summaryrefslogtreecommitdiff
path: root/openssl-freefilesync
diff options
context:
space:
mode:
authorB Stack <bgstack15@gmail.com>2019-10-18 12:39:23 +0000
committerB Stack <bgstack15@gmail.com>2019-10-18 12:39:23 +0000
commitd759954c9cb89dc6c98d8800899e2925660ad08c (patch)
tree30a4c7b0cb1c9eff135dae8c5c59ab5cb238ddfc /openssl-freefilesync
parentMerge branch 'oddjob-mkhomedir' into 'master' (diff)
parentwaterfox: el8 disable system_webp (diff)
downloadstackrpms-d759954c9cb89dc6c98d8800899e2925660ad08c.tar.gz
stackrpms-d759954c9cb89dc6c98d8800899e2925660ad08c.tar.bz2
stackrpms-d759954c9cb89dc6c98d8800899e2925660ad08c.zip
Merge branch 'centos-8' into 'master'
Add Centos 8 support Closes #12 See merge request bgstack15/stackrpms!93
Diffstat (limited to 'openssl-freefilesync')
-rw-r--r--openssl-freefilesync/Makefile.certificate82
-rw-r--r--openssl-freefilesync/README.FIPS72
-rw-r--r--openssl-freefilesync/ec_curve.c470
-rw-r--r--openssl-freefilesync/ectest.c920
-rwxr-xr-xopenssl-freefilesync/hobble-openssl40
-rwxr-xr-xopenssl-freefilesync/make-dummy-cert28
-rw-r--r--openssl-freefilesync/openssl-1.1.0-issuer-hash.patch11
-rw-r--r--openssl-freefilesync/openssl-1.1.0-no-html.patch12
-rw-r--r--openssl-freefilesync/openssl-1.1.1-apps-dgst.patch12
-rw-r--r--openssl-freefilesync/openssl-1.1.1-build.patch40
-rw-r--r--openssl-freefilesync/openssl-1.1.1-conf-paths.patch56
-rw-r--r--openssl-freefilesync/openssl-1.1.1-defaults.patch51
-rw-r--r--openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch91
-rw-r--r--openssl-freefilesync/openssl-1.1.1-ec-curves.patch210
-rw-r--r--openssl-freefilesync/openssl-1.1.1-evp-kdf.patch5262
-rw-r--r--openssl-freefilesync/openssl-1.1.1-fips-crng-test.patch407
-rw-r--r--openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch157
-rw-r--r--openssl-freefilesync/openssl-1.1.1-fips.patch11852
-rw-r--r--openssl-freefilesync/openssl-1.1.1-ignore-bound.patch14
-rw-r--r--openssl-freefilesync/openssl-1.1.1-man-rename.patch19
-rw-r--r--openssl-freefilesync/openssl-1.1.1-no-brainpool.patch116
-rw-r--r--openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch26
-rw-r--r--openssl-freefilesync/openssl-1.1.1-regression-fixes.patch16
-rw-r--r--openssl-freefilesync/openssl-1.1.1-s390x-update.patch5509
-rw-r--r--openssl-freefilesync/openssl-1.1.1-seclevel.patch65
-rw-r--r--openssl-freefilesync/openssl-1.1.1-ssh-kdf.patch5612
-rw-r--r--openssl-freefilesync/openssl-1.1.1-system-cipherlist.patch310
-rw-r--r--openssl-freefilesync/openssl-1.1.1-ts-sha256-default.patch50
-rw-r--r--openssl-freefilesync/openssl-1.1.1-upstream-sync.patch534
-rw-r--r--openssl-freefilesync/openssl-1.1.1-version-add-engines.patch38
-rw-r--r--openssl-freefilesync/openssl-1.1.1-version-override.patch12
-rw-r--r--openssl-freefilesync/openssl-1.1.1-weak-ciphers.patch57
-rw-r--r--openssl-freefilesync/openssl-1.1.1c-hobbled.tar.xzbin6262504 -> 0 bytes
-rw-r--r--openssl-freefilesync/openssl.spec2128
-rw-r--r--openssl-freefilesync/opensslconf-new-warning.h7
-rw-r--r--openssl-freefilesync/opensslconf-new.h47
-rw-r--r--openssl-freefilesync/readme-openssl-freefilesync.md12
-rwxr-xr-xopenssl-freefilesync/renew-dummy-cert39
-rw-r--r--openssl-freefilesync/stackrpms-openssl.spec.diff139
39 files changed, 0 insertions, 34523 deletions
diff --git a/openssl-freefilesync/Makefile.certificate b/openssl-freefilesync/Makefile.certificate
deleted file mode 100644
index cc88c52..0000000
--- a/openssl-freefilesync/Makefile.certificate
+++ /dev/null
@@ -1,82 +0,0 @@
-UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
-DAYS=365
-KEYLEN=2048
-TYPE=rsa:$(KEYLEN)
-EXTRA_FLAGS=
-ifdef SERIAL
- EXTRA_FLAGS+=-set_serial $(SERIAL)
-endif
-
-.PHONY: usage
-.SUFFIXES: .key .csr .crt .pem
-.PRECIOUS: %.key %.csr %.crt %.pem
-
-usage:
- @echo "This makefile allows you to create:"
- @echo " o public/private key pairs"
- @echo " o SSL certificate signing requests (CSRs)"
- @echo " o self-signed SSL test certificates"
- @echo
- @echo "To create a key pair, run \"make SOMETHING.key\"."
- @echo "To create a CSR, run \"make SOMETHING.csr\"."
- @echo "To create a test certificate, run \"make SOMETHING.crt\"."
- @echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"."
- @echo
- @echo "To create a key for use with Apache, run \"make genkey\"."
- @echo "To create a CSR for use with Apache, run \"make certreq\"."
- @echo "To create a test certificate for use with Apache, run \"make testcert\"."
- @echo
- @echo "To create a test certificate with serial number other than random, add SERIAL=num"
- @echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n"
- @echo "Any additional options can be passed to openssl req via EXTRA_FLAGS"
- @echo
- @echo Examples:
- @echo " make server.key"
- @echo " make server.csr"
- @echo " make server.crt"
- @echo " make stunnel.pem"
- @echo " make genkey"
- @echo " make certreq"
- @echo " make testcert"
- @echo " make server.crt SERIAL=1"
- @echo " make stunnel.pem EXTRA_FLAGS=-sha384"
- @echo " make testcert DAYS=600"
-
-%.pem:
- umask 77 ; \
- PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
- PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
- /usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \
- cat $$PEM1 > $@ ; \
- echo "" >> $@ ; \
- cat $$PEM2 >> $@ ; \
- $(RM) $$PEM1 $$PEM2
-
-%.key:
- umask 77 ; \
- /usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@
-
-%.csr: %.key
- umask 77 ; \
- /usr/bin/openssl req $(UTF8) -new -key $^ -out $@
-
-%.crt: %.key
- umask 77 ; \
- /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS)
-
-TLSROOT=/etc/pki/tls
-KEY=$(TLSROOT)/private/localhost.key
-CSR=$(TLSROOT)/certs/localhost.csr
-CRT=$(TLSROOT)/certs/localhost.crt
-
-genkey: $(KEY)
-certreq: $(CSR)
-testcert: $(CRT)
-
-$(CSR): $(KEY)
- umask 77 ; \
- /usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)
-
-$(CRT): $(KEY)
- umask 77 ; \
- /usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS)
diff --git a/openssl-freefilesync/README.FIPS b/openssl-freefilesync/README.FIPS
deleted file mode 100644
index a36c547..0000000
--- a/openssl-freefilesync/README.FIPS
+++ /dev/null
@@ -1,72 +0,0 @@
-User guide for the FIPS Red Hat Enterprise Linux - OpenSSL Module
-=================================================================
-
-This package contains libraries which comprise the FIPS 140-2
-Red Hat Enterprise Linux - OPENSSL Module.
-
-The module files
-================
-/usr/lib[64]/libcrypto.so.1.1.0
-/usr/lib[64]/libssl.so.1.1.0
-/usr/lib[64]/.libcrypto.so.1.1.0.hmac
-/usr/lib[64]/.libssl.so.1.1.0.hmac
-
-Dependencies
-============
-
-The approved mode of operation requires kernel with /dev/urandom RNG running
-with properties as defined in the security policy of the module. This is
-provided by kernel packages with validated Red Hat Enterprise Linux Kernel
-Crytographic Module.
-
-Installation
-============
-
-The RPM package of the module can be installed by standard tools recommended
-for installation of RPM packages on the Red Hat Enterprise Linux system (yum,
-rpm, RHN remote management tool).
-
-The RPM package dracut-fips must be installed for the approved mode of
-operation.
-
-Usage and API
-=============
-
-The module respects kernel command line FIPS setting. If the kernel command
-line contains option fips=1 the module will initialize in the FIPS approved
-mode of operation automatically. To allow for the automatic initialization the
-application using the module has to call one of the following API calls:
-
-- void OPENSSL_init_library(void) - this will do only a basic initialization
-of the library and does initialization of the FIPS approved mode without setting
-up EVP API with supported algorithms.
-
-- void OPENSSL_add_all_algorithms(void) - this API function calls
-OPENSSL_init() implicitly and also adds all approved algorithms to the EVP API
-in the approved mode
-
-- void SSL_library_init(void) - it calls OPENSSL_init() implicitly and also
-adds algorithms which are necessary for TLS protocol support and initializes
-the SSL library.
-
-To explicitely put the library to the approved mode the application can call
-the following function:
-
-- int FIPS_mode_set(int on) - if called with 1 as a parameter it will switch
-the library from the non-approved to the approved mode. If any of the selftests
-and integrity verification tests fail, the library is put into the error state
-and 0 is returned. If they succeed the return value is 1.
-
-To query the module whether it is in the approved mode or not:
-
-- int FIPS_mode(void) - returns 1 if the module is in the approved mode,
-0 otherwise.
-
-To query whether the module is in the error state:
-
-- int FIPS_selftest_failed(void) - returns 1 if the module is in the error
-state, 0 otherwise.
-
-To zeroize the FIPS RNG key and internal state the application calls:
-
-- void RAND_cleanup(void)
diff --git a/openssl-freefilesync/ec_curve.c b/openssl-freefilesync/ec_curve.c
deleted file mode 100644
index 58f8f3f..0000000
--- a/openssl-freefilesync/ec_curve.c
+++ /dev/null
@@ -1,470 +0,0 @@
-/*
- * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <string.h>
-#include "ec_lcl.h"
-#include <openssl/err.h>
-#include <openssl/obj_mac.h>
-#include <openssl/opensslconf.h>
-#include "internal/nelem.h"
-
-typedef struct {
- int field_type, /* either NID_X9_62_prime_field or
- * NID_X9_62_characteristic_two_field */
- seed_len, param_len;
- unsigned int cofactor; /* promoted to BN_ULONG */
-} EC_CURVE_DATA;
-
-/* the nist prime curves */
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 28 * 6];
-} _EC_NIST_PRIME_224 = {
- {
- NID_X9_62_prime_field, 20, 28, 1
- },
- {
- /* seed */
- 0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F,
- 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5,
- /* p */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01,
- /* a */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFE,
- /* b */
- 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
- 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
- 0x23, 0x55, 0xFF, 0xB4,
- /* x */
- 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
- 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
- 0x11, 0x5C, 0x1D, 0x21,
- /* y */
- 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
- 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
- 0x85, 0x00, 0x7e, 0x34,
- /* order */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
- 0x5C, 0x5C, 0x2A, 0x3D
- }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 48 * 6];
-} _EC_NIST_PRIME_384 = {
- {
- NID_X9_62_prime_field, 20, 48, 1
- },
- {
- /* seed */
- 0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A,
- 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73,
- /* p */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
- /* a */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC,
- /* b */
- 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B,
- 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12,
- 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D,
- 0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF,
- /* x */
- 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E,
- 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98,
- 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D,
- 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7,
- /* y */
- 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf,
- 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
- 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce,
- 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
- /* order */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2,
- 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73
- }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 66 * 6];
-} _EC_NIST_PRIME_521 = {
- {
- NID_X9_62_prime_field, 20, 66, 1
- },
- {
- /* seed */
- 0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17,
- 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA,
- /* p */
- 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- /* a */
- 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
- /* b */
- 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A,
- 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3,
- 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19,
- 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1,
- 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45,
- 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00,
- /* x */
- 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E,
- 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F,
- 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B,
- 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF,
- 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E,
- 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66,
- /* y */
- 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a,
- 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
- 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee,
- 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
- 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
- 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
- /* order */
- 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86,
- 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
- 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F,
- 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09
- }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 32 * 6];
-} _EC_X9_62_PRIME_256V1 = {
- {
- NID_X9_62_prime_field, 20, 32, 1
- },
- {
- /* seed */
- 0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1,
- 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90,
- /* p */
- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- /* a */
- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
- /* b */
- 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55,
- 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6,
- 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B,
- /* x */
- 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5,
- 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0,
- 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96,
- /* y */
- 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a,
- 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
- 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
- /* order */
- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
- 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
- }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[0 + 32 * 6];
-} _EC_SECG_PRIME_256K1 = {
- {
- NID_X9_62_prime_field, 0, 32, 1
- },
- {
- /* no seed */
- /* p */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
- /* a */
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- /* b */
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
- /* x */
- 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95,
- 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9,
- 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98,
- /* y */
- 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc,
- 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19,
- 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8,
- /* order */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
- 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
- }
-};
-
-typedef struct _ec_list_element_st {
- int nid;
- const EC_CURVE_DATA *data;
- const EC_METHOD *(*meth) (void);
- const char *comment;
-} ec_list_element;
-
-static const ec_list_element curve_list[] = {
- /* prime field curves */
- /* secg curves */
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
- {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
- "NIST/SECG curve over a 224 bit prime field"},
-#else
- {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
- "NIST/SECG curve over a 224 bit prime field"},
-#endif
- {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
- "SECG curve over a 256 bit prime field"},
- /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
- {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0,
- "NIST/SECG curve over a 384 bit prime field"},
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
- {NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method,
- "NIST/SECG curve over a 521 bit prime field"},
-#else
- {NID_secp521r1, &_EC_NIST_PRIME_521.h, 0,
- "NIST/SECG curve over a 521 bit prime field"},
-#endif
- /* X9.62 curves */
- {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
-#if defined(ECP_NISTZ256_ASM)
- EC_GFp_nistz256_method,
-#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
- EC_GFp_nistp256_method,
-#else
- 0,
-#endif
- "X9.62/SECG curve over a 256 bit prime field"},
-};
-
-#define curve_list_length OSSL_NELEM(curve_list)
-
-static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
-{
- EC_GROUP *group = NULL;
- EC_POINT *P = NULL;
- BN_CTX *ctx = NULL;
- BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order =
- NULL;
- int ok = 0;
- int seed_len, param_len;
- const EC_METHOD *meth;
- const EC_CURVE_DATA *data;
- const unsigned char *params;
-
- /* If no curve data curve method must handle everything */
- if (curve.data == NULL)
- return EC_GROUP_new(curve.meth != NULL ? curve.meth() : NULL);
-
- if ((ctx = BN_CTX_new()) == NULL) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- data = curve.data;
- seed_len = data->seed_len;
- param_len = data->param_len;
- params = (const unsigned char *)(data + 1); /* skip header */
- params += seed_len; /* skip seed */
-
- if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL
- || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL
- || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
- goto err;
- }
-
- if (curve.meth != 0) {
- meth = curve.meth();
- if (((group = EC_GROUP_new(meth)) == NULL) ||
- (!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
- } else if (data->field_type == NID_X9_62_prime_field) {
- if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
- }
-#ifndef OPENSSL_NO_EC2M
- else { /* field_type ==
- * NID_X9_62_characteristic_two_field */
-
- if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
- }
-#endif
-
- EC_GROUP_set_curve_name(group, curve.nid);
-
- if ((P = EC_POINT_new(group)) == NULL) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
-
- if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL
- || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
- goto err;
- }
- if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
- if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL
- || !BN_set_word(x, (BN_ULONG)data->cofactor)) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
- goto err;
- }
- if (!EC_GROUP_set_generator(group, P, order, x)) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
- if (seed_len) {
- if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
- }
- ok = 1;
- err:
- if (!ok) {
- EC_GROUP_free(group);
- group = NULL;
- }
- EC_POINT_free(P);
- BN_CTX_free(ctx);
- BN_free(p);
- BN_free(a);
- BN_free(b);
- BN_free(order);
- BN_free(x);
- BN_free(y);
- return group;
-}
-
-EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
-{
- size_t i;
- EC_GROUP *ret = NULL;
-
- if (nid <= 0)
- return NULL;
-
- for (i = 0; i < curve_list_length; i++)
- if (curve_list[i].nid == nid) {
- ret = ec_group_new_from_data(curve_list[i]);
- break;
- }
-
- if (ret == NULL) {
- ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
- return NULL;
- }
-
- return ret;
-}
-
-size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
-{
- size_t i, min;
-
- if (r == NULL || nitems == 0)
- return curve_list_length;
-
- min = nitems < curve_list_length ? nitems : curve_list_length;
-
- for (i = 0; i < min; i++) {
- r[i].nid = curve_list[i].nid;
- r[i].comment = curve_list[i].comment;
- }
-
- return curve_list_length;
-}
-
-/* Functions to translate between common NIST curve names and NIDs */
-
-typedef struct {
- const char *name; /* NIST Name of curve */
- int nid; /* Curve NID */
-} EC_NIST_NAME;
-
-static EC_NIST_NAME nist_curves[] = {
- {"B-163", NID_sect163r2},
- {"B-233", NID_sect233r1},
- {"B-283", NID_sect283r1},
- {"B-409", NID_sect409r1},
- {"B-571", NID_sect571r1},
- {"K-163", NID_sect163k1},
- {"K-233", NID_sect233k1},
- {"K-283", NID_sect283k1},
- {"K-409", NID_sect409k1},
- {"K-571", NID_sect571k1},
- {"P-192", NID_X9_62_prime192v1},
- {"P-224", NID_secp224r1},
- {"P-256", NID_X9_62_prime256v1},
- {"P-384", NID_secp384r1},
- {"P-521", NID_secp521r1}
-};
-
-const char *EC_curve_nid2nist(int nid)
-{
- size_t i;
- for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
- if (nist_curves[i].nid == nid)
- return nist_curves[i].name;
- }
- return NULL;
-}
-
-int EC_curve_nist2nid(const char *name)
-{
- size_t i;
- for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
- if (strcmp(nist_curves[i].name, name) == 0)
- return nist_curves[i].nid;
- }
- return NID_undef;
-}
diff --git a/openssl-freefilesync/ectest.c b/openssl-freefilesync/ectest.c
deleted file mode 100644
index 53adf88..0000000
--- a/openssl-freefilesync/ectest.c
+++ /dev/null
@@ -1,920 +0,0 @@
-/*
- * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "internal/nelem.h"
-#include "testutil.h"
-
-#ifndef OPENSSL_NO_EC
-# include <openssl/ec.h>
-# ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-# endif
-# include <openssl/err.h>
-# include <openssl/obj_mac.h>
-# include <openssl/objects.h>
-# include <openssl/rand.h>
-# include <openssl/bn.h>
-# include <openssl/opensslconf.h>
-
-static size_t crv_len = 0;
-static EC_builtin_curve *curves = NULL;
-
-/* test multiplication with group order, long and negative scalars */
-static int group_order_tests(EC_GROUP *group)
-{
- BIGNUM *n1 = NULL, *n2 = NULL, *order = NULL;
- EC_POINT *P = NULL, *Q = NULL, *R = NULL, *S = NULL;
- const EC_POINT *G = NULL;
- BN_CTX *ctx = NULL;
- int i = 0, r = 0;
-
- if (!TEST_ptr(n1 = BN_new())
- || !TEST_ptr(n2 = BN_new())
- || !TEST_ptr(order = BN_new())
- || !TEST_ptr(ctx = BN_CTX_new())
- || !TEST_ptr(G = EC_GROUP_get0_generator(group))
- || !TEST_ptr(P = EC_POINT_new(group))
- || !TEST_ptr(Q = EC_POINT_new(group))
- || !TEST_ptr(R = EC_POINT_new(group))
- || !TEST_ptr(S = EC_POINT_new(group)))
- goto err;
-
- if (!TEST_true(EC_GROUP_get_order(group, order, ctx))
- || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
- || !TEST_true(EC_POINT_is_at_infinity(group, Q))
- || !TEST_true(EC_GROUP_precompute_mult(group, ctx))
- || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
- || !TEST_true(EC_POINT_is_at_infinity(group, Q))
- || !TEST_true(EC_POINT_copy(P, G))
- || !TEST_true(BN_one(n1))
- || !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx))
- || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))
- || !TEST_true(BN_sub(n1, order, n1))
- || !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx))
- || !TEST_true(EC_POINT_invert(group, Q, ctx))
- || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)))
- goto err;
-
- for (i = 1; i <= 2; i++) {
- const BIGNUM *scalars[6];
- const EC_POINT *points[6];
-
- if (!TEST_true(BN_set_word(n1, i))
- /*
- * If i == 1, P will be the predefined generator for which
- * EC_GROUP_precompute_mult has set up precomputation.
- */
- || !TEST_true(EC_POINT_mul(group, P, n1, NULL, NULL, ctx))
- || (i == 1 && !TEST_int_eq(0, EC_POINT_cmp(group, P, G, ctx)))
- || !TEST_true(BN_one(n1))
- /* n1 = 1 - order */
- || !TEST_true(BN_sub(n1, n1, order))
- || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n1, ctx))
- || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))
-
- /* n2 = 1 + order */
- || !TEST_true(BN_add(n2, order, BN_value_one()))
- || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx))
- || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))
-
- /* n2 = (1 - order) * (1 + order) = 1 - order^2 */
- || !TEST_true(BN_mul(n2, n1, n2, ctx))
- || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx))
- || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)))
- goto err;
-
- /* n2 = order^2 - 1 */
- BN_set_negative(n2, 0);
- if (!TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx))
- /* Add P to verify the result. */
- || !TEST_true(EC_POINT_add(group, Q, Q, P, ctx))
- || !TEST_true(EC_POINT_is_at_infinity(group, Q))
-
- /* Exercise EC_POINTs_mul, including corner cases. */
- || !TEST_false(EC_POINT_is_at_infinity(group, P)))
- goto err;
-
- scalars[0] = scalars[1] = BN_value_one();
- points[0] = points[1] = P;
-
- if (!TEST_true(EC_POINTs_mul(group, R, NULL, 2, points, scalars, ctx))
- || !TEST_true(EC_POINT_dbl(group, S, points[0], ctx))
- || !TEST_int_eq(0, EC_POINT_cmp(group, R, S, ctx)))
- goto err;
-
- scalars[0] = n1;
- points[0] = Q; /* => infinity */
- scalars[1] = n2;
- points[1] = P; /* => -P */
- scalars[2] = n1;
- points[2] = Q; /* => infinity */
- scalars[3] = n2;
- points[3] = Q; /* => infinity */
- scalars[4] = n1;
- points[4] = P; /* => P */
- scalars[5] = n2;
- points[5] = Q; /* => infinity */
- if (!TEST_true(EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx))
- || !TEST_true(EC_POINT_is_at_infinity(group, P)))
- goto err;
- }
-
- r = 1;
-err:
- if (r == 0 && i != 0)
- TEST_info(i == 1 ? "allowing precomputation" :
- "without precomputation");
- EC_POINT_free(P);
- EC_POINT_free(Q);
- EC_POINT_free(R);
- EC_POINT_free(S);
- BN_free(n1);
- BN_free(n2);
- BN_free(order);
- BN_CTX_free(ctx);
- return r;
-}
-
-static int prime_field_tests(void)
-{
- BN_CTX *ctx = NULL;
- BIGNUM *p = NULL, *a = NULL, *b = NULL, *scalar3 = NULL;
- EC_GROUP *group = NULL, *tmp = NULL;
- EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL,
- *P_256 = NULL, *P_384 = NULL, *P_521 = NULL;
- EC_POINT *P = NULL, *Q = NULL, *R = NULL;
- BIGNUM *x = NULL, *y = NULL, *z = NULL, *yplusone = NULL;
- const EC_POINT *points[4];
- const BIGNUM *scalars[4];
- unsigned char buf[100];
- size_t len, r = 0;
- int k;
-
- if (!TEST_ptr(ctx = BN_CTX_new())
- || !TEST_ptr(p = BN_new())
- || !TEST_ptr(a = BN_new())
- || !TEST_ptr(b = BN_new())
- /*
- * applications should use EC_GROUP_new_curve_GFp so
- * that the library gets to choose the EC_METHOD
- */
- || !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method()))
- || !TEST_ptr(tmp = EC_GROUP_new(EC_GROUP_method_of(group)))
- || !TEST_true(EC_GROUP_copy(tmp, group)))
- goto err;
- EC_GROUP_free(group);
- group = tmp;
- tmp = NULL;
-
- buf[0] = 0;
- if (!TEST_ptr(P = EC_POINT_new(group))
- || !TEST_ptr(Q = EC_POINT_new(group))
- || !TEST_ptr(R = EC_POINT_new(group))
- || !TEST_ptr(x = BN_new())
- || !TEST_ptr(y = BN_new())
- || !TEST_ptr(z = BN_new())
- || !TEST_ptr(yplusone = BN_new()))
- goto err;
-
- /* Curve P-224 (FIPS PUB 186-2, App. 6) */
-
- if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFF000000000000000000000001"))
- || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
- || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"))
- || !TEST_true(BN_hex2bn(&b, "B4050A850C04B3ABF5413256"
- "5044B0B7D7BFD8BA270B39432355FFB4"))
- || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
- || !TEST_true(BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B9"
- "4A03C1D356C21122343280D6115C1D21"))
- || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx))
- || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
- || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFF16A2E0B8F03E13DD29455C5C2A3D"))
- || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
- || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
- goto err;
-
- TEST_info("NIST curve P-224 -- Generator");
- test_output_bignum("x", x);
- test_output_bignum("y", y);
- /* G_y value taken from the standard: */
- if (!TEST_true(BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6"
- "CD4375A05A07476444D5819985007E34"))
- || !TEST_BN_eq(y, z)
- || !TEST_true(BN_add(yplusone, y, BN_value_one()))
- /*
- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
- * and therefore setting the coordinates should fail.
- */
- || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
- ctx))
- || !TEST_int_eq(EC_GROUP_get_degree(group), 224)
- || !group_order_tests(group)
- || !TEST_ptr(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))
- || !TEST_true(EC_GROUP_copy(P_224, group))
-
- /* Curve P-256 (FIPS PUB 186-2, App. 6) */
-
- || !TEST_true(BN_hex2bn(&p, "FFFFFFFF000000010000000000000000"
- "00000000FFFFFFFFFFFFFFFFFFFFFFFF"))
- || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
- || !TEST_true(BN_hex2bn(&a, "FFFFFFFF000000010000000000000000"
- "00000000FFFFFFFFFFFFFFFFFFFFFFFC"))
- || !TEST_true(BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC"
- "651D06B0CC53B0F63BCE3C3E27D2604B"))
- || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
-
- || !TEST_true(BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F2"
- "77037D812DEB33A0F4A13945D898C296"))
- || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx))
- || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
- || !TEST_true(BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFF"
- "BCE6FAADA7179E84F3B9CAC2FC632551"))
- || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
- || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
- goto err;
-
- TEST_info("NIST curve P-256 -- Generator");
- test_output_bignum("x", x);
- test_output_bignum("y", y);
- /* G_y value taken from the standard: */
- if (!TEST_true(BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16"
- "2BCE33576B315ECECBB6406837BF51F5"))
- || !TEST_BN_eq(y, z)
- || !TEST_true(BN_add(yplusone, y, BN_value_one()))
- /*
- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
- * and therefore setting the coordinates should fail.
- */
- || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
- ctx))
- || !TEST_int_eq(EC_GROUP_get_degree(group), 256)
- || !group_order_tests(group)
- || !TEST_ptr(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))
- || !TEST_true(EC_GROUP_copy(P_256, group))
-
- /* Curve P-384 (FIPS PUB 186-2, App. 6) */
-
- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
- "FFFFFFFF0000000000000000FFFFFFFF"))
- || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
- || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
- "FFFFFFFF0000000000000000FFFFFFFC"))
- || !TEST_true(BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19"
- "181D9C6EFE8141120314088F5013875A"
- "C656398D8A2ED19D2A85C8EDD3EC2AEF"))
- || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
-
- || !TEST_true(BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD74"
- "6E1D3B628BA79B9859F741E082542A38"
- "5502F25DBF55296C3A545E3872760AB7"))
- || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx))
- || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
- || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFC7634D81F4372DDF"
- "581A0DB248B0A77AECEC196ACCC52973"))
- || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
- || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
- goto err;
-
- TEST_info("NIST curve P-384 -- Generator");
- test_output_bignum("x", x);
- test_output_bignum("y", y);
- /* G_y value taken from the standard: */
- if (!TEST_true(BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29"
- "F8F41DBD289A147CE9DA3113B5F0B8C0"
- "0A60B1CE1D7E819D7A431D7C90EA0E5F"))
- || !TEST_BN_eq(y, z)
- || !TEST_true(BN_add(yplusone, y, BN_value_one()))
- /*
- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
- * and therefore setting the coordinates should fail.
- */
- || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
- ctx))
- || !TEST_int_eq(EC_GROUP_get_degree(group), 384)
- || !group_order_tests(group)
- || !TEST_ptr(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))
- || !TEST_true(EC_GROUP_copy(P_384, group))
-
- /* Curve P-521 (FIPS PUB 186-2, App. 6) */
- || !TEST_true(BN_hex2bn(&p, "1FF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"))
- || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
- || !TEST_true(BN_hex2bn(&a, "1FF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC"))
- || !TEST_true(BN_hex2bn(&b, "051"
- "953EB9618E1C9A1F929A21A0B68540EE"
- "A2DA725B99B315F3B8B489918EF109E1"
- "56193951EC7E937B1652C0BD3BB1BF07"
- "3573DF883D2C34F1EF451FD46B503F00"))
- || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
- || !TEST_true(BN_hex2bn(&x, "C6"
- "858E06B70404E9CD9E3ECB662395B442"
- "9C648139053FB521F828AF606B4D3DBA"
- "A14B5E77EFE75928FE1DC127A2FFA8DE"
- "3348B3C1856A429BF97E7E31C2E5BD66"))
- || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx))
- || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
- || !TEST_true(BN_hex2bn(&z, "1FF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA"
- "51868783BF2F966B7FCC0148F709A5D0"
- "3BB5C9B8899C47AEBB6FB71E91386409"))
- || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
- || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
- goto err;
-
- TEST_info("NIST curve P-521 -- Generator");
- test_output_bignum("x", x);
- test_output_bignum("y", y);
- /* G_y value taken from the standard: */
- if (!TEST_true(BN_hex2bn(&z, "118"
- "39296A789A3BC0045C8A5FB42C7D1BD9"
- "98F54449579B446817AFBD17273E662C"
- "97EE72995EF42640C550B9013FAD0761"
- "353C7086A272C24088BE94769FD16650"))
- || !TEST_BN_eq(y, z)
- || !TEST_true(BN_add(yplusone, y, BN_value_one()))
- /*
- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
- * and therefore setting the coordinates should fail.
- */
- || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
- ctx))
- || !TEST_int_eq(EC_GROUP_get_degree(group), 521)
- || !group_order_tests(group)
- || !TEST_ptr(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))
- || !TEST_true(EC_GROUP_copy(P_521, group))
-
- /* more tests using the last curve */
-
- /* Restore the point that got mangled in the (x, y + 1) test. */
- || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx))
- || !TEST_true(EC_POINT_copy(Q, P))
- || !TEST_false(EC_POINT_is_at_infinity(group, Q))
- || !TEST_true(EC_POINT_dbl(group, P, P, ctx))
- || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
- || !TEST_true(EC_POINT_invert(group, Q, ctx)) /* P = -2Q */
- || !TEST_true(EC_POINT_add(group, R, P, Q, ctx))
- || !TEST_true(EC_POINT_add(group, R, R, Q, ctx))
- || !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */
- || !TEST_false(EC_POINT_is_at_infinity(group, Q)))
- goto err;
- points[0] = Q;
- points[1] = Q;
- points[2] = Q;
- points[3] = Q;
-
- if (!TEST_true(EC_GROUP_get_order(group, z, ctx))
- || !TEST_true(BN_add(y, z, BN_value_one()))
- || !TEST_BN_even(y)
- || !TEST_true(BN_rshift1(y, y)))
- goto err;
- scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
- scalars[1] = y;
-
- TEST_note("combined multiplication ...");
-
- /* z is still the group order */
- if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
- || !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
- || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx))
- || !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx))
- || !TEST_true(BN_rand(y, BN_num_bits(y), 0, 0))
- || !TEST_true(BN_add(z, z, y)))
- goto err;
- BN_set_negative(z, 1);
- scalars[0] = y;
- scalars[1] = z; /* z = -(order + y) */
-
- if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
- || !TEST_true(EC_POINT_is_at_infinity(group, P))
- || !TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0))
- || !TEST_true(BN_add(z, x, y)))
- goto err;
- BN_set_negative(z, 1);
- scalars[0] = x;
- scalars[1] = y;
- scalars[2] = z; /* z = -(x+y) */
-
- if (!TEST_ptr(scalar3 = BN_new()))
- goto err;
- BN_zero(scalar3);
- scalars[3] = scalar3;
-
- if (!TEST_true(EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
- || !TEST_true(EC_POINT_is_at_infinity(group, P)))
- goto err;
-
- TEST_note(" ok\n");
-
-
- r = 1;
-err:
- BN_CTX_free(ctx);
- BN_free(p);
- BN_free(a);
- BN_free(b);
- EC_GROUP_free(group);
- EC_GROUP_free(tmp);
- EC_POINT_free(P);
- EC_POINT_free(Q);
- EC_POINT_free(R);
- BN_free(x);
- BN_free(y);
- BN_free(z);
- BN_free(yplusone);
- BN_free(scalar3);
-
- EC_GROUP_free(P_224);
- EC_GROUP_free(P_256);
- EC_GROUP_free(P_384);
- EC_GROUP_free(P_521);
- return r;
-}
-
-static int internal_curve_test(int n)
-{
- EC_GROUP *group = NULL;
- int nid = curves[n].nid;
-
- if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) {
- TEST_info("EC_GROUP_new_curve_name() failed with curve %s\n",
- OBJ_nid2sn(nid));
- return 0;
- }
- if (!TEST_true(EC_GROUP_check(group, NULL))) {
- TEST_info("EC_GROUP_check() failed with curve %s\n", OBJ_nid2sn(nid));
- EC_GROUP_free(group);
- return 0;
- }
- EC_GROUP_free(group);
- return 1;
-}
-
-static int internal_curve_test_method(int n)
-{
- int r, nid = curves[n].nid;
- EC_GROUP *group;
-
- if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) {
- TEST_info("Curve %s failed\n", OBJ_nid2sn(nid));
- return 0;
- }
- r = group_order_tests(group);
- EC_GROUP_free(group);
- return r;
-}
-
-# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-/*
- * nistp_test_params contains magic numbers for testing our optimized
- * implementations of several NIST curves with characteristic > 3.
- */
-struct nistp_test_params {
- const EC_METHOD *(*meth) (void);
- int degree;
- /*
- * Qx, Qy and D are taken from
- * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
- * Otherwise, values are standard curve parameters from FIPS 180-3
- */
- const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
-};
-
-static const struct nistp_test_params nistp_tests_params[] = {
- {
- /* P-224 */
- EC_GFp_nistp224_method,
- 224,
- /* p */
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
- /* a */
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
- /* b */
- "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
- /* Qx */
- "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E",
- /* Qy */
- "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555",
- /* Gx */
- "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
- /* Gy */
- "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
- /* order */
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
- /* d */
- "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8",
- },
- {
- /* P-256 */
- EC_GFp_nistp256_method,
- 256,
- /* p */
- "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
- /* a */
- "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
- /* b */
- "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
- /* Qx */
- "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19",
- /* Qy */
- "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09",
- /* Gx */
- "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
- /* Gy */
- "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
- /* order */
- "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
- /* d */
- "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96",
- },
- {
- /* P-521 */
- EC_GFp_nistp521_method,
- 521,
- /* p */
- "1ff"
- "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
- "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
- /* a */
- "1ff"
- "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
- "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
- /* b */
- "051"
- "953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e1"
- "56193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
- /* Qx */
- "0098"
- "e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e"
- "59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4",
- /* Qy */
- "0164"
- "350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8"
- "554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e",
- /* Gx */
- "c6"
- "858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dba"
- "a14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
- /* Gy */
- "118"
- "39296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c"
- "97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
- /* order */
- "1ff"
- "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa"
- "51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
- /* d */
- "0100"
- "085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eee"
- "df09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722",
- },
-};
-
-static int nistp_single_test(int idx)
-{
- const struct nistp_test_params *test = nistp_tests_params + idx;
- BN_CTX *ctx = NULL;
- BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL;
- BIGNUM *n = NULL, *m = NULL, *order = NULL, *yplusone = NULL;
- EC_GROUP *NISTP = NULL;
- EC_POINT *G = NULL, *P = NULL, *Q = NULL, *Q_CHECK = NULL;
- int r = 0;
-
- TEST_note("NIST curve P-%d (optimised implementation):",
- test->degree);
- if (!TEST_ptr(ctx = BN_CTX_new())
- || !TEST_ptr(p = BN_new())
- || !TEST_ptr(a = BN_new())
- || !TEST_ptr(b = BN_new())
- || !TEST_ptr(x = BN_new())
- || !TEST_ptr(y = BN_new())
- || !TEST_ptr(m = BN_new())
- || !TEST_ptr(n = BN_new())
- || !TEST_ptr(order = BN_new())
- || !TEST_ptr(yplusone = BN_new())
-
- || !TEST_ptr(NISTP = EC_GROUP_new(test->meth()))
- || !TEST_true(BN_hex2bn(&p, test->p))
- || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
- || !TEST_true(BN_hex2bn(&a, test->a))
- || !TEST_true(BN_hex2bn(&b, test->b))
- || !TEST_true(EC_GROUP_set_curve(NISTP, p, a, b, ctx))
- || !TEST_ptr(G = EC_POINT_new(NISTP))
- || !TEST_ptr(P = EC_POINT_new(NISTP))
- || !TEST_ptr(Q = EC_POINT_new(NISTP))
- || !TEST_ptr(Q_CHECK = EC_POINT_new(NISTP))
- || !TEST_true(BN_hex2bn(&x, test->Qx))
- || !TEST_true(BN_hex2bn(&y, test->Qy))
- || !TEST_true(BN_add(yplusone, y, BN_value_one()))
- /*
- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
- * and therefore setting the coordinates should fail.
- */
- || !TEST_false(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x,
- yplusone, ctx))
- || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, y,
- ctx))
- || !TEST_true(BN_hex2bn(&x, test->Gx))
- || !TEST_true(BN_hex2bn(&y, test->Gy))
- || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, G, x, y, ctx))
- || !TEST_true(BN_hex2bn(&order, test->order))
- || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
- || !TEST_int_eq(EC_GROUP_get_degree(NISTP), test->degree))
- goto err;
-
- TEST_note("NIST test vectors ... ");
- if (!TEST_true(BN_hex2bn(&n, test->d)))
- goto err;
- /* fixed point multiplication */
- EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
- if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
- goto err;
- /* random point multiplication */
- EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
- if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-
- /* set generator to P = 2*G, where G is the standard generator */
- || !TEST_true(EC_POINT_dbl(NISTP, P, G, ctx))
- || !TEST_true(EC_GROUP_set_generator(NISTP, P, order, BN_value_one()))
- /* set the scalar to m=n/2, where n is the NIST test scalar */
- || !TEST_true(BN_rshift(m, n, 1)))
- goto err;
-
- /* test the non-standard generator */
- /* fixed point multiplication */
- EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
- if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
- goto err;
- /* random point multiplication */
- EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
- if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-
- /*
- * We have not performed precomputation so have_precompute mult should be
- * false
- */
- || !TEST_false(EC_GROUP_have_precompute_mult(NISTP))
-
- /* now repeat all tests with precomputation */
- || !TEST_true(EC_GROUP_precompute_mult(NISTP, ctx))
- || !TEST_true(EC_GROUP_have_precompute_mult(NISTP)))
- goto err;
-
- /* fixed point multiplication */
- EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
- if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
- goto err;
- /* random point multiplication */
- EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
- if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-
- /* reset generator */
- || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one())))
- goto err;
- /* fixed point multiplication */
- EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
- if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
- goto err;
- /* random point multiplication */
- EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
- if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
- goto err;
-
- /* regression test for felem_neg bug */
- if (!TEST_true(BN_set_word(m, 32))
- || !TEST_true(BN_set_word(n, 31))
- || !TEST_true(EC_POINT_copy(P, G))
- || !TEST_true(EC_POINT_invert(NISTP, P, ctx))
- || !TEST_true(EC_POINT_mul(NISTP, Q, m, P, n, ctx))
- || !TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, G, ctx)))
- goto err;
-
- r = group_order_tests(NISTP);
-err:
- EC_GROUP_free(NISTP);
- EC_POINT_free(G);
- EC_POINT_free(P);
- EC_POINT_free(Q);
- EC_POINT_free(Q_CHECK);
- BN_free(n);
- BN_free(m);
- BN_free(p);
- BN_free(a);
- BN_free(b);
- BN_free(x);
- BN_free(y);
- BN_free(order);
- BN_free(yplusone);
- BN_CTX_free(ctx);
- return r;
-}
-
-/*
- * Tests a point known to cause an incorrect underflow in an old version of
- * ecp_nist521.c
- */
-static int underflow_test(void)
-{
- BN_CTX *ctx = NULL;
- EC_GROUP *grp = NULL;
- EC_POINT *P = NULL, *Q = NULL, *R = NULL;
- BIGNUM *x1 = NULL, *y1 = NULL, *z1 = NULL, *x2 = NULL, *y2 = NULL;
- BIGNUM *k = NULL;
- int testresult = 0;
- const char *x1str =
- "1534f0077fffffe87e9adcfe000000000000000000003e05a21d2400002e031b1f4"
- "b80000c6fafa4f3c1288798d624a247b5e2ffffffffffffffefe099241900004";
- const char *p521m1 =
- "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
- "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe";
-
- ctx = BN_CTX_new();
- if (!TEST_ptr(ctx))
- return 0;
-
- BN_CTX_start(ctx);
- x1 = BN_CTX_get(ctx);
- y1 = BN_CTX_get(ctx);
- z1 = BN_CTX_get(ctx);
- x2 = BN_CTX_get(ctx);
- y2 = BN_CTX_get(ctx);
- k = BN_CTX_get(ctx);
- if (!TEST_ptr(k))
- goto err;
-
- grp = EC_GROUP_new_by_curve_name(NID_secp521r1);
- P = EC_POINT_new(grp);
- Q = EC_POINT_new(grp);
- R = EC_POINT_new(grp);
- if (!TEST_ptr(grp) || !TEST_ptr(P) || !TEST_ptr(Q) || !TEST_ptr(R))
- goto err;
-
- if (!TEST_int_gt(BN_hex2bn(&x1, x1str), 0)
- || !TEST_int_gt(BN_hex2bn(&y1, p521m1), 0)
- || !TEST_int_gt(BN_hex2bn(&z1, p521m1), 0)
- || !TEST_int_gt(BN_hex2bn(&k, "02"), 0)
- || !TEST_true(EC_POINT_set_Jprojective_coordinates_GFp(grp, P, x1,
- y1, z1, ctx))
- || !TEST_true(EC_POINT_mul(grp, Q, NULL, P, k, ctx))
- || !TEST_true(EC_POINT_get_affine_coordinates(grp, Q, x1, y1, ctx))
- || !TEST_true(EC_POINT_dbl(grp, R, P, ctx))
- || !TEST_true(EC_POINT_get_affine_coordinates(grp, R, x2, y2, ctx)))
- goto err;
-
- if (!TEST_int_eq(BN_cmp(x1, x2), 0)
- || !TEST_int_eq(BN_cmp(y1, y2), 0))
- goto err;
-
- testresult = 1;
-
- err:
- BN_CTX_end(ctx);
- EC_POINT_free(P);
- EC_POINT_free(Q);
- EC_POINT_free(R);
- EC_GROUP_free(grp);
- BN_CTX_free(ctx);
-
- return testresult;
-}
-# endif
-
-static const unsigned char p521_named[] = {
- 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23,
-};
-
-static const unsigned char p521_explicit[] = {
- 0x30, 0x82, 0x01, 0xc3, 0x02, 0x01, 0x01, 0x30, 0x4d, 0x06, 0x07, 0x2a,
- 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x42, 0x01, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0x30, 0x81, 0x9f, 0x04, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xfc, 0x04, 0x42, 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, 0x9a,
- 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, 0x40, 0xee, 0xa2, 0xda, 0x72,
- 0x5b, 0x99, 0xb3, 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1, 0x09,
- 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, 0x93, 0x7b, 0x16, 0x52, 0xc0,
- 0xbd, 0x3b, 0xb1, 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, 0x34,
- 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50, 0x3f, 0x00, 0x03, 0x15, 0x00,
- 0xd0, 0x9e, 0x88, 0x00, 0x29, 0x1c, 0xb8, 0x53, 0x96, 0xcc, 0x67, 0x17,
- 0x39, 0x32, 0x84, 0xaa, 0xa0, 0xda, 0x64, 0xba, 0x04, 0x81, 0x85, 0x04,
- 0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, 0xe9, 0xcd, 0x9e, 0x3e,
- 0xcb, 0x66, 0x23, 0x95, 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f,
- 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d, 0x3d, 0xba, 0xa1, 0x4b,
- 0x5e, 0x77, 0xef, 0xe7, 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff,
- 0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, 0x42, 0x9b, 0xf9, 0x7e,
- 0x7e, 0x31, 0xc2, 0xe5, 0xbd, 0x66, 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78,
- 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9,
- 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17,
- 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40,
- 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86,
- 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
- 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfa,
- 0x51, 0x86, 0x87, 0x83, 0xbf, 0x2f, 0x96, 0x6b, 0x7f, 0xcc, 0x01, 0x48,
- 0xf7, 0x09, 0xa5, 0xd0, 0x3b, 0xb5, 0xc9, 0xb8, 0x89, 0x9c, 0x47, 0xae,
- 0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01,
-};
-
-static int parameter_test(void)
-{
- EC_GROUP *group = NULL, *group2 = NULL;
- ECPARAMETERS *ecparameters = NULL;
- unsigned char *buf = NULL;
- int r = 0, len;
-
- if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp384r1))
- || !TEST_ptr(ecparameters = EC_GROUP_get_ecparameters(group, NULL))
- || !TEST_ptr(group2 = EC_GROUP_new_from_ecparameters(ecparameters))
- || !TEST_int_eq(EC_GROUP_cmp(group, group2, NULL), 0))
- goto err;
-
- EC_GROUP_free(group);
- group = NULL;
-
- /* Test the named curve encoding, which should be default. */
- if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp521r1))
- || !TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0)
- || !TEST_mem_eq(buf, len, p521_named, sizeof(p521_named)))
- goto err;
-
- OPENSSL_free(buf);
- buf = NULL;
-
- /*
- * Test the explicit encoding. P-521 requires correctly zero-padding the
- * curve coefficients.
- */
- EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
- if (!TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0)
- || !TEST_mem_eq(buf, len, p521_explicit, sizeof(p521_explicit)))
- goto err;
-
- r = 1;
-err:
- EC_GROUP_free(group);
- EC_GROUP_free(group2);
- ECPARAMETERS_free(ecparameters);
- OPENSSL_free(buf);
- return r;
-}
-#endif
-
-int setup_tests(void)
-{
-#ifndef OPENSSL_NO_EC
- crv_len = EC_get_builtin_curves(NULL, 0);
- if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len))
- || !TEST_true(EC_get_builtin_curves(curves, crv_len)))
- return 0;
-
- ADD_TEST(parameter_test);
- ADD_TEST(prime_field_tests);
-# ifndef OPENSSL_NO_EC2M
- ADD_TEST(char2_field_tests);
- ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests));
-# endif
-# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
- ADD_ALL_TESTS(nistp_single_test, OSSL_NELEM(nistp_tests_params));
- ADD_TEST(underflow_test);
-# endif
- ADD_ALL_TESTS(internal_curve_test, crv_len);
- ADD_ALL_TESTS(internal_curve_test_method, crv_len);
-#endif
- return 1;
-}
-
-void cleanup_tests(void)
-{
-#ifndef OPENSSL_NO_EC
- OPENSSL_free(curves);
-#endif
-}
diff --git a/openssl-freefilesync/hobble-openssl b/openssl-freefilesync/hobble-openssl
deleted file mode 100755
index 9a23ca6..0000000
--- a/openssl-freefilesync/hobble-openssl
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/sh
-
-# Quit out if anything fails.
-set -e
-
-# Clean out patent-or-otherwise-encumbered code.
-# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
-# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore
-# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore
-# EC: ????????? ??/??/2020
-# SRP: ????????? ??/??/2017 - expired, we do not remove it anymore
-
-# Remove assembler portions of IDEA, MDC2, and RC5.
-# (find crypto/rc5/asm -type f | xargs -r rm -fv)
-
-for c in `find crypto/bn -name "*gf2m.c"`; do
- echo Destroying $c
- > $c
-done
-
-for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c"`; do
- echo Destroying $c
- > $c
-done
-
-for c in `find test -name "ectest.c"`; do
- echo Destroying $c
- > $c
-done
-
-for h in `find crypto ssl apps test -name "*.h"` ; do
- echo Removing EC2M references from $h
- cat $h | \
- awk 'BEGIN {ech=1;} \
- /^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
- /^#[ \t]*if/ {if(ech < 1) ech--;} \
- {if(ech>0) {;print $0};} \
- /^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
- mv $h.hobbled $h
-done
diff --git a/openssl-freefilesync/make-dummy-cert b/openssl-freefilesync/make-dummy-cert
deleted file mode 100755
index f5f0453..0000000
--- a/openssl-freefilesync/make-dummy-cert
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/sh
-umask 077
-
-answers() {
- echo --
- echo SomeState
- echo SomeCity
- echo SomeOrganization
- echo SomeOrganizationalUnit
- echo localhost.localdomain
- echo root@localhost.localdomain
-}
-
-if [ $# -eq 0 ] ; then
- echo $"Usage: `basename $0` filename [...]"
- exit 0
-fi
-
-for target in $@ ; do
- PEM1=`/bin/mktemp /tmp/openssl.XXXXXX`
- PEM2=`/bin/mktemp /tmp/openssl.XXXXXX`
- trap "rm -f $PEM1 $PEM2" SIGINT
- answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null
- cat $PEM1 > ${target}
- echo "" >> ${target}
- cat $PEM2 >> ${target}
- rm -f $PEM1 $PEM2
-done
diff --git a/openssl-freefilesync/openssl-1.1.0-issuer-hash.patch b/openssl-freefilesync/openssl-1.1.0-issuer-hash.patch
deleted file mode 100644
index 1b824e0..0000000
--- a/openssl-freefilesync/openssl-1.1.0-issuer-hash.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -up openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash openssl-1.1.0-pre5/crypto/x509/x509_cmp.c
---- openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash 2016-07-18 15:16:32.788881100 +0200
-+++ openssl-1.1.0-pre5/crypto/x509/x509_cmp.c 2016-07-18 15:17:16.671871840 +0200
-@@ -87,6 +87,7 @@ unsigned long X509_issuer_and_serial_has
-
- if (ctx == NULL)
- goto err;
-+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
- if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
- goto err;
diff --git a/openssl-freefilesync/openssl-1.1.0-no-html.patch b/openssl-freefilesync/openssl-1.1.0-no-html.patch
deleted file mode 100644
index f6a941e..0000000
--- a/openssl-freefilesync/openssl-1.1.0-no-html.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.nohtml openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl
---- openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.no-html 2016-04-19 16:57:52.000000000 +0200
-+++ openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl 2016-07-18 13:58:55.060106243 +0200
-@@ -288,7 +288,7 @@ install_sw: all install_dev install_engi
-
- uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
-
--install_docs: install_man_docs install_html_docs
-+install_docs: install_man_docs
-
- uninstall_docs: uninstall_man_docs uninstall_html_docs
- $(RM) -r -v $(DESTDIR)$(DOCDIR)
diff --git a/openssl-freefilesync/openssl-1.1.1-apps-dgst.patch b/openssl-freefilesync/openssl-1.1.1-apps-dgst.patch
deleted file mode 100644
index 655b6e2..0000000
--- a/openssl-freefilesync/openssl-1.1.1-apps-dgst.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up openssl-1.1.1b/apps/ca.c.dgst openssl-1.1.1b/apps/ca.c
---- openssl-1.1.1b/apps/ca.c.dgst 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/apps/ca.c 2019-03-15 15:53:46.622267688 +0100
-@@ -169,7 +169,7 @@ const OPTIONS ca_options[] = {
- {"enddate", OPT_ENDDATE, 's',
- "YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
- {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
-- {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
-+ {"md", OPT_MD, 's', "md to use; see openssl help for list"},
- {"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
- {"keyfile", OPT_KEYFILE, 's', "Private key"},
- {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},
diff --git a/openssl-freefilesync/openssl-1.1.1-build.patch b/openssl-freefilesync/openssl-1.1.1-build.patch
deleted file mode 100644
index cfe20f6..0000000
--- a/openssl-freefilesync/openssl-1.1.1-build.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-diff -up openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl
---- openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build 2018-06-20 16:48:09.000000000 +0200
-+++ openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl 2018-07-16 17:15:38.108831031 +0200
-@@ -680,7 +680,7 @@ uninstall_runtime:
- install_man_docs:
- @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
- @$(ECHO) "*** Installing manpages"
-- $(PERL) $(SRCDIR)/util/process_docs.pl \
-+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
- --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX)
-
- uninstall_man_docs:
-@@ -692,7 +692,7 @@ uninstall_man_docs:
- install_html_docs:
- @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
- @$(ECHO) "*** Installing HTML manpages"
-- $(PERL) $(SRCDIR)/util/process_docs.pl \
-+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
- --destdir=$(DESTDIR)$(HTMLDIR) --type=html
-
- uninstall_html_docs:
-diff -up openssl-1.1.1-pre8/Configurations/10-main.conf.build openssl-1.1.1-pre8/Configurations/10-main.conf
---- openssl-1.1.1-pre8/Configurations/10-main.conf.build 2018-06-20 16:48:09.000000000 +0200
-+++ openssl-1.1.1-pre8/Configurations/10-main.conf 2018-07-16 17:17:10.312045203 +0200
-@@ -693,6 +693,7 @@ my %targets = (
- cxxflags => add("-m64"),
- lib_cppflags => add("-DL_ENDIAN"),
- perlasm_scheme => "linux64le",
-+ multilib => "64",
- },
-
- "linux-armv4" => {
-@@ -733,6 +734,7 @@ my %targets = (
- "linux-aarch64" => {
- inherit_from => [ "linux-generic64", asm("aarch64_asm") ],
- perlasm_scheme => "linux64",
-+ multilib => "64",
- },
- "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
- inherit_from => [ "linux-generic32", asm("aarch64_asm") ],
diff --git a/openssl-freefilesync/openssl-1.1.1-conf-paths.patch b/openssl-freefilesync/openssl-1.1.1-conf-paths.patch
deleted file mode 100644
index 819007b..0000000
--- a/openssl-freefilesync/openssl-1.1.1-conf-paths.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-diff -up openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths openssl-1.1.1-pre8/apps/CA.pl.in
---- openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths 2018-06-20 16:48:09.000000000 +0200
-+++ openssl-1.1.1-pre8/apps/CA.pl.in 2018-07-25 17:26:58.388624296 +0200
-@@ -33,7 +33,7 @@ my $X509 = "$openssl x509";
- my $PKCS12 = "$openssl pkcs12";
-
- # default openssl.cnf file has setup as per the following
--my $CATOP = "./demoCA";
-+my $CATOP = "/etc/pki/CA";
- my $CAKEY = "cakey.pem";
- my $CAREQ = "careq.pem";
- my $CACERT = "cacert.pem";
-diff -up openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths openssl-1.1.1-pre8/apps/openssl.cnf
---- openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths 2018-07-25 17:26:58.378624057 +0200
-+++ openssl-1.1.1-pre8/apps/openssl.cnf 2018-07-27 13:20:08.198513471 +0200
-@@ -23,6 +23,22 @@ oid_section = new_oids
- # (Alternatively, use a configuration file that has only
- # X.509v3 extensions in its main [= default] section.)
-
-+# Load default TLS policy configuration
-+
-+openssl_conf = default_modules
-+
-+[ default_modules ]
-+
-+ssl_conf = ssl_module
-+
-+[ ssl_module ]
-+
-+system_default = crypto_policy
-+
-+[ crypto_policy ]
-+
-+.include = /etc/crypto-policies/back-ends/opensslcnf.config
-+
- [ new_oids ]
-
- # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
-@@ -43,7 +59,7 @@ default_ca = CA_default # The default c
- ####################################################################
- [ CA_default ]
-
--dir = ./demoCA # Where everything is kept
-+dir = /etc/pki/CA # Where everything is kept
- certs = $dir/certs # Where the issued certs are kept
- crl_dir = $dir/crl # Where the issued crl are kept
- database = $dir/index.txt # database index file.
-@@ -329,7 +345,7 @@ default_tsa = tsa_config1 # the default
- [ tsa_config1 ]
-
- # These are used by the TSA reply generation only.
--dir = ./demoCA # TSA root directory
-+dir = /etc/pki/CA # TSA root directory
- serial = $dir/tsaserial # The current serial number (mandatory)
- crypto_device = builtin # OpenSSL engine to use for signing
- signer_cert = $dir/tsacert.pem # The TSA signing certificate
diff --git a/openssl-freefilesync/openssl-1.1.1-defaults.patch b/openssl-freefilesync/openssl-1.1.1-defaults.patch
deleted file mode 100644
index 291ed88..0000000
--- a/openssl-freefilesync/openssl-1.1.1-defaults.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cnf
---- openssl-1.1.1a/apps/openssl.cnf.defaults 2018-11-20 14:35:37.000000000 +0100
-+++ openssl-1.1.1a/apps/openssl.cnf 2019-01-15 13:56:50.841719776 +0100
-@@ -74,7 +74,7 @@ cert_opt = ca_default # Certificate fi
-
- default_days = 365 # how long to certify for
- default_crl_days= 30 # how long before next CRL
--default_md = default # use public key default MD
-+default_md = sha256 # use SHA-256 by default
- preserve = no # keep passed DN ordering
-
- # A few difference way of specifying how similar the request should look
-@@ -106,6 +106,7 @@ emailAddress = optional
- ####################################################################
- [ req ]
- default_bits = 2048
-+default_md = sha256
- default_keyfile = privkey.pem
- distinguished_name = req_distinguished_name
- attributes = req_attributes
-@@ -128,17 +129,18 @@ string_mask = utf8only
-
- [ req_distinguished_name ]
- countryName = Country Name (2 letter code)
--countryName_default = AU
-+countryName_default = XX
- countryName_min = 2
- countryName_max = 2
-
- stateOrProvinceName = State or Province Name (full name)
--stateOrProvinceName_default = Some-State
-+#stateOrProvinceName_default = Default Province
-
- localityName = Locality Name (eg, city)
-+localityName_default = Default City
-
- 0.organizationName = Organization Name (eg, company)
--0.organizationName_default = Internet Widgits Pty Ltd
-+0.organizationName_default = Default Company Ltd
-
- # we can do this but it is not needed normally :-)
- #1.organizationName = Second Organization Name (eg, company)
-@@ -147,7 +149,7 @@ localityName = Locality Name (eg, city
- organizationalUnitName = Organizational Unit Name (eg, section)
- #organizationalUnitName_default =
-
--commonName = Common Name (e.g. server FQDN or YOUR name)
-+commonName = Common Name (eg, your name or your server\'s hostname)
- commonName_max = 64
-
- emailAddress = Email Address
diff --git a/openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch b/openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch
deleted file mode 100644
index fdec0a8..0000000
--- a/openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-diff -up openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_client.c
---- openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200
-+++ openssl-1.1.1-pre8/apps/s_client.c 2018-07-16 18:16:40.070186323 +0200
-@@ -1681,6 +1681,9 @@ int s_client_main(int argc, char **argv)
- if (sdebug)
- ssl_ctx_security_debug(ctx, sdebug);
-
-+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
-+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
-+
- if (!config_ctx(cctx, ssl_args, ctx))
- goto end;
-
-diff -up openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_server.c
---- openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200
-+++ openssl-1.1.1-pre8/apps/s_server.c 2018-07-16 18:17:17.300055551 +0200
-@@ -1760,6 +1760,9 @@ int s_server_main(int argc, char *argv[]
- if (sdebug)
- ssl_ctx_security_debug(ctx, sdebug);
-
-+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
-+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
-+
- if (!config_ctx(cctx, ssl_args, ctx))
- goto end;
-
-diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.1-pre8/ssl/ssl_lib.c
---- openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 2018-06-20 16:48:13.000000000 +0200
-+++ openssl-1.1.1-pre8/ssl/ssl_lib.c 2018-07-16 18:08:20.001487652 +0200
-@@ -3016,6 +3016,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
- */
- ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
-
-+ if (meth->version != SSL3_VERSION) {
-+ /*
-+ * Disable SSLv3 by default. Applications can
-+ * re-enable it by configuring
-+ * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
-+ * or by using the SSL_CONF API.
-+ */
-+ ret->options |= SSL_OP_NO_SSLv3;
-+ }
-+
- ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
-
- /*
-diff -up openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 openssl-1.1.1-pre8/test/ssl_test.c
---- openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200
-+++ openssl-1.1.1-pre8/test/ssl_test.c 2018-07-16 18:18:34.806865121 +0200
-@@ -443,6 +443,7 @@ static int test_handshake(int idx)
- SSL_TEST_SERVERNAME_CB_NONE) {
- if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
- goto err;
-+ SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3);
- if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,
- TLS_MAX_VERSION)))
- goto err;
-@@ -464,6 +465,8 @@ static int test_handshake(int idx)
- if (!TEST_ptr(resume_server_ctx)
- || !TEST_ptr(resume_client_ctx))
- goto err;
-+ SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3);
-+ SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3);
- }
- }
-
-@@ -477,6 +480,9 @@ static int test_handshake(int idx)
- || !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0))
- goto err;
-
-+ SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3);
-+ SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3);
-+
- if (!SSL_CTX_config(server_ctx, "server")
- || !SSL_CTX_config(client_ctx, "client")) {
- goto err;
-diff -up openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 openssl-1.1.1-pre8/test/ssltest_old.c
---- openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200
-+++ openssl-1.1.1-pre8/test/ssltest_old.c 2018-07-16 18:08:20.002487676 +0200
-@@ -1358,6 +1358,11 @@ int main(int argc, char *argv[])
- ERR_print_errors(bio_err);
- goto end;
- }
-+
-+ SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3);
-+ SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3);
-+ SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3);
-+
- /*
- * Since we will use low security ciphersuites and keys for testing set
- * security level to zero by default. Tests can override this by adding
diff --git a/openssl-freefilesync/openssl-1.1.1-ec-curves.patch b/openssl-freefilesync/openssl-1.1.1-ec-curves.patch
deleted file mode 100644
index a83a331..0000000
--- a/openssl-freefilesync/openssl-1.1.1-ec-curves.patch
+++ /dev/null
@@ -1,210 +0,0 @@
-diff -up openssl-1.1.1c/apps/speed.c.curves openssl-1.1.1c/apps/speed.c
---- openssl-1.1.1c/apps/speed.c.curves 2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/apps/speed.c 2019-05-29 15:36:53.332224470 +0200
-@@ -490,90 +490,30 @@ static double rsa_results[RSA_NUM][2];
- #endif /* OPENSSL_NO_RSA */
-
- enum {
-- R_EC_P160,
-- R_EC_P192,
- R_EC_P224,
- R_EC_P256,
- R_EC_P384,
- R_EC_P521,
--#ifndef OPENSSL_NO_EC2M
-- R_EC_K163,
-- R_EC_K233,
-- R_EC_K283,
-- R_EC_K409,
-- R_EC_K571,
-- R_EC_B163,
-- R_EC_B233,
-- R_EC_B283,
-- R_EC_B409,
-- R_EC_B571,
--#endif
-- R_EC_BRP256R1,
-- R_EC_BRP256T1,
-- R_EC_BRP384R1,
-- R_EC_BRP384T1,
-- R_EC_BRP512R1,
-- R_EC_BRP512T1,
- R_EC_X25519,
- R_EC_X448
- };
-
- #ifndef OPENSSL_NO_EC
- static OPT_PAIR ecdsa_choices[] = {
-- {"ecdsap160", R_EC_P160},
-- {"ecdsap192", R_EC_P192},
- {"ecdsap224", R_EC_P224},
- {"ecdsap256", R_EC_P256},
- {"ecdsap384", R_EC_P384},
- {"ecdsap521", R_EC_P521},
--# ifndef OPENSSL_NO_EC2M
-- {"ecdsak163", R_EC_K163},
-- {"ecdsak233", R_EC_K233},
-- {"ecdsak283", R_EC_K283},
-- {"ecdsak409", R_EC_K409},
-- {"ecdsak571", R_EC_K571},
-- {"ecdsab163", R_EC_B163},
-- {"ecdsab233", R_EC_B233},
-- {"ecdsab283", R_EC_B283},
-- {"ecdsab409", R_EC_B409},
-- {"ecdsab571", R_EC_B571},
--# endif
-- {"ecdsabrp256r1", R_EC_BRP256R1},
-- {"ecdsabrp256t1", R_EC_BRP256T1},
-- {"ecdsabrp384r1", R_EC_BRP384R1},
-- {"ecdsabrp384t1", R_EC_BRP384T1},
-- {"ecdsabrp512r1", R_EC_BRP512R1},
-- {"ecdsabrp512t1", R_EC_BRP512T1}
- };
- # define ECDSA_NUM OSSL_NELEM(ecdsa_choices)
-
- static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
-
- static const OPT_PAIR ecdh_choices[] = {
-- {"ecdhp160", R_EC_P160},
-- {"ecdhp192", R_EC_P192},
- {"ecdhp224", R_EC_P224},
- {"ecdhp256", R_EC_P256},
- {"ecdhp384", R_EC_P384},
- {"ecdhp521", R_EC_P521},
--# ifndef OPENSSL_NO_EC2M
-- {"ecdhk163", R_EC_K163},
-- {"ecdhk233", R_EC_K233},
-- {"ecdhk283", R_EC_K283},
-- {"ecdhk409", R_EC_K409},
-- {"ecdhk571", R_EC_K571},
-- {"ecdhb163", R_EC_B163},
-- {"ecdhb233", R_EC_B233},
-- {"ecdhb283", R_EC_B283},
-- {"ecdhb409", R_EC_B409},
-- {"ecdhb571", R_EC_B571},
--# endif
-- {"ecdhbrp256r1", R_EC_BRP256R1},
-- {"ecdhbrp256t1", R_EC_BRP256T1},
-- {"ecdhbrp384r1", R_EC_BRP384R1},
-- {"ecdhbrp384t1", R_EC_BRP384T1},
-- {"ecdhbrp512r1", R_EC_BRP512R1},
-- {"ecdhbrp512t1", R_EC_BRP512T1},
- {"ecdhx25519", R_EC_X25519},
- {"ecdhx448", R_EC_X448}
- };
-@@ -1504,31 +1444,10 @@ int speed_main(int argc, char **argv)
- unsigned int bits;
- } test_curves[] = {
- /* Prime Curves */
-- {"secp160r1", NID_secp160r1, 160},
-- {"nistp192", NID_X9_62_prime192v1, 192},
- {"nistp224", NID_secp224r1, 224},
- {"nistp256", NID_X9_62_prime256v1, 256},
- {"nistp384", NID_secp384r1, 384},
- {"nistp521", NID_secp521r1, 521},
--# ifndef OPENSSL_NO_EC2M
-- /* Binary Curves */
-- {"nistk163", NID_sect163k1, 163},
-- {"nistk233", NID_sect233k1, 233},
-- {"nistk283", NID_sect283k1, 283},
-- {"nistk409", NID_sect409k1, 409},
-- {"nistk571", NID_sect571k1, 571},
-- {"nistb163", NID_sect163r2, 163},
-- {"nistb233", NID_sect233r1, 233},
-- {"nistb283", NID_sect283r1, 283},
-- {"nistb409", NID_sect409r1, 409},
-- {"nistb571", NID_sect571r1, 571},
--# endif
-- {"brainpoolP256r1", NID_brainpoolP256r1, 256},
-- {"brainpoolP256t1", NID_brainpoolP256t1, 256},
-- {"brainpoolP384r1", NID_brainpoolP384r1, 384},
-- {"brainpoolP384t1", NID_brainpoolP384t1, 384},
-- {"brainpoolP512r1", NID_brainpoolP512r1, 512},
-- {"brainpoolP512t1", NID_brainpoolP512t1, 512},
- /* Other and ECDH only ones */
- {"X25519", NID_X25519, 253},
- {"X448", NID_X448, 448}
-@@ -2028,9 +1947,9 @@ int speed_main(int argc, char **argv)
- # endif
-
- # ifndef OPENSSL_NO_EC
-- ecdsa_c[R_EC_P160][0] = count / 1000;
-- ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
-- for (i = R_EC_P192; i <= R_EC_P521; i++) {
-+ ecdsa_c[R_EC_P224][0] = count / 1000;
-+ ecdsa_c[R_EC_P224][1] = count / 1000 / 2;
-+ for (i = R_EC_P256; i <= R_EC_P521; i++) {
- ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
- ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
- if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
-@@ -2042,7 +1961,7 @@ int speed_main(int argc, char **argv)
- }
- }
- }
--# ifndef OPENSSL_NO_EC2M
-+# if 0
- ecdsa_c[R_EC_K163][0] = count / 1000;
- ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
- for (i = R_EC_K233; i <= R_EC_K571; i++) {
-@@ -2073,8 +1992,8 @@ int speed_main(int argc, char **argv)
- }
- # endif
-
-- ecdh_c[R_EC_P160][0] = count / 1000;
-- for (i = R_EC_P192; i <= R_EC_P521; i++) {
-+ ecdh_c[R_EC_P224][0] = count / 1000;
-+ for (i = R_EC_P256; i <= R_EC_P521; i++) {
- ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
- if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
- ecdh_doit[i] = 0;
-@@ -2084,7 +2003,7 @@ int speed_main(int argc, char **argv)
- }
- }
- }
--# ifndef OPENSSL_NO_EC2M
-+# if 0
- ecdh_c[R_EC_K163][0] = count / 1000;
- for (i = R_EC_K233; i <= R_EC_K571; i++) {
- ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
-diff -up openssl-1.1.1c/crypto/ec/ecp_smpl.c.curves openssl-1.1.1c/crypto/ec/ecp_smpl.c
---- openssl-1.1.1c/crypto/ec/ecp_smpl.c.curves 2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/crypto/ec/ecp_smpl.c 2019-05-29 15:30:09.071349520 +0200
-@@ -145,6 +145,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
- return 0;
- }
-
-+ if (BN_num_bits(p) < 224) {
-+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
-+ return 0;
-+ }
-+
- if (ctx == NULL) {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
-diff -up openssl-1.1.1c/test/ecdsatest.h.curves openssl-1.1.1c/test/ecdsatest.h
---- openssl-1.1.1c/test/ecdsatest.h.curves 2019-05-29 15:30:09.010350595 +0200
-+++ openssl-1.1.1c/test/ecdsatest.h 2019-05-29 15:41:24.586444294 +0200
-@@ -32,23 +32,6 @@ typedef struct {
- } ecdsa_cavs_kat_t;
-
- static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
-- /* prime KATs from X9.62 */
-- {NID_X9_62_prime192v1, NID_sha1,
-- "616263", /* "abc" */
-- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
-- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
-- "5ca5c0d69716dfcb3474373902",
-- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
-- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
-- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
-- {NID_X9_62_prime239v1, NID_sha1,
-- "616263", /* "abc" */
-- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
-- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
-- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
-- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
-- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
-- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
- /* prime KATs from NIST CAVP */
- {NID_secp224r1, NID_sha224,
- "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
diff --git a/openssl-freefilesync/openssl-1.1.1-evp-kdf.patch b/openssl-freefilesync/openssl-1.1.1-evp-kdf.patch
deleted file mode 100644
index 6a73a61..0000000
--- a/openssl-freefilesync/openssl-1.1.1-evp-kdf.patch
+++ /dev/null
@@ -1,5262 +0,0 @@
-diff -up openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf openssl-1.1.1b/crypto/err/openssl.txt
---- openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/err/openssl.txt 2019-02-28 13:05:05.651521474 +0100
-@@ -743,6 +743,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn
- EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate
- EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex
- EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate
-+EVP_F_EVP_KDF_CTRL:224:EVP_KDF_ctrl
-+EVP_F_EVP_KDF_CTRL_STR:225:EVP_KDF_ctrl_str
-+EVP_F_EVP_KDF_CTX_NEW_ID:226:EVP_KDF_CTX_new_id
- EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex
- EVP_F_EVP_MD_SIZE:162:EVP_MD_size
- EVP_F_EVP_OPENINIT:102:EVP_OpenInit
-@@ -805,11 +808,30 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k
- EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen
- EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen
- EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen
-+EVP_F_PKEY_KDF_CTRL:227:pkey_kdf_ctrl
- EVP_F_PKEY_SET_TYPE:158:pkey_set_type
- EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth
- EVP_F_RC5_CTRL:125:rc5_ctrl
- EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_gcm_ctrl
-+EVP_F_SCRYPT_ALG:228:scrypt_alg
- EVP_F_UPDATE:173:update
-+KDF_F_HKDF_EXTRACT:112:HKDF_Extract
-+KDF_F_KDF_HKDF_DERIVE:113:kdf_hkdf_derive
-+KDF_F_KDF_HKDF_NEW:114:kdf_hkdf_new
-+KDF_F_KDF_HKDF_SIZE:115:kdf_hkdf_size
-+KDF_F_KDF_MD2CTRL:116:kdf_md2ctrl
-+KDF_F_KDF_PBKDF2_CTRL_STR:117:kdf_pbkdf2_ctrl_str
-+KDF_F_KDF_PBKDF2_DERIVE:118:kdf_pbkdf2_derive
-+KDF_F_KDF_PBKDF2_NEW:119:kdf_pbkdf2_new
-+KDF_F_KDF_SCRYPT_CTRL_STR:120:kdf_scrypt_ctrl_str
-+KDF_F_KDF_SCRYPT_CTRL_UINT32:121:kdf_scrypt_ctrl_uint32
-+KDF_F_KDF_SCRYPT_CTRL_UINT64:122:kdf_scrypt_ctrl_uint64
-+KDF_F_KDF_SCRYPT_DERIVE:123:kdf_scrypt_derive
-+KDF_F_KDF_SCRYPT_NEW:124:kdf_scrypt_new
-+KDF_F_KDF_TLS1_PRF_CTRL_STR:125:kdf_tls1_prf_ctrl_str
-+KDF_F_KDF_TLS1_PRF_DERIVE:126:kdf_tls1_prf_derive
-+KDF_F_KDF_TLS1_PRF_NEW:127:kdf_tls1_prf_new
-+KDF_F_PBKDF2_SET_MEMBUF:128:pbkdf2_set_membuf
- KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str
- KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive
- KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init
-@@ -821,6 +843,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc
- KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str
- KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive
- KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init
-+KDF_F_SCRYPT_SET_MEMBUF:129:scrypt_set_membuf
- KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg
- OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
- OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid
-@@ -2264,6 +2287,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on
- EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
- operation not supported for this keytype
- EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
-+EVP_R_PARAMETER_TOO_LARGE:187:parameter too large
- EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
- EVP_R_PBKDF2_ERROR:181:pbkdf2 error
- EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
-@@ -2299,6 +2323,7 @@ KDF_R_MISSING_SEED:106:missing seed
- KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
- KDF_R_VALUE_ERROR:108:value error
- KDF_R_VALUE_MISSING:102:value missing
-+KDF_R_WRONG_OUTPUT_BUFFER_SIZE:112:wrong output buffer size
- OBJ_R_OID_EXISTS:102:oid exists
- OBJ_R_UNKNOWN_NID:101:unknown nid
- OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error
-diff -up openssl-1.1.1b/crypto/evp/build.info.evp-kdf openssl-1.1.1b/crypto/evp/build.info
---- openssl-1.1.1b/crypto/evp/build.info.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/evp/build.info 2019-02-28 13:05:05.651521474 +0100
-@@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\
- p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
- bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
- c_allc.c c_alld.c evp_lib.c bio_ok.c \
-- evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \
-+ evp_pkey.c kdf_lib.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \
-+ pkey_kdf.c \
- e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
- e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
- e_chacha20_poly1305.c cmeth_lib.c
-diff -up openssl-1.1.1b/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1b/crypto/evp/e_chacha20_poly1305.c
---- openssl-1.1.1b/crypto/evp/e_chacha20_poly1305.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/evp/e_chacha20_poly1305.c 2019-02-28 13:05:05.651521474 +0100
-@@ -14,8 +14,8 @@
-
- # include <openssl/evp.h>
- # include <openssl/objects.h>
--# include "evp_locl.h"
- # include "internal/evp_int.h"
-+# include "evp_locl.h"
- # include "internal/chacha.h"
-
- typedef struct {
-diff -up openssl-1.1.1b/crypto/evp/encode.c.evp-kdf openssl-1.1.1b/crypto/evp/encode.c
---- openssl-1.1.1b/crypto/evp/encode.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/evp/encode.c 2019-02-28 13:05:05.651521474 +0100
-@@ -11,8 +11,8 @@
- #include <limits.h>
- #include "internal/cryptlib.h"
- #include <openssl/evp.h>
--#include "evp_locl.h"
- #include "internal/evp_int.h"
-+#include "evp_locl.h"
-
- static unsigned char conv_ascii2bin(unsigned char a,
- const unsigned char *table);
-diff -up openssl-1.1.1b/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1b/crypto/evp/evp_err.c
---- openssl-1.1.1b/crypto/evp/evp_err.c.evp-kdf 2019-02-28 13:05:05.617522103 +0100
-+++ openssl-1.1.1b/crypto/evp/evp_err.c 2019-02-28 13:05:05.651521474 +0100
-@@ -1,6 +1,6 @@
- /*
- * Generated by util/mkerr.pl DO NOT EDIT
-- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
-@@ -56,6 +56,9 @@ static const ERR_STRING_DATA EVP_str_fun
- {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),
- "EVP_EncryptFinal_ex"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTUPDATE, 0), "EVP_EncryptUpdate"},
-+ {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_KDF_CTRL, 0), "EVP_KDF_ctrl"},
-+ {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_KDF_CTRL_STR, 0), "EVP_KDF_ctrl_str"},
-+ {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_KDF_CTX_NEW_ID, 0), "EVP_KDF_CTX_new_id"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_CTX_COPY_EX, 0), "EVP_MD_CTX_copy_ex"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_SIZE, 0), "EVP_MD_size"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_OPENINIT, 0), "EVP_OpenInit"},
-@@ -147,10 +150,12 @@ static const ERR_STRING_DATA EVP_str_fun
- "PKCS5_v2_PBKDF2_keyivgen"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, 0),
- "PKCS5_v2_scrypt_keyivgen"},
-+ {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_KDF_CTRL, 0), "pkey_kdf_ctrl"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"},
-+ {ERR_PACK(ERR_LIB_EVP, EVP_F_SCRYPT_ALG, 0), "scrypt_alg"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"},
- {0, NULL}
- };
-@@ -233,6 +238,8 @@ static const ERR_STRING_DATA EVP_str_rea
- "operation not supported for this keytype"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
- "operaton not initialized"},
-+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARAMETER_TOO_LARGE),
-+ "parameter too large"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
- "partially overlapping buffers"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
-diff -up openssl-1.1.1b/crypto/evp/evp_locl.h.evp-kdf openssl-1.1.1b/crypto/evp/evp_locl.h
---- openssl-1.1.1b/crypto/evp/evp_locl.h.evp-kdf 2019-02-28 13:05:05.253528831 +0100
-+++ openssl-1.1.1b/crypto/evp/evp_locl.h 2019-02-28 13:05:05.652521456 +0100
-@@ -41,6 +41,11 @@ struct evp_cipher_ctx_st {
- unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
- } /* EVP_CIPHER_CTX */ ;
-
-+struct evp_kdf_ctx_st {
-+ const EVP_KDF_METHOD *kmeth;
-+ EVP_KDF_IMPL *impl; /* Algorithm-specific data */
-+} /* EVP_KDF_CTX */ ;
-+
- int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
- int passlen, ASN1_TYPE *param,
- const EVP_CIPHER *c, const EVP_MD *md,
-diff -up openssl-1.1.1b/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1b/crypto/evp/evp_pbe.c
---- openssl-1.1.1b/crypto/evp/evp_pbe.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/evp/evp_pbe.c 2019-02-28 13:05:05.652521456 +0100
-@@ -12,6 +12,7 @@
- #include <openssl/evp.h>
- #include <openssl/pkcs12.h>
- #include <openssl/x509.h>
-+#include "internal/evp_int.h"
- #include "evp_locl.h"
-
- /* Password based encryption (PBE) functions */
-diff -up openssl-1.1.1b/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1b/crypto/evp/kdf_lib.c
---- openssl-1.1.1b/crypto/evp/kdf_lib.c.evp-kdf 2019-02-28 13:05:05.652521456 +0100
-+++ openssl-1.1.1b/crypto/evp/kdf_lib.c 2019-02-28 13:05:05.652521456 +0100
-@@ -0,0 +1,165 @@
-+/*
-+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include "internal/cryptlib.h"
-+#include <openssl/engine.h>
-+#include <openssl/evp.h>
-+#include <openssl/x509v3.h>
-+#include <openssl/kdf.h>
-+#include "internal/asn1_int.h"
-+#include "internal/evp_int.h"
-+#include "internal/numbers.h"
-+#include "evp_locl.h"
-+
-+typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
-+
-+/* This array needs to be in order of NIDs */
-+static const EVP_KDF_METHOD *standard_methods[] = {
-+ &pbkdf2_kdf_meth,
-+#ifndef OPENSSL_NO_SCRYPT
-+ &scrypt_kdf_meth,
-+#endif
-+ &tls1_prf_kdf_meth,
-+ &hkdf_kdf_meth
-+};
-+
-+DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *,
-+ kmeth);
-+
-+static int kmeth_cmp(const EVP_KDF_METHOD *const *a,
-+ const EVP_KDF_METHOD *const *b)
-+{
-+ return ((*a)->type - (*b)->type);
-+}
-+
-+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *,
-+ kmeth);
-+
-+static const EVP_KDF_METHOD *kdf_meth_find(int type)
-+{
-+ EVP_KDF_METHOD tmp;
-+ const EVP_KDF_METHOD *t = &tmp, **ret;
-+
-+ tmp.type = type;
-+ ret = OBJ_bsearch_kmeth(&t, standard_methods,
-+ OSSL_NELEM(standard_methods));
-+ if (ret == NULL || *ret == NULL)
-+ return NULL;
-+
-+ return *ret;
-+}
-+
-+EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id)
-+{
-+ EVP_KDF_CTX *ret;
-+ const EVP_KDF_METHOD *kmeth;
-+
-+ kmeth = kdf_meth_find(id);
-+ if (kmeth == NULL) {
-+ EVPerr(EVP_F_EVP_KDF_CTX_NEW_ID, EVP_R_UNSUPPORTED_ALGORITHM);
-+ return NULL;
-+ }
-+
-+ ret = OPENSSL_zalloc(sizeof(*ret));
-+ if (ret == NULL) {
-+ EVPerr(EVP_F_EVP_KDF_CTX_NEW_ID, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
-+
-+ if (kmeth->new != NULL && (ret->impl = kmeth->new()) == NULL) {
-+ EVP_KDF_CTX_free(ret);
-+ return NULL;
-+ }
-+
-+ ret->kmeth = kmeth;
-+ return ret;
-+}
-+
-+void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx)
-+{
-+ if (ctx == NULL)
-+ return;
-+
-+ ctx->kmeth->free(ctx->impl);
-+ OPENSSL_free(ctx);
-+}
-+
-+void EVP_KDF_reset(EVP_KDF_CTX *ctx)
-+{
-+ if (ctx == NULL)
-+ return;
-+
-+ if (ctx->kmeth->reset != NULL)
-+ ctx->kmeth->reset(ctx->impl);
-+}
-+
-+int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...)
-+{
-+ int ret;
-+ va_list args;
-+
-+ va_start(args, cmd);
-+ ret = EVP_KDF_vctrl(ctx, cmd, args);
-+ va_end(args);
-+
-+ if (ret == -2)
-+ EVPerr(EVP_F_EVP_KDF_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
-+
-+ return ret;
-+}
-+
-+int EVP_KDF_vctrl(EVP_KDF_CTX *ctx, int cmd, va_list args)
-+{
-+ if (ctx == NULL)
-+ return 0;
-+
-+ return ctx->kmeth->ctrl(ctx->impl, cmd, args);
-+}
-+
-+int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value)
-+{
-+ int ret;
-+
-+ if (ctx == NULL)
-+ return 0;
-+
-+ if (ctx->kmeth->ctrl_str == NULL) {
-+ EVPerr(EVP_F_EVP_KDF_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED);
-+ return -2;
-+ }
-+
-+ ret = ctx->kmeth->ctrl_str(ctx->impl, type, value);
-+ if (ret == -2)
-+ EVPerr(EVP_F_EVP_KDF_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED);
-+
-+ return ret;
-+}
-+
-+size_t EVP_KDF_size(EVP_KDF_CTX *ctx)
-+{
-+ if (ctx == NULL)
-+ return 0;
-+
-+ if (ctx->kmeth->size == NULL)
-+ return SIZE_MAX;
-+
-+ return ctx->kmeth->size(ctx->impl);
-+}
-+
-+int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen)
-+{
-+ if (ctx == NULL)
-+ return 0;
-+
-+ return ctx->kmeth->derive(ctx->impl, key, keylen);
-+}
-+
-diff -up openssl-1.1.1b/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1b/crypto/evp/p5_crpt2.c
---- openssl-1.1.1b/crypto/evp/p5_crpt2.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/evp/p5_crpt2.c 2019-02-28 13:05:05.652521456 +0100
-@@ -1,5 +1,5 @@
- /*
-- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
-@@ -10,105 +10,51 @@
- #include <stdio.h>
- #include <stdlib.h>
- #include "internal/cryptlib.h"
--# include <openssl/x509.h>
--# include <openssl/evp.h>
--# include <openssl/hmac.h>
--# include "evp_locl.h"
-+#include <openssl/x509.h>
-+#include <openssl/evp.h>
-+#include <openssl/kdf.h>
-+#include <openssl/hmac.h>
-+#include "internal/evp_int.h"
-+#include "evp_locl.h"
-
- /* set this to print out info about the keygen algorithm */
- /* #define OPENSSL_DEBUG_PKCS5V2 */
-
--# ifdef OPENSSL_DEBUG_PKCS5V2
-+#ifdef OPENSSL_DEBUG_PKCS5V2
- static void h__dump(const unsigned char *p, int len);
--# endif
--
--/*
-- * This is an implementation of PKCS#5 v2.0 password based encryption key
-- * derivation function PBKDF2. SHA1 version verified against test vectors
-- * posted by Peter Gutmann to the PKCS-TNG mailing list.
-- */
-+#endif
-
- int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
- const unsigned char *salt, int saltlen, int iter,
- const EVP_MD *digest, int keylen, unsigned char *out)
- {
- const char *empty = "";
-- unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
-- int cplen, j, k, tkeylen, mdlen;
-- unsigned long i = 1;
-- HMAC_CTX *hctx_tpl = NULL, *hctx = NULL;
--
-- mdlen = EVP_MD_size(digest);
-- if (mdlen < 0)
-- return 0;
-+ int rv = 1;
-+ EVP_KDF_CTX *kctx;
-
-- hctx_tpl = HMAC_CTX_new();
-- if (hctx_tpl == NULL)
-- return 0;
-- p = out;
-- tkeylen = keylen;
-+ /* Keep documented behaviour. */
- if (pass == NULL) {
- pass = empty;
- passlen = 0;
- } else if (passlen == -1) {
- passlen = strlen(pass);
- }
-- if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) {
-- HMAC_CTX_free(hctx_tpl);
-- return 0;
-- }
-- hctx = HMAC_CTX_new();
-- if (hctx == NULL) {
-- HMAC_CTX_free(hctx_tpl);
-+ if (salt == NULL && saltlen == 0)
-+ salt = (unsigned char *)empty;
-+
-+ kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2);
-+ if (kctx == NULL)
- return 0;
-- }
-- while (tkeylen) {
-- if (tkeylen > mdlen)
-- cplen = mdlen;
-- else
-- cplen = tkeylen;
-- /*
-- * We are unlikely to ever use more than 256 blocks (5120 bits!) but
-- * just in case...
-- */
-- itmp[0] = (unsigned char)((i >> 24) & 0xff);
-- itmp[1] = (unsigned char)((i >> 16) & 0xff);
-- itmp[2] = (unsigned char)((i >> 8) & 0xff);
-- itmp[3] = (unsigned char)(i & 0xff);
-- if (!HMAC_CTX_copy(hctx, hctx_tpl)) {
-- HMAC_CTX_free(hctx);
-- HMAC_CTX_free(hctx_tpl);
-- return 0;
-- }
-- if (!HMAC_Update(hctx, salt, saltlen)
-- || !HMAC_Update(hctx, itmp, 4)
-- || !HMAC_Final(hctx, digtmp, NULL)) {
-- HMAC_CTX_free(hctx);
-- HMAC_CTX_free(hctx_tpl);
-- return 0;
-- }
-- memcpy(p, digtmp, cplen);
-- for (j = 1; j < iter; j++) {
-- if (!HMAC_CTX_copy(hctx, hctx_tpl)) {
-- HMAC_CTX_free(hctx);
-- HMAC_CTX_free(hctx_tpl);
-- return 0;
-- }
-- if (!HMAC_Update(hctx, digtmp, mdlen)
-- || !HMAC_Final(hctx, digtmp, NULL)) {
-- HMAC_CTX_free(hctx);
-- HMAC_CTX_free(hctx_tpl);
-- return 0;
-- }
-- for (k = 0; k < cplen; k++)
-- p[k] ^= digtmp[k];
-- }
-- tkeylen -= cplen;
-- i++;
-- p += cplen;
-- }
-- HMAC_CTX_free(hctx);
-- HMAC_CTX_free(hctx_tpl);
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, pass, (size_t)passlen) != 1
-+ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
-+ salt, (size_t)saltlen) != 1
-+ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, iter) != 1
-+ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, digest) != 1
-+ || EVP_KDF_derive(kctx, out, keylen) != 1)
-+ rv = 0;
-+
-+ EVP_KDF_CTX_free(kctx);
-+
- # ifdef OPENSSL_DEBUG_PKCS5V2
- fprintf(stderr, "Password:\n");
- h__dump(pass, passlen);
-@@ -118,7 +64,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass,
- fprintf(stderr, "Key:\n");
- h__dump(out, keylen);
- # endif
-- return 1;
-+ return rv;
- }
-
- int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
-diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/evp/pbe_scrypt.c
---- openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/evp/pbe_scrypt.c 2019-02-28 13:33:18.446264056 +0100
-@@ -7,135 +7,12 @@
- * https://www.openssl.org/source/license.html
- */
-
--#include <stddef.h>
--#include <stdio.h>
--#include <string.h>
- #include <openssl/evp.h>
- #include <openssl/err.h>
--#include "internal/numbers.h"
-+#include <openssl/kdf.h>
-
- #ifndef OPENSSL_NO_SCRYPT
-
--#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
--static void salsa208_word_specification(uint32_t inout[16])
--{
-- int i;
-- uint32_t x[16];
-- memcpy(x, inout, sizeof(x));
-- for (i = 8; i > 0; i -= 2) {
-- x[4] ^= R(x[0] + x[12], 7);
-- x[8] ^= R(x[4] + x[0], 9);
-- x[12] ^= R(x[8] + x[4], 13);
-- x[0] ^= R(x[12] + x[8], 18);
-- x[9] ^= R(x[5] + x[1], 7);
-- x[13] ^= R(x[9] + x[5], 9);
-- x[1] ^= R(x[13] + x[9], 13);
-- x[5] ^= R(x[1] + x[13], 18);
-- x[14] ^= R(x[10] + x[6], 7);
-- x[2] ^= R(x[14] + x[10], 9);
-- x[6] ^= R(x[2] + x[14], 13);
-- x[10] ^= R(x[6] + x[2], 18);
-- x[3] ^= R(x[15] + x[11], 7);
-- x[7] ^= R(x[3] + x[15], 9);
-- x[11] ^= R(x[7] + x[3], 13);
-- x[15] ^= R(x[11] + x[7], 18);
-- x[1] ^= R(x[0] + x[3], 7);
-- x[2] ^= R(x[1] + x[0], 9);
-- x[3] ^= R(x[2] + x[1], 13);
-- x[0] ^= R(x[3] + x[2], 18);
-- x[6] ^= R(x[5] + x[4], 7);
-- x[7] ^= R(x[6] + x[5], 9);
-- x[4] ^= R(x[7] + x[6], 13);
-- x[5] ^= R(x[4] + x[7], 18);
-- x[11] ^= R(x[10] + x[9], 7);
-- x[8] ^= R(x[11] + x[10], 9);
-- x[9] ^= R(x[8] + x[11], 13);
-- x[10] ^= R(x[9] + x[8], 18);
-- x[12] ^= R(x[15] + x[14], 7);
-- x[13] ^= R(x[12] + x[15], 9);
-- x[14] ^= R(x[13] + x[12], 13);
-- x[15] ^= R(x[14] + x[13], 18);
-- }
-- for (i = 0; i < 16; ++i)
-- inout[i] += x[i];
-- OPENSSL_cleanse(x, sizeof(x));
--}
--
--static void scryptBlockMix(uint32_t *B_, uint32_t *B, uint64_t r)
--{
-- uint64_t i, j;
-- uint32_t X[16], *pB;
--
-- memcpy(X, B + (r * 2 - 1) * 16, sizeof(X));
-- pB = B;
-- for (i = 0; i < r * 2; i++) {
-- for (j = 0; j < 16; j++)
-- X[j] ^= *pB++;
-- salsa208_word_specification(X);
-- memcpy(B_ + (i / 2 + (i & 1) * r) * 16, X, sizeof(X));
-- }
-- OPENSSL_cleanse(X, sizeof(X));
--}
--
--static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N,
-- uint32_t *X, uint32_t *T, uint32_t *V)
--{
-- unsigned char *pB;
-- uint32_t *pV;
-- uint64_t i, k;
--
-- /* Convert from little endian input */
-- for (pV = V, i = 0, pB = B; i < 32 * r; i++, pV++) {
-- *pV = *pB++;
-- *pV |= *pB++ << 8;
-- *pV |= *pB++ << 16;
-- *pV |= (uint32_t)*pB++ << 24;
-- }
--
-- for (i = 1; i < N; i++, pV += 32 * r)
-- scryptBlockMix(pV, pV - 32 * r, r);
--
-- scryptBlockMix(X, V + (N - 1) * 32 * r, r);
--
-- for (i = 0; i < N; i++) {
-- uint32_t j;
-- j = X[16 * (2 * r - 1)] % N;
-- pV = V + 32 * r * j;
-- for (k = 0; k < 32 * r; k++)
-- T[k] = X[k] ^ *pV++;
-- scryptBlockMix(X, T, r);
-- }
-- /* Convert output to little endian */
-- for (i = 0, pB = B; i < 32 * r; i++) {
-- uint32_t xtmp = X[i];
-- *pB++ = xtmp & 0xff;
-- *pB++ = (xtmp >> 8) & 0xff;
-- *pB++ = (xtmp >> 16) & 0xff;
-- *pB++ = (xtmp >> 24) & 0xff;
-- }
--}
--
--#ifndef SIZE_MAX
--# define SIZE_MAX ((size_t)-1)
--#endif
--
--/*
-- * Maximum power of two that will fit in uint64_t: this should work on
-- * most (all?) platforms.
-- */
--
--#define LOG2_UINT64_MAX (sizeof(uint64_t) * 8 - 1)
--
--/*
-- * Maximum value of p * r:
-- * p <= ((2^32-1) * hLen) / MFLen =>
-- * p <= ((2^32-1) * 32) / (128 * r) =>
-- * p * r <= (2^30-1)
-- *
-- */
--
--#define SCRYPT_PR_MAX ((1 << 30) - 1)
--
- /*
- * Maximum permitted memory allow this to be overridden with Configuration
- * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible.
-@@ -160,107 +37,43 @@ int EVP_PBE_scrypt(const char *pass, siz
- uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
- unsigned char *key, size_t keylen)
- {
-- int rv = 0;
-- unsigned char *B;
-- uint32_t *X, *V, *T;
-- uint64_t i, Blen, Vlen;
--
-- /* Sanity check parameters */
-- /* initial check, r,p must be non zero, N >= 2 and a power of 2 */
-- if (r == 0 || p == 0 || N < 2 || (N & (N - 1)))
-- return 0;
-- /* Check p * r < SCRYPT_PR_MAX avoiding overflow */
-- if (p > SCRYPT_PR_MAX / r) {
-- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
-- return 0;
-- }
--
-- /*
-- * Need to check N: if 2^(128 * r / 8) overflows limit this is
-- * automatically satisfied since N <= UINT64_MAX.
-- */
--
-- if (16 * r <= LOG2_UINT64_MAX) {
-- if (N >= (((uint64_t)1) << (16 * r))) {
-- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
-- return 0;
-- }
-- }
-+ const char *empty = "";
-+ int rv = 1;
-+ EVP_KDF_CTX *kctx;
-
-- /* Memory checks: check total allocated buffer size fits in uint64_t */
--
-- /*
-- * B size in section 5 step 1.S
-- * Note: we know p * 128 * r < UINT64_MAX because we already checked
-- * p * r < SCRYPT_PR_MAX
-- */
-- Blen = p * 128 * r;
-- /*
-- * Yet we pass it as integer to PKCS5_PBKDF2_HMAC... [This would
-- * have to be revised when/if PKCS5_PBKDF2_HMAC accepts size_t.]
-- */
-- if (Blen > INT_MAX) {
-- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
-- return 0;
-- }
--
-- /*
-- * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in uint64_t
-- * This is combined size V, X and T (section 4)
-- */
-- i = UINT64_MAX / (32 * sizeof(uint32_t));
-- if (N + 2 > i / r) {
-- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
-+ if (r > UINT32_MAX || p > UINT32_MAX) {
-+ EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE);
- return 0;
- }
-- Vlen = 32 * r * (N + 2) * sizeof(uint32_t);
-
-- /* check total allocated size fits in uint64_t */
-- if (Blen > UINT64_MAX - Vlen) {
-- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
-- return 0;
-+ /* Maintain existing behaviour. */
-+ if (pass == NULL) {
-+ pass = empty;
-+ passlen = 0;
-+ }
-+ if (salt == NULL) {
-+ salt = (const unsigned char *)empty;
-+ saltlen = 0;
- }
--
- if (maxmem == 0)
- maxmem = SCRYPT_MAX_MEM;
-
-- /* Check that the maximum memory doesn't exceed a size_t limits */
-- if (maxmem > SIZE_MAX)
-- maxmem = SIZE_MAX;
--
-- if (Blen + Vlen > maxmem) {
-- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
-+ kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT);
-+ if (kctx == NULL)
- return 0;
-- }
-
-- /* If no key return to indicate parameters are OK */
-- if (key == NULL)
-- return 1;
--
-- B = OPENSSL_malloc((size_t)(Blen + Vlen));
-- if (B == NULL) {
-- EVPerr(EVP_F_EVP_PBE_SCRYPT, ERR_R_MALLOC_FAILURE);
-- return 0;
-- }
-- X = (uint32_t *)(B + Blen);
-- T = X + 32 * r;
-- V = T + 32 * r;
-- if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(),
-- (int)Blen, B) == 0)
-- goto err;
--
-- for (i = 0; i < p; i++)
-- scryptROMix(B + 128 * r * i, r, N, X, T, V);
--
-- if (PKCS5_PBKDF2_HMAC(pass, passlen, B, (int)Blen, 1, EVP_sha256(),
-- keylen, key) == 0)
-- goto err;
-- rv = 1;
-- err:
-- if (rv == 0)
-- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PBKDF2_ERROR);
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, pass, (size_t)passlen) != 1
-+ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
-+ salt, (size_t)saltlen) != 1
-+ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, N) != 1
-+ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, (uint32_t)r) != 1
-+ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, (uint32_t)p) != 1
-+ || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, maxmem) != 1
-+ || EVP_KDF_derive(kctx, key, keylen) != 1)
-+ rv = 0;
-
-- OPENSSL_clear_free(B, (size_t)(Blen + Vlen));
-+ EVP_KDF_CTX_free(kctx);
- return rv;
- }
-+
- #endif
-diff -up openssl-1.1.1b/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1b/crypto/evp/pkey_kdf.c
---- openssl-1.1.1b/crypto/evp/pkey_kdf.c.evp-kdf 2019-02-28 13:05:05.653521437 +0100
-+++ openssl-1.1.1b/crypto/evp/pkey_kdf.c 2019-02-28 13:05:05.653521437 +0100
-@@ -0,0 +1,255 @@
-+/*
-+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <string.h>
-+#include <openssl/evp.h>
-+#include <openssl/err.h>
-+#include <openssl/kdf.h>
-+#include "internal/evp_int.h"
-+
-+static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
-+{
-+ EVP_KDF_CTX *kctx;
-+
-+ kctx = EVP_KDF_CTX_new_id(ctx->pmeth->pkey_id);
-+ if (kctx == NULL)
-+ return 0;
-+
-+ ctx->data = kctx;
-+ return 1;
-+}
-+
-+static void pkey_kdf_cleanup(EVP_PKEY_CTX *ctx)
-+{
-+ EVP_KDF_CTX *kctx = ctx->data;
-+
-+ EVP_KDF_CTX_free(kctx);
-+}
-+
-+static int pkey_kdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-+{
-+ EVP_KDF_CTX *kctx = ctx->data;
-+ uint64_t u64_value;
-+ int cmd;
-+ int ret;
-+
-+ switch (type) {
-+ case EVP_PKEY_CTRL_PASS:
-+ cmd = EVP_KDF_CTRL_SET_PASS;
-+ break;
-+ case EVP_PKEY_CTRL_HKDF_SALT:
-+ case EVP_PKEY_CTRL_SCRYPT_SALT:
-+ cmd = EVP_KDF_CTRL_SET_SALT;
-+ break;
-+ case EVP_PKEY_CTRL_TLS_MD:
-+ case EVP_PKEY_CTRL_HKDF_MD:
-+ cmd = EVP_KDF_CTRL_SET_MD;
-+ break;
-+ case EVP_PKEY_CTRL_TLS_SECRET:
-+ cmd = EVP_KDF_CTRL_SET_TLS_SECRET;
-+ ret = EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_RESET_TLS_SEED);
-+ if (ret < 1)
-+ return ret;
-+ break;
-+ case EVP_PKEY_CTRL_TLS_SEED:
-+ cmd = EVP_KDF_CTRL_ADD_TLS_SEED;
-+ break;
-+ case EVP_PKEY_CTRL_HKDF_KEY:
-+ cmd = EVP_KDF_CTRL_SET_KEY;
-+ break;
-+ case EVP_PKEY_CTRL_HKDF_INFO:
-+ cmd = EVP_KDF_CTRL_ADD_HKDF_INFO;
-+ break;
-+ case EVP_PKEY_CTRL_HKDF_MODE:
-+ cmd = EVP_KDF_CTRL_SET_HKDF_MODE;
-+ break;
-+ case EVP_PKEY_CTRL_SCRYPT_N:
-+ cmd = EVP_KDF_CTRL_SET_SCRYPT_N;
-+ break;
-+ case EVP_PKEY_CTRL_SCRYPT_R:
-+ cmd = EVP_KDF_CTRL_SET_SCRYPT_R;
-+ break;
-+ case EVP_PKEY_CTRL_SCRYPT_P:
-+ cmd = EVP_KDF_CTRL_SET_SCRYPT_P;
-+ break;
-+ case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES:
-+ cmd = EVP_KDF_CTRL_SET_MAXMEM_BYTES;
-+ break;
-+ default:
-+ return -2;
-+ }
-+
-+ switch (cmd) {
-+ case EVP_KDF_CTRL_SET_PASS:
-+ case EVP_KDF_CTRL_SET_SALT:
-+ case EVP_KDF_CTRL_SET_KEY:
-+ case EVP_KDF_CTRL_SET_TLS_SECRET:
-+ case EVP_KDF_CTRL_ADD_TLS_SEED:
-+ case EVP_KDF_CTRL_ADD_HKDF_INFO:
-+ return EVP_KDF_ctrl(kctx, cmd, (const unsigned char *)p2, (size_t)p1);
-+
-+ case EVP_KDF_CTRL_SET_MD:
-+ return EVP_KDF_ctrl(kctx, cmd, (const EVP_MD *)p2);
-+
-+ case EVP_KDF_CTRL_SET_HKDF_MODE:
-+ return EVP_KDF_ctrl(kctx, cmd, (int)p1);
-+
-+ case EVP_KDF_CTRL_SET_SCRYPT_R:
-+ case EVP_KDF_CTRL_SET_SCRYPT_P:
-+ u64_value = *(uint64_t *)p2;
-+ if (u64_value > UINT32_MAX) {
-+ EVPerr(EVP_F_PKEY_KDF_CTRL, EVP_R_PARAMETER_TOO_LARGE);
-+ return 0;
-+ }
-+
-+ return EVP_KDF_ctrl(kctx, cmd, (uint32_t)u64_value);
-+
-+ case EVP_KDF_CTRL_SET_SCRYPT_N:
-+ case EVP_KDF_CTRL_SET_MAXMEM_BYTES:
-+ return EVP_KDF_ctrl(kctx, cmd, *(uint64_t *)p2);
-+
-+ default:
-+ return 0;
-+ }
-+}
-+
-+static int pkey_kdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
-+ const char *value)
-+{
-+ EVP_KDF_CTX *kctx = ctx->data;
-+
-+ if (strcmp(type, "md") == 0)
-+ return EVP_KDF_ctrl_str(kctx, "digest", value);
-+ return EVP_KDF_ctrl_str(kctx, type, value);
-+}
-+
-+static int pkey_kdf_derive_init(EVP_PKEY_CTX *ctx)
-+{
-+ EVP_KDF_CTX *kctx = ctx->data;
-+
-+ EVP_KDF_reset(kctx);
-+ return 1;
-+}
-+
-+/*
-+ * For fixed-output algorithms the keylen parameter is an "out" parameter
-+ * otherwise it is an "in" parameter.
-+ */
-+static int pkey_kdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
-+ size_t *keylen)
-+{
-+ EVP_KDF_CTX *kctx = ctx->data;
-+ size_t outlen = EVP_KDF_size(kctx);
-+
-+ if (outlen == 0 || outlen == SIZE_MAX) {
-+ /* Variable-output algorithm */
-+ if (key == NULL)
-+ return 0;
-+ } else {
-+ /* Fixed-output algorithm */
-+ *keylen = outlen;
-+ if (key == NULL)
-+ return 1;
-+ }
-+ return EVP_KDF_derive(kctx, key, *keylen);
-+}
-+
-+#ifndef OPENSSL_NO_SCRYPT
-+const EVP_PKEY_METHOD scrypt_pkey_meth = {
-+ EVP_PKEY_SCRYPT,
-+ 0,
-+ pkey_kdf_init,
-+ 0,
-+ pkey_kdf_cleanup,
-+
-+ 0, 0,
-+ 0, 0,
-+
-+ 0,
-+ 0,
-+
-+ 0,
-+ 0,
-+
-+ 0, 0,
-+
-+ 0, 0, 0, 0,
-+
-+ 0, 0,
-+
-+ 0, 0,
-+
-+ pkey_kdf_derive_init,
-+ pkey_kdf_derive,
-+ pkey_kdf_ctrl,
-+ pkey_kdf_ctrl_str
-+};
-+#endif
-+
-+const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
-+ EVP_PKEY_TLS1_PRF,
-+ EVP_PKEY_FLAG_FIPS,
-+ pkey_kdf_init,
-+ 0,
-+ pkey_kdf_cleanup,
-+
-+ 0, 0,
-+ 0, 0,
-+
-+ 0,
-+ 0,
-+
-+ 0,
-+ 0,
-+
-+ 0, 0,
-+
-+ 0, 0, 0, 0,
-+
-+ 0, 0,
-+
-+ 0, 0,
-+
-+ pkey_kdf_derive_init,
-+ pkey_kdf_derive,
-+ pkey_kdf_ctrl,
-+ pkey_kdf_ctrl_str
-+};
-+
-+const EVP_PKEY_METHOD hkdf_pkey_meth = {
-+ EVP_PKEY_HKDF,
-+ EVP_PKEY_FLAG_FIPS,
-+ pkey_kdf_init,
-+ 0,
-+ pkey_kdf_cleanup,
-+
-+ 0, 0,
-+ 0, 0,
-+
-+ 0,
-+ 0,
-+
-+ 0,
-+ 0,
-+
-+ 0, 0,
-+
-+ 0, 0, 0, 0,
-+
-+ 0, 0,
-+
-+ 0, 0,
-+
-+ pkey_kdf_derive_init,
-+ pkey_kdf_derive,
-+ pkey_kdf_ctrl,
-+ pkey_kdf_ctrl_str
-+};
-+
-diff -up openssl-1.1.1b/crypto/include/internal/evp_int.h.evp-kdf openssl-1.1.1b/crypto/include/internal/evp_int.h
---- openssl-1.1.1b/crypto/include/internal/evp_int.h.evp-kdf 2019-02-28 13:05:05.304527888 +0100
-+++ openssl-1.1.1b/crypto/include/internal/evp_int.h 2019-02-28 13:05:05.653521437 +0100
-@@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m
- extern const EVP_PKEY_METHOD poly1305_pkey_meth;
- extern const EVP_PKEY_METHOD siphash_pkey_meth;
-
-+/* struct evp_kdf_impl_st is defined by the implementation */
-+typedef struct evp_kdf_impl_st EVP_KDF_IMPL;
-+typedef struct {
-+ int type;
-+ EVP_KDF_IMPL *(*new) (void);
-+ void (*free) (EVP_KDF_IMPL *impl);
-+ void (*reset) (EVP_KDF_IMPL *impl);
-+ int (*ctrl) (EVP_KDF_IMPL *impl, int cmd, va_list args);
-+ int (*ctrl_str) (EVP_KDF_IMPL *impl, const char *type, const char *value);
-+ size_t (*size) (EVP_KDF_IMPL *impl);
-+ int (*derive) (EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen);
-+} EVP_KDF_METHOD;
-+
-+extern const EVP_KDF_METHOD pbkdf2_kdf_meth;
-+extern const EVP_KDF_METHOD scrypt_kdf_meth;
-+extern const EVP_KDF_METHOD tls1_prf_kdf_meth;
-+extern const EVP_KDF_METHOD hkdf_kdf_meth;
-+
- struct evp_md_st {
- int type;
- int pkey_type;
-diff -up openssl-1.1.1b/crypto/kdf/build.info.evp-kdf openssl-1.1.1b/crypto/kdf/build.info
---- openssl-1.1.1b/crypto/kdf/build.info.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/kdf/build.info 2019-02-28 13:05:05.653521437 +0100
-@@ -1,3 +1,3 @@
- LIBS=../../libcrypto
- SOURCE[../../libcrypto]=\
-- tls1_prf.c kdf_err.c hkdf.c scrypt.c
-+ tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c
-diff -up openssl-1.1.1b/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1b/crypto/kdf/hkdf.c
---- openssl-1.1.1b/crypto/kdf/hkdf.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/kdf/hkdf.c 2019-02-28 13:05:05.653521437 +0100
-@@ -8,32 +8,33 @@
- */
-
- #include <stdlib.h>
-+#include <stdarg.h>
- #include <string.h>
- #include <openssl/hmac.h>
--#include <openssl/kdf.h>
- #include <openssl/evp.h>
-+#include <openssl/kdf.h>
- #include "internal/cryptlib.h"
- #include "internal/evp_int.h"
-+#include "kdf_local.h"
-
- #define HKDF_MAXBUF 1024
-
--static unsigned char *HKDF(const EVP_MD *evp_md,
-- const unsigned char *salt, size_t salt_len,
-- const unsigned char *key, size_t key_len,
-- const unsigned char *info, size_t info_len,
-- unsigned char *okm, size_t okm_len);
--
--static unsigned char *HKDF_Extract(const EVP_MD *evp_md,
-- const unsigned char *salt, size_t salt_len,
-- const unsigned char *key, size_t key_len,
-- unsigned char *prk, size_t *prk_len);
--
--static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
-- const unsigned char *prk, size_t prk_len,
-- const unsigned char *info, size_t info_len,
-- unsigned char *okm, size_t okm_len);
-+static void kdf_hkdf_reset(EVP_KDF_IMPL *impl);
-+static int HKDF(const EVP_MD *evp_md,
-+ const unsigned char *salt, size_t salt_len,
-+ const unsigned char *key, size_t key_len,
-+ const unsigned char *info, size_t info_len,
-+ unsigned char *okm, size_t okm_len);
-+static int HKDF_Extract(const EVP_MD *evp_md,
-+ const unsigned char *salt, size_t salt_len,
-+ const unsigned char *key, size_t key_len,
-+ unsigned char *prk, size_t prk_len);
-+static int HKDF_Expand(const EVP_MD *evp_md,
-+ const unsigned char *prk, size_t prk_len,
-+ const unsigned char *info, size_t info_len,
-+ unsigned char *okm, size_t okm_len);
-
--typedef struct {
-+struct evp_kdf_impl_st {
- int mode;
- const EVP_MD *md;
- unsigned char *salt;
-@@ -42,230 +43,208 @@ typedef struct {
- size_t key_len;
- unsigned char info[HKDF_MAXBUF];
- size_t info_len;
--} HKDF_PKEY_CTX;
-+};
-
--static int pkey_hkdf_init(EVP_PKEY_CTX *ctx)
-+static EVP_KDF_IMPL *kdf_hkdf_new(void)
- {
-- HKDF_PKEY_CTX *kctx;
--
-- if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) {
-- KDFerr(KDF_F_PKEY_HKDF_INIT, ERR_R_MALLOC_FAILURE);
-- return 0;
-- }
-+ EVP_KDF_IMPL *impl;
-
-- ctx->data = kctx;
-+ if ((impl = OPENSSL_zalloc(sizeof(*impl))) == NULL)
-+ KDFerr(KDF_F_KDF_HKDF_NEW, ERR_R_MALLOC_FAILURE);
-+ return impl;
-+}
-
-- return 1;
-+static void kdf_hkdf_free(EVP_KDF_IMPL *impl)
-+{
-+ kdf_hkdf_reset(impl);
-+ OPENSSL_free(impl);
- }
-
--static void pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx)
-+static void kdf_hkdf_reset(EVP_KDF_IMPL *impl)
- {
-- HKDF_PKEY_CTX *kctx = ctx->data;
-- OPENSSL_clear_free(kctx->salt, kctx->salt_len);
-- OPENSSL_clear_free(kctx->key, kctx->key_len);
-- OPENSSL_cleanse(kctx->info, kctx->info_len);
-- OPENSSL_free(kctx);
-+ OPENSSL_free(impl->salt);
-+ OPENSSL_clear_free(impl->key, impl->key_len);
-+ OPENSSL_cleanse(impl->info, impl->info_len);
-+ memset(impl, 0, sizeof(*impl));
- }
-
--static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-+static int kdf_hkdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args)
- {
-- HKDF_PKEY_CTX *kctx = ctx->data;
-+ const unsigned char *p;
-+ size_t len;
-+ const EVP_MD *md;
-
-- switch (type) {
-- case EVP_PKEY_CTRL_HKDF_MD:
-- if (p2 == NULL)
-+ switch (cmd) {
-+ case EVP_KDF_CTRL_SET_MD:
-+ md = va_arg(args, const EVP_MD *);
-+ if (md == NULL)
- return 0;
-
-- kctx->md = p2;
-+ impl->md = md;
- return 1;
-
-- case EVP_PKEY_CTRL_HKDF_MODE:
-- kctx->mode = p1;
-+ case EVP_KDF_CTRL_SET_HKDF_MODE:
-+ impl->mode = va_arg(args, int);
- return 1;
-
-- case EVP_PKEY_CTRL_HKDF_SALT:
-- if (p1 == 0 || p2 == NULL)
-+ case EVP_KDF_CTRL_SET_SALT:
-+ p = va_arg(args, const unsigned char *);
-+ len = va_arg(args, size_t);
-+ if (len == 0 || p == NULL)
- return 1;
-
-- if (p1 < 0)
-- return 0;
--
-- if (kctx->salt != NULL)
-- OPENSSL_clear_free(kctx->salt, kctx->salt_len);
--
-- kctx->salt = OPENSSL_memdup(p2, p1);
-- if (kctx->salt == NULL)
-+ OPENSSL_free(impl->salt);
-+ impl->salt = OPENSSL_memdup(p, len);
-+ if (impl->salt == NULL)
- return 0;
-
-- kctx->salt_len = p1;
-+ impl->salt_len = len;
- return 1;
-
-- case EVP_PKEY_CTRL_HKDF_KEY:
-- if (p1 < 0)
-+ case EVP_KDF_CTRL_SET_KEY:
-+ p = va_arg(args, const unsigned char *);
-+ len = va_arg(args, size_t);
-+ OPENSSL_clear_free(impl->key, impl->key_len);
-+ impl->key = OPENSSL_memdup(p, len);
-+ if (impl->key == NULL)
- return 0;
-
-- if (kctx->key != NULL)
-- OPENSSL_clear_free(kctx->key, kctx->key_len);
--
-- kctx->key = OPENSSL_memdup(p2, p1);
-- if (kctx->key == NULL)
-- return 0;
-+ impl->key_len = len;
-+ return 1;
-
-- kctx->key_len = p1;
-+ case EVP_KDF_CTRL_RESET_HKDF_INFO:
-+ OPENSSL_cleanse(impl->info, impl->info_len);
-+ impl->info_len = 0;
- return 1;
-
-- case EVP_PKEY_CTRL_HKDF_INFO:
-- if (p1 == 0 || p2 == NULL)
-+ case EVP_KDF_CTRL_ADD_HKDF_INFO:
-+ p = va_arg(args, const unsigned char *);
-+ len = va_arg(args, size_t);
-+ if (len == 0 || p == NULL)
- return 1;
-
-- if (p1 < 0 || p1 > (int)(HKDF_MAXBUF - kctx->info_len))
-+ if (len > (HKDF_MAXBUF - impl->info_len))
- return 0;
-
-- memcpy(kctx->info + kctx->info_len, p2, p1);
-- kctx->info_len += p1;
-+ memcpy(impl->info + impl->info_len, p, len);
-+ impl->info_len += len;
- return 1;
-
- default:
- return -2;
--
- }
- }
-
--static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
-- const char *value)
-+static int kdf_hkdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type,
-+ const char *value)
- {
- if (strcmp(type, "mode") == 0) {
- int mode;
-
- if (strcmp(value, "EXTRACT_AND_EXPAND") == 0)
-- mode = EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND;
-+ mode = EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND;
- else if (strcmp(value, "EXTRACT_ONLY") == 0)
-- mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY;
-+ mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY;
- else if (strcmp(value, "EXPAND_ONLY") == 0)
-- mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY;
-+ mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY;
- else
- return 0;
-
-- return EVP_PKEY_CTX_hkdf_mode(ctx, mode);
-+ return call_ctrl(kdf_hkdf_ctrl, impl, EVP_KDF_CTRL_SET_HKDF_MODE, mode);
- }
-
-- if (strcmp(type, "md") == 0)
-- return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_DERIVE,
-- EVP_PKEY_CTRL_HKDF_MD, value);
-+ if (strcmp(type, "digest") == 0)
-+ return kdf_md2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_MD, value);
-
- if (strcmp(type, "salt") == 0)
-- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value);
-+ return kdf_str2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_SALT, value);
-
- if (strcmp(type, "hexsalt") == 0)
-- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value);
-+ return kdf_hex2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_SALT, value);
-
- if (strcmp(type, "key") == 0)
-- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value);
-+ return kdf_str2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_KEY, value);
-
- if (strcmp(type, "hexkey") == 0)
-- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value);
-+ return kdf_hex2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_KEY, value);
-
- if (strcmp(type, "info") == 0)
-- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value);
-+ return kdf_str2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_ADD_HKDF_INFO,
-+ value);
-
- if (strcmp(type, "hexinfo") == 0)
-- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value);
-+ return kdf_hex2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_ADD_HKDF_INFO,
-+ value);
-
-- KDFerr(KDF_F_PKEY_HKDF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
- return -2;
- }
-
--static int pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx)
-+static size_t kdf_hkdf_size(EVP_KDF_IMPL *impl)
- {
-- HKDF_PKEY_CTX *kctx = ctx->data;
--
-- OPENSSL_clear_free(kctx->key, kctx->key_len);
-- OPENSSL_clear_free(kctx->salt, kctx->salt_len);
-- OPENSSL_cleanse(kctx->info, kctx->info_len);
-- memset(kctx, 0, sizeof(*kctx));
-+ if (impl->mode != EVP_KDF_HKDF_MODE_EXTRACT_ONLY)
-+ return SIZE_MAX;
-
-- return 1;
-+ if (impl->md == NULL) {
-+ KDFerr(KDF_F_KDF_HKDF_SIZE, KDF_R_MISSING_MESSAGE_DIGEST);
-+ return 0;
-+ }
-+ return EVP_MD_size(impl->md);
- }
-
--static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
-- size_t *keylen)
-+static int kdf_hkdf_derive(EVP_KDF_IMPL *impl, unsigned char *key,
-+ size_t keylen)
- {
-- HKDF_PKEY_CTX *kctx = ctx->data;
--
-- if (kctx->md == NULL) {
-- KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
-+ if (impl->md == NULL) {
-+ KDFerr(KDF_F_KDF_HKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
- return 0;
- }
-- if (kctx->key == NULL) {
-- KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_KEY);
-+ if (impl->key == NULL) {
-+ KDFerr(KDF_F_KDF_HKDF_DERIVE, KDF_R_MISSING_KEY);
- return 0;
- }
-
-- switch (kctx->mode) {
-- case EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND:
-- return HKDF(kctx->md, kctx->salt, kctx->salt_len, kctx->key,
-- kctx->key_len, kctx->info, kctx->info_len, key,
-- *keylen) != NULL;
--
-- case EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY:
-- if (key == NULL) {
-- *keylen = EVP_MD_size(kctx->md);
-- return 1;
-- }
-- return HKDF_Extract(kctx->md, kctx->salt, kctx->salt_len, kctx->key,
-- kctx->key_len, key, keylen) != NULL;
--
-- case EVP_PKEY_HKDEF_MODE_EXPAND_ONLY:
-- return HKDF_Expand(kctx->md, kctx->key, kctx->key_len, kctx->info,
-- kctx->info_len, key, *keylen) != NULL;
-+ switch (impl->mode) {
-+ case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
-+ return HKDF(impl->md, impl->salt, impl->salt_len, impl->key,
-+ impl->key_len, impl->info, impl->info_len, key,
-+ keylen);
-+
-+ case EVP_KDF_HKDF_MODE_EXTRACT_ONLY:
-+ return HKDF_Extract(impl->md, impl->salt, impl->salt_len, impl->key,
-+ impl->key_len, key, keylen);
-+
-+ case EVP_KDF_HKDF_MODE_EXPAND_ONLY:
-+ return HKDF_Expand(impl->md, impl->key, impl->key_len, impl->info,
-+ impl->info_len, key, keylen);
-
- default:
- return 0;
- }
- }
-
--const EVP_PKEY_METHOD hkdf_pkey_meth = {
-- EVP_PKEY_HKDF,
-- 0,
-- pkey_hkdf_init,
-- 0,
-- pkey_hkdf_cleanup,
--
-- 0, 0,
-- 0, 0,
--
-- 0,
-- 0,
--
-- 0,
-- 0,
--
-- 0, 0,
--
-- 0, 0, 0, 0,
--
-- 0, 0,
--
-- 0, 0,
--
-- pkey_hkdf_derive_init,
-- pkey_hkdf_derive,
-- pkey_hkdf_ctrl,
-- pkey_hkdf_ctrl_str
-+const EVP_KDF_METHOD hkdf_kdf_meth = {
-+ EVP_KDF_HKDF,
-+ kdf_hkdf_new,
-+ kdf_hkdf_free,
-+ kdf_hkdf_reset,
-+ kdf_hkdf_ctrl,
-+ kdf_hkdf_ctrl_str,
-+ kdf_hkdf_size,
-+ kdf_hkdf_derive
- };
-
--static unsigned char *HKDF(const EVP_MD *evp_md,
-- const unsigned char *salt, size_t salt_len,
-- const unsigned char *key, size_t key_len,
-- const unsigned char *info, size_t info_len,
-- unsigned char *okm, size_t okm_len)
-+static int HKDF(const EVP_MD *evp_md,
-+ const unsigned char *salt, size_t salt_len,
-+ const unsigned char *key, size_t key_len,
-+ const unsigned char *info, size_t info_len,
-+ unsigned char *okm, size_t okm_len)
- {
- unsigned char prk[EVP_MAX_MD_SIZE];
-- unsigned char *ret;
-- size_t prk_len;
-+ int ret;
-+ size_t prk_len = EVP_MD_size(evp_md);
-
-- if (!HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, &prk_len))
-- return NULL;
-+ if (!HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, prk_len))
-+ return 0;
-
- ret = HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len);
- OPENSSL_cleanse(prk, sizeof(prk));
-@@ -273,43 +252,38 @@ static unsigned char *HKDF(const EVP_MD
- return ret;
- }
-
--static unsigned char *HKDF_Extract(const EVP_MD *evp_md,
-- const unsigned char *salt, size_t salt_len,
-- const unsigned char *key, size_t key_len,
-- unsigned char *prk, size_t *prk_len)
-+static int HKDF_Extract(const EVP_MD *evp_md,
-+ const unsigned char *salt, size_t salt_len,
-+ const unsigned char *key, size_t key_len,
-+ unsigned char *prk, size_t prk_len)
- {
-- unsigned int tmp_len;
--
-- if (!HMAC(evp_md, salt, salt_len, key, key_len, prk, &tmp_len))
-- return NULL;
--
-- *prk_len = tmp_len;
-- return prk;
-+ if (prk_len != (size_t)EVP_MD_size(evp_md)) {
-+ KDFerr(KDF_F_HKDF_EXTRACT, KDF_R_WRONG_OUTPUT_BUFFER_SIZE);
-+ return 0;
-+ }
-+ return HMAC(evp_md, salt, salt_len, key, key_len, prk, NULL) != NULL;
- }
-
--static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
-- const unsigned char *prk, size_t prk_len,
-- const unsigned char *info, size_t info_len,
-- unsigned char *okm, size_t okm_len)
-+static int HKDF_Expand(const EVP_MD *evp_md,
-+ const unsigned char *prk, size_t prk_len,
-+ const unsigned char *info, size_t info_len,
-+ unsigned char *okm, size_t okm_len)
- {
- HMAC_CTX *hmac;
-- unsigned char *ret = NULL;
--
-+ int ret = 0;
- unsigned int i;
--
- unsigned char prev[EVP_MAX_MD_SIZE];
--
- size_t done_len = 0, dig_len = EVP_MD_size(evp_md);
--
- size_t n = okm_len / dig_len;
-+
- if (okm_len % dig_len)
- n++;
-
- if (n > 255 || okm == NULL)
-- return NULL;
-+ return 0;
-
- if ((hmac = HMAC_CTX_new()) == NULL)
-- return NULL;
-+ return 0;
-
- if (!HMAC_Init_ex(hmac, prk, prk_len, evp_md, NULL))
- goto err;
-@@ -343,7 +317,7 @@ static unsigned char *HKDF_Expand(const
-
- done_len += copy_len;
- }
-- ret = okm;
-+ ret = 1;
-
- err:
- OPENSSL_cleanse(prev, sizeof(prev));
-diff -up openssl-1.1.1b/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1b/crypto/kdf/kdf_err.c
---- openssl-1.1.1b/crypto/kdf/kdf_err.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/kdf/kdf_err.c 2019-02-28 13:05:05.654521419 +0100
-@@ -1,6 +1,6 @@
- /*
- * Generated by util/mkerr.pl DO NOT EDIT
-- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
-@@ -14,6 +14,29 @@
- #ifndef OPENSSL_NO_ERR
-
- static const ERR_STRING_DATA KDF_str_functs[] = {
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_HKDF_EXTRACT, 0), "HKDF_Extract"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_HKDF_DERIVE, 0), "kdf_hkdf_derive"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_HKDF_NEW, 0), "kdf_hkdf_new"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_HKDF_SIZE, 0), "kdf_hkdf_size"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_MD2CTRL, 0), "kdf_md2ctrl"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_PBKDF2_CTRL_STR, 0),
-+ "kdf_pbkdf2_ctrl_str"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_PBKDF2_DERIVE, 0), "kdf_pbkdf2_derive"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_PBKDF2_NEW, 0), "kdf_pbkdf2_new"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_CTRL_STR, 0),
-+ "kdf_scrypt_ctrl_str"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_CTRL_UINT32, 0),
-+ "kdf_scrypt_ctrl_uint32"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_CTRL_UINT64, 0),
-+ "kdf_scrypt_ctrl_uint64"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_DERIVE, 0), "kdf_scrypt_derive"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_NEW, 0), "kdf_scrypt_new"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_CTRL_STR, 0),
-+ "kdf_tls1_prf_ctrl_str"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_DERIVE, 0),
-+ "kdf_tls1_prf_derive"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_NEW, 0), "kdf_tls1_prf_new"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_PBKDF2_SET_MEMBUF, 0), "pbkdf2_set_membuf"},
- {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_CTRL_STR, 0), "pkey_hkdf_ctrl_str"},
- {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"},
- {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_INIT, 0), "pkey_hkdf_init"},
-@@ -30,6 +53,7 @@ static const ERR_STRING_DATA KDF_str_fun
- {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0),
- "pkey_tls1_prf_derive"},
- {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_INIT, 0), "pkey_tls1_prf_init"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_SCRYPT_SET_MEMBUF, 0), "scrypt_set_membuf"},
- {ERR_PACK(ERR_LIB_KDF, KDF_F_TLS1_PRF_ALG, 0), "tls1_prf_alg"},
- {0, NULL}
- };
-@@ -50,6 +74,8 @@ static const ERR_STRING_DATA KDF_str_rea
- "unknown parameter type"},
- {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_ERROR), "value error"},
- {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_MISSING), "value missing"},
-+ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_WRONG_OUTPUT_BUFFER_SIZE),
-+ "wrong output buffer size"},
- {0, NULL}
- };
-
-diff -up openssl-1.1.1b/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1b/crypto/kdf/kdf_local.h
---- openssl-1.1.1b/crypto/kdf/kdf_local.h.evp-kdf 2019-02-28 13:05:05.654521419 +0100
-+++ openssl-1.1.1b/crypto/kdf/kdf_local.h 2019-02-28 13:05:05.654521419 +0100
-@@ -0,0 +1,22 @@
-+/*
-+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+int call_ctrl(int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
-+ EVP_KDF_IMPL *impl, int cmd, ...);
-+int kdf_str2ctrl(EVP_KDF_IMPL *impl,
-+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
-+ int cmd, const char *str);
-+int kdf_hex2ctrl(EVP_KDF_IMPL *impl,
-+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
-+ int cmd, const char *hex);
-+int kdf_md2ctrl(EVP_KDF_IMPL *impl,
-+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
-+ int cmd, const char *md_name);
-+
-diff -up openssl-1.1.1b/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1b/crypto/kdf/kdf_util.c
---- openssl-1.1.1b/crypto/kdf/kdf_util.c.evp-kdf 2019-02-28 13:05:05.654521419 +0100
-+++ openssl-1.1.1b/crypto/kdf/kdf_util.c 2019-02-28 13:05:05.654521419 +0100
-@@ -0,0 +1,73 @@
-+/*
-+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <string.h>
-+#include <stdarg.h>
-+#include <openssl/kdf.h>
-+#include <openssl/evp.h>
-+#include "internal/cryptlib.h"
-+#include "internal/evp_int.h"
-+#include "internal/numbers.h"
-+#include "kdf_local.h"
-+
-+int call_ctrl(int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
-+ EVP_KDF_IMPL *impl, int cmd, ...)
-+{
-+ int ret;
-+ va_list args;
-+
-+ va_start(args, cmd);
-+ ret = ctrl(impl, cmd, args);
-+ va_end(args);
-+
-+ return ret;
-+}
-+
-+/* Utility functions to send a string or hex string to a ctrl */
-+
-+int kdf_str2ctrl(EVP_KDF_IMPL *impl,
-+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
-+ int cmd, const char *str)
-+{
-+ return call_ctrl(ctrl, impl, cmd, (const unsigned char *)str, strlen(str));
-+}
-+
-+int kdf_hex2ctrl(EVP_KDF_IMPL *impl,
-+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
-+ int cmd, const char *hex)
-+{
-+ unsigned char *bin;
-+ long binlen;
-+ int ret = -1;
-+
-+ bin = OPENSSL_hexstr2buf(hex, &binlen);
-+ if (bin == NULL)
-+ return 0;
-+
-+ if (binlen <= INT_MAX)
-+ ret = call_ctrl(ctrl, impl, cmd, bin, (size_t)binlen);
-+ OPENSSL_free(bin);
-+ return ret;
-+}
-+
-+/* Pass a message digest to a ctrl */
-+int kdf_md2ctrl(EVP_KDF_IMPL *impl,
-+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
-+ int cmd, const char *md_name)
-+{
-+ const EVP_MD *md;
-+
-+ if (md_name == NULL || (md = EVP_get_digestbyname(md_name)) == NULL) {
-+ KDFerr(KDF_F_KDF_MD2CTRL, KDF_R_INVALID_DIGEST);
-+ return 0;
-+ }
-+ return call_ctrl(ctrl, impl, cmd, md);
-+}
-+
-diff -up openssl-1.1.1b/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1b/crypto/kdf/pbkdf2.c
---- openssl-1.1.1b/crypto/kdf/pbkdf2.c.evp-kdf 2019-02-28 13:05:05.654521419 +0100
-+++ openssl-1.1.1b/crypto/kdf/pbkdf2.c 2019-02-28 13:05:05.654521419 +0100
-@@ -0,0 +1,264 @@
-+/*
-+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <stdlib.h>
-+#include <stdarg.h>
-+#include <string.h>
-+#include <openssl/hmac.h>
-+#include <openssl/evp.h>
-+#include <openssl/kdf.h>
-+#include "internal/cryptlib.h"
-+#include "internal/evp_int.h"
-+#include "kdf_local.h"
-+
-+static void kdf_pbkdf2_reset(EVP_KDF_IMPL *impl);
-+static void kdf_pbkdf2_init(EVP_KDF_IMPL *impl);
-+static int pkcs5_pbkdf2_alg(const char *pass, size_t passlen,
-+ const unsigned char *salt, int saltlen, int iter,
-+ const EVP_MD *digest, unsigned char *key,
-+ size_t keylen);
-+
-+struct evp_kdf_impl_st {
-+ unsigned char *pass;
-+ size_t pass_len;
-+ unsigned char *salt;
-+ size_t salt_len;
-+ int iter;
-+ const EVP_MD *md;
-+};
-+
-+static EVP_KDF_IMPL *kdf_pbkdf2_new(void)
-+{
-+ EVP_KDF_IMPL *impl;
-+
-+ impl = OPENSSL_zalloc(sizeof(*impl));
-+ if (impl == NULL) {
-+ KDFerr(KDF_F_KDF_PBKDF2_NEW, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
-+ kdf_pbkdf2_init(impl);
-+ return impl;
-+}
-+
-+static void kdf_pbkdf2_free(EVP_KDF_IMPL *impl)
-+{
-+ kdf_pbkdf2_reset(impl);
-+ OPENSSL_free(impl);
-+}
-+
-+static void kdf_pbkdf2_reset(EVP_KDF_IMPL *impl)
-+{
-+ OPENSSL_free(impl->salt);
-+ OPENSSL_clear_free(impl->pass, impl->pass_len);
-+ memset(impl, 0, sizeof(*impl));
-+ kdf_pbkdf2_init(impl);
-+}
-+
-+static void kdf_pbkdf2_init(EVP_KDF_IMPL *impl)
-+{
-+ impl->iter = PKCS5_DEFAULT_ITER;
-+ impl->md = EVP_sha1();
-+}
-+
-+static int pbkdf2_set_membuf(unsigned char **buffer, size_t *buflen,
-+ const unsigned char *new_buffer,
-+ size_t new_buflen)
-+{
-+ if (new_buffer == NULL)
-+ return 1;
-+
-+ OPENSSL_clear_free(*buffer, *buflen);
-+
-+ if (new_buflen > 0) {
-+ *buffer = OPENSSL_memdup(new_buffer, new_buflen);
-+ } else {
-+ *buffer = OPENSSL_malloc(1);
-+ }
-+ if (*buffer == NULL) {
-+ KDFerr(KDF_F_PBKDF2_SET_MEMBUF, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-+
-+ *buflen = new_buflen;
-+ return 1;
-+}
-+
-+static int kdf_pbkdf2_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args)
-+{
-+ int iter;
-+ const unsigned char *p;
-+ size_t len;
-+ const EVP_MD *md;
-+
-+ switch (cmd) {
-+ case EVP_KDF_CTRL_SET_PASS:
-+ p = va_arg(args, const unsigned char *);
-+ len = va_arg(args, size_t);
-+ return pbkdf2_set_membuf(&impl->pass, &impl->pass_len, p, len);
-+
-+ case EVP_KDF_CTRL_SET_SALT:
-+ p = va_arg(args, const unsigned char *);
-+ len = va_arg(args, size_t);
-+ return pbkdf2_set_membuf(&impl->salt, &impl->salt_len, p, len);
-+
-+ case EVP_KDF_CTRL_SET_ITER:
-+ iter = va_arg(args, int);
-+ if (iter < 1)
-+ return 0;
-+
-+ impl->iter = iter;
-+ return 1;
-+
-+ case EVP_KDF_CTRL_SET_MD:
-+ md = va_arg(args, const EVP_MD *);
-+ if (md == NULL)
-+ return 0;
-+
-+ impl->md = md;
-+ return 1;
-+
-+ default:
-+ return -2;
-+ }
-+}
-+
-+static int kdf_pbkdf2_ctrl_str(EVP_KDF_IMPL *impl, const char *type,
-+ const char *value)
-+{
-+ if (value == NULL) {
-+ KDFerr(KDF_F_KDF_PBKDF2_CTRL_STR, KDF_R_VALUE_MISSING);
-+ return 0;
-+ }
-+
-+ if (strcmp(type, "pass") == 0)
-+ return kdf_str2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_PASS,
-+ value);
-+
-+ if (strcmp(type, "hexpass") == 0)
-+ return kdf_hex2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_PASS,
-+ value);
-+
-+ if (strcmp(type, "salt") == 0)
-+ return kdf_str2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_SALT,
-+ value);
-+
-+ if (strcmp(type, "hexsalt") == 0)
-+ return kdf_hex2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_SALT,
-+ value);
-+
-+ if (strcmp(type, "iter") == 0)
-+ return call_ctrl(kdf_pbkdf2_ctrl, impl, EVP_KDF_CTRL_SET_ITER,
-+ atoi(value));
-+
-+ if (strcmp(type, "digest") == 0)
-+ return kdf_md2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_MD, value);
-+
-+ return -2;
-+}
-+
-+static int kdf_pbkdf2_derive(EVP_KDF_IMPL *impl, unsigned char *key,
-+ size_t keylen)
-+{
-+ if (impl->pass == NULL) {
-+ KDFerr(KDF_F_KDF_PBKDF2_DERIVE, KDF_R_MISSING_PASS);
-+ return 0;
-+ }
-+
-+ if (impl->salt == NULL) {
-+ KDFerr(KDF_F_KDF_PBKDF2_DERIVE, KDF_R_MISSING_SALT);
-+ return 0;
-+ }
-+
-+ return pkcs5_pbkdf2_alg((char *)impl->pass, impl->pass_len,
-+ impl->salt, impl->salt_len, impl->iter,
-+ impl->md, key, keylen);
-+}
-+
-+const EVP_KDF_METHOD pbkdf2_kdf_meth = {
-+ EVP_KDF_PBKDF2,
-+ kdf_pbkdf2_new,
-+ kdf_pbkdf2_free,
-+ kdf_pbkdf2_reset,
-+ kdf_pbkdf2_ctrl,
-+ kdf_pbkdf2_ctrl_str,
-+ NULL,
-+ kdf_pbkdf2_derive
-+};
-+
-+/*
-+ * This is an implementation of PKCS#5 v2.0 password based encryption key
-+ * derivation function PBKDF2. SHA1 version verified against test vectors
-+ * posted by Peter Gutmann to the PKCS-TNG mailing list.
-+ */
-+
-+static int pkcs5_pbkdf2_alg(const char *pass, size_t passlen,
-+ const unsigned char *salt, int saltlen, int iter,
-+ const EVP_MD *digest, unsigned char *key,
-+ size_t keylen)
-+{
-+ int ret = 0;
-+ unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
-+ int cplen, j, k, tkeylen, mdlen;
-+ unsigned long i = 1;
-+ HMAC_CTX *hctx_tpl = NULL, *hctx = NULL;
-+
-+ mdlen = EVP_MD_size(digest);
-+ if (mdlen < 0)
-+ return 0;
-+
-+ hctx_tpl = HMAC_CTX_new();
-+ if (hctx_tpl == NULL)
-+ return 0;
-+ p = key;
-+ tkeylen = keylen;
-+ if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL))
-+ goto err;
-+ hctx = HMAC_CTX_new();
-+ if (hctx == NULL)
-+ goto err;
-+ while (tkeylen) {
-+ if (tkeylen > mdlen)
-+ cplen = mdlen;
-+ else
-+ cplen = tkeylen;
-+ /*
-+ * We are unlikely to ever use more than 256 blocks (5120 bits!) but
-+ * just in case...
-+ */
-+ itmp[0] = (unsigned char)((i >> 24) & 0xff);
-+ itmp[1] = (unsigned char)((i >> 16) & 0xff);
-+ itmp[2] = (unsigned char)((i >> 8) & 0xff);
-+ itmp[3] = (unsigned char)(i & 0xff);
-+ if (!HMAC_CTX_copy(hctx, hctx_tpl))
-+ goto err;
-+ if (!HMAC_Update(hctx, salt, saltlen)
-+ || !HMAC_Update(hctx, itmp, 4)
-+ || !HMAC_Final(hctx, digtmp, NULL))
-+ goto err;
-+ memcpy(p, digtmp, cplen);
-+ for (j = 1; j < iter; j++) {
-+ if (!HMAC_CTX_copy(hctx, hctx_tpl))
-+ goto err;
-+ if (!HMAC_Update(hctx, digtmp, mdlen)
-+ || !HMAC_Final(hctx, digtmp, NULL))
-+ goto err;
-+ for (k = 0; k < cplen; k++)
-+ p[k] ^= digtmp[k];
-+ }
-+ tkeylen -= cplen;
-+ i++;
-+ p += cplen;
-+ }
-+ ret = 1;
-+
-+err:
-+ HMAC_CTX_free(hctx);
-+ HMAC_CTX_free(hctx_tpl);
-+ return ret;
-+}
-diff -up openssl-1.1.1b/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1b/crypto/kdf/scrypt.c
---- openssl-1.1.1b/crypto/kdf/scrypt.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/kdf/scrypt.c 2019-02-28 13:05:05.655521400 +0100
-@@ -8,25 +8,34 @@
- */
-
- #include <stdlib.h>
-+#include <stdarg.h>
- #include <string.h>
--#include <openssl/hmac.h>
--#include <openssl/kdf.h>
- #include <openssl/evp.h>
--#include "internal/cryptlib.h"
-+#include <openssl/kdf.h>
-+#include <openssl/err.h>
- #include "internal/evp_int.h"
-+#include "internal/numbers.h"
-+#include "kdf_local.h"
-
- #ifndef OPENSSL_NO_SCRYPT
-
-+static void kdf_scrypt_reset(EVP_KDF_IMPL *impl);
-+static void kdf_scrypt_init(EVP_KDF_IMPL *impl);
- static int atou64(const char *nptr, uint64_t *result);
-+static int scrypt_alg(const char *pass, size_t passlen,
-+ const unsigned char *salt, size_t saltlen,
-+ uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
-+ unsigned char *key, size_t keylen);
-
--typedef struct {
-+struct evp_kdf_impl_st {
- unsigned char *pass;
- size_t pass_len;
- unsigned char *salt;
- size_t salt_len;
-- uint64_t N, r, p;
-+ uint64_t N;
-+ uint32_t r, p;
- uint64_t maxmem_bytes;
--} SCRYPT_PKEY_CTX;
-+};
-
- /* Custom uint64_t parser since we do not have strtoull */
- static int atou64(const char *nptr, uint64_t *result)
-@@ -53,51 +62,53 @@ static int atou64(const char *nptr, uint
- return 1;
- }
-
--static int pkey_scrypt_init(EVP_PKEY_CTX *ctx)
-+static EVP_KDF_IMPL *kdf_scrypt_new(void)
- {
-- SCRYPT_PKEY_CTX *kctx;
-+ EVP_KDF_IMPL *impl;
-
-- kctx = OPENSSL_zalloc(sizeof(*kctx));
-- if (kctx == NULL) {
-- KDFerr(KDF_F_PKEY_SCRYPT_INIT, ERR_R_MALLOC_FAILURE);
-- return 0;
-+ impl = OPENSSL_zalloc(sizeof(*impl));
-+ if (impl == NULL) {
-+ KDFerr(KDF_F_KDF_SCRYPT_NEW, ERR_R_MALLOC_FAILURE);
-+ return NULL;
- }
-+ kdf_scrypt_init(impl);
-+ return impl;
-+}
-
-- /* Default values are the most conservative recommendation given in the
-- * original paper of C. Percival. Derivation uses roughly 1 GiB of memory
-- * for this parameter choice (approx. 128 * r * (N + p) bytes).
-- */
-- kctx->N = 1 << 20;
-- kctx->r = 8;
-- kctx->p = 1;
-- kctx->maxmem_bytes = 1025 * 1024 * 1024;
--
-- ctx->data = kctx;
--
-- return 1;
-+static void kdf_scrypt_free(EVP_KDF_IMPL *impl)
-+{
-+ kdf_scrypt_reset(impl);
-+ OPENSSL_free(impl);
- }
-
--static void pkey_scrypt_cleanup(EVP_PKEY_CTX *ctx)
-+static void kdf_scrypt_reset(EVP_KDF_IMPL *impl)
- {
-- SCRYPT_PKEY_CTX *kctx = ctx->data;
-+ OPENSSL_free(impl->salt);
-+ OPENSSL_clear_free(impl->pass, impl->pass_len);
-+ memset(impl, 0, sizeof(*impl));
-+ kdf_scrypt_init(impl);
-+}
-
-- OPENSSL_clear_free(kctx->salt, kctx->salt_len);
-- OPENSSL_clear_free(kctx->pass, kctx->pass_len);
-- OPENSSL_free(kctx);
-+static void kdf_scrypt_init(EVP_KDF_IMPL *impl)
-+{
-+ /* Default values are the most conservative recommendation given in the
-+ * original paper of C. Percival. Derivation uses roughly 1 GiB of memory
-+ * for this parameter choice (approx. 128 * r * N * p bytes).
-+ */
-+ impl->N = 1 << 20;
-+ impl->r = 8;
-+ impl->p = 1;
-+ impl->maxmem_bytes = 1025 * 1024 * 1024;
- }
-
--static int pkey_scrypt_set_membuf(unsigned char **buffer, size_t *buflen,
-- const unsigned char *new_buffer,
-- const int new_buflen)
-+static int scrypt_set_membuf(unsigned char **buffer, size_t *buflen,
-+ const unsigned char *new_buffer,
-+ size_t new_buflen)
- {
- if (new_buffer == NULL)
- return 1;
-
-- if (new_buflen < 0)
-- return 0;
--
-- if (*buffer != NULL)
-- OPENSSL_clear_free(*buffer, *buflen);
-+ OPENSSL_clear_free(*buffer, *buflen);
-
- if (new_buflen > 0) {
- *buffer = OPENSSL_memdup(new_buffer, new_buflen);
-@@ -105,7 +116,7 @@ static int pkey_scrypt_set_membuf(unsign
- *buffer = OPENSSL_malloc(1);
- }
- if (*buffer == NULL) {
-- KDFerr(KDF_F_PKEY_SCRYPT_SET_MEMBUF, ERR_R_MALLOC_FAILURE);
-+ KDFerr(KDF_F_SCRYPT_SET_MEMBUF, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
-@@ -118,149 +129,378 @@ static int is_power_of_two(uint64_t valu
- return (value != 0) && ((value & (value - 1)) == 0);
- }
-
--static int pkey_scrypt_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-+static int kdf_scrypt_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args)
- {
-- SCRYPT_PKEY_CTX *kctx = ctx->data;
- uint64_t u64_value;
-+ uint32_t value;
-+ const unsigned char *p;
-+ size_t len;
-+
-+ switch (cmd) {
-+ case EVP_KDF_CTRL_SET_PASS:
-+ p = va_arg(args, const unsigned char *);
-+ len = va_arg(args, size_t);
-+ return scrypt_set_membuf(&impl->pass, &impl->pass_len, p, len);
-+
-+ case EVP_KDF_CTRL_SET_SALT:
-+ p = va_arg(args, const unsigned char *);
-+ len = va_arg(args, size_t);
-+ return scrypt_set_membuf(&impl->salt, &impl->salt_len, p, len);
-
-- switch (type) {
-- case EVP_PKEY_CTRL_PASS:
-- return pkey_scrypt_set_membuf(&kctx->pass, &kctx->pass_len, p2, p1);
--
-- case EVP_PKEY_CTRL_SCRYPT_SALT:
-- return pkey_scrypt_set_membuf(&kctx->salt, &kctx->salt_len, p2, p1);
--
-- case EVP_PKEY_CTRL_SCRYPT_N:
-- u64_value = *((uint64_t *)p2);
-+ case EVP_KDF_CTRL_SET_SCRYPT_N:
-+ u64_value = va_arg(args, uint64_t);
- if ((u64_value <= 1) || !is_power_of_two(u64_value))
- return 0;
-- kctx->N = u64_value;
-+
-+ impl->N = u64_value;
- return 1;
-
-- case EVP_PKEY_CTRL_SCRYPT_R:
-- u64_value = *((uint64_t *)p2);
-- if (u64_value < 1)
-+ case EVP_KDF_CTRL_SET_SCRYPT_R:
-+ value = va_arg(args, uint32_t);
-+ if (value < 1)
- return 0;
-- kctx->r = u64_value;
-+
-+ impl->r = value;
- return 1;
-
-- case EVP_PKEY_CTRL_SCRYPT_P:
-- u64_value = *((uint64_t *)p2);
-- if (u64_value < 1)
-+ case EVP_KDF_CTRL_SET_SCRYPT_P:
-+ value = va_arg(args, uint32_t);
-+ if (value < 1)
- return 0;
-- kctx->p = u64_value;
-+
-+ impl->p = value;
- return 1;
-
-- case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES:
-- u64_value = *((uint64_t *)p2);
-+ case EVP_KDF_CTRL_SET_MAXMEM_BYTES:
-+ u64_value = va_arg(args, uint64_t);
- if (u64_value < 1)
- return 0;
-- kctx->maxmem_bytes = u64_value;
-+
-+ impl->maxmem_bytes = u64_value;
- return 1;
-
- default:
- return -2;
-+ }
-+}
-
-+static int kdf_scrypt_ctrl_uint32(EVP_KDF_IMPL *impl, int cmd,
-+ const char *value)
-+{
-+ int int_value = atoi(value);
-+
-+ if (int_value < 0 || (uint64_t)int_value > UINT32_MAX) {
-+ KDFerr(KDF_F_KDF_SCRYPT_CTRL_UINT32, KDF_R_VALUE_ERROR);
-+ return 0;
- }
-+ return call_ctrl(kdf_scrypt_ctrl, impl, cmd, (uint32_t)int_value);
- }
-
--static int pkey_scrypt_ctrl_uint64(EVP_PKEY_CTX *ctx, int type,
-- const char *value)
-+static int kdf_scrypt_ctrl_uint64(EVP_KDF_IMPL *impl, int cmd,
-+ const char *value)
- {
-- uint64_t int_value;
-+ uint64_t u64_value;
-
-- if (!atou64(value, &int_value)) {
-- KDFerr(KDF_F_PKEY_SCRYPT_CTRL_UINT64, KDF_R_VALUE_ERROR);
-+ if (!atou64(value, &u64_value)) {
-+ KDFerr(KDF_F_KDF_SCRYPT_CTRL_UINT64, KDF_R_VALUE_ERROR);
- return 0;
- }
-- return pkey_scrypt_ctrl(ctx, type, 0, &int_value);
-+ return call_ctrl(kdf_scrypt_ctrl, impl, cmd, u64_value);
- }
-
--static int pkey_scrypt_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
-- const char *value)
-+static int kdf_scrypt_ctrl_str(EVP_KDF_IMPL *impl, const char *type,
-+ const char *value)
- {
- if (value == NULL) {
-- KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_VALUE_MISSING);
-+ KDFerr(KDF_F_KDF_SCRYPT_CTRL_STR, KDF_R_VALUE_MISSING);
- return 0;
- }
-
- if (strcmp(type, "pass") == 0)
-- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_PASS, value);
-+ return kdf_str2ctrl(impl, kdf_scrypt_ctrl, EVP_KDF_CTRL_SET_PASS,
-+ value);
-
- if (strcmp(type, "hexpass") == 0)
-- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_PASS, value);
-+ return kdf_hex2ctrl(impl, kdf_scrypt_ctrl, EVP_KDF_CTRL_SET_PASS,
-+ value);
-
- if (strcmp(type, "salt") == 0)
-- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value);
-+ return kdf_str2ctrl(impl, kdf_scrypt_ctrl, EVP_KDF_CTRL_SET_SALT,
-+ value);
-
- if (strcmp(type, "hexsalt") == 0)
-- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value);
-+ return kdf_hex2ctrl(impl, kdf_scrypt_ctrl, EVP_KDF_CTRL_SET_SALT,
-+ value);
-
- if (strcmp(type, "N") == 0)
-- return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_N, value);
-+ return kdf_scrypt_ctrl_uint64(impl, EVP_KDF_CTRL_SET_SCRYPT_N, value);
-
- if (strcmp(type, "r") == 0)
-- return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_R, value);
-+ return kdf_scrypt_ctrl_uint32(impl, EVP_KDF_CTRL_SET_SCRYPT_R, value);
-
- if (strcmp(type, "p") == 0)
-- return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_P, value);
-+ return kdf_scrypt_ctrl_uint32(impl, EVP_KDF_CTRL_SET_SCRYPT_P, value);
-
- if (strcmp(type, "maxmem_bytes") == 0)
-- return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES,
-- value);
-+ return kdf_scrypt_ctrl_uint64(impl, EVP_KDF_CTRL_SET_MAXMEM_BYTES,
-+ value);
-
-- KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
- return -2;
- }
-
--static int pkey_scrypt_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
-- size_t *keylen)
-+static int kdf_scrypt_derive(EVP_KDF_IMPL *impl, unsigned char *key,
-+ size_t keylen)
- {
-- SCRYPT_PKEY_CTX *kctx = ctx->data;
--
-- if (kctx->pass == NULL) {
-- KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_PASS);
-+ if (impl->pass == NULL) {
-+ KDFerr(KDF_F_KDF_SCRYPT_DERIVE, KDF_R_MISSING_PASS);
- return 0;
- }
-
-- if (kctx->salt == NULL) {
-- KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_SALT);
-+ if (impl->salt == NULL) {
-+ KDFerr(KDF_F_KDF_SCRYPT_DERIVE, KDF_R_MISSING_SALT);
- return 0;
- }
-
-- return EVP_PBE_scrypt((char *)kctx->pass, kctx->pass_len, kctx->salt,
-- kctx->salt_len, kctx->N, kctx->r, kctx->p,
-- kctx->maxmem_bytes, key, *keylen);
-+ return scrypt_alg((char *)impl->pass, impl->pass_len, impl->salt,
-+ impl->salt_len, impl->N, impl->r, impl->p,
-+ impl->maxmem_bytes, key, keylen);
- }
-
--const EVP_PKEY_METHOD scrypt_pkey_meth = {
-- EVP_PKEY_SCRYPT,
-- 0,
-- pkey_scrypt_init,
-- 0,
-- pkey_scrypt_cleanup,
-+const EVP_KDF_METHOD scrypt_kdf_meth = {
-+ EVP_KDF_SCRYPT,
-+ kdf_scrypt_new,
-+ kdf_scrypt_free,
-+ kdf_scrypt_reset,
-+ kdf_scrypt_ctrl,
-+ kdf_scrypt_ctrl_str,
-+ NULL,
-+ kdf_scrypt_derive
-+};
-
-- 0, 0,
-- 0, 0,
-+#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
-+static void salsa208_word_specification(uint32_t inout[16])
-+{
-+ int i;
-+ uint32_t x[16];
-
-- 0,
-- 0,
-+ memcpy(x, inout, sizeof(x));
-+ for (i = 8; i > 0; i -= 2) {
-+ x[4] ^= R(x[0] + x[12], 7);
-+ x[8] ^= R(x[4] + x[0], 9);
-+ x[12] ^= R(x[8] + x[4], 13);
-+ x[0] ^= R(x[12] + x[8], 18);
-+ x[9] ^= R(x[5] + x[1], 7);
-+ x[13] ^= R(x[9] + x[5], 9);
-+ x[1] ^= R(x[13] + x[9], 13);
-+ x[5] ^= R(x[1] + x[13], 18);
-+ x[14] ^= R(x[10] + x[6], 7);
-+ x[2] ^= R(x[14] + x[10], 9);
-+ x[6] ^= R(x[2] + x[14], 13);
-+ x[10] ^= R(x[6] + x[2], 18);
-+ x[3] ^= R(x[15] + x[11], 7);
-+ x[7] ^= R(x[3] + x[15], 9);
-+ x[11] ^= R(x[7] + x[3], 13);
-+ x[15] ^= R(x[11] + x[7], 18);
-+ x[1] ^= R(x[0] + x[3], 7);
-+ x[2] ^= R(x[1] + x[0], 9);
-+ x[3] ^= R(x[2] + x[1], 13);
-+ x[0] ^= R(x[3] + x[2], 18);
-+ x[6] ^= R(x[5] + x[4], 7);
-+ x[7] ^= R(x[6] + x[5], 9);
-+ x[4] ^= R(x[7] + x[6], 13);
-+ x[5] ^= R(x[4] + x[7], 18);
-+ x[11] ^= R(x[10] + x[9], 7);
-+ x[8] ^= R(x[11] + x[10], 9);
-+ x[9] ^= R(x[8] + x[11], 13);
-+ x[10] ^= R(x[9] + x[8], 18);
-+ x[12] ^= R(x[15] + x[14], 7);
-+ x[13] ^= R(x[12] + x[15], 9);
-+ x[14] ^= R(x[13] + x[12], 13);
-+ x[15] ^= R(x[14] + x[13], 18);
-+ }
-+ for (i = 0; i < 16; ++i)
-+ inout[i] += x[i];
-+ OPENSSL_cleanse(x, sizeof(x));
-+}
-
-- 0,
-- 0,
-+static void scryptBlockMix(uint32_t *B_, uint32_t *B, uint64_t r)
-+{
-+ uint64_t i, j;
-+ uint32_t X[16], *pB;
-
-- 0, 0,
-+ memcpy(X, B + (r * 2 - 1) * 16, sizeof(X));
-+ pB = B;
-+ for (i = 0; i < r * 2; i++) {
-+ for (j = 0; j < 16; j++)
-+ X[j] ^= *pB++;
-+ salsa208_word_specification(X);
-+ memcpy(B_ + (i / 2 + (i & 1) * r) * 16, X, sizeof(X));
-+ }
-+ OPENSSL_cleanse(X, sizeof(X));
-+}
-
-- 0, 0, 0, 0,
-+static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N,
-+ uint32_t *X, uint32_t *T, uint32_t *V)
-+{
-+ unsigned char *pB;
-+ uint32_t *pV;
-+ uint64_t i, k;
-+
-+ /* Convert from little endian input */
-+ for (pV = V, i = 0, pB = B; i < 32 * r; i++, pV++) {
-+ *pV = *pB++;
-+ *pV |= *pB++ << 8;
-+ *pV |= *pB++ << 16;
-+ *pV |= (uint32_t)*pB++ << 24;
-+ }
-
-- 0, 0,
-+ for (i = 1; i < N; i++, pV += 32 * r)
-+ scryptBlockMix(pV, pV - 32 * r, r);
-
-- 0, 0,
-+ scryptBlockMix(X, V + (N - 1) * 32 * r, r);
-
-- 0,
-- pkey_scrypt_derive,
-- pkey_scrypt_ctrl,
-- pkey_scrypt_ctrl_str
--};
-+ for (i = 0; i < N; i++) {
-+ uint32_t j;
-+ j = X[16 * (2 * r - 1)] % N;
-+ pV = V + 32 * r * j;
-+ for (k = 0; k < 32 * r; k++)
-+ T[k] = X[k] ^ *pV++;
-+ scryptBlockMix(X, T, r);
-+ }
-+ /* Convert output to little endian */
-+ for (i = 0, pB = B; i < 32 * r; i++) {
-+ uint32_t xtmp = X[i];
-+ *pB++ = xtmp & 0xff;
-+ *pB++ = (xtmp >> 8) & 0xff;
-+ *pB++ = (xtmp >> 16) & 0xff;
-+ *pB++ = (xtmp >> 24) & 0xff;
-+ }
-+}
-+
-+#ifndef SIZE_MAX
-+# define SIZE_MAX ((size_t)-1)
-+#endif
-+
-+/*
-+ * Maximum power of two that will fit in uint64_t: this should work on
-+ * most (all?) platforms.
-+ */
-+
-+#define LOG2_UINT64_MAX (sizeof(uint64_t) * 8 - 1)
-+
-+/*
-+ * Maximum value of p * r:
-+ * p <= ((2^32-1) * hLen) / MFLen =>
-+ * p <= ((2^32-1) * 32) / (128 * r) =>
-+ * p * r <= (2^30-1)
-+ */
-+
-+#define SCRYPT_PR_MAX ((1 << 30) - 1)
-+
-+static int scrypt_alg(const char *pass, size_t passlen,
-+ const unsigned char *salt, size_t saltlen,
-+ uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
-+ unsigned char *key, size_t keylen)
-+{
-+ int rv = 0;
-+ unsigned char *B;
-+ uint32_t *X, *V, *T;
-+ uint64_t i, Blen, Vlen;
-+
-+ /* Sanity check parameters */
-+ /* initial check, r,p must be non zero, N >= 2 and a power of 2 */
-+ if (r == 0 || p == 0 || N < 2 || (N & (N - 1)))
-+ return 0;
-+ /* Check p * r < SCRYPT_PR_MAX avoiding overflow */
-+ if (p > SCRYPT_PR_MAX / r) {
-+ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED);
-+ return 0;
-+ }
-+
-+ /*
-+ * Need to check N: if 2^(128 * r / 8) overflows limit this is
-+ * automatically satisfied since N <= UINT64_MAX.
-+ */
-+
-+ if (16 * r <= LOG2_UINT64_MAX) {
-+ if (N >= (((uint64_t)1) << (16 * r))) {
-+ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED);
-+ return 0;
-+ }
-+ }
-+
-+ /* Memory checks: check total allocated buffer size fits in uint64_t */
-+
-+ /*
-+ * B size in section 5 step 1.S
-+ * Note: we know p * 128 * r < UINT64_MAX because we already checked
-+ * p * r < SCRYPT_PR_MAX
-+ */
-+ Blen = p * 128 * r;
-+ /*
-+ * Yet we pass it as integer to PKCS5_PBKDF2_HMAC... [This would
-+ * have to be revised when/if PKCS5_PBKDF2_HMAC accepts size_t.]
-+ */
-+ if (Blen > INT_MAX) {
-+ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED);
-+ return 0;
-+ }
-+
-+ /*
-+ * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in uint64_t
-+ * This is combined size V, X and T (section 4)
-+ */
-+ i = UINT64_MAX / (32 * sizeof(uint32_t));
-+ if (N + 2 > i / r) {
-+ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED);
-+ return 0;
-+ }
-+ Vlen = 32 * r * (N + 2) * sizeof(uint32_t);
-+
-+ /* check total allocated size fits in uint64_t */
-+ if (Blen > UINT64_MAX - Vlen) {
-+ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED);
-+ return 0;
-+ }
-+
-+ /* Check that the maximum memory doesn't exceed a size_t limits */
-+ if (maxmem > SIZE_MAX)
-+ maxmem = SIZE_MAX;
-+
-+ if (Blen + Vlen > maxmem) {
-+ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED);
-+ return 0;
-+ }
-+
-+ /* If no key return to indicate parameters are OK */
-+ if (key == NULL)
-+ return 1;
-+
-+ B = OPENSSL_malloc((size_t)(Blen + Vlen));
-+ if (B == NULL) {
-+ EVPerr(EVP_F_SCRYPT_ALG, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-+ X = (uint32_t *)(B + Blen);
-+ T = X + 32 * r;
-+ V = T + 32 * r;
-+ if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(),
-+ (int)Blen, B) == 0)
-+ goto err;
-+
-+ for (i = 0; i < p; i++)
-+ scryptROMix(B + 128 * r * i, r, N, X, T, V);
-+
-+ if (PKCS5_PBKDF2_HMAC(pass, passlen, B, (int)Blen, 1, EVP_sha256(),
-+ keylen, key) == 0)
-+ goto err;
-+ rv = 1;
-+ err:
-+ if (rv == 0)
-+ EVPerr(EVP_F_SCRYPT_ALG, EVP_R_PBKDF2_ERROR);
-+
-+ OPENSSL_clear_free(B, (size_t)(Blen + Vlen));
-+ return rv;
-+}
-
- #endif
-diff -up openssl-1.1.1b/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1b/crypto/kdf/tls1_prf.c
---- openssl-1.1.1b/crypto/kdf/tls1_prf.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/kdf/tls1_prf.c 2019-02-28 13:05:05.655521400 +0100
-@@ -8,11 +8,15 @@
- */
-
- #include <stdio.h>
-+#include <stdarg.h>
-+#include <string.h>
- #include "internal/cryptlib.h"
--#include <openssl/kdf.h>
- #include <openssl/evp.h>
-+#include <openssl/kdf.h>
- #include "internal/evp_int.h"
-+#include "kdf_local.h"
-
-+static void kdf_tls1_prf_reset(EVP_KDF_IMPL *impl);
- static int tls1_prf_alg(const EVP_MD *md,
- const unsigned char *sec, size_t slen,
- const unsigned char *seed, size_t seed_len,
-@@ -20,9 +24,9 @@ static int tls1_prf_alg(const EVP_MD *md
-
- #define TLS1_PRF_MAXBUF 1024
-
--/* TLS KDF pkey context structure */
-+/* TLS KDF kdf context structure */
-
--typedef struct {
-+struct evp_kdf_impl_st {
- /* Digest to use for PRF */
- const EVP_MD *md;
- /* Secret value to use for PRF */
-@@ -31,145 +35,137 @@ typedef struct {
- /* Buffer of concatenated seed data */
- unsigned char seed[TLS1_PRF_MAXBUF];
- size_t seedlen;
--} TLS1_PRF_PKEY_CTX;
-+};
-
--static int pkey_tls1_prf_init(EVP_PKEY_CTX *ctx)
-+static EVP_KDF_IMPL *kdf_tls1_prf_new(void)
- {
-- TLS1_PRF_PKEY_CTX *kctx;
-+ EVP_KDF_IMPL *impl;
-
-- if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) {
-- KDFerr(KDF_F_PKEY_TLS1_PRF_INIT, ERR_R_MALLOC_FAILURE);
-- return 0;
-- }
-- ctx->data = kctx;
-+ if ((impl = OPENSSL_zalloc(sizeof(*impl))) == NULL)
-+ KDFerr(KDF_F_KDF_TLS1_PRF_NEW, ERR_R_MALLOC_FAILURE);
-+ return impl;
-+}
-
-- return 1;
-+static void kdf_tls1_prf_free(EVP_KDF_IMPL *impl)
-+{
-+ kdf_tls1_prf_reset(impl);
-+ OPENSSL_free(impl);
- }
-
--static void pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
-+static void kdf_tls1_prf_reset(EVP_KDF_IMPL *impl)
- {
-- TLS1_PRF_PKEY_CTX *kctx = ctx->data;
-- OPENSSL_clear_free(kctx->sec, kctx->seclen);
-- OPENSSL_cleanse(kctx->seed, kctx->seedlen);
-- OPENSSL_free(kctx);
-+ OPENSSL_clear_free(impl->sec, impl->seclen);
-+ OPENSSL_cleanse(impl->seed, impl->seedlen);
-+ memset(impl, 0, sizeof(*impl));
- }
-
--static int pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-+static int kdf_tls1_prf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args)
- {
-- TLS1_PRF_PKEY_CTX *kctx = ctx->data;
-- switch (type) {
-- case EVP_PKEY_CTRL_TLS_MD:
-- kctx->md = p2;
-- return 1;
-+ const unsigned char *p;
-+ size_t len;
-+ const EVP_MD *md;
-
-- case EVP_PKEY_CTRL_TLS_SECRET:
-- if (p1 < 0)
-+ switch (cmd) {
-+ case EVP_KDF_CTRL_SET_MD:
-+ md = va_arg(args, const EVP_MD *);
-+ if (md == NULL)
- return 0;
-- if (kctx->sec != NULL)
-- OPENSSL_clear_free(kctx->sec, kctx->seclen);
-- OPENSSL_cleanse(kctx->seed, kctx->seedlen);
-- kctx->seedlen = 0;
-- kctx->sec = OPENSSL_memdup(p2, p1);
-- if (kctx->sec == NULL)
-+
-+ impl->md = md;
-+ return 1;
-+
-+ case EVP_KDF_CTRL_SET_TLS_SECRET:
-+ p = va_arg(args, const unsigned char *);
-+ len = va_arg(args, size_t);
-+ OPENSSL_clear_free(impl->sec, impl->seclen);
-+ impl->sec = OPENSSL_memdup(p, len);
-+ if (impl->sec == NULL)
- return 0;
-- kctx->seclen = p1;
-+
-+ impl->seclen = len;
- return 1;
-
-- case EVP_PKEY_CTRL_TLS_SEED:
-- if (p1 == 0 || p2 == NULL)
-+ case EVP_KDF_CTRL_RESET_TLS_SEED:
-+ OPENSSL_cleanse(impl->seed, impl->seedlen);
-+ impl->seedlen = 0;
-+ return 1;
-+
-+ case EVP_KDF_CTRL_ADD_TLS_SEED:
-+ p = va_arg(args, const unsigned char *);
-+ len = va_arg(args, size_t);
-+ if (len == 0 || p == NULL)
- return 1;
-- if (p1 < 0 || p1 > (int)(TLS1_PRF_MAXBUF - kctx->seedlen))
-+
-+ if (len > (TLS1_PRF_MAXBUF - impl->seedlen))
- return 0;
-- memcpy(kctx->seed + kctx->seedlen, p2, p1);
-- kctx->seedlen += p1;
-+
-+ memcpy(impl->seed + impl->seedlen, p, len);
-+ impl->seedlen += len;
- return 1;
-
- default:
- return -2;
--
- }
- }
-
--static int pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx,
-- const char *type, const char *value)
-+static int kdf_tls1_prf_ctrl_str(EVP_KDF_IMPL *impl,
-+ const char *type, const char *value)
- {
- if (value == NULL) {
-- KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_VALUE_MISSING);
-+ KDFerr(KDF_F_KDF_TLS1_PRF_CTRL_STR, KDF_R_VALUE_MISSING);
- return 0;
- }
-- if (strcmp(type, "md") == 0) {
-- TLS1_PRF_PKEY_CTX *kctx = ctx->data;
-+ if (strcmp(type, "digest") == 0)
-+ return kdf_md2ctrl(impl, kdf_tls1_prf_ctrl, EVP_KDF_CTRL_SET_MD, value);
-
-- const EVP_MD *md = EVP_get_digestbyname(value);
-- if (md == NULL) {
-- KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_INVALID_DIGEST);
-- return 0;
-- }
-- kctx->md = md;
-- return 1;
-- }
- if (strcmp(type, "secret") == 0)
-- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
-+ return kdf_str2ctrl(impl, kdf_tls1_prf_ctrl,
-+ EVP_KDF_CTRL_SET_TLS_SECRET, value);
-+
- if (strcmp(type, "hexsecret") == 0)
-- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
-+ return kdf_hex2ctrl(impl, kdf_tls1_prf_ctrl,
-+ EVP_KDF_CTRL_SET_TLS_SECRET, value);
-+
- if (strcmp(type, "seed") == 0)
-- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
-+ return kdf_str2ctrl(impl, kdf_tls1_prf_ctrl, EVP_KDF_CTRL_ADD_TLS_SEED,
-+ value);
-+
- if (strcmp(type, "hexseed") == 0)
-- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
-+ return kdf_hex2ctrl(impl, kdf_tls1_prf_ctrl, EVP_KDF_CTRL_ADD_TLS_SEED,
-+ value);
-
-- KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
- return -2;
- }
-
--static int pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
-- size_t *keylen)
-+static int kdf_tls1_prf_derive(EVP_KDF_IMPL *impl, unsigned char *key,
-+ size_t keylen)
- {
-- TLS1_PRF_PKEY_CTX *kctx = ctx->data;
-- if (kctx->md == NULL) {
-- KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
-+ if (impl->md == NULL) {
-+ KDFerr(KDF_F_KDF_TLS1_PRF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
- return 0;
- }
-- if (kctx->sec == NULL) {
-- KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SECRET);
-+ if (impl->sec == NULL) {
-+ KDFerr(KDF_F_KDF_TLS1_PRF_DERIVE, KDF_R_MISSING_SECRET);
- return 0;
- }
-- if (kctx->seedlen == 0) {
-- KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SEED);
-+ if (impl->seedlen == 0) {
-+ KDFerr(KDF_F_KDF_TLS1_PRF_DERIVE, KDF_R_MISSING_SEED);
- return 0;
- }
-- return tls1_prf_alg(kctx->md, kctx->sec, kctx->seclen,
-- kctx->seed, kctx->seedlen,
-- key, *keylen);
-+ return tls1_prf_alg(impl->md, impl->sec, impl->seclen,
-+ impl->seed, impl->seedlen,
-+ key, keylen);
- }
-
--const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
-- EVP_PKEY_TLS1_PRF,
-- 0,
-- pkey_tls1_prf_init,
-- 0,
-- pkey_tls1_prf_cleanup,
--
-- 0, 0,
-- 0, 0,
--
-- 0,
-- 0,
--
-- 0,
-- 0,
--
-- 0, 0,
--
-- 0, 0, 0, 0,
--
-- 0, 0,
--
-- 0, 0,
--
-- 0,
-- pkey_tls1_prf_derive,
-- pkey_tls1_prf_ctrl,
-- pkey_tls1_prf_ctrl_str
-+const EVP_KDF_METHOD tls1_prf_kdf_meth = {
-+ EVP_KDF_TLS1_PRF,
-+ kdf_tls1_prf_new,
-+ kdf_tls1_prf_free,
-+ kdf_tls1_prf_reset,
-+ kdf_tls1_prf_ctrl,
-+ kdf_tls1_prf_ctrl_str,
-+ NULL,
-+ kdf_tls1_prf_derive
- };
-
- static int tls1_prf_P_hash(const EVP_MD *md,
-@@ -249,12 +245,11 @@ static int tls1_prf_alg(const EVP_MD *md
- const unsigned char *seed, size_t seed_len,
- unsigned char *out, size_t olen)
- {
--
- if (EVP_MD_type(md) == NID_md5_sha1) {
- size_t i;
- unsigned char *tmp;
- if (!tls1_prf_P_hash(EVP_md5(), sec, slen/2 + (slen & 1),
-- seed, seed_len, out, olen))
-+ seed, seed_len, out, olen))
- return 0;
-
- if ((tmp = OPENSSL_malloc(olen)) == NULL) {
-@@ -262,7 +257,7 @@ static int tls1_prf_alg(const EVP_MD *md
- return 0;
- }
- if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2, slen/2 + (slen & 1),
-- seed, seed_len, tmp, olen)) {
-+ seed, seed_len, tmp, olen)) {
- OPENSSL_clear_free(tmp, olen);
- return 0;
- }
-diff -up openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod
---- openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100
-+++ openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod 2019-02-28 13:05:05.655521400 +0100
-@@ -0,0 +1,217 @@
-+=pod
-+
-+=head1 NAME
-+
-+EVP_KDF_CTX, EVP_KDF_CTX_new_id, EVP_KDF_CTX_free, EVP_KDF_reset,
-+EVP_KDF_ctrl, EVP_KDF_vctrl, EVP_KDF_ctrl_str, EVP_KDF_size,
-+EVP_KDF_derive - EVP KDF routines
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/kdf.h>
-+
-+ typedef struct evp_kdf_ctx_st EVP_KDF_CTX;
-+
-+ EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id);
-+ void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx);
-+ void EVP_KDF_reset(EVP_KDF_CTX *ctx);
-+ int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...);
-+ int EVP_KDF_vctrl(EVP_KDF_CTX *ctx, int cmd, va_list args);
-+ int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value);
-+ size_t EVP_KDF_size(EVP_KDF_CTX *ctx);
-+ int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen);
-+
-+=head1 DESCRIPTION
-+
-+The EVP KDF routines are a high level interface to Key Derivation Function
-+algorithms and should be used instead of algorithm-specific functions.
-+
-+After creating a C<EVP_KDF_CTX> for the required algorithm using
-+EVP_KDF_CTX_new_id(), inputs to the algorithm are supplied using calls to
-+EVP_KDF_ctrl(), EVP_KDF_vctrl() or EVP_KDF_ctrl_str() before calling
-+EVP_KDF_derive() to derive the key.
-+
-+=head2 Types
-+
-+B<EVP_KDF_CTX> is a context type that holds the algorithm inputs.
-+
-+=head2 Context manipulation functions
-+
-+EVP_KDF_CTX_new_id() creates a KDF context for the algorithm identified by the
-+specified NID.
-+
-+EVP_KDF_CTX_free() frees up the context C<ctx>. If C<ctx> is C<NULL>, nothing
-+is done.
-+
-+=head2 Computing functions
-+
-+EVP_KDF_reset() resets the context to the default state as if the context
-+had just been created.
-+
-+EVP_KDF_ctrl() is used to provide inputs to the KDF algorithm prior to
-+EVP_KDF_derive() being called. The inputs that may be provided will vary
-+depending on the KDF algorithm or its implementation. This functions takes
-+variable arguments, the exact expected arguments depend on C<cmd>.
-+See L</CONTROLS> below for a description of standard controls.
-+
-+EVP_KDF_vctrl() is the variant of EVP_KDF_ctrl() that takes a C<va_list>
-+argument instead of variadic arguments.
-+
-+EVP_KDF_ctrl_str() allows an application to send an algorithm specific control
-+operation to a context C<ctx> in string form. This is intended to be used for
-+options specified on the command line or in text files.
-+
-+EVP_KDF_size() returns the output size if the algorithm produces a fixed amount
-+of output and C<SIZE_MAX> otherwise. If an error occurs then 0 is returned.
-+For some algorithms an error may result if input parameters necessary to
-+calculate a fixed output size have not yet been supplied.
-+
-+EVP_KDF_derive() derives C<keylen> bytes of key material and places it in the
-+C<key> buffer. If the algorithm produces a fixed amount of output then an
-+error will occur unless the C<keylen> parameter is equal to that output size,
-+as returned by EVP_KDF_size().
-+
-+=head1 CONTROLS
-+
-+The standard controls are:
-+
-+=over 4
-+
-+=item B<EVP_KDF_CTRL_SET_PASS>
-+
-+This control expects two arguments: C<unsigned char *pass>, C<size_t passlen>
-+
-+Some KDF implementations require a password. For those KDF implementations
-+that support it, this control sets the password.
-+
-+EVP_KDF_ctrl_str() takes two type strings for this control:
-+
-+=over 4
-+
-+=item "pass"
-+
-+The value string is used as is.
-+
-+=item "hexpass"
-+
-+The value string is expected to be a hexadecimal number, which will be
-+decoded before being passed on as the control value.
-+
-+=back
-+
-+=item B<EVP_KDF_CTRL_SET_SALT>
-+
-+This control expects two arguments: C<unsigned char *salt>, C<size_t saltlen>
-+
-+Some KDF implementations can take a salt. For those KDF implementations that
-+support it, this control sets the salt.
-+
-+The default value, if any, is implementation dependent.
-+
-+EVP_KDF_ctrl_str() takes two type strings for this control:
-+
-+=over 4
-+
-+=item "salt"
-+
-+The value string is used as is.
-+
-+=item "hexsalt"
-+
-+The value string is expected to be a hexadecimal number, which will be
-+decoded before being passed on as the control value.
-+
-+=back
-+
-+=item B<EVP_KDF_CTRL_SET_ITER>
-+
-+This control expects one argument: C<int iter>
-+
-+Some KDF implementations require an iteration count. For those KDF implementations that support it, this control sets the iteration count.
-+
-+The default value, if any, is implementation dependent.
-+
-+EVP_KDF_ctrl_str() type string: "iter"
-+
-+The value string is expected to be a decimal number.
-+
-+=item B<EVP_KDF_CTRL_SET_MD>
-+
-+This control expects one argument: C<EVP_MD *md>
-+
-+For MAC implementations that use a message digest as an underlying computation
-+algorithm, this control set what the digest algorithm should be.
-+
-+EVP_KDF_ctrl_str() type string: "md"
-+
-+The value string is expected to be the name of a digest.
-+
-+=item B<EVP_KDF_CTRL_SET_KEY>
-+
-+This control expects two arguments: C<unsigned char *key>, C<size_t keylen>
-+
-+Some KDF implementations require a key. For those KDF implementations that
-+support it, this control sets the key.
-+
-+EVP_KDF_ctrl_str() takes two type strings for this control:
-+
-+=over 4
-+
-+=item "key"
-+
-+The value string is used as is.
-+
-+=item "hexkey"
-+
-+The value string is expected to be a hexadecimal number, which will be
-+decoded before being passed on as the control value.
-+
-+=back
-+
-+=item B<EVP_KDF_CTRL_SET_MAXMEM_BYTES>
-+
-+This control expects one argument: C<uint64_t maxmem_bytes>
-+
-+Memory-hard password-based KDF algorithms, such as scrypt, use an amount of
-+memory that depends on the load factors provided as input. For those KDF
-+implementations that support it, this control sets an upper limit on the amount
-+of memory that may be consumed while performing a key derivation. If this
-+memory usage limit is exceeded because the load factors are chosen too high,
-+the key derivation will fail.
-+
-+The default value is implementation dependent.
-+
-+EVP_KDF_ctrl_str() type string: "maxmem_bytes"
-+
-+The value string is expected to be a decimal number.
-+
-+=back
-+
-+=head1 RETURN VALUES
-+
-+EVP_KDF_CTX_new_id() returns either the newly allocated C<EVP_KDF_CTX>
-+structure or C<NULL> if an error occurred.
-+
-+EVP_KDF_CTX_free() and EVP_KDF_reset() do not return a value.
-+
-+EVP_KDF_size() returns the output size. C<SIZE_MAX> is returned to indicate
-+that the algorithm produces a variable amount of output; 0 to indicate failure.
-+
-+The remaining functions return 1 for success and 0 or a negative value for
-+failure. In particular, a return value of -2 indicates the operation is not
-+supported by the KDF algorithm.
-+
-+=head1 SEE ALSO
-+
-+L<EVP_KDF_SCRYPT(7)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the Apache License 2.0 (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
-diff -up openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod
---- openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100
-+++ openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod 2019-02-28 13:05:05.656521382 +0100
-@@ -0,0 +1,180 @@
-+=pod
-+
-+=head1 NAME
-+
-+EVP_KDF_HKDF - The HKDF EVP_KDF implementation
-+
-+=head1 DESCRIPTION
-+
-+Support for computing the B<HKDF> KDF through the B<EVP_KDF> API.
-+
-+The EVP_KDF_HKDF algorithm implements the HKDF key derivation function.
-+HKDF follows the "extract-then-expand" paradigm, where the KDF logically
-+consists of two modules. The first stage takes the input keying material
-+and "extracts" from it a fixed-length pseudorandom key K. The second stage
-+"expands" the key K into several additional pseudorandom keys (the output
-+of the KDF).
-+
-+=head2 Numeric identity
-+
-+B<EVP_KDF_HKDF> is the numeric identity for this implementation; it
-+can be used with the EVP_KDF_CTX_new_id() function.
-+
-+=head2 Supported controls
-+
-+The supported controls are:
-+
-+=over 4
-+
-+=item B<EVP_KDF_CTRL_SET_SALT>
-+
-+=item B<EVP_KDF_CTRL_SET_MD>
-+
-+=item B<EVP_KDF_CTRL_SET_KEY>
-+
-+These controls work as described in L<EVP_KDF_CTX(3)/CONTROLS>.
-+
-+=item B<EVP_KDF_CTRL_RESET_HKDF_INFO>
-+
-+This control does not expect any arguments.
-+
-+Resets the context info buffer to zero length.
-+
-+=item B<EVP_KDF_CTRL_ADD_HKDF_INFO>
-+
-+This control expects two arguments: C<unsigned char *info>, C<size_t infolen>
-+
-+Sets the info value to the first B<infolen> bytes of the buffer B<info>. If a
-+value is already set, the contents of the buffer are appended to the existing
-+value.
-+
-+The total length of the context info buffer cannot exceed 1024 bytes;
-+this should be more than enough for any normal use of HKDF.
-+
-+EVP_KDF_ctrl_str() takes two type strings for this control:
-+
-+=over 4
-+
-+=item "info"
-+
-+The value string is used as is.
-+
-+=item "hexinfo"
-+
-+The value string is expected to be a hexadecimal number, which will be
-+decoded before being passed on as the control value.
-+
-+=back
-+
-+=item B<EVP_KDF_CTRL_SET_HKDF_MODE>
-+
-+This control expects one argument: C<int mode>
-+
-+Sets the mode for the HKDF operation. There are three modes that are currently
-+defined:
-+
-+=over 4
-+
-+=item EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND
-+
-+This is the default mode. Calling L<EVP_KDF_derive(3)> on an EVP_KDF_CTX set
-+up for HKDF will perform an extract followed by an expand operation in one go.
-+The derived key returned will be the result after the expand operation. The
-+intermediate fixed-length pseudorandom key K is not returned.
-+
-+In this mode the digest, key, salt and info values must be set before a key is
-+derived otherwise an error will occur.
-+
-+=item EVP_KDF_HKDF_MODE_EXTRACT_ONLY
-+
-+In this mode calling L<EVP_KDF_derive(3)> will just perform the extract
-+operation. The value returned will be the intermediate fixed-length pseudorandom
-+key K. The C<keylen> parameter must match the size of K, which can be looked
-+up by calling EVP_KDF_size() after setting the mode and digest.
-+
-+The digest, key and salt values must be set before a key is derived otherwise
-+an error will occur.
-+
-+=item EVP_KDF_HKDF_MODE_EXPAND_ONLY
-+
-+In this mode calling L<EVP_KDF_derive(3)> will just perform the expand
-+operation. The input key should be set to the intermediate fixed-length
-+pseudorandom key K returned from a previous extract operation.
-+
-+The digest, key and info values must be set before a key is derived otherwise
-+an error will occur.
-+
-+=back
-+
-+EVP_KDF_ctrl_str() type string: "mode"
-+
-+The value string is expected to be one of: "EXTRACT_AND_EXPAND", "EXTRACT_ONLY"
-+or "EXPAND_ONLY".
-+
-+=back
-+
-+=head1 NOTES
-+
-+A context for HKDF can be obtained by calling:
-+
-+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF);
-+
-+The output length of an HKDF expand operation is specified via the C<keylen>
-+parameter to the L<EVP_KDF_derive(3)> function. When using
-+EVP_KDF_HKDF_MODE_EXTRACT_ONLY the C<keylen> parameter must equal the size of
-+the intermediate fixed-length pseudorandom key otherwise an error will occur.
-+For that mode, the fixed output size can be looked up by calling EVP_KDF_size()
-+after setting the mode and digest on the C<EVP_KDF_CTX>.
-+
-+=head1 EXAMPLE
-+
-+This example derives 10 bytes using SHA-256 with the secret key "secret",
-+salt value "salt" and info value "label":
-+
-+ EVP_KDF_CTX *kctx;
-+ unsigned char out[10];
-+
-+ kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF);
-+
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
-+ error("EVP_KDF_CTRL_SET_MD");
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
-+ error("EVP_KDF_CTRL_SET_SALT");
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) {
-+ error("EVP_KDF_CTRL_SET_KEY");
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO, "label", (size_t)5) <= 0) {
-+ error("EVP_KDF_CTRL_ADD_HKDF_INFO");
-+ }
-+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
-+ error("EVP_KDF_derive");
-+ }
-+
-+ EVP_KDF_CTX_free(kctx);
-+
-+=head1 CONFORMING TO
-+
-+RFC 5869
-+
-+=head1 SEE ALSO
-+
-+L<EVP_KDF_CTX>,
-+L<EVP_KDF_CTX_new_id(3)>,
-+L<EVP_KDF_CTX_free(3)>,
-+L<EVP_KDF_ctrl(3)>,
-+L<EVP_KDF_size(3)>,
-+L<EVP_KDF_derive(3)>,
-+L<EVP_KDF_CTX(3)/CONTROLS>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the Apache License 2.0 (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
-diff -up openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod
---- openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100
-+++ openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod 2019-02-28 13:05:05.656521382 +0100
-@@ -0,0 +1,78 @@
-+=pod
-+
-+=head1 NAME
-+
-+EVP_KDF_PBKDF2 - The PBKDF2 EVP_KDF implementation
-+
-+=head1 DESCRIPTION
-+
-+Support for computing the B<PBKDF2> password-based KDF through the B<EVP_KDF>
-+API.
-+
-+The EVP_KDF_PBKDF2 algorithm implements the PBKDF2 password-based key
-+derivation function, as described in RFC 2898; it derives a key from a password
-+using a salt and iteration count.
-+
-+=head2 Numeric identity
-+
-+B<EVP_KDF_PBKDF2> is the numeric identity for this implementation; it
-+can be used with the EVP_KDF_CTX_new_id() function.
-+
-+=head2 Supported controls
-+
-+The supported controls are:
-+
-+=over 4
-+
-+=item B<EVP_KDF_CTRL_SET_PASS>
-+
-+=item B<EVP_KDF_CTRL_SET_SALT>
-+
-+=item B<EVP_KDF_CTRL_SET_ITER>
-+
-+=item B<EVP_KDF_CTRL_SET_MD>
-+
-+These controls work as described in L<EVP_KDF_CTX(3)/CONTROLS>.
-+
-+B<iter> is the iteration count and its value should be greater than or equal to
-+1. RFC 2898 suggests an iteration count of at least 1000. The default value is
-+2048. Any B<iter> less than 1 is treated as a single iteration.
-+
-+=back
-+
-+=head1 NOTES
-+
-+A typical application of this algorithm is to derive keying material for an
-+encryption algorithm from a password in the B<pass>, a salt in B<salt>,
-+and an iteration count.
-+
-+Increasing the B<iter> parameter slows down the algorithm which makes it
-+harder for an attacker to perform a brute force attack using a large number
-+of candidate passwords.
-+
-+No assumption is made regarding the given password; it is simply treated as a
-+byte sequence.
-+
-+=head1 CONFORMING TO
-+
-+RFC 2898
-+
-+=head1 SEE ALSO
-+
-+L<EVP_KDF_CTX>,
-+L<EVP_KDF_CTX_new_id(3)>,
-+L<EVP_KDF_CTX_free(3)>,
-+L<EVP_KDF_ctrl(3)>,
-+L<EVP_KDF_derive(3)>,
-+L<EVP_KDF_CTX(3)/CONTROLS>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the Apache License 2.0 (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
-diff -up openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod
---- openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100
-+++ openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod 2019-02-28 13:05:05.656521382 +0100
-@@ -0,0 +1,149 @@
-+=pod
-+
-+=head1 NAME
-+
-+EVP_KDF_SCRYPT - The scrypt EVP_KDF implementation
-+
-+=head1 DESCRIPTION
-+
-+Support for computing the B<scrypt> password-based KDF through the B<EVP_KDF>
-+API.
-+
-+The EVP_KDF_SCRYPT algorithm implements the scrypt password-based key
-+derivation function, as described in RFC 7914. It is memory-hard in the sense
-+that it deliberately requires a significant amount of RAM for efficient
-+computation. The intention of this is to render brute forcing of passwords on
-+systems that lack large amounts of main memory (such as GPUs or ASICs)
-+computationally infeasible.
-+
-+scrypt provides three work factors that can be customized: N, r and p. N, which
-+has to be a positive power of two, is the general work factor and scales CPU
-+time in an approximately linear fashion. r is the block size of the internally
-+used hash function and p is the parallelization factor. Both r and p need to be
-+greater than zero. The amount of RAM that scrypt requires for its computation
-+is roughly (128 * N * r * p) bytes.
-+
-+In the original paper of Colin Percival ("Stronger Key Derivation via
-+Sequential Memory-Hard Functions", 2009), the suggested values that give a
-+computation time of less than 5 seconds on a 2.5 GHz Intel Core 2 Duo are N =
-+2^20 = 1048576, r = 8, p = 1. Consequently, the required amount of memory for
-+this computation is roughly 1 GiB. On a more recent CPU (Intel i7-5930K at 3.5
-+GHz), this computation takes about 3 seconds. When N, r or p are not specified,
-+they default to 1048576, 8, and 1, respectively. The maximum amount of RAM that
-+may be used by scrypt defaults to 1025 MiB.
-+
-+=head2 Numeric identity
-+
-+B<EVP_KDF_SCRYPT> is the numeric identity for this implementation; it
-+can be used with the EVP_KDF_CTX_new_id() function.
-+
-+=head2 Supported controls
-+
-+The supported controls are:
-+
-+=over 4
-+
-+=item B<EVP_KDF_CTRL_SET_PASS>
-+
-+=item B<EVP_KDF_CTRL_SET_SALT>
-+
-+These controls work as described in L<EVP_KDF_CTX(3)/CONTROLS>.
-+
-+=item B<EVP_KDF_CTRL_SET_SCRYPT_N>
-+
-+=item B<EVP_KDF_CTRL_SET_SCRYPT_R>
-+
-+=item B<EVP_KDF_CTRL_SET_SCRYPT_P>
-+
-+B<EVP_KDF_CTRL_SET_SCRYPT_N> expects one argument: C<uint64_t N>
-+
-+B<EVP_KDF_CTRL_SET_SCRYPT_R> expects one argument: C<uint32_t r>
-+
-+B<EVP_KDF_CTRL_SET_SCRYPT_P> expects one argument: C<uint32_t p>
-+
-+These controls configure the scrypt work factors N, r and p.
-+
-+EVP_KDF_ctrl_str() type strings: "N", "r" and "p", respectively.
-+
-+The corresponding value strings are expected to be decimal numbers.
-+
-+=back
-+
-+=head1 NOTES
-+
-+A context for scrypt can be obtained by calling:
-+
-+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT);
-+
-+The output length of an scrypt key derivation is specified via the
-+B<keylen> parameter to the L<EVP_KDF_derive(3)> function.
-+
-+=head1 EXAMPLE
-+
-+This example derives a 64-byte long test vector using scrypt with the password
-+"password", salt "NaCl" and N = 1024, r = 8, p = 16.
-+
-+ EVP_KDF_CTX *kctx;
-+ unsigned char out[64];
-+
-+ kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT);
-+
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
-+ error("EVP_KDF_CTRL_SET_PASS");
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "NaCl", (size_t)4) <= 0) {
-+ error("EVP_KDF_CTRL_SET_SALT");
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, (uint64_t)1024) <= 0) {
-+ error("EVP_KDF_CTRL_SET_SCRYPT_N");
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, (uint32_t)8) <= 0) {
-+ error("EVP_KDF_CTRL_SET_SCRYPT_R");
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, (uint32_t)16) <= 0) {
-+ error("EVP_KDF_CTRL_SET_SCRYPT_P");
-+ }
-+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
-+ error("EVP_KDF_derive");
-+ }
-+
-+ {
-+ const unsigned char expected[sizeof(out)] = {
-+ 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
-+ 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
-+ 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
-+ 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
-+ 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
-+ 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
-+ 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
-+ 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
-+ };
-+
-+ assert(!memcmp(out, expected, sizeof(out)));
-+ }
-+
-+ EVP_KDF_CTX_free(kctx);
-+
-+=head1 CONFORMING TO
-+
-+RFC 7914
-+
-+=head1 SEE ALSO
-+
-+L<EVP_KDF_CTX>,
-+L<EVP_KDF_CTX_new_id(3)>,
-+L<EVP_KDF_CTX_free(3)>,
-+L<EVP_KDF_ctrl(3)>,
-+L<EVP_KDF_derive(3)>,
-+L<EVP_KDF_CTX(3)/CONTROLS>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
-diff -up openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod
---- openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100
-+++ openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod 2019-02-28 13:05:05.656521382 +0100
-@@ -0,0 +1,142 @@
-+=pod
-+
-+=head1 NAME
-+
-+EVP_KDF_TLS1_PRF - The TLS1 PRF EVP_KDF implementation
-+
-+=head1 DESCRIPTION
-+
-+Support for computing the B<TLS1> PRF through the B<EVP_KDF> API.
-+
-+The EVP_KDF_TLS1_PRF algorithm implements the PRF used by TLS versions up to
-+and including TLS 1.2.
-+
-+=head2 Numeric identity
-+
-+B<EVP_KDF_TLS1_PRF> is the numeric identity for this implementation; it
-+can be used with the EVP_KDF_CTX_new_id() function.
-+
-+=head2 Supported controls
-+
-+The supported controls are:
-+
-+=over 4
-+
-+=item B<EVP_KDF_CTRL_SET_MD>
-+
-+This control works as described in L<EVP_KDF_CTX(3)/CONTROLS>.
-+
-+The C<EVP_KDF_CTRL_SET_MD> control is used to set the message digest associated
-+with the TLS PRF. EVP_md5_sha1() is treated as a special case which uses the
-+PRF algorithm using both B<MD5> and B<SHA1> as used in TLS 1.0 and 1.1.
-+
-+=item B<EVP_KDF_CTRL_SET_TLS_SECRET>
-+
-+This control expects two arguments: C<unsigned char *sec>, C<size_t seclen>
-+
-+Sets the secret value of the TLS PRF to B<seclen> bytes of the buffer B<sec>.
-+Any existing secret value is replaced.
-+
-+EVP_KDF_ctrl_str() takes two type strings for this control:
-+
-+=over 4
-+
-+=item "secret"
-+
-+The value string is used as is.
-+
-+=item "hexsecret"
-+
-+The value string is expected to be a hexadecimal number, which will be
-+decoded before being passed on as the control value.
-+
-+=back
-+
-+=item B<EVP_KDF_CTRL_RESET_TLS_SEED>
-+
-+This control does not expect any arguments.
-+
-+Resets the context seed buffer to zero length.
-+
-+=item B<EVP_KDF_CTRL_ADD_TLS_SEED>
-+
-+This control expects two arguments: C<unsigned char *seed>, C<size_t seedlen>
-+
-+Sets the seed to B<seedlen> bytes of B<seed>. If a seed is already set it is
-+appended to the existing value.
-+
-+The total length of the context seed buffer cannot exceed 1024 bytes;
-+this should be more than enough for any normal use of the TLS PRF.
-+
-+EVP_KDF_ctrl_str() takes two type strings for this control:
-+
-+=over 4
-+
-+=item "seed"
-+
-+The value string is used as is.
-+
-+=item "hexseed"
-+
-+The value string is expected to be a hexadecimal number, which will be
-+decoded before being passed on as the control value.
-+
-+=back
-+
-+=back
-+
-+=head1 NOTES
-+
-+A context for the TLS PRF can be obtained by calling:
-+
-+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF, NULL);
-+
-+The digest, secret value and seed must be set before a key is derived otherwise
-+an error will occur.
-+
-+The output length of the PRF is specified by the C<keylen> parameter to the
-+EVP_KDF_derive() function.
-+
-+=head1 EXAMPLE
-+
-+This example derives 10 bytes using SHA-256 with the secret key "secret"
-+and seed value "seed":
-+
-+ EVP_KDF_CTX *kctx;
-+ unsigned char out[10];
-+
-+ kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF);
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
-+ error("EVP_KDF_CTRL_SET_MD");
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET,
-+ "secret", (size_t)6) <= 0) {
-+ error("EVP_KDF_CTRL_SET_TLS_SECRET");
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed", (size_t)4) <= 0) {
-+ error("EVP_KDF_CTRL_ADD_TLS_SEED");
-+ }
-+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
-+ error("EVP_KDF_derive");
-+ }
-+ EVP_KDF_CTX_free(kctx);
-+
-+=head1 SEE ALSO
-+
-+L<EVP_KDF_CTX>,
-+L<EVP_KDF_CTX_new_id(3)>,
-+L<EVP_KDF_CTX_free(3)>,
-+L<EVP_KDF_ctrl(3)>,
-+L<EVP_KDF_derive(3)>,
-+L<EVP_KDF_CTX(3)/CONTROLS>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the Apache License 2.0 (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
-diff -up openssl-1.1.1b/include/openssl/evperr.h.evp-kdf openssl-1.1.1b/include/openssl/evperr.h
---- openssl-1.1.1b/include/openssl/evperr.h.evp-kdf 2019-02-28 13:05:05.633521807 +0100
-+++ openssl-1.1.1b/include/openssl/evperr.h 2019-02-28 13:05:05.657521363 +0100
-@@ -1,6 +1,6 @@
- /*
- * Generated by util/mkerr.pl DO NOT EDIT
-- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
-@@ -51,6 +51,9 @@ int ERR_load_EVP_strings(void);
- # define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219
- # define EVP_F_EVP_ENCRYPTFINAL_EX 127
- # define EVP_F_EVP_ENCRYPTUPDATE 167
-+# define EVP_F_EVP_KDF_CTRL 224
-+# define EVP_F_EVP_KDF_CTRL_STR 225
-+# define EVP_F_EVP_KDF_CTX_NEW_ID 226
- # define EVP_F_EVP_MD_CTX_COPY_EX 110
- # define EVP_F_EVP_MD_SIZE 162
- # define EVP_F_EVP_OPENINIT 102
-@@ -113,10 +116,12 @@ int ERR_load_EVP_strings(void);
- # define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
- # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164
- # define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180
-+# define EVP_F_PKEY_KDF_CTRL 227
- # define EVP_F_PKEY_SET_TYPE 158
- # define EVP_F_RC2_MAGIC_TO_METH 109
- # define EVP_F_RC5_CTRL 125
- # define EVP_F_S390X_AES_GCM_CTRL 201
-+# define EVP_F_SCRYPT_ALG 228
- # define EVP_F_UPDATE 173
-
- /*
-@@ -171,6 +176,7 @@ int ERR_load_EVP_strings(void);
- # define EVP_R_ONLY_ONESHOT_SUPPORTED 177
- # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
- # define EVP_R_OPERATON_NOT_INITIALIZED 151
-+# define EVP_R_PARAMETER_TOO_LARGE 187
- # define EVP_R_PARTIALLY_OVERLAPPING 162
- # define EVP_R_PBKDF2_ERROR 181
- # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
-diff -up openssl-1.1.1b/include/openssl/kdferr.h.evp-kdf openssl-1.1.1b/include/openssl/kdferr.h
---- openssl-1.1.1b/include/openssl/kdferr.h.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/include/openssl/kdferr.h 2019-02-28 13:05:05.657521363 +0100
-@@ -1,6 +1,6 @@
- /*
- * Generated by util/mkerr.pl DO NOT EDIT
-- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
-@@ -19,6 +19,23 @@ int ERR_load_KDF_strings(void);
- /*
- * KDF function codes.
- */
-+# define KDF_F_HKDF_EXTRACT 112
-+# define KDF_F_KDF_HKDF_DERIVE 113
-+# define KDF_F_KDF_HKDF_NEW 114
-+# define KDF_F_KDF_HKDF_SIZE 115
-+# define KDF_F_KDF_MD2CTRL 116
-+# define KDF_F_KDF_PBKDF2_CTRL_STR 117
-+# define KDF_F_KDF_PBKDF2_DERIVE 118
-+# define KDF_F_KDF_PBKDF2_NEW 119
-+# define KDF_F_KDF_SCRYPT_CTRL_STR 120
-+# define KDF_F_KDF_SCRYPT_CTRL_UINT32 121
-+# define KDF_F_KDF_SCRYPT_CTRL_UINT64 122
-+# define KDF_F_KDF_SCRYPT_DERIVE 123
-+# define KDF_F_KDF_SCRYPT_NEW 124
-+# define KDF_F_KDF_TLS1_PRF_CTRL_STR 125
-+# define KDF_F_KDF_TLS1_PRF_DERIVE 126
-+# define KDF_F_KDF_TLS1_PRF_NEW 127
-+# define KDF_F_PBKDF2_SET_MEMBUF 128
- # define KDF_F_PKEY_HKDF_CTRL_STR 103
- # define KDF_F_PKEY_HKDF_DERIVE 102
- # define KDF_F_PKEY_HKDF_INIT 108
-@@ -30,6 +47,7 @@ int ERR_load_KDF_strings(void);
- # define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100
- # define KDF_F_PKEY_TLS1_PRF_DERIVE 101
- # define KDF_F_PKEY_TLS1_PRF_INIT 110
-+# define KDF_F_SCRYPT_SET_MEMBUF 129
- # define KDF_F_TLS1_PRF_ALG 111
-
- /*
-@@ -47,5 +65,6 @@ int ERR_load_KDF_strings(void);
- # define KDF_R_UNKNOWN_PARAMETER_TYPE 103
- # define KDF_R_VALUE_ERROR 108
- # define KDF_R_VALUE_MISSING 102
-+# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112
-
- #endif
-diff -up openssl-1.1.1b/include/openssl/kdf.h.evp-kdf openssl-1.1.1b/include/openssl/kdf.h
---- openssl-1.1.1b/include/openssl/kdf.h.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/include/openssl/kdf.h 2019-02-28 13:05:05.657521363 +0100
-@@ -10,10 +10,50 @@
- #ifndef HEADER_KDF_H
- # define HEADER_KDF_H
-
-+# include <openssl/ossl_typ.h>
- # include <openssl/kdferr.h>
--#ifdef __cplusplus
-+# ifdef __cplusplus
- extern "C" {
--#endif
-+# endif
-+
-+# define EVP_KDF_PBKDF2 NID_id_pbkdf2
-+# define EVP_KDF_SCRYPT NID_id_scrypt
-+# define EVP_KDF_TLS1_PRF NID_tls1_prf
-+# define EVP_KDF_HKDF NID_hkdf
-+
-+EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id);
-+void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx);
-+
-+void EVP_KDF_reset(EVP_KDF_CTX *ctx);
-+int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...);
-+int EVP_KDF_vctrl(EVP_KDF_CTX *ctx, int cmd, va_list args);
-+int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value);
-+size_t EVP_KDF_size(EVP_KDF_CTX *ctx);
-+int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen);
-+
-+
-+# define EVP_KDF_CTRL_SET_PASS 0x01 /* unsigned char *, size_t */
-+# define EVP_KDF_CTRL_SET_SALT 0x02 /* unsigned char *, size_t */
-+# define EVP_KDF_CTRL_SET_ITER 0x03 /* int */
-+# define EVP_KDF_CTRL_SET_MD 0x04 /* EVP_MD * */
-+# define EVP_KDF_CTRL_SET_KEY 0x05 /* unsigned char *, size_t */
-+# define EVP_KDF_CTRL_SET_MAXMEM_BYTES 0x06 /* uint64_t */
-+# define EVP_KDF_CTRL_SET_TLS_SECRET 0x07 /* unsigned char *, size_t */
-+# define EVP_KDF_CTRL_RESET_TLS_SEED 0x08
-+# define EVP_KDF_CTRL_ADD_TLS_SEED 0x09 /* unsigned char *, size_t */
-+# define EVP_KDF_CTRL_RESET_HKDF_INFO 0x0a
-+# define EVP_KDF_CTRL_ADD_HKDF_INFO 0x0b /* unsigned char *, size_t */
-+# define EVP_KDF_CTRL_SET_HKDF_MODE 0x0c /* int */
-+# define EVP_KDF_CTRL_SET_SCRYPT_N 0x0d /* uint64_t */
-+# define EVP_KDF_CTRL_SET_SCRYPT_R 0x0e /* uint32_t */
-+# define EVP_KDF_CTRL_SET_SCRYPT_P 0x0f /* uint32_t */
-+
-+# define EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND 0
-+# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1
-+# define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2
-+
-+
-+/**** The legacy PKEY-based KDF API follows. ****/
-
- # define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL)
- # define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1)
-@@ -30,9 +70,12 @@ extern "C" {
- # define EVP_PKEY_CTRL_SCRYPT_P (EVP_PKEY_ALG_CTRL + 12)
- # define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES (EVP_PKEY_ALG_CTRL + 13)
-
--# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
--# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1
--# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2
-+# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND \
-+ EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND
-+# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY \
-+ EVP_KDF_HKDF_MODE_EXTRACT_ONLY
-+# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY \
-+ EVP_KDF_HKDF_MODE_EXPAND_ONLY
-
- # define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \
- EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
-@@ -91,7 +134,7 @@ extern "C" {
- EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes)
-
-
--# ifdef __cplusplus
-+# ifdef __cplusplus
- }
- # endif
- #endif
-diff -up openssl-1.1.1b/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1b/include/openssl/ossl_typ.h
---- openssl-1.1.1b/include/openssl/ossl_typ.h.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/include/openssl/ossl_typ.h 2019-02-28 13:05:05.657521363 +0100
-@@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E
- typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
- typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
-
-+typedef struct evp_kdf_ctx_st EVP_KDF_CTX;
-+
- typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
-
- typedef struct hmac_ctx_st HMAC_CTX;
-diff -up openssl-1.1.1b/test/build.info.evp-kdf openssl-1.1.1b/test/build.info
---- openssl-1.1.1b/test/build.info.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/test/build.info 2019-02-28 13:05:05.657521363 +0100
-@@ -43,7 +43,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
- ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
- bio_callback_test bio_memleak_test \
- bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \
-- pkey_meth_test pkey_meth_kdf_test uitest cipherbytes_test \
-+ pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \
-+ cipherbytes_test \
- asn1_encode_test asn1_decode_test asn1_string_table_test \
- x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
- recordlentest drbgtest sslbuffertest \
-@@ -335,6 +336,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
- INCLUDE[pkey_meth_kdf_test]=../include
- DEPEND[pkey_meth_kdf_test]=../libcrypto libtestutil.a
-
-+ SOURCE[evp_kdf_test]=evp_kdf_test.c
-+ INCLUDE[evp_kdf_test]=../include
-+ DEPEND[evp_kdf_test]=../libcrypto libtestutil.a
-+
- SOURCE[x509_time_test]=x509_time_test.c
- INCLUDE[x509_time_test]=../include
- DEPEND[x509_time_test]=../libcrypto libtestutil.a
-diff -up openssl-1.1.1b/test/evp_kdf_test.c.evp-kdf openssl-1.1.1b/test/evp_kdf_test.c
---- openssl-1.1.1b/test/evp_kdf_test.c.evp-kdf 2019-02-28 13:05:05.658521345 +0100
-+++ openssl-1.1.1b/test/evp_kdf_test.c 2019-02-28 13:05:05.658521345 +0100
-@@ -0,0 +1,237 @@
-+/*
-+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/* Tests of the EVP_KDF_CTX APIs */
-+
-+#include <stdio.h>
-+#include <string.h>
-+
-+#include <openssl/evp.h>
-+#include <openssl/kdf.h>
-+#include "testutil.h"
-+
-+static int test_kdf_tls1_prf(void)
-+{
-+ int ret = 0;
-+ EVP_KDF_CTX *kctx;
-+ unsigned char out[16];
-+
-+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF)) == NULL) {
-+ TEST_error("EVP_KDF_TLS1_PRF");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_SET_MD");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET,
-+ "secret", (size_t)6) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_SET_TLS_SECRET");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed", (size_t)4) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_ADD_TLS_SEED");
-+ goto err;
-+ }
-+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
-+ TEST_error("EVP_KDF_derive");
-+ goto err;
-+ }
-+
-+ {
-+ const unsigned char expected[sizeof(out)] = {
-+ 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
-+ 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
-+ };
-+ if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
-+ goto err;
-+ }
-+ }
-+ ret = 1;
-+err:
-+ EVP_KDF_CTX_free(kctx);
-+ return ret;
-+}
-+
-+static int test_kdf_hkdf(void)
-+{
-+ int ret = 0;
-+ EVP_KDF_CTX *kctx;
-+ unsigned char out[10];
-+
-+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF)) == NULL) {
-+ TEST_error("EVP_KDF_HKDF");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_SET_MD");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_SET_SALT");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_SET_KEY");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO,
-+ "label", (size_t)5) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_ADD_HKDF_INFO");
-+ goto err;
-+ }
-+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
-+ TEST_error("EVP_KDF_derive");
-+ goto err;
-+ }
-+
-+ {
-+ const unsigned char expected[sizeof(out)] = {
-+ 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
-+ };
-+ if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
-+ goto err;
-+ }
-+ }
-+ ret = 1;
-+err:
-+ EVP_KDF_CTX_free(kctx);
-+ return ret;
-+}
-+
-+static int test_kdf_pbkdf2(void)
-+{
-+ int ret = 0;
-+ EVP_KDF_CTX *kctx;
-+ unsigned char out[32];
-+
-+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) {
-+ TEST_error("EVP_KDF_PBKDF2");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_SET_PASS");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_SET_SALT");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_SET_ITER");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_SET_MD");
-+ goto err;
-+ }
-+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
-+ TEST_error("EVP_KDF_derive");
-+ goto err;
-+ }
-+
-+ {
-+ const unsigned char expected[sizeof(out)] = {
-+ 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
-+ 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
-+ 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
-+ 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
-+ };
-+ if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
-+ goto err;
-+ }
-+ }
-+ ret = 1;
-+err:
-+ EVP_KDF_CTX_free(kctx);
-+ return ret;
-+}
-+
-+#ifndef OPENSSL_NO_SCRYPT
-+static int test_kdf_scrypt(void)
-+{
-+ int ret = 0;
-+ EVP_KDF_CTX *kctx;
-+ unsigned char out[64];
-+
-+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT)) == NULL) {
-+ TEST_error("EVP_KDF_SCRYPT");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_SET_PASS");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "NaCl", (size_t)4) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_SET_SALT");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, (uint64_t)1024) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_SET_SCRYPT_N");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, (uint32_t)8) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_SET_SCRYPT_R");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, (uint32_t)16) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_SET_SCRYPT_P");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, (uint64_t)16) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_SET_MAXMEM_BYTES");
-+ goto err;
-+ }
-+ if (EVP_KDF_derive(kctx, out, sizeof(out)) > 0) {
-+ TEST_error("EVP_KDF_derive should have failed");
-+ goto err;
-+ }
-+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES,
-+ (uint64_t)(10 * 1024 * 1024)) <= 0) {
-+ TEST_error("EVP_KDF_CTRL_SET_MAXMEM_BYTES");
-+ goto err;
-+ }
-+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
-+ TEST_error("EVP_KDF_derive");
-+ goto err;
-+ }
-+
-+ {
-+ const unsigned char expected[sizeof(out)] = {
-+ 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
-+ 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
-+ 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
-+ 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
-+ 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
-+ 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
-+ 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
-+ 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
-+ };
-+ if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
-+ goto err;
-+ }
-+ }
-+ ret = 1;
-+err:
-+ EVP_KDF_CTX_free(kctx);
-+ return ret;
-+}
-+#endif
-+
-+int setup_tests(void)
-+{
-+ ADD_TEST(test_kdf_tls1_prf);
-+ ADD_TEST(test_kdf_hkdf);
-+ ADD_TEST(test_kdf_pbkdf2);
-+#ifndef OPENSSL_NO_SCRYPT
-+ ADD_TEST(test_kdf_scrypt);
-+#endif
-+ return 1;
-+}
-diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c
---- openssl-1.1.1b/test/evp_test.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/test/evp_test.c 2019-02-28 13:05:05.658521345 +0100
-@@ -1672,13 +1672,14 @@ static const EVP_TEST_METHOD encode_test
- encode_test_run,
- };
-
-+
- /**
- *** KDF TESTS
- **/
-
- typedef struct kdf_data_st {
- /* Context for this operation */
-- EVP_PKEY_CTX *ctx;
-+ EVP_KDF_CTX *ctx;
- /* Expected output */
- unsigned char *output;
- size_t output_len;
-@@ -1705,16 +1706,11 @@ static int kdf_test_init(EVP_TEST *t, co
-
- if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
- return 0;
-- kdata->ctx = EVP_PKEY_CTX_new_id(kdf_nid, NULL);
-+ kdata->ctx = EVP_KDF_CTX_new_id(kdf_nid);
- if (kdata->ctx == NULL) {
- OPENSSL_free(kdata);
- return 0;
- }
-- if (EVP_PKEY_derive_init(kdata->ctx) <= 0) {
-- EVP_PKEY_CTX_free(kdata->ctx);
-- OPENSSL_free(kdata);
-- return 0;
-- }
- t->data = kdata;
- return 1;
- }
-@@ -1723,7 +1719,42 @@ static void kdf_test_cleanup(EVP_TEST *t
- {
- KDF_DATA *kdata = t->data;
- OPENSSL_free(kdata->output);
-- EVP_PKEY_CTX_free(kdata->ctx);
-+ EVP_KDF_CTX_free(kdata->ctx);
-+}
-+
-+static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
-+ const char *value)
-+{
-+ int rv;
-+ char *p, *tmpval;
-+
-+ if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
-+ return 0;
-+ p = strchr(tmpval, ':');
-+ if (p != NULL)
-+ *p++ = '\0';
-+ rv = EVP_KDF_ctrl_str(kctx, tmpval, p);
-+ if (rv == -2) {
-+ t->err = "KDF_CTRL_INVALID";
-+ rv = 1;
-+ } else if (p != NULL && rv <= 0) {
-+ /* If p has an OID and lookup fails assume disabled algorithm */
-+ int nid = OBJ_sn2nid(p);
-+
-+ if (nid == NID_undef)
-+ nid = OBJ_ln2nid(p);
-+ if (nid != NID_undef
-+ && EVP_get_digestbynid(nid) == NULL
-+ && EVP_get_cipherbynid(nid) == NULL) {
-+ t->skip = 1;
-+ rv = 1;
-+ } else {
-+ t->err = "KDF_CTRL_ERROR";
-+ rv = 1;
-+ }
-+ }
-+ OPENSSL_free(tmpval);
-+ return rv > 0;
- }
-
- static int kdf_test_parse(EVP_TEST *t,
-@@ -1734,7 +1765,7 @@ static int kdf_test_parse(EVP_TEST *t,
- if (strcmp(keyword, "Output") == 0)
- return parse_bin(value, &kdata->output, &kdata->output_len);
- if (strncmp(keyword, "Ctrl", 4) == 0)
-- return pkey_test_ctrl(t, kdata->ctx, value);
-+ return kdf_test_ctrl(t, kdata->ctx, value);
- return 0;
- }
-
-@@ -1748,7 +1779,7 @@ static int kdf_test_run(EVP_TEST *t)
- t->err = "INTERNAL_ERROR";
- goto err;
- }
-- if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) {
-+ if (EVP_KDF_derive(expected->ctx, got, got_len) <= 0) {
- t->err = "KDF_DERIVE_ERROR";
- goto err;
- }
-@@ -1774,6 +1805,106 @@ static const EVP_TEST_METHOD kdf_test_me
-
-
- /**
-+*** PKEY KDF TESTS
-+**/
-+
-+typedef struct pkey_kdf_data_st {
-+ /* Context for this operation */
-+ EVP_PKEY_CTX *ctx;
-+ /* Expected output */
-+ unsigned char *output;
-+ size_t output_len;
-+} PKEY_KDF_DATA;
-+
-+/*
-+ * Perform public key operation setup: lookup key, allocated ctx and call
-+ * the appropriate initialisation function
-+ */
-+static int pkey_kdf_test_init(EVP_TEST *t, const char *name)
-+{
-+ PKEY_KDF_DATA *kdata;
-+ int kdf_nid = OBJ_sn2nid(name);
-+
-+#ifdef OPENSSL_NO_SCRYPT
-+ if (strcmp(name, "scrypt") == 0) {
-+ t->skip = 1;
-+ return 1;
-+ }
-+#endif
-+
-+ if (kdf_nid == NID_undef)
-+ kdf_nid = OBJ_ln2nid(name);
-+
-+ if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
-+ return 0;
-+ kdata->ctx = EVP_PKEY_CTX_new_id(kdf_nid, NULL);
-+ if (kdata->ctx == NULL) {
-+ OPENSSL_free(kdata);
-+ return 0;
-+ }
-+ if (EVP_PKEY_derive_init(kdata->ctx) <= 0) {
-+ EVP_PKEY_CTX_free(kdata->ctx);
-+ OPENSSL_free(kdata);
-+ return 0;
-+ }
-+ t->data = kdata;
-+ return 1;
-+}
-+
-+static void pkey_kdf_test_cleanup(EVP_TEST *t)
-+{
-+ PKEY_KDF_DATA *kdata = t->data;
-+ OPENSSL_free(kdata->output);
-+ EVP_PKEY_CTX_free(kdata->ctx);
-+}
-+
-+static int pkey_kdf_test_parse(EVP_TEST *t,
-+ const char *keyword, const char *value)
-+{
-+ PKEY_KDF_DATA *kdata = t->data;
-+
-+ if (strcmp(keyword, "Output") == 0)
-+ return parse_bin(value, &kdata->output, &kdata->output_len);
-+ if (strncmp(keyword, "Ctrl", 4) == 0)
-+ return pkey_test_ctrl(t, kdata->ctx, value);
-+ return 0;
-+}
-+
-+static int pkey_kdf_test_run(EVP_TEST *t)
-+{
-+ PKEY_KDF_DATA *expected = t->data;
-+ unsigned char *got = NULL;
-+ size_t got_len = expected->output_len;
-+
-+ if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
-+ t->err = "INTERNAL_ERROR";
-+ goto err;
-+ }
-+ if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) {
-+ t->err = "KDF_DERIVE_ERROR";
-+ goto err;
-+ }
-+ if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) {
-+ t->err = "KDF_MISMATCH";
-+ goto err;
-+ }
-+ t->err = NULL;
-+
-+ err:
-+ OPENSSL_free(got);
-+ return 1;
-+}
-+
-+static const EVP_TEST_METHOD pkey_kdf_test_method = {
-+ "PKEYKDF",
-+ pkey_kdf_test_init,
-+ pkey_kdf_test_cleanup,
-+ pkey_kdf_test_parse,
-+ pkey_kdf_test_run
-+};
-+
-+
-+/**
- *** KEYPAIR TESTS
- **/
-
-@@ -2277,6 +2408,7 @@ static const EVP_TEST_METHOD *evp_test_l
- &digestverify_test_method,
- &encode_test_method,
- &kdf_test_method,
-+ &pkey_kdf_test_method,
- &keypair_test_method,
- &keygen_test_method,
- &mac_test_method,
-diff -up openssl-1.1.1b/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1b/test/pkey_meth_kdf_test.c
---- openssl-1.1.1b/test/pkey_meth_kdf_test.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/test/pkey_meth_kdf_test.c 2019-02-28 13:05:05.658521345 +0100
-@@ -1,5 +1,5 @@
- /*
-- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
-@@ -18,30 +18,34 @@
-
- static int test_kdf_tls1_prf(void)
- {
-+ int ret = 0;
- EVP_PKEY_CTX *pctx;
- unsigned char out[16];
- size_t outlen = sizeof(out);
-- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
-
-+ if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL)) == NULL) {
-+ TEST_error("EVP_PKEY_TLS1_PRF");
-+ goto err;
-+ }
- if (EVP_PKEY_derive_init(pctx) <= 0) {
- TEST_error("EVP_PKEY_derive_init");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) {
- TEST_error("EVP_PKEY_CTX_set_tls1_prf_md");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0) {
- TEST_error("EVP_PKEY_CTX_set1_tls1_prf_secret");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0) {
- TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
- TEST_error("EVP_PKEY_derive");
-- return 0;
-+ goto err;
- }
-
- {
-@@ -50,43 +54,49 @@ static int test_kdf_tls1_prf(void)
- 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
- };
- if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
-- return 0;
-+ goto err;
- }
- }
-+ ret = 1;
-+err:
- EVP_PKEY_CTX_free(pctx);
-- return 1;
-+ return ret;
- }
-
- static int test_kdf_hkdf(void)
- {
-+ int ret = 0;
- EVP_PKEY_CTX *pctx;
- unsigned char out[10];
- size_t outlen = sizeof(out);
-- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
-
-+ if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)) == NULL) {
-+ TEST_error("EVP_PKEY_HKDF");
-+ goto err;
-+ }
- if (EVP_PKEY_derive_init(pctx) <= 0) {
- TEST_error("EVP_PKEY_derive_init");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) {
- TEST_error("EVP_PKEY_CTX_set_hkdf_md");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0) {
- TEST_error("EVP_PKEY_CTX_set1_hkdf_salt");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0) {
- TEST_error("EVP_PKEY_CTX_set1_hkdf_key");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 5) <= 0) {
- TEST_error("EVP_PKEY_CTX_set1_hkdf_info");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
- TEST_error("EVP_PKEY_derive");
-- return 0;
-+ goto err;
- }
-
- {
-@@ -94,60 +104,66 @@ static int test_kdf_hkdf(void)
- 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
- };
- if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
-- return 0;
-+ goto err;
- }
- }
-+ ret = 1;
-+err:
- EVP_PKEY_CTX_free(pctx);
-- return 1;
-+ return ret;
- }
-
- #ifndef OPENSSL_NO_SCRYPT
- static int test_kdf_scrypt(void)
- {
-+ int ret = 0;
- EVP_PKEY_CTX *pctx;
- unsigned char out[64];
- size_t outlen = sizeof(out);
-- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL);
-
-+ if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL)) == NULL) {
-+ TEST_error("EVP_PKEY_SCRYPT");
-+ goto err;
-+ }
- if (EVP_PKEY_derive_init(pctx) <= 0) {
- TEST_error("EVP_PKEY_derive_init");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_CTX_set1_pbe_pass(pctx, "password", 8) <= 0) {
- TEST_error("EVP_PKEY_CTX_set1_pbe_pass");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, "NaCl", 4) <= 0) {
- TEST_error("EVP_PKEY_CTX_set1_scrypt_salt");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_CTX_set_scrypt_N(pctx, 1024) <= 0) {
- TEST_error("EVP_PKEY_CTX_set_scrypt_N");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_CTX_set_scrypt_r(pctx, 8) <= 0) {
- TEST_error("EVP_PKEY_CTX_set_scrypt_r");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_CTX_set_scrypt_p(pctx, 16) <= 0) {
- TEST_error("EVP_PKEY_CTX_set_scrypt_p");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, 16) <= 0) {
- TEST_error("EVP_PKEY_CTX_set_maxmem_bytes");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_derive(pctx, out, &outlen) > 0) {
- TEST_error("EVP_PKEY_derive should have failed");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, 10 * 1024 * 1024) <= 0) {
- TEST_error("EVP_PKEY_CTX_set_maxmem_bytes");
-- return 0;
-+ goto err;
- }
- if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
- TEST_error("EVP_PKEY_derive");
-- return 0;
-+ goto err;
- }
-
- {
-@@ -162,11 +178,13 @@ static int test_kdf_scrypt(void)
- 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
- };
- if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
-- return 0;
-+ goto err;
- }
- }
-+ ret = 1;
-+err:
- EVP_PKEY_CTX_free(pctx);
-- return 1;
-+ return ret;
- }
- #endif
-
-diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt
---- openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt 2019-02-28 13:05:05.659521326 +0100
-@@ -1,5 +1,5 @@
- #
--# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
-+# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
- #
- # Licensed under the OpenSSL license (the "License"). You may not use
- # this file except in compliance with the License. You can obtain a copy
-@@ -15,7 +15,7 @@
- Title = TLS1 PRF tests (from NIST test vectors)
-
- KDF=TLS1-PRF
--Ctrl.md = md:MD5-SHA1
-+Ctrl.digest = digest:MD5-SHA1
- Ctrl.Secret = hexsecret:bded7fa5c1699c010be23dd06ada3a48349f21e5f86263d512c0c5cc379f0e780ec55d9844b2f1db02a96453513568d0
- Ctrl.label = seed:master secret
- Ctrl.client_random = hexseed:e5acaf549cd25c22d964c0d930fa4b5261d2507fad84c33715b7b9a864020693
-@@ -23,7 +23,7 @@ Ctrl.server_random = hexseed:135e4d557fd
- Output = 2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62
-
- KDF=TLS1-PRF
--Ctrl.md = md:MD5-SHA1
-+Ctrl.digest = digest:MD5-SHA1
- Ctrl.Secret = hexsecret:2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62
- Ctrl.label = seed:key expansion
- Ctrl.server_random = hexseed:67267e650eb32444119d222a368c191af3082888dc35afe8368e638c828874be
-@@ -31,7 +31,7 @@ Ctrl.client_random = hexseed:d58a7b1cd4f
- Output = 3088825988e77fce68d19f756e18e43eb7fe672433504feaf99b3c503d9091b164f166db301d70c9fc0870b4a94563907bee1a61fb786cb717576890bcc51cb9ead97e01d0a2fea99c953377b195205ff07b369589178796edc963fd80fdbe518a2fc1c35c18ae8d
-
- KDF=TLS1-PRF
--Ctrl.md = md:SHA256
-+Ctrl.digest = digest:SHA256
- Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
- Ctrl.label = seed:master secret
- Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
-@@ -39,7 +39,7 @@ Ctrl.server_random = hexseed:f6c9575ed7d
- Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
-
- KDF=TLS1-PRF
--Ctrl.md = md:SHA256
-+Ctrl.digest = digest:SHA256
- Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
- Ctrl.label = seed:key expansion
- Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868
-@@ -48,7 +48,7 @@ Output = d06139889fffac1e3a71865f504aa5d
-
- # As above but use long name for KDF
- KDF=tls1-prf
--Ctrl.md = md:SHA256
-+Ctrl.digest = digest:SHA256
- Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
- Ctrl.label = seed:key expansion
- Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868
-@@ -64,7 +64,7 @@ Result = KDF_DERIVE_ERROR
-
- # Missing secret.
- KDF=TLS1-PRF
--Ctrl.md = md:MD5-SHA1
-+Ctrl.digest = digest:MD5-SHA1
- Ctrl.Seed = hexseed:02
- Output = 03
- Result = KDF_DERIVE_ERROR
-@@ -72,7 +72,7 @@ Result = KDF_DERIVE_ERROR
- Title = HKDF tests (from RFC5869 test vectors)
-
- KDF = HKDF
--Ctrl.md = md:SHA256
-+Ctrl.digest = digest:SHA256
- Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
- Ctrl.salt = hexsalt:000102030405060708090a0b0c
- Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
-@@ -80,20 +80,20 @@ Output = 3cb25f25faacd57a90434f64d0362f2
-
- KDF = HKDF
- Ctrl.mode = mode:EXTRACT_ONLY
--Ctrl.md = md:SHA256
-+Ctrl.digest = digest:SHA256
- Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
- Ctrl.salt = hexsalt:000102030405060708090a0b0c
- Output = 077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5
-
- KDF = HKDF
- Ctrl.mode = mode:EXPAND_ONLY
--Ctrl.md = md:SHA256
-+Ctrl.digest = digest:SHA256
- Ctrl.IKM = hexkey:077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5
- Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
- Output = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865
-
- KDF = HKDF
--Ctrl.md = md:SHA256
-+Ctrl.digest = digest:SHA256
- Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
- Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
- Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-@@ -101,20 +101,20 @@ Output = b11e398dc80327a1c8e7f78c596a493
-
- KDF = HKDF
- Ctrl.mode = mode:EXTRACT_ONLY
--Ctrl.md = md:SHA256
-+Ctrl.digest = digest:SHA256
- Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
- Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
- Output = 06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244
-
- KDF = HKDF
- Ctrl.mode = mode:EXPAND_ONLY
--Ctrl.md = md:SHA256
-+Ctrl.digest = digest:SHA256
- Ctrl.IKM = hexkey:06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244
- Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
- Output = b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87
-
- KDF = HKDF
--Ctrl.md = md:SHA256
-+Ctrl.digest = digest:SHA256
- Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
- Ctrl.salt = salt:
- Ctrl.info = info:
-@@ -122,7 +122,7 @@ Output = 8da4e775a563c18f715f802a063c5a3
-
- KDF = HKDF
- Ctrl.mode = mode:EXTRACT_ONLY
--Ctrl.md = md:SHA256
-+Ctrl.digest = digest:SHA256
- Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
- Ctrl.salt = salt:
- Ctrl.info = info:
-@@ -130,13 +130,13 @@ Output = 19ef24a32c717b167f33a91d6f648bd
-
- KDF = HKDF
- Ctrl.mode = mode:EXPAND_ONLY
--Ctrl.md = md:SHA256
-+Ctrl.digest = digest:SHA256
- Ctrl.IKM = hexkey:19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04
- Ctrl.info = info:
- Output = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8
-
- KDF = HKDF
--Ctrl.md = md:SHA1
-+Ctrl.digest = digest:SHA1
- Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b
- Ctrl.salt = hexsalt:000102030405060708090a0b0c
- Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
-@@ -144,20 +144,20 @@ Output = 085a01ea1b10f36933068b56efa5ad8
-
- KDF = HKDF
- Ctrl.mode = mode:EXTRACT_ONLY
--Ctrl.md = md:SHA1
-+Ctrl.digest = digest:SHA1
- Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b
- Ctrl.salt = hexsalt:000102030405060708090a0b0c
- Output = 9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243
-
- KDF = HKDF
- Ctrl.mode = mode:EXPAND_ONLY
--Ctrl.md = md:SHA1
-+Ctrl.digest = digest:SHA1
- Ctrl.IKM = hexkey:9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243
- Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
- Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896
-
- KDF = HKDF
--Ctrl.md = md:SHA1
-+Ctrl.digest = digest:SHA1
- Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
- Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
- Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-@@ -165,20 +165,20 @@ Output = 0bd770a74d1160f7c9f12cd5912a06e
-
- KDF = HKDF
- Ctrl.mode = mode:EXTRACT_ONLY
--Ctrl.md = md:SHA1
-+Ctrl.digest = digest:SHA1
- Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
- Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
- Output = 8adae09a2a307059478d309b26c4115a224cfaf6
-
- KDF = HKDF
- Ctrl.mode = mode:EXPAND_ONLY
--Ctrl.md = md:SHA1
-+Ctrl.digest = digest:SHA1
- Ctrl.IKM = hexkey:8adae09a2a307059478d309b26c4115a224cfaf6
- Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
- Output = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4
-
- KDF = HKDF
--Ctrl.md = md:SHA1
-+Ctrl.digest = digest:SHA1
- Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
- Ctrl.salt = salt:
- Ctrl.info = info:
-@@ -186,20 +186,20 @@ Output = 0ac1af7002b3d761d1e55298da9d050
-
- KDF = HKDF
- Ctrl.mode = mode:EXTRACT_ONLY
--Ctrl.md = md:SHA1
-+Ctrl.digest = digest:SHA1
- Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
- Ctrl.salt = salt:
- Output = da8c8a73c7fa77288ec6f5e7c297786aa0d32d01
-
- KDF = HKDF
- Ctrl.mode = mode:EXPAND_ONLY
--Ctrl.md = md:SHA1
-+Ctrl.digest = digest:SHA1
- Ctrl.IKM = hexkey:da8c8a73c7fa77288ec6f5e7c297786aa0d32d01
- Ctrl.info = info:
- Output = 0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918
-
- KDF = HKDF
--Ctrl.md = md:SHA1
-+Ctrl.digest = digest:SHA1
- Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
- Ctrl.salt = salt:
- Ctrl.info = info:
-@@ -207,14 +207,14 @@ Output = 2c91117204d745f3500d636a62f64f0
-
- KDF = HKDF
- Ctrl.mode = mode:EXTRACT_ONLY
--Ctrl.md = md:SHA1
-+Ctrl.digest = digest:SHA1
- Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
- Ctrl.salt = salt:
- Output = 2adccada18779e7c2077ad2eb19d3f3e731385dd
-
- KDF = HKDF
- Ctrl.mode = mode:EXPAND_ONLY
--Ctrl.md = md:SHA1
-+Ctrl.digest = digest:SHA1
- Ctrl.IKM = hexkey:2adccada18779e7c2077ad2eb19d3f3e731385dd
- Ctrl.info = info:
- Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
-@@ -227,27 +227,27 @@ Output = 00
- Result = KDF_DERIVE_ERROR
-
- KDF = HKDF
--Ctrl.md = md:SHA1
-+Ctrl.digest = digest:SHA1
- Ctrl.salt = salt:
- Ctrl.info = info:
- Output = 00
- Result = KDF_DERIVE_ERROR
-
- KDF = HKDF
--Ctrl.md = md:SHA1
-+Ctrl.digest = digest:SHA1
- Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
- Ctrl.info = info:
- Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
-
- KDF = HKDF
--Ctrl.md = md:SHA1
-+Ctrl.digest = digest:SHA1
- Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
- Ctrl.salt = salt:
- Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
-
- KDF = HKDF
- Ctrl.mode = mode:EXTRACT_AND_EXPAND
--Ctrl.md = md:SHA1
-+Ctrl.digest = digest:SHA1
- Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
- Ctrl.salt = salt:
- Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
-@@ -303,3 +303,133 @@ Ctrl.r = r:8
- Ctrl.p = p:1
- Result = INTERNAL_ERROR
-
-+Title = PBKDF2 tests
-+
-+KDF = PBKDF2
-+Ctrl.pass = pass:password
-+Ctrl.salt = salt:salt
-+Ctrl.iter = iter:1
-+Ctrl.digest = digest:sha1
-+Output = 0c60c80f961f0e71f3a9b524af6012062fe037a6
-+
-+KDF = PBKDF2
-+Ctrl.pass = pass:password
-+Ctrl.salt = salt:salt
-+Ctrl.iter = iter:1
-+Ctrl.digest = digest:sha256
-+Output = 120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b
-+
-+KDF = PBKDF2
-+Ctrl.pass = pass:password
-+Ctrl.salt = salt:salt
-+Ctrl.iter = iter:1
-+Ctrl.digest = digest:sha512
-+Output = 867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d470a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce
-+
-+KDF = PBKDF2
-+Ctrl.pass = pass:password
-+Ctrl.salt = salt:salt
-+Ctrl.iter = iter:2
-+Ctrl.digest = digest:sha1
-+Output = ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957
-+
-+KDF = PBKDF2
-+Ctrl.pass = pass:password
-+Ctrl.salt = salt:salt
-+Ctrl.iter = iter:2
-+Ctrl.digest = digest:sha256
-+Output = ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43
-+
-+KDF = PBKDF2
-+Ctrl.pass = pass:password
-+Ctrl.salt = salt:salt
-+Ctrl.iter = iter:2
-+Ctrl.digest = digest:sha512
-+Output = e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e
-+
-+KDF = PBKDF2
-+Ctrl.pass = pass:password
-+Ctrl.salt = salt:salt
-+Ctrl.iter = iter:4096
-+Ctrl.digest = digest:sha1
-+Output = 4b007901b765489abead49d926f721d065a429c1
-+
-+KDF = PBKDF2
-+Ctrl.pass = pass:password
-+Ctrl.salt = salt:salt
-+Ctrl.iter = iter:4096
-+Ctrl.digest = digest:sha256
-+Output = c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a
-+
-+KDF = PBKDF2
-+Ctrl.pass = pass:password
-+Ctrl.salt = salt:salt
-+Ctrl.iter = iter:4096
-+Ctrl.digest = digest:sha512
-+Output = d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5
-+
-+KDF = PBKDF2
-+Ctrl.pass = pass:passwordPASSWORDpassword
-+Ctrl.salt = salt:saltSALTsaltSALTsaltSALTsaltSALTsalt
-+Ctrl.iter = iter:4096
-+Ctrl.digest = digest:sha1
-+Output = 3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038
-+
-+KDF = PBKDF2
-+Ctrl.pass = pass:passwordPASSWORDpassword
-+Ctrl.salt = salt:saltSALTsaltSALTsaltSALTsaltSALTsalt
-+Ctrl.iter = iter:4096
-+Ctrl.digest = digest:sha256
-+Output = 348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c635518c7dac47e9
-+
-+KDF = PBKDF2
-+Ctrl.pass = pass:passwordPASSWORDpassword
-+Ctrl.salt = salt:saltSALTsaltSALTsaltSALTsaltSALTsalt
-+Ctrl.iter = iter:4096
-+Ctrl.digest = digest:sha512
-+Output = 8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8
-+
-+KDF = PBKDF2
-+Ctrl.hexpass = hexpass:7061737300776f7264
-+Ctrl.hexsalt = hexsalt:7361006c74
-+Ctrl.iter = iter:4096
-+Ctrl.digest = digest:sha1
-+Output = 56fa6aa75548099dcc37d7f03425e0c3
-+
-+KDF = PBKDF2
-+Ctrl.hexpass = hexpass:7061737300776f7264
-+Ctrl.hexsalt = hexsalt:7361006c74
-+Ctrl.iter = iter:4096
-+Ctrl.digest = digest:sha256
-+Output = 89b69d0516f829893c696226650a8687
-+
-+KDF = PBKDF2
-+Ctrl.hexpass = hexpass:7061737300776f7264
-+Ctrl.hexsalt = hexsalt:7361006c74
-+Ctrl.iter = iter:4096
-+Ctrl.digest = digest:sha512
-+Output = 9d9e9c4cd21fe4be24d5b8244c759665
-+
-+Title = PBKDF2 tests for empty inputs
-+
-+KDF = PBKDF2
-+Ctrl.pass = pass:
-+Ctrl.salt = salt:salt
-+Ctrl.iter = iter:1
-+Ctrl.digest = digest:sha1
-+Output = a33dddc30478185515311f8752895d36ea4363a2
-+
-+KDF = PBKDF2
-+Ctrl.pass = pass:
-+Ctrl.salt = salt:salt
-+Ctrl.iter = iter:1
-+Ctrl.digest = digest:sha256
-+Output = f135c27993baf98773c5cdb40a5706ce6a345cde
-+
-+KDF = PBKDF2
-+Ctrl.pass = pass:
-+Ctrl.salt = salt:salt
-+Ctrl.iter = iter:1
-+Ctrl.digest = digest:sha512
-+Output = 00ef42cdbfc98d29db20976608e455567fdddf14
-+
-diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt
---- openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf 2019-02-28 13:05:05.659521326 +0100
-+++ openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt 2019-02-28 13:05:05.659521326 +0100
-@@ -0,0 +1,305 @@
-+#
-+# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the Apache License 2.0 (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+# Tests start with one of these keywords
-+# Cipher Decrypt Derive Digest Encoding KDF PKEYKDF MAC PBE
-+# PrivPubKeyPair Sign Verify VerifyRecover
-+# and continue until a blank line. Lines starting with a pound sign,
-+# like this prolog, are ignored.
-+
-+Title = TLS1 PRF tests (from NIST test vectors)
-+
-+PKEYKDF=TLS1-PRF
-+Ctrl.md = md:MD5-SHA1
-+Ctrl.Secret = hexsecret:bded7fa5c1699c010be23dd06ada3a48349f21e5f86263d512c0c5cc379f0e780ec55d9844b2f1db02a96453513568d0
-+Ctrl.label = seed:master secret
-+Ctrl.client_random = hexseed:e5acaf549cd25c22d964c0d930fa4b5261d2507fad84c33715b7b9a864020693
-+Ctrl.server_random = hexseed:135e4d557fdf3aa6406d82975d5c606a9734c9334b42136e96990fbd5358cdb2
-+Output = 2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62
-+
-+PKEYKDF=TLS1-PRF
-+Ctrl.md = md:MD5-SHA1
-+Ctrl.Secret = hexsecret:2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62
-+Ctrl.label = seed:key expansion
-+Ctrl.server_random = hexseed:67267e650eb32444119d222a368c191af3082888dc35afe8368e638c828874be
-+Ctrl.client_random = hexseed:d58a7b1cd4fedaa232159df652ce188f9d997e061b9bf48e83b62990440931f6
-+Output = 3088825988e77fce68d19f756e18e43eb7fe672433504feaf99b3c503d9091b164f166db301d70c9fc0870b4a94563907bee1a61fb786cb717576890bcc51cb9ead97e01d0a2fea99c953377b195205ff07b369589178796edc963fd80fdbe518a2fc1c35c18ae8d
-+
-+PKEYKDF=TLS1-PRF
-+Ctrl.md = md:SHA256
-+Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
-+Ctrl.label = seed:master secret
-+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
-+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
-+Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
-+
-+PKEYKDF=TLS1-PRF
-+Ctrl.md = md:SHA256
-+Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
-+Ctrl.label = seed:key expansion
-+Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868
-+Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616
-+Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928
-+
-+# As above but use long name for KDF
-+PKEYKDF=tls1-prf
-+Ctrl.md = md:SHA256
-+Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
-+Ctrl.label = seed:key expansion
-+Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868
-+Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616
-+Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928
-+
-+# Missing digest.
-+PKEYKDF=TLS1-PRF
-+Ctrl.Secret = hexsecret:01
-+Ctrl.Seed = hexseed:02
-+Output = 03
-+Result = KDF_DERIVE_ERROR
-+
-+# Missing secret.
-+PKEYKDF=TLS1-PRF
-+Ctrl.md = md:MD5-SHA1
-+Ctrl.Seed = hexseed:02
-+Output = 03
-+Result = KDF_DERIVE_ERROR
-+
-+Title = HKDF tests (from RFC5869 test vectors)
-+
-+PKEYKDF = HKDF
-+Ctrl.md = md:SHA256
-+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
-+Ctrl.salt = hexsalt:000102030405060708090a0b0c
-+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
-+Output = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865
-+
-+PKEYKDF = HKDF
-+Ctrl.mode = mode:EXTRACT_ONLY
-+Ctrl.md = md:SHA256
-+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
-+Ctrl.salt = hexsalt:000102030405060708090a0b0c
-+Output = 077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5
-+
-+PKEYKDF = HKDF
-+Ctrl.mode = mode:EXPAND_ONLY
-+Ctrl.md = md:SHA256
-+Ctrl.IKM = hexkey:077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5
-+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
-+Output = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865
-+
-+PKEYKDF = HKDF
-+Ctrl.md = md:SHA256
-+Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
-+Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
-+Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-+Output = b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87
-+
-+PKEYKDF = HKDF
-+Ctrl.mode = mode:EXTRACT_ONLY
-+Ctrl.md = md:SHA256
-+Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
-+Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
-+Output = 06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244
-+
-+PKEYKDF = HKDF
-+Ctrl.mode = mode:EXPAND_ONLY
-+Ctrl.md = md:SHA256
-+Ctrl.IKM = hexkey:06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244
-+Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-+Output = b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87
-+
-+PKEYKDF = HKDF
-+Ctrl.md = md:SHA256
-+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
-+Ctrl.salt = salt:
-+Ctrl.info = info:
-+Output = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8
-+
-+PKEYKDF = HKDF
-+Ctrl.mode = mode:EXTRACT_ONLY
-+Ctrl.md = md:SHA256
-+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
-+Ctrl.salt = salt:
-+Ctrl.info = info:
-+Output = 19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04
-+
-+PKEYKDF = HKDF
-+Ctrl.mode = mode:EXPAND_ONLY
-+Ctrl.md = md:SHA256
-+Ctrl.IKM = hexkey:19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04
-+Ctrl.info = info:
-+Output = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8
-+
-+PKEYKDF = HKDF
-+Ctrl.md = md:SHA1
-+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b
-+Ctrl.salt = hexsalt:000102030405060708090a0b0c
-+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
-+Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896
-+
-+PKEYKDF = HKDF
-+Ctrl.mode = mode:EXTRACT_ONLY
-+Ctrl.md = md:SHA1
-+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b
-+Ctrl.salt = hexsalt:000102030405060708090a0b0c
-+Output = 9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243
-+
-+PKEYKDF = HKDF
-+Ctrl.mode = mode:EXPAND_ONLY
-+Ctrl.md = md:SHA1
-+Ctrl.IKM = hexkey:9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243
-+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
-+Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896
-+
-+PKEYKDF = HKDF
-+Ctrl.md = md:SHA1
-+Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
-+Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
-+Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-+Output = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4
-+
-+PKEYKDF = HKDF
-+Ctrl.mode = mode:EXTRACT_ONLY
-+Ctrl.md = md:SHA1
-+Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
-+Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
-+Output = 8adae09a2a307059478d309b26c4115a224cfaf6
-+
-+PKEYKDF = HKDF
-+Ctrl.mode = mode:EXPAND_ONLY
-+Ctrl.md = md:SHA1
-+Ctrl.IKM = hexkey:8adae09a2a307059478d309b26c4115a224cfaf6
-+Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-+Output = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4
-+
-+PKEYKDF = HKDF
-+Ctrl.md = md:SHA1
-+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
-+Ctrl.salt = salt:
-+Ctrl.info = info:
-+Output = 0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918
-+
-+PKEYKDF = HKDF
-+Ctrl.mode = mode:EXTRACT_ONLY
-+Ctrl.md = md:SHA1
-+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
-+Ctrl.salt = salt:
-+Output = da8c8a73c7fa77288ec6f5e7c297786aa0d32d01
-+
-+PKEYKDF = HKDF
-+Ctrl.mode = mode:EXPAND_ONLY
-+Ctrl.md = md:SHA1
-+Ctrl.IKM = hexkey:da8c8a73c7fa77288ec6f5e7c297786aa0d32d01
-+Ctrl.info = info:
-+Output = 0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918
-+
-+PKEYKDF = HKDF
-+Ctrl.md = md:SHA1
-+Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
-+Ctrl.salt = salt:
-+Ctrl.info = info:
-+Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
-+
-+PKEYKDF = HKDF
-+Ctrl.mode = mode:EXTRACT_ONLY
-+Ctrl.md = md:SHA1
-+Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
-+Ctrl.salt = salt:
-+Output = 2adccada18779e7c2077ad2eb19d3f3e731385dd
-+
-+PKEYKDF = HKDF
-+Ctrl.mode = mode:EXPAND_ONLY
-+Ctrl.md = md:SHA1
-+Ctrl.IKM = hexkey:2adccada18779e7c2077ad2eb19d3f3e731385dd
-+Ctrl.info = info:
-+Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
-+
-+PKEYKDF = HKDF
-+Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
-+Ctrl.salt = salt:
-+Ctrl.info = info:
-+Output = 00
-+Result = KDF_DERIVE_ERROR
-+
-+PKEYKDF = HKDF
-+Ctrl.md = md:SHA1
-+Ctrl.salt = salt:
-+Ctrl.info = info:
-+Output = 00
-+Result = KDF_DERIVE_ERROR
-+
-+PKEYKDF = HKDF
-+Ctrl.md = md:SHA1
-+Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
-+Ctrl.info = info:
-+Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
-+
-+PKEYKDF = HKDF
-+Ctrl.md = md:SHA1
-+Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
-+Ctrl.salt = salt:
-+Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
-+
-+PKEYKDF = HKDF
-+Ctrl.mode = mode:EXTRACT_AND_EXPAND
-+Ctrl.md = md:SHA1
-+Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
-+Ctrl.salt = salt:
-+Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
-+
-+Title = id-scrypt tests (from draft-josefsson-id-scrypt-kdf-03 and others)
-+
-+PKEYKDF = scrypt
-+Ctrl.pass = pass:
-+Ctrl.salt = salt:
-+Ctrl.N = N:16
-+Ctrl.r = r:1
-+Ctrl.p = p:1
-+Output = 77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906
-+
-+PKEYKDF = scrypt
-+Ctrl.pass = pass:password
-+Ctrl.salt = salt:NaCl
-+Ctrl.N = N:1024
-+Ctrl.r = r:8
-+Ctrl.p = p:16
-+Output = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640
-+
-+PKEYKDF = scrypt
-+Ctrl.hexpass = hexpass:70617373776f7264
-+Ctrl.salt = salt:NaCl
-+Ctrl.N = N:1024
-+Ctrl.r = r:8
-+Ctrl.p = p:16
-+Output = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640
-+
-+PKEYKDF = scrypt
-+Ctrl.pass = pass:password
-+Ctrl.hexsalt = hexsalt:4e61436c
-+Ctrl.N = N:1024
-+Ctrl.r = r:8
-+Ctrl.p = p:16
-+Output = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640
-+
-+PKEYKDF = scrypt
-+Ctrl.pass = pass:pleaseletmein
-+Ctrl.salt = salt:SodiumChloride
-+Ctrl.N = N:16384
-+Ctrl.r = r:8
-+Ctrl.p = p:1
-+Output = 7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887
-+
-+# Out of memory
-+PKEYKDF = scrypt
-+Ctrl.pass = pass:pleaseletmein
-+Ctrl.salt = salt:SodiumChloride
-+Ctrl.N = N:1048576
-+Ctrl.r = r:8
-+Ctrl.p = p:1
-+Result = INTERNAL_ERROR
-+
-diff -up openssl-1.1.1b/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1b/test/recipes/30-test_evp_kdf.t
---- openssl-1.1.1b/test/recipes/30-test_evp_kdf.t.evp-kdf 2019-02-28 13:05:05.659521326 +0100
-+++ openssl-1.1.1b/test/recipes/30-test_evp_kdf.t 2019-02-28 13:05:05.659521326 +0100
-@@ -0,0 +1,13 @@
-+#! /usr/bin/env perl
-+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
-+# Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
-+#
-+# Licensed under the Apache License 2.0 (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+
-+use OpenSSL::Test::Simple;
-+
-+simple_test("test_evp_kdf", "evp_kdf_test");
-diff -up openssl-1.1.1c/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1c/test/recipes/30-test_evp.t
---- openssl-1.1.1c/test/recipes/30-test_evp.t.evp-kdf 2019-05-29 16:55:38.236960543 +0200
-+++ openssl-1.1.1c/test/recipes/30-test_evp.t 2019-05-29 16:57:46.348718012 +0200
-@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/
- setup("test_evp");
-
- my @files = ( "evpciph.txt", "evpdigest.txt", "evpencod.txt", "evpkdf.txt",
-- "evpmac.txt", "evppbe.txt", "evppkey.txt", "evppkey_ecc.txt",
-+ "evppkey_kdf.txt", "evpmac.txt", "evppbe.txt", "evppkey.txt", "evppkey_ecc.txt",
- "evpcase.txt", "evpccmcavs.txt" );
-
- plan tests => scalar(@files);
-
-diff -up openssl-1.1.1b/util/libcrypto.num.evp-kdf openssl-1.1.1b/util/libcrypto.num
---- openssl-1.1.1b/util/libcrypto.num.evp-kdf 2019-02-28 13:05:05.636521752 +0100
-+++ openssl-1.1.1b/util/libcrypto.num 2019-02-28 13:05:05.660521308 +0100
-@@ -4614,3 +4614,11 @@ FIPS_drbg_get_strength
- FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION:
- FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION:
- FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION:
-+EVP_KDF_CTX_new_id 6590 1_1_1b EXIST::FUNCTION:
-+EVP_KDF_CTX_free 6591 1_1_1b EXIST::FUNCTION:
-+EVP_KDF_reset 6592 1_1_1b EXIST::FUNCTION:
-+EVP_KDF_ctrl 6593 1_1_1b EXIST::FUNCTION:
-+EVP_KDF_vctrl 6594 1_1_1b EXIST::FUNCTION:
-+EVP_KDF_ctrl_str 6595 1_1_1b EXIST::FUNCTION:
-+EVP_KDF_size 6596 1_1_1b EXIST::FUNCTION:
-+EVP_KDF_derive 6597 1_1_1b EXIST::FUNCTION:
-diff -up openssl-1.1.1b/util/private.num.evp-kdf openssl-1.1.1b/util/private.num
---- openssl-1.1.1b/util/private.num.evp-kdf 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/util/private.num 2019-02-28 13:05:05.660521308 +0100
-@@ -21,6 +21,7 @@ CRYPTO_EX_dup
- CRYPTO_EX_free datatype
- CRYPTO_EX_new datatype
- DTLS_timer_cb datatype
-+EVP_KDF_CTX datatype
- EVP_PKEY_gen_cb datatype
- EVP_PKEY_METHOD datatype
- EVP_PKEY_ASN1_METHOD datatype
diff --git a/openssl-freefilesync/openssl-1.1.1-fips-crng-test.patch b/openssl-freefilesync/openssl-1.1.1-fips-crng-test.patch
deleted file mode 100644
index 91841f1..0000000
--- a/openssl-freefilesync/openssl-1.1.1-fips-crng-test.patch
+++ /dev/null
@@ -1,407 +0,0 @@
-diff -up openssl-1.1.1b/crypto/include/internal/rand_int.h.crng-test openssl-1.1.1b/crypto/include/internal/rand_int.h
---- openssl-1.1.1b/crypto/include/internal/rand_int.h.crng-test 2019-05-07 08:56:33.242179136 +0200
-+++ openssl-1.1.1b/crypto/include/internal/rand_int.h 2019-05-07 09:54:14.920204875 +0200
-@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN
-
- void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
-
-+/* CRNG test entropy filter callbacks. */
-+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
-+ unsigned char **pout,
-+ int entropy, size_t min_len, size_t max_len,
-+ int prediction_resistance);
-+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
-+ unsigned char *out, size_t outlen);
-+
- /*
- * RAND_POOL functions
- */
-diff -up openssl-1.1.1b/crypto/rand/build.info.crng-test openssl-1.1.1b/crypto/rand/build.info
---- openssl-1.1.1b/crypto/rand/build.info.crng-test 2019-05-07 09:54:14.921204857 +0200
-+++ openssl-1.1.1b/crypto/rand/build.info 2019-05-07 09:55:22.730014705 +0200
-@@ -1,4 +1,4 @@
- LIBS=../../libcrypto
- SOURCE[../../libcrypto]=\
-- randfile.c rand_lib.c rand_err.c rand_egd.c \
-+ randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
- rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
-diff -up openssl-1.1.1b/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1b/crypto/rand/drbg_lib.c
---- openssl-1.1.1b/crypto/rand/drbg_lib.c.crng-test 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/rand/drbg_lib.c 2019-05-07 10:04:51.753157224 +0200
-@@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg;
-
-
- /* NIST SP 800-90A DRBG recommends the use of a personalization string. */
--static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
-+static const char ossl_pers_string[] = DRBG_DEFAULT_PERS_STRING;
-
- static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
-
-@@ -201,8 +201,13 @@ static RAND_DRBG *rand_drbg_new(int secu
- drbg->parent = parent;
-
- if (parent == NULL) {
-+#ifdef OPENSSL_FIPS
-+ drbg->get_entropy = rand_crngt_get_entropy;
-+ drbg->cleanup_entropy = rand_crngt_cleanup_entropy;
-+#else
- drbg->get_entropy = rand_drbg_get_entropy;
- drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
-+#endif
- #ifndef RAND_DRBG_GET_RANDOM_NONCE
- drbg->get_nonce = rand_drbg_get_nonce;
- drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
-diff -up openssl-1.1.1b/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1b/crypto/rand/rand_crng_test.c
---- openssl-1.1.1b/crypto/rand/rand_crng_test.c.crng-test 2019-05-07 09:54:14.925204787 +0200
-+++ openssl-1.1.1b/crypto/rand/rand_crng_test.c 2019-05-07 09:54:14.932204664 +0200
-@@ -0,0 +1,118 @@
-+/*
-+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
-+ * Implementation of the FIPS 140-2 section 4.9.2 Conditional Tests.
-+ */
-+
-+#include <string.h>
-+#include <openssl/evp.h>
-+#include "internal/rand_int.h"
-+#include "internal/thread_once.h"
-+#include "rand_lcl.h"
-+
-+static RAND_POOL *crngt_pool;
-+static unsigned char crngt_prev[EVP_MAX_MD_SIZE];
-+
-+int (*crngt_get_entropy)(unsigned char *, unsigned char *, unsigned int *)
-+ = &rand_crngt_get_entropy_cb;
-+
-+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
-+ unsigned int *md_size)
-+{
-+ int r;
-+ size_t n;
-+ unsigned char *p;
-+
-+ n = rand_pool_acquire_entropy(crngt_pool);
-+ if (n >= CRNGT_BUFSIZ) {
-+ p = rand_pool_detach(crngt_pool);
-+ r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
-+ if (r != 0)
-+ memcpy(buf, p, CRNGT_BUFSIZ);
-+ rand_pool_reattach(crngt_pool, p);
-+ return r;
-+ }
-+ return 0;
-+}
-+
-+void rand_crngt_cleanup(void)
-+{
-+ rand_pool_free(crngt_pool);
-+ crngt_pool = NULL;
-+}
-+
-+int rand_crngt_init(void)
-+{
-+ unsigned char buf[CRNGT_BUFSIZ];
-+
-+ if ((crngt_pool = rand_pool_new(0, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL)
-+ return 0;
-+ if (crngt_get_entropy(buf, crngt_prev, NULL)) {
-+ OPENSSL_cleanse(buf, sizeof(buf));
-+ return 1;
-+ }
-+ rand_crngt_cleanup();
-+ return 0;
-+}
-+
-+static CRYPTO_ONCE rand_crngt_init_flag = CRYPTO_ONCE_STATIC_INIT;
-+DEFINE_RUN_ONCE_STATIC(do_rand_crngt_init)
-+{
-+ return OPENSSL_init_crypto(0, NULL)
-+ && rand_crngt_init()
-+ && OPENSSL_atexit(&rand_crngt_cleanup);
-+}
-+
-+int rand_crngt_single_init(void)
-+{
-+ return RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init);
-+}
-+
-+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
-+ unsigned char **pout,
-+ int entropy, size_t min_len, size_t max_len,
-+ int prediction_resistance)
-+{
-+ unsigned char buf[CRNGT_BUFSIZ], md[EVP_MAX_MD_SIZE];
-+ unsigned int sz;
-+ RAND_POOL *pool;
-+ size_t q, r = 0, s, t = 0;
-+ int attempts = 3;
-+
-+ if (!RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init))
-+ return 0;
-+
-+ if ((pool = rand_pool_new(entropy, min_len, max_len)) == NULL)
-+ return 0;
-+
-+ while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) {
-+ s = q > sizeof(buf) ? sizeof(buf) : q;
-+ if (!crngt_get_entropy(buf, md, &sz)
-+ || memcmp(crngt_prev, md, sz) == 0
-+ || !rand_pool_add(pool, buf, s, s * 8))
-+ goto err;
-+ memcpy(crngt_prev, md, sz);
-+ t += s;
-+ attempts++;
-+ }
-+ r = t;
-+ *pout = rand_pool_detach(pool);
-+err:
-+ OPENSSL_cleanse(buf, sizeof(buf));
-+ rand_pool_free(pool);
-+ return r;
-+}
-+
-+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
-+ unsigned char *out, size_t outlen)
-+{
-+ OPENSSL_secure_clear_free(out, outlen);
-+}
-diff -up openssl-1.1.1b/crypto/rand/rand_lcl.h.crng-test openssl-1.1.1b/crypto/rand/rand_lcl.h
---- openssl-1.1.1b/crypto/rand/rand_lcl.h.crng-test 2019-05-07 08:56:33.330177674 +0200
-+++ openssl-1.1.1b/crypto/rand/rand_lcl.h 2019-05-07 09:54:14.933204647 +0200
-@@ -33,7 +33,15 @@
- # define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */
- # define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */
-
--
-+/*
-+ * The number of bytes that constitutes an atomic lump of entropy with respect
-+ * to the FIPS 140-2 section 4.9.2 Conditional Tests. The size is somewhat
-+ * arbitrary, the smaller the value, the less entropy is consumed on first
-+ * read but the higher the probability of the test failing by accident.
-+ *
-+ * The value is in bytes.
-+ */
-+#define CRNGT_BUFSIZ 16
-
- /*
- * Maximum input size for the DRBG (entropy, nonce, personalization string)
-@@ -44,7 +52,8 @@
- */
- # define DRBG_MAX_LENGTH INT32_MAX
-
--
-+/* The default nonce */
-+# define DRBG_DEFAULT_PERS_STRING "OpenSSL NIST SP 800-90A DRBG"
-
- /*
- * Maximum allocation size for RANDOM_POOL buffers
-@@ -290,4 +299,22 @@ int rand_drbg_enable_locking(RAND_DRBG *
- /* initializes the AES-CTR DRBG implementation */
- int drbg_ctr_init(RAND_DRBG *drbg);
-
-+/*
-+ * Entropy call back for the FIPS 140-2 section 4.9.2 Conditional Tests.
-+ * These need to be exposed for the unit tests.
-+ */
-+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
-+ unsigned int *md_size);
-+extern int (*crngt_get_entropy)(unsigned char *buf, unsigned char *md,
-+ unsigned int *md_size);
-+int rand_crngt_init(void);
-+void rand_crngt_cleanup(void);
-+
-+/*
-+ * Expose the run once initialisation function for the unit tests because.
-+ * they need to restart from scratch to validate the first block is skipped
-+ * properly.
-+ */
-+int rand_crngt_single_init(void);
-+
- #endif
-diff -up openssl-1.1.1b/test/drbgtest.c.crng-test openssl-1.1.1b/test/drbgtest.c
---- openssl-1.1.1b/test/drbgtest.c.crng-test 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/test/drbgtest.c 2019-05-07 10:06:24.706551561 +0200
-@@ -143,6 +143,31 @@ static size_t kat_nonce(RAND_DRBG *drbg,
- return t->noncelen;
- }
-
-+ /*
-+ * Disable CRNG testing if it is enabled.
-+ * If the DRBG is ready or in an error state, this means an instantiate cycle
-+ * for which the default personalisation string is used.
-+ */
-+static int disable_crngt(RAND_DRBG *drbg)
-+{
-+ static const char pers[] = DRBG_DEFAULT_PERS_STRING;
-+ const int instantiate = drbg->state != DRBG_UNINITIALISED;
-+
-+ if (drbg->get_entropy != rand_crngt_get_entropy)
-+ return 1;
-+
-+ if ((instantiate && !RAND_DRBG_uninstantiate(drbg))
-+ || !TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_drbg_get_entropy,
-+ &rand_drbg_cleanup_entropy,
-+ &rand_drbg_get_nonce,
-+ &rand_drbg_cleanup_nonce))
-+ || (instantiate
-+ && !RAND_DRBG_instantiate(drbg, (const unsigned char *)pers,
-+ sizeof(pers) - 1)))
-+ return 0;
-+ return 1;
-+}
-+
- static int uninstantiate(RAND_DRBG *drbg)
- {
- int ret = drbg == NULL ? 1 : RAND_DRBG_uninstantiate(drbg);
-@@ -168,7 +193,8 @@ static int single_kat(DRBG_SELFTEST_DATA
- if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL)))
- return 0;
- if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
-- kat_nonce, NULL))) {
-+ kat_nonce, NULL))
-+ || !TEST_true(disable_crngt(drbg))) {
- failures++;
- goto err;
- }
-@@ -286,7 +312,8 @@ static int error_check(DRBG_SELFTEST_DAT
- unsigned int reseed_counter_tmp;
- int ret = 0;
-
-- if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL)))
-+ if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL))
-+ || !TEST_true(disable_crngt(drbg)))
- goto err;
-
- /*
-@@ -699,6 +726,10 @@ static int test_rand_drbg_reseed(void)
- || !TEST_ptr_eq(private->parent, master))
- return 0;
-
-+ /* Disable CRNG testing for the master DRBG */
-+ if (!TEST_true(disable_crngt(master)))
-+ return 0;
-+
- /* uninstantiate the three global DRBGs */
- RAND_DRBG_uninstantiate(private);
- RAND_DRBG_uninstantiate(public);
-@@ -919,7 +950,8 @@ static int test_rand_seed(void)
- size_t rand_buflen;
- size_t required_seed_buflen = 0;
-
-- if (!TEST_ptr(master = RAND_DRBG_get0_master()))
-+ if (!TEST_ptr(master = RAND_DRBG_get0_master())
-+ || !TEST_true(disable_crngt(master)))
- return 0;
-
- #ifdef OPENSSL_RAND_SEED_NONE
-@@ -968,6 +1000,95 @@ static int test_rand_add(void)
- return 1;
- }
-
-+/*
-+ * A list of the FIPS DRGB types.
-+ */
-+static const struct s_drgb_types {
-+ int nid;
-+ int flags;
-+} drgb_types[] = {
-+ { NID_aes_128_ctr, 0 },
-+ { NID_aes_192_ctr, 0 },
-+ { NID_aes_256_ctr, 0 },
-+};
-+
-+/* Six cases for each covers seed sizes up to 32 bytes */
-+static const size_t crngt_num_cases = 6;
-+
-+static size_t crngt_case, crngt_idx;
-+
-+static int crngt_entropy_cb(unsigned char *buf, unsigned char *md,
-+ unsigned int *md_size)
-+{
-+ size_t i, z;
-+
-+ if (!TEST_int_lt(crngt_idx, crngt_num_cases))
-+ return 0;
-+ /* Generate a block of unique data unless this is the duplication point */
-+ z = crngt_idx++;
-+ if (z > 0 && crngt_case == z)
-+ z--;
-+ for (i = 0; i < CRNGT_BUFSIZ; i++)
-+ buf[i] = (unsigned char)(i + 'A' + z);
-+ return EVP_Digest(buf, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
-+}
-+
-+static int test_crngt(int n)
-+{
-+ const struct s_drgb_types *dt = drgb_types + n / crngt_num_cases;
-+ RAND_DRBG *drbg = NULL;
-+ unsigned char buff[100];
-+ size_t ent;
-+ int res = 0;
-+ int expect;
-+
-+ if (!TEST_true(rand_crngt_single_init()))
-+ return 0;
-+ rand_crngt_cleanup();
-+
-+ if (!TEST_ptr(drbg = RAND_DRBG_new(dt->nid, dt->flags, NULL)))
-+ return 0;
-+ ent = (drbg->min_entropylen + CRNGT_BUFSIZ - 1) / CRNGT_BUFSIZ;
-+ crngt_case = n % crngt_num_cases;
-+ crngt_idx = 0;
-+ crngt_get_entropy = &crngt_entropy_cb;
-+ if (!TEST_true(rand_crngt_init()))
-+ goto err;
-+#ifndef OPENSSL_FIPS
-+ if (!TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_crngt_get_entropy,
-+ &rand_crngt_cleanup_entropy,
-+ &rand_drbg_get_nonce,
-+ &rand_drbg_cleanup_nonce)))
-+ goto err;
-+#endif
-+ expect = crngt_case == 0 || crngt_case > ent;
-+ if (!TEST_int_eq(RAND_DRBG_instantiate(drbg, NULL, 0), expect))
-+ goto err;
-+ if (!expect)
-+ goto fin;
-+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
-+ goto err;
-+
-+ expect = crngt_case == 0 || crngt_case > 2 * ent;
-+ if (!TEST_int_eq(RAND_DRBG_reseed(drbg, NULL, 0, 0), expect))
-+ goto err;
-+ if (!expect)
-+ goto fin;
-+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
-+ goto err;
-+
-+fin:
-+ res = 1;
-+err:
-+ if (!res)
-+ TEST_note("DRBG %zd case %zd block %zd", n / crngt_num_cases,
-+ crngt_case, crngt_idx);
-+ uninstantiate(drbg);
-+ RAND_DRBG_free(drbg);
-+ crngt_get_entropy = &rand_crngt_get_entropy_cb;
-+ return res;
-+}
-+
- int setup_tests(void)
- {
- app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
-@@ -980,5 +1101,6 @@ int setup_tests(void)
- #if defined(OPENSSL_THREADS)
- ADD_TEST(test_multi_thread);
- #endif
-+ ADD_ALL_TESTS(test_crngt, crngt_num_cases * OSSL_NELEM(drgb_types));
- return 1;
- }
diff --git a/openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch b/openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch
deleted file mode 100644
index fc60e33..0000000
--- a/openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch
+++ /dev/null
@@ -1,157 +0,0 @@
-diff -up openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand openssl-1.1.1c/crypto/fips/fips.c
---- openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand 2019-05-29 15:53:56.328216002 +0200
-+++ openssl-1.1.1c/crypto/fips/fips.c 2019-05-29 15:53:56.359215457 +0200
-@@ -68,6 +68,7 @@
-
- # include <openssl/fips.h>
- # include "internal/thread_once.h"
-+# include "internal/rand_int.h"
-
- # ifndef PATH_MAX
- # define PATH_MAX 1024
-@@ -76,6 +77,7 @@
- static int fips_selftest_fail = 0;
- static int fips_mode = 0;
- static int fips_started = 0;
-+static int fips_post = 0;
-
- static int fips_is_owning_thread(void);
- static int fips_set_owning_thread(void);
-@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void)
- fips_selftest_fail = 1;
- }
-
-+int fips_in_post(void)
-+{
-+ return fips_post;
-+}
-+
- /* we implement what libfipscheck does ourselves */
-
- static int
-@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff)
- }
- # endif
-
-+ fips_post = 1;
-+
- if (!FIPS_selftest()) {
- fips_selftest_fail = 1;
- ret = 0;
-@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff)
- goto end;
- }
-
-+ fips_post = 0;
-+
- fips_set_mode(onoff);
-+ /* force RNG reseed with entropy from getrandom() on next call */
-+ rand_fork();
-+
- ret = 1;
- goto end;
- }
-diff -up openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand openssl-1.1.1c/crypto/include/internal/fips_int.h
---- openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand 2019-05-29 15:53:56.337215844 +0200
-+++ openssl-1.1.1c/crypto/include/internal/fips_int.h 2019-05-29 15:53:56.359215457 +0200
-@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
- int FIPS_selftest_drbg(void);
- int FIPS_selftest_cmac(void);
-
-+int fips_in_post(void);
-+
- int fips_pkey_signature_test(EVP_PKEY *pkey,
- const unsigned char *tbs, int tbslen,
- const unsigned char *kat,
-diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/crypto/rand/rand_unix.c
---- openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand 2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/crypto/rand/rand_unix.c 2019-05-29 16:54:16.471391802 +0200
-@@ -16,10 +16,12 @@
- #include <openssl/rand.h>
- #include "rand_lcl.h"
- #include "internal/rand_int.h"
-+#include "internal/fips_int.h"
- #include <stdio.h>
- #include "internal/dso.h"
- #if defined(__linux)
--# include <asm/unistd.h>
-+# include <sys/syscall.h>
-+# include <sys/random.h>
- #endif
- #if defined(__FreeBSD__)
- # include <sys/types.h>
-@@ -279,7 +281,7 @@ static ssize_t sysctl_random(char *buf,
- * syscall_random(): Try to get random data using a system call
- * returns the number of bytes returned in buf, or < 0 on error.
- */
--static ssize_t syscall_random(void *buf, size_t buflen)
-+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock)
- {
- /*
- * Note: 'buflen' equals the size of the buffer which is used by the
-@@ -301,6 +303,7 @@ static ssize_t syscall_random(void *buf,
- * - Linux since 3.17 with glibc 2.25
- * - FreeBSD since 12.0 (1200061)
- */
-+# if 0
- # if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
- extern int getentropy(void *buffer, size_t length) __attribute__((weak));
-
-@@ -322,10 +325,10 @@ static ssize_t syscall_random(void *buf,
- if (p_getentropy.p != NULL)
- return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
- # endif
--
-+# endif
- /* Linux supports this since version 3.17 */
--# if defined(__linux) && defined(__NR_getrandom)
-- return syscall(__NR_getrandom, buf, buflen, 0);
-+# if defined(__linux) && defined(SYS_getrandom)
-+ return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
- # elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
- return sysctl_random(buf, buflen);
- # else
-@@ -475,8 +478,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
- size_t bytes_needed;
- size_t entropy_available = 0;
- unsigned char *buffer;
--
- # if defined(OPENSSL_RAND_SEED_GETRANDOM)
-+ int in_post;
-+
-+ for (in_post = fips_in_post(); in_post >= 0; --in_post) {
- {
- ssize_t bytes;
- /* Maximum allowed number of consecutive unsuccessful attempts */
-@@ -485,7 +490,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
- bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
- while (bytes_needed != 0 && attempts-- > 0) {
- buffer = rand_pool_add_begin(pool, bytes_needed);
-- bytes = syscall_random(buffer, bytes_needed);
-+ bytes = syscall_random(buffer, bytes_needed, in_post);
- if (bytes > 0) {
- rand_pool_add_end(pool, bytes, 8 * bytes);
- bytes_needed -= bytes;
-@@ -540,8 +545,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
- int attempts = 3;
- const int fd = get_random_device(i);
-
-- if (fd == -1)
-+ if (fd == -1) {
-+ OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]);
- continue;
-+ }
-
- while (bytes_needed != 0 && attempts-- > 0) {
- buffer = rand_pool_add_begin(pool, bytes_needed);
-@@ -601,7 +608,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
- }
- }
- # endif
--
-+# ifdef OPENSSL_RAND_SEED_GETRANDOM
-+ }
-+# endif
- return rand_pool_entropy_available(pool);
- # endif
- }
diff --git a/openssl-freefilesync/openssl-1.1.1-fips.patch b/openssl-freefilesync/openssl-1.1.1-fips.patch
deleted file mode 100644
index 3ff5aa4..0000000
--- a/openssl-freefilesync/openssl-1.1.1-fips.patch
+++ /dev/null
@@ -1,11852 +0,0 @@
-diff -up openssl-1.1.1b/apps/pkcs12.c.fips openssl-1.1.1b/apps/pkcs12.c
---- openssl-1.1.1b/apps/pkcs12.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/apps/pkcs12.c 2019-05-24 12:08:40.524523735 +0200
-@@ -126,7 +126,7 @@ int pkcs12_main(int argc, char **argv)
- int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
- int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
- # ifndef OPENSSL_NO_RC2
-- int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
-+ int cert_pbe = FIPS_mode() ? NID_pbe_WithSHA1And3_Key_TripleDES_CBC : NID_pbe_WithSHA1And40BitRC2_CBC;
- # else
- int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
- # endif
-diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c
---- openssl-1.1.1b/apps/speed.c.fips 2019-05-07 11:52:35.887597899 +0200
-+++ openssl-1.1.1b/apps/speed.c 2019-05-07 16:51:36.946350159 +0200
-@@ -1592,7 +1592,8 @@ int speed_main(int argc, char **argv)
- continue;
- if (strcmp(*argv, "rsa") == 0) {
- for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++)
-- rsa_doit[loop] = 1;
-+ if (!FIPS_mode() || loop != R_RSA_512)
-+ rsa_doit[loop] = 1;
- continue;
- }
- if (found(*argv, rsa_choices, &i)) {
-@@ -1602,7 +1603,9 @@ int speed_main(int argc, char **argv)
- #endif
- #ifndef OPENSSL_NO_DSA
- if (strcmp(*argv, "dsa") == 0) {
-- dsa_doit[R_DSA_512] = dsa_doit[R_DSA_1024] =
-+ if (!FIPS_mode())
-+ dsa_doit[R_DSA_512] = 1;
-+ dsa_doit[R_DSA_1024] =
- dsa_doit[R_DSA_2048] = 1;
- continue;
- }
-@@ -1633,19 +1636,21 @@ int speed_main(int argc, char **argv)
- }
- if (strcmp(*argv, "ecdh") == 0) {
- for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
-- ecdh_doit[loop] = 1;
-+ if(!FIPS_mode() || (loop != R_EC_X25519 && loop != R_EC_X448))
-+ ecdh_doit[loop] = 1;
- continue;
- }
- if (found(*argv, ecdh_choices, &i)) {
-- ecdh_doit[i] = 2;
-+ if(!FIPS_mode() || (i != R_EC_X25519 && i != R_EC_X448))
-+ ecdh_doit[i] = 2;
- continue;
- }
-- if (strcmp(*argv, "eddsa") == 0) {
-+ if (!FIPS_mode() && strcmp(*argv, "eddsa") == 0) {
- for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++)
- eddsa_doit[loop] = 1;
- continue;
- }
-- if (found(*argv, eddsa_choices, &i)) {
-+ if (!FIPS_mode() && found(*argv, eddsa_choices, &i)) {
- eddsa_doit[i] = 2;
- continue;
- }
-@@ -1734,23 +1739,30 @@ int speed_main(int argc, char **argv)
- /* No parameters; turn on everything. */
- if ((argc == 0) && !doit[D_EVP]) {
- for (i = 0; i < ALGOR_NUM; i++)
-- if (i != D_EVP)
-+ if (i != D_EVP &&
-+ (!FIPS_mode() || (i != D_WHIRLPOOL &&
-+ i != D_MD2 && i != D_MD4 &&
-+ i != D_MD5 && i != D_MDC2 &&
-+ i != D_RMD160)))
- doit[i] = 1;
- #ifndef OPENSSL_NO_RSA
- for (i = 0; i < RSA_NUM; i++)
-- rsa_doit[i] = 1;
-+ if (!FIPS_mode() || i != R_RSA_512)
-+ rsa_doit[i] = 1;
- #endif
- #ifndef OPENSSL_NO_DSA
- for (i = 0; i < DSA_NUM; i++)
-- dsa_doit[i] = 1;
-+ if (!FIPS_mode() || i != R_DSA_512)
-+ dsa_doit[i] = 1;
- #endif
- #ifndef OPENSSL_NO_EC
- for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
- ecdsa_doit[loop] = 1;
- for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
- ecdh_doit[loop] = 1;
-- for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++)
-- eddsa_doit[loop] = 1;
-+ if (!FIPS_mode())
-+ for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++)
-+ eddsa_doit[loop] = 1;
- #endif
- }
- for (i = 0; i < ALGOR_NUM; i++)
-@@ -1798,30 +1810,46 @@ int speed_main(int argc, char **argv)
- AES_set_encrypt_key(key24, 192, &aes_ks2);
- AES_set_encrypt_key(key32, 256, &aes_ks3);
- #ifndef OPENSSL_NO_CAMELLIA
-- Camellia_set_key(key16, 128, &camellia_ks1);
-- Camellia_set_key(ckey24, 192, &camellia_ks2);
-- Camellia_set_key(ckey32, 256, &camellia_ks3);
-+ if (doit[D_CBC_128_CML] || doit[D_CBC_192_CML] || doit[D_CBC_256_CML]) {
-+ Camellia_set_key(key16, 128, &camellia_ks1);
-+ Camellia_set_key(ckey24, 192, &camellia_ks2);
-+ Camellia_set_key(ckey32, 256, &camellia_ks3);
-+ }
- #endif
- #ifndef OPENSSL_NO_IDEA
-- IDEA_set_encrypt_key(key16, &idea_ks);
-+ if (doit[D_CBC_IDEA]) {
-+ IDEA_set_encrypt_key(key16, &idea_ks);
-+ }
- #endif
- #ifndef OPENSSL_NO_SEED
-- SEED_set_key(key16, &seed_ks);
-+ if (doit[D_CBC_SEED]) {
-+ SEED_set_key(key16, &seed_ks);
-+ }
- #endif
- #ifndef OPENSSL_NO_RC4
-- RC4_set_key(&rc4_ks, 16, key16);
-+ if (doit[D_RC4]) {
-+ RC4_set_key(&rc4_ks, 16, key16);
-+ }
- #endif
- #ifndef OPENSSL_NO_RC2
-- RC2_set_key(&rc2_ks, 16, key16, 128);
-+ if (doit[D_CBC_RC2]) {
-+ RC2_set_key(&rc2_ks, 16, key16, 128);
-+ }
- #endif
- #ifndef OPENSSL_NO_RC5
-- RC5_32_set_key(&rc5_ks, 16, key16, 12);
-+ if (doit[D_CBC_RC5]) {
-+ RC5_32_set_key(&rc5_ks, 16, key16, 12);
-+ }
- #endif
- #ifndef OPENSSL_NO_BF
-- BF_set_key(&bf_ks, 16, key16);
-+ if (doit[D_CBC_BF]) {
-+ BF_set_key(&bf_ks, 16, key16);
-+ }
- #endif
- #ifndef OPENSSL_NO_CAST
-- CAST_set_key(&cast_ks, 16, key16);
-+ if (doit[D_CBC_CAST]) {
-+ CAST_set_key(&cast_ks, 16, key16);
-+ }
- #endif
- #ifndef SIGALRM
- # ifndef OPENSSL_NO_DES
-@@ -2118,6 +2146,7 @@ int speed_main(int argc, char **argv)
-
- for (i = 0; i < loopargs_len; i++) {
- loopargs[i].hctx = HMAC_CTX_new();
-+ HMAC_CTX_set_flags(loopargs[i].hctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- if (loopargs[i].hctx == NULL) {
- BIO_printf(bio_err, "HMAC malloc failure, exiting...");
- exit(1);
-diff -up openssl-1.1.1b/Configure.fips openssl-1.1.1b/Configure
---- openssl-1.1.1b/Configure.fips 2019-02-28 11:30:06.775746246 +0100
-+++ openssl-1.1.1b/Configure 2019-02-28 11:30:06.779746172 +0100
-@@ -313,7 +313,7 @@ $config{sdirs} = [
- "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3",
- "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes",
- "bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine",
-- "buffer", "bio", "stack", "lhash", "rand", "err",
-+ "buffer", "bio", "stack", "lhash", "rand", "err", "fips",
- "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
- "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"
- ];
-diff -up openssl-1.1.1b/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1b/crypto/cmac/cm_pmeth.c
---- openssl-1.1.1b/crypto/cmac/cm_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/cmac/cm_pmeth.c 2019-05-06 14:55:32.866749109 +0200
-@@ -129,7 +129,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C
-
- const EVP_PKEY_METHOD cmac_pkey_meth = {
- EVP_PKEY_CMAC,
-- EVP_PKEY_FLAG_SIGCTX_CUSTOM,
-+ EVP_PKEY_FLAG_SIGCTX_CUSTOM | EVP_PKEY_FLAG_FIPS,
- pkey_cmac_init,
- pkey_cmac_copy,
- pkey_cmac_cleanup,
-diff -up openssl-1.1.1b/crypto/dh/dh_err.c.fips openssl-1.1.1b/crypto/dh/dh_err.c
---- openssl-1.1.1b/crypto/dh/dh_err.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/dh/dh_err.c 2019-02-28 11:30:06.779746172 +0100
-@@ -25,6 +25,9 @@ static const ERR_STRING_DATA DH_str_func
- {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"},
- {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0),
- "dh_cms_set_shared_info"},
-+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_COMPUTE_KEY, 0), "DH_compute_key"},
-+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_KEY, 0), "DH_generate_key"},
-+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_PARAMETERS_EX, 0), "DH_generate_parameters_ex"},
- {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_DUP, 0), "DH_meth_dup"},
- {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_NEW, 0), "DH_meth_new"},
- {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_SET1_NAME, 0), "DH_meth_set1_name"},
-@@ -72,12 +75,14 @@ static const ERR_STRING_DATA DH_str_reas
- {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PUBKEY), "invalid public key"},
- {ERR_PACK(ERR_LIB_DH, 0, DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
- {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEYS_NOT_SET), "keys not set"},
-+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEY_SIZE_TOO_SMALL), "key size too small"},
- {ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"},
- {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"},
- {ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR),
- "not suitable generator"},
- {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"},
- {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"},
-+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_NON_FIPS_METHOD), "non FIPS method"},
- {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
- "parameter encoding error"},
- {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
-diff -up openssl-1.1.1b/crypto/dh/dh_gen.c.fips openssl-1.1.1b/crypto/dh/dh_gen.c
---- openssl-1.1.1b/crypto/dh/dh_gen.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/dh/dh_gen.c 2019-02-28 11:30:06.780746153 +0100
-@@ -16,6 +16,9 @@
- #include "internal/cryptlib.h"
- #include <openssl/bn.h>
- #include "dh_locl.h"
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-
- static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
- BN_GENCB *cb);
-@@ -23,6 +26,13 @@ static int dh_builtin_genparams(DH *ret,
- int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
- BN_GENCB *cb)
- {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
-+ && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW)) {
-+ DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
-+ return 0;
-+ }
-+#endif
- if (ret->meth->generate_params)
- return ret->meth->generate_params(ret, prime_len, generator, cb);
- return dh_builtin_genparams(ret, prime_len, generator, cb);
-@@ -62,6 +72,18 @@ static int dh_builtin_genparams(DH *ret,
- int g, ok = -1;
- BN_CTX *ctx = NULL;
-
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return 0;
-+ }
-+
-+ if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN)) {
-+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
-+ goto err;
-+ }
-+#endif
-+
- ctx = BN_CTX_new();
- if (ctx == NULL)
- goto err;
-diff -up openssl-1.1.1b/crypto/dh/dh_key.c.fips openssl-1.1.1b/crypto/dh/dh_key.c
---- openssl-1.1.1b/crypto/dh/dh_key.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/dh/dh_key.c 2019-02-28 11:30:06.780746153 +0100
-@@ -11,6 +11,9 @@
- #include "internal/cryptlib.h"
- #include "dh_locl.h"
- #include "internal/bn_int.h"
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-
- static int generate_key(DH *dh);
- static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
-@@ -22,18 +25,32 @@ static int dh_finish(DH *dh);
-
- int DH_generate_key(DH *dh)
- {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-+ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) {
-+ DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
-+ return 0;
-+ }
-+#endif
- return dh->meth->generate_key(dh);
- }
-
- int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-+ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) {
-+ DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
-+ return 0;
-+ }
-+#endif
- return dh->meth->compute_key(key, pub_key, dh);
- }
-
- int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
- int rv, pad;
-- rv = dh->meth->compute_key(key, pub_key, dh);
-+ rv = DH_compute_key(key, pub_key, dh);
- if (rv <= 0)
- return rv;
- pad = BN_num_bytes(dh->p) - rv;
-@@ -82,6 +99,14 @@ static int generate_key(DH *dh)
- BN_MONT_CTX *mont = NULL;
- BIGNUM *pub_key = NULL, *priv_key = NULL;
-
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode()
-+ && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) {
-+ DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
-+ return 0;
-+ }
-+#endif
-+
- if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
- DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
- return 0;
-@@ -170,6 +195,13 @@ static int compute_key(unsigned char *ke
- DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
- goto err;
- }
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode()
-+ && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) {
-+ DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
-+ goto err;
-+ }
-+#endif
-
- ctx = BN_CTX_new();
- if (ctx == NULL)
-@@ -221,6 +253,9 @@ static int dh_bn_mod_exp(const DH *dh, B
-
- static int dh_init(DH *dh)
- {
-+#ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+#endif
- dh->flags |= DH_FLAG_CACHE_MONT_P;
- return 1;
- }
-diff -up openssl-1.1.1b/crypto/dh/dh_pmeth.c.fips openssl-1.1.1b/crypto/dh/dh_pmeth.c
---- openssl-1.1.1b/crypto/dh/dh_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/dh/dh_pmeth.c 2019-05-06 14:57:29.184723430 +0200
-@@ -480,7 +480,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *
-
- const EVP_PKEY_METHOD dh_pkey_meth = {
- EVP_PKEY_DH,
-- 0,
-+ EVP_PKEY_FLAG_FIPS,
- pkey_dh_init,
- pkey_dh_copy,
- pkey_dh_cleanup,
-@@ -514,7 +514,7 @@ const EVP_PKEY_METHOD dh_pkey_meth = {
-
- const EVP_PKEY_METHOD dhx_pkey_meth = {
- EVP_PKEY_DHX,
-- 0,
-+ EVP_PKEY_FLAG_FIPS,
- pkey_dh_init,
- pkey_dh_copy,
- pkey_dh_cleanup,
-diff -up openssl-1.1.1b/crypto/dsa/dsa_err.c.fips openssl-1.1.1b/crypto/dsa/dsa_err.c
---- openssl-1.1.1b/crypto/dsa/dsa_err.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/dsa/dsa_err.c 2019-02-28 11:30:06.798745819 +0100
-@@ -16,12 +16,15 @@
- static const ERR_STRING_DATA DSA_str_functs[] = {
- {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"},
- {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT_FP, 0), "DSAparams_print_fp"},
-+ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_KEYGEN, 0), "dsa_builtin_keygen"},
- {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN, 0),
- "dsa_builtin_paramgen"},
- {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN2, 0),
- "dsa_builtin_paramgen2"},
- {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, 0), "DSA_do_sign"},
- {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_VERIFY, 0), "DSA_do_verify"},
-+ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_KEY, 0), "DSA_generate_key"},
-+ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_PARAMETERS_EX, 0), "DSA_generate_parameters_ex"},
- {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"},
- {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"},
- {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"},
-@@ -51,9 +54,12 @@ static const ERR_STRING_DATA DSA_str_rea
- {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE),
- "invalid digest type"},
- {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"},
-+ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_KEY_SIZE_INVALID), "key size invalid"},
-+ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_KEY_SIZE_TOO_SMALL), "key size too small"},
- {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"},
- {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
- {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"},
-+ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NON_FIPS_DSA_METHOD), "non FIPS DSA method"},
- {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR),
- "parameter encoding error"},
- {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"},
-diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_gen.c
---- openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/dsa/dsa_gen.c 2019-02-28 11:30:06.799745800 +0100
-@@ -22,12 +22,22 @@
- #include <openssl/rand.h>
- #include <openssl/sha.h>
- #include "dsa_locl.h"
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-
- int DSA_generate_parameters_ex(DSA *ret, int bits,
- const unsigned char *seed_in, int seed_len,
- int *counter_ret, unsigned long *h_ret,
- BN_GENCB *cb)
- {
-+# ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)
-+ && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
-+ DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD);
-+ return 0;
-+ }
-+# endif
- if (ret->meth->dsa_paramgen)
- return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
- counter_ret, h_ret, cb);
-@@ -35,9 +45,15 @@ int DSA_generate_parameters_ex(DSA *ret,
- const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1();
- size_t qbits = EVP_MD_size(evpmd) * 8;
-
-+# ifdef OPENSSL_FIPS
-+ return dsa_builtin_paramgen2(ret, bits, qbits, evpmd,
-+ seed_in, seed_len, -1, NULL, counter_ret,
-+ h_ret, cb);
-+# else
- return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
- seed_in, seed_len, NULL, counter_ret,
- h_ret, cb);
-+# endif
- }
- }
-
-@@ -310,7 +326,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
- int *counter_ret, unsigned long *h_ret,
- BN_GENCB *cb)
- {
-- int ok = -1;
-+ int ok = 0;
- unsigned char *seed = NULL, *seed_tmp = NULL;
- unsigned char md[EVP_MAX_MD_SIZE];
- int mdsize;
-@@ -333,6 +349,20 @@ int dsa_builtin_paramgen2(DSA *ret, size
- goto err;
- }
-
-+# ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN2, FIPS_R_FIPS_SELFTEST_FAILED);
-+ goto err;
-+ }
-+
-+ if (FIPS_mode() && (L != 1024 || N != 160) &&
-+ (L != 2048 || N != 224) && (L != 2048 || N != 256) &&
-+ (L != 3072 || N != 256)) {
-+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_KEY_SIZE_INVALID);
-+ goto err;
-+ }
-+# endif
-+
- if (evpmd == NULL) {
- if (N == 160)
- evpmd = EVP_sha1();
-@@ -433,9 +463,10 @@ int dsa_builtin_paramgen2(DSA *ret, size
- goto err;
- /* Provided seed didn't produce a prime: error */
- if (seed_in) {
-- ok = 0;
-- DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_Q_NOT_PRIME);
-- goto err;
-+ /* Different seed_out will indicate that seed_in
-+ * did not generate primes.
-+ */
-+ seed_in = NULL;
- }
-
- /* do a callback call */
-@@ -521,11 +552,14 @@ int dsa_builtin_paramgen2(DSA *ret, size
- if (counter >= (int)(4 * L))
- break;
- }
-+#if 0
-+ /* Cannot happen */
- if (seed_in) {
- ok = 0;
- DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
- goto err;
- }
-+#endif
- }
- end:
- if (!BN_GENCB_call(cb, 2, 1))
-@@ -596,7 +630,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
- BN_free(ret->g);
- ret->g = BN_dup(g);
- if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
-- ok = -1;
-+ ok = 0;
- goto err;
- }
- if (counter_ret != NULL)
-@@ -614,3 +648,53 @@ int dsa_builtin_paramgen2(DSA *ret, size
- EVP_MD_CTX_free(mctx);
- return ok;
- }
-+
-+#ifdef OPENSSL_FIPS
-+
-+int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
-+ const EVP_MD *evpmd, const unsigned char *seed_in,
-+ size_t seed_len, int idx, unsigned char *seed_out,
-+ int *counter_ret, unsigned long *h_ret,
-+ BN_GENCB *cb)
-+{
-+ return dsa_builtin_paramgen2(ret, L, N, evpmd, seed_in, seed_len,
-+ idx, seed_out, counter_ret, h_ret, cb);
-+}
-+
-+int FIPS_dsa_paramgen_check_g(DSA *dsa)
-+{
-+ BN_CTX *ctx;
-+ BIGNUM *tmp;
-+ BN_MONT_CTX *mont = NULL;
-+ int rv = -1;
-+
-+ ctx = BN_CTX_new();
-+ if (ctx == NULL)
-+ return -1;
-+ if (BN_cmp(dsa->g, BN_value_one()) <= 0)
-+ return 0;
-+ if (BN_cmp(dsa->g, dsa->p) >= 0)
-+ return 0;
-+ BN_CTX_start(ctx);
-+ tmp = BN_CTX_get(ctx);
-+ if (tmp == NULL)
-+ goto err;
-+ if ((mont=BN_MONT_CTX_new()) == NULL)
-+ goto err;
-+ if (!BN_MONT_CTX_set(mont,dsa->p,ctx))
-+ goto err;
-+ /* Work out g^q mod p */
-+ if (!BN_mod_exp_mont(tmp,dsa->g,dsa->q, dsa->p, ctx, mont))
-+ goto err;
-+ if (!BN_cmp(tmp, BN_value_one()))
-+ rv = 1;
-+ else
-+ rv = 0;
-+ err:
-+ BN_CTX_end(ctx);
-+ BN_MONT_CTX_free(mont);
-+ BN_CTX_free(ctx);
-+ return rv;
-+}
-+
-+#endif
-diff -up openssl-1.1.1b/crypto/dsa/dsa_key.c.fips openssl-1.1.1b/crypto/dsa/dsa_key.c
---- openssl-1.1.1b/crypto/dsa/dsa_key.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/dsa/dsa_key.c 2019-02-28 11:30:06.799745800 +0100
-@@ -13,10 +13,49 @@
- #include <openssl/bn.h>
- #include "dsa_locl.h"
-
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+# include "internal/fips_int.h"
-+
-+static int fips_check_dsa(DSA *dsa)
-+{
-+ EVP_PKEY *pk;
-+ unsigned char tbs[] = "DSA Pairwise Check Data";
-+ int ret = 0;
-+
-+ if ((pk = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ EVP_PKEY_set1_DSA(pk, dsa);
-+
-+ if (fips_pkey_signature_test(pk, tbs, -1, NULL, 0, NULL, 0, NULL))
-+ ret = 1;
-+
-+ err:
-+ if (ret == 0) {
-+ FIPSerr(FIPS_F_FIPS_CHECK_DSA, FIPS_R_PAIRWISE_TEST_FAILED);
-+ fips_set_selftest_fail();
-+ }
-+
-+ if (pk)
-+ EVP_PKEY_free(pk);
-+
-+ return ret;
-+}
-+
-+#endif
-+
- static int dsa_builtin_keygen(DSA *dsa);
-
- int DSA_generate_key(DSA *dsa)
- {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-+ && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
-+ DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD);
-+ return 0;
-+ }
-+#endif
- if (dsa->meth->dsa_keygen)
- return dsa->meth->dsa_keygen(dsa);
- return dsa_builtin_keygen(dsa);
-@@ -28,6 +67,14 @@ static int dsa_builtin_keygen(DSA *dsa)
- BN_CTX *ctx = NULL;
- BIGNUM *pub_key = NULL, *priv_key = NULL;
-
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
-+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN)) {
-+ DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
-+ goto err;
-+ }
-+#endif
-+
- if ((ctx = BN_CTX_new()) == NULL)
- goto err;
-
-@@ -65,6 +112,13 @@ static int dsa_builtin_keygen(DSA *dsa)
-
- dsa->priv_key = priv_key;
- dsa->pub_key = pub_key;
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !fips_check_dsa(dsa)) {
-+ dsa->pub_key = NULL;
-+ dsa->priv_key = NULL;
-+ goto err;
-+ }
-+#endif
- ok = 1;
-
- err:
-diff -up openssl-1.1.1b/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1b/crypto/dsa/dsa_ossl.c
---- openssl-1.1.1b/crypto/dsa/dsa_ossl.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/dsa/dsa_ossl.c 2019-02-28 11:30:06.800745781 +0100
-@@ -14,6 +14,9 @@
- #include <openssl/sha.h>
- #include "dsa_locl.h"
- #include <openssl/asn1.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-
- static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
- static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
-@@ -73,6 +76,19 @@ static DSA_SIG *dsa_do_sign(const unsign
- goto err;
- }
-
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_DSA_DO_SIGN, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return NULL;
-+ }
-+
-+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
-+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);
-+ return NULL;
-+ }
-+#endif
-+
- ret = DSA_SIG_new();
- if (ret == NULL)
- goto err;
-@@ -301,6 +317,18 @@ static int dsa_do_verify(const unsigned
- DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);
- return -1;
- }
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_DSA_DO_VERIFY, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return -1;
-+ }
-+
-+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
-+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);
-+ return -1;
-+ }
-+#endif
-
- if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
- DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);
-@@ -389,6 +417,9 @@ static int dsa_do_verify(const unsigned
-
- static int dsa_init(DSA *dsa)
- {
-+#ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+#endif
- dsa->flags |= DSA_FLAG_CACHE_MONT_P;
- return 1;
- }
-diff -up openssl-1.1.1b/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1b/crypto/dsa/dsa_pmeth.c
---- openssl-1.1.1b/crypto/dsa/dsa_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/dsa/dsa_pmeth.c 2019-02-28 11:30:06.800745781 +0100
-@@ -211,8 +211,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
- BN_GENCB_free(pcb);
- return 0;
- }
-- ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
-- NULL, 0, NULL, NULL, NULL, pcb);
-+ ret = dsa_builtin_paramgen2(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
-+ NULL, 0, -1, NULL, NULL, NULL, pcb);
- BN_GENCB_free(pcb);
- if (ret)
- EVP_PKEY_assign_DSA(pkey, dsa);
-@@ -241,7 +241,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX
-
- const EVP_PKEY_METHOD dsa_pkey_meth = {
- EVP_PKEY_DSA,
-- EVP_PKEY_FLAG_AUTOARGLEN,
-+ EVP_PKEY_FLAG_AUTOARGLEN | EVP_PKEY_FLAG_FIPS,
- pkey_dsa_init,
- pkey_dsa_copy,
- pkey_dsa_cleanup,
-diff -up openssl-1.1.1b/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1b/crypto/ec/ecdh_ossl.c
---- openssl-1.1.1b/crypto/ec/ecdh_ossl.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/ec/ecdh_ossl.c 2019-02-28 11:30:06.801745763 +0100
-@@ -19,9 +19,20 @@
- #include <openssl/ec.h>
- #include "ec_lcl.h"
-
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-+
- int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen,
- const EC_POINT *pub_key, const EC_KEY *ecdh)
- {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_ECDH_COMPUTE_KEY, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return -1;
-+ }
-+#endif
-+
- if (ecdh->group->meth->ecdh_compute_key == NULL) {
- ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH);
- return 0;
-diff -up openssl-1.1.1b/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1b/crypto/ec/ecdsa_ossl.c
---- openssl-1.1.1b/crypto/ec/ecdsa_ossl.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/ec/ecdsa_ossl.c 2019-02-28 11:30:06.801745763 +0100
-@@ -14,6 +14,10 @@
- #include "internal/bn_int.h"
- #include "ec_lcl.h"
-
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-+
- int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
- unsigned char *sig, unsigned int *siglen,
- const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
-@@ -159,6 +163,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
- ECDSA_SIG *ret;
- const BIGNUM *priv_key;
-
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_OSSL_ECDSA_SIGN_SIG, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return NULL;
-+ }
-+#endif
-+
- group = EC_KEY_get0_group(eckey);
- priv_key = EC_KEY_get0_private_key(eckey);
-
-@@ -317,6 +328,13 @@ int ossl_ecdsa_verify_sig(const unsigned
- const EC_GROUP *group;
- const EC_POINT *pub_key;
-
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_OSSL_ECDSA_VERIFY_SIG, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return -1;
-+ }
-+#endif
-+
- /* check input values */
- if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
- (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
-diff -up openssl-1.1.1b/crypto/ec/ec_key.c.fips openssl-1.1.1b/crypto/ec/ec_key.c
---- openssl-1.1.1b/crypto/ec/ec_key.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/ec/ec_key.c 2019-02-28 11:30:06.802745744 +0100
-@@ -178,14 +178,62 @@ ENGINE *EC_KEY_get0_engine(const EC_KEY
- return eckey->engine;
- }
-
-+#ifdef OPENSSL_FIPS
-+
-+# include <openssl/fips.h>
-+# include "internal/fips_int.h"
-+
-+static int fips_check_ec(EC_KEY *key)
-+{
-+ EVP_PKEY *pk;
-+ unsigned char tbs[] = "ECDSA Pairwise Check Data";
-+ int ret = 0;
-+
-+ if (!EC_KEY_can_sign(key)) /* no test for non-signing keys */
-+ return 1;
-+
-+ if ((pk = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ EVP_PKEY_set1_EC_KEY(pk, key);
-+
-+ if (fips_pkey_signature_test(pk, tbs, -1, NULL, 0, NULL, 0, NULL))
-+ ret = 1;
-+
-+ err:
-+ if (ret == 0) {
-+ FIPSerr(FIPS_F_FIPS_CHECK_EC, FIPS_R_PAIRWISE_TEST_FAILED);
-+ fips_set_selftest_fail();
-+ }
-+ if (pk)
-+ EVP_PKEY_free(pk);
-+ return ret;
-+}
-+
-+#endif
-+
- int EC_KEY_generate_key(EC_KEY *eckey)
- {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_NOT_INITIALIZED);
-+ return 0;
-+ }
-+#endif
- if (eckey == NULL || eckey->group == NULL) {
- ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-- if (eckey->meth->keygen != NULL)
-- return eckey->meth->keygen(eckey);
-+ if (eckey->meth->keygen != NULL) {
-+ int rv = eckey->meth->keygen(eckey);
-+
-+#ifdef OPENSSL_FIPS
-+ if (rv > 0 && FIPS_mode()) {
-+ rv = fips_check_ec(eckey);
-+ }
-+#endif
-+ return rv;
-+ }
- ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
- return 0;
- }
-diff -up openssl-1.1.1b/crypto/ec/ec_pmeth.c.fips openssl-1.1.1b/crypto/ec/ec_pmeth.c
---- openssl-1.1.1b/crypto/ec/ec_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/ec/ec_pmeth.c 2019-05-06 14:47:34.651077251 +0200
-@@ -434,7 +434,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *
-
- const EVP_PKEY_METHOD ec_pkey_meth = {
- EVP_PKEY_EC,
-- 0,
-+ EVP_PKEY_FLAG_FIPS,
- pkey_ec_init,
- pkey_ec_copy,
- pkey_ec_cleanup,
-diff -up openssl-1.1.1b/crypto/evp/c_allc.c.fips openssl-1.1.1b/crypto/evp/c_allc.c
---- openssl-1.1.1b/crypto/evp/c_allc.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/evp/c_allc.c 2019-02-28 11:30:06.802745744 +0100
-@@ -17,6 +17,9 @@
- void openssl_add_all_ciphers_int(void)
- {
-
-+#ifdef OPENSSL_FIPS
-+ if (!FIPS_mode()) {
-+#endif
- #ifndef OPENSSL_NO_DES
- EVP_add_cipher(EVP_des_cfb());
- EVP_add_cipher(EVP_des_cfb1());
-@@ -263,4 +266,70 @@ void openssl_add_all_ciphers_int(void)
- EVP_add_cipher(EVP_chacha20_poly1305());
- # endif
- #endif
-+#ifdef OPENSSL_FIPS
-+ } else {
-+# ifndef OPENSSL_NO_DES
-+ EVP_add_cipher(EVP_des_ede3_cfb());
-+
-+ EVP_add_cipher(EVP_des_ede3_ofb());
-+
-+ EVP_add_cipher(EVP_des_ede3_cbc());
-+ EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3");
-+ EVP_add_cipher_alias(SN_des_ede3_cbc, "des3");
-+
-+ EVP_add_cipher(EVP_des_ede3());
-+ EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB");
-+ EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb");
-+ EVP_add_cipher(EVP_des_ede3_wrap());
-+ EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap");
-+# endif
-+
-+# ifndef OPENSSL_NO_AES
-+ EVP_add_cipher(EVP_aes_128_ecb());
-+ EVP_add_cipher(EVP_aes_128_cbc());
-+ EVP_add_cipher(EVP_aes_128_cfb());
-+ EVP_add_cipher(EVP_aes_128_cfb1());
-+ EVP_add_cipher(EVP_aes_128_cfb8());
-+ EVP_add_cipher(EVP_aes_128_ofb());
-+ EVP_add_cipher(EVP_aes_128_ctr());
-+ EVP_add_cipher(EVP_aes_128_gcm());
-+ EVP_add_cipher(EVP_aes_128_xts());
-+ EVP_add_cipher(EVP_aes_128_ccm());
-+ EVP_add_cipher(EVP_aes_128_wrap());
-+ EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap");
-+ EVP_add_cipher(EVP_aes_128_wrap_pad());
-+ EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
-+ EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
-+ EVP_add_cipher(EVP_aes_192_ecb());
-+ EVP_add_cipher(EVP_aes_192_cbc());
-+ EVP_add_cipher(EVP_aes_192_cfb());
-+ EVP_add_cipher(EVP_aes_192_cfb1());
-+ EVP_add_cipher(EVP_aes_192_cfb8());
-+ EVP_add_cipher(EVP_aes_192_ofb());
-+ EVP_add_cipher(EVP_aes_192_ctr());
-+ EVP_add_cipher(EVP_aes_192_gcm());
-+ EVP_add_cipher(EVP_aes_192_ccm());
-+ EVP_add_cipher(EVP_aes_192_wrap());
-+ EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap");
-+ EVP_add_cipher(EVP_aes_192_wrap_pad());
-+ EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
-+ EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
-+ EVP_add_cipher(EVP_aes_256_ecb());
-+ EVP_add_cipher(EVP_aes_256_cbc());
-+ EVP_add_cipher(EVP_aes_256_cfb());
-+ EVP_add_cipher(EVP_aes_256_cfb1());
-+ EVP_add_cipher(EVP_aes_256_cfb8());
-+ EVP_add_cipher(EVP_aes_256_ofb());
-+ EVP_add_cipher(EVP_aes_256_ctr());
-+ EVP_add_cipher(EVP_aes_256_gcm());
-+ EVP_add_cipher(EVP_aes_256_xts());
-+ EVP_add_cipher(EVP_aes_256_ccm());
-+ EVP_add_cipher(EVP_aes_256_wrap());
-+ EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap");
-+ EVP_add_cipher(EVP_aes_256_wrap_pad());
-+ EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
-+ EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
-+# endif
-+ }
-+#endif
- }
-diff -up openssl-1.1.1b/crypto/evp/c_alld.c.fips openssl-1.1.1b/crypto/evp/c_alld.c
---- openssl-1.1.1b/crypto/evp/c_alld.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/evp/c_alld.c 2019-02-28 11:30:06.803745726 +0100
-@@ -16,6 +16,9 @@
-
- void openssl_add_all_digests_int(void)
- {
-+#ifdef OPENSSL_FIPS
-+ if (!FIPS_mode()) {
-+#endif
- #ifndef OPENSSL_NO_MD4
- EVP_add_digest(EVP_md4());
- #endif
-@@ -57,4 +60,24 @@ void openssl_add_all_digests_int(void)
- EVP_add_digest(EVP_sha3_512());
- EVP_add_digest(EVP_shake128());
- EVP_add_digest(EVP_shake256());
-+#ifdef OPENSSL_FIPS
-+ } else {
-+ EVP_add_digest(EVP_md5_sha1());
-+ EVP_add_digest(EVP_sha1());
-+ EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
-+ EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
-+ EVP_add_digest(EVP_sha224());
-+ EVP_add_digest(EVP_sha256());
-+ EVP_add_digest(EVP_sha384());
-+ EVP_add_digest(EVP_sha512());
-+ EVP_add_digest(EVP_sha512_224());
-+ EVP_add_digest(EVP_sha512_256());
-+ EVP_add_digest(EVP_sha3_224());
-+ EVP_add_digest(EVP_sha3_256());
-+ EVP_add_digest(EVP_sha3_384());
-+ EVP_add_digest(EVP_sha3_512());
-+ EVP_add_digest(EVP_shake128());
-+ EVP_add_digest(EVP_shake256());
-+ }
-+#endif
- }
-diff -up openssl-1.1.1c/crypto/evp/digest.c.fips openssl-1.1.1c/crypto/evp/digest.c
---- openssl-1.1.1c/crypto/evp/digest.c.fips 2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/crypto/evp/digest.c 2019-05-29 15:47:59.220499971 +0200
-@@ -14,6 +14,9 @@
- #include <openssl/engine.h>
- #include "internal/evp_int.h"
- #include "evp_locl.h"
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-
- /* This call frees resources associated with the context */
- int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
-@@ -66,6 +69,12 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
- int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
- {
- EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_EVP_DIGESTINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return 0;
-+ }
-+#endif
- #ifndef OPENSSL_NO_ENGINE
- /*
- * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
-@@ -119,6 +128,15 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
- }
- #endif
- if (ctx->digest != type) {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode()) {
-+ if (!(type->flags & EVP_MD_FLAG_FIPS)
-+ && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) {
-+ EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
-+ return 0;
-+ }
-+ }
-+#endif
- if (ctx->digest && ctx->digest->ctx_size) {
- OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
- ctx->md_data = NULL;
-@@ -150,6 +168,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
-
- int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
- {
-+#ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+#endif
-+
- if (count == 0)
- return 1;
-
-@@ -170,6 +192,9 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,
- {
- int ret;
-
-+#ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+#endif
- OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
- ret = ctx->digest->final(ctx, md);
- if (size != NULL)
-diff -up openssl-1.1.1b/crypto/evp/e_aes.c.fips openssl-1.1.1b/crypto/evp/e_aes.c
---- openssl-1.1.1b/crypto/evp/e_aes.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/evp/e_aes.c 2019-05-06 16:32:41.631668333 +0200
-@@ -387,22 +387,33 @@ static int aesni_xts_init_key(EVP_CIPHER
- return 1;
-
- if (key) {
-+ /* The key is two half length keys in reality */
-+ const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
-+ const int bits = bytes * 8;
-+
-+ /*
-+ * Verify that the two keys are different.
-+ *
-+ * This addresses Rogaway's vulnerability.
-+ * See comment in aes_xts_init_key() below.
-+ */
-+ if (memcmp(key, key + bytes, bytes) == 0) {
-+ EVPerr(EVP_F_AESNI_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
-+ return 0;
-+ }
-+
- /* key_len is two AES keys */
- if (enc) {
-- aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
-- &xctx->ks1.ks);
-+ aesni_set_encrypt_key(key, bits, &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) aesni_encrypt;
- xctx->stream = aesni_xts_encrypt;
- } else {
-- aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
-- &xctx->ks1.ks);
-+ aesni_set_decrypt_key(key, bits, &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) aesni_decrypt;
- xctx->stream = aesni_xts_decrypt;
- }
-
-- aesni_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
-- EVP_CIPHER_CTX_key_length(ctx) * 4,
-- &xctx->ks2.ks);
-+ aesni_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks);
- xctx->xts.block2 = (block128_f) aesni_encrypt;
-
- xctx->xts.key1 = &xctx->ks1;
-@@ -791,7 +802,21 @@ static int aes_t4_xts_init_key(EVP_CIPHE
- return 1;
-
- if (key) {
-- int bits = EVP_CIPHER_CTX_key_length(ctx) * 4;
-+ /* The key is two half length keys in reality */
-+ const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
-+ const int bits = bytes * 8;
-+
-+ /*
-+ * Verify that the two keys are different.
-+ *
-+ * This addresses Rogaway's vulnerability.
-+ * See comment in aes_xts_init_key() below.
-+ */
-+ if (memcmp(key, key + bytes, bytes) == 0) {
-+ EVPerr(EVP_F_AES_T4_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
-+ return 0;
-+ }
-+
- xctx->stream = NULL;
- /* key_len is two AES keys */
- if (enc) {
-@@ -808,8 +833,7 @@ static int aes_t4_xts_init_key(EVP_CIPHE
- return 0;
- }
- } else {
-- aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
-- &xctx->ks1.ks);
-+ aes_t4_set_decrypt_key(key, bits, &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) aes_t4_decrypt;
- switch (bits) {
- case 128:
-@@ -823,9 +847,7 @@ static int aes_t4_xts_init_key(EVP_CIPHE
- }
- }
-
-- aes_t4_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
-- EVP_CIPHER_CTX_key_length(ctx) * 4,
-- &xctx->ks2.ks);
-+ aes_t4_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks);
- xctx->xts.block2 = (block128_f) aes_t4_encrypt;
-
- xctx->xts.key1 = &xctx->ks1;
-@@ -2794,9 +2816,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX
- return 1;
- }
-
--BLOCK_CIPHER_generic_pack(NID_aes, 128, 0)
-- BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
-- BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
-+BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS)
-+ BLOCK_CIPHER_generic_pack(NID_aes, 192, EVP_CIPH_FLAG_FIPS)
-+ BLOCK_CIPHER_generic_pack(NID_aes, 256, EVP_CIPH_FLAG_FIPS)
-
- static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
- {
-@@ -2826,6 +2848,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *
- case EVP_CTRL_AEAD_SET_IVLEN:
- if (arg <= 0)
- return 0;
-+# ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)
-+ && arg < 12)
-+ return 0;
-+# endif
- /* Allocate memory for IV if needed */
- if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
- if (gctx->iv != c->iv)
-@@ -3275,11 +3302,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX
- | EVP_CIPH_CUSTOM_COPY)
-
- BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
-- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER |
-+ CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
-- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER |
-+ CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
-- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER |
-+ CUSTOM_FLAGS)
-
- static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
- {
-@@ -3313,8 +3343,33 @@ static int aes_xts_init_key(EVP_CIPHER_C
- if (!iv && !key)
- return 1;
-
-- if (key)
-+ if (key) {
- do {
-+ /* The key is two half length keys in reality */
-+ const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
-+ const int bits = bytes * 8;
-+
-+ /*
-+ * Verify that the two keys are different.
-+ *
-+ * This addresses the vulnerability described in Rogaway's
-+ * September 2004 paper:
-+ *
-+ * "Efficient Instantiations of Tweakable Blockciphers and
-+ * Refinements to Modes OCB and PMAC".
-+ * (http://web.cs.ucdavis.edu/~rogaway/papers/offsets.pdf)
-+ *
-+ * FIPS 140-2 IG A.9 XTS-AES Key Generation Requirements states
-+ * that:
-+ * "The check for Key_1 != Key_2 shall be done at any place
-+ * BEFORE using the keys in the XTS-AES algorithm to process
-+ * data with them."
-+ */
-+ if (memcmp(key, key + bytes, bytes) == 0) {
-+ EVPerr(EVP_F_AES_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
-+ return 0;
-+ }
-+
- #ifdef AES_XTS_ASM
- xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
- #else
-@@ -3324,26 +3379,20 @@ static int aes_xts_init_key(EVP_CIPHER_C
- #ifdef HWAES_CAPABLE
- if (HWAES_CAPABLE) {
- if (enc) {
-- HWAES_set_encrypt_key(key,
-- EVP_CIPHER_CTX_key_length(ctx) * 4,
-- &xctx->ks1.ks);
-+ HWAES_set_encrypt_key(key, bits, &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) HWAES_encrypt;
- # ifdef HWAES_xts_encrypt
- xctx->stream = HWAES_xts_encrypt;
- # endif
- } else {
-- HWAES_set_decrypt_key(key,
-- EVP_CIPHER_CTX_key_length(ctx) * 4,
-- &xctx->ks1.ks);
-+ HWAES_set_decrypt_key(key, bits, &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) HWAES_decrypt;
- # ifdef HWAES_xts_decrypt
- xctx->stream = HWAES_xts_decrypt;
- #endif
- }
-
-- HWAES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
-- EVP_CIPHER_CTX_key_length(ctx) * 4,
-- &xctx->ks2.ks);
-+ HWAES_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks);
- xctx->xts.block2 = (block128_f) HWAES_encrypt;
-
- xctx->xts.key1 = &xctx->ks1;
-@@ -3358,20 +3407,14 @@ static int aes_xts_init_key(EVP_CIPHER_C
- #ifdef VPAES_CAPABLE
- if (VPAES_CAPABLE) {
- if (enc) {
-- vpaes_set_encrypt_key(key,
-- EVP_CIPHER_CTX_key_length(ctx) * 4,
-- &xctx->ks1.ks);
-+ vpaes_set_encrypt_key(key, bits, &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) vpaes_encrypt;
- } else {
-- vpaes_set_decrypt_key(key,
-- EVP_CIPHER_CTX_key_length(ctx) * 4,
-- &xctx->ks1.ks);
-+ vpaes_set_decrypt_key(key, bits, &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) vpaes_decrypt;
- }
-
-- vpaes_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
-- EVP_CIPHER_CTX_key_length(ctx) * 4,
-- &xctx->ks2.ks);
-+ vpaes_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks);
- xctx->xts.block2 = (block128_f) vpaes_encrypt;
-
- xctx->xts.key1 = &xctx->ks1;
-@@ -3381,22 +3424,19 @@ static int aes_xts_init_key(EVP_CIPHER_C
- (void)0; /* terminate potentially open 'else' */
-
- if (enc) {
-- AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
-- &xctx->ks1.ks);
-+ AES_set_encrypt_key(key, bits, &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) AES_encrypt;
- } else {
-- AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
-- &xctx->ks1.ks);
-+ AES_set_decrypt_key(key, bits, &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) AES_decrypt;
- }
-
-- AES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
-- EVP_CIPHER_CTX_key_length(ctx) * 4,
-- &xctx->ks2.ks);
-+ AES_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks);
- xctx->xts.block2 = (block128_f) AES_encrypt;
-
- xctx->xts.key1 = &xctx->ks1;
- } while (0);
-+ }
-
- if (iv) {
- xctx->xts.key2 = &xctx->ks2;
-@@ -3414,6 +3454,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
- return 0;
- if (!out || !in || len < AES_BLOCK_SIZE)
- return 0;
-+# ifdef OPENSSL_FIPS
-+ /* Requirement of SP800-38E */
-+ if (FIPS_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
-+ (len > (1UL << 20) * 16)) {
-+ EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE);
-+ return 0;
-+ }
-+# endif
- if (xctx->stream)
- (*xctx->stream) (in, out, len,
- xctx->xts.key1, xctx->xts.key2,
-@@ -3431,8 +3479,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
- | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
- | EVP_CIPH_CUSTOM_COPY)
-
--BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS)
-- BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
-+BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS,
-+ EVP_CIPH_FLAG_FIPS | XTS_FLAGS)
-+ BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS,
-+ EVP_CIPH_FLAG_FIPS | XTS_FLAGS)
-
- static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
- {
-@@ -3697,11 +3747,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX
- #define aes_ccm_cleanup NULL
-
- BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
-- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
-- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
-- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-
- typedef struct {
- union {
-@@ -3794,7 +3844,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT
- return rv ? (int)rv : -1;
- }
-
--#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE \
-+#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_FLAG_FIPS \
- | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
- | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
-
-diff -up openssl-1.1.1b/crypto/evp/e_des3.c.fips openssl-1.1.1b/crypto/evp/e_des3.c
---- openssl-1.1.1b/crypto/evp/e_des3.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/evp/e_des3.c 2019-02-28 11:30:06.804745707 +0100
-@@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY,
- # define des_ede3_cbc_cipher des_ede_cbc_cipher
- # define des_ede3_ecb_cipher des_ede_ecb_cipher
- BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
-- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
-- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
-+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
-+ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL,
-+ des3_ctrl)
-
- BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
-- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
-- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
-+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
-+ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL,
-+ NULL, des3_ctrl)
-
- BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
-- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
-- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
-+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
-+ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL,
-+ NULL, des3_ctrl)
-
- static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
-diff -up openssl-1.1.1b/crypto/evp/e_null.c.fips openssl-1.1.1b/crypto/evp/e_null.c
---- openssl-1.1.1b/crypto/evp/e_null.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/evp/e_null.c 2019-02-28 11:30:06.805745688 +0100
-@@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c
- const unsigned char *in, size_t inl);
- static const EVP_CIPHER n_cipher = {
- NID_undef,
-- 1, 0, 0, 0,
-+ 1, 0, 0,
-+ EVP_CIPH_FLAG_FIPS,
- null_init_key,
- null_cipher,
- NULL,
-diff -up openssl-1.1.1b/crypto/evp/evp_enc.c.fips openssl-1.1.1b/crypto/evp/evp_enc.c
---- openssl-1.1.1b/crypto/evp/evp_enc.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/evp/evp_enc.c 2019-02-28 11:30:06.805745688 +0100
-@@ -17,10 +17,19 @@
- #include <openssl/engine.h>
- #include "internal/evp_int.h"
- #include "evp_locl.h"
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-
- int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
- {
-- if (c == NULL)
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_EVP_CIPHER_CTX_RESET, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return 0;
-+ }
-+#endif
-+ if (c == NULL)
- return 1;
- if (c->cipher != NULL) {
- if (c->cipher->cleanup && !c->cipher->cleanup(c))
-@@ -39,6 +48,12 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX
-
- EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
- {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_EVP_CIPHER_CTX_NEW, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return NULL;
-+ }
-+#endif
- return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
- }
-
-@@ -67,6 +82,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
- enc = 1;
- ctx->encrypt = enc;
- }
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_EVP_CIPHERINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return 0;
-+ }
-+#endif
- #ifndef OPENSSL_NO_ENGINE
- /*
- * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
-@@ -136,7 +157,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
- }
- ctx->key_len = cipher->key_len;
- /* Preserve wrap enable flag, zero everything else */
-- ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
-+ ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW | EVP_CIPH_FLAG_NON_FIPS_ALLOW;
- if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
- ctx->cipher = NULL;
-@@ -195,6 +216,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
- return 0;
- }
- }
-+#ifdef OPENSSL_FIPS
-+ /* After 'key' is set no further parameters changes are permissible.
-+ * So only check for non FIPS enabling at this point.
-+ */
-+ if (key && FIPS_mode()) {
-+ if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
-+ & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) {
-+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS);
-+ return 0;
-+ }
-+ }
-+#endif
-
- if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
- if (!ctx->cipher->init(ctx, key, iv, enc))
-diff -up openssl-1.1.1b/crypto/evp/evp_err.c.fips openssl-1.1.1b/crypto/evp/evp_err.c
---- openssl-1.1.1b/crypto/evp/evp_err.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/evp/evp_err.c 2019-05-06 16:41:08.565739361 +0200
-@@ -15,11 +15,16 @@
-
- static const ERR_STRING_DATA EVP_str_functs[] = {
- {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_INIT_KEY, 0), "aesni_init_key"},
-+ {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_XTS_INIT_KEY, 0), "aesni_xts_init_key"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_GCM_CTRL, 0), "aes_gcm_ctrl"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_INIT_KEY, 0), "aes_init_key"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"},
-+ {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_XTS_INIT_KEY, 0),
-+ "aes_t4_xts_init_key"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"},
-+ {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_CIPHER, 0), "aes_xts_cipher"},
-+ {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_INIT_KEY, 0), "aes_xts_init_key"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"},
- {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_CTRL, 0), "aria_gcm_ctrl"},
-@@ -179,6 +180,7 @@ static const ERR_STRING_DATA EVP_str_rea
- "different key types"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS),
- "different parameters"},
-+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DISABLED_FOR_FIPS), "disabled for FIPS"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION),
- "error loading section"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE),
-@@ -241,6 +243,7 @@ static const ERR_STRING_DATA EVP_str_rea
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR),
- "private key encode error"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
-+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_TOO_LARGE), "too large"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"},
-@@ -266,6 +269,10 @@ static const ERR_STRING_DATA EVP_str_rea
- "wrap mode not allowed"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH),
- "wrong final block length"},
-+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE),
-+ "xts data unit is too large"},
-+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS),
-+ "xts duplicated keys"},
- {0, NULL}
- };
-
-diff -up openssl-1.1.1b/crypto/evp/evp_lib.c.fips openssl-1.1.1b/crypto/evp/evp_lib.c
---- openssl-1.1.1b/crypto/evp/evp_lib.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/evp/evp_lib.c 2019-02-28 11:30:06.806745670 +0100
-@@ -192,6 +192,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C
- int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
- {
-+#ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+#endif
- return ctx->cipher->do_cipher(ctx, out, in, inl);
- }
-
-diff -up openssl-1.1.1b/crypto/evp/m_sha1.c.fips openssl-1.1.1b/crypto/evp/m_sha1.c
---- openssl-1.1.1b/crypto/evp/m_sha1.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/evp/m_sha1.c 2019-02-28 11:30:06.806745670 +0100
-@@ -95,7 +95,7 @@ static const EVP_MD sha1_md = {
- NID_sha1,
- NID_sha1WithRSAEncryption,
- SHA_DIGEST_LENGTH,
-- EVP_MD_FLAG_DIGALGID_ABSENT,
-+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS,
- init,
- update,
- final,
-@@ -145,7 +145,7 @@ static const EVP_MD sha224_md = {
- NID_sha224,
- NID_sha224WithRSAEncryption,
- SHA224_DIGEST_LENGTH,
-- EVP_MD_FLAG_DIGALGID_ABSENT,
-+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS,
- init224,
- update224,
- final224,
-@@ -164,7 +164,7 @@ static const EVP_MD sha256_md = {
- NID_sha256,
- NID_sha256WithRSAEncryption,
- SHA256_DIGEST_LENGTH,
-- EVP_MD_FLAG_DIGALGID_ABSENT,
-+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS,
- init256,
- update256,
- final256,
-@@ -224,7 +224,7 @@ static const EVP_MD sha512_224_md = {
- NID_sha512_224,
- NID_sha512_224WithRSAEncryption,
- SHA224_DIGEST_LENGTH,
-- EVP_MD_FLAG_DIGALGID_ABSENT,
-+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS,
- init512_224,
- update512,
- final512,
-@@ -243,7 +243,7 @@ static const EVP_MD sha512_256_md = {
- NID_sha512_256,
- NID_sha512_256WithRSAEncryption,
- SHA256_DIGEST_LENGTH,
-- EVP_MD_FLAG_DIGALGID_ABSENT,
-+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS,
- init512_256,
- update512,
- final512,
-@@ -262,7 +262,7 @@ static const EVP_MD sha384_md = {
- NID_sha384,
- NID_sha384WithRSAEncryption,
- SHA384_DIGEST_LENGTH,
-- EVP_MD_FLAG_DIGALGID_ABSENT,
-+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS,
- init384,
- update384,
- final384,
-@@ -281,7 +281,7 @@ static const EVP_MD sha512_md = {
- NID_sha512,
- NID_sha512WithRSAEncryption,
- SHA512_DIGEST_LENGTH,
-- EVP_MD_FLAG_DIGALGID_ABSENT,
-+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS,
- init512,
- update512,
- final512,
-diff -up openssl-1.1.1b/crypto/evp/m_sha3.c.fips openssl-1.1.1b/crypto/evp/m_sha3.c
---- openssl-1.1.1b/crypto/evp/m_sha3.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/evp/m_sha3.c 2019-05-06 16:12:23.012851747 +0200
-@@ -292,7 +292,7 @@ const EVP_MD *EVP_sha3_##bitlen(void)
- NID_sha3_##bitlen, \
- NID_RSA_SHA3_##bitlen, \
- bitlen / 8, \
-- EVP_MD_FLAG_DIGALGID_ABSENT, \
-+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, \
- s390x_sha3_init, \
- s390x_sha3_update, \
- s390x_sha3_final, \
-@@ -305,7 +305,7 @@ const EVP_MD *EVP_sha3_##bitlen(void)
- NID_sha3_##bitlen, \
- NID_RSA_SHA3_##bitlen, \
- bitlen / 8, \
-- EVP_MD_FLAG_DIGALGID_ABSENT, \
-+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, \
- sha3_init, \
- sha3_update, \
- sha3_final, \
-@@ -326,7 +326,7 @@ const EVP_MD *EVP_shake##bitlen(void)
- NID_shake##bitlen, \
- 0, \
- bitlen / 8, \
-- EVP_MD_FLAG_XOF, \
-+ EVP_MD_FLAG_XOF | EVP_MD_FLAG_FIPS, \
- s390x_shake_init, \
- s390x_sha3_update, \
- s390x_shake_final, \
-@@ -340,7 +340,7 @@ const EVP_MD *EVP_shake##bitlen(void)
- NID_shake##bitlen, \
- 0, \
- bitlen / 8, \
-- EVP_MD_FLAG_XOF, \
-+ EVP_MD_FLAG_XOF | EVP_MD_FLAG_FIPS, \
- shake_init, \
- sha3_update, \
- sha3_final, \
-@@ -364,7 +364,7 @@ const EVP_MD *EVP_sha3_##bitlen(void)
- NID_sha3_##bitlen, \
- NID_RSA_SHA3_##bitlen, \
- bitlen / 8, \
-- EVP_MD_FLAG_DIGALGID_ABSENT, \
-+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, \
- sha3_init, \
- sha3_update, \
- sha3_final, \
-@@ -383,7 +383,7 @@ const EVP_MD *EVP_shake##bitlen(void)
- NID_shake##bitlen, \
- 0, \
- bitlen / 8, \
-- EVP_MD_FLAG_XOF, \
-+ EVP_MD_FLAG_XOF | EVP_MD_FLAG_FIPS, \
- shake_init, \
- sha3_update, \
- sha3_final, \
-diff -up openssl-1.1.1b/crypto/evp/pmeth_lib.c.fips openssl-1.1.1b/crypto/evp/pmeth_lib.c
---- openssl-1.1.1b/crypto/evp/pmeth_lib.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/evp/pmeth_lib.c 2019-05-06 15:11:33.207095983 +0200
-@@ -131,7 +131,15 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKE
- pmeth = ENGINE_get_pkey_meth(e, id);
- else
- #endif
-+ {
- pmeth = EVP_PKEY_meth_find(id);
-+#ifdef OPENSSL_FIPS
-+ if (pmeth && !(pmeth->flags & EVP_PKEY_FLAG_FIPS) && FIPS_mode()) {
-+ EVPerr(EVP_F_INT_CTX_NEW, EVP_R_DISABLED_FOR_FIPS);
-+ return NULL;
-+ }
-+#endif
-+ }
-
- if (pmeth == NULL) {
- #ifndef OPENSSL_NO_ENGINE
-diff -up openssl-1.1.1b/crypto/fips/build.info.fips openssl-1.1.1b/crypto/fips/build.info
---- openssl-1.1.1b/crypto/fips/build.info.fips 2019-02-28 11:30:06.806745670 +0100
-+++ openssl-1.1.1b/crypto/fips/build.info 2019-02-28 11:30:06.806745670 +0100
-@@ -0,0 +1,15 @@
-+LIBS=../../libcrypto
-+SOURCE[../../libcrypto]=\
-+ fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c \
-+ fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c \
-+ fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
-+ fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
-+ fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
-+ fips_dh_selftest.c fips_ers.c
-+
-+PROGRAMS_NO_INST=\
-+ fips_standalone_hmac
-+
-+SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c
-+INCLUDE[fips_standalone_hmac]=../../include
-+DEPEND[fips_standalone_hmac]=../../libcrypto
-diff -up openssl-1.1.1b/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_aes_selftest.c
---- openssl-1.1.1b/crypto/fips/fips_aes_selftest.c.fips 2019-02-28 11:30:06.807745651 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_aes_selftest.c 2019-02-28 11:30:06.807745651 +0100
-@@ -0,0 +1,372 @@
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+# include "internal/fips_int.h"
-+#endif
-+
-+#ifdef OPENSSL_FIPS
-+static const struct {
-+ const unsigned char key[16];
-+ const unsigned char plaintext[16];
-+ const unsigned char ciphertext[16];
-+} tests[] = {
-+ {
-+ {
-+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}, {
-+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-+ 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF}, {
-+0x69, 0xC4, 0xE0, 0xD8, 0x6A, 0x7B, 0x04, 0x30,
-+ 0xD8, 0xCD, 0xB7, 0x80, 0x70, 0xB4, 0xC5, 0x5A},},};
-+
-+int FIPS_selftest_aes()
-+{
-+ int n;
-+ int ret = 0;
-+ EVP_CIPHER_CTX *ctx;
-+
-+ ctx = EVP_CIPHER_CTX_new();
-+ if (ctx == NULL)
-+ goto err;
-+
-+ for (n = 0; n < 1; ++n) {
-+ unsigned char key[16];
-+
-+ memcpy(key, tests[n].key, sizeof(key));
-+ if (fips_cipher_test(ctx, EVP_aes_128_ecb(),
-+ key, NULL,
-+ tests[n].plaintext,
-+ tests[n].ciphertext, 16) <= 0)
-+ goto err;
-+ }
-+ ret = 1;
-+ err:
-+ EVP_CIPHER_CTX_free(ctx);
-+ if (ret == 0)
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES, FIPS_R_SELFTEST_FAILED);
-+ return ret;
-+}
-+
-+/* AES-CCM test data from NIST public test vectors */
-+
-+static const unsigned char ccm_key[] = {
-+ 0xce, 0xb0, 0x09, 0xae, 0xa4, 0x45, 0x44, 0x51, 0xfe, 0xad, 0xf0, 0xe6,
-+ 0xb3, 0x6f, 0x45, 0x55, 0x5d, 0xd0, 0x47, 0x23, 0xba, 0xa4, 0x48, 0xe8
-+};
-+
-+static const unsigned char ccm_nonce[] = {
-+ 0x76, 0x40, 0x43, 0xc4, 0x94, 0x60, 0xb7
-+};
-+
-+static const unsigned char ccm_adata[] = {
-+ 0x6e, 0x80, 0xdd, 0x7f, 0x1b, 0xad, 0xf3, 0xa1, 0xc9, 0xab, 0x25, 0xc7,
-+ 0x5f, 0x10, 0xbd, 0xe7, 0x8c, 0x23, 0xfa, 0x0e, 0xb8, 0xf9, 0xaa, 0xa5,
-+ 0x3a, 0xde, 0xfb, 0xf4, 0xcb, 0xf7, 0x8f, 0xe4
-+};
-+
-+static const unsigned char ccm_pt[] = {
-+ 0xc8, 0xd2, 0x75, 0xf9, 0x19, 0xe1, 0x7d, 0x7f, 0xe6, 0x9c, 0x2a, 0x1f,
-+ 0x58, 0x93, 0x9d, 0xfe, 0x4d, 0x40, 0x37, 0x91, 0xb5, 0xdf, 0x13, 0x10
-+};
-+
-+static const unsigned char ccm_ct[] = {
-+ 0x8a, 0x0f, 0x3d, 0x82, 0x29, 0xe4, 0x8e, 0x74, 0x87, 0xfd, 0x95, 0xa2,
-+ 0x8a, 0xd3, 0x92, 0xc8, 0x0b, 0x36, 0x81, 0xd4, 0xfb, 0xc7, 0xbb, 0xfd
-+};
-+
-+static const unsigned char ccm_tag[] = {
-+ 0x2d, 0xd6, 0xef, 0x1c, 0x45, 0xd4, 0xcc, 0xb7, 0x23, 0xdc, 0x07, 0x44,
-+ 0x14, 0xdb, 0x50, 0x6d
-+};
-+
-+int FIPS_selftest_aes_ccm(void)
-+{
-+ int ret = 0;
-+ unsigned char out[128], tag[16];
-+ EVP_CIPHER_CTX *ctx;
-+
-+ ctx = EVP_CIPHER_CTX_new();
-+ if (ctx == NULL)
-+ goto err;
-+
-+ memset(out, 0, sizeof(out));
-+ if (!EVP_CipherInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 1))
-+ goto err;
-+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN,
-+ sizeof(ccm_nonce), NULL))
-+ goto err;
-+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG,
-+ sizeof(ccm_tag), NULL))
-+ goto err;
-+ if (!EVP_CipherInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce, 1))
-+ goto err;
-+ if (EVP_Cipher(ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt))
-+ goto err;
-+ if (EVP_Cipher(ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
-+ goto err;
-+ if (EVP_Cipher(ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct))
-+ goto err;
-+
-+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, 16, tag))
-+ goto err;
-+ if (memcmp(tag, ccm_tag, sizeof(ccm_tag))
-+ || memcmp(out, ccm_ct, sizeof(ccm_ct)))
-+ goto err;
-+
-+ memset(out, 0, sizeof(out));
-+
-+ if (!EVP_CipherInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 0))
-+ goto err;
-+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN,
-+ sizeof(ccm_nonce), NULL))
-+ goto err;
-+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, 16, tag))
-+ goto err;
-+ if (!EVP_CipherInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce, 0))
-+ goto err;
-+ if (EVP_Cipher(ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct))
-+ goto err;
-+ if (EVP_Cipher(ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
-+ goto err;
-+ if (EVP_Cipher(ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt))
-+ goto err;
-+
-+ if (memcmp(out, ccm_pt, sizeof(ccm_pt)))
-+ goto err;
-+
-+ ret = 1;
-+
-+ err:
-+ EVP_CIPHER_CTX_free(ctx);
-+
-+ if (ret == 0) {
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ } else
-+ return ret;
-+
-+}
-+
-+/* AES-GCM test data from NIST public test vectors */
-+
-+static const unsigned char gcm_key[] = {
-+ 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66,
-+ 0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
-+ 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f
-+};
-+
-+static const unsigned char gcm_iv[] = {
-+ 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84
-+};
-+
-+static const unsigned char gcm_pt[] = {
-+ 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, 0xeb, 0x31, 0xb2, 0xea,
-+ 0xcc, 0x2b, 0xf2, 0xa5
-+};
-+
-+static const unsigned char gcm_aad[] = {
-+ 0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, 0xdb, 0x37, 0x0c, 0x43,
-+ 0x7f, 0xec, 0x78, 0xde
-+};
-+
-+static const unsigned char gcm_ct[] = {
-+ 0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, 0xd5, 0x36, 0x86, 0x7e,
-+ 0xb9, 0xf2, 0x17, 0x36
-+};
-+
-+static const unsigned char gcm_tag[] = {
-+ 0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, 0xd7, 0x37, 0xee, 0x62,
-+ 0x98, 0xf7, 0x7e, 0x0c
-+};
-+
-+int FIPS_selftest_aes_gcm(void)
-+{
-+ int ret = 0;
-+ unsigned char out[128], tag[16];
-+ EVP_CIPHER_CTX *ctx;
-+
-+ ctx = EVP_CIPHER_CTX_new();
-+ if (ctx == NULL)
-+ goto err;
-+
-+ memset(out, 0, sizeof(out));
-+ memset(tag, 0, sizeof(tag));
-+ if (!EVP_CipherInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 1))
-+ goto err;
-+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
-+ sizeof(gcm_iv), NULL))
-+ goto err;
-+ if (!EVP_CipherInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv, 1))
-+ goto err;
-+ if (EVP_Cipher(ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
-+ goto err;
-+ if (EVP_Cipher(ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct))
-+ goto err;
-+ if (EVP_Cipher(ctx, NULL, NULL, 0) < 0)
-+ goto err;
-+
-+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
-+ goto err;
-+
-+ if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
-+ goto err;
-+
-+ memset(out, 0, sizeof(out));
-+
-+ if (!EVP_CipherInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 0))
-+ goto err;
-+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
-+ sizeof(gcm_iv), NULL))
-+ goto err;
-+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
-+ goto err;
-+ if (!EVP_CipherInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv, 0))
-+ goto err;
-+ if (EVP_Cipher(ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
-+ goto err;
-+ if (EVP_Cipher(ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt))
-+ goto err;
-+ if (EVP_Cipher(ctx, NULL, NULL, 0) < 0)
-+ goto err;
-+
-+ if (memcmp(out, gcm_pt, 16))
-+ goto err;
-+
-+ ret = 1;
-+
-+ err:
-+ EVP_CIPHER_CTX_free(ctx);
-+
-+ if (ret == 0) {
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ } else
-+ return ret;
-+
-+}
-+
-+static const unsigned char XTS_128_key[] = {
-+ 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35, 0x3b, 0x2c, 0x34, 0x38,
-+ 0x76, 0x08, 0x17, 0x62, 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
-+ 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
-+};
-+
-+static const unsigned char XTS_128_i[] = {
-+ 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, 0x6e, 0x4b, 0x92, 0x01,
-+ 0x3e, 0x76, 0x8a, 0xd5
-+};
-+
-+static const unsigned char XTS_128_pt[] = {
-+ 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, 0x6f, 0xb3, 0x50, 0x39,
-+ 0x07, 0x90, 0x31, 0x1c
-+};
-+
-+static const unsigned char XTS_128_ct[] = {
-+ 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a, 0x82, 0x50, 0x81, 0xd5,
-+ 0xbe, 0x47, 0x1c, 0x63
-+};
-+
-+static const unsigned char XTS_256_key[] = {
-+ 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e, 0x48, 0x01, 0xe4, 0x2f,
-+ 0x4b, 0x09, 0x47, 0x14, 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
-+ 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c, 0xd6, 0xe1, 0x3f, 0xfd,
-+ 0xf2, 0x41, 0x8d, 0x8d, 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
-+ 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58, 0x31, 0x8e, 0xea, 0x39,
-+ 0x2c, 0xf4, 0x1b, 0x08
-+};
-+
-+static const unsigned char XTS_256_i[] = {
-+ 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2, 0xf0, 0x42, 0x8e, 0x84,
-+ 0xa9, 0xf8, 0x75, 0x64
-+};
-+
-+static const unsigned char XTS_256_pt[] = {
-+ 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1, 0xac, 0xc6, 0x47, 0xe8,
-+ 0x10, 0xbb, 0xc3, 0x64, 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
-+ 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e
-+};
-+
-+static const unsigned char XTS_256_ct[] = {
-+ 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5, 0x0b, 0x37, 0xf9, 0x34,
-+ 0xd4, 0x6a, 0x9b, 0x13, 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
-+ 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb
-+};
-+
-+int FIPS_selftest_aes_xts()
-+{
-+ int ret = 1;
-+ EVP_CIPHER_CTX *ctx;
-+
-+ ctx = EVP_CIPHER_CTX_new();
-+ if (ctx == NULL)
-+ goto err;
-+
-+ if (fips_cipher_test(ctx, EVP_aes_128_xts(),
-+ XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct,
-+ sizeof(XTS_128_pt)) <= 0)
-+ ret = 0;
-+
-+ if (fips_cipher_test(ctx, EVP_aes_256_xts(),
-+ XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct,
-+ sizeof(XTS_256_pt)) <= 0)
-+ ret = 0;
-+
-+ EVP_CIPHER_CTX_free(ctx);
-+
-+ err:
-+ if (ret == 0)
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS, FIPS_R_SELFTEST_FAILED);
-+ return ret;
-+}
-+
-+#endif
-diff -up openssl-1.1.1b/crypto/fips/fips.c.fips openssl-1.1.1b/crypto/fips/fips.c
---- openssl-1.1.1b/crypto/fips/fips.c.fips 2019-02-28 11:30:06.807745651 +0100
-+++ openssl-1.1.1b/crypto/fips/fips.c 2019-02-28 11:30:06.807745651 +0100
-@@ -0,0 +1,526 @@
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#define _GNU_SOURCE
-+
-+#include <openssl/rand.h>
-+#include <openssl/fips_rand.h>
-+#include <openssl/err.h>
-+#include <openssl/bio.h>
-+#include <openssl/hmac.h>
-+#include <openssl/rsa.h>
-+#include <string.h>
-+#include <limits.h>
-+#include <dlfcn.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <unistd.h>
-+#include <errno.h>
-+#include "fips_locl.h"
-+
-+#ifdef OPENSSL_FIPS
-+
-+# include <openssl/fips.h>
-+# include "internal/thread_once.h"
-+
-+# ifndef PATH_MAX
-+# define PATH_MAX 1024
-+# endif
-+
-+static int fips_selftest_fail = 0;
-+static int fips_mode = 0;
-+static int fips_started = 0;
-+
-+static int fips_is_owning_thread(void);
-+static int fips_set_owning_thread(void);
-+static int fips_clear_owning_thread(void);
-+
-+static CRYPTO_RWLOCK *fips_lock = NULL;
-+static CRYPTO_RWLOCK *fips_owning_lock = NULL;
-+static CRYPTO_ONCE fips_lock_init = CRYPTO_ONCE_STATIC_INIT;
-+
-+DEFINE_RUN_ONCE_STATIC(do_fips_lock_init)
-+{
-+ fips_lock = CRYPTO_THREAD_lock_new();
-+ fips_owning_lock = CRYPTO_THREAD_lock_new();
-+ return fips_lock != NULL && fips_owning_lock != NULL;
-+}
-+
-+# define fips_w_lock() CRYPTO_THREAD_write_lock(fips_lock)
-+# define fips_w_unlock() CRYPTO_THREAD_unlock(fips_lock)
-+# define fips_r_lock() CRYPTO_THREAD_read_lock(fips_lock)
-+# define fips_r_unlock() CRYPTO_THREAD_unlock(fips_lock)
-+
-+static void fips_set_mode(int onoff)
-+{
-+ int owning_thread = fips_is_owning_thread();
-+
-+ if (fips_started) {
-+ if (!owning_thread)
-+ fips_w_lock();
-+ fips_mode = onoff;
-+ if (!owning_thread)
-+ fips_w_unlock();
-+ }
-+}
-+
-+int FIPS_module_mode(void)
-+{
-+ int ret = 0;
-+ int owning_thread = fips_is_owning_thread();
-+
-+ if (fips_started) {
-+ if (!owning_thread)
-+ fips_r_lock();
-+ ret = fips_mode;
-+ if (!owning_thread)
-+ fips_r_unlock();
-+ }
-+ return ret;
-+}
-+
-+/* just a compat symbol - return NULL */
-+int FIPS_selftest_failed(void)
-+{
-+ int ret = 0;
-+ if (fips_started) {
-+ int owning_thread = fips_is_owning_thread();
-+
-+ if (!owning_thread)
-+ fips_r_lock();
-+ ret = fips_selftest_fail;
-+ if (!owning_thread)
-+ fips_r_unlock();
-+ }
-+ return ret;
-+}
-+
-+/* Selftest failure fatal exit routine. This will be called
-+ * during *any* cryptographic operation. It has the minimum
-+ * overhead possible to avoid too big a performance hit.
-+ */
-+
-+void FIPS_selftest_check(void)
-+{
-+ if (fips_selftest_fail) {
-+ OpenSSLDie(__FILE__, __LINE__, "FATAL FIPS SELFTEST FAILURE");
-+ }
-+}
-+
-+void fips_set_selftest_fail(void)
-+{
-+ fips_selftest_fail = 1;
-+}
-+
-+/* we implement what libfipscheck does ourselves */
-+
-+static int
-+get_library_path(const char *libname, const char *symbolname, char *path,
-+ size_t pathlen)
-+{
-+ Dl_info info;
-+ void *dl, *sym;
-+ int rv = -1;
-+
-+ dl = dlopen(libname, RTLD_LAZY);
-+ if (dl == NULL) {
-+ return -1;
-+ }
-+
-+ sym = dlsym(dl, symbolname);
-+
-+ if (sym != NULL && dladdr(sym, &info)) {
-+ strncpy(path, info.dli_fname, pathlen - 1);
-+ path[pathlen - 1] = '\0';
-+ rv = 0;
-+ }
-+
-+ dlclose(dl);
-+
-+ return rv;
-+}
-+
-+static const char conv[] = "0123456789abcdef";
-+
-+static char *bin2hex(void *buf, size_t len)
-+{
-+ char *hex, *p;
-+ unsigned char *src = buf;
-+
-+ hex = malloc(len * 2 + 1);
-+ if (hex == NULL)
-+ return NULL;
-+
-+ p = hex;
-+
-+ while (len > 0) {
-+ unsigned c;
-+
-+ c = *src;
-+ src++;
-+
-+ *p = conv[c >> 4];
-+ ++p;
-+ *p = conv[c & 0x0f];
-+ ++p;
-+ --len;
-+ }
-+ *p = '\0';
-+ return hex;
-+}
-+
-+# define HMAC_PREFIX "."
-+# ifndef HMAC_SUFFIX
-+# define HMAC_SUFFIX ".hmac"
-+# endif
-+# define READ_BUFFER_LENGTH 16384
-+
-+static char *make_hmac_path(const char *origpath)
-+{
-+ char *path, *p;
-+ const char *fn;
-+
-+ path =
-+ malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath));
-+ if (path == NULL) {
-+ return NULL;
-+ }
-+
-+ fn = strrchr(origpath, '/');
-+ if (fn == NULL) {
-+ fn = origpath;
-+ } else {
-+ ++fn;
-+ }
-+
-+ strncpy(path, origpath, fn - origpath);
-+ p = path + (fn - origpath);
-+ p = stpcpy(p, HMAC_PREFIX);
-+ p = stpcpy(p, fn);
-+ p = stpcpy(p, HMAC_SUFFIX);
-+
-+ return path;
-+}
-+
-+static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
-+
-+static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
-+{
-+ FILE *f = NULL;
-+ int rv = -1;
-+ unsigned char rbuf[READ_BUFFER_LENGTH];
-+ size_t len;
-+ unsigned int hlen;
-+ HMAC_CTX *c;
-+
-+ c = HMAC_CTX_new();
-+ if (c == NULL)
-+ return rv;
-+
-+ f = fopen(path, "r");
-+
-+ if (f == NULL) {
-+ goto end;
-+ }
-+
-+ if (HMAC_Init_ex(c, hmackey, sizeof(hmackey) - 1, EVP_sha256(), NULL) <= 0) {
-+ goto end;
-+ }
-+
-+ while ((len = fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
-+ if (HMAC_Update(c, rbuf, len) <= 0) {
-+ goto end;
-+ }
-+ }
-+
-+ len = sizeof(rbuf);
-+ /* reuse rbuf for hmac */
-+ if (HMAC_Final(c, rbuf, &hlen) <= 0) {
-+ goto end;
-+ }
-+
-+ *buf = malloc(hlen);
-+ if (*buf == NULL) {
-+ goto end;
-+ }
-+
-+ *hmaclen = hlen;
-+
-+ memcpy(*buf, rbuf, hlen);
-+
-+ rv = 0;
-+ end:
-+ HMAC_CTX_free(c);
-+
-+ if (f)
-+ fclose(f);
-+
-+ return rv;
-+}
-+
-+static int FIPSCHECK_verify(const char *path)
-+{
-+ int rv = 0;
-+ FILE *hf;
-+ char *hmacpath, *p;
-+ char *hmac = NULL;
-+ size_t n;
-+
-+ hmacpath = make_hmac_path(path);
-+ if (hmacpath == NULL)
-+ return 0;
-+
-+ hf = fopen(hmacpath, "r");
-+ if (hf == NULL) {
-+ free(hmacpath);
-+ return 0;
-+ }
-+
-+ if (getline(&hmac, &n, hf) > 0) {
-+ void *buf;
-+ size_t hmaclen;
-+ char *hex;
-+
-+ if ((p = strchr(hmac, '\n')) != NULL)
-+ *p = '\0';
-+
-+ if (compute_file_hmac(path, &buf, &hmaclen) < 0) {
-+ rv = -4;
-+ goto end;
-+ }
-+
-+ if ((hex = bin2hex(buf, hmaclen)) == NULL) {
-+ free(buf);
-+ rv = -5;
-+ goto end;
-+ }
-+
-+ if (strcmp(hex, hmac) != 0) {
-+ rv = -1;
-+ }
-+ free(buf);
-+ free(hex);
-+ } else {
-+ rv = -1;
-+ }
-+
-+ end:
-+ free(hmac);
-+ free(hmacpath);
-+ fclose(hf);
-+
-+ if (rv < 0)
-+ return 0;
-+
-+ /* check successful */
-+ return 1;
-+}
-+
-+static int verify_checksums(void)
-+{
-+ int rv;
-+ char path[PATH_MAX + 1];
-+ char *p;
-+
-+ /* we need to avoid dlopening libssl, assume both libcrypto and libssl
-+ are in the same directory */
-+
-+ rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER,
-+ "FIPS_mode_set", path, sizeof(path));
-+ if (rv < 0)
-+ return 0;
-+
-+ rv = FIPSCHECK_verify(path);
-+ if (!rv)
-+ return 0;
-+
-+ /* replace libcrypto with libssl */
-+ while ((p = strstr(path, "libcrypto.so")) != NULL) {
-+ p = stpcpy(p, "libssl");
-+ memmove(p, p + 3, strlen(p + 2));
-+ }
-+
-+ rv = FIPSCHECK_verify(path);
-+ if (!rv)
-+ return 0;
-+ return 1;
-+}
-+
-+# ifndef FIPS_MODULE_PATH
-+# define FIPS_MODULE_PATH "/etc/system-fips"
-+# endif
-+
-+int FIPS_module_installed(void)
-+{
-+ int rv;
-+ rv = access(FIPS_MODULE_PATH, F_OK);
-+ if (rv < 0 && errno != ENOENT)
-+ rv = 0;
-+
-+ /* Installed == true */
-+ return !rv;
-+}
-+
-+int FIPS_module_mode_set(int onoff)
-+{
-+ int ret = 0;
-+
-+ if (!RUN_ONCE(&fips_lock_init, do_fips_lock_init))
-+ return 0;
-+
-+ fips_w_lock();
-+ fips_started = 1;
-+ fips_set_owning_thread();
-+
-+ if (onoff) {
-+
-+ fips_selftest_fail = 0;
-+
-+ /* Don't go into FIPS mode twice, just so we can do automagic
-+ seeding */
-+ if (FIPS_module_mode()) {
-+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
-+ FIPS_R_FIPS_MODE_ALREADY_SET);
-+ fips_selftest_fail = 1;
-+ ret = 0;
-+ goto end;
-+ }
-+# ifdef OPENSSL_IA32_SSE2
-+ {
-+ extern unsigned int OPENSSL_ia32cap_P[2];
-+ if ((OPENSSL_ia32cap_P[0] & (1 << 25 | 1 << 26)) !=
-+ (1 << 25 | 1 << 26)) {
-+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
-+ FIPS_R_UNSUPPORTED_PLATFORM);
-+ fips_selftest_fail = 1;
-+ ret = 0;
-+ goto end;
-+ }
-+ }
-+# endif
-+
-+ if (!FIPS_selftest()) {
-+ fips_selftest_fail = 1;
-+ ret = 0;
-+ goto end;
-+ }
-+
-+ if (!verify_checksums()) {
-+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
-+ FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
-+ fips_selftest_fail = 1;
-+ ret = 0;
-+ goto end;
-+ }
-+
-+ fips_set_mode(onoff);
-+ ret = 1;
-+ goto end;
-+ }
-+ fips_set_mode(0);
-+ fips_selftest_fail = 0;
-+ ret = 1;
-+ end:
-+ fips_clear_owning_thread();
-+ fips_w_unlock();
-+ return ret;
-+}
-+
-+static CRYPTO_THREAD_ID fips_threadid;
-+static int fips_thread_set = 0;
-+
-+static int fips_is_owning_thread(void)
-+{
-+ int ret = 0;
-+
-+ if (fips_started) {
-+ CRYPTO_THREAD_read_lock(fips_owning_lock);
-+ if (fips_thread_set) {
-+ CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id();
-+ if (CRYPTO_THREAD_compare_id(fips_threadid, cur))
-+ ret = 1;
-+ }
-+ CRYPTO_THREAD_unlock(fips_owning_lock);
-+ }
-+ return ret;
-+}
-+
-+int fips_set_owning_thread(void)
-+{
-+ int ret = 0;
-+
-+ if (fips_started) {
-+ CRYPTO_THREAD_write_lock(fips_owning_lock);
-+ if (!fips_thread_set) {
-+ fips_threadid = CRYPTO_THREAD_get_current_id();
-+ ret = 1;
-+ fips_thread_set = 1;
-+ }
-+ CRYPTO_THREAD_unlock(fips_owning_lock);
-+ }
-+ return ret;
-+}
-+
-+int fips_clear_owning_thread(void)
-+{
-+ int ret = 0;
-+
-+ if (fips_started) {
-+ CRYPTO_THREAD_write_lock(fips_owning_lock);
-+ if (fips_thread_set) {
-+ CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id();
-+ if (CRYPTO_THREAD_compare_id(fips_threadid, cur))
-+ fips_thread_set = 0;
-+ }
-+ CRYPTO_THREAD_unlock(fips_owning_lock);
-+ }
-+ return ret;
-+}
-+
-+#endif
-diff -up openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c
---- openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c.fips 2019-02-28 11:30:06.808745633 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c 2019-02-28 11:30:06.808745633 +0100
-@@ -0,0 +1,156 @@
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/err.h>
-+#include <openssl/fips.h>
-+#include "internal/fips_int.h"
-+#include <openssl/cmac.h>
-+#include "fips_locl.h"
-+
-+#ifdef OPENSSL_FIPS
-+typedef struct {
-+ int nid;
-+ const unsigned char key[EVP_MAX_KEY_LENGTH];
-+ size_t keysize;
-+ const unsigned char msg[64];
-+ size_t msgsize;
-+ const unsigned char mac[32];
-+ size_t macsize;
-+} CMAC_KAT;
-+
-+/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */
-+static const CMAC_KAT vector[] = {
-+ {NID_aes_128_cbc, /* Count = 32 from CMACGenAES128.txt */
-+ {0x77, 0xa7, 0x7f, 0xaf, 0x29, 0x0c, 0x1f, 0xa3,
-+ 0x0c, 0x68, 0x3d, 0xf1, 0x6b, 0xa7, 0xa7, 0x7b,}, 128,
-+ {0x02, 0x06, 0x83, 0xe1, 0xf0, 0x39, 0x2f, 0x4c,
-+ 0xac, 0x54, 0x31, 0x8b, 0x60, 0x29, 0x25, 0x9e,
-+ 0x9c, 0x55, 0x3d, 0xbc, 0x4b, 0x6a, 0xd9, 0x98,
-+ 0xe6, 0x4d, 0x58, 0xe4, 0xe7, 0xdc, 0x2e, 0x13,}, 256,
-+ {0xfb, 0xfe, 0xa4, 0x1b,}, 32},
-+ {NID_aes_192_cbc, /* Count = 23 from CMACGenAES192.txt */
-+ {0x7b, 0x32, 0x39, 0x13, 0x69, 0xaa, 0x4c, 0xa9,
-+ 0x75, 0x58, 0x09, 0x5b, 0xe3, 0xc3, 0xec, 0x86,
-+ 0x2b, 0xd0, 0x57, 0xce, 0xf1, 0xe3, 0x2d, 0x62,}, 192,
-+ {0x0}, 0,
-+ {0xe4, 0xd9, 0x34, 0x0b, 0x03, 0xe6, 0x7d, 0xef,
-+ 0xd4, 0x96, 0x9c, 0xc1, 0xed, 0x37, 0x35, 0xe6,}, 128,
-+ },
-+ {NID_aes_256_cbc, /* Count = 33 from CMACGenAES256.txt */
-+ {0x0b, 0x12, 0x2a, 0xc8, 0xf3, 0x4e, 0xd1, 0xfe,
-+ 0x08, 0x2a, 0x36, 0x25, 0xd1, 0x57, 0x56, 0x14,
-+ 0x54, 0x16, 0x7a, 0xc1, 0x45, 0xa1, 0x0b, 0xbf,
-+ 0x77, 0xc6, 0xa7, 0x05, 0x96, 0xd5, 0x74, 0xf1,}, 256,
-+ {0x49, 0x8b, 0x53, 0xfd, 0xec, 0x87, 0xed, 0xcb,
-+ 0xf0, 0x70, 0x97, 0xdc, 0xcd, 0xe9, 0x3a, 0x08,
-+ 0x4b, 0xad, 0x75, 0x01, 0xa2, 0x24, 0xe3, 0x88,
-+ 0xdf, 0x34, 0x9c, 0xe1, 0x89, 0x59, 0xfe, 0x84,
-+ 0x85, 0xf8, 0xad, 0x15, 0x37, 0xf0, 0xd8, 0x96,
-+ 0xea, 0x73, 0xbe, 0xdc, 0x72, 0x14, 0x71, 0x3f,}, 384,
-+ {0xf6, 0x2c, 0x46, 0x32, 0x9b,}, 40,
-+ },
-+ {NID_des_ede3_cbc, /* Count = 41 from CMACGenTDES3.req */
-+ {0x89, 0xbc, 0xd9, 0x52, 0xa8, 0xc8, 0xab, 0x37,
-+ 0x1a, 0xf4, 0x8a, 0xc7, 0xd0, 0x70, 0x85, 0xd5,
-+ 0xef, 0xf7, 0x02, 0xe6, 0xd6, 0x2c, 0xdc, 0x23,}, 192,
-+ {0xfa, 0x62, 0x0c, 0x1b, 0xbe, 0x97, 0x31, 0x9e,
-+ 0x9a, 0x0c, 0xf0, 0x49, 0x21, 0x21, 0xf7, 0xa2,
-+ 0x0e, 0xb0, 0x8a, 0x6a, 0x70, 0x9d, 0xcb, 0xd0,
-+ 0x0a, 0xaf, 0x38, 0xe4, 0xf9, 0x9e, 0x75, 0x4e,}, 256,
-+ {0x8f, 0x49, 0xa1, 0xb7, 0xd6, 0xaa, 0x22, 0x58,}, 64,
-+ },
-+};
-+
-+int FIPS_selftest_cmac()
-+{
-+ size_t n, outlen;
-+ unsigned char out[32];
-+ const EVP_CIPHER *cipher;
-+ CMAC_CTX *ctx = CMAC_CTX_new();
-+ const CMAC_KAT *t;
-+ int rv = 1;
-+
-+ for (n = 0, t = vector; n < sizeof(vector) / sizeof(vector[0]); n++, t++) {
-+ cipher = EVP_get_cipherbynid(t->nid);
-+ if (!cipher) {
-+ rv = -1;
-+ goto err;
-+ }
-+ if (!CMAC_Init(ctx, t->key, t->keysize / 8, cipher, 0)) {
-+ rv = -1;
-+ goto err;
-+ }
-+ if (!CMAC_Update(ctx, t->msg, t->msgsize / 8)) {
-+ rv = -1;
-+ goto err;
-+ }
-+
-+ if (!CMAC_Final(ctx, out, &outlen)) {
-+ rv = -1;
-+ goto err;
-+ }
-+
-+ if (outlen < t->macsize / 8 || memcmp(out, t->mac, t->macsize / 8)) {
-+ rv = 0;
-+ }
-+ }
-+
-+ err:
-+ CMAC_CTX_free(ctx);
-+
-+ if (rv == -1) {
-+ rv = 0;
-+ }
-+ if (!rv)
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC, FIPS_R_SELFTEST_FAILED);
-+
-+ return rv;
-+}
-+#endif
-diff -up openssl-1.1.1b/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_des_selftest.c
---- openssl-1.1.1b/crypto/fips/fips_des_selftest.c.fips 2019-02-28 11:30:06.808745633 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_des_selftest.c 2019-02-28 11:30:06.808745633 +0100
-@@ -0,0 +1,133 @@
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+# include "internal/fips_int.h"
-+#endif
-+#include <openssl/opensslconf.h>
-+
-+#ifdef OPENSSL_FIPS
-+
-+static const struct {
-+ const unsigned char key[16];
-+ const unsigned char plaintext[8];
-+ const unsigned char ciphertext[8];
-+} tests2[] = {
-+ {
-+ {
-+ 0x7c, 0x4f, 0x6e, 0xf7, 0xa2, 0x04, 0x16, 0xec,
-+ 0x0b, 0x6b, 0x7c, 0x9e, 0x5e, 0x19, 0xa7, 0xc4}, {
-+ 0x06, 0xa7, 0xd8, 0x79, 0xaa, 0xce, 0x69, 0xef}, {
-+ 0x4c, 0x11, 0x17, 0x55, 0xbf, 0xc4, 0x4e, 0xfd}
-+ }, {
-+ {
-+ 0x5d, 0x9e, 0x01, 0xd3, 0x25, 0xc7, 0x3e, 0x34,
-+ 0x01, 0x16, 0x7c, 0x85, 0x23, 0xdf, 0xe0, 0x68}, {
-+ 0x9c, 0x50, 0x09, 0x0f, 0x5e, 0x7d, 0x69, 0x7e}, {
-+ 0xd2, 0x0b, 0x18, 0xdf, 0xd9, 0x0d, 0x9e, 0xff},}
-+};
-+
-+static const struct {
-+ const unsigned char key[24];
-+ const unsigned char plaintext[8];
-+ const unsigned char ciphertext[8];
-+} tests3[] = {
-+ {
-+ {
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10,
-+ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0}, {
-+ 0x8f, 0x8f, 0xbf, 0x9b, 0x5d, 0x48, 0xb4, 0x1c}, {
-+ 0x59, 0x8c, 0xe5, 0xd3, 0x6c, 0xa2, 0xea, 0x1b},}, {
-+ {
-+ 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0xFE,
-+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
-+ 0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4}, {
-+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, {
-+0x11, 0x25, 0xb0, 0x35, 0xbe, 0xa0, 0x82, 0x86},},};
-+
-+int FIPS_selftest_des()
-+{
-+ int n, ret = 0;
-+ EVP_CIPHER_CTX *ctx;
-+
-+ ctx = EVP_CIPHER_CTX_new();
-+ if (ctx == NULL)
-+ goto err;
-+
-+ /* Encrypt/decrypt with 2-key 3DES and compare to known answers */
-+ for (n = 0; n < 2; ++n) {
-+ unsigned char plaintext[8];
-+
-+ memcpy(plaintext, tests2[n].plaintext, sizeof(plaintext));
-+ if (!fips_cipher_test(ctx, EVP_des_ede_ecb(),
-+ tests2[n].key, NULL,
-+ plaintext, tests2[n].ciphertext, 8))
-+ goto err;
-+ }
-+
-+ /* Encrypt/decrypt with 3DES and compare to known answers */
-+ for (n = 0; n < 2; ++n) {
-+ if (!fips_cipher_test(ctx, EVP_des_ede3_ecb(),
-+ tests3[n].key, NULL,
-+ tests3[n].plaintext, tests3[n].ciphertext, 8))
-+ goto err;
-+ }
-+ ret = 1;
-+ err:
-+ EVP_CIPHER_CTX_free(ctx);
-+ if (ret == 0)
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_DES, FIPS_R_SELFTEST_FAILED);
-+
-+ return ret;
-+}
-+#endif
-diff -up openssl-1.1.1b/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_dh_selftest.c
---- openssl-1.1.1b/crypto/fips/fips_dh_selftest.c.fips 2019-02-28 11:30:06.810745596 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_dh_selftest.c 2019-02-28 11:30:06.810745596 +0100
-@@ -0,0 +1,180 @@
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ * Copyright (c) 2013 Red Hat, Inc.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/dh.h>
-+#include <openssl/fips.h>
-+#include <openssl/err.h>
-+#include <openssl/evp.h>
-+#include <openssl/bn.h>
-+#include "fips_locl.h"
-+
-+#ifdef OPENSSL_FIPS
-+
-+static const unsigned char dh_test_2048_p[] = {
-+ 0xAE, 0xEC, 0xEE, 0x22, 0xFA, 0x3A, 0xA5, 0x22, 0xC0, 0xDE, 0x0F, 0x09,
-+ 0x7E, 0x17, 0xC0, 0x05, 0xF9, 0xF1, 0xE7, 0xC6, 0x87, 0x14, 0x6D, 0x11,
-+ 0xE7, 0xAE, 0xED, 0x2F, 0x72, 0x59, 0xC5, 0xA9, 0x9B, 0xB8, 0x02, 0xA5,
-+ 0xF3, 0x69, 0x70, 0xD6, 0xDD, 0x90, 0xF9, 0x19, 0x79, 0xBE, 0x60, 0x8F,
-+ 0x25, 0x92, 0x30, 0x1C, 0x51, 0x51, 0x38, 0x26, 0x82, 0x25, 0xE6, 0xFC,
-+ 0xED, 0x65, 0x96, 0x8F, 0x57, 0xE5, 0x53, 0x8B, 0x38, 0x63, 0xC7, 0xCE,
-+ 0xBC, 0x1B, 0x4D, 0x18, 0x2A, 0x5B, 0x04, 0x3F, 0x6A, 0x3C, 0x94, 0x39,
-+ 0xAE, 0x36, 0xD6, 0x5E, 0x0F, 0xA2, 0xCC, 0xD0, 0xD4, 0xD5, 0xC6, 0x1E,
-+ 0xF6, 0xA0, 0xF5, 0x89, 0x4E, 0xB4, 0x0B, 0xA4, 0xB3, 0x2B, 0x3D, 0xE2,
-+ 0x4E, 0xE1, 0x49, 0x25, 0x99, 0x5F, 0x32, 0x16, 0x33, 0x32, 0x1B, 0x7A,
-+ 0xA5, 0x5C, 0x6B, 0x34, 0x0D, 0x39, 0x99, 0xDC, 0xF0, 0x76, 0xE5, 0x5A,
-+ 0xD4, 0x71, 0x00, 0xED, 0x5A, 0x73, 0xFB, 0xC8, 0x01, 0xAD, 0x99, 0xCF,
-+ 0x99, 0x52, 0x7C, 0x9C, 0x64, 0xC6, 0x76, 0x40, 0x57, 0xAF, 0x59, 0xD7,
-+ 0x38, 0x0B, 0x40, 0xDE, 0x33, 0x0D, 0xB8, 0x76, 0xEC, 0xA9, 0xD8, 0x73,
-+ 0xF8, 0xEF, 0x26, 0x66, 0x06, 0x27, 0xDD, 0x7C, 0xA4, 0x10, 0x9C, 0xA6,
-+ 0xAA, 0xF9, 0x53, 0x62, 0x73, 0x1D, 0xBA, 0x1C, 0xF1, 0x67, 0xF4, 0x35,
-+ 0xED, 0x6F, 0x37, 0x92, 0xE8, 0x4F, 0x6C, 0xBA, 0x52, 0x6E, 0xA1, 0xED,
-+ 0xDA, 0x9F, 0x85, 0x11, 0x82, 0x52, 0x62, 0x08, 0x44, 0xF1, 0x30, 0x03,
-+ 0xC3, 0x38, 0x2C, 0x79, 0xBD, 0xD4, 0x43, 0x45, 0xEE, 0x8E, 0x50, 0xFC,
-+ 0x29, 0x46, 0x9A, 0xFE, 0x54, 0x1A, 0x19, 0x8F, 0x4B, 0x84, 0x08, 0xDE,
-+ 0x20, 0x62, 0x73, 0xCC, 0xDD, 0x7E, 0xF0, 0xEF, 0xA2, 0xFD, 0x86, 0x58,
-+ 0x4B, 0xD8, 0x37, 0xEB
-+};
-+
-+static const unsigned char dh_test_2048_g[] = {
-+ 0x02
-+};
-+
-+static const unsigned char dh_test_2048_pub_key[] = {
-+ 0xA0, 0x39, 0x11, 0x77, 0x9A, 0xC1, 0x30, 0x1F, 0xBE, 0x48, 0xA7, 0xAA,
-+ 0xA0, 0x84, 0x54, 0x64, 0xAD, 0x1B, 0x70, 0xFA, 0x13, 0x55, 0x63, 0xD2,
-+ 0x1F, 0x62, 0x32, 0x93, 0x8E, 0xC9, 0x3E, 0x09, 0xA7, 0x64, 0xE4, 0x12,
-+ 0x6E, 0x1B, 0xF2, 0x92, 0x3B, 0xB9, 0xCB, 0x56, 0xEA, 0x07, 0x88, 0xB5,
-+ 0xA6, 0xBC, 0x16, 0x1F, 0x27, 0xFE, 0xD8, 0xAA, 0x40, 0xB2, 0xB0, 0x2D,
-+ 0x37, 0x76, 0xA6, 0xA4, 0x82, 0x2C, 0x0E, 0x22, 0x64, 0x9D, 0xCB, 0xD1,
-+ 0x00, 0xB7, 0x89, 0x14, 0x72, 0x4E, 0xBE, 0x48, 0x41, 0xF8, 0xB2, 0x51,
-+ 0x11, 0x09, 0x4B, 0x22, 0x01, 0x23, 0x39, 0x96, 0xE0, 0x15, 0xD7, 0x9F,
-+ 0x60, 0xD1, 0xB7, 0xAE, 0xFE, 0x5F, 0xDB, 0xE7, 0x03, 0x17, 0x97, 0xA6,
-+ 0x16, 0x74, 0xBD, 0x53, 0x81, 0x19, 0xC5, 0x47, 0x5E, 0xCE, 0x8D, 0xED,
-+ 0x45, 0x5D, 0x3C, 0x00, 0xA0, 0x0A, 0x68, 0x6A, 0xE0, 0x8E, 0x06, 0x46,
-+ 0x6F, 0xD7, 0xF9, 0xDF, 0x31, 0x7E, 0x77, 0x44, 0x0D, 0x98, 0xE0, 0xCA,
-+ 0x98, 0x09, 0x52, 0x04, 0x90, 0xEA, 0x6D, 0xF4, 0x30, 0x69, 0x8F, 0xB1,
-+ 0x9B, 0xC1, 0x43, 0xDB, 0xD5, 0x8D, 0xC8, 0x8E, 0xB6, 0x0B, 0x05, 0xBE,
-+ 0x0E, 0xC5, 0x99, 0xC8, 0x6E, 0x4E, 0xF3, 0xCB, 0xC3, 0x5E, 0x9B, 0x53,
-+ 0xF7, 0x06, 0x1C, 0x4F, 0xC7, 0xB8, 0x6E, 0x30, 0x18, 0xCA, 0x9B, 0xB9,
-+ 0xBC, 0x5F, 0x17, 0x72, 0x29, 0x5A, 0xE5, 0xD9, 0x96, 0xB7, 0x0B, 0xF3,
-+ 0x2D, 0x8C, 0xF1, 0xE1, 0x0E, 0x0D, 0x74, 0xD5, 0x9D, 0xF0, 0x06, 0xA9,
-+ 0xB4, 0x95, 0x63, 0x76, 0x46, 0x55, 0x48, 0x82, 0x39, 0x90, 0xEF, 0x56,
-+ 0x75, 0x34, 0xB8, 0x34, 0xC3, 0x18, 0x6E, 0x1E, 0xAD, 0xE3, 0x48, 0x7E,
-+ 0x93, 0x2C, 0x23, 0xE7, 0xF8, 0x90, 0x73, 0xB1, 0x77, 0x80, 0x67, 0xA9,
-+ 0x36, 0x9E, 0xDA, 0xD2
-+};
-+
-+static const unsigned char dh_test_2048_priv_key[] = {
-+ 0x0C, 0x4B, 0x30, 0x89, 0xD1, 0xB8, 0x62, 0xCB, 0x3C, 0x43, 0x64, 0x91,
-+ 0xF0, 0x91, 0x54, 0x70, 0xC5, 0x27, 0x96, 0xE3, 0xAC, 0xBE, 0xE8, 0x00,
-+ 0xEC, 0x55, 0xF6, 0xCC
-+};
-+
-+int FIPS_selftest_dh()
-+{
-+ DH *dh = NULL;
-+ int ret = 0;
-+ void *pub_key_bin = NULL;
-+ int len;
-+ BIGNUM *p = NULL, *g = NULL, *priv_key = NULL, *tmp_pub_key = NULL;
-+ const BIGNUM *pub_key;
-+
-+ fips_load_key_component(p, dh_test_2048);
-+ fips_load_key_component(g, dh_test_2048);
-+ /* note that the private key is much shorter than normally used
-+ * but still g ** priv_key > p
-+ */
-+ fips_load_key_component(priv_key, dh_test_2048);
-+ if ((tmp_pub_key = BN_new()) == NULL)
-+ goto err;
-+
-+ dh = DH_new();
-+
-+ if (dh == NULL)
-+ goto err;
-+
-+ DH_set0_pqg(dh, p, NULL, g);
-+ DH_set0_key(dh, tmp_pub_key, priv_key);
-+
-+ if (DH_generate_key(dh) <= 0)
-+ goto err;
-+
-+ DH_get0_key(dh, &pub_key, NULL);
-+
-+ if (pub_key == NULL)
-+ goto err;
-+
-+ len = BN_num_bytes(pub_key);
-+ if ((pub_key_bin = OPENSSL_malloc(len)) == NULL)
-+ goto err;
-+ BN_bn2bin(pub_key, pub_key_bin);
-+
-+ if (len != sizeof(dh_test_2048_pub_key) ||
-+ memcmp(pub_key_bin, dh_test_2048_pub_key, len) != 0)
-+ goto err;
-+
-+ ret = 1;
-+
-+ err:
-+ if (dh)
-+ DH_free(dh);
-+ else {
-+ BN_free(p);
-+ BN_free(g);
-+ BN_free(priv_key);
-+ BN_free(tmp_pub_key);
-+ }
-+
-+ OPENSSL_free(pub_key_bin);
-+ return ret;
-+}
-+#endif
-diff -up openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c
---- openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c.fips 2019-02-28 11:30:06.811745577 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c 2019-02-28 11:30:06.811745577 +0100
-@@ -0,0 +1,406 @@
-+/* fips/rand/fips_drbg_ctr.c */
-+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
-+ * project.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing@OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ */
-+
-+#include <stdlib.h>
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/fips.h>
-+#include <openssl/fips_rand.h>
-+#include "fips_rand_lcl.h"
-+
-+static void inc_128(DRBG_CTR_CTX * cctx)
-+{
-+ int i;
-+ unsigned char c;
-+ unsigned char *p = cctx->V + 15;
-+ for (i = 0; i < 16; i++) {
-+ c = *p;
-+ c++;
-+ *p = c;
-+ if (c)
-+ return;
-+ p--;
-+ }
-+}
-+
-+static void ctr_XOR(DRBG_CTR_CTX * cctx, const unsigned char *in,
-+ size_t inlen)
-+{
-+ size_t i, n;
-+ /* Any zero padding will have no effect on the result as we
-+ * are XORing. So just process however much input we have.
-+ */
-+
-+ if (!in || !inlen)
-+ return;
-+
-+ if (inlen < cctx->keylen)
-+ n = inlen;
-+ else
-+ n = cctx->keylen;
-+
-+ for (i = 0; i < n; i++)
-+ cctx->K[i] ^= in[i];
-+ if (inlen <= cctx->keylen)
-+ return;
-+
-+ n = inlen - cctx->keylen;
-+ /* Should never happen */
-+ if (n > 16)
-+ n = 16;
-+ for (i = 0; i < 16; i++)
-+ cctx->V[i] ^= in[i + cctx->keylen];
-+}
-+
-+/* Process a complete block using BCC algorithm of SPP 800-90 10.4.3 */
-+
-+static void ctr_BCC_block(DRBG_CTR_CTX * cctx, unsigned char *out,
-+ const unsigned char *in)
-+{
-+ int i;
-+ for (i = 0; i < 16; i++)
-+ out[i] ^= in[i];
-+ AES_encrypt(out, out, &cctx->df_ks);
-+#if 0
-+ fprintf(stderr, "BCC in+out\n");
-+ BIO_dump_fp(stderr, in, 16);
-+ BIO_dump_fp(stderr, out, 16);
-+#endif
-+}
-+
-+/* Handle several BCC operations for as much data as we need for K and X */
-+static void ctr_BCC_blocks(DRBG_CTR_CTX * cctx, const unsigned char *in)
-+{
-+ ctr_BCC_block(cctx, cctx->KX, in);
-+ ctr_BCC_block(cctx, cctx->KX + 16, in);
-+ if (cctx->keylen != 16)
-+ ctr_BCC_block(cctx, cctx->KX + 32, in);
-+}
-+
-+/* Initialise BCC blocks: these have the value 0,1,2 in leftmost positions:
-+ * see 10.4.2 stage 7.
-+ */
-+static void ctr_BCC_init(DRBG_CTR_CTX * cctx)
-+{
-+ memset(cctx->KX, 0, 48);
-+ memset(cctx->bltmp, 0, 16);
-+ ctr_BCC_block(cctx, cctx->KX, cctx->bltmp);
-+ cctx->bltmp[3] = 1;
-+ ctr_BCC_block(cctx, cctx->KX + 16, cctx->bltmp);
-+ if (cctx->keylen != 16) {
-+ cctx->bltmp[3] = 2;
-+ ctr_BCC_block(cctx, cctx->KX + 32, cctx->bltmp);
-+ }
-+}
-+
-+/* Process several blocks into BCC algorithm, some possibly partial */
-+static void ctr_BCC_update(DRBG_CTR_CTX * cctx,
-+ const unsigned char *in, size_t inlen)
-+{
-+ if (!in || !inlen)
-+ return;
-+ /* If we have partial block handle it first */
-+ if (cctx->bltmp_pos) {
-+ size_t left = 16 - cctx->bltmp_pos;
-+ /* If we now have a complete block process it */
-+ if (inlen >= left) {
-+ memcpy(cctx->bltmp + cctx->bltmp_pos, in, left);
-+ ctr_BCC_blocks(cctx, cctx->bltmp);
-+ cctx->bltmp_pos = 0;
-+ inlen -= left;
-+ in += left;
-+ }
-+ }
-+ /* Process zero or more complete blocks */
-+ while (inlen >= 16) {
-+ ctr_BCC_blocks(cctx, in);
-+ in += 16;
-+ inlen -= 16;
-+ }
-+ /* Copy any remaining partial block to the temporary buffer */
-+ if (inlen > 0) {
-+ memcpy(cctx->bltmp + cctx->bltmp_pos, in, inlen);
-+ cctx->bltmp_pos += inlen;
-+ }
-+}
-+
-+static void ctr_BCC_final(DRBG_CTR_CTX * cctx)
-+{
-+ if (cctx->bltmp_pos) {
-+ memset(cctx->bltmp + cctx->bltmp_pos, 0, 16 - cctx->bltmp_pos);
-+ ctr_BCC_blocks(cctx, cctx->bltmp);
-+ }
-+}
-+
-+static void ctr_df(DRBG_CTR_CTX * cctx,
-+ const unsigned char *in1, size_t in1len,
-+ const unsigned char *in2, size_t in2len,
-+ const unsigned char *in3, size_t in3len)
-+{
-+ size_t inlen;
-+ unsigned char *p = cctx->bltmp;
-+ static unsigned char c80 = 0x80;
-+
-+ ctr_BCC_init(cctx);
-+ if (!in1)
-+ in1len = 0;
-+ if (!in2)
-+ in2len = 0;
-+ if (!in3)
-+ in3len = 0;
-+ inlen = in1len + in2len + in3len;
-+ /* Initialise L||N in temporary block */
-+ *p++ = (inlen >> 24) & 0xff;
-+ *p++ = (inlen >> 16) & 0xff;
-+ *p++ = (inlen >> 8) & 0xff;
-+ *p++ = inlen & 0xff;
-+ /* NB keylen is at most 32 bytes */
-+ *p++ = 0;
-+ *p++ = 0;
-+ *p++ = 0;
-+ *p = (unsigned char)((cctx->keylen + 16) & 0xff);
-+ cctx->bltmp_pos = 8;
-+ ctr_BCC_update(cctx, in1, in1len);
-+ ctr_BCC_update(cctx, in2, in2len);
-+ ctr_BCC_update(cctx, in3, in3len);
-+ ctr_BCC_update(cctx, &c80, 1);
-+ ctr_BCC_final(cctx);
-+ /* Set up key K */
-+ AES_set_encrypt_key(cctx->KX, cctx->keylen * 8, &cctx->df_kxks);
-+ /* X follows key K */
-+ AES_encrypt(cctx->KX + cctx->keylen, cctx->KX, &cctx->df_kxks);
-+ AES_encrypt(cctx->KX, cctx->KX + 16, &cctx->df_kxks);
-+ if (cctx->keylen != 16)
-+ AES_encrypt(cctx->KX + 16, cctx->KX + 32, &cctx->df_kxks);
-+#if 0
-+ fprintf(stderr, "Output of ctr_df:\n");
-+ BIO_dump_fp(stderr, cctx->KX, cctx->keylen + 16);
-+#endif
-+}
-+
-+/* NB the no-df Update in SP800-90 specifies a constant input length
-+ * of seedlen, however other uses of this algorithm pad the input with
-+ * zeroes if necessary and have up to two parameters XORed together,
-+ * handle both cases in this function instead.
-+ */
-+
-+static void ctr_Update(DRBG_CTX *dctx,
-+ const unsigned char *in1, size_t in1len,
-+ const unsigned char *in2, size_t in2len,
-+ const unsigned char *nonce, size_t noncelen)
-+{
-+ DRBG_CTR_CTX *cctx = &dctx->d.ctr;
-+ /* ks is already setup for correct key */
-+ inc_128(cctx);
-+ AES_encrypt(cctx->V, cctx->K, &cctx->ks);
-+ /* If keylen longer than 128 bits need extra encrypt */
-+ if (cctx->keylen != 16) {
-+ inc_128(cctx);
-+ AES_encrypt(cctx->V, cctx->K + 16, &cctx->ks);
-+ }
-+ inc_128(cctx);
-+ AES_encrypt(cctx->V, cctx->V, &cctx->ks);
-+ /* If 192 bit key part of V is on end of K */
-+ if (cctx->keylen == 24) {
-+ memcpy(cctx->V + 8, cctx->V, 8);
-+ memcpy(cctx->V, cctx->K + 24, 8);
-+ }
-+
-+ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) {
-+ /* If no input reuse existing derived value */
-+ if (in1 || nonce || in2)
-+ ctr_df(cctx, in1, in1len, nonce, noncelen, in2, in2len);
-+ /* If this a reuse input in1len != 0 */
-+ if (in1len)
-+ ctr_XOR(cctx, cctx->KX, dctx->seedlen);
-+ } else {
-+ ctr_XOR(cctx, in1, in1len);
-+ ctr_XOR(cctx, in2, in2len);
-+ }
-+
-+ AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
-+#if 0
-+ fprintf(stderr, "K+V after update is:\n");
-+ BIO_dump_fp(stderr, cctx->K, cctx->keylen);
-+ BIO_dump_fp(stderr, cctx->V, 16);
-+#endif
-+}
-+
-+static int drbg_ctr_instantiate(DRBG_CTX *dctx,
-+ const unsigned char *ent, size_t entlen,
-+ const unsigned char *nonce, size_t noncelen,
-+ const unsigned char *pers, size_t perslen)
-+{
-+ DRBG_CTR_CTX *cctx = &dctx->d.ctr;
-+ memset(cctx->K, 0, sizeof(cctx->K));
-+ memset(cctx->V, 0, sizeof(cctx->V));
-+ AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
-+ ctr_Update(dctx, ent, entlen, pers, perslen, nonce, noncelen);
-+ return 1;
-+}
-+
-+static int drbg_ctr_reseed(DRBG_CTX *dctx,
-+ const unsigned char *ent, size_t entlen,
-+ const unsigned char *adin, size_t adinlen)
-+{
-+ ctr_Update(dctx, ent, entlen, adin, adinlen, NULL, 0);
-+ return 1;
-+}
-+
-+static int drbg_ctr_generate(DRBG_CTX *dctx,
-+ unsigned char *out, size_t outlen,
-+ const unsigned char *adin, size_t adinlen)
-+{
-+ DRBG_CTR_CTX *cctx = &dctx->d.ctr;
-+ if (adin && adinlen) {
-+ ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
-+ /* This means we reuse derived value */
-+ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) {
-+ adin = NULL;
-+ adinlen = 1;
-+ }
-+ } else
-+ adinlen = 0;
-+
-+ for (;;) {
-+ inc_128(cctx);
-+ if (outlen < 16) {
-+ /* Use K as temp space as it will be updated */
-+ AES_encrypt(cctx->V, cctx->K, &cctx->ks);
-+ memcpy(out, cctx->K, outlen);
-+ break;
-+ }
-+ AES_encrypt(cctx->V, out, &cctx->ks);
-+ out += 16;
-+ outlen -= 16;
-+ if (outlen == 0)
-+ break;
-+ }
-+
-+ ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
-+
-+ return 1;
-+
-+}
-+
-+static int drbg_ctr_uninstantiate(DRBG_CTX *dctx)
-+{
-+ memset(&dctx->d.ctr, 0, sizeof(DRBG_CTR_CTX));
-+ return 1;
-+}
-+
-+int fips_drbg_ctr_init(DRBG_CTX *dctx)
-+{
-+ DRBG_CTR_CTX *cctx = &dctx->d.ctr;
-+
-+ size_t keylen;
-+
-+ switch (dctx->type) {
-+ case NID_aes_128_ctr:
-+ keylen = 16;
-+ break;
-+
-+ case NID_aes_192_ctr:
-+ keylen = 24;
-+ break;
-+
-+ case NID_aes_256_ctr:
-+ keylen = 32;
-+ break;
-+
-+ default:
-+ return -2;
-+ }
-+
-+ dctx->instantiate = drbg_ctr_instantiate;
-+ dctx->reseed = drbg_ctr_reseed;
-+ dctx->generate = drbg_ctr_generate;
-+ dctx->uninstantiate = drbg_ctr_uninstantiate;
-+
-+ cctx->keylen = keylen;
-+ dctx->strength = keylen * 8;
-+ dctx->blocklength = 16;
-+ dctx->seedlen = keylen + 16;
-+
-+ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) {
-+ /* df initialisation */
-+ static unsigned char df_key[32] = {
-+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
-+ };
-+ /* Set key schedule for df_key */
-+ AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks);
-+
-+ dctx->min_entropy = cctx->keylen;
-+ dctx->max_entropy = DRBG_MAX_LENGTH;
-+ dctx->min_nonce = dctx->min_entropy / 2;
-+ dctx->max_nonce = DRBG_MAX_LENGTH;
-+ dctx->max_pers = DRBG_MAX_LENGTH;
-+ dctx->max_adin = DRBG_MAX_LENGTH;
-+ } else {
-+ dctx->min_entropy = dctx->seedlen;
-+ dctx->max_entropy = dctx->seedlen;
-+ /* Nonce not used */
-+ dctx->min_nonce = 0;
-+ dctx->max_nonce = 0;
-+ dctx->max_pers = dctx->seedlen;
-+ dctx->max_adin = dctx->seedlen;
-+ }
-+
-+ dctx->max_request = 1 << 16;
-+ dctx->reseed_interval = 1 << 24;
-+
-+ return 1;
-+}
-diff -up openssl-1.1.1b/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_hash.c
---- openssl-1.1.1b/crypto/fips/fips_drbg_hash.c.fips 2019-02-28 11:30:06.811745577 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_drbg_hash.c 2019-02-28 11:30:06.811745577 +0100
-@@ -0,0 +1,354 @@
-+/* fips/rand/fips_drbg_hash.c */
-+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
-+ * project.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing@OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ */
-+
-+#define OPENSSL_FIPSAPI
-+
-+#include <stdlib.h>
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/fips.h>
-+#include "internal/fips_int.h"
-+#include <openssl/fips_rand.h>
-+#include "fips_rand_lcl.h"
-+
-+/* This is Hash_df from SP 800-90 10.4.1 */
-+
-+static int hash_df(DRBG_CTX *dctx, unsigned char *out,
-+ const unsigned char *in1, size_t in1len,
-+ const unsigned char *in2, size_t in2len,
-+ const unsigned char *in3, size_t in3len,
-+ const unsigned char *in4, size_t in4len)
-+{
-+ EVP_MD_CTX *mctx = dctx->d.hash.mctx;
-+ unsigned char *vtmp = dctx->d.hash.vtmp;
-+ unsigned char tmp[6];
-+ /* Standard only ever needs seedlen bytes which is always less than
-+ * maximum permitted so no need to check length.
-+ */
-+ size_t outlen = dctx->seedlen;
-+ tmp[0] = 1;
-+ tmp[1] = ((outlen * 8) >> 24) & 0xff;
-+ tmp[2] = ((outlen * 8) >> 16) & 0xff;
-+ tmp[3] = ((outlen * 8) >> 8) & 0xff;
-+ tmp[4] = (outlen * 8) & 0xff;
-+ if (!in1) {
-+ tmp[5] = (unsigned char)in1len;
-+ in1 = tmp + 5;
-+ in1len = 1;
-+ }
-+ for (;;) {
-+ if (!FIPS_digestinit(mctx, dctx->d.hash.md))
-+ return 0;
-+ if (!FIPS_digestupdate(mctx, tmp, 5))
-+ return 0;
-+ if (in1 && !FIPS_digestupdate(mctx, in1, in1len))
-+ return 0;
-+ if (in2 && !FIPS_digestupdate(mctx, in2, in2len))
-+ return 0;
-+ if (in3 && !FIPS_digestupdate(mctx, in3, in3len))
-+ return 0;
-+ if (in4 && !FIPS_digestupdate(mctx, in4, in4len))
-+ return 0;
-+ if (outlen < dctx->blocklength) {
-+ if (!FIPS_digestfinal(mctx, vtmp, NULL))
-+ return 0;
-+ memcpy(out, vtmp, outlen);
-+ OPENSSL_cleanse(vtmp, dctx->blocklength);
-+ return 1;
-+ } else if (!FIPS_digestfinal(mctx, out, NULL))
-+ return 0;
-+
-+ outlen -= dctx->blocklength;
-+ if (outlen == 0)
-+ return 1;
-+ tmp[0]++;
-+ out += dctx->blocklength;
-+ }
-+}
-+
-+/* Add an unsigned buffer to the buf value, storing the result in buf. For
-+ * this algorithm the length of input never exceeds the seed length.
-+ */
-+
-+static void ctx_add_buf(DRBG_CTX *dctx, unsigned char *buf,
-+ unsigned char *in, size_t inlen)
-+{
-+ size_t i = inlen;
-+ const unsigned char *q;
-+ unsigned char c, *p;
-+ p = buf + dctx->seedlen;
-+ q = in + inlen;
-+
-+ OPENSSL_assert(i <= dctx->seedlen);
-+
-+ /* Special case: zero length, just increment buffer */
-+ if (i)
-+ c = 0;
-+ else
-+ c = 1;
-+
-+ while (i) {
-+ int r;
-+ p--;
-+ q--;
-+ r = *p + *q + c;
-+ /* Carry */
-+ if (r > 0xff)
-+ c = 1;
-+ else
-+ c = 0;
-+ *p = r & 0xff;
-+ i--;
-+ }
-+
-+ i = dctx->seedlen - inlen;
-+
-+ /* If not adding whole buffer handle final carries */
-+ if (c && i) {
-+ do {
-+ p--;
-+ c = *p;
-+ c++;
-+ *p = c;
-+ if (c)
-+ return;
-+ } while (i--);
-+ }
-+}
-+
-+/* Finalise and add hash to V */
-+
-+static int ctx_add_md(DRBG_CTX *dctx)
-+{
-+ if (!FIPS_digestfinal(dctx->d.hash.mctx, dctx->d.hash.vtmp, NULL))
-+ return 0;
-+ ctx_add_buf(dctx, dctx->d.hash.V, dctx->d.hash.vtmp, dctx->blocklength);
-+ return 1;
-+}
-+
-+static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen)
-+{
-+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
-+ if (outlen == 0)
-+ return 1;
-+ memcpy(hctx->vtmp, hctx->V, dctx->seedlen);
-+ for (;;) {
-+ FIPS_digestinit(hctx->mctx, hctx->md);
-+ FIPS_digestupdate(hctx->mctx, hctx->vtmp, dctx->seedlen);
-+ if (outlen < dctx->blocklength) {
-+ FIPS_digestfinal(hctx->mctx, hctx->vtmp, NULL);
-+ memcpy(out, hctx->vtmp, outlen);
-+ return 1;
-+ } else {
-+ FIPS_digestfinal(hctx->mctx, out, NULL);
-+ outlen -= dctx->blocklength;
-+ if (outlen == 0)
-+ return 1;
-+ out += dctx->blocklength;
-+ }
-+ ctx_add_buf(dctx, hctx->vtmp, NULL, 0);
-+ }
-+}
-+
-+static int drbg_hash_instantiate(DRBG_CTX *dctx,
-+ const unsigned char *ent, size_t ent_len,
-+ const unsigned char *nonce, size_t nonce_len,
-+ const unsigned char *pstr, size_t pstr_len)
-+{
-+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
-+ if (!hash_df(dctx, hctx->V,
-+ ent, ent_len, nonce, nonce_len, pstr, pstr_len, NULL, 0))
-+ return 0;
-+ if (!hash_df(dctx, hctx->C,
-+ NULL, 0, hctx->V, dctx->seedlen, NULL, 0, NULL, 0))
-+ return 0;
-+
-+#ifdef HASH_DRBG_TRACE
-+ fprintf(stderr, "V+C after instantiate:\n");
-+ hexprint(stderr, hctx->V, dctx->seedlen);
-+ hexprint(stderr, hctx->C, dctx->seedlen);
-+#endif
-+ return 1;
-+}
-+
-+static int drbg_hash_reseed(DRBG_CTX *dctx,
-+ const unsigned char *ent, size_t ent_len,
-+ const unsigned char *adin, size_t adin_len)
-+{
-+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
-+ /* V about to be updated so use C as output instead */
-+ if (!hash_df(dctx, hctx->C,
-+ NULL, 1, hctx->V, dctx->seedlen,
-+ ent, ent_len, adin, adin_len))
-+ return 0;
-+ memcpy(hctx->V, hctx->C, dctx->seedlen);
-+ if (!hash_df(dctx, hctx->C, NULL, 0,
-+ hctx->V, dctx->seedlen, NULL, 0, NULL, 0))
-+ return 0;
-+#ifdef HASH_DRBG_TRACE
-+ fprintf(stderr, "V+C after reseed:\n");
-+ hexprint(stderr, hctx->V, dctx->seedlen);
-+ hexprint(stderr, hctx->C, dctx->seedlen);
-+#endif
-+ return 1;
-+}
-+
-+static int drbg_hash_generate(DRBG_CTX *dctx,
-+ unsigned char *out, size_t outlen,
-+ const unsigned char *adin, size_t adin_len)
-+{
-+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
-+ EVP_MD_CTX *mctx = hctx->mctx;
-+ unsigned char tmp[4];
-+ if (adin && adin_len) {
-+ tmp[0] = 2;
-+ if (!FIPS_digestinit(mctx, hctx->md))
-+ return 0;
-+ if (!EVP_DigestUpdate(mctx, tmp, 1))
-+ return 0;
-+ if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
-+ return 0;
-+ if (!EVP_DigestUpdate(mctx, adin, adin_len))
-+ return 0;
-+ if (!ctx_add_md(dctx))
-+ return 0;
-+ }
-+ if (!hash_gen(dctx, out, outlen))
-+ return 0;
-+
-+ tmp[0] = 3;
-+ if (!FIPS_digestinit(mctx, hctx->md))
-+ return 0;
-+ if (!EVP_DigestUpdate(mctx, tmp, 1))
-+ return 0;
-+ if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
-+ return 0;
-+
-+ if (!ctx_add_md(dctx))
-+ return 0;
-+
-+ ctx_add_buf(dctx, hctx->V, hctx->C, dctx->seedlen);
-+
-+ tmp[0] = (dctx->reseed_counter >> 24) & 0xff;
-+ tmp[1] = (dctx->reseed_counter >> 16) & 0xff;
-+ tmp[2] = (dctx->reseed_counter >> 8) & 0xff;
-+ tmp[3] = dctx->reseed_counter & 0xff;
-+ ctx_add_buf(dctx, hctx->V, tmp, 4);
-+#ifdef HASH_DRBG_TRACE
-+ fprintf(stderr, "V+C after generate:\n");
-+ hexprint(stderr, hctx->V, dctx->seedlen);
-+ hexprint(stderr, hctx->C, dctx->seedlen);
-+#endif
-+ return 1;
-+}
-+
-+static int drbg_hash_uninstantiate(DRBG_CTX *dctx)
-+{
-+ EVP_MD_CTX_free(dctx->d.hash.mctx);
-+ OPENSSL_cleanse(&dctx->d.hash, sizeof(DRBG_HASH_CTX));
-+ return 1;
-+}
-+
-+int fips_drbg_hash_init(DRBG_CTX *dctx)
-+{
-+ const EVP_MD *md;
-+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
-+ md = EVP_get_digestbynid(dctx->type);
-+ if (!md)
-+ return -2;
-+ switch (dctx->type) {
-+ case NID_sha1:
-+ dctx->strength = 128;
-+ break;
-+
-+ case NID_sha224:
-+ dctx->strength = 192;
-+ break;
-+
-+ default:
-+ dctx->strength = 256;
-+ break;
-+ }
-+
-+ dctx->instantiate = drbg_hash_instantiate;
-+ dctx->reseed = drbg_hash_reseed;
-+ dctx->generate = drbg_hash_generate;
-+ dctx->uninstantiate = drbg_hash_uninstantiate;
-+
-+ dctx->d.hash.md = md;
-+ hctx->mctx = EVP_MD_CTX_new();
-+ if (hctx->mctx == NULL)
-+ return -1;
-+
-+ /* These are taken from SP 800-90 10.1 table 2 */
-+
-+ dctx->blocklength = EVP_MD_size(md);
-+ if (dctx->blocklength > 32)
-+ dctx->seedlen = 111;
-+ else
-+ dctx->seedlen = 55;
-+
-+ dctx->min_entropy = dctx->strength / 8;
-+ dctx->max_entropy = DRBG_MAX_LENGTH;
-+
-+ dctx->min_nonce = dctx->min_entropy / 2;
-+ dctx->max_nonce = DRBG_MAX_LENGTH;
-+
-+ dctx->max_pers = DRBG_MAX_LENGTH;
-+ dctx->max_adin = DRBG_MAX_LENGTH;
-+
-+ dctx->max_request = 1 << 16;
-+ dctx->reseed_interval = 1 << 24;
-+
-+ return 1;
-+}
-diff -up openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c
---- openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c.fips 2019-02-28 11:30:06.811745577 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c 2019-02-28 11:30:06.811745577 +0100
-@@ -0,0 +1,262 @@
-+/* fips/rand/fips_drbg_hmac.c */
-+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
-+ * project.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing@OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ */
-+
-+#include <stdlib.h>
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/evp.h>
-+#include <openssl/hmac.h>
-+#include <openssl/aes.h>
-+#include <openssl/fips.h>
-+#include <openssl/fips_rand.h>
-+#include "fips_rand_lcl.h"
-+
-+static int drbg_hmac_update(DRBG_CTX *dctx,
-+ const unsigned char *in1, size_t in1len,
-+ const unsigned char *in2, size_t in2len,
-+ const unsigned char *in3, size_t in3len)
-+{
-+ static unsigned char c0 = 0, c1 = 1;
-+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
-+ HMAC_CTX *hctx = hmac->hctx;
-+
-+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
-+ return 0;
-+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
-+ return 0;
-+ if (!HMAC_Update(hctx, &c0, 1))
-+ return 0;
-+ if (in1len && !HMAC_Update(hctx, in1, in1len))
-+ return 0;
-+ if (in2len && !HMAC_Update(hctx, in2, in2len))
-+ return 0;
-+ if (in3len && !HMAC_Update(hctx, in3, in3len))
-+ return 0;
-+
-+ if (!HMAC_Final(hctx, hmac->K, NULL))
-+ return 0;
-+
-+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
-+ return 0;
-+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
-+ return 0;
-+
-+ if (!HMAC_Final(hctx, hmac->V, NULL))
-+ return 0;
-+
-+ if (!in1len && !in2len && !in3len)
-+ return 1;
-+
-+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
-+ return 0;
-+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
-+ return 0;
-+ if (!HMAC_Update(hctx, &c1, 1))
-+ return 0;
-+ if (in1len && !HMAC_Update(hctx, in1, in1len))
-+ return 0;
-+ if (in2len && !HMAC_Update(hctx, in2, in2len))
-+ return 0;
-+ if (in3len && !HMAC_Update(hctx, in3, in3len))
-+ return 0;
-+
-+ if (!HMAC_Final(hctx, hmac->K, NULL))
-+ return 0;
-+
-+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
-+ return 0;
-+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
-+ return 0;
-+
-+ if (!HMAC_Final(hctx, hmac->V, NULL))
-+ return 0;
-+
-+ return 1;
-+
-+}
-+
-+static int drbg_hmac_instantiate(DRBG_CTX *dctx,
-+ const unsigned char *ent, size_t ent_len,
-+ const unsigned char *nonce, size_t nonce_len,
-+ const unsigned char *pstr, size_t pstr_len)
-+{
-+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
-+ memset(hmac->K, 0, dctx->blocklength);
-+ memset(hmac->V, 1, dctx->blocklength);
-+ if (!drbg_hmac_update(dctx,
-+ ent, ent_len, nonce, nonce_len, pstr, pstr_len))
-+ return 0;
-+
-+#ifdef HMAC_DRBG_TRACE
-+ fprintf(stderr, "K+V after instantiate:\n");
-+ hexprint(stderr, hmac->K, hmac->blocklength);
-+ hexprint(stderr, hmac->V, hmac->blocklength);
-+#endif
-+ return 1;
-+}
-+
-+static int drbg_hmac_reseed(DRBG_CTX *dctx,
-+ const unsigned char *ent, size_t ent_len,
-+ const unsigned char *adin, size_t adin_len)
-+{
-+ if (!drbg_hmac_update(dctx, ent, ent_len, adin, adin_len, NULL, 0))
-+ return 0;
-+
-+#ifdef HMAC_DRBG_TRACE
-+ {
-+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
-+ fprintf(stderr, "K+V after reseed:\n");
-+ hexprint(stderr, hmac->K, hmac->blocklength);
-+ hexprint(stderr, hmac->V, hmac->blocklength);
-+ }
-+#endif
-+ return 1;
-+}
-+
-+static int drbg_hmac_generate(DRBG_CTX *dctx,
-+ unsigned char *out, size_t outlen,
-+ const unsigned char *adin, size_t adin_len)
-+{
-+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
-+ HMAC_CTX *hctx = hmac->hctx;
-+ const unsigned char *Vtmp = hmac->V;
-+ if (adin_len && !drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0))
-+ return 0;
-+ for (;;) {
-+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
-+ return 0;
-+ if (!HMAC_Update(hctx, Vtmp, dctx->blocklength))
-+ return 0;
-+ if (outlen > dctx->blocklength) {
-+ if (!HMAC_Final(hctx, out, NULL))
-+ return 0;
-+ Vtmp = out;
-+ } else {
-+ if (!HMAC_Final(hctx, hmac->V, NULL))
-+ return 0;
-+ memcpy(out, hmac->V, outlen);
-+ break;
-+ }
-+ out += dctx->blocklength;
-+ outlen -= dctx->blocklength;
-+ }
-+ if (!drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0))
-+ return 0;
-+
-+ return 1;
-+}
-+
-+static int drbg_hmac_uninstantiate(DRBG_CTX *dctx)
-+{
-+ HMAC_CTX_free(dctx->d.hmac.hctx);
-+ OPENSSL_cleanse(&dctx->d.hmac, sizeof(DRBG_HMAC_CTX));
-+ return 1;
-+}
-+
-+int fips_drbg_hmac_init(DRBG_CTX *dctx)
-+{
-+ const EVP_MD *md = NULL;
-+ DRBG_HMAC_CTX *hctx = &dctx->d.hmac;
-+ dctx->strength = 256;
-+ switch (dctx->type) {
-+ case NID_hmacWithSHA1:
-+ md = EVP_sha1();
-+ dctx->strength = 128;
-+ break;
-+
-+ case NID_hmacWithSHA224:
-+ md = EVP_sha224();
-+ dctx->strength = 192;
-+ break;
-+
-+ case NID_hmacWithSHA256:
-+ md = EVP_sha256();
-+ break;
-+
-+ case NID_hmacWithSHA384:
-+ md = EVP_sha384();
-+ break;
-+
-+ case NID_hmacWithSHA512:
-+ md = EVP_sha512();
-+ break;
-+
-+ default:
-+ dctx->strength = 0;
-+ return -2;
-+ }
-+ dctx->instantiate = drbg_hmac_instantiate;
-+ dctx->reseed = drbg_hmac_reseed;
-+ dctx->generate = drbg_hmac_generate;
-+ dctx->uninstantiate = drbg_hmac_uninstantiate;
-+ hctx->hctx = HMAC_CTX_new();
-+ if (hctx->hctx == NULL)
-+ return -1;
-+ hctx->md = md;
-+ dctx->blocklength = M_EVP_MD_size(md);
-+ dctx->seedlen = M_EVP_MD_size(md);
-+
-+ dctx->min_entropy = dctx->strength / 8;
-+ dctx->max_entropy = DRBG_MAX_LENGTH;
-+
-+ dctx->min_nonce = dctx->min_entropy / 2;
-+ dctx->max_nonce = DRBG_MAX_LENGTH;
-+
-+ dctx->max_pers = DRBG_MAX_LENGTH;
-+ dctx->max_adin = DRBG_MAX_LENGTH;
-+
-+ dctx->max_request = 1 << 16;
-+ dctx->reseed_interval = 1 << 24;
-+
-+ return 1;
-+}
-diff -up openssl-1.1.1b/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_lib.c
---- openssl-1.1.1b/crypto/fips/fips_drbg_lib.c.fips 2019-02-28 11:30:06.812745558 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_drbg_lib.c 2019-02-28 11:30:06.812745558 +0100
-@@ -0,0 +1,528 @@
-+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
-+ * project.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing@OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ */
-+
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/err.h>
-+#include <openssl/fips.h>
-+#include "internal/fips_int.h"
-+#include <openssl/fips_rand.h>
-+#include "fips_locl.h"
-+#include "fips_rand_lcl.h"
-+
-+/* Support framework for SP800-90 DRBGs */
-+
-+int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
-+{
-+ int rv;
-+ memset(dctx, 0, sizeof(DRBG_CTX));
-+ dctx->status = DRBG_STATUS_UNINITIALISED;
-+ dctx->xflags = flags;
-+ dctx->type = type;
-+
-+ dctx->iflags = 0;
-+ dctx->entropy_blocklen = 0;
-+ dctx->health_check_cnt = 0;
-+ dctx->health_check_interval = DRBG_HEALTH_INTERVAL;
-+
-+ rv = fips_drbg_hash_init(dctx);
-+
-+ if (rv == -2)
-+ rv = fips_drbg_ctr_init(dctx);
-+ if (rv == -2)
-+ rv = fips_drbg_hmac_init(dctx);
-+
-+ if (rv <= 0) {
-+ if (rv == -2)
-+ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_UNSUPPORTED_DRBG_TYPE);
-+ else
-+ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_ERROR_INITIALISING_DRBG);
-+ }
-+
-+ /* If not in test mode run selftests on DRBG of the same type */
-+
-+ if (!(dctx->xflags & DRBG_FLAG_TEST)) {
-+ if (!FIPS_drbg_health_check(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE);
-+ return 0;
-+ }
-+ }
-+
-+ return rv;
-+}
-+
-+DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags)
-+{
-+ DRBG_CTX *dctx;
-+ dctx = OPENSSL_malloc(sizeof(DRBG_CTX));
-+ if (!dctx) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_NEW, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
-+
-+ if (type == 0) {
-+ memset(dctx, 0, sizeof(DRBG_CTX));
-+ dctx->type = 0;
-+ dctx->status = DRBG_STATUS_UNINITIALISED;
-+ return dctx;
-+ }
-+
-+ if (FIPS_drbg_init(dctx, type, flags) <= 0) {
-+ OPENSSL_free(dctx);
-+ return NULL;
-+ }
-+
-+ return dctx;
-+}
-+
-+void FIPS_drbg_free(DRBG_CTX *dctx)
-+{
-+ if (dctx->uninstantiate)
-+ dctx->uninstantiate(dctx);
-+ /* Don't free up default DRBG */
-+ if (dctx == FIPS_get_default_drbg()) {
-+ memset(dctx, 0, sizeof(DRBG_CTX));
-+ dctx->type = 0;
-+ dctx->status = DRBG_STATUS_UNINITIALISED;
-+ } else {
-+ OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
-+ OPENSSL_free(dctx);
-+ }
-+}
-+
-+static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
-+ int entropy, size_t min_len, size_t max_len)
-+{
-+ unsigned char *tout, *p;
-+ size_t bl = dctx->entropy_blocklen, rv;
-+ if (!dctx->get_entropy)
-+ return 0;
-+ if (dctx->xflags & DRBG_FLAG_TEST || !bl)
-+ return dctx->get_entropy(dctx, pout, entropy, min_len, max_len);
-+ rv = dctx->get_entropy(dctx, &tout, entropy + bl,
-+ min_len + bl, max_len + bl);
-+ if (tout == NULL)
-+ return 0;
-+ *pout = tout + bl;
-+ if (rv < (min_len + bl) || (rv % bl))
-+ return 0;
-+ /* Compare consecutive blocks for continuous PRNG test */
-+ for (p = tout; p < tout + rv - bl; p += bl) {
-+ if (!memcmp(p, p + bl, bl)) {
-+ FIPSerr(FIPS_F_FIPS_GET_ENTROPY, FIPS_R_ENTROPY_SOURCE_STUCK);
-+ return 0;
-+ }
-+ }
-+ rv -= bl;
-+ if (rv > max_len)
-+ return max_len;
-+ return rv;
-+}
-+
-+static void fips_cleanup_entropy(DRBG_CTX *dctx,
-+ unsigned char *out, size_t olen)
-+{
-+ size_t bl;
-+ if (dctx->xflags & DRBG_FLAG_TEST)
-+ bl = 0;
-+ else
-+ bl = dctx->entropy_blocklen;
-+ /* Call cleanup with original arguments */
-+ dctx->cleanup_entropy(dctx, out - bl, olen + bl);
-+}
-+
-+int FIPS_drbg_instantiate(DRBG_CTX *dctx,
-+ const unsigned char *pers, size_t perslen)
-+{
-+ size_t entlen = 0, noncelen = 0;
-+ unsigned char *nonce = NULL, *entropy = NULL;
-+
-+#if 0
-+ /* Put here so error script picks them up */
-+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE,
-+ FIPS_R_PERSONALISATION_STRING_TOO_LONG);
-+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_IN_ERROR_STATE);
-+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ALREADY_INSTANTIATED);
-+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY);
-+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE);
-+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR);
-+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED);
-+#endif
-+
-+ int r = 0;
-+
-+ if (perslen > dctx->max_pers) {
-+ r = FIPS_R_PERSONALISATION_STRING_TOO_LONG;
-+ goto end;
-+ }
-+
-+ if (!dctx->instantiate) {
-+ r = FIPS_R_DRBG_NOT_INITIALISED;
-+ goto end;
-+ }
-+
-+ if (dctx->status != DRBG_STATUS_UNINITIALISED) {
-+ if (dctx->status == DRBG_STATUS_ERROR)
-+ r = FIPS_R_IN_ERROR_STATE;
-+ else
-+ r = FIPS_R_ALREADY_INSTANTIATED;
-+ goto end;
-+ }
-+
-+ dctx->status = DRBG_STATUS_ERROR;
-+
-+ entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
-+ dctx->min_entropy, dctx->max_entropy);
-+
-+ if (entlen < dctx->min_entropy || entlen > dctx->max_entropy) {
-+ r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
-+ goto end;
-+ }
-+
-+ if (dctx->max_nonce > 0 && dctx->get_nonce) {
-+ noncelen = dctx->get_nonce(dctx, &nonce,
-+ dctx->strength / 2,
-+ dctx->min_nonce, dctx->max_nonce);
-+
-+ if (noncelen < dctx->min_nonce || noncelen > dctx->max_nonce) {
-+ r = FIPS_R_ERROR_RETRIEVING_NONCE;
-+ goto end;
-+ }
-+
-+ }
-+
-+ if (!dctx->instantiate(dctx,
-+ entropy, entlen, nonce, noncelen, pers, perslen)) {
-+ r = FIPS_R_ERROR_INSTANTIATING_DRBG;
-+ goto end;
-+ }
-+
-+ dctx->status = DRBG_STATUS_READY;
-+ if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
-+ dctx->reseed_counter = 1;
-+
-+ end:
-+
-+ if (entropy && dctx->cleanup_entropy)
-+ fips_cleanup_entropy(dctx, entropy, entlen);
-+
-+ if (nonce && dctx->cleanup_nonce)
-+ dctx->cleanup_nonce(dctx, nonce, noncelen);
-+
-+ if (dctx->status == DRBG_STATUS_READY)
-+ return 1;
-+
-+ if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
-+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, r);
-+
-+ return 0;
-+
-+}
-+
-+static int drbg_reseed(DRBG_CTX *dctx,
-+ const unsigned char *adin, size_t adinlen, int hcheck)
-+{
-+ unsigned char *entropy = NULL;
-+ size_t entlen = 0;
-+ int r = 0;
-+
-+#if 0
-+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_NOT_INSTANTIATED);
-+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
-+#endif
-+ if (dctx->status != DRBG_STATUS_READY
-+ && dctx->status != DRBG_STATUS_RESEED) {
-+ if (dctx->status == DRBG_STATUS_ERROR)
-+ r = FIPS_R_IN_ERROR_STATE;
-+ else if (dctx->status == DRBG_STATUS_UNINITIALISED)
-+ r = FIPS_R_NOT_INSTANTIATED;
-+ goto end;
-+ }
-+
-+ if (!adin)
-+ adinlen = 0;
-+ else if (adinlen > dctx->max_adin) {
-+ r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
-+ goto end;
-+ }
-+
-+ dctx->status = DRBG_STATUS_ERROR;
-+ /* Peform health check on all reseed operations if not a prediction
-+ * resistance request and not in test mode.
-+ */
-+ if (hcheck && !(dctx->xflags & DRBG_FLAG_TEST)) {
-+ if (!FIPS_drbg_health_check(dctx)) {
-+ r = FIPS_R_SELFTEST_FAILURE;
-+ goto end;
-+ }
-+ }
-+
-+ entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
-+ dctx->min_entropy, dctx->max_entropy);
-+
-+ if (entlen < dctx->min_entropy || entlen > dctx->max_entropy) {
-+ r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
-+ goto end;
-+ }
-+
-+ if (!dctx->reseed(dctx, entropy, entlen, adin, adinlen))
-+ goto end;
-+
-+ dctx->status = DRBG_STATUS_READY;
-+ if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
-+ dctx->reseed_counter = 1;
-+ end:
-+
-+ if (entropy && dctx->cleanup_entropy)
-+ fips_cleanup_entropy(dctx, entropy, entlen);
-+
-+ if (dctx->status == DRBG_STATUS_READY)
-+ return 1;
-+
-+ if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
-+ FIPSerr(FIPS_F_DRBG_RESEED, r);
-+
-+ return 0;
-+}
-+
-+int FIPS_drbg_reseed(DRBG_CTX *dctx,
-+ const unsigned char *adin, size_t adinlen)
-+{
-+ return drbg_reseed(dctx, adin, adinlen, 1);
-+}
-+
-+static int fips_drbg_check(DRBG_CTX *dctx)
-+{
-+ if (dctx->xflags & DRBG_FLAG_TEST)
-+ return 1;
-+ dctx->health_check_cnt++;
-+ if (dctx->health_check_cnt >= dctx->health_check_interval) {
-+ if (!FIPS_drbg_health_check(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE);
-+ return 0;
-+ }
-+ }
-+ return 1;
-+}
-+
-+int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
-+ int prediction_resistance,
-+ const unsigned char *adin, size_t adinlen)
-+{
-+ int r = 0;
-+
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ }
-+
-+ if (!fips_drbg_check(dctx))
-+ return 0;
-+
-+ if (dctx->status != DRBG_STATUS_READY
-+ && dctx->status != DRBG_STATUS_RESEED) {
-+ if (dctx->status == DRBG_STATUS_ERROR)
-+ r = FIPS_R_IN_ERROR_STATE;
-+ else if (dctx->status == DRBG_STATUS_UNINITIALISED)
-+ r = FIPS_R_NOT_INSTANTIATED;
-+ goto end;
-+ }
-+
-+ if (outlen > dctx->max_request) {
-+ r = FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG;
-+ return 0;
-+ }
-+
-+ if (adinlen > dctx->max_adin) {
-+ r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
-+ goto end;
-+ }
-+
-+ if (dctx->iflags & DRBG_CUSTOM_RESEED)
-+ dctx->generate(dctx, NULL, outlen, NULL, 0);
-+ else if (dctx->reseed_counter >= dctx->reseed_interval)
-+ dctx->status = DRBG_STATUS_RESEED;
-+
-+ if (dctx->status == DRBG_STATUS_RESEED || prediction_resistance) {
-+ /* If prediction resistance request don't do health check */
-+ int hcheck = prediction_resistance ? 0 : 1;
-+
-+ if (!drbg_reseed(dctx, adin, adinlen, hcheck)) {
-+ r = FIPS_R_RESEED_ERROR;
-+ goto end;
-+ }
-+ adin = NULL;
-+ adinlen = 0;
-+ }
-+
-+ if (!dctx->generate(dctx, out, outlen, adin, adinlen)) {
-+ r = FIPS_R_GENERATE_ERROR;
-+ dctx->status = DRBG_STATUS_ERROR;
-+ goto end;
-+ }
-+ if (!(dctx->iflags & DRBG_CUSTOM_RESEED)) {
-+ if (dctx->reseed_counter >= dctx->reseed_interval)
-+ dctx->status = DRBG_STATUS_RESEED;
-+ else
-+ dctx->reseed_counter++;
-+ }
-+
-+ end:
-+ if (r) {
-+ if (!(dctx->iflags & DRBG_FLAG_NOERR))
-+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, r);
-+ return 0;
-+ }
-+
-+ return 1;
-+}
-+
-+int FIPS_drbg_uninstantiate(DRBG_CTX *dctx)
-+{
-+ int rv;
-+ if (!dctx->uninstantiate)
-+ rv = 1;
-+ else
-+ rv = dctx->uninstantiate(dctx);
-+ /* Although we'd like to cleanse here we can't because we have to
-+ * test the uninstantiate really zeroes the data.
-+ */
-+ memset(&dctx->d, 0, sizeof(dctx->d));
-+ dctx->status = DRBG_STATUS_UNINITIALISED;
-+ /* If method has problems uninstantiating, return error */
-+ return rv;
-+}
-+
-+int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
-+ size_t (*get_entropy) (DRBG_CTX *ctx,
-+ unsigned char **pout,
-+ int entropy,
-+ size_t min_len,
-+ size_t max_len),
-+ void (*cleanup_entropy) (DRBG_CTX *ctx,
-+ unsigned char *out,
-+ size_t olen),
-+ size_t entropy_blocklen,
-+ size_t (*get_nonce) (DRBG_CTX *ctx,
-+ unsigned char **pout,
-+ int entropy, size_t min_len,
-+ size_t max_len),
-+ void (*cleanup_nonce) (DRBG_CTX *ctx,
-+ unsigned char *out,
-+ size_t olen))
-+{
-+ if (dctx->status != DRBG_STATUS_UNINITIALISED)
-+ return 0;
-+ dctx->entropy_blocklen = entropy_blocklen;
-+ dctx->get_entropy = get_entropy;
-+ dctx->cleanup_entropy = cleanup_entropy;
-+ dctx->get_nonce = get_nonce;
-+ dctx->cleanup_nonce = cleanup_nonce;
-+ return 1;
-+}
-+
-+int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
-+ size_t (*get_adin) (DRBG_CTX *ctx,
-+ unsigned char **pout),
-+ void (*cleanup_adin) (DRBG_CTX *ctx,
-+ unsigned char *out,
-+ size_t olen),
-+ int (*rand_seed_cb) (DRBG_CTX *ctx,
-+ const void *buf,
-+ int num),
-+ int (*rand_add_cb) (DRBG_CTX *ctx,
-+ const void *buf, int num,
-+ double entropy))
-+{
-+ if (dctx->status != DRBG_STATUS_UNINITIALISED)
-+ return 0;
-+ dctx->get_adin = get_adin;
-+ dctx->cleanup_adin = cleanup_adin;
-+ dctx->rand_seed_cb = rand_seed_cb;
-+ dctx->rand_add_cb = rand_add_cb;
-+ return 1;
-+}
-+
-+void *FIPS_drbg_get_app_data(DRBG_CTX *dctx)
-+{
-+ return dctx->app_data;
-+}
-+
-+void FIPS_drbg_set_app_data(DRBG_CTX *dctx, void *app_data)
-+{
-+ dctx->app_data = app_data;
-+}
-+
-+size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx)
-+{
-+ return dctx->blocklength;
-+}
-+
-+int FIPS_drbg_get_strength(DRBG_CTX *dctx)
-+{
-+ return dctx->strength;
-+}
-+
-+void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval)
-+{
-+ dctx->health_check_interval = interval;
-+}
-+
-+void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval)
-+{
-+ dctx->reseed_interval = interval;
-+}
-+
-+void FIPS_drbg_stick(int onoff)
-+{
-+ /* Just backwards compatibility API call with no effect. */
-+}
-diff -up openssl-1.1.1b/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_rand.c
---- openssl-1.1.1b/crypto/fips/fips_drbg_rand.c.fips 2019-02-28 11:30:06.812745558 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_drbg_rand.c 2019-02-28 11:30:06.812745558 +0100
-@@ -0,0 +1,185 @@
-+/* fips/rand/fips_drbg_rand.c */
-+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
-+ * project.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing@OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ */
-+
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include "internal/thread_once.h"
-+#include <openssl/err.h>
-+#include <openssl/rand.h>
-+#include <openssl/fips.h>
-+#include <openssl/fips_rand.h>
-+#include "fips_rand_lcl.h"
-+
-+/* Mapping of SP800-90 DRBGs to OpenSSL RAND_METHOD */
-+
-+/* Since we only have one global PRNG used at any time in OpenSSL use a global
-+ * variable to store context.
-+ */
-+
-+static DRBG_CTX ossl_dctx;
-+
-+static CRYPTO_RWLOCK *fips_rand_lock = NULL;
-+static CRYPTO_ONCE fips_rand_lock_init = CRYPTO_ONCE_STATIC_INIT;
-+
-+DEFINE_RUN_ONCE_STATIC(do_fips_rand_lock_init)
-+{
-+ fips_rand_lock = CRYPTO_THREAD_lock_new();
-+ return fips_rand_lock != NULL;
-+}
-+
-+DRBG_CTX *FIPS_get_default_drbg(void)
-+{
-+ if (!RUN_ONCE(&fips_rand_lock_init, do_fips_rand_lock_init))
-+ return NULL;
-+ return &ossl_dctx;
-+}
-+
-+static int fips_drbg_bytes(unsigned char *out, int count)
-+{
-+ DRBG_CTX *dctx = &ossl_dctx;
-+ int rv = 0;
-+ unsigned char *adin = NULL;
-+ size_t adinlen = 0;
-+ CRYPTO_THREAD_write_lock(fips_rand_lock);
-+ do {
-+ size_t rcnt;
-+ if (count > (int)dctx->max_request)
-+ rcnt = dctx->max_request;
-+ else
-+ rcnt = count;
-+ if (dctx->get_adin) {
-+ adinlen = dctx->get_adin(dctx, &adin);
-+ if (adinlen && !adin) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_BYTES,
-+ FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT);
-+ goto err;
-+ }
-+ }
-+ rv = FIPS_drbg_generate(dctx, out, rcnt, 0, adin, adinlen);
-+ if (adin) {
-+ if (dctx->cleanup_adin)
-+ dctx->cleanup_adin(dctx, adin, adinlen);
-+ adin = NULL;
-+ }
-+ if (!rv)
-+ goto err;
-+ out += rcnt;
-+ count -= rcnt;
-+ }
-+ while (count);
-+ rv = 1;
-+ err:
-+ CRYPTO_THREAD_unlock(fips_rand_lock);
-+ return rv;
-+}
-+
-+static int fips_drbg_pseudo(unsigned char *out, int count)
-+{
-+ if (fips_drbg_bytes(out, count) <= 0)
-+ return -1;
-+ return 1;
-+}
-+
-+static int fips_drbg_status(void)
-+{
-+ DRBG_CTX *dctx = &ossl_dctx;
-+ int rv;
-+ CRYPTO_THREAD_read_lock(fips_rand_lock);
-+ rv = dctx->status == DRBG_STATUS_READY ? 1 : 0;
-+ CRYPTO_THREAD_unlock(fips_rand_lock);
-+ return rv;
-+}
-+
-+static void fips_drbg_cleanup(void)
-+{
-+ DRBG_CTX *dctx = &ossl_dctx;
-+ CRYPTO_THREAD_write_lock(fips_rand_lock);
-+ FIPS_drbg_uninstantiate(dctx);
-+ CRYPTO_THREAD_unlock(fips_rand_lock);
-+}
-+
-+static int fips_drbg_seed(const void *seed, int seedlen)
-+{
-+ DRBG_CTX *dctx = &ossl_dctx;
-+ int ret = 1;
-+ CRYPTO_THREAD_write_lock(fips_rand_lock);
-+ if (dctx->rand_seed_cb)
-+ ret = dctx->rand_seed_cb(dctx, seed, seedlen);
-+ CRYPTO_THREAD_unlock(fips_rand_lock);
-+ return ret;
-+}
-+
-+static int fips_drbg_add(const void *seed, int seedlen, double add_entropy)
-+{
-+ DRBG_CTX *dctx = &ossl_dctx;
-+ int ret = 1;
-+ CRYPTO_THREAD_write_lock(fips_rand_lock);
-+ if (dctx->rand_add_cb)
-+ ret = dctx->rand_add_cb(dctx, seed, seedlen, add_entropy);
-+ CRYPTO_THREAD_unlock(fips_rand_lock);
-+ return ret;
-+}
-+
-+static const RAND_METHOD rand_drbg_meth = {
-+ fips_drbg_seed,
-+ fips_drbg_bytes,
-+ fips_drbg_cleanup,
-+ fips_drbg_add,
-+ fips_drbg_pseudo,
-+ fips_drbg_status
-+};
-+
-+const RAND_METHOD *FIPS_drbg_method(void)
-+{
-+ return &rand_drbg_meth;
-+}
-diff -up openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c
---- openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c.fips 2019-02-28 11:30:06.812745558 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c 2019-02-28 11:30:06.812745558 +0100
-@@ -0,0 +1,828 @@
-+/* fips/rand/fips_drbg_selftest.c */
-+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
-+ * project.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing@OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ */
-+
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/err.h>
-+#include <openssl/fips.h>
-+#include <openssl/fips_rand.h>
-+#include "fips_rand_lcl.h"
-+#include "fips_locl.h"
-+
-+#include "fips_drbg_selftest.h"
-+
-+typedef struct {
-+ int post;
-+ int nid;
-+ unsigned int flags;
-+
-+ /* KAT data for no PR */
-+ const unsigned char *ent;
-+ size_t entlen;
-+ const unsigned char *nonce;
-+ size_t noncelen;
-+ const unsigned char *pers;
-+ size_t perslen;
-+ const unsigned char *adin;
-+ size_t adinlen;
-+ const unsigned char *entreseed;
-+ size_t entreseedlen;
-+ const unsigned char *adinreseed;
-+ size_t adinreseedlen;
-+ const unsigned char *adin2;
-+ size_t adin2len;
-+ const unsigned char *kat;
-+ size_t katlen;
-+ const unsigned char *kat2;
-+ size_t kat2len;
-+
-+ /* KAT data for PR */
-+ const unsigned char *ent_pr;
-+ size_t entlen_pr;
-+ const unsigned char *nonce_pr;
-+ size_t noncelen_pr;
-+ const unsigned char *pers_pr;
-+ size_t perslen_pr;
-+ const unsigned char *adin_pr;
-+ size_t adinlen_pr;
-+ const unsigned char *entpr_pr;
-+ size_t entprlen_pr;
-+ const unsigned char *ading_pr;
-+ size_t adinglen_pr;
-+ const unsigned char *entg_pr;
-+ size_t entglen_pr;
-+ const unsigned char *kat_pr;
-+ size_t katlen_pr;
-+ const unsigned char *kat2_pr;
-+ size_t kat2len_pr;
-+
-+} DRBG_SELFTEST_DATA;
-+
-+#define make_drbg_test_data(nid, flag, pr, p) {p, nid, flag | DRBG_FLAG_TEST, \
-+ pr##_entropyinput, sizeof(pr##_entropyinput), \
-+ pr##_nonce, sizeof(pr##_nonce), \
-+ pr##_personalizationstring, sizeof(pr##_personalizationstring), \
-+ pr##_additionalinput, sizeof(pr##_additionalinput), \
-+ pr##_entropyinputreseed, sizeof(pr##_entropyinputreseed), \
-+ pr##_additionalinputreseed, sizeof(pr##_additionalinputreseed), \
-+ pr##_additionalinput2, sizeof(pr##_additionalinput2), \
-+ pr##_int_returnedbits, sizeof(pr##_int_returnedbits), \
-+ pr##_returnedbits, sizeof(pr##_returnedbits), \
-+ pr##_pr_entropyinput, sizeof(pr##_pr_entropyinput), \
-+ pr##_pr_nonce, sizeof(pr##_pr_nonce), \
-+ pr##_pr_personalizationstring, sizeof(pr##_pr_personalizationstring), \
-+ pr##_pr_additionalinput, sizeof(pr##_pr_additionalinput), \
-+ pr##_pr_entropyinputpr, sizeof(pr##_pr_entropyinputpr), \
-+ pr##_pr_additionalinput2, sizeof(pr##_pr_additionalinput2), \
-+ pr##_pr_entropyinputpr2, sizeof(pr##_pr_entropyinputpr2), \
-+ pr##_pr_int_returnedbits, sizeof(pr##_pr_int_returnedbits), \
-+ pr##_pr_returnedbits, sizeof(pr##_pr_returnedbits), \
-+ }
-+
-+#define make_drbg_test_data_df(nid, pr, p) \
-+ make_drbg_test_data(nid, DRBG_FLAG_CTR_USE_DF, pr, p)
-+
-+#define make_drbg_test_data_ec(curve, md, pr, p) \
-+ make_drbg_test_data((curve << 16) | md , 0, pr, p)
-+
-+static DRBG_SELFTEST_DATA drbg_test[] = {
-+ make_drbg_test_data_df(NID_aes_128_ctr, aes_128_use_df, 0),
-+ make_drbg_test_data_df(NID_aes_192_ctr, aes_192_use_df, 0),
-+ make_drbg_test_data_df(NID_aes_256_ctr, aes_256_use_df, 1),
-+ make_drbg_test_data(NID_aes_128_ctr, 0, aes_128_no_df, 0),
-+ make_drbg_test_data(NID_aes_192_ctr, 0, aes_192_no_df, 0),
-+ make_drbg_test_data(NID_aes_256_ctr, 0, aes_256_no_df, 1),
-+ make_drbg_test_data(NID_sha1, 0, sha1, 0),
-+ make_drbg_test_data(NID_sha224, 0, sha224, 0),
-+ make_drbg_test_data(NID_sha256, 0, sha256, 1),
-+ make_drbg_test_data(NID_sha384, 0, sha384, 0),
-+ make_drbg_test_data(NID_sha512, 0, sha512, 0),
-+ make_drbg_test_data(NID_hmacWithSHA1, 0, hmac_sha1, 0),
-+ make_drbg_test_data(NID_hmacWithSHA224, 0, hmac_sha224, 0),
-+ make_drbg_test_data(NID_hmacWithSHA256, 0, hmac_sha256, 1),
-+ make_drbg_test_data(NID_hmacWithSHA384, 0, hmac_sha384, 0),
-+ make_drbg_test_data(NID_hmacWithSHA512, 0, hmac_sha512, 0),
-+ {0, 0, 0}
-+};
-+
-+typedef struct {
-+ const unsigned char *ent;
-+ size_t entlen;
-+ int entcnt;
-+ const unsigned char *nonce;
-+ size_t noncelen;
-+ int noncecnt;
-+} TEST_ENT;
-+
-+static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
-+ int entropy, size_t min_len, size_t max_len)
-+{
-+ TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
-+ *pout = (unsigned char *)t->ent;
-+ t->entcnt++;
-+ return t->entlen;
-+}
-+
-+static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
-+ int entropy, size_t min_len, size_t max_len)
-+{
-+ TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
-+ *pout = (unsigned char *)t->nonce;
-+ t->noncecnt++;
-+ return t->noncelen;
-+}
-+
-+static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td,
-+ int quick)
-+{
-+ TEST_ENT t;
-+ int rv = 0;
-+ size_t adinlen;
-+ unsigned char randout[1024];
-+
-+ /* Initial test without PR */
-+
-+ /* Instantiate DRBG with test entropy, nonce and personalisation
-+ * string.
-+ */
-+
-+ if (!FIPS_drbg_init(dctx, td->nid, td->flags))
-+ return 0;
-+ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
-+ return 0;
-+
-+ FIPS_drbg_set_app_data(dctx, &t);
-+
-+ t.ent = td->ent;
-+ t.entlen = td->entlen;
-+ t.nonce = td->nonce;
-+ t.noncelen = td->noncelen;
-+ t.entcnt = 0;
-+ t.noncecnt = 0;
-+
-+ if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
-+ goto err;
-+
-+ /* Note for CTR without DF some additional input values
-+ * ignore bytes after the keylength: so reduce adinlen
-+ * to half to ensure invalid data is fed in.
-+ */
-+ if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
-+ adinlen = td->adinlen / 2;
-+ else
-+ adinlen = td->adinlen;
-+
-+ /* Generate with no PR and verify output matches expected data */
-+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, td->adin, adinlen))
-+ goto err;
-+
-+ if (memcmp(randout, td->kat, td->katlen)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST1_FAILURE);
-+ goto err2;
-+ }
-+ /* If abbreviated POST end of test */
-+ if (quick) {
-+ rv = 1;
-+ goto err;
-+ }
-+ /* Reseed DRBG with test entropy and additional input */
-+ t.ent = td->entreseed;
-+ t.entlen = td->entreseedlen;
-+
-+ if (!FIPS_drbg_reseed(dctx, td->adinreseed, td->adinreseedlen))
-+ goto err;
-+
-+ /* Generate with no PR and verify output matches expected data */
-+ if (!FIPS_drbg_generate(dctx, randout, td->kat2len, 0,
-+ td->adin2, td->adin2len))
-+ goto err;
-+
-+ if (memcmp(randout, td->kat2, td->kat2len)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST2_FAILURE);
-+ goto err2;
-+ }
-+
-+ FIPS_drbg_uninstantiate(dctx);
-+
-+ /* Now test with PR */
-+
-+ /* Instantiate DRBG with test entropy, nonce and personalisation
-+ * string.
-+ */
-+ if (!FIPS_drbg_init(dctx, td->nid, td->flags))
-+ return 0;
-+ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
-+ return 0;
-+
-+ FIPS_drbg_set_app_data(dctx, &t);
-+
-+ t.ent = td->ent_pr;
-+ t.entlen = td->entlen_pr;
-+ t.nonce = td->nonce_pr;
-+ t.noncelen = td->noncelen_pr;
-+ t.entcnt = 0;
-+ t.noncecnt = 0;
-+
-+ if (!FIPS_drbg_instantiate(dctx, td->pers_pr, td->perslen_pr))
-+ goto err;
-+
-+ /* Now generate with PR: we need to supply entropy as this will
-+ * perform a reseed operation. Check output matches expected value.
-+ */
-+
-+ t.ent = td->entpr_pr;
-+ t.entlen = td->entprlen_pr;
-+
-+ /* Note for CTR without DF some additional input values
-+ * ignore bytes after the keylength: so reduce adinlen
-+ * to half to ensure invalid data is fed in.
-+ */
-+ if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
-+ adinlen = td->adinlen_pr / 2;
-+ else
-+ adinlen = td->adinlen_pr;
-+ if (!FIPS_drbg_generate(dctx, randout, td->katlen_pr, 1,
-+ td->adin_pr, adinlen))
-+ goto err;
-+
-+ if (memcmp(randout, td->kat_pr, td->katlen_pr)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST1_FAILURE);
-+ goto err2;
-+ }
-+
-+ /* Now generate again with PR: supply new entropy again.
-+ * Check output matches expected value.
-+ */
-+
-+ t.ent = td->entg_pr;
-+ t.entlen = td->entglen_pr;
-+
-+ if (!FIPS_drbg_generate(dctx, randout, td->kat2len_pr, 1,
-+ td->ading_pr, td->adinglen_pr))
-+ goto err;
-+
-+ if (memcmp(randout, td->kat2_pr, td->kat2len_pr)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST2_FAILURE);
-+ goto err2;
-+ }
-+ /* All OK, test complete */
-+ rv = 1;
-+
-+ err:
-+ if (rv == 0)
-+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_SELFTEST_FAILED);
-+ err2:
-+ FIPS_drbg_uninstantiate(dctx);
-+
-+ return rv;
-+
-+}
-+
-+/* Initialise a DRBG based on selftest data */
-+
-+static int do_drbg_init(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td, TEST_ENT * t)
-+{
-+
-+ if (!FIPS_drbg_init(dctx, td->nid, td->flags))
-+ return 0;
-+
-+ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
-+ return 0;
-+
-+ FIPS_drbg_set_app_data(dctx, t);
-+
-+ t->ent = td->ent;
-+ t->entlen = td->entlen;
-+ t->nonce = td->nonce;
-+ t->noncelen = td->noncelen;
-+ t->entcnt = 0;
-+ t->noncecnt = 0;
-+ return 1;
-+}
-+
-+/* Initialise and instantiate DRBG based on selftest data */
-+static int do_drbg_instantiate(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td,
-+ TEST_ENT * t)
-+{
-+ if (!do_drbg_init(dctx, td, t))
-+ return 0;
-+ if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
-+ return 0;
-+
-+ return 1;
-+}
-+
-+/* This function performs extensive error checking as required by SP800-90.
-+ * Induce several failure modes and check an error condition is set.
-+ * This function along with fips_drbg_single_kat peforms the health checking
-+ * operation.
-+ */
-+
-+static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td)
-+{
-+ unsigned char randout[1024];
-+ TEST_ENT t;
-+ size_t i;
-+ unsigned int reseed_counter_tmp;
-+ unsigned char *p = (unsigned char *)dctx;
-+
-+ /* Initialise DRBG */
-+
-+ if (!do_drbg_init(dctx, td, &t))
-+ goto err;
-+
-+ /* Don't report induced errors */
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ /* Personalisation string tests */
-+
-+ /* Test detection of too large personlisation string */
-+
-+ if (FIPS_drbg_instantiate(dctx, td->pers, dctx->max_pers + 1) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_PERSONALISATION_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ /* Entropy source tests */
-+
-+ /* Test entropy source failure detecion: i.e. returns no data */
-+
-+ t.entlen = 0;
-+
-+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ /* Try to generate output from uninstantiated DRBG */
-+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
-+ td->adin, td->adinlen)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_GENERATE_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ if (!do_drbg_init(dctx, td, &t))
-+ goto err;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ /* Test insufficient entropy */
-+
-+ t.entlen = dctx->min_entropy - 1;
-+
-+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ /* Test too much entropy */
-+
-+ if (!do_drbg_init(dctx, td, &t))
-+ goto err;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ t.entlen = dctx->max_entropy + 1;
-+
-+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ /* Nonce tests */
-+
-+ /* Test too small nonce */
-+
-+ if (dctx->min_nonce) {
-+
-+ if (!do_drbg_init(dctx, td, &t))
-+ goto err;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ t.noncelen = dctx->min_nonce - 1;
-+
-+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_NONCE_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ }
-+
-+ /* Test too large nonce */
-+
-+ if (dctx->max_nonce) {
-+
-+ if (!do_drbg_init(dctx, td, &t))
-+ goto err;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ t.noncelen = dctx->max_nonce + 1;
-+
-+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_NONCE_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ }
-+
-+ /* Instantiate with valid data. */
-+ if (!do_drbg_instantiate(dctx, td, &t))
-+ goto err;
-+
-+ /* Check generation is now OK */
-+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
-+ td->adin, td->adinlen))
-+ goto err;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ /* Request too much data for one request */
-+ if (FIPS_drbg_generate(dctx, randout, dctx->max_request + 1, 0,
-+ td->adin, td->adinlen)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ /* Try too large additional input */
-+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
-+ td->adin, dctx->max_adin + 1)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ /* Check prediction resistance request fails if entropy source
-+ * failure.
-+ */
-+
-+ t.entlen = 0;
-+
-+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
-+ td->adin, td->adinlen)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ /* Instantiate again with valid data */
-+
-+ if (!do_drbg_instantiate(dctx, td, &t))
-+ goto err;
-+ /* Test reseed counter works */
-+ /* Save initial reseed counter */
-+ reseed_counter_tmp = dctx->reseed_counter;
-+ /* Set reseed counter to beyond interval */
-+ dctx->reseed_counter = dctx->reseed_interval;
-+
-+ /* Generate output and check entropy has been requested for reseed */
-+ t.entcnt = 0;
-+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
-+ td->adin, td->adinlen))
-+ goto err;
-+ if (t.entcnt != 1) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
-+ goto err;
-+ }
-+ /* Check reseed counter has been reset */
-+ if (dctx->reseed_counter != reseed_counter_tmp + 1) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ /* Check prediction resistance request fails if entropy source
-+ * failure.
-+ */
-+
-+ t.entlen = 0;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
-+ td->adin, td->adinlen)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ if (!do_drbg_instantiate(dctx, td, &t))
-+ goto err;
-+ /* Test reseed counter works */
-+ /* Save initial reseed counter */
-+ reseed_counter_tmp = dctx->reseed_counter;
-+ /* Set reseed counter to beyond interval */
-+ dctx->reseed_counter = dctx->reseed_interval;
-+
-+ /* Generate output and check entropy has been requested for reseed */
-+ t.entcnt = 0;
-+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
-+ td->adin, td->adinlen))
-+ goto err;
-+ if (t.entcnt != 1) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
-+ goto err;
-+ }
-+ /* Check reseed counter has been reset */
-+ if (dctx->reseed_counter != reseed_counter_tmp + 1) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ /* Explicit reseed tests */
-+
-+ /* Test explicit reseed with too large additional input */
-+ if (!do_drbg_init(dctx, td, &t))
-+ goto err;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ /* Test explicit reseed with entropy source failure */
-+
-+ t.entlen = 0;
-+
-+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ /* Test explicit reseed with too much entropy */
-+
-+ if (!do_drbg_init(dctx, td, &t))
-+ goto err;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ t.entlen = dctx->max_entropy + 1;
-+
-+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ /* Test explicit reseed with too little entropy */
-+
-+ if (!do_drbg_init(dctx, td, &t))
-+ goto err;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ t.entlen = dctx->min_entropy - 1;
-+
-+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ p = (unsigned char *)&dctx->d;
-+ /* Standard says we have to check uninstantiate really zeroes
-+ * the data...
-+ */
-+ for (i = 0; i < sizeof(dctx->d); i++) {
-+ if (*p != 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_UNINSTANTIATE_ZEROISE_ERROR);
-+ goto err;
-+ }
-+ p++;
-+ }
-+
-+ return 1;
-+
-+ err:
-+ /* A real error as opposed to an induced one: underlying function will
-+ * indicate the error.
-+ */
-+ if (!(dctx->iflags & DRBG_FLAG_NOERR))
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_FUNCTION_ERROR);
-+ FIPS_drbg_uninstantiate(dctx);
-+ return 0;
-+
-+}
-+
-+int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags)
-+{
-+ DRBG_SELFTEST_DATA *td;
-+ flags |= DRBG_FLAG_TEST;
-+ for (td = drbg_test; td->nid != 0; td++) {
-+ if (td->nid == nid && td->flags == flags) {
-+ if (!fips_drbg_single_kat(dctx, td, 0))
-+ return 0;
-+ return fips_drbg_error_check(dctx, td);
-+ }
-+ }
-+ return 0;
-+}
-+
-+int FIPS_drbg_health_check(DRBG_CTX *dctx)
-+{
-+ int rv;
-+ DRBG_CTX *tctx = NULL;
-+ tctx = FIPS_drbg_new(0, 0);
-+ fips_post_started(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
-+ if (!tctx)
-+ return 0;
-+ rv = fips_drbg_kat(tctx, dctx->type, dctx->xflags);
-+ if (tctx)
-+ FIPS_drbg_free(tctx);
-+ if (rv)
-+ fips_post_success(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
-+ else
-+ fips_post_failed(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
-+ if (!rv)
-+ dctx->status = DRBG_STATUS_ERROR;
-+ else
-+ dctx->health_check_cnt = 0;
-+ return rv;
-+}
-+
-+int FIPS_selftest_drbg(void)
-+{
-+ DRBG_CTX *dctx;
-+ DRBG_SELFTEST_DATA *td;
-+ int rv = 1;
-+ dctx = FIPS_drbg_new(0, 0);
-+ if (!dctx)
-+ return 0;
-+ for (td = drbg_test; td->nid != 0; td++) {
-+ if (td->post != 1)
-+ continue;
-+ if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
-+ return 1;
-+ if (!fips_drbg_single_kat(dctx, td, 1)) {
-+ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
-+ rv = 0;
-+ continue;
-+ }
-+ if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
-+ return 0;
-+ }
-+ FIPS_drbg_free(dctx);
-+ return rv;
-+}
-+
-+int FIPS_selftest_drbg_all(void)
-+{
-+ DRBG_CTX *dctx;
-+ DRBG_SELFTEST_DATA *td;
-+ int rv = 1;
-+ dctx = FIPS_drbg_new(0, 0);
-+ if (!dctx)
-+ return 0;
-+ for (td = drbg_test; td->nid != 0; td++) {
-+ if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
-+ return 1;
-+ if (!fips_drbg_single_kat(dctx, td, 0)) {
-+ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
-+ rv = 0;
-+ continue;
-+ }
-+ if (!fips_drbg_error_check(dctx, td)) {
-+ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
-+ rv = 0;
-+ continue;
-+ }
-+ if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
-+ return 0;
-+ }
-+ FIPS_drbg_free(dctx);
-+ return rv;
-+}
-diff -up openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h
---- openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h.fips 2019-02-28 11:30:06.813745540 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h 2019-02-28 11:30:06.813745540 +0100
-@@ -0,0 +1,1791 @@
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+/* Selftest and health check data for the SP800-90 DRBG */
-+
-+#define __fips_constseg
-+
-+/* AES-128 use df PR */
-+__fips_constseg static const unsigned char aes_128_use_df_pr_entropyinput[] = {
-+ 0x61, 0x52, 0x7c, 0xe3, 0x23, 0x7d, 0x0a, 0x07, 0x10, 0x0c, 0x50, 0x33,
-+ 0xc8, 0xdb, 0xff, 0x12
-+};
-+
-+__fips_constseg static const unsigned char aes_128_use_df_pr_nonce[] = {
-+ 0x51, 0x0d, 0x85, 0x77, 0xed, 0x22, 0x97, 0x28
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_pr_personalizationstring[] = {
-+ 0x59, 0x9f, 0xbb, 0xcd, 0xd5, 0x25, 0x69, 0xb5, 0xcb, 0xb5, 0x03, 0xfe,
-+ 0xd7, 0xd7, 0x01, 0x67
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_pr_additionalinput[] = {
-+ 0xef, 0x88, 0x76, 0x01, 0xaf, 0x3c, 0xfe, 0x8b, 0xaf, 0x26, 0x06, 0x9e,
-+ 0x9a, 0x47, 0x08, 0x76
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_pr_entropyinputpr[] = {
-+ 0xe2, 0x76, 0xf9, 0xf6, 0x3a, 0xba, 0x10, 0x9f, 0xbf, 0x47, 0x0e, 0x51,
-+ 0x09, 0xfb, 0xa3, 0xb6
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_pr_int_returnedbits[] = {
-+ 0xd4, 0x98, 0x8a, 0x46, 0x80, 0x4c, 0xdb, 0xa3, 0x59, 0x02, 0x57, 0x52,
-+ 0x66, 0x1c, 0xea, 0x5b
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_pr_additionalinput2[] = {
-+ 0x88, 0x8c, 0x91, 0xd6, 0xbe, 0x56, 0x6e, 0x08, 0x9a, 0x62, 0x2b, 0x11,
-+ 0x3f, 0x5e, 0x31, 0x06
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_pr_entropyinputpr2[] = {
-+ 0xc0, 0x5c, 0x6b, 0x98, 0x01, 0x0d, 0x58, 0x18, 0x51, 0x18, 0x96, 0xae,
-+ 0xa7, 0xe3, 0xa8, 0x67
-+};
-+
-+__fips_constseg static const unsigned char aes_128_use_df_pr_returnedbits[] = {
-+ 0xcf, 0x01, 0xac, 0x22, 0x31, 0x06, 0x8e, 0xfc, 0xce, 0x56, 0xea, 0x24,
-+ 0x0f, 0x38, 0x43, 0xc6
-+};
-+
-+/* AES-128 use df No PR */
-+__fips_constseg static const unsigned char aes_128_use_df_entropyinput[] = {
-+ 0x1f, 0x8e, 0x34, 0x82, 0x0c, 0xb7, 0xbe, 0xc5, 0x01, 0x3e, 0xd0, 0xa3,
-+ 0x9d, 0x7d, 0x1c, 0x9b
-+};
-+
-+__fips_constseg static const unsigned char aes_128_use_df_nonce[] = {
-+ 0xd5, 0x4d, 0xbd, 0x4a, 0x93, 0x7f, 0xb8, 0x96
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_personalizationstring[] = {
-+ 0xab, 0xd6, 0x3f, 0x04, 0xfe, 0x27, 0x6b, 0x2d, 0xd7, 0xc3, 0x1c, 0xf3,
-+ 0x38, 0x66, 0xba, 0x1b
-+};
-+
-+__fips_constseg static const unsigned char aes_128_use_df_additionalinput[] = {
-+ 0xfe, 0xf4, 0x09, 0xa8, 0xb7, 0x73, 0x27, 0x9c, 0x5f, 0xa7, 0xea, 0x46,
-+ 0xb5, 0xe2, 0xb2, 0x41
-+};
-+
-+__fips_constseg static const unsigned char aes_128_use_df_int_returnedbits[] = {
-+ 0x42, 0xe4, 0x4e, 0x7b, 0x27, 0xdd, 0xcb, 0xbc, 0x0a, 0xcf, 0xa6, 0x67,
-+ 0xe7, 0x57, 0x11, 0xb4
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_entropyinputreseed[] = {
-+ 0x14, 0x26, 0x69, 0xd9, 0xf3, 0x65, 0x03, 0xd6, 0x6b, 0xb9, 0x44, 0x0b,
-+ 0xc7, 0xc4, 0x9e, 0x39
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_additionalinputreseed[] = {
-+ 0x55, 0x2e, 0x60, 0x9a, 0x05, 0x72, 0x8a, 0xa8, 0xef, 0x22, 0x81, 0x5a,
-+ 0xc8, 0x93, 0xfa, 0x84
-+};
-+
-+__fips_constseg static const unsigned char aes_128_use_df_additionalinput2[] = {
-+ 0x3c, 0x40, 0xc8, 0xc4, 0x16, 0x0c, 0x21, 0xa4, 0x37, 0x2c, 0x8f, 0xa5,
-+ 0x06, 0x0c, 0x15, 0x2c
-+};
-+
-+__fips_constseg static const unsigned char aes_128_use_df_returnedbits[] = {
-+ 0xe1, 0x3e, 0x99, 0x98, 0x86, 0x67, 0x0b, 0x63, 0x7b, 0xbe, 0x3f, 0x88,
-+ 0x46, 0x81, 0xc7, 0x19
-+};
-+
-+/* AES-192 use df PR */
-+__fips_constseg static const unsigned char aes_192_use_df_pr_entropyinput[] = {
-+ 0x2b, 0x4e, 0x8b, 0xe1, 0xf1, 0x34, 0x80, 0x56, 0x81, 0xf9, 0x74, 0xec,
-+ 0x17, 0x44, 0x2a, 0xf1, 0x14, 0xb0, 0xbf, 0x97, 0x39, 0xb7, 0x04, 0x7d
-+};
-+
-+__fips_constseg static const unsigned char aes_192_use_df_pr_nonce[] = {
-+ 0xd6, 0x9d, 0xeb, 0x14, 0x4e, 0x6c, 0x30, 0x1e, 0x39, 0x55, 0x73, 0xd0,
-+ 0xd1, 0x80, 0x78, 0xfa
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_pr_personalizationstring[] = {
-+ 0xfc, 0x43, 0x4a, 0xf8, 0x9a, 0x55, 0xb3, 0x53, 0x83, 0xe2, 0x18, 0x16,
-+ 0x0c, 0xdc, 0xcd, 0x5e, 0x4f, 0xa0, 0x03, 0x01, 0x2b, 0x9f, 0xe4, 0xd5,
-+ 0x7d, 0x49, 0xf0, 0x41, 0x9e, 0x3d, 0x99, 0x04
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_pr_additionalinput[] = {
-+ 0x5e, 0x9f, 0x49, 0x6f, 0x21, 0x8b, 0x1d, 0x32, 0xd5, 0x84, 0x5c, 0xac,
-+ 0xaf, 0xdf, 0xe4, 0x79, 0x9e, 0xaf, 0xa9, 0x82, 0xd0, 0xf8, 0x4f, 0xcb,
-+ 0x69, 0x10, 0x0a, 0x7e, 0x81, 0x57, 0xb5, 0x36
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_pr_entropyinputpr[] = {
-+ 0xd4, 0x81, 0x0c, 0xd7, 0x66, 0x39, 0xec, 0x42, 0x53, 0x87, 0x41, 0xa5,
-+ 0x1e, 0x7d, 0x80, 0x91, 0x8e, 0xbb, 0xed, 0xac, 0x14, 0x02, 0x1a, 0xd5
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_pr_int_returnedbits[] = {
-+ 0xdf, 0x1d, 0x39, 0x45, 0x7c, 0x9b, 0xc6, 0x2b, 0x7d, 0x8c, 0x93, 0xe9,
-+ 0x19, 0x30, 0x6b, 0x67
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_pr_additionalinput2[] = {
-+ 0x00, 0x71, 0x27, 0x4e, 0xd3, 0x14, 0xf1, 0x20, 0x7f, 0x4a, 0x41, 0x32,
-+ 0x2a, 0x97, 0x11, 0x43, 0x8f, 0x4a, 0x15, 0x7b, 0x9b, 0x51, 0x79, 0xda,
-+ 0x49, 0x3d, 0xde, 0xe8, 0xbc, 0x93, 0x91, 0x99
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_pr_entropyinputpr2[] = {
-+ 0x90, 0xee, 0x76, 0xa1, 0x45, 0x8d, 0xb7, 0x40, 0xb0, 0x11, 0xbf, 0xd0,
-+ 0x65, 0xd7, 0x3c, 0x7c, 0x4f, 0x20, 0x3f, 0x4e, 0x11, 0x9d, 0xb3, 0x5e
-+};
-+
-+__fips_constseg static const unsigned char aes_192_use_df_pr_returnedbits[] = {
-+ 0x24, 0x3b, 0x20, 0xa4, 0x37, 0x66, 0xba, 0x72, 0x39, 0x3f, 0xcf, 0x3c,
-+ 0x7e, 0x1a, 0x2b, 0x83
-+};
-+
-+/* AES-192 use df No PR */
-+__fips_constseg static const unsigned char aes_192_use_df_entropyinput[] = {
-+ 0x8d, 0x74, 0xa4, 0x50, 0x1a, 0x02, 0x68, 0x0c, 0x2a, 0x69, 0xc4, 0x82,
-+ 0x3b, 0xbb, 0xda, 0x0e, 0x7f, 0x77, 0xa3, 0x17, 0x78, 0x57, 0xb2, 0x7b
-+};
-+
-+__fips_constseg static const unsigned char aes_192_use_df_nonce[] = {
-+ 0x75, 0xd5, 0x1f, 0xac, 0xa4, 0x8d, 0x42, 0x78, 0xd7, 0x69, 0x86, 0x9d,
-+ 0x77, 0xd7, 0x41, 0x0e
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_personalizationstring[] = {
-+ 0x4e, 0x33, 0x41, 0x3c, 0x9c, 0xc2, 0xd2, 0x53, 0xaf, 0x90, 0xea, 0xcf,
-+ 0x19, 0x50, 0x1e, 0xe6, 0x6f, 0x63, 0xc8, 0x32, 0x22, 0xdc, 0x07, 0x65,
-+ 0x9c, 0xd3, 0xf8, 0x30, 0x9e, 0xed, 0x35, 0x70
-+};
-+
-+__fips_constseg static const unsigned char aes_192_use_df_additionalinput[] = {
-+ 0x5d, 0x8b, 0x8c, 0xc1, 0xdf, 0x0e, 0x02, 0x78, 0xfb, 0x19, 0xb8, 0x69,
-+ 0x78, 0x4e, 0x9c, 0x52, 0xbc, 0xc7, 0x20, 0xc9, 0xe6, 0x5e, 0x77, 0x22,
-+ 0x28, 0x3d, 0x0c, 0x9e, 0x68, 0xa8, 0x45, 0xd7
-+};
-+
-+__fips_constseg static const unsigned char aes_192_use_df_int_returnedbits[] = {
-+ 0xd5, 0xe7, 0x08, 0xc5, 0x19, 0x99, 0xd5, 0x31, 0x03, 0x0a, 0x74, 0xb6,
-+ 0xb7, 0xed, 0xe9, 0xea
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_entropyinputreseed[] = {
-+ 0x9c, 0x26, 0xda, 0xf1, 0xac, 0xd9, 0x5a, 0xd6, 0xa8, 0x65, 0xf5, 0x02,
-+ 0x8f, 0xdc, 0xa2, 0x09, 0x54, 0xa6, 0xe2, 0xa4, 0xde, 0x32, 0xe0, 0x01
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_additionalinputreseed[] = {
-+ 0x9b, 0x90, 0xb0, 0x3a, 0x0e, 0x3a, 0x80, 0x07, 0x4a, 0xf4, 0xda, 0x76,
-+ 0x28, 0x30, 0x3c, 0xee, 0x54, 0x1b, 0x94, 0x59, 0x51, 0x43, 0x56, 0x77,
-+ 0xaf, 0x88, 0xdd, 0x63, 0x89, 0x47, 0x06, 0x65
-+};
-+
-+__fips_constseg static const unsigned char aes_192_use_df_additionalinput2[] = {
-+ 0x3c, 0x11, 0x64, 0x7a, 0x96, 0xf5, 0xd8, 0xb8, 0xae, 0xd6, 0x70, 0x4e,
-+ 0x16, 0x96, 0xde, 0xe9, 0x62, 0xbc, 0xee, 0x28, 0x2f, 0x26, 0xa6, 0xf0,
-+ 0x56, 0xef, 0xa3, 0xf1, 0x6b, 0xa1, 0xb1, 0x77
-+};
-+
-+__fips_constseg static const unsigned char aes_192_use_df_returnedbits[] = {
-+ 0x0b, 0xe2, 0x56, 0x03, 0x1e, 0xdb, 0x2c, 0x6d, 0x7f, 0x1b, 0x15, 0x58,
-+ 0x1a, 0xf9, 0x13, 0x28
-+};
-+
-+/* AES-256 use df PR */
-+__fips_constseg static const unsigned char aes_256_use_df_pr_entropyinput[] = {
-+ 0x61, 0x68, 0xfc, 0x1a, 0xf0, 0xb5, 0x95, 0x6b, 0x85, 0x09, 0x9b, 0x74,
-+ 0x3f, 0x13, 0x78, 0x49, 0x3b, 0x85, 0xec, 0x93, 0x13, 0x3b, 0xa9, 0x4f,
-+ 0x96, 0xab, 0x2c, 0xe4, 0xc8, 0x8f, 0xdd, 0x6a
-+};
-+
-+__fips_constseg static const unsigned char aes_256_use_df_pr_nonce[] = {
-+ 0xad, 0xd2, 0xbb, 0xba, 0xb7, 0x65, 0x89, 0xc3, 0x21, 0x6c, 0x55, 0x33,
-+ 0x2b, 0x36, 0xff, 0xa4
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_pr_personalizationstring[] = {
-+ 0x6e, 0xca, 0xe7, 0x20, 0x72, 0xd3, 0x84, 0x5a, 0x32, 0xd3, 0x4b, 0x24,
-+ 0x72, 0xc4, 0x63, 0x2b, 0x9d, 0x12, 0x24, 0x0c, 0x23, 0x26, 0x8e, 0x83,
-+ 0x16, 0x37, 0x0b, 0xd1, 0x06, 0x4f, 0x68, 0x6d
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_pr_additionalinput[] = {
-+ 0x7e, 0x08, 0x4a, 0xbb, 0xe3, 0x21, 0x7c, 0xc9, 0x23, 0xd2, 0xf8, 0xb0,
-+ 0x73, 0x98, 0xba, 0x84, 0x74, 0x23, 0xab, 0x06, 0x8a, 0xe2, 0x22, 0xd3,
-+ 0x7b, 0xce, 0x9b, 0xd2, 0x4a, 0x76, 0xb8, 0xde
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_pr_entropyinputpr[] = {
-+ 0x0b, 0x23, 0xaf, 0xdf, 0xf1, 0x62, 0xd7, 0xd3, 0x43, 0x97, 0xf8, 0x77,
-+ 0x04, 0xa8, 0x42, 0x20, 0xbd, 0xf6, 0x0f, 0xc1, 0x17, 0x2f, 0x9f, 0x54,
-+ 0xbb, 0x56, 0x17, 0x86, 0x68, 0x0e, 0xba, 0xa9
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_pr_int_returnedbits[] = {
-+ 0x31, 0x8e, 0xad, 0xaf, 0x40, 0xeb, 0x6b, 0x74, 0x31, 0x46, 0x80, 0xc7,
-+ 0x17, 0xab, 0x3c, 0x7a
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_pr_additionalinput2[] = {
-+ 0x94, 0x6b, 0xc9, 0x9f, 0xab, 0x8d, 0xc5, 0xec, 0x71, 0x88, 0x1d, 0x00,
-+ 0x8c, 0x89, 0x68, 0xe4, 0xc8, 0x07, 0x77, 0x36, 0x17, 0x6d, 0x79, 0x78,
-+ 0xc7, 0x06, 0x4e, 0x99, 0x04, 0x28, 0x29, 0xc3
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_pr_entropyinputpr2[] = {
-+ 0xbf, 0x6c, 0x59, 0x2a, 0x0d, 0x44, 0x0f, 0xae, 0x9a, 0x5e, 0x03, 0x73,
-+ 0xd8, 0xa6, 0xe1, 0xcf, 0x25, 0x61, 0x38, 0x24, 0x86, 0x9e, 0x53, 0xe8,
-+ 0xa4, 0xdf, 0x56, 0xf4, 0x06, 0x07, 0x9c, 0x0f
-+};
-+
-+__fips_constseg static const unsigned char aes_256_use_df_pr_returnedbits[] = {
-+ 0x22, 0x4a, 0xb4, 0xb8, 0xb6, 0xee, 0x7d, 0xb1, 0x9e, 0xc9, 0xf9, 0xa0,
-+ 0xd9, 0xe2, 0x97, 0x00
-+};
-+
-+/* AES-256 use df No PR */
-+__fips_constseg static const unsigned char aes_256_use_df_entropyinput[] = {
-+ 0xa5, 0x3e, 0x37, 0x10, 0x17, 0x43, 0x91, 0x93, 0x59, 0x1e, 0x47, 0x50,
-+ 0x87, 0xaa, 0xdd, 0xd5, 0xc1, 0xc3, 0x86, 0xcd, 0xca, 0x0d, 0xdb, 0x68,
-+ 0xe0, 0x02, 0xd8, 0x0f, 0xdc, 0x40, 0x1a, 0x47
-+};
-+
-+__fips_constseg static const unsigned char aes_256_use_df_nonce[] = {
-+ 0xa9, 0x4d, 0xa5, 0x5a, 0xfd, 0xc5, 0x0c, 0xe5, 0x1c, 0x9a, 0x3b, 0x8a,
-+ 0x4c, 0x44, 0x84, 0x40
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_personalizationstring[] = {
-+ 0x8b, 0x52, 0xa2, 0x4a, 0x93, 0xc3, 0x4e, 0xa7, 0x1e, 0x1c, 0xa7, 0x05,
-+ 0xeb, 0x82, 0x9b, 0xa6, 0x5d, 0xe4, 0xd4, 0xe0, 0x7f, 0xa3, 0xd8, 0x6b,
-+ 0x37, 0x84, 0x5f, 0xf1, 0xc7, 0xd5, 0xf6, 0xd2
-+};
-+
-+__fips_constseg static const unsigned char aes_256_use_df_additionalinput[] = {
-+ 0x20, 0xf4, 0x22, 0xed, 0xf8, 0x5c, 0xa1, 0x6a, 0x01, 0xcf, 0xbe, 0x5f,
-+ 0x8d, 0x6c, 0x94, 0x7f, 0xae, 0x12, 0xa8, 0x57, 0xdb, 0x2a, 0xa9, 0xbf,
-+ 0xc7, 0xb3, 0x65, 0x81, 0x80, 0x8d, 0x0d, 0x46
-+};
-+
-+__fips_constseg static const unsigned char aes_256_use_df_int_returnedbits[] = {
-+ 0x4e, 0x44, 0xfd, 0xf3, 0x9e, 0x29, 0xa2, 0xb8, 0x0f, 0x5d, 0x6c, 0xe1,
-+ 0x28, 0x0c, 0x3b, 0xc1
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_entropyinputreseed[] = {
-+ 0xdd, 0x40, 0xe5, 0x98, 0x7b, 0x27, 0x16, 0x73, 0x15, 0x68, 0xd2, 0x76,
-+ 0xbf, 0x0c, 0x67, 0x15, 0x75, 0x79, 0x03, 0xd3, 0xde, 0xde, 0x91, 0x46,
-+ 0x42, 0xdd, 0xd4, 0x67, 0xc8, 0x79, 0xc8, 0x1e
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_additionalinputreseed[] = {
-+ 0x7f, 0xd8, 0x1f, 0xbd, 0x2a, 0xb5, 0x1c, 0x11, 0x5d, 0x83, 0x4e, 0x99,
-+ 0xf6, 0x5c, 0xa5, 0x40, 0x20, 0xed, 0x38, 0x8e, 0xd5, 0x9e, 0xe0, 0x75,
-+ 0x93, 0xfe, 0x12, 0x5e, 0x5d, 0x73, 0xfb, 0x75
-+};
-+
-+__fips_constseg static const unsigned char aes_256_use_df_additionalinput2[] = {
-+ 0xcd, 0x2c, 0xff, 0x14, 0x69, 0x3e, 0x4c, 0x9e, 0xfd, 0xfe, 0x26, 0x0d,
-+ 0xe9, 0x86, 0x00, 0x49, 0x30, 0xba, 0xb1, 0xc6, 0x50, 0x57, 0x77, 0x2a,
-+ 0x62, 0x39, 0x2c, 0x3b, 0x74, 0xeb, 0xc9, 0x0d
-+};
-+
-+__fips_constseg static const unsigned char aes_256_use_df_returnedbits[] = {
-+ 0x4f, 0x78, 0xbe, 0xb9, 0x4d, 0x97, 0x8c, 0xe9, 0xd0, 0x97, 0xfe, 0xad,
-+ 0xfa, 0xfd, 0x35, 0x5e
-+};
-+
-+/* AES-128 no df PR */
-+__fips_constseg static const unsigned char aes_128_no_df_pr_entropyinput[] = {
-+ 0x9a, 0x25, 0x65, 0x10, 0x67, 0xd5, 0xb6, 0x6b, 0x70, 0xa1, 0xb3, 0xa4,
-+ 0x43, 0x95, 0x80, 0xc0, 0x84, 0x0a, 0x79, 0xb0, 0x88, 0x74, 0xf2, 0xbf,
-+ 0x31, 0x6c, 0x33, 0x38, 0x0b, 0x00, 0xb2, 0x5a
-+};
-+
-+__fips_constseg static const unsigned char aes_128_no_df_pr_nonce[] = {
-+ 0x78, 0x47, 0x6b, 0xf7, 0x90, 0x8e, 0x87, 0xf1
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_no_df_pr_personalizationstring[] = {
-+ 0xf7, 0x22, 0x1d, 0x3a, 0xbe, 0x1d, 0xca, 0x32, 0x1b, 0xbd, 0x87, 0x0c,
-+ 0x51, 0x24, 0x19, 0xee, 0xa3, 0x23, 0x09, 0x63, 0x33, 0x3d, 0xa8, 0x0c,
-+ 0x1c, 0xfa, 0x42, 0x89, 0xcc, 0x6f, 0xa0, 0xa8
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_no_df_pr_additionalinput[] = {
-+ 0xc9, 0xe0, 0x80, 0xbf, 0x8c, 0x45, 0x58, 0x39, 0xff, 0x00, 0xab, 0x02,
-+ 0x4c, 0x3e, 0x3a, 0x95, 0x9b, 0x80, 0xa8, 0x21, 0x2a, 0xee, 0xba, 0x73,
-+ 0xb1, 0xd9, 0xcf, 0x28, 0xf6, 0x8f, 0x9b, 0x12
-+};
-+
-+__fips_constseg static const unsigned char aes_128_no_df_pr_entropyinputpr[] = {
-+ 0x4c, 0xa8, 0xc5, 0xf0, 0x59, 0x9e, 0xa6, 0x8d, 0x26, 0x53, 0xd7, 0x8a,
-+ 0xa9, 0xd8, 0xf7, 0xed, 0xb2, 0xf9, 0x12, 0x42, 0xe1, 0xe5, 0xbd, 0xe7,
-+ 0xe7, 0x1d, 0x74, 0x99, 0x00, 0x9d, 0x31, 0x3e
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_no_df_pr_int_returnedbits[] = {
-+ 0xe2, 0xac, 0x20, 0xf0, 0x80, 0xe7, 0xbc, 0x7e, 0x9c, 0x7b, 0x65, 0x71,
-+ 0xaf, 0x19, 0x32, 0x16
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_no_df_pr_additionalinput2[] = {
-+ 0x32, 0x7f, 0x38, 0x8b, 0x73, 0x0a, 0x78, 0x83, 0xdc, 0x30, 0xbe, 0x9f,
-+ 0x10, 0x1f, 0xf5, 0x1f, 0xca, 0x00, 0xb5, 0x0d, 0xd6, 0x9d, 0x60, 0x83,
-+ 0x51, 0x54, 0x7d, 0x38, 0x23, 0x3a, 0x52, 0x50
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_no_df_pr_entropyinputpr2[] = {
-+ 0x18, 0x61, 0x53, 0x56, 0xed, 0xed, 0xd7, 0x20, 0xfb, 0x71, 0x04, 0x7a,
-+ 0xb2, 0xac, 0xc1, 0x28, 0xcd, 0xf2, 0xc2, 0xfc, 0xaa, 0xb1, 0x06, 0x07,
-+ 0xe9, 0x46, 0x95, 0x02, 0x48, 0x01, 0x78, 0xf9
-+};
-+
-+__fips_constseg static const unsigned char aes_128_no_df_pr_returnedbits[] = {
-+ 0x29, 0xc8, 0x1b, 0x15, 0xb1, 0xd1, 0xc2, 0xf6, 0x71, 0x86, 0x68, 0x33,
-+ 0x57, 0x82, 0x33, 0xaf
-+};
-+
-+/* AES-128 no df No PR */
-+__fips_constseg static const unsigned char aes_128_no_df_entropyinput[] = {
-+ 0xc9, 0xc5, 0x79, 0xbc, 0xe8, 0xc5, 0x19, 0xd8, 0xbc, 0x66, 0x73, 0x67,
-+ 0xf6, 0xd3, 0x72, 0xaa, 0xa6, 0x16, 0xb8, 0x50, 0xb7, 0x47, 0x3a, 0x42,
-+ 0xab, 0xf4, 0x16, 0xb2, 0x96, 0xd2, 0xb6, 0x60
-+};
-+
-+__fips_constseg static const unsigned char aes_128_no_df_nonce[] = {
-+ 0x5f, 0xbf, 0x97, 0x0c, 0x4b, 0xa4, 0x87, 0x13
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_no_df_personalizationstring[] = {
-+ 0xce, 0xfb, 0x7b, 0x3f, 0xd4, 0x6b, 0x29, 0x0d, 0x69, 0x06, 0xff, 0xbb,
-+ 0xf2, 0xe5, 0xc6, 0x6c, 0x0a, 0x10, 0xa0, 0xcf, 0x1a, 0x48, 0xc7, 0x8b,
-+ 0x3c, 0x16, 0x88, 0xed, 0x50, 0x13, 0x81, 0xce
-+};
-+
-+__fips_constseg static const unsigned char aes_128_no_df_additionalinput[] = {
-+ 0x4b, 0x22, 0x46, 0x18, 0x02, 0x7b, 0xd2, 0x1b, 0x22, 0x42, 0x7c, 0x37,
-+ 0xd9, 0xf6, 0xe8, 0x9b, 0x12, 0x30, 0x5f, 0xe9, 0x90, 0xe8, 0x08, 0x24,
-+ 0x4f, 0x06, 0x66, 0xdb, 0x19, 0x2b, 0x13, 0x95
-+};
-+
-+__fips_constseg static const unsigned char aes_128_no_df_int_returnedbits[] = {
-+ 0x2e, 0x96, 0x70, 0x64, 0xfa, 0xdf, 0xdf, 0x57, 0xb5, 0x82, 0xee, 0xd6,
-+ 0xed, 0x3e, 0x65, 0xc2
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_no_df_entropyinputreseed[] = {
-+ 0x26, 0xc0, 0x72, 0x16, 0x3a, 0x4b, 0xb7, 0x99, 0xd4, 0x07, 0xaf, 0x66,
-+ 0x62, 0x36, 0x96, 0xa4, 0x51, 0x17, 0xfa, 0x07, 0x8b, 0x17, 0x5e, 0xa1,
-+ 0x2f, 0x3c, 0x10, 0xe7, 0x90, 0xd0, 0x46, 0x00
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_no_df_additionalinputreseed[] = {
-+ 0x83, 0x39, 0x37, 0x7b, 0x02, 0x06, 0xd2, 0x12, 0x13, 0x8d, 0x8b, 0xf2,
-+ 0xf0, 0xf6, 0x26, 0xeb, 0xa4, 0x22, 0x7b, 0xc2, 0xe7, 0xba, 0x79, 0xe4,
-+ 0x3b, 0x77, 0x5d, 0x4d, 0x47, 0xb2, 0x2d, 0xb4
-+};
-+
-+__fips_constseg static const unsigned char aes_128_no_df_additionalinput2[] = {
-+ 0x0b, 0xb9, 0x67, 0x37, 0xdb, 0x83, 0xdf, 0xca, 0x81, 0x8b, 0xf9, 0x3f,
-+ 0xf1, 0x11, 0x1b, 0x2f, 0xf0, 0x61, 0xa6, 0xdf, 0xba, 0xa3, 0xb1, 0xac,
-+ 0xd3, 0xe6, 0x09, 0xb8, 0x2c, 0x6a, 0x67, 0xd6
-+};
-+
-+__fips_constseg static const unsigned char aes_128_no_df_returnedbits[] = {
-+ 0x1e, 0xa7, 0xa4, 0xe4, 0xe1, 0xa6, 0x7c, 0x69, 0x9a, 0x44, 0x6c, 0x36,
-+ 0x81, 0x37, 0x19, 0xd4
-+};
-+
-+/* AES-192 no df PR */
-+__fips_constseg static const unsigned char aes_192_no_df_pr_entropyinput[] = {
-+ 0x9d, 0x2c, 0xd2, 0x55, 0x66, 0xea, 0xe0, 0xbe, 0x18, 0xb7, 0x76, 0xe7,
-+ 0x73, 0x35, 0xd8, 0x1f, 0xad, 0x3a, 0xe3, 0x81, 0x0e, 0x92, 0xd0, 0x61,
-+ 0xc9, 0x12, 0x26, 0xf6, 0x1c, 0xdf, 0xfe, 0x47, 0xaa, 0xfe, 0x7d, 0x5a,
-+ 0x17, 0x1f, 0x8d, 0x9a
-+};
-+
-+__fips_constseg static const unsigned char aes_192_no_df_pr_nonce[] = {
-+ 0x44, 0x82, 0xed, 0xe8, 0x4c, 0x28, 0x5a, 0x14, 0xff, 0x88, 0x8d, 0x19,
-+ 0x61, 0x5c, 0xee, 0x0f
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_no_df_pr_personalizationstring[] = {
-+ 0x47, 0xd7, 0x9b, 0x99, 0xaa, 0xcb, 0xe7, 0xd2, 0x57, 0x66, 0x2c, 0xe1,
-+ 0x78, 0xd6, 0x2c, 0xea, 0xa3, 0x23, 0x5f, 0x2a, 0xc1, 0x3a, 0xf0, 0xa4,
-+ 0x20, 0x3b, 0xfa, 0x07, 0xd5, 0x05, 0x02, 0xe4, 0x57, 0x01, 0xb6, 0x10,
-+ 0x57, 0x2e, 0xe7, 0x55
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_no_df_pr_additionalinput[] = {
-+ 0x4b, 0x74, 0x0b, 0x40, 0xce, 0x6b, 0xc2, 0x6a, 0x24, 0xb4, 0xf3, 0xad,
-+ 0x7a, 0xa5, 0x7a, 0xa2, 0x15, 0xe2, 0xc8, 0x61, 0x15, 0xc6, 0xb7, 0x85,
-+ 0x69, 0x11, 0xad, 0x7b, 0x14, 0xd2, 0xf6, 0x12, 0xa1, 0x95, 0x5d, 0x3f,
-+ 0xe2, 0xd0, 0x0c, 0x2f
-+};
-+
-+__fips_constseg static const unsigned char aes_192_no_df_pr_entropyinputpr[] = {
-+ 0x0c, 0x9c, 0xad, 0x05, 0xee, 0xae, 0x48, 0x23, 0x89, 0x59, 0xa1, 0x94,
-+ 0xd7, 0xd8, 0x75, 0xd5, 0x54, 0x93, 0xc7, 0x4a, 0xd9, 0x26, 0xde, 0xeb,
-+ 0xba, 0xb0, 0x7e, 0x30, 0x1d, 0x5f, 0x69, 0x40, 0x9c, 0x3b, 0x17, 0x58,
-+ 0x1d, 0x30, 0xb3, 0x78
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_no_df_pr_int_returnedbits[] = {
-+ 0xf7, 0x93, 0xb0, 0x6d, 0x77, 0x83, 0xd5, 0x38, 0x01, 0xe1, 0x52, 0x40,
-+ 0x7e, 0x3e, 0x0c, 0x26
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_no_df_pr_additionalinput2[] = {
-+ 0xbc, 0x4b, 0x37, 0x44, 0x1c, 0xc5, 0x45, 0x5f, 0x8f, 0x51, 0x62, 0x8a,
-+ 0x85, 0x30, 0x1d, 0x7c, 0xe4, 0xcf, 0xf7, 0x44, 0xce, 0x32, 0x3e, 0x57,
-+ 0x95, 0xa4, 0x2a, 0xdf, 0xfd, 0x9e, 0x38, 0x41, 0xb3, 0xf6, 0xc5, 0xee,
-+ 0x0c, 0x4b, 0xee, 0x6e
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_no_df_pr_entropyinputpr2[] = {
-+ 0xec, 0xaf, 0xf6, 0x4f, 0xb1, 0xa0, 0x54, 0xb5, 0x5b, 0xe3, 0x46, 0xb0,
-+ 0x76, 0x5a, 0x7c, 0x3f, 0x7b, 0x94, 0x69, 0x21, 0x51, 0x02, 0xe5, 0x9f,
-+ 0x04, 0x59, 0x02, 0x98, 0xc6, 0x43, 0x2c, 0xcc, 0x26, 0x4c, 0x87, 0x6b,
-+ 0x8e, 0x0a, 0x83, 0xdf
-+};
-+
-+__fips_constseg static const unsigned char aes_192_no_df_pr_returnedbits[] = {
-+ 0x74, 0x45, 0xfb, 0x53, 0x84, 0x96, 0xbe, 0xff, 0x15, 0xcc, 0x41, 0x91,
-+ 0xb9, 0xa1, 0x21, 0x68
-+};
-+
-+/* AES-192 no df No PR */
-+__fips_constseg static const unsigned char aes_192_no_df_entropyinput[] = {
-+ 0x3c, 0x7d, 0xb5, 0xe0, 0x54, 0xd9, 0x6e, 0x8c, 0xa9, 0x86, 0xce, 0x4e,
-+ 0x6b, 0xaf, 0xeb, 0x2f, 0xe7, 0x75, 0xe0, 0x8b, 0xa4, 0x3b, 0x07, 0xfe,
-+ 0xbe, 0x33, 0x75, 0x93, 0x80, 0x27, 0xb5, 0x29, 0x47, 0x8b, 0xc7, 0x28,
-+ 0x94, 0xc3, 0x59, 0x63
-+};
-+
-+__fips_constseg static const unsigned char aes_192_no_df_nonce[] = {
-+ 0x43, 0xf1, 0x7d, 0xb8, 0xc3, 0xfe, 0xd0, 0x23, 0x6b, 0xb4, 0x92, 0xdb,
-+ 0x29, 0xfd, 0x45, 0x71
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_no_df_personalizationstring[] = {
-+ 0x9f, 0x24, 0x29, 0x99, 0x9e, 0x01, 0xab, 0xe9, 0x19, 0xd8, 0x23, 0x08,
-+ 0xb7, 0xd6, 0x7e, 0x8c, 0xc0, 0x9e, 0x7f, 0x6e, 0x5b, 0x33, 0x20, 0x96,
-+ 0x0b, 0x23, 0x2c, 0xa5, 0x6a, 0xf8, 0x1b, 0x04, 0x26, 0xdb, 0x2e, 0x2b,
-+ 0x3b, 0x88, 0xce, 0x35
-+};
-+
-+__fips_constseg static const unsigned char aes_192_no_df_additionalinput[] = {
-+ 0x94, 0xe9, 0x7c, 0x3d, 0xa7, 0xdb, 0x60, 0x83, 0x1f, 0x98, 0x3f, 0x0b,
-+ 0x88, 0x59, 0x57, 0x51, 0x88, 0x9f, 0x76, 0x49, 0x9f, 0xa6, 0xda, 0x71,
-+ 0x1d, 0x0d, 0x47, 0x16, 0x63, 0xc5, 0x68, 0xe4, 0x5d, 0x39, 0x69, 0xb3,
-+ 0x3e, 0xbe, 0xd4, 0x8e
-+};
-+
-+__fips_constseg static const unsigned char aes_192_no_df_int_returnedbits[] = {
-+ 0xf9, 0xd7, 0xad, 0x69, 0xab, 0x8f, 0x23, 0x56, 0x70, 0x17, 0x4f, 0x2a,
-+ 0x45, 0xe7, 0x4a, 0xc5
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_no_df_entropyinputreseed[] = {
-+ 0xa6, 0x71, 0x6a, 0x3d, 0xba, 0xd1, 0xe8, 0x66, 0xa6, 0xef, 0xb2, 0x0e,
-+ 0xa8, 0x9c, 0xaa, 0x4e, 0xaf, 0x17, 0x89, 0x50, 0x00, 0xda, 0xa1, 0xb1,
-+ 0x0b, 0xa4, 0xd9, 0x35, 0x89, 0xc8, 0xe5, 0xb0, 0xd9, 0xb7, 0xc4, 0x33,
-+ 0x9b, 0xcb, 0x7e, 0x75
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_no_df_additionalinputreseed[] = {
-+ 0x27, 0x21, 0xfc, 0xc2, 0xbd, 0xf3, 0x3c, 0xce, 0xc3, 0xca, 0xc1, 0x01,
-+ 0xe0, 0xff, 0x93, 0x12, 0x7d, 0x54, 0x42, 0xe3, 0x9f, 0x03, 0xdf, 0x27,
-+ 0x04, 0x07, 0x3c, 0x53, 0x7f, 0xa8, 0x66, 0xc8, 0x97, 0x4b, 0x61, 0x40,
-+ 0x5d, 0x7a, 0x25, 0x79
-+};
-+
-+__fips_constseg static const unsigned char aes_192_no_df_additionalinput2[] = {
-+ 0x2d, 0x8e, 0x16, 0x5d, 0x0b, 0x9f, 0xeb, 0xaa, 0xd6, 0xec, 0x28, 0x71,
-+ 0x7c, 0x0b, 0xc1, 0x1d, 0xd4, 0x44, 0x19, 0x47, 0xfd, 0x1d, 0x7c, 0xe5,
-+ 0xf3, 0x27, 0xe1, 0xb6, 0x72, 0x0a, 0xe0, 0xec, 0x0e, 0xcd, 0xef, 0x1a,
-+ 0x91, 0x6a, 0xe3, 0x5f
-+};
-+
-+__fips_constseg static const unsigned char aes_192_no_df_returnedbits[] = {
-+ 0xe5, 0xda, 0xb8, 0xe0, 0x63, 0x59, 0x5a, 0xcc, 0x3d, 0xdc, 0x9f, 0xe8,
-+ 0x66, 0x67, 0x2c, 0x92
-+};
-+
-+/* AES-256 no df PR */
-+__fips_constseg static const unsigned char aes_256_no_df_pr_entropyinput[] = {
-+ 0x15, 0xc7, 0x5d, 0xcb, 0x41, 0x4b, 0x16, 0x01, 0x3a, 0xd1, 0x44, 0xe8,
-+ 0x22, 0x32, 0xc6, 0x9c, 0x3f, 0xe7, 0x43, 0xf5, 0x9a, 0xd3, 0xea, 0xf2,
-+ 0xd7, 0x4e, 0x6e, 0x6a, 0x55, 0x73, 0x40, 0xef, 0x89, 0xad, 0x0d, 0x03,
-+ 0x96, 0x7e, 0x78, 0x81, 0x2f, 0x91, 0x1b, 0x44, 0xb0, 0x02, 0xba, 0x1c
-+};
-+
-+__fips_constseg static const unsigned char aes_256_no_df_pr_nonce[] = {
-+ 0xdc, 0xe4, 0xd4, 0x27, 0x7a, 0x90, 0xd7, 0x99, 0x43, 0xa1, 0x3c, 0x30,
-+ 0xcc, 0x4b, 0xee, 0x2e
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_no_df_pr_personalizationstring[] = {
-+ 0xe3, 0xe6, 0xb9, 0x11, 0xe4, 0x7a, 0xa4, 0x40, 0x6b, 0xf8, 0x73, 0xf7,
-+ 0x7e, 0xec, 0xc7, 0xb9, 0x97, 0xbf, 0xf8, 0x25, 0x7b, 0xbe, 0x11, 0x9b,
-+ 0x5b, 0x6a, 0x0c, 0x2e, 0x2b, 0x01, 0x51, 0xcd, 0x41, 0x4b, 0x6b, 0xac,
-+ 0x31, 0xa8, 0x0b, 0xf7, 0xe6, 0x59, 0x42, 0xb8, 0x03, 0x0c, 0xf8, 0x06
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_no_df_pr_additionalinput[] = {
-+ 0x6a, 0x9f, 0x00, 0x91, 0xae, 0xfe, 0xcf, 0x84, 0x99, 0xce, 0xb1, 0x40,
-+ 0x6d, 0x5d, 0x33, 0x28, 0x84, 0xf4, 0x8c, 0x63, 0x4c, 0x7e, 0xbd, 0x2c,
-+ 0x80, 0x76, 0xee, 0x5a, 0xaa, 0x15, 0x07, 0x31, 0xd8, 0xbb, 0x8c, 0x69,
-+ 0x9d, 0x9d, 0xbc, 0x7e, 0x49, 0xae, 0xec, 0x39, 0x6b, 0xd1, 0x1f, 0x7e
-+};
-+
-+__fips_constseg static const unsigned char aes_256_no_df_pr_entropyinputpr[] = {
-+ 0xf3, 0xb9, 0x75, 0x9c, 0xbd, 0x88, 0xea, 0xa2, 0x50, 0xad, 0xd6, 0x16,
-+ 0x1a, 0x12, 0x3c, 0x86, 0x68, 0xaf, 0x6f, 0xbe, 0x19, 0xf2, 0xee, 0xcc,
-+ 0xa5, 0x70, 0x84, 0x53, 0x50, 0xcb, 0x9f, 0x14, 0xa9, 0xe5, 0xee, 0xb9,
-+ 0x48, 0x45, 0x40, 0xe2, 0xc7, 0xc9, 0x9a, 0x74, 0xff, 0x8c, 0x99, 0x1f
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_no_df_pr_int_returnedbits[] = {
-+ 0x2e, 0xf2, 0x45, 0x4c, 0x62, 0x2e, 0x0a, 0xb9, 0x6b, 0xa2, 0xfd, 0x56,
-+ 0x79, 0x60, 0x93, 0xcf
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_no_df_pr_additionalinput2[] = {
-+ 0xaf, 0x69, 0x20, 0xe9, 0x3b, 0x37, 0x9d, 0x3f, 0xb4, 0x80, 0x02, 0x7a,
-+ 0x25, 0x7d, 0xb8, 0xde, 0x71, 0xc5, 0x06, 0x0c, 0xb4, 0xe2, 0x8f, 0x35,
-+ 0xd8, 0x14, 0x0d, 0x7f, 0x76, 0x63, 0x4e, 0xb5, 0xee, 0xe9, 0x6f, 0x34,
-+ 0xc7, 0x5f, 0x56, 0x14, 0x4a, 0xe8, 0x73, 0x95, 0x5b, 0x1c, 0xb9, 0xcb
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_no_df_pr_entropyinputpr2[] = {
-+ 0xe5, 0xb0, 0x2e, 0x7e, 0x52, 0x30, 0xe3, 0x63, 0x82, 0xb6, 0x44, 0xd3,
-+ 0x25, 0x19, 0x05, 0x24, 0x9a, 0x9f, 0x5f, 0x27, 0x6a, 0x29, 0xab, 0xfa,
-+ 0x07, 0xa2, 0x42, 0x0f, 0xc5, 0xa8, 0x94, 0x7c, 0x17, 0x7b, 0x85, 0x83,
-+ 0x0c, 0x25, 0x0e, 0x63, 0x0b, 0xe9, 0x12, 0x60, 0xcd, 0xef, 0x80, 0x0f
-+};
-+
-+__fips_constseg static const unsigned char aes_256_no_df_pr_returnedbits[] = {
-+ 0x5e, 0xf2, 0x26, 0xef, 0x9f, 0x58, 0x5d, 0xd5, 0x4a, 0x10, 0xfe, 0xa7,
-+ 0x2d, 0x5f, 0x4a, 0x46
-+};
-+
-+/* AES-256 no df No PR */
-+__fips_constseg static const unsigned char aes_256_no_df_entropyinput[] = {
-+ 0xfb, 0xcf, 0x1b, 0x61, 0x16, 0x89, 0x78, 0x23, 0xf5, 0xd8, 0x96, 0xe3,
-+ 0x4e, 0x64, 0x0b, 0x29, 0x9a, 0x3f, 0xf8, 0xa5, 0xed, 0xf2, 0xfe, 0xdb,
-+ 0x16, 0xca, 0x7f, 0x10, 0xfa, 0x5e, 0x18, 0x76, 0x2c, 0x63, 0x5e, 0x96,
-+ 0xcf, 0xb3, 0xd6, 0xfc, 0xaf, 0x99, 0x39, 0x28, 0x9c, 0x61, 0xe8, 0xb3
-+};
-+
-+__fips_constseg static const unsigned char aes_256_no_df_nonce[] = {
-+ 0x12, 0x96, 0xf0, 0x52, 0xf3, 0x8d, 0x81, 0xcf, 0xde, 0x86, 0xf2, 0x99,
-+ 0x43, 0x96, 0xb9, 0xf0
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_no_df_personalizationstring[] = {
-+ 0x63, 0x0d, 0x78, 0xf5, 0x90, 0x8e, 0x32, 0x47, 0xb0, 0x4d, 0x37, 0x60,
-+ 0x09, 0x96, 0xbc, 0xbf, 0x97, 0x7a, 0x62, 0x14, 0x45, 0xbd, 0x8d, 0xcc,
-+ 0x69, 0xfb, 0x03, 0xe1, 0x80, 0x1c, 0xc7, 0xe2, 0x2a, 0xf9, 0x37, 0x3f,
-+ 0x66, 0x4d, 0x62, 0xd9, 0x10, 0xe0, 0xad, 0xc8, 0x9a, 0xf0, 0xa8, 0x6d
-+};
-+
-+__fips_constseg static const unsigned char aes_256_no_df_additionalinput[] = {
-+ 0x36, 0xc6, 0x13, 0x60, 0xbb, 0x14, 0xad, 0x22, 0xb0, 0x38, 0xac, 0xa6,
-+ 0x18, 0x16, 0x93, 0x25, 0x86, 0xb7, 0xdc, 0xdc, 0x36, 0x98, 0x2b, 0xf9,
-+ 0x68, 0x33, 0xd3, 0xc6, 0xff, 0xce, 0x8d, 0x15, 0x59, 0x82, 0x76, 0xed,
-+ 0x6f, 0x8d, 0x49, 0x74, 0x2f, 0xda, 0xdc, 0x1f, 0x17, 0xd0, 0xde, 0x17
-+};
-+
-+__fips_constseg static const unsigned char aes_256_no_df_int_returnedbits[] = {
-+ 0x16, 0x2f, 0x8e, 0x3f, 0x21, 0x7a, 0x1c, 0x20, 0x56, 0xd1, 0x92, 0xf6,
-+ 0xd2, 0x25, 0x75, 0x0e
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_no_df_entropyinputreseed[] = {
-+ 0x91, 0x79, 0x76, 0xee, 0xe0, 0xcf, 0x9e, 0xc2, 0xd5, 0xd4, 0x23, 0x9b,
-+ 0x12, 0x8c, 0x7e, 0x0a, 0xb7, 0xd2, 0x8b, 0xd6, 0x7c, 0xa3, 0xc6, 0xe5,
-+ 0x0e, 0xaa, 0xc7, 0x6b, 0xae, 0x0d, 0xfa, 0x53, 0x06, 0x79, 0xa1, 0xed,
-+ 0x4d, 0x6a, 0x0e, 0xd8, 0x9d, 0xbe, 0x1b, 0x31, 0x93, 0x7b, 0xec, 0xfb
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_no_df_additionalinputreseed[] = {
-+ 0xd2, 0x46, 0x50, 0x22, 0x10, 0x14, 0x63, 0xf7, 0xea, 0x0f, 0xb9, 0x7e,
-+ 0x0d, 0xe1, 0x94, 0x07, 0xaf, 0x09, 0x44, 0x31, 0xea, 0x64, 0xa4, 0x18,
-+ 0x5b, 0xf9, 0xd8, 0xc2, 0xfa, 0x03, 0x47, 0xc5, 0x39, 0x43, 0xd5, 0x3b,
-+ 0x62, 0x86, 0x64, 0xea, 0x2c, 0x73, 0x8c, 0xae, 0x9d, 0x98, 0x98, 0x29
-+};
-+
-+__fips_constseg static const unsigned char aes_256_no_df_additionalinput2[] = {
-+ 0x8c, 0xab, 0x18, 0xf8, 0xc3, 0xec, 0x18, 0x5c, 0xb3, 0x1e, 0x9d, 0xbe,
-+ 0x3f, 0x03, 0xb4, 0x00, 0x98, 0x9d, 0xae, 0xeb, 0xf4, 0x94, 0xf8, 0x42,
-+ 0x8f, 0xe3, 0x39, 0x07, 0xe1, 0xc9, 0xad, 0x0b, 0x1f, 0xed, 0xc0, 0xba,
-+ 0xf6, 0xd1, 0xec, 0x27, 0x86, 0x7b, 0xd6, 0x55, 0x9b, 0x60, 0xa5, 0xc6
-+};
-+
-+__fips_constseg static const unsigned char aes_256_no_df_returnedbits[] = {
-+ 0xef, 0xd2, 0xd8, 0x5c, 0xdc, 0x62, 0x25, 0x9f, 0xaa, 0x1e, 0x2c, 0x67,
-+ 0xf6, 0x02, 0x32, 0xe2
-+};
-+
-+/* SHA-1 PR */
-+__fips_constseg static const unsigned char sha1_pr_entropyinput[] = {
-+ 0xd2, 0x36, 0xa5, 0x27, 0x31, 0x73, 0xdd, 0x11, 0x4f, 0x93, 0xbd, 0xe2,
-+ 0x31, 0xa5, 0x91, 0x13
-+};
-+
-+__fips_constseg static const unsigned char sha1_pr_nonce[] = {
-+ 0xb5, 0xb3, 0x60, 0xef, 0xf7, 0x63, 0x31, 0xf3
-+};
-+
-+__fips_constseg static const unsigned char sha1_pr_personalizationstring[] = {
-+ 0xd4, 0xbb, 0x02, 0x10, 0xb2, 0x71, 0xdb, 0x81, 0xd6, 0xf0, 0x42, 0x60,
-+ 0xda, 0xea, 0x77, 0x52
-+};
-+
-+__fips_constseg static const unsigned char sha1_pr_additionalinput[] = {
-+ 0x4d, 0xd2, 0x6c, 0x87, 0xfb, 0x2c, 0x4f, 0xa6, 0x8d, 0x16, 0x63, 0x22,
-+ 0x6a, 0x51, 0xe3, 0xf8
-+};
-+
-+__fips_constseg static const unsigned char sha1_pr_entropyinputpr[] = {
-+ 0xc9, 0x83, 0x9e, 0x16, 0xf6, 0x1c, 0x0f, 0xb2, 0xec, 0x60, 0x31, 0xa9,
-+ 0xcb, 0xa9, 0x36, 0x7a
-+};
-+
-+__fips_constseg static const unsigned char sha1_pr_int_returnedbits[] = {
-+ 0xa8, 0x13, 0x4f, 0xf4, 0x31, 0x02, 0x44, 0xe3, 0xd3, 0x3d, 0x61, 0x9e,
-+ 0xe5, 0xc6, 0x3e, 0x89, 0xb5, 0x9b, 0x0f, 0x35
-+};
-+
-+__fips_constseg static const unsigned char sha1_pr_additionalinput2[] = {
-+ 0xf9, 0xe8, 0xd2, 0x72, 0x13, 0x34, 0x95, 0x6f, 0x15, 0x49, 0x47, 0x99,
-+ 0x16, 0x03, 0x19, 0x47
-+};
-+
-+__fips_constseg static const unsigned char sha1_pr_entropyinputpr2[] = {
-+ 0x4e, 0x8c, 0x49, 0x9b, 0x4a, 0x5c, 0x9b, 0x9c, 0x3a, 0xee, 0xfb, 0xd2,
-+ 0xae, 0xcd, 0x8c, 0xc4
-+};
-+
-+__fips_constseg static const unsigned char sha1_pr_returnedbits[] = {
-+ 0x50, 0xb4, 0xb4, 0xcd, 0x68, 0x57, 0xfc, 0x2e, 0xc1, 0x52, 0xcc, 0xf6,
-+ 0x68, 0xa4, 0x81, 0xed, 0x7e, 0xe4, 0x1d, 0x87
-+};
-+
-+/* SHA-1 No PR */
-+__fips_constseg static const unsigned char sha1_entropyinput[] = {
-+ 0xa9, 0x47, 0x1b, 0x29, 0x2d, 0x1c, 0x05, 0xdf, 0x76, 0xd0, 0x62, 0xf9,
-+ 0xe2, 0x7f, 0x4c, 0x7b
-+};
-+
-+__fips_constseg static const unsigned char sha1_nonce[] = {
-+ 0x53, 0x23, 0x24, 0xe3, 0xec, 0x0c, 0x54, 0x14
-+};
-+
-+__fips_constseg static const unsigned char sha1_personalizationstring[] = {
-+ 0x7a, 0x87, 0xa1, 0xac, 0x1c, 0xfd, 0xab, 0xae, 0xf7, 0xd6, 0xfb, 0x76,
-+ 0x28, 0xec, 0x6d, 0xca
-+};
-+
-+__fips_constseg static const unsigned char sha1_additionalinput[] = {
-+ 0xfc, 0x92, 0x35, 0xd6, 0x7e, 0xb7, 0x24, 0x65, 0xfd, 0x12, 0x27, 0x35,
-+ 0xc0, 0x72, 0xca, 0x28
-+};
-+
-+__fips_constseg static const unsigned char sha1_int_returnedbits[] = {
-+ 0x57, 0x88, 0x82, 0xe5, 0x25, 0xa5, 0x2c, 0x4a, 0x06, 0x20, 0x6c, 0x72,
-+ 0x55, 0x61, 0xdd, 0x90, 0x71, 0x9f, 0x95, 0xea
-+};
-+
-+__fips_constseg static const unsigned char sha1_entropyinputreseed[] = {
-+ 0x69, 0xa5, 0x40, 0x62, 0x98, 0x47, 0x56, 0x73, 0x4a, 0x8f, 0x60, 0x96,
-+ 0xd6, 0x99, 0x27, 0xed
-+};
-+
-+__fips_constseg static const unsigned char sha1_additionalinputreseed[] = {
-+ 0xe5, 0x40, 0x4e, 0xbd, 0x50, 0x00, 0xf5, 0x15, 0xa6, 0xee, 0x45, 0xda,
-+ 0x84, 0x3d, 0xd4, 0xc0
-+};
-+
-+__fips_constseg static const unsigned char sha1_additionalinput2[] = {
-+ 0x11, 0x51, 0x14, 0xf0, 0x09, 0x1b, 0x4e, 0x56, 0x0d, 0xe9, 0xf6, 0x1e,
-+ 0x52, 0x65, 0xcd, 0x96
-+};
-+
-+__fips_constseg static const unsigned char sha1_returnedbits[] = {
-+ 0xa1, 0x9c, 0x94, 0x6e, 0x29, 0xe1, 0x33, 0x0d, 0x32, 0xd6, 0xaa, 0xce,
-+ 0x71, 0x3f, 0x52, 0x72, 0x8b, 0x42, 0xa8, 0xd7
-+};
-+
-+/* SHA-224 PR */
-+__fips_constseg static const unsigned char sha224_pr_entropyinput[] = {
-+ 0x12, 0x69, 0x32, 0x4f, 0x83, 0xa6, 0xf5, 0x14, 0xe3, 0x49, 0x3e, 0x75,
-+ 0x3e, 0xde, 0xad, 0xa1, 0x29, 0xc3, 0xf3, 0x19, 0x20, 0xb5, 0x4c, 0xd9
-+};
-+
-+__fips_constseg static const unsigned char sha224_pr_nonce[] = {
-+ 0x6a, 0x78, 0xd0, 0xeb, 0xbb, 0x5a, 0xf0, 0xee, 0xe8, 0xc3, 0xba, 0x71
-+};
-+
-+__fips_constseg static const unsigned char sha224_pr_personalizationstring[] = {
-+ 0xd5, 0xb8, 0xb6, 0xbc, 0xc1, 0x5b, 0x60, 0x31, 0x3c, 0xf5, 0xe5, 0xc0,
-+ 0x8e, 0x52, 0x7a, 0xbd, 0xea, 0x47, 0xa9, 0x5f, 0x8f, 0xf9, 0x8b, 0xae
-+};
-+
-+__fips_constseg static const unsigned char sha224_pr_additionalinput[] = {
-+ 0x1f, 0x55, 0xec, 0xae, 0x16, 0x12, 0x84, 0xba, 0x84, 0x16, 0x19, 0x88,
-+ 0x8e, 0xb8, 0x33, 0x25, 0x54, 0xff, 0xca, 0x79, 0xaf, 0x07, 0x25, 0x50
-+};
-+
-+__fips_constseg static const unsigned char sha224_pr_entropyinputpr[] = {
-+ 0x92, 0xa3, 0x32, 0xa8, 0x9a, 0x0a, 0x58, 0x7c, 0x1d, 0x5a, 0x7e, 0xe1,
-+ 0xb2, 0x73, 0xab, 0x0e, 0x16, 0x79, 0x23, 0xd3, 0x29, 0x89, 0x81, 0xe1
-+};
-+
-+__fips_constseg static const unsigned char sha224_pr_int_returnedbits[] = {
-+ 0xf3, 0x38, 0x91, 0x40, 0x37, 0x7a, 0x51, 0x72, 0x42, 0x74, 0x78, 0x0a,
-+ 0x69, 0xfd, 0xa6, 0x44, 0x43, 0x45, 0x6c, 0x0c, 0x5a, 0x19, 0xff, 0xf1,
-+ 0x54, 0x60, 0xee, 0x6a
-+};
-+
-+__fips_constseg static const unsigned char sha224_pr_additionalinput2[] = {
-+ 0x75, 0xf3, 0x04, 0x25, 0xdd, 0x36, 0xa8, 0x37, 0x46, 0xae, 0x0c, 0x52,
-+ 0x05, 0x79, 0x4c, 0x26, 0xdb, 0xe9, 0x71, 0x16, 0x4c, 0x0a, 0xf2, 0x60
-+};
-+
-+__fips_constseg static const unsigned char sha224_pr_entropyinputpr2[] = {
-+ 0xea, 0xc5, 0x03, 0x0a, 0x4f, 0xb0, 0x38, 0x8d, 0x23, 0xd4, 0xc8, 0x77,
-+ 0xe2, 0x6d, 0x9c, 0x0b, 0x44, 0xf7, 0x2d, 0x5b, 0xbf, 0x5d, 0x2a, 0x11
-+};
-+
-+__fips_constseg static const unsigned char sha224_pr_returnedbits[] = {
-+ 0x60, 0x50, 0x2b, 0xe7, 0x86, 0xd8, 0x26, 0x73, 0xe3, 0x1d, 0x95, 0x20,
-+ 0xb3, 0x2c, 0x32, 0x1c, 0xf5, 0xce, 0x57, 0xa6, 0x67, 0x2b, 0xdc, 0x4e,
-+ 0xdd, 0x11, 0x4c, 0xc4
-+};
-+
-+/* SHA-224 No PR */
-+__fips_constseg static const unsigned char sha224_entropyinput[] = {
-+ 0xb2, 0x1c, 0x77, 0x4d, 0xf6, 0xd3, 0xb6, 0x40, 0xb7, 0x30, 0x3e, 0x29,
-+ 0xb0, 0x85, 0x1c, 0xbe, 0x4a, 0xea, 0x6b, 0x5a, 0xb5, 0x8a, 0x97, 0xeb
-+};
-+
-+__fips_constseg static const unsigned char sha224_nonce[] = {
-+ 0x42, 0x02, 0x0a, 0x1c, 0x98, 0x9a, 0x77, 0x9e, 0x9f, 0x80, 0xba, 0xe0
-+};
-+
-+__fips_constseg static const unsigned char sha224_personalizationstring[] = {
-+ 0x98, 0xb8, 0x04, 0x41, 0xfc, 0xc1, 0x5d, 0xc5, 0xe9, 0xb9, 0x08, 0xda,
-+ 0xf9, 0xfa, 0x0d, 0x90, 0xce, 0xdf, 0x1d, 0x10, 0xa9, 0x8d, 0x50, 0x0c
-+};
-+
-+__fips_constseg static const unsigned char sha224_additionalinput[] = {
-+ 0x9a, 0x8d, 0x39, 0x49, 0x42, 0xd5, 0x0b, 0xae, 0xe1, 0xaf, 0xb7, 0x00,
-+ 0x02, 0xfa, 0x96, 0xb1, 0xa5, 0x1d, 0x2d, 0x25, 0x78, 0xee, 0x83, 0x3f
-+};
-+
-+__fips_constseg static const unsigned char sha224_int_returnedbits[] = {
-+ 0xe4, 0xf5, 0x53, 0x79, 0x5a, 0x97, 0x58, 0x06, 0x08, 0xba, 0x7b, 0xfa,
-+ 0xf0, 0x83, 0x05, 0x8c, 0x22, 0xc0, 0xc9, 0xdb, 0x15, 0xe7, 0xde, 0x20,
-+ 0x55, 0x22, 0x9a, 0xad
-+};
-+
-+__fips_constseg static const unsigned char sha224_entropyinputreseed[] = {
-+ 0x67, 0x09, 0x48, 0xaa, 0x07, 0x16, 0x99, 0x89, 0x7f, 0x6d, 0xa0, 0xe5,
-+ 0x8f, 0xdf, 0xbc, 0xdb, 0xfe, 0xe5, 0x6c, 0x7a, 0x95, 0x4a, 0x66, 0x17
-+};
-+
-+__fips_constseg static const unsigned char sha224_additionalinputreseed[] = {
-+ 0x0f, 0x4b, 0x1c, 0x6f, 0xb7, 0xe3, 0x47, 0xe5, 0x5d, 0x7d, 0x38, 0xd6,
-+ 0x28, 0x9b, 0xeb, 0x55, 0x63, 0x09, 0x3e, 0x7c, 0x56, 0xea, 0xf8, 0x19
-+};
-+
-+__fips_constseg static const unsigned char sha224_additionalinput2[] = {
-+ 0x2d, 0x26, 0x7c, 0x37, 0xe4, 0x7a, 0x28, 0x5e, 0x5a, 0x3c, 0xaf, 0x3d,
-+ 0x5a, 0x8e, 0x55, 0xa2, 0x1a, 0x6e, 0xc0, 0xe5, 0xf6, 0x21, 0xd3, 0xf6
-+};
-+
-+__fips_constseg static const unsigned char sha224_returnedbits[] = {
-+ 0x4d, 0x83, 0x35, 0xdf, 0x67, 0xa9, 0xfc, 0x17, 0xda, 0x70, 0xcc, 0x8b,
-+ 0x7f, 0x77, 0xae, 0xa2, 0x5f, 0xb9, 0x7e, 0x74, 0x4c, 0x26, 0xc1, 0x7a,
-+ 0x3b, 0xa7, 0x5c, 0x93
-+};
-+
-+/* SHA-256 PR */
-+__fips_constseg static const unsigned char sha256_pr_entropyinput[] = {
-+ 0xce, 0x49, 0x00, 0x7a, 0x56, 0xe3, 0x67, 0x8f, 0xe1, 0xb6, 0xa7, 0xd4,
-+ 0x4f, 0x08, 0x7a, 0x1b, 0x01, 0xf4, 0xfa, 0x6b, 0xef, 0xb7, 0xe5, 0xeb,
-+ 0x07, 0x3d, 0x11, 0x0d, 0xc8, 0xea, 0x2b, 0xfe
-+};
-+
-+__fips_constseg static const unsigned char sha256_pr_nonce[] = {
-+ 0x73, 0x41, 0xc8, 0x92, 0x94, 0xe2, 0xc5, 0x5f, 0x93, 0xfd, 0x39, 0x5d,
-+ 0x2b, 0x91, 0x4d, 0x38
-+};
-+
-+__fips_constseg static const unsigned char sha256_pr_personalizationstring[] = {
-+ 0x50, 0x6d, 0x01, 0x01, 0x07, 0x5a, 0x80, 0x35, 0x7a, 0x56, 0x1a, 0x56,
-+ 0x2f, 0x9a, 0x0b, 0x35, 0xb2, 0xb1, 0xc9, 0xe5, 0xca, 0x69, 0x61, 0x48,
-+ 0xff, 0xfb, 0x0f, 0xd9, 0x4b, 0x79, 0x1d, 0xba
-+};
-+
-+__fips_constseg static const unsigned char sha256_pr_additionalinput[] = {
-+ 0x20, 0xb8, 0xdf, 0x44, 0x77, 0x5a, 0xb8, 0xd3, 0xbf, 0xf6, 0xcf, 0xac,
-+ 0x5e, 0xa6, 0x96, 0x62, 0x73, 0x44, 0x40, 0x4a, 0x30, 0xfb, 0x38, 0xa5,
-+ 0x7b, 0x0d, 0xe4, 0x0d, 0xc6, 0xe4, 0x9a, 0x1f
-+};
-+
-+__fips_constseg static const unsigned char sha256_pr_entropyinputpr[] = {
-+ 0x04, 0xc4, 0x65, 0xf4, 0xd3, 0xbf, 0x83, 0x4b, 0xab, 0xc8, 0x41, 0xa8,
-+ 0xc2, 0xe0, 0x44, 0x63, 0x77, 0x4c, 0x6f, 0x6c, 0x49, 0x46, 0xff, 0x94,
-+ 0x17, 0xea, 0xe6, 0x1a, 0x9d, 0x5e, 0x66, 0x78
-+};
-+
-+__fips_constseg static const unsigned char sha256_pr_int_returnedbits[] = {
-+ 0x07, 0x4d, 0xac, 0x9b, 0x86, 0xca, 0x4a, 0xaa, 0x6e, 0x7a, 0x03, 0xa2,
-+ 0x5d, 0x10, 0xea, 0x0b, 0xf9, 0x83, 0xcc, 0xd1, 0xfc, 0xe2, 0x07, 0xc7,
-+ 0x06, 0x34, 0x60, 0x6f, 0x83, 0x94, 0x99, 0x76
-+};
-+
-+__fips_constseg static const unsigned char sha256_pr_additionalinput2[] = {
-+ 0x89, 0x4e, 0x45, 0x8c, 0x11, 0xf9, 0xbc, 0x5b, 0xac, 0x74, 0x8b, 0x4b,
-+ 0x5f, 0xf7, 0x19, 0xf3, 0xf5, 0x24, 0x54, 0x14, 0xd1, 0x15, 0xb1, 0x43,
-+ 0x12, 0xa4, 0x5f, 0xd4, 0xec, 0xfc, 0xcd, 0x09
-+};
-+
-+__fips_constseg static const unsigned char sha256_pr_entropyinputpr2[] = {
-+ 0x0e, 0xeb, 0x1f, 0xd7, 0xfc, 0xd1, 0x9d, 0xd4, 0x05, 0x36, 0x8b, 0xb2,
-+ 0xfb, 0xe4, 0xf4, 0x51, 0x0c, 0x87, 0x9b, 0x02, 0x44, 0xd5, 0x92, 0x4d,
-+ 0x44, 0xfe, 0x1a, 0x03, 0x43, 0x56, 0xbd, 0x86
-+};
-+
-+__fips_constseg static const unsigned char sha256_pr_returnedbits[] = {
-+ 0x02, 0xaa, 0xb6, 0x1d, 0x7e, 0x2a, 0x40, 0x03, 0x69, 0x2d, 0x49, 0xa3,
-+ 0x41, 0xe7, 0x44, 0x0b, 0xaf, 0x7b, 0x85, 0xe4, 0x5f, 0x53, 0x3b, 0x64,
-+ 0xbc, 0x89, 0xc8, 0x82, 0xd4, 0x78, 0x37, 0xa2
-+};
-+
-+/* SHA-256 No PR */
-+__fips_constseg static const unsigned char sha256_entropyinput[] = {
-+ 0x5b, 0x1b, 0xec, 0x4d, 0xa9, 0x38, 0x74, 0x5a, 0x34, 0x0b, 0x7b, 0xc5,
-+ 0xe5, 0xd7, 0x66, 0x7c, 0xbc, 0x82, 0xb9, 0x0e, 0x2d, 0x1f, 0x92, 0xd7,
-+ 0xc1, 0xbc, 0x67, 0x69, 0xec, 0x6b, 0x03, 0x3c
-+};
-+
-+__fips_constseg static const unsigned char sha256_nonce[] = {
-+ 0xa4, 0x0c, 0xd8, 0x9c, 0x61, 0xd8, 0xc3, 0x54, 0xfe, 0x53, 0xc9, 0xe5,
-+ 0x5d, 0x6f, 0x6d, 0x35
-+};
-+
-+__fips_constseg static const unsigned char sha256_personalizationstring[] = {
-+ 0x22, 0x5e, 0x62, 0x93, 0x42, 0x83, 0x78, 0x24, 0xd8, 0x40, 0x8c, 0xde,
-+ 0x6f, 0xf9, 0xa4, 0x7a, 0xc5, 0xa7, 0x3b, 0x88, 0xa3, 0xee, 0x42, 0x20,
-+ 0xfd, 0x61, 0x56, 0xc6, 0x4c, 0x13, 0x41, 0x9c
-+};
-+
-+__fips_constseg static const unsigned char sha256_additionalinput[] = {
-+ 0xbf, 0x74, 0x5b, 0xf6, 0xc5, 0x64, 0x5e, 0x99, 0x34, 0x8f, 0xbc, 0xa4,
-+ 0xe2, 0xbd, 0xd8, 0x85, 0x26, 0x37, 0xea, 0xba, 0x4f, 0xf2, 0x9a, 0x9a,
-+ 0x66, 0xfc, 0xdf, 0x63, 0x26, 0x26, 0x19, 0x87
-+};
-+
-+__fips_constseg static const unsigned char sha256_int_returnedbits[] = {
-+ 0xb3, 0xc6, 0x07, 0x07, 0xd6, 0x75, 0xf6, 0x2b, 0xd6, 0x21, 0x96, 0xf1,
-+ 0xae, 0xdb, 0x2b, 0xac, 0x25, 0x2a, 0xae, 0xae, 0x41, 0x72, 0x03, 0x5e,
-+ 0xbf, 0xd3, 0x64, 0xbc, 0x59, 0xf9, 0xc0, 0x76
-+};
-+
-+__fips_constseg static const unsigned char sha256_entropyinputreseed[] = {
-+ 0xbf, 0x20, 0x33, 0x56, 0x29, 0xa8, 0x37, 0x04, 0x1f, 0x78, 0x34, 0x3d,
-+ 0x81, 0x2a, 0xc9, 0x86, 0xc6, 0x7a, 0x2f, 0x88, 0x5e, 0xd5, 0xbe, 0x34,
-+ 0x46, 0x20, 0xa4, 0x35, 0xeb, 0xc7, 0xe2, 0x9d
-+};
-+
-+__fips_constseg static const unsigned char sha256_additionalinputreseed[] = {
-+ 0x9b, 0xae, 0x2d, 0x2d, 0x61, 0xa4, 0x89, 0xeb, 0x43, 0x46, 0xa7, 0xda,
-+ 0xef, 0x40, 0xca, 0x4a, 0x99, 0x11, 0x41, 0xdc, 0x5c, 0x94, 0xe9, 0xac,
-+ 0xd4, 0xd0, 0xe6, 0xbd, 0xfb, 0x03, 0x9c, 0xa8
-+};
-+
-+__fips_constseg static const unsigned char sha256_additionalinput2[] = {
-+ 0x23, 0xaa, 0x0c, 0xbd, 0x28, 0x33, 0xe2, 0x51, 0xfc, 0x71, 0xd2, 0x15,
-+ 0x1f, 0x76, 0xfd, 0x0d, 0xe0, 0xb7, 0xb5, 0x84, 0x75, 0x5b, 0xbe, 0xf3,
-+ 0x5c, 0xca, 0xc5, 0x30, 0xf2, 0x75, 0x1f, 0xda
-+};
-+
-+__fips_constseg static const unsigned char sha256_returnedbits[] = {
-+ 0x90, 0x3c, 0xc1, 0x10, 0x8c, 0x12, 0x01, 0xc6, 0xa6, 0x3a, 0x0f, 0x4d,
-+ 0xb6, 0x3a, 0x4f, 0x41, 0x9c, 0x61, 0x75, 0x84, 0xe9, 0x74, 0x75, 0xfd,
-+ 0xfe, 0xf2, 0x1f, 0x43, 0xd8, 0x5e, 0x24, 0xa3
-+};
-+
-+/* SHA-384 PR */
-+__fips_constseg static const unsigned char sha384_pr_entropyinput[] = {
-+ 0x71, 0x9d, 0xb2, 0x5a, 0x71, 0x6d, 0x04, 0xe9, 0x1e, 0xc7, 0x92, 0x24,
-+ 0x6e, 0x12, 0x33, 0xa9, 0x52, 0x64, 0x31, 0xef, 0x71, 0xeb, 0x22, 0x55,
-+ 0x28, 0x97, 0x06, 0x6a, 0xc0, 0x0c, 0xa0, 0x7e
-+};
-+
-+__fips_constseg static const unsigned char sha384_pr_nonce[] = {
-+ 0xf5, 0x0d, 0xfa, 0xb0, 0xec, 0x6a, 0x7c, 0xd6, 0xbd, 0x9b, 0x05, 0xfd,
-+ 0x38, 0x3e, 0x2e, 0x56
-+};
-+
-+__fips_constseg static const unsigned char sha384_pr_personalizationstring[] = {
-+ 0x74, 0xac, 0x7e, 0x6d, 0xb1, 0xa4, 0xe7, 0x21, 0xd1, 0x1e, 0x6e, 0x96,
-+ 0x6d, 0x4d, 0x53, 0x46, 0x82, 0x96, 0x6e, 0xcf, 0xaa, 0x81, 0x8d, 0x7d,
-+ 0x9e, 0xe1, 0x0f, 0x15, 0xea, 0x41, 0xbf, 0xe3
-+};
-+
-+__fips_constseg static const unsigned char sha384_pr_additionalinput[] = {
-+ 0xda, 0x95, 0xd4, 0xd0, 0xb8, 0x11, 0xd3, 0x49, 0x27, 0x5d, 0xa9, 0x39,
-+ 0x68, 0xf3, 0xa8, 0xe9, 0x5d, 0x19, 0x8a, 0x2b, 0x66, 0xe8, 0x69, 0x06,
-+ 0x7c, 0x9e, 0x03, 0xa1, 0x8b, 0x26, 0x2d, 0x6e
-+};
-+
-+__fips_constseg static const unsigned char sha384_pr_entropyinputpr[] = {
-+ 0x49, 0xdf, 0x44, 0x00, 0xe4, 0x1c, 0x75, 0x0b, 0x26, 0x5a, 0x59, 0x64,
-+ 0x1f, 0x4e, 0xb1, 0xb2, 0x13, 0xf1, 0x22, 0x4e, 0xb4, 0x6d, 0x9a, 0xcc,
-+ 0xa0, 0x48, 0xe6, 0xcf, 0x1d, 0xd1, 0x92, 0x0d
-+};
-+
-+__fips_constseg static const unsigned char sha384_pr_int_returnedbits[] = {
-+ 0xc8, 0x52, 0xae, 0xbf, 0x04, 0x3c, 0x27, 0xb7, 0x78, 0x18, 0xaa, 0x8f,
-+ 0xff, 0xcf, 0xa4, 0xf1, 0xcc, 0xe7, 0x68, 0xfa, 0x22, 0xa2, 0x13, 0x45,
-+ 0xe8, 0xdd, 0x87, 0xe6, 0xf2, 0x6e, 0xdd, 0xc7, 0x52, 0x90, 0x9f, 0x7b,
-+ 0xfa, 0x61, 0x2d, 0x9d, 0x9e, 0xcf, 0x98, 0xac, 0x52, 0x40, 0xce, 0xaf
-+};
-+
-+__fips_constseg static const unsigned char sha384_pr_additionalinput2[] = {
-+ 0x61, 0x7c, 0x03, 0x9a, 0x3e, 0x50, 0x57, 0x60, 0xc5, 0x83, 0xc9, 0xb2,
-+ 0xd1, 0x87, 0x85, 0x66, 0x92, 0x5d, 0x84, 0x0e, 0x53, 0xfb, 0x70, 0x03,
-+ 0x72, 0xfd, 0xba, 0xae, 0x9c, 0x8f, 0xf8, 0x18
-+};
-+
-+__fips_constseg static const unsigned char sha384_pr_entropyinputpr2[] = {
-+ 0xf8, 0xeb, 0x89, 0xb1, 0x8d, 0x78, 0xbe, 0x21, 0xe0, 0xbb, 0x9d, 0xb7,
-+ 0x95, 0x0e, 0xd9, 0x46, 0x0c, 0x8c, 0xe2, 0x63, 0xb7, 0x9d, 0x67, 0x90,
-+ 0xbd, 0xc7, 0x0b, 0xa5, 0xce, 0xb2, 0x65, 0x81
-+};
-+
-+__fips_constseg static const unsigned char sha384_pr_returnedbits[] = {
-+ 0xe6, 0x9f, 0xfe, 0x68, 0xd6, 0xb5, 0x79, 0xf1, 0x06, 0x5f, 0xa3, 0xbb,
-+ 0x23, 0x85, 0xd8, 0xf0, 0x29, 0x5a, 0x68, 0x9e, 0xf5, 0xf4, 0xa6, 0x12,
-+ 0xe0, 0x9a, 0xe2, 0xac, 0x00, 0x1d, 0x98, 0x26, 0xfc, 0x53, 0x95, 0x53,
-+ 0xe4, 0x3e, 0x17, 0xd5, 0x08, 0x0b, 0x70, 0x3d, 0x67, 0x99, 0xac, 0x66
-+};
-+
-+/* SHA-384 No PR */
-+__fips_constseg static const unsigned char sha384_entropyinput[] = {
-+ 0x07, 0x15, 0x27, 0x2a, 0xaf, 0x74, 0x24, 0x37, 0xbc, 0xd5, 0x14, 0x69,
-+ 0xce, 0x11, 0xff, 0xa2, 0x6b, 0xb8, 0x05, 0x67, 0x34, 0xf8, 0xbd, 0x6d,
-+ 0x6a, 0xcc, 0xcd, 0x60, 0xa3, 0x68, 0xca, 0xf4
-+};
-+
-+__fips_constseg static const unsigned char sha384_nonce[] = {
-+ 0x70, 0x17, 0xc2, 0x5b, 0x5d, 0x22, 0x0b, 0x06, 0x15, 0x54, 0x78, 0x77,
-+ 0x44, 0xaf, 0x2f, 0x09
-+};
-+
-+__fips_constseg static const unsigned char sha384_personalizationstring[] = {
-+ 0x89, 0x39, 0x28, 0xb0, 0x60, 0xeb, 0x3d, 0xdc, 0x55, 0x75, 0x86, 0xeb,
-+ 0xae, 0xa2, 0x8f, 0xbc, 0x1b, 0x75, 0xd4, 0xe1, 0x0f, 0xaa, 0x38, 0xca,
-+ 0x62, 0x8b, 0xcb, 0x2c, 0x26, 0xf6, 0xbc, 0xb1
-+};
-+
-+__fips_constseg static const unsigned char sha384_additionalinput[] = {
-+ 0x30, 0x2b, 0x42, 0x35, 0xef, 0xda, 0x40, 0x55, 0x28, 0xc6, 0x95, 0xfb,
-+ 0x54, 0x01, 0x62, 0xd7, 0x87, 0x14, 0x48, 0x6d, 0x90, 0x4c, 0xa9, 0x02,
-+ 0x54, 0x40, 0x22, 0xc8, 0x66, 0xa5, 0x48, 0x48
-+};
-+
-+__fips_constseg static const unsigned char sha384_int_returnedbits[] = {
-+ 0x82, 0xc4, 0xa1, 0x9c, 0x21, 0xd2, 0xe7, 0xa5, 0xa6, 0xf6, 0x5f, 0x04,
-+ 0x5c, 0xc7, 0x31, 0x9d, 0x8d, 0x59, 0x74, 0x50, 0x19, 0x89, 0x2f, 0x63,
-+ 0xd5, 0xb7, 0x7e, 0xeb, 0x15, 0xe3, 0x70, 0x83, 0xa1, 0x24, 0x59, 0xfa,
-+ 0x2c, 0x56, 0xf6, 0x88, 0x3a, 0x92, 0x93, 0xa1, 0xfb, 0x79, 0xc1, 0x7a
-+};
-+
-+__fips_constseg static const unsigned char sha384_entropyinputreseed[] = {
-+ 0x39, 0xa6, 0xe8, 0x5c, 0x82, 0x17, 0x71, 0x26, 0x57, 0x4f, 0x9f, 0xc2,
-+ 0x55, 0xff, 0x5c, 0x9b, 0x53, 0x1a, 0xd1, 0x5f, 0xbc, 0x62, 0xe4, 0x27,
-+ 0x2d, 0x32, 0xf0, 0xe4, 0x52, 0x8c, 0xc5, 0x0c
-+};
-+
-+__fips_constseg static const unsigned char sha384_additionalinputreseed[] = {
-+ 0x8d, 0xcb, 0x8d, 0xce, 0x08, 0xea, 0x80, 0xe8, 0x9b, 0x61, 0xa8, 0x0f,
-+ 0xaf, 0x49, 0x20, 0x9e, 0x74, 0xcb, 0x57, 0x80, 0x42, 0xb0, 0x84, 0x5e,
-+ 0x30, 0x2a, 0x67, 0x08, 0xf4, 0xe3, 0x40, 0x22
-+};
-+
-+__fips_constseg static const unsigned char sha384_additionalinput2[] = {
-+ 0x7c, 0x8f, 0xc2, 0xae, 0x22, 0x4a, 0xd6, 0xf6, 0x05, 0xa4, 0x7a, 0xea,
-+ 0xbb, 0x25, 0xd0, 0xb7, 0x5a, 0xd6, 0xcf, 0x9d, 0xf3, 0x6c, 0xe2, 0xb2,
-+ 0x4e, 0xb4, 0xbd, 0xf4, 0xe5, 0x40, 0x80, 0x94
-+};
-+
-+__fips_constseg static const unsigned char sha384_returnedbits[] = {
-+ 0x9e, 0x7e, 0xfb, 0x59, 0xbb, 0xaa, 0x3c, 0xf7, 0xe1, 0xf8, 0x76, 0xdd,
-+ 0x63, 0x5f, 0xaf, 0x23, 0xd6, 0x64, 0x61, 0xc0, 0x9a, 0x09, 0x47, 0xc9,
-+ 0x33, 0xdf, 0x6d, 0x55, 0x91, 0x34, 0x79, 0x70, 0xc4, 0x99, 0x6e, 0x54,
-+ 0x09, 0x64, 0x21, 0x1a, 0xbd, 0x1e, 0x80, 0x40, 0x34, 0xad, 0xfa, 0xd7
-+};
-+
-+/* SHA-512 PR */
-+__fips_constseg static const unsigned char sha512_pr_entropyinput[] = {
-+ 0x13, 0xf7, 0x61, 0x75, 0x65, 0x28, 0xa2, 0x59, 0x13, 0x5a, 0x4a, 0x4f,
-+ 0x56, 0x60, 0x8c, 0x53, 0x7d, 0xb0, 0xbd, 0x06, 0x4f, 0xed, 0xcc, 0xd2,
-+ 0xa2, 0xb5, 0xfd, 0x5b, 0x3a, 0xab, 0xec, 0x28
-+};
-+
-+__fips_constseg static const unsigned char sha512_pr_nonce[] = {
-+ 0xbe, 0xa3, 0x91, 0x93, 0x1d, 0xc3, 0x31, 0x3a, 0x23, 0x33, 0x50, 0x67,
-+ 0x88, 0xc7, 0xa2, 0xc4
-+};
-+
-+__fips_constseg static const unsigned char sha512_pr_personalizationstring[] = {
-+ 0x1f, 0x59, 0x4d, 0x7b, 0xe6, 0x46, 0x91, 0x48, 0xc1, 0x25, 0xfa, 0xff,
-+ 0x89, 0x12, 0x77, 0x35, 0xdf, 0x3e, 0xf4, 0x80, 0x5f, 0xd9, 0xb0, 0x07,
-+ 0x22, 0x41, 0xdd, 0x48, 0x78, 0x6b, 0x77, 0x2b
-+};
-+
-+__fips_constseg static const unsigned char sha512_pr_additionalinput[] = {
-+ 0x30, 0xff, 0x63, 0x6f, 0xac, 0xd9, 0x84, 0x39, 0x6f, 0xe4, 0x99, 0xce,
-+ 0x91, 0x7d, 0x7e, 0xc8, 0x58, 0xf2, 0x12, 0xc3, 0xb6, 0xad, 0xda, 0x22,
-+ 0x04, 0xa0, 0xd2, 0x21, 0xfe, 0xf2, 0x95, 0x1d
-+};
-+
-+__fips_constseg static const unsigned char sha512_pr_entropyinputpr[] = {
-+ 0x64, 0x54, 0x13, 0xec, 0x4f, 0x77, 0xda, 0xb2, 0x92, 0x2e, 0x52, 0x80,
-+ 0x11, 0x10, 0xc2, 0xf8, 0xe6, 0xa7, 0xcd, 0x4b, 0xfc, 0x32, 0x2e, 0x9e,
-+ 0xeb, 0xbb, 0xb1, 0xbf, 0x15, 0x5c, 0x73, 0x08
-+};
-+
-+__fips_constseg static const unsigned char sha512_pr_int_returnedbits[] = {
-+ 0xef, 0x1e, 0xdc, 0x0a, 0xa4, 0x36, 0x91, 0x9c, 0x3d, 0x27, 0x97, 0x50,
-+ 0x8d, 0x36, 0x29, 0x8d, 0xce, 0x6a, 0x0c, 0xf7, 0x21, 0xc0, 0x91, 0xae,
-+ 0x0c, 0x96, 0x72, 0xbd, 0x52, 0x81, 0x58, 0xfc, 0x6d, 0xe5, 0xf7, 0xa5,
-+ 0xfd, 0x5d, 0xa7, 0x58, 0x68, 0xc8, 0x99, 0x58, 0x8e, 0xc8, 0xce, 0x95,
-+ 0x01, 0x7d, 0xff, 0xa4, 0xc8, 0xf7, 0x63, 0xfe, 0x5f, 0x69, 0x83, 0x53,
-+ 0xe2, 0xc6, 0x8b, 0xc3
-+};
-+
-+__fips_constseg static const unsigned char sha512_pr_additionalinput2[] = {
-+ 0xe6, 0x9b, 0xc4, 0x88, 0x34, 0xca, 0xea, 0x29, 0x2f, 0x98, 0x05, 0xa4,
-+ 0xd3, 0xc0, 0x7b, 0x11, 0xe8, 0xbb, 0x75, 0xf2, 0xbd, 0x29, 0xb7, 0x40,
-+ 0x25, 0x7f, 0xc1, 0xb7, 0xb1, 0xf1, 0x25, 0x61
-+};
-+
-+__fips_constseg static const unsigned char sha512_pr_entropyinputpr2[] = {
-+ 0x23, 0x6d, 0xff, 0xde, 0xfb, 0xd1, 0xba, 0x33, 0x18, 0xe6, 0xbe, 0xb5,
-+ 0x48, 0x77, 0x6d, 0x7f, 0xa7, 0xe1, 0x4d, 0x48, 0x1e, 0x3c, 0xa7, 0x34,
-+ 0x1a, 0xc8, 0x60, 0xdb, 0x8f, 0x99, 0x15, 0x99
-+};
-+
-+__fips_constseg static const unsigned char sha512_pr_returnedbits[] = {
-+ 0x70, 0x27, 0x31, 0xdb, 0x92, 0x70, 0x21, 0xfe, 0x16, 0xb6, 0xc8, 0x51,
-+ 0x34, 0x87, 0x65, 0xd0, 0x4e, 0xfd, 0xfe, 0x68, 0xec, 0xac, 0xdc, 0x93,
-+ 0x41, 0x38, 0x92, 0x90, 0xb4, 0x94, 0xf9, 0x0d, 0xa4, 0xf7, 0x4e, 0x80,
-+ 0x92, 0x67, 0x48, 0x40, 0xa7, 0x08, 0xc7, 0xbc, 0x66, 0x00, 0xfd, 0xf7,
-+ 0x4c, 0x8b, 0x17, 0x6e, 0xd1, 0x8f, 0x9b, 0xf3, 0x6f, 0xf6, 0x34, 0xdd,
-+ 0x67, 0xf7, 0x68, 0xdd
-+};
-+
-+/* SHA-512 No PR */
-+__fips_constseg static const unsigned char sha512_entropyinput[] = {
-+ 0xb6, 0x0b, 0xb7, 0xbc, 0x84, 0x56, 0xf6, 0x12, 0xaf, 0x45, 0x67, 0x17,
-+ 0x7c, 0xd1, 0xb2, 0x78, 0x2b, 0xa0, 0xf2, 0xbe, 0xb6, 0x6d, 0x8b, 0x56,
-+ 0xc6, 0xbc, 0x4d, 0xe1, 0xf7, 0xbe, 0xce, 0xbd
-+};
-+
-+__fips_constseg static const unsigned char sha512_nonce[] = {
-+ 0x9d, 0xed, 0xc0, 0xe5, 0x5a, 0x98, 0x6a, 0xcb, 0x51, 0x7d, 0x76, 0x31,
-+ 0x5a, 0x64, 0xf0, 0xf7
-+};
-+
-+__fips_constseg static const unsigned char sha512_personalizationstring[] = {
-+ 0xc2, 0x6d, 0xa3, 0xc3, 0x06, 0x74, 0xe5, 0x01, 0x5c, 0x10, 0x17, 0xc7,
-+ 0xaf, 0x83, 0x9d, 0x59, 0x8d, 0x2d, 0x29, 0x38, 0xc5, 0x59, 0x70, 0x8b,
-+ 0x46, 0x48, 0x2d, 0xcf, 0x36, 0x7d, 0x59, 0xc0
-+};
-+
-+__fips_constseg static const unsigned char sha512_additionalinput[] = {
-+ 0xec, 0x8c, 0xd4, 0xf7, 0x61, 0x6e, 0x0d, 0x95, 0x79, 0xb7, 0x28, 0xad,
-+ 0x5f, 0x69, 0x74, 0x5f, 0x2d, 0x36, 0x06, 0x8a, 0x6b, 0xac, 0x54, 0x97,
-+ 0xc4, 0xa1, 0x12, 0x85, 0x0a, 0xdf, 0x4b, 0x34
-+};
-+
-+__fips_constseg static const unsigned char sha512_int_returnedbits[] = {
-+ 0x84, 0x2f, 0x1f, 0x68, 0x6a, 0xa3, 0xad, 0x1e, 0xfb, 0xf4, 0x15, 0xbd,
-+ 0xde, 0x38, 0xd4, 0x30, 0x80, 0x51, 0xe9, 0xd3, 0xc7, 0x20, 0x88, 0xe9,
-+ 0xf5, 0xcc, 0xdf, 0x57, 0x5c, 0x47, 0x2f, 0x57, 0x3c, 0x5f, 0x13, 0x56,
-+ 0xcc, 0xc5, 0x4f, 0x84, 0xf8, 0x10, 0x41, 0xd5, 0x7e, 0x58, 0x6e, 0x19,
-+ 0x19, 0x9e, 0xaf, 0xc2, 0x22, 0x58, 0x41, 0x50, 0x79, 0xc2, 0xd8, 0x04,
-+ 0x28, 0xd4, 0x39, 0x9a
-+};
-+
-+__fips_constseg static const unsigned char sha512_entropyinputreseed[] = {
-+ 0xfa, 0x7f, 0x46, 0x51, 0x83, 0x62, 0x98, 0x16, 0x9a, 0x19, 0xa2, 0x49,
-+ 0xa9, 0xe6, 0x4a, 0xd8, 0x85, 0xe7, 0xd4, 0x3b, 0x2c, 0x82, 0xc5, 0x82,
-+ 0xbf, 0x11, 0xf9, 0x9e, 0xbc, 0xd0, 0x01, 0xee
-+};
-+
-+__fips_constseg static const unsigned char sha512_additionalinputreseed[] = {
-+ 0xb9, 0x12, 0xe0, 0x4f, 0xf7, 0xa7, 0xc4, 0xd8, 0xd0, 0x8e, 0x99, 0x29,
-+ 0x7c, 0x9a, 0xe9, 0xcf, 0xc4, 0x6c, 0xf8, 0xc3, 0xa7, 0x41, 0x83, 0xd6,
-+ 0x2e, 0xfa, 0xb8, 0x5e, 0x8e, 0x6b, 0x78, 0x20
-+};
-+
-+__fips_constseg static const unsigned char sha512_additionalinput2[] = {
-+ 0xd7, 0x07, 0x52, 0xb9, 0x83, 0x2c, 0x03, 0x71, 0xee, 0xc9, 0xc0, 0x85,
-+ 0xe1, 0x57, 0xb2, 0xcd, 0x3a, 0xf0, 0xc9, 0x34, 0x24, 0x41, 0x1c, 0x42,
-+ 0x99, 0xb2, 0x84, 0xe9, 0x17, 0xd2, 0x76, 0x92
-+};
-+
-+__fips_constseg static const unsigned char sha512_returnedbits[] = {
-+ 0x36, 0x17, 0x5d, 0x98, 0x2b, 0x65, 0x25, 0x8e, 0xc8, 0x29, 0xdf, 0x27,
-+ 0x05, 0x36, 0x26, 0x12, 0x8a, 0x68, 0x74, 0x27, 0x37, 0xd4, 0x7f, 0x32,
-+ 0xb1, 0x12, 0xd6, 0x85, 0x83, 0xeb, 0x2e, 0xa0, 0xed, 0x4b, 0xb5, 0x7b,
-+ 0x6f, 0x39, 0x3c, 0x71, 0x77, 0x02, 0x12, 0xcc, 0x2c, 0x3a, 0x8e, 0x63,
-+ 0xdf, 0x4a, 0xbd, 0x6f, 0x6e, 0x2e, 0xed, 0x0a, 0x85, 0xa5, 0x2f, 0xa2,
-+ 0x68, 0xde, 0x42, 0xb5
-+};
-+
-+/* HMAC SHA-1 PR */
-+__fips_constseg static const unsigned char hmac_sha1_pr_entropyinput[] = {
-+ 0x26, 0x5f, 0x36, 0x14, 0xff, 0x3d, 0x83, 0xfa, 0x73, 0x5e, 0x75, 0xdc,
-+ 0x2c, 0x18, 0x17, 0x1b
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_pr_nonce[] = {
-+ 0xc8, 0xe3, 0x57, 0xa5, 0x7b, 0x74, 0x86, 0x6e
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha1_pr_personalizationstring[] = {
-+ 0x6e, 0xdb, 0x0d, 0xfe, 0x7d, 0xac, 0x79, 0xd0, 0xa5, 0x3a, 0x48, 0x85,
-+ 0x80, 0xe2, 0x7f, 0x2a
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_pr_additionalinput[] = {
-+ 0x31, 0xcd, 0x5e, 0x43, 0xdc, 0xfb, 0x7a, 0x79, 0xca, 0x88, 0xde, 0x1f,
-+ 0xd7, 0xbb, 0x42, 0x09
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_pr_entropyinputpr[] = {
-+ 0x7c, 0x23, 0x95, 0x38, 0x00, 0x95, 0xc1, 0x78, 0x1f, 0x8f, 0xd7, 0x63,
-+ 0x23, 0x87, 0x2a, 0xed
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_pr_int_returnedbits[] = {
-+ 0xbb, 0x34, 0xe7, 0x93, 0xa3, 0x02, 0x2c, 0x4a, 0xd0, 0x89, 0xda, 0x7f,
-+ 0xed, 0xf4, 0x4c, 0xde, 0x17, 0xec, 0xe5, 0x6c
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_pr_additionalinput2[] = {
-+ 0x49, 0xbc, 0x2d, 0x2c, 0xb7, 0x32, 0xcb, 0x20, 0xdf, 0xf5, 0x77, 0x58,
-+ 0xa0, 0x4b, 0x93, 0x6e
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_pr_entropyinputpr2[] = {
-+ 0x3c, 0xaa, 0xb0, 0x21, 0x42, 0xb0, 0xdd, 0x34, 0xf0, 0x16, 0x7f, 0x0c,
-+ 0x0f, 0xff, 0x2e, 0xaf
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_pr_returnedbits[] = {
-+ 0x8e, 0xcb, 0xa3, 0x64, 0xb2, 0xb8, 0x33, 0x6c, 0x64, 0x3b, 0x78, 0x16,
-+ 0x99, 0x35, 0xc8, 0x30, 0xcb, 0x3e, 0xa0, 0xd8
-+};
-+
-+/* HMAC SHA-1 No PR */
-+__fips_constseg static const unsigned char hmac_sha1_entropyinput[] = {
-+ 0x32, 0x9a, 0x2a, 0x87, 0x7b, 0x89, 0x7c, 0xf6, 0xcb, 0x95, 0xd5, 0x40,
-+ 0x17, 0xfe, 0x47, 0x70
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_nonce[] = {
-+ 0x16, 0xd8, 0xe0, 0xc7, 0x52, 0xcf, 0x4a, 0x25
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_personalizationstring[] = {
-+ 0x35, 0x35, 0xa9, 0xa5, 0x40, 0xbe, 0x9b, 0xd1, 0x56, 0xdd, 0x44, 0x00,
-+ 0x72, 0xf7, 0xd3, 0x5e
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_additionalinput[] = {
-+ 0x1b, 0x2c, 0x84, 0x2d, 0x4a, 0x89, 0x8f, 0x69, 0x19, 0xf1, 0xf3, 0xdb,
-+ 0xbb, 0xe3, 0xaa, 0xea
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_int_returnedbits[] = {
-+ 0xcf, 0xfa, 0x7d, 0x72, 0x0f, 0xe6, 0xc7, 0x96, 0xa0, 0x69, 0x31, 0x11,
-+ 0x9b, 0x0b, 0x1a, 0x20, 0x1f, 0x3f, 0xaa, 0xd1
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_entropyinputreseed[] = {
-+ 0x90, 0x75, 0x15, 0x04, 0x95, 0xf1, 0xba, 0x81, 0x0c, 0x37, 0x94, 0x6f,
-+ 0x86, 0x52, 0x6d, 0x9c
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_additionalinputreseed[] = {
-+ 0x5b, 0x40, 0xba, 0x5f, 0x17, 0x70, 0xf0, 0x4b, 0xdf, 0xc9, 0x97, 0x92,
-+ 0x79, 0xc5, 0x82, 0x28
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_additionalinput2[] = {
-+ 0x97, 0xc8, 0x80, 0x90, 0xb3, 0xaa, 0x6e, 0x60, 0xea, 0x83, 0x7a, 0xe3,
-+ 0x8a, 0xca, 0xa4, 0x7f
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_returnedbits[] = {
-+ 0x90, 0xbd, 0x05, 0x56, 0x6d, 0xb5, 0x22, 0xd5, 0xb9, 0x5a, 0x29, 0x2d,
-+ 0xe9, 0x0b, 0xe1, 0xac, 0xde, 0x27, 0x0b, 0xb0
-+};
-+
-+/* HMAC SHA-224 PR */
-+__fips_constseg static const unsigned char hmac_sha224_pr_entropyinput[] = {
-+ 0x17, 0x32, 0x2b, 0x2e, 0x6f, 0x1b, 0x9c, 0x6d, 0x31, 0xe0, 0x34, 0x07,
-+ 0xcf, 0xed, 0xf6, 0xb6, 0x5a, 0x76, 0x4c, 0xbc, 0x62, 0x85, 0x01, 0x90
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_pr_nonce[] = {
-+ 0x38, 0xbf, 0x5f, 0x20, 0xb3, 0x68, 0x2f, 0x43, 0x61, 0x05, 0x8f, 0x23
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha224_pr_personalizationstring[] = {
-+ 0xc0, 0xc9, 0x45, 0xac, 0x8d, 0x27, 0x77, 0x08, 0x0b, 0x17, 0x6d, 0xed,
-+ 0xc1, 0x7d, 0xd5, 0x07, 0x9d, 0x6e, 0xf8, 0x23, 0x2a, 0x22, 0x13, 0xbd
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_pr_additionalinput[] = {
-+ 0xa4, 0x3c, 0xe7, 0x3b, 0xea, 0x19, 0x45, 0x32, 0xc2, 0x83, 0x6d, 0x21,
-+ 0x8a, 0xc0, 0xee, 0x67, 0x45, 0xde, 0x13, 0x7d, 0x9d, 0x61, 0x00, 0x3b
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_pr_entropyinputpr[] = {
-+ 0x15, 0x05, 0x74, 0x4a, 0x7f, 0x8d, 0x5c, 0x60, 0x16, 0xe5, 0x7b, 0xad,
-+ 0xf5, 0x41, 0x8f, 0x55, 0x60, 0xc4, 0x09, 0xee, 0x1e, 0x11, 0x81, 0xab
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_pr_int_returnedbits[] = {
-+ 0x6f, 0xf5, 0x9a, 0xe2, 0x54, 0x53, 0x30, 0x3d, 0x5a, 0x27, 0x29, 0x38,
-+ 0x27, 0xf2, 0x0d, 0x05, 0xe9, 0x26, 0xcb, 0x16, 0xc3, 0x51, 0x5f, 0x13,
-+ 0x41, 0xfe, 0x99, 0xf2
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_pr_additionalinput2[] = {
-+ 0x73, 0x81, 0x88, 0x84, 0x8f, 0xed, 0x6f, 0x10, 0x9f, 0x93, 0xbf, 0x17,
-+ 0x35, 0x7c, 0xef, 0xd5, 0x8d, 0x26, 0xa6, 0x7a, 0xe8, 0x09, 0x36, 0x4f
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_pr_entropyinputpr2[] = {
-+ 0xe6, 0xcf, 0xcf, 0x7e, 0x12, 0xe5, 0x43, 0xd2, 0x38, 0xd8, 0x24, 0x6f,
-+ 0x5a, 0x37, 0x68, 0xbf, 0x4f, 0xa0, 0xff, 0xd5, 0x61, 0x8a, 0x93, 0xe0
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_pr_returnedbits[] = {
-+ 0xaf, 0xf9, 0xd8, 0x19, 0x91, 0x30, 0x82, 0x6f, 0xa9, 0x1e, 0x9d, 0xd7,
-+ 0xf3, 0x50, 0xe0, 0xc7, 0xd5, 0x64, 0x96, 0x7d, 0x4c, 0x4d, 0x78, 0x03,
-+ 0x6d, 0xd8, 0x9e, 0x72
-+};
-+
-+/* HMAC SHA-224 No PR */
-+__fips_constseg static const unsigned char hmac_sha224_entropyinput[] = {
-+ 0x11, 0x82, 0xfd, 0xd9, 0x42, 0xf4, 0xfa, 0xc8, 0xf2, 0x41, 0xe6, 0x54,
-+ 0x01, 0xae, 0x22, 0x6e, 0xc6, 0xaf, 0xaf, 0xd0, 0xa6, 0xb2, 0xe2, 0x6d
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_nonce[] = {
-+ 0xa9, 0x48, 0xd7, 0x92, 0x39, 0x7e, 0x2a, 0xdc, 0x30, 0x1f, 0x0e, 0x2b
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha224_personalizationstring[] = {
-+ 0x11, 0xd5, 0xf4, 0xbd, 0x67, 0x8c, 0x31, 0xcf, 0xa3, 0x3f, 0x1e, 0x6b,
-+ 0xa8, 0x07, 0x02, 0x0b, 0xc8, 0x2e, 0x6c, 0x64, 0x41, 0x5b, 0xc8, 0x37
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_additionalinput[] = {
-+ 0x68, 0x18, 0xc2, 0x06, 0xeb, 0x3e, 0x04, 0x95, 0x44, 0x5e, 0xfb, 0xe6,
-+ 0x41, 0xc1, 0x5c, 0xcc, 0x40, 0x2f, 0xb7, 0xd2, 0x0f, 0xf3, 0x6b, 0xe7
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_int_returnedbits[] = {
-+ 0x7f, 0x45, 0xc7, 0x5d, 0x32, 0xe6, 0x17, 0x60, 0xba, 0xdc, 0xb8, 0x42,
-+ 0x1b, 0x9c, 0xf1, 0xfa, 0x3b, 0x4d, 0x29, 0x54, 0xc6, 0x90, 0xff, 0x5c,
-+ 0xcd, 0xd6, 0xa9, 0xcc
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_entropyinputreseed[] = {
-+ 0xc4, 0x8e, 0x37, 0x95, 0x69, 0x53, 0x28, 0xd7, 0x37, 0xbb, 0x70, 0x95,
-+ 0x1c, 0x07, 0x1d, 0xd9, 0xb7, 0xe6, 0x1b, 0xbb, 0xfe, 0x41, 0xeb, 0xc9
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha224_additionalinputreseed[] = {
-+ 0x53, 0x17, 0xa1, 0x6a, 0xfa, 0x77, 0x47, 0xb0, 0x95, 0x56, 0x9a, 0x20,
-+ 0x57, 0xde, 0x5c, 0x89, 0x9f, 0x7f, 0xe2, 0xde, 0x17, 0x3a, 0x50, 0x23
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_additionalinput2[] = {
-+ 0x3a, 0x32, 0xf9, 0x85, 0x0c, 0xc1, 0xed, 0x76, 0x2d, 0xdf, 0x40, 0xc3,
-+ 0x06, 0x22, 0x66, 0xd4, 0x9a, 0x9a, 0xff, 0x5a, 0x7e, 0x7a, 0xf3, 0x96
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_returnedbits[] = {
-+ 0x43, 0xb4, 0x57, 0x5c, 0x38, 0x25, 0x9d, 0xae, 0xec, 0x96, 0xd1, 0x85,
-+ 0x3a, 0x84, 0x8d, 0xfe, 0x68, 0xd5, 0x0e, 0x5c, 0x8f, 0x65, 0xa5, 0x4e,
-+ 0x45, 0x84, 0xa8, 0x94
-+};
-+
-+/* HMAC SHA-256 PR */
-+__fips_constseg static const unsigned char hmac_sha256_pr_entropyinput[] = {
-+ 0x4d, 0xb0, 0x43, 0xd8, 0x34, 0x4b, 0x10, 0x70, 0xb1, 0x8b, 0xed, 0xea,
-+ 0x07, 0x92, 0x9f, 0x6c, 0x79, 0x31, 0xaf, 0x81, 0x29, 0xeb, 0x6e, 0xca,
-+ 0x32, 0x48, 0x28, 0xe7, 0x02, 0x5d, 0xa6, 0xa6
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_pr_nonce[] = {
-+ 0x3a, 0xae, 0x15, 0xa9, 0x99, 0xdc, 0xe4, 0x67, 0x34, 0x3b, 0x70, 0x15,
-+ 0xaa, 0xd3, 0x30, 0x9a
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha256_pr_personalizationstring[] = {
-+ 0x13, 0x1d, 0x24, 0x04, 0xb0, 0x18, 0x81, 0x15, 0x21, 0x51, 0x2a, 0x24,
-+ 0x52, 0x61, 0xbe, 0x64, 0x82, 0x6b, 0x55, 0x2f, 0xe2, 0xf1, 0x40, 0x7d,
-+ 0x71, 0xd8, 0x01, 0x86, 0x15, 0xb7, 0x8b, 0xb5
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_pr_additionalinput[] = {
-+ 0x8f, 0xa6, 0x54, 0x5f, 0xb1, 0xd0, 0xd8, 0xc3, 0xe7, 0x0c, 0x15, 0xa9,
-+ 0x23, 0x6e, 0xfe, 0xfb, 0x93, 0xf7, 0x3a, 0xbd, 0x59, 0x01, 0xfa, 0x18,
-+ 0x8e, 0xe9, 0x1a, 0xa9, 0x78, 0xfc, 0x79, 0x0b
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_pr_entropyinputpr[] = {
-+ 0xcf, 0x24, 0xb9, 0xeb, 0xb3, 0xd4, 0xcd, 0x17, 0x37, 0x38, 0x75, 0x79,
-+ 0x15, 0xcb, 0x2d, 0x75, 0x51, 0xf1, 0xcc, 0xaa, 0x32, 0xa4, 0xa7, 0x36,
-+ 0x7c, 0x5c, 0xe4, 0x47, 0xf1, 0x3e, 0x1d, 0xe5
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_pr_int_returnedbits[] = {
-+ 0x52, 0x42, 0xfa, 0xeb, 0x85, 0xe0, 0x30, 0x22, 0x79, 0x00, 0x16, 0xb2,
-+ 0x88, 0x2f, 0x14, 0x6a, 0xb7, 0xfc, 0xb7, 0x53, 0xdc, 0x4a, 0x12, 0xef,
-+ 0x54, 0xd6, 0x33, 0xe9, 0x20, 0xd6, 0xfd, 0x56
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_pr_additionalinput2[] = {
-+ 0xf4, 0xf6, 0x49, 0xa1, 0x2d, 0x64, 0x2b, 0x30, 0x58, 0xf8, 0xbd, 0xb8,
-+ 0x75, 0xeb, 0xbb, 0x5e, 0x1c, 0x9b, 0x81, 0x6a, 0xda, 0x14, 0x86, 0x6e,
-+ 0xd0, 0xda, 0x18, 0xb7, 0x88, 0xfb, 0x59, 0xf3
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_pr_entropyinputpr2[] = {
-+ 0x21, 0xcd, 0x6e, 0x46, 0xad, 0x99, 0x07, 0x17, 0xb4, 0x3d, 0x76, 0x0a,
-+ 0xff, 0x5b, 0x52, 0x50, 0x78, 0xdf, 0x1f, 0x24, 0x06, 0x0d, 0x3f, 0x74,
-+ 0xa9, 0xc9, 0x37, 0xcf, 0xd8, 0x26, 0x25, 0x91
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_pr_returnedbits[] = {
-+ 0xa7, 0xaf, 0x2f, 0x29, 0xe0, 0x3a, 0x72, 0x95, 0x96, 0x1c, 0xa9, 0xf0,
-+ 0x4a, 0x17, 0x4d, 0x66, 0x06, 0x10, 0xbf, 0x39, 0x89, 0x88, 0xb8, 0x91,
-+ 0x37, 0x18, 0x99, 0xcf, 0x8c, 0x53, 0x3b, 0x7e
-+};
-+
-+/* HMAC SHA-256 No PR */
-+__fips_constseg static const unsigned char hmac_sha256_entropyinput[] = {
-+ 0x96, 0xb7, 0x53, 0x22, 0x1e, 0x52, 0x2a, 0x96, 0xb1, 0x15, 0x3c, 0x35,
-+ 0x5a, 0x8b, 0xd3, 0x4a, 0xa6, 0x6c, 0x83, 0x0a, 0x7d, 0xa3, 0x23, 0x3d,
-+ 0x43, 0xa1, 0x07, 0x2c, 0x2d, 0xe3, 0x81, 0xcc
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_nonce[] = {
-+ 0xf1, 0xac, 0x97, 0xcb, 0x5e, 0x06, 0x48, 0xd2, 0x94, 0xbe, 0x15, 0x2e,
-+ 0xc7, 0xfc, 0xc2, 0x01
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha256_personalizationstring[] = {
-+ 0x98, 0xc5, 0x1e, 0x35, 0x5e, 0x89, 0x0d, 0xce, 0x64, 0x6d, 0x18, 0xa7,
-+ 0x5a, 0xc6, 0xf3, 0xe7, 0xd6, 0x9e, 0xc0, 0xea, 0xb7, 0x3a, 0x8d, 0x65,
-+ 0xb8, 0xeb, 0x10, 0xd7, 0x57, 0x18, 0xa0, 0x32
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_additionalinput[] = {
-+ 0x1b, 0x10, 0xaf, 0xac, 0xd0, 0x65, 0x95, 0xad, 0x04, 0xad, 0x03, 0x1c,
-+ 0xe0, 0x40, 0xd6, 0x3e, 0x1c, 0x46, 0x53, 0x39, 0x7c, 0xe2, 0xbc, 0xda,
-+ 0x8c, 0xa2, 0x33, 0xa7, 0x9a, 0x26, 0xd3, 0x27
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_int_returnedbits[] = {
-+ 0xba, 0x61, 0x0e, 0x55, 0xfe, 0x11, 0x8a, 0x9e, 0x0f, 0x80, 0xdf, 0x1d,
-+ 0x03, 0x0a, 0xfe, 0x15, 0x94, 0x28, 0x4b, 0xba, 0xf4, 0x9f, 0x51, 0x25,
-+ 0x88, 0xe5, 0x4e, 0xfb, 0xaf, 0xce, 0x69, 0x90
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_entropyinputreseed[] = {
-+ 0x62, 0x7f, 0x1e, 0x6b, 0xe8, 0x8e, 0xe1, 0x35, 0x7d, 0x9b, 0x4f, 0xc7,
-+ 0xec, 0xc8, 0xac, 0xef, 0x6b, 0x13, 0x9e, 0x05, 0x56, 0xc1, 0x08, 0xf9,
-+ 0x2f, 0x0f, 0x27, 0x9c, 0xd4, 0x15, 0xed, 0x2d
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha256_additionalinputreseed[] = {
-+ 0xc7, 0x76, 0x6e, 0xa9, 0xd2, 0xb2, 0x76, 0x40, 0x82, 0x25, 0x2c, 0xb3,
-+ 0x6f, 0xac, 0xe9, 0x74, 0xef, 0x8f, 0x3c, 0x8e, 0xcd, 0xf1, 0xbf, 0xb3,
-+ 0x49, 0x77, 0x34, 0x88, 0x52, 0x36, 0xe6, 0x2e
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_additionalinput2[] = {
-+ 0x8d, 0xb8, 0x0c, 0xd1, 0xbf, 0x70, 0xf6, 0x19, 0xc3, 0x41, 0x80, 0x9f,
-+ 0xe1, 0xa5, 0xa4, 0x1f, 0x2c, 0x26, 0xb1, 0xe5, 0xd8, 0xeb, 0xbe, 0xf8,
-+ 0xdf, 0x88, 0x6a, 0x89, 0xd6, 0x05, 0xd8, 0x9d
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_returnedbits[] = {
-+ 0x43, 0x12, 0x2a, 0x2c, 0x40, 0x53, 0x2e, 0x7c, 0x66, 0x34, 0xac, 0xc3,
-+ 0x43, 0xe3, 0xe0, 0x6a, 0xfc, 0xfa, 0xea, 0x87, 0x21, 0x1f, 0xe2, 0x26,
-+ 0xc4, 0xf9, 0x09, 0x9a, 0x0d, 0x6e, 0x7f, 0xe0
-+};
-+
-+/* HMAC SHA-384 PR */
-+__fips_constseg static const unsigned char hmac_sha384_pr_entropyinput[] = {
-+ 0x69, 0x81, 0x98, 0x88, 0x44, 0xf5, 0xd6, 0x2e, 0x00, 0x08, 0x3b, 0xc5,
-+ 0xfb, 0xd7, 0x8e, 0x6f, 0x23, 0xf8, 0x6d, 0x09, 0xd6, 0x85, 0x49, 0xd1,
-+ 0xf8, 0x6d, 0xa4, 0x58, 0x54, 0xfd, 0x88, 0xa9
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_pr_nonce[] = {
-+ 0x6e, 0x38, 0x81, 0xca, 0xb7, 0xe8, 0x6e, 0x66, 0x49, 0x8a, 0xb2, 0x59,
-+ 0xee, 0x16, 0xc9, 0xde
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha384_pr_personalizationstring[] = {
-+ 0xfe, 0x4c, 0xd9, 0xf4, 0x78, 0x3b, 0x08, 0x41, 0x8d, 0x8f, 0x55, 0xc4,
-+ 0x43, 0x56, 0xb6, 0x12, 0x36, 0x6b, 0x30, 0xb7, 0x5e, 0xe1, 0xb9, 0x47,
-+ 0x04, 0xb1, 0x4e, 0xa9, 0x00, 0xa1, 0x52, 0xa1
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_pr_additionalinput[] = {
-+ 0x89, 0xe9, 0xcc, 0x8f, 0x27, 0x3c, 0x26, 0xd1, 0x95, 0xc8, 0x7d, 0x0f,
-+ 0x5b, 0x1a, 0xf0, 0x78, 0x39, 0x56, 0x6f, 0xa4, 0x23, 0xe7, 0xd1, 0xda,
-+ 0x7c, 0x66, 0x33, 0xa0, 0x90, 0xc9, 0x92, 0x88
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_pr_entropyinputpr[] = {
-+ 0xbe, 0x3d, 0x7c, 0x0d, 0xca, 0xda, 0x7c, 0x49, 0xb8, 0x12, 0x36, 0xc0,
-+ 0xdb, 0xad, 0x35, 0xa8, 0xc7, 0x0b, 0x2a, 0x2c, 0x69, 0x6d, 0x25, 0x56,
-+ 0x63, 0x82, 0x11, 0x3e, 0xa7, 0x33, 0x70, 0x72
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_pr_int_returnedbits[] = {
-+ 0x82, 0x3d, 0xe6, 0x54, 0x80, 0x42, 0xf8, 0xba, 0x90, 0x4f, 0x06, 0xa6,
-+ 0xd2, 0x7f, 0xbf, 0x79, 0x7c, 0x12, 0x7d, 0xa6, 0xa2, 0x66, 0xe8, 0xa6,
-+ 0xc0, 0xd6, 0x4a, 0x55, 0xbf, 0xd8, 0x0a, 0xc5, 0xf8, 0x03, 0x88, 0xdd,
-+ 0x8e, 0x87, 0xd1, 0x5a, 0x48, 0x26, 0x72, 0x2a, 0x8e, 0xcf, 0xee, 0xba
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_pr_additionalinput2[] = {
-+ 0x8f, 0xff, 0xd9, 0x84, 0xbb, 0x85, 0x3a, 0x66, 0xa1, 0x21, 0xce, 0xb2,
-+ 0x3a, 0x3a, 0x17, 0x22, 0x19, 0xae, 0xc7, 0xb6, 0x63, 0x81, 0xd5, 0xff,
-+ 0x0d, 0xc8, 0xe1, 0xaf, 0x57, 0xd2, 0xcb, 0x60
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_pr_entropyinputpr2[] = {
-+ 0xd7, 0xfb, 0xc9, 0xe8, 0xe2, 0xf2, 0xaa, 0x4c, 0xb8, 0x51, 0x2f, 0xe1,
-+ 0x22, 0xba, 0xf3, 0xda, 0x0a, 0x19, 0x76, 0x71, 0x57, 0xb2, 0x1d, 0x94,
-+ 0x09, 0x69, 0x6c, 0xd3, 0x97, 0x51, 0x81, 0x87
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_pr_returnedbits[] = {
-+ 0xe6, 0x19, 0x28, 0xa8, 0x21, 0xce, 0x5e, 0xdb, 0x24, 0x79, 0x8c, 0x76,
-+ 0x5d, 0x73, 0xb2, 0xdf, 0xac, 0xef, 0x85, 0xa7, 0x3b, 0x19, 0x09, 0x8b,
-+ 0x7f, 0x98, 0x28, 0xa9, 0x93, 0xd8, 0x7a, 0xad, 0x55, 0x8b, 0x24, 0x9d,
-+ 0xe6, 0x98, 0xfe, 0x47, 0xd5, 0x48, 0xc1, 0x23, 0xd8, 0x1d, 0x62, 0x75
-+};
-+
-+/* HMAC SHA-384 No PR */
-+__fips_constseg static const unsigned char hmac_sha384_entropyinput[] = {
-+ 0xc3, 0x56, 0x2b, 0x1d, 0xc2, 0xbb, 0xa8, 0xf0, 0xae, 0x1b, 0x0d, 0xd3,
-+ 0x5a, 0x6c, 0xda, 0x57, 0x8e, 0xa5, 0x8a, 0x0d, 0x6c, 0x4b, 0x18, 0xb1,
-+ 0x04, 0x3e, 0xb4, 0x99, 0x35, 0xc4, 0xc0, 0x5f
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_nonce[] = {
-+ 0xc5, 0x49, 0x1e, 0x66, 0x27, 0x92, 0xbe, 0xec, 0xb5, 0x1e, 0x4b, 0xb1,
-+ 0x38, 0xe3, 0xeb, 0x62
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha384_personalizationstring[] = {
-+ 0xbe, 0xe7, 0x6b, 0x57, 0xde, 0x88, 0x11, 0x96, 0x9b, 0x6e, 0xea, 0xe5,
-+ 0x63, 0x83, 0x4c, 0xb6, 0x8d, 0x66, 0xaa, 0x1f, 0x8b, 0x54, 0xe7, 0x62,
-+ 0x6d, 0x5a, 0xfc, 0xbf, 0x97, 0xba, 0xcd, 0x77
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_additionalinput[] = {
-+ 0xe5, 0x28, 0x5f, 0x43, 0xf5, 0x83, 0x6e, 0x0a, 0x83, 0x5c, 0xe3, 0x81,
-+ 0x03, 0xf2, 0xf8, 0x78, 0x00, 0x7c, 0x95, 0x87, 0x16, 0xd6, 0x6c, 0x58,
-+ 0x33, 0x6c, 0x53, 0x35, 0x0d, 0x66, 0xe3, 0xce
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_int_returnedbits[] = {
-+ 0xe2, 0x1f, 0xf3, 0xda, 0x0d, 0x19, 0x99, 0x87, 0xc4, 0x90, 0xa2, 0x31,
-+ 0xca, 0x2a, 0x89, 0x58, 0x43, 0x44, 0xb8, 0xde, 0xcf, 0xa4, 0xbe, 0x3b,
-+ 0x53, 0x26, 0x22, 0x31, 0x76, 0x41, 0x22, 0xb5, 0xa8, 0x70, 0x2f, 0x4b,
-+ 0x64, 0x95, 0x4d, 0x48, 0x96, 0x35, 0xe6, 0xbd, 0x3c, 0x34, 0xdb, 0x1b
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_entropyinputreseed[] = {
-+ 0x77, 0x61, 0xba, 0xbc, 0xf2, 0xc1, 0xf3, 0x4b, 0x86, 0x65, 0xfd, 0x48,
-+ 0x0e, 0x3c, 0x02, 0x5e, 0xa2, 0x7a, 0x6b, 0x7c, 0xed, 0x21, 0x5e, 0xf9,
-+ 0xcd, 0xcd, 0x77, 0x07, 0x2b, 0xbe, 0xc5, 0x5c
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha384_additionalinputreseed[] = {
-+ 0x18, 0x24, 0x5f, 0xc6, 0x84, 0xd1, 0x67, 0xc3, 0x9a, 0x11, 0xa5, 0x8c,
-+ 0x07, 0x39, 0x21, 0x83, 0x4d, 0x04, 0xc4, 0x6a, 0x28, 0x19, 0xcf, 0x92,
-+ 0x21, 0xd9, 0x9e, 0x41, 0x72, 0x6c, 0x9e, 0x63
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_additionalinput2[] = {
-+ 0x96, 0x67, 0x41, 0x28, 0x9b, 0xb7, 0x92, 0x8d, 0x64, 0x3b, 0xe4, 0xcf,
-+ 0x7e, 0xaa, 0x1e, 0xb1, 0x4b, 0x1d, 0x09, 0x56, 0x67, 0x9c, 0xc6, 0x6d,
-+ 0x3b, 0xe8, 0x91, 0x9d, 0xe1, 0x8a, 0xb7, 0x32
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_returnedbits[] = {
-+ 0xe3, 0x59, 0x61, 0x38, 0x92, 0xec, 0xe2, 0x3c, 0xff, 0xb7, 0xdb, 0x19,
-+ 0x0f, 0x5b, 0x93, 0x68, 0x0d, 0xa4, 0x94, 0x40, 0x72, 0x0b, 0xe0, 0xed,
-+ 0x4d, 0xcd, 0x68, 0xa0, 0x1e, 0xfe, 0x67, 0xb2, 0xfa, 0x21, 0x56, 0x74,
-+ 0xa4, 0xad, 0xcf, 0xb7, 0x60, 0x66, 0x2e, 0x40, 0xde, 0x82, 0xca, 0xfb
-+};
-+
-+/* HMAC SHA-512 PR */
-+__fips_constseg static const unsigned char hmac_sha512_pr_entropyinput[] = {
-+ 0xaa, 0x9e, 0x45, 0x67, 0x0e, 0x00, 0x2a, 0x67, 0x98, 0xd6, 0xda, 0x0b,
-+ 0x0f, 0x17, 0x7e, 0xac, 0xfd, 0x27, 0xc4, 0xca, 0x84, 0xdf, 0xde, 0xba,
-+ 0x85, 0xd9, 0xbe, 0x8f, 0xf3, 0xff, 0x91, 0x4d
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_pr_nonce[] = {
-+ 0x8c, 0x49, 0x2f, 0x58, 0x1e, 0x7a, 0xda, 0x4b, 0x7e, 0x8a, 0x30, 0x7b,
-+ 0x86, 0xea, 0xaf, 0xa2
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha512_pr_personalizationstring[] = {
-+ 0x71, 0xe1, 0xbb, 0xad, 0xa7, 0x4b, 0x2e, 0x31, 0x3b, 0x0b, 0xec, 0x24,
-+ 0x99, 0x38, 0xbc, 0xaa, 0x05, 0x4c, 0x46, 0x44, 0xfa, 0xad, 0x8e, 0x02,
-+ 0xc1, 0x7e, 0xad, 0xec, 0x54, 0xa6, 0xd0, 0xad
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_pr_additionalinput[] = {
-+ 0x3d, 0x6e, 0xa6, 0xa8, 0x29, 0x2a, 0xb2, 0xf5, 0x98, 0x42, 0xe4, 0x92,
-+ 0x78, 0x22, 0x67, 0xfd, 0x1b, 0x15, 0x1e, 0x29, 0xaa, 0x71, 0x3c, 0x3c,
-+ 0xe7, 0x05, 0x20, 0xa9, 0x29, 0xc6, 0x75, 0x71
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_pr_entropyinputpr[] = {
-+ 0xab, 0xb9, 0x16, 0xd8, 0x55, 0x35, 0x54, 0xb7, 0x97, 0x3f, 0x94, 0xbc,
-+ 0x2f, 0x7c, 0x70, 0xc7, 0xd0, 0xed, 0xb7, 0x4b, 0xf7, 0xf6, 0x6c, 0x03,
-+ 0x0c, 0xb0, 0x03, 0xd8, 0xbb, 0x71, 0xd9, 0x10
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_pr_int_returnedbits[] = {
-+ 0x8e, 0xd3, 0xfd, 0x52, 0x9e, 0x83, 0x08, 0x49, 0x18, 0x6e, 0x23, 0x56,
-+ 0x5c, 0x45, 0x93, 0x34, 0x05, 0xe2, 0x98, 0x8f, 0x0c, 0xd4, 0x32, 0x0c,
-+ 0xfd, 0xda, 0x5f, 0x92, 0x3a, 0x8c, 0x81, 0xbd, 0xf6, 0x6c, 0x55, 0xfd,
-+ 0xb8, 0x20, 0xce, 0x8d, 0x97, 0x27, 0xe8, 0xe8, 0xe0, 0xb3, 0x85, 0x50,
-+ 0xa2, 0xc2, 0xb2, 0x95, 0x1d, 0x48, 0xd3, 0x7b, 0x4b, 0x78, 0x13, 0x35,
-+ 0x05, 0x17, 0xbe, 0x0d
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_pr_additionalinput2[] = {
-+ 0xc3, 0xfc, 0x95, 0xaa, 0x69, 0x06, 0xae, 0x59, 0x41, 0xce, 0x26, 0x08,
-+ 0x29, 0x6d, 0x45, 0xda, 0xe8, 0xb3, 0x6c, 0x95, 0x60, 0x0f, 0x70, 0x2c,
-+ 0x10, 0xba, 0x38, 0x8c, 0xcf, 0x29, 0x99, 0xaa
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_pr_entropyinputpr2[] = {
-+ 0x3b, 0x9a, 0x25, 0xce, 0xd7, 0xf9, 0x5c, 0xd1, 0x3a, 0x3e, 0xaa, 0x71,
-+ 0x14, 0x3e, 0x19, 0xe8, 0xce, 0xe6, 0xfe, 0x51, 0x84, 0xe9, 0x1b, 0xfe,
-+ 0x3f, 0xa7, 0xf2, 0xfd, 0x76, 0x5f, 0x6a, 0xe7
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_pr_returnedbits[] = {
-+ 0xb7, 0x82, 0xa9, 0x57, 0x81, 0x67, 0x53, 0xb5, 0xa1, 0xe9, 0x3d, 0x35,
-+ 0xf9, 0xe4, 0x97, 0xbe, 0xa6, 0xca, 0xf1, 0x01, 0x13, 0x09, 0xe7, 0x21,
-+ 0xc0, 0xed, 0x93, 0x5d, 0x4b, 0xf4, 0xeb, 0x8d, 0x53, 0x25, 0x8a, 0xc4,
-+ 0xb1, 0x6f, 0x6e, 0x37, 0xcd, 0x2e, 0xac, 0x39, 0xb2, 0xb6, 0x99, 0xa3,
-+ 0x82, 0x00, 0xb0, 0x21, 0xf0, 0xc7, 0x2f, 0x4c, 0x73, 0x92, 0xfd, 0x00,
-+ 0xb6, 0xaf, 0xbc, 0xd3
-+};
-+
-+/* HMAC SHA-512 No PR */
-+__fips_constseg static const unsigned char hmac_sha512_entropyinput[] = {
-+ 0x6e, 0x85, 0xe6, 0x25, 0x96, 0x29, 0xa7, 0x52, 0x5b, 0x60, 0xba, 0xaa,
-+ 0xde, 0xdb, 0x36, 0x0a, 0x51, 0x9a, 0x15, 0xae, 0x6e, 0x18, 0xd3, 0xfe,
-+ 0x39, 0xb9, 0x4a, 0x96, 0xf8, 0x77, 0xcb, 0x95
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_nonce[] = {
-+ 0xe0, 0xa6, 0x5d, 0x08, 0xc3, 0x7c, 0xae, 0x25, 0x2e, 0x80, 0xd1, 0x3e,
-+ 0xd9, 0xaf, 0x43, 0x3c
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha512_personalizationstring[] = {
-+ 0x53, 0x99, 0x52, 0x5f, 0x11, 0xa9, 0x64, 0x66, 0x20, 0x5e, 0x1b, 0x5f,
-+ 0x42, 0xb3, 0xf4, 0xda, 0xed, 0xbb, 0x63, 0xc1, 0x23, 0xaf, 0xd0, 0x01,
-+ 0x90, 0x3b, 0xd0, 0x78, 0xe4, 0x0b, 0xa7, 0x20
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_additionalinput[] = {
-+ 0x85, 0x90, 0x80, 0xd3, 0x98, 0xf1, 0x53, 0x6d, 0x68, 0x15, 0x8f, 0xe5,
-+ 0x60, 0x3f, 0x17, 0x29, 0x55, 0x8d, 0x33, 0xb1, 0x45, 0x64, 0x64, 0x8d,
-+ 0x50, 0x21, 0x89, 0xae, 0xf6, 0xfd, 0x32, 0x73
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_int_returnedbits[] = {
-+ 0x28, 0x56, 0x30, 0x6f, 0xf4, 0xa1, 0x48, 0xe0, 0xc9, 0xf5, 0x75, 0x90,
-+ 0xcc, 0xfb, 0xdf, 0xdf, 0x71, 0x3d, 0x0a, 0x9a, 0x03, 0x65, 0x3b, 0x18,
-+ 0x61, 0xe3, 0xd1, 0xda, 0xcc, 0x4a, 0xfe, 0x55, 0x38, 0xf8, 0x21, 0x6b,
-+ 0xfa, 0x18, 0x01, 0x42, 0x39, 0x2f, 0x99, 0x53, 0x38, 0x15, 0x82, 0x34,
-+ 0xc5, 0x93, 0x92, 0xbc, 0x4d, 0x75, 0x1a, 0x5f, 0x21, 0x27, 0xcc, 0xa1,
-+ 0xb1, 0x57, 0x69, 0xe8
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_entropyinputreseed[] = {
-+ 0x8c, 0x52, 0x7e, 0x77, 0x72, 0x3f, 0xa3, 0x04, 0x97, 0x10, 0x9b, 0x41,
-+ 0xbd, 0xe8, 0xff, 0x89, 0xed, 0x80, 0xe3, 0xbd, 0xaa, 0x12, 0x2d, 0xca,
-+ 0x75, 0x82, 0x36, 0x77, 0x88, 0xcd, 0xa6, 0x73
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha512_additionalinputreseed[] = {
-+ 0x7e, 0x32, 0xe3, 0x69, 0x69, 0x07, 0x34, 0xa2, 0x16, 0xa2, 0x5d, 0x1a,
-+ 0x10, 0x91, 0xd3, 0xe2, 0x21, 0xa2, 0xa3, 0xdd, 0xcd, 0x0c, 0x09, 0x86,
-+ 0x11, 0xe1, 0x50, 0xff, 0x5c, 0xb7, 0xeb, 0x5c
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_additionalinput2[] = {
-+ 0x7f, 0x78, 0x66, 0xd8, 0xfb, 0x67, 0xcf, 0x8d, 0x8c, 0x08, 0x30, 0xa5,
-+ 0xf8, 0x7d, 0xcf, 0x44, 0x59, 0xce, 0xf8, 0xdf, 0x58, 0xd3, 0x60, 0xcb,
-+ 0xa8, 0x60, 0xb9, 0x07, 0xc4, 0xb1, 0x95, 0x48
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_returnedbits[] = {
-+ 0xdf, 0xa7, 0x36, 0xd4, 0xdc, 0x5d, 0x4d, 0x31, 0xad, 0x69, 0x46, 0x9f,
-+ 0xf1, 0x7c, 0xd7, 0x3b, 0x4f, 0x55, 0xf2, 0xd7, 0xb9, 0x9d, 0xad, 0x7a,
-+ 0x79, 0x08, 0x59, 0xa5, 0xdc, 0x74, 0xf5, 0x9b, 0x73, 0xd2, 0x13, 0x25,
-+ 0x0b, 0x81, 0x08, 0x08, 0x25, 0xfb, 0x39, 0xf2, 0xf0, 0xa3, 0xa4, 0x8d,
-+ 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79,
-+ 0xc2, 0xd6, 0xfd, 0xa5
-+};
-diff -up openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c
---- openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c.fips 2019-02-28 11:30:06.814745521 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c 2019-02-28 11:30:06.814745521 +0100
-@@ -0,0 +1,195 @@
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/dsa.h>
-+#include <openssl/fips.h>
-+#include "internal/fips_int.h"
-+#include <openssl/err.h>
-+#include <openssl/evp.h>
-+#include <openssl/bn.h>
-+#include "fips_locl.h"
-+
-+#ifdef OPENSSL_FIPS
-+
-+static const unsigned char dsa_test_2048_p[] = {
-+ 0xa8, 0x53, 0x78, 0xd8, 0xfd, 0x3f, 0x8d, 0x72, 0xec, 0x74, 0x18, 0x08,
-+ 0x0d, 0xa2, 0x13, 0x17, 0xe4, 0x3e, 0xc4, 0xb6, 0x2b, 0xa8, 0xc8, 0x62,
-+ 0x3b, 0x7e, 0x4d, 0x04, 0x44, 0x1d, 0xd1, 0xa0, 0x65, 0x86, 0x62, 0x59,
-+ 0x64, 0x93, 0xca, 0x8e, 0x9e, 0x8f, 0xbb, 0x7e, 0x34, 0xaa, 0xdd, 0xb6,
-+ 0x2e, 0x5d, 0x67, 0xb6, 0xd0, 0x9a, 0x6e, 0x61, 0xb7, 0x69, 0xe7, 0xc3,
-+ 0x52, 0xaa, 0x2b, 0x10, 0xe2, 0x0c, 0xa0, 0x63, 0x69, 0x63, 0xb5, 0x52,
-+ 0x3e, 0x86, 0x47, 0x0d, 0xec, 0xbb, 0xed, 0xa0, 0x27, 0xe7, 0x97, 0xe7,
-+ 0xb6, 0x76, 0x35, 0xd4, 0xd4, 0x9c, 0x30, 0x70, 0x0e, 0x74, 0xaf, 0x8a,
-+ 0x0f, 0xf1, 0x56, 0xa8, 0x01, 0xaf, 0x57, 0xa2, 0x6e, 0x70, 0x78, 0xf1,
-+ 0xd8, 0x2f, 0x74, 0x90, 0x8e, 0xcb, 0x6d, 0x07, 0xe7, 0x0b, 0x35, 0x03,
-+ 0xee, 0xd9, 0x4f, 0xa3, 0x2c, 0xf1, 0x7a, 0x7f, 0xc3, 0xd6, 0xcf, 0x40,
-+ 0xdc, 0x7b, 0x00, 0x83, 0x0e, 0x6a, 0x25, 0x66, 0xdc, 0x07, 0x3e, 0x34,
-+ 0x33, 0x12, 0x51, 0x7c, 0x6a, 0xa5, 0x15, 0x2b, 0x4b, 0xfe, 0xcd, 0x2e,
-+ 0x55, 0x1f, 0xee, 0x34, 0x63, 0x18, 0xa1, 0x53, 0x42, 0x3c, 0x99, 0x6b,
-+ 0x0d, 0x5d, 0xcb, 0x91, 0x02, 0xae, 0xdd, 0x38, 0x79, 0x86, 0x16, 0xf1,
-+ 0xf1, 0xe0, 0xd6, 0xc4, 0x03, 0x52, 0x5b, 0x1f, 0x9b, 0x3d, 0x4d, 0xc7,
-+ 0x66, 0xde, 0x2d, 0xfc, 0x4a, 0x56, 0xd7, 0xb8, 0xba, 0x59, 0x63, 0xd6,
-+ 0x0f, 0x3e, 0x16, 0x31, 0x88, 0x70, 0xad, 0x43, 0x69, 0x52, 0xe5, 0x57,
-+ 0x65, 0x37, 0x4e, 0xab, 0x85, 0xe8, 0xec, 0x17, 0xd6, 0xb9, 0xa4, 0x54,
-+ 0x7b, 0x9b, 0x5f, 0x27, 0x52, 0xf3, 0x10, 0x5b, 0xe8, 0x09, 0xb2, 0x3a,
-+ 0x2c, 0x8d, 0x74, 0x69, 0xdb, 0x02, 0xe2, 0x4d, 0x59, 0x23, 0x94, 0xa7,
-+ 0xdb, 0xa0, 0x69, 0xe9
-+};
-+
-+static const unsigned char dsa_test_2048_q[] = {
-+ 0xd2, 0x77, 0x04, 0x4e, 0x50, 0xf5, 0xa4, 0xe3, 0xf5, 0x10, 0xa5, 0x0a,
-+ 0x0b, 0x84, 0xfd, 0xff, 0xbc, 0xa0, 0x47, 0xed, 0x27, 0x60, 0x20, 0x56,
-+ 0x74, 0x41, 0xa0, 0xa5
-+};
-+
-+static const unsigned char dsa_test_2048_g[] = {
-+ 0x13, 0xd7, 0x54, 0xe2, 0x1f, 0xd2, 0x41, 0x65, 0x5d, 0xa8, 0x91, 0xc5,
-+ 0x22, 0xa6, 0x5a, 0x72, 0xa8, 0x9b, 0xdc, 0x64, 0xec, 0x9b, 0x54, 0xa8,
-+ 0x21, 0xed, 0x4a, 0x89, 0x8b, 0x49, 0x0e, 0x0c, 0x4f, 0xcb, 0x72, 0x19,
-+ 0x2a, 0x4a, 0x20, 0xf5, 0x41, 0xf3, 0xf2, 0x92, 0x53, 0x99, 0xf0, 0xba,
-+ 0xec, 0xf9, 0x29, 0xaa, 0xfb, 0xf7, 0x9d, 0xfe, 0x43, 0x32, 0x39, 0x3b,
-+ 0x32, 0xcd, 0x2e, 0x2f, 0xcf, 0x27, 0x2f, 0x32, 0xa6, 0x27, 0x43, 0x4a,
-+ 0x0d, 0xf2, 0x42, 0xb7, 0x5b, 0x41, 0x4d, 0xf3, 0x72, 0x12, 0x1e, 0x53,
-+ 0xa5, 0x53, 0xf2, 0x22, 0xf8, 0x36, 0xb0, 0x00, 0xf0, 0x16, 0x48, 0x5b,
-+ 0x6b, 0xd0, 0x89, 0x84, 0x51, 0x80, 0x1d, 0xcd, 0x8d, 0xe6, 0x4c, 0xd5,
-+ 0x36, 0x56, 0x96, 0xff, 0xc5, 0x32, 0xd5, 0x28, 0xc5, 0x06, 0x62, 0x0a,
-+ 0x94, 0x2a, 0x03, 0x05, 0x04, 0x6d, 0x8f, 0x18, 0x76, 0x34, 0x1f, 0x1e,
-+ 0x57, 0x0b, 0xc3, 0x97, 0x4b, 0xa6, 0xb9, 0xa4, 0x38, 0xe9, 0x70, 0x23,
-+ 0x02, 0xa2, 0xe6, 0xe6, 0x7b, 0xfd, 0x06, 0xd3, 0x2b, 0xc6, 0x79, 0x96,
-+ 0x22, 0x71, 0xd7, 0xb4, 0x0c, 0xd7, 0x2f, 0x38, 0x6e, 0x64, 0xe0, 0xd7,
-+ 0xef, 0x86, 0xca, 0x8c, 0xa5, 0xd1, 0x42, 0x28, 0xdc, 0x2a, 0x4f, 0x16,
-+ 0xe3, 0x18, 0x98, 0x86, 0xb5, 0x99, 0x06, 0x74, 0xf4, 0x20, 0x0f, 0x3a,
-+ 0x4c, 0xf6, 0x5a, 0x3f, 0x0d, 0xdb, 0xa1, 0xfa, 0x67, 0x2d, 0xff, 0x2f,
-+ 0x5e, 0x14, 0x3d, 0x10, 0xe4, 0xe9, 0x7a, 0xe8, 0x4f, 0x6d, 0xa0, 0x95,
-+ 0x35, 0xd5, 0xb9, 0xdf, 0x25, 0x91, 0x81, 0xa7, 0x9b, 0x63, 0xb0, 0x69,
-+ 0xe9, 0x49, 0x97, 0x2b, 0x02, 0xba, 0x36, 0xb3, 0x58, 0x6a, 0xab, 0x7e,
-+ 0x45, 0xf3, 0x22, 0xf8, 0x2e, 0x4e, 0x85, 0xca, 0x3a, 0xb8, 0x55, 0x91,
-+ 0xb3, 0xc2, 0xa9, 0x66
-+};
-+
-+static const unsigned char dsa_test_2048_pub_key[] = {
-+ 0x24, 0x52, 0xf3, 0xcc, 0xbe, 0x9e, 0xd5, 0xca, 0x7d, 0xc7, 0x4c, 0x60,
-+ 0x2b, 0x99, 0x22, 0x6e, 0x8f, 0x2f, 0xab, 0x38, 0xe7, 0xd7, 0xdd, 0xfb,
-+ 0x75, 0x53, 0x9b, 0x17, 0x15, 0x5e, 0x9f, 0xcf, 0xd1, 0xab, 0xa5, 0x64,
-+ 0xeb, 0x85, 0x35, 0xd8, 0x12, 0xc9, 0xc2, 0xdc, 0xf9, 0x72, 0x84, 0x44,
-+ 0x1b, 0xc4, 0x82, 0x24, 0x36, 0x24, 0xc7, 0xf4, 0x57, 0x58, 0x0c, 0x1c,
-+ 0x38, 0xa5, 0x7c, 0x46, 0xc4, 0x57, 0x39, 0x24, 0x70, 0xed, 0xb5, 0x2c,
-+ 0xb5, 0xa6, 0xe0, 0x3f, 0xe6, 0x28, 0x7b, 0xb6, 0xf4, 0x9a, 0x42, 0xa2,
-+ 0x06, 0x5a, 0x05, 0x4f, 0x03, 0x08, 0x39, 0xdf, 0x1f, 0xd3, 0x14, 0x9c,
-+ 0x4c, 0xa0, 0x53, 0x1d, 0xd8, 0xca, 0x8a, 0xaa, 0x9c, 0xc7, 0x33, 0x71,
-+ 0x93, 0x38, 0x73, 0x48, 0x33, 0x61, 0x18, 0x22, 0x45, 0x45, 0xe8, 0x8c,
-+ 0x80, 0xff, 0xd8, 0x76, 0x5d, 0x74, 0x36, 0x03, 0x33, 0xcc, 0xab, 0x99,
-+ 0x72, 0x77, 0x9b, 0x65, 0x25, 0xa6, 0x5b, 0xdd, 0x0d, 0x10, 0xc6, 0x75,
-+ 0xc1, 0x09, 0xbb, 0xd3, 0xe5, 0xbe, 0x4d, 0x72, 0xef, 0x6e, 0xba, 0x6e,
-+ 0x43, 0x8d, 0x52, 0x26, 0x23, 0x7d, 0xb8, 0x88, 0x37, 0x9c, 0x5f, 0xcc,
-+ 0x47, 0xa3, 0x84, 0x7f, 0xf6, 0x37, 0x11, 0xba, 0xed, 0x6d, 0x03, 0xaf,
-+ 0xe8, 0x1e, 0x69, 0x4a, 0x41, 0x3b, 0x68, 0x0b, 0xd3, 0x8a, 0xb4, 0x90,
-+ 0x3f, 0x83, 0x70, 0xa7, 0x07, 0xef, 0x55, 0x1d, 0x49, 0x41, 0x02, 0x6d,
-+ 0x95, 0x79, 0xd6, 0x91, 0xde, 0x8e, 0xda, 0xa1, 0x61, 0x05, 0xeb, 0x9d,
-+ 0xba, 0x3c, 0x2f, 0x4c, 0x1b, 0xec, 0x50, 0x82, 0x75, 0xaa, 0x02, 0x07,
-+ 0xe2, 0x51, 0xb5, 0xec, 0xcb, 0x28, 0x6a, 0x4b, 0x01, 0xd4, 0x49, 0xd3,
-+ 0x0a, 0xcb, 0x67, 0x37, 0x17, 0xa0, 0xd2, 0xfb, 0x3b, 0x50, 0xc8, 0x93,
-+ 0xf7, 0xda, 0xb1, 0x4f
-+};
-+
-+static const unsigned char dsa_test_2048_priv_key[] = {
-+ 0x0c, 0x4b, 0x30, 0x89, 0xd1, 0xb8, 0x62, 0xcb, 0x3c, 0x43, 0x64, 0x91,
-+ 0xf0, 0x91, 0x54, 0x70, 0xc5, 0x27, 0x96, 0xe3, 0xac, 0xbe, 0xe8, 0x00,
-+ 0xec, 0x55, 0xf6, 0xcc
-+};
-+
-+int FIPS_selftest_dsa()
-+{
-+ DSA *dsa = NULL;
-+ EVP_PKEY *pk = NULL;
-+ int ret = -1;
-+ BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL;
-+
-+ fips_load_key_component(p, dsa_test_2048);
-+ fips_load_key_component(q, dsa_test_2048);
-+ fips_load_key_component(g, dsa_test_2048);
-+ fips_load_key_component(pub_key, dsa_test_2048);
-+ fips_load_key_component(priv_key, dsa_test_2048);
-+
-+ dsa = DSA_new();
-+
-+ if (dsa == NULL)
-+ goto err;
-+
-+ DSA_set0_pqg(dsa, p, q, g);
-+
-+ DSA_set0_key(dsa, pub_key, priv_key);
-+
-+ if ((pk = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ EVP_PKEY_assign_DSA(pk, dsa);
-+
-+ if (!fips_pkey_signature_test(pk, NULL, 0,
-+ NULL, 0, EVP_sha256(), 0, "DSA SHA256"))
-+ goto err;
-+ ret = 1;
-+
-+ err:
-+ if (pk)
-+ EVP_PKEY_free(pk);
-+ else if (dsa)
-+ DSA_free(dsa);
-+ else {
-+ BN_free(p);
-+ BN_free(q);
-+ BN_free(g);
-+ BN_free(pub_key);
-+ BN_free(priv_key);
-+ }
-+ return ret;
-+}
-+#endif
-diff -up openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c
---- openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c.fips 2019-02-28 11:30:06.814745521 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c 2019-02-28 11:30:06.814745521 +0100
-@@ -0,0 +1,242 @@
-+/* fips/ecdh/fips_ecdh_selftest.c */
-+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
-+ * project 2011.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing@OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ */
-+
-+#define OPENSSL_FIPSAPI
-+
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/ec.h>
-+#include <openssl/ecdh.h>
-+#include <openssl/fips.h>
-+#include <openssl/err.h>
-+#include <openssl/evp.h>
-+#include <openssl/bn.h>
-+
-+#ifdef OPENSSL_FIPS
-+
-+# include "fips_locl.h"
-+
-+static const unsigned char p256_qcavsx[] = {
-+ 0x52, 0xc6, 0xa5, 0x75, 0xf3, 0x04, 0x98, 0xb3, 0x29, 0x66, 0x0c, 0x62,
-+ 0x18, 0x60, 0x55, 0x41, 0x59, 0xd4, 0x60, 0x85, 0x99, 0xc1, 0x51, 0x13,
-+ 0x6f, 0x97, 0x85, 0x93, 0x33, 0x34, 0x07, 0x50
-+};
-+
-+static const unsigned char p256_qcavsy[] = {
-+ 0x6f, 0x69, 0x24, 0xeb, 0xe9, 0x3b, 0xa7, 0xcc, 0x47, 0x17, 0xaa, 0x3f,
-+ 0x70, 0xfc, 0x10, 0x73, 0x0a, 0xcd, 0x21, 0xee, 0x29, 0x19, 0x1f, 0xaf,
-+ 0xb4, 0x1c, 0x1e, 0xc2, 0x8e, 0x97, 0x81, 0x6e
-+};
-+
-+static const unsigned char p256_qiutx[] = {
-+ 0x71, 0x46, 0x88, 0x08, 0x92, 0x21, 0x1b, 0x10, 0x21, 0x74, 0xff, 0x0c,
-+ 0x94, 0xde, 0x34, 0x7c, 0x86, 0x74, 0xbe, 0x67, 0x41, 0x68, 0xd4, 0xc1,
-+ 0xe5, 0x75, 0x63, 0x9c, 0xa7, 0x46, 0x93, 0x6f
-+};
-+
-+static const unsigned char p256_qiuty[] = {
-+ 0x33, 0x40, 0xa9, 0x6a, 0xf5, 0x20, 0xb5, 0x9e, 0xfc, 0x60, 0x1a, 0xae,
-+ 0x3d, 0xf8, 0x21, 0xd2, 0xa7, 0xca, 0x52, 0x34, 0xb9, 0x5f, 0x27, 0x75,
-+ 0x6c, 0x81, 0xbe, 0x32, 0x4d, 0xba, 0xbb, 0xf8
-+};
-+
-+static const unsigned char p256_qiutd[] = {
-+ 0x1a, 0x48, 0x55, 0x6b, 0x11, 0xbe, 0x92, 0xd4, 0x1c, 0xd7, 0x45, 0xc3,
-+ 0x82, 0x81, 0x51, 0xf1, 0x23, 0x40, 0xb7, 0x83, 0xfd, 0x01, 0x6d, 0xbc,
-+ 0xa1, 0x66, 0xaf, 0x0a, 0x03, 0x23, 0xcd, 0xc8
-+};
-+
-+static const unsigned char p256_ziut[] = {
-+ 0x77, 0x2a, 0x1e, 0x37, 0xee, 0xe6, 0x51, 0x02, 0x71, 0x40, 0xf8, 0x6a,
-+ 0x36, 0xf8, 0x65, 0x61, 0x2b, 0x18, 0x71, 0x82, 0x23, 0xe6, 0xf2, 0x77,
-+ 0xce, 0xec, 0xb8, 0x49, 0xc7, 0xbf, 0x36, 0x4f
-+};
-+
-+typedef struct {
-+ int curve;
-+ const unsigned char *x1;
-+ size_t x1len;
-+ const unsigned char *y1;
-+ size_t y1len;
-+ const unsigned char *d1;
-+ size_t d1len;
-+ const unsigned char *x2;
-+ size_t x2len;
-+ const unsigned char *y2;
-+ size_t y2len;
-+ const unsigned char *z;
-+ size_t zlen;
-+} ECDH_SELFTEST_DATA;
-+
-+# define make_ecdh_test(nid, pr) { nid, \
-+ pr##_qiutx, sizeof(pr##_qiutx), \
-+ pr##_qiuty, sizeof(pr##_qiuty), \
-+ pr##_qiutd, sizeof(pr##_qiutd), \
-+ pr##_qcavsx, sizeof(pr##_qcavsx), \
-+ pr##_qcavsy, sizeof(pr##_qcavsy), \
-+ pr##_ziut, sizeof(pr##_ziut) }
-+
-+static ECDH_SELFTEST_DATA test_ecdh_data[] = {
-+ make_ecdh_test(NID_X9_62_prime256v1, p256),
-+};
-+
-+int FIPS_selftest_ecdh(void)
-+{
-+ EC_KEY *ec1 = NULL, *ec2 = NULL;
-+ const EC_POINT *ecp = NULL;
-+ BIGNUM *x = NULL, *y = NULL, *d = NULL;
-+ unsigned char *ztmp = NULL;
-+ int rv = 1;
-+ size_t i;
-+
-+ for (i = 0; i < sizeof(test_ecdh_data) / sizeof(ECDH_SELFTEST_DATA); i++) {
-+ ECDH_SELFTEST_DATA *ecd = test_ecdh_data + i;
-+ if (!fips_post_started(FIPS_TEST_ECDH, ecd->curve, 0))
-+ continue;
-+ ztmp = OPENSSL_malloc(ecd->zlen);
-+
-+ x = BN_bin2bn(ecd->x1, ecd->x1len, x);
-+ y = BN_bin2bn(ecd->y1, ecd->y1len, y);
-+ d = BN_bin2bn(ecd->d1, ecd->d1len, d);
-+
-+ if (!x || !y || !d || !ztmp) {
-+ rv = -1;
-+ goto err;
-+ }
-+
-+ ec1 = EC_KEY_new_by_curve_name(ecd->curve);
-+ if (!ec1) {
-+ rv = -1;
-+ goto err;
-+ }
-+ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
-+
-+ if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y)) {
-+ rv = -1;
-+ goto err;
-+ }
-+
-+ if (!EC_KEY_set_private_key(ec1, d)) {
-+ rv = -1;
-+ goto err;
-+ }
-+
-+ x = BN_bin2bn(ecd->x2, ecd->x2len, x);
-+ y = BN_bin2bn(ecd->y2, ecd->y2len, y);
-+
-+ if (!x || !y) {
-+ rv = -1;
-+ goto err;
-+ }
-+
-+ ec2 = EC_KEY_new_by_curve_name(ecd->curve);
-+ if (!ec2) {
-+ rv = -1;
-+ goto err;
-+ }
-+ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
-+
-+ if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y)) {
-+ rv = -1;
-+ goto err;
-+ }
-+
-+ ecp = EC_KEY_get0_public_key(ec2);
-+ if (!ecp) {
-+ rv = -1;
-+ goto err;
-+ }
-+
-+ if (!ECDH_compute_key(ztmp, ecd->zlen, ecp, ec1, 0)) {
-+ rv = -1;
-+ goto err;
-+ }
-+
-+ if (!fips_post_corrupt(FIPS_TEST_ECDH, ecd->curve, NULL))
-+ ztmp[0] ^= 0x1;
-+
-+ if (memcmp(ztmp, ecd->z, ecd->zlen)) {
-+ fips_post_failed(FIPS_TEST_ECDH, ecd->curve, 0);
-+ rv = 0;
-+ } else if (!fips_post_success(FIPS_TEST_ECDH, ecd->curve, 0))
-+ goto err;
-+
-+ EC_KEY_free(ec1);
-+ ec1 = NULL;
-+ EC_KEY_free(ec2);
-+ ec2 = NULL;
-+ OPENSSL_free(ztmp);
-+ ztmp = NULL;
-+ }
-+
-+ err:
-+
-+ if (x)
-+ BN_clear_free(x);
-+ if (y)
-+ BN_clear_free(y);
-+ if (d)
-+ BN_clear_free(d);
-+ if (ec1)
-+ EC_KEY_free(ec1);
-+ if (ec2)
-+ EC_KEY_free(ec2);
-+ if (ztmp)
-+ OPENSSL_free(ztmp);
-+
-+ return rv;
-+
-+}
-+
-+#endif
-diff -up openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c
---- openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c.fips 2019-02-28 11:30:06.814745521 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c 2019-02-28 11:30:06.814745521 +0100
-@@ -0,0 +1,166 @@
-+/* fips/ecdsa/fips_ecdsa_selftest.c */
-+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
-+ * project 2011.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing@OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ */
-+
-+#define OPENSSL_FIPSAPI
-+
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/ec.h>
-+#include <openssl/ecdsa.h>
-+#include <openssl/fips.h>
-+#include "internal/fips_int.h"
-+#include <openssl/err.h>
-+#include <openssl/evp.h>
-+#include <openssl/bn.h>
-+
-+#ifdef OPENSSL_FIPS
-+
-+static const char P_256_name[] = "ECDSA P-256";
-+
-+static const unsigned char P_256_d[] = {
-+ 0x51, 0xbd, 0x06, 0xa1, 0x1c, 0xda, 0xe2, 0x12, 0x99, 0xc9, 0x52, 0x3f,
-+ 0xea, 0xa4, 0xd2, 0xd1, 0xf4, 0x7f, 0xd4, 0x3e, 0xbd, 0xf8, 0xfc, 0x87,
-+ 0xdc, 0x82, 0x53, 0x21, 0xee, 0xa0, 0xdc, 0x64
-+};
-+
-+static const unsigned char P_256_qx[] = {
-+ 0x23, 0x89, 0xe0, 0xf4, 0x69, 0xe0, 0x49, 0xe5, 0xc7, 0xe5, 0x40, 0x6e,
-+ 0x8f, 0x25, 0xdd, 0xad, 0x11, 0x16, 0x14, 0x9b, 0xab, 0x44, 0x06, 0x31,
-+ 0xbf, 0x5e, 0xa6, 0x44, 0xac, 0x86, 0x00, 0x07
-+};
-+
-+static const unsigned char P_256_qy[] = {
-+ 0xb3, 0x05, 0x0d, 0xd0, 0xdc, 0xf7, 0x40, 0xe6, 0xf9, 0xd8, 0x6d, 0x7b,
-+ 0x63, 0xca, 0x97, 0xe6, 0x12, 0xf9, 0xd4, 0x18, 0x59, 0xbe, 0xb2, 0x5e,
-+ 0x4a, 0x6a, 0x77, 0x23, 0xf4, 0x11, 0x9d, 0xeb
-+};
-+
-+typedef struct {
-+ int curve;
-+ const char *name;
-+ const unsigned char *x;
-+ size_t xlen;
-+ const unsigned char *y;
-+ size_t ylen;
-+ const unsigned char *d;
-+ size_t dlen;
-+} EC_SELFTEST_DATA;
-+
-+# define make_ecdsa_test(nid, pr) { nid, pr##_name, \
-+ pr##_qx, sizeof(pr##_qx), \
-+ pr##_qy, sizeof(pr##_qy), \
-+ pr##_d, sizeof(pr##_d)}
-+
-+static EC_SELFTEST_DATA test_ec_data[] = {
-+ make_ecdsa_test(NID_X9_62_prime256v1, P_256),
-+};
-+
-+int FIPS_selftest_ecdsa()
-+{
-+ EC_KEY *ec = NULL;
-+ BIGNUM *x = NULL, *y = NULL, *d = NULL;
-+ EVP_PKEY *pk = NULL;
-+ int rv = 0;
-+ size_t i;
-+
-+ for (i = 0; i < sizeof(test_ec_data) / sizeof(EC_SELFTEST_DATA); i++) {
-+ EC_SELFTEST_DATA *ecd = test_ec_data + i;
-+
-+ x = BN_bin2bn(ecd->x, ecd->xlen, x);
-+ y = BN_bin2bn(ecd->y, ecd->ylen, y);
-+ d = BN_bin2bn(ecd->d, ecd->dlen, d);
-+
-+ if (!x || !y || !d)
-+ goto err;
-+
-+ ec = EC_KEY_new_by_curve_name(ecd->curve);
-+ if (!ec)
-+ goto err;
-+
-+ if (!EC_KEY_set_public_key_affine_coordinates(ec, x, y))
-+ goto err;
-+
-+ if (!EC_KEY_set_private_key(ec, d))
-+ goto err;
-+
-+ if ((pk = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ EVP_PKEY_assign_EC_KEY(pk, ec);
-+
-+ if (!fips_pkey_signature_test(pk, NULL, 0,
-+ NULL, 0, EVP_sha256(), 0, ecd->name))
-+ goto err;
-+ }
-+
-+ rv = 1;
-+
-+ err:
-+
-+ if (x)
-+ BN_clear_free(x);
-+ if (y)
-+ BN_clear_free(y);
-+ if (d)
-+ BN_clear_free(d);
-+ if (pk)
-+ EVP_PKEY_free(pk);
-+ else if (ec)
-+ EC_KEY_free(ec);
-+
-+ return rv;
-+
-+}
-+
-+#endif
-diff -up openssl-1.1.1b/crypto/fips/fips_err.h.fips openssl-1.1.1b/crypto/fips/fips_err.h
---- openssl-1.1.1b/crypto/fips/fips_err.h.fips 2019-05-06 16:08:46.792598211 +0200
-+++ openssl-1.1.1b/crypto/fips/fips_err.h 2019-05-06 16:19:56.403993551 +0200
-@@ -0,0 +1,197 @@
-+/* crypto/fips_err.h */
-+/* ====================================================================
-+ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay@cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh@cryptsoft.com).
-+ *
-+ */
-+
-+/*
-+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
-+ * made to it will be overwritten when the script next updates this file,
-+ * only reason strings will be preserved.
-+ */
-+
-+#include <stdio.h>
-+#include <openssl/err.h>
-+#include <openssl/fips.h>
-+
-+/* BEGIN ERROR CODES */
-+#ifndef OPENSSL_NO_ERR
-+
-+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_FIPS,func,0)
-+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_FIPS,0,reason)
-+
-+static ERR_STRING_DATA FIPS_str_functs[] = {
-+ {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "dh_builtin_genparams"},
-+ {ERR_FUNC(FIPS_F_DRBG_RESEED), "drbg_reseed"},
-+ {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2), "dsa_builtin_paramgen2"},
-+ {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"},
-+ {ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"},
-+ {ERR_FUNC(FIPS_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"},
-+ {ERR_FUNC(FIPS_F_EVP_CIPHER_CTX_NEW), "EVP_CIPHER_CTX_new"},
-+ {ERR_FUNC(FIPS_F_EVP_CIPHER_CTX_RESET), "EVP_CIPHER_CTX_reset"},
-+ {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "fips_check_dsa"},
-+ {ERR_FUNC(FIPS_F_FIPS_CHECK_EC), "fips_check_ec"},
-+ {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "fips_check_rsa"},
-+ {ERR_FUNC(FIPS_F_FIPS_DRBG_BYTES), "fips_drbg_bytes"},
-+ {ERR_FUNC(FIPS_F_FIPS_DRBG_CHECK), "fips_drbg_check"},
-+ {ERR_FUNC(FIPS_F_FIPS_DRBG_CPRNG_TEST), "fips_drbg_cprng_test"},
-+ {ERR_FUNC(FIPS_F_FIPS_DRBG_ERROR_CHECK), "fips_drbg_error_check"},
-+ {ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE), "FIPS_drbg_generate"},
-+ {ERR_FUNC(FIPS_F_FIPS_DRBG_INIT), "FIPS_drbg_init"},
-+ {ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE), "FIPS_drbg_instantiate"},
-+ {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW), "FIPS_drbg_new"},
-+ {ERR_FUNC(FIPS_F_FIPS_DRBG_RESEED), "FIPS_drbg_reseed"},
-+ {ERR_FUNC(FIPS_F_FIPS_DRBG_SINGLE_KAT), "FIPS_DRBG_SINGLE_KAT"},
-+ {ERR_FUNC(FIPS_F_FIPS_GET_ENTROPY), "fips_get_entropy"},
-+ {ERR_FUNC(FIPS_F_FIPS_MODULE_MODE_SET), "FIPS_module_mode_set"},
-+ {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST), "fips_pkey_signature_test"},
-+ {ERR_FUNC(FIPS_F_FIPS_RAND_BYTES), "FIPS_rand_bytes"},
-+ {ERR_FUNC(FIPS_F_FIPS_RAND_SEED), "FIPS_rand_seed"},
-+ {ERR_FUNC(FIPS_F_FIPS_RAND_SET_METHOD), "FIPS_rand_set_method"},
-+ {ERR_FUNC(FIPS_F_FIPS_RAND_STATUS), "FIPS_rand_status"},
-+ {ERR_FUNC(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN), "fips_rsa_builtin_keygen"},
-+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST), "FIPS_selftest"},
-+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES), "FIPS_selftest_aes"},
-+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_CCM), "FIPS_selftest_aes_ccm"},
-+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_GCM), "FIPS_selftest_aes_gcm"},
-+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_XTS), "FIPS_selftest_aes_xts"},
-+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_CMAC), "FIPS_selftest_cmac"},
-+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES), "FIPS_selftest_des"},
-+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"},
-+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_ECDSA), "FIPS_selftest_ecdsa"},
-+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"},
-+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
-+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA2), "FIPS_selftest_sha2"},
-+ {ERR_FUNC(FIPS_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"},
-+ {ERR_FUNC(FIPS_F_OSSL_ECDSA_VERIFY_SIG), "ossl_ecdsa_verify_sig"},
-+ {ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN), "rsa_builtin_keygen"},
-+ {ERR_FUNC(FIPS_F_RSA_OSSL_INIT), "rsa_ossl_init"},
-+ {ERR_FUNC(FIPS_F_RSA_OSSL_PRIVATE_DECRYPT), "rsa_ossl_private_decrypt"},
-+ {ERR_FUNC(FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT), "rsa_ossl_private_encrypt"},
-+ {ERR_FUNC(FIPS_F_RSA_OSSL_PUBLIC_DECRYPT), "rsa_ossl_public_decrypt"},
-+ {ERR_FUNC(FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT), "rsa_ossl_public_encrypt"},
-+ {0, NULL}
-+};
-+
-+static ERR_STRING_DATA FIPS_str_reasons[] = {
-+ {ERR_REASON(FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED),
-+ "additional input error undetected"},
-+ {ERR_REASON(FIPS_R_ADDITIONAL_INPUT_TOO_LONG),
-+ "additional input too long"},
-+ {ERR_REASON(FIPS_R_ALREADY_INSTANTIATED), "already instantiated"},
-+ {ERR_REASON(FIPS_R_DRBG_NOT_INITIALISED), "drbg not initialised"},
-+ {ERR_REASON(FIPS_R_DRBG_STUCK), "drbg stuck"},
-+ {ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED), "entropy error undetected"},
-+ {ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),
-+ "entropy not requested for reseed"},
-+ {ERR_REASON(FIPS_R_ENTROPY_SOURCE_STUCK), "entropy source stuck"},
-+ {ERR_REASON(FIPS_R_ERROR_INITIALISING_DRBG), "error initialising drbg"},
-+ {ERR_REASON(FIPS_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"},
-+ {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),
-+ "error retrieving additional input"},
-+ {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ENTROPY), "error retrieving entropy"},
-+ {ERR_REASON(FIPS_R_ERROR_RETRIEVING_NONCE), "error retrieving nonce"},
-+ {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH),
-+ "fingerprint does not match"},
-+ {ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET), "fips mode already set"},
-+ {ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED), "fips selftest failed"},
-+ {ERR_REASON(FIPS_R_FUNCTION_ERROR), "function error"},
-+ {ERR_REASON(FIPS_R_GENERATE_ERROR), "generate error"},
-+ {ERR_REASON(FIPS_R_GENERATE_ERROR_UNDETECTED),
-+ "generate error undetected"},
-+ {ERR_REASON(FIPS_R_INSTANTIATE_ERROR), "instantiate error"},
-+ {ERR_REASON(FIPS_R_INTERNAL_ERROR), "internal error"},
-+ {ERR_REASON(FIPS_R_INVALID_KEY_LENGTH), "invalid key length"},
-+ {ERR_REASON(FIPS_R_IN_ERROR_STATE), "in error state"},
-+ {ERR_REASON(FIPS_R_KEY_TOO_SHORT), "key too short"},
-+ {ERR_REASON(FIPS_R_NONCE_ERROR_UNDETECTED), "nonce error undetected"},
-+ {ERR_REASON(FIPS_R_NON_FIPS_METHOD), "non fips method"},
-+ {ERR_REASON(FIPS_R_NOPR_TEST1_FAILURE), "nopr test1 failure"},
-+ {ERR_REASON(FIPS_R_NOPR_TEST2_FAILURE), "nopr test2 failure"},
-+ {ERR_REASON(FIPS_R_NOT_INSTANTIATED), "not instantiated"},
-+ {ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED), "pairwise test failed"},
-+ {ERR_REASON(FIPS_R_PERSONALISATION_ERROR_UNDETECTED),
-+ "personalisation error undetected"},
-+ {ERR_REASON(FIPS_R_PERSONALISATION_STRING_TOO_LONG),
-+ "personalisation string too long"},
-+ {ERR_REASON(FIPS_R_PR_TEST1_FAILURE), "pr test1 failure"},
-+ {ERR_REASON(FIPS_R_PR_TEST2_FAILURE), "pr test2 failure"},
-+ {ERR_REASON(FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED),
-+ "request length error undetected"},
-+ {ERR_REASON(FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG),
-+ "request too large for drbg"},
-+ {ERR_REASON(FIPS_R_RESEED_COUNTER_ERROR), "reseed counter error"},
-+ {ERR_REASON(FIPS_R_RESEED_ERROR), "reseed error"},
-+ {ERR_REASON(FIPS_R_SELFTEST_FAILED), "selftest failed"},
-+ {ERR_REASON(FIPS_R_SELFTEST_FAILURE), "selftest failure"},
-+ {ERR_REASON(FIPS_R_TEST_FAILURE), "test failure"},
-+ {ERR_REASON(FIPS_R_UNINSTANTIATE_ERROR), "uninstantiate error"},
-+ {ERR_REASON(FIPS_R_UNINSTANTIATE_ZEROISE_ERROR),
-+ "uninstantiate zeroise error"},
-+ {ERR_REASON(FIPS_R_UNSUPPORTED_DRBG_TYPE), "unsupported drbg type"},
-+ {ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM), "unsupported platform"},
-+ {0, NULL}
-+};
-+
-+#endif
-+
-+int ERR_load_FIPS_strings(void)
-+{
-+#ifndef OPENSSL_NO_ERR
-+
-+ if (ERR_func_error_string(FIPS_str_functs[0].error) == NULL) {
-+ ERR_load_strings(0, FIPS_str_functs);
-+ ERR_load_strings(0, FIPS_str_reasons);
-+ }
-+#endif
-+ return 1;
-+}
-diff -up openssl-1.1.1b/crypto/fips/fips_ers.c.fips openssl-1.1.1b/crypto/fips/fips_ers.c
---- openssl-1.1.1b/crypto/fips/fips_ers.c.fips 2019-02-28 11:30:06.815745503 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_ers.c 2019-02-28 11:30:06.815745503 +0100
-@@ -0,0 +1,7 @@
-+#include <openssl/opensslconf.h>
-+
-+#ifdef OPENSSL_FIPS
-+# include "fips_err.h"
-+#else
-+static void *dummy = &dummy;
-+#endif
-diff -up openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c
---- openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c.fips 2019-02-28 11:30:06.815745503 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c 2019-02-28 11:30:06.815745503 +0100
-@@ -0,0 +1,134 @@
-+/* ====================================================================
-+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-+#include <openssl/hmac.h>
-+
-+#ifdef OPENSSL_FIPS
-+typedef struct {
-+ const EVP_MD *(*alg) (void);
-+ const char *key, *iv;
-+ unsigned char kaval[EVP_MAX_MD_SIZE];
-+} HMAC_KAT;
-+
-+static const HMAC_KAT vector[] = {
-+ {EVP_sha1,
-+ /* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */
-+ "0123456789:;<=>?@ABC",
-+ "Sample #2",
-+ {0x09, 0x22, 0xd3, 0x40, 0x5f, 0xaa, 0x3d, 0x19,
-+ 0x4f, 0x82, 0xa4, 0x58, 0x30, 0x73, 0x7d, 0x5c,
-+ 0xc6, 0xc7, 0x5d, 0x24}
-+ },
-+ {EVP_sha224,
-+ /* just keep extending the above... */
-+ "0123456789:;<=>?@ABC",
-+ "Sample #2",
-+ {0xdd, 0xef, 0x0a, 0x40, 0xcb, 0x7d, 0x50, 0xfb,
-+ 0x6e, 0xe6, 0xce, 0xa1, 0x20, 0xba, 0x26, 0xaa,
-+ 0x08, 0xf3, 0x07, 0x75, 0x87, 0xb8, 0xad, 0x1b,
-+ 0x8c, 0x8d, 0x12, 0xc7}
-+ },
-+ {EVP_sha256,
-+ "0123456789:;<=>?@ABC",
-+ "Sample #2",
-+ {0xb8, 0xf2, 0x0d, 0xb5, 0x41, 0xea, 0x43, 0x09,
-+ 0xca, 0x4e, 0xa9, 0x38, 0x0c, 0xd0, 0xe8, 0x34,
-+ 0xf7, 0x1f, 0xbe, 0x91, 0x74, 0xa2, 0x61, 0x38,
-+ 0x0d, 0xc1, 0x7e, 0xae, 0x6a, 0x34, 0x51, 0xd9}
-+ },
-+ {EVP_sha384,
-+ "0123456789:;<=>?@ABC",
-+ "Sample #2",
-+ {0x08, 0xbc, 0xb0, 0xda, 0x49, 0x1e, 0x87, 0xad,
-+ 0x9a, 0x1d, 0x6a, 0xce, 0x23, 0xc5, 0x0b, 0xf6,
-+ 0xb7, 0x18, 0x06, 0xa5, 0x77, 0xcd, 0x49, 0x04,
-+ 0x89, 0xf1, 0xe6, 0x23, 0x44, 0x51, 0x51, 0x9f,
-+ 0x85, 0x56, 0x80, 0x79, 0x0c, 0xbd, 0x4d, 0x50,
-+ 0xa4, 0x5f, 0x29, 0xe3, 0x93, 0xf0, 0xe8, 0x7f}
-+ },
-+ {EVP_sha512,
-+ "0123456789:;<=>?@ABC",
-+ "Sample #2",
-+ {0x80, 0x9d, 0x44, 0x05, 0x7c, 0x5b, 0x95, 0x41,
-+ 0x05, 0xbd, 0x04, 0x13, 0x16, 0xdb, 0x0f, 0xac,
-+ 0x44, 0xd5, 0xa4, 0xd5, 0xd0, 0x89, 0x2b, 0xd0,
-+ 0x4e, 0x86, 0x64, 0x12, 0xc0, 0x90, 0x77, 0x68,
-+ 0xf1, 0x87, 0xb7, 0x7c, 0x4f, 0xae, 0x2c, 0x2f,
-+ 0x21, 0xa5, 0xb5, 0x65, 0x9a, 0x4f, 0x4b, 0xa7,
-+ 0x47, 0x02, 0xa3, 0xde, 0x9b, 0x51, 0xf1, 0x45,
-+ 0xbd, 0x4f, 0x25, 0x27, 0x42, 0x98, 0x99, 0x05}
-+ },
-+};
-+
-+int FIPS_selftest_hmac()
-+{
-+ int n;
-+ unsigned int outlen;
-+ unsigned char out[EVP_MAX_MD_SIZE];
-+ const EVP_MD *md;
-+ const HMAC_KAT *t;
-+
-+ for (n = 0, t = vector; n < sizeof(vector) / sizeof(vector[0]); n++, t++) {
-+ md = (*t->alg) ();
-+ HMAC(md, t->key, strlen(t->key),
-+ (const unsigned char *)t->iv, strlen(t->iv), out, &outlen);
-+
-+ if (memcmp(out, t->kaval, outlen)) {
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ }
-+ }
-+ return 1;
-+}
-+#endif
-diff -up openssl-1.1.1b/crypto/fips/fips_locl.h.fips openssl-1.1.1b/crypto/fips/fips_locl.h
---- openssl-1.1.1b/crypto/fips/fips_locl.h.fips 2019-02-28 11:30:06.815745503 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_locl.h 2019-02-28 11:30:06.815745503 +0100
-@@ -0,0 +1,71 @@
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#ifdef OPENSSL_FIPS
-+
-+# ifdef __cplusplus
-+extern "C" {
-+# endif
-+
-+# define FIPS_MAX_CIPHER_TEST_SIZE 32
-+# define fips_load_key_component(comp, pre) \
-+ comp = BN_bin2bn(pre##_##comp, sizeof(pre##_##comp), NULL); \
-+ if (!comp) \
-+ goto err
-+
-+# define fips_post_started(id, subid, ex) 1
-+# define fips_post_success(id, subid, ex) 1
-+# define fips_post_failed(id, subid, ex) 1
-+# define fips_post_corrupt(id, subid, ex) 1
-+# define fips_post_status() 1
-+
-+# ifdef __cplusplus
-+}
-+# endif
-+#endif
-diff -up openssl-1.1.1b/crypto/fips/fips_post.c.fips openssl-1.1.1b/crypto/fips/fips_post.c
---- openssl-1.1.1b/crypto/fips/fips_post.c.fips 2019-05-06 16:08:46.794598177 +0200
-+++ openssl-1.1.1b/crypto/fips/fips_post.c 2019-05-06 16:08:46.794598177 +0200
-@@ -0,0 +1,224 @@
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#define OPENSSL_FIPSAPI
-+
-+#include <openssl/crypto.h>
-+#include <openssl/rand.h>
-+#include <openssl/fips_rand.h>
-+#include <openssl/err.h>
-+#include <openssl/bio.h>
-+#include <openssl/hmac.h>
-+#include <openssl/rsa.h>
-+#include <openssl/dsa.h>
-+#include <openssl/evp.h>
-+#include <string.h>
-+#include <limits.h>
-+
-+#ifdef OPENSSL_FIPS
-+
-+/* Power on self test (POST) support functions */
-+
-+# include <openssl/fips.h>
-+# include "internal/fips_int.h"
-+# include "fips_locl.h"
-+
-+/* Run all selftests */
-+int FIPS_selftest(void)
-+{
-+ int rv = 1;
-+ if (!FIPS_selftest_drbg())
-+ rv = 0;
-+ if (!FIPS_selftest_sha1())
-+ rv = 0;
-+ if (!FIPS_selftest_sha2())
-+ rv = 0;
-+ if (!FIPS_selftest_sha3())
-+ rv = 0;
-+ if (!FIPS_selftest_hmac())
-+ rv = 0;
-+ if (!FIPS_selftest_cmac())
-+ rv = 0;
-+ if (!FIPS_selftest_aes())
-+ rv = 0;
-+ if (!FIPS_selftest_aes_ccm())
-+ rv = 0;
-+ if (!FIPS_selftest_aes_gcm())
-+ rv = 0;
-+ if (!FIPS_selftest_aes_xts())
-+ rv = 0;
-+ if (!FIPS_selftest_des())
-+ rv = 0;
-+ if (!FIPS_selftest_rsa())
-+ rv = 0;
-+ if (!FIPS_selftest_ecdsa())
-+ rv = 0;
-+ if (!FIPS_selftest_dsa())
-+ rv = 0;
-+ if (!FIPS_selftest_dh())
-+ rv = 0;
-+ if (!FIPS_selftest_ecdh())
-+ rv = 0;
-+ return rv;
-+}
-+
-+/* Generalized public key test routine. Signs and verifies the data
-+ * supplied in tbs using mesage digest md and setting option digest
-+ * flags md_flags. If the 'kat' parameter is not NULL it will
-+ * additionally check the signature matches it: a known answer test
-+ * The string "fail_str" is used for identification purposes in case
-+ * of failure. If "pkey" is NULL just perform a message digest check.
-+ */
-+
-+int fips_pkey_signature_test(EVP_PKEY *pkey,
-+ const unsigned char *tbs, int tbslen,
-+ const unsigned char *kat, unsigned int katlen,
-+ const EVP_MD *digest, unsigned int flags,
-+ const char *fail_str)
-+{
-+ int ret = 0;
-+ unsigned char sigtmp[256], *sig = sigtmp;
-+ size_t siglen = sizeof(sigtmp);
-+ EVP_MD_CTX *mctx;
-+ EVP_PKEY_CTX *pctx;
-+
-+ if (digest == NULL)
-+ digest = EVP_sha256();
-+
-+ mctx = EVP_MD_CTX_new();
-+
-+ if ((EVP_PKEY_id(pkey) == EVP_PKEY_RSA)
-+ && (RSA_size(EVP_PKEY_get0_RSA(pkey)) > sizeof(sigtmp))) {
-+ sig = OPENSSL_malloc(RSA_size(EVP_PKEY_get0_RSA(pkey)));
-+ siglen = RSA_size(EVP_PKEY_get0_RSA(pkey));
-+ }
-+ if (!sig || ! mctx) {
-+ EVP_MD_CTX_free(mctx);
-+ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-+
-+ if (tbslen == -1)
-+ tbslen = strlen((char *)tbs);
-+
-+ if (EVP_DigestSignInit(mctx, &pctx, digest, NULL, pkey) <= 0)
-+ goto error;
-+
-+ if (flags == EVP_MD_CTX_FLAG_PAD_PSS) {
-+ EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING);
-+ EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, 0);
-+ }
-+
-+ if (EVP_DigestSignUpdate(mctx, tbs, tbslen) <= 0)
-+ goto error;
-+
-+ if (EVP_DigestSignFinal(mctx, sig, &siglen) <= 0)
-+ goto error;
-+
-+ if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen)))
-+ goto error;
-+
-+ if (EVP_DigestVerifyInit(mctx, &pctx, digest, NULL, pkey) <= 0)
-+ goto error;
-+
-+ if (flags == EVP_MD_CTX_FLAG_PAD_PSS) {
-+ EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING);
-+ EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, 0);
-+ }
-+
-+ if (EVP_DigestVerifyUpdate(mctx, tbs, tbslen) <= 0)
-+ goto error;
-+
-+ ret = EVP_DigestVerifyFinal(mctx, sig, siglen);
-+
-+ error:
-+ if (sig != sigtmp)
-+ OPENSSL_free(sig);
-+ EVP_MD_CTX_free(mctx);
-+ if (ret <= 0) {
-+ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST, FIPS_R_TEST_FAILURE);
-+ if (fail_str)
-+ ERR_add_error_data(2, "Type=", fail_str);
-+ return 0;
-+ }
-+ return 1;
-+}
-+
-+/* Generalized symmetric cipher test routine. Encrypt data, verify result
-+ * against known answer, decrypt and compare with original plaintext.
-+ */
-+
-+int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-+ const unsigned char *key,
-+ const unsigned char *iv,
-+ const unsigned char *plaintext,
-+ const unsigned char *ciphertext, int len)
-+{
-+ unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE];
-+ unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE];
-+
-+ OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE);
-+ memset(pltmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
-+ memset(citmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
-+
-+ if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1) <= 0)
-+ return 0;
-+ if (EVP_Cipher(ctx, citmp, plaintext, len) <= 0)
-+ return 0;
-+ if (memcmp(citmp, ciphertext, len))
-+ return 0;
-+ if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0) <= 0)
-+ return 0;
-+ if (EVP_Cipher(ctx, pltmp, citmp, len) <= 0)
-+ return 0;
-+ if (memcmp(pltmp, plaintext, len))
-+ return 0;
-+ return 1;
-+}
-+#endif
-diff -up openssl-1.1.1b/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1b/crypto/fips/fips_rand_lcl.h
---- openssl-1.1.1b/crypto/fips/fips_rand_lcl.h.fips 2019-02-28 11:30:06.816745484 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_rand_lcl.h 2019-02-28 11:30:06.816745484 +0100
-@@ -0,0 +1,203 @@
-+/* fips/rand/fips_rand_lcl.h */
-+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
-+ * project.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing@OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ */
-+
-+typedef struct drbg_hash_ctx_st DRBG_HASH_CTX;
-+typedef struct drbg_hmac_ctx_st DRBG_HMAC_CTX;
-+typedef struct drbg_ctr_ctx_st DRBG_CTR_CTX;
-+
-+/* 888 bits from 10.1 table 2 */
-+#define HASH_PRNG_MAX_SEEDLEN 111
-+
-+struct drbg_hash_ctx_st {
-+ const EVP_MD *md;
-+ EVP_MD_CTX *mctx;
-+ unsigned char V[HASH_PRNG_MAX_SEEDLEN];
-+ unsigned char C[HASH_PRNG_MAX_SEEDLEN];
-+ /* Temporary value storage: should always exceed max digest length */
-+ unsigned char vtmp[HASH_PRNG_MAX_SEEDLEN];
-+};
-+
-+struct drbg_hmac_ctx_st {
-+ const EVP_MD *md;
-+ HMAC_CTX *hctx;
-+ unsigned char K[EVP_MAX_MD_SIZE];
-+ unsigned char V[EVP_MAX_MD_SIZE];
-+};
-+
-+struct drbg_ctr_ctx_st {
-+ AES_KEY ks;
-+ size_t keylen;
-+ unsigned char K[32];
-+ unsigned char V[16];
-+ /* Temp variables used by derivation function */
-+ AES_KEY df_ks;
-+ AES_KEY df_kxks;
-+ /* Temporary block storage used by ctr_df */
-+ unsigned char bltmp[16];
-+ size_t bltmp_pos;
-+ unsigned char KX[48];
-+};
-+
-+/* DRBG internal flags */
-+
-+/* Functions shouldn't call err library */
-+#define DRBG_FLAG_NOERR 0x1
-+/* Custom reseed checking */
-+#define DRBG_CUSTOM_RESEED 0x2
-+
-+/* DRBG status values */
-+/* not initialised */
-+#define DRBG_STATUS_UNINITIALISED 0
-+/* ok and ready to generate random bits */
-+#define DRBG_STATUS_READY 1
-+/* reseed required */
-+#define DRBG_STATUS_RESEED 2
-+/* fatal error condition */
-+#define DRBG_STATUS_ERROR 3
-+
-+/* A default maximum length: larger than any reasonable value used in pratice */
-+
-+#define DRBG_MAX_LENGTH 0x7ffffff0
-+/* Maximum DRBG block length: all md sizes are bigger than cipher blocks sizes
-+ * so use max digest length.
-+ */
-+#define DRBG_MAX_BLOCK EVP_MAX_MD_SIZE
-+
-+#define DRBG_HEALTH_INTERVAL (1 << 24)
-+
-+/* DRBG context structure */
-+
-+struct drbg_ctx_st {
-+ /* First types common to all implementations */
-+ /* DRBG type: a NID for the underlying algorithm */
-+ int type;
-+ /* Various external flags */
-+ unsigned int xflags;
-+ /* Various internal use only flags */
-+ unsigned int iflags;
-+ /* Used for periodic health checks */
-+ int health_check_cnt, health_check_interval;
-+
-+ /* The following parameters are setup by mechanism drbg_init() call */
-+ int strength;
-+ size_t blocklength;
-+ size_t max_request;
-+
-+ size_t min_entropy, max_entropy;
-+ size_t min_nonce, max_nonce;
-+ size_t max_pers, max_adin;
-+ unsigned int reseed_counter;
-+ unsigned int reseed_interval;
-+ size_t seedlen;
-+ int status;
-+ /* Application data: typically used by test get_entropy */
-+ void *app_data;
-+ /* Implementation specific structures */
-+ union {
-+ DRBG_HASH_CTX hash;
-+ DRBG_HMAC_CTX hmac;
-+ DRBG_CTR_CTX ctr;
-+ } d;
-+ /* Initialiase PRNG and setup callbacks below */
-+ int (*init) (DRBG_CTX *ctx, int nid, int security, unsigned int flags);
-+ /* Intantiate PRNG */
-+ int (*instantiate) (DRBG_CTX *ctx,
-+ const unsigned char *ent, size_t entlen,
-+ const unsigned char *nonce, size_t noncelen,
-+ const unsigned char *pers, size_t perslen);
-+ /* reseed */
-+ int (*reseed) (DRBG_CTX *ctx,
-+ const unsigned char *ent, size_t entlen,
-+ const unsigned char *adin, size_t adinlen);
-+ /* generat output */
-+ int (*generate) (DRBG_CTX *ctx,
-+ unsigned char *out, size_t outlen,
-+ const unsigned char *adin, size_t adinlen);
-+ /* uninstantiate */
-+ int (*uninstantiate) (DRBG_CTX *ctx);
-+
-+ /* Entropy source block length */
-+ size_t entropy_blocklen;
-+
-+ /* entropy gathering function */
-+ size_t (*get_entropy) (DRBG_CTX *ctx, unsigned char **pout,
-+ int entropy, size_t min_len, size_t max_len);
-+ /* Indicates we have finished with entropy buffer */
-+ void (*cleanup_entropy) (DRBG_CTX *ctx, unsigned char *out, size_t olen);
-+
-+ /* nonce gathering function */
-+ size_t (*get_nonce) (DRBG_CTX *ctx, unsigned char **pout,
-+ int entropy, size_t min_len, size_t max_len);
-+ /* Indicates we have finished with nonce buffer */
-+ void (*cleanup_nonce) (DRBG_CTX *ctx, unsigned char *out, size_t olen);
-+
-+ /* Callbacks used when called through RAND interface */
-+ /* Get any additional input for generate */
-+ size_t (*get_adin) (DRBG_CTX *ctx, unsigned char **pout);
-+ void (*cleanup_adin) (DRBG_CTX *ctx, unsigned char *out, size_t olen);
-+ /* Callback for RAND_seed(), RAND_add() */
-+ int (*rand_seed_cb) (DRBG_CTX *ctx, const void *buf, int num);
-+ int (*rand_add_cb) (DRBG_CTX *ctx,
-+ const void *buf, int num, double entropy);
-+};
-+
-+int fips_drbg_ctr_init(DRBG_CTX *dctx);
-+int fips_drbg_hash_init(DRBG_CTX *dctx);
-+int fips_drbg_hmac_init(DRBG_CTX *dctx);
-+int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags);
-+int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out);
-+
-+#define FIPS_digestinit EVP_DigestInit
-+#define FIPS_digestupdate EVP_DigestUpdate
-+#define FIPS_digestfinal EVP_DigestFinal
-+#define M_EVP_MD_size EVP_MD_size
-diff -up openssl-1.1.1b/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1b/crypto/fips/fips_rand_lib.c
---- openssl-1.1.1b/crypto/fips/fips_rand_lib.c.fips 2019-02-28 11:30:06.816745484 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_rand_lib.c 2019-02-28 11:30:06.816745484 +0100
-@@ -0,0 +1,234 @@
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+/* If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't
-+ be defined and gettimeofday() won't be declared with strict compilers
-+ like DEC C in ANSI C mode. */
-+#ifndef _XOPEN_SOURCE_EXTENDED
-+# define _XOPEN_SOURCE_EXTENDED 1
-+#endif
-+
-+#include <openssl/crypto.h>
-+#include <openssl/rand.h>
-+#include <openssl/err.h>
-+#include <openssl/fips.h>
-+#include "internal/fips_int.h"
-+#include <openssl/fips_rand.h>
-+#include "e_os.h"
-+
-+#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS))
-+# include <sys/time.h>
-+#endif
-+#if defined(OPENSSL_SYS_VXWORKS)
-+# include <time.h>
-+#endif
-+#ifndef OPENSSL_SYS_WIN32
-+# ifdef OPENSSL_UNISTD
-+# include OPENSSL_UNISTD
-+# else
-+# include <unistd.h>
-+# endif
-+#endif
-+
-+/* FIPS API for PRNG use. Similar to RAND functionality but without
-+ * ENGINE and additional checking for non-FIPS rand methods.
-+ */
-+
-+static const RAND_METHOD *fips_rand_meth = NULL;
-+static int fips_approved_rand_meth = 0;
-+static int fips_rand_bits = 0;
-+
-+/* Allows application to override number of bits and uses non-FIPS methods */
-+void FIPS_rand_set_bits(int nbits)
-+{
-+ fips_rand_bits = nbits;
-+}
-+
-+int FIPS_rand_set_method(const RAND_METHOD *meth)
-+{
-+ if (!fips_rand_bits) {
-+ if (meth == FIPS_drbg_method())
-+ fips_approved_rand_meth = 1;
-+ else {
-+ fips_approved_rand_meth = 0;
-+ if (FIPS_module_mode()) {
-+ FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD, FIPS_R_NON_FIPS_METHOD);
-+ return 0;
-+ }
-+ }
-+ }
-+ fips_rand_meth = meth;
-+ return 1;
-+}
-+
-+const RAND_METHOD *FIPS_rand_get_method(void)
-+{
-+ return fips_rand_meth;
-+}
-+
-+void FIPS_rand_reset(void)
-+{
-+ if (fips_rand_meth && fips_rand_meth->cleanup)
-+ fips_rand_meth->cleanup();
-+}
-+
-+int FIPS_rand_seed(const void *buf, int num)
-+{
-+ if (!fips_approved_rand_meth && FIPS_module_mode()) {
-+ FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
-+ return 0;
-+ }
-+ if (fips_rand_meth && fips_rand_meth->seed)
-+ fips_rand_meth->seed(buf, num);
-+ return 1;
-+}
-+
-+int FIPS_rand_bytes(unsigned char *buf, int num)
-+{
-+ if (!fips_approved_rand_meth && FIPS_module_mode()) {
-+ FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
-+ return 0;
-+ }
-+ if (fips_rand_meth && fips_rand_meth->bytes)
-+ return fips_rand_meth->bytes(buf, num);
-+ return 0;
-+}
-+
-+int FIPS_rand_status(void)
-+{
-+ if (!fips_approved_rand_meth && FIPS_module_mode()) {
-+ FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
-+ return 0;
-+ }
-+ if (fips_rand_meth && fips_rand_meth->status)
-+ return fips_rand_meth->status();
-+ return 0;
-+}
-+
-+/* Return instantiated strength of PRNG. For DRBG this is an internal
-+ * parameter. Any other type of PRNG is not approved and returns 0 in
-+ * FIPS mode and maximum 256 outside FIPS mode.
-+ */
-+
-+int FIPS_rand_strength(void)
-+{
-+ if (fips_rand_bits)
-+ return fips_rand_bits;
-+ if (fips_approved_rand_meth == 1)
-+ return FIPS_drbg_get_strength(FIPS_get_default_drbg());
-+ else if (fips_approved_rand_meth == 0) {
-+ if (FIPS_module_mode())
-+ return 0;
-+ else
-+ return 256;
-+ }
-+ return 0;
-+}
-+
-+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr)
-+{
-+# ifdef OPENSSL_SYS_WIN32
-+ FILETIME ft;
-+# elif defined(OPENSSL_SYS_VXWORKS)
-+ struct timespec ts;
-+# else
-+ struct timeval tv;
-+# endif
-+
-+# ifndef GETPID_IS_MEANINGLESS
-+ unsigned long pid;
-+# endif
-+
-+# ifdef OPENSSL_SYS_WIN32
-+ GetSystemTimeAsFileTime(&ft);
-+ buf[0] = (unsigned char)(ft.dwHighDateTime & 0xff);
-+ buf[1] = (unsigned char)((ft.dwHighDateTime >> 8) & 0xff);
-+ buf[2] = (unsigned char)((ft.dwHighDateTime >> 16) & 0xff);
-+ buf[3] = (unsigned char)((ft.dwHighDateTime >> 24) & 0xff);
-+ buf[4] = (unsigned char)(ft.dwLowDateTime & 0xff);
-+ buf[5] = (unsigned char)((ft.dwLowDateTime >> 8) & 0xff);
-+ buf[6] = (unsigned char)((ft.dwLowDateTime >> 16) & 0xff);
-+ buf[7] = (unsigned char)((ft.dwLowDateTime >> 24) & 0xff);
-+# elif defined(OPENSSL_SYS_VXWORKS)
-+ clock_gettime(CLOCK_REALTIME, &ts);
-+ buf[0] = (unsigned char)(ts.tv_sec & 0xff);
-+ buf[1] = (unsigned char)((ts.tv_sec >> 8) & 0xff);
-+ buf[2] = (unsigned char)((ts.tv_sec >> 16) & 0xff);
-+ buf[3] = (unsigned char)((ts.tv_sec >> 24) & 0xff);
-+ buf[4] = (unsigned char)(ts.tv_nsec & 0xff);
-+ buf[5] = (unsigned char)((ts.tv_nsec >> 8) & 0xff);
-+ buf[6] = (unsigned char)((ts.tv_nsec >> 16) & 0xff);
-+ buf[7] = (unsigned char)((ts.tv_nsec >> 24) & 0xff);
-+# else
-+ gettimeofday(&tv, NULL);
-+ buf[0] = (unsigned char)(tv.tv_sec & 0xff);
-+ buf[1] = (unsigned char)((tv.tv_sec >> 8) & 0xff);
-+ buf[2] = (unsigned char)((tv.tv_sec >> 16) & 0xff);
-+ buf[3] = (unsigned char)((tv.tv_sec >> 24) & 0xff);
-+ buf[4] = (unsigned char)(tv.tv_usec & 0xff);
-+ buf[5] = (unsigned char)((tv.tv_usec >> 8) & 0xff);
-+ buf[6] = (unsigned char)((tv.tv_usec >> 16) & 0xff);
-+ buf[7] = (unsigned char)((tv.tv_usec >> 24) & 0xff);
-+# endif
-+ buf[8] = (unsigned char)(*pctr & 0xff);
-+ buf[9] = (unsigned char)((*pctr >> 8) & 0xff);
-+ buf[10] = (unsigned char)((*pctr >> 16) & 0xff);
-+ buf[11] = (unsigned char)((*pctr >> 24) & 0xff);
-+
-+ (*pctr)++;
-+
-+# ifndef GETPID_IS_MEANINGLESS
-+ pid = (unsigned long)getpid();
-+ buf[12] = (unsigned char)(pid & 0xff);
-+ buf[13] = (unsigned char)((pid >> 8) & 0xff);
-+ buf[14] = (unsigned char)((pid >> 16) & 0xff);
-+ buf[15] = (unsigned char)((pid >> 24) & 0xff);
-+# endif
-+}
-+
-diff -up openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c
---- openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c.fips 2019-02-28 11:30:06.816745484 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c 2019-02-28 11:30:06.816745484 +0100
-@@ -0,0 +1,338 @@
-+/* ====================================================================
-+ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+# include "internal/fips_int.h"
-+#endif
-+#include <openssl/rsa.h>
-+#include <openssl/evp.h>
-+#include <openssl/bn.h>
-+#include <openssl/opensslconf.h>
-+#include "fips_locl.h"
-+
-+#ifdef OPENSSL_FIPS
-+
-+static int setrsakey(RSA *key)
-+{
-+ static const unsigned char keydata_n[] = {
-+ 0x00, 0xc9, 0xd5, 0x6d, 0x9d, 0x90, 0xdb, 0x43, 0xd6, 0x02, 0xed, 0x96, 0x88, 0x13, 0x8a,
-+ 0xb2, 0xbf, 0x6e, 0xa1, 0x06, 0x10, 0xb2, 0x78, 0x37, 0xa7, 0x14, 0xa8, 0xff, 0xdd, 0x00,
-+ 0xdd, 0xb4, 0x93, 0xa0, 0x45, 0xcc, 0x96, 0x90, 0xed, 0xad, 0xa9, 0xdd, 0xc4, 0xd6, 0xca,
-+ 0x0c, 0xf0, 0xed, 0x4f, 0x72, 0x5e, 0x21, 0x49, 0x9a, 0x18, 0x12, 0x15, 0x8f, 0x90, 0x5a,
-+ 0xdb, 0xb6, 0x33, 0x99, 0xa3, 0xe6, 0xb4, 0xf0, 0xc4, 0x97, 0x21, 0x26, 0xbb, 0xe3, 0xba,
-+ 0xf2, 0xff, 0xa0, 0x72, 0xda, 0x89, 0x63, 0x8e, 0x8b, 0x3e, 0x08, 0x9d, 0x92, 0x2a, 0xbe,
-+ 0x16, 0xe1, 0x43, 0x15, 0xfc, 0x57, 0xc7, 0x1f, 0x09, 0x11, 0x67, 0x1c, 0xa9, 0x96, 0xd1,
-+ 0x8b, 0x3e, 0x80, 0x93, 0xc1, 0x59, 0xd0, 0x6d, 0x39, 0xf2, 0xac, 0x95, 0xcc, 0x10, 0x75,
-+ 0xe9, 0x31, 0x24, 0xd1, 0x43, 0xaf, 0x68, 0x52, 0x4b, 0xe7, 0x16, 0xd7, 0x49, 0x65, 0x6f,
-+ 0x26, 0xc0, 0x86, 0xad, 0xc0, 0x07, 0x0a, 0xc1, 0xe1, 0x2f, 0x87, 0x85, 0x86, 0x3b, 0xdc,
-+ 0x5a, 0x99, 0xbe, 0xe9, 0xf9, 0xb9, 0xe9, 0x82, 0x27, 0x51, 0x04, 0x15, 0xab, 0x06, 0x0e,
-+ 0x76, 0x5a, 0x28, 0x8d, 0x92, 0xbd, 0xc5, 0xb5, 0x7b, 0xa8, 0xdf, 0x4e, 0x47, 0xa2, 0xc1,
-+ 0xe7, 0x52, 0xbf, 0x47, 0xf7, 0x62, 0xe0, 0x3a, 0x6f, 0x4d, 0x6a, 0x4d, 0x4e, 0xd4, 0xb9,
-+ 0x59, 0x69, 0xfa, 0xb2, 0x14, 0xc1, 0xee, 0xe6, 0x2f, 0x95, 0xcd, 0x94, 0x72, 0xae, 0xe4,
-+ 0xdb, 0x18, 0x9a, 0xc4, 0xcd, 0x70, 0xbd, 0xee, 0x31, 0x16, 0xb7, 0x49, 0x65, 0xac, 0x40,
-+ 0x19, 0x0e, 0xb5, 0x6d, 0x83, 0xf1, 0x36, 0xbb, 0x08, 0x2f, 0x2e, 0x4e, 0x92, 0x62, 0xa4,
-+ 0xff, 0x50, 0xdb, 0x20, 0x45, 0xa2, 0xeb, 0x16, 0x7a, 0xf2, 0xd5, 0x28, 0xc1, 0xfd, 0x4e,
-+ 0x03, 0x71
-+ };
-+
-+ static const unsigned char keydata_e[] = { 0x01, 0x00, 0x01 };
-+
-+ static const unsigned char keydata_d[] = {
-+ 0x36, 0x27, 0x3d, 0xb1, 0xf9, 0x1b, 0xdb, 0xa7, 0xa0, 0x41, 0x7f, 0x12, 0x23, 0xac, 0x23,
-+ 0x29, 0x99, 0xd5, 0x3a, 0x7b, 0x60, 0x67, 0x41, 0x07, 0x63, 0x53, 0xb4, 0xd2, 0xe7, 0x58,
-+ 0x95, 0x0a, 0xc7, 0x05, 0xf3, 0x4e, 0xb2, 0xb4, 0x12, 0xd4, 0x70, 0xdc, 0x4f, 0x85, 0x06,
-+ 0xd3, 0xdd, 0xd8, 0x63, 0x27, 0x3e, 0x67, 0x31, 0x21, 0x24, 0x39, 0x04, 0xbc, 0x06, 0xa4,
-+ 0xcc, 0xce, 0x2b, 0x7a, 0xfe, 0x7b, 0xad, 0xde, 0x11, 0x6e, 0xa3, 0xa5, 0xe6, 0x04, 0x53,
-+ 0x0e, 0xa3, 0x4e, 0x2d, 0xb4, 0x8f, 0x31, 0xbf, 0xca, 0x75, 0x25, 0x52, 0x02, 0x85, 0xde,
-+ 0x3d, 0xb2, 0x72, 0x43, 0xb2, 0x89, 0x8a, 0x9a, 0x34, 0x41, 0x26, 0x3f, 0x9a, 0x67, 0xbe,
-+ 0xa4, 0x96, 0x7b, 0x0e, 0x75, 0xba, 0xa6, 0x93, 0xd5, 0xb8, 0xd8, 0xb8, 0x57, 0xf2, 0x4b,
-+ 0x0f, 0x14, 0x81, 0xd1, 0x57, 0x4e, 0xf6, 0x45, 0x4c, 0xa6, 0x3b, 0xd0, 0x70, 0xca, 0xd3,
-+ 0x9d, 0x55, 0xde, 0x22, 0x05, 0xe7, 0x8e, 0x28, 0x4d, 0xee, 0x11, 0xcf, 0xb6, 0x67, 0x76,
-+ 0x09, 0xd3, 0xe3, 0x3c, 0x13, 0xf9, 0x99, 0x34, 0x10, 0x7b, 0xec, 0x81, 0x38, 0xf0, 0xb6,
-+ 0x34, 0x9c, 0x9b, 0x50, 0x6f, 0x0b, 0x91, 0x81, 0x4d, 0x89, 0x94, 0x04, 0x7b, 0xf0, 0x3c,
-+ 0xf4, 0xb1, 0xb2, 0x00, 0x48, 0x8d, 0x5a, 0x8f, 0x88, 0x9e, 0xc5, 0xab, 0x3a, 0x9e, 0x44,
-+ 0x3f, 0x54, 0xe7, 0xd9, 0x6e, 0x47, 0xaa, 0xa1, 0xbd, 0x40, 0x46, 0x31, 0xf9, 0xf0, 0x34,
-+ 0xb6, 0x04, 0xe1, 0x2b, 0x5b, 0x73, 0x86, 0xdd, 0x3a, 0x92, 0x1b, 0x71, 0xc7, 0x3f, 0x32,
-+ 0xe5, 0xc3, 0xc2, 0xab, 0xa1, 0x7e, 0xbf, 0xa4, 0x52, 0xa0, 0xb0, 0x68, 0x90, 0xd1, 0x20,
-+ 0x12, 0x79, 0xe9, 0xd7, 0xc9, 0x40, 0xba, 0xf2, 0x19, 0xc7, 0xa5, 0x00, 0x92, 0x86, 0x0d,
-+ 0x01
-+ };
-+
-+ static const unsigned char keydata_p[] = {
-+ 0x00, 0xfc, 0x5c, 0x6e, 0x16, 0xce, 0x1f, 0x03, 0x7b, 0xcd, 0xf7, 0xb3, 0x72, 0xb2, 0x8f,
-+ 0x16, 0x72, 0xb8, 0x56, 0xae, 0xf7, 0xcd, 0x67, 0xd8, 0x4e, 0x7d, 0x07, 0xaf, 0xd5, 0x43,
-+ 0x26, 0xc3, 0x35, 0xbe, 0x43, 0x8f, 0x4e, 0x2f, 0x1c, 0x43, 0x4e, 0x6b, 0xd2, 0xb2, 0xec,
-+ 0x52, 0x6d, 0x97, 0x52, 0x2b, 0xcc, 0x5c, 0x3a, 0x6b, 0xf4, 0x14, 0xc6, 0x74, 0xda, 0x66,
-+ 0x38, 0x1c, 0x7a, 0x3f, 0x84, 0x2f, 0xe3, 0xf9, 0x5a, 0xb8, 0x65, 0x69, 0x46, 0x06, 0xa3,
-+ 0x37, 0x79, 0xb2, 0xa1, 0x5b, 0x58, 0xed, 0x5e, 0xa7, 0x5f, 0x8c, 0x65, 0x66, 0xbb, 0xd1,
-+ 0x24, 0x36, 0xe6, 0x37, 0xa7, 0x3d, 0x49, 0x77, 0x8a, 0x8c, 0x34, 0xd8, 0x69, 0x29, 0xf3,
-+ 0x4d, 0x58, 0x22, 0xb0, 0x51, 0x24, 0xb6, 0x40, 0xa8, 0x86, 0x59, 0x0a, 0xb7, 0xba, 0x5c,
-+ 0x97, 0xda, 0x57, 0xe8, 0x36, 0xda, 0x7a, 0x9c, 0xad
-+ };
-+
-+ static const unsigned char keydata_q[] = {
-+ 0x00, 0xcc, 0xbe, 0x7b, 0x09, 0x69, 0x06, 0xee, 0x45, 0xbf, 0x88, 0x47, 0x38, 0xa8, 0xf8,
-+ 0x17, 0xe5, 0xb6, 0xba, 0x67, 0x55, 0xe3, 0xe8, 0x05, 0x8b, 0xb8, 0xe2, 0x53, 0xd6, 0x8e,
-+ 0xef, 0x2c, 0xe7, 0x4f, 0x4a, 0xf7, 0x4e, 0x26, 0x8d, 0x85, 0x0b, 0x3f, 0xec, 0xc3, 0x1c,
-+ 0xd4, 0xeb, 0xec, 0x6a, 0xc8, 0x72, 0x2a, 0x25, 0x7d, 0xfd, 0xa6, 0x77, 0x96, 0xf0, 0x1e,
-+ 0xcd, 0x28, 0x57, 0xf8, 0x37, 0x30, 0x75, 0x6b, 0xbd, 0xd4, 0x7b, 0x0c, 0x87, 0xc5, 0x6c,
-+ 0x87, 0x40, 0xa5, 0xbb, 0x27, 0x2c, 0x78, 0xc9, 0x74, 0x5a, 0x54, 0x5b, 0x0b, 0x30, 0x6f,
-+ 0x44, 0x4a, 0xfa, 0x71, 0xe4, 0x21, 0x61, 0x66, 0xf9, 0xee, 0x65, 0xde, 0x7c, 0x04, 0xd7,
-+ 0xfd, 0xa9, 0x15, 0x5b, 0x7f, 0xe2, 0x7a, 0xba, 0x69, 0x86, 0x72, 0xa6, 0x06, 0x8d, 0x9b,
-+ 0x90, 0x55, 0x60, 0x9e, 0x4c, 0x5d, 0xa9, 0xb6, 0x55
-+ };
-+
-+ static const unsigned char keydata_dmp1[] = {
-+ 0x7a, 0xd6, 0x12, 0xd0, 0x0e, 0xec, 0x91, 0xa9, 0x85, 0x8b, 0xf8, 0x50, 0xf0, 0x11, 0x2e,
-+ 0x00, 0x11, 0x32, 0x40, 0x60, 0x66, 0x1f, 0x11, 0xee, 0xc2, 0x75, 0x27, 0x65, 0x4b, 0x16,
-+ 0x67, 0x16, 0x95, 0xd2, 0x14, 0xc3, 0x1d, 0xb3, 0x48, 0x1f, 0xb7, 0xe4, 0x0b, 0x2b, 0x74,
-+ 0xc3, 0xdb, 0x50, 0x27, 0xf9, 0x85, 0x3a, 0xfa, 0xa9, 0x08, 0x23, 0xc1, 0x65, 0x3d, 0x34,
-+ 0x3a, 0xc8, 0x56, 0x7a, 0x65, 0x45, 0x36, 0x6e, 0xae, 0x2a, 0xce, 0x9f, 0x43, 0x43, 0xd7,
-+ 0x10, 0xe9, 0x9e, 0x18, 0xf4, 0xa4, 0x35, 0xda, 0x8a, 0x6b, 0xb0, 0x3f, 0xdd, 0x53, 0xe3,
-+ 0xa8, 0xc5, 0x4e, 0x79, 0x9d, 0x1f, 0x51, 0x8c, 0xa2, 0xca, 0x66, 0x3c, 0x6a, 0x2a, 0xff,
-+ 0x8e, 0xd2, 0xf3, 0xb7, 0xcb, 0x82, 0xda, 0xde, 0x2c, 0xe6, 0xd2, 0x8c, 0xb3, 0xad, 0xb6,
-+ 0x4c, 0x95, 0x55, 0x76, 0xbd, 0xc9, 0xc8, 0xd1
-+ };
-+
-+ static const unsigned char keydata_dmq1[] = {
-+ 0x00, 0x83, 0x23, 0x1d, 0xbb, 0x11, 0x42, 0x17, 0x2b, 0x25, 0x5a, 0x2c, 0x03, 0xe6, 0x75,
-+ 0xc1, 0x18, 0xa8, 0xc9, 0x0b, 0x96, 0xbf, 0xba, 0xc4, 0x92, 0x91, 0x80, 0xa5, 0x22, 0x2f,
-+ 0xba, 0x91, 0x90, 0x36, 0x01, 0x56, 0x15, 0x00, 0x2c, 0x74, 0xa2, 0x97, 0xf7, 0x15, 0xa1,
-+ 0x49, 0xdf, 0x32, 0x35, 0xd2, 0xdd, 0x0c, 0x91, 0xa6, 0xf8, 0xe7, 0xbe, 0x81, 0x36, 0x9b,
-+ 0x03, 0xdc, 0x6b, 0x3b, 0xd8, 0x5d, 0x79, 0x57, 0xe0, 0xe6, 0x4f, 0x49, 0xdf, 0x4c, 0x5c,
-+ 0x0e, 0xe5, 0x21, 0x41, 0x95, 0xfd, 0xad, 0xff, 0x9a, 0x3e, 0xa0, 0xf9, 0x0f, 0x59, 0x9e,
-+ 0x6a, 0xa7, 0x7b, 0x71, 0xa7, 0x24, 0x9a, 0x36, 0x52, 0xae, 0x97, 0x20, 0xc1, 0x5e, 0x78,
-+ 0xd9, 0x47, 0x8b, 0x1e, 0x67, 0xf2, 0xaf, 0x98, 0xe6, 0x2d, 0xef, 0x10, 0xd7, 0xf1, 0xab,
-+ 0x49, 0xee, 0xe5, 0x4b, 0x7e, 0xae, 0x1f, 0x1d, 0x61
-+ };
-+
-+ static const unsigned char keydata_iqmp[] = {
-+ 0x23, 0x96, 0xc1, 0x91, 0x17, 0x5e, 0x0a, 0x83, 0xd2, 0xdc, 0x7b, 0x69, 0xb2, 0x59, 0x1d,
-+ 0x33, 0x58, 0x52, 0x3f, 0x18, 0xc7, 0x09, 0x50, 0x1c, 0xb9, 0xa1, 0xbb, 0x4c, 0xa2, 0x38,
-+ 0x40, 0x4c, 0x9a, 0x8e, 0xfe, 0x9c, 0x90, 0x92, 0xd0, 0x71, 0x9f, 0x89, 0x99, 0x50, 0x91,
-+ 0x1f, 0x34, 0x8b, 0x74, 0x53, 0x11, 0x11, 0x4a, 0x70, 0xe2, 0xf7, 0x30, 0xd8, 0x8c, 0x80,
-+ 0xe1, 0xcc, 0x9f, 0xf1, 0x63, 0x17, 0x1a, 0x7d, 0x67, 0x29, 0x4c, 0xcb, 0x4e, 0x74, 0x7b,
-+ 0xe0, 0x3e, 0x9e, 0x2f, 0xf4, 0x67, 0x8f, 0xec, 0xb9, 0x5c, 0x00, 0x1e, 0x7e, 0xa2, 0x7b,
-+ 0x92, 0xc9, 0x6f, 0x4c, 0xe4, 0x0e, 0xf9, 0x48, 0x63, 0xcd, 0x50, 0x22, 0x5d, 0xbf, 0xb6,
-+ 0x9d, 0x01, 0x33, 0x6a, 0xf4, 0x50, 0xbe, 0x86, 0x98, 0x4f, 0xca, 0x3f, 0x3a, 0xfa, 0xcf,
-+ 0x07, 0x40, 0xc4, 0xaa, 0xad, 0xae, 0xbe, 0xbf
-+ };
-+
-+ int rv = 0;
-+ BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
-+
-+ fips_load_key_component(n, keydata);
-+ fips_load_key_component(e, keydata);
-+ fips_load_key_component(d, keydata);
-+ fips_load_key_component(p, keydata);
-+ fips_load_key_component(q, keydata);
-+ fips_load_key_component(dmp1, keydata);
-+ fips_load_key_component(dmq1, keydata);
-+ fips_load_key_component(iqmp, keydata);
-+
-+ RSA_set0_key(key, n, e, d);
-+ RSA_set0_factors(key, p, q);
-+ RSA_set0_crt_params(key, dmp1, dmq1, iqmp);
-+
-+ rv = 1;
-+err:
-+ if (!rv) {
-+ BN_free(n);
-+ BN_free(e);
-+ BN_free(d);
-+ BN_free(p);
-+ BN_free(q);
-+ BN_free(dmp1);
-+ BN_free(dmq1);
-+ BN_free(iqmp);
-+ }
-+ return rv;
-+}
-+
-+/* Known Answer Test (KAT) data for the above RSA private key signing
-+ * kat_tbs.
-+ */
-+
-+static const unsigned char kat_tbs[] =
-+ "OpenSSL FIPS 140-2 Public Key RSA KAT";
-+
-+static const unsigned char kat_RSA_PSS_SHA256[] = {
-+ 0x38, 0xDA, 0x99, 0x51, 0x26, 0x38, 0xC6, 0x7F, 0xC4, 0x81, 0x57, 0x19,
-+ 0x35, 0xC6, 0xF6, 0x1E, 0x90, 0x47, 0x20, 0x55, 0x47, 0x56, 0x26, 0xE9,
-+ 0xF2, 0xA8, 0x39, 0x6C, 0xD5, 0xCD, 0xCB, 0x55, 0xFC, 0x0C, 0xC5, 0xCB,
-+ 0xF7, 0x40, 0x17, 0x3B, 0xCF, 0xE4, 0x05, 0x03, 0x3B, 0xA0, 0xB2, 0xC9,
-+ 0x0D, 0x5E, 0x48, 0x3A, 0xE9, 0xAD, 0x28, 0x71, 0x7D, 0x8F, 0x89, 0x16,
-+ 0x59, 0x93, 0x35, 0xDC, 0x4D, 0x7B, 0xDF, 0x84, 0xE4, 0x68, 0xAA, 0x33,
-+ 0xAA, 0xDC, 0x66, 0x50, 0xC8, 0xA9, 0x32, 0x12, 0xDC, 0xC6, 0x90, 0x49,
-+ 0x0B, 0x75, 0xFF, 0x9B, 0x95, 0x00, 0x9A, 0x90, 0xE0, 0xD4, 0x0E, 0x67,
-+ 0xAB, 0x3C, 0x47, 0x36, 0xC5, 0x2E, 0x1C, 0x46, 0xF0, 0x2D, 0xD3, 0x8B,
-+ 0x42, 0x08, 0xDE, 0x0D, 0xB6, 0x2C, 0x86, 0xB0, 0x35, 0x71, 0x18, 0x6B,
-+ 0x89, 0x67, 0xC0, 0x05, 0xAD, 0xF4, 0x1D, 0x62, 0x4E, 0x75, 0xEC, 0xD6,
-+ 0xC2, 0xDB, 0x07, 0xB0, 0xB6, 0x8D, 0x15, 0xAD, 0xCD, 0xBF, 0xF5, 0x60,
-+ 0x76, 0xAE, 0x48, 0xB8, 0x77, 0x7F, 0xC5, 0x01, 0xD9, 0x29, 0xBB, 0xD6,
-+ 0x17, 0xA2, 0x20, 0x5A, 0xC0, 0x4A, 0x3B, 0x34, 0xC8, 0xB9, 0x39, 0xCF,
-+ 0x06, 0x89, 0x95, 0x6F, 0xC7, 0xCA, 0xC4, 0xE4, 0x43, 0xDF, 0x5A, 0x23,
-+ 0xE2, 0x89, 0xA3, 0x38, 0x78, 0x31, 0x38, 0xC6, 0xA4, 0x6F, 0x5F, 0x73,
-+ 0x5A, 0xE5, 0x9E, 0x09, 0xE7, 0x6F, 0xD4, 0xF8, 0x3E, 0xB7, 0xB0, 0x56,
-+ 0x9A, 0xF3, 0x65, 0xF0, 0xC2, 0xA6, 0x8A, 0x08, 0xBA, 0x44, 0xAC, 0x97,
-+ 0xDE, 0xB4, 0x16, 0x83, 0xDF, 0xE3, 0xEE, 0x71, 0xFA, 0xF9, 0x51, 0x50,
-+ 0x14, 0xDC, 0xFD, 0x6A, 0x82, 0x20, 0x68, 0x64, 0x7D, 0x4E, 0x82, 0x68,
-+ 0xD7, 0x45, 0xFA, 0x6A, 0xE4, 0xE5, 0x29, 0x3A, 0x70, 0xFB, 0xE4, 0x62,
-+ 0x2B, 0x31, 0xB9, 0x7D
-+};
-+
-+static const unsigned char kat_RSA_SHA256[] = {
-+ 0xC2, 0xB1, 0x97, 0x00, 0x9A, 0xE5, 0x80, 0x6A, 0xE2, 0x51, 0x68, 0xB9,
-+ 0x7A, 0x0C, 0xF2, 0xB4, 0x77, 0xED, 0x15, 0x0C, 0x4E, 0xE1, 0xDC, 0xFF,
-+ 0x8E, 0xBC, 0xDE, 0xC7, 0x9A, 0x96, 0xF1, 0x47, 0x45, 0x24, 0x9D, 0x6F,
-+ 0xA6, 0xF3, 0x1D, 0x0D, 0x35, 0x4C, 0x1A, 0xF3, 0x58, 0x2C, 0x6C, 0x06,
-+ 0xD6, 0x22, 0x37, 0x77, 0x8C, 0x33, 0xE5, 0x07, 0x53, 0x93, 0x28, 0xCF,
-+ 0x67, 0xFA, 0xC4, 0x1F, 0x1B, 0x24, 0xDB, 0x4C, 0xC5, 0x2A, 0x51, 0xA2,
-+ 0x60, 0x15, 0x8C, 0x54, 0xB4, 0x30, 0xE2, 0x24, 0x47, 0x86, 0xF2, 0xF8,
-+ 0x6C, 0xD6, 0x12, 0x59, 0x2C, 0x74, 0x9A, 0x37, 0xF3, 0xC4, 0xA2, 0xD5,
-+ 0x4E, 0x1F, 0x77, 0xF0, 0x27, 0xCE, 0x77, 0xF8, 0x4A, 0x79, 0x03, 0xBE,
-+ 0xC8, 0x06, 0x2D, 0xA7, 0xA6, 0x46, 0xF5, 0x55, 0x79, 0xD7, 0x5C, 0xC6,
-+ 0x5B, 0xB1, 0x00, 0x4E, 0x7C, 0xD9, 0x11, 0x85, 0xE0, 0xB1, 0x4D, 0x2D,
-+ 0x13, 0xD7, 0xAC, 0xEA, 0x64, 0xD1, 0xAC, 0x8F, 0x8D, 0x8F, 0xEA, 0x42,
-+ 0x7F, 0xF9, 0xB7, 0x7D, 0x2C, 0x68, 0x49, 0x07, 0x7A, 0x74, 0xEF, 0xB4,
-+ 0xC9, 0x97, 0x16, 0x5C, 0x6C, 0x6E, 0x5C, 0x09, 0x2E, 0x8E, 0x13, 0x2E,
-+ 0x1A, 0x8D, 0xA6, 0x0C, 0x6E, 0x0C, 0x1C, 0x0F, 0xCC, 0xB2, 0x78, 0x8A,
-+ 0x07, 0xFC, 0x5C, 0xC2, 0xF5, 0x65, 0xEC, 0xAB, 0x8B, 0x3C, 0xCA, 0x91,
-+ 0x6F, 0x84, 0x7C, 0x21, 0x0E, 0xB8, 0xDA, 0x7B, 0x6C, 0xF7, 0xDF, 0xAB,
-+ 0x7E, 0x15, 0xFD, 0x85, 0x0B, 0x33, 0x9B, 0x6A, 0x3A, 0xC3, 0xEF, 0x65,
-+ 0x04, 0x6E, 0xB2, 0xAC, 0x98, 0xFD, 0xEB, 0x02, 0xF5, 0xC0, 0x0B, 0x5E,
-+ 0xCB, 0xD4, 0x83, 0x82, 0x18, 0x1B, 0xDA, 0xB4, 0xCD, 0xE8, 0x71, 0x6B,
-+ 0x1D, 0xB5, 0x4F, 0xE9, 0xD6, 0x43, 0xA0, 0x0A, 0x14, 0xA0, 0xE7, 0x5D,
-+ 0x47, 0x9D, 0x18, 0xD7
-+};
-+
-+static int fips_rsa_encrypt_test(RSA *rsa, const unsigned char *plaintext,
-+ int ptlen)
-+{
-+ unsigned char *ctbuf = NULL, *ptbuf = NULL;
-+ int ret = 0;
-+ int len;
-+
-+ ctbuf = OPENSSL_malloc(RSA_size(rsa));
-+ if (!ctbuf)
-+ goto err;
-+
-+ len = RSA_public_encrypt(ptlen, plaintext, ctbuf, rsa, RSA_PKCS1_PADDING);
-+ if (len <= 0)
-+ goto err;
-+ /* Check ciphertext doesn't match plaintext */
-+ if (len >= ptlen && !memcmp(plaintext, ctbuf, ptlen))
-+ goto err;
-+
-+ ptbuf = OPENSSL_malloc(RSA_size(rsa));
-+ if (!ptbuf)
-+ goto err;
-+
-+ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
-+ if (len != ptlen)
-+ goto err;
-+ if (memcmp(ptbuf, plaintext, len))
-+ goto err;
-+
-+ ret = 1;
-+
-+ err:
-+ if (ctbuf)
-+ OPENSSL_free(ctbuf);
-+ if (ptbuf)
-+ OPENSSL_free(ptbuf);
-+ return ret;
-+}
-+
-+int FIPS_selftest_rsa()
-+{
-+ int ret = 0;
-+ RSA *key;
-+ EVP_PKEY *pk = NULL;
-+
-+ if ((key = RSA_new()) == NULL)
-+ goto err;
-+
-+ if (!setrsakey(key))
-+ goto err;
-+
-+ if ((pk = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ EVP_PKEY_set1_RSA(pk, key);
-+
-+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-+ kat_RSA_SHA256, sizeof(kat_RSA_SHA256),
-+ EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PKCS1,
-+ "RSA SHA256 PKCS#1"))
-+ goto err;
-+
-+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-+ kat_RSA_PSS_SHA256,
-+ sizeof(kat_RSA_PSS_SHA256), EVP_sha256(),
-+ EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA256 PSS"))
-+ goto err;
-+
-+ if (!fips_rsa_encrypt_test(key, kat_tbs, sizeof(kat_tbs) - 1))
-+ goto err;
-+
-+ ret = 1;
-+
-+ err:
-+ if (pk)
-+ EVP_PKEY_free(pk);
-+ if (key)
-+ RSA_free(key);
-+ return ret;
-+}
-+
-+#endif /* def OPENSSL_FIPS */
-diff -up openssl-1.1.1b/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_sha_selftest.c
---- openssl-1.1.1b/crypto/fips/fips_sha_selftest.c.fips 2019-05-06 16:08:46.795598159 +0200
-+++ openssl-1.1.1b/crypto/fips/fips_sha_selftest.c 2019-05-06 17:35:40.211316880 +0200
-@@ -0,0 +1,223 @@
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-+#include <openssl/evp.h>
-+#include <openssl/sha.h>
-+
-+#ifdef OPENSSL_FIPS
-+static const char test[][60] = {
-+ "",
-+ "abc",
-+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
-+};
-+
-+static const unsigned char ret[][SHA_DIGEST_LENGTH] = {
-+ {0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55,
-+ 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09},
-+ {0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, 0xba, 0x3e,
-+ 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, 0x9c, 0xd0, 0xd8, 0x9d},
-+ {0x84, 0x98, 0x3e, 0x44, 0x1c, 0x3b, 0xd2, 0x6e, 0xba, 0xae,
-+ 0x4a, 0xa1, 0xf9, 0x51, 0x29, 0xe5, 0xe5, 0x46, 0x70, 0xf1},
-+};
-+
-+int FIPS_selftest_sha1()
-+{
-+ int n;
-+
-+ for (n = 0; n < sizeof(test) / sizeof(test[0]); ++n) {
-+ unsigned char md[SHA_DIGEST_LENGTH];
-+
-+ EVP_Digest(test[n], strlen(test[n]), md, NULL,
-+ EVP_sha1(), NULL);
-+ if (memcmp(md, ret[n], sizeof md)) {
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ }
-+ }
-+ return 1;
-+}
-+
-+static const unsigned char msg_sha256[] =
-+ { 0xfa, 0x48, 0x59, 0x2a, 0xe1, 0xae, 0x1f, 0x30,
-+ 0xfc
-+};
-+
-+static const unsigned char dig_sha256[] =
-+ { 0xf7, 0x26, 0xd8, 0x98, 0x47, 0x91, 0x68, 0x5b,
-+ 0x9e, 0x39, 0xb2, 0x58, 0xbb, 0x75, 0xbf, 0x01,
-+ 0x17, 0x0c, 0x84, 0x00, 0x01, 0x7a, 0x94, 0x83,
-+ 0xf3, 0x0b, 0x15, 0x84, 0x4b, 0x69, 0x88, 0x8a
-+};
-+
-+static const unsigned char msg_sha512[] =
-+ { 0x37, 0xd1, 0x35, 0x9d, 0x18, 0x41, 0xe9, 0xb7,
-+ 0x6d, 0x9a, 0x13, 0xda, 0x5f, 0xf3, 0xbd
-+};
-+
-+static const unsigned char dig_sha512[] =
-+ { 0x11, 0x13, 0xc4, 0x19, 0xed, 0x2b, 0x1d, 0x16,
-+ 0x11, 0xeb, 0x9b, 0xbe, 0xf0, 0x7f, 0xcf, 0x44,
-+ 0x8b, 0xd7, 0x57, 0xbd, 0x8d, 0xa9, 0x25, 0xb0,
-+ 0x47, 0x25, 0xd6, 0x6c, 0x9a, 0x54, 0x7f, 0x8f,
-+ 0x0b, 0x53, 0x1a, 0x10, 0x68, 0x32, 0x03, 0x38,
-+ 0x82, 0xc4, 0x87, 0xc4, 0xea, 0x0e, 0xd1, 0x04,
-+ 0xa9, 0x98, 0xc1, 0x05, 0xa3, 0xf3, 0xf8, 0xb1,
-+ 0xaf, 0xbc, 0xd9, 0x78, 0x7e, 0xee, 0x3d, 0x43
-+};
-+
-+int FIPS_selftest_sha2(void)
-+{
-+ unsigned char md[SHA512_DIGEST_LENGTH];
-+
-+ EVP_Digest(msg_sha256, sizeof(msg_sha256), md, NULL, EVP_sha256(), NULL);
-+ if (memcmp(dig_sha256, md, sizeof(dig_sha256))) {
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA2, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ }
-+
-+ EVP_Digest(msg_sha512, sizeof(msg_sha512), md, NULL, EVP_sha512(), NULL);
-+ if (memcmp(dig_sha512, md, sizeof(dig_sha512))) {
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA2, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ }
-+
-+ return 1;
-+}
-+
-+static const unsigned char msg_sha3_256[] = {
-+ 0xa1, 0xd7, 0xce, 0x51, 0x04, 0xeb, 0x25, 0xd6,
-+ 0x13, 0x1b, 0xb8, 0xf6, 0x6e, 0x1f, 0xb1, 0x3f,
-+ 0x35, 0x23
-+};
-+
-+static const unsigned char dig_sha3_256[] = {
-+ 0xee, 0x90, 0x62, 0xf3, 0x97, 0x20, 0xb8, 0x21,
-+ 0xb8, 0x8b, 0xe5, 0xe6, 0x46, 0x21, 0xd7, 0xe0,
-+ 0xca, 0x02, 0x6a, 0x9f, 0xe7, 0x24, 0x8d, 0x78,
-+ 0x15, 0x0b, 0x14, 0xbd, 0xba, 0xa4, 0x0b, 0xed
-+};
-+
-+static const unsigned char msg_sha3_512[] = {
-+ 0x13, 0x3b, 0x49, 0x7b, 0x00, 0x93, 0x27, 0x73,
-+ 0xa5, 0x3b, 0xa9, 0xbf, 0x8e, 0x61, 0xd5, 0x9f,
-+ 0x05, 0xf4
-+};
-+
-+static const unsigned char dig_sha3_512[] = {
-+ 0x78, 0x39, 0x64, 0xa1, 0xcf, 0x41, 0xd6, 0xd2,
-+ 0x10, 0xa8, 0xd7, 0xc8, 0x1c, 0xe6, 0x97, 0x0a,
-+ 0xa6, 0x2c, 0x90, 0x53, 0xcb, 0x89, 0xe1, 0x5f,
-+ 0x88, 0x05, 0x39, 0x57, 0xec, 0xf6, 0x07, 0xf4,
-+ 0x2a, 0xf0, 0x88, 0x04, 0xe7, 0x6f, 0x2f, 0xbd,
-+ 0xbb, 0x31, 0x80, 0x9c, 0x9e, 0xef, 0xc6, 0x0e,
-+ 0x23, 0x3d, 0x66, 0x24, 0x36, 0x7a, 0x3b, 0x9c,
-+ 0x30, 0xf8, 0xee, 0x5f, 0x65, 0xbe, 0x56, 0xac
-+};
-+
-+static const unsigned char msg_shake_128[] = {
-+ 0x43, 0xbd, 0xb1, 0x1e, 0xac, 0x71, 0x03, 0x1f,
-+ 0x02, 0xa1, 0x1c, 0x15, 0xa1, 0x88, 0x5f, 0xa4,
-+ 0x28, 0x98
-+};
-+
-+static const unsigned char dig_shake_128[] = {
-+ 0xde, 0x68, 0x02, 0x7d, 0xa1, 0x30, 0x66, 0x3a,
-+ 0x73, 0x98, 0x0e, 0x35, 0x25, 0xb8, 0x8c, 0x75
-+};
-+
-+static const unsigned char msg_shake_256[] = {
-+ 0x8f, 0x84, 0xa3, 0x7d, 0xbd, 0x44, 0xd0, 0xf6,
-+ 0x95, 0x36, 0xc5, 0xf4, 0x44, 0x6b, 0xa3, 0x23,
-+ 0x9b, 0xfc
-+};
-+
-+static const unsigned char dig_shake_256[] = {
-+ 0x05, 0xca, 0x83, 0x5e, 0x0c, 0xdb, 0xfa, 0xf5,
-+ 0x95, 0xc6, 0x86, 0x7e, 0x2d, 0x9d, 0xb9, 0x3f,
-+ 0xca, 0x9c, 0x8b, 0xc6, 0x65, 0x02, 0x2e, 0xdd,
-+ 0x6f, 0xe7, 0xb3, 0xda, 0x5e, 0x07, 0xc4, 0xcf
-+};
-+
-+int FIPS_selftest_sha3(void)
-+{
-+ unsigned char md[SHA512_DIGEST_LENGTH];
-+
-+ EVP_Digest(msg_sha3_256, sizeof(msg_sha3_256), md, NULL, EVP_sha3_256(), NULL);
-+ if (memcmp(dig_sha3_256, md, sizeof(dig_sha3_256))) {
-+ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ }
-+
-+ EVP_Digest(msg_sha3_512, sizeof(msg_sha3_512), md, NULL, EVP_sha3_512(), NULL);
-+ if (memcmp(dig_sha3_512, md, sizeof(dig_sha3_512))) {
-+ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ }
-+
-+ EVP_Digest(msg_shake_128, sizeof(msg_shake_128), md, NULL, EVP_shake128(), NULL);
-+ if (memcmp(dig_shake_128, md, sizeof(dig_shake_128))) {
-+ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ }
-+
-+ EVP_Digest(msg_shake_256, sizeof(msg_shake_256), md, NULL, EVP_shake256(), NULL);
-+ if (memcmp(dig_shake_256, md, sizeof(dig_shake_256))) {
-+ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ }
-+
-+ return 1;
-+}
-+
-+#endif
-diff -up openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c
---- openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c.fips 2019-02-28 11:30:06.817745466 +0100
-+++ openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c 2019-02-28 11:30:06.817745466 +0100
-@@ -0,0 +1,127 @@
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <openssl/opensslconf.h>
-+#include <openssl/hmac.h>
-+#include <openssl/sha.h>
-+
-+int main(int argc, char **argv)
-+{
-+#ifdef OPENSSL_FIPS
-+ static char key[] = "orboDeJITITejsirpADONivirpUkvarP";
-+ int n, binary = 0;
-+
-+ if (argc < 2) {
-+ fprintf(stderr, "%s [<file>]+\n", argv[0]);
-+ exit(1);
-+ }
-+
-+ n = 1;
-+ if (!strcmp(argv[n], "-binary")) {
-+ n++;
-+ binary = 1; /* emit binary fingerprint... */
-+ }
-+
-+ for (; n < argc; ++n) {
-+ FILE *f = fopen(argv[n], "rb");
-+ HMAC_CTX *hmac_ctx;
-+ unsigned char mac[EVP_MAX_MD_SIZE];
-+ unsigned int len;
-+ unsigned int i;
-+
-+ if (!f) {
-+ perror(argv[n]);
-+ exit(2);
-+ }
-+ hmac_ctx = HMAC_CTX_new();
-+ if (!hmac_ctx)
-+ exit(3);
-+
-+ if (HMAC_Init_ex(hmac_ctx, key, strlen(key), EVP_sha256(), NULL) <= 0) {
-+ fprintf(stderr, "HMAC SHA256 initialization failed.\n");
-+ exit(4);
-+ }
-+
-+ for (;;) {
-+ unsigned char buf[1024];
-+ size_t l = fread(buf, 1, sizeof buf, f);
-+
-+ if (l == 0) {
-+ if (ferror(f)) {
-+ perror(argv[n]);
-+ exit(3);
-+ } else
-+ break;
-+ }
-+ if (HMAC_Update(hmac_ctx, buf, l) <= 0) {
-+ fprintf(stderr, "HMAC_Update() failed.\n");
-+ exit(4);
-+ }
-+ }
-+ if (HMAC_Final(hmac_ctx, mac, &len) <= 0) {
-+ fprintf(stderr, "HMAC_Final() failed.\n");
-+ exit(4);
-+ }
-+
-+ if (binary) {
-+ fwrite(mac, len, 1, stdout);
-+ break; /* ... for single(!) file */
-+ }
-+
-+/* printf("HMAC-SHA1(%s)= ",argv[n]); */
-+ for (i = 0; i < len; ++i)
-+ printf("%02x", mac[i]);
-+ printf("\n");
-+ }
-+#endif
-+ return 0;
-+}
-diff -up openssl-1.1.1c/crypto/hmac/hmac.c.fips openssl-1.1.1c/crypto/hmac/hmac.c
---- openssl-1.1.1c/crypto/hmac/hmac.c.fips 2019-05-29 15:46:19.138261106 +0200
-+++ openssl-1.1.1c/crypto/hmac/hmac.c 2019-05-29 15:49:09.508263133 +0200
-@@ -43,6 +43,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
- return 0;
-
- if (key != NULL) {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(EVP_MD_flags(md) & EVP_MD_FLAG_FIPS)
-+ && (!EVP_MD_CTX_test_flags(ctx->md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
-+ || !EVP_MD_CTX_test_flags(ctx->i_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
-+ || !EVP_MD_CTX_test_flags(ctx->o_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
-+ goto err;
-+#endif
- reset = 1;
- j = EVP_MD_block_size(md);
- if (!ossl_assert(j <= (int)sizeof(ctx->key)))
-diff -up openssl-1.1.1b/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1b/crypto/hmac/hm_pmeth.c
---- openssl-1.1.1b/crypto/hmac/hm_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/hmac/hm_pmeth.c 2019-05-06 14:56:01.123257022 +0200
-@@ -180,7 +180,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C
-
- const EVP_PKEY_METHOD hmac_pkey_meth = {
- EVP_PKEY_HMAC,
-- 0,
-+ EVP_PKEY_FLAG_FIPS,
- pkey_hmac_init,
- pkey_hmac_copy,
- pkey_hmac_cleanup,
-diff -up openssl-1.1.1b/crypto/include/internal/fips_int.h.fips openssl-1.1.1b/crypto/include/internal/fips_int.h
---- openssl-1.1.1b/crypto/include/internal/fips_int.h.fips 2019-02-28 11:30:06.817745466 +0100
-+++ openssl-1.1.1b/crypto/include/internal/fips_int.h 2019-02-28 11:30:06.817745466 +0100
-@@ -0,0 +1,98 @@
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <openssl/opensslconf.h>
-+#include <openssl/evp.h>
-+
-+#ifndef OPENSSL_FIPS
-+# error FIPS is disabled.
-+#endif
-+
-+#ifdef OPENSSL_FIPS
-+
-+int FIPS_module_mode_set(int onoff);
-+int FIPS_module_mode(void);
-+int FIPS_module_installed(void);
-+int FIPS_selftest_sha1(void);
-+int FIPS_selftest_sha2(void);
-+int FIPS_selftest_sha3(void);
-+int FIPS_selftest_aes_ccm(void);
-+int FIPS_selftest_aes_gcm(void);
-+int FIPS_selftest_aes_xts(void);
-+int FIPS_selftest_aes(void);
-+int FIPS_selftest_des(void);
-+int FIPS_selftest_rsa(void);
-+int FIPS_selftest_dsa(void);
-+int FIPS_selftest_ecdsa(void);
-+int FIPS_selftest_ecdh(void);
-+int FIPS_selftest_dh(void);
-+void FIPS_drbg_stick(int onoff);
-+int FIPS_selftest_hmac(void);
-+int FIPS_selftest_drbg(void);
-+int FIPS_selftest_cmac(void);
-+
-+int fips_pkey_signature_test(EVP_PKEY *pkey,
-+ const unsigned char *tbs, int tbslen,
-+ const unsigned char *kat,
-+ unsigned int katlen,
-+ const EVP_MD *digest,
-+ unsigned int md_flags, const char *fail_str);
-+
-+int fips_cipher_test(EVP_CIPHER_CTX *ctx,
-+ const EVP_CIPHER *cipher,
-+ const unsigned char *key,
-+ const unsigned char *iv,
-+ const unsigned char *plaintext,
-+ const unsigned char *ciphertext, int len);
-+
-+void fips_set_selftest_fail(void);
-+
-+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
-+
-+#endif
-diff -up openssl-1.1.1b/crypto/o_fips.c.fips openssl-1.1.1b/crypto/o_fips.c
---- openssl-1.1.1b/crypto/o_fips.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/o_fips.c 2019-02-28 11:30:06.817745466 +0100
-@@ -8,17 +8,28 @@
- */
-
- #include "internal/cryptlib.h"
-+#include "internal/fips_int.h"
-
- int FIPS_mode(void)
- {
-+#ifdef OPENSSL_FIPS
-+ return FIPS_module_mode();
-+#else
- /* This version of the library does not support FIPS mode. */
- return 0;
-+#endif
- }
-
- int FIPS_mode_set(int r)
- {
-+#ifdef OPENSSL_FIPS
-+ if (r && FIPS_module_mode()) /* can be implicitly initialized by OPENSSL_init() */
-+ return 1;
-+ return FIPS_module_mode_set(r);
-+#else
- if (r == 0)
- return 1;
- CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
- return 0;
-+#endif
- }
-diff -up openssl-1.1.1b/crypto/o_init.c.fips openssl-1.1.1b/crypto/o_init.c
---- openssl-1.1.1b/crypto/o_init.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/o_init.c 2019-02-28 11:30:06.817745466 +0100
-@@ -7,8 +7,68 @@
- * https://www.openssl.org/source/license.html
- */
-
-+/* for secure_getenv */
-+#define _GNU_SOURCE
- #include "e_os.h"
- #include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
-+# include <sys/types.h>
-+# include <sys/stat.h>
-+# include <fcntl.h>
-+# include <unistd.h>
-+# include <errno.h>
-+# include <stdlib.h>
-+# include <openssl/rand.h>
-+# include <openssl/fips.h>
-+# include "internal/fips_int.h"
-+
-+# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
-+
-+static void init_fips_mode(void)
-+{
-+ char buf[2] = "0";
-+ int fd;
-+
-+ /* Ensure the selftests always run */
-+ /* XXX: TO SOLVE - premature initialization due to selftests */
-+ FIPS_mode_set(1);
-+
-+ if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
-+ buf[0] = '1';
-+ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
-+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
-+ close(fd);
-+ }
-+ /* Failure reading the fips mode switch file means just not
-+ * switching into FIPS mode. We would break too many things
-+ * otherwise..
-+ */
-+
-+ if (buf[0] != '1') {
-+ /* drop down to non-FIPS mode if it is not requested */
-+ FIPS_mode_set(0);
-+ } else {
-+ /* abort if selftest failed */
-+ FIPS_selftest_check();
-+ }
-+}
-+
-+/*
-+ * Perform FIPS module power on selftest and automatic FIPS mode switch.
-+ */
-+
-+void __attribute__ ((constructor)) OPENSSL_init_library(void)
-+{
-+ static int done = 0;
-+ if (done)
-+ return;
-+ done = 1;
-+ if (!FIPS_module_installed()) {
-+ return;
-+ }
-+ init_fips_mode();
-+}
-+#endif
-
- /*
- * Perform any essential OpenSSL initialization operations. Currently does
-diff -up openssl-1.1.1b/crypto/rand/rand_lib.c.fips openssl-1.1.1b/crypto/rand/rand_lib.c
---- openssl-1.1.1b/crypto/rand/rand_lib.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/rand/rand_lib.c 2019-02-28 11:30:06.818745447 +0100
-@@ -16,6 +16,10 @@
- #include "internal/thread_once.h"
- #include "rand_lcl.h"
- #include "e_os.h"
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+# include <openssl/fips_rand.h>
-+#endif
-
- #ifndef OPENSSL_NO_ENGINE
- /* non-NULL if default_RAND_meth is ENGINE-provided */
-@@ -857,3 +861,15 @@ int RAND_status(void)
- return meth->status();
- return 0;
- }
-+
-+#ifdef OPENSSL_FIPS
-+void RAND_set_fips_drbg_type(int type, int flags)
-+{ /* just a stub for ABI compatibility */
-+}
-+
-+int RAND_init_fips(void)
-+{
-+ /* just a stub for ABI compatibility */
-+ return 1;
-+}
-+#endif
-diff -up openssl-1.1.1b/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1b/crypto/rsa/rsa_crpt.c
---- openssl-1.1.1b/crypto/rsa/rsa_crpt.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/rsa/rsa_crpt.c 2019-02-28 11:30:06.818745447 +0100
-@@ -27,24 +27,52 @@ int RSA_size(const RSA *r)
- int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
- RSA *rsa, int padding)
- {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-+ RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-+ return -1;
-+ }
-+#endif
- return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding);
- }
-
- int RSA_private_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-+ RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT,
-+ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-+ return -1;
-+ }
-+#endif
- return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding);
- }
-
- int RSA_private_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-+ RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-+ return -1;
-+ }
-+#endif
- return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding);
- }
-
- int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
- RSA *rsa, int padding)
- {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-+ RSAerr(RSA_F_RSA_PUBLIC_DECRYPT,
-+ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-+ return -1;
-+ }
-+#endif
- return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding);
- }
-
-diff -up openssl-1.1.1b/crypto/rsa/rsa_err.c.fips openssl-1.1.1b/crypto/rsa/rsa_err.c
---- openssl-1.1.1b/crypto/rsa/rsa_err.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/rsa/rsa_err.c 2019-02-28 11:30:06.818745447 +0100
-@@ -16,6 +16,8 @@
- static const ERR_STRING_DATA RSA_str_functs[] = {
- {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_ENCODE_PKCS1, 0), "encode_pkcs1"},
-+ {ERR_PACK(ERR_LIB_RSA, RSA_F_FIPS_RSA_BUILTIN_KEYGEN, 0),
-+ "fips_rsa_builtin_keygen"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_INT_RSA_VERIFY, 0), "int_rsa_verify"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, 0),
- "old_rsa_priv_decode"},
-@@ -32,6 +34,9 @@ static const ERR_STRING_DATA RSA_str_fun
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY_EX, 0), "RSA_check_key_ex"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_DECRYPT, 0), "rsa_cms_decrypt"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_VERIFY, 0), "rsa_cms_verify"},
-+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_KEY_EX, 0), "RSA_generate_key_ex"},
-+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_MULTI_PRIME_KEY, 0),
-+ "RSA_generate_multi_prime_key"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ITEM_VERIFY, 0), "rsa_item_verify"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_DUP, 0), "RSA_meth_dup"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_NEW, 0), "RSA_meth_new"},
-@@ -90,9 +95,13 @@ static const ERR_STRING_DATA RSA_str_fun
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT_FP, 0), "RSA_print_fp"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_DECODE, 0), "rsa_priv_decode"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_ENCODE, 0), "rsa_priv_encode"},
-+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_DECRYPT, 0), "RSA_private_decrypt"},
-+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_ENCRYPT, 0), "RSA_private_encrypt"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_GET_PARAM, 0), "rsa_pss_get_param"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_TO_CTX, 0), "rsa_pss_to_ctx"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"},
-+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_DECRYPT, 0), "RSA_public_decrypt"},
-+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_ENCRYPT, 0), "RSA_public_encrypt"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SETUP_BLINDING, 0), "RSA_setup_blinding"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN, 0), "RSA_sign"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN_ASN1_OCTET_STRING, 0),
-@@ -102,6 +111,8 @@ static const ERR_STRING_DATA RSA_str_fun
- "RSA_verify_ASN1_OCTET_STRING"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 0),
- "RSA_verify_PKCS1_PSS_mgf1"},
-+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_DEFAULT_METHOD, 0), "RSA_set_default_method"},
-+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_METHOD, 0), "RSA_set_method"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"},
- {0, NULL}
- };
-@@ -181,6 +192,7 @@ static const ERR_STRING_DATA RSA_str_rea
- "mp exponent not congruent to d"},
- {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"},
- {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
-+ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NON_FIPS_RSA_METHOD), "non FIPS rsa method"},
- {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING),
- "null before block missing"},
- {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES),
-@@ -189,6 +201,8 @@ static const ERR_STRING_DATA RSA_str_rea
- "n does not equal p q"},
- {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR),
- "oaep decoding error"},
-+ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),
-+ "operation not allowed in FIPS mode"},
- {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
- "operation not supported for this keytype"},
- {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED),
-@@ -224,6 +238,8 @@ static const ERR_STRING_DATA RSA_str_rea
- "unsupported mask algorithm"},
- {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_PARAMETER),
- "unsupported mask parameter"},
-+ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_PARAMETERS),
-+ "unsupported parameters"},
- {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE),
- "unsupported signature type"},
- {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"},
-diff -up openssl-1.1.1b/crypto/rsa/rsa_gen.c.fips openssl-1.1.1b/crypto/rsa/rsa_gen.c
---- openssl-1.1.1b/crypto/rsa/rsa_gen.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/rsa/rsa_gen.c 2019-02-28 11:30:06.818745447 +0100
-@@ -18,6 +18,76 @@
- #include "internal/cryptlib.h"
- #include <openssl/bn.h>
- #include "rsa_locl.h"
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+# include "internal/fips_int.h"
-+
-+int fips_check_rsa(RSA *rsa)
-+{
-+ const unsigned char tbs[] = "RSA Pairwise Check Data";
-+ unsigned char *ctbuf = NULL, *ptbuf = NULL;
-+ int len, ret = 0;
-+ EVP_PKEY *pk;
-+
-+ if ((pk = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ EVP_PKEY_set1_RSA(pk, rsa);
-+
-+ /* Perform pairwise consistency signature test */
-+ if (!fips_pkey_signature_test(pk, tbs, -1,
-+ NULL, 0, EVP_sha256(),
-+ EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
-+ || !fips_pkey_signature_test(pk, tbs, -1, NULL, 0, EVP_sha256(),
-+ EVP_MD_CTX_FLAG_PAD_PSS, NULL))
-+ goto err;
-+ /* Now perform pairwise consistency encrypt/decrypt test */
-+ ctbuf = OPENSSL_malloc(RSA_size(rsa));
-+ if (!ctbuf)
-+ goto err;
-+
-+ len =
-+ RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa,
-+ RSA_PKCS1_PADDING);
-+ if (len <= 0)
-+ goto err;
-+ /* Check ciphertext doesn't match plaintext */
-+ if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
-+ goto err;
-+ ptbuf = OPENSSL_malloc(RSA_size(rsa));
-+
-+ if (!ptbuf)
-+ goto err;
-+ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
-+ if (len != (sizeof(tbs) - 1))
-+ goto err;
-+ if (memcmp(ptbuf, tbs, len))
-+ goto err;
-+
-+ ret = 1;
-+
-+ if (!ptbuf)
-+ goto err;
-+
-+ err:
-+ if (ret == 0) {
-+ fips_set_selftest_fail();
-+ FIPSerr(FIPS_F_FIPS_CHECK_RSA, FIPS_R_PAIRWISE_TEST_FAILED);
-+ }
-+
-+ if (ctbuf)
-+ OPENSSL_free(ctbuf);
-+ if (ptbuf)
-+ OPENSSL_free(ptbuf);
-+ if (pk)
-+ EVP_PKEY_free(pk);
-+
-+ return ret;
-+}
-+
-+static int fips_rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
-+ BN_GENCB *cb);
-+#endif
-
- static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,
- BN_GENCB *cb);
-@@ -31,6 +101,13 @@ static int rsa_builtin_keygen(RSA *rsa,
- */
- int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
- {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-+ RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
-+ return 0;
-+ }
-+#endif
- if (rsa->meth->rsa_keygen != NULL)
- return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
-
-@@ -41,6 +118,13 @@ int RSA_generate_key_ex(RSA *rsa, int bi
- int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes,
- BIGNUM *e_value, BN_GENCB *cb)
- {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-+ RSAerr(RSA_F_RSA_GENERATE_MULTI_PRIME_KEY, RSA_R_NON_FIPS_RSA_METHOD);
-+ return 0;
-+ }
-+#endif
- /* multi-prime is only supported with the builtin key generation */
- if (rsa->meth->rsa_multi_prime_keygen != NULL) {
- return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes,
-@@ -57,10 +141,285 @@ int RSA_generate_multi_prime_key(RSA *rs
- else
- return 0;
- }
--
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode()) {
-+ if (primes != 2) {
-+ RSAerr(RSA_F_RSA_GENERATE_MULTI_PRIME_KEY, RSA_R_UNSUPPORTED_PARAMETERS);
-+ return 0;
-+ }
-+ return fips_rsa_builtin_keygen(rsa, bits, e_value, cb);
-+ }
-+#endif
- return rsa_builtin_keygen(rsa, bits, primes, e_value, cb);
- }
-
-+#ifdef OPENSSL_FIPS
-+static int fips_rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
-+ BN_GENCB *cb)
-+{
-+ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp;
-+ BN_CTX *ctx = NULL;
-+ int ok = -1;
-+ int i;
-+ int n = 0;
-+ int test = 0;
-+ int pbits = bits / 2;
-+ unsigned long error = 0;
-+
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return 0;
-+ }
-+
-+ if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
-+ || (getenv("OPENSSL_ENFORCE_MODULUS_BITS") && bits < 2048)) {
-+ FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_KEY_TOO_SHORT);
-+ return 0;
-+ }
-+ if ((pbits & 0xFF) != 0) {
-+ FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_INVALID_KEY_LENGTH);
-+ return 0;
-+ }
-+
-+ ctx = BN_CTX_new();
-+ if (ctx == NULL)
-+ goto err;
-+ BN_CTX_start(ctx);
-+ r0 = BN_CTX_get(ctx);
-+ r1 = BN_CTX_get(ctx);
-+ r2 = BN_CTX_get(ctx);
-+ r3 = BN_CTX_get(ctx);
-+
-+ if (r3 == NULL)
-+ goto err;
-+
-+ /* We need the RSA components non-NULL */
-+ if (!rsa->n && ((rsa->n = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->d && ((rsa->d = BN_secure_new()) == NULL))
-+ goto err;
-+ if (!rsa->e && ((rsa->e = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->p && ((rsa->p = BN_secure_new()) == NULL))
-+ goto err;
-+ if (!rsa->q && ((rsa->q = BN_secure_new()) == NULL))
-+ goto err;
-+ if (!rsa->dmp1 && ((rsa->dmp1 = BN_secure_new()) == NULL))
-+ goto err;
-+ if (!rsa->dmq1 && ((rsa->dmq1 = BN_secure_new()) == NULL))
-+ goto err;
-+ if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
-+ goto err;
-+
-+ if (!BN_set_word(r0, RSA_F4))
-+ goto err;
-+ if (BN_cmp(e_value, r0) < 0 || BN_num_bits(e_value) > 256) {
-+ ok = 0; /* we set our own err */
-+ RSAerr(RSA_F_FIPS_RSA_BUILTIN_KEYGEN, RSA_R_BAD_E_VALUE);
-+ goto err;
-+ }
-+
-+ /* prepare approximate minimum p and q */
-+ if (!BN_set_word(r0, 0xB504F334))
-+ goto err;
-+ if (!BN_lshift(r0, r0, pbits - 32))
-+ goto err;
-+
-+ /* prepare minimum p and q difference */
-+ if (!BN_one(r3))
-+ goto err;
-+ if (!BN_lshift(r3, r3, pbits - 100))
-+ goto err;
-+
-+ BN_copy(rsa->e, e_value);
-+
-+ if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
-+ test = 1;
-+
-+ BN_set_flags(r0, BN_FLG_CONSTTIME);
-+ BN_set_flags(r1, BN_FLG_CONSTTIME);
-+ BN_set_flags(r2, BN_FLG_CONSTTIME);
-+ BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
-+ BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
-+
-+ retry:
-+ /* generate p and q */
-+ for (i = 0; i < 5 * pbits; i++) {
-+ ploop:
-+ if (!test)
-+ if (!BN_rand(rsa->p, pbits, 0, 1))
-+ goto err;
-+ if (BN_cmp(rsa->p, r0) < 0) {
-+ if (test)
-+ goto err;
-+ goto ploop;
-+ }
-+
-+ if (!BN_sub(r2, rsa->p, BN_value_one()))
-+ goto err;
-+ ERR_set_mark();
-+ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
-+ /* GCD == 1 since inverse exists */
-+ int r;
-+ r = BN_is_prime_fasttest_ex(rsa->p, pbits > 1024 ? 4 : 5, ctx, 0,
-+ cb);
-+ if (r == -1 || (test && r <= 0))
-+ goto err;
-+ if (r > 0)
-+ break;
-+ } else {
-+ error = ERR_peek_last_error();
-+ if (ERR_GET_LIB(error) == ERR_LIB_BN
-+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
-+ /* GCD != 1 */
-+ ERR_pop_to_mark();
-+ } else {
-+ goto err;
-+ }
-+ }
-+ if (!BN_GENCB_call(cb, 2, n++))
-+ goto err;
-+ }
-+
-+ if (!BN_GENCB_call(cb, 3, 0))
-+ goto err;
-+
-+ if (i >= 5 * pbits)
-+ /* prime not found */
-+ goto err;
-+
-+ for (i = 0; i < 5 * pbits; i++) {
-+ qloop:
-+ if (!test)
-+ if (!BN_rand(rsa->q, pbits, 0, 1))
-+ goto err;
-+ if (BN_cmp(rsa->q, r0) < 0) {
-+ if (test)
-+ goto err;
-+ goto qloop;
-+ }
-+ if (!BN_sub(r2, rsa->q, rsa->p))
-+ goto err;
-+ if (BN_ucmp(r2, r3) <= 0) {
-+ if (test)
-+ goto err;
-+ goto qloop;
-+ }
-+
-+ if (!BN_sub(r2, rsa->q, BN_value_one()))
-+ goto err;
-+ ERR_set_mark();
-+ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
-+ /* GCD == 1 since inverse exists */
-+ int r;
-+ r = BN_is_prime_fasttest_ex(rsa->q, pbits > 1024 ? 4 : 5, ctx, 0,
-+ cb);
-+ if (r == -1 || (test && r <= 0))
-+ goto err;
-+ if (r > 0)
-+ break;
-+ } else {
-+ error = ERR_peek_last_error();
-+ if (ERR_GET_LIB(error) == ERR_LIB_BN
-+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
-+ /* GCD != 1 */
-+ ERR_pop_to_mark();
-+ } else {
-+ goto err;
-+ }
-+ }
-+ if (!BN_GENCB_call(cb, 2, n++))
-+ goto err;
-+ }
-+
-+ if (!BN_GENCB_call(cb, 3, 1))
-+ goto err;
-+
-+ if (i >= 5 * pbits)
-+ /* prime not found */
-+ goto err;
-+
-+ if (test) {
-+ /* do not try to calculate the remaining key values */
-+ BN_clear(rsa->n);
-+ ok = 1;
-+ goto err;
-+ }
-+
-+ if (BN_cmp(rsa->p, rsa->q) < 0) {
-+ tmp = rsa->p;
-+ rsa->p = rsa->q;
-+ rsa->q = tmp;
-+ }
-+
-+ /* calculate n */
-+ if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
-+ goto err;
-+
-+ /* calculate d */
-+ if (!BN_sub(r1, rsa->p, BN_value_one()))
-+ goto err; /* p-1 */
-+ if (!BN_sub(r2, rsa->q, BN_value_one()))
-+ goto err; /* q-1 */
-+
-+ /* note that computing gcd is not safe to timing attacks */
-+ if (!BN_gcd(r0, r1, r2, ctx))
-+ goto err;
-+
-+ {
-+ if (!BN_div(r0, NULL, r1, r0, ctx))
-+ goto err;
-+
-+ if (!BN_mul(r0, r0, r2, ctx)) /* lcm(p-1, q-1) */
-+ goto err;
-+
-+ if (!BN_mod_inverse(rsa->d, rsa->e, r0, ctx)) /* d */
-+ goto err;
-+ }
-+
-+ if (BN_num_bits(rsa->d) < pbits)
-+ goto retry; /* d is too small */
-+
-+ {
-+ BIGNUM *d = BN_new();
-+
-+ if (d == NULL)
-+ goto err;
-+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-+
-+ if (/* calculate d mod (p-1) */
-+ !BN_mod(rsa->dmp1, d, r1, ctx)
-+ /* calculate d mod (q-1) */
-+ || !BN_mod(rsa->dmq1, d, r2, ctx)) {
-+ BN_free(d);
-+ goto err;
-+ }
-+ /* We MUST free d before any further use of rsa->d */
-+ BN_free(d);
-+ }
-+
-+ /* calculate inverse of q mod p */
-+ if (!BN_mod_inverse(rsa->iqmp, rsa->q, rsa->p, ctx))
-+ goto err;
-+
-+ if (!fips_check_rsa(rsa))
-+ goto err;
-+
-+ ok = 1;
-+ err:
-+ if (ok == -1) {
-+ RSAerr(RSA_F_FIPS_RSA_BUILTIN_KEYGEN, ERR_LIB_BN);
-+ ok = 0;
-+ }
-+ if (ctx != NULL) {
-+ BN_CTX_end(ctx);
-+ BN_CTX_free(ctx);
-+ }
-+
-+ return ok;
-+}
-+#endif
-+
- static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,
- BN_GENCB *cb)
- {
-diff -up openssl-1.1.1b/crypto/rsa/rsa_lib.c.fips openssl-1.1.1b/crypto/rsa/rsa_lib.c
---- openssl-1.1.1b/crypto/rsa/rsa_lib.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/rsa/rsa_lib.c 2019-02-28 11:30:06.819745428 +0100
-@@ -34,6 +34,12 @@ int RSA_set_method(RSA *rsa, const RSA_M
- * to deal with which ENGINE it comes from.
- */
- const RSA_METHOD *mtmp;
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) {
-+ RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_RSA_METHOD);
-+ return 0;
-+ }
-+#endif
- mtmp = rsa->meth;
- if (mtmp->finish)
- mtmp->finish(rsa);
-@@ -66,7 +72,6 @@ RSA *RSA_new_method(ENGINE *engine)
-
- ret->meth = RSA_get_default_method();
- #ifndef OPENSSL_NO_ENGINE
-- ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
- if (engine) {
- if (!ENGINE_init(engine)) {
- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-@@ -84,8 +89,19 @@ RSA *RSA_new_method(ENGINE *engine)
- }
- }
- #endif
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD)) {
-+ RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_RSA_METHOD);
-+# ifndef OPENSSL_NO_ENGINE
-+ if (ret->engine)
-+ ENGINE_finish(ret->engine);
-+# endif
-+ OPENSSL_free(ret);
-+ return NULL;
-+ }
-+#endif
-
-- ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
-+ ret->flags = ret->meth->flags;
- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
- goto err;
- }
-diff -up openssl-1.1.1b/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1b/crypto/rsa/rsa_ossl.c
---- openssl-1.1.1b/crypto/rsa/rsa_ossl.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/rsa/rsa_ossl.c 2019-02-28 11:31:57.315691372 +0100
-@@ -12,6 +12,10 @@
- #include "rsa_locl.h"
- #include "internal/constant_time_locl.h"
-
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-+
- static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
- static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
-@@ -47,6 +51,12 @@ static const RSA_METHOD *default_RSA_met
-
- void RSA_set_default_method(const RSA_METHOD *meth)
- {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) {
-+ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_RSA_METHOD);
-+ return;
-+ }
-+#endif
- default_RSA_meth = meth;
- }
-
-@@ -73,6 +83,22 @@ static int rsa_ossl_public_encrypt(int f
- unsigned char *buf = NULL;
- BN_CTX *ctx = NULL;
-
-+# ifdef OPENSSL_FIPS
-+ if (FIPS_mode()) {
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT,
-+ FIPS_R_FIPS_SELFTEST_FAILED);
-+ goto err;
-+ }
-+
-+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) {
-+ RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
-+ return -1;
-+ }
-+ }
-+# endif
-+
- if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
- return -1;
-@@ -247,6 +273,22 @@ static int rsa_ossl_private_encrypt(int
- BIGNUM *unblind = NULL;
- BN_BLINDING *blinding = NULL;
-
-+# ifdef OPENSSL_FIPS
-+ if (FIPS_mode()) {
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT,
-+ FIPS_R_FIPS_SELFTEST_FAILED);
-+ return -1;
-+ }
-+
-+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) {
-+ RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
-+ return -1;
-+ }
-+ }
-+# endif
-+
- if ((ctx = BN_CTX_new()) == NULL)
- goto err;
- BN_CTX_start(ctx);
-@@ -377,6 +419,22 @@ static int rsa_ossl_private_decrypt(int
- BIGNUM *unblind = NULL;
- BN_BLINDING *blinding = NULL;
-
-+# ifdef OPENSSL_FIPS
-+ if (FIPS_mode()) {
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_RSA_OSSL_PRIVATE_DECRYPT,
-+ FIPS_R_FIPS_SELFTEST_FAILED);
-+ return -1;
-+ }
-+
-+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) {
-+ RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
-+ return -1;
-+ }
-+ }
-+# endif
-+
- if ((ctx = BN_CTX_new()) == NULL)
- goto err;
- BN_CTX_start(ctx);
-@@ -500,6 +558,22 @@ static int rsa_ossl_public_decrypt(int f
- unsigned char *buf = NULL;
- BN_CTX *ctx = NULL;
-
-+# ifdef OPENSSL_FIPS
-+ if (FIPS_mode()) {
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_RSA_OSSL_PUBLIC_DECRYPT,
-+ FIPS_R_FIPS_SELFTEST_FAILED);
-+ goto err;
-+ }
-+
-+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) {
-+ RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
-+ return -1;
-+ }
-+ }
-+# endif
-+
- if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
- return -1;
-diff -up openssl-1.1.1b/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1b/crypto/rsa/rsa_pmeth.c
---- openssl-1.1.1b/crypto/rsa/rsa_pmeth.c.fips 2019-05-06 14:48:26.514174053 +0200
-+++ openssl-1.1.1b/crypto/rsa/rsa_pmeth.c 2019-05-06 14:45:46.732956649 +0200
-@@ -756,7 +756,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX
-
- const EVP_PKEY_METHOD rsa_pkey_meth = {
- EVP_PKEY_RSA,
-- EVP_PKEY_FLAG_AUTOARGLEN,
-+ EVP_PKEY_FLAG_AUTOARGLEN | EVP_PKEY_FLAG_FIPS,
- pkey_rsa_init,
- pkey_rsa_copy,
- pkey_rsa_cleanup,
-@@ -838,7 +838,7 @@ static int pkey_pss_init(EVP_PKEY_CTX *c
-
- const EVP_PKEY_METHOD rsa_pss_pkey_meth = {
- EVP_PKEY_RSA_PSS,
-- EVP_PKEY_FLAG_AUTOARGLEN,
-+ EVP_PKEY_FLAG_AUTOARGLEN | EVP_PKEY_FLAG_FIPS,
- pkey_rsa_init,
- pkey_rsa_copy,
- pkey_rsa_cleanup,
-diff -up openssl-1.1.1b/crypto/rsa/rsa_sign.c.fips openssl-1.1.1b/crypto/rsa/rsa_sign.c
---- openssl-1.1.1b/crypto/rsa/rsa_sign.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/rsa/rsa_sign.c 2019-02-28 11:30:06.819745428 +0100
-@@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch
- unsigned char *tmps = NULL;
- const unsigned char *encoded = NULL;
-
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-+ RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD);
-+ return 0;
-+ }
-+#endif
- if (rsa->meth->rsa_sign) {
- return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
- }
-@@ -100,8 +107,9 @@ int RSA_sign(int type, const unsigned ch
- RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
- goto err;
- }
-- encrypt_len = RSA_private_encrypt(encoded_len, encoded, sigret, rsa,
-- RSA_PKCS1_PADDING);
-+ /* NB: call underlying method directly to avoid FIPS blocking */
-+ encrypt_len = rsa->meth->rsa_priv_enc ? rsa->meth->rsa_priv_enc(encoded_len, encoded, sigret, rsa,
-+ RSA_PKCS1_PADDING) : 0;
- if (encrypt_len <= 0)
- goto err;
-
-diff -up openssl-1.1.1b/crypto/sha/sha256.c.fips openssl-1.1.1b/crypto/sha/sha256.c
---- openssl-1.1.1b/crypto/sha/sha256.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/sha/sha256.c 2019-02-28 11:30:06.819745428 +0100
-@@ -18,6 +18,9 @@
-
- int SHA224_Init(SHA256_CTX *c)
- {
-+# ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+# endif
- memset(c, 0, sizeof(*c));
- c->h[0] = 0xc1059ed8UL;
- c->h[1] = 0x367cd507UL;
-@@ -33,6 +36,9 @@ int SHA224_Init(SHA256_CTX *c)
-
- int SHA256_Init(SHA256_CTX *c)
- {
-+# ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+# endif
- memset(c, 0, sizeof(*c));
- c->h[0] = 0x6a09e667UL;
- c->h[1] = 0xbb67ae85UL;
-diff -up openssl-1.1.1b/crypto/sha/sha512.c.fips openssl-1.1.1b/crypto/sha/sha512.c
---- openssl-1.1.1b/crypto/sha/sha512.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/sha/sha512.c 2019-02-28 11:30:06.820745410 +0100
-@@ -98,6 +98,9 @@ int sha512_256_init(SHA512_CTX *c)
-
- int SHA384_Init(SHA512_CTX *c)
- {
-+# ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+# endif
- c->h[0] = U64(0xcbbb9d5dc1059ed8);
- c->h[1] = U64(0x629a292a367cd507);
- c->h[2] = U64(0x9159015a3070dd17);
-@@ -116,6 +119,9 @@ int SHA384_Init(SHA512_CTX *c)
-
- int SHA512_Init(SHA512_CTX *c)
- {
-+# ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+# endif
- c->h[0] = U64(0x6a09e667f3bcc908);
- c->h[1] = U64(0xbb67ae8584caa73b);
- c->h[2] = U64(0x3c6ef372fe94f82b);
-diff -up openssl-1.1.1b/crypto/sha/sha_locl.h.fips openssl-1.1.1b/crypto/sha/sha_locl.h
---- openssl-1.1.1b/crypto/sha/sha_locl.h.fips 2019-02-28 11:30:06.628748979 +0100
-+++ openssl-1.1.1b/crypto/sha/sha_locl.h 2019-02-28 11:30:06.820745410 +0100
-@@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c
-
- int HASH_INIT(SHA_CTX *c)
- {
-+#if defined(OPENSSL_FIPS)
-+ FIPS_selftest_check();
-+#endif
- memset(c, 0, sizeof(*c));
- c->h0 = INIT_DATA_h0;
- c->h1 = INIT_DATA_h1;
-diff -up openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod
---- openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod 2019-02-28 11:30:06.820745410 +0100
-@@ -30,8 +30,10 @@ B<bits> is the length of the prime p to
- For lengths under 2048 bits, the length of q is 160 bits; for lengths
- greater than or equal to 2048 bits, the length of q is set to 256 bits.
-
--If B<seed> is NULL, the primes will be generated at random.
--If B<seed_len> is less than the length of q, an error is returned.
-+If B<seed> is NULL, or it does not generate primes, the primes will be
-+generated at random.
-+If B<seed_len> is less than the length of q, an error is returned
-+if old DSA parameter generation method is used as a backend.
-
- DSA_generate_parameters_ex() places the iteration count in
- *B<counter_ret> and a counter used for finding a generator in
-diff -up openssl-1.1.1b/include/openssl/crypto.h.fips openssl-1.1.1b/include/openssl/crypto.h
---- openssl-1.1.1b/include/openssl/crypto.h.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/include/openssl/crypto.h 2019-02-28 11:30:06.820745410 +0100
-@@ -331,6 +331,11 @@ int OPENSSL_isservice(void);
- int FIPS_mode(void);
- int FIPS_mode_set(int r);
-
-+# ifdef OPENSSL_FIPS
-+/* die if FIPS selftest failed */
-+void FIPS_selftest_check(void);
-+# endif
-+
- void OPENSSL_init(void);
- # ifdef OPENSSL_SYS_UNIX
- void OPENSSL_fork_prepare(void);
-diff -up openssl-1.1.1b/include/openssl/dherr.h.fips openssl-1.1.1b/include/openssl/dherr.h
---- openssl-1.1.1b/include/openssl/dherr.h.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/include/openssl/dherr.h 2019-02-28 11:30:06.820745410 +0100
-@@ -32,6 +32,9 @@ int ERR_load_DH_strings(void);
- # define DH_F_DH_CMS_DECRYPT 114
- # define DH_F_DH_CMS_SET_PEERKEY 115
- # define DH_F_DH_CMS_SET_SHARED_INFO 116
-+# define DH_F_DH_COMPUTE_KEY 203
-+# define DH_F_DH_GENERATE_KEY 202
-+# define DH_F_DH_GENERATE_PARAMETERS_EX 201
- # define DH_F_DH_METH_DUP 117
- # define DH_F_DH_METH_NEW 118
- # define DH_F_DH_METH_SET1_NAME 119
-@@ -69,12 +72,14 @@ int ERR_load_DH_strings(void);
- # define DH_R_INVALID_PARAMETER_NID 114
- # define DH_R_INVALID_PUBKEY 102
- # define DH_R_KDF_PARAMETER_ERROR 112
-+# define DH_R_KEY_SIZE_TOO_SMALL 201
- # define DH_R_KEYS_NOT_SET 108
- # define DH_R_MISSING_PUBKEY 125
- # define DH_R_MODULUS_TOO_LARGE 103
- # define DH_R_NOT_SUITABLE_GENERATOR 120
- # define DH_R_NO_PARAMETERS_SET 107
- # define DH_R_NO_PRIVATE_VALUE 100
-+# define DH_R_NON_FIPS_METHOD 202
- # define DH_R_PARAMETER_ENCODING_ERROR 105
- # define DH_R_PEER_KEY_ERROR 111
- # define DH_R_SHARED_INFO_ERROR 113
-diff -up openssl-1.1.1b/include/openssl/dh.h.fips openssl-1.1.1b/include/openssl/dh.h
---- openssl-1.1.1b/include/openssl/dh.h.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/include/openssl/dh.h 2019-02-28 11:30:06.820745410 +0100
-@@ -31,6 +31,7 @@ extern "C" {
- # endif
-
- # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
-+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048
-
- # define DH_FLAG_CACHE_MONT_P 0x01
-
-diff -up openssl-1.1.1b/include/openssl/dsaerr.h.fips openssl-1.1.1b/include/openssl/dsaerr.h
---- openssl-1.1.1b/include/openssl/dsaerr.h.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/include/openssl/dsaerr.h 2019-02-28 11:30:06.821745391 +0100
-@@ -25,8 +25,11 @@ int ERR_load_DSA_strings(void);
- */
- # define DSA_F_DSAPARAMS_PRINT 100
- # define DSA_F_DSAPARAMS_PRINT_FP 101
-+# define DSA_F_DSA_BUILTIN_KEYGEN 202
- # define DSA_F_DSA_BUILTIN_PARAMGEN 125
- # define DSA_F_DSA_BUILTIN_PARAMGEN2 126
-+# define DSA_F_DSA_GENERATE_KEY 201
-+# define DSA_F_DSA_GENERATE_PARAMETERS_EX 200
- # define DSA_F_DSA_DO_SIGN 112
- # define DSA_F_DSA_DO_VERIFY 113
- # define DSA_F_DSA_METH_DUP 127
-@@ -56,9 +59,12 @@ int ERR_load_DSA_strings(void);
- # define DSA_R_DECODE_ERROR 104
- # define DSA_R_INVALID_DIGEST_TYPE 106
- # define DSA_R_INVALID_PARAMETERS 112
-+# define DSA_R_KEY_SIZE_INVALID 201
-+# define DSA_R_KEY_SIZE_TOO_SMALL 202
- # define DSA_R_MISSING_PARAMETERS 101
- # define DSA_R_MODULUS_TOO_LARGE 103
- # define DSA_R_NO_PARAMETERS_SET 107
-+# define DSA_R_NON_FIPS_DSA_METHOD 200
- # define DSA_R_PARAMETER_ENCODING_ERROR 105
- # define DSA_R_Q_NOT_PRIME 113
- # define DSA_R_SEED_LEN_SMALL 110
-diff -up openssl-1.1.1b/include/openssl/dsa.h.fips openssl-1.1.1b/include/openssl/dsa.h
---- openssl-1.1.1b/include/openssl/dsa.h.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/include/openssl/dsa.h 2019-02-28 11:30:06.821745391 +0100
-@@ -31,6 +31,7 @@ extern "C" {
- # endif
-
- # define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
-+# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN 2048
-
- # define DSA_FLAG_CACHE_MONT_P 0x01
- # if OPENSSL_API_COMPAT < 0x10100000L
-diff -up openssl-1.1.1b/include/openssl/evperr.h.fips openssl-1.1.1b/include/openssl/evperr.h
---- openssl-1.1.1b/include/openssl/evperr.h.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/include/openssl/evperr.h 2019-05-06 16:40:21.324571446 +0200
-@@ -20,11 +20,15 @@ int ERR_load_EVP_strings(void);
- * EVP function codes.
- */
- # define EVP_F_AESNI_INIT_KEY 165
-+# define EVP_F_AESNI_XTS_INIT_KEY 233
- # define EVP_F_AES_GCM_CTRL 196
- # define EVP_F_AES_INIT_KEY 133
- # define EVP_F_AES_OCB_CIPHER 169
- # define EVP_F_AES_T4_INIT_KEY 178
-+# define EVP_F_AES_T4_XTS_INIT_KEY 234
- # define EVP_F_AES_WRAP_CIPHER 170
-+# define EVP_F_AES_XTS_CIPHER 229
-+# define EVP_F_AES_XTS_INIT_KEY 235
- # define EVP_F_ALG_MODULE_INIT 177
- # define EVP_F_ARIA_CCM_INIT_KEY 175
- # define EVP_F_ARIA_GCM_CTRL 197
-@@ -133,6 +134,7 @@ int ERR_load_EVP_strings(void);
- # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
- # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
- # define EVP_R_DECODE_ERROR 114
-+# define EVP_R_DISABLED_FOR_FIPS 200
- # define EVP_R_DIFFERENT_KEY_TYPES 101
- # define EVP_R_DIFFERENT_PARAMETERS 153
- # define EVP_R_ERROR_LOADING_SECTION 165
-@@ -175,6 +177,7 @@ int ERR_load_EVP_strings(void);
- # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
- # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
- # define EVP_R_PUBLIC_KEY_NOT_RSA 106
-+# define EVP_R_TOO_LARGE 201
- # define EVP_R_UNKNOWN_CIPHER 160
- # define EVP_R_UNKNOWN_DIGEST 161
- # define EVP_R_UNKNOWN_OPTION 169
-@@ -190,5 +193,7 @@ int ERR_load_EVP_strings(void);
- # define EVP_R_UNSUPPORTED_SALT_TYPE 126
- # define EVP_R_WRAP_MODE_NOT_ALLOWED 170
- # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
-+# define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE 191
-+# define EVP_R_XTS_DUPLICATED_KEYS 192
-
- #endif
-diff -up openssl-1.1.1b/include/openssl/evp.h.fips openssl-1.1.1b/include/openssl/evp.h
---- openssl-1.1.1b/include/openssl/evp.h.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/include/openssl/evp.h 2019-05-06 14:54:13.213136281 +0200
-@@ -1319,6 +1319,9 @@ void EVP_PKEY_asn1_set_security_bits(EVP
- */
- # define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4
-
-+/* Downstream modification, large value to avoid conflict */
-+# define EVP_PKEY_FLAG_FIPS 0x4000
-+
- const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
- EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags);
- void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
-diff -up openssl-1.1.1b/include/openssl/fips.h.fips openssl-1.1.1b/include/openssl/fips.h
---- openssl-1.1.1b/include/openssl/fips.h.fips 2019-05-06 16:08:46.800598073 +0200
-+++ openssl-1.1.1b/include/openssl/fips.h 2019-05-06 16:43:12.874549821 +0200
-@@ -0,0 +1,187 @@
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <openssl/opensslconf.h>
-+#include <openssl/dsa.h>
-+#include <openssl/evp.h>
-+#include <openssl/bn.h>
-+
-+#ifndef OPENSSL_FIPS
-+# error FIPS is disabled.
-+#endif
-+
-+#ifdef OPENSSL_FIPS
-+
-+# ifdef __cplusplus
-+extern "C" {
-+# endif
-+
-+ int FIPS_selftest(void);
-+ int FIPS_selftest_failed(void);
-+ int FIPS_selftest_drbg_all(void);
-+
-+ int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
-+ const EVP_MD *evpmd, const unsigned char *seed_in,
-+ size_t seed_len, int idx, unsigned char *seed_out,
-+ int *counter_ret, unsigned long *h_ret,
-+ BN_GENCB *cb);
-+ int FIPS_dsa_paramgen_check_g(DSA *dsa);
-+
-+/* BEGIN ERROR CODES */
-+/* The following lines are auto generated by the script mkerr.pl. Any changes
-+ * made after this point may be overwritten when the script is next run.
-+ */
-+ int ERR_load_FIPS_strings(void);
-+
-+/* Error codes for the FIPS functions. */
-+
-+/* Function codes. */
-+# define FIPS_F_DH_BUILTIN_GENPARAMS 100
-+# define FIPS_F_DRBG_RESEED 121
-+# define FIPS_F_DSA_BUILTIN_PARAMGEN2 107
-+# define FIPS_F_DSA_DO_SIGN 102
-+# define FIPS_F_DSA_DO_VERIFY 103
-+# define FIPS_F_EVP_CIPHER_CTX_NEW 137
-+# define FIPS_F_EVP_CIPHER_CTX_RESET 122
-+# define FIPS_F_ECDH_COMPUTE_KEY 123
-+# define FIPS_F_EVP_CIPHERINIT_EX 124
-+# define FIPS_F_EVP_DIGESTINIT_EX 125
-+# define FIPS_F_FIPS_CHECK_DSA 104
-+# define FIPS_F_FIPS_CHECK_EC 142
-+# define FIPS_F_FIPS_CHECK_RSA 106
-+# define FIPS_F_FIPS_DRBG_BYTES 131
-+# define FIPS_F_FIPS_DRBG_CHECK 146
-+# define FIPS_F_FIPS_DRBG_CPRNG_TEST 132
-+# define FIPS_F_FIPS_DRBG_ERROR_CHECK 136
-+# define FIPS_F_FIPS_DRBG_GENERATE 134
-+# define FIPS_F_FIPS_DRBG_INIT 135
-+# define FIPS_F_FIPS_DRBG_INSTANTIATE 138
-+# define FIPS_F_FIPS_DRBG_NEW 139
-+# define FIPS_F_FIPS_DRBG_RESEED 140
-+# define FIPS_F_FIPS_DRBG_SINGLE_KAT 141
-+# define FIPS_F_FIPS_GET_ENTROPY 147
-+# define FIPS_F_FIPS_MODULE_MODE_SET 108
-+# define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109
-+# define FIPS_F_FIPS_RAND_BYTES 114
-+# define FIPS_F_FIPS_RAND_SEED 128
-+# define FIPS_F_FIPS_RAND_SET_METHOD 126
-+# define FIPS_F_FIPS_RAND_STATUS 127
-+# define FIPS_F_FIPS_RSA_BUILTIN_KEYGEN 101
-+# define FIPS_F_FIPS_SELFTEST 150
-+# define FIPS_F_FIPS_SELFTEST_AES 110
-+# define FIPS_F_FIPS_SELFTEST_AES_CCM 145
-+# define FIPS_F_FIPS_SELFTEST_AES_GCM 129
-+# define FIPS_F_FIPS_SELFTEST_AES_XTS 144
-+# define FIPS_F_FIPS_SELFTEST_CMAC 130
-+# define FIPS_F_FIPS_SELFTEST_DES 111
-+# define FIPS_F_FIPS_SELFTEST_DSA 112
-+# define FIPS_F_FIPS_SELFTEST_ECDSA 133
-+# define FIPS_F_FIPS_SELFTEST_HMAC 113
-+# define FIPS_F_FIPS_SELFTEST_SHA1 115
-+# define FIPS_F_FIPS_SELFTEST_SHA2 105
-+# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143
-+# define FIPS_F_OSSL_ECDSA_VERIFY_SIG 148
-+# define FIPS_F_RSA_BUILTIN_KEYGEN 116
-+# define FIPS_F_RSA_OSSL_INIT 149
-+# define FIPS_F_RSA_OSSL_PRIVATE_DECRYPT 117
-+# define FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT 118
-+# define FIPS_F_RSA_OSSL_PUBLIC_DECRYPT 119
-+# define FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT 120
-+
-+/* Reason codes. */
-+# define FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED 150
-+# define FIPS_R_ADDITIONAL_INPUT_TOO_LONG 125
-+# define FIPS_R_ALREADY_INSTANTIATED 134
-+# define FIPS_R_DRBG_NOT_INITIALISED 152
-+# define FIPS_R_DRBG_STUCK 103
-+# define FIPS_R_ENTROPY_ERROR_UNDETECTED 104
-+# define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105
-+# define FIPS_R_ENTROPY_SOURCE_STUCK 142
-+# define FIPS_R_ERROR_INITIALISING_DRBG 115
-+# define FIPS_R_ERROR_INSTANTIATING_DRBG 127
-+# define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 124
-+# define FIPS_R_ERROR_RETRIEVING_ENTROPY 122
-+# define FIPS_R_ERROR_RETRIEVING_NONCE 140
-+# define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 110
-+# define FIPS_R_FIPS_MODE_ALREADY_SET 102
-+# define FIPS_R_FIPS_SELFTEST_FAILED 106
-+# define FIPS_R_FUNCTION_ERROR 116
-+# define FIPS_R_GENERATE_ERROR 137
-+# define FIPS_R_GENERATE_ERROR_UNDETECTED 118
-+# define FIPS_R_INSTANTIATE_ERROR 119
-+# define FIPS_R_INTERNAL_ERROR 121
-+# define FIPS_R_INVALID_KEY_LENGTH 109
-+# define FIPS_R_IN_ERROR_STATE 123
-+# define FIPS_R_KEY_TOO_SHORT 108
-+# define FIPS_R_NONCE_ERROR_UNDETECTED 149
-+# define FIPS_R_NON_FIPS_METHOD 100
-+# define FIPS_R_NOPR_TEST1_FAILURE 145
-+# define FIPS_R_NOPR_TEST2_FAILURE 146
-+# define FIPS_R_NOT_INSTANTIATED 126
-+# define FIPS_R_PAIRWISE_TEST_FAILED 107
-+# define FIPS_R_PERSONALISATION_ERROR_UNDETECTED 128
-+# define FIPS_R_PERSONALISATION_STRING_TOO_LONG 129
-+# define FIPS_R_PR_TEST1_FAILURE 147
-+# define FIPS_R_PR_TEST2_FAILURE 148
-+# define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED 130
-+# define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG 131
-+# define FIPS_R_RESEED_COUNTER_ERROR 132
-+# define FIPS_R_RESEED_ERROR 133
-+# define FIPS_R_SELFTEST_FAILED 101
-+# define FIPS_R_SELFTEST_FAILURE 135
-+# define FIPS_R_TEST_FAILURE 117
-+# define FIPS_R_UNINSTANTIATE_ERROR 141
-+# define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138
-+# define FIPS_R_UNSUPPORTED_DRBG_TYPE 139
-+# define FIPS_R_UNSUPPORTED_PLATFORM 113
-+
-+# ifdef __cplusplus
-+}
-+# endif
-+#endif
-diff -up openssl-1.1.1b/include/openssl/fips_rand.h.fips openssl-1.1.1b/include/openssl/fips_rand.h
---- openssl-1.1.1b/include/openssl/fips_rand.h.fips 2019-02-28 11:30:06.821745391 +0100
-+++ openssl-1.1.1b/include/openssl/fips_rand.h 2019-02-28 11:30:06.821745391 +0100
-@@ -0,0 +1,145 @@
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#ifndef HEADER_FIPS_RAND_H
-+# define HEADER_FIPS_RAND_H
-+
-+# include <openssl/aes.h>
-+# include <openssl/evp.h>
-+# include <openssl/hmac.h>
-+# include <openssl/rand.h>
-+
-+# ifdef OPENSSL_FIPS
-+
-+# ifdef __cplusplus
-+extern "C" {
-+# endif
-+ typedef struct drbg_ctx_st DRBG_CTX;
-+/* DRBG external flags */
-+/* Flag for CTR mode only: use derivation function ctr_df */
-+# define DRBG_FLAG_CTR_USE_DF 0x1
-+/* PRNG is in test state */
-+# define DRBG_FLAG_TEST 0x2
-+
-+ DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags);
-+ int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags);
-+ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
-+ const unsigned char *pers, size_t perslen);
-+ int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin,
-+ size_t adinlen);
-+ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
-+ int prediction_resistance,
-+ const unsigned char *adin, size_t adinlen);
-+
-+ int FIPS_drbg_uninstantiate(DRBG_CTX *dctx);
-+ void FIPS_drbg_free(DRBG_CTX *dctx);
-+
-+ int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
-+ size_t (*get_entropy) (DRBG_CTX *ctx,
-+ unsigned char **pout,
-+ int entropy,
-+ size_t min_len,
-+ size_t max_len),
-+ void (*cleanup_entropy) (DRBG_CTX *ctx,
-+ unsigned char *out,
-+ size_t olen),
-+ size_t entropy_blocklen,
-+ size_t (*get_nonce) (DRBG_CTX *ctx,
-+ unsigned char **pout,
-+ int entropy,
-+ size_t min_len,
-+ size_t max_len),
-+ void (*cleanup_nonce) (DRBG_CTX *ctx,
-+ unsigned char *out,
-+ size_t olen));
-+
-+ int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
-+ size_t (*get_adin) (DRBG_CTX *ctx,
-+ unsigned char
-+ **pout),
-+ void (*cleanup_adin) (DRBG_CTX *ctx,
-+ unsigned char *out,
-+ size_t olen),
-+ int (*rand_seed_cb) (DRBG_CTX *ctx,
-+ const void *buf,
-+ int num),
-+ int (*rand_add_cb) (DRBG_CTX *ctx,
-+ const void *buf,
-+ int num,
-+ double entropy));
-+
-+ void *FIPS_drbg_get_app_data(DRBG_CTX *ctx);
-+ void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data);
-+ size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx);
-+ int FIPS_drbg_get_strength(DRBG_CTX *dctx);
-+ void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval);
-+ void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval);
-+
-+ int FIPS_drbg_health_check(DRBG_CTX *dctx);
-+
-+ DRBG_CTX *FIPS_get_default_drbg(void);
-+ const RAND_METHOD *FIPS_drbg_method(void);
-+
-+ int FIPS_rand_set_method(const RAND_METHOD *meth);
-+ const RAND_METHOD *FIPS_rand_get_method(void);
-+
-+ void FIPS_rand_set_bits(int nbits);
-+
-+ int FIPS_rand_strength(void);
-+
-+/* 1.0.0 compat functions */
-+ int FIPS_rand_seed(const void *buf, int num);
-+ int FIPS_rand_bytes(unsigned char *out, int outlen);
-+ void FIPS_rand_reset(void);
-+ int FIPS_rand_status(void);
-+# ifdef __cplusplus
-+}
-+# endif
-+# endif
-+#endif
-diff -up openssl-1.1.1b/include/openssl/opensslconf.h.in.fips openssl-1.1.1b/include/openssl/opensslconf.h.in
---- openssl-1.1.1b/include/openssl/opensslconf.h.in.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/include/openssl/opensslconf.h.in 2019-02-28 11:30:06.822745372 +0100
-@@ -150,6 +150,11 @@ extern "C" {
-
- #define RC4_INT {- $config{rc4_int} -}
-
-+/* Always build FIPS module */
-+#ifndef OPENSSL_FIPS
-+# define OPENSSL_FIPS
-+#endif
-+
- #ifdef __cplusplus
- }
- #endif
-diff -up openssl-1.1.1b/include/openssl/randerr.h.fips openssl-1.1.1b/include/openssl/randerr.h
---- openssl-1.1.1b/include/openssl/randerr.h.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/include/openssl/randerr.h 2019-02-28 11:30:06.822745372 +0100
-@@ -35,6 +35,7 @@ int ERR_load_RAND_strings(void);
- # define RAND_F_RAND_DRBG_SET 104
- # define RAND_F_RAND_DRBG_SET_DEFAULTS 121
- # define RAND_F_RAND_DRBG_UNINSTANTIATE 118
-+# define RAND_F_RAND_INIT_FIPS 200
- # define RAND_F_RAND_LOAD_FILE 111
- # define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122
- # define RAND_F_RAND_POOL_ADD 103
-diff -up openssl-1.1.1b/include/openssl/rand.h.fips openssl-1.1.1b/include/openssl/rand.h
---- openssl-1.1.1b/include/openssl/rand.h.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/include/openssl/rand.h 2019-02-28 11:30:06.822745372 +0100
-@@ -69,6 +69,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void
- DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
- # endif
-
-+# ifdef OPENSSL_FIPS
-+/* just stubs for API compatibility */
-+void RAND_set_fips_drbg_type(int type, int flags);
-+int RAND_init_fips(void);
-+# endif
-
- #ifdef __cplusplus
- }
-diff -up openssl-1.1.1b/include/openssl/rsaerr.h.fips openssl-1.1.1b/include/openssl/rsaerr.h
---- openssl-1.1.1b/include/openssl/rsaerr.h.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/include/openssl/rsaerr.h 2019-02-28 11:30:06.822745372 +0100
-@@ -21,6 +21,7 @@ int ERR_load_RSA_strings(void);
- */
- # define RSA_F_CHECK_PADDING_MD 140
- # define RSA_F_ENCODE_PKCS1 146
-+# define RSA_F_FIPS_RSA_BUILTIN_KEYGEN 206
- # define RSA_F_INT_RSA_VERIFY 145
- # define RSA_F_OLD_RSA_PRIV_DECODE 147
- # define RSA_F_PKEY_PSS_INIT 165
-@@ -35,6 +36,8 @@ int ERR_load_RSA_strings(void);
- # define RSA_F_RSA_CHECK_KEY_EX 160
- # define RSA_F_RSA_CMS_DECRYPT 159
- # define RSA_F_RSA_CMS_VERIFY 158
-+# define RSA_F_RSA_GENERATE_KEY_EX 204
-+# define RSA_F_RSA_GENERATE_MULTI_PRIME_KEY 207
- # define RSA_F_RSA_ITEM_VERIFY 148
- # define RSA_F_RSA_METH_DUP 161
- # define RSA_F_RSA_METH_NEW 162
-@@ -72,10 +75,16 @@ int ERR_load_RSA_strings(void);
- # define RSA_F_RSA_PRINT_FP 116
- # define RSA_F_RSA_PRIV_DECODE 150
- # define RSA_F_RSA_PRIV_ENCODE 138
-+# define RSA_F_RSA_PRIVATE_DECRYPT 200
-+# define RSA_F_RSA_PRIVATE_ENCRYPT 201
- # define RSA_F_RSA_PSS_GET_PARAM 151
- # define RSA_F_RSA_PSS_TO_CTX 155
- # define RSA_F_RSA_PUB_DECODE 139
-+# define RSA_F_RSA_PUBLIC_DECRYPT 202
-+# define RSA_F_RSA_PUBLIC_ENCRYPT 203
- # define RSA_F_RSA_SETUP_BLINDING 136
-+# define RSA_F_RSA_SET_DEFAULT_METHOD 205
-+# define RSA_F_RSA_SET_METHOD 204
- # define RSA_F_RSA_SIGN 117
- # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
- # define RSA_F_RSA_VERIFY 119
-@@ -132,10 +141,12 @@ int ERR_load_RSA_strings(void);
- # define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169
- # define RSA_R_MP_R_NOT_PRIME 170
- # define RSA_R_NO_PUBLIC_EXPONENT 140
-+# define RSA_R_NON_FIPS_RSA_METHOD 200
- # define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
- # define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172
- # define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
- # define RSA_R_OAEP_DECODING_ERROR 121
-+# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 201
- # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
- # define RSA_R_PADDING_CHECK_FAILED 114
- # define RSA_R_PKCS_DECODING_ERROR 159
-@@ -155,6 +166,7 @@ int ERR_load_RSA_strings(void);
- # define RSA_R_UNSUPPORTED_LABEL_SOURCE 163
- # define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153
- # define RSA_R_UNSUPPORTED_MASK_PARAMETER 154
-+# define RSA_R_UNSUPPORTED_PARAMETERS 202
- # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155
- # define RSA_R_VALUE_MISSING 147
- # define RSA_R_WRONG_SIGNATURE_LENGTH 119
-diff -up openssl-1.1.1b/ssl/ssl_ciph.c.fips openssl-1.1.1b/ssl/ssl_ciph.c
---- openssl-1.1.1b/ssl/ssl_ciph.c.fips 2019-02-28 11:30:06.776746228 +0100
-+++ openssl-1.1.1b/ssl/ssl_ciph.c 2019-02-28 11:30:06.822745372 +0100
-@@ -387,7 +387,7 @@ int ssl_load_ciphers(void)
- }
- }
- /* Make sure we can access MD5 and SHA1 */
-- if (!ossl_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL))
-+ if (!FIPS_mode() && !ossl_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL))
- return 0;
- if (!ossl_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL))
- return 0;
-@@ -559,6 +559,9 @@ int ssl_cipher_get_evp(const SSL_SESSION
- s->ssl_version < TLS1_VERSION)
- return 1;
-
-+ if (FIPS_mode())
-+ return 1;
-+
- if (c->algorithm_enc == SSL_RC4 &&
- c->algorithm_mac == SSL_MD5 &&
- (evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
-@@ -667,6 +670,8 @@ static void ssl_cipher_collect_ciphers(c
- /* drop those that use any of that is not available */
- if (c == NULL || !c->valid)
- continue;
-+ if (FIPS_mode() && !(c->algo_strength & SSL_FIPS))
-+ continue;
- if ((c->algorithm_mkey & disabled_mkey) ||
- (c->algorithm_auth & disabled_auth) ||
- (c->algorithm_enc & disabled_enc) ||
-@@ -1670,7 +1675,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- * to the resulting precedence to the STACK_OF(SSL_CIPHER).
- */
- for (curr = head; curr != NULL; curr = curr->next) {
-- if (curr->active) {
-+ if (curr->active
-+ && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) {
- if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
- OPENSSL_free(co_list);
- sk_SSL_CIPHER_free(cipherstack);
-diff -up openssl-1.1.1b/ssl/ssl_init.c.fips openssl-1.1.1b/ssl/ssl_init.c
---- openssl-1.1.1b/ssl/ssl_init.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/ssl/ssl_init.c 2019-02-28 11:30:06.823745354 +0100
-@@ -27,6 +27,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas
- fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
- "Adding SSL ciphers and digests\n");
- #endif
-+#ifdef OPENSSL_FIPS
-+ if (!FIPS_mode()) {
-+#endif
-+
- #ifndef OPENSSL_NO_DES
- EVP_add_cipher(EVP_des_cbc());
- EVP_add_cipher(EVP_des_ede3_cbc());
-@@ -87,6 +91,31 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas
- EVP_add_digest(EVP_sha256());
- EVP_add_digest(EVP_sha384());
- EVP_add_digest(EVP_sha512());
-+#ifdef OPENSSL_FIPS
-+ } else {
-+# ifndef OPENSSL_NO_DES
-+ EVP_add_cipher(EVP_des_ede3_cbc());
-+# endif
-+ EVP_add_cipher(EVP_aes_128_cbc());
-+ EVP_add_cipher(EVP_aes_192_cbc());
-+ EVP_add_cipher(EVP_aes_256_cbc());
-+ EVP_add_cipher(EVP_aes_128_gcm());
-+ EVP_add_cipher(EVP_aes_256_gcm());
-+ EVP_add_cipher(EVP_aes_128_ccm());
-+ EVP_add_cipher(EVP_aes_256_ccm());
-+# ifndef OPENSSL_NO_MD5
-+ /* needed even in the FIPS mode for TLS-1.0 */
-+ EVP_add_digest(EVP_md5_sha1());
-+# endif
-+ EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
-+ EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
-+ EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
-+ EVP_add_digest(EVP_sha224());
-+ EVP_add_digest(EVP_sha256());
-+ EVP_add_digest(EVP_sha384());
-+ EVP_add_digest(EVP_sha512());
-+ }
-+#endif
- #ifndef OPENSSL_NO_COMP
- # ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
-diff -up openssl-1.1.1b/ssl/ssl_lib.c.fips openssl-1.1.1b/ssl/ssl_lib.c
---- openssl-1.1.1b/ssl/ssl_lib.c.fips 2019-02-28 11:30:06.776746228 +0100
-+++ openssl-1.1.1b/ssl/ssl_lib.c 2019-02-28 11:30:06.823745354 +0100
-@@ -2908,6 +2908,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
- if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
- return NULL;
-
-+ if (FIPS_mode() && (meth->version < TLS1_VERSION)) {
-+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE);
-+ return NULL;
-+ }
-+
- if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
- SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
- goto err;
-@@ -2964,13 +2969,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
- if (ret->param == NULL)
- goto err;
-
-- if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
-- SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
-- goto err2;
-- }
-- if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
-- SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
-- goto err2;
-+ if (!FIPS_mode()) {
-+ if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
-+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
-+ goto err2;
-+ }
-+ if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
-+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
-+ goto err2;
-+ }
-+ } else {
-+ ret->min_proto_version = TLS1_VERSION;
- }
-
- if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
-diff -up openssl-1.1.1c/ssl/ssl_locl.h.fips openssl-1.1.1c/ssl/ssl_locl.h
---- openssl-1.1.1c/ssl/ssl_locl.h.fips 2019-06-03 16:44:58.963560101 +0200
-+++ openssl-1.1.1c/ssl/ssl_locl.h 2019-06-24 14:43:19.547353076 +0200
-@@ -1507,6 +1507,7 @@ typedef struct tls_group_info_st {
- # define TLS_CURVE_PRIME 0x0
- # define TLS_CURVE_CHAR2 0x1
- # define TLS_CURVE_CUSTOM 0x2
-+# define TLS_CURVE_FIPS 0x80
-
- typedef struct cert_pkey_st CERT_PKEY;
-
-diff -up openssl-1.1.1c/ssl/t1_lib.c.fips openssl-1.1.1c/ssl/t1_lib.c
---- openssl-1.1.1c/ssl/t1_lib.c.fips 2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/ssl/t1_lib.c 2019-06-24 14:49:00.638576235 +0200
-@@ -156,11 +156,11 @@ static const TLS_GROUP_INFO nid_list[] =
- {NID_secp192k1, 80, TLS_CURVE_PRIME}, /* secp192k1 (18) */
- {NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME}, /* secp192r1 (19) */
- {NID_secp224k1, 112, TLS_CURVE_PRIME}, /* secp224k1 (20) */
-- {NID_secp224r1, 112, TLS_CURVE_PRIME}, /* secp224r1 (21) */
-+ {NID_secp224r1, 112, TLS_CURVE_PRIME | TLS_CURVE_FIPS}, /* secp224r1 (21) */
- {NID_secp256k1, 128, TLS_CURVE_PRIME}, /* secp256k1 (22) */
-- {NID_X9_62_prime256v1, 128, TLS_CURVE_PRIME}, /* secp256r1 (23) */
-- {NID_secp384r1, 192, TLS_CURVE_PRIME}, /* secp384r1 (24) */
-- {NID_secp521r1, 256, TLS_CURVE_PRIME}, /* secp521r1 (25) */
-+ {NID_X9_62_prime256v1, 128, TLS_CURVE_PRIME | TLS_CURVE_FIPS}, /* secp256r1 (23) */
-+ {NID_secp384r1, 192, TLS_CURVE_PRIME | TLS_CURVE_FIPS}, /* secp384r1 (24) */
-+ {NID_secp521r1, 256, TLS_CURVE_PRIME | TLS_CURVE_FIPS}, /* secp521r1 (25) */
- {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */
- {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */
- {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */
-@@ -255,6 +255,8 @@ int tls_curve_allowed(SSL *s, uint16_t c
- if (cinfo->flags & TLS_CURVE_CHAR2)
- return 0;
- # endif
-+ if (FIPS_mode() && !(cinfo->flags & TLS_CURVE_FIPS))
-+ return 0;
- ctmp[0] = curve >> 8;
- ctmp[1] = curve & 0xff;
- return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp);
-diff -up openssl-1.1.1b/test/dsatest.c.fips openssl-1.1.1b/test/dsatest.c
---- openssl-1.1.1b/test/dsatest.c.fips 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/test/dsatest.c 2019-02-28 11:30:06.824745335 +0100
-@@ -24,41 +24,42 @@
- #ifndef OPENSSL_NO_DSA
- static int dsa_cb(int p, int n, BN_GENCB *arg);
-
--/*
-- * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS
-- * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1
-- */
- static unsigned char seed[20] = {
-- 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, 0xb6, 0x21, 0x1b, 0x40,
-- 0x62, 0xba, 0x32, 0x24, 0xe0, 0x42, 0x7d, 0xd3,
-+ 0x02, 0x47, 0x11, 0x92, 0x11, 0x88, 0xC8, 0xFB, 0xAF, 0x48, 0x4C, 0x62,
-+ 0xDF, 0xA5, 0xBE, 0xA0, 0xA4, 0x3C, 0x56, 0xE3,
- };
-
- static unsigned char out_p[] = {
-- 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa,
-- 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb,
-- 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7,
-- 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5,
-- 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf,
-- 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac,
-- 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2,
-- 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91,
-+ 0xAC, 0xCB, 0x1E, 0x63, 0x60, 0x69, 0x0C, 0xFB, 0x06, 0x19, 0x68, 0x3E,
-+ 0xA5, 0x01, 0x5A, 0xA2, 0x15, 0x5C, 0xE2, 0x99, 0x2D, 0xD5, 0x30, 0x99,
-+ 0x7E, 0x5F, 0x8D, 0xE2, 0xF7, 0xC6, 0x2E, 0x8D, 0xA3, 0x9F, 0x58, 0xAD,
-+ 0xD6, 0xA9, 0x7D, 0x0E, 0x0D, 0x95, 0x53, 0xA6, 0x71, 0x3A, 0xDE, 0xAB,
-+ 0xAC, 0xE9, 0xF4, 0x36, 0x55, 0x9E, 0xB9, 0xD6, 0x93, 0xBF, 0xF3, 0x18,
-+ 0x1C, 0x14, 0x7B, 0xA5, 0x42, 0x2E, 0xCD, 0x00, 0xEB, 0x35, 0x3B, 0x1B,
-+ 0xA8, 0x51, 0xBB, 0xE1, 0x58, 0x42, 0x85, 0x84, 0x22, 0xA7, 0x97, 0x5E,
-+ 0x99, 0x6F, 0x38, 0x20, 0xBD, 0x9D, 0xB6, 0xD9, 0x33, 0x37, 0x2A, 0xFD,
-+ 0xBB, 0xD4, 0xBC, 0x0C, 0x2A, 0x67, 0xCB, 0x9F, 0xBB, 0xDF, 0xF9, 0x93,
-+ 0xAA, 0xD6, 0xF0, 0xD6, 0x95, 0x0B, 0x5D, 0x65, 0x14, 0xD0, 0x18, 0x9D,
-+ 0xC6, 0xAF, 0xF0, 0xC6, 0x37, 0x7C, 0xF3, 0x5F,
- };
-
- static unsigned char out_q[] = {
-- 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee,
-- 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e,
-- 0xda, 0xce, 0x91, 0x5f,
-+ 0xE3, 0x8E, 0x5E, 0x6D, 0xBF, 0x2B, 0x79, 0xF8, 0xC5, 0x4B, 0x89, 0x8B,
-+ 0xBA, 0x2D, 0x91, 0xC3, 0x6C, 0x80, 0xAC, 0x87,
- };
-
- static unsigned char out_g[] = {
-- 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13,
-- 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00,
-- 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb,
-- 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e,
-- 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf,
-- 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c,
-- 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c,
-- 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02,
-+ 0x42, 0x4A, 0x04, 0x4E, 0x79, 0xB4, 0x99, 0x7F, 0xFD, 0x58, 0x36, 0x2C,
-+ 0x1B, 0x5F, 0x18, 0x7E, 0x0D, 0xCC, 0xAB, 0x81, 0xC9, 0x5D, 0x10, 0xCE,
-+ 0x4E, 0x80, 0x7E, 0x58, 0xB4, 0x34, 0x3F, 0xA7, 0x45, 0xC7, 0xAA, 0x36,
-+ 0x24, 0x42, 0xA9, 0x3B, 0xE8, 0x0E, 0x04, 0x02, 0x2D, 0xFB, 0xA6, 0x13,
-+ 0xB9, 0xB5, 0x15, 0xA5, 0x56, 0x07, 0x35, 0xE4, 0x03, 0xB6, 0x79, 0x7C,
-+ 0x62, 0xDD, 0xDF, 0x3F, 0x71, 0x3A, 0x9D, 0x8B, 0xC4, 0xF6, 0xE7, 0x1D,
-+ 0x52, 0xA8, 0xA9, 0x43, 0x1D, 0x33, 0x51, 0x88, 0x39, 0xBD, 0x73, 0xE9,
-+ 0x5F, 0xBE, 0x82, 0x49, 0x27, 0xE6, 0xB5, 0x53, 0xC1, 0x38, 0xAC, 0x2F,
-+ 0x6D, 0x97, 0x6C, 0xEB, 0x67, 0xC1, 0x5F, 0x67, 0xF8, 0x35, 0x05, 0x5E,
-+ 0xD5, 0x68, 0x80, 0xAA, 0x96, 0xCA, 0x0B, 0x8A, 0xE6, 0xF1, 0xB1, 0x41,
-+ 0xC6, 0x75, 0x94, 0x0A, 0x0A, 0x2A, 0xFA, 0x29,
- };
-
- static const unsigned char str1[] = "12345678901234567890";
-@@ -79,11 +80,11 @@ static int dsa_test(void)
-
- BN_GENCB_set(cb, dsa_cb, NULL);
- if (!TEST_ptr(dsa = DSA_new())
-- || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20,
-+ || !TEST_true(DSA_generate_parameters_ex(dsa, 1024, seed, 20,
- &counter, &h, cb)))
- goto end;
-
-- if (!TEST_int_eq(counter, 105))
-+ if (!TEST_int_eq(counter, 239))
- goto end;
- if (!TEST_int_eq(h, 2))
- goto end;
-diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt
---- openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt.fips 2019-05-06 16:08:46.857597085 +0200
-+++ openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt 2019-05-06 16:35:37.917563292 +0200
-@@ -1184,6 +1184,7 @@ Key = 0000000000000000000000000000000000
- IV = 00000000000000000000000000000000
- Plaintext = 0000000000000000000000000000000000000000000000000000000000000000
- Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e
-+Result = KEY_SET_ERROR
-
- Cipher = aes-128-xts
- Key = 1111111111111111111111111111111122222222222222222222222222222222
-diff -up openssl-1.1.1c/util/libcrypto.num.fips openssl-1.1.1c/util/libcrypto.num
---- openssl-1.1.1c/util/libcrypto.num.fips 2019-05-29 15:46:19.154260824 +0200
-+++ openssl-1.1.1c/util/libcrypto.num 2019-05-29 15:50:10.390191805 +0200
-@@ -4580,3 +4580,38 @@ EVP_PKEY_meth_get_digest_custom
- OPENSSL_INIT_set_config_filename 4534 1_1_1b EXIST::FUNCTION:STDIO
- OPENSSL_INIT_set_config_file_flags 4535 1_1_1b EXIST::FUNCTION:STDIO
- EVP_PKEY_get0_engine 4536 1_1_1c EXIST::FUNCTION:ENGINE
-+FIPS_drbg_reseed 6348 1_1_0g EXIST::FUNCTION:
-+FIPS_selftest_check 6349 1_1_0g EXIST::FUNCTION:
-+FIPS_rand_set_method 6350 1_1_0g EXIST::FUNCTION:
-+FIPS_get_default_drbg 6351 1_1_0g EXIST::FUNCTION:
-+FIPS_drbg_set_reseed_interval 6352 1_1_0g EXIST::FUNCTION:
-+FIPS_drbg_set_app_data 6353 1_1_0g EXIST::FUNCTION:
-+FIPS_drbg_method 6354 1_1_0g EXIST::FUNCTION:
-+FIPS_rand_status 6355 1_1_0g EXIST::FUNCTION:
-+FIPS_drbg_instantiate 6356 1_1_0g EXIST::FUNCTION:
-+FIPS_drbg_set_callbacks 6357 1_1_0g EXIST::FUNCTION:
-+FIPS_drbg_new 6358 1_1_0g EXIST::FUNCTION:
-+FIPS_dsa_paramgen_check_g 6359 1_1_0g EXIST::FUNCTION:
-+FIPS_selftest 6360 1_1_0g EXIST::FUNCTION:
-+FIPS_rand_set_bits 6361 1_1_0g EXIST::FUNCTION:
-+FIPS_rand_bytes 6362 1_1_0g EXIST::FUNCTION:
-+FIPS_drbg_get_app_data 6363 1_1_0g EXIST::FUNCTION:
-+FIPS_selftest_failed 6364 1_1_0g EXIST::FUNCTION:
-+FIPS_dsa_builtin_paramgen2 6365 1_1_0g EXIST::FUNCTION:
-+FIPS_rand_reset 6366 1_1_0g EXIST::FUNCTION:
-+ERR_load_FIPS_strings 6367 1_1_0g EXIST::FUNCTION:
-+FIPS_drbg_generate 6368 1_1_0g EXIST::FUNCTION:
-+FIPS_drbg_uninstantiate 6369 1_1_0g EXIST::FUNCTION:
-+FIPS_drbg_set_check_interval 6370 1_1_0g EXIST::FUNCTION:
-+FIPS_drbg_free 6371 1_1_0g EXIST::FUNCTION:
-+FIPS_selftest_drbg_all 6372 1_1_0g EXIST::FUNCTION:
-+FIPS_rand_get_method 6373 1_1_0g EXIST::FUNCTION:
-+RAND_set_fips_drbg_type 6374 1_1_0g EXIST::FUNCTION:
-+FIPS_drbg_health_check 6375 1_1_0g EXIST::FUNCTION:
-+RAND_init_fips 6376 1_1_0g EXIST::FUNCTION:
-+FIPS_drbg_set_rand_callbacks 6377 1_1_0g EXIST::FUNCTION:
-+FIPS_rand_seed 6378 1_1_0g EXIST::FUNCTION:
-+FIPS_drbg_get_strength 6379 1_1_0g EXIST::FUNCTION:
-+FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION:
-+FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION:
-+FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION:
diff --git a/openssl-freefilesync/openssl-1.1.1-ignore-bound.patch b/openssl-freefilesync/openssl-1.1.1-ignore-bound.patch
deleted file mode 100644
index 4838f3d..0000000
--- a/openssl-freefilesync/openssl-1.1.1-ignore-bound.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-Do not return failure when setting version bound on fixed protocol
-version method.
-diff -up openssl-1.1.1-pre8/ssl/statem/statem_lib.c.ignore-bound openssl-1.1.1-pre8/ssl/statem/statem_lib.c
---- openssl-1.1.1-pre8/ssl/statem/statem_lib.c.ignore-bound 2018-06-20 16:48:13.000000000 +0200
-+++ openssl-1.1.1-pre8/ssl/statem/statem_lib.c 2018-08-13 11:07:52.826304045 +0200
-@@ -1595,7 +1595,7 @@ int ssl_set_version_bound(int method_ver
- * methods are not subject to controls that disable individual protocol
- * versions.
- */
-- return 0;
-+ return 1;
-
- case TLS_ANY_VERSION:
- if (version < SSL3_VERSION || version > TLS_MAX_VERSION)
diff --git a/openssl-freefilesync/openssl-1.1.1-man-rename.patch b/openssl-freefilesync/openssl-1.1.1-man-rename.patch
deleted file mode 100644
index 4e504b4..0000000
--- a/openssl-freefilesync/openssl-1.1.1-man-rename.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-diff -up openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename openssl-1.1.1-pre9/doc/man1/openssl.pod
---- openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename 2018-08-21 14:14:13.000000000 +0200
-+++ openssl-1.1.1-pre9/doc/man1/openssl.pod 2018-08-22 12:13:04.092568064 +0200
-@@ -482,13 +482,13 @@ L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>
- L<ec(1)>, L<ecparam(1)>,
- L<enc(1)>, L<engine(1)>, L<errstr(1)>, L<gendsa(1)>, L<genpkey(1)>,
- L<genrsa(1)>, L<nseq(1)>, L<ocsp(1)>,
--L<passwd(1)>,
- L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>,
- L<pkey(1)>, L<pkeyparam(1)>, L<pkeyutl(1)>, L<prime(1)>,
--L<rand(1)>, L<rehash(1)>, L<req(1)>, L<rsa(1)>,
-+L<rehash(1)>, L<req(1)>, L<rsa(1)>,
- L<rsautl(1)>, L<s_client(1)>,
- L<s_server(1)>, L<s_time(1)>, L<sess_id(1)>,
- L<smime(1)>, L<speed(1)>, L<spkac(1)>, L<srp(1)>, L<storeutl(1)>,
-+L<sslpasswd(1)>, L<sslrand(1)>,
- L<ts(1)>,
- L<verify(1)>, L<version(1)>, L<x509(1)>,
- L<crypto(7)>, L<ssl(7)>, L<x509v3_config(5)>
diff --git a/openssl-freefilesync/openssl-1.1.1-no-brainpool.patch b/openssl-freefilesync/openssl-1.1.1-no-brainpool.patch
deleted file mode 100644
index 2ab6fc9..0000000
--- a/openssl-freefilesync/openssl-1.1.1-no-brainpool.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in
---- openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in 2019-05-07 11:52:35.885597934 +0200
-@@ -141,22 +141,23 @@ our @tests = (
- {
- name => "ECDSA with brainpool",
- server => {
-- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
-- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
-- "Groups" => "brainpoolP256r1",
-+# "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
-+# "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
-+# "Groups" => "brainpoolP256r1",
-+ "CipherString" => "aNULL",
- },
- client => {
- #We don't restrict this to TLSv1.2, although use of brainpool
- #should force this anyway so that this should succeed
- "CipherString" => "aECDSA",
- "RequestCAFile" => test_pem("root-cert.pem"),
-- "Groups" => "brainpoolP256r1",
-+# "Groups" => "brainpoolP256r1",
- },
- test => {
-- "ExpectedServerCertType" =>, "brainpoolP256r1",
-- "ExpectedServerSignType" =>, "EC",
-+# "ExpectedServerCertType" =>, "brainpoolP256r1",
-+# "ExpectedServerSignType" =>, "EC",
- # Note: certificate_authorities not sent for TLS < 1.3
-- "ExpectedServerCANames" =>, "empty",
-+# "ExpectedServerCANames" =>, "empty",
- "ExpectedResult" => "Success"
- },
- },
-@@ -787,18 +788,19 @@ my @tests_tls_1_3 = (
- {
- name => "TLS 1.3 ECDSA with brainpool",
- server => {
-- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
-- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
-- "Groups" => "brainpoolP256r1",
-+# "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
-+# "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
-+# "Groups" => "brainpoolP256r1",
-+ "CipherString" => "aNULL",
- },
- client => {
- "RequestCAFile" => test_pem("root-cert.pem"),
-- "Groups" => "brainpoolP256r1",
-+# "Groups" => "brainpoolP256r1",
- "MinProtocol" => "TLSv1.3",
- "MaxProtocol" => "TLSv1.3"
- },
- test => {
-- "ExpectedResult" => "ServerFail"
-+ "ExpectedResult" => "Success"
- },
- },
- );
-diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1b/test/ssl-tests/20-cert-select.conf
---- openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/test/ssl-tests/20-cert-select.conf 2019-05-07 12:15:12.762907496 +0200
-@@ -233,23 +233,18 @@ server = 5-ECDSA with brainpool-server
- client = 5-ECDSA with brainpool-client
-
- [5-ECDSA with brainpool-server]
--Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
--CipherString = DEFAULT
--Groups = brainpoolP256r1
--PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = aNULL
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
- [5-ECDSA with brainpool-client]
- CipherString = aECDSA
--Groups = brainpoolP256r1
- RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
-
- [test-5]
- ExpectedResult = Success
--ExpectedServerCANames = empty
--ExpectedServerCertType = brainpoolP256r1
--ExpectedServerSignType = EC
-
-
- # ===========================================================
-@@ -1577,14 +1572,12 @@ server = 47-TLS 1.3 ECDSA with brainpool
- client = 47-TLS 1.3 ECDSA with brainpool-client
-
- [47-TLS 1.3 ECDSA with brainpool-server]
--Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
--CipherString = DEFAULT
--Groups = brainpoolP256r1
--PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
-+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-+CipherString = aNULL
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
- [47-TLS 1.3 ECDSA with brainpool-client]
- CipherString = DEFAULT
--Groups = brainpoolP256r1
- MaxProtocol = TLSv1.3
- MinProtocol = TLSv1.3
- RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-@@ -1592,7 +1585,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
- VerifyMode = Peer
-
- [test-47]
--ExpectedResult = ServerFail
-+ExpectedResult = Success
-
-
- # ===========================================================
diff --git a/openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch b/openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch
deleted file mode 100644
index 5756c68..0000000
--- a/openssl-freefilesync/openssl-1.1.1-no-weak-verify.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c
---- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/asn1/a_verify.c 2019-02-28 11:25:31.531862873 +0100
-@@ -7,6 +7,9 @@
- * https://www.openssl.org/source/license.html
- */
-
-+/* for secure_getenv */
-+#define _GNU_SOURCE
-+
- #include <stdio.h>
- #include <time.h>
- #include <sys/types.h>
-@@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
- if (ret != 2)
- goto err;
- ret = -1;
-+ } else if ((mdnid == NID_md5
-+ && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
-+ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
-+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
-+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
-+ goto err;
- } else {
- const EVP_MD *type = EVP_get_digestbynid(mdnid);
-
diff --git a/openssl-freefilesync/openssl-1.1.1-regression-fixes.patch b/openssl-freefilesync/openssl-1.1.1-regression-fixes.patch
deleted file mode 100644
index 11099a1..0000000
--- a/openssl-freefilesync/openssl-1.1.1-regression-fixes.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -up openssl-1.1.1b/crypto/conf/conf_lib.c.regression openssl-1.1.1b/crypto/conf/conf_lib.c
---- openssl-1.1.1b/crypto/conf/conf_lib.c.regression 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/conf/conf_lib.c 2019-05-10 14:28:57.718049429 +0200
-@@ -356,8 +356,10 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(
- {
- OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret));
-
-- if (ret != NULL)
-- memset(ret, 0, sizeof(*ret));
-+ if (ret == NULL)
-+ return NULL;
-+
-+ memset(ret, 0, sizeof(*ret));
- ret->flags = DEFAULT_CONF_MFLAGS;
-
- return ret;
diff --git a/openssl-freefilesync/openssl-1.1.1-s390x-update.patch b/openssl-freefilesync/openssl-1.1.1-s390x-update.patch
deleted file mode 100644
index f46c1a5..0000000
--- a/openssl-freefilesync/openssl-1.1.1-s390x-update.patch
+++ /dev/null
@@ -1,5509 +0,0 @@
-diff -up openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl.s390x-update openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl
---- openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl.s390x-update 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl 2019-05-06 10:54:00.035367605 +0200
-@@ -1,5 +1,5 @@
- #! /usr/bin/env perl
--# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
- #
- # Licensed under the OpenSSL license (the "License"). You may not use
- # this file except in compliance with the License. You can obtain a copy
-@@ -20,41 +20,53 @@
- #
- # 3 times faster than compiler-generated code.
-
--$flavour = shift;
-+#
-+# August 2018
-+#
-+# Add vx code path: 4x"vertical".
-+#
-+# Copyright IBM Corp. 2018
-+# Author: Patrick Steuer <patrick.steuer@de.ibm.com>
-+
-+#
-+# February 2019
-+#
-+# Add 6x"horizontal" VX implementation. It's ~25% faster than IBM's
-+# 4x"vertical" submission [on z13] and >3 faster than scalar code.
-+# But to harness overheads revert to transliteration of VSX code path
-+# from chacha-ppc module, which is also 4x"vertical", to handle inputs
-+# not longer than 256 bytes.
-+
-+use strict;
-+use FindBin qw($Bin);
-+use lib "$Bin/../..";
-+use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE);
-
-+my $flavour = shift;
-+
-+my ($z,$SIZE_T);
- if ($flavour =~ /3[12]/) {
-+ $z=0; # S/390 ABI
- $SIZE_T=4;
-- $g="";
- } else {
-+ $z=1; # zSeries ABI
- $SIZE_T=8;
-- $g="g";
- }
-
-+my $output;
- while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
--open STDOUT,">$output";
--
--sub AUTOLOAD() # thunk [simplified] x86-style perlasm
--{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
-- $code .= "\t$opcode\t".join(',',@_)."\n";
--}
-
- my $sp="%r15";
--
- my $stdframe=16*$SIZE_T+4*8;
--my $frame=$stdframe+4*20;
--
--my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6));
-
-+sub ROUND {
- my @x=map("%r$_",(0..7,"x","x","x","x",(10..13)));
- my @t=map("%r$_",(8,9));
--
--sub ROUND {
- my ($a0,$b0,$c0,$d0)=@_;
- my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
- my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
- my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
--my ($xc,$xc_)=map("\"$_\"",@t);
--my @x=map("\"$_\"",@x);
-+my ($xc,$xc_)=map("$_",@t);
-
- # Consider order in which variables are addressed by their
- # index:
-@@ -78,249 +90,967 @@ my @x=map("\"$_\"",@x);
- # 'c' stores and loads in the middle, but none in the beginning
- # or end.
-
-- (
-- "&alr (@x[$a0],@x[$b0])", # Q1
-- "&alr (@x[$a1],@x[$b1])", # Q2
-- "&xr (@x[$d0],@x[$a0])",
-- "&xr (@x[$d1],@x[$a1])",
-- "&rll (@x[$d0],@x[$d0],16)",
-- "&rll (@x[$d1],@x[$d1],16)",
--
-- "&alr ($xc,@x[$d0])",
-- "&alr ($xc_,@x[$d1])",
-- "&xr (@x[$b0],$xc)",
-- "&xr (@x[$b1],$xc_)",
-- "&rll (@x[$b0],@x[$b0],12)",
-- "&rll (@x[$b1],@x[$b1],12)",
--
-- "&alr (@x[$a0],@x[$b0])",
-- "&alr (@x[$a1],@x[$b1])",
-- "&xr (@x[$d0],@x[$a0])",
-- "&xr (@x[$d1],@x[$a1])",
-- "&rll (@x[$d0],@x[$d0],8)",
-- "&rll (@x[$d1],@x[$d1],8)",
--
-- "&alr ($xc,@x[$d0])",
-- "&alr ($xc_,@x[$d1])",
-- "&xr (@x[$b0],$xc)",
-- "&xr (@x[$b1],$xc_)",
-- "&rll (@x[$b0],@x[$b0],7)",
-- "&rll (@x[$b1],@x[$b1],7)",
--
-- "&stm ($xc,$xc_,'$stdframe+4*8+4*$c0($sp)')", # reload pair of 'c's
-- "&lm ($xc,$xc_,'$stdframe+4*8+4*$c2($sp)')",
--
-- "&alr (@x[$a2],@x[$b2])", # Q3
-- "&alr (@x[$a3],@x[$b3])", # Q4
-- "&xr (@x[$d2],@x[$a2])",
-- "&xr (@x[$d3],@x[$a3])",
-- "&rll (@x[$d2],@x[$d2],16)",
-- "&rll (@x[$d3],@x[$d3],16)",
--
-- "&alr ($xc,@x[$d2])",
-- "&alr ($xc_,@x[$d3])",
-- "&xr (@x[$b2],$xc)",
-- "&xr (@x[$b3],$xc_)",
-- "&rll (@x[$b2],@x[$b2],12)",
-- "&rll (@x[$b3],@x[$b3],12)",
--
-- "&alr (@x[$a2],@x[$b2])",
-- "&alr (@x[$a3],@x[$b3])",
-- "&xr (@x[$d2],@x[$a2])",
-- "&xr (@x[$d3],@x[$a3])",
-- "&rll (@x[$d2],@x[$d2],8)",
-- "&rll (@x[$d3],@x[$d3],8)",
--
-- "&alr ($xc,@x[$d2])",
-- "&alr ($xc_,@x[$d3])",
-- "&xr (@x[$b2],$xc)",
-- "&xr (@x[$b3],$xc_)",
-- "&rll (@x[$b2],@x[$b2],7)",
-- "&rll (@x[$b3],@x[$b3],7)"
-- );
--}
--
--$code.=<<___;
--.text
--
--.globl ChaCha20_ctr32
--.type ChaCha20_ctr32,\@function
--.align 32
--ChaCha20_ctr32:
-- lt${g}r $len,$len # $len==0?
-- bzr %r14
-- a${g}hi $len,-64
-- l${g}hi %r1,-$frame
-- stm${g} %r6,%r15,`6*$SIZE_T`($sp)
-- sl${g}r $out,$inp # difference
-- la $len,0($inp,$len) # end of input minus 64
-- larl %r7,.Lsigma
-- lgr %r0,$sp
-- la $sp,0(%r1,$sp)
-- st${g} %r0,0($sp)
--
-- lmg %r8,%r11,0($key) # load key
-- lmg %r12,%r13,0($counter) # load counter
-- lmg %r6,%r7,0(%r7) # load sigma constant
--
-- la %r14,0($inp)
-- st${g} $out,$frame+3*$SIZE_T($sp)
-- st${g} $len,$frame+4*$SIZE_T($sp)
-- stmg %r6,%r13,$stdframe($sp) # copy key schedule to stack
-- srlg @x[12],%r12,32 # 32-bit counter value
-- j .Loop_outer
--
--.align 16
--.Loop_outer:
-- lm @x[0],@x[7],$stdframe+4*0($sp) # load x[0]-x[7]
-- lm @t[0],@t[1],$stdframe+4*10($sp) # load x[10]-x[11]
-- lm @x[13],@x[15],$stdframe+4*13($sp) # load x[13]-x[15]
-- stm @t[0],@t[1],$stdframe+4*8+4*10($sp) # offload x[10]-x[11]
-- lm @t[0],@t[1],$stdframe+4*8($sp) # load x[8]-x[9]
-- st @x[12],$stdframe+4*12($sp) # save counter
-- st${g} %r14,$frame+2*$SIZE_T($sp) # save input pointer
-- lhi %r14,10
-- j .Loop
--
--.align 4
--.Loop:
--___
-- foreach (&ROUND(0, 4, 8,12)) { eval; }
-- foreach (&ROUND(0, 5,10,15)) { eval; }
--$code.=<<___;
-- brct %r14,.Loop
--
-- l${g} %r14,$frame+2*$SIZE_T($sp) # pull input pointer
-- stm @t[0],@t[1],$stdframe+4*8+4*8($sp) # offload x[8]-x[9]
-- lm${g} @t[0],@t[1],$frame+3*$SIZE_T($sp)
--
-- al @x[0],$stdframe+4*0($sp) # accumulate key schedule
-- al @x[1],$stdframe+4*1($sp)
-- al @x[2],$stdframe+4*2($sp)
-- al @x[3],$stdframe+4*3($sp)
-- al @x[4],$stdframe+4*4($sp)
-- al @x[5],$stdframe+4*5($sp)
-- al @x[6],$stdframe+4*6($sp)
-- al @x[7],$stdframe+4*7($sp)
-- lrvr @x[0],@x[0]
-- lrvr @x[1],@x[1]
-- lrvr @x[2],@x[2]
-- lrvr @x[3],@x[3]
-- lrvr @x[4],@x[4]
-- lrvr @x[5],@x[5]
-- lrvr @x[6],@x[6]
-- lrvr @x[7],@x[7]
-- al @x[12],$stdframe+4*12($sp)
-- al @x[13],$stdframe+4*13($sp)
-- al @x[14],$stdframe+4*14($sp)
-- al @x[15],$stdframe+4*15($sp)
-- lrvr @x[12],@x[12]
-- lrvr @x[13],@x[13]
-- lrvr @x[14],@x[14]
-- lrvr @x[15],@x[15]
--
-- la @t[0],0(@t[0],%r14) # reconstruct output pointer
-- cl${g}r %r14,@t[1]
-- jh .Ltail
--
-- x @x[0],4*0(%r14) # xor with input
-- x @x[1],4*1(%r14)
-- st @x[0],4*0(@t[0]) # store output
-- x @x[2],4*2(%r14)
-- st @x[1],4*1(@t[0])
-- x @x[3],4*3(%r14)
-- st @x[2],4*2(@t[0])
-- x @x[4],4*4(%r14)
-- st @x[3],4*3(@t[0])
-- lm @x[0],@x[3],$stdframe+4*8+4*8($sp) # load x[8]-x[11]
-- x @x[5],4*5(%r14)
-- st @x[4],4*4(@t[0])
-- x @x[6],4*6(%r14)
-- al @x[0],$stdframe+4*8($sp)
-- st @x[5],4*5(@t[0])
-- x @x[7],4*7(%r14)
-- al @x[1],$stdframe+4*9($sp)
-- st @x[6],4*6(@t[0])
-- x @x[12],4*12(%r14)
-- al @x[2],$stdframe+4*10($sp)
-- st @x[7],4*7(@t[0])
-- x @x[13],4*13(%r14)
-- al @x[3],$stdframe+4*11($sp)
-- st @x[12],4*12(@t[0])
-- x @x[14],4*14(%r14)
-- st @x[13],4*13(@t[0])
-- x @x[15],4*15(%r14)
-- st @x[14],4*14(@t[0])
-- lrvr @x[0],@x[0]
-- st @x[15],4*15(@t[0])
-- lrvr @x[1],@x[1]
-- lrvr @x[2],@x[2]
-- lrvr @x[3],@x[3]
-- lhi @x[12],1
-- x @x[0],4*8(%r14)
-- al @x[12],$stdframe+4*12($sp) # increment counter
-- x @x[1],4*9(%r14)
-- st @x[0],4*8(@t[0])
-- x @x[2],4*10(%r14)
-- st @x[1],4*9(@t[0])
-- x @x[3],4*11(%r14)
-- st @x[2],4*10(@t[0])
-- st @x[3],4*11(@t[0])
--
-- cl${g}r %r14,@t[1] # done yet?
-- la %r14,64(%r14)
-- jl .Loop_outer
--
--.Ldone:
-- xgr %r0,%r0
-- xgr %r1,%r1
-- xgr %r2,%r2
-- xgr %r3,%r3
-- stmg %r0,%r3,$stdframe+4*4($sp) # wipe key copy
-- stmg %r0,%r3,$stdframe+4*12($sp)
--
-- lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp)
-- br %r14
--
--.align 16
--.Ltail:
-- la @t[1],64($t[1])
-- stm @x[0],@x[7],$stdframe+4*0($sp)
-- sl${g}r @t[1],%r14
-- lm @x[0],@x[3],$stdframe+4*8+4*8($sp)
-- l${g}hi @x[6],0
-- stm @x[12],@x[15],$stdframe+4*12($sp)
-- al @x[0],$stdframe+4*8($sp)
-- al @x[1],$stdframe+4*9($sp)
-- al @x[2],$stdframe+4*10($sp)
-- al @x[3],$stdframe+4*11($sp)
-- lrvr @x[0],@x[0]
-- lrvr @x[1],@x[1]
-- lrvr @x[2],@x[2]
-- lrvr @x[3],@x[3]
-- stm @x[0],@x[3],$stdframe+4*8($sp)
--
--.Loop_tail:
-- llgc @x[4],0(@x[6],%r14)
-- llgc @x[5],$stdframe(@x[6],$sp)
-- xr @x[5],@x[4]
-- stc @x[5],0(@x[6],@t[0])
-- la @x[6],1(@x[6])
-- brct @t[1],.Loop_tail
--
-- j .Ldone
--.size ChaCha20_ctr32,.-ChaCha20_ctr32
--
--.align 32
--.Lsigma:
--.long 0x61707865,0x3320646e,0x79622d32,0x6b206574 # endian-neutral
--.asciz "ChaCha20 for s390x, CRYPTOGAMS by <appro\@openssl.org>"
--.align 4
--___
-+ alr (@x[$a0],@x[$b0]); # Q1
-+ alr (@x[$a1],@x[$b1]); # Q2
-+ xr (@x[$d0],@x[$a0]);
-+ xr (@x[$d1],@x[$a1]);
-+ rll (@x[$d0],@x[$d0],16);
-+ rll (@x[$d1],@x[$d1],16);
-+
-+ alr ($xc,@x[$d0]);
-+ alr ($xc_,@x[$d1]);
-+ xr (@x[$b0],$xc);
-+ xr (@x[$b1],$xc_);
-+ rll (@x[$b0],@x[$b0],12);
-+ rll (@x[$b1],@x[$b1],12);
-+
-+ alr (@x[$a0],@x[$b0]);
-+ alr (@x[$a1],@x[$b1]);
-+ xr (@x[$d0],@x[$a0]);
-+ xr (@x[$d1],@x[$a1]);
-+ rll (@x[$d0],@x[$d0],8);
-+ rll (@x[$d1],@x[$d1],8);
-+
-+ alr ($xc,@x[$d0]);
-+ alr ($xc_,@x[$d1]);
-+ xr (@x[$b0],$xc);
-+ xr (@x[$b1],$xc_);
-+ rll (@x[$b0],@x[$b0],7);
-+ rll (@x[$b1],@x[$b1],7);
-+
-+ stm ($xc,$xc_,"$stdframe+4*8+4*$c0($sp)"); # reload pair of 'c's
-+ lm ($xc,$xc_,"$stdframe+4*8+4*$c2($sp)");
-+
-+ alr (@x[$a2],@x[$b2]); # Q3
-+ alr (@x[$a3],@x[$b3]); # Q4
-+ xr (@x[$d2],@x[$a2]);
-+ xr (@x[$d3],@x[$a3]);
-+ rll (@x[$d2],@x[$d2],16);
-+ rll (@x[$d3],@x[$d3],16);
-+
-+ alr ($xc,@x[$d2]);
-+ alr ($xc_,@x[$d3]);
-+ xr (@x[$b2],$xc);
-+ xr (@x[$b3],$xc_);
-+ rll (@x[$b2],@x[$b2],12);
-+ rll (@x[$b3],@x[$b3],12);
-+
-+ alr (@x[$a2],@x[$b2]);
-+ alr (@x[$a3],@x[$b3]);
-+ xr (@x[$d2],@x[$a2]);
-+ xr (@x[$d3],@x[$a3]);
-+ rll (@x[$d2],@x[$d2],8);
-+ rll (@x[$d3],@x[$d3],8);
-+
-+ alr ($xc,@x[$d2]);
-+ alr ($xc_,@x[$d3]);
-+ xr (@x[$b2],$xc);
-+ xr (@x[$b3],$xc_);
-+ rll (@x[$b2],@x[$b2],7);
-+ rll (@x[$b3],@x[$b3],7);
-+}
-+
-+sub VX_lane_ROUND {
-+my ($a0,$b0,$c0,$d0)=@_;
-+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
-+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
-+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
-+my @x=map("%v$_",(0..15));
-
--foreach (split("\n",$code)) {
-- s/\`([^\`]*)\`/eval $1/ge;
-+ vaf (@x[$a0],@x[$a0],@x[$b0]); # Q1
-+ vx (@x[$d0],@x[$d0],@x[$a0]);
-+ verllf (@x[$d0],@x[$d0],16);
-+ vaf (@x[$a1],@x[$a1],@x[$b1]); # Q2
-+ vx (@x[$d1],@x[$d1],@x[$a1]);
-+ verllf (@x[$d1],@x[$d1],16);
-+ vaf (@x[$a2],@x[$a2],@x[$b2]); # Q3
-+ vx (@x[$d2],@x[$d2],@x[$a2]);
-+ verllf (@x[$d2],@x[$d2],16);
-+ vaf (@x[$a3],@x[$a3],@x[$b3]); # Q4
-+ vx (@x[$d3],@x[$d3],@x[$a3]);
-+ verllf (@x[$d3],@x[$d3],16);
-+
-+ vaf (@x[$c0],@x[$c0],@x[$d0]);
-+ vx (@x[$b0],@x[$b0],@x[$c0]);
-+ verllf (@x[$b0],@x[$b0],12);
-+ vaf (@x[$c1],@x[$c1],@x[$d1]);
-+ vx (@x[$b1],@x[$b1],@x[$c1]);
-+ verllf (@x[$b1],@x[$b1],12);
-+ vaf (@x[$c2],@x[$c2],@x[$d2]);
-+ vx (@x[$b2],@x[$b2],@x[$c2]);
-+ verllf (@x[$b2],@x[$b2],12);
-+ vaf (@x[$c3],@x[$c3],@x[$d3]);
-+ vx (@x[$b3],@x[$b3],@x[$c3]);
-+ verllf (@x[$b3],@x[$b3],12);
-+
-+ vaf (@x[$a0],@x[$a0],@x[$b0]);
-+ vx (@x[$d0],@x[$d0],@x[$a0]);
-+ verllf (@x[$d0],@x[$d0],8);
-+ vaf (@x[$a1],@x[$a1],@x[$b1]);
-+ vx (@x[$d1],@x[$d1],@x[$a1]);
-+ verllf (@x[$d1],@x[$d1],8);
-+ vaf (@x[$a2],@x[$a2],@x[$b2]);
-+ vx (@x[$d2],@x[$d2],@x[$a2]);
-+ verllf (@x[$d2],@x[$d2],8);
-+ vaf (@x[$a3],@x[$a3],@x[$b3]);
-+ vx (@x[$d3],@x[$d3],@x[$a3]);
-+ verllf (@x[$d3],@x[$d3],8);
-+
-+ vaf (@x[$c0],@x[$c0],@x[$d0]);
-+ vx (@x[$b0],@x[$b0],@x[$c0]);
-+ verllf (@x[$b0],@x[$b0],7);
-+ vaf (@x[$c1],@x[$c1],@x[$d1]);
-+ vx (@x[$b1],@x[$b1],@x[$c1]);
-+ verllf (@x[$b1],@x[$b1],7);
-+ vaf (@x[$c2],@x[$c2],@x[$d2]);
-+ vx (@x[$b2],@x[$b2],@x[$c2]);
-+ verllf (@x[$b2],@x[$b2],7);
-+ vaf (@x[$c3],@x[$c3],@x[$d3]);
-+ vx (@x[$b3],@x[$b3],@x[$c3]);
-+ verllf (@x[$b3],@x[$b3],7);
-+}
-
-- print $_,"\n";
-+sub VX_ROUND {
-+my @a=@_[0..5];
-+my @b=@_[6..11];
-+my @c=@_[12..17];
-+my @d=@_[18..23];
-+my $odd=@_[24];
-+
-+ vaf (@a[$_],@a[$_],@b[$_]) for (0..5);
-+ vx (@d[$_],@d[$_],@a[$_]) for (0..5);
-+ verllf (@d[$_],@d[$_],16) for (0..5);
-+
-+ vaf (@c[$_],@c[$_],@d[$_]) for (0..5);
-+ vx (@b[$_],@b[$_],@c[$_]) for (0..5);
-+ verllf (@b[$_],@b[$_],12) for (0..5);
-+
-+ vaf (@a[$_],@a[$_],@b[$_]) for (0..5);
-+ vx (@d[$_],@d[$_],@a[$_]) for (0..5);
-+ verllf (@d[$_],@d[$_],8) for (0..5);
-+
-+ vaf (@c[$_],@c[$_],@d[$_]) for (0..5);
-+ vx (@b[$_],@b[$_],@c[$_]) for (0..5);
-+ verllf (@b[$_],@b[$_],7) for (0..5);
-+
-+ vsldb (@c[$_],@c[$_],@c[$_],8) for (0..5);
-+ vsldb (@b[$_],@b[$_],@b[$_],$odd?12:4) for (0..5);
-+ vsldb (@d[$_],@d[$_],@d[$_],$odd?4:12) for (0..5);
- }
--close STDOUT;
-+
-+PERLASM_BEGIN($output);
-+
-+INCLUDE ("s390x_arch.h");
-+TEXT ();
-+
-+################
-+# void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, size_t len,
-+# const unsigned int key[8], const unsigned int counter[4])
-+my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6));
-+{
-+my $frame=$stdframe+4*20;
-+my @x=map("%r$_",(0..7,"x","x","x","x",(10..13)));
-+my @t=map("%r$_",(8,9));
-+
-+GLOBL ("ChaCha20_ctr32");
-+TYPE ("ChaCha20_ctr32","\@function");
-+ALIGN (32);
-+LABEL ("ChaCha20_ctr32");
-+ larl ("%r1","OPENSSL_s390xcap_P");
-+
-+ lghi ("%r0",64);
-+&{$z? \&ltgr:\&ltr} ($len,$len); # len==0?
-+ bzr ("%r14");
-+ lg ("%r1","S390X_STFLE+16(%r1)");
-+&{$z? \&clgr:\&clr} ($len,"%r0");
-+ jle (".Lshort");
-+
-+ tmhh ("%r1",0x4000); # check for vx bit
-+ jnz (".LChaCha20_ctr32_vx");
-+
-+LABEL (".Lshort");
-+&{$z? \&aghi:\&ahi} ($len,-64);
-+&{$z? \&lghi:\&lhi} ("%r1",-$frame);
-+&{$z? \&stmg:\&stm} ("%r6","%r15","6*$SIZE_T($sp)");
-+&{$z? \&slgr:\&slr} ($out,$inp); # difference
-+ la ($len,"0($inp,$len)"); # end of input minus 64
-+ larl ("%r7",".Lsigma");
-+ lgr ("%r0",$sp);
-+ la ($sp,"0(%r1,$sp)");
-+&{$z? \&stg:\&st} ("%r0","0($sp)");
-+
-+ lmg ("%r8","%r11","0($key)"); # load key
-+ lmg ("%r12","%r13","0($counter)"); # load counter
-+ lmg ("%r6","%r7","0(%r7)"); # load sigma constant
-+
-+ la ("%r14","0($inp)");
-+&{$z? \&stg:\&st} ($out,"$frame+3*$SIZE_T($sp)");
-+&{$z? \&stg:\&st} ($len,"$frame+4*$SIZE_T($sp)");
-+ stmg ("%r6","%r13","$stdframe($sp)");# copy key schedule to stack
-+ srlg (@x[12],"%r12",32); # 32-bit counter value
-+ j (".Loop_outer");
-+
-+ALIGN (16);
-+LABEL (".Loop_outer");
-+ lm (@x[0],@x[7],"$stdframe+4*0($sp)"); # load x[0]-x[7]
-+ lm (@t[0],@t[1],"$stdframe+4*10($sp)"); # load x[10]-x[11]
-+ lm (@x[13],@x[15],"$stdframe+4*13($sp)"); # load x[13]-x[15]
-+ stm (@t[0],@t[1],"$stdframe+4*8+4*10($sp)");# offload x[10]-x[11]
-+ lm (@t[0],@t[1],"$stdframe+4*8($sp)"); # load x[8]-x[9]
-+ st (@x[12],"$stdframe+4*12($sp)"); # save counter
-+&{$z? \&stg:\&st} ("%r14","$frame+2*$SIZE_T($sp)");# save input pointer
-+ lhi ("%r14",10);
-+ j (".Loop");
-+
-+ALIGN (4);
-+LABEL (".Loop");
-+ ROUND (0, 4, 8,12);
-+ ROUND (0, 5,10,15);
-+ brct ("%r14",".Loop");
-+
-+&{$z? \&lg:\&l} ("%r14","$frame+2*$SIZE_T($sp)");# pull input pointer
-+ stm (@t[0],@t[1],"$stdframe+4*8+4*8($sp)"); # offload x[8]-x[9]
-+&{$z? \&lmg:\&lm} (@t[0],@t[1],"$frame+3*$SIZE_T($sp)");
-+
-+ al (@x[0],"$stdframe+4*0($sp)"); # accumulate key schedule
-+ al (@x[1],"$stdframe+4*1($sp)");
-+ al (@x[2],"$stdframe+4*2($sp)");
-+ al (@x[3],"$stdframe+4*3($sp)");
-+ al (@x[4],"$stdframe+4*4($sp)");
-+ al (@x[5],"$stdframe+4*5($sp)");
-+ al (@x[6],"$stdframe+4*6($sp)");
-+ al (@x[7],"$stdframe+4*7($sp)");
-+ lrvr (@x[0],@x[0]);
-+ lrvr (@x[1],@x[1]);
-+ lrvr (@x[2],@x[2]);
-+ lrvr (@x[3],@x[3]);
-+ lrvr (@x[4],@x[4]);
-+ lrvr (@x[5],@x[5]);
-+ lrvr (@x[6],@x[6]);
-+ lrvr (@x[7],@x[7]);
-+ al (@x[12],"$stdframe+4*12($sp)");
-+ al (@x[13],"$stdframe+4*13($sp)");
-+ al (@x[14],"$stdframe+4*14($sp)");
-+ al (@x[15],"$stdframe+4*15($sp)");
-+ lrvr (@x[12],@x[12]);
-+ lrvr (@x[13],@x[13]);
-+ lrvr (@x[14],@x[14]);
-+ lrvr (@x[15],@x[15]);
-+
-+ la (@t[0],"0(@t[0],%r14)"); # reconstruct output pointer
-+&{$z? \&clgr:\&clr} ("%r14",@t[1]);
-+ jh (".Ltail");
-+
-+ x (@x[0],"4*0(%r14)"); # xor with input
-+ x (@x[1],"4*1(%r14)");
-+ st (@x[0],"4*0(@t[0])"); # store output
-+ x (@x[2],"4*2(%r14)");
-+ st (@x[1],"4*1(@t[0])");
-+ x (@x[3],"4*3(%r14)");
-+ st (@x[2],"4*2(@t[0])");
-+ x (@x[4],"4*4(%r14)");
-+ st (@x[3],"4*3(@t[0])");
-+ lm (@x[0],@x[3],"$stdframe+4*8+4*8($sp)"); # load x[8]-x[11]
-+ x (@x[5],"4*5(%r14)");
-+ st (@x[4],"4*4(@t[0])");
-+ x (@x[6],"4*6(%r14)");
-+ al (@x[0],"$stdframe+4*8($sp)");
-+ st (@x[5],"4*5(@t[0])");
-+ x (@x[7],"4*7(%r14)");
-+ al (@x[1],"$stdframe+4*9($sp)");
-+ st (@x[6],"4*6(@t[0])");
-+ x (@x[12],"4*12(%r14)");
-+ al (@x[2],"$stdframe+4*10($sp)");
-+ st (@x[7],"4*7(@t[0])");
-+ x (@x[13],"4*13(%r14)");
-+ al (@x[3],"$stdframe+4*11($sp)");
-+ st (@x[12],"4*12(@t[0])");
-+ x (@x[14],"4*14(%r14)");
-+ st (@x[13],"4*13(@t[0])");
-+ x (@x[15],"4*15(%r14)");
-+ st (@x[14],"4*14(@t[0])");
-+ lrvr (@x[0],@x[0]);
-+ st (@x[15],"4*15(@t[0])");
-+ lrvr (@x[1],@x[1]);
-+ lrvr (@x[2],@x[2]);
-+ lrvr (@x[3],@x[3]);
-+ lhi (@x[12],1);
-+ x (@x[0],"4*8(%r14)");
-+ al (@x[12],"$stdframe+4*12($sp)"); # increment counter
-+ x (@x[1],"4*9(%r14)");
-+ st (@x[0],"4*8(@t[0])");
-+ x (@x[2],"4*10(%r14)");
-+ st (@x[1],"4*9(@t[0])");
-+ x (@x[3],"4*11(%r14)");
-+ st (@x[2],"4*10(@t[0])");
-+ st (@x[3],"4*11(@t[0])");
-+
-+&{$z? \&clgr:\&clr} ("%r14",@t[1]); # done yet?
-+ la ("%r14","64(%r14)");
-+ jl (".Loop_outer");
-+
-+LABEL (".Ldone");
-+ xgr ("%r0","%r0");
-+ xgr ("%r1","%r1");
-+ xgr ("%r2","%r2");
-+ xgr ("%r3","%r3");
-+ stmg ("%r0","%r3","$stdframe+4*4($sp)"); # wipe key copy
-+ stmg ("%r0","%r3","$stdframe+4*12($sp)");
-+
-+&{$z? \&lmg:\&lm} ("%r6","%r15","$frame+6*$SIZE_T($sp)");
-+ br ("%r14");
-+
-+ALIGN (16);
-+LABEL (".Ltail");
-+ la (@t[1],"64($t[1])");
-+ stm (@x[0],@x[7],"$stdframe+4*0($sp)");
-+&{$z? \&slgr:\&slr} (@t[1],"%r14");
-+ lm (@x[0],@x[3],"$stdframe+4*8+4*8($sp)");
-+&{$z? \&lghi:\&lhi} (@x[6],0);
-+ stm (@x[12],@x[15],"$stdframe+4*12($sp)");
-+ al (@x[0],"$stdframe+4*8($sp)");
-+ al (@x[1],"$stdframe+4*9($sp)");
-+ al (@x[2],"$stdframe+4*10($sp)");
-+ al (@x[3],"$stdframe+4*11($sp)");
-+ lrvr (@x[0],@x[0]);
-+ lrvr (@x[1],@x[1]);
-+ lrvr (@x[2],@x[2]);
-+ lrvr (@x[3],@x[3]);
-+ stm (@x[0],@x[3],"$stdframe+4*8($sp)");
-+
-+LABEL (".Loop_tail");
-+ llgc (@x[4],"0(@x[6],%r14)");
-+ llgc (@x[5],"$stdframe(@x[6],$sp)");
-+ xr (@x[5],@x[4]);
-+ stc (@x[5],"0(@x[6],@t[0])");
-+ la (@x[6],"1(@x[6])");
-+ brct (@t[1],".Loop_tail");
-+
-+ j (".Ldone");
-+SIZE ("ChaCha20_ctr32",".-ChaCha20_ctr32");
-+}
-+
-+########################################################################
-+# 4x"vertical" layout minimizes amount of instructions, but pipeline
-+# runs underutilized [because of vector instructions' high latency].
-+# On the other hand minimum amount of data it takes to fully utilize
-+# the pipeline is higher, so that effectively, short inputs would be
-+# processed slower. Hence this code path targeting <=256 bytes lengths.
-+#
-+{
-+my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
-+ $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3)=map("%v$_",(0..15));
-+my @K=map("%v$_",(16..19));
-+my $CTR="%v26";
-+my ($xt0,$xt1,$xt2,$xt3)=map("%v$_",(27..30));
-+my $beperm="%v31";
-+my ($x00,$x10,$x20,$x30)=(0,map("r$_",(8..10)));
-+my $FRAME=$stdframe+4*16;
-+
-+ALIGN (32);
-+LABEL ("ChaCha20_ctr32_4x");
-+LABEL (".LChaCha20_ctr32_4x");
-+&{$z? \&stmg:\&stm} ("%r6","%r7","6*$SIZE_T($sp)");
-+if (!$z) {
-+ std ("%f4","16*$SIZE_T+2*8($sp)");
-+ std ("%f6","16*$SIZE_T+3*8($sp)");
-+}
-+&{$z? \&lghi:\&lhi} ("%r1",-$FRAME);
-+ lgr ("%r0",$sp);
-+ la ($sp,"0(%r1,$sp)");
-+&{$z? \&stg:\&st} ("%r0","0($sp)"); # back-chain
-+if ($z) {
-+ std ("%f8","$stdframe+8*0($sp)");
-+ std ("%f9","$stdframe+8*1($sp)");
-+ std ("%f10","$stdframe+8*2($sp)");
-+ std ("%f11","$stdframe+8*3($sp)");
-+ std ("%f12","$stdframe+8*4($sp)");
-+ std ("%f13","$stdframe+8*5($sp)");
-+ std ("%f14","$stdframe+8*6($sp)");
-+ std ("%f15","$stdframe+8*7($sp)");
-+}
-+ larl ("%r7",".Lsigma");
-+ lhi ("%r0",10);
-+ lhi ("%r1",0);
-+
-+ vl (@K[0],"0(%r7)"); # load sigma
-+ vl (@K[1],"0($key)"); # load key
-+ vl (@K[2],"16($key)");
-+ vl (@K[3],"0($counter)"); # load counter
-+
-+ vl ($beperm,"0x40(%r7)");
-+ vl ($xt1,"0x50(%r7)");
-+ vrepf ($CTR,@K[3],0);
-+ vlvgf (@K[3],"%r1",0); # clear @K[3].word[0]
-+ vaf ($CTR,$CTR,$xt1);
-+
-+#LABEL (".Loop_outer_4x");
-+ vlm ($xa0,$xa3,"0x60(%r7)"); # load [smashed] sigma
-+
-+ vrepf ($xb0,@K[1],0); # smash the key
-+ vrepf ($xb1,@K[1],1);
-+ vrepf ($xb2,@K[1],2);
-+ vrepf ($xb3,@K[1],3);
-+
-+ vrepf ($xc0,@K[2],0);
-+ vrepf ($xc1,@K[2],1);
-+ vrepf ($xc2,@K[2],2);
-+ vrepf ($xc3,@K[2],3);
-+
-+ vlr ($xd0,$CTR);
-+ vrepf ($xd1,@K[3],1);
-+ vrepf ($xd2,@K[3],2);
-+ vrepf ($xd3,@K[3],3);
-+
-+LABEL (".Loop_4x");
-+ VX_lane_ROUND(0, 4, 8,12);
-+ VX_lane_ROUND(0, 5,10,15);
-+ brct ("%r0",".Loop_4x");
-+
-+ vaf ($xd0,$xd0,$CTR);
-+
-+ vmrhf ($xt0,$xa0,$xa1); # transpose data
-+ vmrhf ($xt1,$xa2,$xa3);
-+ vmrlf ($xt2,$xa0,$xa1);
-+ vmrlf ($xt3,$xa2,$xa3);
-+ vpdi ($xa0,$xt0,$xt1,0b0000);
-+ vpdi ($xa1,$xt0,$xt1,0b0101);
-+ vpdi ($xa2,$xt2,$xt3,0b0000);
-+ vpdi ($xa3,$xt2,$xt3,0b0101);
-+
-+ vmrhf ($xt0,$xb0,$xb1);
-+ vmrhf ($xt1,$xb2,$xb3);
-+ vmrlf ($xt2,$xb0,$xb1);
-+ vmrlf ($xt3,$xb2,$xb3);
-+ vpdi ($xb0,$xt0,$xt1,0b0000);
-+ vpdi ($xb1,$xt0,$xt1,0b0101);
-+ vpdi ($xb2,$xt2,$xt3,0b0000);
-+ vpdi ($xb3,$xt2,$xt3,0b0101);
-+
-+ vmrhf ($xt0,$xc0,$xc1);
-+ vmrhf ($xt1,$xc2,$xc3);
-+ vmrlf ($xt2,$xc0,$xc1);
-+ vmrlf ($xt3,$xc2,$xc3);
-+ vpdi ($xc0,$xt0,$xt1,0b0000);
-+ vpdi ($xc1,$xt0,$xt1,0b0101);
-+ vpdi ($xc2,$xt2,$xt3,0b0000);
-+ vpdi ($xc3,$xt2,$xt3,0b0101);
-+
-+ vmrhf ($xt0,$xd0,$xd1);
-+ vmrhf ($xt1,$xd2,$xd3);
-+ vmrlf ($xt2,$xd0,$xd1);
-+ vmrlf ($xt3,$xd2,$xd3);
-+ vpdi ($xd0,$xt0,$xt1,0b0000);
-+ vpdi ($xd1,$xt0,$xt1,0b0101);
-+ vpdi ($xd2,$xt2,$xt3,0b0000);
-+ vpdi ($xd3,$xt2,$xt3,0b0101);
-+
-+ #vrepif ($xt0,4);
-+ #vaf ($CTR,$CTR,$xt0); # next counter value
-+
-+ vaf ($xa0,$xa0,@K[0]);
-+ vaf ($xb0,$xb0,@K[1]);
-+ vaf ($xc0,$xc0,@K[2]);
-+ vaf ($xd0,$xd0,@K[3]);
-+
-+ vperm ($xa0,$xa0,$xa0,$beperm);
-+ vperm ($xb0,$xb0,$xb0,$beperm);
-+ vperm ($xc0,$xc0,$xc0,$beperm);
-+ vperm ($xd0,$xd0,$xd0,$beperm);
-+
-+ #&{$z? \&clgfi:\&clfi} ($len,0x40);
-+ #jl (".Ltail_4x");
-+
-+ vlm ($xt0,$xt3,"0($inp)");
-+
-+ vx ($xt0,$xt0,$xa0);
-+ vx ($xt1,$xt1,$xb0);
-+ vx ($xt2,$xt2,$xc0);
-+ vx ($xt3,$xt3,$xd0);
-+
-+ vstm ($xt0,$xt3,"0($out)");
-+
-+ la ($inp,"0x40($inp)");
-+ la ($out,"0x40($out)");
-+&{$z? \&aghi:\&ahi} ($len,-0x40);
-+ #je (".Ldone_4x");
-+
-+ vaf ($xa0,$xa1,@K[0]);
-+ vaf ($xb0,$xb1,@K[1]);
-+ vaf ($xc0,$xc1,@K[2]);
-+ vaf ($xd0,$xd1,@K[3]);
-+
-+ vperm ($xa0,$xa0,$xa0,$beperm);
-+ vperm ($xb0,$xb0,$xb0,$beperm);
-+ vperm ($xc0,$xc0,$xc0,$beperm);
-+ vperm ($xd0,$xd0,$xd0,$beperm);
-+
-+&{$z? \&clgfi:\&clfi} ($len,0x40);
-+ jl (".Ltail_4x");
-+
-+ vlm ($xt0,$xt3,"0($inp)");
-+
-+ vx ($xt0,$xt0,$xa0);
-+ vx ($xt1,$xt1,$xb0);
-+ vx ($xt2,$xt2,$xc0);
-+ vx ($xt3,$xt3,$xd0);
-+
-+ vstm ($xt0,$xt3,"0($out)");
-+
-+ la ($inp,"0x40($inp)");
-+ la ($out,"0x40($out)");
-+&{$z? \&aghi:\&ahi} ($len,-0x40);
-+ je (".Ldone_4x");
-+
-+ vaf ($xa0,$xa2,@K[0]);
-+ vaf ($xb0,$xb2,@K[1]);
-+ vaf ($xc0,$xc2,@K[2]);
-+ vaf ($xd0,$xd2,@K[3]);
-+
-+ vperm ($xa0,$xa0,$xa0,$beperm);
-+ vperm ($xb0,$xb0,$xb0,$beperm);
-+ vperm ($xc0,$xc0,$xc0,$beperm);
-+ vperm ($xd0,$xd0,$xd0,$beperm);
-+
-+&{$z? \&clgfi:\&clfi} ($len,0x40);
-+ jl (".Ltail_4x");
-+
-+ vlm ($xt0,$xt3,"0($inp)");
-+
-+ vx ($xt0,$xt0,$xa0);
-+ vx ($xt1,$xt1,$xb0);
-+ vx ($xt2,$xt2,$xc0);
-+ vx ($xt3,$xt3,$xd0);
-+
-+ vstm ($xt0,$xt3,"0($out)");
-+
-+ la ($inp,"0x40($inp)");
-+ la ($out,"0x40($out)");
-+&{$z? \&aghi:\&ahi} ($len,-0x40);
-+ je (".Ldone_4x");
-+
-+ vaf ($xa0,$xa3,@K[0]);
-+ vaf ($xb0,$xb3,@K[1]);
-+ vaf ($xc0,$xc3,@K[2]);
-+ vaf ($xd0,$xd3,@K[3]);
-+
-+ vperm ($xa0,$xa0,$xa0,$beperm);
-+ vperm ($xb0,$xb0,$xb0,$beperm);
-+ vperm ($xc0,$xc0,$xc0,$beperm);
-+ vperm ($xd0,$xd0,$xd0,$beperm);
-+
-+&{$z? \&clgfi:\&clfi} ($len,0x40);
-+ jl (".Ltail_4x");
-+
-+ vlm ($xt0,$xt3,"0($inp)");
-+
-+ vx ($xt0,$xt0,$xa0);
-+ vx ($xt1,$xt1,$xb0);
-+ vx ($xt2,$xt2,$xc0);
-+ vx ($xt3,$xt3,$xd0);
-+
-+ vstm ($xt0,$xt3,"0($out)");
-+
-+ #la $inp,0x40($inp));
-+ #la $out,0x40($out));
-+ #lhi %r0,10);
-+ #&{$z? \&aghi:\&ahi} $len,-0x40);
-+ #jne .Loop_outer_4x);
-+
-+LABEL (".Ldone_4x");
-+if (!$z) {
-+ ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)");
-+ ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)");
-+} else {
-+ ld ("%f8","$stdframe+8*0($sp)");
-+ ld ("%f9","$stdframe+8*1($sp)");
-+ ld ("%f10","$stdframe+8*2($sp)");
-+ ld ("%f11","$stdframe+8*3($sp)");
-+ ld ("%f12","$stdframe+8*4($sp)");
-+ ld ("%f13","$stdframe+8*5($sp)");
-+ ld ("%f14","$stdframe+8*6($sp)");
-+ ld ("%f15","$stdframe+8*7($sp)");
-+}
-+&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)");
-+ la ($sp,"$FRAME($sp)");
-+ br ("%r14");
-+
-+ALIGN (16);
-+LABEL (".Ltail_4x");
-+if (!$z) {
-+ vlr ($xt0,$xb0);
-+ ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)");
-+ ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)");
-+
-+ vst ($xa0,"$stdframe+0x00($sp)");
-+ vst ($xt0,"$stdframe+0x10($sp)");
-+ vst ($xc0,"$stdframe+0x20($sp)");
-+ vst ($xd0,"$stdframe+0x30($sp)");
-+} else {
-+ vlr ($xt0,$xc0);
-+ ld ("%f8","$stdframe+8*0($sp)");
-+ ld ("%f9","$stdframe+8*1($sp)");
-+ ld ("%f10","$stdframe+8*2($sp)");
-+ ld ("%f11","$stdframe+8*3($sp)");
-+ vlr ($xt1,$xd0);
-+ ld ("%f12","$stdframe+8*4($sp)");
-+ ld ("%f13","$stdframe+8*5($sp)");
-+ ld ("%f14","$stdframe+8*6($sp)");
-+ ld ("%f15","$stdframe+8*7($sp)");
-+
-+ vst ($xa0,"$stdframe+0x00($sp)");
-+ vst ($xb0,"$stdframe+0x10($sp)");
-+ vst ($xt0,"$stdframe+0x20($sp)");
-+ vst ($xt1,"$stdframe+0x30($sp)");
-+}
-+ lghi ("%r1",0);
-+
-+LABEL (".Loop_tail_4x");
-+ llgc ("%r5","0(%r1,$inp)");
-+ llgc ("%r6","$stdframe(%r1,$sp)");
-+ xr ("%r6","%r5");
-+ stc ("%r6","0(%r1,$out)");
-+ la ("%r1","1(%r1)");
-+ brct ($len,".Loop_tail_4x");
-+
-+&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)");
-+ la ($sp,"$FRAME($sp)");
-+ br ("%r14");
-+SIZE ("ChaCha20_ctr32_4x",".-ChaCha20_ctr32_4x");
-+}
-+
-+########################################################################
-+# 6x"horizontal" layout is optimal fit for the platform in its current
-+# shape, more specifically for given vector instructions' latency. Well,
-+# computational part of 8x"vertical" would be faster, but it consumes
-+# all registers and dealing with that will diminish the return...
-+#
-+{
-+my ($a0,$b0,$c0,$d0, $a1,$b1,$c1,$d1,
-+ $a2,$b2,$c2,$d2, $a3,$b3,$c3,$d3,
-+ $a4,$b4,$c4,$d4, $a5,$b5,$c5,$d5)=map("%v$_",(0..23));
-+my @K=map("%v$_",(27,24..26));
-+my ($t0,$t1,$t2,$t3)=map("%v$_",27..30);
-+my $beperm="%v31";
-+my $FRAME=$stdframe + 4*16;
-+
-+GLOBL ("ChaCha20_ctr32_vx");
-+ALIGN (32);
-+LABEL ("ChaCha20_ctr32_vx");
-+LABEL (".LChaCha20_ctr32_vx");
-+&{$z? \&clgfi:\&clfi} ($len,256);
-+ jle (".LChaCha20_ctr32_4x");
-+&{$z? \&stmg:\&stm} ("%r6","%r7","6*$SIZE_T($sp)");
-+if (!$z) {
-+ std ("%f4","16*$SIZE_T+2*8($sp)");
-+ std ("%f6","16*$SIZE_T+3*8($sp)");
-+}
-+&{$z? \&lghi:\&lhi} ("%r1",-$FRAME);
-+ lgr ("%r0",$sp);
-+ la ($sp,"0(%r1,$sp)");
-+&{$z? \&stg:\&st} ("%r0","0($sp)"); # back-chain
-+if ($z) {
-+ std ("%f8","$FRAME-8*8($sp)");
-+ std ("%f9","$FRAME-8*7($sp)");
-+ std ("%f10","$FRAME-8*6($sp)");
-+ std ("%f11","$FRAME-8*5($sp)");
-+ std ("%f12","$FRAME-8*4($sp)");
-+ std ("%f13","$FRAME-8*3($sp)");
-+ std ("%f14","$FRAME-8*2($sp)");
-+ std ("%f15","$FRAME-8*1($sp)");
-+}
-+ larl ("%r7",".Lsigma");
-+ lhi ("%r0",10);
-+
-+ vlm (@K[1],@K[2],"0($key)"); # load key
-+ vl (@K[3],"0($counter)"); # load counter
-+
-+ vlm (@K[0],"$beperm","0(%r7)"); # load sigma, increments, ...
-+
-+LABEL (".Loop_outer_vx");
-+ vlr ($a0,@K[0]);
-+ vlr ($b0,@K[1]);
-+ vlr ($a1,@K[0]);
-+ vlr ($b1,@K[1]);
-+ vlr ($a2,@K[0]);
-+ vlr ($b2,@K[1]);
-+ vlr ($a3,@K[0]);
-+ vlr ($b3,@K[1]);
-+ vlr ($a4,@K[0]);
-+ vlr ($b4,@K[1]);
-+ vlr ($a5,@K[0]);
-+ vlr ($b5,@K[1]);
-+
-+ vlr ($d0,@K[3]);
-+ vaf ($d1,@K[3],$t1); # K[3]+1
-+ vaf ($d2,@K[3],$t2); # K[3]+2
-+ vaf ($d3,@K[3],$t3); # K[3]+3
-+ vaf ($d4,$d2,$t2); # K[3]+4
-+ vaf ($d5,$d2,$t3); # K[3]+5
-+
-+ vlr ($c0,@K[2]);
-+ vlr ($c1,@K[2]);
-+ vlr ($c2,@K[2]);
-+ vlr ($c3,@K[2]);
-+ vlr ($c4,@K[2]);
-+ vlr ($c5,@K[2]);
-+
-+ vlr ($t1,$d1);
-+ vlr ($t2,$d2);
-+ vlr ($t3,$d3);
-+
-+ALIGN (4);
-+LABEL (".Loop_vx");
-+
-+ VX_ROUND($a0,$a1,$a2,$a3,$a4,$a5,
-+ $b0,$b1,$b2,$b3,$b4,$b5,
-+ $c0,$c1,$c2,$c3,$c4,$c5,
-+ $d0,$d1,$d2,$d3,$d4,$d5,
-+ 0);
-+
-+ VX_ROUND($a0,$a1,$a2,$a3,$a4,$a5,
-+ $b0,$b1,$b2,$b3,$b4,$b5,
-+ $c0,$c1,$c2,$c3,$c4,$c5,
-+ $d0,$d1,$d2,$d3,$d4,$d5,
-+ 1);
-+
-+ brct ("%r0",".Loop_vx");
-+
-+ vaf ($a0,$a0,@K[0]);
-+ vaf ($b0,$b0,@K[1]);
-+ vaf ($c0,$c0,@K[2]);
-+ vaf ($d0,$d0,@K[3]);
-+ vaf ($a1,$a1,@K[0]);
-+ vaf ($d1,$d1,$t1); # +K[3]+1
-+
-+ vperm ($a0,$a0,$a0,$beperm);
-+ vperm ($b0,$b0,$b0,$beperm);
-+ vperm ($c0,$c0,$c0,$beperm);
-+ vperm ($d0,$d0,$d0,$beperm);
-+
-+&{$z? \&clgfi:\&clfi} ($len,0x40);
-+ jl (".Ltail_vx");
-+
-+ vaf ($d2,$d2,$t2); # +K[3]+2
-+ vaf ($d3,$d3,$t3); # +K[3]+3
-+ vlm ($t0,$t3,"0($inp)");
-+
-+ vx ($a0,$a0,$t0);
-+ vx ($b0,$b0,$t1);
-+ vx ($c0,$c0,$t2);
-+ vx ($d0,$d0,$t3);
-+
-+ vlm (@K[0],$t3,"0(%r7)"); # re-load sigma and increments
-+
-+ vstm ($a0,$d0,"0($out)");
-+
-+ la ($inp,"0x40($inp)");
-+ la ($out,"0x40($out)");
-+&{$z? \&aghi:\&ahi} ($len,-0x40);
-+ je (".Ldone_vx");
-+
-+ vaf ($b1,$b1,@K[1]);
-+ vaf ($c1,$c1,@K[2]);
-+
-+ vperm ($a0,$a1,$a1,$beperm);
-+ vperm ($b0,$b1,$b1,$beperm);
-+ vperm ($c0,$c1,$c1,$beperm);
-+ vperm ($d0,$d1,$d1,$beperm);
-+
-+&{$z? \&clgfi:\&clfi} ($len,0x40);
-+ jl (".Ltail_vx");
-+
-+ vlm ($a1,$d1,"0($inp)");
-+
-+ vx ($a0,$a0,$a1);
-+ vx ($b0,$b0,$b1);
-+ vx ($c0,$c0,$c1);
-+ vx ($d0,$d0,$d1);
-+
-+ vstm ($a0,$d0,"0($out)");
-+
-+ la ($inp,"0x40($inp)");
-+ la ($out,"0x40($out)");
-+&{$z? \&aghi:\&ahi} ($len,-0x40);
-+ je (".Ldone_vx");
-+
-+ vaf ($a2,$a2,@K[0]);
-+ vaf ($b2,$b2,@K[1]);
-+ vaf ($c2,$c2,@K[2]);
-+
-+ vperm ($a0,$a2,$a2,$beperm);
-+ vperm ($b0,$b2,$b2,$beperm);
-+ vperm ($c0,$c2,$c2,$beperm);
-+ vperm ($d0,$d2,$d2,$beperm);
-+
-+&{$z? \&clgfi:\&clfi} ($len,0x40);
-+ jl (".Ltail_vx");
-+
-+ vlm ($a1,$d1,"0($inp)");
-+
-+ vx ($a0,$a0,$a1);
-+ vx ($b0,$b0,$b1);
-+ vx ($c0,$c0,$c1);
-+ vx ($d0,$d0,$d1);
-+
-+ vstm ($a0,$d0,"0($out)");
-+
-+ la ($inp,"0x40($inp)");
-+ la ($out,"0x40($out)");
-+&{$z? \&aghi:\&ahi} ($len,-0x40);
-+ je (".Ldone_vx");
-+
-+ vaf ($a3,$a3,@K[0]);
-+ vaf ($b3,$b3,@K[1]);
-+ vaf ($c3,$c3,@K[2]);
-+ vaf ($d2,@K[3],$t3); # K[3]+3
-+
-+ vperm ($a0,$a3,$a3,$beperm);
-+ vperm ($b0,$b3,$b3,$beperm);
-+ vperm ($c0,$c3,$c3,$beperm);
-+ vperm ($d0,$d3,$d3,$beperm);
-+
-+&{$z? \&clgfi:\&clfi} ($len,0x40);
-+ jl (".Ltail_vx");
-+
-+ vaf ($d3,$d2,$t1); # K[3]+4
-+ vlm ($a1,$d1,"0($inp)");
-+
-+ vx ($a0,$a0,$a1);
-+ vx ($b0,$b0,$b1);
-+ vx ($c0,$c0,$c1);
-+ vx ($d0,$d0,$d1);
-+
-+ vstm ($a0,$d0,"0($out)");
-+
-+ la ($inp,"0x40($inp)");
-+ la ($out,"0x40($out)");
-+&{$z? \&aghi:\&ahi} ($len,-0x40);
-+ je (".Ldone_vx");
-+
-+ vaf ($a4,$a4,@K[0]);
-+ vaf ($b4,$b4,@K[1]);
-+ vaf ($c4,$c4,@K[2]);
-+ vaf ($d4,$d4,$d3); # +K[3]+4
-+ vaf ($d3,$d3,$t1); # K[3]+5
-+ vaf (@K[3],$d2,$t3); # K[3]+=6
-+
-+ vperm ($a0,$a4,$a4,$beperm);
-+ vperm ($b0,$b4,$b4,$beperm);
-+ vperm ($c0,$c4,$c4,$beperm);
-+ vperm ($d0,$d4,$d4,$beperm);
-+
-+&{$z? \&clgfi:\&clfi} ($len,0x40);
-+ jl (".Ltail_vx");
-+
-+ vlm ($a1,$d1,"0($inp)");
-+
-+ vx ($a0,$a0,$a1);
-+ vx ($b0,$b0,$b1);
-+ vx ($c0,$c0,$c1);
-+ vx ($d0,$d0,$d1);
-+
-+ vstm ($a0,$d0,"0($out)");
-+
-+ la ($inp,"0x40($inp)");
-+ la ($out,"0x40($out)");
-+&{$z? \&aghi:\&ahi} ($len,-0x40);
-+ je (".Ldone_vx");
-+
-+ vaf ($a5,$a5,@K[0]);
-+ vaf ($b5,$b5,@K[1]);
-+ vaf ($c5,$c5,@K[2]);
-+ vaf ($d5,$d5,$d3); # +K[3]+5
-+
-+ vperm ($a0,$a5,$a5,$beperm);
-+ vperm ($b0,$b5,$b5,$beperm);
-+ vperm ($c0,$c5,$c5,$beperm);
-+ vperm ($d0,$d5,$d5,$beperm);
-+
-+&{$z? \&clgfi:\&clfi} ($len,0x40);
-+ jl (".Ltail_vx");
-+
-+ vlm ($a1,$d1,"0($inp)");
-+
-+ vx ($a0,$a0,$a1);
-+ vx ($b0,$b0,$b1);
-+ vx ($c0,$c0,$c1);
-+ vx ($d0,$d0,$d1);
-+
-+ vstm ($a0,$d0,"0($out)");
-+
-+ la ($inp,"0x40($inp)");
-+ la ($out,"0x40($out)");
-+ lhi ("%r0",10);
-+&{$z? \&aghi:\&ahi} ($len,-0x40);
-+ jne (".Loop_outer_vx");
-+
-+LABEL (".Ldone_vx");
-+if (!$z) {
-+ ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)");
-+ ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)");
-+} else {
-+ ld ("%f8","$FRAME-8*8($sp)");
-+ ld ("%f9","$FRAME-8*7($sp)");
-+ ld ("%f10","$FRAME-8*6($sp)");
-+ ld ("%f11","$FRAME-8*5($sp)");
-+ ld ("%f12","$FRAME-8*4($sp)");
-+ ld ("%f13","$FRAME-8*3($sp)");
-+ ld ("%f14","$FRAME-8*2($sp)");
-+ ld ("%f15","$FRAME-8*1($sp)");
-+}
-+&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)");
-+ la ($sp,"$FRAME($sp)");
-+ br ("%r14");
-+
-+ALIGN (16);
-+LABEL (".Ltail_vx");
-+if (!$z) {
-+ ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)");
-+ ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)");
-+} else {
-+ ld ("%f8","$FRAME-8*8($sp)");
-+ ld ("%f9","$FRAME-8*7($sp)");
-+ ld ("%f10","$FRAME-8*6($sp)");
-+ ld ("%f11","$FRAME-8*5($sp)");
-+ ld ("%f12","$FRAME-8*4($sp)");
-+ ld ("%f13","$FRAME-8*3($sp)");
-+ ld ("%f14","$FRAME-8*2($sp)");
-+ ld ("%f15","$FRAME-8*1($sp)");
-+}
-+ vstm ($a0,$d0,"$stdframe($sp)");
-+ lghi ("%r1",0);
-+
-+LABEL (".Loop_tail_vx");
-+ llgc ("%r5","0(%r1,$inp)");
-+ llgc ("%r6","$stdframe(%r1,$sp)");
-+ xr ("%r6","%r5");
-+ stc ("%r6","0(%r1,$out)");
-+ la ("%r1","1(%r1)");
-+ brct ($len,".Loop_tail_vx");
-+
-+&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)");
-+ la ($sp,"$FRAME($sp)");
-+ br ("%r14");
-+SIZE ("ChaCha20_ctr32_vx",".-ChaCha20_ctr32_vx");
-+}
-+################
-+
-+ALIGN (32);
-+LABEL (".Lsigma");
-+LONG (0x61707865,0x3320646e,0x79622d32,0x6b206574); # endian-neutral sigma
-+LONG (1,0,0,0);
-+LONG (2,0,0,0);
-+LONG (3,0,0,0);
-+LONG (0x03020100,0x07060504,0x0b0a0908,0x0f0e0d0c); # byte swap
-+
-+LONG (0,1,2,3);
-+LONG (0x61707865,0x61707865,0x61707865,0x61707865); # smashed sigma
-+LONG (0x3320646e,0x3320646e,0x3320646e,0x3320646e);
-+LONG (0x79622d32,0x79622d32,0x79622d32,0x79622d32);
-+LONG (0x6b206574,0x6b206574,0x6b206574,0x6b206574);
-+
-+ASCIZ ("\"ChaCha20 for s390x, CRYPTOGAMS by <appro\@openssl.org>\"");
-+ALIGN (4);
-+
-+PERLASM_END();
-diff -up openssl-1.1.1b/crypto/perlasm/s390x.pm.s390x-update openssl-1.1.1b/crypto/perlasm/s390x.pm
---- openssl-1.1.1b/crypto/perlasm/s390x.pm.s390x-update 2019-05-06 10:54:00.037367571 +0200
-+++ openssl-1.1.1b/crypto/perlasm/s390x.pm 2019-05-06 10:54:00.038367554 +0200
-@@ -0,0 +1,3060 @@
-+#!/usr/bin/env perl
-+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the OpenSSL license (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+# Copyright IBM Corp. 2018
-+# Author: Patrick Steuer <patrick.steuer@de.ibm.com>
-+
-+package perlasm::s390x;
-+
-+use strict;
-+use warnings;
-+use Carp qw(confess);
-+use Exporter qw(import);
-+
-+our @EXPORT=qw(PERLASM_BEGIN PERLASM_END);
-+our @EXPORT_OK=qw(AUTOLOAD LABEL INCLUDE stfle);
-+our %EXPORT_TAGS=(
-+ MSA => [qw(kmac km kmc kimd klmd)],
-+ MSA4 => [qw(kmf kmo pcc kmctr)],
-+ MSA5 => [qw(ppno prno)],
-+ MSA8 => [qw(kma)],
-+ VX => [qw(vgef vgeg vgbm vzero vone vgm vgmb vgmh vgmf vgmg
-+ vl vlr vlrep vlrepb vlreph vlrepf vlrepg vleb vleh vlef vleg vleib
-+ vleih vleif vleig vlgv vlgvb vlgvh vlgvf vlgvg vllez vllezb vllezh
-+ vllezf vllezg vlm vlbb vlvg vlvgb vlvgh vlvgf vlvgg vlvgp
-+ vll vmrh vmrhb vmrhh vmrhf vmrhg vmrl vmrlb vmrlh vmrlf vmrlg vpk
-+ vpkh vpkf vpkg vpks vpksh vpksf vpksg vpkshs vpksfs vpksgs vpkls
-+ vpklsh vpklsf vpklsg vpklshs vpklsfs vpklsgs vperm vpdi vrep vrepb
-+ vreph vrepf vrepg vrepi vrepib vrepih vrepif vrepig vscef vsceg
-+ vsel vseg vsegb vsegh vsegf vst vsteb vsteh vstef vsteg vstm vstl
-+ vuph vuphb vuphh vuphf vuplh vuplhb vuplhh vuplhf vupl vuplb vuplhw
-+ vuplf vupll vupllb vupllh vupllf va vab vah vaf vag vaq vacc vaccb
-+ vacch vaccf vaccg vaccq vac vacq vaccc vacccq vn vnc vavg vavgb
-+ vavgh vavgf vavgg vavgl vavglb vavglh vavglf vavglg vcksm vec_ vecb
-+ vech vecf vecg vecl veclb veclh veclf veclg vceq vceqb vceqh vceqf
-+ vceqg vceqbs vceqhs vceqfs vceqgs vch vchb vchh vchf vchg vchbs
-+ vchhs vchfs vchgs vchl vchlb vchlh vchlf vchlg vchlbs vchlhs vchlfs
-+ vchlgs vclz vclzb vclzh vclzf vclzg vctz vctzb vctzh vctzf vctzg
-+ vx vgfm vgfmb vgfmh vgfmf vgfmg vgfma vgfmab vgfmah vgfmaf vgfmag
-+ vlc vlcb vlch vlcf vlcg vlp vlpb vlph vlpf vlpg vmx vmxb vmxh vmxf
-+ vmxg vmxl vmxlb vmxlh vmxlf vmxlg vmn vmnb vmnh vmnf vmng vmnl
-+ vmnlb vmnlh vmnlf vmnlg vmal vmalb vmalhw vmalf vmah vmahb vmahh
-+ vmahf vmalh vmalhb vmalhh vmalhf vmae vmaeb vmaeh vmaef vmale
-+ vmaleb vmaleh vmalef vmao vmaob vmaoh vmaof vmalo vmalob vmaloh
-+ vmalof vmh vmhb vmhh vmhf vmlh vmlhb vmlhh vmlhf vml vmlb vmlhw
-+ vmlf vme vmeb vmeh vmef vmle vmleb vmleh vmlef vmo vmob vmoh vmof
-+ vmlo vmlob vmloh vmlof vno vnot vo vpopct verllv verllvb verllvh
-+ verllvf verllvg verll verllb verllh verllf verllg verim verimb
-+ verimh verimf verimg veslv veslvb veslvh veslvf veslvg vesl veslb
-+ veslh veslf veslg vesrav vesravb vesravh vesravf vesravg vesra
-+ vesrab vesrah vesraf vesrag vesrlv vesrlvb vesrlvh vesrlvf vesrlvg
-+ vesrl vesrlb vesrlh vesrlf vesrlg vsl vslb vsldb vsra vsrab vsrl
-+ vsrlb vs vsb vsh vsf vsg vsq vscbi vscbib vscbih vscbif vscbig
-+ vscbiq vsbi vsbiq vsbcbi vsbcbiq vsumg vsumgh vsumgf vsumq vsumqf
-+ vsumqg vsum vsumb vsumh vtm vfae vfaeb vfaeh vfaef vfaebs vfaehs
-+ vfaefs vfaezb vfaezh vfaezf vfaezbs vfaezhs vfaezfs vfee vfeeb
-+ vfeeh vfeef vfeebs vfeehs vfeefs vfeezb vfeezh vfeezf vfeezbs
-+ vfeezhs vfeezfs vfene vfeneb vfeneh vfenef vfenebs vfenehs vfenefs
-+ vfenezb vfenezh vfenezf vfenezbs vfenezhs vfenezfs vistr vistrb
-+ vistrh vistrf vistrbs vistrhs vistrfs vstrc vstrcb vstrch vstrcf
-+ vstrcbs vstrchs vstrcfs vstrczb vstrczh vstrczf vstrczbs vstrczhs
-+ vstrczfs vfa vfadb wfadb wfc wfcdb wfk wfkdb vfce vfcedb wfcedb
-+ vfcedbs wfcedbs vfch vfchdb wfchdb vfchdbs wfchdbs vfche vfchedb
-+ wfchedb vfchedbs wfchedbs vcdg vcdgb wcdgb vcdlg vcdlgb wcdlgb vcgd
-+ vcgdb wcgdb vclgd vclgdb wclgdb vfd vfddb wfddb vfi vfidb wfidb
-+ vlde vldeb wldeb vled vledb wledb vfm vfmdb wfmdb vfma vfmadb
-+ wfmadb vfms vfmsdb wfmsdb vfpso vfpsodb wfpsodb vflcdb wflcdb
-+ vflndb wflndb vflpdb wflpdb vfsq vfsqdb wfsqdb vfs vfsdb wfsdb
-+ vftci vftcidb wftcidb)],
-+ VXE => [qw(vbperm vllezlf vmsl vmslg vnx vnn voc vpopctb vpopcth
-+ vpopctf vpopctg vfasb wfasb wfaxb wfcsb wfcxb wfksb wfkxb vfcesb
-+ vfcesbs wfcesb wfcesbs wfcexb wfcexbs vfchsb vfchsbs wfchsb wfchsbs
-+ wfchxb wfchxbs vfchesb vfchesbs wfchesb wfchesbs wfchexb wfchexbs
-+ vfdsb wfdsb wfdxb vfisb wfisb wfixb vfll vflls wflls wflld vflr
-+ vflrd wflrd wflrx vfmax vfmaxsb vfmaxdb wfmaxsb wfmaxdb wfmaxxb
-+ vfmin vfminsb vfmindb wfminsb wfmindb wfminxb vfmsb wfmsb wfmxb
-+ vfnma vfnms vfmasb wfmasb wfmaxb vfmssb wfmssb wfmsxb vfnmasb
-+ vfnmadb wfnmasb wfnmadb wfnmaxb vfnmssb vfnmsdb wfnmssb wfnmsdb
-+ wfnmsxb vfpsosb wfpsosb vflcsb wflcsb vflnsb wflnsb vflpsb wflpsb
-+ vfpsoxb wfpsoxb vflcxb wflcxb vflnxb wflnxb vflpxb wflpxb vfsqsb
-+ wfsqsb wfsqxb vfssb wfssb wfsxb vftcisb wftcisb wftcixb)],
-+ VXD => [qw(vlrlr vlrl vstrlr vstrl vap vcp vcvb vcvbg vcvd vcvdg vdp
-+ vlip vmp vmsp vpkz vpsop vrp vsdp vsrp vsp vtp vupkz)],
-+);
-+Exporter::export_ok_tags(qw(MSA MSA4 MSA5 MSA8 VX VXE VXD));
-+
-+our $AUTOLOAD;
-+
-+my $GR='(?:%r)?([0-9]|1[0-5])';
-+my $VR='(?:%v)?([0-9]|1[0-9]|2[0-9]|3[0-1])';
-+
-+my ($file,$out);
-+
-+sub PERLASM_BEGIN
-+{
-+ ($file,$out)=(shift,"");
-+}
-+sub PERLASM_END
-+{
-+ if (defined($file)) {
-+ open(my $fd,'>',$file)||die("can't open $file: $!");
-+ print({$fd}$out);
-+ close($fd);
-+ } else {
-+ print($out);
-+ }
-+}
-+
-+sub AUTOLOAD {
-+ confess(err("PARSE")) if (grep(!defined($_),@_));
-+ my $token;
-+ for ($AUTOLOAD) {
-+ $token=".$1" if (/^.*::([A-Z_]+)$/); # uppercase: directive
-+ $token="\t$1" if (/^.*::([a-z]+)$/); # lowercase: mnemonic
-+ confess(err("PARSE")) if (!defined($token));
-+ }
-+ $token.="\t" if ($#_>=0);
-+ $out.=$token.join(',',@_)."\n";
-+}
-+
-+sub LABEL { # label directive
-+ confess(err("ARGNUM")) if ($#_!=0);
-+ my ($label)=@_;
-+ $out.="$label:\n";
-+}
-+
-+sub INCLUDE {
-+ confess(err("ARGNUM")) if ($#_!=0);
-+ my ($file)=@_;
-+ $out.="#include \"$file\"\n";
-+}
-+
-+#
-+# Mnemonics
-+#
-+
-+sub stfle {
-+ confess(err("ARGNUM")) if ($#_!=0);
-+ S(0xb2b0,@_);
-+}
-+
-+# MSA
-+
-+sub kmac {
-+ confess(err("ARGNUM")) if ($#_!=1);
-+ RRE(0xb91e,@_);
-+}
-+
-+sub km {
-+ confess(err("ARGNUM")) if ($#_!=1);
-+ RRE(0xb92e,@_);
-+}
-+
-+sub kmc {
-+ confess(err("ARGNUM")) if ($#_!=1);
-+ RRE(0xb92f,@_);
-+}
-+
-+sub kimd {
-+ confess(err("ARGNUM")) if ($#_!=1);
-+ RRE(0xb93e,@_);
-+}
-+
-+sub klmd {
-+ confess(err("ARGNUM")) if ($#_!=1);
-+ RRE(0xb93f,@_);
-+}
-+
-+# MSA4
-+
-+sub kmf {
-+ confess(err("ARGNUM")) if ($#_!=1);
-+ RRE(0xb92a,@_);
-+}
-+
-+sub kmo {
-+ confess(err("ARGNUM")) if ($#_!=1);
-+ RRE(0xb92b,@_);
-+}
-+
-+sub pcc {
-+ confess(err("ARGNUM")) if ($#_!=-1);
-+ RRE(0xb92c,@_);
-+}
-+
-+sub kmctr {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ RRFb(0xb92d,@_);
-+}
-+
-+# MSA5
-+
-+sub prno {
-+ ppno(@_);
-+}
-+
-+sub ppno { # deprecated, use prno
-+ confess(err("ARGNUM")) if ($#_!=1);
-+ RRE(0xb93c,@_);
-+}
-+
-+# MSA8
-+
-+sub kma {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ RRFb(0xb929,@_);
-+}
-+
-+# VX - Support Instructions
-+
-+sub vgef {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRV(0xe713,@_);
-+}
-+sub vgeg {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRV(0xe712,@_);
-+}
-+
-+sub vgbm {
-+ confess(err("ARGNUM")) if ($#_!=1);
-+ VRIa(0xe744,@_);
-+}
-+sub vzero {
-+ vgbm(@_,0);
-+}
-+sub vone {
-+ vgbm(@_,0xffff);
-+}
-+
-+sub vgm {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRIb(0xe746,@_);
-+}
-+sub vgmb {
-+ vgm(@_,0);
-+}
-+sub vgmh {
-+ vgm(@_,1);
-+}
-+sub vgmf {
-+ vgm(@_,2);
-+}
-+sub vgmg {
-+ vgm(@_,3);
-+}
-+
-+sub vl {
-+ confess(err("ARGNUM")) if ($#_<1||$#_>2);
-+ VRX(0xe706,@_);
-+}
-+
-+sub vlr {
-+ confess(err("ARGNUM")) if ($#_!=1);
-+ VRRa(0xe756,@_);
-+}
-+
-+sub vlrep {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRX(0xe705,@_);
-+}
-+sub vlrepb {
-+ vlrep(@_,0);
-+}
-+sub vlreph {
-+ vlrep(@_,1);
-+}
-+sub vlrepf {
-+ vlrep(@_,2);
-+}
-+sub vlrepg {
-+ vlrep(@_,3);
-+}
-+
-+sub vleb {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRX(0xe700,@_);
-+}
-+sub vleh {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRX(0xe701,@_);
-+}
-+sub vlef {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRX(0xe703,@_);
-+}
-+sub vleg {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRX(0xe702,@_);
-+}
-+
-+sub vleib {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRIa(0xe740,@_);
-+}
-+sub vleih {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRIa(0xe741,@_);
-+}
-+sub vleif {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRIa(0xe743,@_);
-+}
-+sub vleig {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRIa(0xe742,@_);
-+}
-+
-+sub vlgv {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRSc(0xe721,@_);
-+}
-+sub vlgvb {
-+ vlgv(@_,0);
-+}
-+sub vlgvh {
-+ vlgv(@_,1);
-+}
-+sub vlgvf {
-+ vlgv(@_,2);
-+}
-+sub vlgvg {
-+ vlgv(@_,3);
-+}
-+
-+sub vllez {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRX(0xe704,@_);
-+}
-+sub vllezb {
-+ vllez(@_,0);
-+}
-+sub vllezh {
-+ vllez(@_,1);
-+}
-+sub vllezf {
-+ vllez(@_,2);
-+}
-+sub vllezg {
-+ vllez(@_,3);
-+}
-+
-+sub vlm {
-+ confess(err("ARGNUM")) if ($#_<2||$#_>3);
-+ VRSa(0xe736,@_);
-+}
-+
-+sub vlbb {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRX(0xe707,@_);
-+}
-+
-+sub vlvg {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRSb(0xe722,@_);
-+}
-+sub vlvgb {
-+ vlvg(@_,0);
-+}
-+sub vlvgh {
-+ vlvg(@_,1);
-+}
-+sub vlvgf {
-+ vlvg(@_,2);
-+}
-+sub vlvgg {
-+ vlvg(@_,3);
-+}
-+
-+sub vlvgp {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRf(0xe762,@_);
-+}
-+
-+sub vll {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRSb(0xe737,@_);
-+}
-+
-+sub vmrh {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe761,@_);
-+}
-+sub vmrhb {
-+ vmrh(@_,0);
-+}
-+sub vmrhh {
-+ vmrh(@_,1);
-+}
-+sub vmrhf {
-+ vmrh(@_,2);
-+}
-+sub vmrhg {
-+ vmrh(@_,3);
-+}
-+
-+sub vmrl {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe760,@_);
-+}
-+sub vmrlb {
-+ vmrl(@_,0);
-+}
-+sub vmrlh {
-+ vmrl(@_,1);
-+}
-+sub vmrlf {
-+ vmrl(@_,2);
-+}
-+sub vmrlg {
-+ vmrl(@_,3);
-+}
-+
-+sub vpk {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe794,@_);
-+}
-+sub vpkh {
-+ vpk(@_,1);
-+}
-+sub vpkf {
-+ vpk(@_,2);
-+}
-+sub vpkg {
-+ vpk(@_,3);
-+}
-+
-+sub vpks {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRb(0xe797,@_);
-+}
-+sub vpksh {
-+ vpks(@_,1,0);
-+}
-+sub vpksf {
-+ vpks(@_,2,0);
-+}
-+sub vpksg {
-+ vpks(@_,3,0);
-+}
-+sub vpkshs {
-+ vpks(@_,1,1);
-+}
-+sub vpksfs {
-+ vpks(@_,2,1);
-+}
-+sub vpksgs {
-+ vpks(@_,3,1);
-+}
-+
-+sub vpkls {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRb(0xe795,@_);
-+}
-+sub vpklsh {
-+ vpkls(@_,1,0);
-+}
-+sub vpklsf {
-+ vpkls(@_,2,0);
-+}
-+sub vpklsg {
-+ vpkls(@_,3,0);
-+}
-+sub vpklshs {
-+ vpkls(@_,1,1);
-+}
-+sub vpklsfs {
-+ vpkls(@_,2,1);
-+}
-+sub vpklsgs {
-+ vpkls(@_,3,1);
-+}
-+
-+sub vperm {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRe(0xe78c,@_);
-+}
-+
-+sub vpdi {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe784,@_);
-+}
-+
-+sub vrep {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRIc(0xe74d,@_);
-+}
-+sub vrepb {
-+ vrep(@_,0);
-+}
-+sub vreph {
-+ vrep(@_,1);
-+}
-+sub vrepf {
-+ vrep(@_,2);
-+}
-+sub vrepg {
-+ vrep(@_,3);
-+}
-+
-+sub vrepi {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRIa(0xe745,@_);
-+}
-+sub vrepib {
-+ vrepi(@_,0);
-+}
-+sub vrepih {
-+ vrepi(@_,1);
-+}
-+sub vrepif {
-+ vrepi(@_,2);
-+}
-+sub vrepig {
-+ vrepi(@_,3);
-+}
-+
-+sub vscef {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRV(0xe71b,@_);
-+}
-+sub vsceg {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRV(0xe71a,@_);
-+}
-+
-+sub vsel {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRe(0xe78d,@_);
-+}
-+
-+sub vseg {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRa(0xe75f,@_);
-+}
-+sub vsegb {
-+ vseg(@_,0);
-+}
-+sub vsegh {
-+ vseg(@_,1);
-+}
-+sub vsegf {
-+ vseg(@_,2);
-+}
-+
-+sub vst {
-+ confess(err("ARGNUM")) if ($#_<1||$#_>2);
-+ VRX(0xe70e,@_);
-+}
-+
-+sub vsteb {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRX(0xe708,@_);
-+}
-+sub vsteh {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRX(0xe709,@_);
-+}
-+sub vstef {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRX(0xe70b,@_);
-+}
-+sub vsteg {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRX(0xe70a,@_);
-+}
-+
-+sub vstm {
-+ confess(err("ARGNUM")) if ($#_<2||$#_>3);
-+ VRSa(0xe73e,@_);
-+}
-+
-+sub vstl {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRSb(0xe73f,@_);
-+}
-+
-+sub vuph {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRa(0xe7d7,@_);
-+}
-+sub vuphb {
-+ vuph(@_,0);
-+}
-+sub vuphh {
-+ vuph(@_,1);
-+}
-+sub vuphf {
-+ vuph(@_,2);
-+}
-+
-+sub vuplh {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRa(0xe7d5,@_);
-+}
-+sub vuplhb {
-+ vuplh(@_,0);
-+}
-+sub vuplhh {
-+ vuplh(@_,1);
-+}
-+sub vuplhf {
-+ vuplh(@_,2);
-+}
-+
-+sub vupl {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRa(0xe7d6,@_);
-+}
-+sub vuplb {
-+ vupl(@_,0);
-+}
-+sub vuplhw {
-+ vupl(@_,1);
-+}
-+sub vuplf {
-+ vupl(@_,2);
-+}
-+
-+sub vupll {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRa(0xe7d4,@_);
-+}
-+sub vupllb {
-+ vupll(@_,0);
-+}
-+sub vupllh {
-+ vupll(@_,1);
-+}
-+sub vupllf {
-+ vupll(@_,2);
-+}
-+
-+# VX - Integer Instructions
-+
-+sub va {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7f3,@_);
-+}
-+sub vab {
-+ va(@_,0);
-+}
-+sub vah {
-+ va(@_,1);
-+}
-+sub vaf {
-+ va(@_,2);
-+}
-+sub vag {
-+ va(@_,3);
-+}
-+sub vaq {
-+ va(@_,4);
-+}
-+
-+sub vacc {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7f1,@_);
-+}
-+sub vaccb {
-+ vacc(@_,0);
-+}
-+sub vacch {
-+ vacc(@_,1);
-+}
-+sub vaccf {
-+ vacc(@_,2);
-+}
-+sub vaccg {
-+ vacc(@_,3);
-+}
-+sub vaccq {
-+ vacc(@_,4);
-+}
-+
-+sub vac {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRd(0xe7bb,@_);
-+}
-+sub vacq {
-+ vac(@_,4);
-+}
-+
-+sub vaccc {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRd(0xe7b9,@_);
-+}
-+sub vacccq {
-+ vaccc(@_,4);
-+}
-+
-+sub vn {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRc(0xe768,@_);
-+}
-+
-+sub vnc {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRc(0xe769,@_);
-+}
-+
-+sub vavg {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7f2,@_);
-+}
-+sub vavgb {
-+ vavg(@_,0);
-+}
-+sub vavgh {
-+ vavg(@_,1);
-+}
-+sub vavgf {
-+ vavg(@_,2);
-+}
-+sub vavgg {
-+ vavg(@_,3);
-+}
-+
-+sub vavgl {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7f0,@_);
-+}
-+sub vavglb {
-+ vavgl(@_,0);
-+}
-+sub vavglh {
-+ vavgl(@_,1);
-+}
-+sub vavglf {
-+ vavgl(@_,2);
-+}
-+sub vavglg {
-+ vavgl(@_,3);
-+}
-+
-+sub vcksm {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRc(0xe766,@_);
-+}
-+
-+sub vec_ {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRa(0xe7db,@_);
-+}
-+sub vecb {
-+ vec_(@_,0);
-+}
-+sub vech {
-+ vec_(@_,1);
-+}
-+sub vecf {
-+ vec_(@_,2);
-+}
-+sub vecg {
-+ vec_(@_,3);
-+}
-+
-+sub vecl {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRa(0xe7d9,@_);
-+}
-+sub veclb {
-+ vecl(@_,0);
-+}
-+sub veclh {
-+ vecl(@_,1);
-+}
-+sub veclf {
-+ vecl(@_,2);
-+}
-+sub veclg {
-+ vecl(@_,3);
-+}
-+
-+sub vceq {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRb(0xe7f8,@_);
-+}
-+sub vceqb {
-+ vceq(@_,0,0);
-+}
-+sub vceqh {
-+ vceq(@_,1,0);
-+}
-+sub vceqf {
-+ vceq(@_,2,0);
-+}
-+sub vceqg {
-+ vceq(@_,3,0);
-+}
-+sub vceqbs {
-+ vceq(@_,0,1);
-+}
-+sub vceqhs {
-+ vceq(@_,1,1);
-+}
-+sub vceqfs {
-+ vceq(@_,2,1);
-+}
-+sub vceqgs {
-+ vceq(@_,3,1);
-+}
-+
-+sub vch {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRb(0xe7fb,@_);
-+}
-+sub vchb {
-+ vch(@_,0,0);
-+}
-+sub vchh {
-+ vch(@_,1,0);
-+}
-+sub vchf {
-+ vch(@_,2,0);
-+}
-+sub vchg {
-+ vch(@_,3,0);
-+}
-+sub vchbs {
-+ vch(@_,0,1);
-+}
-+sub vchhs {
-+ vch(@_,1,1);
-+}
-+sub vchfs {
-+ vch(@_,2,1);
-+}
-+sub vchgs {
-+ vch(@_,3,1);
-+}
-+
-+sub vchl {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRb(0xe7f9,@_);
-+}
-+sub vchlb {
-+ vchl(@_,0,0);
-+}
-+sub vchlh {
-+ vchl(@_,1,0);
-+}
-+sub vchlf {
-+ vchl(@_,2,0);
-+}
-+sub vchlg {
-+ vchl(@_,3,0);
-+}
-+sub vchlbs {
-+ vchl(@_,0,1);
-+}
-+sub vchlhs {
-+ vchl(@_,1,1);
-+}
-+sub vchlfs {
-+ vchl(@_,2,1);
-+}
-+sub vchlgs {
-+ vchl(@_,3,1);
-+}
-+
-+sub vclz {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRa(0xe753,@_);
-+}
-+sub vclzb {
-+ vclz(@_,0);
-+}
-+sub vclzh {
-+ vclz(@_,1);
-+}
-+sub vclzf {
-+ vclz(@_,2);
-+}
-+sub vclzg {
-+ vclz(@_,3);
-+}
-+
-+sub vctz {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRa(0xe752,@_);
-+}
-+sub vctzb {
-+ vctz(@_,0);
-+}
-+sub vctzh {
-+ vctz(@_,1);
-+}
-+sub vctzf {
-+ vctz(@_,2);
-+}
-+sub vctzg {
-+ vctz(@_,3);
-+}
-+
-+sub vx {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRc(0xe76d,@_);
-+}
-+
-+sub vgfm {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7b4,@_);
-+}
-+sub vgfmb {
-+ vgfm(@_,0);
-+}
-+sub vgfmh {
-+ vgfm(@_,1);
-+}
-+sub vgfmf {
-+ vgfm(@_,2);
-+}
-+sub vgfmg {
-+ vgfm(@_,3);
-+}
-+
-+sub vgfma {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRd(0xe7bc,@_);
-+}
-+sub vgfmab {
-+ vgfma(@_,0);
-+}
-+sub vgfmah {
-+ vgfma(@_,1);
-+}
-+sub vgfmaf {
-+ vgfma(@_,2);
-+}
-+sub vgfmag {
-+ vgfma(@_,3);
-+}
-+
-+sub vlc {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRa(0xe7de,@_);
-+}
-+sub vlcb {
-+ vlc(@_,0);
-+}
-+sub vlch {
-+ vlc(@_,1);
-+}
-+sub vlcf {
-+ vlc(@_,2);
-+}
-+sub vlcg {
-+ vlc(@_,3);
-+}
-+
-+sub vlp {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRa(0xe7df,@_);
-+}
-+sub vlpb {
-+ vlp(@_,0);
-+}
-+sub vlph {
-+ vlp(@_,1);
-+}
-+sub vlpf {
-+ vlp(@_,2);
-+}
-+sub vlpg {
-+ vlp(@_,3);
-+}
-+
-+sub vmx {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7ff,@_);
-+}
-+sub vmxb {
-+ vmx(@_,0);
-+}
-+sub vmxh {
-+ vmx(@_,1);
-+}
-+sub vmxf {
-+ vmx(@_,2);
-+}
-+sub vmxg {
-+ vmx(@_,3);
-+}
-+
-+sub vmxl {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7fd,@_);
-+}
-+sub vmxlb {
-+ vmxl(@_,0);
-+}
-+sub vmxlh {
-+ vmxl(@_,1);
-+}
-+sub vmxlf {
-+ vmxl(@_,2);
-+}
-+sub vmxlg {
-+ vmxl(@_,3);
-+}
-+
-+sub vmn {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7fe,@_);
-+}
-+sub vmnb {
-+ vmn(@_,0);
-+}
-+sub vmnh {
-+ vmn(@_,1);
-+}
-+sub vmnf {
-+ vmn(@_,2);
-+}
-+sub vmng {
-+ vmn(@_,3);
-+}
-+
-+sub vmnl {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7fc,@_);
-+}
-+sub vmnlb {
-+ vmnl(@_,0);
-+}
-+sub vmnlh {
-+ vmnl(@_,1);
-+}
-+sub vmnlf {
-+ vmnl(@_,2);
-+}
-+sub vmnlg {
-+ vmnl(@_,3);
-+}
-+
-+sub vmal {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRd(0xe7aa,@_);
-+}
-+sub vmalb {
-+ vmal(@_,0);
-+}
-+sub vmalhw {
-+ vmal(@_,1);
-+}
-+sub vmalf {
-+ vmal(@_,2);
-+}
-+
-+sub vmah {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRd(0xe7ab,@_);
-+}
-+sub vmahb {
-+ vmah(@_,0);
-+}
-+sub vmahh {
-+ vmah(@_,1);
-+}
-+sub vmahf {
-+ vmah(@_,2);
-+}
-+
-+sub vmalh {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRd(0xe7a9,@_);
-+}
-+sub vmalhb {
-+ vmalh(@_,0);
-+}
-+sub vmalhh {
-+ vmalh(@_,1);
-+}
-+sub vmalhf {
-+ vmalh(@_,2);
-+}
-+
-+sub vmae {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRd(0xe7ae,@_);
-+}
-+sub vmaeb {
-+ vmae(@_,0);
-+}
-+sub vmaeh {
-+ vmae(@_,1);
-+}
-+sub vmaef {
-+ vmae(@_,2);
-+}
-+
-+sub vmale {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRd(0xe7ac,@_);
-+}
-+sub vmaleb {
-+ vmale(@_,0);
-+}
-+sub vmaleh {
-+ vmale(@_,1);
-+}
-+sub vmalef {
-+ vmale(@_,2);
-+}
-+
-+sub vmao {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRd(0xe7af,@_);
-+}
-+sub vmaob {
-+ vmao(@_,0);
-+}
-+sub vmaoh {
-+ vmao(@_,1);
-+}
-+sub vmaof {
-+ vmao(@_,2);
-+}
-+
-+sub vmalo {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRd(0xe7ad,@_);
-+}
-+sub vmalob {
-+ vmalo(@_,0);
-+}
-+sub vmaloh {
-+ vmalo(@_,1);
-+}
-+sub vmalof {
-+ vmalo(@_,2);
-+}
-+
-+sub vmh {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7a3,@_);
-+}
-+sub vmhb {
-+ vmh(@_,0);
-+}
-+sub vmhh {
-+ vmh(@_,1);
-+}
-+sub vmhf {
-+ vmh(@_,2);
-+}
-+
-+sub vmlh {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7a1,@_);
-+}
-+sub vmlhb {
-+ vmlh(@_,0);
-+}
-+sub vmlhh {
-+ vmlh(@_,1);
-+}
-+sub vmlhf {
-+ vmlh(@_,2);
-+}
-+
-+sub vml {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7a2,@_);
-+}
-+sub vmlb {
-+ vml(@_,0);
-+}
-+sub vmlhw {
-+ vml(@_,1);
-+}
-+sub vmlf {
-+ vml(@_,2);
-+}
-+
-+sub vme {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7a6,@_);
-+}
-+sub vmeb {
-+ vme(@_,0);
-+}
-+sub vmeh {
-+ vme(@_,1);
-+}
-+sub vmef {
-+ vme(@_,2);
-+}
-+
-+sub vmle {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7a4,@_);
-+}
-+sub vmleb {
-+ vmle(@_,0);
-+}
-+sub vmleh {
-+ vmle(@_,1);
-+}
-+sub vmlef {
-+ vmle(@_,2);
-+}
-+
-+sub vmo {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7a7,@_);
-+}
-+sub vmob {
-+ vmo(@_,0);
-+}
-+sub vmoh {
-+ vmo(@_,1);
-+}
-+sub vmof {
-+ vmo(@_,2);
-+}
-+
-+sub vmlo {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7a5,@_);
-+}
-+sub vmlob {
-+ vmlo(@_,0);
-+}
-+sub vmloh {
-+ vmlo(@_,1);
-+}
-+sub vmlof {
-+ vmlo(@_,2);
-+}
-+
-+sub vno {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRc(0xe76b,@_);
-+}
-+sub vnot {
-+ vno(@_,$_[1]);
-+}
-+
-+sub vo {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRc(0xe76a,@_);
-+}
-+
-+sub vpopct {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRa(0xe750,@_);
-+}
-+
-+sub verllv {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe773,@_);
-+}
-+sub verllvb {
-+ verllv(@_,0);
-+}
-+sub verllvh {
-+ verllv(@_,1);
-+}
-+sub verllvf {
-+ verllv(@_,2);
-+}
-+sub verllvg {
-+ verllv(@_,3);
-+}
-+
-+sub verll {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRSa(0xe733,@_);
-+}
-+sub verllb {
-+ verll(@_,0);
-+}
-+sub verllh {
-+ verll(@_,1);
-+}
-+sub verllf {
-+ verll(@_,2);
-+}
-+sub verllg {
-+ verll(@_,3);
-+}
-+
-+sub verim {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRId(0xe772,@_);
-+}
-+sub verimb {
-+ verim(@_,0);
-+}
-+sub verimh {
-+ verim(@_,1);
-+}
-+sub verimf {
-+ verim(@_,2);
-+}
-+sub verimg {
-+ verim(@_,3);
-+}
-+
-+sub veslv {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe770,@_);
-+}
-+sub veslvb {
-+ veslv(@_,0);
-+}
-+sub veslvh {
-+ veslv(@_,1);
-+}
-+sub veslvf {
-+ veslv(@_,2);
-+}
-+sub veslvg {
-+ veslv(@_,3);
-+}
-+
-+sub vesl {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRSa(0xe730,@_);
-+}
-+sub veslb {
-+ vesl(@_,0);
-+}
-+sub veslh {
-+ vesl(@_,1);
-+}
-+sub veslf {
-+ vesl(@_,2);
-+}
-+sub veslg {
-+ vesl(@_,3);
-+}
-+
-+sub vesrav {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe77a,@_);
-+}
-+sub vesravb {
-+ vesrav(@_,0);
-+}
-+sub vesravh {
-+ vesrav(@_,1);
-+}
-+sub vesravf {
-+ vesrav(@_,2);
-+}
-+sub vesravg {
-+ vesrav(@_,3);
-+}
-+
-+sub vesra {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRSa(0xe73a,@_);
-+}
-+sub vesrab {
-+ vesra(@_,0);
-+}
-+sub vesrah {
-+ vesra(@_,1);
-+}
-+sub vesraf {
-+ vesra(@_,2);
-+}
-+sub vesrag {
-+ vesra(@_,3);
-+}
-+
-+sub vesrlv {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe778,@_);
-+}
-+sub vesrlvb {
-+ vesrlv(@_,0);
-+}
-+sub vesrlvh {
-+ vesrlv(@_,1);
-+}
-+sub vesrlvf {
-+ vesrlv(@_,2);
-+}
-+sub vesrlvg {
-+ vesrlv(@_,3);
-+}
-+
-+sub vesrl {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRSa(0xe738,@_);
-+}
-+sub vesrlb {
-+ vesrl(@_,0);
-+}
-+sub vesrlh {
-+ vesrl(@_,1);
-+}
-+sub vesrlf {
-+ vesrl(@_,2);
-+}
-+sub vesrlg {
-+ vesrl(@_,3);
-+}
-+
-+sub vsl {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRc(0xe774,@_);
-+}
-+
-+sub vslb {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRc(0xe775,@_);
-+}
-+
-+sub vsldb {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRId(0xe777,@_);
-+}
-+
-+sub vsra {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRc(0xe77e,@_);
-+}
-+
-+sub vsrab {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRc(0xe77f,@_);
-+}
-+
-+sub vsrl {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRc(0xe77c,@_);
-+}
-+
-+sub vsrlb {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRc(0xe77d,@_);
-+}
-+
-+sub vs {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7f7,@_);
-+}
-+sub vsb {
-+ vs(@_,0);
-+}
-+sub vsh {
-+ vs(@_,1);
-+}
-+sub vsf {
-+ vs(@_,2);
-+}
-+sub vsg {
-+ vs(@_,3);
-+}
-+sub vsq {
-+ vs(@_,4);
-+}
-+
-+sub vscbi {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe7f5,@_);
-+}
-+sub vscbib {
-+ vscbi(@_,0);
-+}
-+sub vscbih {
-+ vscbi(@_,1);
-+}
-+sub vscbif {
-+ vscbi(@_,2);
-+}
-+sub vscbig {
-+ vscbi(@_,3);
-+}
-+sub vscbiq {
-+ vscbi(@_,4);
-+}
-+
-+sub vsbi {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRd(0xe7bf,@_);
-+}
-+sub vsbiq {
-+ vsbi(@_,4);
-+}
-+
-+sub vsbcbi {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRd(0xe7bd,@_);
-+}
-+sub vsbcbiq {
-+ vsbcbi(@_,4);
-+}
-+
-+sub vsumg {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe765,@_);
-+}
-+sub vsumgh {
-+ vsumg(@_,1);
-+}
-+sub vsumgf {
-+ vsumg(@_,2);
-+}
-+
-+sub vsumq {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe767,@_);
-+}
-+sub vsumqf {
-+ vsumq(@_,2);
-+}
-+sub vsumqg {
-+ vsumq(@_,3);
-+}
-+
-+sub vsum {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRc(0xe764,@_);
-+}
-+sub vsumb {
-+ vsum(@_,0);
-+}
-+sub vsumh {
-+ vsum(@_,1);
-+}
-+
-+sub vtm {
-+ confess(err("ARGNUM")) if ($#_!=1);
-+ VRRa(0xe7d8,@_);
-+}
-+
-+# VX - String Instructions
-+
-+sub vfae {
-+ confess(err("ARGNUM")) if ($#_<3||$#_>4);
-+ VRRb(0xe782,@_);
-+}
-+sub vfaeb {
-+ vfae(@_[0..2],0,$_[3]);
-+}
-+sub vfaeh {
-+ vfae(@_[0..2],1,$_[3]);
-+}
-+sub vfaef {
-+ vfae(@_[0..2],2,$_[3]);
-+}
-+sub vfaebs {
-+ $_[3]=0 if (!defined($_[3]));
-+ vfae(@_[0..2],0,0x1|$_[3]);
-+}
-+sub vfaehs {
-+ $_[3]=0 if (!defined($_[3]));
-+ vfae(@_[0..2],1,0x1|$_[3]);
-+}
-+sub vfaefs {
-+ $_[3]=0 if (!defined($_[3]));
-+ vfae(@_[0..2],2,0x1|$_[3]);
-+}
-+sub vfaezb {
-+ $_[3]=0 if (!defined($_[3]));
-+ vfae(@_[0..2],0,0x2|$_[3]);
-+}
-+sub vfaezh {
-+ $_[3]=0 if (!defined($_[3]));
-+ vfae(@_[0..2],1,0x2|$_[3]);
-+}
-+sub vfaezf {
-+ $_[3]=0 if (!defined($_[3]));
-+ vfae(@_[0..2],2,0x2|$_[3]);
-+}
-+sub vfaezbs {
-+ $_[3]=0 if (!defined($_[3]));
-+ vfae(@_[0..2],0,0x3|$_[3]);
-+}
-+sub vfaezhs {
-+ $_[3]=0 if (!defined($_[3]));
-+ vfae(@_[0..2],1,0x3|$_[3]);
-+}
-+sub vfaezfs {
-+ $_[3]=0 if (!defined($_[3]));
-+ vfae(@_[0..2],2,0x3|$_[3]);
-+}
-+
-+sub vfee {
-+ confess(err("ARGNUM")) if ($#_<3||$#_>4);
-+ VRRb(0xe780,@_);
-+}
-+sub vfeeb {
-+ vfee(@_[0..2],0,$_[3]);
-+}
-+sub vfeeh {
-+ vfee(@_[0..2],1,$_[3]);
-+}
-+sub vfeef {
-+ vfee(@_[0..2],2,$_[3]);
-+}
-+sub vfeebs {
-+ vfee(@_,0,1);
-+}
-+sub vfeehs {
-+ vfee(@_,1,1);
-+}
-+sub vfeefs {
-+ vfee(@_,2,1);
-+}
-+sub vfeezb {
-+ vfee(@_,0,2);
-+}
-+sub vfeezh {
-+ vfee(@_,1,2);
-+}
-+sub vfeezf {
-+ vfee(@_,2,2);
-+}
-+sub vfeezbs {
-+ vfee(@_,0,3);
-+}
-+sub vfeezhs {
-+ vfee(@_,1,3);
-+}
-+sub vfeezfs {
-+ vfee(@_,2,3);
-+}
-+
-+sub vfene {
-+ confess(err("ARGNUM")) if ($#_<3||$#_>4);
-+ VRRb(0xe781,@_);
-+}
-+sub vfeneb {
-+ vfene(@_[0..2],0,$_[3]);
-+}
-+sub vfeneh {
-+ vfene(@_[0..2],1,$_[3]);
-+}
-+sub vfenef {
-+ vfene(@_[0..2],2,$_[3]);
-+}
-+sub vfenebs {
-+ vfene(@_,0,1);
-+}
-+sub vfenehs {
-+ vfene(@_,1,1);
-+}
-+sub vfenefs {
-+ vfene(@_,2,1);
-+}
-+sub vfenezb {
-+ vfene(@_,0,2);
-+}
-+sub vfenezh {
-+ vfene(@_,1,2);
-+}
-+sub vfenezf {
-+ vfene(@_,2,2);
-+}
-+sub vfenezbs {
-+ vfene(@_,0,3);
-+}
-+sub vfenezhs {
-+ vfene(@_,1,3);
-+}
-+sub vfenezfs {
-+ vfene(@_,2,3);
-+}
-+
-+sub vistr {
-+ confess(err("ARGNUM")) if ($#_<2||$#_>3);
-+ VRRa(0xe75c,@_[0..2],0,$_[3]);
-+}
-+sub vistrb {
-+ vistr(@_[0..1],0,$_[2]);
-+}
-+sub vistrh {
-+ vistr(@_[0..1],1,$_[2]);
-+}
-+sub vistrf {
-+ vistr(@_[0..1],2,$_[2]);
-+}
-+sub vistrbs {
-+ vistr(@_,0,1);
-+}
-+sub vistrhs {
-+ vistr(@_,1,1);
-+}
-+sub vistrfs {
-+ vistr(@_,2,1);
-+}
-+
-+sub vstrc {
-+ confess(err("ARGNUM")) if ($#_<4||$#_>5);
-+ VRRd(0xe78a,@_);
-+}
-+sub vstrcb {
-+ vstrc(@_[0..3],0,$_[4]);
-+}
-+sub vstrch {
-+ vstrc(@_[0..3],1,$_[4]);
-+}
-+sub vstrcf {
-+ vstrc(@_[0..3],2,$_[4]);
-+}
-+sub vstrcbs {
-+ $_[4]=0 if (!defined($_[4]));
-+ vstrc(@_[0..3],0,0x1|$_[4]);
-+}
-+sub vstrchs {
-+ $_[4]=0 if (!defined($_[4]));
-+ vstrc(@_[0..3],1,0x1|$_[4]);
-+}
-+sub vstrcfs {
-+ $_[4]=0 if (!defined($_[4]));
-+ vstrc(@_[0..3],2,0x1|$_[4]);
-+}
-+sub vstrczb {
-+ $_[4]=0 if (!defined($_[4]));
-+ vstrc(@_[0..3],0,0x2|$_[4]);
-+}
-+sub vstrczh {
-+ $_[4]=0 if (!defined($_[4]));
-+ vstrc(@_[0..3],1,0x2|$_[4]);
-+}
-+sub vstrczf {
-+ $_[4]=0 if (!defined($_[4]));
-+ vstrc(@_[0..3],2,0x2|$_[4]);
-+}
-+sub vstrczbs {
-+ $_[4]=0 if (!defined($_[4]));
-+ vstrc(@_[0..3],0,0x3|$_[4]);
-+}
-+sub vstrczhs {
-+ $_[4]=0 if (!defined($_[4]));
-+ vstrc(@_[0..3],1,0x3|$_[4]);
-+}
-+sub vstrczfs {
-+ $_[4]=0 if (!defined($_[4]));
-+ vstrc(@_[0..3],2,0x3|$_[4]);
-+}
-+
-+# VX - Floating-point Instructions
-+
-+sub vfa {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRc(0xe7e3,@_);
-+}
-+sub vfadb {
-+ vfa(@_,3,0);
-+}
-+sub wfadb {
-+ vfa(@_,3,8);
-+}
-+
-+sub wfc {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRa(0xe7cb,@_);
-+}
-+sub wfcdb {
-+ wfc(@_,3,0);
-+}
-+
-+sub wfk {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRa(0xe7ca,@_);
-+}
-+sub wfksb {
-+ wfk(@_,2,0);
-+}
-+sub wfkdb {
-+ wfk(@_,3,0);
-+}
-+sub wfkxb {
-+ wfk(@_,4,0);
-+}
-+
-+sub vfce {
-+ confess(err("ARGNUM")) if ($#_!=5);
-+ VRRc(0xe7e8,@_);
-+}
-+sub vfcedb {
-+ vfce(@_,3,0,0);
-+}
-+sub vfcedbs {
-+ vfce(@_,3,0,1);
-+}
-+sub wfcedb {
-+ vfce(@_,3,8,0);
-+}
-+sub wfcedbs {
-+ vfce(@_,3,8,1);
-+}
-+
-+sub vfch {
-+ confess(err("ARGNUM")) if ($#_!=5);
-+ VRRc(0xe7eb,@_);
-+}
-+sub vfchdb {
-+ vfch(@_,3,0,0);
-+}
-+sub vfchdbs {
-+ vfch(@_,3,0,1);
-+}
-+sub wfchdb {
-+ vfch(@_,3,8,0);
-+}
-+sub wfchdbs {
-+ vfch(@_,3,8,1);
-+}
-+
-+sub vfche {
-+ confess(err("ARGNUM")) if ($#_!=5);
-+ VRRc(0xe7ea,@_);
-+}
-+sub vfchedb {
-+ vfche(@_,3,0,0);
-+}
-+sub vfchedbs {
-+ vfche(@_,3,0,1);
-+}
-+sub wfchedb {
-+ vfche(@_,3,8,0);
-+}
-+sub wfchedbs {
-+ vfche(@_,3,8,1);
-+}
-+
-+sub vcdg {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRa(0xe7c3,@_);
-+}
-+sub vcdgb {
-+ vcdg(@_[0..1],3,@_[2..3]);
-+}
-+sub wcdgb {
-+ vcdg(@_[0..1],3,0x8|$_[2],$_[3]);
-+}
-+
-+sub vcdlg {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRa(0xe7c1,@_);
-+}
-+sub vcdlgb {
-+ vcdlg(@_[0..1],3,@_[2..3]);
-+}
-+sub wcdlgb {
-+ vcdlg(@_[0..1],3,0x8|$_[2],$_[3]);
-+}
-+
-+sub vcgd {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRa(0xe7c2,@_);
-+}
-+sub vcgdb {
-+ vcgd(@_[0..1],3,@_[2..3]);
-+}
-+sub wcgdb {
-+ vcgd(@_[0..1],3,0x8|$_[2],$_[3]);
-+}
-+
-+sub vclgd {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRa(0xe7c0,@_);
-+}
-+sub vclgdb {
-+ vclgd(@_[0..1],3,@_[2..3]);
-+}
-+sub wclgdb {
-+ vclgd(@_[0..1],3,0x8|$_[2],$_[3]);
-+}
-+
-+sub vfd {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRc(0xe7e5,@_);
-+}
-+sub vfddb {
-+ vfd(@_,3,0);
-+}
-+sub wfddb {
-+ vfd(@_,3,8);
-+}
-+
-+sub vfi {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRa(0xe7c7,@_);
-+}
-+sub vfidb {
-+ vfi(@_[0..1],3,@_[2..3]);
-+}
-+sub wfidb {
-+ vfi(@_[0..1],3,0x8|$_[2],$_[3]);
-+}
-+
-+sub vlde { # deprecated, use vfll
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRa(0xe7c4,@_);
-+}
-+sub vldeb { # deprecated, use vflls
-+ vlde(@_,2,0);
-+}
-+sub wldeb { # deprecated, use wflls
-+ vlde(@_,2,8);
-+}
-+
-+sub vled { # deprecated, use vflr
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRa(0xe7c5,@_);
-+}
-+sub vledb { # deprecated, use vflrd
-+ vled(@_[0..1],3,@_[2..3]);
-+}
-+sub wledb { # deprecated, use wflrd
-+ vled(@_[0..1],3,0x8|$_[2],$_[3]);
-+}
-+
-+sub vfm {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRc(0xe7e7,@_);
-+}
-+sub vfmdb {
-+ vfm(@_,3,0);
-+}
-+sub wfmdb {
-+ vfm(@_,3,8);
-+}
-+
-+sub vfma {
-+ confess(err("ARGNUM")) if ($#_!=5);
-+ VRRe(0xe78f,@_);
-+}
-+sub vfmadb {
-+ vfma(@_,0,3);
-+}
-+sub wfmadb {
-+ vfma(@_,8,3);
-+}
-+
-+sub vfms {
-+ confess(err("ARGNUM")) if ($#_!=5);
-+ VRRe(0xe78e,@_);
-+}
-+sub vfmsdb {
-+ vfms(@_,0,3);
-+}
-+sub wfmsdb {
-+ vfms(@_,8,3);
-+}
-+
-+sub vfpso {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRa(0xe7cc,@_);
-+}
-+sub vfpsodb {
-+ vfpso(@_[0..1],3,0,$_[2]);
-+}
-+sub wfpsodb {
-+ vfpso(@_[0..1],3,8,$_[2]);
-+}
-+sub vflcdb {
-+ vfpso(@_,3,0,0);
-+}
-+sub wflcdb {
-+ vfpso(@_,3,8,0);
-+}
-+sub vflndb {
-+ vfpso(@_,3,0,1);
-+}
-+sub wflndb {
-+ vfpso(@_,3,8,1);
-+}
-+sub vflpdb {
-+ vfpso(@_,3,0,2);
-+}
-+sub wflpdb {
-+ vfpso(@_,3,8,2);
-+}
-+
-+sub vfsq {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRRa(0xe7ce,@_);
-+}
-+sub vfsqdb {
-+ vfsq(@_,3,0);
-+}
-+sub wfsqdb {
-+ vfsq(@_,3,8);
-+}
-+
-+sub vfs {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRRc(0xe7e2,@_);
-+}
-+sub vfsdb {
-+ vfs(@_,3,0);
-+}
-+sub wfsdb {
-+ vfs(@_,3,8);
-+}
-+
-+sub vftci {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRIe(0xe74a,@_);
-+}
-+sub vftcidb {
-+ vftci(@_,3,0);
-+}
-+sub wftcidb {
-+ vftci(@_,3,8);
-+}
-+
-+# VXE - Support Instructions
-+
-+sub vbperm {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRc(0xe785,@_);
-+}
-+
-+sub vllezlf {
-+ vllez(@_,6);
-+}
-+
-+# VXE - Integer Instructions
-+
-+sub vmsl {
-+ confess(err("ARGNUM")) if ($#_!=5);
-+ VRRd(0xe7b8,@_);
-+}
-+sub vmslg {
-+ vmsl(@_[0..3],3,$_[4]);
-+}
-+
-+sub vnx {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRc(0xe76c,@_);
-+}
-+
-+sub vnn {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRc(0xe76e,@_);
-+}
-+
-+sub voc {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRc(0xe76f,@_);
-+}
-+
-+sub vpopctb {
-+ vpopct(@_,0);
-+}
-+sub vpopcth {
-+ vpopct(@_,1);
-+}
-+sub vpopctf {
-+ vpopct(@_,2);
-+}
-+sub vpopctg {
-+ vpopct(@_,3);
-+}
-+
-+# VXE - Floating-Point Instructions
-+
-+sub vfasb {
-+ vfa(@_,2,0);
-+}
-+sub wfasb {
-+ vfa(@_,2,8);
-+}
-+sub wfaxb {
-+ vfa(@_,4,8);
-+}
-+
-+sub wfcsb {
-+ wfc(@_,2,0);
-+}
-+sub wfcxb {
-+ wfc(@_,4,0);
-+}
-+
-+sub vfcesb {
-+ vfce(@_,2,0,0);
-+}
-+sub vfcesbs {
-+ vfce(@_,2,0,1);
-+}
-+sub wfcesb {
-+ vfce(@_,2,8,0);
-+}
-+sub wfcesbs {
-+ vfce(@_,2,8,1);
-+}
-+sub wfcexb {
-+ vfce(@_,4,8,0);
-+}
-+sub wfcexbs {
-+ vfce(@_,4,8,1);
-+}
-+
-+sub vfchsb {
-+ vfch(@_,2,0,0);
-+}
-+sub vfchsbs {
-+ vfch(@_,2,0,1);
-+}
-+sub wfchsb {
-+ vfch(@_,2,8,0);
-+}
-+sub wfchsbs {
-+ vfch(@_,2,8,1);
-+}
-+sub wfchxb {
-+ vfch(@_,4,8,0);
-+}
-+sub wfchxbs {
-+ vfch(@_,4,8,1);
-+}
-+
-+sub vfchesb {
-+ vfche(@_,2,0,0);
-+}
-+sub vfchesbs {
-+ vfche(@_,2,0,1);
-+}
-+sub wfchesb {
-+ vfche(@_,2,8,0);
-+}
-+sub wfchesbs {
-+ vfche(@_,2,8,1);
-+}
-+sub wfchexb {
-+ vfche(@_,4,8,0);
-+}
-+sub wfchexbs {
-+ vfche(@_,4,8,1);
-+}
-+
-+sub vfdsb {
-+ vfd(@_,2,0);
-+}
-+sub wfdsb {
-+ vfd(@_,2,8);
-+}
-+sub wfdxb {
-+ vfd(@_,4,8);
-+}
-+
-+sub vfisb {
-+ vfi(@_[0..1],2,@_[2..3]);
-+}
-+sub wfisb {
-+ vfi(@_[0..1],2,0x8|$_[2],$_[3]);
-+}
-+sub wfixb {
-+ vfi(@_[0..1],4,0x8|$_[2],$_[3]);
-+}
-+
-+sub vfll {
-+ vlde(@_);
-+}
-+sub vflls {
-+ vfll(@_,2,0);
-+}
-+sub wflls {
-+ vfll(@_,2,8);
-+}
-+sub wflld {
-+ vfll(@_,3,8);
-+}
-+
-+sub vflr {
-+ vled(@_);
-+}
-+sub vflrd {
-+ vflr(@_[0..1],3,@_[2..3]);
-+}
-+sub wflrd {
-+ vflr(@_[0..1],3,0x8|$_[2],$_[3]);
-+}
-+sub wflrx {
-+ vflr(@_[0..1],4,0x8|$_[2],$_[3]);
-+}
-+
-+sub vfmax {
-+ confess(err("ARGNUM")) if ($#_!=5);
-+ VRRc(0xe7ef,@_);
-+}
-+sub vfmaxsb {
-+ vfmax(@_[0..2],2,0,$_[3]);
-+}
-+sub vfmaxdb {
-+ vfmax(@_[0..2],3,0,$_[3]);
-+}
-+sub wfmaxsb {
-+ vfmax(@_[0..2],2,8,$_[3]);
-+}
-+sub wfmaxdb {
-+ vfmax(@_[0..2],3,8,$_[3]);
-+}
-+sub wfmaxxb {
-+ vfmax(@_[0..2],4,8,$_[3]);
-+}
-+
-+sub vfmin {
-+ confess(err("ARGNUM")) if ($#_!=5);
-+ VRRc(0xe7ee,@_);
-+}
-+sub vfminsb {
-+ vfmin(@_[0..2],2,0,$_[5]);
-+}
-+sub vfmindb {
-+ vfmin(@_[0..2],3,0,$_[5]);
-+}
-+sub wfminsb {
-+ vfmin(@_[0..2],2,8,$_[5]);
-+}
-+sub wfmindb {
-+ vfmin(@_[0..2],3,8,$_[5]);
-+}
-+sub wfminxb {
-+ vfmin(@_[0..2],4,8,$_[5]);
-+}
-+
-+sub vfmsb {
-+ vfm(@_,2,0);
-+}
-+sub wfmsb {
-+ vfm(@_,2,8);
-+}
-+sub wfmxb {
-+ vfm(@_,4,8);
-+}
-+
-+sub vfmasb {
-+ vfma(@_,0,2);
-+}
-+sub wfmasb {
-+ vfma(@_,8,2);
-+}
-+sub wfmaxb {
-+ vfma(@_,8,4);
-+}
-+
-+sub vfmssb {
-+ vfms(@_,0,2);
-+}
-+sub wfmssb {
-+ vfms(@_,8,2);
-+}
-+sub wfmsxb {
-+ vfms(@_,8,4);
-+}
-+
-+sub vfnma {
-+ confess(err("ARGNUM")) if ($#_!=5);
-+ VRRe(0xe79f,@_);
-+}
-+sub vfnmasb {
-+ vfnma(@_,0,2);
-+}
-+sub vfnmadb {
-+ vfnma(@_,0,3);
-+}
-+sub wfnmasb {
-+ vfnma(@_,8,2);
-+}
-+sub wfnmadb {
-+ vfnma(@_,8,3);
-+}
-+sub wfnmaxb {
-+ vfnma(@_,8,4);
-+}
-+
-+sub vfnms {
-+ confess(err("ARGNUM")) if ($#_!=5);
-+ VRRe(0xe79e,@_);
-+}
-+sub vfnmssb {
-+ vfnms(@_,0,2);
-+}
-+sub vfnmsdb {
-+ vfnms(@_,0,3);
-+}
-+sub wfnmssb {
-+ vfnms(@_,8,2);
-+}
-+sub wfnmsdb {
-+ vfnms(@_,8,3);
-+}
-+sub wfnmsxb {
-+ vfnms(@_,8,4);
-+}
-+
-+sub vfpsosb {
-+ vfpso(@_[0..1],2,0,$_[2]);
-+}
-+sub wfpsosb {
-+ vfpso(@_[0..1],2,8,$_[2]);
-+}
-+sub vflcsb {
-+ vfpso(@_,2,0,0);
-+}
-+sub wflcsb {
-+ vfpso(@_,2,8,0);
-+}
-+sub vflnsb {
-+ vfpso(@_,2,0,1);
-+}
-+sub wflnsb {
-+ vfpso(@_,2,8,1);
-+}
-+sub vflpsb {
-+ vfpso(@_,2,0,2);
-+}
-+sub wflpsb {
-+ vfpso(@_,2,8,2);
-+}
-+sub vfpsoxb {
-+ vfpso(@_[0..1],4,0,$_[2]);
-+}
-+sub wfpsoxb {
-+ vfpso(@_[0..1],4,8,$_[2]);
-+}
-+sub vflcxb {
-+ vfpso(@_,4,0,0);
-+}
-+sub wflcxb {
-+ vfpso(@_,4,8,0);
-+}
-+sub vflnxb {
-+ vfpso(@_,4,0,1);
-+}
-+sub wflnxb {
-+ vfpso(@_,4,8,1);
-+}
-+sub vflpxb {
-+ vfpso(@_,4,0,2);
-+}
-+sub wflpxb {
-+ vfpso(@_,4,8,2);
-+}
-+
-+sub vfsqsb {
-+ vfsq(@_,2,0);
-+}
-+sub wfsqsb {
-+ vfsq(@_,2,8);
-+}
-+sub wfsqxb {
-+ vfsq(@_,4,8);
-+}
-+
-+sub vfssb {
-+ vfs(@_,2,0);
-+}
-+sub wfssb {
-+ vfs(@_,2,8);
-+}
-+sub wfsxb {
-+ vfs(@_,4,8);
-+}
-+
-+sub vftcisb {
-+ vftci(@_,2,0);
-+}
-+sub wftcisb {
-+ vftci(@_,2,8);
-+}
-+sub wftcixb {
-+ vftci(@_,4,8);
-+}
-+
-+# VXD - Support Instructions
-+
-+sub vlrlr {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRSd(0xe637,@_);
-+}
-+
-+sub vlrl {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VSI(0xe635,@_);
-+}
-+
-+sub vstrlr {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRSd(0xe63f,@_);
-+}
-+
-+sub vstrl {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VSI(0xe63d,@_);
-+}
-+
-+sub vap {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRIf(0xe671,@_);
-+}
-+
-+sub vcp {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRh(0xe677,@_);
-+}
-+
-+sub vcvb {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRi(0xe650,@_);
-+}
-+
-+sub vcvbg {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRRi(0xe652,@_);
-+}
-+
-+sub vcvd {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRIi(0xe658,@_);
-+}
-+
-+sub vcvdg {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ VRIi(0xe65a,@_);
-+}
-+
-+sub vdp {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRIf(0xe67a,@_);
-+}
-+
-+sub vlip {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VRIh(0xe649,@_);
-+}
-+
-+sub vmp {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRIf(0xe678,@_);
-+}
-+
-+sub vmsp {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRIf(0xe679,@_);
-+}
-+
-+sub vpkz {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VSI(0xe634,@_);
-+}
-+
-+sub vpsop {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRIg(0xe65b,@_);
-+}
-+
-+sub vrp {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRIf(0xe67b,@_);
-+}
-+
-+sub vsdp {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRIf(0xe67e,@_);
-+}
-+
-+sub vsrp {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRIg(0xe659,@_);
-+}
-+
-+sub vsp {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ VRIf(0xe673,@_);
-+}
-+
-+sub vtp {
-+ confess(err("ARGNUM")) if ($#_!=0);
-+ VRRg(0xe65f,@_);
-+}
-+
-+sub vupkz {
-+ confess(err("ARGNUM")) if ($#_!=2);
-+ VSI(0xe63c,@_);
-+}
-+
-+#
-+# Instruction Formats
-+#
-+
-+sub RRE {
-+ confess(err("ARGNUM")) if ($#_<0||2<$#_);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$r1,$r2)=(shift,get_R(shift),get_R(shift));
-+
-+ $out.="\t.long\t".sprintf("%#010x",($opcode<<16|$r1<<4|$r2));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub RRFb {
-+ confess(err("ARGNUM")) if ($#_<3||4<$#_);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$r1,$r3,$r2,$m4)=(shift,get_R(shift),get_R(shift)
-+ ,get_R(shift),get_M(shift));
-+
-+ $out.="\t.long\t"
-+ .sprintf("%#010x",($opcode<<16|$r3<<12|$m4<<8|$r1<<4|$r2));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub S {
-+ confess(err("ARGNUM")) if ($#_<0||1<$#_);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$d2,$b2)=(shift,get_DB(shift));
-+
-+ $out.="\t.long\t".sprintf("%#010x",($opcode<<16|$b2<<12|$d2));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRIa {
-+ confess(err("ARGNUM")) if ($#_<2||3<$#_);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$i2,$m3)=(shift,get_V(shift),get_I(shift,16),
-+ get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)).",";
-+ $out.=sprintf("%#06x",$i2).",";
-+ $out.=sprintf("%#06x",($m3<<12|RXB($v1)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRIb {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$i2,$i3,$m4)=(shift,get_V(shift),get_I(shift,8),
-+ ,get_I(shift,8),get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)).",";
-+ $out.=sprintf("%#06x",($i2<<8|$i3)).",";
-+ $out.=sprintf("%#06x",($m4<<12|RXB($v1)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRIc {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$v3,$i2,$m4)=(shift,get_V(shift),get_V(shift),
-+ ,get_I(shift,16),get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v3&0xf)).",";
-+ $out.=sprintf("%#06x",$i2).",";
-+ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v3)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRId {
-+ confess(err("ARGNUM")) if ($#_<4||$#_>5);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$v2,$v3,$i4,$m5)=(shift,get_V(shift),get_V(shift),
-+ ,get_V(shift),get_I(shift,8),get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).",";
-+ $out.=sprintf("%#06x",(($v3&0xf)<<12|$i4)).",";
-+ $out.=sprintf("%#06x",($m5<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRIe {
-+ confess(err("ARGNUM")) if ($#_!=5);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$v2,$i3,$m4,$m5)=(shift,get_V(shift),get_V(shift),
-+ ,get_I(shift,12),get_M(shift),get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).",";
-+ $out.=sprintf("%#06x",($i3<<4|$m5)).",";
-+ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v2)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRIf {
-+ confess(err("ARGNUM")) if ($#_!=5);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$v2,$v3,$i4,$m5)=(shift,get_V(shift),get_V(shift),
-+ ,get_V(shift),get_I(shift,8),get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).",";
-+ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m5<<4)|$i4>>4).",";
-+ $out.=sprintf("%#06x",(($i4&0xf)<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRIg {
-+ confess(err("ARGNUM")) if ($#_!=5);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$v2,$i3,$i4,$m5)=(shift,get_V(shift),get_V(shift),
-+ ,get_I(shift,8),get_I(shift,8),get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).",";
-+ $out.=sprintf("%#06x",($i4<<8|$m5<<4|$i3>>4)).",";
-+ $out.=sprintf("%#06x",(($i3&0xf)<<12|RXB($v1,$v2)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRIh {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$i2,$i3)=(shift,get_V(shift),get_I(shift,16),
-+ get_I(shift,4));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)).",";
-+ $out.=sprintf("%#06x",$i2).",";
-+ $out.=sprintf("%#06x",($i3<<12|RXB($v1)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRIi {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$r2,$i3,$m4)=(shift,get_V(shift),get_R(shift),
-+ ,get_I(shift,8),get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|$r2).",";
-+ $out.=sprintf("%#06x",($m4<<4|$i3>>4)).",";
-+ $out.=sprintf("%#06x",(($i3&0xf)<<12|RXB($v1)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRRa {
-+ confess(err("ARGNUM")) if ($#_<2||5<$#_);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$v2,$m3,$m4,$m5)=(shift,get_V(shift),get_V(shift),
-+ get_M(shift),get_M(shift),get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).",";
-+ $out.=sprintf("%#06x",($m5<<4|$m4)).",";
-+ $out.=sprintf("%#06x",($m3<<12|RXB($v1,$v2)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRRb {
-+ confess(err("ARGNUM")) if ($#_<3||5<$#_);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$v2,$v3,$m4,$m5)=(shift,get_V(shift),get_V(shift),
-+ get_V(shift),get_M(shift),get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).",";
-+ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m5<<4)).",";
-+ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRRc {
-+ confess(err("ARGNUM")) if ($#_<3||6<$#_);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$v2,$v3,$m4,$m5,$m6)=(shift,get_V(shift),get_V(shift),
-+ get_V(shift),get_M(shift),get_M(shift),get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).",";
-+ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m6<<4|$m5)).",";
-+ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRRd {
-+ confess(err("ARGNUM")) if ($#_<4||6<$#_);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$v2,$v3,$v4,$m5,$m6)=(shift,get_V(shift),get_V(shift),
-+ get_V(shift),get_V(shift),get_M(shift),get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).",";
-+ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m5<<8|$m6<<4)).",";
-+ $out.=sprintf("%#06x",(($v4&0xf)<<12|RXB($v1,$v2,$v3,$v4)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRRe {
-+ confess(err("ARGNUM")) if ($#_<4||6<$#_);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$v2,$v3,$v4,$m5,$m6)=(shift,get_V(shift),get_V(shift),
-+ get_V(shift),get_V(shift),get_M(shift),get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).",";
-+ $out.=sprintf("%#06x",(($v3&0xf)<<12|$m6<<8|$m5)).",";
-+ $out.=sprintf("%#06x",(($v4&0xf)<<12|RXB($v1,$v2,$v3,$v4)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRRf {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$r2,$r3)=(shift,get_V(shift),get_R(shift),
-+ get_R(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|$r2)).",";
-+ $out.=sprintf("%#06x",($r3<<12)).",";
-+ $out.=sprintf("%#06x",(RXB($v1)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRRg {
-+ confess(err("ARGNUM")) if ($#_!=1);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1)=(shift,get_V(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf))).",";
-+ $out.=sprintf("%#06x",0x0000).",";
-+ $out.=sprintf("%#06x",(RXB(0,$v1)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRRh {
-+ confess(err("ARGNUM")) if ($#_<2||$#_>3);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$v2,$m3)=(shift,get_V(shift),get_V(shift),
-+ get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf))).",";
-+ $out.=sprintf("%#06x",(($v2&0xf)<<12|$m3<<4)).",";
-+ $out.=sprintf("%#06x",(RXB(0,$v1,$v2)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRRi {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$r1,$v2,$m3)=(shift,get_R(shift),get_V(shift),
-+ get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|$r1<<4|($v2&0xf))).",";
-+ $out.=sprintf("%#06x",($m3<<4))."\,";
-+ $out.=sprintf("%#06x",(RXB(0,$v2)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRSa {
-+ confess(err("ARGNUM")) if ($#_<3||$#_>4);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$v3,$d2,$b2,$m4)=(shift,get_V(shift),get_V(shift),
-+ get_DB(shift),get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v3&0xf))).",";
-+ $out.=sprintf("%#06x",($b2<<12|$d2)).",";
-+ $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v3)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRSb {
-+ confess(err("ARGNUM")) if ($#_<3||$#_>4);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$r3,$d2,$b2,$m4)=(shift,get_V(shift),get_R(shift),
-+ get_DB(shift),get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|$r3)).",";
-+ $out.=sprintf("%#06x",($b2<<12|$d2)).",";
-+ $out.=sprintf("%#06x",($m4<<12|RXB($v1)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRSc {
-+ confess(err("ARGNUM")) if ($#_!=4);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$r1,$v3,$d2,$b2,$m4)=(shift,get_R(shift),get_V(shift),
-+ get_DB(shift),get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|$r1<<4|($v3&0xf))).",";
-+ $out.=sprintf("%#06x",($b2<<12|$d2)).",";
-+ $out.=sprintf("%#06x",($m4<<12|RXB(0,$v3)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRSd {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$r3,$d2,$b2)=(shift,get_V(shift),get_R(shift),
-+ get_DB(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|$r3)).",";
-+ $out.=sprintf("%#06x",($b2<<12|$d2)).",";
-+ $out.=sprintf("%#06x",(($v1&0xf)<<12|RXB(0,0,0,$v1)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRV {
-+ confess(err("ARGNUM")) if ($#_<2||$#_>3);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$d2,$v2,$b2,$m3)=(shift,get_V(shift),get_DVB(shift),
-+ get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).",";
-+ $out.=sprintf("%#06x",($b2<<12|$d2)).",";
-+ $out.=sprintf("%#06x",($m3<<12|RXB($v1,$v2)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VRX {
-+ confess(err("ARGNUM")) if ($#_<2||$#_>3);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$d2,$x2,$b2,$m3)=(shift,get_V(shift),get_DXB(shift),
-+ get_M(shift));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($x2))).",";
-+ $out.=sprintf("%#06x",($b2<<12|$d2)).",";
-+ $out.=sprintf("%#06x",($m3<<12|RXB($v1)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+sub VSI {
-+ confess(err("ARGNUM")) if ($#_!=3);
-+ my $ops=join(',',@_[1..$#_]);
-+ my $memn=(caller(1))[3];
-+ $memn=~s/^.*:://;
-+ my ($opcode,$v1,$d2,$b2,$i3)=(shift,get_V(shift),get_DB(shift),
-+ get_I(shift,8));
-+
-+ $out.="\t.word\t";
-+ $out.=sprintf("%#06x",($opcode&0xff00|$i3)).",";
-+ $out.=sprintf("%#06x",($b2<<12|$d2)).",";
-+ $out.=sprintf("%#06x",(($v1&0xf)<<12|RXB(0,0,0,$v1)<<8|$opcode&0xff));
-+ $out.="\t# $memn\t$ops\n"
-+}
-+
-+#
-+# Internal
-+#
-+
-+sub get_R {
-+ confess(err("ARGNUM")) if ($#_!=0);
-+ my $r;
-+
-+ for (shift) {
-+ if (!defined) {
-+ $r=0;
-+ } elsif (/^$GR$/) {
-+ $r=$1;
-+ } else {
-+ confess(err("PARSE"));
-+ }
-+ }
-+ confess(err("ARGRANGE")) if ($r&~0xf);
-+
-+ return $r;
-+}
-+
-+sub get_V {
-+ confess(err("ARGNUM")) if ($#_!=0);
-+ my $v;
-+
-+ for (shift) {
-+ if (!defined) {
-+ $v=0;
-+ } elsif (/^$VR$/) {
-+ $v=$1;
-+ } else {
-+ confess(err("PARSE"));
-+ }
-+ }
-+ confess(err("ARGRANGE")) if ($v&~0x1f);
-+
-+ return $v;
-+}
-+
-+sub get_I {
-+ confess(err("ARGNUM")) if ($#_!=1);
-+ my ($i,$bits)=(shift,shift);
-+
-+ $i=defined($i)?(eval($i)):(0);
-+ confess(err("PARSE")) if (!defined($i));
-+ confess(err("ARGRANGE")) if (abs($i)&~(2**$bits-1));
-+
-+ return $i&(2**$bits-1);
-+}
-+
-+sub get_M {
-+ confess(err("ARGNUM")) if ($#_!=0);
-+ my $m=shift;
-+
-+ $m=defined($m)?(eval($m)):(0);
-+ confess(err("PARSE")) if (!defined($m));
-+ confess(err("ARGRANGE")) if ($m&~0xf);
-+
-+ return $m;
-+}
-+
-+sub get_DB
-+{
-+ confess(err("ARGNUM")) if ($#_!=0);
-+ my ($d,$b);
-+
-+ for (shift) {
-+ if (!defined) {
-+ ($d,$b)=(0,0);
-+ } elsif (/^(.+)\($GR\)$/) {
-+ ($d,$b)=(eval($1),$2);
-+ confess(err("PARSE")) if (!defined($d));
-+ } elsif (/^(.+)$/) {
-+ ($d,$b)=(eval($1),0);
-+ confess(err("PARSE")) if (!defined($d));
-+ } else {
-+ confess(err("PARSE"));
-+ }
-+ }
-+ confess(err("ARGRANGE")) if ($d&~0xfff||$b&~0xf);
-+
-+ return ($d,$b);
-+}
-+
-+sub get_DVB
-+{
-+ confess(err("ARGNUM")) if ($#_!=0);
-+ my ($d,$v,$b);
-+
-+ for (shift) {
-+ if (!defined) {
-+ ($d,$v,$b)=(0,0,0);
-+ } elsif (/^(.+)\($VR,$GR\)$/) {
-+ ($d,$v,$b)=(eval($1),$2,$3);
-+ confess(err("PARSE")) if (!defined($d));
-+ } elsif (/^(.+)\($GR\)$/) {
-+ ($d,$v,$b)=(eval($1),0,$2);
-+ confess(err("PARSE")) if (!defined($d));
-+ } elsif (/^(.+)$/) {
-+ ($d,$v,$b)=(eval($1),0,0);
-+ confess(err("PARSE")) if (!defined($d));
-+ } else {
-+ confess(err("PARSE"));
-+ }
-+ }
-+ confess(err("ARGRANGE")) if ($d&~0xfff||$v&~0x1f||$b&~0xf);
-+
-+ return ($d,$v,$b);
-+}
-+
-+sub get_DXB
-+{
-+ confess(err("ARGNUM")) if ($#_!=0);
-+ my ($d,$x,$b);
-+
-+ for (shift) {
-+ if (!defined) {
-+ ($d,$x,$b)=(0,0,0);
-+ } elsif (/^(.+)\($GR,$GR\)$/) {
-+ ($d,$x,$b)=(eval($1),$2,$3);
-+ confess(err("PARSE")) if (!defined($d));
-+ } elsif (/^(.+)\($GR\)$/) {
-+ ($d,$x,$b)=(eval($1),0,$2);
-+ confess(err("PARSE")) if (!defined($d));
-+ } elsif (/^(.+)$/) {
-+ ($d,$x,$b)=(eval($1),0,0);
-+ confess(err("PARSE")) if (!defined($d));
-+ } else {
-+ confess(err("PARSE"));
-+ }
-+ }
-+ confess(err("ARGRANGE")) if ($d&~0xfff||$x&~0xf||$b&~0xf);
-+
-+ return ($d,$x,$b);
-+}
-+
-+sub RXB
-+{
-+ confess(err("ARGNUM")) if ($#_<0||3<$#_);
-+ my $rxb=0;
-+
-+ $rxb|=0x08 if (defined($_[0])&&($_[0]&0x10));
-+ $rxb|=0x04 if (defined($_[1])&&($_[1]&0x10));
-+ $rxb|=0x02 if (defined($_[2])&&($_[2]&0x10));
-+ $rxb|=0x01 if (defined($_[3])&&($_[3]&0x10));
-+
-+ return $rxb;
-+}
-+
-+sub err {
-+ my %ERR =
-+ (
-+ ARGNUM => 'Wrong number of arguments',
-+ ARGRANGE=> 'Argument out of range',
-+ PARSE => 'Parse error',
-+ );
-+ confess($ERR{ARGNUM}) if ($#_!=0);
-+
-+ return $ERR{$_[0]};
-+}
-+
-+1;
-diff -up openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl
---- openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl 2019-05-06 10:54:00.036367588 +0200
-@@ -24,204 +24,961 @@
- #
- # On side note, z13 enables vector base 2^26 implementation...
-
--$flavour = shift;
-+#
-+# January 2019
-+#
-+# Add vx code path (base 2^26).
-+#
-+# Copyright IBM Corp. 2019
-+# Author: Patrick Steuer <patrick.steuer@de.ibm.com>
-+
-+#
-+# January 2019
-+#
-+# Add vector base 2^26 implementation. It's problematic to accurately
-+# measure performance, because reference system is hardly idle. But
-+# it's sub-cycle, i.e. less than 1 cycle per processed byte, and it's
-+# >=20% faster than IBM's submission on long inputs, and much faster on
-+# short ones, because calculation of key powers is postponed till we
-+# know that input is long enough to justify the additional overhead.
-+
-+use strict;
-+use FindBin qw($Bin);
-+use lib "$Bin/../..";
-+use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE);
-+
-+my $flavour = shift;
-
-+my ($z,$SIZE_T);
- if ($flavour =~ /3[12]/) {
-+ $z=0; # S/390 ABI
- $SIZE_T=4;
-- $g="";
- } else {
-+ $z=1; # zSeries ABI
- $SIZE_T=8;
-- $g="g";
- }
-
-+my $output;
- while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
--open STDOUT,">$output";
-
--$sp="%r15";
-+my $stdframe=16*$SIZE_T+4*8;
-+my $sp="%r15";
-
- my ($ctx,$inp,$len,$padbit) = map("%r$_",(2..5));
-
--$code.=<<___;
--.text
-+PERLASM_BEGIN($output);
-
--.globl poly1305_init
--.type poly1305_init,\@function
--.align 16
--poly1305_init:
-- lghi %r0,0
-- lghi %r1,-1
-- stg %r0,0($ctx) # zero hash value
-- stg %r0,8($ctx)
-- stg %r0,16($ctx)
--
-- cl${g}r $inp,%r0
-- je .Lno_key
--
-- lrvg %r4,0($inp) # load little-endian key
-- lrvg %r5,8($inp)
--
-- nihl %r1,0xffc0 # 0xffffffc0ffffffff
-- srlg %r0,%r1,4 # 0x0ffffffc0fffffff
-- srlg %r1,%r1,4
-- nill %r1,0xfffc # 0x0ffffffc0ffffffc
--
-- ngr %r4,%r0
-- ngr %r5,%r1
--
-- stg %r4,32($ctx)
-- stg %r5,40($ctx)
--
--.Lno_key:
-- lghi %r2,0
-- br %r14
--.size poly1305_init,.-poly1305_init
--___
-+INCLUDE ("s390x_arch.h");
-+TEXT ();
-+
-+################
-+# static void poly1305_init(void *ctx, const unsigned char key[16])
-+{
-+GLOBL ("poly1305_init");
-+TYPE ("poly1305_init","\@function");
-+ALIGN (16);
-+LABEL ("poly1305_init");
-+ lghi ("%r0",0);
-+ lghi ("%r1",-1);
-+ stg ("%r0","0($ctx)"); # zero hash value
-+ stg ("%r0","8($ctx)");
-+ stg ("%r0","16($ctx)");
-+ st ("%r0","24($ctx)"); # clear is_base2_26
-+ lgr ("%r5",$ctx); # reassign $ctx
-+ lghi ("%r2",0);
-+
-+&{$z? \&clgr:\&clr} ($inp,"%r0");
-+ je (".Lno_key");
-+
-+ lrvg ("%r2","0($inp)"); # load little-endian key
-+ lrvg ("%r3","8($inp)");
-+
-+ nihl ("%r1",0xffc0); # 0xffffffc0ffffffff
-+ srlg ("%r0","%r1",4); # 0x0ffffffc0fffffff
-+ srlg ("%r1","%r1",4);
-+ nill ("%r1",0xfffc); # 0x0ffffffc0ffffffc
-+
-+ ngr ("%r2","%r0");
-+ ngr ("%r3","%r1");
-+
-+ stmg ("%r2","%r3","32(%r5)");
-+
-+ larl ("%r1","OPENSSL_s390xcap_P");
-+ lg ("%r0","16(%r1)");
-+ srlg ("%r0","%r0",62);
-+ nill ("%r0",1); # extract vx bit
-+ lcgr ("%r0","%r0");
-+ larl ("%r1",".Lpoly1305_blocks");
-+ larl ("%r2",".Lpoly1305_blocks_vx");
-+ larl ("%r3",".Lpoly1305_emit");
-+&{$z? \&xgr:\&xr} ("%r2","%r1"); # select between scalar and vector
-+&{$z? \&ngr:\&nr} ("%r2","%r0");
-+&{$z? \&xgr:\&xr} ("%r2","%r1");
-+&{$z? \&stmg:\&stm} ("%r2","%r3","0(%r4)");
-+ lghi ("%r2",1);
-+LABEL (".Lno_key");
-+ br ("%r14");
-+SIZE ("poly1305_init",".-poly1305_init");
-+}
-+
-+################
-+# static void poly1305_blocks(void *ctx, const unsigned char *inp,
-+# size_t len, u32 padbit)
- {
- my ($d0hi,$d0lo,$d1hi,$d1lo,$t0,$h0,$t1,$h1,$h2) = map("%r$_",(6..14));
- my ($r0,$r1,$s1) = map("%r$_",(0..2));
-
--$code.=<<___;
--.globl poly1305_blocks
--.type poly1305_blocks,\@function
--.align 16
--poly1305_blocks:
-- srl${g} $len,4 # fixed-up in 64-bit build
-- lghi %r0,0
-- cl${g}r $len,%r0
-- je .Lno_data
--
-- stm${g} %r6,%r14,`6*$SIZE_T`($sp)
--
-- llgfr $padbit,$padbit # clear upper half, much needed with
-- # non-64-bit ABI
-- lg $r0,32($ctx) # load key
-- lg $r1,40($ctx)
--
-- lg $h0,0($ctx) # load hash value
-- lg $h1,8($ctx)
-- lg $h2,16($ctx)
--
-- st$g $ctx,`2*$SIZE_T`($sp) # off-load $ctx
-- srlg $s1,$r1,2
-- algr $s1,$r1 # s1 = r1 + r1>>2
-- j .Loop
--
--.align 16
--.Loop:
-- lrvg $d0lo,0($inp) # load little-endian input
-- lrvg $d1lo,8($inp)
-- la $inp,16($inp)
--
-- algr $d0lo,$h0 # accumulate input
-- alcgr $d1lo,$h1
--
-- lgr $h0,$d0lo
-- mlgr $d0hi,$r0 # h0*r0 -> $d0hi:$d0lo
-- lgr $h1,$d1lo
-- mlgr $d1hi,$s1 # h1*5*r1 -> $d1hi:$d1lo
--
-- mlgr $t0,$r1 # h0*r1 -> $t0:$h0
-- mlgr $t1,$r0 # h1*r0 -> $t1:$h1
-- alcgr $h2,$padbit
--
-- algr $d0lo,$d1lo
-- lgr $d1lo,$h2
-- alcgr $d0hi,$d1hi
-- lghi $d1hi,0
--
-- algr $h1,$h0
-- alcgr $t1,$t0
--
-- msgr $d1lo,$s1 # h2*s1
-- msgr $h2,$r0 # h2*r0
--
-- algr $h1,$d1lo
-- alcgr $t1,$d1hi # $d1hi is zero
--
-- algr $h1,$d0hi
-- alcgr $h2,$t1
--
-- lghi $h0,-4 # final reduction step
-- ngr $h0,$h2
-- srlg $t0,$h2,2
-- algr $h0,$t0
-- lghi $t1,3
-- ngr $h2,$t1
--
-- algr $h0,$d0lo
-- alcgr $h1,$d1hi # $d1hi is still zero
-- alcgr $h2,$d1hi # $d1hi is still zero
--
-- brct$g $len,.Loop
--
-- l$g $ctx,`2*$SIZE_T`($sp) # restore $ctx
--
-- stg $h0,0($ctx) # store hash value
-- stg $h1,8($ctx)
-- stg $h2,16($ctx)
--
-- lm${g} %r6,%r14,`6*$SIZE_T`($sp)
--.Lno_data:
-- br %r14
--.size poly1305_blocks,.-poly1305_blocks
--___
-+GLOBL ("poly1305_blocks");
-+TYPE ("poly1305_blocks","\@function");
-+ALIGN (16);
-+LABEL ("poly1305_blocks");
-+LABEL (".Lpoly1305_blocks");
-+&{$z? \&ltgr:\&ltr} ("%r0",$len);
-+ jz (".Lno_data");
-+
-+&{$z? \&stmg:\&stm} ("%r6","%r14","6*$SIZE_T($sp)");
-+
-+ lg ($h0,"0($ctx)"); # load hash value
-+ lg ($h1,"8($ctx)");
-+ lg ($h2,"16($ctx)");
-+
-+LABEL (".Lpoly1305_blocks_entry");
-+if ($z) {
-+ srlg ($len,$len,4);
-+} else {
-+ srl ($len,4);
-+}
-+ llgfr ($padbit,$padbit); # clear upper half, much needed with
-+ # non-64-bit ABI
-+ lg ($r0,"32($ctx)"); # load key
-+ lg ($r1,"40($ctx)");
-+
-+&{$z? \&stg:\&st} ($ctx,"2*$SIZE_T($sp)"); # off-load $ctx
-+ srlg ($s1,$r1,2);
-+ algr ($s1,$r1); # s1 = r1 + r1>>2
-+ j (".Loop");
-+
-+ALIGN (16);
-+LABEL (".Loop");
-+ lrvg ($d0lo,"0($inp)"); # load little-endian input
-+ lrvg ($d1lo,"8($inp)");
-+ la ($inp,"16($inp)");
-+
-+ algr ($d0lo,$h0); # accumulate input
-+ alcgr ($d1lo,$h1);
-+ alcgr ($h2,$padbit);
-+
-+ lgr ($h0,$d0lo);
-+ mlgr ($d0hi,$r0); # h0*r0 -> $d0hi:$d0lo
-+ lgr ($h1,$d1lo);
-+ mlgr ($d1hi,$s1); # h1*5*r1 -> $d1hi:$d1lo
-+
-+ mlgr ($t0,$r1); # h0*r1 -> $t0:$h0
-+ mlgr ($t1,$r0); # h1*r0 -> $t1:$h1
-+
-+ algr ($d0lo,$d1lo);
-+ lgr ($d1lo,$h2);
-+ alcgr ($d0hi,$d1hi);
-+ lghi ($d1hi,0);
-+
-+ algr ($h1,$h0);
-+ alcgr ($t1,$t0);
-+
-+ msgr ($d1lo,$s1); # h2*s1
-+ msgr ($h2,$r0); # h2*r0
-+
-+ algr ($h1,$d1lo);
-+ alcgr ($t1,$d1hi); # $d1hi is zero
-+
-+ algr ($h1,$d0hi);
-+ alcgr ($h2,$t1);
-+
-+ lghi ($h0,-4); # final reduction step
-+ ngr ($h0,$h2);
-+ srlg ($t0,$h2,2);
-+ algr ($h0,$t0);
-+ lghi ($t1,3);
-+ ngr ($h2,$t1);
-+
-+ algr ($h0,$d0lo);
-+ alcgr ($h1,$d1hi); # $d1hi is still zero
-+ alcgr ($h2,$d1hi); # $d1hi is still zero
-+
-+&{$z? \&brctg:\&brct} ($len,".Loop");
-+
-+&{$z? \&lg:\&l} ($ctx,"2*$SIZE_T($sp)");# restore $ctx
-+
-+ stg ($h0,"0($ctx)"); # store hash value
-+ stg ($h1,"8($ctx)");
-+ stg ($h2,"16($ctx)");
-+
-+&{$z? \&lmg:\&lm} ("%r6","%r14","6*$SIZE_T($sp)");
-+LABEL (".Lno_data");
-+ br ("%r14");
-+SIZE ("poly1305_blocks",".-poly1305_blocks");
- }
-+
-+################
-+# static void poly1305_blocks_vx(void *ctx, const unsigned char *inp,
-+# size_t len, u32 padbit)
-+{
-+my ($H0, $H1, $H2, $H3, $H4) = map("%v$_",(0..4));
-+my ($I0, $I1, $I2, $I3, $I4) = map("%v$_",(5..9));
-+my ($R0, $R1, $S1, $R2, $S2) = map("%v$_",(10..14));
-+my ($R3, $S3, $R4, $S4) = map("%v$_",(15..18));
-+my ($ACC0, $ACC1, $ACC2, $ACC3, $ACC4) = map("%v$_",(19..23));
-+my ($T1, $T2, $T3, $T4) = map("%v$_",(24..27));
-+my ($mask26,$bswaplo,$bswaphi,$bswapmi) = map("%v$_",(28..31));
-+
-+my ($d2,$d0,$h0,$d1,$h1,$h2)=map("%r$_",(9..14));
-+
-+TYPE ("poly1305_blocks_vx","\@function");
-+ALIGN (16);
-+LABEL ("poly1305_blocks_vx");
-+LABEL (".Lpoly1305_blocks_vx");
-+&{$z? \&clgfi:\&clfi} ($len,128);
-+ jhe ("__poly1305_blocks_vx");
-+
-+&{$z? \&stmg:\&stm} ("%r6","%r14","6*$SIZE_T($sp)");
-+
-+ lg ($d0,"0($ctx)");
-+ lg ($d1,"8($ctx)");
-+ lg ($d2,"16($ctx)");
-+
-+ llgfr ("%r0",$d0); # base 2^26 -> base 2^64
-+ srlg ($h0,$d0,32);
-+ llgfr ("%r1",$d1);
-+ srlg ($h1,$d1,32);
-+ srlg ($h2,$d2,32);
-+
-+ sllg ("%r0","%r0",26);
-+ algr ($h0,"%r0");
-+ sllg ("%r0",$h1,52);
-+ srlg ($h1,$h1,12);
-+ sllg ("%r1","%r1",14);
-+ algr ($h0,"%r0");
-+ alcgr ($h1,"%r1");
-+ sllg ("%r0",$h2,40);
-+ srlg ($h2,$h2,24);
-+ lghi ("%r1",0);
-+ algr ($h1,"%r0");
-+ alcgr ($h2,"%r1");
-+
-+ llgf ("%r0","24($ctx)"); # is_base2_26
-+ lcgr ("%r0","%r0");
-+
-+ xgr ($h0,$d0); # choose between radixes
-+ xgr ($h1,$d1);
-+ xgr ($h2,$d2);
-+ ngr ($h0,"%r0");
-+ ngr ($h1,"%r0");
-+ ngr ($h2,"%r0");
-+ xgr ($h0,$d0);
-+ xgr ($h1,$d1);
-+ xgr ($h2,$d2);
-+
-+ lhi ("%r0",0);
-+ st ("%r0","24($ctx)"); # clear is_base2_26
-+
-+ j (".Lpoly1305_blocks_entry");
-+SIZE ("poly1305_blocks_vx",".-poly1305_blocks_vx");
-+
-+TYPE ("__poly1305_mul","\@function");
-+ALIGN (16);
-+LABEL ("__poly1305_mul");
-+ vmlof ($ACC0,$H0,$R0);
-+ vmlof ($ACC1,$H0,$R1);
-+ vmlof ($ACC2,$H0,$R2);
-+ vmlof ($ACC3,$H0,$R3);
-+ vmlof ($ACC4,$H0,$R4);
-+
-+ vmalof ($ACC0,$H1,$S4,$ACC0);
-+ vmalof ($ACC1,$H1,$R0,$ACC1);
-+ vmalof ($ACC2,$H1,$R1,$ACC2);
-+ vmalof ($ACC3,$H1,$R2,$ACC3);
-+ vmalof ($ACC4,$H1,$R3,$ACC4);
-+
-+ vmalof ($ACC0,$H2,$S3,$ACC0);
-+ vmalof ($ACC1,$H2,$S4,$ACC1);
-+ vmalof ($ACC2,$H2,$R0,$ACC2);
-+ vmalof ($ACC3,$H2,$R1,$ACC3);
-+ vmalof ($ACC4,$H2,$R2,$ACC4);
-+
-+ vmalof ($ACC0,$H3,$S2,$ACC0);
-+ vmalof ($ACC1,$H3,$S3,$ACC1);
-+ vmalof ($ACC2,$H3,$S4,$ACC2);
-+ vmalof ($ACC3,$H3,$R0,$ACC3);
-+ vmalof ($ACC4,$H3,$R1,$ACC4);
-+
-+ vmalof ($ACC0,$H4,$S1,$ACC0);
-+ vmalof ($ACC1,$H4,$S2,$ACC1);
-+ vmalof ($ACC2,$H4,$S3,$ACC2);
-+ vmalof ($ACC3,$H4,$S4,$ACC3);
-+ vmalof ($ACC4,$H4,$R0,$ACC4);
-+
-+ ################################################################
-+ # lazy reduction
-+
-+ vesrlg ($H4,$ACC3,26);
-+ vesrlg ($H1,$ACC0,26);
-+ vn ($H3,$ACC3,$mask26);
-+ vn ($H0,$ACC0,$mask26);
-+ vag ($H4,$H4,$ACC4); # h3 -> h4
-+ vag ($H1,$H1,$ACC1); # h0 -> h1
-+
-+ vesrlg ($ACC4,$H4,26);
-+ vesrlg ($ACC1,$H1,26);
-+ vn ($H4,$H4,$mask26);
-+ vn ($H1,$H1,$mask26);
-+ vag ($H0,$H0,$ACC4);
-+ vag ($H2,$ACC2,$ACC1); # h1 -> h2
-+
-+ veslg ($ACC4,$ACC4,2); # <<2
-+ vesrlg ($ACC2,$H2,26);
-+ vn ($H2,$H2,$mask26);
-+ vag ($H0,$H0,$ACC4); # h4 -> h0
-+ vag ($H3,$H3,$ACC2); # h2 -> h3
-+
-+ vesrlg ($ACC0,$H0,26);
-+ vesrlg ($ACC3,$H3,26);
-+ vn ($H0,$H0,$mask26);
-+ vn ($H3,$H3,$mask26);
-+ vag ($H1,$H1,$ACC0); # h0 -> h1
-+ vag ($H4,$H4,$ACC3); # h3 -> h4
-+ br ("%r14");
-+SIZE ("__poly1305_mul",".-__poly1305_mul");
-+
-+TYPE ("__poly1305_blocks_vx","\@function");
-+ALIGN (16);
-+LABEL ("__poly1305_blocks_vx");
-+&{$z? \&lgr:\&lr} ("%r0",$sp);
-+&{$z? \&stmg:\&stm} ("%r10","%r15","10*$SIZE_T($sp)");
-+if (!$z) {
-+ std ("%f4","16*$SIZE_T+2*8($sp)");
-+ std ("%f6","16*$SIZE_T+3*8($sp)");
-+ ahi ($sp,-$stdframe);
-+ st ("%r0","0($sp)"); # back-chain
-+
-+ llgfr ($len,$len); # so that srlg works on $len
-+} else {
-+ aghi ($sp,"-($stdframe+8*8)");
-+ stg ("%r0","0($sp)"); # back-chain
-+
-+ std ("%f8","$stdframe+0*8($sp)");
-+ std ("%f9","$stdframe+1*8($sp)");
-+ std ("%f10","$stdframe+2*8($sp)");
-+ std ("%f11","$stdframe+3*8($sp)");
-+ std ("%f12","$stdframe+4*8($sp)");
-+ std ("%f13","$stdframe+5*8($sp)");
-+ std ("%f14","$stdframe+6*8($sp)");
-+ std ("%f15","$stdframe+7*8($sp)");
-+}
-+ larl ("%r1",".Lconst");
-+ vgmg ($mask26,38,63);
-+ vlm ($bswaplo,$bswapmi,"16(%r1)");
-+
-+ &lt ("%r0","24($ctx)"); # is_base2_26?
-+ jnz (".Lskip_init");
-+
-+ lg ($h0,"32($ctx)"); # load key base 2^64
-+ lg ($h1,"40($ctx)");
-+
-+ risbg ($d0,$h0,38,0x80+63,38); # base 2^64 -> 2^26
-+ srlg ($d1,$h0,52);
-+ risbg ($h0,$h0,38,0x80+63,0);
-+ vlvgg ($R0,$h0,0);
-+ risbg ($d1,$h1,38,51,12);
-+ vlvgg ($R1,$d0,0);
-+ risbg ($d0,$h1,38,63,50);
-+ vlvgg ($R2,$d1,0);
-+ srlg ($d1,$h1,40);
-+ vlvgg ($R3,$d0,0);
-+ vlvgg ($R4,$d1,0);
-+
-+ veslg ($S1,$R1,2);
-+ veslg ($S2,$R2,2);
-+ veslg ($S3,$R3,2);
-+ veslg ($S4,$R4,2);
-+ vlr ($H0,$R0);
-+ vlr ($H1,$R1);
-+ vlr ($H2,$R2);
-+ vlr ($H3,$R3);
-+ vlr ($H4,$R4);
-+ vag ($S1,$S1,$R1); # * 5
-+ vag ($S2,$S2,$R2);
-+ vag ($S3,$S3,$R3);
-+ vag ($S4,$S4,$R4);
-+
-+ brasl ("%r14","__poly1305_mul"); # r^1:- * r^1:-
-+
-+ vpdi ($R0,$H0,$R0,0); # r^2:r^1
-+ vpdi ($R1,$H1,$R1,0);
-+ vpdi ($R2,$H2,$R2,0);
-+ vpdi ($R3,$H3,$R3,0);
-+ vpdi ($R4,$H4,$R4,0);
-+ vpdi ($H0,$H0,$H0,0); # r^2:r^2
-+ vpdi ($H1,$H1,$H1,0);
-+ vpdi ($H2,$H2,$H2,0);
-+ vpdi ($H3,$H3,$H3,0);
-+ vpdi ($H4,$H4,$H4,0);
-+ veslg ($S1,$R1,2);
-+ veslg ($S2,$R2,2);
-+ veslg ($S3,$R3,2);
-+ veslg ($S4,$R4,2);
-+ vag ($S1,$S1,$R1); # * 5
-+ vag ($S2,$S2,$R2);
-+ vag ($S3,$S3,$R3);
-+ vag ($S4,$S4,$R4);
-+
-+ brasl ("%r14,__poly1305_mul"); # r^2:r^2 * r^2:r^1
-+
-+ vl ($I0,"0(%r1)"); # borrow $I0
-+ vperm ($R0,$R0,$H0,$I0); # r^2:r^4:r^1:r^3
-+ vperm ($R1,$R1,$H1,$I0);
-+ vperm ($R2,$R2,$H2,$I0);
-+ vperm ($R3,$R3,$H3,$I0);
-+ vperm ($R4,$R4,$H4,$I0);
-+ veslf ($S1,$R1,2);
-+ veslf ($S2,$R2,2);
-+ veslf ($S3,$R3,2);
-+ veslf ($S4,$R4,2);
-+ vaf ($S1,$S1,$R1); # * 5
-+ vaf ($S2,$S2,$R2);
-+ vaf ($S3,$S3,$R3);
-+ vaf ($S4,$S4,$R4);
-+
-+ lg ($h0,"0($ctx)"); # load hash base 2^64
-+ lg ($h1,"8($ctx)");
-+ lg ($h2,"16($ctx)");
-+
-+ vzero ($H0);
-+ vzero ($H1);
-+ vzero ($H2);
-+ vzero ($H3);
-+ vzero ($H4);
-+
-+ risbg ($d0,$h0,38,0x80+63,38); # base 2^64 -> 2^26
-+ srlg ($d1,$h0,52);
-+ risbg ($h0,$h0,38,0x80+63,0);
-+ vlvgg ($H0,$h0,0);
-+ risbg ($d1,$h1,38,51,12);
-+ vlvgg ($H1,$d0,0);
-+ risbg ($d0,$h1,38,63,50);
-+ vlvgg ($H2,$d1,0);
-+ srlg ($d1,$h1,40);
-+ vlvgg ($H3,$d0,0);
-+ risbg ($d1,$h2,37,39,24);
-+ vlvgg ($H4,$d1,0);
-+
-+ lhi ("%r0",1);
-+ st ("%r0","24($ctx)"); # set is_base2_26
-+
-+ vstm ($R0,$S4,"48($ctx)"); # save key schedule base 2^26
-+
-+ vpdi ($R0,$R0,$R0,0); # broadcast r^2:r^4
-+ vpdi ($R1,$R1,$R1,0);
-+ vpdi ($S1,$S1,$S1,0);
-+ vpdi ($R2,$R2,$R2,0);
-+ vpdi ($S2,$S2,$S2,0);
-+ vpdi ($R3,$R3,$R3,0);
-+ vpdi ($S3,$S3,$S3,0);
-+ vpdi ($R4,$R4,$R4,0);
-+ vpdi ($S4,$S4,$S4,0);
-+
-+ j (".Loaded_hash");
-+
-+ALIGN (16);
-+LABEL (".Lskip_init");
-+ vllezf ($H0,"0($ctx)"); # load hash base 2^26
-+ vllezf ($H1,"4($ctx)");
-+ vllezf ($H2,"8($ctx)");
-+ vllezf ($H3,"12($ctx)");
-+ vllezf ($H4,"16($ctx)");
-+
-+ vlrepg ($R0,"0x30($ctx)"); # broadcast r^2:r^4
-+ vlrepg ($R1,"0x40($ctx)");
-+ vlrepg ($S1,"0x50($ctx)");
-+ vlrepg ($R2,"0x60($ctx)");
-+ vlrepg ($S2,"0x70($ctx)");
-+ vlrepg ($R3,"0x80($ctx)");
-+ vlrepg ($S3,"0x90($ctx)");
-+ vlrepg ($R4,"0xa0($ctx)");
-+ vlrepg ($S4,"0xb0($ctx)");
-+
-+LABEL (".Loaded_hash");
-+ vzero ($I1);
-+ vzero ($I3);
-+
-+ vlm ($T1,$T4,"0x00($inp)"); # load first input block
-+ la ($inp,"0x40($inp)");
-+ vgmg ($mask26,6,31);
-+ vgmf ($I4,5,5); # padbit<<2
-+
-+ vperm ($I0,$T3,$T4,$bswaplo);
-+ vperm ($I2,$T3,$T4,$bswapmi);
-+ vperm ($T3,$T3,$T4,$bswaphi);
-+
-+ verimg ($I1,$I0,$mask26,6); # >>26
-+ veslg ($I0,$I0,32);
-+ veslg ($I2,$I2,28); # >>4
-+ verimg ($I3,$T3,$mask26,18); # >>14
-+ verimg ($I4,$T3,$mask26,58); # >>38
-+ vn ($I0,$I0,$mask26);
-+ vn ($I2,$I2,$mask26);
-+ vesrlf ($I4,$I4,2); # >>2
-+
-+ vgmg ($mask26,38,63);
-+ vperm ($T3,$T1,$T2,$bswaplo);
-+ vperm ($T4,$T1,$T2,$bswaphi);
-+ vperm ($T2,$T1,$T2,$bswapmi);
-+
-+ verimg ($I0,$T3,$mask26,0);
-+ verimg ($I1,$T3,$mask26,38); # >>26
-+ verimg ($I2,$T2,$mask26,60); # >>4
-+ verimg ($I3,$T4,$mask26,50); # >>14
-+ vesrlg ($T4,$T4,40);
-+ vo ($I4,$I4,$T4);
-+
-+ srlg ("%r0",$len,6);
-+&{$z? \&aghi:\&ahi} ("%r0",-1);
-+
-+ALIGN (16);
-+LABEL (".Loop_vx");
-+ vmlef ($ACC0,$I0,$R0);
-+ vmlef ($ACC1,$I0,$R1);
-+ vmlef ($ACC2,$I0,$R2);
-+ vmlef ($ACC3,$I0,$R3);
-+ vmlef ($ACC4,$I0,$R4);
-+
-+ vmalef ($ACC0,$I1,$S4,$ACC0);
-+ vmalef ($ACC1,$I1,$R0,$ACC1);
-+ vmalef ($ACC2,$I1,$R1,$ACC2);
-+ vmalef ($ACC3,$I1,$R2,$ACC3);
-+ vmalef ($ACC4,$I1,$R3,$ACC4);
-+
-+ vaf ($H2,$H2,$I2);
-+ vaf ($H0,$H0,$I0);
-+ vaf ($H3,$H3,$I3);
-+ vaf ($H1,$H1,$I1);
-+ vaf ($H4,$H4,$I4);
-+
-+ vmalef ($ACC0,$I2,$S3,$ACC0);
-+ vmalef ($ACC1,$I2,$S4,$ACC1);
-+ vmalef ($ACC2,$I2,$R0,$ACC2);
-+ vmalef ($ACC3,$I2,$R1,$ACC3);
-+ vmalef ($ACC4,$I2,$R2,$ACC4);
-+
-+ vlm ($T1,$T4,"0x00($inp)"); # load next input block
-+ la ($inp,"0x40($inp)");
-+ vgmg ($mask26,6,31);
-+
-+ vmalef ($ACC0,$I3,$S2,$ACC0);
-+ vmalef ($ACC1,$I3,$S3,$ACC1);
-+ vmalef ($ACC2,$I3,$S4,$ACC2);
-+ vmalef ($ACC3,$I3,$R0,$ACC3);
-+ vmalef ($ACC4,$I3,$R1,$ACC4);
-+
-+ vperm ($I0,$T3,$T4,$bswaplo);
-+ vperm ($I2,$T3,$T4,$bswapmi);
-+ vperm ($T3,$T3,$T4,$bswaphi);
-+
-+ vmalef ($ACC0,$I4,$S1,$ACC0);
-+ vmalef ($ACC1,$I4,$S2,$ACC1);
-+ vmalef ($ACC2,$I4,$S3,$ACC2);
-+ vmalef ($ACC3,$I4,$S4,$ACC3);
-+ vmalef ($ACC4,$I4,$R0,$ACC4);
-+
-+ verimg ($I1,$I0,$mask26,6); # >>26
-+ veslg ($I0,$I0,32);
-+ veslg ($I2,$I2,28); # >>4
-+ verimg ($I3,$T3,$mask26,18); # >>14
-+
-+ vmalof ($ACC0,$H0,$R0,$ACC0);
-+ vmalof ($ACC1,$H0,$R1,$ACC1);
-+ vmalof ($ACC2,$H0,$R2,$ACC2);
-+ vmalof ($ACC3,$H0,$R3,$ACC3);
-+ vmalof ($ACC4,$H0,$R4,$ACC4);
-+
-+ vgmf ($I4,5,5); # padbit<<2
-+ verimg ($I4,$T3,$mask26,58); # >>38
-+ vn ($I0,$I0,$mask26);
-+ vn ($I2,$I2,$mask26);
-+ vesrlf ($I4,$I4,2); # >>2
-+
-+ vmalof ($ACC0,$H1,$S4,$ACC0);
-+ vmalof ($ACC1,$H1,$R0,$ACC1);
-+ vmalof ($ACC2,$H1,$R1,$ACC2);
-+ vmalof ($ACC3,$H1,$R2,$ACC3);
-+ vmalof ($ACC4,$H1,$R3,$ACC4);
-+
-+ vgmg ($mask26,38,63);
-+ vperm ($T3,$T1,$T2,$bswaplo);
-+ vperm ($T4,$T1,$T2,$bswaphi);
-+ vperm ($T2,$T1,$T2,$bswapmi);
-+
-+ vmalof ($ACC0,$H2,$S3,$ACC0);
-+ vmalof ($ACC1,$H2,$S4,$ACC1);
-+ vmalof ($ACC2,$H2,$R0,$ACC2);
-+ vmalof ($ACC3,$H2,$R1,$ACC3);
-+ vmalof ($ACC4,$H2,$R2,$ACC4);
-+
-+ verimg ($I0,$T3,$mask26,0);
-+ verimg ($I1,$T3,$mask26,38); # >>26
-+ verimg ($I2,$T2,$mask26,60); # >>4
-+
-+ vmalof ($ACC0,$H3,$S2,$ACC0);
-+ vmalof ($ACC1,$H3,$S3,$ACC1);
-+ vmalof ($ACC2,$H3,$S4,$ACC2);
-+ vmalof ($ACC3,$H3,$R0,$ACC3);
-+ vmalof ($ACC4,$H3,$R1,$ACC4);
-+
-+ verimg ($I3,$T4,$mask26,50); # >>14
-+ vesrlg ($T4,$T4,40);
-+ vo ($I4,$I4,$T4);
-+
-+ vmalof ($ACC0,$H4,$S1,$ACC0);
-+ vmalof ($ACC1,$H4,$S2,$ACC1);
-+ vmalof ($ACC2,$H4,$S3,$ACC2);
-+ vmalof ($ACC3,$H4,$S4,$ACC3);
-+ vmalof ($ACC4,$H4,$R0,$ACC4);
-+
-+ ################################################################
-+ # lazy reduction as discussed in "NEON crypto" by D.J. Bernstein
-+ # and P. Schwabe
-+
-+ vesrlg ($H4,$ACC3,26);
-+ vesrlg ($H1,$ACC0,26);
-+ vn ($H3,$ACC3,$mask26);
-+ vn ($H0,$ACC0,$mask26);
-+ vag ($H4,$H4,$ACC4); # h3 -> h4
-+ vag ($H1,$H1,$ACC1); # h0 -> h1
-+
-+ vesrlg ($ACC4,$H4,26);
-+ vesrlg ($ACC1,$H1,26);
-+ vn ($H4,$H4,$mask26);
-+ vn ($H1,$H1,$mask26);
-+ vag ($H0,$H0,$ACC4);
-+ vag ($H2,$ACC2,$ACC1); # h1 -> h2
-+
-+ veslg ($ACC4,$ACC4,2); # <<2
-+ vesrlg ($ACC2,$H2,26);
-+ vn ($H2,$H2,$mask26);
-+ vag ($H0,$H0,$ACC4); # h4 -> h0
-+ vag ($H3,$H3,$ACC2); # h2 -> h3
-+
-+ vesrlg ($ACC0,$H0,26);
-+ vesrlg ($ACC3,$H3,26);
-+ vn ($H0,$H0,$mask26);
-+ vn ($H3,$H3,$mask26);
-+ vag ($H1,$H1,$ACC0); # h0 -> h1
-+ vag ($H4,$H4,$ACC3); # h3 -> h4
-+
-+&{$z? \&brctg:\&brct} ("%r0",".Loop_vx");
-+
-+ vlm ($R0,$S4,"48($ctx)"); # load all powers
-+
-+ lghi ("%r0",0x30);
-+&{$z? \&lcgr:\&lcr} ($len,$len);
-+&{$z? \&ngr:\&nr} ($len,"%r0");
-+&{$z? \&slgr:\&slr} ($inp,$len);
-+
-+LABEL (".Last");
-+ vmlef ($ACC0,$I0,$R0);
-+ vmlef ($ACC1,$I0,$R1);
-+ vmlef ($ACC2,$I0,$R2);
-+ vmlef ($ACC3,$I0,$R3);
-+ vmlef ($ACC4,$I0,$R4);
-+
-+ vmalef ($ACC0,$I1,$S4,$ACC0);
-+ vmalef ($ACC1,$I1,$R0,$ACC1);
-+ vmalef ($ACC2,$I1,$R1,$ACC2);
-+ vmalef ($ACC3,$I1,$R2,$ACC3);
-+ vmalef ($ACC4,$I1,$R3,$ACC4);
-+
-+ vaf ($H0,$H0,$I0);
-+ vaf ($H1,$H1,$I1);
-+ vaf ($H2,$H2,$I2);
-+ vaf ($H3,$H3,$I3);
-+ vaf ($H4,$H4,$I4);
-+
-+ vmalef ($ACC0,$I2,$S3,$ACC0);
-+ vmalef ($ACC1,$I2,$S4,$ACC1);
-+ vmalef ($ACC2,$I2,$R0,$ACC2);
-+ vmalef ($ACC3,$I2,$R1,$ACC3);
-+ vmalef ($ACC4,$I2,$R2,$ACC4);
-+
-+ vmalef ($ACC0,$I3,$S2,$ACC0);
-+ vmalef ($ACC1,$I3,$S3,$ACC1);
-+ vmalef ($ACC2,$I3,$S4,$ACC2);
-+ vmalef ($ACC3,$I3,$R0,$ACC3);
-+ vmalef ($ACC4,$I3,$R1,$ACC4);
-+
-+ vmalef ($ACC0,$I4,$S1,$ACC0);
-+ vmalef ($ACC1,$I4,$S2,$ACC1);
-+ vmalef ($ACC2,$I4,$S3,$ACC2);
-+ vmalef ($ACC3,$I4,$S4,$ACC3);
-+ vmalef ($ACC4,$I4,$R0,$ACC4);
-+
-+ vmalof ($ACC0,$H0,$R0,$ACC0);
-+ vmalof ($ACC1,$H0,$R1,$ACC1);
-+ vmalof ($ACC2,$H0,$R2,$ACC2);
-+ vmalof ($ACC3,$H0,$R3,$ACC3);
-+ vmalof ($ACC4,$H0,$R4,$ACC4);
-+
-+ vmalof ($ACC0,$H1,$S4,$ACC0);
-+ vmalof ($ACC1,$H1,$R0,$ACC1);
-+ vmalof ($ACC2,$H1,$R1,$ACC2);
-+ vmalof ($ACC3,$H1,$R2,$ACC3);
-+ vmalof ($ACC4,$H1,$R3,$ACC4);
-+
-+ vmalof ($ACC0,$H2,$S3,$ACC0);
-+ vmalof ($ACC1,$H2,$S4,$ACC1);
-+ vmalof ($ACC2,$H2,$R0,$ACC2);
-+ vmalof ($ACC3,$H2,$R1,$ACC3);
-+ vmalof ($ACC4,$H2,$R2,$ACC4);
-+
-+ vmalof ($ACC0,$H3,$S2,$ACC0);
-+ vmalof ($ACC1,$H3,$S3,$ACC1);
-+ vmalof ($ACC2,$H3,$S4,$ACC2);
-+ vmalof ($ACC3,$H3,$R0,$ACC3);
-+ vmalof ($ACC4,$H3,$R1,$ACC4);
-+
-+ vmalof ($ACC0,$H4,$S1,$ACC0);
-+ vmalof ($ACC1,$H4,$S2,$ACC1);
-+ vmalof ($ACC2,$H4,$S3,$ACC2);
-+ vmalof ($ACC3,$H4,$S4,$ACC3);
-+ vmalof ($ACC4,$H4,$R0,$ACC4);
-+
-+ ################################################################
-+ # horizontal addition
-+
-+ vzero ($H0);
-+ vsumqg ($ACC0,$ACC0,$H0);
-+ vsumqg ($ACC1,$ACC1,$H0);
-+ vsumqg ($ACC2,$ACC2,$H0);
-+ vsumqg ($ACC3,$ACC3,$H0);
-+ vsumqg ($ACC4,$ACC4,$H0);
-+
-+ ################################################################
-+ # lazy reduction
-+
-+ vesrlg ($H4,$ACC3,26);
-+ vesrlg ($H1,$ACC0,26);
-+ vn ($H3,$ACC3,$mask26);
-+ vn ($H0,$ACC0,$mask26);
-+ vag ($H4,$H4,$ACC4); # h3 -> h4
-+ vag ($H1,$H1,$ACC1); # h0 -> h1
-+
-+ vesrlg ($ACC4,$H4,26);
-+ vesrlg ($ACC1,$H1,26);
-+ vn ($H4,$H4,$mask26);
-+ vn ($H1,$H1,$mask26);
-+ vag ($H0,$H0,$ACC4);
-+ vag ($H2,$ACC2,$ACC1); # h1 -> h2
-+
-+ veslg ($ACC4,$ACC4,2); # <<2
-+ vesrlg ($ACC2,$H2,26);
-+ vn ($H2,$H2,$mask26);
-+ vag ($H0,$H0,$ACC4); # h4 -> h0
-+ vag ($H3,$H3,$ACC2); # h2 -> h3
-+
-+ vesrlg ($ACC0,$H0,26);
-+ vesrlg ($ACC3,$H3,26);
-+ vn ($H0,$H0,$mask26);
-+ vn ($H3,$H3,$mask26);
-+ vag ($H1,$H1,$ACC0); # h0 -> h1
-+ vag ($H4,$H4,$ACC3); # h3 -> h4
-+
-+&{$z? \&clgfi:\&clfi} ($len,0);
-+ je (".Ldone");
-+
-+ vlm ($T1,$T4,"0x00($inp)"); # load last partial block
-+ vgmg ($mask26,6,31);
-+ vgmf ($I4,5,5); # padbit<<2
-+
-+ vperm ($I0,$T3,$T4,$bswaplo);
-+ vperm ($I2,$T3,$T4,$bswapmi);
-+ vperm ($T3,$T3,$T4,$bswaphi);
-+
-+ vl ($ACC0,"0x30($len,%r1)"); # borrow $ACC0,1
-+ vl ($ACC1,"0x60($len,%r1)");
-+
-+ verimg ($I1,$I0,$mask26,6); # >>26
-+ veslg ($I0,$I0,32);
-+ veslg ($I2,$I2,28); # >>4
-+ verimg ($I3,$T3,$mask26,18); # >>14
-+ verimg ($I4,$T3,$mask26,58); # >>38
-+ vn ($I0,$I0,$mask26);
-+ vn ($I2,$I2,$mask26);
-+ vesrlf ($I4,$I4,2); # >>2
-+
-+ vgmg ($mask26,38,63);
-+ vperm ($T3,$T1,$T2,$bswaplo);
-+ vperm ($T4,$T1,$T2,$bswaphi);
-+ vperm ($T2,$T1,$T2,$bswapmi);
-+
-+ verimg ($I0,$T3,$mask26,0);
-+ verimg ($I1,$T3,$mask26,38); # >>26
-+ verimg ($I2,$T2,$mask26,60); # >>4
-+ verimg ($I3,$T4,$mask26,50); # >>14
-+ vesrlg ($T4,$T4,40);
-+ vo ($I4,$I4,$T4);
-+
-+ vperm ($H0,$H0,$H0,$ACC0); # move hash to right lane
-+ vn ($I0,$I0,$ACC1); # mask redundant lane[s]
-+ vperm ($H1,$H1,$H1,$ACC0);
-+ vn ($I1,$I1,$ACC1);
-+ vperm ($H2,$H2,$H2,$ACC0);
-+ vn ($I2,$I2,$ACC1);
-+ vperm ($H3,$H3,$H3,$ACC0);
-+ vn ($I3,$I3,$ACC1);
-+ vperm ($H4,$H4,$H4,$ACC0);
-+ vn ($I4,$I4,$ACC1);
-+
-+ vaf ($I0,$I0,$H0); # accumulate hash
-+ vzero ($H0); # wipe hash value
-+ vaf ($I1,$I1,$H1);
-+ vzero ($H1);
-+ vaf ($I2,$I2,$H2);
-+ vzero ($H2);
-+ vaf ($I3,$I3,$H3);
-+ vzero ($H3);
-+ vaf ($I4,$I4,$H4);
-+ vzero ($H4);
-+
-+&{$z? \&lghi:\&lhi} ($len,0);
-+ j (".Last");
-+ # I don't bother to tell apart cases when only one multiplication
-+ # pass is sufficient, because I argue that mispredicted branch
-+ # penalties are comparable to overhead of sometimes redundant
-+ # multiplication pass...
-+
-+LABEL (".Ldone");
-+ vstef ($H0,"0($ctx)",3); # store hash base 2^26
-+ vstef ($H1,"4($ctx)",3);
-+ vstef ($H2,"8($ctx)",3);
-+ vstef ($H3,"12($ctx)",3);
-+ vstef ($H4,"16($ctx)",3);
-+
-+if ($z) {
-+ ld ("%f8","$stdframe+0*8($sp)");
-+ ld ("%f9","$stdframe+1*8($sp)");
-+ ld ("%f10","$stdframe+2*8($sp)");
-+ ld ("%f11","$stdframe+3*8($sp)");
-+ ld ("%f12","$stdframe+4*8($sp)");
-+ ld ("%f13","$stdframe+5*8($sp)");
-+ ld ("%f14","$stdframe+6*8($sp)");
-+ ld ("%f15","$stdframe+7*8($sp)");
-+&{$z? \&lmg:\&lm} ("%r10","%r15","$stdframe+8*8+10*$SIZE_T($sp)");
-+} else {
-+ ld ("%f4","$stdframe+16*$SIZE_T+2*8($sp)");
-+ ld ("%f6","$stdframe+16*$SIZE_T+3*8($sp)");
-+&{$z? \&lmg:\&lm} ("%r10","%r15","$stdframe+10*$SIZE_T($sp)");
-+}
-+ br ("%r14");
-+SIZE ("__poly1305_blocks_vx",".-__poly1305_blocks_vx");
-+}
-+
-+################
-+# static void poly1305_emit(void *ctx, unsigned char mac[16],
-+# const u32 nonce[4])
- {
- my ($mac,$nonce)=($inp,$len);
--my ($h0,$h1,$h2,$d0,$d1)=map("%r$_",(5..9));
-+my ($h0,$h1,$h2,$d0,$d1,$d2)=map("%r$_",(5..10));
-
--$code.=<<___;
--.globl poly1305_emit
--.type poly1305_emit,\@function
--.align 16
--poly1305_emit:
-- stm${g} %r6,%r9,`6*$SIZE_T`($sp)
--
-- lg $h0,0($ctx)
-- lg $h1,8($ctx)
-- lg $h2,16($ctx)
--
-- lghi %r0,5
-- lghi %r1,0
-- lgr $d0,$h0
-- lgr $d1,$h1
--
-- algr $h0,%r0 # compare to modulus
-- alcgr $h1,%r1
-- alcgr $h2,%r1
--
-- srlg $h2,$h2,2 # did it borrow/carry?
-- slgr %r1,$h2 # 0-$h2>>2
-- lg $h2,0($nonce) # load nonce
-- lghi %r0,-1
-- lg $ctx,8($nonce)
-- xgr %r0,%r1 # ~%r1
--
-- ngr $h0,%r1
-- ngr $d0,%r0
-- ngr $h1,%r1
-- ngr $d1,%r0
-- ogr $h0,$d0
-- rllg $d0,$h2,32 # flip nonce words
-- ogr $h1,$d1
-- rllg $d1,$ctx,32
--
-- algr $h0,$d0 # accumulate nonce
-- alcgr $h1,$d1
--
-- strvg $h0,0($mac) # write little-endian result
-- strvg $h1,8($mac)
--
-- lm${g} %r6,%r9,`6*$SIZE_T`($sp)
-- br %r14
--.size poly1305_emit,.-poly1305_emit
--
--.string "Poly1305 for s390x, CRYPTOGAMS by <appro\@openssl.org>"
--___
-+GLOBL ("poly1305_emit");
-+TYPE ("poly1305_emit","\@function");
-+ALIGN (16);
-+LABEL ("poly1305_emit");
-+LABEL (".Lpoly1305_emit");
-+&{$z? \&stmg:\&stm} ("%r6","%r10","6*$SIZE_T($sp)");
-+
-+ lg ($d0,"0($ctx)");
-+ lg ($d1,"8($ctx)");
-+ lg ($d2,"16($ctx)");
-+
-+ llgfr ("%r0",$d0); # base 2^26 -> base 2^64
-+ srlg ($h0,$d0,32);
-+ llgfr ("%r1",$d1);
-+ srlg ($h1,$d1,32);
-+ srlg ($h2,$d2,32);
-+
-+ sllg ("%r0","%r0",26);
-+ algr ($h0,"%r0");
-+ sllg ("%r0",$h1,52);
-+ srlg ($h1,$h1,12);
-+ sllg ("%r1","%r1",14);
-+ algr ($h0,"%r0");
-+ alcgr ($h1,"%r1");
-+ sllg ("%r0",$h2,40);
-+ srlg ($h2,$h2,24);
-+ lghi ("%r1",0);
-+ algr ($h1,"%r0");
-+ alcgr ($h2,"%r1");
-+
-+ llgf ("%r0","24($ctx)"); # is_base2_26
-+ lcgr ("%r0","%r0");
-+
-+ xgr ($h0,$d0); # choose between radixes
-+ xgr ($h1,$d1);
-+ xgr ($h2,$d2);
-+ ngr ($h0,"%r0");
-+ ngr ($h1,"%r0");
-+ ngr ($h2,"%r0");
-+ xgr ($h0,$d0);
-+ xgr ($h1,$d1);
-+ xgr ($h2,$d2);
-+
-+ lghi ("%r0",5);
-+ lgr ($d0,$h0);
-+ lgr ($d1,$h1);
-+
-+ algr ($h0,"%r0"); # compare to modulus
-+ alcgr ($h1,"%r1");
-+ alcgr ($h2,"%r1");
-+
-+ srlg ($h2,$h2,2); # did it borrow/carry?
-+ slgr ("%r1",$h2); # 0-$h2>>2
-+ lg ($d2,"0($nonce)"); # load nonce
-+ lg ($ctx,"8($nonce)");
-+
-+ xgr ($h0,$d0);
-+ xgr ($h1,$d1);
-+ ngr ($h0,"%r1");
-+ ngr ($h1,"%r1");
-+ xgr ($h0,$d0);
-+ rllg ($d0,$d2,32); # flip nonce words
-+ xgr ($h1,$d1);
-+ rllg ($d1,$ctx,32);
-+
-+ algr ($h0,$d0); # accumulate nonce
-+ alcgr ($h1,$d1);
-+
-+ strvg ($h0,"0($mac)"); # write little-endian result
-+ strvg ($h1,"8($mac)");
-+
-+&{$z? \&lmg:\&lm} ("%r6","%r10","6*$SIZE_T($sp)");
-+ br ("%r14");
-+SIZE ("poly1305_emit",".-poly1305_emit");
- }
-
--$code =~ s/\`([^\`]*)\`/eval $1/gem;
--$code =~ s/\b(srlg\s+)(%r[0-9]+\s*,)\s*([0-9]+)/$1$2$2$3/gm;
-+################
-+
-+ALIGN (16);
-+LABEL (".Lconst");
-+LONG (0x04050607,0x14151617,0x0c0d0e0f,0x1c1d1e1f); # merge odd
-+LONG (0x07060504,0x03020100,0x17161514,0x13121110); # byte swap masks
-+LONG (0x0f0e0d0c,0x0b0a0908,0x1f1e1d1c,0x1b1a1918);
-+LONG (0x00000000,0x09080706,0x00000000,0x19181716);
-+
-+LONG (0x00000000,0x00000000,0x00000000,0x0c0d0e0f); # magic tail masks
-+LONG (0x0c0d0e0f,0x00000000,0x00000000,0x00000000);
-+LONG (0x00000000,0x00000000,0x0c0d0e0f,0x00000000);
-+
-+LONG (0xffffffff,0x00000000,0xffffffff,0xffffffff);
-+LONG (0xffffffff,0x00000000,0xffffffff,0x00000000);
-+LONG (0x00000000,0x00000000,0xffffffff,0x00000000);
-+
-+STRING ("\"Poly1305 for s390x, CRYPTOGAMS by <appro\@openssl.org>\"");
-
--print $code;
--close STDOUT;
-+PERLASM_END();
-diff -up openssl-1.1.1b/crypto/poly1305/build.info.s390x-update openssl-1.1.1b/crypto/poly1305/build.info
---- openssl-1.1.1b/crypto/poly1305/build.info.s390x-update 2019-05-06 10:54:00.036367588 +0200
-+++ openssl-1.1.1b/crypto/poly1305/build.info 2019-05-06 10:56:14.964105164 +0200
-@@ -18,6 +18,7 @@ INCLUDE[poly1305-armv8.o]=..
- GENERATE[poly1305-mips.S]=asm/poly1305-mips.pl $(PERLASM_SCHEME)
- INCLUDE[poly1305-mips.o]=..
- GENERATE[poly1305-s390x.S]=asm/poly1305-s390x.pl $(PERLASM_SCHEME)
-+INCLUDE[poly1305-s390x.o]=..
-
- BEGINRAW[Makefile(unix)]
- {- $builddir -}/poly1305-%.S: {- $sourcedir -}/asm/poly1305-%.pl
diff --git a/openssl-freefilesync/openssl-1.1.1-seclevel.patch b/openssl-freefilesync/openssl-1.1.1-seclevel.patch
deleted file mode 100644
index fe6c6bb..0000000
--- a/openssl-freefilesync/openssl-1.1.1-seclevel.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-diff -up openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1/crypto/x509/x509_vfy.c
---- openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel 2018-09-11 14:48:22.000000000 +0200
-+++ openssl-1.1.1/crypto/x509/x509_vfy.c 2018-10-01 09:52:23.535298908 +0200
-@@ -3220,6 +3220,7 @@ static int build_chain(X509_STORE_CTX *c
- }
-
- static const int minbits_table[] = { 80, 112, 128, 192, 256 };
-+static const int minbits_digest_table[] = { 80, 80, 128, 192, 256 };
- static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table);
-
- /*
-@@ -3264,6 +3265,8 @@ static int check_sig_level(X509_STORE_CT
-
- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
- return 0;
--
-- return secbits >= minbits_table[level - 1];
-+ /* Allow SHA1 in SECLEVEL 2 in non-FIPS mode */
-+ if (FIPS_mode())
-+ return secbits >= minbits_table[level - 1];
-+ return secbits >= minbits_digest_table[level - 1];
- }
-diff -up openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod
---- openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel 2018-09-11 14:48:22.000000000 +0200
-+++ openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod 2018-10-01 09:52:23.535298908 +0200
-@@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited
-
- =item B<Level 2>
-
--Security level set to 112 bits of security. As a result RSA, DSA and DH keys
--shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited.
-+Security level set to 112 bits of security with the exception of SHA1 allowed
-+for signatures.
-+As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys
-+shorter than 224 bits are prohibited.
- In addition to the level 1 exclusions any cipher suite using RC4 is also
- prohibited. SSL version 3 is also not allowed. Compression is disabled.
-
-diff -up openssl-1.1.1/ssl/ssl_cert.c.seclevel openssl-1.1.1/ssl/ssl_cert.c
---- openssl-1.1.1/ssl/ssl_cert.c.seclevel 2018-09-11 14:48:23.000000000 +0200
-+++ openssl-1.1.1/ssl/ssl_cert.c 2018-10-12 15:29:12.673799305 +0200
-@@ -983,6 +983,9 @@ static int ssl_security_default_callback
- return 0;
- break;
- default:
-+ /* allow SHA1 in SECLEVEL 2 in non FIPS mode */
-+ if (nid == NID_sha1 && minbits == 112 && !FIPS_mode())
-+ break;
- if (bits < minbits)
- return 0;
- }
-diff -up openssl-1.1.1/test/recipes/25-test_verify.t.seclevel openssl-1.1.1/test/recipes/25-test_verify.t
---- openssl-1.1.1/test/recipes/25-test_verify.t.seclevel 2018-09-11 14:48:24.000000000 +0200
-+++ openssl-1.1.1/test/recipes/25-test_verify.t 2018-10-01 09:52:23.535298908 +0200
-@@ -342,8 +342,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver
- ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
- "CA with PSS signature using SHA256");
-
--ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
-- "Reject PSS signature using SHA1 and auth level 2");
-+ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"),
-+ "Reject PSS signature using SHA1 and auth level 3");
-
- ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
- "PSS signature using SHA256 and auth level 2");
diff --git a/openssl-freefilesync/openssl-1.1.1-ssh-kdf.patch b/openssl-freefilesync/openssl-1.1.1-ssh-kdf.patch
deleted file mode 100644
index 08f02ac..0000000
--- a/openssl-freefilesync/openssl-1.1.1-ssh-kdf.patch
+++ /dev/null
@@ -1,5612 +0,0 @@
-commit 1e662a43f0420cfdc40d01cd70c27fa1c220a57e
-Author: Simo Sorce <simo@redhat.com>
-Date: Wed Sep 19 16:23:45 2018 -0400
-
- Implement SSH KDF
-
- SSH's KDF is defined in RFC 4253 in Section 7.2
-
- Signed-off-by: Simo Sorce <simo@redhat.com>
-
- Reviewed-by: Paul Dale <paul.dale@oracle.com>
- Reviewed-by: Matt Caswell <matt@openssl.org>
- (Merged from https://github.com/openssl/openssl/pull/7290)
-
-diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
-index ae67dac7f6..e7ed2f8d63 100644
---- a/crypto/err/openssl.txt
-+++ b/crypto/err/openssl.txt
-@@ -828,6 +828,10 @@ KDF_F_KDF_SCRYPT_CTRL_UINT32:121:kdf_scrypt_ctrl_uint32
- KDF_F_KDF_SCRYPT_CTRL_UINT64:122:kdf_scrypt_ctrl_uint64
- KDF_F_KDF_SCRYPT_DERIVE:123:kdf_scrypt_derive
- KDF_F_KDF_SCRYPT_NEW:124:kdf_scrypt_new
-+KDF_F_KDF_SSHKDF_CTRL:130:kdf_sshkdf_ctrl
-+KDF_F_KDF_SSHKDF_CTRL_STR:131:kdf_sshkdf_ctrl_str
-+KDF_F_KDF_SSHKDF_DERIVE:132:kdf_sshkdf_derive
-+KDF_F_KDF_SSHKDF_NEW:133:kdf_sshkdf_new
- KDF_F_KDF_TLS1_PRF_CTRL_STR:125:kdf_tls1_prf_ctrl_str
- KDF_F_KDF_TLS1_PRF_DERIVE:126:kdf_tls1_prf_derive
- KDF_F_KDF_TLS1_PRF_NEW:127:kdf_tls1_prf_new
-@@ -2320,6 +2324,9 @@ KDF_R_MISSING_PASS:110:missing pass
- KDF_R_MISSING_SALT:111:missing salt
- KDF_R_MISSING_SECRET:107:missing secret
- KDF_R_MISSING_SEED:106:missing seed
-+KDF_R_MISSING_SESSION_ID:113:missing session id
-+KDF_R_MISSING_TYPE:114:missing type
-+KDF_R_MISSING_XCGHASH:115:missing xcghash
- KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
- KDF_R_VALUE_ERROR:108:value error
- KDF_R_VALUE_MISSING:102:value missing
-diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c
-index 05f5cec3a9..811fe727f6 100644
---- a/crypto/evp/kdf_lib.c
-+++ b/crypto/evp/kdf_lib.c
-@@ -29,7 +29,8 @@ static const EVP_KDF_METHOD *standard_methods[] = {
- &scrypt_kdf_meth,
- #endif
- &tls1_prf_kdf_meth,
-- &hkdf_kdf_meth
-+ &hkdf_kdf_meth,
-+ &sshkdf_kdf_meth,
- };
-
- DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *,
-diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h
-index a109e561b3..8c313c65ac 100644
---- a/crypto/include/internal/evp_int.h
-+++ b/crypto/include/internal/evp_int.h
-@@ -129,6 +129,7 @@ extern const EVP_KDF_METHOD pbkdf2_kdf_meth;
- extern const EVP_KDF_METHOD scrypt_kdf_meth;
- extern const EVP_KDF_METHOD tls1_prf_kdf_meth;
- extern const EVP_KDF_METHOD hkdf_kdf_meth;
-+extern const EVP_KDF_METHOD sshkdf_kdf_meth;
-
- struct evp_md_st {
- int type;
-diff --git a/crypto/kdf/build.info b/crypto/kdf/build.info
-index dce960e9e1..f483c779dd 100644
---- a/crypto/kdf/build.info
-+++ b/crypto/kdf/build.info
-@@ -1,3 +1,3 @@
- LIBS=../../libcrypto
- SOURCE[../../libcrypto]=\
-- tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c
-+ tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c sshkdf.c
-diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c
-index b2a0c0ebfc..b4678775dd 100644
---- a/crypto/kdf/kdf_err.c
-+++ b/crypto/kdf/kdf_err.c
-@@ -31,6 +31,11 @@ static const ERR_STRING_DATA KDF_str_functs[] = {
- "kdf_scrypt_ctrl_uint64"},
- {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_DERIVE, 0), "kdf_scrypt_derive"},
- {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SCRYPT_NEW, 0), "kdf_scrypt_new"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SSHKDF_CTRL, 0), "kdf_sshkdf_ctrl"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SSHKDF_CTRL_STR, 0),
-+ "kdf_sshkdf_ctrl_str"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SSHKDF_DERIVE, 0), "kdf_sshkdf_derive"},
-+ {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_SSHKDF_NEW, 0), "kdf_sshkdf_new"},
- {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_CTRL_STR, 0),
- "kdf_tls1_prf_ctrl_str"},
- {ERR_PACK(ERR_LIB_KDF, KDF_F_KDF_TLS1_PRF_DERIVE, 0),
-@@ -70,6 +75,9 @@ static const ERR_STRING_DATA KDF_str_reasons[] = {
- {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SALT), "missing salt"},
- {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SECRET), "missing secret"},
- {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SEED), "missing seed"},
-+ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SESSION_ID), "missing session id"},
-+ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_TYPE), "missing type"},
-+ {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_XCGHASH), "missing xcghash"},
- {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNKNOWN_PARAMETER_TYPE),
- "unknown parameter type"},
- {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_ERROR), "value error"},
-diff --git a/crypto/kdf/sshkdf.c b/crypto/kdf/sshkdf.c
-new file mode 100644
-index 0000000000..24f37cbed4
---- /dev/null
-+++ b/crypto/kdf/sshkdf.c
-@@ -0,0 +1,288 @@
-+/*
-+ * Copyright 2018-2018 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <stdlib.h>
-+#include <stdarg.h>
-+#include <string.h>
-+#include <openssl/evp.h>
-+#include <openssl/kdf.h>
-+#include "internal/cryptlib.h"
-+#include "internal/evp_int.h"
-+#include "kdf_local.h"
-+
-+/* See RFC 4253, Section 7.2 */
-+
-+static void kdf_sshkdf_reset(EVP_KDF_IMPL *impl);
-+static int SSHKDF(const EVP_MD *evp_md,
-+ const unsigned char *key, size_t key_len,
-+ const unsigned char *xcghash, size_t xcghash_len,
-+ const unsigned char *session_id, size_t session_id_len,
-+ char type, unsigned char *okey, size_t okey_len);
-+
-+struct evp_kdf_impl_st {
-+ const EVP_MD *md;
-+ unsigned char *key; /* K */
-+ size_t key_len;
-+ unsigned char *xcghash; /* H */
-+ size_t xcghash_len;
-+ char type; /* X */
-+ unsigned char *session_id;
-+ size_t session_id_len;
-+};
-+
-+static EVP_KDF_IMPL *kdf_sshkdf_new(void)
-+{
-+ EVP_KDF_IMPL *impl;
-+
-+ if ((impl = OPENSSL_zalloc(sizeof(*impl))) == NULL)
-+ KDFerr(KDF_F_KDF_SSHKDF_NEW, ERR_R_MALLOC_FAILURE);
-+ return impl;
-+}
-+
-+static void kdf_sshkdf_free(EVP_KDF_IMPL *impl)
-+{
-+ kdf_sshkdf_reset(impl);
-+ OPENSSL_free(impl);
-+}
-+
-+static void kdf_sshkdf_reset(EVP_KDF_IMPL *impl)
-+{
-+ OPENSSL_clear_free(impl->key, impl->key_len);
-+ OPENSSL_clear_free(impl->xcghash, impl->xcghash_len);
-+ OPENSSL_clear_free(impl->session_id, impl->session_id_len);
-+ memset(impl, 0, sizeof(*impl));
-+}
-+
-+static int kdf_sshkdf_parse_buffer_arg(unsigned char **dst, size_t *dst_len,
-+ va_list args)
-+{
-+ const unsigned char *p;
-+ size_t len;
-+
-+ p = va_arg(args, const unsigned char *);
-+ len = va_arg(args, size_t);
-+ OPENSSL_clear_free(*dst, *dst_len);
-+ *dst = OPENSSL_memdup(p, len);
-+ if (*dst == NULL)
-+ return 0;
-+
-+ *dst_len = len;
-+ return 1;
-+}
-+
-+static int kdf_sshkdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args)
-+{
-+ int t;
-+
-+ switch (cmd) {
-+ case EVP_KDF_CTRL_SET_MD:
-+ impl->md = va_arg(args, const EVP_MD *);
-+ if (impl->md == NULL)
-+ return 0;
-+
-+ return 1;
-+
-+ case EVP_KDF_CTRL_SET_KEY:
-+ return kdf_sshkdf_parse_buffer_arg(&impl->key,
-+ &impl->key_len, args);
-+
-+ case EVP_KDF_CTRL_SET_SSHKDF_XCGHASH:
-+ return kdf_sshkdf_parse_buffer_arg(&impl->xcghash,
-+ &impl->xcghash_len, args);
-+
-+ case EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID:
-+ return kdf_sshkdf_parse_buffer_arg(&impl->session_id,
-+ &impl->session_id_len, args);
-+
-+ case EVP_KDF_CTRL_SET_SSHKDF_TYPE:
-+ t = va_arg(args, int);
-+ if (t < 65 || t > 70) {
-+ KDFerr(KDF_F_KDF_SSHKDF_CTRL, KDF_R_VALUE_ERROR);
-+ return 0;
-+ }
-+
-+ impl->type = (char)t;
-+ return 1;
-+
-+ default:
-+ return -2;
-+
-+ }
-+}
-+
-+static int kdf_sshkdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type,
-+ const char *value)
-+{
-+ if (value == NULL) {
-+ KDFerr(KDF_F_KDF_SSHKDF_CTRL_STR, KDF_R_VALUE_MISSING);
-+ return 0;
-+ }
-+
-+ if (strcmp(type, "md") == 0)
-+ return kdf_md2ctrl(impl, kdf_sshkdf_ctrl, EVP_KDF_CTRL_SET_MD, value);
-+
-+ if (strcmp(type, "key") == 0)
-+ return kdf_str2ctrl(impl, kdf_sshkdf_ctrl,
-+ EVP_KDF_CTRL_SET_KEY, value);
-+
-+ if (strcmp(type, "hexkey") == 0)
-+ return kdf_hex2ctrl(impl, kdf_sshkdf_ctrl,
-+ EVP_KDF_CTRL_SET_KEY, value);
-+
-+ if (strcmp(type, "xcghash") == 0)
-+ return kdf_str2ctrl(impl, kdf_sshkdf_ctrl,
-+ EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, value);
-+
-+ if (strcmp(type, "hexxcghash") == 0)
-+ return kdf_hex2ctrl(impl, kdf_sshkdf_ctrl,
-+ EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, value);
-+
-+ if (strcmp(type, "session_id") == 0)
-+ return kdf_str2ctrl(impl, kdf_sshkdf_ctrl,
-+ EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, value);
-+
-+ if (strcmp(type, "hexsession_id") == 0)
-+ return kdf_hex2ctrl(impl, kdf_sshkdf_ctrl,
-+ EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, value);
-+
-+ if (strcmp(type, "type") == 0) {
-+ if (strlen(value) != 1) {
-+ KDFerr(KDF_F_KDF_SSHKDF_CTRL_STR, KDF_R_VALUE_ERROR);
-+ return 0;
-+ }
-+
-+ return call_ctrl(kdf_sshkdf_ctrl, impl, EVP_KDF_CTRL_SET_SSHKDF_TYPE,
-+ (int)value[0]);
-+ }
-+
-+ KDFerr(KDF_F_KDF_SSHKDF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
-+ return -2;
-+}
-+
-+static size_t kdf_sshkdf_size(EVP_KDF_IMPL *impl)
-+{
-+ return SIZE_MAX;
-+}
-+
-+static int kdf_sshkdf_derive(EVP_KDF_IMPL *impl, unsigned char *key,
-+ size_t keylen)
-+{
-+ if (impl->md == NULL) {
-+ KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
-+ return 0;
-+ }
-+ if (impl->key == NULL) {
-+ KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_KEY);
-+ return 0;
-+ }
-+ if (impl->xcghash == NULL) {
-+ KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_XCGHASH);
-+ return 0;
-+ }
-+ if (impl->session_id == NULL) {
-+ KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_SESSION_ID);
-+ return 0;
-+ }
-+ if (impl->type == 0) {
-+ KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_TYPE);
-+ return 0;
-+ }
-+ return SSHKDF(impl->md, impl->key, impl->key_len,
-+ impl->xcghash, impl->xcghash_len,
-+ impl->session_id, impl->session_id_len,
-+ impl->type, key, keylen);
-+}
-+
-+const EVP_KDF_METHOD sshkdf_kdf_meth = {
-+ EVP_KDF_SSHKDF,
-+ kdf_sshkdf_new,
-+ kdf_sshkdf_free,
-+ kdf_sshkdf_reset,
-+ kdf_sshkdf_ctrl,
-+ kdf_sshkdf_ctrl_str,
-+ kdf_sshkdf_size,
-+ kdf_sshkdf_derive,
-+};
-+
-+static int SSHKDF(const EVP_MD *evp_md,
-+ const unsigned char *key, size_t key_len,
-+ const unsigned char *xcghash, size_t xcghash_len,
-+ const unsigned char *session_id, size_t session_id_len,
-+ char type, unsigned char *okey, size_t okey_len)
-+{
-+ EVP_MD_CTX *md = NULL;
-+ unsigned char digest[EVP_MAX_MD_SIZE];
-+ unsigned int dsize = 0;
-+ size_t cursize = 0;
-+ int ret = 0;
-+
-+ md = EVP_MD_CTX_new();
-+ if (md == NULL)
-+ return 0;
-+
-+ if (!EVP_DigestInit_ex(md, evp_md, NULL))
-+ goto out;
-+
-+ if (!EVP_DigestUpdate(md, key, key_len))
-+ goto out;
-+
-+ if (!EVP_DigestUpdate(md, xcghash, xcghash_len))
-+ goto out;
-+
-+ if (!EVP_DigestUpdate(md, &type, 1))
-+ goto out;
-+
-+ if (!EVP_DigestUpdate(md, session_id, session_id_len))
-+ goto out;
-+
-+ if (!EVP_DigestFinal_ex(md, digest, &dsize))
-+ goto out;
-+
-+ if (okey_len < dsize) {
-+ memcpy(okey, digest, okey_len);
-+ ret = 1;
-+ goto out;
-+ }
-+
-+ memcpy(okey, digest, dsize);
-+
-+ for (cursize = dsize; cursize < okey_len; cursize += dsize) {
-+
-+ if (!EVP_DigestInit_ex(md, evp_md, NULL))
-+ goto out;
-+
-+ if (!EVP_DigestUpdate(md, key, key_len))
-+ goto out;
-+
-+ if (!EVP_DigestUpdate(md, xcghash, xcghash_len))
-+ goto out;
-+
-+ if (!EVP_DigestUpdate(md, okey, cursize))
-+ goto out;
-+
-+ if (!EVP_DigestFinal_ex(md, digest, &dsize))
-+ goto out;
-+
-+ if (okey_len < cursize + dsize) {
-+ memcpy(okey + cursize, digest, okey_len - cursize);
-+ ret = 1;
-+ goto out;
-+ }
-+
-+ memcpy(okey + cursize, digest, dsize);
-+ }
-+
-+ ret = 1;
-+
-+out:
-+ EVP_MD_CTX_free(md);
-+ OPENSSL_cleanse(digest, EVP_MAX_MD_SIZE);
-+ return ret;
-+}
-+
-diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
-index 9ab1a14b9e..81646fda52 100644
---- a/crypto/objects/obj_dat.h
-+++ b/crypto/objects/obj_dat.h
-@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */
- };
-
--#define NUM_NID 1195
-+#define NUM_NID 1196
- static const ASN1_OBJECT nid_objs[NUM_NID] = {
- {"UNDEF", "undefined", NID_undef},
- {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
-@@ -2275,9 +2275,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
- {"magma-mac", "magma-mac", NID_magma_mac},
- {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]},
- {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]},
-+ {"SSHKDF", "sshkdf", NID_sshkdf},
- };
-
--#define NUM_SN 1186
-+#define NUM_SN 1187
- static const unsigned int sn_objs[NUM_SN] = {
- 364, /* "AD_DVCS" */
- 419, /* "AES-128-CBC" */
-@@ -2555,6 +2556,7 @@ static const unsigned int sn_objs[NUM_SN] = {
- 167, /* "SMIME-CAPS" */
- 100, /* "SN" */
- 1006, /* "SNILS" */
-+ 1195, /* "SSHKDF" */
- 16, /* "ST" */
- 143, /* "SXNetID" */
- 1062, /* "SipHash" */
-@@ -3467,7 +3469,7 @@ static const unsigned int sn_objs[NUM_SN] = {
- 1093, /* "x509ExtAdmission" */
- };
-
--#define NUM_LN 1186
-+#define NUM_LN 1187
- static const unsigned int ln_objs[NUM_LN] = {
- 363, /* "AD Time Stamping" */
- 405, /* "ANSI X9.62" */
-@@ -4609,6 +4611,7 @@ static const unsigned int ln_objs[NUM_LN] = {
- 1139, /* "sm4-ctr" */
- 1133, /* "sm4-ecb" */
- 1135, /* "sm4-ofb" */
-+ 1195, /* "sshkdf" */
- 16, /* "stateOrProvinceName" */
- 660, /* "streetAddress" */
- 498, /* "subtreeMaximumQuality" */
-diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
-index 1b6a9c61a1..231c18384a 100644
---- a/crypto/objects/obj_mac.num
-+++ b/crypto/objects/obj_mac.num
-@@ -1192,3 +1192,4 @@ magma_cfb 1191
- magma_mac 1192
- hmacWithSHA512_224 1193
- hmacWithSHA512_256 1194
-+sshkdf 1195
-diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
-index 6dbc41ce37..5ded88e525 100644
---- a/crypto/objects/objects.txt
-+++ b/crypto/objects/objects.txt
-@@ -1600,6 +1600,9 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
- # NID for HKDF
- : HKDF : hkdf
-
-+# NID for SSHKDF
-+ : SSHKDF : sshkdf
-+
- # RFC 4556
- 1 3 6 1 5 2 3 : id-pkinit
- id-pkinit 4 : pkInitClientAuth : PKINIT Client Auth
-diff --git a/doc/man7/EVP_KDF_SSHKDF.pod b/doc/man7/EVP_KDF_SSHKDF.pod
-new file mode 100644
-index 0000000000..9c9734e7c3
---- /dev/null
-+++ b/doc/man7/EVP_KDF_SSHKDF.pod
-@@ -0,0 +1,175 @@
-+=pod
-+
-+=head1 NAME
-+
-+EVP_KDF_SSHKDF - The SSHKDF EVP_KDF implementation
-+
-+=head1 DESCRIPTION
-+
-+Support for computing the B<SSHKDF> KDF through the B<EVP_KDF> API.
-+
-+The EVP_KDF_SSHKDF algorithm implements the SSHKDF key derivation function.
-+It is defined in RFC 4253, section 7.2 and is used by SSH to derive IVs,
-+encryption keys and integrity keys.
-+Five inputs are required to perform key derivation: The hashing function
-+(for example SHA256), the Initial Key, the Exchange Hash, the Session ID,
-+and the derivation key type.
-+
-+=head2 Numeric identity
-+
-+B<EVP_KDF_SSHKDF> is the numeric identity for this implementation; it
-+can be used with the EVP_KDF_CTX_new_id() function.
-+
-+=head2 Supported controls
-+
-+The supported controls are:
-+
-+=over 4
-+
-+=item B<EVP_KDF_CTRL_SET_MD>
-+
-+=item B<EVP_KDF_CTRL_SET_KEY>
-+
-+These controls work as described in L<EVP_KDF_CTX(3)/CONTROLS>.
-+
-+=item B<EVP_KDF_CTRL_SET_SSHKDF_XCGHASH>
-+
-+=item B<EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID>
-+
-+These controls expect two arguments: C<unsigned char *buffer>, C<size_t length>
-+
-+They set the respective values to the first B<length> bytes of the buffer
-+B<buffer>. If a value is already set, the contents are replaced.
-+
-+EVP_KDF_ctrl_str() takes two type strings for these controls:
-+
-+=over 4
-+
-+=item "xcghash"
-+
-+=item "session_id"
-+
-+The value string is used as is.
-+
-+=item "hexxcghash"
-+
-+=item "hexsession_id"
-+
-+The value string is expected to be a hexadecimal number, which will be
-+decoded before being passed on as the control value.
-+
-+=back
-+
-+=item B<EVP_KDF_CTRL_SET_SSHKDF_TYPE>
-+
-+This control expects one argument: C<int mode>
-+
-+Sets the type for the SSHHKDF operation. There are six supported types:
-+
-+=over 4
-+
-+=item EVP_KDF_SSHKDF_TYPE_ININITAL_IV_CLI_TO_SRV
-+
-+The Initial IV from client to server.
-+A single char of value 65 (ASCII char 'A').
-+
-+=item EVP_KDF_SSHKDF_TYPE_ININITAL_IV_SRV_TO_CLI
-+
-+The Initial IV from server to client
-+A single char of value 66 (ASCII char 'B').
-+
-+=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV
-+
-+The Encryption Key from client to server
-+A single char of value 67 (ASCII char 'C').
-+
-+=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI
-+
-+The Encryption Key from server to client
-+A single char of value 68 (ASCII char 'D').
-+
-+=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV
-+
-+The Integrity Key from client to server
-+A single char of value 69 (ASCII char 'E').
-+
-+=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI
-+
-+The Integrity Key from client to server
-+A single char of value 70 (ASCII char 'F').
-+
-+=back
-+
-+EVP_KDF_ctrl_str() type string: "type"
-+
-+The value is a string of length one character. The only valid values
-+are the numerical values of the ASCII caracters: "A" (65) to "F" (70).
-+
-+=back
-+
-+=head1 NOTES
-+
-+A context for SSHKDF can be obtained by calling:
-+
-+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
-+
-+The output length of the SSHKDF derivation is specified via the C<keylen>
-+parameter to the L<EVP_KDF_derive(3)> function.
-+Since the SSHKDF output length is variable, calling L<EVP_KDF_size()>
-+to obtain the requisite length is not meaningful. The caller must
-+allocate a buffer of the desired length, and pass that buffer to the
-+L<EVP_KDF_derive(3)> function along with the desired length.
-+
-+=head1 EXAMPLE
-+
-+This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate
-+"xcghash" and "session_id" values:
-+
-+ EVP_KDF_CTX *kctx;
-+ unsigned char key[1024] = "01234...";
-+ unsigned char xcghash[32] = "012345...";
-+ unsigned char session_id[32] = "012345...";
-+ unsigned char out[8];
-+ size_t outlen = sizeof(out);
-+ kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
-+
-+ if (EVP_KDF_CTX_set_md(kctx, EVP_sha256()) <= 0)
-+ /* Error */
-+ if (EVP_KDF_CTX_set1_key(kctx, key, 1024) <= 0)
-+ /* Error */
-+ if (EVP_KDF_CTX_set1_sshkdf_xcghash(kctx, xcghash, 32) <= 0)
-+ /* Error */
-+ if (EVP_KDF_CTX_set1_sshkdf_session_id(kctx, session_id, 32) <= 0)
-+ /* Error */
-+ if (EVP_KDF_CTX_set_sshkdf_type(kctx,
-+ EVP_KDF_SSHKDF_TYPE_ININITAL_IV_CLI_TO_SRV) <= 0)
-+ /* Error */
-+ if (EVP_KDF_derive(kctx, out, &outlen) <= 0)
-+ /* Error */
-+
-+
-+=head1 CONFORMING TO
-+
-+RFC 4253
-+
-+=head1 SEE ALSO
-+
-+L<EVP_KDF_CTX>,
-+L<EVP_KDF_CTX_new_id(3)>,
-+L<EVP_KDF_CTX_free(3)>,
-+L<EVP_KDF_ctrl(3)>,
-+L<EVP_KDF_size(3)>,
-+L<EVP_KDF_derive(3)>,
-+L<EVP_KDF_CTX(3)/CONTROLS>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
-+
-diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
-index 16caed5273..362ab14cff 100644
---- a/include/openssl/kdf.h
-+++ b/include/openssl/kdf.h
-@@ -20,6 +20,7 @@ extern "C" {
- # define EVP_KDF_SCRYPT NID_id_scrypt
- # define EVP_KDF_TLS1_PRF NID_tls1_prf
- # define EVP_KDF_HKDF NID_hkdf
-+# define EVP_KDF_SSHKDF NID_sshkdf
-
- EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id);
- void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx);
-@@ -47,11 +48,20 @@ int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen);
- # define EVP_KDF_CTRL_SET_SCRYPT_N 0x0d /* uint64_t */
- # define EVP_KDF_CTRL_SET_SCRYPT_R 0x0e /* uint32_t */
- # define EVP_KDF_CTRL_SET_SCRYPT_P 0x0f /* uint32_t */
-+# define EVP_KDF_CTRL_SET_SSHKDF_XCGHASH 0x10 /* unsigned char *, size_t */
-+# define EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID 0x11 /* unsigned char *, size_t */
-+# define EVP_KDF_CTRL_SET_SSHKDF_TYPE 0x12 /* int */
-
- # define EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND 0
- # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1
- # define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2
-
-+#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65
-+#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66
-+#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
-+#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI 68
-+#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV 69
-+#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI 70
-
- /**** The legacy PKEY-based KDF API follows. ****/
-
-diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h
-index 0191f2b21d..ff13ccb649 100644
---- a/include/openssl/kdferr.h
-+++ b/include/openssl/kdferr.h
-@@ -32,6 +32,10 @@ int ERR_load_KDF_strings(void);
- # define KDF_F_KDF_SCRYPT_CTRL_UINT64 122
- # define KDF_F_KDF_SCRYPT_DERIVE 123
- # define KDF_F_KDF_SCRYPT_NEW 124
-+# define KDF_F_KDF_SSHKDF_CTRL 130
-+# define KDF_F_KDF_SSHKDF_CTRL_STR 131
-+# define KDF_F_KDF_SSHKDF_DERIVE 132
-+# define KDF_F_KDF_SSHKDF_NEW 133
- # define KDF_F_KDF_TLS1_PRF_CTRL_STR 125
- # define KDF_F_KDF_TLS1_PRF_DERIVE 126
- # define KDF_F_KDF_TLS1_PRF_NEW 127
-@@ -62,6 +66,9 @@ int ERR_load_KDF_strings(void);
- # define KDF_R_MISSING_SALT 111
- # define KDF_R_MISSING_SECRET 107
- # define KDF_R_MISSING_SEED 106
-+# define KDF_R_MISSING_SESSION_ID 113
-+# define KDF_R_MISSING_TYPE 114
-+# define KDF_R_MISSING_XCGHASH 115
- # define KDF_R_UNKNOWN_PARAMETER_TYPE 103
- # define KDF_R_VALUE_ERROR 108
- # define KDF_R_VALUE_MISSING 102
-diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
-index 31fad4640f..baf2bd8db4 100644
---- a/include/openssl/obj_mac.h
-+++ b/include/openssl/obj_mac.h
-@@ -4970,6 +4970,10 @@
- #define LN_hkdf "hkdf"
- #define NID_hkdf 1036
-
-+#define SN_sshkdf "SSHKDF"
-+#define LN_sshkdf "sshkdf"
-+#define NID_sshkdf 1203
-+
- #define SN_id_pkinit "id-pkinit"
- #define NID_id_pkinit 1031
- #define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L
-diff --git a/test/recipes/30-test_evp_data/evpkdf.txt b/test/recipes/30-test_evp_data/evpkdf.txt
-index 285c4311a6..7f2dcd2291 100644
---- a/test/recipes/30-test_evp_data/evpkdf.txt
-+++ b/test/recipes/30-test_evp_data/evpkdf.txt
-@@ -433,3 +433,4856 @@ Ctrl.iter = iter:1
- Ctrl.digest = digest:sha512
- Output = 00ef42cdbfc98d29db20976608e455567fdddf14
-
-+Title = SSHKDF tests (from NIST CAVS 14.1 test vectors)
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
-+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.type = type:A
-+Output = e2f627c0b43f1ac1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
-+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.type = type:B
-+Output = 58471445f342b181
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
-+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.type = type:C
-+Output = 1ca9d310f86d51f6cb8e7007cb2b220d55c5281ce680b533
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
-+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.type = type:D
-+Output = 2c60df8603d34cc1dbb03c11f725a44b44008851c73d6844
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
-+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.type = type:E
-+Output = 472eb8a26166ae6aa8e06868e45c3b26e6eeed06
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
-+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.type = type:F
-+Output = e3e2fdb9d7bc21165a3dbe47e1eceb7764390bab
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208
-+Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626
-+Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a
-+Ctrl.type = type:A
-+Output = 55a1015757de84cb
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208
-+Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626
-+Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a
-+Ctrl.type = type:B
-+Output = 7e57f61d5735f4fb
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208
-+Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626
-+Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a
-+Ctrl.type = type:C
-+Output = dd1c24bde1af845e82207541e3e173aec822fb904a94ae3c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208
-+Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626
-+Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a
-+Ctrl.type = type:D
-+Output = cbbfdc9442af6db7f8c4dcaa4b0b5d0163e0e204476aa2a0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208
-+Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626
-+Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a
-+Ctrl.type = type:E
-+Output = e153e04886c0dc446dde9a9b3b13efb77151764d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100ec6f2c5f0517fd92f730567bd783138302917c277552b1b3fdf2b67d6edb6fa81bd17f7ebbe339b54b171341e6522b91611f8274cc88652a458f8041261040818a268497e949e12f57271318b2b3194c29760cbb767c0fc8833b272994e18682da807e6c9f235d88ef89c203c6f756d25cc2bea199b02c955b8b40cbc04f9208
-+Ctrl.hexxcghash = hexxcghash:ee40eef61bea3da8c2b1cec40fc4cdac892a2626
-+Ctrl.hexsession_id = hexsession_id:ca9aad244e24797fd348d1250387c8aa45a0110a
-+Ctrl.type = type:F
-+Output = c8e4f61bd6b5abb2c6e06eca7b302349435e4842
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62
-+Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2
-+Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd
-+Ctrl.type = type:A
-+Output = 054eaf5d7dea31e7
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62
-+Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2
-+Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd
-+Ctrl.type = type:B
-+Output = 6ce586c127da010f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62
-+Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2
-+Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd
-+Ctrl.type = type:C
-+Output = 7907bf3d7c58ce72714b2adb1a14f156194b14378a4a7c49
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62
-+Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2
-+Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd
-+Ctrl.type = type:D
-+Output = c34757dc104e7b811f6550bbc3888e1d4297578fd88b2ca5
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62
-+Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2
-+Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd
-+Ctrl.type = type:E
-+Output = e463e05ef70e61f994ee3cd20d504cb6eddb9b1a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100a3beebff410a7cdc0ac56dad0152a7f6da6b1d4195285ce96f8b59930d8c3ccbc518bc043eb60362388ea87c20db3b490b490ba9b90f086004ba3e389cb3a715d477c2b1e480e3419c36cd83e237e241462ee79758f4ff5bf7a5e1eae58a6834778a658c60b2e157d36b16371f97660ad4abfd4a2703dba7cab055be4c778b62
-+Ctrl.hexxcghash = hexxcghash:b81915a9656128d2add5e5741914d765226f93e2
-+Ctrl.hexsession_id = hexsession_id:2872e0c92fc3074d4f40e408a2ebd83e2fc7bccd
-+Ctrl.type = type:F
-+Output = 676cf1dfc887e122353eead2b1e644f9d9def944
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9
-+Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586
-+Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200
-+Ctrl.type = type:A
-+Output = bc4b5164911bc87b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9
-+Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586
-+Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200
-+Ctrl.type = type:B
-+Output = d791c5986b27257e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9
-+Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586
-+Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200
-+Ctrl.type = type:C
-+Output = de8e99bb3f60ccf0583712528aa3dd0418fdb90d0a588012
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9
-+Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586
-+Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200
-+Ctrl.type = type:D
-+Output = f37f75a685f1eaf4fd270b946d84734e96aa3b4ed130afc6
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9
-+Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586
-+Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200
-+Ctrl.type = type:E
-+Output = 658f04b0f59aab071b9e11ec9ff187ee10e80254
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008017357de60344a125ca41d9ea51eb304a571d7f0aa37a5e36d4b7a5473546f7226583cefe7c06f6f94b97da0da2517190fa02a0337a3bc9ddfeeb68b953613d4d5e473783f137a82246b8260fb3451363adda1813acdf6b10861e022e23a00db9b5a893fcefd6b647f6a73904aa9c3b53e5d879d7e84f052dfabe15a27c1f3aa9
-+Ctrl.hexxcghash = hexxcghash:28fcf3bc600f6bb0b9594b01283d085e149b2586
-+Ctrl.hexsession_id = hexsession_id:4d6b90988de45dfd08e8167504a6253a8552c200
-+Ctrl.type = type:F
-+Output = b030809222ff7a12b0df35072d67f314ab1d5eda
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff
-+Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614
-+Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d
-+Ctrl.type = type:A
-+Output = 7a74ec799ef16865
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff
-+Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614
-+Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d
-+Ctrl.type = type:B
-+Output = 6e544fc6db0ca1ba
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff
-+Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614
-+Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d
-+Ctrl.type = type:C
-+Output = 658226b1b10b2033fa88838b619572b18e81e80c76507918
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff
-+Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614
-+Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d
-+Ctrl.type = type:D
-+Output = 327298c8660685efcb01c5c0df49faebb15c0e93b0f6c65d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff
-+Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614
-+Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d
-+Ctrl.type = type:E
-+Output = 6b618a10aeaa12c9a8d2bcb10e975605582c00e5
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000000803c3ce2b19e0cadf8ad02438c695efcd3018c833657318bfaef7b9c278cd7e8d7b3a2249f9d586832c3dee727ada167056ff1febc9210186ba47cc1dfaaf08101fb89742ebf4f3e291a20c94a7a6f7877799151d177e163ce3e57ef863c0cda0311265fbac157879150a715e309392b3e521dcf03224717ff5e0030e480f20dff
-+Ctrl.hexxcghash = hexxcghash:46a674c532460a80cdc5c6da9a8c3bdf4f3ff614
-+Ctrl.hexsession_id = hexsession_id:aedeb64df7119db53202e959dc84be3e5285512d
-+Ctrl.type = type:F
-+Output = 6d4ce50da9de90d6f746e812a2e74bcd921f5612
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3
-+Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f
-+Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a
-+Ctrl.type = type:A
-+Output = b655839abcb1a7b8
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3
-+Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f
-+Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a
-+Ctrl.type = type:B
-+Output = 98f9ec980831a8bc
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3
-+Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f
-+Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a
-+Ctrl.type = type:C
-+Output = 31a63b64cfa8b6a12ba165096dad8d127cd3f3b67698b670
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3
-+Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f
-+Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a
-+Ctrl.type = type:D
-+Output = 8bd79633967b92f0039a38a2d421e12840ea5c31b43c4e90
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3
-+Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f
-+Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a
-+Ctrl.type = type:E
-+Output = 37eccade73b422d1108e390eaa28c646b554a721
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008075957f464f5a7985e1a3ffb7d5814ff9ceb8fb1584a3f5cc454c37139e9b880940442cce2aef94d9d0462c4dc313ed7a8cc3f9a58c38a98ef0236e3cc78fb63b6f82e9c503097b7a08ef2261dda68c7bfe9f83ac790d1f9ff57605d24f4bdfedde23cc5aabba248bc91d3fe1d4394485bc4421730a297694c09bdf024ac2eac3
-+Ctrl.hexxcghash = hexxcghash:0a70b4f26b1985d48ece540f1de6304fdb38212f
-+Ctrl.hexsession_id = hexsession_id:2f0ce0e2da2e2bf11eae2ab98e9734412d47a19a
-+Ctrl.type = type:F
-+Output = 013a20fc8f53ef08aae0a836b9410153a877983a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef
-+Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023
-+Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114
-+Ctrl.type = type:A
-+Output = 12f6c3ac60d6ee3b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef
-+Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023
-+Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114
-+Ctrl.type = type:B
-+Output = 536d106e00aec6fd
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef
-+Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023
-+Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114
-+Ctrl.type = type:C
-+Output = 26b8ec66854d0f0aa98f6888be628ebc75900c3738d47894
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef
-+Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023
-+Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114
-+Ctrl.type = type:D
-+Output = d5d3b3817214eeb3bf292dffc77daeab062ac7fcd2e3a2bd
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef
-+Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023
-+Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114
-+Ctrl.type = type:E
-+Output = 014613aef22194307bc0678f6edd1ccff240adfa
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100c050aa3d848750af69d1c04d6cb0a1ef8a4f25be4b16c927ff7313e83680b1b7a92b6100fa773cea9958fc7efb1a475fc71eda8be8efc92ad198a34d6ae017f12b76f39c82b741994b0d42ada1807fa7803876d21d93b129d75dc9aba4811ef51925e49e4bf4f5313e8fee0625d8727da8bcb15eb15da2d237082fc5499621ef
-+Ctrl.hexxcghash = hexxcghash:5ea2568ee7ddcdb3260dfdf54e15e4d494ca9023
-+Ctrl.hexsession_id = hexsession_id:bc8988ac5f9058ee76536472b1706c5c338bd114
-+Ctrl.type = type:F
-+Output = 5057b4cc2c300f7546d358a75daf58233b71da1a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983
-+Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639
-+Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606
-+Ctrl.type = type:A
-+Output = d160f91f36027ff9
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983
-+Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639
-+Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606
-+Ctrl.type = type:B
-+Output = 0d02ec310663bbcc
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983
-+Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639
-+Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606
-+Ctrl.type = type:C
-+Output = 03b66f451ad93a01914dd3372d980bea3de94993e176ea01
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983
-+Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639
-+Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606
-+Ctrl.type = type:D
-+Output = c2db767cbbdf2f839eb2f37ada87a041d220b9f58842d0db
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983
-+Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639
-+Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606
-+Ctrl.type = type:E
-+Output = 0b2944c26dcf4cc877cdc55c4e9b1b8155e3874b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100f00388418be28ae3235c5b640d000df44f6e65782cad783726a507e2c645a056307f1ab7b4cd24d38640118105d7415c2ecea77e33e7b8a9dc9d205e3fdfb718769754213c0782ee18c7db1408e780369bccfb8233581cda4fbb133b3c41d0a7afa6996f31f8dd36fa3dd82efb23dcaa1ec5e37caae3af639123190fe7795983
-+Ctrl.hexxcghash = hexxcghash:fc48c85ac48ee97be3ce45c10807a666e8e9b639
-+Ctrl.hexsession_id = hexsession_id:d36e8c070b97795dfb10a3c2e41e4d0d70382606
-+Ctrl.type = type:F
-+Output = f7977d574c7d9e4f34ecd6b405c765963f0dfe57
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31
-+Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929
-+Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0
-+Ctrl.type = type:A
-+Output = e4387818ab7f4fa6
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31
-+Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929
-+Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0
-+Ctrl.type = type:B
-+Output = 1daabebcc8a064df
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31
-+Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929
-+Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0
-+Ctrl.type = type:C
-+Output = 9fffad3aec53cd719c1d500850c2f38d8eea04606f78b402
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31
-+Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929
-+Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0
-+Ctrl.type = type:D
-+Output = 6b196bce2aa2bd912ffd67a94fc42dec1051376f73ec3ce2
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31
-+Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929
-+Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0
-+Ctrl.type = type:E
-+Output = beab583906e6bed005558c102a5b5fd6ee71485f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:00000081009dc61278a79fdb00ee937c0418668ac0176fdfd0297ebc86ee391e3e8db147f01d782650f1e30391d3c1fe62425842119fe41b76243ed47f6c30370dd1cc1b10e3bdac2730287b0e5901e487563d700d56078ed88d20c300250a3da5f2128db56230d90bb99e90aca80da446d8dddac49e2f2db1b37f9e1b65834adf8fdbcd31
-+Ctrl.hexxcghash = hexxcghash:3c63a552ac5313d219ec30f1e926e2c52e992929
-+Ctrl.hexsession_id = hexsession_id:a17e0e9cc2741d861f4c7195c29c75e4c38e9ba0
-+Ctrl.type = type:F
-+Output = 105140594b5b9061de7ff2afac09bce81b75d6c6
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d
-+Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70
-+Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c
-+Ctrl.type = type:A
-+Output = ef982c8fd0fd464f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d
-+Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70
-+Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c
-+Ctrl.type = type:B
-+Output = 845ad3ba4d359326
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d
-+Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70
-+Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c
-+Ctrl.type = type:C
-+Output = d9e516001b6b1a17268e507fa6e13f6bc9c3ded0020ef841
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d
-+Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70
-+Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c
-+Ctrl.type = type:D
-+Output = d57d2f3c25b536442d8c7f36d62778d06fb6e7d4b5c7ab76
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d
-+Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70
-+Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c
-+Ctrl.type = type:E
-+Output = f0b75425b271eb82645b1f1424b2a838dbcf6f98
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008100df75bb7ce0b66431ca073a5768dbc6930b024b8d6804a5ef9f3f3c9341b8c8b7216eaf26536ac671ab360eff568502e596adbf41b795d329d136ebe44c60ff4ffd58ed99b40a228cab6c8ed9733702e75f7750e58f04cbb78402eec2877205a0ba3f48318543489dc4885dcdc51c4658acbc28f9a82c563ac20b582cff8c432d
-+Ctrl.hexxcghash = hexxcghash:c08ddd40832cc96fe373b67a4850b86848e48f70
-+Ctrl.hexsession_id = hexsession_id:477c8d32e73a475707e0085cf235d605ed564a1c
-+Ctrl.type = type:F
-+Output = cdf59b2327588ffd18becfc0e5bb526014101401
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145
-+Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03
-+Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03
-+Ctrl.type = type:A
-+Output = 79c9195e683ae10750960cb55c4d4c0b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145
-+Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03
-+Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03
-+Ctrl.type = type:B
-+Output = ef00b448ab9fd6523bb5143a0a818750
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145
-+Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03
-+Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03
-+Ctrl.type = type:C
-+Output = 51c8b4aaf5e42443be0aa3c50aa7e1dd
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145
-+Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03
-+Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03
-+Ctrl.type = type:D
-+Output = 4153a587397fb14dc3faad028fdb7ecc
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145
-+Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03
-+Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03
-+Ctrl.type = type:E
-+Output = d23e36347052a1cfb4a7789df48627e8a31345c7
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001010085a60bcca88b096c418e825f3de4fd8920ecce617afadda2ca8001e8eba07e58e60e70a9a05b8ddc29d5636d33c407d5f23952b65326e113f28d89bc6ba3a4c3b71ae239d6d1bd295466682d1c675bdb88a3259f474fe54a0f4004ddc46b442451654e1e66d0c93d7b310f28a8db7b95eee7abc61e71dee322b4e732baf9ec7ce189b889d536da1a55a2cc29e1666aa9c0e702f4412206bd207302fe84043c664394bde0e0a47d0a7a947c95997e1dbaeecd2efae12cacef8eab2f6b2478dedcebb3264827cf226e13f8082931db410fbc03352e7dde82fd1f58caab3115aa065ac6e2a1c7b1c1b2d5fa3447bf9839d76cfa5822b097bff9106f37eba1250145
-+Ctrl.hexxcghash = hexxcghash:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03
-+Ctrl.hexsession_id = hexsession_id:dde6f8e070ef32a27ff04ad1045c65b2dfa33e03
-+Ctrl.type = type:F
-+Output = c1286e92655912d923154c460702a31424bd6b01
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4
-+Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e
-+Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4
-+Ctrl.type = type:A
-+Output = 739ad52e454ba3457735b7c5304c6578
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4
-+Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e
-+Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4
-+Ctrl.type = type:B
-+Output = 3bd9f9d9f06aa521d2f53e40fc5d9f90
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4
-+Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e
-+Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4
-+Ctrl.type = type:C
-+Output = 335cd2813bebd3d5e1dda4c1e14c23de
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4
-+Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e
-+Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4
-+Ctrl.type = type:D
-+Output = fd25c5ae649645d8c0cfff0d4d8e7a47
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4
-+Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e
-+Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4
-+Ctrl.type = type:E
-+Output = 90e89773d04623553d4d298e6aa75781d8a6544b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010100c0724e077d7237441eb79039debaa851c0bf411e69cd5314f3c72aa45760c9969985b34291fb64bf964b719d2b989e40a0e9fbccdb23536a78f1b55ebbda809f862e8ec3561c15c4288595546e09789cbc2491050073222397957c9090b7f8f96e3fefbc5f438c72ca8bb48f6337e208ee9b3f630a8c5b40b9fafca8e55be0a0cf4046884a0a049b4557da4ddb7a344226f4707c706e96467b1568ad4d10363aa9eb04b91efbada0c1c292475ce9893a27d4a1deb4a262d980141e63756adf3d5fbcf6ebde919cfd44052984704af6ba360e190fecfc730a5e470785d3061ee5f495cd697af97f90bbc11f2e4e41e57ce25f34b9c4ec9f3c051d964ad0c036b4
-+Ctrl.hexxcghash = hexxcghash:5ae93beda675546c8a783974925aca9b365a6d8e
-+Ctrl.hexsession_id = hexsession_id:bb0bfeb33b78474b2d53232b3122506992c0cae4
-+Ctrl.type = type:F
-+Output = 86a3f05a5f844b23d787cccbda37a3d773a4d049
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde
-+Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4
-+Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e
-+Ctrl.type = type:A
-+Output = d2d06d589e6e696556e3d44d7d05decb
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde
-+Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4
-+Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e
-+Ctrl.type = type:B
-+Output = 14e3a886b715206e837b70fe7c02b941
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde
-+Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4
-+Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e
-+Ctrl.type = type:C
-+Output = 98625cf9741819273a0d6852ca7ab592
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde
-+Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4
-+Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e
-+Ctrl.type = type:D
-+Output = a7b273f04d537856015e06075c94c398
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde
-+Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4
-+Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e
-+Ctrl.type = type:E
-+Output = 3e1afa980d05ec30e9a55331ac301c10305999e2
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001004c48728c828a34a5ff90188cd749d5ccf849d8f96d78072bc8c3a766e4be2c4bfdb8d0310225f05b0373fa582b5a9e78b6a05d958a7b82d944d00697a1ef2119e7545bdf2c6dc2e8cb2215ff58a0163c116b0b326caa50e6384e4e4ab424bfada5d15af1d22f34dc5f8bfd5c823c4b9253fe858a9d7f17bf0be17951bce751b8c2f0b3be25bad6054b39fb2d687d4e69c07d79f4952e65315b1f712cee11707a4984f29df9aac7a7274772f60a2f207ec6a35e1478aa9ae8045dc53417b220bf60124d988e376bf18414400bbe2ac4654716fd26b3a90ae53215ff906364ef82a08686a1977126c64d6d3f381e8477d55f8e79a0e0719089e073fffdbf828cde
-+Ctrl.hexxcghash = hexxcghash:edeac369fd19f7dd1e8e48d0c69f9df5fe5475b4
-+Ctrl.hexsession_id = hexsession_id:30d9cd8d63a203aeff4a99d8c299676f21a2c74e
-+Ctrl.type = type:F
-+Output = b993c4254669c7a51ed713ddaf7174fd5296fe57
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474
-+Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1
-+Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d
-+Ctrl.type = type:A
-+Output = d9c0ed6b7fbf066d4f3cff7d2585ef5b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474
-+Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1
-+Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d
-+Ctrl.type = type:B
-+Output = da13833aa2c086e5d76595132f4e5fc6
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474
-+Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1
-+Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d
-+Ctrl.type = type:C
-+Output = 9e27400587b646397a7655be0e5763ec
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474
-+Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1
-+Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d
-+Ctrl.type = type:D
-+Output = 91b95d5cce7f2aec14776f49f652a305
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474
-+Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1
-+Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d
-+Ctrl.type = type:E
-+Output = a97dc9a99e37c983a4922cd2ecdfa394b71141ce
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010100f6fa934f303a9db720352fca5a6bae671857d44053d61132a6d36d76cee686fd31ea796407306ad3cb500f99b8881641ce304217910179ca03d3638c89419127542d2f6eea999c637070a3a2e2d17419fd2d53a23dc0bbad1333089a64c232c4328ca5d6db233777a93932407741a9fe4c8efd13e9f2f411368fd2035d05175f8710b79a77bd4749df3027eef44f1d050fd01458cd1c6d1fe67d774f4e056533305ad39ecf5a6e4898186b8b66e95c9546081c7df6df7a433887bb0333d0fb16418bb2d399b2be0b02978e5bbc97b57e67e88aa073ba3280a386209029bdc3d8f448eb18e29c87811142629827c54aa19d150b6eb6fb7a33d746b11d27d9d474
-+Ctrl.hexxcghash = hexxcghash:6dffed964fd4044cb99b5f8770abef82d02c1cd1
-+Ctrl.hexsession_id = hexsession_id:d98f1e884633c4632568e1dd0a54e4c8508c279d
-+Ctrl.type = type:F
-+Output = 173d846f9790c742ca86af4bff5f965c6088a05b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344
-+Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97
-+Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a
-+Ctrl.type = type:A
-+Output = 6fa496847cda7367cb32b8be9aae3f85
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344
-+Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97
-+Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a
-+Ctrl.type = type:B
-+Output = 702ac8636520b7c6169ddc660781de9f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344
-+Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97
-+Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a
-+Ctrl.type = type:C
-+Output = 6ffd703180af7c2207d5fa9e467272e3
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344
-+Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97
-+Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a
-+Ctrl.type = type:D
-+Output = 7ae5281e377f230dcc9854cf995f663d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344
-+Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97
-+Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a
-+Ctrl.type = type:E
-+Output = fbcb152df7a3f12a8f174f9ca31bb31b124ae3c2
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001000a341cb148554046ac79686473c7e924486ae79c9dd1878a647687d3562cc81e5379c20df44edd6bfa8b9a26cdc06c6eb5f02272f90992ef58c65fe3e98725e9434a8512aef4c2093d27c57a1aee5f5b6861025001d20b5bc8666c4930107f563035bca6ddc91ff9d15ebb56d2628146d3baa3c6f81dc73602518c2aef4906e08b2ffa67e4528d92b1b3bcbd3a9e421d86413bb355574bb68f94bf75221918ca4f6624445b0afa0c26e270788490cbab1abd41a42200ab9e76a2f8b8ffbe0c5ef7a230b5bf7018cfd170ccd009058092d2446ebe73c5f0bf2d9ceca311502af621880eb18e46edc7832765c00e2599fbb82402b039eb5c5ae376690a717c0344
-+Ctrl.hexxcghash = hexxcghash:4cee9b1867e94911e8f9fbd9ec3375d25c955f97
-+Ctrl.hexsession_id = hexsession_id:2aefdaa6f14ac3ec200a951fd74433cddc01193a
-+Ctrl.type = type:F
-+Output = 3f0c57fbccfb7306cff23bdaf69d70a8a394b34b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f
-+Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b
-+Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc
-+Ctrl.type = type:A
-+Output = 7e37ea52156fad1903709e1d3229721f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f
-+Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b
-+Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc
-+Ctrl.type = type:B
-+Output = c15569583de413e08293bf1689a9afe8
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f
-+Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b
-+Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc
-+Ctrl.type = type:C
-+Output = 0c85227539f5e328c64172280759d9bf
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f
-+Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b
-+Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc
-+Ctrl.type = type:D
-+Output = 3dbc42d9e7128e861b87781546cedc8e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f
-+Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b
-+Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc
-+Ctrl.type = type:E
-+Output = 1ec0d15e38ea1b48da963837dbf30cef855a92c7
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010011afb59055b4e8e0840d76a2d28a3ec1cf3fe7e436b585eab29cc3149e1fa610d979fcc1483a0ea2b426f8e25bc87bae94bdcbeaa80501a3c554d996f1656ac9be75ecefa46273b3ab8a66468cb4a16b3630cbc41df49ebe3917b5afba24d669264e11689f1a401abc557a0c4cf22ad9323056642c2bf7fea0907ba2274b7666dd144e66e1f39371a14ccafa030bad4c6e04f7b22f1e14f9a37ad6aaa3642f66068863a74ed4a07e87494f0ace772b682845fb27efd7f1a99f09b419f43d8443302534e4c59c0d3c59736e47375ff6e96c167247c5196a7c8849adb527e9ccbfae797ea311181978197f924dcf0db7367f84baa27db6e554ba6b764550d2834f
-+Ctrl.hexxcghash = hexxcghash:7ced7b72644be681615e503ecafe0c8f7124c85b
-+Ctrl.hexsession_id = hexsession_id:95d4ca5b0107d3d9f94ef857d7a64f685d3fecdc
-+Ctrl.type = type:F
-+Output = eea8ea042a079fcf8416a8b244fafab35adeca8a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858
-+Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606
-+Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a
-+Ctrl.type = type:A
-+Output = f2faef6e274814ed7ca544484ac21a3a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858
-+Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606
-+Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a
-+Ctrl.type = type:B
-+Output = 3ca9bc0f3c65c257fa160a4d1c5e3520
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858
-+Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606
-+Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a
-+Ctrl.type = type:C
-+Output = fcdf0545b51aca6515bccf6ed0ecb582
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858
-+Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606
-+Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a
-+Ctrl.type = type:D
-+Output = 86ea895a310c3bbd1aac209b2362d58a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858
-+Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606
-+Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a
-+Ctrl.type = type:E
-+Output = 12a4f2b749e2bf88c1f8437e5ff61de761fd48b3
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001002f14b1acdf871bec4ea5720a3e921cf16a796559b2a094a0d1e45021dcabff152a0e3dca4115239454dc407a6474c8fcd395273a6487c6736710610aeb607707b7ef87203a081646af53ba037f29316a3dec4ce80ec04775b8697db46f7e4f4b38d69de832a25cf0a5484c9b36a48950d50dfe77ac5da63a1c2314ffa8cb68f0c201bbfb7a1a89837b9f57465d14635bda2abf601a06bbd8f70af0169c39209dcda9fb1416a9eadb5ea4deb358566190a62a44d6765d9a25b5157ed5e0f5317f0ed3f6eacebe07ba214e2ef9f654dbc2fa3dc2f227124a3f56a40905c9c86cd64b0ed80c4299d86f59d5f06b9c026a28feea5c5fafbe7ba90283de867dd55858
-+Ctrl.hexxcghash = hexxcghash:5fb6dff3272cb949856a57f2645a56d957dc4606
-+Ctrl.hexsession_id = hexsession_id:5160cab836d899193077dc67485ef41669ec5d8a
-+Ctrl.type = type:F
-+Output = a3a9276a120db379ec780e434879a54935db954d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e
-+Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5
-+Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56
-+Ctrl.type = type:A
-+Output = e53f2f61d8919e097cb99627fe668385
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e
-+Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5
-+Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56
-+Ctrl.type = type:B
-+Output = cea80fd8dc06654ed80b0ec150835537
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e
-+Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5
-+Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56
-+Ctrl.type = type:C
-+Output = d5ba475e737bed349b8931ba38d426e9
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e
-+Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5
-+Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56
-+Ctrl.type = type:D
-+Output = f3ea92b4f365ab2fb8403ad8ecd2d17c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e
-+Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5
-+Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56
-+Ctrl.type = type:E
-+Output = 41fa718884738fd6fd9ee9fd5af05f0de9400952
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010060cc18ebbeb9b25cb16a58bfa47644110ceab67f274daf67157e923b70f775a4168bb7911d0e53075044366e503fbffcf3fcf9249e551d69211715b681ba3a28dd133dbada24dcf80d2bf67a1d6c0477f108f8763b30fe28c6d0b54e59e7e580692453d05a30d38e134d6117ca999ace80a57d088228b2a9f001e57d3a8b1cdffe55fda194f01189ec2bb0d99fc8570a9d822a94dddb22f4ba3c88f2ee1045dafa2d106e5c2c09519e47ad9eaf2301569c9258a2deda9d3ea5b0c73f00d8d12579e5931d5253220d60eeb12fcefc98bc8f390e52b3b407280a31283628963c1131b6fd584be948c3fb4d316fa4a1b135513a174cafb0d394bb4afbee6cbe796e
-+Ctrl.hexxcghash = hexxcghash:501c76e6b5791e343fb6e7597e890c7dea7f04e5
-+Ctrl.hexsession_id = hexsession_id:68e1f225f2e63df7bedbab15112b3670f03eed56
-+Ctrl.type = type:F
-+Output = 91395bbd90abb140d0984ed5e77836590bf44695
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1
-+Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a
-+Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c
-+Ctrl.type = type:A
-+Output = 04d3c0a3f5e33ae373c637ef45897779
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1
-+Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a
-+Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c
-+Ctrl.type = type:B
-+Output = c5a45bfbf6d7c14c5d3a953b4848e433
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1
-+Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a
-+Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c
-+Ctrl.type = type:C
-+Output = 3a16d0da2f785e2c325b45109778910a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1
-+Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a
-+Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c
-+Ctrl.type = type:D
-+Output = 902b38dd6c759945e671c1de7d99e918
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1
-+Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a
-+Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c
-+Ctrl.type = type:E
-+Output = b573244de3127f6aa5457e792219dc89defaaecd
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000010072a106d13e5148877457b7a8c853cfabd151d1b1acde6d776b7affc23c653a3b1c893398c7d83e039fbea9dc739dc14f3a9348af154f840d2f88e3c1982758adeaeb78cff050046d26a9a13391099eea03e9fb853e95c117edaac5b36736e63cb5ad72b346cf1fb342169f5e538591988daec82e0e9a2f4a57db22df8af92424f63111d87991345fd4458abab42cdbfcb84abb222701575a50274a7c6cc38355740cc04bfaff33467c816a70242142fd5467b1713eeec1e0d0f2fcfaf66602dcc31c4105d928a7185ebf53a6e792f419f57573e6dc6d1221e6907f6ad958d2a0c8fe096ce43e403316ae92f93acd1cac7878c9011bc71eff81d4353d7b0c13b1
-+Ctrl.hexxcghash = hexxcghash:9acf1f808aeac5b11460192c8f191491b62fc66a
-+Ctrl.hexsession_id = hexsession_id:4c662e4dc764cbcb1b3eed4de4375f85c8b2f56c
-+Ctrl.type = type:F
-+Output = 6cd221005dd1f0de4f472f48d15e61dcc2e91e99
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5
-+Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7
-+Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b
-+Ctrl.type = type:A
-+Output = 5f9deaf2ee4f05af0a8a813ef6bb9549
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5
-+Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7
-+Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b
-+Ctrl.type = type:B
-+Output = a2ea4b795f9c9de1d786d0c771df2b84
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5
-+Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7
-+Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b
-+Ctrl.type = type:C
-+Output = 13f828f8f1e5532a04f138681bc8259d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5
-+Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7
-+Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b
-+Ctrl.type = type:D
-+Output = 7231ce5fd725391e058cd78815f44625
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5
-+Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7
-+Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b
-+Ctrl.type = type:E
-+Output = 937b7e16ed0b2324203cdae904fc55cbe25067a1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:000001003644f9ee24c3ec2e2fe16cdece326cdf5c1309e931bc41f245d3b76f2bdbef0bae58e850e10dcbd0d18356b4f98957a3b95f64c85d1af12ab01fe967e52a632761074f27406a29618192f1cbebae2c25e42f6e9fc00a737e4c92398403ab946a6c33e675e529b5c7364f36d64f07ff65889866dee99293bd5bb5f6454a77bbe0cbfd746d54e5bc948c617c5a1d5d3d2b65fa6a86c5f42c5e01f92a8e97a96f848e50ecb1b495a0e87323b44f5b9dd25ab34a94c077b7490657d1d8f9a9acef2785de82b02ef9fb670faf841ae9b479d2d538ae8e38eaf6e74b884c18c9dafc19b6c9728ff3411537555b3b3b69f6f039958ffb0790e58b09bd8c63819ee50ea5
-+Ctrl.hexxcghash = hexxcghash:4d31fdb68c8f42f38cae260bf6402e47de93aac7
-+Ctrl.hexsession_id = hexsession_id:47caa2c09bb4dc9d6aeb697a76046bdf1fcd879b
-+Ctrl.type = type:F
-+Output = d7536b911dc79d5953455ba6e15cb5fec7c14025
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792
-+Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca
-+Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca
-+Ctrl.type = type:A
-+Output = 9fff6c6a6d1f5c31
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792
-+Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca
-+Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca
-+Ctrl.type = type:B
-+Output = 8e0ae78c64d2fe2a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792
-+Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca
-+Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca
-+Ctrl.type = type:C
-+Output = 9044f963ffb56b94556a38aac5398a7072ffba60258500be
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792
-+Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca
-+Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca
-+Ctrl.type = type:D
-+Output = a861a317ea42b050901aff367b5a1d0abd5c497c77311ba2
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792
-+Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca
-+Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca
-+Ctrl.type = type:E
-+Output = 43225d64b6da6f070925ad1c8b7ac88893f9a7cba0dfc55ddea42eec
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:00000081008de60df019c23966d215d9b8490ac493dfae59b99dbefdad81d2c9e761205c93a696dbd9e538cc57cd3e24c2798d2c56561d6803e8ee24e112babef84ad5a2c571c572339f2b38f1345164314f8f4714047f0c66650f10051044f8dcd256bfe8171302a81ce13f47f7375db80a6bbf8ce7d8f96e03fc6275fd5dacfbdd166792
-+Ctrl.hexxcghash = hexxcghash:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca
-+Ctrl.hexsession_id = hexsession_id:e69fbbee90f0cb7c57996c6f3f9ec4c7de9f0c43b7c993ec3ec1d4ca
-+Ctrl.type = type:F
-+Output = eb31db29bbafca2773f815fa478d927943288588e371ae9ba0414d98
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f
-+Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d
-+Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8
-+Ctrl.type = type:A
-+Output = bf2d6e03ba930c71
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f
-+Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d
-+Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8
-+Ctrl.type = type:B
-+Output = ff14fadc19a0bd8a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f
-+Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d
-+Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8
-+Ctrl.type = type:C
-+Output = 34a70734eaebeb8608cbb91098fa13326f37ccc5d408584d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f
-+Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d
-+Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8
-+Ctrl.type = type:D
-+Output = f993da8f2e840b836c8980fa2d780a1b4eeef77046988eed
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f
-+Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d
-+Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8
-+Ctrl.type = type:E
-+Output = a274441c86dd146cfab25d87344bd5a880d374d300aa8e1fe4919378
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100a03d807fef48a50d8a04d9b6721979c5904412c3bcfe69ebd4c2554debe82a695a66fb9d844c6ef3aa4b745c2a4c8dbc4ba26742e0d1159ded83edca0bec61c7303e81f9d7f3169b7c97573b9184ec3c5286d9646e96595f064d61013431628f5c57bcb1bf79bcd1b0177ab4520c1a1a9b34b5067d9f465c9b03154d57f1b42f
-+Ctrl.hexxcghash = hexxcghash:03af4bd15a37aa7816d826332dcd9daa1537770fd0bcafbafe30033d
-+Ctrl.hexsession_id = hexsession_id:36084ca3dc535b37d533d034d891fabc20e3b0270bb8c008066bfac8
-+Ctrl.type = type:F
-+Output = 7774dc48324cca24901bedc37224cb291d6202fb6b5e1d9315a9bd10
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e
-+Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8
-+Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b
-+Ctrl.type = type:A
-+Output = 75bc82b271311f53
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e
-+Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8
-+Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b
-+Ctrl.type = type:B
-+Output = 602d69e77b8c30b3
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e
-+Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8
-+Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b
-+Ctrl.type = type:C
-+Output = e0c8856a26b2f4804e98809d5b81cdb360b43884a33d4fef
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e
-+Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8
-+Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b
-+Ctrl.type = type:D
-+Output = e661555415bcab0b1f2d4b4387cda213cdd93f8458a2ace4
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e
-+Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8
-+Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b
-+Ctrl.type = type:E
-+Output = a368f66127573c79e2d936032f75c3d11c0131455eb9b6c5384582de
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100d09e300c8b93b8c759f96910b319b8fd9c9c8c1b704b65649f525b6c16732ee37f499ac729bdce9ea493811954849e8eeb449cb2f4485fe78b0f538038178ad3e1b95ef13fcf0134f1199ad742b31d5f222ed7927283a008c970143af46965acde32139c2448db5cc11fd55e534779f1b5d7757b27e3a3881a3596b0b002ff7e
-+Ctrl.hexxcghash = hexxcghash:be8559339a1b231a59a8feae904c00decaf970ff8e83018662c65fa8
-+Ctrl.hexsession_id = hexsession_id:a8378fd158677fac292c5cce8a9efdbd5c5c98ee6f056a5e6e771b6b
-+Ctrl.type = type:F
-+Output = 779f09f514bdf7ed4a01788f10146367ce2ddf2aacebb961524c002a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e
-+Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b
-+Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95
-+Ctrl.type = type:A
-+Output = 386bc0b99215c8fa
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e
-+Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b
-+Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95
-+Ctrl.type = type:B
-+Output = c793dba9a68f70a4
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e
-+Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b
-+Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95
-+Ctrl.type = type:C
-+Output = 3dcaea7c946c2de76811482556299aa9bf96c8eef11fb2d6
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e
-+Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b
-+Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95
-+Ctrl.type = type:D
-+Output = fd078ef65922006809729f9533c8742e9f973f7ff37ba987
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e
-+Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b
-+Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95
-+Ctrl.type = type:E
-+Output = 83a1924fa5f7ceffeba7f519ac51a86a2746a93eb194db51a4596ca1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008057352c4a26aa011e9b9e101736ab6b1369c73f553848d159b01bf2c7671074cdcdc73b8c697649dc7465197c2f17560d0045246410063f20d8d29518e7b25d871886346acccd9ec1b2d74b19b4aff16953714266d1440247859958f010f3fe616859c07315169c5bb5547c6dfdaf4a219daa3a78f546958f56e14fdf64c3b26e
-+Ctrl.hexxcghash = hexxcghash:dca302cd4ee29d88b3f909f73e19d920099b8c18062e875cb762257b
-+Ctrl.hexsession_id = hexsession_id:2f6368dd5f1a6a8db98f74331850c110aa0e58f06a10ca8178171d95
-+Ctrl.type = type:F
-+Output = e16507d1bbd53b41f9bb2f0f21b5112eb6cd1eb0489fb5e754212390
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5
-+Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b
-+Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7
-+Ctrl.type = type:A
-+Output = 0e764ebe0d523aae
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5
-+Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b
-+Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7
-+Ctrl.type = type:B
-+Output = 24bd2eff86c2a8dc
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5
-+Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b
-+Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7
-+Ctrl.type = type:C
-+Output = 26c01e3d56c1b928f65aaa1b6a15f5b8d41de187b4bb5fdc
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5
-+Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b
-+Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7
-+Ctrl.type = type:D
-+Output = e0cc3bdb6d69d10893eeb73b892d746acea151f24247fd9c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5
-+Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b
-+Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7
-+Ctrl.type = type:E
-+Output = bf442ba6ec794f20584528686cedbaa568c13b895f642fe5cb3542bb
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:00000081008d372970f67a75a1748e6967c67a1f5665a3d6f71d6d24ab113bedb42ad544de34e67df7f644f78e5dcfd12e25b7cb8655aa9f07fef59058e42450aee5d4a733887535313e06c7e6426598284fdaa33ff88e1b6174c33199f2630ec42c8d7d9b92ea3d83a1bf8514b153fd9cf9c520636a0de9c6ba8b9318465ddcaa293367e5
-+Ctrl.hexxcghash = hexxcghash:683a0b23e8bf98e03178a032a65e743e429c805b8de04407f73ab21b
-+Ctrl.hexsession_id = hexsession_id:0e9de6ef124b670db44ade438920db01b5e6fb69a482816a303fcef7
-+Ctrl.type = type:F
-+Output = 65ab453e5ffd1b5e1540aa547766d7c177204c319642f93059bdf257
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0
-+Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6
-+Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff
-+Ctrl.type = type:A
-+Output = 45799bbb09fd8804
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0
-+Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6
-+Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff
-+Ctrl.type = type:B
-+Output = b787b009f3313be0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0
-+Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6
-+Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff
-+Ctrl.type = type:C
-+Output = c4cbb547c997e8fddb9e56ef5df91327766668a43a958a8e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0
-+Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6
-+Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff
-+Ctrl.type = type:D
-+Output = b55b7cca0a0363b84b40b79366b87db7c440dec5bf89e952
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0
-+Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6
-+Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff
-+Ctrl.type = type:E
-+Output = 9c6399e5f4db0fc7652268d7423230ee5ffc0a210c26568dc5c0ab7d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008004a70cf5e546c0920433bf16dcda3076d9195b5c35ad6b83b6a51e880f22fddaae0d358e35037bbe1e66f2422c29ff30a39822e067930b9faf59f844441dee6f233635a00c7cb71596f8589194016132ebbe204d98fc7f9bb0b7f4e6b6a68f488a59138d9859729d938de6ace9d08be86301bbd4e80d4650391ef3599a6f0bc0
-+Ctrl.hexxcghash = hexxcghash:a05a5c2d8beb394b7befaecfe3f4227cd81a28d90ac64ec78ce170b6
-+Ctrl.hexsession_id = hexsession_id:1380b38f6b6997a47ce234b7d3d6afb5960e721a348a725704c19cff
-+Ctrl.type = type:F
-+Output = 9824301c33daae0f1b75eb472d6f0b4ef2cea0b2f61e204b6aefb0bd
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e
-+Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df
-+Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970
-+Ctrl.type = type:A
-+Output = 2958928e5fd3c6e4
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e
-+Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df
-+Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970
-+Ctrl.type = type:B
-+Output = aa91bee1a3b3374c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e
-+Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df
-+Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970
-+Ctrl.type = type:C
-+Output = 6fdac559eb1d6af7fc7fbaa4f9a15fd4145b97b9418518d9
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e
-+Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df
-+Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970
-+Ctrl.type = type:D
-+Output = 5a8271402756f7eac59f09b5020f7b05f6475fc3a2e2b482
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e
-+Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df
-+Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970
-+Ctrl.type = type:E
-+Output = 910de4a4a437cab056f7c38037f0196c524464237c5e332e79564a90
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100d07c8a0c16c5f000ff00db6161555ea6b6b400803fe250288a9b88b48ced381de3f46982210216dff4defdbb007e98ea47f891ae3f38e09f56c96913406c13ed35cade3f2f80c6c6402e7ab097decc9e7ecc377b9965991422b54b8fcf34b9635cdc6b1cb698c61cd8377f3fadf1ba9e289d83767ca24370661085461a0b348e
-+Ctrl.hexxcghash = hexxcghash:45dfee14ec8160cb1ccd769d2db4785b9773aeedde0c6ca0f75324df
-+Ctrl.hexsession_id = hexsession_id:0f15315853288a987cec1e0668f34fa54537304f7082673d74d4f970
-+Ctrl.type = type:F
-+Output = 0bfa6ed5dc8ab0fc1bb9feb966d7107137ebf3f754ac71c2a16a9c22
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c
-+Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5
-+Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545
-+Ctrl.type = type:A
-+Output = 82204d79e13252f1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c
-+Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5
-+Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545
-+Ctrl.type = type:B
-+Output = a76ff923488c7bd3
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c
-+Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5
-+Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545
-+Ctrl.type = type:C
-+Output = 8ba3bd224890bdd4dd07d2a5a98e5efcd95d82c66583d098
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c
-+Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5
-+Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545
-+Ctrl.type = type:D
-+Output = a04a3844933ca1bb45848bc1a7626e4c50dc46aa5376d027
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c
-+Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5
-+Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545
-+Ctrl.type = type:E
-+Output = 393f2f152d6c6d063f284cadd1fd9d700928188b7fea31f74b44fbc6
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000000807f046e0e1a0050fe544cd0bf194fdb0a07efe7708498a1b25aad90641e8befdef8f4aacb538ccc446d02d3896e1cc34d9a8becdcc48d10e73460f7c0c58eb51707d37f1eaa0008cb21c89e8b226a3e60c76f9f9f5af2a16abca346a81c66ec0199167b17e0d8cb3baea9a9c700632f585e0cd467e779eba02bc24eff22b6425c
-+Ctrl.hexxcghash = hexxcghash:b63c992199e370cde19b640077bbbac92c6a8a0f206b4d560935cee5
-+Ctrl.hexsession_id = hexsession_id:ee00f86c7ecc4ce74a3ece1699802b7420ca4d49cc74b23399c23545
-+Ctrl.type = type:F
-+Output = f27f2cd72b22e1719f91b912d6c9d180985121d32bd217e348cd2003
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6
-+Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467
-+Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262
-+Ctrl.type = type:A
-+Output = f843e3c6a1621998
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6
-+Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467
-+Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262
-+Ctrl.type = type:B
-+Output = 128b2d8968cfaad5
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6
-+Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467
-+Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262
-+Ctrl.type = type:C
-+Output = d6c4d2685753580dea2c6a6eb6add592011356eb9e868d44
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6
-+Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467
-+Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262
-+Ctrl.type = type:D
-+Output = 92af60f4858f3d14efaac039130389ab9ae1237f0da09a29
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6
-+Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467
-+Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262
-+Ctrl.type = type:E
-+Output = a37af93c8f25e145def1c5397bec2ee2119cc0e0bd4854fe23b2e3d1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000008100b51d0e3d21612b3bde548bf3da6d474166972f602beb1b876b7045a595483ec0bfb707eaf7c0d416d028a3ed7cff460cad66e2284e3190a746d3304678c91b2654b3ab147aece57e3bb5f4d30d4d7c01e065f70b12b9270ebec306a178870d1fd814806c3dbdc16d4bd7e843de8e5414ff336e735bc5c8241ab0ae08197159d6
-+Ctrl.hexxcghash = hexxcghash:1eacc2c8e8ec2c3a5af31c6d498301e82664f60899223ef4348f4467
-+Ctrl.hexsession_id = hexsession_id:ddc879c0f221147bd70a1cedf5578fd8f196290357945fe75e551262
-+Ctrl.type = type:F
-+Output = d44def5fcec300da5913ca109c0fd7a2c2cbcedd2c3e3216c5cb0d95
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a
-+Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217
-+Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e
-+Ctrl.type = type:A
-+Output = 4276fab65090b420
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a
-+Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217
-+Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e
-+Ctrl.type = type:B
-+Output = 00303ca4f9a5a6f8
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a
-+Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217
-+Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e
-+Ctrl.type = type:C
-+Output = 3d67892281e9c6ed6535d7ae69e832f6723afd545763bd3d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a
-+Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217
-+Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e
-+Ctrl.type = type:D
-+Output = 5a5844e6c47eacc172e0012044037668a653758b96310350
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a
-+Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217
-+Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e
-+Ctrl.type = type:E
-+Output = 4783fb6e98db788f6594c2b82e751528590c41780adce2ffba234290
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000000810088a2add0cc5918c649c6bbc82930ae99326188faa20e2cfc8f819cc44bdd99d1638fbbd380197beda58c039c239fdcced533db7ea31635b835f5f92725490e7638d40a017b89f48406faab653aa03721af5d7c5c61d4519e7c07f99974c1f715b1ce3fcffc50b2a6cc9b4e45a76791b862ac87524d2b52fe6c706f5a73e5dc0a
-+Ctrl.hexxcghash = hexxcghash:321ef6b92cae9df351c1b7d2253325536e659df52acd4a8787b45217
-+Ctrl.hexsession_id = hexsession_id:340edbc8aeec53501158ad2ea7650abcbb906348d57b14b61524469e
-+Ctrl.type = type:F
-+Output = 7c60752b0b5a0f0027507ecd88e6af2b78e462a98459bf0511152663
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36
-+Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701
-+Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701
-+Ctrl.type = type:A
-+Output = 2512664639690af9f64afd16d9ccf3d3
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36
-+Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701
-+Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701
-+Ctrl.type = type:B
-+Output = c13223796f394c6d1ffd18c22c09f27a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36
-+Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701
-+Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701
-+Ctrl.type = type:C
-+Output = 7be659a7cbeda28722315d96444a5c98
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36
-+Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701
-+Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701
-+Ctrl.type = type:D
-+Output = bdfbd698c518aa45c35d7afd7bd91150
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36
-+Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701
-+Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701
-+Ctrl.type = type:E
-+Output = dd38b79b081713ac3007ffd88d5cd67f43fbb36c983e0fc1cd273d84
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100d62744a1ee5a4d03d761f48fb63ece42d9204e00016dad042ae7cbe600cb9e93535bc36d2f94d715cf8c2cd948caf876b4948429cb85ac73765949495af8380a56b68d1d3eeb4d9b310e2c53db5f51a7b8382759273c0be30862df81ca420f414c3ea8e6a1fb4875257ccc536e971c8dc07e600e265e642489266604f94ee995f96ef02eac771bb88bc66c57d229edfba1e484fd1c8b49e11e594aefa681f26ea28c348615d3e0a2dc76845d2d19543751ce444c7b65fa449a74639fa13c123d025200efa7012b209400746e03bd6a7bc938b926107da0491407bd952602d14a7fa743cbd51d5090a22c76a336f06b5e6dc5ecf70c803da8dcbff149c5013c36
-+Ctrl.hexxcghash = hexxcghash:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701
-+Ctrl.hexsession_id = hexsession_id:273ab849318045321f672fdf9b4bc250c4b46717374bfb3322bc7701
-+Ctrl.type = type:F
-+Output = edf713ecfb21b9e9c2d9d04c882d5ded433dcf459ff5b0fe7cd45bb1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3
-+Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc
-+Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e
-+Ctrl.type = type:A
-+Output = f3064d3f3ed09eefd34731a2c60c1a80
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3
-+Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc
-+Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e
-+Ctrl.type = type:B
-+Output = 1f7f508d9c4cf1004a220f26e0e6c184
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3
-+Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc
-+Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e
-+Ctrl.type = type:C
-+Output = 2ad48a77fa12fcb5d3d3e98d5bb87d76
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3
-+Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc
-+Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e
-+Ctrl.type = type:D
-+Output = 0433db7fd40d9d0dc9df6e9eed8059e4
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3
-+Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc
-+Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e
-+Ctrl.type = type:E
-+Output = b07884f15910c6a083143ef9bda115d05c9e4c4057c1987c4f78a1b6
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100d9b92844753a5eadc2ef7e84372a56bd096cc1d57a5c282811658d7df87564f202e800c774e75bbb53f47e835f207300ccd4661fd8a73b6ff87770c2c036346e99fadc5193171e1e732f3b6a017808a150ee02c4b6e70d87462e51825a94bda27fa9cbe18c7ef20d0b0201cb7526e0e9bac21b877e5064000290424387a9aa98da563ee2a5ef36af4b442a69eb631b88b8e3a0f073aa5dda589c4aa0e4e007e0d0036a231d52137d724fd60d41f42512214853e7acf8bde77e377842468f4216a15d0c8fe033c2b133bf651c82fda6d227e3c3f0cb7d0a9eba7c35eeefcf683ddde696fdeba5ec124e701f01bf5b0d59a667c75633dea07670b07baa20f313c3
-+Ctrl.hexxcghash = hexxcghash:a510774a9b07b05e4e0eaf9409d77028a511a9565784b69ab3c03ffc
-+Ctrl.hexsession_id = hexsession_id:49c4ad412d13870d0e9c6855e2881fc032aab36fa3ab3598a7f1153e
-+Ctrl.type = type:F
-+Output = f838da7b26311dbd529f742d901709229482cea9d7ac9f0c2cd14200
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56
-+Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690
-+Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53
-+Ctrl.type = type:A
-+Output = d8c60bf582892d2cd03956774614b9f1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56
-+Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690
-+Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53
-+Ctrl.type = type:B
-+Output = bac1bef6d6dd92de55bc174c9db77a54
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56
-+Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690
-+Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53
-+Ctrl.type = type:C
-+Output = bdf96d88d7ac4f0daa62d29948a5c891
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56
-+Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690
-+Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53
-+Ctrl.type = type:D
-+Output = ef0dbe568b4f3fbcb8b2665ed7ed0f8d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56
-+Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690
-+Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53
-+Ctrl.type = type:E
-+Output = 315d50a1b29f9d556c983432b98bf437893c1a892cf69880353d9797
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010012641156f363edf89c1824532fcf379a846dd042ac173d6b9b75651d7aa911ebe75f5dd3b502a7d6ec331f095ed08505e86f51008242357b3d29d75db82619066c2ecb3ba78e8de8fceeb206bfa39ef3e6617d1f20e4a092ac6bd589904fe0ce4fac2d73c7396a54084bf71e929ae0c5c7e67e1795e73f9fab8c6ee90254f27dae6750e1f8769af5b235f9f7aef302f1fc4015f60af34656a1a8187159a4d6c4b3be40abe9ad5cb56a52f5407186b42fdce7a691b917550719fc7eef858030dcb2829a07a39ca279d9deb0487b893d4c7bbc41cde4eb366188f38bdb4289b8a95ae757864e963cbe4f5eced9aebf3b33ebb3c75b7e405816366e609e16f8bc56
-+Ctrl.hexxcghash = hexxcghash:d041364fa73e42f0c9c49d2ad25a758c3f4691761d9caf6dfd2ad690
-+Ctrl.hexsession_id = hexsession_id:1fea0e79508d3b2caf0e275c463626ad7d57c6cfc1da79a5bce2fa53
-+Ctrl.type = type:F
-+Output = 612e3ac6651f9c7d99c532da0820f079292d9b33d36b684198665f5e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b
-+Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a
-+Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f
-+Ctrl.type = type:A
-+Output = e0d36ac1de6cc8514d25ff824bfaaa37
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b
-+Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a
-+Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f
-+Ctrl.type = type:B
-+Output = 58c896b4d1a9507e7da2234a1a538d78
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b
-+Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a
-+Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f
-+Ctrl.type = type:C
-+Output = 5966df5cb582234585b4c4312318f829
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b
-+Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a
-+Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f
-+Ctrl.type = type:D
-+Output = 40d8bdab78c9dac2b2d14d1c8bd41405
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b
-+Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a
-+Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f
-+Ctrl.type = type:E
-+Output = 1af4707570794ff6c718c817ccb9fca5edf22a3a8d493a861633fb7a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100ecfd38c0707d59db0b361a449a22ddc63f055678e253ffbc8324a306ff06e31590fcdf6fc271665335f01af804619f4367489d7829ca756cd14d2147f2c6b2c0355847955ebe89ed2133dc74283732c4f821a7cadcaa9abf661fa9fcf81b0596c454fdac23d79267c5a832979217df61f9bb04c0fa69f5fdae2407da763210f0b7c1097463505b0da86ad71c20c1c57accaae353919cb2708aa378a5ff598d0a4b21b7527b2dbd271957fbbf04f5787076fb7f8afdfb75ddb5fa142ab427e026c87033fe2c6f22454ebace3f77646d0ee447cd1d339c9a21ce86c0b233c7fcbd6d1d165e14d57908777cde654b7fc3c3db7e62951b359ec71fe475356dc6a58b
-+Ctrl.hexxcghash = hexxcghash:7af5885d52c4173000c45dd2b0fbeb21fa5722aa65eecb1bf977248a
-+Ctrl.hexsession_id = hexsession_id:122e2d181cca7dcec6f30a8b027b4d29275d342af5fd82794b24560f
-+Ctrl.type = type:F
-+Output = 4e6edd5d86f0a3b92595fb2d4f0f9b0f0ed1e850c84014224270bcbc
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2
-+Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01
-+Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d
-+Ctrl.type = type:A
-+Output = d30b7efda77a1008d78487fb1c9df511
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2
-+Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01
-+Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d
-+Ctrl.type = type:B
-+Output = 498b3d9f14446a028d1aed8bc4748e34
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2
-+Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01
-+Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d
-+Ctrl.type = type:C
-+Output = f4909273c39ef8819b353cde80f57cc9
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2
-+Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01
-+Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d
-+Ctrl.type = type:D
-+Output = b31337a6ecd02f4beb9bf4af12ea4e11
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2
-+Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01
-+Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d
-+Ctrl.type = type:E
-+Output = 6f3da7bb4b64ad3e1171083a62eca5e755563e639594b848243760d8
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000001002dde91723fa969756f5a597683fa0ef938423ffcf3b3d0262f9ba0d69d72ffc3afbf2ccb9bbc42332f97d3857b44575e30849fe19e77688e9102d9909585d9e53835eee4127aee038deaf8501c70cfd209ef755f84613365d9b2150009f9055300b74c593f8204b84c7faaac87c781e7bdda8c54bf0ec170e4dbf71cd15825c949ebaa934797333124e63db50efe0f33f5224687c097b22d52de36045659622dd214effab378b6bff298c84436831f85540a5eac0b68d51fa1abd18d19ce5452aefe729b7d384e038927ee8f0c2ddffd1cb6ea537a90d9b06bce3bd01fdf4370d62d985ab80417d1256d38ab3874297163a020052b42e73e8ef64950851e7da2
-+Ctrl.hexxcghash = hexxcghash:590c8e3800ddfd382f0b3023c7a8753bd013e756855ffbca1dee0f01
-+Ctrl.hexsession_id = hexsession_id:5e4528c7ff85f2ed7d632c4355e2524438ee83ef0e1695524921408d
-+Ctrl.type = type:F
-+Output = e88506aa4a4ffa33675c4a296abf91e24450a496e56f8465e9a7525c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56
-+Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143
-+Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c
-+Ctrl.type = type:A
-+Output = c5cbb653102d99457c33c88921b5dbe4
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56
-+Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143
-+Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c
-+Ctrl.type = type:B
-+Output = dd9b1c786c7f739832629f7666e4e21e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56
-+Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143
-+Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c
-+Ctrl.type = type:C
-+Output = c33d08d706ffac1811f157526b08086f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56
-+Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143
-+Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c
-+Ctrl.type = type:D
-+Output = 5750b617b71a239d99fc412796f6d986
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56
-+Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143
-+Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c
-+Ctrl.type = type:E
-+Output = 4c2edee4688119e17723fede94d81c141cb2dd632dde5e223fcd12c2
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100be7e6428be4ff862e2b9fe69f055bbbeaa51b7666d51e1ad2e5fe12e2f7a171121147311780840e5d1345c6a24eb3e2d7bace8c88cddae9a062c7aacc7ae87d31ef7d4c52dc2e35f364266c9c34e1ff703a61a8fb39397344ac94e75a42fc956dcc887e50e67018d5a74c89c1a8555ebff4a4baf5b4916aea1dd95c126df390882143908821ecf68511e986bd379cf0871fe1a2679241b339f3317f76c65dc2b121e15a0b8891d9c0120b8a8a383a1dd5eb6fbd65d22a03b7987f843d454e4e1f09b9e2d37ef2be72b7f8accade301c772f74a582afab960dfa43a167275771f6a9be5a9f275cea55e9661a54b1c3210042f824fe783969fa60ad23b748a6b56
-+Ctrl.hexxcghash = hexxcghash:97e793420ceda1730dac88f0d7dc52d8713a79a0b48ddb2af45dd143
-+Ctrl.hexsession_id = hexsession_id:16dd0d6aca3757eec6e9dc3c4a5f590cb7911cd3cabc80815527b73c
-+Ctrl.type = type:F
-+Output = b48103cd81397bed3bf618b2ef30a44ea806b0ad07aa098a8a33273e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de
-+Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9
-+Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba
-+Ctrl.type = type:A
-+Output = c8bc1d232edd620e0282af630d596a6c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de
-+Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9
-+Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba
-+Ctrl.type = type:B
-+Output = 6a90269aab1a3e3612eec97a45db11e1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de
-+Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9
-+Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba
-+Ctrl.type = type:C
-+Output = ebb8a6227e789d33fa072355cb2851ac
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de
-+Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9
-+Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba
-+Ctrl.type = type:D
-+Output = 9662ff73b11bd2978ffceb7545f6054e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de
-+Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9
-+Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba
-+Ctrl.type = type:E
-+Output = 9eb35f9a8a6155b81b8dda117f5d631cc4eddea4b4912147513bc4ec
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100c810e36b6ae23b2dac234f36b4ddfe820762b53478eaea205cdab848c384f2c5fe262bc471971ff42a1ff8fdfff81cdc66371a75e9fda5d7d0bd656523603255c3e0970435f995948ec98d87942cefe2194e475a507e2928e0cfbba63962c75794aa53e8a385a5d1599d88dd1684a827914da576f9e06caaecc586bb98425621a5afaf86003cabe86fcd3964a390f47302bbbee8536f24024c5c31f031e80e6bcf2a3e24d4f0b6bd42250996f12a8a5c99b09a42a737e3cbf481e002c334fe3b7626419266e0036339b1592d3bf43245c449a65e43946e60112c1f8aff8963ff56e365c6f56c36b2208eadf591360554d2b116d3374341bd5779ebcdf7ba93de
-+Ctrl.hexxcghash = hexxcghash:f8a7854ec21f252f679b924f0f3d34639fe976de146ddb8e93c4e4d9
-+Ctrl.hexsession_id = hexsession_id:6bebea19564c0f65dd96446496f7d7c7198a5b08bcdacf29449808ba
-+Ctrl.type = type:F
-+Output = 3e137e015973e21c37a8de81cc812683d506fc35699114b31c06797e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4
-+Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3
-+Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e
-+Ctrl.type = type:A
-+Output = cc22a730c15abf9628f749fac9d3f935
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4
-+Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3
-+Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e
-+Ctrl.type = type:B
-+Output = 188c477061a597384b1d1e417dc04f7d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4
-+Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3
-+Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e
-+Ctrl.type = type:C
-+Output = b309760dd9f0d65c6edcdee3a3457c33
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4
-+Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3
-+Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e
-+Ctrl.type = type:D
-+Output = 1b8674f603a78f16fb979d6db70f6795
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4
-+Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3
-+Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e
-+Ctrl.type = type:E
-+Output = d881ac0cf62ecff2eb7d3c8284cfd4b95e003c435f6a3121ab0c65b0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100940a3535b876a90210236f8571e20cb04d287ae7217b95d75c4170e8afea4d290bc41e736cdd1b470b02ce8b74ca4cdaa121bbb3b31df3f2c847455ef21b61e0c966bdb8cf58fb94819108c7feb9551c5dcacc37fec5fe4e9a59818e93ed08f3477632c62304fb2ba05f7fa8611970adb39379ab7159baa3731fb1fceba201a1858635b92d938b195a44612ffddac3f2b5db59b47c9f90b66e76b3e901887b27312e1043b000b5ff21d4fff4b5fc06203403387fe28837c4d367dbe2c73e1ec5c4e867cc99dca2bf8171aad1498b37bf0d17e5fd64e411386df72667d824e4514530cf6021ca8880154212884f5fdb44a0c8745a4049971de370eb31c959dac4
-+Ctrl.hexxcghash = hexxcghash:4688aa9bceb36ddab933675e6963357b2bd0daa5e1984a06fc7f3ff3
-+Ctrl.hexsession_id = hexsession_id:fb72bca26e61577066d7c5093ac9281fcf06ae3250b43228b067b86e
-+Ctrl.type = type:F
-+Output = 9a7560e7976c7fb0153fc94e51a7dead3b7f8954d1efa7ed6be77858
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36
-+Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd
-+Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c
-+Ctrl.type = type:A
-+Output = b842e2900a8c1f7d7c3fa465d46142fa
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36
-+Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd
-+Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c
-+Ctrl.type = type:B
-+Output = 5e96f771c176fafd18d4aa0bc07dc5d5
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36
-+Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd
-+Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c
-+Ctrl.type = type:C
-+Output = fe5fca0a03e6f8ac95ba4e882c64fb8c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36
-+Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd
-+Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c
-+Ctrl.type = type:D
-+Output = b952b4e6f2010ebdac7ee10adb90f9ef
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36
-+Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd
-+Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c
-+Ctrl.type = type:E
-+Output = 819db930507c1f8e1617dc74e78de9f4abb02b7089d764cb20d14c56
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:000001004b9f55f17de634edb39218b30f224ae8ec64edd6e0c49dd00a52ac11e0a4089ccff931838ce5c02f449ffe33c14fd0a9f11da7d783787a03defc7931ce638a31aa11ddc4351e54480bea637857cae6cf30e03d392737fe2b3f234115903ab43f97d4fdb49fb987650610d9a0ca51b70839d0fc9980de371acc78ac6eaf5f5ac5008eec0f5aedd0f95496f27d2858477fc54d3113fe7884047596d5705d1dd974875872fc7c9111bdc5da73b317331c543f60687fc1ecb3f3853787a64fd94335b570a99fe2544acde49f99b96ef473dbcb16315b9e7ee8c3a20feb36636c1fa39567c2efd2b7827e38ab31607f6a3cff1fc7edf8612380e4af93c620bcd6ac36
-+Ctrl.hexxcghash = hexxcghash:0d18d069225d0db81b8bb979635dc9e89999a74ad6b02022189150fd
-+Ctrl.hexsession_id = hexsession_id:1f42aa7a240d8b412fc26bd18f85ebefe59641d19a1e5e3681560a2c
-+Ctrl.type = type:F
-+Output = 79be1ec6ce722e98bca50a25bbca581318b6227c9fd346d67602958f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177
-+Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308
-+Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c
-+Ctrl.type = type:A
-+Output = 4d40be7041ac4c74d56d53855fead94f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177
-+Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308
-+Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c
-+Ctrl.type = type:B
-+Output = 501781a04c919226a9e2dd6d7a880568
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177
-+Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308
-+Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c
-+Ctrl.type = type:C
-+Output = fe183f0e31d4bf9ebc9364e19e422385
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177
-+Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308
-+Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c
-+Ctrl.type = type:D
-+Output = f12c0da703e5bedb2921a0e1795eb62f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177
-+Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308
-+Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c
-+Ctrl.type = type:E
-+Output = 1d34b1ae23af48c25db971fe0f95c2fdb4e269ca435b90e0e22ee720
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA224
-+Ctrl.hexkey = hexkey:0000010100a0216e73007c1b53dba18acb5592ea68ab7719d9fd2f24af3e2968024933a5e68fcb1aa8b187f42972815f12d5f995c15d2d3eab84cfb869db413dcb328d045df23646e65179a53e3cbe1babcd6e6a5e300e33be1f5ed5d7eb1661a0ae6d8e6dd8f156eed726b30df6b9eee7e9457189b140de7671a1c7790938617e1bc95b8ee8bb9229f98be158a569bcb799869c445484d30d6019db44d97dcfd9b47f5a36418e3d5ec88037c172104d44ac6e770cbec415fbfce8ac9257074ca5fe003a4836001c8331f1845c1069d0610a62378e1c32ae512ffa22032f28245ee7ae957348a484bef3d295463b293975d787d45c480903f3eb35dcfd140161606f270177
-+Ctrl.hexxcghash = hexxcghash:0f85b7ee92fe1a95c0aa0103f10092f04ba613a37e118f8fbb43e308
-+Ctrl.hexsession_id = hexsession_id:25d9a92c96b98ecc31e6aca945899e93607848caf2c332efc03f9a0c
-+Ctrl.type = type:F
-+Output = b77dce4e2211c8e2b4fba841ba45d7f136323999ed9a4d306fa411a8
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e
-+Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642
-+Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642
-+Ctrl.type = type:A
-+Output = 41ff2ead1683f1e6
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e
-+Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642
-+Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642
-+Ctrl.type = type:B
-+Output = e619ecfd9edb50cd
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e
-+Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642
-+Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642
-+Ctrl.type = type:C
-+Output = 4a6314d2f7511bf88fad39fb6892f3f218cafd530e72fe43
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e
-+Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642
-+Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642
-+Ctrl.type = type:D
-+Output = 084c15fb7f99c65ff134eeb407cee5d540c341dea45a42a5
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e
-+Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642
-+Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642
-+Ctrl.type = type:E
-+Output = 41ec5a94fecce7707ea156a6ad29239a891621adacbedb8be70675008d6f9274
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100875c551cef526a4a8be1a7df27e9ed354bac9afb71f53dbae905679d14f9faf2469c53457cf80a366be278965ba6255276ca2d9f4a97d271f71e50d8a9ec46253a6a906ac2c5e4f48b27a63ce08d80390a492aa43bad9d882ccac23dac88bcada4b4d426a362083dab6569c54c224dd2d87643aa227693e141ad1630ce13144e
-+Ctrl.hexxcghash = hexxcghash:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642
-+Ctrl.hexsession_id = hexsession_id:0e683fc8a9ed7c2ff02def23b2745ebc99b267daa86a4aa7697239088253f642
-+Ctrl.type = type:F
-+Output = 47d3c20aba60981e47b30533623613ff1cacbcf1642fb4ad86ee712f2aed9af8
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f
-+Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006
-+Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed
-+Ctrl.type = type:A
-+Output = 99bae6531508705f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f
-+Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006
-+Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed
-+Ctrl.type = type:B
-+Output = f25786f02f199737
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f
-+Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006
-+Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed
-+Ctrl.type = type:C
-+Output = 97621bf882266f905da78cf193fc31f642acbb60957c41b7
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f
-+Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006
-+Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed
-+Ctrl.type = type:D
-+Output = ad98a86a2386280912efea50f790e800a7758f7dade5d77e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f
-+Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006
-+Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed
-+Ctrl.type = type:E
-+Output = f92d052d3cdf34dfc69bc60a489c3a3553f4356596c191931d08fa20551273b3
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000000800faa172b8c287e372bb236ad34c733695c13d77f882adc0f47e5a7f6a3de07efb101207aa5d665b619826f756591f65310bbd2c92c9384e6c6a67b42dec382fdb24c591d79ff5e47737b0f5b8479694c3adc19401704912bbfec2704d4d5bebbfc1a7fc796e277634e40851851a187ec2d37ed3f351c4596a5a0892916b4c55f
-+Ctrl.hexxcghash = hexxcghash:a347f5f1e191c35f212c9324d5867efdf83026be62c2b16ae006edb3378d4006
-+Ctrl.hexsession_id = hexsession_id:90befcef3ff8f920674a9fab94198cf3fd9dca24a21d3c9dba394daafbc621ed
-+Ctrl.type = type:F
-+Output = 147a771445123f846d8ae514d7ff9b3c93b2bceb7c7c9500942161b8e2d0110f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0
-+Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3
-+Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655
-+Ctrl.type = type:A
-+Output = 93da642974d71e52
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0
-+Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3
-+Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655
-+Ctrl.type = type:B
-+Output = df2035ad67457151
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0
-+Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3
-+Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655
-+Ctrl.type = type:C
-+Output = 42067bb0535da6701232a0f39ac7f436535af346c4786af5
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0
-+Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3
-+Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655
-+Ctrl.type = type:D
-+Output = 08a0181a6c373d39540409dafb1b4e2359bc249af33bcfe0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0
-+Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3
-+Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655
-+Ctrl.type = type:E
-+Output = c043b5aece7cd2685c6dfb3788d7a562d6622d20f6d7e07b38aeb47c649dd99c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100db8205ad53a96bd4c111ad8dc8dab8196f04557d87a5ac90b1013eec71456ca80f0a59af26f9ac6eb91ee51cd601602fe9467550d1f09f417f94e4df2aa5fb941a33ff7764b4d57bcba77f549959ca4fe5d568ff5d20702fcfef904d07f9182bd9936da1fc63d0b11cd573bc0ed9c4e7bb07b5c77c4214d457ca5b0a4410d7b0
-+Ctrl.hexxcghash = hexxcghash:a85aa36aeae3f8a948ffa077509f183f2894b52930a79a06bf8783e501d9cae3
-+Ctrl.hexsession_id = hexsession_id:6629bb9f32e259935f946e73543bf65830e78ddab691a8b885f3444f976fd655
-+Ctrl.type = type:F
-+Output = cbe67a93ac758d9f2a6ff580bad5a44bb1a1062c9e20d5c974decb7aa2b0faa0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c
-+Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647
-+Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4
-+Ctrl.type = type:A
-+Output = 320e807fab2b10f0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c
-+Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647
-+Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4
-+Ctrl.type = type:B
-+Output = 7b8f91be4dcd59b1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c
-+Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647
-+Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4
-+Ctrl.type = type:C
-+Output = dec6e67a94b3ddfcd32a24d6026c6951d00b6f4402d32c1a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c
-+Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647
-+Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4
-+Ctrl.type = type:D
-+Output = 2ef3cea4588ad928ac3e8874f3e1f613f2d50787495acc32
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c
-+Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647
-+Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4
-+Ctrl.type = type:E
-+Output = 72f93537328eebeec1b5ca88fedb41bf4d9c6279e4fe8d13c38da72a39739ed8
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100d97164957831bbc57c91e0a5c9ece230b4625d14b9d07decdc971cee28d28c2938d2f8b682bc33bd67458fb90120dd6a2ca5255fbe3daeb0325029e15b5e3135aae5081894da98fb4e4d578890c5a4b6a359097bf5e2c403f77b0398d12795d6c895ed979e792d13f5aeb3cd62799d9a509cb4bd8e2bf5d8b08498abccc0790c
-+Ctrl.hexxcghash = hexxcghash:81c3e6d1a6aeb3f3fc111a9e1467a7e569b9debbfef48fd31acd0d8b9b50a647
-+Ctrl.hexsession_id = hexsession_id:068d4a2ebf66a0a6f75d3e76659c72a7f70630f98872e6f48c45ad862fd9b2a4
-+Ctrl.type = type:F
-+Output = 55dcf2c322b9c94686edbf9314d7c93bd9651e2ebc64f1a299d7176577d65b32
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62
-+Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81
-+Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e
-+Ctrl.type = type:A
-+Output = f4dbc41aa23e1621
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62
-+Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81
-+Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e
-+Ctrl.type = type:B
-+Output = e53b40c511180817
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62
-+Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81
-+Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e
-+Ctrl.type = type:C
-+Output = 70fed9412989cf5de908ad429cb92065fd5ccc081477abba
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62
-+Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81
-+Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e
-+Ctrl.type = type:D
-+Output = 3afdb0b4b4bc13e8731bb92e541b7d82a0b20d8878ce184b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62
-+Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81
-+Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e
-+Ctrl.type = type:E
-+Output = 59937f257aeef0806038543ced541990e5c2243881818edf2c522a54b64e9e93
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008001223839219fa4dbaf2b88deaa058bed95793bd6079e670e88eecf0a391ae7ce2d3bf129e11273aad0d0047b84960e6f73fa3de394042b4254c7850fddc7525dcf27fb9bdcafc604626aa25e08c938a27c80ca97a4c1a2662f4e8485e016c75e4f4e6861f5bbd694bbd6492cbffa95128dab52d8a3d0316bcabd5da2c789dd62
-+Ctrl.hexxcghash = hexxcghash:7817d37fe11f3499feda39bf21ce7755040a0091e61e8eb585e6299c6673db81
-+Ctrl.hexsession_id = hexsession_id:2b7ef879949594c35dbccdba0ba4959e3a2fad446c5ce35666e400b7214fe69e
-+Ctrl.type = type:F
-+Output = 187532105293274b841918e3ab51f5dd0453d4331e85f4e06b775dbce4979cdd
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2
-+Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864
-+Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323
-+Ctrl.type = type:A
-+Output = 3cc220d5bb9b5346
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2
-+Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864
-+Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323
-+Ctrl.type = type:B
-+Output = 051e3c79aede7e41
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2
-+Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864
-+Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323
-+Ctrl.type = type:C
-+Output = 44c2b4725965ee9a2bce58d38e2e9a778263c415b21a25be
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2
-+Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864
-+Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323
-+Ctrl.type = type:D
-+Output = d5de7a801956b934d820f9aa51bf1dae2a7aec7ce5ce4e50
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2
-+Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864
-+Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323
-+Ctrl.type = type:E
-+Output = 7d2039a6505e3220535fde0ff71464f3971580f50711356760b225fc3053fc19
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000000807d3783ce1f598c3279e8a33f3e8bfe9c255979034f43d107bb3dd6cb21ff67d945594929f2fd7bef74679be81d3ad6c1b472293d1060242d720ed2fb250fde838064eec64d75cb9d5d2ec09c9e67e3bf48c0d0a92577f8bf6e05cfcbaafcd243369f30f14d24a4ad2c1aaff528e03198227135d26839fd45cd60678ae41307c2
-+Ctrl.hexxcghash = hexxcghash:2efc2c1be24e1259105757bbd2c518d62ae52400451347aa90e2aab00bc58864
-+Ctrl.hexsession_id = hexsession_id:2df7d0dbcb1beb17ef1a8b9884c9d6d8833b5039797a5fce61e7a2490405b323
-+Ctrl.type = type:F
-+Output = b0972348a031ef2e87d42611e53cf0c4782d759ecdcc1390318eb11e1925ac35
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285
-+Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517
-+Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506
-+Ctrl.type = type:A
-+Output = cdb047beecd92d84
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285
-+Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517
-+Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506
-+Ctrl.type = type:B
-+Output = ef378e894d8f675e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285
-+Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517
-+Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506
-+Ctrl.type = type:C
-+Output = 23ee42a437801e87348b3999bde76147a8731e318db57752
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285
-+Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517
-+Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506
-+Ctrl.type = type:D
-+Output = a3f50e3d14498f15e1f111cc929648011d6abfb58e90df1c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285
-+Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517
-+Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506
-+Ctrl.type = type:E
-+Output = fb6a020561e46e521344cb671a50175afd63ded91eedaa1b2879c3a63761674d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100b44b386751753bf1fbfe100b11761766aaef16b2786462ba9561d3b493581254a1c1556ef611fec70146a864f8860c6317f294d06aec94129740c78035411992492825554362d25bf2c43a2e8a4d22e5d4777c593c8686966684b95e8e4535fc0b4a0e53264f22cf568469e829a303cdd06c09d8f74ccef6b6028fde782a7285
-+Ctrl.hexxcghash = hexxcghash:8c691585cffd38a6ad0fd751da66c1a0f2b46ad6c12348b5a89cd24f39e76517
-+Ctrl.hexsession_id = hexsession_id:2d93238fe20a860db2fb8fb4c5a0525a2f8817abbb53773e4af9fb366a213506
-+Ctrl.type = type:F
-+Output = 567a79e7c4b10d62a420ce2ea740661c08d9459ed636ecb4edebcedb17b0baba
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96
-+Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df
-+Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91
-+Ctrl.type = type:A
-+Output = 1f9e7ad5592ac73d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96
-+Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df
-+Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91
-+Ctrl.type = type:B
-+Output = 15b254fe3510dd77
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96
-+Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df
-+Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91
-+Ctrl.type = type:C
-+Output = 88eadd5802e1a748284684438eb1b1bdc9b20ea30c59950d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96
-+Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df
-+Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91
-+Ctrl.type = type:D
-+Output = 277c2c4ad3d4a3bec4bdc5329bb5f9d4e39aa06b1e115e77
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96
-+Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df
-+Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91
-+Ctrl.type = type:E
-+Output = 090d2f273a690ed1d67dd9919c34385b18a661f8657b84bef6832f2396771979
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100b3462ee942f026de0922ab88b6ebf5ee2c968a4e12cbf374593f3542c6eb619ea1ec29b958c65a83305c37008de3b691ec020cc989e6c5393dae36bbb3bf0d1a29ed0bab6d23f60e63e277119b7a4c0a5fa96d9c043a5ace58034052ffb71b8bf0eaea8a6bc9a9834c512d7470122c71908a44ef7f3227b512f6971c82436e96
-+Ctrl.hexxcghash = hexxcghash:3d5d7f742b08976755e2eb8457f1d9401d918bbf7e201fe0742f00ae799082df
-+Ctrl.hexsession_id = hexsession_id:50bcad2970e07c3ad3f14db05d451d77304fe70927ba26815fcaf1f3a723af91
-+Ctrl.type = type:F
-+Output = 1f3082fa5ac8ec565595c4c5b8a7ddbba88ed4936fca913bba6a8715dc856f30
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6
-+Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1
-+Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2
-+Ctrl.type = type:A
-+Output = 3aa08d67c81310b7
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6
-+Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1
-+Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2
-+Ctrl.type = type:B
-+Output = cf46596878a17a87
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6
-+Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1
-+Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2
-+Ctrl.type = type:C
-+Output = 871db438b8b33c2102ddab0c1f7be51ee4c2cbdf52a01a58
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6
-+Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1
-+Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2
-+Ctrl.type = type:D
-+Output = 04ac13599b84c22be0f1e5f7b96def31598e6ad36be412e8
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6
-+Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1
-+Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2
-+Ctrl.type = type:E
-+Output = f00c83a8afb5d1793749d4aae825b80e67ccd7f67e08f572222ccf42126ea2f0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000008100831889c603d4dc01d0d9f19f07ccadb6a9fa7662305277d59efbc872f38325de2ec2151f58649f5fd15ff3a099f0191dca69be0b9c88ef729fe74af849cc8e7479f8a5406842af88e12167607103cda449a1394c86b2c21d4083cdee216f74078d4e878b352df901727870815528ae99f74f25c21a8a39772940d871badb39a6
-+Ctrl.hexxcghash = hexxcghash:f77992d066bc305419a6c1b0879008856287b95ec20c2b1be5a5c8189cadbbb1
-+Ctrl.hexsession_id = hexsession_id:15bd2e8c86d23eace4a581377ef8a3f5266dbd081cfcd01ab2b68506438228a2
-+Ctrl.type = type:F
-+Output = df0570749d67136095b0dda6d461676b7eeb9a386f126306d436cab16dfd1b3c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071
-+Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f
-+Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4
-+Ctrl.type = type:A
-+Output = fad800cbf8975a01
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071
-+Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f
-+Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4
-+Ctrl.type = type:B
-+Output = 679a118bda1f15a9
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071
-+Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f
-+Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4
-+Ctrl.type = type:C
-+Output = 5193e9b3b10b7939b79b967b98e6cf3396758eaf8263edf2
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071
-+Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f
-+Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4
-+Ctrl.type = type:D
-+Output = 3f5de8bec6d737836d3a91480ac76c19d0a90bc146f02d5c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071
-+Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f
-+Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4
-+Ctrl.type = type:E
-+Output = ce7be4fffd0ffd09ff45889d10c7be0edf922422d01cb71b737c6149bb1a2d05
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000081008fa89f9f89a2a2417a9461451a4b97343afd46552a8700e588638b0ef0ae568ffbaee2727ae3ae96271aa33b8439c1a4bad313ea42605ae0902817d91577b6a3c72fc576ee29544c1d6323bad205317d2265c533d82ed27a2dea64a8545c64e9772e81ce1cbfe265a51acfae74b72d5365366263541e50a567c3ffa594eac071
-+Ctrl.hexxcghash = hexxcghash:4d071ee398757c548fa72f77ed94d5b158a311d3655bb7a6e324c4e2a26be84f
-+Ctrl.hexsession_id = hexsession_id:d1d34becf667002ace16be10726cab3c7d18ce7414759f62a83cb4cfaaed77f4
-+Ctrl.type = type:F
-+Output = 60f413c9bcc42dcf0acc53d513dd8bc703f7e5d668f4e043f13028dcf40880b2
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222
-+Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d
-+Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d
-+Ctrl.type = type:A
-+Output = 81f0330ef6f05361b3823bfded6e1de9
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222
-+Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d
-+Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d
-+Ctrl.type = type:B
-+Output = 3f6fd2065eeb2b0b1d93195a1fed48a5
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222
-+Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d
-+Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d
-+Ctrl.type = type:C
-+Output = c35471034e6fd6547613178e23435f21
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222
-+Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d
-+Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d
-+Ctrl.type = type:D
-+Output = 7e9d79032090d99f98b015634dd9f462
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222
-+Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d
-+Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d
-+Ctrl.type = type:E
-+Output = 24ee559ad7ce712b685d0b2271e443c17ab1d1dceb5a360569d25d5dc243002f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001006ac382eaaca093e125e25c24bebc84640c11987507344b5c739ceb84a9e0b222b9a8b51c839e5ebe49cfadbfb39599764ed522099dc912751950dc7dc97fbdc06328b68f22781fd315af568009a5509e5b87a11bf527c056daffd82ab6cbc25cca37143459e7bc63bcde52757adeb7df01cf12173f1fef8102ec5ab142c213dd9d30696278a8d8bc32dde9592d28c078c6d92b947d825acaab6494846a49de24b9623f4889e8adc38e8c669effef176040ad945e90a7d3eec15efeee78ae71043c96511103a16ba7caf0acd0642efdbe809934faa1a5f1bd11043649b25ccd1fee2e38815d4d5f5fc6b4102969f21c22ae1b0e7d3603a556a13262ff628de222
-+Ctrl.hexxcghash = hexxcghash:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d
-+Ctrl.hexsession_id = hexsession_id:7b7001185e256d4493445f39a55fb905e6321f4b5dd8bbf3100d51ba0bda3d2d
-+Ctrl.type = type:F
-+Output = c3419c2b966235869d714ba5ac48ddb7d9e35c8c19aac73422337a373453607e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3
-+Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2
-+Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc
-+Ctrl.type = type:A
-+Output = 36730bae8de5cb98898d6b4a00b37058
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3
-+Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2
-+Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc
-+Ctrl.type = type:B
-+Output = 5dfe446a83f40e8358d28cb97df8f340
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3
-+Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2
-+Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc
-+Ctrl.type = type:C
-+Output = 495b7afed0872b761437728e9e94e2b8
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3
-+Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2
-+Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc
-+Ctrl.type = type:D
-+Output = c1474b3925bec36f0b7f6cc698e949c8
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3
-+Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2
-+Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc
-+Ctrl.type = type:E
-+Output = b730f8df6a0697645be261169486c32a11612229276cbac5d8b3669afb2e4262
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000010044708c76616f700bd31b0c155ef74e36390eeb39bc5c32cdc90e21922b0ed930b5b519c8afebef0f4e4fb5b41b81d649d2127506620b594e9899f7f0d442ecddd68308307b82f00065e9d75220a5a6f5641795772132215a236064ea965c6493c21f89879730ebbc3c20a22d8f5bfd07b525b194323b22d8a49944d1aa58502e756101ef1e8a91c9310e71f6db65a3ad0a542cfa751f83721a99e89f1dbe54971a3620ecffc967aa55eed1a42d6e7a138b853557ac84689889f6d0c8553575fb89b4e13eab5537da72ef16f0d72f5e8505d97f110745193d550fa315fe88f672db90d73843e97ba1f3d087ba8eb39025bbffad37589a6199227303d9d8e7f1e3
-+Ctrl.hexxcghash = hexxcghash:fe3727fd99a5ac7987c2cfbe062129e3027bf5e10310c6bccde9c916c8329dc2
-+Ctrl.hexsession_id = hexsession_id:fffa598bc0ad2ae84dc8dc05b1f72c5b0134025ae7edf8a2e8db11472e18e1fc
-+Ctrl.type = type:F
-+Output = 14a5ea98245fb058978b82a3cb092b1cca7ce0109a4f98c16e1529579d58b819
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc
-+Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462
-+Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410
-+Ctrl.type = type:A
-+Output = 32d20a3f5e92b20fe100f4f41a1ad53c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc
-+Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462
-+Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410
-+Ctrl.type = type:B
-+Output = c3a3ff57f99187ba011fd422100af577
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc
-+Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462
-+Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410
-+Ctrl.type = type:C
-+Output = 8517903c49d5a59ad8ef7cd8591c6b5e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc
-+Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462
-+Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410
-+Ctrl.type = type:D
-+Output = a5ad201101a617f1cd5b3a2baa3b27f7
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc
-+Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462
-+Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410
-+Ctrl.type = type:E
-+Output = 16747a23fddd72f785c5d61dfb81a5a38555f5d8ff1dc5ae4fb423b82adfe05b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101009b1c637286720d11a9030260e35726621f54115560c443ded98d5622f4007cb65427ba8ae0831f34452349993c74933466f3307e11452150f4640010ed7d1ab87656232d9659d9982e8227c25d648189d2bdda3283aa5dec8a2105af0fa840592a21d96eebb932f8ff36f94a2e4fc3819d7c9f0d26a472fb5ae5a43a2d4906247d59c42512dda252205f60042e1900e1581127f25ace253b62a83f62d4703281a294f240df2aa34ddf437c9f278278120bc10e2cb99f7804ecd6741b1be5520c553cb89747f79b4e4efd3cf09b484eb1eb034d220da457546a2ebb28d7f2faf67de0630757b8ae05e27a761956d2e190fe3fb93b1c7c142f62baeb089721cedc
-+Ctrl.hexxcghash = hexxcghash:cad407a823551726f9bdcb78e8f351536e4406e8ee64947ecc0074662c7c0462
-+Ctrl.hexsession_id = hexsession_id:a9c8207642627e6ee872999123b29e36abfdd071dba36ea6f0c11dd59ea46410
-+Ctrl.type = type:F
-+Output = b1b1bba896b0fd75a90187eae6cdf744d23884caa5f4ca979ced327ca1239771
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528
-+Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20
-+Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d
-+Ctrl.type = type:A
-+Output = b5c636c93e002f1fac0b78eb423d92cf
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528
-+Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20
-+Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d
-+Ctrl.type = type:B
-+Output = 64d82bef35e924abf030fe42cda10e81
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528
-+Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20
-+Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d
-+Ctrl.type = type:C
-+Output = 76a1b8b85d0ea49c68f30d7448155901
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528
-+Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20
-+Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d
-+Ctrl.type = type:D
-+Output = f136e09324b1ef12b92bf35d5b3dd8e2
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528
-+Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20
-+Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d
-+Ctrl.type = type:E
-+Output = 77abc45165b126f9127d59fbe655140cd3f768cd0498c29aa69cb5d65f7b0d50
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101008cd7061a3591b477989a4deb1bfc6debe874f753a4686eef11d1fa0e6796800db97c38497992b220d6e40d8f9154743b533666c8689db8cdffd38ac4009f85cfc6e48dc2fe94f78870138994ab4189e8d461a00b03425d8d838061b44e7ccd41e3a0332ab68afbf2919763c9f03747637db87a50d766504199fba6c34d216580fcd77756a6004ff485a79cdb646f0adde47a727e028261c808e0cb31928071701a0f2d2d237c293b93e80854f4e43243eaeb96cc25e00f74e2cd414c72774c7995757e93c0a9aac5ef5b0d23bef9ce475bfe697d14b815eeb0535d6e7e438bdb54aa2d8f50d05564d17c3ff2bc3451ca5b932f320c20f1c256c61ed503be2528
-+Ctrl.hexxcghash = hexxcghash:53fc521edf6dea9daf619676276766508d32c1964943e9bd40b4ed2cdefa7c20
-+Ctrl.hexsession_id = hexsession_id:14c6727d8e211c7632f930e716ab360e0916b1da3409367ef52d9e21512c700d
-+Ctrl.type = type:F
-+Output = d43f93faf692f59bc96fd480fb336033c94ee237ceece69691ffaa64bdd7fcc1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7
-+Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0
-+Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228
-+Ctrl.type = type:A
-+Output = 3b3c4416d3121a6838dd3f94a84b6ec6
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7
-+Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0
-+Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228
-+Ctrl.type = type:B
-+Output = e0af22a9184e5cea74f3e90faf5212ba
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7
-+Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0
-+Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228
-+Ctrl.type = type:C
-+Output = a3a7a9e48cc09a927e2d6eddd7647368
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7
-+Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0
-+Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228
-+Ctrl.type = type:D
-+Output = b9411d2870e885e223a6b414ae6ac813
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7
-+Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0
-+Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228
-+Ctrl.type = type:E
-+Output = 7f11812c28229fd8e39367b8885045313fea6322f22a69b6436caa4fb6c2d915
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000101009b0b6fe41d565564f87ae984aadc75902d95828bdee0bba0ecc176afd5cc9c3ec79a34a9f7cf44ee6cbdcb5d8f027bb64c4c3b73e2f891ee06b781f3d7f02b59f95cbbfb2725b208856f3ebb8195fef1596248d56a371ed7acf3b973c627976e0cf156f340aa01acfbe9b574d4dedd4cbb66cb6ca5d9e76f16385be532fed8dd65735a3ecddeeb295133bb8a59499b4777242a4a7e463481d26baece4c7ef224aaf40af4d5108d024f5dd174cfdb91213939e355b0a1ca51ed6f7f584a4e47a0f1482d6a5768b1236e25d837cc8a2b49b2176bb54b2f77f4212ba394336e6a6046def9205fe482d98fcdd8d0a2643a39d753d2d481fe6689b0dc0d1c078335b7
-+Ctrl.hexxcghash = hexxcghash:27faf1b9a15e505a0b46c47e2bf6ab5fff37a6dadb09e96ea9562091f1d88ce0
-+Ctrl.hexsession_id = hexsession_id:6b52ddb87a66f0f1bb0dad39b462e7bd42bdeb99049d5a3581ca6f056c398228
-+Ctrl.type = type:F
-+Output = 4fc39e2a1e7038f2664a48986e8227c213e577eafea082f46cb08d087e642fe4
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b
-+Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23
-+Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725
-+Ctrl.type = type:A
-+Output = b71bd280b230b6fb9b326a3544ab9c90
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b
-+Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23
-+Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725
-+Ctrl.type = type:B
-+Output = ca38c1b5940e1417fb8caa6ab6deaf18
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b
-+Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23
-+Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725
-+Ctrl.type = type:C
-+Output = 5d02347e16760101a3689bf0087ed947
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b
-+Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23
-+Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725
-+Ctrl.type = type:D
-+Output = 2fb5e0eb5552f7e26ad9651bd22f1666
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b
-+Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23
-+Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725
-+Ctrl.type = type:E
-+Output = b7b7c4292a73e7d378284b12b318e0cd3ad714904b4ef9c83d44ee06ff49b1e1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000100435266668e94e5f35d31f10f7b486bed8a88465cf30711e54f8c6550a917916fb7160c41880d364df5084446d7834e32917882c10eef49f8192fa6ff4c9498a12d87bbf710d4bba3e76a6681c7ac3470e6f5e80c55851dcca38a9ce48b015ab73b24e28e0553f3a1bbe1dfa9b67bb9cb9372ad0fb0aaf443c3a8927d00b9b2705f4d1b219c80f7caa637c986de79410c5924943128e64cf869491f19c1646cb403d8543d5aaaea7fbaaaa1a846b9851f4f708b14266e55839e1d61b67a60359c2c111841839225c0f940252506be02ba43fcc7c4be7cb01c64094fbd9a78cc331c6e7809e0be3a4b693adfeedd1b20ad36d321498b396fce7cf169b2fb10e54b
-+Ctrl.hexxcghash = hexxcghash:d7303e57a2bf969f815c1b2fd08a879226c0e95c9897fb5586200c0f5e0a8a23
-+Ctrl.hexsession_id = hexsession_id:20ace711e8190f5bbd2168bc93061c903899acd41697b76d0f6667d2bf345725
-+Ctrl.type = type:F
-+Output = c9884e71b158f2255fb204733e888bc5b2ee38a5493de9d0ef6700949159ac6a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc
-+Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764
-+Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a
-+Ctrl.type = type:A
-+Output = 88af3bdb49bd8e9d24489efc95dea1c1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc
-+Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764
-+Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a
-+Ctrl.type = type:B
-+Output = 5cf41e1d43f797c16a30e070f2f37dd4
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc
-+Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764
-+Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a
-+Ctrl.type = type:C
-+Output = 7cc48e0f8b4bdd63f76e41ba411d7f37
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc
-+Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764
-+Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a
-+Ctrl.type = type:D
-+Output = 37d942416267be06cd1ff9498dcf1e6e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc
-+Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764
-+Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a
-+Ctrl.type = type:E
-+Output = c3c8b48e228a3a671ae8c48aa4e4f1fe32c1ad4d5ae48c904836d13e7350f72e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:00000100745f5abd8fb685eaae10854a96900806cd7d17d2d255990328594a4fdbb9fa28088ccb8fbf92ef23492a595f92c49d5fa32ea5ef6d76000635fb58496c9db824aaa41b67c3c2e8bdd525f6c6a224562c670076f6efd21fe49222c2627596b775c56dff5d477cd4cc008ef566086a495cf4ba634af20a42fb13fa52597dc252edebdfa57592494fd9cd44d0f7e27d6a6ff370876c42733977db656d7372d553c2ffc824fb02375e55069d5cccb493ec77001fb4cd73cbec6976bd45ae2cc0812c078784d917c0a0a54d8df6c745a2710828939be0685d7fc1657eee9c4dbc71615fab0174e62fb7971fa20f6d6b2da1c22c0a35c781c9dbdf009cec3d89891afc
-+Ctrl.hexxcghash = hexxcghash:35f601a7877ef637d6c40b4f2e1d85b888eceac9f37e686254f9d707b22bd764
-+Ctrl.hexsession_id = hexsession_id:d04bce75141ed2a44942d98354ded46e861da28fc1175e5a22e8dddad4942f9a
-+Ctrl.type = type:F
-+Output = 605f7d3b3f28a8967402ba67ff916a61b0a4e9b736665c5e911fb33f60dc16fe
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2
-+Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943
-+Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46
-+Ctrl.type = type:A
-+Output = 7b91adc6eb48a6f82a8990efd2537903
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2
-+Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943
-+Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46
-+Ctrl.type = type:B
-+Output = 814c8fb54a535b38d4c2301aa49ad702
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2
-+Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943
-+Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46
-+Ctrl.type = type:C
-+Output = 3ec64c8571c7c7f39a9f37c0e1053324
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2
-+Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943
-+Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46
-+Ctrl.type = type:D
-+Output = 846d40dc45123f2710e27bd3140070c8
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2
-+Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943
-+Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46
-+Ctrl.type = type:E
-+Output = c2199b9bd701c2f4ee82a145adc28f3e8fac0af8dd43cb7f3da173681bcad2e0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001010089b741b0b9a6704f56df9aafe5f4294828fdc67f4243e9aa9b1d83166ad892f2d970fdff65eba7fa5eddb954dd86bda5262e084752c69c6b93c729ad34e9728f7c838c49f0e87349ae35feef1610b83a345c64c5b190fb5857bf0aa8419efba35789c258f19e8713e2729c184eab9d9c33a32ab3731d77e207a91849625bb855e581ca0be5d9f961aab9d65b463e416ee3d636ece573ead0d088a2fe05d87dd5ed21031f4dbea831112d3bd0e1cc1087a8395430cde3cb54d22a5965dd825329bee8c62d4599fb67ff90260204c6e608e6246f768e29a60cb85f580d4751f9c017cbf4e6062a160c6ff1d0c9d303a2c862a4986e22f72da79b17b868cee189a2
-+Ctrl.hexxcghash = hexxcghash:61e49599eb3b01e3d7bc65415ce7004e20bf77805a4ff09681f3856adc129943
-+Ctrl.hexsession_id = hexsession_id:832400eb1c4031502f7249d0a4279a7cbe4d4d6979289d02837d98b9ca16ff46
-+Ctrl.type = type:F
-+Output = 49f5fb8862a4f01900f9f76d6146f181483428beadb000d4f5097adf59c5eb99
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad
-+Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98
-+Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2
-+Ctrl.type = type:A
-+Output = 50afb2f3b8a3bc466b3a68f04da0d56c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad
-+Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98
-+Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2
-+Ctrl.type = type:B
-+Output = b8672a8cc59ee1316fb9a2c0a82ffd73
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad
-+Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98
-+Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2
-+Ctrl.type = type:C
-+Output = d854cbdb8f7544b796f982e4973d4de9
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad
-+Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98
-+Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2
-+Ctrl.type = type:D
-+Output = bd6bde82c451ee39069d0794f7000f38
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad
-+Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98
-+Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2
-+Ctrl.type = type:E
-+Output = 270794ec70fcd9d742aad66c54001b4c218ae8cca813453560a9aeaacc6909ec
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:0000010100f7217049f9cc4f3d59ea109a06ac3cfb79fc05dc349e1c54482072c467e503494d845004c278dabd9338d3bdb3c2f3c58cb264d65575d9946961345dcda5b9ce59cc8fdfc994acb74fe8f3b1fc143abceedc541ae74d69cd543fa7438ac5b5c84168d6e6f7fba2722c279b7cd0c1e07cdd59bb231f17174d33b7c1a6eb199cfa093476cdd31292f3bff20ae224459caaec461c76d741f0e9269ba96676a3ccebe986a3843a36747a0998bb3feaba41671db20368867a13875f76136b2418b6c807335a7133b4e4fbc0e908516ce97458abec2a32355fb061237bada4e07b950a2b1c8d41201f1c0a41c771d990e4741fef6e2eb5cd106c3b4b6000ad07b482ad
-+Ctrl.hexxcghash = hexxcghash:be79b302374817c2fd052704dfba5e98b05a8346db9269e6401265a1c7970d98
-+Ctrl.hexsession_id = hexsession_id:def8533bf220d0c632aa4f1b16168e51c0be904c6f299225b30bd7df7bbdc6f2
-+Ctrl.type = type:F
-+Output = e967df7571a0eb82f59ddfead22c617beeefa25ce4afd80ac8320bc2635c70d0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235
-+Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2
-+Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9
-+Ctrl.type = type:A
-+Output = ebb3d10f461d8697a064461822f34507
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235
-+Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2
-+Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9
-+Ctrl.type = type:B
-+Output = bb95f9cbed695529fd7977281332100b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235
-+Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2
-+Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9
-+Ctrl.type = type:C
-+Output = da1318a6a34224cc86c9afa41991db4b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235
-+Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2
-+Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9
-+Ctrl.type = type:D
-+Output = 091f8fa87a01c5768de8d663ba8bf9d7
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235
-+Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2
-+Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9
-+Ctrl.type = type:E
-+Output = cc09127a759000f3bd9724fbf5285cd680ee323ffc19cf2f495403f896587317
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA256
-+Ctrl.hexkey = hexkey:000001001b3a1cab1e87a29e229efcae0f569d855a61d6da6ea0ae5bed3491c7bdb5f70f6caf8dc305100160bbf6ecd726b11799da685ce4528ee689fe292043e318ad9f797bd5746399e007cf1f40d7918b85e4607f6e674da84709543dd0d50ad1d5c993770b4d0c045fdef89d5534c3d77edd8dc4536a10cc2b5d0bd14caa7e029ba8a81d5f5fb16524b56ddb9f35d96593955514b80d89b711ff717e11ad3d691424f6cefc5c613b04e5532d89f91383e4a6f45058604bb63876b1308dc7eb8f86cb5c032e6f1f061646e0bbf27b0c7eaa8216ba9381cb7734df24fe6691183c4823d3b645f3139a45b2b8ee3909bb431477f332ea3616b919724782fda8546a3235
-+Ctrl.hexxcghash = hexxcghash:fe491f41cdbcaec6b8821eda916eb03bc1a0e934c14850696f79bd30c73a18e2
-+Ctrl.hexsession_id = hexsession_id:df1c0910cf8b81ca157916b8ac0411b7363f62ce10ee23cbb69ddfe8c3f16be9
-+Ctrl.type = type:F
-+Output = a3ceddafc49f7c0131ce2965945c3892be6605b465877bc0637685612ede242b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24
-+Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a
-+Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a
-+Ctrl.type = type:A
-+Output = d31c16f67b17bc69
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24
-+Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a
-+Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a
-+Ctrl.type = type:B
-+Output = 675340f27269e7ae
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24
-+Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a
-+Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a
-+Ctrl.type = type:C
-+Output = 2ffed577a90d29872ea59f3782c3b406908d7394ff63c9d7
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24
-+Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a
-+Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a
-+Ctrl.type = type:D
-+Output = fae751987c1fa8665e4387e410297db58ff69b260a8fe85f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24
-+Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a
-+Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a
-+Ctrl.type = type:E
-+Output = ff2db5975edf3824325b257455791869434c6af47fb0c8145253c2695abfd2b8c980565ad20e6b9313ba44ee488bafb0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100941456bd72267a90690ffc873528f4b76394431aceee1e24a7bed414568d9b97c84ce13d34a2b4a63ef735bac23af0b7fa634a9e56c2d775c741a61d63981332f9027d3f52c4a9a3adb83e96d39f7e6bb72514797da32f2f0edb59accfc58a49fc34b198e0285b31032ac9f06907def196f5748bd32ce22a5383a1bbdbd31f24
-+Ctrl.hexxcghash = hexxcghash:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a
-+Ctrl.hexsession_id = hexsession_id:e0dee80ccc162884393930ad2073d92120c804254162446b7d048f85a1a4dd7b636a09b69252b80952a0581e9490ee5a
-+Ctrl.type = type:F
-+Output = 85a9463cd653c7619d4dc85006406d6ed3364220419ca13810301be0f0389d932ddeaebb0e504a0849e2e73a7d087db2
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b
-+Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e
-+Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563
-+Ctrl.type = type:A
-+Output = 93323451441b761f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b
-+Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e
-+Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563
-+Ctrl.type = type:B
-+Output = 3dbfdc2364807ecc
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b
-+Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e
-+Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563
-+Ctrl.type = type:C
-+Output = c699e3488f825fb24c5e2adc699ec83a5d8fce339fa0e9b0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b
-+Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e
-+Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563
-+Ctrl.type = type:D
-+Output = a250b13da0716f2d4440cc4cac01a2d591002ebfaada9758
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b
-+Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e
-+Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563
-+Ctrl.type = type:E
-+Output = 76966a1b7d5f250eea3696077a373b9421e8294dd7cb0aedd172cf9c6879ef34c9deb9c208f11c5d4b6fd713b576894d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000080319534aabf1100b1ef3ec089ba6e5b25946bdf67cbc92493c29d0e63765ee38dc27e15720393d6aa5741b2129b24ee6a71c079190588232f4facadd034dd6e456bf45aedf72a059eca591ceb2d7c50f8ae918528872f40eaf62faa511d6bfbed4b8613163c42b99eb30c20ecce1c36a78b93fb0046467a0bcb41dfa1e609b61b
-+Ctrl.hexxcghash = hexxcghash:0f831ff3e907b3f0922722bd8073b2c263c77c7f552c0b0b12be68f19520b1ae2bbf62a9dba0f582d5f0197c0d534f6e
-+Ctrl.hexsession_id = hexsession_id:dede417f4b45d58d54cbe59e7d80bab3150ccd99583aa87f7ecde731462d074edf49907278819043341d1fe20e136563
-+Ctrl.type = type:F
-+Output = 28a66e21fe7f8a070fe40ecf68a64f2a35a46b84ac38810902639906611053832179d5c07a8422993496059af67f585f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a
-+Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411
-+Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1
-+Ctrl.type = type:A
-+Output = b0db344b1e2e98d3
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a
-+Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411
-+Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1
-+Ctrl.type = type:B
-+Output = 29fcd6a7d317f527
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a
-+Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411
-+Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1
-+Ctrl.type = type:C
-+Output = 156f9d4c58d7783959e785af3fefb133662009b93891bff7
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a
-+Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411
-+Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1
-+Ctrl.type = type:D
-+Output = c4bc4471e2c7f04dbef9100977e222f4156a7118a122f6cd
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a
-+Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411
-+Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1
-+Ctrl.type = type:E
-+Output = 5878fdbf693638430e31b287ad8cfab560d952d7a828167bd0454e0c8aa14274c7c0c1921a31575f77fd80144e6d2999
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000803b4fd086d25a4bf0b5347a2e323d45525b12a3df508b9129ae7d51637b6fc76aba743d7ee254888ee6d49314ebd8b82e25d187e80770ff6365fbfe96029e23b92ccbb2bfb4cf27e175cd09154b0e68d75a84c490f936ee0366180f781049ddcfefcb4bf25409ba8a8a9a3296cf0619bc51363abfd58cea3d0480673d8ac8370a
-+Ctrl.hexxcghash = hexxcghash:8fbe46474bf6ccdad0f706492c4b534cf5698b38afc4b21a6af4a00c3ccda689cf5382e5de34a48bd798f083570ad411
-+Ctrl.hexsession_id = hexsession_id:a397aa78a58fcf619f1e8368018d6e40934d4befc96671a63aea4558d5e54c9f42bdca50f618ec84b2d19b539a1f10f1
-+Ctrl.type = type:F
-+Output = 1fdb34ae9d2f12363350dd5aeefe728066500a083668ac2d48af671d7651a67acdf9b7a0581b922e67278d53f0b2fb17
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39
-+Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917
-+Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e
-+Ctrl.type = type:A
-+Output = c828150149eb433a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39
-+Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917
-+Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e
-+Ctrl.type = type:B
-+Output = 45636e088875de58
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39
-+Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917
-+Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e
-+Ctrl.type = type:C
-+Output = 75da9408e65f61dac9dafa496675214b0d84b0e66feb68fe
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39
-+Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917
-+Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e
-+Ctrl.type = type:D
-+Output = cb7897fdeb2c235be5812d1959cb55907ff02a9cf6c76c17
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39
-+Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917
-+Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e
-+Ctrl.type = type:E
-+Output = 13a8062561c28c1bc678a019b22da95aa462f82cfff6268876ffe2fddc86536fa4d19bdc15d90c1cff4d37e69f1fc021
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000801a3eab3e516f776ab0a282861a42fec52223859d5af2da778727bd0363ba5983b5d883cd75132c94351a7b5b23fba10aec35a78ab03ba183682b4d3e72c67bd1e6b83afc5178c97624f718243d9377694f085e15cef33040fca144e856c74ab0e70dbf4a7766aa916e5edf184ae7dbd3f19d2491e45828fe5969d61075695e39
-+Ctrl.hexxcghash = hexxcghash:5e9be9089c8b952d8ffdb0cbdbe5bb6c1f336e6620292da1ab5eb92eef379655579e24cd6273bd4f552d46dfa87df917
-+Ctrl.hexsession_id = hexsession_id:c54542e32ba1ae8c266781c6d14c8356d6f548cfdb8a303c4f1c947318610eed8ae3d6d4350ab4dddc7f9202a510d32e
-+Ctrl.type = type:F
-+Output = 69437ec44d764caeb89faebf7b8577b433677abcb0c58f166a5e5724a4eb293d335004d412c983d4c7aca4df1b8328fd
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100
-+Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b
-+Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a
-+Ctrl.type = type:A
-+Output = b669e05aa9706468
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100
-+Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b
-+Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a
-+Ctrl.type = type:B
-+Output = 57f943111ca01b15
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100
-+Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b
-+Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a
-+Ctrl.type = type:C
-+Output = e9aa354b6b85f357d6f982fcc18a6ca797bd7a125e786f8a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100
-+Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b
-+Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a
-+Ctrl.type = type:D
-+Output = 199d2b244689bfc4f807f225a7130a069c8a181f5b20d32a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100
-+Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b
-+Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a
-+Ctrl.type = type:E
-+Output = 69b55cc82d0429979a3832a3be35483596ff1d26a0c1a62944695764f0eb85c3467528be225db2f516e79f23c0c7c23c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000810091473fb24a9fca3fd1639c029c0e6ae6390c83b3278336017068771569d0957bf7ff80a8f188b936f7e238502efc86e518ebafcc4ecdf1b44f01bb070b3cc88c1b23937dcd04c456987a3b75df3874ca54a10e7f4a3123a7fb47365a7552c9e3f7070ec19d1ebb9922dd10aa0280222db770a71ce9541b60b53d9e7783350100
-+Ctrl.hexxcghash = hexxcghash:d0bbb1a81edca6ae7ac5c9e60bf447d198bf875b945fcba06b0074e640331b2205c2c055864c011913f6dad3e34ed44b
-+Ctrl.hexsession_id = hexsession_id:58d7b77f0cc5480254c68e4e9cb06a1ea5389b39a3f9cba5c9ca03a091fb123aeb5934c519b60181d097b8cc9455b96a
-+Ctrl.type = type:F
-+Output = 6e06df643269751dfc9c8decefe466e1ab2ab99466661aa6f0dfab223c3b9bebcaed4c19cbc4109dfacda81cc8f902eb
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3
-+Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037
-+Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b
-+Ctrl.type = type:A
-+Output = b2ada53484907db5
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3
-+Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037
-+Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b
-+Ctrl.type = type:B
-+Output = 89224486fcb33030
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3
-+Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037
-+Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b
-+Ctrl.type = type:C
-+Output = 38ccc00303d5aaf748f3c11d986b99f9bf36049a6f7ea92f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3
-+Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037
-+Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b
-+Ctrl.type = type:D
-+Output = f8a7a4b2e1d28c6a38e120a2cb876ed49f454ea2aabc3a99
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3
-+Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037
-+Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b
-+Ctrl.type = type:E
-+Output = 9f42ab15d0b041019960ff6a5a12e209c427dc334434126399fb8850ec8feda957b74f1976b4c8a97906d7d64c5c2a83
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000000801b8e7d2292f95d97c99e9c93fcc681f2a446437d7595137f761eb9351f50cfb71988aad2d9611a5e3d32c58b1efef596b2b495c12355b6caa5c647237670c7cbeb7b7ef5d39b600b44ab1cecc7ff454981f70366f5dc95f790c9744e55b0b5cee770df10dc3f081b8774b4735c86917384ed7da0b597bd932e676b7ef6fe2cd3
-+Ctrl.hexxcghash = hexxcghash:d1ecf201e213b656e7e002d26b263ead5ef6f265a2cfd05eb83985dbc1dd0620f729800a92f676e6c8219aadbea0a037
-+Ctrl.hexsession_id = hexsession_id:fc6bb80f9116c6746603327d5338e853f37b06593402e31bf5a43abd5e6de8f26166bb572ce0c88360a7bbbe83d0377b
-+Ctrl.type = type:F
-+Output = d383bedd3b80ddc470db9b819893e85dfab9e359e40bc77576e23ed8c5e73beecefb511ccdf1eb66416c271be5f90199
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622
-+Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372
-+Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752
-+Ctrl.type = type:A
-+Output = bac9e6c9553bba95
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622
-+Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372
-+Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752
-+Ctrl.type = type:B
-+Output = f29bdc017028a9ca
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622
-+Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372
-+Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752
-+Ctrl.type = type:C
-+Output = 840f7e966d633f57bf6cfb3e6aa6bb1435bbea5822c9db0c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622
-+Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372
-+Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752
-+Ctrl.type = type:D
-+Output = f78b485e49bf72584e45de78fbd75392e3e0b1ce2a57e7a3
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622
-+Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372
-+Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752
-+Ctrl.type = type:E
-+Output = 9dcadff513667aee5e2fda86c4a198db4252a9311635d3659db957570e448f3689444dd3e10d6097a07dba923db349ba
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000081008efe3279e8fc51acceea0ad5958364c2a36315d92ce4d68f6f8486b3160293e4eff79998474b954431a6981864a34445b4bd68e5b598dbaba4de5661ef0b09d5dae9b1633da886f1540d1df601c1acaa139de540d3d8d0b01602559a833aab87730de5c6875b78f5ec6d19145db46e2a77cbb9ec39b1bdbd5ca3be193dcfd622
-+Ctrl.hexxcghash = hexxcghash:5f6f8bd8d664b1f31c615cf457a5c7eaa8733bba6557f15f300cfb364b0ea927bcfe406ea5fb7e03ac648fd18cd93372
-+Ctrl.hexsession_id = hexsession_id:a89ecfd6636423e8d5ba8da3aa8367092b1a662df5693c55cbc5bfabb97320d90692e6c9305af47c25e6617200648752
-+Ctrl.type = type:F
-+Output = 5e7915ea90a0d81e3c2ada00c85890b6defbb64f45ac4f0e75b22cf6187978e630f356207c97362862389a1ef99fb51a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd
-+Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e
-+Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35
-+Ctrl.type = type:A
-+Output = 11811427eaa92d61
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd
-+Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e
-+Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35
-+Ctrl.type = type:B
-+Output = c13f22e0bd66a551
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd
-+Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e
-+Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35
-+Ctrl.type = type:C
-+Output = 2b9c9c8ecae95d75472495363ca2d46dc79babdb2e0fda40
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd
-+Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e
-+Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35
-+Ctrl.type = type:D
-+Output = f466d9b9871c1482c699a5d9f8636a041adb60920c6af855
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd
-+Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e
-+Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35
-+Ctrl.type = type:E
-+Output = 1ecda0252461bd08960c54ba7c570e80715780e5e99ca0f754a3d451409ed2df928daab91ed6b4044fcc68bd5f907c96
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100a89b3f9628a4f984336377edc37d3bed4aa748fa0b0a6bc80c366e8ffdf0ccbbe07229c5f02394b230759d5255e3a7d7f63a2395e2f07e2d31bf885abaea150e1f97808f26f8fe8c5113c12e4d137844160a433f8451faaf432bd7c0469dbe713304c8bed29c03cb7629cdffebc253d0a01362052f55576fdaf89702fa33cedd
-+Ctrl.hexxcghash = hexxcghash:8467d0335e6e254eb02253f97cd14c0221f1b21431a4ffe1c20675039d0ac26fa70a0c4bad639834d88d01f6c1ea878e
-+Ctrl.hexsession_id = hexsession_id:9a100a5b0ad81f1c603e05c5d24415f2aa7031c0d92f16de15cab350bb1a2cf3639c6906f4e220e057deb966813bbb35
-+Ctrl.type = type:F
-+Output = 202e4e3dda18306c7fa518ea849cf3a4788dbc5305f71267ba69fe8920d3b18d9fc59853a4d03b18480269698e24c190
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776
-+Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60
-+Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896
-+Ctrl.type = type:A
-+Output = 86183fd862bf42af
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776
-+Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60
-+Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896
-+Ctrl.type = type:B
-+Output = 04e146b085c71253
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776
-+Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60
-+Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896
-+Ctrl.type = type:C
-+Output = c4364d4e0e38fe4c5fc2b2a3ad42e49a57106ffa962f4c5e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776
-+Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60
-+Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896
-+Ctrl.type = type:D
-+Output = b9d1549032bf336c8708f13d8f5d281d696b8bddc296e709
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776
-+Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60
-+Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896
-+Ctrl.type = type:E
-+Output = c7ee72c40b26fce673ff23edea3265dfeb7b7f6fd66362bbc91548fac1819a08682c65c7d69d5e54e1c48b05e7233adc
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008100f6e899f2b7542fd95e88e06ff0a68e43df6f3d913f1295922bd01b98f7078b67311e002cafcb41a65262585a78b22ec97c81278f3f329d726f08fff23f4ce5b90abc694c92195fe7bc140579f54c6b89d81b836a8d3998446aab9055904ef1e0bb7553739d2351c8cfae0fbf50d8ced4bbd3975450569d0f9e441a3ed3aac776
-+Ctrl.hexxcghash = hexxcghash:1853bb0d312eb00d1c700d25ddaed9680ecf28eeefe9323566dc91ef42a85b2e3049286621f43b928e2b821e5605bf60
-+Ctrl.hexsession_id = hexsession_id:da7d22e3c7815b6a6089f381ddd957df3ed78e97902133d62d3ff6119d8c174b69cd26e627d6ccd98f847521aa0e3896
-+Ctrl.type = type:F
-+Output = 8b52078a6d45dfaa051193da8f9c8a18bfd0c058e7be145d0c4b5b677eec54a01f9e2a20c997e9c0a1ede9576800cfe5
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0
-+Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83
-+Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7
-+Ctrl.type = type:A
-+Output = 54f4be4a33dfa102
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0
-+Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83
-+Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7
-+Ctrl.type = type:B
-+Output = bbb084483803aab4
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0
-+Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83
-+Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7
-+Ctrl.type = type:C
-+Output = 466a038b3a5c0d72cf19cf33e5a551437933dad54bfed655
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0
-+Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83
-+Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7
-+Ctrl.type = type:D
-+Output = 44e09698e473edc642256e99bfbfbeab1db3e254d64a3ab7
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0
-+Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83
-+Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7
-+Ctrl.type = type:E
-+Output = 8e35d767e738c4282ec1925ba5d59dad723b7220c10ae8b69c9eb3da124ac1bea8195f5ecc1c3b03953938cd1e0e190b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000008008483322bb2efee6320ba1fe14f296e0b170f9a0c6f76a49d0b23abb74251da468b53fb86ddbbc55a5c4881686d1aaa9b309b65907d92352c83597126cf7e3d367f543c8887105403d9b2ba86cf2bbafd4a984dfe8ebb7b8155c51d6416c89b4efb91ef5953b0e54dbcdbe76443a80e5cd011d7d6c9bc69ec81a19749b95f6c0
-+Ctrl.hexxcghash = hexxcghash:ed7b1464334bb8a04d128b791cd860c1546faaf860aff394872373f5ccac0835b47cfeb8c3d049b211cb7b570bcc1f83
-+Ctrl.hexsession_id = hexsession_id:cac7b46b66372be67b4ce198311faed9ddc8f8b95f6c61d8c71a1788724ab6b8d159e2ba61f937e6d87bbb9cb24a9fe7
-+Ctrl.type = type:F
-+Output = 63e5c62c4e6f2700bfa5927ca2e730101c12a684808ddd6cf5f9da2bad3b49ba3d05d4f88a3a91f341ad2b63952e7db0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a
-+Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e
-+Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e
-+Ctrl.type = type:A
-+Output = e46fdb8c912658c34b7d509f6acc1111
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a
-+Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e
-+Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e
-+Ctrl.type = type:B
-+Output = 959c339aaff2e2ed46da46c5286ddf3b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a
-+Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e
-+Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e
-+Ctrl.type = type:C
-+Output = a1cb0f9c7349d6443494df14b4bd9aad
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a
-+Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e
-+Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e
-+Ctrl.type = type:D
-+Output = cdcd2c2ccbda238e184058b76757ed5d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a
-+Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e
-+Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e
-+Ctrl.type = type:E
-+Output = 026ae927b4a5b63a513c02faac55534dae5c219779f08e239f67df78c52be743aab628607e5a103127450ea51833eb84
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:00000101008174aa2fab9372c253f3b993d723b55a2484430fb338095852b7a5099f9d609ca6afa6bff9d64a55f7ef0963c684f0d17ec6045ce57ce3382870d55fcac0e1341fb47a7f76f0d5d53b67fd5e0658ecb88ae2e2e42aa4b83b8cfcce9faae941450ace059a7f223623d1c8a9924638de7eebad35be9c9f1bf38aea041114351d585a1988ba53cccc6949150f367fd790fc427916afa2cccd1d2f1aa8583b948dfe56cf488b38ec2d2570a0e0441c07ccec8b5b4db5f60250741b1aeb0bf49a85cc779ad7465f0c197735698842be2a39af8591ab91c84b704e67e50cbcdb75c2799aaeba0184341dd520f6db8477f13d5815d37f191ccb20545e4a1eaca316370a
-+Ctrl.hexxcghash = hexxcghash:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e
-+Ctrl.hexsession_id = hexsession_id:09d74bd79b47ceb3ada0d8df640595ba861ccfa3cc0d6c640eaac21d2d5f3f9fe61fb2e585fb6cc90bde11967a563c4e
-+Ctrl.type = type:F
-+Output = 759fd6bd386f4825e644521edfce4187a7104ea7380f2c6c5e283f205c7c025be46c5ee73bc54a956f268c2031026bf6
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db
-+Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134
-+Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422
-+Ctrl.type = type:A
-+Output = a433ac21ceda36a9d98abec722b2a5e7
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db
-+Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134
-+Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422
-+Ctrl.type = type:B
-+Output = ed580c2c7890d5f3da87870d71d96300
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db
-+Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134
-+Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422
-+Ctrl.type = type:C
-+Output = b310304108476a31154febce2bfcf44e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db
-+Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134
-+Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422
-+Ctrl.type = type:D
-+Output = 63d729b0e32d9d7efe7efdc6111489b7
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db
-+Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134
-+Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422
-+Ctrl.type = type:E
-+Output = 7443a278e0c47e4004ba1c534dfa5c460670d2dd4459a6dc7251664da187f633208f6c06470f6aed6148820187f35a25
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c10fff0a20858c36e41082abaa65b96c5424ab67563882a42237258e736b5cfbdb2867df55f8c40f81b34e8c4c55d39c4629dc2d833257dc68070a61d10417487ef0840b76169145402327ae81f35cbddae6c2a45d52f52f48a0c94acdb20db076393b5b1e3d1a7acee3f371bdaccfee696262eecd20238cc54322e6ca72e58708aeb19bf761054d9f7426e4ea0059bd252beee03dcad1a7d6d034b4d9d307218bb3d7bee3a57572ded304df1dd8f97ed9550ebb0f5c25ee3f8c6df3dfc2aac92f364ec91040d001c5cb1eee33c1d43112e5a289b46706c7f12a327620cd98fbce2e7fe7b7bd0e05ee0005182c35ded65ee1d86aefe816e5894e07536697a7db
-+Ctrl.hexxcghash = hexxcghash:62b3155ba0c160f838a6949d0a99b144868a7b247c583a53f431129e39aebd40e2feb4dbac7527f993ccf1646d559134
-+Ctrl.hexsession_id = hexsession_id:7e4674330fb6987b64ef7f30335d171676c705a6b9ed958adc6b6fd16949830d3f586eec44812d0518cc3ebd4292b422
-+Ctrl.type = type:F
-+Output = 37500b699935ab38b9185018d3676f221dcd6643ba4cf3dccf8ede7ba2f0513c27ad2324158ae98df4e7fb52ffb96526
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e
-+Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a
-+Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd
-+Ctrl.type = type:A
-+Output = 8ad38b03467ef0cac638f93b156e1c05
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e
-+Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a
-+Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd
-+Ctrl.type = type:B
-+Output = c9a867164cad7619621c2390039db88f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e
-+Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a
-+Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd
-+Ctrl.type = type:C
-+Output = 28d6e6a69e686b3b2ca02c7595b6a565
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e
-+Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a
-+Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd
-+Ctrl.type = type:D
-+Output = a3486f9014731b15530dba7498d4b2ff
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e
-+Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a
-+Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd
-+Ctrl.type = type:E
-+Output = 9640b7d6c1351a44dcd430f9728083949adbd8f3c47f1c7358b41d99730f0eeef9f8634cc99207b8d998c8aeb0085e4c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c9d019aa8ab57cdbd1600def08b92f4a90b8ddb1c3fd329475e28ad9388525d5a813756472458bed674332a649c56eecb6cbba726b9afcfd9ce1f490bf327de49978b34fb106ae1ab4ece2f241e0b67ddf03bf835aa2dcc5cde5aca913d2a5ed74d1ad0e945169f10772d830fa5c33c7f7d543e2d2ac09fa03ff1509b94977cc0dcb8a464104a3e8d9f99cbefac4361b92517f14eda2558d572ae7410a78962e596c542a20d3aeb49cf41b48b54b387dea7c24c72edfd656bcb64c605b741c7b03892020ca2ff34e0b13534228bd83c9c3ffbfa219602041ac4238904bd782da7e3c653f518891f7ac1e7b05b7e37baab18eb54e8de76dfa8c803a0df843a28e
-+Ctrl.hexxcghash = hexxcghash:a970acc5597f7965dcc540dac7cefde594c0232180187a32364b42dbb8d0307f8c3f52678e303e2f315b2ba1cf62863a
-+Ctrl.hexsession_id = hexsession_id:bad9943e089550d17b90f2a34409660c07a39be5d48a77d8e1ad25726c93096081831c24e876060cb96def95df9a7fcd
-+Ctrl.type = type:F
-+Output = cef923f7cbc47534d9a6da613eea02117b19800995f66df9e49291203ad15e5d29cc08df86200bf09ca091b37cc45432
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b
-+Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99
-+Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2
-+Ctrl.type = type:A
-+Output = 1e2fd838058e4569de0699e57eb9bb30
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b
-+Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99
-+Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2
-+Ctrl.type = type:B
-+Output = d338052b2288e99bfdd16b5df26e3d3c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b
-+Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99
-+Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2
-+Ctrl.type = type:C
-+Output = 020c58037db045fc2a20a9b12e34205d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b
-+Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99
-+Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2
-+Ctrl.type = type:D
-+Output = b1e7b4361aaea7f9656151723c21b9a2
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b
-+Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99
-+Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2
-+Ctrl.type = type:E
-+Output = 67d80666ba420d07153530859fed5a3a2f4b6decd37575714d4826f41a96a1638b89399cdd752af7f6ffd3db0214f0c1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100ba6b819aa094b3b9a2e93d37eda5df776720cce40858790532b8ab0de613b8e20efcef330eaa9e4ab290fd670b8f8ab1e2fc217d575655a7c39740ce223675a4376bd039f24165d83268a3e3a5b6e05f1b077dc752c90781d0cd6877c91c1fc865586bf661f28cbded4266f1b9364ae7233e6003b47088cb50f81a631d4b1d200f8c38455ad2217eaf03b6e0a0861aeebe28ef0fcbac5526bd06ebcc44f67de9b908f0359076527f6ff7bb959b3adfc9ac82728d7627bf506ffb2f8742ae28ce3ca7402c25b1cd3dac6781776a35549480ff537c33f63796dd5de4c64e1ff5546689d8f398be911707e0b5d347b8456e89eb2262270ee1de85902b7deb60b02b
-+Ctrl.hexxcghash = hexxcghash:e94db0c0969c8f09c1c0d63fcca9f316ae85a0c034f118958c714fa165ac71a86bbcc7a4c017c11b9558bda897455f99
-+Ctrl.hexsession_id = hexsession_id:a01426386ce69a9a9f101394e831dc9d17a6dc901349f3c3f4269788f5c5e20316c233d7632005b1771e5bc2f5ddf4c2
-+Ctrl.type = type:F
-+Output = c3fb2ab670e39885cbb98a4609d69a90afd37d383512ad222d63c9c6f1009e2a42065a232ab5b39f55247f8bf9e6ab2c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94
-+Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8
-+Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03
-+Ctrl.type = type:A
-+Output = 6e9bb7681d56457fd93aea6d40860dd9
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94
-+Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8
-+Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03
-+Ctrl.type = type:B
-+Output = 5d19ce6c6b16c5f2179753a7abdff3e4
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94
-+Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8
-+Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03
-+Ctrl.type = type:C
-+Output = c550416e8ea0608a09051cfffe0494e7
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94
-+Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8
-+Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03
-+Ctrl.type = type:D
-+Output = 33c9f3f03de395cef067684cb5b95200
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94
-+Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8
-+Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03
-+Ctrl.type = type:E
-+Output = 99071b0615bdec08d040e731828028fac9a16d367b86d2d1302b607cd39ac9678ae7f9f87eb619fe2ba75d54da3b07d1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001001b9f110b05461796db3a0b751638b552e62a062d7b891591ac75e237d47f5f12d97a5d19be0718c8a2fbdd9100249c2d9ca59bf491b10afef75f61c53ae92455e8cb016e230408c869ea1c5f5d62e853ae84727e3d1f1bb0a0faa9ff575eede461f502b90ca38e8effae09478efedd16090202bf03530d03d0a2aa70825fb28c606b7545bdde26d606c059215a9f947e60c4b5de9b35a3704f73a5c8bc8811387431b7e90f1ddc71cf0696497fd640cb9b1b8866bff5d85e879e0a7848722d34cc62844afcc6318fe73ea80e484c3e62feb0cde9269c07edc0679683bc5427a163a4b4ac463802293f7c968e4188e7966b559c2581582c67ecda0c9b3b8eac94
-+Ctrl.hexxcghash = hexxcghash:8886115c2324dede13be6895605a439c6ec48ca46f3d82170b863dcf1acc26176769626df893ebb7ce8c9432058633d8
-+Ctrl.hexsession_id = hexsession_id:331f7e0103de46d90dbd885dadaf67c589bc6b3caf25e45e329d864c85b7c9ae17b27cb92a81c9b4421f431014cb0e03
-+Ctrl.type = type:F
-+Output = a11fc539c46d9314645e1f7517e19794a6ba4bf7d7d5a6f71bcb4621bfdedeae3bbcaa62fb638d994d1f21d14f5777d7
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df
-+Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044
-+Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063
-+Ctrl.type = type:A
-+Output = 876692595fbf1239e03b1eb28890cedf
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df
-+Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044
-+Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063
-+Ctrl.type = type:B
-+Output = 438afd7eae8454675ed5964122fcbb9e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df
-+Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044
-+Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063
-+Ctrl.type = type:C
-+Output = b9cc0e2718c5853e0aebb43409fcaaef
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df
-+Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044
-+Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063
-+Ctrl.type = type:D
-+Output = 8def9f93e633ac2d28a7c5b76567a4cb
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df
-+Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044
-+Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063
-+Ctrl.type = type:E
-+Output = 3d80ed20f0703857154bda8531b12b96cf73aedfc662df6faf277321be6e38c904bfbd5f9206607684ac331dfc92bbbb
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001004db530516876fb9937bc2da16117f9675c721da6b80cd49e6b6eb0df6fe4af90ae755378e77e28dbc376e000903b1365a7b3cddfaf19410b31ae44e3e6641c5d47002ac5b261b1c4f7f301c8d16a917135c23bf7f84f15a6143e7e3466c52e1e3c30026f15d5254da11ced1b817739768de9913aca2d808acaa31e933763eb438238b347a6bd07834d4f661690cdb2372b4205aa9ad80df40340c1d0b1db320df1d1b13fa2ff4b9ee4500c9d03f45e75fb15a97b833ab9827708e4bca8fea562d69fea573ca7b5905c71e51dc9f24a74bd0c596051066acdeb66eb39c76fab66b10bdc88e1b72bba8aafa342088cd4a739a18e61c75be6b5df0904dc5094f0df
-+Ctrl.hexxcghash = hexxcghash:12ce3e6a5407943831d65608c9fd59c972689136289af06071c015f8a41c9d1536d0afdad084322f832415fbf199d044
-+Ctrl.hexsession_id = hexsession_id:939c41734aa3db9d9dfac7a7db54c889da38d8bbe00326f559a3b0f92a96b5ac3a454d8355ccd0f31099021d0ee43063
-+Ctrl.type = type:F
-+Output = 736e77ad5a8fac835795ab08522d834e34a4cbc48439db2845cb1d8636a4dcfd49a7ac5413713a8177c277eead96a0ff
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91
-+Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9
-+Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393
-+Ctrl.type = type:A
-+Output = c84a4fcd4ade28805b032174428a6f27
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91
-+Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9
-+Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393
-+Ctrl.type = type:B
-+Output = 27b0de69f3bc7d79d2f6b54101f3e10f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91
-+Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9
-+Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393
-+Ctrl.type = type:C
-+Output = 3200c39e6ed260f4f345cbd0c88cac1a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91
-+Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9
-+Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393
-+Ctrl.type = type:D
-+Output = 7b9e506a1baede9b80dff09253a9ab88
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91
-+Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9
-+Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393
-+Ctrl.type = type:E
-+Output = 3c860ae21a5dab865eb560ed9ddf51775d3b6603e4e06285cf5e9273115a77d8d5ddfb977fd21c0a70c35798a5ef596e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001004d7ba3e909e1e2886e00db333430d7cebe5107e9701672a2a1bc0bb5461c620c56fc8a8aa95a577cf48ac2e5b35d948e468bbc6232527f6a4e3bf5ea0b2f68b161ee3aadeef596c683e511bec1ff70df312d988eddd557952720f82f69882107f67880e38efcca68429374d85831eea3ac133a6a89b68a9ec27c71a67c87addfddb7040a7416ead43e29612dcdc5b7e6a82ad5cd243e8a6dd2997c44ad76a2a20145f89d7e6b2a26c2c0f2ce7d60b1f45410f9ebb79b52dde560f8c7c99b7a11d645f6ad6f94727cd2ea9d48ceb27467ee60371e6919a3ae044c8941a65182c94e8efd7b5c7eb45935baea722628d89d89de995d82b620059fe1054927864a91
-+Ctrl.hexxcghash = hexxcghash:f3cc38427adf01b9483d1f9e4e9acef554a8c7d0d8dc088d3865f05bc06a4ff11efbbdbca7ab0e0c0e2df55a93f0b4b9
-+Ctrl.hexsession_id = hexsession_id:aae879d8c0c6762d28c30fdc707b169a2155f8b8a943ced399a56419be89cc9f66ba9282d85ac4e53e0d5ae27adcf393
-+Ctrl.type = type:F
-+Output = c53cfa0836ac21bb13c58ed15ddf593e8e01c7437587112ba013058d411d262d87a5e56c098b69146d9019803206ef91
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6
-+Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc
-+Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4
-+Ctrl.type = type:A
-+Output = e34b595f755ff42a33126d8efabe1ec0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6
-+Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc
-+Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4
-+Ctrl.type = type:B
-+Output = a873f52aa3b91a8dd019be8358c04de6
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6
-+Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc
-+Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4
-+Ctrl.type = type:C
-+Output = fce5c490a769fbd4aa31b0f5c7aad86b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6
-+Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc
-+Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4
-+Ctrl.type = type:D
-+Output = d36a9b7d2c63675d2b250d5a97b0e628
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6
-+Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc
-+Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4
-+Ctrl.type = type:E
-+Output = 92c8f89f84575cebb9c37be3a488d0b0312a12d9253dbada7db1318f5a193d4f8f75a212a75c1123bca89d5de43cbf08
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:000001001cbe25a738580c94ae733a5d4e9e61860bf1a68dfac365edc5818814166cfaecf269d07293d656c8e99973934b5f14eb4bcd1ac3c388596221f65f66e1193463bd41fcff389e458ef7f1ef858439b600bca422cd29c84d2cbc684c7a85d8b44f6a43a5fc53bbaa4ad1a6b0f2b841278efb1fbdd2513e6603984027efb81c72d8c4cbadc8dec51089dcd43ed3109ddbc6db29534186a237c5d8c3a66dedbb51b09937b1c7d4cf6cac682ba2dd1c9cf901d66f1a995f945d5ad12bd7bfdd3fcc5b0852376b9834f0bee3f7a666f587bd2a3b562ccf129b6132c902738fd0dfea3ff9538961bf5f59ac1779dd4ed68986059881f5e08be5ecd1a59380392e81f0a6
-+Ctrl.hexxcghash = hexxcghash:b32d4e6b47772e651b867558a03f488fc00c715c196c7abb1abf3ebc24a638edd058e77aeadd9aade5ce34f43e19f1fc
-+Ctrl.hexsession_id = hexsession_id:5d2a819b135d8d985643ceab3461ede24ed192c60471676031b4b1f8ae71dec657547fdb3a43f75112855ffce72b60f4
-+Ctrl.type = type:F
-+Output = 16dcf1bd1aa4d5d6edc2d2b23792872f53767d6b2589e4700469a9bbbbb659c1c8716393fe1ed717833f491cd32d874b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa
-+Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626
-+Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719
-+Ctrl.type = type:A
-+Output = bbdc47242c877cc70585a5d9f0b8067d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa
-+Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626
-+Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719
-+Ctrl.type = type:B
-+Output = 6dcc6458af049a81a6d3139c2725f67d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa
-+Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626
-+Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719
-+Ctrl.type = type:C
-+Output = f788d0b9ea5373031d44972fad39d8e6
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa
-+Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626
-+Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719
-+Ctrl.type = type:D
-+Output = e939b1367ea35c67ea990988c3c0c474
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa
-+Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626
-+Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719
-+Ctrl.type = type:E
-+Output = 069629f693b4d291ea6f16355eb4c57eef7824217d22651af095aadac27a789314fee4e86efa9bc63085a8ebfc606548
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100c7f8bcaf17cb17db3d5c2c9e8db37fa77685463d604e6b577ace9ada1b5a7fb54a299684a5405973352262ed66a7e47e4cf9ba7981f76a0aa6bf407be5fc48f70869b6913f7d9b2395f73eda2f08ad5469df982bd82242c19bba0dbcc28fa5869bab99b84015a313cebcc3e86ec3fd15513e329a236487e909a6b37134bc75b03dbda7f9196738ae5f04ac3cae6a3c93150271eeed62f8c019f433df888acec09e947dee6537c4fee5e0dc37d3b4ae4ff77309382148f0127cd01b882f128ee844046c9f3052ff7fff81876c261ad6cdad0a9ebfc769a4308f124d2422f03c1b171ac3404d4d690e9c1d94fc3de479bda663c207120a18f1947a68179d19ecaa
-+Ctrl.hexxcghash = hexxcghash:ce996d2b1198f069c24193526be1dd0d08a95d0b0a144da5a1303e84de4eb864d49ca71fa5a59f51c10b9d4257787626
-+Ctrl.hexsession_id = hexsession_id:ed906230bdcff56bd239a8c52f3cb1e4e16d1249284162ca85b320e543f62a82d7270131231cf49e1b0c0b1e87643719
-+Ctrl.type = type:F
-+Output = 731107905e3b9b36ba3dca504b35f1a51e75e2a3ee2595ade882c21410d439ec1ec31fbc62e64362a5fddc0f39e76da0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19
-+Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93
-+Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc
-+Ctrl.type = type:A
-+Output = 8e1af4ce3b9aa9f1e7493775f8846ac0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19
-+Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93
-+Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc
-+Ctrl.type = type:B
-+Output = 1796cee0aeb39eb1fbbaeaf15d600832
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19
-+Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93
-+Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc
-+Ctrl.type = type:C
-+Output = 7a7485045a2f8cc86f82c8486f8e9f59
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19
-+Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93
-+Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc
-+Ctrl.type = type:D
-+Output = 00a9d893e8c14aa3a316163d50d83378
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19
-+Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93
-+Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc
-+Ctrl.type = type:E
-+Output = 46133b1cbab3e04043a1b336db99575183d5be76f9d56556493a8d4a8da37a020ae379ff2d470a99ca7e9d2b1cf85cb4
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA384
-+Ctrl.hexkey = hexkey:0000010100b41b41585296e85cce723619b40609b21799fb244d72fd87afa3088073819b232de7d9ab45ceaab3014099475e9314cff74149b5e4558962f31d3d2a84f24500558af928ff785dc32627f5062ea2d5bf6ff085edf6d200daca91037abda71b5c9c1660cbf60cfc3ec1fe590c3d6300aa279e42383f98f4000031bf57a2bb612c7a212bc0ec5057817b0843e01c14a9b353c26699670873db05de7049ac44951094c8b231713dab09ca641d3cea65c5e3b01d41d93351635b08a767afadfd7865388ebbe29e8f47033d1fe530d7d45fa1c266705b26d67282872da9551256d88708e1ec69ce9b94db6c7f3e6b7ae06418b36537b7839454c539b2bdd758af9c19
-+Ctrl.hexxcghash = hexxcghash:5b168cac1113de12bac95aac34501866abd610c6ce0d51520f83c865db8d0c688b27af11e08deb4a2673c160edd1da93
-+Ctrl.hexsession_id = hexsession_id:32dc32821483ed98f696813e712d229b6ff5a9e0f7f8e582a26f0a5204fa7655040ddbc791e00e7a979dded9354ea2dc
-+Ctrl.type = type:F
-+Output = 9221abcc3db5a557cca60408e65528e937cc3673b548c350924cd9e6387de526f5cb35a0bbe4020c47318b59d1a0527d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd
-+Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf
-+Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf
-+Ctrl.type = type:A
-+Output = 0e2693ade0524af8
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd
-+Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf
-+Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf
-+Ctrl.type = type:B
-+Output = b13144de02295bb8
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd
-+Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf
-+Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf
-+Ctrl.type = type:C
-+Output = 7e4a721fb7379ebb423306464d57db46afa3cca10a1d7feb
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd
-+Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf
-+Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf
-+Ctrl.type = type:D
-+Output = bb84123b1fac400e0df4767d78d011427e1edd4d4c934b95
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd
-+Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf
-+Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf
-+Ctrl.type = type:E
-+Output = 00fb0a45c650dd9c95666b0c7fcea8c98f0562f61b862054ee400aec875dbbc2bdef4806c09217709a5050569312efe3af513e7aa733c72457abe1607ac01c13
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000080575308ca395798bb21ec5438c46a88ffa3f7f7671c06f924abf7c3cfb46c78c025596e4aba50c3271089184a447a571abb7f4a1b1c41f5d5ca8062940d4369778589fde81a71b2228f018c4c836cf389f854f86de71a68b1693fe8ffa1c59ce7e9f9223debada2566d2b0e5678a48bfb530e7bee42bd2ac7304a0a5ae339a2cd
-+Ctrl.hexxcghash = hexxcghash:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf
-+Ctrl.hexsession_id = hexsession_id:a4125aa9898092ca50c3c1631c03dcbc9df95cebb409881e580108b6cc4704b76cc77b8795fd5940561e3224cc75848518992bd8d9b70fe0fc977a476063c8bf
-+Ctrl.type = type:F
-+Output = 70a8005e711fb96dea5991cb68831b9e86005821b45ceaf958c13d5c87cbd2953d0877c267796edf8c7fb3d768bb26b74e542f40bf9ac9f6a9d217077e85f511
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327
-+Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159
-+Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988
-+Ctrl.type = type:A
-+Output = c75c77791f7b67c2
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327
-+Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159
-+Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988
-+Ctrl.type = type:B
-+Output = dae1e8bfab1b4b7e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327
-+Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159
-+Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988
-+Ctrl.type = type:C
-+Output = 0e79f5b685ebe77ae6d62c344a5dd0f53502523a28e2b408
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327
-+Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159
-+Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988
-+Ctrl.type = type:D
-+Output = c5ec1aae5d26c2c5fe769576eb1b75c53d3dc67d452dca1c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327
-+Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159
-+Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988
-+Ctrl.type = type:E
-+Output = 6bc4e5d6049c69a8ffbf93c7617b6a168bd0f14d71471d199b81729250117272ad102772761a8c0b5d5240e589e48a4f85ab8c3e1bd030327e7c87428ee44d13
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000802b2e6f7545fa66e1078c67c5457dbf5ee03801edef4421d4f0e797b947b79e293ef724253ec4adb53977f027a2d577d7779e96be4e093b0c36be62778c5bd48dbb0bff1335470e10cdec4df88e8feb00d322426baf3035e9fda1aaf819be48dacc640d52eb8750cc6fd8031d0cba0ef0a11973d43138dd2d11d2eef1fc926327
-+Ctrl.hexxcghash = hexxcghash:4dc005dc6ad5075cf6abbedb53a0407104659cd168b58d014fb2465d6f1d1140d5fef634f345c6c38ac2a8db3771e4b0c71c51faf85a297bbdf7ddf8228c3159
-+Ctrl.hexsession_id = hexsession_id:a674aaced8345324221bbd8356ab8355fd3d3e410ae974c0da196f4cd58cc0236a85900626da696dab8be23aaa529458ac6ccf64058fd2fd140ca1a1a0c57988
-+Ctrl.type = type:F
-+Output = ce109babe86778542856e3934be12decd239120a4dcb948a0154c4cb7b8ac0a4a3cbd682698086123e6c0481ee351bd9fedfba58d37f7814ba9c2b584f6cfedf
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541
-+Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f
-+Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298
-+Ctrl.type = type:A
-+Output = 6a71fc98f044591d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541
-+Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f
-+Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298
-+Ctrl.type = type:B
-+Output = 9f1a35a5c79014c0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541
-+Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f
-+Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298
-+Ctrl.type = type:C
-+Output = 377901cc72e4c06e30e27b03902f65c4a58b9d3f5cf43431
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541
-+Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f
-+Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298
-+Ctrl.type = type:D
-+Output = 82a9db94ea5c15dff736c3074a34951e828c8dfa3fef8596
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541
-+Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f
-+Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298
-+Ctrl.type = type:E
-+Output = b3ce0202c966df307a0729a4bb3fcd0ee55d4c521a144ecd285a470830f60685b2d751883d85ccd29fcc2481f3f442fdedd58d17528e8c4fb28473ee5e539706
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000810085874b95394d5ca3096b0a7e6444e129544e4acd8dd7078c46dc74633df1737986e7dc6f58ac09c7d734fd68378f1ee6df60c48bde343e55ab2a5796ca3ec295f15a75500f476a8a6f1725fdade3339cd7da0a2528449652d7ea21a834e42961ede8477f63bac84ccdba933c276512d3670477d2696402175208526276712541
-+Ctrl.hexxcghash = hexxcghash:8540955867f6580e9c1e7e3dfaef9c4f810dbf3364e54f66c471b51d11686598fabff6c3f78a7ac1c90710ab991aa00980f9d5948d462662f6c439fa7b80483f
-+Ctrl.hexsession_id = hexsession_id:f2ebb7479c714402275075725c4712994f04485c048fad37d1505f1ce2cd6e32051782848afbea4399231fea5b8d39ec596e118dcc95ea35ffddd8c5611f5298
-+Ctrl.type = type:F
-+Output = c1ab7227f919cbda46cd6ac2bd4bb2ee5bd586cc55c7c1cb067df4c9a23209f716ff5e97ed76ebbc0354d683c5369937ca8db4cecf9e6c40886a186d9c4e2366
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0
-+Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3
-+Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3
-+Ctrl.type = type:A
-+Output = 3832bf21b907daa3
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0
-+Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3
-+Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3
-+Ctrl.type = type:B
-+Output = 4e04d7787ba7fa68
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0
-+Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3
-+Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3
-+Ctrl.type = type:C
-+Output = d7be949edcfe4e4b877de1cc6a861fa721e137bf3dd1bb27
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0
-+Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3
-+Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3
-+Ctrl.type = type:D
-+Output = 5361fc87e24ec3031d97f0099766ac9ff7b8f91ea87666de
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0
-+Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3
-+Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3
-+Ctrl.type = type:E
-+Output = 40a6897606035ebb04907fa15e1545a8973b9b09423f3786be4bcb8db9e4561e0385bcf1e3c0cece5a788e9852ed1da56963f36bad78fede21405ce3ea92a3b8
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100e1436b5ef714092a6a0c8cc1593682a7ca4c05de423fb5f57c1d225943d8e4a5b526288a46a9a0fdb10b59c0beb8c1dc5b4d2bdf34eec2525df84bca2f8b769897183a45c7e61171ecea6e2be80d3becec8355ac3853bd8d077697af6e774133143265bdd538b4fb64786aaaa33e45138fd8697ff1c77b50f63dd8e9476a74c0
-+Ctrl.hexxcghash = hexxcghash:367c80484d7e01e0915959e9fcb5124fa674489cf0ec4b0fee6a62dd77f677db901d9fb417cecf2a98f0b24bc24edbb1f34ab19f8d4d2976958f7d99ae2c78b3
-+Ctrl.hexsession_id = hexsession_id:0a1bbfb890087ef260a88fafb92f16765444adc4dcb00efd4750d59f1d8f4b6662edd379d812ddc822cea79675731a5e5791f29ebd17f3f83e675e9e9f6af3e3
-+Ctrl.type = type:F
-+Output = 727f9bade9334f97486f479c88614ce96b8cbc803a544fbfaf5fcaf0499a1b8edeb59daa1a824ca9b165879c63d9f0b6464bcd3121fb1ad29b38864fbaac7741
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f
-+Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2
-+Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47
-+Ctrl.type = type:A
-+Output = 3f077a02dc957eb1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f
-+Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2
-+Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47
-+Ctrl.type = type:B
-+Output = 3cc158e348e64a0a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f
-+Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2
-+Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47
-+Ctrl.type = type:C
-+Output = 8770fb6792c2fc16a60c9f45c8d40db684fe52de7c60b482
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f
-+Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2
-+Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47
-+Ctrl.type = type:D
-+Output = d417a07f1070a2e628424fa990ef436f137725a7cde43f1b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f
-+Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2
-+Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47
-+Ctrl.type = type:E
-+Output = 20b810e4f6a540724f269194e37969a10e340d45c557eabe72c41f08a9fad85ab44a9c362e7fc5eea9ed5dd9b84cc837d2aaa46ee71b355cb1dfefa8dc544d1e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100f8cf4795508e2aba0d9c007ee0afb38a7d570e26d4ebe97d3b9cb46dfc05b9b18396054fa91f856758b036195a9b360ee48b65dcec1f2fcb901d5faa308125b30b804e53ac15b2f43c2a12fdbc987707af58c36ecdcd89376117f9655e14da7f1808baeaab020a47ac35166a4868dab970ce79de592c69164045fce4eb55872f
-+Ctrl.hexxcghash = hexxcghash:40d59c8836500e523e6404ac03d9895b105c7feceaac52dc3c5e4113e256c0057fbc770b805f7a2f18bf0be13357eb99db906efc5fb772f96e5fe76088e2e6f2
-+Ctrl.hexsession_id = hexsession_id:a619290ad553a2b0924f3ea6152883685e3f2cf6063487616f083fadae950451df5f6e8a144cd951b2d853c7ec2d1aece9c438a89850788edc6bd5e2a7a98a47
-+Ctrl.type = type:F
-+Output = acd292ab652b49c7c2a5a35b93c31a71eeef8a629cbc6b1c782994ebc7566f7b0ae536cc0ccfe881bfd8cbfaff391fe23568fa5692198f188deff0c6d0808160
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497
-+Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5
-+Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79
-+Ctrl.type = type:A
-+Output = 7cf213cec41701ff
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497
-+Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5
-+Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79
-+Ctrl.type = type:B
-+Output = 81a44f6f95fff954
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497
-+Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5
-+Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79
-+Ctrl.type = type:C
-+Output = e1610d85ea2c24b4af18076c2d7dc0c3f3b3bf1c8df232a4
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497
-+Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5
-+Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79
-+Ctrl.type = type:D
-+Output = db146cbf4923693449b857fa927d112f3c8bd1bac73f618a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497
-+Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5
-+Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79
-+Ctrl.type = type:E
-+Output = fac257f4544a0aa77659642c33a421cf27b2216a57399ff8ff48baab37519ce9c27f93bf447a02b3c10d9f9c6201745ed6ae28a13ff85e949e0e8048bf31e0c8
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000803105020875f56db2960579efb7509964f256c2b81009e5be554bcc8ebe84c492f0cd0990e78ef4e8582a45457712be71d6f6c0b33315668984f0a41cf45fb9a459193c710919b752be3b80b2c8c7de3be570f76df6fe1cbb9dc81085fff2ad1bbfb307c6fb21f434cf7c0b96ee9eb6bc0f9677136a6db91f5d953f8b104b3497
-+Ctrl.hexxcghash = hexxcghash:5f45d483ef27aeb00ec7baef96f4b4d1b254260bf60671dbd00e35a32fdcb7ae06215d59e742158782e0626bd5e2e8bada1fd7ec5056679f4a1412eaa2ef10e5
-+Ctrl.hexsession_id = hexsession_id:8ddcd28d02f2cb50661cf2111953c697c0e578e43a77dfeb593b2bf05189bb429f306bcb0bcb41219d5428c1795c84665bb1f0db33e55f52edbff2b781c7eb79
-+Ctrl.type = type:F
-+Output = 8532a1014a5a2feba5730823b0fb1781a7782a73f95a97697aedf60997e6cdf5107387be820b74c0e43e8caf42e83bbc703c6cd9d37b0e720aeacc115ce4633e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0
-+Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21
-+Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906
-+Ctrl.type = type:A
-+Output = c5dffc4eb99a1c36
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0
-+Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21
-+Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906
-+Ctrl.type = type:B
-+Output = 13cb7467ddf8ea7d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0
-+Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21
-+Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906
-+Ctrl.type = type:C
-+Output = 4d77a9a1a36500d9ea0389e3813a201fb9b30751d1fcf0b3
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0
-+Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21
-+Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906
-+Ctrl.type = type:D
-+Output = a0e4ec099492c752b98013d2176af6e601eeef3cdc2029a9
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0
-+Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21
-+Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906
-+Ctrl.type = type:E
-+Output = b4035effa78e6da307f4c096226150e5cab92794192bba492ff8576da3fdbbfdc87fbf79721de0e8f38647261dcad096fd536c4f724f09782a4b684902a4b979
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008045cafef6acb29ea351ad025a32cb0fb88fe52f138ac3cd7718140c883cffbc10778c2e6c573bdbfaf32eceaa2fc1e106170dadcdf1cb0e1653f2361c76f5153262295b16371daf9ae2015dfb407f4920240eb10293c48971d2086723507d2eb7e1481f2b737df223628ee602a49bb7f1ac52068f5c1a24b445786e35042fc6c0
-+Ctrl.hexxcghash = hexxcghash:b1ce6e766a7340f40cec52585087c60e456cc390d0ee294bbc460d50b93c2170344cca3dd2e3067ebefe3efbd002ec4ed7f0fc1a8771eaffbc1fd4d5800aec21
-+Ctrl.hexsession_id = hexsession_id:85ae5c53a8286dfddf295dd0b31237bc8c54e9858647e222db29a4f60ffb74a175e5de22c132a1a06826c6e0122e63aa657fc670ca44943159560ce1c48b6906
-+Ctrl.type = type:F
-+Output = eae8776eddb75cd4d14d2db129172bab92f0c8d2c8a439d4b63824c23e7481af502a45d2ebee77f3a801d658b59f6cbbdb797f479787ae4d5839b7ddf49ff908
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f
-+Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a
-+Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990
-+Ctrl.type = type:A
-+Output = 31ef8e737ec154c0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f
-+Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a
-+Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990
-+Ctrl.type = type:B
-+Output = c0bb41f2c51a0503
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f
-+Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a
-+Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990
-+Ctrl.type = type:C
-+Output = 3f9058812f36f302dc5ada7de8f4271c435dfe4589f22a00
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f
-+Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a
-+Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990
-+Ctrl.type = type:D
-+Output = b342a447abcb67f6819a19b8b300946c89739fabd049a6e0
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f
-+Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a
-+Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990
-+Ctrl.type = type:E
-+Output = a5d70cb0a3e351be09b9600c9b97f2781236bf549209a1fbf3304af145af0941c6cd9923f1f30cec946e8dea96332d284e01a4d8bcc90721fe2e515504073cb8
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000081008b735b1cc9a88529c0d0faea307f79142abc920248b3495e56b7987605b5a7a93354c638752ae7ce47b2869600dc2ab8f240c0ce4e35147e00f8e69fbe940d6236daf01b38f3e74d7bff07d01111569e213cd8475e77de026c81dac6e40242cfc2df5af9d37e520c2d7aee165de9cc314750e856d7514b0b80c568e2292c733f
-+Ctrl.hexxcghash = hexxcghash:c226bd264f49cba006b4806afa4edaf42c2c48992ec66c78ce3a982cb5b1d923344107eb77884b0d996af71997611fdffba499da38d5206db0d0a17c438d4d8a
-+Ctrl.hexsession_id = hexsession_id:ae0f9a407aae7a964a900b1f5b7060a2e7d4c9de4e422fec063829a9ea1fcb74a6ae83b9eb08f8663e171bdf036bf0c263b23f8eff3053d617484cc3efd99990
-+Ctrl.type = type:F
-+Output = dbc3ea086a49e220306cbe57b942d9409cbd205dec20c7b79fd6998906d173bcb2bc2eb5b7eea4c1d84f3926836bd15e0565a17af735596050d6161d9682f2e7
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0
-+Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c
-+Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5
-+Ctrl.type = type:A
-+Output = 19d6bc79713a4622
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0
-+Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c
-+Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5
-+Ctrl.type = type:B
-+Output = 7de9caf89d325dcd
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0
-+Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c
-+Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5
-+Ctrl.type = type:C
-+Output = 1d5391d658abb9ec1b8df32cbf1db9a302a1301984ab06d4
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0
-+Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c
-+Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5
-+Ctrl.type = type:D
-+Output = 5d37dab50814543d8d8674f4f491d73d21973f20844c96a7
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0
-+Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c
-+Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5
-+Ctrl.type = type:E
-+Output = 3e882ae390a64c34f509bc9845df581987ae2524b2ff92d9243580168f32fa68750f3f732c8c5544c98fc585582fe743efbf55dd6c487fb5f9ffac1a156fa31c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000008100c41430e9dfce9301082a4d034e0e1ffe73133e4c97afbd325d6bbe1f3a4f5a9103f57a05f66b1ac63a5f1724b3315daf7171f334e77eff356366daf4e23e55751422734d4d22e6dcac783bba0edc1be8fcc4c7c0d5a69d047291e33167057c774e46362dfb6f8432b427cf21c01304b23e2b49b664fd50dc463c17efffa146a0
-+Ctrl.hexxcghash = hexxcghash:04aeff766f08c065092fdd7be43531f83d73682601069477ee10407821a0f0e8bf614e775dfab6f889a8d5120c2e39d96e38de4cda6f673fb7cb343de1e17b9c
-+Ctrl.hexsession_id = hexsession_id:15f5653a107aee694bd1680d423c8da2dab8c1ec8e23c5208100ce3d8d4821b52bbb1d14791476253db4b07ebb715ae095b8b49e1545be3c92a3adcf39970be5
-+Ctrl.type = type:F
-+Output = ce4bcf9cabe7ee7c0e216e64e5427ebd38cb41ba9e9a6d9ae441ca47d9278347a59afdf758ae7f7fd667ed3830bf9a33d7badfd40e2112580af514da9464a6d1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537
-+Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095
-+Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614
-+Ctrl.type = type:A
-+Output = 93fbb01815b63533
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537
-+Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095
-+Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614
-+Ctrl.type = type:B
-+Output = aea76dfe77a87471
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537
-+Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095
-+Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614
-+Ctrl.type = type:C
-+Output = 73a55e25a0a8ec0899c1074bf0845fefd84e42f741897a3f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537
-+Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095
-+Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614
-+Ctrl.type = type:D
-+Output = fead3a851502aa3c58734065eeaf3e63ed4c59c8f450bb1a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537
-+Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095
-+Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614
-+Ctrl.type = type:E
-+Output = 55bde99a692820ad809eb0a62311f8f3e9469ba2ee4d782d5432628ca52d829b9c5bffc41b58232363f97c5dab603268b1997fbe9b9b34ab2aca3da27467b0c8
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000000810088181aaaa6b17924ced0033b1e4a3d007a464d4d53871f4da4689d477437b42f873d4b7d5f5c52909b6cca8be7a01d1a7a806f745500bb00b4fd6e6f8d0e1c9ad08d934c7d680a57ac5a4ed77f73182065f9295d745e1d50b8da0626f3e9ccb6651aad3b0c5c2cecd90c521318778f570333c011f02d5e2a406eb8b3d6036537
-+Ctrl.hexxcghash = hexxcghash:3c4ecb173c39cedecbcd19ba0fc38454176b81b6451911b4422907b1b670dcedaabebaaa261fbac23b3b5738264c5eee3dccfd9e050a1cef17ac997527dd7095
-+Ctrl.hexsession_id = hexsession_id:3b05253d9e5ab2f7f4ba2998bea5ed7d05afdf02b7499ac2dd554833b886b73d92e929316a366147e9af50201dbb4e54c123418d1a623bc2dc52766211dbe614
-+Ctrl.type = type:F
-+Output = 756f65746c861f0985f3dd7d2f08004897ccb22be2f1d3b4791ca0c51d5ee0da776dd03d7dfb7f4db6c6cd37899871e63d75f7f60dff8348c313e99409ad2db5
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb
-+Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121
-+Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121
-+Ctrl.type = type:A
-+Output = a626c34c0a74b56262110185a34cd810
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb
-+Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121
-+Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121
-+Ctrl.type = type:B
-+Output = 223d6fc57263da9ad61dad9759454e0f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb
-+Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121
-+Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121
-+Ctrl.type = type:C
-+Output = 7c803e07506969666f446400b2372eee
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb
-+Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121
-+Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121
-+Ctrl.type = type:D
-+Output = 4ad705fbc9e89c03c15f9dbbf34981df
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb
-+Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121
-+Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121
-+Ctrl.type = type:E
-+Output = 36cac32cab8b943cd9d2142559c467593bfaf30d0be71560245c8b38a5671901a858ccc637b0ef6966a2bbfb1a7f51f2cf6d52c4165ca000d52bd908405c305f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100e8d52da494d198252b87189223bffb0bc1b68335ae987df15bf7cf95bd74a951b5eaa87b1739f91efc97f28f5a7f0a206fdbcf33e39003e154b334009563abd62a4169462865ba931ca3f8f4d70611e8bcb46228ee74983d2ec79c690d86329c2daac8dbdafe4573f114313f29c7507bd4aa50d87bb83b1cebb628e37b2501ffc9b1200d8d360e1b46bf6fdecd486fae790352eb79aa3f37e4964963a84dbd80fb3b80491210565d9449599bc9306ee76a932a764070702cd09c87e1f26095b1b78042bcc37d5f097e3f7b2db6cb6f7b3e2a332021f756fe1784edd2a82802c1274b9944dff99fb1c181f41d6d2f4eac5aa33c619c48167dce1eb47ddafbe5eb
-+Ctrl.hexxcghash = hexxcghash:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121
-+Ctrl.hexsession_id = hexsession_id:3e81bd3b4b609955df0deaab293876592122e2d7fdc719ecd503b572c5e98cfaaac1f7e085d4097c76515f5b70413944a464ce346ada6d85d7c39a8009d4b121
-+Ctrl.type = type:F
-+Output = 67d42301ce629c0f2a34b9dfb24ec60c138b4edc71f7123bb0db9447b3c915ebd8c54d3b20af04e30b484be3a2d4136f5d5c46f9c56de189b91fec78ecd53e1c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a
-+Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71
-+Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6
-+Ctrl.type = type:A
-+Output = 8ebbf0e9afd9f108498f1543104ba8e2
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a
-+Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71
-+Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6
-+Ctrl.type = type:B
-+Output = 38bfe6bed75f77675fa36d76b63816a4
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a
-+Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71
-+Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6
-+Ctrl.type = type:C
-+Output = f759f0ad2d72980f6b12f0fb317222f3
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a
-+Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71
-+Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6
-+Ctrl.type = type:D
-+Output = 39f294ec25afb520f5d7f1064b7078c9
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a
-+Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71
-+Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6
-+Ctrl.type = type:E
-+Output = ff2ad139997ff26e7f4393e49d57d5fc973ddb6225d8f4b5fe990e46b9943772f0d33aa98d01089ff0aeb5740bd388ada35dc44240180c99e522c817dedfc2cd
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010034a5d2784c99976fb3b615c5b1bfacc9a749330d22bcf5a7c404c10f886e2a3115660a399d7c721d5dd141f458b0d27e0e6709a8290f9ef6f61681a11d876eb7bd52b930f79fb9516f5d2137c5bfa95a893890d26d7712fc9ecc4dc82a5171341b41a9f2c4a8f0c14efe82ef2a4db60a8a0b8e43d3f92992f8dcc2d6bae3759aea86a4f14f809fe648021fc4aa79936bd687450e801916d7d267dfab66bd86f9424b3460fa75b16af37151918cb2f8ba8ac33df5b0ccf7fb21c3ea9fb0ed2917a4eb9d6ed345c42a5a67a66fca7b7e69c1ad5c45c51866692f058ad537c0f59c83a2788ef9b9610cc06aa155aa1115f23fa36d7734152a0da209244c32d37e3a
-+Ctrl.hexxcghash = hexxcghash:ab6f9c04514ae3f6591039c9cc6a9919279282d7c95971b4c27957e31cced5ef5b1c59a4418402203ab50a46df7dc03bd67d42a62592708b0581617a42ea6d71
-+Ctrl.hexsession_id = hexsession_id:4e226639facaccf9894367cb1008663e989eb31757b912bd1cb3bd51058c7adf56e9a54eef87b63299a5cc092c047991dc9a380e749c7c5657bb99424bcce6d6
-+Ctrl.type = type:F
-+Output = a670c9583c71f403207a192700d5e4fd7a007b60a4617b7f93708399a0cb771af08b9e5f4237e6975f055d6f0a4d91523fa0805013df6ae4a19f077646f1cd4b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066
-+Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22
-+Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63
-+Ctrl.type = type:A
-+Output = f68353f802d39a43c728641e44087cc5
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066
-+Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22
-+Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63
-+Ctrl.type = type:B
-+Output = 23c2377f826f77519871941b62cb9fdd
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066
-+Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22
-+Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63
-+Ctrl.type = type:C
-+Output = c92b86a099e2605037d531746a6af7cb
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066
-+Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22
-+Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63
-+Ctrl.type = type:D
-+Output = 1517de253a5b9f7d9c4c3f234b27392e
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066
-+Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22
-+Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63
-+Ctrl.type = type:E
-+Output = be48a82cd246cf4d6ddb397a39f1ed62d98b5265e75190624a523033796d05046d63e0810b4b7a6efe9b834cb043871203638557063968910ad1cfa0abe62bb1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:00000100192471d29d9fbc8b61570e4efa053a5f17b2efc0aa5415b3309f7dc3971c64d9f1093f6114941d4912f7bfb771db41d1f166d4bdaec8dde214aeb058e2227277393e3c0b12adc1b6a445870bc26e753e05e27b90b97d781e3e8493eb5e717c243213de4dcdd5a11d467b8d26759118692b10357c28b0efb0228cbe257b9ee0cb77bb7bc8b072edf418768c977e485635b4ab61078587128e9a8b3c6deca2a4e64cf9fd6eca880aebd1043deaf94447ea50b0c11b574259cdcafd208d9657c7177cf394de26dd8364b615786198c38e63c568e22b5263be41d6dd8843ad5254f61cf01b7162948652568c2b42833a95619fa5072adb0bfbf38e3eace7e1596066
-+Ctrl.hexxcghash = hexxcghash:a0a53cb8bcc48ffe44fd9e50e0f7532d3e326f93d7ecb10135d4385dab550cd7be03a7374dfc2a92794be13e40c794811a9916c3d1c4e7ea31ed5269537c1c22
-+Ctrl.hexsession_id = hexsession_id:9bcf3f3397ff464126cb2a99c04908721871354b842ffd3d873d49407db0382f98cc54d66665d950ec8277c374f19e9f0dd2e727f8759017c49b5b80baa87c63
-+Ctrl.type = type:F
-+Output = 0c9af3775d5dc49a1b9b85fa18420ce1ca10d5159f83f9e078c217289688639dbce5f85665f866d8f93b2c6823bc7b2655830d8bb51fba945ce6eac2b0e6ce8a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda
-+Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73
-+Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292
-+Ctrl.type = type:A
-+Output = 7b802a74d216a41f7708c597b9053223
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda
-+Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73
-+Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292
-+Ctrl.type = type:B
-+Output = 355223971bed70b804d191b64cde39e6
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda
-+Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73
-+Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292
-+Ctrl.type = type:C
-+Output = 925f2b036ac2682e20f022377499c3e1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda
-+Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73
-+Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292
-+Ctrl.type = type:D
-+Output = 37ae2bbbb1603c07d5274fc8f57126dc
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda
-+Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73
-+Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292
-+Ctrl.type = type:E
-+Output = 8b36c7e175797bf7bbb079ac5d06e6f7f62fc5a957e0fefab7df565eb72ae0586dbebad978975aaa35846de667b44b7174315b2b932f0be538fba76b92531019
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010015b3157b538e31a14797d981a6ef62814cd55fbea25ea88a16a5839484c7624d7befccc82d91e2ff2b6f402daba861b77c1016bab9e3d58bab985563f32d663407f9f3582856ee0aa3a56680c221ecddc48af6de71fd34626b716d9efe530df470c0b7b1e4131861bc4f12e44de7f1d1910047465c0eb95f7232d6e71d639d75ac58e6848e560210a5dc2e6996c1d96f9f688fb86558ba96422d1a69cf795ea67e66d534bef2160f4e9d4351c9c2faaad7c2ad2476ace5556c9b3c4c2d3bdac82bfb54d2e54eb6ed398b813c5928aa560b442c585a038571c4db98a44d8c8cdb02fa731b400adb859b591c1846900791d791927363d745042a38597ef883cbda
-+Ctrl.hexxcghash = hexxcghash:651bdee255eef5fb47c7733df03d4346bc335cf1de2bfbd453f4ff18c775de475719a6ec4c5c55badadda4822e3fbf5ae3c0e6e9608a893fea68bfcc0af86d73
-+Ctrl.hexsession_id = hexsession_id:ee603130d0bdec24952cd3392272dbd7a536c2e76c794cc2f678ca9dd789670453e6bcd330dbf4e93930ec0b3e506e4c629b3d156ab1171d247d0ba44217d292
-+Ctrl.type = type:F
-+Output = 388ef310bce13188df3fd6285576041754a281548fcc6a212e0de564db661640320130e4df4a6ff31162edaa7ced5b7f05f3456f674ee8be0b03424142058795
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478
-+Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8
-+Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8
-+Ctrl.type = type:A
-+Output = efeb5305eda69b0bd6999b4a27479667
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478
-+Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8
-+Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8
-+Ctrl.type = type:B
-+Output = 806fca9189c02e7ec2a6459387b03506
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478
-+Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8
-+Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8
-+Ctrl.type = type:C
-+Output = 9e542282d0db345a6ba20eba7c5de531
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478
-+Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8
-+Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8
-+Ctrl.type = type:D
-+Output = 41e7962b57a67f75072f15a5ba405d15
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478
-+Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8
-+Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8
-+Ctrl.type = type:E
-+Output = 7bf8f25fd155e41d1dc85cc814704dd8732275b3a53dc1b8c6b330c08f307b5c0da31606cb7eaa1b37b2721f4a1bf70a6885c30d17d7acd32fcc894768fe4106
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100b41c0bdf180d02ff459079925b32e54299128298da864be28b4c02532244b057219e3fa5fea09841351604ab713021622e6a6d0748f354fc3f29a9ac8bb64fdd984b725f00f56df3cf16d3bac786524a29105096f96f387422361bcc24774fd4d5b71bd6f757a8193fd691411b8e0aa14307e6ed1e97907925d93cee9ed266f387af66cd3da3e99d543e4baaf8a7fdb36c10869267767d80509717b5666e3fcdf8cca6486a1c18e3d3c15ba0c6773dcbe374d83de1c108a400998b25afa4d3b60917594a1120e449a57db1f3b2e048c3c64a408ed41bb32145364932f105788cd0b198522f0c59b1d774b1ac80cd76d18e06b53c3d599f625c72f38b15745478
-+Ctrl.hexxcghash = hexxcghash:94ce7876dd7d98475ff8dd634b9b48e0e3416d1afd633637b49a49c525ee905ad8a17c12194746e210207c54628c453287a77515575a79ad40b270b5115030b8
-+Ctrl.hexsession_id = hexsession_id:d2e7ea215f35381164a1382533f752eb21e6fa9f25d399b7914c0317998f2b7820f893557459f0773eca3dbafd8375021b955a8dfe7ad659dfe480e3107724f8
-+Ctrl.type = type:F
-+Output = 66b8f8c1a38120c73cc55950455a69c426fda44b9c66c3becaf259dd57a620e5ed3a749a486d05eab52c289f489581cb655865d4388a81e79b06bd105e3ae858
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce
-+Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78
-+Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b
-+Ctrl.type = type:A
-+Output = 8f6ac18ff5300849be34602630bb4102
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce
-+Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78
-+Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b
-+Ctrl.type = type:B
-+Output = f2b45df2508656758529a1f4679839fd
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce
-+Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78
-+Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b
-+Ctrl.type = type:C
-+Output = 3356d58f61bcca506058e0990c9821f5
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce
-+Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78
-+Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b
-+Ctrl.type = type:D
-+Output = 78495438a5326cca5351a239545941c1
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce
-+Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78
-+Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b
-+Ctrl.type = type:E
-+Output = dcfc5d099f5040513f76b012ab62ee45d5d8271aec9cbbdd1e1f7e0806f363d21c2eca730f9489ee70fbc7490a1901587b1d418c0e4f429c8098cd793c6d285c
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:000001003ba71746e4622911dbcd76359dbd01a3958175cac500fac87146f4a2616782ac0328ea32046762f62080df8fe76ff112acbf4e4c7a36fa648ec60c50d4a0f7b27b67cdcd725ed2d51c3b5c438c45c8f46d953845a899e89378e981aa270bd6cc190a5ab53e9516f5c194f9b61ef782573b417702337b32776765e75d6efb371a3af98c1b0eaa90ee43a99e58d803bc645a65100371cda8316d51618e4ada4d9a46cd049673cbfcf6ce3ec66c964902eb9bd28514d1fce32ebf8ee2ae3c8e46f4bf18f153a6f1031cefc7e736d82105dbeb60db422b79f4c4f3f4838fee891341cc982e79917aefb82529d134648847de15cf3ba1d7b5000e74b78198d6a3efce
-+Ctrl.hexxcghash = hexxcghash:327a1cfc89837c90fb7141ad3a7df293af5c9e2fd482fb77f6769db8e91417377fe0a0a30c072f8276e824975afdc0f73e1a1cbeda86d5c70c2799912602ee78
-+Ctrl.hexsession_id = hexsession_id:46282b8a6dea1654de89199972c414ee512f33ab832e7284547cfc345af6eea9fbafb75f4646789755078a174c98c5aa1d740af1cf40844ae680cdd80466086b
-+Ctrl.type = type:F
-+Output = a75817465c73517bd7884dcd230464583ae491ae5e39330873cd7a967188022cad63e712c7ec261abdb34c01bddd8989dfce8f5d8a8cdbdcc305429b3fd93c76
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6
-+Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972
-+Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738
-+Ctrl.type = type:A
-+Output = 4fa1b8c53d25f7c1adb4810c46b48ae7
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6
-+Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972
-+Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738
-+Ctrl.type = type:B
-+Output = 3c453d0f50b7f41826e74e5cce5b5996
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6
-+Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972
-+Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738
-+Ctrl.type = type:C
-+Output = 22f47a00a5de0f56b3e586357eeebe57
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6
-+Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972
-+Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738
-+Ctrl.type = type:D
-+Output = 8d32d1945e93c4982bd106567f8e481f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6
-+Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972
-+Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738
-+Ctrl.type = type:E
-+Output = 9eefe581b1514160f81c94193d374d8f85879136e9ae494c487119b1974aac3e143948f656c1c1e837ff1368ef0d997cd3ca9f46c71056269eb8a1da8daf5678
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100f3a28f9574691777f2a9e05a882295e5ae272a6af486e53a8574e0ce7633a5c6871a39e6ba3176a41ce3fe6c80aa8469df71401583987e34374586ec56268b37d42bc047cc898750379aa7ddc5549cc069fa10d29fca303e6063a2cb800322a84a63480d91606db0244d2dd456005bb4a4b33f91ddf33335ec4d4d519e430542e087d5b1e952b183a32b3f7b118c410c46dc44b7ad669e7d98b934e48830e61ddd2e6094e0d1fa39b9041b9ca9dc768af4da702f912b2e82738cf506479c68fa9a5f2a9153189cf83bd11a05a92428d7c7124094f684f7c848114dc272d8a308d7b65e47b1d3c2c70d5a63efbc191ff5f0359356f706ac703445778b2b43a8d6
-+Ctrl.hexxcghash = hexxcghash:4f3aaea9ade34a07f46c11a4480461e2c523a740492b23b0bfa2a9e2e2c2ce542a09644154a4b3ab0e8b71ea950444a9954a156c0530a1436aa98951af7e1972
-+Ctrl.hexsession_id = hexsession_id:c778cdc03ecc941ff7d37c41fe67dc84df375117abd62d099129f38d37375f3cde4e75a0160fb05edf392d1eac509d5a6796f635623794d81df9b4cf81021738
-+Ctrl.type = type:F
-+Output = 8dd76f59e6692ff642894ee1bb147f3e1490cac944af29de6b2b5abcc4ab9eb41d236e9cd2f40cf83935097f307a246d7b35005dd302bacfe7e4fed37d2f46e9
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973
-+Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23
-+Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5
-+Ctrl.type = type:A
-+Output = f335b3ab270d7e686c5e023b3a2da75b
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973
-+Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23
-+Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5
-+Ctrl.type = type:B
-+Output = 857c9245c67bad84b7377c424c5e7e7a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973
-+Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23
-+Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5
-+Ctrl.type = type:C
-+Output = 1c44ef56440f5856bdfd951305fd81e4
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973
-+Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23
-+Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5
-+Ctrl.type = type:D
-+Output = 8d3496ac631bb3588abbb13d4ae2dc2d
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973
-+Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23
-+Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5
-+Ctrl.type = type:E
-+Output = ac7899494cfcebbdaa8ee7c343a0a458228a0a5e59730c928e9c8775487e57c3a5f34fdb72c1b3b57cc35e0356e4b7c6a56368e74c68a017538a5b484886ec81
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010012c99d1e0542b3b71e287b1ea15e54a3197f95cfbf7f6a209ada41fce3a6faad9bc4d569b690223e5d668019c11204716bb96a858c36c853bd41b28c1505ddce9df22b31dbdaa014b07ec53a79cfeb5b540902669c7a283f3647c1a9f685b5027bfb18e827818a76c23fa6ad20760f228a4239a4d558240130b5cc389d2be41b806cafd24d1d425c26a61508c974d62aae6f6830459c79e7a9ff5610291661bf03528fbafe47cf4c2e51f4856749ef543eb7cd8f72e84a4075fa7df9ad12565e5b3810c6d6292ff878ee8499611688989f0a04f4dc7275e01c0444a0321f0a0327fbe8a55689307b1bfd66d5d27ade78df5c1dfcef8868ebbe339d7efdae1973
-+Ctrl.hexxcghash = hexxcghash:7317f576ce95d5bed93d08c65eb814d037ecd42f09b2d514fad58335e8e8bec807b9cf74b9044f449581c792ebb08843f2b80da87d91625e20f25de91b4d5d23
-+Ctrl.hexsession_id = hexsession_id:7d153fda85bd3488962bdf03b8d0f26cf61f737173587ac6ee3d6f601a00f6474f5401370ef04720c620ea2b9668ab72cb6c40dc96057fc4537e7a6b0e79e9c5
-+Ctrl.type = type:F
-+Output = d32d849b488594d0b8efce91604296393b2240121f2ed51fb7c0bb5b371c33775d184ffaf3028306bc8040b21887f6885e5916ae158ef74a3ba09a1f30654f1a
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800
-+Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa
-+Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13
-+Ctrl.type = type:A
-+Output = 5aa8ed531557a1dc934ed667029e062f
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800
-+Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa
-+Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13
-+Ctrl.type = type:B
-+Output = 11a810c69785949d5a0ef6eeff960fb4
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800
-+Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa
-+Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13
-+Ctrl.type = type:C
-+Output = 54e9402e4f85b08c271b2a9f15d56c75
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800
-+Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa
-+Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13
-+Ctrl.type = type:D
-+Output = 838209e0ebe7626cf6482f25c7774bfd
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800
-+Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa
-+Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13
-+Ctrl.type = type:E
-+Output = bc62048ddb762ac50336ae0e91a402cc78e73472fe180756a4686299967d2904318b8ad1b8dc622edd75e9ff0e74f7fcb8a1f8acb86e2567a5167084c648c7ef
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800
-+Ctrl.hexxcghash = hexxcghash:b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa
-+Ctrl.hexsession_id = hexsession_id:5c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13
-+Ctrl.type = type:F
-+Output = 4e9644a01a3fe6c3f4f5aceddb00e2584e277354aee6392a1a5aef05024d37fcf25ff46fdd8fe52e7d1dd9a96e77328aadf44b8fc92ac22a14f63d64ad0db621
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e
-+Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2
-+Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85
-+Ctrl.type = type:A
-+Output = 77cb432c67bf0ae658aa4e34376d01b5
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e
-+Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2
-+Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85
-+Ctrl.type = type:B
-+Output = f55c74d112746001d8908edd347d7e69
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e
-+Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2
-+Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85
-+Ctrl.type = type:C
-+Output = 34a48ab90890b385198ea6bf8c50c3f6
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e
-+Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2
-+Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85
-+Ctrl.type = type:D
-+Output = f2b6046d3439c50a9000a63909146abc
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e
-+Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2
-+Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85
-+Ctrl.type = type:E
-+Output = 70357486ca57c93418c6705b731b054bc41be03289c25a5ed29a937732807ae10a3604486c53d1f2431411808d87bfbaa6b25971fa2e4ec3719b5d2622aed2ff
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA512
-+Ctrl.hexkey = hexkey:0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e
-+Ctrl.hexxcghash = hexxcghash:a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2
-+Ctrl.hexsession_id = hexsession_id:cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85
-+Ctrl.type = type:F
-+Output = 4e6428f7a87455bdef6026cdf68a2f6d93d6cda5145d6bca60ee4eb2d6248b399f6568c65ec92cee8d9b0c7fd83053c91c5be72bf96b5904080624a348243899
-+
-+Title = SSHKDF test error conditions
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.type = type:A
-+Output = FF
-+Result = KDF_DERIVE_ERROR
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
-+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.type = type:A
-+Output = FF
-+Result = KDF_DERIVE_ERROR
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
-+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.type = type:A
-+Output = FF
-+Result = KDF_DERIVE_ERROR
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
-+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Output = FF
-+Result = KDF_DERIVE_ERROR
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
-+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.type = type:X
-+Output = FF
-+Result = KDF_CTRL_ERROR
-+
-+KDF = SSHKDF
-+Ctrl.md = md:SHA1
-+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
-+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
-+Ctrl.type = type:A
-+Output = FF
-+Result = KDF_MISMATCH
-From 148cc5ee246e108b1e7332035037bab53574b0a9 Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo@redhat.com>
-Date: Thu, 18 Apr 2019 08:26:29 -0400
-Subject: [PATCH] Change the digest string from "md" to "digest"
-
-Conform to other modules which were changed at the last minute and this
-discrepancy was not noticed.
-Retain "md" as an alias so not to break 3rd party backports/tests scripts.
-
-Signed-off-by: Simo Sorce <simo@redhat.com>
----
- crypto/kdf/sshkdf.c | 3 +++
- test/recipes/20-test_kdf.t | 2 +-
- 2 files changed, 4 insertions(+), 1 deletion(-)
- mode change 100644 => 100755 test/recipes/20-test_kdf.t
-
-diff --git a/crypto/kdf/sshkdf.c b/crypto/kdf/sshkdf.c
-index 300e1adbb23..f585e8a0d6d 100644
---- a/crypto/kdf/sshkdf.c
-+++ b/crypto/kdf/sshkdf.c
-@@ -125,6 +125,9 @@ static int kdf_sshkdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type,
- return 0;
- }
-
-+ if (strcmp(type, "digest") == 0)
-+ return kdf_md2ctrl(impl, kdf_sshkdf_ctrl, EVP_KDF_CTRL_SET_MD, value);
-+ /* alias, for historical reasons */
- if (strcmp(type, "md") == 0)
- return kdf_md2ctrl(impl, kdf_sshkdf_ctrl, EVP_KDF_CTRL_SET_MD, value);
-
diff --git a/openssl-freefilesync/openssl-1.1.1-system-cipherlist.patch b/openssl-freefilesync/openssl-1.1.1-system-cipherlist.patch
deleted file mode 100644
index a70f20b..0000000
--- a/openssl-freefilesync/openssl-1.1.1-system-cipherlist.patch
+++ /dev/null
@@ -1,310 +0,0 @@
-diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.1c/Configurations/unix-Makefile.tmpl
---- openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist 2019-05-29 15:42:27.951329271 +0200
-+++ openssl-1.1.1c/Configurations/unix-Makefile.tmpl 2019-05-29 15:42:27.974328867 +0200
-@@ -180,6 +180,10 @@ MANDIR=$(INSTALLTOP)/share/man
- DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
- HTMLDIR=$(DOCDIR)/html
-
-+{- output_off() if $config{system_ciphers_file} eq ""; "" -}
-+SYSTEM_CIPHERS_FILE_DEFINE=-DSYSTEM_CIPHERS_FILE="\"{- $config{system_ciphers_file} -}\""
-+{- output_on() if $config{system_ciphers_file} eq ""; "" -}
-+
- # MANSUFFIX is for the benefit of anyone who may want to have a suffix
- # appended after the manpage file section number. "ssl" is popular,
- # resulting in files such as config.5ssl rather than config.5.
-@@ -203,6 +207,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
- CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
- CPPFLAGS={- our $cppflags1 = join(" ",
- (map { "-D".$_} @{$config{CPPDEFINES}}),
-+ "\$(SYSTEM_CIPHERS_FILE_DEFINE)",
- (map { "-I".$_} @{$config{CPPINCLUDES}}),
- @{$config{CPPFLAGS}}) -}
- CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
-diff -up openssl-1.1.1c/Configure.system-cipherlist openssl-1.1.1c/Configure
---- openssl-1.1.1c/Configure.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/Configure 2019-05-29 15:45:10.465469533 +0200
-@@ -24,7 +24,7 @@ use OpenSSL::Glob;
- my $orig_death_handler = $SIG{__DIE__};
- $SIG{__DIE__} = \&death_handler;
-
--my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
-+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
-
- # Options:
- #
-@@ -41,6 +41,9 @@ my $usage="Usage: Configure [no-<cipher>
- # This becomes the value of OPENSSLDIR in Makefile and in C.
- # (Default: PREFIX/ssl)
- #
-+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
-+# cipher is specified (default).
-+#
- # --cross-compile-prefix Add specified prefix to binutils components.
- #
- # --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for
-@@ -295,6 +298,7 @@ $config{prefix}="";
- $config{openssldir}="";
- $config{processor}="";
- $config{libdir}="";
-+$config{system_ciphers_file}="";
- my $auto_threads=1; # enable threads automatically? true by default
- my $default_ranlib;
-
-@@ -824,6 +828,10 @@ while (@argvcopy)
- push @seed_sources, $x;
- }
- }
-+ elsif (/^--system-ciphers-file=(.*)$/)
-+ {
-+ $config{system_ciphers_file}=$1;
-+ }
- elsif (/^--cross-compile-prefix=(.*)$/)
- {
- $user{CROSS_COMPILE}=$1;
-@@ -1016,6 +1024,8 @@ if ($target eq "HASH") {
- exit 0;
- }
-
-+chop $config{system_ciphers_file} if $config{system_ciphers_file} =~ /\/$/;
-+
- print "Configuring OpenSSL version $config{version} ($config{version_num}) ";
- print "for $target\n";
-
-diff -up openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1c/doc/man1/ciphers.pod
---- openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/doc/man1/ciphers.pod 2019-05-29 15:42:27.975328849 +0200
-@@ -182,6 +182,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
-
- The cipher suites not enabled by B<ALL>, currently B<eNULL>.
-
-+=item B<PROFILE=SYSTEM>
-+
-+The list of enabled cipher suites will be loaded from the system crypto policy
-+configuration file B</etc/crypto-policies/back-ends/openssl.config>.
-+See also L<update-crypto-policies(8)>.
-+This is the default behavior unless an application explicitly sets a cipher
-+list. If used in a cipher list configuration value this string must be at the
-+beginning of the cipher list, otherwise it will not be recognized.
-+
- =item B<HIGH>
-
- "High" encryption cipher suites. This currently means those with key lengths
-diff -up openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist openssl-1.1.1c/include/openssl/ssl.h
---- openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/include/openssl/ssl.h 2019-05-29 15:42:27.975328849 +0200
-@@ -186,6 +186,11 @@ extern "C" {
- * throwing out anonymous and unencrypted ciphersuites! (The latter are not
- * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
- */
-+# ifdef SYSTEM_CIPHERS_FILE
-+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
-+# else
-+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST
-+# endif
-
- /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
- # define SSL_SENT_SHUTDOWN 1
-diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ciph.c
---- openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/ssl/ssl_ciph.c 2019-05-29 15:42:27.976328831 +0200
-@@ -9,6 +9,8 @@
- * https://www.openssl.org/source/license.html
- */
-
-+/* for secure_getenv */
-+#define _GNU_SOURCE
- #include <stdio.h>
- #include <ctype.h>
- #include <openssl/objects.h>
-@@ -1399,6 +1401,53 @@ int SSL_set_ciphersuites(SSL *s, const c
- return ret;
- }
-
-+#ifdef SYSTEM_CIPHERS_FILE
-+static char *load_system_str(const char *suffix)
-+{
-+ FILE *fp;
-+ char buf[1024];
-+ char *new_rules;
-+ const char *ciphers_path;
-+ unsigned len, slen;
-+
-+ if ((ciphers_path = secure_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
-+ ciphers_path = SYSTEM_CIPHERS_FILE;
-+ fp = fopen(ciphers_path, "r");
-+ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) {
-+ /* cannot open or file is empty */
-+ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST);
-+ }
-+
-+ if (fp)
-+ fclose(fp);
-+
-+ slen = strlen(suffix);
-+ len = strlen(buf);
-+
-+ if (buf[len - 1] == '\n') {
-+ len--;
-+ buf[len] = 0;
-+ }
-+ if (buf[len - 1] == '\r') {
-+ len--;
-+ buf[len] = 0;
-+ }
-+
-+ new_rules = OPENSSL_malloc(len + slen + 1);
-+ if (new_rules == 0)
-+ return NULL;
-+
-+ memcpy(new_rules, buf, len);
-+ if (slen > 0) {
-+ memcpy(&new_rules[len], suffix, slen);
-+ len += slen;
-+ }
-+ new_rules[len] = 0;
-+
-+ return new_rules;
-+}
-+#endif
-+
- STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
- STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
- STACK_OF(SSL_CIPHER) **cipher_list,
-@@ -1412,15 +1461,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- const char *rule_p;
- CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
- const SSL_CIPHER **ca_list = NULL;
-+#ifdef SYSTEM_CIPHERS_FILE
-+ char *new_rules = NULL;
-+
-+ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) {
-+ char *p = rule_str + 14;
-+
-+ new_rules = load_system_str(p);
-+ rule_str = new_rules;
-+ }
-+#endif
-
- /*
- * Return with error if nothing to do.
- */
- if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
-- return NULL;
-+ goto err;
- #ifndef OPENSSL_NO_EC
- if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
-- return NULL;
-+ goto err;
- #endif
-
- /*
-@@ -1443,7 +1502,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
- if (co_list == NULL) {
- SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
-- return NULL; /* Failure */
-+ goto err;
- }
-
- ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
-@@ -1509,8 +1568,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- * in force within each class
- */
- if (!ssl_cipher_strength_sort(&head, &tail)) {
-- OPENSSL_free(co_list);
-- return NULL;
-+ goto err;
- }
-
- /*
-@@ -1555,9 +1613,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
- ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
- if (ca_list == NULL) {
-- OPENSSL_free(co_list);
- SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
-- return NULL; /* Failure */
-+ goto err;
- }
- ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
- disabled_mkey, disabled_auth, disabled_enc,
-@@ -1583,8 +1640,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- OPENSSL_free(ca_list); /* Not needed anymore */
-
- if (!ok) { /* Rule processing failure */
-- OPENSSL_free(co_list);
-- return NULL;
-+ goto err;
- }
-
- /*
-@@ -1592,14 +1648,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- * if we cannot get one.
- */
- if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
-- OPENSSL_free(co_list);
-- return NULL;
-+ goto err;
- }
-
-+#ifdef SYSTEM_CIPHERS_FILE
-+ OPENSSL_free(new_rules); /* Not needed anymore */
-+#endif
-+
- /* Add TLSv1.3 ciphers first - we always prefer those if possible */
- for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
- if (!sk_SSL_CIPHER_push(cipherstack,
- sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
-+ OPENSSL_free(co_list);
- sk_SSL_CIPHER_free(cipherstack);
- return NULL;
- }
-@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- *cipher_list = cipherstack;
-
- return cipherstack;
-+
-+err:
-+ OPENSSL_free(co_list);
-+#ifdef SYSTEM_CIPHERS_FILE
-+ OPENSSL_free(new_rules);
-+#endif
-+ return NULL;
-+
- }
-
- char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
-diff -up openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1c/ssl/ssl_lib.c
---- openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist 2019-05-29 15:42:27.970328937 +0200
-+++ openssl-1.1.1c/ssl/ssl_lib.c 2019-05-29 15:42:27.977328814 +0200
-@@ -662,7 +662,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
- ctx->tls13_ciphersuites,
- &(ctx->cipher_list),
- &(ctx->cipher_list_by_id),
-- SSL_DEFAULT_CIPHER_LIST, ctx->cert);
-+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert);
- if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
- SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
- return 0;
-@@ -2954,7 +2954,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
- if (!ssl_create_cipher_list(ret->method,
- ret->tls13_ciphersuites,
- &ret->cipher_list, &ret->cipher_list_by_id,
-- SSL_DEFAULT_CIPHER_LIST, ret->cert)
-+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert)
- || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
- SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
- goto err2;
-diff -up openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist openssl-1.1.1c/test/cipherlist_test.c
---- openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/test/cipherlist_test.c 2019-05-29 15:42:27.977328814 +0200
-@@ -251,7 +251,9 @@ end:
-
- int setup_tests(void)
- {
-+#ifndef SYSTEM_CIPHERS_FILE
- ADD_TEST(test_default_cipherlist_implicit);
-+#endif
- ADD_TEST(test_default_cipherlist_explicit);
- ADD_TEST(test_default_cipherlist_clear);
- return 1;
diff --git a/openssl-freefilesync/openssl-1.1.1-ts-sha256-default.patch b/openssl-freefilesync/openssl-1.1.1-ts-sha256-default.patch
deleted file mode 100644
index d99dc47..0000000
--- a/openssl-freefilesync/openssl-1.1.1-ts-sha256-default.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-diff --git a/apps/ts.c b/apps/ts.c
-index 63c5210183..4ef8a72eef 100644
---- a/apps/ts.c
-+++ b/apps/ts.c
-@@ -425,7 +425,7 @@ static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
- ASN1_OBJECT *policy_obj = NULL;
- ASN1_INTEGER *nonce_asn1 = NULL;
-
-- if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
-+ if (md == NULL && (md = EVP_get_digestbyname("sha256")) == NULL)
- goto err;
- if ((ts_req = TS_REQ_new()) == NULL)
- goto err;
-diff --git a/doc/man1/ts.pod b/doc/man1/ts.pod
-index 078905a845..83b8fe4350 100644
---- a/doc/man1/ts.pod
-+++ b/doc/man1/ts.pod
-@@ -517,7 +517,7 @@ included. Default is no. (Optional)
- =item B<ess_cert_id_alg>
-
- This option specifies the hash function to be used to calculate the TSA's
--public key certificate identifier. Default is sha1. (Optional)
-+public key certificate identifier. Default is sha256. (Optional)
-
- =back
-
-@@ -529,7 +529,7 @@ openssl/apps/openssl.cnf will do.
-
- =head2 Time Stamp Request
-
--To create a time stamp request for design1.txt with SHA-1
-+To create a time stamp request for design1.txt with SHA-256
- without nonce and policy and no certificate is required in the response:
-
- openssl ts -query -data design1.txt -no_nonce \
-@@ -545,12 +545,12 @@ To print the content of the previous request in human readable format:
-
- openssl ts -query -in design1.tsq -text
-
--To create a time stamp request which includes the MD-5 digest
-+To create a time stamp request which includes the SHA-512 digest
- of design2.txt, requests the signer certificate and nonce,
- specifies a policy id (assuming the tsa_policy1 name is defined in the
- OID section of the config file):
-
-- openssl ts -query -data design2.txt -md5 \
-+ openssl ts -query -data design2.txt -sha512 \
- -tspolicy tsa_policy1 -cert -out design2.tsq
-
- =head2 Time Stamp Response
diff --git a/openssl-freefilesync/openssl-1.1.1-upstream-sync.patch b/openssl-freefilesync/openssl-1.1.1-upstream-sync.patch
deleted file mode 100644
index 7e03b8d..0000000
--- a/openssl-freefilesync/openssl-1.1.1-upstream-sync.patch
+++ /dev/null
@@ -1,534 +0,0 @@
-diff -up openssl-1.1.1c/crypto/dsa/dsa_ameth.c.sync openssl-1.1.1c/crypto/dsa/dsa_ameth.c
---- openssl-1.1.1c/crypto/dsa/dsa_ameth.c.sync 2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/crypto/dsa/dsa_ameth.c 2019-05-29 17:10:39.768187283 +0200
-@@ -503,7 +503,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey,
-
- case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
- *(int *)arg2 = NID_sha256;
-- return 2;
-+ return 1;
-
- default:
- return -2;
-diff -up openssl-1.1.1c/crypto/err/err.c.sync openssl-1.1.1c/crypto/err/err.c
---- openssl-1.1.1c/crypto/err/err.c.sync 2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/crypto/err/err.c 2019-05-29 17:07:13.345793792 +0200
-@@ -184,8 +184,8 @@ static ERR_STRING_DATA *int_err_get_item
- }
-
- #ifndef OPENSSL_NO_ERR
--/* A measurement on Linux 2018-11-21 showed about 3.5kib */
--# define SPACE_SYS_STR_REASONS 4 * 1024
-+/* 2019-05-21: Russian and Ukrainian locales on Linux require more than 6,5 kB */
-+# define SPACE_SYS_STR_REASONS 8 * 1024
- # define NUM_SYS_STR_REASONS 127
-
- static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
-@@ -219,21 +219,23 @@ static void build_SYS_str_reasons(void)
- ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
-
- str->error = ERR_PACK(ERR_LIB_SYS, 0, i);
-- if (str->string == NULL) {
-+ /*
-+ * If we have used up all the space in strerror_pool,
-+ * there's no point in calling openssl_strerror_r()
-+ */
-+ if (str->string == NULL && cnt < sizeof(strerror_pool)) {
- if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) {
- size_t l = strlen(cur);
-
- str->string = cur;
- cnt += l;
-- if (cnt > sizeof(strerror_pool))
-- cnt = sizeof(strerror_pool);
- cur += l;
-
- /*
- * VMS has an unusual quirk of adding spaces at the end of
-- * some (most? all?) messages. Lets trim them off.
-+ * some (most? all?) messages. Lets trim them off.
- */
-- while (ossl_isspace(cur[-1])) {
-+ while (cur > strerror_pool && ossl_isspace(cur[-1])) {
- cur--;
- cnt--;
- }
-diff -up openssl-1.1.1c/crypto/rand/rand_lib.c.sync openssl-1.1.1c/crypto/rand/rand_lib.c
---- openssl-1.1.1c/crypto/rand/rand_lib.c.sync 2019-05-29 17:20:17.175099183 +0200
-+++ openssl-1.1.1c/crypto/rand/rand_lib.c 2019-05-30 11:51:20.784850208 +0200
-@@ -239,8 +239,9 @@ size_t rand_drbg_get_nonce(RAND_DRBG *dr
- struct {
- void * instance;
- int count;
-- } data = { NULL, 0 };
-+ } data;
-
-+ memset(&data, 0, sizeof(data));
- pool = rand_pool_new(0, min_len, max_len);
- if (pool == NULL)
- return 0;
-From 6c2f347c78a530407b5310497080810094427920 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Wed, 17 Apr 2019 11:09:05 +0100
-Subject: [PATCH 1/2] Defer sending a KeyUpdate until after pending writes are
- complete
-
-If we receive a KeyUpdate message (update requested) from the peer while
-we are in the middle of a write, we should defer sending the responding
-KeyUpdate message until after the current write is complete. We do this
-by waiting to send the KeyUpdate until the next time we write and there is
-no pending write data.
-
-This does imply a subtle change in behaviour. Firstly the responding
-KeyUpdate message won't be sent straight away as it is now. Secondly if
-the peer sends multiple KeyUpdates without us doing any writing then we
-will only send one response, as opposed to previously where we sent a
-response for each KeyUpdate received.
-
-Fixes #8677
-
-Reviewed-by: Ben Kaduk <kaduk@mit.edu>
-(Merged from https://github.com/openssl/openssl/pull/8773)
-
-(cherry picked from commit feb9e31c40c49de6384dd0413685e9b5a15adc99)
----
- ssl/record/rec_layer_s3.c | 7 +++++++
- ssl/statem/statem_clnt.c | 6 ------
- ssl/statem/statem_lib.c | 7 ++-----
- ssl/statem/statem_srvr.c | 6 ------
- 4 files changed, 9 insertions(+), 17 deletions(-)
-
-diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
-index b2f97ef905..b65137c332 100644
---- a/ssl/record/rec_layer_s3.c
-+++ b/ssl/record/rec_layer_s3.c
-@@ -373,6 +373,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
-
- s->rlayer.wnum = 0;
-
-+ /*
-+ * If we are supposed to be sending a KeyUpdate then go into init unless we
-+ * have writes pending - in which case we should finish doing that first.
-+ */
-+ if (wb->left == 0 && s->key_update != SSL_KEY_UPDATE_NONE)
-+ ossl_statem_set_in_init(s, 1);
-+
- /*
- * When writing early data on the server side we could be "in_init" in
- * between receiving the EoED and the CF - but we don't want to handle those
-diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
-index 87800cd835..6410414fb6 100644
---- a/ssl/statem/statem_clnt.c
-+++ b/ssl/statem/statem_clnt.c
-@@ -473,12 +473,6 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
- return WRITE_TRAN_CONTINUE;
-
- case TLS_ST_CR_KEY_UPDATE:
-- if (s->key_update != SSL_KEY_UPDATE_NONE) {
-- st->hand_state = TLS_ST_CW_KEY_UPDATE;
-- return WRITE_TRAN_CONTINUE;
-- }
-- /* Fall through */
--
- case TLS_ST_CW_KEY_UPDATE:
- case TLS_ST_CR_SESSION_TICKET:
- case TLS_ST_CW_FINISHED:
-diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
-index c0482b0a90..2960dafa52 100644
---- a/ssl/statem/statem_lib.c
-+++ b/ssl/statem/statem_lib.c
-@@ -645,12 +645,9 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
- /*
- * If we get a request for us to update our sending keys too then, we need
- * to additionally send a KeyUpdate message. However that message should
-- * not also request an update (otherwise we get into an infinite loop). We
-- * ignore a request for us to update our sending keys too if we already
-- * sent close_notify.
-+ * not also request an update (otherwise we get into an infinite loop).
- */
-- if (updatetype == SSL_KEY_UPDATE_REQUESTED
-- && (s->shutdown & SSL_SENT_SHUTDOWN) == 0)
-+ if (updatetype == SSL_KEY_UPDATE_REQUESTED)
- s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED;
-
- if (!tls13_update_key(s, 0)) {
-diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
-index d454326a99..04a23320fc 100644
---- a/ssl/statem/statem_srvr.c
-+++ b/ssl/statem/statem_srvr.c
-@@ -502,12 +502,6 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
- return WRITE_TRAN_CONTINUE;
-
- case TLS_ST_SR_KEY_UPDATE:
-- if (s->key_update != SSL_KEY_UPDATE_NONE) {
-- st->hand_state = TLS_ST_SW_KEY_UPDATE;
-- return WRITE_TRAN_CONTINUE;
-- }
-- /* Fall through */
--
- case TLS_ST_SW_KEY_UPDATE:
- st->hand_state = TLS_ST_OK;
- return WRITE_TRAN_CONTINUE;
---
-2.20.1
-
-From c8feb1039ccc4cd11e6db084df1446bf863bee1e Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Wed, 17 Apr 2019 10:30:53 +0100
-Subject: [PATCH 2/2] Write a test for receiving a KeyUpdate (update requested)
- while writing
-
-Reviewed-by: Ben Kaduk <kaduk@mit.edu>
-(Merged from https://github.com/openssl/openssl/pull/8773)
-
-(cherry picked from commit a77b4dba237d001073d2d1c5d55c674a196c949f)
----
- test/sslapitest.c | 92 +++++++++++++++++++++++++++++++++++++++++++++
- test/ssltestlib.c | 96 +++++++++++++++++++++++++++++++++++++++++++++++
- test/ssltestlib.h | 3 ++
- 3 files changed, 191 insertions(+)
-
-diff --git a/test/sslapitest.c b/test/sslapitest.c
-index 2261fe4a7a..577342644d 100644
---- a/test/sslapitest.c
-+++ b/test/sslapitest.c
-@@ -4290,6 +4290,11 @@ static int test_key_update(void)
- || !TEST_int_eq(SSL_read(serverssl, buf, sizeof(buf)),
- strlen(mess)))
- goto end;
-+
-+ if (!TEST_int_eq(SSL_write(serverssl, mess, strlen(mess)), strlen(mess))
-+ || !TEST_int_eq(SSL_read(clientssl, buf, sizeof(buf)),
-+ strlen(mess)))
-+ goto end;
- }
-
- testresult = 1;
-@@ -4302,6 +4307,91 @@ static int test_key_update(void)
-
- return testresult;
- }
-+
-+/*
-+ * Test we can handle a KeyUpdate (update requested) message while write data
-+ * is pending.
-+ * Test 0: Client sends KeyUpdate while Server is writing
-+ * Test 1: Server sends KeyUpdate while Client is writing
-+ */
-+static int test_key_update_in_write(int tst)
-+{
-+ SSL_CTX *cctx = NULL, *sctx = NULL;
-+ SSL *clientssl = NULL, *serverssl = NULL;
-+ int testresult = 0;
-+ char buf[20];
-+ static char *mess = "A test message";
-+ BIO *bretry = BIO_new(bio_s_always_retry());
-+ BIO *tmp = NULL;
-+ SSL *peerupdate = NULL, *peerwrite = NULL;
-+
-+ if (!TEST_ptr(bretry)
-+ || !TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-+ TLS_client_method(),
-+ TLS1_3_VERSION,
-+ 0,
-+ &sctx, &cctx, cert, privkey))
-+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
-+ NULL, NULL))
-+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
-+ SSL_ERROR_NONE)))
-+ goto end;
-+
-+ peerupdate = tst == 0 ? clientssl : serverssl;
-+ peerwrite = tst == 0 ? serverssl : clientssl;
-+
-+ if (!TEST_true(SSL_key_update(peerupdate, SSL_KEY_UPDATE_REQUESTED))
-+ || !TEST_true(SSL_do_handshake(peerupdate)))
-+ goto end;
-+
-+ /* Swap the writing endpoint's write BIO to force a retry */
-+ tmp = SSL_get_wbio(peerwrite);
-+ if (!TEST_ptr(tmp) || !TEST_true(BIO_up_ref(tmp))) {
-+ tmp = NULL;
-+ goto end;
-+ }
-+ SSL_set0_wbio(peerwrite, bretry);
-+ bretry = NULL;
-+
-+ /* Write data that we know will fail with SSL_ERROR_WANT_WRITE */
-+ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), -1)
-+ || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_WRITE))
-+ goto end;
-+
-+ /* Reinstate the original writing endpoint's write BIO */
-+ SSL_set0_wbio(peerwrite, tmp);
-+ tmp = NULL;
-+
-+ /* Now read some data - we will read the key update */
-+ if (!TEST_int_eq(SSL_read(peerwrite, buf, sizeof(buf)), -1)
-+ || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_READ))
-+ goto end;
-+
-+ /*
-+ * Complete the write we started previously and read it from the other
-+ * endpoint
-+ */
-+ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess))
-+ || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess)))
-+ goto end;
-+
-+ /* Write more data to ensure we send the KeyUpdate message back */
-+ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess))
-+ || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess)))
-+ goto end;
-+
-+ testresult = 1;
-+
-+ end:
-+ SSL_free(serverssl);
-+ SSL_free(clientssl);
-+ SSL_CTX_free(sctx);
-+ SSL_CTX_free(cctx);
-+ BIO_free(bretry);
-+ BIO_free(tmp);
-+
-+ return testresult;
-+}
- #endif /* OPENSSL_NO_TLS1_3 */
-
- static int test_ssl_clear(int idx)
-@@ -5982,6 +6072,7 @@ int setup_tests(void)
- #ifndef OPENSSL_NO_TLS1_3
- ADD_ALL_TESTS(test_export_key_mat_early, 3);
- ADD_TEST(test_key_update);
-+ ADD_ALL_TESTS(test_key_update_in_write, 2);
- #endif
- ADD_ALL_TESTS(test_ssl_clear, 2);
- ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));
-@@ -6002,4 +6093,5 @@ int setup_tests(void)
- void cleanup_tests(void)
- {
- bio_s_mempacket_test_free();
-+ bio_s_always_retry_free();
- }
-diff --git a/test/ssltestlib.c b/test/ssltestlib.c
-index 05139be750..e1038620ac 100644
---- a/test/ssltestlib.c
-+++ b/test/ssltestlib.c
-@@ -62,9 +62,11 @@ static int tls_dump_puts(BIO *bp, const char *str);
- /* Choose a sufficiently large type likely to be unused for this custom BIO */
- #define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER)
- #define BIO_TYPE_MEMPACKET_TEST 0x81
-+#define BIO_TYPE_ALWAYS_RETRY 0x82
-
- static BIO_METHOD *method_tls_dump = NULL;
- static BIO_METHOD *meth_mem = NULL;
-+static BIO_METHOD *meth_always_retry = NULL;
-
- /* Note: Not thread safe! */
- const BIO_METHOD *bio_f_tls_dump_filter(void)
-@@ -612,6 +614,100 @@ static int mempacket_test_puts(BIO *bio, const char *str)
- return mempacket_test_write(bio, str, strlen(str));
- }
-
-+static int always_retry_new(BIO *bi);
-+static int always_retry_free(BIO *a);
-+static int always_retry_read(BIO *b, char *out, int outl);
-+static int always_retry_write(BIO *b, const char *in, int inl);
-+static long always_retry_ctrl(BIO *b, int cmd, long num, void *ptr);
-+static int always_retry_gets(BIO *bp, char *buf, int size);
-+static int always_retry_puts(BIO *bp, const char *str);
-+
-+const BIO_METHOD *bio_s_always_retry(void)
-+{
-+ if (meth_always_retry == NULL) {
-+ if (!TEST_ptr(meth_always_retry = BIO_meth_new(BIO_TYPE_ALWAYS_RETRY,
-+ "Always Retry"))
-+ || !TEST_true(BIO_meth_set_write(meth_always_retry,
-+ always_retry_write))
-+ || !TEST_true(BIO_meth_set_read(meth_always_retry,
-+ always_retry_read))
-+ || !TEST_true(BIO_meth_set_puts(meth_always_retry,
-+ always_retry_puts))
-+ || !TEST_true(BIO_meth_set_gets(meth_always_retry,
-+ always_retry_gets))
-+ || !TEST_true(BIO_meth_set_ctrl(meth_always_retry,
-+ always_retry_ctrl))
-+ || !TEST_true(BIO_meth_set_create(meth_always_retry,
-+ always_retry_new))
-+ || !TEST_true(BIO_meth_set_destroy(meth_always_retry,
-+ always_retry_free)))
-+ return NULL;
-+ }
-+ return meth_always_retry;
-+}
-+
-+void bio_s_always_retry_free(void)
-+{
-+ BIO_meth_free(meth_always_retry);
-+}
-+
-+static int always_retry_new(BIO *bio)
-+{
-+ BIO_set_init(bio, 1);
-+ return 1;
-+}
-+
-+static int always_retry_free(BIO *bio)
-+{
-+ BIO_set_data(bio, NULL);
-+ BIO_set_init(bio, 0);
-+ return 1;
-+}
-+
-+static int always_retry_read(BIO *bio, char *out, int outl)
-+{
-+ BIO_set_retry_read(bio);
-+ return -1;
-+}
-+
-+static int always_retry_write(BIO *bio, const char *in, int inl)
-+{
-+ BIO_set_retry_write(bio);
-+ return -1;
-+}
-+
-+static long always_retry_ctrl(BIO *bio, int cmd, long num, void *ptr)
-+{
-+ long ret = 1;
-+
-+ switch (cmd) {
-+ case BIO_CTRL_FLUSH:
-+ BIO_set_retry_write(bio);
-+ /* fall through */
-+ case BIO_CTRL_EOF:
-+ case BIO_CTRL_RESET:
-+ case BIO_CTRL_DUP:
-+ case BIO_CTRL_PUSH:
-+ case BIO_CTRL_POP:
-+ default:
-+ ret = 0;
-+ break;
-+ }
-+ return ret;
-+}
-+
-+static int always_retry_gets(BIO *bio, char *buf, int size)
-+{
-+ BIO_set_retry_read(bio);
-+ return -1;
-+}
-+
-+static int always_retry_puts(BIO *bio, const char *str)
-+{
-+ BIO_set_retry_write(bio);
-+ return -1;
-+}
-+
- int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
- int min_proto_version, int max_proto_version,
- SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
-diff --git a/test/ssltestlib.h b/test/ssltestlib.h
-index fa19e7d80d..56e323f5bc 100644
---- a/test/ssltestlib.h
-+++ b/test/ssltestlib.h
-@@ -30,6 +30,9 @@ void bio_f_tls_dump_filter_free(void);
- const BIO_METHOD *bio_s_mempacket_test(void);
- void bio_s_mempacket_test_free(void);
-
-+const BIO_METHOD *bio_s_always_retry(void);
-+void bio_s_always_retry_free(void);
-+
- /* Packet types - value 0 is reserved */
- #define INJECT_PACKET 1
- #define INJECT_PACKET_IGNORE_REC_SEQ 2
---
-2.20.1
-
-diff -up openssl-1.1.1c/include/internal/constant_time_locl.h.valgrind openssl-1.1.1c/include/internal/constant_time_locl.h
---- openssl-1.1.1c/include/internal/constant_time_locl.h.valgrind 2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/include/internal/constant_time_locl.h 2019-06-24 15:02:12.796053536 +0200
-@@ -213,18 +213,66 @@ static ossl_inline unsigned char constan
- return constant_time_eq_8((unsigned)(a), (unsigned)(b));
- }
-
-+/* Returns the value unmodified, but avoids optimizations. */
-+static ossl_inline unsigned int value_barrier(unsigned int a)
-+{
-+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
-+ unsigned int r;
-+ __asm__("" : "=r"(r) : "0"(a));
-+#else
-+ volatile unsigned int r = a;
-+#endif
-+ return r;
-+}
-+
-+/* Convenience method for uint32_t. */
-+static ossl_inline uint32_t value_barrier_32(uint32_t a)
-+{
-+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
-+ uint32_t r;
-+ __asm__("" : "=r"(r) : "0"(a));
-+#else
-+ volatile uint32_t r = a;
-+#endif
-+ return r;
-+}
-+
-+/* Convenience method for uint64_t. */
-+static ossl_inline uint64_t value_barrier_64(uint64_t a)
-+{
-+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
-+ uint64_t r;
-+ __asm__("" : "=r"(r) : "0"(a));
-+#else
-+ volatile uint64_t r = a;
-+#endif
-+ return r;
-+}
-+
-+/* Convenience method for size_t. */
-+static ossl_inline size_t value_barrier_s(size_t a)
-+{
-+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
-+ size_t r;
-+ __asm__("" : "=r"(r) : "0"(a));
-+#else
-+ volatile size_t r = a;
-+#endif
-+ return r;
-+}
-+
- static ossl_inline unsigned int constant_time_select(unsigned int mask,
- unsigned int a,
- unsigned int b)
- {
-- return (mask & a) | (~mask & b);
-+ return (value_barrier(mask) & a) | (value_barrier(~mask) & b);
- }
-
- static ossl_inline size_t constant_time_select_s(size_t mask,
- size_t a,
- size_t b)
- {
-- return (mask & a) | (~mask & b);
-+ return (value_barrier_s(mask) & a) | (value_barrier_s(~mask) & b);
- }
-
- static ossl_inline unsigned char constant_time_select_8(unsigned char mask,
-@@ -249,13 +297,13 @@ static ossl_inline int constant_time_sel
- static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a,
- uint32_t b)
- {
-- return (mask & a) | (~mask & b);
-+ return (value_barrier_32(mask) & a) | (value_barrier_32(~mask) & b);
- }
-
- static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a,
- uint64_t b)
- {
-- return (mask & a) | (~mask & b);
-+ return (value_barrier_64(mask) & a) | (value_barrier_64(~mask) & b);
- }
-
- /*
diff --git a/openssl-freefilesync/openssl-1.1.1-version-add-engines.patch b/openssl-freefilesync/openssl-1.1.1-version-add-engines.patch
deleted file mode 100644
index 3c3f58e..0000000
--- a/openssl-freefilesync/openssl-1.1.1-version-add-engines.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-diff -up openssl-1.1.1-pre8/apps/version.c.version-add-engines openssl-1.1.1-pre8/apps/version.c
---- openssl-1.1.1-pre8/apps/version.c.version-add-engines 2018-06-20 16:48:09.000000000 +0200
-+++ openssl-1.1.1-pre8/apps/version.c 2018-07-16 18:00:40.608624346 +0200
-@@ -64,7 +64,7 @@ int version_main(int argc, char **argv)
- {
- int ret = 1, dirty = 0, seed = 0;
- int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
-- int engdir = 0;
-+ int engdir = 0, engines = 0;
- char *prog;
- OPTION_CHOICE o;
-
-@@ -106,7 +106,7 @@ opthelp:
- break;
- case OPT_A:
- seed = options = cflags = version = date = platform = dir = engdir
-- = 1;
-+ = engines = 1;
- break;
- }
- }
-@@ -188,6 +188,16 @@ opthelp:
- #endif
- printf("\n");
- }
-+ if (engines) {
-+ ENGINE *e;
-+ printf("engines: ");
-+ e = ENGINE_get_first();
-+ while (e) {
-+ printf("%s ", ENGINE_get_id(e));
-+ e = ENGINE_get_next(e);
-+ }
-+ printf("\n");
-+ }
- ret = 0;
- end:
- return ret;
diff --git a/openssl-freefilesync/openssl-1.1.1-version-override.patch b/openssl-freefilesync/openssl-1.1.1-version-override.patch
deleted file mode 100644
index 7970b84..0000000
--- a/openssl-freefilesync/openssl-1.1.1-version-override.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up openssl-1.1.1c/include/openssl/opensslv.h.version-override openssl-1.1.1c/include/openssl/opensslv.h
---- openssl-1.1.1c/include/openssl/opensslv.h.version-override 2019-05-29 15:52:30.014734859 +0200
-+++ openssl-1.1.1c/include/openssl/opensslv.h 2019-05-29 15:53:23.093800831 +0200
-@@ -40,7 +40,7 @@ extern "C" {
- * major minor fix final patch/beta)
- */
- # define OPENSSL_VERSION_NUMBER 0x1010103fL
--# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1c 28 May 2019"
-+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1c FIPS 28 May 2019"
-
- /*-
- * The macros below are to be used for shared library (.so, .dll, ...)
diff --git a/openssl-freefilesync/openssl-1.1.1-weak-ciphers.patch b/openssl-freefilesync/openssl-1.1.1-weak-ciphers.patch
deleted file mode 100644
index 0083643..0000000
--- a/openssl-freefilesync/openssl-1.1.1-weak-ciphers.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-diff -up openssl-1.1.1/ssl/s3_lib.c.weak-ciphers openssl-1.1.1/ssl/s3_lib.c
---- openssl-1.1.1/ssl/s3_lib.c.weak-ciphers 2018-09-11 14:48:23.000000000 +0200
-+++ openssl-1.1.1/ssl/s3_lib.c 2018-09-17 12:53:33.850637181 +0200
-@@ -2612,7 +2612,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
- SSL_GOST89MAC,
- TLS1_VERSION, TLS1_2_VERSION,
- 0, 0,
-- SSL_HIGH,
-+ SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
- 256,
- 256,
-@@ -2644,7 +2644,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
- SSL_GOST89MAC12,
- TLS1_VERSION, TLS1_2_VERSION,
- 0, 0,
-- SSL_HIGH,
-+ SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
- 256,
- 256,
-@@ -2753,7 +2753,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
- },
- #endif /* OPENSSL_NO_SEED */
-
--#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-+#if 0 /* No MD5 ciphersuites */
- {
- 1,
- SSL3_TXT_RSA_RC4_128_MD5,
-@@ -2770,6 +2770,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
- 128,
- 128,
- },
-+#endif
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- SSL3_TXT_RSA_RC4_128_SHA,
-@@ -2786,6 +2788,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
- 128,
- 128,
- },
-+#endif
-+#if 0
- {
- 1,
- SSL3_TXT_ADH_RC4_128_MD5,
-@@ -2802,6 +2806,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
- 128,
- 128,
- },
-+#endif
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
diff --git a/openssl-freefilesync/openssl-1.1.1c-hobbled.tar.xz b/openssl-freefilesync/openssl-1.1.1c-hobbled.tar.xz
deleted file mode 100644
index d14f9bf..0000000
--- a/openssl-freefilesync/openssl-1.1.1c-hobbled.tar.xz
+++ /dev/null
Binary files differ
diff --git a/openssl-freefilesync/openssl.spec b/openssl-freefilesync/openssl.spec
deleted file mode 100644
index 29cef89..0000000
--- a/openssl-freefilesync/openssl.spec
+++ /dev/null
@@ -1,2128 +0,0 @@
-# For the curious:
-# 0.9.5a soversion = 0
-# 0.9.6 soversion = 1
-# 0.9.6a soversion = 2
-# 0.9.6c soversion = 3
-# 0.9.7a soversion = 4
-# 0.9.7ef soversion = 5
-# 0.9.8ab soversion = 6
-# 0.9.8g soversion = 7
-# 0.9.8jk + EAP-FAST soversion = 8
-# 1.0.0 soversion = 10
-# 1.1.0 soversion = 1.1 (same as upstream although presence of some symbols
-# depends on build configuration options)
-%define soversion 1.1
-
-# for openssl-freefilesync
-%define fullname openssl-freefilesync
-%define shortname openssl
-
-# Arches on which we need to prevent arch conflicts on opensslconf.h, must
-# also be handled in opensslconf-new.h.
-%define multilib_arches %{ix86} ia64 %{mips} ppc ppc64 s390 s390x sparcv9 sparc64 x86_64
-
-%global _performance_build 1
-
-Summary: Utilities from the general purpose cryptography library with TLS implementation
-# for openssl-freefilesync
-Name: %{fullname}
-Version: 1.1.1c
-# for openssl-freefilesync
-Release: 6.stack%{?dist}
-Epoch: 1
-# We have to remove certain patented algorithms from the openssl source
-# tarball with the hobble-openssl script which is included below.
-# The original openssl upstream tarball cannot be shipped in the .src.rpm.
-Source: openssl-%{version}-hobbled.tar.xz
-Source1: hobble-openssl
-Source2: Makefile.certificate
-Source6: make-dummy-cert
-Source7: renew-dummy-cert
-Source9: opensslconf-new.h
-Source10: opensslconf-new-warning.h
-Source11: README.FIPS
-Source12: ec_curve.c
-Source13: ectest.c
-# Build changes
-Patch1: openssl-1.1.1-build.patch
-Patch2: openssl-1.1.1-defaults.patch
-Patch3: openssl-1.1.0-no-html.patch
-Patch4: openssl-1.1.1-man-rename.patch
-# Bug fixes
-Patch21: openssl-1.1.0-issuer-hash.patch
-# Functionality changes
-Patch31: openssl-1.1.1-conf-paths.patch
-Patch32: openssl-1.1.1-version-add-engines.patch
-Patch33: openssl-1.1.1-apps-dgst.patch
-Patch36: openssl-1.1.1-no-brainpool.patch
-Patch37: openssl-1.1.1-ec-curves.patch
-Patch38: openssl-1.1.1-no-weak-verify.patch
-Patch40: openssl-1.1.1-disable-ssl3.patch
-Patch41: openssl-1.1.1-system-cipherlist.patch
-Patch42: openssl-1.1.1-fips.patch
-Patch43: openssl-1.1.1-ignore-bound.patch
-Patch44: openssl-1.1.1-version-override.patch
-Patch45: openssl-1.1.1-weak-ciphers.patch
-Patch46: openssl-1.1.1-seclevel.patch
-Patch47: openssl-1.1.1-ts-sha256-default.patch
-Patch48: openssl-1.1.1-fips-post-rand.patch
-Patch49: openssl-1.1.1-evp-kdf.patch
-Patch50: openssl-1.1.1-ssh-kdf.patch
-# Backported fixes including security fixes
-Patch51: openssl-1.1.1-upstream-sync.patch
-Patch52: openssl-1.1.1-s390x-update.patch
-Patch53: openssl-1.1.1-fips-crng-test.patch
-Patch54: openssl-1.1.1-regression-fixes.patch
-
-License: OpenSSL
-URL: http://www.openssl.org/
-BuildRequires: gcc
-BuildRequires: coreutils, perl-interpreter, sed, zlib-devel, /usr/bin/cmp
-BuildRequires: lksctp-tools-devel
-BuildRequires: /usr/bin/rename
-BuildRequires: /usr/bin/pod2man
-BuildRequires: /usr/sbin/sysctl
-BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt)
-BuildRequires: perl(Module::Load::Conditional), perl(File::Temp)
-BuildRequires: perl(Time::HiRes)
-Requires: coreutils
-Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
-
-%description
-The OpenSSL toolkit provides support for secure communications between
-machines. OpenSSL includes a certificate management tool and shared
-libraries which provide various cryptographic algorithms and
-protocols.
-
-%package libs
-Summary: A general purpose cryptography library with TLS implementation
-Requires: ca-certificates >= 2008-5
-# for openssl-freefilesync
-#Requires: crypto-policies >= 20180730
-#Recommends: openssl-pkcs11%{?_isa}
-Provides: openssl-fips = %{epoch}:%{version}-%{release}
-
-%description libs
-OpenSSL is a toolkit for supporting cryptography. The openssl-libs
-package contains the libraries that are used by various applications which
-support cryptographic algorithms and protocols.
-
-%package devel
-Summary: Files for development of applications which will use OpenSSL
-Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
-Requires: pkgconfig
-
-%description devel
-OpenSSL is a toolkit for supporting cryptography. The openssl-devel
-package contains include files needed to develop applications which
-support various cryptographic algorithms and protocols.
-
-%package static
-Summary: Libraries for static linking of applications which will use OpenSSL
-Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release}
-
-%description static
-OpenSSL is a toolkit for supporting cryptography. The openssl-static
-package contains static libraries needed for static linking of
-applications which support various cryptographic algorithms and
-protocols.
-
-%package perl
-Summary: Perl scripts provided with OpenSSL
-Requires: perl-interpreter
-Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
-
-%description perl
-OpenSSL is a toolkit for supporting cryptography. The openssl-perl
-package provides Perl scripts for converting certificates and keys
-from other formats to the formats used by the OpenSSL toolkit.
-
-%prep
-# for openssl-freefilesync
-%setup -q -n %{shortname}-%{version}
-
-# The hobble_openssl is called here redundantly, just to be sure.
-# The tarball has already the sources removed.
-%{SOURCE1} > /dev/null
-
-cp %{SOURCE12} crypto/ec/
-cp %{SOURCE13} test/
-
-%patch1 -p1 -b .build %{?_rawbuild}
-%patch2 -p1 -b .defaults
-%patch3 -p1 -b .no-html %{?_rawbuild}
-%patch4 -p1 -b .man-rename
-
-%patch21 -p1 -b .issuer-hash
-
-%patch31 -p1 -b .conf-paths
-%patch32 -p1 -b .version-add-engines
-%patch33 -p1 -b .dgst
-%patch36 -p1 -b .no-brainpool
-%patch37 -p1 -b .curves
-%patch38 -p1 -b .no-weak-verify
-%patch40 -p1 -b .disable-ssl3
-%patch41 -p1 -b .system-cipherlist
-%patch42 -p1 -b .fips
-%patch43 -p1 -b .ignore-bound
-%patch44 -p1 -b .version-override
-%patch45 -p1 -b .weak-ciphers
-%patch46 -p1 -b .seclevel
-%patch47 -p1 -b .ts-sha256-default
-%patch48 -p1 -b .fips-post-rand
-# for openssl-freefilesync
-sed -i -r -e '/sys\/random\.h/s@sys/random\.h@/usr/include/linux/random.h@;' crypto/rand/rand_unix.c
-%patch49 -p1 -b .evp-kdf
-%patch50 -p1 -b .ssh-kdf
-%patch51 -p1 -b .upstream-sync
-%patch52 -p1 -b .s390x-update
-%patch53 -p1 -b .crng-test
-%patch54 -p1 -b .regression
-
-
-%build
-# Figure out which flags we want to use.
-# default
-sslarch=%{_os}-%{_target_cpu}
-%ifarch %ix86
-sslarch=linux-elf
-if ! echo %{_target} | grep -q i686 ; then
- sslflags="no-asm 386"
-fi
-%endif
-%ifarch x86_64
-sslflags=enable-ec_nistp_64_gcc_128
-%endif
-%ifarch sparcv9
-sslarch=linux-sparcv9
-sslflags=no-asm
-%endif
-%ifarch sparc64
-sslarch=linux64-sparcv9
-sslflags=no-asm
-%endif
-%ifarch alpha alphaev56 alphaev6 alphaev67
-sslarch=linux-alpha-gcc
-%endif
-%ifarch s390 sh3eb sh4eb
-sslarch="linux-generic32 -DB_ENDIAN"
-%endif
-%ifarch s390x
-sslarch="linux64-s390x"
-%endif
-%ifarch %{arm}
-sslarch=linux-armv4
-%endif
-%ifarch aarch64
-sslarch=linux-aarch64
-sslflags=enable-ec_nistp_64_gcc_128
-%endif
-%ifarch sh3 sh4
-sslarch=linux-generic32
-%endif
-%ifarch ppc64 ppc64p7
-sslarch=linux-ppc64
-%endif
-%ifarch ppc64le
-sslarch="linux-ppc64le"
-sslflags=enable-ec_nistp_64_gcc_128
-%endif
-%ifarch mips mipsel
-sslarch="linux-mips32 -mips32r2"
-%endif
-%ifarch mips64 mips64el
-sslarch="linux64-mips64 -mips64r2"
-%endif
-%ifarch mips64el
-sslflags=enable-ec_nistp_64_gcc_128
-%endif
-%ifarch riscv64
-sslarch=linux-generic64
-%endif
-
-# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
-# marked as not requiring an executable stack.
-# Also add -DPURIFY to make using valgrind with openssl easier as we do not
-# want to depend on the uninitialized memory as a source of entropy anyway.
-# for openssl-freefilesync
-RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY $RPM_LD_FLAGS"
-
-export HASHBANGPERL=/usr/bin/perl
-
-# ia64, x86_64, ppc are OK by default
-# Configure the build tree. Override OpenSSL defaults with known-good defaults
-# usable on all platforms. The Configure script already knows to use -fPIC and
-# RPM_OPT_FLAGS, so we can skip specifiying them here.
-./Configure \
- --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
- --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
- zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
- enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
- enable-weak-ssl-ciphers \
- no-mdc2 no-ec2m no-sm2 no-sm4 \
- shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'
-
-# Do not run this in a production package the FIPS symbols must be patched-in
-#util/mkdef.pl crypto update
-
-make all
-
-# Overwrite FIPS README
-cp -f %{SOURCE11} .
-
-# Clean up the .pc files
-for i in libcrypto.pc libssl.pc openssl.pc ; do
- sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i
-done
-
-%check
-# Verify that what was compiled actually works.
-
-# Hack - either enable SCTP AUTH chunks in kernel or disable sctp for check
-(sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \
-(echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' &&
- sed '/"zlib-dynamic" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \
- touch -r configdata.pm configdata.pm.new && \
- mv -f configdata.pm.new configdata.pm)
-
-# We must revert patch31 before tests otherwise they will fail
-patch -p1 -R < %{PATCH31}
-
-LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
-export LD_LIBRARY_PATH
-crypto/fips/fips_standalone_hmac libcrypto.so.%{soversion} >.libcrypto.so.%{soversion}.hmac
-ln -s .libcrypto.so.%{soversion}.hmac .libcrypto.so.hmac
-crypto/fips/fips_standalone_hmac libssl.so.%{soversion} >.libssl.so.%{soversion}.hmac
-ln -s .libssl.so.%{soversion}.hmac .libssl.so.hmac
-OPENSSL_ENABLE_MD5_VERIFY=
-export OPENSSL_ENABLE_MD5_VERIFY
-OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
-export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
-make test
-
-# Add generation of HMAC checksum of the final stripped library
-%define __spec_install_post \
- %{?__debug_package:%{__debug_install_post}} \
- %{__arch_install_post} \
- %{__os_install_post} \
- crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \
- ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \
- crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \
- ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \
-%{nil}
-
-%define __provides_exclude_from %{_libdir}/openssl
-
-%install
-[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
-# Install OpenSSL.
-install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl,%{_pkgdocdir}}
-make DESTDIR=$RPM_BUILD_ROOT install
-rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
-for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
- chmod 755 ${lib}
- ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
- ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
-done
-
-# Install a makefile for generating keys and self-signed certs, and a script
-# for generating them on the fly.
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
-install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate
-install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_bindir}/make-dummy-cert
-install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/renew-dummy-cert
-
-# Move runable perl scripts to bindir
-mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/*.pl $RPM_BUILD_ROOT%{_bindir}
-mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir}
-
-# Rename man pages so that they don't conflict with other system man pages.
-pushd $RPM_BUILD_ROOT%{_mandir}
-ln -s -f config.5 man5/openssl.cnf.5
-for manpage in man*/* ; do
- if [ -L ${manpage} ]; then
- TARGET=`ls -l ${manpage} | awk '{ print $NF }'`
- ln -snf ${TARGET}ssl ${manpage}ssl
- rm -f ${manpage}
- else
- mv ${manpage} ${manpage}ssl
- fi
-done
-for conflict in passwd rand ; do
- rename ${conflict} ssl${conflict} man*/${conflict}*
-# Fix dangling symlinks
- manpage=man1/openssl-${conflict}.*
- if [ -L ${manpage} ] ; then
- ln -snf ssl${conflict}.1ssl ${manpage}
- fi
-done
-popd
-
-mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA
-mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private
-mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/certs
-mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/crl
-mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts
-
-# Ensure the config file timestamps are identical across builds to avoid
-# mulitlib conflicts and unnecessary renames on upgrade
-# for openssl-freefilesync
-touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf%{version}
-touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf%{version}
-
-rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf{,.dist}
-rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf{,.dist}
-
-# Determine which arch opensslconf.h is going to try to #include.
-basearch=%{_arch}
-%ifarch %{ix86}
-basearch=i386
-%endif
-%ifarch sparcv9
-basearch=sparc
-%endif
-%ifarch sparc64
-basearch=sparc64
-%endif
-
-# Next step of gradual disablement of SSL3.
-# Make SSL3 disappear to newly built dependencies.
-sed -i '/^\#ifndef OPENSSL_NO_SSL_TRACE/i\
-#ifndef OPENSSL_NO_SSL3\
-# define OPENSSL_NO_SSL3\
-#endif' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h
-
-%ifarch %{multilib_arches}
-# Do an opensslconf.h switcheroo to avoid file conflicts on systems where you
-# can have both a 32- and 64-bit version of the library, and they each need
-# their own correct-but-different versions of opensslconf.h to be usable.
-install -m644 %{SOURCE10} \
- $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h
-cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h >> \
- $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h
-install -m644 %{SOURCE9} \
- $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h
-%endif
-LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
-export LD_LIBRARY_PATH
-
-# for openssl-freefilesync
-pushd ${RPM_BUILD_ROOT}%{_mandir}
-for word in $( find . ! -type d -print ) ;
-do
- mv "${word}" "${word}-111c"
-done
-popd
-mv ${RPM_BUILD_ROOT}%{_bindir}/openssl{,-111c}
-
-%files
-%{!?_licensedir:%global license %%doc}
-%license LICENSE
-%doc FAQ NEWS README README.FIPS
-%{_bindir}/make-dummy-cert
-%{_bindir}/renew-dummy-cert
-# for openssl-freefilesync
-%{_bindir}/openssl-111c
-%{_mandir}/man1*/*
-%{_mandir}/man5*/*
-%{_mandir}/man7*/*
-%{_pkgdocdir}/Makefile.certificate
-%exclude %{_mandir}/man1*/*.pl*
-%exclude %{_mandir}/man1*/c_rehash*
-%exclude %{_mandir}/man1*/tsget*
-%exclude %{_mandir}/man1*/openssl-tsget*
-
-%files libs
-%{!?_licensedir:%global license %%doc}
-%license LICENSE
-%dir %{_sysconfdir}/pki/tls
-%dir %{_sysconfdir}/pki/tls/certs
-%dir %{_sysconfdir}/pki/tls/misc
-%dir %{_sysconfdir}/pki/tls/private
-# for openssl-freefilesync
-%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf%{version}
-%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf%{version}
-%attr(0755,root,root) %{_libdir}/libcrypto.so.%{version}
-%attr(0755,root,root) %{_libdir}/libcrypto.so.%{soversion}
-%attr(0755,root,root) %{_libdir}/libssl.so.%{version}
-%attr(0755,root,root) %{_libdir}/libssl.so.%{soversion}
-%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac
-%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac
-%attr(0755,root,root) %{_libdir}/engines-%{soversion}
-
-%files devel
-%doc CHANGES doc/dir-locals.example.el doc/openssl-c-indent.el
-%{_prefix}/include/openssl
-%{_libdir}/*.so
-%{_mandir}/man3*/*
-%{_libdir}/pkgconfig/*.pc
-
-%files static
-%{_libdir}/*.a
-
-%files perl
-%{_bindir}/c_rehash
-%{_bindir}/*.pl
-%{_bindir}/tsget
-%{_mandir}/man1*/*.pl*
-%{_mandir}/man1*/c_rehash*
-%{_mandir}/man1*/tsget*
-%{_mandir}/man1*/openssl-tsget*
-%dir %{_sysconfdir}/pki/CA
-%dir %{_sysconfdir}/pki/CA/private
-%dir %{_sysconfdir}/pki/CA/certs
-%dir %{_sysconfdir}/pki/CA/crl
-%dir %{_sysconfdir}/pki/CA/newcerts
-
-# for openssl-freefilesync
-%post libs -p /sbin/ldconfig
-
-%postun libs -p /sbin/ldconfig
-
-%changelog
-* Wed Sep 18 2019 B Stack <bgstack15@gmail.com> 1.1.1c-6.stack
-- rebuild for el7 for freefilesync
-
-* Fri Sep 6 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-6
-- upstream fix for status request extension non-compliance (#1737471)
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.1c-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Mon Jun 24 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-4
-- do not try to use EC groups disallowed in FIPS mode
- in TLS
-- fix Valgrind regression with constant-time code
-
-* Mon Jun 3 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-3
-- add upstream patch to defer sending KeyUpdate after
- pending writes are complete
-
-* Thu May 30 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-2
-- fix use of uninitialized memory
-
-* Wed May 29 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-1
-- update to the 1.1.1c release
-
-* Fri May 10 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-10
-- Another attempt at the AES-CCM regression fix
-
-* Fri May 10 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-9
-- Fix two small regressions
-- Change the ts application default hash to SHA256
-
-* Tue May 7 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-8
-- FIPS compliance fixes
-
-* Mon May 6 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-7
-- add S390x chacha20-poly1305 assembler support from master branch
-
-* Fri May 3 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-6
-- apply new bugfixes from upstream 1.1.1 branch
-
-* Tue Apr 16 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-5
-- fix for BIO_get_mem_ptr() regression in 1.1.1b (#1691853)
-
-* Wed Mar 27 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-4
-- drop unused BuildRequires and Requires in the -devel subpackage
-
-* Fri Mar 15 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-3
-- fix regression in EVP_PBE_scrypt() (#1688284)
-- fix incorrect help message in ca app (#1553206)
-
-* Fri Mar 1 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-2
-- use .include = syntax in the config file to allow it
- to be parsed by 1.0.2 version (#1668916)
-
-* Thu Feb 28 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-1
-- update to the 1.1.1b release
-- EVP_KDF API backport from master
-- SSH KDF implementation for EVP_KDF API backport from master
-
-* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.1a-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Tue Jan 15 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1a-1
-- update to the 1.1.1a release
-
-* Fri Nov 9 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-7
-- use /dev/urandom for seeding the RNG in FIPS POST
-
-* Fri Oct 12 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-6
-- fix SECLEVEL 3 support
-- fix some issues found in Coverity scan
-
-* Thu Sep 27 2018 Charalampos Stratakis <cstratak@redhat.com> - 1:1.1.1-5
-- Correctly invoke sed for defining OPENSSL_NO_SSL3
-
-* Thu Sep 27 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-4
-- define OPENSSL_NO_SSL3 so the newly built dependencies do not
- have access to SSL3 API calls anymore
-
-* Mon Sep 17 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-3
-- reinstate accidentally dropped patch for weak ciphersuites
-
-* Fri Sep 14 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-2
-- for consistent support of security policies we build
- RC4 support in TLS (not default) and allow SHA1 in SECLEVEL 2
-
-* Thu Sep 13 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-1
-- update to the final 1.1.1 version
-
-* Thu Sep 6 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre9.3
-- do not try to initialize RNG in cleanup if it was not initialized
- before (#1624554)
-- use only /dev/urandom if getrandom() is not available
-- disable SM4
-
-* Wed Aug 29 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre9.2
-- fix dangling symlinks to manual pages
-- make SSLv3_method work
-
-* Wed Aug 22 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre9.1
-- update to the latest 1.1.1 beta version
-
-* Mon Aug 13 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre8.4
-- bidirectional shutdown fixes from upstream
-
-* Mon Aug 13 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre8.3
-- do not put error on stack when using fixed protocol version
- with the default config (#1615098)
-
-* Fri Jul 27 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre8.2
-- load crypto policy config file from the default config
-
-* Wed Jul 25 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre8
-- update to the latest 1.1.1 beta version
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.0h-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Tue Jun 19 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.0h-5
-- fix FIPS RSA key generation failure
-
-* Mon Jun 4 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.0h-4
-- ppc64le is not multilib arch (#1584994)
-
-* Tue Apr 3 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.0h-3
-- fix regression of c_rehash (#1562953)
-
-* Thu Mar 29 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.0h-2
-- fix FIPS symbol versions
-
-* Thu Mar 29 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.0h-1
-- update to upstream version 1.1.0h
-- add Recommends for openssl-pkcs11
-
-* Fri Feb 23 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.0g-6
-- one more try to apply RPM_LD_FLAGS properly (#1541033)
-- dropped unneeded starttls xmpp patch (#1417017)
-
-* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.0g-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Thu Feb 1 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.0g-4
-- apply RPM_LD_FLAGS properly (#1541033)
-
-* Thu Jan 11 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.0g-3
-- silence the .rnd write failure as that is auxiliary functionality (#1524833)
-
-* Thu Dec 14 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0g-2
-- put the Makefile.certificate in pkgdocdir and drop the requirement on make
-
-* Fri Nov 3 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0g-1
-- update to upstream version 1.1.0g
-
-* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.0f-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
-
-* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.0f-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Mon Jul 17 2017 Tomáš Mráz <tmraz@redhat.com> 1:1.1.0f-7
-- make s_client and s_server work with -ssl3 option (#1471783)
-
-* Thu Jul 13 2017 Petr Pisar <ppisar@redhat.com> - 1:1.1.0f-6
-- perl dependency renamed to perl-interpreter
- <https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules>
-
-* Mon Jun 26 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0f-5
-- disable verification of all insecure hashes
-
-* Fri Jun 23 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0f-4
-- make DTLS work (#1462541)
-
-* Thu Jun 15 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0f-3
-- enable 3DES SSL ciphersuites, RC4 is kept disabled (#1453066)
-
-* Mon Jun 5 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0f-2
-- only release thread-local key if we created it (from upstream) (#1458775)
-
-* Fri Jun 2 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0f-1
-- update to upstream version 1.1.0f
-- SRP and GOST is now allowed, note that GOST support requires
- adding GOST engine which is not part of openssl anymore
-
-* Thu Feb 16 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0e-1
-- update to upstream version 1.1.0e
-- add documentation of the PROFILE=SYSTEM special cipher string (#1420232)
-
-* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.0d-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Wed Feb 1 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0d-2
-- applied upstream fixes (fix regression in X509_CRL_digest)
-
-* Thu Jan 26 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0d-1
-- update to upstream version 1.1.0d
-
-* Thu Dec 22 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0c-5
-- preserve new line in fd BIO BIO_gets() as other BIOs do
-
-* Fri Dec 2 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0c-4
-- FIPS mode fixes for TLS
-
-* Wed Nov 30 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0c-3
-- revert SSL_read() behavior change - patch from upstream (#1394677)
-- fix behavior on client certificate request in renegotiation (#1393579)
-
-* Tue Nov 22 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0c-2
-- EC curve NIST P-224 is now allowed, still kept disabled in TLS due
- to less than optimal security
-
-* Fri Nov 11 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0c-1
-- update to upstream version 1.1.0c
-
-* Fri Nov 4 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0b-4
-- use a random seed if the supplied one did not generate valid
- parameters in dsa_builtin_paramgen2()
-
-* Wed Oct 12 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0b-3
-- do not break contract on return value when using dsa_builtin_paramgen2()
-
-* Wed Oct 12 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0b-2
-- fix afalg failure on big endian
-
-* Tue Oct 11 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0b-1
-- update to upstream version 1.1.0b
-
-* Fri Oct 07 2016 Richard W.M. Jones <rjones@redhat.com> - 1:1.0.2j-2
-- Add flags for riscv64.
-
-* Mon Sep 26 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2j-1
-- minor upstream release 1.0.2j fixing regression from previous release
-
-* Sat Sep 24 2016 David Woodhouse <dwmw2@infradead.org> 1.0.2i-2
-- Fix enginesdir in libcrypto.c (#1375361)
-
-* Thu Sep 22 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2i-1
-- minor upstream release 1.0.2i fixing security issues
-- move man pages for perl based scripts to perl subpackage (#1377617)
-
-* Wed Aug 10 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2h-3
-- fix regression in Cisco AnyConnect VPN support (#1354588)
-
-* Mon Jun 27 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2h-2
-- require libcrypto in libssl.pc (#1301301)
-
-* Tue May 3 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2h-1
-- minor upstream release 1.0.2h fixing security issues
-
-* Tue Mar 29 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2g-4
-- disable SSLv2 support altogether (without ABI break)
-
-* Mon Mar 7 2016 Tom Callaway <spot@fedoraproject.org> - 1.0.2g-3
-- enable RC5
-
-* Wed Mar 2 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2g-2
-- reenable SSL2 in the build to avoid ABI break (it does not
- make the openssl vulnerable to DROWN attack)
-
-* Tue Mar 1 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2g-1
-- minor upstream release 1.0.2g fixing security issues
-
-* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.0.2f-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Thu Jan 28 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2f-1
-- minor upstream release 1.0.2f fixing security issues
-- add support for MIPS secondary architecture
-
-* Fri Jan 15 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2e-5
-- document some options of openssl speed command
-
-* Fri Dec 18 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.2e-4
-- enable sctp support in DTLS
-
-* Tue Dec 8 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.2e-3
-- remove unimplemented EC method from header (#1289599)
-
-* Mon Dec 7 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.2e-2
-- the fast nistp implementation works only on little endian architectures
-
-* Fri Dec 4 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.2e-1
-- minor upstream release 1.0.2e fixing moderate severity security issues
-- enable fast assembler implementation for NIST P-256 and P-521
- elliptic curves (#1164210)
-- filter out unwanted link options from the .pc files (#1257836)
-- do not set serial to 0 in Makefile.certificate (#1135719)
-
-* Mon Nov 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.2d-3
-- fix sigill on some AMD CPUs (#1278194)
-
-* Wed Aug 12 2015 Tom Callaway <spot@fedoraproject.org> 1.0.2d-2
-- re-enable secp256k1 (bz1021898)
-
-* Thu Jul 9 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.2d-1
-- minor upstream release 1.0.2d fixing a high severity security issue
-
-* Tue Jul 7 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.2c-3
-- fix the aarch64 build
-
-* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.0.2c-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Mon Jun 15 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.2c-1
-- minor upstream release 1.0.2c fixing multiple security issues
-
-* Thu May 7 2015 Peter Robinson <pbrobinson@fedoraproject.org> 1.0.2a-4
-- Add aarch64 sslarch details
-
-* Thu May 7 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.2a-3
-- fix some 64 bit build targets
-
-* Tue Apr 28 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.2a-2
-- add alternative certificate chain discovery support from upstream
-
-* Thu Apr 23 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.2a-1
-- rebase to 1.0.2 branch
-
-* Thu Apr 9 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-7
-- drop the AES-GCM restriction of 2^32 operations because the IV is
- always 96 bits (32 bit fixed field + 64 bit invocation field)
-
-* Thu Mar 19 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-6
-- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()
-- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison
-- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption
-- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data
-- fix CVE-2015-0293 - triggerable assert in SSLv2 server
-
-* Mon Mar 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-5
-- fix bug in the CRYPTO_128_unwrap()
-
-* Fri Feb 27 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-4
-- fix bug in the RFC 5649 support (#1185878)
-
-* Sat Feb 21 2015 Till Maas <opensource@till.name> - 1:1.0.1k-3
-- Rebuilt for Fedora 23 Change
- https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
-
-* Thu Jan 15 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-2
-- test in the non-FIPS RSA keygen for minimal distance of p and q
- similarly to the FIPS RSA keygen
-
-* Fri Jan 9 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-1
-- new upstream release fixing multiple security issues
-
-* Thu Nov 20 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1j-3
-- disable SSLv3 by default again (mail servers and possibly
- LDAP servers should probably allow it explicitly for legacy
- clients)
-
-* Tue Oct 21 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1j-2
-- update the FIPS RSA keygen to be FIPS 186-4 compliant
-
-* Thu Oct 16 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1j-1
-- new upstream release fixing multiple security issues
-
-* Fri Oct 10 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1i-5
-- copy negotiated digests when switching certs by SNI (#1150032)
-
-* Mon Sep 8 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1i-4
-- add support for RFC 5649
-
-* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.0.1i-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
-
-* Wed Aug 13 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1i-2
-- drop RSA X9.31 from RSA FIPS selftests
-- add Power 8 optimalizations
-
-* Thu Aug 7 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1i-1
-- new upstream release fixing multiple moderate security issues
-- for now disable only SSLv2 by default
-
-* Fri Jul 18 2014 Tom Callaway <spot@fedoraproject.org> 1.0.1h-6
-- fix license handling
-
-* Mon Jun 30 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1h-5
-- disable SSLv2 and SSLv3 protocols by default (can be enabled
- via appropriate SSL_CTX_clear_options() call)
-
-* Wed Jun 11 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1h-4
-- use system profile for default cipher list
-
-* Tue Jun 10 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1h-3
-- make FIPS mode keygen bit length restriction enforced only when
- OPENSSL_ENFORCE_MODULUS_BITS is set
-- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support
-
-* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.0.1h-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Thu Jun 5 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1h-1
-- new upstream release 1.0.1h
-
-* Sat May 31 2014 Peter Robinson <pbrobinson@fedoraproject.org> 1.0.1g-2
-- Drop obsolete and irrelevant docs
-- Move devel docs to appropriate package
-
-* Wed May 7 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1g-1
-- new upstream release 1.0.1g
-- do not include ECC ciphersuites in SSLv2 client hello (#1090952)
-- fail on hmac integrity check if the .hmac file is empty
-
-* Mon Apr 07 2014 Dennis Gilmore <dennis@ausil.us> - 1.0.1e-44
-- pull in upstream patch for CVE-2014-0160
-- removed CHANGES file portion from patch for expediency
-
-* Thu Apr 3 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-43
-- add support for ppc64le architecture (#1072633)
-
-* Mon Mar 17 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42
-- properly detect encryption failure in BIO
-- use 2048 bit RSA key in FIPS selftests
-
-* Fri Feb 14 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-41
-- use the key length from configuration file if req -newkey rsa is invoked
-
-* Thu Feb 13 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-40
-- print ephemeral key size negotiated in TLS handshake (#1057715)
-- add DH_compute_key_padded needed for FIPS CAVS testing
-
-* Thu Feb 6 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-39
-- make expiration and key length changeable by DAYS and KEYLEN
- variables in the certificate Makefile (#1058108)
-- change default hash to sha256 (#1062325)
-
-* Wed Jan 22 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-38
-- make 3des strength to be 128 bits instead of 168 (#1056616)
-
-* Tue Jan 7 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-37
-- fix CVE-2013-4353 - Invalid TLS handshake crash
-- fix CVE-2013-6450 - possible MiTM attack on DTLS1
-
-* Fri Dec 20 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-36
-- fix CVE-2013-6449 - crash when version in SSL structure is incorrect
-- more FIPS validation requirement changes
-
-* Wed Dec 18 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-35
-- drop weak ciphers from the default TLS ciphersuite list
-- add back some symbols that were dropped with update to 1.0.1 branch
-- more FIPS validation requirement changes
-
-* Tue Nov 19 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-34
-- fix locking and reseeding problems with FIPS drbg
-
-* Fri Nov 15 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-33
-- additional changes required for FIPS validation
-
-* Wed Nov 13 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-32
-- disable verification of certificate, CRL, and OCSP signatures
- using MD5 if OPENSSL_ENABLE_MD5_VERIFY environment variable
- is not set
-
-* Fri Nov 8 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-31
-- add back support for secp521r1 EC curve
-- add aarch64 to Configure (#969692)
-
-* Tue Oct 29 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-30
-- fix misdetection of RDRAND support on Cyrix CPUS (from upstream) (#1022346)
-
-* Thu Oct 24 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-29
-- do not advertise ECC curves we do not support (#1022493)
-
-* Wed Oct 16 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-28
-- only ECC NIST Suite B curves support
-- drop -fips subpackage
-
-* Mon Oct 14 2013 Tom Callaway <spot@fedoraproject.org> - 1.0.1e-27
-- resolve bugzilla 319901 (phew! only took 6 years & 9 days)
-
-* Fri Sep 27 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-26
-- make DTLS1 work in FIPS mode
-- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode
-
-* Mon Sep 23 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-25
-- avoid dlopening libssl.so from libcrypto (#1010357)
-
-* Fri Sep 20 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-24
-- fix small memory leak in FIPS aes selftest
-
-* Thu Sep 19 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-23
-- fix segfault in openssl speed hmac in the FIPS mode
-
-* Thu Sep 12 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-22
-- document the nextprotoneg option in manual pages
- original patch by Hubert Kario
-
-* Tue Sep 10 2013 Kyle McMartin <kyle@redhat.com> 1.0.1e-21
-- [arm] use elf auxv to figure out armcap.c instead of playing silly
- games with SIGILL handlers. (#1006474)
-
-* Wed Sep 4 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-20
-- try to avoid some races when updating the -fips subpackage
-
-* Mon Sep 2 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-19
-- use version-release in .hmac suffix to avoid overwrite
- during upgrade
-
-* Thu Aug 29 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-18
-- allow deinitialization of the FIPS mode
-
-* Thu Aug 29 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-17
-- always perform the FIPS selftests in library constructor
- if FIPS module is installed
-
-* Tue Aug 27 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-16
-- add -fips subpackage that contains the FIPS module files
-
-* Fri Aug 16 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-15
-- fix use of rdrand if available
-- more commits cherry picked from upstream
-- documentation fixes
-
-* Sat Aug 03 2013 Petr Pisar <ppisar@redhat.com> - 1:1.0.1e-14
-- Perl 5.18 rebuild
-
-* Fri Jul 26 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-13
-- additional manual page fix
-- use symbol versioning also for the textual version
-
-* Thu Jul 25 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-12
-- additional manual page fixes
-
-* Fri Jul 19 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-11
-- use _prefix macro
-
-* Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 1:1.0.1e-10
-- Perl 5.18 rebuild
-
-* Thu Jul 11 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-9
-- add openssl.cnf.5 manpage symlink to config.5
-
-* Wed Jul 10 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-8
-- add relro linking flag
-
-* Wed Jul 10 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-7
-- add support for the -trusted_first option for certificate chain verification
-
-* Fri May 3 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-6
-- fix build of manual pages with current pod2man (#959439)
-
-* Sun Apr 21 2013 Peter Robinson <pbrobinson@fedoraproject.org> 1.0.1e-5
-- Enable ARM optimised build
-
-* Mon Mar 18 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-4
-- fix random bad record mac errors (#918981)
-
-* Tue Feb 19 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-3
-- fix up the SHLIB_VERSION_NUMBER
-
-* Tue Feb 19 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-2
-- disable ZLIB loading by default (due to CRIME attack)
-
-* Tue Feb 19 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-1
-- new upstream version
-
-* Wed Jan 30 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1c-12
-- more fixes from upstream
-- fix errors in manual causing build failure (#904777)
-
-* Fri Dec 21 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-11
-- add script for renewal of a self-signed cert by Philip Prindeville (#871566)
-- allow X509_issuer_and_serial_hash() produce correct result in
- the FIPS mode (#881336)
-
-* Thu Dec 6 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-10
-- do not load default verify paths if CApath or CAfile specified (#884305)
-
-* Tue Nov 20 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-9
-- more fixes from upstream CVS
-- fix DSA key pairwise check (#878597)
-
-* Thu Nov 15 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-8
-- use 1024 bit DH parameters in s_server as 512 bit is not allowed
- in FIPS mode and it is quite weak anyway
-
-* Mon Sep 10 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-7
-- add missing initialization of str in aes_ccm_init_key (#853963)
-- add important patches from upstream CVS
-- use the secure_getenv() with new glibc
-
-* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.0.1c-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
-
-* Fri Jul 13 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-5
-- use __getenv_secure() instead of __libc_enable_secure
-
-* Fri Jul 13 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-4
-- do not move libcrypto to /lib
-- do not use environment variables if __libc_enable_secure is on
-- fix strict aliasing problems in modes
-
-* Thu Jul 12 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-3
-- fix DSA key generation in FIPS mode (#833866)
-- allow duplicate FIPS_mode_set(1)
-- enable build on ppc64 subarch (#834652)
-
-* Wed Jul 11 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-2
-- fix s_server with new glibc when no global IPv6 address (#839031)
-- make it build with new Perl
-
-* Tue May 15 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-1
-- new upstream version
-
-* Thu Apr 26 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1b-1
-- new upstream version
-
-* Fri Apr 20 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1a-1
-- new upstream version fixing CVE-2012-2110
-
-* Wed Apr 11 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-3
-- add Kerberos 5 libraries to pkgconfig for static linking (#807050)
-
-* Thu Apr 5 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-2
-- backports from upstream CVS
-- fix segfault when /dev/urandom is not available (#809586)
-
-* Wed Mar 14 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-1
-- new upstream release
-
-* Mon Mar 5 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-0.3.beta3
-- add obsoletes to assist multilib updates (#799636)
-
-* Wed Feb 29 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-0.2.beta3
-- epoch bumped to 1 due to revert to 1.0.0g on Fedora 17
-- new upstream release from the 1.0.1 branch
-- fix s390x build (#798411)
-- versioning for the SSLeay symbol (#794950)
-- add -DPURIFY to build flags (#797323)
-- filter engine provides
-- split the libraries to a separate -libs package
-- add make to requires on the base package (#783446)
-
-* Tue Feb 7 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-0.1.beta2
-- new upstream release from the 1.0.1 branch, ABI compatible
-- add documentation for the -no_ign_eof option
-
-* Thu Jan 19 2012 Tomas Mraz <tmraz@redhat.com> 1.0.0g-1
-- new upstream release fixing CVE-2012-0050 - DoS regression in
- DTLS support introduced by the previous release (#782795)
-
-* Thu Jan 5 2012 Tomas Mraz <tmraz@redhat.com> 1.0.0f-1
-- new upstream release fixing multiple CVEs
-
-* Tue Nov 22 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0e-4
-- move the libraries needed for static linking to Libs.private
-
-* Thu Nov 3 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0e-3
-- do not use AVX instructions when osxsave bit not set
-- add direct known answer tests for SHA2 algorithms
-
-* Wed Sep 21 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0e-2
-- fix missing initialization of variable in CHIL engine
-
-* Wed Sep 7 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0e-1
-- new upstream release fixing CVE-2011-3207 (#736088)
-
-* Wed Aug 24 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-8
-- drop the separate engine for Intel acceleration improvements
- and merge in the AES-NI, SHA1, and RC4 optimizations
-- add support for OPENSSL_DISABLE_AES_NI environment variable
- that disables the AES-NI support
-
-* Tue Jul 26 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-7
-- correct openssl cms help output (#636266)
-- more tolerant starttls detection in XMPP protocol (#608239)
-
-* Wed Jul 20 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-6
-- add support for newest Intel acceleration improvements backported
- from upstream by Intel in form of a separate engine
-
-* Thu Jun 9 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-5
-- allow the AES-NI engine in the FIPS mode
-
-* Tue May 24 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-4
-- add API necessary for CAVS testing of the new DSA parameter generation
-
-* Thu Apr 28 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-3
-- add support for VIA Padlock on 64bit arch from upstream (#617539)
-- do not return bogus values from load_certs (#652286)
-
-* Tue Apr 5 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-2
-- clarify apps help texts for available digest algorithms (#693858)
-
-* Thu Feb 10 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-1
-- new upstream release fixing CVE-2011-0014 (OCSP stapling vulnerability)
-
-* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0c-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
-
-* Fri Feb 4 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0c-3
-- add -x931 parameter to openssl genrsa command to use the ANSI X9.31
- key generation method
-- use FIPS-186-3 method for DSA parameter generation
-- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable
- to allow using MD5 when the system is in the maintenance state
- even if the /proc fips flag is on
-- make openssl pkcs12 command work by default in the FIPS mode
-
-* Mon Jan 24 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0c-2
-- listen on ipv6 wildcard in s_server so we accept connections
- from both ipv4 and ipv6 (#601612)
-- fix openssl speed command so it can be used in the FIPS mode
- with FIPS allowed ciphers
-
-* Fri Dec 3 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0c-1
-- new upstream version fixing CVE-2010-4180
-
-* Tue Nov 23 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0b-3
-- replace the revert for the s390x bignum asm routines with
- fix from upstream
-
-* Mon Nov 22 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0b-2
-- revert upstream change in s390x bignum asm routines
-
-* Tue Nov 16 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0b-1
-- new upstream version fixing CVE-2010-3864 (#649304)
-
-* Tue Sep 7 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0a-3
-- make SHLIB_VERSION reflect the library suffix
-
-* Wed Jun 30 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0a-2
-- openssl man page fix (#609484)
-
-* Fri Jun 4 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0a-1
-- new upstream patch release, fixes CVE-2010-0742 (#598738)
- and CVE-2010-1633 (#598732)
-
-* Wed May 19 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-5
-- pkgconfig files now contain the correct libdir (#593723)
-
-* Tue May 18 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-4
-- make CA dir readable - the private keys are in private subdir (#584810)
-
-* Fri Apr 9 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-3
-- a few fixes from upstream CVS
-- move libcrypto to /lib (#559953)
-
-* Tue Apr 6 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-2
-- set UTC timezone on pod2man run (#578842)
-- make X509_NAME_hash_old work in FIPS mode
-
-* Tue Mar 30 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-1
-- update to final 1.0.0 upstream release
-
-* Tue Feb 16 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.22.beta5
-- make TLS work in the FIPS mode
-
-* Fri Feb 12 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.21.beta5
-- gracefully handle zero length in assembler implementations of
- OPENSSL_cleanse (#564029)
-- do not fail in s_server if client hostname not resolvable (#561260)
-
-* Wed Jan 20 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.20.beta5
-- new upstream release
-
-* Thu Jan 14 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.19.beta4
-- fix CVE-2009-4355 - leak in applications incorrectly calling
- CRYPTO_free_all_ex_data() before application exit (#546707)
-- upstream fix for future TLS protocol version handling
-
-* Wed Jan 13 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.18.beta4
-- add support for Intel AES-NI
-
-* Thu Jan 7 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.17.beta4
-- upstream fix compression handling on session resumption
-- various null checks and other small fixes from upstream
-- upstream changes for the renegotiation info according to the latest draft
-
-* Mon Nov 23 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.16.beta4
-- fix non-fips mingw build (patch by Kalev Lember)
-- add IPV6 fix for DTLS
-
-* Fri Nov 20 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.15.beta4
-- add better error reporting for the unsafe renegotiation
-
-* Fri Nov 20 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.14.beta4
-- fix build on s390x
-
-* Wed Nov 18 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.13.beta4
-- disable enforcement of the renegotiation extension on the client (#537962)
-- add fixes from the current upstream snapshot
-
-* Fri Nov 13 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.12.beta4
-- keep the beta status in version number at 3 so we do not have to rebuild
- openssh and possibly other dependencies with too strict version check
-
-* Thu Nov 12 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.11.beta4
-- update to new upstream version, no soname bump needed
-- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used
- so the compatibility with unfixed clients is not broken. The
- protocol extension is also not final.
-
-* Fri Oct 16 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.10.beta3
-- fix use of freed memory if SSL_CTX_free() is called before
- SSL_free() (#521342)
-
-* Thu Oct 8 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.9.beta3
-- fix typo in DTLS1 code (#527015)
-- fix leak in error handling of d2i_SSL_SESSION()
-
-* Wed Sep 30 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.8.beta3
-- fix RSA and DSA FIPS selftests
-- reenable fixed x86_64 camellia assembler code (#521127)
-
-* Fri Sep 4 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.7.beta3
-- temporarily disable x86_64 camellia assembler code (#521127)
-
-* Mon Aug 31 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.6.beta3
-- fix openssl dgst -dss1 (#520152)
-
-* Wed Aug 26 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.5.beta3
-- drop the compat symlink hacks
-
-* Sat Aug 22 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.4.beta3
-- constify SSL_CIPHER_description()
-
-* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.3.beta3
-- fix WWW:Curl:Easy reference in tsget
-
-* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.2.beta3
-- enable MD-2
-
-* Thu Aug 20 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.1.beta3
-- update to new major upstream release
-
-* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.8k-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
-
-* Wed Jul 22 2009 Bill Nottingham <notting@redhat.com>
-- do not build special 'optimized' versions for i686, as that's the base
- arch in Fedora now
-
-* Tue Jun 30 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8k-6
-- abort if selftests failed and random number generator is polled
-- mention EVP_aes and EVP_sha2xx routines in the manpages
-- add README.FIPS
-- make CA dir absolute path (#445344)
-- change default length for RSA key generation to 2048 (#484101)
-
-* Thu May 21 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8k-5
-- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379
- (DTLS DoS problems) (#501253, #501254, #501572)
-
-* Tue Apr 21 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8k-4
-- support compatibility DTLS mode for CISCO AnyConnect (#464629)
-
-* Fri Apr 17 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8k-3
-- correct the SHLIB_VERSION define
-
-* Wed Apr 15 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8k-2
-- add support for multiple CRLs with same subject
-- load only dynamic engine support in FIPS mode
-
-* Wed Mar 25 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8k-1
-- update to new upstream release (minor bug fixes, security
- fixes and machine code optimizations only)
-
-* Thu Mar 19 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-10
-- move libraries to /usr/lib (#239375)
-
-* Fri Mar 13 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-9
-- add a static subpackage
-
-* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.8j-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
-
-* Mon Feb 2 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-7
-- must also verify checksum of libssl.so in the FIPS mode
-- obtain the seed for FIPS rng directly from the kernel device
-- drop the temporary symlinks
-
-* Mon Jan 26 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-6
-- drop the temporary triggerpostun and symlinking in post
-- fix the pkgconfig files and drop the unnecessary buildrequires
- on pkgconfig as it is a rpmbuild dependency (#481419)
-
-* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-5
-- add temporary triggerpostun to reinstate the symlinks
-
-* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-4
-- no pairwise key tests in non-fips mode (#479817)
-
-* Fri Jan 16 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-3
-- even more robust test for the temporary symlinks
-
-* Fri Jan 16 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-2
-- try to ensure the temporary symlinks exist
-
-* Thu Jan 15 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-1
-- new upstream version with necessary soname bump (#455753)
-- temporarily provide symlink to old soname to make it possible to rebuild
- the dependent packages in rawhide
-- add eap-fast support (#428181)
-- add possibility to disable zlib by setting
-- add fips mode support for testing purposes
-- do not null dereference on some invalid smime files
-- add buildrequires pkgconfig (#479493)
-
-* Sun Aug 10 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8g-11
-- do not add tls extensions to server hello for SSLv3 either
-
-* Mon Jun 2 2008 Joe Orton <jorton@redhat.com> 0.9.8g-10
-- move root CA bundle to ca-certificates package
-
-* Wed May 28 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8g-9
-- fix CVE-2008-0891 - server name extension crash (#448492)
-- fix CVE-2008-1672 - server key exchange message omit crash (#448495)
-
-* Tue May 27 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8g-8
-- super-H arch support
-- drop workaround for bug 199604 as it should be fixed in gcc-4.3
-
-* Mon May 19 2008 Tom "spot" Callaway <tcallawa@redhat.com> 0.9.8g-7
-- sparc handling
-
-* Mon Mar 10 2008 Joe Orton <jorton@redhat.com> 0.9.8g-6
-- update to new root CA bundle from mozilla.org (r1.45)
-
-* Wed Feb 20 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.9.8g-5
-- Autorebuild for GCC 4.3
-
-* Thu Jan 24 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8g-4
-- merge review fixes (#226220)
-- adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846)
-
-* Thu Dec 13 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8g-3
-- set default paths when no explicit paths are set (#418771)
-- do not add tls extensions to client hello for SSLv3 (#422081)
-
-* Tue Dec 4 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8g-2
-- enable some new crypto algorithms and features
-- add some more important bug fixes from openssl CVS
-
-* Mon Dec 3 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8g-1
-- update to latest upstream release, SONAME bumped to 7
-
-* Mon Oct 15 2007 Joe Orton <jorton@redhat.com> 0.9.8b-17
-- update to new CA bundle from mozilla.org
-
-* Fri Oct 12 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8b-16
-- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)
-- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)
-- add alpha sub-archs (#296031)
-
-* Tue Aug 21 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8b-15
-- rebuild
-
-* Fri Aug 3 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8b-14
-- use localhost in testsuite, hopefully fixes slow build in koji
-- CVE-2007-3108 - fix side channel attack on private keys (#250577)
-- make ssl session cache id matching strict (#233599)
-
-* Wed Jul 25 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8b-13
-- allow building on ARM architectures (#245417)
-- use reference timestamps to prevent multilib conflicts (#218064)
-- -devel package must require pkgconfig (#241031)
-
-* Mon Dec 11 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-12
-- detect duplicates in add_dir properly (#206346)
-
-* Thu Nov 30 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-11
-- the previous change still didn't make X509_NAME_cmp transitive
-
-* Thu Nov 23 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-10
-- make X509_NAME_cmp transitive otherwise certificate lookup
- is broken (#216050)
-
-* Thu Nov 2 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-9
-- aliasing bug in engine loading, patch by IBM (#213216)
-
-* Mon Oct 2 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-8
-- CVE-2006-2940 fix was incorrect (#208744)
-
-* Mon Sep 25 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-7
-- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)
-- fix CVE-2006-2940 - parasitic public keys DoS (#207274)
-- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)
-- fix CVE-2006-4343 - sslv2 client DoS (#206940)
-
-* Tue Sep 5 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-6
-- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)
-
-* Wed Aug 2 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-5
-- set buffering to none on stdio/stdout FILE when bufsize is set (#200580)
- patch by IBM
-
-* Fri Jul 28 2006 Alexandre Oliva <aoliva@redhat.com> - 0.9.8b-4.1
-- rebuild with new binutils (#200330)
-
-* Fri Jul 21 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-4
-- add a temporary workaround for sha512 test failure on s390 (#199604)
-
-* Thu Jul 20 2006 Tomas Mraz <tmraz@redhat.com>
-- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737)
-- add patches for BN threadsafety, AES cache collision attack hazard fix and
- pkcs7 code memleak fix from upstream CVS
-
-* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.9.8b-3.1
-- rebuild
-
-* Wed Jun 21 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-3
-- dropped libica and ica engine from build
-
-* Wed Jun 21 2006 Joe Orton <jorton@redhat.com>
-- update to new CA bundle from mozilla.org; adds CA certificates
- from netlock.hu and startcom.org
-
-* Mon Jun 5 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-2
-- fixed a few rpmlint warnings
-- better fix for #173399 from upstream
-- upstream fix for pkcs12
-
-* Thu May 11 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-1
-- upgrade to new version, stays ABI compatible
-- there is no more linux/config.h (it was empty anyway)
-
-* Tue Apr 4 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8a-6
-- fix stale open handles in libica (#177155)
-- fix build if 'rand' or 'passwd' in buildroot path (#178782)
-- initialize VIA Padlock engine (#186857)
-
-* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.9.8a-5.2
-- bump again for double-long bug on ppc(64)
-
-* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.9.8a-5.1
-- rebuilt for new gcc4.1 snapshot and glibc changes
-
-* Thu Dec 15 2005 Tomas Mraz <tmraz@redhat.com> 0.9.8a-5
-- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
- in SSL_OP_ALL (#175779)
-
-* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
-- rebuilt
-
-* Tue Nov 29 2005 Tomas Mraz <tmraz@redhat.com> 0.9.8a-4
-- fix build (-lcrypto was erroneusly dropped) of the updated libica
-- updated ICA engine to 1.3.6-rc3
-
-* Tue Nov 22 2005 Tomas Mraz <tmraz@redhat.com> 0.9.8a-3
-- disable builtin compression methods for now until they work
- properly (#173399)
-
-* Wed Nov 16 2005 Tomas Mraz <tmraz@redhat.com> 0.9.8a-2
-- don't set -rpath for openssl binary
-
-* Tue Nov 8 2005 Tomas Mraz <tmraz@redhat.com> 0.9.8a-1
-- new upstream version
-- patches partially renumbered
-
-* Fri Oct 21 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-11
-- updated IBM ICA engine library and patch to latest upstream version
-
-* Wed Oct 12 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-10
-- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which
- disables the countermeasure against man in the middle attack in SSLv2
- (#169863)
-- use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803)
-
-* Tue Aug 23 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-9
-- add *.so.soversion as symlinks in /lib (#165264)
-- remove unpackaged symlinks (#159595)
-- fixes from upstream (constant time fixes for DSA,
- bn assembler div on ppc arch, initialize memory on realloc)
-
-* Thu Aug 11 2005 Phil Knirsch <pknirsch@redhat.com> 0.9.7f-8
-- Updated ICA engine IBM patch to latest upstream version.
-
-* Thu May 19 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-7
-- fix CAN-2005-0109 - use constant time/memory access mod_exp
- so bits of private key aren't leaked by cache eviction (#157631)
-- a few more fixes from upstream 0.9.7g
-
-* Wed Apr 27 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-6
-- use poll instead of select in rand (#128285)
-- fix Makefile.certificate to point to /etc/pki/tls
-- change the default string mask in ASN1 to PrintableString+UTF8String
-
-* Mon Apr 25 2005 Joe Orton <jorton@redhat.com> 0.9.7f-5
-- update to revision 1.37 of Mozilla CA bundle
-
-* Thu Apr 21 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-4
-- move certificates to _sysconfdir/pki/tls (#143392)
-- move CA directories to _sysconfdir/pki/CA
-- patch the CA script and the default config so it points to the
- CA directories
-
-* Fri Apr 1 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-3
-- uninitialized variable mustn't be used as input in inline
- assembly
-- reenable the x86_64 assembly again
-
-* Thu Mar 31 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-2
-- add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken
-- disable broken bignum assembly on x86_64
-
-* Wed Mar 30 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-1
-- reenable optimizations on ppc64 and assembly code on ia64
-- upgrade to new upstream version (no soname bump needed)
-- disable thread test - it was testing the backport of the
- RSA blinding - no longer needed
-- added support for changing serial number to
- Makefile.certificate (#151188)
-- make ca-bundle.crt a config file (#118903)
-
-* Tue Mar 1 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7e-3
-- libcrypto shouldn't depend on libkrb5 (#135961)
-
-* Mon Feb 28 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7e-2
-- rebuild
-
-* Mon Feb 28 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7e-1
-- new upstream source, updated patches
-- added patch so we are hopefully ABI compatible with upcoming
- 0.9.7f
-
-* Thu Feb 10 2005 Tomas Mraz <tmraz@redhat.com>
-- Support UTF-8 charset in the Makefile.certificate (#134944)
-- Added cmp to BuildPrereq
-
-* Thu Jan 27 2005 Joe Orton <jorton@redhat.com> 0.9.7a-46
-- generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32)
-
-* Thu Dec 23 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-45
-- Fixed and updated libica-1.3.4-urandom.patch patch (#122967)
-
-* Fri Nov 19 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-44
-- rebuild
-
-* Fri Nov 19 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-43
-- rebuild
-
-* Fri Nov 19 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-42
-- rebuild
-
-* Fri Nov 19 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-41
-- remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040)
-
-* Tue Oct 05 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-40
-- Include latest libica version with important bugfixes
-
-* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
-- rebuilt
-
-* Mon Jun 14 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-38
-- Updated ICA engine IBM patch to latest upstream version.
-
-* Mon Jun 7 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-37
-- build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik)
-
-* Tue May 25 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-36
-- handle %%{_arch}=i486/i586/i686/athlon cases in the intermediate
- header (#124303)
-
-* Thu Mar 25 2004 Joe Orton <jorton@redhat.com> 0.9.7a-35
-- add security fixes for CAN-2004-0079, CAN-2004-0112
-
-* Tue Mar 16 2004 Phil Knirsch <pknirsch@redhat.com>
-- Fixed libica filespec.
-
-* Thu Mar 11 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-34
-- ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix
- the intermediate header
-
-* Wed Mar 10 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-33
-- add an intermediate <openssl/opensslconf.h> which points to the right
- arch-specific opensslconf.h on multilib arches
-
-* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
-- rebuilt
-
-* Thu Feb 26 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-32
-- Updated libica to latest upstream version 1.3.5.
-
-* Tue Feb 17 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-31
-- Update ICA crypto engine patch from IBM to latest version.
-
-* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
-- rebuilt
-
-* Fri Feb 13 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-29
-- rebuilt
-
-* Wed Feb 11 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-28
-- Fixed libica build.
-
-* Wed Feb 4 2004 Nalin Dahyabhai <nalin@redhat.com>
-- add "-ldl" to link flags added for Linux-on-ARM (#99313)
-
-* Wed Feb 4 2004 Joe Orton <jorton@redhat.com> 0.9.7a-27
-- updated ca-bundle.crt: removed expired GeoTrust roots, added
- freessl.com root, removed trustcenter.de Class 0 root
-
-* Sun Nov 30 2003 Tim Waugh <twaugh@redhat.com> 0.9.7a-26
-- Fix link line for libssl (bug #111154).
-
-* Fri Oct 24 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-25
-- add dependency on zlib-devel for the -devel package, which depends on zlib
- symbols because we enable zlib for libssl (#102962)
-
-* Fri Oct 24 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-24
-- Use /dev/urandom instead of PRNG for libica.
-- Apply libica-1.3.5 fix for /dev/urandom in icalinux.c
-- Use latest ICA engine patch from IBM.
-
-* Sat Oct 4 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-22.1
-- rebuild
-
-* Wed Oct 1 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-22
-- rebuild (22 wasn't actually built, fun eh?)
-
-* Tue Sep 30 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-23
-- re-disable optimizations on ppc64
-
-* Tue Sep 30 2003 Joe Orton <jorton@redhat.com>
-- add a_mbstr.c fix for 64-bit platforms from CVS
-
-* Tue Sep 30 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-22
-- add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged
- as not needing executable stacks
-
-* Mon Sep 29 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-21
-- rebuild
-
-* Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com>
-- re-enable optimizations on ppc64
-
-* Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com>
-- remove exclusivearch
-
-* Wed Sep 24 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-20
-- only parse a client cert if one was requested
-- temporarily exclusivearch for %%{ix86}
-
-* Tue Sep 23 2003 Nalin Dahyabhai <nalin@redhat.com>
-- add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544)
- and heap corruption (CAN-2003-0545)
-- update RHNS-CA-CERT files
-- ease back on the number of threads used in the threading test
-
-* Wed Sep 17 2003 Matt Wilson <msw@redhat.com> 0.9.7a-19
-- rebuild to fix gzipped file md5sums (#91211)
-
-* Mon Aug 25 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-18
-- Updated libica to version 1.3.4.
-
-* Thu Jul 17 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-17
-- rebuild
-
-* Tue Jul 15 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-10.9
-- free the kssl_ctx structure when we free an SSL structure (#99066)
-
-* Fri Jul 11 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-16
-- rebuild
-
-* Thu Jul 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-15
-- lower thread test count on s390x
-
-* Tue Jul 8 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-14
-- rebuild
-
-* Thu Jun 26 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-13
-- disable assembly on arches where it seems to conflict with threading
-
-* Thu Jun 26 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-12
-- Updated libica to latest upstream version 1.3.0
-
-* Wed Jun 11 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-9.9
-- rebuild
-
-* Wed Jun 11 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-11
-- rebuild
-
-* Tue Jun 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-10
-- ubsec: don't stomp on output data which might also be input data
-
-* Tue Jun 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-9
-- temporarily disable optimizations on ppc64
-
-* Mon Jun 9 2003 Nalin Dahyabhai <nalin@redhat.com>
-- backport fix for engine-used-for-everything from 0.9.7b
-- backport fix for prng not being seeded causing problems, also from 0.9.7b
-- add a check at build-time to ensure that RSA is thread-safe
-- keep perlpath from stomping on the libica configure scripts
-
-* Fri Jun 6 2003 Nalin Dahyabhai <nalin@redhat.com>
-- thread-safety fix for RSA blinding
-
-* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com> 0.9.7a-8
-- rebuilt
-
-* Fri May 30 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-7
-- Added libica-1.2 to openssl (featurerequest).
-
-* Wed Apr 16 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-6
-- fix building with incorrect flags on ppc64
-
-* Wed Mar 19 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-5
-- add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's
- attack (CAN-2003-0131)
-
-* Mon Mar 17 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-4
-- add patch to enable RSA blinding by default, closing a timing attack
- (CAN-2003-0147)
-
-* Wed Mar 5 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-3
-- disable use of BN assembly module on x86_64, but continue to allow inline
- assembly (#83403)
-
-* Thu Feb 27 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-2
-- disable EC algorithms
-
-* Wed Feb 19 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-1
-- update to 0.9.7a
-
-* Wed Feb 19 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7-8
-- add fix to guard against attempts to allocate negative amounts of memory
-- add patch for CAN-2003-0078, fixing a timing attack
-
-* Thu Feb 13 2003 Elliot Lee <sopwith@redhat.com> 0.9.7-7
-- Add openssl-ppc64.patch
-
-* Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7-6
-- EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(),
- to get the right behavior when passed uninitialized context structures
- (#83766)
-- build with -mcpu=ev5 on alpha family (#83828)
-
-* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
-- rebuilt
-
-* Fri Jan 17 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7-4
-- Added IBM hw crypto support patch.
-
-* Wed Jan 15 2003 Nalin Dahyabhai <nalin@redhat.com>
-- add missing builddep on sed
-
-* Thu Jan 9 2003 Bill Nottingham <notting@redhat.com> 0.9.7-3
-- debloat
-- fix broken manpage symlinks
-
-* Wed Jan 8 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7-2
-- fix double-free in 'openssl ca'
-
-* Fri Jan 3 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7-1
-- update to 0.9.7 final
-
-* Tue Dec 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.7-0
-- update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)
-
-* Wed Dec 11 2002 Nalin Dahyabhai <nalin@redhat.com>
-- update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)
-
-* Tue Oct 22 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-30
-- add configuration stanza for x86_64 and use it on x86_64
-- build for linux-ppc on ppc
-- start running the self-tests again
-
-* Wed Oct 02 2002 Elliot Lee <sopwith@redhat.com> 0.9.6b-29hammer.3
-- Merge fixes from previous hammer packages, including general x86-64 and
- multilib
-
-* Tue Aug 6 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-29
-- rebuild
-
-* Thu Aug 1 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-28
-- update asn patch to fix accidental reversal of a logic check
-
-* Wed Jul 31 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-27
-- update asn patch to reduce chance that compiler optimization will remove
- one of the added tests
-
-* Wed Jul 31 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-26
-- rebuild
-
-* Mon Jul 29 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-25
-- add patch to fix ASN.1 vulnerabilities
-
-* Thu Jul 25 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-24
-- add backport of Ben Laurie's patches for OpenSSL 0.9.6d
-
-* Wed Jul 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-23
-- own {_datadir}/ssl/misc
-
-* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
-- automated rebuild
-
-* Sun May 26 2002 Tim Powers <timp@redhat.com>
-- automated rebuild
-
-* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-20
-- free ride through the build system (whee!)
-
-* Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-19
-- rebuild in new environment
-
-* Thu Apr 4 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-17, 0.9.6b-18
-- merge RHL-specific bits into stronghold package, rename
-
-* Tue Apr 02 2002 Gary Benson <gbenson@redhat.com> stronghold-0.9.6c-2
-- add support for Chrysalis Luna token
-
-* Tue Mar 26 2002 Gary Benson <gbenson@redhat.com>
-- disable AEP random number generation, other AEP fixes
-
-* Fri Mar 15 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-15
-- only build subpackages on primary arches
-
-* Thu Mar 14 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-13
-- on ia32, only disable use of assembler on i386
-- enable assembly on ia64
-
-* Mon Jan 7 2002 Florian La Roche <Florian.LaRoche@redhat.de> 0.9.6b-11
-- fix sparcv9 entry
-
-* Mon Jan 7 2002 Gary Benson <gbenson@redhat.com> stronghold-0.9.6c-1
-- upgrade to 0.9.6c
-- bump BuildArch to i686 and enable assembler on all platforms
-- synchronise with shrimpy and rawhide
-- bump soversion to 3
-
-* Wed Oct 10 2001 Florian La Roche <Florian.LaRoche@redhat.de>
-- delete BN_LLONG for s390x, patch from Oliver Paukstadt
-
-* Mon Sep 17 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-9
-- update AEP driver patch
-
-* Mon Sep 10 2001 Nalin Dahyabhai <nalin@redhat.com>
-- adjust RNG disabling patch to match version of patch from Broadcom
-
-* Fri Sep 7 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-8
-- disable the RNG in the ubsec engine driver
-
-* Tue Aug 28 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-7
-- tweaks to the ubsec engine driver
-
-* Fri Aug 24 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-6
-- tweaks to the ubsec engine driver
-
-* Thu Aug 23 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-5
-- update ubsec engine driver from Broadcom
-
-* Fri Aug 10 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-4
-- move man pages back to %%{_mandir}/man?/foo.?ssl from
- %%{_mandir}/man?ssl/foo.?
-- add an [ engine ] section to the default configuration file
-
-* Thu Aug 9 2001 Nalin Dahyabhai <nalin@redhat.com>
-- add a patch for selecting a default engine in SSL_library_init()
-
-* Mon Jul 23 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-3
-- add patches for AEP hardware support
-- add patch to keep trying when we fail to load a cert from a file and
- there are more in the file
-- add missing prototype for ENGINE_ubsec() in engine_int.h
-
-* Wed Jul 18 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-2
-- actually add hw_ubsec to the engine list
-
-* Tue Jul 17 2001 Nalin Dahyabhai <nalin@redhat.com>
-- add in the hw_ubsec driver from CVS
-
-* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-1
-- update to 0.9.6b
-
-* Thu Jul 5 2001 Nalin Dahyabhai <nalin@redhat.com>
-- move .so symlinks back to %%{_libdir}
-
-* Tue Jul 3 2001 Nalin Dahyabhai <nalin@redhat.com>
-- move shared libraries to /lib (#38410)
-
-* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
-- switch to engine code base
-
-* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
-- add a script for creating dummy certificates
-- move man pages from %%{_mandir}/man?/foo.?ssl to %%{_mandir}/man?ssl/foo.?
-
-* Thu Jun 07 2001 Florian La Roche <Florian.LaRoche@redhat.de>
-- add s390x support
-
-* Fri Jun 1 2001 Nalin Dahyabhai <nalin@redhat.com>
-- change two memcpy() calls to memmove()
-- don't define L_ENDIAN on alpha
-
-* Wed May 23 2001 Joe Orton <jorton@redhat.com> stronghold-0.9.6a-1
-- Add 'stronghold-' prefix to package names.
-- Obsolete standard openssl packages.
-
-* Wed May 16 2001 Joe Orton <jorton@redhat.com>
-- Add BuildArch: i586 as per Nalin's advice.
-
-* Tue May 15 2001 Joe Orton <jorton@redhat.com>
-- Enable assembler on ix86 (using new .tar.bz2 which does
- include the asm directories).
-
-* Tue May 15 2001 Nalin Dahyabhai <nalin@redhat.com>
-- make subpackages depend on the main package
-
-* Tue May 1 2001 Nalin Dahyabhai <nalin@redhat.com>
-- adjust the hobble script to not disturb symlinks in include/ (fix from
- Joe Orton)
-
-* Fri Apr 27 2001 Nalin Dahyabhai <nalin@redhat.com>
-- drop the m2crypo patch we weren't using
-
-* Tue Apr 24 2001 Nalin Dahyabhai <nalin@redhat.com>
-- configure using "shared" as well
-
-* Sun Apr 8 2001 Nalin Dahyabhai <nalin@redhat.com>
-- update to 0.9.6a
-- use the build-shared target to build shared libraries
-- bump the soversion to 2 because we're no longer compatible with
- our 0.9.5a packages or our 0.9.6 packages
-- drop the patch for making rsatest a no-op when rsa null support is used
-- put all man pages into <section>ssl instead of <section>
-- break the m2crypto modules into a separate package
-
-* Tue Mar 13 2001 Nalin Dahyabhai <nalin@redhat.com>
-- use BN_LLONG on s390
-
-* Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com>
-- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)
-
-* Sat Mar 3 2001 Nalin Dahyabhai <nalin@redhat.com>
-- move c_rehash to the perl subpackage, because it's a perl script now
-
-* Fri Mar 2 2001 Nalin Dahyabhai <nalin@redhat.com>
-- update to 0.9.6
-- enable MD2
-- use the libcrypto.so and libssl.so targets to build shared libs with
-- bump the soversion to 1 because we're no longer compatible with any of
- the various 0.9.5a packages circulating around, which provide lib*.so.0
-
-* Wed Feb 28 2001 Florian La Roche <Florian.LaRoche@redhat.de>
-- change hobble-openssl for disabling MD2 again
-
-* Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com>
-- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152
- bytes or so, causing EVP_DigestInit() to zero out stack variables in
- apps built against a version of the library without it
-
-* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
-- disable some inline assembly, which on x86 is Pentium-specific
-- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)
-
-* Thu Feb 08 2001 Florian La Roche <Florian.LaRoche@redhat.de>
-- fix s390 patch
-
-* Fri Dec 8 2000 Than Ngo <than@redhat.com>
-- added support s390
-
-* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
-- remove -Wa,* and -m* compiler flags from the default Configure file (#20656)
-- add the CA.pl man page to the perl subpackage
-
-* Thu Nov 2 2000 Nalin Dahyabhai <nalin@redhat.com>
-- always build with -mcpu=ev5 on alpha
-
-* Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com>
-- add a symlink from cert.pem to ca-bundle.crt
-
-* Wed Oct 25 2000 Nalin Dahyabhai <nalin@redhat.com>
-- add a ca-bundle file for packages like Samba to reference for CA certificates
-
-* Tue Oct 24 2000 Nalin Dahyabhai <nalin@redhat.com>
-- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)
-
-* Mon Oct 2 2000 Nalin Dahyabhai <nalin@redhat.com>
-- add unzip as a buildprereq (#17662)
-- update m2crypto to 0.05-snap4
-
-* Tue Sep 26 2000 Bill Nottingham <notting@redhat.com>
-- fix some issues in building when it's not installed
-
-* Wed Sep 6 2000 Nalin Dahyabhai <nalin@redhat.com>
-- make sure the headers we include are the ones we built with (aaaaarrgh!)
-
-* Fri Sep 1 2000 Nalin Dahyabhai <nalin@redhat.com>
-- add Richard Henderson's patch for BN on ia64
-- clean up the changelog
-
-* Tue Aug 29 2000 Nalin Dahyabhai <nalin@redhat.com>
-- fix the building of python modules without openssl-devel already installed
-
-* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
-- byte-compile python extensions without the build-root
-- adjust the makefile to not remove temporary files (like .key files when
- building .csr files) by marking them as .PRECIOUS
-
-* Sat Aug 19 2000 Nalin Dahyabhai <nalin@redhat.com>
-- break out python extensions into a subpackage
-
-* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
-- tweak the makefile some more
-
-* Tue Jul 11 2000 Nalin Dahyabhai <nalin@redhat.com>
-- disable MD2 support
-
-* Thu Jul 6 2000 Nalin Dahyabhai <nalin@redhat.com>
-- disable MDC2 support
-
-* Sun Jul 2 2000 Nalin Dahyabhai <nalin@redhat.com>
-- tweak the disabling of RC5, IDEA support
-- tweak the makefile
-
-* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
-- strip binaries and libraries
-- rework certificate makefile to have the right parts for Apache
-
-* Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com>
-- use %%{_perl} instead of /usr/bin/perl
-- disable alpha until it passes its own test suite
-
-* Fri Jun 9 2000 Nalin Dahyabhai <nalin@redhat.com>
-- move the passwd.1 man page out of the passwd package's way
-
-* Fri Jun 2 2000 Nalin Dahyabhai <nalin@redhat.com>
-- update to 0.9.5a, modified for U.S.
-- add perl as a build-time requirement
-- move certificate makefile to another package
-- disable RC5, IDEA, RSA support
-- remove optimizations for now
-
-* Wed Mar 1 2000 Florian La Roche <Florian.LaRoche@redhat.de>
-- Bero told me to move the Makefile into this package
-
-* Wed Mar 1 2000 Florian La Roche <Florian.LaRoche@redhat.de>
-- add lib*.so symlinks to link dynamically against shared libs
-
-* Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de>
-- update to 0.9.5
-- run ldconfig directly in post/postun
-- add FAQ
-
-* Sat Dec 18 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
-- Fix build on non-x86 platforms
-
-* Fri Nov 12 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
-- move /usr/share/ssl/* from -devel to main package
-
-* Tue Oct 26 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
-- inital packaging
-- changes from base:
- - Move /usr/local/ssl to /usr/share/ssl for FHS compliance
- - handle RPM_OPT_FLAGS
diff --git a/openssl-freefilesync/opensslconf-new-warning.h b/openssl-freefilesync/opensslconf-new-warning.h
deleted file mode 100644
index de091c8..0000000
--- a/openssl-freefilesync/opensslconf-new-warning.h
+++ /dev/null
@@ -1,7 +0,0 @@
-/* Prepended at openssl package build-time. Don't include this file directly,
- * use <openssl/opensslconf.h> instead. */
-
-#ifndef openssl_opensslconf_multilib_redirection_h
-#error "Don't include this file directly, use <openssl/opensslconf.h> instead!"
-#endif
-
diff --git a/openssl-freefilesync/opensslconf-new.h b/openssl-freefilesync/opensslconf-new.h
deleted file mode 100644
index 04363c3..0000000
--- a/openssl-freefilesync/opensslconf-new.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/* This file is here to prevent a file conflict on multiarch systems. A
- * conflict will frequently occur because arch-specific build-time
- * configuration options are stored (and used, so they can't just be stripped
- * out) in opensslconf.h. The original opensslconf.h has been renamed.
- * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
-
-#ifdef openssl_opensslconf_multilib_redirection_h
-#error "Do not define openssl_opensslconf_multilib_redirection_h!"
-#endif
-#define openssl_opensslconf_multilib_redirection_h
-
-#if defined(__i386__)
-#include "opensslconf-i386.h"
-#elif defined(__ia64__)
-#include "opensslconf-ia64.h"
-#elif defined(__mips64) && defined(__MIPSEL__)
-#include "opensslconf-mips64el.h"
-#elif defined(__mips64)
-#include "opensslconf-mips64.h"
-#elif defined(__mips) && defined(__MIPSEL__)
-#include "opensslconf-mipsel.h"
-#elif defined(__mips)
-#include "opensslconf-mips.h"
-#elif defined(__powerpc64__)
-#include <endian.h>
-#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
-#include "opensslconf-ppc64.h"
-#else
-#include "opensslconf-ppc64le.h"
-#endif
-#elif defined(__powerpc__)
-#include "opensslconf-ppc.h"
-#elif defined(__s390x__)
-#include "opensslconf-s390x.h"
-#elif defined(__s390__)
-#include "opensslconf-s390.h"
-#elif defined(__sparc__) && defined(__arch64__)
-#include "opensslconf-sparc64.h"
-#elif defined(__sparc__)
-#include "opensslconf-sparc.h"
-#elif defined(__x86_64__)
-#include "opensslconf-x86_64.h"
-#else
-#error "This openssl-devel package does not work your architecture?"
-#endif
-
-#undef openssl_opensslconf_multilib_redirection_h
diff --git a/openssl-freefilesync/readme-openssl-freefilesync.md b/openssl-freefilesync/readme-openssl-freefilesync.md
deleted file mode 100644
index b095f14..0000000
--- a/openssl-freefilesync/readme-openssl-freefilesync.md
+++ /dev/null
@@ -1,12 +0,0 @@
-# Purpose of this package
-// vim: syntax=markdown
-Package openssl-freefilesync exists to enable the compilation and execution of FreeFileSync on CentOS 7. CentOS 7 does not bundle high-enough versions of openssl in the base repositories, so the bgstack15 copr serves a customized package of a sufficient version of openssl. The city-fan repo does not provide this one, so I have to hack the Fedora package myself.
-
-# How to maintain openssl-freefilesync
-Take a [Fedora release](https://mirrors.rit.edu/fedora/fedora/linux/updates/30/Everything/SRPMS/Packages/o/openssl-1.1.1c-2.fc30.src.rpm) of openssl and open it.
-
- rpm2cpio openssl-1.1.1c-2.fc30.src.rpm | cpio -idm
-
-Make any modifications necessary to get it to compile. This changes include:
-* Revert any Fedora improvements to rpm specs since CentOS 7 was released, such as `%ldconfig_scriptlets`
-* Rename cnf and man pages and the main binary so they do not collide with system openssl package
diff --git a/openssl-freefilesync/renew-dummy-cert b/openssl-freefilesync/renew-dummy-cert
deleted file mode 100755
index 92e271c..0000000
--- a/openssl-freefilesync/renew-dummy-cert
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/bash
-
-if [ $# -eq 0 ]; then
- echo $"Usage: `basename $0` filename" 1>&2
- exit 1
-fi
-
-PEM=$1
-REQ=`/bin/mktemp /tmp/openssl.XXXXXX`
-KEY=`/bin/mktemp /tmp/openssl.XXXXXX`
-CRT=`/bin/mktemp /tmp/openssl.XXXXXX`
-NEW=${PEM}_
-
-trap "rm -f $REQ $KEY $CRT $NEW" SIGINT
-
-if [ ! -f $PEM ]; then
- echo "$PEM: file not found" 1>&2
- exit 1
-fi
-
-umask 077
-
-OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'`
-
-openssl rsa -inform pem -in $PEM -out $KEY
-openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ
-openssl x509 -req -in $REQ -signkey $KEY -days 365 \
- -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT
-
-(cat $KEY ; echo "" ; cat $CRT) > $NEW
-
-chown $OWNER $NEW
-
-mv -f $NEW $PEM
-
-rm -f $REQ $KEY $CRT
-
-exit 0
-
diff --git a/openssl-freefilesync/stackrpms-openssl.spec.diff b/openssl-freefilesync/stackrpms-openssl.spec.diff
deleted file mode 100644
index 8a7c9c2..0000000
--- a/openssl-freefilesync/stackrpms-openssl.spec.diff
+++ /dev/null
@@ -1,139 +0,0 @@
---- /usr/src/openssl/1.1.1c-6.fc30/openssl.spec 2019-09-06 11:21:33.000000000 -0400
-+++ /usr/src/openssl/1.1.1c-6.stack/openssl.spec 2019-09-19 09:13:41.214594699 -0400
-@@ -13,6 +13,10 @@
- # depends on build configuration options)
- %define soversion 1.1
-
-+# for openssl-freefilesync
-+%define fullname openssl-freefilesync
-+%define shortname openssl
-+
- # Arches on which we need to prevent arch conflicts on opensslconf.h, must
- # also be handled in opensslconf-new.h.
- %define multilib_arches %{ix86} ia64 %{mips} ppc ppc64 s390 s390x sparcv9 sparc64 x86_64
-@@ -20,9 +24,11 @@
- %global _performance_build 1
-
- Summary: Utilities from the general purpose cryptography library with TLS implementation
--Name: openssl
-+# for openssl-freefilesync
-+Name: %{fullname}
- Version: 1.1.1c
--Release: 6%{?dist}
-+# for openssl-freefilesync
-+Release: 6.stack%{?dist}
- Epoch: 1
- # We have to remove certain patented algorithms from the openssl source
- # tarball with the hobble-openssl script which is included below.
-@@ -91,8 +97,9 @@
- %package libs
- Summary: A general purpose cryptography library with TLS implementation
- Requires: ca-certificates >= 2008-5
--Requires: crypto-policies >= 20180730
--Recommends: openssl-pkcs11%{?_isa}
-+# for openssl-freefilesync
-+#Requires: crypto-policies >= 20180730
-+#Recommends: openssl-pkcs11%{?_isa}
- Provides: openssl-fips = %{epoch}:%{version}-%{release}
-
- %description libs
-@@ -131,7 +138,8 @@
- from other formats to the formats used by the OpenSSL toolkit.
-
- %prep
--%setup -q -n %{name}-%{version}
-+# for openssl-freefilesync
-+%setup -q -n %{shortname}-%{version}
-
- # The hobble_openssl is called here redundantly, just to be sure.
- # The tarball has already the sources removed.
-@@ -162,6 +170,8 @@
- %patch46 -p1 -b .seclevel
- %patch47 -p1 -b .ts-sha256-default
- %patch48 -p1 -b .fips-post-rand
-+# for openssl-freefilesync
-+sed -i -r -e '/sys\/random\.h/s@sys/random\.h@/usr/include/linux/random.h@;' crypto/rand/rand_unix.c
- %patch49 -p1 -b .evp-kdf
- %patch50 -p1 -b .ssh-kdf
- %patch51 -p1 -b .upstream-sync
-@@ -234,7 +244,8 @@
- # marked as not requiring an executable stack.
- # Also add -DPURIFY to make using valgrind with openssl easier as we do not
- # want to depend on the uninitialized memory as a source of entropy anyway.
--RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS"
-+# for openssl-freefilesync
-+RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY $RPM_LD_FLAGS"
-
- export HASHBANGPERL=/usr/bin/perl
-
-@@ -355,11 +366,12 @@
-
- # Ensure the config file timestamps are identical across builds to avoid
- # mulitlib conflicts and unnecessary renames on upgrade
--touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf
--touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf
-+# for openssl-freefilesync
-+touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf%{version}
-+touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf%{version}
-
--rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
--rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
-+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf{,.dist}
-+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf{,.dist}
-
- # Determine which arch opensslconf.h is going to try to #include.
- basearch=%{_arch}
-@@ -394,13 +406,23 @@
- LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
- export LD_LIBRARY_PATH
-
-+# for openssl-freefilesync
-+pushd ${RPM_BUILD_ROOT}%{_mandir}
-+for word in $( find . ! -type d -print ) ;
-+do
-+ mv "${word}" "${word}-111c"
-+done
-+popd
-+mv ${RPM_BUILD_ROOT}%{_bindir}/openssl{,-111c}
-+
- %files
- %{!?_licensedir:%global license %%doc}
- %license LICENSE
- %doc FAQ NEWS README README.FIPS
- %{_bindir}/make-dummy-cert
- %{_bindir}/renew-dummy-cert
--%{_bindir}/openssl
-+# for openssl-freefilesync
-+%{_bindir}/openssl-111c
- %{_mandir}/man1*/*
- %{_mandir}/man5*/*
- %{_mandir}/man7*/*
-@@ -417,8 +439,9 @@
- %dir %{_sysconfdir}/pki/tls/certs
- %dir %{_sysconfdir}/pki/tls/misc
- %dir %{_sysconfdir}/pki/tls/private
--%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
--%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
-+# for openssl-freefilesync
-+%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf%{version}
-+%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf%{version}
- %attr(0755,root,root) %{_libdir}/libcrypto.so.%{version}
- %attr(0755,root,root) %{_libdir}/libcrypto.so.%{soversion}
- %attr(0755,root,root) %{_libdir}/libssl.so.%{version}
-@@ -451,9 +474,15 @@
- %dir %{_sysconfdir}/pki/CA/crl
- %dir %{_sysconfdir}/pki/CA/newcerts
-
--%ldconfig_scriptlets libs
-+# for openssl-freefilesync
-+%post libs -p /sbin/ldconfig
-+
-+%postun libs -p /sbin/ldconfig
-
- %changelog
-+* Wed Sep 18 2019 B Stack <bgstack15@gmail.com> 1.1.1c-6.stack
-+- rebuild for el7 for freefilesync
-+
- * Fri Sep 6 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-6
- - upstream fix for status request extension non-compliance (#1737471)
-
bgstack15