From 77d9e73d5c8345e0bc14c35fc1e711db3bf6fe9e Mon Sep 17 00:00:00 2001 From: B Stack Date: Wed, 23 Oct 2019 22:36:30 -0400 Subject: initial commit --- README.md | 8 + curl/0001-curl-7.66.0-metalink-memleak.patch | 71 + curl/0101-curl-7.58.0-multilib.patch | 88 + curl/0102-curl-7.54.1-debug.patch | 48 + curl/0103-curl-7.62.0-python3.patch | 57 + curl/0104-curl-7.64.1-localhost6.patch | 47 + curl/0105-curl-7.65.0-lib1560-valgrind.patch | 39 + curl/0302-curl-7.47.1-pkgconfig.patch | 17 + curl/README.md | 14 + curl/curl-7.64.1-zsh-cpl.patch | 37 + curl/curl.spec | 6326 ++++++++++ libmetalink/0001-fix-covscan-issues.patch | 54 + libmetalink/README.md | 16 + libmetalink/libmetalink-0.1.3.tar.bz2 | Bin 0 -> 327482 bytes libmetalink/libmetalink.spec | 146 + libpsl/README.md | 16 + libpsl/libpsl-0.20.2.tar.gz | Bin 0 -> 9228099 bytes libpsl/libpsl.spec | 263 + libssh2/README.md | 14 + libssh2/libssh2-1.7.0-pkgconfig.patch | 13 + libssh2/libssh2.spec | 807 ++ libssh2/stackrpms-libssh2.spec.diff | 61 + openssl-freefilesync/Makefile.certificate | 82 + openssl-freefilesync/README.FIPS | 72 + openssl-freefilesync/README.md | 13 + openssl-freefilesync/ec_curve.c | 470 + openssl-freefilesync/ectest.c | 920 ++ openssl-freefilesync/hobble-openssl | 40 + openssl-freefilesync/make-dummy-cert | 28 + .../openssl-1.1.0-issuer-hash.patch | 11 + openssl-freefilesync/openssl-1.1.0-no-html.patch | 12 + openssl-freefilesync/openssl-1.1.1-apps-dgst.patch | 12 + openssl-freefilesync/openssl-1.1.1-build.patch | 40 + .../openssl-1.1.1-conf-paths.patch | 56 + openssl-freefilesync/openssl-1.1.1-defaults.patch | 51 + .../openssl-1.1.1-disable-ssl3.patch | 91 + openssl-freefilesync/openssl-1.1.1-ec-curves.patch | 210 + openssl-freefilesync/openssl-1.1.1-evp-kdf.patch | 5262 ++++++++ .../openssl-1.1.1-fips-crng-test.patch | 407 + .../openssl-1.1.1-fips-post-rand.patch | 157 + openssl-freefilesync/openssl-1.1.1-fips.patch | 11852 +++++++++++++++++++ .../openssl-1.1.1-ignore-bound.patch | 14 + .../openssl-1.1.1-man-rename.patch | 19 + .../openssl-1.1.1-no-brainpool.patch | 116 + .../openssl-1.1.1-no-weak-verify.patch | 26 + .../openssl-1.1.1-regression-fixes.patch | 16 + .../openssl-1.1.1-s390x-update.patch | 5509 +++++++++ openssl-freefilesync/openssl-1.1.1-seclevel.patch | 65 + openssl-freefilesync/openssl-1.1.1-ssh-kdf.patch | 5612 +++++++++ .../openssl-1.1.1-system-cipherlist.patch | 310 + .../openssl-1.1.1-ts-sha256-default.patch | 50 + .../openssl-1.1.1-upstream-sync.patch | 534 + .../openssl-1.1.1-version-add-engines.patch | 38 + .../openssl-1.1.1-version-override.patch | 12 + .../openssl-1.1.1-weak-ciphers.patch | 57 + openssl-freefilesync/openssl-1.1.1c-hobbled.tar.xz | Bin 0 -> 6262504 bytes openssl-freefilesync/openssl.spec | 2128 ++++ openssl-freefilesync/opensslconf-new-warning.h | 7 + openssl-freefilesync/opensslconf-new.h | 47 + .../readme-openssl-freefilesync.md | 12 + openssl-freefilesync/renew-dummy-cert | 39 + openssl-freefilesync/stackrpms-openssl.spec.diff | 139 + 62 files changed, 42678 insertions(+) create mode 100644 README.md create mode 100644 curl/0001-curl-7.66.0-metalink-memleak.patch create mode 100644 curl/0101-curl-7.58.0-multilib.patch create mode 100644 curl/0102-curl-7.54.1-debug.patch create mode 100644 curl/0103-curl-7.62.0-python3.patch create mode 100644 curl/0104-curl-7.64.1-localhost6.patch create mode 100644 curl/0105-curl-7.65.0-lib1560-valgrind.patch create mode 100644 curl/0302-curl-7.47.1-pkgconfig.patch create mode 100644 curl/README.md create mode 100644 curl/curl-7.64.1-zsh-cpl.patch create mode 100644 curl/curl.spec create mode 100644 libmetalink/0001-fix-covscan-issues.patch create mode 100644 libmetalink/README.md create mode 100644 libmetalink/libmetalink-0.1.3.tar.bz2 create mode 100644 libmetalink/libmetalink.spec create mode 100644 libpsl/README.md create mode 100644 libpsl/libpsl-0.20.2.tar.gz create mode 100644 libpsl/libpsl.spec create mode 100644 libssh2/README.md create mode 100644 libssh2/libssh2-1.7.0-pkgconfig.patch create mode 100644 libssh2/libssh2.spec create mode 100644 libssh2/stackrpms-libssh2.spec.diff create mode 100644 openssl-freefilesync/Makefile.certificate create mode 100644 openssl-freefilesync/README.FIPS create mode 100644 openssl-freefilesync/README.md create mode 100644 openssl-freefilesync/ec_curve.c create mode 100644 openssl-freefilesync/ectest.c create mode 100755 openssl-freefilesync/hobble-openssl create mode 100755 openssl-freefilesync/make-dummy-cert create mode 100644 openssl-freefilesync/openssl-1.1.0-issuer-hash.patch create mode 100644 openssl-freefilesync/openssl-1.1.0-no-html.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-apps-dgst.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-build.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-conf-paths.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-defaults.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-ec-curves.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-evp-kdf.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-fips-crng-test.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-fips.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-ignore-bound.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-man-rename.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-no-brainpool.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-regression-fixes.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-s390x-update.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-seclevel.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-ssh-kdf.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-system-cipherlist.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-ts-sha256-default.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-upstream-sync.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-version-add-engines.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-version-override.patch create mode 100644 openssl-freefilesync/openssl-1.1.1-weak-ciphers.patch create mode 100644 openssl-freefilesync/openssl-1.1.1c-hobbled.tar.xz create mode 100644 openssl-freefilesync/openssl.spec create mode 100644 openssl-freefilesync/opensslconf-new-warning.h create mode 100644 openssl-freefilesync/opensslconf-new.h create mode 100644 openssl-freefilesync/readme-openssl-freefilesync.md create mode 100755 openssl-freefilesync/renew-dummy-cert create mode 100644 openssl-freefilesync/stackrpms-openssl.spec.diff diff --git a/README.md b/README.md new file mode 100644 index 0000000..fa86622 --- /dev/null +++ b/README.md @@ -0,0 +1,8 @@ +# References +City-fan provided the original sources for the following and probably more. +* libpsl +* libssh2 +* libmetalink + +Bgstack15 is the origin for these repacks +* openssl-freefilesync diff --git a/curl/0001-curl-7.66.0-metalink-memleak.patch b/curl/0001-curl-7.66.0-metalink-memleak.patch new file mode 100644 index 0000000..16c8ae2 --- /dev/null +++ b/curl/0001-curl-7.66.0-metalink-memleak.patch @@ -0,0 +1,71 @@ +From 855ebacdffbc421b121563ae1ecd9fde736bfaf2 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 11 Sep 2019 16:32:11 +0200 +Subject: [PATCH] curl: fix memory leaked by parse_metalink() + +This commit fixes a regression introduced by curl-7_65_3-5-gb88940850. +Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind +and libmetalink enabled. + +Closes #4326 + +Upstream-commit: 1ca91bcdb588dc6c25d345f2411fdba314433732 +Signed-off-by: Kamil Dudka +--- + src/tool_metalink.c | 2 +- + src/tool_metalink.h | 3 +++ + src/tool_operate.c | 4 ++++ + 3 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/tool_metalink.c b/src/tool_metalink.c +index 0740407f9..cd5a7d650 100644 +--- a/src/tool_metalink.c ++++ b/src/tool_metalink.c +@@ -965,7 +965,7 @@ static void delete_metalink_resource(metalink_resource *res) + Curl_safefree(res); + } + +-static void delete_metalinkfile(metalinkfile *mlfile) ++void delete_metalinkfile(metalinkfile *mlfile) + { + metalink_resource *res; + if(mlfile == NULL) { +diff --git a/src/tool_metalink.h b/src/tool_metalink.h +index 1e367033c..f5ec306f7 100644 +--- a/src/tool_metalink.h ++++ b/src/tool_metalink.h +@@ -105,6 +105,8 @@ extern const digest_params SHA256_DIGEST_PARAMS[1]; + * Counts the resource in the metalinkfile. + */ + int count_next_metalink_resource(metalinkfile *mlfile); ++ ++void delete_metalinkfile(metalinkfile *mlfile); + void clean_metalink(struct OperationConfig *config); + + /* +@@ -158,6 +160,7 @@ void metalink_cleanup(void); + #else /* USE_METALINK */ + + #define count_next_metalink_resource(x) 0 ++#define delete_metalinkfile(x) (void)x + #define clean_metalink(x) (void)x + + /* metalink_cleanup() takes no arguments */ +diff --git a/src/tool_operate.c b/src/tool_operate.c +index d2ad9642d..09dfc0c84 100644 +--- a/src/tool_operate.c ++++ b/src/tool_operate.c +@@ -2073,6 +2073,10 @@ static CURLcode serial_transfers(struct GlobalConfig *global, + result = post_transfer(global, share, per, result, &retry); + if(retry) + continue; ++ ++ /* Release metalink related resources here */ ++ delete_metalinkfile(per->mlfile); ++ + per = del_transfer(per); + + /* Bail out upon critical errors or --fail-early */ +-- +2.20.1 + diff --git a/curl/0101-curl-7.58.0-multilib.patch b/curl/0101-curl-7.58.0-multilib.patch new file mode 100644 index 0000000..38340e1 --- /dev/null +++ b/curl/0101-curl-7.58.0-multilib.patch @@ -0,0 +1,88 @@ +From 2a4754a3a7cf60ecc36d83cbe50b8c337cb87632 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Fri, 12 Apr 2013 12:04:05 +0200 +Subject: [PATCH] prevent multilib conflicts on the curl-config script + +--- + curl-config.in | 21 +++------------------ + docs/curl-config.1 | 4 +++- + libcurl.pc.in | 1 + + 3 files changed, 7 insertions(+), 19 deletions(-) + +diff --git a/curl-config.in b/curl-config.in +index 150004d..95d0759 100644 +--- a/curl-config.in ++++ b/curl-config.in +@@ -76,7 +76,7 @@ while test $# -gt 0; do + ;; + + --cc) +- echo "@CC@" ++ echo "gcc" + ;; + + --prefix) +@@ -143,32 +143,19 @@ while test $# -gt 0; do + ;; + + --libs) +- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then +- CURLLIBDIR="-L@libdir@ " +- else +- CURLLIBDIR="" +- fi +- if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then +- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ +- else +- echo ${CURLLIBDIR}-lcurl +- fi ++ echo -lcurl + ;; + --ssl-backends) + echo "@SSL_BACKENDS@" + ;; + + --static-libs) +- if test "X@ENABLE_STATIC@" != "Xno" ; then +- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@ +- else +- echo "curl was built with static libraries disabled" >&2 +- exit 1 +- fi ++ echo "curl was built with static libraries disabled" >&2 ++ exit 1 + ;; + + --configure) +- echo @CONFIGURE_OPTIONS@ ++ pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//' + ;; + + *) +diff --git a/docs/curl-config.1 b/docs/curl-config.1 +index 14a9d2b..ffcc004 100644 +--- a/docs/curl-config.1 ++++ b/docs/curl-config.1 +@@ -70,7 +70,9 @@ no, one or several names. If more than o + comma-separated. (Added in 7.58.0) + .IP "--static-libs" + Shows the complete set of libs and other linker options you will need in order +-to link your application with libcurl statically. (Added in 7.17.1) ++to link your application with libcurl statically. Note that Fedora/RHEL libcurl ++packages do not provide any static libraries, thus cannot be linked statically. ++(Added in 7.17.1) + .IP "--version" + Outputs version information about the installed libcurl. + .IP "--vernum" +diff --git a/libcurl.pc.in b/libcurl.pc.in +index 2ba9c39..f8f8b00 100644 +--- a/libcurl.pc.in ++++ b/libcurl.pc.in +@@ -29,6 +29,7 @@ libdir=@libdir@ + includedir=@includedir@ + supported_protocols="@SUPPORT_PROTOCOLS@" + supported_features="@SUPPORT_FEATURES@" ++configure_options=@CONFIGURE_OPTIONS@ + + Name: libcurl + URL: https://curl.haxx.se/ diff --git a/curl/0102-curl-7.54.1-debug.patch b/curl/0102-curl-7.54.1-debug.patch new file mode 100644 index 0000000..1495e17 --- /dev/null +++ b/curl/0102-curl-7.54.1-debug.patch @@ -0,0 +1,48 @@ +--- a/configure ++++ b/configure +@@ -17044,18 +17044,11 @@ $as_echo "yes" >&6; } + gccvhi=`echo $gccver | cut -d . -f1` + gccvlo=`echo $gccver | cut -d . -f2` + compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` +- flags_dbg_all="-g -g0 -g1 -g2 -g3" +- flags_dbg_all="$flags_dbg_all -ggdb" +- flags_dbg_all="$flags_dbg_all -gstabs" +- flags_dbg_all="$flags_dbg_all -gstabs+" +- flags_dbg_all="$flags_dbg_all -gcoff" +- flags_dbg_all="$flags_dbg_all -gxcoff" +- flags_dbg_all="$flags_dbg_all -gdwarf-2" +- flags_dbg_all="$flags_dbg_all -gvms" ++ flags_dbg_all="" + flags_dbg_yes="-g" + flags_dbg_off="" +- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast" +- flags_opt_yes="-O2" ++ flags_opt_all="" ++ flags_opt_yes="" + flags_opt_off="-O0" + + OLDCPPFLAGS=$CPPFLAGS +--- a/m4/curl-compilers.m4 ++++ b/m4/curl-compilers.m4 +@@ -148,18 +148,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [ + gccvhi=`echo $gccver | cut -d . -f1` + gccvlo=`echo $gccver | cut -d . -f2` + compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` +- flags_dbg_all="-g -g0 -g1 -g2 -g3" +- flags_dbg_all="$flags_dbg_all -ggdb" +- flags_dbg_all="$flags_dbg_all -gstabs" +- flags_dbg_all="$flags_dbg_all -gstabs+" +- flags_dbg_all="$flags_dbg_all -gcoff" +- flags_dbg_all="$flags_dbg_all -gxcoff" +- flags_dbg_all="$flags_dbg_all -gdwarf-2" +- flags_dbg_all="$flags_dbg_all -gvms" ++ flags_dbg_all="" + flags_dbg_yes="-g" + flags_dbg_off="" +- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast" +- flags_opt_yes="-O2" ++ flags_opt_all="" ++ flags_opt_yes="" + flags_opt_off="-O0" + CURL_CHECK_DEF([_WIN32], [], [silent]) + else diff --git a/curl/0103-curl-7.62.0-python3.patch b/curl/0103-curl-7.62.0-python3.patch new file mode 100644 index 0000000..56485fe --- /dev/null +++ b/curl/0103-curl-7.62.0-python3.patch @@ -0,0 +1,57 @@ +From 3c4c7340e455b7256c0786759422f34ec3e2d440 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Thu, 15 Mar 2018 14:49:56 +0100 +Subject: [PATCH] tests/{negtelnet,smb}server.py: migrate to Python 3 + +Unfortunately, smbserver.py does not work with Python 3 because +there is no 'impacket' module available for Python 3: + +https://github.com/CoreSecurity/impacket/issues/61 +--- + tests/negtelnetserver.py | 4 ++-- + tests/smbserver.py | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py +index 8cfd409..72ee771 100755 +--- a/tests/negtelnetserver.py ++++ b/tests/negtelnetserver.py +@@ -73,11 +73,11 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler): + response_data = response.encode('ascii') + else: + log.debug("Received normal request - echoing back") +- response_data = data.strip() ++ response_data = data.decode('utf8').strip() + + if response_data: + log.debug("Sending %r", response_data) +- self.request.sendall(response_data) ++ self.request.sendall(response_data.encode('utf8')) + + except IOError: + log.exception("IOError hit during request") +diff --git a/tests/smbserver.py b/tests/smbserver.py +index 195ae39..b09cd44 100755 +--- a/tests/smbserver.py ++++ b/tests/smbserver.py +@@ -24,7 +24,7 @@ + from __future__ import (absolute_import, division, print_function) + # unicode_literals) + import argparse +-import ConfigParser ++import configparser + import os + import sys + import logging +@@ -58,7 +58,7 @@ def smbserver(options): + f.write("{0}".format(pid)) + + # Here we write a mini config for the server +- smb_config = ConfigParser.ConfigParser() ++ smb_config = configparser.ConfigParser() + smb_config.add_section("global") + smb_config.set("global", "server_name", "SERVICE") + smb_config.set("global", "server_os", "UNIX") +-- +2.14.3 + diff --git a/curl/0104-curl-7.64.1-localhost6.patch b/curl/0104-curl-7.64.1-localhost6.patch new file mode 100644 index 0000000..ec1fc47 --- /dev/null +++ b/curl/0104-curl-7.64.1-localhost6.patch @@ -0,0 +1,47 @@ +--- a/tests/data/test1083 ++++ b/tests/data/test1083 +@@ -33,13 +33,13 @@ ipv6 + http-ipv6 + + +-HTTP-IPv6 GET with ip6-localhost --interface ++HTTP-IPv6 GET with localhost6 --interface + + +--g "http://%HOST6IP:%HTTP6PORT/1083" --interface ip6-localhost ++-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6 + + +-perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}" ++perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}" + + + +--- a/tests/data/test241 ++++ b/tests/data/test241 +@@ -30,13 +30,13 @@ ipv6 + http-ipv6 + + +-HTTP-IPv6 GET (using ip6-localhost) ++HTTP-IPv6 GET (using localhost6) + + +--g "http://ip6-localhost:%HTTP6PORT/241" ++-g "http://localhost6:%HTTP6PORT/241" + + +-./server/resolve --ipv6 ip6-localhost ++./server/resolve --ipv6 localhost6 + + + +@@ -48,7 +48,7 @@ HTTP-IPv6 GET (using ip6-localhost) + + + GET /241 HTTP/1.1 +-Host: ip6-localhost:%HTTP6PORT ++Host: localhost6:%HTTP6PORT + Accept: */* + + diff --git a/curl/0105-curl-7.65.0-lib1560-valgrind.patch b/curl/0105-curl-7.65.0-lib1560-valgrind.patch new file mode 100644 index 0000000..92089c2 --- /dev/null +++ b/curl/0105-curl-7.65.0-lib1560-valgrind.patch @@ -0,0 +1,39 @@ +From f55cca0e86f59ec11ffafd5c0503c39ca3723e2e Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Mon, 4 Feb 2019 17:32:56 +0100 +Subject: [PATCH] libtest: compile lib1560.c with -fno-builtin-strcmp + +... to prevent valgrind from reporting false positives on x86_64: + +Conditional jump or move depends on uninitialised value(s) + at 0x10BCAA: part2id (lib1560.c:489) + by 0x10BCAA: updateurl (lib1560.c:521) + by 0x10BCAA: set_parts (lib1560.c:630) + by 0x10BCAA: test (lib1560.c:802) + by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so) + +Conditional jump or move depends on uninitialised value(s) + at 0x10BCC3: part2id (lib1560.c:491) + by 0x10BCC3: updateurl (lib1560.c:521) + by 0x10BCC3: set_parts (lib1560.c:630) + by 0x10BCC3: test (lib1560.c:802) + by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so) +--- + tests/libtest/Makefile.inc | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc +index 080421b..ea3b806 100644 +--- a/tests/libtest/Makefile.inc ++++ b/tests/libtest/Makefile.inc +@@ -528,6 +528,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFIL + lib1559_LDADD = $(TESTUTIL_LIBS) + + lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) ++lib1560_CFLAGS = $(AM_CFLAGS) -fno-builtin-strcmp + lib1560_LDADD = $(TESTUTIL_LIBS) + + lib1591_SOURCES = lib1591.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) +-- +2.17.2 + diff --git a/curl/0302-curl-7.47.1-pkgconfig.patch b/curl/0302-curl-7.47.1-pkgconfig.patch new file mode 100644 index 0000000..3dce68b --- /dev/null +++ b/curl/0302-curl-7.47.1-pkgconfig.patch @@ -0,0 +1,17 @@ +This patch cleans up libcurl.pc to remove redundant compiler/linker +flags that refer to standard directories, i.e. + +-L/usr/lib(64)? +-I/usr/include + +--- libcurl.pc.in ++++ libcurl.pc.in +@@ -35,6 +35,6 @@ Name: libcurl + URL: https://curl.haxx.se/ + Description: Library to transfer files with ftp, http, etc. + Version: @CURLVERSION@ +-Libs: -L${libdir} -lcurl ++Libs: -lcurl + Libs.private: @LIBCURL_LIBS@ +-Cflags: -I${includedir} @CPPFLAG_CURL_STATICLIB@ ++Cflags: @CPPFLAG_CURL_STATICLIB@ diff --git a/curl/README.md b/curl/README.md new file mode 100644 index 0000000..327e985 --- /dev/null +++ b/curl/README.md @@ -0,0 +1,14 @@ +# curl upstream +http://mirror.city-fan.org/ftp/contrib/yum-repo/development/source/curl-7.66.0-1.1.cf.fc32.src.rpm + +# Reason for being in ffs-dependencies +FreeFileSync follows libcurl very aggressively. + +# Reverse dependency matrix +Distro | FreeFileSync version | libcurl version +---------- | -------------------- | --------------- +CentOS 7 | 10.16 | 7.66.0 +CentOS 8 | 10.16 | 7.66.0 + +# Differences from upstream +No changes. diff --git a/curl/curl-7.64.1-zsh-cpl.patch b/curl/curl-7.64.1-zsh-cpl.patch new file mode 100644 index 0000000..070e508 --- /dev/null +++ b/curl/curl-7.64.1-zsh-cpl.patch @@ -0,0 +1,37 @@ +--- scripts/Makefile.am ++++ scripts/Makefile.am +@@ -35,7 +35,7 @@ if CROSSCOMPILING + @echo "NOTICE: we can't generate zsh completion when cross-compiling!" + else # if not cross-compiling: + @if ! test -x "$(PERL)"; then echo "No perl: can't install completion.pl"; exit 0; fi +- $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell zsh > $@ ++ LD_LIBRARY_PATH=$(top_builddir)/lib/.libs $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell zsh > $@ + endif + + $(FISH_COMPLETION_FUNCTION_FILENAME): completion.pl +@@ -43,7 +43,7 @@ if CROSSCOMPILING + @echo "NOTICE: we can't generate fish completion when cross-compiling!" + else # if not cross-compiling: + @if ! test -x "$(PERL)"; then echo "No perl: can't install completion.pl"; exit 0; fi +- $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell fish > $@ ++ LD_LIBRARY_PATH=$(top_builddir)/lib/.libs $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell fish > $@ + endif + + install-data-local: +--- scripts/Makefile.in ++++ scripts/Makefile.in +@@ -563,12 +563,12 @@ all-local: $(ZSH_COMPLETION_FUNCTION_FIL + $(ZSH_COMPLETION_FUNCTION_FILENAME): completion.pl + @CROSSCOMPILING_TRUE@ @echo "NOTICE: we can't generate zsh completion when cross-compiling!" + @CROSSCOMPILING_FALSE@ @if ! test -x "$(PERL)"; then echo "No perl: can't install completion.pl"; exit 0; fi +-@CROSSCOMPILING_FALSE@ $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell zsh > $@ ++@CROSSCOMPILING_FALSE@ LD_LIBRARY_PATH=$(top_builddir)/lib/.libs $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell zsh > $@ + + $(FISH_COMPLETION_FUNCTION_FILENAME): completion.pl + @CROSSCOMPILING_TRUE@ @echo "NOTICE: we can't generate fish completion when cross-compiling!" + @CROSSCOMPILING_FALSE@ @if ! test -x "$(PERL)"; then echo "No perl: can't install completion.pl"; exit 0; fi +-@CROSSCOMPILING_FALSE@ $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell fish > $@ ++@CROSSCOMPILING_FALSE@ LD_LIBRARY_PATH=$(top_builddir)/lib/.libs $(PERL) $(srcdir)/completion.pl --curl $(top_builddir)/src/curl$(EXEEXT) --shell fish > $@ + + install-data-local: + @CROSSCOMPILING_TRUE@ @echo "NOTICE: we can't install zsh completion when cross-compiling!" diff --git a/curl/curl.spec b/curl/curl.spec new file mode 100644 index 0000000..88181f9 --- /dev/null +++ b/curl/curl.spec @@ -0,0 +1,6326 @@ +# Detect the distribution in use +%global __despace head -n 1 | tr -d '[:space:]' | sed -e 's/[(].*[)]//g' +%global __lower4 cut -c 1-4 | tr '[:upper:]' '[:lower:]' +%global __distfile %([ -f /etc/SuSE-release ] && echo /etc/SuSE-release || echo /etc/redhat-release) +%global __distinit %(sed -e 's/ release .*//' -e 's/\\([A-Za-z]\\)[^ ]*/\\1/g' %{__distfile} | %{__despace} | %{__lower4}) +%global __distvers %(sed -e 's/.* release \\([^. ]*\\).*/\\1/' %{__distfile} | %{__despace}) +# Identify CentOS Linux and Scientific Linux as rhel +%if "%{__distinit}" == "c" || "%{__distinit}" == "cl" || "%{__distinit}" == "sl" || "%{__distinit}" == "sls" +%global __distinit rhel +%endif +# Dist tag for Fedora is still "fc" +%if "%{__distinit}" == "f" +%global __distinit fc +%endif + +# Set to 0 for regular curl package, 1 for libcurl compatibility package +%global compat 0 + +# Use rpmbuild --without nss to build with OpenSSL rather than nss +%{!?_without_nss: %{!?_with_nss: %global _with_nss --with-nss}} +%{?_with_nss: %global disable_nss 0} +%{?_without_nss: %global disable_nss 1} + +# Build with nss rather than OpenSSL for Fedora 16-26 and RHEL-7 unless OpenSSL is requested +# (older distributions don't have recent enough nss versions) +%global nss_ok %([ '(' 0%{?fedora} -gt 15 -a 0%{?fedora} -lt 27 ')' -o 0%{?rhel} -eq 7 ] && echo 1 || echo 0) +%if %{nss_ok} && !%{disable_nss} +%global ssl_provider nss +%global ssl_versionreq >= 3.14.0 +%global use_nss 1 +%global have_openssl_libs 0 +%else +%global ssl_provider openssl +%global ssl_versionreq %{nil} +%global use_nss 0 +# Have openssl-libs (with Epoch of 1) from Fedora 18, RHEL-7 onwards +%global have_openssl_libs %([ 0%{?fedora} -gt 17 -o 0%{?rhel} -gt 6 ] && echo 1 || echo 0) +%endif + +# Build with Posix threaded DNS lookups rather than using c-ares from Fedora 16, RHEL-7 +%global use_threads_posix %([ 0%{?fedora} -gt 15 -o 0%{?rhel} -gt 6 ] && echo 1 || echo 0) + +# Use libidn2 from Fedora 25 onwards +%global use_libidn2 %([ 0%{?fedora} -gt 24 -o 0%{?rhel} -gt 7 ] && echo 1 || echo 0) + +# Also build (lib)curl-minimal from Fedora 27 onwards +%global build_minimal %([ 0%{?fedora} -gt 26 -o 0%{?rhel} -gt 7 ] && echo 1 || echo 0) + +# Use libssh backend rather than libssh2 from Fedora 28 onwards +%if %([ 0%{?fedora} -gt 27 -o 0%{?rhel} -gt 7 ] && echo 1 || echo 0) +%global libssh libssh +%global libssh_minimum_version 0.7.5 +%else +%global libssh libssh2 +%global libssh_minimum_version 1.2 +%endif + +# Run the test suite using Python 3 from Fedora 28 onwards +%if %([ 0%{?fedora} -gt 27 -o 0%{?rhel} -gt 7 ] && echo 1 || echo 0) +%global test_python python3-devel +%else +%global test_python python2 +%endif + +Version: 7.66.0 +Release: 1.1.cf.%{__distinit}%{__distvers} +%if %{compat} +Summary: Curl library for compatibility with old applications +Name: libcurl%(echo %{version} | tr -d .) +Obsoletes: compat-libcurl < %{version}-%{release} +Provides: compat-libcurl = %{version}-%{release} +%else +Summary: Utility for getting files from remote servers (FTP, HTTP, and others) +Name: curl +Provides: webclient +%endif +License: MIT +Source0: https://curl.haxx.se/download/curl-%{version}.tar.xz + +# Fix memory leaked by parse_metalink() +# (https://github.com/curl/curl/pull/4326) +Patch1: 0001-curl-7.66.0-metalink-memleak.patch + +# Patch making libcurl multilib ready +Patch101: 0101-curl-7.58.0-multilib.patch + +# Prevent configure script from discarding -g in CFLAGS (#496778) +Patch102: 0102-curl-7.54.1-debug.patch + +# Migrate tests/http_pipe.py to Python 3 +Patch103: 0103-curl-7.62.0-python3.patch + +# Use localhost6 instead of ip6-localhost in the curl test-suite +Patch104: 0104-curl-7.64.1-localhost6.patch + +# Prevent valgrind from reporting false positives on x86_64 +Patch105: 0105-curl-7.65.0-lib1560-valgrind.patch + +# Fix FTBFS when building curl dynamically with no libcurl.so.4 in system +Patch300: curl-7.64.1-zsh-cpl.patch + +# Remove redundant compiler/linker flags from libcurl.pc +# Assumes %%{_libdir} = /usr/lib or /usr/lib64 and %%{_includedir} = /usr/include +Patch302: 0302-curl-7.47.1-pkgconfig.patch + +URL: https://curl.haxx.se/ +%if 0%{?fedora} > 28 || 0%{?rhel} > 7 +BuildRequires: brotli-devel +%endif +%if ! %{use_threads_posix} +BuildRequires: c-ares-devel >= 1.6.0 +%endif +BuildRequires: coreutils +BuildRequires: gcc +BuildRequires: krb5-devel +%if %{use_libidn2} +BuildRequires: libidn2-devel +%endif +BuildRequires: openldap-devel +BuildRequires: pkgconfig +BuildRequires: groff +BuildRequires: libmetalink-devel +%if 0%{?fedora} > 22 || 0%{?rhel:1} +BuildRequires: libnghttp2-devel +# nghttpx (an HTTP/2 proxy) is used by the upstream test-suite +BuildRequires: nghttp2 +%endif +%if 0%{?fedora} > 18 || 0%{?rhel} > 6 +BuildRequires: libpsl-devel +%endif +BuildRequires: %{libssh}-devel >= %{libssh_minimum_version} +BuildRequires: make +BuildRequires: perl-interpreter +BuildRequires: sed +BuildRequires: %{ssl_provider}-devel %{ssl_versionreq} +BuildRequires: zlib-devel +# Needed to compress content of tool_hugehelp.c after changing curl.1 man page +BuildRequires: perl(IO::Compress::Gzip) +# Needed for generation of shell completions +BuildRequires: perl(Getopt::Long) +BuildRequires: perl(Pod::Usage) +BuildRequires: perl(strict) +BuildRequires: perl(warnings) +# Using an older version of libcurl could result in CURLE_UNKNOWN_OPTION +Requires: libcurl%{?_isa} >= %{version}-%{release} +%if ! %{use_nss} +Requires: %{_sysconfdir}/pki/tls/certs/ca-bundle.crt +%endif +# Test suite requirements +BuildRequires: gnutls-utils +BuildRequires: openssh-clients +BuildRequires: openssh-server +BuildRequires: perl(Cwd) +BuildRequires: perl(Digest::MD5) +BuildRequires: perl(Exporter) +BuildRequires: perl(File::Basename) +BuildRequires: perl(File::Copy) +BuildRequires: perl(File::Spec) +BuildRequires: perl(IPC::Open2) +BuildRequires: perl(MIME::Base64) +BuildRequires: perl(Time::Local) +BuildRequires: perl(Time::HiRes) +BuildRequires: perl(vars) +BuildRequires: stunnel +# python used for http-pipe tests (190x) +# requires python ≥ 2.7 but fails safely +BuildRequires: %{test_python} + +# require at least the version of libpsl that we were built against, +# to ensure that we have the necessary symbols available (#1631804) +%if 0%{?fedora} > 18 || 0%{?rhel} > 6 +%global libpsl_version %(pkg-config --modversion libpsl 2>/dev/null || echo 0) +%endif + +# require at least the version of libssh/libssh2 that we were built against, +# to ensure that we have the necessary symbols available (#525002, #642796) +%global libssh_version %(pkg-config --modversion %{libssh} 2>/dev/null || echo 0) + +# require at least the version of openssl-libs that we were built against, +# to ensure that we have the necessary symbols available (#1462184, #1462211) +%if %{have_openssl_libs} +%global openssl_version %(pkg-config --modversion openssl 2>/dev/null || echo 0) +%endif + +# same issue with c-ares +%global cares_version %(pkg-config --modversion libcares 2>/dev/null || echo 0) + +%if ! %{compat} +%description +curl is a command line tool for transferring data with URL syntax, supporting +FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, +SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP +uploading, HTTP form based upload, proxies, cookies, user+password +authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer +resume, proxy tunneling and a busload of other useful tricks. + +%package -n libcurl +Summary: A library for getting files from web servers +# c-ares adds symbols that curl uses if available, so we need to enforce +# version dependency +%if ! %{use_threads_posix} +Requires: c-ares%{?_isa} >= %{cares_version} +%endif +%if 0%{?fedora} > 18 || 0%{?rhel} > 6 +Requires: libpsl%{?_isa} >= %{libpsl_version} +%endif +# libssh/libssh2 adds symbols that curl uses if available, so we need to enforce +# version dependency +Requires: %{libssh}%{?_isa} >= %{libssh_version} +# same issue with openssl +%if %{have_openssl_libs} +Requires: openssl-libs%{?_isa} >= 1:%{openssl_version} +%endif +# libnsspem.so is no longer included in the nss package from F-23 onwards (#1347336) +%if 0%{?fedora} > 22 || 0%{?rhel} > 7 +%if %{use_nss} +%if 0%{?fedora} > 24 || 0%{?rhel} > 7 +BuildRequires: nss-pem%{?_isa} +Requires: nss-pem%{?_isa} +%else +BuildRequires: nss-pem +Requires: nss-pem +%endif +%endif +%endif + +%description -n libcurl +libcurl is a free and easy-to-use client-side URL transfer library, supporting +FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, +SMTP, POP3 and RTSP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, +FTP uploading, HTTP form based upload, proxies, cookies, user+password +authentication (Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer +resume, HTTP proxy tunneling and more. + +%package -n libcurl-devel +Requires: libcurl%{?_isa} = %{version}-%{release} +Requires: %{ssl_provider}-devel %{ssl_versionreq} +Requires: %{libssh}-devel +Summary: Files needed for building applications with libcurl +Provides: curl-devel = %{version}-%{release} +Provides: curl-devel%{?_isa} = %{version}-%{release} +Obsoletes: curl-devel < %{version}-%{release} +# From Fedora 14, %%{_datadir}/aclocal is included in the filesystem package +%if 0%{?fedora} < 14 +Requires: %{_datadir}/aclocal +%endif + +%description -n libcurl-devel +The libcurl-devel package includes header files and libraries necessary for +developing programs that use the libcurl library. It contains the API +documentation of the library, too. + +%if %{build_minimal} +%package -n curl-minimal +Summary: Conservatively configured build of curl for minimal installations +Provides: curl = %{version}-%{release} +Conflicts: curl +# Using an older version of libcurl could result in CURLE_UNKNOWN_OPTION +Requires: libcurl%{?_isa} >= %{version}-%{release} +RemovePathPostfixes: .minimal +# Needed for RemovePathPostfixes to work with shared libraries +%undefine __brp_ldconfig + +%description -n curl-minimal +This is a replacement of the 'curl' package for minimal installations. It +comes with a limited set of features compared to the 'curl' package. On the +other hand, the package is smaller and requires fewer run-time dependencies to +be installed. + +%package -n libcurl-minimal +Summary: Conservatively configured build of libcurl for minimal installations +Provides: libcurl = %{version}-%{release} +Provides: libcurl%{?_isa} = %{version}-%{release} +Conflicts: libcurl +RemovePathPostfixes: .minimal +%if %{have_openssl_libs} +Requires: openssl-libs%{?_isa} >= 1:%{openssl_version} +%endif + +%description -n libcurl-minimal +This is a replacement of the 'libcurl' package for minimal installations. It +comes with a limited set of features compared to the 'libcurl' package. On the +other hand, the package is smaller and requires fewer run-time dependencies to +be installed. +%endif +%else +%description +This package provides an old version of cURL's libcurl library, necessary +for some old applications that have not been rebuilt against an up to date +version of cURL. +%endif + +%prep +%setup -q -n curl-%{version} + +# Upstream patches +%patch1 -p1 + +# Fedora Patches +%patch101 -p1 +%patch102 -p1 +%patch104 -p1 +%patch105 -p1 + +# Local Patches +%patch300 +%patch302 + +# Make tests/*.py use Python 3 from Fedora 28 onwards +%if "%{test_python}" == "python3-devel" +%patch103 -p1 +sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py +%endif + +# ssh-related tests 582, 600-642, 656, 1446, 2004 fail for as-yet unknown reasons on F-12 to F-15 +# Does not seem to be related to SELinux or use of POSIX threaded DNS resolver +%if 0%{?fedora} > 11 && 0%{?fedora} < 16 +for test in 582 \ + 600 601 602 603 604 605 606 607 608 609 \ + 610 611 612 613 614 615 616 617 618 619 \ + 620 621 622 623 624 625 626 627 628 629 \ + 630 631 633 634 635 636 637 638 639 \ + 640 641 642 \ + 656 \ + 1446 1456 2004; do + echo $test +done >> tests/data/DISABLED +%endif + +# Adapt test 323 for updated OpenSSL +sed -i -e 's/^35$/35,52/' tests/data/test323 + +%build +%if ! %{use_nss} +export CPPFLAGS="$(pkg-config --cflags openssl)" +%endif +[ -x /usr/kerberos/bin/krb5-config ] && KRB5_PREFIX="=/usr/kerberos" +mkdir build-{full,minimal} +%global _configure ../configure +export common_configure_opts=" \ + --cache-file=../config.cache \ + --disable-static \ + --enable-symbol-hiding \ + --enable-ipv6 \ +%if %{use_threads_posix} + --enable-threaded-resolver \ +%else + --enable-ares \ +%endif + --with-gssapi${KRB5_PREFIX} \ +%if 0%{?fedora} > 22 || 0%{?rhel:1} + --with-nghttp2 \ +%endif +%if %{use_nss} + --with-nss \ + --without-ssl \ + --without-ca-bundle \ +%else + --with-ssl \ + --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \ +%endif + " + +# configure minimal build +%if %{build_minimal} +( + cd build-minimal + %configure $common_configure_opts \ + --disable-ldap \ + --disable-ldaps \ + --disable-manual \ + --without-brotli \ + --without-libidn2 \ + --without-libmetalink \ + --without-libpsl \ + --without-%{libssh} +) +%endif + +# configure full build +( + cd build-full + %configure $common_configure_opts \ + --enable-ldap \ + --enable-ldaps \ + --enable-manual \ +%if 0%{?fedora} > 28 || 0%{?rhel} > 7 + --with-brotli \ +%else + --without-brotli \ +%endif +%if %{use_libidn2} + --with-libidn2 \ +%endif + --with-libmetalink \ +%if 0%{?fedora} > 18 || 0%{?rhel} > 6 + --with-libpsl \ +%endif + --with-%{libssh} +) + +# Remove bogus rpath +sed -i \ + -e 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' \ + -e 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' \ +%if %{build_minimal} + build-{full,minimal}/libtool +%else + build-full/libtool +%endif + +%if %{build_minimal} +make %{_smp_mflags} V=1 -C build-minimal +%endif +make %{_smp_mflags} V=1 -C build-full + +%install +%if %{build_minimal} +# Install and rename the library that will be packaged as libcurl-minimal +make DESTDIR=%{buildroot} INSTALL="install -p" install -C build-minimal/lib +rm -f %{buildroot}%{_libdir}/libcurl.{la,so} +for i in %{buildroot}%{_libdir}/*; do + mv -v $i $i.minimal +done + +# Install and rename the executable that will be packaged as curl-minimal +make DESTDIR=%{buildroot} INSTALL="install -p" install -C build-minimal/src +mv -v %{buildroot}%{_bindir}/curl{,.minimal} +%endif + +# Install the executable and library that will be packaged as curl and libcurl +make DESTDIR=%{buildroot} INSTALL="install -p" install -C build-full + +# Install zsh completion for curl +# (we have to override LD_LIBRARY_PATH because we eliminated rpath) +LD_LIBRARY_PATH="%{buildroot}%{_libdir}:$LD_LIBRARY_PATH" \ + make DESTDIR=%{buildroot} INSTALL="install -p" \ + install -C build-full/scripts + +# --disable-static not always honoured +rm -f %{buildroot}%{_libdir}/libcurl.a +install -d %{buildroot}%{_datadir}/aclocal +install -m 644 -p docs/libcurl/libcurl.m4 %{buildroot}%{_datadir}/aclocal + +%check +# Skip the (lengthy) checks on EOL Fedora releases (over ~400 days old) +# Also run on Fedora 13, have seen test failures on F12..F15 +if [ -z "$(find /etc/fedora-release -mtime +400)" %{?rhel:-o rhel} -o "%{?fedora}" = "13" ]; then + export LD_LIBRARY_PATH=%{buildroot}%{_libdir} + cd build-full/tests + make %{?_smp_mflags} V=1 + + # Relax crypto policy for the test-suite to make it pass again (#1610888) + export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=XXX + export OPENSSL_CONF= + + # Run the upstream test-suite + srcdir=../../tests perl -I../../tests ../../tests/runtests.pl -a -p -v '!flaky' + cd - +fi + +%if %([ 0%{?fedora} -lt 28 -a 0%{?rhel} -lt 8 ] && echo 1 || echo 0) +%if ! %{compat} +%post -n libcurl -p /sbin/ldconfig +%postun -n libcurl -p /sbin/ldconfig +%if %{build_minimal} +%post -n libcurl-minimal -p /sbin/ldconfig +%postun -n libcurl-minimal -p /sbin/ldconfig +%endif +%else +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig +%endif +%endif + +%files +%doc CHANGES README* +%doc docs/BUGS docs/DEPRECATE.md docs/FAQ docs/FEATURES docs/SECURITY-PROCESS.md +%doc docs/TODO docs/RESOURCES docs/TheArtOfHttpScripting +%if ! %{compat} +%{_bindir}/curl +%{_datadir}/fish/ +%{_datadir}/zsh/ +%{_mandir}/man1/curl.1* +%else +%if 0%{?_licensedir:1} +%license COPYING +%else +%doc COPYING +%endif +%exclude %{_bindir}/curl +%exclude %{_datadir}/zsh/site-functions/_curl +%exclude %{_mandir}/man1/curl.1* +%{_libdir}/libcurl.so.* +%endif + +%if ! %{compat} +%files -n libcurl +%if 0%{?_licensedir:1} +%license COPYING +%else +%doc COPYING +%endif +%{_libdir}/libcurl.so.4 +%{_libdir}/libcurl.so.4.[0-9].[0-9] + +%files -n libcurl-devel +%doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md +%doc docs/CHECKSRC.md docs/CONTRIBUTE.md docs/libcurl/ABI docs/CODE_STYLE.md +%doc docs/GOVERNANCE.md +%{_bindir}/curl-config +%{_includedir}/curl/ +%{_libdir}/*.so +%{_libdir}/pkgconfig/libcurl.pc +%{_mandir}/man1/curl-config.1* +%{_mandir}/man3/* +%{_datadir}/aclocal/libcurl.m4 + +%if %{build_minimal} +%files -n curl-minimal +%{_bindir}/curl.minimal +%{_mandir}/man1/curl.1* + +%files -n libcurl-minimal +%license COPYING +%{_libdir}/libcurl.so.4.minimal +%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal +%endif +%else +%exclude %{_bindir}/curl-config +%exclude %{_includedir}/curl/ +%exclude %{_libdir}/*.so +%exclude %{_libdir}/pkgconfig/libcurl.pc +%exclude %{_mandir}/man1/curl-config.1* +%exclude %{_mandir}/man3/* +%exclude %{_datadir}/aclocal/libcurl.m4 +%endif +%exclude %{_libdir}/libcurl.la + +%changelog +* Fri Sep 13 2019 Paul Howarth - 7.66.0-1.1.cf +- curl: Fix memory leaked by parse_metalink() + (https://github.com/curl/curl/pull/4326) + +* Wed Sep 11 2019 Paul Howarth - 7.66.0-1.0.cf +- Update to 7.66.0 + - CVE-2019-5481: FTP-KRB double-free + - CVE-2019-5482: TFTP small blocksize heap buffer overflow + - CURLINFO_RETRY_AFTER: Parse the Retry-After header value + - HTTP3: Initial (experimental still not working) support + - curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool + - curl: Support parallel transfers with -Z + - curl_multi_poll: A sister to curl_multi_wait() that waits more + - sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID + - CI: Remove duplicate configure flag for LGTM.com + - CMake: Remove needless newlines at end of gss variables + - CMake: Use platform dependent name for dlopen() library + - CURLINFO docs: Mention that in redirects times are added + - CURLOPT_ALTSVC.3: Use a "" file name to not load from a file + - CURLOPT_ALTSVC_CTRL.3: Remove CURLALTSVC_ALTUSED + - CURLOPT_HEADERFUNCTION.3: Clarify + - CURLOPT_HTTP_VERSION: Setting this to 3 forces HTTP/3 use directly + - CURLOPT_READFUNCTION.3: Provide inline example + - CURLOPT_SSL_VERIFYHOST: Treat the value 1 as 2 + - Curl_addr2string: Take an addrlen argument too + - Curl_fillreadbuffer: Avoid double-free trailer buf on error + - HTTP: Use chunked Transfer-Encoding for HTTP_POST if size unknown + - alt-svc: Add protocol version selection masking + - alt-svc: Fix removal of expired cache entry + - alt-svc: Make it use h3-22 with ngtcp2 as well + - alt-svc: More liberal ALPN name parsing + - alt-svc: Send Alt-Used: in redirected requests + - alt-svc: With quiche, use the quiche h3 alpn string + - appveyor: Pass on -k to make + - asyn-thread: Create a socketpair to wait on + - build-openssl: Fix build with Visual Studio 2019 + - cleanup: Move functions out of url.c and make them static + - cleanup: Remove the 'numsocks' argument used in many places + - configure: Avoid undefined check_for_ca_bundle + - curl.h: Add CURL_HTTP_VERSION_3 to the version enum + - curl.h: Fix outdated comment + - curl: Cap the maximum allowed values for retry time arguments + - curl: Handle a libcurl build without netrc support + - curl: Make use of CURLINFO_RETRY_AFTER when retrying + - curl: Remove outdated comment + - curl: Use .curlrc (with a dot) on Windows + - curl: Use CURLINFO_PROTOCOL to check for HTTP(s) + - curl_global_init_mem.3: Mention it was added in 7.12.0 + - curl_version: Bump string buffer size to 250 + - curl_version_info.3: Mentioned ALTSVC and HTTP3 + - curl_version_info: Offer quic (and h3) library info + - curl_version_info: Provide nghttp2 details + - defines: Avoid underscore-prefixed defines + - docs/ALTSVC: Remove what works and the experimental explanation + - docs/EXPERIMENTAL: Explain what it means and what's experimental now + - docs/MANUAL.md: Converted to markdown from plain text + - docs/examples/curlx: Fix errors + - docs: s/curl_debug/curl_dbg_debug in comments and docs + - easy: Resize receive buffer on easy handle reset + - examples: Avoid reserved names in hiperfifo examples + - examples: Add http3.c, altsvc.c and http3-present.c + - getenv: Support up to 4K environment variable contents on Windows + - http09: Disable HTTP/0.9 by default in both tool and library + - http2: When marked for closure and wanted to close == OK + - http2_recv: Trigger another read when the last data is returned + - http: Fix use of credentials from URL when using HTTP proxy + - http_negotiate: Improve handling of gss_init_sec_context() failures + - md4: Use our own MD4 when no crypto libraries are available + - multi: Call detach_connection before Curl_disconnect + - netrc: Make the code try ".netrc" on Windows + - nss: Use TLSv1.3 as default if supported + - openssl: Build warning free with boringssl + - openssl: Use SSL_CTX_set__proto_version() when available + - plan9: Add support for running on Plan 9 + - progress: Reset download/uploaded counter between transfers + - readwrite_data: Repair setting the TIMER_STARTTRANSFER stamp + - scp: Fix directory name length used in memcpy + - smb: Initialize *msg to NULL in smb_send_and_recv() + - smtp: Check for and bail out on too short EHLO response + - source: Remove names from source comments + - spnego_sspi: Add typecast to fix build warning + - src/makefile: Fix uncompressed hugehelp.c generation + - ssh-libssh: Do not specify O_APPEND when not in append mode + - ssh: Move code into vssh for SSH backends + - sspi: Fix memory leaks + - tests: Replace outdated test case numbering documentation + - tftp: Return error when packet is too small for options + - timediff: Make it 64 bit (if possible) even with 32 bit time_t + - travis: Reduce number of torture tests in 'coverage' + - url: Make use of new HTTP version if alt-svc has one + - urlapi: Verify the IPv6 numerical address + - urldata: Avoid 'generic', use dedicated pointers + - vauth: Use CURLE_AUTH_ERROR for auth function errors + +* Tue Aug 27 2019 Paul Howarth - 7.65.3-4.0.cf +- Avoid reporting spurious error in the HTTP2 framing layer (#1690971) + +* Thu Aug 1 2019 Paul Howarth - 7.65.3-3.0.cf +- Improve handling of gss_init_sec_context() failures + +* Thu Jul 25 2019 Paul Howarth - 7.65.3-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Jul 19 2019 Paul Howarth - 7.65.3-1.0.cf +- Update to 7.65.3 + - progress: Make the progress meter appear again + +* Wed Jul 17 2019 Paul Howarth - 7.65.2-1.0.cf +- Update to 7.65.2 + - CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH + - CMake: Convert errant elseif() to else() + - CMake: Fix finding Brotli on case-sensitive file systems + - CURLMOPT_SOCKETFUNCTION.3: Clarified + - CURLMOPT_SOCKETFUNCTION.3: Fix typo + - CURLOPT_CAINFO.3: Polished wording + - CURLOPT_HEADEROPT.3: Fix example + - CURLOPT_RANGE.3: Caution against using it for HTTP PUT + - CURLOPT_SEEKDATA.3: Fix variable name + - DEPRECATE: Fixup versions and spelling + - bindlocal: Detect and avoid IP version mismatches in bind() + - build: Fix Codacy warnings + - buildconf.bat: Fix header filename + - c-ares: Honour port numbers in CURLOPT_DNS_SERVERS + - config-os400: Add getpeername and getsockname defines + - configure: --disable-progress-meter + - configure: Fix --disable-code-coverage + - configure: Fix typo '--disable-http-uath' + - configure: More --disable switches to toggle off individual features + - configure: Remove CURL_DISABLE_TLS_SRP + - conn_maxage: Move the check to prune_dead_connections() + - curl: Skip CURLOPT_PROXY_CAPATH for disabled-proxy builds + - curl_multi_wait.3: Escape backslash in example + - docs: Explain behaviour change in --tlsv1. options since 7.54 + - docs: Fix links to OpenSSL docs + - docs: Fix string suggesting HTTP/2 is not the default + - examples/fopen: Fix comparison + - examples/htmltitle: Use C++ casts between pointer types + - headers: Remove no longer exported functions + - http2: Call done_sending on end of upload + - http2: Don't call stream-close on already closed streams + - http2: Remove CURL_DISABLE_TYPECHECK define + - http: Allow overriding timecond with custom header + - http: Clarify header buffer size calculation + - krb5: Fix compiler warning + - lib: Use UTF-8 encoding in comments + - libcurl-tutorial.3: Fix small typo (mutipart → multipart) + - libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS + - multi: Enable multiplexing by default (again) + - multi: Fix the transfer hashes in the socket hash entries + - multi: Make sure 'data' can present in several sockhash entries + - netrc: Return the correct error code when out of memory + - nss: Don't set unused parameter + - nss: Inspect return value of token check + - nss: Only cache valid CRL entries + - nss: Support using libnss on macOS + - openssl: define HAVE_SSL_GET_SHUTDOWN based on version number + - openssl: Disable engine if OPENSSL_NO_UI_CONSOLE is defined + - openssl: Fix pubkey/signature algorithm detection in certinfo + - openssl: Remove outdated comment + - os400: Make vsetopt() non-static as Curl_vsetopt() for os400 support + - quote.d: Asterisk prefix works for SFTP as well + - runtests: Keep logfiles around by default + - runtests: Report single test time + total duration + - smb: Use the correct error code for access denied on file open + - sws: Remove unused variables + - system_win32: Fix clang warning + - system_win32: Fix typo + - test1165: Verify that CURL_DISABLE_ symbols are in sync + - test1521: Adapt to SLISTPOINT + - test1523: Test CURLOPT_LOW_SPEED_LIMIT + - test153: Fix content-length to avoid occasional hang + - test188/189: Fix Content-Length + - tests: Have runtests figure out disabled features + - tests: Support non-localhost HOSTIP for dict/smb servers + - tests: Update fixed IP for hostip/clientip split + - tool_cb_prg: Fix integer overflow in progress bar + - travis: Disable threaded resolver for coverage build + - travis: Enable alt-svc for coverage build + - travis: Enable brotli for all xenial jobs + - travis: Enable libssh2 for coverage build + - travis: Enable warnings-as-errors for coverage build + - travis: Update scan-build job to xenial + - typecheck: CURLOPT_CONNECT_TO takes an slist too + - typecheck: Add 3 missing strings and a callback data pointer + - unit1654: Cleanup on memory failure + - unpause: Trigger a timeout for event-based transfers + - url: Fix CURLOPT_MAXAGE_CONN time comparison + - win32: Make DLL loading a no-op for UWP + - winbuild: Change Makefile to honor ENABLE_OPENSSL_AUTO_LOAD_CONFIG + - winbuild: Use WITH_PREFIX if given + - wolfssl: Refer to it as wolfSSL only + +* Wed Jun 5 2019 Paul Howarth - 7.65.1-1.0.cf +- Update to 7.65.1 + - CURLOPT_LOW_SPEED_* repaired + - NTLM: Reset proxy "multipass" state when CONNECT request is done + - PolarSSL: Deprecate support step 1 - removed from configure + - appveyor: Add Visual Studio solution build + - cmake: Check for if_nametoindex() + - cmake: Support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables + - config-win32: Add support for if_nametoindex and getsockname + - conncache: Remove the DEBUGASSERT on length check + - conncache: Make "bundles" per host name when doing proxy tunnels + - curl-win32.h: Enable Unix Domain Sockets based on the Windows SDK version + - curl_share_setopt.3: Improve wording + - dump-header.d: Spell out that no headers == empty file + - example/http2-download: Fix format specifier + - examples: Clean-ups and compiler warning fixes + - http2: Stop drain from being permanently set + - http: Don't parse body-related headers in bodyless responses + - md4: Build correctly with openssl without MD4 + - md4: include the mbedtls config.h to get the MD4 info + - multi: Track users of a socket better + - nss: Allow to specify TLS 1.3 ciphers if supported by NSS + - parse_proxy: Make sure portptr is initialized + - parse_proxy: Use the IPv6 zone id if given + - sectransp: Handle errSSLPeerAuthCompleted from SSLRead() + - singlesocket: Use separate variable for inner loop + - ssl: Update outdated "openssl-only" comments for supported backends + - tests: Add HAProxy keywords + - tests: Add support to test against OpenSSH for Windows + - tests: Make test 1420 and 1406 work with rtsp-disabled libcurl + - tls13-docs: Mention it is only for OpenSSL ≥ 1.1.1 + - tool_parse_cfg: Avoid 2 fopen() for WIN32 + - tool_setopt: For builds with disabled-proxy, skip all proxy setopts() + - url: Load if_nametoindex() dynamically from iphlpapi.dll on Windows + - url: Fix bad feature-disable #ifdef + - url: Use correct port in ConnectionExists() + - winbuild: Use two space indentation + +* Thu May 30 2019 Paul Howarth - 7.65.0-2.0.cf +- Fix spurious timeout events with speed-limit (#1714893) + +* Wed May 22 2019 Paul Howarth - 7.65.0-1.0.cf +- Update to 7.65.0 + - CURLOPT_DNS_USE_GLOBAL_CACHE: removed + - CURLOPT_MAXAGE_CONN: Set the maximum allowed age for conn reuse + - pipelining: Removed + - CVE-2019-5435: Integer overflows in curl_url_set + - CVE-2019-5436: tftp: Use the current blksize for recvfrom() + - --config: Clarify that initial : and = might need quoting + - AppVeyor: Enable testing for WinSSL build + - CURLMOPT_TIMERFUNCTION.3: Warn about the recursive risk + - CURLOPT_ADDRESS_SCOPE: Fix range check and more + - CURLOPT_CAINFO.3: With Schannel, you want Windows 8 or later + - CURLOPT_CHUNK_BGN_FUNCTION.3: Document the struct and time value + - CURLOPT_READFUNCTION.3: See also CURLOPT_UPLOAD_BUFFERSIZE + - CURL_MAX_INPUT_LENGTH: Largest acceptable string input size + - Curl_disconnect: Treat all CONNECT_ONLY connections as "dead" + - INTERNALS: Add code highlighting + - OS400/ccsidcurl: Replace use of Curl_vsetopt + - OpenSSL: Report -fips in version if OpenSSL is built with FIPS + - README.md: Fix no-consecutive-blank-lines Codacy warning + - VC15 project: Remove MinimalRebuild + - VS projects: Use Unicode for VC10+ + - WRITEFUNCTION: Add missing set_in_callback around callback + - altsvc: Fix building with cookies disabled + - auth: Rename the various authentication clean up functions + - base64: Build conditionally if there are users + - build-openssl.bat: Fixed support for OpenSSL v1.1.0+ + - build: Fix "clarify calculation precedence" warnings + - checksrc.bat: Ignore snprintf warnings in docs/examples + - cirrus: Customize the disabled tests per FreeBSD version + - cleanup: Remove FIXME and TODO comments + - cmake: Avoid linking executable for some tests with cmake 3.6+ + - cmake: Clear CMAKE_REQUIRED_LIBRARIES after each use + - cmake: Rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP + - cmake: Set SSL_BACKENDS + - configure: Avoid unportable '==' test(1) operator + - configure: Error out if OpenSSL wasn't detected when asked for + - configure: Fix default location for fish completions + - cookie: Guard against possible NULL ptr deref + - curl: Make code work with protocol-disabled libcurl + - curl: Report error for "--no-" on non-boolean options + - curl_easy_getinfo.3: Fix minor formatting mistake + - curlver.h: Use parenthesis in CURL_VERSION_BITS macro + - docs/BUG-BOUNTY: Bug bounty time + - docs/INSTALL: Fix broken link + - docs/RELEASE-PROCEDURE: Link to live iCalendar + - documentation: Fix several typos + - doh: Acknowledge CURL_DISABLE_DOH + - doh: Disable DOH for the cases it doesn't work + - examples: Remove unused variables + - ftplistparser: Fix LGTM alert "Empty block without comment" + - hostip: Acknowledge CURL_DISABLE_SHUFFLE_DNS + - http: Ignore HTTP/2 prior knowledge setting for HTTP proxies + - http: Acknowledge CURL_DISABLE_HTTP_AUTH + - http: Mark bundle as not for multiuse on < HTTP/2 response + - http_digest: Don't expose functions when HTTP and Crypto Auth are disabled + - http_negotiate: Do not treat failure of gss_init_sec_context() as fatal + - http_ntlm: Corrected the name of the include guard + - http_ntlm_wb: Handle auth for only a single request + - http_ntlm_wb: Return the correct error on receiving an empty auth message + - lib509: Add missing include for strdup + - lib557: Initialize variables + - makedebug: Fix ERRORLEVEL detection after running where.exe + - mbedtls: Enable use of EC keys + - mime: Acknowledge CURL_DISABLE_MIME + - multi: Improved HTTP_1_1_REQUIRED handling + - netrc: Acknowledge CURL_DISABLE_NETRC + - nss: Allow fifos and character devices for certificates + - nss: Provide more specific error messages on failed init + - ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup + - ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4 + - openssl: Mark connection for close on TLS close_notify + - openvms: Remove pre-processor for SecureTransport + - openvms: Remove pre-processors for Windows + - parse_proxy: Use the URL parser API + - parsedate: Disabled on CURL_DISABLE_PARSEDATE + - pingpong: Disable more when no pingpong protocols are enabled + - polarssl_threadlock: Remove conditionally unused code + - progress: Acknowledge CURL_DISABLE_PROGRESS_METER + - proxy: Acknowledge DISABLE_PROXY more + - resolve: Apply Happy Eyeballs philosophy to parallel c-ares queries + - revert "multi: Support verbose conncache closure handle" + - sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616 + - sasl: Only enable if there's a protocol enabled using it + - scripts: Fix typos + - singleipconnect: Show port in the verbose "Trying ..." message + - smtp: Fix compiler warning + - socks5: User name and passwords must be shorter than 256 + - socks: Fix error message + - socksd: New SOCKS 4+5 server for tests + - spnego_gssapi: Fix return code on gss_init_sec_context() failure + - ssh-libssh: Remove unused variable + - ssh: Define USE_SSH if SSH is enabled (any backend) + - ssh: Move variable declaration to where it's used + - test1002: Correct the name + - test2100: Fix typos in test description + - tests/server/util: Fix Windows Unicode build + - tests: Run global cleanup at end of tests + - tests: Make Impacket (SMB server) Python 3 compatible + - tool_cb_wrt: Fix bad-function-cast warning + - tool_formparse: Remove redundant assignment + - tool_help: Warn if curl and libcurl versions do not match + - tool_help: include for strcasecmp + - transfer: Fix LGTM alert "Comparison is always true" + - travis: Add an osx http-only build + - travis: Allow builds on branches named "ci" + - travis: Install dependencies only when needed + - travis: Update some builds do Xenial + - travis: Updated mesalink builds + - url: Always clone the CUROPT_CURLU handle + - url: Convert the zone id from a IPv6 URL to correct scope id + - urlapi: Add CURLUPART_ZONEID to set and get + - urlapi: Increase supported scheme length to 40 bytes + - urlapi: Require a non-zero host name length when parsing URL + - urlapi: Stricter CURLUPART_PORT parsing + - urlapi: Strip off zone id from numerical IPv6 addresses + - urlapi: urlencode characters above 0x7f correctly + - vauth/cleartext: Update the PLAIN login to match RFC 4616 + - vauth/oauth2: Fix OAUTHBEARER token generation + - vauth: Fix incorrect function description for Curl_auth_user_contains_domain + - vtls: Fix potential ssl_buffer stack overflow + - wildcard: Disable from build when FTP isn't present + - winbuild: Support MultiSSL builds + - xattr: Skip unittest on unsupported platforms +- Re-enable fish completions as they shouldn't conflict with fish any more + +* Thu May 09 2019 Paul Howarth - 7.64.1-2.0.cf +- Do not treat failure of gss_init_sec_context() with --negotiate as fatal + +* Thu Apr 4 2019 Paul Howarth - 7.64.1-1.1.cf +- Rebuild without fish completion support, which conflicts with fish itself + +* Wed Mar 27 2019 Paul Howarth - 7.64.1-1.0.cf +- Update to 7.64.1 + - alt-svc: Experimental support added + - configure: Add --with-amissl + - AppVeyor: Add MinGW-w64 and classic Mingw builds + - AppVeyor: Switch VS 2015 builds to VS 2017 image + - CURLU: Fix NULL dereference when used over proxy + - Curl_easy: Remove req.maxfd - never used! + - Curl_now: Figure out windows version in win32_init + - Curl_resolv: Fix a gcc -Werror=maybe-uninitialized warning + - DoH: Inherit some SSL options from user's easy handle + - Secure Transport: No more "darwinssl" + - Secure Transport: tvOS 11 is required for ALPN support + - cirrus: Added FreeBSD builds using Cirrus CI + - cleanup: Make local functions static + - cli tool: Do not use mime.h private structures + - cmdline-opts/proxytunnel.d: The option tunnels all protocols + - configure: Add additional libraries to check for LDAP support + - configure: Remove the unused fdopen macro + - configure: Show features as well in the final summary + - conncache: Use conn->data to know if a transfer owns it + - connection: Never reuse CONNECT_ONLY connections + - connection_check: Restore original conn->data after the check + - connection_check: Set ->data to the transfer doing the check + - cookie: Add support for cookie prefixes + - cookies: Dotless names can set cookies again + - cookies: Fix NULL dereference if flushing cookies with no CookieInfo set + - curl.1: --user and --proxy-user are hidden from ps output + - curl.1: Mark the argument to --cookie as + - curl.h: Use __has_declspec_attribute for shared builds + - curl: Display --version features sorted alphabetically + - curl: Fix FreeBSD compiler warning in the --xattr code + - curl: Remove MANUAL from -M output + - curl_easy_duphandle.3: Clarify that a duped handle has no shares + - curl_multi_remove_handle.3: Use at any time, just not from within callbacks + - curl_url.3: This API is not experimental any more + - dns: Release sharelock as soon as possible + - docs: Update max-redirs.d phrasing + - easy: Fix win32 init to work without CURL_GLOBAL_WIN32 + - examples/10-at-a-time.c: Improve readability and simplify + - examples/cacertinmem.c: Use multiple certificates for loading CA-chain + - examples/crawler: Fix the Accept-Encoding setting + - examples/ephiperfifo.c: Various fixes + - examples/externalsocket: Add missing close socket calls + - examples/http2-download: Cleaned up + - examples/http2-serverpush: Add some sensible error checks + - examples/http2-upload: Cleaned up + - examples/httpcustomheader: Value stored to 'res' is never read + - examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory' + - examples/sftpuploadresume: Value stored to 'result' is never read + - examples: Only include + - examples: Remove recursive calls to curl_multi_socket_action + - examples: Remove superfluous null-pointer checks + - file: Fix "Checking if unsigned variable 'readcount' is less than zero" + - fnmatch: Disable if FTP is disabled + - gnutls: Remove call to deprecated gnutls_compression_get_name + - gopher: Remove check for path == NULL + - gssapi: Fix deprecated header warnings + - hostip: Make create_hostcache_id avoid alloc + free + - http2: multi_connchanged() moved from multi.c, only used for h2 + - http2: Verify :authority in push promise requests + - http: Make adding a blank header thread-safe + - http: Send payload when (proxy) authentication is done + - http: Set state.infilesize when sending multipart formposts + - makefile: Make checksrc and hugefile commands "silent" + - mbedtls: Make it build even if MBEDTLS_VERSION_C isn't set + - mbedtls: Release sessionid resources on error + - memdebug: Log pointer before freeing its data + - memdebug: Make debug-specific functions use curl_dbg_ prefix + - mime: Put the boundary buffer into the curl_mime struct + - multi: Call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME + - multi: Remove verbose "Expire in" ... messages + - multi: Removed unused code for request retries + - multi: Support verbose conncache closure handle + - negotiate: Fix for HTTP POST with Negotiate + - openssl: Add support for TLS ASYNC state + - openssl: If cert type is ENG and no key specified, key is ENG too + - pretransfer: Don't strlen() POSTFIELDS set for GET requests + - rand: Fix a mismatch between comments in source and header + - runtests: Detect "schannel" as an alias for "winssl" + - schannel: Be quiet - remove verbose output + - schannel: Close TLS before removing conn from cache + - schannel: Support CALG_ECDH_EPHEM algorithm + - scripts/completion.pl: Also generate fish completion file + - singlesocket: Fix the 'sincebefore' placement + - source: Fix two 'nread' may be used uninitialized warnings + - ssh: Fix Condition '!status' is always true + - ssh: Loop the state machine if not done and not blocking + - strerror: Make the strerror function use local buffers + - system_win32: Move win32_init here from easy.c + - test578: Make it read data from the correct test + - tests: Fixed XML validation errors in some test files + - tests: Add stderr comparison to the test suite + - tests: Fix multiple may be used uninitialized warnings + - threaded-resolver: Shutdown the resolver thread without error message + - tool_cb_wrt: Fix writing to Windows null device NUL + - tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr + - tool_operate: Build on AmigaOS + - tool_operate: Fix typecheck warning + - transfer.c: Do not compute length of undefined hex buffer + - travis: Add build using gnutls + - travis: Add scan-build + - travis: Bump the used wolfSSL version to 4.0.0 + - travis: Enable valgrind for the iconv tests + - travis: Use updated compiler versions: clang 7 and gcc 8 + - unit1307: Require FTP support + - unit1651: Survive curl_easy_init() fails + - url/idnconvert: Remove scan for ≤ 32 ascii values + - url: Change conn shutdown order to ensure SOCKETFUNCTION callbacks + - urlapi: Reduce variable scope, remove unreachable 'break' + - urldata: Convert bools to bitfields and move to end + - urldata: Simplify bytecounters + - urlglob: Argument with 'nonnull' attribute passed null + - version.c: Silent scan-build even when librtmp is not enabled + - vtls: Rename some of the SSL functions + - wolfssl: Stop custom-adding curves + - x509asn1: "Dereference of null pointer" + - x509asn1: Cleanup and unify code layout + - zsh.pl: Escape ':' character + - zsh.pl: Update regex to better match curl -h output + +* Mon Mar 25 2019 Paul Howarth - 7.64.0-6.0.cf +- Remove verbose "Expire in" ... messages (#1690971) + +* Thu Mar 21 2019 Paul Howarth - 7.64.0-5.0.cf +- Avoid spurious "Could not resolve host: [host name]" error messages + +* Thu Feb 28 2019 Paul Howarth - 7.64.0-4.0.cf +- Fix NULL dereference if flushing cookies with no CookieInfo set (#1683676) + +* Mon Feb 25 2019 Paul Howarth - 7.64.0-3.0.cf +- Prevent NetworkManager from leaking file descriptors (#1680198) + +* Mon Feb 11 2019 Paul Howarth - 7.64.0-2.0.cf +- Make zsh completion work again + +* Wed Feb 6 2019 Paul Howarth - 7.64.0-1.0.cf +- Update to 7.64.0 + - CVE-2018-16890: NTLM type-2 out-of-bounds buffer read + - CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow + - CVE-2019-3823: SMTP end-of-response out-of-bounds read + - cookies: Leave secure cookies alone + - hostip: Support wildcard hosts + - http: Implement trailing headers for chunked transfers + - http: Added options for allowing HTTP/0.9 responses + - timeval: Use high resolution timestamps on Windows + - FAQ: Remove mention of sourceforge for github + - OS400: Handle memory error in list conversion + - OS400: Upgrade ILE/RPG binding + - README: Add codacy code quality badge + - Revert http_negotiate: do not close connection + - THANKS: Added several missing names from year ≤ 2000 + - build: Make 'tidy' target work for metalink builds + - cmake: Added checks for variadic macros + - cmake: Updated check for HAVE_POLL_FINE to match autotools + - cmake: Use lowercase for function name like the rest of the code + - configure: Detect xlclang separately from clang + - configure: Fix recv/send/select detection on Android + - configure: Rewrite --enable-code-coverage + - conncache_unlock: Avoid indirection by changing input argument type + - cookie: Fix comment typo + - cookies: Allow secure override when done over HTTPS + - cookies: Extend domain checks to non psl builds + - cookies: Skip custom cookies when redirecting cross-site + - curl --xattr: Strip credentials from any URL that is stored + - curl -J: Refuse to append to the destination file + - curl/urlapi.h: include "curl.h" first + - curl_multi_remove_handle() don't block terminating c-ares requests + - darwinssl: Accept setting max-tls with default min-tls + - disconnect: Separate connections and easy handles better + - disconnect: Set conn->data for protocol disconnect + - docs/version.d: Mention MultiSSL + - docs: Fix the --tls-max description + - docs: Use $(INSTALL_DATA) to install man page + - docs: Use meaningless port number in CURLOPT_LOCALPORT example + - gopher: Always include the entire gopher-path in request + - http2: Clear pause stream id if it gets closed + - if2ip: Remove unused function Curl_if_is_interface_name + - libssh: Do not let libssh create socket + - libssh: Enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh + - libssh: free sftp_canonicalize_path() data correctly + - libtest/stub_gssapi: Use "real" snprintf + - mbedtls: Use VERIFYHOST + - multi: Multiplexing improvements + - multi: Set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time + - ntlm: Fix NTMLv2 compliance + - ntlm_sspi: Add support for channel binding + - openssl: Adapt to 3.0.0, OpenSSL_version_num() is deprecated + - openssl: Fix the SSL_get_tlsext_status_ocsp_resp call + - openvms: Fix OpenSSL discovery on VAX + - openvms: Fix typos in documentation + - os400: Add a missing closing bracket + - os400: Fix extra parameter syntax error + - pingpong: Change default response timeout to 120 seconds + - pingpong: Ignore regular timeout in disconnect phase + - printf: Fix format specifiers + - runtests.pl: Fix perl call to include srcdir + - schannel: Fix compiler warning + - schannel: Preserve original certificate path parameter + - schannel: Stop calling it "winssl" + - sigpipe: If mbedTLS is used, ignore SIGPIPE + - smb: Fix incorrect path in request if connection reused + - ssh: Log the libssh2 error message when ssh session startup fails + - test1558: Verify CURLINFO_PROTOCOL on file:// transfer + - test1561: Improve test name + - test1653: Make it survive torture tests + - tests: Allow tests to pass by 2037-02-12 + - tests: Move objnames-* from lib into tests + - timediff: Fix math for unsigned time_t + - timeval: Disable MSVC Analyzer GetTickCount warning + - tool_cb_prg: Avoid integer overflow + - travis: Added cmake build for osx + - urlapi: Fix port parsing of eol colon + - urlapi: Distinguish possibly empty query + - urlapi: Fix parsing ipv6 with zone index + - urldata: Rename easy_conn to just conn + - winbuild: Conditionally use /DZLIB_WINAPI + - wolfssl: Fix memory-leak in threaded use + - spnego_sspi: Add support for channel binding + +* Mon Feb 4 2019 Paul Howarth - 7.63.0-7.0.cf +- Prevent valgrind from reporting false positives on x86_64 + +* Fri Feb 1 2019 Paul Howarth - 7.63.0-6.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jan 21 2019 Paul Howarth - 7.63.0-5.0.cf +- xattr: Strip credentials from any URL that is stored (CVE-2018-20483) + +* Fri Jan 4 2019 Paul Howarth - 7.63.0-4.0.cf +- Replace 0105-curl-7.63.0-libstubgss-ldadd.patch by upstream patch + +* Wed Dec 19 2018 Paul Howarth - 7.63.0-3.0.cf +- curl -J: Do not append to the destination file (#1658574) + +* Fri Dec 14 2018 Paul Howarth - 7.63.0-2.0.cf +- Revert an upstream commit that broke 'fedpkg new-sources' (#1659329) + +* Wed Dec 12 2018 Paul Howarth - 7.63.0-1.0.cf +- Update to 7.63.0 + - curl: Add %%{stderr} and %%{stdout} for --write-out + - curl: Add undocumented option --dump-module-paths for win32 + - setopt: Add CURLOPT_CURLU + - (lib)curl.rc: Fixup for minor bugs + - CURLINFO_REDIRECT_URL: Extract the Location: header field unvalidated + - CURLOPT_HEADERFUNCTION.3: Match 'nitems' name in synopsis and description + - CURLOPT_WRITEFUNCTION.3: Spell out that it gets called many times + - Curl_follow: Accept non-supported schemes for "fake" redirects + - KNOWN_BUGS: Add --proxy-any connection issue + - NTLM: Remove redundant ifdef USE_OPENSSL + - NTLM: Force the connection to HTTP/1.1 + - OS400: Add URL API ccsid wrappers and sync ILE/RPG bindings + - SECURITY-PROCESS: bountygraph shuts down again + - TODO: Have the URL API offer IDN decoding + - ares: Remove fd from multi fd set when ares is about to close the fd + - axtls: Removed + - checksrc: Add COPYRIGHTYEAR check + - cmake: Fix MIT/Heimdal Kerberos detection + - configure: Include all libraries in ssl-libs fetch + - configure: Show CFLAGS, LDFLAGS etc. in summary + - connect: Fix building for recent versions of Minix + - cookies: Create the cookiejar even if no cookies to save + - cookies: Expire "Max-Age=0" immediately + - curl: --local-port range was not "including" + - curl: Fix --local-port integer overflow + - curl: Fix memory leak reading --writeout from file + - curl: Fixed UTF-8 in current console code page (Windows) + - curl_easy_perform: Fix timeout handling + - curl_global_sslset(): id == -1 is not necessarily an error + - curl_multibyte: Fix a malloc overcalculation + - curle: Move deprecated error code to ifndef block + - docs: curl_formadd field and file names are now escaped + - docs: Escape "\n" codes + - doh: Fix memory leak in OOM situation + - doh: Make it work for h2-disabled builds too + - examples/ephiperfifo: Report error when epoll_ctl fails + - ftp: Avoid two unsigned int overflows in FTP listing parser + - host names: Allow trailing dot in name resolve, then strip it + - http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 + - http: Don't set CURLINFO_CONDITION_UNMET for http status code 204 + - http: Fix HTTP Digest auth to include query in URI + - http_negotiate: Do not close connection until negotiation is completed + - impacket: Add LICENSE + - infof: Clearly indicate truncation + - ldap: Fix LDAP URL parsing regressions + - libcurl: Stop reading from paused transfers + - mprintf: Avoid unsigned integer overflow warning + - netrc: Don't ignore the login name specified with "--user" + - nss: Fall back to latest supported SSL version + - nss: Fix compatibility with nss versions 3.14 to 3.15 + - nss: Fix fallthrough comment to fix picky compiler warning + - nss: Remove version selecting dead code + - nss: Set default max-tls to 1.3/1.2 + - openssl: Remove SSLEAY leftovers + - openssl: Do not log excess "TLS app data" lines for TLS 1.3 + - openssl: Do not use file BIOs if not requested + - openssl: Fix unused variable compiler warning with old openssl + - openssl: Support session resume with TLS 1.3 + - openvms: Fix example name + - os400: Add curl_easy_conn_upkeep() to ILE/RPG binding + - os400: Add CURLOPT_CURLU to ILE/RPG binding + - os400: Fix return type of curl_easy_pause() in ILE/RPG binding + - packages: Remove old leftover files and dirs + - pop3: Only do APOP with a valid timestamp + - runtests: Use the local curl for verifying + - schannel: Be consistent in Schannel capitalization + - schannel: Better CURLOPT_CERTINFO support + - schannel: Use Curl_ prefix for global private symbols + - snprintf: Renamed and we now only use msnprintf() + - ssl: Fix compilation with OpenSSL 0.9.7 + - ssl: Replace all internal uses of CURLE_SSL_CACERT + - symbols-in-versions: Add missing CURLU_ symbols + - test328: Verify Content-Encoding: none + - tests: Disable SO_EXCLUSIVEADDRUSE for stunnel on Windows + - tests: Drop http_pipe.py script, no longer used + - tool_cb_wrt: Silence function cast compiler warning + - tool_doswin: Fix uninitialized field warning + - travis: Build with clang sanitizers + - travis: Remove curl before a normal build + - url: A short host name + port is not a scheme + - url: Fix IPv6 numeral address parser + - urlapi: Only skip encoding the first '=' with APPENDQUERY set +- Add workaround to avoid symbol lookup error in libstubgss.so (libtest) + +* Tue Dec 4 2018 Paul Howarth - 7.62.0-1.7.cf +- Work around TLS 1.3 being disabled in NSS in EL-7 + - https://github.com/curl/curl/issues/3261 + - https://github.com/curl/curl/pull/3337 +- Only supported IDN library is libidn2, so don't bother trying to use + libidn + +* Wed Oct 31 2018 Paul Howarth - 7.62.0-1.0.cf +- Update to 7.62.0 + - multiplex: Enable by default + - url: Default to CURL_HTTP_VERSION_2TLS if built h2-enabled + - setopt: Add CURLOPT_DOH_URL + - curl: --doh-url added + - setopt: Add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size + - imap: Change from "FETCH" to "UID FETCH" + - configure: Add option to disable automatic OpenSSL config loading + - upkeep: Add a connection upkeep API: curl_easy_upkeep() + - URL-API: Added five new functions + - vtls: MesaLink is a new TLS backend + - Fix SASL password overflow via integer overflow (CVE-2018-16839) + - Fix use-after-free in handle close (CVE-2018-16840) + - Fix warning message out-of-buffer read (CVE-2018-16842) + - CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated + - Curl_dedotdotify(): Always nul terminate returned string + - Curl_follow: Always free the passed new URL + - Curl_http2_done: Fix memleak in error path + - Curl_retry_request: Fix memory leak + - Curl_saferealloc: Fixed typo in docblock + - FILE: Fix CURLOPT_NOBODY and CURLOPT_HEADER output + - GnutTLS: TLS 1.3 support + - SECURITY-PROCESS: Mention the bountygraph program + - VS projects: Add USE_IPV6: + - Windows: Fixes for MinGW targeting Windows Vista + - anyauthput: Fix compiler warning on 64-bit Windows + - appveyor: Add WinSSL builds + - appveyor: Run test suite (on Windows!) + - certs: Generate tests certs with sha256 digest algorithm + - checksrc: Enable strict mode and warnings + - checksrc: Handle zero scoped ignore commands + - cmake: Backport to work with CMake 3.0 again + - cmake: Improve config installation + - cmake: Add support for transitive ZLIB target + - cmake: Disable -Wpedantic-ms-format + - cmake: Don't require OpenSSL if USE_OPENSSL=OFF + - cmake: Fixed path used in generation of docs/tests + - cmake: Remove unused *SOCKLEN_T variables + - cmake: Suppress MSVC warning C4127 for libtest + - cmake: Test and set missed defines during configuration + - comment: Fix multiple typos in function parameters + - config: Remove unused SIZEOF_VOIDP + - config_win32: Enable LDAPS + - configure: Force-use -lpthreads on HPUX + - configure: Remove CURL_CONFIGURE_CURL_SOCKLEN_T + - configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE/ + - cookies: Remove redundant expired check + - cookies: Fix leak when writing cookies to file + - curl-config.in: Remove dependency on bc + - curl.1: --ipv6 mutexes ipv4 (fixed typo) + - curl: Enabled Windows VT Support and UTF-8 output + - curl: Update the documentation of --tlsv1.0 + - curl_multi_wait: Call getsock before figuring out timeout + - curl_ntlm_wb: Check aprintf() return codes + - curl_threads: Fix classic MinGW compile break + - darwinssl: Fix realloc memleak + - darwinssl: More specific and unified error codes + - data-binary.d: Clarify default content-type is x-www-form-urlencoded + - docs/BUG-BOUNTY: Explain the bounty program + - docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers + - docs/CIPHERS: Fix the TLS 1.3 cipher names + - docs/CIPHERS: Mention the colon separation for OpenSSL + - docs/examples: URL updates + - docs: Add "see also" links for SSL options + - example/asiohiper: Insert warning comment about its status + - example/htmltidy: Fix include paths of tidy libraries + - examples/Makefile.m32: Sync with core + - examples/http2-pushinmemory: Receive HTTP/2 pushed files in memory + - examples/parseurl.c: Show off the URL API + - examples: Fix memory leaks from realloc errors + - examples: Do not wait when no transfers are running + - ftp: Include command in Curl_ftpsend sendbuffer + - gskit: Make sure to terminate version string + - gtls: Values stored to but never read + - hostip: Fix check on Curl_shuffle_addr return value + - http2: Fix memory leaks on error-path + - http: Fix memleak in rewind error path + - krb5: Fix memory leak in krb_auth + - ldap: Show precise LDAP call in error message on Windows + - lib: Fix gcc8 warning on Windows + - memory: Add missing curl_printf header + - memory: Ensure to check allocation results + - multi: Fix error handling in the SENDPROTOCONNECT state + - multi: Fix memory leak in content encoding related error path + - multi: Make the closure handle "inherit" CURLOPT_NOSIGNAL + - netrc: Free temporary strings if memory allocation fails + - nss: Fix nssckbi module loading on Windows + - nss: Try to connect even if libnssckbi.so fails to load + - ntlm_wb: Fix memory leaks in ntlm_wb_response + - ntlm_wb: Bail out if the response gets overly large + - openssl: Assume engine support in 0.9.8 or later + - openssl: Enable TLS 1.3 post-handshake auth + - openssl: Fix gcc8 warning + - openssl: Load built-in engines too + - openssl: Make 'done' a proper boolean + - openssl: Output the correct cipher list on TLS 1.3 error + - openssl: Return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer + - openssl: Show "proper" version number for libressl builds + - pipelining: Deprecated + - rand: Add comment to skip a clang-tidy false positive + - rtmp: Fix for compiling with lwIP + - runtests: Ignore disabled even when ranges are given + - runtests: Skip ld_preload tests on macOS + - runtests: Use Windows paths for Windows curl + - schannel: Unified error code handling + - sendf: Fix whitespace in infof/failf concatenation + - ssh: free the session on init failures + - ssl: Deprecate CURLE_SSL_CACERT in favour of a unified error code + - system.h: Use proper setting with Sun C++ as well + - test1299: Use single quotes around asterisk + - test1452: Mark as flaky + - test1651: Unit test Curl_extract_certinfo() + - test320: Strip out more HTML when comparing + - tests/negtelnetserver.py: Fix Python2-ism in neg TELNET server + - tests: Add unit tests for url.c + - timeval: Fix use of weak symbol clock_gettime() on Apple platforms + - tool_cb_hdr: Handle failure of rename() + - travis: Add a "make tidy" build that runs clang-tidy + - travis: Add build for "configure --disable-verbose" + - travis: Bump the Secure Transport build to use xcode + - travis: Make distcheck scan for BOM markers + - unit1300: Fix stack-use-after-scope AddressSanitizer warning + - urldata: Fix "connecting" comment + - urlglob: Improve error message on bad globs + - vtls: Fix ssl version "or later" behaviour change for many backends + - x509asn1: Fix SAN IP address verification + - x509asn1: Always check return code from getASN1Element() + - x509asn1: Return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert + - x509asn1: Suppress left shift on signed value +- Test 656 segfaults on Fedora 13 to 15 inclusive, so disable it there + +* Fri Oct 12 2018 Paul Howarth - 7.61.1-3.0.cf +- Enable TLS 1.3 post-handshake auth in OpenSSL +- Update the documentation of --tlsv1.0 in curl(1) man page + +* Fri Oct 5 2018 Paul Howarth - 7.61.1-2.0.cf +- Enforce versioned libpsl dependency for libcurl (#1631804) +- test320: Update expected output for gnutls-3.6.4 +- Drop 0105-curl-7.61.0-tests-ssh-keygen.patch, no longer needed (#1622594) +- test1456: Seems to be flaky so disable it + +* Wed Sep 5 2018 Paul Howarth - 7.61.1-1.0.cf +- Update to 7.61.1 + - Fix NTLM password overflow via integer overflow (CVE-2018-14618) + - CURLINFO_SIZE_UPLOAD: Fix missing counter update + - CURLOPT_ACCEPT_ENCODING.3: List them comma-separated + - CURLOPT_SSL_CTX_FUNCTION.3: Might cause accidental connection reuse + - Curl_getoff_all_pipelines: Improved for multiplexed + - DEPRECATE: Remove release date from 7.62.0 + - HTTP: Don't attempt to needlessly decompress redirect body + - INTERNALS: Require GnuTLS ≥ 2.11.3 + - README.md: Add LGTM.com code quality grade for C/C++ + - SSLCERTS: Improve the openssl command line + - Silence GCC 8 cast-function-type warnings + - ares: Check for NULL in completed-callback + - asyn-thread: Remove unused macro + - auth: Only pick CURLAUTH_BEARER if we *have* a Bearer token + - auth: Pick Bearer authentication whenever a token is available + - cmake: CMake config files are defining CURL_STATICLIB for static builds + - cmake: Respect BUILD_SHARED_LIBS + - cmake: Update scripts to use consistent style + - cmake: Bumped minimum version to 3.4 + - cmake: Link curl to the OpenSSL targets instead of lib absolute paths + - configure: Conditionally enable pedantic-errors + - configure: Fix for -lpthread detection with OpenSSL and pkg-config + - conn: Remove the boolean 'inuse' field + - content_encoding: Accept up to 4 unknown trailer bytes after raw deflate data + - cookie tests: Treat files as text + - cookies: Support creation-time attribute for cookies + - curl: Fix segfault when -H @headerfile is empty + - curl: Add http code 408 to transient list for --retry + - curl: Fix time-of-check, time-of-use race in dir creation + - curl: Use Content-Disposition before the "URL end" for -OJ + - curl: Warn the user if a given file name looks like an option + - curl_threads: Silence bad-function-cast warning + - darwinssl: Add support for ALPN negotiation + - docs/CURLOPT_URL: Fix indentation + - docs/CURLOPT_WRITEFUNCTION: Size is always 1 + - docs/SECURITY-PROCESS: Mention bounty, drop pre-notify + - docs/examples: Add hiperfifo example using linux epoll/timerfd + - docs: Add disallow-username-in-url.d and haproxy-protocol.d to dist + - docs: Clarify NO_PROXY env variable functionality + - docs: Improved the manual pages of some callbacks + - docs: Mention NULL is fine input to several functions + - formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT + - gopher: Do not translate '?' to '%%09' + - header output: Switch off all styles, not just unbold + - hostip: Fix unused variable warning + - http2: Use correct format identifier for stream_id + - http2: Abort the send_callback if not setup yet + - http2: Avoid set_stream_user_data() before stream is assigned + - http2: Check nghttp2_session_set_stream_user_data return code + - http2: Clear the drain counter in Curl_http2_done + - http2: Make sure to send after RST_STREAM + - http2: Separate easy handle from connections better + - http: Fix for tiny "HTTP/0.9" response + - http_proxy: Remove unused macro SELECT_TIMEOUT + - lib/Makefile: Only do symbol hiding if told to + - lib1502: Fix memory leak in torture test + - lib1522: Fix curl_easy_setopt argument type + - libcurl-thread.3: Expand somewhat on the NO_SIGNAL motivation + - mime: Check Curl_rand_hex's return code + - multi: Always do the COMPLETED procedure/state + - openssl: Assume engine support in 1.0.0 or later + - openssl: Fix debug messages + - projects: Improve Windows perl detection in batch scripts + - retry: Return error if rewind was necessary but didn't happen + - reuse_conn(): Memory leak - free old_conn->options + - schannel: Client certificate store opening fix + - schannel: Enable CALG_TLS1PRF for w32api ≥ 5.1 + - schannel: Fix MinGW compile break + - sftp: Don't send post-quote sequence when retrying a connection + - smb: Fix memory leak on early failure + - smb: Fix memory-leak in URL parse error path + - smb_getsock: Always wait for write socket too + - ssh-libssh: Fix infinite connect loop on invalid private key + - ssh-libssh: Reduce excessive verbose output about pubkey auth + - ssh-libssh: Use FALLTHROUGH to silence gcc8 + - ssl: Set engine implicitly when a PKCS#11 URI is provided + - sws: Handle EINTR when calling select() + - system_win32: Fix version checking + - telnet: Remove unused macros TELOPTS and TELCMDS + - test1143: Disable MSYS2's POSIX path conversion + - test1148: Disable if decimal separator is not point + - test1307: (fnmatch testing) disabled + - test1422: Add required file feature + - test1531: Add timeout + - test1540: Remove unused macro TEST_HANG_TIMEOUT + - test214: Disable MSYS2's POSIX path conversion for URL + - test320: Treat curl320.out file as binary + - tests/http_pipe.py: Use /usr/bin/env to find python + - tests: Don't use Windows path %%PWD for SSH tests + - tests: Fixes for Windows line endings + - tool_operate: Fix setting proxy TLS 1.3 ciphers + - travis: Build darwinssl on macos 10.12 to fix linker errors + - travis: Execute "set -eo pipefail" for coverage build + - travis: Run a 'make checksrc' too + - travis: Update to GCC-8 + - travis: Verify that man pages can be regenerated + - upload: Allocate upload buffer on-demand + - upload: Change default UPLOAD_BUFSIZE to 64KB + - urldata: Remove unused pipe_broke struct field + - vtls: Re-instantiate engine on duplicated handles + - windows: Implement send buffer tuning + - wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random + +* Tue Sep 4 2018 Paul Howarth - 7.61.0-8.0.cf +- Make the --tls13-ciphers option work + +* Tue Aug 28 2018 Paul Howarth - 7.61.0-7.0.cf +- tests: Make ssh-keygen always produce PEM format (#1622594) + +* Wed Aug 15 2018 Paul Howarth - 7.61.0-6.0.cf +- scp/sftp: Fix infinite connect loop on invalid private key (#1595135) + +* Mon Aug 13 2018 Paul Howarth - 7.61.0-5.0.cf +- ssl: Set engine implicitly when a PKCS#11 URI is provided (#1219544) +- Relax crypto policy for the test-suite to make it pass again (#1610888) + +* Tue Jul 31 2018 Paul Howarth - 7.61.0-3.0.cf +- Adapt test 323 for updated OpenSSL + +* Fri Jul 13 2018 Paul Howarth - 7.61.0-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Jul 11 2018 Paul Howarth - 7.61.0-1.0.cf +- Update to 7.61.0 + - CVE-2018-0500: smtp: Fix SMTP send buffer overflow + - getinfo: Add microsecond precise timers for seven intervals + - curl: Show headers in bold, switch off with --no-styled-output + - httpauth: Add support for Bearer tokens + - Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS + - curl: --tls13-ciphers and --proxy-tls13-ciphers + - Add CURLOPT_DISALLOW_USERNAME_IN_URL + - curl: --disallow-username-in-url + - schannel: Disable client cert option if APIs not available + - schannel: Disable manual verify if APIs not available + - tests/libtest/Makefile: Do not unconditionally add gcc-specific flags + - openssl: Acknowledge --tls-max for default version too + - stub_gssapi: Fix 'unused parameter' warnings + - examples/progressfunc: Make it build on both new and old libcurls + - docs: Mention it is HA Proxy protocol "version 1" + - curl_fnmatch: Only allow two asterisks for matching + - docs: Clarify CURLOPT_HTTPGET + - configure: Replace a AC_TRY_RUN with CURL_RUN_IFELSE + - configure: Do compile-time SIZEOF checks instead of run-time + - checksrc: Make sure sizeof() is used *with* parentheses + - CURLOPT_ACCEPT_ENCODING.3: Add brotli and clarify a bit + - schannel: Make CAinfo parsing resilient to CR/LF + - tftp: Make sure error is zero terminated before printfing it + - http resume: Skip body if http code 416 (range error) is ignored + - configure: Add basic test of --with-ssl prefix + - cmake: Set -d postfix for debug builds + - multi: Provide a socket to wait for in Curl_protocol_getsock + - content_encoding: Handle zlib versions too old for Z_BLOCK + - winbuild: Only delete OUTFILE if it exists + - winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST + - schannel: Add failf calls for client certificate failures + - cmake: Fix the test for fsetxattr and strerror_r + - curl.1: Fix cmdline-opts reference errors + - cmdline-opts/gen.pl: Warn if mutexes: or see-also: list non-existing options + - cmake: Check for getpwuid_r + - configure: Fix ssh2 linking when built with a static mbedtls + - psl: Use latest psl and refresh it periodically + - fnmatch: Insist on escaped bracket to match + - KNOWN_BUGS: Restore text regarding #2101 + - INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib + - configure: Override AR_FLAGS to silence warning + - os400: Implement mime api EBCDIC wrappers + - curl.rc: Embed manifest for correct Windows version detection + - strictness: Correct {infof, failf} format specifiers + - tests: Update .gitignore for libtests + - configure: Check for declaration of getpwuid_r + - fnmatch: Use the system one if available + - CURLOPT_RESOLVE: Always purge old entry first + - multi: Remove a potentially bad DEBUGF() + - curl_addrinfo: Use same #ifdef conditions in source as header + - build: Remove the Borland specific makefiles + - axTLS: Not considered fit for use + - cmdline-opts/cert-type.d: Mention "p12" as a recognized type + - system.h: Add support for IBM xlc C compiler + - tests/libtest: Add lib1521 to nodist_SOURCES + - mk-ca-bundle.pl: Leave certificate name untouched + - boringssl + schannel: undef X509_NAME in lib/schannel.h + - openssl: Assume engine support in 1.0.1 or later + - cppcheck: Fix warnings + - test 46: Make test pass after year 2025 + - schannel: Support selecting ciphers + - Curl_debug: Remove dead printhost code + - test 1455: Unflakified + - Curl_init_do: Handle NULL connection pointer passed in + - progress: Remove a set of unused defines + - mk-ca-bundle.pl: Make -u delete certdata.txt if found not changed + - GOVERNANCE.md: Explains how this project is run + - configure: Use pkg-config for c-ares detection + - configure: Enhance ability to build with static openssl + - maketgz: Fix sed issues on OSX + - multi: Fix memory leak when stopped during name resolve + - CURLOPT_INTERFACE.3: Interface names not supported on Windows + - url: Fix dangling conn->data pointer + - cmake: Allow multiple SSL backends + - system.h: Fix for gcc on 32 bit OpenServer + - ConnectionExists: Make sure conn->data is set when "taking" a connection + - multi: Fix crash due to dangling entry in connect-pending list + - CURLOPT_SSL_VERIFYPEER.3: Add performance note + - netrc: Use a larger buffer to support longer passwords + - url: Check Curl_conncache_add_conn return code + - configure: Add dependent libraries after crypto + - easy_perform: Faster local name resolves by using *multi_timeout() + - getnameinfo: Not used, removed all configure checks + - travis: Add a build using the synchronous name resolver + - CURLINFO_TLS_SSL_PTR.3: Improve the example + - openssl: Allow TLS 1.3 by default + - openssl: Make the requested TLS version the *minimum* wanted + - openssl: Remove some dead code + - telnet: Fix clang warnings + - DEPRECATE: New doc describing planned item removals + - example/crawler.c: Simple crawler based on libxml2 + - libssh: Goto DISCONNECT state on error, not SESSION_FREE + - CMake: Remove unused functions + - darwinssl: Allow High Sierra users to build the code using GCC + - scripts: Include _curl as part of CLEANFILES + - examples: Fix -Wformat warnings + - curl_setup: Include before + - schannel: Make more cipher options conditional + - CMake: Remove redundant and old end-of-block syntax + - post303.d: Clarify that this is an RFC violation +- Add patch to fix builds with openssl < 1.0.1 + +* Tue Jul 10 2018 Paul Howarth - 7.60.0-3.0.cf +- Disable flaky test 1455 +- Enable support for brotli compression in libcurl-full from F-29 onwards + +* Wed Jul 4 2018 Paul Howarth - 7.60.0-2.0.cf +- Do not hard-wire path of the Python 3 interpreter + +* Wed May 16 2018 Paul Howarth - 7.60.0-1.0.cf +- Update to 7.60.0 + - Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol + - Add --haproxy-protocol for the command line tool + - Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses + - FTP: Shutdown response buffer overflow CVE-2018-1000300 + - RTSP: Bad headers buffer over-read CVE-2018-1000301 + - FTP: Fix typo in recursive callback detection for seeking + - test1208: Marked flaky + - HTTP: Make header-less responses still count correct body size + - user-agent.d: Mention --proxy-header as well + - http2: fixes typo + - cleanup: Misc typos in strings and comments + - rate-limit: Use three second window to better handle high speeds + - examples/hiperfifo.c: Improved + - pause: When changing pause state, update socket state + - multi: Improved pending transfers handling ⇒ improved performance + - curl_version_info.3: Fix ssl_version description + - add_handle/easy_perform: Clear errorbuffer on start if set + - darwinssl: Fix iOS build + - cmake: Add support for brotli + - parsedate: Support UT timezone + - vauth/ntlm.h: Fix the #ifdef header guard + - lib/curl_path.h: Added #ifdef header guard + - vauth/cleartext: Fix integer overflow check + - CURLINFO_COOKIELIST.3: Made the example not leak memory + - cookie.d: Mention that "-" as filename means stdin + - CURLINFO_SSL_VERIFYRESULT.3: Fixed the example + - http2: Read pending frames (including GOAWAY) in connection-check + - timeval: Remove compilation warning by casting + - cmake: Avoid warn-as-error during config checks + - travis-ci: Enable -Werror for CMake builds + - openldap: Fix for NULL return from ldap_get_attribute_ber() + - threaded resolver: Track resolver time and set suitable timeout values + - cmake: Add advapi32 as explicit link library for win32 + - docs: Fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T + - test1148: Set a fixed locale for the test + - cookies: When reading from a file, only remove_expired once + - cookie: Store cookies per top-level-domain-specific hash table + - openssl: Fix build with LibreSSL 2.7 + - tls: Fix mbedTLS 2.7.0 build + handle sha256 failures + - openssl: RESTORED verify locations when verifypeer==0 + - file: Restore old behaviour for file:////foo/bar URLs + - FTP: Allow PASV on IPv6 connections when a proxy is being used + - build-openssl.bat: Allow custom paths for VS and perl + - winbuild: Make the clean target work without build-type + - build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15 + - curl: Retry on FTP 4xx, ignore other protocols + - configure: Detect (and use) sa_family_t + - examples/sftpuploadresume: Fix Windows large file seek + - build: Clean up to fix clang warnings/errors + - winbuild: Updated the documentation + - lib: Silence null-dereference warnings + - travis: Bump to clang 6 and gcc 7 + - travis: Build libpsl and make builds use it + - proxy: Show getenv proxy use in verbose output + - duphandle: Make sure CURLOPT_RESOLVE is duplicated + - all: Refactor malloc+memset to use calloc + - checksrc: Fix typo + - system.h: Add sparcv8plus to oracle/sunpro 32-bit detection + - vauth: Fix typo + - ssh: Show libSSH2 error code when closing fails + - test1148: Tolerate progress updates better + - urldata: Make service names unconditional + - configure: Keep LD_LIBRARY_PATH changes local + - ntlm_sspi: Fix authentication using Credential Manager + - schannel: Add client certificate authentication + - winbuild: Support custom devel paths for each dependency + - schannel: Add support for CURLOPT_CAINFO + - http2: Handle on_begin_headers() called more than once + - openssl: Support OpenSSL 1.1.1 verbose-mode trace messages + - openssl: Fix subjectAltName check on non-ASCII platforms + - http2: Avoid strstr() on data not zero terminated + - http2: Clear the "drain counter" when a stream is closed + - http2: Handle GOAWAY properly + - tool_help: Clarify --max-time unit of time is seconds + - curl.1: Clarify that options and URLs can be mixed + - http2: Convert an assert to run-time check + - curl_global_sslset: Always provide available backends + - ftplistparser: Keep state between invokes + - Curl_memchr: Zero length input can't match + - examples/sftpuploadresume: typecast fseek argument to long + - examples/http2-upload: Expand buffer to avoid silly warning + - ctype: Restore character classification for non-ASCII platforms + - mime: Avoid NULL pointer dereference risk + - cookies: Ensure that we have cookies before writing jar + - os400.c: Fix checksrc warnings + - configure: Provide --with-wolfssl as an alias for --with-cyassl + - cyassl: Adapt to libraries without TLS 1.0 support built-in + - http2: Get rid of another strstr + - checksrc: Force indentation of lines after an else + - cookies: Remove unused macro + - CURLINFO_PROTOCOL.3: Mention the existing defined names + - tests: Provide 'manual' as a feature to optionally require + - travis: Enable libssh2 on both macos and Linux + - CURLOPT_URL.3: Added ENCODING section + - wolfssl: Fix non-blocking connect + - vtls: Don't define MD5_DIGEST_LENGTH for wolfssl + - docs: Remove extraneous commas in man pages + - URL: Fix ASCII dependency in strcpy_url and strlen_url + - ssh-libssh.c: Fix left shift compiler warning + - configure: Only check for CA bundle for file-using SSL backends + - travis: Add an mbedtls build + - http: Don't set the "rewind" flag when not uploading anything + - configure: Put CURLDEBUG and DEBUGBUILD in lib/curl_config.h + - transfer: Don't unset writesockfd on setup of multiplexed conns + - vtls: Use unified "supports" bitfield member in backends + - URLs: Fix one more http url + - travis: Add a build using WolfSSL + - openssl: Change FILE ops to BIO ops + - travis: Add build using NSS + - smb: Reject negative file sizes + - cookies: Accept parameter names as cookie name + - http2: getsock fix for uploads + - All over: Fixed format specifiers + - http2: Use the correct function pointer typedef + +* Thu Mar 15 2018 Paul Howarth - 7.59.0-3.0.cf +- Run the test suite using Python 3 from Fedora 28 onwards + +* Wed Mar 14 2018 Paul Howarth - 7.59.0-2.0.cf +- ftp: Fix typo in recursive callback detection for seeking + +* Wed Mar 14 2018 Paul Howarth - 7.59.0-1.0.cf +- Update to 7.59.0 + - curl: Add --proxy-pinnedpubkey + - Added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T + - CURLOPT_RESOLVE: Add support for multiple IP addresses per entry + - Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS + - Add new tool option --happy-eyeballs-timeout-ms + - Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA + - openldap: Check ldap_get_attribute_ber() results for NULL before using + (fixes CVE-2018-1000121) + - FTP: Reject path components with control codes (fixes CVE-2018-1000120) + - readwrite: Make sure excess reads don't go beyond buffer end (fixes + CVE-2018-1000122) + - lib555: Drop text conversion and encode data as ASCII codes + - lib517: Make variable static to avoid compiler warning + - lib544: Sync ASCII code data with textual data + - GSKit: Restore pinnedpubkey functionality + - darwinssl: Don't import client certificates into Keychain on macOS + - parsedate: Fix date parsing for systems with 32 bit long + - openssl: Fix pinned public key build error in FIPS mode + - SChannel/WinSSL: Implement public key pinning + - cookies: Remove verbose "cookie size:" output + - progress-bar: Don't use stderr explicitly, use bar->out + - Fixes for MSDOS + - build: Open VC15 projects with VS 2017 + - curl_ctype: Private is*() type macros and functions + - configure: Set PATH_SEPARATOR to colon for PATH w/o separator + - winbuild: Make linker generate proper PDB + - curl_easy_reset: Clear digest auth state + - curl/curl.h: Fix comment typo for CURLOPT_DNS_LOCAL_IP6 + - range: Commonize FTP and FILE range handling + - progress-bar docs: Update to match implementation + - fnmatch: Do not match the empty string with a character set + - fnmatch: Accept an alphanum to be followed by a non-alphanum in char set + - build: Fix termios issue on android cross-compile + - getdate: Return -1 for out of range + - formdata: Use the mime-content type function + - time-cond: Fix reading the file modification time on Windows + - build-openssl.bat: Extend VC15 support to include Enterprise and Professional + - build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional + - openssl: Don't add verify locations when verifypeer==0 + - fnmatch: Optimize processing of consecutive *s and ?s pattern characters + - schannel: Fix compiler warnings + - content_encoding: Add "none" alias to "identity" + - get_posix_time: Only check for overflows if they can happen + - http_chunks: Don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING + - README: Language fix + - sha256: Build with OpenSSL < 0.9.8 + - smtp: Fix processing of initial dot in data + - --tlsauthtype: Works only if libcurl is built with TLS-SRP support + - tests: New tests for http raw mode + - libcurl-security.3: man page discussion security concerns when using libcurl + - curl_gssapi: Make sure this file too uses our *printf() + - BINDINGS: Fix curb link (and remove ruby-curl-multi) + - nss: Use PK11_CreateManagedGenericObject() if available + - travis: Add build with iconv enabled + - ssh: Add two missing state names + - CURLOPT_HEADERFUNCTION.3: Mention folded headers + - http: Fix the max header length detection logic + - header callback: Don't chop headers into smaller pieces + - CURLOPT_HEADER.3: Clarify problems with different data sizes + - curl --version: Show PSL if the run-time lib has it enabled + - examples/sftpuploadresume: Resume upload via CURLOPT_APPEND + - Return error if called recursively from within callbacks + - sasl: Prefer PLAIN mechanism over LOGIN + - winbuild: Use CALL to run batch scripts + - curl_share_setopt.3: Connection cache is shared within multi handles + - winbuild: Use macros for the names of some build utilities + - projects/README: Remove reference to dead IDN link/package + - lib655: Silence compiler warning + - configure: Fix version check for OpenSSL 1.1.1 + - docs/MANUAL: formfind.pl is not accessible on the site anymore + - unit1309: Fix warning on Windows x64 + - unit1307: Proper cleanup on OOM to fix torture tests + - curl_ctype: Fix macro redefinition warnings + - build: Get CFLAGS (including -werror) used for examples and tests + - NO_PROXY: Fix for IPv6 numericals in the URL + - krb5: Use nondeprecated functions + - winbuild: Prefer documented zlib library names + - http2: Mark the connection for close on GOAWAY + - limit-rate: Kick in even before "limit" data has been received + - HTTP: Allow "header;" to replace an internal header with a blank one + - http2: Verbose output new MAX_CONCURRENT_STREAMS values + - SECURITY: Distros' max embargo time is 14 days + - curl tool: Accept --compressed also if Brotli is enabled and zlib is not + - WolfSSL: Adding TLSv1.3 + - checksrc.pl: Add -i and -m options + - CURLOPT_COOKIEFILE.3: "-" as file name means stdin + +* Mon Mar 12 2018 Paul Howarth - 7.58.0-8.0.cf +- http2: mark the connection for close on GOAWAY + +* Mon Feb 19 2018 Paul Howarth - 7.58.0-7.0.cf +- Add explicitly-used build requirements +- Fix libcurl soname version number in %%files list to avoid accidental soname + bumps + +* Thu Feb 15 2018 Paul Howarth - 7.58.0-6.0.cf +- Drop ldconfig scriptlets from Fedora 28 onwards + +* Tue Feb 13 2018 Paul Howarth - 7.58.0-5.0.cf +- Drop temporary work around for ICE on x86_64 (#1540549) + +* Fri Feb 9 2018 Paul Howarth - 7.58.0-4.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Jan 31 2018 Paul Howarth - 7.58.0-3.0.cf +- Temporarily work around internal compiler error on x86_64 (#1540549) +- Disable brp-ldconfig to make RemovePathPostfixes work with shared libs again + +* Thu Jan 25 2018 Paul Howarth - 7.58.0-2.0.cf +- Use libssh (instead of libssh2) to implement SCP/SFTP in libcurl from + Fedora 28 onwards (#1531483) + +* Wed Jan 24 2018 Paul Howarth - 7.58.0-1.0.cf +- Update to 7.58.0 + - New libssh-powered SSH SCP/SFTP back-end + - curl-config: Add --ssl-backends + - http2: Fix incorrect trailer buffer size (CVE-2018-1000005) + - http: Prevent custom Authorization headers in redirects (CVE-2018-1000007) + - travis: Add boringssl build + - examples/xmlstream.c: Don't switch off CURL_GLOBAL_SSL + - SSL: Avoid magic allocation of SSL backend specific data + - lib: Don't export all symbols, just everything curl_* + - libssh2: Send the correct CURLE error code on scp file not found + - libssh2: Return CURLE_UPLOAD_FAILED on failure to upload + - openssl: Enable pkcs12 in boringssl builds + - libssh2: Remove dead code from SSH_SFTP_QUOTE + - sasl_getmessage: Make sure we have a long enough string to pass + - conncache: Fix several lock issues + - threaded-shared-conn.c: New example + - conncache: Only allow multiplexing within same multi handle + - configure: Check for netinet/in6.h + - URL: Tolerate backslash after drive letter for FILE: + - openldap: Add commented out debug possibilities + - include: Get netinet/in.h before linux/tcp.h + - CONNECT: Keep close connection flag in http_connect_state struct + - BINDINGS: Another PostgreSQL client + - curl: Limit -# update frequency for unknown total size + - configure: Add AX_CODE_COVERAGE only if using gcc + - curl.h: Remove incorrect comment about ERRORBUFFER + - openssl: Improve data-pending check for https proxy + - curl: Remove __EMX__ #ifdefs + - CURLOPT_PRIVATE.3: Fix grammar + - sftp: Allow quoted commands to use relative paths + - CURLOPT_DNS_CACHE_TIMEOUT.3: See also CURLOPT_RESOLVE + - RESOLVE: Output verbose text when trying to set a duplicate name + - openssl: Disable file buffering for Win32 SSLKEYLOGFILE + - multi_done: Prune DNS cache + - tests: Update .gitignore for libtests + - tests: Mark data files as non-executable in git + - CURLOPT_DNS_LOCAL_IP4.3: Fixed the "SEE ALSO" to not self-reference + - curl.1: Documented two missing valid exit codes + - curl.1: Mention http:// and https:// as valid proxy prefixes + - vtls: Replaced getenv() with curl_getenv() + - setopt: Less *or equal* than INT_MAX/1000 should be fine + - examples/smtp-mail.c: Use separate defines for options and mail + - curl: Support >256 bytes warning messages + - conncache: Fix a return code + - krb5: Fix a potential access of uninitialized memory + - rand: Add a clang-analyzer work-around + - CURLOPT_READFUNCTION.3: Refer to argument with correct name + - brotli: Allow compiling with version 0.6.0 + - content_encoding: Rework zlib_inflate + - curl_easy_reset: Release mime-related data + - examples/rtsp: Fix error handling macros + - build-openssl.bat: Added support for VC15 + - build-wolfssl.bat: Added support for VC15 + - build: Added Visual Studio 2017 project files + - winbuild: Added support for VC15 + - curl: Support size modifiers for --max-filesize + - examples/cacertinmem: Ignore cert-already-exists error + - brotli: Data at the end of content can be lost + - curl_version_info.3: Call the argument 'age' + - openssl: Fix memory leak of SSLKEYLOGFILE filename + - build: Remove HAVE_LIMITS_H check + - --mail-rcpt: Fix short-text description + - scripts: Allow all perl scripts to be run directly + - progress: Calculate transfer speed on milliseconds if possible + - system.h: Check __LONG_MAX__ for defining curl_off_t + - easy: Fix connection ownership in curl_easy_pause + - setopt: Reintroduce non-static Curl_vsetopt() for OS400 support + - setopt: Fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values + - configure.ac: Append extra linker flags instead of prepending them + - HTTP: Bail out on negative Content-Length: values + - docs: Comment about CURLE_READ_ERROR returned by curl_mime_filedata + - mime: Clone mime tree upon easy handle duplication + - openssl: Enable SSLKEYLOGFILE support by default + - smtp/pop3/imap_get_message: Decrease the data length too... + - CURLOPT_TCP_NODELAY.3: Fix typo + - SMB: Fix numeric constant suffix and variable types + - ftp-wildcard: Fix matching an empty string with "*[^a]" + - curl_fnmatch: only allow 5 '*' sections in a single pattern + - openssl: Fix potential memory leak in SSLKEYLOGFILE logic + - SSH: Fix state machine for ssh-agent authentication + - examples/url2file.c: Add missing curl_global_cleanup() call + - http2: Don't close connection when single transfer is stopped + - libcurl-env.3: First version + - curl: Progress bar refresh, get width using ioctl() + - CONNECT_TO: Fail attempt to set an IPv6 numerical without IPv6 support + +* Wed Nov 29 2017 Paul Howarth - 7.57.0-1.0.cf +- Update to 7.57.0 + - auth: Add support for RFC7616 - HTTP Digest access authentication + - share: Add support for sharing the connection cache + - HTTP: Implement Brotli content encoding + - Fix CVE-2017-8816: NTLM buffer overflow via integer overflow + - Fix CVE-2017-8817: FTP wildcard out of bounds read + - Fix CVE-2017-8818: SSL out of buffer access + - curl_mime_filedata.3: Fix typos + - libtest: Add required test libraries for lib1552 and lib1553 + - Fix time diffs for systems using unsigned time_t + - ftplistparser: Memory leak fix: always free temporary memory + - multi: Allow table handle sizes to be overridden + - wildcards: Don't use with non-supported protocols + - curl_fnmatch: Return error on illegal wildcard pattern + - transfer: Fix chunked-encoding upload too early exit + - curl_setup: Improve detection of CURL_WINDOWS_APP + - resolvers: Only include anything if needed + - setopt: Fix CURLOPT_SSH_AUTH_TYPES option read + - appveyor: Add a win32 build + - Curl_timeleft: Change return type to timediff_t + - cmake: Export libcurl and curl targets to use by other cmake projects + - curl: In -F option arg, comma is a delimiter for files only + - curl: Improved ";type=" handling in -F option arguments + - timeval: Use mach_absolute_time() on MacOS + - curlx: The timeval functions are no longer provided as curlx_* + - mkhelp.pl: Do not generate comment with current date + - memdebug: Use send/recv signature for curl_dosend/curl_dorecv + - cookie: Avoid NULL dereference + - url: Fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 + - include: Remove conncache.h inclusion from where it's not needed + - CURLOPT_MAXREDIRS: Allow -1 as a value + - tests: Fixed torture tests on tests 556 and 650 + - http2: Fixed OOM handling in upgrade request + - url: Fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1 + - CURLOPT_INFILESIZE: Accept -1 + - curl: Pass through [] in URLs instead of calling globbing error + - curl: Speed up handling of many URLs + - ntlm: Avoid malloc(0) for zero length passwords + - url: Remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES + - HTTP: Support multiple Content-Encodings + - travis: Add a job with brotli enabled + - url: Remove unnecessary NULL-check + - fnmatch: Remove dead code + - connect: Store IPv6 connection status after valid connection + - imap: Deal with commands case insensitively + - --interface: Add support for Linux VRF + - content_encoding: Fix inflate_stream for no bytes available + - cmake: Correctly include curl.rc in Windows builds + - cmake: Add missing setmode check + - connect.c: Remove executable bit on file + - SMB: Fix uninitialized local variable + - zlib/brotli: Only include header files in modules needing them + - URL: Return error on malformed URLs with junk after IPv6 bracket + - openssl: Fix too broad use of HAVE_OPAQUE_EVP_PKEY + - macOS: Fix missing connectx function with Xcode version older than 9.0 + - --resolve: Allow IP address within [] brackets + - examples/curlx: Fix code style + - ntlm: Remove unnecessary NULL-check to please scan-build + - Curl_llist_remove: Fix potential NULL pointer deref + - mime: Fix "Value stored to 'sz' is never read" scan-build error + - openssl: Fix "Value stored to 'rc' is never read" scan-build error + - http2: Fix "Value stored to 'hdbuf' is never read" scan-build error + - http2: Fix "Value stored to 'end' is never read" scan-build error + - Curl_open: Fix OOM return error correctly + - url: Reject ASCII control characters and space in host names + - examples/rtsp: Clear RANGE again after use + - connect: Improve the bind error message + - make: Fix "make distclean" + - connect: Add support for new TCP Fast Open API on Linux + - metalink: Fix memory leak and NULL pointer dereference + - URL: Update "file:" URL handling + - ssh: Remove check for a NULL pointer + - global_init: Ignore CURL_GLOBAL_SSL's absence + +* Mon Oct 23 2017 Paul Howarth - 7.56.1-1.0.cf +- Update to 7.56.1 + - imap: If a FETCH response has no size, don't call write callback + (CVE-2017-1000257) + - ftp: UBsan fixup 'pointer index expression overflowed + - failf: Skip the sprintf() if there are no consumers + - fuzzer: Move to using external curl-fuzzer + - lib/Makefile.m32: Allow customizing dll suffixes + - docs: Fix typo in curl_mime_data_cb man page + - darwinssl: Add support for TLSv1.3 + - build: Fix --disable-crypto-auth + - lib/config-win32.h: Let SMB/SMBS be enabled with OpenSSL/NSS + - openssl: Fix build without HAVE_OPAQUE_EVP_PKEY + - strtoofft: Remove extraneous null check + - multi_cleanup: Call DONE on handles that never got that + - tests: Added flaky keyword to tests 587 and 644 + - pingpong: Return error when trying to send without connection + - remove_handle: Call multi_done() first, then clear dns cache pointer + - mime: Be tolerant about setting twice the same header list in a part + - mime: Improve unbinding top multipart from easy handle. + - mime: Avoid resetting a part's encoder when part's contents change + - mime: Refuse to add subparts to one of their own descendants + - RTSP: Avoid integer overflow on funny RTSP responses + - curl: Don't pass semicolons when parsing Content-Disposition + - openssl: Enable PKCS12 support for !BoringSSL + - FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION + - CURLOPT_NOPROGRESS.3: Also refer to xferinfofunction + - CURLOPT_XFERINFODATA.3: Fix duplicate see also + - test298: Verify --ftp-method nowcwd with URL encoded path + - FTP: URL decode path for dir listing in nocwd mode + - smtp_done: Fix memory leak on send failure + - ftpserver: Support case insensitive commands + - test950: Verify SMTP with custom request + - openssl: Don't use old BORINGSSL_YYYYMM macros + - setopt: Update current connection SSL verify params + - winbuild/BUILD.WINDOWS.txt: Mention WITH_NGHTTP2 + - curl: Reimplement stdin buffering in -F option + - mime: Keep "text/plain" content type if user-specified + - mime: Fix the content reader to handle >16K data properly + - configure: Remove the C++ compiler check + - memdebug: Trace send, recv and socket + - runtests: Use valgrind for torture as well + - ldap: Silence clang warning + - makefile.m32: Allow to override gcc, ar and ranlib + - setopt: Avoid integer overflows when setting millsecond values + - setopt: Range check most long options + - ftp: Reject illegal IP/port in PASV 227 response + - mime: Do not reuse previously computed multipart size + - vtls: Change struct Curl_ssl 'close' field name to 'close_one' + - os400: Add missing symbols in config file + - mime: Limit bas64-encoded lines length to 76 characters + - mk-ca-bundle: Remove URL for aurora + - mk-ca-bundle: Fix URL for NSS + +* Wed Oct 4 2017 Paul Howarth - 7.56.0-1.0.cf +- Update to 7.56.0 + - curl: Enable compression for SCP/SFTP with --compressed-ssh + - libcurl: Enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION + - vtls: Added dynamic changing SSL backend with curl_global_sslset() + - New MIME API, curl_mime_init() and friends + - openssl: Initial SSLKEYLOGFILE implementation + - FTP: zero terminate the entry path even on bad input (CVE-2017-1000254) + - examples/ftpuploadresume.c: Use portable code + - runtests: Match keywords case insensitively + - travis: Build the examples too + - strtoofft: Reduce integer overflow risks globally + - zsh.pl: Produce a working completion script again + - cmake: Remove dead code for CURL_DISABLE_RTMP + - progress: Track total times following redirects + - configure: Fix --disable-threaded-resolver + - cmake: Remove dead code for DISABLED_THREADSAFE + - configure: Fix clang version detection + - darwinssl: Fix error: variable length array used + - travis: Add metalink to some osx builds + - configure: Check for __builtin_available() availability + - http_proxy: Fix build error for CURL_DOES_CONVERSIONS + - examples/ftpuploadresume: checksrc compliance + - ftp: Fix CWD when doing multicwd then nocwd on same connection + - system.h: Remove all CURL_SIZEOF_* defines + - http: Don't wait on CONNECT when there is no proxy + - system.h: Check for __ppc__ as well + - http2_recv: Return error better on fatal h2 errors + - scripts/contri*sh: Use "git log --use-mailmap" + - tftp: Fix memory leak on too long filename + - system.h: Fix build for hppa + - cmake: Enable picky compiler options with clang and gcc + - makefile.m32: Add support for libidn2 + - curl: Turn off MinGW CRT's globbing + - request-target.d: Mention added in 7.55.0 + - curl: Shorten and clean up CA cert verification error message + - imap: Support PREAUTH + - CURLOPT_USERPWD.3: See also CURLOPT_PROXYUSERPWD + - examples/threaded-ssl: Mention that this is for openssl before 1.1 + - winbuild: Fix embedded manifest option + - tests: Make sure libtests and unittests call curl_global_cleanup() + - system.h: include sys/poll.h for AIX + - darwinssl: Handle long strings in TLS certs + - strtooff: Fix build for systems with long long but no strtoll + - asyn-thread: Improved cleanup after OOM situations + - HELP-US.md: "How to get started helping out in the curl project" + - curl.h: CURLSSLBACKEND_WOLFSSL used wrong value + - unit1301: Fix error message on first test + - ossfuzz: Moving towards the ideal integration + - http: Fix a memory leakage in checkrtspprefix() + - examples/post-callback: Stop returning one byte at a time + - schannel: return CURLE_SSL_CACERT on failed verification + - MAIL-ETIQUETTE: Added "1.9 Your emails are public" + - http-proxy: Treat all 2xx as CONNECT success + - openssl: Use OpenSSL's default ciphers by default + - runtests.pl: Support attribute "nonewline" in part verify/upload + - configure: Remove --enable-soname-bump and SONAME_BUMP + - travis: Add c-ares enabled builds linux + osx + - vtls: Fix WolfSSL 3.12 build problems + - http-proxy: When not doing CONNECT, that phase is done immediately + - configure: Fix curl_off_t check's include order + - configure: Use -Wno-varargs on clang 3.9[.X] debug builds + - rtsp: Do not call fwrite() with NULL pointer FILE * + - mbedtls: Enable CA path processing + - travis: Add build without HTTP/SMTP/IMAP + - checksrc: Verify more code style rules + - HTTP proxy: On connection re-use, still use the new remote port + - tests: Add initial gssapi test using stub implementation + - rtsp: Segfault when using WRITEDATA + - docs: Clarify the CURLOPT_INTERLEAVE* options behavior + - non-ascii: Use iconv() with 'char **' argument + - server/getpart: Provide dummy function to build conversion enabled + - conversions: Fix several compiler warnings + - openssl: Add missing includes + - schannel: Support partial send for when data is too large + - socks: Fix incorrect port number in SOCKS4 error message + - curl: Fix integer overflow in timeout options +- Re-enable temporarily disabled IDN2 test-cases + +* Tue Aug 29 2017 Paul Howarth - 7.55.1-5.0.cf +- Fix NetworkManager connectivity check not working (#1485702) + +* Wed Aug 23 2017 Paul Howarth - 7.55.1-3.0.cf +- Utilize system wide crypto policies for TLS (#1483972) + +* Tue Aug 15 2017 Paul Howarth - 7.55.1-2.0.cf +- Make zsh completion work again + +* Mon Aug 14 2017 Paul Howarth - 7.55.1-1.0.cf +- Update to 7.55.1 + - build: Fix 'make install' with configure, install docs/libcurl/* too + - make install: Add 8 missing man pages to the installation + - curl: Do bounds check using a double comparison + - dist: Add dictserver.py/negtelnetserver.py to release + - digest_sspi: Don't reuse context if the user/passwd has changed + - gitignore: Ignore top-level .vs folder + - build: Check out *.sln files with Windows line endings + - travis: Verify "make install" + - dist: Fix the cmake build by shipping cmake_uninstall.cmake.in too + - metalink: Fix error: ‘*’ in boolean context, suggest ‘&&’ instead + - configure: Use the threaded resolver backend by default if possible + - mkhelp.pl: Allow executing this script directly + - maketgz: Remove old *.dist files before making the tarball + - openssl: Remove CONST_ASN1_BIT_STRING + - openssl: Fix "error: this statement may fall through" + - proxy: Fix memory leak in case of invalid proxy server name + - curl/system.h: Support more architectures (OpenRISC, ARC) + - docs: Fix typos + - curl/system.h: Add Oracle Solaris Studio + - CURLINFO_TOTAL_TIME: Could wrongly return 4200 seconds + - docs: --connect-to clarified + - cmake: Allow user to override CMAKE_DEBUG_POSTFIX + - travis: Test cmake build on tarball too + - redirect: Make it handle absolute redirects to IDN names + - curl/system.h: Fix for gcc on PowerPC + - curl --interface: Fixed for IPV6 unique local addresses + - cmake: threads detection improvements + +* Wed Aug 9 2017 Paul Howarth - 7.55.0-1.1.cf +- Address some test suite issues + +* Wed Aug 9 2017 Paul Howarth - 7.55.0-1.0.cf +- Update to 7.55.0 + New Features: + - curl: Allow --header and --proxy-header read from file + - getinfo: Provide sizes as curl_off_t + - curl: Prevent binary output spewed to terminal + - curl: Added --request-target + - libcurl: Added CURLOPT_REQUEST_TARGET + - curl: Added --socks5-{basic,gssapi}: control socks5 auth + - libcurl: Added CURLOPT_SOCKS5_AUTH + Bug Fixes: + - glob: Do not parse after a strtoul() overflow range (CVE-2017-1000101) + - tftp: Reject file name lengths that don't fit (CVE-2017-1000100) + - file: Output the correct buffer to the user (CVE-2017-1000099) + - includes: Remove curl/curlbuild.h and curl/curlrules.h + - dist: Make the hugehelp.c not get regenerated unnecessarily + - timers: Store internal time stamps as time_t instead of doubles + - progress: Let "current speed" be UL + DL speeds combined + - http-proxy: Do the HTTP CONNECT process entirely non-blocking + - lib/curl_setup.h: Remove CURL_WANTS_CA_BUNDLE_ENV + - fuzz: Bring oss-fuzz initial code converted to C89 + - configure: Disable nghttp2 too if HTTP has been disabled + - mk-ca-bundle.pl: Check curl's exit code after certdata download + - test1148: Verify the -# progressbar + - tests: Stabilize test 2032 and 2033 + - HTTPS-Proxy: Don't offer h2 for https proxy connections + - http-proxy: Only attempt FTP over HTTP proxy + - curl-compilers.m4: Enable vla warning for clang + - curl-compilers.m4: Enable double-promotion warning + - curl-compilers.m4: Enable missing-variable-declarations clang warning + - curl-compilers.m4: Enable comma clang warning + - Makefile.m32: Enable -W for MinGW32 build + - CURLOPT_PREQUOTE: Not supported for SFTP + - http2: Fix OOM crash + - PIPELINING_SERVER_BL: Clean up the internal list use + - mkhelp.pl: Fix script name in usage text + - lib1521: Add curl_easy_getinfo calls to the test set + - travis: Do the distcheck test build out-of-tree as well + - if2ip: Fix compiler warning in ISO C90 mode + - lib: Fix the djgpp build + - typecheck-gcc: Add support for CURLINFO_OFF_T + - travis: Enable typecheck-gcc warnings + - maketgz: Switch to xz instead of lzma + - CURLINFO_REDIRECT_URL.3: Mention the CURLOPT_MAXREDIRS case + - curl-compilers.m4: Fix unknown-warning-option on Apple clang + - winbuild: Fix boringssl build + - curl/system.h: Add check for XTENSA for 32bit gcc + - test1537: Fixed memory leak on OOM + - test1521: Fix compiler warnings + - curl: Fix memory leak on test 1147 OOM + - libtest/make: Generate lib1521.c dynamically at build-time + - curl_strequal.3: Fix typo in SYNOPSIS + - progress: Prevent resetting t_starttransfer + - openssl: Improve fallback seed of PRNG with a time based hash + - http2: Improved PING frame handling + - test1450: Add simple testing for DICT + - make: Build the docs subdir only from within src + - cmake: Added compatibility options for older Windows versions + - gtls: Fix build when sizeof(long) < sizeof(void *) + - url: Make the original string get used on subsequent transfers + - timeval.c: Use long long constant type for timeval assignment + - tool_sleep: Typecast to avoid macos compiler warning + - travis.yml: Use --enable-werror on debug builds + - test1451: Add SMB support to the testbed + - configure: Remove checks for 5 functions never used + - configure: Try ldap/lber in reversed order first + - smb: Fix build for djgpp/MSDOS + - travis: Install nghttp2 on linux builds + - smb: Add support for CURLOPT_FILETIME + - cmake: Fix send/recv argument scanner for windows + - inet_pton: Fix include on windows to get prototype + - select.h: Avoid macro redefinition harder + - cmake: If inet_pton is used, bump _WIN32_WINNT + - asyn-thread.c: Fix unused variable warnings on macOS + - runtests: Support "threaded-resolver" as a feature + - test506: Skip if threaded-resolver + - cmake: Remove spurious "-l" from linker flags + - cmake: Add CURL_WERROR for enabling "warning as errors" + - memdebug: Don't setbuf() if the file open failed + - curl_easy_escape.3: Mention the (lack of) encoding + - test1452: Add telnet negotiation + - CURLOPT_POSTFIELDS.3: Explain the 100-continue magic better + - cmake: Offer CMAKE_DEBUG_POSTFIX when building with MSVC + - tests/valgrind.supp: Suppress OpenSSL false positive seen on travis + - curl_setup_once: Remove ERRNO/SET_ERRNO macros + - curl-compilers.m4: Disable warning spam with Cygwin's clang + - ldap: Fix MinGW compiler warning + - make: Fix docs build on OpenBSD + - curl_setup: Always define WIN32_LEAN_AND_MEAN on Windows + - system.h: include winsock2.h before windows.h + - winbuild: Build with warning level 4 + - rtspd: Fix MSVC level 4 warning + - sockfilt: Suppress conversion warning with explicit cast + - libtest: Fix MSVC warning C4706 + - darwinssl: Fix pinnedpubkey build error + - tests/server/resolve.c: Fix deprecation warning + - nss: Fix a possible use-after-free in SelectClientCert() + - checksrc: Escape open brace in regex + - multi: Mention integer overflow risk if using > 500 million sockets + - darwinssl: Fix --tlsv1.2 regression + - timeval: struct curltime is a struct timeval replacement + - curl_rtmp: Fix a compiler warning + - include.d: Clarify that it concerns the response headers + - cmake: Support make uninstall + - include.d: Clarify --include is only for response headers + - libcurl: Stop using error codes defined under CURL_NO_OLDIES + - http: Fix response code parser to avoid integer overflow + - configure: Fix the check for IdnToUnicode + - multi: Fix request timer management + - curl_threads: Fix MSVC compiler warning + - travis: Build on osx with openssl + - travis: Build on osx with libressl + - CURLOPT_NETRC.3: Mention the file name on Windows + - cmake: Set MSVC warning level to 4 + - netrc: Skip lines starting with '#' + - darwinssl: Fix curlssl_sha256sum() compiler warnings on first argument + - BUILD.WINDOWS: Mention buildconf.bat for builds off git + - darwinssl: Silence compiler warnings + - travis: Build on osx with darwinssl + - FTP: Skip unnecessary CWD when in nocwd mode + - gssapi: Fix memory leak of output token in multi round context + - getparameter: Avoid returning uninitialized 'usedarg' + - curl (debug build) easy_events: Make event data static + - curl: Detect and bail out early on parameter integer overflows + - configure: Fix recv/send/select detection on Android +- Drop curlbuild.h multilib hacks +- Re-enable now-stabilized test 2033 +- Disable test 1427 on i686 (failing just-added test) +- Manually install the libcurl manpages since upstream has accidentally stopped + doing so + +* Thu Aug 3 2017 Paul Howarth - 7.54.1-8.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Mon Jul 31 2017 Paul Howarth - 7.54.1-7.0.cf +- Enable separate debuginfo back + +* Thu Jul 27 2017 Paul Howarth - 7.54.1-5.0.cf +- Avoid build failure caused by broken RPM code that produces debuginfo + packages (https://github.com/rpm-software-management/rpm/issues/280) + +* Wed Jul 26 2017 Paul Howarth - 7.54.1-3.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon Jun 19 2017 Paul Howarth - 7.54.1-2.0.cf +- Enforce versioned openssl-libs dependency for libcurl (#1462184) + +* Wed Jun 14 2017 Paul Howarth - 7.54.1-1.0.cf +- Update to 7.54.1 + - CVE-2017-9502: file: URL buffer overflow + - curl: Show the libcurl release date in --version output + - openssl: Fix memory leak in servercert + - tests: Remove the html and PDF versions from the tarball + - mbedtls: Enable NTLM (and SMB) even if MD4 support is unavailable + - typecheck-gcc: Handle function pointers properly + - llist: No longer uses malloc + - gnutls: Removed some code when --disable-verbose is configured + - lib: Fix maybe-uninitialized warnings + - multi: Clarify condition in curl_multi_wait + - schannel: Don't treat encrypted partial record as pending data + - configure: Fix the -ldl check for openssl, add -lpthread check + - configure: Accept -Og and -Ofast GCC flags + - Makefile: Avoid use of GNU-specific form of $< + - if2ip: Fix -Wcast-align warning + - configure: Stop prepending to LDFLAGS, CPPFLAGS + - curl: Set a 100K buffer size by default + - typecheck-gcc: Fix _curl_is_slist_info + - nss: Do not leak PKCS #11 slot while loading a key + - nss: Load libnssckbi.so if no other trust is specified + - examples: ftpuploadfrommem.c + - url: Declare get_protocol_family() static + - examples/cookie_interface.c: Changed to example.com + - test1443: Test --remote-time + - curl: Use utimes instead of obsolescent utime when available + - url: Fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE + - curl_rtmp: Fix missing-variable-declarations warnings + - tests: Fixed OOM handling of unit tests to abort test + - curl_setup: Ensure no more than one IDN lib is enabled + - tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS + - CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size + - curl: Non-boolean command line args reject --no- prefixes + - telnet: Write full buffer instead of byte-by-byte + - typecheck-gcc: Add missing string options + - typecheck-gcc: Add support for CURLINFO_SOCKET + - opt man pages: They all have examples now + - curl_setup_once: Use SEND_QUAL_ARG2 for swrite + - test557: Set a known good numeric locale + - schannel: Return a more specific error code for SEC_E_UNTRUSTED_ROOT + - tests/server: Make string literals const + - runtests: Use -R for random order + - unit1305: Fix compiler warning + - curl_slist_append.3: Clarify a NULL input creates a new list + - tests/server: Run checksrc by default in debug-builds + - tests: Fix -Wcast-qual warnings + - runtests.pl: Simplify the datacheck read section + - curl: Remove --environment and tool_writeenv.c + - buildconf: Fix hang on IRIX + - tftp: Silence bad-function-cast warning + - asyn-thread: Fix unused macro warnings + - tool_parsecfg: Fix -Wcast-qual warning + - sendrecv: Fix MinGW-w64 warning + - test537: Use correct variable type + - rand: Treat fake entropy the same regardless of endianness + - curl: Generate the --help output + - tests: Removed redundant --trace-ascii arguments + - multi: Assign IDs to all timers and make each timer singleton + - multi: Use a fixed array of timers instead of malloc + - mbedtls: Support server renegotiation request + - pipeline: Fix mistakenly trying to pipeline POSTs + - lib510: Don't write past the end of the buffer if it's too small + - CURLOPT_HTTPPROXYTUNNEL.3: Clarify, add example + - SecureTransport/DarwinSSL: Implement public key pinning + - curl.1: Clarify --config + - curl_sasl: Fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM + - darwinssl: Fix exception when processing a client-side certificate + - curl.1: Mention --oauth2-bearer's argument + - mkhelp.pl: Do not add current time into curl binary + - asiohiper.cpp / evhiperfifo.c: Deal with negative timerfunction input + - ssh: Fix memory leak in disconnect due to timeout + - tests: Stabilize test 1034 + - cmake: Auto detection of CURL_CA_BUNDLE/CURL_CA_PATH + - assert: Avoid, use DEBUGASSERT instead + - LDAP: Using ldap_bind_s on Windows with methods + - redirect: Store the "would redirect to" URL when max redirs is reached + - winbuild: Fix the nghttp2 build + - examples: Fix -Wimplicit-fallthrough warnings + - time: Fix type conversions and compiler warnings + - mbedtls: Fix variable shadow warning + - test557: Fix ubsan runtime error due to int left shift + - transfer: Init the infilesize from the postfields + - docs: Clarify NO_PROXY further + - build-wolfssl: Sync config with wolfSSL 3.11 + - curl-compilers.m4: Enable -Wshift-sign-overflow for clang + - example/externalsocket.c: Make it use CLOSESOCKETFUNCTION too + - lib574.c: Use correct callback proto + - lib583: Fix compiler warning + - curl-compilers.m4: Fix compiler_num for clang + - typecheck-gcc.h: Separate getinfo slist checks from other pointers + - typecheck-gcc.h: Check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION + - typecheck-gcc.h: Check CURLINFO_CERTINFO + - build: Provide easy code coverage measuring + - test1537: Dedicated tests of the URL (un)escape API calls + - curl_endian: Remove unused functions + - test1538: Verify the libcurl strerror API calls + - MD(4|5): Silence cast-align clang warning + - dedotdot: Fixed output for ".." and "." only input + - cyassl: Define build macros before including ssl.h + - updatemanpages.pl: Error out on too old git version + - curl_sasl: Fix unused-variable warning + - x509asn1: Fix implicit-fallthrough warning with GCC 7 + - libtest: Fix implicit-fallthrough warnings with GCC 7 + - BINDINGS: Add Ring binding + - curl_ntlm_core: Pass unsigned char to toupper + - test1262: Verify ftp download with -z for "if older than this" + - test1521: Test all curl_easy_setopt options + - typecheck-gcc: Allow CURLOPT_STDERR to be NULL too + - metalink: Remove unused printf() argument + - file: Make speedcheck use current time for checks + - configure: Fix link with librtmp when specifying path + - examples/multi-uv.c: Fix deprecated symbol + - cmake: Fix inconsistency regarding mbed TLS include directory + - setopt: Check CURLOPT_ADDRESS_SCOPE option range + - gitignore: Ignore all vim swap files + - urlglob: Fix division by zero + - libressl: OCSP and intermediate certs workaround no longer needed +- New test 1446 segfaulting on builds for older distributions, so disable for + now +- Update patches as needed + +* Thu May 4 2017 Paul Howarth - 7.54.0-4.0.cf +- Make curl-minimal require a new enough version of libcurl + +* Sat Apr 29 2017 Paul Howarth - 7.54.0-3.1.cf +- Don't require nss-pem for OpenSSL builds + +* Thu Apr 27 2017 Paul Howarth - 7.54.0-3.0.cf +- Switch the TLS backend back to OpenSSL for Fedora 27 onwards (#1445153) + +* Tue Apr 25 2017 Paul Howarth - 7.54.0-2.0.cf +- nss: use libnssckbi.so as the default source of trust +- nss: do not leak PKCS #11 slot while loading a key (#1444860) + +* Wed Apr 19 2017 Paul Howarth - 7.54.0-1.0.cf +- Update to 7.54.0 + - Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION + - Add --max-tls + - Add CURLOPT_SUPPRESS_CONNECT_HEADERS + - Add --suppress-connect-headers + - CVE-2017-7468: switch off SSL session id when client cert is used + - cmake: Replace invalid UTF-8 byte sequence + - tests: Use consistent environment variables for setting charset + - proxy: Fixed a memory leak on OOM + - ftp: Removed an erroneous free in an OOM path + - docs: De-duplicate file lists in the Makefiles + - ftp: Fixed a NULL pointer dereference on OOM + - gopher: Fixed detection of an error condition from Curl_urldecode + - url: Fix unix-socket support for proxy-disabled builds + - test1139: Allow for the possibility that the man page is not rebuilt + - cyassl: Get library version string at runtime + - digest_sspi: Fix compilation warning + - tests: Enable HTTP/2 tests to run with non-default port numbers + - warnless: Suppress compiler warning + - darwinssl: Warn that disabling host verify also disables SNI + - configure: Fix for --enable-pthreads + - checksrc.bat: Ignore curl_config.h.in, curl_config.h + - no-keepalive.d: Fix typo + - configure: Fix --with-zlib when a path is specified + - build: Fix gcc7 implicit fallthrough warnings + - Fix potential use of uninitialized variables + - CURLOPT_SSL_CTX_FUNCTION.3: Fix EXAMPLE formatting errors + - CMake: Reorganize SSL support, separate WinSSL and SSPI + - CMake: Add DarwinSSL support + - CMake: Add mbedTLS support + - ares: Return error at once if timed out before name resolve starts + - BINDINGS: Added C++, perl, go and Scilab bindings + - URL: Return error on malformed URLs with junk after port number + - KNOWN_BUGS: Add DarwinSSL won't import PKCS#12 without a password + - http2: Fix assertion error on redirect with CL=0 + - updatemanpages.pl: Update man pages to use current date and versions + - --insecure: Clarify that this option is for server connections + - mkhelp: Simplified the gzip code + - build: Fixed making man page in out-of-tree tarball builds + - tests: Disabled 1903 due to flakiness + - openssl: Add two /* FALLTHROUGH */ to satisfy coverity + - cmdline-opts: Fixed a few typos + - authneg: Clear auth.multi flag at http_done + - curl_easy_reset: Also reset the authentication state + - proxy: Skip SSL initialization for closed connections + - http_proxy: Ignore TE and CL in CONNECT 2xx responses + - tool_writeout: Fixed a buffer read overrun on --write-out + - make: Regenerate docs/curl.1 by running make in docs + - winbuild: Add basic support for OpenSSL 1.1.x + - build: Removed redundant DEPENDENCIES from makefiles + - CURLINFO_LOCAL_PORT.3: Added example + - curl: Show HTTPS-Proxy options on CURLE_SSL_CACERT + - tests: Strip more options from non-HTTP --libcurl tests + - tests: Fixed the documented test server port numbers + - runtests.pl: Fixed display of the Gopher IPv6 port number + - multi: Fix streamclose() crash in debug mode + - cmake: Build manual pages + - cmake: Add support for building HTML and PDF docs + - mbedtls: Add support for CURLOPT_SSL_CTX_FUNCTION + - make: Introduce 'test-nonflaky' target + - CURLINFO_PRIMARY_IP.3: Add example + - tests/README: Mention nroff for --manual tests + - mkhelp: Disable compression if the perl gzip module is unavailable + - openssl: Fall back on SSL_ERROR_* string when no error detail + - asiohiper: Make sure socket is open in event_cb + - tests/README: Make "Run" section foolproof + - curl: Check for end of input in writeout backslash handling + - .gitattributes: Turn off CRLF for *.am + - multi: Fix MinGW-w64 compiler warnings + - schannel: Fix variable shadowing warning + - openssl: Exclude DSA code when OPENSSL_NO_DSA is defined + - http: Fix proxy connection reuse with basic-auth + - pause: Handle mixed types of data when paused + - http: Do not treat FTPS over CONNECT as HTTPS + - conncache: Make hashkey avoid malloc + - make: Use the variable MAKE for recursive calls + - curl: Fix callback argument inconsistency + - NTLM: Check for features with #ifdef instead of #if + - cmake: Add several missing files to the dist + - select: Use correct SIZEOF_ constant + - connect: Fix unreferenced parameter warning + - schannel: Fix unused variable warning + - gcc7: Fix ‘*’ in boolean context + - http2: Silence unused parameter warnings + - ssh: Fix narrowing conversion warning + - telnet: (win32) Fix read callback return variable + - docs: Explain --fail-early does not imply --fail + - docs: Added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3 + - tests/server/util: Remove in6addr_any for recent MinGW + - multi: Make curl_multi_wait avoid malloc in the typical case + - include: curl/system.h is a run-time version of curlbuild.h + - easy: Silence compiler warning + - llist: Replace Curl_llist_alloc with Curl_llist_init + - hash: Move key into hash struct to reduce mallocs + - url: Don't free postponed data on connection reuse + - curl_sasl: Declare mechtable static + - curl: Fix Windows Unicode build + - multi: Fix queueing of pending easy handles + - tool_operate: Fix MinGW compiler warning + - low_speed_limit: Improved function for longer time periods + - gtls: Fix compiler warning + - sspi: Print out InitializeSecurityContext() error message + - schannel: Fix compiler warnings + - vtls: fix unreferenced variable warnings + - INSTALL.md: Fix secure transport configure arguments + - CURLINFO_SCHEME.3: Fix variable type + - libcurl-thread.3: Also mention threaded-resolver + - nss: Load CA certificates even with --insecure + - openssl: Fix this statement may fall through + - poll: Prefer over + - polarssl: Unbreak build with versions < 1.3.8 + - Curl_expire_latest: Ignore already expired timers + - configure: Turn implicit function declarations into errors + - mbedtls: Fix memory leak in error path + - http2: Fix handle leak in error path + - .gitattributes: Force shell scripts to LF + - configure.ac: Ignore CR after version numbers + - extern-scan.pl: Strip trailing CR + - openssl: Make SSL_ERROR_to_str more future-proof + - openssl: Fix thread-safety bugs in error-handling + - openssl: Don't try to print nonexistant peer private keys + - nss: Fix MinGW compiler warnings +- Switch to lzma-compressed upstream tarball + +* Thu Apr 13 2017 Paul Howarth - 7.53.1-7.0.cf +- Provide (lib)curl-minimal subpackages with lightweight build of (lib)curl + (Fedora 27 onwards) + +* Mon Apr 10 2017 Paul Howarth - 7.53.1-5.0.cf +- Disable upstream test 2033 (flaky test for HTTP/1 pipelining) + +* Fri Apr 7 2017 Paul Howarth - 7.53.1-4.0.cf +- Fix out of bounds read in curl --write-out (CVE-2017-7407) +- Make the dependency on nss-pem arch-specific from F-25 onwards (#1428550) +- Drop support for EOL distributions prior to F-13 + - Drop BuildRoot: and Group: tags + - Drop buildroot cleaning in %%install + - Drop explicit %%clean section + - Drop explicit dependency on pkgconfig + +* Thu Mar 2 2017 Paul Howarth - 7.53.1-2.0.cf +- Rebuild to sync with Rawhide + +* Fri Feb 24 2017 Paul Howarth - 7.53.1-1.0.cf +- Update to 7.53.1 + - cyassl: Fix typo + - url: Improve CURLOPT_PROXY_CAPATH error handling + - urldata: Include curl_sspi.h when Windows SSPI is enabled + - formdata: check for EOF when reading from stdin + - tests: Set CHARSET and LANG to UTF-8 in 1035, 2046 and 2047 + - url: Default the proxy CA bundle location to CURL_CA_BUNDLE + - rand: Added missing #ifdef HAVE_FCNTL_H around fcntl.h header + +* Wed Feb 22 2017 Paul Howarth - 7.53.0-1.0.cf +- Update to 7.53.0 + - CVE-2017-2629: Make SSL_VERIFYSTATUS work again + - unix_socket: Added --abstract-unix-socket and CURLOPT_ABSTRACT_UNIX_SOCKET + - CURLOPT_BUFFERSIZE: Support enlarging receive buffer + - gnutls-random: Check return code for failed random + - openssl-random: Check return code when asking for random + - http: Remove "Curl_http_done: called premature" message + - cyassl: Use time_t instead of long for timeout + - build-wolfssl: Sync config with wolfSSL 3.10 + - ftp-gss: Check for init before use + - configure: Accept --with-libidn2 instead + - ftp: Failure to resolve proxy should return that error code + - curl.1: Add three more exit codes + - docs/ciphers: Link to our own new page about ciphers + - vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl + - darwinssl: Fix iOS build + - darwinssl: Fix CFArrayRef leak + - cmake: Use crypt32.lib when building with OpenSSL on windows + - curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked + - digest_sspi: Copy terminating NUL as well + - curl: Fix --remote-time incorrect times on Windows + - curl.1: Several updates and corrections + - content_encoding: Change return code on a failure + - curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use + - docs: TCP_KEEPALIVE start and interval default to 60 + - darwinssl: --insecure overrides --cacert if both settings are in use + - TheArtOfHttpScripting: Grammar + - CIPHERS.md: Document GSKit ciphers + - wolfssl: Support setting cipher list + - wolfssl: Display negotiated SSL version and cipher + - lib506: Fix build for Open Watcom + - asiohiper: Improved socket handling + - examples: Make the C++ examples follow our code style too + - tests/sws: Retry send() on EWOULDBLOCK + - cmake: Fix passing _WINSOCKAPI_ macro to compiler + - smtp: Fix STARTTLS denied error message + - imap/pop3: Don't print response character in STARTTLS denied messages + - rand: Make it work without TLS backing + - url: Fix parsing for when 'file' is the default protocol + - url: Allow file://X:/path URLs on windows again + - gnutls: Check for alpn and ocsp in configure + - IDN: Use TR46 'non-transitional' for toASCII translations + - url: Fix NO_PROXY env var to work properly with --proxy option + - CURLOPT_PREQUOTE.3: Takes a struct curl_slist*, not a char* + - docs: Add note about libcurl copying strings to CURLOPT_* manpages + - curl: Reset the easy handle at --next + - --next docs: --trace and --trace-ascii are also global + - --write-out docs: 'time_total' is not always shown with ms precision + - http: Print correct HTTP string in verbose output when using HTTP/2 + - docs: Improved language in README.md HISTORY.md CONTRIBUTE.md + - http2: Disable server push if not requested + - nss: Use the correct lock in nss_find_slot_by_name() + - usercertinmem.c: Improve the short description + - CURLOPT_CONNECT_TO: Fix compile warnings + - docs: Non-blocking SSL handshake is now supported with NSS + - *.rc: Escape non-ASCII/non-UTF-8 character for clarity + - mbedTLS: Fix multi interface non-blocking handshake + - PolarSSL: Fix multi interface non-blocking handshake + - VC: Remove the makefile.vc6 build infra + - telnet: Fix windows compiler warnings + - cookies: Do not assume a valid domain has a dot + - polarssl: Fix hangs + - gnutls: Disable TLS session tickets + - mbedtls: Disable TLS session tickets + - mbedtls: Implement CTR-DRBG and HAVEGE random generators + - openssl: Don't use certificate after transferring ownership + - cmake: Support curl --xattr when built with cmake + - OS400: Fix symbols + - docs: Add more HTTPS proxy documentation + - docs: Use more HTTPS links + - cmdline-opts: Fixed build and test in out of source tree builds + - CHANGES.0: Removed + - schannel: Remove incorrect SNI disabled message + - darwinssl: Avoid parsing certificates when not in verbose mode + - test552: Fix typos + - telnet: Fix typos + - transfer: Only retry nobody-requests for HTTP + - http2: Reset push header counter fixes crash + - nss: Make FTPS work with --proxytunnel + - test1139: Added the --manual keyword since the manual is required + - polarssl, mbedtls: Fix detection of pending data + - http_proxy: Fix tiny memory leak upon edge case connecting to proxy + - URL: Only accept ";options" in SMTP/POP3/IMAP URL schemes + - curl.1: ftp.sunet.se is no longer an FTP mirror + - tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT + - http2: Fix memory-leak when denying push streams + - configure: Allow disabling pthreads, fall back on Win32 threads + - curl: Fix typo in time condition warning message + - axtls: Adapt to API changes + - tool_urlglob: Allow a glob range with the same start and stop + - winbuild: Add note on auto-detection of MACHINE in Makefile.vc + - http: Fix missing 'Content-Length: 0' while negotiating auth + - proxy: Fix hostname resolution and IDN conversion + - docs: Fix timeout handling in multi-uv example + - digest_sspi: Fix nonce-count generation in HTTP digest + - sftp: Improved checks for create dir failures + - smb: Use getpid replacement for windows UWP builds + - digest_sspi: Handle 'stale=TRUE' directive in HTTP digest + +* Fri Feb 10 2017 Paul Howarth - 7.52.1-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Dec 23 2016 Paul Howarth - 7.52.1-1.0.cf +- Update to 7.52.1 + - CVE-2016-9594: Uninitialized random + - lib557: Fix checksrc warnings + - lib: Fix MSVC compiler warnings + - lib557.c: Use a shorter MAXIMIZE representation + - tests: Run checksrc on debug builds + +* Wed Dec 21 2016 Paul Howarth - 7.52.0-1.0.cf +- Update to 7.52.0 + - nss: Map CURL_SSLVERSION_DEFAULT to NSS default + - vtls: Support TLS 1.3 via CURL_SSLVERSION_TLSv1_3 + - curl: Introduce the --tlsv1.3 option to force TLS 1.3 + - curl: Add --retry-connrefused + - proxy: Support HTTPS proxy and SOCKS+HTTP(s) + - Add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %%{scheme} + - curl: Add --fail-early + - CVE-2016-9586: printf floating point buffer overflow + - CVE-2016-9952: Win CE schannel cert wildcard matches too much + - CVE-2016-9953: Win CE schannel cert name out of buffer read + - msvc: Removed a straggling reference to strequal.c + - winbuild: Remove strcase.obj from curl build + - examples: Bugfixed multi-uv.c + - configure: Verify that compiler groks -Werror=partial-availability + - mbedtls: Fix build with mbedtls versions < 2.4.0 + - dist: Add unit test CMakeLists.txt to the tarball + - curl -w: Added more decimal digits to timing counters + - easy: Initialize info variables on easy init and duphandle + - cmake: Disable poll for macOS + - http2: Don't send header fields prohibited by HTTP/2 spec + - ssh: Check md5 fingerprints case insensitively (regression) + - openssl: Initial TLS 1.3 adaptions + - curl_formadd.3: *_FILECONTENT and *_FILE need the file to be kept + - printf: Fix ".*f" handling + - examples/fileupload.c: fclose the file as well + - SPNEGO: Fix memory leak when authentication fails + - realloc: Use Curl_saferealloc to avoid common mistakes + - openssl: Make sure to fail in the unlikely event that PRNG seeding fails + - URL-parser: For file://[host]/ URLs, the [host] must be localhost + - timeval: Prefer time_t to hold seconds instead of long + - Curl_rand: Fixed and moved to rand.c + - glob: Fix [a-c] globbing regression + - darwinssl: Fix SSL client certificate not found on MacOS Sierra + - curl.1: Clarify --dump-header only writes received headers + - http2: Fix address sanitizer memcpy warning + - http2: Use huge HTTP/2 windows + - connects: Don't mix unix domain sockets with regular ones + - url: Fix conn reuse for local ports and interfaces + - x509: Limit ASN.1 structure sizes to 256K + - checksrc: Add more checks + - winbuild: Add config option ENABLE_NGHTTP2 + - http2: Check nghttp2_session_set_local_window_size exists + - http2: Fix crashes when parent stream gets aborted + - CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries + - URL parser: Reject non-numerical port numbers + - CONNECT: Reject TE or CL in 2xx responses + - CONNECT: Read responses one byte at a time + - curl: Support zero-length argument strings in config files + - openssl: Don't use OpenSSL's ERR_PACK + - curl.1: Generated with the new man page system + - curl_easy_recv: Improve documentation and example program + - Curl_getconnectinfo: Avoid checking if the connection is closed + - CIPHERS.md: Attempt to document TLS cipher names + +* Mon Nov 21 2016 Paul Howarth - 7.51.0-3.0.cf +- Map CURL_SSLVERSION_DEFAULT to NSS default, add support for TLS 1.3 + (#1396719) + +* Tue Nov 15 2016 Paul Howarth - 7.51.0-2.0.cf +- Stricter host name checking for file:// URLs +- ssh: Check md5 fingerprints case insensitively + +* Wed Nov 2 2016 Paul Howarth - 7.51.0-1.0.cf +- Update to 7.51.0 + - nss: Additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST + - New option: CURLOPT_KEEP_SENDING_ON_ERROR + - CVE-2016-8615: Cookie injection for other servers + - CVE-2016-8616: Case insensitive password comparison + - CVE-2016-8617: OOB write via unchecked multiplication + - CVE-2016-8618: Double-free in curl_maprintf + - CVE-2016-8619: Double-free in krb5 code + - CVE-2016-8620: glob parser write/read out of bounds + - CVE-2016-8621: curl_getdate read out of bounds + - CVE-2016-8622: URL unescape heap overflow via integer truncation + - CVE-2016-8623: Use-after-free via shared cookies + - CVE-2016-8624: Invalid URL parsing with '#' + - CVE-2016-8625: IDNA 2003 makes curl use wrong host + - openssl: Fix per-thread memory leak using 1.0.1 or 1.0.2 + - http: Accept "Transfer-Encoding: chunked" for HTTP/2 as well + - LICENSE-MIXING.md: Update with mbedTLS dual licensing + - examples/imap-append: Set size of data to be uploaded + - test2048: Fix url + - darwinssl: Disable RC4 cipher-suite support + - CURLOPT_PINNEDPUBLICKEY.3: Fix the AVAILABILITY formatting + - openssl: Don’t call CRYTPO_cleanup_all_ex_data + - libressl: Fix version output + - easy: Reset all statistical session info in curl_easy_reset + - curl_global_cleanup.3: Don't unload the lib with sub threads running + - dist: Add CurlSymbolHiding.cmake to the tarball + - docs: Remove that --proto is just used for initial retrieval + - configure: Fixed builds with libssh2 in a custom location + - curl.1: --trace supports %% for sending to stderr! + - cookies: Same domain handling changed to match browser behaviour + - formpost: Trying to attach a directory no longer crashes + - CURLOPT_DEBUGFUNCTION.3: Fixed unused argument warning + - formpost: Avoid silent snprintf() truncation + - ftp: Fix Curl_ftpsendf + - mprintf: Return error on too many arguments + - smb: Properly check incoming packet boundaries + - GIT-INFO: Remove the Mac 10.1-specific details + - resolve: Add error message when resolving using SIGALRM + - cmake: Add nghttp2 support + - dist: Remove PDF and HTML converted docs from the releases + - configure: Disable poll() in macOS builds + - vtls: Only re-use session-ids using the same scheme + - pipelining: Skip to-be-closed connections when pipelining + - win: Fix Universal Windows Platform build + - curl: Do not set CURLOPT_SSLENGINE to DEFAULT automatically + - maketgz: Make it support "only" generating version info + - Curl_socket_check: Add extra check to avoid integer overflow + - gopher: Properly return error for poll failures + - curl: Set INTERLEAVEDATA too + - polarssl: Clear thread array at init + - polarssl: Fix unaligned SSL session-id lock + - polarssl: Reduce #ifdef madness with a macro + - curl_multi_add_handle: Set timeouts in closure handles + - configure: Set min version flags for builds on mac + - INSTALL: Converted to markdown => INSTALL.md + - curl_multi_remove_handle: Fix a double-free + - multi: Fix infinite loop in curl_multi_cleanup() + - nss: Fix tight loop in non-blocking TLS handshake over proxy + - mk-ca-bundle: Change URL retrieval to HTTPS-only by default + - mbedtls: Stop using deprecated include file + - docs: Fix req->data in multi-uv example + - configure: Fix test syntax for monotonic clock_gettime + - CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2 +- Use libidn2 from Fedora 25 onwards + +* Fri Oct 7 2016 Paul Howarth - 7.50.3-2.0.cf +- Use the just-built version of libcurl while generating zsh completion + +* Wed Sep 14 2016 Paul Howarth - 7.50.3-1.0.cf +- Update to 7.50.3 + - CVE-2016-7167: Escape and unescape integer overflows + - mk-ca-bundle.pl: Use SHA256 instead of SHA1 + - checksrc: Detect strtok() use + - errors: New alias CURLE_WEIRD_SERVER_REPLY + - http2: Support > 64bit sized uploads + - openssl: Fix bad memory free (regression) + - CMake: Hide private library symbols + - http: Refuse to pass on response body when NO_NODY was set + - cmake: Fix curl-config --static-libs + - mbedtls: Switch off NTLM in build if md4 isn't available + - curl: --create-dirs on Windows groks both forward and backward slashes + +* Wed Sep 7 2016 Paul Howarth - 7.50.2-1.0.cf +- Update to 7.50.2 + - nss: Fix incorrect use of a previously loaded certificate from file + (CVE-2016-7141) + - nss: Work around race condition in PK11_FindSlotByName() + - mbedtls: Added support for NTLM + - SSH: Fixed SFTP/SCP transfer problems + - multi: Make Curl_expire() work with 0 ms timeouts + - mk-ca-bundle.pl: -m keeps ca cert meta data in output + - TFTP: Fix upload problem with piped input + - CURLOPT_TCP_NODELAY: now enabled by default + - mbedtls: Set verbose TLS debug when MBEDTLS_DEBUG is defined + - http2: Always wait for readable socket + - cmake: Enable win32 large file support by default + - cmake: Enable win32 threaded resolver by default + - winbuild: Avoid setting redundant CFLAGS to compile commands + - curl.h: Make CURL_NO_OLDIES define CURL_STRICTER + - docs: Make more markdown files use .md extension + - docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown + - winbuild: Allow changing C compiler via environment variable CC + - rtsp: Accept any RTSP session id + - HTTP: Retry failed HEAD requests on reused connections too + - configure: Add zlib search with pkg-config + - openssl: Accept subjectAltName iPAddress if no dNSName match + - MANUAL: Remove invalid link to LDAP documentation + - socks: Improved connection procedure + - proxy: Reject attempts to use unsupported proxy schemes + - proxy: Bring back use of "Proxy-Connection:" + - curl: Allow "pkcs11:" prefix for client certificates + - spnego_sspi: Fix memory leak in case *outlen is zero + - SOCKS: Improve verbose output of SOCKS5 connection sequence + - SOCKS: Display the hostname returned by the SOCKS5 proxy server + - http/sasl: Query authentication mechanism supported by SSPI before using + - sasl: Don't use GSSAPI authentication when domain name not specified + - win: Basic support for Universal Windows Platform apps + - ftp: Fix wrong poll on the secondary socket + - openssl: Build warning-free with 1.1.0 (again) + - HTTP: Stop parsing headers when switching to unknown protocols + - test219: Add http as a required feature + - TLS: random file/egd doesn't have to match for conn reuse + - schannel: Disable ALPN for Wine since it is causing problems + - http2: Make sure stream errors don't needlessly close the connection + - http2: Return CURLE_HTTP2_STREAM for unexpected stream close + - darwinssl: --cainfo is intended for backward compatibility only + - Speed caps: Not based on average speeds anymore + - configure: Make the cpp -P detection not clobber CPPFLAGS + - http2: Use named define instead of magic constant in read callback + - http2: Skip the content-length parsing, detect unknown size + - http2: Return EOF when done uploading without known size + - darwinssl: Test for errSecSuccess in PKCS12 import rather than noErr + - openssl: Fix CURLINFO_SSL_VERIFYRESULT +- Disable various ssh tests for F12..F15, which are failing for reasons unknown +- Build with c-ares rather than POSIX threaded DNS resolver for F12..F15, + which resolves some other test failures, and allows dropping of workaround + patch for old applications on F12 and F13 +- Update patches as needed + +* Fri Aug 26 2016 Paul Howarth - 7.50.1-2.0.cf +- Work around race condition in PK11_FindSlotByName() +- Fix incorrect use of a previously loaded certificate from file + (related to CVE-2016-5420) + +* Wed Aug 3 2016 Paul Howarth - 7.50.1-1.0.cf +- Update to 7.50.1 + - TLS: Switch off SSL session id when client cert is used (CVE-2016-5419) + - TLS: Only reuse connections with the same client cert (CVE-2016-5420) + - curl_multi_cleanup: Clear connection pointer for easy handles + (CVE-2016-5421) + - Include the CURLINFO_HTTP_VERSION(3) man page into the release tarball + - Include the http2-server.pl script in the release tarball + - test558: Fix test by stripping file paths from FD lines + - spnego: Corrected misplaced * in Curl_auth_spnego_cleanup() declaration + - tests: Fix for http/2 feature + - cmake: Fix for schannel support + - curl.h: Make public types void * again + - win32: Fix a potential memory leak in Curl_load_library + - travis: Fix OSX build by re-installing libtool + - mbedtls: Fix debug function name + +* Wed Jul 27 2016 Paul Howarth - 7.50.0-2.0.cf +- Use upstream fix for HTTP2 test confusion + +* Fri Jul 22 2016 Paul Howarth - 7.50.0-1.1.cf +- Fix confusion in test suite about whether or not HTTP2 support is available +- Use the default ports for the test suite; it's not robust enough to support + running under different ports + +* Thu Jul 21 2016 Paul Howarth - 7.50.0-1.0.cf +- Update to 7.50.0 + - http: Add CURLINFO_HTTP_VERSION and %%{http_version} + - memdebug: Fix MSVC crash with -DMEMDEBUG_LOG_SYNC + - openssl: Fix build with OPENSSL_NO_COMP + - mbedtls: Removed unused variables + - cmake: Added missing mbedTLS support + - URL parser: Allow URLs to use one, two or three slashes + - curl: Fix -q [regression] + - openssl: Use correct buffer sizes for error messages + - curl: Fix SIGSEGV while parsing URL with too many globs + - schannel: Add CURLOPT_CERTINFO support + - vtls: Fix ssl session cache race condition + - http: Fix HTTP/2 connection reuse [regression] + - checksrc: Add LoadLibrary to the banned functions list + - schannel: Disable ALPN on Windows < 8.1 + - configure: Occasional ignorance of --enable-symbol-hiding with GCC + - http2: test17xx are the first real HTTP/2 tests + - resolve: Add support for IPv6 DNS64/NAT64 Networks on OS X + iOS + - curl_multi_socket_action.3: Rewording + - CURLOPT_POSTFIELDS.3: Clarify what happens when set empty + - cmake: Fix build with winldap + - openssl: Fix cert check with non-DNS name fields present + - curl.1: Mention the units for the progress meter + - openssl: Use more 'const' to fix build warnings with 1.1.0 branch + - cmake: Now using BUILD_TESTING=ON/OFF + - vtls: Only call add/getsession if session id is enabled + - headers: Forward declare CURL, CURLM and CURLSH as structs + - configure: Improve detection of CA bundle path on FreeBSD + - SFTP: Set a generic error when no SFTP one exists + - curl_global_init.3: Expand on the SSL and WIN32 bits purpose + - conn: Don't free easy handle data in handler->disconnect + - cookie.c: Fix misleading indentation + - library: Fix memory leaks found during static analysis + - CURLMOPT_SOCKETFUNCTION.3: Fix typo + - curl_global_init: Moved the "IPv6 works" check here + - connect: Disable TFO on Linux when using SSL + - vauth: Fixed memory leak due to function returning without free + - winbuild: Fix embedded manifest option +- Fix HTTPS and FTPS tests (work around stunnel bug #1358810) +- Require nss-pem because it is no longer included in the nss package + (#1347336) + +* Wed Jun 22 2016 Paul Howarth - 7.49.1-3.1.cf +- Add HTTP/2 protocol support for EL-6 and EL-7 builds too + +* Sun Jun 19 2016 Paul Howarth - 7.49.1-3.0.cf +- Use multilib-rpm-config to install arch-dependent header files + +* Fri Jun 3 2016 Paul Howarth - 7.49.1-2.0.cf +- Fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757) + +* Mon May 30 2016 Paul Howarth - 7.49.1-1.0.cf +- Update to 7.49.1 + - Windows: prevent DLL hijacking, CVE-2016-4802 + - dist: Include manpage-scan.pl, nroff-scan.pl and CHECKSRC.md + - schannel: Fix compile break with MSVC XP toolset + - curlbuild.h.dist: Check __LP64__ as well to fix MIPS build + - dist: Include curl_multi_socket_all.3 + - http2: Use HTTP/2 in the HTTP/1.1-alike response + - openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0 + - CURLOPT_CONNECT_TO.3: User must not free the list prematurely + - libcurl.m4: Avoid obsolete warning + - winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity + - curl_multibyte: Fix compiler error + - openssl: Cleanup must free compression methods (memory leak) + - mbedtls: Fix includes so snprintf() works + - checksrc.pl: Added variants of strcat()/strncat() to banned function list + - contributors.sh: Better grep pattern and show GitHub username + - ssh: Fix build for libssh2 before 1.2.6 + - curl_share_setopt.3: Add min ver needed for ssl session lock + +* Fri May 20 2016 Paul Howarth - 7.49.0-1.1.cf +- Manually install (and package) zsh completion +- Bundle upstream files needed so we can run tests 1139 and 1140 + +* Wed May 18 2016 Paul Howarth - 7.49.0-1.0.cf +- Update to 7.49.0 + - schannel: Add ALPN support + - SSH: Support CURLINFO_FILETIME + - SSH: New CURLOPT_QUOTE command "statvfs" + - wolfssl: Add ALPN support + - http2: Added --http2-prior-knowledge + - http2: Added CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE + - libcurl: Added CURLOPT_CONNECT_TO + - curl: Added --connect-to + - libcurl: Added CURLOPT_TCP_FASTOPEN + - curl: Added --tcp-fastopen + - curl: Remove support for --ftpport, -http-request and --socks + (deprecated versions since around 10 years) + - CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL + - checksrc.bat: Updated the help to be consistent with generate.bat + - checksrc.bat: Added support for scanning the tests and examples + - openssl: Fix ERR_remove_thread_state() for boringssl/libressl + - openssl: boringssl provides the same numbering as openssl + - multi: Fix "Operation timed out after" timer + - url: Don't use bad offset in tld_check_name to show error + - sshserver.pl: Use quotes for given options + - Makefile.am: Skip the scripts dir + - curl: Warn for --capath use if not supported by libcurl + - http2: Fix connection reuse + - GSS: Make Curl_gss_log_error more verbose + - build-wolfssl: Allow a broader range of ciphers (Visual Studio) + - wolfssl: Use ECC supported curves extension + - openssl: Fix compilation warnings + - Curl_add_buffer_send: Avoid possible NULL dereference + - SOCKS5_gssapi_negotiate: Don't assume little-endian ints + - strerror: Don't bit shift a signed integer + - url: Corrected get protocol family for FTP and LDAP + - curl/mprintf.h: Remove support for _MPRINTF_REPLACE + - upload: Missing rewind call could make libcurl hang + - IMAP: Check pointer before dereferencing it + - build: Changed the Visual Studio projects warning level from 3 to 4 + - checksrc: Now stricter, wider checks, code cleaned up + - checksrc: Added docs/CHECKSRC.md + - curl_sasl: Fixed potential null pointer utilisation + - krb5: Fixed missing client response when mutual authentication enabled + - krb5: Only process challenge when present + - krb5: Only generate a SPN when its not known + - formdata: Use appropriate fopen() macros + - curl.1: -w filename_effective was introduced in 7.26.0 + - http2: Make use of the nghttp2 error callback + - http2: Fix connection reuse when PING comes after last DATA + - curl.1: Change example for -F + - HTTP2: Add a space character after the status code + - curl.1: Use example.com more + - mbedtls.c: Changed private prefix to mbed_ + - mbedtls: Implement and provide *_data_pending() to avoid hang + - mbedtls: Fix MBEDTLS_DEBUG builds + - ftp/imap/pop3/smtp: Allow the service name to be overridden + - CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME + - build: Include scripts/ in the dist + - http2: Add handling stream level error + - http2: Improve header parsing + - makefile.vc6: Use d suffix on debug object + - configure: Remove check for libresolve + - scripts/make: Use $(EXEEXT) for executables + - checksrc: Got rid of the whitelist files + - sendf: Added ability to call recv() before send() as workaround + - NTLM: Check for NULL pointer before dereferencing + - openssl: Builds with OpenSSL 1.1.0-pre5 + - configure: ac_cv_ -> curl_cv_ for all cached vars + - winbuild: Add mbedtls support + - curl: Make --ftp-create-dirs retry on failure + - PolarSSL: Implement public key pinning + - multi: Accidentally used resolved host name instead of proxy + - CURLINFO_TLS_SESSION.3: clarify TLS library support before 7.48.0 + - CONNECT_ONLY: Don't close connection on GSS 401/407 reponses + - opts: Fix some syntax errors in example code fragments + - mbedtls: Fix session resume + - test1139: Verifies libcurl option man page presence + - CURLINFO_TLS_SSL_PTR.3: Clarify SSL pointer availability + - curl: Make --disable work as long form of -q + - curl: Use --telnet-option as documented + - curl.1: Document --ftp-ssl-reqd, --krb4 and --ntlm-wb + - curl: -h output lacked --proxy-header and --ntlm-wb + - curl -J: Make it work even without http:// scheme on URL + - lib: Include curl_printf.h as one of the last headers + - tests: Handle path properly on Msys/Cygwin + - curl.1: --mail-rcpt can be used multiple times + - CURLOPT_ACCEPT_ENCODING.3: Clarified + - docs: Fixed lots of broken man page references + - tls: Make setting pinnedkey option fail if not supported + - test1140: Run nroff-scan to verify man pages + - http: Make sure a blank header overrides accept_decoding + - connections: Do not reuse non-HTTP proxies on different ports + - connect: Fix invalid "Network is unreachable" errors + - TLS: Move the ALPN/NPN enable bits to the connection + - TLS: SSL_peek is not a const operation + - http2: Add space between colon and header value + - darwinssl: Fix certificate verification disable on OS X 10.8 + - mprintf: Fix processing of width and prec args + - ftp wildcard: segfault due to init only in multi_perform +- Update zsh completion patch +- Disable tests 1139 and 1140, which fail due to files missing from tarball +- Upstream not building/installing zsh completion script any longer + +* Wed Mar 23 2016 Paul Howarth - 7.48.0-1.0.cf +- Update to 7.48.0 + - configure: --with-ca-fallback: Use built-in TLS CA fallback + - TFTP: Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS + - getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION + - Added CODE_STYLE.md + - Proxy-Connection: Stop sending this header by default + - os400: Sync ILE/RPG definitions with latest public header files + - cookies: Allow spaces in cookie names, cut off trailing spaces + - tool_urlglob: Allow reserved dos device names (Windows) + - openssl: Remove most BoringSSL #ifdefs + - tool_doswin: Support for literal path prefix \\?\ + - mbedtls: Fix ALPN usage segfault + - mbedtls: Fix memory leak when destroying SSL connection data + - nss: Do not count enabled cipher-suites + - examples/cookie_interface.c: Add cleanup call + - examples: Adhere to curl code style + - curlx_tvdiff: Handle 32bit time_t overflows + - dist: Ship buildconf.bat too + - curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts + - generate.bat: Fix comment bug by removing old comments + - test1604: Add to Makefile.inc so it gets run + - gtls: Fix for builds lacking encrypted key file support + - SCP: Use libssh2_scp_recv2 to support > 2GB files on windows + - CURLOPT_CONNECTTIMEOUT_MS.3: Fix example to use milliseconds option + - cookie: Do not refuse cookies to localhost + - openssl: Avoid direct PKEY access with OpenSSL 1.1.0 + - http: Don't break the header into chunks if HTTP/2 + - http2: Don't decompress gzip decoding automatically + - curlx.c: i2s_ASN1_IA5STRING() clashes with an openssl function + - curl.1: Add a missing dash + - curl.1: HTTP headers for --cookie must be Set-Cookie style + - CURLOPT_COOKIEFILE.3: HTTP headers must be Set-Cookie style + - curl_sasl: Fix memory leak in digest parser + - src/Makefile.m32: Add CURL_{LD,C}FLAGS_EXTRAS support + - CURLOPT_DEBUGFUNCTION.3: Fix example + - runtests: Fixed usage of %%PWD on MinGW64 + - tests/sshserver.pl: Use RSA instead of DSA for host auth + - multi_remove_handle: Keep the timeout list until after disconnect + - Curl_read: Check for activated HTTP/1 pipelining, not only requested + - configure: Warn on invalid ca bundle or path + - file: Try reading from files with no size + - getinfo: Add support for mbedTLS TLS session info + - formpost: Fix memory leaks in AddFormData error branches + - makefile.m32: Allow to pass .dll/.exe-specific LDFLAGS + - url: If Curl_done is premature then pipeline not in use + - cookie: Remove redundant check + - cookie: Don't expire session cookies in remove_expired + - makefile.m32: Fix to allow -ssh2-winssl combination + - checksrc.bat: Fixed cannot find perl if installed but not in path + - build-openssl.bat: Fixed cannot find perl if installed but not in path + - mbedtls: Fix user-specified SSL protocol version + - makefile.m32: Add missing libs for static -winssl-ssh2 builds + - test46: Change cookie expiry date + - pipeline: Sanity check pipeline pointer before accessing it + - openssl: Use the correct OpenSSL/BoringSSL/LibreSSL in messages + - ftp_done: Clear tunnel_state when secondary socket closes + - opt-docs: Fix heading macros + - imap/pop3/smtp: Fixed connections upgraded with TLS are not reused + - curl_multi_wait: Never return -1 in 'numfds' + - url.c: Fix clang warning: no newline at end of file + - krb5: Improved type handling to avoid clang compiler warnings + - cookies: First n/v pair in Set-Cookie: is the cookie, then parameters + - multi: Avoid blocking during CURLM_STATE_WAITPROXYCONNECT + - multi hash: Ensure modulo performed on curl_socket_t + - curl: glob_range: No need to check unsigned variable for negative + - easy: Add check to malloc() when running event-based + - CURLOPT_SSLENGINE.3: Only for OpenSSL built with engine support + - version: Thread safety + - openssl: verbose: Show matching SAN pattern + - openssl: Adapt to OpenSSL 1.1.0 API breakage in ERR_remove_thread_state() + - formdata.c: Fixed compilation warning + - configure: Use cpp -P when needed + - imap.c: Fixed compilation warning with /Wall enabled + - config-w32.h: Fixed compilation warning when /Wall enabled + - ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabled + - build: Added missing Visual Studio filter files for VC10 onwards + - easy: Remove poll failure check in easy_transfer + - mbedtls: Fix compiler warning + - build-wolfssl: Update VS properties for wolfSSL v3.9.0 + - Fixed various compilation warnings when verbose strings disabled +- Update patches as needed + +* Thu Mar 3 2016 Paul Howarth - 7.47.1-4.0.cf +- Do not refuse cookies for localhost (#1308791) + +* Wed Feb 17 2016 Paul Howarth - 7.47.1-3.0.cf +- Make SCP and SFTP test-cases work with recent OpenSSH versions that don't + support DSA keys + +* Thu Feb 11 2016 Paul Howarth - 7.47.1-2.0.cf +- Enable support for Public Suffix List where possible (#1305701) + +* Mon Feb 8 2016 Paul Howarth - 7.47.1-1.0.cf +- Update to 7.47.1 + - getredirect.c: Fix variable name + - tool_doswin: Silence unused function warning + - cmake: Fixed when OpenSSL enabled on Windows and schannel detected + - curl.1: Explain remote-name behavior if file already exists + - tool_operate: Don't sanitize --output path (Windows) + - URLs: Change all http:// URLs to https:// in documentation & comments + - sasl_sspi: Fix memory leak in domain populate + - COPYING: Clarify that Daniel is not the sole author + - examples/htmltitle: Use _stricmp on Windows + - examples/asiohiper: Avoid function name collision on Windows + - idn_win32: Better error checking + - openssl: Fix signed/unsigned mismatch warning in X509V3_ext + - curl save files: Check for backslashes on cygwin +- Update patches as needed + +* Thu Feb 4 2016 Paul Howarth - 7.47.0-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jan 27 2016 Paul Howarth - 7.47.0-1.0.cf +- Update to 7.47.0 + - version: Add flag CURL_VERSION_PSL for libpsl + - http: Added CURL_HTTP_VERSION_2TLS to do HTTP/2 for HTTPS only + - curl: Use 2TLS by default + - curl --expect100-timeout: added + - Add .dir-locals and set c-basic-offset to 2 (for emacs) + - curl: Avoid local drive traversal when saving file on Windows + (CVE-2016-0754) + - NTLM: Do not resuse proxy connections without diff proxy credentials + (CVE-2016-0755) + - tests: Disable the OAUTHBEARER tests when using a non-default port number + - curl: Remove keepalive #ifdef checks done on libcurl's behalf + - formdata: Check if length is too large for memory + - lwip: Fix compatibility issues with later versions + - openssl: BoringSSL doesn't have CONF_modules_free + - config-win32: Fix warning HAVE_WINSOCK2_H undefined + - build: Fix compilation error with CURL_DISABLE_VERBOSE_STRINGS + - http2: Fix hanging paused stream + - scripts/Makefile: Fix GNUism and survive no perl + - openssl: Adapt to 1.1.0+ name changes + - openssl: Adapt to openssl ≥ 1.1.0 X509 opaque structs + - HTTP2.md: Spell fix and remove TODO now implemented + - setstropt: const-correctness + - cyassl: Fix compiler warning on type conversion + - gskit: Fix host subject altname verification + - http2: Support trailer fields + - wolfssl: Handle builds without SSLv3 support + - cyassl: Deal with lack of *get_peer_certificate + - sockfilt: Do not wait on unreliable file or pipe handle + - make: Build zsh script even in an out-of-tree build + - test 1326: Fix getting stuck on Windows + - test 87: Fix file check on Windows + - configure: Allow static builds on mingw + - configure: Detect IPv6 support on Windows + - ConnectionExists: With *PIPEWAIT, wait for connections + - Makefile.inc: s/curl_SOURCES/CURL_FILES + - test 16: Fixed for Windows + - test 252-255: Use datacheck mode text for ASCII-mode LISTings + - tftpd server: Add Windows support by writing files in binary mode + - ftplistparser: Fix handling of file LISTings using Windows EOL + - tests first.c: Fix calculation of sleep timeout on Windows + - tests (several): Use datacheck mode text for ASCII-mode LISTings + - CURLOPT_RANGE.3: For HTTP servers, range support is optional + - test 1515: Add MSYS support by passing a relative path + - curl_global_init.3: Add Windows-specific info for init via DLL + - http2: Fix client write for trailers on stream close + - mbedtls: Fix ALPN support + - connection reuse: IDN host names fixed + - http2: Fix PUSH_PROMISE headers being treated as trailers + - http2: Handle the received SETTINGS frame + - http2: Ensure that http2_handle_stream_close is called + - mbedtls: Implement CURLOPT_PINNEDPUBLICKEY + - runtests: Add mbedTLS to the SSL backends + - IDN host names: Remove the port number before converting to ACE + - zsh.pl: Fail if no curl is found + - scripts: Fix zsh completion generation + - scripts: Don't generate and install zsh completion when cross-compiling + - lib: Prefix URLs with lower-case protocol names/schemes + - ConnectionExists: Only do pipelining/multiplexing when asked + - configure: Assume IPv6 works when cross-compiled + - openssl: For 1.1.0+ they now provide a SSLeay() macro of their own + - openssl: Improved error detection/reporting + - ssh: CURLOPT_SSH_PUBLIC_KEYFILE now treats "" as NULL again + - mbedtls: Fix pinned key return value on fail + - maketgz: Generate date stamp with LC_TIME=C +- Re-enable previously-disabled tests +- Fix FTBFS when building curl dynamically with no libcurl.so.4 in system + +* Fri Dec 4 2015 Paul Howarth - 7.46.0-2.0.cf +- Rebuild for #1288529 + +* Wed Dec 2 2015 Paul Howarth - 7.46.0-1.0.cf +- Update to 7.46.0 + - configure: build silently by default + - cookies: Add support for Public Suffix List with libpsl + - vtls: Added support for mbedTLS + - Added CURLOPT_STREAM_DEPENDS + - Added CURLOPT_STREAM_DEPENDS_E + - Added CURLOPT_STREAM_WEIGHT + - Added CURLFORM_CONTENTLEN + - oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP + - des: Fix header conditional for Curl_des_set_odd_parity + - ntlm: Get rid of unconditional use of long long + - CURLOPT_CERTINFO.3: Fix reference to CURLINFO_CERTINFO + - docs: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET + - http2: Fix http2_recv to return -1 if recv returned -1 + - curl_global_init_mem: Set function pointers before doing init + - ntlm: Error out without 64bit support as the code needs it + - openssl: Fix set up of pkcs12 certificate verification chain + - acinclude: Remove PKGCONFIG override + - test1531: case the size to fix the test on non-largefile builds + - fread_func: Move callback pointer from set to state struct + - test1601: Fix compilation with --enable-debug and --disable-crypto-auth + - http2: Don't pass uninitialized name+len pairs to nghttp2_submit_request + - curlbuild.h: Fix non-configure compiling to mips and sh4 targets + - tool: Generate easysrc with last cache linked-list + - cmake: Fix for add_subdirectory(curl) use-case + - vtls: Fix compiler warning for TLS backends without sha256 + - build: Fix for MSDOS/djgpp + - checksrc: Add crude // detection + - http2: on_frame_recv: Trust the conn/data input + - ftp: Allow CURLOPT_IGNORE_CONTENT_LENGTH to ignore size + - polarssl/mbedtls: Fix name space pollution + - build: Fix mingw ssl gdi32 order + - build: Fix support for PKG_CONFIG + - MacOSX-Framework: sdk regex fix for sdk 10.10 and later + - socks: Fix incorrect port numbers in failed connect messages + - curl.1: -E: s/private certificate/client certificate/ + - curl.h: s/HTTPPOST_/CURL_HTTPOST_/ + - curl_formadd: Support >2GB files on windows + - http redirects: %%-encode bytes outside of ascii range + - rawstr: Speed up Curl_raw_toupper by 40%% + - curl_ntlm_core: Fix 2 curl_off_t constant overflows + - getinfo: CURLINFO_ACTIVESOCKET: Fix bad socket value + - tftp tests: Verify sent options too + - imap: Don't call imap_atom() when no mailbox specified in LIST command + - imap: Fixed double quote in LIST command when mailbox contains spaces + - imap: Don't check for continuation when executing a CUSTOMREQUEST + - acinclude: Remove check for 16-bit curl_off_t + - BoringSSL: Work with stricter BIO_get_mem_data() + - cmake: Add missing feature macros in config header + - sasl_sspi: Fixed unicode build for digest authentication + - sasl_sspi: Fix identity memory leak in digest authentication + - unit1602: Fixed failure in torture test + - unit1603: Added unit tests for hash functions + - vtls/openssl: Remove unused traces of yassl ifdefs + - openssl: Remove #ifdefs for < 0.9.7 support + - typecheck-gcc.h: Add some missing options + - curl: Mark two more options strings for --libcurl output + - openssl: Free modules on cleanup + - CURLMOPT_PUSHFUNCTION.3: *_byname() returns only the first header + - getconnectinfo: Don't call recv(2) if socket == -1 + - http2: http_done: Don't free already-freed push headers + - zsh completion: Preserve single quotes in output + - os400: Provide options for libssh2 use in compile scripts + - build: Fix theoretical infinite loops + - pop3: Differentiate between success and continuation responses + - examples: Fixed compilation warnings + - schannel: Use GetVersionEx() when VerifyVersionInfo() isn't available + - CURLOPT_HEADERFUNCTION.3: fix typo + - curl: Expanded the -XHEAD warning text + - done: Make sure the final progress update is made + - build: Install zsh completion + - RTSP: Do not add if-modified-since without timecondition + - curl: Fixed display of URL index in password prompt for --next + - nonblock: Fix setting non-blocking mode for Amiga + - http2 push: Add missing inits of new stream + - http2: Convert some verbose output into debug-only output + - Curl_read_plain: clean up ifdefs that break statements +- Explicitly turn off silent building so we can see the compiler flags used +- Disable OAUTHBEARER tests since they don't work with custom test ports + +* Wed Oct 7 2015 Paul Howarth - 7.45.0-1.0.cf +- Update to 7.45.0 + - Added CURLOPT_DEFAULT_PROTOCOL + - Added new tool option --proto-default + - getinfo: Added CURLINFO_ACTIVESOCKET + - Turned CURLINFO_* option docs as stand-alone man pages + - curl: Point out unnecessary uses of -X in verbose mode + - curl_global_init_mem.3: Stronger thread safety warning + - buildconf.bat: Fixed issues when ran in directories with special chars + - cmake: Fix CurlTests check for gethostbyname_r with 5 arguments + - generate.bat: Fixed issues when ran in directories with special chars + - generate.bat: Only call buildconf.bat if it exists + - generate.bat: Added support for generating only the prerequisite files + - curl.1: Document weaknesses in SSLv2 and SSLv3 + - CURLOPT_HTTP_VERSION.3: Connection re-use goes before version + - docs: Update the redirect protocols disabled by default + - inet_pton.c: Fix MSVC run-time check failure + - CURLMOPT_PUSHFUNCTION.3: Fix argument types + - rtsp: Support basic/digest authentication + - rtsp: Stop reading empty DESCRIBE responses + - travis: Upgrading to container based build + - travis.yml: Add OS X testbot + - FTP: Make state machine not get stuck in state + - openssl: Handle lack of server cert when strict checking disabled + - configure: Change functions to detect openssl (clones) + - configure: Detect latest boringssl + - runtests: Allow for spaces in server-verify curl custom path + - http2: on_frame_recv: Get a proper 'conn' for the debug logging + - ntlm: Mark deliberate switch case fall-through + - http2: Remove dead code + - curl_easy_{escape,unescape}.3: "char *" vs. "const char *" + - curl: Point out the conflicting HTTP methods if used + - cmake: Added Windows SSL support + - curl_easy_{escape,setopt}.3: Fix example + - curl_easy_escape.3: Escape '\n' + - libcurl.m4: Put braces around empty if body + - buildconf.bat: Fixed double blank line in 'curl manual' warning output + - sasl: Only define Curl_sasl_digest_get_pair() when CRYPTO_AUTH enabled + - inet_pton.c: Fix MSVC run-time check failure + - CURLOPT_FOLLOWLOCATION.3: Mention methods for redirects + - http2: Don't pass on Connection: headers + - nss: Do not directly access SSL_ImplementedCiphers + - docs: Numerous cleanups and spelling fixes + - FTP: do_more: Add check for wait_data_conn in upload case + - parse_proxy: Reject illegal port numbers + - cmake: IPv6 : Disable Unix header check on Windows platform + - winbuild: Run buildconf.bat if necessary + - buildconf.bat: Fix syntax error + - curl_sspi: Fix possibly undefined CRYPT_E_REVOKED + - nss: Prevent NSS from incorrectly re-using a session + - libcurl-errors.3: Add two missing error codes + - openssl: Fix build with < 0.9.8 + - openssl: Refactor certificate parsing to use OpenSSL memory BIO + - openldap: Only part of LDAP query results received + - ssl: Add server cert's "sha256//" hash to verbose + - NTLM: Reset auth-done when using a fresh connection + - curl: Generate easysrc only on --libcurl + - tests: Disable 1801 until fixed + - CURLINFO_TLS_SESSION: Always return backend info + - gnutls: Support CURLOPT_KEYPASSWD + - gnutls: Report actual GnuTLS error message for certificate errors + - tests: Disable 1510 due to CI-problems on github + - cmake: Put "winsock2.h" before "windows.h" during configure checks + - cmake: Ensure discovered include dirs are considered + - configure: Add missing ')' for CURL_CHECK_OPTION_RT + - build: Fix failures with -Wcast-align and -Werror + - FTP: Fix uploading ASCII with unknown size + - readwrite_data: Set a max number of loops + - http2: Avoid superfluous Curl_expire() calls + - http2: Set TCP_NODELAY unconditionally + - docs: Fix unescaped '\n' in man pages + - openssl: Fix algorithm init to make (gost) engines work + - win32: Make recent Borland compilers use long long + - runtests: Fix pid check in checkdied + - gopher: Don't send NUL byte + - tool_setopt: Fix c_escape truncated octal + - hiperfifo: Fix the pointer passed to WRITEDATA + - getinfo: Fix return code for unknown CURLINFO options + +* Fri Sep 18 2015 Paul Howarth - 7.44.0-2.0.cf +- Prevent NSS from incorrectly re-using a session (#1104597) + +* Wed Aug 12 2015 Paul Howarth - 7.44.0-1.0.cf +- Update to 7.44.0 + - http2: Added CURLMOPT_PUSHFUNCTION and CURLMOPT_PUSHDATA + - examples: Added http2-serverpush.c + - http2: Added curl_pushheader_byname() and curl_pushheader_bynum() + - docs: Added CODE_OF_CONDUCT.md + - curl: Add --ssl-no-revoke to disable certificate revocation checks + - libcurl: New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS + - makefile: Added support for VC14 + - build: Added Visual Studio 2015 (VC14) project files + - build: Added wolfSSL configurations to VC10+ project files + - FTP: Fix HTTP CONNECT logic regression + - openssl: Fix build with openssl < ~ 0.9.8f + - openssl: Fix build with BoringSSL + - curl_easy_setopt.3: Option order doesn't matter + - openssl: Fix use of uninitialized buffer + - RTSP: Removed dead code + - Makefile.m32: Add support for CURL_LDFLAG_EXTRAS + - curl: Always provide negotiate/kerberos options + - cookie: Fix bug in export if any-domain cookie is present + - curl_easy_setopt.3: Mention CURLOPT_PIPEWAIT + - INSTALL: Advise use of non-native SSL for Windows <= XP + - tool_help: Fix --tlsv1 help text to use >= for TLSv1 + - HTTP: POSTFIELDSIZE set after added to multi handle + - SSL-PROBLEMS: Mention WinSSL problems in WinXP + - setup-vms.h: Symbol case fixups + - SSL: Pinned public key hash support + - libtest: Call PR_Cleanup() on exit if NSPR is used + - ntlm_wb: Fix theoretical memory leak + - runtests: Allow for spaces in curl custom path + - http2: Add stream != NULL checks for reliability + - schannel: Replace deprecated GetVersion with VerifyVersionInfo + - http2: Verify success of strchr() in http2_send() + - configure: Add --disable-rt option + - openssl: Work around MSVC warning + - HTTP: Ignore "Content-Encoding: compress" + - configure: Check if OpenSSL linking wants -ldl + - build-openssl.bat: Show syntax if required args are missing + - test1902: Attempt to make the test more reliable + - libcurl-thread.3: Consolidate thread safety info + - maketgz: Fixed some VC makefiles missing from the release tarball + - libcurl-multi.3: Mention curl_multi_wait + - ABI doc: Use secure URL + - http: Move HTTP/2 cleanup code off http_disconnect() + - libcurl-thread.3: Warn memory functions must be thread safe + - curl_global_init_mem.3: Warn threaded resolver needs thread safe funcs + - docs: formpost needs the full size at start of upload + - curl_gssapi: Remove 'const' to fix compiler warnings + - SSH: Three state machine fixups + - libcurl.3: Fix a single typo + - generate.bat: Only clean prerequisite files when in ALL mode + - curl_slist_append.3: Add error checking to the example + - buildconf.bat: Added support for file clean-up via -clean + - generate.bat: Use buildconf.bat for prerequisite file clean-up + - NTLM: Handle auth for only a single request + - curl_multi_remove_handle.3: Fix formatting + - checksrc.bat: Fixed error when [directory] isn't a curl source directory + - checksrc.bat: Fixed error when missing *.c and *.h files + - CURLOPT_RESOLVE.3: Note removal support was added in 7.42 + - test46: Update cookie expire time + - SFTP: Fix range request off-by-one in size check + - CMake: Fix GSSAPI builds + - build: Refer to fixed libidn versions + - http2: Discard frames with no SessionHandle + - curl_easy_recv.3: Fix formatting + - libcurl-tutorial.3: Fix formatting + - curl_formget.3: Correct return code + +* Thu Jul 30 2015 Paul Howarth - 7.43.0-3.0.cf +- Prevent dnf from crashing when using both FTP and HTTP (#1248389) +- Add HTTP/2 protocol support for Fedora 23 too + +* Sat Jul 18 2015 Paul Howarth - 7.43.0-2.0.cf +- Build support for the HTTP/2 protocol (Fedora 24 onwards) + +* Wed Jun 17 2015 Paul Howarth - 7.43.0-1.0.cf +- Update to 7.43.0 + - CVE-2015-3236: Lingering HTTP credentials in connection re-use + - CVE-2015-3237: SMB send off unrelated memory contents + - Added CURLOPT_PROXY_SERVICE_NAME + - Added CURLOPT_SERVICE_NAME + - New curl option: --proxy-service-name + - New curl option: --service-name + - New curl option: --data-raw + - Added CURLOPT_PIPEWAIT + - Added support for multiplexing transfers using HTTP/2, enable this + with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING + - HTTP/2: Requires nghttp2 1.0.0 or later + - scripts: Add zsh.pl for generating zsh completion + - curl.h: Add CURL_HTTP_VERSION_2 + - nss: Fix compilation failure with old versions of NSS + - curl_easy_getinfo.3: Document 'internals' in CURLINFO_TLS_SESSION + - schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error + - Curl_ossl_init: Load built-in modules + - configure: Follow-up fix for krb5-config + - sasl_sspi: Populate domain from the realm in the challenge + - netrc: Support 'default' token + - README: Convert to UTF-8 + - cyassl: Implement public key pinning + - nss: Implement public key pinning for NSS backend + - mingw build: Add arch -m32/-m64 to LDFLAGS + - schannel: Fix out of bounds array + - configure: Remove autogenerated files by autoconf + - configure: Remove --automake from libtoolize call + - acinclude.m4: Fix shell test for default CA cert bundle/path + - schannel: Fix regression in schannel_recv + - openssl: Skip trace outputs for ssl_ver == 0 + - gnutls: Properly retrieve certificate status + - netrc: Read in text mode when cygwin + - winbuild: Document the option used to statically link the CRT + - FTP: Make EPSV use the control IP address rather than the original host + - FTP: fIx dangling conn->ip_addr dereference on verbose EPSV + - conncache: Keep bundles on host+port bases, not only host names + - runtests.pl: Use 'h2c' now, no -14 anymore + - curlver: Introducing new version number (checking) macros + - openssl: boringssl build breakage, use SSL_CTX_set_msg_callback + - CURLOPT_POSTFIELDS.3: Correct variable names + - curl_easy_unescape.3: Update RFC reference + - gnutls: Don't fail on non-fatal alerts during handshake + - testcurl.pl: Allow source to be in an arbitrary directory + - CURLOPT_HTTPPROXYTUNNEL.3: Only works with a HTTP proxy + - SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description + - parse_proxy: Switch off tunneling if non-HTTP proxy + - share_init: Fix OOM crash + - perl: Remove subdir, not touched in 9 years + - CURLOPT_COOKIELIST.3: Add example + - CURLOPT_COOKIE.3: Explain that the cookies won't be modified + - CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain + - FAQ: How do I port libcurl to my OS? + - openssl: Use TLS_client_method for OpenSSL 1.1.0+ + - HTTP-NTLM: Fail auth on connection close instead of looping + - curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT + - curl_getdate.3: Update RFC reference + - curl_multi_info_read.3: Added example + - curl_multi_perform.3: Added example + - curl_multi_timeout.3: Added example + - cookie: Stop exporting any-domain cookies + - openssl: Remove dummy callback use from SSL_CTX_set_verify() + - openssl: Remove SSL_get_session()-using code + - openssl: Removed USERDATA_IN_PWD_CALLBACK kludge + - openssl: Removed error string #ifdef + - openssl: Fix verification of server-sent legacy intermediates + - docs: man page indentation and syntax fixes + - docs: Spelling fixes + - fopen.c: Fix a few compiler warnings + - CURLOPT_OPENSOCKETFUNCTION: Return error at once + - schannel: Add support for optional client certificates + - build: Properly detect OpenSSL 1.0.2 when using configure + - urldata: Store POST size in state.infilesize too + - security: choose_mech: Remove dead code + - rtsp_do: Remove dead code + - docs: Many HTTP URIs changed to HTTPS + - schannel: schannel_recv overhaul +- Fix build for old openssl versions without SSL3_MT_NEWSESSION_TICKET + +* Sat Jun 6 2015 Paul Howarth - 7.42.1-2.0.cf +- curl-config --libs now works on x86_64 without libcurl-devel.x86_64 + (#1228363) + +* Wed Apr 29 2015 Paul Howarth - 7.42.1-1.0.cf +- Update to 7.42.1 + - CURLOPT_HEADEROPT: default to separate (CVE-2015-3153) + - dist: include {src,lib}/checksrc.whitelist + - connectionexists: fix build without NTLM + - docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too + - curl -z: do not write empty file on unmet condition + - openssl: fix serial number output + - curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION + - sws: init http2 state properly + - curl.1: fix typo + +* Wed Apr 22 2015 Paul Howarth - 7.42.0-1.1.cf +- Implement public key pinning for NSS backend (#1195771) +- Do not run flaky test-cases in %%check + +* Wed Apr 22 2015 Paul Howarth - 7.42.0-1.0.cf +- Update to 7.42.0 + - openssl: Show the cipher selection to use in verbose text + - gtls: Implement CURLOPT_CERTINFO + - Add CURLOPT_SSL_FALSESTART option (darwinssl and NSS) + - curl: Add --false-start option + - Add CURLOPT_PATH_AS_IS + - curl: Add --path-as-is option + - curl: Create output file on successful download of an empty file + - ConnectionExists: For NTLM re-use, require credentials to match + (CVE-2015-3143) + - Cookie: Cookie parser out of boundary memory access (CVE-2015-3145) + - fix_hostname: Zero length host name caused -1 index offset (CVE-2015-3144) + - http_done: Close Negotiate connections when done (CVE-2015-3148) + - sws: Timeout idle CONNECT connections + - nss: Improve error handling in Curl_nss_random() + - nss: Do not skip Curl_nss_seed() if data is NULL + - curl-config.in: Eliminate double quotes around CURL_CA_BUNDLE + - http2: Move lots of verbose output to be debug-only + - dist: Add extern-scan.pl to the tarball + - http2: Return recv error on unexpected EOF + - build: Use default RandomizedBaseAddress directive in VC9+ project files + - build: Removed DataExecutionPrevention directive from VC9+ project files + - tool: Updated the warnf() function to use the GlobalConfig structure + - http2: Return error if stream was closed with other than NO_ERROR + - mprintf.h: Remove #ifdef CURLDEBUG + - libtest: Fixed linker errors on msvc + - tool: Use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE + - curl.1: Fix "The the" typo + - cmake: Handle build definitions CURLDEBUG/DEBUGBUILD + - openssl: Remove all uses of USE_SSLEAY + - multi: Fix memory-leak on timeout (regression) + - curl_easy_setopt.3: Added CURLOPT_SSL_VERIFYSTATUS + - metalink: Add some error checks + - TLS: Make it possible to enable ALPN/NPN without HTTP/2 + - http2: Use CURL_HTTP_VERSION_* symbols instead of NPN_* + - conncontrol: Only log changes to the connection bit + - multi: Fix *getsock() with CONNECT + - symbols.pl: Handle '-' in the deprecated field + - MacOSX-Framework: Use @rpath instead of @executable_path + - GnuTLS: Add support for CURLOPT_CAPATH + - GnuTLS: Print negotiated TLS version and full cipher suite name + - GnuTLS: Don't print double newline after certificate dates + - memanalyze.pl: Handle free(NULL) + - proxy: Re-use proxy connections (regression) + - mk-ca-bundle: Don't report SHA1 numbers with "-q" + - http: Always send Host: header as first header + - openssl: Sort ciphers to use based on strength + - openssl: Use colons properly in the ciphers list + - http2: Detect premature close without data transferred + - hostip: Fix signal race in Curl_resolv_timeout + - closesocket: Call multi socket cb on close even with custom close + - mksymbolsmanpage.pl: Use std header and generate better nroff header + - connect: Fix happy eyeballs logic for IPv4-only builds + - curl_easy_perform.3: Remove superfluous close brace from example + - HTTP: Don't use Expect: headers when on HTTP/2 + - Curl_sh_entry: Remove unused 'timestamp' + - docs/libcurl: Makefile portability fix + - mkhelp: Remove trailing carriage return from every line of input + - nss: Explicitly tell NSS to disable NPN/ALPN when libcurl disables it + - curl_easy_setopt.3: Added a few missing options + - metalink: Fix resource leak in OOM + - axtls: Version 1.5.2 now requires that config.h be manually included + - HTTP: Don't switch to HTTP/2 from 1.1 until we get the 101 + - cyassl: Detect the library as renamed wolfssl + - CURLOPT_HTTPHEADER.3: Add a "SECURITY CONCERNS" section + - CURLOPT_URL.3: Added "SECURITY CONCERNS" + - openssl: Try to avoid accessing OCSP structs when possible + - test938: Added missing closing tags + - testcurl: Allow '=' in values given on command line + - tests/certs: Added make target to rebuild certificates + - tests/certs: Rebuild certificates with modified key usage bits + - gtls: Avoid uninitialized variable + - gtls: Dereferencing NULL pointer + - gtls: Add check of return code + - test1513: Eliminated race condition in test run + - dict: Rename byte to avoid compiler shadowed declaration warning + - curl_easy_recv/send: Make them work with the multi interface + - vtls: Fix compile with --disable-crypto-auth but with SSL + - openssl: Adapt to ASN1/X509 things gone opaque in 1.1 + - openssl: verifystatus: Only use the OCSP work-around <= 1.0.2a + - curl_memory: Make curl_memory.h the second-last header file loaded + - testcurl.pl: Add the --notes option to supply more info about a build + - cyassl: If wolfSSL then identify as such in version string + - cyassl: Check for invalid length parameter in Curl_cyassl_random + - cyassl: Default to highest possible TLS version + - Curl_ssl_md5sum: Return CURLcode (fixes OOM) + - polarssl: Remove dead code + - polarssl: Called mbedTLS in 1.3.10 and later + - globbing: Fix step parsing for character globbing ranges + - globbing: Fix url number calculation when using range with step + - multi: On a request completion, check all CONNECT_PEND transfers + - build: Link curl to openssl libraries when openssl support is enabled + - url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined + - vtls: Don't accept unknown CURLOPT_SSLVERSION values + - build: Fix libcurl.sln erroneous mixed configurations + - cyassl: Remove undefined reference to CyaSSL_no_filesystem_verify + - cyassl: Add SSL context callback support for CyaSSL + - tool: Only set SSL options if SSL is enabled + - multi: Remove_handle: move pending connections + - configure: Use KRB5CONFIG for krb5-config + - axtls: Add timeout within Curl_axtls_connect + - CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200" + - cyassl: Fix library initialization return value + - cookie: Handle spaces after the name in Set-Cookie + - http2: Fix missing nghttp2_session_send call in Curl_http2_switched + - cyassl: Fix certificate load check + - build-openssl.bat: Fix mixed line endings + - checksrc.bat: Check lib\vtls source + - DNS: Fix refreshing of obsolete dns cache entries + - CURLOPT_RESOLVE: Actually implement removals + - checksrc.bat: Quotes to support an SRC_DIR with spaces + - cyassl: Remove 'Connecting to' message from cyassl_connect_step2 + - cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size + - lib/transfer.c: Remove factor of 8 from sleep time calculation + - lib/makefile.m32: Add missing libs to build libcurl.dll + - build: Generate source prerequisites for Visual Studio in generate.bat + - cyassl: Include the CyaSSL build config + - firefox-db2pem: Fix wildcard to find Firefox default profile + - BUGS: Refer to the github issue tracker now as primary + - vtls_openssl: Improve several certificate error messages + - cyassl: Add support for TLS extension SNI + - parsecfg: Do not continue past a zero termination + - configure --with-nss=PATH: Query pkg-config if available + - configure --with-nss: Drop redundant if statement + - cyassl: Fix include order + - HTTP: Fix PUT regression with Negotiate + - curl_version_info.3: Fixed the 'protocols' variable type +- Add patch to disabled unsupported TLS False Start support in NSS builds + with NSS < 3.15.4 + +* Wed Feb 25 2015 Paul Howarth - 7.41.0-1.0.cf +- Update to 7.41.0 + - NetWare build: added TLS-SRP enabled build + - winbuild: Added option to build with c-ares + - Added --cert-status + - Added CURLOPT_SSL_VERIFYSTATUS + - sasl: Implement EXTERNAL authentication mechanism + - sasl_gssapi: Fixed build on NetBSD with built-in GSS-API + - FTP: Fix IPv6 host using link-local address + - FTP: If EPSV fails on IPV6 connections, bail out + - gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions + - NSS: Fix compiler error when built http2-enabled + - mingw build: allow to pass custom CFLAGS + - Add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS + - curl_schannel.c: Mark session as removed from cache if not freed + - Curl_pretransfer: Reset expected transfer sizes + - curl.h: Remove extra space + - curl_endian: Fixed build when 64-bit integers are not supported + - checksrc.bat: Better detection of Perl installation + - build-openssl.bat: Added check for Perl installation + - http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int + - http_negotiate: Added empty decoded challenge message info text + - vtls: Removed unimplemented overrides of curlssl_close_all() + - sasl_gssapi: Fixed memory leak with local SPN variable + - http_negotiate: Use dynamic buffer for SPN generation + - ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP + - openssl: Do public key pinning check independently + - timeval: Typecast for better type (on Amiga) + - ipv6: Enclose AF_INET6 uses with proper #ifdefs for ipv6 + - SASL: Common URL option and auth capabilities decoders for all protocols + - BoringSSL: Fix build + - BoringSSL: Detected by configure, switches off NTLM + - openvms: Handle openssl/0.8.9zb version parsing + - configure: Detect libresssl + - configure: Remove detection of the old yassl emulation API + - curl_setup: Disable SMB/CIFS support when HTTP only + - imap: Remove automatic password setting: it breaks external sasl authentication + - sasl: Remove XOAUTH2 from default enabled authentication mechanism + - runtests: Identify BoringSSL and libressl + - Security: Avoid compiler warning + - ldap: Build with BoringSSL + - des: Added Curl_des_set_odd_parity() + - CURLOPT_SEEKFUNCTION.3: also when server closes a connection + - CURLOPT_HTTP_VERSION.3: CURL_HTTP_VERSION_2_0 added in 7.33.0 + - build: Removed unused Visual Studio bscmake settings + - build: Enabled DEBUGBUILD in Visual Studio debug builds + - build: Renamed top level Visual Studio solution files + - build: Removed Visual Studio SuppressStartupBanner directive for VC8+ + - libcurl-symbols: First basic shot for autogenerated docs + - Makefile.am: fix 'make distcheck' + . getpass_r: Read from stdin, not stdout! + - getpass: Protect include with proper #ifdef + - opts: CURLOPT_CAINFO availability depends on SSL engine + - More cleanup of 'CURLcode result' return code + - MD4: Replace implementation + - MD5: Replace implementation + - openssl: SSL_SESSION->ssl_version no longer exist + - md5: use axTLS's own MD5 functions when available + - schannel: Removed curl_ prefix from source files + - curl.1: Add warning when using -H and redirects + - curl.1: Clarify that -X is used for all requests + - gskit: Fix exclusive SSLv3 option + - polarssl: Fix exclusive SSL protocol version options + - http2: Fix bug that associated stream canceled on PUSH_PROMISE + - ftp: Accept all 2xx responses to the PORT command + - configure: Allow both --with-ca-bundle and --with-ca-path + - cmake: Install the dll file to the correct directory + - nss: Fix NPN/ALPN protocol negotiation + - polarssl: Fix ALPN protocol negotiation + - cmake: Fix generation of tool_hugehelp.c on windows + - cmake: Fix winsock2 detection on windows + - gnutls: Fix build with HTTP2 + - connect: Fix a spurious connect failure on dual-stacked hosts + - test: Test 530 is now less timing dependent + - telnet: Invalid use of custom read function if not set +- Include extern-scan.pl to make test1135 succeed (upstream commit 1514b718) + +* Mon Feb 23 2015 Paul Howarth - 7.40.0-3.0.cf +- Fix a spurious connect failure on dual-stacked hosts (#1187531) + +* Sun Feb 22 2015 Paul Howarth - 7.40.0-2.0.cf +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Thu Jan 8 2015 Paul Howarth - 7.40.0-1.0.cf +- Update to 7.40.0 (addresses CVE-2014-8150 and CVE-2014-8151) + - http_digest: added support for Windows SSPI based authentication + - version info: added Kerberos V5 to the supported features + - Makefile: added VC targets for WinIDN + - config-win32: introduce build targets for VS2012+ + - SSL: add PEM format support for public key pinning + - smtp: added support for the conversion of Unix newlines during mail send + - smb: added initial support for the SMB/CIFS protocol + - added support for HTTP over unix domain sockets, via + CURLOPT_UNIX_SOCKET_PATH and --unix-socket + - sasl: added support for GSS-API based Kerberos V5 authentication + - darwinssl: fix session ID keys to only reuse identical sessions + - url-parsing: reject CRLFs within URLs + - OS400: adjust specific support to last release + - THANKS: remove duplicate names + - url.c: fixed compilation warning + - ssh: fixed build on platforms where R_OK is not defined + - tool_strdup.c: include the tool strdup.h + - build: fixed Visual Studio project file generation of strdup.[c|h] + - curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY + - curl.1: show zone index use in a URL + - mk-ca-bundle.vbs: switch to new certdata.txt url + - Makefile.dist: added some missing SSPI configurations + - build: fixed no NTLM support for email when CURL_DISABLE_HTTP is defined + - SSH: use the port number as well for known_known checks + - libssh2: detect features based on version, not configure checks + - http2: deal with HTTP/2 data inside Upgrade response header buffer + - multi: removed Curl_multi_set_easy_connection + - symbol-scan.pl: do not require autotools + - cmake: add ENABLE_THREADED_RESOLVER, rename ARES + - cmake: build libhostname for test suite + - cmake: fix HAVE_GETHOSTNAME definition + - tests: fix libhostname visibility + - tests: fix memleak in server/resolve.c + - vtls.h: fixed compiler warning when compiled without SSL + - CMake: restore order-dependent header checks + - CMake: restore order-dependent library checks + - tool: removed krb4 from the supported features + - http2: don't send Upgrade headers when we already do HTTP/2 + - examples: don't call select() to sleep on windows + - win32: updated some legacy APIs to use the newer extended versions + - easy.c: fixed compilation warning when no verbose string support + - connect.c: fixed compilation warning when no verbose string support + - build: in Makefile.m32 pass -F flag to windres + - build: in Makefile.m32 add -m32 flag for 32bit + - multi: when leaving for timeout, close accordingly + - CMake: simplify if() conditions on check result variables + - build: in Makefile.m32 try to detect 64bit target + - multi: inform about closed sockets before they are closed + - multi-uv.c: close the file handle after download + - examples: wait recommended 100ms when no file descriptors are ready + - ntlm: split the SSPI based messaging code from the native messaging code + - cmake: fix NTLM detection when CURL_DISABLE_HTTP defined + - cmake: add Kerberos to the supported feature + - CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option + - http: disable pipelining for HTTP/2 and upgraded connections + - ntlm: fixed static'ness of local decode function + - sasl: reduced the need for two sets of NTLM messaging functions + - multi.c: fixed compilation warnings when no verbose string support + - select.c: fix compilation for VxWorks + - multi-single.c: switch to use curl_multi_wait + - curl_multi_wait.3: clarify numfds being used if not NULL + - http.c: fixed compilation warnings from features being disabled + - NSS: enable the CAPATH option + - docs: fix FAILONERROR typos + - HTTP: don't abort connections with pending Negotiate authentication + - HTTP: free (proxy)userpwd for NTLM/Negotiate after sending a request + - http_perhapsrewind: don't abort CONNECT requests + - build: updated dependencies in makefiles + - multi.c: fixed compilation warning + - ftp.c: fixed compilation warnings when proxy support disabled + - get_url_file_name: fixed crash on OOM on debug build + - cookie.c: refactored cleanup code to simplify + - OS400: enable NTLM authentication + - ntlm: use Windows Crypt API + - http2: avoid logging neg "failure" if h2 was not requested + - schannel_recv: return the correct code + - VC build: added sspi define for winssl-zlib builds + - Curl_client_write(): chop long data, convert data only once + - openldap: do not ignore Curl_client_write() return code + - ldap: check Curl_client_write() return codes + - parsedate.c: fixed compilation warning + - url.c: fixed compilation warning when USE_NTLM is not defined + - ntlm_wb_response: fix "statement not reached" + - telnet: fix "cast increases required alignment of target type" + - smtp: fixed dot stuffing when EOL characters at end of input buffers + - ntlm: allow NTLM2Session messages when USE_NTRESPONSES manually defined + - ntlm: disable NTLM v2 when 64-bit integers are not supported + - ntlm: use short integer when decoding 16-bit values + - ftp.c: fixed compilation warning when no verbose string support + - synctime.c: fixed timeserver URLs + - mk-ca-bundle.pl: restored forced run again + - ntlm: fixed return code for bad type-2 Target Info + - curl_schannel.c: data may be available before connection shutdown + - curl_schannel: improvements to memory re-allocation strategy + - darwinssl: aprintf() to allocate the session key + - tool_util.c: use GetTickCount64 if it is available + - lib: fixed multiple code analysis warnings if SAL are available + - tool_binmode.c: explicitly ignore the return code of setmode + - tool_urlglob.c: silence warning C6293: Ill-defined for-loop + - opts: warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS + - SFTP: work-around servers that return zero size on STAT + - connect: singleipconnect(): properly try other address families after failure + - IPV6: address scope != scope id + - parseurlandfillconn(): fix improper non-numeric scope_id stripping + - secureserver.pl: make OpenSSL CApath and cert absolute path values + - secureserver.pl: update Windows detection and fix path conversion + - secureserver.pl: clean up formatting of config and fix verbose output + - tests: added Windows support using Cygwin-based OpenSSH + - sockfilt.c: use non-Ex functions that are available before WinXP + - VMS: updates for 0740-0D1220 + - openssl: warn for SRP set if SSLv3 is used, not for TLS version + - openssl: make it compile against openssl 1.1.0-DEV master branch + - openssl: fix SSL/TLS versions in verbose output + - curl: show size of inhibited data when using -v + - build: removed WIN32 definition from the Visual Studio projects + - build: removed WIN64 definition from the libcurl Visual Studio projects + - vtls: use bool for Curl_ssl_getsessionid() return type + - sockfilt.c: replace 100ms sleep with thread throttle + - sockfilt.c: reduce the number of individual memory allocations + - vtls: don't set cert info count until memory allocation is successful + - nss: don't ignore Curl_ssl_init_certinfo() OOM failure + - nss: don't ignore Curl_extract_certinfo() OOM failure + - vtls: fixed compilation warning and an ignored return code + - sockfilt.c: fixed compilation warnings + - darwinssl: fixed compilation warning + - vtls: use '(void) arg' for unused parameters + - sepheaders.c: fixed resource leak on failure + - lib1900.c: fixed cppcheck error + - ldap: fixed Unicode connection details in Win32 initialsation / bind calls + - ldap: fixed Unicode DN, attributes and filter in Win32 search calls +- re-enable test 2034 (https with certificate pinning) as it seems to be + working again on EL +- update patches as needed +- replace metalink patch with an openssl-specific version, since nss is fixed + upstream +- BR: python for http-pipe testing + +* Wed Nov 5 2014 Paul Howarth - 7.39.0-1.0.cf +- update to 7.39.0 (addresses CVE-2014-3707) + - SSLv3 is disabled by default + - CURLOPT_COOKIELIST: added "RELOAD" command + - build: added WinIDN build configuration options to Visual Studio projects + - ssh: improve key file search + - SSL: public key pinning - use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey + - vtls: remove QsoSSL support, use gskit! + - mk-ca-bundle: added SHA-384 signature algorithm + - docs: added many examples for libcurl opts and other doc improvements + - build: added VC ssh2 target to main Makefile + - MinGW: added support to build with nghttp2 + - NetWare: added support to build with nghttp2 + - build: added Watcom support to build with WinSSL + - build: added optional specific version generation of VC project files + - curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds + - openssl: build fix for versions < 0.9.8e + - newlines: fix mixed newlines to LF-only + - ntlm: fixed HTTP proxy authentication when using Windows SSPI + - sasl_sspi: fixed Unicode build + - file: reject paths using embedded %%00 + - threaded-resolver: revert Curl_expire_latest() switch + - configure: allow --with-ca-path with PolarSSL too + - HTTP/2: fix busy loop when EOF is encountered + - CURLOPT_CAPATH: return failure if set without backend support + - nss: do not fail if a CRL is already cached + - smtp: fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error + - fixed 20+ nits/memory leaks identified by Coverity scans + - curl_schannel.c: fixed possible memory or handle leak + - multi-uv.c: call curl_multi_info_read() better + - Cmake: check for OpenSSL before OpenLDAP + - Cmake: fix library list provided to cURL tests + - Cmake: avoid cycle directory dependencies + - Cmake: build with GSS-API libraries (MIT or Heimdal) + - vtls: provide backend defines for internal source code + - nss: fix a connection failure when FTPS handle is reused + - tests/http_pipe.py: Python 3 support + - cmake: build tool_hugehelp (ENABLE_MANUAL) + - cmake: enable IPv6 by default if available + - tests: move TESTCASES to Makefile.inc, add show for cmake + - ntlm: avoid unnecessary buffer allocation for SSPI based type-2 token + - ntlm: fixed empty/bad base-64 decoded buffer return codes + - ntlm: fixed empty type-2 decoded message info text + - cmake: add CMake/Macros.cmake to the release tarball + - cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS + - cmake: use LIBCURL_VERSION from curlver.h + - cmake: generate pkg-config and curl-config + - fixed several superfluous variable assignements identified by cppcheck + - cleanup of 'CURLcode result' return code + - pipelining: only output "is not blacklisted" in debug builds + - SSL: remove SSLv3 from SSL default due to POODLE attack + - gskit.c: remove SSLv3 from SSL default + - darwinssl: detect possible future removal of SSLv3 from the framework + - ntlm: only define ntlm data structure when USE_NTLM is defined + - ntlm: return CURLcode from Curl_ntlm_core_mk_lm_hash() + - ntlm: return all errors from Curl_ntlm_core_mk_nt_hash() + - sspi: only call CompleteAuthToken() when complete is needed + - http_negotiate: fixed missing check for USE_SPNEGO + - HTTP: return larger than 3 digit response codes too + - openssl: check for NPN / ALPN via OpenSSL version number + - openssl: enable NPN separately from ALPN + - sasl_sspi: allow DIGEST-MD5 to use current windows credentials + - sspi: return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure + - resume: consider a resume from [content-length] to be OK + - sasl: fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used + - build-openssl.bat: fix x64 release build + - cmake: drop _BSD_SOURCE macro usage + - cmake: fix gethostby{addr,name}_r in CurlTests + - cmake: clean OtherTests, fixing -Werror + - cmake: fix struct sockaddr_storage check + - Curl_single_getsock: fix hold/pause sock handling + - SSL: PolarSSL default min SSL version TLS 1.0 + - cmake: fix ZLIB_INCLUDE_DIRS use + - buildconf: stop checking for libtool +- disable test 2034 (https with certificate pinning) on EL-5/6 until such time + as we can figure out why it breaks + (http://curl.haxx.se/mail/lib-2014-11/0040.html) + +* Tue Oct 21 2014 Paul Howarth - 7.38.0-2.0.cf +- fix a connection failure when FTPS handle is reused + +* Wed Sep 10 2014 Paul Howarth - 7.38.0-1.0.cf +- update to 7.38.0 + - CVE-2014-3613: cookie leak with IP address as domain + - CVE-2014-3620: cookie leak for TLDs + - CURLE_HTTP2 is a new error code + - CURLAUTH_NEGOTIATE is a new auth define + - CURL_VERSION_GSSAPI is a new capability bit + - no longer use fbopenssl for anything + - schannel: use CryptGenRandom for random numbers + - axtls: define curlssl_random using axTLS's PRNG + - cyassl: use RNG_GenerateBlock to generate a good random number + - findprotocol: show unsupported protocol within quotes + - version: detect and show LibreSSL + - version: detect and show BoringSSL + - imap/pop3/smtp: Kerberos (SASL GSSAPI) authentication via Windows SSPI + - http2: requires nghttp2 0.6.0 or later + - fix a build failure on Debian when NSS support is enabled + - HTTP/2: fixed compiler warnings when built disabled + - cyassl: return the correct error code on no CA cert + - http: deprecate GSS-Negotiate macros due to bad naming + - http: fixed Negotiate: authentication + - multi: improve proxy CONNECT performance (regression) + - ntlm_wb: avoid invoking ntlm_auth helper with empty username + - ntlm_wb: fix hard-coded limit on NTLM auth packet size + - url.c: use the preferred symbol name: *READDATA + - smtp: fixed a segfault during test 1320 torture test + - cyassl: made it compile with version 2.0.6 again + - nss: do not check the version of NSS at run time + - c-ares: fix build without IPv6 support + - HTTP/2: use base64url encoding + - SSPI Negotiate: fix 3 memory leaks + - libtest: fixed duplicated line in Makefile + - conncache: fix compiler warning + - openssl: make ossl_send return CURLE_OK better + - HTTP/2: support expect: 100-continue + - HTTP/2: fix infinite loop in readwrite_data() + - parsedate: fix the return code for an overflow edge condition + - darwinssl: don't use strtok() + - http_negotiate_sspi: fixed specific username and password not working + - openssl: replace call to OPENSSL_config + - http2: show the received header for better debugging + - HTTP/2: move :authority before non-pseudo header fields + - HTTP/2: reset promised stream, not its associated stream + - HTTP/2: added some more logging for debugging stream problems + - ntlm: added support for SSPI package info query + - ntlm: fixed hard coded buffer for SSPI based auth packet generation + - sasl_sspi: fixed memory leak with not releasing Package Info struct + - sasl_sspi: fixed SPN not being converted to wchar under Unicode builds + - sasl: use a dynamic buffer for DIGEST-MD5 SPN generation + - http_negotiate_sspi: use a dynamic buffer for SPN generation + - sasl_sspi: fixed missing free of challenge buffer on SPN failure + - sasl_sspi: fixed hard coded buffer for response generation + - Curl_poll + Curl_wait_ms: fix timeout return value + - docs/SSLCERTS: update the section about NSS database + - create_conn: prune dead connections + - openssl: fix version report for the 0.9.8 branch + - mk-ca-bundle.pl: switched to using hg.mozilla.org + - http: fix the Content-Range: parser + - Curl_disconnect: don't free the URL + - win32: fixed WinSock 2 #if + - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth + - curl.1: clarify --limit-rate's effect on both directions + - disconnect: don't touch easy-related state on disconnects + - Cmake: big cleanup and numerous fixes + - HTTP/2: supports draft-14 - moved :headers before the non-psuedo headers + - configure.ac: add support for recent GSS-API implementations for HP-UX + - CONNECT: close proxy connections that fail + - CURLOPT_NOBODY.3: clarify this option is for downloads + - darwinssl: fix CA certificate checking using PEM format + - resolve: cache lookup for async resolvers + - low-speed-limit: avoid timeout flood + - polarssl: implement CURLOPT_SSLVERSION + - multi: convert CURLM_STATE_CONNECT_PEND handling to a list + - curl_multi_cleanup: remove superfluous NULL assigns + - polarssl: support CURLOPT_CAPATH / --capath + - progress: size_dl/size_ul are always >= 0, and clear "KNOWN" properly +- add workaround for build with openssl < 0.9.8e + +* Sun Aug 17 2014 Paul Howarth - 7.37.1-3.0.cf +- rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Aug 13 2014 Paul Howarth - 7.37.1-2.0.cf +- tighten dependencies + +* Thu Jul 17 2014 Paul Howarth - 7.37.1-1.1.cf +- use POSIX threads and NSS for EL-7 build + +* Wed Jul 16 2014 Paul Howarth - 7.37.1-1.0.cf +- update to 7.37.1 + - bits.close: introduce connection close tracking + - darwinssl: add support for --cacert + - polarssl: add ALPN support + - docs: added new option man pages + - build: fixed incorrect reference to curl_setup.h in Visual Studio files + - build: use $(TargetDir) and $(TargetName) macros for .pdb and .lib output + - curl.1: clarify that -u can't specify a user with colon + - openssl: fix uninitialized variable use in NPN callback + - curl_easy_reset: reset the URL + - curl_version_info.3: returns a pointer to a static struct + - url-parser: only use if_nametoindex if detected by configure + - select: with winsock, avoid passing unsupported arguments to select() + - gnutls: don't use deprecated type names any more + - gnutls: allow building with nghttp2 but without ALPN support + - tests: fix portability issue with the tftpd server + - curl_sasl_sspi: fixed corrupt hostname in DIGEST-MD5 SPN + - curl_sasl: extended native DIGEST-MD5 cnonce to be a 32-byte hex string + - random: use Curl_rand() for proper random data + - Curl_ossl_init: call OPENSSL_config for initing engines + - config-win32.h: updated for VC12 + - winbuild: don't USE_WINSSL when WITH_SSL is being used + - getinfo: HTTP CONNECT code not reset between transfers + - Curl_rand: use a fake entropy for debug builds when CURL_ENTROPY set + - http2: avoid segfault when using the plain-text http2 + - conncache: move the connection counter to the cache struct + - http2: better return code error checking + - curlbuild: fix GCC build on SPARC systems without configure script + - tool_metalink: support polarssl as digest provider + - curl.h: reverse the enum/define setup for old symbols + - curl.h: moved two really old deprecated symbols + - curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETEx + - buildconf: do not search tools in current directory + - OS400: make it compilable again; make RPG binding up to date + - nss: do not abort on connection failure (failing tests 305 and 404) + - nss: make the fallback to SSLv3 work again + - tool: prevent valgrind from reporting possibly lost memory (nss only) + - progress callback: skip last callback update on errors + - nss: fix a memory leak when CURLOPT_CRLFILE is used + - compiler warnings: potentially uninitialized variables + - url.c: fixed memory leak on OOM + - gnutls: ignore invalid certificate dates with VERIFYPEER disabled + - gnutls: fix SRP support with versions of GnuTLS from 2.99.0 + - gnutls: fixed a couple of uninitialized variable references + - gnutls: fixed compilation against versions < 2.12.0 + - build: fixed overridden compiler PDB settings in VC7 to VC12 + - ntlm_wb: fixed buffer size not being large enough for NTLMv2 sessions + - netrc: don't abort if home dir cannot be found + - netrc: fixed thread safety problem by using getpwuid_r if available + - cookie: avoid mutex deadlock + - configure: respect host tool prefix for krb5-config + - gnutls: handle IP address in cert name check +- fix endless loop with GSSAPI proxy auth (#1118751) + +* Mon Jul 14 2014 Paul Howarth - 7.37.0-4.0.cf +- use %%license in %%files list where possible + +* Fri Jul 4 2014 Paul Howarth - 7.37.0-3.0.cf +- various SSL-related fixes (mainly crash on connection failure) + +* Sat Jun 7 2014 Paul Howarth - 7.37.0-2.0.cf +- rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 21 2014 Paul Howarth - 7.37.0-1.0.cf +- update to 7.37.0 + this release includes the following changes: + - URL parser: IPv6 zone identifiers are now supported + - CURLOPT_PROXYHEADER: set headers for proxy-only + - CURLOPT_HEADEROPT: added + - curl: add --proxy-header + - sasl: added support for DIGEST-MD5 via Windows SSPI + - sasl: added DIGEST-MD5 qop-option validation in native challange handling + - imap: expanded mailbox SEARCH support to use URL query strings + - imap: extended FETCH support to include PARTIAL URL specifier + - nss: implement non-blocking SSL handshake + - build: reworked Visual Studio project files + - poll: enable poll on darwin13 + - mk-ca-bundle: added -p + - libtests: add a wait_ms() function + this release includes the following bugfixes: + - mkhelp: generate code for --disable-manual as well + - hostcheck: added a system include to define struct in_addr + - winbuild: added warnless.c to fix build + - Makefile.vc6: added warnless.c to fix build + - smtp: fixed login denied when server doesn't support AUTH capability + - smtp: fixed login denied with a RFC-821 based server + - curl: stop interpreting IPv6 literals as glob patterns + - http2: remove _DRAFT09 from the NPN_HTTP2 enum + - http2: let openssl mention the exact protocol negotiated + - http2+openssl: fix compiler warnings in ALPN using code + - ftp: in passive data connect wait for happy eyeballs sockets + - HTTP: don't send Content-Length: 0 _and_ Expect: 100-continue + - http2: compile with current nghttp2, which supports h2-11 + - http_negotiate_sspi: fixed compilation when USE_HTTP_NEGOTIATE not defined + - strerror: fix comment about vxworks' strerror_r buffer size + - url: only use if_nametoindex() if IFNAMSIZ is available + - imap: fixed untagged response detection when no data after command + - various: fix possible dereference of null pointer + - various: fix use of uninitialized variable + - various: fix use of non-null terminated strings + - telnet.c: check sscanf results before passing them to snprintf + - parsedate.c: check sscanf result before passing it to strlen + - sockfilt.c: free memory in case of memory allocation errors + - sockfilt.c: ignore non-key-events and continue waiting for input + - sockfilt.c: properly handle disk files, pipes and character input + - sockfilt.c: fixed getting stuck waiting for MinGW stdin pipe + - sockfilt.c: clean up threaded approach and add documentation + - configure: use the nghttp2 path correctly with pkg-config + - curl_global_init_mem: bump initialized even if already initialized + - gtls: fix NULL pointer dereference + - cyassl: use error-ssl.h when available + - handler: make 'protocol' always specified as a single bit + - INFILESIZE: fields in UserDefined must not be changed run-time + - openssl: biomem->data is not zero terminated + - config-win32.h: fixed HAVE_LONGLONG for Visual Studio .NET 2003 and up + - curl_ntlm_core: fixed use of long long for VC6 and VC7 + - SNI: strip off a single trailing dot from host name + - curl: bail on cookie use when built with disabled cookies + - curl_easy_setopt.3: added the proto for CURLOPT_SSH_KNOWNHOSTS + - curl_multi_cleanup: ignore SIGPIPE better + - schannel: don't use the connect-timeout during send + - mprintf: allow %%.s with data not being zero terminated + - tool_help: fixed missing --login-options option + - configure: don't set LD_LIBRARY_PATH when cross-compiling + - http: auth failure on duplicated 'WWW-Authenticate: Negotiate' header + - cacertinmem: fix memory leak + - lib1506: make sure the transfers are not within the same ms + - Makefile.b32: fixed for vtls changes + - sasl: fixed missing qop in the client's challenge-response message + - openssl: unbreak PKCS12 support + - darwinssl: fix potential crash with a P12 file + - timers: fix timer regression involving redirects / reconnects + - CURLINFO_SSL_VERIFYRESULT: made more reliable + - HTTP: fixed connection re-use + - configure: add SPNEGO to supported features + - configure: add GSS-API to supported features + - ALPN: fix typo in http/1.1 identifier + - http2: make connection re-use work + +* Sat May 10 2014 Paul Howarth - 7.36.0-4.0.cf +- fix auth failure on duplicated 'WWW-Authenticate: Negotiate' header + (#1093348) + +* Fri Apr 25 2014 Paul Howarth - 7.36.0-3.0.cf +- nss: implement non-blocking SSL handshake + +* Thu Mar 27 2014 Paul Howarth - 7.36.0-2.0.cf +- extend URL parser to support IPv6 zone identifiers (#680996) + +* Thu Mar 27 2014 Paul Howarth - 7.36.0-1.1.cf +- adapt tests 815 and 816 such that they work with the fix for CVE-2014-0138 + +* Wed Mar 26 2014 Paul Howarth 7.36.0-1.0.cf +- update to 7.36.0 + this release includes the following security advisories: + - wrong re-use of connections (CVE-2014-0138) + - IP address wildcard certificate validation (CVE-2014-0139) + - not verifying certs for TLS to IP address / Darwinssl (CVE-2014-1263) + - not verifying certs for TLS to IP address / Winssl (CVE-2014-2522) + this release includes the following changes: + - ntlm: added support for NTLMv2 + - tool: added support for URL specific options + - openssl: add ALPN support + - gtls: add ALPN support + - nss: add ALPN and NPN support + - added CURLOPT_EXPECT_100_TIMEOUT_MS + - tool: add --no-alpn and --no-npn + - added CURLOPT_SSL_ENABLE_NPN and CURLOPT_SSL_ENABLE_ALPN + - winssl: enable TLSv1.1 and TLSv1.2 by default + - winssl: TLSv1.2 disables certificate signatures using MD5 hash + - winssl: enable hostname verification of IP address using SAN or CN + - darwinssl: don't omit CN verification when an IP address is used + - http2: build with current nghttp2 version + - polarssl: dropped support for PolarSSL < 1.3.0 + - openssl: info message with SSL version used + this release includes the following bugfixes: + - nss: allow to use ECC ciphers if NSS implements them + - netrc: fixed a memory leak in an OOM condition + - ftp: fixed a memory leak on wildcard error path + - pipeline: fixed a NULL pointer dereference on OOM + - nss: prefer highest available TLS version + - 100-continue: fix timeout condition + - ssh: fixed a NULL pointer dereference on OOM condition + - formpost: use semicolon in multipart/mixed + - --help: add missing --tlsv1.x options + - formdata: fixed memory leak on OOM condition + - ConnectionExists: reusing possible HTTP+NTLM connections better + - mingw32: fix compilation + - chunked decoder: track overflows correctly + - curl_easy_setopt.3: add CURL_HTTP_VERSION_2_0 + - dict: fix memory leak in OOM exit path + - valgrind: added suppression on optimized code + - curl: output protocol headers using binary mode + - tool: added URL index to password prompt for multiple operations + - ConnectionExists: re-use non-NTLM connections better + - axtls: call ssl_read repeatedly + - multi: make MAXCONNECTS default 4 x number of easy handles function + - configure: fix the --disable-crypto-auth option + - multi: ignore SIGPIPE internally + - curl.1: update the description of --tlsv1 + - SFTP: skip reading the dir when NOBODY=1 + - easy: fixed a memory leak on OOM condition + - tool: fixed incorrect return code when setting HTTP request fails + - configure: tiny fix to honor POSIX + - tool: do not output libcurl source for the information only parameters + - Rework Open Watcom make files to use standard Wmake features + - x509asn: moved out Curl_verifyhost from NSS builds + - configure: call it GSS-API + - hostcheck: Curl_cert_hostcheck is not used by NSS builds + - multi_runsingle: move timestamp into INIT + - remote_port: allow connect to port 0 + - parse_remote_port: error out on illegal port numbers better + - ssh: pass errors from libssh2_sftp_read up the stack + - docs: remove documentation on setting up krb4 support + - polarssl: build fixes to work with PolarSSL 1.3.x + - polarssl: fix possible handshake timeout issue in multi + - nss: allow to enable/disable cipher-suites better + - ssh: prevent a logic error that could result in an infinite loop + - http2: free resources on disconnect + - polarssl: avoid extra newlines in debug messages + - rtsp: parse "Session:" header properly + - trynextip: don't store 'ai' on failed connects + - Curl_cert_hostcheck: strip trailing dots in host name and wildcard +- update patches as needed +- drop support for old distributions prior to FC-5 + - drop %%defattr, redundant since rpm 4.4 + - unconditionally build with metalink support + - certs always live under /etc/pki +- skip IMAP tests 815 and 816 for now, which are failing in this release + +* Mon Mar 17 2014 Paul Howarth - 7.35.0-5.0.cf +- add perl build requirements for the test suite + +* Wed Mar 5 2014 Paul Howarth - 7.35.0-3.0.cf +- avoid spurious failure of test1086 on s390(x) koji builders (#1072273) + +* Tue Feb 25 2014 Paul Howarth - 7.35.0-2.0.cf +- refresh expired cookie in test172 from upstream test-suite (#1068967) + +* Wed Jan 29 2014 Paul Howarth - 7.35.0-1.0.cf +- update to 7.35.0: + - imap/pop3/smtp: added support for SASL authentication downgrades + - imap/pop3/smtp: extended the login options to support multiple auth mechs + - TheArtOfHttpScripting: major update, converted layout and more + - mprintf: added support for I, I32 and I64 size specifiers + - makefile: added support for VC7, VC11 and VC12 + - SECURITY ADVISORY: re-use of wrong HTTP NTLM connection (CVE-2014-0015) + - curl_easy_setopt: fixed OAuth 2.0 Bearer option name + - pop3: fixed APOP being determined by CAPA response rather than by timestamp + - Curl_pp_readresp: zero terminate line + - FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE + - docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE:// + - pop3: fixed auth preference not being honored when CAPA not supported + - imap: fixed auth preference not being honored when CAPABILITY not supported + - threaded resolver: use pthread_t * for curl_thread_t + - FILE: we don't support paused transfers using this protocol + - connect: try all addresses in first connection attempt + - curl_easy_setopt.3: added SMTP information to CURLOPT_INFILESIZE_LARGE + - OpenSSL: fix forcing SSLv3 connections + - openssl: allow explicit sslv2 selection + - FTP parselist: fix "total" parser + - conncache: fix possible dereference of null pointer + - multi.c: fix possible dereference of null pointer + - mk-ca-bundle: introduces -d and warns about using this script + - ConnectionExists: fix NTLM check for new connection + - trynextip: fix build for non-IPV6 capable systems + - Curl_updateconninfo: don't do anything for UDP "connections" + - darwinssl: un-break Leopard build after PKCS#12 change + - threaded-resolver: never use NULL hints with getaddrinf + - multi_socket: remind app if timeout didn't run + - OpenSSL: deselect weak ciphers by default + - error message: sensible message on timeout when transfer size unknown + - curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE* + - win32: fixed use of deprecated function 'GetVersionInfoEx' for VC12 + - configure: fix gssapi linking on HP-UX + - chunked-parser: abort on overflows, allow 64 bit chunks + - chunked parsing: relax the CR strictness + - cookie: max-age fixes + - progress bar: always update when at 100%% + - progress bar: increase update frequency to 10Hz + - tool: fixed incorrect return code if command line parser runs out of memory + - tool: fixed incorrect return code if password prompting runs out of memory + - HTTP POST: omit Content-Length if data size is unknown + - GnuTLS: disable insecure ciphers + - GnuTLS: honor --slv2 and the --tlsv1[.N] switches + - multi: fixed a memory leak on OOM condition + - netrc: fixed a memory and file descriptor leak on OOM + - getpass: fix password parsing from console + - TFTP: fix crash on time-out + - hostip: don't remove DNS entries that are in use + - tests: lots of tests fixed to pass the OOM torture tests + +* Tue Jan 21 2014 Paul Howarth - 7.34.0-1.1.cf +- add a couple of fixes from upstream for forced SSLv2 and SSLv3 support + +* Tue Dec 17 2013 Paul Howarth - 7.34.0-1.0.cf +- update to 7.34.0: + - gtls: respect *VERIFYHOST independently of *VERIFYPEER (CVE-2013-6422) + - SSL: protocol version can be specified more precisely + - imap/pop3/smtp: added graceful cancellation of SASL authentication + - add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts + - base64: added validation of base64 input strings when decoding + - curl_easy_setopt: added the ability to set the login options separately + - smtp: added support for additional SMTP commands + - curl_easy_getinfo: added CURLINFO_TLS_SESSION for accessing TLS internals + - nss: allow to use TLS > 1.0 if built against recent NSS + - SECURITY: added this document to describe our security processes + - parseconfig: warn if unquoted white spaces are detected + - darwinssl: un-break iOS build after PKCS#12 feature added + - tool: use XFERFUNCTION to save some casts + - usercertinmem: fix memory leaks + - ssh: handle successful SSH_USERAUTH_NONE + - NSS: acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option + - test906: fixed failing test on some platforms + - sasl: initialize NSS before using NTLM crypto + - sasl: fixed memory leak in OAUTH2 message creation + - imap/pop3/smtp: fixed QUIT / LOGOUT being sent when SSL connect fails + - cmake: unbreak for non-Windows platforms + - ssh: initialize per-handle data in ssh_connect() + - glob: fix broken URLs + - configure: check for long long when building with cyassl + - CURLOPT_RESOLVE: mention they don't time-out + - docs/examples/httpput.c: fix build for MSVC + - FTP: make the data connection work when going through proxy + - NSS: support for CERTINFO feature + - curl_multi_wait: accept 0 from multi_timeout() as valid timeout + - glob_range: pass the closing bracket for a-z ranges + - tool_help: updated --list-only description to include POP3 + - Curl_ssl_push_certinfo_len: don't %%.*s non-zero-terminated string + - cmake: fix Windows build with IPv6 support + - ares: fixed compilation under Visual Studio 2012 + - curl_easy_setopt.3: clarify CURLOPT_SSL_VERIFYHOST documentation + - curl.1: mention that -O does no URL decoding + - darwinssl: PKCS#12 import feature now requires Lion or later + - darwinssl: check for SSLSetSessionOption() presence when toggling BEAST + - configure: fix test with -Werror=implicit-function-declaration + - sigpipe: factor out sigpipe_reset from easy.c + - curl_multi_cleanup: ignore SIGPIPE + - globbing: curl glob counter mismatch with {} list use + - parseconfig: dash options can't specified with colon or equals + - digest: fix CURLAUTH_DIGEST_IE + - curl.h: for OpenBSD + - darwinssl: Fix #if 10.6.0 for SecKeychainSearch + - TFTP: fix return codes for connect timeout + - login options: remove the ;[options] support from CURLOPT_USERPWD + - imap: fixed incorrect fallback to clear text authentication + - parsedate: avoid integer overflow + - curl.1: document -J doesn't %%-decode + - multi: add timer inaccuracy margin to timeout/connecttimeout +- switch to openssl backend for Fedora 10 to 15 as NSS 3.14 is now required + (http://curl.haxx.se/mail/lib-2013-12/0000.html) + +* Mon Dec 2 2013 Paul Howarth - 7.33.0-2.0.cf +- allow to use TLS > 1.0 if built against recent NSS + +* Wed Oct 30 2013 Paul Howarth - 7.33.0-1.3.cf +- run tests with -n to explicitly disable valgrind, which can be problematic + on old distributions + +* Tue Oct 22 2013 Paul Howarth - 7.33.0-1.2.cf +- fix missing initialization in SSH code causing test 619 to fail + +* Fri Oct 18 2013 Paul Howarth - 7.33.0-1.1.cf +- fix missing initialization in NTLM code causing test 906 to fail + +* Tue Oct 15 2013 Paul Howarth - 7.33.0-1.0.cf +- update to 7.33.0: + - test code for testing the event based API + - CURLM_ADDED_ALREADY: new error code + - test TFTP server: support "writedelay" within + - krb4 support has been removed + - imap/pop3/smtp: added basic SASL XOAUTH2 support + - darwinssl: add support for PKCS#12 files for client authentication + - darwinssl: enable BEAST workaround on iOS 7 and later + - pass password to OpenSSL engine by user interface + - c-ares: add support for various DNS binding options + - cookies: add expiration + - curl: added --oauth2-bearer option + - nss: make sure that NSS is initialized + - curl: make --no-[option] work properly for several options + - FTP: with socket_action send better socket updates in active mode + - curl: fix the --sasl-ir in the --help output + - tests 2032, 2033: don't hardcode port in expected output + - urlglob: better detect unclosed braces, empty lists and overflows + - urlglob: error out on range overflow + - imap: fixed response check for SEARCH, EXPUNGE, LSUB, UID and NOOP commands + - handle arbitrary-length username and password + - TFTP: make the CURLOPT_LOW_SPEED* options work + - curl.h: name space pollution by "enum type" + - multi: move on from STATE_DONE faster + - FTP: 60 secs delay if aborted in the CURLOPT_HEADERFUNCTION callback + - multi_socket: improved 100-continue timeout handling + - curl_multi_remove_handle: allow multiple removes + - FTP: fix getsock during DO_MORE state + - -x: rephrased the --proxy section somewhat + - acinclude: fix --without-ca-path when cross-compiling + - LDAP: fix bad free() when URL parsing failed + - --data: mention CRLF treatment when reading from file + - curl_easy_pause: suggest one way to unpause + - imap: fixed calculation of transfer when partial FETCH received + - pingpong: check SSL library buffers for already read data + - imap/pop3/smtp: speed up SSL connection initialization + - libcurl.3: for multi interface connections are held in the multi handle + - curl_easy_setopt.3: mention RTMP URL quirks + - curl.1: detail how short/long options work + - curl.1: added information about optional login options to --user option + - curl: added clarification to the --mail options in the --help output + - curl_easy_setopt.3: clarify that TIMEOUT and TIMEOUT_MS set the same value + - openssl: use correct port number in error message + - darwinssl: block TLS_RSA_WITH_NULL_SHA256 cipher + - OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER + - xattr: add support for FreeBSD xattr API + - win32: fix Visual Studio 2010 build with WINVER >= 0x600 + - configure: use icc options without space + - test1112: Increase the timeout from 7s to 16s + - SCP: upload speed on a fast connection limited to 16384 B/s + - curl_setup_once: fix errno access for lwip on Windows + - HTTP: output http response 304 when modified time is too old +- adjust multilib, debug and threaded DNS patches +- add new patch for failing test 906 + +* Fri Oct 11 2013 Paul Howarth - 7.32.0-3.0.cf +- do not limit the speed of SCP upload on a fast connection + (http://thread.gmane.org/gmane.comp.web.curl.library/40551/focus=40561) + +* Mon Sep 9 2013 Paul Howarth - 7.32.0-2.0.cf +- avoid delay if FTP is aborted in CURLOPT_HEADERFUNCTION callback (#1005686) + +* Mon Aug 12 2013 Paul Howarth - 7.32.0-1.1.cf +- make sure that NSS is initialized prior to calling PK11_GenerateRandom() + +* Mon Aug 12 2013 Paul Howarth - 7.32.0-1.0.cf +- update to 7.32.0: + - curl: allow timeouts to accept decimal values + - OS400: add slist and certinfo EBCDIC support + - OS400: new SSL backend GSKit + - CURLOPT_XFERINFOFUNCTION: introducing a new progress callback + - LIBCURL-STRUCTS: new document + - dotdot: introducing dot file path cleanup + - docs: fix typo in curl_easy_getinfo manpage + - test1230: avoid using hard-wired port number + - test1396: invoke the correct test tool + - SIGPIPE: ignored while inside the library + - darwinssl: fix crash that started happening in Lion + - OpenSSL: check for read errors, don't assume + - c-ares: improve error message on failed resolve + - printf: make sure %%x are treated unsigned + - formpost: better random boundaries + - url: restore the functionality of 'curl -u :' + - curl.1: fix typo in --xattr description + - digest: improve nonce generation + - configure: automake 1.14 compatibility tweak + - curl.1: document the --post303 option in the man page + - curl.1: document the --sasl-ir option in the man page + - setup-vms.h: sk_pop symbol tweak + - tool_paramhlp: try harder to catch negatives + - cmake: fix for MSVC2010 project generation + - asyn-ares: don't blank ares servers if none configured + - curl_multi_wait: set revents for extra fds + - reinstate "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() + - ftp_do_more: consider DO_MORE complete when server connects back + - curl_easy_perform: gradually increase the delay time + - curl: fix symbolic names for CURLUSESSL_* enum in --libcurl output + - curl: fix upload of a zip file in OpenVMS + - build: fix linking on Solaris 10 + - curl_formadd: CURLFORM_FILECONTENT wrongly rejected some option combos + - curl_formadd: fix file upload on VMS + - curl_easy_pause: on unpause, trigger mulit-socket handling + - md5 and metalink: use better build macros on Apple operating systems + - darwinssl: fix build error in crypto authentication under Snow Leopard + - curl: make --progress-bar update the line less frequently + - configure: don't error out on variable confusions (CFLAGS, LDFLAGS etc.) + - mk-ca-bundle: skip more untrusted certificates + - formadd: wrong pointer for file name when CURLFORM_BUFFERPTR used + - FTP: when EPSV gets a 229 but fails to connect, retry with PASV + - mk-ca-bundle.1: don't install on make install + - VMS: lots of updates and fixes of the build procedure + - global dns cache: didn't work (regression) + - global dns cache: fix memory leak +- adjust multilib and UTF8 patches +- drop upstreamed patches + +* Sat Aug 3 2013 Paul Howarth - 7.31.0-5.0.cf +- rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Jul 9 2013 Paul Howarth - 7.31.0-4.0.cf +- mention all options listed in 'curl --help' in curl.1 man page + +* Mon Jul 1 2013 Paul Howarth - 7.31.0-3.0.cf +- restore the functionality of 'curl -u :' + +* Wed Jun 26 2013 Paul Howarth - 7.31.0-2.0.cf +- build the curl tool with metalink support + +* Mon Jun 24 2013 Paul Howarth - 7.31.0-1.1.cf + - test1230: avoid using hard-wired port number + +* Sat Jun 22 2013 Paul Howarth - 7.31.0-1.0.cf +- update to 7.31.0: + - SECURITY VULNERABILITY: curl_easy_unescape() may parse data beyond the end + of the input buffer (CVE-2013-2174) + - darwinssl: add TLS session resumption + - darwinssl: add TLS crypto authentication + - imap/pop3/smtp: added support for ;auth= in the URL + - imap/pop3/smtp: added support for ;auth= to CURLOPT_USERPWD + - usercertinmem.c: add example showing user cert in memory + - url: added smtp and pop3 hostnames to the protocol detection list + - imap/pop3/smtp: added support for enabling the SASL initial response + - curl -E: allow to use ':' in certificate nicknames + - FTP: access files in root dir correctly + - configure: try pthread_create without -lpthread + - FTP: handle a 230 welcome response + - curl-config: don't output static libs when they are disabled + - CURL_CHECK_CA_BUNDLE: don't check for paths when cross-compiling + - Various documentation updates + - getinfo.c: reset timecond when clearing session-info variables + - FILE: prevent an artificial timeout event due to stale speed-check data + - ftp_state_pasv_resp: connect through proxy also when set by env + - sshserver: disable StrictHostKeyChecking + - ftpserver: fixed imap logout confirmation data + - curl_easy_init: use less mallocs + - smtp: fixed unknown percentage complete in progress bar + - smtp: fixed sending of double CRLF caused by first in EOB + - bindlocal: move brace out of #ifdef + - winssl: fixed invalid memory access during SSL shutdown + - OS X framework: fix invalid symbolic link + - OpenSSL: allow empty server certificate subject + - axtls: prevent memleaks on SSL handshake failures + - cookies: only consider full path matches + - revert win32 MemoryTracking: wcsdup() _wcsdup() and _tcsdup() + - Curl_cookie_add: handle IPv6 hosts + - ossl_send: SSL_write() returning 0 is an error too + - ossl_recv: SSL_read() returning 0 is an error too + - digest auth: escape user names with \ or " in them + - curl_formadd.3: fixed wrong "end-marker" syntax + - libcurl-tutorial.3: fix incorrect backslash + - curl_multi_wait: reduce timeout if the multi handle wants to + - tests/Makefile: typo in the perlcheck target + - axtls: honor disabled VERIFYHOST + - OpenSSL: avoid double free in the PKCS12 certificate code + - multi_socket: reduce timeout inaccuracy margin + - digest: support auth-int for empty entity body + - axtls: now done non-blocking + - lib1900: use tutil_tvnow instead of gettimeofday + - curl_easy_perform: avoid busy-looping + - CURLOPT_COOKIELIST: take cookie share lock + - multi_socket: react on socket close immediately +- adjust multilib patch +- drop upstreamed patches + +* Fri Apr 26 2013 Paul Howarth - 7.30.0-2.0.cf +- limit the excessive use of sed in %%prep +- prevent an artificial timeout event due to stale speed-check data (#906031) + +* Sat Apr 13 2013 Paul Howarth - 7.30.0-1.1.cf +- reinstate test port adjustment fixes + +* Fri Apr 12 2013 Paul Howarth - 7.30.0-1.0.cf +- update to 7.30.0: + - SECURITY ADVISORY: cookie tailmatching to avoid cross-domain leakage + (CVE-2013-1944) + - imap: Changed response tag generation to be completely unique + - imap: Added support for SASL-IR extension + - imap: Added support for the list command + - imap: Added support for the append command + - imap: Added custom request parsing + - imap: Added support to the fetch command for UID and SECTION properties + - imap: Added parsing and verification of the UIDVALIDITY mailbox attribute + - darwinssl: Make certificate errors less techy + - imap/pop3/smtp: Added support for the STARTTLS capability + - checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets + - curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag + - Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS for + new multi interface connection handling + - Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, + CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL and + CURLMOPT_PIPELINING_SERVER_BL for new pipelining control + - darwinssl: Fix build under Leopard + - DONE: consider callback-aborted transfers premature + - ntlm: Fixed memory leaks + - smtp: Fixed an issue when processing EHLO failure responses + - pop3: Fixed incorrect return value from pop3_endofresp() + - pop3: Fixed SASL authentication capability detection + - pop3: Fixed blocking SSL connect when connecting via POP3S + - imap: Fixed memory leak when performing multiple selects + - nss: fix misplaced code enabling non-blocking socket mode + - AddFormData: prevent only directories from being posted + - darwinssl: fix infinite loop if server disconnected abruptly + - metalink: fix improbable crash parsing metalink filename + - show proper host name on failed resolve + - MacOSX-Framework: Make script work in Xcode 4.0 and later + - strlcat: remove function + - darwinssl: Fix send glitchiness with data > 32 or so KB + - polarssl: better 1.1.x and 1.2.x support + - various documentation improvements + - multi: NULL pointer reference when closing an unused multi handle + - SOCKS: fix socks proxy when noproxy matched + - install-sh: updated to support multiple source files as arguments + - PolarSSL: added human readable error strings + - resolver_error: remove wrong error message output + - docs: updates HTML index and general improvements + - curlbuild.h.dist: enhance non-configure GCC ABI detection logic + - sasl: Fixed null pointer reference when decoding empty digest challenge + - easy: do not ignore poll() failures other than EINTR + - darwinssl: disable ECC ciphers under Mountain Lion by default + - CONNECT: count received headers + - build: fixes for VMS + - CONNECT: clear 'rewindaftersend' on success + - HTTP proxy: insert slash in URL if missing + - hiperfifo: updated to use current libevent API + - getinmemory.c: abort the transfer nicely if not enough memory + - improved win32 memorytracking + - corrected proxy header response headers count + - FTP quote operations on re-used connection + - tcpkeepalive on win32 + - tcpkeepalive on Mac OS X + - easy: acknowledge the CURLOPT_MAXCONNECTS option properly + - easy interface: restore default MAXCONNECTS to 5 + - win32: don't set SO_SNDBUF for windows vista or later versions + - HTTP: made cookie sort function more deterministic + - winssl: Fixed memory leak if connection was not successful + - FTP: wait on both connections during active STOR state + - connect: treat a failed local bind of an interface as a non-fatal error + - darwinssl: disable insecure ciphers by default + - FTP: handle "rubbish" in front of directory name in 257 responses + - mk-ca-bundle: Fixed lost OpenSSL output with "-t" +- remove upstreamed patches +- temporarily drop the switching of ports for tests as it causes test suite + failures +- add patch to fix linking of tests 1900 and 2033 + +* Tue Mar 12 2013 Paul Howarth - 7.29.0-4.0.cf +- do not ignore poll() failures other than EINTR (#919127) +- curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag (#919127) + +* Wed Mar 6 2013 Paul Howarth - 7.29.0-3.0.cf +- switch SSL socket into non-blocking mode after handshake +- drop the hide_selinux.c hack no longer needed in %%check + +* Fri Feb 22 2013 Paul Howarth - 7.29.0-2.0.cf +- fix a SIGSEGV when closing an unused multi handle (#914411) + +* Wed Feb 6 2013 Paul Howarth - 7.29.0-1.0.cf +- update to 7.29.0: + - fix POP3/IMAP/SMTP SASL buffer overflow vulnerability (CVE-2013-0249) + - test: offer "automake" output and check for perl better + - always-multi: always use non-blocking internals + - imap: added support for sasl digest-md5 authentication + - imap: added support for sasl cram-md5 authentication + - imap: added support for sasl ntlm authentication + - imap: added support for sasl login authentication + - imap: added support for sasl plain text authentication + - imap: added support for login disabled server capability + - mk-ca-bundle: add -f, support passing to stdout and more + - writeout: -w now supports remote_ip/port and local_ip/port + - nss: prevent NSS from crashing on client auth hook failure + - darwinssl: fixed inability to disable peer verification on Snow Leopard and + Lion + - curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE + - SCP: relative path didn't work as documented + - setup_once.h: HP-UX issue workaround + - configure: fix cross pkg-config detection + - runtests: do not add undefined values to @INC + - build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag + - multi: fix re-sending request on early connection close + - HTTP: remove stray CRLF in chunk-encoded content-free request bodies + - build: fix AIX compilation and usage of events/revents + - VC Makefiles: add missing hostcheck + - nss: clear session cache if a client certificate from file is used + - nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE + - fix HTTP CONNECT tunnel establishment upon delayed response + - --libcurl: fix for non-zero default options + - FTP: reject illegal port numbers in EPSV 229 responses + - build: use per-target '_CPPFLAGS' for those currently using default + - configure: fix automake 1.13 compatibility + - curl: ignore SIGPIPE + - pop3: added support for non-blocking SSL upgrade + - pop3: fixed default authentication detection + - imap: fixed usernames and passwords that contain escape characters + - packages/DOS/common.dj: remove COFF debug info generation + - imap/pop3/smtp: fixed failure detection during TLS upgrade + - pop3: fixed no known authentication mechanism when fallback is required + - formadd: reject trying to read a directory where a file is expected + - formpost: support quotes, commas and semicolon in file names + - docs: update the comments about loading CA certs with NSS + - docs: fix typos in man pages + - darwinssl: fix bug where packets were sometimes transmitted twice + - winbuild: include version info for .dll .exe + - schannel: Removed extended error connection setup flag + - VMS: fix and generate the VMS build config +- drop upstreamed patches and update others as needed + +* Tue Jan 15 2013 Paul Howarth - 7.28.1-3.0.cf +- prevent NSS from crashing on client auth hook failure +- clear session cache if a client cert from file is used +- fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE + +* Tue Nov 20 2012 Paul Howarth - 7.28.1-1.0.cf +- update to 7.28.1: + - metalink/md5: use CommonCrypto on Apple operating systems + - href_extractor: new example code extracting href elements + - NSS can be used for metalink hashing + - fix broken libmetalink-aware OpenSSL build + - gnutls: fix the error is fatal logic + - darwinssl: un-broke iOS build, fix error on server disconnect + - asyn-ares: restore functionality with c-ares < 1.6.1 + - tlsauthtype: deal with the string case insensitively + - fixed MSVC libssh2 static build + - evhiperfifo: fix the pointer passed to WRITEDATA + - BUGS: fix the bug tracker URL + - winbuild: use machine type of development environment + - FTP: prevent the multi interface from blocking + - uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES + - httpcustomheader.c: free the headers after use + - fix >2000 bytes POST over NTLM-using proxy + - redirects to URLs with fragments + - don't send '#' fragments when using proxy + - OpenSSL: show full issuer string + - fix HTTP auth regression + - CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value + - ftp: EPSV-disable fix over SOCKS + - Digest: Add microseconds into nounce calculation + - SCP/SFTP: improve error code used for send failures + - SSL: several SSL-backend related fixes + - removed the notorious "additional stuff not fine" debug output + - OpenSSL: disable SSL/TLS compression - avoid the "CRIME" attack + - FILE: make upload-writes unbuffered + - custom memory callbacks failure with HTTP proxy (and more) + - TFTP: handle resends + - autoconf: don't force-disable compiler debug option + - winbuild: fix PDB file output + - test2032: spurious failure caused by premature termination + - memory leak: CURLOPT_RESOLVE with multi interface +- re-enable test2032 +- update UTF8 and debug patches +- fix bogus dates in spec changelog + +* Wed Oct 31 2012 Paul Howarth - 7.28.0-1.0.cf +- update to 7.28.0: + - SSH: added agent based authentication + - ftp: active conn, allow application to set sockopt after accept() call + with CURLSOCKTYPE_ACCEPT + - multi: add curl_multi_wait() + - metalink: added support for Microsoft Windows CryptoAPI + - md5: added support for Microsoft Windows CryptoAPI + - parse_proxy: treat "socks://x" as a socks4 proxy + - socks: added support for IPv6 connections through SOCKSv5 proxy + - WSAPoll disabled on Windows builds due to its bugs + - fix segfault on request retries + - curl-config: parentheses fix + - VC build: add define for openssl + - globbing: fix segfault when >9 globs were used + - fixed a few clang-analyzer warnings + - metalink: change code order to build with gnutls-nettle + - gtls: fix build failure by including nettle-specific headers + - change preferred HTTP auth on a handle previously used for another auth + - file: use fdopen() to avoid race condition + - added DWANT_IDN_PROTOTYPES define for MSVC too + - verbose: fixed (nil) output of hostnames in re-used connections + - metalink: un-broke the build when building --with-darwinssl + - curl man page cleanup + - avoid leak of local device string when reusing connection + - Curl_socket_check: fix return code for timeout + - nss: do not print misleading NSS error codes + - configure: remove the --enable/disable-nonblocking options + - darwinssl: add TLS 1.1 and 1.2 support, replace deprecated functions + - NTLM: re-use existing connection better + - schannel crash on multi and easy handle cleanup + - SOCKS: truly disable it if CURL_DISABLE_PROXY is defined + - mk-ca-bundle: detect start of trust section better + - gnutls: do not fail on non-fatal handshake errors + - SMTP: only send SIZE if supported + - ftpserver: respond with a 250 to SMTP EHLO + - ssh: do not crash if MD5 fingerprint is not provided by libssh2 + - winbuild: added support for building with SPNEGO enabled + - metalink: fixed validation of binary files containing EOF + - setup.h: fixed for MS VC10 build + - cmake: use standard findxxx modules for cmake v2.8+ + - HTTP_ONLY: disable more protocols + - Curl_reconnect_request: clear pointer on failure + - https.c example: remember to call curl_global_init() + - metalink: Filter resource URLs by type + - multi interface: CURLOPT_LOW_SPEED_* fix during rate limitation + - curl_schannel: Removed buffer limit and optimized buffer strategy +- drop patches now included in upstream release +- update UTF8 and debug patches +- disable tests 1112 and 2032 for now + +* Mon Oct 1 2012 Paul Howarth - 7.27.0-3.1.cf +- do not crash if MD5 fingerprint is not provided by libssh2 + +* Mon Aug 6 2012 Paul Howarth - 7.27.0-3.0.cf +- use the upstream facility to disable problematic tests + +* Wed Aug 1 2012 Paul Howarth - 7.27.0-2.0.cf +- eliminate unnecessary inotify events on upload via file protocol (#844385) + +* Sat Jul 28 2012 Paul Howarth - 7.27.0-1.0.cf +- update to 7.27.0: + - nss: use human-readable error messages provided by NSS + - added --metalink for metalink download support + - pop3: added support for sasl plain text authentication + - pop3: added support for sasl login authentication + - pop3: added support for sasl ntlm authentication + - pop3: added support for sasl cram-md5 authentication + - pop3: added support for sasl digest-md5 authentication + - pop3: added support for apop authentication + - added support for Schannel (Native Windows) SSL/TLS encryption + - added support for Darwin SSL (Native Mac OS X and iOS) + - http: print reason phrase from HTTP status line on error + - pop3: fixed the issue of having to supply the user name for all requests + - configure: fix LDAPS disabling related misplaced closing parenthesis + - cmdline: made -D option work with -O and -J + - configure: fix libcurl.pc and curl-config generation for static MingW* + cross builds + - ssl: fix duplicated SSL handshake with multi interface and proxy + - winbuild: fix Makefile.vc ignoring USE_IPV6 and USE_IDN flags + - OpenSSL: support longer certificate subject names + - openldap: OOM fixes + - log2changes.pl: fix the Version output + - lib554.c: use curl_formadd() properly + - urldata.h: fix cyassl build clash with wincrypt.h + - cookies: changed the URL in the cookiejar headers + - http-proxy: keep CONNECT connections alive (for NTLM) + - NTLM SSPI: fixed to work with unicode user names and passwords + - OOM fix in the curl tool when cloning cmdline options + - fixed some examples to use curl_global_init() properly + - cmdline: stricter numerical option parser + - HTTP HEAD: don't force-close after response-headers + - test231: fix wrong -C use + - docs: switch to proper UTF-8 for text file encoding + - keepalive: DragonFly uses milliseconds + - HTTP Digest: Client's "qop" value should not be quoted + - make distclean works again +- update patches as necessary + +* Mon Jul 23 2012 Paul Howarth - 7.26.0-6.0.cf +- print reason phrase from HTTP status line on error (#676596) + +* Wed Jul 18 2012 Paul Howarth - 7.26.0-5.0.cf +- rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sat Jun 9 2012 Paul Howarth - 7.26.0-4.0.cf +- fix duplicated SSL handshake with multi interface and proxy (#788526) + +* Wed May 30 2012 Paul Howarth - 7.26.0-3.0.cf +- disable test 1319 on ppc64; server times out + +* Mon May 28 2012 Paul Howarth - 7.26.0-2.0.cf +- use human-readable error messages provided by NSS (upstream commit 72f4b534) + +* Thu May 24 2012 Paul Howarth - 7.26.0-1.0.cf +- update to 7.26.0: + - nss: the minimal supported version of NSS bumped to 3.12.x + - nss: human-readable names are now provided for NSS errors if available + - add a manual page for mk-ca-bundle + - added --post303 and the CURL_REDIR_POST_303 option for CURLOPT_POSTREDIR + - smtp: add support for DIGEST-MD5 authentication + - pop3: added support for additional pop3 commands + - nss: libcurl now uses NSS_InitContext() to prevent collisions if available + - URL parse: reject numerical IPv6 addresses outside brackets + - MD5: fix OOM memory leak + - OpenSSL cert: provide more details when cert check fails + - HTTP: empty chunked POST ended up in two zero size chunks + - fixed a regression when curl resolved to multiple addresses and the first + isn't supported + - -# progress meter: avoid superfluous updates and duplicate lines + - headers: surround GCC attribute names with double underscores + - PolarSSL: correct return code for CRL matches + - PolarSSL: include version number in version string + - PolarSSL: add support for asynchronous connect + - mk-ca-bundle: revert the LWP usage + - IPv6 cookie domain: get rid of the first bracket before the second + - connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails + - OpenSSL: made cert hostname check conform to RFC 6125 + - HTTP: reset expected DL/UL sizes on redirects + - CMake: fix Windows LDAP/LDAPS option handling + - CMake: fix MS Visual Studio x64 unsigned long long literal suffix + - configure: update detection logic of getaddrinfo() thread-safeness + - configure: check for gethostbyname in the watt lib + - curl-config.1: fix curl-config usage in example + - smtp: Fixed non-escaping of dot character at beginning of line + - MakefileBuild.vc: use the correct IDN variable + - autoconf: improve handling of versioned symbols + - curl.1: clarify -x usage + - curl: shorten user-agent + - smtp: issue with the multi-interface always sending postdata + - compile error with GnuTLS+Nettle fixed + - winbuild: fix IPv6 enabled build +- drop upstream patches +- re-diff other patches as necessary + +* Wed Apr 25 2012 Paul Howarth - 7.25.0-3.0.cf +- resync with Rawhide + +* Fri Apr 13 2012 Paul Howarth - 7.25.0-2.0.cf +- use NSS_InitContext() to initialize NSS if available (#738456) +- provide human-readable names for NSS errors (upstream commit a60edcc6) + +* Fri Mar 23 2012 Paul Howarth - 7.25.0-1.0.cf +- update to 7.25.0: + - configure: add option disable --libcurl output + - --ssl-allow-beast and CURLOPT_SSL_OPTIONS added + - added CURLOPT_TCP_KEEPALIVE, CURLOPT_TCP_KEEPIDLE, CURLOPT_TCP_KEEPINTVL + - curl: use new library-side TCP_KEEPALIVE options + - added a new CURLOPT_MAIL_AUTH option + - added support for --mail-auth + - --libcurl now also works with -F and more! + - --max-redirs: allow negative numbers as option value + - parse_proxy: bail out on zero-length proxy names + - configure: don't modify LD_LIBRARY_PATH for cross compiles + - curl_easy_reset: reset the referer string + - curl tool: don't abort glob-loop due to failures + - CONNECT: send correct Host: with IPv6 numerical address + - explicitly link to the nettle/gcrypt libraries + - more resilient connection times among IP addresses + - winbuild: fix IPV6 and IDN options + - SMTP: fixed error when using CURLOPT_CONNECT_ONLY + - cyassl: update to CyaSSL 2.0.x API + - smtp: fixed an issue with the EOB checking + - pop3: fixed drop of final CRLF in EOB checking + - smtp: fixed an issue with writing postdata + - smtp: added support for returning SMTP response codes + - CONNECT: fix ipv6 address in the Request-Line + - curl-config: only provide libraries with --libs + - LWIP: don't consider HAVE_ERRNO_H to be winsock + - ssh: tunnel through HTTP proxy if requested + - cookies: strip off [brackets] from numerical ipv6 host names + - libcurl docs: version corrections + - cmake: list_spaces_append_once failure + - resolve with c-ares: don't resolve IPv6 when not working + - smtp: changed error code for EHLO and HELO responses + - parsedate: fix a numeric overflow +- update debug, multilib and UTF8 patches +- drop support for distributions prior to FC-3: + - don't need to handle pkgconfig ≤ 0.15 with no URL support + - don't need workaround for RHL-9's LD_PRELOAD issues + +* Tue Jan 24 2012 Paul Howarth - 7.24.0-1.0.cf +- update to 7.24.0: + - curl was vulnerable to a data injection attack for certain protocols + (CVE-2012-0036, http://curl.haxx.se/docs/adv_20120124.html) + - curl was vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL + (CVE-2011-3389, http://curl.haxx.se/docs/adv_20120124B.html) + - CURLOPT_QUOTE: SFTP supports the '*'-prefix now + - CURLOPT_DNS_SERVERS: set name servers if possible + - add support for using nettle instead of gcrypt as gnutls backend + - CURLOPT_INTERFACE: avoid resolving interfaces names with magic prefixes + - added CURLOPT_ACCEPTTIMEOUT_MS + - configure: add symbols versioning option --enable-versioned-symbols + - SSL session share: move the age counter to the share object + - -J -O: use -O name if no Content-Disposition header comes! + - protocol_connect: show verbose connect and set connect time + - query-part: ignore the URI part for given protocols + - gnutls: only translate winsock errors for old versions + - POP3: fix end of body detection + - POP3: detect when LIST returns no mails + - TELNET: improved treatment of options + - configure: add support for pkg-config detection of libidn + - CyaSSL 2.0+ library initialization adjustment + - multi interface: only use non-NULL socker function pointer + - call opensocket callback properly for active FTP + - don't call close socket callback for sockets created with accept() + - differentiate better between host/proxy errors + - SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5 + - multi: handle timeouts on DNS servers by checking for new sockets + - CURLOPT_DNS_SERVERS: fix return code + - POP3: fixed escaped dot not being stripped out + - OpenSSL: check for the SSLv2 function in configure + - MakefileBuild: fix the static build + - create_conn: don't switch to HTTP protocol if tunneling is enabled + - multi interface: fix block when CONNECT_ONLY option is used + - fix connection reuse for TLS upgraded connections + - multiple file upload with -F and custom type + - multi interface: active FTP connections are no longer blocking + - Android build fix + - timer: restore PRETRANSFER timing + - libcurl.m4: fix quoting arguments of AC_LANG_PROGRAM + - appconnect time fixed for non-blocking connect ssl backends + - do not include SSL handshake into time spent waiting for 100-continue + - handle dns cache case insensitive + - use new host name casing for subsequent HTTP requests + - CURLOPT_RESOLVE: avoid adding already present host names + - SFTP mkdir: use correct permission + - resolve: don't leak pre-populated dns entries + - --retry: retry transfers on timeout and DNS errors + - negotiate with SSPI backend: use the correct buffer for input + - SFTP dir: increase buffer size counter to avoid cut off file names + - TFTP: fix resending (again) + - c-ares: don't include getaddrinfo-using code + - FTP: CURLE_PARTIAL_FILE will not close the control channel + - win32-threaded-resolver: stop using a dummy socket + - OpenSSL: remove reference to openssl internal struct + - OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option no longer enabled + - OpenSSL: fix PKCS#12 certificate parsing related memory leak + - OpenLDAP: fix LDAP connection phase memory leak + - Telnet: use correct file descriptor for telnet upload + - Telnet: Remove bogus optimisation of telnet upload + - URL parse: user name with ipv6 numerical address + - polarssl: show cipher suite name correctly with 1.1.0 + - polarssl: havege_rand is not present in version 1.1.0 (WARNING: we still + use the old API which is said to be insecure - see: + http://polarssl.org/trac/wiki/SecurityAdvisory201102) + - gnutls: enforced use of SSLv3 +- drop patches from upstream now included in release tarball +- don't include fix for broken applications with curl multi from Fedora 14 + onwards (#599340) +- update debug and UTF8 patches + +* Mon Jan 2 2012 Paul Howarth - 7.23.1-5.0.cf +- add upstream patch that allows FTPS tests to run with nss-3.13 (#760060) + +* Tue Dec 27 2011 Paul Howarth - 7.23.1-4.0.cf +- allow to run FTPS tests with nss-3.13 (#760060) + +* Mon Dec 26 2011 Paul Howarth - 7.23.1-3.0.cf +- avoid unnecessary timeout event when waiting for 100-continue (#767490) + +* Mon Nov 21 2011 Paul Howarth - 7.23.1-2.0.cf +- curl -JO now uses -O name if no C-D header comes (upstream commit c532604) + +* Fri Nov 18 2011 Paul Howarth - 7.23.1-1.0.cf +- update to 7.23.1: + - Windows: curl would fail if it found no CA cert, unless -k was used - even + if a non-SSL protocol URL was used + +* Wed Nov 16 2011 Paul Howarth - 7.23.0-1.0.cf +- update to 7.23.0: + - empty headers can be sent in HTTP requests by terminating with a semicolon + - SSL session sharing support added to curl_share_setopt() + - added support to MAIL FROM for the optional SIZE parameter + - smtp: added support for NTLM authentication + - curl tool: code split into tool_*.[ch] files + - handle HTTP redirects to "//hostname/path" + - SMTP without --mail-from caused segfault + - prevent extra progress meter headers between multiple files + - allow Content-Length to be replaced when sending HTTP requests + - curl now always sets postfieldsize to allow --data-binary and --data + to be mixed in the same command line + - curl_multi_fdset: avoid FD_SET out of bounds + - lots of MinGW build tweaks + - Curl_gethostname: return un-qualified machine name + - fixed the openssl version number configure check + - nss: certificates from files are no longer looked up by file base names + - returning abort from the progress function when using the multi interface + would not properly cancel the transfer and close the connection + - fix libcurl.m4 to not fail with modern gcc versions + - ftp: improved the failed PORT host name resolved error message + - TFTP timeout and unexpected block adjustments + - HTTP and GOPHER test server-side connection closing adjustments + - fix endless loop upon transport connection timeout + - don't clobber errno on failed connect + - typecheck: allow NULL to unset CURLOPT_ERRORBUFFER + - formdata: ack read callback abort + - make --show-error properly position independent + - set the ipv6-connection boolean correctly on connect + - SMTP: fix end-of-body string escaping + - gtls: only call gnutls_transport_set_lowat with - 7.22.0-2.0.cf +- nss: select client certificates by DER (#733657) + +* Tue Sep 13 2011 Paul Howarth - 7.22.0-1.0.cf +- update to 7.22.0: + - added CURLOPT_GSSAPI_DELEGATION + - added support for NTLM delegation to Samba's winbind daemon helper ntlm_auth + - display notes from setup file in testcurl.pl + - BSD-style lwIP TCP/IP stack experimental support on Windows + - OpenSSL: use SSL_MODE_RELEASE_BUFFERS if available + - --delegation was added to set CURLOPT_GSSAPI_DELEGATION + - nss: start with no database if the selected database is broken + - telnet: allow programatic use on Windows + - curl_getdate: detect some illegal dates better + - when sending a request and an error is received before the (entire) request + body is sent, stop sending the request and close the connection after + having received the entire response; this is equally true if an Expect: + 100-continue header was used + - when using both -J and a single -O with multiple URLs, a missing init + could cause a segfault + - -J fixed for escaped quotes + - -J fixed for file names with semicolons + - progress: reset flags at transfer start to avoid wrong + CURLINFO_CONTENT_LENGTH_DOWNLOAD + - curl_gssapi: guard files with HAVE_GSSAPI and rename private header + - silence picky compilers: mark unused parameters + - help output: more gnu-like output + - libtests: stop checking for CURLM_CALL_MULTI_PERFORM + - setting a non-HTTP proxy with an environment variable or with CURLOPT_PROXY + / --proxy (without specifying CURLOPT_PROXYTYPE) would still make it do + proxy-like HTTP requests + - CURLFORM_BUFFER: insert filename as documented (regression) + - SOCKS: fix the connect timeout + - ftp_doing: bail out on error properly while multi interfacing + - improved Content-Encoded decoding error message + - asyn-thread: check for dotted addresses before thread starts + - cmake: find winsock when building on windows + - Curl_retry_request: check return code + - cookies: handle 'secure=' as if it was 'secure' + - tests: break busy loops in tests 502, 555, and 573 + - FTP: fix proxy connect race condition with multi interface and SOCKS proxy + - RTSP: GET_PARAMETER requests have a body + - fixed several memory leaks in OOM situations + - bad expire(0) caused multi_socket API to hang + - avoid ftruncate() static define with mingw64 + - mk-ca-bundle.pl: ignore untrusted certs + - builds with PolarSSL 1.0.0 +- curl-config now provides dummy --static-libs option (#733956) +- update UTF8 patch + +* Sun Aug 21 2011 Paul Howarth - 7.21.7-4.1.cf +- actually fix SIGSEGV of curl -O -J given more than one URL (#723075) + +* Tue Aug 16 2011 Paul Howarth - 7.21.7-4.0.cf +- fix SIGSEGV of curl -O -J given more than one URL (#723075) +- introduce the --delegation option of curl (#730444) +- initialize NSS with no database if the selected database is broken (#728562) + +* Wed Aug 3 2011 Paul Howarth - 7.21.7-3.0.cf +- add a new option CURLOPT_GSSAPI_DELEGATION (#719939) + +* Wed Jul 13 2011 Paul Howarth - 7.21.7-2.0.cf +- for builds using c-ares, have libcurl require at least the version of c-ares + that it was built against to ensure that all required symbols are available + (similar issue to that with libssh2 fixed in 7.21.2-2.0.cf) +- upstream release no longer has spurious exec permissions for source files +- use a patch rather than a scripted iconv to re-code docs as UTF-8 +- fix dist tag for CentOS 6 and Scientific Linux + +* Thu Jun 23 2011 Paul Howarth - 7.21.7-1.0.cf +- update to 7.21.7: + - SECURITY ADVISORY: inappropriate GSSAPI delegation (CVE-2011-2192); full + details at http://curl.haxx.se/docs/adv_20110623.html + - recognize the [protocol]:// prefix in proxy hosts where the protocol is one + of socks4, socks4a, socks5 or socks5h + - added CURLOPT_CLOSESOCKETFUNCTION and CURLOPT_CLOSESOCKETDATA + - NTLM: work with unicode + - fix connect with SOCKS proxy when using the multi interface + - anyauthput.c: stdint.h must not be included unconditionally + - CMake: improved build + - SCP/SFTP enable non-blocking earlier + - GnuTLS handshake: fix timeout + - cyassl: build without filesystem + - HTTPS over HTTP proxy using the multi interface + - speedcheck: invalid timeout event on a reused handle + - force connection close for HTTP 200 OK when time condition matched + - curl_formget: fix FILE * leak + - configure: improved OpenSSL detection + - android build: support gingerbread + - CURLFORM_STREAM: acknowledge CURLFORM_FILENAME + - windows build: use correct MS CRT + - pop3: remove extra space in LIST command +- drop upstream patches + +* Wed Jun 8 2011 Paul Howarth - 7.21.6-3.0.cf +- avoid an invalid timeout event on a reused handle (#679709) + +* Wed May 25 2011 Paul Howarth - 7.21.6-2.0.cf +- further fix for https via http proxy + (http://curl.haxx.se/mail/lib-2011-05/0214.html) + +* Sat Apr 23 2011 Paul Howarth - 7.21.6-1.0.cf +- update to 7.21.6: + - added --tr-encoding and CURLOPT_TRANSFER_ENCODING + - curl-config: fix --version + - curl_easy_setopt.3: CURLOPT_PROXYTYPE clarification + - use HTTPS properly after CONNECT + - SFTP: close file before post quote operations +- drop upstreamed patches + +* Thu Apr 21 2011 Paul Howarth - 7.21.5-3.0.cf +- fix problem with https via http proxy falling back to http + (http://curl.haxx.se/mail/lib-2011-04/0134.html) + +* Mon Apr 18 2011 Paul Howarth - 7.21.5-2.0.cf +- fix the output of curl-config --version (upstream commit 82ecc85) + +* Mon Apr 18 2011 Paul Howarth - 7.21.5-1.0.cf +- update to 7.21.5: + - SOCKOPTFUNCTION: callback can say already-connected + - added --netrc-file + - added (new) support for cyassl + - TLS-SRP: enabled with OpenSSL + - added CURLE_NOT_BUILT_IN and CURLE_UNKNOWN_OPTION + - nss: avoid memory leak on SSL connection failure + - nss: do not ignore failure of SSL handshake + - multi: better failed connect handling when using FTP, SMTP, POP3 and IMAP + - runtests.pl: fix pid number concatenation that prevented it from killing + the correct process at times + - PolarSSL: return 0 on receiving TLS CLOSE_NOTIFY alert + - curl_easy_setopt.3: removed wrong reference to CURLOPT_USERPASSWORD + - multi: close connection on timeout + - IMAP in multi mode does SSL connections non-blocking + - honours the --disable-ldaps configure option + - force setopt constants written by --libcurl to be long + - ssh_connect: treat libssh2 return code better + - SFTP upload could stall the state machine when the multi_socket API was used + - SFTP and SCP could leak memory when used with the multi interface and + the connection was closed + - added missing file to repair the MSVC makefiles + - fixed detection of recvfrom arguments on Android/bionic + - GSS: handle reuse fix + - transfer: avoid insane conversion of time_t + - nss: do not ignore value of CURLOPT_SSL_VERIFYPEER in certain cases + - SMTP-multi: non-blocking connect + - SFTP-multi: set cselect for sftp and scp to fix "stall" risk + - configure: removed wrongly claimed default paths + - pop3: fixed torture tests to succeed + - symbols-in-versions: many corrections + - if a HTTP request gets retried because the connection was dead, rewind if + any data was sent as part of it + - only probe for working ipv6 once and then re-use that info for further + requests + - requests that are asked to bind to a local interface/port will no longer + wrongly re-use connections that aren't bound to that interface/port + - libcurl.m4: add missing quotes in AC_LINK_IFELSE + - progress output: don't print the last update on a separate line + - POP3: the command to send is STLS, not STARTTLS + - POP3: PASS command was not sent after upgrade to TLS + - configure: fix libtool warning + - nss: allow to use multiple client certificates for a single host + - HTTP pipelining: fix handling of zero-length responses + - don't list NTLM in curl-config when HTTP is disabled + - curl_easy_setopt.3: CURLOPT_RESOLVE typo version + - OpenSSL: build fine with no-sslv2 versions + - checkconnection: don't call with NULL pointer with RTSP and multi interface + - Borland makefile updates + - configure: libssh2 link fix without pkg-config + - certinfo crash + - CCC crash +- drop upstreamed patches +- update debug and pkgconfig patches +- nobody else likes macros for commands + +* Sat Mar 5 2011 Paul Howarth - 7.21.4-5.0.cf +- work around valgrind bug (#678518) + +* Tue Feb 22 2011 Paul Howarth - 7.21.4-2.0.cf +- do not ignore failure of SSL handshake (upstream commit 7aa2d10) + +* Thu Feb 17 2011 Paul Howarth - 7.21.4-1.0.cf +- update to 7.21.4: + - CURLINFO_FTP_ENTRY_PATH now supports SFTP + - introduced new framework for unit-testing + - ares: ask for both IPv4 and IPv6 addresses + - SMTP: add brackets for MAIL FROM + - multi: connect fail => use next IP address + - use the timeout when using multiple IP addresses similar to how the easy + interface does it + - cookies: tricked dotcounter fixed + - pubkey_show: allocate buffer to fit any-size result + - Curl_nss_connect: avoid PATH_MAX + - Curl_do: avoid using stale conn pointer + - tftpd test server: avoid buffer overflow report from glibc + - nss: avoid CURLE_OUT_OF_MEMORY given a file name without any slash + - nss: fix a bug in handling of CURLOPT_CAPATH + - OpenSSL get_cert_chain: support larger data sets + - SCP/SFTP transfers: acknowledge speedcheck + - connect problem: use UDP correctly + - OpenSSL: improved error message on SSL_CTX_new failures + - HTTP: memory leak on multiple Location: + - ares_query_completed_cb: don't touch invalid data + - ares: memory leak fix + - mk-ca-bundle: use new cacert url + - Curl_gmtime: added a portable gmtime and check for NULL + - curl.1: typo in -v description + - CURLOPT_SOCKOPTFUNCTION: return proper error code + - --keepalive-time: warn if not supported properly + - file: add support for CURLOPT_TIMECONDITION + - nss: avoid memory leaks and failure of NSS shutdown + - multi: fix CURLM_STATE_TOOFAST for multi_socket +- update debug patch +- avoid memory leak on SSL connection failure (upstream commit a40f58d) +- drop upstreamed patches +- drop ares-ipv6 patch + +* Tue Feb 8 2011 Paul Howarth - 7.21.3-3.0.cf +- rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 12 2011 Paul Howarth - 7.21.3-2.0.cf +- build libcurl with --enable-hidden-symbols + +* Thu Dec 16 2010 Paul Howarth - 7.21.3-1.0.cf +- update to 7.21.3: + - added --noconfigure switch to testcurl.pl + - added --xattr option + - added CURLOPT_RESOLVE and --resolve + - added CURLAUTH_ONLY + - added version-check.pl to the examples dir + - check for libcurl features for some command line options + - Curl_setopt: disallow CURLOPT_USE_SSL without SSL support + - http_chunks: remove debug output + - URL-parsing: consider ? a divider + - SSH: avoid using the libssh2_ prefix + - SSH: use libssh2_session_handshake() to work on win64 + - ftp: prevent server from hanging on closed data connection when stopping + a transfer before the end of the full transfer (ranges) + - LDAP: detect non-binary attributes properly + - ftp: treat server's response 421 as CURLE_OPERATION_TIMEDOUT + - gnutls->handshake: improved timeout handling + - security: pass the right parameter to init + - krb5: use GSS_ERROR to check for error + - TFTP: resend the correct data + - configure: fix autoconf 2.68 warning: no AC_LANG_SOURCE call detected + - GnuTLS: now detects socket errors on Windows + - symbols-in-versions: updated en masse + - added a couple of examples that were missing from the tarball + - Curl_send/recv_plain: return errno on failure + - Curl_wait_for_resolv (for c-ares): correct timeout + - ossl_connect_common: detect connection re-use + - configure: prevent link errors with --librtmp + - openldap: use remote port in URL passed to ldap_init_fd() + - url: provide dead_connection flag in Curl_handler::disconnect + - lots of compiler warning fixes + - ssh: fix a download resume point calculation + - fix getinfo CURLINFO_LOCAL* for reused connections + - multi: the returned running handles counter could turn negative + - multi: only ever consider pipelining for connections doing HTTP(S) +- drop upstream patches now in tarball +- update bz650255 and ares-ipv6 patches to apply against new codebase +- add workaround for false-positive glibc-detected buffer overflow in tftpd + test server with FORTIFY_SOURCE (similar to #515361) + +* Sat Nov 13 2010 Paul Howarth - 7.21.2-5.0.cf +- do not send QUIT to a dead FTP control connection (#650255) +- pull back glibc's implementation of str[n]casecmp(); #626470 appears fixed + +* Tue Nov 9 2010 Paul Howarth - 7.21.2-4.0.cf +- prevent FTP client from hanging on unrecognized ABOR response (#649347) +- return more appropriate error code in case FTP server session idle + timeout has been exceeded (#650255) + +* Fri Oct 29 2010 Paul Howarth - 7.21.2-3.0.cf +- prevent FTP server from hanging on closed data connection (#643656) + +* Thu Oct 14 2010 Paul Howarth - 7.21.2-2.0.cf +- enforce versioned libssh2 dependency for libcurl (#642796) + +* Wed Oct 13 2010 Paul Howarth - 7.21.2-1.0.cf +- update to 7.21.2: + - curl -T: ignore file size of special files + - added GOPHER protocol support + - c-ares build now requires c-ares >= 1.6.0 + - --remote-header-name security vulnerability fixed: + http://curl.haxx.se/docs/adv_20101013.html + - multi: support the timeouts correctly, fixes known bug #62 + - multi: use timeouts properly for MAX_RECV/SEND_SPEED + - negotiation: Wrong proxy authorization + - multi: avoid sending multiple complete messages + - cmdline: make -F type= accept ;charset= + - RESUME_FROM: clarify what ftp uploads do + - http: handle trailer headers in all chunked responses + - Curl_is_connected: use correct errno + - progress: callback for POSTs less than MAX_INITIAL_POST_SIZE + - link curl and the test apps with -lrt explicitly when necessary + - chunky parser: only rewind stream internally if needed + - remote-header-name: don't output filename when NULL + - Curl_timeleft: avoid returning "no timeout" by mistake + - timeout: use the correct start value as offset + - FTP: fix wrong timeout trigger + - buildconf got better output on failures + - rtsp: avoid SIGSEGV on malformed header + - LDAP: support for tunnelling queries through HTTP proxy + - configure's --enable-werror had a bashism + - test565: don't hardcode IP:PORT + - configure: check for gcrypt if using GnuTLS + - configure: don't enable RTMP if the lib detect fails + - curl_easy_duphandle: clone the c-ares handle correctly + - support URL containing colon without trailing port number + - parsedate: allow time specified without seconds + - curl_easy_escape: don't escape "unreserved" characters + - SFTP: avoid downloading negative sizes + - lots of GSS/KRB FTP fixes + - TFTP: work around tftpd-hpa upload bug + - libcurl.m4: several fixes + - HTTP: remove special case for 416 + - examples: use example.com in example URLs + - globbing: fix crash on unbalanced open brace + - cmake: build fixed +- drop upstream patches +- make 0102-curl-7.21.2-debug.patch less intrusive +- update workaround for broken applications using curl multi +- use LD_PRELOAD hack to get sshd running in test suite with SELinux enforcing +- drop SELinux buildreqs, no longer needed + +* Thu Sep 30 2010 Paul Howarth - 7.21.1-6.0.cf +- rebuild for gcc bug (#634757) + +* Sat Sep 11 2010 Paul Howarth - 7.21.1-5.0.cf +- make it possible to run SCP/SFTP tests on x86_64 (#632914) + +* Wed Sep 8 2010 Paul Howarth - 7.21.1-4.0.cf +- work around glibc/valgrind problem on x86_64 (#631449) + +* Tue Aug 24 2010 Paul Howarth - 7.21.1-3.0.cf +- sync patches with Rawhide +- drop dependency on automake for devel package from F-14, where + %%{_datadir}/aclocal is included in the filesystem package +- drop dependency on pkgconfig for devel package from F-11, where + pkgconfig dependencies are auto-generated + +* Mon Aug 23 2010 Paul Howarth - 7.21.1-2.1.cf +- fix kerberos proxy authentication for https (#625676) +- work around glibc/valgrind problem on x86_64 (#626470) + +* Thu Aug 19 2010 Paul Howarth - 7.21.1-2.0.cf +- modify system headers to work around gcc bug (#617757) +- curl -T now ignores file size of special files (#622520) + +* Thu Aug 12 2010 Paul Howarth - 7.21.1-1.0.cf +- update to 7.21.1: + - added support for NTLM authentication when compiled with NSS + - curl-config: --built-shared returns shared info + - multi: call the progress callback in all states + - multi: unmark handle as used when no longer head of pipeline + - sendrecv: treat all negative values from send/recv as errors + - ftp-wildcard: avoid tight loop when used without any pattern + - multi_socket: re-use of same socket without notifying app + - ftp wildcard: FTP LIST parser FIX + - urlglobbing backslash escaping bug + - multi: CURLINFO_LASTSOCKET doesn't work after remove_handle + - --libcurl: use *_LARGE options with typecasted constants + - --libcurl: hide setopt() calls setting default options + - curl: avoid setting libcurl options to its default + - --libcurl: list the tricky options instead of using [REMARK] + - http: don't enable chunked during authentication negotiations + - upload: warn users trying to upload from stdin with anyauth + - threaded resolver: fix timeout issue + - multi: fix condition that remove timers before trigger + - examples: add curl_multi_timeout + - --retry: access violation with URL part sets continued + - remote-header-name: chop filename at next semicolon + - ftp: response timeout bug in "quote" sending + - CUSTOMREQUEST: shouldn't be disabled when HTTP is disabled + - NTLM tests: boost coverage by forcing the hostname + - multi: fix FTPS connecting the data connection with OpenSSL + - retry: consider retrying even if -f is used + - fix SOCKS problem when using multi interface + - typecheck-gcc: add checks for recently added options + - SCP: send large files properly with new enough libssh2 + - multi_socket: set timeout for 100-continue + - ";type=" URL suffix over HTTP proxy + - acknowledge progress callback error returns during connect +- drop upstreamed NTLM-with-NSS patch +- rediff other patches where necessary +- use LD_PRELOAD with absolute directory on RHL-9 to avoid test failures + +* Mon Jun 28 2010 Paul Howarth - 7.21.0-2.0.cf +- add support for NTLM authentication (#603783) + +* Fri Jun 18 2010 Paul Howarth - 7.21.0-1.0.cf +- update to 7.21.0 + new features: + - added the --proto and -proto-redir options + - new configure option --enable-threaded-resolver + - improve TELNET ability with libcurl + - added support for PolarSSL + - added support for FTP wildcard matching and downloads + - added support for RTMP + - introducing new LDAP code for new enough OpenLDAP + - OpenLDAP support enabled for cygwin builds + - added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and CURLINFO_LOCAL_PORT + bugfixes: + - prevent needless reverse name lookups + - detect GSS on ancient Linux distros + - GnuTLS: EOF caused error when it wasn't + - GnuTLS: SSL handshake phase is non-blocking + - -J/--remote-header-name strips CRLF + - MSVC makefiles now use ws2_32.lib instead of wsock32.lib + - -O crash on windows + - SSL handshake timeout underflow in libcurl-NSS + - multi interface missed storing connection time + - broken CRL support in libcurl-NSS + - ignore response-body on redirect even if compressed + - OpenSSL handshake state-machine for multi interface + - TFTP timeout option sent correctly + - TFTP block id wrap + - curl_multi_socket_action() timeout handles inaccuracy in timers better + - SCP/SFTP failure to respect the timeout + - spurious SSL connection aborts with OpenSSL +- rename patches as per Fedora package +- drop applied patches +- update %%description + +* Fri Jun 4 2010 Paul Howarth - 7.20.1-8.0.cf +- workaround for broken applications using curl multi (#599340) +- enable threaded DNS lookup instead of using c-ares for F-12 and F-13 builds + +* Tue May 25 2010 Paul Howarth - 7.20.1-7.0.cf +- fix -J/--remote-header-name to strip CR-LF (upstream patch) + +* Wed May 12 2010 Paul Howarth - 7.20.1-6.0.cf +- CRL support now works again (#581926) +- fix dist tag for RHEL-6 Beta + +* Thu Apr 29 2010 Paul Howarth - 7.20.1-5.0.cf +- fix the test suite so that the SSH server can start in an SELinux enforcing + environment (#521087) + +* Sun Apr 25 2010 Paul Howarth - 7.20.1-4.0.cf +- upstream patch preventing failure of test536 with threaded DNS resolver +- upstream patch preventing SSL handshake timeout underflow + +* Tue Apr 20 2010 Paul Howarth - 7.20.1-2.1.cf +- experimentally enable threaded DNS lookup instead of using c-ares + (Rawhide [F-14] builds only) +- fix multilib confict in curl-config --configure (#584107) +- tighten up dependency on libcurl from libcurl-devel to use %%{?_isa} +- replace Rawhide s390-sleep patch with a more targeted patch adding a + delay after tests 513 and 514 rather than after all tests +- add patch disabling valgrind in test623 as it identifies a memory leak in + libssh2 and breaks the build + +* Tue Apr 20 2010 Paul Howarth - 7.20.1-1.1.cf +- sync patches with Rawhide +- remove redundant compiler/linker flags from libcurl.pc + +* Thu Apr 15 2010 Paul Howarth - 7.20.1-1.0.cf +- update to 7.20.1 (see RELEASE-NOTES for details) +- drop upstreamed patches +- add patch to fix GSSAPI support for ancient distros like RHEL-3 + +* Wed Mar 24 2010 Paul Howarth - 7.20.0-4.0.cf +- add missing quote in libcurl.m4 (#576252) +- resync cc-err patch with Fedora + +* Sun Mar 21 2010 Paul Howarth - 7.20.0-3.0.cf +- throw CURLE_SSL_CERTPROBLEM in case peer rejects a certificate (#565972) +- handle move of kerberos installation prefix in krb5 >= 1.8 +- drop libidn-devel dependency for libcurl-devel; no longer needed + +* Tue Feb 23 2010 Paul Howarth - 7.20.0-2.0.cf +- merge patches with Fedora: s390-sleep, debug, multilib, ares-ipv6 +- drop privlibs patch, no longer useful +- add patch forcing -lrt when linking the curl tool and test-cases + +* Tue Feb 9 2010 Paul Howarth - 7.20.0-1.0.cf +- update to 7.20.0 (added support for IMAP(S), POP3(S), SMTP(S) and RTSP) +- drop upstream patches +- update multilib, privlibs and s390-sleep patches + +* Sun Jan 31 2010 Paul Howarth - 7.19.7-11.0.cf +- upstream patch adding a new option -J/--remote-header-name +- dropped temporary workaround for #545779 + +* Tue Dec 22 2009 Paul Howarth - 7.19.7-9.0.cf +- re-enable c-ares support, with temporary workaround for IPv4/IPv6 issue + (ticket:2, #548269) - c-ares support is needed to resolve #539809 + +* Thu Dec 10 2009 Paul Howarth - 7.19.7-8.0.cf +- use different ports in the test suites for different builds so we can run + the builds in parallel +- temporary workaround for NSS_VersionCheck issues (#545779) +- skip the (lengthy) test suite on EOL Fedora releases (over ~400 days old); + the tests are still run for all RHEL releases, which should provide + sufficient back-compatibility coverage + +* Mon Dec 7 2009 Paul Howarth - 7.19.7-5.0.cf +- avoid use of uninitialized value in lib/nss.c +- attempt to fix failures for tests 513, 514, and 1097 +- no longer leave debug data for test suite around +- disable c-ares support (causes problems reaching hosts that have both IPv4 + and IPv6 addresses - http://curl.haxx.se/mail/lib-2009-12/0057.html) + +* Tue Dec 1 2009 Paul Howarth - 7.19.7-4.0.cf +- dist tag for Rawhide no longer needs special-casing + +* Thu Nov 12 2009 Paul Howarth - 7.19.7-3.0.cf +- fix crash on doubly closed NSPR descriptor (#534176) +- new version of patch for broken TLS servers (#525496, #527771) +- run test suite to completion and leave debug data around + +* Wed Nov 4 2009 Paul Howarth - 7.19.7-2.0.cf +- new upstream release, dropped applied patches +- workaround for broken TLS servers (#525496, #527771) +- build libcurl with c-ares support (#514771) +- update multilib and privlibs patches to match Fedora versions +- update debug patch to apply against 7.19.7 +- bump NSS version requirement to 3.12.3 (test suite now fails w/NSS on + Fedora 8 and 9 so revert to OpenSSL for those releases) + +* Sun Sep 27 2009 Paul Howarth - 7.19.6-10.0.cf +- explicitly buildreq/req libssh2 >= 1.2 due to its ABI change (#525002) +- note: unlike the Fedora package I'm not running the test suite with valgrind + as it takes long enough already and valgrind isn't available on some of the + ancient distros I'm supporting + +* Wed Sep 23 2009 Paul Howarth - 7.19.6-8.0.cf +- rebuild for libssh2 1.2 + +* Fri Sep 18 2009 Paul Howarth - 7.19.6-7.0.cf +- make curl test-suite more verbose + +* Fri Sep 18 2009 Paul Howarth - 7.19.6-6.0.cf +- update polling patch to the latest upstream version + +* Fri Sep 4 2009 Paul Howarth - 7.19.6-5.0.cf +- buildreq openssh server and clients for ssh coverage in test suite + +* Fri Sep 4 2009 Paul Howarth - 7.19.6-4.0.cf +- use pkg-config to find nss and libssh2 if possible +- better patch (not only) for SCP/SFTP polling +- improve error message for not matching common name (#516056) + +* Sun Aug 23 2009 Paul Howarth - 7.19.6-3.0.cf +- avoid tight loop during a sftp upload + (see http://permalink.gmane.org/gmane.comp.web.curl.library/24744) + +* Tue Aug 18 2009 Paul Howarth - 7.19.6-2.0.cf +- let curl package depend on the same version of libcurl +- change NSS code to not ignore the value of ssl.verifyhost and produce more + verbose error messages (#516056) +- renumber patches as per Fedora version +- avoid tests 513, 514, and 1097, which regularly fail on the buildsystem + +* Thu Aug 13 2009 Paul Howarth - 7.19.6-1.0.cf +- update to 7.19.6 +- drop FTP socket and NSS cert patches; issues now fixed upstream + +* Fri Jul 10 2009 Paul Howarth - 7.19.5-7.0.cf +- fix SIGSEGV when using NSS client certificates, thanks to Claes Jakobsson + +* Mon Jul 6 2009 Paul Howarth - 7.19.5-6.0.cf +- resync with Fedora + +* Sun Jul 5 2009 Paul Howarth - 7.19.5-5.0.cf +- run test suite after build (add buildreq stunnel) +- enable built-in manual (requires buildreq groff) + +* Wed Jun 24 2009 Paul Howarth - 7.19.5-4.0.cf +- Fedora version now fixes header multilib issue in much the same way as this + version (#504857) + +* Mon Jun 15 2009 Paul Howarth - 7.19.5-2.0.cf +- renumber patches as per Fedora version + +* Mon May 18 2009 Paul Howarth - 7.19.5-1.0.cf +- update to 7.19.5 +- remove upstreamed memory leak and infinite loop patches +- update debug patch (upstream moved from autoconf 2.61 to 2.63) + +* Tue May 12 2009 Paul Howarth - 7.19.4-11.0.cf +- fix infinite loop while loading a private key, thanks to Michael Cronenworth + (#453612) +- fix curl/nss memory leaks while using client certificate (#453612, accepted + by upstream) + +* Thu Apr 23 2009 Paul Howarth - 7.19.4-9.0.cf +- fix debuginfo creation (#496778), but unlike Fedora, without running the + autotools during the build process + +* Wed Apr 15 2009 Paul Howarth - 7.19.4-6.0.cf +- upstream patch fixing memory leak in lib/nss.c (#453612) + +* Wed Mar 18 2009 Paul Howarth - 7.19.4-5.0.cf +- enable 6 additional crypto algorithms by default (#436781, + accepted by upstream) + +* Mon Mar 16 2009 Paul Howarth - 7.19.4-4.0.cf +- fix memory leak in src/main.c (accepted by upstream) +- make libcurl-devel multilib-clean (#488922) + +* Mon Mar 9 2009 Paul Howarth - 7.19.4-2.0.cf +- drop .easy-leak patch, causes problems in pycurl (#488791) +- add libssh-devel dependency in libcurl-devel (#488895) + +* Thu Mar 5 2009 Paul Howarth - 7.19.4-1.0.cf +- update to 7.19.4 (fixes CVE-2009-0037, #485271) +- fix leak in curl_easy* functions, thanks to Kamil Dudka +- drop nss-fix patch, applied upstream + +* Tue Feb 17 2009 Paul Howarth - 7.19.3-1.1.cf +- add updated badsocket patch from Fedora, renamed to reflect curl version it + applies to +- add nss-fix patch from Fedora +- build using NSS rather than OpenSSL where supported again + +* Tue Jan 20 2009 Paul Howarth - 7.19.3-1.0.cf +- update to 7.19.3 + +* Fri Nov 14 2008 Paul Howarth - 7.19.2-1.0.cf +- update to 7.19.2 + +* Thu Nov 6 2008 Paul Howarth - 7.19.1-1.0.cf +- update to 7.19.1 +- NSS thread safety issues addressed upstream, patch removed + +* Fri Sep 19 2008 Paul Howarth - 7.19.0-1.2.cf +- NSS support is broken again, always build with OpenSSL + +* Thu Sep 4 2008 Paul Howarth - 7.19.0-1.1.cf +- add thread safety to libcurl NSS cleanup() functions (#459297) + +* Tue Sep 2 2008 Paul Howarth - 7.19.0-1.0.cf +- update to 7.19.0 +- drop badsocket patch, issue now addressed upstream +- drop nssproxy patch, now applied upstream + +* Fri Aug 22 2008 Paul Howarth - 7.18.2-5.0.cf +- remove note about libcurl.so.3 now that it's gone in Fedora too + +* Fri Aug 22 2008 Paul Howarth - 7.18.2-4.0.cf +- add note in %%description about not providing libcurl.so.3 + +* Fri Jul 4 2008 Paul Howarth - 7.18.2-3.0.cf +- enable support for libssh2 (#453958) +- tweak dist tag macros to work on current Rawhide with three-part releasenum + +* Wed Jun 18 2008 Paul Howarth - 7.18.2-2.0.cf +- fix curl_multi_perform() over a proxy (#450140), thanks to Rob Crittenden + +* Thu Jun 5 2008 Paul Howarth - 7.18.2-1.0.cf +- update to 7.18.2 + +* Wed May 7 2008 Paul Howarth - 7.18.1-2.0.cf +- use a different libtool hack to avoid bogus rpaths; no longer need to + buildreq libtool on x86_64 +- add ABI docs for libcurl + +* Mon Mar 31 2008 Paul Howarth - 7.18.1-1.0.cf +- update to 7.18.1 (fixes #397911) +- no longer need _GNU_SOURCE +- ca_bundle.crt no longer included upstream + +* Tue Feb 19 2008 Paul Howarth - 7.18.0-2.0.cf +- define _GNU_SOURCE so that NI_MAXHOST gets defined from glibc + +* Tue Jan 29 2008 Paul Howarth - 7.18.0-1.0.cf +- update to 7.18.0 +- update multilib patch (--static-libs option removed as we don't ship + static libs) +- drop curl-config patch, obsoleted by @SSL_ENABLED@ autoconf + substitution (#432667) +- sslgen patch now included upstream and no longer needed + +* Tue Jan 22 2008 Paul Howarth - 7.17.1-6.1.cf +- fix curl-devel obsoletes so that we don't break F8->F9 upgrade + path (#429612) + +* Fri Jan 11 2008 Paul Howarth - 7.17.1-5.1.cf +- do not attempt to close a bad socket (#427966), thanks to Caolan McNamara + +* Fri Dec 7 2007 Paul Howarth - 7.17.1-4.1.cf +- rebuild for new openldap in Rawhide + +* Fri Nov 30 2007 Paul Howarth - 7.17.1-3.1.cf +- add LDAP/LDAPS to %%description +- simplify compiler flag setup + +* Thu Nov 29 2007 Paul Howarth - 7.17.1-2.2.cf +- add -DHAVE_PK11_CREATEGENERICOBJECT to CPPFLAGS when building with NSS to + maintain compatibility with openssl-based builds +- explictly buildreq krb5-devel, needed for GSSAPI support +- rework pkgconfig version check to avoid SRPM build problems + +* Thu Nov 22 2007 Paul Howarth - 7.17.1-2.1.cf +- update description to contain complete supported servers list (#393861) + +* Mon Nov 19 2007 Paul Howarth - 7.17.1-1.3.cf +- include patch to enable SSL usage in NSS when a socket is opened + nonblocking, thanks to Rob Crittenden (rcritten@redhat.com) + +* Tue Nov 6 2007 Paul Howarth - 7.17.1-1.2.cf +- strip URL variable from pkgconfig file on older distributions + that have broken curl-config scripts in its presence + +* Thu Nov 1 2007 Paul Howarth - 7.17.1-1.1.cf +- update to 7.17.1 +- switch to NSS by default again for distributions that support it, but + support building using --without nss for traditional OpenSSL builds +- provide webclient (#225671) +- list features correctly when curl is compiled against NSS (#316191) +- create libcurl and libcurl-devel subpackages (#130251) + +* Fri Sep 14 2007 Paul Howarth - 7.17.0-1.1.cf +- update to 7.17.0 +- remove anonymous ftp login patch, now upstream +- remove LDAP version detection in spec since LDAP libraries are now linked + directly rather than using dlopen() +- enable LDAPS support +- make sure docs have UTF-8 encoding + +* Wed Sep 5 2007 Paul Howarth - 7.16.4-4.1.cf +- revert back to using OpenSSL by default (#266021), but support --with nss + as a build option for those distributions that support it + +* Mon Aug 27 2007 Paul Howarth - 7.16.4-3.2.cf +- use nss rather than openssl for Fedora 5, RHEL 5 onwards + +* Fri Aug 24 2007 Paul Howarth - 7.16.4-3.1.cf +- rebuild for BuildID inclusion + (http://fedoraproject.org/wiki/Releases/FeatureBuildId) + +* Fri Aug 10 2007 Jindrich Novy - 7.16.4-2 +- fix anonymous ftp login (#251570), thanks to David Cantrell + +* Wed Jul 11 2007 Paul Howarth - 7.16.4-1.1.cf +- update to 7.16.4 + +* Mon Jun 25 2007 Paul Howarth - 7.16.3-1.1.cf +- update to 7.16.3 +- remove print like crazy patch, no longer needed + +* Fri Jun 22 2007 Paul Howarth - 7.16.2-6.cf +- move docs/CONTRIBUTE to devel package + +* Mon Jun 18 2007 Jindrich Novy - 7.16.2-5 +- don't print like crazy (#236981), backported from upstream CVS + +* Fri Jun 1 2007 Paul Howarth - 7.16.2-2.cf +- package libcurl.m4 in curl-devel (#239664), thanks to Quy Tonthat + +* Thu Apr 12 2007 Paul Howarth - 7.16.2-1.cf +- update to 7.16.2 +- update multilib and privlibs patches +- try to avoid spurious linker options for looking in standard libraries +- don't create/ship static libraries (#225671) +- honour %%{_smp_mflags} +- try to preserve timestamps where possible by using install -p + +* Thu Mar 22 2007 Paul Howarth - 7.16.1-2.cf +- use versioned obsolete for compat-libcurl +- buildreq libidn-devel + +* Tue Jan 30 2007 Paul Howarth - 7.16.1-1.cf +- update to 7.16.1 +- don't package generated makefiles for docs/examples to avoid + multilib conflicts +- update privlibs patch, not fully incorporated upstream +- remove redundant buildreq automake +- use system libtool to avoid bogus rpaths on x86_64 +- fix dist tag for Fedora 7 + +* Wed Nov 22 2006 Paul Howarth - 7.16.0-3.cf +- prevent curl from dlopen()ing missing ldap libraries so that ldap:// + requests work without needing openldap-devel at runtime (#215928) + +* Wed Nov 1 2006 Paul Howarth - 7.16.0-2.cf +- add Requires: pkgconfig for curl-devel +- move LDFLAGS and LIBS to Libs.private in libcurl.pc.in (#213278) +- fix multilib problem using pkg-config + +* Mon Oct 30 2006 Paul Howarth - 7.16.0-1.cf +- update to 7.16.0 +- further dist tag tweaks for rawhide +- convert spec file to UTF8 + +* Thu Sep 14 2006 Paul Howarth - 7.15.5-2.cf +- fix dist tag for development releases +- add buildreq zlib-devel + +* Mon Aug 7 2006 Paul Howarth - 7.15.5-1.cf +- update to 7.15.5 +- define %%{__id_u} in a more portable way + +* Mon Jun 12 2006 Paul Howarth - 7.15.4-1.cf +- update to 7.15.4 + +* Tue Mar 21 2006 Paul Howarth - 7.15.3-2.cf +- fix multilib problem - #181290 - + curl-devel.i386 not installable together with curl-devel.x86-64 + +* Mon Mar 20 2006 Paul Howarth - 7.15.3-1.cf +- update to 7.15.3 + +* Tue Feb 28 2006 Paul Howarth - 7.15.2-1.cf +- update to 7.15.2 +- support building on CentOS + +* Wed Dec 7 2005 Paul Howarth - 7.15.1-1.cf +- update to 7.15.1 +- remove buildroot unconditionally in %%clean and %%install +- simplify distribution detection +- include pkgconfig file in devel subpackage + +* Fri Oct 14 2005 Paul Howarth - 7.15.0-1.cf +- compat package renamed to libcurlVERSION for forward compatibility when a new + soname is used in upstream curl, so that multiple versions of the libcurl + library can be installed in parallel +- don't use %%{_bindir} in command paths, use /usr/bin explicitly +- spec file cleanup + +* Mon Sep 5 2005 Paul Howarth - 7.14.1-2.cf +- build fully distro-specific packages to avoid dependency issues + +* Fri Sep 2 2005 Paul Howarth - 7.14.1-1.cf +- update to 7.14.1 + +* Wed Jul 27 2005 Paul Howarth - 7.14.0-3.cf +- different summary, group, and description in compat mode +- use the correct cert bundle location for FC4 +- use exclude in the file lists rather than deleting files from + the buildroot +- add explicit requirement for the CA bundle file +- license is MIT, not MPL + +* Thu Jun 30 2005 Paul Howarth - 7.14.0-2.cf +- enable building with dist tag if required: + e.g. $ rpmbuild --define "dist .fc4" ... + +* Tue May 17 2005 Paul Howarth - 7.14.0-1.cf +- update to 7.14.0 + +* Wed Apr 6 2005 Paul Howarth - 7.13.2-1.cf +- update to 7.13.2 +- remove SSL patch, included upstream + +* Sat Mar 5 2005 Paul Howarth - 7.13.1-1.cf +- update to 7.13.1 +- add patch to fix SSL breakage +- modify install process to avoid need for path patch + +* Fri Feb 25 2005 Paul Howarth - 7.13.0-2.cf +- fix for CAN-2005-0490 + +* Wed Feb 2 2005 Paul Howarth - 7.13.0-1.cf +- update to 7.13.0 + +* Mon Jan 31 2005 Paul Howarth - 7.12.3-2.cf +- add .cf repo tag +- remove INSTALL from docs +- enable GSSAPI auth (#129353) + +* Tue Dec 21 2004 Paul Howarth - 7.12.3-1 +- update to 7.12.3 + +* Fri Nov 26 2004 Paul Howarth - 7.12.2-2 +- add libidn-devel dependency to curl-devel + (http://www.redhat.com/archives/fedora-list/2004-November/msg07551.html) + +* Tue Oct 19 2004 Paul Howarth - 7.12.2-1 +- update to 7.12.2 + +* Wed Oct 6 2004 Paul Howarth - 7.12.1-2 +- include facility to build compat-libcurl package containing + only the library +- remove certaltname patch completely +- include COPYING +- general tidy-up of spec file + +* Wed Aug 11 2004 Paul Howarth - 7.12.1-1 +- update to 7.12.1 + +* Thu Jun 03 2004 Paul Howarth - 7.12.0-1 +- update to 7.12.0 + +* Tue Apr 27 2004 Paul Howarth - 7.11.2-1 +- update to 7.11.2 +- remove parts of curl-7.10.6-certaltname.patch that fix + no-longer-applicable cosmetic issues and rename to + curl-7.11.2-certaltname.patch + +* Mon Mar 22 2004 Paul Howarth - 7.11.1-1 +- update to 7.11.1 +- remove no-longer-applicable curl-7.10.4-nousr.patch + +* Fri Jan 23 2004 Paul Howarth - 7.11.0-1 +- update to 7.11.0 + +* Wed Oct 15 2003 Adrian Havill - 7.10.6-7 +- aclocal before libtoolize +- move OpenLDAP license so it's present as a doc file, present in + both the source and binary as per conditions + +* Mon Oct 13 2003 Adrian Havill - 7.10.6-6 +- add OpenLDAP copyright notice for usage of code, add OpenLDAP + license for this code + +* Tue Oct 07 2003 Adrian Havill - 7.10.6-5 +- match serverAltName certs with SSL (#106168) + +* Tue Sep 16 2003 Adrian Havill - 7.10.6-4.1 +- bump n-v-r for RHEL + +* Tue Sep 16 2003 Adrian Havill - 7.10.6-4 +- restore ca cert bundle (#104400) +- require openssl, we want to use its ca-cert bundle + +* Sun Sep 7 2003 Joe Orton - 7.10.6-3 +- rebuild + +* Fri Sep 5 2003 Joe Orton - 7.10.6-2.2 +- fix to include libcurl.so + +* Mon Aug 25 2003 Adrian Havill - 7.10.6-2.1 +- bump n-v-r for RHEL + +* Mon Aug 25 2003 Adrian Havill - 7.10.6-2 +- devel subpkg needs openssl-devel as a Require (#102963) + +* Mon Jul 28 2003 Adrian Havill - 7.10.6-1 +- bumped version + +* Tue Jul 01 2003 Adrian Havill - 7.10.5-1 +- bumped version + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Sat Apr 12 2003 Florian La Roche +- update to 7.10.4 +- adapt nousr patch + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Tue Jan 21 2003 Joe Orton - 7.9.8-4 +- don't add -L/usr/lib to 'curl-config --libs' output + +* Tue Jan 7 2003 Nalin Dahyabhai - 7.9.8-3 +- rebuild + +* Wed Nov 6 2002 Joe Orton - 7.9.8-2 +- fix `curl-config --libs` output for libdir!=/usr/lib +- remove docs/LIBCURL from docs list; remove unpackaged libcurl.la +- libtoolize and reconf + +* Mon Jul 22 2002 Trond Eivind Glomsrød - 7.9.8-1 +- 7.9.8 (# 69473) + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Sun May 26 2002 Tim Powers +- automated rebuild + +* Thu May 16 2002 Trond Eivind Glomsrød - 7.9.7-1 +- 7.9.7 + +* Wed Apr 24 2002 Trond Eivind Glomsrød - 7.9.6-1 +- 7.9.6 + +* Thu Mar 21 2002 Trond Eivind Glomsrød - 7.9.5-2 +- Stop the curl-config script from printing -I/usr/include + and -L/usr/lib (#59497) + +* Fri Mar 8 2002 Trond Eivind Glomsrød - 7.9.5-1 +- 7.9.5 + +* Tue Feb 26 2002 Trond Eivind Glomsrød - 7.9.3-2 +- Rebuild + +* Wed Jan 23 2002 Nalin Dahyabhai - 7.9.3-1 +- update to 7.9.3 + +* Wed Jan 09 2002 Tim Powers - 7.9.2-2 +- automated rebuild + +* Wed Jan 9 2002 Trond Eivind Glomsrød - 7.9.2-1 +- 7.9.2 + +* Fri Aug 17 2001 Nalin Dahyabhai +- include curl-config in curl-devel +- update to 7.8 to fix memory leak and strlcat() symbol pollution from libcurl + +* Wed Jul 18 2001 Crutcher Dunnavant +- added openssl-devel build req + +* Mon May 21 2001 Tim Powers +- built for the distro + +* Tue Apr 24 2001 Jeff Johnson +- upgrade to curl-7.7.2. +- enable IPv6. + +* Fri Mar 2 2001 Tim Powers +- rebuilt against openssl-0.9.6-1 + +* Thu Jan 4 2001 Tim Powers +- fixed mising ldconfigs +- updated to 7.5.2, bug fixes + +* Mon Dec 11 2000 Tim Powers +- updated to 7.5.1 + +* Mon Nov 6 2000 Tim Powers +- update to 7.4.1 to fix bug #20337, problems with curl -c +- not using patch anymore, it's included in the new source. Keeping + for reference + +* Fri Oct 20 2000 Nalin Dahyabhai +- fix bogus req in -devel package + +* Fri Oct 20 2000 Tim Powers +- devel package needed defattr so that root owns the files + +* Mon Oct 16 2000 Nalin Dahyabhai +- update to 7.3 +- apply vsprintf/vsnprintf patch from Colin Phipps via Debian + +* Mon Aug 21 2000 Nalin Dahyabhai +- enable SSL support +- fix packager tag +- move buildroot to %%{_tmppath} + +* Tue Aug 1 2000 Tim Powers +- fixed vendor tag for bug #15028 + +* Mon Jul 24 2000 Prospector +- rebuilt + +* Tue Jul 11 2000 Tim Powers +- workaround alpha build problems with optimizations + +* Mon Jul 10 2000 Tim Powers +- rebuilt + +* Mon Jun 5 2000 Tim Powers +- put man pages in correct place +- use %%makeinstall + +* Mon Apr 24 2000 Tim Powers +- updated to 6.5.2 + +* Wed Nov 3 1999 Tim Powers +- updated sources to 6.2 +- gzip man page + +* Mon Aug 30 1999 Tim Powers +- changed group + +* Thu Aug 26 1999 Tim Powers +- changelog started +- general cleanups, changed prefix to /usr, added manpage to files section +- including in Powertools diff --git a/libmetalink/0001-fix-covscan-issues.patch b/libmetalink/0001-fix-covscan-issues.patch new file mode 100644 index 0000000..c5d2824 --- /dev/null +++ b/libmetalink/0001-fix-covscan-issues.patch @@ -0,0 +1,54 @@ +From 204c580643f7c52364520926b9df3a621fab6df7 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Tue, 24 Jul 2018 15:10:40 +0200 +Subject: [PATCH] fix covscan issues + +--- + lib/libexpat_metalink_parser.c | 3 +++ + lib/metalink_pctrl.c | 2 ++ + 2 files changed, 5 insertions(+) + +diff --git a/lib/libexpat_metalink_parser.c b/lib/libexpat_metalink_parser.c +index 4e73aef..79b091c 100644 +--- a/lib/libexpat_metalink_parser.c ++++ b/lib/libexpat_metalink_parser.c +@@ -29,6 +29,7 @@ + + #include + #include ++#include + #include + #include + +@@ -56,6 +57,8 @@ static void split_ns_name(const char** localname, + *localname = sep+1; + len = sep-src; + temp = malloc((len+1) * sizeof **ns_uri); ++ if (temp == NULL) ++ exit(EXIT_FAILURE); + memcpy(temp, src, len); + temp[len] = '\0'; + *ns_uri = temp; +diff --git a/lib/metalink_pctrl.c b/lib/metalink_pctrl.c +index c25989b..e6fb8f8 100644 +--- a/lib/metalink_pctrl.c ++++ b/lib/metalink_pctrl.c +@@ -469,6 +469,7 @@ metalink_error_t metalink_pctrl_file_set_language(metalink_pctrl_t* ctrl, const + l = strdup(language); + ctrl->languages = metalink_list_new(); + if(!ctrl->languages || !l || metalink_list_append(ctrl->languages, l) != 0) { ++ if (l) free(l); + return METALINK_ERR_BAD_ALLOC; + } + +@@ -486,6 +487,7 @@ metalink_error_t metalink_pctrl_file_set_os(metalink_pctrl_t* ctrl, const char* + o = strdup(os); + ctrl->oses = metalink_list_new(); + if(!ctrl->oses || !o || metalink_list_append(ctrl->oses, o) != 0) { ++ if (o) free(o); + return METALINK_ERR_BAD_ALLOC; + } + +-- +2.17.1 + diff --git a/libmetalink/README.md b/libmetalink/README.md new file mode 100644 index 0000000..a0f456f --- /dev/null +++ b/libmetalink/README.md @@ -0,0 +1,16 @@ +# libmetalink upstream +On a CentOS 8 system run + + dnf download libmetalink --source + +# Reason for being in ffs-dependencies +FreeFileSync follows libcurl, and to build libcurl you need libmetalink-devel. +CentOS 8 provides libmetalink, but does not provide libmetalink-devel as of 2019-10-10. + +# Reverse dependency matrix +Distro | FreeFileSync version | libmetalink version +---------- | -------------------- | --------------- +CentOS 8 | 10.16 | same as distro + +# Differences from upstream +No changes. diff --git a/libmetalink/libmetalink-0.1.3.tar.bz2 b/libmetalink/libmetalink-0.1.3.tar.bz2 new file mode 100644 index 0000000..068bde6 Binary files /dev/null and b/libmetalink/libmetalink-0.1.3.tar.bz2 differ diff --git a/libmetalink/libmetalink.spec b/libmetalink/libmetalink.spec new file mode 100644 index 0000000..755d6e5 --- /dev/null +++ b/libmetalink/libmetalink.spec @@ -0,0 +1,146 @@ +Name: libmetalink +Version: 0.1.3 +Release: 7%{?dist} +Summary: Metalink library written in C +Group: System Environment/Libraries +License: MIT +URL: https://launchpad.net/libmetalink +Source0: https://launchpad.net/libmetalink/trunk/%{name}-%{version}/+download/%{name}-%{version}.tar.bz2 +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: gcc +BuildRequires: git +BuildRequires: expat-devel +BuildRequires: CUnit-devel + +Patch0: 0001-fix-covscan-issues.patch + +%description +libmetalink is a Metalink C library. It adds Metalink functionality such as +parsing Metalink XML files to programs written in C. + +%package devel +Summary: Files needed for developing with %{name} +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +Files needed for building applications with libmetalink. + +%prep +%autosetup -S git + +%build +%configure --disable-static +make %{?_smp_mflags} + +%check +make check + +%install +rm -rf $RPM_BUILD_ROOT +make install DESTDIR=$RPM_BUILD_ROOT +find $RPM_BUILD_ROOT -name *.la -exec rm {} \; + +%ldconfig_scriptlets + +%files +%defattr(-,root,root,-) +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc README +%{_libdir}/libmetalink.so.* + + +%files devel +%defattr(-,root,root,-) +%dir %{_includedir}/metalink/ +%{_includedir}/metalink/metalink_error.h +%{_includedir}/metalink/metalink.h +%{_includedir}/metalink/metalink_parser.h +%{_includedir}/metalink/metalink_types.h +%{_includedir}/metalink/metalinkver.h +%{_libdir}/libmetalink.so +%{_libdir}/pkgconfig/%{name}.pc +%{_mandir}/man3/* + + +%changelog +* Tue Jul 24 2018 Martin Sehnoutka - 0.1.3-7 +- Resolves: #1606986 Fix issues found by covscan + +* Wed Feb 07 2018 Fedora Release Engineering - 0.1.3-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Feb 03 2018 Igor Gnatenko - 0.1.3-5 +- Switch to %%ldconfig_scriptlets + +* Thu Aug 03 2017 Fedora Release Engineering - 0.1.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.1.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 0.1.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Nov 16 2016 Alejandro Alvarez - 0.1.3-1 +- New upstream release + +* Thu Feb 04 2016 Fedora Release Engineering - 0.1.2-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 0.1.2-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sun Aug 17 2014 Fedora Release Engineering - 0.1.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Fri Jul 18 2014 Tom Callaway - 0.1.2-6 +- fix license handling + +* Sat Jun 07 2014 Fedora Release Engineering - 0.1.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Aug 03 2013 Fedora Release Engineering - 0.1.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Jun 13 2013 Alejandro Alvarez - 0.1.2-3 +- Added BuildRequires: CUnit-devel +- Added %%check section +- Removed %%defattr +- Moved man pages to devel package. There is no need for -doc + +* Mon Jun 10 2013 Alejandro Alvarez - 0.1.2-2 +- Escaped macros in changelog +- Changed packages summaries +- Renamed -docs to -doc, and changed its group to Documentation +- Fixed -devel dependencies +- Removed -docs dependency on the main package +- All header files specified explicitly + +* Mon Apr 22 2013 Alejandro Alvarez - 0.1.2-1 +- Updated for new upstream release +- Man pages moved to libmetalink-docs package + +* Fri Jan 13 2012 Fedora Release Engineering - 0.0.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Feb 08 2011 Fedora Release Engineering - 0.0.3-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Jul 24 2009 Fedora Release Engineering - 0.0.3-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu May 07 2009 Ant Bryan - 0.0.3-4 +- Remove Provides: libmetalink-static = %%{version}-%%{release} + +* Tue May 06 2009 Ant Bryan - 0.0.3-3 +- Use %%{_docdir} instead of /usr/share/doc +- Own /usr/include/metalink + +* Wed Apr 29 2009 Ant Bryan - 0.0.3-2 +- Incorporate suggested changes: remove .la files, --disable static. + +* Mon Apr 27 2009 Ant Bryan - 0.0.3-1 +- Initial package, 0.0.3. + diff --git a/libpsl/README.md b/libpsl/README.md new file mode 100644 index 0000000..ecf18f0 --- /dev/null +++ b/libpsl/README.md @@ -0,0 +1,16 @@ +# libpsl upstream +On a CentOS 8 system run + + dnf download libpsl --source + +# Reason for being in ffs-dependencies: +FreeFileSync follows libcurl, and to build libcurl you need libpsl-devel. +CentOS 8 provides libpsl, but does not provide libpsl-devel as of 2019-10-10. + +# Reverse dependency matrix +Distro | FreeFileSync version | libpsl version +---------- | -------------------- | --------------- +CentOS 8 | 10.16 | same as distro + +# Differences from upstream +No changes. diff --git a/libpsl/libpsl-0.20.2.tar.gz b/libpsl/libpsl-0.20.2.tar.gz new file mode 100644 index 0000000..19cf507 Binary files /dev/null and b/libpsl/libpsl-0.20.2.tar.gz differ diff --git a/libpsl/libpsl.spec b/libpsl/libpsl.spec new file mode 100644 index 0000000..5c90387 --- /dev/null +++ b/libpsl/libpsl.spec @@ -0,0 +1,263 @@ +Name: libpsl +Version: 0.20.2 +Release: 5%{?dist} +Summary: C library for the Publix Suffix List +License: MIT +URL: https://rockdaboot.github.io/libpsl +Source0: https://github.com/rockdaboot/libpsl/releases/download/libpsl-%{version}/libpsl-%{version}.tar.gz +BuildRequires: gcc +BuildRequires: gettext-devel +BuildRequires: glib2-devel +BuildRequires: gtk-doc +BuildRequires: libicu-devel +BuildRequires: libidn2-devel +BuildRequires: libunistring-devel +BuildRequires: libxslt +BuildRequires: publicsuffix-list +BuildRequires: python3-devel +Requires: publicsuffix-list-dafsa + +%description +libpsl is a C library to handle the Public Suffix List. A "public suffix" is a +domain name under which Internet users can directly register own names. + +Browsers and other web clients can use it to + +- Avoid privacy-leaking "supercookies"; +- Avoid privacy-leaking "super domain" certificates; +- Domain highlighting parts of the domain in a user interface; +- Sorting domain lists by site; + +Libpsl... + +- has built-in PSL data for fast access; +- allows to load PSL data from files; +- checks if a given domain is a "public suffix"; +- provides immediate cookie domain verification; +- finds the longest public part of a given domain; +- finds the shortest private part of a given domain; +- works with international domains (UTF-8 and IDNA2008 Punycode); +- is thread-safe; +- handles IDNA2008 UTS#46; + +%package devel +Summary: Development files for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: publicsuffix-list + +%description devel +This package contains libraries and header files for +developing applications that use %{name}. + +%package -n psl +Summary: Commandline utility to explore the Public Suffix List + +%description -n psl +This package contains a commandline utility to explore the Public Suffix List, +for example it checks if domains are public suffixes, checks if cookie-domain +is acceptable for domains and so on. + +%package -n psl-make-dafsa +Summary: Compiles the Public Suffix List into DAFSA form + +%description -n psl-make-dafsa +This script produces C/C++ code or an architecture-independent binary object +which represents a Deterministic Acyclic Finite State Automaton (DAFSA) +from a plain text Public Suffix List. + + +%prep +%setup -q +rm -frv list +sed -i -e "1s|#!.*|#!%{__python3}|" src/psl-make-dafsa + +%build +# Tarballs from github have 2 versions, one is raw files from repo, and +# the other one from CDN contains pre-generated autotools files. +# But makefile hack is not upstreamed yet so we continue reconfiguring these. +# [ -f configure ] || autoreconf -fiv +# autoreconf -fiv + +# libicu does allow support for a newer IDN specification (IDN 2008) than +# libidn 1.x (IDN 2003). However, libpsl mostly relies on an internally +# compiled list, which is generated at buildtime and the testsuite thereof +# requires either libidn or libicu only at buildtime; the runtime +# requirement is only for loading external lists, which IIUC neither curl +# nor wget support. libidn2 supports IDN 2008 as well, and is *much* smaller +# than libicu. +# +# curl (as of 7.51.0-1.fc25) and wget (as of 1.19-1.fc26) now depend on libidn2. +# Therefore, we use libidn2 at runtime to help minimize core dependencies. +%configure --disable-silent-rules \ + --disable-static \ + --enable-man \ + --enable-gtk-doc \ + --enable-builtin=libicu \ + --enable-runtime=libidn2 \ + --with-psl-distfile=%{_datadir}/publicsuffix/public_suffix_list.dafsa \ + --with-psl-file=%{_datadir}/publicsuffix/effective_tld_names.dat \ + --with-psl-testfile=%{_datadir}/publicsuffix/test_psl.txt + +# avoid using rpath +sed -i libtool \ + -e 's|^\(runpath_var=\).*$|\1|' \ + -e 's|^\(hardcode_libdir_flag_spec=\).*$|\1|' + +%make_build + +%install +%make_install + +# the script is noinst but the manpage is installed +install -m0755 src/psl-make-dafsa %{buildroot}%{_bindir}/ + +find %{buildroot} -name '*.la' -delete -print + +%check +make check || cat tests/test-suite.log + +%ldconfig_scriptlets + +%files +%license COPYING +%{_libdir}/libpsl.so.5 +%{_libdir}/libpsl.so.5.* + +%files devel +%doc AUTHORS NEWS +%{_datadir}/gtk-doc/html/libpsl/ +%{_includedir}/libpsl.h +%{_libdir}/libpsl.so +%{_libdir}/pkgconfig/libpsl.pc +%{_mandir}/man3/libpsl.3* + +%files -n psl +%doc AUTHORS NEWS +%license COPYING +%{_bindir}/psl +%{_mandir}/man1/psl.1* + +%files -n psl-make-dafsa +%license COPYING +%{_bindir}/psl-make-dafsa +%{_mandir}/man1/psl-make-dafsa.1* + +%changelog +* Fri Jul 27 2018 Kamil Dudka - 0.20.2-5 +- avoid using rpath in the psl executable (#1533448) + +* Fri Jul 13 2018 Fedora Release Engineering - 0.20.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jun 19 2018 Miro Hrončok - 0.20.2-3 +- Rebuilt for Python 3.7 + +* Tue May 22 2018 Yaakov Selkowitz - 0.20.2-2 +- Rebuilt for publicsuffix-list 20180514 + +* Tue May 01 2018 Yaakov Selkowitz - 0.20.2-1 +- Update to 0.20.2 (#1572887) + +* Wed Feb 28 2018 Yaakov Selkowitz - 0.20.1-1 +- Update to 0.20.1 (#1548604) + +* Wed Feb 07 2018 Fedora Release Engineering - 0.19.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Feb 03 2018 Igor Gnatenko - 0.19.1-2 +- Switch to %%ldconfig_scriptlets + +* Tue Nov 14 2017 Yaakov Selkowitz - 0.19.1-1 +- new version (#1511463) + +* Fri Aug 11 2017 Yaakov Selkowitz - 0.18.0-1 +- new version (#1473465) + +* Thu Aug 03 2017 Fedora Release Engineering - 0.17.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.17.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 0.17.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Jan 17 2017 Yaakov Selkowitz - 0.17.0-1 +- new version (#1413791) + +* Thu Jan 5 2017 Yaakov Selkowitz - 0.16.1-1 +- new version (#1403620) + +* Tue Nov 15 2016 Yaakov Selkowitz - 0.15.0-1 +- new version (#1394761) + +* Fri Nov 04 2016 Yaakov Selkowitz - 0.14.0-2 +- Switch to libidn2 at runtime +- Rebuilt with publicsuffix-list-20161028 + +* Mon Aug 15 2016 Yaakov Selkowitz - 0.14.0-1 +- new version (#1361781) + +* Thu Mar 31 2016 Yaakov Selkowitz - 0.13.0-1 +- new version (#1313825) +- Use libidn at runtime, libicu only at buildtime (#1305701) + +* Thu Feb 04 2016 Fedora Release Engineering - 0.12.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Jan 22 2016 Christopher Meng - 0.12.0-1 +- Update to 0.12.0 + +* Wed Oct 28 2015 David Tardon - 0.7.0-7 +- rebuild for ICU 56.1 + +* Tue Aug 04 2015 Christopher Meng - 0.7.0-6 +- Rebuild for publicsuffix-list-20150731 + +* Wed Jun 17 2015 Fedora Release Engineering - 0.7.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Feb 28 2015 Christopher Meng - 0.7.0-4 +- Rebuild for publicsuffix-list-20150226 + +* Fri Feb 20 2015 Christopher Meng - 0.7.0-3 +- Rebuild for publicsuffix-list-20150217 + +* Sun Feb 15 2015 Christopher Meng - 0.7.0-2 +- Correct the dependency + +* Mon Feb 02 2015 Christopher Meng - 0.7.0-1 +- Update to 0.7.0 + +* Mon Jan 26 2015 David Tardon - 0.6.2-2 +- rebuild for ICU 54.1 + +* Thu Nov 20 2014 Christopher Meng - 0.6.2-1 +- Update to 0.6.2 + +* Tue Aug 26 2014 David Tardon - 0.5.1-3 +- rebuild for ICU 53.1 + +* Sun Aug 17 2014 Fedora Release Engineering - 0.5.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Mon Aug 04 2014 Christopher Meng - 0.5.1-1 +- Update to 0.5.1 +- Drop patch merged upstream + +* Sat Aug 02 2014 Christopher Meng - 0.5.0-3 +- Add a patch from Jakub Čajka to complete the tests on non-x86 arch. + +* Thu Jul 24 2014 Christopher Meng - 0.5.0-2 +- Drop useless test data +- Add missing gettext-devel +- psl is now separately packaged recommended by the upstream + +* Fri Jul 04 2014 Christopher Meng - 0.5.0-1 +- Update to 0.5.0 + +* Tue Jul 01 2014 Christopher Meng - 0.4.0-1 +- Update to 0.4.0 + +* Tue Apr 08 2014 Christopher Meng - 0.2-1 +- Initial Package. diff --git a/libssh2/README.md b/libssh2/README.md new file mode 100644 index 0000000..e9b08c7 --- /dev/null +++ b/libssh2/README.md @@ -0,0 +1,14 @@ +# libssh2 upstream +http://mirror.city-fan.org/ftp/contrib/yum-repo/rhel7/source/libssh2-1.9.0-2.0.cf.rhel7.src.rpm + +# Reason for being in ffs-dependencies +FreeFileSync follows libssh2 very aggressively. + +# Reverse dependency matrix +Distro | FreeFileSync version | libssh2 version +---------- | -------------------- | --------------- +CentOS 7 | 10.16 | 1.9.0 + +# Differences from upstream +Disable tests in rpm spec, and rename package slightly. +See file [stackrpms-libssh2.spec.diff](stackrpms-libssh2.spec.diff) diff --git a/libssh2/libssh2-1.7.0-pkgconfig.patch b/libssh2/libssh2-1.7.0-pkgconfig.patch new file mode 100644 index 0000000..838c234 --- /dev/null +++ b/libssh2/libssh2-1.7.0-pkgconfig.patch @@ -0,0 +1,13 @@ +Remove libdir from pkg-config --libs output, as it's a standard place +on Fedora + +--- libssh2.pc.in ++++ libssh2.pc.in +@@ -12,6 +12,6 @@ URL: http://www.libssh2.org/ + Description: Library for SSH-based communication + Version: @LIBSSH2VER@ + Requires.private: @LIBSREQUIRED@ +-Libs: -L${libdir} -lssh2 @LIBS@ ++Libs: -lssh2 @LIBS@ + Libs.private: @LIBS@ + Cflags: -I${includedir} diff --git a/libssh2/libssh2.spec b/libssh2/libssh2.spec new file mode 100644 index 0000000..1e846ee --- /dev/null +++ b/libssh2/libssh2.spec @@ -0,0 +1,807 @@ +# Detect the distribution in use +%global __despace head -n 1 | tr -d '[:space:]' | sed -e 's/[(].*[)]//g' +%global __lower4 cut -c 1-4 | tr '[:upper:]' '[:lower:]' +%global __distfile %([ -f /etc/SuSE-release ] && echo /etc/SuSE-release || echo /etc/redhat-release) +%global __distinit %(sed -e 's/ release .*//' -e 's/\\([A-Za-z]\\)[^ ]*/\\1/g' %{__distfile} | %{__despace} | %{__lower4}) +%global __distvers %(sed -e 's/.* release \\([^. ]*\\).*/\\1/' %{__distfile} | %{__despace}) +# Identify CentOS Linux and Scientific Linux as rhel +%if "%{__distinit}" == "c" || "%{__distinit}" == "cl" || "%{__distinit}" == "sl" || "%{__distinit}" == "sls" +%global __distinit rhel +%endif +# Dist tag for Fedora is still "fc" +%if "%{__distinit}" == "f" +%global __distinit fc +%endif + +# Define %%{__isa_bits} for old releases +%{!?__isa_bits: %global __isa_bits %((echo '#include '; echo __WORDSIZE) | cpp - | grep -Ex '32|64')} + +%global shortname libssh2 +Name: libssh2-freefilesync +Version: 1.9.0 +Release: 3.0.stack.%{__distinit}%{__distvers} +Summary: A library implementing the SSH2 protocol +License: BSD +URL: http://www.libssh2.org/ +# stackrpms: use https for copr build +Source0: https://libssh2.org/download/libssh2-%{version}.tar.gz +Patch0: libssh2-1.7.0-pkgconfig.patch +BuildRequires: coreutils +BuildRequires: findutils +BuildRequires: gcc +BuildRequires: make +BuildRequires: openssl-devel > 1:1.0.1 +BuildRequires: pkgconfig +BuildRequires: sed +BuildRequires: zlib-devel +BuildRequires: /usr/bin/man +%if 0%{?fedora} > 20 || 0%{?rhel} > 7 +BuildRequires: hostname +%else +BuildRequires: /bin/hostname +%endif +# OpenSSH server used in test suite +BuildRequires: openssh-server +# Need a valid locale to run the mansyntax check +%if 0%{?fedora} > 23 || 0%{?rhel} > 7 +BuildRequires: glibc-langpack-en +%endif +# We use matchpathcon from libselinux-utils to get the correct SELinux context +# for the ssh server initialization script so that it can transition correctly +# in an SELinux environment +BuildRequires: libselinux-utils +BuildRequires: selinux-policy-targeted +Obsoletes: libssh2 + +%description +libssh2 is a library implementing the SSH2 protocol as defined by +Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), +SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, +SECSH-DHGEX(04), and SECSH-NUMBERS(10). + +%package devel +Summary: Development files for libssh2 +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: pkgconfig + +%description devel +The libssh2-devel package contains libraries and header files for +developing applications that use libssh2. + +%package docs +Summary: Documentation for libssh2 +Requires: %{name} = %{version}-%{release} +BuildArch: noarch + +%description docs +The libssh2-docs package contains man pages and examples for +developing applications that use libssh2. + +%prep +%setup -q -n %{shortname}-%{version} + +# Replace hard wired port number in the test suite to avoid collisions +# between 32-bit and 64-bit builds running on a single build-host +sed -i s/4711/47%{?__isa_bits}/ tests/ssh2.{c,sh} + +# Fix pkg-config --libs output (#1279966) +%patch0 + +# Make sshd transition appropriately if building in an SELinux environment +chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || : +chcon -R $(/usr/sbin/matchpathcon -n /etc) tests/etc || : +chcon $(/usr/sbin/matchpathcon -n /etc/ssh/ssh_host_key) tests/etc/{host,user} || : + +%build +export CPPFLAGS="$(pkg-config --cflags openssl)" +%configure --disable-silent-rules --disable-static --enable-shared +make %{?_smp_mflags} + +%install +make install DESTDIR=%{buildroot} INSTALL="install -p" +find %{buildroot} -name '*.la' -delete + +# clean things up a bit for packaging +make -C example clean +rm -rf example/.deps +find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -delete + +# avoid multilib conflict on libssh2-devel +mv -v example example.%{_arch} + +%check +echo "Running tests for %{_arch}" +# The SSH test will fail if we don't have /dev/tty, as is the case in some +# versions of mock (#672713) +if [ ! -c /dev/tty ]; then + echo Skipping SSH test due to missing /dev/tty + echo "exit 0" > tests/ssh2.sh +fi +# Apparently it fails in the sparc and arm buildsystems too +%ifarch %{sparc} %{arm} +echo Skipping SSH test on sparc/arm +echo "exit 0" > tests/ssh2.sh +%endif +# mansyntax check fails on PPC* and aarch64 with some strange locale error +%ifarch ppc %{power64} aarch64 +echo "Skipping mansyntax test on PPC* and aarch64" +echo "exit 0" > tests/mansyntax.sh +%endif +# stackrpms: disable tests for copr build +#LC_ALL=en_US.UTF-8 make -C tests check + +%if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} <= 27) +# ldconfig replaced by RPM File Triggers from Fedora 28 +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig +%endif + +%files +%if 0%{?_licensedir:1} +%license COPYING +%else +%doc COPYING +%endif +%doc docs/AUTHORS ChangeLog README RELEASE-NOTES +%{_libdir}/libssh2.so.1 +%{_libdir}/libssh2.so.1.* + +%files docs +%doc docs/BINDINGS docs/HACKING docs/TODO NEWS +%{_mandir}/man3/libssh2_*.3* + +%files devel +%doc example.%{_arch}/ +%{_includedir}/libssh2.h +%{_includedir}/libssh2_publickey.h +%{_includedir}/libssh2_sftp.h +%{_libdir}/libssh2.so +%{_libdir}/pkgconfig/libssh2.pc + +%changelog +* Wed Oct 09 2019 Ben Stack - 1.9.0-3.0.stack +- Disable tests so it will build in copr + +* Tue Sep 17 2019 Ben Stack - 1.9.0-2.0.stack +- Disable tests so it will build in copr + +* Fri Jul 26 2019 Paul Howarth - 1.9.0-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Jun 20 2019 Paul Howarth - 1.9.0-1.0.cf +- Update to 1.9.0 + - Fixed integer overflow leading to out-of-bounds read (CVE-2019-13115) + - Adds ECDSA keys and host key support when using OpenSSL + - Adds ED25519 key and host key support when using OpenSSL 1.1.1 + - Adds OpenSSH style key file reading + - Adds AES CTR mode support when using WinCNG + - Adds PEM passphrase protected file support for libgcrypt and WinCNG + - Adds SHA256 hostkey fingerprint + - Adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() + - Adds explicit zeroing of sensitive data in memory + - Adds additional bounds checks to network buffer reads + - Adds the ability to use the server default permissions when creating sftp directories + - Adds support for building with OpenSSL no engine flag + - Adds support for building with LibreSSL + - Increased sftp packet size to 256k + - Fixed oversized packet handling in sftp + - Fixed building with OpenSSL 1.1 + - Fixed a possible crash if sftp stat gets an unexpected response + - Fixed incorrect parsing of the KEX preference string value + - Fixed conditional RSA and AES-CTR support + - Fixed a small memory leak during the key exchange process + - Fixed a possible memory leak of the ssh banner string + - Fixed various small memory leaks in the backends + - Fixed possible out of bounds read when parsing public keys from the server + - Fixed possible out of bounds read when parsing invalid PEM files + - No longer null terminates the scp remote exec command + - Now handle errors when Diffie Hellman key pair generation fails + - Fixed compiling on Windows with the flag STDCALL=ON + - Improved building instructions + - Improved unit tests +- Needs OpenSSL ≥ 1.0.1 now as ECC support is assumed + +* Tue Mar 26 2019 Paul Howarth - 1.8.2-1.0.cf +- Update to 1.8.2 + - Fixed the misapplied userauth patch that broke 1.8.1 + - Moved the MAX size declarations from the public header + +* Tue Mar 19 2019 Paul Howarth - 1.8.1-1.0.cf +- Update to 1.8.1 + - Fixed possible integer overflow when reading a specially crafted packet + (CVE-2019-3855) + - Fixed possible integer overflow in userauth_keyboard_interactive with a + number of extremely long prompt strings (CVE-2019-3863) + - Fixed possible integer overflow if the server sent an extremely large + number of keyboard prompts (CVE-2019-3856) + - Fixed possible out of bounds read when processing a specially crafted + packet (CVE-2019-3861) + - Fixed possible integer overflow when receiving a specially crafted exit + signal message channel packet (CVE-2019-3857) + - Fixed possible out of bounds read when receiving a specially crafted exit + status message channel packet (CVE-2019-3862) + - Fixed possible zero byte allocation when reading a specially crafted SFTP + packet (CVE-2019-3858) + - Fixed possible out of bounds reads when processing specially crafted SFTP + packets (CVE-2019-3860) + - Fixed possible out of bounds reads in _libssh2_packet_require(v) + (CVE-2019-3859) +- Fix mis-applied patch in the fix of CVE-2019-3859 + - https://github.com/libssh2/libssh2/issues/325 + - https://github.com/libssh2/libssh2/pull/327 + +* Mon Feb 4 2019 Paul Howarth - 1.8.0-10.0.cf +- Explicitly run the test suite in the en_US.UTF-8 locale to work around flaky + locale settings in mock builders + +* Fri Jul 13 2018 Paul Howarth - 1.8.0-8.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Feb 14 2018 Paul Howarth - 1.8.0-7.0.cf +- ldconfig replaced by RPM File Triggers from Fedora 28 + +* Tue Sep 12 2017 Paul Howarth - 1.8.0-5.0.cf +- scp: Do not NUL-terminate the command for remote exec (#1489736, GH#208) +- Make devel package dependency on main package arch-specific + +* Thu Jul 27 2017 Paul Howarth - 1.8.0-4.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Paul Howarth - 1.8.0-3.0.cf +- Drop support for EOL distributions prior to F-13 + - Drop BuildRoot: and Group: tags + - Drop explicit buildroot cleaning in %%install section + - Drop explicit %%clean section + - noarch sub-packages always available now + - libselinux-utils always available now + +* Sat Feb 11 2017 Paul Howarth - 1.8.0-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Oct 25 2016 Paul Howarth - 1.8.0-1.0.cf +- Update to 1.8.0 + - Added a basic dockerised test suite + - crypto: Add support for the mbedTLS backend + - libgcrypt: Fixed a NULL pointer dereference on OOM + - VMS: Can't use %%zd for off_t format + - VMS: Update vms/libssh2_config.h + - Windows: Link with crypt32.lib + - libssh2_channel_open: Speeling error fixed in channel error message + - msvc: Fixed 14 compilation warnings + - tests: HAVE_NETINET_IN_H was not defined correctly + - openssl: Add OpenSSL 1.1.0 compatibility + - cmake: Add CLEAR_MEMORY option, analogously to that for autoconf + - configure: Make the --with-* options override the OpenSSL default + - libssh2_wait_socket: Set err_msg on errors + - libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds + +* Thu Oct 20 2016 Paul Howarth - 1.7.0-7.0.cf +- Make curl test suite work again with valgrind enabled + +* Wed Oct 12 2016 Paul Howarth - 1.7.0-6.0.cf +- Include upstream fix for OpenSSL 1.1.0 compatibility + +* Sun Mar 6 2016 Paul Howarth - 1.7.0-5.0.cf +- Move large NEWS file to docs package +- Use -delete with find + +* Wed Feb 24 2016 Paul Howarth - 1.7.0-3.0.cf +- diffie_hellman_sha1: Convert bytes to bits (additional fix for CVE-2016-0787) +- Drop UTF-8 patch, which breaks things rather than fixes them + +* Tue Feb 23 2016 Paul Howarth - 1.7.0-1.0.cf +- Update to 1.7.0 + - diffie_hellman_sha256: convert bytes to bits (CVE-2016-0787); see + http://www.libssh2.org/adv_20160223.html + - libssh2_session_set_last_error: Add function + - mac: Add support for HMAC-SHA-256 and HMAC-SHA-512 + - WinCNG: support for SHA256/512 HMAC + - kex: Added diffie-hellman-group-exchange-sha256 support + - OS/400 crypto library QC3 support + - SFTP: Increase speed and datasize in SFTP read + - openssl: Make libssh2_sha1 return error code + - openssl: Fix memleak in _libssh2_dsa_sha1_verify() + - cmake: Include CMake files in the release tarballs + - Fix builds with Visual Studio 2015 + - hostkey.c: Fix compiling error when OPENSSL_NO_MD5 is defined + - GNUmakefile: Add support for LIBSSH2_LDFLAG_EXTRAS + - GNUmakefile: Add -m64 CFLAGS when targeting mingw64 + - kex: free server host key before allocating it (again) + - SCP: Add libssh2_scp_recv2 to support large (> 2GB) files on windows + - channel: Detect bad usage of libssh2_channel_process_startup + - userauth: Fix off by one error when reading public key file + - kex: Removed dupe entry from libssh2_kex_methods + - _libssh2_error: Support allocating the error message + - hostkey: Fix invalid memory access if libssh2_dsa_new fails + - hostkey: Align code path of ssh_rsa_init to ssh_dss_init + - libssh2.pc.in: Fix the output of pkg-config --libs + - wincng: Fixed possible memory leak in _libssh2_wincng_hash + - wincng: Fixed _libssh2_wincng_hash_final return value + - Add OpenSSL 1.1.0-pre2 compatibility + - agent_disconnect_unix: Unset the agent fd after closing it + - sftp: Stop reading when buffer is full + - sftp: Send at least one read request before reading + - sftp: Don't return EAGAIN if data was written to buffer + - sftp: Check read packet file offset + - configure: build "silent" if possible + - openssl: Add OpenSSL 1.1.0-pre3-dev compatibility + - GNUmakefile: List system libs after user libs +- Update pkgconfig patch + +* Thu Feb 4 2016 Paul Howarth - 1.6.0-4.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Nov 10 2015 Paul Howarth - 1.6.0-3.0.cf +- Fix pkg-config --libs output (#1279966) + +* Thu Jun 18 2015 Paul Howarth - 1.6.0-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sun Jun 14 2015 Paul Howarth - 1.6.0-1.0.cf +- Update to 1.6.0 + - Added CMake build system + - Added libssh2_userauth_publickey_frommemory() + - wait_socket: Wrong use of difftime() + - userauth: Fixed prompt text no longer being copied to the prompt's struct + - mingw build: Allow to pass custom CFLAGS + - Let mansyntax.sh work regardless of where it is called from + - Init HMAC_CTX before using it + - direct_tcpip: Fixed channel write + - WinCNG: Fixed backend breakage + - OpenSSL: Fix bug caused by introducing libssh2_hmac_ctx_init + - userauth.c: Fix possible dereferences of a null pointer + - wincng: Added explicit clear memory feature to WinCNG backend + - openssl.c: Fix possible segfault in case EVP_DigestInit fails + - wincng: Fix return code of libssh2_md5_init() + - kex: Do not ignore failure of libssh2_sha1_init() + - scp: Fix that scp_send may transmit uninitialized memory + - scp.c: Improved command length calculation + - nonblocking examples: Fix warning about unused tvdiff on Mac OS X + - configure: Make clear-memory default but WARN if backend unsupported + - OpenSSL: Enable use of OpenSSL that doesn't have DSA + - OpenSSL: Use correct no-blowfish #define + - kex: Fix libgcrypt memory leaks of bignum + - libssh2_channel_open: More detailed error message + - wincng: Fixed memleak in (block) cipher destructor + +* Wed Mar 11 2015 Paul Howarth - 1.5.0-1.0.cf +- Update to 1.5.0 + - Added Windows Cryptography API: Next Generation based backend + - Security Advisory for CVE-2015-1782, using SSH_MSG_KEXINIT data unbounded + - Missing _libssh2_error in _libssh2_channel_write + - knownhost: Fix DSS keys being detected as unknown + - knownhost: Restore behaviour of 'libssh2_knownhost_writeline' with short + buffer + - libssh2.h: On Windows, a socket is of type SOCKET, not int + - libssh2_priv.h: A 1 bit bit-field should be unsigned + - Windows build: Do not export externals from static library + - Fixed two potential use-after-frees of the payload buffer + - Fixed a few memory leaks in error paths + - userauth: Fixed an attempt to free from stack on error + - agent_list_identities: Fixed memory leak on OOM + - knownhosts: Abort if the hosts buffer is too small + - sftp_close_handle: Ensure the handle is always closed + - channel_close: Close the channel even in the case of errors + - Docs: Added missing libssh2_session_handshake.3 file + - Docs: Fixed a bunch of typos + - userauth_password: Pass on the underlying error code + - _libssh2_channel_forward_cancel: Accessed struct after free + - _libssh2_packet_add: Avoid using uninitialized memory + - _libssh2_channel_forward_cancel: Avoid memory leaks on error + - _libssh2_channel_write: Client spins on write when window full + - Windows build: Fix build errors + - publickey_packet_receive: Avoid junk in returned pointers + - channel_receive_window_adjust: Store windows size always + - userauth_hostbased_fromfile: Zero assign to avoid uninitialized use + - configure: Change LIBS not LDFLAGS when checking for libs + - agent_connect_unix: Make sure there's a trailing zero + - MinGW build: Fixed redefine warnings + - sftpdir.c: Added authentication method detection + - Watcom build: Added support for WinCNG build + - configure.ac: Replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS + - sftp_statvfs: Fix for servers not supporting statfvs extension + - knownhost.c: Use LIBSSH2_FREE macro instead of free + - Fixed compilation using mingw-w64 + - knownhost.c: Fixed that 'key_type_len' may be used uninitialized + - configure: Display individual crypto backends on separate lines + - Examples on Windows: Check for WSAStartup return code + - Examples on Windows: Check for socket return code + - agent.c: Check return code of MapViewOfFile + - kex.c: Fix possible NULL pointer de-reference with session->kex + - packet.c: Fix possible NULL pointer de-reference within listen_state + - Tests on Windows: Check for WSAStartup return code + - userauth.c: Improve readability and clarity of for-loops + - Examples on Windows: Use native SOCKET-type instead of int + - packet.c: i < 256 was always true and i would overflow to 0 + - kex.c: Make sure mlist is not set to NULL + - session.c: Check return value of session_nonblock in debug mode + - session.c: Check return value of session_nonblock during startup + - userauth.c: Make sure that sp_len is positive and avoid overflows + - knownhost.c: Fix use of uninitialized argument variable wrote + - openssl: Initialise the digest context before calling EVP_DigestInit() + - libssh2_agent_init: Init ->fd to LIBSSH2_INVALID_SOCKET + - configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib + - configure.ac: Rework crypto library detection + - configure.ac: Reorder --with-* options in --help output + - configure.ac: Call zlib zlib and not libz in text but keep option names + - Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro + - sftp: seek: Don't flush buffers on same offset + - sftp: statvfs: Along error path, reset the correct 'state' variable + - sftp: Add support for fsync (OpenSSH extension) + - _libssh2_channel_read: Fix data drop when out of window + - comp_method_zlib_decomp: Improve buffer growing algorithm + - _libssh2_channel_read: Honour window_size_initial + - window_size: Redid window handling for flow control reasons + - knownhosts: Handle unknown key types + +* Fri Oct 10 2014 Paul Howarth - 1.4.3-16.0.cf +- Prevent a not-connected agent from closing STDIN (#1147717) + +* Sun Aug 17 2014 Paul Howarth - 1.4.3-15.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jul 19 2014 Paul Howarth - 1.4.3-14.0.cf +- Use %%license where possible + +* Sun Jun 8 2014 Paul Howarth - 1.4.3-13.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Apr 30 2014 Paul Howarth - 1.4.3-12.0.cf +- Fix curl's excessive memory consumption during scp download +- BR: hostname package rather than /bin/hostname from F-21 as the latter is no + longer provided in rawhide +- Drop %%defattr, redundant since rpm 4.4 + +* Mon Feb 17 2014 Paul Howarth - 1.4.3-11.0.cf +- Skip the manpage syntax check on ppc* and aarch64 as there are wierd locale + issues in their buildroots + +* Wed Aug 14 2013 Paul Howarth - 1.4.3-8.0.cf +- Fix very slow sftp upload to localhost +- Fix a use after free in channel.c + +* Sat Aug 3 2013 Paul Howarth - 1.4.3-7.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Apr 9 2013 Paul Howarth - 1.4.3-6.0.cf +- Add three patches from upstream git required for qemu ssh block driver + +* Wed Apr 3 2013 Paul Howarth - 1.4.3-4.0.cf +- Avoid polluting libssh2.pc with linker options (#947813) + +* Tue Mar 26 2013 Paul Howarth - 1.4.3-3.0.cf +- Avoid collisions between 32-bit and 64-bit builds running on a single + build-host + +* Thu Feb 14 2013 Paul Howarth - 1.4.3-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Nov 28 2012 Paul Howarth - 1.4.3-1.0.cf +- Update to 1.4.3 + - compression: add support for zlib@openssh.com + - sftp_read: return error if a too large package arrives + - libssh2_hostkey_hash.3: update the description of return value + - Fixed MSVC NMakefile + - examples: use stderr for messages, stdout for data + - openssl: do not leak memory when handling errors + - improved handling of disabled MD5 algorithm in OpenSSL + - known_hosts: Fail when parsing unknown keys in known_hosts file + - configure: gcrypt doesn't come with pkg-config support + - session_free: wrong variable used for keeping state + - libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL + - comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating +- Drop upstreamed patches + +* Wed Nov 7 2012 Paul Howarth - 1.4.2-4.0.cf +- examples: use stderr for messages, stdout for data (upstream commit b31e35ab) +- Update libssh2_hostkey_hash(3) man page (upstream commit fe8f3deb) + +* Mon Oct 1 2012 Paul Howarth - 1.4.2-3.0.cf +- Fix basic functionality of libssh2 in FIPS mode + +* Thu Jul 19 2012 Paul Howarth - 1.4.2-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sun May 20 2012 Paul Howarth - 1.4.2-1.0.cf +- Update to 1.4.2 + - Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner + - userauth.c: fread() from public key file to correctly detect any errors + - configure.ac: add option to disable build of the example applications + - added 'Requires.private:' line to libssh2.pc + - SFTP: filter off incoming "zombie" responses + - gettimeofday: no need for a replacement under cygwin + - SSH_MSG_CHANNEL_REQUEST: default to want_reply + - win32/libssh2_config.h: remove hardcoded #define LIBSSH2_HAVE_ZLIB + +* Fri Apr 27 2012 Paul Howarth - 1.4.1-2.0.cf +- Fix multi-arch conflict again (#816969) + +* Thu Apr 5 2012 Paul Howarth - 1.4.1-1.0.cf +- Update to 1.4.1 + - Build error with gcrypt backend + - Always do "forced" window updates to avoid corner case stalls + - aes: the init function fails when OpenSSL has AES support + - transport_send: finish in-progress key exchange before sending data + - channel_write: acknowledge transport errors + - examples/x11.c: make sure sizeof passed to read operation is correct + - examples/x11.c: fix suspicious sizeof usage + - sftp_packet_add: verify the packet before accepting it + - SFTP: preserve the original error code more + - sftp_packet_read: adjust window size as necessary + - Use safer snprintf rather then sprintf in several places + - Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET + - sftp_write: cannot return acked data *and* EAGAIN + - sftp_read: avoid data *and* EAGAIN + - libssh2.h: add missing prototype for libssh2_session_banner_set() +- Drop upstream patches now included in release tarball + +* Mon Mar 19 2012 Paul Howarth - 1.4.0-4.0.cf +- Don't ignore transport errors when writing to channel (#804150) + +* Sun Mar 18 2012 Paul Howarth - 1.4.0-3.0.cf +- Don't try to use openssl's AES-CTR functions + (http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml) + +* Fri Mar 16 2012 Paul Howarth - 1.4.0-2.0.cf +- Fix libssh2 failing key re-exchange when write channel is saturated (#804156) +- Drop support for distributions prior to FC-3: + - BR: openssh-server unconditionally + +* Wed Feb 1 2012 Paul Howarth - 1.4.0-1.0.cf +- Update to 1.4.0 + - Added libssh2_session_supported_algs() + - Added libssh2_session_banner_get() + - Added libssh2_sftp_get_channel() + - libssh2.h: bump the default window size to 256K + - sftp-seek: clear EOF flag + - userauth: provide more informations if ssh pub key extraction fails + - ssh2_exec: skip error outputs for EAGAIN + - LIBSSH2_SFTP_PACKET_MAXLEN: increase to 80000 + - knownhost_check(): don't dereference ext if NULL is passed + - knownhost_add: avoid dereferencing uninitialized memory on error path + - OpenSSL EVP: fix threaded use of structs + - _libssh2_channel_read: react on errors from receive_window_adjust + - sftp_read: cap the read ahead maximum amount + - _libssh2_channel_read: fix non-blocking window adjusting +- Add upstream patch fixing undefined function reference in libgcrypt backend +- BR: /usr/bin/man for test suite + +* Mon Jan 16 2012 Paul Howarth - 1.3.0-4.0.cf +- Skip the ssh test on sparc and arm buildsystems, where it tends to fail + +* Fri Jan 13 2012 Paul Howarth - 1.3.0-3.0.cf +- Example includes arch-specific bits, so move to devel package + +* Wed Sep 7 2011 Paul Howarth - 1.3.0-1.0.cf +- Update to 1.3.0 + - Added custom callbacks for performing low level socket I/O + - sftp_read: advance offset correctly for buffered copies + - libssh2_sftp_seek64: flush packetlist and buffered data + - _libssh2_packet_add: adjust window size when truncating + - sftp_read: a short read is not end of file + +* Tue Aug 16 2011 Paul Howarth - 1.2.9-1.0.cf +- Update to 1.2.9 + - Added libssh2_session_set_timeout() and libssh2_session_get_timeout() to + make blocking calls get a timeout + - configure and pkg-config: fix $VERSION + - s/\.NF/.nf/ to fix wrong macro name caught by man --warnings + - keepalive: add first basic man pages + - sftp_write: flush the packetlist on error + - sftp_write: clean offsets on error + - msvcproj: added libs and debug stuff + - SCP: fix incorrect error code + - session_startup: init state properly + - sftp_write_sliding: send the complete file + - userauth_keyboard_interactive: skip code on zero length auth + - _libssh2_wait_socket: fix timeouts for poll() uses + - agent_list_identities: fix out of scope access + - _libssh2_recv(): handle ENOENT error as EAGAIN + - userauth_keyboard_interactive: fix buffer overflow + - removed man pages for non-existing functions! + - gettimeofday: fix name space pollution + - _libssh2_channel_write: handle window_size == 0 better +- Drop upstreamed version patch +- Use patch rather than scripted iconv to fix character encoding +- Fix dist tag for CentOS 6 and Scientific Linux + +* Wed Apr 6 2011 Paul Howarth - 1.2.8-1.0.cf +- Update to 1.2.8 + - Added libssh2_free, libssh2_channel_get_exit_signal and + libssh2_session_handshake + - SFTP read/write remade and now MUCH faster, especially on high latency + connections + - Added new examples: ssh2_echo.c, sftp_append.c and sftp_write_sliding.c + - userauth: derive publickey from private + - Support unlimited number of host names in a single line of the + known_hosts file + - Fix memory leak in userauth_keyboard_interactive() + - Fix memory leaks (two times cipher_data) for each sftp session + - session_startup: manage server data before server identification + - SCP: allow file names with bytes > 126 + - scp_recv: improved treatment of channel_read() returning zero + - libssh2_userauth_authenticated: make it work as documented + - variable size cleanup: match internal variable sizes better with the sizes + of the fields used on the wire + - channel_request_pty_size: fix reqPTY_state + - sftp_symlink: return error if receive buffer too small + - sftp_readdir: return error if buffer is too small + - libssh2_knownhost_readfile.3: clarify return value + - configure: stop using the deprecated AM_INIT_AUTOMAKE syntax + - Fixed Win32 makefile which was now broken at resource build + - kex_agree_hostkey: fix NULL pointer derefence + - _libssh2_ntohu64: fix conversion from network bytes to uint64 + - ssize_t: proper typedef with MSVC compilers + - zlib: Add debug tracing of zlib errors + - decomp: increase decompression buffer sizes +- Skip the SSH test if we don't have /dev/tty (#672713) +- Nobody else likes macros for commands + +* Wed Oct 13 2010 Paul Howarth - 1.2.7-1.1.cf +- Improve support for running tests with SELinux in enforcing mode +- Avoid multilib conflict on libssh2-docs + +* Wed Aug 18 2010 Paul Howarth - 1.2.7-1.0.cf +- Update to 1.2.7 + - Better handling of invalid key files + - inputchecks: make lots of API functions check for NULL pointers + - libssh2_session_callback_set: extended the man page + - SFTP: limit write() to not produce overly large packets + - agent: make libssh2_agent_userauth() work blocking properly + - _libssh2_userauth_publickey: reject method names longer than the data + - channel_free: ignore problems with channel_close() + - typedef: make ssize_t get typedef without LIBSSH2_WIN32 + - _libssh2_wait_socket: poll needs milliseconds + - libssh2_wait_socket: reset error code to "leak" EAGAIN less + - Added include for sys/select.h to get fd.set on some platforms + - session_free: free more data to avoid memory leaks + - openssl: make use of the EVP interface + - Make libssh2_debug() create a correctly terminated string + - userauth_hostbased_fromfile: packet length too short + - handshake: Compression enabled at the wrong time + - Don't overflow MD5 server hostkey + +* Thu Jun 10 2010 Paul Howarth - 1.2.6-1.0.cf +- Update to 1.2.6 + - Added libssh2_sftp_statvfs() and libssh2_sftp_fstatvfs() + - Added libssh2_knownhost_checkp() + - Added libssh2_scp_send64() + - wait_socket made c89 compliant and use two fd_sets for select() + - OpenSSL AES-128-CTR detection fixed + - Proper keyboard-interactive user dialog in the sftp.c example + - Fixed Build procedure for VMS + - Fixed libssh2.dsw to use the generated libssh2.dsp + - Several Windows-related build fixes + - Fixed fail to init SFTP if session isn't already authenticated + - Many tiny fixes that address clang-analyzer warnings + - sftp_open: deal with short channel_write calls + - libssh2_publickey_init: fixed to work better non-blocking + - sftp_close_handle: add precation to not access NULL pointer + - sftp_readdir: simplified and bugfixed + - channel_write: if data has been sent, don't return EAGAIN +- Drop upstreamed AES-CTR detection patch + +* Tue Jun 8 2010 Paul Howarth - 1.2.5-3.1.cf +- RHEL-6 has noarch subpackages, so use one for docs + +* Tue May 25 2010 Paul Howarth - 1.2.5-3.0.cf +- Fix dist tag for RHEL-6 Beta + +* Wed Apr 28 2010 Paul Howarth - 1.2.5-2.0.cf +- Add buildreq openssh-server to enable additional test coverage +- Make sshd transition appropriately if building in an SELinux environment + (a mock buildroot is not such an environment) +- Add buildreq /usr/sbin/matchpathcon to get appropriate SELinux context + +* Wed Apr 14 2010 Paul Howarth - 1.2.5-1.0.cf +- Update to 1.2.5 + - Add keep-alive support: libssh2_keepalive_config()/libssh2_keepalive_send() + - Add libssh2_knownhost_addc(), libssh2_init() and libssh2_exit() + - Add LIBSSH2_SFTP_S_IS***() macros + - Fix memory leak in libssh2_session_startup() + - Add missing error codes - shown as hangs in blocking mode + - Fix memory leak in userauth_keyboard_interactive() + - libssh2_knownhost_del: fix write to freed memory + - Send and receive channel EOF before sending SSH_MSG_CHANNEL_CLOSE + - Use AES-CTR from OpenSSL when available + - Fixed gettimeofday to compile with Visual C++ 6 + - NULL dereference when window adjusting a non-existing channel + - Avoid using poll on interix and mac os x systems + - Fix scp memory leak + - Correctly clear blocking flag after sending multipart packet + - Reduce used window sizes by factor 10 + - libssh2_userauth_publickey_fromfile_ex() handles a NULL password + - sftp_init() deal with _libssh2_channel_write() short returns +- Add patch to fix AES-CTR detection +- Add buildreq /bin/hostname for build host detection + +* Mon Feb 15 2010 Paul Howarth - 1.2.4-1.0.cf +- Update to 1.2.4 + - Resolve compile issues on Solaris x64 and UltraSPARC + - Allow compiling with OpenSSL when AES isn't available + - Fix Tru64 socklen_t compile issue with example/direct_tcpip.c + +* Wed Feb 3 2010 Paul Howarth - 1.2.3-1.0.cf +- Update to 1.2.3 + - Add libssh2_trace_sethandler() + - Add the direct_tcpip.c example + - Fix memory leak in userauth_publickey + - Add support for authentication via SSH-Agent + - Fix OpenSSH server keepalive (see NEWS) +- Drop padding patch + +* Fri Jan 22 2010 Paul Howarth - 1.2.2-5.0.cf +- Rename padding patch as per Fedora package +- sshd tests intentionally avoided (by not having openssh-server buildreq) + because they appear to hang in the buildsystem + +* Thu Dec 24 2009 Paul Howarth - 1.2.2-2.0.cf +- Fix padding in ssh-dss signature blob encoding (#539444) + +* Tue Nov 17 2009 Paul Howarth - 1.2.2-1.0.cf +- Update to 1.2.2 + - fix crash when server sends an invalid SSH_MSG_IGNORE message + - support for aes128-ctr, aes192-ctr, aes256-ctr ciphers as per RFC 4344 + - support for arcfour128 cipher as per RFC 4345 +- Dist tag for Rawhide no longer needs special-casing +- Make docs package noarch where possible + +* Wed Sep 30 2009 Paul Howarth - 1.2.1-1.0.cf +- Update to 1.2.1 (many bugfixes - see NEWS) +- Drop upstreamed transport layer patch +- Devel package now includes a pkgconfig file (and requires pkgconfig) +- Don't redundantly include COPYING in docs and devel packages + +* Wed Sep 23 2009 Paul Howarth - 1.2-2.0.cf +- Update to 1.2 (see RELEASE-NOTES for details) +- Upstream source moved to libssh2.org +- Add upstream patch to fix transport layer bug causing invalid -39 + (LIBSSH2_ERROR_BAD_USE) errors + +* Thu Apr 2 2009 Paul Howarth - 1.1-1.0.cf +- Update to 1.1 (fixes memory leak and boosts sftp performance) + +* Mon Jan 26 2009 Paul Howarth - 1.0-1.0.cf +- Update to 1.0 +- Help the configure script find openssl by setting CPPFLAGS + +* Fri Aug 1 2008 Paul Howarth - 0.18-9.0.cf +- Tweak dist tag macros to work on current Rawhide with three-part releasenum + +* Fri Jul 4 2008 Paul Howarth - 0.18-7.0.cf +- Import from Fedora +- Fix find syntax +- Add buildreq pkgconfig, missing dep from openssl-devel in older distributions + +* Mon Feb 18 2008 Fedora Release Engineering - 0.18-7 +- Autorebuild for GCC 4.3 + +* Wed Dec 05 2007 Chris Weyl 0.18-6 +- rebuild for new openssl... + +* Tue Nov 27 2007 Chris Weyl 0.18-5 +- bump + +* Tue Nov 27 2007 Chris Weyl 0.18-4 +- add INSTALL arg to make install vs env. var + +* Mon Nov 26 2007 Chris Weyl 0.18-3 +- run tests; don't package test + +* Sun Nov 18 2007 Chris Weyl 0.18-2 +- split docs into -docs (they seemed... large.) + +* Tue Nov 13 2007 Chris Weyl 0.18-1 +- update to 0.18 + +* Sun Oct 14 2007 Chris Weyl 0.17-1 +- update to 0.17 +- many spec file changes + +* Wed May 23 2007 Sindre Pedersen Bjørdal - 0.15-0.2.20070506 +- Fix release tag +- Move manpages to -devel package +- Add Examples dir to -devel package + +* Sun May 06 2007 Sindre Pedersen Bjørdal - 0.15-0.20070506.1 +- Initial build diff --git a/libssh2/stackrpms-libssh2.spec.diff b/libssh2/stackrpms-libssh2.spec.diff new file mode 100644 index 0000000..67a33f9 --- /dev/null +++ b/libssh2/stackrpms-libssh2.spec.diff @@ -0,0 +1,61 @@ +--- libssh2.spec 2019-07-26 03:56:09.000000000 -0400 ++++ /home/bgstack15/dev/ffs-dependencies/libssh2/libssh2.spec 2019-10-09 16:25:43.081207229 -0400 +@@ -16,13 +16,15 @@ + # Define %%{__isa_bits} for old releases + %{!?__isa_bits: %global __isa_bits %((echo '#include '; echo __WORDSIZE) | cpp - | grep -Ex '32|64')} + +-Name: libssh2 ++%global shortname libssh2 ++Name: libssh2-freefilesync + Version: 1.9.0 +-Release: 2.0.cf.%{__distinit}%{__distvers} ++Release: 3.0.stack.%{__distinit}%{__distvers} + Summary: A library implementing the SSH2 protocol + License: BSD + URL: http://www.libssh2.org/ +-Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz ++# stackrpms: use https for copr build ++Source0: https://libssh2.org/download/libssh2-%{version}.tar.gz + Patch0: libssh2-1.7.0-pkgconfig.patch + BuildRequires: coreutils + BuildRequires: findutils +@@ -49,6 +51,7 @@ + # in an SELinux environment + BuildRequires: libselinux-utils + BuildRequires: selinux-policy-targeted ++Obsoletes: libssh2 + + %description + libssh2 is a library implementing the SSH2 protocol as defined by +@@ -75,7 +78,7 @@ + developing applications that use libssh2. + + %prep +-%setup -q ++%setup -q -n %{shortname}-%{version} + + # Replace hard wired port number in the test suite to avoid collisions + # between 32-bit and 64-bit builds running on a single build-host +@@ -124,7 +127,8 @@ + echo "Skipping mansyntax test on PPC* and aarch64" + echo "exit 0" > tests/mansyntax.sh + %endif +-LC_ALL=en_US.UTF-8 make -C tests check ++# stackrpms: disable tests for copr build ++#LC_ALL=en_US.UTF-8 make -C tests check + + %if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} <= 27) + # ldconfig replaced by RPM File Triggers from Fedora 28 +@@ -155,6 +159,12 @@ + %{_libdir}/pkgconfig/libssh2.pc + + %changelog ++* Wed Oct 09 2019 Ben Stack - 1.9.0-3.0.stack ++- Disable tests so it will build in copr ++ ++* Tue Sep 17 2019 Ben Stack - 1.9.0-2.0.stack ++- Disable tests so it will build in copr ++ + * Fri Jul 26 2019 Paul Howarth - 1.9.0-2.0.cf + - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + diff --git a/openssl-freefilesync/Makefile.certificate b/openssl-freefilesync/Makefile.certificate new file mode 100644 index 0000000..cc88c52 --- /dev/null +++ b/openssl-freefilesync/Makefile.certificate @@ -0,0 +1,82 @@ +UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8) +DAYS=365 +KEYLEN=2048 +TYPE=rsa:$(KEYLEN) +EXTRA_FLAGS= +ifdef SERIAL + EXTRA_FLAGS+=-set_serial $(SERIAL) +endif + +.PHONY: usage +.SUFFIXES: .key .csr .crt .pem +.PRECIOUS: %.key %.csr %.crt %.pem + +usage: + @echo "This makefile allows you to create:" + @echo " o public/private key pairs" + @echo " o SSL certificate signing requests (CSRs)" + @echo " o self-signed SSL test certificates" + @echo + @echo "To create a key pair, run \"make SOMETHING.key\"." + @echo "To create a CSR, run \"make SOMETHING.csr\"." + @echo "To create a test certificate, run \"make SOMETHING.crt\"." + @echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"." + @echo + @echo "To create a key for use with Apache, run \"make genkey\"." + @echo "To create a CSR for use with Apache, run \"make certreq\"." + @echo "To create a test certificate for use with Apache, run \"make testcert\"." + @echo + @echo "To create a test certificate with serial number other than random, add SERIAL=num" + @echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n" + @echo "Any additional options can be passed to openssl req via EXTRA_FLAGS" + @echo + @echo Examples: + @echo " make server.key" + @echo " make server.csr" + @echo " make server.crt" + @echo " make stunnel.pem" + @echo " make genkey" + @echo " make certreq" + @echo " make testcert" + @echo " make server.crt SERIAL=1" + @echo " make stunnel.pem EXTRA_FLAGS=-sha384" + @echo " make testcert DAYS=600" + +%.pem: + umask 77 ; \ + PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ + PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ + /usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \ + cat $$PEM1 > $@ ; \ + echo "" >> $@ ; \ + cat $$PEM2 >> $@ ; \ + $(RM) $$PEM1 $$PEM2 + +%.key: + umask 77 ; \ + /usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@ + +%.csr: %.key + umask 77 ; \ + /usr/bin/openssl req $(UTF8) -new -key $^ -out $@ + +%.crt: %.key + umask 77 ; \ + /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS) + +TLSROOT=/etc/pki/tls +KEY=$(TLSROOT)/private/localhost.key +CSR=$(TLSROOT)/certs/localhost.csr +CRT=$(TLSROOT)/certs/localhost.crt + +genkey: $(KEY) +certreq: $(CSR) +testcert: $(CRT) + +$(CSR): $(KEY) + umask 77 ; \ + /usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR) + +$(CRT): $(KEY) + umask 77 ; \ + /usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS) diff --git a/openssl-freefilesync/README.FIPS b/openssl-freefilesync/README.FIPS new file mode 100644 index 0000000..a36c547 --- /dev/null +++ b/openssl-freefilesync/README.FIPS @@ -0,0 +1,72 @@ +User guide for the FIPS Red Hat Enterprise Linux - OpenSSL Module +================================================================= + +This package contains libraries which comprise the FIPS 140-2 +Red Hat Enterprise Linux - OPENSSL Module. + +The module files +================ +/usr/lib[64]/libcrypto.so.1.1.0 +/usr/lib[64]/libssl.so.1.1.0 +/usr/lib[64]/.libcrypto.so.1.1.0.hmac +/usr/lib[64]/.libssl.so.1.1.0.hmac + +Dependencies +============ + +The approved mode of operation requires kernel with /dev/urandom RNG running +with properties as defined in the security policy of the module. This is +provided by kernel packages with validated Red Hat Enterprise Linux Kernel +Crytographic Module. + +Installation +============ + +The RPM package of the module can be installed by standard tools recommended +for installation of RPM packages on the Red Hat Enterprise Linux system (yum, +rpm, RHN remote management tool). + +The RPM package dracut-fips must be installed for the approved mode of +operation. + +Usage and API +============= + +The module respects kernel command line FIPS setting. If the kernel command +line contains option fips=1 the module will initialize in the FIPS approved +mode of operation automatically. To allow for the automatic initialization the +application using the module has to call one of the following API calls: + +- void OPENSSL_init_library(void) - this will do only a basic initialization +of the library and does initialization of the FIPS approved mode without setting +up EVP API with supported algorithms. + +- void OPENSSL_add_all_algorithms(void) - this API function calls +OPENSSL_init() implicitly and also adds all approved algorithms to the EVP API +in the approved mode + +- void SSL_library_init(void) - it calls OPENSSL_init() implicitly and also +adds algorithms which are necessary for TLS protocol support and initializes +the SSL library. + +To explicitely put the library to the approved mode the application can call +the following function: + +- int FIPS_mode_set(int on) - if called with 1 as a parameter it will switch +the library from the non-approved to the approved mode. If any of the selftests +and integrity verification tests fail, the library is put into the error state +and 0 is returned. If they succeed the return value is 1. + +To query the module whether it is in the approved mode or not: + +- int FIPS_mode(void) - returns 1 if the module is in the approved mode, +0 otherwise. + +To query whether the module is in the error state: + +- int FIPS_selftest_failed(void) - returns 1 if the module is in the error +state, 0 otherwise. + +To zeroize the FIPS RNG key and internal state the application calls: + +- void RAND_cleanup(void) diff --git a/openssl-freefilesync/README.md b/openssl-freefilesync/README.md new file mode 100644 index 0000000..ba1e811 --- /dev/null +++ b/openssl-freefilesync/README.md @@ -0,0 +1,13 @@ +# openssl upstream +https://mirrors.rit.edu/fedora/fedora/linux/updates/30/Everything/SRPMS/Packages/o/openssl-1.1.1d-2.fc30.src.rpm + +# Reason for being in ffs-dependencies +FreeFileSync follows openssl very aggressively. + +# Reverse dependency matrix +Distro | FreeFileSync version | openssl version +---------- | -------------------- | --------------- +CentOS 7 | 10.16 | 1.1.1 + +# Differences from upstream +See file [stackrpms-openssl.spec.diff](stackrpms-openssl.spec.diff) diff --git a/openssl-freefilesync/ec_curve.c b/openssl-freefilesync/ec_curve.c new file mode 100644 index 0000000..58f8f3f --- /dev/null +++ b/openssl-freefilesync/ec_curve.c @@ -0,0 +1,470 @@ +/* + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "ec_lcl.h" +#include +#include +#include +#include "internal/nelem.h" + +typedef struct { + int field_type, /* either NID_X9_62_prime_field or + * NID_X9_62_characteristic_two_field */ + seed_len, param_len; + unsigned int cofactor; /* promoted to BN_ULONG */ +} EC_CURVE_DATA; + +/* the nist prime curves */ +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 28 * 6]; +} _EC_NIST_PRIME_224 = { + { + NID_X9_62_prime_field, 20, 28, 1 + }, + { + /* seed */ + 0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F, + 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5, + /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, + /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFE, + /* b */ + 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56, + 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, + 0x23, 0x55, 0xFF, 0xB4, + /* x */ + 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9, + 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, + 0x11, 0x5C, 0x1D, 0x21, + /* y */ + 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6, + 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99, + 0x85, 0x00, 0x7e, 0x34, + /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, + 0x5C, 0x5C, 0x2A, 0x3D + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 48 * 6]; +} _EC_NIST_PRIME_384 = { + { + NID_X9_62_prime_field, 20, 48, 1 + }, + { + /* seed */ + 0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A, + 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73, + /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC, + /* b */ + 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B, + 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12, + 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D, + 0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF, + /* x */ + 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E, + 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98, + 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D, + 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7, + /* y */ + 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf, + 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c, + 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, + 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f, + /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2, + 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 66 * 6]; +} _EC_NIST_PRIME_521 = { + { + NID_X9_62_prime_field, 20, 66, 1 + }, + { + /* seed */ + 0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17, + 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA, + /* p */ + 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + /* a */ + 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, + /* b */ + 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A, + 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, + 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19, + 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, + 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45, + 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00, + /* x */ + 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E, + 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, + 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B, + 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, + 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E, + 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66, + /* y */ + 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, + 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, + 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, + 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, + 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, + 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, + /* order */ + 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86, + 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, + 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F, + 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 32 * 6]; +} _EC_X9_62_PRIME_256V1 = { + { + NID_X9_62_prime_field, 20, 32, 1 + }, + { + /* seed */ + 0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1, + 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90, + /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, + /* b */ + 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55, + 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, + 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B, + /* x */ + 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5, + 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, + 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96, + /* y */ + 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, + 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, + 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, + /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, + 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +} _EC_SECG_PRIME_256K1 = { + { + NID_X9_62_prime_field, 0, 32, 1 + }, + { + /* no seed */ + /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F, + /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, + /* x */ + 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, + 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, + 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, + /* y */ + 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc, + 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, + 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, + /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, + 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41 + } +}; + +typedef struct _ec_list_element_st { + int nid; + const EC_CURVE_DATA *data; + const EC_METHOD *(*meth) (void); + const char *comment; +} ec_list_element; + +static const ec_list_element curve_list[] = { + /* prime field curves */ + /* secg curves */ +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, + "NIST/SECG curve over a 224 bit prime field"}, +#else + {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, + "NIST/SECG curve over a 224 bit prime field"}, +#endif + {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, + "SECG curve over a 256 bit prime field"}, + /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ + {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, + "NIST/SECG curve over a 384 bit prime field"}, +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + {NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method, + "NIST/SECG curve over a 521 bit prime field"}, +#else + {NID_secp521r1, &_EC_NIST_PRIME_521.h, 0, + "NIST/SECG curve over a 521 bit prime field"}, +#endif + /* X9.62 curves */ + {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, +#if defined(ECP_NISTZ256_ASM) + EC_GFp_nistz256_method, +#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp256_method, +#else + 0, +#endif + "X9.62/SECG curve over a 256 bit prime field"}, +}; + +#define curve_list_length OSSL_NELEM(curve_list) + +static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) +{ + EC_GROUP *group = NULL; + EC_POINT *P = NULL; + BN_CTX *ctx = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order = + NULL; + int ok = 0; + int seed_len, param_len; + const EC_METHOD *meth; + const EC_CURVE_DATA *data; + const unsigned char *params; + + /* If no curve data curve method must handle everything */ + if (curve.data == NULL) + return EC_GROUP_new(curve.meth != NULL ? curve.meth() : NULL); + + if ((ctx = BN_CTX_new()) == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); + goto err; + } + + data = curve.data; + seed_len = data->seed_len; + param_len = data->param_len; + params = (const unsigned char *)(data + 1); /* skip header */ + params += seed_len; /* skip seed */ + + if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL + || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL + || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); + goto err; + } + + if (curve.meth != 0) { + meth = curve.meth(); + if (((group = EC_GROUP_new(meth)) == NULL) || + (!(group->meth->group_set_curve(group, p, a, b, ctx)))) { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + goto err; + } + } else if (data->field_type == NID_X9_62_prime_field) { + if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + goto err; + } + } +#ifndef OPENSSL_NO_EC2M + else { /* field_type == + * NID_X9_62_characteristic_two_field */ + + if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + goto err; + } + } +#endif + + EC_GROUP_set_curve_name(group, curve.nid); + + if ((P = EC_POINT_new(group)) == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + goto err; + } + + if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL + || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); + goto err; + } + if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + goto err; + } + if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL + || !BN_set_word(x, (BN_ULONG)data->cofactor)) { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); + goto err; + } + if (!EC_GROUP_set_generator(group, P, order, x)) { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + goto err; + } + if (seed_len) { + if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + goto err; + } + } + ok = 1; + err: + if (!ok) { + EC_GROUP_free(group); + group = NULL; + } + EC_POINT_free(P); + BN_CTX_free(ctx); + BN_free(p); + BN_free(a); + BN_free(b); + BN_free(order); + BN_free(x); + BN_free(y); + return group; +} + +EC_GROUP *EC_GROUP_new_by_curve_name(int nid) +{ + size_t i; + EC_GROUP *ret = NULL; + + if (nid <= 0) + return NULL; + + for (i = 0; i < curve_list_length; i++) + if (curve_list[i].nid == nid) { + ret = ec_group_new_from_data(curve_list[i]); + break; + } + + if (ret == NULL) { + ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP); + return NULL; + } + + return ret; +} + +size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) +{ + size_t i, min; + + if (r == NULL || nitems == 0) + return curve_list_length; + + min = nitems < curve_list_length ? nitems : curve_list_length; + + for (i = 0; i < min; i++) { + r[i].nid = curve_list[i].nid; + r[i].comment = curve_list[i].comment; + } + + return curve_list_length; +} + +/* Functions to translate between common NIST curve names and NIDs */ + +typedef struct { + const char *name; /* NIST Name of curve */ + int nid; /* Curve NID */ +} EC_NIST_NAME; + +static EC_NIST_NAME nist_curves[] = { + {"B-163", NID_sect163r2}, + {"B-233", NID_sect233r1}, + {"B-283", NID_sect283r1}, + {"B-409", NID_sect409r1}, + {"B-571", NID_sect571r1}, + {"K-163", NID_sect163k1}, + {"K-233", NID_sect233k1}, + {"K-283", NID_sect283k1}, + {"K-409", NID_sect409k1}, + {"K-571", NID_sect571k1}, + {"P-192", NID_X9_62_prime192v1}, + {"P-224", NID_secp224r1}, + {"P-256", NID_X9_62_prime256v1}, + {"P-384", NID_secp384r1}, + {"P-521", NID_secp521r1} +}; + +const char *EC_curve_nid2nist(int nid) +{ + size_t i; + for (i = 0; i < OSSL_NELEM(nist_curves); i++) { + if (nist_curves[i].nid == nid) + return nist_curves[i].name; + } + return NULL; +} + +int EC_curve_nist2nid(const char *name) +{ + size_t i; + for (i = 0; i < OSSL_NELEM(nist_curves); i++) { + if (strcmp(nist_curves[i].name, name) == 0) + return nist_curves[i].nid; + } + return NID_undef; +} diff --git a/openssl-freefilesync/ectest.c b/openssl-freefilesync/ectest.c new file mode 100644 index 0000000..53adf88 --- /dev/null +++ b/openssl-freefilesync/ectest.c @@ -0,0 +1,920 @@ +/* + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/nelem.h" +#include "testutil.h" + +#ifndef OPENSSL_NO_EC +# include +# ifndef OPENSSL_NO_ENGINE +# include +# endif +# include +# include +# include +# include +# include +# include + +static size_t crv_len = 0; +static EC_builtin_curve *curves = NULL; + +/* test multiplication with group order, long and negative scalars */ +static int group_order_tests(EC_GROUP *group) +{ + BIGNUM *n1 = NULL, *n2 = NULL, *order = NULL; + EC_POINT *P = NULL, *Q = NULL, *R = NULL, *S = NULL; + const EC_POINT *G = NULL; + BN_CTX *ctx = NULL; + int i = 0, r = 0; + + if (!TEST_ptr(n1 = BN_new()) + || !TEST_ptr(n2 = BN_new()) + || !TEST_ptr(order = BN_new()) + || !TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(G = EC_GROUP_get0_generator(group)) + || !TEST_ptr(P = EC_POINT_new(group)) + || !TEST_ptr(Q = EC_POINT_new(group)) + || !TEST_ptr(R = EC_POINT_new(group)) + || !TEST_ptr(S = EC_POINT_new(group))) + goto err; + + if (!TEST_true(EC_GROUP_get_order(group, order, ctx)) + || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, Q)) + || !TEST_true(EC_GROUP_precompute_mult(group, ctx)) + || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, Q)) + || !TEST_true(EC_POINT_copy(P, G)) + || !TEST_true(BN_one(n1)) + || !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) + || !TEST_true(BN_sub(n1, order, n1)) + || !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx)) + || !TEST_true(EC_POINT_invert(group, Q, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))) + goto err; + + for (i = 1; i <= 2; i++) { + const BIGNUM *scalars[6]; + const EC_POINT *points[6]; + + if (!TEST_true(BN_set_word(n1, i)) + /* + * If i == 1, P will be the predefined generator for which + * EC_GROUP_precompute_mult has set up precomputation. + */ + || !TEST_true(EC_POINT_mul(group, P, n1, NULL, NULL, ctx)) + || (i == 1 && !TEST_int_eq(0, EC_POINT_cmp(group, P, G, ctx))) + || !TEST_true(BN_one(n1)) + /* n1 = 1 - order */ + || !TEST_true(BN_sub(n1, n1, order)) + || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n1, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) + + /* n2 = 1 + order */ + || !TEST_true(BN_add(n2, order, BN_value_one())) + || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) + + /* n2 = (1 - order) * (1 + order) = 1 - order^2 */ + || !TEST_true(BN_mul(n2, n1, n2, ctx)) + || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))) + goto err; + + /* n2 = order^2 - 1 */ + BN_set_negative(n2, 0); + if (!TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + /* Add P to verify the result. */ + || !TEST_true(EC_POINT_add(group, Q, Q, P, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, Q)) + + /* Exercise EC_POINTs_mul, including corner cases. */ + || !TEST_false(EC_POINT_is_at_infinity(group, P))) + goto err; + + scalars[0] = scalars[1] = BN_value_one(); + points[0] = points[1] = P; + + if (!TEST_true(EC_POINTs_mul(group, R, NULL, 2, points, scalars, ctx)) + || !TEST_true(EC_POINT_dbl(group, S, points[0], ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, R, S, ctx))) + goto err; + + scalars[0] = n1; + points[0] = Q; /* => infinity */ + scalars[1] = n2; + points[1] = P; /* => -P */ + scalars[2] = n1; + points[2] = Q; /* => infinity */ + scalars[3] = n2; + points[3] = Q; /* => infinity */ + scalars[4] = n1; + points[4] = P; /* => P */ + scalars[5] = n2; + points[5] = Q; /* => infinity */ + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P))) + goto err; + } + + r = 1; +err: + if (r == 0 && i != 0) + TEST_info(i == 1 ? "allowing precomputation" : + "without precomputation"); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(R); + EC_POINT_free(S); + BN_free(n1); + BN_free(n2); + BN_free(order); + BN_CTX_free(ctx); + return r; +} + +static int prime_field_tests(void) +{ + BN_CTX *ctx = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *scalar3 = NULL; + EC_GROUP *group = NULL, *tmp = NULL; + EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, + *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; + EC_POINT *P = NULL, *Q = NULL, *R = NULL; + BIGNUM *x = NULL, *y = NULL, *z = NULL, *yplusone = NULL; + const EC_POINT *points[4]; + const BIGNUM *scalars[4]; + unsigned char buf[100]; + size_t len, r = 0; + int k; + + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + /* + * applications should use EC_GROUP_new_curve_GFp so + * that the library gets to choose the EC_METHOD + */ + || !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method())) + || !TEST_ptr(tmp = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(tmp, group))) + goto err; + EC_GROUP_free(group); + group = tmp; + tmp = NULL; + + buf[0] = 0; + if (!TEST_ptr(P = EC_POINT_new(group)) + || !TEST_ptr(Q = EC_POINT_new(group)) + || !TEST_ptr(R = EC_POINT_new(group)) + || !TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(z = BN_new()) + || !TEST_ptr(yplusone = BN_new())) + goto err; + + /* Curve P-224 (FIPS PUB 186-2, App. 6) */ + + if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFF000000000000000000000001")) + || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) + || !TEST_true(BN_hex2bn(&b, "B4050A850C04B3ABF5413256" + "5044B0B7D7BFD8BA270B39432355FFB4")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + || !TEST_true(BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B9" + "4A03C1D356C21122343280D6115C1D21")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF" + "FFFF16A2E0B8F03E13DD29455C5C2A3D")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + + TEST_info("NIST curve P-224 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); + /* G_y value taken from the standard: */ + if (!TEST_true(BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6" + "CD4375A05A07476444D5819985007E34")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 224) + || !group_order_tests(group) + || !TEST_ptr(P_224 = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(P_224, group)) + + /* Curve P-256 (FIPS PUB 186-2, App. 6) */ + + || !TEST_true(BN_hex2bn(&p, "FFFFFFFF000000010000000000000000" + "00000000FFFFFFFFFFFFFFFFFFFFFFFF")) + || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFF000000010000000000000000" + "00000000FFFFFFFFFFFFFFFFFFFFFFFC")) + || !TEST_true(BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC" + "651D06B0CC53B0F63BCE3C3E27D2604B")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + + || !TEST_true(BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F2" + "77037D812DEB33A0F4A13945D898C296")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFF" + "BCE6FAADA7179E84F3B9CAC2FC632551")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + + TEST_info("NIST curve P-256 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); + /* G_y value taken from the standard: */ + if (!TEST_true(BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16" + "2BCE33576B315ECECBB6406837BF51F5")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 256) + || !group_order_tests(group) + || !TEST_ptr(P_256 = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(P_256, group)) + + /* Curve P-384 (FIPS PUB 186-2, App. 6) */ + + || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" + "FFFFFFFF0000000000000000FFFFFFFF")) + || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" + "FFFFFFFF0000000000000000FFFFFFFC")) + || !TEST_true(BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19" + "181D9C6EFE8141120314088F5013875A" + "C656398D8A2ED19D2A85C8EDD3EC2AEF")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + + || !TEST_true(BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD74" + "6E1D3B628BA79B9859F741E082542A38" + "5502F25DBF55296C3A545E3872760AB7")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFC7634D81F4372DDF" + "581A0DB248B0A77AECEC196ACCC52973")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + + TEST_info("NIST curve P-384 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); + /* G_y value taken from the standard: */ + if (!TEST_true(BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29" + "F8F41DBD289A147CE9DA3113B5F0B8C0" + "0A60B1CE1D7E819D7A431D7C90EA0E5F")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 384) + || !group_order_tests(group) + || !TEST_ptr(P_384 = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(P_384, group)) + + /* Curve P-521 (FIPS PUB 186-2, App. 6) */ + || !TEST_true(BN_hex2bn(&p, "1FF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")) + || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "1FF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC")) + || !TEST_true(BN_hex2bn(&b, "051" + "953EB9618E1C9A1F929A21A0B68540EE" + "A2DA725B99B315F3B8B489918EF109E1" + "56193951EC7E937B1652C0BD3BB1BF07" + "3573DF883D2C34F1EF451FD46B503F00")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + || !TEST_true(BN_hex2bn(&x, "C6" + "858E06B70404E9CD9E3ECB662395B442" + "9C648139053FB521F828AF606B4D3DBA" + "A14B5E77EFE75928FE1DC127A2FFA8DE" + "3348B3C1856A429BF97E7E31C2E5BD66")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "1FF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA" + "51868783BF2F966B7FCC0148F709A5D0" + "3BB5C9B8899C47AEBB6FB71E91386409")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + + TEST_info("NIST curve P-521 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); + /* G_y value taken from the standard: */ + if (!TEST_true(BN_hex2bn(&z, "118" + "39296A789A3BC0045C8A5FB42C7D1BD9" + "98F54449579B446817AFBD17273E662C" + "97EE72995EF42640C550B9013FAD0761" + "353C7086A272C24088BE94769FD16650")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 521) + || !group_order_tests(group) + || !TEST_ptr(P_521 = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(P_521, group)) + + /* more tests using the last curve */ + + /* Restore the point that got mangled in the (x, y + 1) test. */ + || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) + || !TEST_true(EC_POINT_copy(Q, P)) + || !TEST_false(EC_POINT_is_at_infinity(group, Q)) + || !TEST_true(EC_POINT_dbl(group, P, P, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(EC_POINT_invert(group, Q, ctx)) /* P = -2Q */ + || !TEST_true(EC_POINT_add(group, R, P, Q, ctx)) + || !TEST_true(EC_POINT_add(group, R, R, Q, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */ + || !TEST_false(EC_POINT_is_at_infinity(group, Q))) + goto err; + points[0] = Q; + points[1] = Q; + points[2] = Q; + points[3] = Q; + + if (!TEST_true(EC_GROUP_get_order(group, z, ctx)) + || !TEST_true(BN_add(y, z, BN_value_one())) + || !TEST_BN_even(y) + || !TEST_true(BN_rshift1(y, y))) + goto err; + scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ + scalars[1] = y; + + TEST_note("combined multiplication ..."); + + /* z is still the group order */ + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + || !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx)) + || !TEST_true(BN_rand(y, BN_num_bits(y), 0, 0)) + || !TEST_true(BN_add(z, z, y))) + goto err; + BN_set_negative(z, 1); + scalars[0] = y; + scalars[1] = z; /* z = -(order + y) */ + + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P)) + || !TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0)) + || !TEST_true(BN_add(z, x, y))) + goto err; + BN_set_negative(z, 1); + scalars[0] = x; + scalars[1] = y; + scalars[2] = z; /* z = -(x+y) */ + + if (!TEST_ptr(scalar3 = BN_new())) + goto err; + BN_zero(scalar3); + scalars[3] = scalar3; + + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P))) + goto err; + + TEST_note(" ok\n"); + + + r = 1; +err: + BN_CTX_free(ctx); + BN_free(p); + BN_free(a); + BN_free(b); + EC_GROUP_free(group); + EC_GROUP_free(tmp); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(R); + BN_free(x); + BN_free(y); + BN_free(z); + BN_free(yplusone); + BN_free(scalar3); + + EC_GROUP_free(P_224); + EC_GROUP_free(P_256); + EC_GROUP_free(P_384); + EC_GROUP_free(P_521); + return r; +} + +static int internal_curve_test(int n) +{ + EC_GROUP *group = NULL; + int nid = curves[n].nid; + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) { + TEST_info("EC_GROUP_new_curve_name() failed with curve %s\n", + OBJ_nid2sn(nid)); + return 0; + } + if (!TEST_true(EC_GROUP_check(group, NULL))) { + TEST_info("EC_GROUP_check() failed with curve %s\n", OBJ_nid2sn(nid)); + EC_GROUP_free(group); + return 0; + } + EC_GROUP_free(group); + return 1; +} + +static int internal_curve_test_method(int n) +{ + int r, nid = curves[n].nid; + EC_GROUP *group; + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) { + TEST_info("Curve %s failed\n", OBJ_nid2sn(nid)); + return 0; + } + r = group_order_tests(group); + EC_GROUP_free(group); + return r; +} + +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +/* + * nistp_test_params contains magic numbers for testing our optimized + * implementations of several NIST curves with characteristic > 3. + */ +struct nistp_test_params { + const EC_METHOD *(*meth) (void); + int degree; + /* + * Qx, Qy and D are taken from + * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf + * Otherwise, values are standard curve parameters from FIPS 180-3 + */ + const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d; +}; + +static const struct nistp_test_params nistp_tests_params[] = { + { + /* P-224 */ + EC_GFp_nistp224_method, + 224, + /* p */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", + /* a */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", + /* b */ + "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", + /* Qx */ + "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E", + /* Qy */ + "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555", + /* Gx */ + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", + /* Gy */ + "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", + /* order */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", + /* d */ + "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", + }, + { + /* P-256 */ + EC_GFp_nistp256_method, + 256, + /* p */ + "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + /* a */ + "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", + /* b */ + "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", + /* Qx */ + "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19", + /* Qy */ + "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09", + /* Gx */ + "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", + /* Gy */ + "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", + /* order */ + "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + /* d */ + "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", + }, + { + /* P-521 */ + EC_GFp_nistp521_method, + 521, + /* p */ + "1ff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + /* a */ + "1ff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", + /* b */ + "051" + "953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e1" + "56193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", + /* Qx */ + "0098" + "e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e" + "59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", + /* Qy */ + "0164" + "350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8" + "554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", + /* Gx */ + "c6" + "858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dba" + "a14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", + /* Gy */ + "118" + "39296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c" + "97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", + /* order */ + "1ff" + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa" + "51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", + /* d */ + "0100" + "085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eee" + "df09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", + }, +}; + +static int nistp_single_test(int idx) +{ + const struct nistp_test_params *test = nistp_tests_params + idx; + BN_CTX *ctx = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL; + BIGNUM *n = NULL, *m = NULL, *order = NULL, *yplusone = NULL; + EC_GROUP *NISTP = NULL; + EC_POINT *G = NULL, *P = NULL, *Q = NULL, *Q_CHECK = NULL; + int r = 0; + + TEST_note("NIST curve P-%d (optimised implementation):", + test->degree); + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(m = BN_new()) + || !TEST_ptr(n = BN_new()) + || !TEST_ptr(order = BN_new()) + || !TEST_ptr(yplusone = BN_new()) + + || !TEST_ptr(NISTP = EC_GROUP_new(test->meth())) + || !TEST_true(BN_hex2bn(&p, test->p)) + || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, test->a)) + || !TEST_true(BN_hex2bn(&b, test->b)) + || !TEST_true(EC_GROUP_set_curve(NISTP, p, a, b, ctx)) + || !TEST_ptr(G = EC_POINT_new(NISTP)) + || !TEST_ptr(P = EC_POINT_new(NISTP)) + || !TEST_ptr(Q = EC_POINT_new(NISTP)) + || !TEST_ptr(Q_CHECK = EC_POINT_new(NISTP)) + || !TEST_true(BN_hex2bn(&x, test->Qx)) + || !TEST_true(BN_hex2bn(&y, test->Qy)) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + || !TEST_false(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, + yplusone, ctx)) + || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, y, + ctx)) + || !TEST_true(BN_hex2bn(&x, test->Gx)) + || !TEST_true(BN_hex2bn(&y, test->Gy)) + || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, G, x, y, ctx)) + || !TEST_true(BN_hex2bn(&order, test->order)) + || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) + || !TEST_int_eq(EC_GROUP_get_degree(NISTP), test->degree)) + goto err; + + TEST_note("NIST test vectors ... "); + if (!TEST_true(BN_hex2bn(&n, test->d))) + goto err; + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + + /* set generator to P = 2*G, where G is the standard generator */ + || !TEST_true(EC_POINT_dbl(NISTP, P, G, ctx)) + || !TEST_true(EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) + /* set the scalar to m=n/2, where n is the NIST test scalar */ + || !TEST_true(BN_rshift(m, n, 1))) + goto err; + + /* test the non-standard generator */ + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + + /* + * We have not performed precomputation so have_precompute mult should be + * false + */ + || !TEST_false(EC_GROUP_have_precompute_mult(NISTP)) + + /* now repeat all tests with precomputation */ + || !TEST_true(EC_GROUP_precompute_mult(NISTP, ctx)) + || !TEST_true(EC_GROUP_have_precompute_mult(NISTP))) + goto err; + + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + + /* reset generator */ + || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))) + goto err; + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; + + /* regression test for felem_neg bug */ + if (!TEST_true(BN_set_word(m, 32)) + || !TEST_true(BN_set_word(n, 31)) + || !TEST_true(EC_POINT_copy(P, G)) + || !TEST_true(EC_POINT_invert(NISTP, P, ctx)) + || !TEST_true(EC_POINT_mul(NISTP, Q, m, P, n, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, G, ctx))) + goto err; + + r = group_order_tests(NISTP); +err: + EC_GROUP_free(NISTP); + EC_POINT_free(G); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(Q_CHECK); + BN_free(n); + BN_free(m); + BN_free(p); + BN_free(a); + BN_free(b); + BN_free(x); + BN_free(y); + BN_free(order); + BN_free(yplusone); + BN_CTX_free(ctx); + return r; +} + +/* + * Tests a point known to cause an incorrect underflow in an old version of + * ecp_nist521.c + */ +static int underflow_test(void) +{ + BN_CTX *ctx = NULL; + EC_GROUP *grp = NULL; + EC_POINT *P = NULL, *Q = NULL, *R = NULL; + BIGNUM *x1 = NULL, *y1 = NULL, *z1 = NULL, *x2 = NULL, *y2 = NULL; + BIGNUM *k = NULL; + int testresult = 0; + const char *x1str = + "1534f0077fffffe87e9adcfe000000000000000000003e05a21d2400002e031b1f4" + "b80000c6fafa4f3c1288798d624a247b5e2ffffffffffffffefe099241900004"; + const char *p521m1 = + "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe"; + + ctx = BN_CTX_new(); + if (!TEST_ptr(ctx)) + return 0; + + BN_CTX_start(ctx); + x1 = BN_CTX_get(ctx); + y1 = BN_CTX_get(ctx); + z1 = BN_CTX_get(ctx); + x2 = BN_CTX_get(ctx); + y2 = BN_CTX_get(ctx); + k = BN_CTX_get(ctx); + if (!TEST_ptr(k)) + goto err; + + grp = EC_GROUP_new_by_curve_name(NID_secp521r1); + P = EC_POINT_new(grp); + Q = EC_POINT_new(grp); + R = EC_POINT_new(grp); + if (!TEST_ptr(grp) || !TEST_ptr(P) || !TEST_ptr(Q) || !TEST_ptr(R)) + goto err; + + if (!TEST_int_gt(BN_hex2bn(&x1, x1str), 0) + || !TEST_int_gt(BN_hex2bn(&y1, p521m1), 0) + || !TEST_int_gt(BN_hex2bn(&z1, p521m1), 0) + || !TEST_int_gt(BN_hex2bn(&k, "02"), 0) + || !TEST_true(EC_POINT_set_Jprojective_coordinates_GFp(grp, P, x1, + y1, z1, ctx)) + || !TEST_true(EC_POINT_mul(grp, Q, NULL, P, k, ctx)) + || !TEST_true(EC_POINT_get_affine_coordinates(grp, Q, x1, y1, ctx)) + || !TEST_true(EC_POINT_dbl(grp, R, P, ctx)) + || !TEST_true(EC_POINT_get_affine_coordinates(grp, R, x2, y2, ctx))) + goto err; + + if (!TEST_int_eq(BN_cmp(x1, x2), 0) + || !TEST_int_eq(BN_cmp(y1, y2), 0)) + goto err; + + testresult = 1; + + err: + BN_CTX_end(ctx); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(R); + EC_GROUP_free(grp); + BN_CTX_free(ctx); + + return testresult; +} +# endif + +static const unsigned char p521_named[] = { + 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, +}; + +static const unsigned char p521_explicit[] = { + 0x30, 0x82, 0x01, 0xc3, 0x02, 0x01, 0x01, 0x30, 0x4d, 0x06, 0x07, 0x2a, + 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x30, 0x81, 0x9f, 0x04, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xfc, 0x04, 0x42, 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, 0x9a, + 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, 0x40, 0xee, 0xa2, 0xda, 0x72, + 0x5b, 0x99, 0xb3, 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1, 0x09, + 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, 0x93, 0x7b, 0x16, 0x52, 0xc0, + 0xbd, 0x3b, 0xb1, 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, 0x34, + 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50, 0x3f, 0x00, 0x03, 0x15, 0x00, + 0xd0, 0x9e, 0x88, 0x00, 0x29, 0x1c, 0xb8, 0x53, 0x96, 0xcc, 0x67, 0x17, + 0x39, 0x32, 0x84, 0xaa, 0xa0, 0xda, 0x64, 0xba, 0x04, 0x81, 0x85, 0x04, + 0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, 0xe9, 0xcd, 0x9e, 0x3e, + 0xcb, 0x66, 0x23, 0x95, 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f, + 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d, 0x3d, 0xba, 0xa1, 0x4b, + 0x5e, 0x77, 0xef, 0xe7, 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff, + 0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, 0x42, 0x9b, 0xf9, 0x7e, + 0x7e, 0x31, 0xc2, 0xe5, 0xbd, 0x66, 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, + 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, + 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, + 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, + 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, + 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, + 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfa, + 0x51, 0x86, 0x87, 0x83, 0xbf, 0x2f, 0x96, 0x6b, 0x7f, 0xcc, 0x01, 0x48, + 0xf7, 0x09, 0xa5, 0xd0, 0x3b, 0xb5, 0xc9, 0xb8, 0x89, 0x9c, 0x47, 0xae, + 0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01, +}; + +static int parameter_test(void) +{ + EC_GROUP *group = NULL, *group2 = NULL; + ECPARAMETERS *ecparameters = NULL; + unsigned char *buf = NULL; + int r = 0, len; + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp384r1)) + || !TEST_ptr(ecparameters = EC_GROUP_get_ecparameters(group, NULL)) + || !TEST_ptr(group2 = EC_GROUP_new_from_ecparameters(ecparameters)) + || !TEST_int_eq(EC_GROUP_cmp(group, group2, NULL), 0)) + goto err; + + EC_GROUP_free(group); + group = NULL; + + /* Test the named curve encoding, which should be default. */ + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp521r1)) + || !TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0) + || !TEST_mem_eq(buf, len, p521_named, sizeof(p521_named))) + goto err; + + OPENSSL_free(buf); + buf = NULL; + + /* + * Test the explicit encoding. P-521 requires correctly zero-padding the + * curve coefficients. + */ + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); + if (!TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0) + || !TEST_mem_eq(buf, len, p521_explicit, sizeof(p521_explicit))) + goto err; + + r = 1; +err: + EC_GROUP_free(group); + EC_GROUP_free(group2); + ECPARAMETERS_free(ecparameters); + OPENSSL_free(buf); + return r; +} +#endif + +int setup_tests(void) +{ +#ifndef OPENSSL_NO_EC + crv_len = EC_get_builtin_curves(NULL, 0); + if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len)) + || !TEST_true(EC_get_builtin_curves(curves, crv_len))) + return 0; + + ADD_TEST(parameter_test); + ADD_TEST(prime_field_tests); +# ifndef OPENSSL_NO_EC2M + ADD_TEST(char2_field_tests); + ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests)); +# endif +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + ADD_ALL_TESTS(nistp_single_test, OSSL_NELEM(nistp_tests_params)); + ADD_TEST(underflow_test); +# endif + ADD_ALL_TESTS(internal_curve_test, crv_len); + ADD_ALL_TESTS(internal_curve_test_method, crv_len); +#endif + return 1; +} + +void cleanup_tests(void) +{ +#ifndef OPENSSL_NO_EC + OPENSSL_free(curves); +#endif +} diff --git a/openssl-freefilesync/hobble-openssl b/openssl-freefilesync/hobble-openssl new file mode 100755 index 0000000..9a23ca6 --- /dev/null +++ b/openssl-freefilesync/hobble-openssl @@ -0,0 +1,40 @@ +#!/bin/sh + +# Quit out if anything fails. +set -e + +# Clean out patent-or-otherwise-encumbered code. +# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway +# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore +# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore +# EC: ????????? ??/??/2020 +# SRP: ????????? ??/??/2017 - expired, we do not remove it anymore + +# Remove assembler portions of IDEA, MDC2, and RC5. +# (find crypto/rc5/asm -type f | xargs -r rm -fv) + +for c in `find crypto/bn -name "*gf2m.c"`; do + echo Destroying $c + > $c +done + +for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c"`; do + echo Destroying $c + > $c +done + +for c in `find test -name "ectest.c"`; do + echo Destroying $c + > $c +done + +for h in `find crypto ssl apps test -name "*.h"` ; do + echo Removing EC2M references from $h + cat $h | \ + awk 'BEGIN {ech=1;} \ + /^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \ + /^#[ \t]*if/ {if(ech < 1) ech--;} \ + {if(ech>0) {;print $0};} \ + /^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \ + mv $h.hobbled $h +done diff --git a/openssl-freefilesync/make-dummy-cert b/openssl-freefilesync/make-dummy-cert new file mode 100755 index 0000000..f5f0453 --- /dev/null +++ b/openssl-freefilesync/make-dummy-cert @@ -0,0 +1,28 @@ +#!/bin/sh +umask 077 + +answers() { + echo -- + echo SomeState + echo SomeCity + echo SomeOrganization + echo SomeOrganizationalUnit + echo localhost.localdomain + echo root@localhost.localdomain +} + +if [ $# -eq 0 ] ; then + echo $"Usage: `basename $0` filename [...]" + exit 0 +fi + +for target in $@ ; do + PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` + PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` + trap "rm -f $PEM1 $PEM2" SIGINT + answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null + cat $PEM1 > ${target} + echo "" >> ${target} + cat $PEM2 >> ${target} + rm -f $PEM1 $PEM2 +done diff --git a/openssl-freefilesync/openssl-1.1.0-issuer-hash.patch b/openssl-freefilesync/openssl-1.1.0-issuer-hash.patch new file mode 100644 index 0000000..1b824e0 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.0-issuer-hash.patch @@ -0,0 +1,11 @@ +diff -up openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash openssl-1.1.0-pre5/crypto/x509/x509_cmp.c +--- openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash 2016-07-18 15:16:32.788881100 +0200 ++++ openssl-1.1.0-pre5/crypto/x509/x509_cmp.c 2016-07-18 15:17:16.671871840 +0200 +@@ -87,6 +87,7 @@ unsigned long X509_issuer_and_serial_has + + if (ctx == NULL) + goto err; ++ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); + if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) + goto err; diff --git a/openssl-freefilesync/openssl-1.1.0-no-html.patch b/openssl-freefilesync/openssl-1.1.0-no-html.patch new file mode 100644 index 0000000..f6a941e --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.0-no-html.patch @@ -0,0 +1,12 @@ +diff -up openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.nohtml openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl +--- openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.no-html 2016-04-19 16:57:52.000000000 +0200 ++++ openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl 2016-07-18 13:58:55.060106243 +0200 +@@ -288,7 +288,7 @@ install_sw: all install_dev install_engi + + uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev + +-install_docs: install_man_docs install_html_docs ++install_docs: install_man_docs + + uninstall_docs: uninstall_man_docs uninstall_html_docs + $(RM) -r -v $(DESTDIR)$(DOCDIR) diff --git a/openssl-freefilesync/openssl-1.1.1-apps-dgst.patch b/openssl-freefilesync/openssl-1.1.1-apps-dgst.patch new file mode 100644 index 0000000..655b6e2 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-apps-dgst.patch @@ -0,0 +1,12 @@ +diff -up openssl-1.1.1b/apps/ca.c.dgst openssl-1.1.1b/apps/ca.c +--- openssl-1.1.1b/apps/ca.c.dgst 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/apps/ca.c 2019-03-15 15:53:46.622267688 +0100 +@@ -169,7 +169,7 @@ const OPTIONS ca_options[] = { + {"enddate", OPT_ENDDATE, 's', + "YYMMDDHHMMSSZ cert notAfter (overrides -days)"}, + {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"}, +- {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"}, ++ {"md", OPT_MD, 's', "md to use; see openssl help for list"}, + {"policy", OPT_POLICY, 's', "The CA 'policy' to support"}, + {"keyfile", OPT_KEYFILE, 's', "Private key"}, + {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"}, diff --git a/openssl-freefilesync/openssl-1.1.1-build.patch b/openssl-freefilesync/openssl-1.1.1-build.patch new file mode 100644 index 0000000..cfe20f6 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-build.patch @@ -0,0 +1,40 @@ +diff -up openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl +--- openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build 2018-06-20 16:48:09.000000000 +0200 ++++ openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl 2018-07-16 17:15:38.108831031 +0200 +@@ -680,7 +680,7 @@ uninstall_runtime: + install_man_docs: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @$(ECHO) "*** Installing manpages" +- $(PERL) $(SRCDIR)/util/process_docs.pl \ ++ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ + --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) + + uninstall_man_docs: +@@ -692,7 +692,7 @@ uninstall_man_docs: + install_html_docs: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @$(ECHO) "*** Installing HTML manpages" +- $(PERL) $(SRCDIR)/util/process_docs.pl \ ++ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ + --destdir=$(DESTDIR)$(HTMLDIR) --type=html + + uninstall_html_docs: +diff -up openssl-1.1.1-pre8/Configurations/10-main.conf.build openssl-1.1.1-pre8/Configurations/10-main.conf +--- openssl-1.1.1-pre8/Configurations/10-main.conf.build 2018-06-20 16:48:09.000000000 +0200 ++++ openssl-1.1.1-pre8/Configurations/10-main.conf 2018-07-16 17:17:10.312045203 +0200 +@@ -693,6 +693,7 @@ my %targets = ( + cxxflags => add("-m64"), + lib_cppflags => add("-DL_ENDIAN"), + perlasm_scheme => "linux64le", ++ multilib => "64", + }, + + "linux-armv4" => { +@@ -733,6 +734,7 @@ my %targets = ( + "linux-aarch64" => { + inherit_from => [ "linux-generic64", asm("aarch64_asm") ], + perlasm_scheme => "linux64", ++ multilib => "64", + }, + "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 + inherit_from => [ "linux-generic32", asm("aarch64_asm") ], diff --git a/openssl-freefilesync/openssl-1.1.1-conf-paths.patch b/openssl-freefilesync/openssl-1.1.1-conf-paths.patch new file mode 100644 index 0000000..819007b --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-conf-paths.patch @@ -0,0 +1,56 @@ +diff -up openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths openssl-1.1.1-pre8/apps/CA.pl.in +--- openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths 2018-06-20 16:48:09.000000000 +0200 ++++ openssl-1.1.1-pre8/apps/CA.pl.in 2018-07-25 17:26:58.388624296 +0200 +@@ -33,7 +33,7 @@ my $X509 = "$openssl x509"; + my $PKCS12 = "$openssl pkcs12"; + + # default openssl.cnf file has setup as per the following +-my $CATOP = "./demoCA"; ++my $CATOP = "/etc/pki/CA"; + my $CAKEY = "cakey.pem"; + my $CAREQ = "careq.pem"; + my $CACERT = "cacert.pem"; +diff -up openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths openssl-1.1.1-pre8/apps/openssl.cnf +--- openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths 2018-07-25 17:26:58.378624057 +0200 ++++ openssl-1.1.1-pre8/apps/openssl.cnf 2018-07-27 13:20:08.198513471 +0200 +@@ -23,6 +23,22 @@ oid_section = new_oids + # (Alternatively, use a configuration file that has only + # X.509v3 extensions in its main [= default] section.) + ++# Load default TLS policy configuration ++ ++openssl_conf = default_modules ++ ++[ default_modules ] ++ ++ssl_conf = ssl_module ++ ++[ ssl_module ] ++ ++system_default = crypto_policy ++ ++[ crypto_policy ] ++ ++.include = /etc/crypto-policies/back-ends/opensslcnf.config ++ + [ new_oids ] + + # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +@@ -43,7 +59,7 @@ default_ca = CA_default # The default c + #################################################################### + [ CA_default ] + +-dir = ./demoCA # Where everything is kept ++dir = /etc/pki/CA # Where everything is kept + certs = $dir/certs # Where the issued certs are kept + crl_dir = $dir/crl # Where the issued crl are kept + database = $dir/index.txt # database index file. +@@ -329,7 +345,7 @@ default_tsa = tsa_config1 # the default + [ tsa_config1 ] + + # These are used by the TSA reply generation only. +-dir = ./demoCA # TSA root directory ++dir = /etc/pki/CA # TSA root directory + serial = $dir/tsaserial # The current serial number (mandatory) + crypto_device = builtin # OpenSSL engine to use for signing + signer_cert = $dir/tsacert.pem # The TSA signing certificate diff --git a/openssl-freefilesync/openssl-1.1.1-defaults.patch b/openssl-freefilesync/openssl-1.1.1-defaults.patch new file mode 100644 index 0000000..291ed88 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-defaults.patch @@ -0,0 +1,51 @@ +diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cnf +--- openssl-1.1.1a/apps/openssl.cnf.defaults 2018-11-20 14:35:37.000000000 +0100 ++++ openssl-1.1.1a/apps/openssl.cnf 2019-01-15 13:56:50.841719776 +0100 +@@ -74,7 +74,7 @@ cert_opt = ca_default # Certificate fi + + default_days = 365 # how long to certify for + default_crl_days= 30 # how long before next CRL +-default_md = default # use public key default MD ++default_md = sha256 # use SHA-256 by default + preserve = no # keep passed DN ordering + + # A few difference way of specifying how similar the request should look +@@ -106,6 +106,7 @@ emailAddress = optional + #################################################################### + [ req ] + default_bits = 2048 ++default_md = sha256 + default_keyfile = privkey.pem + distinguished_name = req_distinguished_name + attributes = req_attributes +@@ -128,17 +129,18 @@ string_mask = utf8only + + [ req_distinguished_name ] + countryName = Country Name (2 letter code) +-countryName_default = AU ++countryName_default = XX + countryName_min = 2 + countryName_max = 2 + + stateOrProvinceName = State or Province Name (full name) +-stateOrProvinceName_default = Some-State ++#stateOrProvinceName_default = Default Province + + localityName = Locality Name (eg, city) ++localityName_default = Default City + + 0.organizationName = Organization Name (eg, company) +-0.organizationName_default = Internet Widgits Pty Ltd ++0.organizationName_default = Default Company Ltd + + # we can do this but it is not needed normally :-) + #1.organizationName = Second Organization Name (eg, company) +@@ -147,7 +149,7 @@ localityName = Locality Name (eg, city + organizationalUnitName = Organizational Unit Name (eg, section) + #organizationalUnitName_default = + +-commonName = Common Name (e.g. server FQDN or YOUR name) ++commonName = Common Name (eg, your name or your server\'s hostname) + commonName_max = 64 + + emailAddress = Email Address diff --git a/openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch b/openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch new file mode 100644 index 0000000..fdec0a8 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch @@ -0,0 +1,91 @@ +diff -up openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_client.c +--- openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200 ++++ openssl-1.1.1-pre8/apps/s_client.c 2018-07-16 18:16:40.070186323 +0200 +@@ -1681,6 +1681,9 @@ int s_client_main(int argc, char **argv) + if (sdebug) + ssl_ctx_security_debug(ctx, sdebug); + ++ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION) ++ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); ++ + if (!config_ctx(cctx, ssl_args, ctx)) + goto end; + +diff -up openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_server.c +--- openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200 ++++ openssl-1.1.1-pre8/apps/s_server.c 2018-07-16 18:17:17.300055551 +0200 +@@ -1760,6 +1760,9 @@ int s_server_main(int argc, char *argv[] + if (sdebug) + ssl_ctx_security_debug(ctx, sdebug); + ++ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION) ++ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); ++ + if (!config_ctx(cctx, ssl_args, ctx)) + goto end; + +diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.1-pre8/ssl/ssl_lib.c +--- openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/ssl/ssl_lib.c 2018-07-16 18:08:20.001487652 +0200 +@@ -3016,6 +3016,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m + */ + ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT; + ++ if (meth->version != SSL3_VERSION) { ++ /* ++ * Disable SSLv3 by default. Applications can ++ * re-enable it by configuring ++ * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); ++ * or by using the SSL_CONF API. ++ */ ++ ret->options |= SSL_OP_NO_SSLv3; ++ } ++ + ret->ext.status_type = TLSEXT_STATUSTYPE_nothing; + + /* +diff -up openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 openssl-1.1.1-pre8/test/ssl_test.c +--- openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200 ++++ openssl-1.1.1-pre8/test/ssl_test.c 2018-07-16 18:18:34.806865121 +0200 +@@ -443,6 +443,7 @@ static int test_handshake(int idx) + SSL_TEST_SERVERNAME_CB_NONE) { + if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method()))) + goto err; ++ SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3); + if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, + TLS_MAX_VERSION))) + goto err; +@@ -464,6 +465,8 @@ static int test_handshake(int idx) + if (!TEST_ptr(resume_server_ctx) + || !TEST_ptr(resume_client_ctx)) + goto err; ++ SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3); ++ SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3); + } + } + +@@ -477,6 +480,9 @@ static int test_handshake(int idx) + || !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0)) + goto err; + ++ SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3); ++ SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3); ++ + if (!SSL_CTX_config(server_ctx, "server") + || !SSL_CTX_config(client_ctx, "client")) { + goto err; +diff -up openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 openssl-1.1.1-pre8/test/ssltest_old.c +--- openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200 ++++ openssl-1.1.1-pre8/test/ssltest_old.c 2018-07-16 18:08:20.002487676 +0200 +@@ -1358,6 +1358,11 @@ int main(int argc, char *argv[]) + ERR_print_errors(bio_err); + goto end; + } ++ ++ SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3); ++ SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3); ++ SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3); ++ + /* + * Since we will use low security ciphersuites and keys for testing set + * security level to zero by default. Tests can override this by adding diff --git a/openssl-freefilesync/openssl-1.1.1-ec-curves.patch b/openssl-freefilesync/openssl-1.1.1-ec-curves.patch new file mode 100644 index 0000000..a83a331 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-ec-curves.patch @@ -0,0 +1,210 @@ +diff -up openssl-1.1.1c/apps/speed.c.curves openssl-1.1.1c/apps/speed.c +--- openssl-1.1.1c/apps/speed.c.curves 2019-05-28 15:12:21.000000000 +0200 ++++ openssl-1.1.1c/apps/speed.c 2019-05-29 15:36:53.332224470 +0200 +@@ -490,90 +490,30 @@ static double rsa_results[RSA_NUM][2]; + #endif /* OPENSSL_NO_RSA */ + + enum { +- R_EC_P160, +- R_EC_P192, + R_EC_P224, + R_EC_P256, + R_EC_P384, + R_EC_P521, +-#ifndef OPENSSL_NO_EC2M +- R_EC_K163, +- R_EC_K233, +- R_EC_K283, +- R_EC_K409, +- R_EC_K571, +- R_EC_B163, +- R_EC_B233, +- R_EC_B283, +- R_EC_B409, +- R_EC_B571, +-#endif +- R_EC_BRP256R1, +- R_EC_BRP256T1, +- R_EC_BRP384R1, +- R_EC_BRP384T1, +- R_EC_BRP512R1, +- R_EC_BRP512T1, + R_EC_X25519, + R_EC_X448 + }; + + #ifndef OPENSSL_NO_EC + static OPT_PAIR ecdsa_choices[] = { +- {"ecdsap160", R_EC_P160}, +- {"ecdsap192", R_EC_P192}, + {"ecdsap224", R_EC_P224}, + {"ecdsap256", R_EC_P256}, + {"ecdsap384", R_EC_P384}, + {"ecdsap521", R_EC_P521}, +-# ifndef OPENSSL_NO_EC2M +- {"ecdsak163", R_EC_K163}, +- {"ecdsak233", R_EC_K233}, +- {"ecdsak283", R_EC_K283}, +- {"ecdsak409", R_EC_K409}, +- {"ecdsak571", R_EC_K571}, +- {"ecdsab163", R_EC_B163}, +- {"ecdsab233", R_EC_B233}, +- {"ecdsab283", R_EC_B283}, +- {"ecdsab409", R_EC_B409}, +- {"ecdsab571", R_EC_B571}, +-# endif +- {"ecdsabrp256r1", R_EC_BRP256R1}, +- {"ecdsabrp256t1", R_EC_BRP256T1}, +- {"ecdsabrp384r1", R_EC_BRP384R1}, +- {"ecdsabrp384t1", R_EC_BRP384T1}, +- {"ecdsabrp512r1", R_EC_BRP512R1}, +- {"ecdsabrp512t1", R_EC_BRP512T1} + }; + # define ECDSA_NUM OSSL_NELEM(ecdsa_choices) + + static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */ + + static const OPT_PAIR ecdh_choices[] = { +- {"ecdhp160", R_EC_P160}, +- {"ecdhp192", R_EC_P192}, + {"ecdhp224", R_EC_P224}, + {"ecdhp256", R_EC_P256}, + {"ecdhp384", R_EC_P384}, + {"ecdhp521", R_EC_P521}, +-# ifndef OPENSSL_NO_EC2M +- {"ecdhk163", R_EC_K163}, +- {"ecdhk233", R_EC_K233}, +- {"ecdhk283", R_EC_K283}, +- {"ecdhk409", R_EC_K409}, +- {"ecdhk571", R_EC_K571}, +- {"ecdhb163", R_EC_B163}, +- {"ecdhb233", R_EC_B233}, +- {"ecdhb283", R_EC_B283}, +- {"ecdhb409", R_EC_B409}, +- {"ecdhb571", R_EC_B571}, +-# endif +- {"ecdhbrp256r1", R_EC_BRP256R1}, +- {"ecdhbrp256t1", R_EC_BRP256T1}, +- {"ecdhbrp384r1", R_EC_BRP384R1}, +- {"ecdhbrp384t1", R_EC_BRP384T1}, +- {"ecdhbrp512r1", R_EC_BRP512R1}, +- {"ecdhbrp512t1", R_EC_BRP512T1}, + {"ecdhx25519", R_EC_X25519}, + {"ecdhx448", R_EC_X448} + }; +@@ -1504,31 +1444,10 @@ int speed_main(int argc, char **argv) + unsigned int bits; + } test_curves[] = { + /* Prime Curves */ +- {"secp160r1", NID_secp160r1, 160}, +- {"nistp192", NID_X9_62_prime192v1, 192}, + {"nistp224", NID_secp224r1, 224}, + {"nistp256", NID_X9_62_prime256v1, 256}, + {"nistp384", NID_secp384r1, 384}, + {"nistp521", NID_secp521r1, 521}, +-# ifndef OPENSSL_NO_EC2M +- /* Binary Curves */ +- {"nistk163", NID_sect163k1, 163}, +- {"nistk233", NID_sect233k1, 233}, +- {"nistk283", NID_sect283k1, 283}, +- {"nistk409", NID_sect409k1, 409}, +- {"nistk571", NID_sect571k1, 571}, +- {"nistb163", NID_sect163r2, 163}, +- {"nistb233", NID_sect233r1, 233}, +- {"nistb283", NID_sect283r1, 283}, +- {"nistb409", NID_sect409r1, 409}, +- {"nistb571", NID_sect571r1, 571}, +-# endif +- {"brainpoolP256r1", NID_brainpoolP256r1, 256}, +- {"brainpoolP256t1", NID_brainpoolP256t1, 256}, +- {"brainpoolP384r1", NID_brainpoolP384r1, 384}, +- {"brainpoolP384t1", NID_brainpoolP384t1, 384}, +- {"brainpoolP512r1", NID_brainpoolP512r1, 512}, +- {"brainpoolP512t1", NID_brainpoolP512t1, 512}, + /* Other and ECDH only ones */ + {"X25519", NID_X25519, 253}, + {"X448", NID_X448, 448} +@@ -2028,9 +1947,9 @@ int speed_main(int argc, char **argv) + # endif + + # ifndef OPENSSL_NO_EC +- ecdsa_c[R_EC_P160][0] = count / 1000; +- ecdsa_c[R_EC_P160][1] = count / 1000 / 2; +- for (i = R_EC_P192; i <= R_EC_P521; i++) { ++ ecdsa_c[R_EC_P224][0] = count / 1000; ++ ecdsa_c[R_EC_P224][1] = count / 1000 / 2; ++ for (i = R_EC_P256; i <= R_EC_P521; i++) { + ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2; + ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2; + if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0) +@@ -2042,7 +1961,7 @@ int speed_main(int argc, char **argv) + } + } + } +-# ifndef OPENSSL_NO_EC2M ++# if 0 + ecdsa_c[R_EC_K163][0] = count / 1000; + ecdsa_c[R_EC_K163][1] = count / 1000 / 2; + for (i = R_EC_K233; i <= R_EC_K571; i++) { +@@ -2073,8 +1992,8 @@ int speed_main(int argc, char **argv) + } + # endif + +- ecdh_c[R_EC_P160][0] = count / 1000; +- for (i = R_EC_P192; i <= R_EC_P521; i++) { ++ ecdh_c[R_EC_P224][0] = count / 1000; ++ for (i = R_EC_P256; i <= R_EC_P521; i++) { + ecdh_c[i][0] = ecdh_c[i - 1][0] / 2; + if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0) + ecdh_doit[i] = 0; +@@ -2084,7 +2003,7 @@ int speed_main(int argc, char **argv) + } + } + } +-# ifndef OPENSSL_NO_EC2M ++# if 0 + ecdh_c[R_EC_K163][0] = count / 1000; + for (i = R_EC_K233; i <= R_EC_K571; i++) { + ecdh_c[i][0] = ecdh_c[i - 1][0] / 2; +diff -up openssl-1.1.1c/crypto/ec/ecp_smpl.c.curves openssl-1.1.1c/crypto/ec/ecp_smpl.c +--- openssl-1.1.1c/crypto/ec/ecp_smpl.c.curves 2019-05-28 15:12:21.000000000 +0200 ++++ openssl-1.1.1c/crypto/ec/ecp_smpl.c 2019-05-29 15:30:09.071349520 +0200 +@@ -145,6 +145,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO + return 0; + } + ++ if (BN_num_bits(p) < 224) { ++ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); ++ return 0; ++ } ++ + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) +diff -up openssl-1.1.1c/test/ecdsatest.h.curves openssl-1.1.1c/test/ecdsatest.h +--- openssl-1.1.1c/test/ecdsatest.h.curves 2019-05-29 15:30:09.010350595 +0200 ++++ openssl-1.1.1c/test/ecdsatest.h 2019-05-29 15:41:24.586444294 +0200 +@@ -32,23 +32,6 @@ typedef struct { + } ecdsa_cavs_kat_t; + + static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = { +- /* prime KATs from X9.62 */ +- {NID_X9_62_prime192v1, NID_sha1, +- "616263", /* "abc" */ +- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb", +- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e" +- "5ca5c0d69716dfcb3474373902", +- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e", +- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead", +- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"}, +- {NID_X9_62_prime239v1, NID_sha1, +- "616263", /* "abc" */ +- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d", +- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e" +- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee", +- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", +- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0", +- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"}, + /* prime KATs from NIST CAVP */ + {NID_secp224r1, NID_sha224, + "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" diff --git a/openssl-freefilesync/openssl-1.1.1-evp-kdf.patch b/openssl-freefilesync/openssl-1.1.1-evp-kdf.patch new file mode 100644 index 0000000..6a73a61 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-evp-kdf.patch @@ -0,0 +1,5262 @@ +diff -up openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf openssl-1.1.1b/crypto/err/openssl.txt +--- openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/err/openssl.txt 2019-02-28 13:05:05.651521474 +0100 +@@ -743,6 +743,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn + EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate + EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex + EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate ++EVP_F_EVP_KDF_CTRL:224:EVP_KDF_ctrl ++EVP_F_EVP_KDF_CTRL_STR:225:EVP_KDF_ctrl_str ++EVP_F_EVP_KDF_CTX_NEW_ID:226:EVP_KDF_CTX_new_id + EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex + EVP_F_EVP_MD_SIZE:162:EVP_MD_size + EVP_F_EVP_OPENINIT:102:EVP_OpenInit +@@ -805,11 +808,30 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k + EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen + EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen + EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen ++EVP_F_PKEY_KDF_CTRL:227:pkey_kdf_ctrl + EVP_F_PKEY_SET_TYPE:158:pkey_set_type + EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth + EVP_F_RC5_CTRL:125:rc5_ctrl + EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_gcm_ctrl ++EVP_F_SCRYPT_ALG:228:scrypt_alg + EVP_F_UPDATE:173:update ++KDF_F_HKDF_EXTRACT:112:HKDF_Extract ++KDF_F_KDF_HKDF_DERIVE:113:kdf_hkdf_derive ++KDF_F_KDF_HKDF_NEW:114:kdf_hkdf_new ++KDF_F_KDF_HKDF_SIZE:115:kdf_hkdf_size ++KDF_F_KDF_MD2CTRL:116:kdf_md2ctrl ++KDF_F_KDF_PBKDF2_CTRL_STR:117:kdf_pbkdf2_ctrl_str ++KDF_F_KDF_PBKDF2_DERIVE:118:kdf_pbkdf2_derive ++KDF_F_KDF_PBKDF2_NEW:119:kdf_pbkdf2_new ++KDF_F_KDF_SCRYPT_CTRL_STR:120:kdf_scrypt_ctrl_str ++KDF_F_KDF_SCRYPT_CTRL_UINT32:121:kdf_scrypt_ctrl_uint32 ++KDF_F_KDF_SCRYPT_CTRL_UINT64:122:kdf_scrypt_ctrl_uint64 ++KDF_F_KDF_SCRYPT_DERIVE:123:kdf_scrypt_derive ++KDF_F_KDF_SCRYPT_NEW:124:kdf_scrypt_new ++KDF_F_KDF_TLS1_PRF_CTRL_STR:125:kdf_tls1_prf_ctrl_str ++KDF_F_KDF_TLS1_PRF_DERIVE:126:kdf_tls1_prf_derive ++KDF_F_KDF_TLS1_PRF_NEW:127:kdf_tls1_prf_new ++KDF_F_PBKDF2_SET_MEMBUF:128:pbkdf2_set_membuf + KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str + KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive + KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init +@@ -821,6 +843,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc + KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str + KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive + KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init ++KDF_F_SCRYPT_SET_MEMBUF:129:scrypt_set_membuf + KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg + OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object + OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid +@@ -2264,6 +2287,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\ + operation not supported for this keytype + EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized ++EVP_R_PARAMETER_TOO_LARGE:187:parameter too large + EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers + EVP_R_PBKDF2_ERROR:181:pbkdf2 error + EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ +@@ -2299,6 +2323,7 @@ KDF_R_MISSING_SEED:106:missing seed + KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type + KDF_R_VALUE_ERROR:108:value error + KDF_R_VALUE_MISSING:102:value missing ++KDF_R_WRONG_OUTPUT_BUFFER_SIZE:112:wrong output buffer size + OBJ_R_OID_EXISTS:102:oid exists + OBJ_R_UNKNOWN_NID:101:unknown nid + OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error +diff -up openssl-1.1.1b/crypto/evp/build.info.evp-kdf openssl-1.1.1b/crypto/evp/build.info +--- openssl-1.1.1b/crypto/evp/build.info.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/evp/build.info 2019-02-28 13:05:05.651521474 +0100 +@@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\ + p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ + bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ + c_allc.c c_alld.c evp_lib.c bio_ok.c \ +- evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \ ++ evp_pkey.c kdf_lib.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \ ++ pkey_kdf.c \ + e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ + e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \ + e_chacha20_poly1305.c cmeth_lib.c +diff -up openssl-1.1.1b/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1b/crypto/evp/e_chacha20_poly1305.c +--- openssl-1.1.1b/crypto/evp/e_chacha20_poly1305.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/evp/e_chacha20_poly1305.c 2019-02-28 13:05:05.651521474 +0100 +@@ -14,8 +14,8 @@ + + # include + # include +-# include "evp_locl.h" + # include "internal/evp_int.h" ++# include "evp_locl.h" + # include "internal/chacha.h" + + typedef struct { +diff -up openssl-1.1.1b/crypto/evp/encode.c.evp-kdf openssl-1.1.1b/crypto/evp/encode.c +--- openssl-1.1.1b/crypto/evp/encode.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/evp/encode.c 2019-02-28 13:05:05.651521474 +0100 +@@ -11,8 +11,8 @@ + #include + #include "internal/cryptlib.h" + #include +-#include "evp_locl.h" + #include "internal/evp_int.h" ++#include "evp_locl.h" + + static unsigned char conv_ascii2bin(unsigned char a, + const unsigned char *table); +diff -up openssl-1.1.1b/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1b/crypto/evp/evp_err.c +--- openssl-1.1.1b/crypto/evp/evp_err.c.evp-kdf 2019-02-28 13:05:05.617522103 +0100 ++++ openssl-1.1.1b/crypto/evp/evp_err.c 2019-02-28 13:05:05.651521474 +0100 +@@ -1,6 +1,6 @@ + /* + * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -56,6 +56,9 @@ static const ERR_STRING_DATA EVP_str_fun + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0), + "EVP_EncryptFinal_ex"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTUPDATE, 0), "EVP_EncryptUpdate"}, ++ {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_KDF_CTRL, 0), "EVP_KDF_ctrl"}, ++ {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_KDF_CTRL_STR, 0), "EVP_KDF_ctrl_str"}, ++ {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_KDF_CTX_NEW_ID, 0), "EVP_KDF_CTX_new_id"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_CTX_COPY_EX, 0), "EVP_MD_CTX_copy_ex"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_SIZE, 0), "EVP_MD_size"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_OPENINIT, 0), "EVP_OpenInit"}, +@@ -147,10 +150,12 @@ static const ERR_STRING_DATA EVP_str_fun + "PKCS5_v2_PBKDF2_keyivgen"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, 0), + "PKCS5_v2_scrypt_keyivgen"}, ++ {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_KDF_CTRL, 0), "pkey_kdf_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"}, ++ {ERR_PACK(ERR_LIB_EVP, EVP_F_SCRYPT_ALG, 0), "scrypt_alg"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"}, + {0, NULL} + }; +@@ -233,6 +238,8 @@ static const ERR_STRING_DATA EVP_str_rea + "operation not supported for this keytype"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED), + "operaton not initialized"}, ++ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARAMETER_TOO_LARGE), ++ "parameter too large"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), + "partially overlapping buffers"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, +diff -up openssl-1.1.1b/crypto/evp/evp_locl.h.evp-kdf openssl-1.1.1b/crypto/evp/evp_locl.h +--- openssl-1.1.1b/crypto/evp/evp_locl.h.evp-kdf 2019-02-28 13:05:05.253528831 +0100 ++++ openssl-1.1.1b/crypto/evp/evp_locl.h 2019-02-28 13:05:05.652521456 +0100 +@@ -41,6 +41,11 @@ struct evp_cipher_ctx_st { + unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ + } /* EVP_CIPHER_CTX */ ; + ++struct evp_kdf_ctx_st { ++ const EVP_KDF_METHOD *kmeth; ++ EVP_KDF_IMPL *impl; /* Algorithm-specific data */ ++} /* EVP_KDF_CTX */ ; ++ + int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, +diff -up openssl-1.1.1b/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1b/crypto/evp/evp_pbe.c +--- openssl-1.1.1b/crypto/evp/evp_pbe.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/evp/evp_pbe.c 2019-02-28 13:05:05.652521456 +0100 +@@ -12,6 +12,7 @@ + #include + #include + #include ++#include "internal/evp_int.h" + #include "evp_locl.h" + + /* Password based encryption (PBE) functions */ +diff -up openssl-1.1.1b/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1b/crypto/evp/kdf_lib.c +--- openssl-1.1.1b/crypto/evp/kdf_lib.c.evp-kdf 2019-02-28 13:05:05.652521456 +0100 ++++ openssl-1.1.1b/crypto/evp/kdf_lib.c 2019-02-28 13:05:05.652521456 +0100 +@@ -0,0 +1,165 @@ ++/* ++ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#include ++#include ++#include "internal/cryptlib.h" ++#include ++#include ++#include ++#include ++#include "internal/asn1_int.h" ++#include "internal/evp_int.h" ++#include "internal/numbers.h" ++#include "evp_locl.h" ++ ++typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); ++ ++/* This array needs to be in order of NIDs */ ++static const EVP_KDF_METHOD *standard_methods[] = { ++ &pbkdf2_kdf_meth, ++#ifndef OPENSSL_NO_SCRYPT ++ &scrypt_kdf_meth, ++#endif ++ &tls1_prf_kdf_meth, ++ &hkdf_kdf_meth ++}; ++ ++DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *, ++ kmeth); ++ ++static int kmeth_cmp(const EVP_KDF_METHOD *const *a, ++ const EVP_KDF_METHOD *const *b) ++{ ++ return ((*a)->type - (*b)->type); ++} ++ ++IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *, ++ kmeth); ++ ++static const EVP_KDF_METHOD *kdf_meth_find(int type) ++{ ++ EVP_KDF_METHOD tmp; ++ const EVP_KDF_METHOD *t = &tmp, **ret; ++ ++ tmp.type = type; ++ ret = OBJ_bsearch_kmeth(&t, standard_methods, ++ OSSL_NELEM(standard_methods)); ++ if (ret == NULL || *ret == NULL) ++ return NULL; ++ ++ return *ret; ++} ++ ++EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id) ++{ ++ EVP_KDF_CTX *ret; ++ const EVP_KDF_METHOD *kmeth; ++ ++ kmeth = kdf_meth_find(id); ++ if (kmeth == NULL) { ++ EVPerr(EVP_F_EVP_KDF_CTX_NEW_ID, EVP_R_UNSUPPORTED_ALGORITHM); ++ return NULL; ++ } ++ ++ ret = OPENSSL_zalloc(sizeof(*ret)); ++ if (ret == NULL) { ++ EVPerr(EVP_F_EVP_KDF_CTX_NEW_ID, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ if (kmeth->new != NULL && (ret->impl = kmeth->new()) == NULL) { ++ EVP_KDF_CTX_free(ret); ++ return NULL; ++ } ++ ++ ret->kmeth = kmeth; ++ return ret; ++} ++ ++void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx) ++{ ++ if (ctx == NULL) ++ return; ++ ++ ctx->kmeth->free(ctx->impl); ++ OPENSSL_free(ctx); ++} ++ ++void EVP_KDF_reset(EVP_KDF_CTX *ctx) ++{ ++ if (ctx == NULL) ++ return; ++ ++ if (ctx->kmeth->reset != NULL) ++ ctx->kmeth->reset(ctx->impl); ++} ++ ++int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...) ++{ ++ int ret; ++ va_list args; ++ ++ va_start(args, cmd); ++ ret = EVP_KDF_vctrl(ctx, cmd, args); ++ va_end(args); ++ ++ if (ret == -2) ++ EVPerr(EVP_F_EVP_KDF_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); ++ ++ return ret; ++} ++ ++int EVP_KDF_vctrl(EVP_KDF_CTX *ctx, int cmd, va_list args) ++{ ++ if (ctx == NULL) ++ return 0; ++ ++ return ctx->kmeth->ctrl(ctx->impl, cmd, args); ++} ++ ++int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value) ++{ ++ int ret; ++ ++ if (ctx == NULL) ++ return 0; ++ ++ if (ctx->kmeth->ctrl_str == NULL) { ++ EVPerr(EVP_F_EVP_KDF_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); ++ return -2; ++ } ++ ++ ret = ctx->kmeth->ctrl_str(ctx->impl, type, value); ++ if (ret == -2) ++ EVPerr(EVP_F_EVP_KDF_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); ++ ++ return ret; ++} ++ ++size_t EVP_KDF_size(EVP_KDF_CTX *ctx) ++{ ++ if (ctx == NULL) ++ return 0; ++ ++ if (ctx->kmeth->size == NULL) ++ return SIZE_MAX; ++ ++ return ctx->kmeth->size(ctx->impl); ++} ++ ++int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen) ++{ ++ if (ctx == NULL) ++ return 0; ++ ++ return ctx->kmeth->derive(ctx->impl, key, keylen); ++} ++ +diff -up openssl-1.1.1b/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1b/crypto/evp/p5_crpt2.c +--- openssl-1.1.1b/crypto/evp/p5_crpt2.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/evp/p5_crpt2.c 2019-02-28 13:05:05.652521456 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -10,105 +10,51 @@ + #include + #include + #include "internal/cryptlib.h" +-# include +-# include +-# include +-# include "evp_locl.h" ++#include ++#include ++#include ++#include ++#include "internal/evp_int.h" ++#include "evp_locl.h" + + /* set this to print out info about the keygen algorithm */ + /* #define OPENSSL_DEBUG_PKCS5V2 */ + +-# ifdef OPENSSL_DEBUG_PKCS5V2 ++#ifdef OPENSSL_DEBUG_PKCS5V2 + static void h__dump(const unsigned char *p, int len); +-# endif +- +-/* +- * This is an implementation of PKCS#5 v2.0 password based encryption key +- * derivation function PBKDF2. SHA1 version verified against test vectors +- * posted by Peter Gutmann to the PKCS-TNG mailing list. +- */ ++#endif + + int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, int keylen, unsigned char *out) + { + const char *empty = ""; +- unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; +- int cplen, j, k, tkeylen, mdlen; +- unsigned long i = 1; +- HMAC_CTX *hctx_tpl = NULL, *hctx = NULL; +- +- mdlen = EVP_MD_size(digest); +- if (mdlen < 0) +- return 0; ++ int rv = 1; ++ EVP_KDF_CTX *kctx; + +- hctx_tpl = HMAC_CTX_new(); +- if (hctx_tpl == NULL) +- return 0; +- p = out; +- tkeylen = keylen; ++ /* Keep documented behaviour. */ + if (pass == NULL) { + pass = empty; + passlen = 0; + } else if (passlen == -1) { + passlen = strlen(pass); + } +- if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) { +- HMAC_CTX_free(hctx_tpl); +- return 0; +- } +- hctx = HMAC_CTX_new(); +- if (hctx == NULL) { +- HMAC_CTX_free(hctx_tpl); ++ if (salt == NULL && saltlen == 0) ++ salt = (unsigned char *)empty; ++ ++ kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2); ++ if (kctx == NULL) + return 0; +- } +- while (tkeylen) { +- if (tkeylen > mdlen) +- cplen = mdlen; +- else +- cplen = tkeylen; +- /* +- * We are unlikely to ever use more than 256 blocks (5120 bits!) but +- * just in case... +- */ +- itmp[0] = (unsigned char)((i >> 24) & 0xff); +- itmp[1] = (unsigned char)((i >> 16) & 0xff); +- itmp[2] = (unsigned char)((i >> 8) & 0xff); +- itmp[3] = (unsigned char)(i & 0xff); +- if (!HMAC_CTX_copy(hctx, hctx_tpl)) { +- HMAC_CTX_free(hctx); +- HMAC_CTX_free(hctx_tpl); +- return 0; +- } +- if (!HMAC_Update(hctx, salt, saltlen) +- || !HMAC_Update(hctx, itmp, 4) +- || !HMAC_Final(hctx, digtmp, NULL)) { +- HMAC_CTX_free(hctx); +- HMAC_CTX_free(hctx_tpl); +- return 0; +- } +- memcpy(p, digtmp, cplen); +- for (j = 1; j < iter; j++) { +- if (!HMAC_CTX_copy(hctx, hctx_tpl)) { +- HMAC_CTX_free(hctx); +- HMAC_CTX_free(hctx_tpl); +- return 0; +- } +- if (!HMAC_Update(hctx, digtmp, mdlen) +- || !HMAC_Final(hctx, digtmp, NULL)) { +- HMAC_CTX_free(hctx); +- HMAC_CTX_free(hctx_tpl); +- return 0; +- } +- for (k = 0; k < cplen; k++) +- p[k] ^= digtmp[k]; +- } +- tkeylen -= cplen; +- i++; +- p += cplen; +- } +- HMAC_CTX_free(hctx); +- HMAC_CTX_free(hctx_tpl); ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, pass, (size_t)passlen) != 1 ++ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, ++ salt, (size_t)saltlen) != 1 ++ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, iter) != 1 ++ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, digest) != 1 ++ || EVP_KDF_derive(kctx, out, keylen) != 1) ++ rv = 0; ++ ++ EVP_KDF_CTX_free(kctx); ++ + # ifdef OPENSSL_DEBUG_PKCS5V2 + fprintf(stderr, "Password:\n"); + h__dump(pass, passlen); +@@ -118,7 +64,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, + fprintf(stderr, "Key:\n"); + h__dump(out, keylen); + # endif +- return 1; ++ return rv; + } + + int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, +diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/evp/pbe_scrypt.c +--- openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/evp/pbe_scrypt.c 2019-02-28 13:33:18.446264056 +0100 +@@ -7,135 +7,12 @@ + * https://www.openssl.org/source/license.html + */ + +-#include +-#include +-#include + #include + #include +-#include "internal/numbers.h" ++#include + + #ifndef OPENSSL_NO_SCRYPT + +-#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) +-static void salsa208_word_specification(uint32_t inout[16]) +-{ +- int i; +- uint32_t x[16]; +- memcpy(x, inout, sizeof(x)); +- for (i = 8; i > 0; i -= 2) { +- x[4] ^= R(x[0] + x[12], 7); +- x[8] ^= R(x[4] + x[0], 9); +- x[12] ^= R(x[8] + x[4], 13); +- x[0] ^= R(x[12] + x[8], 18); +- x[9] ^= R(x[5] + x[1], 7); +- x[13] ^= R(x[9] + x[5], 9); +- x[1] ^= R(x[13] + x[9], 13); +- x[5] ^= R(x[1] + x[13], 18); +- x[14] ^= R(x[10] + x[6], 7); +- x[2] ^= R(x[14] + x[10], 9); +- x[6] ^= R(x[2] + x[14], 13); +- x[10] ^= R(x[6] + x[2], 18); +- x[3] ^= R(x[15] + x[11], 7); +- x[7] ^= R(x[3] + x[15], 9); +- x[11] ^= R(x[7] + x[3], 13); +- x[15] ^= R(x[11] + x[7], 18); +- x[1] ^= R(x[0] + x[3], 7); +- x[2] ^= R(x[1] + x[0], 9); +- x[3] ^= R(x[2] + x[1], 13); +- x[0] ^= R(x[3] + x[2], 18); +- x[6] ^= R(x[5] + x[4], 7); +- x[7] ^= R(x[6] + x[5], 9); +- x[4] ^= R(x[7] + x[6], 13); +- x[5] ^= R(x[4] + x[7], 18); +- x[11] ^= R(x[10] + x[9], 7); +- x[8] ^= R(x[11] + x[10], 9); +- x[9] ^= R(x[8] + x[11], 13); +- x[10] ^= R(x[9] + x[8], 18); +- x[12] ^= R(x[15] + x[14], 7); +- x[13] ^= R(x[12] + x[15], 9); +- x[14] ^= R(x[13] + x[12], 13); +- x[15] ^= R(x[14] + x[13], 18); +- } +- for (i = 0; i < 16; ++i) +- inout[i] += x[i]; +- OPENSSL_cleanse(x, sizeof(x)); +-} +- +-static void scryptBlockMix(uint32_t *B_, uint32_t *B, uint64_t r) +-{ +- uint64_t i, j; +- uint32_t X[16], *pB; +- +- memcpy(X, B + (r * 2 - 1) * 16, sizeof(X)); +- pB = B; +- for (i = 0; i < r * 2; i++) { +- for (j = 0; j < 16; j++) +- X[j] ^= *pB++; +- salsa208_word_specification(X); +- memcpy(B_ + (i / 2 + (i & 1) * r) * 16, X, sizeof(X)); +- } +- OPENSSL_cleanse(X, sizeof(X)); +-} +- +-static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N, +- uint32_t *X, uint32_t *T, uint32_t *V) +-{ +- unsigned char *pB; +- uint32_t *pV; +- uint64_t i, k; +- +- /* Convert from little endian input */ +- for (pV = V, i = 0, pB = B; i < 32 * r; i++, pV++) { +- *pV = *pB++; +- *pV |= *pB++ << 8; +- *pV |= *pB++ << 16; +- *pV |= (uint32_t)*pB++ << 24; +- } +- +- for (i = 1; i < N; i++, pV += 32 * r) +- scryptBlockMix(pV, pV - 32 * r, r); +- +- scryptBlockMix(X, V + (N - 1) * 32 * r, r); +- +- for (i = 0; i < N; i++) { +- uint32_t j; +- j = X[16 * (2 * r - 1)] % N; +- pV = V + 32 * r * j; +- for (k = 0; k < 32 * r; k++) +- T[k] = X[k] ^ *pV++; +- scryptBlockMix(X, T, r); +- } +- /* Convert output to little endian */ +- for (i = 0, pB = B; i < 32 * r; i++) { +- uint32_t xtmp = X[i]; +- *pB++ = xtmp & 0xff; +- *pB++ = (xtmp >> 8) & 0xff; +- *pB++ = (xtmp >> 16) & 0xff; +- *pB++ = (xtmp >> 24) & 0xff; +- } +-} +- +-#ifndef SIZE_MAX +-# define SIZE_MAX ((size_t)-1) +-#endif +- +-/* +- * Maximum power of two that will fit in uint64_t: this should work on +- * most (all?) platforms. +- */ +- +-#define LOG2_UINT64_MAX (sizeof(uint64_t) * 8 - 1) +- +-/* +- * Maximum value of p * r: +- * p <= ((2^32-1) * hLen) / MFLen => +- * p <= ((2^32-1) * 32) / (128 * r) => +- * p * r <= (2^30-1) +- * +- */ +- +-#define SCRYPT_PR_MAX ((1 << 30) - 1) +- + /* + * Maximum permitted memory allow this to be overridden with Configuration + * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible. +@@ -160,107 +37,43 @@ int EVP_PBE_scrypt(const char *pass, siz + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen) + { +- int rv = 0; +- unsigned char *B; +- uint32_t *X, *V, *T; +- uint64_t i, Blen, Vlen; +- +- /* Sanity check parameters */ +- /* initial check, r,p must be non zero, N >= 2 and a power of 2 */ +- if (r == 0 || p == 0 || N < 2 || (N & (N - 1))) +- return 0; +- /* Check p * r < SCRYPT_PR_MAX avoiding overflow */ +- if (p > SCRYPT_PR_MAX / r) { +- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); +- return 0; +- } +- +- /* +- * Need to check N: if 2^(128 * r / 8) overflows limit this is +- * automatically satisfied since N <= UINT64_MAX. +- */ +- +- if (16 * r <= LOG2_UINT64_MAX) { +- if (N >= (((uint64_t)1) << (16 * r))) { +- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); +- return 0; +- } +- } ++ const char *empty = ""; ++ int rv = 1; ++ EVP_KDF_CTX *kctx; + +- /* Memory checks: check total allocated buffer size fits in uint64_t */ +- +- /* +- * B size in section 5 step 1.S +- * Note: we know p * 128 * r < UINT64_MAX because we already checked +- * p * r < SCRYPT_PR_MAX +- */ +- Blen = p * 128 * r; +- /* +- * Yet we pass it as integer to PKCS5_PBKDF2_HMAC... [This would +- * have to be revised when/if PKCS5_PBKDF2_HMAC accepts size_t.] +- */ +- if (Blen > INT_MAX) { +- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); +- return 0; +- } +- +- /* +- * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in uint64_t +- * This is combined size V, X and T (section 4) +- */ +- i = UINT64_MAX / (32 * sizeof(uint32_t)); +- if (N + 2 > i / r) { +- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); ++ if (r > UINT32_MAX || p > UINT32_MAX) { ++ EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE); + return 0; + } +- Vlen = 32 * r * (N + 2) * sizeof(uint32_t); + +- /* check total allocated size fits in uint64_t */ +- if (Blen > UINT64_MAX - Vlen) { +- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); +- return 0; ++ /* Maintain existing behaviour. */ ++ if (pass == NULL) { ++ pass = empty; ++ passlen = 0; ++ } ++ if (salt == NULL) { ++ salt = (const unsigned char *)empty; ++ saltlen = 0; + } +- + if (maxmem == 0) + maxmem = SCRYPT_MAX_MEM; + +- /* Check that the maximum memory doesn't exceed a size_t limits */ +- if (maxmem > SIZE_MAX) +- maxmem = SIZE_MAX; +- +- if (Blen + Vlen > maxmem) { +- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); ++ kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT); ++ if (kctx == NULL) + return 0; +- } + +- /* If no key return to indicate parameters are OK */ +- if (key == NULL) +- return 1; +- +- B = OPENSSL_malloc((size_t)(Blen + Vlen)); +- if (B == NULL) { +- EVPerr(EVP_F_EVP_PBE_SCRYPT, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- X = (uint32_t *)(B + Blen); +- T = X + 32 * r; +- V = T + 32 * r; +- if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(), +- (int)Blen, B) == 0) +- goto err; +- +- for (i = 0; i < p; i++) +- scryptROMix(B + 128 * r * i, r, N, X, T, V); +- +- if (PKCS5_PBKDF2_HMAC(pass, passlen, B, (int)Blen, 1, EVP_sha256(), +- keylen, key) == 0) +- goto err; +- rv = 1; +- err: +- if (rv == 0) +- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PBKDF2_ERROR); ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, pass, (size_t)passlen) != 1 ++ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, ++ salt, (size_t)saltlen) != 1 ++ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, N) != 1 ++ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, (uint32_t)r) != 1 ++ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, (uint32_t)p) != 1 ++ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, maxmem) != 1 ++ || EVP_KDF_derive(kctx, key, keylen) != 1) ++ rv = 0; + +- OPENSSL_clear_free(B, (size_t)(Blen + Vlen)); ++ EVP_KDF_CTX_free(kctx); + return rv; + } ++ + #endif +diff -up openssl-1.1.1b/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1b/crypto/evp/pkey_kdf.c +--- openssl-1.1.1b/crypto/evp/pkey_kdf.c.evp-kdf 2019-02-28 13:05:05.653521437 +0100 ++++ openssl-1.1.1b/crypto/evp/pkey_kdf.c 2019-02-28 13:05:05.653521437 +0100 +@@ -0,0 +1,255 @@ ++/* ++ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#include ++#include ++#include ++#include ++#include "internal/evp_int.h" ++ ++static int pkey_kdf_init(EVP_PKEY_CTX *ctx) ++{ ++ EVP_KDF_CTX *kctx; ++ ++ kctx = EVP_KDF_CTX_new_id(ctx->pmeth->pkey_id); ++ if (kctx == NULL) ++ return 0; ++ ++ ctx->data = kctx; ++ return 1; ++} ++ ++static void pkey_kdf_cleanup(EVP_PKEY_CTX *ctx) ++{ ++ EVP_KDF_CTX *kctx = ctx->data; ++ ++ EVP_KDF_CTX_free(kctx); ++} ++ ++static int pkey_kdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) ++{ ++ EVP_KDF_CTX *kctx = ctx->data; ++ uint64_t u64_value; ++ int cmd; ++ int ret; ++ ++ switch (type) { ++ case EVP_PKEY_CTRL_PASS: ++ cmd = EVP_KDF_CTRL_SET_PASS; ++ break; ++ case EVP_PKEY_CTRL_HKDF_SALT: ++ case EVP_PKEY_CTRL_SCRYPT_SALT: ++ cmd = EVP_KDF_CTRL_SET_SALT; ++ break; ++ case EVP_PKEY_CTRL_TLS_MD: ++ case EVP_PKEY_CTRL_HKDF_MD: ++ cmd = EVP_KDF_CTRL_SET_MD; ++ break; ++ case EVP_PKEY_CTRL_TLS_SECRET: ++ cmd = EVP_KDF_CTRL_SET_TLS_SECRET; ++ ret = EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_RESET_TLS_SEED); ++ if (ret < 1) ++ return ret; ++ break; ++ case EVP_PKEY_CTRL_TLS_SEED: ++ cmd = EVP_KDF_CTRL_ADD_TLS_SEED; ++ break; ++ case EVP_PKEY_CTRL_HKDF_KEY: ++ cmd = EVP_KDF_CTRL_SET_KEY; ++ break; ++ case EVP_PKEY_CTRL_HKDF_INFO: ++ cmd = EVP_KDF_CTRL_ADD_HKDF_INFO; ++ break; ++ case EVP_PKEY_CTRL_HKDF_MODE: ++ cmd = EVP_KDF_CTRL_SET_HKDF_MODE; ++ break; ++ case EVP_PKEY_CTRL_SCRYPT_N: ++ cmd = EVP_KDF_CTRL_SET_SCRYPT_N; ++ break; ++ case EVP_PKEY_CTRL_SCRYPT_R: ++ cmd = EVP_KDF_CTRL_SET_SCRYPT_R; ++ break; ++ case EVP_PKEY_CTRL_SCRYPT_P: ++ cmd = EVP_KDF_CTRL_SET_SCRYPT_P; ++ break; ++ case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES: ++ cmd = EVP_KDF_CTRL_SET_MAXMEM_BYTES; ++ break; ++ default: ++ return -2; ++ } ++ ++ switch (cmd) { ++ case EVP_KDF_CTRL_SET_PASS: ++ case EVP_KDF_CTRL_SET_SALT: ++ case EVP_KDF_CTRL_SET_KEY: ++ case EVP_KDF_CTRL_SET_TLS_SECRET: ++ case EVP_KDF_CTRL_ADD_TLS_SEED: ++ case EVP_KDF_CTRL_ADD_HKDF_INFO: ++ return EVP_KDF_ctrl(kctx, cmd, (const unsigned char *)p2, (size_t)p1); ++ ++ case EVP_KDF_CTRL_SET_MD: ++ return EVP_KDF_ctrl(kctx, cmd, (const EVP_MD *)p2); ++ ++ case EVP_KDF_CTRL_SET_HKDF_MODE: ++ return EVP_KDF_ctrl(kctx, cmd, (int)p1); ++ ++ case EVP_KDF_CTRL_SET_SCRYPT_R: ++ case EVP_KDF_CTRL_SET_SCRYPT_P: ++ u64_value = *(uint64_t *)p2; ++ if (u64_value > UINT32_MAX) { ++ EVPerr(EVP_F_PKEY_KDF_CTRL, EVP_R_PARAMETER_TOO_LARGE); ++ return 0; ++ } ++ ++ return EVP_KDF_ctrl(kctx, cmd, (uint32_t)u64_value); ++ ++ case EVP_KDF_CTRL_SET_SCRYPT_N: ++ case EVP_KDF_CTRL_SET_MAXMEM_BYTES: ++ return EVP_KDF_ctrl(kctx, cmd, *(uint64_t *)p2); ++ ++ default: ++ return 0; ++ } ++} ++ ++static int pkey_kdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, ++ const char *value) ++{ ++ EVP_KDF_CTX *kctx = ctx->data; ++ ++ if (strcmp(type, "md") == 0) ++ return EVP_KDF_ctrl_str(kctx, "digest", value); ++ return EVP_KDF_ctrl_str(kctx, type, value); ++} ++ ++static int pkey_kdf_derive_init(EVP_PKEY_CTX *ctx) ++{ ++ EVP_KDF_CTX *kctx = ctx->data; ++ ++ EVP_KDF_reset(kctx); ++ return 1; ++} ++ ++/* ++ * For fixed-output algorithms the keylen parameter is an "out" parameter ++ * otherwise it is an "in" parameter. ++ */ ++static int pkey_kdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, ++ size_t *keylen) ++{ ++ EVP_KDF_CTX *kctx = ctx->data; ++ size_t outlen = EVP_KDF_size(kctx); ++ ++ if (outlen == 0 || outlen == SIZE_MAX) { ++ /* Variable-output algorithm */ ++ if (key == NULL) ++ return 0; ++ } else { ++ /* Fixed-output algorithm */ ++ *keylen = outlen; ++ if (key == NULL) ++ return 1; ++ } ++ return EVP_KDF_derive(kctx, key, *keylen); ++} ++ ++#ifndef OPENSSL_NO_SCRYPT ++const EVP_PKEY_METHOD scrypt_pkey_meth = { ++ EVP_PKEY_SCRYPT, ++ 0, ++ pkey_kdf_init, ++ 0, ++ pkey_kdf_cleanup, ++ ++ 0, 0, ++ 0, 0, ++ ++ 0, ++ 0, ++ ++ 0, ++ 0, ++ ++ 0, 0, ++ ++ 0, 0, 0, 0, ++ ++ 0, 0, ++ ++ 0, 0, ++ ++ pkey_kdf_derive_init, ++ pkey_kdf_derive, ++ pkey_kdf_ctrl, ++ pkey_kdf_ctrl_str ++}; ++#endif ++ ++const EVP_PKEY_METHOD tls1_prf_pkey_meth = { ++ EVP_PKEY_TLS1_PRF, ++ EVP_PKEY_FLAG_FIPS, ++ pkey_kdf_init, ++ 0, ++ pkey_kdf_cleanup, ++ ++ 0, 0, ++ 0, 0, ++ ++ 0, ++ 0, ++ ++ 0, ++ 0, ++ ++ 0, 0, ++ ++ 0, 0, 0, 0, ++ ++ 0, 0, ++ ++ 0, 0, ++ ++ pkey_kdf_derive_init, ++ pkey_kdf_derive, ++ pkey_kdf_ctrl, ++ pkey_kdf_ctrl_str ++}; ++ ++const EVP_PKEY_METHOD hkdf_pkey_meth = { ++ EVP_PKEY_HKDF, ++ EVP_PKEY_FLAG_FIPS, ++ pkey_kdf_init, ++ 0, ++ pkey_kdf_cleanup, ++ ++ 0, 0, ++ 0, 0, ++ ++ 0, ++ 0, ++ ++ 0, ++ 0, ++ ++ 0, 0, ++ ++ 0, 0, 0, 0, ++ ++ 0, 0, ++ ++ 0, 0, ++ ++ pkey_kdf_derive_init, ++ pkey_kdf_derive, ++ pkey_kdf_ctrl, ++ pkey_kdf_ctrl_str ++}; ++ +diff -up openssl-1.1.1b/crypto/include/internal/evp_int.h.evp-kdf openssl-1.1.1b/crypto/include/internal/evp_int.h +--- openssl-1.1.1b/crypto/include/internal/evp_int.h.evp-kdf 2019-02-28 13:05:05.304527888 +0100 ++++ openssl-1.1.1b/crypto/include/internal/evp_int.h 2019-02-28 13:05:05.653521437 +0100 +@@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m + extern const EVP_PKEY_METHOD poly1305_pkey_meth; + extern const EVP_PKEY_METHOD siphash_pkey_meth; + ++/* struct evp_kdf_impl_st is defined by the implementation */ ++typedef struct evp_kdf_impl_st EVP_KDF_IMPL; ++typedef struct { ++ int type; ++ EVP_KDF_IMPL *(*new) (void); ++ void (*free) (EVP_KDF_IMPL *impl); ++ void (*reset) (EVP_KDF_IMPL *impl); ++ int (*ctrl) (EVP_KDF_IMPL *impl, int cmd, va_list args); ++ int (*ctrl_str) (EVP_KDF_IMPL *impl, const char *type, const char *value); ++ size_t (*size) (EVP_KDF_IMPL *impl); ++ int (*derive) (EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen); ++} EVP_KDF_METHOD; ++ ++extern const EVP_KDF_METHOD pbkdf2_kdf_meth; ++extern const EVP_KDF_METHOD scrypt_kdf_meth; ++extern const EVP_KDF_METHOD tls1_prf_kdf_meth; ++extern const EVP_KDF_METHOD hkdf_kdf_meth; ++ + struct evp_md_st { + int type; + int pkey_type; +diff -up openssl-1.1.1b/crypto/kdf/build.info.evp-kdf openssl-1.1.1b/crypto/kdf/build.info +--- openssl-1.1.1b/crypto/kdf/build.info.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/kdf/build.info 2019-02-28 13:05:05.653521437 +0100 +@@ -1,3 +1,3 @@ + LIBS=../../libcrypto + SOURCE[../../libcrypto]=\ +- tls1_prf.c kdf_err.c hkdf.c scrypt.c ++ tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c +diff -up openssl-1.1.1b/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1b/crypto/kdf/hkdf.c +--- openssl-1.1.1b/crypto/kdf/hkdf.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/kdf/hkdf.c 2019-02-28 13:05:05.653521437 +0100 +@@ -8,32 +8,33 @@ + */ + + #include ++#include + #include + #include +-#include + #include ++#include + #include "internal/cryptlib.h" + #include "internal/evp_int.h" ++#include "kdf_local.h" + + #define HKDF_MAXBUF 1024 + +-static unsigned char *HKDF(const EVP_MD *evp_md, +- const unsigned char *salt, size_t salt_len, +- const unsigned char *key, size_t key_len, +- const unsigned char *info, size_t info_len, +- unsigned char *okm, size_t okm_len); +- +-static unsigned char *HKDF_Extract(const EVP_MD *evp_md, +- const unsigned char *salt, size_t salt_len, +- const unsigned char *key, size_t key_len, +- unsigned char *prk, size_t *prk_len); +- +-static unsigned char *HKDF_Expand(const EVP_MD *evp_md, +- const unsigned char *prk, size_t prk_len, +- const unsigned char *info, size_t info_len, +- unsigned char *okm, size_t okm_len); ++static void kdf_hkdf_reset(EVP_KDF_IMPL *impl); ++static int HKDF(const EVP_MD *evp_md, ++ const unsigned char *salt, size_t salt_len, ++ const unsigned char *key, size_t key_len, ++ const unsigned char *info, size_t info_len, ++ unsigned char *okm, size_t okm_len); ++static int HKDF_Extract(const EVP_MD *evp_md, ++ const unsigned char *salt, size_t salt_len, ++ const unsigned char *key, size_t key_len, ++ unsigned char *prk, size_t prk_len); ++static int HKDF_Expand(const EVP_MD *evp_md, ++ const unsigned char *prk, size_t prk_len, ++ const unsigned char *info, size_t info_len, ++ unsigned char *okm, size_t okm_len); + +-typedef struct { ++struct evp_kdf_impl_st { + int mode; + const EVP_MD *md; + unsigned char *salt; +@@ -42,230 +43,208 @@ typedef struct { + size_t key_len; + unsigned char info[HKDF_MAXBUF]; + size_t info_len; +-} HKDF_PKEY_CTX; ++}; + +-static int pkey_hkdf_init(EVP_PKEY_CTX *ctx) ++static EVP_KDF_IMPL *kdf_hkdf_new(void) + { +- HKDF_PKEY_CTX *kctx; +- +- if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) { +- KDFerr(KDF_F_PKEY_HKDF_INIT, ERR_R_MALLOC_FAILURE); +- return 0; +- } ++ EVP_KDF_IMPL *impl; + +- ctx->data = kctx; ++ if ((impl = OPENSSL_zalloc(sizeof(*impl))) == NULL) ++ KDFerr(KDF_F_KDF_HKDF_NEW, ERR_R_MALLOC_FAILURE); ++ return impl; ++} + +- return 1; ++static void kdf_hkdf_free(EVP_KDF_IMPL *impl) ++{ ++ kdf_hkdf_reset(impl); ++ OPENSSL_free(impl); + } + +-static void pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx) ++static void kdf_hkdf_reset(EVP_KDF_IMPL *impl) + { +- HKDF_PKEY_CTX *kctx = ctx->data; +- OPENSSL_clear_free(kctx->salt, kctx->salt_len); +- OPENSSL_clear_free(kctx->key, kctx->key_len); +- OPENSSL_cleanse(kctx->info, kctx->info_len); +- OPENSSL_free(kctx); ++ OPENSSL_free(impl->salt); ++ OPENSSL_clear_free(impl->key, impl->key_len); ++ OPENSSL_cleanse(impl->info, impl->info_len); ++ memset(impl, 0, sizeof(*impl)); + } + +-static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) ++static int kdf_hkdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) + { +- HKDF_PKEY_CTX *kctx = ctx->data; ++ const unsigned char *p; ++ size_t len; ++ const EVP_MD *md; + +- switch (type) { +- case EVP_PKEY_CTRL_HKDF_MD: +- if (p2 == NULL) ++ switch (cmd) { ++ case EVP_KDF_CTRL_SET_MD: ++ md = va_arg(args, const EVP_MD *); ++ if (md == NULL) + return 0; + +- kctx->md = p2; ++ impl->md = md; + return 1; + +- case EVP_PKEY_CTRL_HKDF_MODE: +- kctx->mode = p1; ++ case EVP_KDF_CTRL_SET_HKDF_MODE: ++ impl->mode = va_arg(args, int); + return 1; + +- case EVP_PKEY_CTRL_HKDF_SALT: +- if (p1 == 0 || p2 == NULL) ++ case EVP_KDF_CTRL_SET_SALT: ++ p = va_arg(args, const unsigned char *); ++ len = va_arg(args, size_t); ++ if (len == 0 || p == NULL) + return 1; + +- if (p1 < 0) +- return 0; +- +- if (kctx->salt != NULL) +- OPENSSL_clear_free(kctx->salt, kctx->salt_len); +- +- kctx->salt = OPENSSL_memdup(p2, p1); +- if (kctx->salt == NULL) ++ OPENSSL_free(impl->salt); ++ impl->salt = OPENSSL_memdup(p, len); ++ if (impl->salt == NULL) + return 0; + +- kctx->salt_len = p1; ++ impl->salt_len = len; + return 1; + +- case EVP_PKEY_CTRL_HKDF_KEY: +- if (p1 < 0) ++ case EVP_KDF_CTRL_SET_KEY: ++ p = va_arg(args, const unsigned char *); ++ len = va_arg(args, size_t); ++ OPENSSL_clear_free(impl->key, impl->key_len); ++ impl->key = OPENSSL_memdup(p, len); ++ if (impl->key == NULL) + return 0; + +- if (kctx->key != NULL) +- OPENSSL_clear_free(kctx->key, kctx->key_len); +- +- kctx->key = OPENSSL_memdup(p2, p1); +- if (kctx->key == NULL) +- return 0; ++ impl->key_len = len; ++ return 1; + +- kctx->key_len = p1; ++ case EVP_KDF_CTRL_RESET_HKDF_INFO: ++ OPENSSL_cleanse(impl->info, impl->info_len); ++ impl->info_len = 0; + return 1; + +- case EVP_PKEY_CTRL_HKDF_INFO: +- if (p1 == 0 || p2 == NULL) ++ case EVP_KDF_CTRL_ADD_HKDF_INFO: ++ p = va_arg(args, const unsigned char *); ++ len = va_arg(args, size_t); ++ if (len == 0 || p == NULL) + return 1; + +- if (p1 < 0 || p1 > (int)(HKDF_MAXBUF - kctx->info_len)) ++ if (len > (HKDF_MAXBUF - impl->info_len)) + return 0; + +- memcpy(kctx->info + kctx->info_len, p2, p1); +- kctx->info_len += p1; ++ memcpy(impl->info + impl->info_len, p, len); ++ impl->info_len += len; + return 1; + + default: + return -2; +- + } + } + +-static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, +- const char *value) ++static int kdf_hkdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type, ++ const char *value) + { + if (strcmp(type, "mode") == 0) { + int mode; + + if (strcmp(value, "EXTRACT_AND_EXPAND") == 0) +- mode = EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND; ++ mode = EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND; + else if (strcmp(value, "EXTRACT_ONLY") == 0) +- mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY; ++ mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; + else if (strcmp(value, "EXPAND_ONLY") == 0) +- mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY; ++ mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY; + else + return 0; + +- return EVP_PKEY_CTX_hkdf_mode(ctx, mode); ++ return call_ctrl(kdf_hkdf_ctrl, impl, EVP_KDF_CTRL_SET_HKDF_MODE, mode); + } + +- if (strcmp(type, "md") == 0) +- return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_DERIVE, +- EVP_PKEY_CTRL_HKDF_MD, value); ++ if (strcmp(type, "digest") == 0) ++ return kdf_md2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_MD, value); + + if (strcmp(type, "salt") == 0) +- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value); ++ return kdf_str2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_SALT, value); + + if (strcmp(type, "hexsalt") == 0) +- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value); ++ return kdf_hex2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_SALT, value); + + if (strcmp(type, "key") == 0) +- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value); ++ return kdf_str2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_KEY, value); + + if (strcmp(type, "hexkey") == 0) +- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value); ++ return kdf_hex2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_KEY, value); + + if (strcmp(type, "info") == 0) +- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value); ++ return kdf_str2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_ADD_HKDF_INFO, ++ value); + + if (strcmp(type, "hexinfo") == 0) +- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value); ++ return kdf_hex2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_ADD_HKDF_INFO, ++ value); + +- KDFerr(KDF_F_PKEY_HKDF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE); + return -2; + } + +-static int pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx) ++static size_t kdf_hkdf_size(EVP_KDF_IMPL *impl) + { +- HKDF_PKEY_CTX *kctx = ctx->data; +- +- OPENSSL_clear_free(kctx->key, kctx->key_len); +- OPENSSL_clear_free(kctx->salt, kctx->salt_len); +- OPENSSL_cleanse(kctx->info, kctx->info_len); +- memset(kctx, 0, sizeof(*kctx)); ++ if (impl->mode != EVP_KDF_HKDF_MODE_EXTRACT_ONLY) ++ return SIZE_MAX; + +- return 1; ++ if (impl->md == NULL) { ++ KDFerr(KDF_F_KDF_HKDF_SIZE, KDF_R_MISSING_MESSAGE_DIGEST); ++ return 0; ++ } ++ return EVP_MD_size(impl->md); + } + +-static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, +- size_t *keylen) ++static int kdf_hkdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, ++ size_t keylen) + { +- HKDF_PKEY_CTX *kctx = ctx->data; +- +- if (kctx->md == NULL) { +- KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); ++ if (impl->md == NULL) { ++ KDFerr(KDF_F_KDF_HKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); + return 0; + } +- if (kctx->key == NULL) { +- KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_KEY); ++ if (impl->key == NULL) { ++ KDFerr(KDF_F_KDF_HKDF_DERIVE, KDF_R_MISSING_KEY); + return 0; + } + +- switch (kctx->mode) { +- case EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND: +- return HKDF(kctx->md, kctx->salt, kctx->salt_len, kctx->key, +- kctx->key_len, kctx->info, kctx->info_len, key, +- *keylen) != NULL; +- +- case EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY: +- if (key == NULL) { +- *keylen = EVP_MD_size(kctx->md); +- return 1; +- } +- return HKDF_Extract(kctx->md, kctx->salt, kctx->salt_len, kctx->key, +- kctx->key_len, key, keylen) != NULL; +- +- case EVP_PKEY_HKDEF_MODE_EXPAND_ONLY: +- return HKDF_Expand(kctx->md, kctx->key, kctx->key_len, kctx->info, +- kctx->info_len, key, *keylen) != NULL; ++ switch (impl->mode) { ++ case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND: ++ return HKDF(impl->md, impl->salt, impl->salt_len, impl->key, ++ impl->key_len, impl->info, impl->info_len, key, ++ keylen); ++ ++ case EVP_KDF_HKDF_MODE_EXTRACT_ONLY: ++ return HKDF_Extract(impl->md, impl->salt, impl->salt_len, impl->key, ++ impl->key_len, key, keylen); ++ ++ case EVP_KDF_HKDF_MODE_EXPAND_ONLY: ++ return HKDF_Expand(impl->md, impl->key, impl->key_len, impl->info, ++ impl->info_len, key, keylen); + + default: + return 0; + } + } + +-const EVP_PKEY_METHOD hkdf_pkey_meth = { +- EVP_PKEY_HKDF, +- 0, +- pkey_hkdf_init, +- 0, +- pkey_hkdf_cleanup, +- +- 0, 0, +- 0, 0, +- +- 0, +- 0, +- +- 0, +- 0, +- +- 0, 0, +- +- 0, 0, 0, 0, +- +- 0, 0, +- +- 0, 0, +- +- pkey_hkdf_derive_init, +- pkey_hkdf_derive, +- pkey_hkdf_ctrl, +- pkey_hkdf_ctrl_str ++const EVP_KDF_METHOD hkdf_kdf_meth = { ++ EVP_KDF_HKDF, ++ kdf_hkdf_new, ++ kdf_hkdf_free, ++ kdf_hkdf_reset, ++ kdf_hkdf_ctrl, ++ kdf_hkdf_ctrl_str, ++ kdf_hkdf_size, ++ kdf_hkdf_derive + }; + +-static unsigned char *HKDF(const EVP_MD *evp_md, +- const unsigned char *salt, size_t salt_len, +- const unsigned char *key, size_t key_len, +- const unsigned char *info, size_t info_len, +- unsigned char *okm, size_t okm_len) ++static int HKDF(const EVP_MD *evp_md, ++ const unsigned char *salt, size_t salt_len, ++ const unsigned char *key, size_t key_len, ++ const unsigned char *info, size_t info_len, ++ unsigned char *okm, size_t okm_len) + { + unsigned char prk[EVP_MAX_MD_SIZE]; +- unsigned char *ret; +- size_t prk_len; ++ int ret; ++ size_t prk_len = EVP_MD_size(evp_md); + +- if (!HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, &prk_len)) +- return NULL; ++ if (!HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, prk_len)) ++ return 0; + + ret = HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len); + OPENSSL_cleanse(prk, sizeof(prk)); +@@ -273,43 +252,38 @@ static unsigned char *HKDF(const EVP_MD + return ret; + } + +-static unsigned char *HKDF_Extract(const EVP_MD *evp_md, +- const unsigned char *salt, size_t salt_len, +- const unsigned char *key, size_t key_len, +- unsigned char *prk, size_t *prk_len) ++static int HKDF_Extract(const EVP_MD *evp_md, ++ const unsigned char *salt, size_t salt_len, ++ const unsigned char *key, size_t key_len, ++ unsigned char *prk, size_t prk_len) + { +- unsigned int tmp_len; +- +- if (!HMAC(evp_md, salt, salt_len, key, key_len, prk, &tmp_len)) +- return NULL; +- +- *prk_len = tmp_len; +- return prk; ++ if (prk_len != (size_t)EVP_MD_size(evp_md)) { ++ KDFerr(KDF_F_HKDF_EXTRACT, KDF_R_WRONG_OUTPUT_BUFFER_SIZE); ++ return 0; ++ } ++ return HMAC(evp_md, salt, salt_len, key, key_len, prk, NULL) != NULL; + } + +-static unsigned char *HKDF_Expand(const EVP_MD *evp_md, +- const unsigned char *prk, size_t prk_len, +- const unsigned char *info, size_t info_len, +- unsigned char *okm, size_t okm_len) ++static int HKDF_Expand(const EVP_MD *evp_md, ++ const unsigned char *prk, size_t prk_len, ++ const unsigned char *info, size_t info_len, ++ unsigned char *okm, size_t okm_len) + { + HMAC_CTX *hmac; +- unsigned char *ret = NULL; +- ++ int ret = 0; + unsigned int i; +- + unsigned char prev[EVP_MAX_MD_SIZE]; +- + size_t done_len = 0, dig_len = EVP_MD_size(evp_md); +- + size_t n = okm_len / dig_len; ++ + if (okm_len % dig_len) + n++; + + if (n > 255 || okm == NULL) +- return NULL; ++ return 0; + + if ((hmac = HMAC_CTX_new()) == NULL) +- return NULL; ++ return 0; + + if (!HMAC_Init_ex(hmac, prk, prk_len, evp_md, NULL)) + goto err; +@@ -343,7 +317,7 @@ static unsigned char *HKDF_Expand(const + + done_len += copy_len; + } +- ret = okm; ++ ret = 1; + + err: + OPENSSL_cleanse(prev, sizeof(prev)); +diff -up openssl-1.1.1b/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1b/crypto/kdf/kdf_err.c +--- openssl-1.1.1b/crypto/kdf/kdf_err.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/kdf/kdf_err.c 2019-02-28 13:05:05.654521419 +0100 +@@ -1,6 +1,6 @@ + /* + * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -14,6 +14,29 @@ + #ifndef OPENSSL_NO_ERR + + static const ERR_STRING_DATA KDF_str_functs[] = { ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_HKDF_EXTRACT, 0), "HKDF_Extract"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_HKDF_DERIVE, 0), "kdf_hkdf_derive"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_HKDF_NEW, 0), "kdf_hkdf_new"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_HKDF_SIZE, 0), "kdf_hkdf_size"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_MD2CTRL, 0), "kdf_md2ctrl"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_PBKDF2_CTRL_STR, 0), ++ "kdf_pbkdf2_ctrl_str"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_PBKDF2_DERIVE, 0), "kdf_pbkdf2_derive"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_PBKDF2_NEW, 0), "kdf_pbkdf2_new"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_CTRL_STR, 0), ++ "kdf_scrypt_ctrl_str"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_CTRL_UINT32, 0), ++ "kdf_scrypt_ctrl_uint32"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_CTRL_UINT64, 0), ++ "kdf_scrypt_ctrl_uint64"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_DERIVE, 0), "kdf_scrypt_derive"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_NEW, 0), "kdf_scrypt_new"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_CTRL_STR, 0), ++ "kdf_tls1_prf_ctrl_str"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_DERIVE, 0), ++ "kdf_tls1_prf_derive"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_NEW, 0), "kdf_tls1_prf_new"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_PBKDF2_SET_MEMBUF, 0), "pbkdf2_set_membuf"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_CTRL_STR, 0), "pkey_hkdf_ctrl_str"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_INIT, 0), "pkey_hkdf_init"}, +@@ -30,6 +53,7 @@ static const ERR_STRING_DATA KDF_str_fun + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0), + "pkey_tls1_prf_derive"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_INIT, 0), "pkey_tls1_prf_init"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_SCRYPT_SET_MEMBUF, 0), "scrypt_set_membuf"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_TLS1_PRF_ALG, 0), "tls1_prf_alg"}, + {0, NULL} + }; +@@ -50,6 +74,8 @@ static const ERR_STRING_DATA KDF_str_rea + "unknown parameter type"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_ERROR), "value error"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_MISSING), "value missing"}, ++ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_WRONG_OUTPUT_BUFFER_SIZE), ++ "wrong output buffer size"}, + {0, NULL} + }; + +diff -up openssl-1.1.1b/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1b/crypto/kdf/kdf_local.h +--- openssl-1.1.1b/crypto/kdf/kdf_local.h.evp-kdf 2019-02-28 13:05:05.654521419 +0100 ++++ openssl-1.1.1b/crypto/kdf/kdf_local.h 2019-02-28 13:05:05.654521419 +0100 +@@ -0,0 +1,22 @@ ++/* ++ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++int call_ctrl(int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), ++ EVP_KDF_IMPL *impl, int cmd, ...); ++int kdf_str2ctrl(EVP_KDF_IMPL *impl, ++ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), ++ int cmd, const char *str); ++int kdf_hex2ctrl(EVP_KDF_IMPL *impl, ++ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), ++ int cmd, const char *hex); ++int kdf_md2ctrl(EVP_KDF_IMPL *impl, ++ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), ++ int cmd, const char *md_name); ++ +diff -up openssl-1.1.1b/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1b/crypto/kdf/kdf_util.c +--- openssl-1.1.1b/crypto/kdf/kdf_util.c.evp-kdf 2019-02-28 13:05:05.654521419 +0100 ++++ openssl-1.1.1b/crypto/kdf/kdf_util.c 2019-02-28 13:05:05.654521419 +0100 +@@ -0,0 +1,73 @@ ++/* ++ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#include ++#include ++#include ++#include ++#include "internal/cryptlib.h" ++#include "internal/evp_int.h" ++#include "internal/numbers.h" ++#include "kdf_local.h" ++ ++int call_ctrl(int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), ++ EVP_KDF_IMPL *impl, int cmd, ...) ++{ ++ int ret; ++ va_list args; ++ ++ va_start(args, cmd); ++ ret = ctrl(impl, cmd, args); ++ va_end(args); ++ ++ return ret; ++} ++ ++/* Utility functions to send a string or hex string to a ctrl */ ++ ++int kdf_str2ctrl(EVP_KDF_IMPL *impl, ++ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), ++ int cmd, const char *str) ++{ ++ return call_ctrl(ctrl, impl, cmd, (const unsigned char *)str, strlen(str)); ++} ++ ++int kdf_hex2ctrl(EVP_KDF_IMPL *impl, ++ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), ++ int cmd, const char *hex) ++{ ++ unsigned char *bin; ++ long binlen; ++ int ret = -1; ++ ++ bin = OPENSSL_hexstr2buf(hex, &binlen); ++ if (bin == NULL) ++ return 0; ++ ++ if (binlen <= INT_MAX) ++ ret = call_ctrl(ctrl, impl, cmd, bin, (size_t)binlen); ++ OPENSSL_free(bin); ++ return ret; ++} ++ ++/* Pass a message digest to a ctrl */ ++int kdf_md2ctrl(EVP_KDF_IMPL *impl, ++ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), ++ int cmd, const char *md_name) ++{ ++ const EVP_MD *md; ++ ++ if (md_name == NULL || (md = EVP_get_digestbyname(md_name)) == NULL) { ++ KDFerr(KDF_F_KDF_MD2CTRL, KDF_R_INVALID_DIGEST); ++ return 0; ++ } ++ return call_ctrl(ctrl, impl, cmd, md); ++} ++ +diff -up openssl-1.1.1b/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1b/crypto/kdf/pbkdf2.c +--- openssl-1.1.1b/crypto/kdf/pbkdf2.c.evp-kdf 2019-02-28 13:05:05.654521419 +0100 ++++ openssl-1.1.1b/crypto/kdf/pbkdf2.c 2019-02-28 13:05:05.654521419 +0100 +@@ -0,0 +1,264 @@ ++/* ++ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include "internal/cryptlib.h" ++#include "internal/evp_int.h" ++#include "kdf_local.h" ++ ++static void kdf_pbkdf2_reset(EVP_KDF_IMPL *impl); ++static void kdf_pbkdf2_init(EVP_KDF_IMPL *impl); ++static int pkcs5_pbkdf2_alg(const char *pass, size_t passlen, ++ const unsigned char *salt, int saltlen, int iter, ++ const EVP_MD *digest, unsigned char *key, ++ size_t keylen); ++ ++struct evp_kdf_impl_st { ++ unsigned char *pass; ++ size_t pass_len; ++ unsigned char *salt; ++ size_t salt_len; ++ int iter; ++ const EVP_MD *md; ++}; ++ ++static EVP_KDF_IMPL *kdf_pbkdf2_new(void) ++{ ++ EVP_KDF_IMPL *impl; ++ ++ impl = OPENSSL_zalloc(sizeof(*impl)); ++ if (impl == NULL) { ++ KDFerr(KDF_F_KDF_PBKDF2_NEW, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ kdf_pbkdf2_init(impl); ++ return impl; ++} ++ ++static void kdf_pbkdf2_free(EVP_KDF_IMPL *impl) ++{ ++ kdf_pbkdf2_reset(impl); ++ OPENSSL_free(impl); ++} ++ ++static void kdf_pbkdf2_reset(EVP_KDF_IMPL *impl) ++{ ++ OPENSSL_free(impl->salt); ++ OPENSSL_clear_free(impl->pass, impl->pass_len); ++ memset(impl, 0, sizeof(*impl)); ++ kdf_pbkdf2_init(impl); ++} ++ ++static void kdf_pbkdf2_init(EVP_KDF_IMPL *impl) ++{ ++ impl->iter = PKCS5_DEFAULT_ITER; ++ impl->md = EVP_sha1(); ++} ++ ++static int pbkdf2_set_membuf(unsigned char **buffer, size_t *buflen, ++ const unsigned char *new_buffer, ++ size_t new_buflen) ++{ ++ if (new_buffer == NULL) ++ return 1; ++ ++ OPENSSL_clear_free(*buffer, *buflen); ++ ++ if (new_buflen > 0) { ++ *buffer = OPENSSL_memdup(new_buffer, new_buflen); ++ } else { ++ *buffer = OPENSSL_malloc(1); ++ } ++ if (*buffer == NULL) { ++ KDFerr(KDF_F_PBKDF2_SET_MEMBUF, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ *buflen = new_buflen; ++ return 1; ++} ++ ++static int kdf_pbkdf2_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) ++{ ++ int iter; ++ const unsigned char *p; ++ size_t len; ++ const EVP_MD *md; ++ ++ switch (cmd) { ++ case EVP_KDF_CTRL_SET_PASS: ++ p = va_arg(args, const unsigned char *); ++ len = va_arg(args, size_t); ++ return pbkdf2_set_membuf(&impl->pass, &impl->pass_len, p, len); ++ ++ case EVP_KDF_CTRL_SET_SALT: ++ p = va_arg(args, const unsigned char *); ++ len = va_arg(args, size_t); ++ return pbkdf2_set_membuf(&impl->salt, &impl->salt_len, p, len); ++ ++ case EVP_KDF_CTRL_SET_ITER: ++ iter = va_arg(args, int); ++ if (iter < 1) ++ return 0; ++ ++ impl->iter = iter; ++ return 1; ++ ++ case EVP_KDF_CTRL_SET_MD: ++ md = va_arg(args, const EVP_MD *); ++ if (md == NULL) ++ return 0; ++ ++ impl->md = md; ++ return 1; ++ ++ default: ++ return -2; ++ } ++} ++ ++static int kdf_pbkdf2_ctrl_str(EVP_KDF_IMPL *impl, const char *type, ++ const char *value) ++{ ++ if (value == NULL) { ++ KDFerr(KDF_F_KDF_PBKDF2_CTRL_STR, KDF_R_VALUE_MISSING); ++ return 0; ++ } ++ ++ if (strcmp(type, "pass") == 0) ++ return kdf_str2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_PASS, ++ value); ++ ++ if (strcmp(type, "hexpass") == 0) ++ return kdf_hex2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_PASS, ++ value); ++ ++ if (strcmp(type, "salt") == 0) ++ return kdf_str2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_SALT, ++ value); ++ ++ if (strcmp(type, "hexsalt") == 0) ++ return kdf_hex2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_SALT, ++ value); ++ ++ if (strcmp(type, "iter") == 0) ++ return call_ctrl(kdf_pbkdf2_ctrl, impl, EVP_KDF_CTRL_SET_ITER, ++ atoi(value)); ++ ++ if (strcmp(type, "digest") == 0) ++ return kdf_md2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_MD, value); ++ ++ return -2; ++} ++ ++static int kdf_pbkdf2_derive(EVP_KDF_IMPL *impl, unsigned char *key, ++ size_t keylen) ++{ ++ if (impl->pass == NULL) { ++ KDFerr(KDF_F_KDF_PBKDF2_DERIVE, KDF_R_MISSING_PASS); ++ return 0; ++ } ++ ++ if (impl->salt == NULL) { ++ KDFerr(KDF_F_KDF_PBKDF2_DERIVE, KDF_R_MISSING_SALT); ++ return 0; ++ } ++ ++ return pkcs5_pbkdf2_alg((char *)impl->pass, impl->pass_len, ++ impl->salt, impl->salt_len, impl->iter, ++ impl->md, key, keylen); ++} ++ ++const EVP_KDF_METHOD pbkdf2_kdf_meth = { ++ EVP_KDF_PBKDF2, ++ kdf_pbkdf2_new, ++ kdf_pbkdf2_free, ++ kdf_pbkdf2_reset, ++ kdf_pbkdf2_ctrl, ++ kdf_pbkdf2_ctrl_str, ++ NULL, ++ kdf_pbkdf2_derive ++}; ++ ++/* ++ * This is an implementation of PKCS#5 v2.0 password based encryption key ++ * derivation function PBKDF2. SHA1 version verified against test vectors ++ * posted by Peter Gutmann to the PKCS-TNG mailing list. ++ */ ++ ++static int pkcs5_pbkdf2_alg(const char *pass, size_t passlen, ++ const unsigned char *salt, int saltlen, int iter, ++ const EVP_MD *digest, unsigned char *key, ++ size_t keylen) ++{ ++ int ret = 0; ++ unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; ++ int cplen, j, k, tkeylen, mdlen; ++ unsigned long i = 1; ++ HMAC_CTX *hctx_tpl = NULL, *hctx = NULL; ++ ++ mdlen = EVP_MD_size(digest); ++ if (mdlen < 0) ++ return 0; ++ ++ hctx_tpl = HMAC_CTX_new(); ++ if (hctx_tpl == NULL) ++ return 0; ++ p = key; ++ tkeylen = keylen; ++ if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) ++ goto err; ++ hctx = HMAC_CTX_new(); ++ if (hctx == NULL) ++ goto err; ++ while (tkeylen) { ++ if (tkeylen > mdlen) ++ cplen = mdlen; ++ else ++ cplen = tkeylen; ++ /* ++ * We are unlikely to ever use more than 256 blocks (5120 bits!) but ++ * just in case... ++ */ ++ itmp[0] = (unsigned char)((i >> 24) & 0xff); ++ itmp[1] = (unsigned char)((i >> 16) & 0xff); ++ itmp[2] = (unsigned char)((i >> 8) & 0xff); ++ itmp[3] = (unsigned char)(i & 0xff); ++ if (!HMAC_CTX_copy(hctx, hctx_tpl)) ++ goto err; ++ if (!HMAC_Update(hctx, salt, saltlen) ++ || !HMAC_Update(hctx, itmp, 4) ++ || !HMAC_Final(hctx, digtmp, NULL)) ++ goto err; ++ memcpy(p, digtmp, cplen); ++ for (j = 1; j < iter; j++) { ++ if (!HMAC_CTX_copy(hctx, hctx_tpl)) ++ goto err; ++ if (!HMAC_Update(hctx, digtmp, mdlen) ++ || !HMAC_Final(hctx, digtmp, NULL)) ++ goto err; ++ for (k = 0; k < cplen; k++) ++ p[k] ^= digtmp[k]; ++ } ++ tkeylen -= cplen; ++ i++; ++ p += cplen; ++ } ++ ret = 1; ++ ++err: ++ HMAC_CTX_free(hctx); ++ HMAC_CTX_free(hctx_tpl); ++ return ret; ++} +diff -up openssl-1.1.1b/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1b/crypto/kdf/scrypt.c +--- openssl-1.1.1b/crypto/kdf/scrypt.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/kdf/scrypt.c 2019-02-28 13:05:05.655521400 +0100 +@@ -8,25 +8,34 @@ + */ + + #include ++#include + #include +-#include +-#include + #include +-#include "internal/cryptlib.h" ++#include ++#include + #include "internal/evp_int.h" ++#include "internal/numbers.h" ++#include "kdf_local.h" + + #ifndef OPENSSL_NO_SCRYPT + ++static void kdf_scrypt_reset(EVP_KDF_IMPL *impl); ++static void kdf_scrypt_init(EVP_KDF_IMPL *impl); + static int atou64(const char *nptr, uint64_t *result); ++static int scrypt_alg(const char *pass, size_t passlen, ++ const unsigned char *salt, size_t saltlen, ++ uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, ++ unsigned char *key, size_t keylen); + +-typedef struct { ++struct evp_kdf_impl_st { + unsigned char *pass; + size_t pass_len; + unsigned char *salt; + size_t salt_len; +- uint64_t N, r, p; ++ uint64_t N; ++ uint32_t r, p; + uint64_t maxmem_bytes; +-} SCRYPT_PKEY_CTX; ++}; + + /* Custom uint64_t parser since we do not have strtoull */ + static int atou64(const char *nptr, uint64_t *result) +@@ -53,51 +62,53 @@ static int atou64(const char *nptr, uint + return 1; + } + +-static int pkey_scrypt_init(EVP_PKEY_CTX *ctx) ++static EVP_KDF_IMPL *kdf_scrypt_new(void) + { +- SCRYPT_PKEY_CTX *kctx; ++ EVP_KDF_IMPL *impl; + +- kctx = OPENSSL_zalloc(sizeof(*kctx)); +- if (kctx == NULL) { +- KDFerr(KDF_F_PKEY_SCRYPT_INIT, ERR_R_MALLOC_FAILURE); +- return 0; ++ impl = OPENSSL_zalloc(sizeof(*impl)); ++ if (impl == NULL) { ++ KDFerr(KDF_F_KDF_SCRYPT_NEW, ERR_R_MALLOC_FAILURE); ++ return NULL; + } ++ kdf_scrypt_init(impl); ++ return impl; ++} + +- /* Default values are the most conservative recommendation given in the +- * original paper of C. Percival. Derivation uses roughly 1 GiB of memory +- * for this parameter choice (approx. 128 * r * (N + p) bytes). +- */ +- kctx->N = 1 << 20; +- kctx->r = 8; +- kctx->p = 1; +- kctx->maxmem_bytes = 1025 * 1024 * 1024; +- +- ctx->data = kctx; +- +- return 1; ++static void kdf_scrypt_free(EVP_KDF_IMPL *impl) ++{ ++ kdf_scrypt_reset(impl); ++ OPENSSL_free(impl); + } + +-static void pkey_scrypt_cleanup(EVP_PKEY_CTX *ctx) ++static void kdf_scrypt_reset(EVP_KDF_IMPL *impl) + { +- SCRYPT_PKEY_CTX *kctx = ctx->data; ++ OPENSSL_free(impl->salt); ++ OPENSSL_clear_free(impl->pass, impl->pass_len); ++ memset(impl, 0, sizeof(*impl)); ++ kdf_scrypt_init(impl); ++} + +- OPENSSL_clear_free(kctx->salt, kctx->salt_len); +- OPENSSL_clear_free(kctx->pass, kctx->pass_len); +- OPENSSL_free(kctx); ++static void kdf_scrypt_init(EVP_KDF_IMPL *impl) ++{ ++ /* Default values are the most conservative recommendation given in the ++ * original paper of C. Percival. Derivation uses roughly 1 GiB of memory ++ * for this parameter choice (approx. 128 * r * N * p bytes). ++ */ ++ impl->N = 1 << 20; ++ impl->r = 8; ++ impl->p = 1; ++ impl->maxmem_bytes = 1025 * 1024 * 1024; + } + +-static int pkey_scrypt_set_membuf(unsigned char **buffer, size_t *buflen, +- const unsigned char *new_buffer, +- const int new_buflen) ++static int scrypt_set_membuf(unsigned char **buffer, size_t *buflen, ++ const unsigned char *new_buffer, ++ size_t new_buflen) + { + if (new_buffer == NULL) + return 1; + +- if (new_buflen < 0) +- return 0; +- +- if (*buffer != NULL) +- OPENSSL_clear_free(*buffer, *buflen); ++ OPENSSL_clear_free(*buffer, *buflen); + + if (new_buflen > 0) { + *buffer = OPENSSL_memdup(new_buffer, new_buflen); +@@ -105,7 +116,7 @@ static int pkey_scrypt_set_membuf(unsign + *buffer = OPENSSL_malloc(1); + } + if (*buffer == NULL) { +- KDFerr(KDF_F_PKEY_SCRYPT_SET_MEMBUF, ERR_R_MALLOC_FAILURE); ++ KDFerr(KDF_F_SCRYPT_SET_MEMBUF, ERR_R_MALLOC_FAILURE); + return 0; + } + +@@ -118,149 +129,378 @@ static int is_power_of_two(uint64_t valu + return (value != 0) && ((value & (value - 1)) == 0); + } + +-static int pkey_scrypt_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) ++static int kdf_scrypt_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) + { +- SCRYPT_PKEY_CTX *kctx = ctx->data; + uint64_t u64_value; ++ uint32_t value; ++ const unsigned char *p; ++ size_t len; ++ ++ switch (cmd) { ++ case EVP_KDF_CTRL_SET_PASS: ++ p = va_arg(args, const unsigned char *); ++ len = va_arg(args, size_t); ++ return scrypt_set_membuf(&impl->pass, &impl->pass_len, p, len); ++ ++ case EVP_KDF_CTRL_SET_SALT: ++ p = va_arg(args, const unsigned char *); ++ len = va_arg(args, size_t); ++ return scrypt_set_membuf(&impl->salt, &impl->salt_len, p, len); + +- switch (type) { +- case EVP_PKEY_CTRL_PASS: +- return pkey_scrypt_set_membuf(&kctx->pass, &kctx->pass_len, p2, p1); +- +- case EVP_PKEY_CTRL_SCRYPT_SALT: +- return pkey_scrypt_set_membuf(&kctx->salt, &kctx->salt_len, p2, p1); +- +- case EVP_PKEY_CTRL_SCRYPT_N: +- u64_value = *((uint64_t *)p2); ++ case EVP_KDF_CTRL_SET_SCRYPT_N: ++ u64_value = va_arg(args, uint64_t); + if ((u64_value <= 1) || !is_power_of_two(u64_value)) + return 0; +- kctx->N = u64_value; ++ ++ impl->N = u64_value; + return 1; + +- case EVP_PKEY_CTRL_SCRYPT_R: +- u64_value = *((uint64_t *)p2); +- if (u64_value < 1) ++ case EVP_KDF_CTRL_SET_SCRYPT_R: ++ value = va_arg(args, uint32_t); ++ if (value < 1) + return 0; +- kctx->r = u64_value; ++ ++ impl->r = value; + return 1; + +- case EVP_PKEY_CTRL_SCRYPT_P: +- u64_value = *((uint64_t *)p2); +- if (u64_value < 1) ++ case EVP_KDF_CTRL_SET_SCRYPT_P: ++ value = va_arg(args, uint32_t); ++ if (value < 1) + return 0; +- kctx->p = u64_value; ++ ++ impl->p = value; + return 1; + +- case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES: +- u64_value = *((uint64_t *)p2); ++ case EVP_KDF_CTRL_SET_MAXMEM_BYTES: ++ u64_value = va_arg(args, uint64_t); + if (u64_value < 1) + return 0; +- kctx->maxmem_bytes = u64_value; ++ ++ impl->maxmem_bytes = u64_value; + return 1; + + default: + return -2; ++ } ++} + ++static int kdf_scrypt_ctrl_uint32(EVP_KDF_IMPL *impl, int cmd, ++ const char *value) ++{ ++ int int_value = atoi(value); ++ ++ if (int_value < 0 || (uint64_t)int_value > UINT32_MAX) { ++ KDFerr(KDF_F_KDF_SCRYPT_CTRL_UINT32, KDF_R_VALUE_ERROR); ++ return 0; + } ++ return call_ctrl(kdf_scrypt_ctrl, impl, cmd, (uint32_t)int_value); + } + +-static int pkey_scrypt_ctrl_uint64(EVP_PKEY_CTX *ctx, int type, +- const char *value) ++static int kdf_scrypt_ctrl_uint64(EVP_KDF_IMPL *impl, int cmd, ++ const char *value) + { +- uint64_t int_value; ++ uint64_t u64_value; + +- if (!atou64(value, &int_value)) { +- KDFerr(KDF_F_PKEY_SCRYPT_CTRL_UINT64, KDF_R_VALUE_ERROR); ++ if (!atou64(value, &u64_value)) { ++ KDFerr(KDF_F_KDF_SCRYPT_CTRL_UINT64, KDF_R_VALUE_ERROR); + return 0; + } +- return pkey_scrypt_ctrl(ctx, type, 0, &int_value); ++ return call_ctrl(kdf_scrypt_ctrl, impl, cmd, u64_value); + } + +-static int pkey_scrypt_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, +- const char *value) ++static int kdf_scrypt_ctrl_str(EVP_KDF_IMPL *impl, const char *type, ++ const char *value) + { + if (value == NULL) { +- KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_VALUE_MISSING); ++ KDFerr(KDF_F_KDF_SCRYPT_CTRL_STR, KDF_R_VALUE_MISSING); + return 0; + } + + if (strcmp(type, "pass") == 0) +- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_PASS, value); ++ return kdf_str2ctrl(impl, kdf_scrypt_ctrl, EVP_KDF_CTRL_SET_PASS, ++ value); + + if (strcmp(type, "hexpass") == 0) +- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_PASS, value); ++ return kdf_hex2ctrl(impl, kdf_scrypt_ctrl, EVP_KDF_CTRL_SET_PASS, ++ value); + + if (strcmp(type, "salt") == 0) +- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value); ++ return kdf_str2ctrl(impl, kdf_scrypt_ctrl, EVP_KDF_CTRL_SET_SALT, ++ value); + + if (strcmp(type, "hexsalt") == 0) +- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value); ++ return kdf_hex2ctrl(impl, kdf_scrypt_ctrl, EVP_KDF_CTRL_SET_SALT, ++ value); + + if (strcmp(type, "N") == 0) +- return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_N, value); ++ return kdf_scrypt_ctrl_uint64(impl, EVP_KDF_CTRL_SET_SCRYPT_N, value); + + if (strcmp(type, "r") == 0) +- return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_R, value); ++ return kdf_scrypt_ctrl_uint32(impl, EVP_KDF_CTRL_SET_SCRYPT_R, value); + + if (strcmp(type, "p") == 0) +- return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_P, value); ++ return kdf_scrypt_ctrl_uint32(impl, EVP_KDF_CTRL_SET_SCRYPT_P, value); + + if (strcmp(type, "maxmem_bytes") == 0) +- return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, +- value); ++ return kdf_scrypt_ctrl_uint64(impl, EVP_KDF_CTRL_SET_MAXMEM_BYTES, ++ value); + +- KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE); + return -2; + } + +-static int pkey_scrypt_derive(EVP_PKEY_CTX *ctx, unsigned char *key, +- size_t *keylen) ++static int kdf_scrypt_derive(EVP_KDF_IMPL *impl, unsigned char *key, ++ size_t keylen) + { +- SCRYPT_PKEY_CTX *kctx = ctx->data; +- +- if (kctx->pass == NULL) { +- KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_PASS); ++ if (impl->pass == NULL) { ++ KDFerr(KDF_F_KDF_SCRYPT_DERIVE, KDF_R_MISSING_PASS); + return 0; + } + +- if (kctx->salt == NULL) { +- KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_SALT); ++ if (impl->salt == NULL) { ++ KDFerr(KDF_F_KDF_SCRYPT_DERIVE, KDF_R_MISSING_SALT); + return 0; + } + +- return EVP_PBE_scrypt((char *)kctx->pass, kctx->pass_len, kctx->salt, +- kctx->salt_len, kctx->N, kctx->r, kctx->p, +- kctx->maxmem_bytes, key, *keylen); ++ return scrypt_alg((char *)impl->pass, impl->pass_len, impl->salt, ++ impl->salt_len, impl->N, impl->r, impl->p, ++ impl->maxmem_bytes, key, keylen); + } + +-const EVP_PKEY_METHOD scrypt_pkey_meth = { +- EVP_PKEY_SCRYPT, +- 0, +- pkey_scrypt_init, +- 0, +- pkey_scrypt_cleanup, ++const EVP_KDF_METHOD scrypt_kdf_meth = { ++ EVP_KDF_SCRYPT, ++ kdf_scrypt_new, ++ kdf_scrypt_free, ++ kdf_scrypt_reset, ++ kdf_scrypt_ctrl, ++ kdf_scrypt_ctrl_str, ++ NULL, ++ kdf_scrypt_derive ++}; + +- 0, 0, +- 0, 0, ++#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) ++static void salsa208_word_specification(uint32_t inout[16]) ++{ ++ int i; ++ uint32_t x[16]; + +- 0, +- 0, ++ memcpy(x, inout, sizeof(x)); ++ for (i = 8; i > 0; i -= 2) { ++ x[4] ^= R(x[0] + x[12], 7); ++ x[8] ^= R(x[4] + x[0], 9); ++ x[12] ^= R(x[8] + x[4], 13); ++ x[0] ^= R(x[12] + x[8], 18); ++ x[9] ^= R(x[5] + x[1], 7); ++ x[13] ^= R(x[9] + x[5], 9); ++ x[1] ^= R(x[13] + x[9], 13); ++ x[5] ^= R(x[1] + x[13], 18); ++ x[14] ^= R(x[10] + x[6], 7); ++ x[2] ^= R(x[14] + x[10], 9); ++ x[6] ^= R(x[2] + x[14], 13); ++ x[10] ^= R(x[6] + x[2], 18); ++ x[3] ^= R(x[15] + x[11], 7); ++ x[7] ^= R(x[3] + x[15], 9); ++ x[11] ^= R(x[7] + x[3], 13); ++ x[15] ^= R(x[11] + x[7], 18); ++ x[1] ^= R(x[0] + x[3], 7); ++ x[2] ^= R(x[1] + x[0], 9); ++ x[3] ^= R(x[2] + x[1], 13); ++ x[0] ^= R(x[3] + x[2], 18); ++ x[6] ^= R(x[5] + x[4], 7); ++ x[7] ^= R(x[6] + x[5], 9); ++ x[4] ^= R(x[7] + x[6], 13); ++ x[5] ^= R(x[4] + x[7], 18); ++ x[11] ^= R(x[10] + x[9], 7); ++ x[8] ^= R(x[11] + x[10], 9); ++ x[9] ^= R(x[8] + x[11], 13); ++ x[10] ^= R(x[9] + x[8], 18); ++ x[12] ^= R(x[15] + x[14], 7); ++ x[13] ^= R(x[12] + x[15], 9); ++ x[14] ^= R(x[13] + x[12], 13); ++ x[15] ^= R(x[14] + x[13], 18); ++ } ++ for (i = 0; i < 16; ++i) ++ inout[i] += x[i]; ++ OPENSSL_cleanse(x, sizeof(x)); ++} + +- 0, +- 0, ++static void scryptBlockMix(uint32_t *B_, uint32_t *B, uint64_t r) ++{ ++ uint64_t i, j; ++ uint32_t X[16], *pB; + +- 0, 0, ++ memcpy(X, B + (r * 2 - 1) * 16, sizeof(X)); ++ pB = B; ++ for (i = 0; i < r * 2; i++) { ++ for (j = 0; j < 16; j++) ++ X[j] ^= *pB++; ++ salsa208_word_specification(X); ++ memcpy(B_ + (i / 2 + (i & 1) * r) * 16, X, sizeof(X)); ++ } ++ OPENSSL_cleanse(X, sizeof(X)); ++} + +- 0, 0, 0, 0, ++static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N, ++ uint32_t *X, uint32_t *T, uint32_t *V) ++{ ++ unsigned char *pB; ++ uint32_t *pV; ++ uint64_t i, k; ++ ++ /* Convert from little endian input */ ++ for (pV = V, i = 0, pB = B; i < 32 * r; i++, pV++) { ++ *pV = *pB++; ++ *pV |= *pB++ << 8; ++ *pV |= *pB++ << 16; ++ *pV |= (uint32_t)*pB++ << 24; ++ } + +- 0, 0, ++ for (i = 1; i < N; i++, pV += 32 * r) ++ scryptBlockMix(pV, pV - 32 * r, r); + +- 0, 0, ++ scryptBlockMix(X, V + (N - 1) * 32 * r, r); + +- 0, +- pkey_scrypt_derive, +- pkey_scrypt_ctrl, +- pkey_scrypt_ctrl_str +-}; ++ for (i = 0; i < N; i++) { ++ uint32_t j; ++ j = X[16 * (2 * r - 1)] % N; ++ pV = V + 32 * r * j; ++ for (k = 0; k < 32 * r; k++) ++ T[k] = X[k] ^ *pV++; ++ scryptBlockMix(X, T, r); ++ } ++ /* Convert output to little endian */ ++ for (i = 0, pB = B; i < 32 * r; i++) { ++ uint32_t xtmp = X[i]; ++ *pB++ = xtmp & 0xff; ++ *pB++ = (xtmp >> 8) & 0xff; ++ *pB++ = (xtmp >> 16) & 0xff; ++ *pB++ = (xtmp >> 24) & 0xff; ++ } ++} ++ ++#ifndef SIZE_MAX ++# define SIZE_MAX ((size_t)-1) ++#endif ++ ++/* ++ * Maximum power of two that will fit in uint64_t: this should work on ++ * most (all?) platforms. ++ */ ++ ++#define LOG2_UINT64_MAX (sizeof(uint64_t) * 8 - 1) ++ ++/* ++ * Maximum value of p * r: ++ * p <= ((2^32-1) * hLen) / MFLen => ++ * p <= ((2^32-1) * 32) / (128 * r) => ++ * p * r <= (2^30-1) ++ */ ++ ++#define SCRYPT_PR_MAX ((1 << 30) - 1) ++ ++static int scrypt_alg(const char *pass, size_t passlen, ++ const unsigned char *salt, size_t saltlen, ++ uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, ++ unsigned char *key, size_t keylen) ++{ ++ int rv = 0; ++ unsigned char *B; ++ uint32_t *X, *V, *T; ++ uint64_t i, Blen, Vlen; ++ ++ /* Sanity check parameters */ ++ /* initial check, r,p must be non zero, N >= 2 and a power of 2 */ ++ if (r == 0 || p == 0 || N < 2 || (N & (N - 1))) ++ return 0; ++ /* Check p * r < SCRYPT_PR_MAX avoiding overflow */ ++ if (p > SCRYPT_PR_MAX / r) { ++ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED); ++ return 0; ++ } ++ ++ /* ++ * Need to check N: if 2^(128 * r / 8) overflows limit this is ++ * automatically satisfied since N <= UINT64_MAX. ++ */ ++ ++ if (16 * r <= LOG2_UINT64_MAX) { ++ if (N >= (((uint64_t)1) << (16 * r))) { ++ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED); ++ return 0; ++ } ++ } ++ ++ /* Memory checks: check total allocated buffer size fits in uint64_t */ ++ ++ /* ++ * B size in section 5 step 1.S ++ * Note: we know p * 128 * r < UINT64_MAX because we already checked ++ * p * r < SCRYPT_PR_MAX ++ */ ++ Blen = p * 128 * r; ++ /* ++ * Yet we pass it as integer to PKCS5_PBKDF2_HMAC... [This would ++ * have to be revised when/if PKCS5_PBKDF2_HMAC accepts size_t.] ++ */ ++ if (Blen > INT_MAX) { ++ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED); ++ return 0; ++ } ++ ++ /* ++ * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in uint64_t ++ * This is combined size V, X and T (section 4) ++ */ ++ i = UINT64_MAX / (32 * sizeof(uint32_t)); ++ if (N + 2 > i / r) { ++ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED); ++ return 0; ++ } ++ Vlen = 32 * r * (N + 2) * sizeof(uint32_t); ++ ++ /* check total allocated size fits in uint64_t */ ++ if (Blen > UINT64_MAX - Vlen) { ++ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED); ++ return 0; ++ } ++ ++ /* Check that the maximum memory doesn't exceed a size_t limits */ ++ if (maxmem > SIZE_MAX) ++ maxmem = SIZE_MAX; ++ ++ if (Blen + Vlen > maxmem) { ++ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED); ++ return 0; ++ } ++ ++ /* If no key return to indicate parameters are OK */ ++ if (key == NULL) ++ return 1; ++ ++ B = OPENSSL_malloc((size_t)(Blen + Vlen)); ++ if (B == NULL) { ++ EVPerr(EVP_F_SCRYPT_ALG, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ X = (uint32_t *)(B + Blen); ++ T = X + 32 * r; ++ V = T + 32 * r; ++ if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(), ++ (int)Blen, B) == 0) ++ goto err; ++ ++ for (i = 0; i < p; i++) ++ scryptROMix(B + 128 * r * i, r, N, X, T, V); ++ ++ if (PKCS5_PBKDF2_HMAC(pass, passlen, B, (int)Blen, 1, EVP_sha256(), ++ keylen, key) == 0) ++ goto err; ++ rv = 1; ++ err: ++ if (rv == 0) ++ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_PBKDF2_ERROR); ++ ++ OPENSSL_clear_free(B, (size_t)(Blen + Vlen)); ++ return rv; ++} + + #endif +diff -up openssl-1.1.1b/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1b/crypto/kdf/tls1_prf.c +--- openssl-1.1.1b/crypto/kdf/tls1_prf.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/kdf/tls1_prf.c 2019-02-28 13:05:05.655521400 +0100 +@@ -8,11 +8,15 @@ + */ + + #include ++#include ++#include + #include "internal/cryptlib.h" +-#include + #include ++#include + #include "internal/evp_int.h" ++#include "kdf_local.h" + ++static void kdf_tls1_prf_reset(EVP_KDF_IMPL *impl); + static int tls1_prf_alg(const EVP_MD *md, + const unsigned char *sec, size_t slen, + const unsigned char *seed, size_t seed_len, +@@ -20,9 +24,9 @@ static int tls1_prf_alg(const EVP_MD *md + + #define TLS1_PRF_MAXBUF 1024 + +-/* TLS KDF pkey context structure */ ++/* TLS KDF kdf context structure */ + +-typedef struct { ++struct evp_kdf_impl_st { + /* Digest to use for PRF */ + const EVP_MD *md; + /* Secret value to use for PRF */ +@@ -31,145 +35,137 @@ typedef struct { + /* Buffer of concatenated seed data */ + unsigned char seed[TLS1_PRF_MAXBUF]; + size_t seedlen; +-} TLS1_PRF_PKEY_CTX; ++}; + +-static int pkey_tls1_prf_init(EVP_PKEY_CTX *ctx) ++static EVP_KDF_IMPL *kdf_tls1_prf_new(void) + { +- TLS1_PRF_PKEY_CTX *kctx; ++ EVP_KDF_IMPL *impl; + +- if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) { +- KDFerr(KDF_F_PKEY_TLS1_PRF_INIT, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- ctx->data = kctx; ++ if ((impl = OPENSSL_zalloc(sizeof(*impl))) == NULL) ++ KDFerr(KDF_F_KDF_TLS1_PRF_NEW, ERR_R_MALLOC_FAILURE); ++ return impl; ++} + +- return 1; ++static void kdf_tls1_prf_free(EVP_KDF_IMPL *impl) ++{ ++ kdf_tls1_prf_reset(impl); ++ OPENSSL_free(impl); + } + +-static void pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx) ++static void kdf_tls1_prf_reset(EVP_KDF_IMPL *impl) + { +- TLS1_PRF_PKEY_CTX *kctx = ctx->data; +- OPENSSL_clear_free(kctx->sec, kctx->seclen); +- OPENSSL_cleanse(kctx->seed, kctx->seedlen); +- OPENSSL_free(kctx); ++ OPENSSL_clear_free(impl->sec, impl->seclen); ++ OPENSSL_cleanse(impl->seed, impl->seedlen); ++ memset(impl, 0, sizeof(*impl)); + } + +-static int pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) ++static int kdf_tls1_prf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) + { +- TLS1_PRF_PKEY_CTX *kctx = ctx->data; +- switch (type) { +- case EVP_PKEY_CTRL_TLS_MD: +- kctx->md = p2; +- return 1; ++ const unsigned char *p; ++ size_t len; ++ const EVP_MD *md; + +- case EVP_PKEY_CTRL_TLS_SECRET: +- if (p1 < 0) ++ switch (cmd) { ++ case EVP_KDF_CTRL_SET_MD: ++ md = va_arg(args, const EVP_MD *); ++ if (md == NULL) + return 0; +- if (kctx->sec != NULL) +- OPENSSL_clear_free(kctx->sec, kctx->seclen); +- OPENSSL_cleanse(kctx->seed, kctx->seedlen); +- kctx->seedlen = 0; +- kctx->sec = OPENSSL_memdup(p2, p1); +- if (kctx->sec == NULL) ++ ++ impl->md = md; ++ return 1; ++ ++ case EVP_KDF_CTRL_SET_TLS_SECRET: ++ p = va_arg(args, const unsigned char *); ++ len = va_arg(args, size_t); ++ OPENSSL_clear_free(impl->sec, impl->seclen); ++ impl->sec = OPENSSL_memdup(p, len); ++ if (impl->sec == NULL) + return 0; +- kctx->seclen = p1; ++ ++ impl->seclen = len; + return 1; + +- case EVP_PKEY_CTRL_TLS_SEED: +- if (p1 == 0 || p2 == NULL) ++ case EVP_KDF_CTRL_RESET_TLS_SEED: ++ OPENSSL_cleanse(impl->seed, impl->seedlen); ++ impl->seedlen = 0; ++ return 1; ++ ++ case EVP_KDF_CTRL_ADD_TLS_SEED: ++ p = va_arg(args, const unsigned char *); ++ len = va_arg(args, size_t); ++ if (len == 0 || p == NULL) + return 1; +- if (p1 < 0 || p1 > (int)(TLS1_PRF_MAXBUF - kctx->seedlen)) ++ ++ if (len > (TLS1_PRF_MAXBUF - impl->seedlen)) + return 0; +- memcpy(kctx->seed + kctx->seedlen, p2, p1); +- kctx->seedlen += p1; ++ ++ memcpy(impl->seed + impl->seedlen, p, len); ++ impl->seedlen += len; + return 1; + + default: + return -2; +- + } + } + +-static int pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx, +- const char *type, const char *value) ++static int kdf_tls1_prf_ctrl_str(EVP_KDF_IMPL *impl, ++ const char *type, const char *value) + { + if (value == NULL) { +- KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_VALUE_MISSING); ++ KDFerr(KDF_F_KDF_TLS1_PRF_CTRL_STR, KDF_R_VALUE_MISSING); + return 0; + } +- if (strcmp(type, "md") == 0) { +- TLS1_PRF_PKEY_CTX *kctx = ctx->data; ++ if (strcmp(type, "digest") == 0) ++ return kdf_md2ctrl(impl, kdf_tls1_prf_ctrl, EVP_KDF_CTRL_SET_MD, value); + +- const EVP_MD *md = EVP_get_digestbyname(value); +- if (md == NULL) { +- KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_INVALID_DIGEST); +- return 0; +- } +- kctx->md = md; +- return 1; +- } + if (strcmp(type, "secret") == 0) +- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value); ++ return kdf_str2ctrl(impl, kdf_tls1_prf_ctrl, ++ EVP_KDF_CTRL_SET_TLS_SECRET, value); ++ + if (strcmp(type, "hexsecret") == 0) +- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value); ++ return kdf_hex2ctrl(impl, kdf_tls1_prf_ctrl, ++ EVP_KDF_CTRL_SET_TLS_SECRET, value); ++ + if (strcmp(type, "seed") == 0) +- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value); ++ return kdf_str2ctrl(impl, kdf_tls1_prf_ctrl, EVP_KDF_CTRL_ADD_TLS_SEED, ++ value); ++ + if (strcmp(type, "hexseed") == 0) +- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value); ++ return kdf_hex2ctrl(impl, kdf_tls1_prf_ctrl, EVP_KDF_CTRL_ADD_TLS_SEED, ++ value); + +- KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE); + return -2; + } + +-static int pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, +- size_t *keylen) ++static int kdf_tls1_prf_derive(EVP_KDF_IMPL *impl, unsigned char *key, ++ size_t keylen) + { +- TLS1_PRF_PKEY_CTX *kctx = ctx->data; +- if (kctx->md == NULL) { +- KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); ++ if (impl->md == NULL) { ++ KDFerr(KDF_F_KDF_TLS1_PRF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); + return 0; + } +- if (kctx->sec == NULL) { +- KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SECRET); ++ if (impl->sec == NULL) { ++ KDFerr(KDF_F_KDF_TLS1_PRF_DERIVE, KDF_R_MISSING_SECRET); + return 0; + } +- if (kctx->seedlen == 0) { +- KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SEED); ++ if (impl->seedlen == 0) { ++ KDFerr(KDF_F_KDF_TLS1_PRF_DERIVE, KDF_R_MISSING_SEED); + return 0; + } +- return tls1_prf_alg(kctx->md, kctx->sec, kctx->seclen, +- kctx->seed, kctx->seedlen, +- key, *keylen); ++ return tls1_prf_alg(impl->md, impl->sec, impl->seclen, ++ impl->seed, impl->seedlen, ++ key, keylen); + } + +-const EVP_PKEY_METHOD tls1_prf_pkey_meth = { +- EVP_PKEY_TLS1_PRF, +- 0, +- pkey_tls1_prf_init, +- 0, +- pkey_tls1_prf_cleanup, +- +- 0, 0, +- 0, 0, +- +- 0, +- 0, +- +- 0, +- 0, +- +- 0, 0, +- +- 0, 0, 0, 0, +- +- 0, 0, +- +- 0, 0, +- +- 0, +- pkey_tls1_prf_derive, +- pkey_tls1_prf_ctrl, +- pkey_tls1_prf_ctrl_str ++const EVP_KDF_METHOD tls1_prf_kdf_meth = { ++ EVP_KDF_TLS1_PRF, ++ kdf_tls1_prf_new, ++ kdf_tls1_prf_free, ++ kdf_tls1_prf_reset, ++ kdf_tls1_prf_ctrl, ++ kdf_tls1_prf_ctrl_str, ++ NULL, ++ kdf_tls1_prf_derive + }; + + static int tls1_prf_P_hash(const EVP_MD *md, +@@ -249,12 +245,11 @@ static int tls1_prf_alg(const EVP_MD *md + const unsigned char *seed, size_t seed_len, + unsigned char *out, size_t olen) + { +- + if (EVP_MD_type(md) == NID_md5_sha1) { + size_t i; + unsigned char *tmp; + if (!tls1_prf_P_hash(EVP_md5(), sec, slen/2 + (slen & 1), +- seed, seed_len, out, olen)) ++ seed, seed_len, out, olen)) + return 0; + + if ((tmp = OPENSSL_malloc(olen)) == NULL) { +@@ -262,7 +257,7 @@ static int tls1_prf_alg(const EVP_MD *md + return 0; + } + if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2, slen/2 + (slen & 1), +- seed, seed_len, tmp, olen)) { ++ seed, seed_len, tmp, olen)) { + OPENSSL_clear_free(tmp, olen); + return 0; + } +diff -up openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod +--- openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100 ++++ openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod 2019-02-28 13:05:05.655521400 +0100 +@@ -0,0 +1,217 @@ ++=pod ++ ++=head1 NAME ++ ++EVP_KDF_CTX, EVP_KDF_CTX_new_id, EVP_KDF_CTX_free, EVP_KDF_reset, ++EVP_KDF_ctrl, EVP_KDF_vctrl, EVP_KDF_ctrl_str, EVP_KDF_size, ++EVP_KDF_derive - EVP KDF routines ++ ++=head1 SYNOPSIS ++ ++ #include ++ ++ typedef struct evp_kdf_ctx_st EVP_KDF_CTX; ++ ++ EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id); ++ void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); ++ void EVP_KDF_reset(EVP_KDF_CTX *ctx); ++ int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...); ++ int EVP_KDF_vctrl(EVP_KDF_CTX *ctx, int cmd, va_list args); ++ int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value); ++ size_t EVP_KDF_size(EVP_KDF_CTX *ctx); ++ int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); ++ ++=head1 DESCRIPTION ++ ++The EVP KDF routines are a high level interface to Key Derivation Function ++algorithms and should be used instead of algorithm-specific functions. ++ ++After creating a C for the required algorithm using ++EVP_KDF_CTX_new_id(), inputs to the algorithm are supplied using calls to ++EVP_KDF_ctrl(), EVP_KDF_vctrl() or EVP_KDF_ctrl_str() before calling ++EVP_KDF_derive() to derive the key. ++ ++=head2 Types ++ ++B is a context type that holds the algorithm inputs. ++ ++=head2 Context manipulation functions ++ ++EVP_KDF_CTX_new_id() creates a KDF context for the algorithm identified by the ++specified NID. ++ ++EVP_KDF_CTX_free() frees up the context C. If C is C, nothing ++is done. ++ ++=head2 Computing functions ++ ++EVP_KDF_reset() resets the context to the default state as if the context ++had just been created. ++ ++EVP_KDF_ctrl() is used to provide inputs to the KDF algorithm prior to ++EVP_KDF_derive() being called. The inputs that may be provided will vary ++depending on the KDF algorithm or its implementation. This functions takes ++variable arguments, the exact expected arguments depend on C. ++See L below for a description of standard controls. ++ ++EVP_KDF_vctrl() is the variant of EVP_KDF_ctrl() that takes a C ++argument instead of variadic arguments. ++ ++EVP_KDF_ctrl_str() allows an application to send an algorithm specific control ++operation to a context C in string form. This is intended to be used for ++options specified on the command line or in text files. ++ ++EVP_KDF_size() returns the output size if the algorithm produces a fixed amount ++of output and C otherwise. If an error occurs then 0 is returned. ++For some algorithms an error may result if input parameters necessary to ++calculate a fixed output size have not yet been supplied. ++ ++EVP_KDF_derive() derives C bytes of key material and places it in the ++C buffer. If the algorithm produces a fixed amount of output then an ++error will occur unless the C parameter is equal to that output size, ++as returned by EVP_KDF_size(). ++ ++=head1 CONTROLS ++ ++The standard controls are: ++ ++=over 4 ++ ++=item B ++ ++This control expects two arguments: C, C ++ ++Some KDF implementations require a password. For those KDF implementations ++that support it, this control sets the password. ++ ++EVP_KDF_ctrl_str() takes two type strings for this control: ++ ++=over 4 ++ ++=item "pass" ++ ++The value string is used as is. ++ ++=item "hexpass" ++ ++The value string is expected to be a hexadecimal number, which will be ++decoded before being passed on as the control value. ++ ++=back ++ ++=item B ++ ++This control expects two arguments: C, C ++ ++Some KDF implementations can take a salt. For those KDF implementations that ++support it, this control sets the salt. ++ ++The default value, if any, is implementation dependent. ++ ++EVP_KDF_ctrl_str() takes two type strings for this control: ++ ++=over 4 ++ ++=item "salt" ++ ++The value string is used as is. ++ ++=item "hexsalt" ++ ++The value string is expected to be a hexadecimal number, which will be ++decoded before being passed on as the control value. ++ ++=back ++ ++=item B ++ ++This control expects one argument: C ++ ++Some KDF implementations require an iteration count. For those KDF implementations that support it, this control sets the iteration count. ++ ++The default value, if any, is implementation dependent. ++ ++EVP_KDF_ctrl_str() type string: "iter" ++ ++The value string is expected to be a decimal number. ++ ++=item B ++ ++This control expects one argument: C ++ ++For MAC implementations that use a message digest as an underlying computation ++algorithm, this control set what the digest algorithm should be. ++ ++EVP_KDF_ctrl_str() type string: "md" ++ ++The value string is expected to be the name of a digest. ++ ++=item B ++ ++This control expects two arguments: C, C ++ ++Some KDF implementations require a key. For those KDF implementations that ++support it, this control sets the key. ++ ++EVP_KDF_ctrl_str() takes two type strings for this control: ++ ++=over 4 ++ ++=item "key" ++ ++The value string is used as is. ++ ++=item "hexkey" ++ ++The value string is expected to be a hexadecimal number, which will be ++decoded before being passed on as the control value. ++ ++=back ++ ++=item B ++ ++This control expects one argument: C ++ ++Memory-hard password-based KDF algorithms, such as scrypt, use an amount of ++memory that depends on the load factors provided as input. For those KDF ++implementations that support it, this control sets an upper limit on the amount ++of memory that may be consumed while performing a key derivation. If this ++memory usage limit is exceeded because the load factors are chosen too high, ++the key derivation will fail. ++ ++The default value is implementation dependent. ++ ++EVP_KDF_ctrl_str() type string: "maxmem_bytes" ++ ++The value string is expected to be a decimal number. ++ ++=back ++ ++=head1 RETURN VALUES ++ ++EVP_KDF_CTX_new_id() returns either the newly allocated C ++structure or C if an error occurred. ++ ++EVP_KDF_CTX_free() and EVP_KDF_reset() do not return a value. ++ ++EVP_KDF_size() returns the output size. C is returned to indicate ++that the algorithm produces a variable amount of output; 0 to indicate failure. ++ ++The remaining functions return 1 for success and 0 or a negative value for ++failure. In particular, a return value of -2 indicates the operation is not ++supported by the KDF algorithm. ++ ++=head1 SEE ALSO ++ ++L ++ ++=head1 COPYRIGHT ++ ++Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. ++ ++Licensed under the Apache License 2.0 (the "License"). You may not use ++this file except in compliance with the License. You can obtain a copy ++in the file LICENSE in the source distribution or at ++L. ++ ++=cut +diff -up openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod +--- openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100 ++++ openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod 2019-02-28 13:05:05.656521382 +0100 +@@ -0,0 +1,180 @@ ++=pod ++ ++=head1 NAME ++ ++EVP_KDF_HKDF - The HKDF EVP_KDF implementation ++ ++=head1 DESCRIPTION ++ ++Support for computing the B KDF through the B API. ++ ++The EVP_KDF_HKDF algorithm implements the HKDF key derivation function. ++HKDF follows the "extract-then-expand" paradigm, where the KDF logically ++consists of two modules. The first stage takes the input keying material ++and "extracts" from it a fixed-length pseudorandom key K. The second stage ++"expands" the key K into several additional pseudorandom keys (the output ++of the KDF). ++ ++=head2 Numeric identity ++ ++B is the numeric identity for this implementation; it ++can be used with the EVP_KDF_CTX_new_id() function. ++ ++=head2 Supported controls ++ ++The supported controls are: ++ ++=over 4 ++ ++=item B ++ ++=item B ++ ++=item B ++ ++These controls work as described in L. ++ ++=item B ++ ++This control does not expect any arguments. ++ ++Resets the context info buffer to zero length. ++ ++=item B ++ ++This control expects two arguments: C, C ++ ++Sets the info value to the first B bytes of the buffer B. If a ++value is already set, the contents of the buffer are appended to the existing ++value. ++ ++The total length of the context info buffer cannot exceed 1024 bytes; ++this should be more than enough for any normal use of HKDF. ++ ++EVP_KDF_ctrl_str() takes two type strings for this control: ++ ++=over 4 ++ ++=item "info" ++ ++The value string is used as is. ++ ++=item "hexinfo" ++ ++The value string is expected to be a hexadecimal number, which will be ++decoded before being passed on as the control value. ++ ++=back ++ ++=item B ++ ++This control expects one argument: C ++ ++Sets the mode for the HKDF operation. There are three modes that are currently ++defined: ++ ++=over 4 ++ ++=item EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND ++ ++This is the default mode. Calling L on an EVP_KDF_CTX set ++up for HKDF will perform an extract followed by an expand operation in one go. ++The derived key returned will be the result after the expand operation. The ++intermediate fixed-length pseudorandom key K is not returned. ++ ++In this mode the digest, key, salt and info values must be set before a key is ++derived otherwise an error will occur. ++ ++=item EVP_KDF_HKDF_MODE_EXTRACT_ONLY ++ ++In this mode calling L will just perform the extract ++operation. The value returned will be the intermediate fixed-length pseudorandom ++key K. The C parameter must match the size of K, which can be looked ++up by calling EVP_KDF_size() after setting the mode and digest. ++ ++The digest, key and salt values must be set before a key is derived otherwise ++an error will occur. ++ ++=item EVP_KDF_HKDF_MODE_EXPAND_ONLY ++ ++In this mode calling L will just perform the expand ++operation. The input key should be set to the intermediate fixed-length ++pseudorandom key K returned from a previous extract operation. ++ ++The digest, key and info values must be set before a key is derived otherwise ++an error will occur. ++ ++=back ++ ++EVP_KDF_ctrl_str() type string: "mode" ++ ++The value string is expected to be one of: "EXTRACT_AND_EXPAND", "EXTRACT_ONLY" ++or "EXPAND_ONLY". ++ ++=back ++ ++=head1 NOTES ++ ++A context for HKDF can be obtained by calling: ++ ++ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF); ++ ++The output length of an HKDF expand operation is specified via the C ++parameter to the L function. When using ++EVP_KDF_HKDF_MODE_EXTRACT_ONLY the C parameter must equal the size of ++the intermediate fixed-length pseudorandom key otherwise an error will occur. ++For that mode, the fixed output size can be looked up by calling EVP_KDF_size() ++after setting the mode and digest on the C. ++ ++=head1 EXAMPLE ++ ++This example derives 10 bytes using SHA-256 with the secret key "secret", ++salt value "salt" and info value "label": ++ ++ EVP_KDF_CTX *kctx; ++ unsigned char out[10]; ++ ++ kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF); ++ ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { ++ error("EVP_KDF_CTRL_SET_MD"); ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) { ++ error("EVP_KDF_CTRL_SET_SALT"); ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) { ++ error("EVP_KDF_CTRL_SET_KEY"); ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO, "label", (size_t)5) <= 0) { ++ error("EVP_KDF_CTRL_ADD_HKDF_INFO"); ++ } ++ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { ++ error("EVP_KDF_derive"); ++ } ++ ++ EVP_KDF_CTX_free(kctx); ++ ++=head1 CONFORMING TO ++ ++RFC 5869 ++ ++=head1 SEE ALSO ++ ++L, ++L, ++L, ++L, ++L, ++L, ++L ++ ++=head1 COPYRIGHT ++ ++Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. ++ ++Licensed under the Apache License 2.0 (the "License"). You may not use ++this file except in compliance with the License. You can obtain a copy ++in the file LICENSE in the source distribution or at ++L. ++ ++=cut +diff -up openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod +--- openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100 ++++ openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod 2019-02-28 13:05:05.656521382 +0100 +@@ -0,0 +1,78 @@ ++=pod ++ ++=head1 NAME ++ ++EVP_KDF_PBKDF2 - The PBKDF2 EVP_KDF implementation ++ ++=head1 DESCRIPTION ++ ++Support for computing the B password-based KDF through the B ++API. ++ ++The EVP_KDF_PBKDF2 algorithm implements the PBKDF2 password-based key ++derivation function, as described in RFC 2898; it derives a key from a password ++using a salt and iteration count. ++ ++=head2 Numeric identity ++ ++B is the numeric identity for this implementation; it ++can be used with the EVP_KDF_CTX_new_id() function. ++ ++=head2 Supported controls ++ ++The supported controls are: ++ ++=over 4 ++ ++=item B ++ ++=item B ++ ++=item B ++ ++=item B ++ ++These controls work as described in L. ++ ++B is the iteration count and its value should be greater than or equal to ++1. RFC 2898 suggests an iteration count of at least 1000. The default value is ++2048. Any B less than 1 is treated as a single iteration. ++ ++=back ++ ++=head1 NOTES ++ ++A typical application of this algorithm is to derive keying material for an ++encryption algorithm from a password in the B, a salt in B, ++and an iteration count. ++ ++Increasing the B parameter slows down the algorithm which makes it ++harder for an attacker to perform a brute force attack using a large number ++of candidate passwords. ++ ++No assumption is made regarding the given password; it is simply treated as a ++byte sequence. ++ ++=head1 CONFORMING TO ++ ++RFC 2898 ++ ++=head1 SEE ALSO ++ ++L, ++L, ++L, ++L, ++L, ++L ++ ++=head1 COPYRIGHT ++ ++Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. ++ ++Licensed under the Apache License 2.0 (the "License"). You may not use ++this file except in compliance with the License. You can obtain a copy ++in the file LICENSE in the source distribution or at ++L. ++ ++=cut +diff -up openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod +--- openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100 ++++ openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod 2019-02-28 13:05:05.656521382 +0100 +@@ -0,0 +1,149 @@ ++=pod ++ ++=head1 NAME ++ ++EVP_KDF_SCRYPT - The scrypt EVP_KDF implementation ++ ++=head1 DESCRIPTION ++ ++Support for computing the B password-based KDF through the B ++API. ++ ++The EVP_KDF_SCRYPT algorithm implements the scrypt password-based key ++derivation function, as described in RFC 7914. It is memory-hard in the sense ++that it deliberately requires a significant amount of RAM for efficient ++computation. The intention of this is to render brute forcing of passwords on ++systems that lack large amounts of main memory (such as GPUs or ASICs) ++computationally infeasible. ++ ++scrypt provides three work factors that can be customized: N, r and p. N, which ++has to be a positive power of two, is the general work factor and scales CPU ++time in an approximately linear fashion. r is the block size of the internally ++used hash function and p is the parallelization factor. Both r and p need to be ++greater than zero. The amount of RAM that scrypt requires for its computation ++is roughly (128 * N * r * p) bytes. ++ ++In the original paper of Colin Percival ("Stronger Key Derivation via ++Sequential Memory-Hard Functions", 2009), the suggested values that give a ++computation time of less than 5 seconds on a 2.5 GHz Intel Core 2 Duo are N = ++2^20 = 1048576, r = 8, p = 1. Consequently, the required amount of memory for ++this computation is roughly 1 GiB. On a more recent CPU (Intel i7-5930K at 3.5 ++GHz), this computation takes about 3 seconds. When N, r or p are not specified, ++they default to 1048576, 8, and 1, respectively. The maximum amount of RAM that ++may be used by scrypt defaults to 1025 MiB. ++ ++=head2 Numeric identity ++ ++B is the numeric identity for this implementation; it ++can be used with the EVP_KDF_CTX_new_id() function. ++ ++=head2 Supported controls ++ ++The supported controls are: ++ ++=over 4 ++ ++=item B ++ ++=item B ++ ++These controls work as described in L. ++ ++=item B ++ ++=item B ++ ++=item B ++ ++B expects one argument: C ++ ++B expects one argument: C ++ ++B expects one argument: C ++ ++These controls configure the scrypt work factors N, r and p. ++ ++EVP_KDF_ctrl_str() type strings: "N", "r" and "p", respectively. ++ ++The corresponding value strings are expected to be decimal numbers. ++ ++=back ++ ++=head1 NOTES ++ ++A context for scrypt can be obtained by calling: ++ ++ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT); ++ ++The output length of an scrypt key derivation is specified via the ++B parameter to the L function. ++ ++=head1 EXAMPLE ++ ++This example derives a 64-byte long test vector using scrypt with the password ++"password", salt "NaCl" and N = 1024, r = 8, p = 16. ++ ++ EVP_KDF_CTX *kctx; ++ unsigned char out[64]; ++ ++ kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT); ++ ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) { ++ error("EVP_KDF_CTRL_SET_PASS"); ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "NaCl", (size_t)4) <= 0) { ++ error("EVP_KDF_CTRL_SET_SALT"); ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, (uint64_t)1024) <= 0) { ++ error("EVP_KDF_CTRL_SET_SCRYPT_N"); ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, (uint32_t)8) <= 0) { ++ error("EVP_KDF_CTRL_SET_SCRYPT_R"); ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, (uint32_t)16) <= 0) { ++ error("EVP_KDF_CTRL_SET_SCRYPT_P"); ++ } ++ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { ++ error("EVP_KDF_derive"); ++ } ++ ++ { ++ const unsigned char expected[sizeof(out)] = { ++ 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, ++ 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, ++ 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, ++ 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, ++ 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, ++ 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, ++ 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, ++ 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 ++ }; ++ ++ assert(!memcmp(out, expected, sizeof(out))); ++ } ++ ++ EVP_KDF_CTX_free(kctx); ++ ++=head1 CONFORMING TO ++ ++RFC 7914 ++ ++=head1 SEE ALSO ++ ++L, ++L, ++L, ++L, ++L, ++L ++ ++=head1 COPYRIGHT ++ ++Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. ++ ++Licensed under the OpenSSL license (the "License"). You may not use ++this file except in compliance with the License. You can obtain a copy ++in the file LICENSE in the source distribution or at ++L. ++ ++=cut +diff -up openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod +--- openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100 ++++ openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod 2019-02-28 13:05:05.656521382 +0100 +@@ -0,0 +1,142 @@ ++=pod ++ ++=head1 NAME ++ ++EVP_KDF_TLS1_PRF - The TLS1 PRF EVP_KDF implementation ++ ++=head1 DESCRIPTION ++ ++Support for computing the B PRF through the B API. ++ ++The EVP_KDF_TLS1_PRF algorithm implements the PRF used by TLS versions up to ++and including TLS 1.2. ++ ++=head2 Numeric identity ++ ++B is the numeric identity for this implementation; it ++can be used with the EVP_KDF_CTX_new_id() function. ++ ++=head2 Supported controls ++ ++The supported controls are: ++ ++=over 4 ++ ++=item B ++ ++This control works as described in L. ++ ++The C control is used to set the message digest associated ++with the TLS PRF. EVP_md5_sha1() is treated as a special case which uses the ++PRF algorithm using both B and B as used in TLS 1.0 and 1.1. ++ ++=item B ++ ++This control expects two arguments: C, C ++ ++Sets the secret value of the TLS PRF to B bytes of the buffer B. ++Any existing secret value is replaced. ++ ++EVP_KDF_ctrl_str() takes two type strings for this control: ++ ++=over 4 ++ ++=item "secret" ++ ++The value string is used as is. ++ ++=item "hexsecret" ++ ++The value string is expected to be a hexadecimal number, which will be ++decoded before being passed on as the control value. ++ ++=back ++ ++=item B ++ ++This control does not expect any arguments. ++ ++Resets the context seed buffer to zero length. ++ ++=item B ++ ++This control expects two arguments: C, C ++ ++Sets the seed to B bytes of B. If a seed is already set it is ++appended to the existing value. ++ ++The total length of the context seed buffer cannot exceed 1024 bytes; ++this should be more than enough for any normal use of the TLS PRF. ++ ++EVP_KDF_ctrl_str() takes two type strings for this control: ++ ++=over 4 ++ ++=item "seed" ++ ++The value string is used as is. ++ ++=item "hexseed" ++ ++The value string is expected to be a hexadecimal number, which will be ++decoded before being passed on as the control value. ++ ++=back ++ ++=back ++ ++=head1 NOTES ++ ++A context for the TLS PRF can be obtained by calling: ++ ++ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF, NULL); ++ ++The digest, secret value and seed must be set before a key is derived otherwise ++an error will occur. ++ ++The output length of the PRF is specified by the C parameter to the ++EVP_KDF_derive() function. ++ ++=head1 EXAMPLE ++ ++This example derives 10 bytes using SHA-256 with the secret key "secret" ++and seed value "seed": ++ ++ EVP_KDF_CTX *kctx; ++ unsigned char out[10]; ++ ++ kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF); ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { ++ error("EVP_KDF_CTRL_SET_MD"); ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET, ++ "secret", (size_t)6) <= 0) { ++ error("EVP_KDF_CTRL_SET_TLS_SECRET"); ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed", (size_t)4) <= 0) { ++ error("EVP_KDF_CTRL_ADD_TLS_SEED"); ++ } ++ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { ++ error("EVP_KDF_derive"); ++ } ++ EVP_KDF_CTX_free(kctx); ++ ++=head1 SEE ALSO ++ ++L, ++L, ++L, ++L, ++L, ++L ++ ++=head1 COPYRIGHT ++ ++Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. ++ ++Licensed under the Apache License 2.0 (the "License"). You may not use ++this file except in compliance with the License. You can obtain a copy ++in the file LICENSE in the source distribution or at ++L. ++ ++=cut +diff -up openssl-1.1.1b/include/openssl/evperr.h.evp-kdf openssl-1.1.1b/include/openssl/evperr.h +--- openssl-1.1.1b/include/openssl/evperr.h.evp-kdf 2019-02-28 13:05:05.633521807 +0100 ++++ openssl-1.1.1b/include/openssl/evperr.h 2019-02-28 13:05:05.657521363 +0100 +@@ -1,6 +1,6 @@ + /* + * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -51,6 +51,9 @@ int ERR_load_EVP_strings(void); + # define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219 + # define EVP_F_EVP_ENCRYPTFINAL_EX 127 + # define EVP_F_EVP_ENCRYPTUPDATE 167 ++# define EVP_F_EVP_KDF_CTRL 224 ++# define EVP_F_EVP_KDF_CTRL_STR 225 ++# define EVP_F_EVP_KDF_CTX_NEW_ID 226 + # define EVP_F_EVP_MD_CTX_COPY_EX 110 + # define EVP_F_EVP_MD_SIZE 162 + # define EVP_F_EVP_OPENINIT 102 +@@ -113,10 +116,12 @@ int ERR_load_EVP_strings(void); + # define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 + # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 + # define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 ++# define EVP_F_PKEY_KDF_CTRL 227 + # define EVP_F_PKEY_SET_TYPE 158 + # define EVP_F_RC2_MAGIC_TO_METH 109 + # define EVP_F_RC5_CTRL 125 + # define EVP_F_S390X_AES_GCM_CTRL 201 ++# define EVP_F_SCRYPT_ALG 228 + # define EVP_F_UPDATE 173 + + /* +@@ -171,6 +176,7 @@ int ERR_load_EVP_strings(void); + # define EVP_R_ONLY_ONESHOT_SUPPORTED 177 + # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 + # define EVP_R_OPERATON_NOT_INITIALIZED 151 ++# define EVP_R_PARAMETER_TOO_LARGE 187 + # define EVP_R_PARTIALLY_OVERLAPPING 162 + # define EVP_R_PBKDF2_ERROR 181 + # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 +diff -up openssl-1.1.1b/include/openssl/kdferr.h.evp-kdf openssl-1.1.1b/include/openssl/kdferr.h +--- openssl-1.1.1b/include/openssl/kdferr.h.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/include/openssl/kdferr.h 2019-02-28 13:05:05.657521363 +0100 +@@ -1,6 +1,6 @@ + /* + * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -19,6 +19,23 @@ int ERR_load_KDF_strings(void); + /* + * KDF function codes. + */ ++# define KDF_F_HKDF_EXTRACT 112 ++# define KDF_F_KDF_HKDF_DERIVE 113 ++# define KDF_F_KDF_HKDF_NEW 114 ++# define KDF_F_KDF_HKDF_SIZE 115 ++# define KDF_F_KDF_MD2CTRL 116 ++# define KDF_F_KDF_PBKDF2_CTRL_STR 117 ++# define KDF_F_KDF_PBKDF2_DERIVE 118 ++# define KDF_F_KDF_PBKDF2_NEW 119 ++# define KDF_F_KDF_SCRYPT_CTRL_STR 120 ++# define KDF_F_KDF_SCRYPT_CTRL_UINT32 121 ++# define KDF_F_KDF_SCRYPT_CTRL_UINT64 122 ++# define KDF_F_KDF_SCRYPT_DERIVE 123 ++# define KDF_F_KDF_SCRYPT_NEW 124 ++# define KDF_F_KDF_TLS1_PRF_CTRL_STR 125 ++# define KDF_F_KDF_TLS1_PRF_DERIVE 126 ++# define KDF_F_KDF_TLS1_PRF_NEW 127 ++# define KDF_F_PBKDF2_SET_MEMBUF 128 + # define KDF_F_PKEY_HKDF_CTRL_STR 103 + # define KDF_F_PKEY_HKDF_DERIVE 102 + # define KDF_F_PKEY_HKDF_INIT 108 +@@ -30,6 +47,7 @@ int ERR_load_KDF_strings(void); + # define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 + # define KDF_F_PKEY_TLS1_PRF_DERIVE 101 + # define KDF_F_PKEY_TLS1_PRF_INIT 110 ++# define KDF_F_SCRYPT_SET_MEMBUF 129 + # define KDF_F_TLS1_PRF_ALG 111 + + /* +@@ -47,5 +65,6 @@ int ERR_load_KDF_strings(void); + # define KDF_R_UNKNOWN_PARAMETER_TYPE 103 + # define KDF_R_VALUE_ERROR 108 + # define KDF_R_VALUE_MISSING 102 ++# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112 + + #endif +diff -up openssl-1.1.1b/include/openssl/kdf.h.evp-kdf openssl-1.1.1b/include/openssl/kdf.h +--- openssl-1.1.1b/include/openssl/kdf.h.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/include/openssl/kdf.h 2019-02-28 13:05:05.657521363 +0100 +@@ -10,10 +10,50 @@ + #ifndef HEADER_KDF_H + # define HEADER_KDF_H + ++# include + # include +-#ifdef __cplusplus ++# ifdef __cplusplus + extern "C" { +-#endif ++# endif ++ ++# define EVP_KDF_PBKDF2 NID_id_pbkdf2 ++# define EVP_KDF_SCRYPT NID_id_scrypt ++# define EVP_KDF_TLS1_PRF NID_tls1_prf ++# define EVP_KDF_HKDF NID_hkdf ++ ++EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id); ++void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); ++ ++void EVP_KDF_reset(EVP_KDF_CTX *ctx); ++int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...); ++int EVP_KDF_vctrl(EVP_KDF_CTX *ctx, int cmd, va_list args); ++int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value); ++size_t EVP_KDF_size(EVP_KDF_CTX *ctx); ++int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); ++ ++ ++# define EVP_KDF_CTRL_SET_PASS 0x01 /* unsigned char *, size_t */ ++# define EVP_KDF_CTRL_SET_SALT 0x02 /* unsigned char *, size_t */ ++# define EVP_KDF_CTRL_SET_ITER 0x03 /* int */ ++# define EVP_KDF_CTRL_SET_MD 0x04 /* EVP_MD * */ ++# define EVP_KDF_CTRL_SET_KEY 0x05 /* unsigned char *, size_t */ ++# define EVP_KDF_CTRL_SET_MAXMEM_BYTES 0x06 /* uint64_t */ ++# define EVP_KDF_CTRL_SET_TLS_SECRET 0x07 /* unsigned char *, size_t */ ++# define EVP_KDF_CTRL_RESET_TLS_SEED 0x08 ++# define EVP_KDF_CTRL_ADD_TLS_SEED 0x09 /* unsigned char *, size_t */ ++# define EVP_KDF_CTRL_RESET_HKDF_INFO 0x0a ++# define EVP_KDF_CTRL_ADD_HKDF_INFO 0x0b /* unsigned char *, size_t */ ++# define EVP_KDF_CTRL_SET_HKDF_MODE 0x0c /* int */ ++# define EVP_KDF_CTRL_SET_SCRYPT_N 0x0d /* uint64_t */ ++# define EVP_KDF_CTRL_SET_SCRYPT_R 0x0e /* uint32_t */ ++# define EVP_KDF_CTRL_SET_SCRYPT_P 0x0f /* uint32_t */ ++ ++# define EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND 0 ++# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 ++# define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 ++ ++ ++/**** The legacy PKEY-based KDF API follows. ****/ + + # define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) + # define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) +@@ -30,9 +70,12 @@ extern "C" { + # define EVP_PKEY_CTRL_SCRYPT_P (EVP_PKEY_ALG_CTRL + 12) + # define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES (EVP_PKEY_ALG_CTRL + 13) + +-# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0 +-# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1 +-# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2 ++# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND \ ++ EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND ++# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY \ ++ EVP_KDF_HKDF_MODE_EXTRACT_ONLY ++# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY \ ++ EVP_KDF_HKDF_MODE_EXPAND_ONLY + + # define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ +@@ -91,7 +134,7 @@ extern "C" { + EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes) + + +-# ifdef __cplusplus ++# ifdef __cplusplus + } + # endif + #endif +diff -up openssl-1.1.1b/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1b/include/openssl/ossl_typ.h +--- openssl-1.1.1b/include/openssl/ossl_typ.h.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/include/openssl/ossl_typ.h 2019-02-28 13:05:05.657521363 +0100 +@@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E + typedef struct evp_pkey_method_st EVP_PKEY_METHOD; + typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; + ++typedef struct evp_kdf_ctx_st EVP_KDF_CTX; ++ + typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; + + typedef struct hmac_ctx_st HMAC_CTX; +diff -up openssl-1.1.1b/test/build.info.evp-kdf openssl-1.1.1b/test/build.info +--- openssl-1.1.1b/test/build.info.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/test/build.info 2019-02-28 13:05:05.657521363 +0100 +@@ -43,7 +43,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I + ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ + bio_callback_test bio_memleak_test \ + bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \ +- pkey_meth_test pkey_meth_kdf_test uitest cipherbytes_test \ ++ pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \ ++ cipherbytes_test \ + asn1_encode_test asn1_decode_test asn1_string_table_test \ + x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \ + recordlentest drbgtest sslbuffertest \ +@@ -335,6 +336,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I + INCLUDE[pkey_meth_kdf_test]=../include + DEPEND[pkey_meth_kdf_test]=../libcrypto libtestutil.a + ++ SOURCE[evp_kdf_test]=evp_kdf_test.c ++ INCLUDE[evp_kdf_test]=../include ++ DEPEND[evp_kdf_test]=../libcrypto libtestutil.a ++ + SOURCE[x509_time_test]=x509_time_test.c + INCLUDE[x509_time_test]=../include + DEPEND[x509_time_test]=../libcrypto libtestutil.a +diff -up openssl-1.1.1b/test/evp_kdf_test.c.evp-kdf openssl-1.1.1b/test/evp_kdf_test.c +--- openssl-1.1.1b/test/evp_kdf_test.c.evp-kdf 2019-02-28 13:05:05.658521345 +0100 ++++ openssl-1.1.1b/test/evp_kdf_test.c 2019-02-28 13:05:05.658521345 +0100 +@@ -0,0 +1,237 @@ ++/* ++ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++/* Tests of the EVP_KDF_CTX APIs */ ++ ++#include ++#include ++ ++#include ++#include ++#include "testutil.h" ++ ++static int test_kdf_tls1_prf(void) ++{ ++ int ret = 0; ++ EVP_KDF_CTX *kctx; ++ unsigned char out[16]; ++ ++ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF)) == NULL) { ++ TEST_error("EVP_KDF_TLS1_PRF"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { ++ TEST_error("EVP_KDF_CTRL_SET_MD"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET, ++ "secret", (size_t)6) <= 0) { ++ TEST_error("EVP_KDF_CTRL_SET_TLS_SECRET"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed", (size_t)4) <= 0) { ++ TEST_error("EVP_KDF_CTRL_ADD_TLS_SEED"); ++ goto err; ++ } ++ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { ++ TEST_error("EVP_KDF_derive"); ++ goto err; ++ } ++ ++ { ++ const unsigned char expected[sizeof(out)] = { ++ 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0, ++ 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc ++ }; ++ if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { ++ goto err; ++ } ++ } ++ ret = 1; ++err: ++ EVP_KDF_CTX_free(kctx); ++ return ret; ++} ++ ++static int test_kdf_hkdf(void) ++{ ++ int ret = 0; ++ EVP_KDF_CTX *kctx; ++ unsigned char out[10]; ++ ++ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF)) == NULL) { ++ TEST_error("EVP_KDF_HKDF"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { ++ TEST_error("EVP_KDF_CTRL_SET_MD"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) { ++ TEST_error("EVP_KDF_CTRL_SET_SALT"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) { ++ TEST_error("EVP_KDF_CTRL_SET_KEY"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO, ++ "label", (size_t)5) <= 0) { ++ TEST_error("EVP_KDF_CTRL_ADD_HKDF_INFO"); ++ goto err; ++ } ++ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { ++ TEST_error("EVP_KDF_derive"); ++ goto err; ++ } ++ ++ { ++ const unsigned char expected[sizeof(out)] = { ++ 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13 ++ }; ++ if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { ++ goto err; ++ } ++ } ++ ret = 1; ++err: ++ EVP_KDF_CTX_free(kctx); ++ return ret; ++} ++ ++static int test_kdf_pbkdf2(void) ++{ ++ int ret = 0; ++ EVP_KDF_CTX *kctx; ++ unsigned char out[32]; ++ ++ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) { ++ TEST_error("EVP_KDF_PBKDF2"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) { ++ TEST_error("EVP_KDF_CTRL_SET_PASS"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) { ++ TEST_error("EVP_KDF_CTRL_SET_SALT"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) { ++ TEST_error("EVP_KDF_CTRL_SET_ITER"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { ++ TEST_error("EVP_KDF_CTRL_SET_MD"); ++ goto err; ++ } ++ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { ++ TEST_error("EVP_KDF_derive"); ++ goto err; ++ } ++ ++ { ++ const unsigned char expected[sizeof(out)] = { ++ 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3, ++ 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0, ++ 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf, ++ 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43 ++ }; ++ if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { ++ goto err; ++ } ++ } ++ ret = 1; ++err: ++ EVP_KDF_CTX_free(kctx); ++ return ret; ++} ++ ++#ifndef OPENSSL_NO_SCRYPT ++static int test_kdf_scrypt(void) ++{ ++ int ret = 0; ++ EVP_KDF_CTX *kctx; ++ unsigned char out[64]; ++ ++ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT)) == NULL) { ++ TEST_error("EVP_KDF_SCRYPT"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) { ++ TEST_error("EVP_KDF_CTRL_SET_PASS"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "NaCl", (size_t)4) <= 0) { ++ TEST_error("EVP_KDF_CTRL_SET_SALT"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, (uint64_t)1024) <= 0) { ++ TEST_error("EVP_KDF_CTRL_SET_SCRYPT_N"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, (uint32_t)8) <= 0) { ++ TEST_error("EVP_KDF_CTRL_SET_SCRYPT_R"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, (uint32_t)16) <= 0) { ++ TEST_error("EVP_KDF_CTRL_SET_SCRYPT_P"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, (uint64_t)16) <= 0) { ++ TEST_error("EVP_KDF_CTRL_SET_MAXMEM_BYTES"); ++ goto err; ++ } ++ if (EVP_KDF_derive(kctx, out, sizeof(out)) > 0) { ++ TEST_error("EVP_KDF_derive should have failed"); ++ goto err; ++ } ++ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, ++ (uint64_t)(10 * 1024 * 1024)) <= 0) { ++ TEST_error("EVP_KDF_CTRL_SET_MAXMEM_BYTES"); ++ goto err; ++ } ++ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { ++ TEST_error("EVP_KDF_derive"); ++ goto err; ++ } ++ ++ { ++ const unsigned char expected[sizeof(out)] = { ++ 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, ++ 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, ++ 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, ++ 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, ++ 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, ++ 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, ++ 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, ++ 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 ++ }; ++ if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { ++ goto err; ++ } ++ } ++ ret = 1; ++err: ++ EVP_KDF_CTX_free(kctx); ++ return ret; ++} ++#endif ++ ++int setup_tests(void) ++{ ++ ADD_TEST(test_kdf_tls1_prf); ++ ADD_TEST(test_kdf_hkdf); ++ ADD_TEST(test_kdf_pbkdf2); ++#ifndef OPENSSL_NO_SCRYPT ++ ADD_TEST(test_kdf_scrypt); ++#endif ++ return 1; ++} +diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c +--- openssl-1.1.1b/test/evp_test.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/test/evp_test.c 2019-02-28 13:05:05.658521345 +0100 +@@ -1672,13 +1672,14 @@ static const EVP_TEST_METHOD encode_test + encode_test_run, + }; + ++ + /** + *** KDF TESTS + **/ + + typedef struct kdf_data_st { + /* Context for this operation */ +- EVP_PKEY_CTX *ctx; ++ EVP_KDF_CTX *ctx; + /* Expected output */ + unsigned char *output; + size_t output_len; +@@ -1705,16 +1706,11 @@ static int kdf_test_init(EVP_TEST *t, co + + if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) + return 0; +- kdata->ctx = EVP_PKEY_CTX_new_id(kdf_nid, NULL); ++ kdata->ctx = EVP_KDF_CTX_new_id(kdf_nid); + if (kdata->ctx == NULL) { + OPENSSL_free(kdata); + return 0; + } +- if (EVP_PKEY_derive_init(kdata->ctx) <= 0) { +- EVP_PKEY_CTX_free(kdata->ctx); +- OPENSSL_free(kdata); +- return 0; +- } + t->data = kdata; + return 1; + } +@@ -1723,7 +1719,42 @@ static void kdf_test_cleanup(EVP_TEST *t + { + KDF_DATA *kdata = t->data; + OPENSSL_free(kdata->output); +- EVP_PKEY_CTX_free(kdata->ctx); ++ EVP_KDF_CTX_free(kdata->ctx); ++} ++ ++static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, ++ const char *value) ++{ ++ int rv; ++ char *p, *tmpval; ++ ++ if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) ++ return 0; ++ p = strchr(tmpval, ':'); ++ if (p != NULL) ++ *p++ = '\0'; ++ rv = EVP_KDF_ctrl_str(kctx, tmpval, p); ++ if (rv == -2) { ++ t->err = "KDF_CTRL_INVALID"; ++ rv = 1; ++ } else if (p != NULL && rv <= 0) { ++ /* If p has an OID and lookup fails assume disabled algorithm */ ++ int nid = OBJ_sn2nid(p); ++ ++ if (nid == NID_undef) ++ nid = OBJ_ln2nid(p); ++ if (nid != NID_undef ++ && EVP_get_digestbynid(nid) == NULL ++ && EVP_get_cipherbynid(nid) == NULL) { ++ t->skip = 1; ++ rv = 1; ++ } else { ++ t->err = "KDF_CTRL_ERROR"; ++ rv = 1; ++ } ++ } ++ OPENSSL_free(tmpval); ++ return rv > 0; + } + + static int kdf_test_parse(EVP_TEST *t, +@@ -1734,7 +1765,7 @@ static int kdf_test_parse(EVP_TEST *t, + if (strcmp(keyword, "Output") == 0) + return parse_bin(value, &kdata->output, &kdata->output_len); + if (strncmp(keyword, "Ctrl", 4) == 0) +- return pkey_test_ctrl(t, kdata->ctx, value); ++ return kdf_test_ctrl(t, kdata->ctx, value); + return 0; + } + +@@ -1748,7 +1779,7 @@ static int kdf_test_run(EVP_TEST *t) + t->err = "INTERNAL_ERROR"; + goto err; + } +- if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) { ++ if (EVP_KDF_derive(expected->ctx, got, got_len) <= 0) { + t->err = "KDF_DERIVE_ERROR"; + goto err; + } +@@ -1774,6 +1805,106 @@ static const EVP_TEST_METHOD kdf_test_me + + + /** ++*** PKEY KDF TESTS ++**/ ++ ++typedef struct pkey_kdf_data_st { ++ /* Context for this operation */ ++ EVP_PKEY_CTX *ctx; ++ /* Expected output */ ++ unsigned char *output; ++ size_t output_len; ++} PKEY_KDF_DATA; ++ ++/* ++ * Perform public key operation setup: lookup key, allocated ctx and call ++ * the appropriate initialisation function ++ */ ++static int pkey_kdf_test_init(EVP_TEST *t, const char *name) ++{ ++ PKEY_KDF_DATA *kdata; ++ int kdf_nid = OBJ_sn2nid(name); ++ ++#ifdef OPENSSL_NO_SCRYPT ++ if (strcmp(name, "scrypt") == 0) { ++ t->skip = 1; ++ return 1; ++ } ++#endif ++ ++ if (kdf_nid == NID_undef) ++ kdf_nid = OBJ_ln2nid(name); ++ ++ if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) ++ return 0; ++ kdata->ctx = EVP_PKEY_CTX_new_id(kdf_nid, NULL); ++ if (kdata->ctx == NULL) { ++ OPENSSL_free(kdata); ++ return 0; ++ } ++ if (EVP_PKEY_derive_init(kdata->ctx) <= 0) { ++ EVP_PKEY_CTX_free(kdata->ctx); ++ OPENSSL_free(kdata); ++ return 0; ++ } ++ t->data = kdata; ++ return 1; ++} ++ ++static void pkey_kdf_test_cleanup(EVP_TEST *t) ++{ ++ PKEY_KDF_DATA *kdata = t->data; ++ OPENSSL_free(kdata->output); ++ EVP_PKEY_CTX_free(kdata->ctx); ++} ++ ++static int pkey_kdf_test_parse(EVP_TEST *t, ++ const char *keyword, const char *value) ++{ ++ PKEY_KDF_DATA *kdata = t->data; ++ ++ if (strcmp(keyword, "Output") == 0) ++ return parse_bin(value, &kdata->output, &kdata->output_len); ++ if (strncmp(keyword, "Ctrl", 4) == 0) ++ return pkey_test_ctrl(t, kdata->ctx, value); ++ return 0; ++} ++ ++static int pkey_kdf_test_run(EVP_TEST *t) ++{ ++ PKEY_KDF_DATA *expected = t->data; ++ unsigned char *got = NULL; ++ size_t got_len = expected->output_len; ++ ++ if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { ++ t->err = "INTERNAL_ERROR"; ++ goto err; ++ } ++ if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) { ++ t->err = "KDF_DERIVE_ERROR"; ++ goto err; ++ } ++ if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) { ++ t->err = "KDF_MISMATCH"; ++ goto err; ++ } ++ t->err = NULL; ++ ++ err: ++ OPENSSL_free(got); ++ return 1; ++} ++ ++static const EVP_TEST_METHOD pkey_kdf_test_method = { ++ "PKEYKDF", ++ pkey_kdf_test_init, ++ pkey_kdf_test_cleanup, ++ pkey_kdf_test_parse, ++ pkey_kdf_test_run ++}; ++ ++ ++/** + *** KEYPAIR TESTS + **/ + +@@ -2277,6 +2408,7 @@ static const EVP_TEST_METHOD *evp_test_l + &digestverify_test_method, + &encode_test_method, + &kdf_test_method, ++ &pkey_kdf_test_method, + &keypair_test_method, + &keygen_test_method, + &mac_test_method, +diff -up openssl-1.1.1b/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1b/test/pkey_meth_kdf_test.c +--- openssl-1.1.1b/test/pkey_meth_kdf_test.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/test/pkey_meth_kdf_test.c 2019-02-28 13:05:05.658521345 +0100 +@@ -1,5 +1,5 @@ + /* +- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -18,30 +18,34 @@ + + static int test_kdf_tls1_prf(void) + { ++ int ret = 0; + EVP_PKEY_CTX *pctx; + unsigned char out[16]; + size_t outlen = sizeof(out); +- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); + ++ if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL)) == NULL) { ++ TEST_error("EVP_PKEY_TLS1_PRF"); ++ goto err; ++ } + if (EVP_PKEY_derive_init(pctx) <= 0) { + TEST_error("EVP_PKEY_derive_init"); +- return 0; ++ goto err; + } + if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) { + TEST_error("EVP_PKEY_CTX_set_tls1_prf_md"); +- return 0; ++ goto err; + } + if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0) { + TEST_error("EVP_PKEY_CTX_set1_tls1_prf_secret"); +- return 0; ++ goto err; + } + if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0) { + TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); +- return 0; ++ goto err; + } + if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { + TEST_error("EVP_PKEY_derive"); +- return 0; ++ goto err; + } + + { +@@ -50,43 +54,49 @@ static int test_kdf_tls1_prf(void) + 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc + }; + if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { +- return 0; ++ goto err; + } + } ++ ret = 1; ++err: + EVP_PKEY_CTX_free(pctx); +- return 1; ++ return ret; + } + + static int test_kdf_hkdf(void) + { ++ int ret = 0; + EVP_PKEY_CTX *pctx; + unsigned char out[10]; + size_t outlen = sizeof(out); +- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); + ++ if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)) == NULL) { ++ TEST_error("EVP_PKEY_HKDF"); ++ goto err; ++ } + if (EVP_PKEY_derive_init(pctx) <= 0) { + TEST_error("EVP_PKEY_derive_init"); +- return 0; ++ goto err; + } + if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) { + TEST_error("EVP_PKEY_CTX_set_hkdf_md"); +- return 0; ++ goto err; + } + if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0) { + TEST_error("EVP_PKEY_CTX_set1_hkdf_salt"); +- return 0; ++ goto err; + } + if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0) { + TEST_error("EVP_PKEY_CTX_set1_hkdf_key"); +- return 0; ++ goto err; + } + if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 5) <= 0) { + TEST_error("EVP_PKEY_CTX_set1_hkdf_info"); +- return 0; ++ goto err; + } + if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { + TEST_error("EVP_PKEY_derive"); +- return 0; ++ goto err; + } + + { +@@ -94,60 +104,66 @@ static int test_kdf_hkdf(void) + 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13 + }; + if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { +- return 0; ++ goto err; + } + } ++ ret = 1; ++err: + EVP_PKEY_CTX_free(pctx); +- return 1; ++ return ret; + } + + #ifndef OPENSSL_NO_SCRYPT + static int test_kdf_scrypt(void) + { ++ int ret = 0; + EVP_PKEY_CTX *pctx; + unsigned char out[64]; + size_t outlen = sizeof(out); +- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL); + ++ if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL)) == NULL) { ++ TEST_error("EVP_PKEY_SCRYPT"); ++ goto err; ++ } + if (EVP_PKEY_derive_init(pctx) <= 0) { + TEST_error("EVP_PKEY_derive_init"); +- return 0; ++ goto err; + } + if (EVP_PKEY_CTX_set1_pbe_pass(pctx, "password", 8) <= 0) { + TEST_error("EVP_PKEY_CTX_set1_pbe_pass"); +- return 0; ++ goto err; + } + if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, "NaCl", 4) <= 0) { + TEST_error("EVP_PKEY_CTX_set1_scrypt_salt"); +- return 0; ++ goto err; + } + if (EVP_PKEY_CTX_set_scrypt_N(pctx, 1024) <= 0) { + TEST_error("EVP_PKEY_CTX_set_scrypt_N"); +- return 0; ++ goto err; + } + if (EVP_PKEY_CTX_set_scrypt_r(pctx, 8) <= 0) { + TEST_error("EVP_PKEY_CTX_set_scrypt_r"); +- return 0; ++ goto err; + } + if (EVP_PKEY_CTX_set_scrypt_p(pctx, 16) <= 0) { + TEST_error("EVP_PKEY_CTX_set_scrypt_p"); +- return 0; ++ goto err; + } + if (EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, 16) <= 0) { + TEST_error("EVP_PKEY_CTX_set_maxmem_bytes"); +- return 0; ++ goto err; + } + if (EVP_PKEY_derive(pctx, out, &outlen) > 0) { + TEST_error("EVP_PKEY_derive should have failed"); +- return 0; ++ goto err; + } + if (EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, 10 * 1024 * 1024) <= 0) { + TEST_error("EVP_PKEY_CTX_set_maxmem_bytes"); +- return 0; ++ goto err; + } + if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { + TEST_error("EVP_PKEY_derive"); +- return 0; ++ goto err; + } + + { +@@ -162,11 +178,13 @@ static int test_kdf_scrypt(void) + 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 + }; + if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { +- return 0; ++ goto err; + } + } ++ ret = 1; ++err: + EVP_PKEY_CTX_free(pctx); +- return 1; ++ return ret; + } + #endif + +diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt +--- openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt 2019-02-28 13:05:05.659521326 +0100 +@@ -1,5 +1,5 @@ + # +-# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. ++# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + # + # Licensed under the OpenSSL license (the "License"). You may not use + # this file except in compliance with the License. You can obtain a copy +@@ -15,7 +15,7 @@ + Title = TLS1 PRF tests (from NIST test vectors) + + KDF=TLS1-PRF +-Ctrl.md = md:MD5-SHA1 ++Ctrl.digest = digest:MD5-SHA1 + Ctrl.Secret = hexsecret:bded7fa5c1699c010be23dd06ada3a48349f21e5f86263d512c0c5cc379f0e780ec55d9844b2f1db02a96453513568d0 + Ctrl.label = seed:master secret + Ctrl.client_random = hexseed:e5acaf549cd25c22d964c0d930fa4b5261d2507fad84c33715b7b9a864020693 +@@ -23,7 +23,7 @@ Ctrl.server_random = hexseed:135e4d557fd + Output = 2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62 + + KDF=TLS1-PRF +-Ctrl.md = md:MD5-SHA1 ++Ctrl.digest = digest:MD5-SHA1 + Ctrl.Secret = hexsecret:2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62 + Ctrl.label = seed:key expansion + Ctrl.server_random = hexseed:67267e650eb32444119d222a368c191af3082888dc35afe8368e638c828874be +@@ -31,7 +31,7 @@ Ctrl.client_random = hexseed:d58a7b1cd4f + Output = 3088825988e77fce68d19f756e18e43eb7fe672433504feaf99b3c503d9091b164f166db301d70c9fc0870b4a94563907bee1a61fb786cb717576890bcc51cb9ead97e01d0a2fea99c953377b195205ff07b369589178796edc963fd80fdbe518a2fc1c35c18ae8d + + KDF=TLS1-PRF +-Ctrl.md = md:SHA256 ++Ctrl.digest = digest:SHA256 + Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc + Ctrl.label = seed:master secret + Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c +@@ -39,7 +39,7 @@ Ctrl.server_random = hexseed:f6c9575ed7d + Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf + + KDF=TLS1-PRF +-Ctrl.md = md:SHA256 ++Ctrl.digest = digest:SHA256 + Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf + Ctrl.label = seed:key expansion + Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868 +@@ -48,7 +48,7 @@ Output = d06139889fffac1e3a71865f504aa5d + + # As above but use long name for KDF + KDF=tls1-prf +-Ctrl.md = md:SHA256 ++Ctrl.digest = digest:SHA256 + Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf + Ctrl.label = seed:key expansion + Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868 +@@ -64,7 +64,7 @@ Result = KDF_DERIVE_ERROR + + # Missing secret. + KDF=TLS1-PRF +-Ctrl.md = md:MD5-SHA1 ++Ctrl.digest = digest:MD5-SHA1 + Ctrl.Seed = hexseed:02 + Output = 03 + Result = KDF_DERIVE_ERROR +@@ -72,7 +72,7 @@ Result = KDF_DERIVE_ERROR + Title = HKDF tests (from RFC5869 test vectors) + + KDF = HKDF +-Ctrl.md = md:SHA256 ++Ctrl.digest = digest:SHA256 + Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b + Ctrl.salt = hexsalt:000102030405060708090a0b0c + Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 +@@ -80,20 +80,20 @@ Output = 3cb25f25faacd57a90434f64d0362f2 + + KDF = HKDF + Ctrl.mode = mode:EXTRACT_ONLY +-Ctrl.md = md:SHA256 ++Ctrl.digest = digest:SHA256 + Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b + Ctrl.salt = hexsalt:000102030405060708090a0b0c + Output = 077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5 + + KDF = HKDF + Ctrl.mode = mode:EXPAND_ONLY +-Ctrl.md = md:SHA256 ++Ctrl.digest = digest:SHA256 + Ctrl.IKM = hexkey:077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5 + Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 + Output = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865 + + KDF = HKDF +-Ctrl.md = md:SHA256 ++Ctrl.digest = digest:SHA256 + Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f + Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf + Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +@@ -101,20 +101,20 @@ Output = b11e398dc80327a1c8e7f78c596a493 + + KDF = HKDF + Ctrl.mode = mode:EXTRACT_ONLY +-Ctrl.md = md:SHA256 ++Ctrl.digest = digest:SHA256 + Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f + Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf + Output = 06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244 + + KDF = HKDF + Ctrl.mode = mode:EXPAND_ONLY +-Ctrl.md = md:SHA256 ++Ctrl.digest = digest:SHA256 + Ctrl.IKM = hexkey:06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244 + Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff + Output = b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87 + + KDF = HKDF +-Ctrl.md = md:SHA256 ++Ctrl.digest = digest:SHA256 + Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b + Ctrl.salt = salt: + Ctrl.info = info: +@@ -122,7 +122,7 @@ Output = 8da4e775a563c18f715f802a063c5a3 + + KDF = HKDF + Ctrl.mode = mode:EXTRACT_ONLY +-Ctrl.md = md:SHA256 ++Ctrl.digest = digest:SHA256 + Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b + Ctrl.salt = salt: + Ctrl.info = info: +@@ -130,13 +130,13 @@ Output = 19ef24a32c717b167f33a91d6f648bd + + KDF = HKDF + Ctrl.mode = mode:EXPAND_ONLY +-Ctrl.md = md:SHA256 ++Ctrl.digest = digest:SHA256 + Ctrl.IKM = hexkey:19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04 + Ctrl.info = info: + Output = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8 + + KDF = HKDF +-Ctrl.md = md:SHA1 ++Ctrl.digest = digest:SHA1 + Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b + Ctrl.salt = hexsalt:000102030405060708090a0b0c + Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 +@@ -144,20 +144,20 @@ Output = 085a01ea1b10f36933068b56efa5ad8 + + KDF = HKDF + Ctrl.mode = mode:EXTRACT_ONLY +-Ctrl.md = md:SHA1 ++Ctrl.digest = digest:SHA1 + Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b + Ctrl.salt = hexsalt:000102030405060708090a0b0c + Output = 9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243 + + KDF = HKDF + Ctrl.mode = mode:EXPAND_ONLY +-Ctrl.md = md:SHA1 ++Ctrl.digest = digest:SHA1 + Ctrl.IKM = hexkey:9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243 + Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 + Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896 + + KDF = HKDF +-Ctrl.md = md:SHA1 ++Ctrl.digest = digest:SHA1 + Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f + Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf + Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +@@ -165,20 +165,20 @@ Output = 0bd770a74d1160f7c9f12cd5912a06e + + KDF = HKDF + Ctrl.mode = mode:EXTRACT_ONLY +-Ctrl.md = md:SHA1 ++Ctrl.digest = digest:SHA1 + Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f + Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf + Output = 8adae09a2a307059478d309b26c4115a224cfaf6 + + KDF = HKDF + Ctrl.mode = mode:EXPAND_ONLY +-Ctrl.md = md:SHA1 ++Ctrl.digest = digest:SHA1 + Ctrl.IKM = hexkey:8adae09a2a307059478d309b26c4115a224cfaf6 + Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff + Output = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4 + + KDF = HKDF +-Ctrl.md = md:SHA1 ++Ctrl.digest = digest:SHA1 + Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b + Ctrl.salt = salt: + Ctrl.info = info: +@@ -186,20 +186,20 @@ Output = 0ac1af7002b3d761d1e55298da9d050 + + KDF = HKDF + Ctrl.mode = mode:EXTRACT_ONLY +-Ctrl.md = md:SHA1 ++Ctrl.digest = digest:SHA1 + Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b + Ctrl.salt = salt: + Output = da8c8a73c7fa77288ec6f5e7c297786aa0d32d01 + + KDF = HKDF + Ctrl.mode = mode:EXPAND_ONLY +-Ctrl.md = md:SHA1 ++Ctrl.digest = digest:SHA1 + Ctrl.IKM = hexkey:da8c8a73c7fa77288ec6f5e7c297786aa0d32d01 + Ctrl.info = info: + Output = 0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918 + + KDF = HKDF +-Ctrl.md = md:SHA1 ++Ctrl.digest = digest:SHA1 + Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c + Ctrl.salt = salt: + Ctrl.info = info: +@@ -207,14 +207,14 @@ Output = 2c91117204d745f3500d636a62f64f0 + + KDF = HKDF + Ctrl.mode = mode:EXTRACT_ONLY +-Ctrl.md = md:SHA1 ++Ctrl.digest = digest:SHA1 + Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c + Ctrl.salt = salt: + Output = 2adccada18779e7c2077ad2eb19d3f3e731385dd + + KDF = HKDF + Ctrl.mode = mode:EXPAND_ONLY +-Ctrl.md = md:SHA1 ++Ctrl.digest = digest:SHA1 + Ctrl.IKM = hexkey:2adccada18779e7c2077ad2eb19d3f3e731385dd + Ctrl.info = info: + Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 +@@ -227,27 +227,27 @@ Output = 00 + Result = KDF_DERIVE_ERROR + + KDF = HKDF +-Ctrl.md = md:SHA1 ++Ctrl.digest = digest:SHA1 + Ctrl.salt = salt: + Ctrl.info = info: + Output = 00 + Result = KDF_DERIVE_ERROR + + KDF = HKDF +-Ctrl.md = md:SHA1 ++Ctrl.digest = digest:SHA1 + Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c + Ctrl.info = info: + Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 + + KDF = HKDF +-Ctrl.md = md:SHA1 ++Ctrl.digest = digest:SHA1 + Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c + Ctrl.salt = salt: + Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 + + KDF = HKDF + Ctrl.mode = mode:EXTRACT_AND_EXPAND +-Ctrl.md = md:SHA1 ++Ctrl.digest = digest:SHA1 + Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c + Ctrl.salt = salt: + Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 +@@ -303,3 +303,133 @@ Ctrl.r = r:8 + Ctrl.p = p:1 + Result = INTERNAL_ERROR + ++Title = PBKDF2 tests ++ ++KDF = PBKDF2 ++Ctrl.pass = pass:password ++Ctrl.salt = salt:salt ++Ctrl.iter = iter:1 ++Ctrl.digest = digest:sha1 ++Output = 0c60c80f961f0e71f3a9b524af6012062fe037a6 ++ ++KDF = PBKDF2 ++Ctrl.pass = pass:password ++Ctrl.salt = salt:salt ++Ctrl.iter = iter:1 ++Ctrl.digest = digest:sha256 ++Output = 120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b ++ ++KDF = PBKDF2 ++Ctrl.pass = pass:password ++Ctrl.salt = salt:salt ++Ctrl.iter = iter:1 ++Ctrl.digest = digest:sha512 ++Output = 867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d470a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce ++ ++KDF = PBKDF2 ++Ctrl.pass = pass:password ++Ctrl.salt = salt:salt ++Ctrl.iter = iter:2 ++Ctrl.digest = digest:sha1 ++Output = ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957 ++ ++KDF = PBKDF2 ++Ctrl.pass = pass:password ++Ctrl.salt = salt:salt ++Ctrl.iter = iter:2 ++Ctrl.digest = digest:sha256 ++Output = ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43 ++ ++KDF = PBKDF2 ++Ctrl.pass = pass:password ++Ctrl.salt = salt:salt ++Ctrl.iter = iter:2 ++Ctrl.digest = digest:sha512 ++Output = e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e ++ ++KDF = PBKDF2 ++Ctrl.pass = pass:password ++Ctrl.salt = salt:salt ++Ctrl.iter = iter:4096 ++Ctrl.digest = digest:sha1 ++Output = 4b007901b765489abead49d926f721d065a429c1 ++ ++KDF = PBKDF2 ++Ctrl.pass = pass:password ++Ctrl.salt = salt:salt ++Ctrl.iter = iter:4096 ++Ctrl.digest = digest:sha256 ++Output = c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a ++ ++KDF = PBKDF2 ++Ctrl.pass = pass:password ++Ctrl.salt = salt:salt ++Ctrl.iter = iter:4096 ++Ctrl.digest = digest:sha512 ++Output = d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5 ++ ++KDF = PBKDF2 ++Ctrl.pass = pass:passwordPASSWORDpassword ++Ctrl.salt = salt:saltSALTsaltSALTsaltSALTsaltSALTsalt ++Ctrl.iter = iter:4096 ++Ctrl.digest = digest:sha1 ++Output = 3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038 ++ ++KDF = PBKDF2 ++Ctrl.pass = pass:passwordPASSWORDpassword ++Ctrl.salt = salt:saltSALTsaltSALTsaltSALTsaltSALTsalt ++Ctrl.iter = iter:4096 ++Ctrl.digest = digest:sha256 ++Output = 348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c635518c7dac47e9 ++ ++KDF = PBKDF2 ++Ctrl.pass = pass:passwordPASSWORDpassword ++Ctrl.salt = salt:saltSALTsaltSALTsaltSALTsaltSALTsalt ++Ctrl.iter = iter:4096 ++Ctrl.digest = digest:sha512 ++Output = 8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8 ++ ++KDF = PBKDF2 ++Ctrl.hexpass = hexpass:7061737300776f7264 ++Ctrl.hexsalt = hexsalt:7361006c74 ++Ctrl.iter = iter:4096 ++Ctrl.digest = digest:sha1 ++Output = 56fa6aa75548099dcc37d7f03425e0c3 ++ ++KDF = PBKDF2 ++Ctrl.hexpass = hexpass:7061737300776f7264 ++Ctrl.hexsalt = hexsalt:7361006c74 ++Ctrl.iter = iter:4096 ++Ctrl.digest = digest:sha256 ++Output = 89b69d0516f829893c696226650a8687 ++ ++KDF = PBKDF2 ++Ctrl.hexpass = hexpass:7061737300776f7264 ++Ctrl.hexsalt = hexsalt:7361006c74 ++Ctrl.iter = iter:4096 ++Ctrl.digest = digest:sha512 ++Output = 9d9e9c4cd21fe4be24d5b8244c759665 ++ ++Title = PBKDF2 tests for empty inputs ++ ++KDF = PBKDF2 ++Ctrl.pass = pass: ++Ctrl.salt = salt:salt ++Ctrl.iter = iter:1 ++Ctrl.digest = digest:sha1 ++Output = a33dddc30478185515311f8752895d36ea4363a2 ++ ++KDF = PBKDF2 ++Ctrl.pass = pass: ++Ctrl.salt = salt:salt ++Ctrl.iter = iter:1 ++Ctrl.digest = digest:sha256 ++Output = f135c27993baf98773c5cdb40a5706ce6a345cde ++ ++KDF = PBKDF2 ++Ctrl.pass = pass: ++Ctrl.salt = salt:salt ++Ctrl.iter = iter:1 ++Ctrl.digest = digest:sha512 ++Output = 00ef42cdbfc98d29db20976608e455567fdddf14 ++ +diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt +--- openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf 2019-02-28 13:05:05.659521326 +0100 ++++ openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt 2019-02-28 13:05:05.659521326 +0100 +@@ -0,0 +1,305 @@ ++# ++# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++# Tests start with one of these keywords ++# Cipher Decrypt Derive Digest Encoding KDF PKEYKDF MAC PBE ++# PrivPubKeyPair Sign Verify VerifyRecover ++# and continue until a blank line. Lines starting with a pound sign, ++# like this prolog, are ignored. ++ ++Title = TLS1 PRF tests (from NIST test vectors) ++ ++PKEYKDF=TLS1-PRF ++Ctrl.md = md:MD5-SHA1 ++Ctrl.Secret = hexsecret:bded7fa5c1699c010be23dd06ada3a48349f21e5f86263d512c0c5cc379f0e780ec55d9844b2f1db02a96453513568d0 ++Ctrl.label = seed:master secret ++Ctrl.client_random = hexseed:e5acaf549cd25c22d964c0d930fa4b5261d2507fad84c33715b7b9a864020693 ++Ctrl.server_random = hexseed:135e4d557fdf3aa6406d82975d5c606a9734c9334b42136e96990fbd5358cdb2 ++Output = 2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62 ++ ++PKEYKDF=TLS1-PRF ++Ctrl.md = md:MD5-SHA1 ++Ctrl.Secret = hexsecret:2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62 ++Ctrl.label = seed:key expansion ++Ctrl.server_random = hexseed:67267e650eb32444119d222a368c191af3082888dc35afe8368e638c828874be ++Ctrl.client_random = hexseed:d58a7b1cd4fedaa232159df652ce188f9d997e061b9bf48e83b62990440931f6 ++Output = 3088825988e77fce68d19f756e18e43eb7fe672433504feaf99b3c503d9091b164f166db301d70c9fc0870b4a94563907bee1a61fb786cb717576890bcc51cb9ead97e01d0a2fea99c953377b195205ff07b369589178796edc963fd80fdbe518a2fc1c35c18ae8d ++ ++PKEYKDF=TLS1-PRF ++Ctrl.md = md:SHA256 ++Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc ++Ctrl.label = seed:master secret ++Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c ++Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce ++Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf ++ ++PKEYKDF=TLS1-PRF ++Ctrl.md = md:SHA256 ++Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf ++Ctrl.label = seed:key expansion ++Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868 ++Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616 ++Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928 ++ ++# As above but use long name for KDF ++PKEYKDF=tls1-prf ++Ctrl.md = md:SHA256 ++Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf ++Ctrl.label = seed:key expansion ++Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868 ++Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616 ++Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928 ++ ++# Missing digest. ++PKEYKDF=TLS1-PRF ++Ctrl.Secret = hexsecret:01 ++Ctrl.Seed = hexseed:02 ++Output = 03 ++Result = KDF_DERIVE_ERROR ++ ++# Missing secret. ++PKEYKDF=TLS1-PRF ++Ctrl.md = md:MD5-SHA1 ++Ctrl.Seed = hexseed:02 ++Output = 03 ++Result = KDF_DERIVE_ERROR ++ ++Title = HKDF tests (from RFC5869 test vectors) ++ ++PKEYKDF = HKDF ++Ctrl.md = md:SHA256 ++Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b ++Ctrl.salt = hexsalt:000102030405060708090a0b0c ++Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 ++Output = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865 ++ ++PKEYKDF = HKDF ++Ctrl.mode = mode:EXTRACT_ONLY ++Ctrl.md = md:SHA256 ++Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b ++Ctrl.salt = hexsalt:000102030405060708090a0b0c ++Output = 077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5 ++ ++PKEYKDF = HKDF ++Ctrl.mode = mode:EXPAND_ONLY ++Ctrl.md = md:SHA256 ++Ctrl.IKM = hexkey:077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5 ++Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 ++Output = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865 ++ ++PKEYKDF = HKDF ++Ctrl.md = md:SHA256 ++Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f ++Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf ++Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff ++Output = b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87 ++ ++PKEYKDF = HKDF ++Ctrl.mode = mode:EXTRACT_ONLY ++Ctrl.md = md:SHA256 ++Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f ++Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf ++Output = 06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244 ++ ++PKEYKDF = HKDF ++Ctrl.mode = mode:EXPAND_ONLY ++Ctrl.md = md:SHA256 ++Ctrl.IKM = hexkey:06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244 ++Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff ++Output = b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87 ++ ++PKEYKDF = HKDF ++Ctrl.md = md:SHA256 ++Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b ++Ctrl.salt = salt: ++Ctrl.info = info: ++Output = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8 ++ ++PKEYKDF = HKDF ++Ctrl.mode = mode:EXTRACT_ONLY ++Ctrl.md = md:SHA256 ++Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b ++Ctrl.salt = salt: ++Ctrl.info = info: ++Output = 19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04 ++ ++PKEYKDF = HKDF ++Ctrl.mode = mode:EXPAND_ONLY ++Ctrl.md = md:SHA256 ++Ctrl.IKM = hexkey:19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04 ++Ctrl.info = info: ++Output = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8 ++ ++PKEYKDF = HKDF ++Ctrl.md = md:SHA1 ++Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b ++Ctrl.salt = hexsalt:000102030405060708090a0b0c ++Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 ++Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896 ++ ++PKEYKDF = HKDF ++Ctrl.mode = mode:EXTRACT_ONLY ++Ctrl.md = md:SHA1 ++Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b ++Ctrl.salt = hexsalt:000102030405060708090a0b0c ++Output = 9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243 ++ ++PKEYKDF = HKDF ++Ctrl.mode = mode:EXPAND_ONLY ++Ctrl.md = md:SHA1 ++Ctrl.IKM = hexkey:9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243 ++Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 ++Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896 ++ ++PKEYKDF = HKDF ++Ctrl.md = md:SHA1 ++Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f ++Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf ++Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff ++Output = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4 ++ ++PKEYKDF = HKDF ++Ctrl.mode = mode:EXTRACT_ONLY ++Ctrl.md = md:SHA1 ++Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f ++Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf ++Output = 8adae09a2a307059478d309b26c4115a224cfaf6 ++ ++PKEYKDF = HKDF ++Ctrl.mode = mode:EXPAND_ONLY ++Ctrl.md = md:SHA1 ++Ctrl.IKM = hexkey:8adae09a2a307059478d309b26c4115a224cfaf6 ++Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff ++Output = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4 ++ ++PKEYKDF = HKDF ++Ctrl.md = md:SHA1 ++Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b ++Ctrl.salt = salt: ++Ctrl.info = info: ++Output = 0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918 ++ ++PKEYKDF = HKDF ++Ctrl.mode = mode:EXTRACT_ONLY ++Ctrl.md = md:SHA1 ++Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b ++Ctrl.salt = salt: ++Output = da8c8a73c7fa77288ec6f5e7c297786aa0d32d01 ++ ++PKEYKDF = HKDF ++Ctrl.mode = mode:EXPAND_ONLY ++Ctrl.md = md:SHA1 ++Ctrl.IKM = hexkey:da8c8a73c7fa77288ec6f5e7c297786aa0d32d01 ++Ctrl.info = info: ++Output = 0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918 ++ ++PKEYKDF = HKDF ++Ctrl.md = md:SHA1 ++Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c ++Ctrl.salt = salt: ++Ctrl.info = info: ++Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 ++ ++PKEYKDF = HKDF ++Ctrl.mode = mode:EXTRACT_ONLY ++Ctrl.md = md:SHA1 ++Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c ++Ctrl.salt = salt: ++Output = 2adccada18779e7c2077ad2eb19d3f3e731385dd ++ ++PKEYKDF = HKDF ++Ctrl.mode = mode:EXPAND_ONLY ++Ctrl.md = md:SHA1 ++Ctrl.IKM = hexkey:2adccada18779e7c2077ad2eb19d3f3e731385dd ++Ctrl.info = info: ++Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 ++ ++PKEYKDF = HKDF ++Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c ++Ctrl.salt = salt: ++Ctrl.info = info: ++Output = 00 ++Result = KDF_DERIVE_ERROR ++ ++PKEYKDF = HKDF ++Ctrl.md = md:SHA1 ++Ctrl.salt = salt: ++Ctrl.info = info: ++Output = 00 ++Result = KDF_DERIVE_ERROR ++ ++PKEYKDF = HKDF ++Ctrl.md = md:SHA1 ++Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c ++Ctrl.info = info: ++Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 ++ ++PKEYKDF = HKDF ++Ctrl.md = md:SHA1 ++Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c ++Ctrl.salt = salt: ++Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 ++ ++PKEYKDF = HKDF ++Ctrl.mode = mode:EXTRACT_AND_EXPAND ++Ctrl.md = md:SHA1 ++Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c ++Ctrl.salt = salt: ++Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 ++ ++Title = id-scrypt tests (from draft-josefsson-id-scrypt-kdf-03 and others) ++ ++PKEYKDF = scrypt ++Ctrl.pass = pass: ++Ctrl.salt = salt: ++Ctrl.N = N:16 ++Ctrl.r = r:1 ++Ctrl.p = p:1 ++Output = 77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906 ++ ++PKEYKDF = scrypt ++Ctrl.pass = pass:password ++Ctrl.salt = salt:NaCl ++Ctrl.N = N:1024 ++Ctrl.r = r:8 ++Ctrl.p = p:16 ++Output = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640 ++ ++PKEYKDF = scrypt ++Ctrl.hexpass = hexpass:70617373776f7264 ++Ctrl.salt = salt:NaCl ++Ctrl.N = N:1024 ++Ctrl.r = r:8 ++Ctrl.p = p:16 ++Output = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640 ++ ++PKEYKDF = scrypt ++Ctrl.pass = pass:password ++Ctrl.hexsalt = hexsalt:4e61436c ++Ctrl.N = N:1024 ++Ctrl.r = r:8 ++Ctrl.p = p:16 ++Output = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640 ++ ++PKEYKDF = scrypt ++Ctrl.pass = pass:pleaseletmein ++Ctrl.salt = salt:SodiumChloride ++Ctrl.N = N:16384 ++Ctrl.r = r:8 ++Ctrl.p = p:1 ++Output = 7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887 ++ ++# Out of memory ++PKEYKDF = scrypt ++Ctrl.pass = pass:pleaseletmein ++Ctrl.salt = salt:SodiumChloride ++Ctrl.N = N:1048576 ++Ctrl.r = r:8 ++Ctrl.p = p:1 ++Result = INTERNAL_ERROR ++ +diff -up openssl-1.1.1b/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1b/test/recipes/30-test_evp_kdf.t +--- openssl-1.1.1b/test/recipes/30-test_evp_kdf.t.evp-kdf 2019-02-28 13:05:05.659521326 +0100 ++++ openssl-1.1.1b/test/recipes/30-test_evp_kdf.t 2019-02-28 13:05:05.659521326 +0100 +@@ -0,0 +1,13 @@ ++#! /usr/bin/env perl ++# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. ++# Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++ ++use OpenSSL::Test::Simple; ++ ++simple_test("test_evp_kdf", "evp_kdf_test"); +diff -up openssl-1.1.1c/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1c/test/recipes/30-test_evp.t +--- openssl-1.1.1c/test/recipes/30-test_evp.t.evp-kdf 2019-05-29 16:55:38.236960543 +0200 ++++ openssl-1.1.1c/test/recipes/30-test_evp.t 2019-05-29 16:57:46.348718012 +0200 +@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/ + setup("test_evp"); + + my @files = ( "evpciph.txt", "evpdigest.txt", "evpencod.txt", "evpkdf.txt", +- "evpmac.txt", "evppbe.txt", "evppkey.txt", "evppkey_ecc.txt", ++ "evppkey_kdf.txt", "evpmac.txt", "evppbe.txt", "evppkey.txt", "evppkey_ecc.txt", + "evpcase.txt", "evpccmcavs.txt" ); + + plan tests => scalar(@files); + +diff -up openssl-1.1.1b/util/libcrypto.num.evp-kdf openssl-1.1.1b/util/libcrypto.num +--- openssl-1.1.1b/util/libcrypto.num.evp-kdf 2019-02-28 13:05:05.636521752 +0100 ++++ openssl-1.1.1b/util/libcrypto.num 2019-02-28 13:05:05.660521308 +0100 +@@ -4614,3 +4614,11 @@ FIPS_drbg_get_strength + FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION: + FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION: + FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION: ++EVP_KDF_CTX_new_id 6590 1_1_1b EXIST::FUNCTION: ++EVP_KDF_CTX_free 6591 1_1_1b EXIST::FUNCTION: ++EVP_KDF_reset 6592 1_1_1b EXIST::FUNCTION: ++EVP_KDF_ctrl 6593 1_1_1b EXIST::FUNCTION: ++EVP_KDF_vctrl 6594 1_1_1b EXIST::FUNCTION: ++EVP_KDF_ctrl_str 6595 1_1_1b EXIST::FUNCTION: ++EVP_KDF_size 6596 1_1_1b EXIST::FUNCTION: ++EVP_KDF_derive 6597 1_1_1b EXIST::FUNCTION: +diff -up openssl-1.1.1b/util/private.num.evp-kdf openssl-1.1.1b/util/private.num +--- openssl-1.1.1b/util/private.num.evp-kdf 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/util/private.num 2019-02-28 13:05:05.660521308 +0100 +@@ -21,6 +21,7 @@ CRYPTO_EX_dup + CRYPTO_EX_free datatype + CRYPTO_EX_new datatype + DTLS_timer_cb datatype ++EVP_KDF_CTX datatype + EVP_PKEY_gen_cb datatype + EVP_PKEY_METHOD datatype + EVP_PKEY_ASN1_METHOD datatype diff --git a/openssl-freefilesync/openssl-1.1.1-fips-crng-test.patch b/openssl-freefilesync/openssl-1.1.1-fips-crng-test.patch new file mode 100644 index 0000000..91841f1 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-fips-crng-test.patch @@ -0,0 +1,407 @@ +diff -up openssl-1.1.1b/crypto/include/internal/rand_int.h.crng-test openssl-1.1.1b/crypto/include/internal/rand_int.h +--- openssl-1.1.1b/crypto/include/internal/rand_int.h.crng-test 2019-05-07 08:56:33.242179136 +0200 ++++ openssl-1.1.1b/crypto/include/internal/rand_int.h 2019-05-07 09:54:14.920204875 +0200 +@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN + + void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out); + ++/* CRNG test entropy filter callbacks. */ ++size_t rand_crngt_get_entropy(RAND_DRBG *drbg, ++ unsigned char **pout, ++ int entropy, size_t min_len, size_t max_len, ++ int prediction_resistance); ++void rand_crngt_cleanup_entropy(RAND_DRBG *drbg, ++ unsigned char *out, size_t outlen); ++ + /* + * RAND_POOL functions + */ +diff -up openssl-1.1.1b/crypto/rand/build.info.crng-test openssl-1.1.1b/crypto/rand/build.info +--- openssl-1.1.1b/crypto/rand/build.info.crng-test 2019-05-07 09:54:14.921204857 +0200 ++++ openssl-1.1.1b/crypto/rand/build.info 2019-05-07 09:55:22.730014705 +0200 +@@ -1,4 +1,4 @@ + LIBS=../../libcrypto + SOURCE[../../libcrypto]=\ +- randfile.c rand_lib.c rand_err.c rand_egd.c \ ++ randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \ + rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c +diff -up openssl-1.1.1b/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1b/crypto/rand/drbg_lib.c +--- openssl-1.1.1b/crypto/rand/drbg_lib.c.crng-test 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/rand/drbg_lib.c 2019-05-07 10:04:51.753157224 +0200 +@@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg; + + + /* NIST SP 800-90A DRBG recommends the use of a personalization string. */ +-static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG"; ++static const char ossl_pers_string[] = DRBG_DEFAULT_PERS_STRING; + + static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT; + +@@ -201,8 +201,13 @@ static RAND_DRBG *rand_drbg_new(int secu + drbg->parent = parent; + + if (parent == NULL) { ++#ifdef OPENSSL_FIPS ++ drbg->get_entropy = rand_crngt_get_entropy; ++ drbg->cleanup_entropy = rand_crngt_cleanup_entropy; ++#else + drbg->get_entropy = rand_drbg_get_entropy; + drbg->cleanup_entropy = rand_drbg_cleanup_entropy; ++#endif + #ifndef RAND_DRBG_GET_RANDOM_NONCE + drbg->get_nonce = rand_drbg_get_nonce; + drbg->cleanup_nonce = rand_drbg_cleanup_nonce; +diff -up openssl-1.1.1b/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1b/crypto/rand/rand_crng_test.c +--- openssl-1.1.1b/crypto/rand/rand_crng_test.c.crng-test 2019-05-07 09:54:14.925204787 +0200 ++++ openssl-1.1.1b/crypto/rand/rand_crng_test.c 2019-05-07 09:54:14.932204664 +0200 +@@ -0,0 +1,118 @@ ++/* ++ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++/* ++ * Implementation of the FIPS 140-2 section 4.9.2 Conditional Tests. ++ */ ++ ++#include ++#include ++#include "internal/rand_int.h" ++#include "internal/thread_once.h" ++#include "rand_lcl.h" ++ ++static RAND_POOL *crngt_pool; ++static unsigned char crngt_prev[EVP_MAX_MD_SIZE]; ++ ++int (*crngt_get_entropy)(unsigned char *, unsigned char *, unsigned int *) ++ = &rand_crngt_get_entropy_cb; ++ ++int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md, ++ unsigned int *md_size) ++{ ++ int r; ++ size_t n; ++ unsigned char *p; ++ ++ n = rand_pool_acquire_entropy(crngt_pool); ++ if (n >= CRNGT_BUFSIZ) { ++ p = rand_pool_detach(crngt_pool); ++ r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL); ++ if (r != 0) ++ memcpy(buf, p, CRNGT_BUFSIZ); ++ rand_pool_reattach(crngt_pool, p); ++ return r; ++ } ++ return 0; ++} ++ ++void rand_crngt_cleanup(void) ++{ ++ rand_pool_free(crngt_pool); ++ crngt_pool = NULL; ++} ++ ++int rand_crngt_init(void) ++{ ++ unsigned char buf[CRNGT_BUFSIZ]; ++ ++ if ((crngt_pool = rand_pool_new(0, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL) ++ return 0; ++ if (crngt_get_entropy(buf, crngt_prev, NULL)) { ++ OPENSSL_cleanse(buf, sizeof(buf)); ++ return 1; ++ } ++ rand_crngt_cleanup(); ++ return 0; ++} ++ ++static CRYPTO_ONCE rand_crngt_init_flag = CRYPTO_ONCE_STATIC_INIT; ++DEFINE_RUN_ONCE_STATIC(do_rand_crngt_init) ++{ ++ return OPENSSL_init_crypto(0, NULL) ++ && rand_crngt_init() ++ && OPENSSL_atexit(&rand_crngt_cleanup); ++} ++ ++int rand_crngt_single_init(void) ++{ ++ return RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init); ++} ++ ++size_t rand_crngt_get_entropy(RAND_DRBG *drbg, ++ unsigned char **pout, ++ int entropy, size_t min_len, size_t max_len, ++ int prediction_resistance) ++{ ++ unsigned char buf[CRNGT_BUFSIZ], md[EVP_MAX_MD_SIZE]; ++ unsigned int sz; ++ RAND_POOL *pool; ++ size_t q, r = 0, s, t = 0; ++ int attempts = 3; ++ ++ if (!RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init)) ++ return 0; ++ ++ if ((pool = rand_pool_new(entropy, min_len, max_len)) == NULL) ++ return 0; ++ ++ while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) { ++ s = q > sizeof(buf) ? sizeof(buf) : q; ++ if (!crngt_get_entropy(buf, md, &sz) ++ || memcmp(crngt_prev, md, sz) == 0 ++ || !rand_pool_add(pool, buf, s, s * 8)) ++ goto err; ++ memcpy(crngt_prev, md, sz); ++ t += s; ++ attempts++; ++ } ++ r = t; ++ *pout = rand_pool_detach(pool); ++err: ++ OPENSSL_cleanse(buf, sizeof(buf)); ++ rand_pool_free(pool); ++ return r; ++} ++ ++void rand_crngt_cleanup_entropy(RAND_DRBG *drbg, ++ unsigned char *out, size_t outlen) ++{ ++ OPENSSL_secure_clear_free(out, outlen); ++} +diff -up openssl-1.1.1b/crypto/rand/rand_lcl.h.crng-test openssl-1.1.1b/crypto/rand/rand_lcl.h +--- openssl-1.1.1b/crypto/rand/rand_lcl.h.crng-test 2019-05-07 08:56:33.330177674 +0200 ++++ openssl-1.1.1b/crypto/rand/rand_lcl.h 2019-05-07 09:54:14.933204647 +0200 +@@ -33,7 +33,15 @@ + # define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */ + # define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */ + +- ++/* ++ * The number of bytes that constitutes an atomic lump of entropy with respect ++ * to the FIPS 140-2 section 4.9.2 Conditional Tests. The size is somewhat ++ * arbitrary, the smaller the value, the less entropy is consumed on first ++ * read but the higher the probability of the test failing by accident. ++ * ++ * The value is in bytes. ++ */ ++#define CRNGT_BUFSIZ 16 + + /* + * Maximum input size for the DRBG (entropy, nonce, personalization string) +@@ -44,7 +52,8 @@ + */ + # define DRBG_MAX_LENGTH INT32_MAX + +- ++/* The default nonce */ ++# define DRBG_DEFAULT_PERS_STRING "OpenSSL NIST SP 800-90A DRBG" + + /* + * Maximum allocation size for RANDOM_POOL buffers +@@ -290,4 +299,22 @@ int rand_drbg_enable_locking(RAND_DRBG * + /* initializes the AES-CTR DRBG implementation */ + int drbg_ctr_init(RAND_DRBG *drbg); + ++/* ++ * Entropy call back for the FIPS 140-2 section 4.9.2 Conditional Tests. ++ * These need to be exposed for the unit tests. ++ */ ++int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md, ++ unsigned int *md_size); ++extern int (*crngt_get_entropy)(unsigned char *buf, unsigned char *md, ++ unsigned int *md_size); ++int rand_crngt_init(void); ++void rand_crngt_cleanup(void); ++ ++/* ++ * Expose the run once initialisation function for the unit tests because. ++ * they need to restart from scratch to validate the first block is skipped ++ * properly. ++ */ ++int rand_crngt_single_init(void); ++ + #endif +diff -up openssl-1.1.1b/test/drbgtest.c.crng-test openssl-1.1.1b/test/drbgtest.c +--- openssl-1.1.1b/test/drbgtest.c.crng-test 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/test/drbgtest.c 2019-05-07 10:06:24.706551561 +0200 +@@ -143,6 +143,31 @@ static size_t kat_nonce(RAND_DRBG *drbg, + return t->noncelen; + } + ++ /* ++ * Disable CRNG testing if it is enabled. ++ * If the DRBG is ready or in an error state, this means an instantiate cycle ++ * for which the default personalisation string is used. ++ */ ++static int disable_crngt(RAND_DRBG *drbg) ++{ ++ static const char pers[] = DRBG_DEFAULT_PERS_STRING; ++ const int instantiate = drbg->state != DRBG_UNINITIALISED; ++ ++ if (drbg->get_entropy != rand_crngt_get_entropy) ++ return 1; ++ ++ if ((instantiate && !RAND_DRBG_uninstantiate(drbg)) ++ || !TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_drbg_get_entropy, ++ &rand_drbg_cleanup_entropy, ++ &rand_drbg_get_nonce, ++ &rand_drbg_cleanup_nonce)) ++ || (instantiate ++ && !RAND_DRBG_instantiate(drbg, (const unsigned char *)pers, ++ sizeof(pers) - 1))) ++ return 0; ++ return 1; ++} ++ + static int uninstantiate(RAND_DRBG *drbg) + { + int ret = drbg == NULL ? 1 : RAND_DRBG_uninstantiate(drbg); +@@ -168,7 +193,8 @@ static int single_kat(DRBG_SELFTEST_DATA + if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL))) + return 0; + if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL, +- kat_nonce, NULL))) { ++ kat_nonce, NULL)) ++ || !TEST_true(disable_crngt(drbg))) { + failures++; + goto err; + } +@@ -286,7 +312,8 @@ static int error_check(DRBG_SELFTEST_DAT + unsigned int reseed_counter_tmp; + int ret = 0; + +- if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL))) ++ if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL)) ++ || !TEST_true(disable_crngt(drbg))) + goto err; + + /* +@@ -699,6 +726,10 @@ static int test_rand_drbg_reseed(void) + || !TEST_ptr_eq(private->parent, master)) + return 0; + ++ /* Disable CRNG testing for the master DRBG */ ++ if (!TEST_true(disable_crngt(master))) ++ return 0; ++ + /* uninstantiate the three global DRBGs */ + RAND_DRBG_uninstantiate(private); + RAND_DRBG_uninstantiate(public); +@@ -919,7 +950,8 @@ static int test_rand_seed(void) + size_t rand_buflen; + size_t required_seed_buflen = 0; + +- if (!TEST_ptr(master = RAND_DRBG_get0_master())) ++ if (!TEST_ptr(master = RAND_DRBG_get0_master()) ++ || !TEST_true(disable_crngt(master))) + return 0; + + #ifdef OPENSSL_RAND_SEED_NONE +@@ -968,6 +1000,95 @@ static int test_rand_add(void) + return 1; + } + ++/* ++ * A list of the FIPS DRGB types. ++ */ ++static const struct s_drgb_types { ++ int nid; ++ int flags; ++} drgb_types[] = { ++ { NID_aes_128_ctr, 0 }, ++ { NID_aes_192_ctr, 0 }, ++ { NID_aes_256_ctr, 0 }, ++}; ++ ++/* Six cases for each covers seed sizes up to 32 bytes */ ++static const size_t crngt_num_cases = 6; ++ ++static size_t crngt_case, crngt_idx; ++ ++static int crngt_entropy_cb(unsigned char *buf, unsigned char *md, ++ unsigned int *md_size) ++{ ++ size_t i, z; ++ ++ if (!TEST_int_lt(crngt_idx, crngt_num_cases)) ++ return 0; ++ /* Generate a block of unique data unless this is the duplication point */ ++ z = crngt_idx++; ++ if (z > 0 && crngt_case == z) ++ z--; ++ for (i = 0; i < CRNGT_BUFSIZ; i++) ++ buf[i] = (unsigned char)(i + 'A' + z); ++ return EVP_Digest(buf, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL); ++} ++ ++static int test_crngt(int n) ++{ ++ const struct s_drgb_types *dt = drgb_types + n / crngt_num_cases; ++ RAND_DRBG *drbg = NULL; ++ unsigned char buff[100]; ++ size_t ent; ++ int res = 0; ++ int expect; ++ ++ if (!TEST_true(rand_crngt_single_init())) ++ return 0; ++ rand_crngt_cleanup(); ++ ++ if (!TEST_ptr(drbg = RAND_DRBG_new(dt->nid, dt->flags, NULL))) ++ return 0; ++ ent = (drbg->min_entropylen + CRNGT_BUFSIZ - 1) / CRNGT_BUFSIZ; ++ crngt_case = n % crngt_num_cases; ++ crngt_idx = 0; ++ crngt_get_entropy = &crngt_entropy_cb; ++ if (!TEST_true(rand_crngt_init())) ++ goto err; ++#ifndef OPENSSL_FIPS ++ if (!TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_crngt_get_entropy, ++ &rand_crngt_cleanup_entropy, ++ &rand_drbg_get_nonce, ++ &rand_drbg_cleanup_nonce))) ++ goto err; ++#endif ++ expect = crngt_case == 0 || crngt_case > ent; ++ if (!TEST_int_eq(RAND_DRBG_instantiate(drbg, NULL, 0), expect)) ++ goto err; ++ if (!expect) ++ goto fin; ++ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0))) ++ goto err; ++ ++ expect = crngt_case == 0 || crngt_case > 2 * ent; ++ if (!TEST_int_eq(RAND_DRBG_reseed(drbg, NULL, 0, 0), expect)) ++ goto err; ++ if (!expect) ++ goto fin; ++ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0))) ++ goto err; ++ ++fin: ++ res = 1; ++err: ++ if (!res) ++ TEST_note("DRBG %zd case %zd block %zd", n / crngt_num_cases, ++ crngt_case, crngt_idx); ++ uninstantiate(drbg); ++ RAND_DRBG_free(drbg); ++ crngt_get_entropy = &rand_crngt_get_entropy_cb; ++ return res; ++} ++ + int setup_tests(void) + { + app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL); +@@ -980,5 +1101,6 @@ int setup_tests(void) + #if defined(OPENSSL_THREADS) + ADD_TEST(test_multi_thread); + #endif ++ ADD_ALL_TESTS(test_crngt, crngt_num_cases * OSSL_NELEM(drgb_types)); + return 1; + } diff --git a/openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch b/openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch new file mode 100644 index 0000000..fc60e33 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch @@ -0,0 +1,157 @@ +diff -up openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand openssl-1.1.1c/crypto/fips/fips.c +--- openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand 2019-05-29 15:53:56.328216002 +0200 ++++ openssl-1.1.1c/crypto/fips/fips.c 2019-05-29 15:53:56.359215457 +0200 +@@ -68,6 +68,7 @@ + + # include + # include "internal/thread_once.h" ++# include "internal/rand_int.h" + + # ifndef PATH_MAX + # define PATH_MAX 1024 +@@ -76,6 +77,7 @@ + static int fips_selftest_fail = 0; + static int fips_mode = 0; + static int fips_started = 0; ++static int fips_post = 0; + + static int fips_is_owning_thread(void); + static int fips_set_owning_thread(void); +@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void) + fips_selftest_fail = 1; + } + ++int fips_in_post(void) ++{ ++ return fips_post; ++} ++ + /* we implement what libfipscheck does ourselves */ + + static int +@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff) + } + # endif + ++ fips_post = 1; ++ + if (!FIPS_selftest()) { + fips_selftest_fail = 1; + ret = 0; +@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff) + goto end; + } + ++ fips_post = 0; ++ + fips_set_mode(onoff); ++ /* force RNG reseed with entropy from getrandom() on next call */ ++ rand_fork(); ++ + ret = 1; + goto end; + } +diff -up openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand openssl-1.1.1c/crypto/include/internal/fips_int.h +--- openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand 2019-05-29 15:53:56.337215844 +0200 ++++ openssl-1.1.1c/crypto/include/internal/fips_int.h 2019-05-29 15:53:56.359215457 +0200 +@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void); + int FIPS_selftest_drbg(void); + int FIPS_selftest_cmac(void); + ++int fips_in_post(void); ++ + int fips_pkey_signature_test(EVP_PKEY *pkey, + const unsigned char *tbs, int tbslen, + const unsigned char *kat, +diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/crypto/rand/rand_unix.c +--- openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand 2019-05-28 15:12:21.000000000 +0200 ++++ openssl-1.1.1c/crypto/rand/rand_unix.c 2019-05-29 16:54:16.471391802 +0200 +@@ -16,10 +16,12 @@ + #include + #include "rand_lcl.h" + #include "internal/rand_int.h" ++#include "internal/fips_int.h" + #include + #include "internal/dso.h" + #if defined(__linux) +-# include ++# include ++# include + #endif + #if defined(__FreeBSD__) + # include +@@ -279,7 +281,7 @@ static ssize_t sysctl_random(char *buf, + * syscall_random(): Try to get random data using a system call + * returns the number of bytes returned in buf, or < 0 on error. + */ +-static ssize_t syscall_random(void *buf, size_t buflen) ++static ssize_t syscall_random(void *buf, size_t buflen, int nonblock) + { + /* + * Note: 'buflen' equals the size of the buffer which is used by the +@@ -301,6 +303,7 @@ static ssize_t syscall_random(void *buf, + * - Linux since 3.17 with glibc 2.25 + * - FreeBSD since 12.0 (1200061) + */ ++# if 0 + # if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) + extern int getentropy(void *buffer, size_t length) __attribute__((weak)); + +@@ -322,10 +325,10 @@ static ssize_t syscall_random(void *buf, + if (p_getentropy.p != NULL) + return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; + # endif +- ++# endif + /* Linux supports this since version 3.17 */ +-# if defined(__linux) && defined(__NR_getrandom) +- return syscall(__NR_getrandom, buf, buflen, 0); ++# if defined(__linux) && defined(SYS_getrandom) ++ return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0); + # elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) + return sysctl_random(buf, buflen); + # else +@@ -475,8 +478,10 @@ size_t rand_pool_acquire_entropy(RAND_PO + size_t bytes_needed; + size_t entropy_available = 0; + unsigned char *buffer; +- + # if defined(OPENSSL_RAND_SEED_GETRANDOM) ++ int in_post; ++ ++ for (in_post = fips_in_post(); in_post >= 0; --in_post) { + { + ssize_t bytes; + /* Maximum allowed number of consecutive unsuccessful attempts */ +@@ -485,7 +490,7 @@ size_t rand_pool_acquire_entropy(RAND_PO + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + while (bytes_needed != 0 && attempts-- > 0) { + buffer = rand_pool_add_begin(pool, bytes_needed); +- bytes = syscall_random(buffer, bytes_needed); ++ bytes = syscall_random(buffer, bytes_needed, in_post); + if (bytes > 0) { + rand_pool_add_end(pool, bytes, 8 * bytes); + bytes_needed -= bytes; +@@ -540,8 +545,10 @@ size_t rand_pool_acquire_entropy(RAND_PO + int attempts = 3; + const int fd = get_random_device(i); + +- if (fd == -1) ++ if (fd == -1) { ++ OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]); + continue; ++ } + + while (bytes_needed != 0 && attempts-- > 0) { + buffer = rand_pool_add_begin(pool, bytes_needed); +@@ -601,7 +608,9 @@ size_t rand_pool_acquire_entropy(RAND_PO + } + } + # endif +- ++# ifdef OPENSSL_RAND_SEED_GETRANDOM ++ } ++# endif + return rand_pool_entropy_available(pool); + # endif + } diff --git a/openssl-freefilesync/openssl-1.1.1-fips.patch b/openssl-freefilesync/openssl-1.1.1-fips.patch new file mode 100644 index 0000000..3ff5aa4 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-fips.patch @@ -0,0 +1,11852 @@ +diff -up openssl-1.1.1b/apps/pkcs12.c.fips openssl-1.1.1b/apps/pkcs12.c +--- openssl-1.1.1b/apps/pkcs12.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/apps/pkcs12.c 2019-05-24 12:08:40.524523735 +0200 +@@ -126,7 +126,7 @@ int pkcs12_main(int argc, char **argv) + int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0; + int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER; + # ifndef OPENSSL_NO_RC2 +- int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; ++ int cert_pbe = FIPS_mode() ? NID_pbe_WithSHA1And3_Key_TripleDES_CBC : NID_pbe_WithSHA1And40BitRC2_CBC; + # else + int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + # endif +diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c +--- openssl-1.1.1b/apps/speed.c.fips 2019-05-07 11:52:35.887597899 +0200 ++++ openssl-1.1.1b/apps/speed.c 2019-05-07 16:51:36.946350159 +0200 +@@ -1592,7 +1592,8 @@ int speed_main(int argc, char **argv) + continue; + if (strcmp(*argv, "rsa") == 0) { + for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++) +- rsa_doit[loop] = 1; ++ if (!FIPS_mode() || loop != R_RSA_512) ++ rsa_doit[loop] = 1; + continue; + } + if (found(*argv, rsa_choices, &i)) { +@@ -1602,7 +1603,9 @@ int speed_main(int argc, char **argv) + #endif + #ifndef OPENSSL_NO_DSA + if (strcmp(*argv, "dsa") == 0) { +- dsa_doit[R_DSA_512] = dsa_doit[R_DSA_1024] = ++ if (!FIPS_mode()) ++ dsa_doit[R_DSA_512] = 1; ++ dsa_doit[R_DSA_1024] = + dsa_doit[R_DSA_2048] = 1; + continue; + } +@@ -1633,19 +1636,21 @@ int speed_main(int argc, char **argv) + } + if (strcmp(*argv, "ecdh") == 0) { + for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) +- ecdh_doit[loop] = 1; ++ if(!FIPS_mode() || (loop != R_EC_X25519 && loop != R_EC_X448)) ++ ecdh_doit[loop] = 1; + continue; + } + if (found(*argv, ecdh_choices, &i)) { +- ecdh_doit[i] = 2; ++ if(!FIPS_mode() || (i != R_EC_X25519 && i != R_EC_X448)) ++ ecdh_doit[i] = 2; + continue; + } +- if (strcmp(*argv, "eddsa") == 0) { ++ if (!FIPS_mode() && strcmp(*argv, "eddsa") == 0) { + for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++) + eddsa_doit[loop] = 1; + continue; + } +- if (found(*argv, eddsa_choices, &i)) { ++ if (!FIPS_mode() && found(*argv, eddsa_choices, &i)) { + eddsa_doit[i] = 2; + continue; + } +@@ -1734,23 +1739,30 @@ int speed_main(int argc, char **argv) + /* No parameters; turn on everything. */ + if ((argc == 0) && !doit[D_EVP]) { + for (i = 0; i < ALGOR_NUM; i++) +- if (i != D_EVP) ++ if (i != D_EVP && ++ (!FIPS_mode() || (i != D_WHIRLPOOL && ++ i != D_MD2 && i != D_MD4 && ++ i != D_MD5 && i != D_MDC2 && ++ i != D_RMD160))) + doit[i] = 1; + #ifndef OPENSSL_NO_RSA + for (i = 0; i < RSA_NUM; i++) +- rsa_doit[i] = 1; ++ if (!FIPS_mode() || i != R_RSA_512) ++ rsa_doit[i] = 1; + #endif + #ifndef OPENSSL_NO_DSA + for (i = 0; i < DSA_NUM; i++) +- dsa_doit[i] = 1; ++ if (!FIPS_mode() || i != R_DSA_512) ++ dsa_doit[i] = 1; + #endif + #ifndef OPENSSL_NO_EC + for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++) + ecdsa_doit[loop] = 1; + for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) + ecdh_doit[loop] = 1; +- for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++) +- eddsa_doit[loop] = 1; ++ if (!FIPS_mode()) ++ for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++) ++ eddsa_doit[loop] = 1; + #endif + } + for (i = 0; i < ALGOR_NUM; i++) +@@ -1798,30 +1810,46 @@ int speed_main(int argc, char **argv) + AES_set_encrypt_key(key24, 192, &aes_ks2); + AES_set_encrypt_key(key32, 256, &aes_ks3); + #ifndef OPENSSL_NO_CAMELLIA +- Camellia_set_key(key16, 128, &camellia_ks1); +- Camellia_set_key(ckey24, 192, &camellia_ks2); +- Camellia_set_key(ckey32, 256, &camellia_ks3); ++ if (doit[D_CBC_128_CML] || doit[D_CBC_192_CML] || doit[D_CBC_256_CML]) { ++ Camellia_set_key(key16, 128, &camellia_ks1); ++ Camellia_set_key(ckey24, 192, &camellia_ks2); ++ Camellia_set_key(ckey32, 256, &camellia_ks3); ++ } + #endif + #ifndef OPENSSL_NO_IDEA +- IDEA_set_encrypt_key(key16, &idea_ks); ++ if (doit[D_CBC_IDEA]) { ++ IDEA_set_encrypt_key(key16, &idea_ks); ++ } + #endif + #ifndef OPENSSL_NO_SEED +- SEED_set_key(key16, &seed_ks); ++ if (doit[D_CBC_SEED]) { ++ SEED_set_key(key16, &seed_ks); ++ } + #endif + #ifndef OPENSSL_NO_RC4 +- RC4_set_key(&rc4_ks, 16, key16); ++ if (doit[D_RC4]) { ++ RC4_set_key(&rc4_ks, 16, key16); ++ } + #endif + #ifndef OPENSSL_NO_RC2 +- RC2_set_key(&rc2_ks, 16, key16, 128); ++ if (doit[D_CBC_RC2]) { ++ RC2_set_key(&rc2_ks, 16, key16, 128); ++ } + #endif + #ifndef OPENSSL_NO_RC5 +- RC5_32_set_key(&rc5_ks, 16, key16, 12); ++ if (doit[D_CBC_RC5]) { ++ RC5_32_set_key(&rc5_ks, 16, key16, 12); ++ } + #endif + #ifndef OPENSSL_NO_BF +- BF_set_key(&bf_ks, 16, key16); ++ if (doit[D_CBC_BF]) { ++ BF_set_key(&bf_ks, 16, key16); ++ } + #endif + #ifndef OPENSSL_NO_CAST +- CAST_set_key(&cast_ks, 16, key16); ++ if (doit[D_CBC_CAST]) { ++ CAST_set_key(&cast_ks, 16, key16); ++ } + #endif + #ifndef SIGALRM + # ifndef OPENSSL_NO_DES +@@ -2118,6 +2146,7 @@ int speed_main(int argc, char **argv) + + for (i = 0; i < loopargs_len; i++) { + loopargs[i].hctx = HMAC_CTX_new(); ++ HMAC_CTX_set_flags(loopargs[i].hctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + if (loopargs[i].hctx == NULL) { + BIO_printf(bio_err, "HMAC malloc failure, exiting..."); + exit(1); +diff -up openssl-1.1.1b/Configure.fips openssl-1.1.1b/Configure +--- openssl-1.1.1b/Configure.fips 2019-02-28 11:30:06.775746246 +0100 ++++ openssl-1.1.1b/Configure 2019-02-28 11:30:06.779746172 +0100 +@@ -313,7 +313,7 @@ $config{sdirs} = [ + "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3", + "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes", + "bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine", +- "buffer", "bio", "stack", "lhash", "rand", "err", ++ "buffer", "bio", "stack", "lhash", "rand", "err", "fips", + "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", + "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store" + ]; +diff -up openssl-1.1.1b/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1b/crypto/cmac/cm_pmeth.c +--- openssl-1.1.1b/crypto/cmac/cm_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/cmac/cm_pmeth.c 2019-05-06 14:55:32.866749109 +0200 +@@ -129,7 +129,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C + + const EVP_PKEY_METHOD cmac_pkey_meth = { + EVP_PKEY_CMAC, +- EVP_PKEY_FLAG_SIGCTX_CUSTOM, ++ EVP_PKEY_FLAG_SIGCTX_CUSTOM | EVP_PKEY_FLAG_FIPS, + pkey_cmac_init, + pkey_cmac_copy, + pkey_cmac_cleanup, +diff -up openssl-1.1.1b/crypto/dh/dh_err.c.fips openssl-1.1.1b/crypto/dh/dh_err.c +--- openssl-1.1.1b/crypto/dh/dh_err.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/dh/dh_err.c 2019-02-28 11:30:06.779746172 +0100 +@@ -25,6 +25,9 @@ static const ERR_STRING_DATA DH_str_func + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0), + "dh_cms_set_shared_info"}, ++ {ERR_PACK(ERR_LIB_DH, DH_F_DH_COMPUTE_KEY, 0), "DH_compute_key"}, ++ {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_KEY, 0), "DH_generate_key"}, ++ {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_PARAMETERS_EX, 0), "DH_generate_parameters_ex"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_DUP, 0), "DH_meth_dup"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_NEW, 0), "DH_meth_new"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_SET1_NAME, 0), "DH_meth_set1_name"}, +@@ -72,12 +75,14 @@ static const ERR_STRING_DATA DH_str_reas + {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PUBKEY), "invalid public key"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEYS_NOT_SET), "keys not set"}, ++ {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEY_SIZE_TOO_SMALL), "key size too small"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR), + "not suitable generator"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"}, ++ {ERR_PACK(ERR_LIB_DH, 0, DH_R_NON_FIPS_METHOD), "non FIPS method"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), + "parameter encoding error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, +diff -up openssl-1.1.1b/crypto/dh/dh_gen.c.fips openssl-1.1.1b/crypto/dh/dh_gen.c +--- openssl-1.1.1b/crypto/dh/dh_gen.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/dh/dh_gen.c 2019-02-28 11:30:06.780746153 +0100 +@@ -16,6 +16,9 @@ + #include "internal/cryptlib.h" + #include + #include "dh_locl.h" ++#ifdef OPENSSL_FIPS ++# include ++#endif + + static int dh_builtin_genparams(DH *ret, int prime_len, int generator, + BN_GENCB *cb); +@@ -23,6 +26,13 @@ static int dh_builtin_genparams(DH *ret, + int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, + BN_GENCB *cb) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD) ++ && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW)) { ++ DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD); ++ return 0; ++ } ++#endif + if (ret->meth->generate_params) + return ret->meth->generate_params(ret, prime_len, generator, cb); + return dh_builtin_genparams(ret, prime_len, generator, cb); +@@ -62,6 +72,18 @@ static int dh_builtin_genparams(DH *ret, + int g, ok = -1; + BN_CTX *ctx = NULL; + ++#ifdef OPENSSL_FIPS ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS, FIPS_R_FIPS_SELFTEST_FAILED); ++ return 0; ++ } ++ ++ if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN)) { ++ DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); ++ goto err; ++ } ++#endif ++ + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; +diff -up openssl-1.1.1b/crypto/dh/dh_key.c.fips openssl-1.1.1b/crypto/dh/dh_key.c +--- openssl-1.1.1b/crypto/dh/dh_key.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/dh/dh_key.c 2019-02-28 11:30:06.780746153 +0100 +@@ -11,6 +11,9 @@ + #include "internal/cryptlib.h" + #include "dh_locl.h" + #include "internal/bn_int.h" ++#ifdef OPENSSL_FIPS ++# include ++#endif + + static int generate_key(DH *dh); + static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); +@@ -22,18 +25,32 @@ static int dh_finish(DH *dh); + + int DH_generate_key(DH *dh) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) ++ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) { ++ DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD); ++ return 0; ++ } ++#endif + return dh->meth->generate_key(dh); + } + + int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) ++ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) { ++ DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD); ++ return 0; ++ } ++#endif + return dh->meth->compute_key(key, pub_key, dh); + } + + int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) + { + int rv, pad; +- rv = dh->meth->compute_key(key, pub_key, dh); ++ rv = DH_compute_key(key, pub_key, dh); + if (rv <= 0) + return rv; + pad = BN_num_bytes(dh->p) - rv; +@@ -82,6 +99,14 @@ static int generate_key(DH *dh) + BN_MONT_CTX *mont = NULL; + BIGNUM *pub_key = NULL, *priv_key = NULL; + ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() ++ && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) { ++ DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL); ++ return 0; ++ } ++#endif ++ + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { + DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); + return 0; +@@ -170,6 +195,13 @@ static int compute_key(unsigned char *ke + DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); + goto err; + } ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() ++ && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) { ++ DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL); ++ goto err; ++ } ++#endif + + ctx = BN_CTX_new(); + if (ctx == NULL) +@@ -221,6 +253,9 @@ static int dh_bn_mod_exp(const DH *dh, B + + static int dh_init(DH *dh) + { ++#ifdef OPENSSL_FIPS ++ FIPS_selftest_check(); ++#endif + dh->flags |= DH_FLAG_CACHE_MONT_P; + return 1; + } +diff -up openssl-1.1.1b/crypto/dh/dh_pmeth.c.fips openssl-1.1.1b/crypto/dh/dh_pmeth.c +--- openssl-1.1.1b/crypto/dh/dh_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/dh/dh_pmeth.c 2019-05-06 14:57:29.184723430 +0200 +@@ -480,7 +480,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX * + + const EVP_PKEY_METHOD dh_pkey_meth = { + EVP_PKEY_DH, +- 0, ++ EVP_PKEY_FLAG_FIPS, + pkey_dh_init, + pkey_dh_copy, + pkey_dh_cleanup, +@@ -514,7 +514,7 @@ const EVP_PKEY_METHOD dh_pkey_meth = { + + const EVP_PKEY_METHOD dhx_pkey_meth = { + EVP_PKEY_DHX, +- 0, ++ EVP_PKEY_FLAG_FIPS, + pkey_dh_init, + pkey_dh_copy, + pkey_dh_cleanup, +diff -up openssl-1.1.1b/crypto/dsa/dsa_err.c.fips openssl-1.1.1b/crypto/dsa/dsa_err.c +--- openssl-1.1.1b/crypto/dsa/dsa_err.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/dsa/dsa_err.c 2019-02-28 11:30:06.798745819 +0100 +@@ -16,12 +16,15 @@ + static const ERR_STRING_DATA DSA_str_functs[] = { + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT_FP, 0), "DSAparams_print_fp"}, ++ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_KEYGEN, 0), "dsa_builtin_keygen"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN, 0), + "dsa_builtin_paramgen"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN2, 0), + "dsa_builtin_paramgen2"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, 0), "DSA_do_sign"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_VERIFY, 0), "DSA_do_verify"}, ++ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_KEY, 0), "DSA_generate_key"}, ++ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_PARAMETERS_EX, 0), "DSA_generate_parameters_ex"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"}, +@@ -51,9 +54,12 @@ static const ERR_STRING_DATA DSA_str_rea + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE), + "invalid digest type"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"}, ++ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_KEY_SIZE_INVALID), "key size invalid"}, ++ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"}, ++ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NON_FIPS_DSA_METHOD), "non FIPS DSA method"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), + "parameter encoding error"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"}, +diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_gen.c +--- openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/dsa/dsa_gen.c 2019-02-28 11:30:06.799745800 +0100 +@@ -22,12 +22,22 @@ + #include + #include + #include "dsa_locl.h" ++#ifdef OPENSSL_FIPS ++# include ++#endif + + int DSA_generate_parameters_ex(DSA *ret, int bits, + const unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb) + { ++# ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD) ++ && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW)) { ++ DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD); ++ return 0; ++ } ++# endif + if (ret->meth->dsa_paramgen) + return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, + counter_ret, h_ret, cb); +@@ -35,9 +45,15 @@ int DSA_generate_parameters_ex(DSA *ret, + const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1(); + size_t qbits = EVP_MD_size(evpmd) * 8; + ++# ifdef OPENSSL_FIPS ++ return dsa_builtin_paramgen2(ret, bits, qbits, evpmd, ++ seed_in, seed_len, -1, NULL, counter_ret, ++ h_ret, cb); ++# else + return dsa_builtin_paramgen(ret, bits, qbits, evpmd, + seed_in, seed_len, NULL, counter_ret, + h_ret, cb); ++# endif + } + } + +@@ -310,7 +326,7 @@ int dsa_builtin_paramgen2(DSA *ret, size + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb) + { +- int ok = -1; ++ int ok = 0; + unsigned char *seed = NULL, *seed_tmp = NULL; + unsigned char md[EVP_MAX_MD_SIZE]; + int mdsize; +@@ -333,6 +349,20 @@ int dsa_builtin_paramgen2(DSA *ret, size + goto err; + } + ++# ifdef OPENSSL_FIPS ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN2, FIPS_R_FIPS_SELFTEST_FAILED); ++ goto err; ++ } ++ ++ if (FIPS_mode() && (L != 1024 || N != 160) && ++ (L != 2048 || N != 224) && (L != 2048 || N != 256) && ++ (L != 3072 || N != 256)) { ++ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_KEY_SIZE_INVALID); ++ goto err; ++ } ++# endif ++ + if (evpmd == NULL) { + if (N == 160) + evpmd = EVP_sha1(); +@@ -433,9 +463,10 @@ int dsa_builtin_paramgen2(DSA *ret, size + goto err; + /* Provided seed didn't produce a prime: error */ + if (seed_in) { +- ok = 0; +- DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_Q_NOT_PRIME); +- goto err; ++ /* Different seed_out will indicate that seed_in ++ * did not generate primes. ++ */ ++ seed_in = NULL; + } + + /* do a callback call */ +@@ -521,11 +552,14 @@ int dsa_builtin_paramgen2(DSA *ret, size + if (counter >= (int)(4 * L)) + break; + } ++#if 0 ++ /* Cannot happen */ + if (seed_in) { + ok = 0; + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); + goto err; + } ++#endif + } + end: + if (!BN_GENCB_call(cb, 2, 1)) +@@ -596,7 +630,7 @@ int dsa_builtin_paramgen2(DSA *ret, size + BN_free(ret->g); + ret->g = BN_dup(g); + if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { +- ok = -1; ++ ok = 0; + goto err; + } + if (counter_ret != NULL) +@@ -614,3 +648,53 @@ int dsa_builtin_paramgen2(DSA *ret, size + EVP_MD_CTX_free(mctx); + return ok; + } ++ ++#ifdef OPENSSL_FIPS ++ ++int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, ++ const EVP_MD *evpmd, const unsigned char *seed_in, ++ size_t seed_len, int idx, unsigned char *seed_out, ++ int *counter_ret, unsigned long *h_ret, ++ BN_GENCB *cb) ++{ ++ return dsa_builtin_paramgen2(ret, L, N, evpmd, seed_in, seed_len, ++ idx, seed_out, counter_ret, h_ret, cb); ++} ++ ++int FIPS_dsa_paramgen_check_g(DSA *dsa) ++{ ++ BN_CTX *ctx; ++ BIGNUM *tmp; ++ BN_MONT_CTX *mont = NULL; ++ int rv = -1; ++ ++ ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return -1; ++ if (BN_cmp(dsa->g, BN_value_one()) <= 0) ++ return 0; ++ if (BN_cmp(dsa->g, dsa->p) >= 0) ++ return 0; ++ BN_CTX_start(ctx); ++ tmp = BN_CTX_get(ctx); ++ if (tmp == NULL) ++ goto err; ++ if ((mont=BN_MONT_CTX_new()) == NULL) ++ goto err; ++ if (!BN_MONT_CTX_set(mont,dsa->p,ctx)) ++ goto err; ++ /* Work out g^q mod p */ ++ if (!BN_mod_exp_mont(tmp,dsa->g,dsa->q, dsa->p, ctx, mont)) ++ goto err; ++ if (!BN_cmp(tmp, BN_value_one())) ++ rv = 1; ++ else ++ rv = 0; ++ err: ++ BN_CTX_end(ctx); ++ BN_MONT_CTX_free(mont); ++ BN_CTX_free(ctx); ++ return rv; ++} ++ ++#endif +diff -up openssl-1.1.1b/crypto/dsa/dsa_key.c.fips openssl-1.1.1b/crypto/dsa/dsa_key.c +--- openssl-1.1.1b/crypto/dsa/dsa_key.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/dsa/dsa_key.c 2019-02-28 11:30:06.799745800 +0100 +@@ -13,10 +13,49 @@ + #include + #include "dsa_locl.h" + ++#ifdef OPENSSL_FIPS ++# include ++# include "internal/fips_int.h" ++ ++static int fips_check_dsa(DSA *dsa) ++{ ++ EVP_PKEY *pk; ++ unsigned char tbs[] = "DSA Pairwise Check Data"; ++ int ret = 0; ++ ++ if ((pk = EVP_PKEY_new()) == NULL) ++ goto err; ++ ++ EVP_PKEY_set1_DSA(pk, dsa); ++ ++ if (fips_pkey_signature_test(pk, tbs, -1, NULL, 0, NULL, 0, NULL)) ++ ret = 1; ++ ++ err: ++ if (ret == 0) { ++ FIPSerr(FIPS_F_FIPS_CHECK_DSA, FIPS_R_PAIRWISE_TEST_FAILED); ++ fips_set_selftest_fail(); ++ } ++ ++ if (pk) ++ EVP_PKEY_free(pk); ++ ++ return ret; ++} ++ ++#endif ++ + static int dsa_builtin_keygen(DSA *dsa); + + int DSA_generate_key(DSA *dsa) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD) ++ && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { ++ DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD); ++ return 0; ++ } ++#endif + if (dsa->meth->dsa_keygen) + return dsa->meth->dsa_keygen(dsa); + return dsa_builtin_keygen(dsa); +@@ -28,6 +67,14 @@ static int dsa_builtin_keygen(DSA *dsa) + BN_CTX *ctx = NULL; + BIGNUM *pub_key = NULL, *priv_key = NULL; + ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) ++ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN)) { ++ DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL); ++ goto err; ++ } ++#endif ++ + if ((ctx = BN_CTX_new()) == NULL) + goto err; + +@@ -65,6 +112,13 @@ static int dsa_builtin_keygen(DSA *dsa) + + dsa->priv_key = priv_key; + dsa->pub_key = pub_key; ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !fips_check_dsa(dsa)) { ++ dsa->pub_key = NULL; ++ dsa->priv_key = NULL; ++ goto err; ++ } ++#endif + ok = 1; + + err: +diff -up openssl-1.1.1b/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1b/crypto/dsa/dsa_ossl.c +--- openssl-1.1.1b/crypto/dsa/dsa_ossl.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/dsa/dsa_ossl.c 2019-02-28 11:30:06.800745781 +0100 +@@ -14,6 +14,9 @@ + #include + #include "dsa_locl.h" + #include ++#ifdef OPENSSL_FIPS ++# include ++#endif + + static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); + static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, +@@ -73,6 +76,19 @@ static DSA_SIG *dsa_do_sign(const unsign + goto err; + } + ++#ifdef OPENSSL_FIPS ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_DSA_DO_SIGN, FIPS_R_FIPS_SELFTEST_FAILED); ++ return NULL; ++ } ++ ++ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) ++ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL); ++ return NULL; ++ } ++#endif ++ + ret = DSA_SIG_new(); + if (ret == NULL) + goto err; +@@ -301,6 +317,18 @@ static int dsa_do_verify(const unsigned + DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE); + return -1; + } ++#ifdef OPENSSL_FIPS ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_DSA_DO_VERIFY, FIPS_R_FIPS_SELFTEST_FAILED); ++ return -1; ++ } ++ ++ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) ++ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL); ++ return -1; ++ } ++#endif + + if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { + DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE); +@@ -389,6 +417,9 @@ static int dsa_do_verify(const unsigned + + static int dsa_init(DSA *dsa) + { ++#ifdef OPENSSL_FIPS ++ FIPS_selftest_check(); ++#endif + dsa->flags |= DSA_FLAG_CACHE_MONT_P; + return 1; + } +diff -up openssl-1.1.1b/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1b/crypto/dsa/dsa_pmeth.c +--- openssl-1.1.1b/crypto/dsa/dsa_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/dsa/dsa_pmeth.c 2019-02-28 11:30:06.800745781 +0100 +@@ -211,8 +211,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT + BN_GENCB_free(pcb); + return 0; + } +- ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, +- NULL, 0, NULL, NULL, NULL, pcb); ++ ret = dsa_builtin_paramgen2(dsa, dctx->nbits, dctx->qbits, dctx->pmd, ++ NULL, 0, -1, NULL, NULL, NULL, pcb); + BN_GENCB_free(pcb); + if (ret) + EVP_PKEY_assign_DSA(pkey, dsa); +@@ -241,7 +241,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX + + const EVP_PKEY_METHOD dsa_pkey_meth = { + EVP_PKEY_DSA, +- EVP_PKEY_FLAG_AUTOARGLEN, ++ EVP_PKEY_FLAG_AUTOARGLEN | EVP_PKEY_FLAG_FIPS, + pkey_dsa_init, + pkey_dsa_copy, + pkey_dsa_cleanup, +diff -up openssl-1.1.1b/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1b/crypto/ec/ecdh_ossl.c +--- openssl-1.1.1b/crypto/ec/ecdh_ossl.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/ec/ecdh_ossl.c 2019-02-28 11:30:06.801745763 +0100 +@@ -19,9 +19,20 @@ + #include + #include "ec_lcl.h" + ++#ifdef OPENSSL_FIPS ++# include ++#endif ++ + int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen, + const EC_POINT *pub_key, const EC_KEY *ecdh) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_ECDH_COMPUTE_KEY, FIPS_R_FIPS_SELFTEST_FAILED); ++ return -1; ++ } ++#endif ++ + if (ecdh->group->meth->ecdh_compute_key == NULL) { + ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); + return 0; +diff -up openssl-1.1.1b/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1b/crypto/ec/ecdsa_ossl.c +--- openssl-1.1.1b/crypto/ec/ecdsa_ossl.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/ec/ecdsa_ossl.c 2019-02-28 11:30:06.801745763 +0100 +@@ -14,6 +14,10 @@ + #include "internal/bn_int.h" + #include "ec_lcl.h" + ++#ifdef OPENSSL_FIPS ++# include ++#endif ++ + int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) +@@ -159,6 +163,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns + ECDSA_SIG *ret; + const BIGNUM *priv_key; + ++#ifdef OPENSSL_FIPS ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_OSSL_ECDSA_SIGN_SIG, FIPS_R_FIPS_SELFTEST_FAILED); ++ return NULL; ++ } ++#endif ++ + group = EC_KEY_get0_group(eckey); + priv_key = EC_KEY_get0_private_key(eckey); + +@@ -317,6 +328,13 @@ int ossl_ecdsa_verify_sig(const unsigned + const EC_GROUP *group; + const EC_POINT *pub_key; + ++#ifdef OPENSSL_FIPS ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_OSSL_ECDSA_VERIFY_SIG, FIPS_R_FIPS_SELFTEST_FAILED); ++ return -1; ++ } ++#endif ++ + /* check input values */ + if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || + (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { +diff -up openssl-1.1.1b/crypto/ec/ec_key.c.fips openssl-1.1.1b/crypto/ec/ec_key.c +--- openssl-1.1.1b/crypto/ec/ec_key.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/ec/ec_key.c 2019-02-28 11:30:06.802745744 +0100 +@@ -178,14 +178,62 @@ ENGINE *EC_KEY_get0_engine(const EC_KEY + return eckey->engine; + } + ++#ifdef OPENSSL_FIPS ++ ++# include ++# include "internal/fips_int.h" ++ ++static int fips_check_ec(EC_KEY *key) ++{ ++ EVP_PKEY *pk; ++ unsigned char tbs[] = "ECDSA Pairwise Check Data"; ++ int ret = 0; ++ ++ if (!EC_KEY_can_sign(key)) /* no test for non-signing keys */ ++ return 1; ++ ++ if ((pk = EVP_PKEY_new()) == NULL) ++ goto err; ++ ++ EVP_PKEY_set1_EC_KEY(pk, key); ++ ++ if (fips_pkey_signature_test(pk, tbs, -1, NULL, 0, NULL, 0, NULL)) ++ ret = 1; ++ ++ err: ++ if (ret == 0) { ++ FIPSerr(FIPS_F_FIPS_CHECK_EC, FIPS_R_PAIRWISE_TEST_FAILED); ++ fips_set_selftest_fail(); ++ } ++ if (pk) ++ EVP_PKEY_free(pk); ++ return ret; ++} ++ ++#endif ++ + int EC_KEY_generate_key(EC_KEY *eckey) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_selftest_failed()) { ++ ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_NOT_INITIALIZED); ++ return 0; ++ } ++#endif + if (eckey == NULL || eckey->group == NULL) { + ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } +- if (eckey->meth->keygen != NULL) +- return eckey->meth->keygen(eckey); ++ if (eckey->meth->keygen != NULL) { ++ int rv = eckey->meth->keygen(eckey); ++ ++#ifdef OPENSSL_FIPS ++ if (rv > 0 && FIPS_mode()) { ++ rv = fips_check_ec(eckey); ++ } ++#endif ++ return rv; ++ } + ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); + return 0; + } +diff -up openssl-1.1.1b/crypto/ec/ec_pmeth.c.fips openssl-1.1.1b/crypto/ec/ec_pmeth.c +--- openssl-1.1.1b/crypto/ec/ec_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/ec/ec_pmeth.c 2019-05-06 14:47:34.651077251 +0200 +@@ -434,7 +434,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX * + + const EVP_PKEY_METHOD ec_pkey_meth = { + EVP_PKEY_EC, +- 0, ++ EVP_PKEY_FLAG_FIPS, + pkey_ec_init, + pkey_ec_copy, + pkey_ec_cleanup, +diff -up openssl-1.1.1b/crypto/evp/c_allc.c.fips openssl-1.1.1b/crypto/evp/c_allc.c +--- openssl-1.1.1b/crypto/evp/c_allc.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/evp/c_allc.c 2019-02-28 11:30:06.802745744 +0100 +@@ -17,6 +17,9 @@ + void openssl_add_all_ciphers_int(void) + { + ++#ifdef OPENSSL_FIPS ++ if (!FIPS_mode()) { ++#endif + #ifndef OPENSSL_NO_DES + EVP_add_cipher(EVP_des_cfb()); + EVP_add_cipher(EVP_des_cfb1()); +@@ -263,4 +266,70 @@ void openssl_add_all_ciphers_int(void) + EVP_add_cipher(EVP_chacha20_poly1305()); + # endif + #endif ++#ifdef OPENSSL_FIPS ++ } else { ++# ifndef OPENSSL_NO_DES ++ EVP_add_cipher(EVP_des_ede3_cfb()); ++ ++ EVP_add_cipher(EVP_des_ede3_ofb()); ++ ++ EVP_add_cipher(EVP_des_ede3_cbc()); ++ EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3"); ++ EVP_add_cipher_alias(SN_des_ede3_cbc, "des3"); ++ ++ EVP_add_cipher(EVP_des_ede3()); ++ EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB"); ++ EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb"); ++ EVP_add_cipher(EVP_des_ede3_wrap()); ++ EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap"); ++# endif ++ ++# ifndef OPENSSL_NO_AES ++ EVP_add_cipher(EVP_aes_128_ecb()); ++ EVP_add_cipher(EVP_aes_128_cbc()); ++ EVP_add_cipher(EVP_aes_128_cfb()); ++ EVP_add_cipher(EVP_aes_128_cfb1()); ++ EVP_add_cipher(EVP_aes_128_cfb8()); ++ EVP_add_cipher(EVP_aes_128_ofb()); ++ EVP_add_cipher(EVP_aes_128_ctr()); ++ EVP_add_cipher(EVP_aes_128_gcm()); ++ EVP_add_cipher(EVP_aes_128_xts()); ++ EVP_add_cipher(EVP_aes_128_ccm()); ++ EVP_add_cipher(EVP_aes_128_wrap()); ++ EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap"); ++ EVP_add_cipher(EVP_aes_128_wrap_pad()); ++ EVP_add_cipher_alias(SN_aes_128_cbc, "AES128"); ++ EVP_add_cipher_alias(SN_aes_128_cbc, "aes128"); ++ EVP_add_cipher(EVP_aes_192_ecb()); ++ EVP_add_cipher(EVP_aes_192_cbc()); ++ EVP_add_cipher(EVP_aes_192_cfb()); ++ EVP_add_cipher(EVP_aes_192_cfb1()); ++ EVP_add_cipher(EVP_aes_192_cfb8()); ++ EVP_add_cipher(EVP_aes_192_ofb()); ++ EVP_add_cipher(EVP_aes_192_ctr()); ++ EVP_add_cipher(EVP_aes_192_gcm()); ++ EVP_add_cipher(EVP_aes_192_ccm()); ++ EVP_add_cipher(EVP_aes_192_wrap()); ++ EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap"); ++ EVP_add_cipher(EVP_aes_192_wrap_pad()); ++ EVP_add_cipher_alias(SN_aes_192_cbc, "AES192"); ++ EVP_add_cipher_alias(SN_aes_192_cbc, "aes192"); ++ EVP_add_cipher(EVP_aes_256_ecb()); ++ EVP_add_cipher(EVP_aes_256_cbc()); ++ EVP_add_cipher(EVP_aes_256_cfb()); ++ EVP_add_cipher(EVP_aes_256_cfb1()); ++ EVP_add_cipher(EVP_aes_256_cfb8()); ++ EVP_add_cipher(EVP_aes_256_ofb()); ++ EVP_add_cipher(EVP_aes_256_ctr()); ++ EVP_add_cipher(EVP_aes_256_gcm()); ++ EVP_add_cipher(EVP_aes_256_xts()); ++ EVP_add_cipher(EVP_aes_256_ccm()); ++ EVP_add_cipher(EVP_aes_256_wrap()); ++ EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap"); ++ EVP_add_cipher(EVP_aes_256_wrap_pad()); ++ EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); ++ EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); ++# endif ++ } ++#endif + } +diff -up openssl-1.1.1b/crypto/evp/c_alld.c.fips openssl-1.1.1b/crypto/evp/c_alld.c +--- openssl-1.1.1b/crypto/evp/c_alld.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/evp/c_alld.c 2019-02-28 11:30:06.803745726 +0100 +@@ -16,6 +16,9 @@ + + void openssl_add_all_digests_int(void) + { ++#ifdef OPENSSL_FIPS ++ if (!FIPS_mode()) { ++#endif + #ifndef OPENSSL_NO_MD4 + EVP_add_digest(EVP_md4()); + #endif +@@ -57,4 +60,24 @@ void openssl_add_all_digests_int(void) + EVP_add_digest(EVP_sha3_512()); + EVP_add_digest(EVP_shake128()); + EVP_add_digest(EVP_shake256()); ++#ifdef OPENSSL_FIPS ++ } else { ++ EVP_add_digest(EVP_md5_sha1()); ++ EVP_add_digest(EVP_sha1()); ++ EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); ++ EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); ++ EVP_add_digest(EVP_sha224()); ++ EVP_add_digest(EVP_sha256()); ++ EVP_add_digest(EVP_sha384()); ++ EVP_add_digest(EVP_sha512()); ++ EVP_add_digest(EVP_sha512_224()); ++ EVP_add_digest(EVP_sha512_256()); ++ EVP_add_digest(EVP_sha3_224()); ++ EVP_add_digest(EVP_sha3_256()); ++ EVP_add_digest(EVP_sha3_384()); ++ EVP_add_digest(EVP_sha3_512()); ++ EVP_add_digest(EVP_shake128()); ++ EVP_add_digest(EVP_shake256()); ++ } ++#endif + } +diff -up openssl-1.1.1c/crypto/evp/digest.c.fips openssl-1.1.1c/crypto/evp/digest.c +--- openssl-1.1.1c/crypto/evp/digest.c.fips 2019-05-28 15:12:21.000000000 +0200 ++++ openssl-1.1.1c/crypto/evp/digest.c 2019-05-29 15:47:59.220499971 +0200 +@@ -14,6 +14,9 @@ + #include + #include "internal/evp_int.h" + #include "evp_locl.h" ++#ifdef OPENSSL_FIPS ++# include ++#endif + + /* This call frees resources associated with the context */ + int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) +@@ -66,6 +69,12 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons + int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) + { + EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); ++#ifdef OPENSSL_FIPS ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_EVP_DIGESTINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED); ++ return 0; ++ } ++#endif + #ifndef OPENSSL_NO_ENGINE + /* + * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so +@@ -119,6 +128,15 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c + } + #endif + if (ctx->digest != type) { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { ++ if (!(type->flags & EVP_MD_FLAG_FIPS) ++ && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) { ++ EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); ++ return 0; ++ } ++ } ++#endif + if (ctx->digest && ctx->digest->ctx_size) { + OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); + ctx->md_data = NULL; +@@ -150,6 +168,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c + + int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) + { ++#ifdef OPENSSL_FIPS ++ FIPS_selftest_check(); ++#endif ++ + if (count == 0) + return 1; + +@@ -170,6 +192,9 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, + { + int ret; + ++#ifdef OPENSSL_FIPS ++ FIPS_selftest_check(); ++#endif + OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); + ret = ctx->digest->final(ctx, md); + if (size != NULL) +diff -up openssl-1.1.1b/crypto/evp/e_aes.c.fips openssl-1.1.1b/crypto/evp/e_aes.c +--- openssl-1.1.1b/crypto/evp/e_aes.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/evp/e_aes.c 2019-05-06 16:32:41.631668333 +0200 +@@ -387,22 +387,33 @@ static int aesni_xts_init_key(EVP_CIPHER + return 1; + + if (key) { ++ /* The key is two half length keys in reality */ ++ const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; ++ const int bits = bytes * 8; ++ ++ /* ++ * Verify that the two keys are different. ++ * ++ * This addresses Rogaway's vulnerability. ++ * See comment in aes_xts_init_key() below. ++ */ ++ if (memcmp(key, key + bytes, bytes) == 0) { ++ EVPerr(EVP_F_AESNI_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); ++ return 0; ++ } ++ + /* key_len is two AES keys */ + if (enc) { +- aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks1.ks); ++ aesni_set_encrypt_key(key, bits, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) aesni_encrypt; + xctx->stream = aesni_xts_encrypt; + } else { +- aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks1.ks); ++ aesni_set_decrypt_key(key, bits, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) aesni_decrypt; + xctx->stream = aesni_xts_decrypt; + } + +- aesni_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, +- EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks2.ks); ++ aesni_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); + xctx->xts.block2 = (block128_f) aesni_encrypt; + + xctx->xts.key1 = &xctx->ks1; +@@ -791,7 +802,21 @@ static int aes_t4_xts_init_key(EVP_CIPHE + return 1; + + if (key) { +- int bits = EVP_CIPHER_CTX_key_length(ctx) * 4; ++ /* The key is two half length keys in reality */ ++ const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; ++ const int bits = bytes * 8; ++ ++ /* ++ * Verify that the two keys are different. ++ * ++ * This addresses Rogaway's vulnerability. ++ * See comment in aes_xts_init_key() below. ++ */ ++ if (memcmp(key, key + bytes, bytes) == 0) { ++ EVPerr(EVP_F_AES_T4_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); ++ return 0; ++ } ++ + xctx->stream = NULL; + /* key_len is two AES keys */ + if (enc) { +@@ -808,8 +833,7 @@ static int aes_t4_xts_init_key(EVP_CIPHE + return 0; + } + } else { +- aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks1.ks); ++ aes_t4_set_decrypt_key(key, bits, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) aes_t4_decrypt; + switch (bits) { + case 128: +@@ -823,9 +847,7 @@ static int aes_t4_xts_init_key(EVP_CIPHE + } + } + +- aes_t4_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, +- EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks2.ks); ++ aes_t4_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); + xctx->xts.block2 = (block128_f) aes_t4_encrypt; + + xctx->xts.key1 = &xctx->ks1; +@@ -2794,9 +2816,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX + return 1; + } + +-BLOCK_CIPHER_generic_pack(NID_aes, 128, 0) +- BLOCK_CIPHER_generic_pack(NID_aes, 192, 0) +- BLOCK_CIPHER_generic_pack(NID_aes, 256, 0) ++BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS) ++ BLOCK_CIPHER_generic_pack(NID_aes, 192, EVP_CIPH_FLAG_FIPS) ++ BLOCK_CIPHER_generic_pack(NID_aes, 256, EVP_CIPH_FLAG_FIPS) + + static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) + { +@@ -2826,6 +2848,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * + case EVP_CTRL_AEAD_SET_IVLEN: + if (arg <= 0) + return 0; ++# ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) ++ && arg < 12) ++ return 0; ++# endif + /* Allocate memory for IV if needed */ + if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { + if (gctx->iv != c->iv) +@@ -3275,11 +3302,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX + | EVP_CIPH_CUSTOM_COPY) + + BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | ++ CUSTOM_FLAGS) + BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | ++ CUSTOM_FLAGS) + BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | ++ CUSTOM_FLAGS) + + static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + { +@@ -3313,8 +3343,33 @@ static int aes_xts_init_key(EVP_CIPHER_C + if (!iv && !key) + return 1; + +- if (key) ++ if (key) { + do { ++ /* The key is two half length keys in reality */ ++ const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; ++ const int bits = bytes * 8; ++ ++ /* ++ * Verify that the two keys are different. ++ * ++ * This addresses the vulnerability described in Rogaway's ++ * September 2004 paper: ++ * ++ * "Efficient Instantiations of Tweakable Blockciphers and ++ * Refinements to Modes OCB and PMAC". ++ * (http://web.cs.ucdavis.edu/~rogaway/papers/offsets.pdf) ++ * ++ * FIPS 140-2 IG A.9 XTS-AES Key Generation Requirements states ++ * that: ++ * "The check for Key_1 != Key_2 shall be done at any place ++ * BEFORE using the keys in the XTS-AES algorithm to process ++ * data with them." ++ */ ++ if (memcmp(key, key + bytes, bytes) == 0) { ++ EVPerr(EVP_F_AES_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); ++ return 0; ++ } ++ + #ifdef AES_XTS_ASM + xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt; + #else +@@ -3324,26 +3379,20 @@ static int aes_xts_init_key(EVP_CIPHER_C + #ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) { + if (enc) { +- HWAES_set_encrypt_key(key, +- EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks1.ks); ++ HWAES_set_encrypt_key(key, bits, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) HWAES_encrypt; + # ifdef HWAES_xts_encrypt + xctx->stream = HWAES_xts_encrypt; + # endif + } else { +- HWAES_set_decrypt_key(key, +- EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks1.ks); ++ HWAES_set_decrypt_key(key, bits, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) HWAES_decrypt; + # ifdef HWAES_xts_decrypt + xctx->stream = HWAES_xts_decrypt; + #endif + } + +- HWAES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, +- EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks2.ks); ++ HWAES_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); + xctx->xts.block2 = (block128_f) HWAES_encrypt; + + xctx->xts.key1 = &xctx->ks1; +@@ -3358,20 +3407,14 @@ static int aes_xts_init_key(EVP_CIPHER_C + #ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + if (enc) { +- vpaes_set_encrypt_key(key, +- EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks1.ks); ++ vpaes_set_encrypt_key(key, bits, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) vpaes_encrypt; + } else { +- vpaes_set_decrypt_key(key, +- EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks1.ks); ++ vpaes_set_decrypt_key(key, bits, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) vpaes_decrypt; + } + +- vpaes_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, +- EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks2.ks); ++ vpaes_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); + xctx->xts.block2 = (block128_f) vpaes_encrypt; + + xctx->xts.key1 = &xctx->ks1; +@@ -3381,22 +3424,19 @@ static int aes_xts_init_key(EVP_CIPHER_C + (void)0; /* terminate potentially open 'else' */ + + if (enc) { +- AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks1.ks); ++ AES_set_encrypt_key(key, bits, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) AES_encrypt; + } else { +- AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks1.ks); ++ AES_set_decrypt_key(key, bits, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) AES_decrypt; + } + +- AES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, +- EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks2.ks); ++ AES_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); + xctx->xts.block2 = (block128_f) AES_encrypt; + + xctx->xts.key1 = &xctx->ks1; + } while (0); ++ } + + if (iv) { + xctx->xts.key2 = &xctx->ks2; +@@ -3414,6 +3454,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX + return 0; + if (!out || !in || len < AES_BLOCK_SIZE) + return 0; ++# ifdef OPENSSL_FIPS ++ /* Requirement of SP800-38E */ ++ if (FIPS_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && ++ (len > (1UL << 20) * 16)) { ++ EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE); ++ return 0; ++ } ++# endif + if (xctx->stream) + (*xctx->stream) (in, out, len, + xctx->xts.key1, xctx->xts.key2, +@@ -3431,8 +3479,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ + | EVP_CIPH_CUSTOM_COPY) + +-BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS) +- BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS) ++BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, ++ EVP_CIPH_FLAG_FIPS | XTS_FLAGS) ++ BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, ++ EVP_CIPH_FLAG_FIPS | XTS_FLAGS) + + static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + { +@@ -3697,11 +3747,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX + #define aes_ccm_cleanup NULL + + BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) + BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) + BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) + + typedef struct { + union { +@@ -3794,7 +3844,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT + return rv ? (int)rv : -1; + } + +-#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE \ ++#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_FLAG_FIPS \ + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) + +diff -up openssl-1.1.1b/crypto/evp/e_des3.c.fips openssl-1.1.1b/crypto/evp/e_des3.c +--- openssl-1.1.1b/crypto/evp/e_des3.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/evp/e_des3.c 2019-02-28 11:30:06.804745707 +0100 +@@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, + # define des_ede3_cbc_cipher des_ede_cbc_cipher + # define des_ede3_ecb_cipher des_ede_ecb_cipher + BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, +- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, +- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) ++ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | ++ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, ++ des3_ctrl) + + BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, +- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, +- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) ++ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | ++ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, ++ NULL, des3_ctrl) + + BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, +- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, +- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) ++ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | ++ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, ++ NULL, des3_ctrl) + + static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +diff -up openssl-1.1.1b/crypto/evp/e_null.c.fips openssl-1.1.1b/crypto/evp/e_null.c +--- openssl-1.1.1b/crypto/evp/e_null.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/evp/e_null.c 2019-02-28 11:30:06.805745688 +0100 +@@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c + const unsigned char *in, size_t inl); + static const EVP_CIPHER n_cipher = { + NID_undef, +- 1, 0, 0, 0, ++ 1, 0, 0, ++ EVP_CIPH_FLAG_FIPS, + null_init_key, + null_cipher, + NULL, +diff -up openssl-1.1.1b/crypto/evp/evp_enc.c.fips openssl-1.1.1b/crypto/evp/evp_enc.c +--- openssl-1.1.1b/crypto/evp/evp_enc.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/evp/evp_enc.c 2019-02-28 11:30:06.805745688 +0100 +@@ -17,10 +17,19 @@ + #include + #include "internal/evp_int.h" + #include "evp_locl.h" ++#ifdef OPENSSL_FIPS ++# include ++#endif + + int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c) + { +- if (c == NULL) ++#ifdef OPENSSL_FIPS ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_EVP_CIPHER_CTX_RESET, FIPS_R_FIPS_SELFTEST_FAILED); ++ return 0; ++ } ++#endif ++ if (c == NULL) + return 1; + if (c->cipher != NULL) { + if (c->cipher->cleanup && !c->cipher->cleanup(c)) +@@ -39,6 +48,12 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX + + EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_EVP_CIPHER_CTX_NEW, FIPS_R_FIPS_SELFTEST_FAILED); ++ return NULL; ++ } ++#endif + return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX)); + } + +@@ -67,6 +82,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct + enc = 1; + ctx->encrypt = enc; + } ++#ifdef OPENSSL_FIPS ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_EVP_CIPHERINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED); ++ return 0; ++ } ++#endif + #ifndef OPENSSL_NO_ENGINE + /* + * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so +@@ -136,7 +157,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct + } + ctx->key_len = cipher->key_len; + /* Preserve wrap enable flag, zero everything else */ +- ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; ++ ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW | EVP_CIPH_FLAG_NON_FIPS_ALLOW; + if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { + ctx->cipher = NULL; +@@ -195,6 +216,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct + return 0; + } + } ++#ifdef OPENSSL_FIPS ++ /* After 'key' is set no further parameters changes are permissible. ++ * So only check for non FIPS enabling at this point. ++ */ ++ if (key && FIPS_mode()) { ++ if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS) ++ & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) { ++ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS); ++ return 0; ++ } ++ } ++#endif + + if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { + if (!ctx->cipher->init(ctx, key, iv, enc)) +diff -up openssl-1.1.1b/crypto/evp/evp_err.c.fips openssl-1.1.1b/crypto/evp/evp_err.c +--- openssl-1.1.1b/crypto/evp/evp_err.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/evp/evp_err.c 2019-05-06 16:41:08.565739361 +0200 +@@ -15,11 +15,16 @@ + + static const ERR_STRING_DATA EVP_str_functs[] = { + {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_INIT_KEY, 0), "aesni_init_key"}, ++ {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_XTS_INIT_KEY, 0), "aesni_xts_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_GCM_CTRL, 0), "aes_gcm_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_INIT_KEY, 0), "aes_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"}, ++ {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_XTS_INIT_KEY, 0), ++ "aes_t4_xts_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"}, ++ {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_CIPHER, 0), "aes_xts_cipher"}, ++ {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_INIT_KEY, 0), "aes_xts_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_CTRL, 0), "aria_gcm_ctrl"}, +@@ -179,6 +180,7 @@ static const ERR_STRING_DATA EVP_str_rea + "different key types"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS), + "different parameters"}, ++ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DISABLED_FOR_FIPS), "disabled for FIPS"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION), + "error loading section"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE), +@@ -241,6 +243,7 @@ static const ERR_STRING_DATA EVP_str_rea + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR), + "private key encode error"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, ++ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_TOO_LARGE), "too large"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"}, +@@ -266,6 +269,10 @@ static const ERR_STRING_DATA EVP_str_rea + "wrap mode not allowed"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH), + "wrong final block length"}, ++ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE), ++ "xts data unit is too large"}, ++ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS), ++ "xts duplicated keys"}, + {0, NULL} + }; + +diff -up openssl-1.1.1b/crypto/evp/evp_lib.c.fips openssl-1.1.1b/crypto/evp/evp_lib.c +--- openssl-1.1.1b/crypto/evp/evp_lib.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/evp/evp_lib.c 2019-02-28 11:30:06.806745670 +0100 +@@ -192,6 +192,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C + int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl) + { ++#ifdef OPENSSL_FIPS ++ FIPS_selftest_check(); ++#endif + return ctx->cipher->do_cipher(ctx, out, in, inl); + } + +diff -up openssl-1.1.1b/crypto/evp/m_sha1.c.fips openssl-1.1.1b/crypto/evp/m_sha1.c +--- openssl-1.1.1b/crypto/evp/m_sha1.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/evp/m_sha1.c 2019-02-28 11:30:06.806745670 +0100 +@@ -95,7 +95,7 @@ static const EVP_MD sha1_md = { + NID_sha1, + NID_sha1WithRSAEncryption, + SHA_DIGEST_LENGTH, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, + init, + update, + final, +@@ -145,7 +145,7 @@ static const EVP_MD sha224_md = { + NID_sha224, + NID_sha224WithRSAEncryption, + SHA224_DIGEST_LENGTH, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, + init224, + update224, + final224, +@@ -164,7 +164,7 @@ static const EVP_MD sha256_md = { + NID_sha256, + NID_sha256WithRSAEncryption, + SHA256_DIGEST_LENGTH, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, + init256, + update256, + final256, +@@ -224,7 +224,7 @@ static const EVP_MD sha512_224_md = { + NID_sha512_224, + NID_sha512_224WithRSAEncryption, + SHA224_DIGEST_LENGTH, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, + init512_224, + update512, + final512, +@@ -243,7 +243,7 @@ static const EVP_MD sha512_256_md = { + NID_sha512_256, + NID_sha512_256WithRSAEncryption, + SHA256_DIGEST_LENGTH, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, + init512_256, + update512, + final512, +@@ -262,7 +262,7 @@ static const EVP_MD sha384_md = { + NID_sha384, + NID_sha384WithRSAEncryption, + SHA384_DIGEST_LENGTH, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, + init384, + update384, + final384, +@@ -281,7 +281,7 @@ static const EVP_MD sha512_md = { + NID_sha512, + NID_sha512WithRSAEncryption, + SHA512_DIGEST_LENGTH, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, + init512, + update512, + final512, +diff -up openssl-1.1.1b/crypto/evp/m_sha3.c.fips openssl-1.1.1b/crypto/evp/m_sha3.c +--- openssl-1.1.1b/crypto/evp/m_sha3.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/evp/m_sha3.c 2019-05-06 16:12:23.012851747 +0200 +@@ -292,7 +292,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) + NID_sha3_##bitlen, \ + NID_RSA_SHA3_##bitlen, \ + bitlen / 8, \ +- EVP_MD_FLAG_DIGALGID_ABSENT, \ ++ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, \ + s390x_sha3_init, \ + s390x_sha3_update, \ + s390x_sha3_final, \ +@@ -305,7 +305,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) + NID_sha3_##bitlen, \ + NID_RSA_SHA3_##bitlen, \ + bitlen / 8, \ +- EVP_MD_FLAG_DIGALGID_ABSENT, \ ++ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, \ + sha3_init, \ + sha3_update, \ + sha3_final, \ +@@ -326,7 +326,7 @@ const EVP_MD *EVP_shake##bitlen(void) + NID_shake##bitlen, \ + 0, \ + bitlen / 8, \ +- EVP_MD_FLAG_XOF, \ ++ EVP_MD_FLAG_XOF | EVP_MD_FLAG_FIPS, \ + s390x_shake_init, \ + s390x_sha3_update, \ + s390x_shake_final, \ +@@ -340,7 +340,7 @@ const EVP_MD *EVP_shake##bitlen(void) + NID_shake##bitlen, \ + 0, \ + bitlen / 8, \ +- EVP_MD_FLAG_XOF, \ ++ EVP_MD_FLAG_XOF | EVP_MD_FLAG_FIPS, \ + shake_init, \ + sha3_update, \ + sha3_final, \ +@@ -364,7 +364,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) + NID_sha3_##bitlen, \ + NID_RSA_SHA3_##bitlen, \ + bitlen / 8, \ +- EVP_MD_FLAG_DIGALGID_ABSENT, \ ++ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, \ + sha3_init, \ + sha3_update, \ + sha3_final, \ +@@ -383,7 +383,7 @@ const EVP_MD *EVP_shake##bitlen(void) + NID_shake##bitlen, \ + 0, \ + bitlen / 8, \ +- EVP_MD_FLAG_XOF, \ ++ EVP_MD_FLAG_XOF | EVP_MD_FLAG_FIPS, \ + shake_init, \ + sha3_update, \ + sha3_final, \ +diff -up openssl-1.1.1b/crypto/evp/pmeth_lib.c.fips openssl-1.1.1b/crypto/evp/pmeth_lib.c +--- openssl-1.1.1b/crypto/evp/pmeth_lib.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/evp/pmeth_lib.c 2019-05-06 15:11:33.207095983 +0200 +@@ -131,7 +131,15 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKE + pmeth = ENGINE_get_pkey_meth(e, id); + else + #endif ++ { + pmeth = EVP_PKEY_meth_find(id); ++#ifdef OPENSSL_FIPS ++ if (pmeth && !(pmeth->flags & EVP_PKEY_FLAG_FIPS) && FIPS_mode()) { ++ EVPerr(EVP_F_INT_CTX_NEW, EVP_R_DISABLED_FOR_FIPS); ++ return NULL; ++ } ++#endif ++ } + + if (pmeth == NULL) { + #ifndef OPENSSL_NO_ENGINE +diff -up openssl-1.1.1b/crypto/fips/build.info.fips openssl-1.1.1b/crypto/fips/build.info +--- openssl-1.1.1b/crypto/fips/build.info.fips 2019-02-28 11:30:06.806745670 +0100 ++++ openssl-1.1.1b/crypto/fips/build.info 2019-02-28 11:30:06.806745670 +0100 +@@ -0,0 +1,15 @@ ++LIBS=../../libcrypto ++SOURCE[../../libcrypto]=\ ++ fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c \ ++ fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c \ ++ fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ ++ fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \ ++ fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \ ++ fips_dh_selftest.c fips_ers.c ++ ++PROGRAMS_NO_INST=\ ++ fips_standalone_hmac ++ ++SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c ++INCLUDE[fips_standalone_hmac]=../../include ++DEPEND[fips_standalone_hmac]=../../libcrypto +diff -up openssl-1.1.1b/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_aes_selftest.c +--- openssl-1.1.1b/crypto/fips/fips_aes_selftest.c.fips 2019-02-28 11:30:06.807745651 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_aes_selftest.c 2019-02-28 11:30:06.807745651 +0100 +@@ -0,0 +1,372 @@ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++#ifdef OPENSSL_FIPS ++# include ++# include "internal/fips_int.h" ++#endif ++ ++#ifdef OPENSSL_FIPS ++static const struct { ++ const unsigned char key[16]; ++ const unsigned char plaintext[16]; ++ const unsigned char ciphertext[16]; ++} tests[] = { ++ { ++ { ++ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, ++ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}, { ++ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, ++ 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF}, { ++0x69, 0xC4, 0xE0, 0xD8, 0x6A, 0x7B, 0x04, 0x30, ++ 0xD8, 0xCD, 0xB7, 0x80, 0x70, 0xB4, 0xC5, 0x5A},},}; ++ ++int FIPS_selftest_aes() ++{ ++ int n; ++ int ret = 0; ++ EVP_CIPHER_CTX *ctx; ++ ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) ++ goto err; ++ ++ for (n = 0; n < 1; ++n) { ++ unsigned char key[16]; ++ ++ memcpy(key, tests[n].key, sizeof(key)); ++ if (fips_cipher_test(ctx, EVP_aes_128_ecb(), ++ key, NULL, ++ tests[n].plaintext, ++ tests[n].ciphertext, 16) <= 0) ++ goto err; ++ } ++ ret = 1; ++ err: ++ EVP_CIPHER_CTX_free(ctx); ++ if (ret == 0) ++ FIPSerr(FIPS_F_FIPS_SELFTEST_AES, FIPS_R_SELFTEST_FAILED); ++ return ret; ++} ++ ++/* AES-CCM test data from NIST public test vectors */ ++ ++static const unsigned char ccm_key[] = { ++ 0xce, 0xb0, 0x09, 0xae, 0xa4, 0x45, 0x44, 0x51, 0xfe, 0xad, 0xf0, 0xe6, ++ 0xb3, 0x6f, 0x45, 0x55, 0x5d, 0xd0, 0x47, 0x23, 0xba, 0xa4, 0x48, 0xe8 ++}; ++ ++static const unsigned char ccm_nonce[] = { ++ 0x76, 0x40, 0x43, 0xc4, 0x94, 0x60, 0xb7 ++}; ++ ++static const unsigned char ccm_adata[] = { ++ 0x6e, 0x80, 0xdd, 0x7f, 0x1b, 0xad, 0xf3, 0xa1, 0xc9, 0xab, 0x25, 0xc7, ++ 0x5f, 0x10, 0xbd, 0xe7, 0x8c, 0x23, 0xfa, 0x0e, 0xb8, 0xf9, 0xaa, 0xa5, ++ 0x3a, 0xde, 0xfb, 0xf4, 0xcb, 0xf7, 0x8f, 0xe4 ++}; ++ ++static const unsigned char ccm_pt[] = { ++ 0xc8, 0xd2, 0x75, 0xf9, 0x19, 0xe1, 0x7d, 0x7f, 0xe6, 0x9c, 0x2a, 0x1f, ++ 0x58, 0x93, 0x9d, 0xfe, 0x4d, 0x40, 0x37, 0x91, 0xb5, 0xdf, 0x13, 0x10 ++}; ++ ++static const unsigned char ccm_ct[] = { ++ 0x8a, 0x0f, 0x3d, 0x82, 0x29, 0xe4, 0x8e, 0x74, 0x87, 0xfd, 0x95, 0xa2, ++ 0x8a, 0xd3, 0x92, 0xc8, 0x0b, 0x36, 0x81, 0xd4, 0xfb, 0xc7, 0xbb, 0xfd ++}; ++ ++static const unsigned char ccm_tag[] = { ++ 0x2d, 0xd6, 0xef, 0x1c, 0x45, 0xd4, 0xcc, 0xb7, 0x23, 0xdc, 0x07, 0x44, ++ 0x14, 0xdb, 0x50, 0x6d ++}; ++ ++int FIPS_selftest_aes_ccm(void) ++{ ++ int ret = 0; ++ unsigned char out[128], tag[16]; ++ EVP_CIPHER_CTX *ctx; ++ ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) ++ goto err; ++ ++ memset(out, 0, sizeof(out)); ++ if (!EVP_CipherInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 1)) ++ goto err; ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, ++ sizeof(ccm_nonce), NULL)) ++ goto err; ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, ++ sizeof(ccm_tag), NULL)) ++ goto err; ++ if (!EVP_CipherInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce, 1)) ++ goto err; ++ if (EVP_Cipher(ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt)) ++ goto err; ++ if (EVP_Cipher(ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0) ++ goto err; ++ if (EVP_Cipher(ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct)) ++ goto err; ++ ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, 16, tag)) ++ goto err; ++ if (memcmp(tag, ccm_tag, sizeof(ccm_tag)) ++ || memcmp(out, ccm_ct, sizeof(ccm_ct))) ++ goto err; ++ ++ memset(out, 0, sizeof(out)); ++ ++ if (!EVP_CipherInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 0)) ++ goto err; ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, ++ sizeof(ccm_nonce), NULL)) ++ goto err; ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, 16, tag)) ++ goto err; ++ if (!EVP_CipherInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce, 0)) ++ goto err; ++ if (EVP_Cipher(ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct)) ++ goto err; ++ if (EVP_Cipher(ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0) ++ goto err; ++ if (EVP_Cipher(ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt)) ++ goto err; ++ ++ if (memcmp(out, ccm_pt, sizeof(ccm_pt))) ++ goto err; ++ ++ ret = 1; ++ ++ err: ++ EVP_CIPHER_CTX_free(ctx); ++ ++ if (ret == 0) { ++ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM, FIPS_R_SELFTEST_FAILED); ++ return 0; ++ } else ++ return ret; ++ ++} ++ ++/* AES-GCM test data from NIST public test vectors */ ++ ++static const unsigned char gcm_key[] = { ++ 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66, ++ 0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69, ++ 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f ++}; ++ ++static const unsigned char gcm_iv[] = { ++ 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84 ++}; ++ ++static const unsigned char gcm_pt[] = { ++ 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, 0xeb, 0x31, 0xb2, 0xea, ++ 0xcc, 0x2b, 0xf2, 0xa5 ++}; ++ ++static const unsigned char gcm_aad[] = { ++ 0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, 0xdb, 0x37, 0x0c, 0x43, ++ 0x7f, 0xec, 0x78, 0xde ++}; ++ ++static const unsigned char gcm_ct[] = { ++ 0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, 0xd5, 0x36, 0x86, 0x7e, ++ 0xb9, 0xf2, 0x17, 0x36 ++}; ++ ++static const unsigned char gcm_tag[] = { ++ 0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, 0xd7, 0x37, 0xee, 0x62, ++ 0x98, 0xf7, 0x7e, 0x0c ++}; ++ ++int FIPS_selftest_aes_gcm(void) ++{ ++ int ret = 0; ++ unsigned char out[128], tag[16]; ++ EVP_CIPHER_CTX *ctx; ++ ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) ++ goto err; ++ ++ memset(out, 0, sizeof(out)); ++ memset(tag, 0, sizeof(tag)); ++ if (!EVP_CipherInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 1)) ++ goto err; ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ++ sizeof(gcm_iv), NULL)) ++ goto err; ++ if (!EVP_CipherInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv, 1)) ++ goto err; ++ if (EVP_Cipher(ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0) ++ goto err; ++ if (EVP_Cipher(ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct)) ++ goto err; ++ if (EVP_Cipher(ctx, NULL, NULL, 0) < 0) ++ goto err; ++ ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) ++ goto err; ++ ++ if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16)) ++ goto err; ++ ++ memset(out, 0, sizeof(out)); ++ ++ if (!EVP_CipherInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 0)) ++ goto err; ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ++ sizeof(gcm_iv), NULL)) ++ goto err; ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag)) ++ goto err; ++ if (!EVP_CipherInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv, 0)) ++ goto err; ++ if (EVP_Cipher(ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0) ++ goto err; ++ if (EVP_Cipher(ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt)) ++ goto err; ++ if (EVP_Cipher(ctx, NULL, NULL, 0) < 0) ++ goto err; ++ ++ if (memcmp(out, gcm_pt, 16)) ++ goto err; ++ ++ ret = 1; ++ ++ err: ++ EVP_CIPHER_CTX_free(ctx); ++ ++ if (ret == 0) { ++ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM, FIPS_R_SELFTEST_FAILED); ++ return 0; ++ } else ++ return ret; ++ ++} ++ ++static const unsigned char XTS_128_key[] = { ++ 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35, 0x3b, 0x2c, 0x34, 0x38, ++ 0x76, 0x08, 0x17, 0x62, 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18, ++ 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f ++}; ++ ++static const unsigned char XTS_128_i[] = { ++ 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, 0x6e, 0x4b, 0x92, 0x01, ++ 0x3e, 0x76, 0x8a, 0xd5 ++}; ++ ++static const unsigned char XTS_128_pt[] = { ++ 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, 0x6f, 0xb3, 0x50, 0x39, ++ 0x07, 0x90, 0x31, 0x1c ++}; ++ ++static const unsigned char XTS_128_ct[] = { ++ 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a, 0x82, 0x50, 0x81, 0xd5, ++ 0xbe, 0x47, 0x1c, 0x63 ++}; ++ ++static const unsigned char XTS_256_key[] = { ++ 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e, 0x48, 0x01, 0xe4, 0x2f, ++ 0x4b, 0x09, 0x47, 0x14, 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7, ++ 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c, 0xd6, 0xe1, 0x3f, 0xfd, ++ 0xf2, 0x41, 0x8d, 0x8d, 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3, ++ 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58, 0x31, 0x8e, 0xea, 0x39, ++ 0x2c, 0xf4, 0x1b, 0x08 ++}; ++ ++static const unsigned char XTS_256_i[] = { ++ 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2, 0xf0, 0x42, 0x8e, 0x84, ++ 0xa9, 0xf8, 0x75, 0x64 ++}; ++ ++static const unsigned char XTS_256_pt[] = { ++ 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1, 0xac, 0xc6, 0x47, 0xe8, ++ 0x10, 0xbb, 0xc3, 0x64, 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3, ++ 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e ++}; ++ ++static const unsigned char XTS_256_ct[] = { ++ 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5, 0x0b, 0x37, 0xf9, 0x34, ++ 0xd4, 0x6a, 0x9b, 0x13, 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a, ++ 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb ++}; ++ ++int FIPS_selftest_aes_xts() ++{ ++ int ret = 1; ++ EVP_CIPHER_CTX *ctx; ++ ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) ++ goto err; ++ ++ if (fips_cipher_test(ctx, EVP_aes_128_xts(), ++ XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct, ++ sizeof(XTS_128_pt)) <= 0) ++ ret = 0; ++ ++ if (fips_cipher_test(ctx, EVP_aes_256_xts(), ++ XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct, ++ sizeof(XTS_256_pt)) <= 0) ++ ret = 0; ++ ++ EVP_CIPHER_CTX_free(ctx); ++ ++ err: ++ if (ret == 0) ++ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS, FIPS_R_SELFTEST_FAILED); ++ return ret; ++} ++ ++#endif +diff -up openssl-1.1.1b/crypto/fips/fips.c.fips openssl-1.1.1b/crypto/fips/fips.c +--- openssl-1.1.1b/crypto/fips/fips.c.fips 2019-02-28 11:30:06.807745651 +0100 ++++ openssl-1.1.1b/crypto/fips/fips.c 2019-02-28 11:30:06.807745651 +0100 +@@ -0,0 +1,526 @@ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#define _GNU_SOURCE ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "fips_locl.h" ++ ++#ifdef OPENSSL_FIPS ++ ++# include ++# include "internal/thread_once.h" ++ ++# ifndef PATH_MAX ++# define PATH_MAX 1024 ++# endif ++ ++static int fips_selftest_fail = 0; ++static int fips_mode = 0; ++static int fips_started = 0; ++ ++static int fips_is_owning_thread(void); ++static int fips_set_owning_thread(void); ++static int fips_clear_owning_thread(void); ++ ++static CRYPTO_RWLOCK *fips_lock = NULL; ++static CRYPTO_RWLOCK *fips_owning_lock = NULL; ++static CRYPTO_ONCE fips_lock_init = CRYPTO_ONCE_STATIC_INIT; ++ ++DEFINE_RUN_ONCE_STATIC(do_fips_lock_init) ++{ ++ fips_lock = CRYPTO_THREAD_lock_new(); ++ fips_owning_lock = CRYPTO_THREAD_lock_new(); ++ return fips_lock != NULL && fips_owning_lock != NULL; ++} ++ ++# define fips_w_lock() CRYPTO_THREAD_write_lock(fips_lock) ++# define fips_w_unlock() CRYPTO_THREAD_unlock(fips_lock) ++# define fips_r_lock() CRYPTO_THREAD_read_lock(fips_lock) ++# define fips_r_unlock() CRYPTO_THREAD_unlock(fips_lock) ++ ++static void fips_set_mode(int onoff) ++{ ++ int owning_thread = fips_is_owning_thread(); ++ ++ if (fips_started) { ++ if (!owning_thread) ++ fips_w_lock(); ++ fips_mode = onoff; ++ if (!owning_thread) ++ fips_w_unlock(); ++ } ++} ++ ++int FIPS_module_mode(void) ++{ ++ int ret = 0; ++ int owning_thread = fips_is_owning_thread(); ++ ++ if (fips_started) { ++ if (!owning_thread) ++ fips_r_lock(); ++ ret = fips_mode; ++ if (!owning_thread) ++ fips_r_unlock(); ++ } ++ return ret; ++} ++ ++/* just a compat symbol - return NULL */ ++int FIPS_selftest_failed(void) ++{ ++ int ret = 0; ++ if (fips_started) { ++ int owning_thread = fips_is_owning_thread(); ++ ++ if (!owning_thread) ++ fips_r_lock(); ++ ret = fips_selftest_fail; ++ if (!owning_thread) ++ fips_r_unlock(); ++ } ++ return ret; ++} ++ ++/* Selftest failure fatal exit routine. This will be called ++ * during *any* cryptographic operation. It has the minimum ++ * overhead possible to avoid too big a performance hit. ++ */ ++ ++void FIPS_selftest_check(void) ++{ ++ if (fips_selftest_fail) { ++ OpenSSLDie(__FILE__, __LINE__, "FATAL FIPS SELFTEST FAILURE"); ++ } ++} ++ ++void fips_set_selftest_fail(void) ++{ ++ fips_selftest_fail = 1; ++} ++ ++/* we implement what libfipscheck does ourselves */ ++ ++static int ++get_library_path(const char *libname, const char *symbolname, char *path, ++ size_t pathlen) ++{ ++ Dl_info info; ++ void *dl, *sym; ++ int rv = -1; ++ ++ dl = dlopen(libname, RTLD_LAZY); ++ if (dl == NULL) { ++ return -1; ++ } ++ ++ sym = dlsym(dl, symbolname); ++ ++ if (sym != NULL && dladdr(sym, &info)) { ++ strncpy(path, info.dli_fname, pathlen - 1); ++ path[pathlen - 1] = '\0'; ++ rv = 0; ++ } ++ ++ dlclose(dl); ++ ++ return rv; ++} ++ ++static const char conv[] = "0123456789abcdef"; ++ ++static char *bin2hex(void *buf, size_t len) ++{ ++ char *hex, *p; ++ unsigned char *src = buf; ++ ++ hex = malloc(len * 2 + 1); ++ if (hex == NULL) ++ return NULL; ++ ++ p = hex; ++ ++ while (len > 0) { ++ unsigned c; ++ ++ c = *src; ++ src++; ++ ++ *p = conv[c >> 4]; ++ ++p; ++ *p = conv[c & 0x0f]; ++ ++p; ++ --len; ++ } ++ *p = '\0'; ++ return hex; ++} ++ ++# define HMAC_PREFIX "." ++# ifndef HMAC_SUFFIX ++# define HMAC_SUFFIX ".hmac" ++# endif ++# define READ_BUFFER_LENGTH 16384 ++ ++static char *make_hmac_path(const char *origpath) ++{ ++ char *path, *p; ++ const char *fn; ++ ++ path = ++ malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath)); ++ if (path == NULL) { ++ return NULL; ++ } ++ ++ fn = strrchr(origpath, '/'); ++ if (fn == NULL) { ++ fn = origpath; ++ } else { ++ ++fn; ++ } ++ ++ strncpy(path, origpath, fn - origpath); ++ p = path + (fn - origpath); ++ p = stpcpy(p, HMAC_PREFIX); ++ p = stpcpy(p, fn); ++ p = stpcpy(p, HMAC_SUFFIX); ++ ++ return path; ++} ++ ++static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP"; ++ ++static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen) ++{ ++ FILE *f = NULL; ++ int rv = -1; ++ unsigned char rbuf[READ_BUFFER_LENGTH]; ++ size_t len; ++ unsigned int hlen; ++ HMAC_CTX *c; ++ ++ c = HMAC_CTX_new(); ++ if (c == NULL) ++ return rv; ++ ++ f = fopen(path, "r"); ++ ++ if (f == NULL) { ++ goto end; ++ } ++ ++ if (HMAC_Init_ex(c, hmackey, sizeof(hmackey) - 1, EVP_sha256(), NULL) <= 0) { ++ goto end; ++ } ++ ++ while ((len = fread(rbuf, 1, sizeof(rbuf), f)) != 0) { ++ if (HMAC_Update(c, rbuf, len) <= 0) { ++ goto end; ++ } ++ } ++ ++ len = sizeof(rbuf); ++ /* reuse rbuf for hmac */ ++ if (HMAC_Final(c, rbuf, &hlen) <= 0) { ++ goto end; ++ } ++ ++ *buf = malloc(hlen); ++ if (*buf == NULL) { ++ goto end; ++ } ++ ++ *hmaclen = hlen; ++ ++ memcpy(*buf, rbuf, hlen); ++ ++ rv = 0; ++ end: ++ HMAC_CTX_free(c); ++ ++ if (f) ++ fclose(f); ++ ++ return rv; ++} ++ ++static int FIPSCHECK_verify(const char *path) ++{ ++ int rv = 0; ++ FILE *hf; ++ char *hmacpath, *p; ++ char *hmac = NULL; ++ size_t n; ++ ++ hmacpath = make_hmac_path(path); ++ if (hmacpath == NULL) ++ return 0; ++ ++ hf = fopen(hmacpath, "r"); ++ if (hf == NULL) { ++ free(hmacpath); ++ return 0; ++ } ++ ++ if (getline(&hmac, &n, hf) > 0) { ++ void *buf; ++ size_t hmaclen; ++ char *hex; ++ ++ if ((p = strchr(hmac, '\n')) != NULL) ++ *p = '\0'; ++ ++ if (compute_file_hmac(path, &buf, &hmaclen) < 0) { ++ rv = -4; ++ goto end; ++ } ++ ++ if ((hex = bin2hex(buf, hmaclen)) == NULL) { ++ free(buf); ++ rv = -5; ++ goto end; ++ } ++ ++ if (strcmp(hex, hmac) != 0) { ++ rv = -1; ++ } ++ free(buf); ++ free(hex); ++ } else { ++ rv = -1; ++ } ++ ++ end: ++ free(hmac); ++ free(hmacpath); ++ fclose(hf); ++ ++ if (rv < 0) ++ return 0; ++ ++ /* check successful */ ++ return 1; ++} ++ ++static int verify_checksums(void) ++{ ++ int rv; ++ char path[PATH_MAX + 1]; ++ char *p; ++ ++ /* we need to avoid dlopening libssl, assume both libcrypto and libssl ++ are in the same directory */ ++ ++ rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER, ++ "FIPS_mode_set", path, sizeof(path)); ++ if (rv < 0) ++ return 0; ++ ++ rv = FIPSCHECK_verify(path); ++ if (!rv) ++ return 0; ++ ++ /* replace libcrypto with libssl */ ++ while ((p = strstr(path, "libcrypto.so")) != NULL) { ++ p = stpcpy(p, "libssl"); ++ memmove(p, p + 3, strlen(p + 2)); ++ } ++ ++ rv = FIPSCHECK_verify(path); ++ if (!rv) ++ return 0; ++ return 1; ++} ++ ++# ifndef FIPS_MODULE_PATH ++# define FIPS_MODULE_PATH "/etc/system-fips" ++# endif ++ ++int FIPS_module_installed(void) ++{ ++ int rv; ++ rv = access(FIPS_MODULE_PATH, F_OK); ++ if (rv < 0 && errno != ENOENT) ++ rv = 0; ++ ++ /* Installed == true */ ++ return !rv; ++} ++ ++int FIPS_module_mode_set(int onoff) ++{ ++ int ret = 0; ++ ++ if (!RUN_ONCE(&fips_lock_init, do_fips_lock_init)) ++ return 0; ++ ++ fips_w_lock(); ++ fips_started = 1; ++ fips_set_owning_thread(); ++ ++ if (onoff) { ++ ++ fips_selftest_fail = 0; ++ ++ /* Don't go into FIPS mode twice, just so we can do automagic ++ seeding */ ++ if (FIPS_module_mode()) { ++ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET, ++ FIPS_R_FIPS_MODE_ALREADY_SET); ++ fips_selftest_fail = 1; ++ ret = 0; ++ goto end; ++ } ++# ifdef OPENSSL_IA32_SSE2 ++ { ++ extern unsigned int OPENSSL_ia32cap_P[2]; ++ if ((OPENSSL_ia32cap_P[0] & (1 << 25 | 1 << 26)) != ++ (1 << 25 | 1 << 26)) { ++ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET, ++ FIPS_R_UNSUPPORTED_PLATFORM); ++ fips_selftest_fail = 1; ++ ret = 0; ++ goto end; ++ } ++ } ++# endif ++ ++ if (!FIPS_selftest()) { ++ fips_selftest_fail = 1; ++ ret = 0; ++ goto end; ++ } ++ ++ if (!verify_checksums()) { ++ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET, ++ FIPS_R_FINGERPRINT_DOES_NOT_MATCH); ++ fips_selftest_fail = 1; ++ ret = 0; ++ goto end; ++ } ++ ++ fips_set_mode(onoff); ++ ret = 1; ++ goto end; ++ } ++ fips_set_mode(0); ++ fips_selftest_fail = 0; ++ ret = 1; ++ end: ++ fips_clear_owning_thread(); ++ fips_w_unlock(); ++ return ret; ++} ++ ++static CRYPTO_THREAD_ID fips_threadid; ++static int fips_thread_set = 0; ++ ++static int fips_is_owning_thread(void) ++{ ++ int ret = 0; ++ ++ if (fips_started) { ++ CRYPTO_THREAD_read_lock(fips_owning_lock); ++ if (fips_thread_set) { ++ CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id(); ++ if (CRYPTO_THREAD_compare_id(fips_threadid, cur)) ++ ret = 1; ++ } ++ CRYPTO_THREAD_unlock(fips_owning_lock); ++ } ++ return ret; ++} ++ ++int fips_set_owning_thread(void) ++{ ++ int ret = 0; ++ ++ if (fips_started) { ++ CRYPTO_THREAD_write_lock(fips_owning_lock); ++ if (!fips_thread_set) { ++ fips_threadid = CRYPTO_THREAD_get_current_id(); ++ ret = 1; ++ fips_thread_set = 1; ++ } ++ CRYPTO_THREAD_unlock(fips_owning_lock); ++ } ++ return ret; ++} ++ ++int fips_clear_owning_thread(void) ++{ ++ int ret = 0; ++ ++ if (fips_started) { ++ CRYPTO_THREAD_write_lock(fips_owning_lock); ++ if (fips_thread_set) { ++ CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id(); ++ if (CRYPTO_THREAD_compare_id(fips_threadid, cur)) ++ fips_thread_set = 0; ++ } ++ CRYPTO_THREAD_unlock(fips_owning_lock); ++ } ++ return ret; ++} ++ ++#endif +diff -up openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c +--- openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c.fips 2019-02-28 11:30:06.808745633 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c 2019-02-28 11:30:06.808745633 +0100 +@@ -0,0 +1,156 @@ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++#include ++#include "internal/fips_int.h" ++#include ++#include "fips_locl.h" ++ ++#ifdef OPENSSL_FIPS ++typedef struct { ++ int nid; ++ const unsigned char key[EVP_MAX_KEY_LENGTH]; ++ size_t keysize; ++ const unsigned char msg[64]; ++ size_t msgsize; ++ const unsigned char mac[32]; ++ size_t macsize; ++} CMAC_KAT; ++ ++/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */ ++static const CMAC_KAT vector[] = { ++ {NID_aes_128_cbc, /* Count = 32 from CMACGenAES128.txt */ ++ {0x77, 0xa7, 0x7f, 0xaf, 0x29, 0x0c, 0x1f, 0xa3, ++ 0x0c, 0x68, 0x3d, 0xf1, 0x6b, 0xa7, 0xa7, 0x7b,}, 128, ++ {0x02, 0x06, 0x83, 0xe1, 0xf0, 0x39, 0x2f, 0x4c, ++ 0xac, 0x54, 0x31, 0x8b, 0x60, 0x29, 0x25, 0x9e, ++ 0x9c, 0x55, 0x3d, 0xbc, 0x4b, 0x6a, 0xd9, 0x98, ++ 0xe6, 0x4d, 0x58, 0xe4, 0xe7, 0xdc, 0x2e, 0x13,}, 256, ++ {0xfb, 0xfe, 0xa4, 0x1b,}, 32}, ++ {NID_aes_192_cbc, /* Count = 23 from CMACGenAES192.txt */ ++ {0x7b, 0x32, 0x39, 0x13, 0x69, 0xaa, 0x4c, 0xa9, ++ 0x75, 0x58, 0x09, 0x5b, 0xe3, 0xc3, 0xec, 0x86, ++ 0x2b, 0xd0, 0x57, 0xce, 0xf1, 0xe3, 0x2d, 0x62,}, 192, ++ {0x0}, 0, ++ {0xe4, 0xd9, 0x34, 0x0b, 0x03, 0xe6, 0x7d, 0xef, ++ 0xd4, 0x96, 0x9c, 0xc1, 0xed, 0x37, 0x35, 0xe6,}, 128, ++ }, ++ {NID_aes_256_cbc, /* Count = 33 from CMACGenAES256.txt */ ++ {0x0b, 0x12, 0x2a, 0xc8, 0xf3, 0x4e, 0xd1, 0xfe, ++ 0x08, 0x2a, 0x36, 0x25, 0xd1, 0x57, 0x56, 0x14, ++ 0x54, 0x16, 0x7a, 0xc1, 0x45, 0xa1, 0x0b, 0xbf, ++ 0x77, 0xc6, 0xa7, 0x05, 0x96, 0xd5, 0x74, 0xf1,}, 256, ++ {0x49, 0x8b, 0x53, 0xfd, 0xec, 0x87, 0xed, 0xcb, ++ 0xf0, 0x70, 0x97, 0xdc, 0xcd, 0xe9, 0x3a, 0x08, ++ 0x4b, 0xad, 0x75, 0x01, 0xa2, 0x24, 0xe3, 0x88, ++ 0xdf, 0x34, 0x9c, 0xe1, 0x89, 0x59, 0xfe, 0x84, ++ 0x85, 0xf8, 0xad, 0x15, 0x37, 0xf0, 0xd8, 0x96, ++ 0xea, 0x73, 0xbe, 0xdc, 0x72, 0x14, 0x71, 0x3f,}, 384, ++ {0xf6, 0x2c, 0x46, 0x32, 0x9b,}, 40, ++ }, ++ {NID_des_ede3_cbc, /* Count = 41 from CMACGenTDES3.req */ ++ {0x89, 0xbc, 0xd9, 0x52, 0xa8, 0xc8, 0xab, 0x37, ++ 0x1a, 0xf4, 0x8a, 0xc7, 0xd0, 0x70, 0x85, 0xd5, ++ 0xef, 0xf7, 0x02, 0xe6, 0xd6, 0x2c, 0xdc, 0x23,}, 192, ++ {0xfa, 0x62, 0x0c, 0x1b, 0xbe, 0x97, 0x31, 0x9e, ++ 0x9a, 0x0c, 0xf0, 0x49, 0x21, 0x21, 0xf7, 0xa2, ++ 0x0e, 0xb0, 0x8a, 0x6a, 0x70, 0x9d, 0xcb, 0xd0, ++ 0x0a, 0xaf, 0x38, 0xe4, 0xf9, 0x9e, 0x75, 0x4e,}, 256, ++ {0x8f, 0x49, 0xa1, 0xb7, 0xd6, 0xaa, 0x22, 0x58,}, 64, ++ }, ++}; ++ ++int FIPS_selftest_cmac() ++{ ++ size_t n, outlen; ++ unsigned char out[32]; ++ const EVP_CIPHER *cipher; ++ CMAC_CTX *ctx = CMAC_CTX_new(); ++ const CMAC_KAT *t; ++ int rv = 1; ++ ++ for (n = 0, t = vector; n < sizeof(vector) / sizeof(vector[0]); n++, t++) { ++ cipher = EVP_get_cipherbynid(t->nid); ++ if (!cipher) { ++ rv = -1; ++ goto err; ++ } ++ if (!CMAC_Init(ctx, t->key, t->keysize / 8, cipher, 0)) { ++ rv = -1; ++ goto err; ++ } ++ if (!CMAC_Update(ctx, t->msg, t->msgsize / 8)) { ++ rv = -1; ++ goto err; ++ } ++ ++ if (!CMAC_Final(ctx, out, &outlen)) { ++ rv = -1; ++ goto err; ++ } ++ ++ if (outlen < t->macsize / 8 || memcmp(out, t->mac, t->macsize / 8)) { ++ rv = 0; ++ } ++ } ++ ++ err: ++ CMAC_CTX_free(ctx); ++ ++ if (rv == -1) { ++ rv = 0; ++ } ++ if (!rv) ++ FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC, FIPS_R_SELFTEST_FAILED); ++ ++ return rv; ++} ++#endif +diff -up openssl-1.1.1b/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_des_selftest.c +--- openssl-1.1.1b/crypto/fips/fips_des_selftest.c.fips 2019-02-28 11:30:06.808745633 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_des_selftest.c 2019-02-28 11:30:06.808745633 +0100 +@@ -0,0 +1,133 @@ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++#ifdef OPENSSL_FIPS ++# include ++# include "internal/fips_int.h" ++#endif ++#include ++ ++#ifdef OPENSSL_FIPS ++ ++static const struct { ++ const unsigned char key[16]; ++ const unsigned char plaintext[8]; ++ const unsigned char ciphertext[8]; ++} tests2[] = { ++ { ++ { ++ 0x7c, 0x4f, 0x6e, 0xf7, 0xa2, 0x04, 0x16, 0xec, ++ 0x0b, 0x6b, 0x7c, 0x9e, 0x5e, 0x19, 0xa7, 0xc4}, { ++ 0x06, 0xa7, 0xd8, 0x79, 0xaa, 0xce, 0x69, 0xef}, { ++ 0x4c, 0x11, 0x17, 0x55, 0xbf, 0xc4, 0x4e, 0xfd} ++ }, { ++ { ++ 0x5d, 0x9e, 0x01, 0xd3, 0x25, 0xc7, 0x3e, 0x34, ++ 0x01, 0x16, 0x7c, 0x85, 0x23, 0xdf, 0xe0, 0x68}, { ++ 0x9c, 0x50, 0x09, 0x0f, 0x5e, 0x7d, 0x69, 0x7e}, { ++ 0xd2, 0x0b, 0x18, 0xdf, 0xd9, 0x0d, 0x9e, 0xff},} ++}; ++ ++static const struct { ++ const unsigned char key[24]; ++ const unsigned char plaintext[8]; ++ const unsigned char ciphertext[8]; ++} tests3[] = { ++ { ++ { ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, ++ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0}, { ++ 0x8f, 0x8f, 0xbf, 0x9b, 0x5d, 0x48, 0xb4, 0x1c}, { ++ 0x59, 0x8c, 0xe5, 0xd3, 0x6c, 0xa2, 0xea, 0x1b},}, { ++ { ++ 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0xFE, ++ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, ++ 0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4}, { ++ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, { ++0x11, 0x25, 0xb0, 0x35, 0xbe, 0xa0, 0x82, 0x86},},}; ++ ++int FIPS_selftest_des() ++{ ++ int n, ret = 0; ++ EVP_CIPHER_CTX *ctx; ++ ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) ++ goto err; ++ ++ /* Encrypt/decrypt with 2-key 3DES and compare to known answers */ ++ for (n = 0; n < 2; ++n) { ++ unsigned char plaintext[8]; ++ ++ memcpy(plaintext, tests2[n].plaintext, sizeof(plaintext)); ++ if (!fips_cipher_test(ctx, EVP_des_ede_ecb(), ++ tests2[n].key, NULL, ++ plaintext, tests2[n].ciphertext, 8)) ++ goto err; ++ } ++ ++ /* Encrypt/decrypt with 3DES and compare to known answers */ ++ for (n = 0; n < 2; ++n) { ++ if (!fips_cipher_test(ctx, EVP_des_ede3_ecb(), ++ tests3[n].key, NULL, ++ tests3[n].plaintext, tests3[n].ciphertext, 8)) ++ goto err; ++ } ++ ret = 1; ++ err: ++ EVP_CIPHER_CTX_free(ctx); ++ if (ret == 0) ++ FIPSerr(FIPS_F_FIPS_SELFTEST_DES, FIPS_R_SELFTEST_FAILED); ++ ++ return ret; ++} ++#endif +diff -up openssl-1.1.1b/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_dh_selftest.c +--- openssl-1.1.1b/crypto/fips/fips_dh_selftest.c.fips 2019-02-28 11:30:06.810745596 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_dh_selftest.c 2019-02-28 11:30:06.810745596 +0100 +@@ -0,0 +1,180 @@ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 2013 Red Hat, Inc. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "fips_locl.h" ++ ++#ifdef OPENSSL_FIPS ++ ++static const unsigned char dh_test_2048_p[] = { ++ 0xAE, 0xEC, 0xEE, 0x22, 0xFA, 0x3A, 0xA5, 0x22, 0xC0, 0xDE, 0x0F, 0x09, ++ 0x7E, 0x17, 0xC0, 0x05, 0xF9, 0xF1, 0xE7, 0xC6, 0x87, 0x14, 0x6D, 0x11, ++ 0xE7, 0xAE, 0xED, 0x2F, 0x72, 0x59, 0xC5, 0xA9, 0x9B, 0xB8, 0x02, 0xA5, ++ 0xF3, 0x69, 0x70, 0xD6, 0xDD, 0x90, 0xF9, 0x19, 0x79, 0xBE, 0x60, 0x8F, ++ 0x25, 0x92, 0x30, 0x1C, 0x51, 0x51, 0x38, 0x26, 0x82, 0x25, 0xE6, 0xFC, ++ 0xED, 0x65, 0x96, 0x8F, 0x57, 0xE5, 0x53, 0x8B, 0x38, 0x63, 0xC7, 0xCE, ++ 0xBC, 0x1B, 0x4D, 0x18, 0x2A, 0x5B, 0x04, 0x3F, 0x6A, 0x3C, 0x94, 0x39, ++ 0xAE, 0x36, 0xD6, 0x5E, 0x0F, 0xA2, 0xCC, 0xD0, 0xD4, 0xD5, 0xC6, 0x1E, ++ 0xF6, 0xA0, 0xF5, 0x89, 0x4E, 0xB4, 0x0B, 0xA4, 0xB3, 0x2B, 0x3D, 0xE2, ++ 0x4E, 0xE1, 0x49, 0x25, 0x99, 0x5F, 0x32, 0x16, 0x33, 0x32, 0x1B, 0x7A, ++ 0xA5, 0x5C, 0x6B, 0x34, 0x0D, 0x39, 0x99, 0xDC, 0xF0, 0x76, 0xE5, 0x5A, ++ 0xD4, 0x71, 0x00, 0xED, 0x5A, 0x73, 0xFB, 0xC8, 0x01, 0xAD, 0x99, 0xCF, ++ 0x99, 0x52, 0x7C, 0x9C, 0x64, 0xC6, 0x76, 0x40, 0x57, 0xAF, 0x59, 0xD7, ++ 0x38, 0x0B, 0x40, 0xDE, 0x33, 0x0D, 0xB8, 0x76, 0xEC, 0xA9, 0xD8, 0x73, ++ 0xF8, 0xEF, 0x26, 0x66, 0x06, 0x27, 0xDD, 0x7C, 0xA4, 0x10, 0x9C, 0xA6, ++ 0xAA, 0xF9, 0x53, 0x62, 0x73, 0x1D, 0xBA, 0x1C, 0xF1, 0x67, 0xF4, 0x35, ++ 0xED, 0x6F, 0x37, 0x92, 0xE8, 0x4F, 0x6C, 0xBA, 0x52, 0x6E, 0xA1, 0xED, ++ 0xDA, 0x9F, 0x85, 0x11, 0x82, 0x52, 0x62, 0x08, 0x44, 0xF1, 0x30, 0x03, ++ 0xC3, 0x38, 0x2C, 0x79, 0xBD, 0xD4, 0x43, 0x45, 0xEE, 0x8E, 0x50, 0xFC, ++ 0x29, 0x46, 0x9A, 0xFE, 0x54, 0x1A, 0x19, 0x8F, 0x4B, 0x84, 0x08, 0xDE, ++ 0x20, 0x62, 0x73, 0xCC, 0xDD, 0x7E, 0xF0, 0xEF, 0xA2, 0xFD, 0x86, 0x58, ++ 0x4B, 0xD8, 0x37, 0xEB ++}; ++ ++static const unsigned char dh_test_2048_g[] = { ++ 0x02 ++}; ++ ++static const unsigned char dh_test_2048_pub_key[] = { ++ 0xA0, 0x39, 0x11, 0x77, 0x9A, 0xC1, 0x30, 0x1F, 0xBE, 0x48, 0xA7, 0xAA, ++ 0xA0, 0x84, 0x54, 0x64, 0xAD, 0x1B, 0x70, 0xFA, 0x13, 0x55, 0x63, 0xD2, ++ 0x1F, 0x62, 0x32, 0x93, 0x8E, 0xC9, 0x3E, 0x09, 0xA7, 0x64, 0xE4, 0x12, ++ 0x6E, 0x1B, 0xF2, 0x92, 0x3B, 0xB9, 0xCB, 0x56, 0xEA, 0x07, 0x88, 0xB5, ++ 0xA6, 0xBC, 0x16, 0x1F, 0x27, 0xFE, 0xD8, 0xAA, 0x40, 0xB2, 0xB0, 0x2D, ++ 0x37, 0x76, 0xA6, 0xA4, 0x82, 0x2C, 0x0E, 0x22, 0x64, 0x9D, 0xCB, 0xD1, ++ 0x00, 0xB7, 0x89, 0x14, 0x72, 0x4E, 0xBE, 0x48, 0x41, 0xF8, 0xB2, 0x51, ++ 0x11, 0x09, 0x4B, 0x22, 0x01, 0x23, 0x39, 0x96, 0xE0, 0x15, 0xD7, 0x9F, ++ 0x60, 0xD1, 0xB7, 0xAE, 0xFE, 0x5F, 0xDB, 0xE7, 0x03, 0x17, 0x97, 0xA6, ++ 0x16, 0x74, 0xBD, 0x53, 0x81, 0x19, 0xC5, 0x47, 0x5E, 0xCE, 0x8D, 0xED, ++ 0x45, 0x5D, 0x3C, 0x00, 0xA0, 0x0A, 0x68, 0x6A, 0xE0, 0x8E, 0x06, 0x46, ++ 0x6F, 0xD7, 0xF9, 0xDF, 0x31, 0x7E, 0x77, 0x44, 0x0D, 0x98, 0xE0, 0xCA, ++ 0x98, 0x09, 0x52, 0x04, 0x90, 0xEA, 0x6D, 0xF4, 0x30, 0x69, 0x8F, 0xB1, ++ 0x9B, 0xC1, 0x43, 0xDB, 0xD5, 0x8D, 0xC8, 0x8E, 0xB6, 0x0B, 0x05, 0xBE, ++ 0x0E, 0xC5, 0x99, 0xC8, 0x6E, 0x4E, 0xF3, 0xCB, 0xC3, 0x5E, 0x9B, 0x53, ++ 0xF7, 0x06, 0x1C, 0x4F, 0xC7, 0xB8, 0x6E, 0x30, 0x18, 0xCA, 0x9B, 0xB9, ++ 0xBC, 0x5F, 0x17, 0x72, 0x29, 0x5A, 0xE5, 0xD9, 0x96, 0xB7, 0x0B, 0xF3, ++ 0x2D, 0x8C, 0xF1, 0xE1, 0x0E, 0x0D, 0x74, 0xD5, 0x9D, 0xF0, 0x06, 0xA9, ++ 0xB4, 0x95, 0x63, 0x76, 0x46, 0x55, 0x48, 0x82, 0x39, 0x90, 0xEF, 0x56, ++ 0x75, 0x34, 0xB8, 0x34, 0xC3, 0x18, 0x6E, 0x1E, 0xAD, 0xE3, 0x48, 0x7E, ++ 0x93, 0x2C, 0x23, 0xE7, 0xF8, 0x90, 0x73, 0xB1, 0x77, 0x80, 0x67, 0xA9, ++ 0x36, 0x9E, 0xDA, 0xD2 ++}; ++ ++static const unsigned char dh_test_2048_priv_key[] = { ++ 0x0C, 0x4B, 0x30, 0x89, 0xD1, 0xB8, 0x62, 0xCB, 0x3C, 0x43, 0x64, 0x91, ++ 0xF0, 0x91, 0x54, 0x70, 0xC5, 0x27, 0x96, 0xE3, 0xAC, 0xBE, 0xE8, 0x00, ++ 0xEC, 0x55, 0xF6, 0xCC ++}; ++ ++int FIPS_selftest_dh() ++{ ++ DH *dh = NULL; ++ int ret = 0; ++ void *pub_key_bin = NULL; ++ int len; ++ BIGNUM *p = NULL, *g = NULL, *priv_key = NULL, *tmp_pub_key = NULL; ++ const BIGNUM *pub_key; ++ ++ fips_load_key_component(p, dh_test_2048); ++ fips_load_key_component(g, dh_test_2048); ++ /* note that the private key is much shorter than normally used ++ * but still g ** priv_key > p ++ */ ++ fips_load_key_component(priv_key, dh_test_2048); ++ if ((tmp_pub_key = BN_new()) == NULL) ++ goto err; ++ ++ dh = DH_new(); ++ ++ if (dh == NULL) ++ goto err; ++ ++ DH_set0_pqg(dh, p, NULL, g); ++ DH_set0_key(dh, tmp_pub_key, priv_key); ++ ++ if (DH_generate_key(dh) <= 0) ++ goto err; ++ ++ DH_get0_key(dh, &pub_key, NULL); ++ ++ if (pub_key == NULL) ++ goto err; ++ ++ len = BN_num_bytes(pub_key); ++ if ((pub_key_bin = OPENSSL_malloc(len)) == NULL) ++ goto err; ++ BN_bn2bin(pub_key, pub_key_bin); ++ ++ if (len != sizeof(dh_test_2048_pub_key) || ++ memcmp(pub_key_bin, dh_test_2048_pub_key, len) != 0) ++ goto err; ++ ++ ret = 1; ++ ++ err: ++ if (dh) ++ DH_free(dh); ++ else { ++ BN_free(p); ++ BN_free(g); ++ BN_free(priv_key); ++ BN_free(tmp_pub_key); ++ } ++ ++ OPENSSL_free(pub_key_bin); ++ return ret; ++} ++#endif +diff -up openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c +--- openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c.fips 2019-02-28 11:30:06.811745577 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c 2019-02-28 11:30:06.811745577 +0100 +@@ -0,0 +1,406 @@ ++/* fips/rand/fips_drbg_ctr.c */ ++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include "fips_rand_lcl.h" ++ ++static void inc_128(DRBG_CTR_CTX * cctx) ++{ ++ int i; ++ unsigned char c; ++ unsigned char *p = cctx->V + 15; ++ for (i = 0; i < 16; i++) { ++ c = *p; ++ c++; ++ *p = c; ++ if (c) ++ return; ++ p--; ++ } ++} ++ ++static void ctr_XOR(DRBG_CTR_CTX * cctx, const unsigned char *in, ++ size_t inlen) ++{ ++ size_t i, n; ++ /* Any zero padding will have no effect on the result as we ++ * are XORing. So just process however much input we have. ++ */ ++ ++ if (!in || !inlen) ++ return; ++ ++ if (inlen < cctx->keylen) ++ n = inlen; ++ else ++ n = cctx->keylen; ++ ++ for (i = 0; i < n; i++) ++ cctx->K[i] ^= in[i]; ++ if (inlen <= cctx->keylen) ++ return; ++ ++ n = inlen - cctx->keylen; ++ /* Should never happen */ ++ if (n > 16) ++ n = 16; ++ for (i = 0; i < 16; i++) ++ cctx->V[i] ^= in[i + cctx->keylen]; ++} ++ ++/* Process a complete block using BCC algorithm of SPP 800-90 10.4.3 */ ++ ++static void ctr_BCC_block(DRBG_CTR_CTX * cctx, unsigned char *out, ++ const unsigned char *in) ++{ ++ int i; ++ for (i = 0; i < 16; i++) ++ out[i] ^= in[i]; ++ AES_encrypt(out, out, &cctx->df_ks); ++#if 0 ++ fprintf(stderr, "BCC in+out\n"); ++ BIO_dump_fp(stderr, in, 16); ++ BIO_dump_fp(stderr, out, 16); ++#endif ++} ++ ++/* Handle several BCC operations for as much data as we need for K and X */ ++static void ctr_BCC_blocks(DRBG_CTR_CTX * cctx, const unsigned char *in) ++{ ++ ctr_BCC_block(cctx, cctx->KX, in); ++ ctr_BCC_block(cctx, cctx->KX + 16, in); ++ if (cctx->keylen != 16) ++ ctr_BCC_block(cctx, cctx->KX + 32, in); ++} ++ ++/* Initialise BCC blocks: these have the value 0,1,2 in leftmost positions: ++ * see 10.4.2 stage 7. ++ */ ++static void ctr_BCC_init(DRBG_CTR_CTX * cctx) ++{ ++ memset(cctx->KX, 0, 48); ++ memset(cctx->bltmp, 0, 16); ++ ctr_BCC_block(cctx, cctx->KX, cctx->bltmp); ++ cctx->bltmp[3] = 1; ++ ctr_BCC_block(cctx, cctx->KX + 16, cctx->bltmp); ++ if (cctx->keylen != 16) { ++ cctx->bltmp[3] = 2; ++ ctr_BCC_block(cctx, cctx->KX + 32, cctx->bltmp); ++ } ++} ++ ++/* Process several blocks into BCC algorithm, some possibly partial */ ++static void ctr_BCC_update(DRBG_CTR_CTX * cctx, ++ const unsigned char *in, size_t inlen) ++{ ++ if (!in || !inlen) ++ return; ++ /* If we have partial block handle it first */ ++ if (cctx->bltmp_pos) { ++ size_t left = 16 - cctx->bltmp_pos; ++ /* If we now have a complete block process it */ ++ if (inlen >= left) { ++ memcpy(cctx->bltmp + cctx->bltmp_pos, in, left); ++ ctr_BCC_blocks(cctx, cctx->bltmp); ++ cctx->bltmp_pos = 0; ++ inlen -= left; ++ in += left; ++ } ++ } ++ /* Process zero or more complete blocks */ ++ while (inlen >= 16) { ++ ctr_BCC_blocks(cctx, in); ++ in += 16; ++ inlen -= 16; ++ } ++ /* Copy any remaining partial block to the temporary buffer */ ++ if (inlen > 0) { ++ memcpy(cctx->bltmp + cctx->bltmp_pos, in, inlen); ++ cctx->bltmp_pos += inlen; ++ } ++} ++ ++static void ctr_BCC_final(DRBG_CTR_CTX * cctx) ++{ ++ if (cctx->bltmp_pos) { ++ memset(cctx->bltmp + cctx->bltmp_pos, 0, 16 - cctx->bltmp_pos); ++ ctr_BCC_blocks(cctx, cctx->bltmp); ++ } ++} ++ ++static void ctr_df(DRBG_CTR_CTX * cctx, ++ const unsigned char *in1, size_t in1len, ++ const unsigned char *in2, size_t in2len, ++ const unsigned char *in3, size_t in3len) ++{ ++ size_t inlen; ++ unsigned char *p = cctx->bltmp; ++ static unsigned char c80 = 0x80; ++ ++ ctr_BCC_init(cctx); ++ if (!in1) ++ in1len = 0; ++ if (!in2) ++ in2len = 0; ++ if (!in3) ++ in3len = 0; ++ inlen = in1len + in2len + in3len; ++ /* Initialise L||N in temporary block */ ++ *p++ = (inlen >> 24) & 0xff; ++ *p++ = (inlen >> 16) & 0xff; ++ *p++ = (inlen >> 8) & 0xff; ++ *p++ = inlen & 0xff; ++ /* NB keylen is at most 32 bytes */ ++ *p++ = 0; ++ *p++ = 0; ++ *p++ = 0; ++ *p = (unsigned char)((cctx->keylen + 16) & 0xff); ++ cctx->bltmp_pos = 8; ++ ctr_BCC_update(cctx, in1, in1len); ++ ctr_BCC_update(cctx, in2, in2len); ++ ctr_BCC_update(cctx, in3, in3len); ++ ctr_BCC_update(cctx, &c80, 1); ++ ctr_BCC_final(cctx); ++ /* Set up key K */ ++ AES_set_encrypt_key(cctx->KX, cctx->keylen * 8, &cctx->df_kxks); ++ /* X follows key K */ ++ AES_encrypt(cctx->KX + cctx->keylen, cctx->KX, &cctx->df_kxks); ++ AES_encrypt(cctx->KX, cctx->KX + 16, &cctx->df_kxks); ++ if (cctx->keylen != 16) ++ AES_encrypt(cctx->KX + 16, cctx->KX + 32, &cctx->df_kxks); ++#if 0 ++ fprintf(stderr, "Output of ctr_df:\n"); ++ BIO_dump_fp(stderr, cctx->KX, cctx->keylen + 16); ++#endif ++} ++ ++/* NB the no-df Update in SP800-90 specifies a constant input length ++ * of seedlen, however other uses of this algorithm pad the input with ++ * zeroes if necessary and have up to two parameters XORed together, ++ * handle both cases in this function instead. ++ */ ++ ++static void ctr_Update(DRBG_CTX *dctx, ++ const unsigned char *in1, size_t in1len, ++ const unsigned char *in2, size_t in2len, ++ const unsigned char *nonce, size_t noncelen) ++{ ++ DRBG_CTR_CTX *cctx = &dctx->d.ctr; ++ /* ks is already setup for correct key */ ++ inc_128(cctx); ++ AES_encrypt(cctx->V, cctx->K, &cctx->ks); ++ /* If keylen longer than 128 bits need extra encrypt */ ++ if (cctx->keylen != 16) { ++ inc_128(cctx); ++ AES_encrypt(cctx->V, cctx->K + 16, &cctx->ks); ++ } ++ inc_128(cctx); ++ AES_encrypt(cctx->V, cctx->V, &cctx->ks); ++ /* If 192 bit key part of V is on end of K */ ++ if (cctx->keylen == 24) { ++ memcpy(cctx->V + 8, cctx->V, 8); ++ memcpy(cctx->V, cctx->K + 24, 8); ++ } ++ ++ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) { ++ /* If no input reuse existing derived value */ ++ if (in1 || nonce || in2) ++ ctr_df(cctx, in1, in1len, nonce, noncelen, in2, in2len); ++ /* If this a reuse input in1len != 0 */ ++ if (in1len) ++ ctr_XOR(cctx, cctx->KX, dctx->seedlen); ++ } else { ++ ctr_XOR(cctx, in1, in1len); ++ ctr_XOR(cctx, in2, in2len); ++ } ++ ++ AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks); ++#if 0 ++ fprintf(stderr, "K+V after update is:\n"); ++ BIO_dump_fp(stderr, cctx->K, cctx->keylen); ++ BIO_dump_fp(stderr, cctx->V, 16); ++#endif ++} ++ ++static int drbg_ctr_instantiate(DRBG_CTX *dctx, ++ const unsigned char *ent, size_t entlen, ++ const unsigned char *nonce, size_t noncelen, ++ const unsigned char *pers, size_t perslen) ++{ ++ DRBG_CTR_CTX *cctx = &dctx->d.ctr; ++ memset(cctx->K, 0, sizeof(cctx->K)); ++ memset(cctx->V, 0, sizeof(cctx->V)); ++ AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks); ++ ctr_Update(dctx, ent, entlen, pers, perslen, nonce, noncelen); ++ return 1; ++} ++ ++static int drbg_ctr_reseed(DRBG_CTX *dctx, ++ const unsigned char *ent, size_t entlen, ++ const unsigned char *adin, size_t adinlen) ++{ ++ ctr_Update(dctx, ent, entlen, adin, adinlen, NULL, 0); ++ return 1; ++} ++ ++static int drbg_ctr_generate(DRBG_CTX *dctx, ++ unsigned char *out, size_t outlen, ++ const unsigned char *adin, size_t adinlen) ++{ ++ DRBG_CTR_CTX *cctx = &dctx->d.ctr; ++ if (adin && adinlen) { ++ ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0); ++ /* This means we reuse derived value */ ++ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) { ++ adin = NULL; ++ adinlen = 1; ++ } ++ } else ++ adinlen = 0; ++ ++ for (;;) { ++ inc_128(cctx); ++ if (outlen < 16) { ++ /* Use K as temp space as it will be updated */ ++ AES_encrypt(cctx->V, cctx->K, &cctx->ks); ++ memcpy(out, cctx->K, outlen); ++ break; ++ } ++ AES_encrypt(cctx->V, out, &cctx->ks); ++ out += 16; ++ outlen -= 16; ++ if (outlen == 0) ++ break; ++ } ++ ++ ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0); ++ ++ return 1; ++ ++} ++ ++static int drbg_ctr_uninstantiate(DRBG_CTX *dctx) ++{ ++ memset(&dctx->d.ctr, 0, sizeof(DRBG_CTR_CTX)); ++ return 1; ++} ++ ++int fips_drbg_ctr_init(DRBG_CTX *dctx) ++{ ++ DRBG_CTR_CTX *cctx = &dctx->d.ctr; ++ ++ size_t keylen; ++ ++ switch (dctx->type) { ++ case NID_aes_128_ctr: ++ keylen = 16; ++ break; ++ ++ case NID_aes_192_ctr: ++ keylen = 24; ++ break; ++ ++ case NID_aes_256_ctr: ++ keylen = 32; ++ break; ++ ++ default: ++ return -2; ++ } ++ ++ dctx->instantiate = drbg_ctr_instantiate; ++ dctx->reseed = drbg_ctr_reseed; ++ dctx->generate = drbg_ctr_generate; ++ dctx->uninstantiate = drbg_ctr_uninstantiate; ++ ++ cctx->keylen = keylen; ++ dctx->strength = keylen * 8; ++ dctx->blocklength = 16; ++ dctx->seedlen = keylen + 16; ++ ++ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) { ++ /* df initialisation */ ++ static unsigned char df_key[32] = { ++ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, ++ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, ++ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, ++ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f ++ }; ++ /* Set key schedule for df_key */ ++ AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks); ++ ++ dctx->min_entropy = cctx->keylen; ++ dctx->max_entropy = DRBG_MAX_LENGTH; ++ dctx->min_nonce = dctx->min_entropy / 2; ++ dctx->max_nonce = DRBG_MAX_LENGTH; ++ dctx->max_pers = DRBG_MAX_LENGTH; ++ dctx->max_adin = DRBG_MAX_LENGTH; ++ } else { ++ dctx->min_entropy = dctx->seedlen; ++ dctx->max_entropy = dctx->seedlen; ++ /* Nonce not used */ ++ dctx->min_nonce = 0; ++ dctx->max_nonce = 0; ++ dctx->max_pers = dctx->seedlen; ++ dctx->max_adin = dctx->seedlen; ++ } ++ ++ dctx->max_request = 1 << 16; ++ dctx->reseed_interval = 1 << 24; ++ ++ return 1; ++} +diff -up openssl-1.1.1b/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_hash.c +--- openssl-1.1.1b/crypto/fips/fips_drbg_hash.c.fips 2019-02-28 11:30:06.811745577 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_drbg_hash.c 2019-02-28 11:30:06.811745577 +0100 +@@ -0,0 +1,354 @@ ++/* fips/rand/fips_drbg_hash.c */ ++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#define OPENSSL_FIPSAPI ++ ++#include ++#include ++#include ++#include ++#include "internal/fips_int.h" ++#include ++#include "fips_rand_lcl.h" ++ ++/* This is Hash_df from SP 800-90 10.4.1 */ ++ ++static int hash_df(DRBG_CTX *dctx, unsigned char *out, ++ const unsigned char *in1, size_t in1len, ++ const unsigned char *in2, size_t in2len, ++ const unsigned char *in3, size_t in3len, ++ const unsigned char *in4, size_t in4len) ++{ ++ EVP_MD_CTX *mctx = dctx->d.hash.mctx; ++ unsigned char *vtmp = dctx->d.hash.vtmp; ++ unsigned char tmp[6]; ++ /* Standard only ever needs seedlen bytes which is always less than ++ * maximum permitted so no need to check length. ++ */ ++ size_t outlen = dctx->seedlen; ++ tmp[0] = 1; ++ tmp[1] = ((outlen * 8) >> 24) & 0xff; ++ tmp[2] = ((outlen * 8) >> 16) & 0xff; ++ tmp[3] = ((outlen * 8) >> 8) & 0xff; ++ tmp[4] = (outlen * 8) & 0xff; ++ if (!in1) { ++ tmp[5] = (unsigned char)in1len; ++ in1 = tmp + 5; ++ in1len = 1; ++ } ++ for (;;) { ++ if (!FIPS_digestinit(mctx, dctx->d.hash.md)) ++ return 0; ++ if (!FIPS_digestupdate(mctx, tmp, 5)) ++ return 0; ++ if (in1 && !FIPS_digestupdate(mctx, in1, in1len)) ++ return 0; ++ if (in2 && !FIPS_digestupdate(mctx, in2, in2len)) ++ return 0; ++ if (in3 && !FIPS_digestupdate(mctx, in3, in3len)) ++ return 0; ++ if (in4 && !FIPS_digestupdate(mctx, in4, in4len)) ++ return 0; ++ if (outlen < dctx->blocklength) { ++ if (!FIPS_digestfinal(mctx, vtmp, NULL)) ++ return 0; ++ memcpy(out, vtmp, outlen); ++ OPENSSL_cleanse(vtmp, dctx->blocklength); ++ return 1; ++ } else if (!FIPS_digestfinal(mctx, out, NULL)) ++ return 0; ++ ++ outlen -= dctx->blocklength; ++ if (outlen == 0) ++ return 1; ++ tmp[0]++; ++ out += dctx->blocklength; ++ } ++} ++ ++/* Add an unsigned buffer to the buf value, storing the result in buf. For ++ * this algorithm the length of input never exceeds the seed length. ++ */ ++ ++static void ctx_add_buf(DRBG_CTX *dctx, unsigned char *buf, ++ unsigned char *in, size_t inlen) ++{ ++ size_t i = inlen; ++ const unsigned char *q; ++ unsigned char c, *p; ++ p = buf + dctx->seedlen; ++ q = in + inlen; ++ ++ OPENSSL_assert(i <= dctx->seedlen); ++ ++ /* Special case: zero length, just increment buffer */ ++ if (i) ++ c = 0; ++ else ++ c = 1; ++ ++ while (i) { ++ int r; ++ p--; ++ q--; ++ r = *p + *q + c; ++ /* Carry */ ++ if (r > 0xff) ++ c = 1; ++ else ++ c = 0; ++ *p = r & 0xff; ++ i--; ++ } ++ ++ i = dctx->seedlen - inlen; ++ ++ /* If not adding whole buffer handle final carries */ ++ if (c && i) { ++ do { ++ p--; ++ c = *p; ++ c++; ++ *p = c; ++ if (c) ++ return; ++ } while (i--); ++ } ++} ++ ++/* Finalise and add hash to V */ ++ ++static int ctx_add_md(DRBG_CTX *dctx) ++{ ++ if (!FIPS_digestfinal(dctx->d.hash.mctx, dctx->d.hash.vtmp, NULL)) ++ return 0; ++ ctx_add_buf(dctx, dctx->d.hash.V, dctx->d.hash.vtmp, dctx->blocklength); ++ return 1; ++} ++ ++static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen) ++{ ++ DRBG_HASH_CTX *hctx = &dctx->d.hash; ++ if (outlen == 0) ++ return 1; ++ memcpy(hctx->vtmp, hctx->V, dctx->seedlen); ++ for (;;) { ++ FIPS_digestinit(hctx->mctx, hctx->md); ++ FIPS_digestupdate(hctx->mctx, hctx->vtmp, dctx->seedlen); ++ if (outlen < dctx->blocklength) { ++ FIPS_digestfinal(hctx->mctx, hctx->vtmp, NULL); ++ memcpy(out, hctx->vtmp, outlen); ++ return 1; ++ } else { ++ FIPS_digestfinal(hctx->mctx, out, NULL); ++ outlen -= dctx->blocklength; ++ if (outlen == 0) ++ return 1; ++ out += dctx->blocklength; ++ } ++ ctx_add_buf(dctx, hctx->vtmp, NULL, 0); ++ } ++} ++ ++static int drbg_hash_instantiate(DRBG_CTX *dctx, ++ const unsigned char *ent, size_t ent_len, ++ const unsigned char *nonce, size_t nonce_len, ++ const unsigned char *pstr, size_t pstr_len) ++{ ++ DRBG_HASH_CTX *hctx = &dctx->d.hash; ++ if (!hash_df(dctx, hctx->V, ++ ent, ent_len, nonce, nonce_len, pstr, pstr_len, NULL, 0)) ++ return 0; ++ if (!hash_df(dctx, hctx->C, ++ NULL, 0, hctx->V, dctx->seedlen, NULL, 0, NULL, 0)) ++ return 0; ++ ++#ifdef HASH_DRBG_TRACE ++ fprintf(stderr, "V+C after instantiate:\n"); ++ hexprint(stderr, hctx->V, dctx->seedlen); ++ hexprint(stderr, hctx->C, dctx->seedlen); ++#endif ++ return 1; ++} ++ ++static int drbg_hash_reseed(DRBG_CTX *dctx, ++ const unsigned char *ent, size_t ent_len, ++ const unsigned char *adin, size_t adin_len) ++{ ++ DRBG_HASH_CTX *hctx = &dctx->d.hash; ++ /* V about to be updated so use C as output instead */ ++ if (!hash_df(dctx, hctx->C, ++ NULL, 1, hctx->V, dctx->seedlen, ++ ent, ent_len, adin, adin_len)) ++ return 0; ++ memcpy(hctx->V, hctx->C, dctx->seedlen); ++ if (!hash_df(dctx, hctx->C, NULL, 0, ++ hctx->V, dctx->seedlen, NULL, 0, NULL, 0)) ++ return 0; ++#ifdef HASH_DRBG_TRACE ++ fprintf(stderr, "V+C after reseed:\n"); ++ hexprint(stderr, hctx->V, dctx->seedlen); ++ hexprint(stderr, hctx->C, dctx->seedlen); ++#endif ++ return 1; ++} ++ ++static int drbg_hash_generate(DRBG_CTX *dctx, ++ unsigned char *out, size_t outlen, ++ const unsigned char *adin, size_t adin_len) ++{ ++ DRBG_HASH_CTX *hctx = &dctx->d.hash; ++ EVP_MD_CTX *mctx = hctx->mctx; ++ unsigned char tmp[4]; ++ if (adin && adin_len) { ++ tmp[0] = 2; ++ if (!FIPS_digestinit(mctx, hctx->md)) ++ return 0; ++ if (!EVP_DigestUpdate(mctx, tmp, 1)) ++ return 0; ++ if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen)) ++ return 0; ++ if (!EVP_DigestUpdate(mctx, adin, adin_len)) ++ return 0; ++ if (!ctx_add_md(dctx)) ++ return 0; ++ } ++ if (!hash_gen(dctx, out, outlen)) ++ return 0; ++ ++ tmp[0] = 3; ++ if (!FIPS_digestinit(mctx, hctx->md)) ++ return 0; ++ if (!EVP_DigestUpdate(mctx, tmp, 1)) ++ return 0; ++ if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen)) ++ return 0; ++ ++ if (!ctx_add_md(dctx)) ++ return 0; ++ ++ ctx_add_buf(dctx, hctx->V, hctx->C, dctx->seedlen); ++ ++ tmp[0] = (dctx->reseed_counter >> 24) & 0xff; ++ tmp[1] = (dctx->reseed_counter >> 16) & 0xff; ++ tmp[2] = (dctx->reseed_counter >> 8) & 0xff; ++ tmp[3] = dctx->reseed_counter & 0xff; ++ ctx_add_buf(dctx, hctx->V, tmp, 4); ++#ifdef HASH_DRBG_TRACE ++ fprintf(stderr, "V+C after generate:\n"); ++ hexprint(stderr, hctx->V, dctx->seedlen); ++ hexprint(stderr, hctx->C, dctx->seedlen); ++#endif ++ return 1; ++} ++ ++static int drbg_hash_uninstantiate(DRBG_CTX *dctx) ++{ ++ EVP_MD_CTX_free(dctx->d.hash.mctx); ++ OPENSSL_cleanse(&dctx->d.hash, sizeof(DRBG_HASH_CTX)); ++ return 1; ++} ++ ++int fips_drbg_hash_init(DRBG_CTX *dctx) ++{ ++ const EVP_MD *md; ++ DRBG_HASH_CTX *hctx = &dctx->d.hash; ++ md = EVP_get_digestbynid(dctx->type); ++ if (!md) ++ return -2; ++ switch (dctx->type) { ++ case NID_sha1: ++ dctx->strength = 128; ++ break; ++ ++ case NID_sha224: ++ dctx->strength = 192; ++ break; ++ ++ default: ++ dctx->strength = 256; ++ break; ++ } ++ ++ dctx->instantiate = drbg_hash_instantiate; ++ dctx->reseed = drbg_hash_reseed; ++ dctx->generate = drbg_hash_generate; ++ dctx->uninstantiate = drbg_hash_uninstantiate; ++ ++ dctx->d.hash.md = md; ++ hctx->mctx = EVP_MD_CTX_new(); ++ if (hctx->mctx == NULL) ++ return -1; ++ ++ /* These are taken from SP 800-90 10.1 table 2 */ ++ ++ dctx->blocklength = EVP_MD_size(md); ++ if (dctx->blocklength > 32) ++ dctx->seedlen = 111; ++ else ++ dctx->seedlen = 55; ++ ++ dctx->min_entropy = dctx->strength / 8; ++ dctx->max_entropy = DRBG_MAX_LENGTH; ++ ++ dctx->min_nonce = dctx->min_entropy / 2; ++ dctx->max_nonce = DRBG_MAX_LENGTH; ++ ++ dctx->max_pers = DRBG_MAX_LENGTH; ++ dctx->max_adin = DRBG_MAX_LENGTH; ++ ++ dctx->max_request = 1 << 16; ++ dctx->reseed_interval = 1 << 24; ++ ++ return 1; ++} +diff -up openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c +--- openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c.fips 2019-02-28 11:30:06.811745577 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c 2019-02-28 11:30:06.811745577 +0100 +@@ -0,0 +1,262 @@ ++/* fips/rand/fips_drbg_hmac.c */ ++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "fips_rand_lcl.h" ++ ++static int drbg_hmac_update(DRBG_CTX *dctx, ++ const unsigned char *in1, size_t in1len, ++ const unsigned char *in2, size_t in2len, ++ const unsigned char *in3, size_t in3len) ++{ ++ static unsigned char c0 = 0, c1 = 1; ++ DRBG_HMAC_CTX *hmac = &dctx->d.hmac; ++ HMAC_CTX *hctx = hmac->hctx; ++ ++ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL)) ++ return 0; ++ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength)) ++ return 0; ++ if (!HMAC_Update(hctx, &c0, 1)) ++ return 0; ++ if (in1len && !HMAC_Update(hctx, in1, in1len)) ++ return 0; ++ if (in2len && !HMAC_Update(hctx, in2, in2len)) ++ return 0; ++ if (in3len && !HMAC_Update(hctx, in3, in3len)) ++ return 0; ++ ++ if (!HMAC_Final(hctx, hmac->K, NULL)) ++ return 0; ++ ++ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL)) ++ return 0; ++ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength)) ++ return 0; ++ ++ if (!HMAC_Final(hctx, hmac->V, NULL)) ++ return 0; ++ ++ if (!in1len && !in2len && !in3len) ++ return 1; ++ ++ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL)) ++ return 0; ++ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength)) ++ return 0; ++ if (!HMAC_Update(hctx, &c1, 1)) ++ return 0; ++ if (in1len && !HMAC_Update(hctx, in1, in1len)) ++ return 0; ++ if (in2len && !HMAC_Update(hctx, in2, in2len)) ++ return 0; ++ if (in3len && !HMAC_Update(hctx, in3, in3len)) ++ return 0; ++ ++ if (!HMAC_Final(hctx, hmac->K, NULL)) ++ return 0; ++ ++ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL)) ++ return 0; ++ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength)) ++ return 0; ++ ++ if (!HMAC_Final(hctx, hmac->V, NULL)) ++ return 0; ++ ++ return 1; ++ ++} ++ ++static int drbg_hmac_instantiate(DRBG_CTX *dctx, ++ const unsigned char *ent, size_t ent_len, ++ const unsigned char *nonce, size_t nonce_len, ++ const unsigned char *pstr, size_t pstr_len) ++{ ++ DRBG_HMAC_CTX *hmac = &dctx->d.hmac; ++ memset(hmac->K, 0, dctx->blocklength); ++ memset(hmac->V, 1, dctx->blocklength); ++ if (!drbg_hmac_update(dctx, ++ ent, ent_len, nonce, nonce_len, pstr, pstr_len)) ++ return 0; ++ ++#ifdef HMAC_DRBG_TRACE ++ fprintf(stderr, "K+V after instantiate:\n"); ++ hexprint(stderr, hmac->K, hmac->blocklength); ++ hexprint(stderr, hmac->V, hmac->blocklength); ++#endif ++ return 1; ++} ++ ++static int drbg_hmac_reseed(DRBG_CTX *dctx, ++ const unsigned char *ent, size_t ent_len, ++ const unsigned char *adin, size_t adin_len) ++{ ++ if (!drbg_hmac_update(dctx, ent, ent_len, adin, adin_len, NULL, 0)) ++ return 0; ++ ++#ifdef HMAC_DRBG_TRACE ++ { ++ DRBG_HMAC_CTX *hmac = &dctx->d.hmac; ++ fprintf(stderr, "K+V after reseed:\n"); ++ hexprint(stderr, hmac->K, hmac->blocklength); ++ hexprint(stderr, hmac->V, hmac->blocklength); ++ } ++#endif ++ return 1; ++} ++ ++static int drbg_hmac_generate(DRBG_CTX *dctx, ++ unsigned char *out, size_t outlen, ++ const unsigned char *adin, size_t adin_len) ++{ ++ DRBG_HMAC_CTX *hmac = &dctx->d.hmac; ++ HMAC_CTX *hctx = hmac->hctx; ++ const unsigned char *Vtmp = hmac->V; ++ if (adin_len && !drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0)) ++ return 0; ++ for (;;) { ++ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL)) ++ return 0; ++ if (!HMAC_Update(hctx, Vtmp, dctx->blocklength)) ++ return 0; ++ if (outlen > dctx->blocklength) { ++ if (!HMAC_Final(hctx, out, NULL)) ++ return 0; ++ Vtmp = out; ++ } else { ++ if (!HMAC_Final(hctx, hmac->V, NULL)) ++ return 0; ++ memcpy(out, hmac->V, outlen); ++ break; ++ } ++ out += dctx->blocklength; ++ outlen -= dctx->blocklength; ++ } ++ if (!drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0)) ++ return 0; ++ ++ return 1; ++} ++ ++static int drbg_hmac_uninstantiate(DRBG_CTX *dctx) ++{ ++ HMAC_CTX_free(dctx->d.hmac.hctx); ++ OPENSSL_cleanse(&dctx->d.hmac, sizeof(DRBG_HMAC_CTX)); ++ return 1; ++} ++ ++int fips_drbg_hmac_init(DRBG_CTX *dctx) ++{ ++ const EVP_MD *md = NULL; ++ DRBG_HMAC_CTX *hctx = &dctx->d.hmac; ++ dctx->strength = 256; ++ switch (dctx->type) { ++ case NID_hmacWithSHA1: ++ md = EVP_sha1(); ++ dctx->strength = 128; ++ break; ++ ++ case NID_hmacWithSHA224: ++ md = EVP_sha224(); ++ dctx->strength = 192; ++ break; ++ ++ case NID_hmacWithSHA256: ++ md = EVP_sha256(); ++ break; ++ ++ case NID_hmacWithSHA384: ++ md = EVP_sha384(); ++ break; ++ ++ case NID_hmacWithSHA512: ++ md = EVP_sha512(); ++ break; ++ ++ default: ++ dctx->strength = 0; ++ return -2; ++ } ++ dctx->instantiate = drbg_hmac_instantiate; ++ dctx->reseed = drbg_hmac_reseed; ++ dctx->generate = drbg_hmac_generate; ++ dctx->uninstantiate = drbg_hmac_uninstantiate; ++ hctx->hctx = HMAC_CTX_new(); ++ if (hctx->hctx == NULL) ++ return -1; ++ hctx->md = md; ++ dctx->blocklength = M_EVP_MD_size(md); ++ dctx->seedlen = M_EVP_MD_size(md); ++ ++ dctx->min_entropy = dctx->strength / 8; ++ dctx->max_entropy = DRBG_MAX_LENGTH; ++ ++ dctx->min_nonce = dctx->min_entropy / 2; ++ dctx->max_nonce = DRBG_MAX_LENGTH; ++ ++ dctx->max_pers = DRBG_MAX_LENGTH; ++ dctx->max_adin = DRBG_MAX_LENGTH; ++ ++ dctx->max_request = 1 << 16; ++ dctx->reseed_interval = 1 << 24; ++ ++ return 1; ++} +diff -up openssl-1.1.1b/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_lib.c +--- openssl-1.1.1b/crypto/fips/fips_drbg_lib.c.fips 2019-02-28 11:30:06.812745558 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_drbg_lib.c 2019-02-28 11:30:06.812745558 +0100 +@@ -0,0 +1,528 @@ ++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#include ++#include ++#include ++#include ++#include "internal/fips_int.h" ++#include ++#include "fips_locl.h" ++#include "fips_rand_lcl.h" ++ ++/* Support framework for SP800-90 DRBGs */ ++ ++int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags) ++{ ++ int rv; ++ memset(dctx, 0, sizeof(DRBG_CTX)); ++ dctx->status = DRBG_STATUS_UNINITIALISED; ++ dctx->xflags = flags; ++ dctx->type = type; ++ ++ dctx->iflags = 0; ++ dctx->entropy_blocklen = 0; ++ dctx->health_check_cnt = 0; ++ dctx->health_check_interval = DRBG_HEALTH_INTERVAL; ++ ++ rv = fips_drbg_hash_init(dctx); ++ ++ if (rv == -2) ++ rv = fips_drbg_ctr_init(dctx); ++ if (rv == -2) ++ rv = fips_drbg_hmac_init(dctx); ++ ++ if (rv <= 0) { ++ if (rv == -2) ++ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_UNSUPPORTED_DRBG_TYPE); ++ else ++ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_ERROR_INITIALISING_DRBG); ++ } ++ ++ /* If not in test mode run selftests on DRBG of the same type */ ++ ++ if (!(dctx->xflags & DRBG_FLAG_TEST)) { ++ if (!FIPS_drbg_health_check(dctx)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE); ++ return 0; ++ } ++ } ++ ++ return rv; ++} ++ ++DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags) ++{ ++ DRBG_CTX *dctx; ++ dctx = OPENSSL_malloc(sizeof(DRBG_CTX)); ++ if (!dctx) { ++ FIPSerr(FIPS_F_FIPS_DRBG_NEW, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ if (type == 0) { ++ memset(dctx, 0, sizeof(DRBG_CTX)); ++ dctx->type = 0; ++ dctx->status = DRBG_STATUS_UNINITIALISED; ++ return dctx; ++ } ++ ++ if (FIPS_drbg_init(dctx, type, flags) <= 0) { ++ OPENSSL_free(dctx); ++ return NULL; ++ } ++ ++ return dctx; ++} ++ ++void FIPS_drbg_free(DRBG_CTX *dctx) ++{ ++ if (dctx->uninstantiate) ++ dctx->uninstantiate(dctx); ++ /* Don't free up default DRBG */ ++ if (dctx == FIPS_get_default_drbg()) { ++ memset(dctx, 0, sizeof(DRBG_CTX)); ++ dctx->type = 0; ++ dctx->status = DRBG_STATUS_UNINITIALISED; ++ } else { ++ OPENSSL_cleanse(&dctx->d, sizeof(dctx->d)); ++ OPENSSL_free(dctx); ++ } ++} ++ ++static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout, ++ int entropy, size_t min_len, size_t max_len) ++{ ++ unsigned char *tout, *p; ++ size_t bl = dctx->entropy_blocklen, rv; ++ if (!dctx->get_entropy) ++ return 0; ++ if (dctx->xflags & DRBG_FLAG_TEST || !bl) ++ return dctx->get_entropy(dctx, pout, entropy, min_len, max_len); ++ rv = dctx->get_entropy(dctx, &tout, entropy + bl, ++ min_len + bl, max_len + bl); ++ if (tout == NULL) ++ return 0; ++ *pout = tout + bl; ++ if (rv < (min_len + bl) || (rv % bl)) ++ return 0; ++ /* Compare consecutive blocks for continuous PRNG test */ ++ for (p = tout; p < tout + rv - bl; p += bl) { ++ if (!memcmp(p, p + bl, bl)) { ++ FIPSerr(FIPS_F_FIPS_GET_ENTROPY, FIPS_R_ENTROPY_SOURCE_STUCK); ++ return 0; ++ } ++ } ++ rv -= bl; ++ if (rv > max_len) ++ return max_len; ++ return rv; ++} ++ ++static void fips_cleanup_entropy(DRBG_CTX *dctx, ++ unsigned char *out, size_t olen) ++{ ++ size_t bl; ++ if (dctx->xflags & DRBG_FLAG_TEST) ++ bl = 0; ++ else ++ bl = dctx->entropy_blocklen; ++ /* Call cleanup with original arguments */ ++ dctx->cleanup_entropy(dctx, out - bl, olen + bl); ++} ++ ++int FIPS_drbg_instantiate(DRBG_CTX *dctx, ++ const unsigned char *pers, size_t perslen) ++{ ++ size_t entlen = 0, noncelen = 0; ++ unsigned char *nonce = NULL, *entropy = NULL; ++ ++#if 0 ++ /* Put here so error script picks them up */ ++ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, ++ FIPS_R_PERSONALISATION_STRING_TOO_LONG); ++ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_IN_ERROR_STATE); ++ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ALREADY_INSTANTIATED); ++ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY); ++ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE); ++ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR); ++ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED); ++#endif ++ ++ int r = 0; ++ ++ if (perslen > dctx->max_pers) { ++ r = FIPS_R_PERSONALISATION_STRING_TOO_LONG; ++ goto end; ++ } ++ ++ if (!dctx->instantiate) { ++ r = FIPS_R_DRBG_NOT_INITIALISED; ++ goto end; ++ } ++ ++ if (dctx->status != DRBG_STATUS_UNINITIALISED) { ++ if (dctx->status == DRBG_STATUS_ERROR) ++ r = FIPS_R_IN_ERROR_STATE; ++ else ++ r = FIPS_R_ALREADY_INSTANTIATED; ++ goto end; ++ } ++ ++ dctx->status = DRBG_STATUS_ERROR; ++ ++ entlen = fips_get_entropy(dctx, &entropy, dctx->strength, ++ dctx->min_entropy, dctx->max_entropy); ++ ++ if (entlen < dctx->min_entropy || entlen > dctx->max_entropy) { ++ r = FIPS_R_ERROR_RETRIEVING_ENTROPY; ++ goto end; ++ } ++ ++ if (dctx->max_nonce > 0 && dctx->get_nonce) { ++ noncelen = dctx->get_nonce(dctx, &nonce, ++ dctx->strength / 2, ++ dctx->min_nonce, dctx->max_nonce); ++ ++ if (noncelen < dctx->min_nonce || noncelen > dctx->max_nonce) { ++ r = FIPS_R_ERROR_RETRIEVING_NONCE; ++ goto end; ++ } ++ ++ } ++ ++ if (!dctx->instantiate(dctx, ++ entropy, entlen, nonce, noncelen, pers, perslen)) { ++ r = FIPS_R_ERROR_INSTANTIATING_DRBG; ++ goto end; ++ } ++ ++ dctx->status = DRBG_STATUS_READY; ++ if (!(dctx->iflags & DRBG_CUSTOM_RESEED)) ++ dctx->reseed_counter = 1; ++ ++ end: ++ ++ if (entropy && dctx->cleanup_entropy) ++ fips_cleanup_entropy(dctx, entropy, entlen); ++ ++ if (nonce && dctx->cleanup_nonce) ++ dctx->cleanup_nonce(dctx, nonce, noncelen); ++ ++ if (dctx->status == DRBG_STATUS_READY) ++ return 1; ++ ++ if (r && !(dctx->iflags & DRBG_FLAG_NOERR)) ++ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, r); ++ ++ return 0; ++ ++} ++ ++static int drbg_reseed(DRBG_CTX *dctx, ++ const unsigned char *adin, size_t adinlen, int hcheck) ++{ ++ unsigned char *entropy = NULL; ++ size_t entlen = 0; ++ int r = 0; ++ ++#if 0 ++ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_NOT_INSTANTIATED); ++ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG); ++#endif ++ if (dctx->status != DRBG_STATUS_READY ++ && dctx->status != DRBG_STATUS_RESEED) { ++ if (dctx->status == DRBG_STATUS_ERROR) ++ r = FIPS_R_IN_ERROR_STATE; ++ else if (dctx->status == DRBG_STATUS_UNINITIALISED) ++ r = FIPS_R_NOT_INSTANTIATED; ++ goto end; ++ } ++ ++ if (!adin) ++ adinlen = 0; ++ else if (adinlen > dctx->max_adin) { ++ r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG; ++ goto end; ++ } ++ ++ dctx->status = DRBG_STATUS_ERROR; ++ /* Peform health check on all reseed operations if not a prediction ++ * resistance request and not in test mode. ++ */ ++ if (hcheck && !(dctx->xflags & DRBG_FLAG_TEST)) { ++ if (!FIPS_drbg_health_check(dctx)) { ++ r = FIPS_R_SELFTEST_FAILURE; ++ goto end; ++ } ++ } ++ ++ entlen = fips_get_entropy(dctx, &entropy, dctx->strength, ++ dctx->min_entropy, dctx->max_entropy); ++ ++ if (entlen < dctx->min_entropy || entlen > dctx->max_entropy) { ++ r = FIPS_R_ERROR_RETRIEVING_ENTROPY; ++ goto end; ++ } ++ ++ if (!dctx->reseed(dctx, entropy, entlen, adin, adinlen)) ++ goto end; ++ ++ dctx->status = DRBG_STATUS_READY; ++ if (!(dctx->iflags & DRBG_CUSTOM_RESEED)) ++ dctx->reseed_counter = 1; ++ end: ++ ++ if (entropy && dctx->cleanup_entropy) ++ fips_cleanup_entropy(dctx, entropy, entlen); ++ ++ if (dctx->status == DRBG_STATUS_READY) ++ return 1; ++ ++ if (r && !(dctx->iflags & DRBG_FLAG_NOERR)) ++ FIPSerr(FIPS_F_DRBG_RESEED, r); ++ ++ return 0; ++} ++ ++int FIPS_drbg_reseed(DRBG_CTX *dctx, ++ const unsigned char *adin, size_t adinlen) ++{ ++ return drbg_reseed(dctx, adin, adinlen, 1); ++} ++ ++static int fips_drbg_check(DRBG_CTX *dctx) ++{ ++ if (dctx->xflags & DRBG_FLAG_TEST) ++ return 1; ++ dctx->health_check_cnt++; ++ if (dctx->health_check_cnt >= dctx->health_check_interval) { ++ if (!FIPS_drbg_health_check(dctx)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE); ++ return 0; ++ } ++ } ++ return 1; ++} ++ ++int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen, ++ int prediction_resistance, ++ const unsigned char *adin, size_t adinlen) ++{ ++ int r = 0; ++ ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_SELFTEST_FAILED); ++ return 0; ++ } ++ ++ if (!fips_drbg_check(dctx)) ++ return 0; ++ ++ if (dctx->status != DRBG_STATUS_READY ++ && dctx->status != DRBG_STATUS_RESEED) { ++ if (dctx->status == DRBG_STATUS_ERROR) ++ r = FIPS_R_IN_ERROR_STATE; ++ else if (dctx->status == DRBG_STATUS_UNINITIALISED) ++ r = FIPS_R_NOT_INSTANTIATED; ++ goto end; ++ } ++ ++ if (outlen > dctx->max_request) { ++ r = FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG; ++ return 0; ++ } ++ ++ if (adinlen > dctx->max_adin) { ++ r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG; ++ goto end; ++ } ++ ++ if (dctx->iflags & DRBG_CUSTOM_RESEED) ++ dctx->generate(dctx, NULL, outlen, NULL, 0); ++ else if (dctx->reseed_counter >= dctx->reseed_interval) ++ dctx->status = DRBG_STATUS_RESEED; ++ ++ if (dctx->status == DRBG_STATUS_RESEED || prediction_resistance) { ++ /* If prediction resistance request don't do health check */ ++ int hcheck = prediction_resistance ? 0 : 1; ++ ++ if (!drbg_reseed(dctx, adin, adinlen, hcheck)) { ++ r = FIPS_R_RESEED_ERROR; ++ goto end; ++ } ++ adin = NULL; ++ adinlen = 0; ++ } ++ ++ if (!dctx->generate(dctx, out, outlen, adin, adinlen)) { ++ r = FIPS_R_GENERATE_ERROR; ++ dctx->status = DRBG_STATUS_ERROR; ++ goto end; ++ } ++ if (!(dctx->iflags & DRBG_CUSTOM_RESEED)) { ++ if (dctx->reseed_counter >= dctx->reseed_interval) ++ dctx->status = DRBG_STATUS_RESEED; ++ else ++ dctx->reseed_counter++; ++ } ++ ++ end: ++ if (r) { ++ if (!(dctx->iflags & DRBG_FLAG_NOERR)) ++ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, r); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++int FIPS_drbg_uninstantiate(DRBG_CTX *dctx) ++{ ++ int rv; ++ if (!dctx->uninstantiate) ++ rv = 1; ++ else ++ rv = dctx->uninstantiate(dctx); ++ /* Although we'd like to cleanse here we can't because we have to ++ * test the uninstantiate really zeroes the data. ++ */ ++ memset(&dctx->d, 0, sizeof(dctx->d)); ++ dctx->status = DRBG_STATUS_UNINITIALISED; ++ /* If method has problems uninstantiating, return error */ ++ return rv; ++} ++ ++int FIPS_drbg_set_callbacks(DRBG_CTX *dctx, ++ size_t (*get_entropy) (DRBG_CTX *ctx, ++ unsigned char **pout, ++ int entropy, ++ size_t min_len, ++ size_t max_len), ++ void (*cleanup_entropy) (DRBG_CTX *ctx, ++ unsigned char *out, ++ size_t olen), ++ size_t entropy_blocklen, ++ size_t (*get_nonce) (DRBG_CTX *ctx, ++ unsigned char **pout, ++ int entropy, size_t min_len, ++ size_t max_len), ++ void (*cleanup_nonce) (DRBG_CTX *ctx, ++ unsigned char *out, ++ size_t olen)) ++{ ++ if (dctx->status != DRBG_STATUS_UNINITIALISED) ++ return 0; ++ dctx->entropy_blocklen = entropy_blocklen; ++ dctx->get_entropy = get_entropy; ++ dctx->cleanup_entropy = cleanup_entropy; ++ dctx->get_nonce = get_nonce; ++ dctx->cleanup_nonce = cleanup_nonce; ++ return 1; ++} ++ ++int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx, ++ size_t (*get_adin) (DRBG_CTX *ctx, ++ unsigned char **pout), ++ void (*cleanup_adin) (DRBG_CTX *ctx, ++ unsigned char *out, ++ size_t olen), ++ int (*rand_seed_cb) (DRBG_CTX *ctx, ++ const void *buf, ++ int num), ++ int (*rand_add_cb) (DRBG_CTX *ctx, ++ const void *buf, int num, ++ double entropy)) ++{ ++ if (dctx->status != DRBG_STATUS_UNINITIALISED) ++ return 0; ++ dctx->get_adin = get_adin; ++ dctx->cleanup_adin = cleanup_adin; ++ dctx->rand_seed_cb = rand_seed_cb; ++ dctx->rand_add_cb = rand_add_cb; ++ return 1; ++} ++ ++void *FIPS_drbg_get_app_data(DRBG_CTX *dctx) ++{ ++ return dctx->app_data; ++} ++ ++void FIPS_drbg_set_app_data(DRBG_CTX *dctx, void *app_data) ++{ ++ dctx->app_data = app_data; ++} ++ ++size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx) ++{ ++ return dctx->blocklength; ++} ++ ++int FIPS_drbg_get_strength(DRBG_CTX *dctx) ++{ ++ return dctx->strength; ++} ++ ++void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval) ++{ ++ dctx->health_check_interval = interval; ++} ++ ++void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval) ++{ ++ dctx->reseed_interval = interval; ++} ++ ++void FIPS_drbg_stick(int onoff) ++{ ++ /* Just backwards compatibility API call with no effect. */ ++} +diff -up openssl-1.1.1b/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_rand.c +--- openssl-1.1.1b/crypto/fips/fips_drbg_rand.c.fips 2019-02-28 11:30:06.812745558 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_drbg_rand.c 2019-02-28 11:30:06.812745558 +0100 +@@ -0,0 +1,185 @@ ++/* fips/rand/fips_drbg_rand.c */ ++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#include ++#include ++#include "internal/thread_once.h" ++#include ++#include ++#include ++#include ++#include "fips_rand_lcl.h" ++ ++/* Mapping of SP800-90 DRBGs to OpenSSL RAND_METHOD */ ++ ++/* Since we only have one global PRNG used at any time in OpenSSL use a global ++ * variable to store context. ++ */ ++ ++static DRBG_CTX ossl_dctx; ++ ++static CRYPTO_RWLOCK *fips_rand_lock = NULL; ++static CRYPTO_ONCE fips_rand_lock_init = CRYPTO_ONCE_STATIC_INIT; ++ ++DEFINE_RUN_ONCE_STATIC(do_fips_rand_lock_init) ++{ ++ fips_rand_lock = CRYPTO_THREAD_lock_new(); ++ return fips_rand_lock != NULL; ++} ++ ++DRBG_CTX *FIPS_get_default_drbg(void) ++{ ++ if (!RUN_ONCE(&fips_rand_lock_init, do_fips_rand_lock_init)) ++ return NULL; ++ return &ossl_dctx; ++} ++ ++static int fips_drbg_bytes(unsigned char *out, int count) ++{ ++ DRBG_CTX *dctx = &ossl_dctx; ++ int rv = 0; ++ unsigned char *adin = NULL; ++ size_t adinlen = 0; ++ CRYPTO_THREAD_write_lock(fips_rand_lock); ++ do { ++ size_t rcnt; ++ if (count > (int)dctx->max_request) ++ rcnt = dctx->max_request; ++ else ++ rcnt = count; ++ if (dctx->get_adin) { ++ adinlen = dctx->get_adin(dctx, &adin); ++ if (adinlen && !adin) { ++ FIPSerr(FIPS_F_FIPS_DRBG_BYTES, ++ FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT); ++ goto err; ++ } ++ } ++ rv = FIPS_drbg_generate(dctx, out, rcnt, 0, adin, adinlen); ++ if (adin) { ++ if (dctx->cleanup_adin) ++ dctx->cleanup_adin(dctx, adin, adinlen); ++ adin = NULL; ++ } ++ if (!rv) ++ goto err; ++ out += rcnt; ++ count -= rcnt; ++ } ++ while (count); ++ rv = 1; ++ err: ++ CRYPTO_THREAD_unlock(fips_rand_lock); ++ return rv; ++} ++ ++static int fips_drbg_pseudo(unsigned char *out, int count) ++{ ++ if (fips_drbg_bytes(out, count) <= 0) ++ return -1; ++ return 1; ++} ++ ++static int fips_drbg_status(void) ++{ ++ DRBG_CTX *dctx = &ossl_dctx; ++ int rv; ++ CRYPTO_THREAD_read_lock(fips_rand_lock); ++ rv = dctx->status == DRBG_STATUS_READY ? 1 : 0; ++ CRYPTO_THREAD_unlock(fips_rand_lock); ++ return rv; ++} ++ ++static void fips_drbg_cleanup(void) ++{ ++ DRBG_CTX *dctx = &ossl_dctx; ++ CRYPTO_THREAD_write_lock(fips_rand_lock); ++ FIPS_drbg_uninstantiate(dctx); ++ CRYPTO_THREAD_unlock(fips_rand_lock); ++} ++ ++static int fips_drbg_seed(const void *seed, int seedlen) ++{ ++ DRBG_CTX *dctx = &ossl_dctx; ++ int ret = 1; ++ CRYPTO_THREAD_write_lock(fips_rand_lock); ++ if (dctx->rand_seed_cb) ++ ret = dctx->rand_seed_cb(dctx, seed, seedlen); ++ CRYPTO_THREAD_unlock(fips_rand_lock); ++ return ret; ++} ++ ++static int fips_drbg_add(const void *seed, int seedlen, double add_entropy) ++{ ++ DRBG_CTX *dctx = &ossl_dctx; ++ int ret = 1; ++ CRYPTO_THREAD_write_lock(fips_rand_lock); ++ if (dctx->rand_add_cb) ++ ret = dctx->rand_add_cb(dctx, seed, seedlen, add_entropy); ++ CRYPTO_THREAD_unlock(fips_rand_lock); ++ return ret; ++} ++ ++static const RAND_METHOD rand_drbg_meth = { ++ fips_drbg_seed, ++ fips_drbg_bytes, ++ fips_drbg_cleanup, ++ fips_drbg_add, ++ fips_drbg_pseudo, ++ fips_drbg_status ++}; ++ ++const RAND_METHOD *FIPS_drbg_method(void) ++{ ++ return &rand_drbg_meth; ++} +diff -up openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c +--- openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c.fips 2019-02-28 11:30:06.812745558 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c 2019-02-28 11:30:06.812745558 +0100 +@@ -0,0 +1,828 @@ ++/* fips/rand/fips_drbg_selftest.c */ ++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include "fips_rand_lcl.h" ++#include "fips_locl.h" ++ ++#include "fips_drbg_selftest.h" ++ ++typedef struct { ++ int post; ++ int nid; ++ unsigned int flags; ++ ++ /* KAT data for no PR */ ++ const unsigned char *ent; ++ size_t entlen; ++ const unsigned char *nonce; ++ size_t noncelen; ++ const unsigned char *pers; ++ size_t perslen; ++ const unsigned char *adin; ++ size_t adinlen; ++ const unsigned char *entreseed; ++ size_t entreseedlen; ++ const unsigned char *adinreseed; ++ size_t adinreseedlen; ++ const unsigned char *adin2; ++ size_t adin2len; ++ const unsigned char *kat; ++ size_t katlen; ++ const unsigned char *kat2; ++ size_t kat2len; ++ ++ /* KAT data for PR */ ++ const unsigned char *ent_pr; ++ size_t entlen_pr; ++ const unsigned char *nonce_pr; ++ size_t noncelen_pr; ++ const unsigned char *pers_pr; ++ size_t perslen_pr; ++ const unsigned char *adin_pr; ++ size_t adinlen_pr; ++ const unsigned char *entpr_pr; ++ size_t entprlen_pr; ++ const unsigned char *ading_pr; ++ size_t adinglen_pr; ++ const unsigned char *entg_pr; ++ size_t entglen_pr; ++ const unsigned char *kat_pr; ++ size_t katlen_pr; ++ const unsigned char *kat2_pr; ++ size_t kat2len_pr; ++ ++} DRBG_SELFTEST_DATA; ++ ++#define make_drbg_test_data(nid, flag, pr, p) {p, nid, flag | DRBG_FLAG_TEST, \ ++ pr##_entropyinput, sizeof(pr##_entropyinput), \ ++ pr##_nonce, sizeof(pr##_nonce), \ ++ pr##_personalizationstring, sizeof(pr##_personalizationstring), \ ++ pr##_additionalinput, sizeof(pr##_additionalinput), \ ++ pr##_entropyinputreseed, sizeof(pr##_entropyinputreseed), \ ++ pr##_additionalinputreseed, sizeof(pr##_additionalinputreseed), \ ++ pr##_additionalinput2, sizeof(pr##_additionalinput2), \ ++ pr##_int_returnedbits, sizeof(pr##_int_returnedbits), \ ++ pr##_returnedbits, sizeof(pr##_returnedbits), \ ++ pr##_pr_entropyinput, sizeof(pr##_pr_entropyinput), \ ++ pr##_pr_nonce, sizeof(pr##_pr_nonce), \ ++ pr##_pr_personalizationstring, sizeof(pr##_pr_personalizationstring), \ ++ pr##_pr_additionalinput, sizeof(pr##_pr_additionalinput), \ ++ pr##_pr_entropyinputpr, sizeof(pr##_pr_entropyinputpr), \ ++ pr##_pr_additionalinput2, sizeof(pr##_pr_additionalinput2), \ ++ pr##_pr_entropyinputpr2, sizeof(pr##_pr_entropyinputpr2), \ ++ pr##_pr_int_returnedbits, sizeof(pr##_pr_int_returnedbits), \ ++ pr##_pr_returnedbits, sizeof(pr##_pr_returnedbits), \ ++ } ++ ++#define make_drbg_test_data_df(nid, pr, p) \ ++ make_drbg_test_data(nid, DRBG_FLAG_CTR_USE_DF, pr, p) ++ ++#define make_drbg_test_data_ec(curve, md, pr, p) \ ++ make_drbg_test_data((curve << 16) | md , 0, pr, p) ++ ++static DRBG_SELFTEST_DATA drbg_test[] = { ++ make_drbg_test_data_df(NID_aes_128_ctr, aes_128_use_df, 0), ++ make_drbg_test_data_df(NID_aes_192_ctr, aes_192_use_df, 0), ++ make_drbg_test_data_df(NID_aes_256_ctr, aes_256_use_df, 1), ++ make_drbg_test_data(NID_aes_128_ctr, 0, aes_128_no_df, 0), ++ make_drbg_test_data(NID_aes_192_ctr, 0, aes_192_no_df, 0), ++ make_drbg_test_data(NID_aes_256_ctr, 0, aes_256_no_df, 1), ++ make_drbg_test_data(NID_sha1, 0, sha1, 0), ++ make_drbg_test_data(NID_sha224, 0, sha224, 0), ++ make_drbg_test_data(NID_sha256, 0, sha256, 1), ++ make_drbg_test_data(NID_sha384, 0, sha384, 0), ++ make_drbg_test_data(NID_sha512, 0, sha512, 0), ++ make_drbg_test_data(NID_hmacWithSHA1, 0, hmac_sha1, 0), ++ make_drbg_test_data(NID_hmacWithSHA224, 0, hmac_sha224, 0), ++ make_drbg_test_data(NID_hmacWithSHA256, 0, hmac_sha256, 1), ++ make_drbg_test_data(NID_hmacWithSHA384, 0, hmac_sha384, 0), ++ make_drbg_test_data(NID_hmacWithSHA512, 0, hmac_sha512, 0), ++ {0, 0, 0} ++}; ++ ++typedef struct { ++ const unsigned char *ent; ++ size_t entlen; ++ int entcnt; ++ const unsigned char *nonce; ++ size_t noncelen; ++ int noncecnt; ++} TEST_ENT; ++ ++static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout, ++ int entropy, size_t min_len, size_t max_len) ++{ ++ TEST_ENT *t = FIPS_drbg_get_app_data(dctx); ++ *pout = (unsigned char *)t->ent; ++ t->entcnt++; ++ return t->entlen; ++} ++ ++static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout, ++ int entropy, size_t min_len, size_t max_len) ++{ ++ TEST_ENT *t = FIPS_drbg_get_app_data(dctx); ++ *pout = (unsigned char *)t->nonce; ++ t->noncecnt++; ++ return t->noncelen; ++} ++ ++static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td, ++ int quick) ++{ ++ TEST_ENT t; ++ int rv = 0; ++ size_t adinlen; ++ unsigned char randout[1024]; ++ ++ /* Initial test without PR */ ++ ++ /* Instantiate DRBG with test entropy, nonce and personalisation ++ * string. ++ */ ++ ++ if (!FIPS_drbg_init(dctx, td->nid, td->flags)) ++ return 0; ++ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0)) ++ return 0; ++ ++ FIPS_drbg_set_app_data(dctx, &t); ++ ++ t.ent = td->ent; ++ t.entlen = td->entlen; ++ t.nonce = td->nonce; ++ t.noncelen = td->noncelen; ++ t.entcnt = 0; ++ t.noncecnt = 0; ++ ++ if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen)) ++ goto err; ++ ++ /* Note for CTR without DF some additional input values ++ * ignore bytes after the keylength: so reduce adinlen ++ * to half to ensure invalid data is fed in. ++ */ ++ if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags)) ++ adinlen = td->adinlen / 2; ++ else ++ adinlen = td->adinlen; ++ ++ /* Generate with no PR and verify output matches expected data */ ++ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, td->adin, adinlen)) ++ goto err; ++ ++ if (memcmp(randout, td->kat, td->katlen)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST1_FAILURE); ++ goto err2; ++ } ++ /* If abbreviated POST end of test */ ++ if (quick) { ++ rv = 1; ++ goto err; ++ } ++ /* Reseed DRBG with test entropy and additional input */ ++ t.ent = td->entreseed; ++ t.entlen = td->entreseedlen; ++ ++ if (!FIPS_drbg_reseed(dctx, td->adinreseed, td->adinreseedlen)) ++ goto err; ++ ++ /* Generate with no PR and verify output matches expected data */ ++ if (!FIPS_drbg_generate(dctx, randout, td->kat2len, 0, ++ td->adin2, td->adin2len)) ++ goto err; ++ ++ if (memcmp(randout, td->kat2, td->kat2len)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST2_FAILURE); ++ goto err2; ++ } ++ ++ FIPS_drbg_uninstantiate(dctx); ++ ++ /* Now test with PR */ ++ ++ /* Instantiate DRBG with test entropy, nonce and personalisation ++ * string. ++ */ ++ if (!FIPS_drbg_init(dctx, td->nid, td->flags)) ++ return 0; ++ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0)) ++ return 0; ++ ++ FIPS_drbg_set_app_data(dctx, &t); ++ ++ t.ent = td->ent_pr; ++ t.entlen = td->entlen_pr; ++ t.nonce = td->nonce_pr; ++ t.noncelen = td->noncelen_pr; ++ t.entcnt = 0; ++ t.noncecnt = 0; ++ ++ if (!FIPS_drbg_instantiate(dctx, td->pers_pr, td->perslen_pr)) ++ goto err; ++ ++ /* Now generate with PR: we need to supply entropy as this will ++ * perform a reseed operation. Check output matches expected value. ++ */ ++ ++ t.ent = td->entpr_pr; ++ t.entlen = td->entprlen_pr; ++ ++ /* Note for CTR without DF some additional input values ++ * ignore bytes after the keylength: so reduce adinlen ++ * to half to ensure invalid data is fed in. ++ */ ++ if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags)) ++ adinlen = td->adinlen_pr / 2; ++ else ++ adinlen = td->adinlen_pr; ++ if (!FIPS_drbg_generate(dctx, randout, td->katlen_pr, 1, ++ td->adin_pr, adinlen)) ++ goto err; ++ ++ if (memcmp(randout, td->kat_pr, td->katlen_pr)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST1_FAILURE); ++ goto err2; ++ } ++ ++ /* Now generate again with PR: supply new entropy again. ++ * Check output matches expected value. ++ */ ++ ++ t.ent = td->entg_pr; ++ t.entlen = td->entglen_pr; ++ ++ if (!FIPS_drbg_generate(dctx, randout, td->kat2len_pr, 1, ++ td->ading_pr, td->adinglen_pr)) ++ goto err; ++ ++ if (memcmp(randout, td->kat2_pr, td->kat2len_pr)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST2_FAILURE); ++ goto err2; ++ } ++ /* All OK, test complete */ ++ rv = 1; ++ ++ err: ++ if (rv == 0) ++ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_SELFTEST_FAILED); ++ err2: ++ FIPS_drbg_uninstantiate(dctx); ++ ++ return rv; ++ ++} ++ ++/* Initialise a DRBG based on selftest data */ ++ ++static int do_drbg_init(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td, TEST_ENT * t) ++{ ++ ++ if (!FIPS_drbg_init(dctx, td->nid, td->flags)) ++ return 0; ++ ++ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0)) ++ return 0; ++ ++ FIPS_drbg_set_app_data(dctx, t); ++ ++ t->ent = td->ent; ++ t->entlen = td->entlen; ++ t->nonce = td->nonce; ++ t->noncelen = td->noncelen; ++ t->entcnt = 0; ++ t->noncecnt = 0; ++ return 1; ++} ++ ++/* Initialise and instantiate DRBG based on selftest data */ ++static int do_drbg_instantiate(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td, ++ TEST_ENT * t) ++{ ++ if (!do_drbg_init(dctx, td, t)) ++ return 0; ++ if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen)) ++ return 0; ++ ++ return 1; ++} ++ ++/* This function performs extensive error checking as required by SP800-90. ++ * Induce several failure modes and check an error condition is set. ++ * This function along with fips_drbg_single_kat peforms the health checking ++ * operation. ++ */ ++ ++static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td) ++{ ++ unsigned char randout[1024]; ++ TEST_ENT t; ++ size_t i; ++ unsigned int reseed_counter_tmp; ++ unsigned char *p = (unsigned char *)dctx; ++ ++ /* Initialise DRBG */ ++ ++ if (!do_drbg_init(dctx, td, &t)) ++ goto err; ++ ++ /* Don't report induced errors */ ++ dctx->iflags |= DRBG_FLAG_NOERR; ++ ++ /* Personalisation string tests */ ++ ++ /* Test detection of too large personlisation string */ ++ ++ if (FIPS_drbg_instantiate(dctx, td->pers, dctx->max_pers + 1) > 0) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_PERSONALISATION_ERROR_UNDETECTED); ++ goto err; ++ } ++ ++ /* Entropy source tests */ ++ ++ /* Test entropy source failure detecion: i.e. returns no data */ ++ ++ t.entlen = 0; ++ ++ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_ENTROPY_ERROR_UNDETECTED); ++ goto err; ++ } ++ ++ /* Try to generate output from uninstantiated DRBG */ ++ if (FIPS_drbg_generate(dctx, randout, td->katlen, 0, ++ td->adin, td->adinlen)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_GENERATE_ERROR_UNDETECTED); ++ goto err; ++ } ++ ++ dctx->iflags &= ~DRBG_FLAG_NOERR; ++ if (!FIPS_drbg_uninstantiate(dctx)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); ++ goto err; ++ } ++ ++ if (!do_drbg_init(dctx, td, &t)) ++ goto err; ++ ++ dctx->iflags |= DRBG_FLAG_NOERR; ++ ++ /* Test insufficient entropy */ ++ ++ t.entlen = dctx->min_entropy - 1; ++ ++ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_ENTROPY_ERROR_UNDETECTED); ++ goto err; ++ } ++ ++ dctx->iflags &= ~DRBG_FLAG_NOERR; ++ if (!FIPS_drbg_uninstantiate(dctx)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); ++ goto err; ++ } ++ ++ /* Test too much entropy */ ++ ++ if (!do_drbg_init(dctx, td, &t)) ++ goto err; ++ ++ dctx->iflags |= DRBG_FLAG_NOERR; ++ ++ t.entlen = dctx->max_entropy + 1; ++ ++ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_ENTROPY_ERROR_UNDETECTED); ++ goto err; ++ } ++ ++ dctx->iflags &= ~DRBG_FLAG_NOERR; ++ if (!FIPS_drbg_uninstantiate(dctx)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); ++ goto err; ++ } ++ ++ /* Nonce tests */ ++ ++ /* Test too small nonce */ ++ ++ if (dctx->min_nonce) { ++ ++ if (!do_drbg_init(dctx, td, &t)) ++ goto err; ++ ++ dctx->iflags |= DRBG_FLAG_NOERR; ++ ++ t.noncelen = dctx->min_nonce - 1; ++ ++ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_NONCE_ERROR_UNDETECTED); ++ goto err; ++ } ++ ++ dctx->iflags &= ~DRBG_FLAG_NOERR; ++ if (!FIPS_drbg_uninstantiate(dctx)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); ++ goto err; ++ } ++ ++ } ++ ++ /* Test too large nonce */ ++ ++ if (dctx->max_nonce) { ++ ++ if (!do_drbg_init(dctx, td, &t)) ++ goto err; ++ ++ dctx->iflags |= DRBG_FLAG_NOERR; ++ ++ t.noncelen = dctx->max_nonce + 1; ++ ++ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_NONCE_ERROR_UNDETECTED); ++ goto err; ++ } ++ ++ dctx->iflags &= ~DRBG_FLAG_NOERR; ++ if (!FIPS_drbg_uninstantiate(dctx)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); ++ goto err; ++ } ++ ++ } ++ ++ /* Instantiate with valid data. */ ++ if (!do_drbg_instantiate(dctx, td, &t)) ++ goto err; ++ ++ /* Check generation is now OK */ ++ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, ++ td->adin, td->adinlen)) ++ goto err; ++ ++ dctx->iflags |= DRBG_FLAG_NOERR; ++ ++ /* Request too much data for one request */ ++ if (FIPS_drbg_generate(dctx, randout, dctx->max_request + 1, 0, ++ td->adin, td->adinlen)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED); ++ goto err; ++ } ++ ++ /* Try too large additional input */ ++ if (FIPS_drbg_generate(dctx, randout, td->katlen, 0, ++ td->adin, dctx->max_adin + 1)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED); ++ goto err; ++ } ++ ++ /* Check prediction resistance request fails if entropy source ++ * failure. ++ */ ++ ++ t.entlen = 0; ++ ++ if (FIPS_drbg_generate(dctx, randout, td->katlen, 1, ++ td->adin, td->adinlen)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_ENTROPY_ERROR_UNDETECTED); ++ goto err; ++ } ++ ++ dctx->iflags &= ~DRBG_FLAG_NOERR; ++ if (!FIPS_drbg_uninstantiate(dctx)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); ++ goto err; ++ } ++ ++ /* Instantiate again with valid data */ ++ ++ if (!do_drbg_instantiate(dctx, td, &t)) ++ goto err; ++ /* Test reseed counter works */ ++ /* Save initial reseed counter */ ++ reseed_counter_tmp = dctx->reseed_counter; ++ /* Set reseed counter to beyond interval */ ++ dctx->reseed_counter = dctx->reseed_interval; ++ ++ /* Generate output and check entropy has been requested for reseed */ ++ t.entcnt = 0; ++ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, ++ td->adin, td->adinlen)) ++ goto err; ++ if (t.entcnt != 1) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED); ++ goto err; ++ } ++ /* Check reseed counter has been reset */ ++ if (dctx->reseed_counter != reseed_counter_tmp + 1) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR); ++ goto err; ++ } ++ ++ dctx->iflags &= ~DRBG_FLAG_NOERR; ++ if (!FIPS_drbg_uninstantiate(dctx)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); ++ goto err; ++ } ++ ++ /* Check prediction resistance request fails if entropy source ++ * failure. ++ */ ++ ++ t.entlen = 0; ++ ++ dctx->iflags |= DRBG_FLAG_NOERR; ++ if (FIPS_drbg_generate(dctx, randout, td->katlen, 1, ++ td->adin, td->adinlen)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_ENTROPY_ERROR_UNDETECTED); ++ goto err; ++ } ++ ++ dctx->iflags &= ~DRBG_FLAG_NOERR; ++ ++ if (!FIPS_drbg_uninstantiate(dctx)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); ++ goto err; ++ } ++ ++ if (!do_drbg_instantiate(dctx, td, &t)) ++ goto err; ++ /* Test reseed counter works */ ++ /* Save initial reseed counter */ ++ reseed_counter_tmp = dctx->reseed_counter; ++ /* Set reseed counter to beyond interval */ ++ dctx->reseed_counter = dctx->reseed_interval; ++ ++ /* Generate output and check entropy has been requested for reseed */ ++ t.entcnt = 0; ++ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, ++ td->adin, td->adinlen)) ++ goto err; ++ if (t.entcnt != 1) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED); ++ goto err; ++ } ++ /* Check reseed counter has been reset */ ++ if (dctx->reseed_counter != reseed_counter_tmp + 1) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR); ++ goto err; ++ } ++ ++ dctx->iflags &= ~DRBG_FLAG_NOERR; ++ if (!FIPS_drbg_uninstantiate(dctx)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); ++ goto err; ++ } ++ ++ /* Explicit reseed tests */ ++ ++ /* Test explicit reseed with too large additional input */ ++ if (!do_drbg_init(dctx, td, &t)) ++ goto err; ++ ++ dctx->iflags |= DRBG_FLAG_NOERR; ++ ++ if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED); ++ goto err; ++ } ++ ++ /* Test explicit reseed with entropy source failure */ ++ ++ t.entlen = 0; ++ ++ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_ENTROPY_ERROR_UNDETECTED); ++ goto err; ++ } ++ ++ if (!FIPS_drbg_uninstantiate(dctx)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); ++ goto err; ++ } ++ ++ /* Test explicit reseed with too much entropy */ ++ ++ if (!do_drbg_init(dctx, td, &t)) ++ goto err; ++ ++ dctx->iflags |= DRBG_FLAG_NOERR; ++ ++ t.entlen = dctx->max_entropy + 1; ++ ++ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_ENTROPY_ERROR_UNDETECTED); ++ goto err; ++ } ++ ++ if (!FIPS_drbg_uninstantiate(dctx)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); ++ goto err; ++ } ++ ++ /* Test explicit reseed with too little entropy */ ++ ++ if (!do_drbg_init(dctx, td, &t)) ++ goto err; ++ ++ dctx->iflags |= DRBG_FLAG_NOERR; ++ ++ t.entlen = dctx->min_entropy - 1; ++ ++ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_ENTROPY_ERROR_UNDETECTED); ++ goto err; ++ } ++ ++ if (!FIPS_drbg_uninstantiate(dctx)) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); ++ goto err; ++ } ++ ++ p = (unsigned char *)&dctx->d; ++ /* Standard says we have to check uninstantiate really zeroes ++ * the data... ++ */ ++ for (i = 0; i < sizeof(dctx->d); i++) { ++ if (*p != 0) { ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, ++ FIPS_R_UNINSTANTIATE_ZEROISE_ERROR); ++ goto err; ++ } ++ p++; ++ } ++ ++ return 1; ++ ++ err: ++ /* A real error as opposed to an induced one: underlying function will ++ * indicate the error. ++ */ ++ if (!(dctx->iflags & DRBG_FLAG_NOERR)) ++ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_FUNCTION_ERROR); ++ FIPS_drbg_uninstantiate(dctx); ++ return 0; ++ ++} ++ ++int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags) ++{ ++ DRBG_SELFTEST_DATA *td; ++ flags |= DRBG_FLAG_TEST; ++ for (td = drbg_test; td->nid != 0; td++) { ++ if (td->nid == nid && td->flags == flags) { ++ if (!fips_drbg_single_kat(dctx, td, 0)) ++ return 0; ++ return fips_drbg_error_check(dctx, td); ++ } ++ } ++ return 0; ++} ++ ++int FIPS_drbg_health_check(DRBG_CTX *dctx) ++{ ++ int rv; ++ DRBG_CTX *tctx = NULL; ++ tctx = FIPS_drbg_new(0, 0); ++ fips_post_started(FIPS_TEST_DRBG, dctx->type, &dctx->xflags); ++ if (!tctx) ++ return 0; ++ rv = fips_drbg_kat(tctx, dctx->type, dctx->xflags); ++ if (tctx) ++ FIPS_drbg_free(tctx); ++ if (rv) ++ fips_post_success(FIPS_TEST_DRBG, dctx->type, &dctx->xflags); ++ else ++ fips_post_failed(FIPS_TEST_DRBG, dctx->type, &dctx->xflags); ++ if (!rv) ++ dctx->status = DRBG_STATUS_ERROR; ++ else ++ dctx->health_check_cnt = 0; ++ return rv; ++} ++ ++int FIPS_selftest_drbg(void) ++{ ++ DRBG_CTX *dctx; ++ DRBG_SELFTEST_DATA *td; ++ int rv = 1; ++ dctx = FIPS_drbg_new(0, 0); ++ if (!dctx) ++ return 0; ++ for (td = drbg_test; td->nid != 0; td++) { ++ if (td->post != 1) ++ continue; ++ if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags)) ++ return 1; ++ if (!fips_drbg_single_kat(dctx, td, 1)) { ++ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags); ++ rv = 0; ++ continue; ++ } ++ if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags)) ++ return 0; ++ } ++ FIPS_drbg_free(dctx); ++ return rv; ++} ++ ++int FIPS_selftest_drbg_all(void) ++{ ++ DRBG_CTX *dctx; ++ DRBG_SELFTEST_DATA *td; ++ int rv = 1; ++ dctx = FIPS_drbg_new(0, 0); ++ if (!dctx) ++ return 0; ++ for (td = drbg_test; td->nid != 0; td++) { ++ if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags)) ++ return 1; ++ if (!fips_drbg_single_kat(dctx, td, 0)) { ++ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags); ++ rv = 0; ++ continue; ++ } ++ if (!fips_drbg_error_check(dctx, td)) { ++ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags); ++ rv = 0; ++ continue; ++ } ++ if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags)) ++ return 0; ++ } ++ FIPS_drbg_free(dctx); ++ return rv; ++} +diff -up openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h +--- openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h.fips 2019-02-28 11:30:06.813745540 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h 2019-02-28 11:30:06.813745540 +0100 +@@ -0,0 +1,1791 @@ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++/* Selftest and health check data for the SP800-90 DRBG */ ++ ++#define __fips_constseg ++ ++/* AES-128 use df PR */ ++__fips_constseg static const unsigned char aes_128_use_df_pr_entropyinput[] = { ++ 0x61, 0x52, 0x7c, 0xe3, 0x23, 0x7d, 0x0a, 0x07, 0x10, 0x0c, 0x50, 0x33, ++ 0xc8, 0xdb, 0xff, 0x12 ++}; ++ ++__fips_constseg static const unsigned char aes_128_use_df_pr_nonce[] = { ++ 0x51, 0x0d, 0x85, 0x77, 0xed, 0x22, 0x97, 0x28 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_128_use_df_pr_personalizationstring[] = { ++ 0x59, 0x9f, 0xbb, 0xcd, 0xd5, 0x25, 0x69, 0xb5, 0xcb, 0xb5, 0x03, 0xfe, ++ 0xd7, 0xd7, 0x01, 0x67 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_128_use_df_pr_additionalinput[] = { ++ 0xef, 0x88, 0x76, 0x01, 0xaf, 0x3c, 0xfe, 0x8b, 0xaf, 0x26, 0x06, 0x9e, ++ 0x9a, 0x47, 0x08, 0x76 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_128_use_df_pr_entropyinputpr[] = { ++ 0xe2, 0x76, 0xf9, 0xf6, 0x3a, 0xba, 0x10, 0x9f, 0xbf, 0x47, 0x0e, 0x51, ++ 0x09, 0xfb, 0xa3, 0xb6 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_128_use_df_pr_int_returnedbits[] = { ++ 0xd4, 0x98, 0x8a, 0x46, 0x80, 0x4c, 0xdb, 0xa3, 0x59, 0x02, 0x57, 0x52, ++ 0x66, 0x1c, 0xea, 0x5b ++}; ++ ++__fips_constseg ++ static const unsigned char aes_128_use_df_pr_additionalinput2[] = { ++ 0x88, 0x8c, 0x91, 0xd6, 0xbe, 0x56, 0x6e, 0x08, 0x9a, 0x62, 0x2b, 0x11, ++ 0x3f, 0x5e, 0x31, 0x06 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_128_use_df_pr_entropyinputpr2[] = { ++ 0xc0, 0x5c, 0x6b, 0x98, 0x01, 0x0d, 0x58, 0x18, 0x51, 0x18, 0x96, 0xae, ++ 0xa7, 0xe3, 0xa8, 0x67 ++}; ++ ++__fips_constseg static const unsigned char aes_128_use_df_pr_returnedbits[] = { ++ 0xcf, 0x01, 0xac, 0x22, 0x31, 0x06, 0x8e, 0xfc, 0xce, 0x56, 0xea, 0x24, ++ 0x0f, 0x38, 0x43, 0xc6 ++}; ++ ++/* AES-128 use df No PR */ ++__fips_constseg static const unsigned char aes_128_use_df_entropyinput[] = { ++ 0x1f, 0x8e, 0x34, 0x82, 0x0c, 0xb7, 0xbe, 0xc5, 0x01, 0x3e, 0xd0, 0xa3, ++ 0x9d, 0x7d, 0x1c, 0x9b ++}; ++ ++__fips_constseg static const unsigned char aes_128_use_df_nonce[] = { ++ 0xd5, 0x4d, 0xbd, 0x4a, 0x93, 0x7f, 0xb8, 0x96 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_128_use_df_personalizationstring[] = { ++ 0xab, 0xd6, 0x3f, 0x04, 0xfe, 0x27, 0x6b, 0x2d, 0xd7, 0xc3, 0x1c, 0xf3, ++ 0x38, 0x66, 0xba, 0x1b ++}; ++ ++__fips_constseg static const unsigned char aes_128_use_df_additionalinput[] = { ++ 0xfe, 0xf4, 0x09, 0xa8, 0xb7, 0x73, 0x27, 0x9c, 0x5f, 0xa7, 0xea, 0x46, ++ 0xb5, 0xe2, 0xb2, 0x41 ++}; ++ ++__fips_constseg static const unsigned char aes_128_use_df_int_returnedbits[] = { ++ 0x42, 0xe4, 0x4e, 0x7b, 0x27, 0xdd, 0xcb, 0xbc, 0x0a, 0xcf, 0xa6, 0x67, ++ 0xe7, 0x57, 0x11, 0xb4 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_128_use_df_entropyinputreseed[] = { ++ 0x14, 0x26, 0x69, 0xd9, 0xf3, 0x65, 0x03, 0xd6, 0x6b, 0xb9, 0x44, 0x0b, ++ 0xc7, 0xc4, 0x9e, 0x39 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_128_use_df_additionalinputreseed[] = { ++ 0x55, 0x2e, 0x60, 0x9a, 0x05, 0x72, 0x8a, 0xa8, 0xef, 0x22, 0x81, 0x5a, ++ 0xc8, 0x93, 0xfa, 0x84 ++}; ++ ++__fips_constseg static const unsigned char aes_128_use_df_additionalinput2[] = { ++ 0x3c, 0x40, 0xc8, 0xc4, 0x16, 0x0c, 0x21, 0xa4, 0x37, 0x2c, 0x8f, 0xa5, ++ 0x06, 0x0c, 0x15, 0x2c ++}; ++ ++__fips_constseg static const unsigned char aes_128_use_df_returnedbits[] = { ++ 0xe1, 0x3e, 0x99, 0x98, 0x86, 0x67, 0x0b, 0x63, 0x7b, 0xbe, 0x3f, 0x88, ++ 0x46, 0x81, 0xc7, 0x19 ++}; ++ ++/* AES-192 use df PR */ ++__fips_constseg static const unsigned char aes_192_use_df_pr_entropyinput[] = { ++ 0x2b, 0x4e, 0x8b, 0xe1, 0xf1, 0x34, 0x80, 0x56, 0x81, 0xf9, 0x74, 0xec, ++ 0x17, 0x44, 0x2a, 0xf1, 0x14, 0xb0, 0xbf, 0x97, 0x39, 0xb7, 0x04, 0x7d ++}; ++ ++__fips_constseg static const unsigned char aes_192_use_df_pr_nonce[] = { ++ 0xd6, 0x9d, 0xeb, 0x14, 0x4e, 0x6c, 0x30, 0x1e, 0x39, 0x55, 0x73, 0xd0, ++ 0xd1, 0x80, 0x78, 0xfa ++}; ++ ++__fips_constseg ++ static const unsigned char aes_192_use_df_pr_personalizationstring[] = { ++ 0xfc, 0x43, 0x4a, 0xf8, 0x9a, 0x55, 0xb3, 0x53, 0x83, 0xe2, 0x18, 0x16, ++ 0x0c, 0xdc, 0xcd, 0x5e, 0x4f, 0xa0, 0x03, 0x01, 0x2b, 0x9f, 0xe4, 0xd5, ++ 0x7d, 0x49, 0xf0, 0x41, 0x9e, 0x3d, 0x99, 0x04 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_192_use_df_pr_additionalinput[] = { ++ 0x5e, 0x9f, 0x49, 0x6f, 0x21, 0x8b, 0x1d, 0x32, 0xd5, 0x84, 0x5c, 0xac, ++ 0xaf, 0xdf, 0xe4, 0x79, 0x9e, 0xaf, 0xa9, 0x82, 0xd0, 0xf8, 0x4f, 0xcb, ++ 0x69, 0x10, 0x0a, 0x7e, 0x81, 0x57, 0xb5, 0x36 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_192_use_df_pr_entropyinputpr[] = { ++ 0xd4, 0x81, 0x0c, 0xd7, 0x66, 0x39, 0xec, 0x42, 0x53, 0x87, 0x41, 0xa5, ++ 0x1e, 0x7d, 0x80, 0x91, 0x8e, 0xbb, 0xed, 0xac, 0x14, 0x02, 0x1a, 0xd5 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_192_use_df_pr_int_returnedbits[] = { ++ 0xdf, 0x1d, 0x39, 0x45, 0x7c, 0x9b, 0xc6, 0x2b, 0x7d, 0x8c, 0x93, 0xe9, ++ 0x19, 0x30, 0x6b, 0x67 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_192_use_df_pr_additionalinput2[] = { ++ 0x00, 0x71, 0x27, 0x4e, 0xd3, 0x14, 0xf1, 0x20, 0x7f, 0x4a, 0x41, 0x32, ++ 0x2a, 0x97, 0x11, 0x43, 0x8f, 0x4a, 0x15, 0x7b, 0x9b, 0x51, 0x79, 0xda, ++ 0x49, 0x3d, 0xde, 0xe8, 0xbc, 0x93, 0x91, 0x99 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_192_use_df_pr_entropyinputpr2[] = { ++ 0x90, 0xee, 0x76, 0xa1, 0x45, 0x8d, 0xb7, 0x40, 0xb0, 0x11, 0xbf, 0xd0, ++ 0x65, 0xd7, 0x3c, 0x7c, 0x4f, 0x20, 0x3f, 0x4e, 0x11, 0x9d, 0xb3, 0x5e ++}; ++ ++__fips_constseg static const unsigned char aes_192_use_df_pr_returnedbits[] = { ++ 0x24, 0x3b, 0x20, 0xa4, 0x37, 0x66, 0xba, 0x72, 0x39, 0x3f, 0xcf, 0x3c, ++ 0x7e, 0x1a, 0x2b, 0x83 ++}; ++ ++/* AES-192 use df No PR */ ++__fips_constseg static const unsigned char aes_192_use_df_entropyinput[] = { ++ 0x8d, 0x74, 0xa4, 0x50, 0x1a, 0x02, 0x68, 0x0c, 0x2a, 0x69, 0xc4, 0x82, ++ 0x3b, 0xbb, 0xda, 0x0e, 0x7f, 0x77, 0xa3, 0x17, 0x78, 0x57, 0xb2, 0x7b ++}; ++ ++__fips_constseg static const unsigned char aes_192_use_df_nonce[] = { ++ 0x75, 0xd5, 0x1f, 0xac, 0xa4, 0x8d, 0x42, 0x78, 0xd7, 0x69, 0x86, 0x9d, ++ 0x77, 0xd7, 0x41, 0x0e ++}; ++ ++__fips_constseg ++ static const unsigned char aes_192_use_df_personalizationstring[] = { ++ 0x4e, 0x33, 0x41, 0x3c, 0x9c, 0xc2, 0xd2, 0x53, 0xaf, 0x90, 0xea, 0xcf, ++ 0x19, 0x50, 0x1e, 0xe6, 0x6f, 0x63, 0xc8, 0x32, 0x22, 0xdc, 0x07, 0x65, ++ 0x9c, 0xd3, 0xf8, 0x30, 0x9e, 0xed, 0x35, 0x70 ++}; ++ ++__fips_constseg static const unsigned char aes_192_use_df_additionalinput[] = { ++ 0x5d, 0x8b, 0x8c, 0xc1, 0xdf, 0x0e, 0x02, 0x78, 0xfb, 0x19, 0xb8, 0x69, ++ 0x78, 0x4e, 0x9c, 0x52, 0xbc, 0xc7, 0x20, 0xc9, 0xe6, 0x5e, 0x77, 0x22, ++ 0x28, 0x3d, 0x0c, 0x9e, 0x68, 0xa8, 0x45, 0xd7 ++}; ++ ++__fips_constseg static const unsigned char aes_192_use_df_int_returnedbits[] = { ++ 0xd5, 0xe7, 0x08, 0xc5, 0x19, 0x99, 0xd5, 0x31, 0x03, 0x0a, 0x74, 0xb6, ++ 0xb7, 0xed, 0xe9, 0xea ++}; ++ ++__fips_constseg ++ static const unsigned char aes_192_use_df_entropyinputreseed[] = { ++ 0x9c, 0x26, 0xda, 0xf1, 0xac, 0xd9, 0x5a, 0xd6, 0xa8, 0x65, 0xf5, 0x02, ++ 0x8f, 0xdc, 0xa2, 0x09, 0x54, 0xa6, 0xe2, 0xa4, 0xde, 0x32, 0xe0, 0x01 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_192_use_df_additionalinputreseed[] = { ++ 0x9b, 0x90, 0xb0, 0x3a, 0x0e, 0x3a, 0x80, 0x07, 0x4a, 0xf4, 0xda, 0x76, ++ 0x28, 0x30, 0x3c, 0xee, 0x54, 0x1b, 0x94, 0x59, 0x51, 0x43, 0x56, 0x77, ++ 0xaf, 0x88, 0xdd, 0x63, 0x89, 0x47, 0x06, 0x65 ++}; ++ ++__fips_constseg static const unsigned char aes_192_use_df_additionalinput2[] = { ++ 0x3c, 0x11, 0x64, 0x7a, 0x96, 0xf5, 0xd8, 0xb8, 0xae, 0xd6, 0x70, 0x4e, ++ 0x16, 0x96, 0xde, 0xe9, 0x62, 0xbc, 0xee, 0x28, 0x2f, 0x26, 0xa6, 0xf0, ++ 0x56, 0xef, 0xa3, 0xf1, 0x6b, 0xa1, 0xb1, 0x77 ++}; ++ ++__fips_constseg static const unsigned char aes_192_use_df_returnedbits[] = { ++ 0x0b, 0xe2, 0x56, 0x03, 0x1e, 0xdb, 0x2c, 0x6d, 0x7f, 0x1b, 0x15, 0x58, ++ 0x1a, 0xf9, 0x13, 0x28 ++}; ++ ++/* AES-256 use df PR */ ++__fips_constseg static const unsigned char aes_256_use_df_pr_entropyinput[] = { ++ 0x61, 0x68, 0xfc, 0x1a, 0xf0, 0xb5, 0x95, 0x6b, 0x85, 0x09, 0x9b, 0x74, ++ 0x3f, 0x13, 0x78, 0x49, 0x3b, 0x85, 0xec, 0x93, 0x13, 0x3b, 0xa9, 0x4f, ++ 0x96, 0xab, 0x2c, 0xe4, 0xc8, 0x8f, 0xdd, 0x6a ++}; ++ ++__fips_constseg static const unsigned char aes_256_use_df_pr_nonce[] = { ++ 0xad, 0xd2, 0xbb, 0xba, 0xb7, 0x65, 0x89, 0xc3, 0x21, 0x6c, 0x55, 0x33, ++ 0x2b, 0x36, 0xff, 0xa4 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_256_use_df_pr_personalizationstring[] = { ++ 0x6e, 0xca, 0xe7, 0x20, 0x72, 0xd3, 0x84, 0x5a, 0x32, 0xd3, 0x4b, 0x24, ++ 0x72, 0xc4, 0x63, 0x2b, 0x9d, 0x12, 0x24, 0x0c, 0x23, 0x26, 0x8e, 0x83, ++ 0x16, 0x37, 0x0b, 0xd1, 0x06, 0x4f, 0x68, 0x6d ++}; ++ ++__fips_constseg ++ static const unsigned char aes_256_use_df_pr_additionalinput[] = { ++ 0x7e, 0x08, 0x4a, 0xbb, 0xe3, 0x21, 0x7c, 0xc9, 0x23, 0xd2, 0xf8, 0xb0, ++ 0x73, 0x98, 0xba, 0x84, 0x74, 0x23, 0xab, 0x06, 0x8a, 0xe2, 0x22, 0xd3, ++ 0x7b, 0xce, 0x9b, 0xd2, 0x4a, 0x76, 0xb8, 0xde ++}; ++ ++__fips_constseg ++ static const unsigned char aes_256_use_df_pr_entropyinputpr[] = { ++ 0x0b, 0x23, 0xaf, 0xdf, 0xf1, 0x62, 0xd7, 0xd3, 0x43, 0x97, 0xf8, 0x77, ++ 0x04, 0xa8, 0x42, 0x20, 0xbd, 0xf6, 0x0f, 0xc1, 0x17, 0x2f, 0x9f, 0x54, ++ 0xbb, 0x56, 0x17, 0x86, 0x68, 0x0e, 0xba, 0xa9 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_256_use_df_pr_int_returnedbits[] = { ++ 0x31, 0x8e, 0xad, 0xaf, 0x40, 0xeb, 0x6b, 0x74, 0x31, 0x46, 0x80, 0xc7, ++ 0x17, 0xab, 0x3c, 0x7a ++}; ++ ++__fips_constseg ++ static const unsigned char aes_256_use_df_pr_additionalinput2[] = { ++ 0x94, 0x6b, 0xc9, 0x9f, 0xab, 0x8d, 0xc5, 0xec, 0x71, 0x88, 0x1d, 0x00, ++ 0x8c, 0x89, 0x68, 0xe4, 0xc8, 0x07, 0x77, 0x36, 0x17, 0x6d, 0x79, 0x78, ++ 0xc7, 0x06, 0x4e, 0x99, 0x04, 0x28, 0x29, 0xc3 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_256_use_df_pr_entropyinputpr2[] = { ++ 0xbf, 0x6c, 0x59, 0x2a, 0x0d, 0x44, 0x0f, 0xae, 0x9a, 0x5e, 0x03, 0x73, ++ 0xd8, 0xa6, 0xe1, 0xcf, 0x25, 0x61, 0x38, 0x24, 0x86, 0x9e, 0x53, 0xe8, ++ 0xa4, 0xdf, 0x56, 0xf4, 0x06, 0x07, 0x9c, 0x0f ++}; ++ ++__fips_constseg static const unsigned char aes_256_use_df_pr_returnedbits[] = { ++ 0x22, 0x4a, 0xb4, 0xb8, 0xb6, 0xee, 0x7d, 0xb1, 0x9e, 0xc9, 0xf9, 0xa0, ++ 0xd9, 0xe2, 0x97, 0x00 ++}; ++ ++/* AES-256 use df No PR */ ++__fips_constseg static const unsigned char aes_256_use_df_entropyinput[] = { ++ 0xa5, 0x3e, 0x37, 0x10, 0x17, 0x43, 0x91, 0x93, 0x59, 0x1e, 0x47, 0x50, ++ 0x87, 0xaa, 0xdd, 0xd5, 0xc1, 0xc3, 0x86, 0xcd, 0xca, 0x0d, 0xdb, 0x68, ++ 0xe0, 0x02, 0xd8, 0x0f, 0xdc, 0x40, 0x1a, 0x47 ++}; ++ ++__fips_constseg static const unsigned char aes_256_use_df_nonce[] = { ++ 0xa9, 0x4d, 0xa5, 0x5a, 0xfd, 0xc5, 0x0c, 0xe5, 0x1c, 0x9a, 0x3b, 0x8a, ++ 0x4c, 0x44, 0x84, 0x40 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_256_use_df_personalizationstring[] = { ++ 0x8b, 0x52, 0xa2, 0x4a, 0x93, 0xc3, 0x4e, 0xa7, 0x1e, 0x1c, 0xa7, 0x05, ++ 0xeb, 0x82, 0x9b, 0xa6, 0x5d, 0xe4, 0xd4, 0xe0, 0x7f, 0xa3, 0xd8, 0x6b, ++ 0x37, 0x84, 0x5f, 0xf1, 0xc7, 0xd5, 0xf6, 0xd2 ++}; ++ ++__fips_constseg static const unsigned char aes_256_use_df_additionalinput[] = { ++ 0x20, 0xf4, 0x22, 0xed, 0xf8, 0x5c, 0xa1, 0x6a, 0x01, 0xcf, 0xbe, 0x5f, ++ 0x8d, 0x6c, 0x94, 0x7f, 0xae, 0x12, 0xa8, 0x57, 0xdb, 0x2a, 0xa9, 0xbf, ++ 0xc7, 0xb3, 0x65, 0x81, 0x80, 0x8d, 0x0d, 0x46 ++}; ++ ++__fips_constseg static const unsigned char aes_256_use_df_int_returnedbits[] = { ++ 0x4e, 0x44, 0xfd, 0xf3, 0x9e, 0x29, 0xa2, 0xb8, 0x0f, 0x5d, 0x6c, 0xe1, ++ 0x28, 0x0c, 0x3b, 0xc1 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_256_use_df_entropyinputreseed[] = { ++ 0xdd, 0x40, 0xe5, 0x98, 0x7b, 0x27, 0x16, 0x73, 0x15, 0x68, 0xd2, 0x76, ++ 0xbf, 0x0c, 0x67, 0x15, 0x75, 0x79, 0x03, 0xd3, 0xde, 0xde, 0x91, 0x46, ++ 0x42, 0xdd, 0xd4, 0x67, 0xc8, 0x79, 0xc8, 0x1e ++}; ++ ++__fips_constseg ++ static const unsigned char aes_256_use_df_additionalinputreseed[] = { ++ 0x7f, 0xd8, 0x1f, 0xbd, 0x2a, 0xb5, 0x1c, 0x11, 0x5d, 0x83, 0x4e, 0x99, ++ 0xf6, 0x5c, 0xa5, 0x40, 0x20, 0xed, 0x38, 0x8e, 0xd5, 0x9e, 0xe0, 0x75, ++ 0x93, 0xfe, 0x12, 0x5e, 0x5d, 0x73, 0xfb, 0x75 ++}; ++ ++__fips_constseg static const unsigned char aes_256_use_df_additionalinput2[] = { ++ 0xcd, 0x2c, 0xff, 0x14, 0x69, 0x3e, 0x4c, 0x9e, 0xfd, 0xfe, 0x26, 0x0d, ++ 0xe9, 0x86, 0x00, 0x49, 0x30, 0xba, 0xb1, 0xc6, 0x50, 0x57, 0x77, 0x2a, ++ 0x62, 0x39, 0x2c, 0x3b, 0x74, 0xeb, 0xc9, 0x0d ++}; ++ ++__fips_constseg static const unsigned char aes_256_use_df_returnedbits[] = { ++ 0x4f, 0x78, 0xbe, 0xb9, 0x4d, 0x97, 0x8c, 0xe9, 0xd0, 0x97, 0xfe, 0xad, ++ 0xfa, 0xfd, 0x35, 0x5e ++}; ++ ++/* AES-128 no df PR */ ++__fips_constseg static const unsigned char aes_128_no_df_pr_entropyinput[] = { ++ 0x9a, 0x25, 0x65, 0x10, 0x67, 0xd5, 0xb6, 0x6b, 0x70, 0xa1, 0xb3, 0xa4, ++ 0x43, 0x95, 0x80, 0xc0, 0x84, 0x0a, 0x79, 0xb0, 0x88, 0x74, 0xf2, 0xbf, ++ 0x31, 0x6c, 0x33, 0x38, 0x0b, 0x00, 0xb2, 0x5a ++}; ++ ++__fips_constseg static const unsigned char aes_128_no_df_pr_nonce[] = { ++ 0x78, 0x47, 0x6b, 0xf7, 0x90, 0x8e, 0x87, 0xf1 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_128_no_df_pr_personalizationstring[] = { ++ 0xf7, 0x22, 0x1d, 0x3a, 0xbe, 0x1d, 0xca, 0x32, 0x1b, 0xbd, 0x87, 0x0c, ++ 0x51, 0x24, 0x19, 0xee, 0xa3, 0x23, 0x09, 0x63, 0x33, 0x3d, 0xa8, 0x0c, ++ 0x1c, 0xfa, 0x42, 0x89, 0xcc, 0x6f, 0xa0, 0xa8 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_128_no_df_pr_additionalinput[] = { ++ 0xc9, 0xe0, 0x80, 0xbf, 0x8c, 0x45, 0x58, 0x39, 0xff, 0x00, 0xab, 0x02, ++ 0x4c, 0x3e, 0x3a, 0x95, 0x9b, 0x80, 0xa8, 0x21, 0x2a, 0xee, 0xba, 0x73, ++ 0xb1, 0xd9, 0xcf, 0x28, 0xf6, 0x8f, 0x9b, 0x12 ++}; ++ ++__fips_constseg static const unsigned char aes_128_no_df_pr_entropyinputpr[] = { ++ 0x4c, 0xa8, 0xc5, 0xf0, 0x59, 0x9e, 0xa6, 0x8d, 0x26, 0x53, 0xd7, 0x8a, ++ 0xa9, 0xd8, 0xf7, 0xed, 0xb2, 0xf9, 0x12, 0x42, 0xe1, 0xe5, 0xbd, 0xe7, ++ 0xe7, 0x1d, 0x74, 0x99, 0x00, 0x9d, 0x31, 0x3e ++}; ++ ++__fips_constseg ++ static const unsigned char aes_128_no_df_pr_int_returnedbits[] = { ++ 0xe2, 0xac, 0x20, 0xf0, 0x80, 0xe7, 0xbc, 0x7e, 0x9c, 0x7b, 0x65, 0x71, ++ 0xaf, 0x19, 0x32, 0x16 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_128_no_df_pr_additionalinput2[] = { ++ 0x32, 0x7f, 0x38, 0x8b, 0x73, 0x0a, 0x78, 0x83, 0xdc, 0x30, 0xbe, 0x9f, ++ 0x10, 0x1f, 0xf5, 0x1f, 0xca, 0x00, 0xb5, 0x0d, 0xd6, 0x9d, 0x60, 0x83, ++ 0x51, 0x54, 0x7d, 0x38, 0x23, 0x3a, 0x52, 0x50 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_128_no_df_pr_entropyinputpr2[] = { ++ 0x18, 0x61, 0x53, 0x56, 0xed, 0xed, 0xd7, 0x20, 0xfb, 0x71, 0x04, 0x7a, ++ 0xb2, 0xac, 0xc1, 0x28, 0xcd, 0xf2, 0xc2, 0xfc, 0xaa, 0xb1, 0x06, 0x07, ++ 0xe9, 0x46, 0x95, 0x02, 0x48, 0x01, 0x78, 0xf9 ++}; ++ ++__fips_constseg static const unsigned char aes_128_no_df_pr_returnedbits[] = { ++ 0x29, 0xc8, 0x1b, 0x15, 0xb1, 0xd1, 0xc2, 0xf6, 0x71, 0x86, 0x68, 0x33, ++ 0x57, 0x82, 0x33, 0xaf ++}; ++ ++/* AES-128 no df No PR */ ++__fips_constseg static const unsigned char aes_128_no_df_entropyinput[] = { ++ 0xc9, 0xc5, 0x79, 0xbc, 0xe8, 0xc5, 0x19, 0xd8, 0xbc, 0x66, 0x73, 0x67, ++ 0xf6, 0xd3, 0x72, 0xaa, 0xa6, 0x16, 0xb8, 0x50, 0xb7, 0x47, 0x3a, 0x42, ++ 0xab, 0xf4, 0x16, 0xb2, 0x96, 0xd2, 0xb6, 0x60 ++}; ++ ++__fips_constseg static const unsigned char aes_128_no_df_nonce[] = { ++ 0x5f, 0xbf, 0x97, 0x0c, 0x4b, 0xa4, 0x87, 0x13 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_128_no_df_personalizationstring[] = { ++ 0xce, 0xfb, 0x7b, 0x3f, 0xd4, 0x6b, 0x29, 0x0d, 0x69, 0x06, 0xff, 0xbb, ++ 0xf2, 0xe5, 0xc6, 0x6c, 0x0a, 0x10, 0xa0, 0xcf, 0x1a, 0x48, 0xc7, 0x8b, ++ 0x3c, 0x16, 0x88, 0xed, 0x50, 0x13, 0x81, 0xce ++}; ++ ++__fips_constseg static const unsigned char aes_128_no_df_additionalinput[] = { ++ 0x4b, 0x22, 0x46, 0x18, 0x02, 0x7b, 0xd2, 0x1b, 0x22, 0x42, 0x7c, 0x37, ++ 0xd9, 0xf6, 0xe8, 0x9b, 0x12, 0x30, 0x5f, 0xe9, 0x90, 0xe8, 0x08, 0x24, ++ 0x4f, 0x06, 0x66, 0xdb, 0x19, 0x2b, 0x13, 0x95 ++}; ++ ++__fips_constseg static const unsigned char aes_128_no_df_int_returnedbits[] = { ++ 0x2e, 0x96, 0x70, 0x64, 0xfa, 0xdf, 0xdf, 0x57, 0xb5, 0x82, 0xee, 0xd6, ++ 0xed, 0x3e, 0x65, 0xc2 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_128_no_df_entropyinputreseed[] = { ++ 0x26, 0xc0, 0x72, 0x16, 0x3a, 0x4b, 0xb7, 0x99, 0xd4, 0x07, 0xaf, 0x66, ++ 0x62, 0x36, 0x96, 0xa4, 0x51, 0x17, 0xfa, 0x07, 0x8b, 0x17, 0x5e, 0xa1, ++ 0x2f, 0x3c, 0x10, 0xe7, 0x90, 0xd0, 0x46, 0x00 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_128_no_df_additionalinputreseed[] = { ++ 0x83, 0x39, 0x37, 0x7b, 0x02, 0x06, 0xd2, 0x12, 0x13, 0x8d, 0x8b, 0xf2, ++ 0xf0, 0xf6, 0x26, 0xeb, 0xa4, 0x22, 0x7b, 0xc2, 0xe7, 0xba, 0x79, 0xe4, ++ 0x3b, 0x77, 0x5d, 0x4d, 0x47, 0xb2, 0x2d, 0xb4 ++}; ++ ++__fips_constseg static const unsigned char aes_128_no_df_additionalinput2[] = { ++ 0x0b, 0xb9, 0x67, 0x37, 0xdb, 0x83, 0xdf, 0xca, 0x81, 0x8b, 0xf9, 0x3f, ++ 0xf1, 0x11, 0x1b, 0x2f, 0xf0, 0x61, 0xa6, 0xdf, 0xba, 0xa3, 0xb1, 0xac, ++ 0xd3, 0xe6, 0x09, 0xb8, 0x2c, 0x6a, 0x67, 0xd6 ++}; ++ ++__fips_constseg static const unsigned char aes_128_no_df_returnedbits[] = { ++ 0x1e, 0xa7, 0xa4, 0xe4, 0xe1, 0xa6, 0x7c, 0x69, 0x9a, 0x44, 0x6c, 0x36, ++ 0x81, 0x37, 0x19, 0xd4 ++}; ++ ++/* AES-192 no df PR */ ++__fips_constseg static const unsigned char aes_192_no_df_pr_entropyinput[] = { ++ 0x9d, 0x2c, 0xd2, 0x55, 0x66, 0xea, 0xe0, 0xbe, 0x18, 0xb7, 0x76, 0xe7, ++ 0x73, 0x35, 0xd8, 0x1f, 0xad, 0x3a, 0xe3, 0x81, 0x0e, 0x92, 0xd0, 0x61, ++ 0xc9, 0x12, 0x26, 0xf6, 0x1c, 0xdf, 0xfe, 0x47, 0xaa, 0xfe, 0x7d, 0x5a, ++ 0x17, 0x1f, 0x8d, 0x9a ++}; ++ ++__fips_constseg static const unsigned char aes_192_no_df_pr_nonce[] = { ++ 0x44, 0x82, 0xed, 0xe8, 0x4c, 0x28, 0x5a, 0x14, 0xff, 0x88, 0x8d, 0x19, ++ 0x61, 0x5c, 0xee, 0x0f ++}; ++ ++__fips_constseg ++ static const unsigned char aes_192_no_df_pr_personalizationstring[] = { ++ 0x47, 0xd7, 0x9b, 0x99, 0xaa, 0xcb, 0xe7, 0xd2, 0x57, 0x66, 0x2c, 0xe1, ++ 0x78, 0xd6, 0x2c, 0xea, 0xa3, 0x23, 0x5f, 0x2a, 0xc1, 0x3a, 0xf0, 0xa4, ++ 0x20, 0x3b, 0xfa, 0x07, 0xd5, 0x05, 0x02, 0xe4, 0x57, 0x01, 0xb6, 0x10, ++ 0x57, 0x2e, 0xe7, 0x55 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_192_no_df_pr_additionalinput[] = { ++ 0x4b, 0x74, 0x0b, 0x40, 0xce, 0x6b, 0xc2, 0x6a, 0x24, 0xb4, 0xf3, 0xad, ++ 0x7a, 0xa5, 0x7a, 0xa2, 0x15, 0xe2, 0xc8, 0x61, 0x15, 0xc6, 0xb7, 0x85, ++ 0x69, 0x11, 0xad, 0x7b, 0x14, 0xd2, 0xf6, 0x12, 0xa1, 0x95, 0x5d, 0x3f, ++ 0xe2, 0xd0, 0x0c, 0x2f ++}; ++ ++__fips_constseg static const unsigned char aes_192_no_df_pr_entropyinputpr[] = { ++ 0x0c, 0x9c, 0xad, 0x05, 0xee, 0xae, 0x48, 0x23, 0x89, 0x59, 0xa1, 0x94, ++ 0xd7, 0xd8, 0x75, 0xd5, 0x54, 0x93, 0xc7, 0x4a, 0xd9, 0x26, 0xde, 0xeb, ++ 0xba, 0xb0, 0x7e, 0x30, 0x1d, 0x5f, 0x69, 0x40, 0x9c, 0x3b, 0x17, 0x58, ++ 0x1d, 0x30, 0xb3, 0x78 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_192_no_df_pr_int_returnedbits[] = { ++ 0xf7, 0x93, 0xb0, 0x6d, 0x77, 0x83, 0xd5, 0x38, 0x01, 0xe1, 0x52, 0x40, ++ 0x7e, 0x3e, 0x0c, 0x26 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_192_no_df_pr_additionalinput2[] = { ++ 0xbc, 0x4b, 0x37, 0x44, 0x1c, 0xc5, 0x45, 0x5f, 0x8f, 0x51, 0x62, 0x8a, ++ 0x85, 0x30, 0x1d, 0x7c, 0xe4, 0xcf, 0xf7, 0x44, 0xce, 0x32, 0x3e, 0x57, ++ 0x95, 0xa4, 0x2a, 0xdf, 0xfd, 0x9e, 0x38, 0x41, 0xb3, 0xf6, 0xc5, 0xee, ++ 0x0c, 0x4b, 0xee, 0x6e ++}; ++ ++__fips_constseg ++ static const unsigned char aes_192_no_df_pr_entropyinputpr2[] = { ++ 0xec, 0xaf, 0xf6, 0x4f, 0xb1, 0xa0, 0x54, 0xb5, 0x5b, 0xe3, 0x46, 0xb0, ++ 0x76, 0x5a, 0x7c, 0x3f, 0x7b, 0x94, 0x69, 0x21, 0x51, 0x02, 0xe5, 0x9f, ++ 0x04, 0x59, 0x02, 0x98, 0xc6, 0x43, 0x2c, 0xcc, 0x26, 0x4c, 0x87, 0x6b, ++ 0x8e, 0x0a, 0x83, 0xdf ++}; ++ ++__fips_constseg static const unsigned char aes_192_no_df_pr_returnedbits[] = { ++ 0x74, 0x45, 0xfb, 0x53, 0x84, 0x96, 0xbe, 0xff, 0x15, 0xcc, 0x41, 0x91, ++ 0xb9, 0xa1, 0x21, 0x68 ++}; ++ ++/* AES-192 no df No PR */ ++__fips_constseg static const unsigned char aes_192_no_df_entropyinput[] = { ++ 0x3c, 0x7d, 0xb5, 0xe0, 0x54, 0xd9, 0x6e, 0x8c, 0xa9, 0x86, 0xce, 0x4e, ++ 0x6b, 0xaf, 0xeb, 0x2f, 0xe7, 0x75, 0xe0, 0x8b, 0xa4, 0x3b, 0x07, 0xfe, ++ 0xbe, 0x33, 0x75, 0x93, 0x80, 0x27, 0xb5, 0x29, 0x47, 0x8b, 0xc7, 0x28, ++ 0x94, 0xc3, 0x59, 0x63 ++}; ++ ++__fips_constseg static const unsigned char aes_192_no_df_nonce[] = { ++ 0x43, 0xf1, 0x7d, 0xb8, 0xc3, 0xfe, 0xd0, 0x23, 0x6b, 0xb4, 0x92, 0xdb, ++ 0x29, 0xfd, 0x45, 0x71 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_192_no_df_personalizationstring[] = { ++ 0x9f, 0x24, 0x29, 0x99, 0x9e, 0x01, 0xab, 0xe9, 0x19, 0xd8, 0x23, 0x08, ++ 0xb7, 0xd6, 0x7e, 0x8c, 0xc0, 0x9e, 0x7f, 0x6e, 0x5b, 0x33, 0x20, 0x96, ++ 0x0b, 0x23, 0x2c, 0xa5, 0x6a, 0xf8, 0x1b, 0x04, 0x26, 0xdb, 0x2e, 0x2b, ++ 0x3b, 0x88, 0xce, 0x35 ++}; ++ ++__fips_constseg static const unsigned char aes_192_no_df_additionalinput[] = { ++ 0x94, 0xe9, 0x7c, 0x3d, 0xa7, 0xdb, 0x60, 0x83, 0x1f, 0x98, 0x3f, 0x0b, ++ 0x88, 0x59, 0x57, 0x51, 0x88, 0x9f, 0x76, 0x49, 0x9f, 0xa6, 0xda, 0x71, ++ 0x1d, 0x0d, 0x47, 0x16, 0x63, 0xc5, 0x68, 0xe4, 0x5d, 0x39, 0x69, 0xb3, ++ 0x3e, 0xbe, 0xd4, 0x8e ++}; ++ ++__fips_constseg static const unsigned char aes_192_no_df_int_returnedbits[] = { ++ 0xf9, 0xd7, 0xad, 0x69, 0xab, 0x8f, 0x23, 0x56, 0x70, 0x17, 0x4f, 0x2a, ++ 0x45, 0xe7, 0x4a, 0xc5 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_192_no_df_entropyinputreseed[] = { ++ 0xa6, 0x71, 0x6a, 0x3d, 0xba, 0xd1, 0xe8, 0x66, 0xa6, 0xef, 0xb2, 0x0e, ++ 0xa8, 0x9c, 0xaa, 0x4e, 0xaf, 0x17, 0x89, 0x50, 0x00, 0xda, 0xa1, 0xb1, ++ 0x0b, 0xa4, 0xd9, 0x35, 0x89, 0xc8, 0xe5, 0xb0, 0xd9, 0xb7, 0xc4, 0x33, ++ 0x9b, 0xcb, 0x7e, 0x75 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_192_no_df_additionalinputreseed[] = { ++ 0x27, 0x21, 0xfc, 0xc2, 0xbd, 0xf3, 0x3c, 0xce, 0xc3, 0xca, 0xc1, 0x01, ++ 0xe0, 0xff, 0x93, 0x12, 0x7d, 0x54, 0x42, 0xe3, 0x9f, 0x03, 0xdf, 0x27, ++ 0x04, 0x07, 0x3c, 0x53, 0x7f, 0xa8, 0x66, 0xc8, 0x97, 0x4b, 0x61, 0x40, ++ 0x5d, 0x7a, 0x25, 0x79 ++}; ++ ++__fips_constseg static const unsigned char aes_192_no_df_additionalinput2[] = { ++ 0x2d, 0x8e, 0x16, 0x5d, 0x0b, 0x9f, 0xeb, 0xaa, 0xd6, 0xec, 0x28, 0x71, ++ 0x7c, 0x0b, 0xc1, 0x1d, 0xd4, 0x44, 0x19, 0x47, 0xfd, 0x1d, 0x7c, 0xe5, ++ 0xf3, 0x27, 0xe1, 0xb6, 0x72, 0x0a, 0xe0, 0xec, 0x0e, 0xcd, 0xef, 0x1a, ++ 0x91, 0x6a, 0xe3, 0x5f ++}; ++ ++__fips_constseg static const unsigned char aes_192_no_df_returnedbits[] = { ++ 0xe5, 0xda, 0xb8, 0xe0, 0x63, 0x59, 0x5a, 0xcc, 0x3d, 0xdc, 0x9f, 0xe8, ++ 0x66, 0x67, 0x2c, 0x92 ++}; ++ ++/* AES-256 no df PR */ ++__fips_constseg static const unsigned char aes_256_no_df_pr_entropyinput[] = { ++ 0x15, 0xc7, 0x5d, 0xcb, 0x41, 0x4b, 0x16, 0x01, 0x3a, 0xd1, 0x44, 0xe8, ++ 0x22, 0x32, 0xc6, 0x9c, 0x3f, 0xe7, 0x43, 0xf5, 0x9a, 0xd3, 0xea, 0xf2, ++ 0xd7, 0x4e, 0x6e, 0x6a, 0x55, 0x73, 0x40, 0xef, 0x89, 0xad, 0x0d, 0x03, ++ 0x96, 0x7e, 0x78, 0x81, 0x2f, 0x91, 0x1b, 0x44, 0xb0, 0x02, 0xba, 0x1c ++}; ++ ++__fips_constseg static const unsigned char aes_256_no_df_pr_nonce[] = { ++ 0xdc, 0xe4, 0xd4, 0x27, 0x7a, 0x90, 0xd7, 0x99, 0x43, 0xa1, 0x3c, 0x30, ++ 0xcc, 0x4b, 0xee, 0x2e ++}; ++ ++__fips_constseg ++ static const unsigned char aes_256_no_df_pr_personalizationstring[] = { ++ 0xe3, 0xe6, 0xb9, 0x11, 0xe4, 0x7a, 0xa4, 0x40, 0x6b, 0xf8, 0x73, 0xf7, ++ 0x7e, 0xec, 0xc7, 0xb9, 0x97, 0xbf, 0xf8, 0x25, 0x7b, 0xbe, 0x11, 0x9b, ++ 0x5b, 0x6a, 0x0c, 0x2e, 0x2b, 0x01, 0x51, 0xcd, 0x41, 0x4b, 0x6b, 0xac, ++ 0x31, 0xa8, 0x0b, 0xf7, 0xe6, 0x59, 0x42, 0xb8, 0x03, 0x0c, 0xf8, 0x06 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_256_no_df_pr_additionalinput[] = { ++ 0x6a, 0x9f, 0x00, 0x91, 0xae, 0xfe, 0xcf, 0x84, 0x99, 0xce, 0xb1, 0x40, ++ 0x6d, 0x5d, 0x33, 0x28, 0x84, 0xf4, 0x8c, 0x63, 0x4c, 0x7e, 0xbd, 0x2c, ++ 0x80, 0x76, 0xee, 0x5a, 0xaa, 0x15, 0x07, 0x31, 0xd8, 0xbb, 0x8c, 0x69, ++ 0x9d, 0x9d, 0xbc, 0x7e, 0x49, 0xae, 0xec, 0x39, 0x6b, 0xd1, 0x1f, 0x7e ++}; ++ ++__fips_constseg static const unsigned char aes_256_no_df_pr_entropyinputpr[] = { ++ 0xf3, 0xb9, 0x75, 0x9c, 0xbd, 0x88, 0xea, 0xa2, 0x50, 0xad, 0xd6, 0x16, ++ 0x1a, 0x12, 0x3c, 0x86, 0x68, 0xaf, 0x6f, 0xbe, 0x19, 0xf2, 0xee, 0xcc, ++ 0xa5, 0x70, 0x84, 0x53, 0x50, 0xcb, 0x9f, 0x14, 0xa9, 0xe5, 0xee, 0xb9, ++ 0x48, 0x45, 0x40, 0xe2, 0xc7, 0xc9, 0x9a, 0x74, 0xff, 0x8c, 0x99, 0x1f ++}; ++ ++__fips_constseg ++ static const unsigned char aes_256_no_df_pr_int_returnedbits[] = { ++ 0x2e, 0xf2, 0x45, 0x4c, 0x62, 0x2e, 0x0a, 0xb9, 0x6b, 0xa2, 0xfd, 0x56, ++ 0x79, 0x60, 0x93, 0xcf ++}; ++ ++__fips_constseg ++ static const unsigned char aes_256_no_df_pr_additionalinput2[] = { ++ 0xaf, 0x69, 0x20, 0xe9, 0x3b, 0x37, 0x9d, 0x3f, 0xb4, 0x80, 0x02, 0x7a, ++ 0x25, 0x7d, 0xb8, 0xde, 0x71, 0xc5, 0x06, 0x0c, 0xb4, 0xe2, 0x8f, 0x35, ++ 0xd8, 0x14, 0x0d, 0x7f, 0x76, 0x63, 0x4e, 0xb5, 0xee, 0xe9, 0x6f, 0x34, ++ 0xc7, 0x5f, 0x56, 0x14, 0x4a, 0xe8, 0x73, 0x95, 0x5b, 0x1c, 0xb9, 0xcb ++}; ++ ++__fips_constseg ++ static const unsigned char aes_256_no_df_pr_entropyinputpr2[] = { ++ 0xe5, 0xb0, 0x2e, 0x7e, 0x52, 0x30, 0xe3, 0x63, 0x82, 0xb6, 0x44, 0xd3, ++ 0x25, 0x19, 0x05, 0x24, 0x9a, 0x9f, 0x5f, 0x27, 0x6a, 0x29, 0xab, 0xfa, ++ 0x07, 0xa2, 0x42, 0x0f, 0xc5, 0xa8, 0x94, 0x7c, 0x17, 0x7b, 0x85, 0x83, ++ 0x0c, 0x25, 0x0e, 0x63, 0x0b, 0xe9, 0x12, 0x60, 0xcd, 0xef, 0x80, 0x0f ++}; ++ ++__fips_constseg static const unsigned char aes_256_no_df_pr_returnedbits[] = { ++ 0x5e, 0xf2, 0x26, 0xef, 0x9f, 0x58, 0x5d, 0xd5, 0x4a, 0x10, 0xfe, 0xa7, ++ 0x2d, 0x5f, 0x4a, 0x46 ++}; ++ ++/* AES-256 no df No PR */ ++__fips_constseg static const unsigned char aes_256_no_df_entropyinput[] = { ++ 0xfb, 0xcf, 0x1b, 0x61, 0x16, 0x89, 0x78, 0x23, 0xf5, 0xd8, 0x96, 0xe3, ++ 0x4e, 0x64, 0x0b, 0x29, 0x9a, 0x3f, 0xf8, 0xa5, 0xed, 0xf2, 0xfe, 0xdb, ++ 0x16, 0xca, 0x7f, 0x10, 0xfa, 0x5e, 0x18, 0x76, 0x2c, 0x63, 0x5e, 0x96, ++ 0xcf, 0xb3, 0xd6, 0xfc, 0xaf, 0x99, 0x39, 0x28, 0x9c, 0x61, 0xe8, 0xb3 ++}; ++ ++__fips_constseg static const unsigned char aes_256_no_df_nonce[] = { ++ 0x12, 0x96, 0xf0, 0x52, 0xf3, 0x8d, 0x81, 0xcf, 0xde, 0x86, 0xf2, 0x99, ++ 0x43, 0x96, 0xb9, 0xf0 ++}; ++ ++__fips_constseg ++ static const unsigned char aes_256_no_df_personalizationstring[] = { ++ 0x63, 0x0d, 0x78, 0xf5, 0x90, 0x8e, 0x32, 0x47, 0xb0, 0x4d, 0x37, 0x60, ++ 0x09, 0x96, 0xbc, 0xbf, 0x97, 0x7a, 0x62, 0x14, 0x45, 0xbd, 0x8d, 0xcc, ++ 0x69, 0xfb, 0x03, 0xe1, 0x80, 0x1c, 0xc7, 0xe2, 0x2a, 0xf9, 0x37, 0x3f, ++ 0x66, 0x4d, 0x62, 0xd9, 0x10, 0xe0, 0xad, 0xc8, 0x9a, 0xf0, 0xa8, 0x6d ++}; ++ ++__fips_constseg static const unsigned char aes_256_no_df_additionalinput[] = { ++ 0x36, 0xc6, 0x13, 0x60, 0xbb, 0x14, 0xad, 0x22, 0xb0, 0x38, 0xac, 0xa6, ++ 0x18, 0x16, 0x93, 0x25, 0x86, 0xb7, 0xdc, 0xdc, 0x36, 0x98, 0x2b, 0xf9, ++ 0x68, 0x33, 0xd3, 0xc6, 0xff, 0xce, 0x8d, 0x15, 0x59, 0x82, 0x76, 0xed, ++ 0x6f, 0x8d, 0x49, 0x74, 0x2f, 0xda, 0xdc, 0x1f, 0x17, 0xd0, 0xde, 0x17 ++}; ++ ++__fips_constseg static const unsigned char aes_256_no_df_int_returnedbits[] = { ++ 0x16, 0x2f, 0x8e, 0x3f, 0x21, 0x7a, 0x1c, 0x20, 0x56, 0xd1, 0x92, 0xf6, ++ 0xd2, 0x25, 0x75, 0x0e ++}; ++ ++__fips_constseg ++ static const unsigned char aes_256_no_df_entropyinputreseed[] = { ++ 0x91, 0x79, 0x76, 0xee, 0xe0, 0xcf, 0x9e, 0xc2, 0xd5, 0xd4, 0x23, 0x9b, ++ 0x12, 0x8c, 0x7e, 0x0a, 0xb7, 0xd2, 0x8b, 0xd6, 0x7c, 0xa3, 0xc6, 0xe5, ++ 0x0e, 0xaa, 0xc7, 0x6b, 0xae, 0x0d, 0xfa, 0x53, 0x06, 0x79, 0xa1, 0xed, ++ 0x4d, 0x6a, 0x0e, 0xd8, 0x9d, 0xbe, 0x1b, 0x31, 0x93, 0x7b, 0xec, 0xfb ++}; ++ ++__fips_constseg ++ static const unsigned char aes_256_no_df_additionalinputreseed[] = { ++ 0xd2, 0x46, 0x50, 0x22, 0x10, 0x14, 0x63, 0xf7, 0xea, 0x0f, 0xb9, 0x7e, ++ 0x0d, 0xe1, 0x94, 0x07, 0xaf, 0x09, 0x44, 0x31, 0xea, 0x64, 0xa4, 0x18, ++ 0x5b, 0xf9, 0xd8, 0xc2, 0xfa, 0x03, 0x47, 0xc5, 0x39, 0x43, 0xd5, 0x3b, ++ 0x62, 0x86, 0x64, 0xea, 0x2c, 0x73, 0x8c, 0xae, 0x9d, 0x98, 0x98, 0x29 ++}; ++ ++__fips_constseg static const unsigned char aes_256_no_df_additionalinput2[] = { ++ 0x8c, 0xab, 0x18, 0xf8, 0xc3, 0xec, 0x18, 0x5c, 0xb3, 0x1e, 0x9d, 0xbe, ++ 0x3f, 0x03, 0xb4, 0x00, 0x98, 0x9d, 0xae, 0xeb, 0xf4, 0x94, 0xf8, 0x42, ++ 0x8f, 0xe3, 0x39, 0x07, 0xe1, 0xc9, 0xad, 0x0b, 0x1f, 0xed, 0xc0, 0xba, ++ 0xf6, 0xd1, 0xec, 0x27, 0x86, 0x7b, 0xd6, 0x55, 0x9b, 0x60, 0xa5, 0xc6 ++}; ++ ++__fips_constseg static const unsigned char aes_256_no_df_returnedbits[] = { ++ 0xef, 0xd2, 0xd8, 0x5c, 0xdc, 0x62, 0x25, 0x9f, 0xaa, 0x1e, 0x2c, 0x67, ++ 0xf6, 0x02, 0x32, 0xe2 ++}; ++ ++/* SHA-1 PR */ ++__fips_constseg static const unsigned char sha1_pr_entropyinput[] = { ++ 0xd2, 0x36, 0xa5, 0x27, 0x31, 0x73, 0xdd, 0x11, 0x4f, 0x93, 0xbd, 0xe2, ++ 0x31, 0xa5, 0x91, 0x13 ++}; ++ ++__fips_constseg static const unsigned char sha1_pr_nonce[] = { ++ 0xb5, 0xb3, 0x60, 0xef, 0xf7, 0x63, 0x31, 0xf3 ++}; ++ ++__fips_constseg static const unsigned char sha1_pr_personalizationstring[] = { ++ 0xd4, 0xbb, 0x02, 0x10, 0xb2, 0x71, 0xdb, 0x81, 0xd6, 0xf0, 0x42, 0x60, ++ 0xda, 0xea, 0x77, 0x52 ++}; ++ ++__fips_constseg static const unsigned char sha1_pr_additionalinput[] = { ++ 0x4d, 0xd2, 0x6c, 0x87, 0xfb, 0x2c, 0x4f, 0xa6, 0x8d, 0x16, 0x63, 0x22, ++ 0x6a, 0x51, 0xe3, 0xf8 ++}; ++ ++__fips_constseg static const unsigned char sha1_pr_entropyinputpr[] = { ++ 0xc9, 0x83, 0x9e, 0x16, 0xf6, 0x1c, 0x0f, 0xb2, 0xec, 0x60, 0x31, 0xa9, ++ 0xcb, 0xa9, 0x36, 0x7a ++}; ++ ++__fips_constseg static const unsigned char sha1_pr_int_returnedbits[] = { ++ 0xa8, 0x13, 0x4f, 0xf4, 0x31, 0x02, 0x44, 0xe3, 0xd3, 0x3d, 0x61, 0x9e, ++ 0xe5, 0xc6, 0x3e, 0x89, 0xb5, 0x9b, 0x0f, 0x35 ++}; ++ ++__fips_constseg static const unsigned char sha1_pr_additionalinput2[] = { ++ 0xf9, 0xe8, 0xd2, 0x72, 0x13, 0x34, 0x95, 0x6f, 0x15, 0x49, 0x47, 0x99, ++ 0x16, 0x03, 0x19, 0x47 ++}; ++ ++__fips_constseg static const unsigned char sha1_pr_entropyinputpr2[] = { ++ 0x4e, 0x8c, 0x49, 0x9b, 0x4a, 0x5c, 0x9b, 0x9c, 0x3a, 0xee, 0xfb, 0xd2, ++ 0xae, 0xcd, 0x8c, 0xc4 ++}; ++ ++__fips_constseg static const unsigned char sha1_pr_returnedbits[] = { ++ 0x50, 0xb4, 0xb4, 0xcd, 0x68, 0x57, 0xfc, 0x2e, 0xc1, 0x52, 0xcc, 0xf6, ++ 0x68, 0xa4, 0x81, 0xed, 0x7e, 0xe4, 0x1d, 0x87 ++}; ++ ++/* SHA-1 No PR */ ++__fips_constseg static const unsigned char sha1_entropyinput[] = { ++ 0xa9, 0x47, 0x1b, 0x29, 0x2d, 0x1c, 0x05, 0xdf, 0x76, 0xd0, 0x62, 0xf9, ++ 0xe2, 0x7f, 0x4c, 0x7b ++}; ++ ++__fips_constseg static const unsigned char sha1_nonce[] = { ++ 0x53, 0x23, 0x24, 0xe3, 0xec, 0x0c, 0x54, 0x14 ++}; ++ ++__fips_constseg static const unsigned char sha1_personalizationstring[] = { ++ 0x7a, 0x87, 0xa1, 0xac, 0x1c, 0xfd, 0xab, 0xae, 0xf7, 0xd6, 0xfb, 0x76, ++ 0x28, 0xec, 0x6d, 0xca ++}; ++ ++__fips_constseg static const unsigned char sha1_additionalinput[] = { ++ 0xfc, 0x92, 0x35, 0xd6, 0x7e, 0xb7, 0x24, 0x65, 0xfd, 0x12, 0x27, 0x35, ++ 0xc0, 0x72, 0xca, 0x28 ++}; ++ ++__fips_constseg static const unsigned char sha1_int_returnedbits[] = { ++ 0x57, 0x88, 0x82, 0xe5, 0x25, 0xa5, 0x2c, 0x4a, 0x06, 0x20, 0x6c, 0x72, ++ 0x55, 0x61, 0xdd, 0x90, 0x71, 0x9f, 0x95, 0xea ++}; ++ ++__fips_constseg static const unsigned char sha1_entropyinputreseed[] = { ++ 0x69, 0xa5, 0x40, 0x62, 0x98, 0x47, 0x56, 0x73, 0x4a, 0x8f, 0x60, 0x96, ++ 0xd6, 0x99, 0x27, 0xed ++}; ++ ++__fips_constseg static const unsigned char sha1_additionalinputreseed[] = { ++ 0xe5, 0x40, 0x4e, 0xbd, 0x50, 0x00, 0xf5, 0x15, 0xa6, 0xee, 0x45, 0xda, ++ 0x84, 0x3d, 0xd4, 0xc0 ++}; ++ ++__fips_constseg static const unsigned char sha1_additionalinput2[] = { ++ 0x11, 0x51, 0x14, 0xf0, 0x09, 0x1b, 0x4e, 0x56, 0x0d, 0xe9, 0xf6, 0x1e, ++ 0x52, 0x65, 0xcd, 0x96 ++}; ++ ++__fips_constseg static const unsigned char sha1_returnedbits[] = { ++ 0xa1, 0x9c, 0x94, 0x6e, 0x29, 0xe1, 0x33, 0x0d, 0x32, 0xd6, 0xaa, 0xce, ++ 0x71, 0x3f, 0x52, 0x72, 0x8b, 0x42, 0xa8, 0xd7 ++}; ++ ++/* SHA-224 PR */ ++__fips_constseg static const unsigned char sha224_pr_entropyinput[] = { ++ 0x12, 0x69, 0x32, 0x4f, 0x83, 0xa6, 0xf5, 0x14, 0xe3, 0x49, 0x3e, 0x75, ++ 0x3e, 0xde, 0xad, 0xa1, 0x29, 0xc3, 0xf3, 0x19, 0x20, 0xb5, 0x4c, 0xd9 ++}; ++ ++__fips_constseg static const unsigned char sha224_pr_nonce[] = { ++ 0x6a, 0x78, 0xd0, 0xeb, 0xbb, 0x5a, 0xf0, 0xee, 0xe8, 0xc3, 0xba, 0x71 ++}; ++ ++__fips_constseg static const unsigned char sha224_pr_personalizationstring[] = { ++ 0xd5, 0xb8, 0xb6, 0xbc, 0xc1, 0x5b, 0x60, 0x31, 0x3c, 0xf5, 0xe5, 0xc0, ++ 0x8e, 0x52, 0x7a, 0xbd, 0xea, 0x47, 0xa9, 0x5f, 0x8f, 0xf9, 0x8b, 0xae ++}; ++ ++__fips_constseg static const unsigned char sha224_pr_additionalinput[] = { ++ 0x1f, 0x55, 0xec, 0xae, 0x16, 0x12, 0x84, 0xba, 0x84, 0x16, 0x19, 0x88, ++ 0x8e, 0xb8, 0x33, 0x25, 0x54, 0xff, 0xca, 0x79, 0xaf, 0x07, 0x25, 0x50 ++}; ++ ++__fips_constseg static const unsigned char sha224_pr_entropyinputpr[] = { ++ 0x92, 0xa3, 0x32, 0xa8, 0x9a, 0x0a, 0x58, 0x7c, 0x1d, 0x5a, 0x7e, 0xe1, ++ 0xb2, 0x73, 0xab, 0x0e, 0x16, 0x79, 0x23, 0xd3, 0x29, 0x89, 0x81, 0xe1 ++}; ++ ++__fips_constseg static const unsigned char sha224_pr_int_returnedbits[] = { ++ 0xf3, 0x38, 0x91, 0x40, 0x37, 0x7a, 0x51, 0x72, 0x42, 0x74, 0x78, 0x0a, ++ 0x69, 0xfd, 0xa6, 0x44, 0x43, 0x45, 0x6c, 0x0c, 0x5a, 0x19, 0xff, 0xf1, ++ 0x54, 0x60, 0xee, 0x6a ++}; ++ ++__fips_constseg static const unsigned char sha224_pr_additionalinput2[] = { ++ 0x75, 0xf3, 0x04, 0x25, 0xdd, 0x36, 0xa8, 0x37, 0x46, 0xae, 0x0c, 0x52, ++ 0x05, 0x79, 0x4c, 0x26, 0xdb, 0xe9, 0x71, 0x16, 0x4c, 0x0a, 0xf2, 0x60 ++}; ++ ++__fips_constseg static const unsigned char sha224_pr_entropyinputpr2[] = { ++ 0xea, 0xc5, 0x03, 0x0a, 0x4f, 0xb0, 0x38, 0x8d, 0x23, 0xd4, 0xc8, 0x77, ++ 0xe2, 0x6d, 0x9c, 0x0b, 0x44, 0xf7, 0x2d, 0x5b, 0xbf, 0x5d, 0x2a, 0x11 ++}; ++ ++__fips_constseg static const unsigned char sha224_pr_returnedbits[] = { ++ 0x60, 0x50, 0x2b, 0xe7, 0x86, 0xd8, 0x26, 0x73, 0xe3, 0x1d, 0x95, 0x20, ++ 0xb3, 0x2c, 0x32, 0x1c, 0xf5, 0xce, 0x57, 0xa6, 0x67, 0x2b, 0xdc, 0x4e, ++ 0xdd, 0x11, 0x4c, 0xc4 ++}; ++ ++/* SHA-224 No PR */ ++__fips_constseg static const unsigned char sha224_entropyinput[] = { ++ 0xb2, 0x1c, 0x77, 0x4d, 0xf6, 0xd3, 0xb6, 0x40, 0xb7, 0x30, 0x3e, 0x29, ++ 0xb0, 0x85, 0x1c, 0xbe, 0x4a, 0xea, 0x6b, 0x5a, 0xb5, 0x8a, 0x97, 0xeb ++}; ++ ++__fips_constseg static const unsigned char sha224_nonce[] = { ++ 0x42, 0x02, 0x0a, 0x1c, 0x98, 0x9a, 0x77, 0x9e, 0x9f, 0x80, 0xba, 0xe0 ++}; ++ ++__fips_constseg static const unsigned char sha224_personalizationstring[] = { ++ 0x98, 0xb8, 0x04, 0x41, 0xfc, 0xc1, 0x5d, 0xc5, 0xe9, 0xb9, 0x08, 0xda, ++ 0xf9, 0xfa, 0x0d, 0x90, 0xce, 0xdf, 0x1d, 0x10, 0xa9, 0x8d, 0x50, 0x0c ++}; ++ ++__fips_constseg static const unsigned char sha224_additionalinput[] = { ++ 0x9a, 0x8d, 0x39, 0x49, 0x42, 0xd5, 0x0b, 0xae, 0xe1, 0xaf, 0xb7, 0x00, ++ 0x02, 0xfa, 0x96, 0xb1, 0xa5, 0x1d, 0x2d, 0x25, 0x78, 0xee, 0x83, 0x3f ++}; ++ ++__fips_constseg static const unsigned char sha224_int_returnedbits[] = { ++ 0xe4, 0xf5, 0x53, 0x79, 0x5a, 0x97, 0x58, 0x06, 0x08, 0xba, 0x7b, 0xfa, ++ 0xf0, 0x83, 0x05, 0x8c, 0x22, 0xc0, 0xc9, 0xdb, 0x15, 0xe7, 0xde, 0x20, ++ 0x55, 0x22, 0x9a, 0xad ++}; ++ ++__fips_constseg static const unsigned char sha224_entropyinputreseed[] = { ++ 0x67, 0x09, 0x48, 0xaa, 0x07, 0x16, 0x99, 0x89, 0x7f, 0x6d, 0xa0, 0xe5, ++ 0x8f, 0xdf, 0xbc, 0xdb, 0xfe, 0xe5, 0x6c, 0x7a, 0x95, 0x4a, 0x66, 0x17 ++}; ++ ++__fips_constseg static const unsigned char sha224_additionalinputreseed[] = { ++ 0x0f, 0x4b, 0x1c, 0x6f, 0xb7, 0xe3, 0x47, 0xe5, 0x5d, 0x7d, 0x38, 0xd6, ++ 0x28, 0x9b, 0xeb, 0x55, 0x63, 0x09, 0x3e, 0x7c, 0x56, 0xea, 0xf8, 0x19 ++}; ++ ++__fips_constseg static const unsigned char sha224_additionalinput2[] = { ++ 0x2d, 0x26, 0x7c, 0x37, 0xe4, 0x7a, 0x28, 0x5e, 0x5a, 0x3c, 0xaf, 0x3d, ++ 0x5a, 0x8e, 0x55, 0xa2, 0x1a, 0x6e, 0xc0, 0xe5, 0xf6, 0x21, 0xd3, 0xf6 ++}; ++ ++__fips_constseg static const unsigned char sha224_returnedbits[] = { ++ 0x4d, 0x83, 0x35, 0xdf, 0x67, 0xa9, 0xfc, 0x17, 0xda, 0x70, 0xcc, 0x8b, ++ 0x7f, 0x77, 0xae, 0xa2, 0x5f, 0xb9, 0x7e, 0x74, 0x4c, 0x26, 0xc1, 0x7a, ++ 0x3b, 0xa7, 0x5c, 0x93 ++}; ++ ++/* SHA-256 PR */ ++__fips_constseg static const unsigned char sha256_pr_entropyinput[] = { ++ 0xce, 0x49, 0x00, 0x7a, 0x56, 0xe3, 0x67, 0x8f, 0xe1, 0xb6, 0xa7, 0xd4, ++ 0x4f, 0x08, 0x7a, 0x1b, 0x01, 0xf4, 0xfa, 0x6b, 0xef, 0xb7, 0xe5, 0xeb, ++ 0x07, 0x3d, 0x11, 0x0d, 0xc8, 0xea, 0x2b, 0xfe ++}; ++ ++__fips_constseg static const unsigned char sha256_pr_nonce[] = { ++ 0x73, 0x41, 0xc8, 0x92, 0x94, 0xe2, 0xc5, 0x5f, 0x93, 0xfd, 0x39, 0x5d, ++ 0x2b, 0x91, 0x4d, 0x38 ++}; ++ ++__fips_constseg static const unsigned char sha256_pr_personalizationstring[] = { ++ 0x50, 0x6d, 0x01, 0x01, 0x07, 0x5a, 0x80, 0x35, 0x7a, 0x56, 0x1a, 0x56, ++ 0x2f, 0x9a, 0x0b, 0x35, 0xb2, 0xb1, 0xc9, 0xe5, 0xca, 0x69, 0x61, 0x48, ++ 0xff, 0xfb, 0x0f, 0xd9, 0x4b, 0x79, 0x1d, 0xba ++}; ++ ++__fips_constseg static const unsigned char sha256_pr_additionalinput[] = { ++ 0x20, 0xb8, 0xdf, 0x44, 0x77, 0x5a, 0xb8, 0xd3, 0xbf, 0xf6, 0xcf, 0xac, ++ 0x5e, 0xa6, 0x96, 0x62, 0x73, 0x44, 0x40, 0x4a, 0x30, 0xfb, 0x38, 0xa5, ++ 0x7b, 0x0d, 0xe4, 0x0d, 0xc6, 0xe4, 0x9a, 0x1f ++}; ++ ++__fips_constseg static const unsigned char sha256_pr_entropyinputpr[] = { ++ 0x04, 0xc4, 0x65, 0xf4, 0xd3, 0xbf, 0x83, 0x4b, 0xab, 0xc8, 0x41, 0xa8, ++ 0xc2, 0xe0, 0x44, 0x63, 0x77, 0x4c, 0x6f, 0x6c, 0x49, 0x46, 0xff, 0x94, ++ 0x17, 0xea, 0xe6, 0x1a, 0x9d, 0x5e, 0x66, 0x78 ++}; ++ ++__fips_constseg static const unsigned char sha256_pr_int_returnedbits[] = { ++ 0x07, 0x4d, 0xac, 0x9b, 0x86, 0xca, 0x4a, 0xaa, 0x6e, 0x7a, 0x03, 0xa2, ++ 0x5d, 0x10, 0xea, 0x0b, 0xf9, 0x83, 0xcc, 0xd1, 0xfc, 0xe2, 0x07, 0xc7, ++ 0x06, 0x34, 0x60, 0x6f, 0x83, 0x94, 0x99, 0x76 ++}; ++ ++__fips_constseg static const unsigned char sha256_pr_additionalinput2[] = { ++ 0x89, 0x4e, 0x45, 0x8c, 0x11, 0xf9, 0xbc, 0x5b, 0xac, 0x74, 0x8b, 0x4b, ++ 0x5f, 0xf7, 0x19, 0xf3, 0xf5, 0x24, 0x54, 0x14, 0xd1, 0x15, 0xb1, 0x43, ++ 0x12, 0xa4, 0x5f, 0xd4, 0xec, 0xfc, 0xcd, 0x09 ++}; ++ ++__fips_constseg static const unsigned char sha256_pr_entropyinputpr2[] = { ++ 0x0e, 0xeb, 0x1f, 0xd7, 0xfc, 0xd1, 0x9d, 0xd4, 0x05, 0x36, 0x8b, 0xb2, ++ 0xfb, 0xe4, 0xf4, 0x51, 0x0c, 0x87, 0x9b, 0x02, 0x44, 0xd5, 0x92, 0x4d, ++ 0x44, 0xfe, 0x1a, 0x03, 0x43, 0x56, 0xbd, 0x86 ++}; ++ ++__fips_constseg static const unsigned char sha256_pr_returnedbits[] = { ++ 0x02, 0xaa, 0xb6, 0x1d, 0x7e, 0x2a, 0x40, 0x03, 0x69, 0x2d, 0x49, 0xa3, ++ 0x41, 0xe7, 0x44, 0x0b, 0xaf, 0x7b, 0x85, 0xe4, 0x5f, 0x53, 0x3b, 0x64, ++ 0xbc, 0x89, 0xc8, 0x82, 0xd4, 0x78, 0x37, 0xa2 ++}; ++ ++/* SHA-256 No PR */ ++__fips_constseg static const unsigned char sha256_entropyinput[] = { ++ 0x5b, 0x1b, 0xec, 0x4d, 0xa9, 0x38, 0x74, 0x5a, 0x34, 0x0b, 0x7b, 0xc5, ++ 0xe5, 0xd7, 0x66, 0x7c, 0xbc, 0x82, 0xb9, 0x0e, 0x2d, 0x1f, 0x92, 0xd7, ++ 0xc1, 0xbc, 0x67, 0x69, 0xec, 0x6b, 0x03, 0x3c ++}; ++ ++__fips_constseg static const unsigned char sha256_nonce[] = { ++ 0xa4, 0x0c, 0xd8, 0x9c, 0x61, 0xd8, 0xc3, 0x54, 0xfe, 0x53, 0xc9, 0xe5, ++ 0x5d, 0x6f, 0x6d, 0x35 ++}; ++ ++__fips_constseg static const unsigned char sha256_personalizationstring[] = { ++ 0x22, 0x5e, 0x62, 0x93, 0x42, 0x83, 0x78, 0x24, 0xd8, 0x40, 0x8c, 0xde, ++ 0x6f, 0xf9, 0xa4, 0x7a, 0xc5, 0xa7, 0x3b, 0x88, 0xa3, 0xee, 0x42, 0x20, ++ 0xfd, 0x61, 0x56, 0xc6, 0x4c, 0x13, 0x41, 0x9c ++}; ++ ++__fips_constseg static const unsigned char sha256_additionalinput[] = { ++ 0xbf, 0x74, 0x5b, 0xf6, 0xc5, 0x64, 0x5e, 0x99, 0x34, 0x8f, 0xbc, 0xa4, ++ 0xe2, 0xbd, 0xd8, 0x85, 0x26, 0x37, 0xea, 0xba, 0x4f, 0xf2, 0x9a, 0x9a, ++ 0x66, 0xfc, 0xdf, 0x63, 0x26, 0x26, 0x19, 0x87 ++}; ++ ++__fips_constseg static const unsigned char sha256_int_returnedbits[] = { ++ 0xb3, 0xc6, 0x07, 0x07, 0xd6, 0x75, 0xf6, 0x2b, 0xd6, 0x21, 0x96, 0xf1, ++ 0xae, 0xdb, 0x2b, 0xac, 0x25, 0x2a, 0xae, 0xae, 0x41, 0x72, 0x03, 0x5e, ++ 0xbf, 0xd3, 0x64, 0xbc, 0x59, 0xf9, 0xc0, 0x76 ++}; ++ ++__fips_constseg static const unsigned char sha256_entropyinputreseed[] = { ++ 0xbf, 0x20, 0x33, 0x56, 0x29, 0xa8, 0x37, 0x04, 0x1f, 0x78, 0x34, 0x3d, ++ 0x81, 0x2a, 0xc9, 0x86, 0xc6, 0x7a, 0x2f, 0x88, 0x5e, 0xd5, 0xbe, 0x34, ++ 0x46, 0x20, 0xa4, 0x35, 0xeb, 0xc7, 0xe2, 0x9d ++}; ++ ++__fips_constseg static const unsigned char sha256_additionalinputreseed[] = { ++ 0x9b, 0xae, 0x2d, 0x2d, 0x61, 0xa4, 0x89, 0xeb, 0x43, 0x46, 0xa7, 0xda, ++ 0xef, 0x40, 0xca, 0x4a, 0x99, 0x11, 0x41, 0xdc, 0x5c, 0x94, 0xe9, 0xac, ++ 0xd4, 0xd0, 0xe6, 0xbd, 0xfb, 0x03, 0x9c, 0xa8 ++}; ++ ++__fips_constseg static const unsigned char sha256_additionalinput2[] = { ++ 0x23, 0xaa, 0x0c, 0xbd, 0x28, 0x33, 0xe2, 0x51, 0xfc, 0x71, 0xd2, 0x15, ++ 0x1f, 0x76, 0xfd, 0x0d, 0xe0, 0xb7, 0xb5, 0x84, 0x75, 0x5b, 0xbe, 0xf3, ++ 0x5c, 0xca, 0xc5, 0x30, 0xf2, 0x75, 0x1f, 0xda ++}; ++ ++__fips_constseg static const unsigned char sha256_returnedbits[] = { ++ 0x90, 0x3c, 0xc1, 0x10, 0x8c, 0x12, 0x01, 0xc6, 0xa6, 0x3a, 0x0f, 0x4d, ++ 0xb6, 0x3a, 0x4f, 0x41, 0x9c, 0x61, 0x75, 0x84, 0xe9, 0x74, 0x75, 0xfd, ++ 0xfe, 0xf2, 0x1f, 0x43, 0xd8, 0x5e, 0x24, 0xa3 ++}; ++ ++/* SHA-384 PR */ ++__fips_constseg static const unsigned char sha384_pr_entropyinput[] = { ++ 0x71, 0x9d, 0xb2, 0x5a, 0x71, 0x6d, 0x04, 0xe9, 0x1e, 0xc7, 0x92, 0x24, ++ 0x6e, 0x12, 0x33, 0xa9, 0x52, 0x64, 0x31, 0xef, 0x71, 0xeb, 0x22, 0x55, ++ 0x28, 0x97, 0x06, 0x6a, 0xc0, 0x0c, 0xa0, 0x7e ++}; ++ ++__fips_constseg static const unsigned char sha384_pr_nonce[] = { ++ 0xf5, 0x0d, 0xfa, 0xb0, 0xec, 0x6a, 0x7c, 0xd6, 0xbd, 0x9b, 0x05, 0xfd, ++ 0x38, 0x3e, 0x2e, 0x56 ++}; ++ ++__fips_constseg static const unsigned char sha384_pr_personalizationstring[] = { ++ 0x74, 0xac, 0x7e, 0x6d, 0xb1, 0xa4, 0xe7, 0x21, 0xd1, 0x1e, 0x6e, 0x96, ++ 0x6d, 0x4d, 0x53, 0x46, 0x82, 0x96, 0x6e, 0xcf, 0xaa, 0x81, 0x8d, 0x7d, ++ 0x9e, 0xe1, 0x0f, 0x15, 0xea, 0x41, 0xbf, 0xe3 ++}; ++ ++__fips_constseg static const unsigned char sha384_pr_additionalinput[] = { ++ 0xda, 0x95, 0xd4, 0xd0, 0xb8, 0x11, 0xd3, 0x49, 0x27, 0x5d, 0xa9, 0x39, ++ 0x68, 0xf3, 0xa8, 0xe9, 0x5d, 0x19, 0x8a, 0x2b, 0x66, 0xe8, 0x69, 0x06, ++ 0x7c, 0x9e, 0x03, 0xa1, 0x8b, 0x26, 0x2d, 0x6e ++}; ++ ++__fips_constseg static const unsigned char sha384_pr_entropyinputpr[] = { ++ 0x49, 0xdf, 0x44, 0x00, 0xe4, 0x1c, 0x75, 0x0b, 0x26, 0x5a, 0x59, 0x64, ++ 0x1f, 0x4e, 0xb1, 0xb2, 0x13, 0xf1, 0x22, 0x4e, 0xb4, 0x6d, 0x9a, 0xcc, ++ 0xa0, 0x48, 0xe6, 0xcf, 0x1d, 0xd1, 0x92, 0x0d ++}; ++ ++__fips_constseg static const unsigned char sha384_pr_int_returnedbits[] = { ++ 0xc8, 0x52, 0xae, 0xbf, 0x04, 0x3c, 0x27, 0xb7, 0x78, 0x18, 0xaa, 0x8f, ++ 0xff, 0xcf, 0xa4, 0xf1, 0xcc, 0xe7, 0x68, 0xfa, 0x22, 0xa2, 0x13, 0x45, ++ 0xe8, 0xdd, 0x87, 0xe6, 0xf2, 0x6e, 0xdd, 0xc7, 0x52, 0x90, 0x9f, 0x7b, ++ 0xfa, 0x61, 0x2d, 0x9d, 0x9e, 0xcf, 0x98, 0xac, 0x52, 0x40, 0xce, 0xaf ++}; ++ ++__fips_constseg static const unsigned char sha384_pr_additionalinput2[] = { ++ 0x61, 0x7c, 0x03, 0x9a, 0x3e, 0x50, 0x57, 0x60, 0xc5, 0x83, 0xc9, 0xb2, ++ 0xd1, 0x87, 0x85, 0x66, 0x92, 0x5d, 0x84, 0x0e, 0x53, 0xfb, 0x70, 0x03, ++ 0x72, 0xfd, 0xba, 0xae, 0x9c, 0x8f, 0xf8, 0x18 ++}; ++ ++__fips_constseg static const unsigned char sha384_pr_entropyinputpr2[] = { ++ 0xf8, 0xeb, 0x89, 0xb1, 0x8d, 0x78, 0xbe, 0x21, 0xe0, 0xbb, 0x9d, 0xb7, ++ 0x95, 0x0e, 0xd9, 0x46, 0x0c, 0x8c, 0xe2, 0x63, 0xb7, 0x9d, 0x67, 0x90, ++ 0xbd, 0xc7, 0x0b, 0xa5, 0xce, 0xb2, 0x65, 0x81 ++}; ++ ++__fips_constseg static const unsigned char sha384_pr_returnedbits[] = { ++ 0xe6, 0x9f, 0xfe, 0x68, 0xd6, 0xb5, 0x79, 0xf1, 0x06, 0x5f, 0xa3, 0xbb, ++ 0x23, 0x85, 0xd8, 0xf0, 0x29, 0x5a, 0x68, 0x9e, 0xf5, 0xf4, 0xa6, 0x12, ++ 0xe0, 0x9a, 0xe2, 0xac, 0x00, 0x1d, 0x98, 0x26, 0xfc, 0x53, 0x95, 0x53, ++ 0xe4, 0x3e, 0x17, 0xd5, 0x08, 0x0b, 0x70, 0x3d, 0x67, 0x99, 0xac, 0x66 ++}; ++ ++/* SHA-384 No PR */ ++__fips_constseg static const unsigned char sha384_entropyinput[] = { ++ 0x07, 0x15, 0x27, 0x2a, 0xaf, 0x74, 0x24, 0x37, 0xbc, 0xd5, 0x14, 0x69, ++ 0xce, 0x11, 0xff, 0xa2, 0x6b, 0xb8, 0x05, 0x67, 0x34, 0xf8, 0xbd, 0x6d, ++ 0x6a, 0xcc, 0xcd, 0x60, 0xa3, 0x68, 0xca, 0xf4 ++}; ++ ++__fips_constseg static const unsigned char sha384_nonce[] = { ++ 0x70, 0x17, 0xc2, 0x5b, 0x5d, 0x22, 0x0b, 0x06, 0x15, 0x54, 0x78, 0x77, ++ 0x44, 0xaf, 0x2f, 0x09 ++}; ++ ++__fips_constseg static const unsigned char sha384_personalizationstring[] = { ++ 0x89, 0x39, 0x28, 0xb0, 0x60, 0xeb, 0x3d, 0xdc, 0x55, 0x75, 0x86, 0xeb, ++ 0xae, 0xa2, 0x8f, 0xbc, 0x1b, 0x75, 0xd4, 0xe1, 0x0f, 0xaa, 0x38, 0xca, ++ 0x62, 0x8b, 0xcb, 0x2c, 0x26, 0xf6, 0xbc, 0xb1 ++}; ++ ++__fips_constseg static const unsigned char sha384_additionalinput[] = { ++ 0x30, 0x2b, 0x42, 0x35, 0xef, 0xda, 0x40, 0x55, 0x28, 0xc6, 0x95, 0xfb, ++ 0x54, 0x01, 0x62, 0xd7, 0x87, 0x14, 0x48, 0x6d, 0x90, 0x4c, 0xa9, 0x02, ++ 0x54, 0x40, 0x22, 0xc8, 0x66, 0xa5, 0x48, 0x48 ++}; ++ ++__fips_constseg static const unsigned char sha384_int_returnedbits[] = { ++ 0x82, 0xc4, 0xa1, 0x9c, 0x21, 0xd2, 0xe7, 0xa5, 0xa6, 0xf6, 0x5f, 0x04, ++ 0x5c, 0xc7, 0x31, 0x9d, 0x8d, 0x59, 0x74, 0x50, 0x19, 0x89, 0x2f, 0x63, ++ 0xd5, 0xb7, 0x7e, 0xeb, 0x15, 0xe3, 0x70, 0x83, 0xa1, 0x24, 0x59, 0xfa, ++ 0x2c, 0x56, 0xf6, 0x88, 0x3a, 0x92, 0x93, 0xa1, 0xfb, 0x79, 0xc1, 0x7a ++}; ++ ++__fips_constseg static const unsigned char sha384_entropyinputreseed[] = { ++ 0x39, 0xa6, 0xe8, 0x5c, 0x82, 0x17, 0x71, 0x26, 0x57, 0x4f, 0x9f, 0xc2, ++ 0x55, 0xff, 0x5c, 0x9b, 0x53, 0x1a, 0xd1, 0x5f, 0xbc, 0x62, 0xe4, 0x27, ++ 0x2d, 0x32, 0xf0, 0xe4, 0x52, 0x8c, 0xc5, 0x0c ++}; ++ ++__fips_constseg static const unsigned char sha384_additionalinputreseed[] = { ++ 0x8d, 0xcb, 0x8d, 0xce, 0x08, 0xea, 0x80, 0xe8, 0x9b, 0x61, 0xa8, 0x0f, ++ 0xaf, 0x49, 0x20, 0x9e, 0x74, 0xcb, 0x57, 0x80, 0x42, 0xb0, 0x84, 0x5e, ++ 0x30, 0x2a, 0x67, 0x08, 0xf4, 0xe3, 0x40, 0x22 ++}; ++ ++__fips_constseg static const unsigned char sha384_additionalinput2[] = { ++ 0x7c, 0x8f, 0xc2, 0xae, 0x22, 0x4a, 0xd6, 0xf6, 0x05, 0xa4, 0x7a, 0xea, ++ 0xbb, 0x25, 0xd0, 0xb7, 0x5a, 0xd6, 0xcf, 0x9d, 0xf3, 0x6c, 0xe2, 0xb2, ++ 0x4e, 0xb4, 0xbd, 0xf4, 0xe5, 0x40, 0x80, 0x94 ++}; ++ ++__fips_constseg static const unsigned char sha384_returnedbits[] = { ++ 0x9e, 0x7e, 0xfb, 0x59, 0xbb, 0xaa, 0x3c, 0xf7, 0xe1, 0xf8, 0x76, 0xdd, ++ 0x63, 0x5f, 0xaf, 0x23, 0xd6, 0x64, 0x61, 0xc0, 0x9a, 0x09, 0x47, 0xc9, ++ 0x33, 0xdf, 0x6d, 0x55, 0x91, 0x34, 0x79, 0x70, 0xc4, 0x99, 0x6e, 0x54, ++ 0x09, 0x64, 0x21, 0x1a, 0xbd, 0x1e, 0x80, 0x40, 0x34, 0xad, 0xfa, 0xd7 ++}; ++ ++/* SHA-512 PR */ ++__fips_constseg static const unsigned char sha512_pr_entropyinput[] = { ++ 0x13, 0xf7, 0x61, 0x75, 0x65, 0x28, 0xa2, 0x59, 0x13, 0x5a, 0x4a, 0x4f, ++ 0x56, 0x60, 0x8c, 0x53, 0x7d, 0xb0, 0xbd, 0x06, 0x4f, 0xed, 0xcc, 0xd2, ++ 0xa2, 0xb5, 0xfd, 0x5b, 0x3a, 0xab, 0xec, 0x28 ++}; ++ ++__fips_constseg static const unsigned char sha512_pr_nonce[] = { ++ 0xbe, 0xa3, 0x91, 0x93, 0x1d, 0xc3, 0x31, 0x3a, 0x23, 0x33, 0x50, 0x67, ++ 0x88, 0xc7, 0xa2, 0xc4 ++}; ++ ++__fips_constseg static const unsigned char sha512_pr_personalizationstring[] = { ++ 0x1f, 0x59, 0x4d, 0x7b, 0xe6, 0x46, 0x91, 0x48, 0xc1, 0x25, 0xfa, 0xff, ++ 0x89, 0x12, 0x77, 0x35, 0xdf, 0x3e, 0xf4, 0x80, 0x5f, 0xd9, 0xb0, 0x07, ++ 0x22, 0x41, 0xdd, 0x48, 0x78, 0x6b, 0x77, 0x2b ++}; ++ ++__fips_constseg static const unsigned char sha512_pr_additionalinput[] = { ++ 0x30, 0xff, 0x63, 0x6f, 0xac, 0xd9, 0x84, 0x39, 0x6f, 0xe4, 0x99, 0xce, ++ 0x91, 0x7d, 0x7e, 0xc8, 0x58, 0xf2, 0x12, 0xc3, 0xb6, 0xad, 0xda, 0x22, ++ 0x04, 0xa0, 0xd2, 0x21, 0xfe, 0xf2, 0x95, 0x1d ++}; ++ ++__fips_constseg static const unsigned char sha512_pr_entropyinputpr[] = { ++ 0x64, 0x54, 0x13, 0xec, 0x4f, 0x77, 0xda, 0xb2, 0x92, 0x2e, 0x52, 0x80, ++ 0x11, 0x10, 0xc2, 0xf8, 0xe6, 0xa7, 0xcd, 0x4b, 0xfc, 0x32, 0x2e, 0x9e, ++ 0xeb, 0xbb, 0xb1, 0xbf, 0x15, 0x5c, 0x73, 0x08 ++}; ++ ++__fips_constseg static const unsigned char sha512_pr_int_returnedbits[] = { ++ 0xef, 0x1e, 0xdc, 0x0a, 0xa4, 0x36, 0x91, 0x9c, 0x3d, 0x27, 0x97, 0x50, ++ 0x8d, 0x36, 0x29, 0x8d, 0xce, 0x6a, 0x0c, 0xf7, 0x21, 0xc0, 0x91, 0xae, ++ 0x0c, 0x96, 0x72, 0xbd, 0x52, 0x81, 0x58, 0xfc, 0x6d, 0xe5, 0xf7, 0xa5, ++ 0xfd, 0x5d, 0xa7, 0x58, 0x68, 0xc8, 0x99, 0x58, 0x8e, 0xc8, 0xce, 0x95, ++ 0x01, 0x7d, 0xff, 0xa4, 0xc8, 0xf7, 0x63, 0xfe, 0x5f, 0x69, 0x83, 0x53, ++ 0xe2, 0xc6, 0x8b, 0xc3 ++}; ++ ++__fips_constseg static const unsigned char sha512_pr_additionalinput2[] = { ++ 0xe6, 0x9b, 0xc4, 0x88, 0x34, 0xca, 0xea, 0x29, 0x2f, 0x98, 0x05, 0xa4, ++ 0xd3, 0xc0, 0x7b, 0x11, 0xe8, 0xbb, 0x75, 0xf2, 0xbd, 0x29, 0xb7, 0x40, ++ 0x25, 0x7f, 0xc1, 0xb7, 0xb1, 0xf1, 0x25, 0x61 ++}; ++ ++__fips_constseg static const unsigned char sha512_pr_entropyinputpr2[] = { ++ 0x23, 0x6d, 0xff, 0xde, 0xfb, 0xd1, 0xba, 0x33, 0x18, 0xe6, 0xbe, 0xb5, ++ 0x48, 0x77, 0x6d, 0x7f, 0xa7, 0xe1, 0x4d, 0x48, 0x1e, 0x3c, 0xa7, 0x34, ++ 0x1a, 0xc8, 0x60, 0xdb, 0x8f, 0x99, 0x15, 0x99 ++}; ++ ++__fips_constseg static const unsigned char sha512_pr_returnedbits[] = { ++ 0x70, 0x27, 0x31, 0xdb, 0x92, 0x70, 0x21, 0xfe, 0x16, 0xb6, 0xc8, 0x51, ++ 0x34, 0x87, 0x65, 0xd0, 0x4e, 0xfd, 0xfe, 0x68, 0xec, 0xac, 0xdc, 0x93, ++ 0x41, 0x38, 0x92, 0x90, 0xb4, 0x94, 0xf9, 0x0d, 0xa4, 0xf7, 0x4e, 0x80, ++ 0x92, 0x67, 0x48, 0x40, 0xa7, 0x08, 0xc7, 0xbc, 0x66, 0x00, 0xfd, 0xf7, ++ 0x4c, 0x8b, 0x17, 0x6e, 0xd1, 0x8f, 0x9b, 0xf3, 0x6f, 0xf6, 0x34, 0xdd, ++ 0x67, 0xf7, 0x68, 0xdd ++}; ++ ++/* SHA-512 No PR */ ++__fips_constseg static const unsigned char sha512_entropyinput[] = { ++ 0xb6, 0x0b, 0xb7, 0xbc, 0x84, 0x56, 0xf6, 0x12, 0xaf, 0x45, 0x67, 0x17, ++ 0x7c, 0xd1, 0xb2, 0x78, 0x2b, 0xa0, 0xf2, 0xbe, 0xb6, 0x6d, 0x8b, 0x56, ++ 0xc6, 0xbc, 0x4d, 0xe1, 0xf7, 0xbe, 0xce, 0xbd ++}; ++ ++__fips_constseg static const unsigned char sha512_nonce[] = { ++ 0x9d, 0xed, 0xc0, 0xe5, 0x5a, 0x98, 0x6a, 0xcb, 0x51, 0x7d, 0x76, 0x31, ++ 0x5a, 0x64, 0xf0, 0xf7 ++}; ++ ++__fips_constseg static const unsigned char sha512_personalizationstring[] = { ++ 0xc2, 0x6d, 0xa3, 0xc3, 0x06, 0x74, 0xe5, 0x01, 0x5c, 0x10, 0x17, 0xc7, ++ 0xaf, 0x83, 0x9d, 0x59, 0x8d, 0x2d, 0x29, 0x38, 0xc5, 0x59, 0x70, 0x8b, ++ 0x46, 0x48, 0x2d, 0xcf, 0x36, 0x7d, 0x59, 0xc0 ++}; ++ ++__fips_constseg static const unsigned char sha512_additionalinput[] = { ++ 0xec, 0x8c, 0xd4, 0xf7, 0x61, 0x6e, 0x0d, 0x95, 0x79, 0xb7, 0x28, 0xad, ++ 0x5f, 0x69, 0x74, 0x5f, 0x2d, 0x36, 0x06, 0x8a, 0x6b, 0xac, 0x54, 0x97, ++ 0xc4, 0xa1, 0x12, 0x85, 0x0a, 0xdf, 0x4b, 0x34 ++}; ++ ++__fips_constseg static const unsigned char sha512_int_returnedbits[] = { ++ 0x84, 0x2f, 0x1f, 0x68, 0x6a, 0xa3, 0xad, 0x1e, 0xfb, 0xf4, 0x15, 0xbd, ++ 0xde, 0x38, 0xd4, 0x30, 0x80, 0x51, 0xe9, 0xd3, 0xc7, 0x20, 0x88, 0xe9, ++ 0xf5, 0xcc, 0xdf, 0x57, 0x5c, 0x47, 0x2f, 0x57, 0x3c, 0x5f, 0x13, 0x56, ++ 0xcc, 0xc5, 0x4f, 0x84, 0xf8, 0x10, 0x41, 0xd5, 0x7e, 0x58, 0x6e, 0x19, ++ 0x19, 0x9e, 0xaf, 0xc2, 0x22, 0x58, 0x41, 0x50, 0x79, 0xc2, 0xd8, 0x04, ++ 0x28, 0xd4, 0x39, 0x9a ++}; ++ ++__fips_constseg static const unsigned char sha512_entropyinputreseed[] = { ++ 0xfa, 0x7f, 0x46, 0x51, 0x83, 0x62, 0x98, 0x16, 0x9a, 0x19, 0xa2, 0x49, ++ 0xa9, 0xe6, 0x4a, 0xd8, 0x85, 0xe7, 0xd4, 0x3b, 0x2c, 0x82, 0xc5, 0x82, ++ 0xbf, 0x11, 0xf9, 0x9e, 0xbc, 0xd0, 0x01, 0xee ++}; ++ ++__fips_constseg static const unsigned char sha512_additionalinputreseed[] = { ++ 0xb9, 0x12, 0xe0, 0x4f, 0xf7, 0xa7, 0xc4, 0xd8, 0xd0, 0x8e, 0x99, 0x29, ++ 0x7c, 0x9a, 0xe9, 0xcf, 0xc4, 0x6c, 0xf8, 0xc3, 0xa7, 0x41, 0x83, 0xd6, ++ 0x2e, 0xfa, 0xb8, 0x5e, 0x8e, 0x6b, 0x78, 0x20 ++}; ++ ++__fips_constseg static const unsigned char sha512_additionalinput2[] = { ++ 0xd7, 0x07, 0x52, 0xb9, 0x83, 0x2c, 0x03, 0x71, 0xee, 0xc9, 0xc0, 0x85, ++ 0xe1, 0x57, 0xb2, 0xcd, 0x3a, 0xf0, 0xc9, 0x34, 0x24, 0x41, 0x1c, 0x42, ++ 0x99, 0xb2, 0x84, 0xe9, 0x17, 0xd2, 0x76, 0x92 ++}; ++ ++__fips_constseg static const unsigned char sha512_returnedbits[] = { ++ 0x36, 0x17, 0x5d, 0x98, 0x2b, 0x65, 0x25, 0x8e, 0xc8, 0x29, 0xdf, 0x27, ++ 0x05, 0x36, 0x26, 0x12, 0x8a, 0x68, 0x74, 0x27, 0x37, 0xd4, 0x7f, 0x32, ++ 0xb1, 0x12, 0xd6, 0x85, 0x83, 0xeb, 0x2e, 0xa0, 0xed, 0x4b, 0xb5, 0x7b, ++ 0x6f, 0x39, 0x3c, 0x71, 0x77, 0x02, 0x12, 0xcc, 0x2c, 0x3a, 0x8e, 0x63, ++ 0xdf, 0x4a, 0xbd, 0x6f, 0x6e, 0x2e, 0xed, 0x0a, 0x85, 0xa5, 0x2f, 0xa2, ++ 0x68, 0xde, 0x42, 0xb5 ++}; ++ ++/* HMAC SHA-1 PR */ ++__fips_constseg static const unsigned char hmac_sha1_pr_entropyinput[] = { ++ 0x26, 0x5f, 0x36, 0x14, 0xff, 0x3d, 0x83, 0xfa, 0x73, 0x5e, 0x75, 0xdc, ++ 0x2c, 0x18, 0x17, 0x1b ++}; ++ ++__fips_constseg static const unsigned char hmac_sha1_pr_nonce[] = { ++ 0xc8, 0xe3, 0x57, 0xa5, 0x7b, 0x74, 0x86, 0x6e ++}; ++ ++__fips_constseg ++ static const unsigned char hmac_sha1_pr_personalizationstring[] = { ++ 0x6e, 0xdb, 0x0d, 0xfe, 0x7d, 0xac, 0x79, 0xd0, 0xa5, 0x3a, 0x48, 0x85, ++ 0x80, 0xe2, 0x7f, 0x2a ++}; ++ ++__fips_constseg static const unsigned char hmac_sha1_pr_additionalinput[] = { ++ 0x31, 0xcd, 0x5e, 0x43, 0xdc, 0xfb, 0x7a, 0x79, 0xca, 0x88, 0xde, 0x1f, ++ 0xd7, 0xbb, 0x42, 0x09 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha1_pr_entropyinputpr[] = { ++ 0x7c, 0x23, 0x95, 0x38, 0x00, 0x95, 0xc1, 0x78, 0x1f, 0x8f, 0xd7, 0x63, ++ 0x23, 0x87, 0x2a, 0xed ++}; ++ ++__fips_constseg static const unsigned char hmac_sha1_pr_int_returnedbits[] = { ++ 0xbb, 0x34, 0xe7, 0x93, 0xa3, 0x02, 0x2c, 0x4a, 0xd0, 0x89, 0xda, 0x7f, ++ 0xed, 0xf4, 0x4c, 0xde, 0x17, 0xec, 0xe5, 0x6c ++}; ++ ++__fips_constseg static const unsigned char hmac_sha1_pr_additionalinput2[] = { ++ 0x49, 0xbc, 0x2d, 0x2c, 0xb7, 0x32, 0xcb, 0x20, 0xdf, 0xf5, 0x77, 0x58, ++ 0xa0, 0x4b, 0x93, 0x6e ++}; ++ ++__fips_constseg static const unsigned char hmac_sha1_pr_entropyinputpr2[] = { ++ 0x3c, 0xaa, 0xb0, 0x21, 0x42, 0xb0, 0xdd, 0x34, 0xf0, 0x16, 0x7f, 0x0c, ++ 0x0f, 0xff, 0x2e, 0xaf ++}; ++ ++__fips_constseg static const unsigned char hmac_sha1_pr_returnedbits[] = { ++ 0x8e, 0xcb, 0xa3, 0x64, 0xb2, 0xb8, 0x33, 0x6c, 0x64, 0x3b, 0x78, 0x16, ++ 0x99, 0x35, 0xc8, 0x30, 0xcb, 0x3e, 0xa0, 0xd8 ++}; ++ ++/* HMAC SHA-1 No PR */ ++__fips_constseg static const unsigned char hmac_sha1_entropyinput[] = { ++ 0x32, 0x9a, 0x2a, 0x87, 0x7b, 0x89, 0x7c, 0xf6, 0xcb, 0x95, 0xd5, 0x40, ++ 0x17, 0xfe, 0x47, 0x70 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha1_nonce[] = { ++ 0x16, 0xd8, 0xe0, 0xc7, 0x52, 0xcf, 0x4a, 0x25 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha1_personalizationstring[] = { ++ 0x35, 0x35, 0xa9, 0xa5, 0x40, 0xbe, 0x9b, 0xd1, 0x56, 0xdd, 0x44, 0x00, ++ 0x72, 0xf7, 0xd3, 0x5e ++}; ++ ++__fips_constseg static const unsigned char hmac_sha1_additionalinput[] = { ++ 0x1b, 0x2c, 0x84, 0x2d, 0x4a, 0x89, 0x8f, 0x69, 0x19, 0xf1, 0xf3, 0xdb, ++ 0xbb, 0xe3, 0xaa, 0xea ++}; ++ ++__fips_constseg static const unsigned char hmac_sha1_int_returnedbits[] = { ++ 0xcf, 0xfa, 0x7d, 0x72, 0x0f, 0xe6, 0xc7, 0x96, 0xa0, 0x69, 0x31, 0x11, ++ 0x9b, 0x0b, 0x1a, 0x20, 0x1f, 0x3f, 0xaa, 0xd1 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha1_entropyinputreseed[] = { ++ 0x90, 0x75, 0x15, 0x04, 0x95, 0xf1, 0xba, 0x81, 0x0c, 0x37, 0x94, 0x6f, ++ 0x86, 0x52, 0x6d, 0x9c ++}; ++ ++__fips_constseg static const unsigned char hmac_sha1_additionalinputreseed[] = { ++ 0x5b, 0x40, 0xba, 0x5f, 0x17, 0x70, 0xf0, 0x4b, 0xdf, 0xc9, 0x97, 0x92, ++ 0x79, 0xc5, 0x82, 0x28 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha1_additionalinput2[] = { ++ 0x97, 0xc8, 0x80, 0x90, 0xb3, 0xaa, 0x6e, 0x60, 0xea, 0x83, 0x7a, 0xe3, ++ 0x8a, 0xca, 0xa4, 0x7f ++}; ++ ++__fips_constseg static const unsigned char hmac_sha1_returnedbits[] = { ++ 0x90, 0xbd, 0x05, 0x56, 0x6d, 0xb5, 0x22, 0xd5, 0xb9, 0x5a, 0x29, 0x2d, ++ 0xe9, 0x0b, 0xe1, 0xac, 0xde, 0x27, 0x0b, 0xb0 ++}; ++ ++/* HMAC SHA-224 PR */ ++__fips_constseg static const unsigned char hmac_sha224_pr_entropyinput[] = { ++ 0x17, 0x32, 0x2b, 0x2e, 0x6f, 0x1b, 0x9c, 0x6d, 0x31, 0xe0, 0x34, 0x07, ++ 0xcf, 0xed, 0xf6, 0xb6, 0x5a, 0x76, 0x4c, 0xbc, 0x62, 0x85, 0x01, 0x90 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha224_pr_nonce[] = { ++ 0x38, 0xbf, 0x5f, 0x20, 0xb3, 0x68, 0x2f, 0x43, 0x61, 0x05, 0x8f, 0x23 ++}; ++ ++__fips_constseg ++ static const unsigned char hmac_sha224_pr_personalizationstring[] = { ++ 0xc0, 0xc9, 0x45, 0xac, 0x8d, 0x27, 0x77, 0x08, 0x0b, 0x17, 0x6d, 0xed, ++ 0xc1, 0x7d, 0xd5, 0x07, 0x9d, 0x6e, 0xf8, 0x23, 0x2a, 0x22, 0x13, 0xbd ++}; ++ ++__fips_constseg static const unsigned char hmac_sha224_pr_additionalinput[] = { ++ 0xa4, 0x3c, 0xe7, 0x3b, 0xea, 0x19, 0x45, 0x32, 0xc2, 0x83, 0x6d, 0x21, ++ 0x8a, 0xc0, 0xee, 0x67, 0x45, 0xde, 0x13, 0x7d, 0x9d, 0x61, 0x00, 0x3b ++}; ++ ++__fips_constseg static const unsigned char hmac_sha224_pr_entropyinputpr[] = { ++ 0x15, 0x05, 0x74, 0x4a, 0x7f, 0x8d, 0x5c, 0x60, 0x16, 0xe5, 0x7b, 0xad, ++ 0xf5, 0x41, 0x8f, 0x55, 0x60, 0xc4, 0x09, 0xee, 0x1e, 0x11, 0x81, 0xab ++}; ++ ++__fips_constseg static const unsigned char hmac_sha224_pr_int_returnedbits[] = { ++ 0x6f, 0xf5, 0x9a, 0xe2, 0x54, 0x53, 0x30, 0x3d, 0x5a, 0x27, 0x29, 0x38, ++ 0x27, 0xf2, 0x0d, 0x05, 0xe9, 0x26, 0xcb, 0x16, 0xc3, 0x51, 0x5f, 0x13, ++ 0x41, 0xfe, 0x99, 0xf2 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha224_pr_additionalinput2[] = { ++ 0x73, 0x81, 0x88, 0x84, 0x8f, 0xed, 0x6f, 0x10, 0x9f, 0x93, 0xbf, 0x17, ++ 0x35, 0x7c, 0xef, 0xd5, 0x8d, 0x26, 0xa6, 0x7a, 0xe8, 0x09, 0x36, 0x4f ++}; ++ ++__fips_constseg static const unsigned char hmac_sha224_pr_entropyinputpr2[] = { ++ 0xe6, 0xcf, 0xcf, 0x7e, 0x12, 0xe5, 0x43, 0xd2, 0x38, 0xd8, 0x24, 0x6f, ++ 0x5a, 0x37, 0x68, 0xbf, 0x4f, 0xa0, 0xff, 0xd5, 0x61, 0x8a, 0x93, 0xe0 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha224_pr_returnedbits[] = { ++ 0xaf, 0xf9, 0xd8, 0x19, 0x91, 0x30, 0x82, 0x6f, 0xa9, 0x1e, 0x9d, 0xd7, ++ 0xf3, 0x50, 0xe0, 0xc7, 0xd5, 0x64, 0x96, 0x7d, 0x4c, 0x4d, 0x78, 0x03, ++ 0x6d, 0xd8, 0x9e, 0x72 ++}; ++ ++/* HMAC SHA-224 No PR */ ++__fips_constseg static const unsigned char hmac_sha224_entropyinput[] = { ++ 0x11, 0x82, 0xfd, 0xd9, 0x42, 0xf4, 0xfa, 0xc8, 0xf2, 0x41, 0xe6, 0x54, ++ 0x01, 0xae, 0x22, 0x6e, 0xc6, 0xaf, 0xaf, 0xd0, 0xa6, 0xb2, 0xe2, 0x6d ++}; ++ ++__fips_constseg static const unsigned char hmac_sha224_nonce[] = { ++ 0xa9, 0x48, 0xd7, 0x92, 0x39, 0x7e, 0x2a, 0xdc, 0x30, 0x1f, 0x0e, 0x2b ++}; ++ ++__fips_constseg ++ static const unsigned char hmac_sha224_personalizationstring[] = { ++ 0x11, 0xd5, 0xf4, 0xbd, 0x67, 0x8c, 0x31, 0xcf, 0xa3, 0x3f, 0x1e, 0x6b, ++ 0xa8, 0x07, 0x02, 0x0b, 0xc8, 0x2e, 0x6c, 0x64, 0x41, 0x5b, 0xc8, 0x37 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha224_additionalinput[] = { ++ 0x68, 0x18, 0xc2, 0x06, 0xeb, 0x3e, 0x04, 0x95, 0x44, 0x5e, 0xfb, 0xe6, ++ 0x41, 0xc1, 0x5c, 0xcc, 0x40, 0x2f, 0xb7, 0xd2, 0x0f, 0xf3, 0x6b, 0xe7 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha224_int_returnedbits[] = { ++ 0x7f, 0x45, 0xc7, 0x5d, 0x32, 0xe6, 0x17, 0x60, 0xba, 0xdc, 0xb8, 0x42, ++ 0x1b, 0x9c, 0xf1, 0xfa, 0x3b, 0x4d, 0x29, 0x54, 0xc6, 0x90, 0xff, 0x5c, ++ 0xcd, 0xd6, 0xa9, 0xcc ++}; ++ ++__fips_constseg static const unsigned char hmac_sha224_entropyinputreseed[] = { ++ 0xc4, 0x8e, 0x37, 0x95, 0x69, 0x53, 0x28, 0xd7, 0x37, 0xbb, 0x70, 0x95, ++ 0x1c, 0x07, 0x1d, 0xd9, 0xb7, 0xe6, 0x1b, 0xbb, 0xfe, 0x41, 0xeb, 0xc9 ++}; ++ ++__fips_constseg ++ static const unsigned char hmac_sha224_additionalinputreseed[] = { ++ 0x53, 0x17, 0xa1, 0x6a, 0xfa, 0x77, 0x47, 0xb0, 0x95, 0x56, 0x9a, 0x20, ++ 0x57, 0xde, 0x5c, 0x89, 0x9f, 0x7f, 0xe2, 0xde, 0x17, 0x3a, 0x50, 0x23 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha224_additionalinput2[] = { ++ 0x3a, 0x32, 0xf9, 0x85, 0x0c, 0xc1, 0xed, 0x76, 0x2d, 0xdf, 0x40, 0xc3, ++ 0x06, 0x22, 0x66, 0xd4, 0x9a, 0x9a, 0xff, 0x5a, 0x7e, 0x7a, 0xf3, 0x96 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha224_returnedbits[] = { ++ 0x43, 0xb4, 0x57, 0x5c, 0x38, 0x25, 0x9d, 0xae, 0xec, 0x96, 0xd1, 0x85, ++ 0x3a, 0x84, 0x8d, 0xfe, 0x68, 0xd5, 0x0e, 0x5c, 0x8f, 0x65, 0xa5, 0x4e, ++ 0x45, 0x84, 0xa8, 0x94 ++}; ++ ++/* HMAC SHA-256 PR */ ++__fips_constseg static const unsigned char hmac_sha256_pr_entropyinput[] = { ++ 0x4d, 0xb0, 0x43, 0xd8, 0x34, 0x4b, 0x10, 0x70, 0xb1, 0x8b, 0xed, 0xea, ++ 0x07, 0x92, 0x9f, 0x6c, 0x79, 0x31, 0xaf, 0x81, 0x29, 0xeb, 0x6e, 0xca, ++ 0x32, 0x48, 0x28, 0xe7, 0x02, 0x5d, 0xa6, 0xa6 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha256_pr_nonce[] = { ++ 0x3a, 0xae, 0x15, 0xa9, 0x99, 0xdc, 0xe4, 0x67, 0x34, 0x3b, 0x70, 0x15, ++ 0xaa, 0xd3, 0x30, 0x9a ++}; ++ ++__fips_constseg ++ static const unsigned char hmac_sha256_pr_personalizationstring[] = { ++ 0x13, 0x1d, 0x24, 0x04, 0xb0, 0x18, 0x81, 0x15, 0x21, 0x51, 0x2a, 0x24, ++ 0x52, 0x61, 0xbe, 0x64, 0x82, 0x6b, 0x55, 0x2f, 0xe2, 0xf1, 0x40, 0x7d, ++ 0x71, 0xd8, 0x01, 0x86, 0x15, 0xb7, 0x8b, 0xb5 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha256_pr_additionalinput[] = { ++ 0x8f, 0xa6, 0x54, 0x5f, 0xb1, 0xd0, 0xd8, 0xc3, 0xe7, 0x0c, 0x15, 0xa9, ++ 0x23, 0x6e, 0xfe, 0xfb, 0x93, 0xf7, 0x3a, 0xbd, 0x59, 0x01, 0xfa, 0x18, ++ 0x8e, 0xe9, 0x1a, 0xa9, 0x78, 0xfc, 0x79, 0x0b ++}; ++ ++__fips_constseg static const unsigned char hmac_sha256_pr_entropyinputpr[] = { ++ 0xcf, 0x24, 0xb9, 0xeb, 0xb3, 0xd4, 0xcd, 0x17, 0x37, 0x38, 0x75, 0x79, ++ 0x15, 0xcb, 0x2d, 0x75, 0x51, 0xf1, 0xcc, 0xaa, 0x32, 0xa4, 0xa7, 0x36, ++ 0x7c, 0x5c, 0xe4, 0x47, 0xf1, 0x3e, 0x1d, 0xe5 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha256_pr_int_returnedbits[] = { ++ 0x52, 0x42, 0xfa, 0xeb, 0x85, 0xe0, 0x30, 0x22, 0x79, 0x00, 0x16, 0xb2, ++ 0x88, 0x2f, 0x14, 0x6a, 0xb7, 0xfc, 0xb7, 0x53, 0xdc, 0x4a, 0x12, 0xef, ++ 0x54, 0xd6, 0x33, 0xe9, 0x20, 0xd6, 0xfd, 0x56 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha256_pr_additionalinput2[] = { ++ 0xf4, 0xf6, 0x49, 0xa1, 0x2d, 0x64, 0x2b, 0x30, 0x58, 0xf8, 0xbd, 0xb8, ++ 0x75, 0xeb, 0xbb, 0x5e, 0x1c, 0x9b, 0x81, 0x6a, 0xda, 0x14, 0x86, 0x6e, ++ 0xd0, 0xda, 0x18, 0xb7, 0x88, 0xfb, 0x59, 0xf3 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha256_pr_entropyinputpr2[] = { ++ 0x21, 0xcd, 0x6e, 0x46, 0xad, 0x99, 0x07, 0x17, 0xb4, 0x3d, 0x76, 0x0a, ++ 0xff, 0x5b, 0x52, 0x50, 0x78, 0xdf, 0x1f, 0x24, 0x06, 0x0d, 0x3f, 0x74, ++ 0xa9, 0xc9, 0x37, 0xcf, 0xd8, 0x26, 0x25, 0x91 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha256_pr_returnedbits[] = { ++ 0xa7, 0xaf, 0x2f, 0x29, 0xe0, 0x3a, 0x72, 0x95, 0x96, 0x1c, 0xa9, 0xf0, ++ 0x4a, 0x17, 0x4d, 0x66, 0x06, 0x10, 0xbf, 0x39, 0x89, 0x88, 0xb8, 0x91, ++ 0x37, 0x18, 0x99, 0xcf, 0x8c, 0x53, 0x3b, 0x7e ++}; ++ ++/* HMAC SHA-256 No PR */ ++__fips_constseg static const unsigned char hmac_sha256_entropyinput[] = { ++ 0x96, 0xb7, 0x53, 0x22, 0x1e, 0x52, 0x2a, 0x96, 0xb1, 0x15, 0x3c, 0x35, ++ 0x5a, 0x8b, 0xd3, 0x4a, 0xa6, 0x6c, 0x83, 0x0a, 0x7d, 0xa3, 0x23, 0x3d, ++ 0x43, 0xa1, 0x07, 0x2c, 0x2d, 0xe3, 0x81, 0xcc ++}; ++ ++__fips_constseg static const unsigned char hmac_sha256_nonce[] = { ++ 0xf1, 0xac, 0x97, 0xcb, 0x5e, 0x06, 0x48, 0xd2, 0x94, 0xbe, 0x15, 0x2e, ++ 0xc7, 0xfc, 0xc2, 0x01 ++}; ++ ++__fips_constseg ++ static const unsigned char hmac_sha256_personalizationstring[] = { ++ 0x98, 0xc5, 0x1e, 0x35, 0x5e, 0x89, 0x0d, 0xce, 0x64, 0x6d, 0x18, 0xa7, ++ 0x5a, 0xc6, 0xf3, 0xe7, 0xd6, 0x9e, 0xc0, 0xea, 0xb7, 0x3a, 0x8d, 0x65, ++ 0xb8, 0xeb, 0x10, 0xd7, 0x57, 0x18, 0xa0, 0x32 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha256_additionalinput[] = { ++ 0x1b, 0x10, 0xaf, 0xac, 0xd0, 0x65, 0x95, 0xad, 0x04, 0xad, 0x03, 0x1c, ++ 0xe0, 0x40, 0xd6, 0x3e, 0x1c, 0x46, 0x53, 0x39, 0x7c, 0xe2, 0xbc, 0xda, ++ 0x8c, 0xa2, 0x33, 0xa7, 0x9a, 0x26, 0xd3, 0x27 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha256_int_returnedbits[] = { ++ 0xba, 0x61, 0x0e, 0x55, 0xfe, 0x11, 0x8a, 0x9e, 0x0f, 0x80, 0xdf, 0x1d, ++ 0x03, 0x0a, 0xfe, 0x15, 0x94, 0x28, 0x4b, 0xba, 0xf4, 0x9f, 0x51, 0x25, ++ 0x88, 0xe5, 0x4e, 0xfb, 0xaf, 0xce, 0x69, 0x90 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha256_entropyinputreseed[] = { ++ 0x62, 0x7f, 0x1e, 0x6b, 0xe8, 0x8e, 0xe1, 0x35, 0x7d, 0x9b, 0x4f, 0xc7, ++ 0xec, 0xc8, 0xac, 0xef, 0x6b, 0x13, 0x9e, 0x05, 0x56, 0xc1, 0x08, 0xf9, ++ 0x2f, 0x0f, 0x27, 0x9c, 0xd4, 0x15, 0xed, 0x2d ++}; ++ ++__fips_constseg ++ static const unsigned char hmac_sha256_additionalinputreseed[] = { ++ 0xc7, 0x76, 0x6e, 0xa9, 0xd2, 0xb2, 0x76, 0x40, 0x82, 0x25, 0x2c, 0xb3, ++ 0x6f, 0xac, 0xe9, 0x74, 0xef, 0x8f, 0x3c, 0x8e, 0xcd, 0xf1, 0xbf, 0xb3, ++ 0x49, 0x77, 0x34, 0x88, 0x52, 0x36, 0xe6, 0x2e ++}; ++ ++__fips_constseg static const unsigned char hmac_sha256_additionalinput2[] = { ++ 0x8d, 0xb8, 0x0c, 0xd1, 0xbf, 0x70, 0xf6, 0x19, 0xc3, 0x41, 0x80, 0x9f, ++ 0xe1, 0xa5, 0xa4, 0x1f, 0x2c, 0x26, 0xb1, 0xe5, 0xd8, 0xeb, 0xbe, 0xf8, ++ 0xdf, 0x88, 0x6a, 0x89, 0xd6, 0x05, 0xd8, 0x9d ++}; ++ ++__fips_constseg static const unsigned char hmac_sha256_returnedbits[] = { ++ 0x43, 0x12, 0x2a, 0x2c, 0x40, 0x53, 0x2e, 0x7c, 0x66, 0x34, 0xac, 0xc3, ++ 0x43, 0xe3, 0xe0, 0x6a, 0xfc, 0xfa, 0xea, 0x87, 0x21, 0x1f, 0xe2, 0x26, ++ 0xc4, 0xf9, 0x09, 0x9a, 0x0d, 0x6e, 0x7f, 0xe0 ++}; ++ ++/* HMAC SHA-384 PR */ ++__fips_constseg static const unsigned char hmac_sha384_pr_entropyinput[] = { ++ 0x69, 0x81, 0x98, 0x88, 0x44, 0xf5, 0xd6, 0x2e, 0x00, 0x08, 0x3b, 0xc5, ++ 0xfb, 0xd7, 0x8e, 0x6f, 0x23, 0xf8, 0x6d, 0x09, 0xd6, 0x85, 0x49, 0xd1, ++ 0xf8, 0x6d, 0xa4, 0x58, 0x54, 0xfd, 0x88, 0xa9 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha384_pr_nonce[] = { ++ 0x6e, 0x38, 0x81, 0xca, 0xb7, 0xe8, 0x6e, 0x66, 0x49, 0x8a, 0xb2, 0x59, ++ 0xee, 0x16, 0xc9, 0xde ++}; ++ ++__fips_constseg ++ static const unsigned char hmac_sha384_pr_personalizationstring[] = { ++ 0xfe, 0x4c, 0xd9, 0xf4, 0x78, 0x3b, 0x08, 0x41, 0x8d, 0x8f, 0x55, 0xc4, ++ 0x43, 0x56, 0xb6, 0x12, 0x36, 0x6b, 0x30, 0xb7, 0x5e, 0xe1, 0xb9, 0x47, ++ 0x04, 0xb1, 0x4e, 0xa9, 0x00, 0xa1, 0x52, 0xa1 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha384_pr_additionalinput[] = { ++ 0x89, 0xe9, 0xcc, 0x8f, 0x27, 0x3c, 0x26, 0xd1, 0x95, 0xc8, 0x7d, 0x0f, ++ 0x5b, 0x1a, 0xf0, 0x78, 0x39, 0x56, 0x6f, 0xa4, 0x23, 0xe7, 0xd1, 0xda, ++ 0x7c, 0x66, 0x33, 0xa0, 0x90, 0xc9, 0x92, 0x88 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha384_pr_entropyinputpr[] = { ++ 0xbe, 0x3d, 0x7c, 0x0d, 0xca, 0xda, 0x7c, 0x49, 0xb8, 0x12, 0x36, 0xc0, ++ 0xdb, 0xad, 0x35, 0xa8, 0xc7, 0x0b, 0x2a, 0x2c, 0x69, 0x6d, 0x25, 0x56, ++ 0x63, 0x82, 0x11, 0x3e, 0xa7, 0x33, 0x70, 0x72 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha384_pr_int_returnedbits[] = { ++ 0x82, 0x3d, 0xe6, 0x54, 0x80, 0x42, 0xf8, 0xba, 0x90, 0x4f, 0x06, 0xa6, ++ 0xd2, 0x7f, 0xbf, 0x79, 0x7c, 0x12, 0x7d, 0xa6, 0xa2, 0x66, 0xe8, 0xa6, ++ 0xc0, 0xd6, 0x4a, 0x55, 0xbf, 0xd8, 0x0a, 0xc5, 0xf8, 0x03, 0x88, 0xdd, ++ 0x8e, 0x87, 0xd1, 0x5a, 0x48, 0x26, 0x72, 0x2a, 0x8e, 0xcf, 0xee, 0xba ++}; ++ ++__fips_constseg static const unsigned char hmac_sha384_pr_additionalinput2[] = { ++ 0x8f, 0xff, 0xd9, 0x84, 0xbb, 0x85, 0x3a, 0x66, 0xa1, 0x21, 0xce, 0xb2, ++ 0x3a, 0x3a, 0x17, 0x22, 0x19, 0xae, 0xc7, 0xb6, 0x63, 0x81, 0xd5, 0xff, ++ 0x0d, 0xc8, 0xe1, 0xaf, 0x57, 0xd2, 0xcb, 0x60 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha384_pr_entropyinputpr2[] = { ++ 0xd7, 0xfb, 0xc9, 0xe8, 0xe2, 0xf2, 0xaa, 0x4c, 0xb8, 0x51, 0x2f, 0xe1, ++ 0x22, 0xba, 0xf3, 0xda, 0x0a, 0x19, 0x76, 0x71, 0x57, 0xb2, 0x1d, 0x94, ++ 0x09, 0x69, 0x6c, 0xd3, 0x97, 0x51, 0x81, 0x87 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha384_pr_returnedbits[] = { ++ 0xe6, 0x19, 0x28, 0xa8, 0x21, 0xce, 0x5e, 0xdb, 0x24, 0x79, 0x8c, 0x76, ++ 0x5d, 0x73, 0xb2, 0xdf, 0xac, 0xef, 0x85, 0xa7, 0x3b, 0x19, 0x09, 0x8b, ++ 0x7f, 0x98, 0x28, 0xa9, 0x93, 0xd8, 0x7a, 0xad, 0x55, 0x8b, 0x24, 0x9d, ++ 0xe6, 0x98, 0xfe, 0x47, 0xd5, 0x48, 0xc1, 0x23, 0xd8, 0x1d, 0x62, 0x75 ++}; ++ ++/* HMAC SHA-384 No PR */ ++__fips_constseg static const unsigned char hmac_sha384_entropyinput[] = { ++ 0xc3, 0x56, 0x2b, 0x1d, 0xc2, 0xbb, 0xa8, 0xf0, 0xae, 0x1b, 0x0d, 0xd3, ++ 0x5a, 0x6c, 0xda, 0x57, 0x8e, 0xa5, 0x8a, 0x0d, 0x6c, 0x4b, 0x18, 0xb1, ++ 0x04, 0x3e, 0xb4, 0x99, 0x35, 0xc4, 0xc0, 0x5f ++}; ++ ++__fips_constseg static const unsigned char hmac_sha384_nonce[] = { ++ 0xc5, 0x49, 0x1e, 0x66, 0x27, 0x92, 0xbe, 0xec, 0xb5, 0x1e, 0x4b, 0xb1, ++ 0x38, 0xe3, 0xeb, 0x62 ++}; ++ ++__fips_constseg ++ static const unsigned char hmac_sha384_personalizationstring[] = { ++ 0xbe, 0xe7, 0x6b, 0x57, 0xde, 0x88, 0x11, 0x96, 0x9b, 0x6e, 0xea, 0xe5, ++ 0x63, 0x83, 0x4c, 0xb6, 0x8d, 0x66, 0xaa, 0x1f, 0x8b, 0x54, 0xe7, 0x62, ++ 0x6d, 0x5a, 0xfc, 0xbf, 0x97, 0xba, 0xcd, 0x77 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha384_additionalinput[] = { ++ 0xe5, 0x28, 0x5f, 0x43, 0xf5, 0x83, 0x6e, 0x0a, 0x83, 0x5c, 0xe3, 0x81, ++ 0x03, 0xf2, 0xf8, 0x78, 0x00, 0x7c, 0x95, 0x87, 0x16, 0xd6, 0x6c, 0x58, ++ 0x33, 0x6c, 0x53, 0x35, 0x0d, 0x66, 0xe3, 0xce ++}; ++ ++__fips_constseg static const unsigned char hmac_sha384_int_returnedbits[] = { ++ 0xe2, 0x1f, 0xf3, 0xda, 0x0d, 0x19, 0x99, 0x87, 0xc4, 0x90, 0xa2, 0x31, ++ 0xca, 0x2a, 0x89, 0x58, 0x43, 0x44, 0xb8, 0xde, 0xcf, 0xa4, 0xbe, 0x3b, ++ 0x53, 0x26, 0x22, 0x31, 0x76, 0x41, 0x22, 0xb5, 0xa8, 0x70, 0x2f, 0x4b, ++ 0x64, 0x95, 0x4d, 0x48, 0x96, 0x35, 0xe6, 0xbd, 0x3c, 0x34, 0xdb, 0x1b ++}; ++ ++__fips_constseg static const unsigned char hmac_sha384_entropyinputreseed[] = { ++ 0x77, 0x61, 0xba, 0xbc, 0xf2, 0xc1, 0xf3, 0x4b, 0x86, 0x65, 0xfd, 0x48, ++ 0x0e, 0x3c, 0x02, 0x5e, 0xa2, 0x7a, 0x6b, 0x7c, 0xed, 0x21, 0x5e, 0xf9, ++ 0xcd, 0xcd, 0x77, 0x07, 0x2b, 0xbe, 0xc5, 0x5c ++}; ++ ++__fips_constseg ++ static const unsigned char hmac_sha384_additionalinputreseed[] = { ++ 0x18, 0x24, 0x5f, 0xc6, 0x84, 0xd1, 0x67, 0xc3, 0x9a, 0x11, 0xa5, 0x8c, ++ 0x07, 0x39, 0x21, 0x83, 0x4d, 0x04, 0xc4, 0x6a, 0x28, 0x19, 0xcf, 0x92, ++ 0x21, 0xd9, 0x9e, 0x41, 0x72, 0x6c, 0x9e, 0x63 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha384_additionalinput2[] = { ++ 0x96, 0x67, 0x41, 0x28, 0x9b, 0xb7, 0x92, 0x8d, 0x64, 0x3b, 0xe4, 0xcf, ++ 0x7e, 0xaa, 0x1e, 0xb1, 0x4b, 0x1d, 0x09, 0x56, 0x67, 0x9c, 0xc6, 0x6d, ++ 0x3b, 0xe8, 0x91, 0x9d, 0xe1, 0x8a, 0xb7, 0x32 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha384_returnedbits[] = { ++ 0xe3, 0x59, 0x61, 0x38, 0x92, 0xec, 0xe2, 0x3c, 0xff, 0xb7, 0xdb, 0x19, ++ 0x0f, 0x5b, 0x93, 0x68, 0x0d, 0xa4, 0x94, 0x40, 0x72, 0x0b, 0xe0, 0xed, ++ 0x4d, 0xcd, 0x68, 0xa0, 0x1e, 0xfe, 0x67, 0xb2, 0xfa, 0x21, 0x56, 0x74, ++ 0xa4, 0xad, 0xcf, 0xb7, 0x60, 0x66, 0x2e, 0x40, 0xde, 0x82, 0xca, 0xfb ++}; ++ ++/* HMAC SHA-512 PR */ ++__fips_constseg static const unsigned char hmac_sha512_pr_entropyinput[] = { ++ 0xaa, 0x9e, 0x45, 0x67, 0x0e, 0x00, 0x2a, 0x67, 0x98, 0xd6, 0xda, 0x0b, ++ 0x0f, 0x17, 0x7e, 0xac, 0xfd, 0x27, 0xc4, 0xca, 0x84, 0xdf, 0xde, 0xba, ++ 0x85, 0xd9, 0xbe, 0x8f, 0xf3, 0xff, 0x91, 0x4d ++}; ++ ++__fips_constseg static const unsigned char hmac_sha512_pr_nonce[] = { ++ 0x8c, 0x49, 0x2f, 0x58, 0x1e, 0x7a, 0xda, 0x4b, 0x7e, 0x8a, 0x30, 0x7b, ++ 0x86, 0xea, 0xaf, 0xa2 ++}; ++ ++__fips_constseg ++ static const unsigned char hmac_sha512_pr_personalizationstring[] = { ++ 0x71, 0xe1, 0xbb, 0xad, 0xa7, 0x4b, 0x2e, 0x31, 0x3b, 0x0b, 0xec, 0x24, ++ 0x99, 0x38, 0xbc, 0xaa, 0x05, 0x4c, 0x46, 0x44, 0xfa, 0xad, 0x8e, 0x02, ++ 0xc1, 0x7e, 0xad, 0xec, 0x54, 0xa6, 0xd0, 0xad ++}; ++ ++__fips_constseg static const unsigned char hmac_sha512_pr_additionalinput[] = { ++ 0x3d, 0x6e, 0xa6, 0xa8, 0x29, 0x2a, 0xb2, 0xf5, 0x98, 0x42, 0xe4, 0x92, ++ 0x78, 0x22, 0x67, 0xfd, 0x1b, 0x15, 0x1e, 0x29, 0xaa, 0x71, 0x3c, 0x3c, ++ 0xe7, 0x05, 0x20, 0xa9, 0x29, 0xc6, 0x75, 0x71 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha512_pr_entropyinputpr[] = { ++ 0xab, 0xb9, 0x16, 0xd8, 0x55, 0x35, 0x54, 0xb7, 0x97, 0x3f, 0x94, 0xbc, ++ 0x2f, 0x7c, 0x70, 0xc7, 0xd0, 0xed, 0xb7, 0x4b, 0xf7, 0xf6, 0x6c, 0x03, ++ 0x0c, 0xb0, 0x03, 0xd8, 0xbb, 0x71, 0xd9, 0x10 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha512_pr_int_returnedbits[] = { ++ 0x8e, 0xd3, 0xfd, 0x52, 0x9e, 0x83, 0x08, 0x49, 0x18, 0x6e, 0x23, 0x56, ++ 0x5c, 0x45, 0x93, 0x34, 0x05, 0xe2, 0x98, 0x8f, 0x0c, 0xd4, 0x32, 0x0c, ++ 0xfd, 0xda, 0x5f, 0x92, 0x3a, 0x8c, 0x81, 0xbd, 0xf6, 0x6c, 0x55, 0xfd, ++ 0xb8, 0x20, 0xce, 0x8d, 0x97, 0x27, 0xe8, 0xe8, 0xe0, 0xb3, 0x85, 0x50, ++ 0xa2, 0xc2, 0xb2, 0x95, 0x1d, 0x48, 0xd3, 0x7b, 0x4b, 0x78, 0x13, 0x35, ++ 0x05, 0x17, 0xbe, 0x0d ++}; ++ ++__fips_constseg static const unsigned char hmac_sha512_pr_additionalinput2[] = { ++ 0xc3, 0xfc, 0x95, 0xaa, 0x69, 0x06, 0xae, 0x59, 0x41, 0xce, 0x26, 0x08, ++ 0x29, 0x6d, 0x45, 0xda, 0xe8, 0xb3, 0x6c, 0x95, 0x60, 0x0f, 0x70, 0x2c, ++ 0x10, 0xba, 0x38, 0x8c, 0xcf, 0x29, 0x99, 0xaa ++}; ++ ++__fips_constseg static const unsigned char hmac_sha512_pr_entropyinputpr2[] = { ++ 0x3b, 0x9a, 0x25, 0xce, 0xd7, 0xf9, 0x5c, 0xd1, 0x3a, 0x3e, 0xaa, 0x71, ++ 0x14, 0x3e, 0x19, 0xe8, 0xce, 0xe6, 0xfe, 0x51, 0x84, 0xe9, 0x1b, 0xfe, ++ 0x3f, 0xa7, 0xf2, 0xfd, 0x76, 0x5f, 0x6a, 0xe7 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha512_pr_returnedbits[] = { ++ 0xb7, 0x82, 0xa9, 0x57, 0x81, 0x67, 0x53, 0xb5, 0xa1, 0xe9, 0x3d, 0x35, ++ 0xf9, 0xe4, 0x97, 0xbe, 0xa6, 0xca, 0xf1, 0x01, 0x13, 0x09, 0xe7, 0x21, ++ 0xc0, 0xed, 0x93, 0x5d, 0x4b, 0xf4, 0xeb, 0x8d, 0x53, 0x25, 0x8a, 0xc4, ++ 0xb1, 0x6f, 0x6e, 0x37, 0xcd, 0x2e, 0xac, 0x39, 0xb2, 0xb6, 0x99, 0xa3, ++ 0x82, 0x00, 0xb0, 0x21, 0xf0, 0xc7, 0x2f, 0x4c, 0x73, 0x92, 0xfd, 0x00, ++ 0xb6, 0xaf, 0xbc, 0xd3 ++}; ++ ++/* HMAC SHA-512 No PR */ ++__fips_constseg static const unsigned char hmac_sha512_entropyinput[] = { ++ 0x6e, 0x85, 0xe6, 0x25, 0x96, 0x29, 0xa7, 0x52, 0x5b, 0x60, 0xba, 0xaa, ++ 0xde, 0xdb, 0x36, 0x0a, 0x51, 0x9a, 0x15, 0xae, 0x6e, 0x18, 0xd3, 0xfe, ++ 0x39, 0xb9, 0x4a, 0x96, 0xf8, 0x77, 0xcb, 0x95 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha512_nonce[] = { ++ 0xe0, 0xa6, 0x5d, 0x08, 0xc3, 0x7c, 0xae, 0x25, 0x2e, 0x80, 0xd1, 0x3e, ++ 0xd9, 0xaf, 0x43, 0x3c ++}; ++ ++__fips_constseg ++ static const unsigned char hmac_sha512_personalizationstring[] = { ++ 0x53, 0x99, 0x52, 0x5f, 0x11, 0xa9, 0x64, 0x66, 0x20, 0x5e, 0x1b, 0x5f, ++ 0x42, 0xb3, 0xf4, 0xda, 0xed, 0xbb, 0x63, 0xc1, 0x23, 0xaf, 0xd0, 0x01, ++ 0x90, 0x3b, 0xd0, 0x78, 0xe4, 0x0b, 0xa7, 0x20 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha512_additionalinput[] = { ++ 0x85, 0x90, 0x80, 0xd3, 0x98, 0xf1, 0x53, 0x6d, 0x68, 0x15, 0x8f, 0xe5, ++ 0x60, 0x3f, 0x17, 0x29, 0x55, 0x8d, 0x33, 0xb1, 0x45, 0x64, 0x64, 0x8d, ++ 0x50, 0x21, 0x89, 0xae, 0xf6, 0xfd, 0x32, 0x73 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha512_int_returnedbits[] = { ++ 0x28, 0x56, 0x30, 0x6f, 0xf4, 0xa1, 0x48, 0xe0, 0xc9, 0xf5, 0x75, 0x90, ++ 0xcc, 0xfb, 0xdf, 0xdf, 0x71, 0x3d, 0x0a, 0x9a, 0x03, 0x65, 0x3b, 0x18, ++ 0x61, 0xe3, 0xd1, 0xda, 0xcc, 0x4a, 0xfe, 0x55, 0x38, 0xf8, 0x21, 0x6b, ++ 0xfa, 0x18, 0x01, 0x42, 0x39, 0x2f, 0x99, 0x53, 0x38, 0x15, 0x82, 0x34, ++ 0xc5, 0x93, 0x92, 0xbc, 0x4d, 0x75, 0x1a, 0x5f, 0x21, 0x27, 0xcc, 0xa1, ++ 0xb1, 0x57, 0x69, 0xe8 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha512_entropyinputreseed[] = { ++ 0x8c, 0x52, 0x7e, 0x77, 0x72, 0x3f, 0xa3, 0x04, 0x97, 0x10, 0x9b, 0x41, ++ 0xbd, 0xe8, 0xff, 0x89, 0xed, 0x80, 0xe3, 0xbd, 0xaa, 0x12, 0x2d, 0xca, ++ 0x75, 0x82, 0x36, 0x77, 0x88, 0xcd, 0xa6, 0x73 ++}; ++ ++__fips_constseg ++ static const unsigned char hmac_sha512_additionalinputreseed[] = { ++ 0x7e, 0x32, 0xe3, 0x69, 0x69, 0x07, 0x34, 0xa2, 0x16, 0xa2, 0x5d, 0x1a, ++ 0x10, 0x91, 0xd3, 0xe2, 0x21, 0xa2, 0xa3, 0xdd, 0xcd, 0x0c, 0x09, 0x86, ++ 0x11, 0xe1, 0x50, 0xff, 0x5c, 0xb7, 0xeb, 0x5c ++}; ++ ++__fips_constseg static const unsigned char hmac_sha512_additionalinput2[] = { ++ 0x7f, 0x78, 0x66, 0xd8, 0xfb, 0x67, 0xcf, 0x8d, 0x8c, 0x08, 0x30, 0xa5, ++ 0xf8, 0x7d, 0xcf, 0x44, 0x59, 0xce, 0xf8, 0xdf, 0x58, 0xd3, 0x60, 0xcb, ++ 0xa8, 0x60, 0xb9, 0x07, 0xc4, 0xb1, 0x95, 0x48 ++}; ++ ++__fips_constseg static const unsigned char hmac_sha512_returnedbits[] = { ++ 0xdf, 0xa7, 0x36, 0xd4, 0xdc, 0x5d, 0x4d, 0x31, 0xad, 0x69, 0x46, 0x9f, ++ 0xf1, 0x7c, 0xd7, 0x3b, 0x4f, 0x55, 0xf2, 0xd7, 0xb9, 0x9d, 0xad, 0x7a, ++ 0x79, 0x08, 0x59, 0xa5, 0xdc, 0x74, 0xf5, 0x9b, 0x73, 0xd2, 0x13, 0x25, ++ 0x0b, 0x81, 0x08, 0x08, 0x25, 0xfb, 0x39, 0xf2, 0xf0, 0xa3, 0xa4, 0x8d, ++ 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, ++ 0xc2, 0xd6, 0xfd, 0xa5 ++}; +diff -up openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c +--- openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c.fips 2019-02-28 11:30:06.814745521 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c 2019-02-28 11:30:06.814745521 +0100 +@@ -0,0 +1,195 @@ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++#include ++#include ++#include "internal/fips_int.h" ++#include ++#include ++#include ++#include "fips_locl.h" ++ ++#ifdef OPENSSL_FIPS ++ ++static const unsigned char dsa_test_2048_p[] = { ++ 0xa8, 0x53, 0x78, 0xd8, 0xfd, 0x3f, 0x8d, 0x72, 0xec, 0x74, 0x18, 0x08, ++ 0x0d, 0xa2, 0x13, 0x17, 0xe4, 0x3e, 0xc4, 0xb6, 0x2b, 0xa8, 0xc8, 0x62, ++ 0x3b, 0x7e, 0x4d, 0x04, 0x44, 0x1d, 0xd1, 0xa0, 0x65, 0x86, 0x62, 0x59, ++ 0x64, 0x93, 0xca, 0x8e, 0x9e, 0x8f, 0xbb, 0x7e, 0x34, 0xaa, 0xdd, 0xb6, ++ 0x2e, 0x5d, 0x67, 0xb6, 0xd0, 0x9a, 0x6e, 0x61, 0xb7, 0x69, 0xe7, 0xc3, ++ 0x52, 0xaa, 0x2b, 0x10, 0xe2, 0x0c, 0xa0, 0x63, 0x69, 0x63, 0xb5, 0x52, ++ 0x3e, 0x86, 0x47, 0x0d, 0xec, 0xbb, 0xed, 0xa0, 0x27, 0xe7, 0x97, 0xe7, ++ 0xb6, 0x76, 0x35, 0xd4, 0xd4, 0x9c, 0x30, 0x70, 0x0e, 0x74, 0xaf, 0x8a, ++ 0x0f, 0xf1, 0x56, 0xa8, 0x01, 0xaf, 0x57, 0xa2, 0x6e, 0x70, 0x78, 0xf1, ++ 0xd8, 0x2f, 0x74, 0x90, 0x8e, 0xcb, 0x6d, 0x07, 0xe7, 0x0b, 0x35, 0x03, ++ 0xee, 0xd9, 0x4f, 0xa3, 0x2c, 0xf1, 0x7a, 0x7f, 0xc3, 0xd6, 0xcf, 0x40, ++ 0xdc, 0x7b, 0x00, 0x83, 0x0e, 0x6a, 0x25, 0x66, 0xdc, 0x07, 0x3e, 0x34, ++ 0x33, 0x12, 0x51, 0x7c, 0x6a, 0xa5, 0x15, 0x2b, 0x4b, 0xfe, 0xcd, 0x2e, ++ 0x55, 0x1f, 0xee, 0x34, 0x63, 0x18, 0xa1, 0x53, 0x42, 0x3c, 0x99, 0x6b, ++ 0x0d, 0x5d, 0xcb, 0x91, 0x02, 0xae, 0xdd, 0x38, 0x79, 0x86, 0x16, 0xf1, ++ 0xf1, 0xe0, 0xd6, 0xc4, 0x03, 0x52, 0x5b, 0x1f, 0x9b, 0x3d, 0x4d, 0xc7, ++ 0x66, 0xde, 0x2d, 0xfc, 0x4a, 0x56, 0xd7, 0xb8, 0xba, 0x59, 0x63, 0xd6, ++ 0x0f, 0x3e, 0x16, 0x31, 0x88, 0x70, 0xad, 0x43, 0x69, 0x52, 0xe5, 0x57, ++ 0x65, 0x37, 0x4e, 0xab, 0x85, 0xe8, 0xec, 0x17, 0xd6, 0xb9, 0xa4, 0x54, ++ 0x7b, 0x9b, 0x5f, 0x27, 0x52, 0xf3, 0x10, 0x5b, 0xe8, 0x09, 0xb2, 0x3a, ++ 0x2c, 0x8d, 0x74, 0x69, 0xdb, 0x02, 0xe2, 0x4d, 0x59, 0x23, 0x94, 0xa7, ++ 0xdb, 0xa0, 0x69, 0xe9 ++}; ++ ++static const unsigned char dsa_test_2048_q[] = { ++ 0xd2, 0x77, 0x04, 0x4e, 0x50, 0xf5, 0xa4, 0xe3, 0xf5, 0x10, 0xa5, 0x0a, ++ 0x0b, 0x84, 0xfd, 0xff, 0xbc, 0xa0, 0x47, 0xed, 0x27, 0x60, 0x20, 0x56, ++ 0x74, 0x41, 0xa0, 0xa5 ++}; ++ ++static const unsigned char dsa_test_2048_g[] = { ++ 0x13, 0xd7, 0x54, 0xe2, 0x1f, 0xd2, 0x41, 0x65, 0x5d, 0xa8, 0x91, 0xc5, ++ 0x22, 0xa6, 0x5a, 0x72, 0xa8, 0x9b, 0xdc, 0x64, 0xec, 0x9b, 0x54, 0xa8, ++ 0x21, 0xed, 0x4a, 0x89, 0x8b, 0x49, 0x0e, 0x0c, 0x4f, 0xcb, 0x72, 0x19, ++ 0x2a, 0x4a, 0x20, 0xf5, 0x41, 0xf3, 0xf2, 0x92, 0x53, 0x99, 0xf0, 0xba, ++ 0xec, 0xf9, 0x29, 0xaa, 0xfb, 0xf7, 0x9d, 0xfe, 0x43, 0x32, 0x39, 0x3b, ++ 0x32, 0xcd, 0x2e, 0x2f, 0xcf, 0x27, 0x2f, 0x32, 0xa6, 0x27, 0x43, 0x4a, ++ 0x0d, 0xf2, 0x42, 0xb7, 0x5b, 0x41, 0x4d, 0xf3, 0x72, 0x12, 0x1e, 0x53, ++ 0xa5, 0x53, 0xf2, 0x22, 0xf8, 0x36, 0xb0, 0x00, 0xf0, 0x16, 0x48, 0x5b, ++ 0x6b, 0xd0, 0x89, 0x84, 0x51, 0x80, 0x1d, 0xcd, 0x8d, 0xe6, 0x4c, 0xd5, ++ 0x36, 0x56, 0x96, 0xff, 0xc5, 0x32, 0xd5, 0x28, 0xc5, 0x06, 0x62, 0x0a, ++ 0x94, 0x2a, 0x03, 0x05, 0x04, 0x6d, 0x8f, 0x18, 0x76, 0x34, 0x1f, 0x1e, ++ 0x57, 0x0b, 0xc3, 0x97, 0x4b, 0xa6, 0xb9, 0xa4, 0x38, 0xe9, 0x70, 0x23, ++ 0x02, 0xa2, 0xe6, 0xe6, 0x7b, 0xfd, 0x06, 0xd3, 0x2b, 0xc6, 0x79, 0x96, ++ 0x22, 0x71, 0xd7, 0xb4, 0x0c, 0xd7, 0x2f, 0x38, 0x6e, 0x64, 0xe0, 0xd7, ++ 0xef, 0x86, 0xca, 0x8c, 0xa5, 0xd1, 0x42, 0x28, 0xdc, 0x2a, 0x4f, 0x16, ++ 0xe3, 0x18, 0x98, 0x86, 0xb5, 0x99, 0x06, 0x74, 0xf4, 0x20, 0x0f, 0x3a, ++ 0x4c, 0xf6, 0x5a, 0x3f, 0x0d, 0xdb, 0xa1, 0xfa, 0x67, 0x2d, 0xff, 0x2f, ++ 0x5e, 0x14, 0x3d, 0x10, 0xe4, 0xe9, 0x7a, 0xe8, 0x4f, 0x6d, 0xa0, 0x95, ++ 0x35, 0xd5, 0xb9, 0xdf, 0x25, 0x91, 0x81, 0xa7, 0x9b, 0x63, 0xb0, 0x69, ++ 0xe9, 0x49, 0x97, 0x2b, 0x02, 0xba, 0x36, 0xb3, 0x58, 0x6a, 0xab, 0x7e, ++ 0x45, 0xf3, 0x22, 0xf8, 0x2e, 0x4e, 0x85, 0xca, 0x3a, 0xb8, 0x55, 0x91, ++ 0xb3, 0xc2, 0xa9, 0x66 ++}; ++ ++static const unsigned char dsa_test_2048_pub_key[] = { ++ 0x24, 0x52, 0xf3, 0xcc, 0xbe, 0x9e, 0xd5, 0xca, 0x7d, 0xc7, 0x4c, 0x60, ++ 0x2b, 0x99, 0x22, 0x6e, 0x8f, 0x2f, 0xab, 0x38, 0xe7, 0xd7, 0xdd, 0xfb, ++ 0x75, 0x53, 0x9b, 0x17, 0x15, 0x5e, 0x9f, 0xcf, 0xd1, 0xab, 0xa5, 0x64, ++ 0xeb, 0x85, 0x35, 0xd8, 0x12, 0xc9, 0xc2, 0xdc, 0xf9, 0x72, 0x84, 0x44, ++ 0x1b, 0xc4, 0x82, 0x24, 0x36, 0x24, 0xc7, 0xf4, 0x57, 0x58, 0x0c, 0x1c, ++ 0x38, 0xa5, 0x7c, 0x46, 0xc4, 0x57, 0x39, 0x24, 0x70, 0xed, 0xb5, 0x2c, ++ 0xb5, 0xa6, 0xe0, 0x3f, 0xe6, 0x28, 0x7b, 0xb6, 0xf4, 0x9a, 0x42, 0xa2, ++ 0x06, 0x5a, 0x05, 0x4f, 0x03, 0x08, 0x39, 0xdf, 0x1f, 0xd3, 0x14, 0x9c, ++ 0x4c, 0xa0, 0x53, 0x1d, 0xd8, 0xca, 0x8a, 0xaa, 0x9c, 0xc7, 0x33, 0x71, ++ 0x93, 0x38, 0x73, 0x48, 0x33, 0x61, 0x18, 0x22, 0x45, 0x45, 0xe8, 0x8c, ++ 0x80, 0xff, 0xd8, 0x76, 0x5d, 0x74, 0x36, 0x03, 0x33, 0xcc, 0xab, 0x99, ++ 0x72, 0x77, 0x9b, 0x65, 0x25, 0xa6, 0x5b, 0xdd, 0x0d, 0x10, 0xc6, 0x75, ++ 0xc1, 0x09, 0xbb, 0xd3, 0xe5, 0xbe, 0x4d, 0x72, 0xef, 0x6e, 0xba, 0x6e, ++ 0x43, 0x8d, 0x52, 0x26, 0x23, 0x7d, 0xb8, 0x88, 0x37, 0x9c, 0x5f, 0xcc, ++ 0x47, 0xa3, 0x84, 0x7f, 0xf6, 0x37, 0x11, 0xba, 0xed, 0x6d, 0x03, 0xaf, ++ 0xe8, 0x1e, 0x69, 0x4a, 0x41, 0x3b, 0x68, 0x0b, 0xd3, 0x8a, 0xb4, 0x90, ++ 0x3f, 0x83, 0x70, 0xa7, 0x07, 0xef, 0x55, 0x1d, 0x49, 0x41, 0x02, 0x6d, ++ 0x95, 0x79, 0xd6, 0x91, 0xde, 0x8e, 0xda, 0xa1, 0x61, 0x05, 0xeb, 0x9d, ++ 0xba, 0x3c, 0x2f, 0x4c, 0x1b, 0xec, 0x50, 0x82, 0x75, 0xaa, 0x02, 0x07, ++ 0xe2, 0x51, 0xb5, 0xec, 0xcb, 0x28, 0x6a, 0x4b, 0x01, 0xd4, 0x49, 0xd3, ++ 0x0a, 0xcb, 0x67, 0x37, 0x17, 0xa0, 0xd2, 0xfb, 0x3b, 0x50, 0xc8, 0x93, ++ 0xf7, 0xda, 0xb1, 0x4f ++}; ++ ++static const unsigned char dsa_test_2048_priv_key[] = { ++ 0x0c, 0x4b, 0x30, 0x89, 0xd1, 0xb8, 0x62, 0xcb, 0x3c, 0x43, 0x64, 0x91, ++ 0xf0, 0x91, 0x54, 0x70, 0xc5, 0x27, 0x96, 0xe3, 0xac, 0xbe, 0xe8, 0x00, ++ 0xec, 0x55, 0xf6, 0xcc ++}; ++ ++int FIPS_selftest_dsa() ++{ ++ DSA *dsa = NULL; ++ EVP_PKEY *pk = NULL; ++ int ret = -1; ++ BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL; ++ ++ fips_load_key_component(p, dsa_test_2048); ++ fips_load_key_component(q, dsa_test_2048); ++ fips_load_key_component(g, dsa_test_2048); ++ fips_load_key_component(pub_key, dsa_test_2048); ++ fips_load_key_component(priv_key, dsa_test_2048); ++ ++ dsa = DSA_new(); ++ ++ if (dsa == NULL) ++ goto err; ++ ++ DSA_set0_pqg(dsa, p, q, g); ++ ++ DSA_set0_key(dsa, pub_key, priv_key); ++ ++ if ((pk = EVP_PKEY_new()) == NULL) ++ goto err; ++ ++ EVP_PKEY_assign_DSA(pk, dsa); ++ ++ if (!fips_pkey_signature_test(pk, NULL, 0, ++ NULL, 0, EVP_sha256(), 0, "DSA SHA256")) ++ goto err; ++ ret = 1; ++ ++ err: ++ if (pk) ++ EVP_PKEY_free(pk); ++ else if (dsa) ++ DSA_free(dsa); ++ else { ++ BN_free(p); ++ BN_free(q); ++ BN_free(g); ++ BN_free(pub_key); ++ BN_free(priv_key); ++ } ++ return ret; ++} ++#endif +diff -up openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c +--- openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c.fips 2019-02-28 11:30:06.814745521 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c 2019-02-28 11:30:06.814745521 +0100 +@@ -0,0 +1,242 @@ ++/* fips/ecdh/fips_ecdh_selftest.c */ ++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project 2011. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ */ ++ ++#define OPENSSL_FIPSAPI ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#ifdef OPENSSL_FIPS ++ ++# include "fips_locl.h" ++ ++static const unsigned char p256_qcavsx[] = { ++ 0x52, 0xc6, 0xa5, 0x75, 0xf3, 0x04, 0x98, 0xb3, 0x29, 0x66, 0x0c, 0x62, ++ 0x18, 0x60, 0x55, 0x41, 0x59, 0xd4, 0x60, 0x85, 0x99, 0xc1, 0x51, 0x13, ++ 0x6f, 0x97, 0x85, 0x93, 0x33, 0x34, 0x07, 0x50 ++}; ++ ++static const unsigned char p256_qcavsy[] = { ++ 0x6f, 0x69, 0x24, 0xeb, 0xe9, 0x3b, 0xa7, 0xcc, 0x47, 0x17, 0xaa, 0x3f, ++ 0x70, 0xfc, 0x10, 0x73, 0x0a, 0xcd, 0x21, 0xee, 0x29, 0x19, 0x1f, 0xaf, ++ 0xb4, 0x1c, 0x1e, 0xc2, 0x8e, 0x97, 0x81, 0x6e ++}; ++ ++static const unsigned char p256_qiutx[] = { ++ 0x71, 0x46, 0x88, 0x08, 0x92, 0x21, 0x1b, 0x10, 0x21, 0x74, 0xff, 0x0c, ++ 0x94, 0xde, 0x34, 0x7c, 0x86, 0x74, 0xbe, 0x67, 0x41, 0x68, 0xd4, 0xc1, ++ 0xe5, 0x75, 0x63, 0x9c, 0xa7, 0x46, 0x93, 0x6f ++}; ++ ++static const unsigned char p256_qiuty[] = { ++ 0x33, 0x40, 0xa9, 0x6a, 0xf5, 0x20, 0xb5, 0x9e, 0xfc, 0x60, 0x1a, 0xae, ++ 0x3d, 0xf8, 0x21, 0xd2, 0xa7, 0xca, 0x52, 0x34, 0xb9, 0x5f, 0x27, 0x75, ++ 0x6c, 0x81, 0xbe, 0x32, 0x4d, 0xba, 0xbb, 0xf8 ++}; ++ ++static const unsigned char p256_qiutd[] = { ++ 0x1a, 0x48, 0x55, 0x6b, 0x11, 0xbe, 0x92, 0xd4, 0x1c, 0xd7, 0x45, 0xc3, ++ 0x82, 0x81, 0x51, 0xf1, 0x23, 0x40, 0xb7, 0x83, 0xfd, 0x01, 0x6d, 0xbc, ++ 0xa1, 0x66, 0xaf, 0x0a, 0x03, 0x23, 0xcd, 0xc8 ++}; ++ ++static const unsigned char p256_ziut[] = { ++ 0x77, 0x2a, 0x1e, 0x37, 0xee, 0xe6, 0x51, 0x02, 0x71, 0x40, 0xf8, 0x6a, ++ 0x36, 0xf8, 0x65, 0x61, 0x2b, 0x18, 0x71, 0x82, 0x23, 0xe6, 0xf2, 0x77, ++ 0xce, 0xec, 0xb8, 0x49, 0xc7, 0xbf, 0x36, 0x4f ++}; ++ ++typedef struct { ++ int curve; ++ const unsigned char *x1; ++ size_t x1len; ++ const unsigned char *y1; ++ size_t y1len; ++ const unsigned char *d1; ++ size_t d1len; ++ const unsigned char *x2; ++ size_t x2len; ++ const unsigned char *y2; ++ size_t y2len; ++ const unsigned char *z; ++ size_t zlen; ++} ECDH_SELFTEST_DATA; ++ ++# define make_ecdh_test(nid, pr) { nid, \ ++ pr##_qiutx, sizeof(pr##_qiutx), \ ++ pr##_qiuty, sizeof(pr##_qiuty), \ ++ pr##_qiutd, sizeof(pr##_qiutd), \ ++ pr##_qcavsx, sizeof(pr##_qcavsx), \ ++ pr##_qcavsy, sizeof(pr##_qcavsy), \ ++ pr##_ziut, sizeof(pr##_ziut) } ++ ++static ECDH_SELFTEST_DATA test_ecdh_data[] = { ++ make_ecdh_test(NID_X9_62_prime256v1, p256), ++}; ++ ++int FIPS_selftest_ecdh(void) ++{ ++ EC_KEY *ec1 = NULL, *ec2 = NULL; ++ const EC_POINT *ecp = NULL; ++ BIGNUM *x = NULL, *y = NULL, *d = NULL; ++ unsigned char *ztmp = NULL; ++ int rv = 1; ++ size_t i; ++ ++ for (i = 0; i < sizeof(test_ecdh_data) / sizeof(ECDH_SELFTEST_DATA); i++) { ++ ECDH_SELFTEST_DATA *ecd = test_ecdh_data + i; ++ if (!fips_post_started(FIPS_TEST_ECDH, ecd->curve, 0)) ++ continue; ++ ztmp = OPENSSL_malloc(ecd->zlen); ++ ++ x = BN_bin2bn(ecd->x1, ecd->x1len, x); ++ y = BN_bin2bn(ecd->y1, ecd->y1len, y); ++ d = BN_bin2bn(ecd->d1, ecd->d1len, d); ++ ++ if (!x || !y || !d || !ztmp) { ++ rv = -1; ++ goto err; ++ } ++ ++ ec1 = EC_KEY_new_by_curve_name(ecd->curve); ++ if (!ec1) { ++ rv = -1; ++ goto err; ++ } ++ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH); ++ ++ if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y)) { ++ rv = -1; ++ goto err; ++ } ++ ++ if (!EC_KEY_set_private_key(ec1, d)) { ++ rv = -1; ++ goto err; ++ } ++ ++ x = BN_bin2bn(ecd->x2, ecd->x2len, x); ++ y = BN_bin2bn(ecd->y2, ecd->y2len, y); ++ ++ if (!x || !y) { ++ rv = -1; ++ goto err; ++ } ++ ++ ec2 = EC_KEY_new_by_curve_name(ecd->curve); ++ if (!ec2) { ++ rv = -1; ++ goto err; ++ } ++ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH); ++ ++ if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y)) { ++ rv = -1; ++ goto err; ++ } ++ ++ ecp = EC_KEY_get0_public_key(ec2); ++ if (!ecp) { ++ rv = -1; ++ goto err; ++ } ++ ++ if (!ECDH_compute_key(ztmp, ecd->zlen, ecp, ec1, 0)) { ++ rv = -1; ++ goto err; ++ } ++ ++ if (!fips_post_corrupt(FIPS_TEST_ECDH, ecd->curve, NULL)) ++ ztmp[0] ^= 0x1; ++ ++ if (memcmp(ztmp, ecd->z, ecd->zlen)) { ++ fips_post_failed(FIPS_TEST_ECDH, ecd->curve, 0); ++ rv = 0; ++ } else if (!fips_post_success(FIPS_TEST_ECDH, ecd->curve, 0)) ++ goto err; ++ ++ EC_KEY_free(ec1); ++ ec1 = NULL; ++ EC_KEY_free(ec2); ++ ec2 = NULL; ++ OPENSSL_free(ztmp); ++ ztmp = NULL; ++ } ++ ++ err: ++ ++ if (x) ++ BN_clear_free(x); ++ if (y) ++ BN_clear_free(y); ++ if (d) ++ BN_clear_free(d); ++ if (ec1) ++ EC_KEY_free(ec1); ++ if (ec2) ++ EC_KEY_free(ec2); ++ if (ztmp) ++ OPENSSL_free(ztmp); ++ ++ return rv; ++ ++} ++ ++#endif +diff -up openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c +--- openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c.fips 2019-02-28 11:30:06.814745521 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c 2019-02-28 11:30:06.814745521 +0100 +@@ -0,0 +1,166 @@ ++/* fips/ecdsa/fips_ecdsa_selftest.c */ ++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project 2011. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ */ ++ ++#define OPENSSL_FIPSAPI ++ ++#include ++#include ++#include ++#include ++#include ++#include "internal/fips_int.h" ++#include ++#include ++#include ++ ++#ifdef OPENSSL_FIPS ++ ++static const char P_256_name[] = "ECDSA P-256"; ++ ++static const unsigned char P_256_d[] = { ++ 0x51, 0xbd, 0x06, 0xa1, 0x1c, 0xda, 0xe2, 0x12, 0x99, 0xc9, 0x52, 0x3f, ++ 0xea, 0xa4, 0xd2, 0xd1, 0xf4, 0x7f, 0xd4, 0x3e, 0xbd, 0xf8, 0xfc, 0x87, ++ 0xdc, 0x82, 0x53, 0x21, 0xee, 0xa0, 0xdc, 0x64 ++}; ++ ++static const unsigned char P_256_qx[] = { ++ 0x23, 0x89, 0xe0, 0xf4, 0x69, 0xe0, 0x49, 0xe5, 0xc7, 0xe5, 0x40, 0x6e, ++ 0x8f, 0x25, 0xdd, 0xad, 0x11, 0x16, 0x14, 0x9b, 0xab, 0x44, 0x06, 0x31, ++ 0xbf, 0x5e, 0xa6, 0x44, 0xac, 0x86, 0x00, 0x07 ++}; ++ ++static const unsigned char P_256_qy[] = { ++ 0xb3, 0x05, 0x0d, 0xd0, 0xdc, 0xf7, 0x40, 0xe6, 0xf9, 0xd8, 0x6d, 0x7b, ++ 0x63, 0xca, 0x97, 0xe6, 0x12, 0xf9, 0xd4, 0x18, 0x59, 0xbe, 0xb2, 0x5e, ++ 0x4a, 0x6a, 0x77, 0x23, 0xf4, 0x11, 0x9d, 0xeb ++}; ++ ++typedef struct { ++ int curve; ++ const char *name; ++ const unsigned char *x; ++ size_t xlen; ++ const unsigned char *y; ++ size_t ylen; ++ const unsigned char *d; ++ size_t dlen; ++} EC_SELFTEST_DATA; ++ ++# define make_ecdsa_test(nid, pr) { nid, pr##_name, \ ++ pr##_qx, sizeof(pr##_qx), \ ++ pr##_qy, sizeof(pr##_qy), \ ++ pr##_d, sizeof(pr##_d)} ++ ++static EC_SELFTEST_DATA test_ec_data[] = { ++ make_ecdsa_test(NID_X9_62_prime256v1, P_256), ++}; ++ ++int FIPS_selftest_ecdsa() ++{ ++ EC_KEY *ec = NULL; ++ BIGNUM *x = NULL, *y = NULL, *d = NULL; ++ EVP_PKEY *pk = NULL; ++ int rv = 0; ++ size_t i; ++ ++ for (i = 0; i < sizeof(test_ec_data) / sizeof(EC_SELFTEST_DATA); i++) { ++ EC_SELFTEST_DATA *ecd = test_ec_data + i; ++ ++ x = BN_bin2bn(ecd->x, ecd->xlen, x); ++ y = BN_bin2bn(ecd->y, ecd->ylen, y); ++ d = BN_bin2bn(ecd->d, ecd->dlen, d); ++ ++ if (!x || !y || !d) ++ goto err; ++ ++ ec = EC_KEY_new_by_curve_name(ecd->curve); ++ if (!ec) ++ goto err; ++ ++ if (!EC_KEY_set_public_key_affine_coordinates(ec, x, y)) ++ goto err; ++ ++ if (!EC_KEY_set_private_key(ec, d)) ++ goto err; ++ ++ if ((pk = EVP_PKEY_new()) == NULL) ++ goto err; ++ ++ EVP_PKEY_assign_EC_KEY(pk, ec); ++ ++ if (!fips_pkey_signature_test(pk, NULL, 0, ++ NULL, 0, EVP_sha256(), 0, ecd->name)) ++ goto err; ++ } ++ ++ rv = 1; ++ ++ err: ++ ++ if (x) ++ BN_clear_free(x); ++ if (y) ++ BN_clear_free(y); ++ if (d) ++ BN_clear_free(d); ++ if (pk) ++ EVP_PKEY_free(pk); ++ else if (ec) ++ EC_KEY_free(ec); ++ ++ return rv; ++ ++} ++ ++#endif +diff -up openssl-1.1.1b/crypto/fips/fips_err.h.fips openssl-1.1.1b/crypto/fips/fips_err.h +--- openssl-1.1.1b/crypto/fips/fips_err.h.fips 2019-05-06 16:08:46.792598211 +0200 ++++ openssl-1.1.1b/crypto/fips/fips_err.h 2019-05-06 16:19:56.403993551 +0200 +@@ -0,0 +1,197 @@ ++/* crypto/fips_err.h */ ++/* ==================================================================== ++ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. ++ */ ++ ++#include ++#include ++#include ++ ++/* BEGIN ERROR CODES */ ++#ifndef OPENSSL_NO_ERR ++ ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_FIPS,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_FIPS,0,reason) ++ ++static ERR_STRING_DATA FIPS_str_functs[] = { ++ {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "dh_builtin_genparams"}, ++ {ERR_FUNC(FIPS_F_DRBG_RESEED), "drbg_reseed"}, ++ {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2), "dsa_builtin_paramgen2"}, ++ {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"}, ++ {ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"}, ++ {ERR_FUNC(FIPS_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"}, ++ {ERR_FUNC(FIPS_F_EVP_CIPHER_CTX_NEW), "EVP_CIPHER_CTX_new"}, ++ {ERR_FUNC(FIPS_F_EVP_CIPHER_CTX_RESET), "EVP_CIPHER_CTX_reset"}, ++ {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "fips_check_dsa"}, ++ {ERR_FUNC(FIPS_F_FIPS_CHECK_EC), "fips_check_ec"}, ++ {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "fips_check_rsa"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_BYTES), "fips_drbg_bytes"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_CHECK), "fips_drbg_check"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_CPRNG_TEST), "fips_drbg_cprng_test"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_ERROR_CHECK), "fips_drbg_error_check"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE), "FIPS_drbg_generate"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_INIT), "FIPS_drbg_init"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE), "FIPS_drbg_instantiate"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW), "FIPS_drbg_new"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_RESEED), "FIPS_drbg_reseed"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_SINGLE_KAT), "FIPS_DRBG_SINGLE_KAT"}, ++ {ERR_FUNC(FIPS_F_FIPS_GET_ENTROPY), "fips_get_entropy"}, ++ {ERR_FUNC(FIPS_F_FIPS_MODULE_MODE_SET), "FIPS_module_mode_set"}, ++ {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST), "fips_pkey_signature_test"}, ++ {ERR_FUNC(FIPS_F_FIPS_RAND_BYTES), "FIPS_rand_bytes"}, ++ {ERR_FUNC(FIPS_F_FIPS_RAND_SEED), "FIPS_rand_seed"}, ++ {ERR_FUNC(FIPS_F_FIPS_RAND_SET_METHOD), "FIPS_rand_set_method"}, ++ {ERR_FUNC(FIPS_F_FIPS_RAND_STATUS), "FIPS_rand_status"}, ++ {ERR_FUNC(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN), "fips_rsa_builtin_keygen"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST), "FIPS_selftest"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES), "FIPS_selftest_aes"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_CCM), "FIPS_selftest_aes_ccm"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_GCM), "FIPS_selftest_aes_gcm"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_XTS), "FIPS_selftest_aes_xts"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_CMAC), "FIPS_selftest_cmac"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES), "FIPS_selftest_des"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_ECDSA), "FIPS_selftest_ecdsa"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA2), "FIPS_selftest_sha2"}, ++ {ERR_FUNC(FIPS_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"}, ++ {ERR_FUNC(FIPS_F_OSSL_ECDSA_VERIFY_SIG), "ossl_ecdsa_verify_sig"}, ++ {ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN), "rsa_builtin_keygen"}, ++ {ERR_FUNC(FIPS_F_RSA_OSSL_INIT), "rsa_ossl_init"}, ++ {ERR_FUNC(FIPS_F_RSA_OSSL_PRIVATE_DECRYPT), "rsa_ossl_private_decrypt"}, ++ {ERR_FUNC(FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT), "rsa_ossl_private_encrypt"}, ++ {ERR_FUNC(FIPS_F_RSA_OSSL_PUBLIC_DECRYPT), "rsa_ossl_public_decrypt"}, ++ {ERR_FUNC(FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT), "rsa_ossl_public_encrypt"}, ++ {0, NULL} ++}; ++ ++static ERR_STRING_DATA FIPS_str_reasons[] = { ++ {ERR_REASON(FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED), ++ "additional input error undetected"}, ++ {ERR_REASON(FIPS_R_ADDITIONAL_INPUT_TOO_LONG), ++ "additional input too long"}, ++ {ERR_REASON(FIPS_R_ALREADY_INSTANTIATED), "already instantiated"}, ++ {ERR_REASON(FIPS_R_DRBG_NOT_INITIALISED), "drbg not initialised"}, ++ {ERR_REASON(FIPS_R_DRBG_STUCK), "drbg stuck"}, ++ {ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED), "entropy error undetected"}, ++ {ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED), ++ "entropy not requested for reseed"}, ++ {ERR_REASON(FIPS_R_ENTROPY_SOURCE_STUCK), "entropy source stuck"}, ++ {ERR_REASON(FIPS_R_ERROR_INITIALISING_DRBG), "error initialising drbg"}, ++ {ERR_REASON(FIPS_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"}, ++ {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT), ++ "error retrieving additional input"}, ++ {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ENTROPY), "error retrieving entropy"}, ++ {ERR_REASON(FIPS_R_ERROR_RETRIEVING_NONCE), "error retrieving nonce"}, ++ {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH), ++ "fingerprint does not match"}, ++ {ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET), "fips mode already set"}, ++ {ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED), "fips selftest failed"}, ++ {ERR_REASON(FIPS_R_FUNCTION_ERROR), "function error"}, ++ {ERR_REASON(FIPS_R_GENERATE_ERROR), "generate error"}, ++ {ERR_REASON(FIPS_R_GENERATE_ERROR_UNDETECTED), ++ "generate error undetected"}, ++ {ERR_REASON(FIPS_R_INSTANTIATE_ERROR), "instantiate error"}, ++ {ERR_REASON(FIPS_R_INTERNAL_ERROR), "internal error"}, ++ {ERR_REASON(FIPS_R_INVALID_KEY_LENGTH), "invalid key length"}, ++ {ERR_REASON(FIPS_R_IN_ERROR_STATE), "in error state"}, ++ {ERR_REASON(FIPS_R_KEY_TOO_SHORT), "key too short"}, ++ {ERR_REASON(FIPS_R_NONCE_ERROR_UNDETECTED), "nonce error undetected"}, ++ {ERR_REASON(FIPS_R_NON_FIPS_METHOD), "non fips method"}, ++ {ERR_REASON(FIPS_R_NOPR_TEST1_FAILURE), "nopr test1 failure"}, ++ {ERR_REASON(FIPS_R_NOPR_TEST2_FAILURE), "nopr test2 failure"}, ++ {ERR_REASON(FIPS_R_NOT_INSTANTIATED), "not instantiated"}, ++ {ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED), "pairwise test failed"}, ++ {ERR_REASON(FIPS_R_PERSONALISATION_ERROR_UNDETECTED), ++ "personalisation error undetected"}, ++ {ERR_REASON(FIPS_R_PERSONALISATION_STRING_TOO_LONG), ++ "personalisation string too long"}, ++ {ERR_REASON(FIPS_R_PR_TEST1_FAILURE), "pr test1 failure"}, ++ {ERR_REASON(FIPS_R_PR_TEST2_FAILURE), "pr test2 failure"}, ++ {ERR_REASON(FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED), ++ "request length error undetected"}, ++ {ERR_REASON(FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG), ++ "request too large for drbg"}, ++ {ERR_REASON(FIPS_R_RESEED_COUNTER_ERROR), "reseed counter error"}, ++ {ERR_REASON(FIPS_R_RESEED_ERROR), "reseed error"}, ++ {ERR_REASON(FIPS_R_SELFTEST_FAILED), "selftest failed"}, ++ {ERR_REASON(FIPS_R_SELFTEST_FAILURE), "selftest failure"}, ++ {ERR_REASON(FIPS_R_TEST_FAILURE), "test failure"}, ++ {ERR_REASON(FIPS_R_UNINSTANTIATE_ERROR), "uninstantiate error"}, ++ {ERR_REASON(FIPS_R_UNINSTANTIATE_ZEROISE_ERROR), ++ "uninstantiate zeroise error"}, ++ {ERR_REASON(FIPS_R_UNSUPPORTED_DRBG_TYPE), "unsupported drbg type"}, ++ {ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM), "unsupported platform"}, ++ {0, NULL} ++}; ++ ++#endif ++ ++int ERR_load_FIPS_strings(void) ++{ ++#ifndef OPENSSL_NO_ERR ++ ++ if (ERR_func_error_string(FIPS_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, FIPS_str_functs); ++ ERR_load_strings(0, FIPS_str_reasons); ++ } ++#endif ++ return 1; ++} +diff -up openssl-1.1.1b/crypto/fips/fips_ers.c.fips openssl-1.1.1b/crypto/fips/fips_ers.c +--- openssl-1.1.1b/crypto/fips/fips_ers.c.fips 2019-02-28 11:30:06.815745503 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_ers.c 2019-02-28 11:30:06.815745503 +0100 +@@ -0,0 +1,7 @@ ++#include ++ ++#ifdef OPENSSL_FIPS ++# include "fips_err.h" ++#else ++static void *dummy = &dummy; ++#endif +diff -up openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c +--- openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c.fips 2019-02-28 11:30:06.815745503 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c 2019-02-28 11:30:06.815745503 +0100 +@@ -0,0 +1,134 @@ ++/* ==================================================================== ++ * Copyright (c) 2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++#ifdef OPENSSL_FIPS ++# include ++#endif ++#include ++ ++#ifdef OPENSSL_FIPS ++typedef struct { ++ const EVP_MD *(*alg) (void); ++ const char *key, *iv; ++ unsigned char kaval[EVP_MAX_MD_SIZE]; ++} HMAC_KAT; ++ ++static const HMAC_KAT vector[] = { ++ {EVP_sha1, ++ /* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */ ++ "0123456789:;<=>?@ABC", ++ "Sample #2", ++ {0x09, 0x22, 0xd3, 0x40, 0x5f, 0xaa, 0x3d, 0x19, ++ 0x4f, 0x82, 0xa4, 0x58, 0x30, 0x73, 0x7d, 0x5c, ++ 0xc6, 0xc7, 0x5d, 0x24} ++ }, ++ {EVP_sha224, ++ /* just keep extending the above... */ ++ "0123456789:;<=>?@ABC", ++ "Sample #2", ++ {0xdd, 0xef, 0x0a, 0x40, 0xcb, 0x7d, 0x50, 0xfb, ++ 0x6e, 0xe6, 0xce, 0xa1, 0x20, 0xba, 0x26, 0xaa, ++ 0x08, 0xf3, 0x07, 0x75, 0x87, 0xb8, 0xad, 0x1b, ++ 0x8c, 0x8d, 0x12, 0xc7} ++ }, ++ {EVP_sha256, ++ "0123456789:;<=>?@ABC", ++ "Sample #2", ++ {0xb8, 0xf2, 0x0d, 0xb5, 0x41, 0xea, 0x43, 0x09, ++ 0xca, 0x4e, 0xa9, 0x38, 0x0c, 0xd0, 0xe8, 0x34, ++ 0xf7, 0x1f, 0xbe, 0x91, 0x74, 0xa2, 0x61, 0x38, ++ 0x0d, 0xc1, 0x7e, 0xae, 0x6a, 0x34, 0x51, 0xd9} ++ }, ++ {EVP_sha384, ++ "0123456789:;<=>?@ABC", ++ "Sample #2", ++ {0x08, 0xbc, 0xb0, 0xda, 0x49, 0x1e, 0x87, 0xad, ++ 0x9a, 0x1d, 0x6a, 0xce, 0x23, 0xc5, 0x0b, 0xf6, ++ 0xb7, 0x18, 0x06, 0xa5, 0x77, 0xcd, 0x49, 0x04, ++ 0x89, 0xf1, 0xe6, 0x23, 0x44, 0x51, 0x51, 0x9f, ++ 0x85, 0x56, 0x80, 0x79, 0x0c, 0xbd, 0x4d, 0x50, ++ 0xa4, 0x5f, 0x29, 0xe3, 0x93, 0xf0, 0xe8, 0x7f} ++ }, ++ {EVP_sha512, ++ "0123456789:;<=>?@ABC", ++ "Sample #2", ++ {0x80, 0x9d, 0x44, 0x05, 0x7c, 0x5b, 0x95, 0x41, ++ 0x05, 0xbd, 0x04, 0x13, 0x16, 0xdb, 0x0f, 0xac, ++ 0x44, 0xd5, 0xa4, 0xd5, 0xd0, 0x89, 0x2b, 0xd0, ++ 0x4e, 0x86, 0x64, 0x12, 0xc0, 0x90, 0x77, 0x68, ++ 0xf1, 0x87, 0xb7, 0x7c, 0x4f, 0xae, 0x2c, 0x2f, ++ 0x21, 0xa5, 0xb5, 0x65, 0x9a, 0x4f, 0x4b, 0xa7, ++ 0x47, 0x02, 0xa3, 0xde, 0x9b, 0x51, 0xf1, 0x45, ++ 0xbd, 0x4f, 0x25, 0x27, 0x42, 0x98, 0x99, 0x05} ++ }, ++}; ++ ++int FIPS_selftest_hmac() ++{ ++ int n; ++ unsigned int outlen; ++ unsigned char out[EVP_MAX_MD_SIZE]; ++ const EVP_MD *md; ++ const HMAC_KAT *t; ++ ++ for (n = 0, t = vector; n < sizeof(vector) / sizeof(vector[0]); n++, t++) { ++ md = (*t->alg) (); ++ HMAC(md, t->key, strlen(t->key), ++ (const unsigned char *)t->iv, strlen(t->iv), out, &outlen); ++ ++ if (memcmp(out, t->kaval, outlen)) { ++ FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC, FIPS_R_SELFTEST_FAILED); ++ return 0; ++ } ++ } ++ return 1; ++} ++#endif +diff -up openssl-1.1.1b/crypto/fips/fips_locl.h.fips openssl-1.1.1b/crypto/fips/fips_locl.h +--- openssl-1.1.1b/crypto/fips/fips_locl.h.fips 2019-02-28 11:30:06.815745503 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_locl.h 2019-02-28 11:30:06.815745503 +0100 +@@ -0,0 +1,71 @@ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#ifdef OPENSSL_FIPS ++ ++# ifdef __cplusplus ++extern "C" { ++# endif ++ ++# define FIPS_MAX_CIPHER_TEST_SIZE 32 ++# define fips_load_key_component(comp, pre) \ ++ comp = BN_bin2bn(pre##_##comp, sizeof(pre##_##comp), NULL); \ ++ if (!comp) \ ++ goto err ++ ++# define fips_post_started(id, subid, ex) 1 ++# define fips_post_success(id, subid, ex) 1 ++# define fips_post_failed(id, subid, ex) 1 ++# define fips_post_corrupt(id, subid, ex) 1 ++# define fips_post_status() 1 ++ ++# ifdef __cplusplus ++} ++# endif ++#endif +diff -up openssl-1.1.1b/crypto/fips/fips_post.c.fips openssl-1.1.1b/crypto/fips/fips_post.c +--- openssl-1.1.1b/crypto/fips/fips_post.c.fips 2019-05-06 16:08:46.794598177 +0200 ++++ openssl-1.1.1b/crypto/fips/fips_post.c 2019-05-06 16:08:46.794598177 +0200 +@@ -0,0 +1,224 @@ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#define OPENSSL_FIPSAPI ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#ifdef OPENSSL_FIPS ++ ++/* Power on self test (POST) support functions */ ++ ++# include ++# include "internal/fips_int.h" ++# include "fips_locl.h" ++ ++/* Run all selftests */ ++int FIPS_selftest(void) ++{ ++ int rv = 1; ++ if (!FIPS_selftest_drbg()) ++ rv = 0; ++ if (!FIPS_selftest_sha1()) ++ rv = 0; ++ if (!FIPS_selftest_sha2()) ++ rv = 0; ++ if (!FIPS_selftest_sha3()) ++ rv = 0; ++ if (!FIPS_selftest_hmac()) ++ rv = 0; ++ if (!FIPS_selftest_cmac()) ++ rv = 0; ++ if (!FIPS_selftest_aes()) ++ rv = 0; ++ if (!FIPS_selftest_aes_ccm()) ++ rv = 0; ++ if (!FIPS_selftest_aes_gcm()) ++ rv = 0; ++ if (!FIPS_selftest_aes_xts()) ++ rv = 0; ++ if (!FIPS_selftest_des()) ++ rv = 0; ++ if (!FIPS_selftest_rsa()) ++ rv = 0; ++ if (!FIPS_selftest_ecdsa()) ++ rv = 0; ++ if (!FIPS_selftest_dsa()) ++ rv = 0; ++ if (!FIPS_selftest_dh()) ++ rv = 0; ++ if (!FIPS_selftest_ecdh()) ++ rv = 0; ++ return rv; ++} ++ ++/* Generalized public key test routine. Signs and verifies the data ++ * supplied in tbs using mesage digest md and setting option digest ++ * flags md_flags. If the 'kat' parameter is not NULL it will ++ * additionally check the signature matches it: a known answer test ++ * The string "fail_str" is used for identification purposes in case ++ * of failure. If "pkey" is NULL just perform a message digest check. ++ */ ++ ++int fips_pkey_signature_test(EVP_PKEY *pkey, ++ const unsigned char *tbs, int tbslen, ++ const unsigned char *kat, unsigned int katlen, ++ const EVP_MD *digest, unsigned int flags, ++ const char *fail_str) ++{ ++ int ret = 0; ++ unsigned char sigtmp[256], *sig = sigtmp; ++ size_t siglen = sizeof(sigtmp); ++ EVP_MD_CTX *mctx; ++ EVP_PKEY_CTX *pctx; ++ ++ if (digest == NULL) ++ digest = EVP_sha256(); ++ ++ mctx = EVP_MD_CTX_new(); ++ ++ if ((EVP_PKEY_id(pkey) == EVP_PKEY_RSA) ++ && (RSA_size(EVP_PKEY_get0_RSA(pkey)) > sizeof(sigtmp))) { ++ sig = OPENSSL_malloc(RSA_size(EVP_PKEY_get0_RSA(pkey))); ++ siglen = RSA_size(EVP_PKEY_get0_RSA(pkey)); ++ } ++ if (!sig || ! mctx) { ++ EVP_MD_CTX_free(mctx); ++ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ if (tbslen == -1) ++ tbslen = strlen((char *)tbs); ++ ++ if (EVP_DigestSignInit(mctx, &pctx, digest, NULL, pkey) <= 0) ++ goto error; ++ ++ if (flags == EVP_MD_CTX_FLAG_PAD_PSS) { ++ EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING); ++ EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, 0); ++ } ++ ++ if (EVP_DigestSignUpdate(mctx, tbs, tbslen) <= 0) ++ goto error; ++ ++ if (EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) ++ goto error; ++ ++ if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen))) ++ goto error; ++ ++ if (EVP_DigestVerifyInit(mctx, &pctx, digest, NULL, pkey) <= 0) ++ goto error; ++ ++ if (flags == EVP_MD_CTX_FLAG_PAD_PSS) { ++ EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING); ++ EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, 0); ++ } ++ ++ if (EVP_DigestVerifyUpdate(mctx, tbs, tbslen) <= 0) ++ goto error; ++ ++ ret = EVP_DigestVerifyFinal(mctx, sig, siglen); ++ ++ error: ++ if (sig != sigtmp) ++ OPENSSL_free(sig); ++ EVP_MD_CTX_free(mctx); ++ if (ret <= 0) { ++ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST, FIPS_R_TEST_FAILURE); ++ if (fail_str) ++ ERR_add_error_data(2, "Type=", fail_str); ++ return 0; ++ } ++ return 1; ++} ++ ++/* Generalized symmetric cipher test routine. Encrypt data, verify result ++ * against known answer, decrypt and compare with original plaintext. ++ */ ++ ++int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ++ const unsigned char *key, ++ const unsigned char *iv, ++ const unsigned char *plaintext, ++ const unsigned char *ciphertext, int len) ++{ ++ unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE]; ++ unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE]; ++ ++ OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE); ++ memset(pltmp, 0, FIPS_MAX_CIPHER_TEST_SIZE); ++ memset(citmp, 0, FIPS_MAX_CIPHER_TEST_SIZE); ++ ++ if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1) <= 0) ++ return 0; ++ if (EVP_Cipher(ctx, citmp, plaintext, len) <= 0) ++ return 0; ++ if (memcmp(citmp, ciphertext, len)) ++ return 0; ++ if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0) <= 0) ++ return 0; ++ if (EVP_Cipher(ctx, pltmp, citmp, len) <= 0) ++ return 0; ++ if (memcmp(pltmp, plaintext, len)) ++ return 0; ++ return 1; ++} ++#endif +diff -up openssl-1.1.1b/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1b/crypto/fips/fips_rand_lcl.h +--- openssl-1.1.1b/crypto/fips/fips_rand_lcl.h.fips 2019-02-28 11:30:06.816745484 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_rand_lcl.h 2019-02-28 11:30:06.816745484 +0100 +@@ -0,0 +1,203 @@ ++/* fips/rand/fips_rand_lcl.h */ ++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++typedef struct drbg_hash_ctx_st DRBG_HASH_CTX; ++typedef struct drbg_hmac_ctx_st DRBG_HMAC_CTX; ++typedef struct drbg_ctr_ctx_st DRBG_CTR_CTX; ++ ++/* 888 bits from 10.1 table 2 */ ++#define HASH_PRNG_MAX_SEEDLEN 111 ++ ++struct drbg_hash_ctx_st { ++ const EVP_MD *md; ++ EVP_MD_CTX *mctx; ++ unsigned char V[HASH_PRNG_MAX_SEEDLEN]; ++ unsigned char C[HASH_PRNG_MAX_SEEDLEN]; ++ /* Temporary value storage: should always exceed max digest length */ ++ unsigned char vtmp[HASH_PRNG_MAX_SEEDLEN]; ++}; ++ ++struct drbg_hmac_ctx_st { ++ const EVP_MD *md; ++ HMAC_CTX *hctx; ++ unsigned char K[EVP_MAX_MD_SIZE]; ++ unsigned char V[EVP_MAX_MD_SIZE]; ++}; ++ ++struct drbg_ctr_ctx_st { ++ AES_KEY ks; ++ size_t keylen; ++ unsigned char K[32]; ++ unsigned char V[16]; ++ /* Temp variables used by derivation function */ ++ AES_KEY df_ks; ++ AES_KEY df_kxks; ++ /* Temporary block storage used by ctr_df */ ++ unsigned char bltmp[16]; ++ size_t bltmp_pos; ++ unsigned char KX[48]; ++}; ++ ++/* DRBG internal flags */ ++ ++/* Functions shouldn't call err library */ ++#define DRBG_FLAG_NOERR 0x1 ++/* Custom reseed checking */ ++#define DRBG_CUSTOM_RESEED 0x2 ++ ++/* DRBG status values */ ++/* not initialised */ ++#define DRBG_STATUS_UNINITIALISED 0 ++/* ok and ready to generate random bits */ ++#define DRBG_STATUS_READY 1 ++/* reseed required */ ++#define DRBG_STATUS_RESEED 2 ++/* fatal error condition */ ++#define DRBG_STATUS_ERROR 3 ++ ++/* A default maximum length: larger than any reasonable value used in pratice */ ++ ++#define DRBG_MAX_LENGTH 0x7ffffff0 ++/* Maximum DRBG block length: all md sizes are bigger than cipher blocks sizes ++ * so use max digest length. ++ */ ++#define DRBG_MAX_BLOCK EVP_MAX_MD_SIZE ++ ++#define DRBG_HEALTH_INTERVAL (1 << 24) ++ ++/* DRBG context structure */ ++ ++struct drbg_ctx_st { ++ /* First types common to all implementations */ ++ /* DRBG type: a NID for the underlying algorithm */ ++ int type; ++ /* Various external flags */ ++ unsigned int xflags; ++ /* Various internal use only flags */ ++ unsigned int iflags; ++ /* Used for periodic health checks */ ++ int health_check_cnt, health_check_interval; ++ ++ /* The following parameters are setup by mechanism drbg_init() call */ ++ int strength; ++ size_t blocklength; ++ size_t max_request; ++ ++ size_t min_entropy, max_entropy; ++ size_t min_nonce, max_nonce; ++ size_t max_pers, max_adin; ++ unsigned int reseed_counter; ++ unsigned int reseed_interval; ++ size_t seedlen; ++ int status; ++ /* Application data: typically used by test get_entropy */ ++ void *app_data; ++ /* Implementation specific structures */ ++ union { ++ DRBG_HASH_CTX hash; ++ DRBG_HMAC_CTX hmac; ++ DRBG_CTR_CTX ctr; ++ } d; ++ /* Initialiase PRNG and setup callbacks below */ ++ int (*init) (DRBG_CTX *ctx, int nid, int security, unsigned int flags); ++ /* Intantiate PRNG */ ++ int (*instantiate) (DRBG_CTX *ctx, ++ const unsigned char *ent, size_t entlen, ++ const unsigned char *nonce, size_t noncelen, ++ const unsigned char *pers, size_t perslen); ++ /* reseed */ ++ int (*reseed) (DRBG_CTX *ctx, ++ const unsigned char *ent, size_t entlen, ++ const unsigned char *adin, size_t adinlen); ++ /* generat output */ ++ int (*generate) (DRBG_CTX *ctx, ++ unsigned char *out, size_t outlen, ++ const unsigned char *adin, size_t adinlen); ++ /* uninstantiate */ ++ int (*uninstantiate) (DRBG_CTX *ctx); ++ ++ /* Entropy source block length */ ++ size_t entropy_blocklen; ++ ++ /* entropy gathering function */ ++ size_t (*get_entropy) (DRBG_CTX *ctx, unsigned char **pout, ++ int entropy, size_t min_len, size_t max_len); ++ /* Indicates we have finished with entropy buffer */ ++ void (*cleanup_entropy) (DRBG_CTX *ctx, unsigned char *out, size_t olen); ++ ++ /* nonce gathering function */ ++ size_t (*get_nonce) (DRBG_CTX *ctx, unsigned char **pout, ++ int entropy, size_t min_len, size_t max_len); ++ /* Indicates we have finished with nonce buffer */ ++ void (*cleanup_nonce) (DRBG_CTX *ctx, unsigned char *out, size_t olen); ++ ++ /* Callbacks used when called through RAND interface */ ++ /* Get any additional input for generate */ ++ size_t (*get_adin) (DRBG_CTX *ctx, unsigned char **pout); ++ void (*cleanup_adin) (DRBG_CTX *ctx, unsigned char *out, size_t olen); ++ /* Callback for RAND_seed(), RAND_add() */ ++ int (*rand_seed_cb) (DRBG_CTX *ctx, const void *buf, int num); ++ int (*rand_add_cb) (DRBG_CTX *ctx, ++ const void *buf, int num, double entropy); ++}; ++ ++int fips_drbg_ctr_init(DRBG_CTX *dctx); ++int fips_drbg_hash_init(DRBG_CTX *dctx); ++int fips_drbg_hmac_init(DRBG_CTX *dctx); ++int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags); ++int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out); ++ ++#define FIPS_digestinit EVP_DigestInit ++#define FIPS_digestupdate EVP_DigestUpdate ++#define FIPS_digestfinal EVP_DigestFinal ++#define M_EVP_MD_size EVP_MD_size +diff -up openssl-1.1.1b/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1b/crypto/fips/fips_rand_lib.c +--- openssl-1.1.1b/crypto/fips/fips_rand_lib.c.fips 2019-02-28 11:30:06.816745484 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_rand_lib.c 2019-02-28 11:30:06.816745484 +0100 +@@ -0,0 +1,234 @@ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++/* If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't ++ be defined and gettimeofday() won't be declared with strict compilers ++ like DEC C in ANSI C mode. */ ++#ifndef _XOPEN_SOURCE_EXTENDED ++# define _XOPEN_SOURCE_EXTENDED 1 ++#endif ++ ++#include ++#include ++#include ++#include ++#include "internal/fips_int.h" ++#include ++#include "e_os.h" ++ ++#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS)) ++# include ++#endif ++#if defined(OPENSSL_SYS_VXWORKS) ++# include ++#endif ++#ifndef OPENSSL_SYS_WIN32 ++# ifdef OPENSSL_UNISTD ++# include OPENSSL_UNISTD ++# else ++# include ++# endif ++#endif ++ ++/* FIPS API for PRNG use. Similar to RAND functionality but without ++ * ENGINE and additional checking for non-FIPS rand methods. ++ */ ++ ++static const RAND_METHOD *fips_rand_meth = NULL; ++static int fips_approved_rand_meth = 0; ++static int fips_rand_bits = 0; ++ ++/* Allows application to override number of bits and uses non-FIPS methods */ ++void FIPS_rand_set_bits(int nbits) ++{ ++ fips_rand_bits = nbits; ++} ++ ++int FIPS_rand_set_method(const RAND_METHOD *meth) ++{ ++ if (!fips_rand_bits) { ++ if (meth == FIPS_drbg_method()) ++ fips_approved_rand_meth = 1; ++ else { ++ fips_approved_rand_meth = 0; ++ if (FIPS_module_mode()) { ++ FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD, FIPS_R_NON_FIPS_METHOD); ++ return 0; ++ } ++ } ++ } ++ fips_rand_meth = meth; ++ return 1; ++} ++ ++const RAND_METHOD *FIPS_rand_get_method(void) ++{ ++ return fips_rand_meth; ++} ++ ++void FIPS_rand_reset(void) ++{ ++ if (fips_rand_meth && fips_rand_meth->cleanup) ++ fips_rand_meth->cleanup(); ++} ++ ++int FIPS_rand_seed(const void *buf, int num) ++{ ++ if (!fips_approved_rand_meth && FIPS_module_mode()) { ++ FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD); ++ return 0; ++ } ++ if (fips_rand_meth && fips_rand_meth->seed) ++ fips_rand_meth->seed(buf, num); ++ return 1; ++} ++ ++int FIPS_rand_bytes(unsigned char *buf, int num) ++{ ++ if (!fips_approved_rand_meth && FIPS_module_mode()) { ++ FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD); ++ return 0; ++ } ++ if (fips_rand_meth && fips_rand_meth->bytes) ++ return fips_rand_meth->bytes(buf, num); ++ return 0; ++} ++ ++int FIPS_rand_status(void) ++{ ++ if (!fips_approved_rand_meth && FIPS_module_mode()) { ++ FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD); ++ return 0; ++ } ++ if (fips_rand_meth && fips_rand_meth->status) ++ return fips_rand_meth->status(); ++ return 0; ++} ++ ++/* Return instantiated strength of PRNG. For DRBG this is an internal ++ * parameter. Any other type of PRNG is not approved and returns 0 in ++ * FIPS mode and maximum 256 outside FIPS mode. ++ */ ++ ++int FIPS_rand_strength(void) ++{ ++ if (fips_rand_bits) ++ return fips_rand_bits; ++ if (fips_approved_rand_meth == 1) ++ return FIPS_drbg_get_strength(FIPS_get_default_drbg()); ++ else if (fips_approved_rand_meth == 0) { ++ if (FIPS_module_mode()) ++ return 0; ++ else ++ return 256; ++ } ++ return 0; ++} ++ ++void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr) ++{ ++# ifdef OPENSSL_SYS_WIN32 ++ FILETIME ft; ++# elif defined(OPENSSL_SYS_VXWORKS) ++ struct timespec ts; ++# else ++ struct timeval tv; ++# endif ++ ++# ifndef GETPID_IS_MEANINGLESS ++ unsigned long pid; ++# endif ++ ++# ifdef OPENSSL_SYS_WIN32 ++ GetSystemTimeAsFileTime(&ft); ++ buf[0] = (unsigned char)(ft.dwHighDateTime & 0xff); ++ buf[1] = (unsigned char)((ft.dwHighDateTime >> 8) & 0xff); ++ buf[2] = (unsigned char)((ft.dwHighDateTime >> 16) & 0xff); ++ buf[3] = (unsigned char)((ft.dwHighDateTime >> 24) & 0xff); ++ buf[4] = (unsigned char)(ft.dwLowDateTime & 0xff); ++ buf[5] = (unsigned char)((ft.dwLowDateTime >> 8) & 0xff); ++ buf[6] = (unsigned char)((ft.dwLowDateTime >> 16) & 0xff); ++ buf[7] = (unsigned char)((ft.dwLowDateTime >> 24) & 0xff); ++# elif defined(OPENSSL_SYS_VXWORKS) ++ clock_gettime(CLOCK_REALTIME, &ts); ++ buf[0] = (unsigned char)(ts.tv_sec & 0xff); ++ buf[1] = (unsigned char)((ts.tv_sec >> 8) & 0xff); ++ buf[2] = (unsigned char)((ts.tv_sec >> 16) & 0xff); ++ buf[3] = (unsigned char)((ts.tv_sec >> 24) & 0xff); ++ buf[4] = (unsigned char)(ts.tv_nsec & 0xff); ++ buf[5] = (unsigned char)((ts.tv_nsec >> 8) & 0xff); ++ buf[6] = (unsigned char)((ts.tv_nsec >> 16) & 0xff); ++ buf[7] = (unsigned char)((ts.tv_nsec >> 24) & 0xff); ++# else ++ gettimeofday(&tv, NULL); ++ buf[0] = (unsigned char)(tv.tv_sec & 0xff); ++ buf[1] = (unsigned char)((tv.tv_sec >> 8) & 0xff); ++ buf[2] = (unsigned char)((tv.tv_sec >> 16) & 0xff); ++ buf[3] = (unsigned char)((tv.tv_sec >> 24) & 0xff); ++ buf[4] = (unsigned char)(tv.tv_usec & 0xff); ++ buf[5] = (unsigned char)((tv.tv_usec >> 8) & 0xff); ++ buf[6] = (unsigned char)((tv.tv_usec >> 16) & 0xff); ++ buf[7] = (unsigned char)((tv.tv_usec >> 24) & 0xff); ++# endif ++ buf[8] = (unsigned char)(*pctr & 0xff); ++ buf[9] = (unsigned char)((*pctr >> 8) & 0xff); ++ buf[10] = (unsigned char)((*pctr >> 16) & 0xff); ++ buf[11] = (unsigned char)((*pctr >> 24) & 0xff); ++ ++ (*pctr)++; ++ ++# ifndef GETPID_IS_MEANINGLESS ++ pid = (unsigned long)getpid(); ++ buf[12] = (unsigned char)(pid & 0xff); ++ buf[13] = (unsigned char)((pid >> 8) & 0xff); ++ buf[14] = (unsigned char)((pid >> 16) & 0xff); ++ buf[15] = (unsigned char)((pid >> 24) & 0xff); ++# endif ++} ++ +diff -up openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c +--- openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c.fips 2019-02-28 11:30:06.816745484 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c 2019-02-28 11:30:06.816745484 +0100 +@@ -0,0 +1,338 @@ ++/* ==================================================================== ++ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++#ifdef OPENSSL_FIPS ++# include ++# include "internal/fips_int.h" ++#endif ++#include ++#include ++#include ++#include ++#include "fips_locl.h" ++ ++#ifdef OPENSSL_FIPS ++ ++static int setrsakey(RSA *key) ++{ ++ static const unsigned char keydata_n[] = { ++ 0x00, 0xc9, 0xd5, 0x6d, 0x9d, 0x90, 0xdb, 0x43, 0xd6, 0x02, 0xed, 0x96, 0x88, 0x13, 0x8a, ++ 0xb2, 0xbf, 0x6e, 0xa1, 0x06, 0x10, 0xb2, 0x78, 0x37, 0xa7, 0x14, 0xa8, 0xff, 0xdd, 0x00, ++ 0xdd, 0xb4, 0x93, 0xa0, 0x45, 0xcc, 0x96, 0x90, 0xed, 0xad, 0xa9, 0xdd, 0xc4, 0xd6, 0xca, ++ 0x0c, 0xf0, 0xed, 0x4f, 0x72, 0x5e, 0x21, 0x49, 0x9a, 0x18, 0x12, 0x15, 0x8f, 0x90, 0x5a, ++ 0xdb, 0xb6, 0x33, 0x99, 0xa3, 0xe6, 0xb4, 0xf0, 0xc4, 0x97, 0x21, 0x26, 0xbb, 0xe3, 0xba, ++ 0xf2, 0xff, 0xa0, 0x72, 0xda, 0x89, 0x63, 0x8e, 0x8b, 0x3e, 0x08, 0x9d, 0x92, 0x2a, 0xbe, ++ 0x16, 0xe1, 0x43, 0x15, 0xfc, 0x57, 0xc7, 0x1f, 0x09, 0x11, 0x67, 0x1c, 0xa9, 0x96, 0xd1, ++ 0x8b, 0x3e, 0x80, 0x93, 0xc1, 0x59, 0xd0, 0x6d, 0x39, 0xf2, 0xac, 0x95, 0xcc, 0x10, 0x75, ++ 0xe9, 0x31, 0x24, 0xd1, 0x43, 0xaf, 0x68, 0x52, 0x4b, 0xe7, 0x16, 0xd7, 0x49, 0x65, 0x6f, ++ 0x26, 0xc0, 0x86, 0xad, 0xc0, 0x07, 0x0a, 0xc1, 0xe1, 0x2f, 0x87, 0x85, 0x86, 0x3b, 0xdc, ++ 0x5a, 0x99, 0xbe, 0xe9, 0xf9, 0xb9, 0xe9, 0x82, 0x27, 0x51, 0x04, 0x15, 0xab, 0x06, 0x0e, ++ 0x76, 0x5a, 0x28, 0x8d, 0x92, 0xbd, 0xc5, 0xb5, 0x7b, 0xa8, 0xdf, 0x4e, 0x47, 0xa2, 0xc1, ++ 0xe7, 0x52, 0xbf, 0x47, 0xf7, 0x62, 0xe0, 0x3a, 0x6f, 0x4d, 0x6a, 0x4d, 0x4e, 0xd4, 0xb9, ++ 0x59, 0x69, 0xfa, 0xb2, 0x14, 0xc1, 0xee, 0xe6, 0x2f, 0x95, 0xcd, 0x94, 0x72, 0xae, 0xe4, ++ 0xdb, 0x18, 0x9a, 0xc4, 0xcd, 0x70, 0xbd, 0xee, 0x31, 0x16, 0xb7, 0x49, 0x65, 0xac, 0x40, ++ 0x19, 0x0e, 0xb5, 0x6d, 0x83, 0xf1, 0x36, 0xbb, 0x08, 0x2f, 0x2e, 0x4e, 0x92, 0x62, 0xa4, ++ 0xff, 0x50, 0xdb, 0x20, 0x45, 0xa2, 0xeb, 0x16, 0x7a, 0xf2, 0xd5, 0x28, 0xc1, 0xfd, 0x4e, ++ 0x03, 0x71 ++ }; ++ ++ static const unsigned char keydata_e[] = { 0x01, 0x00, 0x01 }; ++ ++ static const unsigned char keydata_d[] = { ++ 0x36, 0x27, 0x3d, 0xb1, 0xf9, 0x1b, 0xdb, 0xa7, 0xa0, 0x41, 0x7f, 0x12, 0x23, 0xac, 0x23, ++ 0x29, 0x99, 0xd5, 0x3a, 0x7b, 0x60, 0x67, 0x41, 0x07, 0x63, 0x53, 0xb4, 0xd2, 0xe7, 0x58, ++ 0x95, 0x0a, 0xc7, 0x05, 0xf3, 0x4e, 0xb2, 0xb4, 0x12, 0xd4, 0x70, 0xdc, 0x4f, 0x85, 0x06, ++ 0xd3, 0xdd, 0xd8, 0x63, 0x27, 0x3e, 0x67, 0x31, 0x21, 0x24, 0x39, 0x04, 0xbc, 0x06, 0xa4, ++ 0xcc, 0xce, 0x2b, 0x7a, 0xfe, 0x7b, 0xad, 0xde, 0x11, 0x6e, 0xa3, 0xa5, 0xe6, 0x04, 0x53, ++ 0x0e, 0xa3, 0x4e, 0x2d, 0xb4, 0x8f, 0x31, 0xbf, 0xca, 0x75, 0x25, 0x52, 0x02, 0x85, 0xde, ++ 0x3d, 0xb2, 0x72, 0x43, 0xb2, 0x89, 0x8a, 0x9a, 0x34, 0x41, 0x26, 0x3f, 0x9a, 0x67, 0xbe, ++ 0xa4, 0x96, 0x7b, 0x0e, 0x75, 0xba, 0xa6, 0x93, 0xd5, 0xb8, 0xd8, 0xb8, 0x57, 0xf2, 0x4b, ++ 0x0f, 0x14, 0x81, 0xd1, 0x57, 0x4e, 0xf6, 0x45, 0x4c, 0xa6, 0x3b, 0xd0, 0x70, 0xca, 0xd3, ++ 0x9d, 0x55, 0xde, 0x22, 0x05, 0xe7, 0x8e, 0x28, 0x4d, 0xee, 0x11, 0xcf, 0xb6, 0x67, 0x76, ++ 0x09, 0xd3, 0xe3, 0x3c, 0x13, 0xf9, 0x99, 0x34, 0x10, 0x7b, 0xec, 0x81, 0x38, 0xf0, 0xb6, ++ 0x34, 0x9c, 0x9b, 0x50, 0x6f, 0x0b, 0x91, 0x81, 0x4d, 0x89, 0x94, 0x04, 0x7b, 0xf0, 0x3c, ++ 0xf4, 0xb1, 0xb2, 0x00, 0x48, 0x8d, 0x5a, 0x8f, 0x88, 0x9e, 0xc5, 0xab, 0x3a, 0x9e, 0x44, ++ 0x3f, 0x54, 0xe7, 0xd9, 0x6e, 0x47, 0xaa, 0xa1, 0xbd, 0x40, 0x46, 0x31, 0xf9, 0xf0, 0x34, ++ 0xb6, 0x04, 0xe1, 0x2b, 0x5b, 0x73, 0x86, 0xdd, 0x3a, 0x92, 0x1b, 0x71, 0xc7, 0x3f, 0x32, ++ 0xe5, 0xc3, 0xc2, 0xab, 0xa1, 0x7e, 0xbf, 0xa4, 0x52, 0xa0, 0xb0, 0x68, 0x90, 0xd1, 0x20, ++ 0x12, 0x79, 0xe9, 0xd7, 0xc9, 0x40, 0xba, 0xf2, 0x19, 0xc7, 0xa5, 0x00, 0x92, 0x86, 0x0d, ++ 0x01 ++ }; ++ ++ static const unsigned char keydata_p[] = { ++ 0x00, 0xfc, 0x5c, 0x6e, 0x16, 0xce, 0x1f, 0x03, 0x7b, 0xcd, 0xf7, 0xb3, 0x72, 0xb2, 0x8f, ++ 0x16, 0x72, 0xb8, 0x56, 0xae, 0xf7, 0xcd, 0x67, 0xd8, 0x4e, 0x7d, 0x07, 0xaf, 0xd5, 0x43, ++ 0x26, 0xc3, 0x35, 0xbe, 0x43, 0x8f, 0x4e, 0x2f, 0x1c, 0x43, 0x4e, 0x6b, 0xd2, 0xb2, 0xec, ++ 0x52, 0x6d, 0x97, 0x52, 0x2b, 0xcc, 0x5c, 0x3a, 0x6b, 0xf4, 0x14, 0xc6, 0x74, 0xda, 0x66, ++ 0x38, 0x1c, 0x7a, 0x3f, 0x84, 0x2f, 0xe3, 0xf9, 0x5a, 0xb8, 0x65, 0x69, 0x46, 0x06, 0xa3, ++ 0x37, 0x79, 0xb2, 0xa1, 0x5b, 0x58, 0xed, 0x5e, 0xa7, 0x5f, 0x8c, 0x65, 0x66, 0xbb, 0xd1, ++ 0x24, 0x36, 0xe6, 0x37, 0xa7, 0x3d, 0x49, 0x77, 0x8a, 0x8c, 0x34, 0xd8, 0x69, 0x29, 0xf3, ++ 0x4d, 0x58, 0x22, 0xb0, 0x51, 0x24, 0xb6, 0x40, 0xa8, 0x86, 0x59, 0x0a, 0xb7, 0xba, 0x5c, ++ 0x97, 0xda, 0x57, 0xe8, 0x36, 0xda, 0x7a, 0x9c, 0xad ++ }; ++ ++ static const unsigned char keydata_q[] = { ++ 0x00, 0xcc, 0xbe, 0x7b, 0x09, 0x69, 0x06, 0xee, 0x45, 0xbf, 0x88, 0x47, 0x38, 0xa8, 0xf8, ++ 0x17, 0xe5, 0xb6, 0xba, 0x67, 0x55, 0xe3, 0xe8, 0x05, 0x8b, 0xb8, 0xe2, 0x53, 0xd6, 0x8e, ++ 0xef, 0x2c, 0xe7, 0x4f, 0x4a, 0xf7, 0x4e, 0x26, 0x8d, 0x85, 0x0b, 0x3f, 0xec, 0xc3, 0x1c, ++ 0xd4, 0xeb, 0xec, 0x6a, 0xc8, 0x72, 0x2a, 0x25, 0x7d, 0xfd, 0xa6, 0x77, 0x96, 0xf0, 0x1e, ++ 0xcd, 0x28, 0x57, 0xf8, 0x37, 0x30, 0x75, 0x6b, 0xbd, 0xd4, 0x7b, 0x0c, 0x87, 0xc5, 0x6c, ++ 0x87, 0x40, 0xa5, 0xbb, 0x27, 0x2c, 0x78, 0xc9, 0x74, 0x5a, 0x54, 0x5b, 0x0b, 0x30, 0x6f, ++ 0x44, 0x4a, 0xfa, 0x71, 0xe4, 0x21, 0x61, 0x66, 0xf9, 0xee, 0x65, 0xde, 0x7c, 0x04, 0xd7, ++ 0xfd, 0xa9, 0x15, 0x5b, 0x7f, 0xe2, 0x7a, 0xba, 0x69, 0x86, 0x72, 0xa6, 0x06, 0x8d, 0x9b, ++ 0x90, 0x55, 0x60, 0x9e, 0x4c, 0x5d, 0xa9, 0xb6, 0x55 ++ }; ++ ++ static const unsigned char keydata_dmp1[] = { ++ 0x7a, 0xd6, 0x12, 0xd0, 0x0e, 0xec, 0x91, 0xa9, 0x85, 0x8b, 0xf8, 0x50, 0xf0, 0x11, 0x2e, ++ 0x00, 0x11, 0x32, 0x40, 0x60, 0x66, 0x1f, 0x11, 0xee, 0xc2, 0x75, 0x27, 0x65, 0x4b, 0x16, ++ 0x67, 0x16, 0x95, 0xd2, 0x14, 0xc3, 0x1d, 0xb3, 0x48, 0x1f, 0xb7, 0xe4, 0x0b, 0x2b, 0x74, ++ 0xc3, 0xdb, 0x50, 0x27, 0xf9, 0x85, 0x3a, 0xfa, 0xa9, 0x08, 0x23, 0xc1, 0x65, 0x3d, 0x34, ++ 0x3a, 0xc8, 0x56, 0x7a, 0x65, 0x45, 0x36, 0x6e, 0xae, 0x2a, 0xce, 0x9f, 0x43, 0x43, 0xd7, ++ 0x10, 0xe9, 0x9e, 0x18, 0xf4, 0xa4, 0x35, 0xda, 0x8a, 0x6b, 0xb0, 0x3f, 0xdd, 0x53, 0xe3, ++ 0xa8, 0xc5, 0x4e, 0x79, 0x9d, 0x1f, 0x51, 0x8c, 0xa2, 0xca, 0x66, 0x3c, 0x6a, 0x2a, 0xff, ++ 0x8e, 0xd2, 0xf3, 0xb7, 0xcb, 0x82, 0xda, 0xde, 0x2c, 0xe6, 0xd2, 0x8c, 0xb3, 0xad, 0xb6, ++ 0x4c, 0x95, 0x55, 0x76, 0xbd, 0xc9, 0xc8, 0xd1 ++ }; ++ ++ static const unsigned char keydata_dmq1[] = { ++ 0x00, 0x83, 0x23, 0x1d, 0xbb, 0x11, 0x42, 0x17, 0x2b, 0x25, 0x5a, 0x2c, 0x03, 0xe6, 0x75, ++ 0xc1, 0x18, 0xa8, 0xc9, 0x0b, 0x96, 0xbf, 0xba, 0xc4, 0x92, 0x91, 0x80, 0xa5, 0x22, 0x2f, ++ 0xba, 0x91, 0x90, 0x36, 0x01, 0x56, 0x15, 0x00, 0x2c, 0x74, 0xa2, 0x97, 0xf7, 0x15, 0xa1, ++ 0x49, 0xdf, 0x32, 0x35, 0xd2, 0xdd, 0x0c, 0x91, 0xa6, 0xf8, 0xe7, 0xbe, 0x81, 0x36, 0x9b, ++ 0x03, 0xdc, 0x6b, 0x3b, 0xd8, 0x5d, 0x79, 0x57, 0xe0, 0xe6, 0x4f, 0x49, 0xdf, 0x4c, 0x5c, ++ 0x0e, 0xe5, 0x21, 0x41, 0x95, 0xfd, 0xad, 0xff, 0x9a, 0x3e, 0xa0, 0xf9, 0x0f, 0x59, 0x9e, ++ 0x6a, 0xa7, 0x7b, 0x71, 0xa7, 0x24, 0x9a, 0x36, 0x52, 0xae, 0x97, 0x20, 0xc1, 0x5e, 0x78, ++ 0xd9, 0x47, 0x8b, 0x1e, 0x67, 0xf2, 0xaf, 0x98, 0xe6, 0x2d, 0xef, 0x10, 0xd7, 0xf1, 0xab, ++ 0x49, 0xee, 0xe5, 0x4b, 0x7e, 0xae, 0x1f, 0x1d, 0x61 ++ }; ++ ++ static const unsigned char keydata_iqmp[] = { ++ 0x23, 0x96, 0xc1, 0x91, 0x17, 0x5e, 0x0a, 0x83, 0xd2, 0xdc, 0x7b, 0x69, 0xb2, 0x59, 0x1d, ++ 0x33, 0x58, 0x52, 0x3f, 0x18, 0xc7, 0x09, 0x50, 0x1c, 0xb9, 0xa1, 0xbb, 0x4c, 0xa2, 0x38, ++ 0x40, 0x4c, 0x9a, 0x8e, 0xfe, 0x9c, 0x90, 0x92, 0xd0, 0x71, 0x9f, 0x89, 0x99, 0x50, 0x91, ++ 0x1f, 0x34, 0x8b, 0x74, 0x53, 0x11, 0x11, 0x4a, 0x70, 0xe2, 0xf7, 0x30, 0xd8, 0x8c, 0x80, ++ 0xe1, 0xcc, 0x9f, 0xf1, 0x63, 0x17, 0x1a, 0x7d, 0x67, 0x29, 0x4c, 0xcb, 0x4e, 0x74, 0x7b, ++ 0xe0, 0x3e, 0x9e, 0x2f, 0xf4, 0x67, 0x8f, 0xec, 0xb9, 0x5c, 0x00, 0x1e, 0x7e, 0xa2, 0x7b, ++ 0x92, 0xc9, 0x6f, 0x4c, 0xe4, 0x0e, 0xf9, 0x48, 0x63, 0xcd, 0x50, 0x22, 0x5d, 0xbf, 0xb6, ++ 0x9d, 0x01, 0x33, 0x6a, 0xf4, 0x50, 0xbe, 0x86, 0x98, 0x4f, 0xca, 0x3f, 0x3a, 0xfa, 0xcf, ++ 0x07, 0x40, 0xc4, 0xaa, 0xad, 0xae, 0xbe, 0xbf ++ }; ++ ++ int rv = 0; ++ BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; ++ ++ fips_load_key_component(n, keydata); ++ fips_load_key_component(e, keydata); ++ fips_load_key_component(d, keydata); ++ fips_load_key_component(p, keydata); ++ fips_load_key_component(q, keydata); ++ fips_load_key_component(dmp1, keydata); ++ fips_load_key_component(dmq1, keydata); ++ fips_load_key_component(iqmp, keydata); ++ ++ RSA_set0_key(key, n, e, d); ++ RSA_set0_factors(key, p, q); ++ RSA_set0_crt_params(key, dmp1, dmq1, iqmp); ++ ++ rv = 1; ++err: ++ if (!rv) { ++ BN_free(n); ++ BN_free(e); ++ BN_free(d); ++ BN_free(p); ++ BN_free(q); ++ BN_free(dmp1); ++ BN_free(dmq1); ++ BN_free(iqmp); ++ } ++ return rv; ++} ++ ++/* Known Answer Test (KAT) data for the above RSA private key signing ++ * kat_tbs. ++ */ ++ ++static const unsigned char kat_tbs[] = ++ "OpenSSL FIPS 140-2 Public Key RSA KAT"; ++ ++static const unsigned char kat_RSA_PSS_SHA256[] = { ++ 0x38, 0xDA, 0x99, 0x51, 0x26, 0x38, 0xC6, 0x7F, 0xC4, 0x81, 0x57, 0x19, ++ 0x35, 0xC6, 0xF6, 0x1E, 0x90, 0x47, 0x20, 0x55, 0x47, 0x56, 0x26, 0xE9, ++ 0xF2, 0xA8, 0x39, 0x6C, 0xD5, 0xCD, 0xCB, 0x55, 0xFC, 0x0C, 0xC5, 0xCB, ++ 0xF7, 0x40, 0x17, 0x3B, 0xCF, 0xE4, 0x05, 0x03, 0x3B, 0xA0, 0xB2, 0xC9, ++ 0x0D, 0x5E, 0x48, 0x3A, 0xE9, 0xAD, 0x28, 0x71, 0x7D, 0x8F, 0x89, 0x16, ++ 0x59, 0x93, 0x35, 0xDC, 0x4D, 0x7B, 0xDF, 0x84, 0xE4, 0x68, 0xAA, 0x33, ++ 0xAA, 0xDC, 0x66, 0x50, 0xC8, 0xA9, 0x32, 0x12, 0xDC, 0xC6, 0x90, 0x49, ++ 0x0B, 0x75, 0xFF, 0x9B, 0x95, 0x00, 0x9A, 0x90, 0xE0, 0xD4, 0x0E, 0x67, ++ 0xAB, 0x3C, 0x47, 0x36, 0xC5, 0x2E, 0x1C, 0x46, 0xF0, 0x2D, 0xD3, 0x8B, ++ 0x42, 0x08, 0xDE, 0x0D, 0xB6, 0x2C, 0x86, 0xB0, 0x35, 0x71, 0x18, 0x6B, ++ 0x89, 0x67, 0xC0, 0x05, 0xAD, 0xF4, 0x1D, 0x62, 0x4E, 0x75, 0xEC, 0xD6, ++ 0xC2, 0xDB, 0x07, 0xB0, 0xB6, 0x8D, 0x15, 0xAD, 0xCD, 0xBF, 0xF5, 0x60, ++ 0x76, 0xAE, 0x48, 0xB8, 0x77, 0x7F, 0xC5, 0x01, 0xD9, 0x29, 0xBB, 0xD6, ++ 0x17, 0xA2, 0x20, 0x5A, 0xC0, 0x4A, 0x3B, 0x34, 0xC8, 0xB9, 0x39, 0xCF, ++ 0x06, 0x89, 0x95, 0x6F, 0xC7, 0xCA, 0xC4, 0xE4, 0x43, 0xDF, 0x5A, 0x23, ++ 0xE2, 0x89, 0xA3, 0x38, 0x78, 0x31, 0x38, 0xC6, 0xA4, 0x6F, 0x5F, 0x73, ++ 0x5A, 0xE5, 0x9E, 0x09, 0xE7, 0x6F, 0xD4, 0xF8, 0x3E, 0xB7, 0xB0, 0x56, ++ 0x9A, 0xF3, 0x65, 0xF0, 0xC2, 0xA6, 0x8A, 0x08, 0xBA, 0x44, 0xAC, 0x97, ++ 0xDE, 0xB4, 0x16, 0x83, 0xDF, 0xE3, 0xEE, 0x71, 0xFA, 0xF9, 0x51, 0x50, ++ 0x14, 0xDC, 0xFD, 0x6A, 0x82, 0x20, 0x68, 0x64, 0x7D, 0x4E, 0x82, 0x68, ++ 0xD7, 0x45, 0xFA, 0x6A, 0xE4, 0xE5, 0x29, 0x3A, 0x70, 0xFB, 0xE4, 0x62, ++ 0x2B, 0x31, 0xB9, 0x7D ++}; ++ ++static const unsigned char kat_RSA_SHA256[] = { ++ 0xC2, 0xB1, 0x97, 0x00, 0x9A, 0xE5, 0x80, 0x6A, 0xE2, 0x51, 0x68, 0xB9, ++ 0x7A, 0x0C, 0xF2, 0xB4, 0x77, 0xED, 0x15, 0x0C, 0x4E, 0xE1, 0xDC, 0xFF, ++ 0x8E, 0xBC, 0xDE, 0xC7, 0x9A, 0x96, 0xF1, 0x47, 0x45, 0x24, 0x9D, 0x6F, ++ 0xA6, 0xF3, 0x1D, 0x0D, 0x35, 0x4C, 0x1A, 0xF3, 0x58, 0x2C, 0x6C, 0x06, ++ 0xD6, 0x22, 0x37, 0x77, 0x8C, 0x33, 0xE5, 0x07, 0x53, 0x93, 0x28, 0xCF, ++ 0x67, 0xFA, 0xC4, 0x1F, 0x1B, 0x24, 0xDB, 0x4C, 0xC5, 0x2A, 0x51, 0xA2, ++ 0x60, 0x15, 0x8C, 0x54, 0xB4, 0x30, 0xE2, 0x24, 0x47, 0x86, 0xF2, 0xF8, ++ 0x6C, 0xD6, 0x12, 0x59, 0x2C, 0x74, 0x9A, 0x37, 0xF3, 0xC4, 0xA2, 0xD5, ++ 0x4E, 0x1F, 0x77, 0xF0, 0x27, 0xCE, 0x77, 0xF8, 0x4A, 0x79, 0x03, 0xBE, ++ 0xC8, 0x06, 0x2D, 0xA7, 0xA6, 0x46, 0xF5, 0x55, 0x79, 0xD7, 0x5C, 0xC6, ++ 0x5B, 0xB1, 0x00, 0x4E, 0x7C, 0xD9, 0x11, 0x85, 0xE0, 0xB1, 0x4D, 0x2D, ++ 0x13, 0xD7, 0xAC, 0xEA, 0x64, 0xD1, 0xAC, 0x8F, 0x8D, 0x8F, 0xEA, 0x42, ++ 0x7F, 0xF9, 0xB7, 0x7D, 0x2C, 0x68, 0x49, 0x07, 0x7A, 0x74, 0xEF, 0xB4, ++ 0xC9, 0x97, 0x16, 0x5C, 0x6C, 0x6E, 0x5C, 0x09, 0x2E, 0x8E, 0x13, 0x2E, ++ 0x1A, 0x8D, 0xA6, 0x0C, 0x6E, 0x0C, 0x1C, 0x0F, 0xCC, 0xB2, 0x78, 0x8A, ++ 0x07, 0xFC, 0x5C, 0xC2, 0xF5, 0x65, 0xEC, 0xAB, 0x8B, 0x3C, 0xCA, 0x91, ++ 0x6F, 0x84, 0x7C, 0x21, 0x0E, 0xB8, 0xDA, 0x7B, 0x6C, 0xF7, 0xDF, 0xAB, ++ 0x7E, 0x15, 0xFD, 0x85, 0x0B, 0x33, 0x9B, 0x6A, 0x3A, 0xC3, 0xEF, 0x65, ++ 0x04, 0x6E, 0xB2, 0xAC, 0x98, 0xFD, 0xEB, 0x02, 0xF5, 0xC0, 0x0B, 0x5E, ++ 0xCB, 0xD4, 0x83, 0x82, 0x18, 0x1B, 0xDA, 0xB4, 0xCD, 0xE8, 0x71, 0x6B, ++ 0x1D, 0xB5, 0x4F, 0xE9, 0xD6, 0x43, 0xA0, 0x0A, 0x14, 0xA0, 0xE7, 0x5D, ++ 0x47, 0x9D, 0x18, 0xD7 ++}; ++ ++static int fips_rsa_encrypt_test(RSA *rsa, const unsigned char *plaintext, ++ int ptlen) ++{ ++ unsigned char *ctbuf = NULL, *ptbuf = NULL; ++ int ret = 0; ++ int len; ++ ++ ctbuf = OPENSSL_malloc(RSA_size(rsa)); ++ if (!ctbuf) ++ goto err; ++ ++ len = RSA_public_encrypt(ptlen, plaintext, ctbuf, rsa, RSA_PKCS1_PADDING); ++ if (len <= 0) ++ goto err; ++ /* Check ciphertext doesn't match plaintext */ ++ if (len >= ptlen && !memcmp(plaintext, ctbuf, ptlen)) ++ goto err; ++ ++ ptbuf = OPENSSL_malloc(RSA_size(rsa)); ++ if (!ptbuf) ++ goto err; ++ ++ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING); ++ if (len != ptlen) ++ goto err; ++ if (memcmp(ptbuf, plaintext, len)) ++ goto err; ++ ++ ret = 1; ++ ++ err: ++ if (ctbuf) ++ OPENSSL_free(ctbuf); ++ if (ptbuf) ++ OPENSSL_free(ptbuf); ++ return ret; ++} ++ ++int FIPS_selftest_rsa() ++{ ++ int ret = 0; ++ RSA *key; ++ EVP_PKEY *pk = NULL; ++ ++ if ((key = RSA_new()) == NULL) ++ goto err; ++ ++ if (!setrsakey(key)) ++ goto err; ++ ++ if ((pk = EVP_PKEY_new()) == NULL) ++ goto err; ++ ++ EVP_PKEY_set1_RSA(pk, key); ++ ++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, ++ kat_RSA_SHA256, sizeof(kat_RSA_SHA256), ++ EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PKCS1, ++ "RSA SHA256 PKCS#1")) ++ goto err; ++ ++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, ++ kat_RSA_PSS_SHA256, ++ sizeof(kat_RSA_PSS_SHA256), EVP_sha256(), ++ EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA256 PSS")) ++ goto err; ++ ++ if (!fips_rsa_encrypt_test(key, kat_tbs, sizeof(kat_tbs) - 1)) ++ goto err; ++ ++ ret = 1; ++ ++ err: ++ if (pk) ++ EVP_PKEY_free(pk); ++ if (key) ++ RSA_free(key); ++ return ret; ++} ++ ++#endif /* def OPENSSL_FIPS */ +diff -up openssl-1.1.1b/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_sha_selftest.c +--- openssl-1.1.1b/crypto/fips/fips_sha_selftest.c.fips 2019-05-06 16:08:46.795598159 +0200 ++++ openssl-1.1.1b/crypto/fips/fips_sha_selftest.c 2019-05-06 17:35:40.211316880 +0200 +@@ -0,0 +1,223 @@ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++#ifdef OPENSSL_FIPS ++# include ++#endif ++#include ++#include ++ ++#ifdef OPENSSL_FIPS ++static const char test[][60] = { ++ "", ++ "abc", ++ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" ++}; ++ ++static const unsigned char ret[][SHA_DIGEST_LENGTH] = { ++ {0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55, ++ 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09}, ++ {0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, 0xba, 0x3e, ++ 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, 0x9c, 0xd0, 0xd8, 0x9d}, ++ {0x84, 0x98, 0x3e, 0x44, 0x1c, 0x3b, 0xd2, 0x6e, 0xba, 0xae, ++ 0x4a, 0xa1, 0xf9, 0x51, 0x29, 0xe5, 0xe5, 0x46, 0x70, 0xf1}, ++}; ++ ++int FIPS_selftest_sha1() ++{ ++ int n; ++ ++ for (n = 0; n < sizeof(test) / sizeof(test[0]); ++n) { ++ unsigned char md[SHA_DIGEST_LENGTH]; ++ ++ EVP_Digest(test[n], strlen(test[n]), md, NULL, ++ EVP_sha1(), NULL); ++ if (memcmp(md, ret[n], sizeof md)) { ++ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1, FIPS_R_SELFTEST_FAILED); ++ return 0; ++ } ++ } ++ return 1; ++} ++ ++static const unsigned char msg_sha256[] = ++ { 0xfa, 0x48, 0x59, 0x2a, 0xe1, 0xae, 0x1f, 0x30, ++ 0xfc ++}; ++ ++static const unsigned char dig_sha256[] = ++ { 0xf7, 0x26, 0xd8, 0x98, 0x47, 0x91, 0x68, 0x5b, ++ 0x9e, 0x39, 0xb2, 0x58, 0xbb, 0x75, 0xbf, 0x01, ++ 0x17, 0x0c, 0x84, 0x00, 0x01, 0x7a, 0x94, 0x83, ++ 0xf3, 0x0b, 0x15, 0x84, 0x4b, 0x69, 0x88, 0x8a ++}; ++ ++static const unsigned char msg_sha512[] = ++ { 0x37, 0xd1, 0x35, 0x9d, 0x18, 0x41, 0xe9, 0xb7, ++ 0x6d, 0x9a, 0x13, 0xda, 0x5f, 0xf3, 0xbd ++}; ++ ++static const unsigned char dig_sha512[] = ++ { 0x11, 0x13, 0xc4, 0x19, 0xed, 0x2b, 0x1d, 0x16, ++ 0x11, 0xeb, 0x9b, 0xbe, 0xf0, 0x7f, 0xcf, 0x44, ++ 0x8b, 0xd7, 0x57, 0xbd, 0x8d, 0xa9, 0x25, 0xb0, ++ 0x47, 0x25, 0xd6, 0x6c, 0x9a, 0x54, 0x7f, 0x8f, ++ 0x0b, 0x53, 0x1a, 0x10, 0x68, 0x32, 0x03, 0x38, ++ 0x82, 0xc4, 0x87, 0xc4, 0xea, 0x0e, 0xd1, 0x04, ++ 0xa9, 0x98, 0xc1, 0x05, 0xa3, 0xf3, 0xf8, 0xb1, ++ 0xaf, 0xbc, 0xd9, 0x78, 0x7e, 0xee, 0x3d, 0x43 ++}; ++ ++int FIPS_selftest_sha2(void) ++{ ++ unsigned char md[SHA512_DIGEST_LENGTH]; ++ ++ EVP_Digest(msg_sha256, sizeof(msg_sha256), md, NULL, EVP_sha256(), NULL); ++ if (memcmp(dig_sha256, md, sizeof(dig_sha256))) { ++ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA2, FIPS_R_SELFTEST_FAILED); ++ return 0; ++ } ++ ++ EVP_Digest(msg_sha512, sizeof(msg_sha512), md, NULL, EVP_sha512(), NULL); ++ if (memcmp(dig_sha512, md, sizeof(dig_sha512))) { ++ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA2, FIPS_R_SELFTEST_FAILED); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static const unsigned char msg_sha3_256[] = { ++ 0xa1, 0xd7, 0xce, 0x51, 0x04, 0xeb, 0x25, 0xd6, ++ 0x13, 0x1b, 0xb8, 0xf6, 0x6e, 0x1f, 0xb1, 0x3f, ++ 0x35, 0x23 ++}; ++ ++static const unsigned char dig_sha3_256[] = { ++ 0xee, 0x90, 0x62, 0xf3, 0x97, 0x20, 0xb8, 0x21, ++ 0xb8, 0x8b, 0xe5, 0xe6, 0x46, 0x21, 0xd7, 0xe0, ++ 0xca, 0x02, 0x6a, 0x9f, 0xe7, 0x24, 0x8d, 0x78, ++ 0x15, 0x0b, 0x14, 0xbd, 0xba, 0xa4, 0x0b, 0xed ++}; ++ ++static const unsigned char msg_sha3_512[] = { ++ 0x13, 0x3b, 0x49, 0x7b, 0x00, 0x93, 0x27, 0x73, ++ 0xa5, 0x3b, 0xa9, 0xbf, 0x8e, 0x61, 0xd5, 0x9f, ++ 0x05, 0xf4 ++}; ++ ++static const unsigned char dig_sha3_512[] = { ++ 0x78, 0x39, 0x64, 0xa1, 0xcf, 0x41, 0xd6, 0xd2, ++ 0x10, 0xa8, 0xd7, 0xc8, 0x1c, 0xe6, 0x97, 0x0a, ++ 0xa6, 0x2c, 0x90, 0x53, 0xcb, 0x89, 0xe1, 0x5f, ++ 0x88, 0x05, 0x39, 0x57, 0xec, 0xf6, 0x07, 0xf4, ++ 0x2a, 0xf0, 0x88, 0x04, 0xe7, 0x6f, 0x2f, 0xbd, ++ 0xbb, 0x31, 0x80, 0x9c, 0x9e, 0xef, 0xc6, 0x0e, ++ 0x23, 0x3d, 0x66, 0x24, 0x36, 0x7a, 0x3b, 0x9c, ++ 0x30, 0xf8, 0xee, 0x5f, 0x65, 0xbe, 0x56, 0xac ++}; ++ ++static const unsigned char msg_shake_128[] = { ++ 0x43, 0xbd, 0xb1, 0x1e, 0xac, 0x71, 0x03, 0x1f, ++ 0x02, 0xa1, 0x1c, 0x15, 0xa1, 0x88, 0x5f, 0xa4, ++ 0x28, 0x98 ++}; ++ ++static const unsigned char dig_shake_128[] = { ++ 0xde, 0x68, 0x02, 0x7d, 0xa1, 0x30, 0x66, 0x3a, ++ 0x73, 0x98, 0x0e, 0x35, 0x25, 0xb8, 0x8c, 0x75 ++}; ++ ++static const unsigned char msg_shake_256[] = { ++ 0x8f, 0x84, 0xa3, 0x7d, 0xbd, 0x44, 0xd0, 0xf6, ++ 0x95, 0x36, 0xc5, 0xf4, 0x44, 0x6b, 0xa3, 0x23, ++ 0x9b, 0xfc ++}; ++ ++static const unsigned char dig_shake_256[] = { ++ 0x05, 0xca, 0x83, 0x5e, 0x0c, 0xdb, 0xfa, 0xf5, ++ 0x95, 0xc6, 0x86, 0x7e, 0x2d, 0x9d, 0xb9, 0x3f, ++ 0xca, 0x9c, 0x8b, 0xc6, 0x65, 0x02, 0x2e, 0xdd, ++ 0x6f, 0xe7, 0xb3, 0xda, 0x5e, 0x07, 0xc4, 0xcf ++}; ++ ++int FIPS_selftest_sha3(void) ++{ ++ unsigned char md[SHA512_DIGEST_LENGTH]; ++ ++ EVP_Digest(msg_sha3_256, sizeof(msg_sha3_256), md, NULL, EVP_sha3_256(), NULL); ++ if (memcmp(dig_sha3_256, md, sizeof(dig_sha3_256))) { ++ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED); ++ return 0; ++ } ++ ++ EVP_Digest(msg_sha3_512, sizeof(msg_sha3_512), md, NULL, EVP_sha3_512(), NULL); ++ if (memcmp(dig_sha3_512, md, sizeof(dig_sha3_512))) { ++ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED); ++ return 0; ++ } ++ ++ EVP_Digest(msg_shake_128, sizeof(msg_shake_128), md, NULL, EVP_shake128(), NULL); ++ if (memcmp(dig_shake_128, md, sizeof(dig_shake_128))) { ++ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED); ++ return 0; ++ } ++ ++ EVP_Digest(msg_shake_256, sizeof(msg_shake_256), md, NULL, EVP_shake256(), NULL); ++ if (memcmp(dig_shake_256, md, sizeof(dig_shake_256))) { ++ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++#endif +diff -up openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c +--- openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c.fips 2019-02-28 11:30:06.817745466 +0100 ++++ openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c 2019-02-28 11:30:06.817745466 +0100 +@@ -0,0 +1,127 @@ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++int main(int argc, char **argv) ++{ ++#ifdef OPENSSL_FIPS ++ static char key[] = "orboDeJITITejsirpADONivirpUkvarP"; ++ int n, binary = 0; ++ ++ if (argc < 2) { ++ fprintf(stderr, "%s []+\n", argv[0]); ++ exit(1); ++ } ++ ++ n = 1; ++ if (!strcmp(argv[n], "-binary")) { ++ n++; ++ binary = 1; /* emit binary fingerprint... */ ++ } ++ ++ for (; n < argc; ++n) { ++ FILE *f = fopen(argv[n], "rb"); ++ HMAC_CTX *hmac_ctx; ++ unsigned char mac[EVP_MAX_MD_SIZE]; ++ unsigned int len; ++ unsigned int i; ++ ++ if (!f) { ++ perror(argv[n]); ++ exit(2); ++ } ++ hmac_ctx = HMAC_CTX_new(); ++ if (!hmac_ctx) ++ exit(3); ++ ++ if (HMAC_Init_ex(hmac_ctx, key, strlen(key), EVP_sha256(), NULL) <= 0) { ++ fprintf(stderr, "HMAC SHA256 initialization failed.\n"); ++ exit(4); ++ } ++ ++ for (;;) { ++ unsigned char buf[1024]; ++ size_t l = fread(buf, 1, sizeof buf, f); ++ ++ if (l == 0) { ++ if (ferror(f)) { ++ perror(argv[n]); ++ exit(3); ++ } else ++ break; ++ } ++ if (HMAC_Update(hmac_ctx, buf, l) <= 0) { ++ fprintf(stderr, "HMAC_Update() failed.\n"); ++ exit(4); ++ } ++ } ++ if (HMAC_Final(hmac_ctx, mac, &len) <= 0) { ++ fprintf(stderr, "HMAC_Final() failed.\n"); ++ exit(4); ++ } ++ ++ if (binary) { ++ fwrite(mac, len, 1, stdout); ++ break; /* ... for single(!) file */ ++ } ++ ++/* printf("HMAC-SHA1(%s)= ",argv[n]); */ ++ for (i = 0; i < len; ++i) ++ printf("%02x", mac[i]); ++ printf("\n"); ++ } ++#endif ++ return 0; ++} +diff -up openssl-1.1.1c/crypto/hmac/hmac.c.fips openssl-1.1.1c/crypto/hmac/hmac.c +--- openssl-1.1.1c/crypto/hmac/hmac.c.fips 2019-05-29 15:46:19.138261106 +0200 ++++ openssl-1.1.1c/crypto/hmac/hmac.c 2019-05-29 15:49:09.508263133 +0200 +@@ -43,6 +43,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo + return 0; + + if (key != NULL) { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(EVP_MD_flags(md) & EVP_MD_FLAG_FIPS) ++ && (!EVP_MD_CTX_test_flags(ctx->md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) ++ || !EVP_MD_CTX_test_flags(ctx->i_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) ++ || !EVP_MD_CTX_test_flags(ctx->o_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))) ++ goto err; ++#endif + reset = 1; + j = EVP_MD_block_size(md); + if (!ossl_assert(j <= (int)sizeof(ctx->key))) +diff -up openssl-1.1.1b/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1b/crypto/hmac/hm_pmeth.c +--- openssl-1.1.1b/crypto/hmac/hm_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/hmac/hm_pmeth.c 2019-05-06 14:56:01.123257022 +0200 +@@ -180,7 +180,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C + + const EVP_PKEY_METHOD hmac_pkey_meth = { + EVP_PKEY_HMAC, +- 0, ++ EVP_PKEY_FLAG_FIPS, + pkey_hmac_init, + pkey_hmac_copy, + pkey_hmac_cleanup, +diff -up openssl-1.1.1b/crypto/include/internal/fips_int.h.fips openssl-1.1.1b/crypto/include/internal/fips_int.h +--- openssl-1.1.1b/crypto/include/internal/fips_int.h.fips 2019-02-28 11:30:06.817745466 +0100 ++++ openssl-1.1.1b/crypto/include/internal/fips_int.h 2019-02-28 11:30:06.817745466 +0100 +@@ -0,0 +1,98 @@ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++ ++#ifndef OPENSSL_FIPS ++# error FIPS is disabled. ++#endif ++ ++#ifdef OPENSSL_FIPS ++ ++int FIPS_module_mode_set(int onoff); ++int FIPS_module_mode(void); ++int FIPS_module_installed(void); ++int FIPS_selftest_sha1(void); ++int FIPS_selftest_sha2(void); ++int FIPS_selftest_sha3(void); ++int FIPS_selftest_aes_ccm(void); ++int FIPS_selftest_aes_gcm(void); ++int FIPS_selftest_aes_xts(void); ++int FIPS_selftest_aes(void); ++int FIPS_selftest_des(void); ++int FIPS_selftest_rsa(void); ++int FIPS_selftest_dsa(void); ++int FIPS_selftest_ecdsa(void); ++int FIPS_selftest_ecdh(void); ++int FIPS_selftest_dh(void); ++void FIPS_drbg_stick(int onoff); ++int FIPS_selftest_hmac(void); ++int FIPS_selftest_drbg(void); ++int FIPS_selftest_cmac(void); ++ ++int fips_pkey_signature_test(EVP_PKEY *pkey, ++ const unsigned char *tbs, int tbslen, ++ const unsigned char *kat, ++ unsigned int katlen, ++ const EVP_MD *digest, ++ unsigned int md_flags, const char *fail_str); ++ ++int fips_cipher_test(EVP_CIPHER_CTX *ctx, ++ const EVP_CIPHER *cipher, ++ const unsigned char *key, ++ const unsigned char *iv, ++ const unsigned char *plaintext, ++ const unsigned char *ciphertext, int len); ++ ++void fips_set_selftest_fail(void); ++ ++void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); ++ ++#endif +diff -up openssl-1.1.1b/crypto/o_fips.c.fips openssl-1.1.1b/crypto/o_fips.c +--- openssl-1.1.1b/crypto/o_fips.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/o_fips.c 2019-02-28 11:30:06.817745466 +0100 +@@ -8,17 +8,28 @@ + */ + + #include "internal/cryptlib.h" ++#include "internal/fips_int.h" + + int FIPS_mode(void) + { ++#ifdef OPENSSL_FIPS ++ return FIPS_module_mode(); ++#else + /* This version of the library does not support FIPS mode. */ + return 0; ++#endif + } + + int FIPS_mode_set(int r) + { ++#ifdef OPENSSL_FIPS ++ if (r && FIPS_module_mode()) /* can be implicitly initialized by OPENSSL_init() */ ++ return 1; ++ return FIPS_module_mode_set(r); ++#else + if (r == 0) + return 1; + CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED); + return 0; ++#endif + } +diff -up openssl-1.1.1b/crypto/o_init.c.fips openssl-1.1.1b/crypto/o_init.c +--- openssl-1.1.1b/crypto/o_init.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/o_init.c 2019-02-28 11:30:06.817745466 +0100 +@@ -7,8 +7,68 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE + #include "e_os.h" + #include ++#ifdef OPENSSL_FIPS ++# include ++# include ++# include ++# include ++# include ++# include ++# include ++# include ++# include "internal/fips_int.h" ++ ++# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" ++ ++static void init_fips_mode(void) ++{ ++ char buf[2] = "0"; ++ int fd; ++ ++ /* Ensure the selftests always run */ ++ /* XXX: TO SOLVE - premature initialization due to selftests */ ++ FIPS_mode_set(1); ++ ++ if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { ++ buf[0] = '1'; ++ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { ++ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; ++ close(fd); ++ } ++ /* Failure reading the fips mode switch file means just not ++ * switching into FIPS mode. We would break too many things ++ * otherwise.. ++ */ ++ ++ if (buf[0] != '1') { ++ /* drop down to non-FIPS mode if it is not requested */ ++ FIPS_mode_set(0); ++ } else { ++ /* abort if selftest failed */ ++ FIPS_selftest_check(); ++ } ++} ++ ++/* ++ * Perform FIPS module power on selftest and automatic FIPS mode switch. ++ */ ++ ++void __attribute__ ((constructor)) OPENSSL_init_library(void) ++{ ++ static int done = 0; ++ if (done) ++ return; ++ done = 1; ++ if (!FIPS_module_installed()) { ++ return; ++ } ++ init_fips_mode(); ++} ++#endif + + /* + * Perform any essential OpenSSL initialization operations. Currently does +diff -up openssl-1.1.1b/crypto/rand/rand_lib.c.fips openssl-1.1.1b/crypto/rand/rand_lib.c +--- openssl-1.1.1b/crypto/rand/rand_lib.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/rand/rand_lib.c 2019-02-28 11:30:06.818745447 +0100 +@@ -16,6 +16,10 @@ + #include "internal/thread_once.h" + #include "rand_lcl.h" + #include "e_os.h" ++#ifdef OPENSSL_FIPS ++# include ++# include ++#endif + + #ifndef OPENSSL_NO_ENGINE + /* non-NULL if default_RAND_meth is ENGINE-provided */ +@@ -857,3 +861,15 @@ int RAND_status(void) + return meth->status(); + return 0; + } ++ ++#ifdef OPENSSL_FIPS ++void RAND_set_fips_drbg_type(int type, int flags) ++{ /* just a stub for ABI compatibility */ ++} ++ ++int RAND_init_fips(void) ++{ ++ /* just a stub for ABI compatibility */ ++ return 1; ++} ++#endif +diff -up openssl-1.1.1b/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1b/crypto/rsa/rsa_crpt.c +--- openssl-1.1.1b/crypto/rsa/rsa_crpt.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/rsa/rsa_crpt.c 2019-02-28 11:30:06.818745447 +0100 +@@ -27,24 +27,52 @@ int RSA_size(const RSA *r) + int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD); ++ return -1; ++ } ++#endif + return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding); + } + + int RSA_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, ++ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); ++ return -1; ++ } ++#endif + return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding); + } + + int RSA_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD); ++ return -1; ++ } ++#endif + return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding); + } + + int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, ++ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); ++ return -1; ++ } ++#endif + return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding); + } + +diff -up openssl-1.1.1b/crypto/rsa/rsa_err.c.fips openssl-1.1.1b/crypto/rsa/rsa_err.c +--- openssl-1.1.1b/crypto/rsa/rsa_err.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/rsa/rsa_err.c 2019-02-28 11:30:06.818745447 +0100 +@@ -16,6 +16,8 @@ + static const ERR_STRING_DATA RSA_str_functs[] = { + {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_ENCODE_PKCS1, 0), "encode_pkcs1"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_FIPS_RSA_BUILTIN_KEYGEN, 0), ++ "fips_rsa_builtin_keygen"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_INT_RSA_VERIFY, 0), "int_rsa_verify"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, 0), + "old_rsa_priv_decode"}, +@@ -32,6 +34,9 @@ static const ERR_STRING_DATA RSA_str_fun + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY_EX, 0), "RSA_check_key_ex"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_DECRYPT, 0), "rsa_cms_decrypt"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_VERIFY, 0), "rsa_cms_verify"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_KEY_EX, 0), "RSA_generate_key_ex"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_MULTI_PRIME_KEY, 0), ++ "RSA_generate_multi_prime_key"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ITEM_VERIFY, 0), "rsa_item_verify"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_DUP, 0), "RSA_meth_dup"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_NEW, 0), "RSA_meth_new"}, +@@ -90,9 +95,13 @@ static const ERR_STRING_DATA RSA_str_fun + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT_FP, 0), "RSA_print_fp"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_DECODE, 0), "rsa_priv_decode"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_ENCODE, 0), "rsa_priv_encode"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_DECRYPT, 0), "RSA_private_decrypt"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_ENCRYPT, 0), "RSA_private_encrypt"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_GET_PARAM, 0), "rsa_pss_get_param"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_TO_CTX, 0), "rsa_pss_to_ctx"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_DECRYPT, 0), "RSA_public_decrypt"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_ENCRYPT, 0), "RSA_public_encrypt"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SETUP_BLINDING, 0), "RSA_setup_blinding"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN, 0), "RSA_sign"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN_ASN1_OCTET_STRING, 0), +@@ -102,6 +111,8 @@ static const ERR_STRING_DATA RSA_str_fun + "RSA_verify_ASN1_OCTET_STRING"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 0), + "RSA_verify_PKCS1_PSS_mgf1"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_DEFAULT_METHOD, 0), "RSA_set_default_method"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_METHOD, 0), "RSA_set_method"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"}, + {0, NULL} + }; +@@ -181,6 +192,7 @@ static const ERR_STRING_DATA RSA_str_rea + "mp exponent not congruent to d"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, ++ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NON_FIPS_RSA_METHOD), "non FIPS rsa method"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING), + "null before block missing"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES), +@@ -189,6 +201,8 @@ static const ERR_STRING_DATA RSA_str_rea + "n does not equal p q"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR), + "oaep decoding error"}, ++ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), ++ "operation not allowed in FIPS mode"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), + "operation not supported for this keytype"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED), +@@ -224,6 +238,8 @@ static const ERR_STRING_DATA RSA_str_rea + "unsupported mask algorithm"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_PARAMETER), + "unsupported mask parameter"}, ++ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_PARAMETERS), ++ "unsupported parameters"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE), + "unsupported signature type"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"}, +diff -up openssl-1.1.1b/crypto/rsa/rsa_gen.c.fips openssl-1.1.1b/crypto/rsa/rsa_gen.c +--- openssl-1.1.1b/crypto/rsa/rsa_gen.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/rsa/rsa_gen.c 2019-02-28 11:30:06.818745447 +0100 +@@ -18,6 +18,76 @@ + #include "internal/cryptlib.h" + #include + #include "rsa_locl.h" ++#ifdef OPENSSL_FIPS ++# include ++# include "internal/fips_int.h" ++ ++int fips_check_rsa(RSA *rsa) ++{ ++ const unsigned char tbs[] = "RSA Pairwise Check Data"; ++ unsigned char *ctbuf = NULL, *ptbuf = NULL; ++ int len, ret = 0; ++ EVP_PKEY *pk; ++ ++ if ((pk = EVP_PKEY_new()) == NULL) ++ goto err; ++ ++ EVP_PKEY_set1_RSA(pk, rsa); ++ ++ /* Perform pairwise consistency signature test */ ++ if (!fips_pkey_signature_test(pk, tbs, -1, ++ NULL, 0, EVP_sha256(), ++ EVP_MD_CTX_FLAG_PAD_PKCS1, NULL) ++ || !fips_pkey_signature_test(pk, tbs, -1, NULL, 0, EVP_sha256(), ++ EVP_MD_CTX_FLAG_PAD_PSS, NULL)) ++ goto err; ++ /* Now perform pairwise consistency encrypt/decrypt test */ ++ ctbuf = OPENSSL_malloc(RSA_size(rsa)); ++ if (!ctbuf) ++ goto err; ++ ++ len = ++ RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, ++ RSA_PKCS1_PADDING); ++ if (len <= 0) ++ goto err; ++ /* Check ciphertext doesn't match plaintext */ ++ if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len)) ++ goto err; ++ ptbuf = OPENSSL_malloc(RSA_size(rsa)); ++ ++ if (!ptbuf) ++ goto err; ++ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING); ++ if (len != (sizeof(tbs) - 1)) ++ goto err; ++ if (memcmp(ptbuf, tbs, len)) ++ goto err; ++ ++ ret = 1; ++ ++ if (!ptbuf) ++ goto err; ++ ++ err: ++ if (ret == 0) { ++ fips_set_selftest_fail(); ++ FIPSerr(FIPS_F_FIPS_CHECK_RSA, FIPS_R_PAIRWISE_TEST_FAILED); ++ } ++ ++ if (ctbuf) ++ OPENSSL_free(ctbuf); ++ if (ptbuf) ++ OPENSSL_free(ptbuf); ++ if (pk) ++ EVP_PKEY_free(pk); ++ ++ return ret; ++} ++ ++static int fips_rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, ++ BN_GENCB *cb); ++#endif + + static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, + BN_GENCB *cb); +@@ -31,6 +101,13 @@ static int rsa_builtin_keygen(RSA *rsa, + */ + int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD); ++ return 0; ++ } ++#endif + if (rsa->meth->rsa_keygen != NULL) + return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); + +@@ -41,6 +118,13 @@ int RSA_generate_key_ex(RSA *rsa, int bi + int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, + BIGNUM *e_value, BN_GENCB *cb) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_GENERATE_MULTI_PRIME_KEY, RSA_R_NON_FIPS_RSA_METHOD); ++ return 0; ++ } ++#endif + /* multi-prime is only supported with the builtin key generation */ + if (rsa->meth->rsa_multi_prime_keygen != NULL) { + return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes, +@@ -57,10 +141,285 @@ int RSA_generate_multi_prime_key(RSA *rs + else + return 0; + } +- ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { ++ if (primes != 2) { ++ RSAerr(RSA_F_RSA_GENERATE_MULTI_PRIME_KEY, RSA_R_UNSUPPORTED_PARAMETERS); ++ return 0; ++ } ++ return fips_rsa_builtin_keygen(rsa, bits, e_value, cb); ++ } ++#endif + return rsa_builtin_keygen(rsa, bits, primes, e_value, cb); + } + ++#ifdef OPENSSL_FIPS ++static int fips_rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, ++ BN_GENCB *cb) ++{ ++ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; ++ BN_CTX *ctx = NULL; ++ int ok = -1; ++ int i; ++ int n = 0; ++ int test = 0; ++ int pbits = bits / 2; ++ unsigned long error = 0; ++ ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED); ++ return 0; ++ } ++ ++ if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS ++ || (getenv("OPENSSL_ENFORCE_MODULUS_BITS") && bits < 2048)) { ++ FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_KEY_TOO_SHORT); ++ return 0; ++ } ++ if ((pbits & 0xFF) != 0) { ++ FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_INVALID_KEY_LENGTH); ++ return 0; ++ } ++ ++ ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ goto err; ++ BN_CTX_start(ctx); ++ r0 = BN_CTX_get(ctx); ++ r1 = BN_CTX_get(ctx); ++ r2 = BN_CTX_get(ctx); ++ r3 = BN_CTX_get(ctx); ++ ++ if (r3 == NULL) ++ goto err; ++ ++ /* We need the RSA components non-NULL */ ++ if (!rsa->n && ((rsa->n = BN_new()) == NULL)) ++ goto err; ++ if (!rsa->d && ((rsa->d = BN_secure_new()) == NULL)) ++ goto err; ++ if (!rsa->e && ((rsa->e = BN_new()) == NULL)) ++ goto err; ++ if (!rsa->p && ((rsa->p = BN_secure_new()) == NULL)) ++ goto err; ++ if (!rsa->q && ((rsa->q = BN_secure_new()) == NULL)) ++ goto err; ++ if (!rsa->dmp1 && ((rsa->dmp1 = BN_secure_new()) == NULL)) ++ goto err; ++ if (!rsa->dmq1 && ((rsa->dmq1 = BN_secure_new()) == NULL)) ++ goto err; ++ if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL)) ++ goto err; ++ ++ if (!BN_set_word(r0, RSA_F4)) ++ goto err; ++ if (BN_cmp(e_value, r0) < 0 || BN_num_bits(e_value) > 256) { ++ ok = 0; /* we set our own err */ ++ RSAerr(RSA_F_FIPS_RSA_BUILTIN_KEYGEN, RSA_R_BAD_E_VALUE); ++ goto err; ++ } ++ ++ /* prepare approximate minimum p and q */ ++ if (!BN_set_word(r0, 0xB504F334)) ++ goto err; ++ if (!BN_lshift(r0, r0, pbits - 32)) ++ goto err; ++ ++ /* prepare minimum p and q difference */ ++ if (!BN_one(r3)) ++ goto err; ++ if (!BN_lshift(r3, r3, pbits - 100)) ++ goto err; ++ ++ BN_copy(rsa->e, e_value); ++ ++ if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q)) ++ test = 1; ++ ++ BN_set_flags(r0, BN_FLG_CONSTTIME); ++ BN_set_flags(r1, BN_FLG_CONSTTIME); ++ BN_set_flags(r2, BN_FLG_CONSTTIME); ++ BN_set_flags(rsa->p, BN_FLG_CONSTTIME); ++ BN_set_flags(rsa->q, BN_FLG_CONSTTIME); ++ ++ retry: ++ /* generate p and q */ ++ for (i = 0; i < 5 * pbits; i++) { ++ ploop: ++ if (!test) ++ if (!BN_rand(rsa->p, pbits, 0, 1)) ++ goto err; ++ if (BN_cmp(rsa->p, r0) < 0) { ++ if (test) ++ goto err; ++ goto ploop; ++ } ++ ++ if (!BN_sub(r2, rsa->p, BN_value_one())) ++ goto err; ++ ERR_set_mark(); ++ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { ++ /* GCD == 1 since inverse exists */ ++ int r; ++ r = BN_is_prime_fasttest_ex(rsa->p, pbits > 1024 ? 4 : 5, ctx, 0, ++ cb); ++ if (r == -1 || (test && r <= 0)) ++ goto err; ++ if (r > 0) ++ break; ++ } else { ++ error = ERR_peek_last_error(); ++ if (ERR_GET_LIB(error) == ERR_LIB_BN ++ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { ++ /* GCD != 1 */ ++ ERR_pop_to_mark(); ++ } else { ++ goto err; ++ } ++ } ++ if (!BN_GENCB_call(cb, 2, n++)) ++ goto err; ++ } ++ ++ if (!BN_GENCB_call(cb, 3, 0)) ++ goto err; ++ ++ if (i >= 5 * pbits) ++ /* prime not found */ ++ goto err; ++ ++ for (i = 0; i < 5 * pbits; i++) { ++ qloop: ++ if (!test) ++ if (!BN_rand(rsa->q, pbits, 0, 1)) ++ goto err; ++ if (BN_cmp(rsa->q, r0) < 0) { ++ if (test) ++ goto err; ++ goto qloop; ++ } ++ if (!BN_sub(r2, rsa->q, rsa->p)) ++ goto err; ++ if (BN_ucmp(r2, r3) <= 0) { ++ if (test) ++ goto err; ++ goto qloop; ++ } ++ ++ if (!BN_sub(r2, rsa->q, BN_value_one())) ++ goto err; ++ ERR_set_mark(); ++ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { ++ /* GCD == 1 since inverse exists */ ++ int r; ++ r = BN_is_prime_fasttest_ex(rsa->q, pbits > 1024 ? 4 : 5, ctx, 0, ++ cb); ++ if (r == -1 || (test && r <= 0)) ++ goto err; ++ if (r > 0) ++ break; ++ } else { ++ error = ERR_peek_last_error(); ++ if (ERR_GET_LIB(error) == ERR_LIB_BN ++ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { ++ /* GCD != 1 */ ++ ERR_pop_to_mark(); ++ } else { ++ goto err; ++ } ++ } ++ if (!BN_GENCB_call(cb, 2, n++)) ++ goto err; ++ } ++ ++ if (!BN_GENCB_call(cb, 3, 1)) ++ goto err; ++ ++ if (i >= 5 * pbits) ++ /* prime not found */ ++ goto err; ++ ++ if (test) { ++ /* do not try to calculate the remaining key values */ ++ BN_clear(rsa->n); ++ ok = 1; ++ goto err; ++ } ++ ++ if (BN_cmp(rsa->p, rsa->q) < 0) { ++ tmp = rsa->p; ++ rsa->p = rsa->q; ++ rsa->q = tmp; ++ } ++ ++ /* calculate n */ ++ if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) ++ goto err; ++ ++ /* calculate d */ ++ if (!BN_sub(r1, rsa->p, BN_value_one())) ++ goto err; /* p-1 */ ++ if (!BN_sub(r2, rsa->q, BN_value_one())) ++ goto err; /* q-1 */ ++ ++ /* note that computing gcd is not safe to timing attacks */ ++ if (!BN_gcd(r0, r1, r2, ctx)) ++ goto err; ++ ++ { ++ if (!BN_div(r0, NULL, r1, r0, ctx)) ++ goto err; ++ ++ if (!BN_mul(r0, r0, r2, ctx)) /* lcm(p-1, q-1) */ ++ goto err; ++ ++ if (!BN_mod_inverse(rsa->d, rsa->e, r0, ctx)) /* d */ ++ goto err; ++ } ++ ++ if (BN_num_bits(rsa->d) < pbits) ++ goto retry; /* d is too small */ ++ ++ { ++ BIGNUM *d = BN_new(); ++ ++ if (d == NULL) ++ goto err; ++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); ++ ++ if (/* calculate d mod (p-1) */ ++ !BN_mod(rsa->dmp1, d, r1, ctx) ++ /* calculate d mod (q-1) */ ++ || !BN_mod(rsa->dmq1, d, r2, ctx)) { ++ BN_free(d); ++ goto err; ++ } ++ /* We MUST free d before any further use of rsa->d */ ++ BN_free(d); ++ } ++ ++ /* calculate inverse of q mod p */ ++ if (!BN_mod_inverse(rsa->iqmp, rsa->q, rsa->p, ctx)) ++ goto err; ++ ++ if (!fips_check_rsa(rsa)) ++ goto err; ++ ++ ok = 1; ++ err: ++ if (ok == -1) { ++ RSAerr(RSA_F_FIPS_RSA_BUILTIN_KEYGEN, ERR_LIB_BN); ++ ok = 0; ++ } ++ if (ctx != NULL) { ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ } ++ ++ return ok; ++} ++#endif ++ + static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, + BN_GENCB *cb) + { +diff -up openssl-1.1.1b/crypto/rsa/rsa_lib.c.fips openssl-1.1.1b/crypto/rsa/rsa_lib.c +--- openssl-1.1.1b/crypto/rsa/rsa_lib.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/rsa/rsa_lib.c 2019-02-28 11:30:06.819745428 +0100 +@@ -34,6 +34,12 @@ int RSA_set_method(RSA *rsa, const RSA_M + * to deal with which ENGINE it comes from. + */ + const RSA_METHOD *mtmp; ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) { ++ RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_RSA_METHOD); ++ return 0; ++ } ++#endif + mtmp = rsa->meth; + if (mtmp->finish) + mtmp->finish(rsa); +@@ -66,7 +72,6 @@ RSA *RSA_new_method(ENGINE *engine) + + ret->meth = RSA_get_default_method(); + #ifndef OPENSSL_NO_ENGINE +- ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; + if (engine) { + if (!ENGINE_init(engine)) { + RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); +@@ -84,8 +89,19 @@ RSA *RSA_new_method(ENGINE *engine) + } + } + #endif ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD)) { ++ RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_RSA_METHOD); ++# ifndef OPENSSL_NO_ENGINE ++ if (ret->engine) ++ ENGINE_finish(ret->engine); ++# endif ++ OPENSSL_free(ret); ++ return NULL; ++ } ++#endif + +- ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; ++ ret->flags = ret->meth->flags; + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { + goto err; + } +diff -up openssl-1.1.1b/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1b/crypto/rsa/rsa_ossl.c +--- openssl-1.1.1b/crypto/rsa/rsa_ossl.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/rsa/rsa_ossl.c 2019-02-28 11:31:57.315691372 +0100 +@@ -12,6 +12,10 @@ + #include "rsa_locl.h" + #include "internal/constant_time_locl.h" + ++#ifdef OPENSSL_FIPS ++# include ++#endif ++ + static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, +@@ -47,6 +51,12 @@ static const RSA_METHOD *default_RSA_met + + void RSA_set_default_method(const RSA_METHOD *meth) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) { ++ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_RSA_METHOD); ++ return; ++ } ++#endif + default_RSA_meth = meth; + } + +@@ -73,6 +83,22 @@ static int rsa_ossl_public_encrypt(int f + unsigned char *buf = NULL; + BN_CTX *ctx = NULL; + ++# ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT, ++ FIPS_R_FIPS_SELFTEST_FAILED); ++ goto err; ++ } ++ ++ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) ++ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { ++ RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); ++ return -1; ++ } ++ } ++# endif ++ + if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { + RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); + return -1; +@@ -247,6 +273,22 @@ static int rsa_ossl_private_encrypt(int + BIGNUM *unblind = NULL; + BN_BLINDING *blinding = NULL; + ++# ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT, ++ FIPS_R_FIPS_SELFTEST_FAILED); ++ return -1; ++ } ++ ++ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) ++ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { ++ RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); ++ return -1; ++ } ++ } ++# endif ++ + if ((ctx = BN_CTX_new()) == NULL) + goto err; + BN_CTX_start(ctx); +@@ -377,6 +419,22 @@ static int rsa_ossl_private_decrypt(int + BIGNUM *unblind = NULL; + BN_BLINDING *blinding = NULL; + ++# ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_RSA_OSSL_PRIVATE_DECRYPT, ++ FIPS_R_FIPS_SELFTEST_FAILED); ++ return -1; ++ } ++ ++ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) ++ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { ++ RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); ++ return -1; ++ } ++ } ++# endif ++ + if ((ctx = BN_CTX_new()) == NULL) + goto err; + BN_CTX_start(ctx); +@@ -500,6 +558,22 @@ static int rsa_ossl_public_decrypt(int f + unsigned char *buf = NULL; + BN_CTX *ctx = NULL; + ++# ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_RSA_OSSL_PUBLIC_DECRYPT, ++ FIPS_R_FIPS_SELFTEST_FAILED); ++ goto err; ++ } ++ ++ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) ++ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { ++ RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); ++ return -1; ++ } ++ } ++# endif ++ + if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { + RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); + return -1; +diff -up openssl-1.1.1b/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1b/crypto/rsa/rsa_pmeth.c +--- openssl-1.1.1b/crypto/rsa/rsa_pmeth.c.fips 2019-05-06 14:48:26.514174053 +0200 ++++ openssl-1.1.1b/crypto/rsa/rsa_pmeth.c 2019-05-06 14:45:46.732956649 +0200 +@@ -756,7 +756,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX + + const EVP_PKEY_METHOD rsa_pkey_meth = { + EVP_PKEY_RSA, +- EVP_PKEY_FLAG_AUTOARGLEN, ++ EVP_PKEY_FLAG_AUTOARGLEN | EVP_PKEY_FLAG_FIPS, + pkey_rsa_init, + pkey_rsa_copy, + pkey_rsa_cleanup, +@@ -838,7 +838,7 @@ static int pkey_pss_init(EVP_PKEY_CTX *c + + const EVP_PKEY_METHOD rsa_pss_pkey_meth = { + EVP_PKEY_RSA_PSS, +- EVP_PKEY_FLAG_AUTOARGLEN, ++ EVP_PKEY_FLAG_AUTOARGLEN | EVP_PKEY_FLAG_FIPS, + pkey_rsa_init, + pkey_rsa_copy, + pkey_rsa_cleanup, +diff -up openssl-1.1.1b/crypto/rsa/rsa_sign.c.fips openssl-1.1.1b/crypto/rsa/rsa_sign.c +--- openssl-1.1.1b/crypto/rsa/rsa_sign.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/rsa/rsa_sign.c 2019-02-28 11:30:06.819745428 +0100 +@@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch + unsigned char *tmps = NULL; + const unsigned char *encoded = NULL; + ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD); ++ return 0; ++ } ++#endif + if (rsa->meth->rsa_sign) { + return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); + } +@@ -100,8 +107,9 @@ int RSA_sign(int type, const unsigned ch + RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); + goto err; + } +- encrypt_len = RSA_private_encrypt(encoded_len, encoded, sigret, rsa, +- RSA_PKCS1_PADDING); ++ /* NB: call underlying method directly to avoid FIPS blocking */ ++ encrypt_len = rsa->meth->rsa_priv_enc ? rsa->meth->rsa_priv_enc(encoded_len, encoded, sigret, rsa, ++ RSA_PKCS1_PADDING) : 0; + if (encrypt_len <= 0) + goto err; + +diff -up openssl-1.1.1b/crypto/sha/sha256.c.fips openssl-1.1.1b/crypto/sha/sha256.c +--- openssl-1.1.1b/crypto/sha/sha256.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/sha/sha256.c 2019-02-28 11:30:06.819745428 +0100 +@@ -18,6 +18,9 @@ + + int SHA224_Init(SHA256_CTX *c) + { ++# ifdef OPENSSL_FIPS ++ FIPS_selftest_check(); ++# endif + memset(c, 0, sizeof(*c)); + c->h[0] = 0xc1059ed8UL; + c->h[1] = 0x367cd507UL; +@@ -33,6 +36,9 @@ int SHA224_Init(SHA256_CTX *c) + + int SHA256_Init(SHA256_CTX *c) + { ++# ifdef OPENSSL_FIPS ++ FIPS_selftest_check(); ++# endif + memset(c, 0, sizeof(*c)); + c->h[0] = 0x6a09e667UL; + c->h[1] = 0xbb67ae85UL; +diff -up openssl-1.1.1b/crypto/sha/sha512.c.fips openssl-1.1.1b/crypto/sha/sha512.c +--- openssl-1.1.1b/crypto/sha/sha512.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/sha/sha512.c 2019-02-28 11:30:06.820745410 +0100 +@@ -98,6 +98,9 @@ int sha512_256_init(SHA512_CTX *c) + + int SHA384_Init(SHA512_CTX *c) + { ++# ifdef OPENSSL_FIPS ++ FIPS_selftest_check(); ++# endif + c->h[0] = U64(0xcbbb9d5dc1059ed8); + c->h[1] = U64(0x629a292a367cd507); + c->h[2] = U64(0x9159015a3070dd17); +@@ -116,6 +119,9 @@ int SHA384_Init(SHA512_CTX *c) + + int SHA512_Init(SHA512_CTX *c) + { ++# ifdef OPENSSL_FIPS ++ FIPS_selftest_check(); ++# endif + c->h[0] = U64(0x6a09e667f3bcc908); + c->h[1] = U64(0xbb67ae8584caa73b); + c->h[2] = U64(0x3c6ef372fe94f82b); +diff -up openssl-1.1.1b/crypto/sha/sha_locl.h.fips openssl-1.1.1b/crypto/sha/sha_locl.h +--- openssl-1.1.1b/crypto/sha/sha_locl.h.fips 2019-02-28 11:30:06.628748979 +0100 ++++ openssl-1.1.1b/crypto/sha/sha_locl.h 2019-02-28 11:30:06.820745410 +0100 +@@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c + + int HASH_INIT(SHA_CTX *c) + { ++#if defined(OPENSSL_FIPS) ++ FIPS_selftest_check(); ++#endif + memset(c, 0, sizeof(*c)); + c->h0 = INIT_DATA_h0; + c->h1 = INIT_DATA_h1; +diff -up openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod +--- openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod 2019-02-28 11:30:06.820745410 +0100 +@@ -30,8 +30,10 @@ B is the length of the prime p to + For lengths under 2048 bits, the length of q is 160 bits; for lengths + greater than or equal to 2048 bits, the length of q is set to 256 bits. + +-If B is NULL, the primes will be generated at random. +-If B is less than the length of q, an error is returned. ++If B is NULL, or it does not generate primes, the primes will be ++generated at random. ++If B is less than the length of q, an error is returned ++if old DSA parameter generation method is used as a backend. + + DSA_generate_parameters_ex() places the iteration count in + *B and a counter used for finding a generator in +diff -up openssl-1.1.1b/include/openssl/crypto.h.fips openssl-1.1.1b/include/openssl/crypto.h +--- openssl-1.1.1b/include/openssl/crypto.h.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/include/openssl/crypto.h 2019-02-28 11:30:06.820745410 +0100 +@@ -331,6 +331,11 @@ int OPENSSL_isservice(void); + int FIPS_mode(void); + int FIPS_mode_set(int r); + ++# ifdef OPENSSL_FIPS ++/* die if FIPS selftest failed */ ++void FIPS_selftest_check(void); ++# endif ++ + void OPENSSL_init(void); + # ifdef OPENSSL_SYS_UNIX + void OPENSSL_fork_prepare(void); +diff -up openssl-1.1.1b/include/openssl/dherr.h.fips openssl-1.1.1b/include/openssl/dherr.h +--- openssl-1.1.1b/include/openssl/dherr.h.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/include/openssl/dherr.h 2019-02-28 11:30:06.820745410 +0100 +@@ -32,6 +32,9 @@ int ERR_load_DH_strings(void); + # define DH_F_DH_CMS_DECRYPT 114 + # define DH_F_DH_CMS_SET_PEERKEY 115 + # define DH_F_DH_CMS_SET_SHARED_INFO 116 ++# define DH_F_DH_COMPUTE_KEY 203 ++# define DH_F_DH_GENERATE_KEY 202 ++# define DH_F_DH_GENERATE_PARAMETERS_EX 201 + # define DH_F_DH_METH_DUP 117 + # define DH_F_DH_METH_NEW 118 + # define DH_F_DH_METH_SET1_NAME 119 +@@ -69,12 +72,14 @@ int ERR_load_DH_strings(void); + # define DH_R_INVALID_PARAMETER_NID 114 + # define DH_R_INVALID_PUBKEY 102 + # define DH_R_KDF_PARAMETER_ERROR 112 ++# define DH_R_KEY_SIZE_TOO_SMALL 201 + # define DH_R_KEYS_NOT_SET 108 + # define DH_R_MISSING_PUBKEY 125 + # define DH_R_MODULUS_TOO_LARGE 103 + # define DH_R_NOT_SUITABLE_GENERATOR 120 + # define DH_R_NO_PARAMETERS_SET 107 + # define DH_R_NO_PRIVATE_VALUE 100 ++# define DH_R_NON_FIPS_METHOD 202 + # define DH_R_PARAMETER_ENCODING_ERROR 105 + # define DH_R_PEER_KEY_ERROR 111 + # define DH_R_SHARED_INFO_ERROR 113 +diff -up openssl-1.1.1b/include/openssl/dh.h.fips openssl-1.1.1b/include/openssl/dh.h +--- openssl-1.1.1b/include/openssl/dh.h.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/include/openssl/dh.h 2019-02-28 11:30:06.820745410 +0100 +@@ -31,6 +31,7 @@ extern "C" { + # endif + + # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 ++# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048 + + # define DH_FLAG_CACHE_MONT_P 0x01 + +diff -up openssl-1.1.1b/include/openssl/dsaerr.h.fips openssl-1.1.1b/include/openssl/dsaerr.h +--- openssl-1.1.1b/include/openssl/dsaerr.h.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/include/openssl/dsaerr.h 2019-02-28 11:30:06.821745391 +0100 +@@ -25,8 +25,11 @@ int ERR_load_DSA_strings(void); + */ + # define DSA_F_DSAPARAMS_PRINT 100 + # define DSA_F_DSAPARAMS_PRINT_FP 101 ++# define DSA_F_DSA_BUILTIN_KEYGEN 202 + # define DSA_F_DSA_BUILTIN_PARAMGEN 125 + # define DSA_F_DSA_BUILTIN_PARAMGEN2 126 ++# define DSA_F_DSA_GENERATE_KEY 201 ++# define DSA_F_DSA_GENERATE_PARAMETERS_EX 200 + # define DSA_F_DSA_DO_SIGN 112 + # define DSA_F_DSA_DO_VERIFY 113 + # define DSA_F_DSA_METH_DUP 127 +@@ -56,9 +59,12 @@ int ERR_load_DSA_strings(void); + # define DSA_R_DECODE_ERROR 104 + # define DSA_R_INVALID_DIGEST_TYPE 106 + # define DSA_R_INVALID_PARAMETERS 112 ++# define DSA_R_KEY_SIZE_INVALID 201 ++# define DSA_R_KEY_SIZE_TOO_SMALL 202 + # define DSA_R_MISSING_PARAMETERS 101 + # define DSA_R_MODULUS_TOO_LARGE 103 + # define DSA_R_NO_PARAMETERS_SET 107 ++# define DSA_R_NON_FIPS_DSA_METHOD 200 + # define DSA_R_PARAMETER_ENCODING_ERROR 105 + # define DSA_R_Q_NOT_PRIME 113 + # define DSA_R_SEED_LEN_SMALL 110 +diff -up openssl-1.1.1b/include/openssl/dsa.h.fips openssl-1.1.1b/include/openssl/dsa.h +--- openssl-1.1.1b/include/openssl/dsa.h.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/include/openssl/dsa.h 2019-02-28 11:30:06.821745391 +0100 +@@ -31,6 +31,7 @@ extern "C" { + # endif + + # define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 ++# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN 2048 + + # define DSA_FLAG_CACHE_MONT_P 0x01 + # if OPENSSL_API_COMPAT < 0x10100000L +diff -up openssl-1.1.1b/include/openssl/evperr.h.fips openssl-1.1.1b/include/openssl/evperr.h +--- openssl-1.1.1b/include/openssl/evperr.h.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/include/openssl/evperr.h 2019-05-06 16:40:21.324571446 +0200 +@@ -20,11 +20,15 @@ int ERR_load_EVP_strings(void); + * EVP function codes. + */ + # define EVP_F_AESNI_INIT_KEY 165 ++# define EVP_F_AESNI_XTS_INIT_KEY 233 + # define EVP_F_AES_GCM_CTRL 196 + # define EVP_F_AES_INIT_KEY 133 + # define EVP_F_AES_OCB_CIPHER 169 + # define EVP_F_AES_T4_INIT_KEY 178 ++# define EVP_F_AES_T4_XTS_INIT_KEY 234 + # define EVP_F_AES_WRAP_CIPHER 170 ++# define EVP_F_AES_XTS_CIPHER 229 ++# define EVP_F_AES_XTS_INIT_KEY 235 + # define EVP_F_ALG_MODULE_INIT 177 + # define EVP_F_ARIA_CCM_INIT_KEY 175 + # define EVP_F_ARIA_GCM_CTRL 197 +@@ -133,6 +134,7 @@ int ERR_load_EVP_strings(void); + # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 + # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 + # define EVP_R_DECODE_ERROR 114 ++# define EVP_R_DISABLED_FOR_FIPS 200 + # define EVP_R_DIFFERENT_KEY_TYPES 101 + # define EVP_R_DIFFERENT_PARAMETERS 153 + # define EVP_R_ERROR_LOADING_SECTION 165 +@@ -175,6 +177,7 @@ int ERR_load_EVP_strings(void); + # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 + # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 + # define EVP_R_PUBLIC_KEY_NOT_RSA 106 ++# define EVP_R_TOO_LARGE 201 + # define EVP_R_UNKNOWN_CIPHER 160 + # define EVP_R_UNKNOWN_DIGEST 161 + # define EVP_R_UNKNOWN_OPTION 169 +@@ -190,5 +193,7 @@ int ERR_load_EVP_strings(void); + # define EVP_R_UNSUPPORTED_SALT_TYPE 126 + # define EVP_R_WRAP_MODE_NOT_ALLOWED 170 + # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 ++# define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE 191 ++# define EVP_R_XTS_DUPLICATED_KEYS 192 + + #endif +diff -up openssl-1.1.1b/include/openssl/evp.h.fips openssl-1.1.1b/include/openssl/evp.h +--- openssl-1.1.1b/include/openssl/evp.h.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/include/openssl/evp.h 2019-05-06 14:54:13.213136281 +0200 +@@ -1319,6 +1319,9 @@ void EVP_PKEY_asn1_set_security_bits(EVP + */ + # define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 + ++/* Downstream modification, large value to avoid conflict */ ++# define EVP_PKEY_FLAG_FIPS 0x4000 ++ + const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); + EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); + void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, +diff -up openssl-1.1.1b/include/openssl/fips.h.fips openssl-1.1.1b/include/openssl/fips.h +--- openssl-1.1.1b/include/openssl/fips.h.fips 2019-05-06 16:08:46.800598073 +0200 ++++ openssl-1.1.1b/include/openssl/fips.h 2019-05-06 16:43:12.874549821 +0200 +@@ -0,0 +1,187 @@ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++#include ++#include ++ ++#ifndef OPENSSL_FIPS ++# error FIPS is disabled. ++#endif ++ ++#ifdef OPENSSL_FIPS ++ ++# ifdef __cplusplus ++extern "C" { ++# endif ++ ++ int FIPS_selftest(void); ++ int FIPS_selftest_failed(void); ++ int FIPS_selftest_drbg_all(void); ++ ++ int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, ++ const EVP_MD *evpmd, const unsigned char *seed_in, ++ size_t seed_len, int idx, unsigned char *seed_out, ++ int *counter_ret, unsigned long *h_ret, ++ BN_GENCB *cb); ++ int FIPS_dsa_paramgen_check_g(DSA *dsa); ++ ++/* BEGIN ERROR CODES */ ++/* The following lines are auto generated by the script mkerr.pl. Any changes ++ * made after this point may be overwritten when the script is next run. ++ */ ++ int ERR_load_FIPS_strings(void); ++ ++/* Error codes for the FIPS functions. */ ++ ++/* Function codes. */ ++# define FIPS_F_DH_BUILTIN_GENPARAMS 100 ++# define FIPS_F_DRBG_RESEED 121 ++# define FIPS_F_DSA_BUILTIN_PARAMGEN2 107 ++# define FIPS_F_DSA_DO_SIGN 102 ++# define FIPS_F_DSA_DO_VERIFY 103 ++# define FIPS_F_EVP_CIPHER_CTX_NEW 137 ++# define FIPS_F_EVP_CIPHER_CTX_RESET 122 ++# define FIPS_F_ECDH_COMPUTE_KEY 123 ++# define FIPS_F_EVP_CIPHERINIT_EX 124 ++# define FIPS_F_EVP_DIGESTINIT_EX 125 ++# define FIPS_F_FIPS_CHECK_DSA 104 ++# define FIPS_F_FIPS_CHECK_EC 142 ++# define FIPS_F_FIPS_CHECK_RSA 106 ++# define FIPS_F_FIPS_DRBG_BYTES 131 ++# define FIPS_F_FIPS_DRBG_CHECK 146 ++# define FIPS_F_FIPS_DRBG_CPRNG_TEST 132 ++# define FIPS_F_FIPS_DRBG_ERROR_CHECK 136 ++# define FIPS_F_FIPS_DRBG_GENERATE 134 ++# define FIPS_F_FIPS_DRBG_INIT 135 ++# define FIPS_F_FIPS_DRBG_INSTANTIATE 138 ++# define FIPS_F_FIPS_DRBG_NEW 139 ++# define FIPS_F_FIPS_DRBG_RESEED 140 ++# define FIPS_F_FIPS_DRBG_SINGLE_KAT 141 ++# define FIPS_F_FIPS_GET_ENTROPY 147 ++# define FIPS_F_FIPS_MODULE_MODE_SET 108 ++# define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109 ++# define FIPS_F_FIPS_RAND_BYTES 114 ++# define FIPS_F_FIPS_RAND_SEED 128 ++# define FIPS_F_FIPS_RAND_SET_METHOD 126 ++# define FIPS_F_FIPS_RAND_STATUS 127 ++# define FIPS_F_FIPS_RSA_BUILTIN_KEYGEN 101 ++# define FIPS_F_FIPS_SELFTEST 150 ++# define FIPS_F_FIPS_SELFTEST_AES 110 ++# define FIPS_F_FIPS_SELFTEST_AES_CCM 145 ++# define FIPS_F_FIPS_SELFTEST_AES_GCM 129 ++# define FIPS_F_FIPS_SELFTEST_AES_XTS 144 ++# define FIPS_F_FIPS_SELFTEST_CMAC 130 ++# define FIPS_F_FIPS_SELFTEST_DES 111 ++# define FIPS_F_FIPS_SELFTEST_DSA 112 ++# define FIPS_F_FIPS_SELFTEST_ECDSA 133 ++# define FIPS_F_FIPS_SELFTEST_HMAC 113 ++# define FIPS_F_FIPS_SELFTEST_SHA1 115 ++# define FIPS_F_FIPS_SELFTEST_SHA2 105 ++# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143 ++# define FIPS_F_OSSL_ECDSA_VERIFY_SIG 148 ++# define FIPS_F_RSA_BUILTIN_KEYGEN 116 ++# define FIPS_F_RSA_OSSL_INIT 149 ++# define FIPS_F_RSA_OSSL_PRIVATE_DECRYPT 117 ++# define FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT 118 ++# define FIPS_F_RSA_OSSL_PUBLIC_DECRYPT 119 ++# define FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT 120 ++ ++/* Reason codes. */ ++# define FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED 150 ++# define FIPS_R_ADDITIONAL_INPUT_TOO_LONG 125 ++# define FIPS_R_ALREADY_INSTANTIATED 134 ++# define FIPS_R_DRBG_NOT_INITIALISED 152 ++# define FIPS_R_DRBG_STUCK 103 ++# define FIPS_R_ENTROPY_ERROR_UNDETECTED 104 ++# define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105 ++# define FIPS_R_ENTROPY_SOURCE_STUCK 142 ++# define FIPS_R_ERROR_INITIALISING_DRBG 115 ++# define FIPS_R_ERROR_INSTANTIATING_DRBG 127 ++# define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 124 ++# define FIPS_R_ERROR_RETRIEVING_ENTROPY 122 ++# define FIPS_R_ERROR_RETRIEVING_NONCE 140 ++# define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 110 ++# define FIPS_R_FIPS_MODE_ALREADY_SET 102 ++# define FIPS_R_FIPS_SELFTEST_FAILED 106 ++# define FIPS_R_FUNCTION_ERROR 116 ++# define FIPS_R_GENERATE_ERROR 137 ++# define FIPS_R_GENERATE_ERROR_UNDETECTED 118 ++# define FIPS_R_INSTANTIATE_ERROR 119 ++# define FIPS_R_INTERNAL_ERROR 121 ++# define FIPS_R_INVALID_KEY_LENGTH 109 ++# define FIPS_R_IN_ERROR_STATE 123 ++# define FIPS_R_KEY_TOO_SHORT 108 ++# define FIPS_R_NONCE_ERROR_UNDETECTED 149 ++# define FIPS_R_NON_FIPS_METHOD 100 ++# define FIPS_R_NOPR_TEST1_FAILURE 145 ++# define FIPS_R_NOPR_TEST2_FAILURE 146 ++# define FIPS_R_NOT_INSTANTIATED 126 ++# define FIPS_R_PAIRWISE_TEST_FAILED 107 ++# define FIPS_R_PERSONALISATION_ERROR_UNDETECTED 128 ++# define FIPS_R_PERSONALISATION_STRING_TOO_LONG 129 ++# define FIPS_R_PR_TEST1_FAILURE 147 ++# define FIPS_R_PR_TEST2_FAILURE 148 ++# define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED 130 ++# define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG 131 ++# define FIPS_R_RESEED_COUNTER_ERROR 132 ++# define FIPS_R_RESEED_ERROR 133 ++# define FIPS_R_SELFTEST_FAILED 101 ++# define FIPS_R_SELFTEST_FAILURE 135 ++# define FIPS_R_TEST_FAILURE 117 ++# define FIPS_R_UNINSTANTIATE_ERROR 141 ++# define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138 ++# define FIPS_R_UNSUPPORTED_DRBG_TYPE 139 ++# define FIPS_R_UNSUPPORTED_PLATFORM 113 ++ ++# ifdef __cplusplus ++} ++# endif ++#endif +diff -up openssl-1.1.1b/include/openssl/fips_rand.h.fips openssl-1.1.1b/include/openssl/fips_rand.h +--- openssl-1.1.1b/include/openssl/fips_rand.h.fips 2019-02-28 11:30:06.821745391 +0100 ++++ openssl-1.1.1b/include/openssl/fips_rand.h 2019-02-28 11:30:06.821745391 +0100 +@@ -0,0 +1,145 @@ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#ifndef HEADER_FIPS_RAND_H ++# define HEADER_FIPS_RAND_H ++ ++# include ++# include ++# include ++# include ++ ++# ifdef OPENSSL_FIPS ++ ++# ifdef __cplusplus ++extern "C" { ++# endif ++ typedef struct drbg_ctx_st DRBG_CTX; ++/* DRBG external flags */ ++/* Flag for CTR mode only: use derivation function ctr_df */ ++# define DRBG_FLAG_CTR_USE_DF 0x1 ++/* PRNG is in test state */ ++# define DRBG_FLAG_TEST 0x2 ++ ++ DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags); ++ int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags); ++ int FIPS_drbg_instantiate(DRBG_CTX *dctx, ++ const unsigned char *pers, size_t perslen); ++ int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin, ++ size_t adinlen); ++ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen, ++ int prediction_resistance, ++ const unsigned char *adin, size_t adinlen); ++ ++ int FIPS_drbg_uninstantiate(DRBG_CTX *dctx); ++ void FIPS_drbg_free(DRBG_CTX *dctx); ++ ++ int FIPS_drbg_set_callbacks(DRBG_CTX *dctx, ++ size_t (*get_entropy) (DRBG_CTX *ctx, ++ unsigned char **pout, ++ int entropy, ++ size_t min_len, ++ size_t max_len), ++ void (*cleanup_entropy) (DRBG_CTX *ctx, ++ unsigned char *out, ++ size_t olen), ++ size_t entropy_blocklen, ++ size_t (*get_nonce) (DRBG_CTX *ctx, ++ unsigned char **pout, ++ int entropy, ++ size_t min_len, ++ size_t max_len), ++ void (*cleanup_nonce) (DRBG_CTX *ctx, ++ unsigned char *out, ++ size_t olen)); ++ ++ int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx, ++ size_t (*get_adin) (DRBG_CTX *ctx, ++ unsigned char ++ **pout), ++ void (*cleanup_adin) (DRBG_CTX *ctx, ++ unsigned char *out, ++ size_t olen), ++ int (*rand_seed_cb) (DRBG_CTX *ctx, ++ const void *buf, ++ int num), ++ int (*rand_add_cb) (DRBG_CTX *ctx, ++ const void *buf, ++ int num, ++ double entropy)); ++ ++ void *FIPS_drbg_get_app_data(DRBG_CTX *ctx); ++ void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data); ++ size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx); ++ int FIPS_drbg_get_strength(DRBG_CTX *dctx); ++ void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval); ++ void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval); ++ ++ int FIPS_drbg_health_check(DRBG_CTX *dctx); ++ ++ DRBG_CTX *FIPS_get_default_drbg(void); ++ const RAND_METHOD *FIPS_drbg_method(void); ++ ++ int FIPS_rand_set_method(const RAND_METHOD *meth); ++ const RAND_METHOD *FIPS_rand_get_method(void); ++ ++ void FIPS_rand_set_bits(int nbits); ++ ++ int FIPS_rand_strength(void); ++ ++/* 1.0.0 compat functions */ ++ int FIPS_rand_seed(const void *buf, int num); ++ int FIPS_rand_bytes(unsigned char *out, int outlen); ++ void FIPS_rand_reset(void); ++ int FIPS_rand_status(void); ++# ifdef __cplusplus ++} ++# endif ++# endif ++#endif +diff -up openssl-1.1.1b/include/openssl/opensslconf.h.in.fips openssl-1.1.1b/include/openssl/opensslconf.h.in +--- openssl-1.1.1b/include/openssl/opensslconf.h.in.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/include/openssl/opensslconf.h.in 2019-02-28 11:30:06.822745372 +0100 +@@ -150,6 +150,11 @@ extern "C" { + + #define RC4_INT {- $config{rc4_int} -} + ++/* Always build FIPS module */ ++#ifndef OPENSSL_FIPS ++# define OPENSSL_FIPS ++#endif ++ + #ifdef __cplusplus + } + #endif +diff -up openssl-1.1.1b/include/openssl/randerr.h.fips openssl-1.1.1b/include/openssl/randerr.h +--- openssl-1.1.1b/include/openssl/randerr.h.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/include/openssl/randerr.h 2019-02-28 11:30:06.822745372 +0100 +@@ -35,6 +35,7 @@ int ERR_load_RAND_strings(void); + # define RAND_F_RAND_DRBG_SET 104 + # define RAND_F_RAND_DRBG_SET_DEFAULTS 121 + # define RAND_F_RAND_DRBG_UNINSTANTIATE 118 ++# define RAND_F_RAND_INIT_FIPS 200 + # define RAND_F_RAND_LOAD_FILE 111 + # define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 + # define RAND_F_RAND_POOL_ADD 103 +diff -up openssl-1.1.1b/include/openssl/rand.h.fips openssl-1.1.1b/include/openssl/rand.h +--- openssl-1.1.1b/include/openssl/rand.h.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/include/openssl/rand.h 2019-02-28 11:30:06.822745372 +0100 +@@ -69,6 +69,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void + DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) + # endif + ++# ifdef OPENSSL_FIPS ++/* just stubs for API compatibility */ ++void RAND_set_fips_drbg_type(int type, int flags); ++int RAND_init_fips(void); ++# endif + + #ifdef __cplusplus + } +diff -up openssl-1.1.1b/include/openssl/rsaerr.h.fips openssl-1.1.1b/include/openssl/rsaerr.h +--- openssl-1.1.1b/include/openssl/rsaerr.h.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/include/openssl/rsaerr.h 2019-02-28 11:30:06.822745372 +0100 +@@ -21,6 +21,7 @@ int ERR_load_RSA_strings(void); + */ + # define RSA_F_CHECK_PADDING_MD 140 + # define RSA_F_ENCODE_PKCS1 146 ++# define RSA_F_FIPS_RSA_BUILTIN_KEYGEN 206 + # define RSA_F_INT_RSA_VERIFY 145 + # define RSA_F_OLD_RSA_PRIV_DECODE 147 + # define RSA_F_PKEY_PSS_INIT 165 +@@ -35,6 +36,8 @@ int ERR_load_RSA_strings(void); + # define RSA_F_RSA_CHECK_KEY_EX 160 + # define RSA_F_RSA_CMS_DECRYPT 159 + # define RSA_F_RSA_CMS_VERIFY 158 ++# define RSA_F_RSA_GENERATE_KEY_EX 204 ++# define RSA_F_RSA_GENERATE_MULTI_PRIME_KEY 207 + # define RSA_F_RSA_ITEM_VERIFY 148 + # define RSA_F_RSA_METH_DUP 161 + # define RSA_F_RSA_METH_NEW 162 +@@ -72,10 +75,16 @@ int ERR_load_RSA_strings(void); + # define RSA_F_RSA_PRINT_FP 116 + # define RSA_F_RSA_PRIV_DECODE 150 + # define RSA_F_RSA_PRIV_ENCODE 138 ++# define RSA_F_RSA_PRIVATE_DECRYPT 200 ++# define RSA_F_RSA_PRIVATE_ENCRYPT 201 + # define RSA_F_RSA_PSS_GET_PARAM 151 + # define RSA_F_RSA_PSS_TO_CTX 155 + # define RSA_F_RSA_PUB_DECODE 139 ++# define RSA_F_RSA_PUBLIC_DECRYPT 202 ++# define RSA_F_RSA_PUBLIC_ENCRYPT 203 + # define RSA_F_RSA_SETUP_BLINDING 136 ++# define RSA_F_RSA_SET_DEFAULT_METHOD 205 ++# define RSA_F_RSA_SET_METHOD 204 + # define RSA_F_RSA_SIGN 117 + # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 + # define RSA_F_RSA_VERIFY 119 +@@ -132,10 +141,12 @@ int ERR_load_RSA_strings(void); + # define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169 + # define RSA_R_MP_R_NOT_PRIME 170 + # define RSA_R_NO_PUBLIC_EXPONENT 140 ++# define RSA_R_NON_FIPS_RSA_METHOD 200 + # define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 + # define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172 + # define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 + # define RSA_R_OAEP_DECODING_ERROR 121 ++# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 201 + # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 + # define RSA_R_PADDING_CHECK_FAILED 114 + # define RSA_R_PKCS_DECODING_ERROR 159 +@@ -155,6 +166,7 @@ int ERR_load_RSA_strings(void); + # define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 + # define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 + # define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 ++# define RSA_R_UNSUPPORTED_PARAMETERS 202 + # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 + # define RSA_R_VALUE_MISSING 147 + # define RSA_R_WRONG_SIGNATURE_LENGTH 119 +diff -up openssl-1.1.1b/ssl/ssl_ciph.c.fips openssl-1.1.1b/ssl/ssl_ciph.c +--- openssl-1.1.1b/ssl/ssl_ciph.c.fips 2019-02-28 11:30:06.776746228 +0100 ++++ openssl-1.1.1b/ssl/ssl_ciph.c 2019-02-28 11:30:06.822745372 +0100 +@@ -387,7 +387,7 @@ int ssl_load_ciphers(void) + } + } + /* Make sure we can access MD5 and SHA1 */ +- if (!ossl_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL)) ++ if (!FIPS_mode() && !ossl_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL)) + return 0; + if (!ossl_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL)) + return 0; +@@ -559,6 +559,9 @@ int ssl_cipher_get_evp(const SSL_SESSION + s->ssl_version < TLS1_VERSION) + return 1; + ++ if (FIPS_mode()) ++ return 1; ++ + if (c->algorithm_enc == SSL_RC4 && + c->algorithm_mac == SSL_MD5 && + (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) +@@ -667,6 +670,8 @@ static void ssl_cipher_collect_ciphers(c + /* drop those that use any of that is not available */ + if (c == NULL || !c->valid) + continue; ++ if (FIPS_mode() && !(c->algo_strength & SSL_FIPS)) ++ continue; + if ((c->algorithm_mkey & disabled_mkey) || + (c->algorithm_auth & disabled_auth) || + (c->algorithm_enc & disabled_enc) || +@@ -1670,7 +1675,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + * to the resulting precedence to the STACK_OF(SSL_CIPHER). + */ + for (curr = head; curr != NULL; curr = curr->next) { +- if (curr->active) { ++ if (curr->active ++ && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) { + if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { + OPENSSL_free(co_list); + sk_SSL_CIPHER_free(cipherstack); +diff -up openssl-1.1.1b/ssl/ssl_init.c.fips openssl-1.1.1b/ssl/ssl_init.c +--- openssl-1.1.1b/ssl/ssl_init.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/ssl/ssl_init.c 2019-02-28 11:30:06.823745354 +0100 +@@ -27,6 +27,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas + fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " + "Adding SSL ciphers and digests\n"); + #endif ++#ifdef OPENSSL_FIPS ++ if (!FIPS_mode()) { ++#endif ++ + #ifndef OPENSSL_NO_DES + EVP_add_cipher(EVP_des_cbc()); + EVP_add_cipher(EVP_des_ede3_cbc()); +@@ -87,6 +91,31 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas + EVP_add_digest(EVP_sha256()); + EVP_add_digest(EVP_sha384()); + EVP_add_digest(EVP_sha512()); ++#ifdef OPENSSL_FIPS ++ } else { ++# ifndef OPENSSL_NO_DES ++ EVP_add_cipher(EVP_des_ede3_cbc()); ++# endif ++ EVP_add_cipher(EVP_aes_128_cbc()); ++ EVP_add_cipher(EVP_aes_192_cbc()); ++ EVP_add_cipher(EVP_aes_256_cbc()); ++ EVP_add_cipher(EVP_aes_128_gcm()); ++ EVP_add_cipher(EVP_aes_256_gcm()); ++ EVP_add_cipher(EVP_aes_128_ccm()); ++ EVP_add_cipher(EVP_aes_256_ccm()); ++# ifndef OPENSSL_NO_MD5 ++ /* needed even in the FIPS mode for TLS-1.0 */ ++ EVP_add_digest(EVP_md5_sha1()); ++# endif ++ EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ ++ EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); ++ EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); ++ EVP_add_digest(EVP_sha224()); ++ EVP_add_digest(EVP_sha256()); ++ EVP_add_digest(EVP_sha384()); ++ EVP_add_digest(EVP_sha512()); ++ } ++#endif + #ifndef OPENSSL_NO_COMP + # ifdef OPENSSL_INIT_DEBUG + fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " +diff -up openssl-1.1.1b/ssl/ssl_lib.c.fips openssl-1.1.1b/ssl/ssl_lib.c +--- openssl-1.1.1b/ssl/ssl_lib.c.fips 2019-02-28 11:30:06.776746228 +0100 ++++ openssl-1.1.1b/ssl/ssl_lib.c 2019-02-28 11:30:06.823745354 +0100 +@@ -2908,6 +2908,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m + if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) + return NULL; + ++ if (FIPS_mode() && (meth->version < TLS1_VERSION)) { ++ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE); ++ return NULL; ++ } ++ + if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); + goto err; +@@ -2964,13 +2969,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m + if (ret->param == NULL) + goto err; + +- if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { +- SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); +- goto err2; +- } +- if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { +- SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); +- goto err2; ++ if (!FIPS_mode()) { ++ if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { ++ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); ++ goto err2; ++ } ++ if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { ++ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); ++ goto err2; ++ } ++ } else { ++ ret->min_proto_version = TLS1_VERSION; + } + + if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) +diff -up openssl-1.1.1c/ssl/ssl_locl.h.fips openssl-1.1.1c/ssl/ssl_locl.h +--- openssl-1.1.1c/ssl/ssl_locl.h.fips 2019-06-03 16:44:58.963560101 +0200 ++++ openssl-1.1.1c/ssl/ssl_locl.h 2019-06-24 14:43:19.547353076 +0200 +@@ -1507,6 +1507,7 @@ typedef struct tls_group_info_st { + # define TLS_CURVE_PRIME 0x0 + # define TLS_CURVE_CHAR2 0x1 + # define TLS_CURVE_CUSTOM 0x2 ++# define TLS_CURVE_FIPS 0x80 + + typedef struct cert_pkey_st CERT_PKEY; + +diff -up openssl-1.1.1c/ssl/t1_lib.c.fips openssl-1.1.1c/ssl/t1_lib.c +--- openssl-1.1.1c/ssl/t1_lib.c.fips 2019-05-28 15:12:21.000000000 +0200 ++++ openssl-1.1.1c/ssl/t1_lib.c 2019-06-24 14:49:00.638576235 +0200 +@@ -156,11 +156,11 @@ static const TLS_GROUP_INFO nid_list[] = + {NID_secp192k1, 80, TLS_CURVE_PRIME}, /* secp192k1 (18) */ + {NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME}, /* secp192r1 (19) */ + {NID_secp224k1, 112, TLS_CURVE_PRIME}, /* secp224k1 (20) */ +- {NID_secp224r1, 112, TLS_CURVE_PRIME}, /* secp224r1 (21) */ ++ {NID_secp224r1, 112, TLS_CURVE_PRIME | TLS_CURVE_FIPS}, /* secp224r1 (21) */ + {NID_secp256k1, 128, TLS_CURVE_PRIME}, /* secp256k1 (22) */ +- {NID_X9_62_prime256v1, 128, TLS_CURVE_PRIME}, /* secp256r1 (23) */ +- {NID_secp384r1, 192, TLS_CURVE_PRIME}, /* secp384r1 (24) */ +- {NID_secp521r1, 256, TLS_CURVE_PRIME}, /* secp521r1 (25) */ ++ {NID_X9_62_prime256v1, 128, TLS_CURVE_PRIME | TLS_CURVE_FIPS}, /* secp256r1 (23) */ ++ {NID_secp384r1, 192, TLS_CURVE_PRIME | TLS_CURVE_FIPS}, /* secp384r1 (24) */ ++ {NID_secp521r1, 256, TLS_CURVE_PRIME | TLS_CURVE_FIPS}, /* secp521r1 (25) */ + {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */ + {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */ + {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */ +@@ -255,6 +255,8 @@ int tls_curve_allowed(SSL *s, uint16_t c + if (cinfo->flags & TLS_CURVE_CHAR2) + return 0; + # endif ++ if (FIPS_mode() && !(cinfo->flags & TLS_CURVE_FIPS)) ++ return 0; + ctmp[0] = curve >> 8; + ctmp[1] = curve & 0xff; + return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp); +diff -up openssl-1.1.1b/test/dsatest.c.fips openssl-1.1.1b/test/dsatest.c +--- openssl-1.1.1b/test/dsatest.c.fips 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/test/dsatest.c 2019-02-28 11:30:06.824745335 +0100 +@@ -24,41 +24,42 @@ + #ifndef OPENSSL_NO_DSA + static int dsa_cb(int p, int n, BN_GENCB *arg); + +-/* +- * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS +- * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 +- */ + static unsigned char seed[20] = { +- 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, 0xb6, 0x21, 0x1b, 0x40, +- 0x62, 0xba, 0x32, 0x24, 0xe0, 0x42, 0x7d, 0xd3, ++ 0x02, 0x47, 0x11, 0x92, 0x11, 0x88, 0xC8, 0xFB, 0xAF, 0x48, 0x4C, 0x62, ++ 0xDF, 0xA5, 0xBE, 0xA0, 0xA4, 0x3C, 0x56, 0xE3, + }; + + static unsigned char out_p[] = { +- 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa, +- 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb, +- 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7, +- 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5, +- 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf, +- 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac, +- 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2, +- 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91, ++ 0xAC, 0xCB, 0x1E, 0x63, 0x60, 0x69, 0x0C, 0xFB, 0x06, 0x19, 0x68, 0x3E, ++ 0xA5, 0x01, 0x5A, 0xA2, 0x15, 0x5C, 0xE2, 0x99, 0x2D, 0xD5, 0x30, 0x99, ++ 0x7E, 0x5F, 0x8D, 0xE2, 0xF7, 0xC6, 0x2E, 0x8D, 0xA3, 0x9F, 0x58, 0xAD, ++ 0xD6, 0xA9, 0x7D, 0x0E, 0x0D, 0x95, 0x53, 0xA6, 0x71, 0x3A, 0xDE, 0xAB, ++ 0xAC, 0xE9, 0xF4, 0x36, 0x55, 0x9E, 0xB9, 0xD6, 0x93, 0xBF, 0xF3, 0x18, ++ 0x1C, 0x14, 0x7B, 0xA5, 0x42, 0x2E, 0xCD, 0x00, 0xEB, 0x35, 0x3B, 0x1B, ++ 0xA8, 0x51, 0xBB, 0xE1, 0x58, 0x42, 0x85, 0x84, 0x22, 0xA7, 0x97, 0x5E, ++ 0x99, 0x6F, 0x38, 0x20, 0xBD, 0x9D, 0xB6, 0xD9, 0x33, 0x37, 0x2A, 0xFD, ++ 0xBB, 0xD4, 0xBC, 0x0C, 0x2A, 0x67, 0xCB, 0x9F, 0xBB, 0xDF, 0xF9, 0x93, ++ 0xAA, 0xD6, 0xF0, 0xD6, 0x95, 0x0B, 0x5D, 0x65, 0x14, 0xD0, 0x18, 0x9D, ++ 0xC6, 0xAF, 0xF0, 0xC6, 0x37, 0x7C, 0xF3, 0x5F, + }; + + static unsigned char out_q[] = { +- 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee, +- 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e, +- 0xda, 0xce, 0x91, 0x5f, ++ 0xE3, 0x8E, 0x5E, 0x6D, 0xBF, 0x2B, 0x79, 0xF8, 0xC5, 0x4B, 0x89, 0x8B, ++ 0xBA, 0x2D, 0x91, 0xC3, 0x6C, 0x80, 0xAC, 0x87, + }; + + static unsigned char out_g[] = { +- 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13, +- 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00, +- 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb, +- 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e, +- 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf, +- 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c, +- 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c, +- 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02, ++ 0x42, 0x4A, 0x04, 0x4E, 0x79, 0xB4, 0x99, 0x7F, 0xFD, 0x58, 0x36, 0x2C, ++ 0x1B, 0x5F, 0x18, 0x7E, 0x0D, 0xCC, 0xAB, 0x81, 0xC9, 0x5D, 0x10, 0xCE, ++ 0x4E, 0x80, 0x7E, 0x58, 0xB4, 0x34, 0x3F, 0xA7, 0x45, 0xC7, 0xAA, 0x36, ++ 0x24, 0x42, 0xA9, 0x3B, 0xE8, 0x0E, 0x04, 0x02, 0x2D, 0xFB, 0xA6, 0x13, ++ 0xB9, 0xB5, 0x15, 0xA5, 0x56, 0x07, 0x35, 0xE4, 0x03, 0xB6, 0x79, 0x7C, ++ 0x62, 0xDD, 0xDF, 0x3F, 0x71, 0x3A, 0x9D, 0x8B, 0xC4, 0xF6, 0xE7, 0x1D, ++ 0x52, 0xA8, 0xA9, 0x43, 0x1D, 0x33, 0x51, 0x88, 0x39, 0xBD, 0x73, 0xE9, ++ 0x5F, 0xBE, 0x82, 0x49, 0x27, 0xE6, 0xB5, 0x53, 0xC1, 0x38, 0xAC, 0x2F, ++ 0x6D, 0x97, 0x6C, 0xEB, 0x67, 0xC1, 0x5F, 0x67, 0xF8, 0x35, 0x05, 0x5E, ++ 0xD5, 0x68, 0x80, 0xAA, 0x96, 0xCA, 0x0B, 0x8A, 0xE6, 0xF1, 0xB1, 0x41, ++ 0xC6, 0x75, 0x94, 0x0A, 0x0A, 0x2A, 0xFA, 0x29, + }; + + static const unsigned char str1[] = "12345678901234567890"; +@@ -79,11 +80,11 @@ static int dsa_test(void) + + BN_GENCB_set(cb, dsa_cb, NULL); + if (!TEST_ptr(dsa = DSA_new()) +- || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20, ++ || !TEST_true(DSA_generate_parameters_ex(dsa, 1024, seed, 20, + &counter, &h, cb))) + goto end; + +- if (!TEST_int_eq(counter, 105)) ++ if (!TEST_int_eq(counter, 239)) + goto end; + if (!TEST_int_eq(h, 2)) + goto end; +diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt +--- openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt.fips 2019-05-06 16:08:46.857597085 +0200 ++++ openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt 2019-05-06 16:35:37.917563292 +0200 +@@ -1184,6 +1184,7 @@ Key = 0000000000000000000000000000000000 + IV = 00000000000000000000000000000000 + Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 + Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e ++Result = KEY_SET_ERROR + + Cipher = aes-128-xts + Key = 1111111111111111111111111111111122222222222222222222222222222222 +diff -up openssl-1.1.1c/util/libcrypto.num.fips openssl-1.1.1c/util/libcrypto.num +--- openssl-1.1.1c/util/libcrypto.num.fips 2019-05-29 15:46:19.154260824 +0200 ++++ openssl-1.1.1c/util/libcrypto.num 2019-05-29 15:50:10.390191805 +0200 +@@ -4580,3 +4580,38 @@ EVP_PKEY_meth_get_digest_custom + OPENSSL_INIT_set_config_filename 4534 1_1_1b EXIST::FUNCTION:STDIO + OPENSSL_INIT_set_config_file_flags 4535 1_1_1b EXIST::FUNCTION:STDIO + EVP_PKEY_get0_engine 4536 1_1_1c EXIST::FUNCTION:ENGINE ++FIPS_drbg_reseed 6348 1_1_0g EXIST::FUNCTION: ++FIPS_selftest_check 6349 1_1_0g EXIST::FUNCTION: ++FIPS_rand_set_method 6350 1_1_0g EXIST::FUNCTION: ++FIPS_get_default_drbg 6351 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_reseed_interval 6352 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_app_data 6353 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_method 6354 1_1_0g EXIST::FUNCTION: ++FIPS_rand_status 6355 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_instantiate 6356 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_callbacks 6357 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_new 6358 1_1_0g EXIST::FUNCTION: ++FIPS_dsa_paramgen_check_g 6359 1_1_0g EXIST::FUNCTION: ++FIPS_selftest 6360 1_1_0g EXIST::FUNCTION: ++FIPS_rand_set_bits 6361 1_1_0g EXIST::FUNCTION: ++FIPS_rand_bytes 6362 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_get_app_data 6363 1_1_0g EXIST::FUNCTION: ++FIPS_selftest_failed 6364 1_1_0g EXIST::FUNCTION: ++FIPS_dsa_builtin_paramgen2 6365 1_1_0g EXIST::FUNCTION: ++FIPS_rand_reset 6366 1_1_0g EXIST::FUNCTION: ++ERR_load_FIPS_strings 6367 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_generate 6368 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_uninstantiate 6369 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_check_interval 6370 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_free 6371 1_1_0g EXIST::FUNCTION: ++FIPS_selftest_drbg_all 6372 1_1_0g EXIST::FUNCTION: ++FIPS_rand_get_method 6373 1_1_0g EXIST::FUNCTION: ++RAND_set_fips_drbg_type 6374 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_health_check 6375 1_1_0g EXIST::FUNCTION: ++RAND_init_fips 6376 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_rand_callbacks 6377 1_1_0g EXIST::FUNCTION: ++FIPS_rand_seed 6378 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_get_strength 6379 1_1_0g EXIST::FUNCTION: ++FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION: diff --git a/openssl-freefilesync/openssl-1.1.1-ignore-bound.patch b/openssl-freefilesync/openssl-1.1.1-ignore-bound.patch new file mode 100644 index 0000000..4838f3d --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-ignore-bound.patch @@ -0,0 +1,14 @@ +Do not return failure when setting version bound on fixed protocol +version method. +diff -up openssl-1.1.1-pre8/ssl/statem/statem_lib.c.ignore-bound openssl-1.1.1-pre8/ssl/statem/statem_lib.c +--- openssl-1.1.1-pre8/ssl/statem/statem_lib.c.ignore-bound 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/ssl/statem/statem_lib.c 2018-08-13 11:07:52.826304045 +0200 +@@ -1595,7 +1595,7 @@ int ssl_set_version_bound(int method_ver + * methods are not subject to controls that disable individual protocol + * versions. + */ +- return 0; ++ return 1; + + case TLS_ANY_VERSION: + if (version < SSL3_VERSION || version > TLS_MAX_VERSION) diff --git a/openssl-freefilesync/openssl-1.1.1-man-rename.patch b/openssl-freefilesync/openssl-1.1.1-man-rename.patch new file mode 100644 index 0000000..4e504b4 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-man-rename.patch @@ -0,0 +1,19 @@ +diff -up openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename openssl-1.1.1-pre9/doc/man1/openssl.pod +--- openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename 2018-08-21 14:14:13.000000000 +0200 ++++ openssl-1.1.1-pre9/doc/man1/openssl.pod 2018-08-22 12:13:04.092568064 +0200 +@@ -482,13 +482,13 @@ L, L, L + L, L, + L, L, L, L, L, + L, L, L, +-L, + L, L, L, + L, L, L, L, +-L, L, L, L, ++L, L, L, + L, L, + L, L, L, + L, L, L, L, L, ++L, L, + L, + L, L, L, + L, L, L diff --git a/openssl-freefilesync/openssl-1.1.1-no-brainpool.patch b/openssl-freefilesync/openssl-1.1.1-no-brainpool.patch new file mode 100644 index 0000000..2ab6fc9 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-no-brainpool.patch @@ -0,0 +1,116 @@ +diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in +--- openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in 2019-05-07 11:52:35.885597934 +0200 +@@ -141,22 +141,23 @@ our @tests = ( + { + name => "ECDSA with brainpool", + server => { +- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), +- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), +- "Groups" => "brainpoolP256r1", ++# "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), ++# "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), ++# "Groups" => "brainpoolP256r1", ++ "CipherString" => "aNULL", + }, + client => { + #We don't restrict this to TLSv1.2, although use of brainpool + #should force this anyway so that this should succeed + "CipherString" => "aECDSA", + "RequestCAFile" => test_pem("root-cert.pem"), +- "Groups" => "brainpoolP256r1", ++# "Groups" => "brainpoolP256r1", + }, + test => { +- "ExpectedServerCertType" =>, "brainpoolP256r1", +- "ExpectedServerSignType" =>, "EC", ++# "ExpectedServerCertType" =>, "brainpoolP256r1", ++# "ExpectedServerSignType" =>, "EC", + # Note: certificate_authorities not sent for TLS < 1.3 +- "ExpectedServerCANames" =>, "empty", ++# "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, +@@ -787,18 +788,19 @@ my @tests_tls_1_3 = ( + { + name => "TLS 1.3 ECDSA with brainpool", + server => { +- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), +- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), +- "Groups" => "brainpoolP256r1", ++# "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), ++# "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), ++# "Groups" => "brainpoolP256r1", ++ "CipherString" => "aNULL", + }, + client => { + "RequestCAFile" => test_pem("root-cert.pem"), +- "Groups" => "brainpoolP256r1", ++# "Groups" => "brainpoolP256r1", + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + test => { +- "ExpectedResult" => "ServerFail" ++ "ExpectedResult" => "Success" + }, + }, + ); +diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1b/test/ssl-tests/20-cert-select.conf +--- openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/test/ssl-tests/20-cert-select.conf 2019-05-07 12:15:12.762907496 +0200 +@@ -233,23 +233,18 @@ server = 5-ECDSA with brainpool-server + client = 5-ECDSA with brainpool-client + + [5-ECDSA with brainpool-server] +-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem +-CipherString = DEFAULT +-Groups = brainpoolP256r1 +-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = aNULL ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [5-ECDSA with brainpool-client] + CipherString = aECDSA +-Groups = brainpoolP256r1 + RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + + [test-5] + ExpectedResult = Success +-ExpectedServerCANames = empty +-ExpectedServerCertType = brainpoolP256r1 +-ExpectedServerSignType = EC + + + # =========================================================== +@@ -1577,14 +1572,12 @@ server = 47-TLS 1.3 ECDSA with brainpool + client = 47-TLS 1.3 ECDSA with brainpool-client + + [47-TLS 1.3 ECDSA with brainpool-server] +-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem +-CipherString = DEFAULT +-Groups = brainpoolP256r1 +-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = aNULL ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [47-TLS 1.3 ECDSA with brainpool-client] + CipherString = DEFAULT +-Groups = brainpoolP256r1 + MaxProtocol = TLSv1.3 + MinProtocol = TLSv1.3 + RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +@@ -1592,7 +1585,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro + VerifyMode = Peer + + [test-47] +-ExpectedResult = ServerFail ++ExpectedResult = Success + + + # =========================================================== diff --git a/openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch b/openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch new file mode 100644 index 0000000..5756c68 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch @@ -0,0 +1,26 @@ +diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c +--- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/asn1/a_verify.c 2019-02-28 11:25:31.531862873 +0100 +@@ -7,6 +7,9 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE ++ + #include + #include + #include +@@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it + if (ret != 2) + goto err; + ret = -1; ++ } else if ((mdnid == NID_md5 ++ && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) || ++ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ++ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); ++ goto err; + } else { + const EVP_MD *type = EVP_get_digestbynid(mdnid); + diff --git a/openssl-freefilesync/openssl-1.1.1-regression-fixes.patch b/openssl-freefilesync/openssl-1.1.1-regression-fixes.patch new file mode 100644 index 0000000..11099a1 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-regression-fixes.patch @@ -0,0 +1,16 @@ +diff -up openssl-1.1.1b/crypto/conf/conf_lib.c.regression openssl-1.1.1b/crypto/conf/conf_lib.c +--- openssl-1.1.1b/crypto/conf/conf_lib.c.regression 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/conf/conf_lib.c 2019-05-10 14:28:57.718049429 +0200 +@@ -356,8 +356,10 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new( + { + OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret)); + +- if (ret != NULL) +- memset(ret, 0, sizeof(*ret)); ++ if (ret == NULL) ++ return NULL; ++ ++ memset(ret, 0, sizeof(*ret)); + ret->flags = DEFAULT_CONF_MFLAGS; + + return ret; diff --git a/openssl-freefilesync/openssl-1.1.1-s390x-update.patch b/openssl-freefilesync/openssl-1.1.1-s390x-update.patch new file mode 100644 index 0000000..f46c1a5 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-s390x-update.patch @@ -0,0 +1,5509 @@ +diff -up openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl.s390x-update openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl +--- openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl.s390x-update 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl 2019-05-06 10:54:00.035367605 +0200 +@@ -1,5 +1,5 @@ + #! /usr/bin/env perl +-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. ++# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + # + # Licensed under the OpenSSL license (the "License"). You may not use + # this file except in compliance with the License. You can obtain a copy +@@ -20,41 +20,53 @@ + # + # 3 times faster than compiler-generated code. + +-$flavour = shift; ++# ++# August 2018 ++# ++# Add vx code path: 4x"vertical". ++# ++# Copyright IBM Corp. 2018 ++# Author: Patrick Steuer ++ ++# ++# February 2019 ++# ++# Add 6x"horizontal" VX implementation. It's ~25% faster than IBM's ++# 4x"vertical" submission [on z13] and >3 faster than scalar code. ++# But to harness overheads revert to transliteration of VSX code path ++# from chacha-ppc module, which is also 4x"vertical", to handle inputs ++# not longer than 256 bytes. ++ ++use strict; ++use FindBin qw($Bin); ++use lib "$Bin/../.."; ++use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE); + ++my $flavour = shift; ++ ++my ($z,$SIZE_T); + if ($flavour =~ /3[12]/) { ++ $z=0; # S/390 ABI + $SIZE_T=4; +- $g=""; + } else { ++ $z=1; # zSeries ABI + $SIZE_T=8; +- $g="g"; + } + ++my $output; + while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} +-open STDOUT,">$output"; +- +-sub AUTOLOAD() # thunk [simplified] x86-style perlasm +-{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; +- $code .= "\t$opcode\t".join(',',@_)."\n"; +-} + + my $sp="%r15"; +- + my $stdframe=16*$SIZE_T+4*8; +-my $frame=$stdframe+4*20; +- +-my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6)); + ++sub ROUND { + my @x=map("%r$_",(0..7,"x","x","x","x",(10..13))); + my @t=map("%r$_",(8,9)); +- +-sub ROUND { + my ($a0,$b0,$c0,$d0)=@_; + my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); + my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); + my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); +-my ($xc,$xc_)=map("\"$_\"",@t); +-my @x=map("\"$_\"",@x); ++my ($xc,$xc_)=map("$_",@t); + + # Consider order in which variables are addressed by their + # index: +@@ -78,249 +90,967 @@ my @x=map("\"$_\"",@x); + # 'c' stores and loads in the middle, but none in the beginning + # or end. + +- ( +- "&alr (@x[$a0],@x[$b0])", # Q1 +- "&alr (@x[$a1],@x[$b1])", # Q2 +- "&xr (@x[$d0],@x[$a0])", +- "&xr (@x[$d1],@x[$a1])", +- "&rll (@x[$d0],@x[$d0],16)", +- "&rll (@x[$d1],@x[$d1],16)", +- +- "&alr ($xc,@x[$d0])", +- "&alr ($xc_,@x[$d1])", +- "&xr (@x[$b0],$xc)", +- "&xr (@x[$b1],$xc_)", +- "&rll (@x[$b0],@x[$b0],12)", +- "&rll (@x[$b1],@x[$b1],12)", +- +- "&alr (@x[$a0],@x[$b0])", +- "&alr (@x[$a1],@x[$b1])", +- "&xr (@x[$d0],@x[$a0])", +- "&xr (@x[$d1],@x[$a1])", +- "&rll (@x[$d0],@x[$d0],8)", +- "&rll (@x[$d1],@x[$d1],8)", +- +- "&alr ($xc,@x[$d0])", +- "&alr ($xc_,@x[$d1])", +- "&xr (@x[$b0],$xc)", +- "&xr (@x[$b1],$xc_)", +- "&rll (@x[$b0],@x[$b0],7)", +- "&rll (@x[$b1],@x[$b1],7)", +- +- "&stm ($xc,$xc_,'$stdframe+4*8+4*$c0($sp)')", # reload pair of 'c's +- "&lm ($xc,$xc_,'$stdframe+4*8+4*$c2($sp)')", +- +- "&alr (@x[$a2],@x[$b2])", # Q3 +- "&alr (@x[$a3],@x[$b3])", # Q4 +- "&xr (@x[$d2],@x[$a2])", +- "&xr (@x[$d3],@x[$a3])", +- "&rll (@x[$d2],@x[$d2],16)", +- "&rll (@x[$d3],@x[$d3],16)", +- +- "&alr ($xc,@x[$d2])", +- "&alr ($xc_,@x[$d3])", +- "&xr (@x[$b2],$xc)", +- "&xr (@x[$b3],$xc_)", +- "&rll (@x[$b2],@x[$b2],12)", +- "&rll (@x[$b3],@x[$b3],12)", +- +- "&alr (@x[$a2],@x[$b2])", +- "&alr (@x[$a3],@x[$b3])", +- "&xr (@x[$d2],@x[$a2])", +- "&xr (@x[$d3],@x[$a3])", +- "&rll (@x[$d2],@x[$d2],8)", +- "&rll (@x[$d3],@x[$d3],8)", +- +- "&alr ($xc,@x[$d2])", +- "&alr ($xc_,@x[$d3])", +- "&xr (@x[$b2],$xc)", +- "&xr (@x[$b3],$xc_)", +- "&rll (@x[$b2],@x[$b2],7)", +- "&rll (@x[$b3],@x[$b3],7)" +- ); +-} +- +-$code.=<<___; +-.text +- +-.globl ChaCha20_ctr32 +-.type ChaCha20_ctr32,\@function +-.align 32 +-ChaCha20_ctr32: +- lt${g}r $len,$len # $len==0? +- bzr %r14 +- a${g}hi $len,-64 +- l${g}hi %r1,-$frame +- stm${g} %r6,%r15,`6*$SIZE_T`($sp) +- sl${g}r $out,$inp # difference +- la $len,0($inp,$len) # end of input minus 64 +- larl %r7,.Lsigma +- lgr %r0,$sp +- la $sp,0(%r1,$sp) +- st${g} %r0,0($sp) +- +- lmg %r8,%r11,0($key) # load key +- lmg %r12,%r13,0($counter) # load counter +- lmg %r6,%r7,0(%r7) # load sigma constant +- +- la %r14,0($inp) +- st${g} $out,$frame+3*$SIZE_T($sp) +- st${g} $len,$frame+4*$SIZE_T($sp) +- stmg %r6,%r13,$stdframe($sp) # copy key schedule to stack +- srlg @x[12],%r12,32 # 32-bit counter value +- j .Loop_outer +- +-.align 16 +-.Loop_outer: +- lm @x[0],@x[7],$stdframe+4*0($sp) # load x[0]-x[7] +- lm @t[0],@t[1],$stdframe+4*10($sp) # load x[10]-x[11] +- lm @x[13],@x[15],$stdframe+4*13($sp) # load x[13]-x[15] +- stm @t[0],@t[1],$stdframe+4*8+4*10($sp) # offload x[10]-x[11] +- lm @t[0],@t[1],$stdframe+4*8($sp) # load x[8]-x[9] +- st @x[12],$stdframe+4*12($sp) # save counter +- st${g} %r14,$frame+2*$SIZE_T($sp) # save input pointer +- lhi %r14,10 +- j .Loop +- +-.align 4 +-.Loop: +-___ +- foreach (&ROUND(0, 4, 8,12)) { eval; } +- foreach (&ROUND(0, 5,10,15)) { eval; } +-$code.=<<___; +- brct %r14,.Loop +- +- l${g} %r14,$frame+2*$SIZE_T($sp) # pull input pointer +- stm @t[0],@t[1],$stdframe+4*8+4*8($sp) # offload x[8]-x[9] +- lm${g} @t[0],@t[1],$frame+3*$SIZE_T($sp) +- +- al @x[0],$stdframe+4*0($sp) # accumulate key schedule +- al @x[1],$stdframe+4*1($sp) +- al @x[2],$stdframe+4*2($sp) +- al @x[3],$stdframe+4*3($sp) +- al @x[4],$stdframe+4*4($sp) +- al @x[5],$stdframe+4*5($sp) +- al @x[6],$stdframe+4*6($sp) +- al @x[7],$stdframe+4*7($sp) +- lrvr @x[0],@x[0] +- lrvr @x[1],@x[1] +- lrvr @x[2],@x[2] +- lrvr @x[3],@x[3] +- lrvr @x[4],@x[4] +- lrvr @x[5],@x[5] +- lrvr @x[6],@x[6] +- lrvr @x[7],@x[7] +- al @x[12],$stdframe+4*12($sp) +- al @x[13],$stdframe+4*13($sp) +- al @x[14],$stdframe+4*14($sp) +- al @x[15],$stdframe+4*15($sp) +- lrvr @x[12],@x[12] +- lrvr @x[13],@x[13] +- lrvr @x[14],@x[14] +- lrvr @x[15],@x[15] +- +- la @t[0],0(@t[0],%r14) # reconstruct output pointer +- cl${g}r %r14,@t[1] +- jh .Ltail +- +- x @x[0],4*0(%r14) # xor with input +- x @x[1],4*1(%r14) +- st @x[0],4*0(@t[0]) # store output +- x @x[2],4*2(%r14) +- st @x[1],4*1(@t[0]) +- x @x[3],4*3(%r14) +- st @x[2],4*2(@t[0]) +- x @x[4],4*4(%r14) +- st @x[3],4*3(@t[0]) +- lm @x[0],@x[3],$stdframe+4*8+4*8($sp) # load x[8]-x[11] +- x @x[5],4*5(%r14) +- st @x[4],4*4(@t[0]) +- x @x[6],4*6(%r14) +- al @x[0],$stdframe+4*8($sp) +- st @x[5],4*5(@t[0]) +- x @x[7],4*7(%r14) +- al @x[1],$stdframe+4*9($sp) +- st @x[6],4*6(@t[0]) +- x @x[12],4*12(%r14) +- al @x[2],$stdframe+4*10($sp) +- st @x[7],4*7(@t[0]) +- x @x[13],4*13(%r14) +- al @x[3],$stdframe+4*11($sp) +- st @x[12],4*12(@t[0]) +- x @x[14],4*14(%r14) +- st @x[13],4*13(@t[0]) +- x @x[15],4*15(%r14) +- st @x[14],4*14(@t[0]) +- lrvr @x[0],@x[0] +- st @x[15],4*15(@t[0]) +- lrvr @x[1],@x[1] +- lrvr @x[2],@x[2] +- lrvr @x[3],@x[3] +- lhi @x[12],1 +- x @x[0],4*8(%r14) +- al @x[12],$stdframe+4*12($sp) # increment counter +- x @x[1],4*9(%r14) +- st @x[0],4*8(@t[0]) +- x @x[2],4*10(%r14) +- st @x[1],4*9(@t[0]) +- x @x[3],4*11(%r14) +- st @x[2],4*10(@t[0]) +- st @x[3],4*11(@t[0]) +- +- cl${g}r %r14,@t[1] # done yet? +- la %r14,64(%r14) +- jl .Loop_outer +- +-.Ldone: +- xgr %r0,%r0 +- xgr %r1,%r1 +- xgr %r2,%r2 +- xgr %r3,%r3 +- stmg %r0,%r3,$stdframe+4*4($sp) # wipe key copy +- stmg %r0,%r3,$stdframe+4*12($sp) +- +- lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp) +- br %r14 +- +-.align 16 +-.Ltail: +- la @t[1],64($t[1]) +- stm @x[0],@x[7],$stdframe+4*0($sp) +- sl${g}r @t[1],%r14 +- lm @x[0],@x[3],$stdframe+4*8+4*8($sp) +- l${g}hi @x[6],0 +- stm @x[12],@x[15],$stdframe+4*12($sp) +- al @x[0],$stdframe+4*8($sp) +- al @x[1],$stdframe+4*9($sp) +- al @x[2],$stdframe+4*10($sp) +- al @x[3],$stdframe+4*11($sp) +- lrvr @x[0],@x[0] +- lrvr @x[1],@x[1] +- lrvr @x[2],@x[2] +- lrvr @x[3],@x[3] +- stm @x[0],@x[3],$stdframe+4*8($sp) +- +-.Loop_tail: +- llgc @x[4],0(@x[6],%r14) +- llgc @x[5],$stdframe(@x[6],$sp) +- xr @x[5],@x[4] +- stc @x[5],0(@x[6],@t[0]) +- la @x[6],1(@x[6]) +- brct @t[1],.Loop_tail +- +- j .Ldone +-.size ChaCha20_ctr32,.-ChaCha20_ctr32 +- +-.align 32 +-.Lsigma: +-.long 0x61707865,0x3320646e,0x79622d32,0x6b206574 # endian-neutral +-.asciz "ChaCha20 for s390x, CRYPTOGAMS by " +-.align 4 +-___ ++ alr (@x[$a0],@x[$b0]); # Q1 ++ alr (@x[$a1],@x[$b1]); # Q2 ++ xr (@x[$d0],@x[$a0]); ++ xr (@x[$d1],@x[$a1]); ++ rll (@x[$d0],@x[$d0],16); ++ rll (@x[$d1],@x[$d1],16); ++ ++ alr ($xc,@x[$d0]); ++ alr ($xc_,@x[$d1]); ++ xr (@x[$b0],$xc); ++ xr (@x[$b1],$xc_); ++ rll (@x[$b0],@x[$b0],12); ++ rll (@x[$b1],@x[$b1],12); ++ ++ alr (@x[$a0],@x[$b0]); ++ alr (@x[$a1],@x[$b1]); ++ xr (@x[$d0],@x[$a0]); ++ xr (@x[$d1],@x[$a1]); ++ rll (@x[$d0],@x[$d0],8); ++ rll (@x[$d1],@x[$d1],8); ++ ++ alr ($xc,@x[$d0]); ++ alr ($xc_,@x[$d1]); ++ xr (@x[$b0],$xc); ++ xr (@x[$b1],$xc_); ++ rll (@x[$b0],@x[$b0],7); ++ rll (@x[$b1],@x[$b1],7); ++ ++ stm ($xc,$xc_,"$stdframe+4*8+4*$c0($sp)"); # reload pair of 'c's ++ lm ($xc,$xc_,"$stdframe+4*8+4*$c2($sp)"); ++ ++ alr (@x[$a2],@x[$b2]); # Q3 ++ alr (@x[$a3],@x[$b3]); # Q4 ++ xr (@x[$d2],@x[$a2]); ++ xr (@x[$d3],@x[$a3]); ++ rll (@x[$d2],@x[$d2],16); ++ rll (@x[$d3],@x[$d3],16); ++ ++ alr ($xc,@x[$d2]); ++ alr ($xc_,@x[$d3]); ++ xr (@x[$b2],$xc); ++ xr (@x[$b3],$xc_); ++ rll (@x[$b2],@x[$b2],12); ++ rll (@x[$b3],@x[$b3],12); ++ ++ alr (@x[$a2],@x[$b2]); ++ alr (@x[$a3],@x[$b3]); ++ xr (@x[$d2],@x[$a2]); ++ xr (@x[$d3],@x[$a3]); ++ rll (@x[$d2],@x[$d2],8); ++ rll (@x[$d3],@x[$d3],8); ++ ++ alr ($xc,@x[$d2]); ++ alr ($xc_,@x[$d3]); ++ xr (@x[$b2],$xc); ++ xr (@x[$b3],$xc_); ++ rll (@x[$b2],@x[$b2],7); ++ rll (@x[$b3],@x[$b3],7); ++} ++ ++sub VX_lane_ROUND { ++my ($a0,$b0,$c0,$d0)=@_; ++my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); ++my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); ++my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); ++my @x=map("%v$_",(0..15)); + +-foreach (split("\n",$code)) { +- s/\`([^\`]*)\`/eval $1/ge; ++ vaf (@x[$a0],@x[$a0],@x[$b0]); # Q1 ++ vx (@x[$d0],@x[$d0],@x[$a0]); ++ verllf (@x[$d0],@x[$d0],16); ++ vaf (@x[$a1],@x[$a1],@x[$b1]); # Q2 ++ vx (@x[$d1],@x[$d1],@x[$a1]); ++ verllf (@x[$d1],@x[$d1],16); ++ vaf (@x[$a2],@x[$a2],@x[$b2]); # Q3 ++ vx (@x[$d2],@x[$d2],@x[$a2]); ++ verllf (@x[$d2],@x[$d2],16); ++ vaf (@x[$a3],@x[$a3],@x[$b3]); # Q4 ++ vx (@x[$d3],@x[$d3],@x[$a3]); ++ verllf (@x[$d3],@x[$d3],16); ++ ++ vaf (@x[$c0],@x[$c0],@x[$d0]); ++ vx (@x[$b0],@x[$b0],@x[$c0]); ++ verllf (@x[$b0],@x[$b0],12); ++ vaf (@x[$c1],@x[$c1],@x[$d1]); ++ vx (@x[$b1],@x[$b1],@x[$c1]); ++ verllf (@x[$b1],@x[$b1],12); ++ vaf (@x[$c2],@x[$c2],@x[$d2]); ++ vx (@x[$b2],@x[$b2],@x[$c2]); ++ verllf (@x[$b2],@x[$b2],12); ++ vaf (@x[$c3],@x[$c3],@x[$d3]); ++ vx (@x[$b3],@x[$b3],@x[$c3]); ++ verllf (@x[$b3],@x[$b3],12); ++ ++ vaf (@x[$a0],@x[$a0],@x[$b0]); ++ vx (@x[$d0],@x[$d0],@x[$a0]); ++ verllf (@x[$d0],@x[$d0],8); ++ vaf (@x[$a1],@x[$a1],@x[$b1]); ++ vx (@x[$d1],@x[$d1],@x[$a1]); ++ verllf (@x[$d1],@x[$d1],8); ++ vaf (@x[$a2],@x[$a2],@x[$b2]); ++ vx (@x[$d2],@x[$d2],@x[$a2]); ++ verllf (@x[$d2],@x[$d2],8); ++ vaf (@x[$a3],@x[$a3],@x[$b3]); ++ vx (@x[$d3],@x[$d3],@x[$a3]); ++ verllf (@x[$d3],@x[$d3],8); ++ ++ vaf (@x[$c0],@x[$c0],@x[$d0]); ++ vx (@x[$b0],@x[$b0],@x[$c0]); ++ verllf (@x[$b0],@x[$b0],7); ++ vaf (@x[$c1],@x[$c1],@x[$d1]); ++ vx (@x[$b1],@x[$b1],@x[$c1]); ++ verllf (@x[$b1],@x[$b1],7); ++ vaf (@x[$c2],@x[$c2],@x[$d2]); ++ vx (@x[$b2],@x[$b2],@x[$c2]); ++ verllf (@x[$b2],@x[$b2],7); ++ vaf (@x[$c3],@x[$c3],@x[$d3]); ++ vx (@x[$b3],@x[$b3],@x[$c3]); ++ verllf (@x[$b3],@x[$b3],7); ++} + +- print $_,"\n"; ++sub VX_ROUND { ++my @a=@_[0..5]; ++my @b=@_[6..11]; ++my @c=@_[12..17]; ++my @d=@_[18..23]; ++my $odd=@_[24]; ++ ++ vaf (@a[$_],@a[$_],@b[$_]) for (0..5); ++ vx (@d[$_],@d[$_],@a[$_]) for (0..5); ++ verllf (@d[$_],@d[$_],16) for (0..5); ++ ++ vaf (@c[$_],@c[$_],@d[$_]) for (0..5); ++ vx (@b[$_],@b[$_],@c[$_]) for (0..5); ++ verllf (@b[$_],@b[$_],12) for (0..5); ++ ++ vaf (@a[$_],@a[$_],@b[$_]) for (0..5); ++ vx (@d[$_],@d[$_],@a[$_]) for (0..5); ++ verllf (@d[$_],@d[$_],8) for (0..5); ++ ++ vaf (@c[$_],@c[$_],@d[$_]) for (0..5); ++ vx (@b[$_],@b[$_],@c[$_]) for (0..5); ++ verllf (@b[$_],@b[$_],7) for (0..5); ++ ++ vsldb (@c[$_],@c[$_],@c[$_],8) for (0..5); ++ vsldb (@b[$_],@b[$_],@b[$_],$odd?12:4) for (0..5); ++ vsldb (@d[$_],@d[$_],@d[$_],$odd?4:12) for (0..5); + } +-close STDOUT; ++ ++PERLASM_BEGIN($output); ++ ++INCLUDE ("s390x_arch.h"); ++TEXT (); ++ ++################ ++# void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, size_t len, ++# const unsigned int key[8], const unsigned int counter[4]) ++my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6)); ++{ ++my $frame=$stdframe+4*20; ++my @x=map("%r$_",(0..7,"x","x","x","x",(10..13))); ++my @t=map("%r$_",(8,9)); ++ ++GLOBL ("ChaCha20_ctr32"); ++TYPE ("ChaCha20_ctr32","\@function"); ++ALIGN (32); ++LABEL ("ChaCha20_ctr32"); ++ larl ("%r1","OPENSSL_s390xcap_P"); ++ ++ lghi ("%r0",64); ++&{$z? \<gr:\<r} ($len,$len); # len==0? ++ bzr ("%r14"); ++ lg ("%r1","S390X_STFLE+16(%r1)"); ++&{$z? \&clgr:\&clr} ($len,"%r0"); ++ jle (".Lshort"); ++ ++ tmhh ("%r1",0x4000); # check for vx bit ++ jnz (".LChaCha20_ctr32_vx"); ++ ++LABEL (".Lshort"); ++&{$z? \&aghi:\&ahi} ($len,-64); ++&{$z? \&lghi:\&lhi} ("%r1",-$frame); ++&{$z? \&stmg:\&stm} ("%r6","%r15","6*$SIZE_T($sp)"); ++&{$z? \&slgr:\&slr} ($out,$inp); # difference ++ la ($len,"0($inp,$len)"); # end of input minus 64 ++ larl ("%r7",".Lsigma"); ++ lgr ("%r0",$sp); ++ la ($sp,"0(%r1,$sp)"); ++&{$z? \&stg:\&st} ("%r0","0($sp)"); ++ ++ lmg ("%r8","%r11","0($key)"); # load key ++ lmg ("%r12","%r13","0($counter)"); # load counter ++ lmg ("%r6","%r7","0(%r7)"); # load sigma constant ++ ++ la ("%r14","0($inp)"); ++&{$z? \&stg:\&st} ($out,"$frame+3*$SIZE_T($sp)"); ++&{$z? \&stg:\&st} ($len,"$frame+4*$SIZE_T($sp)"); ++ stmg ("%r6","%r13","$stdframe($sp)");# copy key schedule to stack ++ srlg (@x[12],"%r12",32); # 32-bit counter value ++ j (".Loop_outer"); ++ ++ALIGN (16); ++LABEL (".Loop_outer"); ++ lm (@x[0],@x[7],"$stdframe+4*0($sp)"); # load x[0]-x[7] ++ lm (@t[0],@t[1],"$stdframe+4*10($sp)"); # load x[10]-x[11] ++ lm (@x[13],@x[15],"$stdframe+4*13($sp)"); # load x[13]-x[15] ++ stm (@t[0],@t[1],"$stdframe+4*8+4*10($sp)");# offload x[10]-x[11] ++ lm (@t[0],@t[1],"$stdframe+4*8($sp)"); # load x[8]-x[9] ++ st (@x[12],"$stdframe+4*12($sp)"); # save counter ++&{$z? \&stg:\&st} ("%r14","$frame+2*$SIZE_T($sp)");# save input pointer ++ lhi ("%r14",10); ++ j (".Loop"); ++ ++ALIGN (4); ++LABEL (".Loop"); ++ ROUND (0, 4, 8,12); ++ ROUND (0, 5,10,15); ++ brct ("%r14",".Loop"); ++ ++&{$z? \&lg:\&l} ("%r14","$frame+2*$SIZE_T($sp)");# pull input pointer ++ stm (@t[0],@t[1],"$stdframe+4*8+4*8($sp)"); # offload x[8]-x[9] ++&{$z? \&lmg:\&lm} (@t[0],@t[1],"$frame+3*$SIZE_T($sp)"); ++ ++ al (@x[0],"$stdframe+4*0($sp)"); # accumulate key schedule ++ al (@x[1],"$stdframe+4*1($sp)"); ++ al (@x[2],"$stdframe+4*2($sp)"); ++ al (@x[3],"$stdframe+4*3($sp)"); ++ al (@x[4],"$stdframe+4*4($sp)"); ++ al (@x[5],"$stdframe+4*5($sp)"); ++ al (@x[6],"$stdframe+4*6($sp)"); ++ al (@x[7],"$stdframe+4*7($sp)"); ++ lrvr (@x[0],@x[0]); ++ lrvr (@x[1],@x[1]); ++ lrvr (@x[2],@x[2]); ++ lrvr (@x[3],@x[3]); ++ lrvr (@x[4],@x[4]); ++ lrvr (@x[5],@x[5]); ++ lrvr (@x[6],@x[6]); ++ lrvr (@x[7],@x[7]); ++ al (@x[12],"$stdframe+4*12($sp)"); ++ al (@x[13],"$stdframe+4*13($sp)"); ++ al (@x[14],"$stdframe+4*14($sp)"); ++ al (@x[15],"$stdframe+4*15($sp)"); ++ lrvr (@x[12],@x[12]); ++ lrvr (@x[13],@x[13]); ++ lrvr (@x[14],@x[14]); ++ lrvr (@x[15],@x[15]); ++ ++ la (@t[0],"0(@t[0],%r14)"); # reconstruct output pointer ++&{$z? \&clgr:\&clr} ("%r14",@t[1]); ++ jh (".Ltail"); ++ ++ x (@x[0],"4*0(%r14)"); # xor with input ++ x (@x[1],"4*1(%r14)"); ++ st (@x[0],"4*0(@t[0])"); # store output ++ x (@x[2],"4*2(%r14)"); ++ st (@x[1],"4*1(@t[0])"); ++ x (@x[3],"4*3(%r14)"); ++ st (@x[2],"4*2(@t[0])"); ++ x (@x[4],"4*4(%r14)"); ++ st (@x[3],"4*3(@t[0])"); ++ lm (@x[0],@x[3],"$stdframe+4*8+4*8($sp)"); # load x[8]-x[11] ++ x (@x[5],"4*5(%r14)"); ++ st (@x[4],"4*4(@t[0])"); ++ x (@x[6],"4*6(%r14)"); ++ al (@x[0],"$stdframe+4*8($sp)"); ++ st (@x[5],"4*5(@t[0])"); ++ x (@x[7],"4*7(%r14)"); ++ al (@x[1],"$stdframe+4*9($sp)"); ++ st (@x[6],"4*6(@t[0])"); ++ x (@x[12],"4*12(%r14)"); ++ al (@x[2],"$stdframe+4*10($sp)"); ++ st (@x[7],"4*7(@t[0])"); ++ x (@x[13],"4*13(%r14)"); ++ al (@x[3],"$stdframe+4*11($sp)"); ++ st (@x[12],"4*12(@t[0])"); ++ x (@x[14],"4*14(%r14)"); ++ st (@x[13],"4*13(@t[0])"); ++ x (@x[15],"4*15(%r14)"); ++ st (@x[14],"4*14(@t[0])"); ++ lrvr (@x[0],@x[0]); ++ st (@x[15],"4*15(@t[0])"); ++ lrvr (@x[1],@x[1]); ++ lrvr (@x[2],@x[2]); ++ lrvr (@x[3],@x[3]); ++ lhi (@x[12],1); ++ x (@x[0],"4*8(%r14)"); ++ al (@x[12],"$stdframe+4*12($sp)"); # increment counter ++ x (@x[1],"4*9(%r14)"); ++ st (@x[0],"4*8(@t[0])"); ++ x (@x[2],"4*10(%r14)"); ++ st (@x[1],"4*9(@t[0])"); ++ x (@x[3],"4*11(%r14)"); ++ st (@x[2],"4*10(@t[0])"); ++ st (@x[3],"4*11(@t[0])"); ++ ++&{$z? \&clgr:\&clr} ("%r14",@t[1]); # done yet? ++ la ("%r14","64(%r14)"); ++ jl (".Loop_outer"); ++ ++LABEL (".Ldone"); ++ xgr ("%r0","%r0"); ++ xgr ("%r1","%r1"); ++ xgr ("%r2","%r2"); ++ xgr ("%r3","%r3"); ++ stmg ("%r0","%r3","$stdframe+4*4($sp)"); # wipe key copy ++ stmg ("%r0","%r3","$stdframe+4*12($sp)"); ++ ++&{$z? \&lmg:\&lm} ("%r6","%r15","$frame+6*$SIZE_T($sp)"); ++ br ("%r14"); ++ ++ALIGN (16); ++LABEL (".Ltail"); ++ la (@t[1],"64($t[1])"); ++ stm (@x[0],@x[7],"$stdframe+4*0($sp)"); ++&{$z? \&slgr:\&slr} (@t[1],"%r14"); ++ lm (@x[0],@x[3],"$stdframe+4*8+4*8($sp)"); ++&{$z? \&lghi:\&lhi} (@x[6],0); ++ stm (@x[12],@x[15],"$stdframe+4*12($sp)"); ++ al (@x[0],"$stdframe+4*8($sp)"); ++ al (@x[1],"$stdframe+4*9($sp)"); ++ al (@x[2],"$stdframe+4*10($sp)"); ++ al (@x[3],"$stdframe+4*11($sp)"); ++ lrvr (@x[0],@x[0]); ++ lrvr (@x[1],@x[1]); ++ lrvr (@x[2],@x[2]); ++ lrvr (@x[3],@x[3]); ++ stm (@x[0],@x[3],"$stdframe+4*8($sp)"); ++ ++LABEL (".Loop_tail"); ++ llgc (@x[4],"0(@x[6],%r14)"); ++ llgc (@x[5],"$stdframe(@x[6],$sp)"); ++ xr (@x[5],@x[4]); ++ stc (@x[5],"0(@x[6],@t[0])"); ++ la (@x[6],"1(@x[6])"); ++ brct (@t[1],".Loop_tail"); ++ ++ j (".Ldone"); ++SIZE ("ChaCha20_ctr32",".-ChaCha20_ctr32"); ++} ++ ++######################################################################## ++# 4x"vertical" layout minimizes amount of instructions, but pipeline ++# runs underutilized [because of vector instructions' high latency]. ++# On the other hand minimum amount of data it takes to fully utilize ++# the pipeline is higher, so that effectively, short inputs would be ++# processed slower. Hence this code path targeting <=256 bytes lengths. ++# ++{ ++my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, ++ $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3)=map("%v$_",(0..15)); ++my @K=map("%v$_",(16..19)); ++my $CTR="%v26"; ++my ($xt0,$xt1,$xt2,$xt3)=map("%v$_",(27..30)); ++my $beperm="%v31"; ++my ($x00,$x10,$x20,$x30)=(0,map("r$_",(8..10))); ++my $FRAME=$stdframe+4*16; ++ ++ALIGN (32); ++LABEL ("ChaCha20_ctr32_4x"); ++LABEL (".LChaCha20_ctr32_4x"); ++&{$z? \&stmg:\&stm} ("%r6","%r7","6*$SIZE_T($sp)"); ++if (!$z) { ++ std ("%f4","16*$SIZE_T+2*8($sp)"); ++ std ("%f6","16*$SIZE_T+3*8($sp)"); ++} ++&{$z? \&lghi:\&lhi} ("%r1",-$FRAME); ++ lgr ("%r0",$sp); ++ la ($sp,"0(%r1,$sp)"); ++&{$z? \&stg:\&st} ("%r0","0($sp)"); # back-chain ++if ($z) { ++ std ("%f8","$stdframe+8*0($sp)"); ++ std ("%f9","$stdframe+8*1($sp)"); ++ std ("%f10","$stdframe+8*2($sp)"); ++ std ("%f11","$stdframe+8*3($sp)"); ++ std ("%f12","$stdframe+8*4($sp)"); ++ std ("%f13","$stdframe+8*5($sp)"); ++ std ("%f14","$stdframe+8*6($sp)"); ++ std ("%f15","$stdframe+8*7($sp)"); ++} ++ larl ("%r7",".Lsigma"); ++ lhi ("%r0",10); ++ lhi ("%r1",0); ++ ++ vl (@K[0],"0(%r7)"); # load sigma ++ vl (@K[1],"0($key)"); # load key ++ vl (@K[2],"16($key)"); ++ vl (@K[3],"0($counter)"); # load counter ++ ++ vl ($beperm,"0x40(%r7)"); ++ vl ($xt1,"0x50(%r7)"); ++ vrepf ($CTR,@K[3],0); ++ vlvgf (@K[3],"%r1",0); # clear @K[3].word[0] ++ vaf ($CTR,$CTR,$xt1); ++ ++#LABEL (".Loop_outer_4x"); ++ vlm ($xa0,$xa3,"0x60(%r7)"); # load [smashed] sigma ++ ++ vrepf ($xb0,@K[1],0); # smash the key ++ vrepf ($xb1,@K[1],1); ++ vrepf ($xb2,@K[1],2); ++ vrepf ($xb3,@K[1],3); ++ ++ vrepf ($xc0,@K[2],0); ++ vrepf ($xc1,@K[2],1); ++ vrepf ($xc2,@K[2],2); ++ vrepf ($xc3,@K[2],3); ++ ++ vlr ($xd0,$CTR); ++ vrepf ($xd1,@K[3],1); ++ vrepf ($xd2,@K[3],2); ++ vrepf ($xd3,@K[3],3); ++ ++LABEL (".Loop_4x"); ++ VX_lane_ROUND(0, 4, 8,12); ++ VX_lane_ROUND(0, 5,10,15); ++ brct ("%r0",".Loop_4x"); ++ ++ vaf ($xd0,$xd0,$CTR); ++ ++ vmrhf ($xt0,$xa0,$xa1); # transpose data ++ vmrhf ($xt1,$xa2,$xa3); ++ vmrlf ($xt2,$xa0,$xa1); ++ vmrlf ($xt3,$xa2,$xa3); ++ vpdi ($xa0,$xt0,$xt1,0b0000); ++ vpdi ($xa1,$xt0,$xt1,0b0101); ++ vpdi ($xa2,$xt2,$xt3,0b0000); ++ vpdi ($xa3,$xt2,$xt3,0b0101); ++ ++ vmrhf ($xt0,$xb0,$xb1); ++ vmrhf ($xt1,$xb2,$xb3); ++ vmrlf ($xt2,$xb0,$xb1); ++ vmrlf ($xt3,$xb2,$xb3); ++ vpdi ($xb0,$xt0,$xt1,0b0000); ++ vpdi ($xb1,$xt0,$xt1,0b0101); ++ vpdi ($xb2,$xt2,$xt3,0b0000); ++ vpdi ($xb3,$xt2,$xt3,0b0101); ++ ++ vmrhf ($xt0,$xc0,$xc1); ++ vmrhf ($xt1,$xc2,$xc3); ++ vmrlf ($xt2,$xc0,$xc1); ++ vmrlf ($xt3,$xc2,$xc3); ++ vpdi ($xc0,$xt0,$xt1,0b0000); ++ vpdi ($xc1,$xt0,$xt1,0b0101); ++ vpdi ($xc2,$xt2,$xt3,0b0000); ++ vpdi ($xc3,$xt2,$xt3,0b0101); ++ ++ vmrhf ($xt0,$xd0,$xd1); ++ vmrhf ($xt1,$xd2,$xd3); ++ vmrlf ($xt2,$xd0,$xd1); ++ vmrlf ($xt3,$xd2,$xd3); ++ vpdi ($xd0,$xt0,$xt1,0b0000); ++ vpdi ($xd1,$xt0,$xt1,0b0101); ++ vpdi ($xd2,$xt2,$xt3,0b0000); ++ vpdi ($xd3,$xt2,$xt3,0b0101); ++ ++ #vrepif ($xt0,4); ++ #vaf ($CTR,$CTR,$xt0); # next counter value ++ ++ vaf ($xa0,$xa0,@K[0]); ++ vaf ($xb0,$xb0,@K[1]); ++ vaf ($xc0,$xc0,@K[2]); ++ vaf ($xd0,$xd0,@K[3]); ++ ++ vperm ($xa0,$xa0,$xa0,$beperm); ++ vperm ($xb0,$xb0,$xb0,$beperm); ++ vperm ($xc0,$xc0,$xc0,$beperm); ++ vperm ($xd0,$xd0,$xd0,$beperm); ++ ++ #&{$z? \&clgfi:\&clfi} ($len,0x40); ++ #jl (".Ltail_4x"); ++ ++ vlm ($xt0,$xt3,"0($inp)"); ++ ++ vx ($xt0,$xt0,$xa0); ++ vx ($xt1,$xt1,$xb0); ++ vx ($xt2,$xt2,$xc0); ++ vx ($xt3,$xt3,$xd0); ++ ++ vstm ($xt0,$xt3,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ #je (".Ldone_4x"); ++ ++ vaf ($xa0,$xa1,@K[0]); ++ vaf ($xb0,$xb1,@K[1]); ++ vaf ($xc0,$xc1,@K[2]); ++ vaf ($xd0,$xd1,@K[3]); ++ ++ vperm ($xa0,$xa0,$xa0,$beperm); ++ vperm ($xb0,$xb0,$xb0,$beperm); ++ vperm ($xc0,$xc0,$xc0,$beperm); ++ vperm ($xd0,$xd0,$xd0,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_4x"); ++ ++ vlm ($xt0,$xt3,"0($inp)"); ++ ++ vx ($xt0,$xt0,$xa0); ++ vx ($xt1,$xt1,$xb0); ++ vx ($xt2,$xt2,$xc0); ++ vx ($xt3,$xt3,$xd0); ++ ++ vstm ($xt0,$xt3,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ je (".Ldone_4x"); ++ ++ vaf ($xa0,$xa2,@K[0]); ++ vaf ($xb0,$xb2,@K[1]); ++ vaf ($xc0,$xc2,@K[2]); ++ vaf ($xd0,$xd2,@K[3]); ++ ++ vperm ($xa0,$xa0,$xa0,$beperm); ++ vperm ($xb0,$xb0,$xb0,$beperm); ++ vperm ($xc0,$xc0,$xc0,$beperm); ++ vperm ($xd0,$xd0,$xd0,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_4x"); ++ ++ vlm ($xt0,$xt3,"0($inp)"); ++ ++ vx ($xt0,$xt0,$xa0); ++ vx ($xt1,$xt1,$xb0); ++ vx ($xt2,$xt2,$xc0); ++ vx ($xt3,$xt3,$xd0); ++ ++ vstm ($xt0,$xt3,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ je (".Ldone_4x"); ++ ++ vaf ($xa0,$xa3,@K[0]); ++ vaf ($xb0,$xb3,@K[1]); ++ vaf ($xc0,$xc3,@K[2]); ++ vaf ($xd0,$xd3,@K[3]); ++ ++ vperm ($xa0,$xa0,$xa0,$beperm); ++ vperm ($xb0,$xb0,$xb0,$beperm); ++ vperm ($xc0,$xc0,$xc0,$beperm); ++ vperm ($xd0,$xd0,$xd0,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_4x"); ++ ++ vlm ($xt0,$xt3,"0($inp)"); ++ ++ vx ($xt0,$xt0,$xa0); ++ vx ($xt1,$xt1,$xb0); ++ vx ($xt2,$xt2,$xc0); ++ vx ($xt3,$xt3,$xd0); ++ ++ vstm ($xt0,$xt3,"0($out)"); ++ ++ #la $inp,0x40($inp)); ++ #la $out,0x40($out)); ++ #lhi %r0,10); ++ #&{$z? \&aghi:\&ahi} $len,-0x40); ++ #jne .Loop_outer_4x); ++ ++LABEL (".Ldone_4x"); ++if (!$z) { ++ ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)"); ++ ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)"); ++} else { ++ ld ("%f8","$stdframe+8*0($sp)"); ++ ld ("%f9","$stdframe+8*1($sp)"); ++ ld ("%f10","$stdframe+8*2($sp)"); ++ ld ("%f11","$stdframe+8*3($sp)"); ++ ld ("%f12","$stdframe+8*4($sp)"); ++ ld ("%f13","$stdframe+8*5($sp)"); ++ ld ("%f14","$stdframe+8*6($sp)"); ++ ld ("%f15","$stdframe+8*7($sp)"); ++} ++&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)"); ++ la ($sp,"$FRAME($sp)"); ++ br ("%r14"); ++ ++ALIGN (16); ++LABEL (".Ltail_4x"); ++if (!$z) { ++ vlr ($xt0,$xb0); ++ ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)"); ++ ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)"); ++ ++ vst ($xa0,"$stdframe+0x00($sp)"); ++ vst ($xt0,"$stdframe+0x10($sp)"); ++ vst ($xc0,"$stdframe+0x20($sp)"); ++ vst ($xd0,"$stdframe+0x30($sp)"); ++} else { ++ vlr ($xt0,$xc0); ++ ld ("%f8","$stdframe+8*0($sp)"); ++ ld ("%f9","$stdframe+8*1($sp)"); ++ ld ("%f10","$stdframe+8*2($sp)"); ++ ld ("%f11","$stdframe+8*3($sp)"); ++ vlr ($xt1,$xd0); ++ ld ("%f12","$stdframe+8*4($sp)"); ++ ld ("%f13","$stdframe+8*5($sp)"); ++ ld ("%f14","$stdframe+8*6($sp)"); ++ ld ("%f15","$stdframe+8*7($sp)"); ++ ++ vst ($xa0,"$stdframe+0x00($sp)"); ++ vst ($xb0,"$stdframe+0x10($sp)"); ++ vst ($xt0,"$stdframe+0x20($sp)"); ++ vst ($xt1,"$stdframe+0x30($sp)"); ++} ++ lghi ("%r1",0); ++ ++LABEL (".Loop_tail_4x"); ++ llgc ("%r5","0(%r1,$inp)"); ++ llgc ("%r6","$stdframe(%r1,$sp)"); ++ xr ("%r6","%r5"); ++ stc ("%r6","0(%r1,$out)"); ++ la ("%r1","1(%r1)"); ++ brct ($len,".Loop_tail_4x"); ++ ++&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)"); ++ la ($sp,"$FRAME($sp)"); ++ br ("%r14"); ++SIZE ("ChaCha20_ctr32_4x",".-ChaCha20_ctr32_4x"); ++} ++ ++######################################################################## ++# 6x"horizontal" layout is optimal fit for the platform in its current ++# shape, more specifically for given vector instructions' latency. Well, ++# computational part of 8x"vertical" would be faster, but it consumes ++# all registers and dealing with that will diminish the return... ++# ++{ ++my ($a0,$b0,$c0,$d0, $a1,$b1,$c1,$d1, ++ $a2,$b2,$c2,$d2, $a3,$b3,$c3,$d3, ++ $a4,$b4,$c4,$d4, $a5,$b5,$c5,$d5)=map("%v$_",(0..23)); ++my @K=map("%v$_",(27,24..26)); ++my ($t0,$t1,$t2,$t3)=map("%v$_",27..30); ++my $beperm="%v31"; ++my $FRAME=$stdframe + 4*16; ++ ++GLOBL ("ChaCha20_ctr32_vx"); ++ALIGN (32); ++LABEL ("ChaCha20_ctr32_vx"); ++LABEL (".LChaCha20_ctr32_vx"); ++&{$z? \&clgfi:\&clfi} ($len,256); ++ jle (".LChaCha20_ctr32_4x"); ++&{$z? \&stmg:\&stm} ("%r6","%r7","6*$SIZE_T($sp)"); ++if (!$z) { ++ std ("%f4","16*$SIZE_T+2*8($sp)"); ++ std ("%f6","16*$SIZE_T+3*8($sp)"); ++} ++&{$z? \&lghi:\&lhi} ("%r1",-$FRAME); ++ lgr ("%r0",$sp); ++ la ($sp,"0(%r1,$sp)"); ++&{$z? \&stg:\&st} ("%r0","0($sp)"); # back-chain ++if ($z) { ++ std ("%f8","$FRAME-8*8($sp)"); ++ std ("%f9","$FRAME-8*7($sp)"); ++ std ("%f10","$FRAME-8*6($sp)"); ++ std ("%f11","$FRAME-8*5($sp)"); ++ std ("%f12","$FRAME-8*4($sp)"); ++ std ("%f13","$FRAME-8*3($sp)"); ++ std ("%f14","$FRAME-8*2($sp)"); ++ std ("%f15","$FRAME-8*1($sp)"); ++} ++ larl ("%r7",".Lsigma"); ++ lhi ("%r0",10); ++ ++ vlm (@K[1],@K[2],"0($key)"); # load key ++ vl (@K[3],"0($counter)"); # load counter ++ ++ vlm (@K[0],"$beperm","0(%r7)"); # load sigma, increments, ... ++ ++LABEL (".Loop_outer_vx"); ++ vlr ($a0,@K[0]); ++ vlr ($b0,@K[1]); ++ vlr ($a1,@K[0]); ++ vlr ($b1,@K[1]); ++ vlr ($a2,@K[0]); ++ vlr ($b2,@K[1]); ++ vlr ($a3,@K[0]); ++ vlr ($b3,@K[1]); ++ vlr ($a4,@K[0]); ++ vlr ($b4,@K[1]); ++ vlr ($a5,@K[0]); ++ vlr ($b5,@K[1]); ++ ++ vlr ($d0,@K[3]); ++ vaf ($d1,@K[3],$t1); # K[3]+1 ++ vaf ($d2,@K[3],$t2); # K[3]+2 ++ vaf ($d3,@K[3],$t3); # K[3]+3 ++ vaf ($d4,$d2,$t2); # K[3]+4 ++ vaf ($d5,$d2,$t3); # K[3]+5 ++ ++ vlr ($c0,@K[2]); ++ vlr ($c1,@K[2]); ++ vlr ($c2,@K[2]); ++ vlr ($c3,@K[2]); ++ vlr ($c4,@K[2]); ++ vlr ($c5,@K[2]); ++ ++ vlr ($t1,$d1); ++ vlr ($t2,$d2); ++ vlr ($t3,$d3); ++ ++ALIGN (4); ++LABEL (".Loop_vx"); ++ ++ VX_ROUND($a0,$a1,$a2,$a3,$a4,$a5, ++ $b0,$b1,$b2,$b3,$b4,$b5, ++ $c0,$c1,$c2,$c3,$c4,$c5, ++ $d0,$d1,$d2,$d3,$d4,$d5, ++ 0); ++ ++ VX_ROUND($a0,$a1,$a2,$a3,$a4,$a5, ++ $b0,$b1,$b2,$b3,$b4,$b5, ++ $c0,$c1,$c2,$c3,$c4,$c5, ++ $d0,$d1,$d2,$d3,$d4,$d5, ++ 1); ++ ++ brct ("%r0",".Loop_vx"); ++ ++ vaf ($a0,$a0,@K[0]); ++ vaf ($b0,$b0,@K[1]); ++ vaf ($c0,$c0,@K[2]); ++ vaf ($d0,$d0,@K[3]); ++ vaf ($a1,$a1,@K[0]); ++ vaf ($d1,$d1,$t1); # +K[3]+1 ++ ++ vperm ($a0,$a0,$a0,$beperm); ++ vperm ($b0,$b0,$b0,$beperm); ++ vperm ($c0,$c0,$c0,$beperm); ++ vperm ($d0,$d0,$d0,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_vx"); ++ ++ vaf ($d2,$d2,$t2); # +K[3]+2 ++ vaf ($d3,$d3,$t3); # +K[3]+3 ++ vlm ($t0,$t3,"0($inp)"); ++ ++ vx ($a0,$a0,$t0); ++ vx ($b0,$b0,$t1); ++ vx ($c0,$c0,$t2); ++ vx ($d0,$d0,$t3); ++ ++ vlm (@K[0],$t3,"0(%r7)"); # re-load sigma and increments ++ ++ vstm ($a0,$d0,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ je (".Ldone_vx"); ++ ++ vaf ($b1,$b1,@K[1]); ++ vaf ($c1,$c1,@K[2]); ++ ++ vperm ($a0,$a1,$a1,$beperm); ++ vperm ($b0,$b1,$b1,$beperm); ++ vperm ($c0,$c1,$c1,$beperm); ++ vperm ($d0,$d1,$d1,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_vx"); ++ ++ vlm ($a1,$d1,"0($inp)"); ++ ++ vx ($a0,$a0,$a1); ++ vx ($b0,$b0,$b1); ++ vx ($c0,$c0,$c1); ++ vx ($d0,$d0,$d1); ++ ++ vstm ($a0,$d0,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ je (".Ldone_vx"); ++ ++ vaf ($a2,$a2,@K[0]); ++ vaf ($b2,$b2,@K[1]); ++ vaf ($c2,$c2,@K[2]); ++ ++ vperm ($a0,$a2,$a2,$beperm); ++ vperm ($b0,$b2,$b2,$beperm); ++ vperm ($c0,$c2,$c2,$beperm); ++ vperm ($d0,$d2,$d2,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_vx"); ++ ++ vlm ($a1,$d1,"0($inp)"); ++ ++ vx ($a0,$a0,$a1); ++ vx ($b0,$b0,$b1); ++ vx ($c0,$c0,$c1); ++ vx ($d0,$d0,$d1); ++ ++ vstm ($a0,$d0,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ je (".Ldone_vx"); ++ ++ vaf ($a3,$a3,@K[0]); ++ vaf ($b3,$b3,@K[1]); ++ vaf ($c3,$c3,@K[2]); ++ vaf ($d2,@K[3],$t3); # K[3]+3 ++ ++ vperm ($a0,$a3,$a3,$beperm); ++ vperm ($b0,$b3,$b3,$beperm); ++ vperm ($c0,$c3,$c3,$beperm); ++ vperm ($d0,$d3,$d3,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_vx"); ++ ++ vaf ($d3,$d2,$t1); # K[3]+4 ++ vlm ($a1,$d1,"0($inp)"); ++ ++ vx ($a0,$a0,$a1); ++ vx ($b0,$b0,$b1); ++ vx ($c0,$c0,$c1); ++ vx ($d0,$d0,$d1); ++ ++ vstm ($a0,$d0,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ je (".Ldone_vx"); ++ ++ vaf ($a4,$a4,@K[0]); ++ vaf ($b4,$b4,@K[1]); ++ vaf ($c4,$c4,@K[2]); ++ vaf ($d4,$d4,$d3); # +K[3]+4 ++ vaf ($d3,$d3,$t1); # K[3]+5 ++ vaf (@K[3],$d2,$t3); # K[3]+=6 ++ ++ vperm ($a0,$a4,$a4,$beperm); ++ vperm ($b0,$b4,$b4,$beperm); ++ vperm ($c0,$c4,$c4,$beperm); ++ vperm ($d0,$d4,$d4,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_vx"); ++ ++ vlm ($a1,$d1,"0($inp)"); ++ ++ vx ($a0,$a0,$a1); ++ vx ($b0,$b0,$b1); ++ vx ($c0,$c0,$c1); ++ vx ($d0,$d0,$d1); ++ ++ vstm ($a0,$d0,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ je (".Ldone_vx"); ++ ++ vaf ($a5,$a5,@K[0]); ++ vaf ($b5,$b5,@K[1]); ++ vaf ($c5,$c5,@K[2]); ++ vaf ($d5,$d5,$d3); # +K[3]+5 ++ ++ vperm ($a0,$a5,$a5,$beperm); ++ vperm ($b0,$b5,$b5,$beperm); ++ vperm ($c0,$c5,$c5,$beperm); ++ vperm ($d0,$d5,$d5,$beperm); ++ ++&{$z? \&clgfi:\&clfi} ($len,0x40); ++ jl (".Ltail_vx"); ++ ++ vlm ($a1,$d1,"0($inp)"); ++ ++ vx ($a0,$a0,$a1); ++ vx ($b0,$b0,$b1); ++ vx ($c0,$c0,$c1); ++ vx ($d0,$d0,$d1); ++ ++ vstm ($a0,$d0,"0($out)"); ++ ++ la ($inp,"0x40($inp)"); ++ la ($out,"0x40($out)"); ++ lhi ("%r0",10); ++&{$z? \&aghi:\&ahi} ($len,-0x40); ++ jne (".Loop_outer_vx"); ++ ++LABEL (".Ldone_vx"); ++if (!$z) { ++ ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)"); ++ ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)"); ++} else { ++ ld ("%f8","$FRAME-8*8($sp)"); ++ ld ("%f9","$FRAME-8*7($sp)"); ++ ld ("%f10","$FRAME-8*6($sp)"); ++ ld ("%f11","$FRAME-8*5($sp)"); ++ ld ("%f12","$FRAME-8*4($sp)"); ++ ld ("%f13","$FRAME-8*3($sp)"); ++ ld ("%f14","$FRAME-8*2($sp)"); ++ ld ("%f15","$FRAME-8*1($sp)"); ++} ++&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)"); ++ la ($sp,"$FRAME($sp)"); ++ br ("%r14"); ++ ++ALIGN (16); ++LABEL (".Ltail_vx"); ++if (!$z) { ++ ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)"); ++ ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)"); ++} else { ++ ld ("%f8","$FRAME-8*8($sp)"); ++ ld ("%f9","$FRAME-8*7($sp)"); ++ ld ("%f10","$FRAME-8*6($sp)"); ++ ld ("%f11","$FRAME-8*5($sp)"); ++ ld ("%f12","$FRAME-8*4($sp)"); ++ ld ("%f13","$FRAME-8*3($sp)"); ++ ld ("%f14","$FRAME-8*2($sp)"); ++ ld ("%f15","$FRAME-8*1($sp)"); ++} ++ vstm ($a0,$d0,"$stdframe($sp)"); ++ lghi ("%r1",0); ++ ++LABEL (".Loop_tail_vx"); ++ llgc ("%r5","0(%r1,$inp)"); ++ llgc ("%r6","$stdframe(%r1,$sp)"); ++ xr ("%r6","%r5"); ++ stc ("%r6","0(%r1,$out)"); ++ la ("%r1","1(%r1)"); ++ brct ($len,".Loop_tail_vx"); ++ ++&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)"); ++ la ($sp,"$FRAME($sp)"); ++ br ("%r14"); ++SIZE ("ChaCha20_ctr32_vx",".-ChaCha20_ctr32_vx"); ++} ++################ ++ ++ALIGN (32); ++LABEL (".Lsigma"); ++LONG (0x61707865,0x3320646e,0x79622d32,0x6b206574); # endian-neutral sigma ++LONG (1,0,0,0); ++LONG (2,0,0,0); ++LONG (3,0,0,0); ++LONG (0x03020100,0x07060504,0x0b0a0908,0x0f0e0d0c); # byte swap ++ ++LONG (0,1,2,3); ++LONG (0x61707865,0x61707865,0x61707865,0x61707865); # smashed sigma ++LONG (0x3320646e,0x3320646e,0x3320646e,0x3320646e); ++LONG (0x79622d32,0x79622d32,0x79622d32,0x79622d32); ++LONG (0x6b206574,0x6b206574,0x6b206574,0x6b206574); ++ ++ASCIZ ("\"ChaCha20 for s390x, CRYPTOGAMS by \""); ++ALIGN (4); ++ ++PERLASM_END(); +diff -up openssl-1.1.1b/crypto/perlasm/s390x.pm.s390x-update openssl-1.1.1b/crypto/perlasm/s390x.pm +--- openssl-1.1.1b/crypto/perlasm/s390x.pm.s390x-update 2019-05-06 10:54:00.037367571 +0200 ++++ openssl-1.1.1b/crypto/perlasm/s390x.pm 2019-05-06 10:54:00.038367554 +0200 +@@ -0,0 +1,3060 @@ ++#!/usr/bin/env perl ++# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the OpenSSL license (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++# Copyright IBM Corp. 2018 ++# Author: Patrick Steuer ++ ++package perlasm::s390x; ++ ++use strict; ++use warnings; ++use Carp qw(confess); ++use Exporter qw(import); ++ ++our @EXPORT=qw(PERLASM_BEGIN PERLASM_END); ++our @EXPORT_OK=qw(AUTOLOAD LABEL INCLUDE stfle); ++our %EXPORT_TAGS=( ++ MSA => [qw(kmac km kmc kimd klmd)], ++ MSA4 => [qw(kmf kmo pcc kmctr)], ++ MSA5 => [qw(ppno prno)], ++ MSA8 => [qw(kma)], ++ VX => [qw(vgef vgeg vgbm vzero vone vgm vgmb vgmh vgmf vgmg ++ vl vlr vlrep vlrepb vlreph vlrepf vlrepg vleb vleh vlef vleg vleib ++ vleih vleif vleig vlgv vlgvb vlgvh vlgvf vlgvg vllez vllezb vllezh ++ vllezf vllezg vlm vlbb vlvg vlvgb vlvgh vlvgf vlvgg vlvgp ++ vll vmrh vmrhb vmrhh vmrhf vmrhg vmrl vmrlb vmrlh vmrlf vmrlg vpk ++ vpkh vpkf vpkg vpks vpksh vpksf vpksg vpkshs vpksfs vpksgs vpkls ++ vpklsh vpklsf vpklsg vpklshs vpklsfs vpklsgs vperm vpdi vrep vrepb ++ vreph vrepf vrepg vrepi vrepib vrepih vrepif vrepig vscef vsceg ++ vsel vseg vsegb vsegh vsegf vst vsteb vsteh vstef vsteg vstm vstl ++ vuph vuphb vuphh vuphf vuplh vuplhb vuplhh vuplhf vupl vuplb vuplhw ++ vuplf vupll vupllb vupllh vupllf va vab vah vaf vag vaq vacc vaccb ++ vacch vaccf vaccg vaccq vac vacq vaccc vacccq vn vnc vavg vavgb ++ vavgh vavgf vavgg vavgl vavglb vavglh vavglf vavglg vcksm vec_ vecb ++ vech vecf vecg vecl veclb veclh veclf veclg vceq vceqb vceqh vceqf ++ vceqg vceqbs vceqhs vceqfs vceqgs vch vchb vchh vchf vchg vchbs ++ vchhs vchfs vchgs vchl vchlb vchlh vchlf vchlg vchlbs vchlhs vchlfs ++ vchlgs vclz vclzb vclzh vclzf vclzg vctz vctzb vctzh vctzf vctzg ++ vx vgfm vgfmb vgfmh vgfmf vgfmg vgfma vgfmab vgfmah vgfmaf vgfmag ++ vlc vlcb vlch vlcf vlcg vlp vlpb vlph vlpf vlpg vmx vmxb vmxh vmxf ++ vmxg vmxl vmxlb vmxlh vmxlf vmxlg vmn vmnb vmnh vmnf vmng vmnl ++ vmnlb vmnlh vmnlf vmnlg vmal vmalb vmalhw vmalf vmah vmahb vmahh ++ vmahf vmalh vmalhb vmalhh vmalhf vmae vmaeb vmaeh vmaef vmale ++ vmaleb vmaleh vmalef vmao vmaob vmaoh vmaof vmalo vmalob vmaloh ++ vmalof vmh vmhb vmhh vmhf vmlh vmlhb vmlhh vmlhf vml vmlb vmlhw ++ vmlf vme vmeb vmeh vmef vmle vmleb vmleh vmlef vmo vmob vmoh vmof ++ vmlo vmlob vmloh vmlof vno vnot vo vpopct verllv verllvb verllvh ++ verllvf verllvg verll verllb verllh verllf verllg verim verimb ++ verimh verimf verimg veslv veslvb veslvh veslvf veslvg vesl veslb ++ veslh veslf veslg vesrav vesravb vesravh vesravf vesravg vesra ++ vesrab vesrah vesraf vesrag vesrlv vesrlvb vesrlvh vesrlvf vesrlvg ++ vesrl vesrlb vesrlh vesrlf vesrlg vsl vslb vsldb vsra vsrab vsrl ++ vsrlb vs vsb vsh vsf vsg vsq vscbi vscbib vscbih vscbif vscbig ++ vscbiq vsbi vsbiq vsbcbi vsbcbiq vsumg vsumgh vsumgf vsumq vsumqf ++ vsumqg vsum vsumb vsumh vtm vfae vfaeb vfaeh vfaef vfaebs vfaehs ++ vfaefs vfaezb vfaezh vfaezf vfaezbs vfaezhs vfaezfs vfee vfeeb ++ vfeeh vfeef vfeebs vfeehs vfeefs vfeezb vfeezh vfeezf vfeezbs ++ vfeezhs vfeezfs vfene vfeneb vfeneh vfenef vfenebs vfenehs vfenefs ++ vfenezb vfenezh vfenezf vfenezbs vfenezhs vfenezfs vistr vistrb ++ vistrh vistrf vistrbs vistrhs vistrfs vstrc vstrcb vstrch vstrcf ++ vstrcbs vstrchs vstrcfs vstrczb vstrczh vstrczf vstrczbs vstrczhs ++ vstrczfs vfa vfadb wfadb wfc wfcdb wfk wfkdb vfce vfcedb wfcedb ++ vfcedbs wfcedbs vfch vfchdb wfchdb vfchdbs wfchdbs vfche vfchedb ++ wfchedb vfchedbs wfchedbs vcdg vcdgb wcdgb vcdlg vcdlgb wcdlgb vcgd ++ vcgdb wcgdb vclgd vclgdb wclgdb vfd vfddb wfddb vfi vfidb wfidb ++ vlde vldeb wldeb vled vledb wledb vfm vfmdb wfmdb vfma vfmadb ++ wfmadb vfms vfmsdb wfmsdb vfpso vfpsodb wfpsodb vflcdb wflcdb ++ vflndb wflndb vflpdb wflpdb vfsq vfsqdb wfsqdb vfs vfsdb wfsdb ++ vftci vftcidb wftcidb)], ++ VXE => [qw(vbperm vllezlf vmsl vmslg vnx vnn voc vpopctb vpopcth ++ vpopctf vpopctg vfasb wfasb wfaxb wfcsb wfcxb wfksb wfkxb vfcesb ++ vfcesbs wfcesb wfcesbs wfcexb wfcexbs vfchsb vfchsbs wfchsb wfchsbs ++ wfchxb wfchxbs vfchesb vfchesbs wfchesb wfchesbs wfchexb wfchexbs ++ vfdsb wfdsb wfdxb vfisb wfisb wfixb vfll vflls wflls wflld vflr ++ vflrd wflrd wflrx vfmax vfmaxsb vfmaxdb wfmaxsb wfmaxdb wfmaxxb ++ vfmin vfminsb vfmindb wfminsb wfmindb wfminxb vfmsb wfmsb wfmxb ++ vfnma vfnms vfmasb wfmasb wfmaxb vfmssb wfmssb wfmsxb vfnmasb ++ vfnmadb wfnmasb wfnmadb wfnmaxb vfnmssb vfnmsdb wfnmssb wfnmsdb ++ wfnmsxb vfpsosb wfpsosb vflcsb wflcsb vflnsb wflnsb vflpsb wflpsb ++ vfpsoxb wfpsoxb vflcxb wflcxb vflnxb wflnxb vflpxb wflpxb vfsqsb ++ wfsqsb wfsqxb vfssb wfssb wfsxb vftcisb wftcisb wftcixb)], ++ VXD => [qw(vlrlr vlrl vstrlr vstrl vap vcp vcvb vcvbg vcvd vcvdg vdp ++ vlip vmp vmsp vpkz vpsop vrp vsdp vsrp vsp vtp vupkz)], ++); ++Exporter::export_ok_tags(qw(MSA MSA4 MSA5 MSA8 VX VXE VXD)); ++ ++our $AUTOLOAD; ++ ++my $GR='(?:%r)?([0-9]|1[0-5])'; ++my $VR='(?:%v)?([0-9]|1[0-9]|2[0-9]|3[0-1])'; ++ ++my ($file,$out); ++ ++sub PERLASM_BEGIN ++{ ++ ($file,$out)=(shift,""); ++} ++sub PERLASM_END ++{ ++ if (defined($file)) { ++ open(my $fd,'>',$file)||die("can't open $file: $!"); ++ print({$fd}$out); ++ close($fd); ++ } else { ++ print($out); ++ } ++} ++ ++sub AUTOLOAD { ++ confess(err("PARSE")) if (grep(!defined($_),@_)); ++ my $token; ++ for ($AUTOLOAD) { ++ $token=".$1" if (/^.*::([A-Z_]+)$/); # uppercase: directive ++ $token="\t$1" if (/^.*::([a-z]+)$/); # lowercase: mnemonic ++ confess(err("PARSE")) if (!defined($token)); ++ } ++ $token.="\t" if ($#_>=0); ++ $out.=$token.join(',',@_)."\n"; ++} ++ ++sub LABEL { # label directive ++ confess(err("ARGNUM")) if ($#_!=0); ++ my ($label)=@_; ++ $out.="$label:\n"; ++} ++ ++sub INCLUDE { ++ confess(err("ARGNUM")) if ($#_!=0); ++ my ($file)=@_; ++ $out.="#include \"$file\"\n"; ++} ++ ++# ++# Mnemonics ++# ++ ++sub stfle { ++ confess(err("ARGNUM")) if ($#_!=0); ++ S(0xb2b0,@_); ++} ++ ++# MSA ++ ++sub kmac { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RRE(0xb91e,@_); ++} ++ ++sub km { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RRE(0xb92e,@_); ++} ++ ++sub kmc { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RRE(0xb92f,@_); ++} ++ ++sub kimd { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RRE(0xb93e,@_); ++} ++ ++sub klmd { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RRE(0xb93f,@_); ++} ++ ++# MSA4 ++ ++sub kmf { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RRE(0xb92a,@_); ++} ++ ++sub kmo { ++ confess(err("ARGNUM")) if ($#_!=1); ++ RRE(0xb92b,@_); ++} ++ ++sub pcc { ++ confess(err("ARGNUM")) if ($#_!=-1); ++ RRE(0xb92c,@_); ++} ++ ++sub kmctr { ++ confess(err("ARGNUM")) if ($#_!=2); ++ RRFb(0xb92d,@_); ++} ++ ++# MSA5 ++ ++sub prno { ++ ppno(@_); ++} ++ ++sub ppno { # deprecated, use prno ++ confess(err("ARGNUM")) if ($#_!=1); ++ RRE(0xb93c,@_); ++} ++ ++# MSA8 ++ ++sub kma { ++ confess(err("ARGNUM")) if ($#_!=2); ++ RRFb(0xb929,@_); ++} ++ ++# VX - Support Instructions ++ ++sub vgef { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRV(0xe713,@_); ++} ++sub vgeg { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRV(0xe712,@_); ++} ++ ++sub vgbm { ++ confess(err("ARGNUM")) if ($#_!=1); ++ VRIa(0xe744,@_); ++} ++sub vzero { ++ vgbm(@_,0); ++} ++sub vone { ++ vgbm(@_,0xffff); ++} ++ ++sub vgm { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRIb(0xe746,@_); ++} ++sub vgmb { ++ vgm(@_,0); ++} ++sub vgmh { ++ vgm(@_,1); ++} ++sub vgmf { ++ vgm(@_,2); ++} ++sub vgmg { ++ vgm(@_,3); ++} ++ ++sub vl { ++ confess(err("ARGNUM")) if ($#_<1||$#_>2); ++ VRX(0xe706,@_); ++} ++ ++sub vlr { ++ confess(err("ARGNUM")) if ($#_!=1); ++ VRRa(0xe756,@_); ++} ++ ++sub vlrep { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe705,@_); ++} ++sub vlrepb { ++ vlrep(@_,0); ++} ++sub vlreph { ++ vlrep(@_,1); ++} ++sub vlrepf { ++ vlrep(@_,2); ++} ++sub vlrepg { ++ vlrep(@_,3); ++} ++ ++sub vleb { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe700,@_); ++} ++sub vleh { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe701,@_); ++} ++sub vlef { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe703,@_); ++} ++sub vleg { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe702,@_); ++} ++ ++sub vleib { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRIa(0xe740,@_); ++} ++sub vleih { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRIa(0xe741,@_); ++} ++sub vleif { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRIa(0xe743,@_); ++} ++sub vleig { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRIa(0xe742,@_); ++} ++ ++sub vlgv { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRSc(0xe721,@_); ++} ++sub vlgvb { ++ vlgv(@_,0); ++} ++sub vlgvh { ++ vlgv(@_,1); ++} ++sub vlgvf { ++ vlgv(@_,2); ++} ++sub vlgvg { ++ vlgv(@_,3); ++} ++ ++sub vllez { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe704,@_); ++} ++sub vllezb { ++ vllez(@_,0); ++} ++sub vllezh { ++ vllez(@_,1); ++} ++sub vllezf { ++ vllez(@_,2); ++} ++sub vllezg { ++ vllez(@_,3); ++} ++ ++sub vlm { ++ confess(err("ARGNUM")) if ($#_<2||$#_>3); ++ VRSa(0xe736,@_); ++} ++ ++sub vlbb { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe707,@_); ++} ++ ++sub vlvg { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRSb(0xe722,@_); ++} ++sub vlvgb { ++ vlvg(@_,0); ++} ++sub vlvgh { ++ vlvg(@_,1); ++} ++sub vlvgf { ++ vlvg(@_,2); ++} ++sub vlvgg { ++ vlvg(@_,3); ++} ++ ++sub vlvgp { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRf(0xe762,@_); ++} ++ ++sub vll { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRSb(0xe737,@_); ++} ++ ++sub vmrh { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe761,@_); ++} ++sub vmrhb { ++ vmrh(@_,0); ++} ++sub vmrhh { ++ vmrh(@_,1); ++} ++sub vmrhf { ++ vmrh(@_,2); ++} ++sub vmrhg { ++ vmrh(@_,3); ++} ++ ++sub vmrl { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe760,@_); ++} ++sub vmrlb { ++ vmrl(@_,0); ++} ++sub vmrlh { ++ vmrl(@_,1); ++} ++sub vmrlf { ++ vmrl(@_,2); ++} ++sub vmrlg { ++ vmrl(@_,3); ++} ++ ++sub vpk { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe794,@_); ++} ++sub vpkh { ++ vpk(@_,1); ++} ++sub vpkf { ++ vpk(@_,2); ++} ++sub vpkg { ++ vpk(@_,3); ++} ++ ++sub vpks { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRb(0xe797,@_); ++} ++sub vpksh { ++ vpks(@_,1,0); ++} ++sub vpksf { ++ vpks(@_,2,0); ++} ++sub vpksg { ++ vpks(@_,3,0); ++} ++sub vpkshs { ++ vpks(@_,1,1); ++} ++sub vpksfs { ++ vpks(@_,2,1); ++} ++sub vpksgs { ++ vpks(@_,3,1); ++} ++ ++sub vpkls { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRb(0xe795,@_); ++} ++sub vpklsh { ++ vpkls(@_,1,0); ++} ++sub vpklsf { ++ vpkls(@_,2,0); ++} ++sub vpklsg { ++ vpkls(@_,3,0); ++} ++sub vpklshs { ++ vpkls(@_,1,1); ++} ++sub vpklsfs { ++ vpkls(@_,2,1); ++} ++sub vpklsgs { ++ vpkls(@_,3,1); ++} ++ ++sub vperm { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRe(0xe78c,@_); ++} ++ ++sub vpdi { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe784,@_); ++} ++ ++sub vrep { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRIc(0xe74d,@_); ++} ++sub vrepb { ++ vrep(@_,0); ++} ++sub vreph { ++ vrep(@_,1); ++} ++sub vrepf { ++ vrep(@_,2); ++} ++sub vrepg { ++ vrep(@_,3); ++} ++ ++sub vrepi { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRIa(0xe745,@_); ++} ++sub vrepib { ++ vrepi(@_,0); ++} ++sub vrepih { ++ vrepi(@_,1); ++} ++sub vrepif { ++ vrepi(@_,2); ++} ++sub vrepig { ++ vrepi(@_,3); ++} ++ ++sub vscef { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRV(0xe71b,@_); ++} ++sub vsceg { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRV(0xe71a,@_); ++} ++ ++sub vsel { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRe(0xe78d,@_); ++} ++ ++sub vseg { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe75f,@_); ++} ++sub vsegb { ++ vseg(@_,0); ++} ++sub vsegh { ++ vseg(@_,1); ++} ++sub vsegf { ++ vseg(@_,2); ++} ++ ++sub vst { ++ confess(err("ARGNUM")) if ($#_<1||$#_>2); ++ VRX(0xe70e,@_); ++} ++ ++sub vsteb { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe708,@_); ++} ++sub vsteh { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe709,@_); ++} ++sub vstef { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe70b,@_); ++} ++sub vsteg { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRX(0xe70a,@_); ++} ++ ++sub vstm { ++ confess(err("ARGNUM")) if ($#_<2||$#_>3); ++ VRSa(0xe73e,@_); ++} ++ ++sub vstl { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRSb(0xe73f,@_); ++} ++ ++sub vuph { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe7d7,@_); ++} ++sub vuphb { ++ vuph(@_,0); ++} ++sub vuphh { ++ vuph(@_,1); ++} ++sub vuphf { ++ vuph(@_,2); ++} ++ ++sub vuplh { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe7d5,@_); ++} ++sub vuplhb { ++ vuplh(@_,0); ++} ++sub vuplhh { ++ vuplh(@_,1); ++} ++sub vuplhf { ++ vuplh(@_,2); ++} ++ ++sub vupl { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe7d6,@_); ++} ++sub vuplb { ++ vupl(@_,0); ++} ++sub vuplhw { ++ vupl(@_,1); ++} ++sub vuplf { ++ vupl(@_,2); ++} ++ ++sub vupll { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe7d4,@_); ++} ++sub vupllb { ++ vupll(@_,0); ++} ++sub vupllh { ++ vupll(@_,1); ++} ++sub vupllf { ++ vupll(@_,2); ++} ++ ++# VX - Integer Instructions ++ ++sub va { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7f3,@_); ++} ++sub vab { ++ va(@_,0); ++} ++sub vah { ++ va(@_,1); ++} ++sub vaf { ++ va(@_,2); ++} ++sub vag { ++ va(@_,3); ++} ++sub vaq { ++ va(@_,4); ++} ++ ++sub vacc { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7f1,@_); ++} ++sub vaccb { ++ vacc(@_,0); ++} ++sub vacch { ++ vacc(@_,1); ++} ++sub vaccf { ++ vacc(@_,2); ++} ++sub vaccg { ++ vacc(@_,3); ++} ++sub vaccq { ++ vacc(@_,4); ++} ++ ++sub vac { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7bb,@_); ++} ++sub vacq { ++ vac(@_,4); ++} ++ ++sub vaccc { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7b9,@_); ++} ++sub vacccq { ++ vaccc(@_,4); ++} ++ ++sub vn { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe768,@_); ++} ++ ++sub vnc { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe769,@_); ++} ++ ++sub vavg { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7f2,@_); ++} ++sub vavgb { ++ vavg(@_,0); ++} ++sub vavgh { ++ vavg(@_,1); ++} ++sub vavgf { ++ vavg(@_,2); ++} ++sub vavgg { ++ vavg(@_,3); ++} ++ ++sub vavgl { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7f0,@_); ++} ++sub vavglb { ++ vavgl(@_,0); ++} ++sub vavglh { ++ vavgl(@_,1); ++} ++sub vavglf { ++ vavgl(@_,2); ++} ++sub vavglg { ++ vavgl(@_,3); ++} ++ ++sub vcksm { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe766,@_); ++} ++ ++sub vec_ { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe7db,@_); ++} ++sub vecb { ++ vec_(@_,0); ++} ++sub vech { ++ vec_(@_,1); ++} ++sub vecf { ++ vec_(@_,2); ++} ++sub vecg { ++ vec_(@_,3); ++} ++ ++sub vecl { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe7d9,@_); ++} ++sub veclb { ++ vecl(@_,0); ++} ++sub veclh { ++ vecl(@_,1); ++} ++sub veclf { ++ vecl(@_,2); ++} ++sub veclg { ++ vecl(@_,3); ++} ++ ++sub vceq { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRb(0xe7f8,@_); ++} ++sub vceqb { ++ vceq(@_,0,0); ++} ++sub vceqh { ++ vceq(@_,1,0); ++} ++sub vceqf { ++ vceq(@_,2,0); ++} ++sub vceqg { ++ vceq(@_,3,0); ++} ++sub vceqbs { ++ vceq(@_,0,1); ++} ++sub vceqhs { ++ vceq(@_,1,1); ++} ++sub vceqfs { ++ vceq(@_,2,1); ++} ++sub vceqgs { ++ vceq(@_,3,1); ++} ++ ++sub vch { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRb(0xe7fb,@_); ++} ++sub vchb { ++ vch(@_,0,0); ++} ++sub vchh { ++ vch(@_,1,0); ++} ++sub vchf { ++ vch(@_,2,0); ++} ++sub vchg { ++ vch(@_,3,0); ++} ++sub vchbs { ++ vch(@_,0,1); ++} ++sub vchhs { ++ vch(@_,1,1); ++} ++sub vchfs { ++ vch(@_,2,1); ++} ++sub vchgs { ++ vch(@_,3,1); ++} ++ ++sub vchl { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRb(0xe7f9,@_); ++} ++sub vchlb { ++ vchl(@_,0,0); ++} ++sub vchlh { ++ vchl(@_,1,0); ++} ++sub vchlf { ++ vchl(@_,2,0); ++} ++sub vchlg { ++ vchl(@_,3,0); ++} ++sub vchlbs { ++ vchl(@_,0,1); ++} ++sub vchlhs { ++ vchl(@_,1,1); ++} ++sub vchlfs { ++ vchl(@_,2,1); ++} ++sub vchlgs { ++ vchl(@_,3,1); ++} ++ ++sub vclz { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe753,@_); ++} ++sub vclzb { ++ vclz(@_,0); ++} ++sub vclzh { ++ vclz(@_,1); ++} ++sub vclzf { ++ vclz(@_,2); ++} ++sub vclzg { ++ vclz(@_,3); ++} ++ ++sub vctz { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe752,@_); ++} ++sub vctzb { ++ vctz(@_,0); ++} ++sub vctzh { ++ vctz(@_,1); ++} ++sub vctzf { ++ vctz(@_,2); ++} ++sub vctzg { ++ vctz(@_,3); ++} ++ ++sub vx { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe76d,@_); ++} ++ ++sub vgfm { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7b4,@_); ++} ++sub vgfmb { ++ vgfm(@_,0); ++} ++sub vgfmh { ++ vgfm(@_,1); ++} ++sub vgfmf { ++ vgfm(@_,2); ++} ++sub vgfmg { ++ vgfm(@_,3); ++} ++ ++sub vgfma { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7bc,@_); ++} ++sub vgfmab { ++ vgfma(@_,0); ++} ++sub vgfmah { ++ vgfma(@_,1); ++} ++sub vgfmaf { ++ vgfma(@_,2); ++} ++sub vgfmag { ++ vgfma(@_,3); ++} ++ ++sub vlc { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe7de,@_); ++} ++sub vlcb { ++ vlc(@_,0); ++} ++sub vlch { ++ vlc(@_,1); ++} ++sub vlcf { ++ vlc(@_,2); ++} ++sub vlcg { ++ vlc(@_,3); ++} ++ ++sub vlp { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe7df,@_); ++} ++sub vlpb { ++ vlp(@_,0); ++} ++sub vlph { ++ vlp(@_,1); ++} ++sub vlpf { ++ vlp(@_,2); ++} ++sub vlpg { ++ vlp(@_,3); ++} ++ ++sub vmx { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7ff,@_); ++} ++sub vmxb { ++ vmx(@_,0); ++} ++sub vmxh { ++ vmx(@_,1); ++} ++sub vmxf { ++ vmx(@_,2); ++} ++sub vmxg { ++ vmx(@_,3); ++} ++ ++sub vmxl { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7fd,@_); ++} ++sub vmxlb { ++ vmxl(@_,0); ++} ++sub vmxlh { ++ vmxl(@_,1); ++} ++sub vmxlf { ++ vmxl(@_,2); ++} ++sub vmxlg { ++ vmxl(@_,3); ++} ++ ++sub vmn { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7fe,@_); ++} ++sub vmnb { ++ vmn(@_,0); ++} ++sub vmnh { ++ vmn(@_,1); ++} ++sub vmnf { ++ vmn(@_,2); ++} ++sub vmng { ++ vmn(@_,3); ++} ++ ++sub vmnl { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7fc,@_); ++} ++sub vmnlb { ++ vmnl(@_,0); ++} ++sub vmnlh { ++ vmnl(@_,1); ++} ++sub vmnlf { ++ vmnl(@_,2); ++} ++sub vmnlg { ++ vmnl(@_,3); ++} ++ ++sub vmal { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7aa,@_); ++} ++sub vmalb { ++ vmal(@_,0); ++} ++sub vmalhw { ++ vmal(@_,1); ++} ++sub vmalf { ++ vmal(@_,2); ++} ++ ++sub vmah { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7ab,@_); ++} ++sub vmahb { ++ vmah(@_,0); ++} ++sub vmahh { ++ vmah(@_,1); ++} ++sub vmahf { ++ vmah(@_,2); ++} ++ ++sub vmalh { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7a9,@_); ++} ++sub vmalhb { ++ vmalh(@_,0); ++} ++sub vmalhh { ++ vmalh(@_,1); ++} ++sub vmalhf { ++ vmalh(@_,2); ++} ++ ++sub vmae { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7ae,@_); ++} ++sub vmaeb { ++ vmae(@_,0); ++} ++sub vmaeh { ++ vmae(@_,1); ++} ++sub vmaef { ++ vmae(@_,2); ++} ++ ++sub vmale { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7ac,@_); ++} ++sub vmaleb { ++ vmale(@_,0); ++} ++sub vmaleh { ++ vmale(@_,1); ++} ++sub vmalef { ++ vmale(@_,2); ++} ++ ++sub vmao { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7af,@_); ++} ++sub vmaob { ++ vmao(@_,0); ++} ++sub vmaoh { ++ vmao(@_,1); ++} ++sub vmaof { ++ vmao(@_,2); ++} ++ ++sub vmalo { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7ad,@_); ++} ++sub vmalob { ++ vmalo(@_,0); ++} ++sub vmaloh { ++ vmalo(@_,1); ++} ++sub vmalof { ++ vmalo(@_,2); ++} ++ ++sub vmh { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7a3,@_); ++} ++sub vmhb { ++ vmh(@_,0); ++} ++sub vmhh { ++ vmh(@_,1); ++} ++sub vmhf { ++ vmh(@_,2); ++} ++ ++sub vmlh { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7a1,@_); ++} ++sub vmlhb { ++ vmlh(@_,0); ++} ++sub vmlhh { ++ vmlh(@_,1); ++} ++sub vmlhf { ++ vmlh(@_,2); ++} ++ ++sub vml { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7a2,@_); ++} ++sub vmlb { ++ vml(@_,0); ++} ++sub vmlhw { ++ vml(@_,1); ++} ++sub vmlf { ++ vml(@_,2); ++} ++ ++sub vme { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7a6,@_); ++} ++sub vmeb { ++ vme(@_,0); ++} ++sub vmeh { ++ vme(@_,1); ++} ++sub vmef { ++ vme(@_,2); ++} ++ ++sub vmle { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7a4,@_); ++} ++sub vmleb { ++ vmle(@_,0); ++} ++sub vmleh { ++ vmle(@_,1); ++} ++sub vmlef { ++ vmle(@_,2); ++} ++ ++sub vmo { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7a7,@_); ++} ++sub vmob { ++ vmo(@_,0); ++} ++sub vmoh { ++ vmo(@_,1); ++} ++sub vmof { ++ vmo(@_,2); ++} ++ ++sub vmlo { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7a5,@_); ++} ++sub vmlob { ++ vmlo(@_,0); ++} ++sub vmloh { ++ vmlo(@_,1); ++} ++sub vmlof { ++ vmlo(@_,2); ++} ++ ++sub vno { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe76b,@_); ++} ++sub vnot { ++ vno(@_,$_[1]); ++} ++ ++sub vo { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe76a,@_); ++} ++ ++sub vpopct { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRa(0xe750,@_); ++} ++ ++sub verllv { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe773,@_); ++} ++sub verllvb { ++ verllv(@_,0); ++} ++sub verllvh { ++ verllv(@_,1); ++} ++sub verllvf { ++ verllv(@_,2); ++} ++sub verllvg { ++ verllv(@_,3); ++} ++ ++sub verll { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRSa(0xe733,@_); ++} ++sub verllb { ++ verll(@_,0); ++} ++sub verllh { ++ verll(@_,1); ++} ++sub verllf { ++ verll(@_,2); ++} ++sub verllg { ++ verll(@_,3); ++} ++ ++sub verim { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRId(0xe772,@_); ++} ++sub verimb { ++ verim(@_,0); ++} ++sub verimh { ++ verim(@_,1); ++} ++sub verimf { ++ verim(@_,2); ++} ++sub verimg { ++ verim(@_,3); ++} ++ ++sub veslv { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe770,@_); ++} ++sub veslvb { ++ veslv(@_,0); ++} ++sub veslvh { ++ veslv(@_,1); ++} ++sub veslvf { ++ veslv(@_,2); ++} ++sub veslvg { ++ veslv(@_,3); ++} ++ ++sub vesl { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRSa(0xe730,@_); ++} ++sub veslb { ++ vesl(@_,0); ++} ++sub veslh { ++ vesl(@_,1); ++} ++sub veslf { ++ vesl(@_,2); ++} ++sub veslg { ++ vesl(@_,3); ++} ++ ++sub vesrav { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe77a,@_); ++} ++sub vesravb { ++ vesrav(@_,0); ++} ++sub vesravh { ++ vesrav(@_,1); ++} ++sub vesravf { ++ vesrav(@_,2); ++} ++sub vesravg { ++ vesrav(@_,3); ++} ++ ++sub vesra { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRSa(0xe73a,@_); ++} ++sub vesrab { ++ vesra(@_,0); ++} ++sub vesrah { ++ vesra(@_,1); ++} ++sub vesraf { ++ vesra(@_,2); ++} ++sub vesrag { ++ vesra(@_,3); ++} ++ ++sub vesrlv { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe778,@_); ++} ++sub vesrlvb { ++ vesrlv(@_,0); ++} ++sub vesrlvh { ++ vesrlv(@_,1); ++} ++sub vesrlvf { ++ vesrlv(@_,2); ++} ++sub vesrlvg { ++ vesrlv(@_,3); ++} ++ ++sub vesrl { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRSa(0xe738,@_); ++} ++sub vesrlb { ++ vesrl(@_,0); ++} ++sub vesrlh { ++ vesrl(@_,1); ++} ++sub vesrlf { ++ vesrl(@_,2); ++} ++sub vesrlg { ++ vesrl(@_,3); ++} ++ ++sub vsl { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe774,@_); ++} ++ ++sub vslb { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe775,@_); ++} ++ ++sub vsldb { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRId(0xe777,@_); ++} ++ ++sub vsra { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe77e,@_); ++} ++ ++sub vsrab { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe77f,@_); ++} ++ ++sub vsrl { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe77c,@_); ++} ++ ++sub vsrlb { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe77d,@_); ++} ++ ++sub vs { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7f7,@_); ++} ++sub vsb { ++ vs(@_,0); ++} ++sub vsh { ++ vs(@_,1); ++} ++sub vsf { ++ vs(@_,2); ++} ++sub vsg { ++ vs(@_,3); ++} ++sub vsq { ++ vs(@_,4); ++} ++ ++sub vscbi { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe7f5,@_); ++} ++sub vscbib { ++ vscbi(@_,0); ++} ++sub vscbih { ++ vscbi(@_,1); ++} ++sub vscbif { ++ vscbi(@_,2); ++} ++sub vscbig { ++ vscbi(@_,3); ++} ++sub vscbiq { ++ vscbi(@_,4); ++} ++ ++sub vsbi { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7bf,@_); ++} ++sub vsbiq { ++ vsbi(@_,4); ++} ++ ++sub vsbcbi { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRd(0xe7bd,@_); ++} ++sub vsbcbiq { ++ vsbcbi(@_,4); ++} ++ ++sub vsumg { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe765,@_); ++} ++sub vsumgh { ++ vsumg(@_,1); ++} ++sub vsumgf { ++ vsumg(@_,2); ++} ++ ++sub vsumq { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe767,@_); ++} ++sub vsumqf { ++ vsumq(@_,2); ++} ++sub vsumqg { ++ vsumq(@_,3); ++} ++ ++sub vsum { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRc(0xe764,@_); ++} ++sub vsumb { ++ vsum(@_,0); ++} ++sub vsumh { ++ vsum(@_,1); ++} ++ ++sub vtm { ++ confess(err("ARGNUM")) if ($#_!=1); ++ VRRa(0xe7d8,@_); ++} ++ ++# VX - String Instructions ++ ++sub vfae { ++ confess(err("ARGNUM")) if ($#_<3||$#_>4); ++ VRRb(0xe782,@_); ++} ++sub vfaeb { ++ vfae(@_[0..2],0,$_[3]); ++} ++sub vfaeh { ++ vfae(@_[0..2],1,$_[3]); ++} ++sub vfaef { ++ vfae(@_[0..2],2,$_[3]); ++} ++sub vfaebs { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],0,0x1|$_[3]); ++} ++sub vfaehs { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],1,0x1|$_[3]); ++} ++sub vfaefs { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],2,0x1|$_[3]); ++} ++sub vfaezb { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],0,0x2|$_[3]); ++} ++sub vfaezh { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],1,0x2|$_[3]); ++} ++sub vfaezf { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],2,0x2|$_[3]); ++} ++sub vfaezbs { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],0,0x3|$_[3]); ++} ++sub vfaezhs { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],1,0x3|$_[3]); ++} ++sub vfaezfs { ++ $_[3]=0 if (!defined($_[3])); ++ vfae(@_[0..2],2,0x3|$_[3]); ++} ++ ++sub vfee { ++ confess(err("ARGNUM")) if ($#_<3||$#_>4); ++ VRRb(0xe780,@_); ++} ++sub vfeeb { ++ vfee(@_[0..2],0,$_[3]); ++} ++sub vfeeh { ++ vfee(@_[0..2],1,$_[3]); ++} ++sub vfeef { ++ vfee(@_[0..2],2,$_[3]); ++} ++sub vfeebs { ++ vfee(@_,0,1); ++} ++sub vfeehs { ++ vfee(@_,1,1); ++} ++sub vfeefs { ++ vfee(@_,2,1); ++} ++sub vfeezb { ++ vfee(@_,0,2); ++} ++sub vfeezh { ++ vfee(@_,1,2); ++} ++sub vfeezf { ++ vfee(@_,2,2); ++} ++sub vfeezbs { ++ vfee(@_,0,3); ++} ++sub vfeezhs { ++ vfee(@_,1,3); ++} ++sub vfeezfs { ++ vfee(@_,2,3); ++} ++ ++sub vfene { ++ confess(err("ARGNUM")) if ($#_<3||$#_>4); ++ VRRb(0xe781,@_); ++} ++sub vfeneb { ++ vfene(@_[0..2],0,$_[3]); ++} ++sub vfeneh { ++ vfene(@_[0..2],1,$_[3]); ++} ++sub vfenef { ++ vfene(@_[0..2],2,$_[3]); ++} ++sub vfenebs { ++ vfene(@_,0,1); ++} ++sub vfenehs { ++ vfene(@_,1,1); ++} ++sub vfenefs { ++ vfene(@_,2,1); ++} ++sub vfenezb { ++ vfene(@_,0,2); ++} ++sub vfenezh { ++ vfene(@_,1,2); ++} ++sub vfenezf { ++ vfene(@_,2,2); ++} ++sub vfenezbs { ++ vfene(@_,0,3); ++} ++sub vfenezhs { ++ vfene(@_,1,3); ++} ++sub vfenezfs { ++ vfene(@_,2,3); ++} ++ ++sub vistr { ++ confess(err("ARGNUM")) if ($#_<2||$#_>3); ++ VRRa(0xe75c,@_[0..2],0,$_[3]); ++} ++sub vistrb { ++ vistr(@_[0..1],0,$_[2]); ++} ++sub vistrh { ++ vistr(@_[0..1],1,$_[2]); ++} ++sub vistrf { ++ vistr(@_[0..1],2,$_[2]); ++} ++sub vistrbs { ++ vistr(@_,0,1); ++} ++sub vistrhs { ++ vistr(@_,1,1); ++} ++sub vistrfs { ++ vistr(@_,2,1); ++} ++ ++sub vstrc { ++ confess(err("ARGNUM")) if ($#_<4||$#_>5); ++ VRRd(0xe78a,@_); ++} ++sub vstrcb { ++ vstrc(@_[0..3],0,$_[4]); ++} ++sub vstrch { ++ vstrc(@_[0..3],1,$_[4]); ++} ++sub vstrcf { ++ vstrc(@_[0..3],2,$_[4]); ++} ++sub vstrcbs { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],0,0x1|$_[4]); ++} ++sub vstrchs { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],1,0x1|$_[4]); ++} ++sub vstrcfs { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],2,0x1|$_[4]); ++} ++sub vstrczb { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],0,0x2|$_[4]); ++} ++sub vstrczh { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],1,0x2|$_[4]); ++} ++sub vstrczf { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],2,0x2|$_[4]); ++} ++sub vstrczbs { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],0,0x3|$_[4]); ++} ++sub vstrczhs { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],1,0x3|$_[4]); ++} ++sub vstrczfs { ++ $_[4]=0 if (!defined($_[4])); ++ vstrc(@_[0..3],2,0x3|$_[4]); ++} ++ ++# VX - Floating-point Instructions ++ ++sub vfa { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRc(0xe7e3,@_); ++} ++sub vfadb { ++ vfa(@_,3,0); ++} ++sub wfadb { ++ vfa(@_,3,8); ++} ++ ++sub wfc { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRa(0xe7cb,@_); ++} ++sub wfcdb { ++ wfc(@_,3,0); ++} ++ ++sub wfk { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRa(0xe7ca,@_); ++} ++sub wfksb { ++ wfk(@_,2,0); ++} ++sub wfkdb { ++ wfk(@_,3,0); ++} ++sub wfkxb { ++ wfk(@_,4,0); ++} ++ ++sub vfce { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRc(0xe7e8,@_); ++} ++sub vfcedb { ++ vfce(@_,3,0,0); ++} ++sub vfcedbs { ++ vfce(@_,3,0,1); ++} ++sub wfcedb { ++ vfce(@_,3,8,0); ++} ++sub wfcedbs { ++ vfce(@_,3,8,1); ++} ++ ++sub vfch { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRc(0xe7eb,@_); ++} ++sub vfchdb { ++ vfch(@_,3,0,0); ++} ++sub vfchdbs { ++ vfch(@_,3,0,1); ++} ++sub wfchdb { ++ vfch(@_,3,8,0); ++} ++sub wfchdbs { ++ vfch(@_,3,8,1); ++} ++ ++sub vfche { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRc(0xe7ea,@_); ++} ++sub vfchedb { ++ vfche(@_,3,0,0); ++} ++sub vfchedbs { ++ vfche(@_,3,0,1); ++} ++sub wfchedb { ++ vfche(@_,3,8,0); ++} ++sub wfchedbs { ++ vfche(@_,3,8,1); ++} ++ ++sub vcdg { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRa(0xe7c3,@_); ++} ++sub vcdgb { ++ vcdg(@_[0..1],3,@_[2..3]); ++} ++sub wcdgb { ++ vcdg(@_[0..1],3,0x8|$_[2],$_[3]); ++} ++ ++sub vcdlg { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRa(0xe7c1,@_); ++} ++sub vcdlgb { ++ vcdlg(@_[0..1],3,@_[2..3]); ++} ++sub wcdlgb { ++ vcdlg(@_[0..1],3,0x8|$_[2],$_[3]); ++} ++ ++sub vcgd { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRa(0xe7c2,@_); ++} ++sub vcgdb { ++ vcgd(@_[0..1],3,@_[2..3]); ++} ++sub wcgdb { ++ vcgd(@_[0..1],3,0x8|$_[2],$_[3]); ++} ++ ++sub vclgd { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRa(0xe7c0,@_); ++} ++sub vclgdb { ++ vclgd(@_[0..1],3,@_[2..3]); ++} ++sub wclgdb { ++ vclgd(@_[0..1],3,0x8|$_[2],$_[3]); ++} ++ ++sub vfd { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRc(0xe7e5,@_); ++} ++sub vfddb { ++ vfd(@_,3,0); ++} ++sub wfddb { ++ vfd(@_,3,8); ++} ++ ++sub vfi { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRa(0xe7c7,@_); ++} ++sub vfidb { ++ vfi(@_[0..1],3,@_[2..3]); ++} ++sub wfidb { ++ vfi(@_[0..1],3,0x8|$_[2],$_[3]); ++} ++ ++sub vlde { # deprecated, use vfll ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRa(0xe7c4,@_); ++} ++sub vldeb { # deprecated, use vflls ++ vlde(@_,2,0); ++} ++sub wldeb { # deprecated, use wflls ++ vlde(@_,2,8); ++} ++ ++sub vled { # deprecated, use vflr ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRa(0xe7c5,@_); ++} ++sub vledb { # deprecated, use vflrd ++ vled(@_[0..1],3,@_[2..3]); ++} ++sub wledb { # deprecated, use wflrd ++ vled(@_[0..1],3,0x8|$_[2],$_[3]); ++} ++ ++sub vfm { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRc(0xe7e7,@_); ++} ++sub vfmdb { ++ vfm(@_,3,0); ++} ++sub wfmdb { ++ vfm(@_,3,8); ++} ++ ++sub vfma { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRe(0xe78f,@_); ++} ++sub vfmadb { ++ vfma(@_,0,3); ++} ++sub wfmadb { ++ vfma(@_,8,3); ++} ++ ++sub vfms { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRe(0xe78e,@_); ++} ++sub vfmsdb { ++ vfms(@_,0,3); ++} ++sub wfmsdb { ++ vfms(@_,8,3); ++} ++ ++sub vfpso { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRa(0xe7cc,@_); ++} ++sub vfpsodb { ++ vfpso(@_[0..1],3,0,$_[2]); ++} ++sub wfpsodb { ++ vfpso(@_[0..1],3,8,$_[2]); ++} ++sub vflcdb { ++ vfpso(@_,3,0,0); ++} ++sub wflcdb { ++ vfpso(@_,3,8,0); ++} ++sub vflndb { ++ vfpso(@_,3,0,1); ++} ++sub wflndb { ++ vfpso(@_,3,8,1); ++} ++sub vflpdb { ++ vfpso(@_,3,0,2); ++} ++sub wflpdb { ++ vfpso(@_,3,8,2); ++} ++ ++sub vfsq { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRRa(0xe7ce,@_); ++} ++sub vfsqdb { ++ vfsq(@_,3,0); ++} ++sub wfsqdb { ++ vfsq(@_,3,8); ++} ++ ++sub vfs { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRRc(0xe7e2,@_); ++} ++sub vfsdb { ++ vfs(@_,3,0); ++} ++sub wfsdb { ++ vfs(@_,3,8); ++} ++ ++sub vftci { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIe(0xe74a,@_); ++} ++sub vftcidb { ++ vftci(@_,3,0); ++} ++sub wftcidb { ++ vftci(@_,3,8); ++} ++ ++# VXE - Support Instructions ++ ++sub vbperm { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe785,@_); ++} ++ ++sub vllezlf { ++ vllez(@_,6); ++} ++ ++# VXE - Integer Instructions ++ ++sub vmsl { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRd(0xe7b8,@_); ++} ++sub vmslg { ++ vmsl(@_[0..3],3,$_[4]); ++} ++ ++sub vnx { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe76c,@_); ++} ++ ++sub vnn { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe76e,@_); ++} ++ ++sub voc { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRc(0xe76f,@_); ++} ++ ++sub vpopctb { ++ vpopct(@_,0); ++} ++sub vpopcth { ++ vpopct(@_,1); ++} ++sub vpopctf { ++ vpopct(@_,2); ++} ++sub vpopctg { ++ vpopct(@_,3); ++} ++ ++# VXE - Floating-Point Instructions ++ ++sub vfasb { ++ vfa(@_,2,0); ++} ++sub wfasb { ++ vfa(@_,2,8); ++} ++sub wfaxb { ++ vfa(@_,4,8); ++} ++ ++sub wfcsb { ++ wfc(@_,2,0); ++} ++sub wfcxb { ++ wfc(@_,4,0); ++} ++ ++sub vfcesb { ++ vfce(@_,2,0,0); ++} ++sub vfcesbs { ++ vfce(@_,2,0,1); ++} ++sub wfcesb { ++ vfce(@_,2,8,0); ++} ++sub wfcesbs { ++ vfce(@_,2,8,1); ++} ++sub wfcexb { ++ vfce(@_,4,8,0); ++} ++sub wfcexbs { ++ vfce(@_,4,8,1); ++} ++ ++sub vfchsb { ++ vfch(@_,2,0,0); ++} ++sub vfchsbs { ++ vfch(@_,2,0,1); ++} ++sub wfchsb { ++ vfch(@_,2,8,0); ++} ++sub wfchsbs { ++ vfch(@_,2,8,1); ++} ++sub wfchxb { ++ vfch(@_,4,8,0); ++} ++sub wfchxbs { ++ vfch(@_,4,8,1); ++} ++ ++sub vfchesb { ++ vfche(@_,2,0,0); ++} ++sub vfchesbs { ++ vfche(@_,2,0,1); ++} ++sub wfchesb { ++ vfche(@_,2,8,0); ++} ++sub wfchesbs { ++ vfche(@_,2,8,1); ++} ++sub wfchexb { ++ vfche(@_,4,8,0); ++} ++sub wfchexbs { ++ vfche(@_,4,8,1); ++} ++ ++sub vfdsb { ++ vfd(@_,2,0); ++} ++sub wfdsb { ++ vfd(@_,2,8); ++} ++sub wfdxb { ++ vfd(@_,4,8); ++} ++ ++sub vfisb { ++ vfi(@_[0..1],2,@_[2..3]); ++} ++sub wfisb { ++ vfi(@_[0..1],2,0x8|$_[2],$_[3]); ++} ++sub wfixb { ++ vfi(@_[0..1],4,0x8|$_[2],$_[3]); ++} ++ ++sub vfll { ++ vlde(@_); ++} ++sub vflls { ++ vfll(@_,2,0); ++} ++sub wflls { ++ vfll(@_,2,8); ++} ++sub wflld { ++ vfll(@_,3,8); ++} ++ ++sub vflr { ++ vled(@_); ++} ++sub vflrd { ++ vflr(@_[0..1],3,@_[2..3]); ++} ++sub wflrd { ++ vflr(@_[0..1],3,0x8|$_[2],$_[3]); ++} ++sub wflrx { ++ vflr(@_[0..1],4,0x8|$_[2],$_[3]); ++} ++ ++sub vfmax { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRc(0xe7ef,@_); ++} ++sub vfmaxsb { ++ vfmax(@_[0..2],2,0,$_[3]); ++} ++sub vfmaxdb { ++ vfmax(@_[0..2],3,0,$_[3]); ++} ++sub wfmaxsb { ++ vfmax(@_[0..2],2,8,$_[3]); ++} ++sub wfmaxdb { ++ vfmax(@_[0..2],3,8,$_[3]); ++} ++sub wfmaxxb { ++ vfmax(@_[0..2],4,8,$_[3]); ++} ++ ++sub vfmin { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRc(0xe7ee,@_); ++} ++sub vfminsb { ++ vfmin(@_[0..2],2,0,$_[5]); ++} ++sub vfmindb { ++ vfmin(@_[0..2],3,0,$_[5]); ++} ++sub wfminsb { ++ vfmin(@_[0..2],2,8,$_[5]); ++} ++sub wfmindb { ++ vfmin(@_[0..2],3,8,$_[5]); ++} ++sub wfminxb { ++ vfmin(@_[0..2],4,8,$_[5]); ++} ++ ++sub vfmsb { ++ vfm(@_,2,0); ++} ++sub wfmsb { ++ vfm(@_,2,8); ++} ++sub wfmxb { ++ vfm(@_,4,8); ++} ++ ++sub vfmasb { ++ vfma(@_,0,2); ++} ++sub wfmasb { ++ vfma(@_,8,2); ++} ++sub wfmaxb { ++ vfma(@_,8,4); ++} ++ ++sub vfmssb { ++ vfms(@_,0,2); ++} ++sub wfmssb { ++ vfms(@_,8,2); ++} ++sub wfmsxb { ++ vfms(@_,8,4); ++} ++ ++sub vfnma { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRe(0xe79f,@_); ++} ++sub vfnmasb { ++ vfnma(@_,0,2); ++} ++sub vfnmadb { ++ vfnma(@_,0,3); ++} ++sub wfnmasb { ++ vfnma(@_,8,2); ++} ++sub wfnmadb { ++ vfnma(@_,8,3); ++} ++sub wfnmaxb { ++ vfnma(@_,8,4); ++} ++ ++sub vfnms { ++ confess(err("ARGNUM")) if ($#_!=5); ++ VRRe(0xe79e,@_); ++} ++sub vfnmssb { ++ vfnms(@_,0,2); ++} ++sub vfnmsdb { ++ vfnms(@_,0,3); ++} ++sub wfnmssb { ++ vfnms(@_,8,2); ++} ++sub wfnmsdb { ++ vfnms(@_,8,3); ++} ++sub wfnmsxb { ++ vfnms(@_,8,4); ++} ++ ++sub vfpsosb { ++ vfpso(@_[0..1],2,0,$_[2]); ++} ++sub wfpsosb { ++ vfpso(@_[0..1],2,8,$_[2]); ++} ++sub vflcsb { ++ vfpso(@_,2,0,0); ++} ++sub wflcsb { ++ vfpso(@_,2,8,0); ++} ++sub vflnsb { ++ vfpso(@_,2,0,1); ++} ++sub wflnsb { ++ vfpso(@_,2,8,1); ++} ++sub vflpsb { ++ vfpso(@_,2,0,2); ++} ++sub wflpsb { ++ vfpso(@_,2,8,2); ++} ++sub vfpsoxb { ++ vfpso(@_[0..1],4,0,$_[2]); ++} ++sub wfpsoxb { ++ vfpso(@_[0..1],4,8,$_[2]); ++} ++sub vflcxb { ++ vfpso(@_,4,0,0); ++} ++sub wflcxb { ++ vfpso(@_,4,8,0); ++} ++sub vflnxb { ++ vfpso(@_,4,0,1); ++} ++sub wflnxb { ++ vfpso(@_,4,8,1); ++} ++sub vflpxb { ++ vfpso(@_,4,0,2); ++} ++sub wflpxb { ++ vfpso(@_,4,8,2); ++} ++ ++sub vfsqsb { ++ vfsq(@_,2,0); ++} ++sub wfsqsb { ++ vfsq(@_,2,8); ++} ++sub wfsqxb { ++ vfsq(@_,4,8); ++} ++ ++sub vfssb { ++ vfs(@_,2,0); ++} ++sub wfssb { ++ vfs(@_,2,8); ++} ++sub wfsxb { ++ vfs(@_,4,8); ++} ++ ++sub vftcisb { ++ vftci(@_,2,0); ++} ++sub wftcisb { ++ vftci(@_,2,8); ++} ++sub wftcixb { ++ vftci(@_,4,8); ++} ++ ++# VXD - Support Instructions ++ ++sub vlrlr { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRSd(0xe637,@_); ++} ++ ++sub vlrl { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VSI(0xe635,@_); ++} ++ ++sub vstrlr { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRSd(0xe63f,@_); ++} ++ ++sub vstrl { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VSI(0xe63d,@_); ++} ++ ++sub vap { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIf(0xe671,@_); ++} ++ ++sub vcp { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRh(0xe677,@_); ++} ++ ++sub vcvb { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRi(0xe650,@_); ++} ++ ++sub vcvbg { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRRi(0xe652,@_); ++} ++ ++sub vcvd { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRIi(0xe658,@_); ++} ++ ++sub vcvdg { ++ confess(err("ARGNUM")) if ($#_!=3); ++ VRIi(0xe65a,@_); ++} ++ ++sub vdp { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIf(0xe67a,@_); ++} ++ ++sub vlip { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VRIh(0xe649,@_); ++} ++ ++sub vmp { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIf(0xe678,@_); ++} ++ ++sub vmsp { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIf(0xe679,@_); ++} ++ ++sub vpkz { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VSI(0xe634,@_); ++} ++ ++sub vpsop { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIg(0xe65b,@_); ++} ++ ++sub vrp { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIf(0xe67b,@_); ++} ++ ++sub vsdp { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIf(0xe67e,@_); ++} ++ ++sub vsrp { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIg(0xe659,@_); ++} ++ ++sub vsp { ++ confess(err("ARGNUM")) if ($#_!=4); ++ VRIf(0xe673,@_); ++} ++ ++sub vtp { ++ confess(err("ARGNUM")) if ($#_!=0); ++ VRRg(0xe65f,@_); ++} ++ ++sub vupkz { ++ confess(err("ARGNUM")) if ($#_!=2); ++ VSI(0xe63c,@_); ++} ++ ++# ++# Instruction Formats ++# ++ ++sub RRE { ++ confess(err("ARGNUM")) if ($#_<0||2<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$r1,$r2)=(shift,get_R(shift),get_R(shift)); ++ ++ $out.="\t.long\t".sprintf("%#010x",($opcode<<16|$r1<<4|$r2)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub RRFb { ++ confess(err("ARGNUM")) if ($#_<3||4<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$r1,$r3,$r2,$m4)=(shift,get_R(shift),get_R(shift) ++ ,get_R(shift),get_M(shift)); ++ ++ $out.="\t.long\t" ++ .sprintf("%#010x",($opcode<<16|$r3<<12|$m4<<8|$r1<<4|$r2)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub S { ++ confess(err("ARGNUM")) if ($#_<0||1<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$d2,$b2)=(shift,get_DB(shift)); ++ ++ $out.="\t.long\t".sprintf("%#010x",($opcode<<16|$b2<<12|$d2)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRIa { ++ confess(err("ARGNUM")) if ($#_<2||3<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$i2,$m3)=(shift,get_V(shift),get_I(shift,16), ++ get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)).","; ++ $out.=sprintf("%#06x",$i2).","; ++ $out.=sprintf("%#06x",($m3<<12|RXB($v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRIb { ++ confess(err("ARGNUM")) if ($#_!=4); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$i2,$i3,$m4)=(shift,get_V(shift),get_I(shift,8), ++ ,get_I(shift,8),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)).","; ++ $out.=sprintf("%#06x",($i2<<8|$i3)).","; ++ $out.=sprintf("%#06x",($m4<<12|RXB($v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRIc { ++ confess(err("ARGNUM")) if ($#_!=4); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v3,$i2,$m4)=(shift,get_V(shift),get_V(shift), ++ ,get_I(shift,16),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v3&0xf)).","; ++ $out.=sprintf("%#06x",$i2).","; ++ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v3)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRId { ++ confess(err("ARGNUM")) if ($#_<4||$#_>5); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$v3,$i4,$m5)=(shift,get_V(shift),get_V(shift), ++ ,get_V(shift),get_I(shift,8),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).","; ++ $out.=sprintf("%#06x",(($v3&0xf)<<12|$i4)).","; ++ $out.=sprintf("%#06x",($m5<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRIe { ++ confess(err("ARGNUM")) if ($#_!=5); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$i3,$m4,$m5)=(shift,get_V(shift),get_V(shift), ++ ,get_I(shift,12),get_M(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).","; ++ $out.=sprintf("%#06x",($i3<<4|$m5)).","; ++ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v2)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRIf { ++ confess(err("ARGNUM")) if ($#_!=5); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$v3,$i4,$m5)=(shift,get_V(shift),get_V(shift), ++ ,get_V(shift),get_I(shift,8),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).","; ++ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m5<<4)|$i4>>4).","; ++ $out.=sprintf("%#06x",(($i4&0xf)<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRIg { ++ confess(err("ARGNUM")) if ($#_!=5); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$i3,$i4,$m5)=(shift,get_V(shift),get_V(shift), ++ ,get_I(shift,8),get_I(shift,8),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).","; ++ $out.=sprintf("%#06x",($i4<<8|$m5<<4|$i3>>4)).","; ++ $out.=sprintf("%#06x",(($i3&0xf)<<12|RXB($v1,$v2)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRIh { ++ confess(err("ARGNUM")) if ($#_!=3); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$i2,$i3)=(shift,get_V(shift),get_I(shift,16), ++ get_I(shift,4)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)).","; ++ $out.=sprintf("%#06x",$i2).","; ++ $out.=sprintf("%#06x",($i3<<12|RXB($v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRIi { ++ confess(err("ARGNUM")) if ($#_!=4); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$r2,$i3,$m4)=(shift,get_V(shift),get_R(shift), ++ ,get_I(shift,8),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|$r2).","; ++ $out.=sprintf("%#06x",($m4<<4|$i3>>4)).","; ++ $out.=sprintf("%#06x",(($i3&0xf)<<12|RXB($v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRa { ++ confess(err("ARGNUM")) if ($#_<2||5<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$m3,$m4,$m5)=(shift,get_V(shift),get_V(shift), ++ get_M(shift),get_M(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; ++ $out.=sprintf("%#06x",($m5<<4|$m4)).","; ++ $out.=sprintf("%#06x",($m3<<12|RXB($v1,$v2)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRb { ++ confess(err("ARGNUM")) if ($#_<3||5<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$v3,$m4,$m5)=(shift,get_V(shift),get_V(shift), ++ get_V(shift),get_M(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; ++ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m5<<4)).","; ++ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRc { ++ confess(err("ARGNUM")) if ($#_<3||6<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$v3,$m4,$m5,$m6)=(shift,get_V(shift),get_V(shift), ++ get_V(shift),get_M(shift),get_M(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; ++ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m6<<4|$m5)).","; ++ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRd { ++ confess(err("ARGNUM")) if ($#_<4||6<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$v3,$v4,$m5,$m6)=(shift,get_V(shift),get_V(shift), ++ get_V(shift),get_V(shift),get_M(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; ++ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m5<<8|$m6<<4)).","; ++ $out.=sprintf("%#06x",(($v4&0xf)<<12|RXB($v1,$v2,$v3,$v4)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRe { ++ confess(err("ARGNUM")) if ($#_<4||6<$#_); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$v3,$v4,$m5,$m6)=(shift,get_V(shift),get_V(shift), ++ get_V(shift),get_V(shift),get_M(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; ++ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m6<<8|$m5)).","; ++ $out.=sprintf("%#06x",(($v4&0xf)<<12|RXB($v1,$v2,$v3,$v4)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRf { ++ confess(err("ARGNUM")) if ($#_!=3); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$r2,$r3)=(shift,get_V(shift),get_R(shift), ++ get_R(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|$r2)).","; ++ $out.=sprintf("%#06x",($r3<<12)).","; ++ $out.=sprintf("%#06x",(RXB($v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRg { ++ confess(err("ARGNUM")) if ($#_!=1); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1)=(shift,get_V(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf))).","; ++ $out.=sprintf("%#06x",0x0000).","; ++ $out.=sprintf("%#06x",(RXB(0,$v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRh { ++ confess(err("ARGNUM")) if ($#_<2||$#_>3); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v2,$m3)=(shift,get_V(shift),get_V(shift), ++ get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf))).","; ++ $out.=sprintf("%#06x",(($v2&0xf)<<12|$m3<<4)).","; ++ $out.=sprintf("%#06x",(RXB(0,$v1,$v2)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRRi { ++ confess(err("ARGNUM")) if ($#_!=3); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$r1,$v2,$m3)=(shift,get_R(shift),get_V(shift), ++ get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|$r1<<4|($v2&0xf))).","; ++ $out.=sprintf("%#06x",($m3<<4))."\,"; ++ $out.=sprintf("%#06x",(RXB(0,$v2)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRSa { ++ confess(err("ARGNUM")) if ($#_<3||$#_>4); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$v3,$d2,$b2,$m4)=(shift,get_V(shift),get_V(shift), ++ get_DB(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v3&0xf))).","; ++ $out.=sprintf("%#06x",($b2<<12|$d2)).","; ++ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v3)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRSb { ++ confess(err("ARGNUM")) if ($#_<3||$#_>4); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$r3,$d2,$b2,$m4)=(shift,get_V(shift),get_R(shift), ++ get_DB(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|$r3)).","; ++ $out.=sprintf("%#06x",($b2<<12|$d2)).","; ++ $out.=sprintf("%#06x",($m4<<12|RXB($v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRSc { ++ confess(err("ARGNUM")) if ($#_!=4); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$r1,$v3,$d2,$b2,$m4)=(shift,get_R(shift),get_V(shift), ++ get_DB(shift),get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|$r1<<4|($v3&0xf))).","; ++ $out.=sprintf("%#06x",($b2<<12|$d2)).","; ++ $out.=sprintf("%#06x",($m4<<12|RXB(0,$v3)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRSd { ++ confess(err("ARGNUM")) if ($#_!=3); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$r3,$d2,$b2)=(shift,get_V(shift),get_R(shift), ++ get_DB(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|$r3)).","; ++ $out.=sprintf("%#06x",($b2<<12|$d2)).","; ++ $out.=sprintf("%#06x",(($v1&0xf)<<12|RXB(0,0,0,$v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRV { ++ confess(err("ARGNUM")) if ($#_<2||$#_>3); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$d2,$v2,$b2,$m3)=(shift,get_V(shift),get_DVB(shift), ++ get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; ++ $out.=sprintf("%#06x",($b2<<12|$d2)).","; ++ $out.=sprintf("%#06x",($m3<<12|RXB($v1,$v2)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VRX { ++ confess(err("ARGNUM")) if ($#_<2||$#_>3); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$d2,$x2,$b2,$m3)=(shift,get_V(shift),get_DXB(shift), ++ get_M(shift)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($x2))).","; ++ $out.=sprintf("%#06x",($b2<<12|$d2)).","; ++ $out.=sprintf("%#06x",($m3<<12|RXB($v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++sub VSI { ++ confess(err("ARGNUM")) if ($#_!=3); ++ my $ops=join(',',@_[1..$#_]); ++ my $memn=(caller(1))[3]; ++ $memn=~s/^.*:://; ++ my ($opcode,$v1,$d2,$b2,$i3)=(shift,get_V(shift),get_DB(shift), ++ get_I(shift,8)); ++ ++ $out.="\t.word\t"; ++ $out.=sprintf("%#06x",($opcode&0xff00|$i3)).","; ++ $out.=sprintf("%#06x",($b2<<12|$d2)).","; ++ $out.=sprintf("%#06x",(($v1&0xf)<<12|RXB(0,0,0,$v1)<<8|$opcode&0xff)); ++ $out.="\t# $memn\t$ops\n" ++} ++ ++# ++# Internal ++# ++ ++sub get_R { ++ confess(err("ARGNUM")) if ($#_!=0); ++ my $r; ++ ++ for (shift) { ++ if (!defined) { ++ $r=0; ++ } elsif (/^$GR$/) { ++ $r=$1; ++ } else { ++ confess(err("PARSE")); ++ } ++ } ++ confess(err("ARGRANGE")) if ($r&~0xf); ++ ++ return $r; ++} ++ ++sub get_V { ++ confess(err("ARGNUM")) if ($#_!=0); ++ my $v; ++ ++ for (shift) { ++ if (!defined) { ++ $v=0; ++ } elsif (/^$VR$/) { ++ $v=$1; ++ } else { ++ confess(err("PARSE")); ++ } ++ } ++ confess(err("ARGRANGE")) if ($v&~0x1f); ++ ++ return $v; ++} ++ ++sub get_I { ++ confess(err("ARGNUM")) if ($#_!=1); ++ my ($i,$bits)=(shift,shift); ++ ++ $i=defined($i)?(eval($i)):(0); ++ confess(err("PARSE")) if (!defined($i)); ++ confess(err("ARGRANGE")) if (abs($i)&~(2**$bits-1)); ++ ++ return $i&(2**$bits-1); ++} ++ ++sub get_M { ++ confess(err("ARGNUM")) if ($#_!=0); ++ my $m=shift; ++ ++ $m=defined($m)?(eval($m)):(0); ++ confess(err("PARSE")) if (!defined($m)); ++ confess(err("ARGRANGE")) if ($m&~0xf); ++ ++ return $m; ++} ++ ++sub get_DB ++{ ++ confess(err("ARGNUM")) if ($#_!=0); ++ my ($d,$b); ++ ++ for (shift) { ++ if (!defined) { ++ ($d,$b)=(0,0); ++ } elsif (/^(.+)\($GR\)$/) { ++ ($d,$b)=(eval($1),$2); ++ confess(err("PARSE")) if (!defined($d)); ++ } elsif (/^(.+)$/) { ++ ($d,$b)=(eval($1),0); ++ confess(err("PARSE")) if (!defined($d)); ++ } else { ++ confess(err("PARSE")); ++ } ++ } ++ confess(err("ARGRANGE")) if ($d&~0xfff||$b&~0xf); ++ ++ return ($d,$b); ++} ++ ++sub get_DVB ++{ ++ confess(err("ARGNUM")) if ($#_!=0); ++ my ($d,$v,$b); ++ ++ for (shift) { ++ if (!defined) { ++ ($d,$v,$b)=(0,0,0); ++ } elsif (/^(.+)\($VR,$GR\)$/) { ++ ($d,$v,$b)=(eval($1),$2,$3); ++ confess(err("PARSE")) if (!defined($d)); ++ } elsif (/^(.+)\($GR\)$/) { ++ ($d,$v,$b)=(eval($1),0,$2); ++ confess(err("PARSE")) if (!defined($d)); ++ } elsif (/^(.+)$/) { ++ ($d,$v,$b)=(eval($1),0,0); ++ confess(err("PARSE")) if (!defined($d)); ++ } else { ++ confess(err("PARSE")); ++ } ++ } ++ confess(err("ARGRANGE")) if ($d&~0xfff||$v&~0x1f||$b&~0xf); ++ ++ return ($d,$v,$b); ++} ++ ++sub get_DXB ++{ ++ confess(err("ARGNUM")) if ($#_!=0); ++ my ($d,$x,$b); ++ ++ for (shift) { ++ if (!defined) { ++ ($d,$x,$b)=(0,0,0); ++ } elsif (/^(.+)\($GR,$GR\)$/) { ++ ($d,$x,$b)=(eval($1),$2,$3); ++ confess(err("PARSE")) if (!defined($d)); ++ } elsif (/^(.+)\($GR\)$/) { ++ ($d,$x,$b)=(eval($1),0,$2); ++ confess(err("PARSE")) if (!defined($d)); ++ } elsif (/^(.+)$/) { ++ ($d,$x,$b)=(eval($1),0,0); ++ confess(err("PARSE")) if (!defined($d)); ++ } else { ++ confess(err("PARSE")); ++ } ++ } ++ confess(err("ARGRANGE")) if ($d&~0xfff||$x&~0xf||$b&~0xf); ++ ++ return ($d,$x,$b); ++} ++ ++sub RXB ++{ ++ confess(err("ARGNUM")) if ($#_<0||3<$#_); ++ my $rxb=0; ++ ++ $rxb|=0x08 if (defined($_[0])&&($_[0]&0x10)); ++ $rxb|=0x04 if (defined($_[1])&&($_[1]&0x10)); ++ $rxb|=0x02 if (defined($_[2])&&($_[2]&0x10)); ++ $rxb|=0x01 if (defined($_[3])&&($_[3]&0x10)); ++ ++ return $rxb; ++} ++ ++sub err { ++ my %ERR = ++ ( ++ ARGNUM => 'Wrong number of arguments', ++ ARGRANGE=> 'Argument out of range', ++ PARSE => 'Parse error', ++ ); ++ confess($ERR{ARGNUM}) if ($#_!=0); ++ ++ return $ERR{$_[0]}; ++} ++ ++1; +diff -up openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl +--- openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl 2019-05-06 10:54:00.036367588 +0200 +@@ -24,204 +24,961 @@ + # + # On side note, z13 enables vector base 2^26 implementation... + +-$flavour = shift; ++# ++# January 2019 ++# ++# Add vx code path (base 2^26). ++# ++# Copyright IBM Corp. 2019 ++# Author: Patrick Steuer ++ ++# ++# January 2019 ++# ++# Add vector base 2^26 implementation. It's problematic to accurately ++# measure performance, because reference system is hardly idle. But ++# it's sub-cycle, i.e. less than 1 cycle per processed byte, and it's ++# >=20% faster than IBM's submission on long inputs, and much faster on ++# short ones, because calculation of key powers is postponed till we ++# know that input is long enough to justify the additional overhead. ++ ++use strict; ++use FindBin qw($Bin); ++use lib "$Bin/../.."; ++use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE); ++ ++my $flavour = shift; + ++my ($z,$SIZE_T); + if ($flavour =~ /3[12]/) { ++ $z=0; # S/390 ABI + $SIZE_T=4; +- $g=""; + } else { ++ $z=1; # zSeries ABI + $SIZE_T=8; +- $g="g"; + } + ++my $output; + while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} +-open STDOUT,">$output"; + +-$sp="%r15"; ++my $stdframe=16*$SIZE_T+4*8; ++my $sp="%r15"; + + my ($ctx,$inp,$len,$padbit) = map("%r$_",(2..5)); + +-$code.=<<___; +-.text ++PERLASM_BEGIN($output); + +-.globl poly1305_init +-.type poly1305_init,\@function +-.align 16 +-poly1305_init: +- lghi %r0,0 +- lghi %r1,-1 +- stg %r0,0($ctx) # zero hash value +- stg %r0,8($ctx) +- stg %r0,16($ctx) +- +- cl${g}r $inp,%r0 +- je .Lno_key +- +- lrvg %r4,0($inp) # load little-endian key +- lrvg %r5,8($inp) +- +- nihl %r1,0xffc0 # 0xffffffc0ffffffff +- srlg %r0,%r1,4 # 0x0ffffffc0fffffff +- srlg %r1,%r1,4 +- nill %r1,0xfffc # 0x0ffffffc0ffffffc +- +- ngr %r4,%r0 +- ngr %r5,%r1 +- +- stg %r4,32($ctx) +- stg %r5,40($ctx) +- +-.Lno_key: +- lghi %r2,0 +- br %r14 +-.size poly1305_init,.-poly1305_init +-___ ++INCLUDE ("s390x_arch.h"); ++TEXT (); ++ ++################ ++# static void poly1305_init(void *ctx, const unsigned char key[16]) ++{ ++GLOBL ("poly1305_init"); ++TYPE ("poly1305_init","\@function"); ++ALIGN (16); ++LABEL ("poly1305_init"); ++ lghi ("%r0",0); ++ lghi ("%r1",-1); ++ stg ("%r0","0($ctx)"); # zero hash value ++ stg ("%r0","8($ctx)"); ++ stg ("%r0","16($ctx)"); ++ st ("%r0","24($ctx)"); # clear is_base2_26 ++ lgr ("%r5",$ctx); # reassign $ctx ++ lghi ("%r2",0); ++ ++&{$z? \&clgr:\&clr} ($inp,"%r0"); ++ je (".Lno_key"); ++ ++ lrvg ("%r2","0($inp)"); # load little-endian key ++ lrvg ("%r3","8($inp)"); ++ ++ nihl ("%r1",0xffc0); # 0xffffffc0ffffffff ++ srlg ("%r0","%r1",4); # 0x0ffffffc0fffffff ++ srlg ("%r1","%r1",4); ++ nill ("%r1",0xfffc); # 0x0ffffffc0ffffffc ++ ++ ngr ("%r2","%r0"); ++ ngr ("%r3","%r1"); ++ ++ stmg ("%r2","%r3","32(%r5)"); ++ ++ larl ("%r1","OPENSSL_s390xcap_P"); ++ lg ("%r0","16(%r1)"); ++ srlg ("%r0","%r0",62); ++ nill ("%r0",1); # extract vx bit ++ lcgr ("%r0","%r0"); ++ larl ("%r1",".Lpoly1305_blocks"); ++ larl ("%r2",".Lpoly1305_blocks_vx"); ++ larl ("%r3",".Lpoly1305_emit"); ++&{$z? \&xgr:\&xr} ("%r2","%r1"); # select between scalar and vector ++&{$z? \&ngr:\&nr} ("%r2","%r0"); ++&{$z? \&xgr:\&xr} ("%r2","%r1"); ++&{$z? \&stmg:\&stm} ("%r2","%r3","0(%r4)"); ++ lghi ("%r2",1); ++LABEL (".Lno_key"); ++ br ("%r14"); ++SIZE ("poly1305_init",".-poly1305_init"); ++} ++ ++################ ++# static void poly1305_blocks(void *ctx, const unsigned char *inp, ++# size_t len, u32 padbit) + { + my ($d0hi,$d0lo,$d1hi,$d1lo,$t0,$h0,$t1,$h1,$h2) = map("%r$_",(6..14)); + my ($r0,$r1,$s1) = map("%r$_",(0..2)); + +-$code.=<<___; +-.globl poly1305_blocks +-.type poly1305_blocks,\@function +-.align 16 +-poly1305_blocks: +- srl${g} $len,4 # fixed-up in 64-bit build +- lghi %r0,0 +- cl${g}r $len,%r0 +- je .Lno_data +- +- stm${g} %r6,%r14,`6*$SIZE_T`($sp) +- +- llgfr $padbit,$padbit # clear upper half, much needed with +- # non-64-bit ABI +- lg $r0,32($ctx) # load key +- lg $r1,40($ctx) +- +- lg $h0,0($ctx) # load hash value +- lg $h1,8($ctx) +- lg $h2,16($ctx) +- +- st$g $ctx,`2*$SIZE_T`($sp) # off-load $ctx +- srlg $s1,$r1,2 +- algr $s1,$r1 # s1 = r1 + r1>>2 +- j .Loop +- +-.align 16 +-.Loop: +- lrvg $d0lo,0($inp) # load little-endian input +- lrvg $d1lo,8($inp) +- la $inp,16($inp) +- +- algr $d0lo,$h0 # accumulate input +- alcgr $d1lo,$h1 +- +- lgr $h0,$d0lo +- mlgr $d0hi,$r0 # h0*r0 -> $d0hi:$d0lo +- lgr $h1,$d1lo +- mlgr $d1hi,$s1 # h1*5*r1 -> $d1hi:$d1lo +- +- mlgr $t0,$r1 # h0*r1 -> $t0:$h0 +- mlgr $t1,$r0 # h1*r0 -> $t1:$h1 +- alcgr $h2,$padbit +- +- algr $d0lo,$d1lo +- lgr $d1lo,$h2 +- alcgr $d0hi,$d1hi +- lghi $d1hi,0 +- +- algr $h1,$h0 +- alcgr $t1,$t0 +- +- msgr $d1lo,$s1 # h2*s1 +- msgr $h2,$r0 # h2*r0 +- +- algr $h1,$d1lo +- alcgr $t1,$d1hi # $d1hi is zero +- +- algr $h1,$d0hi +- alcgr $h2,$t1 +- +- lghi $h0,-4 # final reduction step +- ngr $h0,$h2 +- srlg $t0,$h2,2 +- algr $h0,$t0 +- lghi $t1,3 +- ngr $h2,$t1 +- +- algr $h0,$d0lo +- alcgr $h1,$d1hi # $d1hi is still zero +- alcgr $h2,$d1hi # $d1hi is still zero +- +- brct$g $len,.Loop +- +- l$g $ctx,`2*$SIZE_T`($sp) # restore $ctx +- +- stg $h0,0($ctx) # store hash value +- stg $h1,8($ctx) +- stg $h2,16($ctx) +- +- lm${g} %r6,%r14,`6*$SIZE_T`($sp) +-.Lno_data: +- br %r14 +-.size poly1305_blocks,.-poly1305_blocks +-___ ++GLOBL ("poly1305_blocks"); ++TYPE ("poly1305_blocks","\@function"); ++ALIGN (16); ++LABEL ("poly1305_blocks"); ++LABEL (".Lpoly1305_blocks"); ++&{$z? \<gr:\<r} ("%r0",$len); ++ jz (".Lno_data"); ++ ++&{$z? \&stmg:\&stm} ("%r6","%r14","6*$SIZE_T($sp)"); ++ ++ lg ($h0,"0($ctx)"); # load hash value ++ lg ($h1,"8($ctx)"); ++ lg ($h2,"16($ctx)"); ++ ++LABEL (".Lpoly1305_blocks_entry"); ++if ($z) { ++ srlg ($len,$len,4); ++} else { ++ srl ($len,4); ++} ++ llgfr ($padbit,$padbit); # clear upper half, much needed with ++ # non-64-bit ABI ++ lg ($r0,"32($ctx)"); # load key ++ lg ($r1,"40($ctx)"); ++ ++&{$z? \&stg:\&st} ($ctx,"2*$SIZE_T($sp)"); # off-load $ctx ++ srlg ($s1,$r1,2); ++ algr ($s1,$r1); # s1 = r1 + r1>>2 ++ j (".Loop"); ++ ++ALIGN (16); ++LABEL (".Loop"); ++ lrvg ($d0lo,"0($inp)"); # load little-endian input ++ lrvg ($d1lo,"8($inp)"); ++ la ($inp,"16($inp)"); ++ ++ algr ($d0lo,$h0); # accumulate input ++ alcgr ($d1lo,$h1); ++ alcgr ($h2,$padbit); ++ ++ lgr ($h0,$d0lo); ++ mlgr ($d0hi,$r0); # h0*r0 -> $d0hi:$d0lo ++ lgr ($h1,$d1lo); ++ mlgr ($d1hi,$s1); # h1*5*r1 -> $d1hi:$d1lo ++ ++ mlgr ($t0,$r1); # h0*r1 -> $t0:$h0 ++ mlgr ($t1,$r0); # h1*r0 -> $t1:$h1 ++ ++ algr ($d0lo,$d1lo); ++ lgr ($d1lo,$h2); ++ alcgr ($d0hi,$d1hi); ++ lghi ($d1hi,0); ++ ++ algr ($h1,$h0); ++ alcgr ($t1,$t0); ++ ++ msgr ($d1lo,$s1); # h2*s1 ++ msgr ($h2,$r0); # h2*r0 ++ ++ algr ($h1,$d1lo); ++ alcgr ($t1,$d1hi); # $d1hi is zero ++ ++ algr ($h1,$d0hi); ++ alcgr ($h2,$t1); ++ ++ lghi ($h0,-4); # final reduction step ++ ngr ($h0,$h2); ++ srlg ($t0,$h2,2); ++ algr ($h0,$t0); ++ lghi ($t1,3); ++ ngr ($h2,$t1); ++ ++ algr ($h0,$d0lo); ++ alcgr ($h1,$d1hi); # $d1hi is still zero ++ alcgr ($h2,$d1hi); # $d1hi is still zero ++ ++&{$z? \&brctg:\&brct} ($len,".Loop"); ++ ++&{$z? \&lg:\&l} ($ctx,"2*$SIZE_T($sp)");# restore $ctx ++ ++ stg ($h0,"0($ctx)"); # store hash value ++ stg ($h1,"8($ctx)"); ++ stg ($h2,"16($ctx)"); ++ ++&{$z? \&lmg:\&lm} ("%r6","%r14","6*$SIZE_T($sp)"); ++LABEL (".Lno_data"); ++ br ("%r14"); ++SIZE ("poly1305_blocks",".-poly1305_blocks"); + } ++ ++################ ++# static void poly1305_blocks_vx(void *ctx, const unsigned char *inp, ++# size_t len, u32 padbit) ++{ ++my ($H0, $H1, $H2, $H3, $H4) = map("%v$_",(0..4)); ++my ($I0, $I1, $I2, $I3, $I4) = map("%v$_",(5..9)); ++my ($R0, $R1, $S1, $R2, $S2) = map("%v$_",(10..14)); ++my ($R3, $S3, $R4, $S4) = map("%v$_",(15..18)); ++my ($ACC0, $ACC1, $ACC2, $ACC3, $ACC4) = map("%v$_",(19..23)); ++my ($T1, $T2, $T3, $T4) = map("%v$_",(24..27)); ++my ($mask26,$bswaplo,$bswaphi,$bswapmi) = map("%v$_",(28..31)); ++ ++my ($d2,$d0,$h0,$d1,$h1,$h2)=map("%r$_",(9..14)); ++ ++TYPE ("poly1305_blocks_vx","\@function"); ++ALIGN (16); ++LABEL ("poly1305_blocks_vx"); ++LABEL (".Lpoly1305_blocks_vx"); ++&{$z? \&clgfi:\&clfi} ($len,128); ++ jhe ("__poly1305_blocks_vx"); ++ ++&{$z? \&stmg:\&stm} ("%r6","%r14","6*$SIZE_T($sp)"); ++ ++ lg ($d0,"0($ctx)"); ++ lg ($d1,"8($ctx)"); ++ lg ($d2,"16($ctx)"); ++ ++ llgfr ("%r0",$d0); # base 2^26 -> base 2^64 ++ srlg ($h0,$d0,32); ++ llgfr ("%r1",$d1); ++ srlg ($h1,$d1,32); ++ srlg ($h2,$d2,32); ++ ++ sllg ("%r0","%r0",26); ++ algr ($h0,"%r0"); ++ sllg ("%r0",$h1,52); ++ srlg ($h1,$h1,12); ++ sllg ("%r1","%r1",14); ++ algr ($h0,"%r0"); ++ alcgr ($h1,"%r1"); ++ sllg ("%r0",$h2,40); ++ srlg ($h2,$h2,24); ++ lghi ("%r1",0); ++ algr ($h1,"%r0"); ++ alcgr ($h2,"%r1"); ++ ++ llgf ("%r0","24($ctx)"); # is_base2_26 ++ lcgr ("%r0","%r0"); ++ ++ xgr ($h0,$d0); # choose between radixes ++ xgr ($h1,$d1); ++ xgr ($h2,$d2); ++ ngr ($h0,"%r0"); ++ ngr ($h1,"%r0"); ++ ngr ($h2,"%r0"); ++ xgr ($h0,$d0); ++ xgr ($h1,$d1); ++ xgr ($h2,$d2); ++ ++ lhi ("%r0",0); ++ st ("%r0","24($ctx)"); # clear is_base2_26 ++ ++ j (".Lpoly1305_blocks_entry"); ++SIZE ("poly1305_blocks_vx",".-poly1305_blocks_vx"); ++ ++TYPE ("__poly1305_mul","\@function"); ++ALIGN (16); ++LABEL ("__poly1305_mul"); ++ vmlof ($ACC0,$H0,$R0); ++ vmlof ($ACC1,$H0,$R1); ++ vmlof ($ACC2,$H0,$R2); ++ vmlof ($ACC3,$H0,$R3); ++ vmlof ($ACC4,$H0,$R4); ++ ++ vmalof ($ACC0,$H1,$S4,$ACC0); ++ vmalof ($ACC1,$H1,$R0,$ACC1); ++ vmalof ($ACC2,$H1,$R1,$ACC2); ++ vmalof ($ACC3,$H1,$R2,$ACC3); ++ vmalof ($ACC4,$H1,$R3,$ACC4); ++ ++ vmalof ($ACC0,$H2,$S3,$ACC0); ++ vmalof ($ACC1,$H2,$S4,$ACC1); ++ vmalof ($ACC2,$H2,$R0,$ACC2); ++ vmalof ($ACC3,$H2,$R1,$ACC3); ++ vmalof ($ACC4,$H2,$R2,$ACC4); ++ ++ vmalof ($ACC0,$H3,$S2,$ACC0); ++ vmalof ($ACC1,$H3,$S3,$ACC1); ++ vmalof ($ACC2,$H3,$S4,$ACC2); ++ vmalof ($ACC3,$H3,$R0,$ACC3); ++ vmalof ($ACC4,$H3,$R1,$ACC4); ++ ++ vmalof ($ACC0,$H4,$S1,$ACC0); ++ vmalof ($ACC1,$H4,$S2,$ACC1); ++ vmalof ($ACC2,$H4,$S3,$ACC2); ++ vmalof ($ACC3,$H4,$S4,$ACC3); ++ vmalof ($ACC4,$H4,$R0,$ACC4); ++ ++ ################################################################ ++ # lazy reduction ++ ++ vesrlg ($H4,$ACC3,26); ++ vesrlg ($H1,$ACC0,26); ++ vn ($H3,$ACC3,$mask26); ++ vn ($H0,$ACC0,$mask26); ++ vag ($H4,$H4,$ACC4); # h3 -> h4 ++ vag ($H1,$H1,$ACC1); # h0 -> h1 ++ ++ vesrlg ($ACC4,$H4,26); ++ vesrlg ($ACC1,$H1,26); ++ vn ($H4,$H4,$mask26); ++ vn ($H1,$H1,$mask26); ++ vag ($H0,$H0,$ACC4); ++ vag ($H2,$ACC2,$ACC1); # h1 -> h2 ++ ++ veslg ($ACC4,$ACC4,2); # <<2 ++ vesrlg ($ACC2,$H2,26); ++ vn ($H2,$H2,$mask26); ++ vag ($H0,$H0,$ACC4); # h4 -> h0 ++ vag ($H3,$H3,$ACC2); # h2 -> h3 ++ ++ vesrlg ($ACC0,$H0,26); ++ vesrlg ($ACC3,$H3,26); ++ vn ($H0,$H0,$mask26); ++ vn ($H3,$H3,$mask26); ++ vag ($H1,$H1,$ACC0); # h0 -> h1 ++ vag ($H4,$H4,$ACC3); # h3 -> h4 ++ br ("%r14"); ++SIZE ("__poly1305_mul",".-__poly1305_mul"); ++ ++TYPE ("__poly1305_blocks_vx","\@function"); ++ALIGN (16); ++LABEL ("__poly1305_blocks_vx"); ++&{$z? \&lgr:\&lr} ("%r0",$sp); ++&{$z? \&stmg:\&stm} ("%r10","%r15","10*$SIZE_T($sp)"); ++if (!$z) { ++ std ("%f4","16*$SIZE_T+2*8($sp)"); ++ std ("%f6","16*$SIZE_T+3*8($sp)"); ++ ahi ($sp,-$stdframe); ++ st ("%r0","0($sp)"); # back-chain ++ ++ llgfr ($len,$len); # so that srlg works on $len ++} else { ++ aghi ($sp,"-($stdframe+8*8)"); ++ stg ("%r0","0($sp)"); # back-chain ++ ++ std ("%f8","$stdframe+0*8($sp)"); ++ std ("%f9","$stdframe+1*8($sp)"); ++ std ("%f10","$stdframe+2*8($sp)"); ++ std ("%f11","$stdframe+3*8($sp)"); ++ std ("%f12","$stdframe+4*8($sp)"); ++ std ("%f13","$stdframe+5*8($sp)"); ++ std ("%f14","$stdframe+6*8($sp)"); ++ std ("%f15","$stdframe+7*8($sp)"); ++} ++ larl ("%r1",".Lconst"); ++ vgmg ($mask26,38,63); ++ vlm ($bswaplo,$bswapmi,"16(%r1)"); ++ ++ < ("%r0","24($ctx)"); # is_base2_26? ++ jnz (".Lskip_init"); ++ ++ lg ($h0,"32($ctx)"); # load key base 2^64 ++ lg ($h1,"40($ctx)"); ++ ++ risbg ($d0,$h0,38,0x80+63,38); # base 2^64 -> 2^26 ++ srlg ($d1,$h0,52); ++ risbg ($h0,$h0,38,0x80+63,0); ++ vlvgg ($R0,$h0,0); ++ risbg ($d1,$h1,38,51,12); ++ vlvgg ($R1,$d0,0); ++ risbg ($d0,$h1,38,63,50); ++ vlvgg ($R2,$d1,0); ++ srlg ($d1,$h1,40); ++ vlvgg ($R3,$d0,0); ++ vlvgg ($R4,$d1,0); ++ ++ veslg ($S1,$R1,2); ++ veslg ($S2,$R2,2); ++ veslg ($S3,$R3,2); ++ veslg ($S4,$R4,2); ++ vlr ($H0,$R0); ++ vlr ($H1,$R1); ++ vlr ($H2,$R2); ++ vlr ($H3,$R3); ++ vlr ($H4,$R4); ++ vag ($S1,$S1,$R1); # * 5 ++ vag ($S2,$S2,$R2); ++ vag ($S3,$S3,$R3); ++ vag ($S4,$S4,$R4); ++ ++ brasl ("%r14","__poly1305_mul"); # r^1:- * r^1:- ++ ++ vpdi ($R0,$H0,$R0,0); # r^2:r^1 ++ vpdi ($R1,$H1,$R1,0); ++ vpdi ($R2,$H2,$R2,0); ++ vpdi ($R3,$H3,$R3,0); ++ vpdi ($R4,$H4,$R4,0); ++ vpdi ($H0,$H0,$H0,0); # r^2:r^2 ++ vpdi ($H1,$H1,$H1,0); ++ vpdi ($H2,$H2,$H2,0); ++ vpdi ($H3,$H3,$H3,0); ++ vpdi ($H4,$H4,$H4,0); ++ veslg ($S1,$R1,2); ++ veslg ($S2,$R2,2); ++ veslg ($S3,$R3,2); ++ veslg ($S4,$R4,2); ++ vag ($S1,$S1,$R1); # * 5 ++ vag ($S2,$S2,$R2); ++ vag ($S3,$S3,$R3); ++ vag ($S4,$S4,$R4); ++ ++ brasl ("%r14,__poly1305_mul"); # r^2:r^2 * r^2:r^1 ++ ++ vl ($I0,"0(%r1)"); # borrow $I0 ++ vperm ($R0,$R0,$H0,$I0); # r^2:r^4:r^1:r^3 ++ vperm ($R1,$R1,$H1,$I0); ++ vperm ($R2,$R2,$H2,$I0); ++ vperm ($R3,$R3,$H3,$I0); ++ vperm ($R4,$R4,$H4,$I0); ++ veslf ($S1,$R1,2); ++ veslf ($S2,$R2,2); ++ veslf ($S3,$R3,2); ++ veslf ($S4,$R4,2); ++ vaf ($S1,$S1,$R1); # * 5 ++ vaf ($S2,$S2,$R2); ++ vaf ($S3,$S3,$R3); ++ vaf ($S4,$S4,$R4); ++ ++ lg ($h0,"0($ctx)"); # load hash base 2^64 ++ lg ($h1,"8($ctx)"); ++ lg ($h2,"16($ctx)"); ++ ++ vzero ($H0); ++ vzero ($H1); ++ vzero ($H2); ++ vzero ($H3); ++ vzero ($H4); ++ ++ risbg ($d0,$h0,38,0x80+63,38); # base 2^64 -> 2^26 ++ srlg ($d1,$h0,52); ++ risbg ($h0,$h0,38,0x80+63,0); ++ vlvgg ($H0,$h0,0); ++ risbg ($d1,$h1,38,51,12); ++ vlvgg ($H1,$d0,0); ++ risbg ($d0,$h1,38,63,50); ++ vlvgg ($H2,$d1,0); ++ srlg ($d1,$h1,40); ++ vlvgg ($H3,$d0,0); ++ risbg ($d1,$h2,37,39,24); ++ vlvgg ($H4,$d1,0); ++ ++ lhi ("%r0",1); ++ st ("%r0","24($ctx)"); # set is_base2_26 ++ ++ vstm ($R0,$S4,"48($ctx)"); # save key schedule base 2^26 ++ ++ vpdi ($R0,$R0,$R0,0); # broadcast r^2:r^4 ++ vpdi ($R1,$R1,$R1,0); ++ vpdi ($S1,$S1,$S1,0); ++ vpdi ($R2,$R2,$R2,0); ++ vpdi ($S2,$S2,$S2,0); ++ vpdi ($R3,$R3,$R3,0); ++ vpdi ($S3,$S3,$S3,0); ++ vpdi ($R4,$R4,$R4,0); ++ vpdi ($S4,$S4,$S4,0); ++ ++ j (".Loaded_hash"); ++ ++ALIGN (16); ++LABEL (".Lskip_init"); ++ vllezf ($H0,"0($ctx)"); # load hash base 2^26 ++ vllezf ($H1,"4($ctx)"); ++ vllezf ($H2,"8($ctx)"); ++ vllezf ($H3,"12($ctx)"); ++ vllezf ($H4,"16($ctx)"); ++ ++ vlrepg ($R0,"0x30($ctx)"); # broadcast r^2:r^4 ++ vlrepg ($R1,"0x40($ctx)"); ++ vlrepg ($S1,"0x50($ctx)"); ++ vlrepg ($R2,"0x60($ctx)"); ++ vlrepg ($S2,"0x70($ctx)"); ++ vlrepg ($R3,"0x80($ctx)"); ++ vlrepg ($S3,"0x90($ctx)"); ++ vlrepg ($R4,"0xa0($ctx)"); ++ vlrepg ($S4,"0xb0($ctx)"); ++ ++LABEL (".Loaded_hash"); ++ vzero ($I1); ++ vzero ($I3); ++ ++ vlm ($T1,$T4,"0x00($inp)"); # load first input block ++ la ($inp,"0x40($inp)"); ++ vgmg ($mask26,6,31); ++ vgmf ($I4,5,5); # padbit<<2 ++ ++ vperm ($I0,$T3,$T4,$bswaplo); ++ vperm ($I2,$T3,$T4,$bswapmi); ++ vperm ($T3,$T3,$T4,$bswaphi); ++ ++ verimg ($I1,$I0,$mask26,6); # >>26 ++ veslg ($I0,$I0,32); ++ veslg ($I2,$I2,28); # >>4 ++ verimg ($I3,$T3,$mask26,18); # >>14 ++ verimg ($I4,$T3,$mask26,58); # >>38 ++ vn ($I0,$I0,$mask26); ++ vn ($I2,$I2,$mask26); ++ vesrlf ($I4,$I4,2); # >>2 ++ ++ vgmg ($mask26,38,63); ++ vperm ($T3,$T1,$T2,$bswaplo); ++ vperm ($T4,$T1,$T2,$bswaphi); ++ vperm ($T2,$T1,$T2,$bswapmi); ++ ++ verimg ($I0,$T3,$mask26,0); ++ verimg ($I1,$T3,$mask26,38); # >>26 ++ verimg ($I2,$T2,$mask26,60); # >>4 ++ verimg ($I3,$T4,$mask26,50); # >>14 ++ vesrlg ($T4,$T4,40); ++ vo ($I4,$I4,$T4); ++ ++ srlg ("%r0",$len,6); ++&{$z? \&aghi:\&ahi} ("%r0",-1); ++ ++ALIGN (16); ++LABEL (".Loop_vx"); ++ vmlef ($ACC0,$I0,$R0); ++ vmlef ($ACC1,$I0,$R1); ++ vmlef ($ACC2,$I0,$R2); ++ vmlef ($ACC3,$I0,$R3); ++ vmlef ($ACC4,$I0,$R4); ++ ++ vmalef ($ACC0,$I1,$S4,$ACC0); ++ vmalef ($ACC1,$I1,$R0,$ACC1); ++ vmalef ($ACC2,$I1,$R1,$ACC2); ++ vmalef ($ACC3,$I1,$R2,$ACC3); ++ vmalef ($ACC4,$I1,$R3,$ACC4); ++ ++ vaf ($H2,$H2,$I2); ++ vaf ($H0,$H0,$I0); ++ vaf ($H3,$H3,$I3); ++ vaf ($H1,$H1,$I1); ++ vaf ($H4,$H4,$I4); ++ ++ vmalef ($ACC0,$I2,$S3,$ACC0); ++ vmalef ($ACC1,$I2,$S4,$ACC1); ++ vmalef ($ACC2,$I2,$R0,$ACC2); ++ vmalef ($ACC3,$I2,$R1,$ACC3); ++ vmalef ($ACC4,$I2,$R2,$ACC4); ++ ++ vlm ($T1,$T4,"0x00($inp)"); # load next input block ++ la ($inp,"0x40($inp)"); ++ vgmg ($mask26,6,31); ++ ++ vmalef ($ACC0,$I3,$S2,$ACC0); ++ vmalef ($ACC1,$I3,$S3,$ACC1); ++ vmalef ($ACC2,$I3,$S4,$ACC2); ++ vmalef ($ACC3,$I3,$R0,$ACC3); ++ vmalef ($ACC4,$I3,$R1,$ACC4); ++ ++ vperm ($I0,$T3,$T4,$bswaplo); ++ vperm ($I2,$T3,$T4,$bswapmi); ++ vperm ($T3,$T3,$T4,$bswaphi); ++ ++ vmalef ($ACC0,$I4,$S1,$ACC0); ++ vmalef ($ACC1,$I4,$S2,$ACC1); ++ vmalef ($ACC2,$I4,$S3,$ACC2); ++ vmalef ($ACC3,$I4,$S4,$ACC3); ++ vmalef ($ACC4,$I4,$R0,$ACC4); ++ ++ verimg ($I1,$I0,$mask26,6); # >>26 ++ veslg ($I0,$I0,32); ++ veslg ($I2,$I2,28); # >>4 ++ verimg ($I3,$T3,$mask26,18); # >>14 ++ ++ vmalof ($ACC0,$H0,$R0,$ACC0); ++ vmalof ($ACC1,$H0,$R1,$ACC1); ++ vmalof ($ACC2,$H0,$R2,$ACC2); ++ vmalof ($ACC3,$H0,$R3,$ACC3); ++ vmalof ($ACC4,$H0,$R4,$ACC4); ++ ++ vgmf ($I4,5,5); # padbit<<2 ++ verimg ($I4,$T3,$mask26,58); # >>38 ++ vn ($I0,$I0,$mask26); ++ vn ($I2,$I2,$mask26); ++ vesrlf ($I4,$I4,2); # >>2 ++ ++ vmalof ($ACC0,$H1,$S4,$ACC0); ++ vmalof ($ACC1,$H1,$R0,$ACC1); ++ vmalof ($ACC2,$H1,$R1,$ACC2); ++ vmalof ($ACC3,$H1,$R2,$ACC3); ++ vmalof ($ACC4,$H1,$R3,$ACC4); ++ ++ vgmg ($mask26,38,63); ++ vperm ($T3,$T1,$T2,$bswaplo); ++ vperm ($T4,$T1,$T2,$bswaphi); ++ vperm ($T2,$T1,$T2,$bswapmi); ++ ++ vmalof ($ACC0,$H2,$S3,$ACC0); ++ vmalof ($ACC1,$H2,$S4,$ACC1); ++ vmalof ($ACC2,$H2,$R0,$ACC2); ++ vmalof ($ACC3,$H2,$R1,$ACC3); ++ vmalof ($ACC4,$H2,$R2,$ACC4); ++ ++ verimg ($I0,$T3,$mask26,0); ++ verimg ($I1,$T3,$mask26,38); # >>26 ++ verimg ($I2,$T2,$mask26,60); # >>4 ++ ++ vmalof ($ACC0,$H3,$S2,$ACC0); ++ vmalof ($ACC1,$H3,$S3,$ACC1); ++ vmalof ($ACC2,$H3,$S4,$ACC2); ++ vmalof ($ACC3,$H3,$R0,$ACC3); ++ vmalof ($ACC4,$H3,$R1,$ACC4); ++ ++ verimg ($I3,$T4,$mask26,50); # >>14 ++ vesrlg ($T4,$T4,40); ++ vo ($I4,$I4,$T4); ++ ++ vmalof ($ACC0,$H4,$S1,$ACC0); ++ vmalof ($ACC1,$H4,$S2,$ACC1); ++ vmalof ($ACC2,$H4,$S3,$ACC2); ++ vmalof ($ACC3,$H4,$S4,$ACC3); ++ vmalof ($ACC4,$H4,$R0,$ACC4); ++ ++ ################################################################ ++ # lazy reduction as discussed in "NEON crypto" by D.J. Bernstein ++ # and P. Schwabe ++ ++ vesrlg ($H4,$ACC3,26); ++ vesrlg ($H1,$ACC0,26); ++ vn ($H3,$ACC3,$mask26); ++ vn ($H0,$ACC0,$mask26); ++ vag ($H4,$H4,$ACC4); # h3 -> h4 ++ vag ($H1,$H1,$ACC1); # h0 -> h1 ++ ++ vesrlg ($ACC4,$H4,26); ++ vesrlg ($ACC1,$H1,26); ++ vn ($H4,$H4,$mask26); ++ vn ($H1,$H1,$mask26); ++ vag ($H0,$H0,$ACC4); ++ vag ($H2,$ACC2,$ACC1); # h1 -> h2 ++ ++ veslg ($ACC4,$ACC4,2); # <<2 ++ vesrlg ($ACC2,$H2,26); ++ vn ($H2,$H2,$mask26); ++ vag ($H0,$H0,$ACC4); # h4 -> h0 ++ vag ($H3,$H3,$ACC2); # h2 -> h3 ++ ++ vesrlg ($ACC0,$H0,26); ++ vesrlg ($ACC3,$H3,26); ++ vn ($H0,$H0,$mask26); ++ vn ($H3,$H3,$mask26); ++ vag ($H1,$H1,$ACC0); # h0 -> h1 ++ vag ($H4,$H4,$ACC3); # h3 -> h4 ++ ++&{$z? \&brctg:\&brct} ("%r0",".Loop_vx"); ++ ++ vlm ($R0,$S4,"48($ctx)"); # load all powers ++ ++ lghi ("%r0",0x30); ++&{$z? \&lcgr:\&lcr} ($len,$len); ++&{$z? \&ngr:\&nr} ($len,"%r0"); ++&{$z? \&slgr:\&slr} ($inp,$len); ++ ++LABEL (".Last"); ++ vmlef ($ACC0,$I0,$R0); ++ vmlef ($ACC1,$I0,$R1); ++ vmlef ($ACC2,$I0,$R2); ++ vmlef ($ACC3,$I0,$R3); ++ vmlef ($ACC4,$I0,$R4); ++ ++ vmalef ($ACC0,$I1,$S4,$ACC0); ++ vmalef ($ACC1,$I1,$R0,$ACC1); ++ vmalef ($ACC2,$I1,$R1,$ACC2); ++ vmalef ($ACC3,$I1,$R2,$ACC3); ++ vmalef ($ACC4,$I1,$R3,$ACC4); ++ ++ vaf ($H0,$H0,$I0); ++ vaf ($H1,$H1,$I1); ++ vaf ($H2,$H2,$I2); ++ vaf ($H3,$H3,$I3); ++ vaf ($H4,$H4,$I4); ++ ++ vmalef ($ACC0,$I2,$S3,$ACC0); ++ vmalef ($ACC1,$I2,$S4,$ACC1); ++ vmalef ($ACC2,$I2,$R0,$ACC2); ++ vmalef ($ACC3,$I2,$R1,$ACC3); ++ vmalef ($ACC4,$I2,$R2,$ACC4); ++ ++ vmalef ($ACC0,$I3,$S2,$ACC0); ++ vmalef ($ACC1,$I3,$S3,$ACC1); ++ vmalef ($ACC2,$I3,$S4,$ACC2); ++ vmalef ($ACC3,$I3,$R0,$ACC3); ++ vmalef ($ACC4,$I3,$R1,$ACC4); ++ ++ vmalef ($ACC0,$I4,$S1,$ACC0); ++ vmalef ($ACC1,$I4,$S2,$ACC1); ++ vmalef ($ACC2,$I4,$S3,$ACC2); ++ vmalef ($ACC3,$I4,$S4,$ACC3); ++ vmalef ($ACC4,$I4,$R0,$ACC4); ++ ++ vmalof ($ACC0,$H0,$R0,$ACC0); ++ vmalof ($ACC1,$H0,$R1,$ACC1); ++ vmalof ($ACC2,$H0,$R2,$ACC2); ++ vmalof ($ACC3,$H0,$R3,$ACC3); ++ vmalof ($ACC4,$H0,$R4,$ACC4); ++ ++ vmalof ($ACC0,$H1,$S4,$ACC0); ++ vmalof ($ACC1,$H1,$R0,$ACC1); ++ vmalof ($ACC2,$H1,$R1,$ACC2); ++ vmalof ($ACC3,$H1,$R2,$ACC3); ++ vmalof ($ACC4,$H1,$R3,$ACC4); ++ ++ vmalof ($ACC0,$H2,$S3,$ACC0); ++ vmalof ($ACC1,$H2,$S4,$ACC1); ++ vmalof ($ACC2,$H2,$R0,$ACC2); ++ vmalof ($ACC3,$H2,$R1,$ACC3); ++ vmalof ($ACC4,$H2,$R2,$ACC4); ++ ++ vmalof ($ACC0,$H3,$S2,$ACC0); ++ vmalof ($ACC1,$H3,$S3,$ACC1); ++ vmalof ($ACC2,$H3,$S4,$ACC2); ++ vmalof ($ACC3,$H3,$R0,$ACC3); ++ vmalof ($ACC4,$H3,$R1,$ACC4); ++ ++ vmalof ($ACC0,$H4,$S1,$ACC0); ++ vmalof ($ACC1,$H4,$S2,$ACC1); ++ vmalof ($ACC2,$H4,$S3,$ACC2); ++ vmalof ($ACC3,$H4,$S4,$ACC3); ++ vmalof ($ACC4,$H4,$R0,$ACC4); ++ ++ ################################################################ ++ # horizontal addition ++ ++ vzero ($H0); ++ vsumqg ($ACC0,$ACC0,$H0); ++ vsumqg ($ACC1,$ACC1,$H0); ++ vsumqg ($ACC2,$ACC2,$H0); ++ vsumqg ($ACC3,$ACC3,$H0); ++ vsumqg ($ACC4,$ACC4,$H0); ++ ++ ################################################################ ++ # lazy reduction ++ ++ vesrlg ($H4,$ACC3,26); ++ vesrlg ($H1,$ACC0,26); ++ vn ($H3,$ACC3,$mask26); ++ vn ($H0,$ACC0,$mask26); ++ vag ($H4,$H4,$ACC4); # h3 -> h4 ++ vag ($H1,$H1,$ACC1); # h0 -> h1 ++ ++ vesrlg ($ACC4,$H4,26); ++ vesrlg ($ACC1,$H1,26); ++ vn ($H4,$H4,$mask26); ++ vn ($H1,$H1,$mask26); ++ vag ($H0,$H0,$ACC4); ++ vag ($H2,$ACC2,$ACC1); # h1 -> h2 ++ ++ veslg ($ACC4,$ACC4,2); # <<2 ++ vesrlg ($ACC2,$H2,26); ++ vn ($H2,$H2,$mask26); ++ vag ($H0,$H0,$ACC4); # h4 -> h0 ++ vag ($H3,$H3,$ACC2); # h2 -> h3 ++ ++ vesrlg ($ACC0,$H0,26); ++ vesrlg ($ACC3,$H3,26); ++ vn ($H0,$H0,$mask26); ++ vn ($H3,$H3,$mask26); ++ vag ($H1,$H1,$ACC0); # h0 -> h1 ++ vag ($H4,$H4,$ACC3); # h3 -> h4 ++ ++&{$z? \&clgfi:\&clfi} ($len,0); ++ je (".Ldone"); ++ ++ vlm ($T1,$T4,"0x00($inp)"); # load last partial block ++ vgmg ($mask26,6,31); ++ vgmf ($I4,5,5); # padbit<<2 ++ ++ vperm ($I0,$T3,$T4,$bswaplo); ++ vperm ($I2,$T3,$T4,$bswapmi); ++ vperm ($T3,$T3,$T4,$bswaphi); ++ ++ vl ($ACC0,"0x30($len,%r1)"); # borrow $ACC0,1 ++ vl ($ACC1,"0x60($len,%r1)"); ++ ++ verimg ($I1,$I0,$mask26,6); # >>26 ++ veslg ($I0,$I0,32); ++ veslg ($I2,$I2,28); # >>4 ++ verimg ($I3,$T3,$mask26,18); # >>14 ++ verimg ($I4,$T3,$mask26,58); # >>38 ++ vn ($I0,$I0,$mask26); ++ vn ($I2,$I2,$mask26); ++ vesrlf ($I4,$I4,2); # >>2 ++ ++ vgmg ($mask26,38,63); ++ vperm ($T3,$T1,$T2,$bswaplo); ++ vperm ($T4,$T1,$T2,$bswaphi); ++ vperm ($T2,$T1,$T2,$bswapmi); ++ ++ verimg ($I0,$T3,$mask26,0); ++ verimg ($I1,$T3,$mask26,38); # >>26 ++ verimg ($I2,$T2,$mask26,60); # >>4 ++ verimg ($I3,$T4,$mask26,50); # >>14 ++ vesrlg ($T4,$T4,40); ++ vo ($I4,$I4,$T4); ++ ++ vperm ($H0,$H0,$H0,$ACC0); # move hash to right lane ++ vn ($I0,$I0,$ACC1); # mask redundant lane[s] ++ vperm ($H1,$H1,$H1,$ACC0); ++ vn ($I1,$I1,$ACC1); ++ vperm ($H2,$H2,$H2,$ACC0); ++ vn ($I2,$I2,$ACC1); ++ vperm ($H3,$H3,$H3,$ACC0); ++ vn ($I3,$I3,$ACC1); ++ vperm ($H4,$H4,$H4,$ACC0); ++ vn ($I4,$I4,$ACC1); ++ ++ vaf ($I0,$I0,$H0); # accumulate hash ++ vzero ($H0); # wipe hash value ++ vaf ($I1,$I1,$H1); ++ vzero ($H1); ++ vaf ($I2,$I2,$H2); ++ vzero ($H2); ++ vaf ($I3,$I3,$H3); ++ vzero ($H3); ++ vaf ($I4,$I4,$H4); ++ vzero ($H4); ++ ++&{$z? \&lghi:\&lhi} ($len,0); ++ j (".Last"); ++ # I don't bother to tell apart cases when only one multiplication ++ # pass is sufficient, because I argue that mispredicted branch ++ # penalties are comparable to overhead of sometimes redundant ++ # multiplication pass... ++ ++LABEL (".Ldone"); ++ vstef ($H0,"0($ctx)",3); # store hash base 2^26 ++ vstef ($H1,"4($ctx)",3); ++ vstef ($H2,"8($ctx)",3); ++ vstef ($H3,"12($ctx)",3); ++ vstef ($H4,"16($ctx)",3); ++ ++if ($z) { ++ ld ("%f8","$stdframe+0*8($sp)"); ++ ld ("%f9","$stdframe+1*8($sp)"); ++ ld ("%f10","$stdframe+2*8($sp)"); ++ ld ("%f11","$stdframe+3*8($sp)"); ++ ld ("%f12","$stdframe+4*8($sp)"); ++ ld ("%f13","$stdframe+5*8($sp)"); ++ ld ("%f14","$stdframe+6*8($sp)"); ++ ld ("%f15","$stdframe+7*8($sp)"); ++&{$z? \&lmg:\&lm} ("%r10","%r15","$stdframe+8*8+10*$SIZE_T($sp)"); ++} else { ++ ld ("%f4","$stdframe+16*$SIZE_T+2*8($sp)"); ++ ld ("%f6","$stdframe+16*$SIZE_T+3*8($sp)"); ++&{$z? \&lmg:\&lm} ("%r10","%r15","$stdframe+10*$SIZE_T($sp)"); ++} ++ br ("%r14"); ++SIZE ("__poly1305_blocks_vx",".-__poly1305_blocks_vx"); ++} ++ ++################ ++# static void poly1305_emit(void *ctx, unsigned char mac[16], ++# const u32 nonce[4]) + { + my ($mac,$nonce)=($inp,$len); +-my ($h0,$h1,$h2,$d0,$d1)=map("%r$_",(5..9)); ++my ($h0,$h1,$h2,$d0,$d1,$d2)=map("%r$_",(5..10)); + +-$code.=<<___; +-.globl poly1305_emit +-.type poly1305_emit,\@function +-.align 16 +-poly1305_emit: +- stm${g} %r6,%r9,`6*$SIZE_T`($sp) +- +- lg $h0,0($ctx) +- lg $h1,8($ctx) +- lg $h2,16($ctx) +- +- lghi %r0,5 +- lghi %r1,0 +- lgr $d0,$h0 +- lgr $d1,$h1 +- +- algr $h0,%r0 # compare to modulus +- alcgr $h1,%r1 +- alcgr $h2,%r1 +- +- srlg $h2,$h2,2 # did it borrow/carry? +- slgr %r1,$h2 # 0-$h2>>2 +- lg $h2,0($nonce) # load nonce +- lghi %r0,-1 +- lg $ctx,8($nonce) +- xgr %r0,%r1 # ~%r1 +- +- ngr $h0,%r1 +- ngr $d0,%r0 +- ngr $h1,%r1 +- ngr $d1,%r0 +- ogr $h0,$d0 +- rllg $d0,$h2,32 # flip nonce words +- ogr $h1,$d1 +- rllg $d1,$ctx,32 +- +- algr $h0,$d0 # accumulate nonce +- alcgr $h1,$d1 +- +- strvg $h0,0($mac) # write little-endian result +- strvg $h1,8($mac) +- +- lm${g} %r6,%r9,`6*$SIZE_T`($sp) +- br %r14 +-.size poly1305_emit,.-poly1305_emit +- +-.string "Poly1305 for s390x, CRYPTOGAMS by " +-___ ++GLOBL ("poly1305_emit"); ++TYPE ("poly1305_emit","\@function"); ++ALIGN (16); ++LABEL ("poly1305_emit"); ++LABEL (".Lpoly1305_emit"); ++&{$z? \&stmg:\&stm} ("%r6","%r10","6*$SIZE_T($sp)"); ++ ++ lg ($d0,"0($ctx)"); ++ lg ($d1,"8($ctx)"); ++ lg ($d2,"16($ctx)"); ++ ++ llgfr ("%r0",$d0); # base 2^26 -> base 2^64 ++ srlg ($h0,$d0,32); ++ llgfr ("%r1",$d1); ++ srlg ($h1,$d1,32); ++ srlg ($h2,$d2,32); ++ ++ sllg ("%r0","%r0",26); ++ algr ($h0,"%r0"); ++ sllg ("%r0",$h1,52); ++ srlg ($h1,$h1,12); ++ sllg ("%r1","%r1",14); ++ algr ($h0,"%r0"); ++ alcgr ($h1,"%r1"); ++ sllg ("%r0",$h2,40); ++ srlg ($h2,$h2,24); ++ lghi ("%r1",0); ++ algr ($h1,"%r0"); ++ alcgr ($h2,"%r1"); ++ ++ llgf ("%r0","24($ctx)"); # is_base2_26 ++ lcgr ("%r0","%r0"); ++ ++ xgr ($h0,$d0); # choose between radixes ++ xgr ($h1,$d1); ++ xgr ($h2,$d2); ++ ngr ($h0,"%r0"); ++ ngr ($h1,"%r0"); ++ ngr ($h2,"%r0"); ++ xgr ($h0,$d0); ++ xgr ($h1,$d1); ++ xgr ($h2,$d2); ++ ++ lghi ("%r0",5); ++ lgr ($d0,$h0); ++ lgr ($d1,$h1); ++ ++ algr ($h0,"%r0"); # compare to modulus ++ alcgr ($h1,"%r1"); ++ alcgr ($h2,"%r1"); ++ ++ srlg ($h2,$h2,2); # did it borrow/carry? ++ slgr ("%r1",$h2); # 0-$h2>>2 ++ lg ($d2,"0($nonce)"); # load nonce ++ lg ($ctx,"8($nonce)"); ++ ++ xgr ($h0,$d0); ++ xgr ($h1,$d1); ++ ngr ($h0,"%r1"); ++ ngr ($h1,"%r1"); ++ xgr ($h0,$d0); ++ rllg ($d0,$d2,32); # flip nonce words ++ xgr ($h1,$d1); ++ rllg ($d1,$ctx,32); ++ ++ algr ($h0,$d0); # accumulate nonce ++ alcgr ($h1,$d1); ++ ++ strvg ($h0,"0($mac)"); # write little-endian result ++ strvg ($h1,"8($mac)"); ++ ++&{$z? \&lmg:\&lm} ("%r6","%r10","6*$SIZE_T($sp)"); ++ br ("%r14"); ++SIZE ("poly1305_emit",".-poly1305_emit"); + } + +-$code =~ s/\`([^\`]*)\`/eval $1/gem; +-$code =~ s/\b(srlg\s+)(%r[0-9]+\s*,)\s*([0-9]+)/$1$2$2$3/gm; ++################ ++ ++ALIGN (16); ++LABEL (".Lconst"); ++LONG (0x04050607,0x14151617,0x0c0d0e0f,0x1c1d1e1f); # merge odd ++LONG (0x07060504,0x03020100,0x17161514,0x13121110); # byte swap masks ++LONG (0x0f0e0d0c,0x0b0a0908,0x1f1e1d1c,0x1b1a1918); ++LONG (0x00000000,0x09080706,0x00000000,0x19181716); ++ ++LONG (0x00000000,0x00000000,0x00000000,0x0c0d0e0f); # magic tail masks ++LONG (0x0c0d0e0f,0x00000000,0x00000000,0x00000000); ++LONG (0x00000000,0x00000000,0x0c0d0e0f,0x00000000); ++ ++LONG (0xffffffff,0x00000000,0xffffffff,0xffffffff); ++LONG (0xffffffff,0x00000000,0xffffffff,0x00000000); ++LONG (0x00000000,0x00000000,0xffffffff,0x00000000); ++ ++STRING ("\"Poly1305 for s390x, CRYPTOGAMS by \""); + +-print $code; +-close STDOUT; ++PERLASM_END(); +diff -up openssl-1.1.1b/crypto/poly1305/build.info.s390x-update openssl-1.1.1b/crypto/poly1305/build.info +--- openssl-1.1.1b/crypto/poly1305/build.info.s390x-update 2019-05-06 10:54:00.036367588 +0200 ++++ openssl-1.1.1b/crypto/poly1305/build.info 2019-05-06 10:56:14.964105164 +0200 +@@ -18,6 +18,7 @@ INCLUDE[poly1305-armv8.o]=.. + GENERATE[poly1305-mips.S]=asm/poly1305-mips.pl $(PERLASM_SCHEME) + INCLUDE[poly1305-mips.o]=.. + GENERATE[poly1305-s390x.S]=asm/poly1305-s390x.pl $(PERLASM_SCHEME) ++INCLUDE[poly1305-s390x.o]=.. + + BEGINRAW[Makefile(unix)] + {- $builddir -}/poly1305-%.S: {- $sourcedir -}/asm/poly1305-%.pl diff --git a/openssl-freefilesync/openssl-1.1.1-seclevel.patch b/openssl-freefilesync/openssl-1.1.1-seclevel.patch new file mode 100644 index 0000000..fe6c6bb --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-seclevel.patch @@ -0,0 +1,65 @@ +diff -up openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1/crypto/x509/x509_vfy.c +--- openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel 2018-09-11 14:48:22.000000000 +0200 ++++ openssl-1.1.1/crypto/x509/x509_vfy.c 2018-10-01 09:52:23.535298908 +0200 +@@ -3220,6 +3220,7 @@ static int build_chain(X509_STORE_CTX *c + } + + static const int minbits_table[] = { 80, 112, 128, 192, 256 }; ++static const int minbits_digest_table[] = { 80, 80, 128, 192, 256 }; + static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table); + + /* +@@ -3264,6 +3265,8 @@ static int check_sig_level(X509_STORE_CT + + if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL)) + return 0; +- +- return secbits >= minbits_table[level - 1]; ++ /* Allow SHA1 in SECLEVEL 2 in non-FIPS mode */ ++ if (FIPS_mode()) ++ return secbits >= minbits_table[level - 1]; ++ return secbits >= minbits_digest_table[level - 1]; + } +diff -up openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod +--- openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel 2018-09-11 14:48:22.000000000 +0200 ++++ openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod 2018-10-01 09:52:23.535298908 +0200 +@@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited + + =item B + +-Security level set to 112 bits of security. As a result RSA, DSA and DH keys +-shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. ++Security level set to 112 bits of security with the exception of SHA1 allowed ++for signatures. ++As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys ++shorter than 224 bits are prohibited. + In addition to the level 1 exclusions any cipher suite using RC4 is also + prohibited. SSL version 3 is also not allowed. Compression is disabled. + +diff -up openssl-1.1.1/ssl/ssl_cert.c.seclevel openssl-1.1.1/ssl/ssl_cert.c +--- openssl-1.1.1/ssl/ssl_cert.c.seclevel 2018-09-11 14:48:23.000000000 +0200 ++++ openssl-1.1.1/ssl/ssl_cert.c 2018-10-12 15:29:12.673799305 +0200 +@@ -983,6 +983,9 @@ static int ssl_security_default_callback + return 0; + break; + default: ++ /* allow SHA1 in SECLEVEL 2 in non FIPS mode */ ++ if (nid == NID_sha1 && minbits == 112 && !FIPS_mode()) ++ break; + if (bits < minbits) + return 0; + } +diff -up openssl-1.1.1/test/recipes/25-test_verify.t.seclevel openssl-1.1.1/test/recipes/25-test_verify.t +--- openssl-1.1.1/test/recipes/25-test_verify.t.seclevel 2018-09-11 14:48:24.000000000 +0200 ++++ openssl-1.1.1/test/recipes/25-test_verify.t 2018-10-01 09:52:23.535298908 +0200 +@@ -342,8 +342,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver + ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ), + "CA with PSS signature using SHA256"); + +-ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"), +- "Reject PSS signature using SHA1 and auth level 2"); ++ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"), ++ "Reject PSS signature using SHA1 and auth level 3"); + + ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"), + "PSS signature using SHA256 and auth level 2"); diff --git a/openssl-freefilesync/openssl-1.1.1-ssh-kdf.patch b/openssl-freefilesync/openssl-1.1.1-ssh-kdf.patch new file mode 100644 index 0000000..08f02ac --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-ssh-kdf.patch @@ -0,0 +1,5612 @@ +commit 1e662a43f0420cfdc40d01cd70c27fa1c220a57e +Author: Simo Sorce +Date: Wed Sep 19 16:23:45 2018 -0400 + + Implement SSH KDF + + SSH's KDF is defined in RFC 4253 in Section 7.2 + + Signed-off-by: Simo Sorce + + Reviewed-by: Paul Dale + Reviewed-by: Matt Caswell + (Merged from https://github.com/openssl/openssl/pull/7290) + +diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt +index ae67dac7f6..e7ed2f8d63 100644 +--- a/crypto/err/openssl.txt ++++ b/crypto/err/openssl.txt +@@ -828,6 +828,10 @@ KDF_F_KDF_SCRYPT_CTRL_UINT32:121:kdf_scrypt_ctrl_uint32 + KDF_F_KDF_SCRYPT_CTRL_UINT64:122:kdf_scrypt_ctrl_uint64 + KDF_F_KDF_SCRYPT_DERIVE:123:kdf_scrypt_derive + KDF_F_KDF_SCRYPT_NEW:124:kdf_scrypt_new ++KDF_F_KDF_SSHKDF_CTRL:130:kdf_sshkdf_ctrl ++KDF_F_KDF_SSHKDF_CTRL_STR:131:kdf_sshkdf_ctrl_str ++KDF_F_KDF_SSHKDF_DERIVE:132:kdf_sshkdf_derive ++KDF_F_KDF_SSHKDF_NEW:133:kdf_sshkdf_new + KDF_F_KDF_TLS1_PRF_CTRL_STR:125:kdf_tls1_prf_ctrl_str + KDF_F_KDF_TLS1_PRF_DERIVE:126:kdf_tls1_prf_derive + KDF_F_KDF_TLS1_PRF_NEW:127:kdf_tls1_prf_new +@@ -2320,6 +2324,9 @@ KDF_R_MISSING_PASS:110:missing pass + KDF_R_MISSING_SALT:111:missing salt + KDF_R_MISSING_SECRET:107:missing secret + KDF_R_MISSING_SEED:106:missing seed ++KDF_R_MISSING_SESSION_ID:113:missing session id ++KDF_R_MISSING_TYPE:114:missing type ++KDF_R_MISSING_XCGHASH:115:missing xcghash + KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type + KDF_R_VALUE_ERROR:108:value error + KDF_R_VALUE_MISSING:102:value missing +diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c +index 05f5cec3a9..811fe727f6 100644 +--- a/crypto/evp/kdf_lib.c ++++ b/crypto/evp/kdf_lib.c +@@ -29,7 +29,8 @@ static const EVP_KDF_METHOD *standard_methods[] = { + &scrypt_kdf_meth, + #endif + &tls1_prf_kdf_meth, +- &hkdf_kdf_meth ++ &hkdf_kdf_meth, ++ &sshkdf_kdf_meth, + }; + + DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *, +diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h +index a109e561b3..8c313c65ac 100644 +--- a/crypto/include/internal/evp_int.h ++++ b/crypto/include/internal/evp_int.h +@@ -129,6 +129,7 @@ extern const EVP_KDF_METHOD pbkdf2_kdf_meth; + extern const EVP_KDF_METHOD scrypt_kdf_meth; + extern const EVP_KDF_METHOD tls1_prf_kdf_meth; + extern const EVP_KDF_METHOD hkdf_kdf_meth; ++extern const EVP_KDF_METHOD sshkdf_kdf_meth; + + struct evp_md_st { + int type; +diff --git a/crypto/kdf/build.info b/crypto/kdf/build.info +index dce960e9e1..f483c779dd 100644 +--- a/crypto/kdf/build.info ++++ b/crypto/kdf/build.info +@@ -1,3 +1,3 @@ + LIBS=../../libcrypto + SOURCE[../../libcrypto]=\ +- tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c ++ tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c sshkdf.c +diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c +index b2a0c0ebfc..b4678775dd 100644 +--- a/crypto/kdf/kdf_err.c ++++ b/crypto/kdf/kdf_err.c +@@ -31,6 +31,11 @@ static const ERR_STRING_DATA KDF_str_functs[] = { + "kdf_scrypt_ctrl_uint64"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_DERIVE, 0), "kdf_scrypt_derive"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_NEW, 0), "kdf_scrypt_new"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SSHKDF_CTRL, 0), "kdf_sshkdf_ctrl"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SSHKDF_CTRL_STR, 0), ++ "kdf_sshkdf_ctrl_str"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SSHKDF_DERIVE, 0), "kdf_sshkdf_derive"}, ++ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SSHKDF_NEW, 0), "kdf_sshkdf_new"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_CTRL_STR, 0), + "kdf_tls1_prf_ctrl_str"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_DERIVE, 0), +@@ -70,6 +75,9 @@ static const ERR_STRING_DATA KDF_str_reasons[] = { + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SALT), "missing salt"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SECRET), "missing secret"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SEED), "missing seed"}, ++ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SESSION_ID), "missing session id"}, ++ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_TYPE), "missing type"}, ++ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_XCGHASH), "missing xcghash"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNKNOWN_PARAMETER_TYPE), + "unknown parameter type"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_ERROR), "value error"}, +diff --git a/crypto/kdf/sshkdf.c b/crypto/kdf/sshkdf.c +new file mode 100644 +index 0000000000..24f37cbed4 +--- /dev/null ++++ b/crypto/kdf/sshkdf.c +@@ -0,0 +1,288 @@ ++/* ++ * Copyright 2018-2018 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the OpenSSL license (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include "internal/cryptlib.h" ++#include "internal/evp_int.h" ++#include "kdf_local.h" ++ ++/* See RFC 4253, Section 7.2 */ ++ ++static void kdf_sshkdf_reset(EVP_KDF_IMPL *impl); ++static int SSHKDF(const EVP_MD *evp_md, ++ const unsigned char *key, size_t key_len, ++ const unsigned char *xcghash, size_t xcghash_len, ++ const unsigned char *session_id, size_t session_id_len, ++ char type, unsigned char *okey, size_t okey_len); ++ ++struct evp_kdf_impl_st { ++ const EVP_MD *md; ++ unsigned char *key; /* K */ ++ size_t key_len; ++ unsigned char *xcghash; /* H */ ++ size_t xcghash_len; ++ char type; /* X */ ++ unsigned char *session_id; ++ size_t session_id_len; ++}; ++ ++static EVP_KDF_IMPL *kdf_sshkdf_new(void) ++{ ++ EVP_KDF_IMPL *impl; ++ ++ if ((impl = OPENSSL_zalloc(sizeof(*impl))) == NULL) ++ KDFerr(KDF_F_KDF_SSHKDF_NEW, ERR_R_MALLOC_FAILURE); ++ return impl; ++} ++ ++static void kdf_sshkdf_free(EVP_KDF_IMPL *impl) ++{ ++ kdf_sshkdf_reset(impl); ++ OPENSSL_free(impl); ++} ++ ++static void kdf_sshkdf_reset(EVP_KDF_IMPL *impl) ++{ ++ OPENSSL_clear_free(impl->key, impl->key_len); ++ OPENSSL_clear_free(impl->xcghash, impl->xcghash_len); ++ OPENSSL_clear_free(impl->session_id, impl->session_id_len); ++ memset(impl, 0, sizeof(*impl)); ++} ++ ++static int kdf_sshkdf_parse_buffer_arg(unsigned char **dst, size_t *dst_len, ++ va_list args) ++{ ++ const unsigned char *p; ++ size_t len; ++ ++ p = va_arg(args, const unsigned char *); ++ len = va_arg(args, size_t); ++ OPENSSL_clear_free(*dst, *dst_len); ++ *dst = OPENSSL_memdup(p, len); ++ if (*dst == NULL) ++ return 0; ++ ++ *dst_len = len; ++ return 1; ++} ++ ++static int kdf_sshkdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) ++{ ++ int t; ++ ++ switch (cmd) { ++ case EVP_KDF_CTRL_SET_MD: ++ impl->md = va_arg(args, const EVP_MD *); ++ if (impl->md == NULL) ++ return 0; ++ ++ return 1; ++ ++ case EVP_KDF_CTRL_SET_KEY: ++ return kdf_sshkdf_parse_buffer_arg(&impl->key, ++ &impl->key_len, args); ++ ++ case EVP_KDF_CTRL_SET_SSHKDF_XCGHASH: ++ return kdf_sshkdf_parse_buffer_arg(&impl->xcghash, ++ &impl->xcghash_len, args); ++ ++ case EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID: ++ return kdf_sshkdf_parse_buffer_arg(&impl->session_id, ++ &impl->session_id_len, args); ++ ++ case EVP_KDF_CTRL_SET_SSHKDF_TYPE: ++ t = va_arg(args, int); ++ if (t < 65 || t > 70) { ++ KDFerr(KDF_F_KDF_SSHKDF_CTRL, KDF_R_VALUE_ERROR); ++ return 0; ++ } ++ ++ impl->type = (char)t; ++ return 1; ++ ++ default: ++ return -2; ++ ++ } ++} ++ ++static int kdf_sshkdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type, ++ const char *value) ++{ ++ if (value == NULL) { ++ KDFerr(KDF_F_KDF_SSHKDF_CTRL_STR, KDF_R_VALUE_MISSING); ++ return 0; ++ } ++ ++ if (strcmp(type, "md") == 0) ++ return kdf_md2ctrl(impl, kdf_sshkdf_ctrl, EVP_KDF_CTRL_SET_MD, value); ++ ++ if (strcmp(type, "key") == 0) ++ return kdf_str2ctrl(impl, kdf_sshkdf_ctrl, ++ EVP_KDF_CTRL_SET_KEY, value); ++ ++ if (strcmp(type, "hexkey") == 0) ++ return kdf_hex2ctrl(impl, kdf_sshkdf_ctrl, ++ EVP_KDF_CTRL_SET_KEY, value); ++ ++ if (strcmp(type, "xcghash") == 0) ++ return kdf_str2ctrl(impl, kdf_sshkdf_ctrl, ++ EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, value); ++ ++ if (strcmp(type, "hexxcghash") == 0) ++ return kdf_hex2ctrl(impl, kdf_sshkdf_ctrl, ++ EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, value); ++ ++ if (strcmp(type, "session_id") == 0) ++ return kdf_str2ctrl(impl, kdf_sshkdf_ctrl, ++ EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, value); ++ ++ if (strcmp(type, "hexsession_id") == 0) ++ return kdf_hex2ctrl(impl, kdf_sshkdf_ctrl, ++ EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, value); ++ ++ if (strcmp(type, "type") == 0) { ++ if (strlen(value) != 1) { ++ KDFerr(KDF_F_KDF_SSHKDF_CTRL_STR, KDF_R_VALUE_ERROR); ++ return 0; ++ } ++ ++ return call_ctrl(kdf_sshkdf_ctrl, impl, EVP_KDF_CTRL_SET_SSHKDF_TYPE, ++ (int)value[0]); ++ } ++ ++ KDFerr(KDF_F_KDF_SSHKDF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE); ++ return -2; ++} ++ ++static size_t kdf_sshkdf_size(EVP_KDF_IMPL *impl) ++{ ++ return SIZE_MAX; ++} ++ ++static int kdf_sshkdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, ++ size_t keylen) ++{ ++ if (impl->md == NULL) { ++ KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); ++ return 0; ++ } ++ if (impl->key == NULL) { ++ KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_KEY); ++ return 0; ++ } ++ if (impl->xcghash == NULL) { ++ KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_XCGHASH); ++ return 0; ++ } ++ if (impl->session_id == NULL) { ++ KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_SESSION_ID); ++ return 0; ++ } ++ if (impl->type == 0) { ++ KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_TYPE); ++ return 0; ++ } ++ return SSHKDF(impl->md, impl->key, impl->key_len, ++ impl->xcghash, impl->xcghash_len, ++ impl->session_id, impl->session_id_len, ++ impl->type, key, keylen); ++} ++ ++const EVP_KDF_METHOD sshkdf_kdf_meth = { ++ EVP_KDF_SSHKDF, ++ kdf_sshkdf_new, ++ kdf_sshkdf_free, ++ kdf_sshkdf_reset, ++ kdf_sshkdf_ctrl, ++ kdf_sshkdf_ctrl_str, ++ kdf_sshkdf_size, ++ kdf_sshkdf_derive, ++}; ++ ++static int SSHKDF(const EVP_MD *evp_md, ++ const unsigned char *key, size_t key_len, ++ const unsigned char *xcghash, size_t xcghash_len, ++ const unsigned char *session_id, size_t session_id_len, ++ char type, unsigned char *okey, size_t okey_len) ++{ ++ EVP_MD_CTX *md = NULL; ++ unsigned char digest[EVP_MAX_MD_SIZE]; ++ unsigned int dsize = 0; ++ size_t cursize = 0; ++ int ret = 0; ++ ++ md = EVP_MD_CTX_new(); ++ if (md == NULL) ++ return 0; ++ ++ if (!EVP_DigestInit_ex(md, evp_md, NULL)) ++ goto out; ++ ++ if (!EVP_DigestUpdate(md, key, key_len)) ++ goto out; ++ ++ if (!EVP_DigestUpdate(md, xcghash, xcghash_len)) ++ goto out; ++ ++ if (!EVP_DigestUpdate(md, &type, 1)) ++ goto out; ++ ++ if (!EVP_DigestUpdate(md, session_id, session_id_len)) ++ goto out; ++ ++ if (!EVP_DigestFinal_ex(md, digest, &dsize)) ++ goto out; ++ ++ if (okey_len < dsize) { ++ memcpy(okey, digest, okey_len); ++ ret = 1; ++ goto out; ++ } ++ ++ memcpy(okey, digest, dsize); ++ ++ for (cursize = dsize; cursize < okey_len; cursize += dsize) { ++ ++ if (!EVP_DigestInit_ex(md, evp_md, NULL)) ++ goto out; ++ ++ if (!EVP_DigestUpdate(md, key, key_len)) ++ goto out; ++ ++ if (!EVP_DigestUpdate(md, xcghash, xcghash_len)) ++ goto out; ++ ++ if (!EVP_DigestUpdate(md, okey, cursize)) ++ goto out; ++ ++ if (!EVP_DigestFinal_ex(md, digest, &dsize)) ++ goto out; ++ ++ if (okey_len < cursize + dsize) { ++ memcpy(okey + cursize, digest, okey_len - cursize); ++ ret = 1; ++ goto out; ++ } ++ ++ memcpy(okey + cursize, digest, dsize); ++ } ++ ++ ret = 1; ++ ++out: ++ EVP_MD_CTX_free(md); ++ OPENSSL_cleanse(digest, EVP_MAX_MD_SIZE); ++ return ret; ++} ++ +diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h +index 9ab1a14b9e..81646fda52 100644 +--- a/crypto/objects/obj_dat.h ++++ b/crypto/objects/obj_dat.h +@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = { + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */ + }; + +-#define NUM_NID 1195 ++#define NUM_NID 1196 + static const ASN1_OBJECT nid_objs[NUM_NID] = { + {"UNDEF", "undefined", NID_undef}, + {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, +@@ -2275,9 +2275,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { + {"magma-mac", "magma-mac", NID_magma_mac}, + {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]}, + {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]}, ++ {"SSHKDF", "sshkdf", NID_sshkdf}, + }; + +-#define NUM_SN 1186 ++#define NUM_SN 1187 + static const unsigned int sn_objs[NUM_SN] = { + 364, /* "AD_DVCS" */ + 419, /* "AES-128-CBC" */ +@@ -2555,6 +2556,7 @@ static const unsigned int sn_objs[NUM_SN] = { + 167, /* "SMIME-CAPS" */ + 100, /* "SN" */ + 1006, /* "SNILS" */ ++ 1195, /* "SSHKDF" */ + 16, /* "ST" */ + 143, /* "SXNetID" */ + 1062, /* "SipHash" */ +@@ -3467,7 +3469,7 @@ static const unsigned int sn_objs[NUM_SN] = { + 1093, /* "x509ExtAdmission" */ + }; + +-#define NUM_LN 1186 ++#define NUM_LN 1187 + static const unsigned int ln_objs[NUM_LN] = { + 363, /* "AD Time Stamping" */ + 405, /* "ANSI X9.62" */ +@@ -4609,6 +4611,7 @@ static const unsigned int ln_objs[NUM_LN] = { + 1139, /* "sm4-ctr" */ + 1133, /* "sm4-ecb" */ + 1135, /* "sm4-ofb" */ ++ 1195, /* "sshkdf" */ + 16, /* "stateOrProvinceName" */ + 660, /* "streetAddress" */ + 498, /* "subtreeMaximumQuality" */ +diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num +index 1b6a9c61a1..231c18384a 100644 +--- a/crypto/objects/obj_mac.num ++++ b/crypto/objects/obj_mac.num +@@ -1192,3 +1192,4 @@ magma_cfb 1191 + magma_mac 1192 + hmacWithSHA512_224 1193 + hmacWithSHA512_256 1194 ++sshkdf 1195 +diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt +index 6dbc41ce37..5ded88e525 100644 +--- a/crypto/objects/objects.txt ++++ b/crypto/objects/objects.txt +@@ -1600,6 +1600,9 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme + # NID for HKDF + : HKDF : hkdf + ++# NID for SSHKDF ++ : SSHKDF : sshkdf ++ + # RFC 4556 + 1 3 6 1 5 2 3 : id-pkinit + id-pkinit 4 : pkInitClientAuth : PKINIT Client Auth +diff --git a/doc/man7/EVP_KDF_SSHKDF.pod b/doc/man7/EVP_KDF_SSHKDF.pod +new file mode 100644 +index 0000000000..9c9734e7c3 +--- /dev/null ++++ b/doc/man7/EVP_KDF_SSHKDF.pod +@@ -0,0 +1,175 @@ ++=pod ++ ++=head1 NAME ++ ++EVP_KDF_SSHKDF - The SSHKDF EVP_KDF implementation ++ ++=head1 DESCRIPTION ++ ++Support for computing the B KDF through the B API. ++ ++The EVP_KDF_SSHKDF algorithm implements the SSHKDF key derivation function. ++It is defined in RFC 4253, section 7.2 and is used by SSH to derive IVs, ++encryption keys and integrity keys. ++Five inputs are required to perform key derivation: The hashing function ++(for example SHA256), the Initial Key, the Exchange Hash, the Session ID, ++and the derivation key type. ++ ++=head2 Numeric identity ++ ++B is the numeric identity for this implementation; it ++can be used with the EVP_KDF_CTX_new_id() function. ++ ++=head2 Supported controls ++ ++The supported controls are: ++ ++=over 4 ++ ++=item B ++ ++=item B ++ ++These controls work as described in L. ++ ++=item B ++ ++=item B ++ ++These controls expect two arguments: C, C ++ ++They set the respective values to the first B bytes of the buffer ++B. If a value is already set, the contents are replaced. ++ ++EVP_KDF_ctrl_str() takes two type strings for these controls: ++ ++=over 4 ++ ++=item "xcghash" ++ ++=item "session_id" ++ ++The value string is used as is. ++ ++=item "hexxcghash" ++ ++=item "hexsession_id" ++ ++The value string is expected to be a hexadecimal number, which will be ++decoded before being passed on as the control value. ++ ++=back ++ ++=item B ++ ++This control expects one argument: C ++ ++Sets the type for the SSHHKDF operation. There are six supported types: ++ ++=over 4 ++ ++=item EVP_KDF_SSHKDF_TYPE_ININITAL_IV_CLI_TO_SRV ++ ++The Initial IV from client to server. ++A single char of value 65 (ASCII char 'A'). ++ ++=item EVP_KDF_SSHKDF_TYPE_ININITAL_IV_SRV_TO_CLI ++ ++The Initial IV from server to client ++A single char of value 66 (ASCII char 'B'). ++ ++=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV ++ ++The Encryption Key from client to server ++A single char of value 67 (ASCII char 'C'). ++ ++=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI ++ ++The Encryption Key from server to client ++A single char of value 68 (ASCII char 'D'). ++ ++=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV ++ ++The Integrity Key from client to server ++A single char of value 69 (ASCII char 'E'). ++ ++=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI ++ ++The Integrity Key from client to server ++A single char of value 70 (ASCII char 'F'). ++ ++=back ++ ++EVP_KDF_ctrl_str() type string: "type" ++ ++The value is a string of length one character. The only valid values ++are the numerical values of the ASCII caracters: "A" (65) to "F" (70). ++ ++=back ++ ++=head1 NOTES ++ ++A context for SSHKDF can be obtained by calling: ++ ++ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF); ++ ++The output length of the SSHKDF derivation is specified via the C ++parameter to the L function. ++Since the SSHKDF output length is variable, calling L ++to obtain the requisite length is not meaningful. The caller must ++allocate a buffer of the desired length, and pass that buffer to the ++L function along with the desired length. ++ ++=head1 EXAMPLE ++ ++This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate ++"xcghash" and "session_id" values: ++ ++ EVP_KDF_CTX *kctx; ++ unsigned char key[1024] = "01234..."; ++ unsigned char xcghash[32] = "012345..."; ++ unsigned char session_id[32] = "012345..."; ++ unsigned char out[8]; ++ size_t outlen = sizeof(out); ++ kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF); ++ ++ if (EVP_KDF_CTX_set_md(kctx, EVP_sha256()) <= 0) ++ /* Error */ ++ if (EVP_KDF_CTX_set1_key(kctx, key, 1024) <= 0) ++ /* Error */ ++ if (EVP_KDF_CTX_set1_sshkdf_xcghash(kctx, xcghash, 32) <= 0) ++ /* Error */ ++ if (EVP_KDF_CTX_set1_sshkdf_session_id(kctx, session_id, 32) <= 0) ++ /* Error */ ++ if (EVP_KDF_CTX_set_sshkdf_type(kctx, ++ EVP_KDF_SSHKDF_TYPE_ININITAL_IV_CLI_TO_SRV) <= 0) ++ /* Error */ ++ if (EVP_KDF_derive(kctx, out, &outlen) <= 0) ++ /* Error */ ++ ++ ++=head1 CONFORMING TO ++ ++RFC 4253 ++ ++=head1 SEE ALSO ++ ++L, ++L, ++L, ++L, ++L, ++L, ++L ++ ++=head1 COPYRIGHT ++ ++Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. ++ ++Licensed under the OpenSSL license (the "License"). You may not use ++this file except in compliance with the License. You can obtain a copy ++in the file LICENSE in the source distribution or at ++L. ++ ++=cut ++ +diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h +index 16caed5273..362ab14cff 100644 +--- a/include/openssl/kdf.h ++++ b/include/openssl/kdf.h +@@ -20,6 +20,7 @@ extern "C" { + # define EVP_KDF_SCRYPT NID_id_scrypt + # define EVP_KDF_TLS1_PRF NID_tls1_prf + # define EVP_KDF_HKDF NID_hkdf ++# define EVP_KDF_SSHKDF NID_sshkdf + + EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id); + void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); +@@ -47,11 +48,20 @@ int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); + # define EVP_KDF_CTRL_SET_SCRYPT_N 0x0d /* uint64_t */ + # define EVP_KDF_CTRL_SET_SCRYPT_R 0x0e /* uint32_t */ + # define EVP_KDF_CTRL_SET_SCRYPT_P 0x0f /* uint32_t */ ++# define EVP_KDF_CTRL_SET_SSHKDF_XCGHASH 0x10 /* unsigned char *, size_t */ ++# define EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID 0x11 /* unsigned char *, size_t */ ++# define EVP_KDF_CTRL_SET_SSHKDF_TYPE 0x12 /* int */ + + # define EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND 0 + # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 + # define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 + ++#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 ++#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 ++#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67 ++#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI 68 ++#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV 69 ++#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI 70 + + /**** The legacy PKEY-based KDF API follows. ****/ + +diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h +index 0191f2b21d..ff13ccb649 100644 +--- a/include/openssl/kdferr.h ++++ b/include/openssl/kdferr.h +@@ -32,6 +32,10 @@ int ERR_load_KDF_strings(void); + # define KDF_F_KDF_SCRYPT_CTRL_UINT64 122 + # define KDF_F_KDF_SCRYPT_DERIVE 123 + # define KDF_F_KDF_SCRYPT_NEW 124 ++# define KDF_F_KDF_SSHKDF_CTRL 130 ++# define KDF_F_KDF_SSHKDF_CTRL_STR 131 ++# define KDF_F_KDF_SSHKDF_DERIVE 132 ++# define KDF_F_KDF_SSHKDF_NEW 133 + # define KDF_F_KDF_TLS1_PRF_CTRL_STR 125 + # define KDF_F_KDF_TLS1_PRF_DERIVE 126 + # define KDF_F_KDF_TLS1_PRF_NEW 127 +@@ -62,6 +66,9 @@ int ERR_load_KDF_strings(void); + # define KDF_R_MISSING_SALT 111 + # define KDF_R_MISSING_SECRET 107 + # define KDF_R_MISSING_SEED 106 ++# define KDF_R_MISSING_SESSION_ID 113 ++# define KDF_R_MISSING_TYPE 114 ++# define KDF_R_MISSING_XCGHASH 115 + # define KDF_R_UNKNOWN_PARAMETER_TYPE 103 + # define KDF_R_VALUE_ERROR 108 + # define KDF_R_VALUE_MISSING 102 +diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h +index 31fad4640f..baf2bd8db4 100644 +--- a/include/openssl/obj_mac.h ++++ b/include/openssl/obj_mac.h +@@ -4970,6 +4970,10 @@ + #define LN_hkdf "hkdf" + #define NID_hkdf 1036 + ++#define SN_sshkdf "SSHKDF" ++#define LN_sshkdf "sshkdf" ++#define NID_sshkdf 1203 ++ + #define SN_id_pkinit "id-pkinit" + #define NID_id_pkinit 1031 + #define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L +diff --git a/test/recipes/30-test_evp_data/evpkdf.txt b/test/recipes/30-test_evp_data/evpkdf.txt +index 285c4311a6..7f2dcd2291 100644 +--- a/test/recipes/30-test_evp_data/evpkdf.txt ++++ b/test/recipes/30-test_evp_data/evpkdf.txt +@@ -433,3 +433,4856 @@ Ctrl.iter = iter:1 + Ctrl.digest = digest:sha512 + Output = 00ef42cdbfc98d29db20976608e455567fdddf14 + ++Title = SSHKDF tests (from NIST CAVS 14.1 test vectors) ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 ++Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.type = type:A ++Output = e2f627c0b43f1ac1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 ++Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.type = type:B ++Output = 58471445f342b181 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 ++Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.type = type:C ++Output = 1ca9d310f86d51f6cb8e7007cb2b220d55c5281ce680b533 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 ++Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.type = type:D ++Output = 2c60df8603d34cc1dbb03c11f725a44b44008851c73d6844 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 ++Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.type = type:E ++Output = 472eb8a26166ae6aa8e06868e45c3b26e6eeed06 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 ++Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.type = type:F ++Output = e3e2fdb9d7bc21165a3dbe47e1eceb7764390bab ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208 ++Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626 ++Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a ++Ctrl.type = type:A ++Output = 55a1015757de84cb ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208 ++Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626 ++Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a ++Ctrl.type = type:B ++Output = 7e57f61d5735f4fb ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208 ++Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626 ++Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a ++Ctrl.type = type:C ++Output = dd1c24bde1af845e82207541e3e173aec822fb904a94ae3c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208 ++Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626 ++Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a ++Ctrl.type = type:D ++Output = cbbfdc9442af6db7f8c4dcaa4b0b5d0163e0e204476aa2a0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208 ++Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626 ++Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a ++Ctrl.type = type:E ++Output = e153e04886c0dc446dde9a9b3b13efb77151764d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208 ++Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626 ++Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a ++Ctrl.type = type:F ++Output = c8e4f61bd6b5abb2c6e06eca7b302349435e4842 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62 ++Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2 ++Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd ++Ctrl.type = type:A ++Output = 054eaf5d7dea31e7 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62 ++Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2 ++Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd ++Ctrl.type = type:B ++Output = 6ce586c127da010f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62 ++Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2 ++Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd ++Ctrl.type = type:C ++Output = 7907bf3d7c58ce72714b2adb1a14f156194b14378a4a7c49 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62 ++Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2 ++Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd ++Ctrl.type = type:D ++Output = c34757dc104e7b811f6550bbc3888e1d4297578fd88b2ca5 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62 ++Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2 ++Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd ++Ctrl.type = type:E ++Output = e463e05ef70e61f994ee3cd20d504cb6eddb9b1a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62 ++Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2 ++Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd ++Ctrl.type = type:F ++Output = 676cf1dfc887e122353eead2b1e644f9d9def944 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9 ++Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586 ++Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200 ++Ctrl.type = type:A ++Output = bc4b5164911bc87b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9 ++Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586 ++Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200 ++Ctrl.type = type:B ++Output = d791c5986b27257e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9 ++Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586 ++Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200 ++Ctrl.type = type:C ++Output = de8e99bb3f60ccf0583712528aa3dd0418fdb90d0a588012 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9 ++Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586 ++Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200 ++Ctrl.type = type:D ++Output = f37f75a685f1eaf4fd270b946d84734e96aa3b4ed130afc6 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9 ++Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586 ++Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200 ++Ctrl.type = type:E ++Output = 658f04b0f59aab071b9e11ec9ff187ee10e80254 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9 ++Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586 ++Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200 ++Ctrl.type = type:F ++Output = b030809222ff7a12b0df35072d67f314ab1d5eda ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff ++Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614 ++Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d ++Ctrl.type = type:A ++Output = 7a74ec799ef16865 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff ++Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614 ++Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d ++Ctrl.type = type:B ++Output = 6e544fc6db0ca1ba ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff ++Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614 ++Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d ++Ctrl.type = type:C ++Output = 658226b1b10b2033fa88838b619572b18e81e80c76507918 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff ++Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614 ++Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d ++Ctrl.type = type:D ++Output = 327298c8660685efcb01c5c0df49faebb15c0e93b0f6c65d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff ++Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614 ++Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d ++Ctrl.type = type:E ++Output = 6b618a10aeaa12c9a8d2bcb10e975605582c00e5 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff ++Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614 ++Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d ++Ctrl.type = type:F ++Output = 6d4ce50da9de90d6f746e812a2e74bcd921f5612 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3 ++Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f ++Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a ++Ctrl.type = type:A ++Output = b655839abcb1a7b8 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3 ++Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f ++Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a ++Ctrl.type = type:B ++Output = 98f9ec980831a8bc ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3 ++Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f ++Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a ++Ctrl.type = type:C ++Output = 31a63b64cfa8b6a12ba165096dad8d127cd3f3b67698b670 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3 ++Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f ++Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a ++Ctrl.type = type:D ++Output = 8bd79633967b92f0039a38a2d421e12840ea5c31b43c4e90 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3 ++Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f ++Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a ++Ctrl.type = type:E ++Output = 37eccade73b422d1108e390eaa28c646b554a721 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3 ++Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f ++Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a ++Ctrl.type = type:F ++Output = 013a20fc8f53ef08aae0a836b9410153a877983a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef ++Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023 ++Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114 ++Ctrl.type = type:A ++Output = 12f6c3ac60d6ee3b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef ++Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023 ++Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114 ++Ctrl.type = type:B ++Output = 536d106e00aec6fd ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef ++Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023 ++Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114 ++Ctrl.type = type:C ++Output = 26b8ec66854d0f0aa98f6888be628ebc75900c3738d47894 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef ++Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023 ++Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114 ++Ctrl.type = type:D ++Output = d5d3b3817214eeb3bf292dffc77daeab062ac7fcd2e3a2bd ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef ++Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023 ++Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114 ++Ctrl.type = type:E ++Output = 014613aef22194307bc0678f6edd1ccff240adfa ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef ++Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023 ++Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114 ++Ctrl.type = type:F ++Output = 5057b4cc2c300f7546d358a75daf58233b71da1a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983 ++Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639 ++Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606 ++Ctrl.type = type:A ++Output = d160f91f36027ff9 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983 ++Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639 ++Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606 ++Ctrl.type = type:B ++Output = 0d02ec310663bbcc ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983 ++Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639 ++Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606 ++Ctrl.type = type:C ++Output = 03b66f451ad93a01914dd3372d980bea3de94993e176ea01 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983 ++Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639 ++Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606 ++Ctrl.type = type:D ++Output = c2db767cbbdf2f839eb2f37ada87a041d220b9f58842d0db ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983 ++Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639 ++Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606 ++Ctrl.type = type:E ++Output = 0b2944c26dcf4cc877cdc55c4e9b1b8155e3874b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983 ++Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639 ++Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606 ++Ctrl.type = type:F ++Output = f7977d574c7d9e4f34ecd6b405c765963f0dfe57 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31 ++Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929 ++Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0 ++Ctrl.type = type:A ++Output = e4387818ab7f4fa6 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31 ++Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929 ++Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0 ++Ctrl.type = type:B ++Output = 1daabebcc8a064df ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31 ++Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929 ++Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0 ++Ctrl.type = type:C ++Output = 9fffad3aec53cd719c1d500850c2f38d8eea04606f78b402 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31 ++Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929 ++Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0 ++Ctrl.type = type:D ++Output = 6b196bce2aa2bd912ffd67a94fc42dec1051376f73ec3ce2 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31 ++Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929 ++Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0 ++Ctrl.type = type:E ++Output = beab583906e6bed005558c102a5b5fd6ee71485f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31 ++Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929 ++Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0 ++Ctrl.type = type:F ++Output = 105140594b5b9061de7ff2afac09bce81b75d6c6 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d ++Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70 ++Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c ++Ctrl.type = type:A ++Output = ef982c8fd0fd464f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d ++Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70 ++Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c ++Ctrl.type = type:B ++Output = 845ad3ba4d359326 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d ++Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70 ++Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c ++Ctrl.type = type:C ++Output = d9e516001b6b1a17268e507fa6e13f6bc9c3ded0020ef841 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d ++Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70 ++Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c ++Ctrl.type = type:D ++Output = d57d2f3c25b536442d8c7f36d62778d06fb6e7d4b5c7ab76 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d ++Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70 ++Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c ++Ctrl.type = type:E ++Output = f0b75425b271eb82645b1f1424b2a838dbcf6f98 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d ++Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70 ++Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c ++Ctrl.type = type:F ++Output = cdf59b2327588ffd18becfc0e5bb526014101401 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145 ++Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 ++Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 ++Ctrl.type = type:A ++Output = 79c9195e683ae10750960cb55c4d4c0b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145 ++Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 ++Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 ++Ctrl.type = type:B ++Output = ef00b448ab9fd6523bb5143a0a818750 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145 ++Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 ++Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 ++Ctrl.type = type:C ++Output = 51c8b4aaf5e42443be0aa3c50aa7e1dd ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145 ++Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 ++Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 ++Ctrl.type = type:D ++Output = 4153a587397fb14dc3faad028fdb7ecc ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145 ++Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 ++Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 ++Ctrl.type = type:E ++Output = d23e36347052a1cfb4a7789df48627e8a31345c7 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145 ++Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 ++Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03 ++Ctrl.type = type:F ++Output = c1286e92655912d923154c460702a31424bd6b01 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4 ++Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e ++Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4 ++Ctrl.type = type:A ++Output = 739ad52e454ba3457735b7c5304c6578 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4 ++Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e ++Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4 ++Ctrl.type = type:B ++Output = 3bd9f9d9f06aa521d2f53e40fc5d9f90 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4 ++Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e ++Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4 ++Ctrl.type = type:C ++Output = 335cd2813bebd3d5e1dda4c1e14c23de ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4 ++Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e ++Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4 ++Ctrl.type = type:D ++Output = fd25c5ae649645d8c0cfff0d4d8e7a47 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4 ++Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e ++Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4 ++Ctrl.type = type:E ++Output = 90e89773d04623553d4d298e6aa75781d8a6544b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4 ++Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e ++Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4 ++Ctrl.type = type:F ++Output = 86a3f05a5f844b23d787cccbda37a3d773a4d049 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde ++Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4 ++Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e ++Ctrl.type = type:A ++Output = d2d06d589e6e696556e3d44d7d05decb ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde ++Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4 ++Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e ++Ctrl.type = type:B ++Output = 14e3a886b715206e837b70fe7c02b941 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde ++Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4 ++Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e ++Ctrl.type = type:C ++Output = 98625cf9741819273a0d6852ca7ab592 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde ++Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4 ++Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e ++Ctrl.type = type:D ++Output = a7b273f04d537856015e06075c94c398 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde ++Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4 ++Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e ++Ctrl.type = type:E ++Output = 3e1afa980d05ec30e9a55331ac301c10305999e2 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde ++Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4 ++Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e ++Ctrl.type = type:F ++Output = b993c4254669c7a51ed713ddaf7174fd5296fe57 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474 ++Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1 ++Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d ++Ctrl.type = type:A ++Output = d9c0ed6b7fbf066d4f3cff7d2585ef5b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474 ++Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1 ++Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d ++Ctrl.type = type:B ++Output = da13833aa2c086e5d76595132f4e5fc6 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474 ++Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1 ++Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d ++Ctrl.type = type:C ++Output = 9e27400587b646397a7655be0e5763ec ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474 ++Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1 ++Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d ++Ctrl.type = type:D ++Output = 91b95d5cce7f2aec14776f49f652a305 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474 ++Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1 ++Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d ++Ctrl.type = type:E ++Output = a97dc9a99e37c983a4922cd2ecdfa394b71141ce ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474 ++Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1 ++Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d ++Ctrl.type = type:F ++Output = 173d846f9790c742ca86af4bff5f965c6088a05b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344 ++Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97 ++Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a ++Ctrl.type = type:A ++Output = 6fa496847cda7367cb32b8be9aae3f85 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344 ++Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97 ++Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a ++Ctrl.type = type:B ++Output = 702ac8636520b7c6169ddc660781de9f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344 ++Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97 ++Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a ++Ctrl.type = type:C ++Output = 6ffd703180af7c2207d5fa9e467272e3 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344 ++Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97 ++Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a ++Ctrl.type = type:D ++Output = 7ae5281e377f230dcc9854cf995f663d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344 ++Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97 ++Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a ++Ctrl.type = type:E ++Output = fbcb152df7a3f12a8f174f9ca31bb31b124ae3c2 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344 ++Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97 ++Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a ++Ctrl.type = type:F ++Output = 3f0c57fbccfb7306cff23bdaf69d70a8a394b34b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f ++Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b ++Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc ++Ctrl.type = type:A ++Output = 7e37ea52156fad1903709e1d3229721f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f ++Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b ++Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc ++Ctrl.type = type:B ++Output = c15569583de413e08293bf1689a9afe8 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f ++Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b ++Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc ++Ctrl.type = type:C ++Output = 0c85227539f5e328c64172280759d9bf ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f ++Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b ++Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc ++Ctrl.type = type:D ++Output = 3dbc42d9e7128e861b87781546cedc8e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f ++Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b ++Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc ++Ctrl.type = type:E ++Output = 1ec0d15e38ea1b48da963837dbf30cef855a92c7 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f ++Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b ++Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc ++Ctrl.type = type:F ++Output = eea8ea042a079fcf8416a8b244fafab35adeca8a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858 ++Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606 ++Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a ++Ctrl.type = type:A ++Output = f2faef6e274814ed7ca544484ac21a3a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858 ++Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606 ++Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a ++Ctrl.type = type:B ++Output = 3ca9bc0f3c65c257fa160a4d1c5e3520 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858 ++Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606 ++Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a ++Ctrl.type = type:C ++Output = fcdf0545b51aca6515bccf6ed0ecb582 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858 ++Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606 ++Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a ++Ctrl.type = type:D ++Output = 86ea895a310c3bbd1aac209b2362d58a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858 ++Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606 ++Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a ++Ctrl.type = type:E ++Output = 12a4f2b749e2bf88c1f8437e5ff61de761fd48b3 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858 ++Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606 ++Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a ++Ctrl.type = type:F ++Output = a3a9276a120db379ec780e434879a54935db954d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e ++Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5 ++Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56 ++Ctrl.type = type:A ++Output = e53f2f61d8919e097cb99627fe668385 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e ++Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5 ++Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56 ++Ctrl.type = type:B ++Output = cea80fd8dc06654ed80b0ec150835537 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e ++Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5 ++Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56 ++Ctrl.type = type:C ++Output = d5ba475e737bed349b8931ba38d426e9 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e ++Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5 ++Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56 ++Ctrl.type = type:D ++Output = f3ea92b4f365ab2fb8403ad8ecd2d17c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e ++Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5 ++Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56 ++Ctrl.type = type:E ++Output = 41fa718884738fd6fd9ee9fd5af05f0de9400952 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e ++Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5 ++Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56 ++Ctrl.type = type:F ++Output = 91395bbd90abb140d0984ed5e77836590bf44695 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1 ++Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a ++Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c ++Ctrl.type = type:A ++Output = 04d3c0a3f5e33ae373c637ef45897779 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1 ++Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a ++Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c ++Ctrl.type = type:B ++Output = c5a45bfbf6d7c14c5d3a953b4848e433 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1 ++Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a ++Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c ++Ctrl.type = type:C ++Output = 3a16d0da2f785e2c325b45109778910a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1 ++Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a ++Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c ++Ctrl.type = type:D ++Output = 902b38dd6c759945e671c1de7d99e918 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1 ++Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a ++Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c ++Ctrl.type = type:E ++Output = b573244de3127f6aa5457e792219dc89defaaecd ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1 ++Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a ++Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c ++Ctrl.type = type:F ++Output = 6cd221005dd1f0de4f472f48d15e61dcc2e91e99 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5 ++Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7 ++Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b ++Ctrl.type = type:A ++Output = 5f9deaf2ee4f05af0a8a813ef6bb9549 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5 ++Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7 ++Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b ++Ctrl.type = type:B ++Output = a2ea4b795f9c9de1d786d0c771df2b84 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5 ++Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7 ++Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b ++Ctrl.type = type:C ++Output = 13f828f8f1e5532a04f138681bc8259d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5 ++Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7 ++Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b ++Ctrl.type = type:D ++Output = 7231ce5fd725391e058cd78815f44625 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5 ++Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7 ++Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b ++Ctrl.type = type:E ++Output = 937b7e16ed0b2324203cdae904fc55cbe25067a1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5 ++Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7 ++Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b ++Ctrl.type = type:F ++Output = d7536b911dc79d5953455ba6e15cb5fec7c14025 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792 ++Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca ++Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca ++Ctrl.type = type:A ++Output = 9fff6c6a6d1f5c31 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792 ++Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca ++Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca ++Ctrl.type = type:B ++Output = 8e0ae78c64d2fe2a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792 ++Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca ++Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca ++Ctrl.type = type:C ++Output = 9044f963ffb56b94556a38aac5398a7072ffba60258500be ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792 ++Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca ++Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca ++Ctrl.type = type:D ++Output = a861a317ea42b050901aff367b5a1d0abd5c497c77311ba2 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792 ++Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca ++Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca ++Ctrl.type = type:E ++Output = 43225d64b6da6f070925ad1c8b7ac88893f9a7cba0dfc55ddea42eec ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792 ++Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca ++Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca ++Ctrl.type = type:F ++Output = eb31db29bbafca2773f815fa478d927943288588e371ae9ba0414d98 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f ++Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d ++Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8 ++Ctrl.type = type:A ++Output = bf2d6e03ba930c71 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f ++Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d ++Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8 ++Ctrl.type = type:B ++Output = ff14fadc19a0bd8a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f ++Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d ++Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8 ++Ctrl.type = type:C ++Output = 34a70734eaebeb8608cbb91098fa13326f37ccc5d408584d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f ++Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d ++Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8 ++Ctrl.type = type:D ++Output = f993da8f2e840b836c8980fa2d780a1b4eeef77046988eed ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f ++Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d ++Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8 ++Ctrl.type = type:E ++Output = a274441c86dd146cfab25d87344bd5a880d374d300aa8e1fe4919378 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f ++Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d ++Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8 ++Ctrl.type = type:F ++Output = 7774dc48324cca24901bedc37224cb291d6202fb6b5e1d9315a9bd10 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e ++Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8 ++Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b ++Ctrl.type = type:A ++Output = 75bc82b271311f53 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e ++Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8 ++Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b ++Ctrl.type = type:B ++Output = 602d69e77b8c30b3 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e ++Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8 ++Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b ++Ctrl.type = type:C ++Output = e0c8856a26b2f4804e98809d5b81cdb360b43884a33d4fef ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e ++Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8 ++Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b ++Ctrl.type = type:D ++Output = e661555415bcab0b1f2d4b4387cda213cdd93f8458a2ace4 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e ++Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8 ++Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b ++Ctrl.type = type:E ++Output = a368f66127573c79e2d936032f75c3d11c0131455eb9b6c5384582de ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e ++Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8 ++Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b ++Ctrl.type = type:F ++Output = 779f09f514bdf7ed4a01788f10146367ce2ddf2aacebb961524c002a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e ++Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b ++Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95 ++Ctrl.type = type:A ++Output = 386bc0b99215c8fa ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e ++Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b ++Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95 ++Ctrl.type = type:B ++Output = c793dba9a68f70a4 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e ++Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b ++Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95 ++Ctrl.type = type:C ++Output = 3dcaea7c946c2de76811482556299aa9bf96c8eef11fb2d6 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e ++Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b ++Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95 ++Ctrl.type = type:D ++Output = fd078ef65922006809729f9533c8742e9f973f7ff37ba987 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e ++Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b ++Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95 ++Ctrl.type = type:E ++Output = 83a1924fa5f7ceffeba7f519ac51a86a2746a93eb194db51a4596ca1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e ++Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b ++Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95 ++Ctrl.type = type:F ++Output = e16507d1bbd53b41f9bb2f0f21b5112eb6cd1eb0489fb5e754212390 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5 ++Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b ++Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7 ++Ctrl.type = type:A ++Output = 0e764ebe0d523aae ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5 ++Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b ++Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7 ++Ctrl.type = type:B ++Output = 24bd2eff86c2a8dc ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5 ++Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b ++Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7 ++Ctrl.type = type:C ++Output = 26c01e3d56c1b928f65aaa1b6a15f5b8d41de187b4bb5fdc ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5 ++Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b ++Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7 ++Ctrl.type = type:D ++Output = e0cc3bdb6d69d10893eeb73b892d746acea151f24247fd9c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5 ++Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b ++Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7 ++Ctrl.type = type:E ++Output = bf442ba6ec794f20584528686cedbaa568c13b895f642fe5cb3542bb ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5 ++Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b ++Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7 ++Ctrl.type = type:F ++Output = 65ab453e5ffd1b5e1540aa547766d7c177204c319642f93059bdf257 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0 ++Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6 ++Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff ++Ctrl.type = type:A ++Output = 45799bbb09fd8804 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0 ++Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6 ++Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff ++Ctrl.type = type:B ++Output = b787b009f3313be0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0 ++Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6 ++Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff ++Ctrl.type = type:C ++Output = c4cbb547c997e8fddb9e56ef5df91327766668a43a958a8e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0 ++Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6 ++Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff ++Ctrl.type = type:D ++Output = b55b7cca0a0363b84b40b79366b87db7c440dec5bf89e952 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0 ++Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6 ++Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff ++Ctrl.type = type:E ++Output = 9c6399e5f4db0fc7652268d7423230ee5ffc0a210c26568dc5c0ab7d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0 ++Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6 ++Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff ++Ctrl.type = type:F ++Output = 9824301c33daae0f1b75eb472d6f0b4ef2cea0b2f61e204b6aefb0bd ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e ++Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df ++Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970 ++Ctrl.type = type:A ++Output = 2958928e5fd3c6e4 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e ++Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df ++Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970 ++Ctrl.type = type:B ++Output = aa91bee1a3b3374c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e ++Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df ++Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970 ++Ctrl.type = type:C ++Output = 6fdac559eb1d6af7fc7fbaa4f9a15fd4145b97b9418518d9 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e ++Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df ++Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970 ++Ctrl.type = type:D ++Output = 5a8271402756f7eac59f09b5020f7b05f6475fc3a2e2b482 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e ++Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df ++Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970 ++Ctrl.type = type:E ++Output = 910de4a4a437cab056f7c38037f0196c524464237c5e332e79564a90 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e ++Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df ++Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970 ++Ctrl.type = type:F ++Output = 0bfa6ed5dc8ab0fc1bb9feb966d7107137ebf3f754ac71c2a16a9c22 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c ++Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5 ++Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545 ++Ctrl.type = type:A ++Output = 82204d79e13252f1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c ++Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5 ++Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545 ++Ctrl.type = type:B ++Output = a76ff923488c7bd3 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c ++Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5 ++Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545 ++Ctrl.type = type:C ++Output = 8ba3bd224890bdd4dd07d2a5a98e5efcd95d82c66583d098 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c ++Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5 ++Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545 ++Ctrl.type = type:D ++Output = a04a3844933ca1bb45848bc1a7626e4c50dc46aa5376d027 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c ++Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5 ++Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545 ++Ctrl.type = type:E ++Output = 393f2f152d6c6d063f284cadd1fd9d700928188b7fea31f74b44fbc6 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c ++Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5 ++Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545 ++Ctrl.type = type:F ++Output = f27f2cd72b22e1719f91b912d6c9d180985121d32bd217e348cd2003 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6 ++Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467 ++Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262 ++Ctrl.type = type:A ++Output = f843e3c6a1621998 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6 ++Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467 ++Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262 ++Ctrl.type = type:B ++Output = 128b2d8968cfaad5 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6 ++Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467 ++Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262 ++Ctrl.type = type:C ++Output = d6c4d2685753580dea2c6a6eb6add592011356eb9e868d44 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6 ++Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467 ++Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262 ++Ctrl.type = type:D ++Output = 92af60f4858f3d14efaac039130389ab9ae1237f0da09a29 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6 ++Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467 ++Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262 ++Ctrl.type = type:E ++Output = a37af93c8f25e145def1c5397bec2ee2119cc0e0bd4854fe23b2e3d1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6 ++Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467 ++Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262 ++Ctrl.type = type:F ++Output = d44def5fcec300da5913ca109c0fd7a2c2cbcedd2c3e3216c5cb0d95 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a ++Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217 ++Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e ++Ctrl.type = type:A ++Output = 4276fab65090b420 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a ++Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217 ++Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e ++Ctrl.type = type:B ++Output = 00303ca4f9a5a6f8 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a ++Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217 ++Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e ++Ctrl.type = type:C ++Output = 3d67892281e9c6ed6535d7ae69e832f6723afd545763bd3d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a ++Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217 ++Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e ++Ctrl.type = type:D ++Output = 5a5844e6c47eacc172e0012044037668a653758b96310350 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a ++Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217 ++Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e ++Ctrl.type = type:E ++Output = 4783fb6e98db788f6594c2b82e751528590c41780adce2ffba234290 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a ++Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217 ++Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e ++Ctrl.type = type:F ++Output = 7c60752b0b5a0f0027507ecd88e6af2b78e462a98459bf0511152663 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36 ++Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 ++Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 ++Ctrl.type = type:A ++Output = 2512664639690af9f64afd16d9ccf3d3 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36 ++Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 ++Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 ++Ctrl.type = type:B ++Output = c13223796f394c6d1ffd18c22c09f27a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36 ++Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 ++Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 ++Ctrl.type = type:C ++Output = 7be659a7cbeda28722315d96444a5c98 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36 ++Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 ++Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 ++Ctrl.type = type:D ++Output = bdfbd698c518aa45c35d7afd7bd91150 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36 ++Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 ++Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 ++Ctrl.type = type:E ++Output = dd38b79b081713ac3007ffd88d5cd67f43fbb36c983e0fc1cd273d84 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36 ++Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 ++Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701 ++Ctrl.type = type:F ++Output = edf713ecfb21b9e9c2d9d04c882d5ded433dcf459ff5b0fe7cd45bb1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3 ++Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc ++Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e ++Ctrl.type = type:A ++Output = f3064d3f3ed09eefd34731a2c60c1a80 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3 ++Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc ++Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e ++Ctrl.type = type:B ++Output = 1f7f508d9c4cf1004a220f26e0e6c184 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3 ++Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc ++Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e ++Ctrl.type = type:C ++Output = 2ad48a77fa12fcb5d3d3e98d5bb87d76 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3 ++Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc ++Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e ++Ctrl.type = type:D ++Output = 0433db7fd40d9d0dc9df6e9eed8059e4 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3 ++Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc ++Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e ++Ctrl.type = type:E ++Output = b07884f15910c6a083143ef9bda115d05c9e4c4057c1987c4f78a1b6 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3 ++Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc ++Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e ++Ctrl.type = type:F ++Output = f838da7b26311dbd529f742d901709229482cea9d7ac9f0c2cd14200 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56 ++Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690 ++Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53 ++Ctrl.type = type:A ++Output = d8c60bf582892d2cd03956774614b9f1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56 ++Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690 ++Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53 ++Ctrl.type = type:B ++Output = bac1bef6d6dd92de55bc174c9db77a54 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56 ++Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690 ++Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53 ++Ctrl.type = type:C ++Output = bdf96d88d7ac4f0daa62d29948a5c891 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56 ++Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690 ++Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53 ++Ctrl.type = type:D ++Output = ef0dbe568b4f3fbcb8b2665ed7ed0f8d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56 ++Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690 ++Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53 ++Ctrl.type = type:E ++Output = 315d50a1b29f9d556c983432b98bf437893c1a892cf69880353d9797 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56 ++Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690 ++Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53 ++Ctrl.type = type:F ++Output = 612e3ac6651f9c7d99c532da0820f079292d9b33d36b684198665f5e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b ++Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a ++Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f ++Ctrl.type = type:A ++Output = e0d36ac1de6cc8514d25ff824bfaaa37 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b ++Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a ++Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f ++Ctrl.type = type:B ++Output = 58c896b4d1a9507e7da2234a1a538d78 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b ++Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a ++Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f ++Ctrl.type = type:C ++Output = 5966df5cb582234585b4c4312318f829 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b ++Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a ++Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f ++Ctrl.type = type:D ++Output = 40d8bdab78c9dac2b2d14d1c8bd41405 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b ++Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a ++Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f ++Ctrl.type = type:E ++Output = 1af4707570794ff6c718c817ccb9fca5edf22a3a8d493a861633fb7a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b ++Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a ++Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f ++Ctrl.type = type:F ++Output = 4e6edd5d86f0a3b92595fb2d4f0f9b0f0ed1e850c84014224270bcbc ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2 ++Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01 ++Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d ++Ctrl.type = type:A ++Output = d30b7efda77a1008d78487fb1c9df511 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2 ++Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01 ++Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d ++Ctrl.type = type:B ++Output = 498b3d9f14446a028d1aed8bc4748e34 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2 ++Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01 ++Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d ++Ctrl.type = type:C ++Output = f4909273c39ef8819b353cde80f57cc9 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2 ++Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01 ++Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d ++Ctrl.type = type:D ++Output = b31337a6ecd02f4beb9bf4af12ea4e11 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2 ++Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01 ++Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d ++Ctrl.type = type:E ++Output = 6f3da7bb4b64ad3e1171083a62eca5e755563e639594b848243760d8 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2 ++Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01 ++Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d ++Ctrl.type = type:F ++Output = e88506aa4a4ffa33675c4a296abf91e24450a496e56f8465e9a7525c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56 ++Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143 ++Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c ++Ctrl.type = type:A ++Output = c5cbb653102d99457c33c88921b5dbe4 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56 ++Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143 ++Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c ++Ctrl.type = type:B ++Output = dd9b1c786c7f739832629f7666e4e21e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56 ++Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143 ++Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c ++Ctrl.type = type:C ++Output = c33d08d706ffac1811f157526b08086f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56 ++Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143 ++Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c ++Ctrl.type = type:D ++Output = 5750b617b71a239d99fc412796f6d986 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56 ++Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143 ++Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c ++Ctrl.type = type:E ++Output = 4c2edee4688119e17723fede94d81c141cb2dd632dde5e223fcd12c2 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56 ++Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143 ++Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c ++Ctrl.type = type:F ++Output = b48103cd81397bed3bf618b2ef30a44ea806b0ad07aa098a8a33273e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de ++Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9 ++Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba ++Ctrl.type = type:A ++Output = c8bc1d232edd620e0282af630d596a6c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de ++Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9 ++Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba ++Ctrl.type = type:B ++Output = 6a90269aab1a3e3612eec97a45db11e1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de ++Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9 ++Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba ++Ctrl.type = type:C ++Output = ebb8a6227e789d33fa072355cb2851ac ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de ++Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9 ++Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba ++Ctrl.type = type:D ++Output = 9662ff73b11bd2978ffceb7545f6054e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de ++Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9 ++Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba ++Ctrl.type = type:E ++Output = 9eb35f9a8a6155b81b8dda117f5d631cc4eddea4b4912147513bc4ec ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de ++Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9 ++Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba ++Ctrl.type = type:F ++Output = 3e137e015973e21c37a8de81cc812683d506fc35699114b31c06797e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4 ++Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3 ++Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e ++Ctrl.type = type:A ++Output = cc22a730c15abf9628f749fac9d3f935 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4 ++Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3 ++Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e ++Ctrl.type = type:B ++Output = 188c477061a597384b1d1e417dc04f7d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4 ++Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3 ++Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e ++Ctrl.type = type:C ++Output = b309760dd9f0d65c6edcdee3a3457c33 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4 ++Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3 ++Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e ++Ctrl.type = type:D ++Output = 1b8674f603a78f16fb979d6db70f6795 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4 ++Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3 ++Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e ++Ctrl.type = type:E ++Output = d881ac0cf62ecff2eb7d3c8284cfd4b95e003c435f6a3121ab0c65b0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4 ++Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3 ++Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e ++Ctrl.type = type:F ++Output = 9a7560e7976c7fb0153fc94e51a7dead3b7f8954d1efa7ed6be77858 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36 ++Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd ++Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c ++Ctrl.type = type:A ++Output = b842e2900a8c1f7d7c3fa465d46142fa ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36 ++Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd ++Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c ++Ctrl.type = type:B ++Output = 5e96f771c176fafd18d4aa0bc07dc5d5 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36 ++Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd ++Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c ++Ctrl.type = type:C ++Output = fe5fca0a03e6f8ac95ba4e882c64fb8c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36 ++Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd ++Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c ++Ctrl.type = type:D ++Output = b952b4e6f2010ebdac7ee10adb90f9ef ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36 ++Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd ++Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c ++Ctrl.type = type:E ++Output = 819db930507c1f8e1617dc74e78de9f4abb02b7089d764cb20d14c56 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36 ++Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd ++Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c ++Ctrl.type = type:F ++Output = 79be1ec6ce722e98bca50a25bbca581318b6227c9fd346d67602958f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177 ++Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308 ++Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c ++Ctrl.type = type:A ++Output = 4d40be7041ac4c74d56d53855fead94f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177 ++Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308 ++Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c ++Ctrl.type = type:B ++Output = 501781a04c919226a9e2dd6d7a880568 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177 ++Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308 ++Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c ++Ctrl.type = type:C ++Output = fe183f0e31d4bf9ebc9364e19e422385 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177 ++Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308 ++Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c ++Ctrl.type = type:D ++Output = f12c0da703e5bedb2921a0e1795eb62f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177 ++Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308 ++Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c ++Ctrl.type = type:E ++Output = 1d34b1ae23af48c25db971fe0f95c2fdb4e269ca435b90e0e22ee720 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA224 ++Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177 ++Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308 ++Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c ++Ctrl.type = type:F ++Output = b77dce4e2211c8e2b4fba841ba45d7f136323999ed9a4d306fa411a8 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e ++Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 ++Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 ++Ctrl.type = type:A ++Output = 41ff2ead1683f1e6 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e ++Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 ++Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 ++Ctrl.type = type:B ++Output = e619ecfd9edb50cd ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e ++Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 ++Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 ++Ctrl.type = type:C ++Output = 4a6314d2f7511bf88fad39fb6892f3f218cafd530e72fe43 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e ++Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 ++Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 ++Ctrl.type = type:D ++Output = 084c15fb7f99c65ff134eeb407cee5d540c341dea45a42a5 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e ++Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 ++Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 ++Ctrl.type = type:E ++Output = 41ec5a94fecce7707ea156a6ad29239a891621adacbedb8be70675008d6f9274 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e ++Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 ++Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642 ++Ctrl.type = type:F ++Output = 47d3c20aba60981e47b30533623613ff1cacbcf1642fb4ad86ee712f2aed9af8 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f ++Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006 ++Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed ++Ctrl.type = type:A ++Output = 99bae6531508705f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f ++Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006 ++Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed ++Ctrl.type = type:B ++Output = f25786f02f199737 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f ++Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006 ++Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed ++Ctrl.type = type:C ++Output = 97621bf882266f905da78cf193fc31f642acbb60957c41b7 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f ++Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006 ++Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed ++Ctrl.type = type:D ++Output = ad98a86a2386280912efea50f790e800a7758f7dade5d77e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f ++Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006 ++Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed ++Ctrl.type = type:E ++Output = f92d052d3cdf34dfc69bc60a489c3a3553f4356596c191931d08fa20551273b3 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f ++Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006 ++Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed ++Ctrl.type = type:F ++Output = 147a771445123f846d8ae514d7ff9b3c93b2bceb7c7c9500942161b8e2d0110f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0 ++Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3 ++Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655 ++Ctrl.type = type:A ++Output = 93da642974d71e52 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0 ++Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3 ++Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655 ++Ctrl.type = type:B ++Output = df2035ad67457151 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0 ++Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3 ++Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655 ++Ctrl.type = type:C ++Output = 42067bb0535da6701232a0f39ac7f436535af346c4786af5 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0 ++Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3 ++Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655 ++Ctrl.type = type:D ++Output = 08a0181a6c373d39540409dafb1b4e2359bc249af33bcfe0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0 ++Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3 ++Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655 ++Ctrl.type = type:E ++Output = c043b5aece7cd2685c6dfb3788d7a562d6622d20f6d7e07b38aeb47c649dd99c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0 ++Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3 ++Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655 ++Ctrl.type = type:F ++Output = cbe67a93ac758d9f2a6ff580bad5a44bb1a1062c9e20d5c974decb7aa2b0faa0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c ++Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647 ++Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4 ++Ctrl.type = type:A ++Output = 320e807fab2b10f0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c ++Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647 ++Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4 ++Ctrl.type = type:B ++Output = 7b8f91be4dcd59b1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c ++Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647 ++Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4 ++Ctrl.type = type:C ++Output = dec6e67a94b3ddfcd32a24d6026c6951d00b6f4402d32c1a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c ++Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647 ++Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4 ++Ctrl.type = type:D ++Output = 2ef3cea4588ad928ac3e8874f3e1f613f2d50787495acc32 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c ++Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647 ++Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4 ++Ctrl.type = type:E ++Output = 72f93537328eebeec1b5ca88fedb41bf4d9c6279e4fe8d13c38da72a39739ed8 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c ++Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647 ++Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4 ++Ctrl.type = type:F ++Output = 55dcf2c322b9c94686edbf9314d7c93bd9651e2ebc64f1a299d7176577d65b32 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62 ++Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81 ++Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e ++Ctrl.type = type:A ++Output = f4dbc41aa23e1621 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62 ++Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81 ++Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e ++Ctrl.type = type:B ++Output = e53b40c511180817 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62 ++Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81 ++Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e ++Ctrl.type = type:C ++Output = 70fed9412989cf5de908ad429cb92065fd5ccc081477abba ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62 ++Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81 ++Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e ++Ctrl.type = type:D ++Output = 3afdb0b4b4bc13e8731bb92e541b7d82a0b20d8878ce184b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62 ++Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81 ++Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e ++Ctrl.type = type:E ++Output = 59937f257aeef0806038543ced541990e5c2243881818edf2c522a54b64e9e93 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62 ++Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81 ++Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e ++Ctrl.type = type:F ++Output = 187532105293274b841918e3ab51f5dd0453d4331e85f4e06b775dbce4979cdd ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2 ++Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864 ++Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323 ++Ctrl.type = type:A ++Output = 3cc220d5bb9b5346 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2 ++Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864 ++Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323 ++Ctrl.type = type:B ++Output = 051e3c79aede7e41 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2 ++Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864 ++Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323 ++Ctrl.type = type:C ++Output = 44c2b4725965ee9a2bce58d38e2e9a778263c415b21a25be ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2 ++Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864 ++Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323 ++Ctrl.type = type:D ++Output = d5de7a801956b934d820f9aa51bf1dae2a7aec7ce5ce4e50 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2 ++Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864 ++Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323 ++Ctrl.type = type:E ++Output = 7d2039a6505e3220535fde0ff71464f3971580f50711356760b225fc3053fc19 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2 ++Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864 ++Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323 ++Ctrl.type = type:F ++Output = b0972348a031ef2e87d42611e53cf0c4782d759ecdcc1390318eb11e1925ac35 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285 ++Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517 ++Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506 ++Ctrl.type = type:A ++Output = cdb047beecd92d84 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285 ++Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517 ++Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506 ++Ctrl.type = type:B ++Output = ef378e894d8f675e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285 ++Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517 ++Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506 ++Ctrl.type = type:C ++Output = 23ee42a437801e87348b3999bde76147a8731e318db57752 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285 ++Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517 ++Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506 ++Ctrl.type = type:D ++Output = a3f50e3d14498f15e1f111cc929648011d6abfb58e90df1c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285 ++Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517 ++Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506 ++Ctrl.type = type:E ++Output = fb6a020561e46e521344cb671a50175afd63ded91eedaa1b2879c3a63761674d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285 ++Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517 ++Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506 ++Ctrl.type = type:F ++Output = 567a79e7c4b10d62a420ce2ea740661c08d9459ed636ecb4edebcedb17b0baba ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96 ++Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df ++Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91 ++Ctrl.type = type:A ++Output = 1f9e7ad5592ac73d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96 ++Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df ++Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91 ++Ctrl.type = type:B ++Output = 15b254fe3510dd77 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96 ++Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df ++Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91 ++Ctrl.type = type:C ++Output = 88eadd5802e1a748284684438eb1b1bdc9b20ea30c59950d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96 ++Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df ++Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91 ++Ctrl.type = type:D ++Output = 277c2c4ad3d4a3bec4bdc5329bb5f9d4e39aa06b1e115e77 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96 ++Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df ++Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91 ++Ctrl.type = type:E ++Output = 090d2f273a690ed1d67dd9919c34385b18a661f8657b84bef6832f2396771979 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96 ++Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df ++Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91 ++Ctrl.type = type:F ++Output = 1f3082fa5ac8ec565595c4c5b8a7ddbba88ed4936fca913bba6a8715dc856f30 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6 ++Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1 ++Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2 ++Ctrl.type = type:A ++Output = 3aa08d67c81310b7 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6 ++Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1 ++Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2 ++Ctrl.type = type:B ++Output = cf46596878a17a87 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6 ++Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1 ++Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2 ++Ctrl.type = type:C ++Output = 871db438b8b33c2102ddab0c1f7be51ee4c2cbdf52a01a58 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6 ++Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1 ++Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2 ++Ctrl.type = type:D ++Output = 04ac13599b84c22be0f1e5f7b96def31598e6ad36be412e8 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6 ++Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1 ++Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2 ++Ctrl.type = type:E ++Output = f00c83a8afb5d1793749d4aae825b80e67ccd7f67e08f572222ccf42126ea2f0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6 ++Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1 ++Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2 ++Ctrl.type = type:F ++Output = df0570749d67136095b0dda6d461676b7eeb9a386f126306d436cab16dfd1b3c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071 ++Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f ++Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4 ++Ctrl.type = type:A ++Output = fad800cbf8975a01 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071 ++Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f ++Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4 ++Ctrl.type = type:B ++Output = 679a118bda1f15a9 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071 ++Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f ++Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4 ++Ctrl.type = type:C ++Output = 5193e9b3b10b7939b79b967b98e6cf3396758eaf8263edf2 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071 ++Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f ++Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4 ++Ctrl.type = type:D ++Output = 3f5de8bec6d737836d3a91480ac76c19d0a90bc146f02d5c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071 ++Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f ++Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4 ++Ctrl.type = type:E ++Output = ce7be4fffd0ffd09ff45889d10c7be0edf922422d01cb71b737c6149bb1a2d05 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071 ++Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f ++Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4 ++Ctrl.type = type:F ++Output = 60f413c9bcc42dcf0acc53d513dd8bc703f7e5d668f4e043f13028dcf40880b2 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222 ++Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d ++Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d ++Ctrl.type = type:A ++Output = 81f0330ef6f05361b3823bfded6e1de9 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222 ++Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d ++Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d ++Ctrl.type = type:B ++Output = 3f6fd2065eeb2b0b1d93195a1fed48a5 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222 ++Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d ++Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d ++Ctrl.type = type:C ++Output = c35471034e6fd6547613178e23435f21 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222 ++Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d ++Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d ++Ctrl.type = type:D ++Output = 7e9d79032090d99f98b015634dd9f462 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222 ++Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d ++Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d ++Ctrl.type = type:E ++Output = 24ee559ad7ce712b685d0b2271e443c17ab1d1dceb5a360569d25d5dc243002f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222 ++Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d ++Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d ++Ctrl.type = type:F ++Output = c3419c2b966235869d714ba5ac48ddb7d9e35c8c19aac73422337a373453607e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3 ++Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2 ++Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc ++Ctrl.type = type:A ++Output = 36730bae8de5cb98898d6b4a00b37058 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3 ++Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2 ++Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc ++Ctrl.type = type:B ++Output = 5dfe446a83f40e8358d28cb97df8f340 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3 ++Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2 ++Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc ++Ctrl.type = type:C ++Output = 495b7afed0872b761437728e9e94e2b8 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3 ++Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2 ++Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc ++Ctrl.type = type:D ++Output = c1474b3925bec36f0b7f6cc698e949c8 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3 ++Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2 ++Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc ++Ctrl.type = type:E ++Output = b730f8df6a0697645be261169486c32a11612229276cbac5d8b3669afb2e4262 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3 ++Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2 ++Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc ++Ctrl.type = type:F ++Output = 14a5ea98245fb058978b82a3cb092b1cca7ce0109a4f98c16e1529579d58b819 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc ++Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462 ++Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410 ++Ctrl.type = type:A ++Output = 32d20a3f5e92b20fe100f4f41a1ad53c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc ++Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462 ++Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410 ++Ctrl.type = type:B ++Output = c3a3ff57f99187ba011fd422100af577 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc ++Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462 ++Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410 ++Ctrl.type = type:C ++Output = 8517903c49d5a59ad8ef7cd8591c6b5e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc ++Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462 ++Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410 ++Ctrl.type = type:D ++Output = a5ad201101a617f1cd5b3a2baa3b27f7 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc ++Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462 ++Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410 ++Ctrl.type = type:E ++Output = 16747a23fddd72f785c5d61dfb81a5a38555f5d8ff1dc5ae4fb423b82adfe05b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc ++Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462 ++Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410 ++Ctrl.type = type:F ++Output = b1b1bba896b0fd75a90187eae6cdf744d23884caa5f4ca979ced327ca1239771 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528 ++Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20 ++Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d ++Ctrl.type = type:A ++Output = b5c636c93e002f1fac0b78eb423d92cf ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528 ++Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20 ++Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d ++Ctrl.type = type:B ++Output = 64d82bef35e924abf030fe42cda10e81 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528 ++Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20 ++Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d ++Ctrl.type = type:C ++Output = 76a1b8b85d0ea49c68f30d7448155901 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528 ++Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20 ++Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d ++Ctrl.type = type:D ++Output = f136e09324b1ef12b92bf35d5b3dd8e2 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528 ++Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20 ++Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d ++Ctrl.type = type:E ++Output = 77abc45165b126f9127d59fbe655140cd3f768cd0498c29aa69cb5d65f7b0d50 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528 ++Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20 ++Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d ++Ctrl.type = type:F ++Output = d43f93faf692f59bc96fd480fb336033c94ee237ceece69691ffaa64bdd7fcc1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7 ++Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0 ++Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228 ++Ctrl.type = type:A ++Output = 3b3c4416d3121a6838dd3f94a84b6ec6 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7 ++Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0 ++Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228 ++Ctrl.type = type:B ++Output = e0af22a9184e5cea74f3e90faf5212ba ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7 ++Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0 ++Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228 ++Ctrl.type = type:C ++Output = a3a7a9e48cc09a927e2d6eddd7647368 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7 ++Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0 ++Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228 ++Ctrl.type = type:D ++Output = b9411d2870e885e223a6b414ae6ac813 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7 ++Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0 ++Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228 ++Ctrl.type = type:E ++Output = 7f11812c28229fd8e39367b8885045313fea6322f22a69b6436caa4fb6c2d915 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7 ++Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0 ++Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228 ++Ctrl.type = type:F ++Output = 4fc39e2a1e7038f2664a48986e8227c213e577eafea082f46cb08d087e642fe4 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b ++Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23 ++Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725 ++Ctrl.type = type:A ++Output = b71bd280b230b6fb9b326a3544ab9c90 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b ++Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23 ++Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725 ++Ctrl.type = type:B ++Output = ca38c1b5940e1417fb8caa6ab6deaf18 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b ++Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23 ++Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725 ++Ctrl.type = type:C ++Output = 5d02347e16760101a3689bf0087ed947 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b ++Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23 ++Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725 ++Ctrl.type = type:D ++Output = 2fb5e0eb5552f7e26ad9651bd22f1666 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b ++Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23 ++Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725 ++Ctrl.type = type:E ++Output = b7b7c4292a73e7d378284b12b318e0cd3ad714904b4ef9c83d44ee06ff49b1e1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b ++Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23 ++Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725 ++Ctrl.type = type:F ++Output = c9884e71b158f2255fb204733e888bc5b2ee38a5493de9d0ef6700949159ac6a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc ++Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764 ++Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a ++Ctrl.type = type:A ++Output = 88af3bdb49bd8e9d24489efc95dea1c1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc ++Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764 ++Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a ++Ctrl.type = type:B ++Output = 5cf41e1d43f797c16a30e070f2f37dd4 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc ++Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764 ++Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a ++Ctrl.type = type:C ++Output = 7cc48e0f8b4bdd63f76e41ba411d7f37 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc ++Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764 ++Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a ++Ctrl.type = type:D ++Output = 37d942416267be06cd1ff9498dcf1e6e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc ++Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764 ++Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a ++Ctrl.type = type:E ++Output = c3c8b48e228a3a671ae8c48aa4e4f1fe32c1ad4d5ae48c904836d13e7350f72e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc ++Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764 ++Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a ++Ctrl.type = type:F ++Output = 605f7d3b3f28a8967402ba67ff916a61b0a4e9b736665c5e911fb33f60dc16fe ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2 ++Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943 ++Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46 ++Ctrl.type = type:A ++Output = 7b91adc6eb48a6f82a8990efd2537903 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2 ++Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943 ++Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46 ++Ctrl.type = type:B ++Output = 814c8fb54a535b38d4c2301aa49ad702 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2 ++Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943 ++Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46 ++Ctrl.type = type:C ++Output = 3ec64c8571c7c7f39a9f37c0e1053324 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2 ++Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943 ++Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46 ++Ctrl.type = type:D ++Output = 846d40dc45123f2710e27bd3140070c8 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2 ++Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943 ++Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46 ++Ctrl.type = type:E ++Output = c2199b9bd701c2f4ee82a145adc28f3e8fac0af8dd43cb7f3da173681bcad2e0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2 ++Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943 ++Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46 ++Ctrl.type = type:F ++Output = 49f5fb8862a4f01900f9f76d6146f181483428beadb000d4f5097adf59c5eb99 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad ++Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98 ++Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2 ++Ctrl.type = type:A ++Output = 50afb2f3b8a3bc466b3a68f04da0d56c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad ++Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98 ++Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2 ++Ctrl.type = type:B ++Output = b8672a8cc59ee1316fb9a2c0a82ffd73 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad ++Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98 ++Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2 ++Ctrl.type = type:C ++Output = d854cbdb8f7544b796f982e4973d4de9 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad ++Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98 ++Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2 ++Ctrl.type = type:D ++Output = bd6bde82c451ee39069d0794f7000f38 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad ++Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98 ++Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2 ++Ctrl.type = type:E ++Output = 270794ec70fcd9d742aad66c54001b4c218ae8cca813453560a9aeaacc6909ec ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad ++Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98 ++Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2 ++Ctrl.type = type:F ++Output = e967df7571a0eb82f59ddfead22c617beeefa25ce4afd80ac8320bc2635c70d0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235 ++Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2 ++Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9 ++Ctrl.type = type:A ++Output = ebb3d10f461d8697a064461822f34507 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235 ++Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2 ++Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9 ++Ctrl.type = type:B ++Output = bb95f9cbed695529fd7977281332100b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235 ++Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2 ++Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9 ++Ctrl.type = type:C ++Output = da1318a6a34224cc86c9afa41991db4b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235 ++Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2 ++Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9 ++Ctrl.type = type:D ++Output = 091f8fa87a01c5768de8d663ba8bf9d7 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235 ++Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2 ++Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9 ++Ctrl.type = type:E ++Output = cc09127a759000f3bd9724fbf5285cd680ee323ffc19cf2f495403f896587317 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA256 ++Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235 ++Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2 ++Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9 ++Ctrl.type = type:F ++Output = a3ceddafc49f7c0131ce2965945c3892be6605b465877bc0637685612ede242b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24 ++Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a ++Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a ++Ctrl.type = type:A ++Output = d31c16f67b17bc69 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24 ++Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a ++Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a ++Ctrl.type = type:B ++Output = 675340f27269e7ae ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24 ++Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a ++Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a ++Ctrl.type = type:C ++Output = 2ffed577a90d29872ea59f3782c3b406908d7394ff63c9d7 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24 ++Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a ++Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a ++Ctrl.type = type:D ++Output = fae751987c1fa8665e4387e410297db58ff69b260a8fe85f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24 ++Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a ++Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a ++Ctrl.type = type:E ++Output = ff2db5975edf3824325b257455791869434c6af47fb0c8145253c2695abfd2b8c980565ad20e6b9313ba44ee488bafb0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24 ++Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a ++Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a ++Ctrl.type = type:F ++Output = 85a9463cd653c7619d4dc85006406d6ed3364220419ca13810301be0f0389d932ddeaebb0e504a0849e2e73a7d087db2 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b ++Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e ++Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563 ++Ctrl.type = type:A ++Output = 93323451441b761f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b ++Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e ++Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563 ++Ctrl.type = type:B ++Output = 3dbfdc2364807ecc ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b ++Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e ++Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563 ++Ctrl.type = type:C ++Output = c699e3488f825fb24c5e2adc699ec83a5d8fce339fa0e9b0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b ++Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e ++Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563 ++Ctrl.type = type:D ++Output = a250b13da0716f2d4440cc4cac01a2d591002ebfaada9758 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b ++Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e ++Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563 ++Ctrl.type = type:E ++Output = 76966a1b7d5f250eea3696077a373b9421e8294dd7cb0aedd172cf9c6879ef34c9deb9c208f11c5d4b6fd713b576894d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b ++Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e ++Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563 ++Ctrl.type = type:F ++Output = 28a66e21fe7f8a070fe40ecf68a64f2a35a46b84ac38810902639906611053832179d5c07a8422993496059af67f585f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a ++Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411 ++Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1 ++Ctrl.type = type:A ++Output = b0db344b1e2e98d3 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a ++Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411 ++Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1 ++Ctrl.type = type:B ++Output = 29fcd6a7d317f527 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a ++Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411 ++Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1 ++Ctrl.type = type:C ++Output = 156f9d4c58d7783959e785af3fefb133662009b93891bff7 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a ++Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411 ++Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1 ++Ctrl.type = type:D ++Output = c4bc4471e2c7f04dbef9100977e222f4156a7118a122f6cd ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a ++Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411 ++Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1 ++Ctrl.type = type:E ++Output = 5878fdbf693638430e31b287ad8cfab560d952d7a828167bd0454e0c8aa14274c7c0c1921a31575f77fd80144e6d2999 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a ++Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411 ++Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1 ++Ctrl.type = type:F ++Output = 1fdb34ae9d2f12363350dd5aeefe728066500a083668ac2d48af671d7651a67acdf9b7a0581b922e67278d53f0b2fb17 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39 ++Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917 ++Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e ++Ctrl.type = type:A ++Output = c828150149eb433a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39 ++Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917 ++Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e ++Ctrl.type = type:B ++Output = 45636e088875de58 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39 ++Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917 ++Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e ++Ctrl.type = type:C ++Output = 75da9408e65f61dac9dafa496675214b0d84b0e66feb68fe ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39 ++Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917 ++Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e ++Ctrl.type = type:D ++Output = cb7897fdeb2c235be5812d1959cb55907ff02a9cf6c76c17 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39 ++Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917 ++Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e ++Ctrl.type = type:E ++Output = 13a8062561c28c1bc678a019b22da95aa462f82cfff6268876ffe2fddc86536fa4d19bdc15d90c1cff4d37e69f1fc021 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39 ++Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917 ++Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e ++Ctrl.type = type:F ++Output = 69437ec44d764caeb89faebf7b8577b433677abcb0c58f166a5e5724a4eb293d335004d412c983d4c7aca4df1b8328fd ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100 ++Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b ++Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a ++Ctrl.type = type:A ++Output = b669e05aa9706468 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100 ++Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b ++Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a ++Ctrl.type = type:B ++Output = 57f943111ca01b15 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100 ++Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b ++Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a ++Ctrl.type = type:C ++Output = e9aa354b6b85f357d6f982fcc18a6ca797bd7a125e786f8a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100 ++Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b ++Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a ++Ctrl.type = type:D ++Output = 199d2b244689bfc4f807f225a7130a069c8a181f5b20d32a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100 ++Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b ++Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a ++Ctrl.type = type:E ++Output = 69b55cc82d0429979a3832a3be35483596ff1d26a0c1a62944695764f0eb85c3467528be225db2f516e79f23c0c7c23c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100 ++Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b ++Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a ++Ctrl.type = type:F ++Output = 6e06df643269751dfc9c8decefe466e1ab2ab99466661aa6f0dfab223c3b9bebcaed4c19cbc4109dfacda81cc8f902eb ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3 ++Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037 ++Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b ++Ctrl.type = type:A ++Output = b2ada53484907db5 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3 ++Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037 ++Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b ++Ctrl.type = type:B ++Output = 89224486fcb33030 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3 ++Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037 ++Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b ++Ctrl.type = type:C ++Output = 38ccc00303d5aaf748f3c11d986b99f9bf36049a6f7ea92f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3 ++Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037 ++Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b ++Ctrl.type = type:D ++Output = f8a7a4b2e1d28c6a38e120a2cb876ed49f454ea2aabc3a99 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3 ++Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037 ++Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b ++Ctrl.type = type:E ++Output = 9f42ab15d0b041019960ff6a5a12e209c427dc334434126399fb8850ec8feda957b74f1976b4c8a97906d7d64c5c2a83 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3 ++Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037 ++Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b ++Ctrl.type = type:F ++Output = d383bedd3b80ddc470db9b819893e85dfab9e359e40bc77576e23ed8c5e73beecefb511ccdf1eb66416c271be5f90199 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622 ++Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372 ++Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752 ++Ctrl.type = type:A ++Output = bac9e6c9553bba95 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622 ++Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372 ++Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752 ++Ctrl.type = type:B ++Output = f29bdc017028a9ca ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622 ++Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372 ++Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752 ++Ctrl.type = type:C ++Output = 840f7e966d633f57bf6cfb3e6aa6bb1435bbea5822c9db0c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622 ++Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372 ++Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752 ++Ctrl.type = type:D ++Output = f78b485e49bf72584e45de78fbd75392e3e0b1ce2a57e7a3 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622 ++Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372 ++Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752 ++Ctrl.type = type:E ++Output = 9dcadff513667aee5e2fda86c4a198db4252a9311635d3659db957570e448f3689444dd3e10d6097a07dba923db349ba ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622 ++Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372 ++Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752 ++Ctrl.type = type:F ++Output = 5e7915ea90a0d81e3c2ada00c85890b6defbb64f45ac4f0e75b22cf6187978e630f356207c97362862389a1ef99fb51a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd ++Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e ++Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35 ++Ctrl.type = type:A ++Output = 11811427eaa92d61 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd ++Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e ++Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35 ++Ctrl.type = type:B ++Output = c13f22e0bd66a551 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd ++Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e ++Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35 ++Ctrl.type = type:C ++Output = 2b9c9c8ecae95d75472495363ca2d46dc79babdb2e0fda40 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd ++Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e ++Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35 ++Ctrl.type = type:D ++Output = f466d9b9871c1482c699a5d9f8636a041adb60920c6af855 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd ++Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e ++Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35 ++Ctrl.type = type:E ++Output = 1ecda0252461bd08960c54ba7c570e80715780e5e99ca0f754a3d451409ed2df928daab91ed6b4044fcc68bd5f907c96 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd ++Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e ++Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35 ++Ctrl.type = type:F ++Output = 202e4e3dda18306c7fa518ea849cf3a4788dbc5305f71267ba69fe8920d3b18d9fc59853a4d03b18480269698e24c190 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776 ++Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60 ++Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896 ++Ctrl.type = type:A ++Output = 86183fd862bf42af ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776 ++Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60 ++Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896 ++Ctrl.type = type:B ++Output = 04e146b085c71253 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776 ++Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60 ++Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896 ++Ctrl.type = type:C ++Output = c4364d4e0e38fe4c5fc2b2a3ad42e49a57106ffa962f4c5e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776 ++Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60 ++Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896 ++Ctrl.type = type:D ++Output = b9d1549032bf336c8708f13d8f5d281d696b8bddc296e709 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776 ++Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60 ++Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896 ++Ctrl.type = type:E ++Output = c7ee72c40b26fce673ff23edea3265dfeb7b7f6fd66362bbc91548fac1819a08682c65c7d69d5e54e1c48b05e7233adc ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776 ++Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60 ++Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896 ++Ctrl.type = type:F ++Output = 8b52078a6d45dfaa051193da8f9c8a18bfd0c058e7be145d0c4b5b677eec54a01f9e2a20c997e9c0a1ede9576800cfe5 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0 ++Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83 ++Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7 ++Ctrl.type = type:A ++Output = 54f4be4a33dfa102 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0 ++Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83 ++Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7 ++Ctrl.type = type:B ++Output = bbb084483803aab4 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0 ++Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83 ++Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7 ++Ctrl.type = type:C ++Output = 466a038b3a5c0d72cf19cf33e5a551437933dad54bfed655 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0 ++Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83 ++Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7 ++Ctrl.type = type:D ++Output = 44e09698e473edc642256e99bfbfbeab1db3e254d64a3ab7 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0 ++Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83 ++Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7 ++Ctrl.type = type:E ++Output = 8e35d767e738c4282ec1925ba5d59dad723b7220c10ae8b69c9eb3da124ac1bea8195f5ecc1c3b03953938cd1e0e190b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0 ++Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83 ++Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7 ++Ctrl.type = type:F ++Output = 63e5c62c4e6f2700bfa5927ca2e730101c12a684808ddd6cf5f9da2bad3b49ba3d05d4f88a3a91f341ad2b63952e7db0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a ++Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e ++Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e ++Ctrl.type = type:A ++Output = e46fdb8c912658c34b7d509f6acc1111 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a ++Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e ++Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e ++Ctrl.type = type:B ++Output = 959c339aaff2e2ed46da46c5286ddf3b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a ++Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e ++Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e ++Ctrl.type = type:C ++Output = a1cb0f9c7349d6443494df14b4bd9aad ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a ++Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e ++Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e ++Ctrl.type = type:D ++Output = cdcd2c2ccbda238e184058b76757ed5d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a ++Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e ++Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e ++Ctrl.type = type:E ++Output = 026ae927b4a5b63a513c02faac55534dae5c219779f08e239f67df78c52be743aab628607e5a103127450ea51833eb84 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a ++Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e ++Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e ++Ctrl.type = type:F ++Output = 759fd6bd386f4825e644521edfce4187a7104ea7380f2c6c5e283f205c7c025be46c5ee73bc54a956f268c2031026bf6 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db ++Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134 ++Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422 ++Ctrl.type = type:A ++Output = a433ac21ceda36a9d98abec722b2a5e7 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db ++Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134 ++Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422 ++Ctrl.type = type:B ++Output = ed580c2c7890d5f3da87870d71d96300 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db ++Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134 ++Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422 ++Ctrl.type = type:C ++Output = b310304108476a31154febce2bfcf44e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db ++Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134 ++Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422 ++Ctrl.type = type:D ++Output = 63d729b0e32d9d7efe7efdc6111489b7 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db ++Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134 ++Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422 ++Ctrl.type = type:E ++Output = 7443a278e0c47e4004ba1c534dfa5c460670d2dd4459a6dc7251664da187f633208f6c06470f6aed6148820187f35a25 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db ++Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134 ++Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422 ++Ctrl.type = type:F ++Output = 37500b699935ab38b9185018d3676f221dcd6643ba4cf3dccf8ede7ba2f0513c27ad2324158ae98df4e7fb52ffb96526 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e ++Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a ++Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd ++Ctrl.type = type:A ++Output = 8ad38b03467ef0cac638f93b156e1c05 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e ++Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a ++Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd ++Ctrl.type = type:B ++Output = c9a867164cad7619621c2390039db88f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e ++Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a ++Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd ++Ctrl.type = type:C ++Output = 28d6e6a69e686b3b2ca02c7595b6a565 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e ++Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a ++Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd ++Ctrl.type = type:D ++Output = a3486f9014731b15530dba7498d4b2ff ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e ++Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a ++Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd ++Ctrl.type = type:E ++Output = 9640b7d6c1351a44dcd430f9728083949adbd8f3c47f1c7358b41d99730f0eeef9f8634cc99207b8d998c8aeb0085e4c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e ++Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a ++Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd ++Ctrl.type = type:F ++Output = cef923f7cbc47534d9a6da613eea02117b19800995f66df9e49291203ad15e5d29cc08df86200bf09ca091b37cc45432 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b ++Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99 ++Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2 ++Ctrl.type = type:A ++Output = 1e2fd838058e4569de0699e57eb9bb30 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b ++Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99 ++Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2 ++Ctrl.type = type:B ++Output = d338052b2288e99bfdd16b5df26e3d3c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b ++Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99 ++Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2 ++Ctrl.type = type:C ++Output = 020c58037db045fc2a20a9b12e34205d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b ++Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99 ++Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2 ++Ctrl.type = type:D ++Output = b1e7b4361aaea7f9656151723c21b9a2 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b ++Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99 ++Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2 ++Ctrl.type = type:E ++Output = 67d80666ba420d07153530859fed5a3a2f4b6decd37575714d4826f41a96a1638b89399cdd752af7f6ffd3db0214f0c1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b ++Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99 ++Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2 ++Ctrl.type = type:F ++Output = c3fb2ab670e39885cbb98a4609d69a90afd37d383512ad222d63c9c6f1009e2a42065a232ab5b39f55247f8bf9e6ab2c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94 ++Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8 ++Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03 ++Ctrl.type = type:A ++Output = 6e9bb7681d56457fd93aea6d40860dd9 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94 ++Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8 ++Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03 ++Ctrl.type = type:B ++Output = 5d19ce6c6b16c5f2179753a7abdff3e4 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94 ++Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8 ++Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03 ++Ctrl.type = type:C ++Output = c550416e8ea0608a09051cfffe0494e7 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94 ++Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8 ++Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03 ++Ctrl.type = type:D ++Output = 33c9f3f03de395cef067684cb5b95200 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94 ++Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8 ++Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03 ++Ctrl.type = type:E ++Output = 99071b0615bdec08d040e731828028fac9a16d367b86d2d1302b607cd39ac9678ae7f9f87eb619fe2ba75d54da3b07d1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94 ++Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8 ++Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03 ++Ctrl.type = type:F ++Output = a11fc539c46d9314645e1f7517e19794a6ba4bf7d7d5a6f71bcb4621bfdedeae3bbcaa62fb638d994d1f21d14f5777d7 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df ++Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044 ++Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063 ++Ctrl.type = type:A ++Output = 876692595fbf1239e03b1eb28890cedf ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df ++Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044 ++Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063 ++Ctrl.type = type:B ++Output = 438afd7eae8454675ed5964122fcbb9e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df ++Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044 ++Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063 ++Ctrl.type = type:C ++Output = b9cc0e2718c5853e0aebb43409fcaaef ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df ++Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044 ++Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063 ++Ctrl.type = type:D ++Output = 8def9f93e633ac2d28a7c5b76567a4cb ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df ++Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044 ++Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063 ++Ctrl.type = type:E ++Output = 3d80ed20f0703857154bda8531b12b96cf73aedfc662df6faf277321be6e38c904bfbd5f9206607684ac331dfc92bbbb ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df ++Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044 ++Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063 ++Ctrl.type = type:F ++Output = 736e77ad5a8fac835795ab08522d834e34a4cbc48439db2845cb1d8636a4dcfd49a7ac5413713a8177c277eead96a0ff ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91 ++Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9 ++Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393 ++Ctrl.type = type:A ++Output = c84a4fcd4ade28805b032174428a6f27 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91 ++Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9 ++Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393 ++Ctrl.type = type:B ++Output = 27b0de69f3bc7d79d2f6b54101f3e10f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91 ++Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9 ++Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393 ++Ctrl.type = type:C ++Output = 3200c39e6ed260f4f345cbd0c88cac1a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91 ++Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9 ++Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393 ++Ctrl.type = type:D ++Output = 7b9e506a1baede9b80dff09253a9ab88 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91 ++Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9 ++Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393 ++Ctrl.type = type:E ++Output = 3c860ae21a5dab865eb560ed9ddf51775d3b6603e4e06285cf5e9273115a77d8d5ddfb977fd21c0a70c35798a5ef596e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91 ++Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9 ++Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393 ++Ctrl.type = type:F ++Output = c53cfa0836ac21bb13c58ed15ddf593e8e01c7437587112ba013058d411d262d87a5e56c098b69146d9019803206ef91 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6 ++Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc ++Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4 ++Ctrl.type = type:A ++Output = e34b595f755ff42a33126d8efabe1ec0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6 ++Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc ++Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4 ++Ctrl.type = type:B ++Output = a873f52aa3b91a8dd019be8358c04de6 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6 ++Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc ++Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4 ++Ctrl.type = type:C ++Output = fce5c490a769fbd4aa31b0f5c7aad86b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6 ++Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc ++Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4 ++Ctrl.type = type:D ++Output = d36a9b7d2c63675d2b250d5a97b0e628 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6 ++Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc ++Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4 ++Ctrl.type = type:E ++Output = 92c8f89f84575cebb9c37be3a488d0b0312a12d9253dbada7db1318f5a193d4f8f75a212a75c1123bca89d5de43cbf08 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6 ++Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc ++Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4 ++Ctrl.type = type:F ++Output = 16dcf1bd1aa4d5d6edc2d2b23792872f53767d6b2589e4700469a9bbbbb659c1c8716393fe1ed717833f491cd32d874b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa ++Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626 ++Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719 ++Ctrl.type = type:A ++Output = bbdc47242c877cc70585a5d9f0b8067d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa ++Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626 ++Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719 ++Ctrl.type = type:B ++Output = 6dcc6458af049a81a6d3139c2725f67d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa ++Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626 ++Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719 ++Ctrl.type = type:C ++Output = f788d0b9ea5373031d44972fad39d8e6 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa ++Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626 ++Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719 ++Ctrl.type = type:D ++Output = e939b1367ea35c67ea990988c3c0c474 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa ++Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626 ++Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719 ++Ctrl.type = type:E ++Output = 069629f693b4d291ea6f16355eb4c57eef7824217d22651af095aadac27a789314fee4e86efa9bc63085a8ebfc606548 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa ++Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626 ++Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719 ++Ctrl.type = type:F ++Output = 731107905e3b9b36ba3dca504b35f1a51e75e2a3ee2595ade882c21410d439ec1ec31fbc62e64362a5fddc0f39e76da0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19 ++Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93 ++Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc ++Ctrl.type = type:A ++Output = 8e1af4ce3b9aa9f1e7493775f8846ac0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19 ++Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93 ++Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc ++Ctrl.type = type:B ++Output = 1796cee0aeb39eb1fbbaeaf15d600832 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19 ++Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93 ++Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc ++Ctrl.type = type:C ++Output = 7a7485045a2f8cc86f82c8486f8e9f59 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19 ++Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93 ++Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc ++Ctrl.type = type:D ++Output = 00a9d893e8c14aa3a316163d50d83378 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19 ++Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93 ++Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc ++Ctrl.type = type:E ++Output = 46133b1cbab3e04043a1b336db99575183d5be76f9d56556493a8d4a8da37a020ae379ff2d470a99ca7e9d2b1cf85cb4 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA384 ++Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19 ++Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93 ++Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc ++Ctrl.type = type:F ++Output = 9221abcc3db5a557cca60408e65528e937cc3673b548c350924cd9e6387de526f5cb35a0bbe4020c47318b59d1a0527d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd ++Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf ++Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf ++Ctrl.type = type:A ++Output = 0e2693ade0524af8 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd ++Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf ++Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf ++Ctrl.type = type:B ++Output = b13144de02295bb8 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd ++Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf ++Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf ++Ctrl.type = type:C ++Output = 7e4a721fb7379ebb423306464d57db46afa3cca10a1d7feb ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd ++Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf ++Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf ++Ctrl.type = type:D ++Output = bb84123b1fac400e0df4767d78d011427e1edd4d4c934b95 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd ++Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf ++Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf ++Ctrl.type = type:E ++Output = 00fb0a45c650dd9c95666b0c7fcea8c98f0562f61b862054ee400aec875dbbc2bdef4806c09217709a5050569312efe3af513e7aa733c72457abe1607ac01c13 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd ++Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf ++Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf ++Ctrl.type = type:F ++Output = 70a8005e711fb96dea5991cb68831b9e86005821b45ceaf958c13d5c87cbd2953d0877c267796edf8c7fb3d768bb26b74e542f40bf9ac9f6a9d217077e85f511 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327 ++Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159 ++Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988 ++Ctrl.type = type:A ++Output = c75c77791f7b67c2 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327 ++Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159 ++Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988 ++Ctrl.type = type:B ++Output = dae1e8bfab1b4b7e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327 ++Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159 ++Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988 ++Ctrl.type = type:C ++Output = 0e79f5b685ebe77ae6d62c344a5dd0f53502523a28e2b408 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327 ++Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159 ++Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988 ++Ctrl.type = type:D ++Output = c5ec1aae5d26c2c5fe769576eb1b75c53d3dc67d452dca1c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327 ++Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159 ++Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988 ++Ctrl.type = type:E ++Output = 6bc4e5d6049c69a8ffbf93c7617b6a168bd0f14d71471d199b81729250117272ad102772761a8c0b5d5240e589e48a4f85ab8c3e1bd030327e7c87428ee44d13 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327 ++Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159 ++Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988 ++Ctrl.type = type:F ++Output = ce109babe86778542856e3934be12decd239120a4dcb948a0154c4cb7b8ac0a4a3cbd682698086123e6c0481ee351bd9fedfba58d37f7814ba9c2b584f6cfedf ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541 ++Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f ++Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298 ++Ctrl.type = type:A ++Output = 6a71fc98f044591d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541 ++Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f ++Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298 ++Ctrl.type = type:B ++Output = 9f1a35a5c79014c0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541 ++Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f ++Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298 ++Ctrl.type = type:C ++Output = 377901cc72e4c06e30e27b03902f65c4a58b9d3f5cf43431 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541 ++Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f ++Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298 ++Ctrl.type = type:D ++Output = 82a9db94ea5c15dff736c3074a34951e828c8dfa3fef8596 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541 ++Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f ++Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298 ++Ctrl.type = type:E ++Output = b3ce0202c966df307a0729a4bb3fcd0ee55d4c521a144ecd285a470830f60685b2d751883d85ccd29fcc2481f3f442fdedd58d17528e8c4fb28473ee5e539706 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541 ++Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f ++Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298 ++Ctrl.type = type:F ++Output = c1ab7227f919cbda46cd6ac2bd4bb2ee5bd586cc55c7c1cb067df4c9a23209f716ff5e97ed76ebbc0354d683c5369937ca8db4cecf9e6c40886a186d9c4e2366 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0 ++Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3 ++Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3 ++Ctrl.type = type:A ++Output = 3832bf21b907daa3 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0 ++Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3 ++Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3 ++Ctrl.type = type:B ++Output = 4e04d7787ba7fa68 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0 ++Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3 ++Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3 ++Ctrl.type = type:C ++Output = d7be949edcfe4e4b877de1cc6a861fa721e137bf3dd1bb27 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0 ++Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3 ++Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3 ++Ctrl.type = type:D ++Output = 5361fc87e24ec3031d97f0099766ac9ff7b8f91ea87666de ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0 ++Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3 ++Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3 ++Ctrl.type = type:E ++Output = 40a6897606035ebb04907fa15e1545a8973b9b09423f3786be4bcb8db9e4561e0385bcf1e3c0cece5a788e9852ed1da56963f36bad78fede21405ce3ea92a3b8 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0 ++Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3 ++Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3 ++Ctrl.type = type:F ++Output = 727f9bade9334f97486f479c88614ce96b8cbc803a544fbfaf5fcaf0499a1b8edeb59daa1a824ca9b165879c63d9f0b6464bcd3121fb1ad29b38864fbaac7741 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f ++Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2 ++Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47 ++Ctrl.type = type:A ++Output = 3f077a02dc957eb1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f ++Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2 ++Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47 ++Ctrl.type = type:B ++Output = 3cc158e348e64a0a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f ++Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2 ++Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47 ++Ctrl.type = type:C ++Output = 8770fb6792c2fc16a60c9f45c8d40db684fe52de7c60b482 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f ++Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2 ++Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47 ++Ctrl.type = type:D ++Output = d417a07f1070a2e628424fa990ef436f137725a7cde43f1b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f ++Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2 ++Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47 ++Ctrl.type = type:E ++Output = 20b810e4f6a540724f269194e37969a10e340d45c557eabe72c41f08a9fad85ab44a9c362e7fc5eea9ed5dd9b84cc837d2aaa46ee71b355cb1dfefa8dc544d1e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f ++Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2 ++Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47 ++Ctrl.type = type:F ++Output = acd292ab652b49c7c2a5a35b93c31a71eeef8a629cbc6b1c782994ebc7566f7b0ae536cc0ccfe881bfd8cbfaff391fe23568fa5692198f188deff0c6d0808160 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497 ++Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5 ++Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79 ++Ctrl.type = type:A ++Output = 7cf213cec41701ff ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497 ++Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5 ++Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79 ++Ctrl.type = type:B ++Output = 81a44f6f95fff954 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497 ++Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5 ++Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79 ++Ctrl.type = type:C ++Output = e1610d85ea2c24b4af18076c2d7dc0c3f3b3bf1c8df232a4 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497 ++Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5 ++Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79 ++Ctrl.type = type:D ++Output = db146cbf4923693449b857fa927d112f3c8bd1bac73f618a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497 ++Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5 ++Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79 ++Ctrl.type = type:E ++Output = fac257f4544a0aa77659642c33a421cf27b2216a57399ff8ff48baab37519ce9c27f93bf447a02b3c10d9f9c6201745ed6ae28a13ff85e949e0e8048bf31e0c8 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497 ++Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5 ++Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79 ++Ctrl.type = type:F ++Output = 8532a1014a5a2feba5730823b0fb1781a7782a73f95a97697aedf60997e6cdf5107387be820b74c0e43e8caf42e83bbc703c6cd9d37b0e720aeacc115ce4633e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0 ++Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21 ++Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906 ++Ctrl.type = type:A ++Output = c5dffc4eb99a1c36 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0 ++Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21 ++Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906 ++Ctrl.type = type:B ++Output = 13cb7467ddf8ea7d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0 ++Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21 ++Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906 ++Ctrl.type = type:C ++Output = 4d77a9a1a36500d9ea0389e3813a201fb9b30751d1fcf0b3 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0 ++Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21 ++Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906 ++Ctrl.type = type:D ++Output = a0e4ec099492c752b98013d2176af6e601eeef3cdc2029a9 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0 ++Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21 ++Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906 ++Ctrl.type = type:E ++Output = b4035effa78e6da307f4c096226150e5cab92794192bba492ff8576da3fdbbfdc87fbf79721de0e8f38647261dcad096fd536c4f724f09782a4b684902a4b979 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0 ++Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21 ++Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906 ++Ctrl.type = type:F ++Output = eae8776eddb75cd4d14d2db129172bab92f0c8d2c8a439d4b63824c23e7481af502a45d2ebee77f3a801d658b59f6cbbdb797f479787ae4d5839b7ddf49ff908 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f ++Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a ++Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990 ++Ctrl.type = type:A ++Output = 31ef8e737ec154c0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f ++Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a ++Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990 ++Ctrl.type = type:B ++Output = c0bb41f2c51a0503 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f ++Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a ++Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990 ++Ctrl.type = type:C ++Output = 3f9058812f36f302dc5ada7de8f4271c435dfe4589f22a00 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f ++Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a ++Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990 ++Ctrl.type = type:D ++Output = b342a447abcb67f6819a19b8b300946c89739fabd049a6e0 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f ++Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a ++Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990 ++Ctrl.type = type:E ++Output = a5d70cb0a3e351be09b9600c9b97f2781236bf549209a1fbf3304af145af0941c6cd9923f1f30cec946e8dea96332d284e01a4d8bcc90721fe2e515504073cb8 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f ++Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a ++Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990 ++Ctrl.type = type:F ++Output = dbc3ea086a49e220306cbe57b942d9409cbd205dec20c7b79fd6998906d173bcb2bc2eb5b7eea4c1d84f3926836bd15e0565a17af735596050d6161d9682f2e7 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0 ++Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c ++Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5 ++Ctrl.type = type:A ++Output = 19d6bc79713a4622 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0 ++Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c ++Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5 ++Ctrl.type = type:B ++Output = 7de9caf89d325dcd ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0 ++Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c ++Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5 ++Ctrl.type = type:C ++Output = 1d5391d658abb9ec1b8df32cbf1db9a302a1301984ab06d4 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0 ++Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c ++Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5 ++Ctrl.type = type:D ++Output = 5d37dab50814543d8d8674f4f491d73d21973f20844c96a7 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0 ++Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c ++Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5 ++Ctrl.type = type:E ++Output = 3e882ae390a64c34f509bc9845df581987ae2524b2ff92d9243580168f32fa68750f3f732c8c5544c98fc585582fe743efbf55dd6c487fb5f9ffac1a156fa31c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0 ++Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c ++Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5 ++Ctrl.type = type:F ++Output = ce4bcf9cabe7ee7c0e216e64e5427ebd38cb41ba9e9a6d9ae441ca47d9278347a59afdf758ae7f7fd667ed3830bf9a33d7badfd40e2112580af514da9464a6d1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537 ++Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095 ++Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614 ++Ctrl.type = type:A ++Output = 93fbb01815b63533 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537 ++Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095 ++Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614 ++Ctrl.type = type:B ++Output = aea76dfe77a87471 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537 ++Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095 ++Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614 ++Ctrl.type = type:C ++Output = 73a55e25a0a8ec0899c1074bf0845fefd84e42f741897a3f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537 ++Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095 ++Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614 ++Ctrl.type = type:D ++Output = fead3a851502aa3c58734065eeaf3e63ed4c59c8f450bb1a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537 ++Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095 ++Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614 ++Ctrl.type = type:E ++Output = 55bde99a692820ad809eb0a62311f8f3e9469ba2ee4d782d5432628ca52d829b9c5bffc41b58232363f97c5dab603268b1997fbe9b9b34ab2aca3da27467b0c8 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537 ++Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095 ++Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614 ++Ctrl.type = type:F ++Output = 756f65746c861f0985f3dd7d2f08004897ccb22be2f1d3b4791ca0c51d5ee0da776dd03d7dfb7f4db6c6cd37899871e63d75f7f60dff8348c313e99409ad2db5 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb ++Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 ++Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 ++Ctrl.type = type:A ++Output = a626c34c0a74b56262110185a34cd810 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb ++Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 ++Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 ++Ctrl.type = type:B ++Output = 223d6fc57263da9ad61dad9759454e0f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb ++Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 ++Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 ++Ctrl.type = type:C ++Output = 7c803e07506969666f446400b2372eee ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb ++Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 ++Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 ++Ctrl.type = type:D ++Output = 4ad705fbc9e89c03c15f9dbbf34981df ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb ++Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 ++Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 ++Ctrl.type = type:E ++Output = 36cac32cab8b943cd9d2142559c467593bfaf30d0be71560245c8b38a5671901a858ccc637b0ef6966a2bbfb1a7f51f2cf6d52c4165ca000d52bd908405c305f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb ++Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 ++Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121 ++Ctrl.type = type:F ++Output = 67d42301ce629c0f2a34b9dfb24ec60c138b4edc71f7123bb0db9447b3c915ebd8c54d3b20af04e30b484be3a2d4136f5d5c46f9c56de189b91fec78ecd53e1c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a ++Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71 ++Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6 ++Ctrl.type = type:A ++Output = 8ebbf0e9afd9f108498f1543104ba8e2 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a ++Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71 ++Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6 ++Ctrl.type = type:B ++Output = 38bfe6bed75f77675fa36d76b63816a4 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a ++Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71 ++Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6 ++Ctrl.type = type:C ++Output = f759f0ad2d72980f6b12f0fb317222f3 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a ++Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71 ++Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6 ++Ctrl.type = type:D ++Output = 39f294ec25afb520f5d7f1064b7078c9 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a ++Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71 ++Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6 ++Ctrl.type = type:E ++Output = ff2ad139997ff26e7f4393e49d57d5fc973ddb6225d8f4b5fe990e46b9943772f0d33aa98d01089ff0aeb5740bd388ada35dc44240180c99e522c817dedfc2cd ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a ++Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71 ++Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6 ++Ctrl.type = type:F ++Output = a670c9583c71f403207a192700d5e4fd7a007b60a4617b7f93708399a0cb771af08b9e5f4237e6975f055d6f0a4d91523fa0805013df6ae4a19f077646f1cd4b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066 ++Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22 ++Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63 ++Ctrl.type = type:A ++Output = f68353f802d39a43c728641e44087cc5 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066 ++Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22 ++Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63 ++Ctrl.type = type:B ++Output = 23c2377f826f77519871941b62cb9fdd ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066 ++Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22 ++Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63 ++Ctrl.type = type:C ++Output = c92b86a099e2605037d531746a6af7cb ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066 ++Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22 ++Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63 ++Ctrl.type = type:D ++Output = 1517de253a5b9f7d9c4c3f234b27392e ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066 ++Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22 ++Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63 ++Ctrl.type = type:E ++Output = be48a82cd246cf4d6ddb397a39f1ed62d98b5265e75190624a523033796d05046d63e0810b4b7a6efe9b834cb043871203638557063968910ad1cfa0abe62bb1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066 ++Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22 ++Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63 ++Ctrl.type = type:F ++Output = 0c9af3775d5dc49a1b9b85fa18420ce1ca10d5159f83f9e078c217289688639dbce5f85665f866d8f93b2c6823bc7b2655830d8bb51fba945ce6eac2b0e6ce8a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda ++Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73 ++Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292 ++Ctrl.type = type:A ++Output = 7b802a74d216a41f7708c597b9053223 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda ++Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73 ++Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292 ++Ctrl.type = type:B ++Output = 355223971bed70b804d191b64cde39e6 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda ++Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73 ++Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292 ++Ctrl.type = type:C ++Output = 925f2b036ac2682e20f022377499c3e1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda ++Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73 ++Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292 ++Ctrl.type = type:D ++Output = 37ae2bbbb1603c07d5274fc8f57126dc ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda ++Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73 ++Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292 ++Ctrl.type = type:E ++Output = 8b36c7e175797bf7bbb079ac5d06e6f7f62fc5a957e0fefab7df565eb72ae0586dbebad978975aaa35846de667b44b7174315b2b932f0be538fba76b92531019 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda ++Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73 ++Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292 ++Ctrl.type = type:F ++Output = 388ef310bce13188df3fd6285576041754a281548fcc6a212e0de564db661640320130e4df4a6ff31162edaa7ced5b7f05f3456f674ee8be0b03424142058795 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478 ++Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8 ++Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8 ++Ctrl.type = type:A ++Output = efeb5305eda69b0bd6999b4a27479667 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478 ++Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8 ++Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8 ++Ctrl.type = type:B ++Output = 806fca9189c02e7ec2a6459387b03506 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478 ++Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8 ++Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8 ++Ctrl.type = type:C ++Output = 9e542282d0db345a6ba20eba7c5de531 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478 ++Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8 ++Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8 ++Ctrl.type = type:D ++Output = 41e7962b57a67f75072f15a5ba405d15 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478 ++Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8 ++Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8 ++Ctrl.type = type:E ++Output = 7bf8f25fd155e41d1dc85cc814704dd8732275b3a53dc1b8c6b330c08f307b5c0da31606cb7eaa1b37b2721f4a1bf70a6885c30d17d7acd32fcc894768fe4106 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478 ++Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8 ++Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8 ++Ctrl.type = type:F ++Output = 66b8f8c1a38120c73cc55950455a69c426fda44b9c66c3becaf259dd57a620e5ed3a749a486d05eab52c289f489581cb655865d4388a81e79b06bd105e3ae858 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce ++Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78 ++Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b ++Ctrl.type = type:A ++Output = 8f6ac18ff5300849be34602630bb4102 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce ++Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78 ++Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b ++Ctrl.type = type:B ++Output = f2b45df2508656758529a1f4679839fd ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce ++Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78 ++Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b ++Ctrl.type = type:C ++Output = 3356d58f61bcca506058e0990c9821f5 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce ++Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78 ++Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b ++Ctrl.type = type:D ++Output = 78495438a5326cca5351a239545941c1 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce ++Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78 ++Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b ++Ctrl.type = type:E ++Output = dcfc5d099f5040513f76b012ab62ee45d5d8271aec9cbbdd1e1f7e0806f363d21c2eca730f9489ee70fbc7490a1901587b1d418c0e4f429c8098cd793c6d285c ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce ++Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78 ++Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b ++Ctrl.type = type:F ++Output = a75817465c73517bd7884dcd230464583ae491ae5e39330873cd7a967188022cad63e712c7ec261abdb34c01bddd8989dfce8f5d8a8cdbdcc305429b3fd93c76 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6 ++Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972 ++Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738 ++Ctrl.type = type:A ++Output = 4fa1b8c53d25f7c1adb4810c46b48ae7 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6 ++Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972 ++Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738 ++Ctrl.type = type:B ++Output = 3c453d0f50b7f41826e74e5cce5b5996 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6 ++Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972 ++Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738 ++Ctrl.type = type:C ++Output = 22f47a00a5de0f56b3e586357eeebe57 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6 ++Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972 ++Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738 ++Ctrl.type = type:D ++Output = 8d32d1945e93c4982bd106567f8e481f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6 ++Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972 ++Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738 ++Ctrl.type = type:E ++Output = 9eefe581b1514160f81c94193d374d8f85879136e9ae494c487119b1974aac3e143948f656c1c1e837ff1368ef0d997cd3ca9f46c71056269eb8a1da8daf5678 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6 ++Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972 ++Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738 ++Ctrl.type = type:F ++Output = 8dd76f59e6692ff642894ee1bb147f3e1490cac944af29de6b2b5abcc4ab9eb41d236e9cd2f40cf83935097f307a246d7b35005dd302bacfe7e4fed37d2f46e9 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973 ++Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23 ++Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5 ++Ctrl.type = type:A ++Output = f335b3ab270d7e686c5e023b3a2da75b ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973 ++Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23 ++Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5 ++Ctrl.type = type:B ++Output = 857c9245c67bad84b7377c424c5e7e7a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973 ++Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23 ++Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5 ++Ctrl.type = type:C ++Output = 1c44ef56440f5856bdfd951305fd81e4 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973 ++Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23 ++Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5 ++Ctrl.type = type:D ++Output = 8d3496ac631bb3588abbb13d4ae2dc2d ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973 ++Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23 ++Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5 ++Ctrl.type = type:E ++Output = ac7899494cfcebbdaa8ee7c343a0a458228a0a5e59730c928e9c8775487e57c3a5f34fdb72c1b3b57cc35e0356e4b7c6a56368e74c68a017538a5b484886ec81 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973 ++Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23 ++Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5 ++Ctrl.type = type:F ++Output = d32d849b488594d0b8efce91604296393b2240121f2ed51fb7c0bb5b371c33775d184ffaf3028306bc8040b21887f6885e5916ae158ef74a3ba09a1f30654f1a ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800 ++Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa ++Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13 ++Ctrl.type = type:A ++Output = 5aa8ed531557a1dc934ed667029e062f ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800 ++Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa ++Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13 ++Ctrl.type = type:B ++Output = 11a810c69785949d5a0ef6eeff960fb4 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800 ++Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa ++Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13 ++Ctrl.type = type:C ++Output = 54e9402e4f85b08c271b2a9f15d56c75 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800 ++Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa ++Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13 ++Ctrl.type = type:D ++Output = 838209e0ebe7626cf6482f25c7774bfd ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800 ++Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa ++Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13 ++Ctrl.type = type:E ++Output = bc62048ddb762ac50336ae0e91a402cc78e73472fe180756a4686299967d2904318b8ad1b8dc622edd75e9ff0e74f7fcb8a1f8acb86e2567a5167084c648c7ef ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800 ++Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa ++Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13 ++Ctrl.type = type:F ++Output = 4e9644a01a3fe6c3f4f5aceddb00e2584e277354aee6392a1a5aef05024d37fcf25ff46fdd8fe52e7d1dd9a96e77328aadf44b8fc92ac22a14f63d64ad0db621 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e ++Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2 ++Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85 ++Ctrl.type = type:A ++Output = 77cb432c67bf0ae658aa4e34376d01b5 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e ++Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2 ++Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85 ++Ctrl.type = type:B ++Output = f55c74d112746001d8908edd347d7e69 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e ++Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2 ++Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85 ++Ctrl.type = type:C ++Output = 34a48ab90890b385198ea6bf8c50c3f6 ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e ++Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2 ++Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85 ++Ctrl.type = type:D ++Output = f2b6046d3439c50a9000a63909146abc ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e ++Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2 ++Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85 ++Ctrl.type = type:E ++Output = 70357486ca57c93418c6705b731b054bc41be03289c25a5ed29a937732807ae10a3604486c53d1f2431411808d87bfbaa6b25971fa2e4ec3719b5d2622aed2ff ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA512 ++Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e ++Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2 ++Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85 ++Ctrl.type = type:F ++Output = 4e6428f7a87455bdef6026cdf68a2f6d93d6cda5145d6bca60ee4eb2d6248b399f6568c65ec92cee8d9b0c7fd83053c91c5be72bf96b5904080624a348243899 ++ ++Title = SSHKDF test error conditions ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.type = type:A ++Output = FF ++Result = KDF_DERIVE_ERROR ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 ++Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.type = type:A ++Output = FF ++Result = KDF_DERIVE_ERROR ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 ++Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.type = type:A ++Output = FF ++Result = KDF_DERIVE_ERROR ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 ++Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Output = FF ++Result = KDF_DERIVE_ERROR ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 ++Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.type = type:X ++Output = FF ++Result = KDF_CTRL_ERROR ++ ++KDF = SSHKDF ++Ctrl.md = md:SHA1 ++Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 ++Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 ++Ctrl.type = type:A ++Output = FF ++Result = KDF_MISMATCH +From 148cc5ee246e108b1e7332035037bab53574b0a9 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Thu, 18 Apr 2019 08:26:29 -0400 +Subject: [PATCH] Change the digest string from "md" to "digest" + +Conform to other modules which were changed at the last minute and this +discrepancy was not noticed. +Retain "md" as an alias so not to break 3rd party backports/tests scripts. + +Signed-off-by: Simo Sorce +--- + crypto/kdf/sshkdf.c | 3 +++ + test/recipes/20-test_kdf.t | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + mode change 100644 => 100755 test/recipes/20-test_kdf.t + +diff --git a/crypto/kdf/sshkdf.c b/crypto/kdf/sshkdf.c +index 300e1adbb23..f585e8a0d6d 100644 +--- a/crypto/kdf/sshkdf.c ++++ b/crypto/kdf/sshkdf.c +@@ -125,6 +125,9 @@ static int kdf_sshkdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type, + return 0; + } + ++ if (strcmp(type, "digest") == 0) ++ return kdf_md2ctrl(impl, kdf_sshkdf_ctrl, EVP_KDF_CTRL_SET_MD, value); ++ /* alias, for historical reasons */ + if (strcmp(type, "md") == 0) + return kdf_md2ctrl(impl, kdf_sshkdf_ctrl, EVP_KDF_CTRL_SET_MD, value); + diff --git a/openssl-freefilesync/openssl-1.1.1-system-cipherlist.patch b/openssl-freefilesync/openssl-1.1.1-system-cipherlist.patch new file mode 100644 index 0000000..a70f20b --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-system-cipherlist.patch @@ -0,0 +1,310 @@ +diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.1c/Configurations/unix-Makefile.tmpl +--- openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist 2019-05-29 15:42:27.951329271 +0200 ++++ openssl-1.1.1c/Configurations/unix-Makefile.tmpl 2019-05-29 15:42:27.974328867 +0200 +@@ -180,6 +180,10 @@ MANDIR=$(INSTALLTOP)/share/man + DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) + HTMLDIR=$(DOCDIR)/html + ++{- output_off() if $config{system_ciphers_file} eq ""; "" -} ++SYSTEM_CIPHERS_FILE_DEFINE=-DSYSTEM_CIPHERS_FILE="\"{- $config{system_ciphers_file} -}\"" ++{- output_on() if $config{system_ciphers_file} eq ""; "" -} ++ + # MANSUFFIX is for the benefit of anyone who may want to have a suffix + # appended after the manpage file section number. "ssl" is popular, + # resulting in files such as config.5ssl rather than config.5. +@@ -203,6 +207,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -} + CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -} + CPPFLAGS={- our $cppflags1 = join(" ", + (map { "-D".$_} @{$config{CPPDEFINES}}), ++ "\$(SYSTEM_CIPHERS_FILE_DEFINE)", + (map { "-I".$_} @{$config{CPPINCLUDES}}), + @{$config{CPPFLAGS}}) -} + CFLAGS={- join(' ', @{$config{CFLAGS}}) -} +diff -up openssl-1.1.1c/Configure.system-cipherlist openssl-1.1.1c/Configure +--- openssl-1.1.1c/Configure.system-cipherlist 2019-05-28 15:12:21.000000000 +0200 ++++ openssl-1.1.1c/Configure 2019-05-29 15:45:10.465469533 +0200 +@@ -24,7 +24,7 @@ use OpenSSL::Glob; + my $orig_death_handler = $SIG{__DIE__}; + $SIG{__DIE__} = \&death_handler; + +-my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; ++my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; + + # Options: + # +@@ -41,6 +41,9 @@ my $usage="Usage: Configure [no- + # This becomes the value of OPENSSLDIR in Makefile and in C. + # (Default: PREFIX/ssl) + # ++# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM ++# cipher is specified (default). ++# + # --cross-compile-prefix Add specified prefix to binutils components. + # + # --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for +@@ -295,6 +298,7 @@ $config{prefix}=""; + $config{openssldir}=""; + $config{processor}=""; + $config{libdir}=""; ++$config{system_ciphers_file}=""; + my $auto_threads=1; # enable threads automatically? true by default + my $default_ranlib; + +@@ -824,6 +828,10 @@ while (@argvcopy) + push @seed_sources, $x; + } + } ++ elsif (/^--system-ciphers-file=(.*)$/) ++ { ++ $config{system_ciphers_file}=$1; ++ } + elsif (/^--cross-compile-prefix=(.*)$/) + { + $user{CROSS_COMPILE}=$1; +@@ -1016,6 +1024,8 @@ if ($target eq "HASH") { + exit 0; + } + ++chop $config{system_ciphers_file} if $config{system_ciphers_file} =~ /\/$/; ++ + print "Configuring OpenSSL version $config{version} ($config{version_num}) "; + print "for $target\n"; + +diff -up openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1c/doc/man1/ciphers.pod +--- openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist 2019-05-28 15:12:21.000000000 +0200 ++++ openssl-1.1.1c/doc/man1/ciphers.pod 2019-05-29 15:42:27.975328849 +0200 +@@ -182,6 +182,15 @@ As of OpenSSL 1.0.0, the B cipher s + + The cipher suites not enabled by B, currently B. + ++=item B ++ ++The list of enabled cipher suites will be loaded from the system crypto policy ++configuration file B. ++See also L. ++This is the default behavior unless an application explicitly sets a cipher ++list. If used in a cipher list configuration value this string must be at the ++beginning of the cipher list, otherwise it will not be recognized. ++ + =item B + + "High" encryption cipher suites. This currently means those with key lengths +diff -up openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist openssl-1.1.1c/include/openssl/ssl.h +--- openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist 2019-05-28 15:12:21.000000000 +0200 ++++ openssl-1.1.1c/include/openssl/ssl.h 2019-05-29 15:42:27.975328849 +0200 +@@ -186,6 +186,11 @@ extern "C" { + * throwing out anonymous and unencrypted ciphersuites! (The latter are not + * actually enabled by ALL, but "ALL:RSA" would enable some of them.) + */ ++# ifdef SYSTEM_CIPHERS_FILE ++# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM" ++# else ++# define SSL_SYSTEM_DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST ++# endif + + /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ + # define SSL_SENT_SHUTDOWN 1 +diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ciph.c +--- openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200 ++++ openssl-1.1.1c/ssl/ssl_ciph.c 2019-05-29 15:42:27.976328831 +0200 +@@ -9,6 +9,8 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE + #include + #include + #include +@@ -1399,6 +1401,53 @@ int SSL_set_ciphersuites(SSL *s, const c + return ret; + } + ++#ifdef SYSTEM_CIPHERS_FILE ++static char *load_system_str(const char *suffix) ++{ ++ FILE *fp; ++ char buf[1024]; ++ char *new_rules; ++ const char *ciphers_path; ++ unsigned len, slen; ++ ++ if ((ciphers_path = secure_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL) ++ ciphers_path = SYSTEM_CIPHERS_FILE; ++ fp = fopen(ciphers_path, "r"); ++ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) { ++ /* cannot open or file is empty */ ++ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST); ++ } ++ ++ if (fp) ++ fclose(fp); ++ ++ slen = strlen(suffix); ++ len = strlen(buf); ++ ++ if (buf[len - 1] == '\n') { ++ len--; ++ buf[len] = 0; ++ } ++ if (buf[len - 1] == '\r') { ++ len--; ++ buf[len] = 0; ++ } ++ ++ new_rules = OPENSSL_malloc(len + slen + 1); ++ if (new_rules == 0) ++ return NULL; ++ ++ memcpy(new_rules, buf, len); ++ if (slen > 0) { ++ memcpy(&new_rules[len], suffix, slen); ++ len += slen; ++ } ++ new_rules[len] = 0; ++ ++ return new_rules; ++} ++#endif ++ + STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, + STACK_OF(SSL_CIPHER) *tls13_ciphersuites, + STACK_OF(SSL_CIPHER) **cipher_list, +@@ -1412,15 +1461,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + const char *rule_p; + CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; + const SSL_CIPHER **ca_list = NULL; ++#ifdef SYSTEM_CIPHERS_FILE ++ char *new_rules = NULL; ++ ++ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) { ++ char *p = rule_str + 14; ++ ++ new_rules = load_system_str(p); ++ rule_str = new_rules; ++ } ++#endif + + /* + * Return with error if nothing to do. + */ + if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) +- return NULL; ++ goto err; + #ifndef OPENSSL_NO_EC + if (!check_suiteb_cipher_list(ssl_method, c, &rule_str)) +- return NULL; ++ goto err; + #endif + + /* +@@ -1443,7 +1502,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); + if (co_list == NULL) { + SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); +- return NULL; /* Failure */ ++ goto err; + } + + ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, +@@ -1509,8 +1568,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + * in force within each class + */ + if (!ssl_cipher_strength_sort(&head, &tail)) { +- OPENSSL_free(co_list); +- return NULL; ++ goto err; + } + + /* +@@ -1555,9 +1613,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; + ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); + if (ca_list == NULL) { +- OPENSSL_free(co_list); + SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); +- return NULL; /* Failure */ ++ goto err; + } + ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, + disabled_mkey, disabled_auth, disabled_enc, +@@ -1583,8 +1640,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + OPENSSL_free(ca_list); /* Not needed anymore */ + + if (!ok) { /* Rule processing failure */ +- OPENSSL_free(co_list); +- return NULL; ++ goto err; + } + + /* +@@ -1592,14 +1648,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + * if we cannot get one. + */ + if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { +- OPENSSL_free(co_list); +- return NULL; ++ goto err; + } + ++#ifdef SYSTEM_CIPHERS_FILE ++ OPENSSL_free(new_rules); /* Not needed anymore */ ++#endif ++ + /* Add TLSv1.3 ciphers first - we always prefer those if possible */ + for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { + if (!sk_SSL_CIPHER_push(cipherstack, + sk_SSL_CIPHER_value(tls13_ciphersuites, i))) { ++ OPENSSL_free(co_list); + sk_SSL_CIPHER_free(cipherstack); + return NULL; + } +@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + *cipher_list = cipherstack; + + return cipherstack; ++ ++err: ++ OPENSSL_free(co_list); ++#ifdef SYSTEM_CIPHERS_FILE ++ OPENSSL_free(new_rules); ++#endif ++ return NULL; ++ + } + + char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +diff -up openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1c/ssl/ssl_lib.c +--- openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist 2019-05-29 15:42:27.970328937 +0200 ++++ openssl-1.1.1c/ssl/ssl_lib.c 2019-05-29 15:42:27.977328814 +0200 +@@ -662,7 +662,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx + ctx->tls13_ciphersuites, + &(ctx->cipher_list), + &(ctx->cipher_list_by_id), +- SSL_DEFAULT_CIPHER_LIST, ctx->cert); ++ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert); + if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { + SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); + return 0; +@@ -2954,7 +2954,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m + if (!ssl_create_cipher_list(ret->method, + ret->tls13_ciphersuites, + &ret->cipher_list, &ret->cipher_list_by_id, +- SSL_DEFAULT_CIPHER_LIST, ret->cert) ++ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert) + || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); + goto err2; +diff -up openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist openssl-1.1.1c/test/cipherlist_test.c +--- openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200 ++++ openssl-1.1.1c/test/cipherlist_test.c 2019-05-29 15:42:27.977328814 +0200 +@@ -251,7 +251,9 @@ end: + + int setup_tests(void) + { ++#ifndef SYSTEM_CIPHERS_FILE + ADD_TEST(test_default_cipherlist_implicit); ++#endif + ADD_TEST(test_default_cipherlist_explicit); + ADD_TEST(test_default_cipherlist_clear); + return 1; diff --git a/openssl-freefilesync/openssl-1.1.1-ts-sha256-default.patch b/openssl-freefilesync/openssl-1.1.1-ts-sha256-default.patch new file mode 100644 index 0000000..d99dc47 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-ts-sha256-default.patch @@ -0,0 +1,50 @@ +diff --git a/apps/ts.c b/apps/ts.c +index 63c5210183..4ef8a72eef 100644 +--- a/apps/ts.c ++++ b/apps/ts.c +@@ -425,7 +425,7 @@ static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md, + ASN1_OBJECT *policy_obj = NULL; + ASN1_INTEGER *nonce_asn1 = NULL; + +- if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL) ++ if (md == NULL && (md = EVP_get_digestbyname("sha256")) == NULL) + goto err; + if ((ts_req = TS_REQ_new()) == NULL) + goto err; +diff --git a/doc/man1/ts.pod b/doc/man1/ts.pod +index 078905a845..83b8fe4350 100644 +--- a/doc/man1/ts.pod ++++ b/doc/man1/ts.pod +@@ -517,7 +517,7 @@ included. Default is no. (Optional) + =item B + + This option specifies the hash function to be used to calculate the TSA's +-public key certificate identifier. Default is sha1. (Optional) ++public key certificate identifier. Default is sha256. (Optional) + + =back + +@@ -529,7 +529,7 @@ openssl/apps/openssl.cnf will do. + + =head2 Time Stamp Request + +-To create a time stamp request for design1.txt with SHA-1 ++To create a time stamp request for design1.txt with SHA-256 + without nonce and policy and no certificate is required in the response: + + openssl ts -query -data design1.txt -no_nonce \ +@@ -545,12 +545,12 @@ To print the content of the previous request in human readable format: + + openssl ts -query -in design1.tsq -text + +-To create a time stamp request which includes the MD-5 digest ++To create a time stamp request which includes the SHA-512 digest + of design2.txt, requests the signer certificate and nonce, + specifies a policy id (assuming the tsa_policy1 name is defined in the + OID section of the config file): + +- openssl ts -query -data design2.txt -md5 \ ++ openssl ts -query -data design2.txt -sha512 \ + -tspolicy tsa_policy1 -cert -out design2.tsq + + =head2 Time Stamp Response diff --git a/openssl-freefilesync/openssl-1.1.1-upstream-sync.patch b/openssl-freefilesync/openssl-1.1.1-upstream-sync.patch new file mode 100644 index 0000000..7e03b8d --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-upstream-sync.patch @@ -0,0 +1,534 @@ +diff -up openssl-1.1.1c/crypto/dsa/dsa_ameth.c.sync openssl-1.1.1c/crypto/dsa/dsa_ameth.c +--- openssl-1.1.1c/crypto/dsa/dsa_ameth.c.sync 2019-05-28 15:12:21.000000000 +0200 ++++ openssl-1.1.1c/crypto/dsa/dsa_ameth.c 2019-05-29 17:10:39.768187283 +0200 +@@ -503,7 +503,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, + + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_sha256; +- return 2; ++ return 1; + + default: + return -2; +diff -up openssl-1.1.1c/crypto/err/err.c.sync openssl-1.1.1c/crypto/err/err.c +--- openssl-1.1.1c/crypto/err/err.c.sync 2019-05-28 15:12:21.000000000 +0200 ++++ openssl-1.1.1c/crypto/err/err.c 2019-05-29 17:07:13.345793792 +0200 +@@ -184,8 +184,8 @@ static ERR_STRING_DATA *int_err_get_item + } + + #ifndef OPENSSL_NO_ERR +-/* A measurement on Linux 2018-11-21 showed about 3.5kib */ +-# define SPACE_SYS_STR_REASONS 4 * 1024 ++/* 2019-05-21: Russian and Ukrainian locales on Linux require more than 6,5 kB */ ++# define SPACE_SYS_STR_REASONS 8 * 1024 + # define NUM_SYS_STR_REASONS 127 + + static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; +@@ -219,21 +219,23 @@ static void build_SYS_str_reasons(void) + ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; + + str->error = ERR_PACK(ERR_LIB_SYS, 0, i); +- if (str->string == NULL) { ++ /* ++ * If we have used up all the space in strerror_pool, ++ * there's no point in calling openssl_strerror_r() ++ */ ++ if (str->string == NULL && cnt < sizeof(strerror_pool)) { + if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) { + size_t l = strlen(cur); + + str->string = cur; + cnt += l; +- if (cnt > sizeof(strerror_pool)) +- cnt = sizeof(strerror_pool); + cur += l; + + /* + * VMS has an unusual quirk of adding spaces at the end of +- * some (most? all?) messages. Lets trim them off. ++ * some (most? all?) messages. Lets trim them off. + */ +- while (ossl_isspace(cur[-1])) { ++ while (cur > strerror_pool && ossl_isspace(cur[-1])) { + cur--; + cnt--; + } +diff -up openssl-1.1.1c/crypto/rand/rand_lib.c.sync openssl-1.1.1c/crypto/rand/rand_lib.c +--- openssl-1.1.1c/crypto/rand/rand_lib.c.sync 2019-05-29 17:20:17.175099183 +0200 ++++ openssl-1.1.1c/crypto/rand/rand_lib.c 2019-05-30 11:51:20.784850208 +0200 +@@ -239,8 +239,9 @@ size_t rand_drbg_get_nonce(RAND_DRBG *dr + struct { + void * instance; + int count; +- } data = { NULL, 0 }; ++ } data; + ++ memset(&data, 0, sizeof(data)); + pool = rand_pool_new(0, min_len, max_len); + if (pool == NULL) + return 0; +From 6c2f347c78a530407b5310497080810094427920 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Wed, 17 Apr 2019 11:09:05 +0100 +Subject: [PATCH 1/2] Defer sending a KeyUpdate until after pending writes are + complete + +If we receive a KeyUpdate message (update requested) from the peer while +we are in the middle of a write, we should defer sending the responding +KeyUpdate message until after the current write is complete. We do this +by waiting to send the KeyUpdate until the next time we write and there is +no pending write data. + +This does imply a subtle change in behaviour. Firstly the responding +KeyUpdate message won't be sent straight away as it is now. Secondly if +the peer sends multiple KeyUpdates without us doing any writing then we +will only send one response, as opposed to previously where we sent a +response for each KeyUpdate received. + +Fixes #8677 + +Reviewed-by: Ben Kaduk +(Merged from https://github.com/openssl/openssl/pull/8773) + +(cherry picked from commit feb9e31c40c49de6384dd0413685e9b5a15adc99) +--- + ssl/record/rec_layer_s3.c | 7 +++++++ + ssl/statem/statem_clnt.c | 6 ------ + ssl/statem/statem_lib.c | 7 ++----- + ssl/statem/statem_srvr.c | 6 ------ + 4 files changed, 9 insertions(+), 17 deletions(-) + +diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c +index b2f97ef905..b65137c332 100644 +--- a/ssl/record/rec_layer_s3.c ++++ b/ssl/record/rec_layer_s3.c +@@ -373,6 +373,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, + + s->rlayer.wnum = 0; + ++ /* ++ * If we are supposed to be sending a KeyUpdate then go into init unless we ++ * have writes pending - in which case we should finish doing that first. ++ */ ++ if (wb->left == 0 && s->key_update != SSL_KEY_UPDATE_NONE) ++ ossl_statem_set_in_init(s, 1); ++ + /* + * When writing early data on the server side we could be "in_init" in + * between receiving the EoED and the CF - but we don't want to handle those +diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c +index 87800cd835..6410414fb6 100644 +--- a/ssl/statem/statem_clnt.c ++++ b/ssl/statem/statem_clnt.c +@@ -473,12 +473,6 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) + return WRITE_TRAN_CONTINUE; + + case TLS_ST_CR_KEY_UPDATE: +- if (s->key_update != SSL_KEY_UPDATE_NONE) { +- st->hand_state = TLS_ST_CW_KEY_UPDATE; +- return WRITE_TRAN_CONTINUE; +- } +- /* Fall through */ +- + case TLS_ST_CW_KEY_UPDATE: + case TLS_ST_CR_SESSION_TICKET: + case TLS_ST_CW_FINISHED: +diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c +index c0482b0a90..2960dafa52 100644 +--- a/ssl/statem/statem_lib.c ++++ b/ssl/statem/statem_lib.c +@@ -645,12 +645,9 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt) + /* + * If we get a request for us to update our sending keys too then, we need + * to additionally send a KeyUpdate message. However that message should +- * not also request an update (otherwise we get into an infinite loop). We +- * ignore a request for us to update our sending keys too if we already +- * sent close_notify. ++ * not also request an update (otherwise we get into an infinite loop). + */ +- if (updatetype == SSL_KEY_UPDATE_REQUESTED +- && (s->shutdown & SSL_SENT_SHUTDOWN) == 0) ++ if (updatetype == SSL_KEY_UPDATE_REQUESTED) + s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED; + + if (!tls13_update_key(s, 0)) { +diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c +index d454326a99..04a23320fc 100644 +--- a/ssl/statem/statem_srvr.c ++++ b/ssl/statem/statem_srvr.c +@@ -502,12 +502,6 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) + return WRITE_TRAN_CONTINUE; + + case TLS_ST_SR_KEY_UPDATE: +- if (s->key_update != SSL_KEY_UPDATE_NONE) { +- st->hand_state = TLS_ST_SW_KEY_UPDATE; +- return WRITE_TRAN_CONTINUE; +- } +- /* Fall through */ +- + case TLS_ST_SW_KEY_UPDATE: + st->hand_state = TLS_ST_OK; + return WRITE_TRAN_CONTINUE; +-- +2.20.1 + +From c8feb1039ccc4cd11e6db084df1446bf863bee1e Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Wed, 17 Apr 2019 10:30:53 +0100 +Subject: [PATCH 2/2] Write a test for receiving a KeyUpdate (update requested) + while writing + +Reviewed-by: Ben Kaduk +(Merged from https://github.com/openssl/openssl/pull/8773) + +(cherry picked from commit a77b4dba237d001073d2d1c5d55c674a196c949f) +--- + test/sslapitest.c | 92 +++++++++++++++++++++++++++++++++++++++++++++ + test/ssltestlib.c | 96 +++++++++++++++++++++++++++++++++++++++++++++++ + test/ssltestlib.h | 3 ++ + 3 files changed, 191 insertions(+) + +diff --git a/test/sslapitest.c b/test/sslapitest.c +index 2261fe4a7a..577342644d 100644 +--- a/test/sslapitest.c ++++ b/test/sslapitest.c +@@ -4290,6 +4290,11 @@ static int test_key_update(void) + || !TEST_int_eq(SSL_read(serverssl, buf, sizeof(buf)), + strlen(mess))) + goto end; ++ ++ if (!TEST_int_eq(SSL_write(serverssl, mess, strlen(mess)), strlen(mess)) ++ || !TEST_int_eq(SSL_read(clientssl, buf, sizeof(buf)), ++ strlen(mess))) ++ goto end; + } + + testresult = 1; +@@ -4302,6 +4307,91 @@ static int test_key_update(void) + + return testresult; + } ++ ++/* ++ * Test we can handle a KeyUpdate (update requested) message while write data ++ * is pending. ++ * Test 0: Client sends KeyUpdate while Server is writing ++ * Test 1: Server sends KeyUpdate while Client is writing ++ */ ++static int test_key_update_in_write(int tst) ++{ ++ SSL_CTX *cctx = NULL, *sctx = NULL; ++ SSL *clientssl = NULL, *serverssl = NULL; ++ int testresult = 0; ++ char buf[20]; ++ static char *mess = "A test message"; ++ BIO *bretry = BIO_new(bio_s_always_retry()); ++ BIO *tmp = NULL; ++ SSL *peerupdate = NULL, *peerwrite = NULL; ++ ++ if (!TEST_ptr(bretry) ++ || !TEST_true(create_ssl_ctx_pair(TLS_server_method(), ++ TLS_client_method(), ++ TLS1_3_VERSION, ++ 0, ++ &sctx, &cctx, cert, privkey)) ++ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, ++ NULL, NULL)) ++ || !TEST_true(create_ssl_connection(serverssl, clientssl, ++ SSL_ERROR_NONE))) ++ goto end; ++ ++ peerupdate = tst == 0 ? clientssl : serverssl; ++ peerwrite = tst == 0 ? serverssl : clientssl; ++ ++ if (!TEST_true(SSL_key_update(peerupdate, SSL_KEY_UPDATE_REQUESTED)) ++ || !TEST_true(SSL_do_handshake(peerupdate))) ++ goto end; ++ ++ /* Swap the writing endpoint's write BIO to force a retry */ ++ tmp = SSL_get_wbio(peerwrite); ++ if (!TEST_ptr(tmp) || !TEST_true(BIO_up_ref(tmp))) { ++ tmp = NULL; ++ goto end; ++ } ++ SSL_set0_wbio(peerwrite, bretry); ++ bretry = NULL; ++ ++ /* Write data that we know will fail with SSL_ERROR_WANT_WRITE */ ++ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), -1) ++ || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_WRITE)) ++ goto end; ++ ++ /* Reinstate the original writing endpoint's write BIO */ ++ SSL_set0_wbio(peerwrite, tmp); ++ tmp = NULL; ++ ++ /* Now read some data - we will read the key update */ ++ if (!TEST_int_eq(SSL_read(peerwrite, buf, sizeof(buf)), -1) ++ || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_READ)) ++ goto end; ++ ++ /* ++ * Complete the write we started previously and read it from the other ++ * endpoint ++ */ ++ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess)) ++ || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess))) ++ goto end; ++ ++ /* Write more data to ensure we send the KeyUpdate message back */ ++ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess)) ++ || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess))) ++ goto end; ++ ++ testresult = 1; ++ ++ end: ++ SSL_free(serverssl); ++ SSL_free(clientssl); ++ SSL_CTX_free(sctx); ++ SSL_CTX_free(cctx); ++ BIO_free(bretry); ++ BIO_free(tmp); ++ ++ return testresult; ++} + #endif /* OPENSSL_NO_TLS1_3 */ + + static int test_ssl_clear(int idx) +@@ -5982,6 +6072,7 @@ int setup_tests(void) + #ifndef OPENSSL_NO_TLS1_3 + ADD_ALL_TESTS(test_export_key_mat_early, 3); + ADD_TEST(test_key_update); ++ ADD_ALL_TESTS(test_key_update_in_write, 2); + #endif + ADD_ALL_TESTS(test_ssl_clear, 2); + ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test)); +@@ -6002,4 +6093,5 @@ int setup_tests(void) + void cleanup_tests(void) + { + bio_s_mempacket_test_free(); ++ bio_s_always_retry_free(); + } +diff --git a/test/ssltestlib.c b/test/ssltestlib.c +index 05139be750..e1038620ac 100644 +--- a/test/ssltestlib.c ++++ b/test/ssltestlib.c +@@ -62,9 +62,11 @@ static int tls_dump_puts(BIO *bp, const char *str); + /* Choose a sufficiently large type likely to be unused for this custom BIO */ + #define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) + #define BIO_TYPE_MEMPACKET_TEST 0x81 ++#define BIO_TYPE_ALWAYS_RETRY 0x82 + + static BIO_METHOD *method_tls_dump = NULL; + static BIO_METHOD *meth_mem = NULL; ++static BIO_METHOD *meth_always_retry = NULL; + + /* Note: Not thread safe! */ + const BIO_METHOD *bio_f_tls_dump_filter(void) +@@ -612,6 +614,100 @@ static int mempacket_test_puts(BIO *bio, const char *str) + return mempacket_test_write(bio, str, strlen(str)); + } + ++static int always_retry_new(BIO *bi); ++static int always_retry_free(BIO *a); ++static int always_retry_read(BIO *b, char *out, int outl); ++static int always_retry_write(BIO *b, const char *in, int inl); ++static long always_retry_ctrl(BIO *b, int cmd, long num, void *ptr); ++static int always_retry_gets(BIO *bp, char *buf, int size); ++static int always_retry_puts(BIO *bp, const char *str); ++ ++const BIO_METHOD *bio_s_always_retry(void) ++{ ++ if (meth_always_retry == NULL) { ++ if (!TEST_ptr(meth_always_retry = BIO_meth_new(BIO_TYPE_ALWAYS_RETRY, ++ "Always Retry")) ++ || !TEST_true(BIO_meth_set_write(meth_always_retry, ++ always_retry_write)) ++ || !TEST_true(BIO_meth_set_read(meth_always_retry, ++ always_retry_read)) ++ || !TEST_true(BIO_meth_set_puts(meth_always_retry, ++ always_retry_puts)) ++ || !TEST_true(BIO_meth_set_gets(meth_always_retry, ++ always_retry_gets)) ++ || !TEST_true(BIO_meth_set_ctrl(meth_always_retry, ++ always_retry_ctrl)) ++ || !TEST_true(BIO_meth_set_create(meth_always_retry, ++ always_retry_new)) ++ || !TEST_true(BIO_meth_set_destroy(meth_always_retry, ++ always_retry_free))) ++ return NULL; ++ } ++ return meth_always_retry; ++} ++ ++void bio_s_always_retry_free(void) ++{ ++ BIO_meth_free(meth_always_retry); ++} ++ ++static int always_retry_new(BIO *bio) ++{ ++ BIO_set_init(bio, 1); ++ return 1; ++} ++ ++static int always_retry_free(BIO *bio) ++{ ++ BIO_set_data(bio, NULL); ++ BIO_set_init(bio, 0); ++ return 1; ++} ++ ++static int always_retry_read(BIO *bio, char *out, int outl) ++{ ++ BIO_set_retry_read(bio); ++ return -1; ++} ++ ++static int always_retry_write(BIO *bio, const char *in, int inl) ++{ ++ BIO_set_retry_write(bio); ++ return -1; ++} ++ ++static long always_retry_ctrl(BIO *bio, int cmd, long num, void *ptr) ++{ ++ long ret = 1; ++ ++ switch (cmd) { ++ case BIO_CTRL_FLUSH: ++ BIO_set_retry_write(bio); ++ /* fall through */ ++ case BIO_CTRL_EOF: ++ case BIO_CTRL_RESET: ++ case BIO_CTRL_DUP: ++ case BIO_CTRL_PUSH: ++ case BIO_CTRL_POP: ++ default: ++ ret = 0; ++ break; ++ } ++ return ret; ++} ++ ++static int always_retry_gets(BIO *bio, char *buf, int size) ++{ ++ BIO_set_retry_read(bio); ++ return -1; ++} ++ ++static int always_retry_puts(BIO *bio, const char *str) ++{ ++ BIO_set_retry_write(bio); ++ return -1; ++} ++ + int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, + int min_proto_version, int max_proto_version, + SSL_CTX **sctx, SSL_CTX **cctx, char *certfile, +diff --git a/test/ssltestlib.h b/test/ssltestlib.h +index fa19e7d80d..56e323f5bc 100644 +--- a/test/ssltestlib.h ++++ b/test/ssltestlib.h +@@ -30,6 +30,9 @@ void bio_f_tls_dump_filter_free(void); + const BIO_METHOD *bio_s_mempacket_test(void); + void bio_s_mempacket_test_free(void); + ++const BIO_METHOD *bio_s_always_retry(void); ++void bio_s_always_retry_free(void); ++ + /* Packet types - value 0 is reserved */ + #define INJECT_PACKET 1 + #define INJECT_PACKET_IGNORE_REC_SEQ 2 +-- +2.20.1 + +diff -up openssl-1.1.1c/include/internal/constant_time_locl.h.valgrind openssl-1.1.1c/include/internal/constant_time_locl.h +--- openssl-1.1.1c/include/internal/constant_time_locl.h.valgrind 2019-05-28 15:12:21.000000000 +0200 ++++ openssl-1.1.1c/include/internal/constant_time_locl.h 2019-06-24 15:02:12.796053536 +0200 +@@ -213,18 +213,66 @@ static ossl_inline unsigned char constan + return constant_time_eq_8((unsigned)(a), (unsigned)(b)); + } + ++/* Returns the value unmodified, but avoids optimizations. */ ++static ossl_inline unsigned int value_barrier(unsigned int a) ++{ ++#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) ++ unsigned int r; ++ __asm__("" : "=r"(r) : "0"(a)); ++#else ++ volatile unsigned int r = a; ++#endif ++ return r; ++} ++ ++/* Convenience method for uint32_t. */ ++static ossl_inline uint32_t value_barrier_32(uint32_t a) ++{ ++#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) ++ uint32_t r; ++ __asm__("" : "=r"(r) : "0"(a)); ++#else ++ volatile uint32_t r = a; ++#endif ++ return r; ++} ++ ++/* Convenience method for uint64_t. */ ++static ossl_inline uint64_t value_barrier_64(uint64_t a) ++{ ++#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) ++ uint64_t r; ++ __asm__("" : "=r"(r) : "0"(a)); ++#else ++ volatile uint64_t r = a; ++#endif ++ return r; ++} ++ ++/* Convenience method for size_t. */ ++static ossl_inline size_t value_barrier_s(size_t a) ++{ ++#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) ++ size_t r; ++ __asm__("" : "=r"(r) : "0"(a)); ++#else ++ volatile size_t r = a; ++#endif ++ return r; ++} ++ + static ossl_inline unsigned int constant_time_select(unsigned int mask, + unsigned int a, + unsigned int b) + { +- return (mask & a) | (~mask & b); ++ return (value_barrier(mask) & a) | (value_barrier(~mask) & b); + } + + static ossl_inline size_t constant_time_select_s(size_t mask, + size_t a, + size_t b) + { +- return (mask & a) | (~mask & b); ++ return (value_barrier_s(mask) & a) | (value_barrier_s(~mask) & b); + } + + static ossl_inline unsigned char constant_time_select_8(unsigned char mask, +@@ -249,13 +297,13 @@ static ossl_inline int constant_time_sel + static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a, + uint32_t b) + { +- return (mask & a) | (~mask & b); ++ return (value_barrier_32(mask) & a) | (value_barrier_32(~mask) & b); + } + + static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a, + uint64_t b) + { +- return (mask & a) | (~mask & b); ++ return (value_barrier_64(mask) & a) | (value_barrier_64(~mask) & b); + } + + /* diff --git a/openssl-freefilesync/openssl-1.1.1-version-add-engines.patch b/openssl-freefilesync/openssl-1.1.1-version-add-engines.patch new file mode 100644 index 0000000..3c3f58e --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-version-add-engines.patch @@ -0,0 +1,38 @@ +diff -up openssl-1.1.1-pre8/apps/version.c.version-add-engines openssl-1.1.1-pre8/apps/version.c +--- openssl-1.1.1-pre8/apps/version.c.version-add-engines 2018-06-20 16:48:09.000000000 +0200 ++++ openssl-1.1.1-pre8/apps/version.c 2018-07-16 18:00:40.608624346 +0200 +@@ -64,7 +64,7 @@ int version_main(int argc, char **argv) + { + int ret = 1, dirty = 0, seed = 0; + int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0; +- int engdir = 0; ++ int engdir = 0, engines = 0; + char *prog; + OPTION_CHOICE o; + +@@ -106,7 +106,7 @@ opthelp: + break; + case OPT_A: + seed = options = cflags = version = date = platform = dir = engdir +- = 1; ++ = engines = 1; + break; + } + } +@@ -188,6 +188,16 @@ opthelp: + #endif + printf("\n"); + } ++ if (engines) { ++ ENGINE *e; ++ printf("engines: "); ++ e = ENGINE_get_first(); ++ while (e) { ++ printf("%s ", ENGINE_get_id(e)); ++ e = ENGINE_get_next(e); ++ } ++ printf("\n"); ++ } + ret = 0; + end: + return ret; diff --git a/openssl-freefilesync/openssl-1.1.1-version-override.patch b/openssl-freefilesync/openssl-1.1.1-version-override.patch new file mode 100644 index 0000000..7970b84 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-version-override.patch @@ -0,0 +1,12 @@ +diff -up openssl-1.1.1c/include/openssl/opensslv.h.version-override openssl-1.1.1c/include/openssl/opensslv.h +--- openssl-1.1.1c/include/openssl/opensslv.h.version-override 2019-05-29 15:52:30.014734859 +0200 ++++ openssl-1.1.1c/include/openssl/opensslv.h 2019-05-29 15:53:23.093800831 +0200 +@@ -40,7 +40,7 @@ extern "C" { + * major minor fix final patch/beta) + */ + # define OPENSSL_VERSION_NUMBER 0x1010103fL +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1c 28 May 2019" ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1c FIPS 28 May 2019" + + /*- + * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/openssl-freefilesync/openssl-1.1.1-weak-ciphers.patch b/openssl-freefilesync/openssl-1.1.1-weak-ciphers.patch new file mode 100644 index 0000000..0083643 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-weak-ciphers.patch @@ -0,0 +1,57 @@ +diff -up openssl-1.1.1/ssl/s3_lib.c.weak-ciphers openssl-1.1.1/ssl/s3_lib.c +--- openssl-1.1.1/ssl/s3_lib.c.weak-ciphers 2018-09-11 14:48:23.000000000 +0200 ++++ openssl-1.1.1/ssl/s3_lib.c 2018-09-17 12:53:33.850637181 +0200 +@@ -2612,7 +2612,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_GOST89MAC, + TLS1_VERSION, TLS1_2_VERSION, + 0, 0, +- SSL_HIGH, ++ SSL_MEDIUM, + SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, + 256, + 256, +@@ -2644,7 +2644,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_GOST89MAC12, + TLS1_VERSION, TLS1_2_VERSION, + 0, 0, +- SSL_HIGH, ++ SSL_MEDIUM, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, + 256, + 256, +@@ -2753,7 +2753,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + }, + #endif /* OPENSSL_NO_SEED */ + +-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS ++#if 0 /* No MD5 ciphersuites */ + { + 1, + SSL3_TXT_RSA_RC4_128_MD5, +@@ -2770,6 +2770,8 @@ static SSL_CIPHER ssl3_ciphers[] = { + 128, + 128, + }, ++#endif ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_RSA_RC4_128_SHA, +@@ -2786,6 +2788,8 @@ static SSL_CIPHER ssl3_ciphers[] = { + 128, + 128, + }, ++#endif ++#if 0 + { + 1, + SSL3_TXT_ADH_RC4_128_MD5, +@@ -2802,6 +2806,8 @@ static SSL_CIPHER ssl3_ciphers[] = { + 128, + 128, + }, ++#endif ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA, diff --git a/openssl-freefilesync/openssl-1.1.1c-hobbled.tar.xz b/openssl-freefilesync/openssl-1.1.1c-hobbled.tar.xz new file mode 100644 index 0000000..d14f9bf Binary files /dev/null and b/openssl-freefilesync/openssl-1.1.1c-hobbled.tar.xz differ diff --git a/openssl-freefilesync/openssl.spec b/openssl-freefilesync/openssl.spec new file mode 100644 index 0000000..29cef89 --- /dev/null +++ b/openssl-freefilesync/openssl.spec @@ -0,0 +1,2128 @@ +# For the curious: +# 0.9.5a soversion = 0 +# 0.9.6 soversion = 1 +# 0.9.6a soversion = 2 +# 0.9.6c soversion = 3 +# 0.9.7a soversion = 4 +# 0.9.7ef soversion = 5 +# 0.9.8ab soversion = 6 +# 0.9.8g soversion = 7 +# 0.9.8jk + EAP-FAST soversion = 8 +# 1.0.0 soversion = 10 +# 1.1.0 soversion = 1.1 (same as upstream although presence of some symbols +# depends on build configuration options) +%define soversion 1.1 + +# for openssl-freefilesync +%define fullname openssl-freefilesync +%define shortname openssl + +# Arches on which we need to prevent arch conflicts on opensslconf.h, must +# also be handled in opensslconf-new.h. +%define multilib_arches %{ix86} ia64 %{mips} ppc ppc64 s390 s390x sparcv9 sparc64 x86_64 + +%global _performance_build 1 + +Summary: Utilities from the general purpose cryptography library with TLS implementation +# for openssl-freefilesync +Name: %{fullname} +Version: 1.1.1c +# for openssl-freefilesync +Release: 6.stack%{?dist} +Epoch: 1 +# We have to remove certain patented algorithms from the openssl source +# tarball with the hobble-openssl script which is included below. +# The original openssl upstream tarball cannot be shipped in the .src.rpm. +Source: openssl-%{version}-hobbled.tar.xz +Source1: hobble-openssl +Source2: Makefile.certificate +Source6: make-dummy-cert +Source7: renew-dummy-cert +Source9: opensslconf-new.h +Source10: opensslconf-new-warning.h +Source11: README.FIPS +Source12: ec_curve.c +Source13: ectest.c +# Build changes +Patch1: openssl-1.1.1-build.patch +Patch2: openssl-1.1.1-defaults.patch +Patch3: openssl-1.1.0-no-html.patch +Patch4: openssl-1.1.1-man-rename.patch +# Bug fixes +Patch21: openssl-1.1.0-issuer-hash.patch +# Functionality changes +Patch31: openssl-1.1.1-conf-paths.patch +Patch32: openssl-1.1.1-version-add-engines.patch +Patch33: openssl-1.1.1-apps-dgst.patch +Patch36: openssl-1.1.1-no-brainpool.patch +Patch37: openssl-1.1.1-ec-curves.patch +Patch38: openssl-1.1.1-no-weak-verify.patch +Patch40: openssl-1.1.1-disable-ssl3.patch +Patch41: openssl-1.1.1-system-cipherlist.patch +Patch42: openssl-1.1.1-fips.patch +Patch43: openssl-1.1.1-ignore-bound.patch +Patch44: openssl-1.1.1-version-override.patch +Patch45: openssl-1.1.1-weak-ciphers.patch +Patch46: openssl-1.1.1-seclevel.patch +Patch47: openssl-1.1.1-ts-sha256-default.patch +Patch48: openssl-1.1.1-fips-post-rand.patch +Patch49: openssl-1.1.1-evp-kdf.patch +Patch50: openssl-1.1.1-ssh-kdf.patch +# Backported fixes including security fixes +Patch51: openssl-1.1.1-upstream-sync.patch +Patch52: openssl-1.1.1-s390x-update.patch +Patch53: openssl-1.1.1-fips-crng-test.patch +Patch54: openssl-1.1.1-regression-fixes.patch + +License: OpenSSL +URL: http://www.openssl.org/ +BuildRequires: gcc +BuildRequires: coreutils, perl-interpreter, sed, zlib-devel, /usr/bin/cmp +BuildRequires: lksctp-tools-devel +BuildRequires: /usr/bin/rename +BuildRequires: /usr/bin/pod2man +BuildRequires: /usr/sbin/sysctl +BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt) +BuildRequires: perl(Module::Load::Conditional), perl(File::Temp) +BuildRequires: perl(Time::HiRes) +Requires: coreutils +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} + +%description +The OpenSSL toolkit provides support for secure communications between +machines. OpenSSL includes a certificate management tool and shared +libraries which provide various cryptographic algorithms and +protocols. + +%package libs +Summary: A general purpose cryptography library with TLS implementation +Requires: ca-certificates >= 2008-5 +# for openssl-freefilesync +#Requires: crypto-policies >= 20180730 +#Recommends: openssl-pkcs11%{?_isa} +Provides: openssl-fips = %{epoch}:%{version}-%{release} + +%description libs +OpenSSL is a toolkit for supporting cryptography. The openssl-libs +package contains the libraries that are used by various applications which +support cryptographic algorithms and protocols. + +%package devel +Summary: Files for development of applications which will use OpenSSL +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} +Requires: pkgconfig + +%description devel +OpenSSL is a toolkit for supporting cryptography. The openssl-devel +package contains include files needed to develop applications which +support various cryptographic algorithms and protocols. + +%package static +Summary: Libraries for static linking of applications which will use OpenSSL +Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release} + +%description static +OpenSSL is a toolkit for supporting cryptography. The openssl-static +package contains static libraries needed for static linking of +applications which support various cryptographic algorithms and +protocols. + +%package perl +Summary: Perl scripts provided with OpenSSL +Requires: perl-interpreter +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} + +%description perl +OpenSSL is a toolkit for supporting cryptography. The openssl-perl +package provides Perl scripts for converting certificates and keys +from other formats to the formats used by the OpenSSL toolkit. + +%prep +# for openssl-freefilesync +%setup -q -n %{shortname}-%{version} + +# The hobble_openssl is called here redundantly, just to be sure. +# The tarball has already the sources removed. +%{SOURCE1} > /dev/null + +cp %{SOURCE12} crypto/ec/ +cp %{SOURCE13} test/ + +%patch1 -p1 -b .build %{?_rawbuild} +%patch2 -p1 -b .defaults +%patch3 -p1 -b .no-html %{?_rawbuild} +%patch4 -p1 -b .man-rename + +%patch21 -p1 -b .issuer-hash + +%patch31 -p1 -b .conf-paths +%patch32 -p1 -b .version-add-engines +%patch33 -p1 -b .dgst +%patch36 -p1 -b .no-brainpool +%patch37 -p1 -b .curves +%patch38 -p1 -b .no-weak-verify +%patch40 -p1 -b .disable-ssl3 +%patch41 -p1 -b .system-cipherlist +%patch42 -p1 -b .fips +%patch43 -p1 -b .ignore-bound +%patch44 -p1 -b .version-override +%patch45 -p1 -b .weak-ciphers +%patch46 -p1 -b .seclevel +%patch47 -p1 -b .ts-sha256-default +%patch48 -p1 -b .fips-post-rand +# for openssl-freefilesync +sed -i -r -e '/sys\/random\.h/s@sys/random\.h@/usr/include/linux/random.h@;' crypto/rand/rand_unix.c +%patch49 -p1 -b .evp-kdf +%patch50 -p1 -b .ssh-kdf +%patch51 -p1 -b .upstream-sync +%patch52 -p1 -b .s390x-update +%patch53 -p1 -b .crng-test +%patch54 -p1 -b .regression + + +%build +# Figure out which flags we want to use. +# default +sslarch=%{_os}-%{_target_cpu} +%ifarch %ix86 +sslarch=linux-elf +if ! echo %{_target} | grep -q i686 ; then + sslflags="no-asm 386" +fi +%endif +%ifarch x86_64 +sslflags=enable-ec_nistp_64_gcc_128 +%endif +%ifarch sparcv9 +sslarch=linux-sparcv9 +sslflags=no-asm +%endif +%ifarch sparc64 +sslarch=linux64-sparcv9 +sslflags=no-asm +%endif +%ifarch alpha alphaev56 alphaev6 alphaev67 +sslarch=linux-alpha-gcc +%endif +%ifarch s390 sh3eb sh4eb +sslarch="linux-generic32 -DB_ENDIAN" +%endif +%ifarch s390x +sslarch="linux64-s390x" +%endif +%ifarch %{arm} +sslarch=linux-armv4 +%endif +%ifarch aarch64 +sslarch=linux-aarch64 +sslflags=enable-ec_nistp_64_gcc_128 +%endif +%ifarch sh3 sh4 +sslarch=linux-generic32 +%endif +%ifarch ppc64 ppc64p7 +sslarch=linux-ppc64 +%endif +%ifarch ppc64le +sslarch="linux-ppc64le" +sslflags=enable-ec_nistp_64_gcc_128 +%endif +%ifarch mips mipsel +sslarch="linux-mips32 -mips32r2" +%endif +%ifarch mips64 mips64el +sslarch="linux64-mips64 -mips64r2" +%endif +%ifarch mips64el +sslflags=enable-ec_nistp_64_gcc_128 +%endif +%ifarch riscv64 +sslarch=linux-generic64 +%endif + +# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be +# marked as not requiring an executable stack. +# Also add -DPURIFY to make using valgrind with openssl easier as we do not +# want to depend on the uninitialized memory as a source of entropy anyway. +# for openssl-freefilesync +RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY $RPM_LD_FLAGS" + +export HASHBANGPERL=/usr/bin/perl + +# ia64, x86_64, ppc are OK by default +# Configure the build tree. Override OpenSSL defaults with known-good defaults +# usable on all platforms. The Configure script already knows to use -fPIC and +# RPM_OPT_FLAGS, so we can skip specifiying them here. +./Configure \ + --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ + --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \ + zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ + enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \ + enable-weak-ssl-ciphers \ + no-mdc2 no-ec2m no-sm2 no-sm4 \ + shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""' + +# Do not run this in a production package the FIPS symbols must be patched-in +#util/mkdef.pl crypto update + +make all + +# Overwrite FIPS README +cp -f %{SOURCE11} . + +# Clean up the .pc files +for i in libcrypto.pc libssl.pc openssl.pc ; do + sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i +done + +%check +# Verify that what was compiled actually works. + +# Hack - either enable SCTP AUTH chunks in kernel or disable sctp for check +(sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \ +(echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' && + sed '/"zlib-dynamic" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \ + touch -r configdata.pm configdata.pm.new && \ + mv -f configdata.pm.new configdata.pm) + +# We must revert patch31 before tests otherwise they will fail +patch -p1 -R < %{PATCH31} + +LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} +export LD_LIBRARY_PATH +crypto/fips/fips_standalone_hmac libcrypto.so.%{soversion} >.libcrypto.so.%{soversion}.hmac +ln -s .libcrypto.so.%{soversion}.hmac .libcrypto.so.hmac +crypto/fips/fips_standalone_hmac libssl.so.%{soversion} >.libssl.so.%{soversion}.hmac +ln -s .libssl.so.%{soversion}.hmac .libssl.so.hmac +OPENSSL_ENABLE_MD5_VERIFY= +export OPENSSL_ENABLE_MD5_VERIFY +OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file +export OPENSSL_SYSTEM_CIPHERS_OVERRIDE +make test + +# Add generation of HMAC checksum of the final stripped library +%define __spec_install_post \ + %{?__debug_package:%{__debug_install_post}} \ + %{__arch_install_post} \ + %{__os_install_post} \ + crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \ + ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \ + crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \ + ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \ +%{nil} + +%define __provides_exclude_from %{_libdir}/openssl + +%install +[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT +# Install OpenSSL. +install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl,%{_pkgdocdir}} +make DESTDIR=$RPM_BUILD_ROOT install +rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion} +for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do + chmod 755 ${lib} + ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}` + ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion} +done + +# Install a makefile for generating keys and self-signed certs, and a script +# for generating them on the fly. +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs +install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate +install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_bindir}/make-dummy-cert +install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/renew-dummy-cert + +# Move runable perl scripts to bindir +mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/*.pl $RPM_BUILD_ROOT%{_bindir} +mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir} + +# Rename man pages so that they don't conflict with other system man pages. +pushd $RPM_BUILD_ROOT%{_mandir} +ln -s -f config.5 man5/openssl.cnf.5 +for manpage in man*/* ; do + if [ -L ${manpage} ]; then + TARGET=`ls -l ${manpage} | awk '{ print $NF }'` + ln -snf ${TARGET}ssl ${manpage}ssl + rm -f ${manpage} + else + mv ${manpage} ${manpage}ssl + fi +done +for conflict in passwd rand ; do + rename ${conflict} ssl${conflict} man*/${conflict}* +# Fix dangling symlinks + manpage=man1/openssl-${conflict}.* + if [ -L ${manpage} ] ; then + ln -snf ssl${conflict}.1ssl ${manpage} + fi +done +popd + +mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA +mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private +mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/certs +mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/crl +mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts + +# Ensure the config file timestamps are identical across builds to avoid +# mulitlib conflicts and unnecessary renames on upgrade +# for openssl-freefilesync +touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf%{version} +touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf%{version} + +rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf{,.dist} +rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf{,.dist} + +# Determine which arch opensslconf.h is going to try to #include. +basearch=%{_arch} +%ifarch %{ix86} +basearch=i386 +%endif +%ifarch sparcv9 +basearch=sparc +%endif +%ifarch sparc64 +basearch=sparc64 +%endif + +# Next step of gradual disablement of SSL3. +# Make SSL3 disappear to newly built dependencies. +sed -i '/^\#ifndef OPENSSL_NO_SSL_TRACE/i\ +#ifndef OPENSSL_NO_SSL3\ +# define OPENSSL_NO_SSL3\ +#endif' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h + +%ifarch %{multilib_arches} +# Do an opensslconf.h switcheroo to avoid file conflicts on systems where you +# can have both a 32- and 64-bit version of the library, and they each need +# their own correct-but-different versions of opensslconf.h to be usable. +install -m644 %{SOURCE10} \ + $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h +cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h >> \ + $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h +install -m644 %{SOURCE9} \ + $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h +%endif +LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} +export LD_LIBRARY_PATH + +# for openssl-freefilesync +pushd ${RPM_BUILD_ROOT}%{_mandir} +for word in $( find . ! -type d -print ) ; +do + mv "${word}" "${word}-111c" +done +popd +mv ${RPM_BUILD_ROOT}%{_bindir}/openssl{,-111c} + +%files +%{!?_licensedir:%global license %%doc} +%license LICENSE +%doc FAQ NEWS README README.FIPS +%{_bindir}/make-dummy-cert +%{_bindir}/renew-dummy-cert +# for openssl-freefilesync +%{_bindir}/openssl-111c +%{_mandir}/man1*/* +%{_mandir}/man5*/* +%{_mandir}/man7*/* +%{_pkgdocdir}/Makefile.certificate +%exclude %{_mandir}/man1*/*.pl* +%exclude %{_mandir}/man1*/c_rehash* +%exclude %{_mandir}/man1*/tsget* +%exclude %{_mandir}/man1*/openssl-tsget* + +%files libs +%{!?_licensedir:%global license %%doc} +%license LICENSE +%dir %{_sysconfdir}/pki/tls +%dir %{_sysconfdir}/pki/tls/certs +%dir %{_sysconfdir}/pki/tls/misc +%dir %{_sysconfdir}/pki/tls/private +# for openssl-freefilesync +%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf%{version} +%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf%{version} +%attr(0755,root,root) %{_libdir}/libcrypto.so.%{version} +%attr(0755,root,root) %{_libdir}/libcrypto.so.%{soversion} +%attr(0755,root,root) %{_libdir}/libssl.so.%{version} +%attr(0755,root,root) %{_libdir}/libssl.so.%{soversion} +%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac +%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac +%attr(0755,root,root) %{_libdir}/engines-%{soversion} + +%files devel +%doc CHANGES doc/dir-locals.example.el doc/openssl-c-indent.el +%{_prefix}/include/openssl +%{_libdir}/*.so +%{_mandir}/man3*/* +%{_libdir}/pkgconfig/*.pc + +%files static +%{_libdir}/*.a + +%files perl +%{_bindir}/c_rehash +%{_bindir}/*.pl +%{_bindir}/tsget +%{_mandir}/man1*/*.pl* +%{_mandir}/man1*/c_rehash* +%{_mandir}/man1*/tsget* +%{_mandir}/man1*/openssl-tsget* +%dir %{_sysconfdir}/pki/CA +%dir %{_sysconfdir}/pki/CA/private +%dir %{_sysconfdir}/pki/CA/certs +%dir %{_sysconfdir}/pki/CA/crl +%dir %{_sysconfdir}/pki/CA/newcerts + +# for openssl-freefilesync +%post libs -p /sbin/ldconfig + +%postun libs -p /sbin/ldconfig + +%changelog +* Wed Sep 18 2019 B Stack 1.1.1c-6.stack +- rebuild for el7 for freefilesync + +* Fri Sep 6 2019 Tomáš Mráz 1.1.1c-6 +- upstream fix for status request extension non-compliance (#1737471) + +* Thu Jul 25 2019 Fedora Release Engineering - 1:1.1.1c-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Jun 24 2019 Tomáš Mráz 1.1.1c-4 +- do not try to use EC groups disallowed in FIPS mode + in TLS +- fix Valgrind regression with constant-time code + +* Mon Jun 3 2019 Tomáš Mráz 1.1.1c-3 +- add upstream patch to defer sending KeyUpdate after + pending writes are complete + +* Thu May 30 2019 Tomáš Mráz 1.1.1c-2 +- fix use of uninitialized memory + +* Wed May 29 2019 Tomáš Mráz 1.1.1c-1 +- update to the 1.1.1c release + +* Fri May 10 2019 Tomáš Mráz 1.1.1b-10 +- Another attempt at the AES-CCM regression fix + +* Fri May 10 2019 Tomáš Mráz 1.1.1b-9 +- Fix two small regressions +- Change the ts application default hash to SHA256 + +* Tue May 7 2019 Tomáš Mráz 1.1.1b-8 +- FIPS compliance fixes + +* Mon May 6 2019 Tomáš Mráz 1.1.1b-7 +- add S390x chacha20-poly1305 assembler support from master branch + +* Fri May 3 2019 Tomáš Mráz 1.1.1b-6 +- apply new bugfixes from upstream 1.1.1 branch + +* Tue Apr 16 2019 Tomáš Mráz 1.1.1b-5 +- fix for BIO_get_mem_ptr() regression in 1.1.1b (#1691853) + +* Wed Mar 27 2019 Tomáš Mráz 1.1.1b-4 +- drop unused BuildRequires and Requires in the -devel subpackage + +* Fri Mar 15 2019 Tomáš Mráz 1.1.1b-3 +- fix regression in EVP_PBE_scrypt() (#1688284) +- fix incorrect help message in ca app (#1553206) + +* Fri Mar 1 2019 Tomáš Mráz 1.1.1b-2 +- use .include = syntax in the config file to allow it + to be parsed by 1.0.2 version (#1668916) + +* Thu Feb 28 2019 Tomáš Mráz 1.1.1b-1 +- update to the 1.1.1b release +- EVP_KDF API backport from master +- SSH KDF implementation for EVP_KDF API backport from master + +* Fri Feb 01 2019 Fedora Release Engineering - 1:1.1.1a-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Tue Jan 15 2019 Tomáš Mráz 1.1.1a-1 +- update to the 1.1.1a release + +* Fri Nov 9 2018 Tomáš Mráz 1.1.1-7 +- use /dev/urandom for seeding the RNG in FIPS POST + +* Fri Oct 12 2018 Tomáš Mráz 1.1.1-6 +- fix SECLEVEL 3 support +- fix some issues found in Coverity scan + +* Thu Sep 27 2018 Charalampos Stratakis - 1:1.1.1-5 +- Correctly invoke sed for defining OPENSSL_NO_SSL3 + +* Thu Sep 27 2018 Tomáš Mráz 1.1.1-4 +- define OPENSSL_NO_SSL3 so the newly built dependencies do not + have access to SSL3 API calls anymore + +* Mon Sep 17 2018 Tomáš Mráz 1.1.1-3 +- reinstate accidentally dropped patch for weak ciphersuites + +* Fri Sep 14 2018 Tomáš Mráz 1.1.1-2 +- for consistent support of security policies we build + RC4 support in TLS (not default) and allow SHA1 in SECLEVEL 2 + +* Thu Sep 13 2018 Tomáš Mráz 1.1.1-1 +- update to the final 1.1.1 version + +* Thu Sep 6 2018 Tomáš Mráz 1.1.1-0.pre9.3 +- do not try to initialize RNG in cleanup if it was not initialized + before (#1624554) +- use only /dev/urandom if getrandom() is not available +- disable SM4 + +* Wed Aug 29 2018 Tomáš Mráz 1.1.1-0.pre9.2 +- fix dangling symlinks to manual pages +- make SSLv3_method work + +* Wed Aug 22 2018 Tomáš Mráz 1.1.1-0.pre9.1 +- update to the latest 1.1.1 beta version + +* Mon Aug 13 2018 Tomáš Mráz 1.1.1-0.pre8.4 +- bidirectional shutdown fixes from upstream + +* Mon Aug 13 2018 Tomáš Mráz 1.1.1-0.pre8.3 +- do not put error on stack when using fixed protocol version + with the default config (#1615098) + +* Fri Jul 27 2018 Tomáš Mráz 1.1.1-0.pre8.2 +- load crypto policy config file from the default config + +* Wed Jul 25 2018 Tomáš Mráz 1.1.1-0.pre8 +- update to the latest 1.1.1 beta version + +* Fri Jul 13 2018 Fedora Release Engineering - 1:1.1.0h-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jun 19 2018 Tomáš Mráz 1.1.0h-5 +- fix FIPS RSA key generation failure + +* Mon Jun 4 2018 Tomáš Mráz 1.1.0h-4 +- ppc64le is not multilib arch (#1584994) + +* Tue Apr 3 2018 Tomáš Mráz 1.1.0h-3 +- fix regression of c_rehash (#1562953) + +* Thu Mar 29 2018 Tomáš Mráz 1.1.0h-2 +- fix FIPS symbol versions + +* Thu Mar 29 2018 Tomáš Mráz 1.1.0h-1 +- update to upstream version 1.1.0h +- add Recommends for openssl-pkcs11 + +* Fri Feb 23 2018 Tomáš Mráz 1.1.0g-6 +- one more try to apply RPM_LD_FLAGS properly (#1541033) +- dropped unneeded starttls xmpp patch (#1417017) + +* Thu Feb 08 2018 Fedora Release Engineering - 1:1.1.0g-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Feb 1 2018 Tomáš Mráz 1.1.0g-4 +- apply RPM_LD_FLAGS properly (#1541033) + +* Thu Jan 11 2018 Tomáš Mráz 1.1.0g-3 +- silence the .rnd write failure as that is auxiliary functionality (#1524833) + +* Thu Dec 14 2017 Tomáš Mráz 1.1.0g-2 +- put the Makefile.certificate in pkgdocdir and drop the requirement on make + +* Fri Nov 3 2017 Tomáš Mráz 1.1.0g-1 +- update to upstream version 1.1.0g + +* Thu Aug 03 2017 Fedora Release Engineering - 1:1.1.0f-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 1:1.1.0f-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon Jul 17 2017 Tomáš Mráz 1:1.1.0f-7 +- make s_client and s_server work with -ssl3 option (#1471783) + +* Thu Jul 13 2017 Petr Pisar - 1:1.1.0f-6 +- perl dependency renamed to perl-interpreter + + +* Mon Jun 26 2017 Tomáš Mráz 1.1.0f-5 +- disable verification of all insecure hashes + +* Fri Jun 23 2017 Tomáš Mráz 1.1.0f-4 +- make DTLS work (#1462541) + +* Thu Jun 15 2017 Tomáš Mráz 1.1.0f-3 +- enable 3DES SSL ciphersuites, RC4 is kept disabled (#1453066) + +* Mon Jun 5 2017 Tomáš Mráz 1.1.0f-2 +- only release thread-local key if we created it (from upstream) (#1458775) + +* Fri Jun 2 2017 Tomáš Mráz 1.1.0f-1 +- update to upstream version 1.1.0f +- SRP and GOST is now allowed, note that GOST support requires + adding GOST engine which is not part of openssl anymore + +* Thu Feb 16 2017 Tomáš Mráz 1.1.0e-1 +- update to upstream version 1.1.0e +- add documentation of the PROFILE=SYSTEM special cipher string (#1420232) + +* Sat Feb 11 2017 Fedora Release Engineering - 1:1.1.0d-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Feb 1 2017 Tomáš Mráz 1.1.0d-2 +- applied upstream fixes (fix regression in X509_CRL_digest) + +* Thu Jan 26 2017 Tomáš Mráz 1.1.0d-1 +- update to upstream version 1.1.0d + +* Thu Dec 22 2016 Tomáš Mráz 1.1.0c-5 +- preserve new line in fd BIO BIO_gets() as other BIOs do + +* Fri Dec 2 2016 Tomáš Mráz 1.1.0c-4 +- FIPS mode fixes for TLS + +* Wed Nov 30 2016 Tomáš Mráz 1.1.0c-3 +- revert SSL_read() behavior change - patch from upstream (#1394677) +- fix behavior on client certificate request in renegotiation (#1393579) + +* Tue Nov 22 2016 Tomáš Mráz 1.1.0c-2 +- EC curve NIST P-224 is now allowed, still kept disabled in TLS due + to less than optimal security + +* Fri Nov 11 2016 Tomáš Mráz 1.1.0c-1 +- update to upstream version 1.1.0c + +* Fri Nov 4 2016 Tomáš Mráz 1.1.0b-4 +- use a random seed if the supplied one did not generate valid + parameters in dsa_builtin_paramgen2() + +* Wed Oct 12 2016 Tomáš Mráz 1.1.0b-3 +- do not break contract on return value when using dsa_builtin_paramgen2() + +* Wed Oct 12 2016 Tomáš Mráz 1.1.0b-2 +- fix afalg failure on big endian + +* Tue Oct 11 2016 Tomáš Mráz 1.1.0b-1 +- update to upstream version 1.1.0b + +* Fri Oct 07 2016 Richard W.M. Jones - 1:1.0.2j-2 +- Add flags for riscv64. + +* Mon Sep 26 2016 Tomáš Mráz 1.0.2j-1 +- minor upstream release 1.0.2j fixing regression from previous release + +* Sat Sep 24 2016 David Woodhouse 1.0.2i-2 +- Fix enginesdir in libcrypto.c (#1375361) + +* Thu Sep 22 2016 Tomáš Mráz 1.0.2i-1 +- minor upstream release 1.0.2i fixing security issues +- move man pages for perl based scripts to perl subpackage (#1377617) + +* Wed Aug 10 2016 Tomáš Mráz 1.0.2h-3 +- fix regression in Cisco AnyConnect VPN support (#1354588) + +* Mon Jun 27 2016 Tomáš Mráz 1.0.2h-2 +- require libcrypto in libssl.pc (#1301301) + +* Tue May 3 2016 Tomáš Mráz 1.0.2h-1 +- minor upstream release 1.0.2h fixing security issues + +* Tue Mar 29 2016 Tomáš Mráz 1.0.2g-4 +- disable SSLv2 support altogether (without ABI break) + +* Mon Mar 7 2016 Tom Callaway - 1.0.2g-3 +- enable RC5 + +* Wed Mar 2 2016 Tomáš Mráz 1.0.2g-2 +- reenable SSL2 in the build to avoid ABI break (it does not + make the openssl vulnerable to DROWN attack) + +* Tue Mar 1 2016 Tomáš Mráz 1.0.2g-1 +- minor upstream release 1.0.2g fixing security issues + +* Thu Feb 04 2016 Fedora Release Engineering - 1:1.0.2f-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Jan 28 2016 Tomáš Mráz 1.0.2f-1 +- minor upstream release 1.0.2f fixing security issues +- add support for MIPS secondary architecture + +* Fri Jan 15 2016 Tomáš Mráz 1.0.2e-5 +- document some options of openssl speed command + +* Fri Dec 18 2015 Tomáš Mráz 1.0.2e-4 +- enable sctp support in DTLS + +* Tue Dec 8 2015 Tomáš Mráz 1.0.2e-3 +- remove unimplemented EC method from header (#1289599) + +* Mon Dec 7 2015 Tomáš Mráz 1.0.2e-2 +- the fast nistp implementation works only on little endian architectures + +* Fri Dec 4 2015 Tomáš Mráz 1.0.2e-1 +- minor upstream release 1.0.2e fixing moderate severity security issues +- enable fast assembler implementation for NIST P-256 and P-521 + elliptic curves (#1164210) +- filter out unwanted link options from the .pc files (#1257836) +- do not set serial to 0 in Makefile.certificate (#1135719) + +* Mon Nov 16 2015 Tomáš Mráz 1.0.2d-3 +- fix sigill on some AMD CPUs (#1278194) + +* Wed Aug 12 2015 Tom Callaway 1.0.2d-2 +- re-enable secp256k1 (bz1021898) + +* Thu Jul 9 2015 Tomáš Mráz 1.0.2d-1 +- minor upstream release 1.0.2d fixing a high severity security issue + +* Tue Jul 7 2015 Tomáš Mráz 1.0.2c-3 +- fix the aarch64 build + +* Thu Jun 18 2015 Fedora Release Engineering - 1:1.0.2c-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Jun 15 2015 Tomáš Mráz 1.0.2c-1 +- minor upstream release 1.0.2c fixing multiple security issues + +* Thu May 7 2015 Peter Robinson 1.0.2a-4 +- Add aarch64 sslarch details + +* Thu May 7 2015 Tomáš Mráz 1.0.2a-3 +- fix some 64 bit build targets + +* Tue Apr 28 2015 Tomáš Mráz 1.0.2a-2 +- add alternative certificate chain discovery support from upstream + +* Thu Apr 23 2015 Tomáš Mráz 1.0.2a-1 +- rebase to 1.0.2 branch + +* Thu Apr 9 2015 Tomáš Mráz 1.0.1k-7 +- drop the AES-GCM restriction of 2^32 operations because the IV is + always 96 bits (32 bit fixed field + 64 bit invocation field) + +* Thu Mar 19 2015 Tomáš Mráz 1.0.1k-6 +- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey() +- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison +- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption +- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data +- fix CVE-2015-0293 - triggerable assert in SSLv2 server + +* Mon Mar 16 2015 Tomáš Mráz 1.0.1k-5 +- fix bug in the CRYPTO_128_unwrap() + +* Fri Feb 27 2015 Tomáš Mráz 1.0.1k-4 +- fix bug in the RFC 5649 support (#1185878) + +* Sat Feb 21 2015 Till Maas - 1:1.0.1k-3 +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Thu Jan 15 2015 Tomáš Mráz 1.0.1k-2 +- test in the non-FIPS RSA keygen for minimal distance of p and q + similarly to the FIPS RSA keygen + +* Fri Jan 9 2015 Tomáš Mráz 1.0.1k-1 +- new upstream release fixing multiple security issues + +* Thu Nov 20 2014 Tomáš Mráz 1.0.1j-3 +- disable SSLv3 by default again (mail servers and possibly + LDAP servers should probably allow it explicitly for legacy + clients) + +* Tue Oct 21 2014 Tomáš Mráz 1.0.1j-2 +- update the FIPS RSA keygen to be FIPS 186-4 compliant + +* Thu Oct 16 2014 Tomáš Mráz 1.0.1j-1 +- new upstream release fixing multiple security issues + +* Fri Oct 10 2014 Tomáš Mráz 1.0.1i-5 +- copy negotiated digests when switching certs by SNI (#1150032) + +* Mon Sep 8 2014 Tomáš Mráz 1.0.1i-4 +- add support for RFC 5649 + +* Sun Aug 17 2014 Fedora Release Engineering - 1:1.0.1i-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Aug 13 2014 Tomáš Mráz 1.0.1i-2 +- drop RSA X9.31 from RSA FIPS selftests +- add Power 8 optimalizations + +* Thu Aug 7 2014 Tomáš Mráz 1.0.1i-1 +- new upstream release fixing multiple moderate security issues +- for now disable only SSLv2 by default + +* Fri Jul 18 2014 Tom Callaway 1.0.1h-6 +- fix license handling + +* Mon Jun 30 2014 Tomáš Mráz 1.0.1h-5 +- disable SSLv2 and SSLv3 protocols by default (can be enabled + via appropriate SSL_CTX_clear_options() call) + +* Wed Jun 11 2014 Tomáš Mráz 1.0.1h-4 +- use system profile for default cipher list + +* Tue Jun 10 2014 Tomáš Mráz 1.0.1h-3 +- make FIPS mode keygen bit length restriction enforced only when + OPENSSL_ENFORCE_MODULUS_BITS is set +- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support + +* Sat Jun 07 2014 Fedora Release Engineering - 1:1.0.1h-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu Jun 5 2014 Tomáš Mráz 1.0.1h-1 +- new upstream release 1.0.1h + +* Sat May 31 2014 Peter Robinson 1.0.1g-2 +- Drop obsolete and irrelevant docs +- Move devel docs to appropriate package + +* Wed May 7 2014 Tomáš Mráz 1.0.1g-1 +- new upstream release 1.0.1g +- do not include ECC ciphersuites in SSLv2 client hello (#1090952) +- fail on hmac integrity check if the .hmac file is empty + +* Mon Apr 07 2014 Dennis Gilmore - 1.0.1e-44 +- pull in upstream patch for CVE-2014-0160 +- removed CHANGES file portion from patch for expediency + +* Thu Apr 3 2014 Tomáš Mráz 1.0.1e-43 +- add support for ppc64le architecture (#1072633) + +* Mon Mar 17 2014 Tomáš Mráz 1.0.1e-42 +- properly detect encryption failure in BIO +- use 2048 bit RSA key in FIPS selftests + +* Fri Feb 14 2014 Tomáš Mráz 1.0.1e-41 +- use the key length from configuration file if req -newkey rsa is invoked + +* Thu Feb 13 2014 Tomáš Mráz 1.0.1e-40 +- print ephemeral key size negotiated in TLS handshake (#1057715) +- add DH_compute_key_padded needed for FIPS CAVS testing + +* Thu Feb 6 2014 Tomáš Mráz 1.0.1e-39 +- make expiration and key length changeable by DAYS and KEYLEN + variables in the certificate Makefile (#1058108) +- change default hash to sha256 (#1062325) + +* Wed Jan 22 2014 Tomáš Mráz 1.0.1e-38 +- make 3des strength to be 128 bits instead of 168 (#1056616) + +* Tue Jan 7 2014 Tomáš Mráz 1.0.1e-37 +- fix CVE-2013-4353 - Invalid TLS handshake crash +- fix CVE-2013-6450 - possible MiTM attack on DTLS1 + +* Fri Dec 20 2013 Tomáš Mráz 1.0.1e-36 +- fix CVE-2013-6449 - crash when version in SSL structure is incorrect +- more FIPS validation requirement changes + +* Wed Dec 18 2013 Tomáš Mráz 1.0.1e-35 +- drop weak ciphers from the default TLS ciphersuite list +- add back some symbols that were dropped with update to 1.0.1 branch +- more FIPS validation requirement changes + +* Tue Nov 19 2013 Tomáš Mráz 1.0.1e-34 +- fix locking and reseeding problems with FIPS drbg + +* Fri Nov 15 2013 Tomáš Mráz 1.0.1e-33 +- additional changes required for FIPS validation + +* Wed Nov 13 2013 Tomáš Mráz 1.0.1e-32 +- disable verification of certificate, CRL, and OCSP signatures + using MD5 if OPENSSL_ENABLE_MD5_VERIFY environment variable + is not set + +* Fri Nov 8 2013 Tomáš Mráz 1.0.1e-31 +- add back support for secp521r1 EC curve +- add aarch64 to Configure (#969692) + +* Tue Oct 29 2013 Tomáš Mráz 1.0.1e-30 +- fix misdetection of RDRAND support on Cyrix CPUS (from upstream) (#1022346) + +* Thu Oct 24 2013 Tomáš Mráz 1.0.1e-29 +- do not advertise ECC curves we do not support (#1022493) + +* Wed Oct 16 2013 Tomáš Mráz 1.0.1e-28 +- only ECC NIST Suite B curves support +- drop -fips subpackage + +* Mon Oct 14 2013 Tom Callaway - 1.0.1e-27 +- resolve bugzilla 319901 (phew! only took 6 years & 9 days) + +* Fri Sep 27 2013 Tomáš Mráz 1.0.1e-26 +- make DTLS1 work in FIPS mode +- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode + +* Mon Sep 23 2013 Tomáš Mráz 1.0.1e-25 +- avoid dlopening libssl.so from libcrypto (#1010357) + +* Fri Sep 20 2013 Tomáš Mráz 1.0.1e-24 +- fix small memory leak in FIPS aes selftest + +* Thu Sep 19 2013 Tomáš Mráz 1.0.1e-23 +- fix segfault in openssl speed hmac in the FIPS mode + +* Thu Sep 12 2013 Tomáš Mráz 1.0.1e-22 +- document the nextprotoneg option in manual pages + original patch by Hubert Kario + +* Tue Sep 10 2013 Kyle McMartin 1.0.1e-21 +- [arm] use elf auxv to figure out armcap.c instead of playing silly + games with SIGILL handlers. (#1006474) + +* Wed Sep 4 2013 Tomas Mraz 1.0.1e-20 +- try to avoid some races when updating the -fips subpackage + +* Mon Sep 2 2013 Tomas Mraz 1.0.1e-19 +- use version-release in .hmac suffix to avoid overwrite + during upgrade + +* Thu Aug 29 2013 Tomas Mraz 1.0.1e-18 +- allow deinitialization of the FIPS mode + +* Thu Aug 29 2013 Tomas Mraz 1.0.1e-17 +- always perform the FIPS selftests in library constructor + if FIPS module is installed + +* Tue Aug 27 2013 Tomas Mraz 1.0.1e-16 +- add -fips subpackage that contains the FIPS module files + +* Fri Aug 16 2013 Tomas Mraz 1.0.1e-15 +- fix use of rdrand if available +- more commits cherry picked from upstream +- documentation fixes + +* Sat Aug 03 2013 Petr Pisar - 1:1.0.1e-14 +- Perl 5.18 rebuild + +* Fri Jul 26 2013 Tomas Mraz 1.0.1e-13 +- additional manual page fix +- use symbol versioning also for the textual version + +* Thu Jul 25 2013 Tomas Mraz 1.0.1e-12 +- additional manual page fixes + +* Fri Jul 19 2013 Tomas Mraz 1.0.1e-11 +- use _prefix macro + +* Wed Jul 17 2013 Petr Pisar - 1:1.0.1e-10 +- Perl 5.18 rebuild + +* Thu Jul 11 2013 Tomas Mraz 1.0.1e-9 +- add openssl.cnf.5 manpage symlink to config.5 + +* Wed Jul 10 2013 Tomas Mraz 1.0.1e-8 +- add relro linking flag + +* Wed Jul 10 2013 Tomas Mraz 1.0.1e-7 +- add support for the -trusted_first option for certificate chain verification + +* Fri May 3 2013 Tomas Mraz 1.0.1e-6 +- fix build of manual pages with current pod2man (#959439) + +* Sun Apr 21 2013 Peter Robinson 1.0.1e-5 +- Enable ARM optimised build + +* Mon Mar 18 2013 Tomas Mraz 1.0.1e-4 +- fix random bad record mac errors (#918981) + +* Tue Feb 19 2013 Tomas Mraz 1.0.1e-3 +- fix up the SHLIB_VERSION_NUMBER + +* Tue Feb 19 2013 Tomas Mraz 1.0.1e-2 +- disable ZLIB loading by default (due to CRIME attack) + +* Tue Feb 19 2013 Tomas Mraz 1.0.1e-1 +- new upstream version + +* Wed Jan 30 2013 Tomas Mraz 1.0.1c-12 +- more fixes from upstream +- fix errors in manual causing build failure (#904777) + +* Fri Dec 21 2012 Tomas Mraz 1.0.1c-11 +- add script for renewal of a self-signed cert by Philip Prindeville (#871566) +- allow X509_issuer_and_serial_hash() produce correct result in + the FIPS mode (#881336) + +* Thu Dec 6 2012 Tomas Mraz 1.0.1c-10 +- do not load default verify paths if CApath or CAfile specified (#884305) + +* Tue Nov 20 2012 Tomas Mraz 1.0.1c-9 +- more fixes from upstream CVS +- fix DSA key pairwise check (#878597) + +* Thu Nov 15 2012 Tomas Mraz 1.0.1c-8 +- use 1024 bit DH parameters in s_server as 512 bit is not allowed + in FIPS mode and it is quite weak anyway + +* Mon Sep 10 2012 Tomas Mraz 1.0.1c-7 +- add missing initialization of str in aes_ccm_init_key (#853963) +- add important patches from upstream CVS +- use the secure_getenv() with new glibc + +* Fri Jul 20 2012 Fedora Release Engineering - 1:1.0.1c-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jul 13 2012 Tomas Mraz 1.0.1c-5 +- use __getenv_secure() instead of __libc_enable_secure + +* Fri Jul 13 2012 Tomas Mraz 1.0.1c-4 +- do not move libcrypto to /lib +- do not use environment variables if __libc_enable_secure is on +- fix strict aliasing problems in modes + +* Thu Jul 12 2012 Tomas Mraz 1.0.1c-3 +- fix DSA key generation in FIPS mode (#833866) +- allow duplicate FIPS_mode_set(1) +- enable build on ppc64 subarch (#834652) + +* Wed Jul 11 2012 Tomas Mraz 1.0.1c-2 +- fix s_server with new glibc when no global IPv6 address (#839031) +- make it build with new Perl + +* Tue May 15 2012 Tomas Mraz 1.0.1c-1 +- new upstream version + +* Thu Apr 26 2012 Tomas Mraz 1.0.1b-1 +- new upstream version + +* Fri Apr 20 2012 Tomas Mraz 1.0.1a-1 +- new upstream version fixing CVE-2012-2110 + +* Wed Apr 11 2012 Tomas Mraz 1.0.1-3 +- add Kerberos 5 libraries to pkgconfig for static linking (#807050) + +* Thu Apr 5 2012 Tomas Mraz 1.0.1-2 +- backports from upstream CVS +- fix segfault when /dev/urandom is not available (#809586) + +* Wed Mar 14 2012 Tomas Mraz 1.0.1-1 +- new upstream release + +* Mon Mar 5 2012 Tomas Mraz 1.0.1-0.3.beta3 +- add obsoletes to assist multilib updates (#799636) + +* Wed Feb 29 2012 Tomas Mraz 1.0.1-0.2.beta3 +- epoch bumped to 1 due to revert to 1.0.0g on Fedora 17 +- new upstream release from the 1.0.1 branch +- fix s390x build (#798411) +- versioning for the SSLeay symbol (#794950) +- add -DPURIFY to build flags (#797323) +- filter engine provides +- split the libraries to a separate -libs package +- add make to requires on the base package (#783446) + +* Tue Feb 7 2012 Tomas Mraz 1.0.1-0.1.beta2 +- new upstream release from the 1.0.1 branch, ABI compatible +- add documentation for the -no_ign_eof option + +* Thu Jan 19 2012 Tomas Mraz 1.0.0g-1 +- new upstream release fixing CVE-2012-0050 - DoS regression in + DTLS support introduced by the previous release (#782795) + +* Thu Jan 5 2012 Tomas Mraz 1.0.0f-1 +- new upstream release fixing multiple CVEs + +* Tue Nov 22 2011 Tomas Mraz 1.0.0e-4 +- move the libraries needed for static linking to Libs.private + +* Thu Nov 3 2011 Tomas Mraz 1.0.0e-3 +- do not use AVX instructions when osxsave bit not set +- add direct known answer tests for SHA2 algorithms + +* Wed Sep 21 2011 Tomas Mraz 1.0.0e-2 +- fix missing initialization of variable in CHIL engine + +* Wed Sep 7 2011 Tomas Mraz 1.0.0e-1 +- new upstream release fixing CVE-2011-3207 (#736088) + +* Wed Aug 24 2011 Tomas Mraz 1.0.0d-8 +- drop the separate engine for Intel acceleration improvements + and merge in the AES-NI, SHA1, and RC4 optimizations +- add support for OPENSSL_DISABLE_AES_NI environment variable + that disables the AES-NI support + +* Tue Jul 26 2011 Tomas Mraz 1.0.0d-7 +- correct openssl cms help output (#636266) +- more tolerant starttls detection in XMPP protocol (#608239) + +* Wed Jul 20 2011 Tomas Mraz 1.0.0d-6 +- add support for newest Intel acceleration improvements backported + from upstream by Intel in form of a separate engine + +* Thu Jun 9 2011 Tomas Mraz 1.0.0d-5 +- allow the AES-NI engine in the FIPS mode + +* Tue May 24 2011 Tomas Mraz 1.0.0d-4 +- add API necessary for CAVS testing of the new DSA parameter generation + +* Thu Apr 28 2011 Tomas Mraz 1.0.0d-3 +- add support for VIA Padlock on 64bit arch from upstream (#617539) +- do not return bogus values from load_certs (#652286) + +* Tue Apr 5 2011 Tomas Mraz 1.0.0d-2 +- clarify apps help texts for available digest algorithms (#693858) + +* Thu Feb 10 2011 Tomas Mraz 1.0.0d-1 +- new upstream release fixing CVE-2011-0014 (OCSP stapling vulnerability) + +* Tue Feb 08 2011 Fedora Release Engineering - 1.0.0c-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Feb 4 2011 Tomas Mraz 1.0.0c-3 +- add -x931 parameter to openssl genrsa command to use the ANSI X9.31 + key generation method +- use FIPS-186-3 method for DSA parameter generation +- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable + to allow using MD5 when the system is in the maintenance state + even if the /proc fips flag is on +- make openssl pkcs12 command work by default in the FIPS mode + +* Mon Jan 24 2011 Tomas Mraz 1.0.0c-2 +- listen on ipv6 wildcard in s_server so we accept connections + from both ipv4 and ipv6 (#601612) +- fix openssl speed command so it can be used in the FIPS mode + with FIPS allowed ciphers + +* Fri Dec 3 2010 Tomas Mraz 1.0.0c-1 +- new upstream version fixing CVE-2010-4180 + +* Tue Nov 23 2010 Tomas Mraz 1.0.0b-3 +- replace the revert for the s390x bignum asm routines with + fix from upstream + +* Mon Nov 22 2010 Tomas Mraz 1.0.0b-2 +- revert upstream change in s390x bignum asm routines + +* Tue Nov 16 2010 Tomas Mraz 1.0.0b-1 +- new upstream version fixing CVE-2010-3864 (#649304) + +* Tue Sep 7 2010 Tomas Mraz 1.0.0a-3 +- make SHLIB_VERSION reflect the library suffix + +* Wed Jun 30 2010 Tomas Mraz 1.0.0a-2 +- openssl man page fix (#609484) + +* Fri Jun 4 2010 Tomas Mraz 1.0.0a-1 +- new upstream patch release, fixes CVE-2010-0742 (#598738) + and CVE-2010-1633 (#598732) + +* Wed May 19 2010 Tomas Mraz 1.0.0-5 +- pkgconfig files now contain the correct libdir (#593723) + +* Tue May 18 2010 Tomas Mraz 1.0.0-4 +- make CA dir readable - the private keys are in private subdir (#584810) + +* Fri Apr 9 2010 Tomas Mraz 1.0.0-3 +- a few fixes from upstream CVS +- move libcrypto to /lib (#559953) + +* Tue Apr 6 2010 Tomas Mraz 1.0.0-2 +- set UTC timezone on pod2man run (#578842) +- make X509_NAME_hash_old work in FIPS mode + +* Tue Mar 30 2010 Tomas Mraz 1.0.0-1 +- update to final 1.0.0 upstream release + +* Tue Feb 16 2010 Tomas Mraz 1.0.0-0.22.beta5 +- make TLS work in the FIPS mode + +* Fri Feb 12 2010 Tomas Mraz 1.0.0-0.21.beta5 +- gracefully handle zero length in assembler implementations of + OPENSSL_cleanse (#564029) +- do not fail in s_server if client hostname not resolvable (#561260) + +* Wed Jan 20 2010 Tomas Mraz 1.0.0-0.20.beta5 +- new upstream release + +* Thu Jan 14 2010 Tomas Mraz 1.0.0-0.19.beta4 +- fix CVE-2009-4355 - leak in applications incorrectly calling + CRYPTO_free_all_ex_data() before application exit (#546707) +- upstream fix for future TLS protocol version handling + +* Wed Jan 13 2010 Tomas Mraz 1.0.0-0.18.beta4 +- add support for Intel AES-NI + +* Thu Jan 7 2010 Tomas Mraz 1.0.0-0.17.beta4 +- upstream fix compression handling on session resumption +- various null checks and other small fixes from upstream +- upstream changes for the renegotiation info according to the latest draft + +* Mon Nov 23 2009 Tomas Mraz 1.0.0-0.16.beta4 +- fix non-fips mingw build (patch by Kalev Lember) +- add IPV6 fix for DTLS + +* Fri Nov 20 2009 Tomas Mraz 1.0.0-0.15.beta4 +- add better error reporting for the unsafe renegotiation + +* Fri Nov 20 2009 Tomas Mraz 1.0.0-0.14.beta4 +- fix build on s390x + +* Wed Nov 18 2009 Tomas Mraz 1.0.0-0.13.beta4 +- disable enforcement of the renegotiation extension on the client (#537962) +- add fixes from the current upstream snapshot + +* Fri Nov 13 2009 Tomas Mraz 1.0.0-0.12.beta4 +- keep the beta status in version number at 3 so we do not have to rebuild + openssh and possibly other dependencies with too strict version check + +* Thu Nov 12 2009 Tomas Mraz 1.0.0-0.11.beta4 +- update to new upstream version, no soname bump needed +- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used + so the compatibility with unfixed clients is not broken. The + protocol extension is also not final. + +* Fri Oct 16 2009 Tomas Mraz 1.0.0-0.10.beta3 +- fix use of freed memory if SSL_CTX_free() is called before + SSL_free() (#521342) + +* Thu Oct 8 2009 Tomas Mraz 1.0.0-0.9.beta3 +- fix typo in DTLS1 code (#527015) +- fix leak in error handling of d2i_SSL_SESSION() + +* Wed Sep 30 2009 Tomas Mraz 1.0.0-0.8.beta3 +- fix RSA and DSA FIPS selftests +- reenable fixed x86_64 camellia assembler code (#521127) + +* Fri Sep 4 2009 Tomas Mraz 1.0.0-0.7.beta3 +- temporarily disable x86_64 camellia assembler code (#521127) + +* Mon Aug 31 2009 Tomas Mraz 1.0.0-0.6.beta3 +- fix openssl dgst -dss1 (#520152) + +* Wed Aug 26 2009 Tomas Mraz 1.0.0-0.5.beta3 +- drop the compat symlink hacks + +* Sat Aug 22 2009 Tomas Mraz 1.0.0-0.4.beta3 +- constify SSL_CIPHER_description() + +* Fri Aug 21 2009 Tomas Mraz 1.0.0-0.3.beta3 +- fix WWW:Curl:Easy reference in tsget + +* Fri Aug 21 2009 Tomas Mraz 1.0.0-0.2.beta3 +- enable MD-2 + +* Thu Aug 20 2009 Tomas Mraz 1.0.0-0.1.beta3 +- update to new major upstream release + +* Sat Jul 25 2009 Fedora Release Engineering - 0.9.8k-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jul 22 2009 Bill Nottingham +- do not build special 'optimized' versions for i686, as that's the base + arch in Fedora now + +* Tue Jun 30 2009 Tomas Mraz 0.9.8k-6 +- abort if selftests failed and random number generator is polled +- mention EVP_aes and EVP_sha2xx routines in the manpages +- add README.FIPS +- make CA dir absolute path (#445344) +- change default length for RSA key generation to 2048 (#484101) + +* Thu May 21 2009 Tomas Mraz 0.9.8k-5 +- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 + (DTLS DoS problems) (#501253, #501254, #501572) + +* Tue Apr 21 2009 Tomas Mraz 0.9.8k-4 +- support compatibility DTLS mode for CISCO AnyConnect (#464629) + +* Fri Apr 17 2009 Tomas Mraz 0.9.8k-3 +- correct the SHLIB_VERSION define + +* Wed Apr 15 2009 Tomas Mraz 0.9.8k-2 +- add support for multiple CRLs with same subject +- load only dynamic engine support in FIPS mode + +* Wed Mar 25 2009 Tomas Mraz 0.9.8k-1 +- update to new upstream release (minor bug fixes, security + fixes and machine code optimizations only) + +* Thu Mar 19 2009 Tomas Mraz 0.9.8j-10 +- move libraries to /usr/lib (#239375) + +* Fri Mar 13 2009 Tomas Mraz 0.9.8j-9 +- add a static subpackage + +* Thu Feb 26 2009 Fedora Release Engineering - 0.9.8j-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Feb 2 2009 Tomas Mraz 0.9.8j-7 +- must also verify checksum of libssl.so in the FIPS mode +- obtain the seed for FIPS rng directly from the kernel device +- drop the temporary symlinks + +* Mon Jan 26 2009 Tomas Mraz 0.9.8j-6 +- drop the temporary triggerpostun and symlinking in post +- fix the pkgconfig files and drop the unnecessary buildrequires + on pkgconfig as it is a rpmbuild dependency (#481419) + +* Sat Jan 17 2009 Tomas Mraz 0.9.8j-5 +- add temporary triggerpostun to reinstate the symlinks + +* Sat Jan 17 2009 Tomas Mraz 0.9.8j-4 +- no pairwise key tests in non-fips mode (#479817) + +* Fri Jan 16 2009 Tomas Mraz 0.9.8j-3 +- even more robust test for the temporary symlinks + +* Fri Jan 16 2009 Tomas Mraz 0.9.8j-2 +- try to ensure the temporary symlinks exist + +* Thu Jan 15 2009 Tomas Mraz 0.9.8j-1 +- new upstream version with necessary soname bump (#455753) +- temporarily provide symlink to old soname to make it possible to rebuild + the dependent packages in rawhide +- add eap-fast support (#428181) +- add possibility to disable zlib by setting +- add fips mode support for testing purposes +- do not null dereference on some invalid smime files +- add buildrequires pkgconfig (#479493) + +* Sun Aug 10 2008 Tomas Mraz 0.9.8g-11 +- do not add tls extensions to server hello for SSLv3 either + +* Mon Jun 2 2008 Joe Orton 0.9.8g-10 +- move root CA bundle to ca-certificates package + +* Wed May 28 2008 Tomas Mraz 0.9.8g-9 +- fix CVE-2008-0891 - server name extension crash (#448492) +- fix CVE-2008-1672 - server key exchange message omit crash (#448495) + +* Tue May 27 2008 Tomas Mraz 0.9.8g-8 +- super-H arch support +- drop workaround for bug 199604 as it should be fixed in gcc-4.3 + +* Mon May 19 2008 Tom "spot" Callaway 0.9.8g-7 +- sparc handling + +* Mon Mar 10 2008 Joe Orton 0.9.8g-6 +- update to new root CA bundle from mozilla.org (r1.45) + +* Wed Feb 20 2008 Fedora Release Engineering - 0.9.8g-5 +- Autorebuild for GCC 4.3 + +* Thu Jan 24 2008 Tomas Mraz 0.9.8g-4 +- merge review fixes (#226220) +- adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846) + +* Thu Dec 13 2007 Tomas Mraz 0.9.8g-3 +- set default paths when no explicit paths are set (#418771) +- do not add tls extensions to client hello for SSLv3 (#422081) + +* Tue Dec 4 2007 Tomas Mraz 0.9.8g-2 +- enable some new crypto algorithms and features +- add some more important bug fixes from openssl CVS + +* Mon Dec 3 2007 Tomas Mraz 0.9.8g-1 +- update to latest upstream release, SONAME bumped to 7 + +* Mon Oct 15 2007 Joe Orton 0.9.8b-17 +- update to new CA bundle from mozilla.org + +* Fri Oct 12 2007 Tomas Mraz 0.9.8b-16 +- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801) +- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191) +- add alpha sub-archs (#296031) + +* Tue Aug 21 2007 Tomas Mraz 0.9.8b-15 +- rebuild + +* Fri Aug 3 2007 Tomas Mraz 0.9.8b-14 +- use localhost in testsuite, hopefully fixes slow build in koji +- CVE-2007-3108 - fix side channel attack on private keys (#250577) +- make ssl session cache id matching strict (#233599) + +* Wed Jul 25 2007 Tomas Mraz 0.9.8b-13 +- allow building on ARM architectures (#245417) +- use reference timestamps to prevent multilib conflicts (#218064) +- -devel package must require pkgconfig (#241031) + +* Mon Dec 11 2006 Tomas Mraz 0.9.8b-12 +- detect duplicates in add_dir properly (#206346) + +* Thu Nov 30 2006 Tomas Mraz 0.9.8b-11 +- the previous change still didn't make X509_NAME_cmp transitive + +* Thu Nov 23 2006 Tomas Mraz 0.9.8b-10 +- make X509_NAME_cmp transitive otherwise certificate lookup + is broken (#216050) + +* Thu Nov 2 2006 Tomas Mraz 0.9.8b-9 +- aliasing bug in engine loading, patch by IBM (#213216) + +* Mon Oct 2 2006 Tomas Mraz 0.9.8b-8 +- CVE-2006-2940 fix was incorrect (#208744) + +* Mon Sep 25 2006 Tomas Mraz 0.9.8b-7 +- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276) +- fix CVE-2006-2940 - parasitic public keys DoS (#207274) +- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940) +- fix CVE-2006-4343 - sslv2 client DoS (#206940) + +* Tue Sep 5 2006 Tomas Mraz 0.9.8b-6 +- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180) + +* Wed Aug 2 2006 Tomas Mraz - 0.9.8b-5 +- set buffering to none on stdio/stdout FILE when bufsize is set (#200580) + patch by IBM + +* Fri Jul 28 2006 Alexandre Oliva - 0.9.8b-4.1 +- rebuild with new binutils (#200330) + +* Fri Jul 21 2006 Tomas Mraz - 0.9.8b-4 +- add a temporary workaround for sha512 test failure on s390 (#199604) + +* Thu Jul 20 2006 Tomas Mraz +- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737) +- add patches for BN threadsafety, AES cache collision attack hazard fix and + pkcs7 code memleak fix from upstream CVS + +* Wed Jul 12 2006 Jesse Keating - 0.9.8b-3.1 +- rebuild + +* Wed Jun 21 2006 Tomas Mraz - 0.9.8b-3 +- dropped libica and ica engine from build + +* Wed Jun 21 2006 Joe Orton +- update to new CA bundle from mozilla.org; adds CA certificates + from netlock.hu and startcom.org + +* Mon Jun 5 2006 Tomas Mraz - 0.9.8b-2 +- fixed a few rpmlint warnings +- better fix for #173399 from upstream +- upstream fix for pkcs12 + +* Thu May 11 2006 Tomas Mraz - 0.9.8b-1 +- upgrade to new version, stays ABI compatible +- there is no more linux/config.h (it was empty anyway) + +* Tue Apr 4 2006 Tomas Mraz - 0.9.8a-6 +- fix stale open handles in libica (#177155) +- fix build if 'rand' or 'passwd' in buildroot path (#178782) +- initialize VIA Padlock engine (#186857) + +* Fri Feb 10 2006 Jesse Keating - 0.9.8a-5.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 0.9.8a-5.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Thu Dec 15 2005 Tomas Mraz 0.9.8a-5 +- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + in SSL_OP_ALL (#175779) + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Tue Nov 29 2005 Tomas Mraz 0.9.8a-4 +- fix build (-lcrypto was erroneusly dropped) of the updated libica +- updated ICA engine to 1.3.6-rc3 + +* Tue Nov 22 2005 Tomas Mraz 0.9.8a-3 +- disable builtin compression methods for now until they work + properly (#173399) + +* Wed Nov 16 2005 Tomas Mraz 0.9.8a-2 +- don't set -rpath for openssl binary + +* Tue Nov 8 2005 Tomas Mraz 0.9.8a-1 +- new upstream version +- patches partially renumbered + +* Fri Oct 21 2005 Tomas Mraz 0.9.7f-11 +- updated IBM ICA engine library and patch to latest upstream version + +* Wed Oct 12 2005 Tomas Mraz 0.9.7f-10 +- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which + disables the countermeasure against man in the middle attack in SSLv2 + (#169863) +- use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803) + +* Tue Aug 23 2005 Tomas Mraz 0.9.7f-9 +- add *.so.soversion as symlinks in /lib (#165264) +- remove unpackaged symlinks (#159595) +- fixes from upstream (constant time fixes for DSA, + bn assembler div on ppc arch, initialize memory on realloc) + +* Thu Aug 11 2005 Phil Knirsch 0.9.7f-8 +- Updated ICA engine IBM patch to latest upstream version. + +* Thu May 19 2005 Tomas Mraz 0.9.7f-7 +- fix CAN-2005-0109 - use constant time/memory access mod_exp + so bits of private key aren't leaked by cache eviction (#157631) +- a few more fixes from upstream 0.9.7g + +* Wed Apr 27 2005 Tomas Mraz 0.9.7f-6 +- use poll instead of select in rand (#128285) +- fix Makefile.certificate to point to /etc/pki/tls +- change the default string mask in ASN1 to PrintableString+UTF8String + +* Mon Apr 25 2005 Joe Orton 0.9.7f-5 +- update to revision 1.37 of Mozilla CA bundle + +* Thu Apr 21 2005 Tomas Mraz 0.9.7f-4 +- move certificates to _sysconfdir/pki/tls (#143392) +- move CA directories to _sysconfdir/pki/CA +- patch the CA script and the default config so it points to the + CA directories + +* Fri Apr 1 2005 Tomas Mraz 0.9.7f-3 +- uninitialized variable mustn't be used as input in inline + assembly +- reenable the x86_64 assembly again + +* Thu Mar 31 2005 Tomas Mraz 0.9.7f-2 +- add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken +- disable broken bignum assembly on x86_64 + +* Wed Mar 30 2005 Tomas Mraz 0.9.7f-1 +- reenable optimizations on ppc64 and assembly code on ia64 +- upgrade to new upstream version (no soname bump needed) +- disable thread test - it was testing the backport of the + RSA blinding - no longer needed +- added support for changing serial number to + Makefile.certificate (#151188) +- make ca-bundle.crt a config file (#118903) + +* Tue Mar 1 2005 Tomas Mraz 0.9.7e-3 +- libcrypto shouldn't depend on libkrb5 (#135961) + +* Mon Feb 28 2005 Tomas Mraz 0.9.7e-2 +- rebuild + +* Mon Feb 28 2005 Tomas Mraz 0.9.7e-1 +- new upstream source, updated patches +- added patch so we are hopefully ABI compatible with upcoming + 0.9.7f + +* Thu Feb 10 2005 Tomas Mraz +- Support UTF-8 charset in the Makefile.certificate (#134944) +- Added cmp to BuildPrereq + +* Thu Jan 27 2005 Joe Orton 0.9.7a-46 +- generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32) + +* Thu Dec 23 2004 Phil Knirsch 0.9.7a-45 +- Fixed and updated libica-1.3.4-urandom.patch patch (#122967) + +* Fri Nov 19 2004 Nalin Dahyabhai 0.9.7a-44 +- rebuild + +* Fri Nov 19 2004 Nalin Dahyabhai 0.9.7a-43 +- rebuild + +* Fri Nov 19 2004 Nalin Dahyabhai 0.9.7a-42 +- rebuild + +* Fri Nov 19 2004 Nalin Dahyabhai 0.9.7a-41 +- remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040) + +* Tue Oct 05 2004 Phil Knirsch 0.9.7a-40 +- Include latest libica version with important bugfixes + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Mon Jun 14 2004 Phil Knirsch 0.9.7a-38 +- Updated ICA engine IBM patch to latest upstream version. + +* Mon Jun 7 2004 Nalin Dahyabhai 0.9.7a-37 +- build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik) + +* Tue May 25 2004 Nalin Dahyabhai 0.9.7a-36 +- handle %%{_arch}=i486/i586/i686/athlon cases in the intermediate + header (#124303) + +* Thu Mar 25 2004 Joe Orton 0.9.7a-35 +- add security fixes for CAN-2004-0079, CAN-2004-0112 + +* Tue Mar 16 2004 Phil Knirsch +- Fixed libica filespec. + +* Thu Mar 11 2004 Nalin Dahyabhai 0.9.7a-34 +- ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix + the intermediate header + +* Wed Mar 10 2004 Nalin Dahyabhai 0.9.7a-33 +- add an intermediate which points to the right + arch-specific opensslconf.h on multilib arches + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Thu Feb 26 2004 Phil Knirsch 0.9.7a-32 +- Updated libica to latest upstream version 1.3.5. + +* Tue Feb 17 2004 Phil Knirsch 0.9.7a-31 +- Update ICA crypto engine patch from IBM to latest version. + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Phil Knirsch 0.9.7a-29 +- rebuilt + +* Wed Feb 11 2004 Phil Knirsch 0.9.7a-28 +- Fixed libica build. + +* Wed Feb 4 2004 Nalin Dahyabhai +- add "-ldl" to link flags added for Linux-on-ARM (#99313) + +* Wed Feb 4 2004 Joe Orton 0.9.7a-27 +- updated ca-bundle.crt: removed expired GeoTrust roots, added + freessl.com root, removed trustcenter.de Class 0 root + +* Sun Nov 30 2003 Tim Waugh 0.9.7a-26 +- Fix link line for libssl (bug #111154). + +* Fri Oct 24 2003 Nalin Dahyabhai 0.9.7a-25 +- add dependency on zlib-devel for the -devel package, which depends on zlib + symbols because we enable zlib for libssl (#102962) + +* Fri Oct 24 2003 Phil Knirsch 0.9.7a-24 +- Use /dev/urandom instead of PRNG for libica. +- Apply libica-1.3.5 fix for /dev/urandom in icalinux.c +- Use latest ICA engine patch from IBM. + +* Sat Oct 4 2003 Nalin Dahyabhai 0.9.7a-22.1 +- rebuild + +* Wed Oct 1 2003 Nalin Dahyabhai 0.9.7a-22 +- rebuild (22 wasn't actually built, fun eh?) + +* Tue Sep 30 2003 Nalin Dahyabhai 0.9.7a-23 +- re-disable optimizations on ppc64 + +* Tue Sep 30 2003 Joe Orton +- add a_mbstr.c fix for 64-bit platforms from CVS + +* Tue Sep 30 2003 Nalin Dahyabhai 0.9.7a-22 +- add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged + as not needing executable stacks + +* Mon Sep 29 2003 Nalin Dahyabhai 0.9.7a-21 +- rebuild + +* Thu Sep 25 2003 Nalin Dahyabhai +- re-enable optimizations on ppc64 + +* Thu Sep 25 2003 Nalin Dahyabhai +- remove exclusivearch + +* Wed Sep 24 2003 Nalin Dahyabhai 0.9.7a-20 +- only parse a client cert if one was requested +- temporarily exclusivearch for %%{ix86} + +* Tue Sep 23 2003 Nalin Dahyabhai +- add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544) + and heap corruption (CAN-2003-0545) +- update RHNS-CA-CERT files +- ease back on the number of threads used in the threading test + +* Wed Sep 17 2003 Matt Wilson 0.9.7a-19 +- rebuild to fix gzipped file md5sums (#91211) + +* Mon Aug 25 2003 Phil Knirsch 0.9.7a-18 +- Updated libica to version 1.3.4. + +* Thu Jul 17 2003 Nalin Dahyabhai 0.9.7a-17 +- rebuild + +* Tue Jul 15 2003 Nalin Dahyabhai 0.9.7a-10.9 +- free the kssl_ctx structure when we free an SSL structure (#99066) + +* Fri Jul 11 2003 Nalin Dahyabhai 0.9.7a-16 +- rebuild + +* Thu Jul 10 2003 Nalin Dahyabhai 0.9.7a-15 +- lower thread test count on s390x + +* Tue Jul 8 2003 Nalin Dahyabhai 0.9.7a-14 +- rebuild + +* Thu Jun 26 2003 Nalin Dahyabhai 0.9.7a-13 +- disable assembly on arches where it seems to conflict with threading + +* Thu Jun 26 2003 Phil Knirsch 0.9.7a-12 +- Updated libica to latest upstream version 1.3.0 + +* Wed Jun 11 2003 Nalin Dahyabhai 0.9.7a-9.9 +- rebuild + +* Wed Jun 11 2003 Nalin Dahyabhai 0.9.7a-11 +- rebuild + +* Tue Jun 10 2003 Nalin Dahyabhai 0.9.7a-10 +- ubsec: don't stomp on output data which might also be input data + +* Tue Jun 10 2003 Nalin Dahyabhai 0.9.7a-9 +- temporarily disable optimizations on ppc64 + +* Mon Jun 9 2003 Nalin Dahyabhai +- backport fix for engine-used-for-everything from 0.9.7b +- backport fix for prng not being seeded causing problems, also from 0.9.7b +- add a check at build-time to ensure that RSA is thread-safe +- keep perlpath from stomping on the libica configure scripts + +* Fri Jun 6 2003 Nalin Dahyabhai +- thread-safety fix for RSA blinding + +* Wed Jun 04 2003 Elliot Lee 0.9.7a-8 +- rebuilt + +* Fri May 30 2003 Phil Knirsch 0.9.7a-7 +- Added libica-1.2 to openssl (featurerequest). + +* Wed Apr 16 2003 Nalin Dahyabhai 0.9.7a-6 +- fix building with incorrect flags on ppc64 + +* Wed Mar 19 2003 Nalin Dahyabhai 0.9.7a-5 +- add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's + attack (CAN-2003-0131) + +* Mon Mar 17 2003 Nalin Dahyabhai 0.9.7a-4 +- add patch to enable RSA blinding by default, closing a timing attack + (CAN-2003-0147) + +* Wed Mar 5 2003 Nalin Dahyabhai 0.9.7a-3 +- disable use of BN assembly module on x86_64, but continue to allow inline + assembly (#83403) + +* Thu Feb 27 2003 Nalin Dahyabhai 0.9.7a-2 +- disable EC algorithms + +* Wed Feb 19 2003 Nalin Dahyabhai 0.9.7a-1 +- update to 0.9.7a + +* Wed Feb 19 2003 Nalin Dahyabhai 0.9.7-8 +- add fix to guard against attempts to allocate negative amounts of memory +- add patch for CAN-2003-0078, fixing a timing attack + +* Thu Feb 13 2003 Elliot Lee 0.9.7-7 +- Add openssl-ppc64.patch + +* Mon Feb 10 2003 Nalin Dahyabhai 0.9.7-6 +- EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(), + to get the right behavior when passed uninitialized context structures + (#83766) +- build with -mcpu=ev5 on alpha family (#83828) + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Fri Jan 17 2003 Phil Knirsch 0.9.7-4 +- Added IBM hw crypto support patch. + +* Wed Jan 15 2003 Nalin Dahyabhai +- add missing builddep on sed + +* Thu Jan 9 2003 Bill Nottingham 0.9.7-3 +- debloat +- fix broken manpage symlinks + +* Wed Jan 8 2003 Nalin Dahyabhai 0.9.7-2 +- fix double-free in 'openssl ca' + +* Fri Jan 3 2003 Nalin Dahyabhai 0.9.7-1 +- update to 0.9.7 final + +* Tue Dec 17 2002 Nalin Dahyabhai 0.9.7-0 +- update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7) + +* Wed Dec 11 2002 Nalin Dahyabhai +- update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7) + +* Tue Oct 22 2002 Nalin Dahyabhai 0.9.6b-30 +- add configuration stanza for x86_64 and use it on x86_64 +- build for linux-ppc on ppc +- start running the self-tests again + +* Wed Oct 02 2002 Elliot Lee 0.9.6b-29hammer.3 +- Merge fixes from previous hammer packages, including general x86-64 and + multilib + +* Tue Aug 6 2002 Nalin Dahyabhai 0.9.6b-29 +- rebuild + +* Thu Aug 1 2002 Nalin Dahyabhai 0.9.6b-28 +- update asn patch to fix accidental reversal of a logic check + +* Wed Jul 31 2002 Nalin Dahyabhai 0.9.6b-27 +- update asn patch to reduce chance that compiler optimization will remove + one of the added tests + +* Wed Jul 31 2002 Nalin Dahyabhai 0.9.6b-26 +- rebuild + +* Mon Jul 29 2002 Nalin Dahyabhai 0.9.6b-25 +- add patch to fix ASN.1 vulnerabilities + +* Thu Jul 25 2002 Nalin Dahyabhai 0.9.6b-24 +- add backport of Ben Laurie's patches for OpenSSL 0.9.6d + +* Wed Jul 17 2002 Nalin Dahyabhai 0.9.6b-23 +- own {_datadir}/ssl/misc + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Sun May 26 2002 Tim Powers +- automated rebuild + +* Fri May 17 2002 Nalin Dahyabhai 0.9.6b-20 +- free ride through the build system (whee!) + +* Thu May 16 2002 Nalin Dahyabhai 0.9.6b-19 +- rebuild in new environment + +* Thu Apr 4 2002 Nalin Dahyabhai 0.9.6b-17, 0.9.6b-18 +- merge RHL-specific bits into stronghold package, rename + +* Tue Apr 02 2002 Gary Benson stronghold-0.9.6c-2 +- add support for Chrysalis Luna token + +* Tue Mar 26 2002 Gary Benson +- disable AEP random number generation, other AEP fixes + +* Fri Mar 15 2002 Nalin Dahyabhai 0.9.6b-15 +- only build subpackages on primary arches + +* Thu Mar 14 2002 Nalin Dahyabhai 0.9.6b-13 +- on ia32, only disable use of assembler on i386 +- enable assembly on ia64 + +* Mon Jan 7 2002 Florian La Roche 0.9.6b-11 +- fix sparcv9 entry + +* Mon Jan 7 2002 Gary Benson stronghold-0.9.6c-1 +- upgrade to 0.9.6c +- bump BuildArch to i686 and enable assembler on all platforms +- synchronise with shrimpy and rawhide +- bump soversion to 3 + +* Wed Oct 10 2001 Florian La Roche +- delete BN_LLONG for s390x, patch from Oliver Paukstadt + +* Mon Sep 17 2001 Nalin Dahyabhai 0.9.6b-9 +- update AEP driver patch + +* Mon Sep 10 2001 Nalin Dahyabhai +- adjust RNG disabling patch to match version of patch from Broadcom + +* Fri Sep 7 2001 Nalin Dahyabhai 0.9.6b-8 +- disable the RNG in the ubsec engine driver + +* Tue Aug 28 2001 Nalin Dahyabhai 0.9.6b-7 +- tweaks to the ubsec engine driver + +* Fri Aug 24 2001 Nalin Dahyabhai 0.9.6b-6 +- tweaks to the ubsec engine driver + +* Thu Aug 23 2001 Nalin Dahyabhai 0.9.6b-5 +- update ubsec engine driver from Broadcom + +* Fri Aug 10 2001 Nalin Dahyabhai 0.9.6b-4 +- move man pages back to %%{_mandir}/man?/foo.?ssl from + %%{_mandir}/man?ssl/foo.? +- add an [ engine ] section to the default configuration file + +* Thu Aug 9 2001 Nalin Dahyabhai +- add a patch for selecting a default engine in SSL_library_init() + +* Mon Jul 23 2001 Nalin Dahyabhai 0.9.6b-3 +- add patches for AEP hardware support +- add patch to keep trying when we fail to load a cert from a file and + there are more in the file +- add missing prototype for ENGINE_ubsec() in engine_int.h + +* Wed Jul 18 2001 Nalin Dahyabhai 0.9.6b-2 +- actually add hw_ubsec to the engine list + +* Tue Jul 17 2001 Nalin Dahyabhai +- add in the hw_ubsec driver from CVS + +* Wed Jul 11 2001 Nalin Dahyabhai 0.9.6b-1 +- update to 0.9.6b + +* Thu Jul 5 2001 Nalin Dahyabhai +- move .so symlinks back to %%{_libdir} + +* Tue Jul 3 2001 Nalin Dahyabhai +- move shared libraries to /lib (#38410) + +* Mon Jun 25 2001 Nalin Dahyabhai +- switch to engine code base + +* Mon Jun 18 2001 Nalin Dahyabhai +- add a script for creating dummy certificates +- move man pages from %%{_mandir}/man?/foo.?ssl to %%{_mandir}/man?ssl/foo.? + +* Thu Jun 07 2001 Florian La Roche +- add s390x support + +* Fri Jun 1 2001 Nalin Dahyabhai +- change two memcpy() calls to memmove() +- don't define L_ENDIAN on alpha + +* Wed May 23 2001 Joe Orton stronghold-0.9.6a-1 +- Add 'stronghold-' prefix to package names. +- Obsolete standard openssl packages. + +* Wed May 16 2001 Joe Orton +- Add BuildArch: i586 as per Nalin's advice. + +* Tue May 15 2001 Joe Orton +- Enable assembler on ix86 (using new .tar.bz2 which does + include the asm directories). + +* Tue May 15 2001 Nalin Dahyabhai +- make subpackages depend on the main package + +* Tue May 1 2001 Nalin Dahyabhai +- adjust the hobble script to not disturb symlinks in include/ (fix from + Joe Orton) + +* Fri Apr 27 2001 Nalin Dahyabhai +- drop the m2crypo patch we weren't using + +* Tue Apr 24 2001 Nalin Dahyabhai +- configure using "shared" as well + +* Sun Apr 8 2001 Nalin Dahyabhai +- update to 0.9.6a +- use the build-shared target to build shared libraries +- bump the soversion to 2 because we're no longer compatible with + our 0.9.5a packages or our 0.9.6 packages +- drop the patch for making rsatest a no-op when rsa null support is used +- put all man pages into
ssl instead of
+- break the m2crypto modules into a separate package + +* Tue Mar 13 2001 Nalin Dahyabhai +- use BN_LLONG on s390 + +* Mon Mar 12 2001 Nalin Dahyabhai +- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit) + +* Sat Mar 3 2001 Nalin Dahyabhai +- move c_rehash to the perl subpackage, because it's a perl script now + +* Fri Mar 2 2001 Nalin Dahyabhai +- update to 0.9.6 +- enable MD2 +- use the libcrypto.so and libssl.so targets to build shared libs with +- bump the soversion to 1 because we're no longer compatible with any of + the various 0.9.5a packages circulating around, which provide lib*.so.0 + +* Wed Feb 28 2001 Florian La Roche +- change hobble-openssl for disabling MD2 again + +* Tue Feb 27 2001 Nalin Dahyabhai +- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152 + bytes or so, causing EVP_DigestInit() to zero out stack variables in + apps built against a version of the library without it + +* Mon Feb 26 2001 Nalin Dahyabhai +- disable some inline assembly, which on x86 is Pentium-specific +- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all) + +* Thu Feb 08 2001 Florian La Roche +- fix s390 patch + +* Fri Dec 8 2000 Than Ngo +- added support s390 + +* Mon Nov 20 2000 Nalin Dahyabhai +- remove -Wa,* and -m* compiler flags from the default Configure file (#20656) +- add the CA.pl man page to the perl subpackage + +* Thu Nov 2 2000 Nalin Dahyabhai +- always build with -mcpu=ev5 on alpha + +* Tue Oct 31 2000 Nalin Dahyabhai +- add a symlink from cert.pem to ca-bundle.crt + +* Wed Oct 25 2000 Nalin Dahyabhai +- add a ca-bundle file for packages like Samba to reference for CA certificates + +* Tue Oct 24 2000 Nalin Dahyabhai +- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295) + +* Mon Oct 2 2000 Nalin Dahyabhai +- add unzip as a buildprereq (#17662) +- update m2crypto to 0.05-snap4 + +* Tue Sep 26 2000 Bill Nottingham +- fix some issues in building when it's not installed + +* Wed Sep 6 2000 Nalin Dahyabhai +- make sure the headers we include are the ones we built with (aaaaarrgh!) + +* Fri Sep 1 2000 Nalin Dahyabhai +- add Richard Henderson's patch for BN on ia64 +- clean up the changelog + +* Tue Aug 29 2000 Nalin Dahyabhai +- fix the building of python modules without openssl-devel already installed + +* Wed Aug 23 2000 Nalin Dahyabhai +- byte-compile python extensions without the build-root +- adjust the makefile to not remove temporary files (like .key files when + building .csr files) by marking them as .PRECIOUS + +* Sat Aug 19 2000 Nalin Dahyabhai +- break out python extensions into a subpackage + +* Mon Jul 17 2000 Nalin Dahyabhai +- tweak the makefile some more + +* Tue Jul 11 2000 Nalin Dahyabhai +- disable MD2 support + +* Thu Jul 6 2000 Nalin Dahyabhai +- disable MDC2 support + +* Sun Jul 2 2000 Nalin Dahyabhai +- tweak the disabling of RC5, IDEA support +- tweak the makefile + +* Thu Jun 29 2000 Nalin Dahyabhai +- strip binaries and libraries +- rework certificate makefile to have the right parts for Apache + +* Wed Jun 28 2000 Nalin Dahyabhai +- use %%{_perl} instead of /usr/bin/perl +- disable alpha until it passes its own test suite + +* Fri Jun 9 2000 Nalin Dahyabhai +- move the passwd.1 man page out of the passwd package's way + +* Fri Jun 2 2000 Nalin Dahyabhai +- update to 0.9.5a, modified for U.S. +- add perl as a build-time requirement +- move certificate makefile to another package +- disable RC5, IDEA, RSA support +- remove optimizations for now + +* Wed Mar 1 2000 Florian La Roche +- Bero told me to move the Makefile into this package + +* Wed Mar 1 2000 Florian La Roche +- add lib*.so symlinks to link dynamically against shared libs + +* Tue Feb 29 2000 Florian La Roche +- update to 0.9.5 +- run ldconfig directly in post/postun +- add FAQ + +* Sat Dec 18 1999 Bernhard Rosenkrdnzer +- Fix build on non-x86 platforms + +* Fri Nov 12 1999 Bernhard Rosenkrdnzer +- move /usr/share/ssl/* from -devel to main package + +* Tue Oct 26 1999 Bernhard Rosenkrdnzer +- inital packaging +- changes from base: + - Move /usr/local/ssl to /usr/share/ssl for FHS compliance + - handle RPM_OPT_FLAGS diff --git a/openssl-freefilesync/opensslconf-new-warning.h b/openssl-freefilesync/opensslconf-new-warning.h new file mode 100644 index 0000000..de091c8 --- /dev/null +++ b/openssl-freefilesync/opensslconf-new-warning.h @@ -0,0 +1,7 @@ +/* Prepended at openssl package build-time. Don't include this file directly, + * use instead. */ + +#ifndef openssl_opensslconf_multilib_redirection_h +#error "Don't include this file directly, use instead!" +#endif + diff --git a/openssl-freefilesync/opensslconf-new.h b/openssl-freefilesync/opensslconf-new.h new file mode 100644 index 0000000..04363c3 --- /dev/null +++ b/openssl-freefilesync/opensslconf-new.h @@ -0,0 +1,47 @@ +/* This file is here to prevent a file conflict on multiarch systems. A + * conflict will frequently occur because arch-specific build-time + * configuration options are stored (and used, so they can't just be stripped + * out) in opensslconf.h. The original opensslconf.h has been renamed. + * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */ + +#ifdef openssl_opensslconf_multilib_redirection_h +#error "Do not define openssl_opensslconf_multilib_redirection_h!" +#endif +#define openssl_opensslconf_multilib_redirection_h + +#if defined(__i386__) +#include "opensslconf-i386.h" +#elif defined(__ia64__) +#include "opensslconf-ia64.h" +#elif defined(__mips64) && defined(__MIPSEL__) +#include "opensslconf-mips64el.h" +#elif defined(__mips64) +#include "opensslconf-mips64.h" +#elif defined(__mips) && defined(__MIPSEL__) +#include "opensslconf-mipsel.h" +#elif defined(__mips) +#include "opensslconf-mips.h" +#elif defined(__powerpc64__) +#include +#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +#include "opensslconf-ppc64.h" +#else +#include "opensslconf-ppc64le.h" +#endif +#elif defined(__powerpc__) +#include "opensslconf-ppc.h" +#elif defined(__s390x__) +#include "opensslconf-s390x.h" +#elif defined(__s390__) +#include "opensslconf-s390.h" +#elif defined(__sparc__) && defined(__arch64__) +#include "opensslconf-sparc64.h" +#elif defined(__sparc__) +#include "opensslconf-sparc.h" +#elif defined(__x86_64__) +#include "opensslconf-x86_64.h" +#else +#error "This openssl-devel package does not work your architecture?" +#endif + +#undef openssl_opensslconf_multilib_redirection_h diff --git a/openssl-freefilesync/readme-openssl-freefilesync.md b/openssl-freefilesync/readme-openssl-freefilesync.md new file mode 100644 index 0000000..b095f14 --- /dev/null +++ b/openssl-freefilesync/readme-openssl-freefilesync.md @@ -0,0 +1,12 @@ +# Purpose of this package +// vim: syntax=markdown +Package openssl-freefilesync exists to enable the compilation and execution of FreeFileSync on CentOS 7. CentOS 7 does not bundle high-enough versions of openssl in the base repositories, so the bgstack15 copr serves a customized package of a sufficient version of openssl. The city-fan repo does not provide this one, so I have to hack the Fedora package myself. + +# How to maintain openssl-freefilesync +Take a [Fedora release](https://mirrors.rit.edu/fedora/fedora/linux/updates/30/Everything/SRPMS/Packages/o/openssl-1.1.1c-2.fc30.src.rpm) of openssl and open it. + + rpm2cpio openssl-1.1.1c-2.fc30.src.rpm | cpio -idm + +Make any modifications necessary to get it to compile. This changes include: +* Revert any Fedora improvements to rpm specs since CentOS 7 was released, such as `%ldconfig_scriptlets` +* Rename cnf and man pages and the main binary so they do not collide with system openssl package diff --git a/openssl-freefilesync/renew-dummy-cert b/openssl-freefilesync/renew-dummy-cert new file mode 100755 index 0000000..92e271c --- /dev/null +++ b/openssl-freefilesync/renew-dummy-cert @@ -0,0 +1,39 @@ +#!/bin/bash + +if [ $# -eq 0 ]; then + echo $"Usage: `basename $0` filename" 1>&2 + exit 1 +fi + +PEM=$1 +REQ=`/bin/mktemp /tmp/openssl.XXXXXX` +KEY=`/bin/mktemp /tmp/openssl.XXXXXX` +CRT=`/bin/mktemp /tmp/openssl.XXXXXX` +NEW=${PEM}_ + +trap "rm -f $REQ $KEY $CRT $NEW" SIGINT + +if [ ! -f $PEM ]; then + echo "$PEM: file not found" 1>&2 + exit 1 +fi + +umask 077 + +OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'` + +openssl rsa -inform pem -in $PEM -out $KEY +openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ +openssl x509 -req -in $REQ -signkey $KEY -days 365 \ + -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT + +(cat $KEY ; echo "" ; cat $CRT) > $NEW + +chown $OWNER $NEW + +mv -f $NEW $PEM + +rm -f $REQ $KEY $CRT + +exit 0 + diff --git a/openssl-freefilesync/stackrpms-openssl.spec.diff b/openssl-freefilesync/stackrpms-openssl.spec.diff new file mode 100644 index 0000000..8a7c9c2 --- /dev/null +++ b/openssl-freefilesync/stackrpms-openssl.spec.diff @@ -0,0 +1,139 @@ +--- /usr/src/openssl/1.1.1c-6.fc30/openssl.spec 2019-09-06 11:21:33.000000000 -0400 ++++ /usr/src/openssl/1.1.1c-6.stack/openssl.spec 2019-09-19 09:13:41.214594699 -0400 +@@ -13,6 +13,10 @@ + # depends on build configuration options) + %define soversion 1.1 + ++# for openssl-freefilesync ++%define fullname openssl-freefilesync ++%define shortname openssl ++ + # Arches on which we need to prevent arch conflicts on opensslconf.h, must + # also be handled in opensslconf-new.h. + %define multilib_arches %{ix86} ia64 %{mips} ppc ppc64 s390 s390x sparcv9 sparc64 x86_64 +@@ -20,9 +24,11 @@ + %global _performance_build 1 + + Summary: Utilities from the general purpose cryptography library with TLS implementation +-Name: openssl ++# for openssl-freefilesync ++Name: %{fullname} + Version: 1.1.1c +-Release: 6%{?dist} ++# for openssl-freefilesync ++Release: 6.stack%{?dist} + Epoch: 1 + # We have to remove certain patented algorithms from the openssl source + # tarball with the hobble-openssl script which is included below. +@@ -91,8 +97,9 @@ + %package libs + Summary: A general purpose cryptography library with TLS implementation + Requires: ca-certificates >= 2008-5 +-Requires: crypto-policies >= 20180730 +-Recommends: openssl-pkcs11%{?_isa} ++# for openssl-freefilesync ++#Requires: crypto-policies >= 20180730 ++#Recommends: openssl-pkcs11%{?_isa} + Provides: openssl-fips = %{epoch}:%{version}-%{release} + + %description libs +@@ -131,7 +138,8 @@ + from other formats to the formats used by the OpenSSL toolkit. + + %prep +-%setup -q -n %{name}-%{version} ++# for openssl-freefilesync ++%setup -q -n %{shortname}-%{version} + + # The hobble_openssl is called here redundantly, just to be sure. + # The tarball has already the sources removed. +@@ -162,6 +170,8 @@ + %patch46 -p1 -b .seclevel + %patch47 -p1 -b .ts-sha256-default + %patch48 -p1 -b .fips-post-rand ++# for openssl-freefilesync ++sed -i -r -e '/sys\/random\.h/s@sys/random\.h@/usr/include/linux/random.h@;' crypto/rand/rand_unix.c + %patch49 -p1 -b .evp-kdf + %patch50 -p1 -b .ssh-kdf + %patch51 -p1 -b .upstream-sync +@@ -234,7 +244,8 @@ + # marked as not requiring an executable stack. + # Also add -DPURIFY to make using valgrind with openssl easier as we do not + # want to depend on the uninitialized memory as a source of entropy anyway. +-RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS" ++# for openssl-freefilesync ++RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY $RPM_LD_FLAGS" + + export HASHBANGPERL=/usr/bin/perl + +@@ -355,11 +366,12 @@ + + # Ensure the config file timestamps are identical across builds to avoid + # mulitlib conflicts and unnecessary renames on upgrade +-touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf +-touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf ++# for openssl-freefilesync ++touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf%{version} ++touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf%{version} + +-rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist +-rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist ++rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf{,.dist} ++rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf{,.dist} + + # Determine which arch opensslconf.h is going to try to #include. + basearch=%{_arch} +@@ -394,13 +406,23 @@ + LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} + export LD_LIBRARY_PATH + ++# for openssl-freefilesync ++pushd ${RPM_BUILD_ROOT}%{_mandir} ++for word in $( find . ! -type d -print ) ; ++do ++ mv "${word}" "${word}-111c" ++done ++popd ++mv ${RPM_BUILD_ROOT}%{_bindir}/openssl{,-111c} ++ + %files + %{!?_licensedir:%global license %%doc} + %license LICENSE + %doc FAQ NEWS README README.FIPS + %{_bindir}/make-dummy-cert + %{_bindir}/renew-dummy-cert +-%{_bindir}/openssl ++# for openssl-freefilesync ++%{_bindir}/openssl-111c + %{_mandir}/man1*/* + %{_mandir}/man5*/* + %{_mandir}/man7*/* +@@ -417,8 +439,9 @@ + %dir %{_sysconfdir}/pki/tls/certs + %dir %{_sysconfdir}/pki/tls/misc + %dir %{_sysconfdir}/pki/tls/private +-%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf +-%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf ++# for openssl-freefilesync ++%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf%{version} ++%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf%{version} + %attr(0755,root,root) %{_libdir}/libcrypto.so.%{version} + %attr(0755,root,root) %{_libdir}/libcrypto.so.%{soversion} + %attr(0755,root,root) %{_libdir}/libssl.so.%{version} +@@ -451,9 +474,15 @@ + %dir %{_sysconfdir}/pki/CA/crl + %dir %{_sysconfdir}/pki/CA/newcerts + +-%ldconfig_scriptlets libs ++# for openssl-freefilesync ++%post libs -p /sbin/ldconfig ++ ++%postun libs -p /sbin/ldconfig + + %changelog ++* Wed Sep 18 2019 B Stack 1.1.1c-6.stack ++- rebuild for el7 for freefilesync ++ + * Fri Sep 6 2019 Tomáš Mráz 1.1.1c-6 + - upstream fix for status request extension non-compliance (#1737471) + -- cgit