ "0123456789:;<=>?@ABC", -+ "Sample #2", -+ {0x08, 0xbc, 0xb0, 0xda, 0x49, 0x1e, 0x87, 0xad, -+ 0x9a, 0x1d, 0x6a, 0xce, 0x23, 0xc5, 0x0b, 0xf6, -+ 0xb7, 0x18, 0x06, 0xa5, 0x77, 0xcd, 0x49, 0x04, -+ 0x89, 0xf1, 0xe6, 0x23, 0x44, 0x51, 0x51, 0x9f, -+ 0x85, 0x56, 0x80, 0x79, 0x0c, 0xbd, 0x4d, 0x50, -+ 0xa4, 0x5f, 0x29, 0xe3, 0x93, 0xf0, 0xe8, 0x7f} -+ }, -+ {EVP_sha512, -+ "0123456789:;<=>?@ABC", -+ "Sample #2", -+ {0x80, 0x9d, 0x44, 0x05, 0x7c, 0x5b, 0x95, 0x41, -+ 0x05, 0xbd, 0x04, 0x13, 0x16, 0xdb, 0x0f, 0xac, -+ 0x44, 0xd5, 0xa4, 0xd5, 0xd0, 0x89, 0x2b, 0xd0, -+ 0x4e, 0x86, 0x64, 0x12, 0xc0, 0x90, 0x77, 0x68, -+ 0xf1, 0x87, 0xb7, 0x7c, 0x4f, 0xae, 0x2c, 0x2f, -+ 0x21, 0xa5, 0xb5, 0x65, 0x9a, 0x4f, 0x4b, 0xa7, -+ 0x47, 0x02, 0xa3, 0xde, 0x9b, 0x51, 0xf1, 0x45, -+ 0xbd, 0x4f, 0x25, 0x27, 0x42, 0x98, 0x99, 0x05} -+ }, -+}; -+ -+int FIPS_selftest_hmac() -+{ -+ int n; -+ unsigned int outlen; -+ unsigned char out[EVP_MAX_MD_SIZE]; -+ const EVP_MD *md; -+ const HMAC_KAT *t; -+ -+ for (n = 0, t = vector; n < sizeof(vector) / sizeof(vector[0]); n++, t++) { -+ md = (*t->alg) (); -+ HMAC(md, t->key, strlen(t->key), -+ (const unsigned char *)t->iv, strlen(t->iv), out, &outlen); -+ -+ if (memcmp(out, t->kaval, outlen)) { -+ FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC, FIPS_R_SELFTEST_FAILED); -+ return 0; -+ } -+ } -+ return 1; -+} -+#endif -diff -up openssl-1.1.1j/crypto/fips/fips_locl.h.fips openssl-1.1.1j/crypto/fips/fips_locl.h ---- openssl-1.1.1j/crypto/fips/fips_locl.h.fips 2021-03-03 12:57:42.201734542 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_locl.h 2021-03-03 12:57:42.201734542 +0100 -@@ -0,0 +1,71 @@ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#ifdef OPENSSL_FIPS -+ -+# ifdef __cplusplus -+extern "C" { -+# endif -+ -+# define FIPS_MAX_CIPHER_TEST_SIZE 32 -+# define fips_load_key_component(comp, pre) \ -+ comp = BN_bin2bn(pre##_##comp, sizeof(pre##_##comp), NULL); \ -+ if (!comp) \ -+ goto err -+ -+# define fips_post_started(id, subid, ex) 1 -+# define fips_post_success(id, subid, ex) 1 -+# define fips_post_failed(id, subid, ex) 1 -+# define fips_post_corrupt(id, subid, ex) 1 -+# define fips_post_status() 1 -+ -+# ifdef __cplusplus -+} -+# endif -+#endif -diff -up openssl-1.1.1j/crypto/fips/fips_post.c.fips openssl-1.1.1j/crypto/fips/fips_post.c ---- openssl-1.1.1j/crypto/fips/fips_post.c.fips 2021-03-03 12:57:42.201734542 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_post.c 2021-03-03 12:57:42.201734542 +0100 -@@ -0,0 +1,224 @@ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#define OPENSSL_FIPSAPI -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#ifdef OPENSSL_FIPS -+ -+/* Power on self test (POST) support functions */ -+ -+# include -+# include "crypto/fips.h" -+# include "fips_locl.h" -+ -+/* Run all selftests */ -+int FIPS_selftest(void) -+{ -+ int rv = 1; -+ if (!FIPS_selftest_drbg()) -+ rv = 0; -+ if (!FIPS_selftest_sha1()) -+ rv = 0; -+ if (!FIPS_selftest_sha2()) -+ rv = 0; -+ if (!FIPS_selftest_sha3()) -+ rv = 0; -+ if (!FIPS_selftest_hmac()) -+ rv = 0; -+ if (!FIPS_selftest_cmac()) -+ rv = 0; -+ if (!FIPS_selftest_aes()) -+ rv = 0; -+ if (!FIPS_selftest_aes_ccm()) -+ rv = 0; -+ if (!FIPS_selftest_aes_gcm()) -+ rv = 0; -+ if (!FIPS_selftest_aes_xts()) -+ rv = 0; -+ if (!FIPS_selftest_des()) -+ rv = 0; -+ if (!FIPS_selftest_rsa()) -+ rv = 0; -+ if (!FIPS_selftest_ecdsa()) -+ rv = 0; -+ if (!FIPS_selftest_dsa()) -+ rv = 0; -+ if (!FIPS_selftest_dh()) -+ rv = 0; -+ if (!FIPS_selftest_ecdh()) -+ rv = 0; -+ return rv; -+} -+ -+/* Generalized public key test routine. Signs and verifies the data -+ * supplied in tbs using mesage digest md and setting option digest -+ * flags md_flags. If the 'kat' parameter is not NULL it will -+ * additionally check the signature matches it: a known answer test -+ * The string "fail_str" is used for identification purposes in case -+ * of failure. If "pkey" is NULL just perform a message digest check. -+ */ -+ -+int fips_pkey_signature_test(EVP_PKEY *pkey, -+ const unsigned char *tbs, int tbslen, -+ const unsigned char *kat, unsigned int katlen, -+ const EVP_MD *digest, unsigned int flags, -+ const char *fail_str) -+{ -+ int ret = 0; -+ unsigned char sigtmp[256], *sig = sigtmp; -+ size_t siglen = sizeof(sigtmp); -+ EVP_MD_CTX *mctx; -+ EVP_PKEY_CTX *pctx; -+ -+ if (digest == NULL) -+ digest = EVP_sha256(); -+ -+ mctx = EVP_MD_CTX_new(); -+ -+ if ((EVP_PKEY_id(pkey) == EVP_PKEY_RSA) -+ && (RSA_size(EVP_PKEY_get0_RSA(pkey)) > sizeof(sigtmp))) { -+ sig = OPENSSL_malloc(RSA_size(EVP_PKEY_get0_RSA(pkey))); -+ siglen = RSA_size(EVP_PKEY_get0_RSA(pkey)); -+ } -+ if (!sig || ! mctx) { -+ EVP_MD_CTX_free(mctx); -+ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ -+ if (tbslen == -1) -+ tbslen = strlen((char *)tbs); -+ -+ if (EVP_DigestSignInit(mctx, &pctx, digest, NULL, pkey) <= 0) -+ goto error; -+ -+ if (flags == EVP_MD_CTX_FLAG_PAD_PSS) { -+ EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING); -+ EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, 0); -+ } -+ -+ if (EVP_DigestSignUpdate(mctx, tbs, tbslen) <= 0) -+ goto error; -+ -+ if (EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) -+ goto error; -+ -+ if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen))) -+ goto error; -+ -+ if (EVP_DigestVerifyInit(mctx, &pctx, digest, NULL, pkey) <= 0) -+ goto error; -+ -+ if (flags == EVP_MD_CTX_FLAG_PAD_PSS) { -+ EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING); -+ EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, 0); -+ } -+ -+ if (EVP_DigestVerifyUpdate(mctx, tbs, tbslen) <= 0) -+ goto error; -+ -+ ret = EVP_DigestVerifyFinal(mctx, sig, siglen); -+ -+ error: -+ if (sig != sigtmp) -+ OPENSSL_free(sig); -+ EVP_MD_CTX_free(mctx); -+ if (ret <= 0) { -+ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST, FIPS_R_TEST_FAILURE); -+ if (fail_str) -+ ERR_add_error_data(2, "Type=", fail_str); -+ return 0; -+ } -+ return 1; -+} -+ -+/* Generalized symmetric cipher test routine. Encrypt data, verify result -+ * against known answer, decrypt and compare with original plaintext. -+ */ -+ -+int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, -+ const unsigned char *key, -+ const unsigned char *iv, -+ const unsigned char *plaintext, -+ const unsigned char *ciphertext, int len) -+{ -+ unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE]; -+ unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE]; -+ -+ OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE); -+ memset(pltmp, 0, FIPS_MAX_CIPHER_TEST_SIZE); -+ memset(citmp, 0, FIPS_MAX_CIPHER_TEST_SIZE); -+ -+ if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1) <= 0) -+ return 0; -+ if (EVP_Cipher(ctx, citmp, plaintext, len) <= 0) -+ return 0; -+ if (memcmp(citmp, ciphertext, len)) -+ return 0; -+ if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0) <= 0) -+ return 0; -+ if (EVP_Cipher(ctx, pltmp, citmp, len) <= 0) -+ return 0; -+ if (memcmp(pltmp, plaintext, len)) -+ return 0; -+ return 1; -+} -+#endif -diff -up openssl-1.1.1j/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1j/crypto/fips/fips_rand_lcl.h ---- openssl-1.1.1j/crypto/fips/fips_rand_lcl.h.fips 2021-03-03 12:57:42.201734542 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_rand_lcl.h 2021-03-03 12:57:42.201734542 +0100 -@@ -0,0 +1,203 @@ -+/* fips/rand/fips_rand_lcl.h */ -+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ */ -+ -+typedef struct drbg_hash_ctx_st DRBG_HASH_CTX; -+typedef struct drbg_hmac_ctx_st DRBG_HMAC_CTX; -+typedef struct drbg_ctr_ctx_st DRBG_CTR_CTX; -+ -+/* 888 bits from 10.1 table 2 */ -+#define HASH_PRNG_MAX_SEEDLEN 111 -+ -+struct drbg_hash_ctx_st { -+ const EVP_MD *md; -+ EVP_MD_CTX *mctx; -+ unsigned char V[HASH_PRNG_MAX_SEEDLEN]; -+ unsigned char C[HASH_PRNG_MAX_SEEDLEN]; -+ /* Temporary value storage: should always exceed max digest length */ -+ unsigned char vtmp[HASH_PRNG_MAX_SEEDLEN]; -+}; -+ -+struct drbg_hmac_ctx_st { -+ const EVP_MD *md; -+ HMAC_CTX *hctx; -+ unsigned char K[EVP_MAX_MD_SIZE]; -+ unsigned char V[EVP_MAX_MD_SIZE]; -+}; -+ -+struct drbg_ctr_ctx_st { -+ AES_KEY ks; -+ size_t keylen; -+ unsigned char K[32]; -+ unsigned char V[16]; -+ /* Temp variables used by derivation function */ -+ AES_KEY df_ks; -+ AES_KEY df_kxks; -+ /* Temporary block storage used by ctr_df */ -+ unsigned char bltmp[16]; -+ size_t bltmp_pos; -+ unsigned char KX[48]; -+}; -+ -+/* DRBG internal flags */ -+ -+/* Functions shouldn't call err library */ -+#define DRBG_FLAG_NOERR 0x1 -+/* Custom reseed checking */ -+#define DRBG_CUSTOM_RESEED 0x2 -+ -+/* DRBG status values */ -+/* not initialised */ -+#define DRBG_STATUS_UNINITIALISED 0 -+/* ok and ready to generate random bits */ -+#define DRBG_STATUS_READY 1 -+/* reseed required */ -+#define DRBG_STATUS_RESEED 2 -+/* fatal error condition */ -+#define DRBG_STATUS_ERROR 3 -+ -+/* A default maximum length: larger than any reasonable value used in pratice */ -+ -+#define DRBG_MAX_LENGTH 0x7ffffff0 -+/* Maximum DRBG block length: all md sizes are bigger than cipher blocks sizes -+ * so use max digest length. -+ */ -+#define DRBG_MAX_BLOCK EVP_MAX_MD_SIZE -+ -+#define DRBG_HEALTH_INTERVAL (1 << 24) -+ -+/* DRBG context structure */ -+ -+struct drbg_ctx_st { -+ /* First types common to all implementations */ -+ /* DRBG type: a NID for the underlying algorithm */ -+ int type; -+ /* Various external flags */ -+ unsigned int xflags; -+ /* Various internal use only flags */ -+ unsigned int iflags; -+ /* Used for periodic health checks */ -+ int health_check_cnt, health_check_interval; -+ -+ /* The following parameters are setup by mechanism drbg_init() call */ -+ int strength; -+ size_t blocklength; -+ size_t max_request; -+ -+ size_t min_entropy, max_entropy; -+ size_t min_nonce, max_nonce; -+ size_t max_pers, max_adin; -+ unsigned int reseed_counter; -+ unsigned int reseed_interval; -+ size_t seedlen; -+ int status; -+ /* Application data: typically used by test get_entropy */ -+ void *app_data; -+ /* Implementation specific structures */ -+ union { -+ DRBG_HASH_CTX hash; -+ DRBG_HMAC_CTX hmac; -+ DRBG_CTR_CTX ctr; -+ } d; -+ /* Initialiase PRNG and setup callbacks below */ -+ int (*init) (DRBG_CTX *ctx, int nid, int security, unsigned int flags); -+ /* Intantiate PRNG */ -+ int (*instantiate) (DRBG_CTX *ctx, -+ const unsigned char *ent, size_t entlen, -+ const unsigned char *nonce, size_t noncelen, -+ const unsigned char *pers, size_t perslen); -+ /* reseed */ -+ int (*reseed) (DRBG_CTX *ctx, -+ const unsigned char *ent, size_t entlen, -+ const unsigned char *adin, size_t adinlen); -+ /* generat output */ -+ int (*generate) (DRBG_CTX *ctx, -+ unsigned char *out, size_t outlen, -+ const unsigned char *adin, size_t adinlen); -+ /* uninstantiate */ -+ int (*uninstantiate) (DRBG_CTX *ctx); -+ -+ /* Entropy source block length */ -+ size_t entropy_blocklen; -+ -+ /* entropy gathering function */ -+ size_t (*get_entropy) (DRBG_CTX *ctx, unsigned char **pout, -+ int entropy, size_t min_len, size_t max_len); -+ /* Indicates we have finished with entropy buffer */ -+ void (*cleanup_entropy) (DRBG_CTX *ctx, unsigned char *out, size_t olen); -+ -+ /* nonce gathering function */ -+ size_t (*get_nonce) (DRBG_CTX *ctx, unsigned char **pout, -+ int entropy, size_t min_len, size_t max_len); -+ /* Indicates we have finished with nonce buffer */ -+ void (*cleanup_nonce) (DRBG_CTX *ctx, unsigned char *out, size_t olen); -+ -+ /* Callbacks used when called through RAND interface */ -+ /* Get any additional input for generate */ -+ size_t (*get_adin) (DRBG_CTX *ctx, unsigned char **pout); -+ void (*cleanup_adin) (DRBG_CTX *ctx, unsigned char *out, size_t olen); -+ /* Callback for RAND_seed(), RAND_add() */ -+ int (*rand_seed_cb) (DRBG_CTX *ctx, const void *buf, int num); -+ int (*rand_add_cb) (DRBG_CTX *ctx, -+ const void *buf, int num, double entropy); -+}; -+ -+int fips_drbg_ctr_init(DRBG_CTX *dctx); -+int fips_drbg_hash_init(DRBG_CTX *dctx); -+int fips_drbg_hmac_init(DRBG_CTX *dctx); -+int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags); -+int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out); -+ -+#define FIPS_digestinit EVP_DigestInit -+#define FIPS_digestupdate EVP_DigestUpdate -+#define FIPS_digestfinal EVP_DigestFinal -+#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.1.1j/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1j/crypto/fips/fips_rand_lib.c ---- openssl-1.1.1j/crypto/fips/fips_rand_lib.c.fips 2021-03-03 12:57:42.201734542 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_rand_lib.c 2021-03-03 12:57:42.201734542 +0100 -@@ -0,0 +1,234 @@ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+/* If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't -+ be defined and gettimeofday() won't be declared with strict compilers -+ like DEC C in ANSI C mode. */ -+#ifndef _XOPEN_SOURCE_EXTENDED -+# define _XOPEN_SOURCE_EXTENDED 1 -+#endif -+ -+#include -+#include -+#include -+#include -+#include "crypto/fips.h" -+#include -+#include "e_os.h" -+ -+#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS)) -+# include -+#endif -+#if defined(OPENSSL_SYS_VXWORKS) -+# include -+#endif -+#ifndef OPENSSL_SYS_WIN32 -+# ifdef OPENSSL_UNISTD -+# include OPENSSL_UNISTD -+# else -+# include -+# endif -+#endif -+ -+/* FIPS API for PRNG use. Similar to RAND functionality but without -+ * ENGINE and additional checking for non-FIPS rand methods. -+ */ -+ -+static const RAND_METHOD *fips_rand_meth = NULL; -+static int fips_approved_rand_meth = 0; -+static int fips_rand_bits = 0; -+ -+/* Allows application to override number of bits and uses non-FIPS methods */ -+void FIPS_rand_set_bits(int nbits) -+{ -+ fips_rand_bits = nbits; -+} -+ -+int FIPS_rand_set_method(const RAND_METHOD *meth) -+{ -+ if (!fips_rand_bits) { -+ if (meth == FIPS_drbg_method()) -+ fips_approved_rand_meth = 1; -+ else { -+ fips_approved_rand_meth = 0; -+ if (FIPS_module_mode()) { -+ FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD, FIPS_R_NON_FIPS_METHOD); -+ return 0; -+ } -+ } -+ } -+ fips_rand_meth = meth; -+ return 1; -+} -+ -+const RAND_METHOD *FIPS_rand_get_method(void) -+{ -+ return fips_rand_meth; -+} -+ -+void FIPS_rand_reset(void) -+{ -+ if (fips_rand_meth && fips_rand_meth->cleanup) -+ fips_rand_meth->cleanup(); -+} -+ -+int FIPS_rand_seed(const void *buf, int num) -+{ -+ if (!fips_approved_rand_meth && FIPS_module_mode()) { -+ FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD); -+ return 0; -+ } -+ if (fips_rand_meth && fips_rand_meth->seed) -+ fips_rand_meth->seed(buf, num); -+ return 1; -+} -+ -+int FIPS_rand_bytes(unsigned char *buf, int num) -+{ -+ if (!fips_approved_rand_meth && FIPS_module_mode()) { -+ FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD); -+ return 0; -+ } -+ if (fips_rand_meth && fips_rand_meth->bytes) -+ return fips_rand_meth->bytes(buf, num); -+ return 0; -+} -+ -+int FIPS_rand_status(void) -+{ -+ if (!fips_approved_rand_meth && FIPS_module_mode()) { -+ FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD); -+ return 0; -+ } -+ if (fips_rand_meth && fips_rand_meth->status) -+ return fips_rand_meth->status(); -+ return 0; -+} -+ -+/* Return instantiated strength of PRNG. For DRBG this is an internal -+ * parameter. Any other type of PRNG is not approved and returns 0 in -+ * FIPS mode and maximum 256 outside FIPS mode. -+ */ -+ -+int FIPS_rand_strength(void) -+{ -+ if (fips_rand_bits) -+ return fips_rand_bits; -+ if (fips_approved_rand_meth == 1) -+ return FIPS_drbg_get_strength(FIPS_get_default_drbg()); -+ else if (fips_approved_rand_meth == 0) { -+ if (FIPS_module_mode()) -+ return 0; -+ else -+ return 256; -+ } -+ return 0; -+} -+ -+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr) -+{ -+# ifdef OPENSSL_SYS_WIN32 -+ FILETIME ft; -+# elif defined(OPENSSL_SYS_VXWORKS) -+ struct timespec ts; -+# else -+ struct timeval tv; -+# endif -+ -+# ifndef GETPID_IS_MEANINGLESS -+ unsigned long pid; -+# endif -+ -+# ifdef OPENSSL_SYS_WIN32 -+ GetSystemTimeAsFileTime(&ft); -+ buf[0] = (unsigned char)(ft.dwHighDateTime & 0xff); -+ buf[1] = (unsigned char)((ft.dwHighDateTime >> 8) & 0xff); -+ buf[2] = (unsigned char)((ft.dwHighDateTime >> 16) & 0xff); -+ buf[3] = (unsigned char)((ft.dwHighDateTime >> 24) & 0xff); -+ buf[4] = (unsigned char)(ft.dwLowDateTime & 0xff); -+ buf[5] = (unsigned char)((ft.dwLowDateTime >> 8) & 0xff); -+ buf[6] = (unsigned char)((ft.dwLowDateTime >> 16) & 0xff); -+ buf[7] = (unsigned char)((ft.dwLowDateTime >> 24) & 0xff); -+# elif defined(OPENSSL_SYS_VXWORKS) -+ clock_gettime(CLOCK_REALTIME, &ts); -+ buf[0] = (unsigned char)(ts.tv_sec & 0xff); -+ buf[1] = (unsigned char)((ts.tv_sec >> 8) & 0xff); -+ buf[2] = (unsigned char)((ts.tv_sec >> 16) & 0xff); -+ buf[3] = (unsigned char)((ts.tv_sec >> 24) & 0xff); -+ buf[4] = (unsigned char)(ts.tv_nsec & 0xff); -+ buf[5] = (unsigned char)((ts.tv_nsec >> 8) & 0xff); -+ buf[6] = (unsigned char)((ts.tv_nsec >> 16) & 0xff); -+ buf[7] = (unsigned char)((ts.tv_nsec >> 24) & 0xff); -+# else -+ gettimeofday(&tv, NULL); -+ buf[0] = (unsigned char)(tv.tv_sec & 0xff); -+ buf[1] = (unsigned char)((tv.tv_sec >> 8) & 0xff); -+ buf[2] = (unsigned char)((tv.tv_sec >> 16) & 0xff); -+ buf[3] = (unsigned char)((tv.tv_sec >> 24) & 0xff); -+ buf[4] = (unsigned char)(tv.tv_usec & 0xff); -+ buf[5] = (unsigned char)((tv.tv_usec >> 8) & 0xff); -+ buf[6] = (unsigned char)((tv.tv_usec >> 16) & 0xff); -+ buf[7] = (unsigned char)((tv.tv_usec >> 24) & 0xff); -+# endif -+ buf[8] = (unsigned char)(*pctr & 0xff); -+ buf[9] = (unsigned char)((*pctr >> 8) & 0xff); -+ buf[10] = (unsigned char)((*pctr >> 16) & 0xff); -+ buf[11] = (unsigned char)((*pctr >> 24) & 0xff); -+ -+ (*pctr)++; -+ -+# ifndef GETPID_IS_MEANINGLESS -+ pid = (unsigned long)getpid(); -+ buf[12] = (unsigned char)(pid & 0xff); -+ buf[13] = (unsigned char)((pid >> 8) & 0xff); -+ buf[14] = (unsigned char)((pid >> 16) & 0xff); -+ buf[15] = (unsigned char)((pid >> 24) & 0xff); -+# endif -+} -+ -diff -up openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c ---- openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c.fips 2021-03-03 12:57:42.201734542 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c 2021-03-03 12:57:42.201734542 +0100 -@@ -0,0 +1,338 @@ -+/* ==================================================================== -+ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include -+#include -+#ifdef OPENSSL_FIPS -+# include -+# include "crypto/fips.h" -+#endif -+#include -+#include -+#include -+#include -+#include "fips_locl.h" -+ -+#ifdef OPENSSL_FIPS -+ -+static int setrsakey(RSA *key) -+{ -+ static const unsigned char keydata_n[] = { -+ 0x00, 0xc9, 0xd5, 0x6d, 0x9d, 0x90, 0xdb, 0x43, 0xd6, 0x02, 0xed, 0x96, 0x88, 0x13, 0x8a, -+ 0xb2, 0xbf, 0x6e, 0xa1, 0x06, 0x10, 0xb2, 0x78, 0x37, 0xa7, 0x14, 0xa8, 0xff, 0xdd, 0x00, -+ 0xdd, 0xb4, 0x93, 0xa0, 0x45, 0xcc, 0x96, 0x90, 0xed, 0xad, 0xa9, 0xdd, 0xc4, 0xd6, 0xca, -+ 0x0c, 0xf0, 0xed, 0x4f, 0x72, 0x5e, 0x21, 0x49, 0x9a, 0x18, 0x12, 0x15, 0x8f, 0x90, 0x5a, -+ 0xdb, 0xb6, 0x33, 0x99, 0xa3, 0xe6, 0xb4, 0xf0, 0xc4, 0x97, 0x21, 0x26, 0xbb, 0xe3, 0xba, -+ 0xf2, 0xff, 0xa0, 0x72, 0xda, 0x89, 0x63, 0x8e, 0x8b, 0x3e, 0x08, 0x9d, 0x92, 0x2a, 0xbe, -+ 0x16, 0xe1, 0x43, 0x15, 0xfc, 0x57, 0xc7, 0x1f, 0x09, 0x11, 0x67, 0x1c, 0xa9, 0x96, 0xd1, -+ 0x8b, 0x3e, 0x80, 0x93, 0xc1, 0x59, 0xd0, 0x6d, 0x39, 0xf2, 0xac, 0x95, 0xcc, 0x10, 0x75, -+ 0xe9, 0x31, 0x24, 0xd1, 0x43, 0xaf, 0x68, 0x52, 0x4b, 0xe7, 0x16, 0xd7, 0x49, 0x65, 0x6f, -+ 0x26, 0xc0, 0x86, 0xad, 0xc0, 0x07, 0x0a, 0xc1, 0xe1, 0x2f, 0x87, 0x85, 0x86, 0x3b, 0xdc, -+ 0x5a, 0x99, 0xbe, 0xe9, 0xf9, 0xb9, 0xe9, 0x82, 0x27, 0x51, 0x04, 0x15, 0xab, 0x06, 0x0e, -+ 0x76, 0x5a, 0x28, 0x8d, 0x92, 0xbd, 0xc5, 0xb5, 0x7b, 0xa8, 0xdf, 0x4e, 0x47, 0xa2, 0xc1, -+ 0xe7, 0x52, 0xbf, 0x47, 0xf7, 0x62, 0xe0, 0x3a, 0x6f, 0x4d, 0x6a, 0x4d, 0x4e, 0xd4, 0xb9, -+ 0x59, 0x69, 0xfa, 0xb2, 0x14, 0xc1, 0xee, 0xe6, 0x2f, 0x95, 0xcd, 0x94, 0x72, 0xae, 0xe4, -+ 0xdb, 0x18, 0x9a, 0xc4, 0xcd, 0x70, 0xbd, 0xee, 0x31, 0x16, 0xb7, 0x49, 0x65, 0xac, 0x40, -+ 0x19, 0x0e, 0xb5, 0x6d, 0x83, 0xf1, 0x36, 0xbb, 0x08, 0x2f, 0x2e, 0x4e, 0x92, 0x62, 0xa4, -+ 0xff, 0x50, 0xdb, 0x20, 0x45, 0xa2, 0xeb, 0x16, 0x7a, 0xf2, 0xd5, 0x28, 0xc1, 0xfd, 0x4e, -+ 0x03, 0x71 -+ }; -+ -+ static const unsigned char keydata_e[] = { 0x01, 0x00, 0x01 }; -+ -+ static const unsigned char keydata_d[] = { -+ 0x36, 0x27, 0x3d, 0xb1, 0xf9, 0x1b, 0xdb, 0xa7, 0xa0, 0x41, 0x7f, 0x12, 0x23, 0xac, 0x23, -+ 0x29, 0x99, 0xd5, 0x3a, 0x7b, 0x60, 0x67, 0x41, 0x07, 0x63, 0x53, 0xb4, 0xd2, 0xe7, 0x58, -+ 0x95, 0x0a, 0xc7, 0x05, 0xf3, 0x4e, 0xb2, 0xb4, 0x12, 0xd4, 0x70, 0xdc, 0x4f, 0x85, 0x06, -+ 0xd3, 0xdd, 0xd8, 0x63, 0x27, 0x3e, 0x67, 0x31, 0x21, 0x24, 0x39, 0x04, 0xbc, 0x06, 0xa4, -+ 0xcc, 0xce, 0x2b, 0x7a, 0xfe, 0x7b, 0xad, 0xde, 0x11, 0x6e, 0xa3, 0xa5, 0xe6, 0x04, 0x53, -+ 0x0e, 0xa3, 0x4e, 0x2d, 0xb4, 0x8f, 0x31, 0xbf, 0xca, 0x75, 0x25, 0x52, 0x02, 0x85, 0xde, -+ 0x3d, 0xb2, 0x72, 0x43, 0xb2, 0x89, 0x8a, 0x9a, 0x34, 0x41, 0x26, 0x3f, 0x9a, 0x67, 0xbe, -+ 0xa4, 0x96, 0x7b, 0x0e, 0x75, 0xba, 0xa6, 0x93, 0xd5, 0xb8, 0xd8, 0xb8, 0x57, 0xf2, 0x4b, -+ 0x0f, 0x14, 0x81, 0xd1, 0x57, 0x4e, 0xf6, 0x45, 0x4c, 0xa6, 0x3b, 0xd0, 0x70, 0xca, 0xd3, -+ 0x9d, 0x55, 0xde, 0x22, 0x05, 0xe7, 0x8e, 0x28, 0x4d, 0xee, 0x11, 0xcf, 0xb6, 0x67, 0x76, -+ 0x09, 0xd3, 0xe3, 0x3c, 0x13, 0xf9, 0x99, 0x34, 0x10, 0x7b, 0xec, 0x81, 0x38, 0xf0, 0xb6, -+ 0x34, 0x9c, 0x9b, 0x50, 0x6f, 0x0b, 0x91, 0x81, 0x4d, 0x89, 0x94, 0x04, 0x7b, 0xf0, 0x3c, -+ 0xf4, 0xb1, 0xb2, 0x00, 0x48, 0x8d, 0x5a, 0x8f, 0x88, 0x9e, 0xc5, 0xab, 0x3a, 0x9e, 0x44, -+ 0x3f, 0x54, 0xe7, 0xd9, 0x6e, 0x47, 0xaa, 0xa1, 0xbd, 0x40, 0x46, 0x31, 0xf9, 0xf0, 0x34, -+ 0xb6, 0x04, 0xe1, 0x2b, 0x5b, 0x73, 0x86, 0xdd, 0x3a, 0x92, 0x1b, 0x71, 0xc7, 0x3f, 0x32, -+ 0xe5, 0xc3, 0xc2, 0xab, 0xa1, 0x7e, 0xbf, 0xa4, 0x52, 0xa0, 0xb0, 0x68, 0x90, 0xd1, 0x20, -+ 0x12, 0x79, 0xe9, 0xd7, 0xc9, 0x40, 0xba, 0xf2, 0x19, 0xc7, 0xa5, 0x00, 0x92, 0x86, 0x0d, -+ 0x01 -+ }; -+ -+ static const unsigned char keydata_p[] = { -+ 0x00, 0xfc, 0x5c, 0x6e, 0x16, 0xce, 0x1f, 0x03, 0x7b, 0xcd, 0xf7, 0xb3, 0x72, 0xb2, 0x8f, -+ 0x16, 0x72, 0xb8, 0x56, 0xae, 0xf7, 0xcd, 0x67, 0xd8, 0x4e, 0x7d, 0x07, 0xaf, 0xd5, 0x43, -+ 0x26, 0xc3, 0x35, 0xbe, 0x43, 0x8f, 0x4e, 0x2f, 0x1c, 0x43, 0x4e, 0x6b, 0xd2, 0xb2, 0xec, -+ 0x52, 0x6d, 0x97, 0x52, 0x2b, 0xcc, 0x5c, 0x3a, 0x6b, 0xf4, 0x14, 0xc6, 0x74, 0xda, 0x66, -+ 0x38, 0x1c, 0x7a, 0x3f, 0x84, 0x2f, 0xe3, 0xf9, 0x5a, 0xb8, 0x65, 0x69, 0x46, 0x06, 0xa3, -+ 0x37, 0x79, 0xb2, 0xa1, 0x5b, 0x58, 0xed, 0x5e, 0xa7, 0x5f, 0x8c, 0x65, 0x66, 0xbb, 0xd1, -+ 0x24, 0x36, 0xe6, 0x37, 0xa7, 0x3d, 0x49, 0x77, 0x8a, 0x8c, 0x34, 0xd8, 0x69, 0x29, 0xf3, -+ 0x4d, 0x58, 0x22, 0xb0, 0x51, 0x24, 0xb6, 0x40, 0xa8, 0x86, 0x59, 0x0a, 0xb7, 0xba, 0x5c, -+ 0x97, 0xda, 0x57, 0xe8, 0x36, 0xda, 0x7a, 0x9c, 0xad -+ }; -+ -+ static const unsigned char keydata_q[] = { -+ 0x00, 0xcc, 0xbe, 0x7b, 0x09, 0x69, 0x06, 0xee, 0x45, 0xbf, 0x88, 0x47, 0x38, 0xa8, 0xf8, -+ 0x17, 0xe5, 0xb6, 0xba, 0x67, 0x55, 0xe3, 0xe8, 0x05, 0x8b, 0xb8, 0xe2, 0x53, 0xd6, 0x8e, -+ 0xef, 0x2c, 0xe7, 0x4f, 0x4a, 0xf7, 0x4e, 0x26, 0x8d, 0x85, 0x0b, 0x3f, 0xec, 0xc3, 0x1c, -+ 0xd4, 0xeb, 0xec, 0x6a, 0xc8, 0x72, 0x2a, 0x25, 0x7d, 0xfd, 0xa6, 0x77, 0x96, 0xf0, 0x1e, -+ 0xcd, 0x28, 0x57, 0xf8, 0x37, 0x30, 0x75, 0x6b, 0xbd, 0xd4, 0x7b, 0x0c, 0x87, 0xc5, 0x6c, -+ 0x87, 0x40, 0xa5, 0xbb, 0x27, 0x2c, 0x78, 0xc9, 0x74, 0x5a, 0x54, 0x5b, 0x0b, 0x30, 0x6f, -+ 0x44, 0x4a, 0xfa, 0x71, 0xe4, 0x21, 0x61, 0x66, 0xf9, 0xee, 0x65, 0xde, 0x7c, 0x04, 0xd7, -+ 0xfd, 0xa9, 0x15, 0x5b, 0x7f, 0xe2, 0x7a, 0xba, 0x69, 0x86, 0x72, 0xa6, 0x06, 0x8d, 0x9b, -+ 0x90, 0x55, 0x60, 0x9e, 0x4c, 0x5d, 0xa9, 0xb6, 0x55 -+ }; -+ -+ static const unsigned char keydata_dmp1[] = { -+ 0x7a, 0xd6, 0x12, 0xd0, 0x0e, 0xec, 0x91, 0xa9, 0x85, 0x8b, 0xf8, 0x50, 0xf0, 0x11, 0x2e, -+ 0x00, 0x11, 0x32, 0x40, 0x60, 0x66, 0x1f, 0x11, 0xee, 0xc2, 0x75, 0x27, 0x65, 0x4b, 0x16, -+ 0x67, 0x16, 0x95, 0xd2, 0x14, 0xc3, 0x1d, 0xb3, 0x48, 0x1f, 0xb7, 0xe4, 0x0b, 0x2b, 0x74, -+ 0xc3, 0xdb, 0x50, 0x27, 0xf9, 0x85, 0x3a, 0xfa, 0xa9, 0x08, 0x23, 0xc1, 0x65, 0x3d, 0x34, -+ 0x3a, 0xc8, 0x56, 0x7a, 0x65, 0x45, 0x36, 0x6e, 0xae, 0x2a, 0xce, 0x9f, 0x43, 0x43, 0xd7, -+ 0x10, 0xe9, 0x9e, 0x18, 0xf4, 0xa4, 0x35, 0xda, 0x8a, 0x6b, 0xb0, 0x3f, 0xdd, 0x53, 0xe3, -+ 0xa8, 0xc5, 0x4e, 0x79, 0x9d, 0x1f, 0x51, 0x8c, 0xa2, 0xca, 0x66, 0x3c, 0x6a, 0x2a, 0xff, -+ 0x8e, 0xd2, 0xf3, 0xb7, 0xcb, 0x82, 0xda, 0xde, 0x2c, 0xe6, 0xd2, 0x8c, 0xb3, 0xad, 0xb6, -+ 0x4c, 0x95, 0x55, 0x76, 0xbd, 0xc9, 0xc8, 0xd1 -+ }; -+ -+ static const unsigned char keydata_dmq1[] = { -+ 0x00, 0x83, 0x23, 0x1d, 0xbb, 0x11, 0x42, 0x17, 0x2b, 0x25, 0x5a, 0x2c, 0x03, 0xe6, 0x75, -+ 0xc1, 0x18, 0xa8, 0xc9, 0x0b, 0x96, 0xbf, 0xba, 0xc4, 0x92, 0x91, 0x80, 0xa5, 0x22, 0x2f, -+ 0xba, 0x91, 0x90, 0x36, 0x01, 0x56, 0x15, 0x00, 0x2c, 0x74, 0xa2, 0x97, 0xf7, 0x15, 0xa1, -+ 0x49, 0xdf, 0x32, 0x35, 0xd2, 0xdd, 0x0c, 0x91, 0xa6, 0xf8, 0xe7, 0xbe, 0x81, 0x36, 0x9b, -+ 0x03, 0xdc, 0x6b, 0x3b, 0xd8, 0x5d, 0x79, 0x57, 0xe0, 0xe6, 0x4f, 0x49, 0xdf, 0x4c, 0x5c, -+ 0x0e, 0xe5, 0x21, 0x41, 0x95, 0xfd, 0xad, 0xff, 0x9a, 0x3e, 0xa0, 0xf9, 0x0f, 0x59, 0x9e, -+ 0x6a, 0xa7, 0x7b, 0x71, 0xa7, 0x24, 0x9a, 0x36, 0x52, 0xae, 0x97, 0x20, 0xc1, 0x5e, 0x78, -+ 0xd9, 0x47, 0x8b, 0x1e, 0x67, 0xf2, 0xaf, 0x98, 0xe6, 0x2d, 0xef, 0x10, 0xd7, 0xf1, 0xab, -+ 0x49, 0xee, 0xe5, 0x4b, 0x7e, 0xae, 0x1f, 0x1d, 0x61 -+ }; -+ -+ static const unsigned char keydata_iqmp[] = { -+ 0x23, 0x96, 0xc1, 0x91, 0x17, 0x5e, 0x0a, 0x83, 0xd2, 0xdc, 0x7b, 0x69, 0xb2, 0x59, 0x1d, -+ 0x33, 0x58, 0x52, 0x3f, 0x18, 0xc7, 0x09, 0x50, 0x1c, 0xb9, 0xa1, 0xbb, 0x4c, 0xa2, 0x38, -+ 0x40, 0x4c, 0x9a, 0x8e, 0xfe, 0x9c, 0x90, 0x92, 0xd0, 0x71, 0x9f, 0x89, 0x99, 0x50, 0x91, -+ 0x1f, 0x34, 0x8b, 0x74, 0x53, 0x11, 0x11, 0x4a, 0x70, 0xe2, 0xf7, 0x30, 0xd8, 0x8c, 0x80, -+ 0xe1, 0xcc, 0x9f, 0xf1, 0x63, 0x17, 0x1a, 0x7d, 0x67, 0x29, 0x4c, 0xcb, 0x4e, 0x74, 0x7b, -+ 0xe0, 0x3e, 0x9e, 0x2f, 0xf4, 0x67, 0x8f, 0xec, 0xb9, 0x5c, 0x00, 0x1e, 0x7e, 0xa2, 0x7b, -+ 0x92, 0xc9, 0x6f, 0x4c, 0xe4, 0x0e, 0xf9, 0x48, 0x63, 0xcd, 0x50, 0x22, 0x5d, 0xbf, 0xb6, -+ 0x9d, 0x01, 0x33, 0x6a, 0xf4, 0x50, 0xbe, 0x86, 0x98, 0x4f, 0xca, 0x3f, 0x3a, 0xfa, 0xcf, -+ 0x07, 0x40, 0xc4, 0xaa, 0xad, 0xae, 0xbe, 0xbf -+ }; -+ -+ int rv = 0; -+ BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; -+ -+ fips_load_key_component(n, keydata); -+ fips_load_key_component(e, keydata); -+ fips_load_key_component(d, keydata); -+ fips_load_key_component(p, keydata); -+ fips_load_key_component(q, keydata); -+ fips_load_key_component(dmp1, keydata); -+ fips_load_key_component(dmq1, keydata); -+ fips_load_key_component(iqmp, keydata); -+ -+ RSA_set0_key(key, n, e, d); -+ RSA_set0_factors(key, p, q); -+ RSA_set0_crt_params(key, dmp1, dmq1, iqmp); -+ -+ rv = 1; -+err: -+ if (!rv) { -+ BN_free(n); -+ BN_free(e); -+ BN_free(d); -+ BN_free(p); -+ BN_free(q); -+ BN_free(dmp1); -+ BN_free(dmq1); -+ BN_free(iqmp); -+ } -+ return rv; -+} -+ -+/* Known Answer Test (KAT) data for the above RSA private key signing -+ * kat_tbs. -+ */ -+ -+static const unsigned char kat_tbs[] = -+ "OpenSSL FIPS 140-2 Public Key RSA KAT"; -+ -+static const unsigned char kat_RSA_PSS_SHA256[] = { -+ 0x38, 0xDA, 0x99, 0x51, 0x26, 0x38, 0xC6, 0x7F, 0xC4, 0x81, 0x57, 0x19, -+ 0x35, 0xC6, 0xF6, 0x1E, 0x90, 0x47, 0x20, 0x55, 0x47, 0x56, 0x26, 0xE9, -+ 0xF2, 0xA8, 0x39, 0x6C, 0xD5, 0xCD, 0xCB, 0x55, 0xFC, 0x0C, 0xC5, 0xCB, -+ 0xF7, 0x40, 0x17, 0x3B, 0xCF, 0xE4, 0x05, 0x03, 0x3B, 0xA0, 0xB2, 0xC9, -+ 0x0D, 0x5E, 0x48, 0x3A, 0xE9, 0xAD, 0x28, 0x71, 0x7D, 0x8F, 0x89, 0x16, -+ 0x59, 0x93, 0x35, 0xDC, 0x4D, 0x7B, 0xDF, 0x84, 0xE4, 0x68, 0xAA, 0x33, -+ 0xAA, 0xDC, 0x66, 0x50, 0xC8, 0xA9, 0x32, 0x12, 0xDC, 0xC6, 0x90, 0x49, -+ 0x0B, 0x75, 0xFF, 0x9B, 0x95, 0x00, 0x9A, 0x90, 0xE0, 0xD4, 0x0E, 0x67, -+ 0xAB, 0x3C, 0x47, 0x36, 0xC5, 0x2E, 0x1C, 0x46, 0xF0, 0x2D, 0xD3, 0x8B, -+ 0x42, 0x08, 0xDE, 0x0D, 0xB6, 0x2C, 0x86, 0xB0, 0x35, 0x71, 0x18, 0x6B, -+ 0x89, 0x67, 0xC0, 0x05, 0xAD, 0xF4, 0x1D, 0x62, 0x4E, 0x75, 0xEC, 0xD6, -+ 0xC2, 0xDB, 0x07, 0xB0, 0xB6, 0x8D, 0x15, 0xAD, 0xCD, 0xBF, 0xF5, 0x60, -+ 0x76, 0xAE, 0x48, 0xB8, 0x77, 0x7F, 0xC5, 0x01, 0xD9, 0x29, 0xBB, 0xD6, -+ 0x17, 0xA2, 0x20, 0x5A, 0xC0, 0x4A, 0x3B, 0x34, 0xC8, 0xB9, 0x39, 0xCF, -+ 0x06, 0x89, 0x95, 0x6F, 0xC7, 0xCA, 0xC4, 0xE4, 0x43, 0xDF, 0x5A, 0x23, -+ 0xE2, 0x89, 0xA3, 0x38, 0x78, 0x31, 0x38, 0xC6, 0xA4, 0x6F, 0x5F, 0x73, -+ 0x5A, 0xE5, 0x9E, 0x09, 0xE7, 0x6F, 0xD4, 0xF8, 0x3E, 0xB7, 0xB0, 0x56, -+ 0x9A, 0xF3, 0x65, 0xF0, 0xC2, 0xA6, 0x8A, 0x08, 0xBA, 0x44, 0xAC, 0x97, -+ 0xDE, 0xB4, 0x16, 0x83, 0xDF, 0xE3, 0xEE, 0x71, 0xFA, 0xF9, 0x51, 0x50, -+ 0x14, 0xDC, 0xFD, 0x6A, 0x82, 0x20, 0x68, 0x64, 0x7D, 0x4E, 0x82, 0x68, -+ 0xD7, 0x45, 0xFA, 0x6A, 0xE4, 0xE5, 0x29, 0x3A, 0x70, 0xFB, 0xE4, 0x62, -+ 0x2B, 0x31, 0xB9, 0x7D -+}; -+ -+static const unsigned char kat_RSA_SHA256[] = { -+ 0xC2, 0xB1, 0x97, 0x00, 0x9A, 0xE5, 0x80, 0x6A, 0xE2, 0x51, 0x68, 0xB9, -+ 0x7A, 0x0C, 0xF2, 0xB4, 0x77, 0xED, 0x15, 0x0C, 0x4E, 0xE1, 0xDC, 0xFF, -+ 0x8E, 0xBC, 0xDE, 0xC7, 0x9A, 0x96, 0xF1, 0x47, 0x45, 0x24, 0x9D, 0x6F, -+ 0xA6, 0xF3, 0x1D, 0x0D, 0x35, 0x4C, 0x1A, 0xF3, 0x58, 0x2C, 0x6C, 0x06, -+ 0xD6, 0x22, 0x37, 0x77, 0x8C, 0x33, 0xE5, 0x07, 0x53, 0x93, 0x28, 0xCF, -+ 0x67, 0xFA, 0xC4, 0x1F, 0x1B, 0x24, 0xDB, 0x4C, 0xC5, 0x2A, 0x51, 0xA2, -+ 0x60, 0x15, 0x8C, 0x54, 0xB4, 0x30, 0xE2, 0x24, 0x47, 0x86, 0xF2, 0xF8, -+ 0x6C, 0xD6, 0x12, 0x59, 0x2C, 0x74, 0x9A, 0x37, 0xF3, 0xC4, 0xA2, 0xD5, -+ 0x4E, 0x1F, 0x77, 0xF0, 0x27, 0xCE, 0x77, 0xF8, 0x4A, 0x79, 0x03, 0xBE, -+ 0xC8, 0x06, 0x2D, 0xA7, 0xA6, 0x46, 0xF5, 0x55, 0x79, 0xD7, 0x5C, 0xC6, -+ 0x5B, 0xB1, 0x00, 0x4E, 0x7C, 0xD9, 0x11, 0x85, 0xE0, 0xB1, 0x4D, 0x2D, -+ 0x13, 0xD7, 0xAC, 0xEA, 0x64, 0xD1, 0xAC, 0x8F, 0x8D, 0x8F, 0xEA, 0x42, -+ 0x7F, 0xF9, 0xB7, 0x7D, 0x2C, 0x68, 0x49, 0x07, 0x7A, 0x74, 0xEF, 0xB4, -+ 0xC9, 0x97, 0x16, 0x5C, 0x6C, 0x6E, 0x5C, 0x09, 0x2E, 0x8E, 0x13, 0x2E, -+ 0x1A, 0x8D, 0xA6, 0x0C, 0x6E, 0x0C, 0x1C, 0x0F, 0xCC, 0xB2, 0x78, 0x8A, -+ 0x07, 0xFC, 0x5C, 0xC2, 0xF5, 0x65, 0xEC, 0xAB, 0x8B, 0x3C, 0xCA, 0x91, -+ 0x6F, 0x84, 0x7C, 0x21, 0x0E, 0xB8, 0xDA, 0x7B, 0x6C, 0xF7, 0xDF, 0xAB, -+ 0x7E, 0x15, 0xFD, 0x85, 0x0B, 0x33, 0x9B, 0x6A, 0x3A, 0xC3, 0xEF, 0x65, -+ 0x04, 0x6E, 0xB2, 0xAC, 0x98, 0xFD, 0xEB, 0x02, 0xF5, 0xC0, 0x0B, 0x5E, -+ 0xCB, 0xD4, 0x83, 0x82, 0x18, 0x1B, 0xDA, 0xB4, 0xCD, 0xE8, 0x71, 0x6B, -+ 0x1D, 0xB5, 0x4F, 0xE9, 0xD6, 0x43, 0xA0, 0x0A, 0x14, 0xA0, 0xE7, 0x5D, -+ 0x47, 0x9D, 0x18, 0xD7 -+}; -+ -+static int fips_rsa_encrypt_test(RSA *rsa, const unsigned char *plaintext, -+ int ptlen) -+{ -+ unsigned char *ctbuf = NULL, *ptbuf = NULL; -+ int ret = 0; -+ int len; -+ -+ ctbuf = OPENSSL_malloc(RSA_size(rsa)); -+ if (!ctbuf) -+ goto err; -+ -+ len = RSA_public_encrypt(ptlen, plaintext, ctbuf, rsa, RSA_PKCS1_PADDING); -+ if (len <= 0) -+ goto err; -+ /* Check ciphertext doesn't match plaintext */ -+ if (len >= ptlen && !memcmp(plaintext, ctbuf, ptlen)) -+ goto err; -+ -+ ptbuf = OPENSSL_malloc(RSA_size(rsa)); -+ if (!ptbuf) -+ goto err; -+ -+ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING); -+ if (len != ptlen) -+ goto err; -+ if (memcmp(ptbuf, plaintext, len)) -+ goto err; -+ -+ ret = 1; -+ -+ err: -+ if (ctbuf) -+ OPENSSL_free(ctbuf); -+ if (ptbuf) -+ OPENSSL_free(ptbuf); -+ return ret; -+} -+ -+int FIPS_selftest_rsa() -+{ -+ int ret = 0; -+ RSA *key; -+ EVP_PKEY *pk = NULL; -+ -+ if ((key = RSA_new()) == NULL) -+ goto err; -+ -+ if (!setrsakey(key)) -+ goto err; -+ -+ if ((pk = EVP_PKEY_new()) == NULL) -+ goto err; -+ -+ EVP_PKEY_set1_RSA(pk, key); -+ -+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, -+ kat_RSA_SHA256, sizeof(kat_RSA_SHA256), -+ EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PKCS1, -+ "RSA SHA256 PKCS#1")) -+ goto err; -+ -+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, -+ kat_RSA_PSS_SHA256, -+ sizeof(kat_RSA_PSS_SHA256), EVP_sha256(), -+ EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA256 PSS")) -+ goto err; -+ -+ if (!fips_rsa_encrypt_test(key, kat_tbs, sizeof(kat_tbs) - 1)) -+ goto err; -+ -+ ret = 1; -+ -+ err: -+ if (pk) -+ EVP_PKEY_free(pk); -+ if (key) -+ RSA_free(key); -+ return ret; -+} -+ -+#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.1.1j/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_sha_selftest.c ---- openssl-1.1.1j/crypto/fips/fips_sha_selftest.c.fips 2021-03-03 12:57:42.201734542 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_sha_selftest.c 2021-03-03 12:57:42.201734542 +0100 -@@ -0,0 +1,223 @@ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include -+#include -+#ifdef OPENSSL_FIPS -+# include -+#endif -+#include -+#include -+ -+#ifdef OPENSSL_FIPS -+static const char test[][60] = { -+ "", -+ "abc", -+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" -+}; -+ -+static const unsigned char ret[][SHA_DIGEST_LENGTH] = { -+ {0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55, -+ 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09}, -+ {0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, 0xba, 0x3e, -+ 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, 0x9c, 0xd0, 0xd8, 0x9d}, -+ {0x84, 0x98, 0x3e, 0x44, 0x1c, 0x3b, 0xd2, 0x6e, 0xba, 0xae, -+ 0x4a, 0xa1, 0xf9, 0x51, 0x29, 0xe5, 0xe5, 0x46, 0x70, 0xf1}, -+}; -+ -+int FIPS_selftest_sha1() -+{ -+ int n; -+ -+ for (n = 0; n < sizeof(test) / sizeof(test[0]); ++n) { -+ unsigned char md[SHA_DIGEST_LENGTH]; -+ -+ EVP_Digest(test[n], strlen(test[n]), md, NULL, -+ EVP_sha1(), NULL); -+ if (memcmp(md, ret[n], sizeof md)) { -+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1, FIPS_R_SELFTEST_FAILED); -+ return 0; -+ } -+ } -+ return 1; -+} -+ -+static const unsigned char msg_sha256[] = -+ { 0xfa, 0x48, 0x59, 0x2a, 0xe1, 0xae, 0x1f, 0x30, -+ 0xfc -+}; -+ -+static const unsigned char dig_sha256[] = -+ { 0xf7, 0x26, 0xd8, 0x98, 0x47, 0x91, 0x68, 0x5b, -+ 0x9e, 0x39, 0xb2, 0x58, 0xbb, 0x75, 0xbf, 0x01, -+ 0x17, 0x0c, 0x84, 0x00, 0x01, 0x7a, 0x94, 0x83, -+ 0xf3, 0x0b, 0x15, 0x84, 0x4b, 0x69, 0x88, 0x8a -+}; -+ -+static const unsigned char msg_sha512[] = -+ { 0x37, 0xd1, 0x35, 0x9d, 0x18, 0x41, 0xe9, 0xb7, -+ 0x6d, 0x9a, 0x13, 0xda, 0x5f, 0xf3, 0xbd -+}; -+ -+static const unsigned char dig_sha512[] = -+ { 0x11, 0x13, 0xc4, 0x19, 0xed, 0x2b, 0x1d, 0x16, -+ 0x11, 0xeb, 0x9b, 0xbe, 0xf0, 0x7f, 0xcf, 0x44, -+ 0x8b, 0xd7, 0x57, 0xbd, 0x8d, 0xa9, 0x25, 0xb0, -+ 0x47, 0x25, 0xd6, 0x6c, 0x9a, 0x54, 0x7f, 0x8f, -+ 0x0b, 0x53, 0x1a, 0x10, 0x68, 0x32, 0x03, 0x38, -+ 0x82, 0xc4, 0x87, 0xc4, 0xea, 0x0e, 0xd1, 0x04, -+ 0xa9, 0x98, 0xc1, 0x05, 0xa3, 0xf3, 0xf8, 0xb1, -+ 0xaf, 0xbc, 0xd9, 0x78, 0x7e, 0xee, 0x3d, 0x43 -+}; -+ -+int FIPS_selftest_sha2(void) -+{ -+ unsigned char md[SHA512_DIGEST_LENGTH]; -+ -+ EVP_Digest(msg_sha256, sizeof(msg_sha256), md, NULL, EVP_sha256(), NULL); -+ if (memcmp(dig_sha256, md, sizeof(dig_sha256))) { -+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA2, FIPS_R_SELFTEST_FAILED); -+ return 0; -+ } -+ -+ EVP_Digest(msg_sha512, sizeof(msg_sha512), md, NULL, EVP_sha512(), NULL); -+ if (memcmp(dig_sha512, md, sizeof(dig_sha512))) { -+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA2, FIPS_R_SELFTEST_FAILED); -+ return 0; -+ } -+ -+ return 1; -+} -+ -+static const unsigned char msg_sha3_256[] = { -+ 0xa1, 0xd7, 0xce, 0x51, 0x04, 0xeb, 0x25, 0xd6, -+ 0x13, 0x1b, 0xb8, 0xf6, 0x6e, 0x1f, 0xb1, 0x3f, -+ 0x35, 0x23 -+}; -+ -+static const unsigned char dig_sha3_256[] = { -+ 0xee, 0x90, 0x62, 0xf3, 0x97, 0x20, 0xb8, 0x21, -+ 0xb8, 0x8b, 0xe5, 0xe6, 0x46, 0x21, 0xd7, 0xe0, -+ 0xca, 0x02, 0x6a, 0x9f, 0xe7, 0x24, 0x8d, 0x78, -+ 0x15, 0x0b, 0x14, 0xbd, 0xba, 0xa4, 0x0b, 0xed -+}; -+ -+static const unsigned char msg_sha3_512[] = { -+ 0x13, 0x3b, 0x49, 0x7b, 0x00, 0x93, 0x27, 0x73, -+ 0xa5, 0x3b, 0xa9, 0xbf, 0x8e, 0x61, 0xd5, 0x9f, -+ 0x05, 0xf4 -+}; -+ -+static const unsigned char dig_sha3_512[] = { -+ 0x78, 0x39, 0x64, 0xa1, 0xcf, 0x41, 0xd6, 0xd2, -+ 0x10, 0xa8, 0xd7, 0xc8, 0x1c, 0xe6, 0x97, 0x0a, -+ 0xa6, 0x2c, 0x90, 0x53, 0xcb, 0x89, 0xe1, 0x5f, -+ 0x88, 0x05, 0x39, 0x57, 0xec, 0xf6, 0x07, 0xf4, -+ 0x2a, 0xf0, 0x88, 0x04, 0xe7, 0x6f, 0x2f, 0xbd, -+ 0xbb, 0x31, 0x80, 0x9c, 0x9e, 0xef, 0xc6, 0x0e, -+ 0x23, 0x3d, 0x66, 0x24, 0x36, 0x7a, 0x3b, 0x9c, -+ 0x30, 0xf8, 0xee, 0x5f, 0x65, 0xbe, 0x56, 0xac -+}; -+ -+static const unsigned char msg_shake_128[] = { -+ 0x43, 0xbd, 0xb1, 0x1e, 0xac, 0x71, 0x03, 0x1f, -+ 0x02, 0xa1, 0x1c, 0x15, 0xa1, 0x88, 0x5f, 0xa4, -+ 0x28, 0x98 -+}; -+ -+static const unsigned char dig_shake_128[] = { -+ 0xde, 0x68, 0x02, 0x7d, 0xa1, 0x30, 0x66, 0x3a, -+ 0x73, 0x98, 0x0e, 0x35, 0x25, 0xb8, 0x8c, 0x75 -+}; -+ -+static const unsigned char msg_shake_256[] = { -+ 0x8f, 0x84, 0xa3, 0x7d, 0xbd, 0x44, 0xd0, 0xf6, -+ 0x95, 0x36, 0xc5, 0xf4, 0x44, 0x6b, 0xa3, 0x23, -+ 0x9b, 0xfc -+}; -+ -+static const unsigned char dig_shake_256[] = { -+ 0x05, 0xca, 0x83, 0x5e, 0x0c, 0xdb, 0xfa, 0xf5, -+ 0x95, 0xc6, 0x86, 0x7e, 0x2d, 0x9d, 0xb9, 0x3f, -+ 0xca, 0x9c, 0x8b, 0xc6, 0x65, 0x02, 0x2e, 0xdd, -+ 0x6f, 0xe7, 0xb3, 0xda, 0x5e, 0x07, 0xc4, 0xcf -+}; -+ -+int FIPS_selftest_sha3(void) -+{ -+ unsigned char md[SHA512_DIGEST_LENGTH]; -+ -+ EVP_Digest(msg_sha3_256, sizeof(msg_sha3_256), md, NULL, EVP_sha3_256(), NULL); -+ if (memcmp(dig_sha3_256, md, sizeof(dig_sha3_256))) { -+ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED); -+ return 0; -+ } -+ -+ EVP_Digest(msg_sha3_512, sizeof(msg_sha3_512), md, NULL, EVP_sha3_512(), NULL); -+ if (memcmp(dig_sha3_512, md, sizeof(dig_sha3_512))) { -+ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED); -+ return 0; -+ } -+ -+ EVP_Digest(msg_shake_128, sizeof(msg_shake_128), md, NULL, EVP_shake128(), NULL); -+ if (memcmp(dig_shake_128, md, sizeof(dig_shake_128))) { -+ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED); -+ return 0; -+ } -+ -+ EVP_Digest(msg_shake_256, sizeof(msg_shake_256), md, NULL, EVP_shake256(), NULL); -+ if (memcmp(dig_shake_256, md, sizeof(dig_shake_256))) { -+ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED); -+ return 0; -+ } -+ -+ return 1; -+} -+ -+#endif -diff -up openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c ---- openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c.fips 2021-03-03 12:57:42.201734542 +0100 -+++ openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c 2021-03-03 12:57:42.201734542 +0100 -@@ -0,0 +1,127 @@ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+int main(int argc, char **argv) -+{ -+#ifdef OPENSSL_FIPS -+ static char key[] = "orboDeJITITejsirpADONivirpUkvarP"; -+ int n, binary = 0; -+ -+ if (argc < 2) { -+ fprintf(stderr, "%s []+\n", argv[0]); -+ exit(1); -+ } -+ -+ n = 1; -+ if (!strcmp(argv[n], "-binary")) { -+ n++; -+ binary = 1; /* emit binary fingerprint... */ -+ } -+ -+ for (; n < argc; ++n) { -+ FILE *f = fopen(argv[n], "rb"); -+ HMAC_CTX *hmac_ctx; -+ unsigned char mac[EVP_MAX_MD_SIZE]; -+ unsigned int len; -+ unsigned int i; -+ -+ if (!f) { -+ perror(argv[n]); -+ exit(2); -+ } -+ hmac_ctx = HMAC_CTX_new(); -+ if (!hmac_ctx) -+ exit(3); -+ -+ if (HMAC_Init_ex(hmac_ctx, key, strlen(key), EVP_sha256(), NULL) <= 0) { -+ fprintf(stderr, "HMAC SHA256 initialization failed.\n"); -+ exit(4); -+ } -+ -+ for (;;) { -+ unsigned char buf[1024]; -+ size_t l = fread(buf, 1, sizeof buf, f); -+ -+ if (l == 0) { -+ if (ferror(f)) { -+ perror(argv[n]); -+ exit(3); -+ } else -+ break; -+ } -+ if (HMAC_Update(hmac_ctx, buf, l) <= 0) { -+ fprintf(stderr, "HMAC_Update() failed.\n"); -+ exit(4); -+ } -+ } -+ if (HMAC_Final(hmac_ctx, mac, &len) <= 0) { -+ fprintf(stderr, "HMAC_Final() failed.\n"); -+ exit(4); -+ } -+ -+ if (binary) { -+ fwrite(mac, len, 1, stdout); -+ break; /* ... for single(!) file */ -+ } -+ -+/* printf("HMAC-SHA1(%s)= ",argv[n]); */ -+ for (i = 0; i < len; ++i) -+ printf("%02x", mac[i]); -+ printf("\n"); -+ } -+#endif -+ return 0; -+} -diff -up openssl-1.1.1j/crypto/hmac/hmac.c.fips openssl-1.1.1j/crypto/hmac/hmac.c ---- openssl-1.1.1j/crypto/hmac/hmac.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/hmac/hmac.c 2021-03-03 12:57:42.202734550 +0100 -@@ -44,6 +44,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo - return 0; - - if (key != NULL) { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(EVP_MD_flags(md) & EVP_MD_FLAG_FIPS) -+ && (!EVP_MD_CTX_test_flags(ctx->md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) -+ || !EVP_MD_CTX_test_flags(ctx->i_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) -+ || !EVP_MD_CTX_test_flags(ctx->o_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))) -+ goto err; -+#endif - reset = 1; - - j = EVP_MD_block_size(md); -diff -up openssl-1.1.1j/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1j/crypto/hmac/hm_pmeth.c ---- openssl-1.1.1j/crypto/hmac/hm_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/hmac/hm_pmeth.c 2021-03-03 12:57:42.202734550 +0100 -@@ -180,7 +180,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C - - const EVP_PKEY_METHOD hmac_pkey_meth = { - EVP_PKEY_HMAC, -- 0, -+ EVP_PKEY_FLAG_FIPS, - pkey_hmac_init, - pkey_hmac_copy, - pkey_hmac_cleanup, -diff -up openssl-1.1.1j/crypto/o_fips.c.fips openssl-1.1.1j/crypto/o_fips.c ---- openssl-1.1.1j/crypto/o_fips.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/o_fips.c 2021-03-03 12:57:42.202734550 +0100 -@@ -8,17 +8,28 @@ - */ - - #include "internal/cryptlib.h" -+#include "crypto/fips.h" - - int FIPS_mode(void) - { -+#ifdef OPENSSL_FIPS -+ return FIPS_module_mode(); -+#else - /* This version of the library does not support FIPS mode. */ - return 0; -+#endif - } - - int FIPS_mode_set(int r) - { -+#ifdef OPENSSL_FIPS -+ if (r && FIPS_module_mode()) /* can be implicitly initialized by OPENSSL_init() */ -+ return 1; -+ return FIPS_module_mode_set(r); -+#else - if (r == 0) - return 1; - CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED); - return 0; -+#endif - } -diff -up openssl-1.1.1j/crypto/o_init.c.fips openssl-1.1.1j/crypto/o_init.c ---- openssl-1.1.1j/crypto/o_init.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/o_init.c 2021-03-03 12:57:42.202734550 +0100 -@@ -7,8 +7,69 @@ - * https://www.openssl.org/source/license.html - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include "e_os.h" - #include -+#ifdef OPENSSL_FIPS -+# include -+# include -+# include -+# include -+# include -+# include -+# include -+# include -+# include "crypto/fips.h" -+ -+# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" -+ -+static void init_fips_mode(void) -+{ -+ char buf[2] = "0"; -+ int fd; -+ -+ if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { -+ buf[0] = '1'; -+ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { -+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; -+ close(fd); -+ } -+ -+ if (buf[0] != '1' && !FIPS_module_installed()) -+ return; -+ -+ /* Ensure the selftests always run */ -+ /* XXX: TO SOLVE - premature initialization due to selftests */ -+ FIPS_mode_set(1); -+ -+ /* Failure reading the fips mode switch file means just not -+ * switching into FIPS mode. We would break too many things -+ * otherwise.. -+ */ -+ -+ if (buf[0] != '1') { -+ /* drop down to non-FIPS mode if it is not requested */ -+ FIPS_mode_set(0); -+ } else { -+ /* abort if selftest failed */ -+ FIPS_selftest_check(); -+ } -+} -+ -+/* -+ * Perform FIPS module power on selftest and automatic FIPS mode switch. -+ */ -+ -+void __attribute__ ((constructor)) OPENSSL_init_library(void) -+{ -+ static int done = 0; -+ if (done) -+ return; -+ done = 1; -+ init_fips_mode(); -+} -+#endif - - /* - * Perform any essential OpenSSL initialization operations. Currently does -diff -up openssl-1.1.1j/crypto/rand/rand_lib.c.fips openssl-1.1.1j/crypto/rand/rand_lib.c ---- openssl-1.1.1j/crypto/rand/rand_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/rand/rand_lib.c 2021-03-03 12:57:42.202734550 +0100 -@@ -16,6 +16,10 @@ - #include "internal/thread_once.h" - #include "rand_local.h" - #include "e_os.h" -+#ifdef OPENSSL_FIPS -+# include -+# include -+#endif - - #ifndef OPENSSL_NO_ENGINE - /* non-NULL if default_RAND_meth is ENGINE-provided */ -@@ -959,3 +963,15 @@ int RAND_status(void) - return meth->status(); - return 0; - } -+ -+#ifdef OPENSSL_FIPS -+void RAND_set_fips_drbg_type(int type, int flags) -+{ /* just a stub for ABI compatibility */ -+} -+ -+int RAND_init_fips(void) -+{ -+ /* just a stub for ABI compatibility */ -+ return 1; -+} -+#endif -diff -up openssl-1.1.1j/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1j/crypto/rsa/rsa_crpt.c ---- openssl-1.1.1j/crypto/rsa/rsa_crpt.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/rsa/rsa_crpt.c 2021-03-03 12:57:42.202734550 +0100 -@@ -27,24 +27,52 @@ int RSA_size(const RSA *r) - int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) -+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD); -+ return -1; -+ } -+#endif - return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding); - } - - int RSA_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, -+ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -+ return -1; -+ } -+#endif - return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding); - } - - int RSA_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) -+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD); -+ return -1; -+ } -+#endif - return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding); - } - - int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, -+ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); -+ return -1; -+ } -+#endif - return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding); - } - -diff -up openssl-1.1.1j/crypto/rsa/rsa_err.c.fips openssl-1.1.1j/crypto/rsa/rsa_err.c ---- openssl-1.1.1j/crypto/rsa/rsa_err.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/rsa/rsa_err.c 2021-03-03 12:57:42.202734550 +0100 -@@ -16,6 +16,8 @@ - static const ERR_STRING_DATA RSA_str_functs[] = { - {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_ENCODE_PKCS1, 0), "encode_pkcs1"}, -+ {ERR_PACK(ERR_LIB_RSA, RSA_F_FIPS_RSA_BUILTIN_KEYGEN, 0), -+ "fips_rsa_builtin_keygen"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_INT_RSA_VERIFY, 0), "int_rsa_verify"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, 0), - "old_rsa_priv_decode"}, -@@ -32,6 +34,9 @@ static const ERR_STRING_DATA RSA_str_fun - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY_EX, 0), "RSA_check_key_ex"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_DECRYPT, 0), "rsa_cms_decrypt"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_VERIFY, 0), "rsa_cms_verify"}, -+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_KEY_EX, 0), "RSA_generate_key_ex"}, -+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_MULTI_PRIME_KEY, 0), -+ "RSA_generate_multi_prime_key"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ITEM_VERIFY, 0), "rsa_item_verify"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_DUP, 0), "RSA_meth_dup"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_NEW, 0), "RSA_meth_new"}, -@@ -90,9 +95,13 @@ static const ERR_STRING_DATA RSA_str_fun - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT_FP, 0), "RSA_print_fp"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_DECODE, 0), "rsa_priv_decode"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_ENCODE, 0), "rsa_priv_encode"}, -+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_DECRYPT, 0), "RSA_private_decrypt"}, -+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_ENCRYPT, 0), "RSA_private_encrypt"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_GET_PARAM, 0), "rsa_pss_get_param"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_TO_CTX, 0), "rsa_pss_to_ctx"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"}, -+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_DECRYPT, 0), "RSA_public_decrypt"}, -+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_ENCRYPT, 0), "RSA_public_encrypt"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SETUP_BLINDING, 0), "RSA_setup_blinding"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN, 0), "RSA_sign"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN_ASN1_OCTET_STRING, 0), -@@ -102,6 +111,8 @@ static const ERR_STRING_DATA RSA_str_fun - "RSA_verify_ASN1_OCTET_STRING"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 0), - "RSA_verify_PKCS1_PSS_mgf1"}, -+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_DEFAULT_METHOD, 0), "RSA_set_default_method"}, -+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_METHOD, 0), "RSA_set_method"}, - {ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"}, - {0, NULL} - }; -@@ -183,6 +194,7 @@ static const ERR_STRING_DATA RSA_str_rea - "mp exponent not congruent to d"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, -+ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NON_FIPS_RSA_METHOD), "non FIPS rsa method"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING), - "null before block missing"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES), -@@ -191,6 +203,8 @@ static const ERR_STRING_DATA RSA_str_rea - "n does not equal p q"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR), - "oaep decoding error"}, -+ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), -+ "operation not allowed in FIPS mode"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), - "operation not supported for this keytype"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED), -@@ -226,6 +240,8 @@ static const ERR_STRING_DATA RSA_str_rea - "unsupported mask algorithm"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_PARAMETER), - "unsupported mask parameter"}, -+ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_PARAMETERS), -+ "unsupported parameters"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE), - "unsupported signature type"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"}, -diff -up openssl-1.1.1j/crypto/rsa/rsa_gen.c.fips openssl-1.1.1j/crypto/rsa/rsa_gen.c ---- openssl-1.1.1j/crypto/rsa/rsa_gen.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/rsa/rsa_gen.c 2021-03-03 12:57:42.202734550 +0100 -@@ -18,6 +18,76 @@ - #include "internal/cryptlib.h" - #include - #include "rsa_local.h" -+#ifdef OPENSSL_FIPS -+# include -+# include "crypto/fips.h" -+ -+int fips_check_rsa(RSA *rsa) -+{ -+ const unsigned char tbs[] = "RSA Pairwise Check Data"; -+ unsigned char *ctbuf = NULL, *ptbuf = NULL; -+ int len, ret = 0; -+ EVP_PKEY *pk; -+ -+ if ((pk = EVP_PKEY_new()) == NULL) -+ goto err; -+ -+ EVP_PKEY_set1_RSA(pk, rsa); -+ -+ /* Perform pairwise consistency signature test */ -+ if (!fips_pkey_signature_test(pk, tbs, -1, -+ NULL, 0, EVP_sha256(), -+ EVP_MD_CTX_FLAG_PAD_PKCS1, NULL) -+ || !fips_pkey_signature_test(pk, tbs, -1, NULL, 0, EVP_sha256(), -+ EVP_MD_CTX_FLAG_PAD_PSS, NULL)) -+ goto err; -+ /* Now perform pairwise consistency encrypt/decrypt test */ -+ ctbuf = OPENSSL_malloc(RSA_size(rsa)); -+ if (!ctbuf) -+ goto err; -+ -+ len = -+ RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, -+ RSA_PKCS1_PADDING); -+ if (len <= 0) -+ goto err; -+ /* Check ciphertext doesn't match plaintext */ -+ if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len)) -+ goto err; -+ ptbuf = OPENSSL_malloc(RSA_size(rsa)); -+ -+ if (!ptbuf) -+ goto err; -+ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING); -+ if (len != (sizeof(tbs) - 1)) -+ goto err; -+ if (memcmp(ptbuf, tbs, len)) -+ goto err; -+ -+ ret = 1; -+ -+ if (!ptbuf) -+ goto err; -+ -+ err: -+ if (ret == 0) { -+ fips_set_selftest_fail(); -+ FIPSerr(FIPS_F_FIPS_CHECK_RSA, FIPS_R_PAIRWISE_TEST_FAILED); -+ } -+ -+ if (ctbuf) -+ OPENSSL_free(ctbuf); -+ if (ptbuf) -+ OPENSSL_free(ptbuf); -+ if (pk) -+ EVP_PKEY_free(pk); -+ -+ return ret; -+} -+ -+static int fips_rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, -+ BN_GENCB *cb); -+#endif - - static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, - BN_GENCB *cb); -@@ -31,6 +101,13 @@ static int rsa_builtin_keygen(RSA *rsa, - */ - int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) -+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD); -+ return 0; -+ } -+#endif - if (rsa->meth->rsa_keygen != NULL) - return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); - -@@ -41,6 +118,13 @@ int RSA_generate_key_ex(RSA *rsa, int bi - int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, - BIGNUM *e_value, BN_GENCB *cb) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) -+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_RSA_GENERATE_MULTI_PRIME_KEY, RSA_R_NON_FIPS_RSA_METHOD); -+ return 0; -+ } -+#endif - /* multi-prime is only supported with the builtin key generation */ - if (rsa->meth->rsa_multi_prime_keygen != NULL) { - return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes, -@@ -57,10 +141,285 @@ int RSA_generate_multi_prime_key(RSA *rs - else - return 0; - } -- -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode()) { -+ if (primes != 2) { -+ RSAerr(RSA_F_RSA_GENERATE_MULTI_PRIME_KEY, RSA_R_UNSUPPORTED_PARAMETERS); -+ return 0; -+ } -+ return fips_rsa_builtin_keygen(rsa, bits, e_value, cb); -+ } -+#endif - return rsa_builtin_keygen(rsa, bits, primes, e_value, cb); - } - -+#ifdef OPENSSL_FIPS -+static int fips_rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, -+ BN_GENCB *cb) -+{ -+ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; -+ BN_CTX *ctx = NULL; -+ int ok = -1; -+ int i; -+ int n = 0; -+ int test = 0; -+ int pbits = bits / 2; -+ unsigned long error = 0; -+ -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED); -+ return 0; -+ } -+ -+ if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS -+ || (getenv("OPENSSL_ENFORCE_MODULUS_BITS") && bits < 2048)) { -+ FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_KEY_TOO_SHORT); -+ return 0; -+ } -+ if ((pbits & 0xFF) != 0) { -+ FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_INVALID_KEY_LENGTH); -+ return 0; -+ } -+ -+ ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ goto err; -+ BN_CTX_start(ctx); -+ r0 = BN_CTX_get(ctx); -+ r1 = BN_CTX_get(ctx); -+ r2 = BN_CTX_get(ctx); -+ r3 = BN_CTX_get(ctx); -+ -+ if (r3 == NULL) -+ goto err; -+ -+ /* We need the RSA components non-NULL */ -+ if (!rsa->n && ((rsa->n = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->d && ((rsa->d = BN_secure_new()) == NULL)) -+ goto err; -+ if (!rsa->e && ((rsa->e = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->p && ((rsa->p = BN_secure_new()) == NULL)) -+ goto err; -+ if (!rsa->q && ((rsa->q = BN_secure_new()) == NULL)) -+ goto err; -+ if (!rsa->dmp1 && ((rsa->dmp1 = BN_secure_new()) == NULL)) -+ goto err; -+ if (!rsa->dmq1 && ((rsa->dmq1 = BN_secure_new()) == NULL)) -+ goto err; -+ if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL)) -+ goto err; -+ -+ if (!BN_set_word(r0, RSA_F4)) -+ goto err; -+ if (BN_cmp(e_value, r0) < 0 || BN_num_bits(e_value) > 256) { -+ ok = 0; /* we set our own err */ -+ RSAerr(RSA_F_FIPS_RSA_BUILTIN_KEYGEN, RSA_R_BAD_E_VALUE); -+ goto err; -+ } -+ -+ /* prepare approximate minimum p and q */ -+ if (!BN_set_word(r0, 0xB504F334)) -+ goto err; -+ if (!BN_lshift(r0, r0, pbits - 32)) -+ goto err; -+ -+ /* prepare minimum p and q difference */ -+ if (!BN_one(r3)) -+ goto err; -+ if (!BN_lshift(r3, r3, pbits - 100)) -+ goto err; -+ -+ BN_copy(rsa->e, e_value); -+ -+ if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q)) -+ test = 1; -+ -+ BN_set_flags(r0, BN_FLG_CONSTTIME); -+ BN_set_flags(r1, BN_FLG_CONSTTIME); -+ BN_set_flags(r2, BN_FLG_CONSTTIME); -+ BN_set_flags(rsa->p, BN_FLG_CONSTTIME); -+ BN_set_flags(rsa->q, BN_FLG_CONSTTIME); -+ -+ retry: -+ /* generate p and q */ -+ for (i = 0; i < 5 * pbits; i++) { -+ ploop: -+ if (!test) -+ if (!BN_rand(rsa->p, pbits, 0, 1)) -+ goto err; -+ if (BN_cmp(rsa->p, r0) < 0) { -+ if (test) -+ goto err; -+ goto ploop; -+ } -+ -+ if (!BN_sub(r2, rsa->p, BN_value_one())) -+ goto err; -+ ERR_set_mark(); -+ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { -+ /* GCD == 1 since inverse exists */ -+ int r; -+ r = BN_is_prime_fasttest_ex(rsa->p, pbits > 1024 ? 4 : 5, ctx, 0, -+ cb); -+ if (r == -1 || (test && r <= 0)) -+ goto err; -+ if (r > 0) -+ break; -+ } else { -+ error = ERR_peek_last_error(); -+ if (ERR_GET_LIB(error) == ERR_LIB_BN -+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { -+ /* GCD != 1 */ -+ ERR_pop_to_mark(); -+ } else { -+ goto err; -+ } -+ } -+ if (!BN_GENCB_call(cb, 2, n++)) -+ goto err; -+ } -+ -+ if (!BN_GENCB_call(cb, 3, 0)) -+ goto err; -+ -+ if (i >= 5 * pbits) -+ /* prime not found */ -+ goto err; -+ -+ for (i = 0; i < 5 * pbits; i++) { -+ qloop: -+ if (!test) -+ if (!BN_rand(rsa->q, pbits, 0, 1)) -+ goto err; -+ if (BN_cmp(rsa->q, r0) < 0) { -+ if (test) -+ goto err; -+ goto qloop; -+ } -+ if (!BN_sub(r2, rsa->q, rsa->p)) -+ goto err; -+ if (BN_ucmp(r2, r3) <= 0) { -+ if (test) -+ goto err; -+ goto qloop; -+ } -+ -+ if (!BN_sub(r2, rsa->q, BN_value_one())) -+ goto err; -+ ERR_set_mark(); -+ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { -+ /* GCD == 1 since inverse exists */ -+ int r; -+ r = BN_is_prime_fasttest_ex(rsa->q, pbits > 1024 ? 4 : 5, ctx, 0, -+ cb); -+ if (r == -1 || (test && r <= 0)) -+ goto err; -+ if (r > 0) -+ break; -+ } else { -+ error = ERR_peek_last_error(); -+ if (ERR_GET_LIB(error) == ERR_LIB_BN -+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { -+ /* GCD != 1 */ -+ ERR_pop_to_mark(); -+ } else { -+ goto err; -+ } -+ } -+ if (!BN_GENCB_call(cb, 2, n++)) -+ goto err; -+ } -+ -+ if (!BN_GENCB_call(cb, 3, 1)) -+ goto err; -+ -+ if (i >= 5 * pbits) -+ /* prime not found */ -+ goto err; -+ -+ if (test) { -+ /* do not try to calculate the remaining key values */ -+ BN_clear(rsa->n); -+ ok = 1; -+ goto err; -+ } -+ -+ if (BN_cmp(rsa->p, rsa->q) < 0) { -+ tmp = rsa->p; -+ rsa->p = rsa->q; -+ rsa->q = tmp; -+ } -+ -+ /* calculate n */ -+ if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) -+ goto err; -+ -+ /* calculate d */ -+ if (!BN_sub(r1, rsa->p, BN_value_one())) -+ goto err; /* p-1 */ -+ if (!BN_sub(r2, rsa->q, BN_value_one())) -+ goto err; /* q-1 */ -+ -+ /* note that computing gcd is not safe to timing attacks */ -+ if (!BN_gcd(r0, r1, r2, ctx)) -+ goto err; -+ -+ { -+ if (!BN_div(r0, NULL, r1, r0, ctx)) -+ goto err; -+ -+ if (!BN_mul(r0, r0, r2, ctx)) /* lcm(p-1, q-1) */ -+ goto err; -+ -+ if (!BN_mod_inverse(rsa->d, rsa->e, r0, ctx)) /* d */ -+ goto err; -+ } -+ -+ if (BN_num_bits(rsa->d) < pbits) -+ goto retry; /* d is too small */ -+ -+ { -+ BIGNUM *d = BN_new(); -+ -+ if (d == NULL) -+ goto err; -+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -+ -+ if (/* calculate d mod (p-1) */ -+ !BN_mod(rsa->dmp1, d, r1, ctx) -+ /* calculate d mod (q-1) */ -+ || !BN_mod(rsa->dmq1, d, r2, ctx)) { -+ BN_free(d); -+ goto err; -+ } -+ /* We MUST free d before any further use of rsa->d */ -+ BN_free(d); -+ } -+ -+ /* calculate inverse of q mod p */ -+ if (!BN_mod_inverse(rsa->iqmp, rsa->q, rsa->p, ctx)) -+ goto err; -+ -+ if (!fips_check_rsa(rsa)) -+ goto err; -+ -+ ok = 1; -+ err: -+ if (ok == -1) { -+ RSAerr(RSA_F_FIPS_RSA_BUILTIN_KEYGEN, ERR_LIB_BN); -+ ok = 0; -+ } -+ if (ctx != NULL) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ -+ return ok; -+} -+#endif -+ - static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, - BN_GENCB *cb) - { -diff -up openssl-1.1.1j/crypto/rsa/rsa_lib.c.fips openssl-1.1.1j/crypto/rsa/rsa_lib.c ---- openssl-1.1.1j/crypto/rsa/rsa_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/rsa/rsa_lib.c 2021-03-03 12:57:42.203734558 +0100 -@@ -34,6 +34,12 @@ int RSA_set_method(RSA *rsa, const RSA_M - * to deal with which ENGINE it comes from. - */ - const RSA_METHOD *mtmp; -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) { -+ RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_RSA_METHOD); -+ return 0; -+ } -+#endif - mtmp = rsa->meth; - if (mtmp->finish) - mtmp->finish(rsa); -@@ -66,7 +72,6 @@ RSA *RSA_new_method(ENGINE *engine) - - ret->meth = RSA_get_default_method(); - #ifndef OPENSSL_NO_ENGINE -- ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; - if (engine) { - if (!ENGINE_init(engine)) { - RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); -@@ -84,8 +89,19 @@ RSA *RSA_new_method(ENGINE *engine) - } - } - #endif -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD)) { -+ RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_RSA_METHOD); -+# ifndef OPENSSL_NO_ENGINE -+ if (ret->engine) -+ ENGINE_finish(ret->engine); -+# endif -+ OPENSSL_free(ret); -+ return NULL; -+ } -+#endif - -- ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; -+ ret->flags = ret->meth->flags; - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { - goto err; - } -diff -up openssl-1.1.1j/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1j/crypto/rsa/rsa_ossl.c ---- openssl-1.1.1j/crypto/rsa/rsa_ossl.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/rsa/rsa_ossl.c 2021-03-03 12:57:42.203734558 +0100 -@@ -12,6 +12,10 @@ - #include "rsa_local.h" - #include "internal/constant_time.h" - -+#ifdef OPENSSL_FIPS -+# include -+#endif -+ - static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, -@@ -47,6 +51,12 @@ static const RSA_METHOD *default_RSA_met - - void RSA_set_default_method(const RSA_METHOD *meth) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) { -+ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_RSA_METHOD); -+ return; -+ } -+#endif - default_RSA_meth = meth; - } - -@@ -73,6 +83,22 @@ static int rsa_ossl_public_encrypt(int f - unsigned char *buf = NULL; - BN_CTX *ctx = NULL; - -+# ifdef OPENSSL_FIPS -+ if (FIPS_mode()) { -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT, -+ FIPS_R_FIPS_SELFTEST_FAILED); -+ goto err; -+ } -+ -+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) -+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { -+ RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); -+ return -1; -+ } -+ } -+# endif -+ - if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { - RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); - return -1; -@@ -246,6 +272,22 @@ static int rsa_ossl_private_encrypt(int - BIGNUM *unblind = NULL; - BN_BLINDING *blinding = NULL; - -+# ifdef OPENSSL_FIPS -+ if (FIPS_mode()) { -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT, -+ FIPS_R_FIPS_SELFTEST_FAILED); -+ return -1; -+ } -+ -+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) -+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { -+ RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); -+ return -1; -+ } -+ } -+# endif -+ - if ((ctx = BN_CTX_new()) == NULL) - goto err; - BN_CTX_start(ctx); -@@ -380,6 +422,22 @@ static int rsa_ossl_private_decrypt(int - BIGNUM *unblind = NULL; - BN_BLINDING *blinding = NULL; - -+# ifdef OPENSSL_FIPS -+ if (FIPS_mode()) { -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_RSA_OSSL_PRIVATE_DECRYPT, -+ FIPS_R_FIPS_SELFTEST_FAILED); -+ return -1; -+ } -+ -+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) -+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { -+ RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); -+ return -1; -+ } -+ } -+# endif -+ - if ((ctx = BN_CTX_new()) == NULL) - goto err; - BN_CTX_start(ctx); -@@ -507,6 +565,22 @@ static int rsa_ossl_public_decrypt(int f - unsigned char *buf = NULL; - BN_CTX *ctx = NULL; - -+# ifdef OPENSSL_FIPS -+ if (FIPS_mode()) { -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_RSA_OSSL_PUBLIC_DECRYPT, -+ FIPS_R_FIPS_SELFTEST_FAILED); -+ goto err; -+ } -+ -+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) -+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { -+ RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); -+ return -1; -+ } -+ } -+# endif -+ - if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { - RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); - return -1; -diff -up openssl-1.1.1j/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1j/crypto/rsa/rsa_pmeth.c ---- openssl-1.1.1j/crypto/rsa/rsa_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/rsa/rsa_pmeth.c 2021-03-03 12:57:42.203734558 +0100 -@@ -756,7 +756,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX - - const EVP_PKEY_METHOD rsa_pkey_meth = { - EVP_PKEY_RSA, -- EVP_PKEY_FLAG_AUTOARGLEN, -+ EVP_PKEY_FLAG_AUTOARGLEN | EVP_PKEY_FLAG_FIPS, - pkey_rsa_init, - pkey_rsa_copy, - pkey_rsa_cleanup, -@@ -838,7 +838,7 @@ static int pkey_pss_init(EVP_PKEY_CTX *c - - const EVP_PKEY_METHOD rsa_pss_pkey_meth = { - EVP_PKEY_RSA_PSS, -- EVP_PKEY_FLAG_AUTOARGLEN, -+ EVP_PKEY_FLAG_AUTOARGLEN | EVP_PKEY_FLAG_FIPS, - pkey_rsa_init, - pkey_rsa_copy, - pkey_rsa_cleanup, -diff -up openssl-1.1.1j/crypto/rsa/rsa_sign.c.fips openssl-1.1.1j/crypto/rsa/rsa_sign.c ---- openssl-1.1.1j/crypto/rsa/rsa_sign.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/rsa/rsa_sign.c 2021-03-03 12:57:42.203734558 +0100 -@@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch - unsigned char *tmps = NULL; - const unsigned char *encoded = NULL; - -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) -+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -+ RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD); -+ return 0; -+ } -+#endif - if (rsa->meth->rsa_sign) { - return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); - } -@@ -100,8 +107,9 @@ int RSA_sign(int type, const unsigned ch - RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); - goto err; - } -- encrypt_len = RSA_private_encrypt(encoded_len, encoded, sigret, rsa, -- RSA_PKCS1_PADDING); -+ /* NB: call underlying method directly to avoid FIPS blocking */ -+ encrypt_len = rsa->meth->rsa_priv_enc ? rsa->meth->rsa_priv_enc(encoded_len, encoded, sigret, rsa, -+ RSA_PKCS1_PADDING) : 0; - if (encrypt_len <= 0) - goto err; - -diff -up openssl-1.1.1j/crypto/sha/sha256.c.fips openssl-1.1.1j/crypto/sha/sha256.c ---- openssl-1.1.1j/crypto/sha/sha256.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/sha/sha256.c 2021-03-03 12:57:42.203734558 +0100 -@@ -18,6 +18,9 @@ - - int SHA224_Init(SHA256_CTX *c) - { -+# ifdef OPENSSL_FIPS -+ FIPS_selftest_check(); -+# endif - memset(c, 0, sizeof(*c)); - c->h[0] = 0xc1059ed8UL; - c->h[1] = 0x367cd507UL; -@@ -33,6 +36,9 @@ int SHA224_Init(SHA256_CTX *c) - - int SHA256_Init(SHA256_CTX *c) - { -+# ifdef OPENSSL_FIPS -+ FIPS_selftest_check(); -+# endif - memset(c, 0, sizeof(*c)); - c->h[0] = 0x6a09e667UL; - c->h[1] = 0xbb67ae85UL; -diff -up openssl-1.1.1j/crypto/sha/sha512.c.fips openssl-1.1.1j/crypto/sha/sha512.c ---- openssl-1.1.1j/crypto/sha/sha512.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/crypto/sha/sha512.c 2021-03-03 12:57:42.203734558 +0100 -@@ -98,6 +98,9 @@ int sha512_256_init(SHA512_CTX *c) - - int SHA384_Init(SHA512_CTX *c) - { -+# ifdef OPENSSL_FIPS -+ FIPS_selftest_check(); -+# endif - c->h[0] = U64(0xcbbb9d5dc1059ed8); - c->h[1] = U64(0x629a292a367cd507); - c->h[2] = U64(0x9159015a3070dd17); -@@ -116,6 +119,9 @@ int SHA384_Init(SHA512_CTX *c) - - int SHA512_Init(SHA512_CTX *c) - { -+# ifdef OPENSSL_FIPS -+ FIPS_selftest_check(); -+# endif - c->h[0] = U64(0x6a09e667f3bcc908); - c->h[1] = U64(0xbb67ae8584caa73b); - c->h[2] = U64(0x3c6ef372fe94f82b); -diff -up openssl-1.1.1j/crypto/sha/sha_local.h.fips openssl-1.1.1j/crypto/sha/sha_local.h ---- openssl-1.1.1j/crypto/sha/sha_local.h.fips 2021-03-03 12:57:41.941732391 +0100 -+++ openssl-1.1.1j/crypto/sha/sha_local.h 2021-03-03 12:57:42.203734558 +0100 -@@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c - - int HASH_INIT(SHA_CTX *c) - { -+#if defined(OPENSSL_FIPS) -+ FIPS_selftest_check(); -+#endif - memset(c, 0, sizeof(*c)); - c->h0 = INIT_DATA_h0; - c->h1 = INIT_DATA_h1; -diff -up openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod ---- openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod 2021-03-03 12:57:42.203734558 +0100 -@@ -30,8 +30,10 @@ B is the length of the prime p to - For lengths under 2048 bits, the length of q is 160 bits; for lengths - greater than or equal to 2048 bits, the length of q is set to 256 bits. - --If B is NULL, the primes will be generated at random. --If B is less than the length of q, an error is returned. -+If B is NULL, or it does not generate primes, the primes will be -+generated at random. -+If B is less than the length of q, an error is returned -+if old DSA parameter generation method is used as a backend. - - DSA_generate_parameters_ex() places the iteration count in - *B and a counter used for finding a generator in -diff -up openssl-1.1.1j/include/crypto/fips.h.fips openssl-1.1.1j/include/crypto/fips.h ---- openssl-1.1.1j/include/crypto/fips.h.fips 2021-03-03 12:57:42.202734550 +0100 -+++ openssl-1.1.1j/include/crypto/fips.h 2021-03-03 12:57:42.202734550 +0100 -@@ -0,0 +1,98 @@ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include -+#include -+ -+#ifndef OPENSSL_FIPS -+# error FIPS is disabled. -+#endif -+ -+#ifdef OPENSSL_FIPS -+ -+int FIPS_module_mode_set(int onoff); -+int FIPS_module_mode(void); -+int FIPS_module_installed(void); -+int FIPS_selftest_sha1(void); -+int FIPS_selftest_sha2(void); -+int FIPS_selftest_sha3(void); -+int FIPS_selftest_aes_ccm(void); -+int FIPS_selftest_aes_gcm(void); -+int FIPS_selftest_aes_xts(void); -+int FIPS_selftest_aes(void); -+int FIPS_selftest_des(void); -+int FIPS_selftest_rsa(void); -+int FIPS_selftest_dsa(void); -+int FIPS_selftest_ecdsa(void); -+int FIPS_selftest_ecdh(void); -+int FIPS_selftest_dh(void); -+void FIPS_drbg_stick(int onoff); -+int FIPS_selftest_hmac(void); -+int FIPS_selftest_drbg(void); -+int FIPS_selftest_cmac(void); -+ -+int fips_pkey_signature_test(EVP_PKEY *pkey, -+ const unsigned char *tbs, int tbslen, -+ const unsigned char *kat, -+ unsigned int katlen, -+ const EVP_MD *digest, -+ unsigned int md_flags, const char *fail_str); -+ -+int fips_cipher_test(EVP_CIPHER_CTX *ctx, -+ const EVP_CIPHER *cipher, -+ const unsigned char *key, -+ const unsigned char *iv, -+ const unsigned char *plaintext, -+ const unsigned char *ciphertext, int len); -+ -+void fips_set_selftest_fail(void); -+ -+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); -+ -+#endif -diff -up openssl-1.1.1j/include/openssl/crypto.h.fips openssl-1.1.1j/include/openssl/crypto.h ---- openssl-1.1.1j/include/openssl/crypto.h.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/include/openssl/crypto.h 2021-03-03 12:57:42.204734567 +0100 -@@ -331,6 +331,11 @@ int OPENSSL_isservice(void); - int FIPS_mode(void); - int FIPS_mode_set(int r); - -+# ifdef OPENSSL_FIPS -+/* die if FIPS selftest failed */ -+void FIPS_selftest_check(void); -+# endif -+ - void OPENSSL_init(void); - # ifdef OPENSSL_SYS_UNIX - void OPENSSL_fork_prepare(void); -diff -up openssl-1.1.1j/include/openssl/dherr.h.fips openssl-1.1.1j/include/openssl/dherr.h ---- openssl-1.1.1j/include/openssl/dherr.h.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/include/openssl/dherr.h 2021-03-03 12:57:42.204734567 +0100 -@@ -36,6 +36,9 @@ int ERR_load_DH_strings(void); - # define DH_F_DH_CMS_DECRYPT 114 - # define DH_F_DH_CMS_SET_PEERKEY 115 - # define DH_F_DH_CMS_SET_SHARED_INFO 116 -+# define DH_F_DH_COMPUTE_KEY 203 -+# define DH_F_DH_GENERATE_KEY 202 -+# define DH_F_DH_GENERATE_PARAMETERS_EX 201 - # define DH_F_DH_METH_DUP 117 - # define DH_F_DH_METH_NEW 118 - # define DH_F_DH_METH_SET1_NAME 119 -@@ -73,12 +76,14 @@ int ERR_load_DH_strings(void); - # define DH_R_INVALID_PARAMETER_NID 114 - # define DH_R_INVALID_PUBKEY 102 - # define DH_R_KDF_PARAMETER_ERROR 112 -+# define DH_R_KEY_SIZE_TOO_SMALL 201 - # define DH_R_KEYS_NOT_SET 108 - # define DH_R_MISSING_PUBKEY 125 - # define DH_R_MODULUS_TOO_LARGE 103 - # define DH_R_NOT_SUITABLE_GENERATOR 120 - # define DH_R_NO_PARAMETERS_SET 107 - # define DH_R_NO_PRIVATE_VALUE 100 -+# define DH_R_NON_FIPS_METHOD 202 - # define DH_R_PARAMETER_ENCODING_ERROR 105 - # define DH_R_PEER_KEY_ERROR 111 - # define DH_R_SHARED_INFO_ERROR 113 -diff -up openssl-1.1.1j/include/openssl/dh.h.fips openssl-1.1.1j/include/openssl/dh.h ---- openssl-1.1.1j/include/openssl/dh.h.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/include/openssl/dh.h 2021-03-03 12:57:42.204734567 +0100 -@@ -31,6 +31,7 @@ extern "C" { - # endif - - # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 -+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048 - - # define DH_FLAG_CACHE_MONT_P 0x01 - -diff -up openssl-1.1.1j/include/openssl/dsaerr.h.fips openssl-1.1.1j/include/openssl/dsaerr.h ---- openssl-1.1.1j/include/openssl/dsaerr.h.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/include/openssl/dsaerr.h 2021-03-03 12:57:42.204734567 +0100 -@@ -29,8 +29,11 @@ int ERR_load_DSA_strings(void); - */ - # define DSA_F_DSAPARAMS_PRINT 100 - # define DSA_F_DSAPARAMS_PRINT_FP 101 -+# define DSA_F_DSA_BUILTIN_KEYGEN 202 - # define DSA_F_DSA_BUILTIN_PARAMGEN 125 - # define DSA_F_DSA_BUILTIN_PARAMGEN2 126 -+# define DSA_F_DSA_GENERATE_KEY 201 -+# define DSA_F_DSA_GENERATE_PARAMETERS_EX 200 - # define DSA_F_DSA_DO_SIGN 112 - # define DSA_F_DSA_DO_VERIFY 113 - # define DSA_F_DSA_METH_DUP 127 -@@ -60,10 +63,13 @@ int ERR_load_DSA_strings(void); - # define DSA_R_DECODE_ERROR 104 - # define DSA_R_INVALID_DIGEST_TYPE 106 - # define DSA_R_INVALID_PARAMETERS 112 -+# define DSA_R_KEY_SIZE_INVALID 201 -+# define DSA_R_KEY_SIZE_TOO_SMALL 202 - # define DSA_R_MISSING_PARAMETERS 101 - # define DSA_R_MISSING_PRIVATE_KEY 111 - # define DSA_R_MODULUS_TOO_LARGE 103 - # define DSA_R_NO_PARAMETERS_SET 107 -+# define DSA_R_NON_FIPS_DSA_METHOD 200 - # define DSA_R_PARAMETER_ENCODING_ERROR 105 - # define DSA_R_Q_NOT_PRIME 113 - # define DSA_R_SEED_LEN_SMALL 110 -diff -up openssl-1.1.1j/include/openssl/dsa.h.fips openssl-1.1.1j/include/openssl/dsa.h ---- openssl-1.1.1j/include/openssl/dsa.h.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/include/openssl/dsa.h 2021-03-03 12:57:42.204734567 +0100 -@@ -31,6 +31,7 @@ extern "C" { - # endif - - # define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 -+# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN 2048 - - # define DSA_FLAG_CACHE_MONT_P 0x01 - # if OPENSSL_API_COMPAT < 0x10100000L -diff -up openssl-1.1.1j/include/openssl/evperr.h.fips openssl-1.1.1j/include/openssl/evperr.h ---- openssl-1.1.1j/include/openssl/evperr.h.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/include/openssl/evperr.h 2021-03-03 12:57:42.204734567 +0100 -@@ -22,14 +22,15 @@ int ERR_load_EVP_strings(void); - * EVP function codes. - */ - # define EVP_F_AESNI_INIT_KEY 165 --# define EVP_F_AESNI_XTS_INIT_KEY 207 -+# define EVP_F_AESNI_XTS_INIT_KEY 233 - # define EVP_F_AES_GCM_CTRL 196 - # define EVP_F_AES_INIT_KEY 133 - # define EVP_F_AES_OCB_CIPHER 169 - # define EVP_F_AES_T4_INIT_KEY 178 --# define EVP_F_AES_T4_XTS_INIT_KEY 208 -+# define EVP_F_AES_T4_XTS_INIT_KEY 234 - # define EVP_F_AES_WRAP_CIPHER 170 --# define EVP_F_AES_XTS_INIT_KEY 209 -+# define EVP_F_AES_XTS_CIPHER 229 -+# define EVP_F_AES_XTS_INIT_KEY 235 - # define EVP_F_ALG_MODULE_INIT 177 - # define EVP_F_ARIA_CCM_INIT_KEY 175 - # define EVP_F_ARIA_GCM_CTRL 197 -@@ -140,6 +141,7 @@ int ERR_load_EVP_strings(void); - # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 - # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 - # define EVP_R_DECODE_ERROR 114 -+# define EVP_R_DISABLED_FOR_FIPS 200 - # define EVP_R_DIFFERENT_KEY_TYPES 101 - # define EVP_R_DIFFERENT_PARAMETERS 153 - # define EVP_R_ERROR_LOADING_SECTION 165 -@@ -184,6 +186,7 @@ int ERR_load_EVP_strings(void); - # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 - # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 - # define EVP_R_PUBLIC_KEY_NOT_RSA 106 -+# define EVP_R_TOO_LARGE 201 - # define EVP_R_UNKNOWN_CIPHER 160 - # define EVP_R_UNKNOWN_DIGEST 161 - # define EVP_R_UNKNOWN_OPTION 169 -@@ -199,6 +202,7 @@ int ERR_load_EVP_strings(void); - # define EVP_R_UNSUPPORTED_SALT_TYPE 126 - # define EVP_R_WRAP_MODE_NOT_ALLOWED 170 - # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 --# define EVP_R_XTS_DUPLICATED_KEYS 183 -+# define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE 191 -+# define EVP_R_XTS_DUPLICATED_KEYS 192 - - #endif -diff -up openssl-1.1.1j/include/openssl/evp.h.fips openssl-1.1.1j/include/openssl/evp.h ---- openssl-1.1.1j/include/openssl/evp.h.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/include/openssl/evp.h 2021-03-03 12:57:42.204734567 +0100 -@@ -1324,6 +1324,9 @@ void EVP_PKEY_asn1_set_security_bits(EVP - */ - # define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 - -+/* Downstream modification, large value to avoid conflict */ -+# define EVP_PKEY_FLAG_FIPS 0x4000 -+ - const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); - EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); - void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, -diff -up openssl-1.1.1j/include/openssl/fips.h.fips openssl-1.1.1j/include/openssl/fips.h ---- openssl-1.1.1j/include/openssl/fips.h.fips 2021-03-03 12:57:42.204734567 +0100 -+++ openssl-1.1.1j/include/openssl/fips.h 2021-03-03 12:57:42.204734567 +0100 -@@ -0,0 +1,187 @@ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include -+#include -+#include -+#include -+ -+#ifndef OPENSSL_FIPS -+# error FIPS is disabled. -+#endif -+ -+#ifdef OPENSSL_FIPS -+ -+# ifdef __cplusplus -+extern "C" { -+# endif -+ -+ int FIPS_selftest(void); -+ int FIPS_selftest_failed(void); -+ int FIPS_selftest_drbg_all(void); -+ -+ int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, -+ const EVP_MD *evpmd, const unsigned char *seed_in, -+ size_t seed_len, int idx, unsigned char *seed_out, -+ int *counter_ret, unsigned long *h_ret, -+ BN_GENCB *cb); -+ int FIPS_dsa_paramgen_check_g(DSA *dsa); -+ -+/* BEGIN ERROR CODES */ -+/* The following lines are auto generated by the script mkerr.pl. Any changes -+ * made after this point may be overwritten when the script is next run. -+ */ -+ int ERR_load_FIPS_strings(void); -+ -+/* Error codes for the FIPS functions. */ -+ -+/* Function codes. */ -+# define FIPS_F_DH_BUILTIN_GENPARAMS 100 -+# define FIPS_F_DRBG_RESEED 121 -+# define FIPS_F_DSA_BUILTIN_PARAMGEN2 107 -+# define FIPS_F_DSA_DO_SIGN 102 -+# define FIPS_F_DSA_DO_VERIFY 103 -+# define FIPS_F_EVP_CIPHER_CTX_NEW 137 -+# define FIPS_F_EVP_CIPHER_CTX_RESET 122 -+# define FIPS_F_ECDH_COMPUTE_KEY 123 -+# define FIPS_F_EVP_CIPHERINIT_EX 124 -+# define FIPS_F_EVP_DIGESTINIT_EX 125 -+# define FIPS_F_FIPS_CHECK_DSA 104 -+# define FIPS_F_FIPS_CHECK_EC 142 -+# define FIPS_F_FIPS_CHECK_RSA 106 -+# define FIPS_F_FIPS_DRBG_BYTES 131 -+# define FIPS_F_FIPS_DRBG_CHECK 146 -+# define FIPS_F_FIPS_DRBG_CPRNG_TEST 132 -+# define FIPS_F_FIPS_DRBG_ERROR_CHECK 136 -+# define FIPS_F_FIPS_DRBG_GENERATE 134 -+# define FIPS_F_FIPS_DRBG_INIT 135 -+# define FIPS_F_FIPS_DRBG_INSTANTIATE 138 -+# define FIPS_F_FIPS_DRBG_NEW 139 -+# define FIPS_F_FIPS_DRBG_RESEED 140 -+# define FIPS_F_FIPS_DRBG_SINGLE_KAT 141 -+# define FIPS_F_FIPS_GET_ENTROPY 147 -+# define FIPS_F_FIPS_MODULE_MODE_SET 108 -+# define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109 -+# define FIPS_F_FIPS_RAND_BYTES 114 -+# define FIPS_F_FIPS_RAND_SEED 128 -+# define FIPS_F_FIPS_RAND_SET_METHOD 126 -+# define FIPS_F_FIPS_RAND_STATUS 127 -+# define FIPS_F_FIPS_RSA_BUILTIN_KEYGEN 101 -+# define FIPS_F_FIPS_SELFTEST 150 -+# define FIPS_F_FIPS_SELFTEST_AES 110 -+# define FIPS_F_FIPS_SELFTEST_AES_CCM 145 -+# define FIPS_F_FIPS_SELFTEST_AES_GCM 129 -+# define FIPS_F_FIPS_SELFTEST_AES_XTS 144 -+# define FIPS_F_FIPS_SELFTEST_CMAC 130 -+# define FIPS_F_FIPS_SELFTEST_DES 111 -+# define FIPS_F_FIPS_SELFTEST_DSA 112 -+# define FIPS_F_FIPS_SELFTEST_ECDSA 133 -+# define FIPS_F_FIPS_SELFTEST_HMAC 113 -+# define FIPS_F_FIPS_SELFTEST_SHA1 115 -+# define FIPS_F_FIPS_SELFTEST_SHA2 105 -+# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143 -+# define FIPS_F_OSSL_ECDSA_VERIFY_SIG 148 -+# define FIPS_F_RSA_BUILTIN_KEYGEN 116 -+# define FIPS_F_RSA_OSSL_INIT 149 -+# define FIPS_F_RSA_OSSL_PRIVATE_DECRYPT 117 -+# define FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT 118 -+# define FIPS_F_RSA_OSSL_PUBLIC_DECRYPT 119 -+# define FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT 120 -+ -+/* Reason codes. */ -+# define FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED 150 -+# define FIPS_R_ADDITIONAL_INPUT_TOO_LONG 125 -+# define FIPS_R_ALREADY_INSTANTIATED 134 -+# define FIPS_R_DRBG_NOT_INITIALISED 152 -+# define FIPS_R_DRBG_STUCK 103 -+# define FIPS_R_ENTROPY_ERROR_UNDETECTED 104 -+# define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105 -+# define FIPS_R_ENTROPY_SOURCE_STUCK 142 -+# define FIPS_R_ERROR_INITIALISING_DRBG 115 -+# define FIPS_R_ERROR_INSTANTIATING_DRBG 127 -+# define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 124 -+# define FIPS_R_ERROR_RETRIEVING_ENTROPY 122 -+# define FIPS_R_ERROR_RETRIEVING_NONCE 140 -+# define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 110 -+# define FIPS_R_FIPS_MODE_ALREADY_SET 102 -+# define FIPS_R_FIPS_SELFTEST_FAILED 106 -+# define FIPS_R_FUNCTION_ERROR 116 -+# define FIPS_R_GENERATE_ERROR 137 -+# define FIPS_R_GENERATE_ERROR_UNDETECTED 118 -+# define FIPS_R_INSTANTIATE_ERROR 119 -+# define FIPS_R_INTERNAL_ERROR 121 -+# define FIPS_R_INVALID_KEY_LENGTH 109 -+# define FIPS_R_IN_ERROR_STATE 123 -+# define FIPS_R_KEY_TOO_SHORT 108 -+# define FIPS_R_NONCE_ERROR_UNDETECTED 149 -+# define FIPS_R_NON_FIPS_METHOD 100 -+# define FIPS_R_NOPR_TEST1_FAILURE 145 -+# define FIPS_R_NOPR_TEST2_FAILURE 146 -+# define FIPS_R_NOT_INSTANTIATED 126 -+# define FIPS_R_PAIRWISE_TEST_FAILED 107 -+# define FIPS_R_PERSONALISATION_ERROR_UNDETECTED 128 -+# define FIPS_R_PERSONALISATION_STRING_TOO_LONG 129 -+# define FIPS_R_PR_TEST1_FAILURE 147 -+# define FIPS_R_PR_TEST2_FAILURE 148 -+# define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED 130 -+# define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG 131 -+# define FIPS_R_RESEED_COUNTER_ERROR 132 -+# define FIPS_R_RESEED_ERROR 133 -+# define FIPS_R_SELFTEST_FAILED 101 -+# define FIPS_R_SELFTEST_FAILURE 135 -+# define FIPS_R_TEST_FAILURE 117 -+# define FIPS_R_UNINSTANTIATE_ERROR 141 -+# define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138 -+# define FIPS_R_UNSUPPORTED_DRBG_TYPE 139 -+# define FIPS_R_UNSUPPORTED_PLATFORM 113 -+ -+# ifdef __cplusplus -+} -+# endif -+#endif -diff -up openssl-1.1.1j/include/openssl/fips_rand.h.fips openssl-1.1.1j/include/openssl/fips_rand.h ---- openssl-1.1.1j/include/openssl/fips_rand.h.fips 2021-03-03 12:57:42.204734567 +0100 -+++ openssl-1.1.1j/include/openssl/fips_rand.h 2021-03-03 12:57:42.204734567 +0100 -@@ -0,0 +1,145 @@ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#ifndef HEADER_FIPS_RAND_H -+# define HEADER_FIPS_RAND_H -+ -+# include -+# include -+# include -+# include -+ -+# ifdef OPENSSL_FIPS -+ -+# ifdef __cplusplus -+extern "C" { -+# endif -+ typedef struct drbg_ctx_st DRBG_CTX; -+/* DRBG external flags */ -+/* Flag for CTR mode only: use derivation function ctr_df */ -+# define DRBG_FLAG_CTR_USE_DF 0x1 -+/* PRNG is in test state */ -+# define DRBG_FLAG_TEST 0x2 -+ -+ DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags); -+ int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags); -+ int FIPS_drbg_instantiate(DRBG_CTX *dctx, -+ const unsigned char *pers, size_t perslen); -+ int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin, -+ size_t adinlen); -+ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen, -+ int prediction_resistance, -+ const unsigned char *adin, size_t adinlen); -+ -+ int FIPS_drbg_uninstantiate(DRBG_CTX *dctx); -+ void FIPS_drbg_free(DRBG_CTX *dctx); -+ -+ int FIPS_drbg_set_callbacks(DRBG_CTX *dctx, -+ size_t (*get_entropy) (DRBG_CTX *ctx, -+ unsigned char **pout, -+ int entropy, -+ size_t min_len, -+ size_t max_len), -+ void (*cleanup_entropy) (DRBG_CTX *ctx, -+ unsigned char *out, -+ size_t olen), -+ size_t entropy_blocklen, -+ size_t (*get_nonce) (DRBG_CTX *ctx, -+ unsigned char **pout, -+ int entropy, -+ size_t min_len, -+ size_t max_len), -+ void (*cleanup_nonce) (DRBG_CTX *ctx, -+ unsigned char *out, -+ size_t olen)); -+ -+ int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx, -+ size_t (*get_adin) (DRBG_CTX *ctx, -+ unsigned char -+ **pout), -+ void (*cleanup_adin) (DRBG_CTX *ctx, -+ unsigned char *out, -+ size_t olen), -+ int (*rand_seed_cb) (DRBG_CTX *ctx, -+ const void *buf, -+ int num), -+ int (*rand_add_cb) (DRBG_CTX *ctx, -+ const void *buf, -+ int num, -+ double entropy)); -+ -+ void *FIPS_drbg_get_app_data(DRBG_CTX *ctx); -+ void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data); -+ size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx); -+ int FIPS_drbg_get_strength(DRBG_CTX *dctx); -+ void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval); -+ void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval); -+ -+ int FIPS_drbg_health_check(DRBG_CTX *dctx); -+ -+ DRBG_CTX *FIPS_get_default_drbg(void); -+ const RAND_METHOD *FIPS_drbg_method(void); -+ -+ int FIPS_rand_set_method(const RAND_METHOD *meth); -+ const RAND_METHOD *FIPS_rand_get_method(void); -+ -+ void FIPS_rand_set_bits(int nbits); -+ -+ int FIPS_rand_strength(void); -+ -+/* 1.0.0 compat functions */ -+ int FIPS_rand_seed(const void *buf, int num); -+ int FIPS_rand_bytes(unsigned char *out, int outlen); -+ void FIPS_rand_reset(void); -+ int FIPS_rand_status(void); -+# ifdef __cplusplus -+} -+# endif -+# endif -+#endif -diff -up openssl-1.1.1j/include/openssl/opensslconf.h.in.fips openssl-1.1.1j/include/openssl/opensslconf.h.in ---- openssl-1.1.1j/include/openssl/opensslconf.h.in.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/include/openssl/opensslconf.h.in 2021-03-03 12:57:42.205734575 +0100 -@@ -155,6 +155,11 @@ extern "C" { - - #define RC4_INT {- $config{rc4_int} -} - -+/* Always build FIPS module */ -+#ifndef OPENSSL_FIPS -+# define OPENSSL_FIPS -+#endif -+ - #ifdef __cplusplus - } - #endif -diff -up openssl-1.1.1j/include/openssl/randerr.h.fips openssl-1.1.1j/include/openssl/randerr.h ---- openssl-1.1.1j/include/openssl/randerr.h.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/include/openssl/randerr.h 2021-03-03 12:57:42.205734575 +0100 -@@ -38,6 +38,7 @@ int ERR_load_RAND_strings(void); - # define RAND_F_RAND_DRBG_SET 104 - # define RAND_F_RAND_DRBG_SET_DEFAULTS 121 - # define RAND_F_RAND_DRBG_UNINSTANTIATE 118 -+# define RAND_F_RAND_INIT_FIPS 200 - # define RAND_F_RAND_LOAD_FILE 111 - # define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 - # define RAND_F_RAND_POOL_ADD 103 -diff -up openssl-1.1.1j/include/openssl/rand.h.fips openssl-1.1.1j/include/openssl/rand.h ---- openssl-1.1.1j/include/openssl/rand.h.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/include/openssl/rand.h 2021-03-03 12:57:42.205734575 +0100 -@@ -69,6 +69,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void - DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) - # endif - -+# ifdef OPENSSL_FIPS -+/* just stubs for API compatibility */ -+void RAND_set_fips_drbg_type(int type, int flags); -+int RAND_init_fips(void); -+# endif - - #ifdef __cplusplus - } -diff -up openssl-1.1.1j/include/openssl/rsaerr.h.fips openssl-1.1.1j/include/openssl/rsaerr.h ---- openssl-1.1.1j/include/openssl/rsaerr.h.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/include/openssl/rsaerr.h 2021-03-03 12:57:42.205734575 +0100 -@@ -25,6 +25,7 @@ int ERR_load_RSA_strings(void); - */ - # define RSA_F_CHECK_PADDING_MD 140 - # define RSA_F_ENCODE_PKCS1 146 -+# define RSA_F_FIPS_RSA_BUILTIN_KEYGEN 206 - # define RSA_F_INT_RSA_VERIFY 145 - # define RSA_F_OLD_RSA_PRIV_DECODE 147 - # define RSA_F_PKEY_PSS_INIT 165 -@@ -39,6 +40,8 @@ int ERR_load_RSA_strings(void); - # define RSA_F_RSA_CHECK_KEY_EX 160 - # define RSA_F_RSA_CMS_DECRYPT 159 - # define RSA_F_RSA_CMS_VERIFY 158 -+# define RSA_F_RSA_GENERATE_KEY_EX 204 -+# define RSA_F_RSA_GENERATE_MULTI_PRIME_KEY 207 - # define RSA_F_RSA_ITEM_VERIFY 148 - # define RSA_F_RSA_METH_DUP 161 - # define RSA_F_RSA_METH_NEW 162 -@@ -76,10 +79,16 @@ int ERR_load_RSA_strings(void); - # define RSA_F_RSA_PRINT_FP 116 - # define RSA_F_RSA_PRIV_DECODE 150 - # define RSA_F_RSA_PRIV_ENCODE 138 -+# define RSA_F_RSA_PRIVATE_DECRYPT 200 -+# define RSA_F_RSA_PRIVATE_ENCRYPT 201 - # define RSA_F_RSA_PSS_GET_PARAM 151 - # define RSA_F_RSA_PSS_TO_CTX 155 - # define RSA_F_RSA_PUB_DECODE 139 -+# define RSA_F_RSA_PUBLIC_DECRYPT 202 -+# define RSA_F_RSA_PUBLIC_ENCRYPT 203 - # define RSA_F_RSA_SETUP_BLINDING 136 -+# define RSA_F_RSA_SET_DEFAULT_METHOD 205 -+# define RSA_F_RSA_SET_METHOD 204 - # define RSA_F_RSA_SIGN 117 - # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 - # define RSA_F_RSA_VERIFY 119 -@@ -137,10 +146,12 @@ int ERR_load_RSA_strings(void); - # define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169 - # define RSA_R_MP_R_NOT_PRIME 170 - # define RSA_R_NO_PUBLIC_EXPONENT 140 -+# define RSA_R_NON_FIPS_RSA_METHOD 200 - # define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 - # define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172 - # define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 - # define RSA_R_OAEP_DECODING_ERROR 121 -+# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 201 - # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 - # define RSA_R_PADDING_CHECK_FAILED 114 - # define RSA_R_PKCS_DECODING_ERROR 159 -@@ -160,6 +171,7 @@ int ERR_load_RSA_strings(void); - # define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 - # define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 - # define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 -+# define RSA_R_UNSUPPORTED_PARAMETERS 202 - # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 - # define RSA_R_VALUE_MISSING 147 - # define RSA_R_WRONG_SIGNATURE_LENGTH 119 -diff -up openssl-1.1.1j/ssl/s3_lib.c.fips openssl-1.1.1j/ssl/s3_lib.c ---- openssl-1.1.1j/ssl/s3_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/ssl/s3_lib.c 2021-03-03 12:57:42.205734575 +0100 -@@ -43,7 +43,7 @@ static SSL_CIPHER tls13_ciphers[] = { - SSL_AEAD, - TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, -- SSL_HIGH, -+ SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256, - 128, - 128, -@@ -58,7 +58,7 @@ static SSL_CIPHER tls13_ciphers[] = { - SSL_AEAD, - TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, -- SSL_HIGH, -+ SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384, - 256, - 256, -@@ -92,7 +92,7 @@ static SSL_CIPHER tls13_ciphers[] = { - SSL_AEAD, - TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, -- SSL_NOT_DEFAULT | SSL_HIGH, -+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256, - 128, - 128, -@@ -634,7 +634,7 @@ static SSL_CIPHER ssl3_ciphers[] = { - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, -- SSL_NOT_DEFAULT | SSL_HIGH, -+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, -@@ -650,7 +650,7 @@ static SSL_CIPHER ssl3_ciphers[] = { - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, -- SSL_NOT_DEFAULT | SSL_HIGH, -+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, -@@ -666,7 +666,7 @@ static SSL_CIPHER ssl3_ciphers[] = { - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, -- SSL_NOT_DEFAULT | SSL_HIGH, -+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, -@@ -682,7 +682,7 @@ static SSL_CIPHER ssl3_ciphers[] = { - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, -- SSL_NOT_DEFAULT | SSL_HIGH, -+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, -@@ -794,7 +794,7 @@ static SSL_CIPHER ssl3_ciphers[] = { - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, -- SSL_NOT_DEFAULT | SSL_HIGH, -+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, -@@ -810,7 +810,7 @@ static SSL_CIPHER ssl3_ciphers[] = { - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, -- SSL_NOT_DEFAULT | SSL_HIGH, -+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, -@@ -890,7 +890,7 @@ static SSL_CIPHER ssl3_ciphers[] = { - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, -- SSL_NOT_DEFAULT | SSL_HIGH, -+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, -@@ -906,7 +906,7 @@ static SSL_CIPHER ssl3_ciphers[] = { - SSL_AEAD, - TLS1_2_VERSION, TLS1_2_VERSION, - DTLS1_2_VERSION, DTLS1_2_VERSION, -- SSL_NOT_DEFAULT | SSL_HIGH, -+ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, -diff -up openssl-1.1.1j/ssl/ssl_ciph.c.fips openssl-1.1.1j/ssl/ssl_ciph.c ---- openssl-1.1.1j/ssl/ssl_ciph.c.fips 2021-03-03 12:57:42.193734476 +0100 -+++ openssl-1.1.1j/ssl/ssl_ciph.c 2021-03-03 12:57:42.206734583 +0100 -@@ -387,7 +387,7 @@ int ssl_load_ciphers(void) - } - } - /* Make sure we can access MD5 and SHA1 */ -- if (!ossl_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL)) -+ if (!FIPS_mode() && !ossl_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL)) - return 0; - if (!ossl_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL)) - return 0; -@@ -559,6 +559,9 @@ int ssl_cipher_get_evp(const SSL_SESSION - s->ssl_version < TLS1_VERSION) - return 1; - -+ if (FIPS_mode()) -+ return 1; -+ - if (c->algorithm_enc == SSL_RC4 && - c->algorithm_mac == SSL_MD5 && - (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) -@@ -667,6 +670,8 @@ static void ssl_cipher_collect_ciphers(c - /* drop those that use any of that is not available */ - if (c == NULL || !c->valid) - continue; -+ if (FIPS_mode() && !(c->algo_strength & SSL_FIPS)) -+ continue; - if ((c->algorithm_mkey & disabled_mkey) || - (c->algorithm_auth & disabled_auth) || - (c->algorithm_enc & disabled_enc) || -@@ -1671,7 +1676,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ - * to the resulting precedence to the STACK_OF(SSL_CIPHER). - */ - for (curr = head; curr != NULL; curr = curr->next) { -- if (curr->active) { -+ if (curr->active -+ && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) { - if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { - OPENSSL_free(co_list); - sk_SSL_CIPHER_free(cipherstack); -diff -up openssl-1.1.1j/ssl/ssl_init.c.fips openssl-1.1.1j/ssl/ssl_init.c ---- openssl-1.1.1j/ssl/ssl_init.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/ssl/ssl_init.c 2021-03-03 12:57:42.206734583 +0100 -@@ -27,6 +27,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas - fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " - "Adding SSL ciphers and digests\n"); - #endif -+#ifdef OPENSSL_FIPS -+ if (!FIPS_mode()) { -+#endif -+ - #ifndef OPENSSL_NO_DES - EVP_add_cipher(EVP_des_cbc()); - EVP_add_cipher(EVP_des_ede3_cbc()); -@@ -87,6 +91,31 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas - EVP_add_digest(EVP_sha256()); - EVP_add_digest(EVP_sha384()); - EVP_add_digest(EVP_sha512()); -+#ifdef OPENSSL_FIPS -+ } else { -+# ifndef OPENSSL_NO_DES -+ EVP_add_cipher(EVP_des_ede3_cbc()); -+# endif -+ EVP_add_cipher(EVP_aes_128_cbc()); -+ EVP_add_cipher(EVP_aes_192_cbc()); -+ EVP_add_cipher(EVP_aes_256_cbc()); -+ EVP_add_cipher(EVP_aes_128_gcm()); -+ EVP_add_cipher(EVP_aes_256_gcm()); -+ EVP_add_cipher(EVP_aes_128_ccm()); -+ EVP_add_cipher(EVP_aes_256_ccm()); -+# ifndef OPENSSL_NO_MD5 -+ /* needed even in the FIPS mode for TLS-1.0 */ -+ EVP_add_digest(EVP_md5_sha1()); -+# endif -+ EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ -+ EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); -+ EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -+ EVP_add_digest(EVP_sha224()); -+ EVP_add_digest(EVP_sha256()); -+ EVP_add_digest(EVP_sha384()); -+ EVP_add_digest(EVP_sha512()); -+ } -+#endif - #ifndef OPENSSL_NO_COMP - # ifdef OPENSSL_INIT_DEBUG - fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " -diff -up openssl-1.1.1j/ssl/ssl_lib.c.fips openssl-1.1.1j/ssl/ssl_lib.c ---- openssl-1.1.1j/ssl/ssl_lib.c.fips 2021-03-03 12:57:42.193734476 +0100 -+++ openssl-1.1.1j/ssl/ssl_lib.c 2021-03-03 12:57:42.206734583 +0100 -@@ -2973,6 +2973,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m - if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) - return NULL; - -+ if (FIPS_mode() && (meth->version < TLS1_VERSION)) { -+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE); -+ return NULL; -+ } -+ - if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); - goto err; -@@ -3029,13 +3034,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m - if (ret->param == NULL) - goto err; - -- if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { -- SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); -- goto err2; -- } -- if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { -- SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); -- goto err2; -+ if (!FIPS_mode()) { -+ if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { -+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); -+ goto err2; -+ } -+ if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { -+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); -+ goto err2; -+ } -+ } else { -+ ret->min_proto_version = TLS1_VERSION; - } - - if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) -diff -up openssl-1.1.1j/ssl/ssl_local.h.fips openssl-1.1.1j/ssl/ssl_local.h ---- openssl-1.1.1j/ssl/ssl_local.h.fips 2021-03-03 12:57:42.100733706 +0100 -+++ openssl-1.1.1j/ssl/ssl_local.h 2021-03-03 12:57:42.206734583 +0100 -@@ -1515,6 +1515,7 @@ typedef struct tls_group_info_st { - # define TLS_CURVE_PRIME 0x0 - # define TLS_CURVE_CHAR2 0x1 - # define TLS_CURVE_CUSTOM 0x2 -+# define TLS_CURVE_FIPS 0x80 - - typedef struct cert_pkey_st CERT_PKEY; - -diff -up openssl-1.1.1j/ssl/t1_lib.c.fips openssl-1.1.1j/ssl/t1_lib.c ---- openssl-1.1.1j/ssl/t1_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/ssl/t1_lib.c 2021-03-03 12:57:42.207734591 +0100 -@@ -159,11 +159,11 @@ static const TLS_GROUP_INFO nid_list[] = - {NID_secp192k1, 80, TLS_CURVE_PRIME}, /* secp192k1 (18) */ - {NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME}, /* secp192r1 (19) */ - {NID_secp224k1, 112, TLS_CURVE_PRIME}, /* secp224k1 (20) */ -- {NID_secp224r1, 112, TLS_CURVE_PRIME}, /* secp224r1 (21) */ -+ {NID_secp224r1, 112, TLS_CURVE_PRIME | TLS_CURVE_FIPS}, /* secp224r1 (21) */ - {NID_secp256k1, 128, TLS_CURVE_PRIME}, /* secp256k1 (22) */ -- {NID_X9_62_prime256v1, 128, TLS_CURVE_PRIME}, /* secp256r1 (23) */ -- {NID_secp384r1, 192, TLS_CURVE_PRIME}, /* secp384r1 (24) */ -- {NID_secp521r1, 256, TLS_CURVE_PRIME}, /* secp521r1 (25) */ -+ {NID_X9_62_prime256v1, 128, TLS_CURVE_PRIME | TLS_CURVE_FIPS}, /* secp256r1 (23) */ -+ {NID_secp384r1, 192, TLS_CURVE_PRIME | TLS_CURVE_FIPS}, /* secp384r1 (24) */ -+ {NID_secp521r1, 256, TLS_CURVE_PRIME | TLS_CURVE_FIPS}, /* secp521r1 (25) */ - {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */ - {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */ - {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */ -@@ -258,6 +258,8 @@ int tls_curve_allowed(SSL *s, uint16_t c - if (cinfo->flags & TLS_CURVE_CHAR2) - return 0; - # endif -+ if (FIPS_mode() && !(cinfo->flags & TLS_CURVE_FIPS)) -+ return 0; - ctmp[0] = curve >> 8; - ctmp[1] = curve & 0xff; - return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp); -diff -up openssl-1.1.1j/test/dsatest.c.fips openssl-1.1.1j/test/dsatest.c ---- openssl-1.1.1j/test/dsatest.c.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/test/dsatest.c 2021-03-03 12:57:42.207734591 +0100 -@@ -24,41 +24,42 @@ - #ifndef OPENSSL_NO_DSA - static int dsa_cb(int p, int n, BN_GENCB *arg); - --/* -- * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS -- * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 -- */ - static unsigned char seed[20] = { -- 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, 0xb6, 0x21, 0x1b, 0x40, -- 0x62, 0xba, 0x32, 0x24, 0xe0, 0x42, 0x7d, 0xd3, -+ 0x02, 0x47, 0x11, 0x92, 0x11, 0x88, 0xC8, 0xFB, 0xAF, 0x48, 0x4C, 0x62, -+ 0xDF, 0xA5, 0xBE, 0xA0, 0xA4, 0x3C, 0x56, 0xE3, - }; - - static unsigned char out_p[] = { -- 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa, -- 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb, -- 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7, -- 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5, -- 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf, -- 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac, -- 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2, -- 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91, -+ 0xAC, 0xCB, 0x1E, 0x63, 0x60, 0x69, 0x0C, 0xFB, 0x06, 0x19, 0x68, 0x3E, -+ 0xA5, 0x01, 0x5A, 0xA2, 0x15, 0x5C, 0xE2, 0x99, 0x2D, 0xD5, 0x30, 0x99, -+ 0x7E, 0x5F, 0x8D, 0xE2, 0xF7, 0xC6, 0x2E, 0x8D, 0xA3, 0x9F, 0x58, 0xAD, -+ 0xD6, 0xA9, 0x7D, 0x0E, 0x0D, 0x95, 0x53, 0xA6, 0x71, 0x3A, 0xDE, 0xAB, -+ 0xAC, 0xE9, 0xF4, 0x36, 0x55, 0x9E, 0xB9, 0xD6, 0x93, 0xBF, 0xF3, 0x18, -+ 0x1C, 0x14, 0x7B, 0xA5, 0x42, 0x2E, 0xCD, 0x00, 0xEB, 0x35, 0x3B, 0x1B, -+ 0xA8, 0x51, 0xBB, 0xE1, 0x58, 0x42, 0x85, 0x84, 0x22, 0xA7, 0x97, 0x5E, -+ 0x99, 0x6F, 0x38, 0x20, 0xBD, 0x9D, 0xB6, 0xD9, 0x33, 0x37, 0x2A, 0xFD, -+ 0xBB, 0xD4, 0xBC, 0x0C, 0x2A, 0x67, 0xCB, 0x9F, 0xBB, 0xDF, 0xF9, 0x93, -+ 0xAA, 0xD6, 0xF0, 0xD6, 0x95, 0x0B, 0x5D, 0x65, 0x14, 0xD0, 0x18, 0x9D, -+ 0xC6, 0xAF, 0xF0, 0xC6, 0x37, 0x7C, 0xF3, 0x5F, - }; - - static unsigned char out_q[] = { -- 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee, -- 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e, -- 0xda, 0xce, 0x91, 0x5f, -+ 0xE3, 0x8E, 0x5E, 0x6D, 0xBF, 0x2B, 0x79, 0xF8, 0xC5, 0x4B, 0x89, 0x8B, -+ 0xBA, 0x2D, 0x91, 0xC3, 0x6C, 0x80, 0xAC, 0x87, - }; - - static unsigned char out_g[] = { -- 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13, -- 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00, -- 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb, -- 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e, -- 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf, -- 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c, -- 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c, -- 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02, -+ 0x42, 0x4A, 0x04, 0x4E, 0x79, 0xB4, 0x99, 0x7F, 0xFD, 0x58, 0x36, 0x2C, -+ 0x1B, 0x5F, 0x18, 0x7E, 0x0D, 0xCC, 0xAB, 0x81, 0xC9, 0x5D, 0x10, 0xCE, -+ 0x4E, 0x80, 0x7E, 0x58, 0xB4, 0x34, 0x3F, 0xA7, 0x45, 0xC7, 0xAA, 0x36, -+ 0x24, 0x42, 0xA9, 0x3B, 0xE8, 0x0E, 0x04, 0x02, 0x2D, 0xFB, 0xA6, 0x13, -+ 0xB9, 0xB5, 0x15, 0xA5, 0x56, 0x07, 0x35, 0xE4, 0x03, 0xB6, 0x79, 0x7C, -+ 0x62, 0xDD, 0xDF, 0x3F, 0x71, 0x3A, 0x9D, 0x8B, 0xC4, 0xF6, 0xE7, 0x1D, -+ 0x52, 0xA8, 0xA9, 0x43, 0x1D, 0x33, 0x51, 0x88, 0x39, 0xBD, 0x73, 0xE9, -+ 0x5F, 0xBE, 0x82, 0x49, 0x27, 0xE6, 0xB5, 0x53, 0xC1, 0x38, 0xAC, 0x2F, -+ 0x6D, 0x97, 0x6C, 0xEB, 0x67, 0xC1, 0x5F, 0x67, 0xF8, 0x35, 0x05, 0x5E, -+ 0xD5, 0x68, 0x80, 0xAA, 0x96, 0xCA, 0x0B, 0x8A, 0xE6, 0xF1, 0xB1, 0x41, -+ 0xC6, 0x75, 0x94, 0x0A, 0x0A, 0x2A, 0xFA, 0x29, - }; - - static const unsigned char str1[] = "12345678901234567890"; -@@ -79,11 +80,11 @@ static int dsa_test(void) - - BN_GENCB_set(cb, dsa_cb, NULL); - if (!TEST_ptr(dsa = DSA_new()) -- || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20, -+ || !TEST_true(DSA_generate_parameters_ex(dsa, 1024, seed, 20, - &counter, &h, cb))) - goto end; - -- if (!TEST_int_eq(counter, 105)) -+ if (!TEST_int_eq(counter, 239)) - goto end; - if (!TEST_int_eq(h, 2)) - goto end; -diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt ---- openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt 2021-03-03 12:57:42.207734591 +0100 -@@ -1206,6 +1206,7 @@ Key = 0000000000000000000000000000000000 - IV = 00000000000000000000000000000000 - Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 - Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e -+Result = KEY_SET_ERROR - - Cipher = aes-128-xts - Key = 1111111111111111111111111111111122222222222222222222222222222222 -diff -up openssl-1.1.1j/util/libcrypto.num.fips openssl-1.1.1j/util/libcrypto.num ---- openssl-1.1.1j/util/libcrypto.num.fips 2021-02-16 16:24:01.000000000 +0100 -+++ openssl-1.1.1j/util/libcrypto.num 2021-03-03 12:57:42.208734600 +0100 -@@ -4591,3 +4591,38 @@ X509_ALGOR_copy - X509_REQ_set0_signature 4545 1_1_1h EXIST::FUNCTION: - X509_REQ_set1_signature_algo 4546 1_1_1h EXIST::FUNCTION: - EC_KEY_decoded_from_explicit_params 4547 1_1_1h EXIST::FUNCTION:EC -+FIPS_drbg_reseed 6348 1_1_0g EXIST::FUNCTION: -+FIPS_selftest_check 6349 1_1_0g EXIST::FUNCTION: -+FIPS_rand_set_method 6350 1_1_0g EXIST::FUNCTION: -+FIPS_get_default_drbg 6351 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_set_reseed_interval 6352 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_set_app_data 6353 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_method 6354 1_1_0g EXIST::FUNCTION: -+FIPS_rand_status 6355 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_instantiate 6356 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_set_callbacks 6357 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_new 6358 1_1_0g EXIST::FUNCTION: -+FIPS_dsa_paramgen_check_g 6359 1_1_0g EXIST::FUNCTION: -+FIPS_selftest 6360 1_1_0g EXIST::FUNCTION: -+FIPS_rand_set_bits 6361 1_1_0g EXIST::FUNCTION: -+FIPS_rand_bytes 6362 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_get_app_data 6363 1_1_0g EXIST::FUNCTION: -+FIPS_selftest_failed 6364 1_1_0g EXIST::FUNCTION: -+FIPS_dsa_builtin_paramgen2 6365 1_1_0g EXIST::FUNCTION: -+FIPS_rand_reset 6366 1_1_0g EXIST::FUNCTION: -+ERR_load_FIPS_strings 6367 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_generate 6368 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_uninstantiate 6369 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_set_check_interval 6370 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_free 6371 1_1_0g EXIST::FUNCTION: -+FIPS_selftest_drbg_all 6372 1_1_0g EXIST::FUNCTION: -+FIPS_rand_get_method 6373 1_1_0g EXIST::FUNCTION: -+RAND_set_fips_drbg_type 6374 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_health_check 6375 1_1_0g EXIST::FUNCTION: -+RAND_init_fips 6376 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_set_rand_callbacks 6377 1_1_0g EXIST::FUNCTION: -+FIPS_rand_seed 6378 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_get_strength 6379 1_1_0g EXIST::FUNCTION: -+FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION: diff --git a/openssl-1.1.1-intel-cet.patch b/openssl-1.1.1-intel-cet.patch deleted file mode 100644 index a95bf9c..0000000 --- a/openssl-1.1.1-intel-cet.patch +++ /dev/null @@ -1,500 +0,0 @@ -diff -up openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl ---- openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl 2020-03-19 17:07:02.626522694 +0100 -@@ -275,6 +275,7 @@ $code.=<<___; - .align 16 - ${PREFIX}_encrypt: - .cfi_startproc -+ endbranch - movups ($inp),$inout0 # load input - mov 240($key),$rounds # key->rounds - ___ -@@ -293,6 +294,7 @@ $code.=<<___; - .align 16 - ${PREFIX}_decrypt: - .cfi_startproc -+ endbranch - movups ($inp),$inout0 # load input - mov 240($key),$rounds # key->rounds - ___ -@@ -613,6 +615,7 @@ $code.=<<___; - .align 16 - aesni_ecb_encrypt: - .cfi_startproc -+ endbranch - ___ - $code.=<<___ if ($win64); - lea -0x58(%rsp),%rsp -@@ -985,6 +988,7 @@ $code.=<<___; - .align 16 - aesni_ccm64_encrypt_blocks: - .cfi_startproc -+ endbranch - ___ - $code.=<<___ if ($win64); - lea -0x58(%rsp),%rsp -@@ -1077,6 +1081,7 @@ $code.=<<___; - .align 16 - aesni_ccm64_decrypt_blocks: - .cfi_startproc -+ endbranch - ___ - $code.=<<___ if ($win64); - lea -0x58(%rsp),%rsp -@@ -1203,6 +1208,7 @@ $code.=<<___; - .align 16 - aesni_ctr32_encrypt_blocks: - .cfi_startproc -+ endbranch - cmp \$1,$len - jne .Lctr32_bulk - -@@ -1775,6 +1781,7 @@ $code.=<<___; - .align 16 - aesni_xts_encrypt: - .cfi_startproc -+ endbranch - lea (%rsp),%r11 # frame pointer - .cfi_def_cfa_register %r11 - push %rbp -@@ -2258,6 +2265,7 @@ $code.=<<___; - .align 16 - aesni_xts_decrypt: - .cfi_startproc -+ endbranch - lea (%rsp),%r11 # frame pointer - .cfi_def_cfa_register %r11 - push %rbp -@@ -2783,6 +2791,7 @@ $code.=<<___; - .align 32 - aesni_ocb_encrypt: - .cfi_startproc -+ endbranch - lea (%rsp),%rax - push %rbx - .cfi_push %rbx -@@ -3249,6 +3258,7 @@ __ocb_encrypt1: - .align 32 - aesni_ocb_decrypt: - .cfi_startproc -+ endbranch - lea (%rsp),%rax - push %rbx - .cfi_push %rbx -@@ -3737,6 +3747,7 @@ $code.=<<___; - .align 16 - ${PREFIX}_cbc_encrypt: - .cfi_startproc -+ endbranch - test $len,$len # check length - jz .Lcbc_ret - -diff -up openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl ---- openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl 2020-03-19 17:00:15.974621757 +0100 -@@ -696,6 +696,7 @@ _vpaes_schedule_mangle: - .align 16 - ${PREFIX}_set_encrypt_key: - .cfi_startproc -+ endbranch - ___ - $code.=<<___ if ($win64); - lea -0xb8(%rsp),%rsp -@@ -746,6 +747,7 @@ $code.=<<___; - .align 16 - ${PREFIX}_set_decrypt_key: - .cfi_startproc -+ endbranch - ___ - $code.=<<___ if ($win64); - lea -0xb8(%rsp),%rsp -@@ -801,6 +803,7 @@ $code.=<<___; - .align 16 - ${PREFIX}_encrypt: - .cfi_startproc -+ endbranch - ___ - $code.=<<___ if ($win64); - lea -0xb8(%rsp),%rsp -@@ -846,6 +849,7 @@ $code.=<<___; - .align 16 - ${PREFIX}_decrypt: - .cfi_startproc -+ endbranch - ___ - $code.=<<___ if ($win64); - lea -0xb8(%rsp),%rsp -@@ -897,6 +901,7 @@ $code.=<<___; - .align 16 - ${PREFIX}_cbc_encrypt: - .cfi_startproc -+ endbranch - xchg $key,$len - ___ - ($len,$key)=($key,$len); -diff -up openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.c ---- openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/async/arch/async_posix.c 2020-03-19 17:00:15.974621757 +0100 -@@ -34,7 +34,9 @@ void async_local_cleanup(void) - - int async_fibre_makecontext(async_fibre *fibre) - { -+#ifndef USE_SWAPCONTEXT - fibre->env_init = 0; -+#endif - if (getcontext(&fibre->fibre) == 0) { - fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE); - if (fibre->fibre.uc_stack.ss_sp != NULL) { -diff -up openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.h ---- openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet 2020-03-19 17:00:15.435631166 +0100 -+++ openssl-1.1.1e/crypto/async/arch/async_posix.h 2020-03-19 17:00:15.975621739 +0100 -@@ -25,17 +25,33 @@ - # define ASYNC_POSIX - # define ASYNC_ARCH - -+# ifdef __CET__ -+/* -+ * When Intel CET is enabled, makecontext will create a different -+ * shadow stack for each context. async_fibre_swapcontext cannot -+ * use _longjmp. It must call swapcontext to swap shadow stack as -+ * well as normal stack. -+ */ -+# define USE_SWAPCONTEXT -+# endif - # include --# include -+# ifndef USE_SWAPCONTEXT -+# include -+# endif - - typedef struct async_fibre_st { - ucontext_t fibre; -+# ifndef USE_SWAPCONTEXT - jmp_buf env; - int env_init; -+# endif - } async_fibre; - - static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r) - { -+# ifdef USE_SWAPCONTEXT -+ swapcontext(&o->fibre, &n->fibre); -+# else - o->env_init = 1; - - if (!r || !_setjmp(o->env)) { -@@ -44,6 +60,7 @@ static ossl_inline int async_fibre_swapc - else - setcontext(&n->fibre); - } -+# endif - - return 1; - } -diff -up openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl ---- openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl 2020-03-19 17:00:15.975621739 +0100 -@@ -685,6 +685,7 @@ $code.=<<___; - .align 16 - Camellia_cbc_encrypt: - .cfi_startproc -+ endbranch - cmp \$0,%rdx - je .Lcbc_abort - push %rbx -diff -up openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl ---- openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl 2020-03-19 17:00:15.975621739 +0100 -@@ -239,6 +239,7 @@ $code=<<___; - .align 16 - gcm_gmult_4bit: - .cfi_startproc -+ endbranch - push %rbx - .cfi_push %rbx - push %rbp # %rbp and others are pushed exclusively in -@@ -286,6 +287,7 @@ $code.=<<___; - .align 16 - gcm_ghash_4bit: - .cfi_startproc -+ endbranch - push %rbx - .cfi_push %rbx - push %rbp -@@ -612,6 +614,7 @@ $code.=<<___; - .align 16 - gcm_gmult_clmul: - .cfi_startproc -+ endbranch - .L_gmult_clmul: - movdqu ($Xip),$Xi - movdqa .Lbswap_mask(%rip),$T3 -@@ -663,6 +666,7 @@ $code.=<<___; - .align 32 - gcm_ghash_clmul: - .cfi_startproc -+ endbranch - .L_ghash_clmul: - ___ - $code.=<<___ if ($win64); -@@ -1166,6 +1170,7 @@ $code.=<<___; - .align 32 - gcm_gmult_avx: - .cfi_startproc -+ endbranch - jmp .L_gmult_clmul - .cfi_endproc - .size gcm_gmult_avx,.-gcm_gmult_avx -@@ -1177,6 +1182,7 @@ $code.=<<___; - .align 32 - gcm_ghash_avx: - .cfi_startproc -+ endbranch - ___ - if ($avx) { - my ($Xip,$Htbl,$inp,$len)=@_4args; -diff -up openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet openssl-1.1.1e/crypto/perlasm/cbc.pl ---- openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/perlasm/cbc.pl 2020-03-19 17:00:15.976621722 +0100 -@@ -165,21 +165,28 @@ sub cbc - &jmp_ptr($count); - - &set_label("ej7"); -+ &endbranch() - &movb(&HB("edx"), &BP(6,$in,"",0)); - &shl("edx",8); - &set_label("ej6"); -+ &endbranch() - &movb(&HB("edx"), &BP(5,$in,"",0)); - &set_label("ej5"); -+ &endbranch() - &movb(&LB("edx"), &BP(4,$in,"",0)); - &set_label("ej4"); -+ &endbranch() - &mov("ecx", &DWP(0,$in,"",0)); - &jmp(&label("ejend")); - &set_label("ej3"); -+ &endbranch() - &movb(&HB("ecx"), &BP(2,$in,"",0)); - &shl("ecx",8); - &set_label("ej2"); -+ &endbranch() - &movb(&HB("ecx"), &BP(1,$in,"",0)); - &set_label("ej1"); -+ &endbranch() - &movb(&LB("ecx"), &BP(0,$in,"",0)); - &set_label("ejend"); - -diff -up openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl ---- openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl 2020-03-19 17:00:15.984621582 +0100 -@@ -101,6 +101,33 @@ elsif (!$gas) - $decor="\$L\$"; - } - -+my $cet_property; -+if ($flavour =~ /elf/) { -+ # Always generate .note.gnu.property section for ELF outputs to -+ # mark Intel CET support since all input files must be marked -+ # with Intel CET support in order for linker to mark output with -+ # Intel CET support. -+ my $p2align=3; $p2align=2 if ($flavour eq "elf32"); -+ $cet_property = <<_____; -+ .section ".note.gnu.property", "a" -+ .p2align $p2align -+ .long 1f - 0f -+ .long 4f - 1f -+ .long 5 -+0: -+ .asciz "GNU" -+1: -+ .p2align $p2align -+ .long 0xc0000002 -+ .long 3f - 2f -+2: -+ .long 3 -+3: -+ .p2align $p2align -+4: -+_____ -+} -+ - my $current_segment; - my $current_function; - my %globals; -@@ -1213,6 +1240,7 @@ while(defined(my $line=<>)) { - print $line,"\n"; - } - -+print "$cet_property" if ($cet_property); - print "\n$current_segment\tENDS\n" if ($current_segment && $masm); - print "END\n" if ($masm); - -diff -up openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86gas.pl ---- openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/perlasm/x86gas.pl 2020-03-19 17:00:15.985621565 +0100 -@@ -124,6 +124,7 @@ sub ::function_begin_B - push(@out,".align\t$align\n"); - push(@out,"$func:\n"); - push(@out,"$begin:\n") if ($global); -+ &::endbranch(); - $::stack=4; - } - -@@ -172,6 +173,26 @@ sub ::file_end - else { push (@out,"$tmp\n"); } - } - push(@out,$initseg) if ($initseg); -+ if ($::elf) { -+ push(@out," -+ .section \".note.gnu.property\", \"a\" -+ .p2align 2 -+ .long 1f - 0f -+ .long 4f - 1f -+ .long 5 -+0: -+ .asciz \"GNU\" -+1: -+ .p2align 2 -+ .long 0xc0000002 -+ .long 3f - 2f -+2: -+ .long 3 -+3: -+ .p2align 2 -+4: -+"); -+ } - } - - sub ::data_byte { push(@out,".byte\t".join(',',@_)."\n"); } -diff -up openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl ---- openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet 2020-03-19 17:00:38.185234015 +0100 -+++ openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl 2020-03-19 17:05:46.575850341 +0100 -@@ -2806,6 +2806,7 @@ $code.=<<___; - .align 32 - poly1305_blocks_vpmadd52: - .cfi_startproc -+ endbranch - shr \$4,$len - jz .Lno_data_vpmadd52 # too short - -@@ -3739,6 +3740,7 @@ $code.=<<___; - .align 32 - poly1305_emit_base2_44: - .cfi_startproc -+ endbranch - mov 0($ctx),%r8 # load hash value - mov 8($ctx),%r9 - mov 16($ctx),%r10 -diff -up openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl ---- openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet 2020-03-19 17:00:38.190233928 +0100 -+++ openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl 2020-03-19 17:05:02.598618064 +0100 -@@ -140,6 +140,7 @@ $code=<<___; - .align 16 - RC4: - .cfi_startproc -+ endbranch - or $len,$len - jne .Lentry - ret -@@ -455,6 +456,7 @@ $code.=<<___; - .align 16 - RC4_set_key: - .cfi_startproc -+ endbranch - lea 8($dat),$dat - lea ($inp,$len),$inp - neg $len -@@ -529,6 +531,7 @@ RC4_set_key: - .align 16 - RC4_options: - .cfi_startproc -+ endbranch - lea .Lopts(%rip),%rax - mov OPENSSL_ia32cap_P(%rip),%edx - bt \$20,%edx -diff -up openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet openssl-1.1.1e/crypto/x86_64cpuid.pl ---- openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/x86_64cpuid.pl 2020-03-19 17:03:58.172742775 +0100 -@@ -40,6 +40,7 @@ print<<___; - .align 16 - OPENSSL_atomic_add: - .cfi_startproc -+ endbranch - movl ($arg1),%eax - .Lspin: leaq ($arg2,%rax),%r8 - .byte 0xf0 # lock -@@ -56,6 +57,7 @@ OPENSSL_atomic_add: - .align 16 - OPENSSL_rdtsc: - .cfi_startproc -+ endbranch - rdtsc - shl \$32,%rdx - or %rdx,%rax -@@ -68,6 +70,7 @@ OPENSSL_rdtsc: - .align 16 - OPENSSL_ia32_cpuid: - .cfi_startproc -+ endbranch - mov %rbx,%r8 # save %rbx - .cfi_register %rbx,%r8 - -@@ -237,6 +240,7 @@ OPENSSL_ia32_cpuid: - .align 16 - OPENSSL_cleanse: - .cfi_startproc -+ endbranch - xor %rax,%rax - cmp \$15,$arg2 - jae .Lot -@@ -274,6 +278,7 @@ OPENSSL_cleanse: - .align 16 - CRYPTO_memcmp: - .cfi_startproc -+ endbranch - xor %rax,%rax - xor %r10,%r10 - cmp \$0,$arg3 -@@ -312,6 +317,7 @@ print<<___ if (!$win64); - .align 16 - OPENSSL_wipe_cpu: - .cfi_startproc -+ endbranch - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 -@@ -346,6 +352,8 @@ print<<___ if ($win64); - .type OPENSSL_wipe_cpu,\@abi-omnipotent - .align 16 - OPENSSL_wipe_cpu: -+.cfi_startproc -+ endbranch - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 -@@ -376,6 +384,7 @@ print<<___; - .align 16 - OPENSSL_instrument_bus: - .cfi_startproc -+ endbranch - mov $arg1,$out # tribute to Win64 - mov $arg2,$cnt - mov $arg2,$max -@@ -410,6 +419,7 @@ OPENSSL_instrument_bus: - .align 16 - OPENSSL_instrument_bus2: - .cfi_startproc -+ endbranch - mov $arg1,$out # tribute to Win64 - mov $arg2,$cnt - mov $arg3,$max -@@ -465,6 +475,7 @@ print<<___; - .align 16 - OPENSSL_ia32_${rdop}_bytes: - .cfi_startproc -+ endbranch - xor %rax, %rax # return value - cmp \$0,$arg2 - je .Ldone_${rdop}_bytes diff --git a/openssl-1.1.1-kdf-selftest.patch b/openssl-1.1.1-kdf-selftest.patch deleted file mode 100644 index 3cb3718..0000000 --- a/openssl-1.1.1-kdf-selftest.patch +++ /dev/null @@ -1,170 +0,0 @@ -diff -up openssl-1.1.1g/crypto/fips/build.info.kdf-selftest openssl-1.1.1g/crypto/fips/build.info ---- openssl-1.1.1g/crypto/fips/build.info.kdf-selftest 2020-06-03 16:08:36.274849058 +0200 -+++ openssl-1.1.1g/crypto/fips/build.info 2020-06-03 16:11:05.609079372 +0200 -@@ -5,7 +5,7 @@ SOURCE[../../libcrypto]=\ - fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ - fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \ - fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \ -- fips_dh_selftest.c fips_ers.c -+ fips_dh_selftest.c fips_kdf_selftest.c fips_ers.c - - PROGRAMS_NO_INST=\ - fips_standalone_hmac -diff -up openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c ---- openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest 2020-06-03 16:08:36.337849577 +0200 -+++ openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c 2020-06-03 16:08:36.337849577 +0200 -@@ -0,0 +1,117 @@ -+/* -+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#include -+#include -+#include -+#include "crypto/fips.h" -+ -+#include -+#include -+ -+#ifdef OPENSSL_FIPS -+int FIPS_selftest_pbkdf2(void) -+{ -+ int ret = 0; -+ EVP_KDF_CTX *kctx; -+ unsigned char out[32]; -+ -+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) { -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) { -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) { -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) { -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { -+ goto err; -+ } -+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { -+ goto err; -+ } -+ -+ { -+ const unsigned char expected[sizeof(out)] = { -+ 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3, -+ 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0, -+ 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf, -+ 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43 -+ }; -+ if (memcmp(out, expected, sizeof(expected))) { -+ goto err; -+ } -+ } -+ ret = 1; -+ -+err: -+ if (!ret) -+ FIPSerr(FIPS_F_FIPS_SELFTEST_PBKDF2, FIPS_R_SELFTEST_FAILED); -+ EVP_KDF_CTX_free(kctx); -+ return ret; -+} -+ -+/* Test vector from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos -+ * 5) appendix A. */ -+int FIPS_selftest_kbkdf(void) -+{ -+ int ret = 0; -+ EVP_KDF_CTX *kctx; -+ char *label = "prf", *prf_input = "test"; -+ static unsigned char input_key[] = { -+ 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28, -+ 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C, -+ }; -+ static unsigned char output[] = { -+ 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE, -+ 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86, -+ 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B, -+ 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95, -+ }; -+ unsigned char result[sizeof(output)] = { 0 }; -+ -+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_KB)) == NULL) { -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, EVP_KDF_KB_MAC_TYPE_HMAC) <= 0) { -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, input_key, sizeof(input_key)) <= 0) { -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, label, strlen(label)) <= 0) { -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_INFO, prf_input, strlen(prf_input)) <= 0) { -+ goto err; -+ } -+ ret = EVP_KDF_derive(kctx, result, sizeof(result)) > 0 -+ && memcmp(result, output, sizeof(output)) == 0; -+err: -+ -+ if (!ret) -+ FIPSerr(FIPS_F_FIPS_SELFTEST_KBKDF, FIPS_R_SELFTEST_FAILED); -+ EVP_KDF_CTX_free(kctx); -+ return ret; -+} -+ -+int FIPS_selftest_kdf(void) -+{ -+ return FIPS_selftest_pbkdf2() && FIPS_selftest_kbkdf(); -+} -+ -+#endif -diff -up openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_post.c ---- openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest 2020-06-03 16:08:36.332849536 +0200 -+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-06-03 16:08:36.338849585 +0200 -@@ -111,6 +111,8 @@ int FIPS_selftest(void) - rv = 0; - if (!FIPS_selftest_ecdh()) - rv = 0; -+ if (!FIPS_selftest_kdf()) -+ rv = 0; - return rv; - } - -diff -up openssl-1.1.1g/include/crypto/fips.h.kdf-selftest openssl-1.1.1g/include/crypto/fips.h ---- openssl-1.1.1g/include/crypto/fips.h.kdf-selftest 2020-06-03 16:08:36.330849519 +0200 -+++ openssl-1.1.1g/include/crypto/fips.h 2020-06-03 16:08:36.338849585 +0200 -@@ -72,6 +72,9 @@ void FIPS_drbg_stick(int onoff); - int FIPS_selftest_hmac(void); - int FIPS_selftest_drbg(void); - int FIPS_selftest_cmac(void); -+int FIPS_selftest_kbkdf(void); -+int FIPS_selftest_pbkdf2(void); -+int FIPS_selftest_kdf(void); - - int fips_in_post(void); - -diff -up openssl-1.1.1g/include/openssl/fips.h.kdf-selftest openssl-1.1.1g/include/openssl/fips.h ---- openssl-1.1.1g/include/openssl/fips.h.kdf-selftest 2020-06-03 16:08:36.282849124 +0200 -+++ openssl-1.1.1g/include/openssl/fips.h 2020-06-03 16:08:36.338849585 +0200 -@@ -123,6 +123,8 @@ extern "C" { - # define FIPS_F_FIPS_SELFTEST_DSA 112 - # define FIPS_F_FIPS_SELFTEST_ECDSA 133 - # define FIPS_F_FIPS_SELFTEST_HMAC 113 -+# define FIPS_F_FIPS_SELFTEST_KBKDF 151 -+# define FIPS_F_FIPS_SELFTEST_PBKDF2 152 - # define FIPS_F_FIPS_SELFTEST_SHA1 115 - # define FIPS_F_FIPS_SELFTEST_SHA2 105 - # define FIPS_F_OSSL_ECDSA_SIGN_SIG 143 diff --git a/openssl-1.1.1-krb5-kdf.patch b/openssl-1.1.1-krb5-kdf.patch deleted file mode 100644 index 249a5c5..0000000 --- a/openssl-1.1.1-krb5-kdf.patch +++ /dev/null @@ -1,3030 +0,0 @@ -diff -up openssl-1.1.1d/crypto/err/openssl.txt.krb5-kdf openssl-1.1.1d/crypto/err/openssl.txt ---- openssl-1.1.1d/crypto/err/openssl.txt.krb5-kdf 2019-11-14 15:07:05.320094521 +0100 -+++ openssl-1.1.1d/crypto/err/openssl.txt 2019-11-14 15:07:05.342094129 +0100 -@@ -821,6 +821,11 @@ EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_g - EVP_F_SCRYPT_ALG:228:scrypt_alg - EVP_F_UPDATE:173:update - KDF_F_HKDF_EXTRACT:112:HKDF_Extract -+KDF_F_KBKDF_CTRL:134:kbkdf_ctrl -+KDF_F_KBKDF_CTRL_STR:135:kbkdf_ctrl_str -+KDF_F_KBKDF_DERIVE:136:kbkdf_derive -+KDF_F_KBKDF_NEW:137:kbkdf_new -+KDF_F_KDF_CIPHER2CTRL:138:kdf_cipher2ctrl - KDF_F_KDF_HKDF_DERIVE:113:kdf_hkdf_derive - KDF_F_KDF_HKDF_NEW:114:kdf_hkdf_new - KDF_F_KDF_HKDF_SIZE:115:kdf_hkdf_size -@@ -840,6 +845,8 @@ KDF_F_KDF_SSHKDF_NEW:133:kdf_sshkdf_new - KDF_F_KDF_TLS1_PRF_CTRL_STR:125:kdf_tls1_prf_ctrl_str - KDF_F_KDF_TLS1_PRF_DERIVE:126:kdf_tls1_prf_derive - KDF_F_KDF_TLS1_PRF_NEW:127:kdf_tls1_prf_new -+KDF_F_KRB5KDF:139:KRB5KDF -+KDF_F_KRB5KDF_DERIVE:140:krb5kdf_derive - KDF_F_PBKDF2_SET_MEMBUF:128:pbkdf2_set_membuf - KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str - KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive -@@ -853,6 +860,9 @@ KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tl - KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive - KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init - KDF_F_SCRYPT_SET_MEMBUF:129:scrypt_set_membuf -+KDF_F_SSKDF_DERIVE:141:sskdf_derive -+KDF_F_SSKDF_NEW:142:sskdf_new -+KDF_F_SSKDF_SIZE:143:sskdf_size - KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg - OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object - OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid -@@ -2325,7 +2335,13 @@ EVP_R_UNSUPPORTED_SALT_TYPE:126:unsuppor - EVP_R_WRAP_MODE_NOT_ALLOWED:170:wrap mode not allowed - EVP_R_WRONG_FINAL_BLOCK_LENGTH:109:wrong final block length - EVP_R_XTS_DUPLICATED_KEYS:183:xts duplicated keys -+KDF_R_FAILED_TO_GENERATE_KEY:118:failed to generate key -+KDF_R_INVALID_CIPHER:116:invalid cipher -+KDF_R_INVALID_CONSTANT_LENGTH:119:invalid constant length - KDF_R_INVALID_DIGEST:100:invalid digest -+KDF_R_INVALID_SEED_LENGTH:117:invalid seed length -+KDF_R_MISSING_CIPHER:120:missing cipher -+KDF_R_MISSING_CONSTANT:121:missing constant - KDF_R_MISSING_ITERATION_COUNT:109:missing iteration count - KDF_R_MISSING_KEY:104:missing key - KDF_R_MISSING_MESSAGE_DIGEST:105:missing message digest -@@ -2340,6 +2356,7 @@ KDF_R_MISSING_XCGHASH:115:missing xcghas - KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type - KDF_R_VALUE_ERROR:108:value error - KDF_R_VALUE_MISSING:102:value missing -+KDF_R_WRONG_FINAL_BLOCK_LENGTH:120:wrong final block length - KDF_R_WRONG_OUTPUT_BUFFER_SIZE:112:wrong output buffer size - OBJ_R_OID_EXISTS:102:oid exists - OBJ_R_UNKNOWN_NID:101:unknown nid -diff -up openssl-1.1.1d/crypto/evp/kdf_lib.c.krb5-kdf openssl-1.1.1d/crypto/evp/kdf_lib.c ---- openssl-1.1.1d/crypto/evp/kdf_lib.c.krb5-kdf 2019-11-14 15:07:05.320094521 +0100 -+++ openssl-1.1.1d/crypto/evp/kdf_lib.c 2019-11-14 15:07:05.342094129 +0100 -@@ -31,6 +31,9 @@ static const EVP_KDF_METHOD *standard_me - &tls1_prf_kdf_meth, - &hkdf_kdf_meth, - &sshkdf_kdf_meth, -+ &kb_kdf_meth, -+ &krb5kdf_kdf_meth, -+ &ss_kdf_meth - }; - - DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *, -diff -up openssl-1.1.1d/include/crypto/evp.h.krb5-kdf openssl-1.1.1d/include/crypto/evp.h ---- openssl-1.1.1d/include/crypto/evp.h.krb5-kdf 2019-11-14 15:07:05.320094521 +0100 -+++ openssl-1.1.1d/include/crypto/evp.h 2019-11-14 15:07:05.342094129 +0100 -@@ -130,6 +130,9 @@ extern const EVP_KDF_METHOD scrypt_kdf_m - extern const EVP_KDF_METHOD tls1_prf_kdf_meth; - extern const EVP_KDF_METHOD hkdf_kdf_meth; - extern const EVP_KDF_METHOD sshkdf_kdf_meth; -+extern const EVP_KDF_METHOD kb_kdf_meth; -+extern const EVP_KDF_METHOD krb5kdf_kdf_meth; -+extern const EVP_KDF_METHOD ss_kdf_meth; - - struct evp_md_st { - int type; -diff -up openssl-1.1.1d/crypto/kdf/build.info.krb5-kdf openssl-1.1.1d/crypto/kdf/build.info ---- openssl-1.1.1d/crypto/kdf/build.info.krb5-kdf 2019-11-14 15:07:05.320094521 +0100 -+++ openssl-1.1.1d/crypto/kdf/build.info 2019-11-14 15:07:05.342094129 +0100 -@@ -1,3 +1,3 @@ - LIBS=../../libcrypto - SOURCE[../../libcrypto]=\ -- tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c sshkdf.c -+ tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c sshkdf.c kbkdf.c krb5kdf.c sskdf.c -diff -up openssl-1.1.1d/crypto/kdf/kbkdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/kbkdf.c ---- openssl-1.1.1d/crypto/kdf/kbkdf.c.krb5-kdf 2019-11-14 15:07:05.343094112 +0100 -+++ openssl-1.1.1d/crypto/kdf/kbkdf.c 2019-11-18 17:21:58.326635901 +0100 -@@ -0,0 +1,540 @@ -+/* -+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 2019 Red Hat, Inc. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+/* -+ * This implements https://csrc.nist.gov/publications/detail/sp/800-108/final -+ * section 5.1 ("counter mode") and section 5.2 ("feedback mode") in both HMAC -+ * and CMAC. That document does not name the KDFs it defines; the name is -+ * derived from -+ * https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Key-Derivation -+ * -+ * Note that section 5.3 ("double-pipeline mode") is not implemented, though -+ * it would be possible to do so in the future. -+ * -+ * These versions all assume the counter is used. It would be relatively -+ * straightforward to expose a configuration handle should the need arise. -+ * -+ * Variable names attempt to match those of SP800-108. -+ */ -+ -+#include -+#include -+#include -+ -+#include -+#include -+#include -+#include -+ -+#include "internal/numbers.h" -+#include "internal/cryptlib.h" -+#include "crypto/evp.h" -+#include "kdf_local.h" -+ -+#include "e_os.h" -+ -+#ifdef MIN -+# undef MIN -+#endif -+#define MIN(a, b) ((a) < (b)) ? (a) : (b) -+ -+typedef struct { -+ int mac_type; -+ union { -+ HMAC_CTX *hmac; -+ CMAC_CTX *cmac; -+ } m; -+} MAC_CTX; -+ -+/* Our context structure. */ -+struct evp_kdf_impl_st { -+ int mode; -+ -+ MAC_CTX *ctx_init; -+ -+ const EVP_CIPHER *cipher; -+ const EVP_MD *md; -+ -+ /* Names are lowercased versions of those found in SP800-108. */ -+ unsigned char *ki; -+ size_t ki_len; -+ unsigned char *label; -+ size_t label_len; -+ unsigned char *context; -+ size_t context_len; -+ unsigned char *iv; -+ size_t iv_len; -+}; -+ -+static MAC_CTX *EVP_MAC_CTX_new(int mac_type) -+{ -+ MAC_CTX *ctx; -+ -+ ctx = OPENSSL_zalloc(sizeof(*ctx)); -+ if (ctx == NULL) -+ return NULL; -+ -+ ctx->mac_type = mac_type; -+ if (mac_type == EVP_KDF_KB_MAC_TYPE_HMAC) { -+ if ((ctx->m.hmac = HMAC_CTX_new()) == NULL) -+ goto err; -+ } else { -+ if ((ctx->m.cmac = CMAC_CTX_new()) == NULL) -+ goto err; -+ } -+ return ctx; -+ -+err: -+ OPENSSL_free(ctx); -+ return NULL; -+} -+ -+static void EVP_MAC_CTX_free(MAC_CTX *ctx) -+{ -+ if (ctx == NULL) -+ return; -+ -+ if (ctx->mac_type == EVP_KDF_KB_MAC_TYPE_HMAC) -+ HMAC_CTX_free(ctx->m.hmac); -+ else -+ CMAC_CTX_free(ctx->m.cmac); -+ OPENSSL_free(ctx); -+} -+ -+static MAC_CTX *EVP_MAC_CTX_dup(MAC_CTX *sctx) -+{ -+ MAC_CTX *ctx; -+ -+ ctx = OPENSSL_zalloc(sizeof(*sctx)); -+ if (ctx == NULL) -+ return NULL; -+ -+ ctx->mac_type = sctx->mac_type; -+ if (sctx->mac_type == EVP_KDF_KB_MAC_TYPE_HMAC) { -+ if ((ctx->m.hmac = HMAC_CTX_new()) == NULL -+ || HMAC_CTX_copy(ctx->m.hmac, sctx->m.hmac) <= 0) -+ goto err; -+ } else { -+ if ((ctx->m.cmac = CMAC_CTX_new()) == NULL -+ || CMAC_CTX_copy(ctx->m.cmac, sctx->m.cmac) <= 0) -+ goto err; -+ } -+ return ctx; -+ -+err: -+ EVP_MAC_CTX_free(ctx); -+ return NULL; -+} -+ -+static size_t EVP_MAC_size(MAC_CTX *ctx) -+{ -+ if (ctx->mac_type == EVP_KDF_KB_MAC_TYPE_HMAC) { -+ const EVP_MD *md; -+ -+ if (ctx->m.hmac == NULL) -+ return 0; -+ if ((md = HMAC_CTX_get_md(ctx->m.hmac)) == NULL) -+ return 0; -+ return (size_t)EVP_MD_size(md); -+ } else { -+ const EVP_CIPHER_CTX *cctx; -+ -+ if (ctx->m.cmac == NULL) -+ return 0; -+ if ((cctx = CMAC_CTX_get0_cipher_ctx(ctx->m.cmac)) == NULL) -+ return 0; -+ return EVP_CIPHER_CTX_block_size(cctx); -+ } -+} -+ -+static int EVP_MAC_update(MAC_CTX *ctx, const unsigned char *data, -+ size_t datalen) -+{ -+ if (ctx->mac_type == EVP_KDF_KB_MAC_TYPE_HMAC) -+ return HMAC_Update(ctx->m.hmac, data, datalen); -+ else -+ return CMAC_Update(ctx->m.cmac, data, datalen); -+} -+ -+static int EVP_MAC_final(MAC_CTX *ctx, unsigned char *out, -+ size_t *outl, size_t outsize) -+{ -+ if (outsize != EVP_MAC_size(ctx)) -+ /* we do not cope with anything else */ -+ return 0; -+ -+ if (ctx->mac_type == EVP_KDF_KB_MAC_TYPE_HMAC) { -+ unsigned int intsize = (unsigned int)outsize; -+ int ret; -+ -+ ret = HMAC_Final(ctx->m.hmac, out, &intsize); -+ if (outl != NULL) -+ *outl = intsize; -+ return ret; -+ } else { -+ size_t size = outsize; -+ int ret; -+ -+ ret = CMAC_Final(ctx->m.cmac, out, &size); -+ if (outl != NULL) -+ *outl = size; -+ return ret; -+ } -+} -+ -+static int evp_mac_init(MAC_CTX *ctx, const EVP_MD *md, -+ const EVP_CIPHER *cipher, unsigned char *key, size_t keylen) -+{ -+ if (ctx->mac_type == EVP_KDF_KB_MAC_TYPE_HMAC) { -+ if (md == NULL) -+ return 0; -+ return HMAC_Init_ex(ctx->m.hmac, key, (int)keylen, md, NULL); -+ } else { -+ if (cipher == NULL) -+ return 0; -+ return CMAC_Init(ctx->m.cmac, key, keylen, cipher, NULL); -+ } -+} -+ -+static void kbkdf_reset(EVP_KDF_IMPL *ctx); -+ -+/* Not all platforms have htobe32(). */ -+static uint32_t be32(uint32_t host) -+{ -+ uint32_t big = 0; -+ const union { -+ long one; -+ char little; -+ } is_endian = { 1 }; -+ -+ if (!is_endian.little) -+ return host; -+ -+ big |= (host & 0xff000000) >> 24; -+ big |= (host & 0x00ff0000) >> 8; -+ big |= (host & 0x0000ff00) << 8; -+ big |= (host & 0x000000ff) << 24; -+ return big; -+} -+ -+static EVP_KDF_IMPL *kbkdf_new(void) -+{ -+ EVP_KDF_IMPL *ctx; -+ -+ ctx = OPENSSL_zalloc(sizeof(*ctx)); -+ if (ctx == NULL) { -+ KDFerr(KDF_F_KBKDF_NEW, ERR_R_MALLOC_FAILURE); -+ return NULL; -+ } -+ -+ return ctx; -+} -+ -+static void kbkdf_free(EVP_KDF_IMPL *ctx) -+{ -+ kbkdf_reset(ctx); -+ OPENSSL_free(ctx); -+} -+ -+static void kbkdf_reset(EVP_KDF_IMPL *ctx) -+{ -+ EVP_MAC_CTX_free(ctx->ctx_init); -+ OPENSSL_clear_free(ctx->context, ctx->context_len); -+ OPENSSL_clear_free(ctx->label, ctx->label_len); -+ OPENSSL_clear_free(ctx->ki, ctx->ki_len); -+ OPENSSL_clear_free(ctx->iv, ctx->iv_len); -+ memset(ctx, 0, sizeof(*ctx)); -+} -+ -+/* SP800-108 section 5.1 or section 5.2 depending on mode. */ -+static int derive(MAC_CTX *ctx_init, int mode, unsigned char *iv, -+ size_t iv_len, unsigned char *label, size_t label_len, -+ unsigned char *context, size_t context_len, -+ unsigned char *k_i, size_t h, uint32_t l, unsigned char *ko, -+ size_t ko_len) -+{ -+ int ret = 0; -+ MAC_CTX *ctx = NULL; -+ size_t written = 0, to_write, k_i_len = iv_len; -+ const unsigned char zero = 0; -+ uint32_t counter, i; -+ -+ /* Setup K(0) for feedback mode. */ -+ if (iv_len > 0) -+ memcpy(k_i, iv, iv_len); -+ -+ for (counter = 1; written < ko_len; counter++) { -+ i = be32(counter); -+ -+ ctx = EVP_MAC_CTX_dup(ctx_init); -+ if (ctx == NULL) -+ goto done; -+ -+ /* Perform feedback, if appropriate. */ -+ if (mode == EVP_KDF_KB_MODE_FEEDBACK && !EVP_MAC_update(ctx, k_i, k_i_len)) -+ goto done; -+ -+ if (!EVP_MAC_update(ctx, (unsigned char *)&i, 4) -+ || !EVP_MAC_update(ctx, label, label_len) -+ || !EVP_MAC_update(ctx, &zero, 1) -+ || !EVP_MAC_update(ctx, context, context_len) -+ || !EVP_MAC_update(ctx, (unsigned char *)&l, 4) -+ || !EVP_MAC_final(ctx, k_i, NULL, h)) -+ goto done; -+ -+ to_write = ko_len - written; -+ memcpy(ko + written, k_i, MIN(to_write, h)); -+ written += h; -+ -+ k_i_len = h; -+ EVP_MAC_CTX_free(ctx); -+ ctx = NULL; -+ } -+ -+ ret = 1; -+done: -+ EVP_MAC_CTX_free(ctx); -+ return ret; -+} -+ -+static int kbkdf_derive(EVP_KDF_IMPL *ctx, unsigned char *key, size_t keylen) -+{ -+ int ret = 0; -+ unsigned char *k_i = NULL; -+ uint32_t l = be32(keylen * 8); -+ size_t h = 0; -+ -+ /* label, context, and iv are permitted to be empty. Check everything -+ * else. */ -+ if (ctx->ctx_init == NULL -+ || evp_mac_init(ctx->ctx_init, ctx->md, ctx->cipher, ctx->ki, ctx->ki_len) <= 0) { -+ if (ctx->ki_len == 0 || ctx->ki == NULL) { -+ KDFerr(KDF_F_KBKDF_DERIVE, KDF_R_MISSING_KEY); -+ return 0; -+ } -+ /* Could either be missing MAC or missing message digest or missing -+ * cipher - arbitrarily, I pick this one. */ -+ KDFerr(KDF_F_KBKDF_DERIVE, KDF_R_MISSING_PARAMETER); -+ return 0; -+ } -+ -+ h = EVP_MAC_size(ctx->ctx_init); -+ if (h == 0) -+ goto done; -+ if (ctx->iv_len != 0 && ctx->iv_len != h) { -+ KDFerr(KDF_F_KBKDF_DERIVE, KDF_R_INVALID_SEED_LENGTH); -+ goto done; -+ } -+ -+ k_i = OPENSSL_zalloc(h); -+ if (k_i == NULL) -+ goto done; -+ -+ ret = derive(ctx->ctx_init, ctx->mode, ctx->iv, ctx->iv_len, ctx->label, -+ ctx->label_len, ctx->context, ctx->context_len, k_i, h, l, -+ key, keylen); -+done: -+ if (ret != 1) -+ OPENSSL_cleanse(key, keylen); -+ OPENSSL_clear_free(k_i, h); -+ return ret; -+} -+ -+static size_t kbkdf_size(EVP_KDF_IMPL *ctx) -+{ -+ return UINT32_MAX/8; -+} -+ -+static int kbkdf_parse_buffer_arg(unsigned char **dst, size_t *dst_len, -+ va_list args) -+{ -+ const unsigned char *p; -+ size_t len; -+ -+ p = va_arg(args, const unsigned char *); -+ len = va_arg(args, size_t); -+ OPENSSL_clear_free(*dst, *dst_len); -+ if (len == 0) { -+ *dst = NULL; -+ *dst_len = 0; -+ return 1; -+ } -+ -+ *dst = OPENSSL_memdup(p, len); -+ if (*dst == NULL) -+ return 0; -+ -+ *dst_len = len; -+ return 1; -+} -+ -+static int kbkdf_ctrl(EVP_KDF_IMPL *ctx, int cmd, va_list args) -+{ -+ int t; -+ -+ switch (cmd) { -+ case EVP_KDF_CTRL_SET_MD: -+ ctx->md = va_arg(args, const EVP_MD *); -+ if (ctx->md == NULL) -+ return 0; -+ -+ return 1; -+ -+ case EVP_KDF_CTRL_SET_CIPHER: -+ ctx->cipher = va_arg(args, const EVP_CIPHER *); -+ if (ctx->cipher == NULL) -+ return 0; -+ -+ return 1; -+ -+ case EVP_KDF_CTRL_SET_KEY: -+ return kbkdf_parse_buffer_arg(&ctx->ki, -+ &ctx->ki_len, args); -+ -+ case EVP_KDF_CTRL_SET_SALT: -+ return kbkdf_parse_buffer_arg(&ctx->label, -+ &ctx->label_len, args); -+ -+ case EVP_KDF_CTRL_SET_KB_INFO: -+ return kbkdf_parse_buffer_arg(&ctx->context, -+ &ctx->context_len, args); -+ -+ case EVP_KDF_CTRL_SET_KB_SEED: -+ return kbkdf_parse_buffer_arg(&ctx->iv, -+ &ctx->iv_len, args); -+ -+ case EVP_KDF_CTRL_SET_KB_MODE: -+ t = va_arg(args, int); -+ if (t != EVP_KDF_KB_MODE_COUNTER && t != EVP_KDF_KB_MODE_FEEDBACK ) { -+ KDFerr(KDF_F_KBKDF_CTRL, KDF_R_VALUE_ERROR); -+ return 0; -+ } -+ ctx->mode = t; -+ return 1; -+ -+ case EVP_KDF_CTRL_SET_KB_MAC_TYPE: -+ t = va_arg(args, int); -+ if (t != EVP_KDF_KB_MAC_TYPE_HMAC && t != EVP_KDF_KB_MAC_TYPE_CMAC ) { -+ KDFerr(KDF_F_KBKDF_CTRL, KDF_R_VALUE_ERROR); -+ return 0; -+ } -+ -+ if (ctx->ctx_init != NULL) { -+ EVP_MAC_CTX_free(ctx->ctx_init); -+ } -+ ctx->ctx_init = EVP_MAC_CTX_new(t); -+ if (ctx->ctx_init == NULL) { -+ KDFerr(KDF_F_KBKDF_CTRL, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } -+ return 1; -+ -+ default: -+ return -2; -+ -+ } -+} -+ -+static int kbkdf_ctrl_str(EVP_KDF_IMPL *ctx, const char *type, -+ const char *value) -+{ -+ if (value == NULL) { -+ KDFerr(KDF_F_KDF_SSHKDF_CTRL_STR, KDF_R_VALUE_MISSING); -+ return 0; -+ } -+ -+ if (strcmp(type, "digest") == 0) -+ return kdf_md2ctrl(ctx, kbkdf_ctrl, EVP_KDF_CTRL_SET_MD, value); -+ /* alias, for historical reasons */ -+ if (strcmp(type, "md") == 0) -+ return kdf_md2ctrl(ctx, kbkdf_ctrl, EVP_KDF_CTRL_SET_MD, value); -+ -+ if (strcmp(type, "cipher") == 0) -+ return kdf_cipher2ctrl(ctx, kbkdf_ctrl, EVP_KDF_CTRL_SET_CIPHER, value); -+ -+ if (strcmp(type, "key") == 0) -+ return kdf_str2ctrl(ctx, kbkdf_ctrl, -+ EVP_KDF_CTRL_SET_KEY, value); -+ -+ if (strcmp(type, "hexkey") == 0) -+ return kdf_hex2ctrl(ctx, kbkdf_ctrl, -+ EVP_KDF_CTRL_SET_KEY, value); -+ -+ if (strcmp(type, "salt") == 0) -+ return kdf_str2ctrl(ctx, kbkdf_ctrl, -+ EVP_KDF_CTRL_SET_SALT, value); -+ -+ if (strcmp(type, "hexsalt") == 0) -+ return kdf_hex2ctrl(ctx, kbkdf_ctrl, -+ EVP_KDF_CTRL_SET_SALT, value); -+ -+ if (strcmp(type, "info") == 0) -+ return kdf_str2ctrl(ctx, kbkdf_ctrl, -+ EVP_KDF_CTRL_SET_KB_INFO, value); -+ -+ if (strcmp(type, "hexinfo") == 0) -+ return kdf_hex2ctrl(ctx, kbkdf_ctrl, -+ EVP_KDF_CTRL_SET_KB_INFO, value); -+ -+ if (strcmp(type, "seed") == 0) -+ return kdf_str2ctrl(ctx, kbkdf_ctrl, -+ EVP_KDF_CTRL_SET_KB_SEED, value); -+ -+ if (strcmp(type, "hexseed") == 0) -+ return kdf_hex2ctrl(ctx, kbkdf_ctrl, -+ EVP_KDF_CTRL_SET_KB_SEED, value); -+ -+ if (strcmp(type, "mode") == 0) { -+ int mode; -+ -+ if (strcasecmp(value, "counter") == 0) { -+ mode = EVP_KDF_KB_MODE_COUNTER; -+ } else if (strcasecmp(value, "feedback") == 0) { -+ mode = EVP_KDF_KB_MODE_FEEDBACK; -+ } else { -+ KDFerr(KDF_F_KBKDF_CTRL_STR, KDF_R_VALUE_ERROR); -+ return 0; -+ } -+ -+ return call_ctrl(kbkdf_ctrl, ctx, EVP_KDF_CTRL_SET_KB_MODE, -+ mode); -+ } -+ -+ if (strcmp(type, "mac_type") == 0) { -+ int mac_type; -+ -+ if (strcasecmp(value, "hmac") == 0) { -+ mac_type = EVP_KDF_KB_MAC_TYPE_HMAC; -+ } else if (strcasecmp(value, "cmac") == 0) { -+ mac_type = EVP_KDF_KB_MAC_TYPE_CMAC; -+ } else { -+ KDFerr(KDF_F_KBKDF_CTRL_STR, KDF_R_VALUE_ERROR); -+ return 0; -+ } -+ -+ return call_ctrl(kbkdf_ctrl, ctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, -+ mac_type); -+ } -+ -+ KDFerr(KDF_F_KBKDF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE); -+ return -2; -+} -+ -+const EVP_KDF_METHOD kb_kdf_meth = { -+ EVP_KDF_KB, -+ kbkdf_new, -+ kbkdf_free, -+ kbkdf_reset, -+ kbkdf_ctrl, -+ kbkdf_ctrl_str, -+ kbkdf_size, -+ kbkdf_derive, -+}; -+ -diff -up openssl-1.1.1d/crypto/kdf/kdf_err.c.krb5-kdf openssl-1.1.1d/crypto/kdf/kdf_err.c ---- openssl-1.1.1d/crypto/kdf/kdf_err.c.krb5-kdf 2019-11-14 15:07:05.320094521 +0100 -+++ openssl-1.1.1d/crypto/kdf/kdf_err.c 2019-11-14 15:07:05.343094112 +0100 -@@ -15,6 +15,11 @@ - - static const ERR_STRING_DATA KDF_str_functs[] = { - {ERR_PACK(ERR_LIB_KDF, KDF_F_HKDF_EXTRACT, 0), "HKDF_Extract"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KBKDF_CTRL, 0), "kbkdf_ctrl"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KBKDF_CTRL_STR, 0), "kbkdf_ctrl_str"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KBKDF_DERIVE, 0), "kbkdf_derive"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KBKDF_NEW, 0), "kbkdf_new"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_CIPHER2CTRL, 0), "kdf_cipher2ctrl"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_HKDF_DERIVE, 0), "kdf_hkdf_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_HKDF_NEW, 0), "kdf_hkdf_new"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_HKDF_SIZE, 0), "kdf_hkdf_size"}, -@@ -41,6 +46,8 @@ static const ERR_STRING_DATA KDF_str_fun - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_DERIVE, 0), - "kdf_tls1_prf_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_NEW, 0), "kdf_tls1_prf_new"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KRB5KDF, 0), "KRB5KDF"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KRB5KDF_DERIVE, 0), "krb5kdf_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PBKDF2_SET_MEMBUF, 0), "pbkdf2_set_membuf"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_CTRL_STR, 0), "pkey_hkdf_ctrl_str"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"}, -@@ -59,12 +66,22 @@ static const ERR_STRING_DATA KDF_str_fun - "pkey_tls1_prf_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_INIT, 0), "pkey_tls1_prf_init"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_SCRYPT_SET_MEMBUF, 0), "scrypt_set_membuf"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_SSKDF_DERIVE, 0), "sskdf_derive"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_SSKDF_NEW, 0), "sskdf_new"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_SSKDF_SIZE, 0), "sskdf_size"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_TLS1_PRF_ALG, 0), "tls1_prf_alg"}, - {0, NULL} - }; - - static const ERR_STRING_DATA KDF_str_reasons[] = { -+ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_FAILED_TO_GENERATE_KEY), -+ "failed to generate key"}, -+ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_CIPHER), "invalid cipher"}, -+ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_CONSTANT_LENGTH), "invalid constant length"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_DIGEST), "invalid digest"}, -+ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_SEED_LENGTH), "invalid seed length"}, -+ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_CIPHER), "missing cipher"}, -+ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_CONSTANT), "missing constant"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_ITERATION_COUNT), - "missing iteration count"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_KEY), "missing key"}, -@@ -82,6 +99,8 @@ static const ERR_STRING_DATA KDF_str_rea - "unknown parameter type"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_ERROR), "value error"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_MISSING), "value missing"}, -+ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_WRONG_FINAL_BLOCK_LENGTH), -+ "wrong final block length"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_WRONG_OUTPUT_BUFFER_SIZE), - "wrong output buffer size"}, - {0, NULL} -diff -up openssl-1.1.1d/crypto/kdf/kdf_local.h.krb5-kdf openssl-1.1.1d/crypto/kdf/kdf_local.h ---- openssl-1.1.1d/crypto/kdf/kdf_local.h.krb5-kdf 2019-11-14 15:07:05.313094646 +0100 -+++ openssl-1.1.1d/crypto/kdf/kdf_local.h 2019-11-14 15:07:05.344094093 +0100 -@@ -19,4 +19,6 @@ int kdf_hex2ctrl(EVP_KDF_IMPL *impl, - int kdf_md2ctrl(EVP_KDF_IMPL *impl, - int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), - int cmd, const char *md_name); -- -+int kdf_cipher2ctrl(EVP_KDF_IMPL *impl, -+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), -+ int cmd, const char *cipher_name); -diff -up openssl-1.1.1d/crypto/kdf/kdf_util.c.krb5-kdf openssl-1.1.1d/crypto/kdf/kdf_util.c ---- openssl-1.1.1d/crypto/kdf/kdf_util.c.krb5-kdf 2019-11-14 15:07:05.313094646 +0100 -+++ openssl-1.1.1d/crypto/kdf/kdf_util.c 2019-11-14 15:07:05.344094093 +0100 -@@ -71,3 +71,16 @@ int kdf_md2ctrl(EVP_KDF_IMPL *impl, - return call_ctrl(ctrl, impl, cmd, md); - } - -+/* Pass a cipher to a ctrl */ -+int kdf_cipher2ctrl(EVP_KDF_IMPL *impl, -+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), -+ int cmd, const char *cipher_name) -+{ -+ const EVP_CIPHER *cipher; -+ -+ if (cipher_name == NULL || (cipher = EVP_get_cipherbyname(cipher_name)) == NULL) { -+ KDFerr(KDF_F_KDF_CIPHER2CTRL, KDF_R_INVALID_CIPHER); -+ return 0; -+ } -+ return call_ctrl(ctrl, impl, cmd, cipher); -+} -diff -up openssl-1.1.1d/crypto/kdf/krb5kdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/krb5kdf.c ---- openssl-1.1.1d/crypto/kdf/krb5kdf.c.krb5-kdf 2019-11-14 15:07:05.344094093 +0100 -+++ openssl-1.1.1d/crypto/kdf/krb5kdf.c 2019-11-18 17:18:13.056604404 +0100 -@@ -0,0 +1,423 @@ -+/* -+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the OpenSSL license (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#include -+#include -+#include -+ -+#include -+#include -+#include -+ -+#include "internal/cryptlib.h" -+#include "crypto/evp.h" -+#include "kdf_local.h" -+ -+/* KRB5 KDF defined in RFC 3961, Section 5.1 */ -+ -+static int KRB5KDF(const EVP_CIPHER *cipher, -+ const unsigned char *key, size_t key_len, -+ const unsigned char *constant, size_t constant_len, -+ unsigned char *okey, size_t okey_len); -+ -+struct evp_kdf_impl_st { -+ const EVP_CIPHER *cipher; -+ unsigned char *key; -+ size_t key_len; -+ unsigned char *constant; -+ size_t constant_len; -+}; -+ -+static void krb5kdf_reset(EVP_KDF_IMPL *ctx); -+ -+static EVP_KDF_IMPL *krb5kdf_new(void) -+{ -+ EVP_KDF_IMPL *ctx; -+ -+ if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) -+ KDFerr(KDF_F_KBKDF_NEW, ERR_R_MALLOC_FAILURE); -+ return ctx; -+} -+ -+static void krb5kdf_free(EVP_KDF_IMPL *ctx) -+{ -+ krb5kdf_reset(ctx); -+ OPENSSL_free(ctx); -+} -+ -+static void krb5kdf_reset(EVP_KDF_IMPL *ctx) -+{ -+ OPENSSL_clear_free(ctx->key, ctx->key_len); -+ OPENSSL_clear_free(ctx->constant, ctx->constant_len); -+ memset(ctx, 0, sizeof(*ctx)); -+} -+ -+static int krb5kdf_derive(EVP_KDF_IMPL *ctx, unsigned char *key, -+ size_t keylen) -+{ -+ if (ctx->cipher == NULL) { -+ KDFerr(KDF_F_KRB5KDF_DERIVE, KDF_R_MISSING_CIPHER); -+ return 0; -+ } -+ if (ctx->key == NULL) { -+ KDFerr(KDF_F_KRB5KDF_DERIVE, KDF_R_MISSING_KEY); -+ return 0; -+ } -+ if (ctx->constant == NULL) { -+ KDFerr(KDF_F_KRB5KDF_DERIVE, KDF_R_MISSING_CONSTANT); -+ return 0; -+ } -+ return KRB5KDF(ctx->cipher, ctx->key, ctx->key_len, -+ ctx->constant, ctx->constant_len, -+ key, keylen); -+} -+ -+static size_t krb5kdf_size(EVP_KDF_IMPL *ctx) -+{ -+ if (ctx->cipher != NULL) -+ return EVP_CIPHER_key_length(ctx->cipher); -+ else -+ return EVP_MAX_KEY_LENGTH; -+} -+ -+ -+static int krb5kdf_parse_buffer_arg(unsigned char **dst, size_t *dst_len, -+ va_list args) -+{ -+ const unsigned char *p; -+ size_t len; -+ -+ p = va_arg(args, const unsigned char *); -+ len = va_arg(args, size_t); -+ OPENSSL_clear_free(*dst, *dst_len); -+ if (len == 0) { -+ *dst = NULL; -+ *dst_len = 0; -+ return 1; -+ } -+ -+ *dst = OPENSSL_memdup(p, len); -+ if (*dst == NULL) -+ return 0; -+ -+ *dst_len = len; -+ return 1; -+} -+ -+static int krb5kdf_ctrl(EVP_KDF_IMPL *ctx, int cmd, va_list args) -+{ -+ switch (cmd) { -+ case EVP_KDF_CTRL_SET_CIPHER: -+ ctx->cipher = va_arg(args, const EVP_CIPHER *); -+ if (ctx->cipher == NULL) -+ return 0; -+ -+ return 1; -+ -+ case EVP_KDF_CTRL_SET_KEY: -+ return krb5kdf_parse_buffer_arg(&ctx->key, -+ &ctx->key_len, args); -+ -+ case EVP_KDF_CTRL_SET_KRB5KDF_CONSTANT: -+ return krb5kdf_parse_buffer_arg(&ctx->constant, -+ &ctx->constant_len, args); -+ default: -+ return -2; -+ -+ } -+} -+ -+static int krb5kdf_ctrl_str(EVP_KDF_IMPL *ctx, const char *type, -+ const char *value) -+{ -+ if (value == NULL) { -+ KDFerr(KDF_F_KDF_SSHKDF_CTRL_STR, KDF_R_VALUE_MISSING); -+ return 0; -+ } -+ -+ if (strcmp(type, "cipher") == 0) -+ return kdf_cipher2ctrl(ctx, krb5kdf_ctrl, EVP_KDF_CTRL_SET_CIPHER, value); -+ -+ if (strcmp(type, "key") == 0) -+ return kdf_str2ctrl(ctx, krb5kdf_ctrl, -+ EVP_KDF_CTRL_SET_KEY, value); -+ -+ if (strcmp(type, "hexkey") == 0) -+ return kdf_hex2ctrl(ctx, krb5kdf_ctrl, -+ EVP_KDF_CTRL_SET_KEY, value); -+ -+ if (strcmp(type, "constant") == 0) -+ return kdf_str2ctrl(ctx, krb5kdf_ctrl, -+ EVP_KDF_CTRL_SET_KRB5KDF_CONSTANT, value); -+ -+ if (strcmp(type, "hexconstant") == 0) -+ return kdf_hex2ctrl(ctx, krb5kdf_ctrl, -+ EVP_KDF_CTRL_SET_KRB5KDF_CONSTANT, value); -+ -+ KDFerr(KDF_F_KBKDF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE); -+ return -2; -+} -+ -+ -+#ifndef OPENSSL_NO_DES -+/* -+ * DES3 is a special case, it requires a random-to-key function and its -+ * input truncated to 21 bytes of the 24 produced by the cipher. -+ * See RFC3961 6.3.1 -+ */ -+static int fixup_des3_key(unsigned char *key) -+{ -+ unsigned char *cblock; -+ int i, j; -+ -+ for (i = 2; i >= 0; i--) { -+ cblock = &key[i * 8]; -+ memmove(cblock, &key[i * 7], 7); -+ cblock[7] = 0; -+ for (j = 0; j < 7; j++) -+ cblock[7] |= (cblock[j] & 1) << (j + 1); -+ DES_set_odd_parity((DES_cblock *)cblock); -+ } -+ -+ /* fail if keys are such that triple des degrades to single des */ -+ if (CRYPTO_memcmp(&key[0], &key[8], 8) == 0 || -+ CRYPTO_memcmp(&key[8], &key[16], 8) == 0) { -+ return 0; -+ } -+ -+ return 1; -+} -+#endif -+ -+/* -+ * N-fold(K) where blocksize is N, and constant_len is K -+ * Note: Here |= denotes concatenation -+ * -+ * L = lcm(N,K) -+ * R = L/K -+ * -+ * for r: 1 -> R -+ * s |= constant rot 13*(r-1)) -+ * -+ * block = 0 -+ * for k: 1 -> K -+ * block += s[N(k-1)..(N-1)k] (one's complement addition) -+ * -+ * Optimizing for space we compute: -+ * for each l in L-1 -> 0: -+ * s[l] = (constant rot 13*(l/K))[l%k] -+ * block[l % N] += s[l] (with carry) -+ * finally add carry if any -+ */ -+static void n_fold(unsigned char *block, unsigned int blocksize, -+ const unsigned char *constant, size_t constant_len) -+{ -+ unsigned int tmp, gcd, remainder, lcm, carry; -+ int b, l; -+ -+ if (constant_len == blocksize) { -+ memcpy(block, constant, constant_len); -+ return; -+ } -+ -+ /* Least Common Multiple of lengths: LCM(a,b)*/ -+ gcd = blocksize; -+ remainder = constant_len; -+ /* Calculate Great Common Divisor first GCD(a,b) */ -+ while (remainder != 0) { -+ tmp = gcd % remainder; -+ gcd = remainder; -+ remainder = tmp; -+ } -+ /* resulting a is the GCD, LCM(a,b) = |a*b|/GCD(a,b) */ -+ lcm = blocksize * constant_len / gcd; -+ -+ /* now spread out the bits */ -+ memset(block, 0, blocksize); -+ -+ /* last to first to be able to bring carry forward */ -+ carry = 0; -+ for (l = lcm - 1; l >= 0; l--) { -+ unsigned int rotbits, rshift, rbyte; -+ -+ /* destination byte in block is l % N */ -+ b = l % blocksize; -+ /* Our virtual s buffer is R = L/K long (K = constant_len) */ -+ /* So we rotate backwards from R-1 to 0 (none) rotations */ -+ rotbits = 13 * (l / constant_len); -+ /* find the byte on s where rotbits falls onto */ -+ rbyte = l - (rotbits / 8); -+ /* calculate how much shift on that byte */ -+ rshift = rotbits & 0x07; -+ /* rbyte % constant_len gives us the unrotated byte in the -+ * constant buffer, get also the previous byte then -+ * appropriately shift them to get the rotated byte we need */ -+ tmp = (constant[(rbyte-1) % constant_len] << (8 - rshift) -+ | constant[rbyte % constant_len] >> rshift) -+ & 0xff; -+ /* add with carry to any value placed by previous passes */ -+ tmp += carry + block[b]; -+ block[b] = tmp & 0xff; -+ /* save any carry that may be left */ -+ carry = tmp >> 8; -+ } -+ -+ /* if any carry is left at the end, add it through the number */ -+ for (b = blocksize - 1; b >= 0 && carry != 0; b--) { -+ carry += block[b]; -+ block[b] = carry & 0xff; -+ carry >>= 8; -+ } -+} -+ -+static int cipher_init(EVP_CIPHER_CTX *ctx, -+ const EVP_CIPHER *cipher, -+ const unsigned char *key, size_t key_len) -+{ -+ int klen, ret; -+ -+ ret = EVP_EncryptInit_ex(ctx, cipher, NULL, key, NULL); -+ if (!ret) -+ goto out; -+ /* set the key len for the odd variable key len cipher */ -+ klen = EVP_CIPHER_CTX_key_length(ctx); -+ if (key_len != (size_t)klen) { -+ ret = EVP_CIPHER_CTX_set_key_length(ctx, key_len); -+ if (!ret) -+ goto out; -+ } -+ /* we never want padding, either the length requested is a multiple of -+ * the cipher block size or we are passed a cipher that can cope with -+ * partial blocks via techniques like cipher text stealing */ -+ ret = EVP_CIPHER_CTX_set_padding(ctx, 0); -+ if (!ret) -+ goto out; -+ -+out: -+ return ret; -+} -+ -+static int KRB5KDF(const EVP_CIPHER *cipher, -+ const unsigned char *key, size_t key_len, -+ const unsigned char *constant, size_t constant_len, -+ unsigned char *okey, size_t okey_len) -+{ -+ EVP_CIPHER_CTX *ctx = NULL; -+ unsigned char block[EVP_MAX_BLOCK_LENGTH * 2]; -+ unsigned char *plainblock, *cipherblock; -+ size_t blocksize; -+ size_t cipherlen; -+ size_t osize; -+ int des3_no_fixup = 0; -+ int ret; -+ -+ if (key_len != okey_len) { -+ /* special case for 3des, where the caller may be requesting -+ * the random raw key, instead of the fixed up key */ -+ if (EVP_CIPHER_nid(cipher) == NID_des_ede3_cbc && -+ key_len == 24 && okey_len == 21) { -+ des3_no_fixup = 1; -+ } else { -+ KDFerr(KDF_F_KRB5KDF, KDF_R_WRONG_OUTPUT_BUFFER_SIZE); -+ return 0; -+ } -+ } -+ -+ ctx = EVP_CIPHER_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ -+ ret = cipher_init(ctx, cipher, key, key_len); -+ if (!ret) -+ goto out; -+ -+ /* Initialize input block */ -+ blocksize = EVP_CIPHER_CTX_block_size(ctx); -+ -+ if (constant_len == 0 || constant_len > blocksize) { -+ KDFerr(KDF_F_KRB5KDF, KDF_R_INVALID_CONSTANT_LENGTH); -+ ret = 0; -+ goto out; -+ } -+ -+ n_fold(block, blocksize, constant, constant_len); -+ plainblock = block; -+ cipherblock = block + EVP_MAX_BLOCK_LENGTH; -+ -+ for (osize = 0; osize < okey_len; osize += cipherlen) { -+ int olen; -+ -+ ret = EVP_EncryptUpdate(ctx, cipherblock, &olen, -+ plainblock, blocksize); -+ if (!ret) -+ goto out; -+ cipherlen = olen; -+ ret = EVP_EncryptFinal_ex(ctx, cipherblock, &olen); -+ if (!ret) -+ goto out; -+ if (olen != 0) { -+ KDFerr(KDF_F_KRB5KDF, KDF_R_WRONG_FINAL_BLOCK_LENGTH); -+ ret = 0; -+ goto out; -+ } -+ -+ /* write cipherblock out */ -+ if (cipherlen > okey_len - osize) -+ cipherlen = okey_len - osize; -+ memcpy(okey + osize, cipherblock, cipherlen); -+ -+ if (okey_len > osize + cipherlen) { -+ /* we need to reinitialize cipher context per spec */ -+ ret = EVP_CIPHER_CTX_reset(ctx); -+ if (!ret) -+ goto out; -+ ret = cipher_init(ctx, cipher, key, key_len); -+ if (!ret) -+ goto out; -+ -+ /* also swap block offsets so last ciphertext becomes new -+ * plaintext */ -+ plainblock = cipherblock; -+ if (cipherblock == block) { -+ cipherblock += EVP_MAX_BLOCK_LENGTH; -+ } else { -+ cipherblock = block; -+ } -+ } -+ } -+ -+#ifndef OPENSSL_NO_DES -+ if (EVP_CIPHER_nid(cipher) == NID_des_ede3_cbc && !des3_no_fixup) { -+ ret = fixup_des3_key(okey); -+ if (!ret) { -+ KDFerr(KDF_F_KRB5KDF, KDF_R_FAILED_TO_GENERATE_KEY); -+ goto out; -+ } -+ } -+#endif -+ -+ ret = 1; -+ -+out: -+ EVP_CIPHER_CTX_free(ctx); -+ OPENSSL_cleanse(block, EVP_MAX_BLOCK_LENGTH * 2); -+ return ret; -+} -+ -+const EVP_KDF_METHOD krb5kdf_kdf_meth = { -+ EVP_KDF_KRB5KDF, -+ krb5kdf_new, -+ krb5kdf_free, -+ krb5kdf_reset, -+ krb5kdf_ctrl, -+ krb5kdf_ctrl_str, -+ krb5kdf_size, -+ krb5kdf_derive, -+}; -+ -diff -up openssl-1.1.1d/crypto/kdf/sshkdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/sshkdf.c ---- openssl-1.1.1d/crypto/kdf/sshkdf.c.krb5-kdf 2019-11-14 15:07:05.327094396 +0100 -+++ openssl-1.1.1d/crypto/kdf/sshkdf.c 2019-11-18 17:18:25.343388314 +0100 -@@ -12,6 +12,7 @@ - #include - #include - #include -+#include "internal/numbers.h" - #include "internal/cryptlib.h" - #include "crypto/evp.h" - #include "kdf_local.h" -@@ -68,6 +69,12 @@ static int kdf_sshkdf_parse_buffer_arg(u - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - OPENSSL_clear_free(*dst, *dst_len); -+ if (len == 0) { -+ *dst = NULL; -+ *dst_len = 0; -+ return 1; -+ } -+ - *dst = OPENSSL_memdup(p, len); - if (*dst == NULL) - return 0; -diff -up openssl-1.1.1d/crypto/kdf/sskdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/sskdf.c ---- openssl-1.1.1d/crypto/kdf/sskdf.c.krb5-kdf 2019-11-14 15:07:05.344094093 +0100 -+++ openssl-1.1.1d/crypto/kdf/sskdf.c 2019-11-18 17:21:40.349952802 +0100 -@@ -0,0 +1,255 @@ -+/* -+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+/* -+ * Refer to https://csrc.nist.gov/publications/detail/sp/800-56c/rev-1/final -+ * Section 4.1. -+ * -+ * The Single Step KDF algorithm is given by: -+ * -+ * Result(0) = empty bit string (i.e., the null string). -+ * For i = 1 to reps, do the following: -+ * Increment counter by 1. -+ * Result(i) = Result(i – 1) || H(counter || Z || FixedInfo). -+ * DKM = LeftmostBits(Result(reps), L)) -+ * -+ * NOTES: -+ * Z is a shared secret required to produce the derived key material. -+ * counter is a 4 byte buffer. -+ * FixedInfo is a bit string containing context specific data. -+ * DKM is the output derived key material. -+ * L is the required size of the DKM. -+ * reps = [L / H_outputBits] -+ * H(x) is the auxiliary function that can be either a hash, HMAC or KMAC. -+ * This backported version supports only a hash. -+ * H_outputBits is the length of the output of the auxiliary function H(x). -+ * -+ * Currently there is not a comprehensive list of test vectors for this -+ * algorithm, especially for H(x) = HMAC and H(x) = KMAC. -+ * Test vectors for H(x) = Hash are indirectly used by CAVS KAS tests. -+ */ -+#include -+#include -+#include -+#include -+#include -+#include -+#include "internal/cryptlib.h" -+#include "crypto/evp.h" -+#include "kdf_local.h" -+ -+struct evp_kdf_impl_st { -+ const EVP_MD *md; /* H(x) = hash */ -+ unsigned char *secret; -+ size_t secret_len; -+ unsigned char *info; -+ size_t info_len; -+}; -+ -+#define SSKDF_MAX_INLEN (1<<30) -+ -+/* -+ * Refer to https://csrc.nist.gov/publications/detail/sp/800-56c/rev-1/final -+ * Section 4. One-Step Key Derivation using H(x) = hash(x) -+ */ -+static int SSKDF_hash_kdm(const EVP_MD *kdf_md, -+ const unsigned char *z, size_t z_len, -+ const unsigned char *info, size_t info_len, -+ unsigned char *derived_key, size_t derived_key_len) -+{ -+ int ret = 0, hlen; -+ size_t counter, out_len, len = derived_key_len; -+ unsigned char c[4]; -+ unsigned char mac[EVP_MAX_MD_SIZE]; -+ unsigned char *out = derived_key; -+ EVP_MD_CTX *ctx = NULL, *ctx_init = NULL; -+ -+ if (z_len > SSKDF_MAX_INLEN || info_len > SSKDF_MAX_INLEN -+ || derived_key_len > SSKDF_MAX_INLEN -+ || derived_key_len == 0) -+ return 0; -+ -+ hlen = EVP_MD_size(kdf_md); -+ if (hlen <= 0) -+ return 0; -+ out_len = (size_t)hlen; -+ -+ ctx = EVP_MD_CTX_create(); -+ ctx_init = EVP_MD_CTX_create(); -+ if (ctx == NULL || ctx_init == NULL) -+ goto end; -+ -+ if (!EVP_DigestInit(ctx_init, kdf_md)) -+ goto end; -+ -+ for (counter = 1;; counter++) { -+ c[0] = (unsigned char)((counter >> 24) & 0xff); -+ c[1] = (unsigned char)((counter >> 16) & 0xff); -+ c[2] = (unsigned char)((counter >> 8) & 0xff); -+ c[3] = (unsigned char)(counter & 0xff); -+ -+ if (!(EVP_MD_CTX_copy_ex(ctx, ctx_init) -+ && EVP_DigestUpdate(ctx, c, sizeof(c)) -+ && EVP_DigestUpdate(ctx, z, z_len) -+ && EVP_DigestUpdate(ctx, info, info_len))) -+ goto end; -+ if (len >= out_len) { -+ if (!EVP_DigestFinal_ex(ctx, out, NULL)) -+ goto end; -+ out += out_len; -+ len -= out_len; -+ if (len == 0) -+ break; -+ } else { -+ if (!EVP_DigestFinal_ex(ctx, mac, NULL)) -+ goto end; -+ memcpy(out, mac, len); -+ break; -+ } -+ } -+ ret = 1; -+end: -+ EVP_MD_CTX_destroy(ctx); -+ EVP_MD_CTX_destroy(ctx_init); -+ OPENSSL_cleanse(mac, sizeof(mac)); -+ return ret; -+} -+ -+static EVP_KDF_IMPL *sskdf_new(void) -+{ -+ EVP_KDF_IMPL *impl; -+ -+ if ((impl = OPENSSL_zalloc(sizeof(*impl))) == NULL) -+ KDFerr(KDF_F_SSKDF_NEW, ERR_R_MALLOC_FAILURE); -+ return impl; -+} -+ -+static void sskdf_reset(EVP_KDF_IMPL *impl) -+{ -+ OPENSSL_clear_free(impl->secret, impl->secret_len); -+ OPENSSL_clear_free(impl->info, impl->info_len); -+ memset(impl, 0, sizeof(*impl)); -+} -+ -+static void sskdf_free(EVP_KDF_IMPL *impl) -+{ -+ sskdf_reset(impl); -+ OPENSSL_free(impl); -+} -+ -+static int sskdf_set_buffer(va_list args, unsigned char **out, size_t *out_len) -+{ -+ const unsigned char *p; -+ size_t len; -+ -+ p = va_arg(args, const unsigned char *); -+ len = va_arg(args, size_t); -+ OPENSSL_clear_free(*out, *out_len); -+ if (len == 0) { -+ *out = NULL; -+ *out_len = 0; -+ return 1; -+ } -+ -+ *out = OPENSSL_memdup(p, len); -+ if (*out == NULL) -+ return 0; -+ -+ *out_len = len; -+ return 1; -+} -+ -+static int sskdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) -+{ -+ const EVP_MD *md; -+ -+ switch (cmd) { -+ case EVP_KDF_CTRL_SET_KEY: -+ return sskdf_set_buffer(args, &impl->secret, &impl->secret_len); -+ -+ case EVP_KDF_CTRL_SET_SSKDF_INFO: -+ return sskdf_set_buffer(args, &impl->info, &impl->info_len); -+ -+ case EVP_KDF_CTRL_SET_MD: -+ md = va_arg(args, const EVP_MD *); -+ if (md == NULL) -+ return 0; -+ -+ impl->md = md; -+ return 1; -+ -+ default: -+ return -2; -+ } -+} -+ -+static int sskdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type, -+ const char *value) -+{ -+ if (strcmp(type, "secret") == 0 || strcmp(type, "key") == 0) -+ return kdf_str2ctrl(impl, sskdf_ctrl, EVP_KDF_CTRL_SET_KEY, -+ value); -+ -+ if (strcmp(type, "hexsecret") == 0 || strcmp(type, "hexkey") == 0) -+ return kdf_hex2ctrl(impl, sskdf_ctrl, EVP_KDF_CTRL_SET_KEY, -+ value); -+ -+ if (strcmp(type, "info") == 0) -+ return kdf_str2ctrl(impl, sskdf_ctrl, EVP_KDF_CTRL_SET_SSKDF_INFO, -+ value); -+ -+ if (strcmp(type, "hexinfo") == 0) -+ return kdf_hex2ctrl(impl, sskdf_ctrl, EVP_KDF_CTRL_SET_SSKDF_INFO, -+ value); -+ -+ if (strcmp(type, "digest") == 0) -+ return kdf_md2ctrl(impl, sskdf_ctrl, EVP_KDF_CTRL_SET_MD, value); -+ -+ return -2; -+} -+ -+static size_t sskdf_size(EVP_KDF_IMPL *impl) -+{ -+ int len; -+ -+ if (impl->md == NULL) { -+ KDFerr(KDF_F_SSKDF_SIZE, KDF_R_MISSING_MESSAGE_DIGEST); -+ return 0; -+ } -+ len = EVP_MD_size(impl->md); -+ return (len <= 0) ? 0 : (size_t)len; -+} -+ -+static int sskdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen) -+{ -+ if (impl->secret == NULL) { -+ KDFerr(KDF_F_SSKDF_DERIVE, KDF_R_MISSING_SECRET); -+ return 0; -+ } -+ -+ /* H(x) = hash */ -+ if (impl->md == NULL) { -+ KDFerr(KDF_F_SSKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); -+ return 0; -+ } -+ return SSKDF_hash_kdm(impl->md, impl->secret, impl->secret_len, -+ impl->info, impl->info_len, key, keylen); -+} -+ -+const EVP_KDF_METHOD ss_kdf_meth = { -+ EVP_KDF_SS, -+ sskdf_new, -+ sskdf_free, -+ sskdf_reset, -+ sskdf_ctrl, -+ sskdf_ctrl_str, -+ sskdf_size, -+ sskdf_derive -+}; -diff -up openssl-1.1.1d/crypto/objects/obj_dat.h.krb5-kdf openssl-1.1.1d/crypto/objects/obj_dat.h ---- openssl-1.1.1d/crypto/objects/obj_dat.h.krb5-kdf 2019-11-14 15:07:05.322094485 +0100 -+++ openssl-1.1.1d/crypto/objects/obj_dat.h 2019-11-14 15:07:05.345094076 +0100 -@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = { - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */ - }; - --#define NUM_NID 1196 -+#define NUM_NID 1199 - static const ASN1_OBJECT nid_objs[NUM_NID] = { - {"UNDEF", "undefined", NID_undef}, - {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, -@@ -2276,9 +2276,12 @@ static const ASN1_OBJECT nid_objs[NUM_NI - {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]}, - {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]}, - {"SSHKDF", "sshkdf", NID_sshkdf}, -+ {"KBKDF", "kbkdf", NID_kbkdf}, -+ {"KRB5KDF", "krb5kdf", NID_krb5kdf}, -+ {"SSKDF", "sskdf", NID_sskdf}, - }; - --#define NUM_SN 1187 -+#define NUM_SN 1190 - static const unsigned int sn_objs[NUM_SN] = { - 364, /* "AD_DVCS" */ - 419, /* "AES-128-CBC" */ -@@ -2442,7 +2445,9 @@ static const unsigned int sn_objs[NUM_SN - 183, /* "ISO-US" */ - 645, /* "ITU-T" */ - 646, /* "JOINT-ISO-ITU-T" */ -+ 1196, /* "KBKDF" */ - 773, /* "KISA" */ -+ 1197, /* "KRB5KDF" */ - 1063, /* "KxANY" */ - 1039, /* "KxDHE" */ - 1041, /* "KxDHE-PSK" */ -@@ -2557,6 +2562,7 @@ static const unsigned int sn_objs[NUM_SN - 100, /* "SN" */ - 1006, /* "SNILS" */ - 1195, /* "SSHKDF" */ -+ 1198, /* "SSKDF" */ - 16, /* "ST" */ - 143, /* "SXNetID" */ - 1062, /* "SipHash" */ -@@ -3469,7 +3475,7 @@ static const unsigned int sn_objs[NUM_SN - 1093, /* "x509ExtAdmission" */ - }; - --#define NUM_LN 1187 -+#define NUM_LN 1190 - static const unsigned int ln_objs[NUM_LN] = { - 363, /* "AD Time Stamping" */ - 405, /* "ANSI X9.62" */ -@@ -4262,8 +4268,10 @@ static const unsigned int ln_objs[NUM_LN - 957, /* "jurisdictionCountryName" */ - 955, /* "jurisdictionLocalityName" */ - 956, /* "jurisdictionStateOrProvinceName" */ -+ 1196, /* "kbkdf" */ - 150, /* "keyBag" */ - 773, /* "kisa" */ -+ 1197, /* "krb5kdf" */ - 1063, /* "kx-any" */ - 1039, /* "kx-dhe" */ - 1041, /* "kx-dhe-psk" */ -@@ -4612,6 +4620,7 @@ static const unsigned int ln_objs[NUM_LN - 1133, /* "sm4-ecb" */ - 1135, /* "sm4-ofb" */ - 1195, /* "sshkdf" */ -+ 1198, /* "sskdf" */ - 16, /* "stateOrProvinceName" */ - 660, /* "streetAddress" */ - 498, /* "subtreeMaximumQuality" */ -diff -up openssl-1.1.1d/crypto/objects/objects.txt.krb5-kdf openssl-1.1.1d/crypto/objects/objects.txt ---- openssl-1.1.1d/crypto/objects/objects.txt.krb5-kdf 2019-11-14 15:07:05.322094485 +0100 -+++ openssl-1.1.1d/crypto/objects/objects.txt 2019-11-14 15:07:05.345094076 +0100 -@@ -1603,6 +1603,15 @@ secg-scheme 14 3 : dhSinglePass-cofactor - # NID for SSHKDF - : SSHKDF : sshkdf - -+# NID for KBKDF -+ : KBKDF : kbkdf -+ -+# NID for KRB5KDF -+ : KRB5KDF : krb5kdf -+ -+# NID for SSKDF -+ : SSKDF : sskdf -+ - # RFC 4556 - 1 3 6 1 5 2 3 : id-pkinit - id-pkinit 4 : pkInitClientAuth : PKINIT Client Auth -diff -up openssl-1.1.1d/crypto/objects/obj_mac.num.krb5-kdf openssl-1.1.1d/crypto/objects/obj_mac.num ---- openssl-1.1.1d/crypto/objects/obj_mac.num.krb5-kdf 2019-11-14 15:07:05.322094485 +0100 -+++ openssl-1.1.1d/crypto/objects/obj_mac.num 2019-11-14 15:07:05.346094058 +0100 -@@ -1193,3 +1193,6 @@ magma_mac 1192 - hmacWithSHA512_224 1193 - hmacWithSHA512_256 1194 - sshkdf 1195 -+kbkdf 1196 -+krb5kdf 1197 -+sskdf 1198 -diff -up openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod.krb5-kdf openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod ---- openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod.krb5-kdf 2019-11-14 15:07:05.314094628 +0100 -+++ openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod 2019-11-14 15:07:05.346094058 +0100 -@@ -140,7 +140,14 @@ The value string is expected to be a dec - This control expects one argument: C - - For MAC implementations that use a message digest as an underlying computation --algorithm, this control set what the digest algorithm should be. -+algorithm, this control sets what the digest algorithm should be. -+ -+=item B -+ -+This control expects one argument: C -+ -+For MAC implementations that use a cipher as an underlying computation -+algorithm, this control sets what the cipher algorithm should be. - - EVP_KDF_ctrl_str() type string: "md" - -diff -up openssl-1.1.1d/doc/man7/EVP_KDF_KB.pod.krb5-kdf openssl-1.1.1d/doc/man7/EVP_KDF_KB.pod ---- openssl-1.1.1d/doc/man7/EVP_KDF_KB.pod.krb5-kdf 2019-11-14 15:07:05.346094058 +0100 -+++ openssl-1.1.1d/doc/man7/EVP_KDF_KB.pod 2019-11-14 15:07:05.346094058 +0100 -@@ -0,0 +1,173 @@ -+=pod -+ -+=head1 NAME -+ -+EVP_KDF_KB - The Key-Based EVP_KDF implementation -+ -+=head1 DESCRIPTION -+ -+The EVP_KDF_KB algorithm implements the Key-Based key derivation function -+(KBKDF). KBKDF derives a key from repeated application of a keyed MAC to an -+input secret (and other optional values). -+ -+=head2 Numeric identity -+ -+B is the numeric identity for this implementation; it can be used with the -+EVP_KDF_CTX_new_id() function. -+ -+=head2 Supported controls -+ -+The supported controls are: -+ -+=over 4 -+ -+=item B -+ -+This control expects one argument: C -+ -+Sets the mode for the KBKDF operation. There are two supported modes: -+ -+=over 4 -+ -+=item B -+ -+The counter mode of KBKDF should be used. This is the default. -+ -+=item B -+ -+The feedback mode of KBKDF should be used. -+ -+=back -+ -+=item B -+ -+This control expects one argument: C -+ -+Sets the mac type for the KBKDF operation. There are two supported mac types: -+ -+=over 4 -+ -+=item B -+ -+The HMAC with the digest set by B should be used as the mac. -+ -+=item B -+ -+The CMAC with the cipher set by B should be used as the mac. -+ -+=back -+ -+=item B -+ -+=item B -+ -+=item B -+ -+=item B -+ -+These controls work as described in L. -+ -+=item B -+ -+This control expects two arguments: C, C -+ -+=item B -+ -+This control expects two arguments: C, C -+ -+It is used only in the feedback mode and the length must be the same -+as the block length of the cipher in CMAC or the size of the digest in HMAC. -+ -+=back -+ -+The controls B, B, -+B, and B -+correspond to KI, Label, Context, and IV (respectively) in SP800-108. -+As in that document, salt, info, and seed are optional and may be -+omitted. -+ -+Depending on whether mac is CMAC or HMAC, either digest or cipher is -+required (respectively) and the other is unused. -+ -+=head1 NOTES -+ -+A context for KBKDF can be obtained by calling: -+ -+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_KB); -+ -+The output length of an KBKDF is specified via the C -+parameter to the L function. -+ -+Note that currently OpenSSL only implements counter and feedback modes. Other -+variants may be supported in the future. -+ -+=head1 EXAMPLES -+ -+This example derives 10 bytes using COUNTER-HMAC-SHA256, with KI "secret", -+Label "label", and Context "context". -+ -+ EVP_KDF_CTX *kctx; -+ unsigned char out[10]; -+ -+ kctx = EVP_KDF_CTX_new_id(EVP_KDF_KB); -+ -+ EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()); -+ EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, EVP_KDF_KB_MAC_TYPE_HMAC); -+ EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", strlen("secret")); -+ EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "label", strlen("label")); -+ EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_INFO, "context", strlen("context")); -+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) -+ error("EVP_KDF_derive"); -+ -+ EVP_KDF_CTX_free(kctx); -+ -+This example derives 10 bytes using FEEDBACK-CMAC-AES256, with KI "secret", -+Label "label", Context "context", and IV "sixteen bytes iv". -+ -+ EVP_KDF_CTX *kctx; -+ unsigned char out[10]; -+ unsigned char *iv = "sixteen bytes iv"; -+ -+ kctx = EVP_KDF_CTX_new_id(EVP_KDF_KB); -+ -+ EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CIPHER, EVP_aes_256_cbc()); -+ EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, EVP_KDF_KB_MAC_TYPE_CMAC); -+ EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MODE, EVP_KDF_KB_MODE_FEEDBACK); -+ EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", strlen("secret")); -+ EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "label", strlen("label")); -+ EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_INFO, "context", strlen("context")); -+ EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_SEED, iv, strlen(iv)); -+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) -+ error("EVP_KDF_derive"); -+ -+ EVP_KDF_CTX_free(kctx); -+ -+=head1 CONFORMING TO -+ -+NIST SP800-108, IETF RFC 6803, IETF RFC 8009. -+ -+=head1 SEE ALSO -+ -+L, -+L, -+L, -+L, -+L, -+L, -+L -+ -+=head1 HISTORY -+ -+This functionality was added to OpenSSL 3.0. -+ -+=head1 COPYRIGHT -+ -+Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. -+Copyright 2019 Red Hat, Inc. -+ -+Licensed under the Apache License 2.0 (the "License"). You may not use -+this file except in compliance with the License. You can obtain a copy -+in the file LICENSE in the source distribution or at -+L. -+ -+=cut -diff -up openssl-1.1.1d/doc/man7/EVP_KDF_KRB5KDF.pod.krb5-kdf openssl-1.1.1d/doc/man7/EVP_KDF_KRB5KDF.pod ---- openssl-1.1.1d/doc/man7/EVP_KDF_KRB5KDF.pod.krb5-kdf 2019-11-14 15:07:05.346094058 +0100 -+++ openssl-1.1.1d/doc/man7/EVP_KDF_KRB5KDF.pod 2019-11-14 15:07:05.346094058 +0100 -@@ -0,0 +1,107 @@ -+=pod -+ -+=head1 NAME -+ -+EVP_KDF_KRB5KDF - The RFC3961 Krb5 KDF EVP_KDF implementation -+ -+=head1 DESCRIPTION -+ -+Support for computing the B KDF through the B API. -+ -+The B algorithm implements the key derivation function defined -+in RFC 3961, section 5.1 and is used by Krb5 to derive session keys. -+Three inputs are required to perform key derivation: a cipher, (for example -+AES-128-CBC), the initial key, and a constant. -+ -+=head2 Numeric identity -+ -+B is the numeric identity for this implementation; it can be used with the -+EVP_KDF_CTX_new_id() function. -+ -+=head2 Supported controls -+ -+The supported controls are: -+ -+=over 4 -+ -+=item B -+ -+=item B -+ -+These controls work as described in L. -+ -+=item B -+ -+This control expects two arguments: C, C -+ -+This control sets the I value for the KDF. -+If a value is already set, the contents are replaced. -+ -+=back -+ -+ -+=head1 NOTES -+ -+A context for KRB5KDF can be obtained by calling: -+ -+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_KRB5KDF); -+ -+The output length of the KRB5KDF derivation is specified via the I -+parameter to the L function, and MUST match the key -+length for the chosen cipher or an error is returned. Moreover the -+I's length must not exceed the block size of the cipher. -+Since the KRB5KDF output length depends on the chosen cipher, calling -+L to obtain the requisite length returns the correct length -+only after the cipher is set. Prior to that B is returned. -+The caller must allocate a buffer of the correct length for the chosen -+cipher, and pass that buffer to the L function along -+with that length. -+ -+=head1 EXAMPLES -+ -+This example derives a key using the AES-128-CBC cipher: -+ -+ EVP_KDF_CTX *kctx; -+ unsigned char key[16] = "01234..."; -+ unsigned char constant[] = "I'm a constant"; -+ unsigned char out[16]; -+ size_t outlen = sizeof(out); -+ -+ kctx = EVP_KDF_CTX_new_id(EVP_KDF_KRB5KDF); -+ -+ EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CIPHER, EVP_aes_128_cbc()); -+ EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, key, (size_t)16); -+ EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KRB5KDF_CONSTANT, constant, strlen(constant)); -+ if (EVP_KDF_derive(kctx, out, outlen) <= 0) -+ /* Error */ -+ EVP_KDF_CTX_free(kctx); -+ -+=head1 CONFORMING TO -+ -+RFC 3961 -+ -+=head1 SEE ALSO -+ -+L, -+L, -+L, -+L, -+L, -+L, -+L -+ -+=head1 HISTORY -+ -+This functionality was added to OpenSSL 3.0. -+ -+=head1 COPYRIGHT -+ -+Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. -+ -+Licensed under the OpenSSL license (the "License"). You may not use -+this file except in compliance with the License. You can obtain a copy -+in the file LICENSE in the source distribution or at -+L. -+ -+=cut -+ -diff -up openssl-1.1.1d/doc/man7/EVP_KDF_SS.pod.krb5-kdf openssl-1.1.1d/doc/man7/EVP_KDF_SS.pod ---- openssl-1.1.1d/doc/man7/EVP_KDF_SS.pod.krb5-kdf 2019-11-14 15:07:05.346094058 +0100 -+++ openssl-1.1.1d/doc/man7/EVP_KDF_SS.pod 2019-11-14 15:07:05.346094058 +0100 -@@ -0,0 +1,146 @@ -+=pod -+ -+=head1 NAME -+ -+EVP_KDF_SS - The Single Step / One Step EVP_KDF implementation -+ -+=head1 DESCRIPTION -+ -+The EVP_KDF_SS algorithm implements the Single Step key derivation function (SSKDF). -+SSKDF derives a key using input such as a shared secret key (that was generated -+during the execution of a key establishment scheme) and fixedinfo. -+SSKDF is also informally referred to as 'Concat KDF'. -+ -+=head2 Auxilary function -+ -+The implementation uses a selectable auxiliary function H, which can be in the -+backported version only a: -+ -+=over 4 -+ -+=item B -+ -+=back -+ -+=head2 Numeric identity -+ -+B is the numeric identity for this implementation; it -+can be used with the EVP_KDF_CTX_new_id() function. -+ -+=head2 Supported controls -+ -+The supported controls are: -+ -+=over 4 -+ -+=item B -+ -+This control works as described in L. -+ -+=item B -+ -+This control expects two arguments: C, C -+ -+The shared secret used for key derivation. This control sets the secret. -+ -+EVP_KDF_ctrl_str() takes two type strings for this control: -+ -+=over 4 -+ -+=item "secret" -+ -+The value string is used as is. -+ -+=item "hexsecret" -+ -+The value string is expected to be a hexadecimal number, which will be -+decoded before being passed on as the control value. -+ -+=back -+ -+=item B -+ -+This control expects two arguments: C, C -+ -+An optional value for fixedinfo, also known as otherinfo. This control sets the fixedinfo. -+ -+EVP_KDF_ctrl_str() takes two type strings for this control: -+ -+=over 4 -+ -+=item "info" -+ -+The value string is used as is. -+ -+=item "hexinfo" -+ -+The value string is expected to be a hexadecimal number, which will be -+decoded before being passed on as the control value. -+ -+=back -+ -+=back -+ -+=head1 NOTES -+ -+A context for SSKDF can be obtained by calling: -+ -+EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS); -+ -+The output length of an SSKDF is specified via the C -+parameter to the L function. -+ -+=head1 EXAMPLE -+ -+This example derives 10 bytes using H(x) = SHA-256, with the secret key "secret" -+and fixedinfo value "label": -+ -+ EVP_KDF_CTX *kctx; -+ unsigned char out[10]; -+ -+ kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS); -+ -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { -+ error("EVP_KDF_CTRL_SET_MD"); -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) { -+ error("EVP_KDF_CTRL_SET_KEY"); -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, "label", (size_t)5) <= 0) { -+ error("EVP_KDF_CTRL_SET_SSKDF_INFO"); -+ } -+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { -+ error("EVP_KDF_derive"); -+ } -+ -+ EVP_KDF_CTX_free(kctx); -+ -+=head1 CONFORMING TO -+ -+NIST SP800-56Cr1. -+ -+=head1 SEE ALSO -+ -+L, -+L, -+L, -+L, -+L, -+L, -+L -+ -+=head1 HISTORY -+ -+This functionality was added to OpenSSL 3.0.0. -+ -+=head1 COPYRIGHT -+ -+Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. Copyright -+(c) 2019, Oracle and/or its affiliates. All rights reserved. -+ -+Licensed under the Apache License 2.0 (the "License"). You may not use -+this file except in compliance with the License. You can obtain a copy -+in the file LICENSE in the source distribution or at -+L. -+ -+=cut -diff -up openssl-1.1.1d/include/openssl/kdferr.h.krb5-kdf openssl-1.1.1d/include/openssl/kdferr.h ---- openssl-1.1.1d/include/openssl/kdferr.h.krb5-kdf 2019-11-14 15:07:05.323094468 +0100 -+++ openssl-1.1.1d/include/openssl/kdferr.h 2019-11-14 15:07:05.347094040 +0100 -@@ -24,6 +24,11 @@ int ERR_load_KDF_strings(void); - * KDF function codes. - */ - # define KDF_F_HKDF_EXTRACT 112 -+# define KDF_F_KBKDF_CTRL 134 -+# define KDF_F_KBKDF_CTRL_STR 135 -+# define KDF_F_KBKDF_DERIVE 136 -+# define KDF_F_KBKDF_NEW 137 -+# define KDF_F_KDF_CIPHER2CTRL 138 - # define KDF_F_KDF_HKDF_DERIVE 113 - # define KDF_F_KDF_HKDF_NEW 114 - # define KDF_F_KDF_HKDF_SIZE 115 -@@ -43,6 +48,8 @@ int ERR_load_KDF_strings(void); - # define KDF_F_KDF_TLS1_PRF_CTRL_STR 125 - # define KDF_F_KDF_TLS1_PRF_DERIVE 126 - # define KDF_F_KDF_TLS1_PRF_NEW 127 -+# define KDF_F_KRB5KDF 139 -+# define KDF_F_KRB5KDF_DERIVE 140 - # define KDF_F_PBKDF2_SET_MEMBUF 128 - # define KDF_F_PKEY_HKDF_CTRL_STR 103 - # define KDF_F_PKEY_HKDF_DERIVE 102 -@@ -56,12 +63,21 @@ int ERR_load_KDF_strings(void); - # define KDF_F_PKEY_TLS1_PRF_DERIVE 101 - # define KDF_F_PKEY_TLS1_PRF_INIT 110 - # define KDF_F_SCRYPT_SET_MEMBUF 129 -+# define KDF_F_SSKDF_DERIVE 141 -+# define KDF_F_SSKDF_NEW 142 -+# define KDF_F_SSKDF_SIZE 143 - # define KDF_F_TLS1_PRF_ALG 111 - - /* - * KDF reason codes. - */ -+# define KDF_R_FAILED_TO_GENERATE_KEY 118 -+# define KDF_R_INVALID_CIPHER 116 -+# define KDF_R_INVALID_CONSTANT_LENGTH 119 - # define KDF_R_INVALID_DIGEST 100 -+# define KDF_R_INVALID_SEED_LENGTH 117 -+# define KDF_R_MISSING_CIPHER 120 -+# define KDF_R_MISSING_CONSTANT 121 - # define KDF_R_MISSING_ITERATION_COUNT 109 - # define KDF_R_MISSING_KEY 104 - # define KDF_R_MISSING_MESSAGE_DIGEST 105 -@@ -76,6 +92,7 @@ int ERR_load_KDF_strings(void); - # define KDF_R_UNKNOWN_PARAMETER_TYPE 103 - # define KDF_R_VALUE_ERROR 108 - # define KDF_R_VALUE_MISSING 102 -+# define KDF_R_WRONG_FINAL_BLOCK_LENGTH 122 - # define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112 - - #endif -diff -up openssl-1.1.1d/include/openssl/kdf.h.krb5-kdf openssl-1.1.1d/include/openssl/kdf.h ---- openssl-1.1.1d/include/openssl/kdf.h.krb5-kdf 2019-11-14 15:07:05.323094468 +0100 -+++ openssl-1.1.1d/include/openssl/kdf.h 2019-11-14 15:07:05.347094040 +0100 -@@ -21,6 +21,9 @@ extern "C" { - # define EVP_KDF_TLS1_PRF NID_tls1_prf - # define EVP_KDF_HKDF NID_hkdf - # define EVP_KDF_SSHKDF NID_sshkdf -+# define EVP_KDF_KB NID_kbkdf -+# define EVP_KDF_KRB5KDF NID_krb5kdf -+# define EVP_KDF_SS NID_sskdf - - EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id); - void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); -@@ -51,6 +54,13 @@ int EVP_KDF_derive(EVP_KDF_CTX *ctx, uns - # define EVP_KDF_CTRL_SET_SSHKDF_XCGHASH 0x10 /* unsigned char *, size_t */ - # define EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID 0x11 /* unsigned char *, size_t */ - # define EVP_KDF_CTRL_SET_SSHKDF_TYPE 0x12 /* int */ -+# define EVP_KDF_CTRL_SET_KB_MODE 0x13 /* int */ -+# define EVP_KDF_CTRL_SET_KB_MAC_TYPE 0x14 /* int */ -+# define EVP_KDF_CTRL_SET_CIPHER 0x15 /* EVP_CIPHER * */ -+# define EVP_KDF_CTRL_SET_KB_INFO 0x16 /* unsigned char *, size_t */ -+# define EVP_KDF_CTRL_SET_KB_SEED 0x17 /* unsigned char *, size_t */ -+# define EVP_KDF_CTRL_SET_KRB5KDF_CONSTANT 0x18 /* unsigned char *, size_t */ -+# define EVP_KDF_CTRL_SET_SSKDF_INFO 0x19 /* unsigned char *, size_t */ - - # define EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND 0 - # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 -@@ -63,6 +73,12 @@ int EVP_KDF_derive(EVP_KDF_CTX *ctx, uns - #define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV 69 - #define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI 70 - -+#define EVP_KDF_KB_MODE_COUNTER 0 -+#define EVP_KDF_KB_MODE_FEEDBACK 1 -+ -+#define EVP_KDF_KB_MAC_TYPE_HMAC 0 -+#define EVP_KDF_KB_MAC_TYPE_CMAC 1 -+ - /**** The legacy PKEY-based KDF API follows. ****/ - - # define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) -diff -up openssl-1.1.1d/include/openssl/obj_mac.h.krb5-kdf openssl-1.1.1d/include/openssl/obj_mac.h ---- openssl-1.1.1d/include/openssl/obj_mac.h.krb5-kdf 2019-11-14 15:07:05.323094468 +0100 -+++ openssl-1.1.1d/include/openssl/obj_mac.h 2019-11-14 15:07:05.347094040 +0100 -@@ -4974,6 +4974,18 @@ - #define LN_sshkdf "sshkdf" - #define NID_sshkdf 1203 - -+#define SN_kbkdf "KBKDF" -+#define LN_kbkdf "kbkdf" -+#define NID_kbkdf 1204 -+ -+#define SN_krb5kdf "KRB5KDF" -+#define LN_krb5kdf "krb5kdf" -+#define NID_krb5kdf 1205 -+ -+#define SN_sskdf "SSKDF" -+#define LN_sskdf "sskdf" -+#define NID_sskdf 1206 -+ - #define SN_id_pkinit "id-pkinit" - #define NID_id_pkinit 1031 - #define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L -diff -up openssl-1.1.1d/test/evp_kdf_test.c.krb5-kdf openssl-1.1.1d/test/evp_kdf_test.c ---- openssl-1.1.1d/test/evp_kdf_test.c.krb5-kdf 2019-11-14 15:07:05.315094610 +0100 -+++ openssl-1.1.1d/test/evp_kdf_test.c 2019-11-14 15:07:05.348094022 +0100 -@@ -225,13 +225,358 @@ err: - } - #endif - -+/* -+ * KBKDF test vectors from RFC 6803 (Camellia Encryption for Kerberos 5) -+ * section 10. -+ */ -+static int test_kdf_kbkdf_6803_128(void) -+{ -+ int ret = 0, i; -+ EVP_KDF_CTX *kctx; -+ static unsigned char input_key[] = { -+ 0x57, 0xD0, 0x29, 0x72, 0x98, 0xFF, 0xD9, 0xD3, -+ 0x5D, 0xE5, 0xA4, 0x7F, 0xB4, 0xBD, 0xE2, 0x4B, -+ }; -+ static unsigned char constants[][5] = { -+ { 0x00, 0x00, 0x00, 0x02, 0x99 }, -+ { 0x00, 0x00, 0x00, 0x02, 0xaa }, -+ { 0x00, 0x00, 0x00, 0x02, 0x55 }, -+ }; -+ static unsigned char outputs[][16] = { -+ {0xD1, 0x55, 0x77, 0x5A, 0x20, 0x9D, 0x05, 0xF0, -+ 0x2B, 0x38, 0xD4, 0x2A, 0x38, 0x9E, 0x5A, 0x56}, -+ {0x64, 0xDF, 0x83, 0xF8, 0x5A, 0x53, 0x2F, 0x17, -+ 0x57, 0x7D, 0x8C, 0x37, 0x03, 0x57, 0x96, 0xAB}, -+ {0x3E, 0x4F, 0xBD, 0xF3, 0x0F, 0xB8, 0x25, 0x9C, -+ 0x42, 0x5C, 0xB6, 0xC9, 0x6F, 0x1F, 0x46, 0x35} -+ }; -+ static unsigned char iv[16] = { 0 }; -+ unsigned char result[16] = { 0 }; -+ -+ for (i = 0; i < 3; i++) { -+ ret = 0; -+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_KB)) == NULL) { -+ TEST_error("EVP_KDF_KB"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, EVP_KDF_KB_MAC_TYPE_CMAC) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KB_MAC_TYPE"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MODE, EVP_KDF_KB_MODE_FEEDBACK) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KB_MODE"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CIPHER, EVP_camellia_128_cbc()) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_CIPHER"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, input_key, sizeof(input_key)) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KEY"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, constants[i], sizeof(constants[i])) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_SALT"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_SEED, iv, sizeof(iv)) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KB_SEED"); -+ goto err; -+ } -+ ret = TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) -+ && TEST_mem_eq(result, sizeof(result), outputs[i], -+ sizeof(outputs[i])); -+err: -+ EVP_KDF_CTX_free(kctx); -+ if (ret != 1) -+ return ret; -+ } -+ return ret; -+} -+ -+static int test_kdf_kbkdf_6803_256(void) -+{ -+ int ret = 0, i; -+ EVP_KDF_CTX *kctx; -+ static unsigned char input_key[] = { -+ 0xB9, 0xD6, 0x82, 0x8B, 0x20, 0x56, 0xB7, 0xBE, -+ 0x65, 0x6D, 0x88, 0xA1, 0x23, 0xB1, 0xFA, 0xC6, -+ 0x82, 0x14, 0xAC, 0x2B, 0x72, 0x7E, 0xCF, 0x5F, -+ 0x69, 0xAF, 0xE0, 0xC4, 0xDF, 0x2A, 0x6D, 0x2C, -+ }; -+ static unsigned char constants[][5] = { -+ { 0x00, 0x00, 0x00, 0x02, 0x99 }, -+ { 0x00, 0x00, 0x00, 0x02, 0xaa }, -+ { 0x00, 0x00, 0x00, 0x02, 0x55 }, -+ }; -+ static unsigned char outputs[][32] = { -+ {0xE4, 0x67, 0xF9, 0xA9, 0x55, 0x2B, 0xC7, 0xD3, -+ 0x15, 0x5A, 0x62, 0x20, 0xAF, 0x9C, 0x19, 0x22, -+ 0x0E, 0xEE, 0xD4, 0xFF, 0x78, 0xB0, 0xD1, 0xE6, -+ 0xA1, 0x54, 0x49, 0x91, 0x46, 0x1A, 0x9E, 0x50, -+ }, -+ {0x41, 0x2A, 0xEF, 0xC3, 0x62, 0xA7, 0x28, 0x5F, -+ 0xC3, 0x96, 0x6C, 0x6A, 0x51, 0x81, 0xE7, 0x60, -+ 0x5A, 0xE6, 0x75, 0x23, 0x5B, 0x6D, 0x54, 0x9F, -+ 0xBF, 0xC9, 0xAB, 0x66, 0x30, 0xA4, 0xC6, 0x04, -+ }, -+ {0xFA, 0x62, 0x4F, 0xA0, 0xE5, 0x23, 0x99, 0x3F, -+ 0xA3, 0x88, 0xAE, 0xFD, 0xC6, 0x7E, 0x67, 0xEB, -+ 0xCD, 0x8C, 0x08, 0xE8, 0xA0, 0x24, 0x6B, 0x1D, -+ 0x73, 0xB0, 0xD1, 0xDD, 0x9F, 0xC5, 0x82, 0xB0, -+ }, -+ }; -+ static unsigned char iv[16] = { 0 }; -+ unsigned char result[32] = { 0 }; -+ -+ for (i = 0; i < 3; i++) { -+ ret = 0; -+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_KB)) == NULL) { -+ TEST_error("EVP_KDF_KB"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, EVP_KDF_KB_MAC_TYPE_CMAC) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KB_MAC_TYPE"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MODE, EVP_KDF_KB_MODE_FEEDBACK) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KB_MODE"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CIPHER, EVP_camellia_256_cbc()) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_CIPHER"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, input_key, sizeof(input_key)) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KEY"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, constants[i], sizeof(constants[i])) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_SALT"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_SEED, iv, sizeof(iv)) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KB_SEED"); -+ goto err; -+ } -+ ret = TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) -+ && TEST_mem_eq(result, sizeof(result), outputs[i], -+ sizeof(outputs[i])); -+err: -+ EVP_KDF_CTX_free(kctx); -+ if (ret != 1) -+ return ret; -+ } -+ return ret; -+} -+ -+/* Two test vectors from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos -+ * 5) appendix A. */ -+static int test_kdf_kbkdf_8009_prf1(void) -+{ -+ int ret = 0; -+ EVP_KDF_CTX *kctx; -+ char *label = "prf", *prf_input = "test"; -+ static unsigned char input_key[] = { -+ 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28, -+ 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C, -+ }; -+ static unsigned char output[] = { -+ 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE, -+ 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86, -+ 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B, -+ 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95, -+ }; -+ unsigned char result[sizeof(output)] = { 0 }; -+ -+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_KB)) == NULL) { -+ TEST_error("EVP_KDF_KB"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, EVP_KDF_KB_MAC_TYPE_HMAC) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KB_MAC_TYPE"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_MD"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, input_key, sizeof(input_key)) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KEY"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, label, strlen(label)) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_SALT"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_INFO, prf_input, strlen(prf_input)) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KB_INFO"); -+ goto err; -+ } -+ ret = TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) -+ && TEST_mem_eq(result, sizeof(result), output, -+ sizeof(output)); -+err: -+ EVP_KDF_CTX_free(kctx); -+ return ret; -+} -+ -+static int test_kdf_kbkdf_8009_prf2(void) -+{ -+ int ret = 0; -+ EVP_KDF_CTX *kctx; -+ char *label = "prf", *prf_input = "test"; -+ static unsigned char input_key[] = { -+ 0x6D, 0x40, 0x4D, 0x37, 0xFA, 0xF7, 0x9F, 0x9D, -+ 0xF0, 0xD3, 0x35, 0x68, 0xD3, 0x20, 0x66, 0x98, -+ 0x00, 0xEB, 0x48, 0x36, 0x47, 0x2E, 0xA8, 0xA0, -+ 0x26, 0xD1, 0x6B, 0x71, 0x82, 0x46, 0x0C, 0x52, -+ }; -+ static unsigned char output[] = { -+ 0x98, 0x01, 0xF6, 0x9A, 0x36, 0x8C, 0x2B, 0xF6, -+ 0x75, 0xE5, 0x95, 0x21, 0xE1, 0x77, 0xD9, 0xA0, -+ 0x7F, 0x67, 0xEF, 0xE1, 0xCF, 0xDE, 0x8D, 0x3C, -+ 0x8D, 0x6F, 0x6A, 0x02, 0x56, 0xE3, 0xB1, 0x7D, -+ 0xB3, 0xC1, 0xB6, 0x2A, 0xD1, 0xB8, 0x55, 0x33, -+ 0x60, 0xD1, 0x73, 0x67, 0xEB, 0x15, 0x14, 0xD2, -+ }; -+ unsigned char result[sizeof(output)] = { 0 }; -+ -+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_KB)) == NULL) { -+ TEST_error("EVP_KDF_KB"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, EVP_KDF_KB_MAC_TYPE_HMAC) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KB_MAC_TYPE"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha384()) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_MD"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, input_key, sizeof(input_key)) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KEY"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, label, strlen(label)) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_SALT"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_INFO, prf_input, strlen(prf_input)) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KB_INFO"); -+ goto err; -+ } -+ ret = TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) -+ && TEST_mem_eq(result, sizeof(result), output, -+ sizeof(output)); -+err: -+ EVP_KDF_CTX_free(kctx); -+ return ret; -+} -+ -+static int test_kdf_krb5kdf(void) -+{ -+ int ret = 0; -+ EVP_KDF_CTX *kctx; -+ unsigned char out[16]; -+ static unsigned char key[] = { -+ 0x42, 0x26, 0x3C, 0x6E, 0x89, 0xF4, 0xFC, 0x28, -+ 0xB8, 0xDF, 0x68, 0xEE, 0x09, 0x79, 0x9F, 0x15 -+ }; -+ static unsigned char constant[] = { -+ 0x00, 0x00, 0x00, 0x02, 0x99 -+ }; -+ static const unsigned char expected[sizeof(out)] = { -+ 0x34, 0x28, 0x0A, 0x38, 0x2B, 0xC9, 0x27, 0x69, -+ 0xB2, 0xDA, 0x2F, 0x9E, 0xF0, 0x66, 0x85, 0x4B -+ }; -+ -+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_KRB5KDF)) == NULL) { -+ TEST_error("EVP_KDF_KRB5KDF"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CIPHER, EVP_aes_128_cbc()) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_CIPHER"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, key, sizeof(key)) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KEY"); -+ goto err; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KRB5KDF_CONSTANT, constant, sizeof(constant)) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KRB5KDF_CONSTANT"); -+ goto err; -+ } -+ -+ ret = -+ TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) -+ && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); -+ -+err: -+ EVP_KDF_CTX_free(kctx); -+ return ret; -+} -+ -+static int test_kdf_ss_hash(void) -+{ -+ EVP_KDF_CTX *kctx; -+ const unsigned char z[] = { -+ 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e, -+ 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62, -+ 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4, -+ 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9 -+ }; -+ const unsigned char other[] = { -+ 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e, -+ 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde, -+ 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e, -+ 0xe0,0xec,0x3f,0x8d,0xbe -+ }; -+ const unsigned char expected[] = { -+ 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8 -+ }; -+ unsigned char out[14]; -+ -+ kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS); -+ -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha224()) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_MD"); -+ return 0; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_KEY"); -+ return 0; -+ } -+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other, -+ sizeof(other)) <= 0) { -+ TEST_error("EVP_KDF_CTRL_SET_SSKDF_INFO"); -+ return 0; -+ } -+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { -+ TEST_error("EVP_KDF_derive"); -+ return 0; -+ } -+ -+ if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) -+ return 0; -+ -+ EVP_KDF_CTX_free(kctx); -+ return 1; -+} -+ - int setup_tests(void) - { -+ ADD_TEST(test_kdf_kbkdf_6803_128); -+ ADD_TEST(test_kdf_kbkdf_6803_256); -+ ADD_TEST(test_kdf_kbkdf_8009_prf1); -+ ADD_TEST(test_kdf_kbkdf_8009_prf2); - ADD_TEST(test_kdf_tls1_prf); - ADD_TEST(test_kdf_hkdf); - ADD_TEST(test_kdf_pbkdf2); - #ifndef OPENSSL_NO_SCRYPT - ADD_TEST(test_kdf_scrypt); - #endif -+ ADD_TEST(test_kdf_krb5kdf); -+ ADD_TEST(test_kdf_ss_hash); - return 1; - } -diff -up openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt.krb5-kdf openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt ---- openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt.krb5-kdf 2019-11-14 15:07:05.327094396 +0100 -+++ openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt 2019-11-14 15:07:05.349094005 +0100 -@@ -5286,3 +5286,559 @@ Ctrl.hexsession_id = hexsession_id:a4ebd - Ctrl.type = type:A - Output = FF - Result = KDF_MISMATCH -+ -+Title = KRB5KDF tests (from RFC 3961 test vectors and krb5 sources) -+ -+#RFC3961 -+KDF = KRB5KDF -+Ctrl.cipher = cipher:DES-EDE3-CBC -+Ctrl.hexkey = hexkey:dce06b1f64c857a11c3db57c51899b2cc1791008ce973b92 -+Ctrl.hexconstant = hexconstant:0000000155 -+Output = 925179d04591a79b5d3192c4a7e9c289b049c71f6ee604cd -+ -+KDF = KRB5KDF -+Ctrl.cipher = cipher:DES-EDE3-CBC -+Ctrl.hexkey = hexkey:5e13d31c70ef765746578531cb51c15bf11ca82c97cee9f2 -+Ctrl.hexconstant = hexconstant:00000001aa -+Output = 9e58e5a146d9942a101c469845d67a20e3c4259ed913f207 -+ -+KDF = KRB5KDF -+Ctrl.cipher = cipher:DES-EDE3-CBC -+Ctrl.hexkey = hexkey:98e6fd8a04a4b6859b75a176540b9752bad3ecd610a252bc -+Ctrl.hexconstant = hexconstant:0000000155 -+Output = 13fef80d763e94ec6d13fd2ca1d085070249dad39808eabf -+ -+KDF = KRB5KDF -+Ctrl.cipher = cipher:DES-EDE3-CBC -+Ctrl.hexkey = hexkey:622aec25a2fe2cad7094680b7c64940280084c1a7cec92b5 -+Ctrl.hexconstant = hexconstant:00000001aa -+Output = f8dfbf04b097e6d9dc0702686bcb3489d91fd9a4516b703e -+ -+KDF = KRB5KDF -+Ctrl.cipher = cipher:DES-EDE3-CBC -+Ctrl.hexkey = hexkey:d3f8298ccb166438dcb9b93ee5a7629286a491f838f802fb -+Ctrl.hexconstant = hexconstant:6b65726265726f73 -+Output = 2370da575d2a3da864cebfdc5204d56df779a7df43d9da43 -+ -+KDF = KRB5KDF -+Ctrl.cipher = cipher:DES-EDE3-CBC -+Ctrl.hexkey = hexkey:c1081649ada74362e6a1459d01dfd30d67c2234c940704da -+Ctrl.hexconstant = hexconstant:0000000155 -+Output = 348057ec98fdc48016161c2a4c7a943e92ae492c989175f7 -+ -+KDF = KRB5KDF -+Ctrl.cipher = cipher:DES-EDE3-CBC -+Ctrl.hexkey = hexkey:5d154af238f46713155719d55e2f1f790dd661f279a7917c -+Ctrl.hexconstant = hexconstant:00000001aa -+Output = a8808ac267dada3dcbe9a7c84626fbc761c294b01315e5c1 -+ -+KDF = KRB5KDF -+Ctrl.cipher = cipher:DES-EDE3-CBC -+Ctrl.hexkey = hexkey:798562e049852f57dc8c343ba17f2ca1d97394efc8adc443 -+Ctrl.hexconstant = hexconstant:0000000155 -+Output = c813f88a3be3b334f75425ce9175fbe3c8493b89c8703b49 -+ -+KDF = KRB5KDF -+Ctrl.cipher = cipher:DES-EDE3-CBC -+Ctrl.hexkey = hexkey:26dce334b545292f2feab9a8701a89a4b99eb9942cecd016 -+Ctrl.hexconstant = hexconstant:00000001aa -+Output = f48ffd6e83f83e7354e694fd252cf83bfe58f7d5ba37ec5d -+ -+#Krb5 sources -+KDF = KRB5KDF -+Ctrl.cipher = cipher:DES-EDE3-CBC -+Ctrl.hexkey = hexkey:850BB51358548CD05E86768C313E3BFEF7511937DCF72C3E -+Ctrl.hexconstant = hexconstant:0000000299 -+Output = F78C496D16E6C2DAE0E0B6C24057A84C0426AEEF26FD6DCE -+ -+KDF = KRB5KDF -+Ctrl.cipher = cipher:DES-EDE3-CBC -+Ctrl.hexkey = hexkey:850BB51358548CD05E86768C313E3BFEF7511937DCF72C3E -+Ctrl.hexconstant = hexconstant:00000002AA -+Output = 5B5723D0B634CB684C3EBA5264E9A70D52E683231AD3C4CE -+ -+KDF = KRB5KDF -+Ctrl.cipher = cipher:DES-EDE3-CBC -+Ctrl.hexkey = hexkey:850BB51358548CD05E86768C313E3BFEF7511937DCF72C3E -+Ctrl.hexconstant = hexconstant:0000000255 -+Output = A77C94980E9B7345A81525C423A737CE67F4CD91B6B3DA45 -+ -+KDF = KRB5KDF -+Ctrl.cipher = cipher:AES-128-CBC -+Ctrl.hexkey = hexkey:42263C6E89F4FC28B8DF68EE09799F15 -+Ctrl.hexconstant = hexconstant:0000000299 -+Output = 34280A382BC92769B2DA2F9EF066854B -+ -+KDF = KRB5KDF -+Ctrl.cipher = cipher:AES-128-CBC -+Ctrl.hexkey = hexkey:42263C6E89F4FC28B8DF68EE09799F15 -+Ctrl.hexconstant = hexconstant:00000002AA -+Output = 5B14FC4E250E14DDF9DCCF1AF6674F53 -+ -+KDF = KRB5KDF -+Ctrl.cipher = cipher:AES-128-CBC -+Ctrl.hexkey = hexkey:42263C6E89F4FC28B8DF68EE09799F15 -+Ctrl.hexconstant = hexconstant:0000000255 -+Output = 4ED31063621684F09AE8D89991AF3E8F -+ -+KDF = KRB5KDF -+Ctrl.cipher = cipher:AES-256-CBC -+Ctrl.hexkey = hexkey:FE697B52BC0D3CE14432BA036A92E65BBB52280990A2FA27883998D72AF30161 -+Ctrl.hexconstant = hexconstant:0000000299 -+Output = BFAB388BDCB238E9F9C98D6A878304F04D30C82556375AC507A7A852790F4674 -+ -+KDF = KRB5KDF -+Ctrl.cipher = cipher:AES-256-CBC -+Ctrl.hexkey = hexkey:FE697B52BC0D3CE14432BA036A92E65BBB52280990A2FA27883998D72AF30161 -+Ctrl.hexconstant = hexconstant:00000002AA -+Output = C7CFD9CD75FE793A586A542D87E0D1396F1134A104BB1A9190B8C90ADA3DDF37 -+ -+KDF = KRB5KDF -+Ctrl.cipher = cipher:AES-256-CBC -+Ctrl.hexkey = hexkey:FE697B52BC0D3CE14432BA036A92E65BBB52280990A2FA27883998D72AF30161 -+Ctrl.hexconstant = hexconstant:0000000255 -+Output = 97151B4C76945063E2EB0529DC067D97D7BBA90776D8126D91F34F3101AEA8BA -+ -+#Same as the first but with no "fixup" -+KDF = KRB5KDF -+Ctrl.cipher = cipher:DES-EDE3-CBC -+Ctrl.hexkey = hexkey:dce06b1f64c857a11c3db57c51899b2cc1791008ce973b92 -+Ctrl.hexconstant = hexconstant:0000000155 -+Output = 935079d14490a75c3093c4a6e8c3b049c71e6ee705 -+ -+#There are currently no official test vectors for Single Step KDF -+#https://github.com/patrickfav/singlestep-kdf/wiki/NIST-SP-800-56C-Rev1:-Non-Official-Test-Vectors -+Title = Single Step KDF tests -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:d09a6b1a472f930db4f5e6b967900744 -+Ctrl.hexinfo = hexinfo:b117255ab5f1b6b96fc434b0 -+Output = b5a3c52e97ae6e8c5069954354eab3c7 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:343666c0dd34b756e70f759f14c304f5 -+Ctrl.hexinfo = hexinfo:722b28448d7eab85491bce09 -+Output = 1003b650ddd3f0891a15166db5ec881d -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:b84acf03ab08652dd7f82fa956933261 -+Ctrl.hexinfo = hexinfo:3d8773ec068c86053a918565 -+Output = 1635dcd1ce698f736831b4badb68ab2b -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:8cc24ca3f1d1a8b34783780b79890430 -+Ctrl.hexinfo = hexinfo:f08d4f2d9a8e6d7105c0bc16 -+Output = b8e716fb84a420aed4812cd76d9700ee -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:b616905a6f7562cd2689142ce21e42a3 -+Ctrl.hexinfo = hexinfo:ead310159a909da87e7b4b40 -+Output = 1b9201358c50fe5d5d42907c4a9fce78 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:3f57fd3fd56199b3eb33890f7ee28180 -+Ctrl.hexinfo = hexinfo:7a5056ba4fdb034c7cb6c4fe -+Output = e51ebd30a8c4b8449b0fb29d9adc11af -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:fb9fb108d104e9f662d6593fc84cde69 -+Ctrl.hexinfo = hexinfo:5faf29211c1bdbf1b2696a7c -+Output = 7a3a7e670656e48c390cdd7c51e167e0 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:237a39981794f4516dccffc3dda28396 -+Ctrl.hexinfo = hexinfo:62ed9528d104c241e0f66275 -+Output = 0c26fc9e90e1c5c5f943428301682045 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:b9b6c45f7279218fa09894e06366a3a1 -+Ctrl.hexinfo = hexinfo:0f384339670aaed4b89ecb7e -+Output = ee5fad414e32fad5d52a2bf61a7f6c72 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:08b7140e2cd0a4abd79171e4d5a71cad -+Ctrl.hexinfo = hexinfo:099211f0d8a2e02dbb5958c0 -+Output = 6162f5142e057efafd2c4f2bad5985a1 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a2 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f4853 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493d -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759a -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac704 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbe -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf1050 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f3 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8b -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba3f22 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba3f227688 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba3f2276885abf -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba3f2276885abfbc3e -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba3f2276885abfbc3e811a -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba3f2276885abfbc3e811a568d -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba3f2276885abfbc3e811a568d480d -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 -+Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b -+Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba3f2276885abfbc3e811a568d480d9192 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:d7e6 -+Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff -+Output = 31e798e9931b612a3ad1b9b1008faa8c -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:4646779d -+Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff -+Output = 139f68bcca879b490e268e569087d04d -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:d9811c81d4c6 -+Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff -+Output = 914dc4f09cb633a76e6c389e04c64485 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:8838f9d99ec46f09 -+Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff -+Output = 4f07dfb6f7a5bf348689e08b2e29c948 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:3e0939b33f34e779f30e -+Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff -+Output = b42c7a98c23be19d1187ff960e87557f -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:f36230cacca4d245d303058c -+Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff -+Output = 50f2068d8010d355d56c5e34aaffbc67 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:7005d32c3d4284c73c3aefc70438 -+Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff -+Output = 66fd712ccf5462bbd41e89041ea7ea26 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:c01c83150b7734f8dbd6efd6f54d7365 -+Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff -+Output = 5c5edb0ceda9cd0c7f1f3d9e239c67d5 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:da69f1dbbebc837480af692e7e9ee6b9 -+Ctrl.hexinfo = hexinfo:9949 -+Output = 33c83f54ed00fb1bccd2113e88550941 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:da69f1dbbebc837480af692e7e9ee6b9 -+Ctrl.hexinfo = hexinfo:17144da6 -+Output = a999c28961424cab35ec06015e8c376a -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:da69f1dbbebc837480af692e7e9ee6b9 -+Ctrl.hexinfo = hexinfo:dffdee1062eb -+Output = 4101ad50e626ed6f957bff926dfbb7db -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:da69f1dbbebc837480af692e7e9ee6b9 -+Ctrl.hexinfo = hexinfo:9f365043e23b4648 -+Output = 4d3e4b971b88771f229df9f564984832 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:da69f1dbbebc837480af692e7e9ee6b9 -+Ctrl.hexinfo = hexinfo:a885a0c4567ddc4f96da -+Output = bebbc30f5a83df5e9c9b57db33c0c879 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:da69f1dbbebc837480af692e7e9ee6b9 -+Ctrl.hexinfo = hexinfo:c9d86183295bfe4c3d85f0fd -+Output = 87c947e45407db63eb94cbaa02d14e94 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:da69f1dbbebc837480af692e7e9ee6b9 -+Ctrl.hexinfo = hexinfo:825fadce46964236a486732c5dad -+Output = 192370a85ff78e3c0245129d9b398558 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:da69f1dbbebc837480af692e7e9ee6b9 -+Ctrl.hexinfo = hexinfo:5c0b5eb3ac9f342347d73d7a521723aa -+Output = c7b7634fd809383e87c4b1b3e728be56 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:8d7a4e7d5cf34b3f74873b862aeb33b7 -+Output = 6a5594f402f74f69 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:9b208e7ee1e641fac1dff48fc1beb2d2 -+Output = 556ed67e24ac0c7c46cc432da8bdb23c -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:4d2572539fed433211da28c8a0eebac3 -+Output = 5a4054c59c5b92814025578f43c1b79fe84968fc284e240b -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:4e1e70c9886819a31bc29a537911add9 -+Output = ddbfc440449aab4131c6d8aec08ce1496f2702241d0e27cc155c5c7c3cda75b5 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:68f144c952528e540c686dc353b766f2 -+Output = 59ed66bb6f54a9688a0b891d0b2ea6743621d9e1b5cc098cf3a55e6f864f9af8a95e4d945d2f987f -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:b66c9d507c9f837fbe60b6675fdbf38b -+Output = c282787ddf421a72fc88811be81b08d0d6ab66c92d1011974aa58335a6bbbd62e9e982bfae5929865ea1d517247089d2 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:34e730b49e46c7ed2fb25975a4cccd2d -+Output = 39e76e6571cb00740260b9070accbdcc4a492c295cbef33d9e37dac21e5e9d07e0f12dc7063d2172641475d4e08b8e3712fb26a10c8376b8 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:e340d87e2d7adbc1b95ec2dbdc3b82be -+Output = a660c0037a53f76f1e7667043f5869348ad07ac0e272e615ce31f16d4ab90d4b35fe5c370c0010ce79aff45682c6fb8b97f9a05b7d40b5af3c62999a10df9c6d -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA256 -+Ctrl.hexsecret = hexsecret:afc4e154498d4770aa8365f6903dc83b -+Ctrl.hexinfo = hexinfo:662af20379b29d5ef813e655 -+Output = f0b80d6ae4c1e19e2105a37024e35dc6 -+ -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA512 -+Ctrl.hexsecret = hexsecret:108cf63318555c787fa578731dd4f037 -+Ctrl.hexinfo = hexinfo:53191b1dd3f94d83084d61d6 -+Output = 0ad475c1826da3007637970c8b92b993 -+ -+Title = SSKDF Test vectors from RFC 8636 Section 8 (With precoumputed ASN.1 info) -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA1 -+Ctrl.hexsecret = hexsecret:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -+Ctrl.hexinfo = hexinfo:307e300a06082b06010502030601a01f041d301ba0071b0553552e5345a110300ea003020101a10730051b036c6861a12904273025a0071b0553552e5345a11a3018a003020101a111300f1b066b72627467741b0553552e5345a22404223020a003020112a10c040aaaaaaaaaaaaaaaaaaaaaa20b0409bbbbbbbbbbbbbbbbbb -+Output = e6ab38c9413e035bb079201ed0b6b73d8d49a814a737c04ee6649614206f73ad -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA256 -+Ctrl.hexsecret = hexsecret:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -+Ctrl.hexinfo = hexinfo:307e300a06082b06010502030602a01f041d301ba0071b0553552e5345a110300ea003020101a10730051b036c6861a12904273025a0071b0553552e5345a11a3018a003020101a111300f1b066b72627467741b0553552e5345a22404223020a003020112a10c040aaaaaaaaaaaaaaaaaaaaaa20b0409bbbbbbbbbbbbbbbbbb -+Output = 77ef4e48c420ae3fec75109d7981697eed5d295c90c62564f7bfd101fa9bc1d5 -+ -+KDF = SSKDF -+Ctrl.digest = digest:SHA512 -+Ctrl.hexsecret = hexsecret:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -+Ctrl.hexinfo = hexinfo:307e300a06082b06010502030603a01f041d301ba0071b0553552e5345a110300ea003020101a10730051b036c6861a12904273025a0071b0553552e5345a11a3018a003020101a111300f1b066b72627467741b0553552e5345a22404223020a003020110a10c040aaaaaaaaaaaaaaaaaaaaaa20b0409bbbbbbbbbbbbbbbbbb -+Output = d3c78b78d75313e9a926f75dfb012363fa17fa01db diff --git a/openssl-1.1.1-man-rename.patch b/openssl-1.1.1-man-rename.patch deleted file mode 100644 index 4e504b4..0000000 --- a/openssl-1.1.1-man-rename.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff -up openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename openssl-1.1.1-pre9/doc/man1/openssl.pod ---- openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename 2018-08-21 14:14:13.000000000 +0200 -+++ openssl-1.1.1-pre9/doc/man1/openssl.pod 2018-08-22 12:13:04.092568064 +0200 -@@ -482,13 +482,13 @@ L, L, L - L, L, - L, L, L, L, L, - L, L, L, --L, - L, L, L, - L, L, L, L, --L, L, L, L, -+L, L, L, - L, L, - L, L, L, - L, L, L, L, L, -+L, L, - L, - L, L, L, - L, L, L diff --git a/openssl-1.1.1-no-brainpool.patch b/openssl-1.1.1-no-brainpool.patch deleted file mode 100644 index 90c87a8..0000000 --- a/openssl-1.1.1-no-brainpool.patch +++ /dev/null @@ -1,112 +0,0 @@ -diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in ---- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool 2019-09-10 15:13:07.000000000 +0200 -+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in 2019-09-13 15:11:07.358687169 +0200 -@@ -147,22 +147,22 @@ our @tests = ( - { - name => "ECDSA with brainpool", - server => { -- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), -- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), -- "Groups" => "brainpoolP256r1", -+ "Certificate" => test_pem("server-ecdsa-cert.pem"), -+ "PrivateKey" => test_pem("server-ecdsa-key.pem"), -+# "Groups" => "brainpoolP256r1", - }, - client => { - #We don't restrict this to TLSv1.2, although use of brainpool - #should force this anyway so that this should succeed - "CipherString" => "aECDSA", - "RequestCAFile" => test_pem("root-cert.pem"), -- "Groups" => "brainpoolP256r1", -+# "Groups" => "brainpoolP256r1", - }, - test => { -- "ExpectedServerCertType" =>, "brainpoolP256r1", -- "ExpectedServerSignType" =>, "EC", -+# "ExpectedServerCertType" =>, "brainpoolP256r1", -+# "ExpectedServerSignType" =>, "EC", - # Note: certificate_authorities not sent for TLS < 1.3 -- "ExpectedServerCANames" =>, "empty", -+# "ExpectedServerCANames" =>, "empty", - "ExpectedResult" => "Success" - }, - }, -@@ -853,18 +853,18 @@ my @tests_tls_1_3 = ( - { - name => "TLS 1.3 ECDSA with brainpool", - server => { -- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), -- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), -- "Groups" => "brainpoolP256r1", -+ "Certificate" => test_pem("server-ecdsa-cert.pem"), -+ "PrivateKey" => test_pem("server-ecdsa-key.pem"), -+# "Groups" => "brainpoolP256r1", - }, - client => { - "RequestCAFile" => test_pem("root-cert.pem"), -- "Groups" => "brainpoolP256r1", -+# "Groups" => "brainpoolP256r1", - "MinProtocol" => "TLSv1.3", - "MaxProtocol" => "TLSv1.3" - }, - test => { -- "ExpectedResult" => "ServerFail" -+ "ExpectedResult" => "Success" - }, - }, - ); -diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf ---- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool 2019-09-10 15:13:07.000000000 +0200 -+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf 2019-09-13 15:12:27.380288469 +0200 -@@ -238,23 +238,18 @@ server = 5-ECDSA with brainpool-server - client = 5-ECDSA with brainpool-client - - [5-ECDSA with brainpool-server] --Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem -+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem - CipherString = DEFAULT --Groups = brainpoolP256r1 --PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem -+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem - - [5-ECDSA with brainpool-client] - CipherString = aECDSA --Groups = brainpoolP256r1 - RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem - VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem - VerifyMode = Peer - - [test-5] - ExpectedResult = Success --ExpectedServerCANames = empty --ExpectedServerCertType = brainpoolP256r1 --ExpectedServerSignType = EC - - - # =========================================================== -@@ -1713,14 +1708,12 @@ server = 52-TLS 1.3 ECDSA with brainpool - client = 52-TLS 1.3 ECDSA with brainpool-client - - [52-TLS 1.3 ECDSA with brainpool-server] --Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem -+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem - CipherString = DEFAULT --Groups = brainpoolP256r1 --PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem -+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem - - [52-TLS 1.3 ECDSA with brainpool-client] - CipherString = DEFAULT --Groups = brainpoolP256r1 - MaxProtocol = TLSv1.3 - MinProtocol = TLSv1.3 - RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -@@ -1728,7 +1721,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro - VerifyMode = Peer - - [test-52] --ExpectedResult = ServerFail -+ExpectedResult = Success - - - # =========================================================== diff --git a/openssl-1.1.1-no-html.patch b/openssl-1.1.1-no-html.patch deleted file mode 100644 index d0e335e..0000000 --- a/openssl-1.1.1-no-html.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html openssl-1.1.1f/Configurations/unix-Makefile.tmpl ---- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html 2020-04-07 16:45:21.904083989 +0200 -+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-04-07 16:45:56.218461895 +0200 -@@ -544,7 +544,7 @@ install_sw: install_dev install_engines - - uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev - --install_docs: install_man_docs install_html_docs -+install_docs: install_man_docs - - uninstall_docs: uninstall_man_docs uninstall_html_docs - $(RM) -r "$(DESTDIR)$(DOCDIR)" diff --git a/openssl-1.1.1-no-weak-verify.patch b/openssl-1.1.1-no-weak-verify.patch deleted file mode 100644 index 5756c68..0000000 --- a/openssl-1.1.1-no-weak-verify.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c ---- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/asn1/a_verify.c 2019-02-28 11:25:31.531862873 +0100 -@@ -7,6 +7,9 @@ - * https://www.openssl.org/source/license.html - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE -+ - #include - #include - #include -@@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it - if (ret != 2) - goto err; - ret = -1; -+ } else if ((mdnid == NID_md5 -+ && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) || -+ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) { -+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, -+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); -+ goto err; - } else { - const EVP_MD *type = EVP_get_digestbynid(mdnid); - diff --git a/openssl-1.1.1-rewire-fips-drbg.patch b/openssl-1.1.1-rewire-fips-drbg.patch deleted file mode 100644 index 4d04d37..0000000 --- a/openssl-1.1.1-rewire-fips-drbg.patch +++ /dev/null @@ -1,170 +0,0 @@ -diff -up openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_lib.c ---- openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200 -+++ openssl-1.1.1g/crypto/fips/fips_drbg_lib.c 2020-06-22 13:32:47.675852917 +0200 -@@ -337,6 +337,19 @@ static int drbg_reseed(DRBG_CTX *dctx, - int FIPS_drbg_reseed(DRBG_CTX *dctx, - const unsigned char *adin, size_t adinlen) - { -+ int len = (int)adinlen; -+ -+ if (len < 0 || (size_t)len != adinlen) { -+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG); -+ return 0; -+ } -+ RAND_seed(adin, len); -+ return 1; -+} -+ -+int FIPS_drbg_reseed_internal(DRBG_CTX *dctx, -+ const unsigned char *adin, size_t adinlen) -+{ - return drbg_reseed(dctx, adin, adinlen, 1); - } - -@@ -358,6 +371,19 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, u - int prediction_resistance, - const unsigned char *adin, size_t adinlen) - { -+ int len = (int)outlen; -+ -+ if (len < 0 || (size_t)len != outlen) { -+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG); -+ return 0; -+ } -+ return RAND_bytes(out, len); -+} -+ -+int FIPS_drbg_generate_internal(DRBG_CTX *dctx, unsigned char *out, size_t outlen, -+ int prediction_resistance, -+ const unsigned char *adin, size_t adinlen) -+{ - int r = 0; - - if (FIPS_selftest_failed()) { -diff -up openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_rand.c ---- openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200 -+++ openssl-1.1.1g/crypto/fips/fips_drbg_rand.c 2020-06-22 13:32:47.675852917 +0200 -@@ -57,6 +57,8 @@ - #include - #include - #include -+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal -+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal - #include - #include "fips_rand_lcl.h" - -diff -up openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c ---- openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg 2020-06-22 13:32:47.612852927 +0200 -+++ openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c 2020-06-22 13:32:47.675852917 +0200 -@@ -55,6 +55,8 @@ - #include - #include - #include -+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal -+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal - #include - #include "fips_rand_lcl.h" - #include "fips_locl.h" -diff -up openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_post.c ---- openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200 -+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-06-22 13:32:47.675852917 +0200 -@@ -79,8 +79,6 @@ int FIPS_selftest(void) - ERR_add_error_data(2, "Type=", "rand_drbg_selftest"); - rv = 0; - } -- if (!FIPS_selftest_drbg()) -- rv = 0; - if (!FIPS_selftest_sha1()) - rv = 0; - if (!FIPS_selftest_sha2()) -diff -up openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_rand_lib.c ---- openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.613852927 +0200 -+++ openssl-1.1.1g/crypto/fips/fips_rand_lib.c 2020-06-22 13:36:28.722817967 +0200 -@@ -120,6 +120,7 @@ void FIPS_rand_reset(void) - - int FIPS_rand_seed(const void *buf, int num) - { -+#if 0 - if (!fips_approved_rand_meth && FIPS_module_mode()) { - FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD); - return 0; -@@ -127,10 +128,15 @@ int FIPS_rand_seed(const void *buf, int - if (fips_rand_meth && fips_rand_meth->seed) - fips_rand_meth->seed(buf, num); - return 1; -+#else -+ RAND_seed(buf, num); -+ return 1; -+#endif - } - - int FIPS_rand_bytes(unsigned char *buf, int num) - { -+#if 0 - if (!fips_approved_rand_meth && FIPS_module_mode()) { - FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD); - return 0; -@@ -138,10 +144,14 @@ int FIPS_rand_bytes(unsigned char *buf, - if (fips_rand_meth && fips_rand_meth->bytes) - return fips_rand_meth->bytes(buf, num); - return 0; -+#else -+ return RAND_bytes(buf, num); -+#endif - } - - int FIPS_rand_status(void) - { -+#if 0 - if (!fips_approved_rand_meth && FIPS_module_mode()) { - FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD); - return 0; -@@ -149,6 +159,9 @@ int FIPS_rand_status(void) - if (fips_rand_meth && fips_rand_meth->status) - return fips_rand_meth->status(); - return 0; -+#else -+ return RAND_status(); -+#endif - } - - /* Return instantiated strength of PRNG. For DRBG this is an internal -diff -up openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips.h ---- openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200 -+++ openssl-1.1.1g/include/openssl/fips.h 2020-06-22 13:32:47.675852917 +0200 -@@ -64,6 +64,11 @@ extern "C" { - - int FIPS_selftest(void); - int FIPS_selftest_failed(void); -+ -+ /* -+ * This function is deprecated as it performs selftest of the old FIPS drbg -+ * implementation that is not validated. -+ */ - int FIPS_selftest_drbg_all(void); - - int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, -diff -up openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips_rand.h ---- openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg 2020-06-22 13:32:47.617852926 +0200 -+++ openssl-1.1.1g/include/openssl/fips_rand.h 2020-06-22 13:32:47.675852917 +0200 -@@ -60,6 +60,20 @@ - # ifdef __cplusplus - extern "C" { - # endif -+ -+/* -+ * IMPORTANT NOTE: -+ * All functions in this header file are deprecated and should not be used -+ * as they use the old FIPS_drbg implementation that is not FIPS validated -+ * anymore. -+ * To provide backwards compatibility for applications that need FIPS compliant -+ * RNG number generation and use FIPS_drbg_generate, this function was -+ * re-wired to call the FIPS validated DRBG instance instead through -+ * the RAND_bytes() call. -+ * -+ * All these functions will be removed in future. -+ */ -+ - typedef struct drbg_ctx_st DRBG_CTX; - /* DRBG external flags */ - /* Flag for CTR mode only: use derivation function ctr_df */ diff --git a/openssl-1.1.1-s390x-ecc.patch b/openssl-1.1.1-s390x-ecc.patch deleted file mode 100644 index 6b5963f..0000000 --- a/openssl-1.1.1-s390x-ecc.patch +++ /dev/null @@ -1,2306 +0,0 @@ -diff -up openssl-1.1.1g/Configurations/00-base-templates.conf.s390x-ecc openssl-1.1.1g/Configurations/00-base-templates.conf ---- openssl-1.1.1g/Configurations/00-base-templates.conf.s390x-ecc 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/Configurations/00-base-templates.conf 2020-05-18 12:45:40.855234262 +0200 -@@ -289,6 +289,7 @@ my %targets=( - template => 1, - cpuid_asm_src => "s390xcap.c s390xcpuid.S", - bn_asm_src => "asm/s390x.S s390x-mont.S s390x-gf2m.s", -+ ec_asm_src => "ecp_s390x_nistp.c", - aes_asm_src => "aes-s390x.S aes-ctr.fake aes-xts.fake", - sha1_asm_src => "sha1-s390x.S sha256-s390x.S sha512-s390x.S", - rc4_asm_src => "rc4-s390x.s", -diff -up openssl-1.1.1g/Configure.s390x-ecc openssl-1.1.1g/Configure ---- openssl-1.1.1g/Configure.s390x-ecc 2020-05-18 12:45:40.781233618 +0200 -+++ openssl-1.1.1g/Configure 2020-05-18 12:45:40.856234270 +0200 -@@ -1398,6 +1398,9 @@ unless ($disabled{asm}) { - if ($target{ec_asm_src} =~ /ecp_nistz256/) { - push @{$config{lib_defines}}, "ECP_NISTZ256_ASM"; - } -+ if ($target{ec_asm_src} =~ /ecp_s390x_nistp/) { -+ push @{$config{lib_defines}}, "S390X_EC_ASM"; -+ } - if ($target{ec_asm_src} =~ /x25519/) { - push @{$config{lib_defines}}, "X25519_ASM"; - } -diff -up openssl-1.1.1g/crypto/cmac/cm_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/cmac/cm_pmeth.c ---- openssl-1.1.1g/crypto/cmac/cm_pmeth.c.s390x-ecc 2020-05-18 12:45:40.782233627 +0200 -+++ openssl-1.1.1g/crypto/cmac/cm_pmeth.c 2020-05-18 12:45:42.661249957 +0200 -@@ -159,3 +159,8 @@ const EVP_PKEY_METHOD cmac_pkey_meth = { - pkey_cmac_ctrl, - pkey_cmac_ctrl_str - }; -+ -+const EVP_PKEY_METHOD *cmac_pkey_method(void) -+{ -+ return &cmac_pkey_meth; -+} -diff -up openssl-1.1.1g/crypto/dh/dh_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/dh/dh_pmeth.c ---- openssl-1.1.1g/crypto/dh/dh_pmeth.c.s390x-ecc 2020-05-18 12:45:40.782233627 +0200 -+++ openssl-1.1.1g/crypto/dh/dh_pmeth.c 2020-05-18 12:45:42.661249957 +0200 -@@ -512,6 +512,11 @@ const EVP_PKEY_METHOD dh_pkey_meth = { - pkey_dh_ctrl_str - }; - -+const EVP_PKEY_METHOD *dh_pkey_method(void) -+{ -+ return &dh_pkey_meth; -+} -+ - const EVP_PKEY_METHOD dhx_pkey_meth = { - EVP_PKEY_DHX, - EVP_PKEY_FLAG_FIPS, -@@ -545,3 +550,8 @@ const EVP_PKEY_METHOD dhx_pkey_meth = { - pkey_dh_ctrl, - pkey_dh_ctrl_str - }; -+ -+const EVP_PKEY_METHOD *dhx_pkey_method(void) -+{ -+ return &dhx_pkey_meth; -+} -diff -up openssl-1.1.1g/crypto/dsa/dsa_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/dsa/dsa_pmeth.c ---- openssl-1.1.1g/crypto/dsa/dsa_pmeth.c.s390x-ecc 2020-05-18 12:45:40.783233636 +0200 -+++ openssl-1.1.1g/crypto/dsa/dsa_pmeth.c 2020-05-18 12:45:42.662249966 +0200 -@@ -271,3 +271,8 @@ const EVP_PKEY_METHOD dsa_pkey_meth = { - pkey_dsa_ctrl, - pkey_dsa_ctrl_str - }; -+ -+const EVP_PKEY_METHOD *dsa_pkey_method(void) -+{ -+ return &dsa_pkey_meth; -+} -diff -up openssl-1.1.1g/crypto/ec/build.info.s390x-ecc openssl-1.1.1g/crypto/ec/build.info ---- openssl-1.1.1g/crypto/ec/build.info.s390x-ecc 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/ec/build.info 2020-05-18 12:45:42.662249966 +0200 -@@ -26,6 +26,9 @@ GENERATE[ecp_nistz256-armv8.S]=asm/ecp_n - INCLUDE[ecp_nistz256-armv8.o]=.. - GENERATE[ecp_nistz256-ppc64.s]=asm/ecp_nistz256-ppc64.pl $(PERLASM_SCHEME) - -+INCLUDE[ecp_s390x_nistp.o]=.. -+INCLUDE[ecx_meth.o]=.. -+ - GENERATE[x25519-x86_64.s]=asm/x25519-x86_64.pl $(PERLASM_SCHEME) - GENERATE[x25519-ppc64.s]=asm/x25519-ppc64.pl $(PERLASM_SCHEME) - -diff -up openssl-1.1.1g/crypto/ec/ec_curve.c.s390x-ecc openssl-1.1.1g/crypto/ec/ec_curve.c ---- openssl-1.1.1g/crypto/ec/ec_curve.c.s390x-ecc 2020-05-18 12:45:40.753233375 +0200 -+++ openssl-1.1.1g/crypto/ec/ec_curve.c 2020-05-18 12:45:42.663249975 +0200 -@@ -255,20 +255,29 @@ static const ec_list_element curve_list[ - {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, - "SECG curve over a 256 bit prime field"}, - /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ -- {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, -+ {NID_secp384r1, &_EC_NIST_PRIME_384.h, -+# if defined(S390X_EC_ASM) -+ EC_GFp_s390x_nistp384_method, -+# else -+ 0, -+# endif - "NIST/SECG curve over a 384 bit prime field"}, --#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 -- {NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method, -- "NIST/SECG curve over a 521 bit prime field"}, --#else -- {NID_secp521r1, &_EC_NIST_PRIME_521.h, 0, -+ {NID_secp521r1, &_EC_NIST_PRIME_521.h, -+# if defined(S390X_EC_ASM) -+ EC_GFp_s390x_nistp521_method, -+# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) -+ EC_GFp_nistp521_method, -+# else -+ 0, -+# endif - "NIST/SECG curve over a 521 bit prime field"}, --#endif - /* X9.62 curves */ - {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, - #if defined(ECP_NISTZ256_ASM) - EC_GFp_nistz256_method, --#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) -+# elif defined(S390X_EC_ASM) -+ EC_GFp_s390x_nistp256_method, -+# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) - EC_GFp_nistp256_method, - #else - 0, -diff -up openssl-1.1.1g/crypto/ec/ecdsa_ossl.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecdsa_ossl.c ---- openssl-1.1.1g/crypto/ec/ecdsa_ossl.c.s390x-ecc 2020-05-18 12:45:40.784233644 +0200 -+++ openssl-1.1.1g/crypto/ec/ecdsa_ossl.c 2020-05-18 12:45:42.664249983 +0200 -@@ -18,6 +18,41 @@ - # include - #endif - -+int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, -+ BIGNUM **rp) -+{ -+ if (eckey->group->meth->ecdsa_sign_setup == NULL) { -+ ECerr(EC_F_OSSL_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA); -+ return 0; -+ } -+ -+ return eckey->group->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); -+} -+ -+ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, -+ const BIGNUM *in_kinv, const BIGNUM *in_r, -+ EC_KEY *eckey) -+{ -+ if (eckey->group->meth->ecdsa_sign_sig == NULL) { -+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA); -+ return NULL; -+ } -+ -+ return eckey->group->meth->ecdsa_sign_sig(dgst, dgst_len, -+ in_kinv, in_r, eckey); -+} -+ -+int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, -+ const ECDSA_SIG *sig, EC_KEY *eckey) -+{ -+ if (eckey->group->meth->ecdsa_verify_sig == NULL) { -+ ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA); -+ return 0; -+ } -+ -+ return eckey->group->meth->ecdsa_verify_sig(dgst, dgst_len, sig, eckey); -+} -+ - int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) -@@ -149,15 +184,15 @@ static int ecdsa_sign_setup(EC_KEY *ecke - return ret; - } - --int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, -- BIGNUM **rp) -+int ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, -+ BIGNUM **rp) - { - return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0); - } - --ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, -- const BIGNUM *in_kinv, const BIGNUM *in_r, -- EC_KEY *eckey) -+ECDSA_SIG *ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len, -+ const BIGNUM *in_kinv, const BIGNUM *in_r, -+ EC_KEY *eckey) - { - int ok = 0, i; - BIGNUM *kinv = NULL, *s, *m = NULL; -@@ -218,25 +253,25 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns - if (8 * dgst_len > i) - dgst_len = (i + 7) / 8; - if (!BN_bin2bn(dgst, dgst_len, m)) { -- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); -+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } - /* If still too long, truncate remaining bits with a shift */ - if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { -- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); -+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } - do { - if (in_kinv == NULL || in_r == NULL) { - if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len)) { -- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_ECDSA_LIB); -+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_ECDSA_LIB); - goto err; - } - ckinv = kinv; - } else { - ckinv = in_kinv; - if (BN_copy(ret->r, in_r) == NULL) { -- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); -+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE); - goto err; - } - } -@@ -250,11 +285,11 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns - */ - if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx) - || !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) { -- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); -+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } - if (!bn_mod_add_fixed_top(s, s, m, order)) { -- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); -+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } - /* -@@ -263,7 +298,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns - */ - if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx) - || !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) { -- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); -+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } - -@@ -273,7 +308,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns - * generate new kinv and r values - */ - if (in_kinv != NULL && in_r != NULL) { -- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES); -+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES); - goto err; - } - } else { -@@ -325,8 +360,8 @@ int ossl_ecdsa_verify(int type, const un - return ret; - } - --int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, -- const ECDSA_SIG *sig, EC_KEY *eckey) -+int ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len, -+ const ECDSA_SIG *sig, EC_KEY *eckey) - { - int ret = -1, i; - BN_CTX *ctx; -@@ -346,18 +381,18 @@ int ossl_ecdsa_verify_sig(const unsigned - /* check input values */ - if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || - (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_MISSING_PARAMETERS); -+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_MISSING_PARAMETERS); - return -1; - } - - if (!EC_KEY_can_sign(eckey)) { -- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); -+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); - return -1; - } - - ctx = BN_CTX_new(); - if (ctx == NULL) { -- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE); -+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_MALLOC_FAILURE); - return -1; - } - BN_CTX_start(ctx); -@@ -366,26 +401,26 @@ int ossl_ecdsa_verify_sig(const unsigned - m = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - if (X == NULL) { -- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); -+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB); - goto err; - } - - order = EC_GROUP_get0_order(group); - if (order == NULL) { -- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); -+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB); - goto err; - } - - if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || - BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || - BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { -- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_BAD_SIGNATURE); -+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_BAD_SIGNATURE); - ret = 0; /* signature is invalid */ - goto err; - } - /* calculate tmp1 = inv(S) mod order */ - if (!ec_group_do_inverse_ord(group, u2, sig->s, ctx)) { -- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); -+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB); - goto err; - } - /* digest -> m */ -@@ -396,41 +431,41 @@ int ossl_ecdsa_verify_sig(const unsigned - if (8 * dgst_len > i) - dgst_len = (i + 7) / 8; - if (!BN_bin2bn(dgst, dgst_len, m)) { -- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); -+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB); - goto err; - } - /* If still too long truncate remaining bits with a shift */ - if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { -- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); -+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB); - goto err; - } - /* u1 = m * tmp mod order */ - if (!BN_mod_mul(u1, m, u2, order, ctx)) { -- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); -+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB); - goto err; - } - /* u2 = r * w mod q */ - if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) { -- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); -+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB); - goto err; - } - - if ((point = EC_POINT_new(group)) == NULL) { -- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE); -+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) { -- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); -+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB); - goto err; - } - - if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) { -- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); -+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB); - goto err; - } - - if (!BN_nnmod(u1, X, order, ctx)) { -- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); -+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB); - goto err; - } - /* if the signature is correct u1 is equal to sig->r */ -diff -up openssl-1.1.1g/crypto/ec/ec_err.c.s390x-ecc openssl-1.1.1g/crypto/ec/ec_err.c ---- openssl-1.1.1g/crypto/ec/ec_err.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/ec/ec_err.c 2020-05-18 12:45:42.664249983 +0200 -@@ -31,6 +31,11 @@ static const ERR_STRING_DATA EC_str_func - {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_SETUP, 0), "ECDSA_sign_setup"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIG_NEW, 0), "ECDSA_SIG_new"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_VERIFY, 0), "ECDSA_verify"}, -+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIMPLE_SIGN_SETUP, 0), "ecdsa_simple_sign_setup"}, -+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIMPLE_SIGN_SIG, 0), "ecdsa_simple_sign_sig"}, -+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIMPLE_VERIFY_SIG, 0), "ecdsa_simple_verify_sig"}, -+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_S390X_NISTP_SIGN_SIG, 0), "ecdsa_s390x_nistp_sign_sig"}, -+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, 0), "ecdsa_s390x_nistp_verify_sig"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECD_ITEM_VERIFY, 0), "ecd_item_verify"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM2TYPE, 0), "eckey_param2type"}, - {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM_DECODE, 0), "eckey_param_decode"}, -@@ -266,6 +271,7 @@ static const ERR_STRING_DATA EC_str_func - {ERR_PACK(ERR_LIB_EC, EC_F_OLD_EC_PRIV_DECODE, 0), "old_ec_priv_decode"}, - {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDH_COMPUTE_KEY, 0), - "ossl_ecdh_compute_key"}, -+ {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_SIGN_SETUP, 0), "ossl_ecdsa_sign_setup"}, - {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_SIGN_SIG, 0), "ossl_ecdsa_sign_sig"}, - {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_VERIFY_SIG, 0), - "ossl_ecdsa_verify_sig"}, -@@ -284,6 +290,12 @@ static const ERR_STRING_DATA EC_str_func - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KEYGEN, 0), "pkey_ec_keygen"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_PARAMGEN, 0), "pkey_ec_paramgen"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, 0), "pkey_ec_sign"}, -+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_DIGESTSIGN25519, 0), "s390x_pkey_ecd_digestsign25519"}, -+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_DIGESTSIGN448, 0), "s390x_pkey_ecd_digestsign448"}, -+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_KEYGEN25519, 0), "s390x_pkey_ecd_keygen25519"}, -+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_KEYGEN448, 0), "s390x_pkey_ecd_keygen448"}, -+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECX_KEYGEN25519, 0), "s390x_pkey_ecx_keygen25519"}, -+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECX_KEYGEN448, 0), "s390x_pkey_ecx_keygen448"}, - {ERR_PACK(ERR_LIB_EC, EC_F_VALIDATE_ECX_DERIVE, 0), "validate_ecx_derive"}, - {0, NULL} - }; -@@ -298,6 +310,8 @@ static const ERR_STRING_DATA EC_str_reas - "coordinates out of range"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH), - "curve does not support ecdh"}, -+ {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA), -+ "curve does not support ecdsa"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING), - "curve does not support signing"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_D2I_ECPKPARAMETERS_FAILURE), -diff -up openssl-1.1.1g/crypto/ec/ec_local.h.s390x-ecc openssl-1.1.1g/crypto/ec/ec_local.h ---- openssl-1.1.1g/crypto/ec/ec_local.h.s390x-ecc 2020-05-18 12:45:40.554231646 +0200 -+++ openssl-1.1.1g/crypto/ec/ec_local.h 2020-05-18 12:45:44.564266496 +0200 -@@ -179,6 +179,14 @@ struct ec_method_st { - /* custom ECDH operation */ - int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen, - const EC_POINT *pub_key, const EC_KEY *ecdh); -+ /* custom ECDSA */ -+ int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinvp, -+ BIGNUM **rp); -+ ECDSA_SIG *(*ecdsa_sign_sig)(const unsigned char *dgst, int dgstlen, -+ const BIGNUM *kinv, const BIGNUM *r, -+ EC_KEY *eckey); -+ int (*ecdsa_verify_sig)(const unsigned char *dgst, int dgstlen, -+ const ECDSA_SIG *sig, EC_KEY *eckey); - /* Inverse modulo order */ - int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r, - const BIGNUM *x, BN_CTX *); -@@ -587,6 +595,11 @@ int ec_group_simple_order_bits(const EC_ - */ - const EC_METHOD *EC_GFp_nistz256_method(void); - #endif -+#ifdef S390X_EC_ASM -+const EC_METHOD *EC_GFp_s390x_nistp256_method(void); -+const EC_METHOD *EC_GFp_s390x_nistp384_method(void); -+const EC_METHOD *EC_GFp_s390x_nistp521_method(void); -+#endif - - size_t ec_key_simple_priv2oct(const EC_KEY *eckey, - unsigned char *buf, size_t len); -@@ -651,6 +664,13 @@ int ossl_ecdsa_verify(int type, const un - const unsigned char *sigbuf, int sig_len, EC_KEY *eckey); - int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); -+int ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, -+ BIGNUM **rp); -+ECDSA_SIG *ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len, -+ const BIGNUM *in_kinv, const BIGNUM *in_r, -+ EC_KEY *eckey); -+int ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len, -+ const ECDSA_SIG *sig, EC_KEY *eckey); - - int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, - const uint8_t public_key[32], const uint8_t private_key[32]); -diff -up openssl-1.1.1g/crypto/ec/ec_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/ec/ec_pmeth.c ---- openssl-1.1.1g/crypto/ec/ec_pmeth.c.s390x-ecc 2020-05-18 12:45:40.784233644 +0200 -+++ openssl-1.1.1g/crypto/ec/ec_pmeth.c 2020-05-18 12:45:44.565266505 +0200 -@@ -474,3 +474,8 @@ const EVP_PKEY_METHOD ec_pkey_meth = { - pkey_ec_ctrl, - pkey_ec_ctrl_str - }; -+ -+const EVP_PKEY_METHOD *ec_pkey_method(void) -+{ -+ return &ec_pkey_meth; -+} -diff -up openssl-1.1.1g/crypto/ec/ecp_mont.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecp_mont.c ---- openssl-1.1.1g/crypto/ec/ecp_mont.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/ec/ecp_mont.c 2020-05-18 12:45:44.567266523 +0200 -@@ -63,6 +63,9 @@ const EC_METHOD *EC_GFp_mont_method(void - 0, /* keycopy */ - 0, /* keyfinish */ - ecdh_simple_compute_key, -+ ecdsa_simple_sign_setup, -+ ecdsa_simple_sign_sig, -+ ecdsa_simple_verify_sig, - 0, /* field_inverse_mod_ord */ - ec_GFp_simple_blind_coordinates, - ec_GFp_simple_ladder_pre, -diff -up openssl-1.1.1g/crypto/ec/ecp_nist.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecp_nist.c ---- openssl-1.1.1g/crypto/ec/ecp_nist.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/ec/ecp_nist.c 2020-05-18 12:45:44.567266523 +0200 -@@ -65,6 +65,9 @@ const EC_METHOD *EC_GFp_nist_method(void - 0, /* keycopy */ - 0, /* keyfinish */ - ecdh_simple_compute_key, -+ ecdsa_simple_sign_setup, -+ ecdsa_simple_sign_sig, -+ ecdsa_simple_verify_sig, - 0, /* field_inverse_mod_ord */ - ec_GFp_simple_blind_coordinates, - ec_GFp_simple_ladder_pre, -diff -up openssl-1.1.1g/crypto/ec/ecp_nistp224.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecp_nistp224.c ---- openssl-1.1.1g/crypto/ec/ecp_nistp224.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/ec/ecp_nistp224.c 2020-05-18 12:45:44.568266531 +0200 -@@ -292,6 +292,9 @@ const EC_METHOD *EC_GFp_nistp224_method( - 0, /* keycopy */ - 0, /* keyfinish */ - ecdh_simple_compute_key, -+ ecdsa_simple_sign_setup, -+ ecdsa_simple_sign_sig, -+ ecdsa_simple_verify_sig, - 0, /* field_inverse_mod_ord */ - 0, /* blind_coordinates */ - 0, /* ladder_pre */ -diff -up openssl-1.1.1g/crypto/ec/ecp_nistp256.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecp_nistp256.c ---- openssl-1.1.1g/crypto/ec/ecp_nistp256.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/ec/ecp_nistp256.c 2020-05-18 12:45:44.568266531 +0200 -@@ -1829,6 +1829,9 @@ const EC_METHOD *EC_GFp_nistp256_method( - 0, /* keycopy */ - 0, /* keyfinish */ - ecdh_simple_compute_key, -+ ecdsa_simple_sign_setup, -+ ecdsa_simple_sign_sig, -+ ecdsa_simple_verify_sig, - 0, /* field_inverse_mod_ord */ - 0, /* blind_coordinates */ - 0, /* ladder_pre */ -diff -up openssl-1.1.1g/crypto/ec/ecp_nistp521.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecp_nistp521.c ---- openssl-1.1.1g/crypto/ec/ecp_nistp521.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/ec/ecp_nistp521.c 2020-05-18 12:45:44.569266540 +0200 -@@ -1669,6 +1669,9 @@ const EC_METHOD *EC_GFp_nistp521_method( - 0, /* keycopy */ - 0, /* keyfinish */ - ecdh_simple_compute_key, -+ ecdsa_simple_sign_setup, -+ ecdsa_simple_sign_sig, -+ ecdsa_simple_verify_sig, - 0, /* field_inverse_mod_ord */ - 0, /* blind_coordinates */ - 0, /* ladder_pre */ -diff -up openssl-1.1.1g/crypto/ec/ecp_nistz256.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecp_nistz256.c ---- openssl-1.1.1g/crypto/ec/ecp_nistz256.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/ec/ecp_nistz256.c 2020-05-18 12:45:44.570266549 +0200 -@@ -1720,6 +1720,9 @@ const EC_METHOD *EC_GFp_nistz256_method( - 0, /* keycopy */ - 0, /* keyfinish */ - ecdh_simple_compute_key, -+ ecdsa_simple_sign_setup, -+ ecdsa_simple_sign_sig, -+ ecdsa_simple_verify_sig, - ecp_nistz256_inv_mod_ord, /* can be #define-d NULL */ - 0, /* blind_coordinates */ - 0, /* ladder_pre */ -diff -up openssl-1.1.1g/crypto/ec/ecp_s390x_nistp.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecp_s390x_nistp.c ---- openssl-1.1.1g/crypto/ec/ecp_s390x_nistp.c.s390x-ecc 2020-05-18 12:45:44.571266557 +0200 -+++ openssl-1.1.1g/crypto/ec/ecp_s390x_nistp.c 2020-05-18 12:45:44.571266557 +0200 -@@ -0,0 +1,394 @@ -+/* -+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#include -+#include -+#include -+#include -+#include "ec_local.h" -+#include "s390x_arch.h" -+ -+/* Size of parameter blocks */ -+#define S390X_SIZE_PARAM 4096 -+ -+/* Size of fields in parameter blocks */ -+#define S390X_SIZE_P256 32 -+#define S390X_SIZE_P384 48 -+#define S390X_SIZE_P521 80 -+ -+/* Offsets of fields in PCC parameter blocks */ -+#define S390X_OFF_RES_X(n) (0 * n) -+#define S390X_OFF_RES_Y(n) (1 * n) -+#define S390X_OFF_SRC_X(n) (2 * n) -+#define S390X_OFF_SRC_Y(n) (3 * n) -+#define S390X_OFF_SCALAR(n) (4 * n) -+ -+/* Offsets of fields in KDSA parameter blocks */ -+#define S390X_OFF_R(n) (0 * n) -+#define S390X_OFF_S(n) (1 * n) -+#define S390X_OFF_H(n) (2 * n) -+#define S390X_OFF_K(n) (3 * n) -+#define S390X_OFF_X(n) (3 * n) -+#define S390X_OFF_RN(n) (4 * n) -+#define S390X_OFF_Y(n) (4 * n) -+ -+static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r, -+ const BIGNUM *scalar, -+ size_t num, const EC_POINT *points[], -+ const BIGNUM *scalars[], -+ BN_CTX *ctx, unsigned int fc, int len) -+{ -+ unsigned char param[S390X_SIZE_PARAM]; -+ BIGNUM *x, *y; -+ const EC_POINT *point_ptr = NULL; -+ const BIGNUM *scalar_ptr = NULL; -+ BN_CTX *new_ctx = NULL; -+ int rc = -1; -+ -+ if (ctx == NULL) { -+ ctx = new_ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ return 0; -+ } -+ -+ BN_CTX_start(ctx); -+ -+ x = BN_CTX_get(ctx); -+ y = BN_CTX_get(ctx); -+ if (x == NULL || y == NULL) { -+ rc = 0; -+ goto ret; -+ } -+ -+ /* -+ * Use PCC for EC keygen and ECDH key derivation: -+ * scalar * generator and scalar * peer public key, -+ * scalar in [0,order). -+ */ -+ if ((scalar != NULL && num == 0 && BN_is_negative(scalar) == 0) -+ || (scalar == NULL && num == 1 && BN_is_negative(scalars[0]) == 0)) { -+ -+ if (num == 0) { -+ point_ptr = EC_GROUP_get0_generator(group); -+ scalar_ptr = scalar; -+ } else { -+ point_ptr = points[0]; -+ scalar_ptr = scalars[0]; -+ } -+ -+ if (EC_POINT_is_at_infinity(group, point_ptr) == 1 -+ || BN_is_zero(scalar_ptr)) { -+ rc = EC_POINT_set_to_infinity(group, r); -+ goto ret; -+ } -+ -+ memset(¶m, 0, sizeof(param)); -+ -+ if (group->meth->point_get_affine_coordinates(group, point_ptr, -+ x, y, ctx) != 1 -+ || BN_bn2binpad(x, param + S390X_OFF_SRC_X(len), len) == -1 -+ || BN_bn2binpad(y, param + S390X_OFF_SRC_Y(len), len) == -1 -+ || BN_bn2binpad(scalar_ptr, -+ param + S390X_OFF_SCALAR(len), len) == -1 -+ || s390x_pcc(fc, param) != 0 -+ || BN_bin2bn(param + S390X_OFF_RES_X(len), len, x) == NULL -+ || BN_bin2bn(param + S390X_OFF_RES_Y(len), len, y) == NULL -+ || group->meth->point_set_affine_coordinates(group, r, -+ x, y, ctx) != 1) -+ goto ret; -+ -+ rc = 1; -+ } -+ -+ret: -+ /* Otherwise use default. */ -+ if (rc == -1) -+ rc = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); -+ OPENSSL_cleanse(param + S390X_OFF_SCALAR(len), len); -+ BN_CTX_end(ctx); -+ BN_CTX_free(new_ctx); -+ return rc; -+} -+ -+static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst, -+ int dgstlen, -+ const BIGNUM *kinv, -+ const BIGNUM *r, -+ EC_KEY *eckey, -+ unsigned int fc, int len) -+{ -+ unsigned char param[S390X_SIZE_PARAM]; -+ int ok = 0; -+ BIGNUM *k; -+ ECDSA_SIG *sig; -+ const EC_GROUP *group; -+ const BIGNUM *privkey; -+ int off; -+ -+ group = EC_KEY_get0_group(eckey); -+ privkey = EC_KEY_get0_private_key(eckey); -+ if (group == NULL || privkey == NULL) { -+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, EC_R_MISSING_PARAMETERS); -+ return NULL; -+ } -+ -+ if (!EC_KEY_can_sign(eckey)) { -+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, -+ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); -+ return NULL; -+ } -+ -+ k = BN_secure_new(); -+ sig = ECDSA_SIG_new(); -+ if (k == NULL || sig == NULL) { -+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_MALLOC_FAILURE); -+ goto ret; -+ } -+ -+ sig->r = BN_new(); -+ sig->s = BN_new(); -+ if (sig->r == NULL || sig->s == NULL) { -+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_MALLOC_FAILURE); -+ goto ret; -+ } -+ -+ memset(param, 0, sizeof(param)); -+ off = len - (dgstlen > len ? len : dgstlen); -+ memcpy(param + S390X_OFF_H(len) + off, dgst, len - off); -+ -+ if (BN_bn2binpad(privkey, param + S390X_OFF_K(len), len) == -1) { -+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_BN_LIB); -+ goto ret; -+ } -+ -+ if (r == NULL || kinv == NULL) { -+ /* -+ * Generate random k and copy to param param block. RAND_priv_bytes -+ * is used instead of BN_priv_rand_range or BN_generate_dsa_nonce -+ * because kdsa instruction constructs an in-range, invertible nonce -+ * internally implementing counter-measures for RNG weakness. -+ */ -+ if (RAND_priv_bytes(param + S390X_OFF_RN(len), len) != 1) { -+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, -+ EC_R_RANDOM_NUMBER_GENERATION_FAILED); -+ goto ret; -+ } -+ } else { -+ /* Reconstruct k = (k^-1)^-1. */ -+ if (ec_group_do_inverse_ord(group, k, kinv, NULL) == 0 -+ || BN_bn2binpad(k, param + S390X_OFF_RN(len), len) == -1) { -+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_BN_LIB); -+ goto ret; -+ } -+ /* Turns KDSA internal nonce-generation off. */ -+ fc |= S390X_KDSA_D; -+ } -+ -+ if (s390x_kdsa(fc, param, NULL, 0) != 0) { -+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_ECDSA_LIB); -+ goto ret; -+ } -+ -+ if (BN_bin2bn(param + S390X_OFF_R(len), len, sig->r) == NULL -+ || BN_bin2bn(param + S390X_OFF_S(len), len, sig->s) == NULL) { -+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_BN_LIB); -+ goto ret; -+ } -+ -+ ok = 1; -+ret: -+ OPENSSL_cleanse(param + S390X_OFF_K(len), 2 * len); -+ if (ok != 1) { -+ ECDSA_SIG_free(sig); -+ sig = NULL; -+ } -+ BN_clear_free(k); -+ return sig; -+} -+ -+static int ecdsa_s390x_nistp_verify_sig(const unsigned char *dgst, int dgstlen, -+ const ECDSA_SIG *sig, EC_KEY *eckey, -+ unsigned int fc, int len) -+{ -+ unsigned char param[S390X_SIZE_PARAM]; -+ int rc = -1; -+ BN_CTX *ctx; -+ BIGNUM *x, *y; -+ const EC_GROUP *group; -+ const EC_POINT *pubkey; -+ int off; -+ -+ group = EC_KEY_get0_group(eckey); -+ pubkey = EC_KEY_get0_public_key(eckey); -+ if (eckey == NULL || group == NULL || pubkey == NULL || sig == NULL) { -+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, EC_R_MISSING_PARAMETERS); -+ return -1; -+ } -+ -+ if (!EC_KEY_can_sign(eckey)) { -+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, -+ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); -+ return -1; -+ } -+ -+ ctx = BN_CTX_new(); -+ if (ctx == NULL) { -+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, ERR_R_MALLOC_FAILURE); -+ return -1; -+ } -+ -+ BN_CTX_start(ctx); -+ -+ x = BN_CTX_get(ctx); -+ y = BN_CTX_get(ctx); -+ if (x == NULL || y == NULL) { -+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, ERR_R_MALLOC_FAILURE); -+ goto ret; -+ } -+ -+ memset(param, 0, sizeof(param)); -+ off = len - (dgstlen > len ? len : dgstlen); -+ memcpy(param + S390X_OFF_H(len) + off, dgst, len - off); -+ -+ if (group->meth->point_get_affine_coordinates(group, pubkey, -+ x, y, ctx) != 1 -+ || BN_bn2binpad(sig->r, param + S390X_OFF_R(len), len) == -1 -+ || BN_bn2binpad(sig->s, param + S390X_OFF_S(len), len) == -1 -+ || BN_bn2binpad(x, param + S390X_OFF_X(len), len) == -1 -+ || BN_bn2binpad(y, param + S390X_OFF_Y(len), len) == -1) { -+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, ERR_R_BN_LIB); -+ goto ret; -+ } -+ -+ rc = s390x_kdsa(fc, param, NULL, 0) == 0 ? 1 : 0; -+ret: -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ return rc; -+} -+ -+#define EC_GFP_S390X_NISTP_METHOD(bits) \ -+ \ -+static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \ -+ EC_POINT *r, \ -+ const BIGNUM *scalar, \ -+ size_t num, \ -+ const EC_POINT *points[], \ -+ const BIGNUM *scalars[], \ -+ BN_CTX *ctx) \ -+{ \ -+ return ec_GFp_s390x_nistp_mul(group, r, scalar, num, points, \ -+ scalars, ctx, \ -+ S390X_SCALAR_MULTIPLY_P##bits, \ -+ S390X_SIZE_P##bits); \ -+} \ -+ \ -+static ECDSA_SIG *ecdsa_s390x_nistp##bits##_sign_sig(const unsigned \ -+ char *dgst, \ -+ int dgstlen, \ -+ const BIGNUM *kinv,\ -+ const BIGNUM *r, \ -+ EC_KEY *eckey) \ -+{ \ -+ return ecdsa_s390x_nistp_sign_sig(dgst, dgstlen, kinv, r, eckey, \ -+ S390X_ECDSA_SIGN_P##bits, \ -+ S390X_SIZE_P##bits); \ -+} \ -+ \ -+static int ecdsa_s390x_nistp##bits##_verify_sig(const \ -+ unsigned char *dgst, \ -+ int dgstlen, \ -+ const ECDSA_SIG *sig, \ -+ EC_KEY *eckey) \ -+{ \ -+ return ecdsa_s390x_nistp_verify_sig(dgst, dgstlen, sig, eckey, \ -+ S390X_ECDSA_VERIFY_P##bits, \ -+ S390X_SIZE_P##bits); \ -+} \ -+ \ -+const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \ -+{ \ -+ static const EC_METHOD EC_GFp_s390x_nistp##bits##_meth = { \ -+ EC_FLAGS_DEFAULT_OCT, \ -+ NID_X9_62_prime_field, \ -+ ec_GFp_simple_group_init, \ -+ ec_GFp_simple_group_finish, \ -+ ec_GFp_simple_group_clear_finish, \ -+ ec_GFp_simple_group_copy, \ -+ ec_GFp_simple_group_set_curve, \ -+ ec_GFp_simple_group_get_curve, \ -+ ec_GFp_simple_group_get_degree, \ -+ ec_group_simple_order_bits, \ -+ ec_GFp_simple_group_check_discriminant, \ -+ ec_GFp_simple_point_init, \ -+ ec_GFp_simple_point_finish, \ -+ ec_GFp_simple_point_clear_finish, \ -+ ec_GFp_simple_point_copy, \ -+ ec_GFp_simple_point_set_to_infinity, \ -+ ec_GFp_simple_set_Jprojective_coordinates_GFp, \ -+ ec_GFp_simple_get_Jprojective_coordinates_GFp, \ -+ ec_GFp_simple_point_set_affine_coordinates, \ -+ ec_GFp_simple_point_get_affine_coordinates, \ -+ NULL, /* point_set_compressed_coordinates */ \ -+ NULL, /* point2oct */ \ -+ NULL, /* oct2point */ \ -+ ec_GFp_simple_add, \ -+ ec_GFp_simple_dbl, \ -+ ec_GFp_simple_invert, \ -+ ec_GFp_simple_is_at_infinity, \ -+ ec_GFp_simple_is_on_curve, \ -+ ec_GFp_simple_cmp, \ -+ ec_GFp_simple_make_affine, \ -+ ec_GFp_simple_points_make_affine, \ -+ ec_GFp_s390x_nistp##bits##_mul, \ -+ NULL, /* precompute_mult */ \ -+ NULL, /* have_precompute_mult */ \ -+ ec_GFp_simple_field_mul, \ -+ ec_GFp_simple_field_sqr, \ -+ NULL, /* field_div */ \ -+ ec_GFp_simple_field_inv, \ -+ NULL, /* field_encode */ \ -+ NULL, /* field_decode */ \ -+ NULL, /* field_set_to_one */ \ -+ ec_key_simple_priv2oct, \ -+ ec_key_simple_oct2priv, \ -+ NULL, /* set_private */ \ -+ ec_key_simple_generate_key, \ -+ ec_key_simple_check_key, \ -+ ec_key_simple_generate_public_key, \ -+ NULL, /* keycopy */ \ -+ NULL, /* keyfinish */ \ -+ ecdh_simple_compute_key, \ -+ ecdsa_simple_sign_setup, \ -+ ecdsa_s390x_nistp##bits##_sign_sig, \ -+ ecdsa_s390x_nistp##bits##_verify_sig, \ -+ NULL, /* field_inverse_mod_ord */ \ -+ ec_GFp_simple_blind_coordinates, \ -+ ec_GFp_simple_ladder_pre, \ -+ ec_GFp_simple_ladder_step, \ -+ ec_GFp_simple_ladder_post \ -+ }; \ -+ static const EC_METHOD *ret; \ -+ \ -+ if ((OPENSSL_s390xcap_P.pcc[1] \ -+ & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P##bits)) \ -+ && (OPENSSL_s390xcap_P.kdsa[0] \ -+ & S390X_CAPBIT(S390X_ECDSA_VERIFY_P##bits)) \ -+ && (OPENSSL_s390xcap_P.kdsa[0] \ -+ & S390X_CAPBIT(S390X_ECDSA_SIGN_P##bits))) \ -+ ret = &EC_GFp_s390x_nistp##bits##_meth; \ -+ else \ -+ ret = EC_GFp_mont_method(); \ -+ \ -+ return ret; \ -+} -+ -+EC_GFP_S390X_NISTP_METHOD(256) -+EC_GFP_S390X_NISTP_METHOD(384) -+EC_GFP_S390X_NISTP_METHOD(521) -diff -up openssl-1.1.1g/crypto/ec/ecp_smpl.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecp_smpl.c ---- openssl-1.1.1g/crypto/ec/ecp_smpl.c.s390x-ecc 2020-05-18 12:45:40.769233514 +0200 -+++ openssl-1.1.1g/crypto/ec/ecp_smpl.c 2020-05-18 12:45:44.572266566 +0200 -@@ -64,6 +64,9 @@ const EC_METHOD *EC_GFp_simple_method(vo - 0, /* keycopy */ - 0, /* keyfinish */ - ecdh_simple_compute_key, -+ ecdsa_simple_sign_setup, -+ ecdsa_simple_sign_sig, -+ ecdsa_simple_verify_sig, - 0, /* field_inverse_mod_ord */ - ec_GFp_simple_blind_coordinates, - ec_GFp_simple_ladder_pre, -diff -up openssl-1.1.1g/crypto/ec/ecx_meth.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecx_meth.c ---- openssl-1.1.1g/crypto/ec/ecx_meth.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/ec/ecx_meth.c 2020-05-18 12:45:44.573266575 +0200 -@@ -20,6 +20,7 @@ - #define X25519_BITS 253 - #define X25519_SECURITY_BITS 128 - -+#define ED25519_KEYLEN 32 - #define ED25519_SIGSIZE 64 - - #define X448_BITS 448 -@@ -839,3 +840,666 @@ const EVP_PKEY_METHOD ed448_pkey_meth = - pkey_ecd_digestsign448, - pkey_ecd_digestverify448 - }; -+ -+#ifdef S390X_EC_ASM -+# include "s390x_arch.h" -+# include "internal/constant_time.h" -+ -+static void s390x_x25519_mod_p(unsigned char u[32]) -+{ -+ unsigned char u_red[32]; -+ unsigned int c = 0; -+ int i; -+ -+ memcpy(u_red, u, sizeof(u_red)); -+ -+ c += (unsigned int)u_red[31] + 19; -+ u_red[31] = (unsigned char)c; -+ c >>= 8; -+ -+ for (i = 30; i >= 0; i--) { -+ c += (unsigned int)u_red[i]; -+ u_red[i] = (unsigned char)c; -+ c >>= 8; -+ } -+ -+ c = (u_red[0] & 0x80) >> 7; -+ u_red[0] &= 0x7f; -+ constant_time_cond_swap_buff(0 - (unsigned char)c, -+ u, u_red, sizeof(u_red)); -+} -+ -+static void s390x_x448_mod_p(unsigned char u[56]) -+{ -+ unsigned char u_red[56]; -+ unsigned int c = 0; -+ int i; -+ -+ memcpy(u_red, u, sizeof(u_red)); -+ -+ c += (unsigned int)u_red[55] + 1; -+ u_red[55] = (unsigned char)c; -+ c >>= 8; -+ -+ for (i = 54; i >= 28; i--) { -+ c += (unsigned int)u_red[i]; -+ u_red[i] = (unsigned char)c; -+ c >>= 8; -+ } -+ -+ c += (unsigned int)u_red[27] + 1; -+ u_red[27] = (unsigned char)c; -+ c >>= 8; -+ -+ for (i = 26; i >= 0; i--) { -+ c += (unsigned int)u_red[i]; -+ u_red[i] = (unsigned char)c; -+ c >>= 8; -+ } -+ -+ constant_time_cond_swap_buff(0 - (unsigned char)c, -+ u, u_red, sizeof(u_red)); -+} -+ -+static int s390x_x25519_mul(unsigned char u_dst[32], -+ const unsigned char u_src[32], -+ const unsigned char d_src[32]) -+{ -+ union { -+ struct { -+ unsigned char u_dst[32]; -+ unsigned char u_src[32]; -+ unsigned char d_src[32]; -+ } x25519; -+ unsigned long long buff[512]; -+ } param; -+ int rc; -+ -+ memset(¶m, 0, sizeof(param)); -+ -+ s390x_flip_endian32(param.x25519.u_src, u_src); -+ param.x25519.u_src[0] &= 0x7f; -+ s390x_x25519_mod_p(param.x25519.u_src); -+ -+ s390x_flip_endian32(param.x25519.d_src, d_src); -+ param.x25519.d_src[31] &= 248; -+ param.x25519.d_src[0] &= 127; -+ param.x25519.d_src[0] |= 64; -+ -+ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_X25519, ¶m.x25519) ? 0 : 1; -+ if (rc == 1) -+ s390x_flip_endian32(u_dst, param.x25519.u_dst); -+ -+ OPENSSL_cleanse(param.x25519.d_src, sizeof(param.x25519.d_src)); -+ return rc; -+} -+ -+static int s390x_x448_mul(unsigned char u_dst[56], -+ const unsigned char u_src[56], -+ const unsigned char d_src[56]) -+{ -+ union { -+ struct { -+ unsigned char u_dst[64]; -+ unsigned char u_src[64]; -+ unsigned char d_src[64]; -+ } x448; -+ unsigned long long buff[512]; -+ } param; -+ int rc; -+ -+ memset(¶m, 0, sizeof(param)); -+ -+ memcpy(param.x448.u_src, u_src, 56); -+ memcpy(param.x448.d_src, d_src, 56); -+ -+ s390x_flip_endian64(param.x448.u_src, param.x448.u_src); -+ s390x_x448_mod_p(param.x448.u_src + 8); -+ -+ s390x_flip_endian64(param.x448.d_src, param.x448.d_src); -+ param.x448.d_src[63] &= 252; -+ param.x448.d_src[8] |= 128; -+ -+ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_X448, ¶m.x448) ? 0 : 1; -+ if (rc == 1) { -+ s390x_flip_endian64(param.x448.u_dst, param.x448.u_dst); -+ memcpy(u_dst, param.x448.u_dst, 56); -+ } -+ -+ OPENSSL_cleanse(param.x448.d_src, sizeof(param.x448.d_src)); -+ return rc; -+} -+ -+static int s390x_ed25519_mul(unsigned char x_dst[32], -+ unsigned char y_dst[32], -+ const unsigned char x_src[32], -+ const unsigned char y_src[32], -+ const unsigned char d_src[32]) -+{ -+ union { -+ struct { -+ unsigned char x_dst[32]; -+ unsigned char y_dst[32]; -+ unsigned char x_src[32]; -+ unsigned char y_src[32]; -+ unsigned char d_src[32]; -+ } ed25519; -+ unsigned long long buff[512]; -+ } param; -+ int rc; -+ -+ memset(¶m, 0, sizeof(param)); -+ -+ s390x_flip_endian32(param.ed25519.x_src, x_src); -+ s390x_flip_endian32(param.ed25519.y_src, y_src); -+ s390x_flip_endian32(param.ed25519.d_src, d_src); -+ -+ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_ED25519, ¶m.ed25519) ? 0 : 1; -+ if (rc == 1) { -+ s390x_flip_endian32(x_dst, param.ed25519.x_dst); -+ s390x_flip_endian32(y_dst, param.ed25519.y_dst); -+ } -+ -+ OPENSSL_cleanse(param.ed25519.d_src, sizeof(param.ed25519.d_src)); -+ return rc; -+} -+ -+static int s390x_ed448_mul(unsigned char x_dst[57], -+ unsigned char y_dst[57], -+ const unsigned char x_src[57], -+ const unsigned char y_src[57], -+ const unsigned char d_src[57]) -+{ -+ union { -+ struct { -+ unsigned char x_dst[64]; -+ unsigned char y_dst[64]; -+ unsigned char x_src[64]; -+ unsigned char y_src[64]; -+ unsigned char d_src[64]; -+ } ed448; -+ unsigned long long buff[512]; -+ } param; -+ int rc; -+ -+ memset(¶m, 0, sizeof(param)); -+ -+ memcpy(param.ed448.x_src, x_src, 57); -+ memcpy(param.ed448.y_src, y_src, 57); -+ memcpy(param.ed448.d_src, d_src, 57); -+ s390x_flip_endian64(param.ed448.x_src, param.ed448.x_src); -+ s390x_flip_endian64(param.ed448.y_src, param.ed448.y_src); -+ s390x_flip_endian64(param.ed448.d_src, param.ed448.d_src); -+ -+ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_ED448, ¶m.ed448) ? 0 : 1; -+ if (rc == 1) { -+ s390x_flip_endian64(param.ed448.x_dst, param.ed448.x_dst); -+ s390x_flip_endian64(param.ed448.y_dst, param.ed448.y_dst); -+ memcpy(x_dst, param.ed448.x_dst, 57); -+ memcpy(y_dst, param.ed448.y_dst, 57); -+ } -+ -+ OPENSSL_cleanse(param.ed448.d_src, sizeof(param.ed448.d_src)); -+ return rc; -+} -+ -+static int s390x_pkey_ecx_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -+{ -+ static const unsigned char generator[] = { -+ 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -+ }; -+ ECX_KEY *key; -+ unsigned char *privkey = NULL, *pubkey; -+ -+ key = OPENSSL_zalloc(sizeof(*key)); -+ if (key == NULL) { -+ ECerr(EC_F_S390X_PKEY_ECX_KEYGEN25519, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ pubkey = key->pubkey; -+ -+ privkey = key->privkey = OPENSSL_secure_malloc(X25519_KEYLEN); -+ if (privkey == NULL) { -+ ECerr(EC_F_S390X_PKEY_ECX_KEYGEN25519, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (RAND_priv_bytes(privkey, X25519_KEYLEN) <= 0) -+ goto err; -+ -+ privkey[0] &= 248; -+ privkey[31] &= 127; -+ privkey[31] |= 64; -+ -+ if (s390x_x25519_mul(pubkey, generator, privkey) != 1) -+ goto err; -+ -+ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); -+ return 1; -+ err: -+ OPENSSL_secure_clear_free(privkey, X25519_KEYLEN); -+ key->privkey = NULL; -+ OPENSSL_free(key); -+ return 0; -+} -+ -+static int s390x_pkey_ecx_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -+{ -+ static const unsigned char generator[] = { -+ 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -+ }; -+ ECX_KEY *key; -+ unsigned char *privkey = NULL, *pubkey; -+ -+ key = OPENSSL_zalloc(sizeof(*key)); -+ if (key == NULL) { -+ ECerr(EC_F_S390X_PKEY_ECX_KEYGEN448, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ pubkey = key->pubkey; -+ -+ privkey = key->privkey = OPENSSL_secure_malloc(X448_KEYLEN); -+ if (privkey == NULL) { -+ ECerr(EC_F_S390X_PKEY_ECX_KEYGEN448, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (RAND_priv_bytes(privkey, X448_KEYLEN) <= 0) -+ goto err; -+ -+ privkey[0] &= 252; -+ privkey[55] |= 128; -+ -+ if (s390x_x448_mul(pubkey, generator, privkey) != 1) -+ goto err; -+ -+ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); -+ return 1; -+ err: -+ OPENSSL_secure_clear_free(privkey, X448_KEYLEN); -+ key->privkey = NULL; -+ OPENSSL_free(key); -+ return 0; -+} -+ -+static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -+{ -+ static const unsigned char generator_x[] = { -+ 0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, -+ 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, -+ 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21 -+ }; -+ static const unsigned char generator_y[] = { -+ 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, -+ 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, -+ 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, -+ }; -+ unsigned char x_dst[32], buff[SHA512_DIGEST_LENGTH]; -+ ECX_KEY *key; -+ unsigned char *privkey = NULL, *pubkey; -+ -+ key = OPENSSL_zalloc(sizeof(*key)); -+ if (key == NULL) { -+ ECerr(EC_F_S390X_PKEY_ECD_KEYGEN25519, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ pubkey = key->pubkey; -+ -+ privkey = key->privkey = OPENSSL_secure_malloc(ED25519_KEYLEN); -+ if (privkey == NULL) { -+ ECerr(EC_F_S390X_PKEY_ECD_KEYGEN25519, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (RAND_priv_bytes(privkey, ED25519_KEYLEN) <= 0) -+ goto err; -+ -+ SHA512(privkey, 32, buff); -+ buff[0] &= 248; -+ buff[31] &= 63; -+ buff[31] |= 64; -+ -+ if (s390x_ed25519_mul(x_dst, pubkey, -+ generator_x, generator_y, buff) != 1) -+ goto err; -+ -+ pubkey[31] |= ((x_dst[0] & 0x01) << 7); -+ -+ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); -+ return 1; -+ err: -+ OPENSSL_secure_clear_free(privkey, ED25519_KEYLEN); -+ key->privkey = NULL; -+ OPENSSL_free(key); -+ return 0; -+} -+ -+static int s390x_pkey_ecd_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -+{ -+ static const unsigned char generator_x[] = { -+ 0x5e, 0xc0, 0x0c, 0xc7, 0x2b, 0xa8, 0x26, 0x26, 0x8e, 0x93, 0x00, 0x8b, -+ 0xe1, 0x80, 0x3b, 0x43, 0x11, 0x65, 0xb6, 0x2a, 0xf7, 0x1a, 0xae, 0x12, -+ 0x64, 0xa4, 0xd3, 0xa3, 0x24, 0xe3, 0x6d, 0xea, 0x67, 0x17, 0x0f, 0x47, -+ 0x70, 0x65, 0x14, 0x9e, 0xda, 0x36, 0xbf, 0x22, 0xa6, 0x15, 0x1d, 0x22, -+ 0xed, 0x0d, 0xed, 0x6b, 0xc6, 0x70, 0x19, 0x4f, 0x00 -+ }; -+ static const unsigned char generator_y[] = { -+ 0x14, 0xfa, 0x30, 0xf2, 0x5b, 0x79, 0x08, 0x98, 0xad, 0xc8, 0xd7, 0x4e, -+ 0x2c, 0x13, 0xbd, 0xfd, 0xc4, 0x39, 0x7c, 0xe6, 0x1c, 0xff, 0xd3, 0x3a, -+ 0xd7, 0xc2, 0xa0, 0x05, 0x1e, 0x9c, 0x78, 0x87, 0x40, 0x98, 0xa3, 0x6c, -+ 0x73, 0x73, 0xea, 0x4b, 0x62, 0xc7, 0xc9, 0x56, 0x37, 0x20, 0x76, 0x88, -+ 0x24, 0xbc, 0xb6, 0x6e, 0x71, 0x46, 0x3f, 0x69, 0x00 -+ }; -+ unsigned char x_dst[57], buff[114]; -+ ECX_KEY *key; -+ unsigned char *privkey = NULL, *pubkey; -+ EVP_MD_CTX *hashctx = NULL; -+ -+ key = OPENSSL_zalloc(sizeof(*key)); -+ if (key == NULL) { -+ ECerr(EC_F_S390X_PKEY_ECD_KEYGEN448, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ pubkey = key->pubkey; -+ -+ privkey = key->privkey = OPENSSL_secure_malloc(ED448_KEYLEN); -+ if (privkey == NULL) { -+ ECerr(EC_F_S390X_PKEY_ECD_KEYGEN448, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ -+ if (RAND_priv_bytes(privkey, ED448_KEYLEN) <= 0) -+ goto err; -+ -+ hashctx = EVP_MD_CTX_new(); -+ if (hashctx == NULL) -+ goto err; -+ if (EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL) != 1) -+ goto err; -+ if (EVP_DigestUpdate(hashctx, privkey, 57) != 1) -+ goto err; -+ if (EVP_DigestFinalXOF(hashctx, buff, sizeof(buff)) != 1) -+ goto err; -+ -+ buff[0] &= -4; -+ buff[55] |= 0x80; -+ buff[56] = 0; -+ -+ if (s390x_ed448_mul(x_dst, pubkey, -+ generator_x, generator_y, buff) != 1) -+ goto err; -+ -+ pubkey[56] |= ((x_dst[0] & 0x01) << 7); -+ -+ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); -+ EVP_MD_CTX_free(hashctx); -+ return 1; -+ err: -+ OPENSSL_secure_clear_free(privkey, ED448_KEYLEN); -+ key->privkey = NULL; -+ OPENSSL_free(key); -+ EVP_MD_CTX_free(hashctx); -+ return 0; -+} -+ -+static int s390x_pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key, -+ size_t *keylen) -+{ -+ const unsigned char *privkey, *pubkey; -+ -+ if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)) -+ return 0; -+ -+ if (key != NULL) -+ return s390x_x25519_mul(key, pubkey, privkey); -+ -+ *keylen = X25519_KEYLEN; -+ return 1; -+} -+ -+static int s390x_pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key, -+ size_t *keylen) -+{ -+ const unsigned char *privkey, *pubkey; -+ -+ if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)) -+ return 0; -+ -+ if (key != NULL) -+ return s390x_x448_mul(key, pubkey, privkey); -+ -+ *keylen = X448_KEYLEN; -+ return 1; -+} -+ -+static int s390x_pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, -+ unsigned char *sig, size_t *siglen, -+ const unsigned char *tbs, -+ size_t tbslen) -+{ -+ union { -+ struct { -+ unsigned char sig[64]; -+ unsigned char priv[32]; -+ } ed25519; -+ unsigned long long buff[512]; -+ } param; -+ const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; -+ int rc; -+ -+ if (sig == NULL) { -+ *siglen = ED25519_SIGSIZE; -+ return 1; -+ } -+ -+ if (*siglen < ED25519_SIGSIZE) { -+ ECerr(EC_F_S390X_PKEY_ECD_DIGESTSIGN25519, EC_R_BUFFER_TOO_SMALL); -+ return 0; -+ } -+ -+ memset(¶m, 0, sizeof(param)); -+ memcpy(param.ed25519.priv, edkey->privkey, sizeof(param.ed25519.priv)); -+ -+ rc = s390x_kdsa(S390X_EDDSA_SIGN_ED25519, ¶m.ed25519, tbs, tbslen); -+ OPENSSL_cleanse(param.ed25519.priv, sizeof(param.ed25519.priv)); -+ if (rc != 0) -+ return 0; -+ -+ s390x_flip_endian32(sig, param.ed25519.sig); -+ s390x_flip_endian32(sig + 32, param.ed25519.sig + 32); -+ -+ *siglen = ED25519_SIGSIZE; -+ return 1; -+} -+ -+static int s390x_pkey_ecd_digestsign448(EVP_MD_CTX *ctx, -+ unsigned char *sig, size_t *siglen, -+ const unsigned char *tbs, -+ size_t tbslen) -+{ -+ union { -+ struct { -+ unsigned char sig[128]; -+ unsigned char priv[64]; -+ } ed448; -+ unsigned long long buff[512]; -+ } param; -+ const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; -+ int rc; -+ -+ if (sig == NULL) { -+ *siglen = ED448_SIGSIZE; -+ return 1; -+ } -+ -+ if (*siglen < ED448_SIGSIZE) { -+ ECerr(EC_F_S390X_PKEY_ECD_DIGESTSIGN448, EC_R_BUFFER_TOO_SMALL); -+ return 0; -+ } -+ -+ memset(¶m, 0, sizeof(param)); -+ memcpy(param.ed448.priv + 64 - 57, edkey->privkey, 57); -+ -+ rc = s390x_kdsa(S390X_EDDSA_SIGN_ED448, ¶m.ed448, tbs, tbslen); -+ OPENSSL_cleanse(param.ed448.priv, sizeof(param.ed448.priv)); -+ if (rc != 0) -+ return 0; -+ -+ s390x_flip_endian64(param.ed448.sig, param.ed448.sig); -+ s390x_flip_endian64(param.ed448.sig + 64, param.ed448.sig + 64); -+ memcpy(sig, param.ed448.sig, 57); -+ memcpy(sig + 57, param.ed448.sig + 64, 57); -+ -+ *siglen = ED448_SIGSIZE; -+ return 1; -+} -+ -+static int s390x_pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, -+ const unsigned char *sig, -+ size_t siglen, -+ const unsigned char *tbs, -+ size_t tbslen) -+{ -+ union { -+ struct { -+ unsigned char sig[64]; -+ unsigned char pub[32]; -+ } ed25519; -+ unsigned long long buff[512]; -+ } param; -+ const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; -+ -+ if (siglen != ED25519_SIGSIZE) -+ return 0; -+ -+ memset(¶m, 0, sizeof(param)); -+ s390x_flip_endian32(param.ed25519.sig, sig); -+ s390x_flip_endian32(param.ed25519.sig + 32, sig + 32); -+ s390x_flip_endian32(param.ed25519.pub, edkey->pubkey); -+ -+ return s390x_kdsa(S390X_EDDSA_VERIFY_ED25519, -+ ¶m.ed25519, tbs, tbslen) == 0 ? 1 : 0; -+} -+ -+static int s390x_pkey_ecd_digestverify448(EVP_MD_CTX *ctx, -+ const unsigned char *sig, -+ size_t siglen, -+ const unsigned char *tbs, -+ size_t tbslen) -+{ -+ union { -+ struct { -+ unsigned char sig[128]; -+ unsigned char pub[64]; -+ } ed448; -+ unsigned long long buff[512]; -+ } param; -+ const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; -+ -+ if (siglen != ED448_SIGSIZE) -+ return 0; -+ -+ memset(¶m, 0, sizeof(param)); -+ memcpy(param.ed448.sig, sig, 57); -+ s390x_flip_endian64(param.ed448.sig, param.ed448.sig); -+ memcpy(param.ed448.sig + 64, sig + 57, 57); -+ s390x_flip_endian64(param.ed448.sig + 64, param.ed448.sig + 64); -+ memcpy(param.ed448.pub, edkey->pubkey, 57); -+ s390x_flip_endian64(param.ed448.pub, param.ed448.pub); -+ -+ return s390x_kdsa(S390X_EDDSA_VERIFY_ED448, -+ ¶m.ed448, tbs, tbslen) == 0 ? 1 : 0; -+} -+ -+static const EVP_PKEY_METHOD ecx25519_s390x_pkey_meth = { -+ EVP_PKEY_X25519, -+ 0, 0, 0, 0, 0, 0, 0, -+ s390x_pkey_ecx_keygen25519, -+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -+ s390x_pkey_ecx_derive25519, -+ pkey_ecx_ctrl, -+ 0 -+}; -+ -+static const EVP_PKEY_METHOD ecx448_s390x_pkey_meth = { -+ EVP_PKEY_X448, -+ 0, 0, 0, 0, 0, 0, 0, -+ s390x_pkey_ecx_keygen448, -+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -+ s390x_pkey_ecx_derive448, -+ pkey_ecx_ctrl, -+ 0 -+}; -+static const EVP_PKEY_METHOD ed25519_s390x_pkey_meth = { -+ EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM, -+ 0, 0, 0, 0, 0, 0, -+ s390x_pkey_ecd_keygen25519, -+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -+ pkey_ecd_ctrl, -+ 0, -+ s390x_pkey_ecd_digestsign25519, -+ s390x_pkey_ecd_digestverify25519 -+}; -+ -+static const EVP_PKEY_METHOD ed448_s390x_pkey_meth = { -+ EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM, -+ 0, 0, 0, 0, 0, 0, -+ s390x_pkey_ecd_keygen448, -+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -+ pkey_ecd_ctrl, -+ 0, -+ s390x_pkey_ecd_digestsign448, -+ s390x_pkey_ecd_digestverify448 -+}; -+#endif -+ -+const EVP_PKEY_METHOD *ecx25519_pkey_method(void) -+{ -+#ifdef S390X_EC_ASM -+ if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519)) -+ return &ecx25519_s390x_pkey_meth; -+#endif -+ return &ecx25519_pkey_meth; -+} -+ -+const EVP_PKEY_METHOD *ecx448_pkey_method(void) -+{ -+#ifdef S390X_EC_ASM -+ if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448)) -+ return &ecx448_s390x_pkey_meth; -+#endif -+ return &ecx448_pkey_meth; -+} -+ -+const EVP_PKEY_METHOD *ed25519_pkey_method(void) -+{ -+#ifdef S390X_EC_ASM -+ if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED25519) -+ && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED25519) -+ && OPENSSL_s390xcap_P.kdsa[0] -+ & S390X_CAPBIT(S390X_EDDSA_VERIFY_ED25519)) -+ return &ed25519_s390x_pkey_meth; -+#endif -+ return &ed25519_pkey_meth; -+} -+ -+const EVP_PKEY_METHOD *ed448_pkey_method(void) -+{ -+#ifdef S390X_EC_ASM -+ if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED448) -+ && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED448) -+ && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_VERIFY_ED448)) -+ return &ed448_s390x_pkey_meth; -+#endif -+ return &ed448_pkey_meth; -+} -diff -up openssl-1.1.1g/crypto/err/openssl.txt.s390x-ecc openssl-1.1.1g/crypto/err/openssl.txt ---- openssl-1.1.1g/crypto/err/openssl.txt.s390x-ecc 2020-05-18 12:45:40.834234079 +0200 -+++ openssl-1.1.1g/crypto/err/openssl.txt 2020-05-18 12:45:44.575266592 +0200 -@@ -496,6 +496,11 @@ EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex - EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup - EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new - EC_F_ECDSA_VERIFY:253:ECDSA_verify -+EC_F_ECDSA_SIMPLE_SIGN_SETUP:310:ecdsa_simple_sign_setup -+EC_F_ECDSA_SIMPLE_SIGN_SIG:311:ecdsa_simple_sign_sig -+EC_F_ECDSA_SIMPLE_VERIFY_SIG:312:ecdsa_simple_verify_sig -+EC_F_ECDSA_S390X_NISTP_SIGN_SIG:313:ecdsa_s390x_nistp_sign_sig -+EC_F_ECDSA_S390X_NISTP_VERIFY_SIG:314:ecdsa_s390x_nistp_verify_sig - EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify - EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type - EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode -@@ -657,6 +662,7 @@ EC_F_NISTP521_PRE_COMP_NEW:237:nistp521_ - EC_F_O2I_ECPUBLICKEY:152:o2i_ECPublicKey - EC_F_OLD_EC_PRIV_DECODE:222:old_ec_priv_decode - EC_F_OSSL_ECDH_COMPUTE_KEY:247:ossl_ecdh_compute_key -+EC_F_OSSL_ECDSA_SIGN_SETUP:300:ossl_ecdsa_sign_setup - EC_F_OSSL_ECDSA_SIGN_SIG:249:ossl_ecdsa_sign_sig - EC_F_OSSL_ECDSA_VERIFY_SIG:250:ossl_ecdsa_verify_sig - EC_F_PKEY_ECD_CTRL:271:pkey_ecd_ctrl -@@ -672,6 +678,12 @@ EC_F_PKEY_EC_KDF_DERIVE:283:pkey_ec_kdf_ - EC_F_PKEY_EC_KEYGEN:199:pkey_ec_keygen - EC_F_PKEY_EC_PARAMGEN:219:pkey_ec_paramgen - EC_F_PKEY_EC_SIGN:218:pkey_ec_sign -+EC_F_S390X_PKEY_ECD_DIGESTSIGN25519:303:s390x_pkey_ecd_digestsign25519 -+EC_F_S390X_PKEY_ECD_DIGESTSIGN448:304:s390x_pkey_ecd_digestsign448 -+EC_F_S390X_PKEY_ECD_KEYGEN25519:305:s390x_pkey_ecd_keygen25519 -+EC_F_S390X_PKEY_ECD_KEYGEN448:306:s390x_pkey_ecd_keygen448 -+EC_F_S390X_PKEY_ECX_KEYGEN25519:307:s390x_pkey_ecx_keygen25519 -+EC_F_S390X_PKEY_ECX_KEYGEN448:308:s390x_pkey_ecx_keygen448 - EC_F_VALIDATE_ECX_DERIVE:278:validate_ecx_derive - ENGINE_F_DIGEST_UPDATE:198:digest_update - ENGINE_F_DYNAMIC_CTRL:180:dynamic_ctrl -@@ -2160,6 +2172,7 @@ EC_R_BUFFER_TOO_SMALL:100:buffer too sma - EC_R_CANNOT_INVERT:165:cannot invert - EC_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range - EC_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh -+EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA:170:curve does not support ecdsa - EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing - EC_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure - EC_R_DECODE_ERROR:142:decode error -diff -up openssl-1.1.1g/crypto/evp/pmeth_lib.c.s390x-ecc openssl-1.1.1g/crypto/evp/pmeth_lib.c ---- openssl-1.1.1g/crypto/evp/pmeth_lib.c.s390x-ecc 2020-05-18 12:45:40.787233671 +0200 -+++ openssl-1.1.1g/crypto/evp/pmeth_lib.c 2020-05-18 12:45:44.576266601 +0200 -@@ -17,60 +17,67 @@ - #include "crypto/evp.h" - #include "internal/numbers.h" - -+typedef const EVP_PKEY_METHOD *(*pmeth_fn)(void); - typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); - - static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; - - /* This array needs to be in order of NIDs */ --static const EVP_PKEY_METHOD *standard_methods[] = { -+static pmeth_fn standard_methods[] = { - #ifndef OPENSSL_NO_RSA -- &rsa_pkey_meth, -+ rsa_pkey_method, - #endif - #ifndef OPENSSL_NO_DH -- &dh_pkey_meth, -+ dh_pkey_method, - #endif - #ifndef OPENSSL_NO_DSA -- &dsa_pkey_meth, -+ dsa_pkey_method, - #endif - #ifndef OPENSSL_NO_EC -- &ec_pkey_meth, -+ ec_pkey_method, - #endif -- &hmac_pkey_meth, -+ hmac_pkey_method, - #ifndef OPENSSL_NO_CMAC -- &cmac_pkey_meth, -+ cmac_pkey_method, - #endif - #ifndef OPENSSL_NO_RSA -- &rsa_pss_pkey_meth, -+ rsa_pss_pkey_method, - #endif - #ifndef OPENSSL_NO_DH -- &dhx_pkey_meth, -+ dhx_pkey_method, - #endif - #ifndef OPENSSL_NO_SCRYPT -- &scrypt_pkey_meth, -+ scrypt_pkey_method, - #endif -- &tls1_prf_pkey_meth, -+ tls1_prf_pkey_method, - #ifndef OPENSSL_NO_EC -- &ecx25519_pkey_meth, -- &ecx448_pkey_meth, -+ ecx25519_pkey_method, -+ ecx448_pkey_method, - #endif -- &hkdf_pkey_meth, -+ hkdf_pkey_method, - #ifndef OPENSSL_NO_POLY1305 -- &poly1305_pkey_meth, -+ poly1305_pkey_method, - #endif - #ifndef OPENSSL_NO_SIPHASH -- &siphash_pkey_meth, -+ siphash_pkey_method, - #endif - #ifndef OPENSSL_NO_EC -- &ed25519_pkey_meth, -- &ed448_pkey_meth, -+ ed25519_pkey_method, -+ ed448_pkey_method, - #endif - #ifndef OPENSSL_NO_SM2 -- &sm2_pkey_meth, -+ sm2_pkey_method, - #endif - }; - --DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, -- pmeth); -+DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func); -+ -+static int pmeth_func_cmp(const EVP_PKEY_METHOD *const *a, pmeth_fn const *b) -+{ -+ return ((*a)->pkey_id - ((**b)())->pkey_id); -+} -+ -+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func); - - static int pmeth_cmp(const EVP_PKEY_METHOD *const *a, - const EVP_PKEY_METHOD *const *b) -@@ -78,13 +85,11 @@ static int pmeth_cmp(const EVP_PKEY_METH - return ((*a)->pkey_id - (*b)->pkey_id); - } - --IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, -- pmeth); -- - const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type) - { -+ pmeth_fn *ret; - EVP_PKEY_METHOD tmp; -- const EVP_PKEY_METHOD *t = &tmp, **ret; -+ const EVP_PKEY_METHOD *t = &tmp; - tmp.pkey_id = type; - if (app_pkey_methods) { - int idx; -@@ -92,12 +97,12 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_fin - if (idx >= 0) - return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx); - } -- ret = OBJ_bsearch_pmeth(&t, standard_methods, -- sizeof(standard_methods) / -- sizeof(EVP_PKEY_METHOD *)); -+ ret = OBJ_bsearch_pmeth_func(&t, standard_methods, -+ sizeof(standard_methods) / -+ sizeof(pmeth_fn)); - if (!ret || !*ret) - return NULL; -- return *ret; -+ return (**ret)(); - } - - static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) -@@ -348,7 +353,7 @@ size_t EVP_PKEY_meth_get_count(void) - const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx) - { - if (idx < OSSL_NELEM(standard_methods)) -- return standard_methods[idx]; -+ return (standard_methods[idx])(); - if (app_pkey_methods == NULL) - return NULL; - idx -= OSSL_NELEM(standard_methods); -diff -up openssl-1.1.1g/crypto/hmac/hm_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/hmac/hm_pmeth.c ---- openssl-1.1.1g/crypto/hmac/hm_pmeth.c.s390x-ecc 2020-05-18 12:45:40.796233749 +0200 -+++ openssl-1.1.1g/crypto/hmac/hm_pmeth.c 2020-05-18 12:45:44.576266601 +0200 -@@ -210,3 +210,8 @@ const EVP_PKEY_METHOD hmac_pkey_meth = { - pkey_hmac_ctrl, - pkey_hmac_ctrl_str - }; -+ -+const EVP_PKEY_METHOD *hmac_pkey_method(void) -+{ -+ return &hmac_pkey_meth; -+} -diff -up openssl-1.1.1g/crypto/kdf/hkdf.c.s390x-ecc openssl-1.1.1g/crypto/kdf/hkdf.c ---- openssl-1.1.1g/crypto/kdf/hkdf.c.s390x-ecc 2020-05-18 12:45:40.826234009 +0200 -+++ openssl-1.1.1g/crypto/kdf/hkdf.c 2020-05-18 12:45:44.577266609 +0200 -@@ -233,6 +233,11 @@ const EVP_KDF_METHOD hkdf_kdf_meth = { - kdf_hkdf_derive - }; - -+const EVP_PKEY_METHOD *hkdf_pkey_method(void) -+{ -+ return &hkdf_pkey_meth; -+} -+ - static int HKDF(const EVP_MD *evp_md, - const unsigned char *salt, size_t salt_len, - const unsigned char *key, size_t key_len, -diff -up openssl-1.1.1g/crypto/kdf/scrypt.c.s390x-ecc openssl-1.1.1g/crypto/kdf/scrypt.c ---- openssl-1.1.1g/crypto/kdf/scrypt.c.s390x-ecc 2020-05-18 12:45:40.827234018 +0200 -+++ openssl-1.1.1g/crypto/kdf/scrypt.c 2020-05-18 12:45:44.578266618 +0200 -@@ -504,4 +504,9 @@ static int scrypt_alg(const char *pass, - return rv; - } - -+const EVP_PKEY_METHOD *scrypt_pkey_method(void) -+{ -+ return &scrypt_pkey_meth; -+} -+ - #endif -diff -up openssl-1.1.1g/crypto/kdf/tls1_prf.c.s390x-ecc openssl-1.1.1g/crypto/kdf/tls1_prf.c ---- openssl-1.1.1g/crypto/kdf/tls1_prf.c.s390x-ecc 2020-05-18 12:45:40.828234027 +0200 -+++ openssl-1.1.1g/crypto/kdf/tls1_prf.c 2020-05-18 12:45:44.578266618 +0200 -@@ -168,6 +168,11 @@ const EVP_KDF_METHOD tls1_prf_kdf_meth = - kdf_tls1_prf_derive - }; - -+const EVP_PKEY_METHOD *tls1_prf_pkey_method(void) -+{ -+ return &tls1_prf_pkey_meth; -+} -+ - static int tls1_prf_P_hash(const EVP_MD *md, - const unsigned char *sec, size_t sec_len, - const unsigned char *seed, size_t seed_len, -diff -up openssl-1.1.1g/crypto/poly1305/poly1305_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/poly1305/poly1305_pmeth.c ---- openssl-1.1.1g/crypto/poly1305/poly1305_pmeth.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/poly1305/poly1305_pmeth.c 2020-05-18 12:45:44.579266627 +0200 -@@ -192,3 +192,8 @@ const EVP_PKEY_METHOD poly1305_pkey_meth - pkey_poly1305_ctrl, - pkey_poly1305_ctrl_str - }; -+ -+const EVP_PKEY_METHOD *poly1305_pkey_method(void) -+{ -+ return &poly1305_pkey_meth; -+} -diff -up openssl-1.1.1g/crypto/rsa/rsa_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/rsa/rsa_pmeth.c ---- openssl-1.1.1g/crypto/rsa/rsa_pmeth.c.s390x-ecc 2020-05-18 12:45:40.798233766 +0200 -+++ openssl-1.1.1g/crypto/rsa/rsa_pmeth.c 2020-05-18 12:45:44.580266635 +0200 -@@ -789,6 +789,11 @@ const EVP_PKEY_METHOD rsa_pkey_meth = { - pkey_rsa_ctrl_str - }; - -+const EVP_PKEY_METHOD *rsa_pkey_method(void) -+{ -+ return &rsa_pkey_meth; -+} -+ - /* - * Called for PSS sign or verify initialisation: checks PSS parameter - * sanity and sets any restrictions on key usage. -@@ -859,3 +864,8 @@ const EVP_PKEY_METHOD rsa_pss_pkey_meth - pkey_rsa_ctrl, - pkey_rsa_ctrl_str - }; -+ -+const EVP_PKEY_METHOD *rsa_pss_pkey_method(void) -+{ -+ return &rsa_pss_pkey_meth; -+} -diff -up openssl-1.1.1g/crypto/s390x_arch.h.s390x-ecc openssl-1.1.1g/crypto/s390x_arch.h ---- openssl-1.1.1g/crypto/s390x_arch.h.s390x-ecc 2020-05-18 12:45:40.603232072 +0200 -+++ openssl-1.1.1g/crypto/s390x_arch.h 2020-05-18 12:45:44.580266635 +0200 -@@ -26,6 +26,12 @@ void s390x_kmf(const unsigned char *in, - unsigned int fc, void *param); - void s390x_kma(const unsigned char *aad, size_t alen, const unsigned char *in, - size_t len, unsigned char *out, unsigned int fc, void *param); -+int s390x_pcc(unsigned int fc, void *param); -+int s390x_kdsa(unsigned int fc, void *param, const unsigned char *in, -+ size_t len); -+ -+void s390x_flip_endian32(unsigned char dst[32], const unsigned char src[32]); -+void s390x_flip_endian64(unsigned char dst[64], const unsigned char src[64]); - - /* - * The field elements of OPENSSL_s390xcap_P are the 64-bit words returned by -@@ -45,6 +51,8 @@ struct OPENSSL_s390xcap_st { - unsigned long long kmf[2]; - unsigned long long prno[2]; - unsigned long long kma[2]; -+ unsigned long long pcc[2]; -+ unsigned long long kdsa[2]; - }; - - extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; -@@ -66,11 +74,14 @@ extern struct OPENSSL_s390xcap_st OPENSS - # define S390X_KMF 0x90 - # define S390X_PRNO 0xa0 - # define S390X_KMA 0xb0 -+# define S390X_PCC 0xc0 -+# define S390X_KDSA 0xd0 - - /* Facility Bit Numbers */ - # define S390X_VX 129 - # define S390X_VXD 134 - # define S390X_VXE 135 -+# define S390X_MSA9 155 /* message-security-assist-ext. 9 */ - - /* Function Codes */ - -@@ -94,10 +105,32 @@ extern struct OPENSSL_s390xcap_st OPENSS - /* prno */ - # define S390X_TRNG 114 - -+/* pcc */ -+# define S390X_SCALAR_MULTIPLY_P256 64 -+# define S390X_SCALAR_MULTIPLY_P384 65 -+# define S390X_SCALAR_MULTIPLY_P521 66 -+# define S390X_SCALAR_MULTIPLY_ED25519 72 -+# define S390X_SCALAR_MULTIPLY_ED448 73 -+# define S390X_SCALAR_MULTIPLY_X25519 80 -+# define S390X_SCALAR_MULTIPLY_X448 81 -+ -+/* kdsa */ -+# define S390X_ECDSA_VERIFY_P256 1 -+# define S390X_ECDSA_VERIFY_P384 2 -+# define S390X_ECDSA_VERIFY_P521 3 -+# define S390X_ECDSA_SIGN_P256 9 -+# define S390X_ECDSA_SIGN_P384 10 -+# define S390X_ECDSA_SIGN_P521 11 -+# define S390X_EDDSA_VERIFY_ED25519 32 -+# define S390X_EDDSA_VERIFY_ED448 36 -+# define S390X_EDDSA_SIGN_ED25519 40 -+# define S390X_EDDSA_SIGN_ED448 44 -+ - /* Register 0 Flags */ - # define S390X_DECRYPT 0x80 - # define S390X_KMA_LPC 0x100 - # define S390X_KMA_LAAD 0x200 - # define S390X_KMA_HS 0x400 -+# define S390X_KDSA_D 0x80 - - #endif -diff -up openssl-1.1.1g/crypto/s390xcpuid.pl.s390x-ecc openssl-1.1.1g/crypto/s390xcpuid.pl ---- openssl-1.1.1g/crypto/s390xcpuid.pl.s390x-ecc 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/s390xcpuid.pl 2020-05-18 12:45:44.581266644 +0200 -@@ -58,6 +58,10 @@ OPENSSL_s390x_facilities: - stg %r0,S390X_PRNO+8(%r4) - stg %r0,S390X_KMA(%r4) - stg %r0,S390X_KMA+8(%r4) -+ stg %r0,S390X_PCC(%r4) -+ stg %r0,S390X_PCC+8(%r4) -+ stg %r0,S390X_KDSA(%r4) -+ stg %r0,S390X_KDSA+8(%r4) - - .long 0xb2b04000 # stfle 0(%r4) - brc 8,.Ldone -@@ -68,6 +72,7 @@ OPENSSL_s390x_facilities: - .long 0xb2b04000 # stfle 0(%r4) - .Ldone: - lmg %r2,%r3,S390X_STFLE(%r4) -+ - tmhl %r2,0x4000 # check for message-security-assist - jz .Lret - -@@ -91,6 +96,13 @@ OPENSSL_s390x_facilities: - la %r1,S390X_KMAC(%r4) - .long 0xb91e0042 # kmac %r4,%r2 - -+ tmhh %r3,0x0008 # check for message-security-assist-3 -+ jz .Lret -+ -+ lghi %r0,S390X_QUERY # query pcc capability vector -+ la %r1,S390X_PCC(%r4) -+ .long 0xb92c0000 # pcc -+ - tmhh %r3,0x0004 # check for message-security-assist-4 - jz .Lret - -@@ -114,6 +126,7 @@ OPENSSL_s390x_facilities: - .long 0xb93c0042 # prno %r4,%r2 - - lg %r2,S390X_STFLE+16(%r4) -+ - tmhl %r2,0x2000 # check for message-security-assist-8 - jz .Lret - -@@ -121,6 +134,13 @@ OPENSSL_s390x_facilities: - la %r1,S390X_KMA(%r4) - .long 0xb9294022 # kma %r2,%r4,%r2 - -+ tmhl %r2,0x0010 # check for message-security-assist-9 -+ jz .Lret -+ -+ lghi %r0,S390X_QUERY # query kdsa capability vector -+ la %r1,S390X_KDSA(%r4) -+ .long 0xb93a0002 # kdsa %r0,%r2 -+ - .Lret: - br $ra - .size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities -@@ -411,6 +431,113 @@ s390x_kma: - ___ - } - -+################ -+# int s390x_pcc(unsigned int fc, void *param) -+{ -+my ($fc,$param) = map("%r$_",(2..3)); -+$code.=<<___; -+.globl s390x_pcc -+.type s390x_pcc,\@function -+.align 16 -+s390x_pcc: -+ lr %r0,$fc -+ l${g}r %r1,$param -+ lhi %r2,0 -+ -+ .long 0xb92c0000 # pcc -+ brc 1,.-4 # pay attention to "partial completion" -+ brc 7,.Lpcc_err # if CC==0 return 0, else return 1 -+.Lpcc_out: -+ br $ra -+.Lpcc_err: -+ lhi %r2,1 -+ j .Lpcc_out -+.size s390x_pcc,.-s390x_pcc -+___ -+} -+ -+################ -+# int s390x_kdsa(unsigned int fc, void *param, -+# const unsigned char *in, size_t len) -+{ -+my ($fc,$param,$in,$len) = map("%r$_",(2..5)); -+$code.=<<___; -+.globl s390x_kdsa -+.type s390x_kdsa,\@function -+.align 16 -+s390x_kdsa: -+ lr %r0,$fc -+ l${g}r %r1,$param -+ lhi %r2,0 -+ -+ .long 0xb93a0004 # kdsa %r0,$in -+ brc 1,.-4 # pay attention to "partial completion" -+ brc 7,.Lkdsa_err # if CC==0 return 0, else return 1 -+.Lkdsa_out: -+ br $ra -+.Lkdsa_err: -+ lhi %r2,1 -+ j .Lkdsa_out -+.size s390x_kdsa,.-s390x_kdsa -+___ -+} -+ -+################ -+# void s390x_flip_endian32(unsigned char dst[32], const unsigned char src[32]) -+{ -+my ($dst,$src) = map("%r$_",(2..3)); -+$code.=<<___; -+.globl s390x_flip_endian32 -+.type s390x_flip_endian32,\@function -+.align 16 -+s390x_flip_endian32: -+ lrvg %r0,0(%r0,$src) -+ lrvg %r1,8(%r0,$src) -+ lrvg %r4,16(%r0,$src) -+ lrvg %r5,24(%r0,$src) -+ stg %r0,24(%r0,$dst) -+ stg %r1,16(%r0,$dst) -+ stg %r4,8(%r0,$dst) -+ stg %r5,0(%r0,$dst) -+ br $ra -+.size s390x_flip_endian32,.-s390x_flip_endian32 -+___ -+} -+ -+################ -+# void s390x_flip_endian64(unsigned char dst[64], const unsigned char src[64]) -+{ -+my ($dst,$src) = map("%r$_",(2..3)); -+$code.=<<___; -+.globl s390x_flip_endian64 -+.type s390x_flip_endian64,\@function -+.align 16 -+s390x_flip_endian64: -+ stmg %r6,%r9,6*$SIZE_T($sp) -+ -+ lrvg %r0,0(%r0,$src) -+ lrvg %r1,8(%r0,$src) -+ lrvg %r4,16(%r0,$src) -+ lrvg %r5,24(%r0,$src) -+ lrvg %r6,32(%r0,$src) -+ lrvg %r7,40(%r0,$src) -+ lrvg %r8,48(%r0,$src) -+ lrvg %r9,56(%r0,$src) -+ stg %r0,56(%r0,$dst) -+ stg %r1,48(%r0,$dst) -+ stg %r4,40(%r0,$dst) -+ stg %r5,32(%r0,$dst) -+ stg %r6,24(%r0,$dst) -+ stg %r7,16(%r0,$dst) -+ stg %r8,8(%r0,$dst) -+ stg %r9,0(%r0,$dst) -+ -+ lmg %r6,%r9,6*$SIZE_T($sp) -+ br $ra -+.size s390x_flip_endian64,.-s390x_flip_endian64 -+___ -+} -+ - $code.=<<___; - .section .init - brasl $ra,OPENSSL_cpuid_setup -diff -up openssl-1.1.1g/crypto/siphash/siphash_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/siphash/siphash_pmeth.c ---- openssl-1.1.1g/crypto/siphash/siphash_pmeth.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/siphash/siphash_pmeth.c 2020-05-18 12:45:44.581266644 +0200 -@@ -203,3 +203,8 @@ const EVP_PKEY_METHOD siphash_pkey_meth - pkey_siphash_ctrl, - pkey_siphash_ctrl_str - }; -+ -+const EVP_PKEY_METHOD *siphash_pkey_method(void) -+{ -+ return &siphash_pkey_meth; -+} -diff -up openssl-1.1.1g/crypto/sm2/sm2_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/sm2/sm2_pmeth.c ---- openssl-1.1.1g/crypto/sm2/sm2_pmeth.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/sm2/sm2_pmeth.c 2020-05-18 12:45:44.582266653 +0200 -@@ -327,3 +327,8 @@ const EVP_PKEY_METHOD sm2_pkey_meth = { - - pkey_sm2_digest_custom - }; -+ -+const EVP_PKEY_METHOD *sm2_pkey_method(void) -+{ -+ return &sm2_pkey_meth; -+} -diff -up openssl-1.1.1g/include/crypto/evp.h.s390x-ecc openssl-1.1.1g/include/crypto/evp.h ---- openssl-1.1.1g/include/crypto/evp.h.s390x-ecc 2020-05-18 12:45:40.834234079 +0200 -+++ openssl-1.1.1g/include/crypto/evp.h 2020-05-18 12:45:44.577266609 +0200 -@@ -459,3 +459,22 @@ void evp_encode_ctx_set_flags(EVP_ENCODE - #define EVP_ENCODE_CTX_NO_NEWLINES 1 - /* Use the SRP base64 alphabet instead of the standard one */ - #define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2 -+ -+const EVP_PKEY_METHOD *cmac_pkey_method(void); -+const EVP_PKEY_METHOD *dh_pkey_method(void); -+const EVP_PKEY_METHOD *dhx_pkey_method(void); -+const EVP_PKEY_METHOD *dsa_pkey_method(void); -+const EVP_PKEY_METHOD *ec_pkey_method(void); -+const EVP_PKEY_METHOD *sm2_pkey_method(void); -+const EVP_PKEY_METHOD *ecx25519_pkey_method(void); -+const EVP_PKEY_METHOD *ecx448_pkey_method(void); -+const EVP_PKEY_METHOD *ed25519_pkey_method(void); -+const EVP_PKEY_METHOD *ed448_pkey_method(void); -+const EVP_PKEY_METHOD *hmac_pkey_method(void); -+const EVP_PKEY_METHOD *rsa_pkey_method(void); -+const EVP_PKEY_METHOD *rsa_pss_pkey_method(void); -+const EVP_PKEY_METHOD *scrypt_pkey_method(void); -+const EVP_PKEY_METHOD *tls1_prf_pkey_method(void); -+const EVP_PKEY_METHOD *hkdf_pkey_method(void); -+const EVP_PKEY_METHOD *poly1305_pkey_method(void); -+const EVP_PKEY_METHOD *siphash_pkey_method(void); -diff -up openssl-1.1.1g/include/internal/constant_time.h.s390x-ecc openssl-1.1.1g/include/internal/constant_time.h ---- openssl-1.1.1g/include/internal/constant_time.h.s390x-ecc 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/include/internal/constant_time.h 2020-05-18 12:45:44.582266653 +0200 -@@ -353,6 +353,34 @@ static ossl_inline void constant_time_co - } - - /* -+ * mask must be 0xFF or 0x00. -+ * "constant time" is per len. -+ * -+ * if (mask) { -+ * unsigned char tmp[len]; -+ * -+ * memcpy(tmp, a, len); -+ * memcpy(a, b); -+ * memcpy(b, tmp); -+ * } -+ */ -+static ossl_inline void constant_time_cond_swap_buff(unsigned char mask, -+ unsigned char *a, -+ unsigned char *b, -+ size_t len) -+{ -+ size_t i; -+ unsigned char tmp; -+ -+ for (i = 0; i < len; i++) { -+ tmp = a[i] ^ b[i]; -+ tmp &= mask; -+ a[i] ^= tmp; -+ b[i] ^= tmp; -+ } -+} -+ -+/* - * table is a two dimensional array of bytes. Each row has rowsize elements. - * Copies row number idx into out. rowsize and numrows are not considered - * private. -diff -up openssl-1.1.1g/include/openssl/ecerr.h.s390x-ecc openssl-1.1.1g/include/openssl/ecerr.h ---- openssl-1.1.1g/include/openssl/ecerr.h.s390x-ecc 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/include/openssl/ecerr.h 2020-05-18 12:45:44.583266662 +0200 -@@ -42,6 +42,11 @@ int ERR_load_EC_strings(void); - # define EC_F_ECDSA_SIGN_SETUP 248 - # define EC_F_ECDSA_SIG_NEW 265 - # define EC_F_ECDSA_VERIFY 253 -+# define EC_F_ECDSA_SIMPLE_SIGN_SETUP 310 -+# define EC_F_ECDSA_SIMPLE_SIGN_SIG 311 -+# define EC_F_ECDSA_SIMPLE_VERIFY_SIG 312 -+# define EC_F_ECDSA_S390X_NISTP_SIGN_SIG 313 -+# define EC_F_ECDSA_S390X_NISTP_VERIFY_SIG 314 - # define EC_F_ECD_ITEM_VERIFY 270 - # define EC_F_ECKEY_PARAM2TYPE 223 - # define EC_F_ECKEY_PARAM_DECODE 212 -@@ -185,6 +190,7 @@ int ERR_load_EC_strings(void); - # define EC_F_O2I_ECPUBLICKEY 152 - # define EC_F_OLD_EC_PRIV_DECODE 222 - # define EC_F_OSSL_ECDH_COMPUTE_KEY 247 -+# define EC_F_OSSL_ECDSA_SIGN_SETUP 300 - # define EC_F_OSSL_ECDSA_SIGN_SIG 249 - # define EC_F_OSSL_ECDSA_VERIFY_SIG 250 - # define EC_F_PKEY_ECD_CTRL 271 -@@ -200,6 +206,12 @@ int ERR_load_EC_strings(void); - # define EC_F_PKEY_EC_KEYGEN 199 - # define EC_F_PKEY_EC_PARAMGEN 219 - # define EC_F_PKEY_EC_SIGN 218 -+# define EC_F_S390X_PKEY_ECD_DIGESTSIGN25519 320 -+# define EC_F_S390X_PKEY_ECD_DIGESTSIGN448 321 -+# define EC_F_S390X_PKEY_ECD_KEYGEN25519 322 -+# define EC_F_S390X_PKEY_ECD_KEYGEN448 323 -+# define EC_F_S390X_PKEY_ECX_KEYGEN25519 324 -+# define EC_F_S390X_PKEY_ECX_KEYGEN448 325 - # define EC_F_VALIDATE_ECX_DERIVE 278 - - /* -@@ -212,6 +224,7 @@ int ERR_load_EC_strings(void); - # define EC_R_CANNOT_INVERT 165 - # define EC_R_COORDINATES_OUT_OF_RANGE 146 - # define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 -+# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA 170 - # define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 - # define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 - # define EC_R_DECODE_ERROR 142 -diff -up openssl-1.1.1g/test/recipes/30-test_evp_data/evppkey.txt.s390x-ecc openssl-1.1.1g/test/recipes/30-test_evp_data/evppkey.txt ---- openssl-1.1.1g/test/recipes/30-test_evp_data/evppkey.txt.s390x-ecc 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/test/recipes/30-test_evp_data/evppkey.txt 2020-05-18 12:45:44.590266722 +0200 -@@ -814,6 +814,8 @@ PublicKeyRaw=Bob-448-PUBLIC-Raw:X448:3eb - - PrivPubKeyPair = Bob-448-Raw:Bob-448-PUBLIC-Raw - -+PublicKeyRaw=Bob-448-PUBLIC-Raw-NonCanonical:X448:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff -+ - Derive=Alice-448 - PeerKey=Bob-448-PUBLIC - SharedSecret=07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d -@@ -830,6 +832,11 @@ Derive=Bob-448-Raw - PeerKey=Alice-448-PUBLIC-Raw - SharedSecret=07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d - -+# Self-generated non-canonical -+Derive=Alice-448-Raw -+PeerKey=Bob-448-PUBLIC-Raw-NonCanonical -+SharedSecret=66e2e682b1f8e68c809f1bb3e406bd826921d9c1a5bfbfcbab7ae72feecee63660eabd54934f3382061d17607f581a90bdac917a064959fb -+ - # Illegal sign/verify operations with X448 key - - Sign=Alice-448 diff --git a/openssl-1.1.1-s390x-update.patch b/openssl-1.1.1-s390x-update.patch deleted file mode 100644 index 83061af..0000000 --- a/openssl-1.1.1-s390x-update.patch +++ /dev/null @@ -1,5502 +0,0 @@ -diff -up openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl.s390x-update openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl ---- openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl.s390x-update 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl 2020-03-19 16:45:05.483440129 +0100 -@@ -20,41 +20,53 @@ - # - # 3 times faster than compiler-generated code. - --$flavour = shift; -+# -+# August 2018 -+# -+# Add vx code path: 4x"vertical". -+# -+# Copyright IBM Corp. 2018 -+# Author: Patrick Steuer -+ -+# -+# February 2019 -+# -+# Add 6x"horizontal" VX implementation. It's ~25% faster than IBM's -+# 4x"vertical" submission [on z13] and >3 faster than scalar code. -+# But to harness overheads revert to transliteration of VSX code path -+# from chacha-ppc module, which is also 4x"vertical", to handle inputs -+# not longer than 256 bytes. -+ -+use strict; -+use FindBin qw($Bin); -+use lib "$Bin/../.."; -+use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE); - -+my $flavour = shift; -+ -+my ($z,$SIZE_T); - if ($flavour =~ /3[12]/) { -+ $z=0; # S/390 ABI - $SIZE_T=4; -- $g=""; - } else { -+ $z=1; # zSeries ABI - $SIZE_T=8; -- $g="g"; - } - -+my $output; - while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} --open STDOUT,">$output"; -- --sub AUTOLOAD() # thunk [simplified] x86-style perlasm --{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; -- $code .= "\t$opcode\t".join(',',@_)."\n"; --} - - my $sp="%r15"; -- - my $stdframe=16*$SIZE_T+4*8; --my $frame=$stdframe+4*20; -- --my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6)); - -+sub ROUND { - my @x=map("%r$_",(0..7,"x","x","x","x",(10..13))); - my @t=map("%r$_",(8,9)); -- --sub ROUND { - my ($a0,$b0,$c0,$d0)=@_; - my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); - my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); - my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); --my ($xc,$xc_)=map("\"$_\"",@t); --my @x=map("\"$_\"",@x); -+my ($xc,$xc_)=map("$_",@t); - - # Consider order in which variables are addressed by their - # index: -@@ -78,249 +90,967 @@ my @x=map("\"$_\"",@x); - # 'c' stores and loads in the middle, but none in the beginning - # or end. - -- ( -- "&alr (@x[$a0],@x[$b0])", # Q1 -- "&alr (@x[$a1],@x[$b1])", # Q2 -- "&xr (@x[$d0],@x[$a0])", -- "&xr (@x[$d1],@x[$a1])", -- "&rll (@x[$d0],@x[$d0],16)", -- "&rll (@x[$d1],@x[$d1],16)", -- -- "&alr ($xc,@x[$d0])", -- "&alr ($xc_,@x[$d1])", -- "&xr (@x[$b0],$xc)", -- "&xr (@x[$b1],$xc_)", -- "&rll (@x[$b0],@x[$b0],12)", -- "&rll (@x[$b1],@x[$b1],12)", -- -- "&alr (@x[$a0],@x[$b0])", -- "&alr (@x[$a1],@x[$b1])", -- "&xr (@x[$d0],@x[$a0])", -- "&xr (@x[$d1],@x[$a1])", -- "&rll (@x[$d0],@x[$d0],8)", -- "&rll (@x[$d1],@x[$d1],8)", -- -- "&alr ($xc,@x[$d0])", -- "&alr ($xc_,@x[$d1])", -- "&xr (@x[$b0],$xc)", -- "&xr (@x[$b1],$xc_)", -- "&rll (@x[$b0],@x[$b0],7)", -- "&rll (@x[$b1],@x[$b1],7)", -- -- "&stm ($xc,$xc_,'$stdframe+4*8+4*$c0($sp)')", # reload pair of 'c's -- "&lm ($xc,$xc_,'$stdframe+4*8+4*$c2($sp)')", -- -- "&alr (@x[$a2],@x[$b2])", # Q3 -- "&alr (@x[$a3],@x[$b3])", # Q4 -- "&xr (@x[$d2],@x[$a2])", -- "&xr (@x[$d3],@x[$a3])", -- "&rll (@x[$d2],@x[$d2],16)", -- "&rll (@x[$d3],@x[$d3],16)", -- -- "&alr ($xc,@x[$d2])", -- "&alr ($xc_,@x[$d3])", -- "&xr (@x[$b2],$xc)", -- "&xr (@x[$b3],$xc_)", -- "&rll (@x[$b2],@x[$b2],12)", -- "&rll (@x[$b3],@x[$b3],12)", -- -- "&alr (@x[$a2],@x[$b2])", -- "&alr (@x[$a3],@x[$b3])", -- "&xr (@x[$d2],@x[$a2])", -- "&xr (@x[$d3],@x[$a3])", -- "&rll (@x[$d2],@x[$d2],8)", -- "&rll (@x[$d3],@x[$d3],8)", -- -- "&alr ($xc,@x[$d2])", -- "&alr ($xc_,@x[$d3])", -- "&xr (@x[$b2],$xc)", -- "&xr (@x[$b3],$xc_)", -- "&rll (@x[$b2],@x[$b2],7)", -- "&rll (@x[$b3],@x[$b3],7)" -- ); --} -- --$code.=<<___; --.text -- --.globl ChaCha20_ctr32 --.type ChaCha20_ctr32,\@function --.align 32 --ChaCha20_ctr32: -- lt${g}r $len,$len # $len==0? -- bzr %r14 -- a${g}hi $len,-64 -- l${g}hi %r1,-$frame -- stm${g} %r6,%r15,`6*$SIZE_T`($sp) -- sl${g}r $out,$inp # difference -- la $len,0($inp,$len) # end of input minus 64 -- larl %r7,.Lsigma -- lgr %r0,$sp -- la $sp,0(%r1,$sp) -- st${g} %r0,0($sp) -- -- lmg %r8,%r11,0($key) # load key -- lmg %r12,%r13,0($counter) # load counter -- lmg %r6,%r7,0(%r7) # load sigma constant -- -- la %r14,0($inp) -- st${g} $out,$frame+3*$SIZE_T($sp) -- st${g} $len,$frame+4*$SIZE_T($sp) -- stmg %r6,%r13,$stdframe($sp) # copy key schedule to stack -- srlg @x[12],%r12,32 # 32-bit counter value -- j .Loop_outer -- --.align 16 --.Loop_outer: -- lm @x[0],@x[7],$stdframe+4*0($sp) # load x[0]-x[7] -- lm @t[0],@t[1],$stdframe+4*10($sp) # load x[10]-x[11] -- lm @x[13],@x[15],$stdframe+4*13($sp) # load x[13]-x[15] -- stm @t[0],@t[1],$stdframe+4*8+4*10($sp) # offload x[10]-x[11] -- lm @t[0],@t[1],$stdframe+4*8($sp) # load x[8]-x[9] -- st @x[12],$stdframe+4*12($sp) # save counter -- st${g} %r14,$frame+2*$SIZE_T($sp) # save input pointer -- lhi %r14,10 -- j .Loop -- --.align 4 --.Loop: --___ -- foreach (&ROUND(0, 4, 8,12)) { eval; } -- foreach (&ROUND(0, 5,10,15)) { eval; } --$code.=<<___; -- brct %r14,.Loop -- -- l${g} %r14,$frame+2*$SIZE_T($sp) # pull input pointer -- stm @t[0],@t[1],$stdframe+4*8+4*8($sp) # offload x[8]-x[9] -- lm${g} @t[0],@t[1],$frame+3*$SIZE_T($sp) -- -- al @x[0],$stdframe+4*0($sp) # accumulate key schedule -- al @x[1],$stdframe+4*1($sp) -- al @x[2],$stdframe+4*2($sp) -- al @x[3],$stdframe+4*3($sp) -- al @x[4],$stdframe+4*4($sp) -- al @x[5],$stdframe+4*5($sp) -- al @x[6],$stdframe+4*6($sp) -- al @x[7],$stdframe+4*7($sp) -- lrvr @x[0],@x[0] -- lrvr @x[1],@x[1] -- lrvr @x[2],@x[2] -- lrvr @x[3],@x[3] -- lrvr @x[4],@x[4] -- lrvr @x[5],@x[5] -- lrvr @x[6],@x[6] -- lrvr @x[7],@x[7] -- al @x[12],$stdframe+4*12($sp) -- al @x[13],$stdframe+4*13($sp) -- al @x[14],$stdframe+4*14($sp) -- al @x[15],$stdframe+4*15($sp) -- lrvr @x[12],@x[12] -- lrvr @x[13],@x[13] -- lrvr @x[14],@x[14] -- lrvr @x[15],@x[15] -- -- la @t[0],0(@t[0],%r14) # reconstruct output pointer -- cl${g}r %r14,@t[1] -- jh .Ltail -- -- x @x[0],4*0(%r14) # xor with input -- x @x[1],4*1(%r14) -- st @x[0],4*0(@t[0]) # store output -- x @x[2],4*2(%r14) -- st @x[1],4*1(@t[0]) -- x @x[3],4*3(%r14) -- st @x[2],4*2(@t[0]) -- x @x[4],4*4(%r14) -- st @x[3],4*3(@t[0]) -- lm @x[0],@x[3],$stdframe+4*8+4*8($sp) # load x[8]-x[11] -- x @x[5],4*5(%r14) -- st @x[4],4*4(@t[0]) -- x @x[6],4*6(%r14) -- al @x[0],$stdframe+4*8($sp) -- st @x[5],4*5(@t[0]) -- x @x[7],4*7(%r14) -- al @x[1],$stdframe+4*9($sp) -- st @x[6],4*6(@t[0]) -- x @x[12],4*12(%r14) -- al @x[2],$stdframe+4*10($sp) -- st @x[7],4*7(@t[0]) -- x @x[13],4*13(%r14) -- al @x[3],$stdframe+4*11($sp) -- st @x[12],4*12(@t[0]) -- x @x[14],4*14(%r14) -- st @x[13],4*13(@t[0]) -- x @x[15],4*15(%r14) -- st @x[14],4*14(@t[0]) -- lrvr @x[0],@x[0] -- st @x[15],4*15(@t[0]) -- lrvr @x[1],@x[1] -- lrvr @x[2],@x[2] -- lrvr @x[3],@x[3] -- lhi @x[12],1 -- x @x[0],4*8(%r14) -- al @x[12],$stdframe+4*12($sp) # increment counter -- x @x[1],4*9(%r14) -- st @x[0],4*8(@t[0]) -- x @x[2],4*10(%r14) -- st @x[1],4*9(@t[0]) -- x @x[3],4*11(%r14) -- st @x[2],4*10(@t[0]) -- st @x[3],4*11(@t[0]) -- -- cl${g}r %r14,@t[1] # done yet? -- la %r14,64(%r14) -- jl .Loop_outer -- --.Ldone: -- xgr %r0,%r0 -- xgr %r1,%r1 -- xgr %r2,%r2 -- xgr %r3,%r3 -- stmg %r0,%r3,$stdframe+4*4($sp) # wipe key copy -- stmg %r0,%r3,$stdframe+4*12($sp) -- -- lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp) -- br %r14 -- --.align 16 --.Ltail: -- la @t[1],64($t[1]) -- stm @x[0],@x[7],$stdframe+4*0($sp) -- sl${g}r @t[1],%r14 -- lm @x[0],@x[3],$stdframe+4*8+4*8($sp) -- l${g}hi @x[6],0 -- stm @x[12],@x[15],$stdframe+4*12($sp) -- al @x[0],$stdframe+4*8($sp) -- al @x[1],$stdframe+4*9($sp) -- al @x[2],$stdframe+4*10($sp) -- al @x[3],$stdframe+4*11($sp) -- lrvr @x[0],@x[0] -- lrvr @x[1],@x[1] -- lrvr @x[2],@x[2] -- lrvr @x[3],@x[3] -- stm @x[0],@x[3],$stdframe+4*8($sp) -- --.Loop_tail: -- llgc @x[4],0(@x[6],%r14) -- llgc @x[5],$stdframe(@x[6],$sp) -- xr @x[5],@x[4] -- stc @x[5],0(@x[6],@t[0]) -- la @x[6],1(@x[6]) -- brct @t[1],.Loop_tail -- -- j .Ldone --.size ChaCha20_ctr32,.-ChaCha20_ctr32 -- --.align 32 --.Lsigma: --.long 0x61707865,0x3320646e,0x79622d32,0x6b206574 # endian-neutral --.asciz "ChaCha20 for s390x, CRYPTOGAMS by " --.align 4 --___ -+ alr (@x[$a0],@x[$b0]); # Q1 -+ alr (@x[$a1],@x[$b1]); # Q2 -+ xr (@x[$d0],@x[$a0]); -+ xr (@x[$d1],@x[$a1]); -+ rll (@x[$d0],@x[$d0],16); -+ rll (@x[$d1],@x[$d1],16); -+ -+ alr ($xc,@x[$d0]); -+ alr ($xc_,@x[$d1]); -+ xr (@x[$b0],$xc); -+ xr (@x[$b1],$xc_); -+ rll (@x[$b0],@x[$b0],12); -+ rll (@x[$b1],@x[$b1],12); -+ -+ alr (@x[$a0],@x[$b0]); -+ alr (@x[$a1],@x[$b1]); -+ xr (@x[$d0],@x[$a0]); -+ xr (@x[$d1],@x[$a1]); -+ rll (@x[$d0],@x[$d0],8); -+ rll (@x[$d1],@x[$d1],8); -+ -+ alr ($xc,@x[$d0]); -+ alr ($xc_,@x[$d1]); -+ xr (@x[$b0],$xc); -+ xr (@x[$b1],$xc_); -+ rll (@x[$b0],@x[$b0],7); -+ rll (@x[$b1],@x[$b1],7); -+ -+ stm ($xc,$xc_,"$stdframe+4*8+4*$c0($sp)"); # reload pair of 'c's -+ lm ($xc,$xc_,"$stdframe+4*8+4*$c2($sp)"); -+ -+ alr (@x[$a2],@x[$b2]); # Q3 -+ alr (@x[$a3],@x[$b3]); # Q4 -+ xr (@x[$d2],@x[$a2]); -+ xr (@x[$d3],@x[$a3]); -+ rll (@x[$d2],@x[$d2],16); -+ rll (@x[$d3],@x[$d3],16); -+ -+ alr ($xc,@x[$d2]); -+ alr ($xc_,@x[$d3]); -+ xr (@x[$b2],$xc); -+ xr (@x[$b3],$xc_); -+ rll (@x[$b2],@x[$b2],12); -+ rll (@x[$b3],@x[$b3],12); -+ -+ alr (@x[$a2],@x[$b2]); -+ alr (@x[$a3],@x[$b3]); -+ xr (@x[$d2],@x[$a2]); -+ xr (@x[$d3],@x[$a3]); -+ rll (@x[$d2],@x[$d2],8); -+ rll (@x[$d3],@x[$d3],8); -+ -+ alr ($xc,@x[$d2]); -+ alr ($xc_,@x[$d3]); -+ xr (@x[$b2],$xc); -+ xr (@x[$b3],$xc_); -+ rll (@x[$b2],@x[$b2],7); -+ rll (@x[$b3],@x[$b3],7); -+} -+ -+sub VX_lane_ROUND { -+my ($a0,$b0,$c0,$d0)=@_; -+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); -+my @x=map("%v$_",(0..15)); - --foreach (split("\n",$code)) { -- s/\`([^\`]*)\`/eval $1/ge; -+ vaf (@x[$a0],@x[$a0],@x[$b0]); # Q1 -+ vx (@x[$d0],@x[$d0],@x[$a0]); -+ verllf (@x[$d0],@x[$d0],16); -+ vaf (@x[$a1],@x[$a1],@x[$b1]); # Q2 -+ vx (@x[$d1],@x[$d1],@x[$a1]); -+ verllf (@x[$d1],@x[$d1],16); -+ vaf (@x[$a2],@x[$a2],@x[$b2]); # Q3 -+ vx (@x[$d2],@x[$d2],@x[$a2]); -+ verllf (@x[$d2],@x[$d2],16); -+ vaf (@x[$a3],@x[$a3],@x[$b3]); # Q4 -+ vx (@x[$d3],@x[$d3],@x[$a3]); -+ verllf (@x[$d3],@x[$d3],16); -+ -+ vaf (@x[$c0],@x[$c0],@x[$d0]); -+ vx (@x[$b0],@x[$b0],@x[$c0]); -+ verllf (@x[$b0],@x[$b0],12); -+ vaf (@x[$c1],@x[$c1],@x[$d1]); -+ vx (@x[$b1],@x[$b1],@x[$c1]); -+ verllf (@x[$b1],@x[$b1],12); -+ vaf (@x[$c2],@x[$c2],@x[$d2]); -+ vx (@x[$b2],@x[$b2],@x[$c2]); -+ verllf (@x[$b2],@x[$b2],12); -+ vaf (@x[$c3],@x[$c3],@x[$d3]); -+ vx (@x[$b3],@x[$b3],@x[$c3]); -+ verllf (@x[$b3],@x[$b3],12); -+ -+ vaf (@x[$a0],@x[$a0],@x[$b0]); -+ vx (@x[$d0],@x[$d0],@x[$a0]); -+ verllf (@x[$d0],@x[$d0],8); -+ vaf (@x[$a1],@x[$a1],@x[$b1]); -+ vx (@x[$d1],@x[$d1],@x[$a1]); -+ verllf (@x[$d1],@x[$d1],8); -+ vaf (@x[$a2],@x[$a2],@x[$b2]); -+ vx (@x[$d2],@x[$d2],@x[$a2]); -+ verllf (@x[$d2],@x[$d2],8); -+ vaf (@x[$a3],@x[$a3],@x[$b3]); -+ vx (@x[$d3],@x[$d3],@x[$a3]); -+ verllf (@x[$d3],@x[$d3],8); -+ -+ vaf (@x[$c0],@x[$c0],@x[$d0]); -+ vx (@x[$b0],@x[$b0],@x[$c0]); -+ verllf (@x[$b0],@x[$b0],7); -+ vaf (@x[$c1],@x[$c1],@x[$d1]); -+ vx (@x[$b1],@x[$b1],@x[$c1]); -+ verllf (@x[$b1],@x[$b1],7); -+ vaf (@x[$c2],@x[$c2],@x[$d2]); -+ vx (@x[$b2],@x[$b2],@x[$c2]); -+ verllf (@x[$b2],@x[$b2],7); -+ vaf (@x[$c3],@x[$c3],@x[$d3]); -+ vx (@x[$b3],@x[$b3],@x[$c3]); -+ verllf (@x[$b3],@x[$b3],7); -+} - -- print $_,"\n"; -+sub VX_ROUND { -+my @a=@_[0..5]; -+my @b=@_[6..11]; -+my @c=@_[12..17]; -+my @d=@_[18..23]; -+my $odd=@_[24]; -+ -+ vaf (@a[$_],@a[$_],@b[$_]) for (0..5); -+ vx (@d[$_],@d[$_],@a[$_]) for (0..5); -+ verllf (@d[$_],@d[$_],16) for (0..5); -+ -+ vaf (@c[$_],@c[$_],@d[$_]) for (0..5); -+ vx (@b[$_],@b[$_],@c[$_]) for (0..5); -+ verllf (@b[$_],@b[$_],12) for (0..5); -+ -+ vaf (@a[$_],@a[$_],@b[$_]) for (0..5); -+ vx (@d[$_],@d[$_],@a[$_]) for (0..5); -+ verllf (@d[$_],@d[$_],8) for (0..5); -+ -+ vaf (@c[$_],@c[$_],@d[$_]) for (0..5); -+ vx (@b[$_],@b[$_],@c[$_]) for (0..5); -+ verllf (@b[$_],@b[$_],7) for (0..5); -+ -+ vsldb (@c[$_],@c[$_],@c[$_],8) for (0..5); -+ vsldb (@b[$_],@b[$_],@b[$_],$odd?12:4) for (0..5); -+ vsldb (@d[$_],@d[$_],@d[$_],$odd?4:12) for (0..5); - } --close STDOUT or die "error closing STDOUT: $!"; -+ -+PERLASM_BEGIN($output); -+ -+INCLUDE ("s390x_arch.h"); -+TEXT (); -+ -+################ -+# void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, size_t len, -+# const unsigned int key[8], const unsigned int counter[4]) -+my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6)); -+{ -+my $frame=$stdframe+4*20; -+my @x=map("%r$_",(0..7,"x","x","x","x",(10..13))); -+my @t=map("%r$_",(8,9)); -+ -+GLOBL ("ChaCha20_ctr32"); -+TYPE ("ChaCha20_ctr32","\@function"); -+ALIGN (32); -+LABEL ("ChaCha20_ctr32"); -+ larl ("%r1","OPENSSL_s390xcap_P"); -+ -+ lghi ("%r0",64); -+&{$z? \<gr:\<r} ($len,$len); # len==0? -+ bzr ("%r14"); -+ lg ("%r1","S390X_STFLE+16(%r1)"); -+&{$z? \&clgr:\&clr} ($len,"%r0"); -+ jle (".Lshort"); -+ -+ tmhh ("%r1",0x4000); # check for vx bit -+ jnz (".LChaCha20_ctr32_vx"); -+ -+LABEL (".Lshort"); -+&{$z? \&aghi:\&ahi} ($len,-64); -+&{$z? \&lghi:\&lhi} ("%r1",-$frame); -+&{$z? \&stmg:\&stm} ("%r6","%r15","6*$SIZE_T($sp)"); -+&{$z? \&slgr:\&slr} ($out,$inp); # difference -+ la ($len,"0($inp,$len)"); # end of input minus 64 -+ larl ("%r7",".Lsigma"); -+ lgr ("%r0",$sp); -+ la ($sp,"0(%r1,$sp)"); -+&{$z? \&stg:\&st} ("%r0","0($sp)"); -+ -+ lmg ("%r8","%r11","0($key)"); # load key -+ lmg ("%r12","%r13","0($counter)"); # load counter -+ lmg ("%r6","%r7","0(%r7)"); # load sigma constant -+ -+ la ("%r14","0($inp)"); -+&{$z? \&stg:\&st} ($out,"$frame+3*$SIZE_T($sp)"); -+&{$z? \&stg:\&st} ($len,"$frame+4*$SIZE_T($sp)"); -+ stmg ("%r6","%r13","$stdframe($sp)");# copy key schedule to stack -+ srlg (@x[12],"%r12",32); # 32-bit counter value -+ j (".Loop_outer"); -+ -+ALIGN (16); -+LABEL (".Loop_outer"); -+ lm (@x[0],@x[7],"$stdframe+4*0($sp)"); # load x[0]-x[7] -+ lm (@t[0],@t[1],"$stdframe+4*10($sp)"); # load x[10]-x[11] -+ lm (@x[13],@x[15],"$stdframe+4*13($sp)"); # load x[13]-x[15] -+ stm (@t[0],@t[1],"$stdframe+4*8+4*10($sp)");# offload x[10]-x[11] -+ lm (@t[0],@t[1],"$stdframe+4*8($sp)"); # load x[8]-x[9] -+ st (@x[12],"$stdframe+4*12($sp)"); # save counter -+&{$z? \&stg:\&st} ("%r14","$frame+2*$SIZE_T($sp)");# save input pointer -+ lhi ("%r14",10); -+ j (".Loop"); -+ -+ALIGN (4); -+LABEL (".Loop"); -+ ROUND (0, 4, 8,12); -+ ROUND (0, 5,10,15); -+ brct ("%r14",".Loop"); -+ -+&{$z? \&lg:\&l} ("%r14","$frame+2*$SIZE_T($sp)");# pull input pointer -+ stm (@t[0],@t[1],"$stdframe+4*8+4*8($sp)"); # offload x[8]-x[9] -+&{$z? \&lmg:\&lm} (@t[0],@t[1],"$frame+3*$SIZE_T($sp)"); -+ -+ al (@x[0],"$stdframe+4*0($sp)"); # accumulate key schedule -+ al (@x[1],"$stdframe+4*1($sp)"); -+ al (@x[2],"$stdframe+4*2($sp)"); -+ al (@x[3],"$stdframe+4*3($sp)"); -+ al (@x[4],"$stdframe+4*4($sp)"); -+ al (@x[5],"$stdframe+4*5($sp)"); -+ al (@x[6],"$stdframe+4*6($sp)"); -+ al (@x[7],"$stdframe+4*7($sp)"); -+ lrvr (@x[0],@x[0]); -+ lrvr (@x[1],@x[1]); -+ lrvr (@x[2],@x[2]); -+ lrvr (@x[3],@x[3]); -+ lrvr (@x[4],@x[4]); -+ lrvr (@x[5],@x[5]); -+ lrvr (@x[6],@x[6]); -+ lrvr (@x[7],@x[7]); -+ al (@x[12],"$stdframe+4*12($sp)"); -+ al (@x[13],"$stdframe+4*13($sp)"); -+ al (@x[14],"$stdframe+4*14($sp)"); -+ al (@x[15],"$stdframe+4*15($sp)"); -+ lrvr (@x[12],@x[12]); -+ lrvr (@x[13],@x[13]); -+ lrvr (@x[14],@x[14]); -+ lrvr (@x[15],@x[15]); -+ -+ la (@t[0],"0(@t[0],%r14)"); # reconstruct output pointer -+&{$z? \&clgr:\&clr} ("%r14",@t[1]); -+ jh (".Ltail"); -+ -+ x (@x[0],"4*0(%r14)"); # xor with input -+ x (@x[1],"4*1(%r14)"); -+ st (@x[0],"4*0(@t[0])"); # store output -+ x (@x[2],"4*2(%r14)"); -+ st (@x[1],"4*1(@t[0])"); -+ x (@x[3],"4*3(%r14)"); -+ st (@x[2],"4*2(@t[0])"); -+ x (@x[4],"4*4(%r14)"); -+ st (@x[3],"4*3(@t[0])"); -+ lm (@x[0],@x[3],"$stdframe+4*8+4*8($sp)"); # load x[8]-x[11] -+ x (@x[5],"4*5(%r14)"); -+ st (@x[4],"4*4(@t[0])"); -+ x (@x[6],"4*6(%r14)"); -+ al (@x[0],"$stdframe+4*8($sp)"); -+ st (@x[5],"4*5(@t[0])"); -+ x (@x[7],"4*7(%r14)"); -+ al (@x[1],"$stdframe+4*9($sp)"); -+ st (@x[6],"4*6(@t[0])"); -+ x (@x[12],"4*12(%r14)"); -+ al (@x[2],"$stdframe+4*10($sp)"); -+ st (@x[7],"4*7(@t[0])"); -+ x (@x[13],"4*13(%r14)"); -+ al (@x[3],"$stdframe+4*11($sp)"); -+ st (@x[12],"4*12(@t[0])"); -+ x (@x[14],"4*14(%r14)"); -+ st (@x[13],"4*13(@t[0])"); -+ x (@x[15],"4*15(%r14)"); -+ st (@x[14],"4*14(@t[0])"); -+ lrvr (@x[0],@x[0]); -+ st (@x[15],"4*15(@t[0])"); -+ lrvr (@x[1],@x[1]); -+ lrvr (@x[2],@x[2]); -+ lrvr (@x[3],@x[3]); -+ lhi (@x[12],1); -+ x (@x[0],"4*8(%r14)"); -+ al (@x[12],"$stdframe+4*12($sp)"); # increment counter -+ x (@x[1],"4*9(%r14)"); -+ st (@x[0],"4*8(@t[0])"); -+ x (@x[2],"4*10(%r14)"); -+ st (@x[1],"4*9(@t[0])"); -+ x (@x[3],"4*11(%r14)"); -+ st (@x[2],"4*10(@t[0])"); -+ st (@x[3],"4*11(@t[0])"); -+ -+&{$z? \&clgr:\&clr} ("%r14",@t[1]); # done yet? -+ la ("%r14","64(%r14)"); -+ jl (".Loop_outer"); -+ -+LABEL (".Ldone"); -+ xgr ("%r0","%r0"); -+ xgr ("%r1","%r1"); -+ xgr ("%r2","%r2"); -+ xgr ("%r3","%r3"); -+ stmg ("%r0","%r3","$stdframe+4*4($sp)"); # wipe key copy -+ stmg ("%r0","%r3","$stdframe+4*12($sp)"); -+ -+&{$z? \&lmg:\&lm} ("%r6","%r15","$frame+6*$SIZE_T($sp)"); -+ br ("%r14"); -+ -+ALIGN (16); -+LABEL (".Ltail"); -+ la (@t[1],"64($t[1])"); -+ stm (@x[0],@x[7],"$stdframe+4*0($sp)"); -+&{$z? \&slgr:\&slr} (@t[1],"%r14"); -+ lm (@x[0],@x[3],"$stdframe+4*8+4*8($sp)"); -+&{$z? \&lghi:\&lhi} (@x[6],0); -+ stm (@x[12],@x[15],"$stdframe+4*12($sp)"); -+ al (@x[0],"$stdframe+4*8($sp)"); -+ al (@x[1],"$stdframe+4*9($sp)"); -+ al (@x[2],"$stdframe+4*10($sp)"); -+ al (@x[3],"$stdframe+4*11($sp)"); -+ lrvr (@x[0],@x[0]); -+ lrvr (@x[1],@x[1]); -+ lrvr (@x[2],@x[2]); -+ lrvr (@x[3],@x[3]); -+ stm (@x[0],@x[3],"$stdframe+4*8($sp)"); -+ -+LABEL (".Loop_tail"); -+ llgc (@x[4],"0(@x[6],%r14)"); -+ llgc (@x[5],"$stdframe(@x[6],$sp)"); -+ xr (@x[5],@x[4]); -+ stc (@x[5],"0(@x[6],@t[0])"); -+ la (@x[6],"1(@x[6])"); -+ brct (@t[1],".Loop_tail"); -+ -+ j (".Ldone"); -+SIZE ("ChaCha20_ctr32",".-ChaCha20_ctr32"); -+} -+ -+######################################################################## -+# 4x"vertical" layout minimizes amount of instructions, but pipeline -+# runs underutilized [because of vector instructions' high latency]. -+# On the other hand minimum amount of data it takes to fully utilize -+# the pipeline is higher, so that effectively, short inputs would be -+# processed slower. Hence this code path targeting <=256 bytes lengths. -+# -+{ -+my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, -+ $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3)=map("%v$_",(0..15)); -+my @K=map("%v$_",(16..19)); -+my $CTR="%v26"; -+my ($xt0,$xt1,$xt2,$xt3)=map("%v$_",(27..30)); -+my $beperm="%v31"; -+my ($x00,$x10,$x20,$x30)=(0,map("r$_",(8..10))); -+my $FRAME=$stdframe+4*16; -+ -+ALIGN (32); -+LABEL ("ChaCha20_ctr32_4x"); -+LABEL (".LChaCha20_ctr32_4x"); -+&{$z? \&stmg:\&stm} ("%r6","%r7","6*$SIZE_T($sp)"); -+if (!$z) { -+ std ("%f4","16*$SIZE_T+2*8($sp)"); -+ std ("%f6","16*$SIZE_T+3*8($sp)"); -+} -+&{$z? \&lghi:\&lhi} ("%r1",-$FRAME); -+ lgr ("%r0",$sp); -+ la ($sp,"0(%r1,$sp)"); -+&{$z? \&stg:\&st} ("%r0","0($sp)"); # back-chain -+if ($z) { -+ std ("%f8","$stdframe+8*0($sp)"); -+ std ("%f9","$stdframe+8*1($sp)"); -+ std ("%f10","$stdframe+8*2($sp)"); -+ std ("%f11","$stdframe+8*3($sp)"); -+ std ("%f12","$stdframe+8*4($sp)"); -+ std ("%f13","$stdframe+8*5($sp)"); -+ std ("%f14","$stdframe+8*6($sp)"); -+ std ("%f15","$stdframe+8*7($sp)"); -+} -+ larl ("%r7",".Lsigma"); -+ lhi ("%r0",10); -+ lhi ("%r1",0); -+ -+ vl (@K[0],"0(%r7)"); # load sigma -+ vl (@K[1],"0($key)"); # load key -+ vl (@K[2],"16($key)"); -+ vl (@K[3],"0($counter)"); # load counter -+ -+ vl ($beperm,"0x40(%r7)"); -+ vl ($xt1,"0x50(%r7)"); -+ vrepf ($CTR,@K[3],0); -+ vlvgf (@K[3],"%r1",0); # clear @K[3].word[0] -+ vaf ($CTR,$CTR,$xt1); -+ -+#LABEL (".Loop_outer_4x"); -+ vlm ($xa0,$xa3,"0x60(%r7)"); # load [smashed] sigma -+ -+ vrepf ($xb0,@K[1],0); # smash the key -+ vrepf ($xb1,@K[1],1); -+ vrepf ($xb2,@K[1],2); -+ vrepf ($xb3,@K[1],3); -+ -+ vrepf ($xc0,@K[2],0); -+ vrepf ($xc1,@K[2],1); -+ vrepf ($xc2,@K[2],2); -+ vrepf ($xc3,@K[2],3); -+ -+ vlr ($xd0,$CTR); -+ vrepf ($xd1,@K[3],1); -+ vrepf ($xd2,@K[3],2); -+ vrepf ($xd3,@K[3],3); -+ -+LABEL (".Loop_4x"); -+ VX_lane_ROUND(0, 4, 8,12); -+ VX_lane_ROUND(0, 5,10,15); -+ brct ("%r0",".Loop_4x"); -+ -+ vaf ($xd0,$xd0,$CTR); -+ -+ vmrhf ($xt0,$xa0,$xa1); # transpose data -+ vmrhf ($xt1,$xa2,$xa3); -+ vmrlf ($xt2,$xa0,$xa1); -+ vmrlf ($xt3,$xa2,$xa3); -+ vpdi ($xa0,$xt0,$xt1,0b0000); -+ vpdi ($xa1,$xt0,$xt1,0b0101); -+ vpdi ($xa2,$xt2,$xt3,0b0000); -+ vpdi ($xa3,$xt2,$xt3,0b0101); -+ -+ vmrhf ($xt0,$xb0,$xb1); -+ vmrhf ($xt1,$xb2,$xb3); -+ vmrlf ($xt2,$xb0,$xb1); -+ vmrlf ($xt3,$xb2,$xb3); -+ vpdi ($xb0,$xt0,$xt1,0b0000); -+ vpdi ($xb1,$xt0,$xt1,0b0101); -+ vpdi ($xb2,$xt2,$xt3,0b0000); -+ vpdi ($xb3,$xt2,$xt3,0b0101); -+ -+ vmrhf ($xt0,$xc0,$xc1); -+ vmrhf ($xt1,$xc2,$xc3); -+ vmrlf ($xt2,$xc0,$xc1); -+ vmrlf ($xt3,$xc2,$xc3); -+ vpdi ($xc0,$xt0,$xt1,0b0000); -+ vpdi ($xc1,$xt0,$xt1,0b0101); -+ vpdi ($xc2,$xt2,$xt3,0b0000); -+ vpdi ($xc3,$xt2,$xt3,0b0101); -+ -+ vmrhf ($xt0,$xd0,$xd1); -+ vmrhf ($xt1,$xd2,$xd3); -+ vmrlf ($xt2,$xd0,$xd1); -+ vmrlf ($xt3,$xd2,$xd3); -+ vpdi ($xd0,$xt0,$xt1,0b0000); -+ vpdi ($xd1,$xt0,$xt1,0b0101); -+ vpdi ($xd2,$xt2,$xt3,0b0000); -+ vpdi ($xd3,$xt2,$xt3,0b0101); -+ -+ #vrepif ($xt0,4); -+ #vaf ($CTR,$CTR,$xt0); # next counter value -+ -+ vaf ($xa0,$xa0,@K[0]); -+ vaf ($xb0,$xb0,@K[1]); -+ vaf ($xc0,$xc0,@K[2]); -+ vaf ($xd0,$xd0,@K[3]); -+ -+ vperm ($xa0,$xa0,$xa0,$beperm); -+ vperm ($xb0,$xb0,$xb0,$beperm); -+ vperm ($xc0,$xc0,$xc0,$beperm); -+ vperm ($xd0,$xd0,$xd0,$beperm); -+ -+ #&{$z? \&clgfi:\&clfi} ($len,0x40); -+ #jl (".Ltail_4x"); -+ -+ vlm ($xt0,$xt3,"0($inp)"); -+ -+ vx ($xt0,$xt0,$xa0); -+ vx ($xt1,$xt1,$xb0); -+ vx ($xt2,$xt2,$xc0); -+ vx ($xt3,$xt3,$xd0); -+ -+ vstm ($xt0,$xt3,"0($out)"); -+ -+ la ($inp,"0x40($inp)"); -+ la ($out,"0x40($out)"); -+&{$z? \&aghi:\&ahi} ($len,-0x40); -+ #je (".Ldone_4x"); -+ -+ vaf ($xa0,$xa1,@K[0]); -+ vaf ($xb0,$xb1,@K[1]); -+ vaf ($xc0,$xc1,@K[2]); -+ vaf ($xd0,$xd1,@K[3]); -+ -+ vperm ($xa0,$xa0,$xa0,$beperm); -+ vperm ($xb0,$xb0,$xb0,$beperm); -+ vperm ($xc0,$xc0,$xc0,$beperm); -+ vperm ($xd0,$xd0,$xd0,$beperm); -+ -+&{$z? \&clgfi:\&clfi} ($len,0x40); -+ jl (".Ltail_4x"); -+ -+ vlm ($xt0,$xt3,"0($inp)"); -+ -+ vx ($xt0,$xt0,$xa0); -+ vx ($xt1,$xt1,$xb0); -+ vx ($xt2,$xt2,$xc0); -+ vx ($xt3,$xt3,$xd0); -+ -+ vstm ($xt0,$xt3,"0($out)"); -+ -+ la ($inp,"0x40($inp)"); -+ la ($out,"0x40($out)"); -+&{$z? \&aghi:\&ahi} ($len,-0x40); -+ je (".Ldone_4x"); -+ -+ vaf ($xa0,$xa2,@K[0]); -+ vaf ($xb0,$xb2,@K[1]); -+ vaf ($xc0,$xc2,@K[2]); -+ vaf ($xd0,$xd2,@K[3]); -+ -+ vperm ($xa0,$xa0,$xa0,$beperm); -+ vperm ($xb0,$xb0,$xb0,$beperm); -+ vperm ($xc0,$xc0,$xc0,$beperm); -+ vperm ($xd0,$xd0,$xd0,$beperm); -+ -+&{$z? \&clgfi:\&clfi} ($len,0x40); -+ jl (".Ltail_4x"); -+ -+ vlm ($xt0,$xt3,"0($inp)"); -+ -+ vx ($xt0,$xt0,$xa0); -+ vx ($xt1,$xt1,$xb0); -+ vx ($xt2,$xt2,$xc0); -+ vx ($xt3,$xt3,$xd0); -+ -+ vstm ($xt0,$xt3,"0($out)"); -+ -+ la ($inp,"0x40($inp)"); -+ la ($out,"0x40($out)"); -+&{$z? \&aghi:\&ahi} ($len,-0x40); -+ je (".Ldone_4x"); -+ -+ vaf ($xa0,$xa3,@K[0]); -+ vaf ($xb0,$xb3,@K[1]); -+ vaf ($xc0,$xc3,@K[2]); -+ vaf ($xd0,$xd3,@K[3]); -+ -+ vperm ($xa0,$xa0,$xa0,$beperm); -+ vperm ($xb0,$xb0,$xb0,$beperm); -+ vperm ($xc0,$xc0,$xc0,$beperm); -+ vperm ($xd0,$xd0,$xd0,$beperm); -+ -+&{$z? \&clgfi:\&clfi} ($len,0x40); -+ jl (".Ltail_4x"); -+ -+ vlm ($xt0,$xt3,"0($inp)"); -+ -+ vx ($xt0,$xt0,$xa0); -+ vx ($xt1,$xt1,$xb0); -+ vx ($xt2,$xt2,$xc0); -+ vx ($xt3,$xt3,$xd0); -+ -+ vstm ($xt0,$xt3,"0($out)"); -+ -+ #la $inp,0x40($inp)); -+ #la $out,0x40($out)); -+ #lhi %r0,10); -+ #&{$z? \&aghi:\&ahi} $len,-0x40); -+ #jne .Loop_outer_4x); -+ -+LABEL (".Ldone_4x"); -+if (!$z) { -+ ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)"); -+ ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)"); -+} else { -+ ld ("%f8","$stdframe+8*0($sp)"); -+ ld ("%f9","$stdframe+8*1($sp)"); -+ ld ("%f10","$stdframe+8*2($sp)"); -+ ld ("%f11","$stdframe+8*3($sp)"); -+ ld ("%f12","$stdframe+8*4($sp)"); -+ ld ("%f13","$stdframe+8*5($sp)"); -+ ld ("%f14","$stdframe+8*6($sp)"); -+ ld ("%f15","$stdframe+8*7($sp)"); -+} -+&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)"); -+ la ($sp,"$FRAME($sp)"); -+ br ("%r14"); -+ -+ALIGN (16); -+LABEL (".Ltail_4x"); -+if (!$z) { -+ vlr ($xt0,$xb0); -+ ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)"); -+ ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)"); -+ -+ vst ($xa0,"$stdframe+0x00($sp)"); -+ vst ($xt0,"$stdframe+0x10($sp)"); -+ vst ($xc0,"$stdframe+0x20($sp)"); -+ vst ($xd0,"$stdframe+0x30($sp)"); -+} else { -+ vlr ($xt0,$xc0); -+ ld ("%f8","$stdframe+8*0($sp)"); -+ ld ("%f9","$stdframe+8*1($sp)"); -+ ld ("%f10","$stdframe+8*2($sp)"); -+ ld ("%f11","$stdframe+8*3($sp)"); -+ vlr ($xt1,$xd0); -+ ld ("%f12","$stdframe+8*4($sp)"); -+ ld ("%f13","$stdframe+8*5($sp)"); -+ ld ("%f14","$stdframe+8*6($sp)"); -+ ld ("%f15","$stdframe+8*7($sp)"); -+ -+ vst ($xa0,"$stdframe+0x00($sp)"); -+ vst ($xb0,"$stdframe+0x10($sp)"); -+ vst ($xt0,"$stdframe+0x20($sp)"); -+ vst ($xt1,"$stdframe+0x30($sp)"); -+} -+ lghi ("%r1",0); -+ -+LABEL (".Loop_tail_4x"); -+ llgc ("%r5","0(%r1,$inp)"); -+ llgc ("%r6","$stdframe(%r1,$sp)"); -+ xr ("%r6","%r5"); -+ stc ("%r6","0(%r1,$out)"); -+ la ("%r1","1(%r1)"); -+ brct ($len,".Loop_tail_4x"); -+ -+&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)"); -+ la ($sp,"$FRAME($sp)"); -+ br ("%r14"); -+SIZE ("ChaCha20_ctr32_4x",".-ChaCha20_ctr32_4x"); -+} -+ -+######################################################################## -+# 6x"horizontal" layout is optimal fit for the platform in its current -+# shape, more specifically for given vector instructions' latency. Well, -+# computational part of 8x"vertical" would be faster, but it consumes -+# all registers and dealing with that will diminish the return... -+# -+{ -+my ($a0,$b0,$c0,$d0, $a1,$b1,$c1,$d1, -+ $a2,$b2,$c2,$d2, $a3,$b3,$c3,$d3, -+ $a4,$b4,$c4,$d4, $a5,$b5,$c5,$d5)=map("%v$_",(0..23)); -+my @K=map("%v$_",(27,24..26)); -+my ($t0,$t1,$t2,$t3)=map("%v$_",27..30); -+my $beperm="%v31"; -+my $FRAME=$stdframe + 4*16; -+ -+GLOBL ("ChaCha20_ctr32_vx"); -+ALIGN (32); -+LABEL ("ChaCha20_ctr32_vx"); -+LABEL (".LChaCha20_ctr32_vx"); -+&{$z? \&clgfi:\&clfi} ($len,256); -+ jle (".LChaCha20_ctr32_4x"); -+&{$z? \&stmg:\&stm} ("%r6","%r7","6*$SIZE_T($sp)"); -+if (!$z) { -+ std ("%f4","16*$SIZE_T+2*8($sp)"); -+ std ("%f6","16*$SIZE_T+3*8($sp)"); -+} -+&{$z? \&lghi:\&lhi} ("%r1",-$FRAME); -+ lgr ("%r0",$sp); -+ la ($sp,"0(%r1,$sp)"); -+&{$z? \&stg:\&st} ("%r0","0($sp)"); # back-chain -+if ($z) { -+ std ("%f8","$FRAME-8*8($sp)"); -+ std ("%f9","$FRAME-8*7($sp)"); -+ std ("%f10","$FRAME-8*6($sp)"); -+ std ("%f11","$FRAME-8*5($sp)"); -+ std ("%f12","$FRAME-8*4($sp)"); -+ std ("%f13","$FRAME-8*3($sp)"); -+ std ("%f14","$FRAME-8*2($sp)"); -+ std ("%f15","$FRAME-8*1($sp)"); -+} -+ larl ("%r7",".Lsigma"); -+ lhi ("%r0",10); -+ -+ vlm (@K[1],@K[2],"0($key)"); # load key -+ vl (@K[3],"0($counter)"); # load counter -+ -+ vlm (@K[0],"$beperm","0(%r7)"); # load sigma, increments, ... -+ -+LABEL (".Loop_outer_vx"); -+ vlr ($a0,@K[0]); -+ vlr ($b0,@K[1]); -+ vlr ($a1,@K[0]); -+ vlr ($b1,@K[1]); -+ vlr ($a2,@K[0]); -+ vlr ($b2,@K[1]); -+ vlr ($a3,@K[0]); -+ vlr ($b3,@K[1]); -+ vlr ($a4,@K[0]); -+ vlr ($b4,@K[1]); -+ vlr ($a5,@K[0]); -+ vlr ($b5,@K[1]); -+ -+ vlr ($d0,@K[3]); -+ vaf ($d1,@K[3],$t1); # K[3]+1 -+ vaf ($d2,@K[3],$t2); # K[3]+2 -+ vaf ($d3,@K[3],$t3); # K[3]+3 -+ vaf ($d4,$d2,$t2); # K[3]+4 -+ vaf ($d5,$d2,$t3); # K[3]+5 -+ -+ vlr ($c0,@K[2]); -+ vlr ($c1,@K[2]); -+ vlr ($c2,@K[2]); -+ vlr ($c3,@K[2]); -+ vlr ($c4,@K[2]); -+ vlr ($c5,@K[2]); -+ -+ vlr ($t1,$d1); -+ vlr ($t2,$d2); -+ vlr ($t3,$d3); -+ -+ALIGN (4); -+LABEL (".Loop_vx"); -+ -+ VX_ROUND($a0,$a1,$a2,$a3,$a4,$a5, -+ $b0,$b1,$b2,$b3,$b4,$b5, -+ $c0,$c1,$c2,$c3,$c4,$c5, -+ $d0,$d1,$d2,$d3,$d4,$d5, -+ 0); -+ -+ VX_ROUND($a0,$a1,$a2,$a3,$a4,$a5, -+ $b0,$b1,$b2,$b3,$b4,$b5, -+ $c0,$c1,$c2,$c3,$c4,$c5, -+ $d0,$d1,$d2,$d3,$d4,$d5, -+ 1); -+ -+ brct ("%r0",".Loop_vx"); -+ -+ vaf ($a0,$a0,@K[0]); -+ vaf ($b0,$b0,@K[1]); -+ vaf ($c0,$c0,@K[2]); -+ vaf ($d0,$d0,@K[3]); -+ vaf ($a1,$a1,@K[0]); -+ vaf ($d1,$d1,$t1); # +K[3]+1 -+ -+ vperm ($a0,$a0,$a0,$beperm); -+ vperm ($b0,$b0,$b0,$beperm); -+ vperm ($c0,$c0,$c0,$beperm); -+ vperm ($d0,$d0,$d0,$beperm); -+ -+&{$z? \&clgfi:\&clfi} ($len,0x40); -+ jl (".Ltail_vx"); -+ -+ vaf ($d2,$d2,$t2); # +K[3]+2 -+ vaf ($d3,$d3,$t3); # +K[3]+3 -+ vlm ($t0,$t3,"0($inp)"); -+ -+ vx ($a0,$a0,$t0); -+ vx ($b0,$b0,$t1); -+ vx ($c0,$c0,$t2); -+ vx ($d0,$d0,$t3); -+ -+ vlm (@K[0],$t3,"0(%r7)"); # re-load sigma and increments -+ -+ vstm ($a0,$d0,"0($out)"); -+ -+ la ($inp,"0x40($inp)"); -+ la ($out,"0x40($out)"); -+&{$z? \&aghi:\&ahi} ($len,-0x40); -+ je (".Ldone_vx"); -+ -+ vaf ($b1,$b1,@K[1]); -+ vaf ($c1,$c1,@K[2]); -+ -+ vperm ($a0,$a1,$a1,$beperm); -+ vperm ($b0,$b1,$b1,$beperm); -+ vperm ($c0,$c1,$c1,$beperm); -+ vperm ($d0,$d1,$d1,$beperm); -+ -+&{$z? \&clgfi:\&clfi} ($len,0x40); -+ jl (".Ltail_vx"); -+ -+ vlm ($a1,$d1,"0($inp)"); -+ -+ vx ($a0,$a0,$a1); -+ vx ($b0,$b0,$b1); -+ vx ($c0,$c0,$c1); -+ vx ($d0,$d0,$d1); -+ -+ vstm ($a0,$d0,"0($out)"); -+ -+ la ($inp,"0x40($inp)"); -+ la ($out,"0x40($out)"); -+&{$z? \&aghi:\&ahi} ($len,-0x40); -+ je (".Ldone_vx"); -+ -+ vaf ($a2,$a2,@K[0]); -+ vaf ($b2,$b2,@K[1]); -+ vaf ($c2,$c2,@K[2]); -+ -+ vperm ($a0,$a2,$a2,$beperm); -+ vperm ($b0,$b2,$b2,$beperm); -+ vperm ($c0,$c2,$c2,$beperm); -+ vperm ($d0,$d2,$d2,$beperm); -+ -+&{$z? \&clgfi:\&clfi} ($len,0x40); -+ jl (".Ltail_vx"); -+ -+ vlm ($a1,$d1,"0($inp)"); -+ -+ vx ($a0,$a0,$a1); -+ vx ($b0,$b0,$b1); -+ vx ($c0,$c0,$c1); -+ vx ($d0,$d0,$d1); -+ -+ vstm ($a0,$d0,"0($out)"); -+ -+ la ($inp,"0x40($inp)"); -+ la ($out,"0x40($out)"); -+&{$z? \&aghi:\&ahi} ($len,-0x40); -+ je (".Ldone_vx"); -+ -+ vaf ($a3,$a3,@K[0]); -+ vaf ($b3,$b3,@K[1]); -+ vaf ($c3,$c3,@K[2]); -+ vaf ($d2,@K[3],$t3); # K[3]+3 -+ -+ vperm ($a0,$a3,$a3,$beperm); -+ vperm ($b0,$b3,$b3,$beperm); -+ vperm ($c0,$c3,$c3,$beperm); -+ vperm ($d0,$d3,$d3,$beperm); -+ -+&{$z? \&clgfi:\&clfi} ($len,0x40); -+ jl (".Ltail_vx"); -+ -+ vaf ($d3,$d2,$t1); # K[3]+4 -+ vlm ($a1,$d1,"0($inp)"); -+ -+ vx ($a0,$a0,$a1); -+ vx ($b0,$b0,$b1); -+ vx ($c0,$c0,$c1); -+ vx ($d0,$d0,$d1); -+ -+ vstm ($a0,$d0,"0($out)"); -+ -+ la ($inp,"0x40($inp)"); -+ la ($out,"0x40($out)"); -+&{$z? \&aghi:\&ahi} ($len,-0x40); -+ je (".Ldone_vx"); -+ -+ vaf ($a4,$a4,@K[0]); -+ vaf ($b4,$b4,@K[1]); -+ vaf ($c4,$c4,@K[2]); -+ vaf ($d4,$d4,$d3); # +K[3]+4 -+ vaf ($d3,$d3,$t1); # K[3]+5 -+ vaf (@K[3],$d2,$t3); # K[3]+=6 -+ -+ vperm ($a0,$a4,$a4,$beperm); -+ vperm ($b0,$b4,$b4,$beperm); -+ vperm ($c0,$c4,$c4,$beperm); -+ vperm ($d0,$d4,$d4,$beperm); -+ -+&{$z? \&clgfi:\&clfi} ($len,0x40); -+ jl (".Ltail_vx"); -+ -+ vlm ($a1,$d1,"0($inp)"); -+ -+ vx ($a0,$a0,$a1); -+ vx ($b0,$b0,$b1); -+ vx ($c0,$c0,$c1); -+ vx ($d0,$d0,$d1); -+ -+ vstm ($a0,$d0,"0($out)"); -+ -+ la ($inp,"0x40($inp)"); -+ la ($out,"0x40($out)"); -+&{$z? \&aghi:\&ahi} ($len,-0x40); -+ je (".Ldone_vx"); -+ -+ vaf ($a5,$a5,@K[0]); -+ vaf ($b5,$b5,@K[1]); -+ vaf ($c5,$c5,@K[2]); -+ vaf ($d5,$d5,$d3); # +K[3]+5 -+ -+ vperm ($a0,$a5,$a5,$beperm); -+ vperm ($b0,$b5,$b5,$beperm); -+ vperm ($c0,$c5,$c5,$beperm); -+ vperm ($d0,$d5,$d5,$beperm); -+ -+&{$z? \&clgfi:\&clfi} ($len,0x40); -+ jl (".Ltail_vx"); -+ -+ vlm ($a1,$d1,"0($inp)"); -+ -+ vx ($a0,$a0,$a1); -+ vx ($b0,$b0,$b1); -+ vx ($c0,$c0,$c1); -+ vx ($d0,$d0,$d1); -+ -+ vstm ($a0,$d0,"0($out)"); -+ -+ la ($inp,"0x40($inp)"); -+ la ($out,"0x40($out)"); -+ lhi ("%r0",10); -+&{$z? \&aghi:\&ahi} ($len,-0x40); -+ jne (".Loop_outer_vx"); -+ -+LABEL (".Ldone_vx"); -+if (!$z) { -+ ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)"); -+ ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)"); -+} else { -+ ld ("%f8","$FRAME-8*8($sp)"); -+ ld ("%f9","$FRAME-8*7($sp)"); -+ ld ("%f10","$FRAME-8*6($sp)"); -+ ld ("%f11","$FRAME-8*5($sp)"); -+ ld ("%f12","$FRAME-8*4($sp)"); -+ ld ("%f13","$FRAME-8*3($sp)"); -+ ld ("%f14","$FRAME-8*2($sp)"); -+ ld ("%f15","$FRAME-8*1($sp)"); -+} -+&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)"); -+ la ($sp,"$FRAME($sp)"); -+ br ("%r14"); -+ -+ALIGN (16); -+LABEL (".Ltail_vx"); -+if (!$z) { -+ ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)"); -+ ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)"); -+} else { -+ ld ("%f8","$FRAME-8*8($sp)"); -+ ld ("%f9","$FRAME-8*7($sp)"); -+ ld ("%f10","$FRAME-8*6($sp)"); -+ ld ("%f11","$FRAME-8*5($sp)"); -+ ld ("%f12","$FRAME-8*4($sp)"); -+ ld ("%f13","$FRAME-8*3($sp)"); -+ ld ("%f14","$FRAME-8*2($sp)"); -+ ld ("%f15","$FRAME-8*1($sp)"); -+} -+ vstm ($a0,$d0,"$stdframe($sp)"); -+ lghi ("%r1",0); -+ -+LABEL (".Loop_tail_vx"); -+ llgc ("%r5","0(%r1,$inp)"); -+ llgc ("%r6","$stdframe(%r1,$sp)"); -+ xr ("%r6","%r5"); -+ stc ("%r6","0(%r1,$out)"); -+ la ("%r1","1(%r1)"); -+ brct ($len,".Loop_tail_vx"); -+ -+&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)"); -+ la ($sp,"$FRAME($sp)"); -+ br ("%r14"); -+SIZE ("ChaCha20_ctr32_vx",".-ChaCha20_ctr32_vx"); -+} -+################ -+ -+ALIGN (32); -+LABEL (".Lsigma"); -+LONG (0x61707865,0x3320646e,0x79622d32,0x6b206574); # endian-neutral sigma -+LONG (1,0,0,0); -+LONG (2,0,0,0); -+LONG (3,0,0,0); -+LONG (0x03020100,0x07060504,0x0b0a0908,0x0f0e0d0c); # byte swap -+ -+LONG (0,1,2,3); -+LONG (0x61707865,0x61707865,0x61707865,0x61707865); # smashed sigma -+LONG (0x3320646e,0x3320646e,0x3320646e,0x3320646e); -+LONG (0x79622d32,0x79622d32,0x79622d32,0x79622d32); -+LONG (0x6b206574,0x6b206574,0x6b206574,0x6b206574); -+ -+ASCIZ ("\"ChaCha20 for s390x, CRYPTOGAMS by \""); -+ALIGN (4); -+ -+PERLASM_END(); -diff -up openssl-1.1.1e/crypto/perlasm/s390x.pm.s390x-update openssl-1.1.1e/crypto/perlasm/s390x.pm ---- openssl-1.1.1e/crypto/perlasm/s390x.pm.s390x-update 2020-03-19 16:20:22.039227394 +0100 -+++ openssl-1.1.1e/crypto/perlasm/s390x.pm 2020-03-19 16:20:22.039227394 +0100 -@@ -0,0 +1,3060 @@ -+#!/usr/bin/env perl -+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -+# -+# Licensed under the OpenSSL license (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+# Copyright IBM Corp. 2018 -+# Author: Patrick Steuer -+ -+package perlasm::s390x; -+ -+use strict; -+use warnings; -+use Carp qw(confess); -+use Exporter qw(import); -+ -+our @EXPORT=qw(PERLASM_BEGIN PERLASM_END); -+our @EXPORT_OK=qw(AUTOLOAD LABEL INCLUDE stfle); -+our %EXPORT_TAGS=( -+ MSA => [qw(kmac km kmc kimd klmd)], -+ MSA4 => [qw(kmf kmo pcc kmctr)], -+ MSA5 => [qw(ppno prno)], -+ MSA8 => [qw(kma)], -+ VX => [qw(vgef vgeg vgbm vzero vone vgm vgmb vgmh vgmf vgmg -+ vl vlr vlrep vlrepb vlreph vlrepf vlrepg vleb vleh vlef vleg vleib -+ vleih vleif vleig vlgv vlgvb vlgvh vlgvf vlgvg vllez vllezb vllezh -+ vllezf vllezg vlm vlbb vlvg vlvgb vlvgh vlvgf vlvgg vlvgp -+ vll vmrh vmrhb vmrhh vmrhf vmrhg vmrl vmrlb vmrlh vmrlf vmrlg vpk -+ vpkh vpkf vpkg vpks vpksh vpksf vpksg vpkshs vpksfs vpksgs vpkls -+ vpklsh vpklsf vpklsg vpklshs vpklsfs vpklsgs vperm vpdi vrep vrepb -+ vreph vrepf vrepg vrepi vrepib vrepih vrepif vrepig vscef vsceg -+ vsel vseg vsegb vsegh vsegf vst vsteb vsteh vstef vsteg vstm vstl -+ vuph vuphb vuphh vuphf vuplh vuplhb vuplhh vuplhf vupl vuplb vuplhw -+ vuplf vupll vupllb vupllh vupllf va vab vah vaf vag vaq vacc vaccb -+ vacch vaccf vaccg vaccq vac vacq vaccc vacccq vn vnc vavg vavgb -+ vavgh vavgf vavgg vavgl vavglb vavglh vavglf vavglg vcksm vec_ vecb -+ vech vecf vecg vecl veclb veclh veclf veclg vceq vceqb vceqh vceqf -+ vceqg vceqbs vceqhs vceqfs vceqgs vch vchb vchh vchf vchg vchbs -+ vchhs vchfs vchgs vchl vchlb vchlh vchlf vchlg vchlbs vchlhs vchlfs -+ vchlgs vclz vclzb vclzh vclzf vclzg vctz vctzb vctzh vctzf vctzg -+ vx vgfm vgfmb vgfmh vgfmf vgfmg vgfma vgfmab vgfmah vgfmaf vgfmag -+ vlc vlcb vlch vlcf vlcg vlp vlpb vlph vlpf vlpg vmx vmxb vmxh vmxf -+ vmxg vmxl vmxlb vmxlh vmxlf vmxlg vmn vmnb vmnh vmnf vmng vmnl -+ vmnlb vmnlh vmnlf vmnlg vmal vmalb vmalhw vmalf vmah vmahb vmahh -+ vmahf vmalh vmalhb vmalhh vmalhf vmae vmaeb vmaeh vmaef vmale -+ vmaleb vmaleh vmalef vmao vmaob vmaoh vmaof vmalo vmalob vmaloh -+ vmalof vmh vmhb vmhh vmhf vmlh vmlhb vmlhh vmlhf vml vmlb vmlhw -+ vmlf vme vmeb vmeh vmef vmle vmleb vmleh vmlef vmo vmob vmoh vmof -+ vmlo vmlob vmloh vmlof vno vnot vo vpopct verllv verllvb verllvh -+ verllvf verllvg verll verllb verllh verllf verllg verim verimb -+ verimh verimf verimg veslv veslvb veslvh veslvf veslvg vesl veslb -+ veslh veslf veslg vesrav vesravb vesravh vesravf vesravg vesra -+ vesrab vesrah vesraf vesrag vesrlv vesrlvb vesrlvh vesrlvf vesrlvg -+ vesrl vesrlb vesrlh vesrlf vesrlg vsl vslb vsldb vsra vsrab vsrl -+ vsrlb vs vsb vsh vsf vsg vsq vscbi vscbib vscbih vscbif vscbig -+ vscbiq vsbi vsbiq vsbcbi vsbcbiq vsumg vsumgh vsumgf vsumq vsumqf -+ vsumqg vsum vsumb vsumh vtm vfae vfaeb vfaeh vfaef vfaebs vfaehs -+ vfaefs vfaezb vfaezh vfaezf vfaezbs vfaezhs vfaezfs vfee vfeeb -+ vfeeh vfeef vfeebs vfeehs vfeefs vfeezb vfeezh vfeezf vfeezbs -+ vfeezhs vfeezfs vfene vfeneb vfeneh vfenef vfenebs vfenehs vfenefs -+ vfenezb vfenezh vfenezf vfenezbs vfenezhs vfenezfs vistr vistrb -+ vistrh vistrf vistrbs vistrhs vistrfs vstrc vstrcb vstrch vstrcf -+ vstrcbs vstrchs vstrcfs vstrczb vstrczh vstrczf vstrczbs vstrczhs -+ vstrczfs vfa vfadb wfadb wfc wfcdb wfk wfkdb vfce vfcedb wfcedb -+ vfcedbs wfcedbs vfch vfchdb wfchdb vfchdbs wfchdbs vfche vfchedb -+ wfchedb vfchedbs wfchedbs vcdg vcdgb wcdgb vcdlg vcdlgb wcdlgb vcgd -+ vcgdb wcgdb vclgd vclgdb wclgdb vfd vfddb wfddb vfi vfidb wfidb -+ vlde vldeb wldeb vled vledb wledb vfm vfmdb wfmdb vfma vfmadb -+ wfmadb vfms vfmsdb wfmsdb vfpso vfpsodb wfpsodb vflcdb wflcdb -+ vflndb wflndb vflpdb wflpdb vfsq vfsqdb wfsqdb vfs vfsdb wfsdb -+ vftci vftcidb wftcidb)], -+ VXE => [qw(vbperm vllezlf vmsl vmslg vnx vnn voc vpopctb vpopcth -+ vpopctf vpopctg vfasb wfasb wfaxb wfcsb wfcxb wfksb wfkxb vfcesb -+ vfcesbs wfcesb wfcesbs wfcexb wfcexbs vfchsb vfchsbs wfchsb wfchsbs -+ wfchxb wfchxbs vfchesb vfchesbs wfchesb wfchesbs wfchexb wfchexbs -+ vfdsb wfdsb wfdxb vfisb wfisb wfixb vfll vflls wflls wflld vflr -+ vflrd wflrd wflrx vfmax vfmaxsb vfmaxdb wfmaxsb wfmaxdb wfmaxxb -+ vfmin vfminsb vfmindb wfminsb wfmindb wfminxb vfmsb wfmsb wfmxb -+ vfnma vfnms vfmasb wfmasb wfmaxb vfmssb wfmssb wfmsxb vfnmasb -+ vfnmadb wfnmasb wfnmadb wfnmaxb vfnmssb vfnmsdb wfnmssb wfnmsdb -+ wfnmsxb vfpsosb wfpsosb vflcsb wflcsb vflnsb wflnsb vflpsb wflpsb -+ vfpsoxb wfpsoxb vflcxb wflcxb vflnxb wflnxb vflpxb wflpxb vfsqsb -+ wfsqsb wfsqxb vfssb wfssb wfsxb vftcisb wftcisb wftcixb)], -+ VXD => [qw(vlrlr vlrl vstrlr vstrl vap vcp vcvb vcvbg vcvd vcvdg vdp -+ vlip vmp vmsp vpkz vpsop vrp vsdp vsrp vsp vtp vupkz)], -+); -+Exporter::export_ok_tags(qw(MSA MSA4 MSA5 MSA8 VX VXE VXD)); -+ -+our $AUTOLOAD; -+ -+my $GR='(?:%r)?([0-9]|1[0-5])'; -+my $VR='(?:%v)?([0-9]|1[0-9]|2[0-9]|3[0-1])'; -+ -+my ($file,$out); -+ -+sub PERLASM_BEGIN -+{ -+ ($file,$out)=(shift,""); -+} -+sub PERLASM_END -+{ -+ if (defined($file)) { -+ open(my $fd,'>',$file)||die("can't open $file: $!"); -+ print({$fd}$out); -+ close($fd); -+ } else { -+ print($out); -+ } -+} -+ -+sub AUTOLOAD { -+ confess(err("PARSE")) if (grep(!defined($_),@_)); -+ my $token; -+ for ($AUTOLOAD) { -+ $token=".$1" if (/^.*::([A-Z_]+)$/); # uppercase: directive -+ $token="\t$1" if (/^.*::([a-z]+)$/); # lowercase: mnemonic -+ confess(err("PARSE")) if (!defined($token)); -+ } -+ $token.="\t" if ($#_>=0); -+ $out.=$token.join(',',@_)."\n"; -+} -+ -+sub LABEL { # label directive -+ confess(err("ARGNUM")) if ($#_!=0); -+ my ($label)=@_; -+ $out.="$label:\n"; -+} -+ -+sub INCLUDE { -+ confess(err("ARGNUM")) if ($#_!=0); -+ my ($file)=@_; -+ $out.="#include \"$file\"\n"; -+} -+ -+# -+# Mnemonics -+# -+ -+sub stfle { -+ confess(err("ARGNUM")) if ($#_!=0); -+ S(0xb2b0,@_); -+} -+ -+# MSA -+ -+sub kmac { -+ confess(err("ARGNUM")) if ($#_!=1); -+ RRE(0xb91e,@_); -+} -+ -+sub km { -+ confess(err("ARGNUM")) if ($#_!=1); -+ RRE(0xb92e,@_); -+} -+ -+sub kmc { -+ confess(err("ARGNUM")) if ($#_!=1); -+ RRE(0xb92f,@_); -+} -+ -+sub kimd { -+ confess(err("ARGNUM")) if ($#_!=1); -+ RRE(0xb93e,@_); -+} -+ -+sub klmd { -+ confess(err("ARGNUM")) if ($#_!=1); -+ RRE(0xb93f,@_); -+} -+ -+# MSA4 -+ -+sub kmf { -+ confess(err("ARGNUM")) if ($#_!=1); -+ RRE(0xb92a,@_); -+} -+ -+sub kmo { -+ confess(err("ARGNUM")) if ($#_!=1); -+ RRE(0xb92b,@_); -+} -+ -+sub pcc { -+ confess(err("ARGNUM")) if ($#_!=-1); -+ RRE(0xb92c,@_); -+} -+ -+sub kmctr { -+ confess(err("ARGNUM")) if ($#_!=2); -+ RRFb(0xb92d,@_); -+} -+ -+# MSA5 -+ -+sub prno { -+ ppno(@_); -+} -+ -+sub ppno { # deprecated, use prno -+ confess(err("ARGNUM")) if ($#_!=1); -+ RRE(0xb93c,@_); -+} -+ -+# MSA8 -+ -+sub kma { -+ confess(err("ARGNUM")) if ($#_!=2); -+ RRFb(0xb929,@_); -+} -+ -+# VX - Support Instructions -+ -+sub vgef { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRV(0xe713,@_); -+} -+sub vgeg { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRV(0xe712,@_); -+} -+ -+sub vgbm { -+ confess(err("ARGNUM")) if ($#_!=1); -+ VRIa(0xe744,@_); -+} -+sub vzero { -+ vgbm(@_,0); -+} -+sub vone { -+ vgbm(@_,0xffff); -+} -+ -+sub vgm { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRIb(0xe746,@_); -+} -+sub vgmb { -+ vgm(@_,0); -+} -+sub vgmh { -+ vgm(@_,1); -+} -+sub vgmf { -+ vgm(@_,2); -+} -+sub vgmg { -+ vgm(@_,3); -+} -+ -+sub vl { -+ confess(err("ARGNUM")) if ($#_<1||$#_>2); -+ VRX(0xe706,@_); -+} -+ -+sub vlr { -+ confess(err("ARGNUM")) if ($#_!=1); -+ VRRa(0xe756,@_); -+} -+ -+sub vlrep { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRX(0xe705,@_); -+} -+sub vlrepb { -+ vlrep(@_,0); -+} -+sub vlreph { -+ vlrep(@_,1); -+} -+sub vlrepf { -+ vlrep(@_,2); -+} -+sub vlrepg { -+ vlrep(@_,3); -+} -+ -+sub vleb { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRX(0xe700,@_); -+} -+sub vleh { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRX(0xe701,@_); -+} -+sub vlef { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRX(0xe703,@_); -+} -+sub vleg { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRX(0xe702,@_); -+} -+ -+sub vleib { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRIa(0xe740,@_); -+} -+sub vleih { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRIa(0xe741,@_); -+} -+sub vleif { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRIa(0xe743,@_); -+} -+sub vleig { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRIa(0xe742,@_); -+} -+ -+sub vlgv { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRSc(0xe721,@_); -+} -+sub vlgvb { -+ vlgv(@_,0); -+} -+sub vlgvh { -+ vlgv(@_,1); -+} -+sub vlgvf { -+ vlgv(@_,2); -+} -+sub vlgvg { -+ vlgv(@_,3); -+} -+ -+sub vllez { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRX(0xe704,@_); -+} -+sub vllezb { -+ vllez(@_,0); -+} -+sub vllezh { -+ vllez(@_,1); -+} -+sub vllezf { -+ vllez(@_,2); -+} -+sub vllezg { -+ vllez(@_,3); -+} -+ -+sub vlm { -+ confess(err("ARGNUM")) if ($#_<2||$#_>3); -+ VRSa(0xe736,@_); -+} -+ -+sub vlbb { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRX(0xe707,@_); -+} -+ -+sub vlvg { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRSb(0xe722,@_); -+} -+sub vlvgb { -+ vlvg(@_,0); -+} -+sub vlvgh { -+ vlvg(@_,1); -+} -+sub vlvgf { -+ vlvg(@_,2); -+} -+sub vlvgg { -+ vlvg(@_,3); -+} -+ -+sub vlvgp { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRf(0xe762,@_); -+} -+ -+sub vll { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRSb(0xe737,@_); -+} -+ -+sub vmrh { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe761,@_); -+} -+sub vmrhb { -+ vmrh(@_,0); -+} -+sub vmrhh { -+ vmrh(@_,1); -+} -+sub vmrhf { -+ vmrh(@_,2); -+} -+sub vmrhg { -+ vmrh(@_,3); -+} -+ -+sub vmrl { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe760,@_); -+} -+sub vmrlb { -+ vmrl(@_,0); -+} -+sub vmrlh { -+ vmrl(@_,1); -+} -+sub vmrlf { -+ vmrl(@_,2); -+} -+sub vmrlg { -+ vmrl(@_,3); -+} -+ -+sub vpk { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe794,@_); -+} -+sub vpkh { -+ vpk(@_,1); -+} -+sub vpkf { -+ vpk(@_,2); -+} -+sub vpkg { -+ vpk(@_,3); -+} -+ -+sub vpks { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRb(0xe797,@_); -+} -+sub vpksh { -+ vpks(@_,1,0); -+} -+sub vpksf { -+ vpks(@_,2,0); -+} -+sub vpksg { -+ vpks(@_,3,0); -+} -+sub vpkshs { -+ vpks(@_,1,1); -+} -+sub vpksfs { -+ vpks(@_,2,1); -+} -+sub vpksgs { -+ vpks(@_,3,1); -+} -+ -+sub vpkls { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRb(0xe795,@_); -+} -+sub vpklsh { -+ vpkls(@_,1,0); -+} -+sub vpklsf { -+ vpkls(@_,2,0); -+} -+sub vpklsg { -+ vpkls(@_,3,0); -+} -+sub vpklshs { -+ vpkls(@_,1,1); -+} -+sub vpklsfs { -+ vpkls(@_,2,1); -+} -+sub vpklsgs { -+ vpkls(@_,3,1); -+} -+ -+sub vperm { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRe(0xe78c,@_); -+} -+ -+sub vpdi { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe784,@_); -+} -+ -+sub vrep { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRIc(0xe74d,@_); -+} -+sub vrepb { -+ vrep(@_,0); -+} -+sub vreph { -+ vrep(@_,1); -+} -+sub vrepf { -+ vrep(@_,2); -+} -+sub vrepg { -+ vrep(@_,3); -+} -+ -+sub vrepi { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRIa(0xe745,@_); -+} -+sub vrepib { -+ vrepi(@_,0); -+} -+sub vrepih { -+ vrepi(@_,1); -+} -+sub vrepif { -+ vrepi(@_,2); -+} -+sub vrepig { -+ vrepi(@_,3); -+} -+ -+sub vscef { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRV(0xe71b,@_); -+} -+sub vsceg { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRV(0xe71a,@_); -+} -+ -+sub vsel { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRe(0xe78d,@_); -+} -+ -+sub vseg { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRa(0xe75f,@_); -+} -+sub vsegb { -+ vseg(@_,0); -+} -+sub vsegh { -+ vseg(@_,1); -+} -+sub vsegf { -+ vseg(@_,2); -+} -+ -+sub vst { -+ confess(err("ARGNUM")) if ($#_<1||$#_>2); -+ VRX(0xe70e,@_); -+} -+ -+sub vsteb { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRX(0xe708,@_); -+} -+sub vsteh { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRX(0xe709,@_); -+} -+sub vstef { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRX(0xe70b,@_); -+} -+sub vsteg { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRX(0xe70a,@_); -+} -+ -+sub vstm { -+ confess(err("ARGNUM")) if ($#_<2||$#_>3); -+ VRSa(0xe73e,@_); -+} -+ -+sub vstl { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRSb(0xe73f,@_); -+} -+ -+sub vuph { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRa(0xe7d7,@_); -+} -+sub vuphb { -+ vuph(@_,0); -+} -+sub vuphh { -+ vuph(@_,1); -+} -+sub vuphf { -+ vuph(@_,2); -+} -+ -+sub vuplh { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRa(0xe7d5,@_); -+} -+sub vuplhb { -+ vuplh(@_,0); -+} -+sub vuplhh { -+ vuplh(@_,1); -+} -+sub vuplhf { -+ vuplh(@_,2); -+} -+ -+sub vupl { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRa(0xe7d6,@_); -+} -+sub vuplb { -+ vupl(@_,0); -+} -+sub vuplhw { -+ vupl(@_,1); -+} -+sub vuplf { -+ vupl(@_,2); -+} -+ -+sub vupll { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRa(0xe7d4,@_); -+} -+sub vupllb { -+ vupll(@_,0); -+} -+sub vupllh { -+ vupll(@_,1); -+} -+sub vupllf { -+ vupll(@_,2); -+} -+ -+# VX - Integer Instructions -+ -+sub va { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7f3,@_); -+} -+sub vab { -+ va(@_,0); -+} -+sub vah { -+ va(@_,1); -+} -+sub vaf { -+ va(@_,2); -+} -+sub vag { -+ va(@_,3); -+} -+sub vaq { -+ va(@_,4); -+} -+ -+sub vacc { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7f1,@_); -+} -+sub vaccb { -+ vacc(@_,0); -+} -+sub vacch { -+ vacc(@_,1); -+} -+sub vaccf { -+ vacc(@_,2); -+} -+sub vaccg { -+ vacc(@_,3); -+} -+sub vaccq { -+ vacc(@_,4); -+} -+ -+sub vac { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRd(0xe7bb,@_); -+} -+sub vacq { -+ vac(@_,4); -+} -+ -+sub vaccc { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRd(0xe7b9,@_); -+} -+sub vacccq { -+ vaccc(@_,4); -+} -+ -+sub vn { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRc(0xe768,@_); -+} -+ -+sub vnc { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRc(0xe769,@_); -+} -+ -+sub vavg { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7f2,@_); -+} -+sub vavgb { -+ vavg(@_,0); -+} -+sub vavgh { -+ vavg(@_,1); -+} -+sub vavgf { -+ vavg(@_,2); -+} -+sub vavgg { -+ vavg(@_,3); -+} -+ -+sub vavgl { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7f0,@_); -+} -+sub vavglb { -+ vavgl(@_,0); -+} -+sub vavglh { -+ vavgl(@_,1); -+} -+sub vavglf { -+ vavgl(@_,2); -+} -+sub vavglg { -+ vavgl(@_,3); -+} -+ -+sub vcksm { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRc(0xe766,@_); -+} -+ -+sub vec_ { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRa(0xe7db,@_); -+} -+sub vecb { -+ vec_(@_,0); -+} -+sub vech { -+ vec_(@_,1); -+} -+sub vecf { -+ vec_(@_,2); -+} -+sub vecg { -+ vec_(@_,3); -+} -+ -+sub vecl { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRa(0xe7d9,@_); -+} -+sub veclb { -+ vecl(@_,0); -+} -+sub veclh { -+ vecl(@_,1); -+} -+sub veclf { -+ vecl(@_,2); -+} -+sub veclg { -+ vecl(@_,3); -+} -+ -+sub vceq { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRb(0xe7f8,@_); -+} -+sub vceqb { -+ vceq(@_,0,0); -+} -+sub vceqh { -+ vceq(@_,1,0); -+} -+sub vceqf { -+ vceq(@_,2,0); -+} -+sub vceqg { -+ vceq(@_,3,0); -+} -+sub vceqbs { -+ vceq(@_,0,1); -+} -+sub vceqhs { -+ vceq(@_,1,1); -+} -+sub vceqfs { -+ vceq(@_,2,1); -+} -+sub vceqgs { -+ vceq(@_,3,1); -+} -+ -+sub vch { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRb(0xe7fb,@_); -+} -+sub vchb { -+ vch(@_,0,0); -+} -+sub vchh { -+ vch(@_,1,0); -+} -+sub vchf { -+ vch(@_,2,0); -+} -+sub vchg { -+ vch(@_,3,0); -+} -+sub vchbs { -+ vch(@_,0,1); -+} -+sub vchhs { -+ vch(@_,1,1); -+} -+sub vchfs { -+ vch(@_,2,1); -+} -+sub vchgs { -+ vch(@_,3,1); -+} -+ -+sub vchl { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRb(0xe7f9,@_); -+} -+sub vchlb { -+ vchl(@_,0,0); -+} -+sub vchlh { -+ vchl(@_,1,0); -+} -+sub vchlf { -+ vchl(@_,2,0); -+} -+sub vchlg { -+ vchl(@_,3,0); -+} -+sub vchlbs { -+ vchl(@_,0,1); -+} -+sub vchlhs { -+ vchl(@_,1,1); -+} -+sub vchlfs { -+ vchl(@_,2,1); -+} -+sub vchlgs { -+ vchl(@_,3,1); -+} -+ -+sub vclz { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRa(0xe753,@_); -+} -+sub vclzb { -+ vclz(@_,0); -+} -+sub vclzh { -+ vclz(@_,1); -+} -+sub vclzf { -+ vclz(@_,2); -+} -+sub vclzg { -+ vclz(@_,3); -+} -+ -+sub vctz { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRa(0xe752,@_); -+} -+sub vctzb { -+ vctz(@_,0); -+} -+sub vctzh { -+ vctz(@_,1); -+} -+sub vctzf { -+ vctz(@_,2); -+} -+sub vctzg { -+ vctz(@_,3); -+} -+ -+sub vx { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRc(0xe76d,@_); -+} -+ -+sub vgfm { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7b4,@_); -+} -+sub vgfmb { -+ vgfm(@_,0); -+} -+sub vgfmh { -+ vgfm(@_,1); -+} -+sub vgfmf { -+ vgfm(@_,2); -+} -+sub vgfmg { -+ vgfm(@_,3); -+} -+ -+sub vgfma { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRd(0xe7bc,@_); -+} -+sub vgfmab { -+ vgfma(@_,0); -+} -+sub vgfmah { -+ vgfma(@_,1); -+} -+sub vgfmaf { -+ vgfma(@_,2); -+} -+sub vgfmag { -+ vgfma(@_,3); -+} -+ -+sub vlc { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRa(0xe7de,@_); -+} -+sub vlcb { -+ vlc(@_,0); -+} -+sub vlch { -+ vlc(@_,1); -+} -+sub vlcf { -+ vlc(@_,2); -+} -+sub vlcg { -+ vlc(@_,3); -+} -+ -+sub vlp { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRa(0xe7df,@_); -+} -+sub vlpb { -+ vlp(@_,0); -+} -+sub vlph { -+ vlp(@_,1); -+} -+sub vlpf { -+ vlp(@_,2); -+} -+sub vlpg { -+ vlp(@_,3); -+} -+ -+sub vmx { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7ff,@_); -+} -+sub vmxb { -+ vmx(@_,0); -+} -+sub vmxh { -+ vmx(@_,1); -+} -+sub vmxf { -+ vmx(@_,2); -+} -+sub vmxg { -+ vmx(@_,3); -+} -+ -+sub vmxl { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7fd,@_); -+} -+sub vmxlb { -+ vmxl(@_,0); -+} -+sub vmxlh { -+ vmxl(@_,1); -+} -+sub vmxlf { -+ vmxl(@_,2); -+} -+sub vmxlg { -+ vmxl(@_,3); -+} -+ -+sub vmn { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7fe,@_); -+} -+sub vmnb { -+ vmn(@_,0); -+} -+sub vmnh { -+ vmn(@_,1); -+} -+sub vmnf { -+ vmn(@_,2); -+} -+sub vmng { -+ vmn(@_,3); -+} -+ -+sub vmnl { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7fc,@_); -+} -+sub vmnlb { -+ vmnl(@_,0); -+} -+sub vmnlh { -+ vmnl(@_,1); -+} -+sub vmnlf { -+ vmnl(@_,2); -+} -+sub vmnlg { -+ vmnl(@_,3); -+} -+ -+sub vmal { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRd(0xe7aa,@_); -+} -+sub vmalb { -+ vmal(@_,0); -+} -+sub vmalhw { -+ vmal(@_,1); -+} -+sub vmalf { -+ vmal(@_,2); -+} -+ -+sub vmah { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRd(0xe7ab,@_); -+} -+sub vmahb { -+ vmah(@_,0); -+} -+sub vmahh { -+ vmah(@_,1); -+} -+sub vmahf { -+ vmah(@_,2); -+} -+ -+sub vmalh { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRd(0xe7a9,@_); -+} -+sub vmalhb { -+ vmalh(@_,0); -+} -+sub vmalhh { -+ vmalh(@_,1); -+} -+sub vmalhf { -+ vmalh(@_,2); -+} -+ -+sub vmae { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRd(0xe7ae,@_); -+} -+sub vmaeb { -+ vmae(@_,0); -+} -+sub vmaeh { -+ vmae(@_,1); -+} -+sub vmaef { -+ vmae(@_,2); -+} -+ -+sub vmale { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRd(0xe7ac,@_); -+} -+sub vmaleb { -+ vmale(@_,0); -+} -+sub vmaleh { -+ vmale(@_,1); -+} -+sub vmalef { -+ vmale(@_,2); -+} -+ -+sub vmao { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRd(0xe7af,@_); -+} -+sub vmaob { -+ vmao(@_,0); -+} -+sub vmaoh { -+ vmao(@_,1); -+} -+sub vmaof { -+ vmao(@_,2); -+} -+ -+sub vmalo { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRd(0xe7ad,@_); -+} -+sub vmalob { -+ vmalo(@_,0); -+} -+sub vmaloh { -+ vmalo(@_,1); -+} -+sub vmalof { -+ vmalo(@_,2); -+} -+ -+sub vmh { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7a3,@_); -+} -+sub vmhb { -+ vmh(@_,0); -+} -+sub vmhh { -+ vmh(@_,1); -+} -+sub vmhf { -+ vmh(@_,2); -+} -+ -+sub vmlh { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7a1,@_); -+} -+sub vmlhb { -+ vmlh(@_,0); -+} -+sub vmlhh { -+ vmlh(@_,1); -+} -+sub vmlhf { -+ vmlh(@_,2); -+} -+ -+sub vml { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7a2,@_); -+} -+sub vmlb { -+ vml(@_,0); -+} -+sub vmlhw { -+ vml(@_,1); -+} -+sub vmlf { -+ vml(@_,2); -+} -+ -+sub vme { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7a6,@_); -+} -+sub vmeb { -+ vme(@_,0); -+} -+sub vmeh { -+ vme(@_,1); -+} -+sub vmef { -+ vme(@_,2); -+} -+ -+sub vmle { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7a4,@_); -+} -+sub vmleb { -+ vmle(@_,0); -+} -+sub vmleh { -+ vmle(@_,1); -+} -+sub vmlef { -+ vmle(@_,2); -+} -+ -+sub vmo { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7a7,@_); -+} -+sub vmob { -+ vmo(@_,0); -+} -+sub vmoh { -+ vmo(@_,1); -+} -+sub vmof { -+ vmo(@_,2); -+} -+ -+sub vmlo { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7a5,@_); -+} -+sub vmlob { -+ vmlo(@_,0); -+} -+sub vmloh { -+ vmlo(@_,1); -+} -+sub vmlof { -+ vmlo(@_,2); -+} -+ -+sub vno { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRc(0xe76b,@_); -+} -+sub vnot { -+ vno(@_,$_[1]); -+} -+ -+sub vo { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRc(0xe76a,@_); -+} -+ -+sub vpopct { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRa(0xe750,@_); -+} -+ -+sub verllv { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe773,@_); -+} -+sub verllvb { -+ verllv(@_,0); -+} -+sub verllvh { -+ verllv(@_,1); -+} -+sub verllvf { -+ verllv(@_,2); -+} -+sub verllvg { -+ verllv(@_,3); -+} -+ -+sub verll { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRSa(0xe733,@_); -+} -+sub verllb { -+ verll(@_,0); -+} -+sub verllh { -+ verll(@_,1); -+} -+sub verllf { -+ verll(@_,2); -+} -+sub verllg { -+ verll(@_,3); -+} -+ -+sub verim { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRId(0xe772,@_); -+} -+sub verimb { -+ verim(@_,0); -+} -+sub verimh { -+ verim(@_,1); -+} -+sub verimf { -+ verim(@_,2); -+} -+sub verimg { -+ verim(@_,3); -+} -+ -+sub veslv { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe770,@_); -+} -+sub veslvb { -+ veslv(@_,0); -+} -+sub veslvh { -+ veslv(@_,1); -+} -+sub veslvf { -+ veslv(@_,2); -+} -+sub veslvg { -+ veslv(@_,3); -+} -+ -+sub vesl { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRSa(0xe730,@_); -+} -+sub veslb { -+ vesl(@_,0); -+} -+sub veslh { -+ vesl(@_,1); -+} -+sub veslf { -+ vesl(@_,2); -+} -+sub veslg { -+ vesl(@_,3); -+} -+ -+sub vesrav { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe77a,@_); -+} -+sub vesravb { -+ vesrav(@_,0); -+} -+sub vesravh { -+ vesrav(@_,1); -+} -+sub vesravf { -+ vesrav(@_,2); -+} -+sub vesravg { -+ vesrav(@_,3); -+} -+ -+sub vesra { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRSa(0xe73a,@_); -+} -+sub vesrab { -+ vesra(@_,0); -+} -+sub vesrah { -+ vesra(@_,1); -+} -+sub vesraf { -+ vesra(@_,2); -+} -+sub vesrag { -+ vesra(@_,3); -+} -+ -+sub vesrlv { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe778,@_); -+} -+sub vesrlvb { -+ vesrlv(@_,0); -+} -+sub vesrlvh { -+ vesrlv(@_,1); -+} -+sub vesrlvf { -+ vesrlv(@_,2); -+} -+sub vesrlvg { -+ vesrlv(@_,3); -+} -+ -+sub vesrl { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRSa(0xe738,@_); -+} -+sub vesrlb { -+ vesrl(@_,0); -+} -+sub vesrlh { -+ vesrl(@_,1); -+} -+sub vesrlf { -+ vesrl(@_,2); -+} -+sub vesrlg { -+ vesrl(@_,3); -+} -+ -+sub vsl { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRc(0xe774,@_); -+} -+ -+sub vslb { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRc(0xe775,@_); -+} -+ -+sub vsldb { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRId(0xe777,@_); -+} -+ -+sub vsra { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRc(0xe77e,@_); -+} -+ -+sub vsrab { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRc(0xe77f,@_); -+} -+ -+sub vsrl { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRc(0xe77c,@_); -+} -+ -+sub vsrlb { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRc(0xe77d,@_); -+} -+ -+sub vs { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7f7,@_); -+} -+sub vsb { -+ vs(@_,0); -+} -+sub vsh { -+ vs(@_,1); -+} -+sub vsf { -+ vs(@_,2); -+} -+sub vsg { -+ vs(@_,3); -+} -+sub vsq { -+ vs(@_,4); -+} -+ -+sub vscbi { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe7f5,@_); -+} -+sub vscbib { -+ vscbi(@_,0); -+} -+sub vscbih { -+ vscbi(@_,1); -+} -+sub vscbif { -+ vscbi(@_,2); -+} -+sub vscbig { -+ vscbi(@_,3); -+} -+sub vscbiq { -+ vscbi(@_,4); -+} -+ -+sub vsbi { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRd(0xe7bf,@_); -+} -+sub vsbiq { -+ vsbi(@_,4); -+} -+ -+sub vsbcbi { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRd(0xe7bd,@_); -+} -+sub vsbcbiq { -+ vsbcbi(@_,4); -+} -+ -+sub vsumg { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe765,@_); -+} -+sub vsumgh { -+ vsumg(@_,1); -+} -+sub vsumgf { -+ vsumg(@_,2); -+} -+ -+sub vsumq { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe767,@_); -+} -+sub vsumqf { -+ vsumq(@_,2); -+} -+sub vsumqg { -+ vsumq(@_,3); -+} -+ -+sub vsum { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRc(0xe764,@_); -+} -+sub vsumb { -+ vsum(@_,0); -+} -+sub vsumh { -+ vsum(@_,1); -+} -+ -+sub vtm { -+ confess(err("ARGNUM")) if ($#_!=1); -+ VRRa(0xe7d8,@_); -+} -+ -+# VX - String Instructions -+ -+sub vfae { -+ confess(err("ARGNUM")) if ($#_<3||$#_>4); -+ VRRb(0xe782,@_); -+} -+sub vfaeb { -+ vfae(@_[0..2],0,$_[3]); -+} -+sub vfaeh { -+ vfae(@_[0..2],1,$_[3]); -+} -+sub vfaef { -+ vfae(@_[0..2],2,$_[3]); -+} -+sub vfaebs { -+ $_[3]=0 if (!defined($_[3])); -+ vfae(@_[0..2],0,0x1|$_[3]); -+} -+sub vfaehs { -+ $_[3]=0 if (!defined($_[3])); -+ vfae(@_[0..2],1,0x1|$_[3]); -+} -+sub vfaefs { -+ $_[3]=0 if (!defined($_[3])); -+ vfae(@_[0..2],2,0x1|$_[3]); -+} -+sub vfaezb { -+ $_[3]=0 if (!defined($_[3])); -+ vfae(@_[0..2],0,0x2|$_[3]); -+} -+sub vfaezh { -+ $_[3]=0 if (!defined($_[3])); -+ vfae(@_[0..2],1,0x2|$_[3]); -+} -+sub vfaezf { -+ $_[3]=0 if (!defined($_[3])); -+ vfae(@_[0..2],2,0x2|$_[3]); -+} -+sub vfaezbs { -+ $_[3]=0 if (!defined($_[3])); -+ vfae(@_[0..2],0,0x3|$_[3]); -+} -+sub vfaezhs { -+ $_[3]=0 if (!defined($_[3])); -+ vfae(@_[0..2],1,0x3|$_[3]); -+} -+sub vfaezfs { -+ $_[3]=0 if (!defined($_[3])); -+ vfae(@_[0..2],2,0x3|$_[3]); -+} -+ -+sub vfee { -+ confess(err("ARGNUM")) if ($#_<3||$#_>4); -+ VRRb(0xe780,@_); -+} -+sub vfeeb { -+ vfee(@_[0..2],0,$_[3]); -+} -+sub vfeeh { -+ vfee(@_[0..2],1,$_[3]); -+} -+sub vfeef { -+ vfee(@_[0..2],2,$_[3]); -+} -+sub vfeebs { -+ vfee(@_,0,1); -+} -+sub vfeehs { -+ vfee(@_,1,1); -+} -+sub vfeefs { -+ vfee(@_,2,1); -+} -+sub vfeezb { -+ vfee(@_,0,2); -+} -+sub vfeezh { -+ vfee(@_,1,2); -+} -+sub vfeezf { -+ vfee(@_,2,2); -+} -+sub vfeezbs { -+ vfee(@_,0,3); -+} -+sub vfeezhs { -+ vfee(@_,1,3); -+} -+sub vfeezfs { -+ vfee(@_,2,3); -+} -+ -+sub vfene { -+ confess(err("ARGNUM")) if ($#_<3||$#_>4); -+ VRRb(0xe781,@_); -+} -+sub vfeneb { -+ vfene(@_[0..2],0,$_[3]); -+} -+sub vfeneh { -+ vfene(@_[0..2],1,$_[3]); -+} -+sub vfenef { -+ vfene(@_[0..2],2,$_[3]); -+} -+sub vfenebs { -+ vfene(@_,0,1); -+} -+sub vfenehs { -+ vfene(@_,1,1); -+} -+sub vfenefs { -+ vfene(@_,2,1); -+} -+sub vfenezb { -+ vfene(@_,0,2); -+} -+sub vfenezh { -+ vfene(@_,1,2); -+} -+sub vfenezf { -+ vfene(@_,2,2); -+} -+sub vfenezbs { -+ vfene(@_,0,3); -+} -+sub vfenezhs { -+ vfene(@_,1,3); -+} -+sub vfenezfs { -+ vfene(@_,2,3); -+} -+ -+sub vistr { -+ confess(err("ARGNUM")) if ($#_<2||$#_>3); -+ VRRa(0xe75c,@_[0..2],0,$_[3]); -+} -+sub vistrb { -+ vistr(@_[0..1],0,$_[2]); -+} -+sub vistrh { -+ vistr(@_[0..1],1,$_[2]); -+} -+sub vistrf { -+ vistr(@_[0..1],2,$_[2]); -+} -+sub vistrbs { -+ vistr(@_,0,1); -+} -+sub vistrhs { -+ vistr(@_,1,1); -+} -+sub vistrfs { -+ vistr(@_,2,1); -+} -+ -+sub vstrc { -+ confess(err("ARGNUM")) if ($#_<4||$#_>5); -+ VRRd(0xe78a,@_); -+} -+sub vstrcb { -+ vstrc(@_[0..3],0,$_[4]); -+} -+sub vstrch { -+ vstrc(@_[0..3],1,$_[4]); -+} -+sub vstrcf { -+ vstrc(@_[0..3],2,$_[4]); -+} -+sub vstrcbs { -+ $_[4]=0 if (!defined($_[4])); -+ vstrc(@_[0..3],0,0x1|$_[4]); -+} -+sub vstrchs { -+ $_[4]=0 if (!defined($_[4])); -+ vstrc(@_[0..3],1,0x1|$_[4]); -+} -+sub vstrcfs { -+ $_[4]=0 if (!defined($_[4])); -+ vstrc(@_[0..3],2,0x1|$_[4]); -+} -+sub vstrczb { -+ $_[4]=0 if (!defined($_[4])); -+ vstrc(@_[0..3],0,0x2|$_[4]); -+} -+sub vstrczh { -+ $_[4]=0 if (!defined($_[4])); -+ vstrc(@_[0..3],1,0x2|$_[4]); -+} -+sub vstrczf { -+ $_[4]=0 if (!defined($_[4])); -+ vstrc(@_[0..3],2,0x2|$_[4]); -+} -+sub vstrczbs { -+ $_[4]=0 if (!defined($_[4])); -+ vstrc(@_[0..3],0,0x3|$_[4]); -+} -+sub vstrczhs { -+ $_[4]=0 if (!defined($_[4])); -+ vstrc(@_[0..3],1,0x3|$_[4]); -+} -+sub vstrczfs { -+ $_[4]=0 if (!defined($_[4])); -+ vstrc(@_[0..3],2,0x3|$_[4]); -+} -+ -+# VX - Floating-point Instructions -+ -+sub vfa { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRc(0xe7e3,@_); -+} -+sub vfadb { -+ vfa(@_,3,0); -+} -+sub wfadb { -+ vfa(@_,3,8); -+} -+ -+sub wfc { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRa(0xe7cb,@_); -+} -+sub wfcdb { -+ wfc(@_,3,0); -+} -+ -+sub wfk { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRa(0xe7ca,@_); -+} -+sub wfksb { -+ wfk(@_,2,0); -+} -+sub wfkdb { -+ wfk(@_,3,0); -+} -+sub wfkxb { -+ wfk(@_,4,0); -+} -+ -+sub vfce { -+ confess(err("ARGNUM")) if ($#_!=5); -+ VRRc(0xe7e8,@_); -+} -+sub vfcedb { -+ vfce(@_,3,0,0); -+} -+sub vfcedbs { -+ vfce(@_,3,0,1); -+} -+sub wfcedb { -+ vfce(@_,3,8,0); -+} -+sub wfcedbs { -+ vfce(@_,3,8,1); -+} -+ -+sub vfch { -+ confess(err("ARGNUM")) if ($#_!=5); -+ VRRc(0xe7eb,@_); -+} -+sub vfchdb { -+ vfch(@_,3,0,0); -+} -+sub vfchdbs { -+ vfch(@_,3,0,1); -+} -+sub wfchdb { -+ vfch(@_,3,8,0); -+} -+sub wfchdbs { -+ vfch(@_,3,8,1); -+} -+ -+sub vfche { -+ confess(err("ARGNUM")) if ($#_!=5); -+ VRRc(0xe7ea,@_); -+} -+sub vfchedb { -+ vfche(@_,3,0,0); -+} -+sub vfchedbs { -+ vfche(@_,3,0,1); -+} -+sub wfchedb { -+ vfche(@_,3,8,0); -+} -+sub wfchedbs { -+ vfche(@_,3,8,1); -+} -+ -+sub vcdg { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRa(0xe7c3,@_); -+} -+sub vcdgb { -+ vcdg(@_[0..1],3,@_[2..3]); -+} -+sub wcdgb { -+ vcdg(@_[0..1],3,0x8|$_[2],$_[3]); -+} -+ -+sub vcdlg { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRa(0xe7c1,@_); -+} -+sub vcdlgb { -+ vcdlg(@_[0..1],3,@_[2..3]); -+} -+sub wcdlgb { -+ vcdlg(@_[0..1],3,0x8|$_[2],$_[3]); -+} -+ -+sub vcgd { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRa(0xe7c2,@_); -+} -+sub vcgdb { -+ vcgd(@_[0..1],3,@_[2..3]); -+} -+sub wcgdb { -+ vcgd(@_[0..1],3,0x8|$_[2],$_[3]); -+} -+ -+sub vclgd { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRa(0xe7c0,@_); -+} -+sub vclgdb { -+ vclgd(@_[0..1],3,@_[2..3]); -+} -+sub wclgdb { -+ vclgd(@_[0..1],3,0x8|$_[2],$_[3]); -+} -+ -+sub vfd { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRc(0xe7e5,@_); -+} -+sub vfddb { -+ vfd(@_,3,0); -+} -+sub wfddb { -+ vfd(@_,3,8); -+} -+ -+sub vfi { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRa(0xe7c7,@_); -+} -+sub vfidb { -+ vfi(@_[0..1],3,@_[2..3]); -+} -+sub wfidb { -+ vfi(@_[0..1],3,0x8|$_[2],$_[3]); -+} -+ -+sub vlde { # deprecated, use vfll -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRa(0xe7c4,@_); -+} -+sub vldeb { # deprecated, use vflls -+ vlde(@_,2,0); -+} -+sub wldeb { # deprecated, use wflls -+ vlde(@_,2,8); -+} -+ -+sub vled { # deprecated, use vflr -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRa(0xe7c5,@_); -+} -+sub vledb { # deprecated, use vflrd -+ vled(@_[0..1],3,@_[2..3]); -+} -+sub wledb { # deprecated, use wflrd -+ vled(@_[0..1],3,0x8|$_[2],$_[3]); -+} -+ -+sub vfm { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRc(0xe7e7,@_); -+} -+sub vfmdb { -+ vfm(@_,3,0); -+} -+sub wfmdb { -+ vfm(@_,3,8); -+} -+ -+sub vfma { -+ confess(err("ARGNUM")) if ($#_!=5); -+ VRRe(0xe78f,@_); -+} -+sub vfmadb { -+ vfma(@_,0,3); -+} -+sub wfmadb { -+ vfma(@_,8,3); -+} -+ -+sub vfms { -+ confess(err("ARGNUM")) if ($#_!=5); -+ VRRe(0xe78e,@_); -+} -+sub vfmsdb { -+ vfms(@_,0,3); -+} -+sub wfmsdb { -+ vfms(@_,8,3); -+} -+ -+sub vfpso { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRa(0xe7cc,@_); -+} -+sub vfpsodb { -+ vfpso(@_[0..1],3,0,$_[2]); -+} -+sub wfpsodb { -+ vfpso(@_[0..1],3,8,$_[2]); -+} -+sub vflcdb { -+ vfpso(@_,3,0,0); -+} -+sub wflcdb { -+ vfpso(@_,3,8,0); -+} -+sub vflndb { -+ vfpso(@_,3,0,1); -+} -+sub wflndb { -+ vfpso(@_,3,8,1); -+} -+sub vflpdb { -+ vfpso(@_,3,0,2); -+} -+sub wflpdb { -+ vfpso(@_,3,8,2); -+} -+ -+sub vfsq { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRRa(0xe7ce,@_); -+} -+sub vfsqdb { -+ vfsq(@_,3,0); -+} -+sub wfsqdb { -+ vfsq(@_,3,8); -+} -+ -+sub vfs { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRRc(0xe7e2,@_); -+} -+sub vfsdb { -+ vfs(@_,3,0); -+} -+sub wfsdb { -+ vfs(@_,3,8); -+} -+ -+sub vftci { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRIe(0xe74a,@_); -+} -+sub vftcidb { -+ vftci(@_,3,0); -+} -+sub wftcidb { -+ vftci(@_,3,8); -+} -+ -+# VXE - Support Instructions -+ -+sub vbperm { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRc(0xe785,@_); -+} -+ -+sub vllezlf { -+ vllez(@_,6); -+} -+ -+# VXE - Integer Instructions -+ -+sub vmsl { -+ confess(err("ARGNUM")) if ($#_!=5); -+ VRRd(0xe7b8,@_); -+} -+sub vmslg { -+ vmsl(@_[0..3],3,$_[4]); -+} -+ -+sub vnx { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRc(0xe76c,@_); -+} -+ -+sub vnn { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRc(0xe76e,@_); -+} -+ -+sub voc { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRc(0xe76f,@_); -+} -+ -+sub vpopctb { -+ vpopct(@_,0); -+} -+sub vpopcth { -+ vpopct(@_,1); -+} -+sub vpopctf { -+ vpopct(@_,2); -+} -+sub vpopctg { -+ vpopct(@_,3); -+} -+ -+# VXE - Floating-Point Instructions -+ -+sub vfasb { -+ vfa(@_,2,0); -+} -+sub wfasb { -+ vfa(@_,2,8); -+} -+sub wfaxb { -+ vfa(@_,4,8); -+} -+ -+sub wfcsb { -+ wfc(@_,2,0); -+} -+sub wfcxb { -+ wfc(@_,4,0); -+} -+ -+sub vfcesb { -+ vfce(@_,2,0,0); -+} -+sub vfcesbs { -+ vfce(@_,2,0,1); -+} -+sub wfcesb { -+ vfce(@_,2,8,0); -+} -+sub wfcesbs { -+ vfce(@_,2,8,1); -+} -+sub wfcexb { -+ vfce(@_,4,8,0); -+} -+sub wfcexbs { -+ vfce(@_,4,8,1); -+} -+ -+sub vfchsb { -+ vfch(@_,2,0,0); -+} -+sub vfchsbs { -+ vfch(@_,2,0,1); -+} -+sub wfchsb { -+ vfch(@_,2,8,0); -+} -+sub wfchsbs { -+ vfch(@_,2,8,1); -+} -+sub wfchxb { -+ vfch(@_,4,8,0); -+} -+sub wfchxbs { -+ vfch(@_,4,8,1); -+} -+ -+sub vfchesb { -+ vfche(@_,2,0,0); -+} -+sub vfchesbs { -+ vfche(@_,2,0,1); -+} -+sub wfchesb { -+ vfche(@_,2,8,0); -+} -+sub wfchesbs { -+ vfche(@_,2,8,1); -+} -+sub wfchexb { -+ vfche(@_,4,8,0); -+} -+sub wfchexbs { -+ vfche(@_,4,8,1); -+} -+ -+sub vfdsb { -+ vfd(@_,2,0); -+} -+sub wfdsb { -+ vfd(@_,2,8); -+} -+sub wfdxb { -+ vfd(@_,4,8); -+} -+ -+sub vfisb { -+ vfi(@_[0..1],2,@_[2..3]); -+} -+sub wfisb { -+ vfi(@_[0..1],2,0x8|$_[2],$_[3]); -+} -+sub wfixb { -+ vfi(@_[0..1],4,0x8|$_[2],$_[3]); -+} -+ -+sub vfll { -+ vlde(@_); -+} -+sub vflls { -+ vfll(@_,2,0); -+} -+sub wflls { -+ vfll(@_,2,8); -+} -+sub wflld { -+ vfll(@_,3,8); -+} -+ -+sub vflr { -+ vled(@_); -+} -+sub vflrd { -+ vflr(@_[0..1],3,@_[2..3]); -+} -+sub wflrd { -+ vflr(@_[0..1],3,0x8|$_[2],$_[3]); -+} -+sub wflrx { -+ vflr(@_[0..1],4,0x8|$_[2],$_[3]); -+} -+ -+sub vfmax { -+ confess(err("ARGNUM")) if ($#_!=5); -+ VRRc(0xe7ef,@_); -+} -+sub vfmaxsb { -+ vfmax(@_[0..2],2,0,$_[3]); -+} -+sub vfmaxdb { -+ vfmax(@_[0..2],3,0,$_[3]); -+} -+sub wfmaxsb { -+ vfmax(@_[0..2],2,8,$_[3]); -+} -+sub wfmaxdb { -+ vfmax(@_[0..2],3,8,$_[3]); -+} -+sub wfmaxxb { -+ vfmax(@_[0..2],4,8,$_[3]); -+} -+ -+sub vfmin { -+ confess(err("ARGNUM")) if ($#_!=5); -+ VRRc(0xe7ee,@_); -+} -+sub vfminsb { -+ vfmin(@_[0..2],2,0,$_[5]); -+} -+sub vfmindb { -+ vfmin(@_[0..2],3,0,$_[5]); -+} -+sub wfminsb { -+ vfmin(@_[0..2],2,8,$_[5]); -+} -+sub wfmindb { -+ vfmin(@_[0..2],3,8,$_[5]); -+} -+sub wfminxb { -+ vfmin(@_[0..2],4,8,$_[5]); -+} -+ -+sub vfmsb { -+ vfm(@_,2,0); -+} -+sub wfmsb { -+ vfm(@_,2,8); -+} -+sub wfmxb { -+ vfm(@_,4,8); -+} -+ -+sub vfmasb { -+ vfma(@_,0,2); -+} -+sub wfmasb { -+ vfma(@_,8,2); -+} -+sub wfmaxb { -+ vfma(@_,8,4); -+} -+ -+sub vfmssb { -+ vfms(@_,0,2); -+} -+sub wfmssb { -+ vfms(@_,8,2); -+} -+sub wfmsxb { -+ vfms(@_,8,4); -+} -+ -+sub vfnma { -+ confess(err("ARGNUM")) if ($#_!=5); -+ VRRe(0xe79f,@_); -+} -+sub vfnmasb { -+ vfnma(@_,0,2); -+} -+sub vfnmadb { -+ vfnma(@_,0,3); -+} -+sub wfnmasb { -+ vfnma(@_,8,2); -+} -+sub wfnmadb { -+ vfnma(@_,8,3); -+} -+sub wfnmaxb { -+ vfnma(@_,8,4); -+} -+ -+sub vfnms { -+ confess(err("ARGNUM")) if ($#_!=5); -+ VRRe(0xe79e,@_); -+} -+sub vfnmssb { -+ vfnms(@_,0,2); -+} -+sub vfnmsdb { -+ vfnms(@_,0,3); -+} -+sub wfnmssb { -+ vfnms(@_,8,2); -+} -+sub wfnmsdb { -+ vfnms(@_,8,3); -+} -+sub wfnmsxb { -+ vfnms(@_,8,4); -+} -+ -+sub vfpsosb { -+ vfpso(@_[0..1],2,0,$_[2]); -+} -+sub wfpsosb { -+ vfpso(@_[0..1],2,8,$_[2]); -+} -+sub vflcsb { -+ vfpso(@_,2,0,0); -+} -+sub wflcsb { -+ vfpso(@_,2,8,0); -+} -+sub vflnsb { -+ vfpso(@_,2,0,1); -+} -+sub wflnsb { -+ vfpso(@_,2,8,1); -+} -+sub vflpsb { -+ vfpso(@_,2,0,2); -+} -+sub wflpsb { -+ vfpso(@_,2,8,2); -+} -+sub vfpsoxb { -+ vfpso(@_[0..1],4,0,$_[2]); -+} -+sub wfpsoxb { -+ vfpso(@_[0..1],4,8,$_[2]); -+} -+sub vflcxb { -+ vfpso(@_,4,0,0); -+} -+sub wflcxb { -+ vfpso(@_,4,8,0); -+} -+sub vflnxb { -+ vfpso(@_,4,0,1); -+} -+sub wflnxb { -+ vfpso(@_,4,8,1); -+} -+sub vflpxb { -+ vfpso(@_,4,0,2); -+} -+sub wflpxb { -+ vfpso(@_,4,8,2); -+} -+ -+sub vfsqsb { -+ vfsq(@_,2,0); -+} -+sub wfsqsb { -+ vfsq(@_,2,8); -+} -+sub wfsqxb { -+ vfsq(@_,4,8); -+} -+ -+sub vfssb { -+ vfs(@_,2,0); -+} -+sub wfssb { -+ vfs(@_,2,8); -+} -+sub wfsxb { -+ vfs(@_,4,8); -+} -+ -+sub vftcisb { -+ vftci(@_,2,0); -+} -+sub wftcisb { -+ vftci(@_,2,8); -+} -+sub wftcixb { -+ vftci(@_,4,8); -+} -+ -+# VXD - Support Instructions -+ -+sub vlrlr { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRSd(0xe637,@_); -+} -+ -+sub vlrl { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VSI(0xe635,@_); -+} -+ -+sub vstrlr { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRSd(0xe63f,@_); -+} -+ -+sub vstrl { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VSI(0xe63d,@_); -+} -+ -+sub vap { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRIf(0xe671,@_); -+} -+ -+sub vcp { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRh(0xe677,@_); -+} -+ -+sub vcvb { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRi(0xe650,@_); -+} -+ -+sub vcvbg { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRRi(0xe652,@_); -+} -+ -+sub vcvd { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRIi(0xe658,@_); -+} -+ -+sub vcvdg { -+ confess(err("ARGNUM")) if ($#_!=3); -+ VRIi(0xe65a,@_); -+} -+ -+sub vdp { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRIf(0xe67a,@_); -+} -+ -+sub vlip { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VRIh(0xe649,@_); -+} -+ -+sub vmp { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRIf(0xe678,@_); -+} -+ -+sub vmsp { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRIf(0xe679,@_); -+} -+ -+sub vpkz { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VSI(0xe634,@_); -+} -+ -+sub vpsop { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRIg(0xe65b,@_); -+} -+ -+sub vrp { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRIf(0xe67b,@_); -+} -+ -+sub vsdp { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRIf(0xe67e,@_); -+} -+ -+sub vsrp { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRIg(0xe659,@_); -+} -+ -+sub vsp { -+ confess(err("ARGNUM")) if ($#_!=4); -+ VRIf(0xe673,@_); -+} -+ -+sub vtp { -+ confess(err("ARGNUM")) if ($#_!=0); -+ VRRg(0xe65f,@_); -+} -+ -+sub vupkz { -+ confess(err("ARGNUM")) if ($#_!=2); -+ VSI(0xe63c,@_); -+} -+ -+# -+# Instruction Formats -+# -+ -+sub RRE { -+ confess(err("ARGNUM")) if ($#_<0||2<$#_); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$r1,$r2)=(shift,get_R(shift),get_R(shift)); -+ -+ $out.="\t.long\t".sprintf("%#010x",($opcode<<16|$r1<<4|$r2)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub RRFb { -+ confess(err("ARGNUM")) if ($#_<3||4<$#_); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$r1,$r3,$r2,$m4)=(shift,get_R(shift),get_R(shift) -+ ,get_R(shift),get_M(shift)); -+ -+ $out.="\t.long\t" -+ .sprintf("%#010x",($opcode<<16|$r3<<12|$m4<<8|$r1<<4|$r2)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub S { -+ confess(err("ARGNUM")) if ($#_<0||1<$#_); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$d2,$b2)=(shift,get_DB(shift)); -+ -+ $out.="\t.long\t".sprintf("%#010x",($opcode<<16|$b2<<12|$d2)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRIa { -+ confess(err("ARGNUM")) if ($#_<2||3<$#_); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$i2,$m3)=(shift,get_V(shift),get_I(shift,16), -+ get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)).","; -+ $out.=sprintf("%#06x",$i2).","; -+ $out.=sprintf("%#06x",($m3<<12|RXB($v1)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRIb { -+ confess(err("ARGNUM")) if ($#_!=4); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$i2,$i3,$m4)=(shift,get_V(shift),get_I(shift,8), -+ ,get_I(shift,8),get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)).","; -+ $out.=sprintf("%#06x",($i2<<8|$i3)).","; -+ $out.=sprintf("%#06x",($m4<<12|RXB($v1)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRIc { -+ confess(err("ARGNUM")) if ($#_!=4); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$v3,$i2,$m4)=(shift,get_V(shift),get_V(shift), -+ ,get_I(shift,16),get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v3&0xf)).","; -+ $out.=sprintf("%#06x",$i2).","; -+ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v3)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRId { -+ confess(err("ARGNUM")) if ($#_<4||$#_>5); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$v2,$v3,$i4,$m5)=(shift,get_V(shift),get_V(shift), -+ ,get_V(shift),get_I(shift,8),get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).","; -+ $out.=sprintf("%#06x",(($v3&0xf)<<12|$i4)).","; -+ $out.=sprintf("%#06x",($m5<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRIe { -+ confess(err("ARGNUM")) if ($#_!=5); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$v2,$i3,$m4,$m5)=(shift,get_V(shift),get_V(shift), -+ ,get_I(shift,12),get_M(shift),get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).","; -+ $out.=sprintf("%#06x",($i3<<4|$m5)).","; -+ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v2)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRIf { -+ confess(err("ARGNUM")) if ($#_!=5); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$v2,$v3,$i4,$m5)=(shift,get_V(shift),get_V(shift), -+ ,get_V(shift),get_I(shift,8),get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).","; -+ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m5<<4)|$i4>>4).","; -+ $out.=sprintf("%#06x",(($i4&0xf)<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRIg { -+ confess(err("ARGNUM")) if ($#_!=5); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$v2,$i3,$i4,$m5)=(shift,get_V(shift),get_V(shift), -+ ,get_I(shift,8),get_I(shift,8),get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).","; -+ $out.=sprintf("%#06x",($i4<<8|$m5<<4|$i3>>4)).","; -+ $out.=sprintf("%#06x",(($i3&0xf)<<12|RXB($v1,$v2)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRIh { -+ confess(err("ARGNUM")) if ($#_!=3); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$i2,$i3)=(shift,get_V(shift),get_I(shift,16), -+ get_I(shift,4)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)).","; -+ $out.=sprintf("%#06x",$i2).","; -+ $out.=sprintf("%#06x",($i3<<12|RXB($v1)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRIi { -+ confess(err("ARGNUM")) if ($#_!=4); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$r2,$i3,$m4)=(shift,get_V(shift),get_R(shift), -+ ,get_I(shift,8),get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|$r2).","; -+ $out.=sprintf("%#06x",($m4<<4|$i3>>4)).","; -+ $out.=sprintf("%#06x",(($i3&0xf)<<12|RXB($v1)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRRa { -+ confess(err("ARGNUM")) if ($#_<2||5<$#_); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$v2,$m3,$m4,$m5)=(shift,get_V(shift),get_V(shift), -+ get_M(shift),get_M(shift),get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; -+ $out.=sprintf("%#06x",($m5<<4|$m4)).","; -+ $out.=sprintf("%#06x",($m3<<12|RXB($v1,$v2)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRRb { -+ confess(err("ARGNUM")) if ($#_<3||5<$#_); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$v2,$v3,$m4,$m5)=(shift,get_V(shift),get_V(shift), -+ get_V(shift),get_M(shift),get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; -+ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m5<<4)).","; -+ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRRc { -+ confess(err("ARGNUM")) if ($#_<3||6<$#_); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$v2,$v3,$m4,$m5,$m6)=(shift,get_V(shift),get_V(shift), -+ get_V(shift),get_M(shift),get_M(shift),get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; -+ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m6<<4|$m5)).","; -+ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRRd { -+ confess(err("ARGNUM")) if ($#_<4||6<$#_); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$v2,$v3,$v4,$m5,$m6)=(shift,get_V(shift),get_V(shift), -+ get_V(shift),get_V(shift),get_M(shift),get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; -+ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m5<<8|$m6<<4)).","; -+ $out.=sprintf("%#06x",(($v4&0xf)<<12|RXB($v1,$v2,$v3,$v4)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRRe { -+ confess(err("ARGNUM")) if ($#_<4||6<$#_); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$v2,$v3,$v4,$m5,$m6)=(shift,get_V(shift),get_V(shift), -+ get_V(shift),get_V(shift),get_M(shift),get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; -+ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m6<<8|$m5)).","; -+ $out.=sprintf("%#06x",(($v4&0xf)<<12|RXB($v1,$v2,$v3,$v4)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRRf { -+ confess(err("ARGNUM")) if ($#_!=3); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$r2,$r3)=(shift,get_V(shift),get_R(shift), -+ get_R(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|$r2)).","; -+ $out.=sprintf("%#06x",($r3<<12)).","; -+ $out.=sprintf("%#06x",(RXB($v1)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRRg { -+ confess(err("ARGNUM")) if ($#_!=1); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1)=(shift,get_V(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf))).","; -+ $out.=sprintf("%#06x",0x0000).","; -+ $out.=sprintf("%#06x",(RXB(0,$v1)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRRh { -+ confess(err("ARGNUM")) if ($#_<2||$#_>3); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$v2,$m3)=(shift,get_V(shift),get_V(shift), -+ get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf))).","; -+ $out.=sprintf("%#06x",(($v2&0xf)<<12|$m3<<4)).","; -+ $out.=sprintf("%#06x",(RXB(0,$v1,$v2)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRRi { -+ confess(err("ARGNUM")) if ($#_!=3); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$r1,$v2,$m3)=(shift,get_R(shift),get_V(shift), -+ get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|$r1<<4|($v2&0xf))).","; -+ $out.=sprintf("%#06x",($m3<<4))."\,"; -+ $out.=sprintf("%#06x",(RXB(0,$v2)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRSa { -+ confess(err("ARGNUM")) if ($#_<3||$#_>4); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$v3,$d2,$b2,$m4)=(shift,get_V(shift),get_V(shift), -+ get_DB(shift),get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v3&0xf))).","; -+ $out.=sprintf("%#06x",($b2<<12|$d2)).","; -+ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v3)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRSb { -+ confess(err("ARGNUM")) if ($#_<3||$#_>4); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$r3,$d2,$b2,$m4)=(shift,get_V(shift),get_R(shift), -+ get_DB(shift),get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|$r3)).","; -+ $out.=sprintf("%#06x",($b2<<12|$d2)).","; -+ $out.=sprintf("%#06x",($m4<<12|RXB($v1)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRSc { -+ confess(err("ARGNUM")) if ($#_!=4); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$r1,$v3,$d2,$b2,$m4)=(shift,get_R(shift),get_V(shift), -+ get_DB(shift),get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|$r1<<4|($v3&0xf))).","; -+ $out.=sprintf("%#06x",($b2<<12|$d2)).","; -+ $out.=sprintf("%#06x",($m4<<12|RXB(0,$v3)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRSd { -+ confess(err("ARGNUM")) if ($#_!=3); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$r3,$d2,$b2)=(shift,get_V(shift),get_R(shift), -+ get_DB(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|$r3)).","; -+ $out.=sprintf("%#06x",($b2<<12|$d2)).","; -+ $out.=sprintf("%#06x",(($v1&0xf)<<12|RXB(0,0,0,$v1)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRV { -+ confess(err("ARGNUM")) if ($#_<2||$#_>3); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$d2,$v2,$b2,$m3)=(shift,get_V(shift),get_DVB(shift), -+ get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; -+ $out.=sprintf("%#06x",($b2<<12|$d2)).","; -+ $out.=sprintf("%#06x",($m3<<12|RXB($v1,$v2)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VRX { -+ confess(err("ARGNUM")) if ($#_<2||$#_>3); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$d2,$x2,$b2,$m3)=(shift,get_V(shift),get_DXB(shift), -+ get_M(shift)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($x2))).","; -+ $out.=sprintf("%#06x",($b2<<12|$d2)).","; -+ $out.=sprintf("%#06x",($m3<<12|RXB($v1)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+sub VSI { -+ confess(err("ARGNUM")) if ($#_!=3); -+ my $ops=join(',',@_[1..$#_]); -+ my $memn=(caller(1))[3]; -+ $memn=~s/^.*:://; -+ my ($opcode,$v1,$d2,$b2,$i3)=(shift,get_V(shift),get_DB(shift), -+ get_I(shift,8)); -+ -+ $out.="\t.word\t"; -+ $out.=sprintf("%#06x",($opcode&0xff00|$i3)).","; -+ $out.=sprintf("%#06x",($b2<<12|$d2)).","; -+ $out.=sprintf("%#06x",(($v1&0xf)<<12|RXB(0,0,0,$v1)<<8|$opcode&0xff)); -+ $out.="\t# $memn\t$ops\n" -+} -+ -+# -+# Internal -+# -+ -+sub get_R { -+ confess(err("ARGNUM")) if ($#_!=0); -+ my $r; -+ -+ for (shift) { -+ if (!defined) { -+ $r=0; -+ } elsif (/^$GR$/) { -+ $r=$1; -+ } else { -+ confess(err("PARSE")); -+ } -+ } -+ confess(err("ARGRANGE")) if ($r&~0xf); -+ -+ return $r; -+} -+ -+sub get_V { -+ confess(err("ARGNUM")) if ($#_!=0); -+ my $v; -+ -+ for (shift) { -+ if (!defined) { -+ $v=0; -+ } elsif (/^$VR$/) { -+ $v=$1; -+ } else { -+ confess(err("PARSE")); -+ } -+ } -+ confess(err("ARGRANGE")) if ($v&~0x1f); -+ -+ return $v; -+} -+ -+sub get_I { -+ confess(err("ARGNUM")) if ($#_!=1); -+ my ($i,$bits)=(shift,shift); -+ -+ $i=defined($i)?(eval($i)):(0); -+ confess(err("PARSE")) if (!defined($i)); -+ confess(err("ARGRANGE")) if (abs($i)&~(2**$bits-1)); -+ -+ return $i&(2**$bits-1); -+} -+ -+sub get_M { -+ confess(err("ARGNUM")) if ($#_!=0); -+ my $m=shift; -+ -+ $m=defined($m)?(eval($m)):(0); -+ confess(err("PARSE")) if (!defined($m)); -+ confess(err("ARGRANGE")) if ($m&~0xf); -+ -+ return $m; -+} -+ -+sub get_DB -+{ -+ confess(err("ARGNUM")) if ($#_!=0); -+ my ($d,$b); -+ -+ for (shift) { -+ if (!defined) { -+ ($d,$b)=(0,0); -+ } elsif (/^(.+)\($GR\)$/) { -+ ($d,$b)=(eval($1),$2); -+ confess(err("PARSE")) if (!defined($d)); -+ } elsif (/^(.+)$/) { -+ ($d,$b)=(eval($1),0); -+ confess(err("PARSE")) if (!defined($d)); -+ } else { -+ confess(err("PARSE")); -+ } -+ } -+ confess(err("ARGRANGE")) if ($d&~0xfff||$b&~0xf); -+ -+ return ($d,$b); -+} -+ -+sub get_DVB -+{ -+ confess(err("ARGNUM")) if ($#_!=0); -+ my ($d,$v,$b); -+ -+ for (shift) { -+ if (!defined) { -+ ($d,$v,$b)=(0,0,0); -+ } elsif (/^(.+)\($VR,$GR\)$/) { -+ ($d,$v,$b)=(eval($1),$2,$3); -+ confess(err("PARSE")) if (!defined($d)); -+ } elsif (/^(.+)\($GR\)$/) { -+ ($d,$v,$b)=(eval($1),0,$2); -+ confess(err("PARSE")) if (!defined($d)); -+ } elsif (/^(.+)$/) { -+ ($d,$v,$b)=(eval($1),0,0); -+ confess(err("PARSE")) if (!defined($d)); -+ } else { -+ confess(err("PARSE")); -+ } -+ } -+ confess(err("ARGRANGE")) if ($d&~0xfff||$v&~0x1f||$b&~0xf); -+ -+ return ($d,$v,$b); -+} -+ -+sub get_DXB -+{ -+ confess(err("ARGNUM")) if ($#_!=0); -+ my ($d,$x,$b); -+ -+ for (shift) { -+ if (!defined) { -+ ($d,$x,$b)=(0,0,0); -+ } elsif (/^(.+)\($GR,$GR\)$/) { -+ ($d,$x,$b)=(eval($1),$2,$3); -+ confess(err("PARSE")) if (!defined($d)); -+ } elsif (/^(.+)\($GR\)$/) { -+ ($d,$x,$b)=(eval($1),0,$2); -+ confess(err("PARSE")) if (!defined($d)); -+ } elsif (/^(.+)$/) { -+ ($d,$x,$b)=(eval($1),0,0); -+ confess(err("PARSE")) if (!defined($d)); -+ } else { -+ confess(err("PARSE")); -+ } -+ } -+ confess(err("ARGRANGE")) if ($d&~0xfff||$x&~0xf||$b&~0xf); -+ -+ return ($d,$x,$b); -+} -+ -+sub RXB -+{ -+ confess(err("ARGNUM")) if ($#_<0||3<$#_); -+ my $rxb=0; -+ -+ $rxb|=0x08 if (defined($_[0])&&($_[0]&0x10)); -+ $rxb|=0x04 if (defined($_[1])&&($_[1]&0x10)); -+ $rxb|=0x02 if (defined($_[2])&&($_[2]&0x10)); -+ $rxb|=0x01 if (defined($_[3])&&($_[3]&0x10)); -+ -+ return $rxb; -+} -+ -+sub err { -+ my %ERR = -+ ( -+ ARGNUM => 'Wrong number of arguments', -+ ARGRANGE=> 'Argument out of range', -+ PARSE => 'Parse error', -+ ); -+ confess($ERR{ARGNUM}) if ($#_!=0); -+ -+ return $ERR{$_[0]}; -+} -+ -+1; -diff -up openssl-1.1.1e/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update openssl-1.1.1e/crypto/poly1305/asm/poly1305-s390x.pl ---- openssl-1.1.1e/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update 2020-03-19 16:20:22.041227359 +0100 -+++ openssl-1.1.1e/crypto/poly1305/asm/poly1305-s390x.pl 2020-03-19 16:23:22.364098257 +0100 -@@ -24,204 +24,961 @@ - # - # On side note, z13 enables vector base 2^26 implementation... - --$flavour = shift; -+# -+# January 2019 -+# -+# Add vx code path (base 2^26). -+# -+# Copyright IBM Corp. 2019 -+# Author: Patrick Steuer -+ -+# -+# January 2019 -+# -+# Add vector base 2^26 implementation. It's problematic to accurately -+# measure performance, because reference system is hardly idle. But -+# it's sub-cycle, i.e. less than 1 cycle per processed byte, and it's -+# >=20% faster than IBM's submission on long inputs, and much faster on -+# short ones, because calculation of key powers is postponed till we -+# know that input is long enough to justify the additional overhead. -+ -+use strict; -+use FindBin qw($Bin); -+use lib "$Bin/../.."; -+use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE); -+ -+my $flavour = shift; - -+my ($z,$SIZE_T); - if ($flavour =~ /3[12]/) { -+ $z=0; # S/390 ABI - $SIZE_T=4; -- $g=""; - } else { -+ $z=1; # zSeries ABI - $SIZE_T=8; -- $g="g"; - } - -+my $output; - while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} --open STDOUT,">$output"; - --$sp="%r15"; -+my $stdframe=16*$SIZE_T+4*8; -+my $sp="%r15"; - - my ($ctx,$inp,$len,$padbit) = map("%r$_",(2..5)); - --$code.=<<___; --.text -+PERLASM_BEGIN($output); - --.globl poly1305_init --.type poly1305_init,\@function --.align 16 --poly1305_init: -- lghi %r0,0 -- lghi %r1,-1 -- stg %r0,0($ctx) # zero hash value -- stg %r0,8($ctx) -- stg %r0,16($ctx) -- -- cl${g}r $inp,%r0 -- je .Lno_key -- -- lrvg %r4,0($inp) # load little-endian key -- lrvg %r5,8($inp) -- -- nihl %r1,0xffc0 # 0xffffffc0ffffffff -- srlg %r0,%r1,4 # 0x0ffffffc0fffffff -- srlg %r1,%r1,4 -- nill %r1,0xfffc # 0x0ffffffc0ffffffc -- -- ngr %r4,%r0 -- ngr %r5,%r1 -- -- stg %r4,32($ctx) -- stg %r5,40($ctx) -- --.Lno_key: -- lghi %r2,0 -- br %r14 --.size poly1305_init,.-poly1305_init --___ -+INCLUDE ("s390x_arch.h"); -+TEXT (); -+ -+################ -+# static void poly1305_init(void *ctx, const unsigned char key[16]) -+{ -+GLOBL ("poly1305_init"); -+TYPE ("poly1305_init","\@function"); -+ALIGN (16); -+LABEL ("poly1305_init"); -+ lghi ("%r0",0); -+ lghi ("%r1",-1); -+ stg ("%r0","0($ctx)"); # zero hash value -+ stg ("%r0","8($ctx)"); -+ stg ("%r0","16($ctx)"); -+ st ("%r0","24($ctx)"); # clear is_base2_26 -+ lgr ("%r5",$ctx); # reassign $ctx -+ lghi ("%r2",0); -+ -+&{$z? \&clgr:\&clr} ($inp,"%r0"); -+ je (".Lno_key"); -+ -+ lrvg ("%r2","0($inp)"); # load little-endian key -+ lrvg ("%r3","8($inp)"); -+ -+ nihl ("%r1",0xffc0); # 0xffffffc0ffffffff -+ srlg ("%r0","%r1",4); # 0x0ffffffc0fffffff -+ srlg ("%r1","%r1",4); -+ nill ("%r1",0xfffc); # 0x0ffffffc0ffffffc -+ -+ ngr ("%r2","%r0"); -+ ngr ("%r3","%r1"); -+ -+ stmg ("%r2","%r3","32(%r5)"); -+ -+ larl ("%r1","OPENSSL_s390xcap_P"); -+ lg ("%r0","16(%r1)"); -+ srlg ("%r0","%r0",62); -+ nill ("%r0",1); # extract vx bit -+ lcgr ("%r0","%r0"); -+ larl ("%r1",".Lpoly1305_blocks"); -+ larl ("%r2",".Lpoly1305_blocks_vx"); -+ larl ("%r3",".Lpoly1305_emit"); -+&{$z? \&xgr:\&xr} ("%r2","%r1"); # select between scalar and vector -+&{$z? \&ngr:\&nr} ("%r2","%r0"); -+&{$z? \&xgr:\&xr} ("%r2","%r1"); -+&{$z? \&stmg:\&stm} ("%r2","%r3","0(%r4)"); -+ lghi ("%r2",1); -+LABEL (".Lno_key"); -+ br ("%r14"); -+SIZE ("poly1305_init",".-poly1305_init"); -+} -+ -+################ -+# static void poly1305_blocks(void *ctx, const unsigned char *inp, -+# size_t len, u32 padbit) - { - my ($d0hi,$d0lo,$d1hi,$d1lo,$t0,$h0,$t1,$h1,$h2) = map("%r$_",(6..14)); - my ($r0,$r1,$s1) = map("%r$_",(0..2)); - --$code.=<<___; --.globl poly1305_blocks --.type poly1305_blocks,\@function --.align 16 --poly1305_blocks: -- srl${g} $len,4 # fixed-up in 64-bit build -- lghi %r0,0 -- cl${g}r $len,%r0 -- je .Lno_data -- -- stm${g} %r6,%r14,`6*$SIZE_T`($sp) -- -- llgfr $padbit,$padbit # clear upper half, much needed with -- # non-64-bit ABI -- lg $r0,32($ctx) # load key -- lg $r1,40($ctx) -- -- lg $h0,0($ctx) # load hash value -- lg $h1,8($ctx) -- lg $h2,16($ctx) -- -- st$g $ctx,`2*$SIZE_T`($sp) # off-load $ctx -- srlg $s1,$r1,2 -- algr $s1,$r1 # s1 = r1 + r1>>2 -- j .Loop -- --.align 16 --.Loop: -- lrvg $d0lo,0($inp) # load little-endian input -- lrvg $d1lo,8($inp) -- la $inp,16($inp) -- -- algr $d0lo,$h0 # accumulate input -- alcgr $d1lo,$h1 -- -- lgr $h0,$d0lo -- mlgr $d0hi,$r0 # h0*r0 -> $d0hi:$d0lo -- lgr $h1,$d1lo -- mlgr $d1hi,$s1 # h1*5*r1 -> $d1hi:$d1lo -- -- mlgr $t0,$r1 # h0*r1 -> $t0:$h0 -- mlgr $t1,$r0 # h1*r0 -> $t1:$h1 -- alcgr $h2,$padbit -- -- algr $d0lo,$d1lo -- lgr $d1lo,$h2 -- alcgr $d0hi,$d1hi -- lghi $d1hi,0 -- -- algr $h1,$h0 -- alcgr $t1,$t0 -- -- msgr $d1lo,$s1 # h2*s1 -- msgr $h2,$r0 # h2*r0 -- -- algr $h1,$d1lo -- alcgr $t1,$d1hi # $d1hi is zero -- -- algr $h1,$d0hi -- alcgr $h2,$t1 -- -- lghi $h0,-4 # final reduction step -- ngr $h0,$h2 -- srlg $t0,$h2,2 -- algr $h0,$t0 -- lghi $t1,3 -- ngr $h2,$t1 -- -- algr $h0,$d0lo -- alcgr $h1,$d1hi # $d1hi is still zero -- alcgr $h2,$d1hi # $d1hi is still zero -- -- brct$g $len,.Loop -- -- l$g $ctx,`2*$SIZE_T`($sp) # restore $ctx -- -- stg $h0,0($ctx) # store hash value -- stg $h1,8($ctx) -- stg $h2,16($ctx) -- -- lm${g} %r6,%r14,`6*$SIZE_T`($sp) --.Lno_data: -- br %r14 --.size poly1305_blocks,.-poly1305_blocks --___ -+GLOBL ("poly1305_blocks"); -+TYPE ("poly1305_blocks","\@function"); -+ALIGN (16); -+LABEL ("poly1305_blocks"); -+LABEL (".Lpoly1305_blocks"); -+&{$z? \<gr:\<r} ("%r0",$len); -+ jz (".Lno_data"); -+ -+&{$z? \&stmg:\&stm} ("%r6","%r14","6*$SIZE_T($sp)"); -+ -+ lg ($h0,"0($ctx)"); # load hash value -+ lg ($h1,"8($ctx)"); -+ lg ($h2,"16($ctx)"); -+ -+LABEL (".Lpoly1305_blocks_entry"); -+if ($z) { -+ srlg ($len,$len,4); -+} else { -+ srl ($len,4); -+} -+ llgfr ($padbit,$padbit); # clear upper half, much needed with -+ # non-64-bit ABI -+ lg ($r0,"32($ctx)"); # load key -+ lg ($r1,"40($ctx)"); -+ -+&{$z? \&stg:\&st} ($ctx,"2*$SIZE_T($sp)"); # off-load $ctx -+ srlg ($s1,$r1,2); -+ algr ($s1,$r1); # s1 = r1 + r1>>2 -+ j (".Loop"); -+ -+ALIGN (16); -+LABEL (".Loop"); -+ lrvg ($d0lo,"0($inp)"); # load little-endian input -+ lrvg ($d1lo,"8($inp)"); -+ la ($inp,"16($inp)"); -+ -+ algr ($d0lo,$h0); # accumulate input -+ alcgr ($d1lo,$h1); -+ alcgr ($h2,$padbit); -+ -+ lgr ($h0,$d0lo); -+ mlgr ($d0hi,$r0); # h0*r0 -> $d0hi:$d0lo -+ lgr ($h1,$d1lo); -+ mlgr ($d1hi,$s1); # h1*5*r1 -> $d1hi:$d1lo -+ -+ mlgr ($t0,$r1); # h0*r1 -> $t0:$h0 -+ mlgr ($t1,$r0); # h1*r0 -> $t1:$h1 -+ -+ algr ($d0lo,$d1lo); -+ lgr ($d1lo,$h2); -+ alcgr ($d0hi,$d1hi); -+ lghi ($d1hi,0); -+ -+ algr ($h1,$h0); -+ alcgr ($t1,$t0); -+ -+ msgr ($d1lo,$s1); # h2*s1 -+ msgr ($h2,$r0); # h2*r0 -+ -+ algr ($h1,$d1lo); -+ alcgr ($t1,$d1hi); # $d1hi is zero -+ -+ algr ($h1,$d0hi); -+ alcgr ($h2,$t1); -+ -+ lghi ($h0,-4); # final reduction step -+ ngr ($h0,$h2); -+ srlg ($t0,$h2,2); -+ algr ($h0,$t0); -+ lghi ($t1,3); -+ ngr ($h2,$t1); -+ -+ algr ($h0,$d0lo); -+ alcgr ($h1,$d1hi); # $d1hi is still zero -+ alcgr ($h2,$d1hi); # $d1hi is still zero -+ -+&{$z? \&brctg:\&brct} ($len,".Loop"); -+ -+&{$z? \&lg:\&l} ($ctx,"2*$SIZE_T($sp)");# restore $ctx -+ -+ stg ($h0,"0($ctx)"); # store hash value -+ stg ($h1,"8($ctx)"); -+ stg ($h2,"16($ctx)"); -+ -+&{$z? \&lmg:\&lm} ("%r6","%r14","6*$SIZE_T($sp)"); -+LABEL (".Lno_data"); -+ br ("%r14"); -+SIZE ("poly1305_blocks",".-poly1305_blocks"); - } -+ -+################ -+# static void poly1305_blocks_vx(void *ctx, const unsigned char *inp, -+# size_t len, u32 padbit) -+{ -+my ($H0, $H1, $H2, $H3, $H4) = map("%v$_",(0..4)); -+my ($I0, $I1, $I2, $I3, $I4) = map("%v$_",(5..9)); -+my ($R0, $R1, $S1, $R2, $S2) = map("%v$_",(10..14)); -+my ($R3, $S3, $R4, $S4) = map("%v$_",(15..18)); -+my ($ACC0, $ACC1, $ACC2, $ACC3, $ACC4) = map("%v$_",(19..23)); -+my ($T1, $T2, $T3, $T4) = map("%v$_",(24..27)); -+my ($mask26,$bswaplo,$bswaphi,$bswapmi) = map("%v$_",(28..31)); -+ -+my ($d2,$d0,$h0,$d1,$h1,$h2)=map("%r$_",(9..14)); -+ -+TYPE ("poly1305_blocks_vx","\@function"); -+ALIGN (16); -+LABEL ("poly1305_blocks_vx"); -+LABEL (".Lpoly1305_blocks_vx"); -+&{$z? \&clgfi:\&clfi} ($len,128); -+ jhe ("__poly1305_blocks_vx"); -+ -+&{$z? \&stmg:\&stm} ("%r6","%r14","6*$SIZE_T($sp)"); -+ -+ lg ($d0,"0($ctx)"); -+ lg ($d1,"8($ctx)"); -+ lg ($d2,"16($ctx)"); -+ -+ llgfr ("%r0",$d0); # base 2^26 -> base 2^64 -+ srlg ($h0,$d0,32); -+ llgfr ("%r1",$d1); -+ srlg ($h1,$d1,32); -+ srlg ($h2,$d2,32); -+ -+ sllg ("%r0","%r0",26); -+ algr ($h0,"%r0"); -+ sllg ("%r0",$h1,52); -+ srlg ($h1,$h1,12); -+ sllg ("%r1","%r1",14); -+ algr ($h0,"%r0"); -+ alcgr ($h1,"%r1"); -+ sllg ("%r0",$h2,40); -+ srlg ($h2,$h2,24); -+ lghi ("%r1",0); -+ algr ($h1,"%r0"); -+ alcgr ($h2,"%r1"); -+ -+ llgf ("%r0","24($ctx)"); # is_base2_26 -+ lcgr ("%r0","%r0"); -+ -+ xgr ($h0,$d0); # choose between radixes -+ xgr ($h1,$d1); -+ xgr ($h2,$d2); -+ ngr ($h0,"%r0"); -+ ngr ($h1,"%r0"); -+ ngr ($h2,"%r0"); -+ xgr ($h0,$d0); -+ xgr ($h1,$d1); -+ xgr ($h2,$d2); -+ -+ lhi ("%r0",0); -+ st ("%r0","24($ctx)"); # clear is_base2_26 -+ -+ j (".Lpoly1305_blocks_entry"); -+SIZE ("poly1305_blocks_vx",".-poly1305_blocks_vx"); -+ -+TYPE ("__poly1305_mul","\@function"); -+ALIGN (16); -+LABEL ("__poly1305_mul"); -+ vmlof ($ACC0,$H0,$R0); -+ vmlof ($ACC1,$H0,$R1); -+ vmlof ($ACC2,$H0,$R2); -+ vmlof ($ACC3,$H0,$R3); -+ vmlof ($ACC4,$H0,$R4); -+ -+ vmalof ($ACC0,$H1,$S4,$ACC0); -+ vmalof ($ACC1,$H1,$R0,$ACC1); -+ vmalof ($ACC2,$H1,$R1,$ACC2); -+ vmalof ($ACC3,$H1,$R2,$ACC3); -+ vmalof ($ACC4,$H1,$R3,$ACC4); -+ -+ vmalof ($ACC0,$H2,$S3,$ACC0); -+ vmalof ($ACC1,$H2,$S4,$ACC1); -+ vmalof ($ACC2,$H2,$R0,$ACC2); -+ vmalof ($ACC3,$H2,$R1,$ACC3); -+ vmalof ($ACC4,$H2,$R2,$ACC4); -+ -+ vmalof ($ACC0,$H3,$S2,$ACC0); -+ vmalof ($ACC1,$H3,$S3,$ACC1); -+ vmalof ($ACC2,$H3,$S4,$ACC2); -+ vmalof ($ACC3,$H3,$R0,$ACC3); -+ vmalof ($ACC4,$H3,$R1,$ACC4); -+ -+ vmalof ($ACC0,$H4,$S1,$ACC0); -+ vmalof ($ACC1,$H4,$S2,$ACC1); -+ vmalof ($ACC2,$H4,$S3,$ACC2); -+ vmalof ($ACC3,$H4,$S4,$ACC3); -+ vmalof ($ACC4,$H4,$R0,$ACC4); -+ -+ ################################################################ -+ # lazy reduction -+ -+ vesrlg ($H4,$ACC3,26); -+ vesrlg ($H1,$ACC0,26); -+ vn ($H3,$ACC3,$mask26); -+ vn ($H0,$ACC0,$mask26); -+ vag ($H4,$H4,$ACC4); # h3 -> h4 -+ vag ($H1,$H1,$ACC1); # h0 -> h1 -+ -+ vesrlg ($ACC4,$H4,26); -+ vesrlg ($ACC1,$H1,26); -+ vn ($H4,$H4,$mask26); -+ vn ($H1,$H1,$mask26); -+ vag ($H0,$H0,$ACC4); -+ vag ($H2,$ACC2,$ACC1); # h1 -> h2 -+ -+ veslg ($ACC4,$ACC4,2); # <<2 -+ vesrlg ($ACC2,$H2,26); -+ vn ($H2,$H2,$mask26); -+ vag ($H0,$H0,$ACC4); # h4 -> h0 -+ vag ($H3,$H3,$ACC2); # h2 -> h3 -+ -+ vesrlg ($ACC0,$H0,26); -+ vesrlg ($ACC3,$H3,26); -+ vn ($H0,$H0,$mask26); -+ vn ($H3,$H3,$mask26); -+ vag ($H1,$H1,$ACC0); # h0 -> h1 -+ vag ($H4,$H4,$ACC3); # h3 -> h4 -+ br ("%r14"); -+SIZE ("__poly1305_mul",".-__poly1305_mul"); -+ -+TYPE ("__poly1305_blocks_vx","\@function"); -+ALIGN (16); -+LABEL ("__poly1305_blocks_vx"); -+&{$z? \&lgr:\&lr} ("%r0",$sp); -+&{$z? \&stmg:\&stm} ("%r10","%r15","10*$SIZE_T($sp)"); -+if (!$z) { -+ std ("%f4","16*$SIZE_T+2*8($sp)"); -+ std ("%f6","16*$SIZE_T+3*8($sp)"); -+ ahi ($sp,-$stdframe); -+ st ("%r0","0($sp)"); # back-chain -+ -+ llgfr ($len,$len); # so that srlg works on $len -+} else { -+ aghi ($sp,"-($stdframe+8*8)"); -+ stg ("%r0","0($sp)"); # back-chain -+ -+ std ("%f8","$stdframe+0*8($sp)"); -+ std ("%f9","$stdframe+1*8($sp)"); -+ std ("%f10","$stdframe+2*8($sp)"); -+ std ("%f11","$stdframe+3*8($sp)"); -+ std ("%f12","$stdframe+4*8($sp)"); -+ std ("%f13","$stdframe+5*8($sp)"); -+ std ("%f14","$stdframe+6*8($sp)"); -+ std ("%f15","$stdframe+7*8($sp)"); -+} -+ larl ("%r1",".Lconst"); -+ vgmg ($mask26,38,63); -+ vlm ($bswaplo,$bswapmi,"16(%r1)"); -+ -+ < ("%r0","24($ctx)"); # is_base2_26? -+ jnz (".Lskip_init"); -+ -+ lg ($h0,"32($ctx)"); # load key base 2^64 -+ lg ($h1,"40($ctx)"); -+ -+ risbg ($d0,$h0,38,0x80+63,38); # base 2^64 -> 2^26 -+ srlg ($d1,$h0,52); -+ risbg ($h0,$h0,38,0x80+63,0); -+ vlvgg ($R0,$h0,0); -+ risbg ($d1,$h1,38,51,12); -+ vlvgg ($R1,$d0,0); -+ risbg ($d0,$h1,38,63,50); -+ vlvgg ($R2,$d1,0); -+ srlg ($d1,$h1,40); -+ vlvgg ($R3,$d0,0); -+ vlvgg ($R4,$d1,0); -+ -+ veslg ($S1,$R1,2); -+ veslg ($S2,$R2,2); -+ veslg ($S3,$R3,2); -+ veslg ($S4,$R4,2); -+ vlr ($H0,$R0); -+ vlr ($H1,$R1); -+ vlr ($H2,$R2); -+ vlr ($H3,$R3); -+ vlr ($H4,$R4); -+ vag ($S1,$S1,$R1); # * 5 -+ vag ($S2,$S2,$R2); -+ vag ($S3,$S3,$R3); -+ vag ($S4,$S4,$R4); -+ -+ brasl ("%r14","__poly1305_mul"); # r^1:- * r^1:- -+ -+ vpdi ($R0,$H0,$R0,0); # r^2:r^1 -+ vpdi ($R1,$H1,$R1,0); -+ vpdi ($R2,$H2,$R2,0); -+ vpdi ($R3,$H3,$R3,0); -+ vpdi ($R4,$H4,$R4,0); -+ vpdi ($H0,$H0,$H0,0); # r^2:r^2 -+ vpdi ($H1,$H1,$H1,0); -+ vpdi ($H2,$H2,$H2,0); -+ vpdi ($H3,$H3,$H3,0); -+ vpdi ($H4,$H4,$H4,0); -+ veslg ($S1,$R1,2); -+ veslg ($S2,$R2,2); -+ veslg ($S3,$R3,2); -+ veslg ($S4,$R4,2); -+ vag ($S1,$S1,$R1); # * 5 -+ vag ($S2,$S2,$R2); -+ vag ($S3,$S3,$R3); -+ vag ($S4,$S4,$R4); -+ -+ brasl ("%r14,__poly1305_mul"); # r^2:r^2 * r^2:r^1 -+ -+ vl ($I0,"0(%r1)"); # borrow $I0 -+ vperm ($R0,$R0,$H0,$I0); # r^2:r^4:r^1:r^3 -+ vperm ($R1,$R1,$H1,$I0); -+ vperm ($R2,$R2,$H2,$I0); -+ vperm ($R3,$R3,$H3,$I0); -+ vperm ($R4,$R4,$H4,$I0); -+ veslf ($S1,$R1,2); -+ veslf ($S2,$R2,2); -+ veslf ($S3,$R3,2); -+ veslf ($S4,$R4,2); -+ vaf ($S1,$S1,$R1); # * 5 -+ vaf ($S2,$S2,$R2); -+ vaf ($S3,$S3,$R3); -+ vaf ($S4,$S4,$R4); -+ -+ lg ($h0,"0($ctx)"); # load hash base 2^64 -+ lg ($h1,"8($ctx)"); -+ lg ($h2,"16($ctx)"); -+ -+ vzero ($H0); -+ vzero ($H1); -+ vzero ($H2); -+ vzero ($H3); -+ vzero ($H4); -+ -+ risbg ($d0,$h0,38,0x80+63,38); # base 2^64 -> 2^26 -+ srlg ($d1,$h0,52); -+ risbg ($h0,$h0,38,0x80+63,0); -+ vlvgg ($H0,$h0,0); -+ risbg ($d1,$h1,38,51,12); -+ vlvgg ($H1,$d0,0); -+ risbg ($d0,$h1,38,63,50); -+ vlvgg ($H2,$d1,0); -+ srlg ($d1,$h1,40); -+ vlvgg ($H3,$d0,0); -+ risbg ($d1,$h2,37,39,24); -+ vlvgg ($H4,$d1,0); -+ -+ lhi ("%r0",1); -+ st ("%r0","24($ctx)"); # set is_base2_26 -+ -+ vstm ($R0,$S4,"48($ctx)"); # save key schedule base 2^26 -+ -+ vpdi ($R0,$R0,$R0,0); # broadcast r^2:r^4 -+ vpdi ($R1,$R1,$R1,0); -+ vpdi ($S1,$S1,$S1,0); -+ vpdi ($R2,$R2,$R2,0); -+ vpdi ($S2,$S2,$S2,0); -+ vpdi ($R3,$R3,$R3,0); -+ vpdi ($S3,$S3,$S3,0); -+ vpdi ($R4,$R4,$R4,0); -+ vpdi ($S4,$S4,$S4,0); -+ -+ j (".Loaded_hash"); -+ -+ALIGN (16); -+LABEL (".Lskip_init"); -+ vllezf ($H0,"0($ctx)"); # load hash base 2^26 -+ vllezf ($H1,"4($ctx)"); -+ vllezf ($H2,"8($ctx)"); -+ vllezf ($H3,"12($ctx)"); -+ vllezf ($H4,"16($ctx)"); -+ -+ vlrepg ($R0,"0x30($ctx)"); # broadcast r^2:r^4 -+ vlrepg ($R1,"0x40($ctx)"); -+ vlrepg ($S1,"0x50($ctx)"); -+ vlrepg ($R2,"0x60($ctx)"); -+ vlrepg ($S2,"0x70($ctx)"); -+ vlrepg ($R3,"0x80($ctx)"); -+ vlrepg ($S3,"0x90($ctx)"); -+ vlrepg ($R4,"0xa0($ctx)"); -+ vlrepg ($S4,"0xb0($ctx)"); -+ -+LABEL (".Loaded_hash"); -+ vzero ($I1); -+ vzero ($I3); -+ -+ vlm ($T1,$T4,"0x00($inp)"); # load first input block -+ la ($inp,"0x40($inp)"); -+ vgmg ($mask26,6,31); -+ vgmf ($I4,5,5); # padbit<<2 -+ -+ vperm ($I0,$T3,$T4,$bswaplo); -+ vperm ($I2,$T3,$T4,$bswapmi); -+ vperm ($T3,$T3,$T4,$bswaphi); -+ -+ verimg ($I1,$I0,$mask26,6); # >>26 -+ veslg ($I0,$I0,32); -+ veslg ($I2,$I2,28); # >>4 -+ verimg ($I3,$T3,$mask26,18); # >>14 -+ verimg ($I4,$T3,$mask26,58); # >>38 -+ vn ($I0,$I0,$mask26); -+ vn ($I2,$I2,$mask26); -+ vesrlf ($I4,$I4,2); # >>2 -+ -+ vgmg ($mask26,38,63); -+ vperm ($T3,$T1,$T2,$bswaplo); -+ vperm ($T4,$T1,$T2,$bswaphi); -+ vperm ($T2,$T1,$T2,$bswapmi); -+ -+ verimg ($I0,$T3,$mask26,0); -+ verimg ($I1,$T3,$mask26,38); # >>26 -+ verimg ($I2,$T2,$mask26,60); # >>4 -+ verimg ($I3,$T4,$mask26,50); # >>14 -+ vesrlg ($T4,$T4,40); -+ vo ($I4,$I4,$T4); -+ -+ srlg ("%r0",$len,6); -+&{$z? \&aghi:\&ahi} ("%r0",-1); -+ -+ALIGN (16); -+LABEL (".Loop_vx"); -+ vmlef ($ACC0,$I0,$R0); -+ vmlef ($ACC1,$I0,$R1); -+ vmlef ($ACC2,$I0,$R2); -+ vmlef ($ACC3,$I0,$R3); -+ vmlef ($ACC4,$I0,$R4); -+ -+ vmalef ($ACC0,$I1,$S4,$ACC0); -+ vmalef ($ACC1,$I1,$R0,$ACC1); -+ vmalef ($ACC2,$I1,$R1,$ACC2); -+ vmalef ($ACC3,$I1,$R2,$ACC3); -+ vmalef ($ACC4,$I1,$R3,$ACC4); -+ -+ vaf ($H2,$H2,$I2); -+ vaf ($H0,$H0,$I0); -+ vaf ($H3,$H3,$I3); -+ vaf ($H1,$H1,$I1); -+ vaf ($H4,$H4,$I4); -+ -+ vmalef ($ACC0,$I2,$S3,$ACC0); -+ vmalef ($ACC1,$I2,$S4,$ACC1); -+ vmalef ($ACC2,$I2,$R0,$ACC2); -+ vmalef ($ACC3,$I2,$R1,$ACC3); -+ vmalef ($ACC4,$I2,$R2,$ACC4); -+ -+ vlm ($T1,$T4,"0x00($inp)"); # load next input block -+ la ($inp,"0x40($inp)"); -+ vgmg ($mask26,6,31); -+ -+ vmalef ($ACC0,$I3,$S2,$ACC0); -+ vmalef ($ACC1,$I3,$S3,$ACC1); -+ vmalef ($ACC2,$I3,$S4,$ACC2); -+ vmalef ($ACC3,$I3,$R0,$ACC3); -+ vmalef ($ACC4,$I3,$R1,$ACC4); -+ -+ vperm ($I0,$T3,$T4,$bswaplo); -+ vperm ($I2,$T3,$T4,$bswapmi); -+ vperm ($T3,$T3,$T4,$bswaphi); -+ -+ vmalef ($ACC0,$I4,$S1,$ACC0); -+ vmalef ($ACC1,$I4,$S2,$ACC1); -+ vmalef ($ACC2,$I4,$S3,$ACC2); -+ vmalef ($ACC3,$I4,$S4,$ACC3); -+ vmalef ($ACC4,$I4,$R0,$ACC4); -+ -+ verimg ($I1,$I0,$mask26,6); # >>26 -+ veslg ($I0,$I0,32); -+ veslg ($I2,$I2,28); # >>4 -+ verimg ($I3,$T3,$mask26,18); # >>14 -+ -+ vmalof ($ACC0,$H0,$R0,$ACC0); -+ vmalof ($ACC1,$H0,$R1,$ACC1); -+ vmalof ($ACC2,$H0,$R2,$ACC2); -+ vmalof ($ACC3,$H0,$R3,$ACC3); -+ vmalof ($ACC4,$H0,$R4,$ACC4); -+ -+ vgmf ($I4,5,5); # padbit<<2 -+ verimg ($I4,$T3,$mask26,58); # >>38 -+ vn ($I0,$I0,$mask26); -+ vn ($I2,$I2,$mask26); -+ vesrlf ($I4,$I4,2); # >>2 -+ -+ vmalof ($ACC0,$H1,$S4,$ACC0); -+ vmalof ($ACC1,$H1,$R0,$ACC1); -+ vmalof ($ACC2,$H1,$R1,$ACC2); -+ vmalof ($ACC3,$H1,$R2,$ACC3); -+ vmalof ($ACC4,$H1,$R3,$ACC4); -+ -+ vgmg ($mask26,38,63); -+ vperm ($T3,$T1,$T2,$bswaplo); -+ vperm ($T4,$T1,$T2,$bswaphi); -+ vperm ($T2,$T1,$T2,$bswapmi); -+ -+ vmalof ($ACC0,$H2,$S3,$ACC0); -+ vmalof ($ACC1,$H2,$S4,$ACC1); -+ vmalof ($ACC2,$H2,$R0,$ACC2); -+ vmalof ($ACC3,$H2,$R1,$ACC3); -+ vmalof ($ACC4,$H2,$R2,$ACC4); -+ -+ verimg ($I0,$T3,$mask26,0); -+ verimg ($I1,$T3,$mask26,38); # >>26 -+ verimg ($I2,$T2,$mask26,60); # >>4 -+ -+ vmalof ($ACC0,$H3,$S2,$ACC0); -+ vmalof ($ACC1,$H3,$S3,$ACC1); -+ vmalof ($ACC2,$H3,$S4,$ACC2); -+ vmalof ($ACC3,$H3,$R0,$ACC3); -+ vmalof ($ACC4,$H3,$R1,$ACC4); -+ -+ verimg ($I3,$T4,$mask26,50); # >>14 -+ vesrlg ($T4,$T4,40); -+ vo ($I4,$I4,$T4); -+ -+ vmalof ($ACC0,$H4,$S1,$ACC0); -+ vmalof ($ACC1,$H4,$S2,$ACC1); -+ vmalof ($ACC2,$H4,$S3,$ACC2); -+ vmalof ($ACC3,$H4,$S4,$ACC3); -+ vmalof ($ACC4,$H4,$R0,$ACC4); -+ -+ ################################################################ -+ # lazy reduction as discussed in "NEON crypto" by D.J. Bernstein -+ # and P. Schwabe -+ -+ vesrlg ($H4,$ACC3,26); -+ vesrlg ($H1,$ACC0,26); -+ vn ($H3,$ACC3,$mask26); -+ vn ($H0,$ACC0,$mask26); -+ vag ($H4,$H4,$ACC4); # h3 -> h4 -+ vag ($H1,$H1,$ACC1); # h0 -> h1 -+ -+ vesrlg ($ACC4,$H4,26); -+ vesrlg ($ACC1,$H1,26); -+ vn ($H4,$H4,$mask26); -+ vn ($H1,$H1,$mask26); -+ vag ($H0,$H0,$ACC4); -+ vag ($H2,$ACC2,$ACC1); # h1 -> h2 -+ -+ veslg ($ACC4,$ACC4,2); # <<2 -+ vesrlg ($ACC2,$H2,26); -+ vn ($H2,$H2,$mask26); -+ vag ($H0,$H0,$ACC4); # h4 -> h0 -+ vag ($H3,$H3,$ACC2); # h2 -> h3 -+ -+ vesrlg ($ACC0,$H0,26); -+ vesrlg ($ACC3,$H3,26); -+ vn ($H0,$H0,$mask26); -+ vn ($H3,$H3,$mask26); -+ vag ($H1,$H1,$ACC0); # h0 -> h1 -+ vag ($H4,$H4,$ACC3); # h3 -> h4 -+ -+&{$z? \&brctg:\&brct} ("%r0",".Loop_vx"); -+ -+ vlm ($R0,$S4,"48($ctx)"); # load all powers -+ -+ lghi ("%r0",0x30); -+&{$z? \&lcgr:\&lcr} ($len,$len); -+&{$z? \&ngr:\&nr} ($len,"%r0"); -+&{$z? \&slgr:\&slr} ($inp,$len); -+ -+LABEL (".Last"); -+ vmlef ($ACC0,$I0,$R0); -+ vmlef ($ACC1,$I0,$R1); -+ vmlef ($ACC2,$I0,$R2); -+ vmlef ($ACC3,$I0,$R3); -+ vmlef ($ACC4,$I0,$R4); -+ -+ vmalef ($ACC0,$I1,$S4,$ACC0); -+ vmalef ($ACC1,$I1,$R0,$ACC1); -+ vmalef ($ACC2,$I1,$R1,$ACC2); -+ vmalef ($ACC3,$I1,$R2,$ACC3); -+ vmalef ($ACC4,$I1,$R3,$ACC4); -+ -+ vaf ($H0,$H0,$I0); -+ vaf ($H1,$H1,$I1); -+ vaf ($H2,$H2,$I2); -+ vaf ($H3,$H3,$I3); -+ vaf ($H4,$H4,$I4); -+ -+ vmalef ($ACC0,$I2,$S3,$ACC0); -+ vmalef ($ACC1,$I2,$S4,$ACC1); -+ vmalef ($ACC2,$I2,$R0,$ACC2); -+ vmalef ($ACC3,$I2,$R1,$ACC3); -+ vmalef ($ACC4,$I2,$R2,$ACC4); -+ -+ vmalef ($ACC0,$I3,$S2,$ACC0); -+ vmalef ($ACC1,$I3,$S3,$ACC1); -+ vmalef ($ACC2,$I3,$S4,$ACC2); -+ vmalef ($ACC3,$I3,$R0,$ACC3); -+ vmalef ($ACC4,$I3,$R1,$ACC4); -+ -+ vmalef ($ACC0,$I4,$S1,$ACC0); -+ vmalef ($ACC1,$I4,$S2,$ACC1); -+ vmalef ($ACC2,$I4,$S3,$ACC2); -+ vmalef ($ACC3,$I4,$S4,$ACC3); -+ vmalef ($ACC4,$I4,$R0,$ACC4); -+ -+ vmalof ($ACC0,$H0,$R0,$ACC0); -+ vmalof ($ACC1,$H0,$R1,$ACC1); -+ vmalof ($ACC2,$H0,$R2,$ACC2); -+ vmalof ($ACC3,$H0,$R3,$ACC3); -+ vmalof ($ACC4,$H0,$R4,$ACC4); -+ -+ vmalof ($ACC0,$H1,$S4,$ACC0); -+ vmalof ($ACC1,$H1,$R0,$ACC1); -+ vmalof ($ACC2,$H1,$R1,$ACC2); -+ vmalof ($ACC3,$H1,$R2,$ACC3); -+ vmalof ($ACC4,$H1,$R3,$ACC4); -+ -+ vmalof ($ACC0,$H2,$S3,$ACC0); -+ vmalof ($ACC1,$H2,$S4,$ACC1); -+ vmalof ($ACC2,$H2,$R0,$ACC2); -+ vmalof ($ACC3,$H2,$R1,$ACC3); -+ vmalof ($ACC4,$H2,$R2,$ACC4); -+ -+ vmalof ($ACC0,$H3,$S2,$ACC0); -+ vmalof ($ACC1,$H3,$S3,$ACC1); -+ vmalof ($ACC2,$H3,$S4,$ACC2); -+ vmalof ($ACC3,$H3,$R0,$ACC3); -+ vmalof ($ACC4,$H3,$R1,$ACC4); -+ -+ vmalof ($ACC0,$H4,$S1,$ACC0); -+ vmalof ($ACC1,$H4,$S2,$ACC1); -+ vmalof ($ACC2,$H4,$S3,$ACC2); -+ vmalof ($ACC3,$H4,$S4,$ACC3); -+ vmalof ($ACC4,$H4,$R0,$ACC4); -+ -+ ################################################################ -+ # horizontal addition -+ -+ vzero ($H0); -+ vsumqg ($ACC0,$ACC0,$H0); -+ vsumqg ($ACC1,$ACC1,$H0); -+ vsumqg ($ACC2,$ACC2,$H0); -+ vsumqg ($ACC3,$ACC3,$H0); -+ vsumqg ($ACC4,$ACC4,$H0); -+ -+ ################################################################ -+ # lazy reduction -+ -+ vesrlg ($H4,$ACC3,26); -+ vesrlg ($H1,$ACC0,26); -+ vn ($H3,$ACC3,$mask26); -+ vn ($H0,$ACC0,$mask26); -+ vag ($H4,$H4,$ACC4); # h3 -> h4 -+ vag ($H1,$H1,$ACC1); # h0 -> h1 -+ -+ vesrlg ($ACC4,$H4,26); -+ vesrlg ($ACC1,$H1,26); -+ vn ($H4,$H4,$mask26); -+ vn ($H1,$H1,$mask26); -+ vag ($H0,$H0,$ACC4); -+ vag ($H2,$ACC2,$ACC1); # h1 -> h2 -+ -+ veslg ($ACC4,$ACC4,2); # <<2 -+ vesrlg ($ACC2,$H2,26); -+ vn ($H2,$H2,$mask26); -+ vag ($H0,$H0,$ACC4); # h4 -> h0 -+ vag ($H3,$H3,$ACC2); # h2 -> h3 -+ -+ vesrlg ($ACC0,$H0,26); -+ vesrlg ($ACC3,$H3,26); -+ vn ($H0,$H0,$mask26); -+ vn ($H3,$H3,$mask26); -+ vag ($H1,$H1,$ACC0); # h0 -> h1 -+ vag ($H4,$H4,$ACC3); # h3 -> h4 -+ -+&{$z? \&clgfi:\&clfi} ($len,0); -+ je (".Ldone"); -+ -+ vlm ($T1,$T4,"0x00($inp)"); # load last partial block -+ vgmg ($mask26,6,31); -+ vgmf ($I4,5,5); # padbit<<2 -+ -+ vperm ($I0,$T3,$T4,$bswaplo); -+ vperm ($I2,$T3,$T4,$bswapmi); -+ vperm ($T3,$T3,$T4,$bswaphi); -+ -+ vl ($ACC0,"0x30($len,%r1)"); # borrow $ACC0,1 -+ vl ($ACC1,"0x60($len,%r1)"); -+ -+ verimg ($I1,$I0,$mask26,6); # >>26 -+ veslg ($I0,$I0,32); -+ veslg ($I2,$I2,28); # >>4 -+ verimg ($I3,$T3,$mask26,18); # >>14 -+ verimg ($I4,$T3,$mask26,58); # >>38 -+ vn ($I0,$I0,$mask26); -+ vn ($I2,$I2,$mask26); -+ vesrlf ($I4,$I4,2); # >>2 -+ -+ vgmg ($mask26,38,63); -+ vperm ($T3,$T1,$T2,$bswaplo); -+ vperm ($T4,$T1,$T2,$bswaphi); -+ vperm ($T2,$T1,$T2,$bswapmi); -+ -+ verimg ($I0,$T3,$mask26,0); -+ verimg ($I1,$T3,$mask26,38); # >>26 -+ verimg ($I2,$T2,$mask26,60); # >>4 -+ verimg ($I3,$T4,$mask26,50); # >>14 -+ vesrlg ($T4,$T4,40); -+ vo ($I4,$I4,$T4); -+ -+ vperm ($H0,$H0,$H0,$ACC0); # move hash to right lane -+ vn ($I0,$I0,$ACC1); # mask redundant lane[s] -+ vperm ($H1,$H1,$H1,$ACC0); -+ vn ($I1,$I1,$ACC1); -+ vperm ($H2,$H2,$H2,$ACC0); -+ vn ($I2,$I2,$ACC1); -+ vperm ($H3,$H3,$H3,$ACC0); -+ vn ($I3,$I3,$ACC1); -+ vperm ($H4,$H4,$H4,$ACC0); -+ vn ($I4,$I4,$ACC1); -+ -+ vaf ($I0,$I0,$H0); # accumulate hash -+ vzero ($H0); # wipe hash value -+ vaf ($I1,$I1,$H1); -+ vzero ($H1); -+ vaf ($I2,$I2,$H2); -+ vzero ($H2); -+ vaf ($I3,$I3,$H3); -+ vzero ($H3); -+ vaf ($I4,$I4,$H4); -+ vzero ($H4); -+ -+&{$z? \&lghi:\&lhi} ($len,0); -+ j (".Last"); -+ # I don't bother to tell apart cases when only one multiplication -+ # pass is sufficient, because I argue that mispredicted branch -+ # penalties are comparable to overhead of sometimes redundant -+ # multiplication pass... -+ -+LABEL (".Ldone"); -+ vstef ($H0,"0($ctx)",3); # store hash base 2^26 -+ vstef ($H1,"4($ctx)",3); -+ vstef ($H2,"8($ctx)",3); -+ vstef ($H3,"12($ctx)",3); -+ vstef ($H4,"16($ctx)",3); -+ -+if ($z) { -+ ld ("%f8","$stdframe+0*8($sp)"); -+ ld ("%f9","$stdframe+1*8($sp)"); -+ ld ("%f10","$stdframe+2*8($sp)"); -+ ld ("%f11","$stdframe+3*8($sp)"); -+ ld ("%f12","$stdframe+4*8($sp)"); -+ ld ("%f13","$stdframe+5*8($sp)"); -+ ld ("%f14","$stdframe+6*8($sp)"); -+ ld ("%f15","$stdframe+7*8($sp)"); -+&{$z? \&lmg:\&lm} ("%r10","%r15","$stdframe+8*8+10*$SIZE_T($sp)"); -+} else { -+ ld ("%f4","$stdframe+16*$SIZE_T+2*8($sp)"); -+ ld ("%f6","$stdframe+16*$SIZE_T+3*8($sp)"); -+&{$z? \&lmg:\&lm} ("%r10","%r15","$stdframe+10*$SIZE_T($sp)"); -+} -+ br ("%r14"); -+SIZE ("__poly1305_blocks_vx",".-__poly1305_blocks_vx"); -+} -+ -+################ -+# static void poly1305_emit(void *ctx, unsigned char mac[16], -+# const u32 nonce[4]) - { - my ($mac,$nonce)=($inp,$len); --my ($h0,$h1,$h2,$d0,$d1)=map("%r$_",(5..9)); -+my ($h0,$h1,$h2,$d0,$d1,$d2)=map("%r$_",(5..10)); - --$code.=<<___; --.globl poly1305_emit --.type poly1305_emit,\@function --.align 16 --poly1305_emit: -- stm${g} %r6,%r9,`6*$SIZE_T`($sp) -- -- lg $h0,0($ctx) -- lg $h1,8($ctx) -- lg $h2,16($ctx) -- -- lghi %r0,5 -- lghi %r1,0 -- lgr $d0,$h0 -- lgr $d1,$h1 -- -- algr $h0,%r0 # compare to modulus -- alcgr $h1,%r1 -- alcgr $h2,%r1 -- -- srlg $h2,$h2,2 # did it borrow/carry? -- slgr %r1,$h2 # 0-$h2>>2 -- lg $h2,0($nonce) # load nonce -- lghi %r0,-1 -- lg $ctx,8($nonce) -- xgr %r0,%r1 # ~%r1 -- -- ngr $h0,%r1 -- ngr $d0,%r0 -- ngr $h1,%r1 -- ngr $d1,%r0 -- ogr $h0,$d0 -- rllg $d0,$h2,32 # flip nonce words -- ogr $h1,$d1 -- rllg $d1,$ctx,32 -- -- algr $h0,$d0 # accumulate nonce -- alcgr $h1,$d1 -- -- strvg $h0,0($mac) # write little-endian result -- strvg $h1,8($mac) -- -- lm${g} %r6,%r9,`6*$SIZE_T`($sp) -- br %r14 --.size poly1305_emit,.-poly1305_emit -- --.string "Poly1305 for s390x, CRYPTOGAMS by " --___ -+GLOBL ("poly1305_emit"); -+TYPE ("poly1305_emit","\@function"); -+ALIGN (16); -+LABEL ("poly1305_emit"); -+LABEL (".Lpoly1305_emit"); -+&{$z? \&stmg:\&stm} ("%r6","%r10","6*$SIZE_T($sp)"); -+ -+ lg ($d0,"0($ctx)"); -+ lg ($d1,"8($ctx)"); -+ lg ($d2,"16($ctx)"); -+ -+ llgfr ("%r0",$d0); # base 2^26 -> base 2^64 -+ srlg ($h0,$d0,32); -+ llgfr ("%r1",$d1); -+ srlg ($h1,$d1,32); -+ srlg ($h2,$d2,32); -+ -+ sllg ("%r0","%r0",26); -+ algr ($h0,"%r0"); -+ sllg ("%r0",$h1,52); -+ srlg ($h1,$h1,12); -+ sllg ("%r1","%r1",14); -+ algr ($h0,"%r0"); -+ alcgr ($h1,"%r1"); -+ sllg ("%r0",$h2,40); -+ srlg ($h2,$h2,24); -+ lghi ("%r1",0); -+ algr ($h1,"%r0"); -+ alcgr ($h2,"%r1"); -+ -+ llgf ("%r0","24($ctx)"); # is_base2_26 -+ lcgr ("%r0","%r0"); -+ -+ xgr ($h0,$d0); # choose between radixes -+ xgr ($h1,$d1); -+ xgr ($h2,$d2); -+ ngr ($h0,"%r0"); -+ ngr ($h1,"%r0"); -+ ngr ($h2,"%r0"); -+ xgr ($h0,$d0); -+ xgr ($h1,$d1); -+ xgr ($h2,$d2); -+ -+ lghi ("%r0",5); -+ lgr ($d0,$h0); -+ lgr ($d1,$h1); -+ -+ algr ($h0,"%r0"); # compare to modulus -+ alcgr ($h1,"%r1"); -+ alcgr ($h2,"%r1"); -+ -+ srlg ($h2,$h2,2); # did it borrow/carry? -+ slgr ("%r1",$h2); # 0-$h2>>2 -+ lg ($d2,"0($nonce)"); # load nonce -+ lg ($ctx,"8($nonce)"); -+ -+ xgr ($h0,$d0); -+ xgr ($h1,$d1); -+ ngr ($h0,"%r1"); -+ ngr ($h1,"%r1"); -+ xgr ($h0,$d0); -+ rllg ($d0,$d2,32); # flip nonce words -+ xgr ($h1,$d1); -+ rllg ($d1,$ctx,32); -+ -+ algr ($h0,$d0); # accumulate nonce -+ alcgr ($h1,$d1); -+ -+ strvg ($h0,"0($mac)"); # write little-endian result -+ strvg ($h1,"8($mac)"); -+ -+&{$z? \&lmg:\&lm} ("%r6","%r10","6*$SIZE_T($sp)"); -+ br ("%r14"); -+SIZE ("poly1305_emit",".-poly1305_emit"); - } - --$code =~ s/\`([^\`]*)\`/eval $1/gem; --$code =~ s/\b(srlg\s+)(%r[0-9]+\s*,)\s*([0-9]+)/$1$2$2$3/gm; -+################ -+ -+ALIGN (16); -+LABEL (".Lconst"); -+LONG (0x04050607,0x14151617,0x0c0d0e0f,0x1c1d1e1f); # merge odd -+LONG (0x07060504,0x03020100,0x17161514,0x13121110); # byte swap masks -+LONG (0x0f0e0d0c,0x0b0a0908,0x1f1e1d1c,0x1b1a1918); -+LONG (0x00000000,0x09080706,0x00000000,0x19181716); -+ -+LONG (0x00000000,0x00000000,0x00000000,0x0c0d0e0f); # magic tail masks -+LONG (0x0c0d0e0f,0x00000000,0x00000000,0x00000000); -+LONG (0x00000000,0x00000000,0x0c0d0e0f,0x00000000); -+ -+LONG (0xffffffff,0x00000000,0xffffffff,0xffffffff); -+LONG (0xffffffff,0x00000000,0xffffffff,0x00000000); -+LONG (0x00000000,0x00000000,0xffffffff,0x00000000); -+ -+STRING ("\"Poly1305 for s390x, CRYPTOGAMS by \""); - --print $code; --close STDOUT or die "error closing STDOUT: $!"; -+PERLASM_END(); -diff -up openssl-1.1.1e/crypto/poly1305/build.info.s390x-update openssl-1.1.1e/crypto/poly1305/build.info ---- openssl-1.1.1e/crypto/poly1305/build.info.s390x-update 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/poly1305/build.info 2020-03-19 16:20:22.042227342 +0100 -@@ -18,6 +18,7 @@ INCLUDE[poly1305-armv8.o]=.. - GENERATE[poly1305-mips.S]=asm/poly1305-mips.pl $(PERLASM_SCHEME) - INCLUDE[poly1305-mips.o]=.. - GENERATE[poly1305-s390x.S]=asm/poly1305-s390x.pl $(PERLASM_SCHEME) -+INCLUDE[poly1305-s390x.o]=.. - - BEGINRAW[Makefile(unix)] - {- $builddir -}/poly1305-%.S: {- $sourcedir -}/asm/poly1305-%.pl diff --git a/openssl-1.1.1-seclevel.patch b/openssl-1.1.1-seclevel.patch deleted file mode 100644 index c6751a5..0000000 --- a/openssl-1.1.1-seclevel.patch +++ /dev/null @@ -1,160 +0,0 @@ -diff -up openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1g/crypto/x509/x509_vfy.c ---- openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/x509/x509_vfy.c 2020-06-05 17:16:54.835536823 +0200 -@@ -3225,6 +3225,7 @@ static int build_chain(X509_STORE_CTX *c - } - - static const int minbits_table[] = { 80, 112, 128, 192, 256 }; -+static const int minbits_digest_table[] = { 80, 80, 128, 192, 256 }; - static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table); - - /* -@@ -3276,6 +3277,11 @@ static int check_sig_level(X509_STORE_CT - - if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL)) - return 0; -- -- return secbits >= minbits_table[level - 1]; -+ /* -+ * Allow SHA1 in SECLEVEL 2 in non-FIPS mode or when the magic -+ * disable SHA1 flag is not set. -+ */ -+ if ((ctx->param->flags & 0x40000000) || FIPS_mode()) -+ return secbits >= minbits_table[level - 1]; -+ return secbits >= minbits_digest_table[level - 1]; - } -diff -up openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod ---- openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod 2020-06-04 15:48:01.608178833 +0200 -@@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited - - =item B - --Security level set to 112 bits of security. As a result RSA, DSA and DH keys --shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. -+Security level set to 112 bits of security with the exception of SHA1 allowed -+for signatures. -+As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys -+shorter than 224 bits are prohibited. - In addition to the level 1 exclusions any cipher suite using RC4 is also - prohibited. SSL version 3 is also not allowed. Compression is disabled. - -diff -up openssl-1.1.1g/ssl/ssl_cert.c.seclevel openssl-1.1.1g/ssl/ssl_cert.c ---- openssl-1.1.1g/ssl/ssl_cert.c.seclevel 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/ssl/ssl_cert.c 2020-06-05 17:10:11.842198401 +0200 -@@ -27,6 +27,7 @@ - static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, - int op, int bits, int nid, void *other, - void *ex); -+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx); - - static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT; - static volatile int ssl_x509_store_ctx_idx = -1; -@@ -396,7 +397,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_ - X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s)); - - /* Set suite B flags if needed */ -- X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s)); -+ X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s) | sha1_disable(s, NULL)); - if (!X509_STORE_CTX_set_ex_data - (ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) { - goto end; -@@ -953,12 +954,33 @@ static int ssl_security_default_callback - return 0; - break; - default: -+ /* allow SHA1 in SECLEVEL 2 in non FIPS mode */ -+ if (nid == NID_sha1 && minbits == 112 && !sha1_disable(s, ctx)) -+ break; - if (bits < minbits) - return 0; - } - return 1; - } - -+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx) -+{ -+ unsigned long ret = 0x40000000; /* a magical internal value used by X509_VERIFY_PARAM */ -+ const CERT *c; -+ -+ if (FIPS_mode()) -+ return ret; -+ -+ if (ctx != NULL) { -+ c = ctx->cert; -+ } else { -+ c = s->cert; -+ } -+ if (tls1_cert_sigalgs_have_sha1(c)) -+ return 0; -+ return ret; -+} -+ - int ssl_security(const SSL *s, int op, int bits, int nid, void *other) - { - return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex); -diff -up openssl-1.1.1g/ssl/ssl_local.h.seclevel openssl-1.1.1g/ssl/ssl_local.h ---- openssl-1.1.1g/ssl/ssl_local.h.seclevel 2020-06-04 15:48:01.602178783 +0200 -+++ openssl-1.1.1g/ssl/ssl_local.h 2020-06-05 17:02:22.666313410 +0200 -@@ -2576,6 +2576,7 @@ __owur int tls1_save_sigalgs(SSL *s, PAC - __owur int tls1_process_sigalgs(SSL *s); - __owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey); - __owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd); -+int tls1_cert_sigalgs_have_sha1(const CERT *c); - __owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs); - # ifndef OPENSSL_NO_EC - __owur int tls_check_sigalg_curve(const SSL *s, int curve); -diff -up openssl-1.1.1g/ssl/t1_lib.c.seclevel openssl-1.1.1g/ssl/t1_lib.c ---- openssl-1.1.1g/ssl/t1_lib.c.seclevel 2020-06-04 15:48:01.654179221 +0200 -+++ openssl-1.1.1g/ssl/t1_lib.c 2020-06-05 17:02:40.268459157 +0200 -@@ -2145,6 +2145,36 @@ int tls1_set_sigalgs(CERT *c, const int - return 0; - } - -+static int tls1_sigalgs_have_sha1(const uint16_t *sigalgs, size_t sigalgslen) -+{ -+ size_t i; -+ -+ for (i = 0; i < sigalgslen; i++, sigalgs++) { -+ const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs); -+ -+ if (lu == NULL) -+ continue; -+ if (lu->hash == NID_sha1) -+ return 1; -+ } -+ return 0; -+} -+ -+ -+int tls1_cert_sigalgs_have_sha1(const CERT *c) -+{ -+ if (c->client_sigalgs != NULL) { -+ if (tls1_sigalgs_have_sha1(c->client_sigalgs, c->client_sigalgslen)) -+ return 1; -+ } -+ if (c->conf_sigalgs != NULL) { -+ if (tls1_sigalgs_have_sha1(c->conf_sigalgs, c->conf_sigalgslen)) -+ return 1; -+ return 0; -+ } -+ return 1; -+} -+ - static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid) - { - int sig_nid, use_pc_sigalgs = 0; -diff -up openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel openssl-1.1.1g/test/recipes/25-test_verify.t ---- openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/test/recipes/25-test_verify.t 2020-06-04 15:48:01.608178833 +0200 -@@ -346,8 +346,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver - ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ), - "CA with PSS signature using SHA256"); - --ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"), -- "Reject PSS signature using SHA1 and auth level 2"); -+ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"), -+ "Reject PSS signature using SHA1 and auth level 3"); - - ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"), - "PSS signature using SHA256 and auth level 2"); diff --git a/openssl-1.1.1-ssh-kdf.patch b/openssl-1.1.1-ssh-kdf.patch deleted file mode 100644 index 1bf71c4..0000000 --- a/openssl-1.1.1-ssh-kdf.patch +++ /dev/null @@ -1,5612 +0,0 @@ -commit 1e662a43f0420cfdc40d01cd70c27fa1c220a57e -Author: Simo Sorce -Date: Wed Sep 19 16:23:45 2018 -0400 - - Implement SSH KDF - - SSH's KDF is defined in RFC 4253 in Section 7.2 - - Signed-off-by: Simo Sorce - - Reviewed-by: Paul Dale - Reviewed-by: Matt Caswell - (Merged from https://github.com/openssl/openssl/pull/7290) - -diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index ae67dac7f6..e7ed2f8d63 100644 ---- a/crypto/err/openssl.txt -+++ b/crypto/err/openssl.txt -@@ -828,6 +828,10 @@ KDF_F_KDF_SCRYPT_CTRL_UINT32:121:kdf_scrypt_ctrl_uint32 - KDF_F_KDF_SCRYPT_CTRL_UINT64:122:kdf_scrypt_ctrl_uint64 - KDF_F_KDF_SCRYPT_DERIVE:123:kdf_scrypt_derive - KDF_F_KDF_SCRYPT_NEW:124:kdf_scrypt_new -+KDF_F_KDF_SSHKDF_CTRL:130:kdf_sshkdf_ctrl -+KDF_F_KDF_SSHKDF_CTRL_STR:131:kdf_sshkdf_ctrl_str -+KDF_F_KDF_SSHKDF_DERIVE:132:kdf_sshkdf_derive -+KDF_F_KDF_SSHKDF_NEW:133:kdf_sshkdf_new - KDF_F_KDF_TLS1_PRF_CTRL_STR:125:kdf_tls1_prf_ctrl_str - KDF_F_KDF_TLS1_PRF_DERIVE:126:kdf_tls1_prf_derive - KDF_F_KDF_TLS1_PRF_NEW:127:kdf_tls1_prf_new -@@ -2320,6 +2324,9 @@ KDF_R_MISSING_PASS:110:missing pass - KDF_R_MISSING_SALT:111:missing salt - KDF_R_MISSING_SECRET:107:missing secret - KDF_R_MISSING_SEED:106:missing seed -+KDF_R_MISSING_SESSION_ID:113:missing session id -+KDF_R_MISSING_TYPE:114:missing type -+KDF_R_MISSING_XCGHASH:115:missing xcghash - KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type - KDF_R_VALUE_ERROR:108:value error - KDF_R_VALUE_MISSING:102:value missing -diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c -index 05f5cec3a9..811fe727f6 100644 ---- a/crypto/evp/kdf_lib.c -+++ b/crypto/evp/kdf_lib.c -@@ -29,7 +29,8 @@ static const EVP_KDF_METHOD *standard_methods[] = { - &scrypt_kdf_meth, - #endif - &tls1_prf_kdf_meth, -- &hkdf_kdf_meth -+ &hkdf_kdf_meth, -+ &sshkdf_kdf_meth, - }; - - DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *, -diff --git a/include/crypto/evp.h b/include/crypto/evp.h -index a109e561b3..8c313c65ac 100644 ---- a/include/crypto/evp.h -+++ b/include/crypto/evp.h -@@ -129,6 +129,7 @@ extern const EVP_KDF_METHOD pbkdf2_kdf_meth; - extern const EVP_KDF_METHOD scrypt_kdf_meth; - extern const EVP_KDF_METHOD tls1_prf_kdf_meth; - extern const EVP_KDF_METHOD hkdf_kdf_meth; -+extern const EVP_KDF_METHOD sshkdf_kdf_meth; - - struct evp_md_st { - int type; -diff --git a/crypto/kdf/build.info b/crypto/kdf/build.info -index dce960e9e1..f483c779dd 100644 ---- a/crypto/kdf/build.info -+++ b/crypto/kdf/build.info -@@ -1,3 +1,3 @@ - LIBS=../../libcrypto - SOURCE[../../libcrypto]=\ -- tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c -+ tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c sshkdf.c -diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c -index b2a0c0ebfc..b4678775dd 100644 ---- a/crypto/kdf/kdf_err.c -+++ b/crypto/kdf/kdf_err.c -@@ -31,6 +31,11 @@ static const ERR_STRING_DATA KDF_str_functs[] = { - "kdf_scrypt_ctrl_uint64"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_DERIVE, 0), "kdf_scrypt_derive"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_NEW, 0), "kdf_scrypt_new"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SSHKDF_CTRL, 0), "kdf_sshkdf_ctrl"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SSHKDF_CTRL_STR, 0), -+ "kdf_sshkdf_ctrl_str"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SSHKDF_DERIVE, 0), "kdf_sshkdf_derive"}, -+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SSHKDF_NEW, 0), "kdf_sshkdf_new"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_CTRL_STR, 0), - "kdf_tls1_prf_ctrl_str"}, - {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_DERIVE, 0), -@@ -70,6 +75,9 @@ static const ERR_STRING_DATA KDF_str_reasons[] = { - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SALT), "missing salt"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SECRET), "missing secret"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SEED), "missing seed"}, -+ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SESSION_ID), "missing session id"}, -+ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_TYPE), "missing type"}, -+ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_XCGHASH), "missing xcghash"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNKNOWN_PARAMETER_TYPE), - "unknown parameter type"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_ERROR), "value error"}, -diff --git a/crypto/kdf/sshkdf.c b/crypto/kdf/sshkdf.c -new file mode 100644 -index 0000000000..24f37cbed4 ---- /dev/null -+++ b/crypto/kdf/sshkdf.c -@@ -0,0 +1,288 @@ -+/* -+ * Copyright 2018-2018 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the OpenSSL license (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include "internal/cryptlib.h" -+#include "crypto/evp.h" -+#include "kdf_local.h" -+ -+/* See RFC 4253, Section 7.2 */ -+ -+static void kdf_sshkdf_reset(EVP_KDF_IMPL *impl); -+static int SSHKDF(const EVP_MD *evp_md, -+ const unsigned char *key, size_t key_len, -+ const unsigned char *xcghash, size_t xcghash_len, -+ const unsigned char *session_id, size_t session_id_len, -+ char type, unsigned char *okey, size_t okey_len); -+ -+struct evp_kdf_impl_st { -+ const EVP_MD *md; -+ unsigned char *key; /* K */ -+ size_t key_len; -+ unsigned char *xcghash; /* H */ -+ size_t xcghash_len; -+ char type; /* X */ -+ unsigned char *session_id; -+ size_t session_id_len; -+}; -+ -+static EVP_KDF_IMPL *kdf_sshkdf_new(void) -+{ -+ EVP_KDF_IMPL *impl; -+ -+ if ((impl = OPENSSL_zalloc(sizeof(*impl))) == NULL) -+ KDFerr(KDF_F_KDF_SSHKDF_NEW, ERR_R_MALLOC_FAILURE); -+ return impl; -+} -+ -+static void kdf_sshkdf_free(EVP_KDF_IMPL *impl) -+{ -+ kdf_sshkdf_reset(impl); -+ OPENSSL_free(impl); -+} -+ -+static void kdf_sshkdf_reset(EVP_KDF_IMPL *impl) -+{ -+ OPENSSL_clear_free(impl->key, impl->key_len); -+ OPENSSL_clear_free(impl->xcghash, impl->xcghash_len); -+ OPENSSL_clear_free(impl->session_id, impl->session_id_len); -+ memset(impl, 0, sizeof(*impl)); -+} -+ -+static int kdf_sshkdf_parse_buffer_arg(unsigned char **dst, size_t *dst_len, -+ va_list args) -+{ -+ const unsigned char *p; -+ size_t len; -+ -+ p = va_arg(args, const unsigned char *); -+ len = va_arg(args, size_t); -+ OPENSSL_clear_free(*dst, *dst_len); -+ *dst = OPENSSL_memdup(p, len); -+ if (*dst == NULL) -+ return 0; -+ -+ *dst_len = len; -+ return 1; -+} -+ -+static int kdf_sshkdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) -+{ -+ int t; -+ -+ switch (cmd) { -+ case EVP_KDF_CTRL_SET_MD: -+ impl->md = va_arg(args, const EVP_MD *); -+ if (impl->md == NULL) -+ return 0; -+ -+ return 1; -+ -+ case EVP_KDF_CTRL_SET_KEY: -+ return kdf_sshkdf_parse_buffer_arg(&impl->key, -+ &impl->key_len, args); -+ -+ case EVP_KDF_CTRL_SET_SSHKDF_XCGHASH: -+ return kdf_sshkdf_parse_buffer_arg(&impl->xcghash, -+ &impl->xcghash_len, args); -+ -+ case EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID: -+ return kdf_sshkdf_parse_buffer_arg(&impl->session_id, -+ &impl->session_id_len, args); -+ -+ case EVP_KDF_CTRL_SET_SSHKDF_TYPE: -+ t = va_arg(args, int); -+ if (t < 65 || t > 70) { -+ KDFerr(KDF_F_KDF_SSHKDF_CTRL, KDF_R_VALUE_ERROR); -+ return 0; -+ } -+ -+ impl->type = (char)t; -+ return 1; -+ -+ default: -+ return -2; -+ -+ } -+} -+ -+static int kdf_sshkdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type, -+ const char *value) -+{ -+ if (value == NULL) { -+ KDFerr(KDF_F_KDF_SSHKDF_CTRL_STR, KDF_R_VALUE_MISSING); -+ return 0; -+ } -+ -+ if (strcmp(type, "md") == 0) -+ return kdf_md2ctrl(impl, kdf_sshkdf_ctrl, EVP_KDF_CTRL_SET_MD, value); -+ -+ if (strcmp(type, "key") == 0) -+ return kdf_str2ctrl(impl, kdf_sshkdf_ctrl, -+ EVP_KDF_CTRL_SET_KEY, value); -+ -+ if (strcmp(type, "hexkey") == 0) -+ return kdf_hex2ctrl(impl, kdf_sshkdf_ctrl, -+ EVP_KDF_CTRL_SET_KEY, value); -+ -+ if (strcmp(type, "xcghash") == 0) -+ return kdf_str2ctrl(impl, kdf_sshkdf_ctrl, -+ EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, value); -+ -+ if (strcmp(type, "hexxcghash") == 0) -+ return kdf_hex2ctrl(impl, kdf_sshkdf_ctrl, -+ EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, value); -+ -+ if (strcmp(type, "session_id") == 0) -+ return kdf_str2ctrl(impl, kdf_sshkdf_ctrl, -+ EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, value); -+ -+ if (strcmp(type, "hexsession_id") == 0) -+ return kdf_hex2ctrl(impl, kdf_sshkdf_ctrl, -+ EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, value); -+ -+ if (strcmp(type, "type") == 0) { -+ if (strlen(value) != 1) { -+ KDFerr(KDF_F_KDF_SSHKDF_CTRL_STR, KDF_R_VALUE_ERROR); -+ return 0; -+ } -+ -+ return call_ctrl(kdf_sshkdf_ctrl, impl, EVP_KDF_CTRL_SET_SSHKDF_TYPE, -+ (int)value[0]); -+ } -+ -+ KDFerr(KDF_F_KDF_SSHKDF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE); -+ return -2; -+} -+ -+static size_t kdf_sshkdf_size(EVP_KDF_IMPL *impl) -+{ -+ return SIZE_MAX; -+} -+ -+static int kdf_sshkdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, -+ size_t keylen) -+{ -+ if (impl->md == NULL) { -+ KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); -+ return 0; -+ } -+ if (impl->key == NULL) { -+ KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_KEY); -+ return 0; -+ } -+ if (impl->xcghash == NULL) { -+ KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_XCGHASH); -+ return 0; -+ } -+ if (impl->session_id == NULL) { -+ KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_SESSION_ID); -+ return 0; -+ } -+ if (impl->type == 0) { -+ KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_TYPE); -+ return 0; -+ } -+ return SSHKDF(impl->md, impl->key, impl->key_len, -+ impl->xcghash, impl->xcghash_len, -+ impl->session_id, impl->session_id_len, -+ impl->type, key, keylen); -+} -+ -+const EVP_KDF_METHOD sshkdf_kdf_meth = { -+ EVP_KDF_SSHKDF, -+ kdf_sshkdf_new, -+ kdf_sshkdf_free, -+ kdf_sshkdf_reset, -+ kdf_sshkdf_ctrl, -+ kdf_sshkdf_ctrl_str, -+ kdf_sshkdf_size, -+ kdf_sshkdf_derive, -+}; -+ -+static int SSHKDF(const EVP_MD *evp_md, -+ const unsigned char *key, size_t key_len, -+ const unsigned char *xcghash, size_t xcghash_len, -+ const unsigned char *session_id, size_t session_id_len, -+ char type, unsigned char *okey, size_t okey_len) -+{ -+ EVP_MD_CTX *md = NULL; -+ unsigned char digest[EVP_MAX_MD_SIZE]; -+ unsigned int dsize = 0; -+ size_t cursize = 0; -+ int ret = 0; -+ -+ md = EVP_MD_CTX_new(); -+ if (md == NULL) -+ return 0; -+ -+ if (!EVP_DigestInit_ex(md, evp_md, NULL)) -+ goto out; -+ -+ if (!EVP_DigestUpdate(md, key, key_len)) -+ goto out; -+ -+ if (!EVP_DigestUpdate(md, xcghash, xcghash_len)) -+ goto out; -+ -+ if (!EVP_DigestUpdate(md, &type, 1)) -+ goto out; -+ -+ if (!EVP_DigestUpdate(md, session_id, session_id_len)) -+ goto out; -+ -+ if (!EVP_DigestFinal_ex(md, digest, &dsize)) -+ goto out; -+ -+ if (okey_len < dsize) { -+ memcpy(okey, digest, okey_len); -+ ret = 1; -+ goto out; -+ } -+ -+ memcpy(okey, digest, dsize); -+ -+ for (cursize = dsize; cursize < okey_len; cursize += dsize) { -+ -+ if (!EVP_DigestInit_ex(md, evp_md, NULL)) -+ goto out; -+ -+ if (!EVP_DigestUpdate(md, key, key_len)) -+ goto out; -+ -+ if (!EVP_DigestUpdate(md, xcghash, xcghash_len)) -+ goto out; -+ -+ if (!EVP_DigestUpdate(md, okey, cursize)) -+ goto out; -+ -+ if (!EVP_DigestFinal_ex(md, digest, &dsize)) -+ goto out; -+ -+ if (okey_len < cursize + dsize) { -+ memcpy(okey + cursize, digest, okey_len - cursize); -+ ret = 1; -+ goto out; -+ } -+ -+ memcpy(okey + cursize, digest, dsize); -+ } -+ -+ ret = 1; -+ -+out: -+ EVP_MD_CTX_free(md); -+ OPENSSL_cleanse(digest, EVP_MAX_MD_SIZE); -+ return ret; -+} -+ -diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h -index 9ab1a14b9e..81646fda52 100644 ---- a/crypto/objects/obj_dat.h -+++ b/crypto/objects/obj_dat.h -@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = { - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */ - }; - --#define NUM_NID 1195 -+#define NUM_NID 1196 - static const ASN1_OBJECT nid_objs[NUM_NID] = { - {"UNDEF", "undefined", NID_undef}, - {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, -@@ -2275,9 +2275,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { - {"magma-mac", "magma-mac", NID_magma_mac}, - {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]}, - {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]}, -+ {"SSHKDF", "sshkdf", NID_sshkdf}, - }; - --#define NUM_SN 1186 -+#define NUM_SN 1187 - static const unsigned int sn_objs[NUM_SN] = { - 364, /* "AD_DVCS" */ - 419, /* "AES-128-CBC" */ -@@ -2555,6 +2556,7 @@ static const unsigned int sn_objs[NUM_SN] = { - 167, /* "SMIME-CAPS" */ - 100, /* "SN" */ - 1006, /* "SNILS" */ -+ 1195, /* "SSHKDF" */ - 16, /* "ST" */ - 143, /* "SXNetID" */ - 1062, /* "SipHash" */ -@@ -3467,7 +3469,7 @@ static const unsigned int sn_objs[NUM_SN] = { - 1093, /* "x509ExtAdmission" */ - }; - --#define NUM_LN 1186 -+#define NUM_LN 1187 - static const unsigned int ln_objs[NUM_LN] = { - 363, /* "AD Time Stamping" */ - 405, /* "ANSI X9.62" */ -@@ -4609,6 +4611,7 @@ static const unsigned int ln_objs[NUM_LN] = { - 1139, /* "sm4-ctr" */ - 1133, /* "sm4-ecb" */ - 1135, /* "sm4-ofb" */ -+ 1195, /* "sshkdf" */ - 16, /* "stateOrProvinceName" */ - 660, /* "streetAddress" */ - 498, /* "subtreeMaximumQuality" */ -diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num -index 1b6a9c61a1..231c18384a 100644 ---- a/crypto/objects/obj_mac.num -+++ b/crypto/objects/obj_mac.num -@@ -1192,3 +1192,4 @@ magma_cfb 1191 - magma_mac 1192 - hmacWithSHA512_224 1193 - hmacWithSHA512_256 1194 -+sshkdf 1195 -diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt -index 6dbc41ce37..5ded88e525 100644 ---- a/crypto/objects/objects.txt -+++ b/crypto/objects/objects.txt -@@ -1600,6 +1600,9 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme - # NID for HKDF - : HKDF : hkdf - -+# NID for SSHKDF -+ : SSHKDF : sshkdf -+ - # RFC 4556 - 1 3 6 1 5 2 3 : id-pkinit - id-pkinit 4 : pkInitClientAuth : PKINIT Client Auth -diff --git a/doc/man7/EVP_KDF_SSHKDF.pod b/doc/man7/EVP_KDF_SSHKDF.pod -new file mode 100644 -index 0000000000..9c9734e7c3 ---- /dev/null -+++ b/doc/man7/EVP_KDF_SSHKDF.pod -@@ -0,0 +1,175 @@ -+=pod -+ -+=head1 NAME -+ -+EVP_KDF_SSHKDF - The SSHKDF EVP_KDF implementation -+ -+=head1 DESCRIPTION -+ -+Support for computing the B KDF through the B API. -+ -+The EVP_KDF_SSHKDF algorithm implements the SSHKDF key derivation function. -+It is defined in RFC 4253, section 7.2 and is used by SSH to derive IVs, -+encryption keys and integrity keys. -+Five inputs are required to perform key derivation: The hashing function -+(for example SHA256), the Initial Key, the Exchange Hash, the Session ID, -+and the derivation key type. -+ -+=head2 Numeric identity -+ -+B is the numeric identity for this implementation; it -+can be used with the EVP_KDF_CTX_new_id() function. -+ -+=head2 Supported controls -+ -+The supported controls are: -+ -+=over 4 -+ -+=item B -+ -+=item B -+ -+These controls work as described in L. -+ -+=item B -+ -+=item B -+ -+These controls expect two arguments: C, C -+ -+They set the respective values to the first B bytes of the buffer -+B. If a value is already set, the contents are replaced. -+ -+EVP_KDF_ctrl_str() takes two type strings for these controls: -+ -+=over 4 -+ -+=item "xcghash" -+ -+=item "session_id" -+ -+The value string is used as is. -+ -+=item "hexxcghash" -+ -+=item "hexsession_id" -+ -+The value string is expected to be a hexadecimal number, which will be -+decoded before being passed on as the control value. -+ -+=back -+ -+=item B -+ -+This control expects one argument: C -+ -+Sets the type for the SSHHKDF operation. There are six supported types: -+ -+=over 4 -+ -+=item EVP_KDF_SSHKDF_TYPE_ININITAL_IV_CLI_TO_SRV -+ -+The Initial IV from client to server. -+A single char of value 65 (ASCII char 'A'). -+ -+=item EVP_KDF_SSHKDF_TYPE_ININITAL_IV_SRV_TO_CLI -+ -+The Initial IV from server to client -+A single char of value 66 (ASCII char 'B'). -+ -+=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV -+ -+The Encryption Key from client to server -+A single char of value 67 (ASCII char 'C'). -+ -+=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI -+ -+The Encryption Key from server to client -+A single char of value 68 (ASCII char 'D'). -+ -+=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV -+ -+The Integrity Key from client to server -+A single char of value 69 (ASCII char 'E'). -+ -+=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI -+ -+The Integrity Key from client to server -+A single char of value 70 (ASCII char 'F'). -+ -+=back -+ -+EVP_KDF_ctrl_str() type string: "type" -+ -+The value is a string of length one character. The only valid values -+are the numerical values of the ASCII caracters: "A" (65) to "F" (70). -+ -+=back -+ -+=head1 NOTES -+ -+A context for SSHKDF can be obtained by calling: -+ -+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF); -+ -+The output length of the SSHKDF derivation is specified via the C -+parameter to the L function. -+Since the SSHKDF output length is variable, calling L -+to obtain the requisite length is not meaningful. The caller must -+allocate a buffer of the desired length, and pass that buffer to the -+L function along with the desired length. -+ -+=head1 EXAMPLE -+ -+This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate -+"xcghash" and "session_id" values: -+ -+ EVP_KDF_CTX *kctx; -+ unsigned char key[1024] = "01234..."; -+ unsigned char xcghash[32] = "012345..."; -+ unsigned char session_id[32] = "012345..."; -+ unsigned char out[8]; -+ size_t outlen = sizeof(out); -+ kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF); -+ -+ if (EVP_KDF_CTX_set_md(kctx, EVP_sha256()) <= 0) -+ /* Error */ -+ if (EVP_KDF_CTX_set1_key(kctx, key, 1024) <= 0) -+ /* Error */ -+ if (EVP_KDF_CTX_set1_sshkdf_xcghash(kctx, xcghash, 32) <= 0) -+ /* Error */ -+ if (EVP_KDF_CTX_set1_sshkdf_session_id(kctx, session_id, 32) <= 0) -+ /* Error */ -+ if (EVP_KDF_CTX_set_sshkdf_type(kctx, -+ EVP_KDF_SSHKDF_TYPE_ININITAL_IV_CLI_TO_SRV) <= 0) -+ /* Error */ -+ if (EVP_KDF_derive(kctx, out, &outlen) <= 0) -+ /* Error */ -+ -+ -+=head1 CONFORMING TO -+ -+RFC 4253 -+ -+=head1 SEE ALSO -+ -+L, -+L, -+L, -+L, -+L, -+L, -+L -+ -+=head1 COPYRIGHT -+ -+Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. -+ -+Licensed under the OpenSSL license (the "License"). You may not use -+this file except in compliance with the License. You can obtain a copy -+in the file LICENSE in the source distribution or at -+L. -+ -+=cut -+ -diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h -index 16caed5273..362ab14cff 100644 ---- a/include/openssl/kdf.h -+++ b/include/openssl/kdf.h -@@ -20,6 +20,7 @@ extern "C" { - # define EVP_KDF_SCRYPT NID_id_scrypt - # define EVP_KDF_TLS1_PRF NID_tls1_prf - # define EVP_KDF_HKDF NID_hkdf -+# define EVP_KDF_SSHKDF NID_sshkdf - - EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id); - void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); -@@ -47,11 +48,20 @@ int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); - # define EVP_KDF_CTRL_SET_SCRYPT_N 0x0d /* uint64_t */ - # define EVP_KDF_CTRL_SET_SCRYPT_R 0x0e /* uint32_t */ - # define EVP_KDF_CTRL_SET_SCRYPT_P 0x0f /* uint32_t */ -+# define EVP_KDF_CTRL_SET_SSHKDF_XCGHASH 0x10 /* unsigned char *, size_t */ -+# define EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID 0x11 /* unsigned char *, size_t */ -+# define EVP_KDF_CTRL_SET_SSHKDF_TYPE 0x12 /* int */ - - # define EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND 0 - # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 - # define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 - -+#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 -+#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 -+#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67 -+#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI 68 -+#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV 69 -+#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI 70 - - /**** The legacy PKEY-based KDF API follows. ****/ - -diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h -index 0191f2b21d..ff13ccb649 100644 ---- a/include/openssl/kdferr.h -+++ b/include/openssl/kdferr.h -@@ -32,6 +32,10 @@ int ERR_load_KDF_strings(void); - # define KDF_F_KDF_SCRYPT_CTRL_UINT64 122 - # define KDF_F_KDF_SCRYPT_DERIVE 123 - # define KDF_F_KDF_SCRYPT_NEW 124 -+# define KDF_F_KDF_SSHKDF_CTRL 130 -+# define KDF_F_KDF_SSHKDF_CTRL_STR 131 -+# define KDF_F_KDF_SSHKDF_DERIVE 132 -+# define KDF_F_KDF_SSHKDF_NEW 133 - # define KDF_F_KDF_TLS1_PRF_CTRL_STR 125 - # define KDF_F_KDF_TLS1_PRF_DERIVE 126 - # define KDF_F_KDF_TLS1_PRF_NEW 127 -@@ -62,6 +66,9 @@ int ERR_load_KDF_strings(void); - # define KDF_R_MISSING_SALT 111 - # define KDF_R_MISSING_SECRET 107 - # define KDF_R_MISSING_SEED 106 -+# define KDF_R_MISSING_SESSION_ID 113 -+# define KDF_R_MISSING_TYPE 114 -+# define KDF_R_MISSING_XCGHASH 115 - # define KDF_R_UNKNOWN_PARAMETER_TYPE 103 - # define KDF_R_VALUE_ERROR 108 - # define KDF_R_VALUE_MISSING 102 -diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h -index 31fad4640f..baf2bd8db4 100644 ---- a/include/openssl/obj_mac.h -+++ b/include/openssl/obj_mac.h -@@ -4970,6 +4970,10 @@ - #define LN_hkdf "hkdf" - #define NID_hkdf 1036 - -+#define SN_sshkdf "SSHKDF" -+#define LN_sshkdf "sshkdf" -+#define NID_sshkdf 1203 -+ - #define SN_id_pkinit "id-pkinit" - #define NID_id_pkinit 1031 - #define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L -diff --git a/test/recipes/30-test_evp_data/evpkdf.txt b/test/recipes/30-test_evp_data/evpkdf.txt -index 285c4311a6..7f2dcd2291 100644 ---- a/test/recipes/30-test_evp_data/evpkdf.txt -+++ b/test/recipes/30-test_evp_data/evpkdf.txt -@@ -433,3 +433,4856 @@ Ctrl.iter = iter:1 - Ctrl.digest = digest:sha512 - Output = 00ef42cdbfc98d29db20976608e455567fdddf14 - -+Title = SSHKDF tests (from NIST CAVS 14.1 test vectors) -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 -+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.type = type:A -+Output = e2f627c0b43f1ac1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 -+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.type = type:B -+Output = 58471445f342b181 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 -+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.type = type:C -+Output = 1ca9d310f86d51f6cb8e7007cb2b220d55c5281ce680b533 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 -+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.type = type:D -+Output = 2c60df8603d34cc1dbb03c11f725a44b44008851c73d6844 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 -+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.type = type:E -+Output = 472eb8a26166ae6aa8e06868e45c3b26e6eeed06 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 -+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.type = type:F -+Output = e3e2fdb9d7bc21165a3dbe47e1eceb7764390bab -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208 -+Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626 -+Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a -+Ctrl.type = type:A -+Output = 55a1015757de84cb -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208 -+Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626 -+Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a -+Ctrl.type = type:B -+Output = 7e57f61d5735f4fb -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208 -+Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626 -+Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a -+Ctrl.type = type:C -+Output = dd1c24bde1af845e82207541e3e173aec822fb904a94ae3c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208 -+Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626 -+Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a -+Ctrl.type = type:D -+Output = cbbfdc9442af6db7f8c4dcaa4b0b5d0163e0e204476aa2a0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208 -+Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626 -+Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a -+Ctrl.type = type:E -+Output = e153e04886c0dc446dde9a9b3b13efb77151764d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208 -+Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626 -+Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a -+Ctrl.type = type:F -+Output = c8e4f61bd6b5abb2c6e06eca7b302349435e4842 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62 -+Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2 -+Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd -+Ctrl.type = type:A -+Output = 054eaf5d7dea31e7 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62 -+Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2 -+Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd -+Ctrl.type = type:B -+Output = 6ce586c127da010f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62 -+Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2 -+Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd -+Ctrl.type = type:C -+Output = 7907bf3d7c58ce72714b2adb1a14f156194b14378a4a7c49 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62 -+Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2 -+Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd -+Ctrl.type = type:D -+Output = c34757dc104e7b811f6550bbc3888e1d4297578fd88b2ca5 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62 -+Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2 -+Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd -+Ctrl.type = type:E -+Output = e463e05ef70e61f994ee3cd20d504cb6eddb9b1a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62 -+Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2 -+Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd -+Ctrl.type = type:F -+Output = 676cf1dfc887e122353eead2b1e644f9d9def944 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9 -+Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586 -+Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200 -+Ctrl.type = type:A -+Output = bc4b5164911bc87b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9 -+Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586 -+Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200 -+Ctrl.type = type:B -+Output = d791c5986b27257e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9 -+Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586 -+Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200 -+Ctrl.type = type:C -+Output = de8e99bb3f60ccf0583712528aa3dd0418fdb90d0a588012 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9 -+Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586 -+Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200 -+Ctrl.type = type:D -+Output = f37f75a685f1eaf4fd270b946d84734e96aa3b4ed130afc6 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9 -+Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586 -+Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200 -+Ctrl.type = type:E -+Output = 658f04b0f59aab071b9e11ec9ff187ee10e80254 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9 -+Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586 -+Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200 -+Ctrl.type = type:F -+Output = b030809222ff7a12b0df35072d67f314ab1d5eda -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff -+Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614 -+Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d -+Ctrl.type = type:A -+Output = 7a74ec799ef16865 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff -+Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614 -+Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d -+Ctrl.type = type:B -+Output = 6e544fc6db0ca1ba -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff -+Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614 -+Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d -+Ctrl.type = type:C -+Output = 658226b1b10b2033fa88838b619572b18e81e80c76507918 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff -+Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614 -+Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d -+Ctrl.type = type:D -+Output = 327298c8660685efcb01c5c0df49faebb15c0e93b0f6c65d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff -+Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614 -+Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d -+Ctrl.type = type:E -+Output = 6b618a10aeaa12c9a8d2bcb10e975605582c00e5 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff -+Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614 -+Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d -+Ctrl.type = type:F -+Output = 6d4ce50da9de90d6f746e812a2e74bcd921f5612 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3 -+Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f -+Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a -+Ctrl.type = type:A -+Output = b655839abcb1a7b8 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3 -+Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f -+Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a -+Ctrl.type = type:B -+Output = 98f9ec980831a8bc -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3 -+Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f -+Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a -+Ctrl.type = type:C -+Output = 31a63b64cfa8b6a12ba165096dad8d127cd3f3b67698b670 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3 -+Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f -+Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a -+Ctrl.type = type:D -+Output = 8bd79633967b92f0039a38a2d421e12840ea5c31b43c4e90 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3 -+Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f -+Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a -+Ctrl.type = type:E -+Output = 37eccade73b422d1108e390eaa28c646b554a721 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3 -+Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f -+Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a -+Ctrl.type = type:F -+Output = 013a20fc8f53ef08aae0a836b9410153a877983a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef -+Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023 -+Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114 -+Ctrl.type = type:A -+Output = 12f6c3ac60d6ee3b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef -+Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023 -+Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114 -+Ctrl.type = type:B -+Output = 536d106e00aec6fd -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef -+Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023 -+Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114 -+Ctrl.type = type:C -+Output = 26b8ec66854d0f0aa98f6888be628ebc75900c3738d47894 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef -+Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023 -+Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114 -+Ctrl.type = type:D -+Output = d5d3b3817214eeb3bf292dffc77daeab062ac7fcd2e3a2bd -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef -+Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023 -+Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114 -+Ctrl.type = type:E -+Output = 014613aef22194307bc0678f6edd1ccff240adfa -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef -+Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023 -+Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114 -+Ctrl.type = type:F -+Output = 5057b4cc2c300f7546d358a75daf58233b71da1a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983 -+Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639 -+Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606 -+Ctrl.type = type:A -+Output = d160f91f36027ff9 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983 -+Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639 -+Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606 -+Ctrl.type = type:B -+Output = 0d02ec310663bbcc -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983 -+Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639 -+Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606 -+Ctrl.type = type:C -+Output = 03b66f451ad93a01914dd3372d980bea3de94993e176ea01 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983 -+Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639 -+Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606 -+Ctrl.type = type:D -+Output = c2db767cbbdf2f839eb2f37ada87a041d220b9f58842d0db -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983 -+Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639 -+Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606 -+Ctrl.type = type:E -+Output = 0b2944c26dcf4cc877cdc55c4e9b1b8155e3874b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983 -+Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639 -+Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606 -+Ctrl.type = type:F -+Output = f7977d574c7d9e4f34ecd6b405c765963f0dfe57 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31 -+Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929 -+Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0 -+Ctrl.type = type:A -+Output = e4387818ab7f4fa6 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31 -+Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929 -+Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0 -+Ctrl.type = type:B -+Output = 1daabebcc8a064df -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31 -+Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929 -+Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0 -+Ctrl.type = type:C -+Output = 9fffad3aec53cd719c1d500850c2f38d8eea04606f78b402 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31 -+Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929 -+Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0 -+Ctrl.type = type:D -+Output = 6b196bce2aa2bd912ffd67a94fc42dec1051376f73ec3ce2 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31 -+Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929 -+Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0 -+Ctrl.type = type:E -+Output = beab583906e6bed005558c102a5b5fd6ee71485f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31 -+Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929 -+Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0 -+Ctrl.type = type:F -+Output = 105140594b5b9061de7ff2afac09bce81b75d6c6 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d -+Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70 -+Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c -+Ctrl.type = type:A -+Output = ef982c8fd0fd464f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d -+Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70 -+Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c -+Ctrl.type = type:B -+Output = 845ad3ba4d359326 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d -+Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70 -+Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c -+Ctrl.type = type:C -+Output = d9e516001b6b1a17268e507fa6e13f6bc9c3ded0020ef841 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d -+Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70 -+Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c -+Ctrl.type = type:D -+Output = d57d2f3c25b536442d8c7f36d62778d06fb6e7d4b5c7ab76 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d -+Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70 -+Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c -+Ctrl.type = type:E -+Output = f0b75425b271eb82645b1f1424b2a838dbcf6f98 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d -+Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70 -+Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c -+Ctrl.type = type:F -+Output = cdf59b2327588ffd18becfc0e5bb526014101401 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145 -+Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 -+Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 -+Ctrl.type = type:A -+Output = 79c9195e683ae10750960cb55c4d4c0b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145 -+Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 -+Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 -+Ctrl.type = type:B -+Output = ef00b448ab9fd6523bb5143a0a818750 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145 -+Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 -+Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 -+Ctrl.type = type:C -+Output = 51c8b4aaf5e42443be0aa3c50aa7e1dd -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145 -+Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 -+Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 -+Ctrl.type = type:D -+Output = 4153a587397fb14dc3faad028fdb7ecc -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145 -+Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 -+Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 -+Ctrl.type = type:E -+Output = d23e36347052a1cfb4a7789df48627e8a31345c7 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145 -+Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 -+Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 -+Ctrl.type = type:F -+Output = c1286e92655912d923154c460702a31424bd6b01 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4 -+Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e -+Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4 -+Ctrl.type = type:A -+Output = 739ad52e454ba3457735b7c5304c6578 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4 -+Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e -+Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4 -+Ctrl.type = type:B -+Output = 3bd9f9d9f06aa521d2f53e40fc5d9f90 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4 -+Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e -+Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4 -+Ctrl.type = type:C -+Output = 335cd2813bebd3d5e1dda4c1e14c23de -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4 -+Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e -+Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4 -+Ctrl.type = type:D -+Output = fd25c5ae649645d8c0cfff0d4d8e7a47 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4 -+Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e -+Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4 -+Ctrl.type = type:E -+Output = 90e89773d04623553d4d298e6aa75781d8a6544b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4 -+Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e -+Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4 -+Ctrl.type = type:F -+Output = 86a3f05a5f844b23d787cccbda37a3d773a4d049 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde -+Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4 -+Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e -+Ctrl.type = type:A -+Output = d2d06d589e6e696556e3d44d7d05decb -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde -+Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4 -+Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e -+Ctrl.type = type:B -+Output = 14e3a886b715206e837b70fe7c02b941 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde -+Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4 -+Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e -+Ctrl.type = type:C -+Output = 98625cf9741819273a0d6852ca7ab592 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde -+Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4 -+Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e -+Ctrl.type = type:D -+Output = a7b273f04d537856015e06075c94c398 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde -+Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4 -+Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e -+Ctrl.type = type:E -+Output = 3e1afa980d05ec30e9a55331ac301c10305999e2 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde -+Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4 -+Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e -+Ctrl.type = type:F -+Output = b993c4254669c7a51ed713ddaf7174fd5296fe57 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474 -+Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1 -+Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d -+Ctrl.type = type:A -+Output = d9c0ed6b7fbf066d4f3cff7d2585ef5b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474 -+Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1 -+Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d -+Ctrl.type = type:B -+Output = da13833aa2c086e5d76595132f4e5fc6 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474 -+Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1 -+Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d -+Ctrl.type = type:C -+Output = 9e27400587b646397a7655be0e5763ec -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474 -+Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1 -+Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d -+Ctrl.type = type:D -+Output = 91b95d5cce7f2aec14776f49f652a305 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474 -+Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1 -+Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d -+Ctrl.type = type:E -+Output = a97dc9a99e37c983a4922cd2ecdfa394b71141ce -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474 -+Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1 -+Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d -+Ctrl.type = type:F -+Output = 173d846f9790c742ca86af4bff5f965c6088a05b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344 -+Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97 -+Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a -+Ctrl.type = type:A -+Output = 6fa496847cda7367cb32b8be9aae3f85 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344 -+Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97 -+Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a -+Ctrl.type = type:B -+Output = 702ac8636520b7c6169ddc660781de9f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344 -+Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97 -+Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a -+Ctrl.type = type:C -+Output = 6ffd703180af7c2207d5fa9e467272e3 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344 -+Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97 -+Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a -+Ctrl.type = type:D -+Output = 7ae5281e377f230dcc9854cf995f663d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344 -+Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97 -+Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a -+Ctrl.type = type:E -+Output = fbcb152df7a3f12a8f174f9ca31bb31b124ae3c2 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344 -+Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97 -+Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a -+Ctrl.type = type:F -+Output = 3f0c57fbccfb7306cff23bdaf69d70a8a394b34b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f -+Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b -+Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc -+Ctrl.type = type:A -+Output = 7e37ea52156fad1903709e1d3229721f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f -+Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b -+Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc -+Ctrl.type = type:B -+Output = c15569583de413e08293bf1689a9afe8 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f -+Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b -+Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc -+Ctrl.type = type:C -+Output = 0c85227539f5e328c64172280759d9bf -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f -+Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b -+Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc -+Ctrl.type = type:D -+Output = 3dbc42d9e7128e861b87781546cedc8e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f -+Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b -+Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc -+Ctrl.type = type:E -+Output = 1ec0d15e38ea1b48da963837dbf30cef855a92c7 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f -+Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b -+Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc -+Ctrl.type = type:F -+Output = eea8ea042a079fcf8416a8b244fafab35adeca8a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858 -+Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606 -+Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a -+Ctrl.type = type:A -+Output = f2faef6e274814ed7ca544484ac21a3a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858 -+Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606 -+Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a -+Ctrl.type = type:B -+Output = 3ca9bc0f3c65c257fa160a4d1c5e3520 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858 -+Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606 -+Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a -+Ctrl.type = type:C -+Output = fcdf0545b51aca6515bccf6ed0ecb582 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858 -+Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606 -+Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a -+Ctrl.type = type:D -+Output = 86ea895a310c3bbd1aac209b2362d58a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858 -+Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606 -+Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a -+Ctrl.type = type:E -+Output = 12a4f2b749e2bf88c1f8437e5ff61de761fd48b3 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858 -+Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606 -+Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a -+Ctrl.type = type:F -+Output = a3a9276a120db379ec780e434879a54935db954d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e -+Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5 -+Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56 -+Ctrl.type = type:A -+Output = e53f2f61d8919e097cb99627fe668385 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e -+Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5 -+Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56 -+Ctrl.type = type:B -+Output = cea80fd8dc06654ed80b0ec150835537 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e -+Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5 -+Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56 -+Ctrl.type = type:C -+Output = d5ba475e737bed349b8931ba38d426e9 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e -+Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5 -+Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56 -+Ctrl.type = type:D -+Output = f3ea92b4f365ab2fb8403ad8ecd2d17c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e -+Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5 -+Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56 -+Ctrl.type = type:E -+Output = 41fa718884738fd6fd9ee9fd5af05f0de9400952 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e -+Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5 -+Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56 -+Ctrl.type = type:F -+Output = 91395bbd90abb140d0984ed5e77836590bf44695 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1 -+Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a -+Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c -+Ctrl.type = type:A -+Output = 04d3c0a3f5e33ae373c637ef45897779 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1 -+Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a -+Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c -+Ctrl.type = type:B -+Output = c5a45bfbf6d7c14c5d3a953b4848e433 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1 -+Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a -+Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c -+Ctrl.type = type:C -+Output = 3a16d0da2f785e2c325b45109778910a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1 -+Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a -+Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c -+Ctrl.type = type:D -+Output = 902b38dd6c759945e671c1de7d99e918 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1 -+Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a -+Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c -+Ctrl.type = type:E -+Output = b573244de3127f6aa5457e792219dc89defaaecd -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1 -+Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a -+Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c -+Ctrl.type = type:F -+Output = 6cd221005dd1f0de4f472f48d15e61dcc2e91e99 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5 -+Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7 -+Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b -+Ctrl.type = type:A -+Output = 5f9deaf2ee4f05af0a8a813ef6bb9549 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5 -+Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7 -+Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b -+Ctrl.type = type:B -+Output = a2ea4b795f9c9de1d786d0c771df2b84 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5 -+Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7 -+Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b -+Ctrl.type = type:C -+Output = 13f828f8f1e5532a04f138681bc8259d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5 -+Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7 -+Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b -+Ctrl.type = type:D -+Output = 7231ce5fd725391e058cd78815f44625 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5 -+Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7 -+Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b -+Ctrl.type = type:E -+Output = 937b7e16ed0b2324203cdae904fc55cbe25067a1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5 -+Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7 -+Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b -+Ctrl.type = type:F -+Output = d7536b911dc79d5953455ba6e15cb5fec7c14025 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792 -+Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca -+Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca -+Ctrl.type = type:A -+Output = 9fff6c6a6d1f5c31 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792 -+Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca -+Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca -+Ctrl.type = type:B -+Output = 8e0ae78c64d2fe2a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792 -+Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca -+Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca -+Ctrl.type = type:C -+Output = 9044f963ffb56b94556a38aac5398a7072ffba60258500be -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792 -+Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca -+Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca -+Ctrl.type = type:D -+Output = a861a317ea42b050901aff367b5a1d0abd5c497c77311ba2 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792 -+Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca -+Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca -+Ctrl.type = type:E -+Output = 43225d64b6da6f070925ad1c8b7ac88893f9a7cba0dfc55ddea42eec -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792 -+Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca -+Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca -+Ctrl.type = type:F -+Output = eb31db29bbafca2773f815fa478d927943288588e371ae9ba0414d98 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f -+Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d -+Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8 -+Ctrl.type = type:A -+Output = bf2d6e03ba930c71 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f -+Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d -+Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8 -+Ctrl.type = type:B -+Output = ff14fadc19a0bd8a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f -+Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d -+Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8 -+Ctrl.type = type:C -+Output = 34a70734eaebeb8608cbb91098fa13326f37ccc5d408584d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f -+Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d -+Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8 -+Ctrl.type = type:D -+Output = f993da8f2e840b836c8980fa2d780a1b4eeef77046988eed -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f -+Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d -+Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8 -+Ctrl.type = type:E -+Output = a274441c86dd146cfab25d87344bd5a880d374d300aa8e1fe4919378 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f -+Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d -+Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8 -+Ctrl.type = type:F -+Output = 7774dc48324cca24901bedc37224cb291d6202fb6b5e1d9315a9bd10 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e -+Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8 -+Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b -+Ctrl.type = type:A -+Output = 75bc82b271311f53 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e -+Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8 -+Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b -+Ctrl.type = type:B -+Output = 602d69e77b8c30b3 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e -+Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8 -+Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b -+Ctrl.type = type:C -+Output = e0c8856a26b2f4804e98809d5b81cdb360b43884a33d4fef -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e -+Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8 -+Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b -+Ctrl.type = type:D -+Output = e661555415bcab0b1f2d4b4387cda213cdd93f8458a2ace4 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e -+Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8 -+Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b -+Ctrl.type = type:E -+Output = a368f66127573c79e2d936032f75c3d11c0131455eb9b6c5384582de -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e -+Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8 -+Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b -+Ctrl.type = type:F -+Output = 779f09f514bdf7ed4a01788f10146367ce2ddf2aacebb961524c002a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e -+Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b -+Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95 -+Ctrl.type = type:A -+Output = 386bc0b99215c8fa -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e -+Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b -+Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95 -+Ctrl.type = type:B -+Output = c793dba9a68f70a4 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e -+Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b -+Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95 -+Ctrl.type = type:C -+Output = 3dcaea7c946c2de76811482556299aa9bf96c8eef11fb2d6 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e -+Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b -+Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95 -+Ctrl.type = type:D -+Output = fd078ef65922006809729f9533c8742e9f973f7ff37ba987 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e -+Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b -+Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95 -+Ctrl.type = type:E -+Output = 83a1924fa5f7ceffeba7f519ac51a86a2746a93eb194db51a4596ca1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e -+Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b -+Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95 -+Ctrl.type = type:F -+Output = e16507d1bbd53b41f9bb2f0f21b5112eb6cd1eb0489fb5e754212390 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5 -+Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b -+Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7 -+Ctrl.type = type:A -+Output = 0e764ebe0d523aae -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5 -+Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b -+Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7 -+Ctrl.type = type:B -+Output = 24bd2eff86c2a8dc -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5 -+Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b -+Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7 -+Ctrl.type = type:C -+Output = 26c01e3d56c1b928f65aaa1b6a15f5b8d41de187b4bb5fdc -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5 -+Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b -+Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7 -+Ctrl.type = type:D -+Output = e0cc3bdb6d69d10893eeb73b892d746acea151f24247fd9c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5 -+Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b -+Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7 -+Ctrl.type = type:E -+Output = bf442ba6ec794f20584528686cedbaa568c13b895f642fe5cb3542bb -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5 -+Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b -+Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7 -+Ctrl.type = type:F -+Output = 65ab453e5ffd1b5e1540aa547766d7c177204c319642f93059bdf257 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0 -+Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6 -+Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff -+Ctrl.type = type:A -+Output = 45799bbb09fd8804 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0 -+Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6 -+Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff -+Ctrl.type = type:B -+Output = b787b009f3313be0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0 -+Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6 -+Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff -+Ctrl.type = type:C -+Output = c4cbb547c997e8fddb9e56ef5df91327766668a43a958a8e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0 -+Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6 -+Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff -+Ctrl.type = type:D -+Output = b55b7cca0a0363b84b40b79366b87db7c440dec5bf89e952 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0 -+Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6 -+Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff -+Ctrl.type = type:E -+Output = 9c6399e5f4db0fc7652268d7423230ee5ffc0a210c26568dc5c0ab7d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0 -+Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6 -+Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff -+Ctrl.type = type:F -+Output = 9824301c33daae0f1b75eb472d6f0b4ef2cea0b2f61e204b6aefb0bd -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e -+Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df -+Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970 -+Ctrl.type = type:A -+Output = 2958928e5fd3c6e4 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e -+Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df -+Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970 -+Ctrl.type = type:B -+Output = aa91bee1a3b3374c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e -+Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df -+Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970 -+Ctrl.type = type:C -+Output = 6fdac559eb1d6af7fc7fbaa4f9a15fd4145b97b9418518d9 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e -+Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df -+Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970 -+Ctrl.type = type:D -+Output = 5a8271402756f7eac59f09b5020f7b05f6475fc3a2e2b482 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e -+Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df -+Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970 -+Ctrl.type = type:E -+Output = 910de4a4a437cab056f7c38037f0196c524464237c5e332e79564a90 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e -+Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df -+Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970 -+Ctrl.type = type:F -+Output = 0bfa6ed5dc8ab0fc1bb9feb966d7107137ebf3f754ac71c2a16a9c22 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c -+Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5 -+Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545 -+Ctrl.type = type:A -+Output = 82204d79e13252f1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c -+Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5 -+Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545 -+Ctrl.type = type:B -+Output = a76ff923488c7bd3 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c -+Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5 -+Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545 -+Ctrl.type = type:C -+Output = 8ba3bd224890bdd4dd07d2a5a98e5efcd95d82c66583d098 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c -+Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5 -+Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545 -+Ctrl.type = type:D -+Output = a04a3844933ca1bb45848bc1a7626e4c50dc46aa5376d027 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c -+Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5 -+Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545 -+Ctrl.type = type:E -+Output = 393f2f152d6c6d063f284cadd1fd9d700928188b7fea31f74b44fbc6 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c -+Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5 -+Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545 -+Ctrl.type = type:F -+Output = f27f2cd72b22e1719f91b912d6c9d180985121d32bd217e348cd2003 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6 -+Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467 -+Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262 -+Ctrl.type = type:A -+Output = f843e3c6a1621998 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6 -+Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467 -+Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262 -+Ctrl.type = type:B -+Output = 128b2d8968cfaad5 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6 -+Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467 -+Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262 -+Ctrl.type = type:C -+Output = d6c4d2685753580dea2c6a6eb6add592011356eb9e868d44 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6 -+Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467 -+Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262 -+Ctrl.type = type:D -+Output = 92af60f4858f3d14efaac039130389ab9ae1237f0da09a29 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6 -+Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467 -+Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262 -+Ctrl.type = type:E -+Output = a37af93c8f25e145def1c5397bec2ee2119cc0e0bd4854fe23b2e3d1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6 -+Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467 -+Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262 -+Ctrl.type = type:F -+Output = d44def5fcec300da5913ca109c0fd7a2c2cbcedd2c3e3216c5cb0d95 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a -+Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217 -+Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e -+Ctrl.type = type:A -+Output = 4276fab65090b420 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a -+Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217 -+Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e -+Ctrl.type = type:B -+Output = 00303ca4f9a5a6f8 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a -+Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217 -+Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e -+Ctrl.type = type:C -+Output = 3d67892281e9c6ed6535d7ae69e832f6723afd545763bd3d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a -+Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217 -+Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e -+Ctrl.type = type:D -+Output = 5a5844e6c47eacc172e0012044037668a653758b96310350 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a -+Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217 -+Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e -+Ctrl.type = type:E -+Output = 4783fb6e98db788f6594c2b82e751528590c41780adce2ffba234290 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a -+Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217 -+Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e -+Ctrl.type = type:F -+Output = 7c60752b0b5a0f0027507ecd88e6af2b78e462a98459bf0511152663 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36 -+Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 -+Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 -+Ctrl.type = type:A -+Output = 2512664639690af9f64afd16d9ccf3d3 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36 -+Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 -+Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 -+Ctrl.type = type:B -+Output = c13223796f394c6d1ffd18c22c09f27a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36 -+Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 -+Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 -+Ctrl.type = type:C -+Output = 7be659a7cbeda28722315d96444a5c98 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36 -+Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 -+Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 -+Ctrl.type = type:D -+Output = bdfbd698c518aa45c35d7afd7bd91150 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36 -+Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 -+Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 -+Ctrl.type = type:E -+Output = dd38b79b081713ac3007ffd88d5cd67f43fbb36c983e0fc1cd273d84 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36 -+Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 -+Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 -+Ctrl.type = type:F -+Output = edf713ecfb21b9e9c2d9d04c882d5ded433dcf459ff5b0fe7cd45bb1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3 -+Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc -+Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e -+Ctrl.type = type:A -+Output = f3064d3f3ed09eefd34731a2c60c1a80 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3 -+Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc -+Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e -+Ctrl.type = type:B -+Output = 1f7f508d9c4cf1004a220f26e0e6c184 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3 -+Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc -+Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e -+Ctrl.type = type:C -+Output = 2ad48a77fa12fcb5d3d3e98d5bb87d76 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3 -+Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc -+Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e -+Ctrl.type = type:D -+Output = 0433db7fd40d9d0dc9df6e9eed8059e4 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3 -+Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc -+Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e -+Ctrl.type = type:E -+Output = b07884f15910c6a083143ef9bda115d05c9e4c4057c1987c4f78a1b6 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3 -+Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc -+Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e -+Ctrl.type = type:F -+Output = f838da7b26311dbd529f742d901709229482cea9d7ac9f0c2cd14200 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56 -+Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690 -+Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53 -+Ctrl.type = type:A -+Output = d8c60bf582892d2cd03956774614b9f1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56 -+Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690 -+Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53 -+Ctrl.type = type:B -+Output = bac1bef6d6dd92de55bc174c9db77a54 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56 -+Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690 -+Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53 -+Ctrl.type = type:C -+Output = bdf96d88d7ac4f0daa62d29948a5c891 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56 -+Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690 -+Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53 -+Ctrl.type = type:D -+Output = ef0dbe568b4f3fbcb8b2665ed7ed0f8d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56 -+Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690 -+Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53 -+Ctrl.type = type:E -+Output = 315d50a1b29f9d556c983432b98bf437893c1a892cf69880353d9797 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56 -+Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690 -+Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53 -+Ctrl.type = type:F -+Output = 612e3ac6651f9c7d99c532da0820f079292d9b33d36b684198665f5e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b -+Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a -+Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f -+Ctrl.type = type:A -+Output = e0d36ac1de6cc8514d25ff824bfaaa37 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b -+Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a -+Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f -+Ctrl.type = type:B -+Output = 58c896b4d1a9507e7da2234a1a538d78 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b -+Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a -+Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f -+Ctrl.type = type:C -+Output = 5966df5cb582234585b4c4312318f829 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b -+Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a -+Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f -+Ctrl.type = type:D -+Output = 40d8bdab78c9dac2b2d14d1c8bd41405 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b -+Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a -+Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f -+Ctrl.type = type:E -+Output = 1af4707570794ff6c718c817ccb9fca5edf22a3a8d493a861633fb7a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b -+Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a -+Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f -+Ctrl.type = type:F -+Output = 4e6edd5d86f0a3b92595fb2d4f0f9b0f0ed1e850c84014224270bcbc -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2 -+Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01 -+Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d -+Ctrl.type = type:A -+Output = d30b7efda77a1008d78487fb1c9df511 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2 -+Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01 -+Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d -+Ctrl.type = type:B -+Output = 498b3d9f14446a028d1aed8bc4748e34 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2 -+Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01 -+Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d -+Ctrl.type = type:C -+Output = f4909273c39ef8819b353cde80f57cc9 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2 -+Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01 -+Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d -+Ctrl.type = type:D -+Output = b31337a6ecd02f4beb9bf4af12ea4e11 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2 -+Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01 -+Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d -+Ctrl.type = type:E -+Output = 6f3da7bb4b64ad3e1171083a62eca5e755563e639594b848243760d8 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2 -+Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01 -+Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d -+Ctrl.type = type:F -+Output = e88506aa4a4ffa33675c4a296abf91e24450a496e56f8465e9a7525c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56 -+Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143 -+Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c -+Ctrl.type = type:A -+Output = c5cbb653102d99457c33c88921b5dbe4 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56 -+Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143 -+Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c -+Ctrl.type = type:B -+Output = dd9b1c786c7f739832629f7666e4e21e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56 -+Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143 -+Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c -+Ctrl.type = type:C -+Output = c33d08d706ffac1811f157526b08086f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56 -+Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143 -+Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c -+Ctrl.type = type:D -+Output = 5750b617b71a239d99fc412796f6d986 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56 -+Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143 -+Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c -+Ctrl.type = type:E -+Output = 4c2edee4688119e17723fede94d81c141cb2dd632dde5e223fcd12c2 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56 -+Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143 -+Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c -+Ctrl.type = type:F -+Output = b48103cd81397bed3bf618b2ef30a44ea806b0ad07aa098a8a33273e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de -+Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9 -+Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba -+Ctrl.type = type:A -+Output = c8bc1d232edd620e0282af630d596a6c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de -+Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9 -+Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba -+Ctrl.type = type:B -+Output = 6a90269aab1a3e3612eec97a45db11e1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de -+Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9 -+Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba -+Ctrl.type = type:C -+Output = ebb8a6227e789d33fa072355cb2851ac -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de -+Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9 -+Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba -+Ctrl.type = type:D -+Output = 9662ff73b11bd2978ffceb7545f6054e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de -+Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9 -+Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba -+Ctrl.type = type:E -+Output = 9eb35f9a8a6155b81b8dda117f5d631cc4eddea4b4912147513bc4ec -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de -+Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9 -+Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba -+Ctrl.type = type:F -+Output = 3e137e015973e21c37a8de81cc812683d506fc35699114b31c06797e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4 -+Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3 -+Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e -+Ctrl.type = type:A -+Output = cc22a730c15abf9628f749fac9d3f935 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4 -+Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3 -+Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e -+Ctrl.type = type:B -+Output = 188c477061a597384b1d1e417dc04f7d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4 -+Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3 -+Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e -+Ctrl.type = type:C -+Output = b309760dd9f0d65c6edcdee3a3457c33 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4 -+Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3 -+Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e -+Ctrl.type = type:D -+Output = 1b8674f603a78f16fb979d6db70f6795 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4 -+Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3 -+Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e -+Ctrl.type = type:E -+Output = d881ac0cf62ecff2eb7d3c8284cfd4b95e003c435f6a3121ab0c65b0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4 -+Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3 -+Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e -+Ctrl.type = type:F -+Output = 9a7560e7976c7fb0153fc94e51a7dead3b7f8954d1efa7ed6be77858 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36 -+Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd -+Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c -+Ctrl.type = type:A -+Output = b842e2900a8c1f7d7c3fa465d46142fa -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36 -+Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd -+Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c -+Ctrl.type = type:B -+Output = 5e96f771c176fafd18d4aa0bc07dc5d5 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36 -+Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd -+Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c -+Ctrl.type = type:C -+Output = fe5fca0a03e6f8ac95ba4e882c64fb8c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36 -+Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd -+Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c -+Ctrl.type = type:D -+Output = b952b4e6f2010ebdac7ee10adb90f9ef -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36 -+Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd -+Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c -+Ctrl.type = type:E -+Output = 819db930507c1f8e1617dc74e78de9f4abb02b7089d764cb20d14c56 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36 -+Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd -+Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c -+Ctrl.type = type:F -+Output = 79be1ec6ce722e98bca50a25bbca581318b6227c9fd346d67602958f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177 -+Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308 -+Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c -+Ctrl.type = type:A -+Output = 4d40be7041ac4c74d56d53855fead94f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177 -+Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308 -+Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c -+Ctrl.type = type:B -+Output = 501781a04c919226a9e2dd6d7a880568 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177 -+Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308 -+Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c -+Ctrl.type = type:C -+Output = fe183f0e31d4bf9ebc9364e19e422385 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177 -+Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308 -+Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c -+Ctrl.type = type:D -+Output = f12c0da703e5bedb2921a0e1795eb62f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177 -+Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308 -+Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c -+Ctrl.type = type:E -+Output = 1d34b1ae23af48c25db971fe0f95c2fdb4e269ca435b90e0e22ee720 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA224 -+Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177 -+Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308 -+Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c -+Ctrl.type = type:F -+Output = b77dce4e2211c8e2b4fba841ba45d7f136323999ed9a4d306fa411a8 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e -+Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 -+Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 -+Ctrl.type = type:A -+Output = 41ff2ead1683f1e6 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e -+Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 -+Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 -+Ctrl.type = type:B -+Output = e619ecfd9edb50cd -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e -+Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 -+Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 -+Ctrl.type = type:C -+Output = 4a6314d2f7511bf88fad39fb6892f3f218cafd530e72fe43 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e -+Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 -+Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 -+Ctrl.type = type:D -+Output = 084c15fb7f99c65ff134eeb407cee5d540c341dea45a42a5 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e -+Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 -+Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 -+Ctrl.type = type:E -+Output = 41ec5a94fecce7707ea156a6ad29239a891621adacbedb8be70675008d6f9274 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e -+Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 -+Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 -+Ctrl.type = type:F -+Output = 47d3c20aba60981e47b30533623613ff1cacbcf1642fb4ad86ee712f2aed9af8 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f -+Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006 -+Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed -+Ctrl.type = type:A -+Output = 99bae6531508705f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f -+Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006 -+Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed -+Ctrl.type = type:B -+Output = f25786f02f199737 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f -+Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006 -+Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed -+Ctrl.type = type:C -+Output = 97621bf882266f905da78cf193fc31f642acbb60957c41b7 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f -+Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006 -+Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed -+Ctrl.type = type:D -+Output = ad98a86a2386280912efea50f790e800a7758f7dade5d77e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f -+Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006 -+Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed -+Ctrl.type = type:E -+Output = f92d052d3cdf34dfc69bc60a489c3a3553f4356596c191931d08fa20551273b3 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f -+Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006 -+Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed -+Ctrl.type = type:F -+Output = 147a771445123f846d8ae514d7ff9b3c93b2bceb7c7c9500942161b8e2d0110f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0 -+Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3 -+Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655 -+Ctrl.type = type:A -+Output = 93da642974d71e52 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0 -+Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3 -+Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655 -+Ctrl.type = type:B -+Output = df2035ad67457151 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0 -+Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3 -+Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655 -+Ctrl.type = type:C -+Output = 42067bb0535da6701232a0f39ac7f436535af346c4786af5 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0 -+Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3 -+Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655 -+Ctrl.type = type:D -+Output = 08a0181a6c373d39540409dafb1b4e2359bc249af33bcfe0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0 -+Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3 -+Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655 -+Ctrl.type = type:E -+Output = c043b5aece7cd2685c6dfb3788d7a562d6622d20f6d7e07b38aeb47c649dd99c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0 -+Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3 -+Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655 -+Ctrl.type = type:F -+Output = cbe67a93ac758d9f2a6ff580bad5a44bb1a1062c9e20d5c974decb7aa2b0faa0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c -+Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647 -+Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4 -+Ctrl.type = type:A -+Output = 320e807fab2b10f0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c -+Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647 -+Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4 -+Ctrl.type = type:B -+Output = 7b8f91be4dcd59b1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c -+Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647 -+Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4 -+Ctrl.type = type:C -+Output = dec6e67a94b3ddfcd32a24d6026c6951d00b6f4402d32c1a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c -+Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647 -+Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4 -+Ctrl.type = type:D -+Output = 2ef3cea4588ad928ac3e8874f3e1f613f2d50787495acc32 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c -+Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647 -+Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4 -+Ctrl.type = type:E -+Output = 72f93537328eebeec1b5ca88fedb41bf4d9c6279e4fe8d13c38da72a39739ed8 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c -+Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647 -+Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4 -+Ctrl.type = type:F -+Output = 55dcf2c322b9c94686edbf9314d7c93bd9651e2ebc64f1a299d7176577d65b32 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62 -+Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81 -+Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e -+Ctrl.type = type:A -+Output = f4dbc41aa23e1621 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62 -+Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81 -+Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e -+Ctrl.type = type:B -+Output = e53b40c511180817 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62 -+Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81 -+Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e -+Ctrl.type = type:C -+Output = 70fed9412989cf5de908ad429cb92065fd5ccc081477abba -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62 -+Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81 -+Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e -+Ctrl.type = type:D -+Output = 3afdb0b4b4bc13e8731bb92e541b7d82a0b20d8878ce184b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62 -+Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81 -+Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e -+Ctrl.type = type:E -+Output = 59937f257aeef0806038543ced541990e5c2243881818edf2c522a54b64e9e93 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62 -+Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81 -+Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e -+Ctrl.type = type:F -+Output = 187532105293274b841918e3ab51f5dd0453d4331e85f4e06b775dbce4979cdd -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2 -+Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864 -+Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323 -+Ctrl.type = type:A -+Output = 3cc220d5bb9b5346 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2 -+Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864 -+Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323 -+Ctrl.type = type:B -+Output = 051e3c79aede7e41 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2 -+Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864 -+Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323 -+Ctrl.type = type:C -+Output = 44c2b4725965ee9a2bce58d38e2e9a778263c415b21a25be -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2 -+Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864 -+Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323 -+Ctrl.type = type:D -+Output = d5de7a801956b934d820f9aa51bf1dae2a7aec7ce5ce4e50 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2 -+Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864 -+Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323 -+Ctrl.type = type:E -+Output = 7d2039a6505e3220535fde0ff71464f3971580f50711356760b225fc3053fc19 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2 -+Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864 -+Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323 -+Ctrl.type = type:F -+Output = b0972348a031ef2e87d42611e53cf0c4782d759ecdcc1390318eb11e1925ac35 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285 -+Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517 -+Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506 -+Ctrl.type = type:A -+Output = cdb047beecd92d84 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285 -+Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517 -+Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506 -+Ctrl.type = type:B -+Output = ef378e894d8f675e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285 -+Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517 -+Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506 -+Ctrl.type = type:C -+Output = 23ee42a437801e87348b3999bde76147a8731e318db57752 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285 -+Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517 -+Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506 -+Ctrl.type = type:D -+Output = a3f50e3d14498f15e1f111cc929648011d6abfb58e90df1c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285 -+Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517 -+Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506 -+Ctrl.type = type:E -+Output = fb6a020561e46e521344cb671a50175afd63ded91eedaa1b2879c3a63761674d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285 -+Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517 -+Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506 -+Ctrl.type = type:F -+Output = 567a79e7c4b10d62a420ce2ea740661c08d9459ed636ecb4edebcedb17b0baba -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96 -+Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df -+Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91 -+Ctrl.type = type:A -+Output = 1f9e7ad5592ac73d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96 -+Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df -+Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91 -+Ctrl.type = type:B -+Output = 15b254fe3510dd77 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96 -+Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df -+Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91 -+Ctrl.type = type:C -+Output = 88eadd5802e1a748284684438eb1b1bdc9b20ea30c59950d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96 -+Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df -+Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91 -+Ctrl.type = type:D -+Output = 277c2c4ad3d4a3bec4bdc5329bb5f9d4e39aa06b1e115e77 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96 -+Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df -+Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91 -+Ctrl.type = type:E -+Output = 090d2f273a690ed1d67dd9919c34385b18a661f8657b84bef6832f2396771979 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96 -+Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df -+Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91 -+Ctrl.type = type:F -+Output = 1f3082fa5ac8ec565595c4c5b8a7ddbba88ed4936fca913bba6a8715dc856f30 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6 -+Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1 -+Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2 -+Ctrl.type = type:A -+Output = 3aa08d67c81310b7 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6 -+Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1 -+Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2 -+Ctrl.type = type:B -+Output = cf46596878a17a87 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6 -+Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1 -+Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2 -+Ctrl.type = type:C -+Output = 871db438b8b33c2102ddab0c1f7be51ee4c2cbdf52a01a58 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6 -+Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1 -+Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2 -+Ctrl.type = type:D -+Output = 04ac13599b84c22be0f1e5f7b96def31598e6ad36be412e8 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6 -+Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1 -+Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2 -+Ctrl.type = type:E -+Output = f00c83a8afb5d1793749d4aae825b80e67ccd7f67e08f572222ccf42126ea2f0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6 -+Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1 -+Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2 -+Ctrl.type = type:F -+Output = df0570749d67136095b0dda6d461676b7eeb9a386f126306d436cab16dfd1b3c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071 -+Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f -+Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4 -+Ctrl.type = type:A -+Output = fad800cbf8975a01 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071 -+Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f -+Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4 -+Ctrl.type = type:B -+Output = 679a118bda1f15a9 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071 -+Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f -+Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4 -+Ctrl.type = type:C -+Output = 5193e9b3b10b7939b79b967b98e6cf3396758eaf8263edf2 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071 -+Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f -+Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4 -+Ctrl.type = type:D -+Output = 3f5de8bec6d737836d3a91480ac76c19d0a90bc146f02d5c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071 -+Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f -+Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4 -+Ctrl.type = type:E -+Output = ce7be4fffd0ffd09ff45889d10c7be0edf922422d01cb71b737c6149bb1a2d05 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071 -+Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f -+Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4 -+Ctrl.type = type:F -+Output = 60f413c9bcc42dcf0acc53d513dd8bc703f7e5d668f4e043f13028dcf40880b2 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222 -+Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d -+Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d -+Ctrl.type = type:A -+Output = 81f0330ef6f05361b3823bfded6e1de9 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222 -+Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d -+Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d -+Ctrl.type = type:B -+Output = 3f6fd2065eeb2b0b1d93195a1fed48a5 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222 -+Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d -+Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d -+Ctrl.type = type:C -+Output = c35471034e6fd6547613178e23435f21 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222 -+Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d -+Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d -+Ctrl.type = type:D -+Output = 7e9d79032090d99f98b015634dd9f462 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222 -+Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d -+Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d -+Ctrl.type = type:E -+Output = 24ee559ad7ce712b685d0b2271e443c17ab1d1dceb5a360569d25d5dc243002f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222 -+Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d -+Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d -+Ctrl.type = type:F -+Output = c3419c2b966235869d714ba5ac48ddb7d9e35c8c19aac73422337a373453607e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3 -+Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2 -+Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc -+Ctrl.type = type:A -+Output = 36730bae8de5cb98898d6b4a00b37058 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3 -+Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2 -+Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc -+Ctrl.type = type:B -+Output = 5dfe446a83f40e8358d28cb97df8f340 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3 -+Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2 -+Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc -+Ctrl.type = type:C -+Output = 495b7afed0872b761437728e9e94e2b8 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3 -+Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2 -+Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc -+Ctrl.type = type:D -+Output = c1474b3925bec36f0b7f6cc698e949c8 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3 -+Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2 -+Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc -+Ctrl.type = type:E -+Output = b730f8df6a0697645be261169486c32a11612229276cbac5d8b3669afb2e4262 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3 -+Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2 -+Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc -+Ctrl.type = type:F -+Output = 14a5ea98245fb058978b82a3cb092b1cca7ce0109a4f98c16e1529579d58b819 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc -+Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462 -+Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410 -+Ctrl.type = type:A -+Output = 32d20a3f5e92b20fe100f4f41a1ad53c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc -+Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462 -+Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410 -+Ctrl.type = type:B -+Output = c3a3ff57f99187ba011fd422100af577 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc -+Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462 -+Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410 -+Ctrl.type = type:C -+Output = 8517903c49d5a59ad8ef7cd8591c6b5e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc -+Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462 -+Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410 -+Ctrl.type = type:D -+Output = a5ad201101a617f1cd5b3a2baa3b27f7 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc -+Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462 -+Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410 -+Ctrl.type = type:E -+Output = 16747a23fddd72f785c5d61dfb81a5a38555f5d8ff1dc5ae4fb423b82adfe05b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc -+Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462 -+Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410 -+Ctrl.type = type:F -+Output = b1b1bba896b0fd75a90187eae6cdf744d23884caa5f4ca979ced327ca1239771 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528 -+Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20 -+Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d -+Ctrl.type = type:A -+Output = b5c636c93e002f1fac0b78eb423d92cf -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528 -+Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20 -+Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d -+Ctrl.type = type:B -+Output = 64d82bef35e924abf030fe42cda10e81 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528 -+Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20 -+Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d -+Ctrl.type = type:C -+Output = 76a1b8b85d0ea49c68f30d7448155901 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528 -+Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20 -+Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d -+Ctrl.type = type:D -+Output = f136e09324b1ef12b92bf35d5b3dd8e2 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528 -+Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20 -+Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d -+Ctrl.type = type:E -+Output = 77abc45165b126f9127d59fbe655140cd3f768cd0498c29aa69cb5d65f7b0d50 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528 -+Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20 -+Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d -+Ctrl.type = type:F -+Output = d43f93faf692f59bc96fd480fb336033c94ee237ceece69691ffaa64bdd7fcc1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7 -+Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0 -+Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228 -+Ctrl.type = type:A -+Output = 3b3c4416d3121a6838dd3f94a84b6ec6 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7 -+Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0 -+Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228 -+Ctrl.type = type:B -+Output = e0af22a9184e5cea74f3e90faf5212ba -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7 -+Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0 -+Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228 -+Ctrl.type = type:C -+Output = a3a7a9e48cc09a927e2d6eddd7647368 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7 -+Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0 -+Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228 -+Ctrl.type = type:D -+Output = b9411d2870e885e223a6b414ae6ac813 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7 -+Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0 -+Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228 -+Ctrl.type = type:E -+Output = 7f11812c28229fd8e39367b8885045313fea6322f22a69b6436caa4fb6c2d915 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7 -+Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0 -+Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228 -+Ctrl.type = type:F -+Output = 4fc39e2a1e7038f2664a48986e8227c213e577eafea082f46cb08d087e642fe4 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b -+Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23 -+Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725 -+Ctrl.type = type:A -+Output = b71bd280b230b6fb9b326a3544ab9c90 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b -+Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23 -+Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725 -+Ctrl.type = type:B -+Output = ca38c1b5940e1417fb8caa6ab6deaf18 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b -+Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23 -+Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725 -+Ctrl.type = type:C -+Output = 5d02347e16760101a3689bf0087ed947 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b -+Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23 -+Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725 -+Ctrl.type = type:D -+Output = 2fb5e0eb5552f7e26ad9651bd22f1666 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b -+Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23 -+Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725 -+Ctrl.type = type:E -+Output = b7b7c4292a73e7d378284b12b318e0cd3ad714904b4ef9c83d44ee06ff49b1e1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b -+Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23 -+Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725 -+Ctrl.type = type:F -+Output = c9884e71b158f2255fb204733e888bc5b2ee38a5493de9d0ef6700949159ac6a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc -+Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764 -+Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a -+Ctrl.type = type:A -+Output = 88af3bdb49bd8e9d24489efc95dea1c1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc -+Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764 -+Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a -+Ctrl.type = type:B -+Output = 5cf41e1d43f797c16a30e070f2f37dd4 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc -+Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764 -+Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a -+Ctrl.type = type:C -+Output = 7cc48e0f8b4bdd63f76e41ba411d7f37 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc -+Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764 -+Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a -+Ctrl.type = type:D -+Output = 37d942416267be06cd1ff9498dcf1e6e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc -+Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764 -+Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a -+Ctrl.type = type:E -+Output = c3c8b48e228a3a671ae8c48aa4e4f1fe32c1ad4d5ae48c904836d13e7350f72e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc -+Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764 -+Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a -+Ctrl.type = type:F -+Output = 605f7d3b3f28a8967402ba67ff916a61b0a4e9b736665c5e911fb33f60dc16fe -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2 -+Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943 -+Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46 -+Ctrl.type = type:A -+Output = 7b91adc6eb48a6f82a8990efd2537903 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2 -+Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943 -+Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46 -+Ctrl.type = type:B -+Output = 814c8fb54a535b38d4c2301aa49ad702 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2 -+Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943 -+Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46 -+Ctrl.type = type:C -+Output = 3ec64c8571c7c7f39a9f37c0e1053324 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2 -+Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943 -+Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46 -+Ctrl.type = type:D -+Output = 846d40dc45123f2710e27bd3140070c8 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2 -+Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943 -+Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46 -+Ctrl.type = type:E -+Output = c2199b9bd701c2f4ee82a145adc28f3e8fac0af8dd43cb7f3da173681bcad2e0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2 -+Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943 -+Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46 -+Ctrl.type = type:F -+Output = 49f5fb8862a4f01900f9f76d6146f181483428beadb000d4f5097adf59c5eb99 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad -+Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98 -+Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2 -+Ctrl.type = type:A -+Output = 50afb2f3b8a3bc466b3a68f04da0d56c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad -+Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98 -+Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2 -+Ctrl.type = type:B -+Output = b8672a8cc59ee1316fb9a2c0a82ffd73 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad -+Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98 -+Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2 -+Ctrl.type = type:C -+Output = d854cbdb8f7544b796f982e4973d4de9 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad -+Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98 -+Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2 -+Ctrl.type = type:D -+Output = bd6bde82c451ee39069d0794f7000f38 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad -+Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98 -+Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2 -+Ctrl.type = type:E -+Output = 270794ec70fcd9d742aad66c54001b4c218ae8cca813453560a9aeaacc6909ec -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad -+Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98 -+Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2 -+Ctrl.type = type:F -+Output = e967df7571a0eb82f59ddfead22c617beeefa25ce4afd80ac8320bc2635c70d0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235 -+Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2 -+Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9 -+Ctrl.type = type:A -+Output = ebb3d10f461d8697a064461822f34507 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235 -+Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2 -+Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9 -+Ctrl.type = type:B -+Output = bb95f9cbed695529fd7977281332100b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235 -+Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2 -+Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9 -+Ctrl.type = type:C -+Output = da1318a6a34224cc86c9afa41991db4b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235 -+Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2 -+Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9 -+Ctrl.type = type:D -+Output = 091f8fa87a01c5768de8d663ba8bf9d7 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235 -+Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2 -+Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9 -+Ctrl.type = type:E -+Output = cc09127a759000f3bd9724fbf5285cd680ee323ffc19cf2f495403f896587317 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA256 -+Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235 -+Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2 -+Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9 -+Ctrl.type = type:F -+Output = a3ceddafc49f7c0131ce2965945c3892be6605b465877bc0637685612ede242b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24 -+Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a -+Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a -+Ctrl.type = type:A -+Output = d31c16f67b17bc69 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24 -+Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a -+Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a -+Ctrl.type = type:B -+Output = 675340f27269e7ae -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24 -+Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a -+Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a -+Ctrl.type = type:C -+Output = 2ffed577a90d29872ea59f3782c3b406908d7394ff63c9d7 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24 -+Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a -+Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a -+Ctrl.type = type:D -+Output = fae751987c1fa8665e4387e410297db58ff69b260a8fe85f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24 -+Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a -+Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a -+Ctrl.type = type:E -+Output = ff2db5975edf3824325b257455791869434c6af47fb0c8145253c2695abfd2b8c980565ad20e6b9313ba44ee488bafb0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24 -+Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a -+Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a -+Ctrl.type = type:F -+Output = 85a9463cd653c7619d4dc85006406d6ed3364220419ca13810301be0f0389d932ddeaebb0e504a0849e2e73a7d087db2 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b -+Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e -+Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563 -+Ctrl.type = type:A -+Output = 93323451441b761f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b -+Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e -+Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563 -+Ctrl.type = type:B -+Output = 3dbfdc2364807ecc -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b -+Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e -+Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563 -+Ctrl.type = type:C -+Output = c699e3488f825fb24c5e2adc699ec83a5d8fce339fa0e9b0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b -+Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e -+Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563 -+Ctrl.type = type:D -+Output = a250b13da0716f2d4440cc4cac01a2d591002ebfaada9758 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b -+Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e -+Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563 -+Ctrl.type = type:E -+Output = 76966a1b7d5f250eea3696077a373b9421e8294dd7cb0aedd172cf9c6879ef34c9deb9c208f11c5d4b6fd713b576894d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b -+Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e -+Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563 -+Ctrl.type = type:F -+Output = 28a66e21fe7f8a070fe40ecf68a64f2a35a46b84ac38810902639906611053832179d5c07a8422993496059af67f585f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a -+Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411 -+Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1 -+Ctrl.type = type:A -+Output = b0db344b1e2e98d3 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a -+Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411 -+Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1 -+Ctrl.type = type:B -+Output = 29fcd6a7d317f527 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a -+Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411 -+Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1 -+Ctrl.type = type:C -+Output = 156f9d4c58d7783959e785af3fefb133662009b93891bff7 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a -+Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411 -+Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1 -+Ctrl.type = type:D -+Output = c4bc4471e2c7f04dbef9100977e222f4156a7118a122f6cd -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a -+Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411 -+Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1 -+Ctrl.type = type:E -+Output = 5878fdbf693638430e31b287ad8cfab560d952d7a828167bd0454e0c8aa14274c7c0c1921a31575f77fd80144e6d2999 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a -+Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411 -+Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1 -+Ctrl.type = type:F -+Output = 1fdb34ae9d2f12363350dd5aeefe728066500a083668ac2d48af671d7651a67acdf9b7a0581b922e67278d53f0b2fb17 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39 -+Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917 -+Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e -+Ctrl.type = type:A -+Output = c828150149eb433a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39 -+Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917 -+Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e -+Ctrl.type = type:B -+Output = 45636e088875de58 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39 -+Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917 -+Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e -+Ctrl.type = type:C -+Output = 75da9408e65f61dac9dafa496675214b0d84b0e66feb68fe -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39 -+Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917 -+Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e -+Ctrl.type = type:D -+Output = cb7897fdeb2c235be5812d1959cb55907ff02a9cf6c76c17 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39 -+Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917 -+Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e -+Ctrl.type = type:E -+Output = 13a8062561c28c1bc678a019b22da95aa462f82cfff6268876ffe2fddc86536fa4d19bdc15d90c1cff4d37e69f1fc021 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39 -+Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917 -+Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e -+Ctrl.type = type:F -+Output = 69437ec44d764caeb89faebf7b8577b433677abcb0c58f166a5e5724a4eb293d335004d412c983d4c7aca4df1b8328fd -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100 -+Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b -+Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a -+Ctrl.type = type:A -+Output = b669e05aa9706468 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100 -+Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b -+Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a -+Ctrl.type = type:B -+Output = 57f943111ca01b15 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100 -+Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b -+Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a -+Ctrl.type = type:C -+Output = e9aa354b6b85f357d6f982fcc18a6ca797bd7a125e786f8a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100 -+Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b -+Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a -+Ctrl.type = type:D -+Output = 199d2b244689bfc4f807f225a7130a069c8a181f5b20d32a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100 -+Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b -+Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a -+Ctrl.type = type:E -+Output = 69b55cc82d0429979a3832a3be35483596ff1d26a0c1a62944695764f0eb85c3467528be225db2f516e79f23c0c7c23c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100 -+Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b -+Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a -+Ctrl.type = type:F -+Output = 6e06df643269751dfc9c8decefe466e1ab2ab99466661aa6f0dfab223c3b9bebcaed4c19cbc4109dfacda81cc8f902eb -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3 -+Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037 -+Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b -+Ctrl.type = type:A -+Output = b2ada53484907db5 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3 -+Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037 -+Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b -+Ctrl.type = type:B -+Output = 89224486fcb33030 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3 -+Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037 -+Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b -+Ctrl.type = type:C -+Output = 38ccc00303d5aaf748f3c11d986b99f9bf36049a6f7ea92f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3 -+Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037 -+Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b -+Ctrl.type = type:D -+Output = f8a7a4b2e1d28c6a38e120a2cb876ed49f454ea2aabc3a99 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3 -+Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037 -+Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b -+Ctrl.type = type:E -+Output = 9f42ab15d0b041019960ff6a5a12e209c427dc334434126399fb8850ec8feda957b74f1976b4c8a97906d7d64c5c2a83 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3 -+Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037 -+Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b -+Ctrl.type = type:F -+Output = d383bedd3b80ddc470db9b819893e85dfab9e359e40bc77576e23ed8c5e73beecefb511ccdf1eb66416c271be5f90199 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622 -+Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372 -+Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752 -+Ctrl.type = type:A -+Output = bac9e6c9553bba95 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622 -+Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372 -+Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752 -+Ctrl.type = type:B -+Output = f29bdc017028a9ca -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622 -+Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372 -+Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752 -+Ctrl.type = type:C -+Output = 840f7e966d633f57bf6cfb3e6aa6bb1435bbea5822c9db0c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622 -+Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372 -+Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752 -+Ctrl.type = type:D -+Output = f78b485e49bf72584e45de78fbd75392e3e0b1ce2a57e7a3 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622 -+Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372 -+Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752 -+Ctrl.type = type:E -+Output = 9dcadff513667aee5e2fda86c4a198db4252a9311635d3659db957570e448f3689444dd3e10d6097a07dba923db349ba -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622 -+Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372 -+Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752 -+Ctrl.type = type:F -+Output = 5e7915ea90a0d81e3c2ada00c85890b6defbb64f45ac4f0e75b22cf6187978e630f356207c97362862389a1ef99fb51a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd -+Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e -+Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35 -+Ctrl.type = type:A -+Output = 11811427eaa92d61 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd -+Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e -+Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35 -+Ctrl.type = type:B -+Output = c13f22e0bd66a551 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd -+Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e -+Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35 -+Ctrl.type = type:C -+Output = 2b9c9c8ecae95d75472495363ca2d46dc79babdb2e0fda40 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd -+Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e -+Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35 -+Ctrl.type = type:D -+Output = f466d9b9871c1482c699a5d9f8636a041adb60920c6af855 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd -+Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e -+Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35 -+Ctrl.type = type:E -+Output = 1ecda0252461bd08960c54ba7c570e80715780e5e99ca0f754a3d451409ed2df928daab91ed6b4044fcc68bd5f907c96 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd -+Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e -+Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35 -+Ctrl.type = type:F -+Output = 202e4e3dda18306c7fa518ea849cf3a4788dbc5305f71267ba69fe8920d3b18d9fc59853a4d03b18480269698e24c190 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776 -+Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60 -+Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896 -+Ctrl.type = type:A -+Output = 86183fd862bf42af -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776 -+Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60 -+Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896 -+Ctrl.type = type:B -+Output = 04e146b085c71253 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776 -+Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60 -+Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896 -+Ctrl.type = type:C -+Output = c4364d4e0e38fe4c5fc2b2a3ad42e49a57106ffa962f4c5e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776 -+Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60 -+Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896 -+Ctrl.type = type:D -+Output = b9d1549032bf336c8708f13d8f5d281d696b8bddc296e709 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776 -+Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60 -+Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896 -+Ctrl.type = type:E -+Output = c7ee72c40b26fce673ff23edea3265dfeb7b7f6fd66362bbc91548fac1819a08682c65c7d69d5e54e1c48b05e7233adc -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776 -+Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60 -+Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896 -+Ctrl.type = type:F -+Output = 8b52078a6d45dfaa051193da8f9c8a18bfd0c058e7be145d0c4b5b677eec54a01f9e2a20c997e9c0a1ede9576800cfe5 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0 -+Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83 -+Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7 -+Ctrl.type = type:A -+Output = 54f4be4a33dfa102 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0 -+Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83 -+Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7 -+Ctrl.type = type:B -+Output = bbb084483803aab4 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0 -+Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83 -+Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7 -+Ctrl.type = type:C -+Output = 466a038b3a5c0d72cf19cf33e5a551437933dad54bfed655 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0 -+Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83 -+Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7 -+Ctrl.type = type:D -+Output = 44e09698e473edc642256e99bfbfbeab1db3e254d64a3ab7 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0 -+Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83 -+Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7 -+Ctrl.type = type:E -+Output = 8e35d767e738c4282ec1925ba5d59dad723b7220c10ae8b69c9eb3da124ac1bea8195f5ecc1c3b03953938cd1e0e190b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0 -+Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83 -+Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7 -+Ctrl.type = type:F -+Output = 63e5c62c4e6f2700bfa5927ca2e730101c12a684808ddd6cf5f9da2bad3b49ba3d05d4f88a3a91f341ad2b63952e7db0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a -+Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e -+Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e -+Ctrl.type = type:A -+Output = e46fdb8c912658c34b7d509f6acc1111 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a -+Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e -+Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e -+Ctrl.type = type:B -+Output = 959c339aaff2e2ed46da46c5286ddf3b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a -+Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e -+Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e -+Ctrl.type = type:C -+Output = a1cb0f9c7349d6443494df14b4bd9aad -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a -+Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e -+Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e -+Ctrl.type = type:D -+Output = cdcd2c2ccbda238e184058b76757ed5d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a -+Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e -+Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e -+Ctrl.type = type:E -+Output = 026ae927b4a5b63a513c02faac55534dae5c219779f08e239f67df78c52be743aab628607e5a103127450ea51833eb84 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a -+Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e -+Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e -+Ctrl.type = type:F -+Output = 759fd6bd386f4825e644521edfce4187a7104ea7380f2c6c5e283f205c7c025be46c5ee73bc54a956f268c2031026bf6 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db -+Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134 -+Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422 -+Ctrl.type = type:A -+Output = a433ac21ceda36a9d98abec722b2a5e7 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db -+Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134 -+Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422 -+Ctrl.type = type:B -+Output = ed580c2c7890d5f3da87870d71d96300 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db -+Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134 -+Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422 -+Ctrl.type = type:C -+Output = b310304108476a31154febce2bfcf44e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db -+Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134 -+Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422 -+Ctrl.type = type:D -+Output = 63d729b0e32d9d7efe7efdc6111489b7 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db -+Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134 -+Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422 -+Ctrl.type = type:E -+Output = 7443a278e0c47e4004ba1c534dfa5c460670d2dd4459a6dc7251664da187f633208f6c06470f6aed6148820187f35a25 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db -+Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134 -+Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422 -+Ctrl.type = type:F -+Output = 37500b699935ab38b9185018d3676f221dcd6643ba4cf3dccf8ede7ba2f0513c27ad2324158ae98df4e7fb52ffb96526 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e -+Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a -+Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd -+Ctrl.type = type:A -+Output = 8ad38b03467ef0cac638f93b156e1c05 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e -+Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a -+Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd -+Ctrl.type = type:B -+Output = c9a867164cad7619621c2390039db88f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e -+Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a -+Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd -+Ctrl.type = type:C -+Output = 28d6e6a69e686b3b2ca02c7595b6a565 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e -+Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a -+Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd -+Ctrl.type = type:D -+Output = a3486f9014731b15530dba7498d4b2ff -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e -+Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a -+Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd -+Ctrl.type = type:E -+Output = 9640b7d6c1351a44dcd430f9728083949adbd8f3c47f1c7358b41d99730f0eeef9f8634cc99207b8d998c8aeb0085e4c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e -+Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a -+Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd -+Ctrl.type = type:F -+Output = cef923f7cbc47534d9a6da613eea02117b19800995f66df9e49291203ad15e5d29cc08df86200bf09ca091b37cc45432 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b -+Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99 -+Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2 -+Ctrl.type = type:A -+Output = 1e2fd838058e4569de0699e57eb9bb30 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b -+Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99 -+Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2 -+Ctrl.type = type:B -+Output = d338052b2288e99bfdd16b5df26e3d3c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b -+Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99 -+Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2 -+Ctrl.type = type:C -+Output = 020c58037db045fc2a20a9b12e34205d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b -+Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99 -+Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2 -+Ctrl.type = type:D -+Output = b1e7b4361aaea7f9656151723c21b9a2 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b -+Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99 -+Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2 -+Ctrl.type = type:E -+Output = 67d80666ba420d07153530859fed5a3a2f4b6decd37575714d4826f41a96a1638b89399cdd752af7f6ffd3db0214f0c1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b -+Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99 -+Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2 -+Ctrl.type = type:F -+Output = c3fb2ab670e39885cbb98a4609d69a90afd37d383512ad222d63c9c6f1009e2a42065a232ab5b39f55247f8bf9e6ab2c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94 -+Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8 -+Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03 -+Ctrl.type = type:A -+Output = 6e9bb7681d56457fd93aea6d40860dd9 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94 -+Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8 -+Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03 -+Ctrl.type = type:B -+Output = 5d19ce6c6b16c5f2179753a7abdff3e4 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94 -+Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8 -+Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03 -+Ctrl.type = type:C -+Output = c550416e8ea0608a09051cfffe0494e7 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94 -+Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8 -+Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03 -+Ctrl.type = type:D -+Output = 33c9f3f03de395cef067684cb5b95200 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94 -+Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8 -+Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03 -+Ctrl.type = type:E -+Output = 99071b0615bdec08d040e731828028fac9a16d367b86d2d1302b607cd39ac9678ae7f9f87eb619fe2ba75d54da3b07d1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94 -+Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8 -+Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03 -+Ctrl.type = type:F -+Output = a11fc539c46d9314645e1f7517e19794a6ba4bf7d7d5a6f71bcb4621bfdedeae3bbcaa62fb638d994d1f21d14f5777d7 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df -+Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044 -+Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063 -+Ctrl.type = type:A -+Output = 876692595fbf1239e03b1eb28890cedf -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df -+Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044 -+Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063 -+Ctrl.type = type:B -+Output = 438afd7eae8454675ed5964122fcbb9e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df -+Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044 -+Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063 -+Ctrl.type = type:C -+Output = b9cc0e2718c5853e0aebb43409fcaaef -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df -+Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044 -+Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063 -+Ctrl.type = type:D -+Output = 8def9f93e633ac2d28a7c5b76567a4cb -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df -+Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044 -+Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063 -+Ctrl.type = type:E -+Output = 3d80ed20f0703857154bda8531b12b96cf73aedfc662df6faf277321be6e38c904bfbd5f9206607684ac331dfc92bbbb -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df -+Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044 -+Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063 -+Ctrl.type = type:F -+Output = 736e77ad5a8fac835795ab08522d834e34a4cbc48439db2845cb1d8636a4dcfd49a7ac5413713a8177c277eead96a0ff -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91 -+Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9 -+Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393 -+Ctrl.type = type:A -+Output = c84a4fcd4ade28805b032174428a6f27 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91 -+Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9 -+Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393 -+Ctrl.type = type:B -+Output = 27b0de69f3bc7d79d2f6b54101f3e10f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91 -+Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9 -+Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393 -+Ctrl.type = type:C -+Output = 3200c39e6ed260f4f345cbd0c88cac1a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91 -+Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9 -+Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393 -+Ctrl.type = type:D -+Output = 7b9e506a1baede9b80dff09253a9ab88 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91 -+Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9 -+Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393 -+Ctrl.type = type:E -+Output = 3c860ae21a5dab865eb560ed9ddf51775d3b6603e4e06285cf5e9273115a77d8d5ddfb977fd21c0a70c35798a5ef596e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91 -+Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9 -+Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393 -+Ctrl.type = type:F -+Output = c53cfa0836ac21bb13c58ed15ddf593e8e01c7437587112ba013058d411d262d87a5e56c098b69146d9019803206ef91 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6 -+Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc -+Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4 -+Ctrl.type = type:A -+Output = e34b595f755ff42a33126d8efabe1ec0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6 -+Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc -+Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4 -+Ctrl.type = type:B -+Output = a873f52aa3b91a8dd019be8358c04de6 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6 -+Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc -+Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4 -+Ctrl.type = type:C -+Output = fce5c490a769fbd4aa31b0f5c7aad86b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6 -+Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc -+Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4 -+Ctrl.type = type:D -+Output = d36a9b7d2c63675d2b250d5a97b0e628 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6 -+Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc -+Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4 -+Ctrl.type = type:E -+Output = 92c8f89f84575cebb9c37be3a488d0b0312a12d9253dbada7db1318f5a193d4f8f75a212a75c1123bca89d5de43cbf08 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6 -+Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc -+Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4 -+Ctrl.type = type:F -+Output = 16dcf1bd1aa4d5d6edc2d2b23792872f53767d6b2589e4700469a9bbbbb659c1c8716393fe1ed717833f491cd32d874b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa -+Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626 -+Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719 -+Ctrl.type = type:A -+Output = bbdc47242c877cc70585a5d9f0b8067d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa -+Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626 -+Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719 -+Ctrl.type = type:B -+Output = 6dcc6458af049a81a6d3139c2725f67d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa -+Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626 -+Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719 -+Ctrl.type = type:C -+Output = f788d0b9ea5373031d44972fad39d8e6 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa -+Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626 -+Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719 -+Ctrl.type = type:D -+Output = e939b1367ea35c67ea990988c3c0c474 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa -+Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626 -+Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719 -+Ctrl.type = type:E -+Output = 069629f693b4d291ea6f16355eb4c57eef7824217d22651af095aadac27a789314fee4e86efa9bc63085a8ebfc606548 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa -+Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626 -+Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719 -+Ctrl.type = type:F -+Output = 731107905e3b9b36ba3dca504b35f1a51e75e2a3ee2595ade882c21410d439ec1ec31fbc62e64362a5fddc0f39e76da0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19 -+Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93 -+Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc -+Ctrl.type = type:A -+Output = 8e1af4ce3b9aa9f1e7493775f8846ac0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19 -+Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93 -+Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc -+Ctrl.type = type:B -+Output = 1796cee0aeb39eb1fbbaeaf15d600832 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19 -+Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93 -+Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc -+Ctrl.type = type:C -+Output = 7a7485045a2f8cc86f82c8486f8e9f59 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19 -+Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93 -+Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc -+Ctrl.type = type:D -+Output = 00a9d893e8c14aa3a316163d50d83378 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19 -+Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93 -+Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc -+Ctrl.type = type:E -+Output = 46133b1cbab3e04043a1b336db99575183d5be76f9d56556493a8d4a8da37a020ae379ff2d470a99ca7e9d2b1cf85cb4 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA384 -+Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19 -+Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93 -+Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc -+Ctrl.type = type:F -+Output = 9221abcc3db5a557cca60408e65528e937cc3673b548c350924cd9e6387de526f5cb35a0bbe4020c47318b59d1a0527d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd -+Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf -+Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf -+Ctrl.type = type:A -+Output = 0e2693ade0524af8 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd -+Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf -+Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf -+Ctrl.type = type:B -+Output = b13144de02295bb8 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd -+Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf -+Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf -+Ctrl.type = type:C -+Output = 7e4a721fb7379ebb423306464d57db46afa3cca10a1d7feb -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd -+Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf -+Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf -+Ctrl.type = type:D -+Output = bb84123b1fac400e0df4767d78d011427e1edd4d4c934b95 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd -+Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf -+Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf -+Ctrl.type = type:E -+Output = 00fb0a45c650dd9c95666b0c7fcea8c98f0562f61b862054ee400aec875dbbc2bdef4806c09217709a5050569312efe3af513e7aa733c72457abe1607ac01c13 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd -+Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf -+Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf -+Ctrl.type = type:F -+Output = 70a8005e711fb96dea5991cb68831b9e86005821b45ceaf958c13d5c87cbd2953d0877c267796edf8c7fb3d768bb26b74e542f40bf9ac9f6a9d217077e85f511 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327 -+Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159 -+Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988 -+Ctrl.type = type:A -+Output = c75c77791f7b67c2 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327 -+Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159 -+Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988 -+Ctrl.type = type:B -+Output = dae1e8bfab1b4b7e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327 -+Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159 -+Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988 -+Ctrl.type = type:C -+Output = 0e79f5b685ebe77ae6d62c344a5dd0f53502523a28e2b408 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327 -+Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159 -+Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988 -+Ctrl.type = type:D -+Output = c5ec1aae5d26c2c5fe769576eb1b75c53d3dc67d452dca1c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327 -+Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159 -+Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988 -+Ctrl.type = type:E -+Output = 6bc4e5d6049c69a8ffbf93c7617b6a168bd0f14d71471d199b81729250117272ad102772761a8c0b5d5240e589e48a4f85ab8c3e1bd030327e7c87428ee44d13 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327 -+Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159 -+Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988 -+Ctrl.type = type:F -+Output = ce109babe86778542856e3934be12decd239120a4dcb948a0154c4cb7b8ac0a4a3cbd682698086123e6c0481ee351bd9fedfba58d37f7814ba9c2b584f6cfedf -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541 -+Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f -+Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298 -+Ctrl.type = type:A -+Output = 6a71fc98f044591d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541 -+Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f -+Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298 -+Ctrl.type = type:B -+Output = 9f1a35a5c79014c0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541 -+Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f -+Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298 -+Ctrl.type = type:C -+Output = 377901cc72e4c06e30e27b03902f65c4a58b9d3f5cf43431 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541 -+Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f -+Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298 -+Ctrl.type = type:D -+Output = 82a9db94ea5c15dff736c3074a34951e828c8dfa3fef8596 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541 -+Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f -+Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298 -+Ctrl.type = type:E -+Output = b3ce0202c966df307a0729a4bb3fcd0ee55d4c521a144ecd285a470830f60685b2d751883d85ccd29fcc2481f3f442fdedd58d17528e8c4fb28473ee5e539706 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541 -+Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f -+Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298 -+Ctrl.type = type:F -+Output = c1ab7227f919cbda46cd6ac2bd4bb2ee5bd586cc55c7c1cb067df4c9a23209f716ff5e97ed76ebbc0354d683c5369937ca8db4cecf9e6c40886a186d9c4e2366 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0 -+Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3 -+Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3 -+Ctrl.type = type:A -+Output = 3832bf21b907daa3 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0 -+Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3 -+Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3 -+Ctrl.type = type:B -+Output = 4e04d7787ba7fa68 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0 -+Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3 -+Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3 -+Ctrl.type = type:C -+Output = d7be949edcfe4e4b877de1cc6a861fa721e137bf3dd1bb27 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0 -+Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3 -+Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3 -+Ctrl.type = type:D -+Output = 5361fc87e24ec3031d97f0099766ac9ff7b8f91ea87666de -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0 -+Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3 -+Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3 -+Ctrl.type = type:E -+Output = 40a6897606035ebb04907fa15e1545a8973b9b09423f3786be4bcb8db9e4561e0385bcf1e3c0cece5a788e9852ed1da56963f36bad78fede21405ce3ea92a3b8 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0 -+Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3 -+Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3 -+Ctrl.type = type:F -+Output = 727f9bade9334f97486f479c88614ce96b8cbc803a544fbfaf5fcaf0499a1b8edeb59daa1a824ca9b165879c63d9f0b6464bcd3121fb1ad29b38864fbaac7741 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f -+Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2 -+Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47 -+Ctrl.type = type:A -+Output = 3f077a02dc957eb1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f -+Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2 -+Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47 -+Ctrl.type = type:B -+Output = 3cc158e348e64a0a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f -+Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2 -+Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47 -+Ctrl.type = type:C -+Output = 8770fb6792c2fc16a60c9f45c8d40db684fe52de7c60b482 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f -+Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2 -+Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47 -+Ctrl.type = type:D -+Output = d417a07f1070a2e628424fa990ef436f137725a7cde43f1b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f -+Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2 -+Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47 -+Ctrl.type = type:E -+Output = 20b810e4f6a540724f269194e37969a10e340d45c557eabe72c41f08a9fad85ab44a9c362e7fc5eea9ed5dd9b84cc837d2aaa46ee71b355cb1dfefa8dc544d1e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f -+Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2 -+Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47 -+Ctrl.type = type:F -+Output = acd292ab652b49c7c2a5a35b93c31a71eeef8a629cbc6b1c782994ebc7566f7b0ae536cc0ccfe881bfd8cbfaff391fe23568fa5692198f188deff0c6d0808160 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497 -+Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5 -+Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79 -+Ctrl.type = type:A -+Output = 7cf213cec41701ff -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497 -+Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5 -+Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79 -+Ctrl.type = type:B -+Output = 81a44f6f95fff954 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497 -+Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5 -+Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79 -+Ctrl.type = type:C -+Output = e1610d85ea2c24b4af18076c2d7dc0c3f3b3bf1c8df232a4 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497 -+Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5 -+Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79 -+Ctrl.type = type:D -+Output = db146cbf4923693449b857fa927d112f3c8bd1bac73f618a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497 -+Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5 -+Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79 -+Ctrl.type = type:E -+Output = fac257f4544a0aa77659642c33a421cf27b2216a57399ff8ff48baab37519ce9c27f93bf447a02b3c10d9f9c6201745ed6ae28a13ff85e949e0e8048bf31e0c8 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497 -+Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5 -+Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79 -+Ctrl.type = type:F -+Output = 8532a1014a5a2feba5730823b0fb1781a7782a73f95a97697aedf60997e6cdf5107387be820b74c0e43e8caf42e83bbc703c6cd9d37b0e720aeacc115ce4633e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0 -+Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21 -+Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906 -+Ctrl.type = type:A -+Output = c5dffc4eb99a1c36 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0 -+Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21 -+Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906 -+Ctrl.type = type:B -+Output = 13cb7467ddf8ea7d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0 -+Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21 -+Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906 -+Ctrl.type = type:C -+Output = 4d77a9a1a36500d9ea0389e3813a201fb9b30751d1fcf0b3 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0 -+Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21 -+Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906 -+Ctrl.type = type:D -+Output = a0e4ec099492c752b98013d2176af6e601eeef3cdc2029a9 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0 -+Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21 -+Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906 -+Ctrl.type = type:E -+Output = b4035effa78e6da307f4c096226150e5cab92794192bba492ff8576da3fdbbfdc87fbf79721de0e8f38647261dcad096fd536c4f724f09782a4b684902a4b979 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0 -+Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21 -+Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906 -+Ctrl.type = type:F -+Output = eae8776eddb75cd4d14d2db129172bab92f0c8d2c8a439d4b63824c23e7481af502a45d2ebee77f3a801d658b59f6cbbdb797f479787ae4d5839b7ddf49ff908 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f -+Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a -+Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990 -+Ctrl.type = type:A -+Output = 31ef8e737ec154c0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f -+Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a -+Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990 -+Ctrl.type = type:B -+Output = c0bb41f2c51a0503 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f -+Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a -+Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990 -+Ctrl.type = type:C -+Output = 3f9058812f36f302dc5ada7de8f4271c435dfe4589f22a00 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f -+Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a -+Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990 -+Ctrl.type = type:D -+Output = b342a447abcb67f6819a19b8b300946c89739fabd049a6e0 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f -+Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a -+Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990 -+Ctrl.type = type:E -+Output = a5d70cb0a3e351be09b9600c9b97f2781236bf549209a1fbf3304af145af0941c6cd9923f1f30cec946e8dea96332d284e01a4d8bcc90721fe2e515504073cb8 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f -+Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a -+Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990 -+Ctrl.type = type:F -+Output = dbc3ea086a49e220306cbe57b942d9409cbd205dec20c7b79fd6998906d173bcb2bc2eb5b7eea4c1d84f3926836bd15e0565a17af735596050d6161d9682f2e7 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0 -+Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c -+Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5 -+Ctrl.type = type:A -+Output = 19d6bc79713a4622 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0 -+Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c -+Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5 -+Ctrl.type = type:B -+Output = 7de9caf89d325dcd -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0 -+Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c -+Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5 -+Ctrl.type = type:C -+Output = 1d5391d658abb9ec1b8df32cbf1db9a302a1301984ab06d4 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0 -+Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c -+Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5 -+Ctrl.type = type:D -+Output = 5d37dab50814543d8d8674f4f491d73d21973f20844c96a7 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0 -+Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c -+Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5 -+Ctrl.type = type:E -+Output = 3e882ae390a64c34f509bc9845df581987ae2524b2ff92d9243580168f32fa68750f3f732c8c5544c98fc585582fe743efbf55dd6c487fb5f9ffac1a156fa31c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0 -+Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c -+Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5 -+Ctrl.type = type:F -+Output = ce4bcf9cabe7ee7c0e216e64e5427ebd38cb41ba9e9a6d9ae441ca47d9278347a59afdf758ae7f7fd667ed3830bf9a33d7badfd40e2112580af514da9464a6d1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537 -+Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095 -+Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614 -+Ctrl.type = type:A -+Output = 93fbb01815b63533 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537 -+Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095 -+Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614 -+Ctrl.type = type:B -+Output = aea76dfe77a87471 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537 -+Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095 -+Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614 -+Ctrl.type = type:C -+Output = 73a55e25a0a8ec0899c1074bf0845fefd84e42f741897a3f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537 -+Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095 -+Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614 -+Ctrl.type = type:D -+Output = fead3a851502aa3c58734065eeaf3e63ed4c59c8f450bb1a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537 -+Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095 -+Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614 -+Ctrl.type = type:E -+Output = 55bde99a692820ad809eb0a62311f8f3e9469ba2ee4d782d5432628ca52d829b9c5bffc41b58232363f97c5dab603268b1997fbe9b9b34ab2aca3da27467b0c8 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537 -+Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095 -+Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614 -+Ctrl.type = type:F -+Output = 756f65746c861f0985f3dd7d2f08004897ccb22be2f1d3b4791ca0c51d5ee0da776dd03d7dfb7f4db6c6cd37899871e63d75f7f60dff8348c313e99409ad2db5 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb -+Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 -+Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 -+Ctrl.type = type:A -+Output = a626c34c0a74b56262110185a34cd810 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb -+Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 -+Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 -+Ctrl.type = type:B -+Output = 223d6fc57263da9ad61dad9759454e0f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb -+Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 -+Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 -+Ctrl.type = type:C -+Output = 7c803e07506969666f446400b2372eee -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb -+Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 -+Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 -+Ctrl.type = type:D -+Output = 4ad705fbc9e89c03c15f9dbbf34981df -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb -+Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 -+Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 -+Ctrl.type = type:E -+Output = 36cac32cab8b943cd9d2142559c467593bfaf30d0be71560245c8b38a5671901a858ccc637b0ef6966a2bbfb1a7f51f2cf6d52c4165ca000d52bd908405c305f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb -+Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 -+Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 -+Ctrl.type = type:F -+Output = 67d42301ce629c0f2a34b9dfb24ec60c138b4edc71f7123bb0db9447b3c915ebd8c54d3b20af04e30b484be3a2d4136f5d5c46f9c56de189b91fec78ecd53e1c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a -+Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71 -+Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6 -+Ctrl.type = type:A -+Output = 8ebbf0e9afd9f108498f1543104ba8e2 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a -+Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71 -+Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6 -+Ctrl.type = type:B -+Output = 38bfe6bed75f77675fa36d76b63816a4 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a -+Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71 -+Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6 -+Ctrl.type = type:C -+Output = f759f0ad2d72980f6b12f0fb317222f3 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a -+Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71 -+Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6 -+Ctrl.type = type:D -+Output = 39f294ec25afb520f5d7f1064b7078c9 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a -+Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71 -+Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6 -+Ctrl.type = type:E -+Output = ff2ad139997ff26e7f4393e49d57d5fc973ddb6225d8f4b5fe990e46b9943772f0d33aa98d01089ff0aeb5740bd388ada35dc44240180c99e522c817dedfc2cd -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a -+Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71 -+Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6 -+Ctrl.type = type:F -+Output = a670c9583c71f403207a192700d5e4fd7a007b60a4617b7f93708399a0cb771af08b9e5f4237e6975f055d6f0a4d91523fa0805013df6ae4a19f077646f1cd4b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066 -+Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22 -+Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63 -+Ctrl.type = type:A -+Output = f68353f802d39a43c728641e44087cc5 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066 -+Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22 -+Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63 -+Ctrl.type = type:B -+Output = 23c2377f826f77519871941b62cb9fdd -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066 -+Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22 -+Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63 -+Ctrl.type = type:C -+Output = c92b86a099e2605037d531746a6af7cb -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066 -+Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22 -+Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63 -+Ctrl.type = type:D -+Output = 1517de253a5b9f7d9c4c3f234b27392e -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066 -+Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22 -+Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63 -+Ctrl.type = type:E -+Output = be48a82cd246cf4d6ddb397a39f1ed62d98b5265e75190624a523033796d05046d63e0810b4b7a6efe9b834cb043871203638557063968910ad1cfa0abe62bb1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066 -+Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22 -+Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63 -+Ctrl.type = type:F -+Output = 0c9af3775d5dc49a1b9b85fa18420ce1ca10d5159f83f9e078c217289688639dbce5f85665f866d8f93b2c6823bc7b2655830d8bb51fba945ce6eac2b0e6ce8a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda -+Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73 -+Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292 -+Ctrl.type = type:A -+Output = 7b802a74d216a41f7708c597b9053223 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda -+Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73 -+Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292 -+Ctrl.type = type:B -+Output = 355223971bed70b804d191b64cde39e6 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda -+Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73 -+Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292 -+Ctrl.type = type:C -+Output = 925f2b036ac2682e20f022377499c3e1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda -+Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73 -+Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292 -+Ctrl.type = type:D -+Output = 37ae2bbbb1603c07d5274fc8f57126dc -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda -+Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73 -+Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292 -+Ctrl.type = type:E -+Output = 8b36c7e175797bf7bbb079ac5d06e6f7f62fc5a957e0fefab7df565eb72ae0586dbebad978975aaa35846de667b44b7174315b2b932f0be538fba76b92531019 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda -+Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73 -+Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292 -+Ctrl.type = type:F -+Output = 388ef310bce13188df3fd6285576041754a281548fcc6a212e0de564db661640320130e4df4a6ff31162edaa7ced5b7f05f3456f674ee8be0b03424142058795 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478 -+Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8 -+Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8 -+Ctrl.type = type:A -+Output = efeb5305eda69b0bd6999b4a27479667 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478 -+Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8 -+Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8 -+Ctrl.type = type:B -+Output = 806fca9189c02e7ec2a6459387b03506 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478 -+Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8 -+Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8 -+Ctrl.type = type:C -+Output = 9e542282d0db345a6ba20eba7c5de531 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478 -+Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8 -+Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8 -+Ctrl.type = type:D -+Output = 41e7962b57a67f75072f15a5ba405d15 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478 -+Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8 -+Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8 -+Ctrl.type = type:E -+Output = 7bf8f25fd155e41d1dc85cc814704dd8732275b3a53dc1b8c6b330c08f307b5c0da31606cb7eaa1b37b2721f4a1bf70a6885c30d17d7acd32fcc894768fe4106 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478 -+Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8 -+Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8 -+Ctrl.type = type:F -+Output = 66b8f8c1a38120c73cc55950455a69c426fda44b9c66c3becaf259dd57a620e5ed3a749a486d05eab52c289f489581cb655865d4388a81e79b06bd105e3ae858 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce -+Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78 -+Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b -+Ctrl.type = type:A -+Output = 8f6ac18ff5300849be34602630bb4102 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce -+Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78 -+Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b -+Ctrl.type = type:B -+Output = f2b45df2508656758529a1f4679839fd -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce -+Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78 -+Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b -+Ctrl.type = type:C -+Output = 3356d58f61bcca506058e0990c9821f5 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce -+Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78 -+Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b -+Ctrl.type = type:D -+Output = 78495438a5326cca5351a239545941c1 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce -+Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78 -+Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b -+Ctrl.type = type:E -+Output = dcfc5d099f5040513f76b012ab62ee45d5d8271aec9cbbdd1e1f7e0806f363d21c2eca730f9489ee70fbc7490a1901587b1d418c0e4f429c8098cd793c6d285c -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce -+Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78 -+Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b -+Ctrl.type = type:F -+Output = a75817465c73517bd7884dcd230464583ae491ae5e39330873cd7a967188022cad63e712c7ec261abdb34c01bddd8989dfce8f5d8a8cdbdcc305429b3fd93c76 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6 -+Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972 -+Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738 -+Ctrl.type = type:A -+Output = 4fa1b8c53d25f7c1adb4810c46b48ae7 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6 -+Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972 -+Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738 -+Ctrl.type = type:B -+Output = 3c453d0f50b7f41826e74e5cce5b5996 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6 -+Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972 -+Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738 -+Ctrl.type = type:C -+Output = 22f47a00a5de0f56b3e586357eeebe57 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6 -+Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972 -+Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738 -+Ctrl.type = type:D -+Output = 8d32d1945e93c4982bd106567f8e481f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6 -+Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972 -+Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738 -+Ctrl.type = type:E -+Output = 9eefe581b1514160f81c94193d374d8f85879136e9ae494c487119b1974aac3e143948f656c1c1e837ff1368ef0d997cd3ca9f46c71056269eb8a1da8daf5678 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6 -+Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972 -+Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738 -+Ctrl.type = type:F -+Output = 8dd76f59e6692ff642894ee1bb147f3e1490cac944af29de6b2b5abcc4ab9eb41d236e9cd2f40cf83935097f307a246d7b35005dd302bacfe7e4fed37d2f46e9 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973 -+Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23 -+Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5 -+Ctrl.type = type:A -+Output = f335b3ab270d7e686c5e023b3a2da75b -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973 -+Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23 -+Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5 -+Ctrl.type = type:B -+Output = 857c9245c67bad84b7377c424c5e7e7a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973 -+Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23 -+Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5 -+Ctrl.type = type:C -+Output = 1c44ef56440f5856bdfd951305fd81e4 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973 -+Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23 -+Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5 -+Ctrl.type = type:D -+Output = 8d3496ac631bb3588abbb13d4ae2dc2d -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973 -+Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23 -+Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5 -+Ctrl.type = type:E -+Output = ac7899494cfcebbdaa8ee7c343a0a458228a0a5e59730c928e9c8775487e57c3a5f34fdb72c1b3b57cc35e0356e4b7c6a56368e74c68a017538a5b484886ec81 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973 -+Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23 -+Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5 -+Ctrl.type = type:F -+Output = d32d849b488594d0b8efce91604296393b2240121f2ed51fb7c0bb5b371c33775d184ffaf3028306bc8040b21887f6885e5916ae158ef74a3ba09a1f30654f1a -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800 -+Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa -+Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13 -+Ctrl.type = type:A -+Output = 5aa8ed531557a1dc934ed667029e062f -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800 -+Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa -+Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13 -+Ctrl.type = type:B -+Output = 11a810c69785949d5a0ef6eeff960fb4 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800 -+Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa -+Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13 -+Ctrl.type = type:C -+Output = 54e9402e4f85b08c271b2a9f15d56c75 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800 -+Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa -+Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13 -+Ctrl.type = type:D -+Output = 838209e0ebe7626cf6482f25c7774bfd -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800 -+Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa -+Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13 -+Ctrl.type = type:E -+Output = bc62048ddb762ac50336ae0e91a402cc78e73472fe180756a4686299967d2904318b8ad1b8dc622edd75e9ff0e74f7fcb8a1f8acb86e2567a5167084c648c7ef -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800 -+Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa -+Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13 -+Ctrl.type = type:F -+Output = 4e9644a01a3fe6c3f4f5aceddb00e2584e277354aee6392a1a5aef05024d37fcf25ff46fdd8fe52e7d1dd9a96e77328aadf44b8fc92ac22a14f63d64ad0db621 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e -+Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2 -+Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85 -+Ctrl.type = type:A -+Output = 77cb432c67bf0ae658aa4e34376d01b5 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e -+Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2 -+Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85 -+Ctrl.type = type:B -+Output = f55c74d112746001d8908edd347d7e69 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e -+Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2 -+Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85 -+Ctrl.type = type:C -+Output = 34a48ab90890b385198ea6bf8c50c3f6 -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e -+Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2 -+Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85 -+Ctrl.type = type:D -+Output = f2b6046d3439c50a9000a63909146abc -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e -+Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2 -+Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85 -+Ctrl.type = type:E -+Output = 70357486ca57c93418c6705b731b054bc41be03289c25a5ed29a937732807ae10a3604486c53d1f2431411808d87bfbaa6b25971fa2e4ec3719b5d2622aed2ff -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA512 -+Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e -+Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2 -+Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85 -+Ctrl.type = type:F -+Output = 4e6428f7a87455bdef6026cdf68a2f6d93d6cda5145d6bca60ee4eb2d6248b399f6568c65ec92cee8d9b0c7fd83053c91c5be72bf96b5904080624a348243899 -+ -+Title = SSHKDF test error conditions -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.type = type:A -+Output = FF -+Result = KDF_DERIVE_ERROR -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 -+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.type = type:A -+Output = FF -+Result = KDF_DERIVE_ERROR -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 -+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.type = type:A -+Output = FF -+Result = KDF_DERIVE_ERROR -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 -+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Output = FF -+Result = KDF_DERIVE_ERROR -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 -+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.type = type:X -+Output = FF -+Result = KDF_CTRL_ERROR -+ -+KDF = SSHKDF -+Ctrl.md = md:SHA1 -+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 -+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 -+Ctrl.type = type:A -+Output = FF -+Result = KDF_MISMATCH -From 148cc5ee246e108b1e7332035037bab53574b0a9 Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Thu, 18 Apr 2019 08:26:29 -0400 -Subject: [PATCH] Change the digest string from "md" to "digest" - -Conform to other modules which were changed at the last minute and this -discrepancy was not noticed. -Retain "md" as an alias so not to break 3rd party backports/tests scripts. - -Signed-off-by: Simo Sorce ---- - crypto/kdf/sshkdf.c | 3 +++ - test/recipes/20-test_kdf.t | 2 +- - 2 files changed, 4 insertions(+), 1 deletion(-) - mode change 100644 => 100755 test/recipes/20-test_kdf.t - -diff --git a/crypto/kdf/sshkdf.c b/crypto/kdf/sshkdf.c -index 300e1adbb23..f585e8a0d6d 100644 ---- a/crypto/kdf/sshkdf.c -+++ b/crypto/kdf/sshkdf.c -@@ -125,6 +125,9 @@ static int kdf_sshkdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type, - return 0; - } - -+ if (strcmp(type, "digest") == 0) -+ return kdf_md2ctrl(impl, kdf_sshkdf_ctrl, EVP_KDF_CTRL_SET_MD, value); -+ /* alias, for historical reasons */ - if (strcmp(type, "md") == 0) - return kdf_md2ctrl(impl, kdf_sshkdf_ctrl, EVP_KDF_CTRL_SET_MD, value); - diff --git a/openssl-1.1.1-ts-sha256-default.patch b/openssl-1.1.1-ts-sha256-default.patch deleted file mode 100644 index 2a1dd6c..0000000 --- a/openssl-1.1.1-ts-sha256-default.patch +++ /dev/null @@ -1,70 +0,0 @@ -diff -up openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default openssl-1.1.1h/apps/openssl.cnf ---- openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default 2020-11-06 11:07:28.850100899 +0100 -+++ openssl-1.1.1h/apps/openssl.cnf 2020-11-06 11:11:28.042913791 +0100 -@@ -364,5 +348,5 @@ tsa_name = yes # Must the TSA name be i - # (optional, default: no) - ess_cert_id_chain = no # Must the ESS cert id chain be included? - # (optional, default: no) --ess_cert_id_alg = sha1 # algorithm to compute certificate -+ess_cert_id_alg = sha256 # algorithm to compute certificate - # identifier (optional, default: sha1) -diff -up openssl-1.1.1h/apps/ts.c.ts-sha256-default openssl-1.1.1h/apps/ts.c ---- openssl-1.1.1h/apps/ts.c.ts-sha256-default 2020-09-22 14:55:07.000000000 +0200 -+++ openssl-1.1.1h/apps/ts.c 2020-11-06 11:07:28.883101220 +0100 -@@ -423,7 +423,7 @@ static TS_REQ *create_query(BIO *data_bi - ASN1_OBJECT *policy_obj = NULL; - ASN1_INTEGER *nonce_asn1 = NULL; - -- if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL) -+ if (md == NULL && (md = EVP_get_digestbyname("sha256")) == NULL) - goto err; - if ((ts_req = TS_REQ_new()) == NULL) - goto err; -diff -up openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default openssl-1.1.1h/crypto/ts/ts_conf.c ---- openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default 2020-11-06 12:03:51.226372867 +0100 -+++ openssl-1.1.1h/crypto/ts/ts_conf.c 2020-11-06 12:04:01.713488990 +0100 -@@ -476,7 +476,7 @@ int TS_CONF_set_ess_cert_id_digest(CONF - const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG); - - if (md == NULL) -- md = "sha1"; -+ md = "sha256"; - - cert_md = EVP_get_digestbyname(md); - if (cert_md == NULL) { -diff -up openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default openssl-1.1.1h/doc/man1/ts.pod ---- openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default 2020-09-22 14:55:07.000000000 +0200 -+++ openssl-1.1.1h/doc/man1/ts.pod 2020-11-06 11:07:28.883101220 +0100 -@@ -518,7 +518,7 @@ included. Default is no. (Optional) - =item B - - This option specifies the hash function to be used to calculate the TSA's --public key certificate identifier. Default is sha1. (Optional) -+public key certificate identifier. Default is sha256. (Optional) - - =back - -@@ -530,7 +530,7 @@ openssl/apps/openssl.cnf will do. - - =head2 Time Stamp Request - --To create a timestamp request for design1.txt with SHA-1 -+To create a timestamp request for design1.txt with SHA-256 - without nonce and policy and no certificate is required in the response: - - openssl ts -query -data design1.txt -no_nonce \ -@@ -546,12 +546,12 @@ To print the content of the previous req - - openssl ts -query -in design1.tsq -text - --To create a timestamp request which includes the MD-5 digest -+To create a timestamp request which includes the SHA-512 digest - of design2.txt, requests the signer certificate and nonce, - specifies a policy id (assuming the tsa_policy1 name is defined in the - OID section of the config file): - -- openssl ts -query -data design2.txt -md5 \ -+ openssl ts -query -data design2.txt -sha512 \ - -tspolicy tsa_policy1 -cert -out design2.tsq - - =head2 Time Stamp Response diff --git a/openssl-1.1.1-version-add-engines.patch b/openssl-1.1.1-version-add-engines.patch deleted file mode 100644 index 3c3f58e..0000000 --- a/openssl-1.1.1-version-add-engines.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -up openssl-1.1.1-pre8/apps/version.c.version-add-engines openssl-1.1.1-pre8/apps/version.c ---- openssl-1.1.1-pre8/apps/version.c.version-add-engines 2018-06-20 16:48:09.000000000 +0200 -+++ openssl-1.1.1-pre8/apps/version.c 2018-07-16 18:00:40.608624346 +0200 -@@ -64,7 +64,7 @@ int version_main(int argc, char **argv) - { - int ret = 1, dirty = 0, seed = 0; - int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0; -- int engdir = 0; -+ int engdir = 0, engines = 0; - char *prog; - OPTION_CHOICE o; - -@@ -106,7 +106,7 @@ opthelp: - break; - case OPT_A: - seed = options = cflags = version = date = platform = dir = engdir -- = 1; -+ = engines = 1; - break; - } - } -@@ -188,6 +188,16 @@ opthelp: - #endif - printf("\n"); - } -+ if (engines) { -+ ENGINE *e; -+ printf("engines: "); -+ e = ENGINE_get_first(); -+ while (e) { -+ printf("%s ", ENGINE_get_id(e)); -+ e = ENGINE_get_next(e); -+ } -+ printf("\n"); -+ } - ret = 0; - end: - return ret; diff --git a/openssl-1.1.1-version-override.patch b/openssl-1.1.1-version-override.patch deleted file mode 100644 index b89ebc6..0000000 --- a/openssl-1.1.1-version-override.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssl-1.1.1i/include/openssl/opensslv.h.version-override openssl-1.1.1i/include/openssl/opensslv.h ---- openssl-1.1.1i/include/openssl/opensslv.h.version-override 2020-12-09 10:25:12.042374409 +0100 -+++ openssl-1.1.1i/include/openssl/opensslv.h 2020-12-09 10:26:00.362769170 +0100 -@@ -40,7 +40,7 @@ extern "C" { - * major minor fix final patch/beta) - */ - # define OPENSSL_VERSION_NUMBER 0x101010bfL --# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1k 25 Mar 2021" -+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1k FIPS 25 Mar 2021" - - /*- - * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/openssl-1.1.1-weak-ciphers.patch b/openssl-1.1.1-weak-ciphers.patch deleted file mode 100644 index 0083643..0000000 --- a/openssl-1.1.1-weak-ciphers.patch +++ /dev/null @@ -1,57 +0,0 @@ -diff -up openssl-1.1.1/ssl/s3_lib.c.weak-ciphers openssl-1.1.1/ssl/s3_lib.c ---- openssl-1.1.1/ssl/s3_lib.c.weak-ciphers 2018-09-11 14:48:23.000000000 +0200 -+++ openssl-1.1.1/ssl/s3_lib.c 2018-09-17 12:53:33.850637181 +0200 -@@ -2612,7 +2612,7 @@ static SSL_CIPHER ssl3_ciphers[] = { - SSL_GOST89MAC, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, -- SSL_HIGH, -+ SSL_MEDIUM, - SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, - 256, - 256, -@@ -2644,7 +2644,7 @@ static SSL_CIPHER ssl3_ciphers[] = { - SSL_GOST89MAC12, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, -- SSL_HIGH, -+ SSL_MEDIUM, - SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, - 256, - 256, -@@ -2753,7 +2753,7 @@ static SSL_CIPHER ssl3_ciphers[] = { - }, - #endif /* OPENSSL_NO_SEED */ - --#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS -+#if 0 /* No MD5 ciphersuites */ - { - 1, - SSL3_TXT_RSA_RC4_128_MD5, -@@ -2770,6 +2770,8 @@ static SSL_CIPHER ssl3_ciphers[] = { - 128, - 128, - }, -+#endif -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - SSL3_TXT_RSA_RC4_128_SHA, -@@ -2786,6 +2788,8 @@ static SSL_CIPHER ssl3_ciphers[] = { - 128, - 128, - }, -+#endif -+#if 0 - { - 1, - SSL3_TXT_ADH_RC4_128_MD5, -@@ -2802,6 +2806,8 @@ static SSL_CIPHER ssl3_ciphers[] = { - 128, - 128, - }, -+#endif -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA, diff --git a/openssl.spec b/openssl.spec index 03638aa..2be384c 100644 --- a/openssl.spec +++ b/openssl.spec @@ -1,17 +1,10 @@ # For the curious: -# 0.9.5a soversion = 0 -# 0.9.6 soversion = 1 -# 0.9.6a soversion = 2 -# 0.9.6c soversion = 3 -# 0.9.7a soversion = 4 -# 0.9.7ef soversion = 5 -# 0.9.8ab soversion = 6 -# 0.9.8g soversion = 7 # 0.9.8jk + EAP-FAST soversion = 8 # 1.0.0 soversion = 10 # 1.1.0 soversion = 1.1 (same as upstream although presence of some symbols # depends on build configuration options) -%define soversion 1.1 +# 3.0.0 soversion = 3 (same as upstream) +%define soversion 3 # Arches on which we need to prevent arch conflicts on opensslconf.h, must # also be handled in opensslconf-new.h. @@ -21,8 +14,8 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 1.1.1k -Release: 1%{?dist} +Version: 3.0.0 +Release: 0.alpha13.1%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -30,54 +23,40 @@ Epoch: 1 Source: openssl-%{version}-hobbled.tar.xz Source1: hobble-openssl Source2: Makefile.certificate +Source3: genpatches Source6: make-dummy-cert Source7: renew-dummy-cert -Source9: opensslconf-new.h -Source10: opensslconf-new-warning.h -Source11: README.FIPS +Source9: configuration-switch.h +Source10: configuration-prefix.h Source12: ec_curve.c Source13: ectest.c -# Build changes -Patch1: openssl-1.1.1-build.patch -Patch2: openssl-1.1.1-defaults.patch -Patch3: openssl-1.1.1-no-html.patch -Patch4: openssl-1.1.1-man-rename.patch -# Functionality changes -Patch31: openssl-1.1.1-conf-paths.patch -Patch32: openssl-1.1.1-version-add-engines.patch -Patch33: openssl-1.1.1-apps-dgst.patch -Patch36: openssl-1.1.1-no-brainpool.patch -Patch37: openssl-1.1.1-ec-curves.patch -Patch38: openssl-1.1.1-no-weak-verify.patch -Patch40: openssl-1.1.1-disable-ssl3.patch -Patch41: openssl-1.1.1-system-cipherlist.patch -Patch42: openssl-1.1.1-fips.patch -Patch44: openssl-1.1.1-version-override.patch -Patch45: openssl-1.1.1-weak-ciphers.patch -Patch46: openssl-1.1.1-seclevel.patch -Patch47: openssl-1.1.1-ts-sha256-default.patch -Patch48: openssl-1.1.1-fips-post-rand.patch -Patch49: openssl-1.1.1-evp-kdf.patch -Patch50: openssl-1.1.1-ssh-kdf.patch -Patch51: openssl-1.1.1-intel-cet.patch -Patch60: openssl-1.1.1-krb5-kdf.patch -Patch61: openssl-1.1.1-edk2-build.patch -Patch62: openssl-1.1.1-fips-curves.patch -Patch65: openssl-1.1.1-fips-drbg-selftest.patch -Patch66: openssl-1.1.1-fips-dh.patch -Patch67: openssl-1.1.1-kdf-selftest.patch -Patch69: openssl-1.1.1-alpn-cb.patch -Patch70: openssl-1.1.1-rewire-fips-drbg.patch -# Backported fixes including security fixes -Patch52: openssl-1.1.1-s390x-update.patch -Patch53: openssl-1.1.1-fips-crng-test.patch -Patch55: openssl-1.1.1-arm-update.patch -Patch56: openssl-1.1.1-s390x-ecc.patch - -License: OpenSSL and ASL 2.0 +# Patches exported from source git +# Aarch64 and ppc64le use lib64 +Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch +# Use more general default values in openssl.cnf +Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch +# Do not install html docs +Patch3: 0003-Do-not-install-html-docs.patch +# Override default paths for the CA directory tree +Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch +# apps/ca: fix md option help text +Patch5: 0005-apps-ca-fix-md-option-help-text.patch +# Disable signature verification with totally unsafe hash algorithms +Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch +# Add support for PROFILE=SYSTEM system default cipherlist +Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +# Add FIPS_mode() compatibility macro +Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch +# Add check to see if fips flag is enabled in kernel +Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch +# Fixes EVP extra test by removing 7 unsupported curves +Patch10: 0010-Fix-EVP-extra-test-with-OPENSSL_NO_EC2M.patch +# remove unsupported EC curves +Patch11: 0011-Remove-EC-curves.patch + +License: ASL 2.0 and OpenSSL URL: http://www.openssl.org/ -BuildRequires: make BuildRequires: gcc BuildRequires: coreutils, perl-interpreter, sed, zlib-devel, /usr/bin/cmp BuildRequires: lksctp-tools-devel @@ -86,8 +65,9 @@ BuildRequires: /usr/bin/pod2man BuildRequires: /usr/sbin/sysctl BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt) BuildRequires: perl(Module::Load::Conditional), perl(File::Temp) -BuildRequires: perl(Time::HiRes) -BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy) +BuildRequires: perl(Time::HiRes), perl(IPC::Cmd), perl(Pod::Html) +BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy), perl(bigint) +BuildRequires: git-core Requires: coreutils Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} @@ -102,7 +82,6 @@ Summary: A general purpose cryptography library with TLS implementation Requires: ca-certificates >= 2008-5 Requires: crypto-policies >= 20180730 Recommends: openssl-pkcs11%{?_isa} -Provides: openssl-fips = %{epoch}:%{version}-%{release} %description libs OpenSSL is a toolkit for supporting cryptography. The openssl-libs @@ -119,16 +98,6 @@ OpenSSL is a toolkit for supporting cryptography. The openssl-devel package contains include files needed to develop applications which support various cryptographic algorithms and protocols. -%package static -Summary: Libraries for static linking of applications which will use OpenSSL -Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release} - -%description static -OpenSSL is a toolkit for supporting cryptography. The openssl-static -package contains static libraries needed for static linking of -applications which support various cryptographic algorithms and -protocols. - %package perl Summary: Perl scripts provided with OpenSSL Requires: perl-interpreter @@ -140,7 +109,7 @@ package provides Perl scripts for converting certificates and keys from other formats to the formats used by the OpenSSL toolkit. %prep -%setup -q -n %{name}-%{version} +%autosetup -S git -n %{name}-%{version}-alpha13 # The hobble_openssl is called here redundantly, just to be sure. # The tarball has already the sources removed. @@ -149,42 +118,6 @@ from other formats to the formats used by the OpenSSL toolkit. cp %{SOURCE12} crypto/ec/ cp %{SOURCE13} test/ -%patch1 -p1 -b .build %{?_rawbuild} -%patch2 -p1 -b .defaults -%patch3 -p1 -b .no-html %{?_rawbuild} -%patch4 -p1 -b .man-rename - -%patch31 -p1 -b .conf-paths -%patch32 -p1 -b .version-add-engines -%patch33 -p1 -b .dgst -%patch36 -p1 -b .no-brainpool -%patch37 -p1 -b .curves -%patch38 -p1 -b .no-weak-verify -%patch40 -p1 -b .disable-ssl3 -%patch41 -p1 -b .system-cipherlist -%patch42 -p1 -b .fips -%patch44 -p1 -b .version-override -%patch45 -p1 -b .weak-ciphers -%patch46 -p1 -b .seclevel -%patch47 -p1 -b .ts-sha256-default -%patch48 -p1 -b .fips-post-rand -%patch49 -p1 -b .evp-kdf -%patch50 -p1 -b .ssh-kdf -%patch51 -p1 -b .intel-cet -%patch52 -p1 -b .s390x-update -%patch53 -p1 -b .crng-test -%patch55 -p1 -b .arm-update -%patch56 -p1 -b .s390x-ecc -%patch60 -p1 -b .krb5-kdf -%patch61 -p1 -b .edk2-build -%patch62 -p1 -b .fips-curves -%patch65 -p1 -b .drbg-selftest -%patch66 -p1 -b .fips-dh -%patch67 -p1 -b .kdf-selftest -%patch69 -p1 -b .alpn-cb -%patch70 -p1 -b .rewire-fips-drbg - - %build # Figure out which flags we want to use. # default @@ -261,9 +194,8 @@ export HASHBANGPERL=/usr/bin/perl --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \ zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ - enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \ - enable-weak-ssl-ciphers \ - no-mdc2 no-ec2m no-sm2 no-sm4 \ + enable-cms enable-md2 enable-rc5 enable-ktls \ + no-idea no-mdc2 no-ec2m no-sm2 no-sm4 \ shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""' # Do not run this in a production package the FIPS symbols must be patched-in @@ -271,9 +203,6 @@ export HASHBANGPERL=/usr/bin/perl make all -# Overwrite FIPS README -cp -f %{SOURCE11} . - # Clean up the .pc files for i in libcrypto.pc libssl.pc openssl.pc ; do sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i @@ -285,19 +214,13 @@ done # Hack - either enable SCTP AUTH chunks in kernel or disable sctp for check (sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \ (echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' && - sed '/"zlib-dynamic" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \ + sed '/"msan" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \ touch -r configdata.pm configdata.pm.new && \ mv -f configdata.pm.new configdata.pm) -# We must revert patch31 before tests otherwise they will fail -patch -p1 -R < %{PATCH31} +# We must revert patch4 before tests otherwise they will fail +patch -p1 -R < %{PATCH4} -LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} -export LD_LIBRARY_PATH -crypto/fips/fips_standalone_hmac libcrypto.so.%{soversion} >.libcrypto.so.%{soversion}.hmac -ln -s .libcrypto.so.%{soversion}.hmac .libcrypto.so.hmac -crypto/fips/fips_standalone_hmac libssl.so.%{soversion} >.libssl.so.%{soversion}.hmac -ln -s .libssl.so.%{soversion}.hmac .libssl.so.hmac OPENSSL_ENABLE_MD5_VERIFY= export OPENSSL_ENABLE_MD5_VERIFY OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file @@ -305,15 +228,15 @@ export OPENSSL_SYSTEM_CIPHERS_OVERRIDE make test # Add generation of HMAC checksum of the final stripped library -%define __spec_install_post \ - %{?__debug_package:%{__debug_install_post}} \ - %{__arch_install_post} \ - %{__os_install_post} \ - crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \ - ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \ - crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \ - ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \ -%{nil} +#%define __spec_install_post \ +# %{?__debug_package:%{__debug_install_post}} \ +# %{__arch_install_post} \ +# %{__os_install_post} \ +# crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \ +# ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \ +# crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \ +# ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \ +#%{nil} %define __provides_exclude_from %{_libdir}/openssl @@ -329,6 +252,11 @@ for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion} done +# Remove static libraries +for lib in $RPM_BUILD_ROOT%{_libdir}/*.a ; do + rm -f ${lib} +done + # Install a makefile for generating keys and self-signed certs, and a script # for generating them on the fly. mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs @@ -342,24 +270,7 @@ mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir} # Rename man pages so that they don't conflict with other system man pages. pushd $RPM_BUILD_ROOT%{_mandir} -ln -s -f config.5 man5/openssl.cnf.5 -for manpage in man*/* ; do - if [ -L ${manpage} ]; then - TARGET=`ls -l ${manpage} | awk '{ print $NF }'` - ln -snf ${TARGET}ssl ${manpage}ssl - rm -f ${manpage} - else - mv ${manpage} ${manpage}ssl - fi -done -for conflict in passwd rand ; do - rename ${conflict} ssl${conflict} man*/${conflict}* -# Fix dangling symlinks - manpage=man1/openssl-${conflict}.* - if [ -L ${manpage} ] ; then - ln -snf ssl${conflict}.1ssl ${manpage} - fi -done +mv man5/config.5 man5/openssl.cnf.5 popd mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA @@ -396,39 +307,36 @@ sed -i '/^\#ifndef OPENSSL_NO_SSL_TRACE/i\ #endif' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h %ifarch %{multilib_arches} -# Do an opensslconf.h switcheroo to avoid file conflicts on systems where you +# Do an configuration.h switcheroo to avoid file conflicts on systems where you # can have both a 32- and 64-bit version of the library, and they each need # their own correct-but-different versions of opensslconf.h to be usable. install -m644 %{SOURCE10} \ - $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h -cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h >> \ - $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h + $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration-${basearch}.h +cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h >> \ + $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration-${basearch}.h install -m644 %{SOURCE9} \ - $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h + $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h %endif LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} export LD_LIBRARY_PATH %files %{!?_licensedir:%global license %%doc} -%license LICENSE -%doc FAQ NEWS README README.FIPS +%license LICENSE.txt +%doc NEWS.md README.md %{_bindir}/make-dummy-cert %{_bindir}/renew-dummy-cert %{_bindir}/openssl -%{_mandir}/man1*/* -%{_mandir}/man5*/* -%{_mandir}/man7*/* +%{_mandir}/man1/* +%{_mandir}/man5/* +%{_mandir}/man7/* %{_pkgdocdir}/Makefile.certificate -%exclude %{_mandir}/man1*/*.pl* -%exclude %{_mandir}/man1*/c_rehash* -%exclude %{_mandir}/man1*/openssl-c_rehash* -%exclude %{_mandir}/man1*/tsget* -%exclude %{_mandir}/man1*/openssl-tsget* +%exclude %{_mandir}/man1/*.pl* +%exclude %{_mandir}/man1/tsget* %files libs %{!?_licensedir:%global license %%doc} -%license LICENSE +%license LICENSE.txt %dir %{_sysconfdir}/pki/tls %dir %{_sysconfdir}/pki/tls/certs %dir %{_sysconfdir}/pki/tls/misc @@ -436,32 +344,25 @@ export LD_LIBRARY_PATH %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf %config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf %attr(0755,root,root) %{_libdir}/libcrypto.so.%{version} -%attr(0755,root,root) %{_libdir}/libcrypto.so.%{soversion} +%{_libdir}/libcrypto.so.%{soversion} %attr(0755,root,root) %{_libdir}/libssl.so.%{version} -%attr(0755,root,root) %{_libdir}/libssl.so.%{soversion} -%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac -%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac +%{_libdir}/libssl.so.%{soversion} %attr(0755,root,root) %{_libdir}/engines-%{soversion} +%attr(0755,root,root) %{_libdir}/ossl-modules %files devel -%doc CHANGES doc/dir-locals.example.el doc/openssl-c-indent.el +%doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el %{_prefix}/include/openssl %{_libdir}/*.so -%{_mandir}/man3*/* +%{_mandir}/man3/* %{_libdir}/pkgconfig/*.pc -%files static -%{_libdir}/*.a - %files perl %{_bindir}/c_rehash %{_bindir}/*.pl %{_bindir}/tsget -%{_mandir}/man1*/*.pl* -%{_mandir}/man1*/c_rehash* -%{_mandir}/man1*/openssl-c_rehash* -%{_mandir}/man1*/tsget* -%{_mandir}/man1*/openssl-tsget* +%{_mandir}/man1/*.pl* +%{_mandir}/man1/tsget* %dir %{_sysconfdir}/pki/CA %dir %{_sysconfdir}/pki/CA/private %dir %{_sysconfdir}/pki/CA/certs @@ -471,1750 +372,6 @@ export LD_LIBRARY_PATH %ldconfig_scriptlets libs %changelog -* Fri Mar 26 2021 Sahana Prasad - 1:1.1.1k-1 -- Upgrade to version 1.1.1.k - -* Tue Feb 23 2021 Sahana Prasad - 1:1.1.1j-1 -- Upgrade to version 1.1.1.j - -* Wed Feb 10 2021 Sahana Prasad - 1:1.1.1i-3 -- Fix regression in X509_verify_cert() (bz1916594) - -* Tue Jan 26 2021 Fedora Release Engineering - 1:1.1.1i-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Wed Dec 9 2020 Tomáš Mráz 1.1.1i-1 -- Update to the 1.1.1i release fixing CVE-2020-1971 - -* Mon Nov 9 2020 Sahana Prasad - 1.1.1h-1 -- Upgrade to version 1.1.1.h - -* Tue Jul 28 2020 Fedora Release Engineering - 1:1.1.1g-15 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Tue Jul 21 2020 Tom Stellard - 1:1.1.1g-14 -- Use make macros -- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro - -* Mon Jul 20 2020 Tomáš Mráz 1.1.1g-13 -- Additional FIPS mode check for EC key generation - -* Fri Jul 17 2020 Tomáš Mráz 1.1.1g-12 -- Further changes for SP 800-56A rev3 requirements - -* Mon Jun 22 2020 Tomáš Mráz 1.1.1g-11 -- Drop long ago obsolete part of the FIPS patch - -* Mon Jun 22 2020 Tomáš Mráz 1.1.1g-10 -- Rewire FIPS_drbg API to use the RAND_DRBG - -* Fri Jun 5 2020 Tomáš Mráz 1.1.1g-9 -- Disallow dropping Extended Master Secret extension - on renegotiation -- Return alert from s_server if ALPN protocol does not match -- SHA1 is allowed in @SECLEVEL=2 only if allowed by - TLS SigAlgs configuration - -* Wed Jun 3 2020 Tomáš Mráz 1.1.1g-8 -- Add FIPS selftest for PBKDF2 and KBKDF - -* Tue May 26 2020 Tomáš Mráz 1.1.1g-7 -- Use the well known DH groups in TLS - -* Mon May 25 2020 Tomáš Mráz 1.1.1g-6 -- Allow only well known DH groups in the FIPS mode - -* Thu May 21 2020 Adam Williamson - 1.1.1g-5 -- Re-apply the change from -2 now we have fixed nosync to work with it - -* Tue May 19 2020 Adam Williamson - 1.1.1g-4 -- Revert the change from -2 as it seems to cause segfaults in systemd - -* Mon May 18 2020 Tomáš Mráz 1.1.1g-3 -- pull some fixes and improvements from RHEL-8 - -* Fri May 15 2020 Tomáš Mráz 1.1.1g-2 -- FIPS module installed state definition is modified - -* Thu Apr 23 2020 Tomáš Mráz 1.1.1g-1 -- update to the 1.1.1g release - -* Tue Apr 7 2020 Tomáš Mráz 1.1.1f-1 -- update to the 1.1.1f release - -* Thu Mar 26 2020 Tomáš Mráz 1.1.1e-2 -- revert the unexpected EOF error reporting change as it is - too disruptive for the stable release branch - -* Fri Mar 20 2020 Tomáš Mráz 1.1.1e-1 -- update to the 1.1.1e release -- add selftest of the RAND_DRBG implementation -- fix incorrect error return value from FIPS_selftest_dsa - -* Mon Feb 17 2020 Tomáš Mráz 1.1.1d-7 -- apply Intel CET support patches by hjl (#1788699) - -* Wed Jan 29 2020 Fedora Release Engineering - 1:1.1.1d-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Thu Nov 21 2019 Tomáš Mráz 1.1.1d-5 -- allow zero length parameters in KDF_CTX_ctrl() - -* Thu Nov 14 2019 Tomáš Mráz 1.1.1d-4 -- backport of SSKDF from master - -* Wed Nov 13 2019 Tomáš Mráz 1.1.1d-3 -- backport of KBKDF and KRB5KDF from master - -* Thu Oct 3 2019 Tomáš Mráz 1.1.1d-2 -- re-enable the stitched AES-CBC-SHA implementations -- make AES-GCM work in FIPS mode again -- enable TLS-1.2 AES-CCM ciphers in FIPS mode -- fix openssl speed errors in FIPS mode - -* Fri Sep 13 2019 Tomáš Mráz 1.1.1d-1 -- update to the 1.1.1d release - -* Fri Sep 6 2019 Tomáš Mráz 1.1.1c-6 -- upstream fix for status request extension non-compliance (#1737471) - -* Thu Jul 25 2019 Fedora Release Engineering - 1:1.1.1c-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Mon Jun 24 2019 Tomáš Mráz 1.1.1c-4 -- do not try to use EC groups disallowed in FIPS mode - in TLS -- fix Valgrind regression with constant-time code - -* Mon Jun 3 2019 Tomáš Mráz 1.1.1c-3 -- add upstream patch to defer sending KeyUpdate after - pending writes are complete - -* Thu May 30 2019 Tomáš Mráz 1.1.1c-2 -- fix use of uninitialized memory - -* Wed May 29 2019 Tomáš Mráz 1.1.1c-1 -- update to the 1.1.1c release - -* Fri May 10 2019 Tomáš Mráz 1.1.1b-10 -- Another attempt at the AES-CCM regression fix - -* Fri May 10 2019 Tomáš Mráz 1.1.1b-9 -- Fix two small regressions -- Change the ts application default hash to SHA256 - -* Tue May 7 2019 Tomáš Mráz 1.1.1b-8 -- FIPS compliance fixes - -* Mon May 6 2019 Tomáš Mráz 1.1.1b-7 -- add S390x chacha20-poly1305 assembler support from master branch - -* Fri May 3 2019 Tomáš Mráz 1.1.1b-6 -- apply new bugfixes from upstream 1.1.1 branch - -* Tue Apr 16 2019 Tomáš Mráz 1.1.1b-5 -- fix for BIO_get_mem_ptr() regression in 1.1.1b (#1691853) - -* Wed Mar 27 2019 Tomáš Mráz 1.1.1b-4 -- drop unused BuildRequires and Requires in the -devel subpackage - -* Fri Mar 15 2019 Tomáš Mráz 1.1.1b-3 -- fix regression in EVP_PBE_scrypt() (#1688284) -- fix incorrect help message in ca app (#1553206) - -* Fri Mar 1 2019 Tomáš Mráz 1.1.1b-2 -- use .include = syntax in the config file to allow it - to be parsed by 1.0.2 version (#1668916) - -* Thu Feb 28 2019 Tomáš Mráz 1.1.1b-1 -- update to the 1.1.1b release -- EVP_KDF API backport from master -- SSH KDF implementation for EVP_KDF API backport from master - -* Fri Feb 01 2019 Fedora Release Engineering - 1:1.1.1a-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Tue Jan 15 2019 Tomáš Mráz 1.1.1a-1 -- update to the 1.1.1a release - -* Fri Nov 9 2018 Tomáš Mráz 1.1.1-7 -- use /dev/urandom for seeding the RNG in FIPS POST - -* Fri Oct 12 2018 Tomáš Mráz 1.1.1-6 -- fix SECLEVEL 3 support -- fix some issues found in Coverity scan - -* Thu Sep 27 2018 Charalampos Stratakis - 1:1.1.1-5 -- Correctly invoke sed for defining OPENSSL_NO_SSL3 - -* Thu Sep 27 2018 Tomáš Mráz 1.1.1-4 -- define OPENSSL_NO_SSL3 so the newly built dependencies do not - have access to SSL3 API calls anymore - -* Mon Sep 17 2018 Tomáš Mráz 1.1.1-3 -- reinstate accidentally dropped patch for weak ciphersuites - -* Fri Sep 14 2018 Tomáš Mráz 1.1.1-2 -- for consistent support of security policies we build - RC4 support in TLS (not default) and allow SHA1 in SECLEVEL 2 - -* Thu Sep 13 2018 Tomáš Mráz 1.1.1-1 -- update to the final 1.1.1 version - -* Thu Sep 6 2018 Tomáš Mráz 1.1.1-0.pre9.3 -- do not try to initialize RNG in cleanup if it was not initialized - before (#1624554) -- use only /dev/urandom if getrandom() is not available -- disable SM4 - -* Wed Aug 29 2018 Tomáš Mráz 1.1.1-0.pre9.2 -- fix dangling symlinks to manual pages -- make SSLv3_method work - -* Wed Aug 22 2018 Tomáš Mráz 1.1.1-0.pre9.1 -- update to the latest 1.1.1 beta version - -* Mon Aug 13 2018 Tomáš Mráz 1.1.1-0.pre8.4 -- bidirectional shutdown fixes from upstream - -* Mon Aug 13 2018 Tomáš Mráz 1.1.1-0.pre8.3 -- do not put error on stack when using fixed protocol version - with the default config (#1615098) - -* Fri Jul 27 2018 Tomáš Mráz 1.1.1-0.pre8.2 -- load crypto policy config file from the default config - -* Wed Jul 25 2018 Tomáš Mráz 1.1.1-0.pre8 -- update to the latest 1.1.1 beta version - -* Fri Jul 13 2018 Fedora Release Engineering - 1:1.1.0h-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Tue Jun 19 2018 Tomáš Mráz 1.1.0h-5 -- fix FIPS RSA key generation failure - -* Mon Jun 4 2018 Tomáš Mráz 1.1.0h-4 -- ppc64le is not multilib arch (#1584994) - -* Tue Apr 3 2018 Tomáš Mráz 1.1.0h-3 -- fix regression of c_rehash (#1562953) - -* Thu Mar 29 2018 Tomáš Mráz 1.1.0h-2 -- fix FIPS symbol versions - -* Thu Mar 29 2018 Tomáš Mráz 1.1.0h-1 -- update to upstream version 1.1.0h -- add Recommends for openssl-pkcs11 - -* Fri Feb 23 2018 Tomáš Mráz 1.1.0g-6 -- one more try to apply RPM_LD_FLAGS properly (#1541033) -- dropped unneeded starttls xmpp patch (#1417017) - -* Thu Feb 08 2018 Fedora Release Engineering - 1:1.1.0g-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Thu Feb 1 2018 Tomáš Mráz 1.1.0g-4 -- apply RPM_LD_FLAGS properly (#1541033) - -* Thu Jan 11 2018 Tomáš Mráz 1.1.0g-3 -- silence the .rnd write failure as that is auxiliary functionality (#1524833) - -* Thu Dec 14 2017 Tomáš Mráz 1.1.0g-2 -- put the Makefile.certificate in pkgdocdir and drop the requirement on make - -* Fri Nov 3 2017 Tomáš Mráz 1.1.0g-1 -- update to upstream version 1.1.0g - -* Thu Aug 03 2017 Fedora Release Engineering - 1:1.1.0f-9 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Thu Jul 27 2017 Fedora Release Engineering - 1:1.1.0f-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Mon Jul 17 2017 Tomáš Mráz 1:1.1.0f-7 -- make s_client and s_server work with -ssl3 option (#1471783) - -* Thu Jul 13 2017 Petr Pisar - 1:1.1.0f-6 -- perl dependency renamed to perl-interpreter - - -* Mon Jun 26 2017 Tomáš Mráz 1.1.0f-5 -- disable verification of all insecure hashes - -* Fri Jun 23 2017 Tomáš Mráz 1.1.0f-4 -- make DTLS work (#1462541) - -* Thu Jun 15 2017 Tomáš Mráz 1.1.0f-3 -- enable 3DES SSL ciphersuites, RC4 is kept disabled (#1453066) - -* Mon Jun 5 2017 Tomáš Mráz 1.1.0f-2 -- only release thread-local key if we created it (from upstream) (#1458775) - -* Fri Jun 2 2017 Tomáš Mráz 1.1.0f-1 -- update to upstream version 1.1.0f -- SRP and GOST is now allowed, note that GOST support requires - adding GOST engine which is not part of openssl anymore - -* Thu Feb 16 2017 Tomáš Mráz 1.1.0e-1 -- update to upstream version 1.1.0e -- add documentation of the PROFILE=SYSTEM special cipher string (#1420232) - -* Sat Feb 11 2017 Fedora Release Engineering - 1:1.1.0d-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Wed Feb 1 2017 Tomáš Mráz 1.1.0d-2 -- applied upstream fixes (fix regression in X509_CRL_digest) - -* Thu Jan 26 2017 Tomáš Mráz 1.1.0d-1 -- update to upstream version 1.1.0d - -* Thu Dec 22 2016 Tomáš Mráz 1.1.0c-5 -- preserve new line in fd BIO BIO_gets() as other BIOs do - -* Fri Dec 2 2016 Tomáš Mráz 1.1.0c-4 -- FIPS mode fixes for TLS - -* Wed Nov 30 2016 Tomáš Mráz 1.1.0c-3 -- revert SSL_read() behavior change - patch from upstream (#1394677) -- fix behavior on client certificate request in renegotiation (#1393579) - -* Tue Nov 22 2016 Tomáš Mráz 1.1.0c-2 -- EC curve NIST P-224 is now allowed, still kept disabled in TLS due - to less than optimal security - -* Fri Nov 11 2016 Tomáš Mráz 1.1.0c-1 -- update to upstream version 1.1.0c - -* Fri Nov 4 2016 Tomáš Mráz 1.1.0b-4 -- use a random seed if the supplied one did not generate valid - parameters in dsa_builtin_paramgen2() - -* Wed Oct 12 2016 Tomáš Mráz 1.1.0b-3 -- do not break contract on return value when using dsa_builtin_paramgen2() - -* Wed Oct 12 2016 Tomáš Mráz 1.1.0b-2 -- fix afalg failure on big endian - -* Tue Oct 11 2016 Tomáš Mráz 1.1.0b-1 -- update to upstream version 1.1.0b - -* Fri Oct 07 2016 Richard W.M. Jones - 1:1.0.2j-2 -- Add flags for riscv64. - -* Mon Sep 26 2016 Tomáš Mráz 1.0.2j-1 -- minor upstream release 1.0.2j fixing regression from previous release - -* Sat Sep 24 2016 David Woodhouse 1.0.2i-2 -- Fix enginesdir in libcrypto.c (#1375361) - -* Thu Sep 22 2016 Tomáš Mráz 1.0.2i-1 -- minor upstream release 1.0.2i fixing security issues -- move man pages for perl based scripts to perl subpackage (#1377617) - -* Wed Aug 10 2016 Tomáš Mráz 1.0.2h-3 -- fix regression in Cisco AnyConnect VPN support (#1354588) - -* Mon Jun 27 2016 Tomáš Mráz 1.0.2h-2 -- require libcrypto in libssl.pc (#1301301) - -* Tue May 3 2016 Tomáš Mráz 1.0.2h-1 -- minor upstream release 1.0.2h fixing security issues - -* Tue Mar 29 2016 Tomáš Mráz 1.0.2g-4 -- disable SSLv2 support altogether (without ABI break) - -* Mon Mar 7 2016 Tom Callaway - 1.0.2g-3 -- enable RC5 - -* Wed Mar 2 2016 Tomáš Mráz 1.0.2g-2 -- reenable SSL2 in the build to avoid ABI break (it does not - make the openssl vulnerable to DROWN attack) - -* Tue Mar 1 2016 Tomáš Mráz 1.0.2g-1 -- minor upstream release 1.0.2g fixing security issues - -* Thu Feb 04 2016 Fedora Release Engineering - 1:1.0.2f-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Thu Jan 28 2016 Tomáš Mráz 1.0.2f-1 -- minor upstream release 1.0.2f fixing security issues -- add support for MIPS secondary architecture - -* Fri Jan 15 2016 Tomáš Mráz 1.0.2e-5 -- document some options of openssl speed command - -* Fri Dec 18 2015 Tomáš Mráz 1.0.2e-4 -- enable sctp support in DTLS - -* Tue Dec 8 2015 Tomáš Mráz 1.0.2e-3 -- remove unimplemented EC method from header (#1289599) - -* Mon Dec 7 2015 Tomáš Mráz 1.0.2e-2 -- the fast nistp implementation works only on little endian architectures - -* Fri Dec 4 2015 Tomáš Mráz 1.0.2e-1 -- minor upstream release 1.0.2e fixing moderate severity security issues -- enable fast assembler implementation for NIST P-256 and P-521 - elliptic curves (#1164210) -- filter out unwanted link options from the .pc files (#1257836) -- do not set serial to 0 in Makefile.certificate (#1135719) - -* Mon Nov 16 2015 Tomáš Mráz 1.0.2d-3 -- fix sigill on some AMD CPUs (#1278194) - -* Wed Aug 12 2015 Tom Callaway 1.0.2d-2 -- re-enable secp256k1 (bz1021898) - -* Thu Jul 9 2015 Tomáš Mráz 1.0.2d-1 -- minor upstream release 1.0.2d fixing a high severity security issue - -* Tue Jul 7 2015 Tomáš Mráz 1.0.2c-3 -- fix the aarch64 build - -* Thu Jun 18 2015 Fedora Release Engineering - 1:1.0.2c-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Mon Jun 15 2015 Tomáš Mráz 1.0.2c-1 -- minor upstream release 1.0.2c fixing multiple security issues - -* Thu May 7 2015 Peter Robinson 1.0.2a-4 -- Add aarch64 sslarch details - -* Thu May 7 2015 Tomáš Mráz 1.0.2a-3 -- fix some 64 bit build targets - -* Tue Apr 28 2015 Tomáš Mráz 1.0.2a-2 -- add alternative certificate chain discovery support from upstream - -* Thu Apr 23 2015 Tomáš Mráz 1.0.2a-1 -- rebase to 1.0.2 branch - -* Thu Apr 9 2015 Tomáš Mráz 1.0.1k-7 -- drop the AES-GCM restriction of 2^32 operations because the IV is - always 96 bits (32 bit fixed field + 64 bit invocation field) - -* Thu Mar 19 2015 Tomáš Mráz 1.0.1k-6 -- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey() -- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison -- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption -- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data -- fix CVE-2015-0293 - triggerable assert in SSLv2 server - -* Mon Mar 16 2015 Tomáš Mráz 1.0.1k-5 -- fix bug in the CRYPTO_128_unwrap() - -* Fri Feb 27 2015 Tomáš Mráz 1.0.1k-4 -- fix bug in the RFC 5649 support (#1185878) - -* Sat Feb 21 2015 Till Maas - 1:1.0.1k-3 -- Rebuilt for Fedora 23 Change - https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code - -* Thu Jan 15 2015 Tomáš Mráz 1.0.1k-2 -- test in the non-FIPS RSA keygen for minimal distance of p and q - similarly to the FIPS RSA keygen - -* Fri Jan 9 2015 Tomáš Mráz 1.0.1k-1 -- new upstream release fixing multiple security issues - -* Thu Nov 20 2014 Tomáš Mráz 1.0.1j-3 -- disable SSLv3 by default again (mail servers and possibly - LDAP servers should probably allow it explicitly for legacy - clients) - -* Tue Oct 21 2014 Tomáš Mráz 1.0.1j-2 -- update the FIPS RSA keygen to be FIPS 186-4 compliant - -* Thu Oct 16 2014 Tomáš Mráz 1.0.1j-1 -- new upstream release fixing multiple security issues - -* Fri Oct 10 2014 Tomáš Mráz 1.0.1i-5 -- copy negotiated digests when switching certs by SNI (#1150032) - -* Mon Sep 8 2014 Tomáš Mráz 1.0.1i-4 -- add support for RFC 5649 - -* Sun Aug 17 2014 Fedora Release Engineering - 1:1.0.1i-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Wed Aug 13 2014 Tomáš Mráz 1.0.1i-2 -- drop RSA X9.31 from RSA FIPS selftests -- add Power 8 optimalizations - -* Thu Aug 7 2014 Tomáš Mráz 1.0.1i-1 -- new upstream release fixing multiple moderate security issues -- for now disable only SSLv2 by default - -* Fri Jul 18 2014 Tom Callaway 1.0.1h-6 -- fix license handling - -* Mon Jun 30 2014 Tomáš Mráz 1.0.1h-5 -- disable SSLv2 and SSLv3 protocols by default (can be enabled - via appropriate SSL_CTX_clear_options() call) - -* Wed Jun 11 2014 Tomáš Mráz 1.0.1h-4 -- use system profile for default cipher list - -* Tue Jun 10 2014 Tomáš Mráz 1.0.1h-3 -- make FIPS mode keygen bit length restriction enforced only when - OPENSSL_ENFORCE_MODULUS_BITS is set -- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support - -* Sat Jun 07 2014 Fedora Release Engineering - 1:1.0.1h-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Thu Jun 5 2014 Tomáš Mráz 1.0.1h-1 -- new upstream release 1.0.1h - -* Sat May 31 2014 Peter Robinson 1.0.1g-2 -- Drop obsolete and irrelevant docs -- Move devel docs to appropriate package - -* Wed May 7 2014 Tomáš Mráz 1.0.1g-1 -- new upstream release 1.0.1g -- do not include ECC ciphersuites in SSLv2 client hello (#1090952) -- fail on hmac integrity check if the .hmac file is empty - -* Mon Apr 07 2014 Dennis Gilmore - 1.0.1e-44 -- pull in upstream patch for CVE-2014-0160 -- removed CHANGES file portion from patch for expediency - -* Thu Apr 3 2014 Tomáš Mráz 1.0.1e-43 -- add support for ppc64le architecture (#1072633) - -* Mon Mar 17 2014 Tomáš Mráz 1.0.1e-42 -- properly detect encryption failure in BIO -- use 2048 bit RSA key in FIPS selftests - -* Fri Feb 14 2014 Tomáš Mráz 1.0.1e-41 -- use the key length from configuration file if req -newkey rsa is invoked - -* Thu Feb 13 2014 Tomáš Mráz 1.0.1e-40 -- print ephemeral key size negotiated in TLS handshake (#1057715) -- add DH_compute_key_padded needed for FIPS CAVS testing - -* Thu Feb 6 2014 Tomáš Mráz 1.0.1e-39 -- make expiration and key length changeable by DAYS and KEYLEN - variables in the certificate Makefile (#1058108) -- change default hash to sha256 (#1062325) - -* Wed Jan 22 2014 Tomáš Mráz 1.0.1e-38 -- make 3des strength to be 128 bits instead of 168 (#1056616) - -* Tue Jan 7 2014 Tomáš Mráz 1.0.1e-37 -- fix CVE-2013-4353 - Invalid TLS handshake crash -- fix CVE-2013-6450 - possible MiTM attack on DTLS1 - -* Fri Dec 20 2013 Tomáš Mráz 1.0.1e-36 -- fix CVE-2013-6449 - crash when version in SSL structure is incorrect -- more FIPS validation requirement changes - -* Wed Dec 18 2013 Tomáš Mráz 1.0.1e-35 -- drop weak ciphers from the default TLS ciphersuite list -- add back some symbols that were dropped with update to 1.0.1 branch -- more FIPS validation requirement changes - -* Tue Nov 19 2013 Tomáš Mráz 1.0.1e-34 -- fix locking and reseeding problems with FIPS drbg - -* Fri Nov 15 2013 Tomáš Mráz 1.0.1e-33 -- additional changes required for FIPS validation - -* Wed Nov 13 2013 Tomáš Mráz 1.0.1e-32 -- disable verification of certificate, CRL, and OCSP signatures - using MD5 if OPENSSL_ENABLE_MD5_VERIFY environment variable - is not set - -* Fri Nov 8 2013 Tomáš Mráz 1.0.1e-31 -- add back support for secp521r1 EC curve -- add aarch64 to Configure (#969692) - -* Tue Oct 29 2013 Tomáš Mráz 1.0.1e-30 -- fix misdetection of RDRAND support on Cyrix CPUS (from upstream) (#1022346) - -* Thu Oct 24 2013 Tomáš Mráz 1.0.1e-29 -- do not advertise ECC curves we do not support (#1022493) - -* Wed Oct 16 2013 Tomáš Mráz 1.0.1e-28 -- only ECC NIST Suite B curves support -- drop -fips subpackage - -* Mon Oct 14 2013 Tom Callaway - 1.0.1e-27 -- resolve bugzilla 319901 (phew! only took 6 years & 9 days) - -* Fri Sep 27 2013 Tomáš Mráz 1.0.1e-26 -- make DTLS1 work in FIPS mode -- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode - -* Mon Sep 23 2013 Tomáš Mráz 1.0.1e-25 -- avoid dlopening libssl.so from libcrypto (#1010357) - -* Fri Sep 20 2013 Tomáš Mráz 1.0.1e-24 -- fix small memory leak in FIPS aes selftest - -* Thu Sep 19 2013 Tomáš Mráz 1.0.1e-23 -- fix segfault in openssl speed hmac in the FIPS mode - -* Thu Sep 12 2013 Tomáš Mráz 1.0.1e-22 -- document the nextprotoneg option in manual pages - original patch by Hubert Kario - -* Tue Sep 10 2013 Kyle McMartin 1.0.1e-21 -- [arm] use elf auxv to figure out armcap.c instead of playing silly - games with SIGILL handlers. (#1006474) - -* Wed Sep 4 2013 Tomas Mraz 1.0.1e-20 -- try to avoid some races when updating the -fips subpackage - -* Mon Sep 2 2013 Tomas Mraz 1.0.1e-19 -- use version-release in .hmac suffix to avoid overwrite - during upgrade - -* Thu Aug 29 2013 Tomas Mraz 1.0.1e-18 -- allow deinitialization of the FIPS mode - -* Thu Aug 29 2013 Tomas Mraz 1.0.1e-17 -- always perform the FIPS selftests in library constructor - if FIPS module is installed - -* Tue Aug 27 2013 Tomas Mraz 1.0.1e-16 -- add -fips subpackage that contains the FIPS module files - -* Fri Aug 16 2013 Tomas Mraz 1.0.1e-15 -- fix use of rdrand if available -- more commits cherry picked from upstream -- documentation fixes - -* Sat Aug 03 2013 Petr Pisar - 1:1.0.1e-14 -- Perl 5.18 rebuild - -* Fri Jul 26 2013 Tomas Mraz 1.0.1e-13 -- additional manual page fix -- use symbol versioning also for the textual version - -* Thu Jul 25 2013 Tomas Mraz 1.0.1e-12 -- additional manual page fixes - -* Fri Jul 19 2013 Tomas Mraz 1.0.1e-11 -- use _prefix macro - -* Wed Jul 17 2013 Petr Pisar - 1:1.0.1e-10 -- Perl 5.18 rebuild - -* Thu Jul 11 2013 Tomas Mraz 1.0.1e-9 -- add openssl.cnf.5 manpage symlink to config.5 - -* Wed Jul 10 2013 Tomas Mraz 1.0.1e-8 -- add relro linking flag - -* Wed Jul 10 2013 Tomas Mraz 1.0.1e-7 -- add support for the -trusted_first option for certificate chain verification - -* Fri May 3 2013 Tomas Mraz 1.0.1e-6 -- fix build of manual pages with current pod2man (#959439) - -* Sun Apr 21 2013 Peter Robinson 1.0.1e-5 -- Enable ARM optimised build - -* Mon Mar 18 2013 Tomas Mraz 1.0.1e-4 -- fix random bad record mac errors (#918981) - -* Tue Feb 19 2013 Tomas Mraz 1.0.1e-3 -- fix up the SHLIB_VERSION_NUMBER - -* Tue Feb 19 2013 Tomas Mraz 1.0.1e-2 -- disable ZLIB loading by default (due to CRIME attack) - -* Tue Feb 19 2013 Tomas Mraz 1.0.1e-1 -- new upstream version - -* Wed Jan 30 2013 Tomas Mraz 1.0.1c-12 -- more fixes from upstream -- fix errors in manual causing build failure (#904777) - -* Fri Dec 21 2012 Tomas Mraz 1.0.1c-11 -- add script for renewal of a self-signed cert by Philip Prindeville (#871566) -- allow X509_issuer_and_serial_hash() produce correct result in - the FIPS mode (#881336) - -* Thu Dec 6 2012 Tomas Mraz 1.0.1c-10 -- do not load default verify paths if CApath or CAfile specified (#884305) - -* Tue Nov 20 2012 Tomas Mraz 1.0.1c-9 -- more fixes from upstream CVS -- fix DSA key pairwise check (#878597) - -* Thu Nov 15 2012 Tomas Mraz 1.0.1c-8 -- use 1024 bit DH parameters in s_server as 512 bit is not allowed - in FIPS mode and it is quite weak anyway - -* Mon Sep 10 2012 Tomas Mraz 1.0.1c-7 -- add missing initialization of str in aes_ccm_init_key (#853963) -- add important patches from upstream CVS -- use the secure_getenv() with new glibc - -* Fri Jul 20 2012 Fedora Release Engineering - 1:1.0.1c-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Fri Jul 13 2012 Tomas Mraz 1.0.1c-5 -- use __getenv_secure() instead of __libc_enable_secure - -* Fri Jul 13 2012 Tomas Mraz 1.0.1c-4 -- do not move libcrypto to /lib -- do not use environment variables if __libc_enable_secure is on -- fix strict aliasing problems in modes - -* Thu Jul 12 2012 Tomas Mraz 1.0.1c-3 -- fix DSA key generation in FIPS mode (#833866) -- allow duplicate FIPS_mode_set(1) -- enable build on ppc64 subarch (#834652) - -* Wed Jul 11 2012 Tomas Mraz 1.0.1c-2 -- fix s_server with new glibc when no global IPv6 address (#839031) -- make it build with new Perl - -* Tue May 15 2012 Tomas Mraz 1.0.1c-1 -- new upstream version - -* Thu Apr 26 2012 Tomas Mraz 1.0.1b-1 -- new upstream version - -* Fri Apr 20 2012 Tomas Mraz 1.0.1a-1 -- new upstream version fixing CVE-2012-2110 - -* Wed Apr 11 2012 Tomas Mraz 1.0.1-3 -- add Kerberos 5 libraries to pkgconfig for static linking (#807050) - -* Thu Apr 5 2012 Tomas Mraz 1.0.1-2 -- backports from upstream CVS -- fix segfault when /dev/urandom is not available (#809586) - -* Wed Mar 14 2012 Tomas Mraz 1.0.1-1 -- new upstream release - -* Mon Mar 5 2012 Tomas Mraz 1.0.1-0.3.beta3 -- add obsoletes to assist multilib updates (#799636) - -* Wed Feb 29 2012 Tomas Mraz 1.0.1-0.2.beta3 -- epoch bumped to 1 due to revert to 1.0.0g on Fedora 17 -- new upstream release from the 1.0.1 branch -- fix s390x build (#798411) -- versioning for the SSLeay symbol (#794950) -- add -DPURIFY to build flags (#797323) -- filter engine provides -- split the libraries to a separate -libs package -- add make to requires on the base package (#783446) - -* Tue Feb 7 2012 Tomas Mraz 1.0.1-0.1.beta2 -- new upstream release from the 1.0.1 branch, ABI compatible -- add documentation for the -no_ign_eof option - -* Thu Jan 19 2012 Tomas Mraz 1.0.0g-1 -- new upstream release fixing CVE-2012-0050 - DoS regression in - DTLS support introduced by the previous release (#782795) - -* Thu Jan 5 2012 Tomas Mraz 1.0.0f-1 -- new upstream release fixing multiple CVEs - -* Tue Nov 22 2011 Tomas Mraz 1.0.0e-4 -- move the libraries needed for static linking to Libs.private - -* Thu Nov 3 2011 Tomas Mraz 1.0.0e-3 -- do not use AVX instructions when osxsave bit not set -- add direct known answer tests for SHA2 algorithms - -* Wed Sep 21 2011 Tomas Mraz 1.0.0e-2 -- fix missing initialization of variable in CHIL engine - -* Wed Sep 7 2011 Tomas Mraz 1.0.0e-1 -- new upstream release fixing CVE-2011-3207 (#736088) - -* Wed Aug 24 2011 Tomas Mraz 1.0.0d-8 -- drop the separate engine for Intel acceleration improvements - and merge in the AES-NI, SHA1, and RC4 optimizations -- add support for OPENSSL_DISABLE_AES_NI environment variable - that disables the AES-NI support - -* Tue Jul 26 2011 Tomas Mraz 1.0.0d-7 -- correct openssl cms help output (#636266) -- more tolerant starttls detection in XMPP protocol (#608239) - -* Wed Jul 20 2011 Tomas Mraz 1.0.0d-6 -- add support for newest Intel acceleration improvements backported - from upstream by Intel in form of a separate engine - -* Thu Jun 9 2011 Tomas Mraz 1.0.0d-5 -- allow the AES-NI engine in the FIPS mode - -* Tue May 24 2011 Tomas Mraz 1.0.0d-4 -- add API necessary for CAVS testing of the new DSA parameter generation - -* Thu Apr 28 2011 Tomas Mraz 1.0.0d-3 -- add support for VIA Padlock on 64bit arch from upstream (#617539) -- do not return bogus values from load_certs (#652286) - -* Tue Apr 5 2011 Tomas Mraz 1.0.0d-2 -- clarify apps help texts for available digest algorithms (#693858) - -* Thu Feb 10 2011 Tomas Mraz 1.0.0d-1 -- new upstream release fixing CVE-2011-0014 (OCSP stapling vulnerability) - -* Tue Feb 08 2011 Fedora Release Engineering - 1.0.0c-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Fri Feb 4 2011 Tomas Mraz 1.0.0c-3 -- add -x931 parameter to openssl genrsa command to use the ANSI X9.31 - key generation method -- use FIPS-186-3 method for DSA parameter generation -- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable - to allow using MD5 when the system is in the maintenance state - even if the /proc fips flag is on -- make openssl pkcs12 command work by default in the FIPS mode - -* Mon Jan 24 2011 Tomas Mraz 1.0.0c-2 -- listen on ipv6 wildcard in s_server so we accept connections - from both ipv4 and ipv6 (#601612) -- fix openssl speed command so it can be used in the FIPS mode - with FIPS allowed ciphers - -* Fri Dec 3 2010 Tomas Mraz 1.0.0c-1 -- new upstream version fixing CVE-2010-4180 - -* Tue Nov 23 2010 Tomas Mraz 1.0.0b-3 -- replace the revert for the s390x bignum asm routines with - fix from upstream - -* Mon Nov 22 2010 Tomas Mraz 1.0.0b-2 -- revert upstream change in s390x bignum asm routines - -* Tue Nov 16 2010 Tomas Mraz 1.0.0b-1 -- new upstream version fixing CVE-2010-3864 (#649304) - -* Tue Sep 7 2010 Tomas Mraz 1.0.0a-3 -- make SHLIB_VERSION reflect the library suffix - -* Wed Jun 30 2010 Tomas Mraz 1.0.0a-2 -- openssl man page fix (#609484) - -* Fri Jun 4 2010 Tomas Mraz 1.0.0a-1 -- new upstream patch release, fixes CVE-2010-0742 (#598738) - and CVE-2010-1633 (#598732) - -* Wed May 19 2010 Tomas Mraz 1.0.0-5 -- pkgconfig files now contain the correct libdir (#593723) - -* Tue May 18 2010 Tomas Mraz 1.0.0-4 -- make CA dir readable - the private keys are in private subdir (#584810) - -* Fri Apr 9 2010 Tomas Mraz 1.0.0-3 -- a few fixes from upstream CVS -- move libcrypto to /lib (#559953) - -* Tue Apr 6 2010 Tomas Mraz 1.0.0-2 -- set UTC timezone on pod2man run (#578842) -- make X509_NAME_hash_old work in FIPS mode - -* Tue Mar 30 2010 Tomas Mraz 1.0.0-1 -- update to final 1.0.0 upstream release - -* Tue Feb 16 2010 Tomas Mraz 1.0.0-0.22.beta5 -- make TLS work in the FIPS mode - -* Fri Feb 12 2010 Tomas Mraz 1.0.0-0.21.beta5 -- gracefully handle zero length in assembler implementations of - OPENSSL_cleanse (#564029) -- do not fail in s_server if client hostname not resolvable (#561260) - -* Wed Jan 20 2010 Tomas Mraz 1.0.0-0.20.beta5 -- new upstream release - -* Thu Jan 14 2010 Tomas Mraz 1.0.0-0.19.beta4 -- fix CVE-2009-4355 - leak in applications incorrectly calling - CRYPTO_free_all_ex_data() before application exit (#546707) -- upstream fix for future TLS protocol version handling - -* Wed Jan 13 2010 Tomas Mraz 1.0.0-0.18.beta4 -- add support for Intel AES-NI - -* Thu Jan 7 2010 Tomas Mraz 1.0.0-0.17.beta4 -- upstream fix compression handling on session resumption -- various null checks and other small fixes from upstream -- upstream changes for the renegotiation info according to the latest draft - -* Mon Nov 23 2009 Tomas Mraz 1.0.0-0.16.beta4 -- fix non-fips mingw build (patch by Kalev Lember) -- add IPV6 fix for DTLS - -* Fri Nov 20 2009 Tomas Mraz 1.0.0-0.15.beta4 -- add better error reporting for the unsafe renegotiation - -* Fri Nov 20 2009 Tomas Mraz 1.0.0-0.14.beta4 -- fix build on s390x - -* Wed Nov 18 2009 Tomas Mraz 1.0.0-0.13.beta4 -- disable enforcement of the renegotiation extension on the client (#537962) -- add fixes from the current upstream snapshot - -* Fri Nov 13 2009 Tomas Mraz 1.0.0-0.12.beta4 -- keep the beta status in version number at 3 so we do not have to rebuild - openssh and possibly other dependencies with too strict version check - -* Thu Nov 12 2009 Tomas Mraz 1.0.0-0.11.beta4 -- update to new upstream version, no soname bump needed -- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used - so the compatibility with unfixed clients is not broken. The - protocol extension is also not final. - -* Fri Oct 16 2009 Tomas Mraz 1.0.0-0.10.beta3 -- fix use of freed memory if SSL_CTX_free() is called before - SSL_free() (#521342) - -* Thu Oct 8 2009 Tomas Mraz 1.0.0-0.9.beta3 -- fix typo in DTLS1 code (#527015) -- fix leak in error handling of d2i_SSL_SESSION() - -* Wed Sep 30 2009 Tomas Mraz 1.0.0-0.8.beta3 -- fix RSA and DSA FIPS selftests -- reenable fixed x86_64 camellia assembler code (#521127) - -* Fri Sep 4 2009 Tomas Mraz 1.0.0-0.7.beta3 -- temporarily disable x86_64 camellia assembler code (#521127) - -* Mon Aug 31 2009 Tomas Mraz 1.0.0-0.6.beta3 -- fix openssl dgst -dss1 (#520152) - -* Wed Aug 26 2009 Tomas Mraz 1.0.0-0.5.beta3 -- drop the compat symlink hacks - -* Sat Aug 22 2009 Tomas Mraz 1.0.0-0.4.beta3 -- constify SSL_CIPHER_description() - -* Fri Aug 21 2009 Tomas Mraz 1.0.0-0.3.beta3 -- fix WWW:Curl:Easy reference in tsget - -* Fri Aug 21 2009 Tomas Mraz 1.0.0-0.2.beta3 -- enable MD-2 - -* Thu Aug 20 2009 Tomas Mraz 1.0.0-0.1.beta3 -- update to new major upstream release - -* Sat Jul 25 2009 Fedora Release Engineering - 0.9.8k-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Wed Jul 22 2009 Bill Nottingham -- do not build special 'optimized' versions for i686, as that's the base - arch in Fedora now - -* Tue Jun 30 2009 Tomas Mraz 0.9.8k-6 -- abort if selftests failed and random number generator is polled -- mention EVP_aes and EVP_sha2xx routines in the manpages -- add README.FIPS -- make CA dir absolute path (#445344) -- change default length for RSA key generation to 2048 (#484101) - -* Thu May 21 2009 Tomas Mraz 0.9.8k-5 -- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 - (DTLS DoS problems) (#501253, #501254, #501572) - -* Tue Apr 21 2009 Tomas Mraz 0.9.8k-4 -- support compatibility DTLS mode for CISCO AnyConnect (#464629) - -* Fri Apr 17 2009 Tomas Mraz 0.9.8k-3 -- correct the SHLIB_VERSION define - -* Wed Apr 15 2009 Tomas Mraz 0.9.8k-2 -- add support for multiple CRLs with same subject -- load only dynamic engine support in FIPS mode - -* Wed Mar 25 2009 Tomas Mraz 0.9.8k-1 -- update to new upstream release (minor bug fixes, security - fixes and machine code optimizations only) - -* Thu Mar 19 2009 Tomas Mraz 0.9.8j-10 -- move libraries to /usr/lib (#239375) - -* Fri Mar 13 2009 Tomas Mraz 0.9.8j-9 -- add a static subpackage - -* Thu Feb 26 2009 Fedora Release Engineering - 0.9.8j-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Mon Feb 2 2009 Tomas Mraz 0.9.8j-7 -- must also verify checksum of libssl.so in the FIPS mode -- obtain the seed for FIPS rng directly from the kernel device -- drop the temporary symlinks - -* Mon Jan 26 2009 Tomas Mraz 0.9.8j-6 -- drop the temporary triggerpostun and symlinking in post -- fix the pkgconfig files and drop the unnecessary buildrequires - on pkgconfig as it is a rpmbuild dependency (#481419) - -* Sat Jan 17 2009 Tomas Mraz 0.9.8j-5 -- add temporary triggerpostun to reinstate the symlinks - -* Sat Jan 17 2009 Tomas Mraz 0.9.8j-4 -- no pairwise key tests in non-fips mode (#479817) - -* Fri Jan 16 2009 Tomas Mraz 0.9.8j-3 -- even more robust test for the temporary symlinks - -* Fri Jan 16 2009 Tomas Mraz 0.9.8j-2 -- try to ensure the temporary symlinks exist - -* Thu Jan 15 2009 Tomas Mraz 0.9.8j-1 -- new upstream version with necessary soname bump (#455753) -- temporarily provide symlink to old soname to make it possible to rebuild - the dependent packages in rawhide -- add eap-fast support (#428181) -- add possibility to disable zlib by setting -- add fips mode support for testing purposes -- do not null dereference on some invalid smime files -- add buildrequires pkgconfig (#479493) - -* Sun Aug 10 2008 Tomas Mraz 0.9.8g-11 -- do not add tls extensions to server hello for SSLv3 either - -* Mon Jun 2 2008 Joe Orton 0.9.8g-10 -- move root CA bundle to ca-certificates package - -* Wed May 28 2008 Tomas Mraz 0.9.8g-9 -- fix CVE-2008-0891 - server name extension crash (#448492) -- fix CVE-2008-1672 - server key exchange message omit crash (#448495) - -* Tue May 27 2008 Tomas Mraz 0.9.8g-8 -- super-H arch support -- drop workaround for bug 199604 as it should be fixed in gcc-4.3 - -* Mon May 19 2008 Tom "spot" Callaway 0.9.8g-7 -- sparc handling - -* Mon Mar 10 2008 Joe Orton 0.9.8g-6 -- update to new root CA bundle from mozilla.org (r1.45) - -* Wed Feb 20 2008 Fedora Release Engineering - 0.9.8g-5 -- Autorebuild for GCC 4.3 - -* Thu Jan 24 2008 Tomas Mraz 0.9.8g-4 -- merge review fixes (#226220) -- adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846) - -* Thu Dec 13 2007 Tomas Mraz 0.9.8g-3 -- set default paths when no explicit paths are set (#418771) -- do not add tls extensions to client hello for SSLv3 (#422081) - -* Tue Dec 4 2007 Tomas Mraz 0.9.8g-2 -- enable some new crypto algorithms and features -- add some more important bug fixes from openssl CVS - -* Mon Dec 3 2007 Tomas Mraz 0.9.8g-1 -- update to latest upstream release, SONAME bumped to 7 - -* Mon Oct 15 2007 Joe Orton 0.9.8b-17 -- update to new CA bundle from mozilla.org - -* Fri Oct 12 2007 Tomas Mraz 0.9.8b-16 -- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801) -- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191) -- add alpha sub-archs (#296031) - -* Tue Aug 21 2007 Tomas Mraz 0.9.8b-15 -- rebuild - -* Fri Aug 3 2007 Tomas Mraz 0.9.8b-14 -- use localhost in testsuite, hopefully fixes slow build in koji -- CVE-2007-3108 - fix side channel attack on private keys (#250577) -- make ssl session cache id matching strict (#233599) - -* Wed Jul 25 2007 Tomas Mraz 0.9.8b-13 -- allow building on ARM architectures (#245417) -- use reference timestamps to prevent multilib conflicts (#218064) -- -devel package must require pkgconfig (#241031) - -* Mon Dec 11 2006 Tomas Mraz 0.9.8b-12 -- detect duplicates in add_dir properly (#206346) - -* Thu Nov 30 2006 Tomas Mraz 0.9.8b-11 -- the previous change still didn't make X509_NAME_cmp transitive - -* Thu Nov 23 2006 Tomas Mraz 0.9.8b-10 -- make X509_NAME_cmp transitive otherwise certificate lookup - is broken (#216050) - -* Thu Nov 2 2006 Tomas Mraz 0.9.8b-9 -- aliasing bug in engine loading, patch by IBM (#213216) - -* Mon Oct 2 2006 Tomas Mraz 0.9.8b-8 -- CVE-2006-2940 fix was incorrect (#208744) - -* Mon Sep 25 2006 Tomas Mraz 0.9.8b-7 -- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276) -- fix CVE-2006-2940 - parasitic public keys DoS (#207274) -- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940) -- fix CVE-2006-4343 - sslv2 client DoS (#206940) - -* Tue Sep 5 2006 Tomas Mraz 0.9.8b-6 -- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180) - -* Wed Aug 2 2006 Tomas Mraz - 0.9.8b-5 -- set buffering to none on stdio/stdout FILE when bufsize is set (#200580) - patch by IBM - -* Fri Jul 28 2006 Alexandre Oliva - 0.9.8b-4.1 -- rebuild with new binutils (#200330) - -* Fri Jul 21 2006 Tomas Mraz - 0.9.8b-4 -- add a temporary workaround for sha512 test failure on s390 (#199604) - -* Thu Jul 20 2006 Tomas Mraz -- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737) -- add patches for BN threadsafety, AES cache collision attack hazard fix and - pkcs7 code memleak fix from upstream CVS - -* Wed Jul 12 2006 Jesse Keating - 0.9.8b-3.1 -- rebuild - -* Wed Jun 21 2006 Tomas Mraz - 0.9.8b-3 -- dropped libica and ica engine from build - -* Wed Jun 21 2006 Joe Orton -- update to new CA bundle from mozilla.org; adds CA certificates - from netlock.hu and startcom.org - -* Mon Jun 5 2006 Tomas Mraz - 0.9.8b-2 -- fixed a few rpmlint warnings -- better fix for #173399 from upstream -- upstream fix for pkcs12 - -* Thu May 11 2006 Tomas Mraz - 0.9.8b-1 -- upgrade to new version, stays ABI compatible -- there is no more linux/config.h (it was empty anyway) - -* Tue Apr 4 2006 Tomas Mraz - 0.9.8a-6 -- fix stale open handles in libica (#177155) -- fix build if 'rand' or 'passwd' in buildroot path (#178782) -- initialize VIA Padlock engine (#186857) - -* Fri Feb 10 2006 Jesse Keating - 0.9.8a-5.2 -- bump again for double-long bug on ppc(64) - -* Tue Feb 07 2006 Jesse Keating - 0.9.8a-5.1 -- rebuilt for new gcc4.1 snapshot and glibc changes - -* Thu Dec 15 2005 Tomas Mraz 0.9.8a-5 -- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - in SSL_OP_ALL (#175779) - -* Fri Dec 09 2005 Jesse Keating -- rebuilt - -* Tue Nov 29 2005 Tomas Mraz 0.9.8a-4 -- fix build (-lcrypto was erroneusly dropped) of the updated libica -- updated ICA engine to 1.3.6-rc3 - -* Tue Nov 22 2005 Tomas Mraz 0.9.8a-3 -- disable builtin compression methods for now until they work - properly (#173399) - -* Wed Nov 16 2005 Tomas Mraz 0.9.8a-2 -- don't set -rpath for openssl binary - -* Tue Nov 8 2005 Tomas Mraz 0.9.8a-1 -- new upstream version -- patches partially renumbered - -* Fri Oct 21 2005 Tomas Mraz 0.9.7f-11 -- updated IBM ICA engine library and patch to latest upstream version - -* Wed Oct 12 2005 Tomas Mraz 0.9.7f-10 -- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which - disables the countermeasure against man in the middle attack in SSLv2 - (#169863) -- use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803) - -* Tue Aug 23 2005 Tomas Mraz 0.9.7f-9 -- add *.so.soversion as symlinks in /lib (#165264) -- remove unpackaged symlinks (#159595) -- fixes from upstream (constant time fixes for DSA, - bn assembler div on ppc arch, initialize memory on realloc) - -* Thu Aug 11 2005 Phil Knirsch 0.9.7f-8 -- Updated ICA engine IBM patch to latest upstream version. - -* Thu May 19 2005 Tomas Mraz 0.9.7f-7 -- fix CAN-2005-0109 - use constant time/memory access mod_exp - so bits of private key aren't leaked by cache eviction (#157631) -- a few more fixes from upstream 0.9.7g - -* Wed Apr 27 2005 Tomas Mraz 0.9.7f-6 -- use poll instead of select in rand (#128285) -- fix Makefile.certificate to point to /etc/pki/tls -- change the default string mask in ASN1 to PrintableString+UTF8String - -* Mon Apr 25 2005 Joe Orton 0.9.7f-5 -- update to revision 1.37 of Mozilla CA bundle - -* Thu Apr 21 2005 Tomas Mraz 0.9.7f-4 -- move certificates to _sysconfdir/pki/tls (#143392) -- move CA directories to _sysconfdir/pki/CA -- patch the CA script and the default config so it points to the - CA directories - -* Fri Apr 1 2005 Tomas Mraz 0.9.7f-3 -- uninitialized variable mustn't be used as input in inline - assembly -- reenable the x86_64 assembly again - -* Thu Mar 31 2005 Tomas Mraz 0.9.7f-2 -- add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken -- disable broken bignum assembly on x86_64 - -* Wed Mar 30 2005 Tomas Mraz 0.9.7f-1 -- reenable optimizations on ppc64 and assembly code on ia64 -- upgrade to new upstream version (no soname bump needed) -- disable thread test - it was testing the backport of the - RSA blinding - no longer needed -- added support for changing serial number to - Makefile.certificate (#151188) -- make ca-bundle.crt a config file (#118903) - -* Tue Mar 1 2005 Tomas Mraz 0.9.7e-3 -- libcrypto shouldn't depend on libkrb5 (#135961) - -* Mon Feb 28 2005 Tomas Mraz 0.9.7e-2 -- rebuild - -* Mon Feb 28 2005 Tomas Mraz 0.9.7e-1 -- new upstream source, updated patches -- added patch so we are hopefully ABI compatible with upcoming - 0.9.7f - -* Thu Feb 10 2005 Tomas Mraz -- Support UTF-8 charset in the Makefile.certificate (#134944) -- Added cmp to BuildPrereq - -* Thu Jan 27 2005 Joe Orton 0.9.7a-46 -- generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32) - -* Thu Dec 23 2004 Phil Knirsch 0.9.7a-45 -- Fixed and updated libica-1.3.4-urandom.patch patch (#122967) - -* Fri Nov 19 2004 Nalin Dahyabhai 0.9.7a-44 -- rebuild - -* Fri Nov 19 2004 Nalin Dahyabhai 0.9.7a-43 -- rebuild - -* Fri Nov 19 2004 Nalin Dahyabhai 0.9.7a-42 -- rebuild - -* Fri Nov 19 2004 Nalin Dahyabhai 0.9.7a-41 -- remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040) - -* Tue Oct 05 2004 Phil Knirsch 0.9.7a-40 -- Include latest libica version with important bugfixes - -* Tue Jun 15 2004 Elliot Lee -- rebuilt - -* Mon Jun 14 2004 Phil Knirsch 0.9.7a-38 -- Updated ICA engine IBM patch to latest upstream version. - -* Mon Jun 7 2004 Nalin Dahyabhai 0.9.7a-37 -- build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik) - -* Tue May 25 2004 Nalin Dahyabhai 0.9.7a-36 -- handle %%{_arch}=i486/i586/i686/athlon cases in the intermediate - header (#124303) - -* Thu Mar 25 2004 Joe Orton 0.9.7a-35 -- add security fixes for CAN-2004-0079, CAN-2004-0112 - -* Tue Mar 16 2004 Phil Knirsch -- Fixed libica filespec. - -* Thu Mar 11 2004 Nalin Dahyabhai 0.9.7a-34 -- ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix - the intermediate header - -* Wed Mar 10 2004 Nalin Dahyabhai 0.9.7a-33 -- add an intermediate which points to the right - arch-specific opensslconf.h on multilib arches - -* Tue Mar 02 2004 Elliot Lee -- rebuilt - -* Thu Feb 26 2004 Phil Knirsch 0.9.7a-32 -- Updated libica to latest upstream version 1.3.5. - -* Tue Feb 17 2004 Phil Knirsch 0.9.7a-31 -- Update ICA crypto engine patch from IBM to latest version. - -* Fri Feb 13 2004 Elliot Lee -- rebuilt - -* Fri Feb 13 2004 Phil Knirsch 0.9.7a-29 -- rebuilt - -* Wed Feb 11 2004 Phil Knirsch 0.9.7a-28 -- Fixed libica build. - -* Wed Feb 4 2004 Nalin Dahyabhai -- add "-ldl" to link flags added for Linux-on-ARM (#99313) - -* Wed Feb 4 2004 Joe Orton 0.9.7a-27 -- updated ca-bundle.crt: removed expired GeoTrust roots, added - freessl.com root, removed trustcenter.de Class 0 root - -* Sun Nov 30 2003 Tim Waugh 0.9.7a-26 -- Fix link line for libssl (bug #111154). - -* Fri Oct 24 2003 Nalin Dahyabhai 0.9.7a-25 -- add dependency on zlib-devel for the -devel package, which depends on zlib - symbols because we enable zlib for libssl (#102962) - -* Fri Oct 24 2003 Phil Knirsch 0.9.7a-24 -- Use /dev/urandom instead of PRNG for libica. -- Apply libica-1.3.5 fix for /dev/urandom in icalinux.c -- Use latest ICA engine patch from IBM. - -* Sat Oct 4 2003 Nalin Dahyabhai 0.9.7a-22.1 -- rebuild - -* Wed Oct 1 2003 Nalin Dahyabhai 0.9.7a-22 -- rebuild (22 wasn't actually built, fun eh?) - -* Tue Sep 30 2003 Nalin Dahyabhai 0.9.7a-23 -- re-disable optimizations on ppc64 - -* Tue Sep 30 2003 Joe Orton -- add a_mbstr.c fix for 64-bit platforms from CVS - -* Tue Sep 30 2003 Nalin Dahyabhai 0.9.7a-22 -- add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged - as not needing executable stacks - -* Mon Sep 29 2003 Nalin Dahyabhai 0.9.7a-21 -- rebuild - -* Thu Sep 25 2003 Nalin Dahyabhai -- re-enable optimizations on ppc64 - -* Thu Sep 25 2003 Nalin Dahyabhai -- remove exclusivearch - -* Wed Sep 24 2003 Nalin Dahyabhai 0.9.7a-20 -- only parse a client cert if one was requested -- temporarily exclusivearch for %%{ix86} - -* Tue Sep 23 2003 Nalin Dahyabhai -- add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544) - and heap corruption (CAN-2003-0545) -- update RHNS-CA-CERT files -- ease back on the number of threads used in the threading test - -* Wed Sep 17 2003 Matt Wilson 0.9.7a-19 -- rebuild to fix gzipped file md5sums (#91211) - -* Mon Aug 25 2003 Phil Knirsch 0.9.7a-18 -- Updated libica to version 1.3.4. - -* Thu Jul 17 2003 Nalin Dahyabhai 0.9.7a-17 -- rebuild - -* Tue Jul 15 2003 Nalin Dahyabhai 0.9.7a-10.9 -- free the kssl_ctx structure when we free an SSL structure (#99066) - -* Fri Jul 11 2003 Nalin Dahyabhai 0.9.7a-16 -- rebuild - -* Thu Jul 10 2003 Nalin Dahyabhai 0.9.7a-15 -- lower thread test count on s390x - -* Tue Jul 8 2003 Nalin Dahyabhai 0.9.7a-14 -- rebuild - -* Thu Jun 26 2003 Nalin Dahyabhai 0.9.7a-13 -- disable assembly on arches where it seems to conflict with threading - -* Thu Jun 26 2003 Phil Knirsch 0.9.7a-12 -- Updated libica to latest upstream version 1.3.0 - -* Wed Jun 11 2003 Nalin Dahyabhai 0.9.7a-9.9 -- rebuild - -* Wed Jun 11 2003 Nalin Dahyabhai 0.9.7a-11 -- rebuild - -* Tue Jun 10 2003 Nalin Dahyabhai 0.9.7a-10 -- ubsec: don't stomp on output data which might also be input data - -* Tue Jun 10 2003 Nalin Dahyabhai 0.9.7a-9 -- temporarily disable optimizations on ppc64 - -* Mon Jun 9 2003 Nalin Dahyabhai -- backport fix for engine-used-for-everything from 0.9.7b -- backport fix for prng not being seeded causing problems, also from 0.9.7b -- add a check at build-time to ensure that RSA is thread-safe -- keep perlpath from stomping on the libica configure scripts - -* Fri Jun 6 2003 Nalin Dahyabhai -- thread-safety fix for RSA blinding - -* Wed Jun 04 2003 Elliot Lee 0.9.7a-8 -- rebuilt - -* Fri May 30 2003 Phil Knirsch 0.9.7a-7 -- Added libica-1.2 to openssl (featurerequest). - -* Wed Apr 16 2003 Nalin Dahyabhai 0.9.7a-6 -- fix building with incorrect flags on ppc64 - -* Wed Mar 19 2003 Nalin Dahyabhai 0.9.7a-5 -- add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's - attack (CAN-2003-0131) - -* Mon Mar 17 2003 Nalin Dahyabhai 0.9.7a-4 -- add patch to enable RSA blinding by default, closing a timing attack - (CAN-2003-0147) - -* Wed Mar 5 2003 Nalin Dahyabhai 0.9.7a-3 -- disable use of BN assembly module on x86_64, but continue to allow inline - assembly (#83403) - -* Thu Feb 27 2003 Nalin Dahyabhai 0.9.7a-2 -- disable EC algorithms - -* Wed Feb 19 2003 Nalin Dahyabhai 0.9.7a-1 -- update to 0.9.7a - -* Wed Feb 19 2003 Nalin Dahyabhai 0.9.7-8 -- add fix to guard against attempts to allocate negative amounts of memory -- add patch for CAN-2003-0078, fixing a timing attack - -* Thu Feb 13 2003 Elliot Lee 0.9.7-7 -- Add openssl-ppc64.patch - -* Mon Feb 10 2003 Nalin Dahyabhai 0.9.7-6 -- EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(), - to get the right behavior when passed uninitialized context structures - (#83766) -- build with -mcpu=ev5 on alpha family (#83828) - -* Wed Jan 22 2003 Tim Powers -- rebuilt - -* Fri Jan 17 2003 Phil Knirsch 0.9.7-4 -- Added IBM hw crypto support patch. - -* Wed Jan 15 2003 Nalin Dahyabhai -- add missing builddep on sed - -* Thu Jan 9 2003 Bill Nottingham 0.9.7-3 -- debloat -- fix broken manpage symlinks - -* Wed Jan 8 2003 Nalin Dahyabhai 0.9.7-2 -- fix double-free in 'openssl ca' - -* Fri Jan 3 2003 Nalin Dahyabhai 0.9.7-1 -- update to 0.9.7 final - -* Tue Dec 17 2002 Nalin Dahyabhai 0.9.7-0 -- update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7) - -* Wed Dec 11 2002 Nalin Dahyabhai -- update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7) - -* Tue Oct 22 2002 Nalin Dahyabhai 0.9.6b-30 -- add configuration stanza for x86_64 and use it on x86_64 -- build for linux-ppc on ppc -- start running the self-tests again - -* Wed Oct 02 2002 Elliot Lee 0.9.6b-29hammer.3 -- Merge fixes from previous hammer packages, including general x86-64 and - multilib - -* Tue Aug 6 2002 Nalin Dahyabhai 0.9.6b-29 -- rebuild - -* Thu Aug 1 2002 Nalin Dahyabhai 0.9.6b-28 -- update asn patch to fix accidental reversal of a logic check - -* Wed Jul 31 2002 Nalin Dahyabhai 0.9.6b-27 -- update asn patch to reduce chance that compiler optimization will remove - one of the added tests - -* Wed Jul 31 2002 Nalin Dahyabhai 0.9.6b-26 -- rebuild - -* Mon Jul 29 2002 Nalin Dahyabhai 0.9.6b-25 -- add patch to fix ASN.1 vulnerabilities - -* Thu Jul 25 2002 Nalin Dahyabhai 0.9.6b-24 -- add backport of Ben Laurie's patches for OpenSSL 0.9.6d - -* Wed Jul 17 2002 Nalin Dahyabhai 0.9.6b-23 -- own {_datadir}/ssl/misc - -* Fri Jun 21 2002 Tim Powers -- automated rebuild - -* Sun May 26 2002 Tim Powers -- automated rebuild - -* Fri May 17 2002 Nalin Dahyabhai 0.9.6b-20 -- free ride through the build system (whee!) - -* Thu May 16 2002 Nalin Dahyabhai 0.9.6b-19 -- rebuild in new environment - -* Thu Apr 4 2002 Nalin Dahyabhai 0.9.6b-17, 0.9.6b-18 -- merge RHL-specific bits into stronghold package, rename - -* Tue Apr 02 2002 Gary Benson stronghold-0.9.6c-2 -- add support for Chrysalis Luna token - -* Tue Mar 26 2002 Gary Benson -- disable AEP random number generation, other AEP fixes - -* Fri Mar 15 2002 Nalin Dahyabhai 0.9.6b-15 -- only build subpackages on primary arches - -* Thu Mar 14 2002 Nalin Dahyabhai 0.9.6b-13 -- on ia32, only disable use of assembler on i386 -- enable assembly on ia64 - -* Mon Jan 7 2002 Florian La Roche 0.9.6b-11 -- fix sparcv9 entry - -* Mon Jan 7 2002 Gary Benson stronghold-0.9.6c-1 -- upgrade to 0.9.6c -- bump BuildArch to i686 and enable assembler on all platforms -- synchronise with shrimpy and rawhide -- bump soversion to 3 - -* Wed Oct 10 2001 Florian La Roche -- delete BN_LLONG for s390x, patch from Oliver Paukstadt - -* Mon Sep 17 2001 Nalin Dahyabhai 0.9.6b-9 -- update AEP driver patch - -* Mon Sep 10 2001 Nalin Dahyabhai -- adjust RNG disabling patch to match version of patch from Broadcom - -* Fri Sep 7 2001 Nalin Dahyabhai 0.9.6b-8 -- disable the RNG in the ubsec engine driver - -* Tue Aug 28 2001 Nalin Dahyabhai 0.9.6b-7 -- tweaks to the ubsec engine driver - -* Fri Aug 24 2001 Nalin Dahyabhai 0.9.6b-6 -- tweaks to the ubsec engine driver - -* Thu Aug 23 2001 Nalin Dahyabhai 0.9.6b-5 -- update ubsec engine driver from Broadcom - -* Fri Aug 10 2001 Nalin Dahyabhai 0.9.6b-4 -- move man pages back to %%{_mandir}/man?/foo.?ssl from - %%{_mandir}/man?ssl/foo.? -- add an [ engine ] section to the default configuration file - -* Thu Aug 9 2001 Nalin Dahyabhai -- add a patch for selecting a default engine in SSL_library_init() - -* Mon Jul 23 2001 Nalin Dahyabhai 0.9.6b-3 -- add patches for AEP hardware support -- add patch to keep trying when we fail to load a cert from a file and - there are more in the file -- add missing prototype for ENGINE_ubsec() in engine_int.h - -* Wed Jul 18 2001 Nalin Dahyabhai 0.9.6b-2 -- actually add hw_ubsec to the engine list - -* Tue Jul 17 2001 Nalin Dahyabhai -- add in the hw_ubsec driver from CVS - -* Wed Jul 11 2001 Nalin Dahyabhai 0.9.6b-1 -- update to 0.9.6b - -* Thu Jul 5 2001 Nalin Dahyabhai -- move .so symlinks back to %%{_libdir} - -* Tue Jul 3 2001 Nalin Dahyabhai -- move shared libraries to /lib (#38410) - -* Mon Jun 25 2001 Nalin Dahyabhai -- switch to engine code base - -* Mon Jun 18 2001 Nalin Dahyabhai -- add a script for creating dummy certificates -- move man pages from %%{_mandir}/man?/foo.?ssl to %%{_mandir}/man?ssl/foo.? - -* Thu Jun 07 2001 Florian La Roche -- add s390x support - -* Fri Jun 1 2001 Nalin Dahyabhai -- change two memcpy() calls to memmove() -- don't define L_ENDIAN on alpha - -* Wed May 23 2001 Joe Orton stronghold-0.9.6a-1 -- Add 'stronghold-' prefix to package names. -- Obsolete standard openssl packages. - -* Wed May 16 2001 Joe Orton -- Add BuildArch: i586 as per Nalin's advice. - -* Tue May 15 2001 Joe Orton -- Enable assembler on ix86 (using new .tar.bz2 which does - include the asm directories). - -* Tue May 15 2001 Nalin Dahyabhai -- make subpackages depend on the main package - -* Tue May 1 2001 Nalin Dahyabhai -- adjust the hobble script to not disturb symlinks in include/ (fix from - Joe Orton) - -* Fri Apr 27 2001 Nalin Dahyabhai -- drop the m2crypo patch we weren't using - -* Tue Apr 24 2001 Nalin Dahyabhai -- configure using "shared" as well - -* Sun Apr 8 2001 Nalin Dahyabhai -- update to 0.9.6a -- use the build-shared target to build shared libraries -- bump the soversion to 2 because we're no longer compatible with - our 0.9.5a packages or our 0.9.6 packages -- drop the patch for making rsatest a no-op when rsa null support is used -- put all man pages into
ssl instead of
-- break the m2crypto modules into a separate package - -* Tue Mar 13 2001 Nalin Dahyabhai -- use BN_LLONG on s390 - -* Mon Mar 12 2001 Nalin Dahyabhai -- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit) - -* Sat Mar 3 2001 Nalin Dahyabhai -- move c_rehash to the perl subpackage, because it's a perl script now - -* Fri Mar 2 2001 Nalin Dahyabhai -- update to 0.9.6 -- enable MD2 -- use the libcrypto.so and libssl.so targets to build shared libs with -- bump the soversion to 1 because we're no longer compatible with any of - the various 0.9.5a packages circulating around, which provide lib*.so.0 - -* Wed Feb 28 2001 Florian La Roche -- change hobble-openssl for disabling MD2 again - -* Tue Feb 27 2001 Nalin Dahyabhai -- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152 - bytes or so, causing EVP_DigestInit() to zero out stack variables in - apps built against a version of the library without it - -* Mon Feb 26 2001 Nalin Dahyabhai -- disable some inline assembly, which on x86 is Pentium-specific -- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all) - -* Thu Feb 08 2001 Florian La Roche -- fix s390 patch - -* Fri Dec 8 2000 Than Ngo -- added support s390 - -* Mon Nov 20 2000 Nalin Dahyabhai -- remove -Wa,* and -m* compiler flags from the default Configure file (#20656) -- add the CA.pl man page to the perl subpackage - -* Thu Nov 2 2000 Nalin Dahyabhai -- always build with -mcpu=ev5 on alpha - -* Tue Oct 31 2000 Nalin Dahyabhai -- add a symlink from cert.pem to ca-bundle.crt - -* Wed Oct 25 2000 Nalin Dahyabhai -- add a ca-bundle file for packages like Samba to reference for CA certificates - -* Tue Oct 24 2000 Nalin Dahyabhai -- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295) - -* Mon Oct 2 2000 Nalin Dahyabhai -- add unzip as a buildprereq (#17662) -- update m2crypto to 0.05-snap4 - -* Tue Sep 26 2000 Bill Nottingham -- fix some issues in building when it's not installed - -* Wed Sep 6 2000 Nalin Dahyabhai -- make sure the headers we include are the ones we built with (aaaaarrgh!) - -* Fri Sep 1 2000 Nalin Dahyabhai -- add Richard Henderson's patch for BN on ia64 -- clean up the changelog - -* Tue Aug 29 2000 Nalin Dahyabhai -- fix the building of python modules without openssl-devel already installed - -* Wed Aug 23 2000 Nalin Dahyabhai -- byte-compile python extensions without the build-root -- adjust the makefile to not remove temporary files (like .key files when - building .csr files) by marking them as .PRECIOUS - -* Sat Aug 19 2000 Nalin Dahyabhai -- break out python extensions into a subpackage - -* Mon Jul 17 2000 Nalin Dahyabhai -- tweak the makefile some more - -* Tue Jul 11 2000 Nalin Dahyabhai -- disable MD2 support - -* Thu Jul 6 2000 Nalin Dahyabhai -- disable MDC2 support - -* Sun Jul 2 2000 Nalin Dahyabhai -- tweak the disabling of RC5, IDEA support -- tweak the makefile - -* Thu Jun 29 2000 Nalin Dahyabhai -- strip binaries and libraries -- rework certificate makefile to have the right parts for Apache - -* Wed Jun 28 2000 Nalin Dahyabhai -- use %%{_perl} instead of /usr/bin/perl -- disable alpha until it passes its own test suite - -* Fri Jun 9 2000 Nalin Dahyabhai -- move the passwd.1 man page out of the passwd package's way - -* Fri Jun 2 2000 Nalin Dahyabhai -- update to 0.9.5a, modified for U.S. -- add perl as a build-time requirement -- move certificate makefile to another package -- disable RC5, IDEA, RSA support -- remove optimizations for now - -* Wed Mar 1 2000 Florian La Roche -- Bero told me to move the Makefile into this package - -* Wed Mar 1 2000 Florian La Roche -- add lib*.so symlinks to link dynamically against shared libs - -* Tue Feb 29 2000 Florian La Roche -- update to 0.9.5 -- run ldconfig directly in post/postun -- add FAQ - -* Sat Dec 18 1999 Bernhard Rosenkrdnzer -- Fix build on non-x86 platforms - -* Fri Nov 12 1999 Bernhard Rosenkrdnzer -- move /usr/share/ssl/* from -devel to main package - -* Tue Oct 26 1999 Bernhard Rosenkrdnzer -- inital packaging -- changes from base: - - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - - handle RPM_OPT_FLAGS +* Fri Apr 09 2021 Sahana Prasad 3.0.0-0.alpha13.1 +- Update to new major release OpenSSL 3.0.0 alpha 13 + Resolves: rhbz#1903209 diff --git a/opensslconf-new.h b/opensslconf-new.h deleted file mode 100644 index 04363c3..0000000 --- a/opensslconf-new.h +++ /dev/null @@ -1,47 +0,0 @@ -/* This file is here to prevent a file conflict on multiarch systems. A - * conflict will frequently occur because arch-specific build-time - * configuration options are stored (and used, so they can't just be stripped - * out) in opensslconf.h. The original opensslconf.h has been renamed. - * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */ - -#ifdef openssl_opensslconf_multilib_redirection_h -#error "Do not define openssl_opensslconf_multilib_redirection_h!" -#endif -#define openssl_opensslconf_multilib_redirection_h - -#if defined(__i386__) -#include "opensslconf-i386.h" -#elif defined(__ia64__) -#include "opensslconf-ia64.h" -#elif defined(__mips64) && defined(__MIPSEL__) -#include "opensslconf-mips64el.h" -#elif defined(__mips64) -#include "opensslconf-mips64.h" -#elif defined(__mips) && defined(__MIPSEL__) -#include "opensslconf-mipsel.h" -#elif defined(__mips) -#include "opensslconf-mips.h" -#elif defined(__powerpc64__) -#include -#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ -#include "opensslconf-ppc64.h" -#else -#include "opensslconf-ppc64le.h" -#endif -#elif defined(__powerpc__) -#include "opensslconf-ppc.h" -#elif defined(__s390x__) -#include "opensslconf-s390x.h" -#elif defined(__s390__) -#include "opensslconf-s390.h" -#elif defined(__sparc__) && defined(__arch64__) -#include "opensslconf-sparc64.h" -#elif defined(__sparc__) -#include "opensslconf-sparc.h" -#elif defined(__x86_64__) -#include "opensslconf-x86_64.h" -#else -#error "This openssl-devel package does not work your architecture?" -#endif - -#undef openssl_opensslconf_multilib_redirection_h diff --git a/sources b/sources index cc9f962..d8f2826 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-1.1.1k-hobbled.tar.xz) = b5282e40af8f28f7a859dfddeb269f3a4b0f4fb535de330dfd3ad14a123b57fe66e3880c6c9aacf49865175b1f7f6c88cae31451a99d4ac2b2cb1c5135d4ada9 +SHA512 (openssl-3.0.0-hobbled.tar.xz) = c5837020f7fc395d283673ab8cb2b14a858edb1fe53b5b46d47d61225881724d675d3aadc37782e43937b015cb26e88002915065f02a78217e11d9964bf79c0c diff --git a/tests/simple-rsapss-test/Makefile b/tests/simple-rsapss-test/Makefile deleted file mode 100644 index 13a123d..0000000 --- a/tests/simple-rsapss-test/Makefile +++ /dev/null @@ -1,63 +0,0 @@ -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Makefile of /CoreOS/openssl/Sanity/simple-rsapss-test -# Description: Test if RSA-PSS signature scheme is supported -# Author: Hubert Kario -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -export TEST=/CoreOS/openssl/Sanity/simple-rsapss-test -export TESTVERSION=1.0 - -BUILT_FILES= - -FILES=$(METADATA) runtest.sh Makefile PURPOSE - -.PHONY: all install download clean - -run: $(FILES) build - ./runtest.sh - -build: $(BUILT_FILES) - test -x runtest.sh || chmod a+x runtest.sh - -clean: - rm -f *~ $(BUILT_FILES) - - --include /usr/share/rhts/lib/rhts-make.include - -$(METADATA): Makefile - @echo "Owner: Hubert Kario " > $(METADATA) - @echo "Name: $(TEST)" >> $(METADATA) - @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) - @echo "Path: $(TEST_DIR)" >> $(METADATA) - @echo "Description: Test if RSA-PSS signature scheme is supported" >> $(METADATA) - @echo "Type: Sanity" >> $(METADATA) - @echo "TestTime: 1m" >> $(METADATA) - @echo "RunFor: openssl" >> $(METADATA) - @echo "Requires: openssl man man-db" >> $(METADATA) - @echo "Priority: Normal" >> $(METADATA) - @echo "License: GPLv2" >> $(METADATA) - @echo "Confidential: no" >> $(METADATA) - @echo "Destructive: no" >> $(METADATA) - - rhts-lint $(METADATA) diff --git a/tests/simple-rsapss-test/PURPOSE b/tests/simple-rsapss-test/PURPOSE deleted file mode 100644 index 66848e7..0000000 --- a/tests/simple-rsapss-test/PURPOSE +++ /dev/null @@ -1,3 +0,0 @@ -PURPOSE of /CoreOS/openssl/Sanity/simple-rsapss-test -Description: Test if RSA-PSS signature scheme is supported -Author: Hubert Kario diff --git a/tests/simple-rsapss-test/runtest.sh b/tests/simple-rsapss-test/runtest.sh deleted file mode 100755 index 8b60e2f..0000000 --- a/tests/simple-rsapss-test/runtest.sh +++ /dev/null @@ -1,74 +0,0 @@ -#!/bin/bash -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/openssl/Sanity/simple-rsapss-test -# Description: Test if RSA-PSS signature scheme is supported -# Author: Hubert Kario -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include Beaker environment -. /usr/share/beakerlib/beakerlib.sh || exit 1 - -PACKAGE="openssl" - -PUB_KEY="rsa_pubkey.pem" -PRIV_KEY="rsa_key.pem" -FILE="text.txt" -SIG="text.sig" - -rlJournalStart - rlPhaseStartSetup - rlAssertRpm $PACKAGE - rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlRun "openssl genrsa -out $PRIV_KEY 2048" 0 "Generate RSA key" - rlRun "openssl rsa -in $PRIV_KEY -out $PUB_KEY -pubout" 0 "Split the public key from private key" - rlRun "echo 'sign me!' > $FILE" 0 "Create file for signing" - rlAssertExists $FILE - rlAssertExists $PRIV_KEY - rlAssertExists $PUB_KEY - rlPhaseEnd - - rlPhaseStartTest "Test RSA-PSS padding mode" - set -o pipefail - rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -out $SIG -sign $PRIV_KEY $FILE" 0 "Sign the file" - rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -prverify $PRIV_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using the private key file" - rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -verify $PUB_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using public key file" - rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -prverify $PRIV_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using the private key file without specifying salt length" - rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -verify $PUB_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using public key file without specifying salt length" - set +o pipefail - rlRun "sed -i 's/sign/Sign/' $FILE" 0 "Modify signed file" - rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -verify $PUB_KEY -signature $SIG $FILE | grep 'Verification Failure'" 0 "Verify that the signature is no longer valid" - rlPhaseEnd - - rlPhaseStartTest "Documentation check" - [ -e "$(rpm -ql openssl | grep dgst)"] && rlRun "man dgst | col -b | grep -- -sigopt" 0 "Check if -sigopt option is described in man page" - rlRun "openssl dgst -help 2>&1 | grep -- -sigopt" 0 "Check if -sigopt option is present in help message" - rlPhaseEnd - - rlPhaseStartCleanup - rlRun "popd" - rlRun "rm -r $TmpDir" 0 "Removing tmp directory" - rlPhaseEnd -rlJournalPrintText -rlJournalEnd diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index 4b71d56..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# This first play always runs on the local staging system -- hosts: localhost - roles: - - role: standard-test-beakerlib - tags: - - classic - - container - tests: - - simple-rsapss-test - required_packages: - - findutils # beakerlib needs find command - - man # needed by simple-rsapss-test - - man-db # needed by simple-rsapss-test - - openssl # needed by simple-rsapss-test diff --git a/tests/tests_python.yml b/tests/tests_python.yml deleted file mode 100644 index 5341446..0000000 --- a/tests/tests_python.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- hosts: localhost - roles: - - role: standard-test-basic - tags: - - classic - repositories: - - repo: "https://src.fedoraproject.org/tests/python.git" - dest: "python" - tests: - - python_selftest: - dir: python/selftest - run: X="test_ssl test_asyncio test_hashlib test_ftplib test_httplib test_imaplib test_logging test_nntplib test_poplib test_urllib2_localnet test_urllib test_xmlrpc" ./parallel.sh - required_packages: - - gcc # for extension building in venv and selftest - - python3-tkinter # for selftest - - python3-test # for selftest - - python3-rpm-macros # for dynamic python version