From 2b064f70ae25ef1bc6c0d80b949ac0251ea74820 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 28 Jul 2020 19:11:42 +0000 Subject: [PATCH] import gnutls-3.6.14-5.el8 --- .gitignore | 2 + .gnutls.metadata | 2 + SOURCES/gnutls-3.2.7-rpath.patch | 12 + SOURCES/gnutls-3.6.13-enable-intel-cet.patch | 7849 ++++++++++++++++++ SOURCES/gnutls-3.6.14-autogen-int.patch | 36 + SOURCES/gnutls-3.6.14-fips-dh-check.patch | 676 ++ SOURCES/gnutls-3.6.14-fips-dh-primes.patch | 1843 ++++ SOURCES/gnutls-3.6.14-fips-mode-check.patch | 42 + SOURCES/gnutls-3.6.14-memcmp.patch | 131 + SOURCES/gnutls-3.6.14.tar.xz.sig | Bin 0 -> 580 bytes SOURCES/gnutls-3.6.4-no-now-guile.patch | 13 + SPECS/gnutls.spec | 1029 +++ 12 files changed, 11635 insertions(+) create mode 100644 .gitignore create mode 100644 .gnutls.metadata create mode 100644 SOURCES/gnutls-3.2.7-rpath.patch create mode 100644 SOURCES/gnutls-3.6.13-enable-intel-cet.patch create mode 100644 SOURCES/gnutls-3.6.14-autogen-int.patch create mode 100644 SOURCES/gnutls-3.6.14-fips-dh-check.patch create mode 100644 SOURCES/gnutls-3.6.14-fips-dh-primes.patch create mode 100644 SOURCES/gnutls-3.6.14-fips-mode-check.patch create mode 100644 SOURCES/gnutls-3.6.14-memcmp.patch create mode 100644 SOURCES/gnutls-3.6.14.tar.xz.sig create mode 100644 SOURCES/gnutls-3.6.4-no-now-guile.patch create mode 100644 SPECS/gnutls.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..14960ad --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/gnutls-3.6.14.tar.xz +SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg diff --git a/.gnutls.metadata b/.gnutls.metadata new file mode 100644 index 0000000..b23acfd --- /dev/null +++ b/.gnutls.metadata @@ -0,0 +1,2 @@ +bea1b5abcb691acf014e592f41d0a9580a41216a SOURCES/gnutls-3.6.14.tar.xz +648ec46f9539fe756fb90131b85ae4759ed2ed21 SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg diff --git a/SOURCES/gnutls-3.2.7-rpath.patch b/SOURCES/gnutls-3.2.7-rpath.patch new file mode 100644 index 0000000..4e6aed3 --- /dev/null +++ b/SOURCES/gnutls-3.2.7-rpath.patch @@ -0,0 +1,12 @@ +diff -ur gnutls-3.2.7.orig/configure gnutls-3.2.7/configure +--- gnutls-3.2.7.orig/configure 2013-11-23 11:09:49.000000000 +0100 ++++ gnutls-3.2.7/configure 2013-11-25 16:53:05.559440656 +0100 +@@ -39652,7 +39652,7 @@ + shlibpath_overrides_runpath=unknown + version_type=none + dynamic_linker="$host_os ld.so" +-sys_lib_dlsearch_path_spec="/lib /usr/lib" ++sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64" + need_lib_prefix=unknown + hardcode_into_libs=no + diff --git a/SOURCES/gnutls-3.6.13-enable-intel-cet.patch b/SOURCES/gnutls-3.6.13-enable-intel-cet.patch new file mode 100644 index 0000000..ca16882 --- /dev/null +++ b/SOURCES/gnutls-3.6.13-enable-intel-cet.patch @@ -0,0 +1,7849 @@ +From 7d969e296f4a8c39a8bdc642a3234b0957531201 Mon Sep 17 00:00:00 2001 +From: Anderson Toshiyuki Sasaki +Date: Wed, 20 May 2020 10:51:37 +0200 +Subject: [PATCH] accelerated: Enable Intel CET + +Signed-off-by: Anderson Toshiyuki Sasaki +--- + lib/accelerated/x86/coff/aes-ssse3-x86.s | 13 + + lib/accelerated/x86/coff/aes-ssse3-x86_64.s | 5 + + lib/accelerated/x86/coff/aesni-gcm-x86_64.s | 8 + + lib/accelerated/x86/coff/aesni-x86.s | 22 ++ + lib/accelerated/x86/coff/aesni-x86_64.s | 29 +- + lib/accelerated/x86/coff/e_padlock-x86.s | 276 +++++++++------- + lib/accelerated/x86/coff/e_padlock-x86_64.s | 218 ++++++++----- + lib/accelerated/x86/coff/ghash-x86_64.s | 6 + + lib/accelerated/x86/coff/sha1-ssse3-x86.s | 1 + + lib/accelerated/x86/coff/sha1-ssse3-x86_64.s | 2 +- + lib/accelerated/x86/coff/sha256-ssse3-x86.s | 1 + + .../x86/coff/sha256-ssse3-x86_64.s | 18 +- + lib/accelerated/x86/coff/sha512-ssse3-x86.s | 1 + + .../x86/coff/sha512-ssse3-x86_64.s | 20 +- + lib/accelerated/x86/elf/aes-ssse3-x86.s | 30 ++ + lib/accelerated/x86/elf/aes-ssse3-x86_64.s | 26 ++ + lib/accelerated/x86/elf/aesni-gcm-x86_64.s | 29 ++ + lib/accelerated/x86/elf/aesni-x86.s | 39 +++ + lib/accelerated/x86/elf/aesni-x86_64.s | 50 ++- + lib/accelerated/x86/elf/e_padlock-x86.s | 306 ++++++++++-------- + lib/accelerated/x86/elf/e_padlock-x86_64.s | 242 +++++++++----- + lib/accelerated/x86/elf/ghash-x86_64.s | 27 ++ + lib/accelerated/x86/elf/sha1-ssse3-x86.s | 18 ++ + lib/accelerated/x86/elf/sha1-ssse3-x86_64.s | 23 +- + lib/accelerated/x86/elf/sha256-ssse3-x86.s | 18 ++ + lib/accelerated/x86/elf/sha256-ssse3-x86_64.s | 51 ++- + lib/accelerated/x86/elf/sha512-ssse3-x86.s | 18 ++ + lib/accelerated/x86/elf/sha512-ssse3-x86_64.s | 49 ++- + lib/accelerated/x86/macosx/aes-ssse3-x86.s | 13 + + lib/accelerated/x86/macosx/aes-ssse3-x86_64.s | 5 + + lib/accelerated/x86/macosx/aesni-gcm-x86_64.s | 8 + + lib/accelerated/x86/macosx/aesni-x86.s | 22 ++ + lib/accelerated/x86/macosx/aesni-x86_64.s | 29 +- + lib/accelerated/x86/macosx/e_padlock-x86.s | 288 +++++++++-------- + lib/accelerated/x86/macosx/e_padlock-x86_64.s | 218 ++++++++----- + lib/accelerated/x86/macosx/ghash-x86_64.s | 6 + + lib/accelerated/x86/macosx/sha1-ssse3-x86.s | 1 + + .../x86/macosx/sha1-ssse3-x86_64.s | 2 +- + lib/accelerated/x86/macosx/sha256-ssse3-x86.s | 1 + + .../x86/macosx/sha256-ssse3-x86_64.s | 30 +- + lib/accelerated/x86/macosx/sha512-ssse3-x86.s | 1 + + .../x86/macosx/sha512-ssse3-x86_64.s | 28 +- + 42 files changed, 1541 insertions(+), 657 deletions(-) + +diff --git a/lib/accelerated/x86/coff/aes-ssse3-x86.s b/lib/accelerated/x86/coff/aes-ssse3-x86.s +index c58ea2359..1dced3b2a 100644 +--- a/lib/accelerated/x86/coff/aes-ssse3-x86.s ++++ b/lib/accelerated/x86/coff/aes-ssse3-x86.s +@@ -71,6 +71,7 @@ + .def __vpaes_preheat; .scl 3; .type 32; .endef + .align 16 + __vpaes_preheat: ++.byte 243,15,30,251 + addl (%esp),%ebp + movdqa -48(%ebp),%xmm7 + movdqa -16(%ebp),%xmm6 +@@ -78,6 +79,7 @@ __vpaes_preheat: + .def __vpaes_encrypt_core; .scl 3; .type 32; .endef + .align 16 + __vpaes_encrypt_core: ++.byte 243,15,30,251 + movl $16,%ecx + movl 240(%edx),%eax + movdqa %xmm6,%xmm1 +@@ -154,6 +156,7 @@ __vpaes_encrypt_core: + .def __vpaes_decrypt_core; .scl 3; .type 32; .endef + .align 16 + __vpaes_decrypt_core: ++.byte 243,15,30,251 + leal 608(%ebp),%ebx + movl 240(%edx),%eax + movdqa %xmm6,%xmm1 +@@ -241,6 +244,7 @@ __vpaes_decrypt_core: + .def __vpaes_schedule_core; .scl 3; .type 32; .endef + .align 16 + __vpaes_schedule_core: ++.byte 243,15,30,251 + addl (%esp),%ebp + movdqu (%esi),%xmm0 + movdqa 320(%ebp),%xmm2 +@@ -334,6 +338,7 @@ __vpaes_schedule_core: + .def __vpaes_schedule_192_smear; .scl 3; .type 32; .endef + .align 16 + __vpaes_schedule_192_smear: ++.byte 243,15,30,251 + pshufd $128,%xmm6,%xmm1 + pshufd $254,%xmm7,%xmm0 + pxor %xmm1,%xmm6 +@@ -345,6 +350,7 @@ __vpaes_schedule_192_smear: + .def __vpaes_schedule_round; .scl 3; .type 32; .endef + .align 16 + __vpaes_schedule_round: ++.byte 243,15,30,251 + movdqa 8(%esp),%xmm2 + pxor %xmm1,%xmm1 + .byte 102,15,58,15,202,15 +@@ -393,6 +399,7 @@ __vpaes_schedule_round: + .def __vpaes_schedule_transform; .scl 3; .type 32; .endef + .align 16 + __vpaes_schedule_transform: ++.byte 243,15,30,251 + movdqa -16(%ebp),%xmm2 + movdqa %xmm2,%xmm1 + pandn %xmm0,%xmm1 +@@ -407,6 +414,7 @@ __vpaes_schedule_transform: + .def __vpaes_schedule_mangle; .scl 3; .type 32; .endef + .align 16 + __vpaes_schedule_mangle: ++.byte 243,15,30,251 + movdqa %xmm0,%xmm4 + movdqa 128(%ebp),%xmm5 + testl %edi,%edi +@@ -467,6 +475,7 @@ __vpaes_schedule_mangle: + .align 16 + _vpaes_set_encrypt_key: + .L_vpaes_set_encrypt_key_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -499,6 +508,7 @@ _vpaes_set_encrypt_key: + .align 16 + _vpaes_set_decrypt_key: + .L_vpaes_set_decrypt_key_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -536,6 +546,7 @@ _vpaes_set_decrypt_key: + .align 16 + _vpaes_encrypt: + .L_vpaes_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -564,6 +575,7 @@ _vpaes_encrypt: + .align 16 + _vpaes_decrypt: + .L_vpaes_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -592,6 +604,7 @@ _vpaes_decrypt: + .align 16 + _vpaes_cbc_encrypt: + .L_vpaes_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +diff --git a/lib/accelerated/x86/coff/aes-ssse3-x86_64.s b/lib/accelerated/x86/coff/aes-ssse3-x86_64.s +index 150c9921d..f3fee5629 100644 +--- a/lib/accelerated/x86/coff/aes-ssse3-x86_64.s ++++ b/lib/accelerated/x86/coff/aes-ssse3-x86_64.s +@@ -643,6 +643,7 @@ vpaes_set_encrypt_key: + movq %r8,%rdx + + ++.byte 243,15,30,250 + leaq -184(%rsp),%rsp + movaps %xmm6,16(%rsp) + movaps %xmm7,32(%rsp) +@@ -695,6 +696,7 @@ vpaes_set_decrypt_key: + movq %r8,%rdx + + ++.byte 243,15,30,250 + leaq -184(%rsp),%rsp + movaps %xmm6,16(%rsp) + movaps %xmm7,32(%rsp) +@@ -752,6 +754,7 @@ vpaes_encrypt: + movq %r8,%rdx + + ++.byte 243,15,30,250 + leaq -184(%rsp),%rsp + movaps %xmm6,16(%rsp) + movaps %xmm7,32(%rsp) +@@ -799,6 +802,7 @@ vpaes_decrypt: + movq %r8,%rdx + + ++.byte 243,15,30,250 + leaq -184(%rsp),%rsp + movaps %xmm6,16(%rsp) + movaps %xmm7,32(%rsp) +@@ -848,6 +852,7 @@ vpaes_cbc_encrypt: + movq 48(%rsp),%r9 + + ++.byte 243,15,30,250 + xchgq %rcx,%rdx + subq $16,%rcx + jc .Lcbc_abort +diff --git a/lib/accelerated/x86/coff/aesni-gcm-x86_64.s b/lib/accelerated/x86/coff/aesni-gcm-x86_64.s +index 7988004cb..5784e4bcf 100644 +--- a/lib/accelerated/x86/coff/aesni-gcm-x86_64.s ++++ b/lib/accelerated/x86/coff/aesni-gcm-x86_64.s +@@ -42,6 +42,8 @@ + .def _aesni_ctr32_ghash_6x; .scl 3; .type 32; .endef + .p2align 5 + _aesni_ctr32_ghash_6x: ++ ++.byte 243,15,30,250 + vmovdqu 32(%r11),%xmm2 + subq $6,%rdx + vpxor %xmm4,%xmm4,%xmm4 +@@ -350,6 +352,7 @@ _aesni_ctr32_ghash_6x: + + .byte 0xf3,0xc3 + ++ + .globl aesni_gcm_decrypt + .def aesni_gcm_decrypt; .scl 2; .type 32; .endef + .p2align 5 +@@ -366,6 +369,7 @@ aesni_gcm_decrypt: + movq 48(%rsp),%r9 + + ++.byte 243,15,30,250 + xorq %r10,%r10 + cmpq $0x60,%rdx + jb .Lgcm_dec_abort +@@ -490,6 +494,8 @@ aesni_gcm_decrypt: + .def _aesni_ctr32_6x; .scl 3; .type 32; .endef + .p2align 5 + _aesni_ctr32_6x: ++ ++.byte 243,15,30,250 + vmovdqu 0-128(%rcx),%xmm4 + vmovdqu 32(%r11),%xmm2 + leaq -1(%rbp),%r13 +@@ -578,6 +584,7 @@ _aesni_ctr32_6x: + jmp .Loop_ctr32 + + ++ + .globl aesni_gcm_encrypt + .def aesni_gcm_encrypt; .scl 2; .type 32; .endef + .p2align 5 +@@ -594,6 +601,7 @@ aesni_gcm_encrypt: + movq 48(%rsp),%r9 + + ++.byte 243,15,30,250 + xorq %r10,%r10 + cmpq $288,%rdx + jb .Lgcm_enc_abort +diff --git a/lib/accelerated/x86/coff/aesni-x86.s b/lib/accelerated/x86/coff/aesni-x86.s +index c6aa1a1e2..577dc4af2 100644 +--- a/lib/accelerated/x86/coff/aesni-x86.s ++++ b/lib/accelerated/x86/coff/aesni-x86.s +@@ -43,6 +43,7 @@ + .align 16 + _aesni_encrypt: + .L_aesni_encrypt_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 12(%esp),%edx + movups (%eax),%xmm2 +@@ -69,6 +70,7 @@ _aesni_encrypt: + .align 16 + _aesni_decrypt: + .L_aesni_decrypt_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 12(%esp),%edx + movups (%eax),%xmm2 +@@ -93,6 +95,7 @@ _aesni_decrypt: + .def __aesni_encrypt2; .scl 3; .type 32; .endef + .align 16 + __aesni_encrypt2: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -119,6 +122,7 @@ __aesni_encrypt2: + .def __aesni_decrypt2; .scl 3; .type 32; .endef + .align 16 + __aesni_decrypt2: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -145,6 +149,7 @@ __aesni_decrypt2: + .def __aesni_encrypt3; .scl 3; .type 32; .endef + .align 16 + __aesni_encrypt3: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -176,6 +181,7 @@ __aesni_encrypt3: + .def __aesni_decrypt3; .scl 3; .type 32; .endef + .align 16 + __aesni_decrypt3: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -207,6 +213,7 @@ __aesni_decrypt3: + .def __aesni_encrypt4; .scl 3; .type 32; .endef + .align 16 + __aesni_encrypt4: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + movups 16(%edx),%xmm1 + shll $4,%ecx +@@ -244,6 +251,7 @@ __aesni_encrypt4: + .def __aesni_decrypt4; .scl 3; .type 32; .endef + .align 16 + __aesni_decrypt4: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + movups 16(%edx),%xmm1 + shll $4,%ecx +@@ -281,6 +289,7 @@ __aesni_decrypt4: + .def __aesni_encrypt6; .scl 3; .type 32; .endef + .align 16 + __aesni_encrypt6: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -334,6 +343,7 @@ __aesni_encrypt6: + .def __aesni_decrypt6; .scl 3; .type 32; .endef + .align 16 + __aesni_decrypt6: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -389,6 +399,7 @@ __aesni_decrypt6: + .align 16 + _aesni_ecb_encrypt: + .L_aesni_ecb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -623,6 +634,7 @@ _aesni_ecb_encrypt: + .align 16 + _aesni_ccm64_encrypt_blocks: + .L_aesni_ccm64_encrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -710,6 +722,7 @@ _aesni_ccm64_encrypt_blocks: + .align 16 + _aesni_ccm64_decrypt_blocks: + .L_aesni_ccm64_decrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -832,6 +845,7 @@ _aesni_ccm64_decrypt_blocks: + .align 16 + _aesni_ctr32_encrypt_blocks: + .L_aesni_ctr32_encrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1069,6 +1083,7 @@ _aesni_ctr32_encrypt_blocks: + .align 16 + _aesni_xts_encrypt: + .L_aesni_xts_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1428,6 +1443,7 @@ _aesni_xts_encrypt: + .align 16 + _aesni_xts_decrypt: + .L_aesni_xts_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1817,6 +1833,7 @@ _aesni_xts_decrypt: + .align 16 + _aesni_ocb_encrypt: + .L_aesni_ocb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2211,6 +2228,7 @@ _aesni_ocb_encrypt: + .align 16 + _aesni_ocb_decrypt: + .L_aesni_ocb_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2605,6 +2623,7 @@ _aesni_ocb_decrypt: + .align 16 + _aesni_cbc_encrypt: + .L_aesni_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2863,6 +2882,7 @@ _aesni_cbc_encrypt: + .def __aesni_set_encrypt_key; .scl 3; .type 32; .endef + .align 16 + __aesni_set_encrypt_key: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + testl %eax,%eax +@@ -3197,6 +3217,7 @@ __aesni_set_encrypt_key: + .align 16 + _aesni_set_encrypt_key: + .L_aesni_set_encrypt_key_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 8(%esp),%ecx + movl 12(%esp),%edx +@@ -3207,6 +3228,7 @@ _aesni_set_encrypt_key: + .align 16 + _aesni_set_decrypt_key: + .L_aesni_set_decrypt_key_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 8(%esp),%ecx + movl 12(%esp),%edx +diff --git a/lib/accelerated/x86/coff/aesni-x86_64.s b/lib/accelerated/x86/coff/aesni-x86_64.s +index 4e8de065f..ba2992903 100644 +--- a/lib/accelerated/x86/coff/aesni-x86_64.s ++++ b/lib/accelerated/x86/coff/aesni-x86_64.s +@@ -44,6 +44,7 @@ + .p2align 4 + aesni_encrypt: + ++.byte 243,15,30,250 + movups (%rcx),%xmm2 + movl 240(%r8),%eax + movups (%r8),%xmm0 +@@ -70,6 +71,7 @@ aesni_encrypt: + .p2align 4 + aesni_decrypt: + ++.byte 243,15,30,250 + movups (%rcx),%xmm2 + movl 240(%r8),%eax + movups (%r8),%xmm0 +@@ -567,6 +569,7 @@ aesni_ecb_encrypt: + movq 40(%rsp),%r8 + + ++.byte 243,15,30,250 + leaq -88(%rsp),%rsp + movaps %xmm6,(%rsp) + movaps %xmm7,16(%rsp) +@@ -939,6 +942,8 @@ aesni_ccm64_encrypt_blocks: + movq 40(%rsp),%r8 + movq 48(%rsp),%r9 + ++ ++.byte 243,15,30,250 + leaq -88(%rsp),%rsp + movaps %xmm6,(%rsp) + movaps %xmm7,16(%rsp) +@@ -1015,6 +1020,7 @@ aesni_ccm64_encrypt_blocks: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_aesni_ccm64_encrypt_blocks: + .globl aesni_ccm64_decrypt_blocks + .def aesni_ccm64_decrypt_blocks; .scl 2; .type 32; .endef +@@ -1031,6 +1037,8 @@ aesni_ccm64_decrypt_blocks: + movq 40(%rsp),%r8 + movq 48(%rsp),%r9 + ++ ++.byte 243,15,30,250 + leaq -88(%rsp),%rsp + movaps %xmm6,(%rsp) + movaps %xmm7,16(%rsp) +@@ -1141,6 +1149,7 @@ aesni_ccm64_decrypt_blocks: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_aesni_ccm64_decrypt_blocks: + .globl aesni_ctr32_encrypt_blocks + .def aesni_ctr32_encrypt_blocks; .scl 2; .type 32; .endef +@@ -1157,6 +1166,7 @@ aesni_ctr32_encrypt_blocks: + movq 40(%rsp),%r8 + + ++.byte 243,15,30,250 + cmpq $1,%rdx + jne .Lctr32_bulk + +@@ -1769,6 +1779,7 @@ aesni_xts_encrypt: + movq 48(%rsp),%r9 + + ++.byte 243,15,30,250 + leaq (%rsp),%r11 + + pushq %rbp +@@ -2273,6 +2284,7 @@ aesni_xts_decrypt: + movq 48(%rsp),%r9 + + ++.byte 243,15,30,250 + leaq (%rsp),%r11 + + pushq %rbp +@@ -2814,6 +2826,7 @@ aesni_ocb_encrypt: + movq 48(%rsp),%r9 + + ++.byte 243,15,30,250 + leaq (%rsp),%rax + pushq %rbx + +@@ -3046,6 +3059,7 @@ aesni_ocb_encrypt: + .def __ocb_encrypt6; .scl 3; .type 32; .endef + .p2align 5 + __ocb_encrypt6: ++ + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -3145,9 +3159,11 @@ __ocb_encrypt6: + .byte 0xf3,0xc3 + + ++ + .def __ocb_encrypt4; .scl 3; .type 32; .endef + .p2align 5 + __ocb_encrypt4: ++ + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -3214,9 +3230,11 @@ __ocb_encrypt4: + .byte 0xf3,0xc3 + + ++ + .def __ocb_encrypt1; .scl 3; .type 32; .endef + .p2align 5 + __ocb_encrypt1: ++ + pxor %xmm15,%xmm7 + pxor %xmm9,%xmm7 + pxor %xmm2,%xmm8 +@@ -3249,6 +3267,7 @@ __ocb_encrypt1: + .byte 0xf3,0xc3 + + ++ + .globl aesni_ocb_decrypt + .def aesni_ocb_decrypt; .scl 2; .type 32; .endef + .p2align 5 +@@ -3265,6 +3284,7 @@ aesni_ocb_decrypt: + movq 48(%rsp),%r9 + + ++.byte 243,15,30,250 + leaq (%rsp),%rax + pushq %rbx + +@@ -3519,6 +3539,7 @@ aesni_ocb_decrypt: + .def __ocb_decrypt6; .scl 3; .type 32; .endef + .p2align 5 + __ocb_decrypt6: ++ + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -3612,9 +3633,11 @@ __ocb_decrypt6: + .byte 0xf3,0xc3 + + ++ + .def __ocb_decrypt4; .scl 3; .type 32; .endef + .p2align 5 + __ocb_decrypt4: ++ + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -3677,9 +3700,11 @@ __ocb_decrypt4: + .byte 0xf3,0xc3 + + ++ + .def __ocb_decrypt1; .scl 3; .type 32; .endef + .p2align 5 + __ocb_decrypt1: ++ + pxor %xmm15,%xmm7 + pxor %xmm9,%xmm7 + pxor %xmm7,%xmm2 +@@ -3710,6 +3735,7 @@ __ocb_decrypt1: + .byte 102,15,56,223,215 + .byte 0xf3,0xc3 + ++ + .globl aesni_cbc_encrypt + .def aesni_cbc_encrypt; .scl 2; .type 32; .endef + .p2align 4 +@@ -3726,6 +3752,7 @@ aesni_cbc_encrypt: + movq 48(%rsp),%r9 + + ++.byte 243,15,30,250 + testq %rdx,%rdx + jz .Lcbc_ret + +@@ -4687,7 +4714,6 @@ __aesni_set_encrypt_key: + addq $8,%rsp + + .byte 0xf3,0xc3 +- + .LSEH_end_set_encrypt_key: + + .p2align 4 +@@ -4760,6 +4786,7 @@ __aesni_set_encrypt_key: + .byte 0xf3,0xc3 + + ++ + .p2align 6 + .Lbswap_mask: + .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 +diff --git a/lib/accelerated/x86/coff/e_padlock-x86.s b/lib/accelerated/x86/coff/e_padlock-x86.s +index 41f87b117..9e27b9324 100644 +--- a/lib/accelerated/x86/coff/e_padlock-x86.s ++++ b/lib/accelerated/x86/coff/e_padlock-x86.s +@@ -1,4 +1,4 @@ +-# Copyright (c) 2011-2013, Andy Polyakov ++# Copyright (c) 2011-2016, Andy Polyakov + # All rights reserved. + # + # Redistribution and use in source and binary forms, with or without +@@ -37,13 +37,13 @@ + # + # *** This file is auto-generated *** + # +-.file "devel/perlasm/e_padlock-x86.s" + .text + .globl _padlock_capability + .def _padlock_capability; .scl 2; .type 32; .endef + .align 16 + _padlock_capability: + .L_padlock_capability_begin: ++.byte 243,15,30,251 + pushl %ebx + pushfl + popl %eax +@@ -60,11 +60,20 @@ _padlock_capability: + .byte 0x0f,0xa2 + xorl %eax,%eax + cmpl $0x746e6543,%ebx +- jne .L000noluck ++ jne .L001zhaoxin + cmpl $0x48727561,%edx + jne .L000noluck + cmpl $0x736c7561,%ecx + jne .L000noluck ++ jmp .L002zhaoxinEnd ++.L001zhaoxin: ++ cmpl $0x68532020,%ebx ++ jne .L000noluck ++ cmpl $0x68676e61,%edx ++ jne .L000noluck ++ cmpl $0x20206961,%ecx ++ jne .L000noluck ++.L002zhaoxinEnd: + movl $3221225472,%eax + .byte 0x0f,0xa2 + movl %eax,%edx +@@ -94,38 +103,41 @@ _padlock_capability: + .align 16 + _padlock_key_bswap: + .L_padlock_key_bswap_begin: ++.byte 243,15,30,251 + movl 4(%esp),%edx + movl 240(%edx),%ecx +-.L001bswap_loop: ++.L003bswap_loop: + movl (%edx),%eax + bswap %eax + movl %eax,(%edx) + leal 4(%edx),%edx + subl $1,%ecx +- jnz .L001bswap_loop ++ jnz .L003bswap_loop + ret + .globl _padlock_verify_context + .def _padlock_verify_context; .scl 2; .type 32; .endef + .align 16 + _padlock_verify_context: + .L_padlock_verify_context_begin: ++.byte 243,15,30,251 + movl 4(%esp),%edx + leal .Lpadlock_saved_context,%eax + pushfl + call __padlock_verify_ctx +-.L002verify_pic_point: ++.L004verify_pic_point: + leal 4(%esp),%esp + ret + .def __padlock_verify_ctx; .scl 3; .type 32; .endef + .align 16 + __padlock_verify_ctx: ++.byte 243,15,30,251 + btl $30,4(%esp) +- jnc .L003verified ++ jnc .L005verified + cmpl (%eax),%edx +- je .L003verified ++ je .L005verified + pushfl + popfl +-.L003verified: ++.L005verified: + movl %edx,(%eax) + ret + .globl _padlock_reload_key +@@ -133,6 +145,7 @@ __padlock_verify_ctx: + .align 16 + _padlock_reload_key: + .L_padlock_reload_key_begin: ++.byte 243,15,30,251 + pushfl + popfl + ret +@@ -141,6 +154,7 @@ _padlock_reload_key: + .align 16 + _padlock_aes_block: + .L_padlock_aes_block_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + pushl %ebx +@@ -160,6 +174,7 @@ _padlock_aes_block: + .align 16 + _padlock_ecb_encrypt: + .L_padlock_ecb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -169,25 +184,25 @@ _padlock_ecb_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L004ecb_abort ++ jnz .L006ecb_abort + testl $15,%ecx +- jnz .L004ecb_abort ++ jnz .L006ecb_abort + leal .Lpadlock_saved_context,%eax + pushfl + cld + call __padlock_verify_ctx +-.L005ecb_pic_point: ++.L007ecb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L006ecb_aligned ++ jnz .L008ecb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L006ecb_aligned ++ jnz .L008ecb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -206,7 +221,7 @@ _padlock_ecb_encrypt: + andl $-16,%esp + movl %eax,16(%ebp) + cmpl %ebx,%ecx +- ja .L007ecb_loop ++ ja .L009ecb_loop + movl %esi,%eax + cmpl %esp,%ebp + cmovel %edi,%eax +@@ -217,10 +232,10 @@ _padlock_ecb_encrypt: + movl $-128,%eax + cmovael %ebx,%eax + andl %eax,%ebx +- jz .L008ecb_unaligned_tail +- jmp .L007ecb_loop ++ jz .L010ecb_unaligned_tail ++ jmp .L009ecb_loop + .align 16 +-.L007ecb_loop: ++.L009ecb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -229,13 +244,13 @@ _padlock_ecb_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L009ecb_inp_aligned ++ jz .L011ecb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L009ecb_inp_aligned: ++.L011ecb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -243,23 +258,23 @@ _padlock_ecb_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L010ecb_out_aligned ++ jz .L012ecb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L010ecb_out_aligned: ++.L012ecb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jz .L011ecb_break ++ jz .L013ecb_break + cmpl %ebx,%ecx +- jae .L007ecb_loop +-.L008ecb_unaligned_tail: ++ jae .L009ecb_loop ++.L010ecb_unaligned_tail: + xorl %eax,%eax + cmpl %ebp,%esp + cmovel %ecx,%eax +@@ -272,24 +287,24 @@ _padlock_ecb_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L007ecb_loop ++ jmp .L009ecb_loop + .align 16 +-.L011ecb_break: ++.L013ecb_break: + cmpl %ebp,%esp +- je .L012ecb_done ++ je .L014ecb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L013ecb_bzero: ++.L015ecb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L013ecb_bzero +-.L012ecb_done: ++ ja .L015ecb_bzero ++.L014ecb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L014ecb_exit ++ jmp .L016ecb_exit + .align 16 +-.L006ecb_aligned: ++.L008ecb_aligned: + leal (%esi,%ecx,1),%ebp + negl %ebp + andl $4095,%ebp +@@ -299,14 +314,14 @@ _padlock_ecb_encrypt: + cmovael %eax,%ebp + andl %ecx,%ebp + subl %ebp,%ecx +- jz .L015ecb_aligned_tail ++ jz .L017ecb_aligned_tail + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,200 + testl %ebp,%ebp +- jz .L014ecb_exit +-.L015ecb_aligned_tail: ++ jz .L016ecb_exit ++.L017ecb_aligned_tail: + movl %ebp,%ecx + leal -24(%esp),%ebp + movl %ebp,%esp +@@ -323,11 +338,11 @@ _padlock_ecb_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L007ecb_loop +-.L014ecb_exit: ++ jmp .L009ecb_loop ++.L016ecb_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L004ecb_abort: ++.L006ecb_abort: + popl %edi + popl %esi + popl %ebx +@@ -338,6 +353,7 @@ _padlock_ecb_encrypt: + .align 16 + _padlock_cbc_encrypt: + .L_padlock_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -347,25 +363,25 @@ _padlock_cbc_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L016cbc_abort ++ jnz .L018cbc_abort + testl $15,%ecx +- jnz .L016cbc_abort ++ jnz .L018cbc_abort + leal .Lpadlock_saved_context,%eax + pushfl + cld + call __padlock_verify_ctx +-.L017cbc_pic_point: ++.L019cbc_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L018cbc_aligned ++ jnz .L020cbc_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L018cbc_aligned ++ jnz .L020cbc_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -384,7 +400,7 @@ _padlock_cbc_encrypt: + andl $-16,%esp + movl %eax,16(%ebp) + cmpl %ebx,%ecx +- ja .L019cbc_loop ++ ja .L021cbc_loop + movl %esi,%eax + cmpl %esp,%ebp + cmovel %edi,%eax +@@ -395,10 +411,10 @@ _padlock_cbc_encrypt: + movl $-64,%eax + cmovael %ebx,%eax + andl %eax,%ebx +- jz .L020cbc_unaligned_tail +- jmp .L019cbc_loop ++ jz .L022cbc_unaligned_tail ++ jmp .L021cbc_loop + .align 16 +-.L019cbc_loop: ++.L021cbc_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -407,13 +423,13 @@ _padlock_cbc_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L021cbc_inp_aligned ++ jz .L023cbc_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L021cbc_inp_aligned: ++.L023cbc_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -423,23 +439,23 @@ _padlock_cbc_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L022cbc_out_aligned ++ jz .L024cbc_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L022cbc_out_aligned: ++.L024cbc_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jz .L023cbc_break ++ jz .L025cbc_break + cmpl %ebx,%ecx +- jae .L019cbc_loop +-.L020cbc_unaligned_tail: ++ jae .L021cbc_loop ++.L022cbc_unaligned_tail: + xorl %eax,%eax + cmpl %ebp,%esp + cmovel %ecx,%eax +@@ -452,24 +468,24 @@ _padlock_cbc_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L019cbc_loop ++ jmp .L021cbc_loop + .align 16 +-.L023cbc_break: ++.L025cbc_break: + cmpl %ebp,%esp +- je .L024cbc_done ++ je .L026cbc_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L025cbc_bzero: ++.L027cbc_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L025cbc_bzero +-.L024cbc_done: ++ ja .L027cbc_bzero ++.L026cbc_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L026cbc_exit ++ jmp .L028cbc_exit + .align 16 +-.L018cbc_aligned: ++.L020cbc_aligned: + leal (%esi,%ecx,1),%ebp + negl %ebp + andl $4095,%ebp +@@ -479,7 +495,7 @@ _padlock_cbc_encrypt: + cmovael %eax,%ebp + andl %ecx,%ebp + subl %ebp,%ecx +- jz .L027cbc_aligned_tail ++ jz .L029cbc_aligned_tail + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -487,8 +503,8 @@ _padlock_cbc_encrypt: + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) + testl %ebp,%ebp +- jz .L026cbc_exit +-.L027cbc_aligned_tail: ++ jz .L028cbc_exit ++.L029cbc_aligned_tail: + movl %ebp,%ecx + leal -24(%esp),%ebp + movl %ebp,%esp +@@ -505,11 +521,11 @@ _padlock_cbc_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L019cbc_loop +-.L026cbc_exit: ++ jmp .L021cbc_loop ++.L028cbc_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L016cbc_abort: ++.L018cbc_abort: + popl %edi + popl %esi + popl %ebx +@@ -520,6 +536,7 @@ _padlock_cbc_encrypt: + .align 16 + _padlock_cfb_encrypt: + .L_padlock_cfb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -529,25 +546,25 @@ _padlock_cfb_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L028cfb_abort ++ jnz .L030cfb_abort + testl $15,%ecx +- jnz .L028cfb_abort ++ jnz .L030cfb_abort + leal .Lpadlock_saved_context,%eax + pushfl + cld + call __padlock_verify_ctx +-.L029cfb_pic_point: ++.L031cfb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L030cfb_aligned ++ jnz .L032cfb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L030cfb_aligned ++ jnz .L032cfb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -565,9 +582,9 @@ _padlock_cfb_encrypt: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp .L031cfb_loop ++ jmp .L033cfb_loop + .align 16 +-.L031cfb_loop: ++.L033cfb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -576,13 +593,13 @@ _padlock_cfb_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L032cfb_inp_aligned ++ jz .L034cfb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L032cfb_inp_aligned: ++.L034cfb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -592,45 +609,45 @@ _padlock_cfb_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L033cfb_out_aligned ++ jz .L035cfb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L033cfb_out_aligned: ++.L035cfb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz .L031cfb_loop ++ jnz .L033cfb_loop + cmpl %ebp,%esp +- je .L034cfb_done ++ je .L036cfb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L035cfb_bzero: ++.L037cfb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L035cfb_bzero +-.L034cfb_done: ++ ja .L037cfb_bzero ++.L036cfb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L036cfb_exit ++ jmp .L038cfb_exit + .align 16 +-.L030cfb_aligned: ++.L032cfb_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,224 + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) +-.L036cfb_exit: ++.L038cfb_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L028cfb_abort: ++.L030cfb_abort: + popl %edi + popl %esi + popl %ebx +@@ -641,6 +658,7 @@ _padlock_cfb_encrypt: + .align 16 + _padlock_ofb_encrypt: + .L_padlock_ofb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -650,25 +668,25 @@ _padlock_ofb_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L037ofb_abort ++ jnz .L039ofb_abort + testl $15,%ecx +- jnz .L037ofb_abort ++ jnz .L039ofb_abort + leal .Lpadlock_saved_context,%eax + pushfl + cld + call __padlock_verify_ctx +-.L038ofb_pic_point: ++.L040ofb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L039ofb_aligned ++ jnz .L041ofb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L039ofb_aligned ++ jnz .L041ofb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -686,9 +704,9 @@ _padlock_ofb_encrypt: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp .L040ofb_loop ++ jmp .L042ofb_loop + .align 16 +-.L040ofb_loop: ++.L042ofb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -697,13 +715,13 @@ _padlock_ofb_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L041ofb_inp_aligned ++ jz .L043ofb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L041ofb_inp_aligned: ++.L043ofb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -713,45 +731,45 @@ _padlock_ofb_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L042ofb_out_aligned ++ jz .L044ofb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L042ofb_out_aligned: ++.L044ofb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz .L040ofb_loop ++ jnz .L042ofb_loop + cmpl %ebp,%esp +- je .L043ofb_done ++ je .L045ofb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L044ofb_bzero: ++.L046ofb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L044ofb_bzero +-.L043ofb_done: ++ ja .L046ofb_bzero ++.L045ofb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L045ofb_exit ++ jmp .L047ofb_exit + .align 16 +-.L039ofb_aligned: ++.L041ofb_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,232 + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) +-.L045ofb_exit: ++.L047ofb_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L037ofb_abort: ++.L039ofb_abort: + popl %edi + popl %esi + popl %ebx +@@ -762,6 +780,7 @@ _padlock_ofb_encrypt: + .align 16 + _padlock_ctr32_encrypt: + .L_padlock_ctr32_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -771,14 +790,14 @@ _padlock_ctr32_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L046ctr32_abort ++ jnz .L048ctr32_abort + testl $15,%ecx +- jnz .L046ctr32_abort ++ jnz .L048ctr32_abort + leal .Lpadlock_saved_context,%eax + pushfl + cld + call __padlock_verify_ctx +-.L047ctr32_pic_point: ++.L049ctr32_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + movq -16(%edx),%mm0 +@@ -798,9 +817,9 @@ _padlock_ctr32_encrypt: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp .L048ctr32_loop ++ jmp .L050ctr32_loop + .align 16 +-.L048ctr32_loop: ++.L050ctr32_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -809,7 +828,7 @@ _padlock_ctr32_encrypt: + movl -4(%edx),%ecx + xorl %edi,%edi + movl -8(%edx),%eax +-.L049ctr32_prepare: ++.L051ctr32_prepare: + movl %ecx,12(%esp,%edi,1) + bswap %ecx + movq %mm0,(%esp,%edi,1) +@@ -818,7 +837,7 @@ _padlock_ctr32_encrypt: + bswap %ecx + leal 16(%edi),%edi + cmpl %ebx,%edi +- jb .L049ctr32_prepare ++ jb .L051ctr32_prepare + movl %ecx,-4(%edx) + leal (%esp),%esi + leal (%esp),%edi +@@ -831,33 +850,33 @@ _padlock_ctr32_encrypt: + movl 12(%ebp),%ebx + movl 4(%ebp),%esi + xorl %ecx,%ecx +-.L050ctr32_xor: ++.L052ctr32_xor: + movups (%esi,%ecx,1),%xmm1 + leal 16(%ecx),%ecx + pxor -16(%esp,%ecx,1),%xmm1 + movups %xmm1,-16(%edi,%ecx,1) + cmpl %ebx,%ecx +- jb .L050ctr32_xor ++ jb .L052ctr32_xor + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz .L048ctr32_loop ++ jnz .L050ctr32_loop + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L051ctr32_bzero: ++.L053ctr32_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L051ctr32_bzero +-.L052ctr32_done: ++ ja .L053ctr32_bzero ++.L054ctr32_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp + movl $1,%eax + leal 4(%esp),%esp + emms +-.L046ctr32_abort: ++.L048ctr32_abort: + popl %edi + popl %esi + popl %ebx +@@ -868,6 +887,7 @@ _padlock_ctr32_encrypt: + .align 16 + _padlock_xstore: + .L_padlock_xstore_begin: ++.byte 243,15,30,251 + pushl %edi + movl 8(%esp),%edi + movl 12(%esp),%edx +@@ -877,20 +897,22 @@ _padlock_xstore: + .def __win32_segv_handler; .scl 3; .type 32; .endef + .align 16 + __win32_segv_handler: ++.byte 243,15,30,251 + movl $1,%eax + movl 4(%esp),%edx + movl 12(%esp),%ecx + cmpl $3221225477,(%edx) +- jne .L053ret ++ jne .L055ret + addl $4,184(%ecx) + movl $0,%eax +-.L053ret: ++.L055ret: + ret + .globl _padlock_sha1_oneshot + .def _padlock_sha1_oneshot; .scl 2; .type 32; .endef + .align 16 + _padlock_sha1_oneshot: + .L_padlock_sha1_oneshot_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + xorl %eax,%eax +@@ -926,6 +948,7 @@ _padlock_sha1_oneshot: + .align 16 + _padlock_sha1_blocks: + .L_padlock_sha1_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +@@ -955,6 +978,7 @@ _padlock_sha1_blocks: + .align 16 + _padlock_sha256_oneshot: + .L_padlock_sha256_oneshot_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + xorl %eax,%eax +@@ -990,6 +1014,7 @@ _padlock_sha256_oneshot: + .align 16 + _padlock_sha256_blocks: + .L_padlock_sha256_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +@@ -1019,6 +1044,7 @@ _padlock_sha256_blocks: + .align 16 + _padlock_sha512_blocks: + .L_padlock_sha512_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +diff --git a/lib/accelerated/x86/coff/e_padlock-x86_64.s b/lib/accelerated/x86/coff/e_padlock-x86_64.s +index 7edee19f5..71c9e1aea 100644 +--- a/lib/accelerated/x86/coff/e_padlock-x86_64.s ++++ b/lib/accelerated/x86/coff/e_padlock-x86_64.s +@@ -1,4 +1,4 @@ +-# Copyright (c) 2011-2013, Andy Polyakov ++# Copyright (c) 2011-2016, Andy Polyakov + # All rights reserved. + # + # Redistribution and use in source and binary forms, with or without +@@ -42,36 +42,50 @@ + .def padlock_capability; .scl 2; .type 32; .endef + .p2align 4 + padlock_capability: ++ ++.byte 243,15,30,250 + movq %rbx,%r8 + xorl %eax,%eax + cpuid + xorl %eax,%eax +- cmpl $1953391939,%ebx ++ cmpl $0x746e6543,%ebx ++ jne .Lzhaoxin ++ cmpl $0x48727561,%edx ++ jne .Lnoluck ++ cmpl $0x736c7561,%ecx ++ jne .Lnoluck ++ jmp .LzhaoxinEnd ++.Lzhaoxin: ++ cmpl $0x68532020,%ebx + jne .Lnoluck +- cmpl $1215460705,%edx ++ cmpl $0x68676e61,%edx + jne .Lnoluck +- cmpl $1936487777,%ecx ++ cmpl $0x20206961,%ecx + jne .Lnoluck +- movl $3221225472,%eax ++.LzhaoxinEnd: ++ movl $0xC0000000,%eax + cpuid + movl %eax,%edx + xorl %eax,%eax +- cmpl $3221225473,%edx ++ cmpl $0xC0000001,%edx + jb .Lnoluck +- movl $3221225473,%eax ++ movl $0xC0000001,%eax + cpuid + movl %edx,%eax +- andl $4294967279,%eax +- orl $16,%eax ++ andl $0xffffffef,%eax ++ orl $0x10,%eax + .Lnoluck: + movq %r8,%rbx + .byte 0xf3,0xc3 + + ++ + .globl padlock_key_bswap + .def padlock_key_bswap; .scl 2; .type 32; .endef + .p2align 4 + padlock_key_bswap: ++ ++.byte 243,15,30,250 + movl 240(%rcx),%edx + .Lbswap_loop: + movl (%rcx),%eax +@@ -83,10 +97,13 @@ padlock_key_bswap: + .byte 0xf3,0xc3 + + ++ + .globl padlock_verify_context + .def padlock_verify_context; .scl 2; .type 32; .endef + .p2align 4 + padlock_verify_context: ++ ++.byte 243,15,30,250 + movq %rcx,%rdx + pushf + leaq .Lpadlock_saved_context(%rip),%rax +@@ -95,9 +112,12 @@ padlock_verify_context: + .byte 0xf3,0xc3 + + ++ + .def _padlock_verify_ctx; .scl 3; .type 32; .endef + .p2align 4 + _padlock_verify_ctx: ++ ++.byte 243,15,30,250 + movq 8(%rsp),%r8 + btq $30,%r8 + jnc .Lverified +@@ -110,15 +130,19 @@ _padlock_verify_ctx: + .byte 0xf3,0xc3 + + ++ + .globl padlock_reload_key + .def padlock_reload_key; .scl 2; .type 32; .endef + .p2align 4 + padlock_reload_key: ++ ++.byte 243,15,30,250 + pushf + popf + .byte 0xf3,0xc3 + + ++ + .globl padlock_aes_block + .def padlock_aes_block; .scl 2; .type 32; .endef + .p2align 4 +@@ -131,15 +155,18 @@ padlock_aes_block: + movq %rdx,%rsi + movq %r8,%rdx + ++ ++.byte 243,15,30,250 + movq %rbx,%r8 + movq $1,%rcx + leaq 32(%rdx),%rbx + leaq 16(%rdx),%rdx +-.byte 0xf3,0x0f,0xa7,0xc8 ++.byte 0xf3,0x0f,0xa7,0xc8 + movq %r8,%rbx + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_aes_block: + + .globl padlock_xstore +@@ -153,11 +180,14 @@ padlock_xstore: + movq %rcx,%rdi + movq %rdx,%rsi + ++ ++.byte 243,15,30,250 + movl %esi,%edx +-.byte 0x0f,0xa7,0xc0 ++.byte 0x0f,0xa7,0xc0 + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_xstore: + + .globl padlock_sha1_oneshot +@@ -172,6 +202,8 @@ padlock_sha1_oneshot: + movq %rdx,%rsi + movq %r8,%rdx + ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -181,7 +213,7 @@ padlock_sha1_oneshot: + movq %rsp,%rdi + movl %eax,16(%rsp) + xorq %rax,%rax +-.byte 0xf3,0x0f,0xa6,0xc8 ++.byte 0xf3,0x0f,0xa6,0xc8 + movaps (%rsp),%xmm0 + movl 16(%rsp),%eax + addq $128+8,%rsp +@@ -190,6 +222,7 @@ padlock_sha1_oneshot: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_sha1_oneshot: + + .globl padlock_sha1_blocks +@@ -204,6 +237,8 @@ padlock_sha1_blocks: + movq %rdx,%rsi + movq %r8,%rdx + ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -213,7 +248,7 @@ padlock_sha1_blocks: + movq %rsp,%rdi + movl %eax,16(%rsp) + movq $-1,%rax +-.byte 0xf3,0x0f,0xa6,0xc8 ++.byte 0xf3,0x0f,0xa6,0xc8 + movaps (%rsp),%xmm0 + movl 16(%rsp),%eax + addq $128+8,%rsp +@@ -222,6 +257,7 @@ padlock_sha1_blocks: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_sha1_blocks: + + .globl padlock_sha256_oneshot +@@ -236,6 +272,8 @@ padlock_sha256_oneshot: + movq %rdx,%rsi + movq %r8,%rdx + ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -245,7 +283,7 @@ padlock_sha256_oneshot: + movq %rsp,%rdi + movaps %xmm1,16(%rsp) + xorq %rax,%rax +-.byte 0xf3,0x0f,0xa6,0xd0 ++.byte 0xf3,0x0f,0xa6,0xd0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + addq $128+8,%rsp +@@ -254,6 +292,7 @@ padlock_sha256_oneshot: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_sha256_oneshot: + + .globl padlock_sha256_blocks +@@ -268,6 +307,8 @@ padlock_sha256_blocks: + movq %rdx,%rsi + movq %r8,%rdx + ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -277,7 +318,7 @@ padlock_sha256_blocks: + movq %rsp,%rdi + movaps %xmm1,16(%rsp) + movq $-1,%rax +-.byte 0xf3,0x0f,0xa6,0xd0 ++.byte 0xf3,0x0f,0xa6,0xd0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + addq $128+8,%rsp +@@ -286,6 +327,7 @@ padlock_sha256_blocks: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_sha256_blocks: + + .globl padlock_sha512_blocks +@@ -300,6 +342,8 @@ padlock_sha512_blocks: + movq %rdx,%rsi + movq %r8,%rdx + ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -312,7 +356,7 @@ padlock_sha512_blocks: + movaps %xmm1,16(%rsp) + movaps %xmm2,32(%rsp) + movaps %xmm3,48(%rsp) +-.byte 0xf3,0x0f,0xa6,0xe0 ++.byte 0xf3,0x0f,0xa6,0xe0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + movaps 32(%rsp),%xmm2 +@@ -325,6 +369,7 @@ padlock_sha512_blocks: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_sha512_blocks: + .globl padlock_ecb_encrypt + .def padlock_ecb_encrypt; .scl 2; .type 32; .endef +@@ -339,6 +384,8 @@ padlock_ecb_encrypt: + movq %r8,%rdx + movq %r9,%rcx + ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -356,9 +403,9 @@ padlock_ecb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lecb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lecb_aligned +@@ -382,7 +429,7 @@ padlock_ecb_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $128,%rax + movq $-128,%rax + cmovaeq %rbx,%rax +@@ -398,12 +445,12 @@ padlock_ecb_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lecb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -411,15 +458,15 @@ padlock_ecb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,200 ++.byte 0xf3,0x0f,0xa7,200 + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lecb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lecb_out_aligned: + movq %r9,%rsi +@@ -440,7 +487,7 @@ padlock_ecb_encrypt: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -466,7 +513,7 @@ padlock_ecb_encrypt: + .Lecb_aligned: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $128,%rbp + movq $128-1,%rbp +@@ -477,7 +524,7 @@ padlock_ecb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,200 ++.byte 0xf3,0x0f,0xa7,200 + testq %rbp,%rbp + jz .Lecb_exit + +@@ -489,7 +536,7 @@ padlock_ecb_encrypt: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -503,6 +550,7 @@ padlock_ecb_encrypt: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_ecb_encrypt: + .globl padlock_cbc_encrypt + .def padlock_cbc_encrypt; .scl 2; .type 32; .endef +@@ -517,6 +565,8 @@ padlock_cbc_encrypt: + movq %r8,%rdx + movq %r9,%rcx + ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -534,9 +584,9 @@ padlock_cbc_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lcbc_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lcbc_aligned +@@ -560,7 +610,7 @@ padlock_cbc_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $64,%rax + movq $-64,%rax + cmovaeq %rbx,%rax +@@ -576,12 +626,12 @@ padlock_cbc_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lcbc_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -589,17 +639,17 @@ padlock_cbc_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,208 ++.byte 0xf3,0x0f,0xa7,208 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lcbc_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lcbc_out_aligned: + movq %r9,%rsi +@@ -620,7 +670,7 @@ padlock_cbc_encrypt: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -646,7 +696,7 @@ padlock_cbc_encrypt: + .Lcbc_aligned: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $64,%rbp + movq $64-1,%rbp +@@ -657,7 +707,7 @@ padlock_cbc_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,208 ++.byte 0xf3,0x0f,0xa7,208 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + testq %rbp,%rbp +@@ -671,7 +721,7 @@ padlock_cbc_encrypt: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -685,6 +735,7 @@ padlock_cbc_encrypt: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_cbc_encrypt: + .globl padlock_cfb_encrypt + .def padlock_cfb_encrypt; .scl 2; .type 32; .endef +@@ -699,6 +750,8 @@ padlock_cfb_encrypt: + movq %r8,%rdx + movq %r9,%rcx + ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -716,9 +769,9 @@ padlock_cfb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lcfb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lcfb_aligned +@@ -745,12 +798,12 @@ padlock_cfb_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lcfb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -758,17 +811,17 @@ padlock_cfb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,224 ++.byte 0xf3,0x0f,0xa7,224 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lcfb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lcfb_out_aligned: + movq %r9,%rsi +@@ -798,7 +851,7 @@ padlock_cfb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,224 ++.byte 0xf3,0x0f,0xa7,224 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + .Lcfb_exit: +@@ -810,6 +863,7 @@ padlock_cfb_encrypt: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_cfb_encrypt: + .globl padlock_ofb_encrypt + .def padlock_ofb_encrypt; .scl 2; .type 32; .endef +@@ -824,6 +878,8 @@ padlock_ofb_encrypt: + movq %r8,%rdx + movq %r9,%rcx + ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -841,9 +897,9 @@ padlock_ofb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lofb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lofb_aligned +@@ -870,12 +926,12 @@ padlock_ofb_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lofb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -883,17 +939,17 @@ padlock_ofb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,232 ++.byte 0xf3,0x0f,0xa7,232 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lofb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lofb_out_aligned: + movq %r9,%rsi +@@ -923,7 +979,7 @@ padlock_ofb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,232 ++.byte 0xf3,0x0f,0xa7,232 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + .Lofb_exit: +@@ -935,6 +991,7 @@ padlock_ofb_encrypt: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_ofb_encrypt: + .globl padlock_ctr32_encrypt + .def padlock_ctr32_encrypt; .scl 2; .type 32; .endef +@@ -949,6 +1006,8 @@ padlock_ctr32_encrypt: + movq %r8,%rdx + movq %r9,%rcx + ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -966,9 +1025,9 @@ padlock_ctr32_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lctr32_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lctr32_aligned +@@ -1003,7 +1062,7 @@ padlock_ctr32_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $32,%rax + movq $-32,%rax + cmovaeq %rbx,%rax +@@ -1019,12 +1078,12 @@ padlock_ctr32_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lctr32_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -1032,23 +1091,23 @@ padlock_ctr32_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + movl -4(%rdx),%eax +- testl $4294901760,%eax ++ testl $0xffff0000,%eax + jnz .Lctr32_no_carry + bswapl %eax +- addl $65536,%eax ++ addl $0x10000,%eax + bswapl %eax + movl %eax,-4(%rdx) + .Lctr32_no_carry: + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lctr32_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lctr32_out_aligned: + movq %r9,%rsi +@@ -1066,7 +1125,7 @@ padlock_ctr32_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $32,%rax + movq $-32,%rax + cmovaeq %rbx,%rax +@@ -1081,7 +1140,7 @@ padlock_ctr32_encrypt: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -1108,7 +1167,7 @@ padlock_ctr32_encrypt: + movl -4(%rdx),%eax + bswapl %eax + negl %eax +- andl $65535,%eax ++ andl $0xffff,%eax + movq $1048576,%rbx + shll $4,%eax + cmovzq %rbx,%rax +@@ -1125,11 +1184,11 @@ padlock_ctr32_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + + movl -4(%rdx),%eax + bswapl %eax +- addl $65536,%eax ++ addl $0x10000,%eax + bswapl %eax + movl %eax,-4(%rdx) + +@@ -1143,7 +1202,7 @@ padlock_ctr32_encrypt: + .Lctr32_aligned_skip: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $32,%rbp + movq $32-1,%rbp +@@ -1154,7 +1213,7 @@ padlock_ctr32_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + testq %rbp,%rbp + jz .Lctr32_exit + +@@ -1166,7 +1225,7 @@ padlock_ctr32_encrypt: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -1180,6 +1239,7 @@ padlock_ctr32_encrypt: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_ctr32_encrypt: + .byte 86,73,65,32,80,97,100,108,111,99,107,32,120,56,54,95,54,52,32,109,111,100,117,108,101,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .p2align 4 +diff --git a/lib/accelerated/x86/coff/ghash-x86_64.s b/lib/accelerated/x86/coff/ghash-x86_64.s +index de207e400..cfe24252f 100644 +--- a/lib/accelerated/x86/coff/ghash-x86_64.s ++++ b/lib/accelerated/x86/coff/ghash-x86_64.s +@@ -52,6 +52,7 @@ gcm_gmult_4bit: + movq %rdx,%rsi + + ++.byte 243,15,30,250 + pushq %rbx + + pushq %rbp +@@ -168,6 +169,7 @@ gcm_ghash_4bit: + movq %r9,%rcx + + ++.byte 243,15,30,250 + pushq %rbx + + pushq %rbp +@@ -918,6 +920,7 @@ gcm_init_clmul: + .p2align 4 + gcm_gmult_clmul: + ++.byte 243,15,30,250 + .L_gmult_clmul: + movdqu (%rcx),%xmm0 + movdqa .Lbswap_mask(%rip),%xmm5 +@@ -971,6 +974,7 @@ gcm_gmult_clmul: + .p2align 5 + gcm_ghash_clmul: + ++.byte 243,15,30,250 + .L_ghash_clmul: + leaq -136(%rsp),%rax + .LSEH_begin_gcm_ghash_clmul: +@@ -1498,6 +1502,7 @@ gcm_init_avx: + .p2align 5 + gcm_gmult_avx: + ++.byte 243,15,30,250 + jmp .L_gmult_clmul + + +@@ -1506,6 +1511,7 @@ gcm_gmult_avx: + .p2align 5 + gcm_ghash_avx: + ++.byte 243,15,30,250 + leaq -136(%rsp),%rax + .LSEH_begin_gcm_ghash_avx: + +diff --git a/lib/accelerated/x86/coff/sha1-ssse3-x86.s b/lib/accelerated/x86/coff/sha1-ssse3-x86.s +index 30f9ded21..34b33601e 100644 +--- a/lib/accelerated/x86/coff/sha1-ssse3-x86.s ++++ b/lib/accelerated/x86/coff/sha1-ssse3-x86.s +@@ -43,6 +43,7 @@ + .align 16 + _sha1_block_data_order: + .L_sha1_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +diff --git a/lib/accelerated/x86/coff/sha1-ssse3-x86_64.s b/lib/accelerated/x86/coff/sha1-ssse3-x86_64.s +index cdfc88254..79f841f1a 100644 +--- a/lib/accelerated/x86/coff/sha1-ssse3-x86_64.s ++++ b/lib/accelerated/x86/coff/sha1-ssse3-x86_64.s +@@ -1490,10 +1490,10 @@ _shaext_shortcut: + movaps -8-16(%rax),%xmm9 + movq %rax,%rsp + .Lepilogue_shaext: +- + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_sha1_block_data_order_shaext: + .def sha1_block_data_order_ssse3; .scl 3; .type 32; .endef + .p2align 4 +diff --git a/lib/accelerated/x86/coff/sha256-ssse3-x86.s b/lib/accelerated/x86/coff/sha256-ssse3-x86.s +index 05cd61d1b..8109c6b51 100644 +--- a/lib/accelerated/x86/coff/sha256-ssse3-x86.s ++++ b/lib/accelerated/x86/coff/sha256-ssse3-x86.s +@@ -43,6 +43,7 @@ + .align 16 + _sha256_block_data_order: + .L_sha256_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +diff --git a/lib/accelerated/x86/coff/sha256-ssse3-x86_64.s b/lib/accelerated/x86/coff/sha256-ssse3-x86_64.s +index d2fc1957e..78fae2a62 100644 +--- a/lib/accelerated/x86/coff/sha256-ssse3-x86_64.s ++++ b/lib/accelerated/x86/coff/sha256-ssse3-x86_64.s +@@ -1832,6 +1832,7 @@ sha256_block_data_order_shaext: + movq %r8,%rdx + + _shaext_shortcut: ++ + leaq -88(%rsp),%rsp + movaps %xmm6,-8-80(%rax) + movaps %xmm7,-8-64(%rax) +@@ -2050,6 +2051,7 @@ _shaext_shortcut: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_sha256_block_data_order_shaext: + .def sha256_block_data_order_ssse3; .scl 3; .type 32; .endef + .p2align 6 +@@ -5501,6 +5503,8 @@ sha256_block_data_order_avx2: + + leaq 448(%rsp),%rsp + ++ ++ + addl 0(%rdi),%eax + addl 4(%rdi),%ebx + addl 8(%rdi),%ecx +@@ -5526,15 +5530,17 @@ sha256_block_data_order_avx2: + jbe .Loop_avx2 + leaq (%rsp),%rbp + ++ ++ ++ + .Ldone_avx2: +- leaq (%rbp),%rsp +- movq 88(%rsp),%rsi ++ movq 88(%rbp),%rsi + + vzeroupper +- movaps 64+32(%rsp),%xmm6 +- movaps 64+48(%rsp),%xmm7 +- movaps 64+64(%rsp),%xmm8 +- movaps 64+80(%rsp),%xmm9 ++ movaps 64+32(%rbp),%xmm6 ++ movaps 64+48(%rbp),%xmm7 ++ movaps 64+64(%rbp),%xmm8 ++ movaps 64+80(%rbp),%xmm9 + movq -48(%rsi),%r15 + + movq -40(%rsi),%r14 +diff --git a/lib/accelerated/x86/coff/sha512-ssse3-x86.s b/lib/accelerated/x86/coff/sha512-ssse3-x86.s +index 72a7f73d7..321a18541 100644 +--- a/lib/accelerated/x86/coff/sha512-ssse3-x86.s ++++ b/lib/accelerated/x86/coff/sha512-ssse3-x86.s +@@ -43,6 +43,7 @@ + .align 16 + _sha512_block_data_order: + .L_sha512_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +diff --git a/lib/accelerated/x86/coff/sha512-ssse3-x86_64.s b/lib/accelerated/x86/coff/sha512-ssse3-x86_64.s +index 419fa2a98..836e0cf66 100644 +--- a/lib/accelerated/x86/coff/sha512-ssse3-x86_64.s ++++ b/lib/accelerated/x86/coff/sha512-ssse3-x86_64.s +@@ -5494,6 +5494,8 @@ sha512_block_data_order_avx2: + + leaq 1152(%rsp),%rsp + ++ ++ + addq 0(%rdi),%rax + addq 8(%rdi),%rbx + addq 16(%rdi),%rcx +@@ -5519,17 +5521,19 @@ sha512_block_data_order_avx2: + jbe .Loop_avx2 + leaq (%rsp),%rbp + ++ ++ ++ + .Ldone_avx2: +- leaq (%rbp),%rsp +- movq 152(%rsp),%rsi ++ movq 152(%rbp),%rsi + + vzeroupper +- movaps 128+32(%rsp),%xmm6 +- movaps 128+48(%rsp),%xmm7 +- movaps 128+64(%rsp),%xmm8 +- movaps 128+80(%rsp),%xmm9 +- movaps 128+96(%rsp),%xmm10 +- movaps 128+112(%rsp),%xmm11 ++ movaps 128+32(%rbp),%xmm6 ++ movaps 128+48(%rbp),%xmm7 ++ movaps 128+64(%rbp),%xmm8 ++ movaps 128+80(%rbp),%xmm9 ++ movaps 128+96(%rbp),%xmm10 ++ movaps 128+112(%rbp),%xmm11 + movq -48(%rsi),%r15 + + movq -40(%rsi),%r14 +diff --git a/lib/accelerated/x86/elf/aes-ssse3-x86.s b/lib/accelerated/x86/elf/aes-ssse3-x86.s +index 265e28a7e..7be53059f 100644 +--- a/lib/accelerated/x86/elf/aes-ssse3-x86.s ++++ b/lib/accelerated/x86/elf/aes-ssse3-x86.s +@@ -71,6 +71,7 @@ + .type _vpaes_preheat,@function + .align 16 + _vpaes_preheat: ++.byte 243,15,30,251 + addl (%esp),%ebp + movdqa -48(%ebp),%xmm7 + movdqa -16(%ebp),%xmm6 +@@ -79,6 +80,7 @@ _vpaes_preheat: + .type _vpaes_encrypt_core,@function + .align 16 + _vpaes_encrypt_core: ++.byte 243,15,30,251 + movl $16,%ecx + movl 240(%edx),%eax + movdqa %xmm6,%xmm1 +@@ -156,6 +158,7 @@ _vpaes_encrypt_core: + .type _vpaes_decrypt_core,@function + .align 16 + _vpaes_decrypt_core: ++.byte 243,15,30,251 + leal 608(%ebp),%ebx + movl 240(%edx),%eax + movdqa %xmm6,%xmm1 +@@ -244,6 +247,7 @@ _vpaes_decrypt_core: + .type _vpaes_schedule_core,@function + .align 16 + _vpaes_schedule_core: ++.byte 243,15,30,251 + addl (%esp),%ebp + movdqu (%esi),%xmm0 + movdqa 320(%ebp),%xmm2 +@@ -338,6 +342,7 @@ _vpaes_schedule_core: + .type _vpaes_schedule_192_smear,@function + .align 16 + _vpaes_schedule_192_smear: ++.byte 243,15,30,251 + pshufd $128,%xmm6,%xmm1 + pshufd $254,%xmm7,%xmm0 + pxor %xmm1,%xmm6 +@@ -350,6 +355,7 @@ _vpaes_schedule_192_smear: + .type _vpaes_schedule_round,@function + .align 16 + _vpaes_schedule_round: ++.byte 243,15,30,251 + movdqa 8(%esp),%xmm2 + pxor %xmm1,%xmm1 + .byte 102,15,58,15,202,15 +@@ -399,6 +405,7 @@ _vpaes_schedule_round: + .type _vpaes_schedule_transform,@function + .align 16 + _vpaes_schedule_transform: ++.byte 243,15,30,251 + movdqa -16(%ebp),%xmm2 + movdqa %xmm2,%xmm1 + pandn %xmm0,%xmm1 +@@ -414,6 +421,7 @@ _vpaes_schedule_transform: + .type _vpaes_schedule_mangle,@function + .align 16 + _vpaes_schedule_mangle: ++.byte 243,15,30,251 + movdqa %xmm0,%xmm4 + movdqa 128(%ebp),%xmm5 + testl %edi,%edi +@@ -475,6 +483,7 @@ _vpaes_schedule_mangle: + .align 16 + vpaes_set_encrypt_key: + .L_vpaes_set_encrypt_key_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -508,6 +517,7 @@ vpaes_set_encrypt_key: + .align 16 + vpaes_set_decrypt_key: + .L_vpaes_set_decrypt_key_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -546,6 +556,7 @@ vpaes_set_decrypt_key: + .align 16 + vpaes_encrypt: + .L_vpaes_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -575,6 +586,7 @@ vpaes_encrypt: + .align 16 + vpaes_decrypt: + .L_vpaes_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -604,6 +616,7 @@ vpaes_decrypt: + .align 16 + vpaes_cbc_encrypt: + .L_vpaes_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -671,4 +684,21 @@ vpaes_cbc_encrypt: + ret + .size vpaes_cbc_encrypt,.-.L_vpaes_cbc_encrypt_begin + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: ++ + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/aes-ssse3-x86_64.s b/lib/accelerated/x86/elf/aes-ssse3-x86_64.s +index ea1216baf..5a3f336f2 100644 +--- a/lib/accelerated/x86/elf/aes-ssse3-x86_64.s ++++ b/lib/accelerated/x86/elf/aes-ssse3-x86_64.s +@@ -635,6 +635,7 @@ _vpaes_schedule_mangle: + .align 16 + vpaes_set_encrypt_key: + .cfi_startproc ++.byte 243,15,30,250 + movl %esi,%eax + shrl $5,%eax + addl $5,%eax +@@ -653,6 +654,7 @@ vpaes_set_encrypt_key: + .align 16 + vpaes_set_decrypt_key: + .cfi_startproc ++.byte 243,15,30,250 + movl %esi,%eax + shrl $5,%eax + addl $5,%eax +@@ -676,6 +678,7 @@ vpaes_set_decrypt_key: + .align 16 + vpaes_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + movdqu (%rdi),%xmm0 + call _vpaes_preheat + call _vpaes_encrypt_core +@@ -689,6 +692,7 @@ vpaes_encrypt: + .align 16 + vpaes_decrypt: + .cfi_startproc ++.byte 243,15,30,250 + movdqu (%rdi),%xmm0 + call _vpaes_preheat + call _vpaes_decrypt_core +@@ -701,6 +705,7 @@ vpaes_decrypt: + .align 16 + vpaes_cbc_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + xchgq %rcx,%rdx + subq $16,%rcx + jc .Lcbc_abort +@@ -863,5 +868,26 @@ _vpaes_consts: + .byte 86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0 + .align 64 + .size _vpaes_consts,.-_vpaes_consts ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/aesni-gcm-x86_64.s b/lib/accelerated/x86/elf/aesni-gcm-x86_64.s +index e26d18d69..1a11222e7 100644 +--- a/lib/accelerated/x86/elf/aesni-gcm-x86_64.s ++++ b/lib/accelerated/x86/elf/aesni-gcm-x86_64.s +@@ -42,6 +42,8 @@ + .type _aesni_ctr32_ghash_6x,@function + .align 32 + _aesni_ctr32_ghash_6x: ++.cfi_startproc ++.byte 243,15,30,250 + vmovdqu 32(%r11),%xmm2 + subq $6,%rdx + vpxor %xmm4,%xmm4,%xmm4 +@@ -349,12 +351,14 @@ _aesni_ctr32_ghash_6x: + vpxor %xmm4,%xmm8,%xmm8 + + .byte 0xf3,0xc3 ++.cfi_endproc + .size _aesni_ctr32_ghash_6x,.-_aesni_ctr32_ghash_6x + .globl aesni_gcm_decrypt + .type aesni_gcm_decrypt,@function + .align 32 + aesni_gcm_decrypt: + .cfi_startproc ++.byte 243,15,30,250 + xorq %r10,%r10 + cmpq $0x60,%rdx + jb .Lgcm_dec_abort +@@ -455,6 +459,8 @@ aesni_gcm_decrypt: + .type _aesni_ctr32_6x,@function + .align 32 + _aesni_ctr32_6x: ++.cfi_startproc ++.byte 243,15,30,250 + vmovdqu 0-128(%rcx),%xmm4 + vmovdqu 32(%r11),%xmm2 + leaq -1(%rbp),%r13 +@@ -541,6 +547,7 @@ _aesni_ctr32_6x: + vpshufb %xmm0,%xmm1,%xmm1 + vpxor %xmm4,%xmm14,%xmm14 + jmp .Loop_ctr32 ++.cfi_endproc + .size _aesni_ctr32_6x,.-_aesni_ctr32_6x + + .globl aesni_gcm_encrypt +@@ -548,6 +555,7 @@ _aesni_ctr32_6x: + .align 32 + aesni_gcm_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + xorq %r10,%r10 + cmpq $288,%rdx + jb .Lgcm_enc_abort +@@ -822,5 +830,26 @@ aesni_gcm_encrypt: + .byte 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 + .byte 65,69,83,45,78,73,32,71,67,77,32,109,111,100,117,108,101,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .align 64 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/aesni-x86.s b/lib/accelerated/x86/elf/aesni-x86.s +index 6e4860209..f41d5f9ef 100644 +--- a/lib/accelerated/x86/elf/aesni-x86.s ++++ b/lib/accelerated/x86/elf/aesni-x86.s +@@ -43,6 +43,7 @@ + .align 16 + aesni_encrypt: + .L_aesni_encrypt_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 12(%esp),%edx + movups (%eax),%xmm2 +@@ -70,6 +71,7 @@ aesni_encrypt: + .align 16 + aesni_decrypt: + .L_aesni_decrypt_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 12(%esp),%edx + movups (%eax),%xmm2 +@@ -95,6 +97,7 @@ aesni_decrypt: + .type _aesni_encrypt2,@function + .align 16 + _aesni_encrypt2: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -122,6 +125,7 @@ _aesni_encrypt2: + .type _aesni_decrypt2,@function + .align 16 + _aesni_decrypt2: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -149,6 +153,7 @@ _aesni_decrypt2: + .type _aesni_encrypt3,@function + .align 16 + _aesni_encrypt3: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -181,6 +186,7 @@ _aesni_encrypt3: + .type _aesni_decrypt3,@function + .align 16 + _aesni_decrypt3: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -213,6 +219,7 @@ _aesni_decrypt3: + .type _aesni_encrypt4,@function + .align 16 + _aesni_encrypt4: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + movups 16(%edx),%xmm1 + shll $4,%ecx +@@ -251,6 +258,7 @@ _aesni_encrypt4: + .type _aesni_decrypt4,@function + .align 16 + _aesni_decrypt4: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + movups 16(%edx),%xmm1 + shll $4,%ecx +@@ -289,6 +297,7 @@ _aesni_decrypt4: + .type _aesni_encrypt6,@function + .align 16 + _aesni_encrypt6: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -343,6 +352,7 @@ _aesni_encrypt6: + .type _aesni_decrypt6,@function + .align 16 + _aesni_decrypt6: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -399,6 +409,7 @@ _aesni_decrypt6: + .align 16 + aesni_ecb_encrypt: + .L_aesni_ecb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -634,6 +645,7 @@ aesni_ecb_encrypt: + .align 16 + aesni_ccm64_encrypt_blocks: + .L_aesni_ccm64_encrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -722,6 +734,7 @@ aesni_ccm64_encrypt_blocks: + .align 16 + aesni_ccm64_decrypt_blocks: + .L_aesni_ccm64_decrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -845,6 +858,7 @@ aesni_ccm64_decrypt_blocks: + .align 16 + aesni_ctr32_encrypt_blocks: + .L_aesni_ctr32_encrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1083,6 +1097,7 @@ aesni_ctr32_encrypt_blocks: + .align 16 + aesni_xts_encrypt: + .L_aesni_xts_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1443,6 +1458,7 @@ aesni_xts_encrypt: + .align 16 + aesni_xts_decrypt: + .L_aesni_xts_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1833,6 +1849,7 @@ aesni_xts_decrypt: + .align 16 + aesni_ocb_encrypt: + .L_aesni_ocb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2228,6 +2245,7 @@ aesni_ocb_encrypt: + .align 16 + aesni_ocb_decrypt: + .L_aesni_ocb_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2623,6 +2641,7 @@ aesni_ocb_decrypt: + .align 16 + aesni_cbc_encrypt: + .L_aesni_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2882,6 +2901,7 @@ aesni_cbc_encrypt: + .type _aesni_set_encrypt_key,@function + .align 16 + _aesni_set_encrypt_key: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + testl %eax,%eax +@@ -3217,6 +3237,7 @@ _aesni_set_encrypt_key: + .align 16 + aesni_set_encrypt_key: + .L_aesni_set_encrypt_key_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 8(%esp),%ecx + movl 12(%esp),%edx +@@ -3228,6 +3249,7 @@ aesni_set_encrypt_key: + .align 16 + aesni_set_decrypt_key: + .L_aesni_set_decrypt_key_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 8(%esp),%ecx + movl 12(%esp),%edx +@@ -3275,4 +3297,21 @@ aesni_set_decrypt_key: + .byte 115,108,46,111,114,103,62,0 + .comm _gnutls_x86_cpuid_s,16,4 + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: ++ + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/aesni-x86_64.s b/lib/accelerated/x86/elf/aesni-x86_64.s +index 43cf4e68d..e3f9d5a99 100644 +--- a/lib/accelerated/x86/elf/aesni-x86_64.s ++++ b/lib/accelerated/x86/elf/aesni-x86_64.s +@@ -44,6 +44,7 @@ + .align 16 + aesni_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + movups (%rdi),%xmm2 + movl 240(%rdx),%eax + movups (%rdx),%xmm0 +@@ -70,6 +71,7 @@ aesni_encrypt: + .align 16 + aesni_decrypt: + .cfi_startproc ++.byte 243,15,30,250 + movups (%rdi),%xmm2 + movl 240(%rdx),%eax + movups (%rdx),%xmm0 +@@ -557,6 +559,7 @@ _aesni_decrypt8: + .align 16 + aesni_ecb_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + andq $-16,%rdx + jz .Lecb_ret + +@@ -900,6 +903,8 @@ aesni_ecb_encrypt: + .type aesni_ccm64_encrypt_blocks,@function + .align 16 + aesni_ccm64_encrypt_blocks: ++.cfi_startproc ++.byte 243,15,30,250 + movl 240(%rcx),%eax + movdqu (%r8),%xmm6 + movdqa .Lincrement64(%rip),%xmm9 +@@ -958,11 +963,14 @@ aesni_ccm64_encrypt_blocks: + pxor %xmm8,%xmm8 + pxor %xmm6,%xmm6 + .byte 0xf3,0xc3 ++.cfi_endproc + .size aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks + .globl aesni_ccm64_decrypt_blocks + .type aesni_ccm64_decrypt_blocks,@function + .align 16 + aesni_ccm64_decrypt_blocks: ++.cfi_startproc ++.byte 243,15,30,250 + movl 240(%rcx),%eax + movups (%r8),%xmm6 + movdqu (%r9),%xmm3 +@@ -1055,12 +1063,14 @@ aesni_ccm64_decrypt_blocks: + pxor %xmm8,%xmm8 + pxor %xmm6,%xmm6 + .byte 0xf3,0xc3 ++.cfi_endproc + .size aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks + .globl aesni_ctr32_encrypt_blocks + .type aesni_ctr32_encrypt_blocks,@function + .align 16 + aesni_ctr32_encrypt_blocks: + .cfi_startproc ++.byte 243,15,30,250 + cmpq $1,%rdx + jne .Lctr32_bulk + +@@ -1639,6 +1649,7 @@ aesni_ctr32_encrypt_blocks: + .align 16 + aesni_xts_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + leaq (%rsp),%r11 + .cfi_def_cfa_register %r11 + pushq %rbp +@@ -2109,6 +2120,7 @@ aesni_xts_encrypt: + .align 16 + aesni_xts_decrypt: + .cfi_startproc ++.byte 243,15,30,250 + leaq (%rsp),%r11 + .cfi_def_cfa_register %r11 + pushq %rbp +@@ -2616,6 +2628,7 @@ aesni_xts_decrypt: + .align 32 + aesni_ocb_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + leaq (%rsp),%rax + pushq %rbx + .cfi_adjust_cfa_offset 8 +@@ -2829,6 +2842,7 @@ aesni_ocb_encrypt: + .type __ocb_encrypt6,@function + .align 32 + __ocb_encrypt6: ++.cfi_startproc + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -2926,11 +2940,13 @@ __ocb_encrypt6: + .byte 102,65,15,56,221,246 + .byte 102,65,15,56,221,255 + .byte 0xf3,0xc3 ++.cfi_endproc + .size __ocb_encrypt6,.-__ocb_encrypt6 + + .type __ocb_encrypt4,@function + .align 32 + __ocb_encrypt4: ++.cfi_startproc + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -2995,11 +3011,13 @@ __ocb_encrypt4: + .byte 102,65,15,56,221,228 + .byte 102,65,15,56,221,237 + .byte 0xf3,0xc3 ++.cfi_endproc + .size __ocb_encrypt4,.-__ocb_encrypt4 + + .type __ocb_encrypt1,@function + .align 32 + __ocb_encrypt1: ++.cfi_startproc + pxor %xmm15,%xmm7 + pxor %xmm9,%xmm7 + pxor %xmm2,%xmm8 +@@ -3030,6 +3048,7 @@ __ocb_encrypt1: + + .byte 102,15,56,221,215 + .byte 0xf3,0xc3 ++.cfi_endproc + .size __ocb_encrypt1,.-__ocb_encrypt1 + + .globl aesni_ocb_decrypt +@@ -3037,6 +3056,7 @@ __ocb_encrypt1: + .align 32 + aesni_ocb_decrypt: + .cfi_startproc ++.byte 243,15,30,250 + leaq (%rsp),%rax + pushq %rbx + .cfi_adjust_cfa_offset 8 +@@ -3272,6 +3292,7 @@ aesni_ocb_decrypt: + .type __ocb_decrypt6,@function + .align 32 + __ocb_decrypt6: ++.cfi_startproc + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -3363,11 +3384,13 @@ __ocb_decrypt6: + .byte 102,65,15,56,223,246 + .byte 102,65,15,56,223,255 + .byte 0xf3,0xc3 ++.cfi_endproc + .size __ocb_decrypt6,.-__ocb_decrypt6 + + .type __ocb_decrypt4,@function + .align 32 + __ocb_decrypt4: ++.cfi_startproc + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -3428,11 +3451,13 @@ __ocb_decrypt4: + .byte 102,65,15,56,223,228 + .byte 102,65,15,56,223,237 + .byte 0xf3,0xc3 ++.cfi_endproc + .size __ocb_decrypt4,.-__ocb_decrypt4 + + .type __ocb_decrypt1,@function + .align 32 + __ocb_decrypt1: ++.cfi_startproc + pxor %xmm15,%xmm7 + pxor %xmm9,%xmm7 + pxor %xmm7,%xmm2 +@@ -3462,12 +3487,14 @@ __ocb_decrypt1: + + .byte 102,15,56,223,215 + .byte 0xf3,0xc3 ++.cfi_endproc + .size __ocb_decrypt1,.-__ocb_decrypt1 + .globl aesni_cbc_encrypt + .type aesni_cbc_encrypt,@function + .align 16 + aesni_cbc_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + testq %rdx,%rdx + jz .Lcbc_ret + +@@ -4400,7 +4427,6 @@ __aesni_set_encrypt_key: + addq $8,%rsp + .cfi_adjust_cfa_offset -8 + .byte 0xf3,0xc3 +-.cfi_endproc + .LSEH_end_set_encrypt_key: + + .align 16 +@@ -4471,6 +4497,7 @@ __aesni_set_encrypt_key: + shufps $170,%xmm1,%xmm1 + xorps %xmm1,%xmm2 + .byte 0xf3,0xc3 ++.cfi_endproc + .size aesni_set_encrypt_key,.-aesni_set_encrypt_key + .size __aesni_set_encrypt_key,.-__aesni_set_encrypt_key + .align 64 +@@ -4495,5 +4522,26 @@ __aesni_set_encrypt_key: + + .byte 65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .align 64 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/e_padlock-x86.s b/lib/accelerated/x86/elf/e_padlock-x86.s +index ed8681ee4..dd56518f6 100644 +--- a/lib/accelerated/x86/elf/e_padlock-x86.s ++++ b/lib/accelerated/x86/elf/e_padlock-x86.s +@@ -1,4 +1,4 @@ +-# Copyright (c) 2011-2013, Andy Polyakov ++# Copyright (c) 2011-2016, Andy Polyakov + # All rights reserved. + # + # Redistribution and use in source and binary forms, with or without +@@ -37,13 +37,13 @@ + # + # *** This file is auto-generated *** + # +-.file "devel/perlasm/e_padlock-x86.s" + .text + .globl padlock_capability + .type padlock_capability,@function + .align 16 + padlock_capability: + .L_padlock_capability_begin: ++.byte 243,15,30,251 + pushl %ebx + pushfl + popl %eax +@@ -60,11 +60,20 @@ padlock_capability: + .byte 0x0f,0xa2 + xorl %eax,%eax + cmpl $0x746e6543,%ebx +- jne .L000noluck ++ jne .L001zhaoxin + cmpl $0x48727561,%edx + jne .L000noluck + cmpl $0x736c7561,%ecx + jne .L000noluck ++ jmp .L002zhaoxinEnd ++.L001zhaoxin: ++ cmpl $0x68532020,%ebx ++ jne .L000noluck ++ cmpl $0x68676e61,%edx ++ jne .L000noluck ++ cmpl $0x20206961,%ecx ++ jne .L000noluck ++.L002zhaoxinEnd: + movl $3221225472,%eax + .byte 0x0f,0xa2 + movl %eax,%edx +@@ -95,15 +104,16 @@ padlock_capability: + .align 16 + padlock_key_bswap: + .L_padlock_key_bswap_begin: ++.byte 243,15,30,251 + movl 4(%esp),%edx + movl 240(%edx),%ecx +-.L001bswap_loop: ++.L003bswap_loop: + movl (%edx),%eax + bswap %eax + movl %eax,(%edx) + leal 4(%edx),%edx + subl $1,%ecx +- jnz .L001bswap_loop ++ jnz .L003bswap_loop + ret + .size padlock_key_bswap,.-.L_padlock_key_bswap_begin + .globl padlock_verify_context +@@ -111,25 +121,27 @@ padlock_key_bswap: + .align 16 + padlock_verify_context: + .L_padlock_verify_context_begin: ++.byte 243,15,30,251 + movl 4(%esp),%edx +- leal .Lpadlock_saved_context-.L002verify_pic_point,%eax ++ leal .Lpadlock_saved_context-.L004verify_pic_point,%eax + pushfl + call _padlock_verify_ctx +-.L002verify_pic_point: ++.L004verify_pic_point: + leal 4(%esp),%esp + ret + .size padlock_verify_context,.-.L_padlock_verify_context_begin + .type _padlock_verify_ctx,@function + .align 16 + _padlock_verify_ctx: ++.byte 243,15,30,251 + addl (%esp),%eax + btl $30,4(%esp) +- jnc .L003verified ++ jnc .L005verified + cmpl (%eax),%edx +- je .L003verified ++ je .L005verified + pushfl + popfl +-.L003verified: ++.L005verified: + movl %edx,(%eax) + ret + .size _padlock_verify_ctx,.-_padlock_verify_ctx +@@ -138,6 +150,7 @@ _padlock_verify_ctx: + .align 16 + padlock_reload_key: + .L_padlock_reload_key_begin: ++.byte 243,15,30,251 + pushfl + popfl + ret +@@ -147,6 +160,7 @@ padlock_reload_key: + .align 16 + padlock_aes_block: + .L_padlock_aes_block_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + pushl %ebx +@@ -167,6 +181,7 @@ padlock_aes_block: + .align 16 + padlock_ecb_encrypt: + .L_padlock_ecb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -176,25 +191,25 @@ padlock_ecb_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L004ecb_abort ++ jnz .L006ecb_abort + testl $15,%ecx +- jnz .L004ecb_abort +- leal .Lpadlock_saved_context-.L005ecb_pic_point,%eax ++ jnz .L006ecb_abort ++ leal .Lpadlock_saved_context-.L007ecb_pic_point,%eax + pushfl + cld + call _padlock_verify_ctx +-.L005ecb_pic_point: ++.L007ecb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L006ecb_aligned ++ jnz .L008ecb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L006ecb_aligned ++ jnz .L008ecb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -213,7 +228,7 @@ padlock_ecb_encrypt: + andl $-16,%esp + movl %eax,16(%ebp) + cmpl %ebx,%ecx +- ja .L007ecb_loop ++ ja .L009ecb_loop + movl %esi,%eax + cmpl %esp,%ebp + cmovel %edi,%eax +@@ -224,10 +239,10 @@ padlock_ecb_encrypt: + movl $-128,%eax + cmovael %ebx,%eax + andl %eax,%ebx +- jz .L008ecb_unaligned_tail +- jmp .L007ecb_loop ++ jz .L010ecb_unaligned_tail ++ jmp .L009ecb_loop + .align 16 +-.L007ecb_loop: ++.L009ecb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -236,13 +251,13 @@ padlock_ecb_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L009ecb_inp_aligned ++ jz .L011ecb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L009ecb_inp_aligned: ++.L011ecb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -250,23 +265,23 @@ padlock_ecb_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L010ecb_out_aligned ++ jz .L012ecb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L010ecb_out_aligned: ++.L012ecb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jz .L011ecb_break ++ jz .L013ecb_break + cmpl %ebx,%ecx +- jae .L007ecb_loop +-.L008ecb_unaligned_tail: ++ jae .L009ecb_loop ++.L010ecb_unaligned_tail: + xorl %eax,%eax + cmpl %ebp,%esp + cmovel %ecx,%eax +@@ -279,24 +294,24 @@ padlock_ecb_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L007ecb_loop ++ jmp .L009ecb_loop + .align 16 +-.L011ecb_break: ++.L013ecb_break: + cmpl %ebp,%esp +- je .L012ecb_done ++ je .L014ecb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L013ecb_bzero: ++.L015ecb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L013ecb_bzero +-.L012ecb_done: ++ ja .L015ecb_bzero ++.L014ecb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L014ecb_exit ++ jmp .L016ecb_exit + .align 16 +-.L006ecb_aligned: ++.L008ecb_aligned: + leal (%esi,%ecx,1),%ebp + negl %ebp + andl $4095,%ebp +@@ -306,14 +321,14 @@ padlock_ecb_encrypt: + cmovael %eax,%ebp + andl %ecx,%ebp + subl %ebp,%ecx +- jz .L015ecb_aligned_tail ++ jz .L017ecb_aligned_tail + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,200 + testl %ebp,%ebp +- jz .L014ecb_exit +-.L015ecb_aligned_tail: ++ jz .L016ecb_exit ++.L017ecb_aligned_tail: + movl %ebp,%ecx + leal -24(%esp),%ebp + movl %ebp,%esp +@@ -330,11 +345,11 @@ padlock_ecb_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L007ecb_loop +-.L014ecb_exit: ++ jmp .L009ecb_loop ++.L016ecb_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L004ecb_abort: ++.L006ecb_abort: + popl %edi + popl %esi + popl %ebx +@@ -346,6 +361,7 @@ padlock_ecb_encrypt: + .align 16 + padlock_cbc_encrypt: + .L_padlock_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -355,25 +371,25 @@ padlock_cbc_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L016cbc_abort ++ jnz .L018cbc_abort + testl $15,%ecx +- jnz .L016cbc_abort +- leal .Lpadlock_saved_context-.L017cbc_pic_point,%eax ++ jnz .L018cbc_abort ++ leal .Lpadlock_saved_context-.L019cbc_pic_point,%eax + pushfl + cld + call _padlock_verify_ctx +-.L017cbc_pic_point: ++.L019cbc_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L018cbc_aligned ++ jnz .L020cbc_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L018cbc_aligned ++ jnz .L020cbc_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -392,7 +408,7 @@ padlock_cbc_encrypt: + andl $-16,%esp + movl %eax,16(%ebp) + cmpl %ebx,%ecx +- ja .L019cbc_loop ++ ja .L021cbc_loop + movl %esi,%eax + cmpl %esp,%ebp + cmovel %edi,%eax +@@ -403,10 +419,10 @@ padlock_cbc_encrypt: + movl $-64,%eax + cmovael %ebx,%eax + andl %eax,%ebx +- jz .L020cbc_unaligned_tail +- jmp .L019cbc_loop ++ jz .L022cbc_unaligned_tail ++ jmp .L021cbc_loop + .align 16 +-.L019cbc_loop: ++.L021cbc_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -415,13 +431,13 @@ padlock_cbc_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L021cbc_inp_aligned ++ jz .L023cbc_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L021cbc_inp_aligned: ++.L023cbc_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -431,23 +447,23 @@ padlock_cbc_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L022cbc_out_aligned ++ jz .L024cbc_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L022cbc_out_aligned: ++.L024cbc_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jz .L023cbc_break ++ jz .L025cbc_break + cmpl %ebx,%ecx +- jae .L019cbc_loop +-.L020cbc_unaligned_tail: ++ jae .L021cbc_loop ++.L022cbc_unaligned_tail: + xorl %eax,%eax + cmpl %ebp,%esp + cmovel %ecx,%eax +@@ -460,24 +476,24 @@ padlock_cbc_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L019cbc_loop ++ jmp .L021cbc_loop + .align 16 +-.L023cbc_break: ++.L025cbc_break: + cmpl %ebp,%esp +- je .L024cbc_done ++ je .L026cbc_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L025cbc_bzero: ++.L027cbc_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L025cbc_bzero +-.L024cbc_done: ++ ja .L027cbc_bzero ++.L026cbc_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L026cbc_exit ++ jmp .L028cbc_exit + .align 16 +-.L018cbc_aligned: ++.L020cbc_aligned: + leal (%esi,%ecx,1),%ebp + negl %ebp + andl $4095,%ebp +@@ -487,7 +503,7 @@ padlock_cbc_encrypt: + cmovael %eax,%ebp + andl %ecx,%ebp + subl %ebp,%ecx +- jz .L027cbc_aligned_tail ++ jz .L029cbc_aligned_tail + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -495,8 +511,8 @@ padlock_cbc_encrypt: + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) + testl %ebp,%ebp +- jz .L026cbc_exit +-.L027cbc_aligned_tail: ++ jz .L028cbc_exit ++.L029cbc_aligned_tail: + movl %ebp,%ecx + leal -24(%esp),%ebp + movl %ebp,%esp +@@ -513,11 +529,11 @@ padlock_cbc_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L019cbc_loop +-.L026cbc_exit: ++ jmp .L021cbc_loop ++.L028cbc_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L016cbc_abort: ++.L018cbc_abort: + popl %edi + popl %esi + popl %ebx +@@ -529,6 +545,7 @@ padlock_cbc_encrypt: + .align 16 + padlock_cfb_encrypt: + .L_padlock_cfb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -538,25 +555,25 @@ padlock_cfb_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L028cfb_abort ++ jnz .L030cfb_abort + testl $15,%ecx +- jnz .L028cfb_abort +- leal .Lpadlock_saved_context-.L029cfb_pic_point,%eax ++ jnz .L030cfb_abort ++ leal .Lpadlock_saved_context-.L031cfb_pic_point,%eax + pushfl + cld + call _padlock_verify_ctx +-.L029cfb_pic_point: ++.L031cfb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L030cfb_aligned ++ jnz .L032cfb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L030cfb_aligned ++ jnz .L032cfb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -574,9 +591,9 @@ padlock_cfb_encrypt: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp .L031cfb_loop ++ jmp .L033cfb_loop + .align 16 +-.L031cfb_loop: ++.L033cfb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -585,13 +602,13 @@ padlock_cfb_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L032cfb_inp_aligned ++ jz .L034cfb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L032cfb_inp_aligned: ++.L034cfb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -601,45 +618,45 @@ padlock_cfb_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L033cfb_out_aligned ++ jz .L035cfb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L033cfb_out_aligned: ++.L035cfb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz .L031cfb_loop ++ jnz .L033cfb_loop + cmpl %ebp,%esp +- je .L034cfb_done ++ je .L036cfb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L035cfb_bzero: ++.L037cfb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L035cfb_bzero +-.L034cfb_done: ++ ja .L037cfb_bzero ++.L036cfb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L036cfb_exit ++ jmp .L038cfb_exit + .align 16 +-.L030cfb_aligned: ++.L032cfb_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,224 + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) +-.L036cfb_exit: ++.L038cfb_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L028cfb_abort: ++.L030cfb_abort: + popl %edi + popl %esi + popl %ebx +@@ -651,6 +668,7 @@ padlock_cfb_encrypt: + .align 16 + padlock_ofb_encrypt: + .L_padlock_ofb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -660,25 +678,25 @@ padlock_ofb_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L037ofb_abort ++ jnz .L039ofb_abort + testl $15,%ecx +- jnz .L037ofb_abort +- leal .Lpadlock_saved_context-.L038ofb_pic_point,%eax ++ jnz .L039ofb_abort ++ leal .Lpadlock_saved_context-.L040ofb_pic_point,%eax + pushfl + cld + call _padlock_verify_ctx +-.L038ofb_pic_point: ++.L040ofb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L039ofb_aligned ++ jnz .L041ofb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L039ofb_aligned ++ jnz .L041ofb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -696,9 +714,9 @@ padlock_ofb_encrypt: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp .L040ofb_loop ++ jmp .L042ofb_loop + .align 16 +-.L040ofb_loop: ++.L042ofb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -707,13 +725,13 @@ padlock_ofb_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L041ofb_inp_aligned ++ jz .L043ofb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L041ofb_inp_aligned: ++.L043ofb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -723,45 +741,45 @@ padlock_ofb_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L042ofb_out_aligned ++ jz .L044ofb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L042ofb_out_aligned: ++.L044ofb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz .L040ofb_loop ++ jnz .L042ofb_loop + cmpl %ebp,%esp +- je .L043ofb_done ++ je .L045ofb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L044ofb_bzero: ++.L046ofb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L044ofb_bzero +-.L043ofb_done: ++ ja .L046ofb_bzero ++.L045ofb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L045ofb_exit ++ jmp .L047ofb_exit + .align 16 +-.L039ofb_aligned: ++.L041ofb_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,232 + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) +-.L045ofb_exit: ++.L047ofb_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L037ofb_abort: ++.L039ofb_abort: + popl %edi + popl %esi + popl %ebx +@@ -773,6 +791,7 @@ padlock_ofb_encrypt: + .align 16 + padlock_ctr32_encrypt: + .L_padlock_ctr32_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -782,14 +801,14 @@ padlock_ctr32_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L046ctr32_abort ++ jnz .L048ctr32_abort + testl $15,%ecx +- jnz .L046ctr32_abort +- leal .Lpadlock_saved_context-.L047ctr32_pic_point,%eax ++ jnz .L048ctr32_abort ++ leal .Lpadlock_saved_context-.L049ctr32_pic_point,%eax + pushfl + cld + call _padlock_verify_ctx +-.L047ctr32_pic_point: ++.L049ctr32_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + movq -16(%edx),%mm0 +@@ -809,9 +828,9 @@ padlock_ctr32_encrypt: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp .L048ctr32_loop ++ jmp .L050ctr32_loop + .align 16 +-.L048ctr32_loop: ++.L050ctr32_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -820,7 +839,7 @@ padlock_ctr32_encrypt: + movl -4(%edx),%ecx + xorl %edi,%edi + movl -8(%edx),%eax +-.L049ctr32_prepare: ++.L051ctr32_prepare: + movl %ecx,12(%esp,%edi,1) + bswap %ecx + movq %mm0,(%esp,%edi,1) +@@ -829,7 +848,7 @@ padlock_ctr32_encrypt: + bswap %ecx + leal 16(%edi),%edi + cmpl %ebx,%edi +- jb .L049ctr32_prepare ++ jb .L051ctr32_prepare + movl %ecx,-4(%edx) + leal (%esp),%esi + leal (%esp),%edi +@@ -842,33 +861,33 @@ padlock_ctr32_encrypt: + movl 12(%ebp),%ebx + movl 4(%ebp),%esi + xorl %ecx,%ecx +-.L050ctr32_xor: ++.L052ctr32_xor: + movups (%esi,%ecx,1),%xmm1 + leal 16(%ecx),%ecx + pxor -16(%esp,%ecx,1),%xmm1 + movups %xmm1,-16(%edi,%ecx,1) + cmpl %ebx,%ecx +- jb .L050ctr32_xor ++ jb .L052ctr32_xor + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz .L048ctr32_loop ++ jnz .L050ctr32_loop + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L051ctr32_bzero: ++.L053ctr32_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L051ctr32_bzero +-.L052ctr32_done: ++ ja .L053ctr32_bzero ++.L054ctr32_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp + movl $1,%eax + leal 4(%esp),%esp + emms +-.L046ctr32_abort: ++.L048ctr32_abort: + popl %edi + popl %esi + popl %ebx +@@ -880,6 +899,7 @@ padlock_ctr32_encrypt: + .align 16 + padlock_xstore: + .L_padlock_xstore_begin: ++.byte 243,15,30,251 + pushl %edi + movl 8(%esp),%edi + movl 12(%esp),%edx +@@ -890,14 +910,15 @@ padlock_xstore: + .type _win32_segv_handler,@function + .align 16 + _win32_segv_handler: ++.byte 243,15,30,251 + movl $1,%eax + movl 4(%esp),%edx + movl 12(%esp),%ecx + cmpl $3221225477,(%edx) +- jne .L053ret ++ jne .L055ret + addl $4,184(%ecx) + movl $0,%eax +-.L053ret: ++.L055ret: + ret + .size _win32_segv_handler,.-_win32_segv_handler + .globl padlock_sha1_oneshot +@@ -905,6 +926,7 @@ _win32_segv_handler: + .align 16 + padlock_sha1_oneshot: + .L_padlock_sha1_oneshot_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + xorl %eax,%eax +@@ -936,6 +958,7 @@ padlock_sha1_oneshot: + .align 16 + padlock_sha1_blocks: + .L_padlock_sha1_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +@@ -966,6 +989,7 @@ padlock_sha1_blocks: + .align 16 + padlock_sha256_oneshot: + .L_padlock_sha256_oneshot_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + xorl %eax,%eax +@@ -997,6 +1021,7 @@ padlock_sha256_oneshot: + .align 16 + padlock_sha256_blocks: + .L_padlock_sha256_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +@@ -1027,6 +1052,7 @@ padlock_sha256_blocks: + .align 16 + padlock_sha512_blocks: + .L_padlock_sha512_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +@@ -1069,7 +1095,21 @@ padlock_sha512_blocks: + .Lpadlock_saved_context: + .long 0 + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: + + .section .note.GNU-stack,"",%progbits +- +- +diff --git a/lib/accelerated/x86/elf/e_padlock-x86_64.s b/lib/accelerated/x86/elf/e_padlock-x86_64.s +index c161f0a73..f92da756c 100644 +--- a/lib/accelerated/x86/elf/e_padlock-x86_64.s ++++ b/lib/accelerated/x86/elf/e_padlock-x86_64.s +@@ -1,4 +1,4 @@ +-# Copyright (c) 2011-2013, Andy Polyakov ++# Copyright (c) 2011-2016, Andy Polyakov + # All rights reserved. + # + # Redistribution and use in source and binary forms, with or without +@@ -42,36 +42,50 @@ + .type padlock_capability,@function + .align 16 + padlock_capability: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rbx,%r8 + xorl %eax,%eax + cpuid + xorl %eax,%eax +- cmpl $1953391939,%ebx ++ cmpl $0x746e6543,%ebx ++ jne .Lzhaoxin ++ cmpl $0x48727561,%edx + jne .Lnoluck +- cmpl $1215460705,%edx ++ cmpl $0x736c7561,%ecx + jne .Lnoluck +- cmpl $1936487777,%ecx ++ jmp .LzhaoxinEnd ++.Lzhaoxin: ++ cmpl $0x68532020,%ebx + jne .Lnoluck +- movl $3221225472,%eax ++ cmpl $0x68676e61,%edx ++ jne .Lnoluck ++ cmpl $0x20206961,%ecx ++ jne .Lnoluck ++.LzhaoxinEnd: ++ movl $0xC0000000,%eax + cpuid + movl %eax,%edx + xorl %eax,%eax +- cmpl $3221225473,%edx ++ cmpl $0xC0000001,%edx + jb .Lnoluck +- movl $3221225473,%eax ++ movl $0xC0000001,%eax + cpuid + movl %edx,%eax +- andl $4294967279,%eax +- orl $16,%eax ++ andl $0xffffffef,%eax ++ orl $0x10,%eax + .Lnoluck: + movq %r8,%rbx + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_capability,.-padlock_capability + + .globl padlock_key_bswap + .type padlock_key_bswap,@function + .align 16 + padlock_key_bswap: ++.cfi_startproc ++.byte 243,15,30,250 + movl 240(%rdi),%edx + .Lbswap_loop: + movl (%rdi),%eax +@@ -81,23 +95,29 @@ padlock_key_bswap: + subl $1,%edx + jnz .Lbswap_loop + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_key_bswap,.-padlock_key_bswap + + .globl padlock_verify_context + .type padlock_verify_context,@function + .align 16 + padlock_verify_context: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdi,%rdx + pushf + leaq .Lpadlock_saved_context(%rip),%rax + call _padlock_verify_ctx + leaq 8(%rsp),%rsp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_verify_context,.-padlock_verify_context + + .type _padlock_verify_ctx,@function + .align 16 + _padlock_verify_ctx: ++.cfi_startproc ++.byte 243,15,30,250 + movq 8(%rsp),%r8 + btq $30,%r8 + jnc .Lverified +@@ -108,43 +128,55 @@ _padlock_verify_ctx: + .Lverified: + movq %rdx,(%rax) + .byte 0xf3,0xc3 ++.cfi_endproc + .size _padlock_verify_ctx,.-_padlock_verify_ctx + + .globl padlock_reload_key + .type padlock_reload_key,@function + .align 16 + padlock_reload_key: ++.cfi_startproc ++.byte 243,15,30,250 + pushf + popf + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_reload_key,.-padlock_reload_key + + .globl padlock_aes_block + .type padlock_aes_block,@function + .align 16 + padlock_aes_block: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rbx,%r8 + movq $1,%rcx + leaq 32(%rdx),%rbx + leaq 16(%rdx),%rdx +-.byte 0xf3,0x0f,0xa7,0xc8 ++.byte 0xf3,0x0f,0xa7,0xc8 + movq %r8,%rbx + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_aes_block,.-padlock_aes_block + + .globl padlock_xstore + .type padlock_xstore,@function + .align 16 + padlock_xstore: ++.cfi_startproc ++.byte 243,15,30,250 + movl %esi,%edx +-.byte 0x0f,0xa7,0xc0 ++.byte 0x0f,0xa7,0xc0 + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_xstore,.-padlock_xstore + + .globl padlock_sha1_oneshot + .type padlock_sha1_oneshot,@function + .align 16 + padlock_sha1_oneshot: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -154,19 +186,22 @@ padlock_sha1_oneshot: + movq %rsp,%rdi + movl %eax,16(%rsp) + xorq %rax,%rax +-.byte 0xf3,0x0f,0xa6,0xc8 ++.byte 0xf3,0x0f,0xa6,0xc8 + movaps (%rsp),%xmm0 + movl 16(%rsp),%eax + addq $128+8,%rsp + movups %xmm0,(%rdx) + movl %eax,16(%rdx) + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_sha1_oneshot,.-padlock_sha1_oneshot + + .globl padlock_sha1_blocks + .type padlock_sha1_blocks,@function + .align 16 + padlock_sha1_blocks: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -176,19 +211,22 @@ padlock_sha1_blocks: + movq %rsp,%rdi + movl %eax,16(%rsp) + movq $-1,%rax +-.byte 0xf3,0x0f,0xa6,0xc8 ++.byte 0xf3,0x0f,0xa6,0xc8 + movaps (%rsp),%xmm0 + movl 16(%rsp),%eax + addq $128+8,%rsp + movups %xmm0,(%rdx) + movl %eax,16(%rdx) + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_sha1_blocks,.-padlock_sha1_blocks + + .globl padlock_sha256_oneshot + .type padlock_sha256_oneshot,@function + .align 16 + padlock_sha256_oneshot: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -198,19 +236,22 @@ padlock_sha256_oneshot: + movq %rsp,%rdi + movaps %xmm1,16(%rsp) + xorq %rax,%rax +-.byte 0xf3,0x0f,0xa6,0xd0 ++.byte 0xf3,0x0f,0xa6,0xd0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + addq $128+8,%rsp + movups %xmm0,(%rdx) + movups %xmm1,16(%rdx) + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_sha256_oneshot,.-padlock_sha256_oneshot + + .globl padlock_sha256_blocks + .type padlock_sha256_blocks,@function + .align 16 + padlock_sha256_blocks: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -220,19 +261,22 @@ padlock_sha256_blocks: + movq %rsp,%rdi + movaps %xmm1,16(%rsp) + movq $-1,%rax +-.byte 0xf3,0x0f,0xa6,0xd0 ++.byte 0xf3,0x0f,0xa6,0xd0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + addq $128+8,%rsp + movups %xmm0,(%rdx) + movups %xmm1,16(%rdx) + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_sha256_blocks,.-padlock_sha256_blocks + + .globl padlock_sha512_blocks + .type padlock_sha512_blocks,@function + .align 16 + padlock_sha512_blocks: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -245,7 +289,7 @@ padlock_sha512_blocks: + movaps %xmm1,16(%rsp) + movaps %xmm2,32(%rsp) + movaps %xmm3,48(%rsp) +-.byte 0xf3,0x0f,0xa6,0xe0 ++.byte 0xf3,0x0f,0xa6,0xe0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + movaps 32(%rsp),%xmm2 +@@ -256,11 +300,14 @@ padlock_sha512_blocks: + movups %xmm2,32(%rdx) + movups %xmm3,48(%rdx) + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_sha512_blocks,.-padlock_sha512_blocks + .globl padlock_ecb_encrypt + .type padlock_ecb_encrypt,@function + .align 16 + padlock_ecb_encrypt: ++.cfi_startproc ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -278,9 +325,9 @@ padlock_ecb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lecb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lecb_aligned +@@ -304,7 +351,7 @@ padlock_ecb_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $128,%rax + movq $-128,%rax + cmovaeq %rbx,%rax +@@ -320,12 +367,12 @@ padlock_ecb_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lecb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -333,15 +380,15 @@ padlock_ecb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,200 ++.byte 0xf3,0x0f,0xa7,200 + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lecb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lecb_out_aligned: + movq %r9,%rsi +@@ -362,7 +409,7 @@ padlock_ecb_encrypt: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -388,7 +435,7 @@ padlock_ecb_encrypt: + .Lecb_aligned: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $128,%rbp + movq $128-1,%rbp +@@ -399,7 +446,7 @@ padlock_ecb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,200 ++.byte 0xf3,0x0f,0xa7,200 + testq %rbp,%rbp + jz .Lecb_exit + +@@ -411,7 +458,7 @@ padlock_ecb_encrypt: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -423,11 +470,14 @@ padlock_ecb_encrypt: + popq %rbx + popq %rbp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_ecb_encrypt,.-padlock_ecb_encrypt + .globl padlock_cbc_encrypt + .type padlock_cbc_encrypt,@function + .align 16 + padlock_cbc_encrypt: ++.cfi_startproc ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -445,9 +495,9 @@ padlock_cbc_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lcbc_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lcbc_aligned +@@ -471,7 +521,7 @@ padlock_cbc_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $64,%rax + movq $-64,%rax + cmovaeq %rbx,%rax +@@ -487,12 +537,12 @@ padlock_cbc_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lcbc_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -500,17 +550,17 @@ padlock_cbc_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,208 ++.byte 0xf3,0x0f,0xa7,208 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lcbc_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lcbc_out_aligned: + movq %r9,%rsi +@@ -531,7 +581,7 @@ padlock_cbc_encrypt: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -557,7 +607,7 @@ padlock_cbc_encrypt: + .Lcbc_aligned: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $64,%rbp + movq $64-1,%rbp +@@ -568,7 +618,7 @@ padlock_cbc_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,208 ++.byte 0xf3,0x0f,0xa7,208 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + testq %rbp,%rbp +@@ -582,7 +632,7 @@ padlock_cbc_encrypt: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -594,11 +644,14 @@ padlock_cbc_encrypt: + popq %rbx + popq %rbp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_cbc_encrypt,.-padlock_cbc_encrypt + .globl padlock_cfb_encrypt + .type padlock_cfb_encrypt,@function + .align 16 + padlock_cfb_encrypt: ++.cfi_startproc ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -616,9 +669,9 @@ padlock_cfb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lcfb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lcfb_aligned +@@ -645,12 +698,12 @@ padlock_cfb_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lcfb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -658,17 +711,17 @@ padlock_cfb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,224 ++.byte 0xf3,0x0f,0xa7,224 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lcfb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lcfb_out_aligned: + movq %r9,%rsi +@@ -698,7 +751,7 @@ padlock_cfb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,224 ++.byte 0xf3,0x0f,0xa7,224 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + .Lcfb_exit: +@@ -708,11 +761,14 @@ padlock_cfb_encrypt: + popq %rbx + popq %rbp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_cfb_encrypt,.-padlock_cfb_encrypt + .globl padlock_ofb_encrypt + .type padlock_ofb_encrypt,@function + .align 16 + padlock_ofb_encrypt: ++.cfi_startproc ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -730,9 +786,9 @@ padlock_ofb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lofb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lofb_aligned +@@ -759,12 +815,12 @@ padlock_ofb_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lofb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -772,17 +828,17 @@ padlock_ofb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,232 ++.byte 0xf3,0x0f,0xa7,232 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lofb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lofb_out_aligned: + movq %r9,%rsi +@@ -812,7 +868,7 @@ padlock_ofb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,232 ++.byte 0xf3,0x0f,0xa7,232 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + .Lofb_exit: +@@ -822,11 +878,14 @@ padlock_ofb_encrypt: + popq %rbx + popq %rbp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_ofb_encrypt,.-padlock_ofb_encrypt + .globl padlock_ctr32_encrypt + .type padlock_ctr32_encrypt,@function + .align 16 + padlock_ctr32_encrypt: ++.cfi_startproc ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -844,9 +903,9 @@ padlock_ctr32_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lctr32_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lctr32_aligned +@@ -881,7 +940,7 @@ padlock_ctr32_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $32,%rax + movq $-32,%rax + cmovaeq %rbx,%rax +@@ -897,12 +956,12 @@ padlock_ctr32_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lctr32_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -910,23 +969,23 @@ padlock_ctr32_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + movl -4(%rdx),%eax +- testl $4294901760,%eax ++ testl $0xffff0000,%eax + jnz .Lctr32_no_carry + bswapl %eax +- addl $65536,%eax ++ addl $0x10000,%eax + bswapl %eax + movl %eax,-4(%rdx) + .Lctr32_no_carry: + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lctr32_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lctr32_out_aligned: + movq %r9,%rsi +@@ -944,7 +1003,7 @@ padlock_ctr32_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $32,%rax + movq $-32,%rax + cmovaeq %rbx,%rax +@@ -959,7 +1018,7 @@ padlock_ctr32_encrypt: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -986,7 +1045,7 @@ padlock_ctr32_encrypt: + movl -4(%rdx),%eax + bswapl %eax + negl %eax +- andl $65535,%eax ++ andl $0xffff,%eax + movq $1048576,%rbx + shll $4,%eax + cmovzq %rbx,%rax +@@ -1003,11 +1062,11 @@ padlock_ctr32_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + + movl -4(%rdx),%eax + bswapl %eax +- addl $65536,%eax ++ addl $0x10000,%eax + bswapl %eax + movl %eax,-4(%rdx) + +@@ -1021,7 +1080,7 @@ padlock_ctr32_encrypt: + .Lctr32_aligned_skip: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $32,%rbp + movq $32-1,%rbp +@@ -1032,7 +1091,7 @@ padlock_ctr32_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + testq %rbp,%rbp + jz .Lctr32_exit + +@@ -1044,7 +1103,7 @@ padlock_ctr32_encrypt: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -1056,6 +1115,7 @@ padlock_ctr32_encrypt: + popq %rbx + popq %rbp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_ctr32_encrypt,.-padlock_ctr32_encrypt + .byte 86,73,65,32,80,97,100,108,111,99,107,32,120,56,54,95,54,52,32,109,111,100,117,108,101,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .align 16 +@@ -1063,8 +1123,26 @@ padlock_ctr32_encrypt: + .align 8 + .Lpadlock_saved_context: + .quad 0 +- ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +- +- +diff --git a/lib/accelerated/x86/elf/ghash-x86_64.s b/lib/accelerated/x86/elf/ghash-x86_64.s +index 1e4d18b34..8da3f294c 100644 +--- a/lib/accelerated/x86/elf/ghash-x86_64.s ++++ b/lib/accelerated/x86/elf/ghash-x86_64.s +@@ -45,6 +45,7 @@ + .align 16 + gcm_gmult_4bit: + .cfi_startproc ++.byte 243,15,30,250 + pushq %rbx + .cfi_adjust_cfa_offset 8 + .cfi_offset %rbx,-16 +@@ -156,6 +157,7 @@ gcm_gmult_4bit: + .align 16 + gcm_ghash_4bit: + .cfi_startproc ++.byte 243,15,30,250 + pushq %rbx + .cfi_adjust_cfa_offset 8 + .cfi_offset %rbx,-16 +@@ -903,6 +905,7 @@ gcm_init_clmul: + .align 16 + gcm_gmult_clmul: + .cfi_startproc ++.byte 243,15,30,250 + .L_gmult_clmul: + movdqu (%rdi),%xmm0 + movdqa .Lbswap_mask(%rip),%xmm5 +@@ -956,6 +959,7 @@ gcm_gmult_clmul: + .align 32 + gcm_ghash_clmul: + .cfi_startproc ++.byte 243,15,30,250 + .L_ghash_clmul: + movdqa .Lbswap_mask(%rip),%xmm10 + +@@ -1450,6 +1454,7 @@ gcm_init_avx: + .align 32 + gcm_gmult_avx: + .cfi_startproc ++.byte 243,15,30,250 + jmp .L_gmult_clmul + .cfi_endproc + .size gcm_gmult_avx,.-gcm_gmult_avx +@@ -1458,6 +1463,7 @@ gcm_gmult_avx: + .align 32 + gcm_ghash_avx: + .cfi_startproc ++.byte 243,15,30,250 + vzeroupper + + vmovdqu (%rdi),%xmm10 +@@ -1884,5 +1890,26 @@ gcm_ghash_avx: + + .byte 71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .align 64 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha1-ssse3-x86.s b/lib/accelerated/x86/elf/sha1-ssse3-x86.s +index 8bfbcb6b3..57b6ba58f 100644 +--- a/lib/accelerated/x86/elf/sha1-ssse3-x86.s ++++ b/lib/accelerated/x86/elf/sha1-ssse3-x86.s +@@ -43,6 +43,7 @@ + .align 16 + sha1_block_data_order: + .L_sha1_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1417,4 +1418,21 @@ sha1_block_data_order: + .byte 89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112 + .byte 114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: ++ + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha1-ssse3-x86_64.s b/lib/accelerated/x86/elf/sha1-ssse3-x86_64.s +index 1e6546e11..54095050c 100644 +--- a/lib/accelerated/x86/elf/sha1-ssse3-x86_64.s ++++ b/lib/accelerated/x86/elf/sha1-ssse3-x86_64.s +@@ -1460,8 +1460,8 @@ _shaext_shortcut: + pshufd $27,%xmm1,%xmm1 + movdqu %xmm0,(%rdi) + movd %xmm1,16(%rdi) +-.cfi_endproc + .byte 0xf3,0xc3 ++.cfi_endproc + .size sha1_block_data_order_shaext,.-sha1_block_data_order_shaext + .type sha1_block_data_order_ssse3,@function + .align 16 +@@ -5487,5 +5487,26 @@ K_XX_XX: + .byte 0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0 + .byte 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .align 64 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha256-ssse3-x86.s b/lib/accelerated/x86/elf/sha256-ssse3-x86.s +index 8d9aaa4a8..6d16b9140 100644 +--- a/lib/accelerated/x86/elf/sha256-ssse3-x86.s ++++ b/lib/accelerated/x86/elf/sha256-ssse3-x86.s +@@ -43,6 +43,7 @@ + .align 16 + sha256_block_data_order: + .L_sha256_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -3384,4 +3385,21 @@ sha256_block_data_order: + ret + .size sha256_block_data_order,.-.L_sha256_block_data_order_begin + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: ++ + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha256-ssse3-x86_64.s b/lib/accelerated/x86/elf/sha256-ssse3-x86_64.s +index 4b08e0c85..1514ee45c 100644 +--- a/lib/accelerated/x86/elf/sha256-ssse3-x86_64.s ++++ b/lib/accelerated/x86/elf/sha256-ssse3-x86_64.s +@@ -1814,6 +1814,7 @@ K256: + .align 64 + sha256_block_data_order_shaext: + _shaext_shortcut: ++.cfi_startproc + leaq K256+128(%rip),%rcx + movdqu (%rdi),%xmm1 + movdqu 16(%rdi),%xmm2 +@@ -2016,6 +2017,7 @@ _shaext_shortcut: + movdqu %xmm1,(%rdi) + movdqu %xmm2,16(%rdi) + .byte 0xf3,0xc3 ++.cfi_endproc + .size sha256_block_data_order_shaext,.-sha256_block_data_order_shaext + .type sha256_block_data_order_ssse3,@function + .align 64 +@@ -4277,7 +4279,15 @@ sha256_block_data_order_avx2: + vmovdqa %ymm4,0(%rsp) + xorl %r14d,%r14d + vmovdqa %ymm5,32(%rsp) ++ ++ movq 88(%rsp),%rdi ++.cfi_def_cfa %rdi,8 + leaq -64(%rsp),%rsp ++ ++ ++ ++ movq %rdi,-8(%rsp) ++.cfi_escape 0x0f,0x05,0x77,0x78,0x06,0x23,0x08 + movl %ebx,%edi + vmovdqa %ymm6,0(%rsp) + xorl %ecx,%edi +@@ -4289,6 +4299,12 @@ sha256_block_data_order_avx2: + .align 16 + .Lavx2_00_47: + leaq -64(%rsp),%rsp ++.cfi_escape 0x0f,0x05,0x77,0x38,0x06,0x23,0x08 ++ ++ pushq 64-8(%rsp) ++.cfi_escape 0x0f,0x05,0x77,0x00,0x06,0x23,0x08 ++ leaq 8(%rsp),%rsp ++.cfi_escape 0x0f,0x05,0x77,0x78,0x06,0x23,0x08 + vpalignr $4,%ymm0,%ymm1,%ymm4 + addl 0+128(%rsp),%r11d + andl %r8d,%r12d +@@ -4544,6 +4560,12 @@ sha256_block_data_order_avx2: + movl %r9d,%r12d + vmovdqa %ymm6,32(%rsp) + leaq -64(%rsp),%rsp ++.cfi_escape 0x0f,0x05,0x77,0x38,0x06,0x23,0x08 ++ ++ pushq 64-8(%rsp) ++.cfi_escape 0x0f,0x05,0x77,0x00,0x06,0x23,0x08 ++ leaq 8(%rsp),%rsp ++.cfi_escape 0x0f,0x05,0x77,0x78,0x06,0x23,0x08 + vpalignr $4,%ymm2,%ymm3,%ymm4 + addl 0+128(%rsp),%r11d + andl %r8d,%r12d +@@ -5419,6 +5441,8 @@ sha256_block_data_order_avx2: + + leaq 448(%rsp),%rsp + ++.cfi_escape 0x0f,0x06,0x77,0xd8,0x00,0x06,0x23,0x08 ++ + addl 0(%rdi),%eax + addl 4(%rdi),%ebx + addl 8(%rdi),%ecx +@@ -5444,9 +5468,11 @@ sha256_block_data_order_avx2: + jbe .Loop_avx2 + leaq (%rsp),%rbp + ++ ++.cfi_escape 0x0f,0x06,0x76,0xd8,0x00,0x06,0x23,0x08 ++ + .Ldone_avx2: +- leaq (%rbp),%rsp +- movq 88(%rsp),%rsi ++ movq 88(%rbp),%rsi + .cfi_def_cfa %rsi,8 + vzeroupper + movq -48(%rsi),%r15 +@@ -5467,5 +5493,26 @@ sha256_block_data_order_avx2: + .byte 0xf3,0xc3 + .cfi_endproc + .size sha256_block_data_order_avx2,.-sha256_block_data_order_avx2 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha512-ssse3-x86.s b/lib/accelerated/x86/elf/sha512-ssse3-x86.s +index 481c77715..afca4eae7 100644 +--- a/lib/accelerated/x86/elf/sha512-ssse3-x86.s ++++ b/lib/accelerated/x86/elf/sha512-ssse3-x86.s +@@ -43,6 +43,7 @@ + .align 16 + sha512_block_data_order: + .L_sha512_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -602,4 +603,21 @@ sha512_block_data_order: + .byte 112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103 + .byte 62,0 + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: ++ + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha512-ssse3-x86_64.s b/lib/accelerated/x86/elf/sha512-ssse3-x86_64.s +index e384d7e9e..a7be2cd44 100644 +--- a/lib/accelerated/x86/elf/sha512-ssse3-x86_64.s ++++ b/lib/accelerated/x86/elf/sha512-ssse3-x86_64.s +@@ -4204,7 +4204,15 @@ sha512_block_data_order_avx2: + vmovdqa %ymm10,64(%rsp) + vpaddq 64(%rbp),%ymm6,%ymm10 + vmovdqa %ymm11,96(%rsp) ++ ++ movq 152(%rsp),%rdi ++.cfi_def_cfa %rdi,8 + leaq -128(%rsp),%rsp ++ ++ ++ ++ movq %rdi,-8(%rsp) ++.cfi_escape 0x0f,0x05,0x77,0x78,0x06,0x23,0x08 + vpaddq 96(%rbp),%ymm7,%ymm11 + vmovdqa %ymm8,0(%rsp) + xorq %r14,%r14 +@@ -4220,6 +4228,12 @@ sha512_block_data_order_avx2: + .align 16 + .Lavx2_00_47: + leaq -128(%rsp),%rsp ++.cfi_escape 0x0f,0x06,0x77,0xf8,0x00,0x06,0x23,0x08 ++ ++ pushq 128-8(%rsp) ++.cfi_escape 0x0f,0x05,0x77,0x00,0x06,0x23,0x08 ++ leaq 8(%rsp),%rsp ++.cfi_escape 0x0f,0x05,0x77,0x78,0x06,0x23,0x08 + vpalignr $8,%ymm0,%ymm1,%ymm8 + addq 0+256(%rsp),%r11 + andq %r8,%r12 +@@ -4513,6 +4527,12 @@ sha512_block_data_order_avx2: + movq %r9,%r12 + vmovdqa %ymm10,96(%rsp) + leaq -128(%rsp),%rsp ++.cfi_escape 0x0f,0x06,0x77,0xf8,0x00,0x06,0x23,0x08 ++ ++ pushq 128-8(%rsp) ++.cfi_escape 0x0f,0x05,0x77,0x00,0x06,0x23,0x08 ++ leaq 8(%rsp),%rsp ++.cfi_escape 0x0f,0x05,0x77,0x78,0x06,0x23,0x08 + vpalignr $8,%ymm4,%ymm5,%ymm8 + addq 0+256(%rsp),%r11 + andq %r8,%r12 +@@ -5426,6 +5446,8 @@ sha512_block_data_order_avx2: + + leaq 1152(%rsp),%rsp + ++.cfi_escape 0x0f,0x06,0x77,0x98,0x01,0x06,0x23,0x08 ++ + addq 0(%rdi),%rax + addq 8(%rdi),%rbx + addq 16(%rdi),%rcx +@@ -5451,9 +5473,11 @@ sha512_block_data_order_avx2: + jbe .Loop_avx2 + leaq (%rsp),%rbp + ++ ++.cfi_escape 0x0f,0x06,0x76,0x98,0x01,0x06,0x23,0x08 ++ + .Ldone_avx2: +- leaq (%rbp),%rsp +- movq 152(%rsp),%rsi ++ movq 152(%rbp),%rsi + .cfi_def_cfa %rsi,8 + vzeroupper + movq -48(%rsi),%r15 +@@ -5474,5 +5498,26 @@ sha512_block_data_order_avx2: + .byte 0xf3,0xc3 + .cfi_endproc + .size sha512_block_data_order_avx2,.-sha512_block_data_order_avx2 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/macosx/aes-ssse3-x86.s b/lib/accelerated/x86/macosx/aes-ssse3-x86.s +index 4be899281..6cc2b0390 100644 +--- a/lib/accelerated/x86/macosx/aes-ssse3-x86.s ++++ b/lib/accelerated/x86/macosx/aes-ssse3-x86.s +@@ -70,12 +70,14 @@ L_vpaes_consts: + .align 6,0x90 + .align 4 + __vpaes_preheat: ++.byte 243,15,30,251 + addl (%esp),%ebp + movdqa -48(%ebp),%xmm7 + movdqa -16(%ebp),%xmm6 + ret + .align 4 + __vpaes_encrypt_core: ++.byte 243,15,30,251 + movl $16,%ecx + movl 240(%edx),%eax + movdqa %xmm6,%xmm1 +@@ -151,6 +153,7 @@ L000enc_entry: + ret + .align 4 + __vpaes_decrypt_core: ++.byte 243,15,30,251 + leal 608(%ebp),%ebx + movl 240(%edx),%eax + movdqa %xmm6,%xmm1 +@@ -237,6 +240,7 @@ L002dec_entry: + ret + .align 4 + __vpaes_schedule_core: ++.byte 243,15,30,251 + addl (%esp),%ebp + movdqu (%esi),%xmm0 + movdqa 320(%ebp),%xmm2 +@@ -329,6 +333,7 @@ L013schedule_mangle_last_dec: + ret + .align 4 + __vpaes_schedule_192_smear: ++.byte 243,15,30,251 + pshufd $128,%xmm6,%xmm1 + pshufd $254,%xmm7,%xmm0 + pxor %xmm1,%xmm6 +@@ -339,6 +344,7 @@ __vpaes_schedule_192_smear: + ret + .align 4 + __vpaes_schedule_round: ++.byte 243,15,30,251 + movdqa 8(%esp),%xmm2 + pxor %xmm1,%xmm1 + .byte 102,15,58,15,202,15 +@@ -386,6 +392,7 @@ L_vpaes_schedule_low_round: + ret + .align 4 + __vpaes_schedule_transform: ++.byte 243,15,30,251 + movdqa -16(%ebp),%xmm2 + movdqa %xmm2,%xmm1 + pandn %xmm0,%xmm1 +@@ -399,6 +406,7 @@ __vpaes_schedule_transform: + ret + .align 4 + __vpaes_schedule_mangle: ++.byte 243,15,30,251 + movdqa %xmm0,%xmm4 + movdqa 128(%ebp),%xmm5 + testl %edi,%edi +@@ -458,6 +466,7 @@ L015schedule_mangle_both: + .align 4 + _vpaes_set_encrypt_key: + L_vpaes_set_encrypt_key_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -489,6 +498,7 @@ L016pic_point: + .align 4 + _vpaes_set_decrypt_key: + L_vpaes_set_decrypt_key_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -525,6 +535,7 @@ L017pic_point: + .align 4 + _vpaes_encrypt: + L_vpaes_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -552,6 +563,7 @@ L018pic_point: + .align 4 + _vpaes_decrypt: + L_vpaes_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -579,6 +591,7 @@ L019pic_point: + .align 4 + _vpaes_cbc_encrypt: + L_vpaes_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +diff --git a/lib/accelerated/x86/macosx/aes-ssse3-x86_64.s b/lib/accelerated/x86/macosx/aes-ssse3-x86_64.s +index 3d5c65226..c2e2f2e02 100644 +--- a/lib/accelerated/x86/macosx/aes-ssse3-x86_64.s ++++ b/lib/accelerated/x86/macosx/aes-ssse3-x86_64.s +@@ -635,6 +635,7 @@ L$schedule_mangle_both: + .p2align 4 + _vpaes_set_encrypt_key: + ++.byte 243,15,30,250 + movl %esi,%eax + shrl $5,%eax + addl $5,%eax +@@ -653,6 +654,7 @@ _vpaes_set_encrypt_key: + .p2align 4 + _vpaes_set_decrypt_key: + ++.byte 243,15,30,250 + movl %esi,%eax + shrl $5,%eax + addl $5,%eax +@@ -676,6 +678,7 @@ _vpaes_set_decrypt_key: + .p2align 4 + _vpaes_encrypt: + ++.byte 243,15,30,250 + movdqu (%rdi),%xmm0 + call _vpaes_preheat + call _vpaes_encrypt_core +@@ -689,6 +692,7 @@ _vpaes_encrypt: + .p2align 4 + _vpaes_decrypt: + ++.byte 243,15,30,250 + movdqu (%rdi),%xmm0 + call _vpaes_preheat + call _vpaes_decrypt_core +@@ -701,6 +705,7 @@ _vpaes_decrypt: + .p2align 4 + _vpaes_cbc_encrypt: + ++.byte 243,15,30,250 + xchgq %rcx,%rdx + subq $16,%rcx + jc L$cbc_abort +diff --git a/lib/accelerated/x86/macosx/aesni-gcm-x86_64.s b/lib/accelerated/x86/macosx/aesni-gcm-x86_64.s +index d540930b5..be6d885d8 100644 +--- a/lib/accelerated/x86/macosx/aesni-gcm-x86_64.s ++++ b/lib/accelerated/x86/macosx/aesni-gcm-x86_64.s +@@ -42,6 +42,8 @@ + + .p2align 5 + _aesni_ctr32_ghash_6x: ++ ++.byte 243,15,30,250 + vmovdqu 32(%r11),%xmm2 + subq $6,%rdx + vpxor %xmm4,%xmm4,%xmm4 +@@ -350,11 +352,13 @@ L$6x_done: + + .byte 0xf3,0xc3 + ++ + .globl _aesni_gcm_decrypt + + .p2align 5 + _aesni_gcm_decrypt: + ++.byte 243,15,30,250 + xorq %r10,%r10 + cmpq $0x60,%rdx + jb L$gcm_dec_abort +@@ -455,6 +459,8 @@ L$gcm_dec_abort: + + .p2align 5 + _aesni_ctr32_6x: ++ ++.byte 243,15,30,250 + vmovdqu 0-128(%rcx),%xmm4 + vmovdqu 32(%r11),%xmm2 + leaq -1(%rbp),%r13 +@@ -543,11 +549,13 @@ L$handle_ctr32_2: + jmp L$oop_ctr32 + + ++ + .globl _aesni_gcm_encrypt + + .p2align 5 + _aesni_gcm_encrypt: + ++.byte 243,15,30,250 + xorq %r10,%r10 + cmpq $288,%rdx + jb L$gcm_enc_abort +diff --git a/lib/accelerated/x86/macosx/aesni-x86.s b/lib/accelerated/x86/macosx/aesni-x86.s +index ee5008914..64e4e52fc 100644 +--- a/lib/accelerated/x86/macosx/aesni-x86.s ++++ b/lib/accelerated/x86/macosx/aesni-x86.s +@@ -42,6 +42,7 @@ + .align 4 + _aesni_encrypt: + L_aesni_encrypt_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 12(%esp),%edx + movups (%eax),%xmm2 +@@ -67,6 +68,7 @@ L000enc1_loop_1: + .align 4 + _aesni_decrypt: + L_aesni_decrypt_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 12(%esp),%edx + movups (%eax),%xmm2 +@@ -90,6 +92,7 @@ L001dec1_loop_2: + ret + .align 4 + __aesni_encrypt2: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -115,6 +118,7 @@ L002enc2_loop: + ret + .align 4 + __aesni_decrypt2: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -140,6 +144,7 @@ L003dec2_loop: + ret + .align 4 + __aesni_encrypt3: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -170,6 +175,7 @@ L004enc3_loop: + ret + .align 4 + __aesni_decrypt3: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -200,6 +206,7 @@ L005dec3_loop: + ret + .align 4 + __aesni_encrypt4: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + movups 16(%edx),%xmm1 + shll $4,%ecx +@@ -236,6 +243,7 @@ L006enc4_loop: + ret + .align 4 + __aesni_decrypt4: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + movups 16(%edx),%xmm1 + shll $4,%ecx +@@ -272,6 +280,7 @@ L007dec4_loop: + ret + .align 4 + __aesni_encrypt6: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -324,6 +333,7 @@ L_aesni_encrypt6_enter: + ret + .align 4 + __aesni_decrypt6: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -378,6 +388,7 @@ L_aesni_decrypt6_enter: + .align 4 + _aesni_ecb_encrypt: + L_aesni_ecb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -611,6 +622,7 @@ L012ecb_ret: + .align 4 + _aesni_ccm64_encrypt_blocks: + L_aesni_ccm64_encrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -697,6 +709,7 @@ L031ccm64_enc2_loop: + .align 4 + _aesni_ccm64_decrypt_blocks: + L_aesni_ccm64_decrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -818,6 +831,7 @@ L036enc1_loop_6: + .align 4 + _aesni_ctr32_encrypt_blocks: + L_aesni_ctr32_encrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1054,6 +1068,7 @@ L040ctr32_ret: + .align 4 + _aesni_xts_encrypt: + L_aesni_xts_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1412,6 +1427,7 @@ L056xts_enc_ret: + .align 4 + _aesni_xts_decrypt: + L_aesni_xts_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1800,6 +1816,7 @@ L069xts_dec_ret: + .align 4 + _aesni_ocb_encrypt: + L_aesni_ocb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2193,6 +2210,7 @@ L078done: + .align 4 + _aesni_ocb_decrypt: + L_aesni_ocb_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2586,6 +2604,7 @@ L088done: + .align 4 + _aesni_cbc_encrypt: + L_aesni_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2843,6 +2862,7 @@ L094cbc_abort: + ret + .align 4 + __aesni_set_encrypt_key: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + testl %eax,%eax +@@ -3176,6 +3196,7 @@ L115bad_keybits: + .align 4 + _aesni_set_encrypt_key: + L_aesni_set_encrypt_key_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 8(%esp),%ecx + movl 12(%esp),%edx +@@ -3185,6 +3206,7 @@ L_aesni_set_encrypt_key_begin: + .align 4 + _aesni_set_decrypt_key: + L_aesni_set_decrypt_key_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 8(%esp),%ecx + movl 12(%esp),%edx +diff --git a/lib/accelerated/x86/macosx/aesni-x86_64.s b/lib/accelerated/x86/macosx/aesni-x86_64.s +index f6145f166..484122c5e 100644 +--- a/lib/accelerated/x86/macosx/aesni-x86_64.s ++++ b/lib/accelerated/x86/macosx/aesni-x86_64.s +@@ -44,6 +44,7 @@ + .p2align 4 + _aesni_encrypt: + ++.byte 243,15,30,250 + movups (%rdi),%xmm2 + movl 240(%rdx),%eax + movups (%rdx),%xmm0 +@@ -70,6 +71,7 @@ L$oop_enc1_1: + .p2align 4 + _aesni_decrypt: + ++.byte 243,15,30,250 + movups (%rdi),%xmm2 + movl 240(%rdx),%eax + movups (%rdx),%xmm0 +@@ -557,6 +559,7 @@ L$dec_loop8_enter: + .p2align 4 + _aesni_ecb_encrypt: + ++.byte 243,15,30,250 + andq $-16,%rdx + jz L$ecb_ret + +@@ -900,6 +903,8 @@ L$ecb_ret: + + .p2align 4 + _aesni_ccm64_encrypt_blocks: ++ ++.byte 243,15,30,250 + movl 240(%rcx),%eax + movdqu (%r8),%xmm6 + movdqa L$increment64(%rip),%xmm9 +@@ -959,10 +964,13 @@ L$ccm64_enc2_loop: + pxor %xmm6,%xmm6 + .byte 0xf3,0xc3 + ++ + .globl _aesni_ccm64_decrypt_blocks + + .p2align 4 + _aesni_ccm64_decrypt_blocks: ++ ++.byte 243,15,30,250 + movl 240(%rcx),%eax + movups (%r8),%xmm6 + movdqu (%r9),%xmm3 +@@ -1056,11 +1064,13 @@ L$oop_enc1_6: + pxor %xmm6,%xmm6 + .byte 0xf3,0xc3 + ++ + .globl _aesni_ctr32_encrypt_blocks + + .p2align 4 + _aesni_ctr32_encrypt_blocks: + ++.byte 243,15,30,250 + cmpq $1,%rdx + jne L$ctr32_bulk + +@@ -1639,6 +1649,7 @@ L$ctr32_epilogue: + .p2align 4 + _aesni_xts_encrypt: + ++.byte 243,15,30,250 + leaq (%rsp),%r11 + + pushq %rbp +@@ -2109,6 +2120,7 @@ L$xts_enc_epilogue: + .p2align 4 + _aesni_xts_decrypt: + ++.byte 243,15,30,250 + leaq (%rsp),%r11 + + pushq %rbp +@@ -2616,6 +2628,7 @@ L$xts_dec_epilogue: + .p2align 5 + _aesni_ocb_encrypt: + ++.byte 243,15,30,250 + leaq (%rsp),%rax + pushq %rbx + +@@ -2824,6 +2837,7 @@ L$ocb_enc_epilogue: + + .p2align 5 + __ocb_encrypt6: ++ + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -2924,8 +2938,10 @@ L$ocb_enc_loop6: + + + ++ + .p2align 5 + __ocb_encrypt4: ++ + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -2993,8 +3009,10 @@ L$ocb_enc_loop4: + + + ++ + .p2align 5 + __ocb_encrypt1: ++ + pxor %xmm15,%xmm7 + pxor %xmm9,%xmm7 + pxor %xmm2,%xmm8 +@@ -3027,11 +3045,13 @@ L$ocb_enc_loop1: + .byte 0xf3,0xc3 + + ++ + .globl _aesni_ocb_decrypt + + .p2align 5 + _aesni_ocb_decrypt: + ++.byte 243,15,30,250 + leaq (%rsp),%rax + pushq %rbx + +@@ -3262,6 +3282,7 @@ L$ocb_dec_epilogue: + + .p2align 5 + __ocb_decrypt6: ++ + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -3356,8 +3377,10 @@ L$ocb_dec_loop6: + + + ++ + .p2align 5 + __ocb_decrypt4: ++ + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -3421,8 +3444,10 @@ L$ocb_dec_loop4: + + + ++ + .p2align 5 + __ocb_decrypt1: ++ + pxor %xmm15,%xmm7 + pxor %xmm9,%xmm7 + pxor %xmm7,%xmm2 +@@ -3453,11 +3478,13 @@ L$ocb_dec_loop1: + .byte 102,15,56,223,215 + .byte 0xf3,0xc3 + ++ + .globl _aesni_cbc_encrypt + + .p2align 4 + _aesni_cbc_encrypt: + ++.byte 243,15,30,250 + testq %rdx,%rdx + jz L$cbc_ret + +@@ -4390,7 +4417,6 @@ L$enc_key_ret: + addq $8,%rsp + + .byte 0xf3,0xc3 +- + L$SEH_end_set_encrypt_key: + + .p2align 4 +@@ -4463,6 +4489,7 @@ L$key_expansion_256b: + .byte 0xf3,0xc3 + + ++ + .p2align 6 + L$bswap_mask: + .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 +diff --git a/lib/accelerated/x86/macosx/e_padlock-x86.s b/lib/accelerated/x86/macosx/e_padlock-x86.s +index 367962c7c..9a72938fe 100644 +--- a/lib/accelerated/x86/macosx/e_padlock-x86.s ++++ b/lib/accelerated/x86/macosx/e_padlock-x86.s +@@ -1,4 +1,4 @@ +-# Copyright (c) 2011-2013, Andy Polyakov ++# Copyright (c) 2011-2016, Andy Polyakov + # All rights reserved. + # + # Redistribution and use in source and binary forms, with or without +@@ -37,12 +37,12 @@ + # + # *** This file is auto-generated *** + # +-.file "devel/perlasm/e_padlock-x86.s" + .text + .globl _padlock_capability + .align 4 + _padlock_capability: + L_padlock_capability_begin: ++.byte 243,15,30,251 + pushl %ebx + pushfl + popl %eax +@@ -59,11 +59,20 @@ L_padlock_capability_begin: + .byte 0x0f,0xa2 + xorl %eax,%eax + cmpl $0x746e6543,%ebx +- jne L000noluck ++ jne L001zhaoxin + cmpl $0x48727561,%edx + jne L000noluck + cmpl $0x736c7561,%ecx + jne L000noluck ++ jmp L002zhaoxinEnd ++L001zhaoxin: ++ cmpl $0x68532020,%ebx ++ jne L000noluck ++ cmpl $0x68676e61,%edx ++ jne L000noluck ++ cmpl $0x20206961,%ecx ++ jne L000noluck ++L002zhaoxinEnd: + movl $3221225472,%eax + .byte 0x0f,0xa2 + movl %eax,%edx +@@ -92,43 +101,47 @@ L000noluck: + .align 4 + _padlock_key_bswap: + L_padlock_key_bswap_begin: ++.byte 243,15,30,251 + movl 4(%esp),%edx + movl 240(%edx),%ecx +-L001bswap_loop: ++L003bswap_loop: + movl (%edx),%eax + bswap %eax + movl %eax,(%edx) + leal 4(%edx),%edx + subl $1,%ecx +- jnz L001bswap_loop ++ jnz L003bswap_loop + ret + .globl _padlock_verify_context + .align 4 + _padlock_verify_context: + L_padlock_verify_context_begin: ++.byte 243,15,30,251 + movl 4(%esp),%edx +- leal Lpadlock_saved_context-L002verify_pic_point,%eax ++ leal Lpadlock_saved_context-L004verify_pic_point,%eax + pushfl + call __padlock_verify_ctx +-L002verify_pic_point: ++L004verify_pic_point: + leal 4(%esp),%esp + ret + .align 4 + __padlock_verify_ctx: ++.byte 243,15,30,251 + addl (%esp),%eax + btl $30,4(%esp) +- jnc L003verified ++ jnc L005verified + cmpl (%eax),%edx +- je L003verified ++ je L005verified + pushfl + popfl +-L003verified: ++L005verified: + movl %edx,(%eax) + ret + .globl _padlock_reload_key + .align 4 + _padlock_reload_key: + L_padlock_reload_key_begin: ++.byte 243,15,30,251 + pushfl + popfl + ret +@@ -136,6 +149,7 @@ L_padlock_reload_key_begin: + .align 4 + _padlock_aes_block: + L_padlock_aes_block_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + pushl %ebx +@@ -154,6 +168,7 @@ L_padlock_aes_block_begin: + .align 4 + _padlock_ecb_encrypt: + L_padlock_ecb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -163,25 +178,25 @@ L_padlock_ecb_encrypt_begin: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz L004ecb_abort ++ jnz L006ecb_abort + testl $15,%ecx +- jnz L004ecb_abort +- leal Lpadlock_saved_context-L005ecb_pic_point,%eax ++ jnz L006ecb_abort ++ leal Lpadlock_saved_context-L007ecb_pic_point,%eax + pushfl + cld + call __padlock_verify_ctx +-L005ecb_pic_point: ++L007ecb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz L006ecb_aligned ++ jnz L008ecb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz L006ecb_aligned ++ jnz L008ecb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -200,7 +215,7 @@ L005ecb_pic_point: + andl $-16,%esp + movl %eax,16(%ebp) + cmpl %ebx,%ecx +- ja L007ecb_loop ++ ja L009ecb_loop + movl %esi,%eax + cmpl %esp,%ebp + cmovel %edi,%eax +@@ -211,10 +226,10 @@ L005ecb_pic_point: + movl $-128,%eax + cmovael %ebx,%eax + andl %eax,%ebx +- jz L008ecb_unaligned_tail +- jmp L007ecb_loop ++ jz L010ecb_unaligned_tail ++ jmp L009ecb_loop + .align 4,0x90 +-L007ecb_loop: ++L009ecb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -223,13 +238,13 @@ L007ecb_loop: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz L009ecb_inp_aligned ++ jz L011ecb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-L009ecb_inp_aligned: ++L011ecb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -237,23 +252,23 @@ L009ecb_inp_aligned: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz L010ecb_out_aligned ++ jz L012ecb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-L010ecb_out_aligned: ++L012ecb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jz L011ecb_break ++ jz L013ecb_break + cmpl %ebx,%ecx +- jae L007ecb_loop +-L008ecb_unaligned_tail: ++ jae L009ecb_loop ++L010ecb_unaligned_tail: + xorl %eax,%eax + cmpl %ebp,%esp + cmovel %ecx,%eax +@@ -266,24 +281,24 @@ L008ecb_unaligned_tail: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp L007ecb_loop ++ jmp L009ecb_loop + .align 4,0x90 +-L011ecb_break: ++L013ecb_break: + cmpl %ebp,%esp +- je L012ecb_done ++ je L014ecb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-L013ecb_bzero: ++L015ecb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja L013ecb_bzero +-L012ecb_done: ++ ja L015ecb_bzero ++L014ecb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp L014ecb_exit ++ jmp L016ecb_exit + .align 4,0x90 +-L006ecb_aligned: ++L008ecb_aligned: + leal (%esi,%ecx,1),%ebp + negl %ebp + andl $4095,%ebp +@@ -293,14 +308,14 @@ L006ecb_aligned: + cmovael %eax,%ebp + andl %ecx,%ebp + subl %ebp,%ecx +- jz L015ecb_aligned_tail ++ jz L017ecb_aligned_tail + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,200 + testl %ebp,%ebp +- jz L014ecb_exit +-L015ecb_aligned_tail: ++ jz L016ecb_exit ++L017ecb_aligned_tail: + movl %ebp,%ecx + leal -24(%esp),%ebp + movl %ebp,%esp +@@ -317,11 +332,11 @@ L015ecb_aligned_tail: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp L007ecb_loop +-L014ecb_exit: ++ jmp L009ecb_loop ++L016ecb_exit: + movl $1,%eax + leal 4(%esp),%esp +-L004ecb_abort: ++L006ecb_abort: + popl %edi + popl %esi + popl %ebx +@@ -331,6 +346,7 @@ L004ecb_abort: + .align 4 + _padlock_cbc_encrypt: + L_padlock_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -340,25 +356,25 @@ L_padlock_cbc_encrypt_begin: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz L016cbc_abort ++ jnz L018cbc_abort + testl $15,%ecx +- jnz L016cbc_abort +- leal Lpadlock_saved_context-L017cbc_pic_point,%eax ++ jnz L018cbc_abort ++ leal Lpadlock_saved_context-L019cbc_pic_point,%eax + pushfl + cld + call __padlock_verify_ctx +-L017cbc_pic_point: ++L019cbc_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz L018cbc_aligned ++ jnz L020cbc_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz L018cbc_aligned ++ jnz L020cbc_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -377,7 +393,7 @@ L017cbc_pic_point: + andl $-16,%esp + movl %eax,16(%ebp) + cmpl %ebx,%ecx +- ja L019cbc_loop ++ ja L021cbc_loop + movl %esi,%eax + cmpl %esp,%ebp + cmovel %edi,%eax +@@ -388,10 +404,10 @@ L017cbc_pic_point: + movl $-64,%eax + cmovael %ebx,%eax + andl %eax,%ebx +- jz L020cbc_unaligned_tail +- jmp L019cbc_loop ++ jz L022cbc_unaligned_tail ++ jmp L021cbc_loop + .align 4,0x90 +-L019cbc_loop: ++L021cbc_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -400,13 +416,13 @@ L019cbc_loop: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz L021cbc_inp_aligned ++ jz L023cbc_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-L021cbc_inp_aligned: ++L023cbc_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -416,23 +432,23 @@ L021cbc_inp_aligned: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz L022cbc_out_aligned ++ jz L024cbc_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-L022cbc_out_aligned: ++L024cbc_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jz L023cbc_break ++ jz L025cbc_break + cmpl %ebx,%ecx +- jae L019cbc_loop +-L020cbc_unaligned_tail: ++ jae L021cbc_loop ++L022cbc_unaligned_tail: + xorl %eax,%eax + cmpl %ebp,%esp + cmovel %ecx,%eax +@@ -445,24 +461,24 @@ L020cbc_unaligned_tail: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp L019cbc_loop ++ jmp L021cbc_loop + .align 4,0x90 +-L023cbc_break: ++L025cbc_break: + cmpl %ebp,%esp +- je L024cbc_done ++ je L026cbc_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-L025cbc_bzero: ++L027cbc_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja L025cbc_bzero +-L024cbc_done: ++ ja L027cbc_bzero ++L026cbc_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp L026cbc_exit ++ jmp L028cbc_exit + .align 4,0x90 +-L018cbc_aligned: ++L020cbc_aligned: + leal (%esi,%ecx,1),%ebp + negl %ebp + andl $4095,%ebp +@@ -472,7 +488,7 @@ L018cbc_aligned: + cmovael %eax,%ebp + andl %ecx,%ebp + subl %ebp,%ecx +- jz L027cbc_aligned_tail ++ jz L029cbc_aligned_tail + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -480,8 +496,8 @@ L018cbc_aligned: + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) + testl %ebp,%ebp +- jz L026cbc_exit +-L027cbc_aligned_tail: ++ jz L028cbc_exit ++L029cbc_aligned_tail: + movl %ebp,%ecx + leal -24(%esp),%ebp + movl %ebp,%esp +@@ -498,11 +514,11 @@ L027cbc_aligned_tail: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp L019cbc_loop +-L026cbc_exit: ++ jmp L021cbc_loop ++L028cbc_exit: + movl $1,%eax + leal 4(%esp),%esp +-L016cbc_abort: ++L018cbc_abort: + popl %edi + popl %esi + popl %ebx +@@ -512,6 +528,7 @@ L016cbc_abort: + .align 4 + _padlock_cfb_encrypt: + L_padlock_cfb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -521,25 +538,25 @@ L_padlock_cfb_encrypt_begin: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz L028cfb_abort ++ jnz L030cfb_abort + testl $15,%ecx +- jnz L028cfb_abort +- leal Lpadlock_saved_context-L029cfb_pic_point,%eax ++ jnz L030cfb_abort ++ leal Lpadlock_saved_context-L031cfb_pic_point,%eax + pushfl + cld + call __padlock_verify_ctx +-L029cfb_pic_point: ++L031cfb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz L030cfb_aligned ++ jnz L032cfb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz L030cfb_aligned ++ jnz L032cfb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -557,9 +574,9 @@ L029cfb_pic_point: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp L031cfb_loop ++ jmp L033cfb_loop + .align 4,0x90 +-L031cfb_loop: ++L033cfb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -568,13 +585,13 @@ L031cfb_loop: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz L032cfb_inp_aligned ++ jz L034cfb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-L032cfb_inp_aligned: ++L034cfb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -584,45 +601,45 @@ L032cfb_inp_aligned: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz L033cfb_out_aligned ++ jz L035cfb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-L033cfb_out_aligned: ++L035cfb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz L031cfb_loop ++ jnz L033cfb_loop + cmpl %ebp,%esp +- je L034cfb_done ++ je L036cfb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-L035cfb_bzero: ++L037cfb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja L035cfb_bzero +-L034cfb_done: ++ ja L037cfb_bzero ++L036cfb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp L036cfb_exit ++ jmp L038cfb_exit + .align 4,0x90 +-L030cfb_aligned: ++L032cfb_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,224 + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) +-L036cfb_exit: ++L038cfb_exit: + movl $1,%eax + leal 4(%esp),%esp +-L028cfb_abort: ++L030cfb_abort: + popl %edi + popl %esi + popl %ebx +@@ -632,6 +649,7 @@ L028cfb_abort: + .align 4 + _padlock_ofb_encrypt: + L_padlock_ofb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -641,25 +659,25 @@ L_padlock_ofb_encrypt_begin: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz L037ofb_abort ++ jnz L039ofb_abort + testl $15,%ecx +- jnz L037ofb_abort +- leal Lpadlock_saved_context-L038ofb_pic_point,%eax ++ jnz L039ofb_abort ++ leal Lpadlock_saved_context-L040ofb_pic_point,%eax + pushfl + cld + call __padlock_verify_ctx +-L038ofb_pic_point: ++L040ofb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz L039ofb_aligned ++ jnz L041ofb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz L039ofb_aligned ++ jnz L041ofb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -677,9 +695,9 @@ L038ofb_pic_point: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp L040ofb_loop ++ jmp L042ofb_loop + .align 4,0x90 +-L040ofb_loop: ++L042ofb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -688,13 +706,13 @@ L040ofb_loop: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz L041ofb_inp_aligned ++ jz L043ofb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-L041ofb_inp_aligned: ++L043ofb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -704,45 +722,45 @@ L041ofb_inp_aligned: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz L042ofb_out_aligned ++ jz L044ofb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-L042ofb_out_aligned: ++L044ofb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz L040ofb_loop ++ jnz L042ofb_loop + cmpl %ebp,%esp +- je L043ofb_done ++ je L045ofb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-L044ofb_bzero: ++L046ofb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja L044ofb_bzero +-L043ofb_done: ++ ja L046ofb_bzero ++L045ofb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp L045ofb_exit ++ jmp L047ofb_exit + .align 4,0x90 +-L039ofb_aligned: ++L041ofb_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,232 + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) +-L045ofb_exit: ++L047ofb_exit: + movl $1,%eax + leal 4(%esp),%esp +-L037ofb_abort: ++L039ofb_abort: + popl %edi + popl %esi + popl %ebx +@@ -752,6 +770,7 @@ L037ofb_abort: + .align 4 + _padlock_ctr32_encrypt: + L_padlock_ctr32_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -761,14 +780,14 @@ L_padlock_ctr32_encrypt_begin: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz L046ctr32_abort ++ jnz L048ctr32_abort + testl $15,%ecx +- jnz L046ctr32_abort +- leal Lpadlock_saved_context-L047ctr32_pic_point,%eax ++ jnz L048ctr32_abort ++ leal Lpadlock_saved_context-L049ctr32_pic_point,%eax + pushfl + cld + call __padlock_verify_ctx +-L047ctr32_pic_point: ++L049ctr32_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + movq -16(%edx),%mm0 +@@ -788,9 +807,9 @@ L047ctr32_pic_point: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp L048ctr32_loop ++ jmp L050ctr32_loop + .align 4,0x90 +-L048ctr32_loop: ++L050ctr32_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -799,7 +818,7 @@ L048ctr32_loop: + movl -4(%edx),%ecx + xorl %edi,%edi + movl -8(%edx),%eax +-L049ctr32_prepare: ++L051ctr32_prepare: + movl %ecx,12(%esp,%edi,1) + bswap %ecx + movq %mm0,(%esp,%edi,1) +@@ -808,7 +827,7 @@ L049ctr32_prepare: + bswap %ecx + leal 16(%edi),%edi + cmpl %ebx,%edi +- jb L049ctr32_prepare ++ jb L051ctr32_prepare + movl %ecx,-4(%edx) + leal (%esp),%esi + leal (%esp),%edi +@@ -821,33 +840,33 @@ L049ctr32_prepare: + movl 12(%ebp),%ebx + movl 4(%ebp),%esi + xorl %ecx,%ecx +-L050ctr32_xor: ++L052ctr32_xor: + movups (%esi,%ecx,1),%xmm1 + leal 16(%ecx),%ecx + pxor -16(%esp,%ecx,1),%xmm1 + movups %xmm1,-16(%edi,%ecx,1) + cmpl %ebx,%ecx +- jb L050ctr32_xor ++ jb L052ctr32_xor + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz L048ctr32_loop ++ jnz L050ctr32_loop + pxor %xmm0,%xmm0 + leal (%esp),%eax +-L051ctr32_bzero: ++L053ctr32_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja L051ctr32_bzero +-L052ctr32_done: ++ ja L053ctr32_bzero ++L054ctr32_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp + movl $1,%eax + leal 4(%esp),%esp + emms +-L046ctr32_abort: ++L048ctr32_abort: + popl %edi + popl %esi + popl %ebx +@@ -857,6 +876,7 @@ L046ctr32_abort: + .align 4 + _padlock_xstore: + L_padlock_xstore_begin: ++.byte 243,15,30,251 + pushl %edi + movl 8(%esp),%edi + movl 12(%esp),%edx +@@ -865,19 +885,21 @@ L_padlock_xstore_begin: + ret + .align 4 + __win32_segv_handler: ++.byte 243,15,30,251 + movl $1,%eax + movl 4(%esp),%edx + movl 12(%esp),%ecx + cmpl $3221225477,(%edx) +- jne L053ret ++ jne L055ret + addl $4,184(%ecx) + movl $0,%eax +-L053ret: ++L055ret: + ret + .globl _padlock_sha1_oneshot + .align 4 + _padlock_sha1_oneshot: + L_padlock_sha1_oneshot_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + xorl %eax,%eax +@@ -907,6 +929,7 @@ L_padlock_sha1_oneshot_begin: + .align 4 + _padlock_sha1_blocks: + L_padlock_sha1_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +@@ -935,6 +958,7 @@ L_padlock_sha1_blocks_begin: + .align 4 + _padlock_sha256_oneshot: + L_padlock_sha256_oneshot_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + xorl %eax,%eax +@@ -964,6 +988,7 @@ L_padlock_sha256_oneshot_begin: + .align 4 + _padlock_sha256_blocks: + L_padlock_sha256_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +@@ -992,6 +1017,7 @@ L_padlock_sha256_blocks_begin: + .align 4 + _padlock_sha512_blocks: + L_padlock_sha512_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +diff --git a/lib/accelerated/x86/macosx/e_padlock-x86_64.s b/lib/accelerated/x86/macosx/e_padlock-x86_64.s +index a73d7a6c1..64aff29fe 100644 +--- a/lib/accelerated/x86/macosx/e_padlock-x86_64.s ++++ b/lib/accelerated/x86/macosx/e_padlock-x86_64.s +@@ -1,4 +1,4 @@ +-# Copyright (c) 2011-2013, Andy Polyakov ++# Copyright (c) 2011-2016, Andy Polyakov + # All rights reserved. + # + # Redistribution and use in source and binary forms, with or without +@@ -42,36 +42,50 @@ + + .p2align 4 + _padlock_capability: ++ ++.byte 243,15,30,250 + movq %rbx,%r8 + xorl %eax,%eax + cpuid + xorl %eax,%eax +- cmpl $1953391939,%ebx ++ cmpl $0x746e6543,%ebx ++ jne L$zhaoxin ++ cmpl $0x48727561,%edx ++ jne L$noluck ++ cmpl $0x736c7561,%ecx ++ jne L$noluck ++ jmp L$zhaoxinEnd ++L$zhaoxin: ++ cmpl $0x68532020,%ebx + jne L$noluck +- cmpl $1215460705,%edx ++ cmpl $0x68676e61,%edx + jne L$noluck +- cmpl $1936487777,%ecx ++ cmpl $0x20206961,%ecx + jne L$noluck +- movl $3221225472,%eax ++L$zhaoxinEnd: ++ movl $0xC0000000,%eax + cpuid + movl %eax,%edx + xorl %eax,%eax +- cmpl $3221225473,%edx ++ cmpl $0xC0000001,%edx + jb L$noluck +- movl $3221225473,%eax ++ movl $0xC0000001,%eax + cpuid + movl %edx,%eax +- andl $4294967279,%eax +- orl $16,%eax ++ andl $0xffffffef,%eax ++ orl $0x10,%eax + L$noluck: + movq %r8,%rbx + .byte 0xf3,0xc3 + + ++ + .globl _padlock_key_bswap + + .p2align 4 + _padlock_key_bswap: ++ ++.byte 243,15,30,250 + movl 240(%rdi),%edx + L$bswap_loop: + movl (%rdi),%eax +@@ -83,10 +97,13 @@ L$bswap_loop: + .byte 0xf3,0xc3 + + ++ + .globl _padlock_verify_context + + .p2align 4 + _padlock_verify_context: ++ ++.byte 243,15,30,250 + movq %rdi,%rdx + pushf + leaq L$padlock_saved_context(%rip),%rax +@@ -96,8 +113,11 @@ _padlock_verify_context: + + + ++ + .p2align 4 + _padlock_verify_ctx: ++ ++.byte 243,15,30,250 + movq 8(%rsp),%r8 + btq $30,%r8 + jnc L$verified +@@ -110,41 +130,53 @@ L$verified: + .byte 0xf3,0xc3 + + ++ + .globl _padlock_reload_key + + .p2align 4 + _padlock_reload_key: ++ ++.byte 243,15,30,250 + pushf + popf + .byte 0xf3,0xc3 + + ++ + .globl _padlock_aes_block + + .p2align 4 + _padlock_aes_block: ++ ++.byte 243,15,30,250 + movq %rbx,%r8 + movq $1,%rcx + leaq 32(%rdx),%rbx + leaq 16(%rdx),%rdx +-.byte 0xf3,0x0f,0xa7,0xc8 ++.byte 0xf3,0x0f,0xa7,0xc8 + movq %r8,%rbx + .byte 0xf3,0xc3 + + ++ + .globl _padlock_xstore + + .p2align 4 + _padlock_xstore: ++ ++.byte 243,15,30,250 + movl %esi,%edx +-.byte 0x0f,0xa7,0xc0 ++.byte 0x0f,0xa7,0xc0 + .byte 0xf3,0xc3 + + ++ + .globl _padlock_sha1_oneshot + + .p2align 4 + _padlock_sha1_oneshot: ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -154,7 +186,7 @@ _padlock_sha1_oneshot: + movq %rsp,%rdi + movl %eax,16(%rsp) + xorq %rax,%rax +-.byte 0xf3,0x0f,0xa6,0xc8 ++.byte 0xf3,0x0f,0xa6,0xc8 + movaps (%rsp),%xmm0 + movl 16(%rsp),%eax + addq $128+8,%rsp +@@ -163,10 +195,13 @@ _padlock_sha1_oneshot: + .byte 0xf3,0xc3 + + ++ + .globl _padlock_sha1_blocks + + .p2align 4 + _padlock_sha1_blocks: ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -176,7 +211,7 @@ _padlock_sha1_blocks: + movq %rsp,%rdi + movl %eax,16(%rsp) + movq $-1,%rax +-.byte 0xf3,0x0f,0xa6,0xc8 ++.byte 0xf3,0x0f,0xa6,0xc8 + movaps (%rsp),%xmm0 + movl 16(%rsp),%eax + addq $128+8,%rsp +@@ -185,10 +220,13 @@ _padlock_sha1_blocks: + .byte 0xf3,0xc3 + + ++ + .globl _padlock_sha256_oneshot + + .p2align 4 + _padlock_sha256_oneshot: ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -198,7 +236,7 @@ _padlock_sha256_oneshot: + movq %rsp,%rdi + movaps %xmm1,16(%rsp) + xorq %rax,%rax +-.byte 0xf3,0x0f,0xa6,0xd0 ++.byte 0xf3,0x0f,0xa6,0xd0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + addq $128+8,%rsp +@@ -207,10 +245,13 @@ _padlock_sha256_oneshot: + .byte 0xf3,0xc3 + + ++ + .globl _padlock_sha256_blocks + + .p2align 4 + _padlock_sha256_blocks: ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -220,7 +261,7 @@ _padlock_sha256_blocks: + movq %rsp,%rdi + movaps %xmm1,16(%rsp) + movq $-1,%rax +-.byte 0xf3,0x0f,0xa6,0xd0 ++.byte 0xf3,0x0f,0xa6,0xd0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + addq $128+8,%rsp +@@ -229,10 +270,13 @@ _padlock_sha256_blocks: + .byte 0xf3,0xc3 + + ++ + .globl _padlock_sha512_blocks + + .p2align 4 + _padlock_sha512_blocks: ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -245,7 +289,7 @@ _padlock_sha512_blocks: + movaps %xmm1,16(%rsp) + movaps %xmm2,32(%rsp) + movaps %xmm3,48(%rsp) +-.byte 0xf3,0x0f,0xa6,0xe0 ++.byte 0xf3,0x0f,0xa6,0xe0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + movaps 32(%rsp),%xmm2 +@@ -257,10 +301,13 @@ _padlock_sha512_blocks: + movups %xmm3,48(%rdx) + .byte 0xf3,0xc3 + ++ + .globl _padlock_ecb_encrypt + + .p2align 4 + _padlock_ecb_encrypt: ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -278,9 +325,9 @@ _padlock_ecb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz L$ecb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz L$ecb_aligned +@@ -304,7 +351,7 @@ _padlock_ecb_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $128,%rax + movq $-128,%rax + cmovaeq %rbx,%rax +@@ -320,12 +367,12 @@ L$ecb_loop: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz L$ecb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -333,15 +380,15 @@ L$ecb_inp_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,200 ++.byte 0xf3,0x0f,0xa7,200 + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz L$ecb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + L$ecb_out_aligned: + movq %r9,%rsi +@@ -362,7 +409,7 @@ L$ecb_unaligned_tail: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -388,7 +435,7 @@ L$ecb_done: + L$ecb_aligned: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $128,%rbp + movq $128-1,%rbp +@@ -399,7 +446,7 @@ L$ecb_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,200 ++.byte 0xf3,0x0f,0xa7,200 + testq %rbp,%rbp + jz L$ecb_exit + +@@ -411,7 +458,7 @@ L$ecb_aligned_tail: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -424,10 +471,13 @@ L$ecb_abort: + popq %rbp + .byte 0xf3,0xc3 + ++ + .globl _padlock_cbc_encrypt + + .p2align 4 + _padlock_cbc_encrypt: ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -445,9 +495,9 @@ _padlock_cbc_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz L$cbc_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz L$cbc_aligned +@@ -471,7 +521,7 @@ _padlock_cbc_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $64,%rax + movq $-64,%rax + cmovaeq %rbx,%rax +@@ -487,12 +537,12 @@ L$cbc_loop: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz L$cbc_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -500,17 +550,17 @@ L$cbc_inp_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,208 ++.byte 0xf3,0x0f,0xa7,208 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz L$cbc_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + L$cbc_out_aligned: + movq %r9,%rsi +@@ -531,7 +581,7 @@ L$cbc_unaligned_tail: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -557,7 +607,7 @@ L$cbc_done: + L$cbc_aligned: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $64,%rbp + movq $64-1,%rbp +@@ -568,7 +618,7 @@ L$cbc_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,208 ++.byte 0xf3,0x0f,0xa7,208 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + testq %rbp,%rbp +@@ -582,7 +632,7 @@ L$cbc_aligned_tail: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -595,10 +645,13 @@ L$cbc_abort: + popq %rbp + .byte 0xf3,0xc3 + ++ + .globl _padlock_cfb_encrypt + + .p2align 4 + _padlock_cfb_encrypt: ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -616,9 +669,9 @@ _padlock_cfb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz L$cfb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz L$cfb_aligned +@@ -645,12 +698,12 @@ L$cfb_loop: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz L$cfb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -658,17 +711,17 @@ L$cfb_inp_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,224 ++.byte 0xf3,0x0f,0xa7,224 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz L$cfb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + L$cfb_out_aligned: + movq %r9,%rsi +@@ -698,7 +751,7 @@ L$cfb_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,224 ++.byte 0xf3,0x0f,0xa7,224 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + L$cfb_exit: +@@ -709,10 +762,13 @@ L$cfb_abort: + popq %rbp + .byte 0xf3,0xc3 + ++ + .globl _padlock_ofb_encrypt + + .p2align 4 + _padlock_ofb_encrypt: ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -730,9 +786,9 @@ _padlock_ofb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz L$ofb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz L$ofb_aligned +@@ -759,12 +815,12 @@ L$ofb_loop: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz L$ofb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -772,17 +828,17 @@ L$ofb_inp_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,232 ++.byte 0xf3,0x0f,0xa7,232 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz L$ofb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + L$ofb_out_aligned: + movq %r9,%rsi +@@ -812,7 +868,7 @@ L$ofb_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,232 ++.byte 0xf3,0x0f,0xa7,232 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + L$ofb_exit: +@@ -823,10 +879,13 @@ L$ofb_abort: + popq %rbp + .byte 0xf3,0xc3 + ++ + .globl _padlock_ctr32_encrypt + + .p2align 4 + _padlock_ctr32_encrypt: ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -844,9 +903,9 @@ _padlock_ctr32_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz L$ctr32_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz L$ctr32_aligned +@@ -881,7 +940,7 @@ L$ctr32_reenter: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $32,%rax + movq $-32,%rax + cmovaeq %rbx,%rax +@@ -897,12 +956,12 @@ L$ctr32_loop: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz L$ctr32_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -910,23 +969,23 @@ L$ctr32_inp_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + movl -4(%rdx),%eax +- testl $4294901760,%eax ++ testl $0xffff0000,%eax + jnz L$ctr32_no_carry + bswapl %eax +- addl $65536,%eax ++ addl $0x10000,%eax + bswapl %eax + movl %eax,-4(%rdx) + L$ctr32_no_carry: + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz L$ctr32_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + L$ctr32_out_aligned: + movq %r9,%rsi +@@ -944,7 +1003,7 @@ L$ctr32_out_aligned: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $32,%rax + movq $-32,%rax + cmovaeq %rbx,%rax +@@ -959,7 +1018,7 @@ L$ctr32_unaligned_tail: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -986,7 +1045,7 @@ L$ctr32_aligned: + movl -4(%rdx),%eax + bswapl %eax + negl %eax +- andl $65535,%eax ++ andl $0xffff,%eax + movq $1048576,%rbx + shll $4,%eax + cmovzq %rbx,%rax +@@ -1003,11 +1062,11 @@ L$ctr32_aligned_loop: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + + movl -4(%rdx),%eax + bswapl %eax +- addl $65536,%eax ++ addl $0x10000,%eax + bswapl %eax + movl %eax,-4(%rdx) + +@@ -1021,7 +1080,7 @@ L$ctr32_aligned_loop: + L$ctr32_aligned_skip: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $32,%rbp + movq $32-1,%rbp +@@ -1032,7 +1091,7 @@ L$ctr32_aligned_skip: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + testq %rbp,%rbp + jz L$ctr32_exit + +@@ -1044,7 +1103,7 @@ L$ctr32_aligned_tail: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -1057,6 +1116,7 @@ L$ctr32_abort: + popq %rbp + .byte 0xf3,0xc3 + ++ + .byte 86,73,65,32,80,97,100,108,111,99,107,32,120,56,54,95,54,52,32,109,111,100,117,108,101,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .p2align 4 + .data +diff --git a/lib/accelerated/x86/macosx/ghash-x86_64.s b/lib/accelerated/x86/macosx/ghash-x86_64.s +index 5fd321675..974d34dc7 100644 +--- a/lib/accelerated/x86/macosx/ghash-x86_64.s ++++ b/lib/accelerated/x86/macosx/ghash-x86_64.s +@@ -45,6 +45,7 @@ + .p2align 4 + _gcm_gmult_4bit: + ++.byte 243,15,30,250 + pushq %rbx + + pushq %rbp +@@ -150,6 +151,7 @@ L$gmult_epilogue: + .p2align 4 + _gcm_ghash_4bit: + ++.byte 243,15,30,250 + pushq %rbx + + pushq %rbp +@@ -891,6 +893,7 @@ L$_init_clmul: + .p2align 4 + _gcm_gmult_clmul: + ++.byte 243,15,30,250 + L$_gmult_clmul: + movdqu (%rdi),%xmm0 + movdqa L$bswap_mask(%rip),%xmm5 +@@ -944,6 +947,7 @@ L$_gmult_clmul: + .p2align 5 + _gcm_ghash_clmul: + ++.byte 243,15,30,250 + L$_ghash_clmul: + movdqa L$bswap_mask(%rip),%xmm10 + +@@ -1438,6 +1442,7 @@ L$init_start_avx: + .p2align 5 + _gcm_gmult_avx: + ++.byte 243,15,30,250 + jmp L$_gmult_clmul + + +@@ -1446,6 +1451,7 @@ _gcm_gmult_avx: + .p2align 5 + _gcm_ghash_avx: + ++.byte 243,15,30,250 + vzeroupper + + vmovdqu (%rdi),%xmm10 +diff --git a/lib/accelerated/x86/macosx/sha1-ssse3-x86.s b/lib/accelerated/x86/macosx/sha1-ssse3-x86.s +index 985d4af8d..f51c5a318 100644 +--- a/lib/accelerated/x86/macosx/sha1-ssse3-x86.s ++++ b/lib/accelerated/x86/macosx/sha1-ssse3-x86.s +@@ -42,6 +42,7 @@ + .align 4 + _sha1_block_data_order: + L_sha1_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +diff --git a/lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s b/lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s +index a576acc25..7b5d9dfc9 100644 +--- a/lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s ++++ b/lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s +@@ -1460,10 +1460,10 @@ L$oop_shaext: + pshufd $27,%xmm1,%xmm1 + movdqu %xmm0,(%rdi) + movd %xmm1,16(%rdi) +- + .byte 0xf3,0xc3 + + ++ + .p2align 4 + sha1_block_data_order_ssse3: + _ssse3_shortcut: +diff --git a/lib/accelerated/x86/macosx/sha256-ssse3-x86.s b/lib/accelerated/x86/macosx/sha256-ssse3-x86.s +index 8d257109c..36781d480 100644 +--- a/lib/accelerated/x86/macosx/sha256-ssse3-x86.s ++++ b/lib/accelerated/x86/macosx/sha256-ssse3-x86.s +@@ -42,6 +42,7 @@ + .align 4 + _sha256_block_data_order: + L_sha256_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +diff --git a/lib/accelerated/x86/macosx/sha256-ssse3-x86_64.s b/lib/accelerated/x86/macosx/sha256-ssse3-x86_64.s +index fd0c24735..9fed36b9c 100644 +--- a/lib/accelerated/x86/macosx/sha256-ssse3-x86_64.s ++++ b/lib/accelerated/x86/macosx/sha256-ssse3-x86_64.s +@@ -1814,6 +1814,7 @@ K256: + .p2align 6 + sha256_block_data_order_shaext: + _shaext_shortcut: ++ + leaq K256+128(%rip),%rcx + movdqu (%rdi),%xmm1 + movdqu 16(%rdi),%xmm2 +@@ -2018,6 +2019,7 @@ L$oop_shaext: + .byte 0xf3,0xc3 + + ++ + .p2align 6 + sha256_block_data_order_ssse3: + +@@ -4277,7 +4279,15 @@ L$oop_avx2: + vmovdqa %ymm4,0(%rsp) + xorl %r14d,%r14d + vmovdqa %ymm5,32(%rsp) ++ ++ movq 88(%rsp),%rdi ++ + leaq -64(%rsp),%rsp ++ ++ ++ ++ movq %rdi,-8(%rsp) ++ + movl %ebx,%edi + vmovdqa %ymm6,0(%rsp) + xorl %ecx,%edi +@@ -4289,6 +4299,12 @@ L$oop_avx2: + .p2align 4 + L$avx2_00_47: + leaq -64(%rsp),%rsp ++ ++ ++ pushq 64-8(%rsp) ++ ++ leaq 8(%rsp),%rsp ++ + vpalignr $4,%ymm0,%ymm1,%ymm4 + addl 0+128(%rsp),%r11d + andl %r8d,%r12d +@@ -4544,6 +4560,12 @@ L$avx2_00_47: + movl %r9d,%r12d + vmovdqa %ymm6,32(%rsp) + leaq -64(%rsp),%rsp ++ ++ ++ pushq 64-8(%rsp) ++ ++ leaq 8(%rsp),%rsp ++ + vpalignr $4,%ymm2,%ymm3,%ymm4 + addl 0+128(%rsp),%r11d + andl %r8d,%r12d +@@ -5419,6 +5441,8 @@ L$ower_avx2: + + leaq 448(%rsp),%rsp + ++ ++ + addl 0(%rdi),%eax + addl 4(%rdi),%ebx + addl 8(%rdi),%ecx +@@ -5444,9 +5468,11 @@ L$ower_avx2: + jbe L$oop_avx2 + leaq (%rsp),%rbp + ++ ++ ++ + L$done_avx2: +- leaq (%rbp),%rsp +- movq 88(%rsp),%rsi ++ movq 88(%rbp),%rsi + + vzeroupper + movq -48(%rsi),%r15 +diff --git a/lib/accelerated/x86/macosx/sha512-ssse3-x86.s b/lib/accelerated/x86/macosx/sha512-ssse3-x86.s +index 4e60bb45f..248a35ee1 100644 +--- a/lib/accelerated/x86/macosx/sha512-ssse3-x86.s ++++ b/lib/accelerated/x86/macosx/sha512-ssse3-x86.s +@@ -42,6 +42,7 @@ + .align 4 + _sha512_block_data_order: + L_sha512_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +diff --git a/lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s b/lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s +index 8bf161601..e78d90f2d 100644 +--- a/lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s ++++ b/lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s +@@ -4204,7 +4204,15 @@ L$oop_avx2: + vmovdqa %ymm10,64(%rsp) + vpaddq 64(%rbp),%ymm6,%ymm10 + vmovdqa %ymm11,96(%rsp) ++ ++ movq 152(%rsp),%rdi ++ + leaq -128(%rsp),%rsp ++ ++ ++ ++ movq %rdi,-8(%rsp) ++ + vpaddq 96(%rbp),%ymm7,%ymm11 + vmovdqa %ymm8,0(%rsp) + xorq %r14,%r14 +@@ -4220,6 +4228,12 @@ L$oop_avx2: + .p2align 4 + L$avx2_00_47: + leaq -128(%rsp),%rsp ++ ++ ++ pushq 128-8(%rsp) ++ ++ leaq 8(%rsp),%rsp ++ + vpalignr $8,%ymm0,%ymm1,%ymm8 + addq 0+256(%rsp),%r11 + andq %r8,%r12 +@@ -4513,6 +4527,12 @@ L$avx2_00_47: + movq %r9,%r12 + vmovdqa %ymm10,96(%rsp) + leaq -128(%rsp),%rsp ++ ++ ++ pushq 128-8(%rsp) ++ ++ leaq 8(%rsp),%rsp ++ + vpalignr $8,%ymm4,%ymm5,%ymm8 + addq 0+256(%rsp),%r11 + andq %r8,%r12 +@@ -5426,6 +5446,8 @@ L$ower_avx2: + + leaq 1152(%rsp),%rsp + ++ ++ + addq 0(%rdi),%rax + addq 8(%rdi),%rbx + addq 16(%rdi),%rcx +@@ -5451,9 +5473,11 @@ L$ower_avx2: + jbe L$oop_avx2 + leaq (%rsp),%rbp + ++ ++ ++ + L$done_avx2: +- leaq (%rbp),%rsp +- movq 152(%rsp),%rsi ++ movq 152(%rbp),%rsi + + vzeroupper + movq -48(%rsi),%r15 +-- +2.25.4 + diff --git a/SOURCES/gnutls-3.6.14-autogen-int.patch b/SOURCES/gnutls-3.6.14-autogen-int.patch new file mode 100644 index 0000000..6723acb --- /dev/null +++ b/SOURCES/gnutls-3.6.14-autogen-int.patch @@ -0,0 +1,36 @@ +From cf1de82bedd01c01e70921699c84a473b08d0dab Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 1 Jun 2020 17:23:59 +0200 +Subject: [PATCH] serv: omit upper bound of --maxearlydata option definition + +It turned out that AutoGen treats numbers that exceed INT_MAX in a +platform dependent way. In this case, 4294967295 (UINT_MAX) is +treated as is on 64-bit platforms, while it is interpreted as "-1" on +32-bit platforms. This causes a problem when the program +documentation is compiled under multilib environment. + +Reported by Ivan Molodetskikh in: +https://bugzilla.redhat.com/show_bug.cgi?id=1841844 +and the cause was identified by Anderson Toshiyuki Sasaki. + +Signed-off-by: Daiki Ueno +--- + src/serv-args.def | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/serv-args.def b/src/serv-args.def +index 996fbe36b..a584085e2 100644 +--- a/src/serv-args.def ++++ b/src/serv-args.def +@@ -51,7 +51,7 @@ flag = { + flag = { + name = maxearlydata; + arg-type = number; +- arg-range = "1->4294967295"; ++ arg-range = "1->"; + descrip = "The maximum early data size to accept"; + doc = ""; + }; +-- +2.26.2 + diff --git a/SOURCES/gnutls-3.6.14-fips-dh-check.patch b/SOURCES/gnutls-3.6.14-fips-dh-check.patch new file mode 100644 index 0000000..40d579f --- /dev/null +++ b/SOURCES/gnutls-3.6.14-fips-dh-check.patch @@ -0,0 +1,676 @@ +From bea53f1b46a64d6dcf5bbe4794740c4d4459f9bf Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Fri, 10 Jul 2020 09:35:49 +0200 +Subject: [PATCH 1/5] dh: check validity of Z before export + +SP800-56A rev3 section 5.7.1.1 step 2 mandates that the validity of the +calculated shared secret is verified before the data is returned to the +caller. This patch adds the validation check. + +Suggested by Stephan Mueller. + +Signed-off-by: Daiki Ueno +--- + lib/nettle/pk.c | 26 +++++++++++++++++--------- + 1 file changed, 17 insertions(+), 9 deletions(-) + +diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c +index 57a8560ed..08c7d4860 100644 +--- a/lib/nettle/pk.c ++++ b/lib/nettle/pk.c +@@ -288,7 +288,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, + switch (algo) { + case GNUTLS_PK_DH: { + bigint_t f, x, q, prime; +- bigint_t k = NULL, ff = NULL, r = NULL; ++ bigint_t k = NULL, primesub1 = NULL, r = NULL; + unsigned int bits; + + if (nonce != NULL) +@@ -299,21 +299,20 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, + q = priv->params[DH_Q]; + prime = priv->params[DH_P]; + +- ret = _gnutls_mpi_init_multi(&k, &ff, &r, NULL); ++ ret = _gnutls_mpi_init_multi(&k, &primesub1, &r, NULL); + if (ret < 0) + return gnutls_assert_val(ret); + +- ret = _gnutls_mpi_add_ui(ff, f, 1); ++ ret = _gnutls_mpi_sub_ui(primesub1, prime, 1); + if (ret < 0) { + gnutls_assert(); + goto dh_cleanup; + } + +- /* check if f==0,1, or f >= p-1. +- * or (ff=f+1) equivalently ff==1,2, ff >= p */ +- if ((_gnutls_mpi_cmp_ui(ff, 2) == 0) +- || (_gnutls_mpi_cmp_ui(ff, 1) == 0) +- || (_gnutls_mpi_cmp(ff, prime) >= 0)) { ++ /* check if f==0,1, or f >= p-1 */ ++ if ((_gnutls_mpi_cmp_ui(f, 1) == 0) ++ || (_gnutls_mpi_cmp_ui(f, 0) == 0) ++ || (_gnutls_mpi_cmp(f, primesub1) >= 0)) { + gnutls_assert(); + ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; + goto dh_cleanup; +@@ -354,6 +353,15 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, + goto dh_cleanup; + } + ++ /* check if k==0,1, or k = p-1 */ ++ if ((_gnutls_mpi_cmp_ui(k, 1) == 0) ++ || (_gnutls_mpi_cmp_ui(k, 0) == 0) ++ || (_gnutls_mpi_cmp(k, primesub1) == 0)) { ++ gnutls_assert(); ++ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; ++ goto dh_cleanup; ++ } ++ + if (flags & PK_DERIVE_TLS13) { + ret = + _gnutls_mpi_dprint_size(k, out, +@@ -370,7 +378,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, + ret = 0; + dh_cleanup: + _gnutls_mpi_release(&r); +- _gnutls_mpi_release(&ff); ++ _gnutls_mpi_release(&primesub1); + zrelease_temp_mpi_key(&k); + if (ret < 0) + goto cleanup; +-- +2.26.2 + + +From 13202600d3e42258d8758b05ff45a3e3d0f07e4e Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Fri, 10 Jul 2020 09:42:30 +0200 +Subject: [PATCH 2/5] ecdh: check validity of P before export + +SP800-56A rev3 section 5.7.1.2 step 2 mandates that the validity of +the calculated shared secret is verified before the data is returned +to the caller. This patch adds the validation check. + +Suggested by Stephan Mueller. + +Signed-off-by: Daiki Ueno +--- + lib/nettle/pk.c | 27 +++++++++++++++++++++------ + 1 file changed, 21 insertions(+), 6 deletions(-) + +diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c +index 08c7d4860..7f0fa8e03 100644 +--- a/lib/nettle/pk.c ++++ b/lib/nettle/pk.c +@@ -229,25 +229,38 @@ _gost_params_to_pubkey(const gnutls_pk_params_st * pk_params, + } + #endif + +-static void ++static int + ecc_shared_secret(struct ecc_scalar *private_key, + struct ecc_point *public_key, void *out, unsigned size) + { + struct ecc_point r; +- mpz_t x; ++ mpz_t x, y; ++ int ret = 0; + + mpz_init(x); ++ mpz_init(y); + ecc_point_init(&r, public_key->ecc); + + ecc_point_mul(&r, private_key, public_key); + +- ecc_point_get(&r, x, NULL); ++ ecc_point_get(&r, x, y); ++ ++ /* Check if the point is not an identity element. Note that this cannot ++ * happen in nettle implementation, because it cannot represent an ++ * infinity point. */ ++ if (mpz_cmp_ui(x, 0) == 0 && mpz_cmp_ui(y, 0) == 0) { ++ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); ++ goto cleanup; ++ } ++ + nettle_mpz_get_str_256(size, out, x); + ++ cleanup: + mpz_clear(x); ++ mpz_clear(y); + ecc_point_clear(&r); + +- return; ++ return ret; + } + + #define MAX_DH_BITS DEFAULT_MAX_VERIFY_BITS +@@ -423,8 +436,10 @@ dh_cleanup: + goto ecc_cleanup; + } + +- ecc_shared_secret(&ecc_priv, &ecc_pub, out->data, +- out->size); ++ ret = ecc_shared_secret(&ecc_priv, &ecc_pub, out->data, ++ out->size); ++ if (ret < 0) ++ gnutls_free(out->data); + + ecc_cleanup: + ecc_point_clear(&ecc_pub); +-- +2.26.2 + + +From 245fb622e82bfa7b80d2cec7cafdbc65014ca3cb Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Fri, 17 Jul 2020 17:45:17 +0200 +Subject: [PATCH 3/5] dh-primes: make the FIPS approved check return Q value + +This is necessary for full public key validation in +SP800-56A (revision 3), section 5.6.2.3.1. + +Signed-off-by: Daiki Ueno +--- + lib/auth/dh_common.c | 2 +- + lib/dh-primes.c | 38 +++++++++++++++++++++++--------------- + lib/dh.h | 10 ++++++---- + 3 files changed, 30 insertions(+), 20 deletions(-) + +diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c +index 252eea0cb..fcd696d4d 100644 +--- a/lib/auth/dh_common.c ++++ b/lib/auth/dh_common.c +@@ -259,7 +259,7 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, + + #ifdef ENABLE_FIPS140 + if (gnutls_fips140_mode_enabled() && +- !_gnutls_dh_prime_is_fips_approved(data_p, n_p, data_g, n_g)) { ++ !_gnutls_dh_prime_match_fips_approved(data_p, n_p, data_g, n_g, NULL, NULL)) { + gnutls_assert(); + return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; + } +diff --git a/lib/dh-primes.c b/lib/dh-primes.c +index a43a8e5de..a440b5b98 100644 +--- a/lib/dh-primes.c ++++ b/lib/dh-primes.c +@@ -1894,25 +1894,28 @@ const gnutls_datum_t gnutls_modp_8192_group_generator = { + const unsigned int gnutls_modp_8192_key_bits = 512; + + unsigned +-_gnutls_dh_prime_is_fips_approved(const uint8_t *prime, +- size_t prime_size, +- const uint8_t *generator, +- size_t generator_size) ++_gnutls_dh_prime_match_fips_approved(const uint8_t *prime, ++ size_t prime_size, ++ const uint8_t *generator, ++ size_t generator_size, ++ uint8_t **q, ++ size_t *q_size) + { + static const struct { + const gnutls_datum_t *prime; + const gnutls_datum_t *generator; ++ const gnutls_datum_t *q; + } primes[] = { +- { &gnutls_ffdhe_8192_group_prime, &gnutls_ffdhe_8192_group_generator }, +- { &gnutls_ffdhe_6144_group_prime, &gnutls_ffdhe_6144_group_generator }, +- { &gnutls_ffdhe_4096_group_prime, &gnutls_ffdhe_4096_group_generator }, +- { &gnutls_ffdhe_3072_group_prime, &gnutls_ffdhe_3072_group_generator }, +- { &gnutls_ffdhe_2048_group_prime, &gnutls_ffdhe_2048_group_generator }, +- { &gnutls_modp_8192_group_prime, &gnutls_modp_8192_group_generator }, +- { &gnutls_modp_6144_group_prime, &gnutls_modp_6144_group_generator }, +- { &gnutls_modp_4096_group_prime, &gnutls_modp_4096_group_generator }, +- { &gnutls_modp_3072_group_prime, &gnutls_modp_3072_group_generator }, +- { &gnutls_modp_2048_group_prime, &gnutls_modp_2048_group_generator }, ++ { &gnutls_ffdhe_8192_group_prime, &gnutls_ffdhe_8192_group_generator, &gnutls_ffdhe_8192_group_q }, ++ { &gnutls_ffdhe_6144_group_prime, &gnutls_ffdhe_6144_group_generator, &gnutls_ffdhe_6144_group_q }, ++ { &gnutls_ffdhe_4096_group_prime, &gnutls_ffdhe_4096_group_generator, &gnutls_ffdhe_4096_group_q }, ++ { &gnutls_ffdhe_3072_group_prime, &gnutls_ffdhe_3072_group_generator, &gnutls_ffdhe_3072_group_q }, ++ { &gnutls_ffdhe_2048_group_prime, &gnutls_ffdhe_2048_group_generator, &gnutls_ffdhe_2048_group_q }, ++ { &gnutls_modp_8192_group_prime, &gnutls_modp_8192_group_generator, &gnutls_modp_8192_group_q }, ++ { &gnutls_modp_6144_group_prime, &gnutls_modp_6144_group_generator, &gnutls_modp_6144_group_q }, ++ { &gnutls_modp_4096_group_prime, &gnutls_modp_4096_group_generator, &gnutls_modp_4096_group_q }, ++ { &gnutls_modp_3072_group_prime, &gnutls_modp_3072_group_generator, &gnutls_modp_3072_group_q }, ++ { &gnutls_modp_2048_group_prime, &gnutls_modp_2048_group_generator, &gnutls_modp_2048_group_q }, + }; + size_t i; + +@@ -1920,8 +1923,13 @@ _gnutls_dh_prime_is_fips_approved(const uint8_t *prime, + if (primes[i].prime->size == prime_size && + memcmp(primes[i].prime->data, prime, primes[i].prime->size) == 0 && + primes[i].generator->size == generator_size && +- memcmp(primes[i].generator->data, generator, primes[i].generator->size) == 0) ++ memcmp(primes[i].generator->data, generator, primes[i].generator->size) == 0) { ++ if (q) { ++ *q = primes[i].q->data; ++ *q_size = primes[i].q->size; ++ } + return 1; ++ } + } + + return 0; +diff --git a/lib/dh.h b/lib/dh.h +index 672451947..f5c2c0924 100644 +--- a/lib/dh.h ++++ b/lib/dh.h +@@ -61,9 +61,11 @@ extern const gnutls_datum_t gnutls_modp_2048_group_generator; + extern const unsigned int gnutls_modp_2048_key_bits; + + unsigned +-_gnutls_dh_prime_is_fips_approved(const uint8_t *prime, +- size_t prime_size, +- const uint8_t *generator, +- size_t generator_size); ++_gnutls_dh_prime_match_fips_approved(const uint8_t *prime, ++ size_t prime_size, ++ const uint8_t *generator, ++ size_t generator_size, ++ uint8_t **q, ++ size_t *q_size); + + #endif /* GNUTLS_LIB_DH_H */ +-- +2.26.2 + + +From 8b575625614fbe5a22b68dc8d1877efb1d44dd37 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Fri, 17 Jul 2020 17:47:06 +0200 +Subject: [PATCH 4/5] dh: perform SP800-56A rev3 full pubkey validation on + keygen + +This implements full public key validation required in SP800-56A rev3, +section 5.6.2.3.1. + +Signed-off-by: Daiki Ueno +--- + lib/nettle/pk.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 90 insertions(+) + +diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c +index 7f0fa8e03..057836bc2 100644 +--- a/lib/nettle/pk.c ++++ b/lib/nettle/pk.c +@@ -71,6 +71,7 @@ + #include "int/dsa-compute-k.h" + #include + #include ++#include "dh.h" + + static inline const struct ecc_curve *get_supported_nist_curve(int curve); + static inline const struct ecc_curve *get_supported_gost_curve(int curve); +@@ -2131,6 +2132,53 @@ edwards_curve_mul_g(gnutls_pk_algorithm_t algo, + } + } + ++static inline int ++dh_find_q(const gnutls_pk_params_st *pk_params, mpz_t q) ++{ ++ gnutls_datum_t prime = { NULL, 0 }; ++ gnutls_datum_t generator = { NULL, 0 }; ++ uint8_t *data_q; ++ size_t n_q; ++ bigint_t _q; ++ int ret = 0; ++ ++ ret = _gnutls_mpi_dprint(pk_params->params[DSA_P], &prime); ++ if (ret < 0) { ++ gnutls_assert(); ++ goto cleanup; ++ } ++ ++ ret = _gnutls_mpi_dprint(pk_params->params[DSA_G], &generator); ++ if (ret < 0) { ++ gnutls_assert(); ++ goto cleanup; ++ } ++ ++ if (!_gnutls_dh_prime_match_fips_approved(prime.data, ++ prime.size, ++ generator.data, ++ generator.size, ++ &data_q, ++ &n_q)) { ++ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ++ goto cleanup; ++ } ++ ++ if (_gnutls_mpi_init_scan_nz(&_q, data_q, n_q) != 0) { ++ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); ++ goto cleanup; ++ } ++ ++ mpz_set(q, TOMPZ(_q)); ++ _gnutls_mpi_release(&_q); ++ ++ cleanup: ++ gnutls_free(prime.data); ++ gnutls_free(generator.data); ++ ++ return ret; ++} ++ + /* To generate a DH key either q must be set in the params or + * level should be set to the number of required bits. + */ +@@ -2212,6 +2260,9 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, + mpz_t x, y; + int max_tries; + unsigned have_q = 0; ++ mpz_t q; ++ mpz_t primesub1; ++ mpz_t ypowq; + + if (algo != params->algo) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); +@@ -2229,6 +2280,10 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, + mpz_init(x); + mpz_init(y); + ++ mpz_init(q); ++ mpz_init(primesub1); ++ mpz_init(ypowq); ++ + max_tries = 3; + do { + if (have_q) { +@@ -2260,8 +2315,40 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, + ret = GNUTLS_E_LIB_IN_ERROR_STATE; + goto dh_fail; + } ++ + } while(mpz_cmp_ui(y, 1) == 0); + ++#ifdef ENABLE_FIPS140 ++ if (_gnutls_fips_mode_enabled()) { ++ /* Perform FFC full public key validation checks ++ * according to SP800-56A (revision 3), 5.6.2.3.1. ++ */ ++ ++ /* Step 1: 2 <= y <= p - 2 */ ++ mpz_sub_ui(primesub1, pub.p, 1); ++ ++ if (mpz_cmp_ui(y, 2) < 0 || mpz_cmp(y, primesub1) >= 0) { ++ ret = gnutls_assert_val(GNUTLS_E_RANDOM_FAILED); ++ goto dh_fail; ++ } ++ ++ /* Step 2: 1 = y^q mod p */ ++ if (have_q) ++ mpz_set(q, pub.q); ++ else { ++ ret = dh_find_q(params, q); ++ if (ret < 0) ++ goto dh_fail; ++ } ++ ++ mpz_powm(ypowq, y, q, pub.p); ++ if (mpz_cmp_ui(ypowq, 1) != 0) { ++ ret = gnutls_assert_val(GNUTLS_E_RANDOM_FAILED); ++ goto dh_fail; ++ } ++ } ++#endif ++ + ret = _gnutls_mpi_init_multi(¶ms->params[DSA_Y], ¶ms->params[DSA_X], NULL); + if (ret < 0) { + gnutls_assert(); +@@ -2278,6 +2365,9 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, + mpz_clear(r); + mpz_clear(x); + mpz_clear(y); ++ mpz_clear(q); ++ mpz_clear(primesub1); ++ mpz_clear(ypowq); + + if (ret < 0) + goto fail; +-- +2.26.2 + + +From 23756c8580dff99d0856adca49dd22a55352ad62 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Sat, 18 Jul 2020 08:26:48 +0200 +Subject: [PATCH 5/5] ecdh: perform SP800-56A rev3 full pubkey validation on + keygen + +This implements full public key validation required in +SP800-56A rev3, section 5.6.2.3.3. + +Signed-off-by: Daiki Ueno +--- + lib/nettle/pk.c | 182 +++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 180 insertions(+), 2 deletions(-) + +diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c +index 057836bc2..588e9df50 100644 +--- a/lib/nettle/pk.c ++++ b/lib/nettle/pk.c +@@ -1552,6 +1552,80 @@ static inline const struct ecc_curve *get_supported_nist_curve(int curve) + } + } + ++static inline const char *get_supported_nist_curve_order(int curve) ++{ ++ static const struct { ++ int curve; ++ const char *order; ++ } orders[] = { ++#ifdef ENABLE_NON_SUITEB_CURVES ++ { GNUTLS_ECC_CURVE_SECP192R1, ++ "ffffffffffffffffffffffff99def836" ++ "146bc9b1b4d22831" }, ++ { GNUTLS_ECC_CURVE_SECP224R1, ++ "ffffffffffffffffffffffffffff16a2" ++ "e0b8f03e13dd29455c5c2a3d" }, ++#endif ++ { GNUTLS_ECC_CURVE_SECP256R1, ++ "ffffffff00000000ffffffffffffffff" ++ "bce6faada7179e84f3b9cac2fc632551" }, ++ { GNUTLS_ECC_CURVE_SECP384R1, ++ "ffffffffffffffffffffffffffffffff" ++ "ffffffffffffffffc7634d81f4372ddf" ++ "581a0db248b0a77aecec196accc52973" }, ++ { GNUTLS_ECC_CURVE_SECP521R1, ++ "1fffffffffffffffffffffffffffffff" ++ "ffffffffffffffffffffffffffffffff" ++ "ffa51868783bf2f966b7fcc0148f709a" ++ "5d03bb5c9b8899c47aebb6fb71e91386" ++ "409" }, ++ }; ++ size_t i; ++ ++ for (i = 0; i < sizeof(orders)/sizeof(orders[0]); i++) { ++ if (orders[i].curve == curve) ++ return orders[i].order; ++ } ++ return NULL; ++} ++ ++static inline const char *get_supported_nist_curve_modulus(int curve) ++{ ++ static const struct { ++ int curve; ++ const char *order; ++ } orders[] = { ++#ifdef ENABLE_NON_SUITEB_CURVES ++ { GNUTLS_ECC_CURVE_SECP192R1, ++ "fffffffffffffffffffffffffffffffe" ++ "ffffffffffffffff" }, ++ { GNUTLS_ECC_CURVE_SECP224R1, ++ "ffffffffffffffffffffffffffffffff" ++ "000000000000000000000001" }, ++#endif ++ { GNUTLS_ECC_CURVE_SECP256R1, ++ "ffffffff000000010000000000000000" ++ "00000000ffffffffffffffffffffffff" }, ++ { GNUTLS_ECC_CURVE_SECP384R1, ++ "ffffffffffffffffffffffffffffffff" ++ "fffffffffffffffffffffffffffffffe" ++ "ffffffff0000000000000000ffffffff" }, ++ { GNUTLS_ECC_CURVE_SECP521R1, ++ "1ff" ++ "ffffffffffffffffffffffffffffffff" ++ "ffffffffffffffffffffffffffffffff" ++ "ffffffffffffffffffffffffffffffff" ++ "ffffffffffffffffffffffffffffffff" }, ++ }; ++ size_t i; ++ ++ for (i = 0; i < sizeof(orders)/sizeof(orders[0]); i++) { ++ if (orders[i].curve == curve) ++ return orders[i].order; ++ } ++ return NULL; ++} ++ + static inline const struct ecc_curve *get_supported_gost_curve(int curve) + { + switch (curve) { +@@ -2507,6 +2581,10 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, + struct ecc_scalar key; + struct ecc_point pub; + const struct ecc_curve *curve; ++ struct ecc_scalar n; ++ struct ecc_scalar m; ++ struct ecc_point r; ++ mpz_t x, y, xx, yy, nn, mm; + + curve = get_supported_nist_curve(level); + if (curve == NULL) +@@ -2514,8 +2592,18 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, + gnutls_assert_val + (GNUTLS_E_ECC_UNSUPPORTED_CURVE); + ++ mpz_init(x); ++ mpz_init(y); ++ mpz_init(xx); ++ mpz_init(yy); ++ mpz_init(nn); ++ mpz_init(mm); ++ + ecc_scalar_init(&key, curve); + ecc_point_init(&pub, curve); ++ ecc_scalar_init(&n, curve); ++ ecc_scalar_init(&m, curve); ++ ecc_point_init(&r, curve); + + ecdsa_generate_keypair(&pub, &key, NULL, rnd_func); + if (HAVE_LIB_ERROR()) { +@@ -2533,15 +2621,105 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, + params->curve = level; + params->params_nr = ECC_PRIVATE_PARAMS; + +- ecc_point_get(&pub, TOMPZ(params->params[ECC_X]), +- TOMPZ(params->params[ECC_Y])); ++ ecc_point_get(&pub, x, y); ++ ++#ifdef ENABLE_FIPS140 ++ if (_gnutls_fips_mode_enabled()) { ++ /* Perform ECC full public key validation checks ++ * according to SP800-56A (revision 3), 5.6.2.3.3. ++ */ ++ ++ const char *order, *modulus; ++ ++ /* Step 1: verify that Q is not an identity ++ * element (an infinity point). Note that this ++ * cannot happen in the nettle implementation, ++ * because it cannot represent an infinity point ++ * on curves. */ ++ if (mpz_cmp_ui(x, 0) == 0 && mpz_cmp_ui(y, 0) == 0) { ++ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); ++ goto ecc_fail; ++ } ++ ++ /* Step 2: verify that both coordinates of Q are ++ * in the range [0, p - 1]. ++ * ++ * Step 3: verify that Q lie on the curve ++ * ++ * Both checks are performed in nettle. */ ++ if (!ecc_point_set(&r, x, y)) { ++ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); ++ goto ecc_fail; ++ } ++ ++ /* Step 4: verify that n * Q, where n is the ++ * curve order, result in an identity element ++ * ++ * Since nettle internally cannot represent an ++ * identity element on curves, we validate this ++ * instead: ++ * ++ * (n - 1) * Q = -Q ++ * ++ * That effectively means: n * Q = -Q + Q = O ++ */ ++ order = get_supported_nist_curve_order(level); ++ if (unlikely(order == NULL)) { ++ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); ++ goto ecc_fail; ++ } ++ ++ ret = mpz_set_str(nn, order, 16); ++ if (unlikely(ret < 0)) { ++ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); ++ goto ecc_fail; ++ } ++ ++ modulus = get_supported_nist_curve_modulus(level); ++ if (unlikely(modulus == NULL)) { ++ ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); ++ goto ecc_fail; ++ } ++ ++ ret = mpz_set_str(mm, modulus, 16); ++ if (unlikely(ret < 0)) { ++ ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); ++ goto ecc_fail; ++ } ++ ++ /* (n - 1) * Q = -Q */ ++ mpz_sub_ui (nn, nn, 1); ++ ecc_scalar_set(&n, nn); ++ ecc_point_mul(&r, &n, &r); ++ ecc_point_get(&r, xx, yy); ++ mpz_sub (mm, mm, y); ++ ++ if (mpz_cmp(xx, x) != 0 || mpz_cmp(yy, mm) != 0) { ++ ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); ++ goto ecc_fail; ++ } ++ } ++#endif ++ ++ mpz_set(TOMPZ(params->params[ECC_X]), x); ++ mpz_set(TOMPZ(params->params[ECC_Y]), y); ++ + ecc_scalar_get(&key, TOMPZ(params->params[ECC_K])); + + ret = 0; + + ecc_fail: ++ mpz_clear(x); ++ mpz_clear(y); ++ mpz_clear(xx); ++ mpz_clear(yy); ++ mpz_clear(nn); ++ mpz_clear(mm); + ecc_point_clear(&pub); + ecc_scalar_clear(&key); ++ ecc_point_clear(&r); ++ ecc_scalar_clear(&n); ++ ecc_scalar_clear(&m); + + if (ret < 0) + goto fail; +-- +2.26.2 + diff --git a/SOURCES/gnutls-3.6.14-fips-dh-primes.patch b/SOURCES/gnutls-3.6.14-fips-dh-primes.patch new file mode 100644 index 0000000..4aa5846 --- /dev/null +++ b/SOURCES/gnutls-3.6.14-fips-dh-primes.patch @@ -0,0 +1,1843 @@ +From 481e48f3236be42ff1fcb96f96c4efcbb2b69242 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Fri, 26 Jun 2020 09:43:02 +0200 +Subject: [PATCH 1/2] dh-primes: add MODP primes from RFC 3526 + +Signed-off-by: Daiki Ueno +--- + lib/dh-primes.c | 933 ++++++++++++++++++++++++++++++++++++++++++++++++ + lib/dh.h | 29 ++ + 2 files changed, 962 insertions(+) + +diff --git a/lib/dh-primes.c b/lib/dh-primes.c +index d785584d0..5d2dce0fb 100644 +--- a/lib/dh-primes.c ++++ b/lib/dh-primes.c +@@ -960,4 +960,937 @@ const gnutls_datum_t gnutls_ffdhe_8192_group_generator = { + }; + const unsigned int gnutls_ffdhe_8192_key_bits = 512; + ++static const unsigned char modp_generator = 0x02; ++ ++static const unsigned char modp_params_2048[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, ++ 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, ++ 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, ++ 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, ++ 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, ++ 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, ++ 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, ++ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, ++ 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, ++ 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, ++ 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, ++ 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, ++ 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, ++ 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, ++ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, ++ 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, ++ 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, ++ 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, ++ 0xFD, 0x24, 0xCF, 0x5F, 0x83, 0x65, 0x5D, ++ 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, ++ 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, ++ 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, ++ 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, ++ 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, ++ 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, ++ 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, ++ 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, ++ 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, ++ 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, ++ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, ++ 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, ++ 0x05, 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, ++ 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xFF, 0xFF, 0xFF ++}; ++ ++static const unsigned char modp_q_2048[] = { ++ 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, ++ 0x61, 0x1A, 0x62, 0x63, 0x31, 0x45, 0xC0, ++ 0x6E, 0x0E, 0x68, 0x94, 0x81, 0x27, 0x04, ++ 0x45, 0x33, 0xE6, 0x3A, 0x01, 0x05, 0xDF, ++ 0x53, 0x1D, 0x89, 0xCD, 0x91, 0x28, 0xA5, ++ 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 0xF7, ++ 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, ++ 0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, ++ 0x1B, 0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, ++ 0xE1, 0x22, 0xF2, 0x42, 0xDA, 0xBB, 0x31, ++ 0x2F, 0x3F, 0x63, 0x7A, 0x26, 0x21, 0x74, ++ 0xD3, 0x1B, 0xF6, 0xB5, 0x85, 0xFF, 0xAE, ++ 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 0xF7, 0x1C, ++ 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 0xD7, ++ 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, ++ 0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, ++ 0x9E, 0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, ++ 0xDF, 0x82, 0xCC, 0x6D, 0x24, 0x1B, 0x0E, ++ 0x2A, 0xE9, 0xCD, 0x34, 0x8B, 0x1F, 0xD4, ++ 0x7E, 0x92, 0x67, 0xAF, 0xC1, 0xB2, 0xAE, ++ 0x91, 0xEE, 0x51, 0xD6, 0xCB, 0x0E, 0x31, ++ 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D, 0xCF, ++ 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36, ++ 0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, ++ 0x02, 0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, ++ 0x10, 0xBE, 0x19, 0x48, 0x2F, 0x23, 0x17, ++ 0x1B, 0x67, 0x1D, 0xF1, 0xCF, 0x3B, 0x96, ++ 0x0C, 0x07, 0x43, 0x01, 0xCD, 0x93, 0xC1, ++ 0xD1, 0x76, 0x03, 0xD1, 0x47, 0xDA, 0xE2, ++ 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64, 0xEF, ++ 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C, ++ 0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, ++ 0x72, 0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, ++ 0x02, 0x88, 0x0A, 0xB9, 0x47, 0x2D, 0x45, ++ 0x56, 0x55, 0x34, 0x7F, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xFF, 0xFF, 0xFF ++}; ++ ++const gnutls_datum_t gnutls_modp_2048_group_prime = { ++ (void *) modp_params_2048, sizeof(modp_params_2048) ++}; ++const gnutls_datum_t gnutls_modp_2048_group_q = { ++ (void *) modp_q_2048, sizeof(modp_q_2048) ++}; ++const gnutls_datum_t gnutls_modp_2048_group_generator = { ++ (void *) &modp_generator, sizeof(modp_generator) ++}; ++const unsigned int gnutls_modp_2048_key_bits = 256; ++ ++static const unsigned char modp_params_3072[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, ++ 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, ++ 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, ++ 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, ++ 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, ++ 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, ++ 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, ++ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, ++ 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, ++ 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, ++ 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, ++ 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, ++ 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, ++ 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, ++ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, ++ 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, ++ 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, ++ 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, ++ 0xFD, 0x24, 0xCF, 0x5F, 0x83, 0x65, 0x5D, ++ 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, ++ 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, ++ 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, ++ 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, ++ 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, ++ 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, ++ 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, ++ 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, ++ 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, ++ 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, ++ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, ++ 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, ++ 0x05, 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, ++ 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, ++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, ++ 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, ++ 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, ++ 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, ++ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, ++ 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, ++ 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, ++ 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, ++ 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, ++ 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, ++ 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, ++ 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, ++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, ++ 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, ++ 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, ++ 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, ++ 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, ++ 0x20, 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ++}; ++ ++static const unsigned char modp_q_3072[] = { ++ 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, ++ 0x61, 0x1A, 0x62, 0x63, 0x31, 0x45, 0xC0, ++ 0x6E, 0x0E, 0x68, 0x94, 0x81, 0x27, 0x04, ++ 0x45, 0x33, 0xE6, 0x3A, 0x01, 0x05, 0xDF, ++ 0x53, 0x1D, 0x89, 0xCD, 0x91, 0x28, 0xA5, ++ 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 0xF7, ++ 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, ++ 0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, ++ 0x1B, 0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, ++ 0xE1, 0x22, 0xF2, 0x42, 0xDA, 0xBB, 0x31, ++ 0x2F, 0x3F, 0x63, 0x7A, 0x26, 0x21, 0x74, ++ 0xD3, 0x1B, 0xF6, 0xB5, 0x85, 0xFF, 0xAE, ++ 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 0xF7, 0x1C, ++ 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 0xD7, ++ 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, ++ 0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, ++ 0x9E, 0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, ++ 0xDF, 0x82, 0xCC, 0x6D, 0x24, 0x1B, 0x0E, ++ 0x2A, 0xE9, 0xCD, 0x34, 0x8B, 0x1F, 0xD4, ++ 0x7E, 0x92, 0x67, 0xAF, 0xC1, 0xB2, 0xAE, ++ 0x91, 0xEE, 0x51, 0xD6, 0xCB, 0x0E, 0x31, ++ 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D, 0xCF, ++ 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36, ++ 0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, ++ 0x02, 0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, ++ 0x10, 0xBE, 0x19, 0x48, 0x2F, 0x23, 0x17, ++ 0x1B, 0x67, 0x1D, 0xF1, 0xCF, 0x3B, 0x96, ++ 0x0C, 0x07, 0x43, 0x01, 0xCD, 0x93, 0xC1, ++ 0xD1, 0x76, 0x03, 0xD1, 0x47, 0xDA, 0xE2, ++ 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64, 0xEF, ++ 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C, ++ 0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, ++ 0x72, 0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, ++ 0x02, 0x88, 0x0A, 0xB9, 0x47, 0x2D, 0x45, ++ 0x55, 0x62, 0x16, 0xD6, 0x99, 0x8B, 0x86, ++ 0x82, 0x28, 0x3D, 0x19, 0xD4, 0x2A, 0x90, ++ 0xD5, 0xEF, 0x8E, 0x5D, 0x32, 0x76, 0x7D, ++ 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85, 0x45, ++ 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E, ++ 0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, ++ 0x63, 0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, ++ 0x99, 0xEB, 0x8F, 0x46, 0x4A, 0x70, 0x25, ++ 0x12, 0xB0, 0xCE, 0xE7, 0x71, 0xE9, 0x13, ++ 0x0D, 0x69, 0x77, 0x35, 0xF8, 0x97, 0xFD, ++ 0x03, 0x6C, 0xC5, 0x04, 0x32, 0x6C, 0x3B, ++ 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32, 0x29, ++ 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06, ++ 0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, ++ 0xB6, 0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, ++ 0xA3, 0x71, 0x04, 0x71, 0x27, 0xD0, 0x3A, ++ 0x72, 0xD5, 0x98, 0xA1, 0xED, 0xAD, 0xFE, ++ 0x70, 0x7E, 0x88, 0x47, 0x25, 0xC1, 0x68, ++ 0x90, 0x54, 0x9D, 0x69, 0x65, 0x7F, 0xFF, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ++}; ++ ++const gnutls_datum_t gnutls_modp_3072_group_prime = { ++ (void *) modp_params_3072, sizeof(modp_params_3072) ++}; ++const gnutls_datum_t gnutls_modp_3072_group_q = { ++ (void *) modp_q_3072, sizeof(modp_q_3072) ++}; ++const gnutls_datum_t gnutls_modp_3072_group_generator = { ++ (void *) &modp_generator, sizeof(modp_generator) ++}; ++const unsigned int gnutls_modp_3072_key_bits = 276; ++ ++static const unsigned char modp_params_4096[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, ++ 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, ++ 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, ++ 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, ++ 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, ++ 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, ++ 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, ++ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, ++ 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, ++ 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, ++ 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, ++ 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, ++ 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, ++ 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, ++ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, ++ 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, ++ 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, ++ 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, ++ 0xFD, 0x24, 0xCF, 0x5F, 0x83, 0x65, 0x5D, ++ 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, ++ 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, ++ 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, ++ 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, ++ 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, ++ 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, ++ 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, ++ 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, ++ 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, ++ 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, ++ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, ++ 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, ++ 0x05, 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, ++ 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, ++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, ++ 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, ++ 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, ++ 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, ++ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, ++ 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, ++ 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, ++ 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, ++ 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, ++ 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, ++ 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, ++ 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, ++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, ++ 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, ++ 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, ++ 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, ++ 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, ++ 0x20, 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, ++ 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, 0x88, ++ 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, ++ 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, ++ 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, ++ 0x0B, 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, ++ 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, ++ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, ++ 0x14, 0x1F, 0xBE, 0xCA, 0xA6, 0x28, 0x7C, ++ 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, ++ 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, ++ 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, ++ 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, ++ 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, 0x21, ++ 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, ++ 0xD5, 0xB0, 0x5A, 0xA9, 0x93, 0xB4, 0xEA, ++ 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, ++ 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, 0x4D, ++ 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF ++}; ++ ++static const unsigned char modp_q_4096[] = { ++ 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, ++ 0x61, 0x1A, 0x62, 0x63, 0x31, 0x45, 0xC0, ++ 0x6E, 0x0E, 0x68, 0x94, 0x81, 0x27, 0x04, ++ 0x45, 0x33, 0xE6, 0x3A, 0x01, 0x05, 0xDF, ++ 0x53, 0x1D, 0x89, 0xCD, 0x91, 0x28, 0xA5, ++ 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 0xF7, ++ 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, ++ 0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, ++ 0x1B, 0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, ++ 0xE1, 0x22, 0xF2, 0x42, 0xDA, 0xBB, 0x31, ++ 0x2F, 0x3F, 0x63, 0x7A, 0x26, 0x21, 0x74, ++ 0xD3, 0x1B, 0xF6, 0xB5, 0x85, 0xFF, 0xAE, ++ 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 0xF7, 0x1C, ++ 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 0xD7, ++ 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, ++ 0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, ++ 0x9E, 0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, ++ 0xDF, 0x82, 0xCC, 0x6D, 0x24, 0x1B, 0x0E, ++ 0x2A, 0xE9, 0xCD, 0x34, 0x8B, 0x1F, 0xD4, ++ 0x7E, 0x92, 0x67, 0xAF, 0xC1, 0xB2, 0xAE, ++ 0x91, 0xEE, 0x51, 0xD6, 0xCB, 0x0E, 0x31, ++ 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D, 0xCF, ++ 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36, ++ 0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, ++ 0x02, 0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, ++ 0x10, 0xBE, 0x19, 0x48, 0x2F, 0x23, 0x17, ++ 0x1B, 0x67, 0x1D, 0xF1, 0xCF, 0x3B, 0x96, ++ 0x0C, 0x07, 0x43, 0x01, 0xCD, 0x93, 0xC1, ++ 0xD1, 0x76, 0x03, 0xD1, 0x47, 0xDA, 0xE2, ++ 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64, 0xEF, ++ 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C, ++ 0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, ++ 0x72, 0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, ++ 0x02, 0x88, 0x0A, 0xB9, 0x47, 0x2D, 0x45, ++ 0x55, 0x62, 0x16, 0xD6, 0x99, 0x8B, 0x86, ++ 0x82, 0x28, 0x3D, 0x19, 0xD4, 0x2A, 0x90, ++ 0xD5, 0xEF, 0x8E, 0x5D, 0x32, 0x76, 0x7D, ++ 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85, 0x45, ++ 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E, ++ 0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, ++ 0x63, 0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, ++ 0x99, 0xEB, 0x8F, 0x46, 0x4A, 0x70, 0x25, ++ 0x12, 0xB0, 0xCE, 0xE7, 0x71, 0xE9, 0x13, ++ 0x0D, 0x69, 0x77, 0x35, 0xF8, 0x97, 0xFD, ++ 0x03, 0x6C, 0xC5, 0x04, 0x32, 0x6C, 0x3B, ++ 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32, 0x29, ++ 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06, ++ 0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, ++ 0xB6, 0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, ++ 0xA3, 0x71, 0x04, 0x71, 0x27, 0xD0, 0x3A, ++ 0x72, 0xD5, 0x98, 0xA1, 0xED, 0xAD, 0xFE, ++ 0x70, 0x7E, 0x88, 0x47, 0x25, 0xC1, 0x68, ++ 0x90, 0x54, 0x90, 0x84, 0x00, 0x8D, 0x39, ++ 0x1E, 0x09, 0x53, 0xC3, 0xF3, 0x6B, 0xC4, ++ 0x38, 0xCD, 0x08, 0x5E, 0xDD, 0x2D, 0x93, ++ 0x4C, 0xE1, 0x93, 0x8C, 0x35, 0x7A, 0x71, ++ 0x1E, 0x0D, 0x4A, 0x34, 0x1A, 0x5B, 0x0A, ++ 0x85, 0xED, 0x12, 0xC1, 0xF4, 0xE5, 0x15, ++ 0x6A, 0x26, 0x74, 0x6D, 0xDD, 0xE1, 0x6D, ++ 0x82, 0x6F, 0x47, 0x7C, 0x97, 0x47, 0x7E, ++ 0x0A, 0x0F, 0xDF, 0x65, 0x53, 0x14, 0x3E, ++ 0x2C, 0xA3, 0xA7, 0x35, 0xE0, 0x2E, 0xCC, ++ 0xD9, 0x4B, 0x27, 0xD0, 0x48, 0x61, 0xD1, ++ 0x11, 0x9D, 0xD0, 0xC3, 0x28, 0xAD, 0xF3, ++ 0xF6, 0x8F, 0xB0, 0x94, 0xB8, 0x67, 0x71, ++ 0x6B, 0xD7, 0xDC, 0x0D, 0xEE, 0xBB, 0x10, ++ 0xB8, 0x24, 0x0E, 0x68, 0x03, 0x48, 0x93, ++ 0xEA, 0xD8, 0x2D, 0x54, 0xC9, 0xDA, 0x75, ++ 0x4C, 0x46, 0xC7, 0xEE, 0xE0, 0xC3, 0x7F, ++ 0xDB, 0xEE, 0x48, 0x53, 0x60, 0x47, 0xA6, ++ 0xFA, 0x1A, 0xE4, 0x9A, 0x03, 0x18, 0xCC, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF ++}; ++ ++const gnutls_datum_t gnutls_modp_4096_group_prime = { ++ (void *) modp_params_4096, sizeof(modp_params_4096) ++}; ++const gnutls_datum_t gnutls_modp_4096_group_q = { ++ (void *) modp_q_4096, sizeof(modp_q_4096) ++}; ++const gnutls_datum_t gnutls_modp_4096_group_generator = { ++ (void *) &modp_generator, sizeof(modp_generator) ++}; ++const unsigned int gnutls_modp_4096_key_bits = 336; ++ ++static const unsigned char modp_params_6144[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, ++ 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, ++ 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, ++ 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, ++ 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, ++ 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, ++ 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, ++ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, ++ 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, ++ 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, ++ 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, ++ 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, ++ 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, ++ 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, ++ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, ++ 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, ++ 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, ++ 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, ++ 0xFD, 0x24, 0xCF, 0x5F, 0x83, 0x65, 0x5D, ++ 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, ++ 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, ++ 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, ++ 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, ++ 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, ++ 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, ++ 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, ++ 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, ++ 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, ++ 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, ++ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, ++ 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, ++ 0x05, 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, ++ 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, ++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, ++ 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, ++ 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, ++ 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, ++ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, ++ 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, ++ 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, ++ 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, ++ 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, ++ 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, ++ 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, ++ 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, ++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, ++ 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, ++ 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, ++ 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, ++ 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, ++ 0x20, 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, ++ 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, 0x88, ++ 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, ++ 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, ++ 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, ++ 0x0B, 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, ++ 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, ++ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, ++ 0x14, 0x1F, 0xBE, 0xCA, 0xA6, 0x28, 0x7C, ++ 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, ++ 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, ++ 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, ++ 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, ++ 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, 0x21, ++ 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, ++ 0xD5, 0xB0, 0x5A, 0xA9, 0x93, 0xB4, 0xEA, ++ 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, ++ 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, 0x4D, ++ 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, ++ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, ++ 0x26, 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, ++ 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, ++ 0xBA, 0x37, 0xBD, 0xF8, 0xFF, 0x94, 0x06, ++ 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, ++ 0x2F, 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, ++ 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, 0x17, ++ 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, ++ 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, ++ 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, ++ 0xBB, 0x1B, 0xDB, 0x7F, 0x14, 0x47, 0xE6, ++ 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, ++ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, ++ 0x01, 0x37, 0x8C, 0xD2, 0xBF, 0x59, 0x83, ++ 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, ++ 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, ++ 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, ++ 0xF6, 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, ++ 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, 0x90, ++ 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, ++ 0xBE, 0xC7, 0xE8, 0xF3, 0x23, 0xA9, 0x7A, ++ 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, ++ 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, 0x4B, ++ 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, ++ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, ++ 0xD8, 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, ++ 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, ++ 0x9B, 0xE3, 0x28, 0x06, 0xA1, 0xD5, 0x8B, ++ 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, ++ 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, ++ 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, 0xDA, ++ 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, ++ 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, ++ 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, ++ 0x60, 0xEE, 0x12, 0xBF, 0x2D, 0x5B, 0x0B, ++ 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E, ++ 0x6D, 0xCC, 0x40, 0x24, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ++}; ++ ++static const unsigned char modp_q_6144[] = { ++ 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, ++ 0x61, 0x1A, 0x62, 0x63, 0x31, 0x45, 0xC0, ++ 0x6E, 0x0E, 0x68, 0x94, 0x81, 0x27, 0x04, ++ 0x45, 0x33, 0xE6, 0x3A, 0x01, 0x05, 0xDF, ++ 0x53, 0x1D, 0x89, 0xCD, 0x91, 0x28, 0xA5, ++ 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 0xF7, ++ 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, ++ 0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, ++ 0x1B, 0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, ++ 0xE1, 0x22, 0xF2, 0x42, 0xDA, 0xBB, 0x31, ++ 0x2F, 0x3F, 0x63, 0x7A, 0x26, 0x21, 0x74, ++ 0xD3, 0x1B, 0xF6, 0xB5, 0x85, 0xFF, 0xAE, ++ 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 0xF7, 0x1C, ++ 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 0xD7, ++ 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, ++ 0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, ++ 0x9E, 0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, ++ 0xDF, 0x82, 0xCC, 0x6D, 0x24, 0x1B, 0x0E, ++ 0x2A, 0xE9, 0xCD, 0x34, 0x8B, 0x1F, 0xD4, ++ 0x7E, 0x92, 0x67, 0xAF, 0xC1, 0xB2, 0xAE, ++ 0x91, 0xEE, 0x51, 0xD6, 0xCB, 0x0E, 0x31, ++ 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D, 0xCF, ++ 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36, ++ 0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, ++ 0x02, 0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, ++ 0x10, 0xBE, 0x19, 0x48, 0x2F, 0x23, 0x17, ++ 0x1B, 0x67, 0x1D, 0xF1, 0xCF, 0x3B, 0x96, ++ 0x0C, 0x07, 0x43, 0x01, 0xCD, 0x93, 0xC1, ++ 0xD1, 0x76, 0x03, 0xD1, 0x47, 0xDA, 0xE2, ++ 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64, 0xEF, ++ 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C, ++ 0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, ++ 0x72, 0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, ++ 0x02, 0x88, 0x0A, 0xB9, 0x47, 0x2D, 0x45, ++ 0x55, 0x62, 0x16, 0xD6, 0x99, 0x8B, 0x86, ++ 0x82, 0x28, 0x3D, 0x19, 0xD4, 0x2A, 0x90, ++ 0xD5, 0xEF, 0x8E, 0x5D, 0x32, 0x76, 0x7D, ++ 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85, 0x45, ++ 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E, ++ 0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, ++ 0x63, 0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, ++ 0x99, 0xEB, 0x8F, 0x46, 0x4A, 0x70, 0x25, ++ 0x12, 0xB0, 0xCE, 0xE7, 0x71, 0xE9, 0x13, ++ 0x0D, 0x69, 0x77, 0x35, 0xF8, 0x97, 0xFD, ++ 0x03, 0x6C, 0xC5, 0x04, 0x32, 0x6C, 0x3B, ++ 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32, 0x29, ++ 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06, ++ 0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, ++ 0xB6, 0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, ++ 0xA3, 0x71, 0x04, 0x71, 0x27, 0xD0, 0x3A, ++ 0x72, 0xD5, 0x98, 0xA1, 0xED, 0xAD, 0xFE, ++ 0x70, 0x7E, 0x88, 0x47, 0x25, 0xC1, 0x68, ++ 0x90, 0x54, 0x90, 0x84, 0x00, 0x8D, 0x39, ++ 0x1E, 0x09, 0x53, 0xC3, 0xF3, 0x6B, 0xC4, ++ 0x38, 0xCD, 0x08, 0x5E, 0xDD, 0x2D, 0x93, ++ 0x4C, 0xE1, 0x93, 0x8C, 0x35, 0x7A, 0x71, ++ 0x1E, 0x0D, 0x4A, 0x34, 0x1A, 0x5B, 0x0A, ++ 0x85, 0xED, 0x12, 0xC1, 0xF4, 0xE5, 0x15, ++ 0x6A, 0x26, 0x74, 0x6D, 0xDD, 0xE1, 0x6D, ++ 0x82, 0x6F, 0x47, 0x7C, 0x97, 0x47, 0x7E, ++ 0x0A, 0x0F, 0xDF, 0x65, 0x53, 0x14, 0x3E, ++ 0x2C, 0xA3, 0xA7, 0x35, 0xE0, 0x2E, 0xCC, ++ 0xD9, 0x4B, 0x27, 0xD0, 0x48, 0x61, 0xD1, ++ 0x11, 0x9D, 0xD0, 0xC3, 0x28, 0xAD, 0xF3, ++ 0xF6, 0x8F, 0xB0, 0x94, 0xB8, 0x67, 0x71, ++ 0x6B, 0xD7, 0xDC, 0x0D, 0xEE, 0xBB, 0x10, ++ 0xB8, 0x24, 0x0E, 0x68, 0x03, 0x48, 0x93, ++ 0xEA, 0xD8, 0x2D, 0x54, 0xC9, 0xDA, 0x75, ++ 0x4C, 0x46, 0xC7, 0xEE, 0xE0, 0xC3, 0x7F, ++ 0xDB, 0xEE, 0x48, 0x53, 0x60, 0x47, 0xA6, ++ 0xFA, 0x1A, 0xE4, 0x9A, 0x01, 0x42, 0x49, ++ 0x1B, 0x61, 0xFD, 0x5A, 0x69, 0x3E, 0x38, ++ 0x13, 0x60, 0xEA, 0x6E, 0x59, 0x30, 0x13, ++ 0x23, 0x6F, 0x64, 0xBA, 0x8F, 0x3B, 0x1E, ++ 0xDD, 0x1B, 0xDE, 0xFC, 0x7F, 0xCA, 0x03, ++ 0x56, 0xCF, 0x29, 0x87, 0x72, 0xED, 0x9C, ++ 0x17, 0xA0, 0x98, 0x00, 0xD7, 0x58, 0x35, ++ 0x29, 0xF6, 0xC8, 0x13, 0xEC, 0x18, 0x8B, ++ 0xCB, 0x93, 0xD8, 0x43, 0x2D, 0x44, 0x8C, ++ 0x6D, 0x1F, 0x6D, 0xF5, 0xE7, 0xCD, 0x8A, ++ 0x76, 0xA2, 0x67, 0x36, 0x5D, 0x67, 0x6A, ++ 0x5D, 0x8D, 0xED, 0xBF, 0x8A, 0x23, 0xF3, ++ 0x66, 0x12, 0xA5, 0x99, 0x90, 0x28, 0xA8, ++ 0x95, 0xEB, 0xD7, 0xA1, 0x37, 0xDC, 0x7A, ++ 0x00, 0x9B, 0xC6, 0x69, 0x5F, 0xAC, 0xC1, ++ 0xE5, 0x00, 0xE3, 0x25, 0xC9, 0x76, 0x78, ++ 0x19, 0x75, 0x0A, 0xE8, 0xB9, 0x0E, 0x81, ++ 0xFA, 0x41, 0x6B, 0xE7, 0x37, 0x3A, 0x7F, ++ 0x7B, 0x6A, 0xAF, 0x38, 0x17, 0xA3, 0x4C, ++ 0x06, 0x41, 0x5A, 0xD4, 0x20, 0x18, 0xC8, ++ 0x05, 0x8E, 0x4F, 0x2C, 0xF3, 0xE4, 0xBF, ++ 0xDF, 0x63, 0xF4, 0x79, 0x91, 0xD4, 0xBD, ++ 0x3F, 0x1B, 0x66, 0x44, 0x5F, 0x07, 0x8E, ++ 0xA2, 0xDB, 0xFF, 0xAC, 0x2D, 0x62, 0xA5, ++ 0xEA, 0x03, 0xD9, 0x15, 0xA0, 0xAA, 0x55, ++ 0x66, 0x47, 0xB6, 0xBF, 0x5F, 0xA4, 0x70, ++ 0xEC, 0x0A, 0x66, 0x2F, 0x69, 0x07, 0xC0, ++ 0x1B, 0xF0, 0x53, 0xCB, 0x8A, 0xF7, 0x79, ++ 0x4D, 0xF1, 0x94, 0x03, 0x50, 0xEA, 0xC5, ++ 0xDB, 0xE2, 0xED, 0x3B, 0x7A, 0xA8, 0x55, ++ 0x1E, 0xC5, 0x0F, 0xDF, 0xF8, 0x75, 0x8C, ++ 0xE6, 0x58, 0xD1, 0x89, 0xEA, 0xAE, 0x6D, ++ 0x2B, 0x64, 0xF6, 0x17, 0x79, 0x4B, 0x19, ++ 0x1C, 0x3F, 0xF4, 0x6B, 0xB7, 0x1E, 0x02, ++ 0x34, 0x02, 0x1F, 0x47, 0xB3, 0x1F, 0xA4, ++ 0x30, 0x77, 0x09, 0x5F, 0x96, 0xAD, 0x85, ++ 0xBA, 0x3A, 0x6B, 0x73, 0x4A, 0x7C, 0x8F, ++ 0x36, 0xE6, 0x20, 0x12, 0x7F, 0xFF, 0xFF, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ++}; ++ ++const gnutls_datum_t gnutls_modp_6144_group_prime = { ++ (void *) modp_params_6144, sizeof(modp_params_6144) ++}; ++const gnutls_datum_t gnutls_modp_6144_group_q = { ++ (void *) modp_q_6144, sizeof(modp_q_6144) ++}; ++const gnutls_datum_t gnutls_modp_6144_group_generator = { ++ (void *) &modp_generator, sizeof(modp_generator) ++}; ++const unsigned int gnutls_modp_6144_key_bits = 376; ++ ++static const unsigned char modp_params_8192[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, ++ 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, ++ 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, ++ 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, ++ 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, ++ 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, ++ 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, ++ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, ++ 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, ++ 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, ++ 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, ++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, ++ 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, ++ 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, ++ 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, ++ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, ++ 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, ++ 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, ++ 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, ++ 0xFD, 0x24, 0xCF, 0x5F, 0x83, 0x65, 0x5D, ++ 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, ++ 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, ++ 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, ++ 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, ++ 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, ++ 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, ++ 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, ++ 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, ++ 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, ++ 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, ++ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, ++ 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, ++ 0x05, 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, ++ 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, ++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, ++ 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, ++ 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, ++ 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, ++ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, ++ 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, ++ 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, ++ 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, ++ 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, ++ 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, ++ 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, ++ 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, ++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, ++ 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, ++ 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, ++ 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, ++ 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, ++ 0x20, 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, ++ 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, 0x88, ++ 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, ++ 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, ++ 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, ++ 0x0B, 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, ++ 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, ++ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, ++ 0x14, 0x1F, 0xBE, 0xCA, 0xA6, 0x28, 0x7C, ++ 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, ++ 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, ++ 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, ++ 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, ++ 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, 0x21, ++ 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, ++ 0xD5, 0xB0, 0x5A, 0xA9, 0x93, 0xB4, 0xEA, ++ 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, ++ 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, 0x4D, ++ 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, ++ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, ++ 0x26, 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, ++ 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, ++ 0xBA, 0x37, 0xBD, 0xF8, 0xFF, 0x94, 0x06, ++ 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, ++ 0x2F, 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, ++ 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, 0x17, ++ 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, ++ 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, ++ 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, ++ 0xBB, 0x1B, 0xDB, 0x7F, 0x14, 0x47, 0xE6, ++ 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, ++ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, ++ 0x01, 0x37, 0x8C, 0xD2, 0xBF, 0x59, 0x83, ++ 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, ++ 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, ++ 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, ++ 0xF6, 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, ++ 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, 0x90, ++ 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, ++ 0xBE, 0xC7, 0xE8, 0xF3, 0x23, 0xA9, 0x7A, ++ 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, ++ 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, 0x4B, ++ 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, ++ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, ++ 0xD8, 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, ++ 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, ++ 0x9B, 0xE3, 0x28, 0x06, 0xA1, 0xD5, 0x8B, ++ 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, ++ 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, ++ 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, 0xDA, ++ 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, ++ 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, ++ 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, ++ 0x60, 0xEE, 0x12, 0xBF, 0x2D, 0x5B, 0x0B, ++ 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E, ++ 0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, ++ 0x6F, 0x12, 0xFE, 0xE5, 0xE4, 0x38, 0x77, ++ 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, ++ 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA, ++ 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, ++ 0x00, 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, ++ 0x47, 0xED, 0x25, 0x76, 0xF6, 0x93, 0x6B, ++ 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, ++ 0x5A, 0xE4, 0xF5, 0x68, 0x34, 0x23, 0xB4, ++ 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, ++ 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D, 0xE3, ++ 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9, ++ 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, ++ 0x07, 0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, ++ 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, ++ 0xEA, 0x30, 0x6B, 0x4B, 0xCB, 0xC8, 0x86, ++ 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, ++ 0x7F, 0xA2, 0xC0, 0x87, 0xE8, 0x79, 0x68, ++ 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A, 0x06, ++ 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, ++ 0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, ++ 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, ++ 0x6A, 0x36, 0x45, 0x97, 0xE8, 0x99, 0xA0, ++ 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5, ++ 0x08, 0x46, 0x85, 0x1D, 0xF9, 0xAB, 0x48, ++ 0x19, 0x5D, 0xED, 0x7E, 0xA1, 0xB1, 0xD5, ++ 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, 0xFA, ++ 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68, ++ 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, ++ 0x92, 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, ++ 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E, 0xD5, ++ 0xEE, 0x38, 0x2B, 0xC9, 0x19, 0x0D, 0xA6, ++ 0xFC, 0x02, 0x6E, 0x47, 0x95, 0x58, 0xE4, ++ 0x47, 0x56, 0x77, 0xE9, 0xAA, 0x9E, 0x30, ++ 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF, 0xC8, ++ 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71, ++ 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, ++ 0xDF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xFF ++}; ++ ++static const unsigned char modp_q_8192[] = { ++ 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, ++ 0x61, 0x1A, 0x62, 0x63, 0x31, 0x45, 0xC0, ++ 0x6E, 0x0E, 0x68, 0x94, 0x81, 0x27, 0x04, ++ 0x45, 0x33, 0xE6, 0x3A, 0x01, 0x05, 0xDF, ++ 0x53, 0x1D, 0x89, 0xCD, 0x91, 0x28, 0xA5, ++ 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 0xF7, ++ 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, ++ 0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, ++ 0x1B, 0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, ++ 0xE1, 0x22, 0xF2, 0x42, 0xDA, 0xBB, 0x31, ++ 0x2F, 0x3F, 0x63, 0x7A, 0x26, 0x21, 0x74, ++ 0xD3, 0x1B, 0xF6, 0xB5, 0x85, 0xFF, 0xAE, ++ 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 0xF7, 0x1C, ++ 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 0xD7, ++ 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, ++ 0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, ++ 0x9E, 0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, ++ 0xDF, 0x82, 0xCC, 0x6D, 0x24, 0x1B, 0x0E, ++ 0x2A, 0xE9, 0xCD, 0x34, 0x8B, 0x1F, 0xD4, ++ 0x7E, 0x92, 0x67, 0xAF, 0xC1, 0xB2, 0xAE, ++ 0x91, 0xEE, 0x51, 0xD6, 0xCB, 0x0E, 0x31, ++ 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D, 0xCF, ++ 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36, ++ 0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, ++ 0x02, 0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, ++ 0x10, 0xBE, 0x19, 0x48, 0x2F, 0x23, 0x17, ++ 0x1B, 0x67, 0x1D, 0xF1, 0xCF, 0x3B, 0x96, ++ 0x0C, 0x07, 0x43, 0x01, 0xCD, 0x93, 0xC1, ++ 0xD1, 0x76, 0x03, 0xD1, 0x47, 0xDA, 0xE2, ++ 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64, 0xEF, ++ 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C, ++ 0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, ++ 0x72, 0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, ++ 0x02, 0x88, 0x0A, 0xB9, 0x47, 0x2D, 0x45, ++ 0x55, 0x62, 0x16, 0xD6, 0x99, 0x8B, 0x86, ++ 0x82, 0x28, 0x3D, 0x19, 0xD4, 0x2A, 0x90, ++ 0xD5, 0xEF, 0x8E, 0x5D, 0x32, 0x76, 0x7D, ++ 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85, 0x45, ++ 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E, ++ 0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, ++ 0x63, 0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, ++ 0x99, 0xEB, 0x8F, 0x46, 0x4A, 0x70, 0x25, ++ 0x12, 0xB0, 0xCE, 0xE7, 0x71, 0xE9, 0x13, ++ 0x0D, 0x69, 0x77, 0x35, 0xF8, 0x97, 0xFD, ++ 0x03, 0x6C, 0xC5, 0x04, 0x32, 0x6C, 0x3B, ++ 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32, 0x29, ++ 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06, ++ 0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, ++ 0xB6, 0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, ++ 0xA3, 0x71, 0x04, 0x71, 0x27, 0xD0, 0x3A, ++ 0x72, 0xD5, 0x98, 0xA1, 0xED, 0xAD, 0xFE, ++ 0x70, 0x7E, 0x88, 0x47, 0x25, 0xC1, 0x68, ++ 0x90, 0x54, 0x90, 0x84, 0x00, 0x8D, 0x39, ++ 0x1E, 0x09, 0x53, 0xC3, 0xF3, 0x6B, 0xC4, ++ 0x38, 0xCD, 0x08, 0x5E, 0xDD, 0x2D, 0x93, ++ 0x4C, 0xE1, 0x93, 0x8C, 0x35, 0x7A, 0x71, ++ 0x1E, 0x0D, 0x4A, 0x34, 0x1A, 0x5B, 0x0A, ++ 0x85, 0xED, 0x12, 0xC1, 0xF4, 0xE5, 0x15, ++ 0x6A, 0x26, 0x74, 0x6D, 0xDD, 0xE1, 0x6D, ++ 0x82, 0x6F, 0x47, 0x7C, 0x97, 0x47, 0x7E, ++ 0x0A, 0x0F, 0xDF, 0x65, 0x53, 0x14, 0x3E, ++ 0x2C, 0xA3, 0xA7, 0x35, 0xE0, 0x2E, 0xCC, ++ 0xD9, 0x4B, 0x27, 0xD0, 0x48, 0x61, 0xD1, ++ 0x11, 0x9D, 0xD0, 0xC3, 0x28, 0xAD, 0xF3, ++ 0xF6, 0x8F, 0xB0, 0x94, 0xB8, 0x67, 0x71, ++ 0x6B, 0xD7, 0xDC, 0x0D, 0xEE, 0xBB, 0x10, ++ 0xB8, 0x24, 0x0E, 0x68, 0x03, 0x48, 0x93, ++ 0xEA, 0xD8, 0x2D, 0x54, 0xC9, 0xDA, 0x75, ++ 0x4C, 0x46, 0xC7, 0xEE, 0xE0, 0xC3, 0x7F, ++ 0xDB, 0xEE, 0x48, 0x53, 0x60, 0x47, 0xA6, ++ 0xFA, 0x1A, 0xE4, 0x9A, 0x01, 0x42, 0x49, ++ 0x1B, 0x61, 0xFD, 0x5A, 0x69, 0x3E, 0x38, ++ 0x13, 0x60, 0xEA, 0x6E, 0x59, 0x30, 0x13, ++ 0x23, 0x6F, 0x64, 0xBA, 0x8F, 0x3B, 0x1E, ++ 0xDD, 0x1B, 0xDE, 0xFC, 0x7F, 0xCA, 0x03, ++ 0x56, 0xCF, 0x29, 0x87, 0x72, 0xED, 0x9C, ++ 0x17, 0xA0, 0x98, 0x00, 0xD7, 0x58, 0x35, ++ 0x29, 0xF6, 0xC8, 0x13, 0xEC, 0x18, 0x8B, ++ 0xCB, 0x93, 0xD8, 0x43, 0x2D, 0x44, 0x8C, ++ 0x6D, 0x1F, 0x6D, 0xF5, 0xE7, 0xCD, 0x8A, ++ 0x76, 0xA2, 0x67, 0x36, 0x5D, 0x67, 0x6A, ++ 0x5D, 0x8D, 0xED, 0xBF, 0x8A, 0x23, 0xF3, ++ 0x66, 0x12, 0xA5, 0x99, 0x90, 0x28, 0xA8, ++ 0x95, 0xEB, 0xD7, 0xA1, 0x37, 0xDC, 0x7A, ++ 0x00, 0x9B, 0xC6, 0x69, 0x5F, 0xAC, 0xC1, ++ 0xE5, 0x00, 0xE3, 0x25, 0xC9, 0x76, 0x78, ++ 0x19, 0x75, 0x0A, 0xE8, 0xB9, 0x0E, 0x81, ++ 0xFA, 0x41, 0x6B, 0xE7, 0x37, 0x3A, 0x7F, ++ 0x7B, 0x6A, 0xAF, 0x38, 0x17, 0xA3, 0x4C, ++ 0x06, 0x41, 0x5A, 0xD4, 0x20, 0x18, 0xC8, ++ 0x05, 0x8E, 0x4F, 0x2C, 0xF3, 0xE4, 0xBF, ++ 0xDF, 0x63, 0xF4, 0x79, 0x91, 0xD4, 0xBD, ++ 0x3F, 0x1B, 0x66, 0x44, 0x5F, 0x07, 0x8E, ++ 0xA2, 0xDB, 0xFF, 0xAC, 0x2D, 0x62, 0xA5, ++ 0xEA, 0x03, 0xD9, 0x15, 0xA0, 0xAA, 0x55, ++ 0x66, 0x47, 0xB6, 0xBF, 0x5F, 0xA4, 0x70, ++ 0xEC, 0x0A, 0x66, 0x2F, 0x69, 0x07, 0xC0, ++ 0x1B, 0xF0, 0x53, 0xCB, 0x8A, 0xF7, 0x79, ++ 0x4D, 0xF1, 0x94, 0x03, 0x50, 0xEA, 0xC5, ++ 0xDB, 0xE2, 0xED, 0x3B, 0x7A, 0xA8, 0x55, ++ 0x1E, 0xC5, 0x0F, 0xDF, 0xF8, 0x75, 0x8C, ++ 0xE6, 0x58, 0xD1, 0x89, 0xEA, 0xAE, 0x6D, ++ 0x2B, 0x64, 0xF6, 0x17, 0x79, 0x4B, 0x19, ++ 0x1C, 0x3F, 0xF4, 0x6B, 0xB7, 0x1E, 0x02, ++ 0x34, 0x02, 0x1F, 0x47, 0xB3, 0x1F, 0xA4, ++ 0x30, 0x77, 0x09, 0x5F, 0x96, 0xAD, 0x85, ++ 0xBA, 0x3A, 0x6B, 0x73, 0x4A, 0x7C, 0x8F, ++ 0x36, 0xDF, 0x08, 0xAC, 0xBA, 0x51, 0xC9, ++ 0x37, 0x89, 0x7F, 0x72, 0xF2, 0x1C, 0x3B, ++ 0xBE, 0x5B, 0x54, 0x99, 0x6F, 0xC6, 0x6C, ++ 0x5F, 0x62, 0x68, 0x39, 0xDC, 0x98, 0xDD, ++ 0x1D, 0xE4, 0x19, 0x5B, 0x46, 0xCE, 0xE9, ++ 0x80, 0x3A, 0x0F, 0xD3, 0xDF, 0xC5, 0x7E, ++ 0x23, 0xF6, 0x92, 0xBB, 0x7B, 0x49, 0xB5, ++ 0xD2, 0x12, 0x33, 0x1D, 0x55, 0xB1, 0xCE, ++ 0x2D, 0x72, 0x7A, 0xB4, 0x1A, 0x11, 0xDA, ++ 0x3A, 0x15, 0xF8, 0xE4, 0xBC, 0x11, 0xC7, ++ 0x8B, 0x65, 0xF1, 0xCE, 0xB2, 0x96, 0xF1, ++ 0xFE, 0xDC, 0x5F, 0x7E, 0x42, 0x45, 0x6C, ++ 0x91, 0x11, 0x17, 0x02, 0x52, 0x01, 0xBE, ++ 0x03, 0x89, 0xF5, 0xAB, 0xD4, 0x0D, 0x11, ++ 0xF8, 0x63, 0x9A, 0x39, 0xFE, 0x32, 0x36, ++ 0x75, 0x18, 0x35, 0xA5, 0xE5, 0xE4, 0x43, ++ 0x17, 0xC1, 0xC2, 0xEE, 0xFD, 0x4E, 0xA5, ++ 0xBF, 0xD1, 0x60, 0x43, 0xF4, 0x3C, 0xB4, ++ 0x19, 0x81, 0xF6, 0xAD, 0xEE, 0x9D, 0x03, ++ 0x15, 0x9E, 0x7A, 0xD9, 0xD1, 0x3C, 0x53, ++ 0x36, 0x95, 0x09, 0xFC, 0x1F, 0xA2, 0x7C, ++ 0x16, 0xEF, 0x98, 0x87, 0x70, 0x3A, 0x55, ++ 0xB5, 0x1B, 0x22, 0xCB, 0xF4, 0x4C, 0xD0, ++ 0x12, 0xAE, 0xE0, 0xB2, 0x79, 0x8E, 0x62, ++ 0x84, 0x23, 0x42, 0x8E, 0xFC, 0xD5, 0xA4, ++ 0x0C, 0xAE, 0xF6, 0xBF, 0x50, 0xD8, 0xEA, ++ 0x88, 0x5E, 0xBF, 0x73, 0xA6, 0xB9, 0xFD, ++ 0x79, 0xB5, 0xE1, 0x8F, 0x67, 0xD1, 0x34, ++ 0x1A, 0xC8, 0x23, 0x7A, 0x75, 0xC3, 0xCF, ++ 0xC9, 0x20, 0x04, 0xA1, 0xC5, 0xA4, 0x0E, ++ 0x36, 0x6B, 0xC4, 0x4D, 0x00, 0x17, 0x6A, ++ 0xF7, 0x1C, 0x15, 0xE4, 0x8C, 0x86, 0xD3, ++ 0x7E, 0x01, 0x37, 0x23, 0xCA, 0xAC, 0x72, ++ 0x23, 0xAB, 0x3B, 0xF4, 0xD5, 0x4F, 0x18, ++ 0x28, 0x71, 0x3B, 0x2B, 0x4A, 0x6F, 0xE4, ++ 0x0F, 0xAB, 0x74, 0x40, 0x5C, 0xB7, 0x38, ++ 0xB0, 0x64, 0xC0, 0x6E, 0xCC, 0x76, 0xE9, ++ 0xEF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xFF ++}; ++ ++const gnutls_datum_t gnutls_modp_8192_group_prime = { ++ (void *) modp_params_8192, sizeof(modp_params_8192) ++}; ++const gnutls_datum_t gnutls_modp_8192_group_q = { ++ (void *) modp_q_8192, sizeof(modp_q_8192) ++}; ++const gnutls_datum_t gnutls_modp_8192_group_generator = { ++ (void *) &modp_generator, sizeof(modp_generator) ++}; ++const unsigned int gnutls_modp_8192_key_bits = 512; ++ + #endif +diff --git a/lib/dh.h b/lib/dh.h +index 9f3dc2a70..a64a4eb5e 100644 +--- a/lib/dh.h ++++ b/lib/dh.h +@@ -31,4 +31,33 @@ _gnutls_figure_dh_params(gnutls_session_t session, gnutls_dh_params_t dh_params, + + int _gnutls_set_cred_dh_params(gnutls_dh_params_t *cparams, gnutls_sec_param_t sec_param); + ++/* The static parameters defined in RFC 3526, used for the approved ++ * primes check in SP800-56A (Appendix D). ++ */ ++ ++extern const gnutls_datum_t gnutls_modp_8192_group_prime; ++extern const gnutls_datum_t gnutls_modp_8192_group_q; ++extern const gnutls_datum_t gnutls_modp_8192_group_generator; ++extern const unsigned int gnutls_modp_8192_key_bits; ++ ++extern const gnutls_datum_t gnutls_modp_6144_group_prime; ++extern const gnutls_datum_t gnutls_modp_6144_group_q; ++extern const gnutls_datum_t gnutls_modp_6144_group_generator; ++extern const unsigned int gnutls_modp_6144_key_bits; ++ ++extern const gnutls_datum_t gnutls_modp_4096_group_prime; ++extern const gnutls_datum_t gnutls_modp_4096_group_q; ++extern const gnutls_datum_t gnutls_modp_4096_group_generator; ++extern const unsigned int gnutls_modp_4096_key_bits; ++ ++extern const gnutls_datum_t gnutls_modp_3072_group_prime; ++extern const gnutls_datum_t gnutls_modp_3072_group_q; ++extern const gnutls_datum_t gnutls_modp_3072_group_generator; ++extern const unsigned int gnutls_modp_3072_key_bits; ++ ++extern const gnutls_datum_t gnutls_modp_2048_group_prime; ++extern const gnutls_datum_t gnutls_modp_2048_group_q; ++extern const gnutls_datum_t gnutls_modp_2048_group_generator; ++extern const unsigned int gnutls_modp_2048_key_bits; ++ + #endif /* GNUTLS_LIB_DH_H */ +-- +2.26.2 + + +From 3f4532862bf9140976d970ab14e102cede61d1c7 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Fri, 26 Jun 2020 10:21:26 +0200 +Subject: [PATCH 2/2] dhe: check if DH params in SKE match the FIPS approved + algorithms + +SP800-56A rev. 3 restricts the FIPS compliant clients to use only +approved DH parameters, defined in RFC 7919 and RFC 3526. This adds a +check in the handling of ServerKeyExchange if DHE is negotiated. + +Signed-off-by: Daiki Ueno +--- + doc/credentials/Makefile.am | 24 ++++ + .../dhparams/rfc2409-group-1-768.pem | 5 + + .../dhparams/rfc2409-group-2-1024.pem | 5 + + .../dhparams/rfc3526-group-14-2048.pem | 8 ++ + .../dhparams/rfc3526-group-15-3072.pem | 11 ++ + .../dhparams/rfc3526-group-16-4096.pem | 13 ++ + .../dhparams/rfc3526-group-17-6144.pem | 19 +++ + .../dhparams/rfc3526-group-18-8192.pem | 24 ++++ + .../dhparams/rfc3526-group-5-1536.pem | 7 + + doc/credentials/dhparams/rfc5054-1024.pem | 5 + + doc/credentials/dhparams/rfc5054-1536.pem | 7 + + doc/credentials/dhparams/rfc5054-2048.pem | 8 ++ + doc/credentials/dhparams/rfc5054-3072.pem | 11 ++ + doc/credentials/dhparams/rfc5054-4096.pem | 13 ++ + doc/credentials/dhparams/rfc5054-6144.pem | 19 +++ + doc/credentials/dhparams/rfc5054-8192.pem | 24 ++++ + .../dhparams/rfc5114-group-22-1024.pem | 8 ++ + .../dhparams/rfc5114-group-23-2048.pem | 13 ++ + .../dhparams/rfc5114-group-24-2048.pem | 13 ++ + .../dhparams/rfc7919-ffdhe2048.pem | 8 ++ + .../dhparams/rfc7919-ffdhe3072.pem | 11 ++ + .../dhparams/rfc7919-ffdhe4096.pem | 14 ++ + .../dhparams/rfc7919-ffdhe6144.pem | 19 +++ + .../dhparams/rfc7919-ffdhe8192.pem | 24 ++++ + lib/auth/dh_common.c | 8 ++ + lib/dh-primes.c | 34 +++++ + lib/dh.h | 6 + + tests/Makefile.am | 2 + + tests/client-sign-md5-rep.c | 5 + + tests/dh-fips-approved.sh | 127 ++++++++++++++++++ + tests/utils.c | 58 ++++---- + 31 files changed, 521 insertions(+), 32 deletions(-) + create mode 100644 doc/credentials/dhparams/rfc2409-group-1-768.pem + create mode 100644 doc/credentials/dhparams/rfc2409-group-2-1024.pem + create mode 100644 doc/credentials/dhparams/rfc3526-group-14-2048.pem + create mode 100644 doc/credentials/dhparams/rfc3526-group-15-3072.pem + create mode 100644 doc/credentials/dhparams/rfc3526-group-16-4096.pem + create mode 100644 doc/credentials/dhparams/rfc3526-group-17-6144.pem + create mode 100644 doc/credentials/dhparams/rfc3526-group-18-8192.pem + create mode 100644 doc/credentials/dhparams/rfc3526-group-5-1536.pem + create mode 100644 doc/credentials/dhparams/rfc5054-1024.pem + create mode 100644 doc/credentials/dhparams/rfc5054-1536.pem + create mode 100644 doc/credentials/dhparams/rfc5054-2048.pem + create mode 100644 doc/credentials/dhparams/rfc5054-3072.pem + create mode 100644 doc/credentials/dhparams/rfc5054-4096.pem + create mode 100644 doc/credentials/dhparams/rfc5054-6144.pem + create mode 100644 doc/credentials/dhparams/rfc5054-8192.pem + create mode 100644 doc/credentials/dhparams/rfc5114-group-22-1024.pem + create mode 100644 doc/credentials/dhparams/rfc5114-group-23-2048.pem + create mode 100644 doc/credentials/dhparams/rfc5114-group-24-2048.pem + create mode 100644 doc/credentials/dhparams/rfc7919-ffdhe2048.pem + create mode 100644 doc/credentials/dhparams/rfc7919-ffdhe3072.pem + create mode 100644 doc/credentials/dhparams/rfc7919-ffdhe4096.pem + create mode 100644 doc/credentials/dhparams/rfc7919-ffdhe6144.pem + create mode 100644 doc/credentials/dhparams/rfc7919-ffdhe8192.pem + create mode 100755 tests/dh-fips-approved.sh + +diff --git a/doc/credentials/Makefile.am b/doc/credentials/Makefile.am +index ecdd57a10..25778856f 100644 +--- a/doc/credentials/Makefile.am ++++ b/doc/credentials/Makefile.am +@@ -31,3 +31,27 @@ EXTRA_DIST += srp-passwd.txt srp-tpasswd.conf + + EXTRA_DIST += psk-passwd.txt + ++EXTRA_DIST += \ ++ dhparams/rfc2409-group-1-768.pem \ ++ dhparams/rfc2409-group-2-1024.pem \ ++ dhparams/rfc3526-group-14-2048.pem \ ++ dhparams/rfc3526-group-15-3072.pem \ ++ dhparams/rfc3526-group-16-4096.pem \ ++ dhparams/rfc3526-group-17-6144.pem \ ++ dhparams/rfc3526-group-18-8192.pem \ ++ dhparams/rfc3526-group-5-1536.pem \ ++ dhparams/rfc5054-1024.pem \ ++ dhparams/rfc5054-1536.pem \ ++ dhparams/rfc5054-2048.pem \ ++ dhparams/rfc5054-3072.pem \ ++ dhparams/rfc5054-4096.pem \ ++ dhparams/rfc5054-6144.pem \ ++ dhparams/rfc5054-8192.pem \ ++ dhparams/rfc5114-group-22-1024.pem \ ++ dhparams/rfc5114-group-23-2048.pem \ ++ dhparams/rfc5114-group-24-2048.pem \ ++ dhparams/rfc7919-ffdhe2048.pem \ ++ dhparams/rfc7919-ffdhe3072.pem \ ++ dhparams/rfc7919-ffdhe4096.pem \ ++ dhparams/rfc7919-ffdhe6144.pem \ ++ dhparams/rfc7919-ffdhe8192.pem +diff --git a/doc/credentials/dhparams/rfc2409-group-1-768.pem b/doc/credentials/dhparams/rfc2409-group-1-768.pem +new file mode 100644 +index 000000000..33a617018 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc2409-group-1-768.pem +@@ -0,0 +1,5 @@ ++-----BEGIN DH PARAMETERS----- ++MGYCYQD//////////8kP2qIhaMI0xMZii4DcHNEpAk4IimfMdAILvqY7E5siUUoI ++eY40BN3vlRmzzTpDGzArCm3yXxQ3T+E1bW1RwkXkhbV2Yl5+xvRMQummOjYg//// ++//////8CAQI= ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc2409-group-2-1024.pem b/doc/credentials/dhparams/rfc2409-group-2-1024.pem +new file mode 100644 +index 000000000..bbfb1bfb6 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc2409-group-2-1024.pem +@@ -0,0 +1,5 @@ ++-----BEGIN DH PARAMETERS----- ++MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE ++3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/ta ++iZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc3526-group-14-2048.pem b/doc/credentials/dhparams/rfc3526-group-14-2048.pem +new file mode 100644 +index 000000000..b15071532 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc3526-group-14-2048.pem +@@ -0,0 +1,8 @@ ++-----BEGIN DH PARAMETERS----- ++MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb ++IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft ++awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT ++mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh ++fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq ++5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg== ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc3526-group-15-3072.pem b/doc/credentials/dhparams/rfc3526-group-15-3072.pem +new file mode 100644 +index 000000000..f27b77820 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc3526-group-15-3072.pem +@@ -0,0 +1,11 @@ ++-----BEGIN DH PARAMETERS----- ++MIIBiAKCAYEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb ++IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft ++awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT ++mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh ++fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq ++5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM ++fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq ++ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqTrS ++yv//////////AgEC ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc3526-group-16-4096.pem b/doc/credentials/dhparams/rfc3526-group-16-4096.pem +new file mode 100644 +index 000000000..a734b9050 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc3526-group-16-4096.pem +@@ -0,0 +1,13 @@ ++-----BEGIN DH PARAMETERS----- ++MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb ++IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft ++awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT ++mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh ++fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq ++5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM ++fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq ++ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI ++ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O +++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI ++HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI= ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc3526-group-17-6144.pem b/doc/credentials/dhparams/rfc3526-group-17-6144.pem +new file mode 100644 +index 000000000..d8307bda3 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc3526-group-17-6144.pem +@@ -0,0 +1,19 @@ ++-----BEGIN DH PARAMETERS----- ++MIIDCAKCAwEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb ++IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft ++awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT ++mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh ++fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq ++5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM ++fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq ++ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI ++ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O +++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI ++HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG ++3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU ++7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId ++A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha ++xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/ ++8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebcxA ++JP//////////AgEC ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc3526-group-18-8192.pem b/doc/credentials/dhparams/rfc3526-group-18-8192.pem +new file mode 100644 +index 000000000..af54dd656 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc3526-group-18-8192.pem +@@ -0,0 +1,24 @@ ++-----BEGIN DH PARAMETERS----- ++MIIECAKCBAEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb ++IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft ++awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT ++mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh ++fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq ++5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM ++fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq ++ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI ++ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O +++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI ++HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG ++3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU ++7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId ++A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha ++xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/ ++8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebb4R ++WXSjkm8S/uXkOHd8tqky34zYvsTQc7kxujvIMraNndMAdB+nv4r8R+0ldvaTa6Qk ++ZjqrY5xa5PVoNCO0dCvxyXgjjxbL451lLeP9uL78hIrZIiIuBKQDfAcT61eoGiPw ++xzRz/GRs6jBrS8vIhi+Dhd36nUt/osCH6HloMwPtW906Bis89bOieKZtKhP4P0T4 ++Ld8xDuB0q2o2RZfomaAlXcFk8xzFCEaFHfmrSBld7X6hsdUQvX7nTXP682vDHs+i ++aDWQRvTrh5+SQAlDi0gcbNeImgAu1e44K8kZDab8Am5HlVjkR1Z36aqeMFDidlaU ++38gfVuiAuW5xYMmA3Zjt09///////////wIBAg== ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc3526-group-5-1536.pem b/doc/credentials/dhparams/rfc3526-group-5-1536.pem +new file mode 100644 +index 000000000..44df6de65 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc3526-group-5-1536.pem +@@ -0,0 +1,7 @@ ++-----BEGIN DH PARAMETERS----- ++MIHHAoHBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR ++Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL ++/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7ORbPcIAfLihY78FmNpINhxV05pp ++Fj+o/STPX4NlXSPco62WHGLzViCFUrue1SkHcJaWbWcMNU5KvJgE8XRsCMojcyf/ ++/////////wIBAg== ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc5054-1024.pem b/doc/credentials/dhparams/rfc5054-1024.pem +new file mode 100644 +index 000000000..33aed9fab +--- /dev/null ++++ b/doc/credentials/dhparams/rfc5054-1024.pem +@@ -0,0 +1,5 @@ ++-----BEGIN DH PARAMETERS----- ++MIGHAoGBAO6vCrmts43WnDP4CvqPxehgcmGHdf88C56iMUycJWV21nTfdJbqgdM4 ++O0gT1pLG4ODV2OJQuYvkjklcHWCJ2tFdx9e0YVTWts6O9K1psV1JglWbKXvPGIXF ++KfVmZg5X7GjtvDwFcmzAL9TL9Jduqpr9UTj+g3ZDW5/GHS/A6wbjAgEC ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc5054-1536.pem b/doc/credentials/dhparams/rfc5054-1536.pem +new file mode 100644 +index 000000000..dc2db6b42 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc5054-1536.pem +@@ -0,0 +1,7 @@ ++-----BEGIN DH PARAMETERS----- ++MIHHAoHBAJ3vPK+5OSd6sfEqhheke7vbpR30maxMgL7uqWFLGcxNX09fVW4ny95R ++xqlL5GB6KRVYkDug0PhDgLZVu5oi6NzfAop87Gfw0IE0sci5eYkUm2CeC+O6tj1H ++VIOB28Wx/HZOP0tT3Z2hFYv9PiucjPVu3wGVOTSWJ9sv1T0kt8SGZXcuQ31sf4zk ++QnNK98y3roN8Jkrjqb64f4ov6bi1KS5aAh//XpFHnoznoowkQsbzFRgPk0maI03P ++duP+0TX5uwIBAg== ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc5054-2048.pem b/doc/credentials/dhparams/rfc5054-2048.pem +new file mode 100644 +index 000000000..814e70ce6 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc5054-2048.pem +@@ -0,0 +1,8 @@ ++-----BEGIN DH PARAMETERS----- ++MIIBCAKCAQEArGvbQTJKmpvxZt5eE4lYL69ytmUZh+4H/DGSlD21YFCjcynLtKCZ ++7YGT4HV3Z6E91SMSq0sDMQ3Nf0ip2gT9UOgIOWntt2ewz2CVF5oWOrNmGgX71fqq ++6CkYqZYvC5O4Vfl5k+yXXuqoDXQK2/T/dHNZ0EHVwz6nHSgeRGsUdzvKl7Q6I/uA ++Fna9IHpDbGSB8dK5B4cXRhpbnTLmiPh3SFRFI7UksNV9Xqd6J3XS7PoDLPvb9S+z ++eGFgJ5AE5Xrmr4dOcwPOUymczAQce8MI2CpWmPOo0MOCca41+Onb+7aUtcgD2J96 ++5DXeI21SX1R1m2XjcvzWjvIPpxEfnkr/cwIBAg== ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc5054-3072.pem b/doc/credentials/dhparams/rfc5054-3072.pem +new file mode 100644 +index 000000000..d84b2424a +--- /dev/null ++++ b/doc/credentials/dhparams/rfc5054-3072.pem +@@ -0,0 +1,11 @@ ++-----BEGIN DH PARAMETERS----- ++MIIBiAKCAYEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb ++IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft ++awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT ++mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh ++fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq ++5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM ++fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq ++ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqTrS ++yv//////////AgEF ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc5054-4096.pem b/doc/credentials/dhparams/rfc5054-4096.pem +new file mode 100644 +index 000000000..99ca4456b +--- /dev/null ++++ b/doc/credentials/dhparams/rfc5054-4096.pem +@@ -0,0 +1,13 @@ ++-----BEGIN DH PARAMETERS----- ++MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb ++IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft ++awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT ++mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh ++fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq ++5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM ++fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq ++ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI ++ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O +++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI ++HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQU= ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc5054-6144.pem b/doc/credentials/dhparams/rfc5054-6144.pem +new file mode 100644 +index 000000000..97d8d21a9 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc5054-6144.pem +@@ -0,0 +1,19 @@ ++-----BEGIN DH PARAMETERS----- ++MIIDCAKCAwEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb ++IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft ++awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT ++mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh ++fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq ++5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM ++fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq ++ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI ++ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O +++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI ++HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG ++3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU ++7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId ++A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha ++xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/ ++8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebcxA ++JP//////////AgEF ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc5054-8192.pem b/doc/credentials/dhparams/rfc5054-8192.pem +new file mode 100644 +index 000000000..bb54575c7 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc5054-8192.pem +@@ -0,0 +1,24 @@ ++-----BEGIN DH PARAMETERS----- ++MIIECAKCBAEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb ++IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft ++awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT ++mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh ++fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq ++5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM ++fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq ++ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI ++ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O +++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI ++HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG ++3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU ++7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId ++A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha ++xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/ ++8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebb4R ++WXSjkm8S/uXkOHd8tqky34zYvsTQc7kxujvIMraNndMAdB+nv4r8R+0ldvaTa6Qk ++ZjqrY5xa5PVoNCO0dCvxyXgjjxbL451lLeP9uL78hIrZIiIuBKQDfAcT61eoGiPw ++xzRz/GRs6jBrS8vIhi+Dhd36nUt/osCH6HloMwPtW906Bis89bOieKZtKhP4P0T4 ++Ld8xDuB0q2o2RZfomaAlXcFk8xzFCEaFHfmrSBld7X6hsdUQvX7nTXP682vDHs+i ++aDWQRvTrh5+SQAlDi0gcbNeImgAu1e44K8kZDab8Am5HlVjkR1Z36aqeMFDidlaU ++38gfVuiAuW5xYMmA3Zjt09///////////wIBEw== ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc5114-group-22-1024.pem b/doc/credentials/dhparams/rfc5114-group-22-1024.pem +new file mode 100644 +index 000000000..759afcb2f +--- /dev/null ++++ b/doc/credentials/dhparams/rfc5114-group-22-1024.pem +@@ -0,0 +1,8 @@ ++-----BEGIN DH PARAMETERS----- ++MIIBCAKBgQCxC4+WoIDgHd6S3l6uXVTsUsmfvPsGo8aaap3KUtI7YWBz4oZ1oj0Y ++mDjvHi7mUsAT7LSuqQYRIySXXDzUm4O/rMvdfZDEvXCYSI6cIZpzck7/1vrlZEc4 +++qMaT/VbzMChUa9fDci0vUW/N982XBpl5oz9p21NpwjfH7K8LkpDcQKBgQCk0cvV ++w/00EmdlpELvuZkF+BBN0lisUH/WQGz/FCZtMSZv6h5cQVZLd35pD1UE8hMWAhe0 ++sBuIal6RVH+eJ0n01/vX07mpLuGQnQ0iY/gKdqaiTAh6CR9THb8KAWm2oorWYqTR ++jnOvoy13nVkY0IvIhY9Nzvl8KiSFXm7rIrOy5Q== ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc5114-group-23-2048.pem b/doc/credentials/dhparams/rfc5114-group-23-2048.pem +new file mode 100644 +index 000000000..d4f360ef2 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc5114-group-23-2048.pem +@@ -0,0 +1,13 @@ ++-----BEGIN DH PARAMETERS----- ++MIICCgKCAQEArRB+HpEjqdDWYPqnlVnFH6INZOVoO5/RtUsVl7YdCnXm+hQd+VpW ++26+aPEB7od8V6z1oijCcGA4d5rhaEnSgpm0/gVKtasISkDfJ7e/aTfjZHo/vVbc5 ++S3rVt9C2wSIHyfmNEe002/bGugssi7wnvmoA4KC5xJcIs7+KMXCRiDaBKGEwvImF ++2xYC5xRBXZMwJ4Jzx94x79xzEPcSH9WgdBWYfZrcCkhtzfk6zEQyg4cxXXXhmMZB ++pIDNhqG55YfovmDmnMkosrnFIXLkEwQumyPxCw4W55djybU9z0uoCinj+3PBa451 ++uX7zY+L/ox9xz53lOE5xuBwKxN/+DBDmTwKCAQEArEAy708tmuOd8wtcj/2sUGze ++vnuJmYyvdIZqCM/k/+OmgkpOELmm8N2SHwGnDEr6q3OddwDCn1LFfbF8YgqGUr5e ++kAGo1mrXwXZpEBmZAkr00CcnWsE0i7inYtBSG8mK4kcVBCLqHtQJk51U2nRgzbX2 ++xrJQcXy+8YDrNBGOmNEZUppF1vg0Vm4wJeMWozDvu3eobwwasVsFGuPUKMj4rLcK ++gTcVC47rEOGD7dGZY93Z4mPkdwWJ72qiHn9fL/OBtTnM40CdE81Wavu0jWwBkYHh ++vP6UswJp7f5y/ptqpL17Wg8ccc//TBnEGOH27AF5gbwIfypwZbOEuJDTGR8r+g== ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc5114-group-24-2048.pem b/doc/credentials/dhparams/rfc5114-group-24-2048.pem +new file mode 100644 +index 000000000..dc0211648 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc5114-group-24-2048.pem +@@ -0,0 +1,13 @@ ++-----BEGIN DH PARAMETERS----- ++MIICCQKCAQEAh6jmHbS2Zjz/u9GcZRlZmYzu9ghmDdDyXSzu1ENeOwDgDfjx1hlX ++1Pr330VhsqowFsPZETQJb6o79Cltgw6afCCeDGSXUXq9WoqdMGvPZ+2R+eZyW0dY ++wCLgse9Cdb97bFv8EdRfkIi5QfVOseWbuLw5oL8SMH9cT9twxYGyP3a2Osrhyqa3 ++kC1SUmc1SIoO8TxtmlG/pKs62DR3llJNjvahZ7WkGCXZZ+FE5RQFZCUcysuD5rSG ++9rPKP3lxUGAmwLhX9omWKFbe1AEKvQvmIcOjlgpU5xDDdfJjddcBQQOktUMwwZiv ++EmEW0iduEXFfaTh3+tfvCcrbCUrpHhoVlwKCAQA/syybcxNNCy53UGZg7b1ITKex ++jyHvIFQH9Hk6GguhJRDbwVB3vkY//0/tSqwLtVW+OmwbDGtHsbw3c79+jG9ikBIo +++MKMuxilWuMTQQAKZQGW+THHelfy3fRj5ensFEt3feYqqrioYorDdtKC1u04ZOZ5 ++gkKOvIMdFDSPby+Rk7UEWvJ2cWTh38lnwfs/LlWkvRv/6DucgNBSuYXRguoK2yo7 ++cxPT/hTISEseBSWIubfSu9LfAWGZ7NBuFVfNCRWzNTu7ZODsN3/QKDcN+StSx4kU ++KM3GfrYYS1I9HbJGwy9jB4SQ8A741kfRSNR5VFFeIyfP75jFgmZLTA9sxBZZ ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc7919-ffdhe2048.pem b/doc/credentials/dhparams/rfc7919-ffdhe2048.pem +new file mode 100644 +index 000000000..9b182b720 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc7919-ffdhe2048.pem +@@ -0,0 +1,8 @@ ++-----BEGIN DH PARAMETERS----- ++MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz +++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a ++87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 ++YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi ++7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD ++ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg== ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc7919-ffdhe3072.pem b/doc/credentials/dhparams/rfc7919-ffdhe3072.pem +new file mode 100644 +index 000000000..fb31ccda5 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc7919-ffdhe3072.pem +@@ -0,0 +1,11 @@ ++-----BEGIN DH PARAMETERS----- ++MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz +++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a ++87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 ++YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi ++7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD ++ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 ++7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 ++nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu ++N///////////AgEC ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc7919-ffdhe4096.pem b/doc/credentials/dhparams/rfc7919-ffdhe4096.pem +new file mode 100644 +index 000000000..ad9f68b1e +--- /dev/null ++++ b/doc/credentials/dhparams/rfc7919-ffdhe4096.pem +@@ -0,0 +1,14 @@ ++-----BEGIN DH PARAMETERS----- ++MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz +++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a ++87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 ++YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi ++7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD ++ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 ++7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 ++nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e ++8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx ++iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K ++zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI= ++-----END DH PARAMETERS----- ++ +diff --git a/doc/credentials/dhparams/rfc7919-ffdhe6144.pem b/doc/credentials/dhparams/rfc7919-ffdhe6144.pem +new file mode 100644 +index 000000000..d8239bb05 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc7919-ffdhe6144.pem +@@ -0,0 +1,19 @@ ++-----BEGIN DH PARAMETERS----- ++MIIDCAKCAwEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz +++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a ++87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 ++YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi ++7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD ++ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 ++7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 ++nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e ++8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx ++iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K ++zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq ++OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE ++HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj ++w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8 ++vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70 ++A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKc0OQO ++Zf//////////AgEC ++-----END DH PARAMETERS----- +diff --git a/doc/credentials/dhparams/rfc7919-ffdhe8192.pem b/doc/credentials/dhparams/rfc7919-ffdhe8192.pem +new file mode 100644 +index 000000000..4484cf885 +--- /dev/null ++++ b/doc/credentials/dhparams/rfc7919-ffdhe8192.pem +@@ -0,0 +1,24 @@ ++-----BEGIN DH PARAMETERS----- ++MIIECAKCBAEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz +++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a ++87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 ++YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi ++7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD ++ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 ++7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 ++nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e ++8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx ++iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K ++zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq ++OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE ++HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj ++w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8 ++vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70 ++A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKcz/Rq ++qjatAEz2AMg4HkJaMdlRrmT9sj/OyVCdQ2h/62nt0cxeC4zDvfZLEO+GtjFCo6uI ++KVVbL3R8kyZlyywPHMAb1wIpOIg50q8F5FRQSseLdYKCKEbAujXDX1xZFgzARv2C ++UVQfxoychrAiu3CZh2pGDnRRqKkxCXA/7hwhfmw4JuUsUappHg5CPPyZ6eMWUMEh ++e2JIFs2tmpX51bgBlIjZwKCh/jB1pXfiMYP4HUo/L6RXHvyM4LqKT+i2hV3+crCm ++bt7S+6v75Yow+vq+HF1xqH4vdB74wf6G/qa7/eUwZ38Nl9EdSfeoRD0IIuUGqfRh ++TgEeKpSDj/iM1oyLt8XGQkz//////////wIBAg== ++-----END DH PARAMETERS----- +diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c +index 19c205bbe..252eea0cb 100644 +--- a/lib/auth/dh_common.c ++++ b/lib/auth/dh_common.c +@@ -257,6 +257,14 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, + } + } + ++#ifdef ENABLE_FIPS140 ++ if (gnutls_fips140_mode_enabled() && ++ !_gnutls_dh_prime_is_fips_approved(data_p, n_p, data_g, n_g)) { ++ gnutls_assert(); ++ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; ++ } ++#endif ++ + if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.params.params[DH_G], data_g, _n_g) != 0) { + gnutls_assert(); + return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; +diff --git a/lib/dh-primes.c b/lib/dh-primes.c +index 5d2dce0fb..a43a8e5de 100644 +--- a/lib/dh-primes.c ++++ b/lib/dh-primes.c +@@ -1893,4 +1893,38 @@ const gnutls_datum_t gnutls_modp_8192_group_generator = { + }; + const unsigned int gnutls_modp_8192_key_bits = 512; + ++unsigned ++_gnutls_dh_prime_is_fips_approved(const uint8_t *prime, ++ size_t prime_size, ++ const uint8_t *generator, ++ size_t generator_size) ++{ ++ static const struct { ++ const gnutls_datum_t *prime; ++ const gnutls_datum_t *generator; ++ } primes[] = { ++ { &gnutls_ffdhe_8192_group_prime, &gnutls_ffdhe_8192_group_generator }, ++ { &gnutls_ffdhe_6144_group_prime, &gnutls_ffdhe_6144_group_generator }, ++ { &gnutls_ffdhe_4096_group_prime, &gnutls_ffdhe_4096_group_generator }, ++ { &gnutls_ffdhe_3072_group_prime, &gnutls_ffdhe_3072_group_generator }, ++ { &gnutls_ffdhe_2048_group_prime, &gnutls_ffdhe_2048_group_generator }, ++ { &gnutls_modp_8192_group_prime, &gnutls_modp_8192_group_generator }, ++ { &gnutls_modp_6144_group_prime, &gnutls_modp_6144_group_generator }, ++ { &gnutls_modp_4096_group_prime, &gnutls_modp_4096_group_generator }, ++ { &gnutls_modp_3072_group_prime, &gnutls_modp_3072_group_generator }, ++ { &gnutls_modp_2048_group_prime, &gnutls_modp_2048_group_generator }, ++ }; ++ size_t i; ++ ++ for (i = 0; i < sizeof(primes) / sizeof(primes[0]); i++) { ++ if (primes[i].prime->size == prime_size && ++ memcmp(primes[i].prime->data, prime, primes[i].prime->size) == 0 && ++ primes[i].generator->size == generator_size && ++ memcmp(primes[i].generator->data, generator, primes[i].generator->size) == 0) ++ return 1; ++ } ++ ++ return 0; ++} ++ + #endif +diff --git a/lib/dh.h b/lib/dh.h +index a64a4eb5e..672451947 100644 +--- a/lib/dh.h ++++ b/lib/dh.h +@@ -60,4 +60,10 @@ extern const gnutls_datum_t gnutls_modp_2048_group_q; + extern const gnutls_datum_t gnutls_modp_2048_group_generator; + extern const unsigned int gnutls_modp_2048_key_bits; + ++unsigned ++_gnutls_dh_prime_is_fips_approved(const uint8_t *prime, ++ size_t prime_size, ++ const uint8_t *generator, ++ size_t generator_size); ++ + #endif /* GNUTLS_LIB_DH_H */ +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 7cdf828e0..13d7ba385 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -522,6 +522,8 @@ endif + + dist_check_SCRIPTS += gnutls-cli-self-signed.sh gnutls-cli-invalid-crl.sh gnutls-cli-rawpk.sh + ++dist_check_SCRIPTS += dh-fips-approved.sh ++ + if ENABLE_PKCS11 + dist_check_SCRIPTS += p11-kit-trust.sh testpkcs11.sh certtool-pkcs11.sh + +diff --git a/tests/client-sign-md5-rep.c b/tests/client-sign-md5-rep.c +index 1c7877fbd..b1ad46ce9 100644 +--- a/tests/client-sign-md5-rep.c ++++ b/tests/client-sign-md5-rep.c +@@ -468,6 +468,11 @@ void doit(void) + int sockets[2]; + int err; + ++ /* tls1_hello contains ServerKeyExchange with custom DH ++ * parameters */ ++ if (gnutls_fips140_mode_enabled()) ++ exit(77); ++ + signal(SIGPIPE, SIG_IGN); + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); +diff --git a/tests/dh-fips-approved.sh b/tests/dh-fips-approved.sh +new file mode 100755 +index 000000000..136dd15f3 +--- /dev/null ++++ b/tests/dh-fips-approved.sh +@@ -0,0 +1,127 @@ ++#!/bin/sh ++ ++# Copyright (C) 2017 Nikos Mavrogiannopoulos ++# ++# Author: Nikos Mavrogiannopoulos ++# ++# This file is part of GnuTLS. ++# ++# GnuTLS is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by the ++# Free Software Foundation; either version 3 of the License, or (at ++# your option) any later version. ++# ++# GnuTLS is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# General Public License for more details. ++# ++# You should have received a copy of the GNU Lesser General Public License ++# along with this program. If not, see ++ ++srcdir="${srcdir:-.}" ++SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" ++CLI="${CLI:-../src/gnutls-cli${EXEEXT}}" ++unset RETCODE ++ ++if ! test -x "${SERV}"; then ++ exit 77 ++fi ++ ++if ! test -x "${CLI}"; then ++ exit 77 ++fi ++ ++if test "${WINDIR}" != ""; then ++ exit 77 ++fi ++ ++if ! test -z "${VALGRIND}"; then ++ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" ++fi ++ ++ ++SERV="${SERV} -q" ++ ++. "${srcdir}/scripts/common.sh" ++ ++KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem ++CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem ++CA1=${srcdir}/../doc/credentials/x509/ca.pem ++ ++ALLOWED_PARAMS=" ++rfc3526-group-14-2048 ++rfc3526-group-15-3072 ++rfc3526-group-16-4096 ++rfc3526-group-17-6144 ++rfc3526-group-18-8192 ++rfc7919-ffdhe2048 ++rfc7919-ffdhe3072 ++rfc7919-ffdhe4096 ++rfc7919-ffdhe6144 ++rfc7919-ffdhe8192 ++" ++ ++DISALLOWED_PARAMS=" ++rfc2409-group-2-1024 ++rfc3526-group-5-1536 ++rfc5054-1024 ++rfc5054-1536 ++rfc5054-2048 ++rfc5054-3072 ++rfc5054-4096 ++rfc5054-6144 ++rfc5054-8192 ++rfc5114-group-22-1024 ++rfc5114-group-23-2048 ++rfc5114-group-24-2048 ++" ++ ++OPTS="--priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA:+AES-128-GCM:-GROUP-ALL" ++ ++for params in $ALLOWED_PARAMS; do ++ echo "Checking with approved DH params: $params" ++ ++ PARAMS=${srcdir}/../doc/credentials/dhparams/${params}.pem ++ ++ eval "${GETPORT}" ++ launch_server $$ ${OPTS} --x509keyfile ${KEY1} --x509certfile ${CERT1} --dhparams ${PARAMS} ++ PID=$! ++ wait_server ${PID} ++ ++ ${VALGRIND} "${CLI}" ${OPTS} -p "${PORT}" 127.0.0.1 --verify-hostname=localhost --x509cafile ${CA1} /dev/null || \ ++ fail ${PID} "handshake should have succeeded!" ++ ++ kill ${PID} ++ wait ++done ++ ++for params in $DISALLOWED_PARAMS; do ++ echo "Checking with non-approved DH params: $params" ++ ++ PARAMS=${srcdir}/../doc/credentials/dhparams/${params}.pem ++ ++ eval "${GETPORT}" ++ launch_server $$ ${OPTS} --x509keyfile ${KEY1} --x509certfile ${CERT1} --dhparams ${PARAMS} ++ PID=$! ++ wait_server ${PID} ++ ++ ${VALGRIND} "${CLI}" ${OPTS} -p "${PORT}" 127.0.0.1 --verify-hostname=localhost --x509cafile ${CA1} /dev/null ++ ++ RET=$? ++ ++ if test $RET -eq 0; then ++ if test "${GNUTLS_FORCE_FIPS_MODE}" = 1; then ++ fail ${PID} "handshake should have failed (FIPS mode 1)!" ++ fi ++ else ++ if test "${GNUTLS_FORCE_FIPS_MODE}" != 1; then ++ fail ${PID} "handshake should have succeeded (FIPS mode 0)!" ++ fi ++ fi ++ ++ kill ${PID} ++ wait ++done ++ ++exit 0 +diff --git a/tests/utils.c b/tests/utils.c +index 9186a1757..60cd79b35 100644 +--- a/tests/utils.c ++++ b/tests/utils.c +@@ -50,47 +50,41 @@ int debug = 0; + int error_count = 0; + int break_on_error = 0; + ++/* doc/credentials/dhparams/rfc3526-group-14-2048.pem */ + const char *pkcs3 = + "-----BEGIN DH PARAMETERS-----\n" +- "MIGGAoGAtkxw2jlsVCsrfLqxrN+IrF/3W8vVFvDzYbLmxi2GQv9s/PQGWP1d9i22\n" +- "P2DprfcJknWt7KhCI1SaYseOQIIIAYP78CfyIpGScW/vS8khrw0rlQiyeCvQgF3O\n" +- "GeGOEywcw+oQT4SmFOD7H0smJe2CNyjYpexBXQ/A0mbTF9QKm1cCAQU=\n" ++ "MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n" ++ "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft\n" ++ "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n" ++ "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n" ++ "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n" ++ "5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==\n" + "-----END DH PARAMETERS-----\n"; + ++/* doc/credentials/dhparams/rfc7919-ffdhe2048.pem */ + const char *pkcs3_2048 = + "-----BEGIN DH PARAMETERS-----\n" +- "MIICDgKCAQEAvVNCqM8M9ZoVYBKEkV2KN8ELHHJ75aTZiK9z6170iKSgbITkOxsd\n" +- "aBCLzHZd7d6/2aNofUeuWdDGHm73d8v53ma2HRVCNESeC2LKsEDFG9FjjUeugvfl\n" +- "zb85TLZwWT9Lb35Ddhdk7CtxoukjS0/JkCE+8RGzmk5+57N8tNffs4aSSHSe4+cw\n" +- "i4wULDxiG2p052czAMP3YR5egWvMuiByhy0vKShiZmOy1/Os5r6E/GUF+298gDjG\n" +- "OeaEUF9snrTcoBwB4yNjVSEbuAh5fMd5zFtz2+dzrk9TYZ44u4DQYkgToW05WcmC\n" +- "+LG0bLAH6lrJR5OMgyheZEo6F20z/d2yyQKCAQEAtzcuTHW61SFQiDRouk6eD0Yx\n" +- "0k1RJdaQdlRf6/Dcc6lEqnbezL90THzvxkBwfJ5jG1VZE7JlVCvLRkBtgb0/6SCf\n" +- "MATfEKG2JMOnKsJxvidmKEp4uN32LketXRrrEBl7rS+HABEfKAzqx+J6trBaq25E\n" +- "7FVJFsyoa8IL8N8YUWwhE2UuEfmiqQQaeoIUYC/xD2arMXn9N0W84Nyy2S9IL4ct\n" +- "e3Azi1Wc8MMfpbxxDRxXCnM2uMkLYWs1lQmcUUX+Uygv3P8lgS+RJ1Pi3+BWMx0S\n" +- "ocsZXqOr6dbEF1WOLObQRK7h/MZp80iVUyrBgX0MbVFN9M5i2u4KKTG95VKRtgIC\n" +- "AQA=\n" "-----END DH PARAMETERS-----\n"; ++ "MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" ++ "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" ++ "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" ++ "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" ++ "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" ++ "ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==\n" ++ "-----END DH PARAMETERS-----\n"; + ++/* doc/credentials/dhparams/rfc7919-ffdhe3072.pem */ + const char *pkcs3_3072 = + "-----BEGIN DH PARAMETERS-----\n" +- "MIIDDgKCAYEAtRUay8nDgwE5dSVzW525wEu/d0vrFolvYJSevxg2myj5S+gr3Fgq\n" +- "OGaZc4zrBxkxsELc7GuCqaXSOWL4yobT8N05yGbYWkWRPf4crRMx3P7/Gba9WsmH\n" +- "BlL71uPf1IN9CanAlabkhV89RKiYaCpUI19+/sq+N2dO874ToBZCNhxZnTgRZ+po\n" +- "Gdr6XWM0lQ8imIKSer0px3ZHI+/5gmyPry35tGpwlbyclJAg3wlTSdnqDcLxq7AF\n" +- "OZ23PzC3ij7SFErOX9EFBdS2bjtU47O3OkPc9EIYMEv5nwnXICLHslwVifmURAjV\n" +- "LfpObL8LYGN4Gac4tFxuDa0PMg0ES5ADugYBwdRFTAtCy5WOYXINzAAOrH9MommT\n" +- "rMkELf7JOCaV2ktBsvTlrgMAXeyqbf2YSG6CGjj4QnUuqPybSgwPru7VlahsS2lo\n" +- "qjutBPpgIxS53o97Wi3V5kQedKJiNuIDNnJMFNuTADAM+OYwClTH7ZSwTsxEgVpr\n" +- "tMH+WnTI7KTJAoIBgQCrELwIUB4oNbf0x+fIpVndhDpl/WcFc/lDtmiRuym5gWbb\n" +- "NPeI+1rdhnS2R3+nCJODFQTcPNMgIJuSu2EnDCSs5xJ2k08SAgSzyxEdjBpY7qJe\n" +- "+lJPJ12zhcl0vgcvMhb/YgqVe2MKz0RvnYZPwHM/aJbjYjq/6OpK3fVw4M1ZccBK\n" +- "QD4OHK8HOvGU7Wf6kRIcxUlfn15spMCIsrAZQBddWLmQgktsxJNUS+AnaPwTBoOv\n" +- "nGCr1vzw8OS1DtS03VCmtqt3otXhJ3D2oCIG6ogxVAKfHR30KIfzZLBfmCjdzHmH\n" +- "x4OwYTN1wy5juA438QtiDtcgK60ZqSzQO08ZklRncA/TkkyEH6kPn5KSh/hW9O3D\n" +- "KZeAY/KF0/Bc1XNtqPEYFb7Vo3rbTsyjXkICN1Hk9S0OIKL42K7rWBepO9KuddSd\n" +- "aXgH9staP0HXCyyW1VAyqo0TwcWDhE/R7IQQGGwGyd4rD0T+ySW/t09ox23O6X8J\n" +- "FSp6mOVNcuvhB5U2gW8CAgEA\n" "-----END DH PARAMETERS-----\n"; ++ "MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" ++ "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" ++ "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" ++ "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" ++ "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" ++ "ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n" ++ "7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n" ++ "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu\n" ++ "N///////////AgEC\n" ++ "-----END DH PARAMETERS-----\n"; + + void _fail(const char *format, ...) + { +-- +2.26.2 + diff --git a/SOURCES/gnutls-3.6.14-fips-mode-check.patch b/SOURCES/gnutls-3.6.14-fips-mode-check.patch new file mode 100644 index 0000000..af9862f --- /dev/null +++ b/SOURCES/gnutls-3.6.14-fips-mode-check.patch @@ -0,0 +1,42 @@ +From d1dc655cd2c8ae417381e5f966941c75cfe287ee Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Thu, 4 Jun 2020 16:42:07 +0200 +Subject: [PATCH] _gnutls_fips_mode_enabled: treat selftest failure as FIPS + disabled + +Previously gnutls_fips140_mode_enabled() returned true, even after +selftests have failed and the library state has switched to error. +While later calls to crypto operations fails, it would be more +convenient to have a function to detect that state. + +Signed-off-by: Daiki Ueno +--- + lib/fips.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/lib/fips.c b/lib/fips.c +index acdd2ec23..f8b10f750 100644 +--- a/lib/fips.c ++++ b/lib/fips.c +@@ -491,8 +491,17 @@ unsigned gnutls_fips140_mode_enabled(void) + #ifdef ENABLE_FIPS140 + unsigned ret = _gnutls_fips_mode_enabled(); + +- if (ret > GNUTLS_FIPS140_DISABLED) ++ if (ret > GNUTLS_FIPS140_DISABLED) { ++ /* If the previous run of selftests has failed, return as if ++ * the FIPS mode is disabled. We could use HAVE_LIB_ERROR, if ++ * we can assume that all the selftests run atomically from ++ * the ELF constructor. ++ */ ++ if (_gnutls_get_lib_state() == LIB_STATE_ERROR) ++ return 0; ++ + return ret; ++ } + #endif + return 0; + } +-- +2.26.2 + diff --git a/SOURCES/gnutls-3.6.14-memcmp.patch b/SOURCES/gnutls-3.6.14-memcmp.patch new file mode 100644 index 0000000..a211c97 --- /dev/null +++ b/SOURCES/gnutls-3.6.14-memcmp.patch @@ -0,0 +1,131 @@ +From 9acc0f68320db4c7c6dadacb974e77c7fbca72a7 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Sun, 21 Jun 2020 16:03:54 +0200 +Subject: [PATCH] safe_memcmp: remove in favor of gnutls_memcmp + +Signed-off-by: Daiki Ueno +--- + lib/accelerated/x86/aes-xts-x86-aesni.c | 2 +- + lib/ext/pre_shared_key.c | 2 +- + lib/mem.h | 9 --------- + lib/nettle/cipher.c | 8 ++++---- + lib/tls13/finished.c | 2 +- + lib/x509/x509.c | 3 ++- + 6 files changed, 9 insertions(+), 17 deletions(-) + +diff --git a/lib/accelerated/x86/aes-xts-x86-aesni.c b/lib/accelerated/x86/aes-xts-x86-aesni.c +index 3371d0812..b904cbf00 100644 +--- a/lib/accelerated/x86/aes-xts-x86-aesni.c ++++ b/lib/accelerated/x86/aes-xts-x86-aesni.c +@@ -72,7 +72,7 @@ x86_aes_xts_cipher_setkey(void *_ctx, const void *userkey, size_t keysize) + + /* Check key block according to FIPS-140-2 IG A.9 */ + if (_gnutls_fips_mode_enabled()){ +- if (safe_memcmp(key, key + (keysize / 2), keysize / 2) == 0) { ++ if (gnutls_memcmp(key, key + (keysize / 2), keysize / 2) == 0) { + _gnutls_switch_lib_state(LIB_STATE_ERROR); + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + } +diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c +index fef67d341..240be2162 100644 +--- a/lib/ext/pre_shared_key.c ++++ b/lib/ext/pre_shared_key.c +@@ -650,7 +650,7 @@ static int server_recv_params(gnutls_session_t session, + } + + if (_gnutls_mac_get_algo_len(prf) != binder_recvd.size || +- safe_memcmp(binder_value, binder_recvd.data, binder_recvd.size)) { ++ gnutls_memcmp(binder_value, binder_recvd.data, binder_recvd.size)) { + gnutls_assert(); + ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; + goto fail; +diff --git a/lib/mem.h b/lib/mem.h +index dc838a2b4..d3eea97a4 100644 +--- a/lib/mem.h ++++ b/lib/mem.h +@@ -35,15 +35,6 @@ char *_gnutls_strdup(const char *); + + unsigned _gnutls_mem_is_zero(const uint8_t *ptr, unsigned size); + +-/* To avoid undefined behavior when s1 or s2 are null and n = 0 */ +-inline static +-int safe_memcmp(const void *s1, const void *s2, size_t n) +-{ +- if (n == 0) +- return 0; +- return memcmp(s1, s2, n); +-} +- + #define zrelease_mpi_key(mpi) if (*mpi!=NULL) { \ + _gnutls_mpi_clear(*mpi); \ + _gnutls_mpi_release(mpi); \ +diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c +index b0a52deb5..ec0c1ab04 100644 +--- a/lib/nettle/cipher.c ++++ b/lib/nettle/cipher.c +@@ -482,7 +482,7 @@ _xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key, + const uint8_t *key) + { + if (_gnutls_fips_mode_enabled() && +- safe_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) ++ gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) + _gnutls_switch_lib_state(LIB_STATE_ERROR); + + xts_aes128_set_encrypt_key(xts_key, key); +@@ -493,7 +493,7 @@ _xts_aes128_set_decrypt_key(struct xts_aes128_key *xts_key, + const uint8_t *key) + { + if (_gnutls_fips_mode_enabled() && +- safe_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) ++ gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0) + _gnutls_switch_lib_state(LIB_STATE_ERROR); + + xts_aes128_set_decrypt_key(xts_key, key); +@@ -504,7 +504,7 @@ _xts_aes256_set_encrypt_key(struct xts_aes256_key *xts_key, + const uint8_t *key) + { + if (_gnutls_fips_mode_enabled() && +- safe_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) ++ gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) + _gnutls_switch_lib_state(LIB_STATE_ERROR); + + xts_aes256_set_encrypt_key(xts_key, key); +@@ -515,7 +515,7 @@ _xts_aes256_set_decrypt_key(struct xts_aes256_key *xts_key, + const uint8_t *key) + { + if (_gnutls_fips_mode_enabled() && +- safe_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) ++ gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0) + _gnutls_switch_lib_state(LIB_STATE_ERROR); + + xts_aes256_set_decrypt_key(xts_key, key); +diff --git a/lib/tls13/finished.c b/lib/tls13/finished.c +index 68eab993e..ec646e673 100644 +--- a/lib/tls13/finished.c ++++ b/lib/tls13/finished.c +@@ -112,7 +112,7 @@ int _gnutls13_recv_finished(gnutls_session_t session) + #if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) + # warning This is unsafe for production builds + #else +- if (safe_memcmp(verifier, buf.data, buf.length) != 0) { ++ if (gnutls_memcmp(verifier, buf.data, buf.length) != 0) { + gnutls_assert(); + ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET; + goto cleanup; +diff --git a/lib/x509/x509.c b/lib/x509/x509.c +index 2091f3ae6..2b68fe440 100644 +--- a/lib/x509/x509.c ++++ b/lib/x509/x509.c +@@ -360,7 +360,8 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert) + } + + if (empty1 != empty2 || +- sp1.size != sp2.size || safe_memcmp(sp1.data, sp2.data, sp1.size) != 0) { ++ sp1.size != sp2.size || ++ (sp1.size > 0 && memcmp(sp1.data, sp2.data, sp1.size) != 0)) { + gnutls_assert(); + ret = GNUTLS_E_CERTIFICATE_ERROR; + goto cleanup; +-- +2.26.2 + diff --git a/SOURCES/gnutls-3.6.14.tar.xz.sig b/SOURCES/gnutls-3.6.14.tar.xz.sig new file mode 100644 index 0000000000000000000000000000000000000000..3e8c89036896c82d37f3ffa1d51a79613d214b6d GIT binary patch literal 580 zcmV-K0=xZ*0zm`-0SEvq79j*iA|=DLZ#0LW$VqJ01%!^*=9qB>0$$go&J7%OWo~ak zXKr;aZ*pe<3JDO_1%!^*=9qB|CJ+B*p!()ZLu=}O_D5D^MH;B6YSJ)F%VI8zl)lEB zWR0(zFHx}~w-dg!?`hI_eAB=APqEmTs7~H>v`$>$EWTn5FhZVp;#hL9@G)%BnYaG6 zks_jclh6>(+0Z{Le6!EZZZ9~@HezQQh&YU?fXBH+txeQ6NDu-*&G7vVj)?89mDX>= zUVS^vs;MCX4~H@CXlnh5dJ`QUf=l0b>^+HAC1lD*XwxWMsqEawl<;UClai7hY1pkt zxv<7BB6^F447ePM6l3H}5>E7PgU*;zT|a$S=J9`GV-1^S(*M+X0fgDiv#L0VS|%5` zPylkjvGgj|!sF>KIiN2l6QmnH`j4gf^O}x35*p1coV_&wXg`WiSt;1kO1Jv6QAw-_ zMjc8jK8^b}nm7w~i#5h~NFU|64AL@trf!(*jtVi2^!EaLm#uM*Yj#;mlK5s7L!y%` z&N9U$h6fOF9t>?F^=8ms_1x6!`&&>NTD}*9zb@Uwd)osy|MnvF!A+e?2pIV?L{r`Q zgqf37JmSW(SlR+Ri~rBx3|fN&@8zB9y0ADK5~1;(R({CAE=$*%7Y*EU_`N}96HAO; zh|(9H5P$(x=F1Z%P7lDV{oaPc32gNI`6S`|9gV$CD*)C2gwrUAa@upIzavlGyKj7E S@sq6z&iwH&F6U3VtKh*E>>GRl literal 0 HcmV?d00001 diff --git a/SOURCES/gnutls-3.6.4-no-now-guile.patch b/SOURCES/gnutls-3.6.4-no-now-guile.patch new file mode 100644 index 0000000..1da536b --- /dev/null +++ b/SOURCES/gnutls-3.6.4-no-now-guile.patch @@ -0,0 +1,13 @@ +diff --git a/guile/src/Makefile.in b/guile/src/Makefile.in +index 95e1e9c..1dfc88e 100644 +--- a/guile/src/Makefile.in ++++ b/guile/src/Makefile.in +@@ -1483,7 +1483,7 @@ guileextension_LTLIBRARIES = guile-gnutls-v-2.la + # Use '-module' to build a "dlopenable module", in Libtool terms. + # Use '-undefined' to placate Libtool on Windows; see + # . +-guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined ++guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined -Wl,-z,lazy + + # Linking against GnuTLS. + GNUTLS_CORE_LIBS = $(top_builddir)/lib/libgnutls.la diff --git a/SPECS/gnutls.spec b/SPECS/gnutls.spec new file mode 100644 index 0000000..357a95b --- /dev/null +++ b/SPECS/gnutls.spec @@ -0,0 +1,1029 @@ +Version: 3.6.14 +Release: 5%{?dist} +Patch1: gnutls-3.2.7-rpath.patch +Patch2: gnutls-3.6.4-no-now-guile.patch +Patch3: gnutls-3.6.13-enable-intel-cet.patch +Patch4: gnutls-3.6.14-autogen-int.patch +Patch5: gnutls-3.6.14-fips-mode-check.patch +Patch6: gnutls-3.6.14-fips-dh-primes.patch +Patch7: gnutls-3.6.14-memcmp.patch +Patch8: gnutls-3.6.14-fips-dh-check.patch +%bcond_without dane +%if 0%{?rhel} +%bcond_with guile +%bcond_without fips +%else +%bcond_without guile +%bcond_without fips +%endif + +Summary: A TLS protocol implementation +Name: gnutls +# The libraries are LGPLv2.1+, utilities are GPLv3+ +License: GPLv3+ and LGPLv2+ +Group: System Environment/Libraries +BuildRequires: p11-kit-devel >= 0.21.3, gettext-devel +BuildRequires: zlib-devel, readline-devel, libtasn1-devel >= 4.3 +BuildRequires: libtool, automake, autoconf, texinfo +BuildRequires: autogen-libopts-devel >= 5.18 autogen +BuildRequires: nettle-devel >= 3.4.1 +BuildRequires: trousers-devel >= 0.3.11.2 +BuildRequires: libidn2-devel +BuildRequires: libunistring-devel +BuildRequires: gperf, net-tools, datefudge, softhsm, gcc, gcc-c++ +BuildRequires: gnupg2 +%if %{with fips} +BuildRequires: fipscheck +%endif + +# for a sanity check on cert loading +BuildRequires: p11-kit-trust, ca-certificates +Requires: crypto-policies +Requires: p11-kit-trust +Requires: libtasn1 >= 4.3 +Requires: nettle >= 3.4.1 +Recommends: trousers >= 0.3.11.2 + +%if %{with dane} +BuildRequires: unbound-devel unbound-libs +%endif +%if %{with guile} +BuildRequires: guile-devel +%endif +URL: http://www.gnutls.org/ +Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz +Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz.sig +Source2: gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg + +# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174 +Provides: bundled(gnulib) = 20130424 + +%package c++ +Summary: The C++ interface to GnuTLS +Requires: %{name}%{?_isa} = %{version}-%{release} + +%package devel +Summary: Development files for the %{name} package +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}-c++%{?_isa} = %{version}-%{release} +%if %{with dane} +Requires: %{name}-dane%{?_isa} = %{version}-%{release} +%endif +Requires: pkgconfig +Requires(post): /sbin/install-info +Requires(preun): /sbin/install-info + +%package utils +License: GPLv3+ +Summary: Command line tools for TLS protocol +Group: Applications/System +Requires: %{name}%{?_isa} = %{version}-%{release} +%if %{with dane} +Requires: %{name}-dane%{?_isa} = %{version}-%{release} +%endif + +%if %{with dane} +%package dane +Summary: A DANE protocol implementation for GnuTLS +Requires: %{name}%{?_isa} = %{version}-%{release} +%endif + +%if %{with guile} +%package guile +Summary: Guile bindings for the GNUTLS library +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: guile +%endif + +%description +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. + +%description c++ +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. + +%description devel +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. +This package contains files needed for developing applications with +the GnuTLS library. + +%description utils +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. +This package contains command line TLS client and server and certificate +manipulation tools. + +%if %{with dane} +%description dane +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. +This package contains library that implements the DANE protocol for verifying +TLS certificates through DNSSEC. +%endif + +%if %{with guile} +%description guile +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. +This package contains Guile bindings for the library. +%endif + +%prep +gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} + +%autosetup -p1 + +sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure +rm -f lib/minitasn1/*.c lib/minitasn1/*.h +rm -f src/libopts/*.c src/libopts/*.h src/libopts/compat/*.c src/libopts/compat/*.h + +echo "SYSTEM=NORMAL" >> tests/system.prio + +# Note that we explicitly enable SHA1, as SHA1 deprecation is handled +# via the crypto policies + +%build +CCASFLAGS="$CCASFLAGS -Wa,--generate-missing-build-notes=yes" +export CCASFLAGS +%configure --with-libtasn1-prefix=%{_prefix} \ +%if %{with fips} + --enable-fips140-mode \ +%endif + --enable-tls13-support \ + --enable-sha1-support \ + --disable-static \ + --disable-openssl-compatibility \ + --disable-non-suiteb-curves \ + --with-system-priority-file=%{_sysconfdir}/crypto-policies/back-ends/gnutls.config \ + --with-default-trust-store-pkcs11="pkcs11:" \ + --with-trousers-lib=%{_libdir}/libtspi.so.1 \ + --htmldir=%{_docdir}/manual \ +%if %{with guile} + --enable-guile \ +%else + --disable-guile \ +%endif +%if %{with dane} + --with-unbound-root-key-file=/var/lib/unbound/root.key \ + --enable-dane \ +%else + --disable-dane \ +%endif + --disable-rpath \ + --with-default-priority-string="@SYSTEM" + +make %{?_smp_mflags} V=1 + +%if %{with fips} +%define __spec_install_post \ + %{?__debug_package:%{__debug_install_post}} \ + %{__arch_install_post} \ + %{__os_install_post} \ + fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.* \ + file=`basename $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.hmac` && mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.libgnutls.so.30.hmac \ +%{nil} +%endif + +%install +make install DESTDIR=$RPM_BUILD_ROOT +make -C doc install-html DESTDIR=$RPM_BUILD_ROOT +rm -f $RPM_BUILD_ROOT%{_infodir}/dir +rm -f $RPM_BUILD_ROOT%{_libdir}/*.la +rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.0/guile-gnutls*.a +rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.0/guile-gnutls*.la +rm -f $RPM_BUILD_ROOT%{_libdir}/gnutls/libpkcs11mock1.* +%if %{without dane} +rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc +%endif + +%find_lang gnutls + +%check +make check %{?_smp_mflags} + +%post devel +if [ -f %{_infodir}/gnutls.info.gz ]; then + /sbin/install-info %{_infodir}/gnutls.info.gz %{_infodir}/dir || : +fi + +%preun devel +if [ $1 = 0 -a -f %{_infodir}/gnutls.info.gz ]; then + /sbin/install-info --delete %{_infodir}/gnutls.info.gz %{_infodir}/dir || : +fi + +%files -f gnutls.lang +%defattr(-,root,root,-) +%{_libdir}/libgnutls.so.30* +%if %{with fips} +%{_libdir}/.libgnutls.so.30*.hmac +%endif +%doc README.md AUTHORS NEWS THANKS +%license LICENSE doc/COPYING doc/COPYING.LESSER + +%files c++ +%{_libdir}/libgnutlsxx.so.* + +%files devel +%defattr(-,root,root,-) +%{_includedir}/* +%{_libdir}/libgnutls*.so +%if %{with fips} +%{_libdir}/.libgnutls.so.*.hmac +%endif + +%{_libdir}/pkgconfig/*.pc +%{_mandir}/man3/* +%{_infodir}/gnutls* +%{_infodir}/pkcs11-vision* +%{_docdir}/manual/* + +%files utils +%defattr(-,root,root,-) +%{_bindir}/certtool +%{_bindir}/tpmtool +%{_bindir}/ocsptool +%{_bindir}/psktool +%{_bindir}/p11tool +%{_bindir}/srptool +%if %{with dane} +%{_bindir}/danetool +%endif +%{_bindir}/gnutls* +%{_mandir}/man1/* +%doc doc/certtool.cfg + +%if %{with dane} +%files dane +%defattr(-,root,root,-) +%{_libdir}/libgnutls-dane.so.* +%endif + +%if %{with guile} +%files guile +%defattr(-,root,root,-) +%{_libdir}/guile/2.0/guile-gnutls*.so* +%{_libdir}/guile/2.0/site-ccache/gnutls.go +%{_libdir}/guile/2.0/site-ccache/gnutls/extra.go +%{_datadir}/guile/site/2.0/gnutls.scm +%{_datadir}/guile/site/2.0/gnutls/extra.scm +%endif + +%changelog +* Sat Jul 18 2020 Daiki Ueno - 3.6.14-5 +- Perform validation checks on (EC)DH public keys and share secrets (#1855803) + +* Mon Jun 29 2020 Daiki Ueno - 3.6.14-4 +- Tighten FIPS DH primes check according to SP800-56A (rev 3) (#1849079) + +* Fri Jun 5 2020 Daiki Ueno - 3.6.14-3 +- Update gnutls-3.6.14-fips-mode-check.patch + +* Thu Jun 4 2020 Daiki Ueno - 3.6.14-2 +- Return false from gnutls_fips140_mode_enabled() if selftests failed (#1827687) + +* Thu Jun 4 2020 Daiki Ueno - 3.6.14-1 +- Update to upstream 3.6.14 release + +* Mon May 25 2020 Anderson Sasaki - 3.6.13-3 +- Add an option to gnutls-cli to wait for resumption under TLS 1.3 (#1677754) + +* Wed May 20 2020 Anderson Sasaki - 3.6.13-2 +- Enable Intel CET (#1838476) + +* Tue May 5 2020 Daiki Ueno - 3.6.13-1 +- Update to upstream 3.6.13 release + +* Tue Apr 21 2020 Daiki Ueno - 3.6.8-10 +- Fix CVE-2020-11501 (#1822005) + +* Wed Nov 6 2019 Daiki Ueno - 3.6.8-9 +- Fix CFB8 decryption when repeatedly called (#1757848) +- Fix gnutls_aead_cipher_{en,de}cryptv2 with input not multiple of block size (#1757856) + +* Fri Aug 16 2019 Daiki Ueno - 3.6.8-8 +- Use fallback random function for RSA blinding in FIPS selftests + +* Fri Aug 16 2019 Daiki Ueno - 3.6.8-7 +- Fix deterministic signature creation in selftests + +* Fri Aug 16 2019 Daiki Ueno - 3.6.8-6 +- Treat login error more gracefully when enumerating PKCS#11 tokens (#1705478) +- Use deterministic ECDSA/DSA in FIPS selftests (#1716560) +- Add gnutls_aead_cipher_{encrypt,decrypt}v2 functions (#1684461) + +* Fri Aug 9 2019 Daiki Ueno - 3.6.8-5 +- Avoid UB when encrypting session tickets + +* Tue Jul 2 2019 Daiki Ueno - 3.6.8-4 +- Add RNG continuous test under FIPS + +* Fri Jun 14 2019 Daiki Ueno - 3.6.8-3 +- Follow-up fix on multiple key updates handling (#1673975) + +* Thu Jun 13 2019 Daiki Ueno - 3.6.8-2 +- Run FIPS AES self-tests over overridden algorithms + +* Wed May 29 2019 Daiki Ueno - 3.6.8-1 +- Update to upstream 3.6.8 release + +* Fri May 24 2019 Anderson Sasaki - 3.6.5-4 +- Fixed FIPS signatures self tests (#1680509) + +* Wed Mar 27 2019 Anderson Sasaki - 3.6.5-3 +- Fixed CVE-2019-3829 (#1693285) +- Fixed CVE-2019-3836 (#1693288) +- Added explicit BuildRequires for nettle-devel >= 3.4.1 + +* Fri Jan 11 2019 Anderson Sasaki - 3.6.5-2 +- Fixed FIPS integrity self tests (#1665061) + +* Mon Dec 17 2018 Anderson Sasaki - 3.6.5-1 +- Update to upstream 3.6.5 release +- Fixes CVE-2018-16868 (#1655395) +- Removed ldconfig scriptlet +- Added explicit Requires for nettle >= 3.4.1 + +* Mon Nov 26 2018 Anderson Sasaki - 3.6.4-7 +- Fix incorrect certificate type returned in TLS1.3 resumption (#1649786) + +* Mon Nov 12 2018 Anderson Sasaki - 3.6.4-6 +- Add support for record_size_limit extension in TLS1.2 (#1644850) + +* Tue Oct 30 2018 Nikos Mavrogiannopoulos - 3.6.4-5 +- Fix issue with GOST ciphers (#1644193) +- Made gnutls-serv use the default priorities if none is specified (#1644243) + +* Wed Oct 24 2018 Nikos Mavrogiannopoulos - 3.6.4-3 +- Fix issue with rehandshake affecting glib-networking (#1641072) + +* Tue Oct 16 2018 Tomáš Mráz - 3.6.4-2 +- Add missing annobin notes for assembler sources + +* Tue Sep 25 2018 Nikos Mavrogiannopoulos - 3.6.4-1 +- Updated to upstream 3.6.4 release +- Added support for the latest version of the TLS1.3 protocol + +* Thu Aug 16 2018 Nikos Mavrogiannopoulos - 3.6.3-4 +- Fixed support for ECDSA public keys (backported from Fedora) +- Ensure that we do not cause issues with version rollback detection + and TLS1.3. + +* Thu Jul 26 2018 Nikos Mavrogiannopoulos - 3.6.3-4 +- Updated to upstream 3.6.3 release + +* Wed Jun 06 2018 Nikos Mavrogiannopoulos - 3.6.2-3 +- Include FIPS mode +- Add missing BuildRequires: gnupg2 for gpgv2 in %%prep + +* Fri Feb 16 2018 Nikos Mavrogiannopoulos - 3.6.2-1 +- Updated to upstream 3.6.2 release + +* Wed Feb 07 2018 Fedora Release Engineering - 3.6.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Feb 2 2018 Nikos Mavrogiannopoulos - 3.6.1-4 +- Rebuilt to address incompatibility with new nettle + +* Thu Nov 30 2017 Nikos Mavrogiannopoulos - 3.6.1-3 +- Corrected regression from 3.6.1-2 which prevented the loading of + arbitrary p11-kit modules (#1507402) + +* Mon Nov 6 2017 Nikos Mavrogiannopoulos - 3.6.1-2 +- Prevent the loading of all PKCS#11 modules on certificate verification + but only restrict to p11-kit trust module (#1507402) + +* Sat Oct 21 2017 Nikos Mavrogiannopoulos - 3.6.1-1 +- Update to upstream 3.6.1 release + +* Mon Aug 21 2017 Nikos Mavrogiannopoulos - 3.6.0-1 +- Update to upstream 3.6.0 release + +* Wed Aug 02 2017 Fedora Release Engineering - 3.5.14-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 3.5.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jul 04 2017 Nikos Mavrogiannopoulos - 3.5.14-1 +- Update to upstream 3.5.14 release + +* Wed Jun 07 2017 Nikos Mavrogiannopoulos - 3.5.13-1 +- Update to upstream 3.5.13 release + +* Thu May 11 2017 Nikos Mavrogiannopoulos - 3.5.12-2 +- Fix issue with p11-kit-trust arch dependency + +* Thu May 11 2017 Nikos Mavrogiannopoulos - 3.5.12-1 +- Update to upstream 3.5.12 release + +* Fri Apr 07 2017 Nikos Mavrogiannopoulos - 3.5.11-1 +- Update to upstream 3.5.11 release + +* Mon Mar 06 2017 Nikos Mavrogiannopoulos - 3.5.10-1 +- Update to upstream 3.5.10 release + +* Wed Feb 15 2017 Nikos Mavrogiannopoulos - 3.5.9-2 +- Work around missing pkg-config file (#1422256) + +* Tue Feb 14 2017 Nikos Mavrogiannopoulos - 3.5.9-1 +- Update to upstream 3.5.9 release + +* Fri Feb 10 2017 Fedora Release Engineering - 3.5.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sat Feb 4 2017 Nikos Mavrogiannopoulos 3.5.8-2 +- Added patch fix initialization issue in gnutls_pkcs11_obj_list_import_url4 + +* Mon Jan 9 2017 Nikos Mavrogiannopoulos 3.5.8-1 +- New upstream release + +* Tue Dec 13 2016 Nikos Mavrogiannopoulos 3.5.7-3 +- Fix PKCS#8 file loading (#1404084) + +* Thu Dec 8 2016 Nikos Mavrogiannopoulos 3.5.7-1 +- New upstream release + +* Fri Nov 4 2016 Nikos Mavrogiannopoulos 3.5.6-1 +- New upstream release + +* Tue Oct 11 2016 walters@redhat.com - 3.5.5-2 +- Apply patch to fix compatibility with ostree (#1383708) + +* Mon Oct 10 2016 Nikos Mavrogiannopoulos 3.5.5-1 +- New upstream release + +* Thu Sep 8 2016 Nikos Mavrogiannopoulos 3.5.4-1 +- New upstream release + +* Mon Aug 29 2016 Nikos Mavrogiannopoulos 3.5.3-2 +- Work around #1371082 for x86 +- Fixed issue with DTLS sliding window implementation (#1370881) + +* Tue Aug 9 2016 Nikos Mavrogiannopoulos 3.5.3-1 +- New upstream release + +* Wed Jul 6 2016 Nikos Mavrogiannopoulos 3.5.2-1 +- New upstream release + +* Wed Jun 15 2016 Nikos Mavrogiannopoulos 3.5.1-1 +- New upstream release + +* Tue Jun 7 2016 Nikos Mavrogiannopoulos 3.4.13-1 +- New upstream release (#1343258) +- Addresses issue with setuid programs introduced in 3.4.12 (#1343342) + +* Fri May 20 2016 Nikos Mavrogiannopoulos 3.4.12-1 +- New upstream release + +* Mon Apr 11 2016 Nikos Mavrogiannopoulos 3.4.11-1 +- New upstream release + +* Fri Mar 4 2016 Nikos Mavrogiannopoulos 3.4.10-1 +- New upstream release (#1314576) + +* Wed Feb 3 2016 Nikos Mavrogiannopoulos 3.4.9-1 +- Fix broken key usage flags introduced in 3.4.8 (#1303355) + +* Mon Jan 11 2016 Nikos Mavrogiannopoulos 3.4.8-1 +- New upstream release (#1297079) + +* Mon Nov 23 2015 Nikos Mavrogiannopoulos 3.4.7-1 +- New upstream release (#1284300) +- Documentation updates (#1282864) +- Adds interface to set unique IDs in certificates (#1281343) +- Allow arbitrary key sizes with ARCFOUR (#1284401) + +* Wed Oct 21 2015 Nikos Mavrogiannopoulos 3.4.6-1 +- New upstream release (#1273672) +- Enhances p11tool to write CKA_ISSUER and CKA_SERIAL_NUMBER (#1272178) + +* Tue Oct 20 2015 Adam Williamson - 3.4.5-2 +- fix interaction with Chrome 45+ (master secret extension) (#1273102) + +* Mon Sep 14 2015 Nikos Mavrogiannopoulos 3.4.5-1 +- New upstream release (#1252192) +- Eliminates hard limits on CRL parsing of certtool. + +* Mon Aug 10 2015 Nikos Mavrogiannopoulos 3.4.4-1 +- new upstream release +- no longer requires trousers patch +- fixes issue in gnutls_x509_privkey_import (#1250020) + +* Mon Jul 13 2015 Nikos Mavrogiannopoulos 3.4.3-2 +- Don't link against trousers but rather dlopen() it when available. + That avoids a dependency on openssl by the main library. + +* Mon Jul 13 2015 Nikos Mavrogiannopoulos 3.4.3-1 +- new upstream release + +* Thu Jul 02 2015 Adam Jackson 3.4.2-3 +- Only disable -z now for the guile modules + +* Thu Jun 18 2015 Nikos Mavrogiannopoulos 3.4.2-2 +- rename the symbol version for internal symbols to avoid clashes + with 3.3.x. + +* Wed Jun 17 2015 Nikos Mavrogiannopoulos 3.4.2-1 +- new upstream release + +* Tue May 5 2015 Nikos Mavrogiannopoulos 3.4.1-2 +- Provide missing GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA definition + +* Mon May 4 2015 Nikos Mavrogiannopoulos 3.4.1-1 +- new upstream release + +* Sat May 02 2015 Kalev Lember - 3.3.14-2 +- Rebuilt for GCC 5 C++11 ABI change + +* Mon Mar 30 2015 Nikos Mavrogiannopoulos 3.3.14-1 +- new upstream release +- improved BER decoding of PKCS #12 structures (#1131461) + +* Fri Mar 6 2015 Nikos Mavrogiannopoulos 3.3.13-3 +- Build with hardened flags +- Removed -Wl,--no-add-needed linker flag + +* Fri Feb 27 2015 Till Maas - 3.3.13-2 +- Do not build with hardened flags + +* Thu Feb 26 2015 Nikos Mavrogiannopoulos 3.3.13-1 +- new upstream release + +* Sat Feb 21 2015 Till Maas - 3.3.12-3 +- Make build verbose +- Use %%license + +* Sat Feb 21 2015 Till Maas - 3.3.12-2 +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Mon Jan 19 2015 Nikos Mavrogiannopoulos 3.3.12-1 +- new upstream release + +* Mon Jan 5 2015 Nikos Mavrogiannopoulos 3.3.11-2 +- enabled guile bindings (#1177847) + +* Thu Dec 11 2014 Nikos Mavrogiannopoulos 3.3.11-1 +- new upstream release + +* Mon Nov 10 2014 Nikos Mavrogiannopoulos 3.3.10-1 +- new upstream release + +* Thu Oct 23 2014 Nikos Mavrogiannopoulos 3.3.9-2 +- applied fix for issue in get-issuer (#1155901) + +* Mon Oct 13 2014 Nikos Mavrogiannopoulos 3.3.9-1 +- new upstream release + +* Fri Sep 19 2014 Nikos Mavrogiannopoulos 3.3.8-2 +- strip rpath from library + +* Thu Sep 18 2014 Nikos Mavrogiannopoulos 3.3.8-1 +- new upstream release + +* Mon Aug 25 2014 Nikos Mavrogiannopoulos 3.3.7-1 +- new upstream release + +* Sat Aug 16 2014 Fedora Release Engineering - 3.3.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Jul 23 2014 Nikos Mavrogiannopoulos 3.3.6-1 +- new upstream release + +* Tue Jul 01 2014 Nikos Mavrogiannopoulos 3.3.5-2 +- Added work-around for s390 builds with gcc 4.9 (#1102324) + +* Mon Jun 30 2014 Nikos Mavrogiannopoulos 3.3.5-1 +- new upstream release + +* Tue Jun 17 2014 Nikos Mavrogiannopoulos 3.3.4-3 +- explicitly depend on p11-kit-trust + +* Sat Jun 07 2014 Fedora Release Engineering - 3.3.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon Jun 02 2014 Nikos Mavrogiannopoulos 3.3.4-1 +- new upstream release + +* Fri May 30 2014 Nikos Mavrogiannopoulos 3.3.3-1 +- new upstream release + +* Wed May 21 2014 Nikos Mavrogiannopoulos 3.3.2-2 +- Require crypto-policies + +* Fri May 09 2014 Nikos Mavrogiannopoulos 3.3.2-1 +- new upstream release + +* Mon May 05 2014 Nikos Mavrogiannopoulos 3.3.1-4 +- Replaced /etc/crypto-profiles/apps with /etc/crypto-policies/back-ends. +- Added support for "very weak" profile. + +* Mon Apr 28 2014 Nikos Mavrogiannopoulos 3.3.1-2 +- gnutls_global_deinit() will not do anything if the previous + initialization has failed (#1091053) + +* Mon Apr 28 2014 Nikos Mavrogiannopoulos 3.3.1-1 +- new upstream release + +* Mon Apr 14 2014 Nikos Mavrogiannopoulos 3.3.0-1 +- new upstream release + +* Tue Apr 08 2014 Nikos Mavrogiannopoulos 3.2.13-1 +- new upstream release + +* Wed Mar 05 2014 Nikos Mavrogiannopoulos 3.2.12.1-1 +- new upstream release + +* Mon Mar 03 2014 Nikos Mavrogiannopoulos 3.2.12-1 +- new upstream release + +* Mon Feb 03 2014 Nikos Mavrogiannopoulos 3.2.10-2 +- use p11-kit trust store for certificate verification + +* Mon Feb 03 2014 Nikos Mavrogiannopoulos 3.2.10-1 +- new upstream release + +* Tue Jan 14 2014 Tomáš Mráz 3.2.8-2 +- build the crywrap tool + +* Mon Dec 23 2013 Nikos Mavrogiannopoulos 3.2.8-1 +- new upstream release + +* Wed Dec 4 2013 Nikos Mavrogiannopoulos 3.2.7-2 +- Use the correct root key for unbound /var/lib/unbound/root.key (#1012494) +- Pull asm fixes from upstream (#973210) + +* Mon Nov 25 2013 Nikos Mavrogiannopoulos 3.2.7-1 +- new upstream release +- added dependency to autogen-libopts-devel to use the system's + libopts library +- added dependency to trousers-devel to enable TPM support + +* Mon Nov 4 2013 Tomáš Mráz 3.1.16-1 +- new upstream release +- fixes CVE-2013-4466 off-by-one in dane_query_tlsa() + +* Fri Oct 25 2013 Tomáš Mráz 3.1.15-1 +- new upstream release +- fixes CVE-2013-4466 buffer overflow in handling DANE entries + +* Wed Oct 16 2013 Tomáš Mráz 3.1.13-3 +- enable ECC NIST Suite B curves + +* Sat Aug 03 2013 Fedora Release Engineering - 3.1.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Jul 15 2013 Tomáš Mráz 3.1.13-1 +- new upstream release + +* Mon May 13 2013 Tomáš Mráz 3.1.11-1 +- new upstream release + +* Mon Mar 25 2013 Tomas Mraz 3.1.10-1 +- new upstream release +- license of the library is back to LGPLv2.1+ + +* Fri Mar 15 2013 Tomas Mraz 3.1.9-1 +- new upstream release + +* Thu Mar 7 2013 Tomas Mraz 3.1.8-3 +- drop the temporary old library + +* Tue Feb 26 2013 Tomas Mraz 3.1.8-2 +- don't send ECC algos as supported (#913797) + +* Thu Feb 21 2013 Tomas Mraz 3.1.8-1 +- new upstream version + +* Wed Feb 6 2013 Tomas Mraz 3.1.7-1 +- new upstream version, requires rebuild of dependencies +- this release temporarily includes old compatibility .so + +* Tue Feb 5 2013 Tomas Mraz 2.12.22-2 +- rebuilt with new libtasn1 +- make guile bindings optional - breaks i686 build and there is + no dependent package + +* Tue Jan 8 2013 Tomas Mraz 2.12.22-1 +- new upstream version + +* Wed Nov 28 2012 Tomas Mraz 2.12.21-2 +- use RSA bit sizes supported by libgcrypt in FIPS mode for security + levels (#879643) + +* Fri Nov 9 2012 Tomas Mraz 2.12.21-1 +- new upstream version + +* Thu Nov 1 2012 Tomas Mraz 2.12.20-4 +- negotiate only FIPS approved algorithms in the FIPS mode (#871826) + +* Wed Aug 8 2012 Tomas Mraz 2.12.20-3 +- fix the gnutls-cli-debug manpage - patch by Peter Schiffer + +* Thu Jul 19 2012 Fedora Release Engineering - 2.12.20-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 18 2012 Tomas Mraz 2.12.20-1 +- new upstream version + +* Fri May 18 2012 Tomas Mraz 2.12.19-1 +- new upstream version + +* Thu Mar 29 2012 Tomas Mraz 2.12.18-1 +- new upstream version + +* Thu Mar 8 2012 Tomas Mraz 2.12.17-1 +- new upstream version +- fix leaks in key generation (#796302) + +* Fri Feb 03 2012 Kevin Fenzi - 2.12.14-3 +- Disable largefile on arm arch. (#787287) + +* Fri Jan 13 2012 Fedora Release Engineering - 2.12.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Nov 8 2011 Tomas Mraz 2.12.14-1 +- new upstream version + +* Mon Oct 24 2011 Tomas Mraz 2.12.12-1 +- new upstream version + +* Thu Sep 29 2011 Tomas Mraz 2.12.11-1 +- new upstream version + +* Fri Aug 26 2011 Tomas Mraz 2.12.9-1 +- new upstream version + +* Tue Aug 16 2011 Tomas Mraz 2.12.8-1 +- new upstream version + +* Mon Jul 25 2011 Tomas Mraz 2.12.7-2 +- fix problem when using new libgcrypt +- split libgnutlsxx to a subpackage (#455146) +- drop libgnutls-openssl (#460310) + +* Tue Jun 21 2011 Tomas Mraz 2.12.7-1 +- new upstream version + +* Mon May 9 2011 Tomas Mraz 2.12.4-1 +- new upstream version + +* Tue Apr 26 2011 Tomas Mraz 2.12.3-1 +- new upstream version + +* Mon Apr 18 2011 Tomas Mraz 2.12.2-1 +- new upstream version + +* Thu Mar 3 2011 Tomas Mraz 2.10.5-1 +- new upstream version + +* Tue Feb 08 2011 Fedora Release Engineering - 2.10.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Dec 8 2010 Tomas Mraz 2.10.4-1 +- new upstream version + +* Thu Dec 2 2010 Tomas Mraz 2.10.3-2 +- fix buffer overflow in gnutls-serv (#659259) + +* Fri Nov 19 2010 Tomas Mraz 2.10.3-1 +- new upstream version + +* Thu Sep 30 2010 Tomas Mraz 2.10.2-1 +- new upstream version + +* Wed Sep 29 2010 jkeating - 2.10.1-4 +- Rebuilt for gcc bug 634757 + +* Thu Sep 23 2010 Tomas Mraz 2.10.1-3 +- more patching for internal errors regression (#629858) + patch by Vivek Dasmohapatra + +* Tue Sep 21 2010 Tomas Mraz 2.10.1-2 +- backported patch from upstream git hopefully fixing internal errors + (#629858) + +* Wed Aug 4 2010 Tomas Mraz 2.10.1-1 +- new upstream version + +* Wed Jun 2 2010 Tomas Mraz 2.8.6-2 +- add support for safe renegotiation CVE-2009-3555 (#533125) + +* Wed May 12 2010 Tomas Mraz 2.8.6-1 +- upgrade to a new upstream version + +* Mon Feb 15 2010 Rex Dieter 2.8.5-4 +- FTBFS gnutls-2.8.5-3.fc13: ImplicitDSOLinking (#564624) + +* Thu Jan 28 2010 Tomas Mraz 2.8.5-3 +- drop superfluous rpath from binaries +- do not call autoreconf during build +- specify the license on utils subpackage + +* Mon Jan 18 2010 Tomas Mraz 2.8.5-2 +- do not create static libraries (#556052) + +* Mon Nov 2 2009 Tomas Mraz 2.8.5-1 +- upgrade to a new upstream version + +* Wed Sep 23 2009 Tomas Mraz 2.8.4-1 +- upgrade to a new upstream version + +* Fri Aug 14 2009 Tomas Mraz 2.8.3-1 +- upgrade to a new upstream version + +* Fri Jul 24 2009 Fedora Release Engineering - 2.8.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jun 10 2009 Tomas Mraz 2.8.1-1 +- upgrade to a new upstream version + +* Wed Jun 3 2009 Tomas Mraz 2.8.0-1 +- upgrade to a new upstream version + +* Mon May 4 2009 Tomas Mraz 2.6.6-1 +- upgrade to a new upstream version - security fixes + +* Tue Apr 14 2009 Tomas Mraz 2.6.5-1 +- upgrade to a new upstream version, minor bugfixes only + +* Fri Mar 6 2009 Tomas Mraz 2.6.4-1 +- upgrade to a new upstream version + +* Tue Feb 24 2009 Fedora Release Engineering - 2.6.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Dec 15 2008 Tomas Mraz 2.6.3-1 +- upgrade to a new upstream version + +* Thu Dec 4 2008 Tomas Mraz 2.6.2-1 +- upgrade to a new upstream version + +* Tue Nov 11 2008 Tomas Mraz 2.4.2-3 +- fix chain verification issue CVE-2008-4989 (#470079) + +* Thu Sep 25 2008 Tomas Mraz 2.4.2-2 +- add guile subpackage (#463735) +- force new libtool through autoreconf to drop unnecessary rpaths + +* Tue Sep 23 2008 Tomas Mraz 2.4.2-1 +- new upstream version + +* Tue Jul 1 2008 Tomas Mraz 2.4.1-1 +- new upstream version +- correct the license tag +- explicit --with-included-opencdk not needed +- use external lzo library, internal not included anymore + +* Tue Jun 24 2008 Tomas Mraz 2.4.0-1 +- upgrade to latest upstream + +* Tue May 20 2008 Tomas Mraz 2.0.4-3 +- fix three security issues in gnutls handshake - GNUTLS-SA-2008-1 + (#447461, #447462, #447463) + +* Mon Feb 4 2008 Joe Orton 2.0.4-2 +- use system libtasn1 + +* Tue Dec 4 2007 Tomas Mraz 2.0.4-1 +- upgrade to latest upstream + +* Tue Aug 21 2007 Tomas Mraz 1.6.3-2 +- license tag fix + +* Wed Jun 6 2007 Tomas Mraz 1.6.3-1 +- upgrade to latest upstream (#232445) + +* Tue Apr 10 2007 Tomas Mraz 1.4.5-2 +- properly require install-info (patch by Ville Skyttä) +- standard buildroot and use dist tag +- add COPYING and README to doc + +* Wed Feb 7 2007 Tomas Mraz 1.4.5-1 +- new upstream version +- drop libtermcap-devel from buildrequires + +* Thu Sep 14 2006 Tomas Mraz 1.4.1-2 +- detect forged signatures - CVE-2006-4790 (#206411), patch + from upstream + +* Tue Jul 18 2006 Tomas Mraz - 1.4.1-1 +- upgrade to new upstream version, only minor changes + +* Wed Jul 12 2006 Jesse Keating - 1.4.0-1.1 +- rebuild + +* Wed Jun 14 2006 Tomas Mraz - 1.4.0-1 +- upgrade to new upstream version (#192070), rebuild + of dependent packages required + +* Tue May 16 2006 Tomas Mraz - 1.2.10-2 +- added missing buildrequires + +* Mon Feb 13 2006 Tomas Mraz - 1.2.10-1 +- updated to new version (fixes CVE-2006-0645) + +* Fri Feb 10 2006 Jesse Keating - 1.2.9-3.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 1.2.9-3.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Tue Jan 3 2006 Jesse Keating 1.2.9-3 +- rebuilt + +* Fri Dec 9 2005 Tomas Mraz 1.2.9-2 +- replaced *-config scripts with calls to pkg-config to + solve multilib conflicts + +* Wed Nov 23 2005 Tomas Mraz 1.2.9-1 +- upgrade to newest upstream +- removed .la files (#172635) + +* Sun Aug 7 2005 Tomas Mraz 1.2.6-1 +- upgrade to newest upstream (rebuild of dependencies necessary) + +* Mon Jul 4 2005 Tomas Mraz 1.0.25-2 +- split the command line tools to utils subpackage + +* Sat Apr 30 2005 Tomas Mraz 1.0.25-1 +- new upstream version fixes potential DOS attack + +* Sat Apr 23 2005 Tomas Mraz 1.0.24-2 +- readd the version script dropped by upstream + +* Fri Apr 22 2005 Tomas Mraz 1.0.24-1 +- update to the latest upstream version on the 1.0 branch + +* Wed Mar 2 2005 Warren Togami 1.0.20-6 +- gcc4 rebuild + +* Tue Jan 4 2005 Ivana Varekova 1.0.20-5 +- add gnutls Requires zlib-devel (#144069) + +* Mon Nov 08 2004 Colin Walters 1.0.20-4 +- Make gnutls-devel Require libgcrypt-devel + +* Tue Sep 21 2004 Jeff Johnson 1.0.20-3 +- rebuild with release++, otherwise unchanged. + +* Tue Sep 7 2004 Jeff Johnson 1.0.20-2 +- patent tainted SRP code removed. + +* Sun Sep 5 2004 Jeff Johnson 1.0.20-1 +- update to 1.0.20. +- add --with-included-opencdk --with-included-libtasn1 +- add --with-included-libcfg --with-included-lzo +- add --disable-srp-authentication. +- do "make check" after build. + +* Fri Mar 21 2003 Jeff Johnson 0.9.2-1 +- upgrade to 0.9.2 + +* Tue Jun 25 2002 Jeff Johnson 0.4.4-1 +- update to 0.4.4. + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Sat May 25 2002 Jeff Johnson 0.4.3-1 +- update to 0.4.3. + +* Tue May 21 2002 Jeff Johnson 0.4.2-1 +- update to 0.4.2. +- change license to LGPL. +- include splint annotations patch. + +* Tue Apr 2 2002 Nalin Dahyabhai 0.4.0-1 +- update to 0.4.0 + +* Thu Jan 17 2002 Nalin Dahyabhai 0.3.2-1 +- update to 0.3.2 + +* Thu Jan 10 2002 Nalin Dahyabhai 0.3.0-1 +- add a URL + +* Thu Dec 20 2001 Nalin Dahyabhai +- initial package