- updated to 1.4.0

2017-09-11 14:10:00 +02:00 · 2017-09-11 14:10:00 +02:00 · 56532cb975
commit 56532cb975
parent 4a9640f7e1
6 changed files with 27 additions and 363 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 openssl-ibmca-1.1.tar.gz
 /openssl-ibmca-1.2.0.tar.gz
 /openssl-ibmca-1.3.1.tar.gz
 /openssl-ibmca-1.4.0.tar.gz
--- a/openssl-ibmca-1.3.0-libica-soname.patch
+++ b/openssl-ibmca-1.3.0-libica-soname.patch
@ -1,21 +0,0 @@
 diff -up openssl-ibmca-1.3.0/src/e_ibmca.c.libica-soname openssl-ibmca-1.3.0/src/e_ibmca.c
 --- openssl-ibmca-1.3.0/src/e_ibmca.c.libica-soname	2015-12-01 03:33:52.000000000 +0000
 +++ openssl-ibmca-1.3.0/src/e_ibmca.c	2017-02-13 20:25:03.122555936 +0000
@@ -127,7 +127,7 @@ typedef struct ibmca_sha512_ctx {
 } IBMCA_SHA512_CTX;
 #endif
 -static const char *LIBICA_NAME = "ica";
 +static const char *LIBICA_NAME = "libica.so.3";
 #if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
 #define NID_aes_128_cfb NID_aes_128_cfb128
@@ -1281,7 +1281,7 @@ static int ibmca_init(ENGINE * e)
 	/* WJH XXX check name translation */
 	ibmca_dso = DSO_load(NULL, LIBICA_NAME, NULL,
 -			     /* DSO_FLAG_NAME_TRANSLATION */ 0);
 +			     /* DSO_FLAG_NO_NAME_TRANSLATION */ 1);
 	if (ibmca_dso == NULL) {
 		IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_DSO_FAILURE);
 		goto err;
--- a/openssl-ibmca-1.3.1-openssl11.patch
+++ b/openssl-ibmca-1.3.1-openssl11.patch
@ -1,327 +0,0 @@
 From 170352452f0a1addb78879dea34a3069314fcda0 Mon Sep 17 00:00:00 2001
 From: Paulo Vital <pvital@linux.vnet.ibm.com>
 Date: Tue, 7 Mar 2017 16:22:41 -0300
 Subject: [PATCH] Add support to DSO on new API of OpenSSL-1.1.0
 DSO is opaque in OpenSSL-1.1.0 and had to modify includes and
 data structure usage to use it.
 On OpenSSL-1.1.0e (or newer), warning messages during compilation
 time can be printed, but they are resolved during link time.
 Signed-off-by: Paulo Vital <pvital@linux.vnet.ibm.com>
 ---
 src/e_ibmca.c | 73 +++++++++++++++++++++++++++++++----------------------------
 1 file changed, 39 insertions(+), 34 deletions(-)
 diff --git a/src/e_ibmca.c b/src/e_ibmca.c
 index a78fb72..57452b1 100644
 --- a/src/e_ibmca.c
 +++ b/src/e_ibmca.c
@@ -66,7 +66,6 @@
 #include <dirent.h>
 #include <openssl/crypto.h>
 #include "cryptlib.h"
 -#include <openssl/dso.h>
 #include <openssl/engine.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
@@ -84,6 +83,12 @@
 #include <ica_api.h>
 #include "e_ibmca_err.h"
 +#ifdef OLDER_OPENSSL
 +#include <openssl/dso.h>
 +#else
 +typedef struct dso_st DSO;
 +#endif
 +
 #define IBMCA_LIB_NAME "ibmca engine"
 #define AP_PATH "/sys/devices/ap"
@@ -1760,7 +1765,7 @@ static int ibmca_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ())
 /*
  * ENGINE calls this to find out how to deal with
 - * a particular NID in the ENGINE. 
 + * a particular NID in the ENGINE.
  */
 static int ibmca_engine_ciphers(ENGINE * e, const EVP_CIPHER ** cipher,
 				const int **nids, int nid)
@@ -1829,7 +1834,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
 		mode = MODE_CBC;
 	} else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) &&
 		   (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) {
 -		IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER, 
 +		IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER,
 				IBMCA_R_CIPHER_MODE_NOT_SUPPORTED);
 		return 0;
 	}
@@ -1866,7 +1871,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
 		}
 		if (rv) {
 -			IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER, 
 +			IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER,
 					IBMCA_R_REQUEST_FAILED);
 			return 0;
 		} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -1914,7 +1919,7 @@ static int ibmca_des_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
 		}
 		if (rv) {
 -			IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER, 
 +			IBMCAerr(IBMCA_F_IBMCA_DES_CIPHER,
 					IBMCA_R_REQUEST_FAILED);
 			return 0;
 		} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -1955,7 +1960,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
 		mode = MODE_CBC;
 	} else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) &&
 		   (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) {
 -		IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER, 
 +		IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER,
 				IBMCA_R_CIPHER_MODE_NOT_SUPPORTED);
 		return 0;
 	}
@@ -1992,7 +1997,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
 		}
 		if (rv) {
 -			IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER, 
 +			IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER,
 					IBMCA_R_REQUEST_FAILED);
 			return 0;
 		} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -2040,7 +2045,7 @@ static int ibmca_tdes_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
 		}
 		if (rv) {
 -			IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER, 
 +			IBMCAerr(IBMCA_F_IBMCA_TDES_CIPHER,
 					IBMCA_R_REQUEST_FAILED);
 			return 0;
 		} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -2082,7 +2087,7 @@ static int ibmca_aes_128_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
 		mode = MODE_CBC;
 	} else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) &&
 		   (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) {
 -		IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER, 
 +		IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER,
 			 IBMCA_R_CIPHER_MODE_NOT_SUPPORTED);
 		return 0;
 	}
@@ -2123,7 +2128,7 @@ static int ibmca_aes_128_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
 		}
 		if (rv) {
 -			IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER, 
 +			IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER,
 				 IBMCA_R_REQUEST_FAILED);
 			return 0;
 		} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -2175,7 +2180,7 @@ static int ibmca_aes_128_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
 		}
 		if (rv) {
 -			IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER, 
 +			IBMCAerr(IBMCA_F_IBMCA_AES_128_CIPHER,
 				 IBMCA_R_REQUEST_FAILED);
 			return 0;
 		} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -2217,7 +2222,7 @@ static int ibmca_aes_192_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
 		mode = MODE_CBC;
 	} else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) &&
 		   (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) {
 -		IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER, 
 +		IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER,
 			 IBMCA_R_CIPHER_MODE_NOT_SUPPORTED);
 		return 0;
 	}
@@ -2257,7 +2262,7 @@ static int ibmca_aes_192_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
 		}
 		if (rv) {
 -			IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER, 
 +			IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER,
 				 IBMCA_R_REQUEST_FAILED);
 			return 0;
 		} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -2306,7 +2311,7 @@ static int ibmca_aes_192_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
 		}
 		if (rv) {
 -			IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER, 
 +			IBMCAerr(IBMCA_F_IBMCA_AES_192_CIPHER,
 				 IBMCA_R_REQUEST_FAILED);
 			return 0;
 		} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -2347,7 +2352,7 @@ static int ibmca_aes_256_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
 		mode = MODE_CBC;
 	} else if ((EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CFB_MODE) &&
 		   (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE)) {
 -		IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER, 
 +		IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER,
 			 IBMCA_R_CIPHER_MODE_NOT_SUPPORTED);
 		return 0;
 	}
@@ -2387,7 +2392,7 @@ static int ibmca_aes_256_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
 		}
 		if (rv) {
 -			IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER, 
 +			IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER,
 				 IBMCA_R_REQUEST_FAILED);
 			return 0;
 		} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -2436,7 +2441,7 @@ static int ibmca_aes_256_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
 		}
 		if (rv) {
 -			IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER, 
 +			IBMCAerr(IBMCA_F_IBMCA_AES_256_CIPHER,
 				 IBMCA_R_REQUEST_FAILED);
 			return 0;
 		} else if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_OFB_MODE) {
@@ -2538,7 +2543,7 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data,
 					&ibmca_sha_ctx->c,
 					tmp_hash)) {
 -				IBMCAerr(IBMCA_F_IBMCA_SHA1_UPDATE, 
 +				IBMCAerr(IBMCA_F_IBMCA_SHA1_UPDATE,
 						IBMCA_R_REQUEST_FAILED);
 				return 0;
 			}
@@ -2577,7 +2582,7 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data,
 						&ibmca_sha_ctx->c,
 						tmp_hash)) {
 -					IBMCAerr(IBMCA_F_IBMCA_SHA1_UPDATE, 
 +					IBMCAerr(IBMCA_F_IBMCA_SHA1_UPDATE,
 							IBMCA_R_REQUEST_FAILED);
 					return 0;
 				}
@@ -2589,8 +2594,8 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data,
 				return 1;
 			}
 -			/* 
 -			 * We had to use some of the data from in_data to 
 +			/*
 +			 * We had to use some of the data from in_data to
 			 * fill out the empty part of save data, so adjust
 			 * in_data_len
 			 */
@@ -2599,7 +2604,7 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data,
 			ibmca_sha_ctx->tail_len = in_data_len & 0x3f;
 			if(ibmca_sha_ctx->tail_len) {
 				in_data_len &= ~0x3f;
 -				memcpy(ibmca_sha_ctx->tail, 
 +				memcpy(ibmca_sha_ctx->tail,
 					in_data + fill_size +in_data_len,
 					ibmca_sha_ctx->tail_len);
 			}
@@ -2618,7 +2623,7 @@ static int ibmca_sha1_update(EVP_MD_CTX * ctx, const void *in_data,
 	}
 	/* If the data passed in was <64 bytes, in_data_len will be 0 */
 -        if( in_data_len && 
 +        if( in_data_len &&
 		p_ica_sha1(message_part,
 			(unsigned int)in_data_len, (unsigned char *)(in_data + fill_size),
 			&ibmca_sha_ctx->c,
@@ -2674,7 +2679,7 @@ static int ibmca_sha256_init(EVP_MD_CTX *ctx)
 #endif
 	memset((unsigned char *)ibmca_sha256_ctx, 0, sizeof(*ibmca_sha256_ctx));
 	return 1;
 -}				// end ibmca_sha256_init                                                
 +}				// end ibmca_sha256_init
 static int
 ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
@@ -2691,7 +2696,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
 	if (in_data_len == 0)
 		return 1;
 -	if (ibmca_sha256_ctx->c.runningLength == 0 
 +	if (ibmca_sha256_ctx->c.runningLength == 0
 	    && ibmca_sha256_ctx->tail_len == 0) {
 		message_part = SHA_MSG_PART_FIRST;
@@ -2711,7 +2716,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
 		fill_size = SHA256_BLOCK_SIZE - ibmca_sha256_ctx->tail_len;
 		if (fill_size < in_data_len) {
 -			memcpy(ibmca_sha256_ctx->tail 
 +			memcpy(ibmca_sha256_ctx->tail
 			       + ibmca_sha256_ctx->tail_len, in_data,
 			       fill_size);
@@ -2721,7 +2726,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
 					ibmca_sha256_ctx->tail,
 					&ibmca_sha256_ctx->c,
 					tmp_hash)) {
 -				IBMCAerr(IBMCA_F_IBMCA_SHA256_UPDATE, 
 +				IBMCAerr(IBMCA_F_IBMCA_SHA256_UPDATE,
 					 IBMCA_R_REQUEST_FAILED);
 				return 0;
 			}
@@ -2749,7 +2754,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
 		if (ibmca_sha256_ctx->tail_len) {
 			fill_size = SHA256_BLOCK_SIZE - ibmca_sha256_ctx->tail_len;
 			if (fill_size < in_data_len) {
 -				memcpy(ibmca_sha256_ctx->tail 
 +				memcpy(ibmca_sha256_ctx->tail
 				       + ibmca_sha256_ctx->tail_len, in_data,
 				       fill_size);
@@ -2759,7 +2764,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
 						ibmca_sha256_ctx->tail,
 						&ibmca_sha256_ctx->c,
 						tmp_hash)) {
 -					IBMCAerr(IBMCA_F_IBMCA_SHA256_UPDATE, 
 +					IBMCAerr(IBMCA_F_IBMCA_SHA256_UPDATE,
 						 IBMCA_R_REQUEST_FAILED);
 					return 0;
 				}
@@ -2771,8 +2776,8 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
 				return 1;
 			}
 -			/* 
 -			 * We had to use some of the data from in_data to 
 +			/*
 +			 * We had to use some of the data from in_data to
 			 * fill out the empty part of save data, so adjust
 			 * in_data_len
 			 */
@@ -2781,7 +2786,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
 			ibmca_sha256_ctx->tail_len = in_data_len & 0x3f;
 			if (ibmca_sha256_ctx->tail_len) {
 				in_data_len &= ~0x3f;
 -				memcpy(ibmca_sha256_ctx->tail, 
 +				memcpy(ibmca_sha256_ctx->tail,
 				       in_data + fill_size + in_data_len,
 					ibmca_sha256_ctx->tail_len);
 			}
@@ -2801,7 +2806,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
 	}
 	/* If the data passed in was <64 bytes, in_data_len will be 0 */
 -        if (in_data_len && 
 +        if (in_data_len &&
 	    p_ica_sha256(message_part,
 			(unsigned int)in_data_len, (unsigned char *)(in_data + fill_size),
 			&ibmca_sha256_ctx->c,
@@ -2811,7 +2816,7 @@ ibmca_sha256_update(EVP_MD_CTX *ctx, const void *in_data, unsigned long inlen)
 	}
 	return 1;
 -}				// end ibmca_sha256_update                                                 
 +}				// end ibmca_sha256_update
 static int ibmca_sha256_final(EVP_MD_CTX *ctx, unsigned char *md)
 {
 -- 
 2.12.0
--- a/openssl-ibmca-1.4.0-libica-soname.patch
+++ b/openssl-ibmca-1.4.0-libica-soname.patch
@ -0,0 +1,12 @@
 diff -up openssl-ibmca-1.4.0/src/e_ibmca.c.libica-soname openssl-ibmca-1.4.0/src/e_ibmca.c
 --- openssl-ibmca-1.4.0/src/e_ibmca.c.libica-soname	2017-09-11 13:56:54.144885532 +0200
 +++ openssl-ibmca-1.4.0/src/e_ibmca.c	2017-09-11 13:57:09.724885532 +0200
@@ -46,7 +46,7 @@
 #include "e_ibmca_err.h"
 #define IBMCA_LIB_NAME "ibmca engine"
 -#define LIBICA_SHARED_LIB "libica.so"
 +#define LIBICA_SHARED_LIB "libica.so.3"
 #define AP_PATH "/sys/devices/ap"
--- a/openssl-ibmca.spec
+++ b/openssl-ibmca.spec
@ -1,31 +1,27 @@
 Summary: A dynamic OpenSSL engine for IBMCA
 Name: openssl-ibmca
-Version: 1.3.1
+Version: 1.4.0
-Release: 3%{?dist}
+Release: 1%{?dist}
-License: OpenSSL
+License: ASL 2.0
 Group: System Environment/Libraries
-URL: http://sourceforge.net/projects/opencryptoki
+URL: https://github.com/opencryptoki
-Source0: http://downloads.sourceforge.net/opencryptoki/%{name}-%{version}.tar.gz
+Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 # https://bugzilla.redhat.com/show_bug.cgi?id=584765
-Patch0: openssl-ibmca-1.3.0-libica-soname.patch
+Patch0: openssl-ibmca-1.4.0-libica-soname.patch
-# fix build with OpenSSL 1.1
+Requires: libica >= 3.1.0
-# https://sourceforge.net/p/opencryptoki/ibmca/ci/170352452f0a1addb78879dea34a3069314fcda0/
+BuildRequires: libica-devel >= 3.1.0
 Patch1: openssl-ibmca-1.3.1-openssl11.patch
 Requires: libica >= 3.0.0
 BuildRequires: libica-devel >= 3.0.0
 BuildRequires: automake libtool
 ExclusiveArch: s390 s390x
 %global enginesdir %{_libdir}/engines-1.1
 %description
-A dynamic OpenSSL engine for IBMCA crypto hardware on IBM zSeries machines.
+A dynamic OpenSSL engine for IBMCA crypto hardware on IBM z Systems machines.
 %prep
 %setup -q
 %patch0 -p1 -b .libica-soname
 %patch1 -p1 -b .openssl11
 sh ./bootstrap.sh
@ -48,12 +44,15 @@ sed -e 's|/usr/local/lib|%{enginesdir}|' openssl.cnf.sample > openssl.cnf.sample
 popd
 %files
-%doc INSTALL README src/openssl.cnf.sample.%{_arch}
+%doc ChangeLog README.md src/openssl.cnf.sample.%{_arch}
 %{enginesdir}/libibmca.so
 %{_mandir}/man5/ibmca.5*
 %changelog
 * Mon Sep 11 2017 Dan Horák <dan@danny.cz> - 1.4.0-1
 - updated to 1.4.0
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (openssl-ibmca-1.3.1.tar.gz) = 9c2049b88676a94c292821ea84cf67d41e0fe242fc1822848315564089527b217a270b740239925785215120269f262f8d1fd8c86ef6db1df2c2f26db0db71c0
+SHA512 (openssl-ibmca-1.4.0.tar.gz) = 7e8d7c52b5b5959805823b5349756406bec406581e64732a37558a6d7b6faa3fc7391738a71a9376432a035645347e4cb7288d3a9712e884f954aeb4d74c9795
`@ -1 +1 @@`
	`SHA512 (openssl-ibmca-1.3.1.tar.gz) = 9c2049b88676a94c292821ea84cf67d41e0fe242fc1822848315564089527b217a270b740239925785215120269f262f8d1fd8c86ef6db1df2c2f26db0db71c0`	`SHA512 (openssl-ibmca-1.4.0.tar.gz) = 7e8d7c52b5b5959805823b5349756406bec406581e64732a37558a6d7b6faa3fc7391738a71a9376432a035645347e4cb7288d3a9712e884f954aeb4d74c9795`