From 9409bc7044cf4b5773639cce20f51399888c45fd Mon Sep 17 00:00:00 2001 From: Sahana Prasad Date: Thu, 27 Jul 2023 18:50:18 +0200 Subject: [PATCH] Rebase to upstream release 3.1.1 Signed-off-by: Sahana Prasad --- .gitignore | 1 + ...PROFILE-SYSTEM-system-default-cipher.patch | 6 +- 0009-Add-Kernel-FIPS-mode-flag-support.patch | 21 +- 0031-tmp-Fix-test-names.patch | 12 - 0032-Force-fips.patch | 150 +- 0033-FIPS-embed-hmac.patch | 17 +- 0034.fipsinstall_disable.patch | 45 +- 0044-FIPS-140-3-keychecks.patch | 15 - 0045-FIPS-services-minimize.patch | 61 +- 0047-FIPS-early-KATS.patch | 6 +- 0049-Allow-disabling-of-SHA1-signatures.patch | 143 +- ...Selectively-disallow-SHA1-signatures.patch | 159 +- ...t-different-R_BITS-lengths-for-KBKDF.patch | 2151 ----------------- ...clevel-2-if-rh-allow-sha1-signatures.patch | 30 +- 0053-Add-SHA1-probes.patch | 238 -- 0056-strcasecmp.patch | 10 +- 0060-FIPS-KAT-signature-tests.patch | 420 ---- ...nature-verification-in-FIPS-provider.patch | 848 ------- 0062-fips-Expose-a-FIPS-indicator.patch | 2 +- 0071-AES-GCM-performance-optimization.patch | 1635 ------------- ...erformance-optimizations-for-ppc64le.patch | 1493 ------------ ...OAEP-in-KATs-support-fixed-OAEP-seed.patch | 2 +- ..._sign-digest_verify-in-self-test-eln.patch | 3 +- ...gest_sign-digest_verify-in-self-test.patch | 5 +- 0076-FIPS-140-3-DRBG.patch | 2 +- 0079-Fix-AES-GCM-on-Power-8-CPUs.patch | 146 -- 0100-RSA-PKCS15-implicit-rejection.patch | 10 +- openssl.spec | 32 +- sources | 2 +- 29 files changed, 343 insertions(+), 7322 deletions(-) delete mode 100644 0051-Support-different-R_BITS-lengths-for-KBKDF.patch delete mode 100644 0053-Add-SHA1-probes.patch delete mode 100644 0060-FIPS-KAT-signature-tests.patch delete mode 100644 0071-AES-GCM-performance-optimization.patch delete mode 100644 0072-ChaCha20-performance-optimizations-for-ppc64le.patch delete mode 100644 0079-Fix-AES-GCM-on-Power-8-CPUs.patch diff --git a/.gitignore b/.gitignore index d8bab5a..c518dfe 100644 --- a/.gitignore +++ b/.gitignore @@ -58,3 +58,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-3.0.7-hobbled.tar.gz /openssl-3.0.8-hobbled.tar.gz /openssl-3.0.8.tar.gz +/openssl-3.1.1.tar.gz diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch index 18ff59c..4c313ff 100644 --- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -272,9 +272,9 @@ index 404a706fab..e81fa9ec3e 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION: - OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: - OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: - OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP + EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION: + BN_are_coprime 5564 3_1_0 EXIST::FUNCTION: + OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP +ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: -- 2.26.2 diff --git a/0009-Add-Kernel-FIPS-mode-flag-support.patch b/0009-Add-Kernel-FIPS-mode-flag-support.patch index 50c3343..3f25180 100644 --- a/0009-Add-Kernel-FIPS-mode-flag-support.patch +++ b/0009-Add-Kernel-FIPS-mode-flag-support.patch @@ -1,9 +1,9 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c --- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100 +++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100 -@@ -12,11 +12,46 @@ - #include "crypto/ctype.h" - #include "crypto/rand.h" +@@ -12,6 +12,41 @@ + #include "internal/provider.h" + #include "crypto/context.h" +# include +# include @@ -11,11 +11,6 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1 +# include +# include + - struct ossl_lib_ctx_onfree_list_st { - ossl_lib_ctx_onfree_fn *fn; - struct ossl_lib_ctx_onfree_list_st *next; - }; - +# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" + +static int kernel_fips_flag; @@ -46,16 +41,16 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1 + + struct ossl_lib_ctx_st { - CRYPTO_RWLOCK *lock; - CRYPTO_EX_DATA data; + CRYPTO_RWLOCK *lock, *rand_crngt_lock; + OSSL_EX_DATA_GLOBAL global; @@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte DEFINE_RUN_ONCE_STATIC(default_context_do_init) { + read_kernel_fips_flag(); - return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL) - && context_init(&default_context_int); - } + if (!CRYPTO_THREAD_init_local(&default_context_thread_local, NULL)) + goto err; + diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/include/internal/provider.h --- openssl-3.0.1/include/internal/provider.h.embed-fips 2022-01-11 13:13:08.323238760 +0100 +++ openssl-3.0.1/include/internal/provider.h 2022-01-11 13:13:43.522558909 +0100 diff --git a/0031-tmp-Fix-test-names.patch b/0031-tmp-Fix-test-names.patch index 42b3c0a..9647978 100644 --- a/0031-tmp-Fix-test-names.patch +++ b/0031-tmp-Fix-test-names.patch @@ -1,15 +1,3 @@ -diff -up openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit openssl-3.0.0/test/recipes/90-test_sslapi.t ---- openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit 2021-09-22 11:56:49.452507975 +0200 -+++ openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-09-22 11:57:19.371764742 +0200 -@@ -40,7 +40,7 @@ unless ($no_fips) { - "recipes", - "90-test_sslapi_data", - "dhparams.pem")])), -- "running sslapitest"); -+ "running sslapitest - FIPS"); - } - - unlink $tmpfilename; diff --git a/test/sslapitest.c b/test/sslapitest.c index e95d2657f46c..7af0eab3fce0 100644 --- a/test/sslapitest.c diff --git a/0032-Force-fips.patch b/0032-Force-fips.patch index 514ab67..47e5f26 100644 --- a/0032-Force-fips.patch +++ b/0032-Force-fips.patch @@ -1,9 +1,3 @@ -#Note: provider_conf_activate() is introduced in downstream only. It is a rewrite -#(partial) of the function provider_conf_load() under the 'if (activate) section. -#If there is any change to this section, after deleting it in provider_conf_load() -#ensure that you also add those changes to the provider_conf_activate() function. -#additionally please add this check for cnf explicitly as shown below. -#'ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;' diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c --- openssl-3.0.1/crypto/provider_conf.c.fipsact 2022-05-12 12:44:31.199034948 +0200 +++ openssl-3.0.1/crypto/provider_conf.c 2022-05-12 12:49:17.468318373 +0200 @@ -15,151 +9,21 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provi #include #include #include -@@ -136,58 +136,18 @@ static int prov_already_activated(const - return 0; - } - --static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, -- const char *value, const CONF *cnf) -+static int provider_conf_activate(OSSL_LIB_CTX *libctx,const char *name, -+ const char *value, const char *path, -+ int soft, const CONF *cnf) - { -- int i; -- STACK_OF(CONF_VALUE) *ecmds; -- int soft = 0; -- OSSL_PROVIDER *prov = NULL, *actual = NULL; -- const char *path = NULL; -- long activate = 0; - int ok = 0; -- -- name = skip_dot(name); -- OSSL_TRACE1(CONF, "Configuring provider %s\n", name); -- /* Value is a section containing PROVIDER commands */ -- ecmds = NCONF_get_section(cnf, value); -- -- if (!ecmds) { -- ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, -- "section=%s not found", value); -- return 0; -- } -- -- /* Find the needed data first */ -- for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { -- CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i); -- const char *confname = skip_dot(ecmd->name); -- const char *confvalue = ecmd->value; -- -- OSSL_TRACE2(CONF, "Provider command: %s = %s\n", -- confname, confvalue); -- -- /* First handle some special pseudo confs */ -- -- /* Override provider name to use */ -- if (strcmp(confname, "identity") == 0) -- name = confvalue; -- else if (strcmp(confname, "soft_load") == 0) -- soft = 1; -- /* Load a dynamic PROVIDER */ -- else if (strcmp(confname, "module") == 0) -- path = confvalue; -- else if (strcmp(confname, "activate") == 0) -- activate = 1; -- } -- -- if (activate) { -- PROVIDER_CONF_GLOBAL *pcgbl -- = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, -- &provider_conf_ossl_ctx_method); -+ OSSL_PROVIDER *prov = NULL, *actual = NULL; -+ PROVIDER_CONF_GLOBAL *pcgbl -+ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, -+ &provider_conf_ossl_ctx_method); - - if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) { -- ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); -+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); - return 0; - } - if (!prov_already_activated(name, pcgbl->activated_providers)) { @@ -216,7 +176,7 @@ static int provider_conf_load(OSSL_LIB_C - if (path != NULL) - ossl_provider_set_module_path(prov, path); + if (path != NULL) + ossl_provider_set_module_path(prov, path); -- ok = provider_conf_params(prov, NULL, NULL, value, cnf); -+ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1; +- ok = provider_conf_params(prov, NULL, NULL, value, cnf); ++ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1; - if (ok) { - if (!ossl_provider_activate(prov, 1, 0)) { -@@ -244,8 +204,59 @@ static int provider_conf_load(OSSL_LIB_C - } - if (!ok) - ossl_provider_free(prov); -+ } else { /* No reason to activate the provider twice, returning OK */ -+ ok = 1; - } - CRYPTO_THREAD_unlock(pcgbl->lock); -+ return ok; -+} -+ -+static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, -+ const char *value, const CONF *cnf) -+{ -+ int i; -+ STACK_OF(CONF_VALUE) *ecmds; -+ int soft = 0; -+ const char *path = NULL; -+ long activate = 0; -+ int ok = 0; -+ -+ name = skip_dot(name); -+ OSSL_TRACE1(CONF, "Configuring provider %s\n", name); -+ /* Value is a section containing PROVIDER commands */ -+ ecmds = NCONF_get_section(cnf, value); -+ -+ if (!ecmds) { -+ ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, -+ "section=%s not found", value); -+ return 0; -+ } -+ -+ /* Find the needed data first */ -+ for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { -+ CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i); -+ const char *confname = skip_dot(ecmd->name); -+ const char *confvalue = ecmd->value; -+ -+ OSSL_TRACE2(CONF, "Provider command: %s = %s\n", -+ confname, confvalue); -+ -+ /* First handle some special pseudo confs */ -+ -+ /* Override provider name to use */ -+ if (strcmp(confname, "identity") == 0) -+ name = confvalue; -+ else if (strcmp(confname, "soft_load") == 0) -+ soft = 1; -+ /* Load a dynamic PROVIDER */ -+ else if (strcmp(confname, "module") == 0) -+ path = confvalue; -+ else if (strcmp(confname, "activate") == 0) -+ activate = 1; -+ } -+ -+ if (activate) { -+ ok = provider_conf_activate(libctx, name, value, path, soft, cnf); - } else { - OSSL_PROVIDER_INFO entry; - -@@ -306,6 +317,19 @@ static int provider_conf_init(CONF_IMODU + if (ok) { + if (!ossl_provider_activate(prov, 1, 0)) { +@@ -306,6 +317,16 @@ static int provider_conf_init(CONF_IMODU return 0; } + if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */ + OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf); -+ PROVIDER_CONF_GLOBAL *pcgbl -+ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, -+ &provider_conf_ossl_ctx_method); + if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1) + return 0; + if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1) diff --git a/0033-FIPS-embed-hmac.patch b/0033-FIPS-embed-hmac.patch index 484a75e..f014a07 100644 --- a/0033-FIPS-embed-hmac.patch +++ b/0033-FIPS-embed-hmac.patch @@ -2,8 +2,8 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi --- openssl-3.0.7/providers/fips/self_test.c.embed-hmac 2023-01-05 10:03:44.864869710 +0100 +++ openssl-3.0.7/providers/fips/self_test.c 2023-01-05 10:15:17.041606472 +0100 @@ -172,11 +172,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void) + return ok; } - #endif +#define HMAC_LEN 32 +/* @@ -29,7 +29,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, unsigned char *expected, size_t expected_len, OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, -@@ -189,9 +205,20 @@ static int verify_integrity(OSSL_CORE_BI +@@ -189,12 +205,23 @@ static int verify_integrity(OSSL_CORE_BI EVP_MAC *mac = NULL; EVP_MAC_CTX *ctx = NULL; OSSL_PARAM params[2], *p = params; @@ -39,6 +39,9 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi + unsigned long paddr; + unsigned long off = 0; + if (!integrity_self_test(ev, libctx)) + goto err; + OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); + if (!dladdr1 ((const void *)fips_hmac_container, @@ -118,8 +121,8 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); goto end; @@ -356,7 +413,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS - ok = 1; end: + EVP_RAND_free(testrand); OSSL_SELF_TEST_free(ev); - OPENSSL_free(module_checksum); OPENSSL_free(indicator_checksum); @@ -159,8 +162,8 @@ diff -ruN openssl-3.0.0/test/recipes/03-test_fipsinstall.t openssl-3.0.0-xxx/tes -plan skip_all => "Test only supported in a fips build" if disabled("fips"); +plan skip_all => "Test only supported in a fips build" if 1; - plan tests => 29; - + # Compatible options for pedantic FIPS compliance + my @pedantic_okay = diff -ruN openssl-3.0.0/test/recipes/30-test_defltfips.t openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t --- openssl-3.0.0/test/recipes/30-test_defltfips.t 2021-09-07 13:46:32.000000000 +0200 +++ openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t 2021-11-18 10:22:54.179659682 +0100 @@ -194,9 +197,9 @@ diff -ruN openssl-3.0.0/test/recipes/90-test_sslapi.t openssl-3.0.0-xxx/test/rec -my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); +my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); + my $fipsmodcfg_filename = "fipsmodule.cnf"; + my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename); - plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" - if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); --- /dev/null 2021-11-16 15:27:32.915000000 +0100 +++ openssl-3.0.0/test/fipsmodule.cnf 2021-11-18 11:15:34.538060408 +0100 @@ -0,0 +1,2 @@ diff --git a/0034.fipsinstall_disable.patch b/0034.fipsinstall_disable.patch index ab9d460..11779fe 100644 --- a/0034.fipsinstall_disable.patch +++ b/0034.fipsinstall_disable.patch @@ -164,7 +164,7 @@ diff -up openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx openssl-3.0.0/doc/man diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in --- openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac 2022-01-11 13:26:33.279906225 +0100 +++ openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in 2022-01-11 13:33:18.757994419 +0100 -@@ -8,236 +8,11 @@ openssl-fipsinstall - perform FIPS confi +@@ -8,275 +8,9 @@ openssl-fipsinstall - perform FIPS confi =head1 SYNOPSIS B @@ -179,14 +179,18 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3. -[B<-macopt> I:I] -[B<-noout>] -[B<-quiet>] +-[B<-pedantic>] -[B<-no_conditional_errors>] -[B<-no_security_checks>] +-[B<-ems_check>] +-[B<-no_drbg_truncated_digests>] -[B<-self_test_onload>] +-[B<-self_test_oninstall>] -[B<-corrupt_desc> I] -[B<-corrupt_type> I] -[B<-config> I] - - =head1 DESCRIPTION +- +-=head1 DESCRIPTION - -This command is used to generate a FIPS module configuration file. -This configuration file can be used each time a FIPS module is loaded @@ -315,6 +319,14 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3. - -Disable logging of the self tests. - +-=item B<-pedantic> +- +-Configure the module so that it is strictly FIPS compliant rather +-than being backwards compatible. This enables conditional errors, +-security checks etc. Note that any previous configuration options will +-be overwritten and any subsequent configuration options that violate +-FIPS compliance will result in an error. +- -=item B<-no_conditional_errors> - -Configure the module to not enter an error state if a conditional self test @@ -324,6 +336,20 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3. - -Configure the module to not perform run-time security checks as described above. - +-Enabling the configuration option "no-fips-securitychecks" provides another way to +-turn off the check at compile time. +- +-=item B<-ems_check> +- +-Configure the module to enable a run-time Extended Master Secret (EMS) check +-when using the TLS1_PRF KDF algorithm. This check is disabled by default. +-See RFC 7627 for information related to EMS. +- +-=item B<-no_drbg_truncated_digests> +- +-Configure the module to not allow truncated digests to be used with Hash and +-HMAC DRBGs. See FIPS 140-3 IG D.R for details. +- -=item B<-self_test_onload> - -Do not write the two fields related to the "test status indicator" and @@ -334,6 +360,14 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3. -could possibly then add the 2 fields into the configuration using some other -mechanism. - +-This is the default. +- +-=item B<-self_test_oninstall> +- +-The converse of B<-self_test_oninstall>. The two fields related to the +-"test status indicator" and "MAC status indicator" are written to the +-output configuration file. +- -=item B<-quiet> - -Do not output pass/fail messages. Implies B<-noout>. @@ -369,6 +403,11 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3. -For normal usage the base configuration file should use the default provider -when generating the fips configuration file. - +-The B<-self_test_oninstall> option was added and the +-B<-self_test_onload> option was made the default in OpenSSL 3.1. +- +-The command and all remaining options were added in OpenSSL 3.0. +- -=head1 EXAMPLES - -Calculate the mac of a FIPS module F and run a FIPS self test diff --git a/0044-FIPS-140-3-keychecks.patch b/0044-FIPS-140-3-keychecks.patch index a0ec627..137a26d 100644 --- a/0044-FIPS-140-3-keychecks.patch +++ b/0044-FIPS-140-3-keychecks.patch @@ -89,21 +89,6 @@ diff -up openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 open retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL); -diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c ---- openssl-3.0.1/crypto/ec/ec_key.c.fips3 2022-07-25 14:03:34.420222507 +0200 -+++ openssl-3.0.1/crypto/ec/ec_key.c 2022-07-25 14:09:00.728164294 +0200 -@@ -336,6 +336,11 @@ static int ec_generate_key(EC_KEY *eckey - - OSSL_SELF_TEST_get_callback(eckey->libctx, &cb, &cbarg); - ok = ecdsa_keygen_pairwise_test(eckey, cb, cbarg); -+ -+#ifdef FIPS_MODULE -+ ok &= ossl_ec_key_public_check(eckey, ctx); -+ ok &= ossl_ec_key_pairwise_check(eckey, ctx); -+#endif /* FIPS_MODULE */ - } - err: - /* Step (9): If there is an error return an invalid keypair. */ diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_gen.c --- openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 2022-07-25 17:02:17.807271297 +0200 +++ openssl-3.0.1/crypto/rsa/rsa_gen.c 2022-07-25 17:18:24.931959649 +0200 diff --git a/0045-FIPS-services-minimize.patch b/0045-FIPS-services-minimize.patch index e8e6fd9..6e667b8 100644 --- a/0045-FIPS-services-minimize.patch +++ b/0045-FIPS-services-minimize.patch @@ -15,16 +15,8 @@ diff -up openssl-3.0.1/providers/common/capabilities.c.fipsmin3 openssl-3.0.1/pr diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/providers/fips/fipsprov.c --- openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 2022-05-05 11:42:58.596848856 +0200 +++ openssl-3.0.1/providers/fips/fipsprov.c 2022-05-05 11:55:42.997562712 +0200 -@@ -54,7 +54,6 @@ static void fips_deinit_casecmp(void); - - #define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } - #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) -- - extern OSSL_FUNC_core_thread_start_fn *c_thread_start; - int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx); - @@ -191,13 +190,13 @@ static int fips_get_params(void *provctx - &fips_prov_ossl_ctx_method); + OSSL_LIB_CTX_FIPS_PROV_INDEX); p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) @@ -58,8 +50,8 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, ossl_cipher_capable_aes_cbc_hmac_sha256), #ifndef OPENSSL_NO_DES -- ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), -- ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), +- UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), +- UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), + /* We don't certify 3DES in our FIPS provider */ + /* ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), + ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), */ @@ -90,7 +82,7 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider #endif { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_tls1_prf_keyexch_functions }, -@@ -403,12 +406,14 @@ static const OSSL_ALGORITHM fips_keyexch +@@ -403,13 +406,14 @@ static const OSSL_ALGORITHM fips_keyexch static const OSSL_ALGORITHM fips_signature[] = { #ifndef OPENSSL_NO_DSA @@ -100,8 +92,9 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider #endif { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, #ifndef OPENSSL_NO_EC -- { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions }, -- { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, +- { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, +- ossl_ed25519_signature_functions }, +- { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions }, + /* We don't certify Edwards curves in our FIPS provider */ + /* { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions }, + { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, */ @@ -130,9 +123,9 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider PROV_DESCS_X25519 }, { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions, PROV_DESCS_X448 }, - { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions, + { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ossl_ed25519_keymgmt_functions, PROV_DESCS_ED25519 }, - { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions, + { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_keymgmt_functions, - PROV_DESCS_ED448 }, + PROV_DESCS_ED448 }, */ #endif @@ -158,22 +151,6 @@ diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/ /* AES-256 GCM test data */ static const unsigned char aes_256_gcm_key[] = { 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, -@@ -235,6 +236,7 @@ static const unsigned char aes_128_ecb_c - }; - - static const ST_KAT_CIPHER st_kat_cipher_tests[] = { -+#if 0 - #ifndef OPENSSL_NO_DES - { - { -@@ -248,6 +250,7 @@ static const ST_KAT_CIPHER st_kat_cipher - ITM(des_ede3_cbc_iv), - }, - #endif -+#endif - { - { - OSSL_SELF_TEST_DESC_CIPHER_AES_GCM, @@ -1424,8 +1427,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[ # endif /* OPENSSL_NO_EC2M */ #endif /* OPENSSL_NO_EC */ @@ -193,9 +170,9 @@ diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/ - +#endif +#endif - static const ST_KAT_SIGN st_kat_sign_tests[] = { - { - OSSL_SELF_TEST_DESC_SIGN_RSA, + /* Hash DRBG inputs for signature KATs */ + static const unsigned char sig_kat_entropyin[] = { + 0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f, @@ -1583,6 +1587,7 @@ static const ST_KAT_SIGN st_kat_sign_tes }, # endif @@ -205,7 +182,7 @@ diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/ { OSSL_SELF_TEST_DESC_SIGN_DSA, @@ -1595,6 +1600,7 @@ static const ST_KAT_SIGN st_kat_sign_tes - */ + ITM(dsa_expected_sig) }, #endif /* OPENSSL_NO_DSA */ +#endif @@ -395,14 +372,17 @@ diff -up openssl-3.0.1/test/recipes/80-test_cms.t.fipsmin3 openssl-3.0.1/test/re diff -up openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 openssl-3.0.1/test/recipes/30-test_evp.t --- openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 2022-05-05 14:43:04.276857033 +0200 +++ openssl-3.0.1/test/recipes/30-test_evp.t 2022-05-05 14:43:35.975138234 +0200 -@@ -43,7 +43,6 @@ my @files = qw( +@@ -43,10 +43,8 @@ my @files = qw( evpciph_aes_cts.txt evpciph_aes_wrap.txt evpciph_aes_stitched.txt - evpciph_des3_common.txt evpkdf_hkdf.txt + evpkdf_kbkdf_counter.txt +- evpkdf_kbkdf_kmac.txt evpkdf_pbkdf1.txt evpkdf_pbkdf2.txt + evpkdf_ss.txt @@ -66,12 +65,6 @@ push @files, qw( evppkey_dh.txt ) unless $no_dh; @@ -416,11 +396,12 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 openssl-3.0.1/test/re evppkey_ecc.txt evppkey_ecdh.txt evppkey_ecdsa.txt -@@ -91,6 +84,7 @@ my @defltfiles = qw( +@@ -91,6 +84,8 @@ my @defltfiles = qw( evpciph_cast5.txt evpciph_chacha.txt evpciph_des.txt + evpciph_des3_common.txt ++ evpkdf_kbkdf_kmac.txt evpciph_idea.txt evpciph_rc2.txt evpciph_rc4.txt @@ -441,8 +422,8 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 --- openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 2022-05-05 14:46:32.721700697 +0200 +++ openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt 2022-05-05 14:51:40.205418897 +0200 @@ -328,6 +328,7 @@ Input = 68F2E77696CE7AE8E2CA4EC588E54100 - Output = 00BDA1B7E87608BCBF470F12157F4C07 - + Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007 + Result = MAC_INIT_ERROR +Availablein = default Title = KMAC Tests (From NIST) diff --git a/0047-FIPS-early-KATS.patch b/0047-FIPS-early-KATS.patch index ef2d081..3604e6f 100644 --- a/0047-FIPS-early-KATS.patch +++ b/0047-FIPS-early-KATS.patch @@ -34,6 +34,6 @@ diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/provid - goto end; - } - } - ok = 1; - end: - OSSL_SELF_TEST_free(ev); + + /* Verify that the RNG has been restored properly */ + testrand = EVP_RAND_fetch(st->libctx, "TEST-RAND", NULL); diff --git a/0049-Allow-disabling-of-SHA1-signatures.patch b/0049-Allow-disabling-of-SHA1-signatures.patch index 7485b95..559342f 100644 --- a/0049-Allow-disabling-of-SHA1-signatures.patch +++ b/0049-Allow-disabling-of-SHA1-signatures.patch @@ -1,4 +1,4 @@ -From b4f8964ad1903e24cd2ee07f42ce97c3047f4af4 Mon Sep 17 00:00:00 2001 +From 51d52096122cc73413d55aac06d5e0641f58ffcb Mon Sep 17 00:00:00 2001 From: Clemens Lang Date: Mon, 21 Feb 2022 17:24:44 +0100 Subject: [PATCH] Allow disabling of SHA1 signatures @@ -40,21 +40,69 @@ This happens because in the first case, OpenSSL's signature implementation does not know that it is signing a SHA1 hash (it could be signing arbitrary data). --- + crypto/context.c | 14 ++++ crypto/evp/evp_cnf.c | 13 +++ - crypto/evp/m_sigver.c | 85 +++++++++++++++++++ + crypto/evp/m_sigver.c | 79 +++++++++++++++++++ crypto/evp/pmeth_lib.c | 15 ++++ doc/man5/config.pod | 13 +++ + include/crypto/context.h | 3 + include/internal/cryptlib.h | 3 +- include/internal/sslconf.h | 4 + providers/common/securitycheck.c | 20 +++++ - providers/common/securitycheck_default.c | 9 +- + providers/common/securitycheck_default.c | 9 ++- providers/implementations/signature/dsa_sig.c | 11 ++- .../implementations/signature/ecdsa_sig.c | 4 + providers/implementations/signature/rsa_sig.c | 20 ++++- ssl/t1_lib.c | 8 ++ util/libcrypto.num | 2 + - 13 files changed, 198 insertions(+), 9 deletions(-) + 15 files changed, 209 insertions(+), 9 deletions(-) +diff --git a/crypto/context.c b/crypto/context.c +index e294ea1512..ab6abf44ab 100644 +--- a/crypto/context.c ++++ b/crypto/context.c +@@ -43,6 +43,8 @@ struct ossl_lib_ctx_st { + void *fips_prov; + #endif + ++ void *legacy_digest_signatures; ++ + unsigned int ischild:1; + }; + +@@ -171,6 +173,10 @@ static int context_init(OSSL_LIB_CTX *ctx) + goto err; + #endif + ++ ctx->legacy_digest_signatures = ossl_ctx_legacy_digest_signatures_new(ctx); ++ if (ctx->legacy_digest_signatures == NULL) ++ goto err; ++ + /* Low priority. */ + #ifndef FIPS_MODULE + ctx->child_provider = ossl_child_prov_ctx_new(ctx); +@@ -299,6 +305,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx) + } + #endif + ++ if (ctx->legacy_digest_signatures != NULL) { ++ ossl_ctx_legacy_digest_signatures_free(ctx->legacy_digest_signatures); ++ ctx->legacy_digest_signatures = NULL; ++ } ++ + /* Low priority. */ + #ifndef FIPS_MODULE + if (ctx->child_provider != NULL) { +@@ -589,6 +600,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index) + return ctx->fips_prov; + #endif + ++ case OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX: ++ return ctx->legacy_digest_signatures; ++ + default: + return NULL; + } diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c index 0e7fe64cf9..b9d3b6d226 100644 --- a/crypto/evp/evp_cnf.c @@ -87,18 +135,20 @@ index 0e7fe64cf9..b9d3b6d226 100644 ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, "name=%s, value=%s", oval->name, oval->value); diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c -index 76a6814b42..8da2183ce0 100644 +index 630d339c35..6e4e9f5ae7 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c -@@ -16,6 +16,79 @@ +@@ -15,6 +15,73 @@ + #include "internal/provider.h" #include "internal/numbers.h" /* includes SIZE_MAX */ #include "evp_local.h" - ++#include "crypto/context.h" ++ +typedef struct ossl_legacy_digest_signatures_st { + int allowed; +} OSSL_LEGACY_DIGEST_SIGNATURES; + -+static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs) ++void ossl_ctx_legacy_digest_signatures_free(void *vldsigs) +{ + OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs; + @@ -107,7 +157,7 @@ index 76a6814b42..8da2183ce0 100644 + } +} + -+static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) ++void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) +{ + OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES)); + /* Warning: This patch differs from the same patch in CentOS and RHEL here, @@ -117,12 +167,6 @@ index 76a6814b42..8da2183ce0 100644 + return ldsigs; +} + -+static const OSSL_LIB_CTX_METHOD ossl_ctx_legacy_digest_signatures_method = { -+ OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, -+ ossl_ctx_legacy_digest_signatures_new, -+ ossl_ctx_legacy_digest_signatures_free, -+}; -+ +static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures( + OSSL_LIB_CTX *libctx, int loadconfig) +{ @@ -131,8 +175,7 @@ index 76a6814b42..8da2183ce0 100644 + return NULL; +#endif + -+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES, -+ &ossl_ctx_legacy_digest_signatures_method); ++ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX); +} + +int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig) @@ -166,11 +209,10 @@ index 76a6814b42..8da2183ce0 100644 + ldsigs->allowed = allow; + return 1; +} -+ + #ifndef FIPS_MODULE - static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) -@@ -258,6 +331,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -251,6 +318,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, } } @@ -190,7 +232,7 @@ index 76a6814b42..8da2183ce0 100644 if (signature->digest_verify_init == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c -index 2b9c6c2351..3c5a1e6f5d 100644 +index ce6e1a1ccb..003926247b 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -33,6 +33,7 @@ @@ -201,7 +243,7 @@ index 2b9c6c2351..3c5a1e6f5d 100644 #include "evp_local.h" #ifndef FIPS_MODULE -@@ -946,6 +947,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, +@@ -958,6 +959,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, return -2; } @@ -223,7 +265,7 @@ index 2b9c6c2351..3c5a1e6f5d 100644 return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md)); diff --git a/doc/man5/config.pod b/doc/man5/config.pod -index 77a8055e81..0c9110d28a 100644 +index 8d312c661f..979683e0a5 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -296,6 +296,19 @@ Within the algorithm properties section, the following names have meaning: @@ -246,8 +288,19 @@ index 77a8055e81..0c9110d28a 100644 =item B (deprecated) The value is a boolean that can be B or B. If the value is +diff --git a/include/crypto/context.h b/include/crypto/context.h +index cc06c71be8..e9f74a414d 100644 +--- a/include/crypto/context.h ++++ b/include/crypto/context.h +@@ -39,3 +39,6 @@ void ossl_rand_crng_ctx_free(void *); + void ossl_thread_event_ctx_free(void *); + void ossl_fips_prov_ossl_ctx_free(void *); + void ossl_release_default_drbg_ctx(void); ++ ++void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *); ++void ossl_ctx_legacy_digest_signatures_free(void *); diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h -index 1291299b6e..e234341e6a 100644 +index ac50eb3bbd..3b115cc7df 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st { @@ -255,11 +308,11 @@ index 1291299b6e..e234341e6a 100644 # define OSSL_LIB_CTX_BIO_CORE_INDEX 17 # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 -# define OSSL_LIB_CTX_MAX_INDEXES 19 -+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES 19 ++# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 19 +# define OSSL_LIB_CTX_MAX_INDEXES 20 - # define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1 - # define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0 + OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx); + int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx); diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h index fd7f7e3331..05464b0655 100644 --- a/include/internal/sslconf.h @@ -318,7 +371,7 @@ index 699ada7c52..e534ad0a5f 100644 return 1; } diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c -index de7f0d3a0a..ce54a94fbc 100644 +index 246323493e..2ca7a59f39 100644 --- a/providers/common/securitycheck_default.c +++ b/providers/common/securitycheck_default.c @@ -15,6 +15,7 @@ @@ -329,7 +382,7 @@ index de7f0d3a0a..ce54a94fbc 100644 /* Disable the security checks in the default provider */ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) -@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) +@@ -29,9 +30,10 @@ int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx) } int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, @@ -341,7 +394,7 @@ index de7f0d3a0a..ce54a94fbc 100644 static const OSSL_ITEM name_to_nid[] = { { NID_md5, OSSL_DIGEST_NAME_MD5 }, -@@ -36,8 +38,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, +@@ -42,8 +44,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 }, }; @@ -355,10 +408,10 @@ index de7f0d3a0a..ce54a94fbc 100644 return mdnid; } diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c -index 28fd7c498e..fa3822f39f 100644 +index 70d0ea5d24..3c482e0181 100644 --- a/providers/implementations/signature/dsa_sig.c +++ b/providers/implementations/signature/dsa_sig.c -@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, +@@ -123,12 +123,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, mdprops = ctx->propq; if (mdname != NULL) { @@ -396,10 +449,10 @@ index 865d49d100..99b228e82c 100644 sha1_allowed); if (md_nid < 0) { diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index 325e855333..bea397f0c1 100644 +index cd5de6bd51..25a51df878 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c -@@ -26,6 +26,7 @@ +@@ -25,6 +25,7 @@ #include "internal/cryptlib.h" #include "internal/nelem.h" #include "internal/sizes.h" @@ -407,7 +460,7 @@ index 325e855333..bea397f0c1 100644 #include "crypto/rsa.h" #include "prov/providercommon.h" #include "prov/implementations.h" -@@ -34,6 +35,7 @@ +@@ -33,6 +34,7 @@ #include "prov/securitycheck.h" #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1 @@ -415,7 +468,7 @@ index 325e855333..bea397f0c1 100644 static OSSL_FUNC_signature_newctx_fn rsa_newctx; static OSSL_FUNC_signature_sign_init_fn rsa_sign_init; -@@ -289,10 +291,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, +@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, if (mdname != NULL) { EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); @@ -433,7 +486,7 @@ index 325e855333..bea397f0c1 100644 if (md == NULL || md_nid <= 0 -@@ -1348,8 +1355,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) +@@ -1370,8 +1377,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) prsactx->pad_mode = pad_mode; if (prsactx->md == NULL && pmdname == NULL @@ -451,7 +504,7 @@ index 325e855333..bea397f0c1 100644 if (pmgf1mdname != NULL && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops)) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index 41fddf22a7..dcd487ec2e 100644 +index e6f4bcc045..8bc550ea5b 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -20,6 +20,7 @@ @@ -462,7 +515,7 @@ index 41fddf22a7..dcd487ec2e 100644 #include "internal/nelem.h" #include "internal/sizes.h" #include "internal/tlsgroups.h" -@@ -1145,11 +1146,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) +@@ -1151,11 +1152,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) = OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl)); EVP_PKEY *tmpkey = EVP_PKEY_new(); int ret = 0; @@ -476,7 +529,7 @@ index 41fddf22a7..dcd487ec2e 100644 for (i = 0, lu = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { EVP_PKEY_CTX *pctx; -@@ -1169,6 +1172,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) +@@ -1175,6 +1178,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) cache[i].enabled = 0; continue; } @@ -489,15 +542,15 @@ index 41fddf22a7..dcd487ec2e 100644 if (!EVP_PKEY_set_type(tmpkey, lu->sig)) { cache[i].enabled = 0; diff --git a/util/libcrypto.num b/util/libcrypto.num -index 10b4e57d79..2d3c363bb0 100644 +index 9cb8a4dda2..feb660d030 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num -@@ -5426,3 +5426,5 @@ ASN1_item_d2i_ex 5552 3_0_0 EXIST::FUNCTION: - OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: - OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP +@@ -5436,3 +5436,5 @@ EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION: + BN_are_coprime 5564 3_1_0 EXIST::FUNCTION: + OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: +ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: +ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: -- -2.35.1 +2.40.1 diff --git a/0049-Selectively-disallow-SHA1-signatures.patch b/0049-Selectively-disallow-SHA1-signatures.patch index f8fda92..5be033e 100644 --- a/0049-Selectively-disallow-SHA1-signatures.patch +++ b/0049-Selectively-disallow-SHA1-signatures.patch @@ -1,4 +1,4 @@ -From e738d17c45869eda31cb94f2832e65ec7cf8afa9 Mon Sep 17 00:00:00 2001 +From ead41bc1b69b697187a97460c7f210ad5a7a1395 Mon Sep 17 00:00:00 2001 From: Clemens Lang Date: Wed, 17 Aug 2022 12:56:29 -0400 Subject: [PATCH] Selectively disallow SHA1 signatures @@ -38,23 +38,71 @@ Resolves: rhbz#2031742 Signed-off-by: Stephen Gallagher --- + crypto/context.c | 14 ++++ crypto/evp/evp_cnf.c | 13 ++++ - crypto/evp/m_sigver.c | 77 +++++++++++++++++++ + crypto/evp/m_sigver.c | 71 +++++++++++++++++++ crypto/evp/pmeth_lib.c | 15 ++++ doc/man5/config.pod | 11 +++ + include/crypto/context.h | 3 + include/internal/cryptlib.h | 3 +- - include/internal/sslconf.h | 4 + - providers/common/securitycheck.c | 20 +++++ + include/internal/sslconf.h | 4 ++ + providers/common/securitycheck.c | 20 ++++++ providers/common/securitycheck_default.c | 9 ++- providers/implementations/signature/dsa_sig.c | 11 ++- - .../implementations/signature/ecdsa_sig.c | 4 + - providers/implementations/signature/rsa_sig.c | 20 ++++- - ssl/t1_lib.c | 8 ++ + .../implementations/signature/ecdsa_sig.c | 4 ++ + providers/implementations/signature/rsa_sig.c | 20 +++++- + ssl/t1_lib.c | 8 +++ util/libcrypto.num | 2 + - 13 files changed, 188 insertions(+), 9 deletions(-) + 15 files changed, 199 insertions(+), 9 deletions(-) +diff --git a/crypto/context.c b/crypto/context.c +index e294ea1512..ab6abf44ab 100644 +--- a/crypto/context.c ++++ b/crypto/context.c +@@ -43,6 +43,8 @@ struct ossl_lib_ctx_st { + void *fips_prov; + #endif + ++ void *legacy_digest_signatures; ++ + unsigned int ischild:1; + }; + +@@ -171,6 +173,10 @@ static int context_init(OSSL_LIB_CTX *ctx) + goto err; + #endif + ++ ctx->legacy_digest_signatures = ossl_ctx_legacy_digest_signatures_new(ctx); ++ if (ctx->legacy_digest_signatures == NULL) ++ goto err; ++ + /* Low priority. */ + #ifndef FIPS_MODULE + ctx->child_provider = ossl_child_prov_ctx_new(ctx); +@@ -299,6 +305,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx) + } + #endif + ++ if (ctx->legacy_digest_signatures != NULL) { ++ ossl_ctx_legacy_digest_signatures_free(ctx->legacy_digest_signatures); ++ ctx->legacy_digest_signatures = NULL; ++ } ++ + /* Low priority. */ + #ifndef FIPS_MODULE + if (ctx->child_provider != NULL) { +@@ -589,6 +600,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index) + return ctx->fips_prov; + #endif + ++ case OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX: ++ return ctx->legacy_digest_signatures; ++ + default: + return NULL; + } diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c -index 0e7fe64cf92e4b73b3bf873895e73fa9646df86d..b9d3b6d226ca07a65d972bb8505b7976a0d02572 100644 +index 0e7fe64cf9..b9d3b6d226 100644 --- a/crypto/evp/evp_cnf.c +++ b/crypto/evp/evp_cnf.c @@ -10,6 +10,7 @@ @@ -85,18 +133,20 @@ index 0e7fe64cf92e4b73b3bf873895e73fa9646df86d..b9d3b6d226ca07a65d972bb8505b7976 ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, "name=%s, value=%s", oval->name, oval->value); diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c -index 76a6814b424bec3479bdf61374f0178b9cd96ded..4b2f1fcfb886661d98460c240d542df2ccd5df13 100644 +index 630d339c35..06028b082e 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c -@@ -16,6 +16,71 @@ +@@ -15,6 +15,65 @@ + #include "internal/provider.h" #include "internal/numbers.h" /* includes SIZE_MAX */ #include "evp_local.h" - ++#include "crypto/context.h" ++ +typedef struct ossl_legacy_digest_signatures_st { + int allowed; +} OSSL_LEGACY_DIGEST_SIGNATURES; + -+static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs) ++void ossl_ctx_legacy_digest_signatures_free(void *vldsigs) +{ + OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs; + @@ -105,27 +155,20 @@ index 76a6814b424bec3479bdf61374f0178b9cd96ded..4b2f1fcfb886661d98460c240d542df2 + } +} + -+static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) ++void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) +{ + return OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES)); +} + -+static const OSSL_LIB_CTX_METHOD ossl_ctx_legacy_digest_signatures_method = { -+ OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, -+ ossl_ctx_legacy_digest_signatures_new, -+ ossl_ctx_legacy_digest_signatures_free, -+}; -+ +static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures( + OSSL_LIB_CTX *libctx, int loadconfig) +{ +#ifndef FIPS_MODULE + if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) -+ return 0; ++ return NULL; +#endif + -+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES, -+ &ossl_ctx_legacy_digest_signatures_method); ++ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX); +} + +int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig) @@ -156,11 +199,10 @@ index 76a6814b424bec3479bdf61374f0178b9cd96ded..4b2f1fcfb886661d98460c240d542df2 + ldsigs->allowed = allow; + return 1; +} -+ + #ifndef FIPS_MODULE - static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) -@@ -258,6 +323,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -251,6 +310,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, } } @@ -180,7 +222,7 @@ index 76a6814b424bec3479bdf61374f0178b9cd96ded..4b2f1fcfb886661d98460c240d542df2 if (signature->digest_verify_init == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c -index da367ed05fbe42abb328c6e23cafe99e76d26819..ee6edf1e85e71cdbe58bf7e9f443425dce100e43 100644 +index ce6e1a1ccb..003926247b 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -33,6 +33,7 @@ @@ -191,7 +233,7 @@ index da367ed05fbe42abb328c6e23cafe99e76d26819..ee6edf1e85e71cdbe58bf7e9f443425d #include "evp_local.h" #ifndef FIPS_MODULE -@@ -946,6 +947,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, +@@ -958,6 +959,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, return -2; } @@ -213,10 +255,10 @@ index da367ed05fbe42abb328c6e23cafe99e76d26819..ee6edf1e85e71cdbe58bf7e9f443425d return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md)); diff --git a/doc/man5/config.pod b/doc/man5/config.pod -index a84113287c3d0edf6c67726aee7d8abb87401445..f1536258470563b4fe74f8d1e3db6d73ed316341 100644 +index 8d312c661f..e5a88d11aa 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod -@@ -304,6 +304,17 @@ Within the algorithm properties section, the following names have meaning: +@@ -296,6 +296,17 @@ Within the algorithm properties section, the following names have meaning: The value may be anything that is acceptable as a property query string for EVP_set_default_properties(). @@ -234,8 +276,19 @@ index a84113287c3d0edf6c67726aee7d8abb87401445..f1536258470563b4fe74f8d1e3db6d73 =item B (deprecated) The value is a boolean that can be B or B. If the value is +diff --git a/include/crypto/context.h b/include/crypto/context.h +index cc06c71be8..e9f74a414d 100644 +--- a/include/crypto/context.h ++++ b/include/crypto/context.h +@@ -39,3 +39,6 @@ void ossl_rand_crng_ctx_free(void *); + void ossl_thread_event_ctx_free(void *); + void ossl_fips_prov_ossl_ctx_free(void *); + void ossl_release_default_drbg_ctx(void); ++ ++void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *); ++void ossl_ctx_legacy_digest_signatures_free(void *); diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h -index 934d4b089c209a16b01a364da0f528afd4d12475..45346d7d0b0c91eae4a9d4466ed314c0873cf6f6 100644 +index ac50eb3bbd..3b115cc7df 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st { @@ -243,13 +296,13 @@ index 934d4b089c209a16b01a364da0f528afd4d12475..45346d7d0b0c91eae4a9d4466ed314c0 # define OSSL_LIB_CTX_BIO_CORE_INDEX 17 # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 -# define OSSL_LIB_CTX_MAX_INDEXES 19 -+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES 19 ++# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 19 +# define OSSL_LIB_CTX_MAX_INDEXES 20 - # define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1 - # define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0 + OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx); + int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx); diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h -index fd7f7e333183dde57a283dab7372f9afb38c0eb4..05464b0655b20da2035f6781f44ac577e895fc8a 100644 +index fd7f7e3331..05464b0655 100644 --- a/include/internal/sslconf.h +++ b/include/internal/sslconf.h @@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx); @@ -262,7 +315,7 @@ index fd7f7e333183dde57a283dab7372f9afb38c0eb4..05464b0655b20da2035f6781f44ac577 + int loadconfig); #endif diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c -index 446ad6b4c11cf8dcad9dcb86df38816eff4bf772..9e47f5655957e661fa4f66f5e67a78c6c7d2fe5b 100644 +index 699ada7c52..e534ad0a5f 100644 --- a/providers/common/securitycheck.c +++ b/providers/common/securitycheck.c @@ -19,6 +19,7 @@ @@ -306,7 +359,7 @@ index 446ad6b4c11cf8dcad9dcb86df38816eff4bf772..9e47f5655957e661fa4f66f5e67a78c6 return 1; } diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c -index de7f0d3a0a5718bd06a55d3d92236c27ffb7d0d5..ce54a94fbc9b3f48052c0bd5acf5b0aa349c4e91 100644 +index 246323493e..2ca7a59f39 100644 --- a/providers/common/securitycheck_default.c +++ b/providers/common/securitycheck_default.c @@ -15,6 +15,7 @@ @@ -317,7 +370,7 @@ index de7f0d3a0a5718bd06a55d3d92236c27ffb7d0d5..ce54a94fbc9b3f48052c0bd5acf5b0aa /* Disable the security checks in the default provider */ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) -@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) +@@ -29,9 +30,10 @@ int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx) } int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, @@ -329,7 +382,7 @@ index de7f0d3a0a5718bd06a55d3d92236c27ffb7d0d5..ce54a94fbc9b3f48052c0bd5acf5b0aa static const OSSL_ITEM name_to_nid[] = { { NID_md5, OSSL_DIGEST_NAME_MD5 }, -@@ -36,8 +38,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, +@@ -42,8 +44,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 }, }; @@ -343,10 +396,10 @@ index de7f0d3a0a5718bd06a55d3d92236c27ffb7d0d5..ce54a94fbc9b3f48052c0bd5acf5b0aa return mdnid; } diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c -index 28fd7c498e9922b6fabd1fafa452afe7ca3734ec..fa3822f39fd14a16c761b316e276c68868f35c7d 100644 +index 70d0ea5d24..3c482e0181 100644 --- a/providers/implementations/signature/dsa_sig.c +++ b/providers/implementations/signature/dsa_sig.c -@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, +@@ -123,12 +123,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, mdprops = ctx->propq; if (mdname != NULL) { @@ -368,7 +421,7 @@ index 28fd7c498e9922b6fabd1fafa452afe7ca3734ec..fa3822f39fd14a16c761b316e276c688 if (md == NULL || md_nid < 0) { if (md == NULL) diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c -index 865d49d1004f0031c82c24c218828a7d9c7269c6..99b228e82c408171bb2458244d2cf763e32a19fb 100644 +index 865d49d100..99b228e82c 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c @@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, @@ -384,7 +437,7 @@ index 865d49d1004f0031c82c24c218828a7d9c7269c6..99b228e82c408171bb2458244d2cf763 sha1_allowed); if (md_nid < 0) { diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index 7023a866131e38c214ac7326fdd83274dab81833..f66d7705c35add553694c5808b51d5696f678ee7 100644 +index cd5de6bd51..25a51df878 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c @@ -25,6 +25,7 @@ @@ -403,7 +456,7 @@ index 7023a866131e38c214ac7326fdd83274dab81833..f66d7705c35add553694c5808b51d569 static OSSL_FUNC_signature_newctx_fn rsa_newctx; static OSSL_FUNC_signature_sign_init_fn rsa_sign_init; -@@ -288,10 +290,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, +@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, if (mdname != NULL) { EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); @@ -421,7 +474,7 @@ index 7023a866131e38c214ac7326fdd83274dab81833..f66d7705c35add553694c5808b51d569 if (md == NULL || md_nid <= 0 -@@ -1347,8 +1354,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) +@@ -1370,8 +1377,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) prsactx->pad_mode = pad_mode; if (prsactx->md == NULL && pmdname == NULL @@ -439,7 +492,7 @@ index 7023a866131e38c214ac7326fdd83274dab81833..f66d7705c35add553694c5808b51d569 if (pmgf1mdname != NULL && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops)) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index 51c2283db915d792fa3020a2d7cbdc0d91fc9dca..89c1dd31c72271b1923ab972e3d3359b6c8e1a03 100644 +index e6f4bcc045..8bc550ea5b 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -20,6 +20,7 @@ @@ -450,7 +503,7 @@ index 51c2283db915d792fa3020a2d7cbdc0d91fc9dca..89c1dd31c72271b1923ab972e3d3359b #include "internal/nelem.h" #include "internal/sizes.h" #include "internal/tlsgroups.h" -@@ -1150,11 +1151,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) +@@ -1151,11 +1152,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) = OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl)); EVP_PKEY *tmpkey = EVP_PKEY_new(); int ret = 0; @@ -464,7 +517,7 @@ index 51c2283db915d792fa3020a2d7cbdc0d91fc9dca..89c1dd31c72271b1923ab972e3d3359b for (i = 0, lu = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { EVP_PKEY_CTX *pctx; -@@ -1174,6 +1177,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) +@@ -1175,6 +1178,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) cache[i].enabled = 0; continue; } @@ -477,15 +530,15 @@ index 51c2283db915d792fa3020a2d7cbdc0d91fc9dca..89c1dd31c72271b1923ab972e3d3359b if (!EVP_PKEY_set_type(tmpkey, lu->sig)) { cache[i].enabled = 0; diff --git a/util/libcrypto.num b/util/libcrypto.num -index 4e729be97d7b31b4caf0c3bab06dbce908dc2628..2ad515028ac6522e43cdb48794ba2cc96de56049 100644 +index 9cb8a4dda2..feb660d030 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num -@@ -5429,3 +5429,5 @@ OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: - OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: - OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP +@@ -5436,3 +5436,5 @@ EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION: + BN_are_coprime 5564 3_1_0 EXIST::FUNCTION: + OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: +ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: +ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: -- -2.39.1 +2.40.1 diff --git a/0051-Support-different-R_BITS-lengths-for-KBKDF.patch b/0051-Support-different-R_BITS-lengths-for-KBKDF.patch deleted file mode 100644 index c240628..0000000 --- a/0051-Support-different-R_BITS-lengths-for-KBKDF.patch +++ /dev/null @@ -1,2151 +0,0 @@ -From 0e9a265e42890699dfce82f1ff6905de6aafbd41 Mon Sep 17 00:00:00 2001 -From: Patrick Uiterwijk -Date: Thu, 18 Nov 2021 10:47:14 +0100 -Subject: [PATCH] Support different R_BITS lengths for KBKDF - -Reviewed-by: Tomas Mraz -Reviewed-by: Paul Dale -(Merged from https://github.com/openssl/openssl/pull/17063) ---- - doc/man7/EVP_KDF-KB.pod | 7 + - include/openssl/core_names.h | 1 + - providers/implementations/kdfs/kbkdf.c | 30 +- - test/evp_kdf_test.c | 47 +- - test/evp_test.c | 6 + - test/recipes/30-test_evp.t | 1 + - .../30-test_evp_data/evpkdf_kbkdf_counter.txt | 1843 +++++++++++++++++ - 7 files changed, 1924 insertions(+), 11 deletions(-) - create mode 100644 test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt - -diff --git a/doc/man7/EVP_KDF-KB.pod b/doc/man7/EVP_KDF-KB.pod -index d4fad66f7654..a67268afa7d5 100644 ---- a/doc/man7/EVP_KDF-KB.pod -+++ b/doc/man7/EVP_KDF-KB.pod -@@ -58,6 +58,13 @@ Set to B<0> to disable use of the optional Fixed Input data 'zero separator' - (see SP800-108) that is placed between the Label and Context. - The default value of B<1> will be used if unspecified. - -+=item "r" (B) -+ -+Set the fixed value 'r', indicating the length of the counter in bits. -+ -+Supported values are B<8>, B<16>, B<24>, and B<32>. -+The default value of B<32> will be used if unspecified. -+ - =back - - Depending on whether mac is CMAC or HMAC, either digest or cipher is required -diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h -index b549dae9167c..78418dc6e0a2 100644 ---- a/include/openssl/core_names.h -+++ b/include/openssl/core_names.h -@@ -217,6 +217,7 @@ extern "C" { - #define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */ - #define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */ - #define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator" /* int */ -+#define OSSL_KDF_PARAM_KBKDF_R "r" /* int */ - #define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info" - #define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info" - #define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info" -diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c -index 01f7f0d4fd2e..a81cc6e0c0d6 100644 ---- a/providers/implementations/kdfs/kbkdf.c -+++ b/providers/implementations/kdfs/kbkdf.c -@@ -60,6 +60,7 @@ typedef struct { - EVP_MAC_CTX *ctx_init; - - /* Names are lowercased versions of those found in SP800-108. */ -+ int r; - unsigned char *ki; - size_t ki_len; - unsigned char *label; -@@ -100,6 +101,7 @@ static uint32_t be32(uint32_t host) - - static void init(KBKDF *ctx) - { -+ ctx->r = 32; - ctx->use_l = 1; - ctx->use_separator = 1; - } -@@ -152,7 +154,7 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv, - size_t iv_len, unsigned char *label, size_t label_len, - unsigned char *context, size_t context_len, - unsigned char *k_i, size_t h, uint32_t l, int has_separator, -- unsigned char *ko, size_t ko_len) -+ unsigned char *ko, size_t ko_len, int r) - { - int ret = 0; - EVP_MAC_CTX *ctx = NULL; -@@ -186,7 +188,7 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv, - if (mode == FEEDBACK && !EVP_MAC_update(ctx, k_i, k_i_len)) - goto done; - -- if (!EVP_MAC_update(ctx, (unsigned char *)&i, 4) -+ if (!EVP_MAC_update(ctx, 4 - (r / 8) + (unsigned char *)&i, r / 8) - || !EVP_MAC_update(ctx, label, label_len) - || (has_separator && !EVP_MAC_update(ctx, &zero, 1)) - || !EVP_MAC_update(ctx, context, context_len) -@@ -217,6 +219,7 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen, - unsigned char *k_i = NULL; - uint32_t l = 0; - size_t h = 0; -+ uint64_t counter_max; - - if (!ossl_prov_is_running() || !kbkdf_set_ctx_params(ctx, params)) - return 0; -@@ -248,6 +251,15 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen, - goto done; - } - -+ if (ctx->mode == COUNTER) { -+ /* Fail if keylen is too large for r */ -+ counter_max = (uint64_t)1 << (uint64_t)ctx->r; -+ if ((uint64_t)(keylen / h) >= counter_max) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); -+ goto done; -+ } -+ } -+ - if (ctx->use_l != 0) - l = be32(keylen * 8); - -@@ -257,7 +269,7 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen, - - ret = derive(ctx->ctx_init, ctx->mode, ctx->iv, ctx->iv_len, ctx->label, - ctx->label_len, ctx->context, ctx->context_len, k_i, h, l, -- ctx->use_separator, key, keylen); -+ ctx->use_separator, key, keylen, ctx->r); - done: - if (ret != 1) - OPENSSL_cleanse(key, keylen); -@@ -328,6 +340,17 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) - if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_l)) - return 0; - -+ p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KBKDF_R); -+ if (p != NULL) { -+ int new_r = 0; -+ -+ if (!OSSL_PARAM_get_int(p, &new_r)) -+ return 0; -+ if (new_r != 8 && new_r != 16 && new_r != 24 && new_r != 32) -+ return 0; -+ ctx->r = new_r; -+ } -+ - p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR); - if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_separator)) - return 0; -@@ -354,6 +377,7 @@ static const OSSL_PARAM *kbkdf_settable_ctx_params(ossl_unused void *ctx, - OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), - OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_USE_L, NULL), - OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR, NULL), -+ OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_R, NULL), - OSSL_PARAM_END, - }; - return known_settable_ctx_params; -diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c -index 7fde5ea4111c..173d8cb8b87b 100644 ---- a/test/evp_kdf_test.c -+++ b/test/evp_kdf_test.c -@@ -1068,9 +1068,9 @@ static int test_kdf_kbkdf_6803_256(void) - #endif - - static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char *key, -- size_t keylen, char *salt, char *info) -+ size_t keylen, char *salt, char *info, int *r) - { -- OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 7); -+ OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 8); - OSSL_PARAM *p = params; - - if (params == NULL) -@@ -1088,6 +1088,8 @@ static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char - OSSL_KDF_PARAM_SALT, salt, strlen(salt)); - *p++ = OSSL_PARAM_construct_octet_string( - OSSL_KDF_PARAM_INFO, info, strlen(info)); -+ *p++ = OSSL_PARAM_construct_int( -+ OSSL_KDF_PARAM_KBKDF_R, r); - *p = OSSL_PARAM_construct_end(); - - return params; -@@ -1100,8 +1102,9 @@ static int test_kdf_kbkdf_invalid_digest(void) - OSSL_PARAM *params; - - static unsigned char key[] = {0x01}; -+ int r = 32; - -- params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test"); -+ params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test", &r); - if (!TEST_ptr(params)) - return 0; - -@@ -1122,8 +1125,9 @@ static int test_kdf_kbkdf_invalid_mac(void) - OSSL_PARAM *params; - - static unsigned char key[] = {0x01}; -+ int r = 32; - -- params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test"); -+ params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test", &r); - if (!TEST_ptr(params)) - return 0; - -@@ -1137,6 +1141,30 @@ static int test_kdf_kbkdf_invalid_mac(void) - return ret; - } - -+static int test_kdf_kbkdf_invalid_r(void) -+{ -+ int ret; -+ EVP_KDF_CTX *kctx; -+ OSSL_PARAM *params; -+ -+ static unsigned char key[] = {0x01}; -+ int r = 31; -+ -+ params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r); -+ if (!TEST_ptr(params)) -+ return 0; -+ -+ /* Negative test case - derive should fail */ -+ kctx = get_kdfbyname("KBKDF"); -+ ret = TEST_ptr(kctx) -+ && TEST_false(EVP_KDF_CTX_set_params(kctx, params)); -+ -+ EVP_KDF_CTX_free(kctx); -+ OPENSSL_free(params); -+ return ret; -+} -+ -+ - static int test_kdf_kbkdf_empty_key(void) - { - int ret; -@@ -1145,8 +1173,9 @@ static int test_kdf_kbkdf_empty_key(void) - - static unsigned char key[] = {0x01}; - unsigned char result[32] = { 0 }; -+ int r = 32; - -- params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test"); -+ params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test", &r); - if (!TEST_ptr(params)) - return 0; - -@@ -1169,8 +1198,9 @@ static int test_kdf_kbkdf_1byte_key(void) - - static unsigned char key[] = {0x01}; - unsigned char result[32] = { 0 }; -+ int r = 32; - -- params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test"); -+ params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r); - if (!TEST_ptr(params)) - return 0; - -@@ -1191,8 +1221,9 @@ static int test_kdf_kbkdf_zero_output_size(void) - - static unsigned char key[] = {0x01}; - unsigned char result[32] = { 0 }; -+ int r = 32; - -- params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test"); -+ params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r); - if (!TEST_ptr(params)) - return 0; - -@@ -1298,7 +1329,6 @@ static int test_kdf_kbkdf_8009_prf2(void) - * Test vector taken from - * https://csrc.nist.gov/CSRC/media/Projects/ - * Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip -- * Note: Only 32 bit counter is supported ([RLEN=32_BITS]) - */ - static int test_kdf_kbkdf_fixedinfo(void) - { -@@ -1628,6 +1658,7 @@ int setup_tests(void) - #endif - ADD_TEST(test_kdf_kbkdf_invalid_digest); - ADD_TEST(test_kdf_kbkdf_invalid_mac); -+ ADD_TEST(test_kdf_kbkdf_invalid_r); - ADD_TEST(test_kdf_kbkdf_zero_output_size); - ADD_TEST(test_kdf_kbkdf_empty_key); - ADD_TEST(test_kdf_kbkdf_1byte_key); -diff --git a/test/evp_test.c b/test/evp_test.c -index 70996195f0cb..6ae862b04403 100644 ---- a/test/evp_test.c -+++ b/test/evp_test.c -@@ -2639,6 +2639,12 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, - TEST_info("skipping, '%s' is disabled", p); - t->skip = 1; - } -+ if (p != NULL -+ && (strcmp(name, "mac") == 0) -+ && is_mac_disabled(p)) { -+ TEST_info("skipping, '%s' is disabled", p); -+ t->skip = 1; -+ } - OPENSSL_free(name); - return 1; - } -diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t -index 7ae546e1d70c..7b976c0a1b5e 100644 ---- a/test/recipes/30-test_evp.t -+++ b/test/recipes/30-test_evp.t -@@ -45,6 +45,7 @@ my @files = qw( - evpciph_aes_wrap.txt - evpciph_aes_stitched.txt - evpkdf_hkdf.txt -+ evpkdf_kbkdf_counter.txt - evpkdf_pbkdf1.txt - evpkdf_pbkdf2.txt - evpkdf_ss.txt -diff --git a/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt b/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt -new file mode 100644 -index 000000000000..04ab8ff0fad7 ---- /dev/null -+++ b/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt -@@ -0,0 +1,1843 @@ -+# -+# Copyright 2021-2021 The OpenSSL Project Authors. All Rights Reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+# Tests start with one of these keywords -+# Cipher Decrypt Derive Digest Encoding KDF MAC PBE -+# PrivPubKeyPair Sign Verify VerifyRecover -+# and continue until a blank line. Lines starting with a pound sign are ignored. -+ -+Title = KBKDF tests -+ -+# Test vectors taken from -+# https://csrc.nist.gov/CSRC/media/Projects/ -+# Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip -+ -+ -+# [PRF=CMAC_AES128] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=8_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:dff1e50ac0b69dc40f1051d46c2b069c -+Ctrl.hexinfo = hexinfo:c16e6e02c5a3dcc8d78b9ac1306877761310455b4e41469951d9e6c2245a064b33fd8c3b01203a7824485bf0a64060c4648b707d2607935699316ea5 -+Output = 8be8f0869b3c0ba97b71863d1b9f7813 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:682e814d872397eba71170a693514904 -+Ctrl.hexinfo = hexinfo:e323cdfa7873a0d72cd86ffb4468744f097db60498f7d0e3a43bafd2d1af675e4a88338723b1236199705357c47bf1d89b2f4617a340980e6331625c -+Output = dac9b6ca405749cfb065a0f1e42c7c4224d3d5db32fdafe9dee6ca193316f2c7 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:7aa9973481d560f3be217ac3341144d8 -+Ctrl.hexinfo = hexinfo:46f88b5af7fb9e29262dd4e010143a0a9c465c627450ec74ab7251889529193e995c4b56ff55bc2fc8992a0df1ee8056f6816b7614fba4c12d3be1a5 -+Output = 1746ae4f09903f74bfbe1b8ae2b79d74576a3b09 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:e91e0d06ab23a4e495bbcc430efddcaf -+Ctrl.hexinfo = hexinfo:24acb8e9227b180f2ccebea48051cbdbcd1be2bf94400d1e92945fe9b887585a295f46c469036107697813a3e12c45ae2ffde9a940f8f8c181018a93 -+Output = e81ef2483729d4165aaa4866c17f26496e6c6924e2fe34f608efef0c35835f86df29a1e19ce166a8 -+ -+ -+# [PRF=CMAC_AES128] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=16_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:30ec5f6fa1def33cff008178c4454211 -+Ctrl.hexinfo = hexinfo:c95e7b1d4f2570259abfc05bb00730f0284c3bb9a61d07259848a1cb57c81d8a6c3382c500bf801dfc8f70726b082cf4c3fa34386c1e7bf0e5471438 -+Output = 00018fff9574994f5c4457f461c7a67e -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:145c9e9365041f075ebde8ce26aa2149 -+Ctrl.hexinfo = hexinfo:0d39b1c9c34d95b5b521971828c81d9f2dbdbc4af2ddd14f628721117e5c39faa030522b93cc07beb8f142fe36f674942453ec5518ca46c3e6842a73 -+Output = 8a204ce7eab882fae3e2b8317fe431dba16dabb8fe5235525e7b61135e1b3c16 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:6f3f8cbf40d2a694274cfa2eb2f265a3 -+Ctrl.hexinfo = hexinfo:e7b88baa4a2c22b3d78f41d509996c95468c8cb834b035dd5e09e0a455da254b8b5687a1433861751d2dd603f69b2d4ba4ae47776335d37c98b44b4b -+Output = d147f1c78121c583cbcb9d4b0d3767a357bd7232 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:5e534bea459e54c58a6942abfd4df8ab -+Ctrl.hexinfo = hexinfo:e9a5cc15d223aaa74abd122983b2a10512199b9cc87663fd8a62d417cef53770264fc51f683890fe42da2df7be0f60898c5b09d5c4932137b6b1e06e -+Output = 92480eb4860123ceda76f1e6bf2668520bea49ed72bb900ae50725bb8cfcdb733af1a9de71fe1af5 -+ -+ -+# [PRF=CMAC_AES128] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=24_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:ca1cf43e5ccd512cc719a2f9de41734c -+Ctrl.hexinfo = hexinfo:e3884ac963196f02ddd09fc04c20c88b60faa775b5ef6feb1faf8c5e098b5210e2b4e45d62cc0bf907fd68022ee7b15631b5c8daf903d99642c5b831 -+Output = 1cb2b12326cc5ec1eba248167f0efd58 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:1bfaf4cd6efd25a132e2a1d41b124465 -+Ctrl.hexinfo = hexinfo:b933cfbb223ea65ed0e8db822f83be64ee21d3b9ca1eb0bc32f9d77f145a3e4ed4e2cc72cb3d93ea44824ab81eefdf71bbdb62067e0eb34a79914e4f -+Output = 75f4d20c558d71646ec062d2ca75369a218cedb7104be3abf27026af003e98f3 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:80168f187848a68b0b82a7ef43b4eedc -+Ctrl.hexinfo = hexinfo:9357281df7665ae5ae961fe5f93a3124416cab3deb11583429c5e529af3fc71094aad560cbc279168fe1c3327787f91a414acfff063832bcd78ed1b5 -+Output = be4517c9e6de96929e655a08f5b6d5bb77364f85 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:26fa0e32e7e08f9b157ebae9f579710f -+Ctrl.hexinfo = hexinfo:ceab805efbe0c50a8aef62e59d95e7a54daa74ed86aa9b1ae8abf68b985b5af4b0ee150e83e6c063b59c7bf813ede9826af149237aed85b415898fa8 -+Output = f1d9138afcc3db6001eb54c4da567a5db3659fc0ed48e664a0408946bcee0742127c17cabf348c7a -+ -+ -+# [PRF=CMAC_AES128] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=32_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:c10b152e8c97b77e18704e0f0bd38305 -+Ctrl.hexinfo = hexinfo:98cd4cbbbebe15d17dc86e6dbad800a2dcbd64f7c7ad0e78e9cf94ffdba89d03e97eadf6c4f7b806caf52aa38f09d0eb71d71f497bcc6906b48d36c4 -+Output = 26faf61908ad9ee881b8305c221db53f -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:695f1b1a16c949cea51cdf2554ec9d42 -+Ctrl.hexinfo = hexinfo:4fce5942832a390aa1cbe8a0bf9d202cb799e986c9d6b51f45e4d597a6b57f06a4ebfec6467335d116b7f5f9c5b954062f661820f5db2a5bbb3e0625 -+Output = d34b601ec18c34dfa0f9e0b7523e218bdddb9befe8d08b6c0202d75ace0dba89 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:b523ae21fc36bc58cc46e5a3cda97493 -+Ctrl.hexinfo = hexinfo:8dbe6d4d9b09b2eabd165b6e6e97e3bc782f8335cb1ea04ad0403affd88a5071db5f36ce2e84ab296261730b2226a9189d867991fbd4ff86f43a3cfb -+Output = 530211df01975dd6c08064c34105f88a6007f2b2 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES128 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:b2fcf854b1029888aeb0274ca09bb21a -+Ctrl.hexinfo = hexinfo:a6b84baae7a6ceb1d63ed704757500c510c0a8bdc22d2f42af09f79c815f37f33b67dad0b30f428fc1e2d355f7f91f65acbedd2fdd5b8c38dd890407 -+Output = fe4c2c0242c5a295c008aeb87ae0815171de6173773292347f4f5ec07185c3f860b5667c199aad55 -+ -+ -+# [PRF=CMAC_AES192] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=8_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:53d1705caab7b06886e2dbb53eea349aa7419a034e2d92b9 -+Ctrl.hexinfo = hexinfo:b120f7ce30235784664deae3c40723ca0539b4521b9aece43501366cc5df1d9ea163c602702d0974665277c8a7f6a057733d66f928eb7548cf43e374 -+Output = eae32661a323f6d06d0116bb739bd76a -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:d10046bb18c3f363e87f4e57b961b294d4edf2ca91dc3e38 -+Ctrl.hexinfo = hexinfo:2d043069de979bffb1be38a3cef2869dc07d5d3e99bde2e2204f10138081743f423f0c0b1aec0735a25bc61a8e2936dec6a25bb0ae105ab46caf8a2a -+Output = 8991a58882a0488bb5478996f2893989adb66d08d5030ad90f6ce5fdfca7754b -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:bf0abb70098d6c203074f1bce3d7468116cd1e5e8e618f20 -+Ctrl.hexinfo = hexinfo:d9ce030a48668ada6c67a2ac163515ec22383c4b5332e18d06901bacbb63dd649c683cfd4fee2f33346817b23cb4c734060a1c727b0c72c12448f4f9 -+Output = ecd1eef152b5835376f1a4324cd968bcb0cf850a -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:8725918ca07ad8e108473e5ffdf43eb1cf5c44baf0bd1cec -+Ctrl.hexinfo = hexinfo:f4a57b84a881cf282aac5402cfa8fc4ede0db6f8e902d5c0c41c4712077306484e626e3ffc4129d9b43b46cbb6c53d2838a811dc8aedad7253cf94d4 -+Output = 5a795fd0d7661968c478860b526cca40eb8702083fdbff3ff8adfa697e795398ca7106bc950fbb45 -+ -+ -+# [PRF=CMAC_AES192] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=16_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:d7e8eefc503a39e70d931f16645958ad06fb789f0cbc518b -+Ctrl.hexinfo = hexinfo:b10ea2d67904a8b3b7ce5eef7d9ee49768e8deb3506ee74a2ad8dd8661146fde74137a8f6dfc69a370945d15335e0d6403fa029da19d34140c7e3da0 -+Output = 95278b8883852f6676c587507b0aa162 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:5e6695d7c3f5b156c7b457c8c2b801ba2ae30c9c8a36ee61 -+Ctrl.hexinfo = hexinfo:1406756f40efb8e29d5455d2da4bf1993b3c3901d67ec90934895f5de7845f573ae8a0dc8a6ad77d80da29e81329440d61d63dda8eaa7851bc7a172d -+Output = 72046d5eed909f6ab25810ead446ace7422fd87e6bd496ff2e84b115b8e0d27e -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:e3b88f40c9974410955820a8f8392701e9c67cc6efd3b0ff -+Ctrl.hexinfo = hexinfo:a520f36b6b60dfce34dc1d1f6b16132efa82566efa49f3140113fbc59e309c40db42962c06123721f122f433fa417ce3319bca9c58b4184fd8c7be8f -+Output = 134b6236a80c257591cc1437ab007b3fa4bd7191 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:51574d47f2f1d202a30252823b52ba7858b729d5ed4c92f7 -+Ctrl.hexinfo = hexinfo:0819c17dd3f9a68493a958c46152d04ba450043908a0016b99cc124d5e75b0d11e7c26f27365609c110eee7f8baa88a7d99fecc690e617150f93bd6c -+Output = c46db4cd822e9841408fba79932d6c748bc7ab17421ed1ad188aed327c2a0d694e380c0cade8b37f -+ -+ -+# [PRF=CMAC_AES192] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=24_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:f7c1e0682a12f1f17d23dc8af5c463b8aa28f87ed82fad22 -+Ctrl.hexinfo = hexinfo:890ec4966a8ac3fd635bd264a4c726c87341611c6e282766b7ffe621080d0c00ac9cf8e2784a80166303505f820b2a309e9c3a463d2e3fd4814e3af5 -+Output = a71b0cbe30331fdbb63f8d51249ae50b -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:3eeed1560e17aaffe9f6ca9d81815b89a6879a56ebe4182a -+Ctrl.hexinfo = hexinfo:a643378a557af69ce2c606bc623a04b568a848207534d25bfa22664f9148997a6b4c00f4624b5100b4eb01857240b119876c3a86c1e8b02335475939 -+Output = 8a1dc0f616353bf3ecf5553d7a7651e9ea6d884a32172d3391ad342bfaf60785 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:c984c3f65cdc32e7503678764a9e84292a1f50e335167a36 -+Ctrl.hexinfo = hexinfo:0061cd40f9eef84d6c8b04e0142d70aa50d4690e0a1de8e3ff5f5cea10cd2d28281eb1df90c519b8b51f7aa0d63a313ebbf80538b54dd11a66115be6 -+Output = afe93ae91930261344e30ef9e1718e76f74225d9 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:993305e59f34a94f62931fd7662bb5b73c77d8d4bc6a33ba -+Ctrl.hexinfo = hexinfo:fcceb2d7ac6a68717c2490ec95bebea484c4930d156683c43164dc53bff0bafcbfb31e920109927ef08e12f66f258b6f8ba284908faee7d3376e1bac -+Output = 40e358cfdeee0286d152fcb4626ff22e67eea3b65d8750a273001b67645804cbf613832201b0a9ba -+ -+ -+# [PRF=CMAC_AES192] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=32_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:f4267280cb8667c2cf82bb37f389da6391f58cc74deba0cc -+Ctrl.hexinfo = hexinfo:34abbc9f7b12622309a827de5abfdd51fb5bb824838fcde88ca7bc5f3953abdcb445147f13e809e294f75e6d4e3f13b66e47f2dfc881ed392e3a1bf6 -+Output = 2d1b4b5694b6741b2ed9c02c05474225 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:dc866a038c4f78f22d46caca65892bcdb15c1eb49b275827 -+Ctrl.hexinfo = hexinfo:b4a123bad4890c7a791f5e192bd8b6e9c8c3620329f99249f11e1eb517a5b27b9e5b047a6591b45f6fff53e6d04b32d82e052af2eb8519bd21c10f93 -+Output = 731a2e23ab2e58551490254041ee8fabd9c5a1918d76307f1048535be0763b20 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:dd5e0f1a30b0b722b00626ee663df29601af58082708e18c -+Ctrl.hexinfo = hexinfo:b7c6eb48c80b071080fd07a827d0bfdc781599862084f7ffd968a4cbff0be9a6adef5ea206aa8af4d8a85705953e33cd7c4cbb69969c73698f54c6b8 -+Output = 84e1ca286776cda0784c4fc48b054384ca565d17 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES192 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:d64c598436507f4d05d7ebe780092996f281901dc9c8612f -+Ctrl.hexinfo = hexinfo:0ea737cfca2560856917f3a2ff5e2175930d0719bba85a9c8d8cb311a0a1b8caf8ffe03e9a86ab17046670011c9fec5c5cd697d9cd931f615cdfe649 -+Output = 3c26968bd3997c653f79bb725c36d784b590d18a64678cf312abe8a57b2891c27282e37b6a49cd73 -+ -+ -+# [PRF=CMAC_AES256] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=8_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:aeb7201d055f754212b3e497bd0b25789a49e51da9f363df414a0f80e6f4e42c -+Ctrl.hexinfo = hexinfo:11ec30761780d4c44acb1f26ca1eb770f87c0e74505e15b7e456b019ce0c38103c4d14afa1de71d340db51410596627512cf199fffa20ef8c5f4841e -+Output = 2a9e2fe078bd4f5d3076d14d46f39fb2 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:5402c978955128558789bee7b571465174a60582a7640037387f99ac16683173 -+Ctrl.hexinfo = hexinfo:5c7eb447481c2884a5398449eaecbb8b55f1f1981ba0fd187818d8b3581b430c3da52ab83d444e003625ff36fcbd160c67b18d85b6c9d00da1a15d15 -+Output = f22a4686abe599c2194d21fc9071ffceb023dd9b24c13f05a3d44cfc77fec44a -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:cac968a8ffd81c73948bdfb48bf8a29c1378517d3be294df9a8a80724075bdbd -+Ctrl.hexinfo = hexinfo:08817bcd560edf810aa004194c817e455fb66bbc3b84fef1d66df2d1cebb3403c24231fa822f130c5d8fe886217122dcab15cb725197bbcbeb8010f5 -+Output = 651c43e113b32026b204119af394301f0cb9831c -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:9debd1762a9643e967dbc174f2040e177b8053afb0829189a81fed94f8c365ee -+Ctrl.hexinfo = hexinfo:6c4e1e3fdd7f5c97d58bcdda792642cbd271d6968f6a8e368013d88763d0b306c832b7ab46b84d099596972d12220a4e9c81f82d6f5003d18b93c595 -+Output = 2518a44ea347e924b03a7b4c966ec4e4bd76c1456d09096be9387638c2737faeebba4e2b921b19db -+ -+ -+# [PRF=CMAC_AES256] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=16_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:4df60800bf8e2f6055c5ad6be43ee3deb54e2a445bc88a576e111b9f7f66756f -+Ctrl.hexinfo = hexinfo:962adcaf12764c87dad298dbd9ae234b1ff37fed24baee0649562d466a80c0dcf0a65f04fe5b477fd00db6767199fa4d1b26c68158c8e656e740ab4d -+Output = eca99d4894cdda31fe355b82059a845c -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:4c30b96d9beff5cc3c37527694eeec8207fae2c13ef295556919a7a46e5b90c1 -+Ctrl.hexinfo = hexinfo:86e1ad34bd7a998281a822129a23102f799812864cf5349f3f21cec7729f83ad8c8aa6517fafcc9521cde887686629048159ed3f15c01408984f547e -+Output = 815fe232e0e89f7eeaa87c3ba5007694a43c1577657ccb3018076c5a5c035d95 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:e508ce78aca2cc50c80a6cbdb2b178f8ee5e315dad71ddfa700eb6cf503239b3 -+Ctrl.hexinfo = hexinfo:28c47ddd23d349e3b30bf97975c5fa591f2158e001dae3faa154d93c615c89fc7449c901a2585e618f68a0b2cbd3f35f53424d5ea015cbf7e8e09f68 -+Output = 6bc69b4c11aa7c04ac3c03baa44daeac4a047992 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:ee0a0f88b3b441826264de7a31b890a66edf7c2a28d0286eab285846b586fb8e -+Ctrl.hexinfo = hexinfo:1ea9771ab763056260d885073e80e835e20e5d7ca9659fdf5dd3b7f2ae6286608f8bc7a6728e41346c55544942b1bf06642fb6a6738fb5b7f0128f9c -+Output = 5484f170b6602b505e9e6ccffccf2262b55c3554728244bba94daff0adbc619400b33f38013a2293 -+ -+ -+# [PRF=CMAC_AES256] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=24_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:1612a40daa7fce6c6788b3b71311188ffb850613fd81d0e87a891831348e2f28 -+Ctrl.hexinfo = hexinfo:1696438fcdf9a85284759b2604b64d7ea76199514709e711ecde5a505b5f27ae38d154aba14322481ddc9fd9169364b991460a0c9a05c7fcb2d099c9 -+Output = d101f4f2b5e239bae881cb488995bd52 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:77b50e24b859725d1cab531c885a6e60e7d5b0432f37408185ae688dffa5f6a5 -+Ctrl.hexinfo = hexinfo:0b2c907499cddaa1fcfb02002ab8b9756c5f1f9fea482d79b8a6aa9fa2fb48e69df94dca4cb6f2e90a462678279ddaacc482fdd76581996b43974a22 -+Output = c2a02b3743d506cdc1a41d4c2ae4c67610c5d607df0c26cbf7f4fe2198cb35f1 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:18a5c3e669967b42e9a29bad8fe86699f2b5d496ff767cd3171d1c7195ecef59 -+Ctrl.hexinfo = hexinfo:33231c50326592c25ec3eee2c61a3ad4c8a23c098dd83eafe5db411d0948eb122bb6eb7a1d04d2dbcd0b98d0b70b7ff305bb3ef6ac9d4e8e3f7ecd4f -+Output = e80afb5cd274cb5fa4952aa95177ae83337f4c8f -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:0b589e556b7583f0fa9144868603b59262f457dee1e887ffc0e39968218959b9 -+Ctrl.hexinfo = hexinfo:1b95b940e0b950a58f09ea09941b80852cb29838940bb146dc3db0ddcd87f72ee28813c09fcef773e95438c0ed3dbcf29e78de0c78377561c5869d5f -+Output = 260aef65eefd58816fe1a77120d047548b00c475c25178a2a33d4c801d49e8a0fb830513d0b3ff17 -+ -+ -+# [PRF=CMAC_AES256] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=32_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:d0b1b3b70b2393c48ca05159e7e28cbeadea93f28a7cdae964e5136070c45d5c -+Ctrl.hexinfo = hexinfo:dd2f151a3f173492a6fbbb602189d51ddf8ef79fc8e96b8fcbe6dabe73a35b48104f9dff2d63d48786d2b3af177091d646a9efae005bdfacb61a1214 -+Output = 8c449fb474d1c1d4d2a33827103b656a -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:d54b6fd94f7cf98fd955517f937e9927f9536caebe148fba1818c1ba46bba3a4 -+Ctrl.hexinfo = hexinfo:94c4a0c69526196c1377cebf0a2ae0fb4b57797c61bea8eeb0518ca08652d14a5e1bd1b116b1794ac8a476acbdbbcd4f6142d7b8515bad09ec72f7af -+Output = 2e1efed4aef3fdd324e098c0a07c0d97f8fd2c748a996ce29861ca042474daea -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:99f212241a343c1c8c2104ca6d28062413d985c21e6bba27fde0c622e2e4e6b7 -+Ctrl.hexinfo = hexinfo:af8dc1cb7d1f82ca834628c20f0fc81920eb3ff3f75d3f4e3000593e9c15872479711d99d1b7be794f58d80a31bb112219dc16e6354111ab1161e21d -+Output = 7f778c625bf0d083169a51584f6683f24af7c35e -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.cipher = cipher:AES256 -+Ctrl.mac = mac:CMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:dabde95d751ff1c132bd49f80f4ee347bf39218cf8bfec61bc3ad865d9aa1182 -+Ctrl.hexinfo = hexinfo:55da554307ed756764d4e97febb77ce85391b53225ee09417ad57def48ead090e3d1e7c2ed04f02462a6324ea0163b18f86201c69db27fd50b4c42c5 -+Output = 5cc29221cfa6f3a4ded7afeef5a59c05bac787fc5e98a35ee0c96ba582b05c42f758966566084f69 -+ -+ -+# [PRF=HMAC_SHA1] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=8_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:00a39bd547fb88b2d98727cf64c195c61e1cad6c -+Ctrl.hexinfo = hexinfo:98132c1ffaf59ae5cbc0a3133d84c551bb97e0c75ecaddfc30056f6876f59803009bffc7d75c4ed46f40b8f80426750d15bc1ddb14ac5dcb69a68242 -+Output = 0611e1903609b47ad7a5fc2c82e47702 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:1ee222f5cdd60b0ae956eeeaa838c51bd767672c -+Ctrl.hexinfo = hexinfo:4b10500ba5c9391da83d2ef78d01bcdccda32ff6f242960323324474b9d0685d99dc9143ac6d667a5b46dcc89784b3a4af7a7684b01efee41b144f48 -+Output = 806e342013853083a3f7294c63a9ec9a6dba75b256c62fac1e480ef26276cd4b -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:0e71d9e9c9e951978ada75c831d627dd5d3b4c59 -+Ctrl.hexinfo = hexinfo:08b6f69698e8eb6c8c63953abd3538531d722cc4e9ca7ffcb68abba4dd4b027b3787efa107902ace8abb54549bede4ffdadabec3f282865b2166d46e -+Output = 86137b96ec15b7954fdc5df8d371ee2d8016e97a -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:f0e5ad280b3465e719afdf86377bbcda59f5c59b -+Ctrl.hexinfo = hexinfo:231b6d83f0194499f27848108fd1fcdcf9520e67522cf54486fb919a839532d165019388242ce373a89ce644d7818e7415f5730a0b743595ab19add4 -+Output = 9a9ddd19818bb085d24e48ee99d6e628235a422fb2ae383282b7bbbf0e5f5edf42d7237b8ed6aa1d -+ -+ -+# [PRF=HMAC_SHA1] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=16_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:a510fe5ad1640d345a6dbba65d629c2a2fedd1ae -+Ctrl.hexinfo = hexinfo:9953de43418a85aa8db2278a1e380e83fb1e47744d902e8f0d1b3053f185bbcc734d12f219576e75477d7f7b799b7afed1a4847730be8fd2ef3f342e -+Output = c00707a18c57acdb84f17ef05a322da2 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:abec6c894ae9df32e5afdf5d06a0434e8940ca71 -+Ctrl.hexinfo = hexinfo:9a6574a0ea1123ab9580906f8a2c4a0ecba9a8a84079c37a6e283ad4d4e957c3d16db66ae4be99e688b221c359a8dd2505868beb6a49fd7ce6c35df4 -+Output = 5b37675aec199c7d08435ef6321cf6235c12453a4530072d4a73ba0ad34634a5 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:df4e835a2f201a3d0f840eab38a18adf72adf9eb -+Ctrl.hexinfo = hexinfo:84c6ca541d24a8b419037b9657ee4e0d5ef96d8b198355940a30b09bf8784e81d3b93558de21c46f04aec4afd610c3b230d17473c80b47b5004955e7 -+Output = 1202915544844b1f913caab512c582735bf76fed -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:cbe1d2895640dcd1545e60e04ce9d995707ec539 -+Ctrl.hexinfo = hexinfo:c80d735ec5fd0bf811a4a71c55e99373f83f4111194ec24a8e9fe24ef03f56ed15b4e135e02488d96dba8c0d60c26592df55a492691cf3b7eced40d1 -+Output = 1fd5a183be95c2d909deed31d686417d5c08bb88e6f75b150df330c8e7703bb8ccdffacb3e9ee3ff -+ -+ -+# [PRF=HMAC_SHA1] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=24_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:928c170199473291bf719a1985a13673afb8f298 -+Ctrl.hexinfo = hexinfo:f54388503cde2bf544db4c9510ff7a2759ba9b4e66da3baf41c90ce796d5ea7045bc27424afb03e137abfafe95158954c832090abdba02d86bab569d -+Output = 8c01160c72c925178d616a5c953df0a7 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:df7ecebec20e14be6db5d46af2769fe4e4ed689c -+Ctrl.hexinfo = hexinfo:308ec6953d4945f075d37932d5dd335c7de0d2e7899a8321724a50b52240191fcdf991520c47a25b04ce6eecc835e4265b623c68d687afc615f74ae5 -+Output = c2129eeb33ee6783b6b187e5ae884f8f5bd78ca224e5e01c04a68ecef376ea38 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:2539c58bba8ae61be8b867b767ad698eb1f52a0b -+Ctrl.hexinfo = hexinfo:9f6de21c93176f8814e9290a40149f749f946d376eb65f888eddcc4a24a58dbdbb3222fb53487e0abb08efff6d6a43511b18c40f489abe4013647273 -+Output = 20bc5ab8c27dd3f6f6fa5485f2eed8bd8b8b3d35 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:66002f224106971edc62a7c6957931b2097aabc3 -+Ctrl.hexinfo = hexinfo:f5fe599fac3bac5b10a4296b0783e2fc78cb498347ff3f74e2d9d230dfb6653e1a274e7bc37f0319eac2b0b48533b7be9d3633eed32101837ee460ff -+Output = c195b9139fee020eda70b8a161aef28474977412c0612afafe23b16b1594871548b5889b38e0cf2a -+ -+ -+# [PRF=HMAC_SHA1] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=32_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:f7591733c856593565130975351954d0155abf3c -+Ctrl.hexinfo = hexinfo:8e347ef55d5f5e99eab6de706b51de7ce004f3882889e259ff4e5cff102167a5a4bd711578d4ce17dd9abe56e51c1f2df950e2fc812ec1b217ca08d6 -+Output = 34fe44b0d8c41b93f5fa64fb96f00e5b -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:c1efb8d25affc61ed060d994fcd5017c2adfc388 -+Ctrl.hexinfo = hexinfo:b92fc055057fec71b9c53e7c44872423a57ed186d6ba66d980fecd1253bf71479320b7bf38d505ef79ca4d62d78ca662642cdcedb99503ea04c1dbe8 -+Output = 8db784cf90b573b06f9b7c7dca63a1ea16d93ee7d70ff9d87fa2558e83dc4eaa -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:e02ba5d5c410e855bbd13f840124273e6b864237 -+Ctrl.hexinfo = hexinfo:b14e227b4438f973d671141c6246acdc794eee91bc7efd1d5ff02a7b8fb044009fb6f1f0f64f35365fb1098e1995a34f8b70a71ed0265ed17ae7ae40 -+Output = f077c2d5d36a658031c74ef5a66aa48b4456530a -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA1 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:693adb9037184627ad300f176985bd379f388a95 -+Ctrl.hexinfo = hexinfo:7f09570c2d9304ec743ab845a8761c126c18f5cf72358eada2b5d1deb43dc6a0f4ff8f933bef7af0bcfacb33fa07f8ca04a06afe231835d5075996be -+Output = 52f55f51010e9bd78e4f58cab274ecafa561bd4e0f20da84f0303a1e5ff9bebc514361ec6df5c77e -+ -+ -+# [PRF=HMAC_SHA224] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=8_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:7e2f7a5ab3e82ef927a005308456823da473787bf33d18a864aca63f -+Ctrl.hexinfo = hexinfo:b35695a6e23a765105b87756468d442a53a60cd4225186dc94221c06c5d6f1e98462135656ebca90468a939f29112b811413567d498df9867914d94c -+Output = 10ba5c6ea609da8fa8abe8be552c97a1 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:667f72fc660e32943de386af9670c78e975c838cae91dca97f4f8508 -+Ctrl.hexinfo = hexinfo:e713e8c38e92c8ba0f0791cc4a0d00c98d8dda8f3137a775104e7aa65b5f04fed12ee78a88262b2931717b7ac5624162fd5f0307f4faef038dcc210c -+Output = 835b343242a489249eec3cd56384ea2a5b295e29a4430fec2aae0c8b9fa36d20 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:3344fb80fd655b16f08c78150516cbbc009fbdf1b510905f9113d275 -+Ctrl.hexinfo = hexinfo:dc2aa42084d645baeb822c0c1d9b8e200737e9a2c7dcd922d8f056d6c02552295d95a488758919724207eebb4c21887f71b51a2a7ce98827cf7af4bb -+Output = e281d09a31c57d053f0c2f902792c8bbb9a0f443 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:eb9386450d7b2da5492da5b139cf4b0b951a5b0c7d40c22ae2c20677 -+Ctrl.hexinfo = hexinfo:bd8b73969e3e2d7a943b937c3bffe3a9199d1cf27e289bb10c3b88696a5ae36b3b868b4fc6a20ca93dd0b328f3351f71ce656bb558fa33c74741398d -+Output = bc902dfba79fb4084339b6666c7f72b9f47675229dc24ec61068bb05082717eead35647ff147d7de -+ -+ -+# [PRF=HMAC_SHA224] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=16_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:093b2ce84c6175d1723fbe94b9ee963b6251d018fcf8c05c2e3e9b0b -+Ctrl.hexinfo = hexinfo:083e114aca1f97166551b03f27b135c0c802294aa4845a46170b26ec0549cb59c70a85557a3fc3a37d23eed6947d50f10c15baf5c52a7b918ca80bf5 -+Output = 94ced61c3665616d4a368f83a7283648 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:ffb5c9d920522477cb2ecf16ae1e075587b7598348e019df85ca3d43 -+Ctrl.hexinfo = hexinfo:252743519ab4e03f8bb0ed137e2d315aac5010b951645c7626c6f5a77c4a6c4e0b0b4030abf937141f7142bcd702678b15d2d4e8850e0570ec782c79 -+Output = 3d1813da0322201ed45ac2aaf3542843913bb32fd832a33a5dc94bad964bfe56 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:7f0ea811340cddbbf261d0260b0c98dec790133cffd2b04b8f8be2b1 -+Ctrl.hexinfo = hexinfo:0a744543acddf7d8c0a205372a0450e32631a33bb89ad2e3bb2d9766c248ab755fec152a6da866ef50baeab607d88e5177042056970013aa18f9fb1e -+Output = e55120e7848cf61254159e79c2ac47a9a906a73c -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:6e237178c4884e13470b6b4848b40389d9856311735da4eefa2f6f38 -+Ctrl.hexinfo = hexinfo:9cd9f9ad88471668f3b25515851fff63d3a886b8c6cf371eae159bab58f997b83eda5815567a142c4264978d8f24d24fe2d513c0eeaff983b86fdbd8 -+Output = 1e6638ea717338cfeb7dea373785c3c763bd5e509358e4940e9a4e4fd0a3e0347973858bc20243b8 -+ -+ -+# [PRF=HMAC_SHA224] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=24_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:f09e65e8de7500847b43bd95e6c3506e01aadd484e9699b027897542 -+Ctrl.hexinfo = hexinfo:c20f6188517b2ca10086b9f7f8d6f2d38d66f24193c037008d035f361c6bd74db26aef588a87aa8a1c3cdad2ba0207f7e7b39def0df797c4cb3bf614 -+Output = 73d30c2af54744eb1efb70429f8e303a -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:6079eafeba179a915e194b14e12ffee1e2bad56a62077897a4654e4b -+Ctrl.hexinfo = hexinfo:87686603814d619107aabfab85b4c4fe38ae1a5c2a4d78df12119871b8a4f85d583e7d842ee15e7fe03f61dd02b10784838ed163dc67cca43586d628 -+Output = d888a21e1a698654fa46288509ae7a28dc7b05e6fc696a909451c2437097056b -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:2efe2905a1b7e1993da0316f2a747be1e91415ca1e6ad14d04341fee -+Ctrl.hexinfo = hexinfo:4d283c0f6d209379facd8a26aa889780863cf6a81893dc3bd2c928a7f8d922ced9c829bf627d2c556441d0d41a1eb00c0deea78349429de56a275f04 -+Output = ec162b6ff6413f5eae9336fd489fab538d042db8 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:0b15638489d3ac7729a7db82797754e7a7c8d52da0cf3638a27a1a9c -+Ctrl.hexinfo = hexinfo:90988848764dacc6eeba817e0b74086b1233bca9d573717b8e3dd3bd23a532aac7db8b196e4c4702f54cc71bb8882dc776b0317457803a632b429776 -+Output = 481293e1e621ad8bab5c9f5090594bb2507a1456ee8ffc30db159cb5b02d69110c3e5270880bf4a7 -+ -+ -+# [PRF=HMAC_SHA224] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=32_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:f5cb7cc6207f5920dd60155ddb68c3fbbdf5104365305d2c1abcd311 -+Ctrl.hexinfo = hexinfo:4e5ac7539803da89581ee088c7d10235a10536360054b72b8e9f18f77c25af01019b290656b60428024ce01fccf49022d831941407e6bd27ff9e2d28 -+Output = 0adbaab43edd532b560a322c84ac540e -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:992815121d88ffb26c337606723c02ef317713086e2cfbbd37e1a167 -+Ctrl.hexinfo = hexinfo:152d974eb2719b9027d32054a327312361125959df9d96a1832e2056c2571d4f1cf45f6e8f6544c87f15861cef627d2f16e9b0b4ab799bb3362f4aae -+Output = 475eda3a32d569932e043db64dbf0e9bb0945b54dcdfa203be1a28524c147075 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:2eabb6b922c24326ef9ae3c192dfd341caf57efe15dd649772a2ac3b -+Ctrl.hexinfo = hexinfo:c75f6f5a1561aab39ea0e22702a6cf7dba3ca4dd9f046bb0abea2d3284168fd9fb39ff725523a660d21f8c2ade03d18d4273c52fb6f22c9e39d6bc2e -+Output = ae50acebe308a1cf1747b9b178a0720748fa5fe5 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA224 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:9b75e7fa216c884037c7d6953092ed335c4efd88ca57a742d6ac3221 -+Ctrl.hexinfo = hexinfo:12bea97865df99315259ff620302432ecafc9dce2619e87dfb4979410456a524434315dd3920e2b1aa1c79d5e07132a758a7b7b71ef10bcf1bb877f3 -+Output = 60071bd0ceea0fe0f879223b940d3de7dde02ca6858f8450fb9c0032e49f968ef9cd9b5703163dbc -+ -+ -+# [PRF=HMAC_SHA256] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=8_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:3edc6b5b8f7aadbd713732b482b8f979286e1ea3b8f8f99c30c884cfe3349b83 -+Ctrl.hexinfo = hexinfo:98e9988bb4cc8b34d7922e1c68ad692ba2a1d9ae15149571675f17a77ad49e80c8d2a85e831a26445b1f0ff44d7084a17206b4896c8112daad18605a -+Output = 6c037652990674a07844732d0ad985f9 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:f109513435d72f14863660dfc027118e47e13995ad44a02415c9c8f63d38675c -+Ctrl.hexinfo = hexinfo:53696208d6f42909136a575010e135e142e31f631d72386a631cc704e5ad4049a889422cd6da7f1805e59a273c6f4fa986bc3082952fca658979f1b0 -+Output = 1aaf080fd51b37585ea464a9c617bc3ab859cc78cbe1f2d5d557148ee36821a0 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:6ed1b41a1fc2ca8c7e09d5bccc410661683ec29d41a0fd01dd820a2e824ff672 -+Ctrl.hexinfo = hexinfo:f6dc72adbd8ad4ea91259b61237a042a02546f37d58d933d3efadc54a5e1936a8faf70c33e707c473125bd5006b7dfa6883c04bf27cf53010e1d10bc -+Output = 4090ee711fa361f03267a6ff2a5ace977c8c1db5 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:63a657fb6c5bacb9a124d3e7db8bbb7d42bfdfaf8f04cb6359cd888c70669652 -+Ctrl.hexinfo = hexinfo:2697b6ec112cab4d6f1714c991c17d44fb36a0b6ef0b0f5451619ab248950f56f403215c78711aa563683ced05be7246f32574fa294f162dbbeb3dee -+Output = 1992e75756fa64734d5caecc5f6420fcb28b8b90421eee97dc8b6140ce18518405688bea489d2aaa -+ -+ -+# [PRF=HMAC_SHA256] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=16_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:743434c930fe923c350ec202bef28b768cd6062cf233324e21a86c31f9406583 -+Ctrl.hexinfo = hexinfo:9bdb8a454bd55ab30ced3fd420fde6d946252c875bfe986ed34927c7f7f0b106dab9cc85b4c702804965eb24c37ad883a8f695587a7b6094d3335bbc -+Output = 19c8a56db1d2a9afb793dc96fbde4c31 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:365592398d23d31f2cac8bf6211f1ad5f52608efcdc5997b144ea6ded3866cf6 -+Ctrl.hexinfo = hexinfo:07dce524556d3f68d2d91d4c15c9c6212635e0df1aef54938490db46f98737064d6a5624d7f938c263af01e632c45d9fe7a871b67f7d4bf110796eb4 -+Output = 5624c6911dc1b08e090c8c95347adf17895b696aae211932cde3ec8227fcbea8 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:c104e187e344668997b7bd9c8cdf097320518dd7dbcb541c414418b55b58cbb2 -+Ctrl.hexinfo = hexinfo:32f6bd59840c61909f2f92f98f54bd238083577e33c3d071c1abe4c694bd87c1ad235eb9a2d272b3dc67c955574d5e6cad84615120476d6e7e04f51f -+Output = 1b5d9e60aa909aeb973e76d9bf6be208327bb096 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:d4349c26108719debacc04e166a09063ffb5e17bcbaf8738dc2618aa7d1e97ae -+Ctrl.hexinfo = hexinfo:da1f5ed45ead428689b0ecca9dbc2569e76953cda0df085499cca6d5949d8995e1e42bbdc94b0dd78c164867c364a64c894de85294ad89d267ff443d -+Output = 00550ae0f29a2373269af175e7f829ec32c3d05099a39f8c0e02caa00b68afb7457669334383ffb2 -+ -+ -+# [PRF=HMAC_SHA256] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=24_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:388e93e0273e62f086f52f6f5369d9e4626d143dce3b6afc7caf2c6e7344276b -+Ctrl.hexinfo = hexinfo:697bb34b3fbe6853864cac3e1bc6c8c44a4335565479403d949fcbb5e2c1795f9a3849df743389d1a99fe75ef566e6227c591104122a6477dd8e8c8e -+Output = d697442b3dd51f96cae949586357b9a6 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:f5207566ad012002ae6f2b501f0c24180228345889c20616d043b868a76d015a -+Ctrl.hexinfo = hexinfo:f36dbc8d1dfda60d4ba05214f8773aaa9f01944150bca68812d0d8deb5492f3f68f09809ba5e8b89e9dca86c70f6f353b3d5f49ef27e2fd01cfa911d -+Output = 0faed440796a0685a24a1c5e1cacde566c7a1a4189885229251c6308a53c3f6e -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:e2758918edcf15d957a556055602d283dbdf9c95b6025a3cddf1eeac1e0ac889 -+Ctrl.hexinfo = hexinfo:eda2f792580d6129b43e7b89c661786a29ab502ec6198f4a2bec6d0ffca1a75b8807d4313e7bf769a94fbf4b41c4cc309358a211105312c05818d8f3 -+Output = 67e3273b2cfa4c663377f5841606679aee420dce -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:c9063598d6cf8660300073b5c25603baf3ade910c182deea15d8107d6f6be295 -+Ctrl.hexinfo = hexinfo:22d27eec90c2dd4ae5cf4a705abecfd781b9051ba512b048ea9499364b791e9cdf63215db43680dacffe6f19d77fc93f8a46d84dd52146389d9ec308 -+Output = f3a5b521b435a8c83eaf2d264b5b1a6dcc32c21b4897511203f97f01f2a691eef080b4cd7ca4fc38 -+ -+ -+# [PRF=HMAC_SHA256] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=32_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:dd1d91b7d90b2bd3138533ce92b272fbf8a369316aefe242e659cc0ae238afe0 -+Ctrl.hexinfo = hexinfo:01322b96b30acd197979444e468e1c5c6859bf1b1cf951b7e725303e237e46b864a145fab25e517b08f8683d0315bb2911d80a0e8aba17f3b413faac -+Output = 10621342bfb0fd40046c0e29f2cfdbf0 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:e204d6d466aad507ffaf6d6dab0a5b26152c9e21e764370464e360c8fbc765c6 -+Ctrl.hexinfo = hexinfo:7b03b98d9f94b899e591f3ef264b71b193fba7043c7e953cde23bc5384bc1a6293580115fae3495fd845dadbd02bd6455cf48d0f62b33e62364a3a80 -+Output = 770dfab6a6a4a4bee0257ff335213f78d8287b4fd537d5c1fffa956910e7c779 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:dc60338d884eecb72975c603c27b360605011756c697c4fc388f5176ef81efb1 -+Ctrl.hexinfo = hexinfo:44d7aa08feba26093c14979c122c2437c3117b63b78841cd10a4bc5ed55c56586ad8986d55307dca1d198edcffbc516a8fbe6152aa428cdd800c062d -+Output = 29ac07dccf1f28d506cd623e6e3fc2fa255bd60b -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA256 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:c4bedbddb66493e7c7259a3bbbc25f8c7e0ca7fe284d92d431d9cd99a0d214ac -+Ctrl.hexinfo = hexinfo:1c69c54766791e315c2cc5c47ecd3ffab87d0d273dd920e70955814c220eacace6a5946542da3dfe24ff626b4897898cafb7db83bdff3c14fa46fd4b -+Output = 1da47638d6c9c4d04d74d4640bbd42ab814d9e8cc22f4326695239f96b0693f12d0dd1152cf44430 -+ -+ -+# [PRF=HMAC_SHA384] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=8_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:0be1999848a7a14a555649048fcadf2f644304d163190dc9b23a21b80e3c8c373515d6267d9c5cfd31b560ffd6a2cd5c -+Ctrl.hexinfo = hexinfo:11340cfbdb40f20f84cac4b8455bdd76c730adcecd0484af9011bacd46e22ff2d87755dfb4d5ba7217c37cb83259bdbe0983cc716adc2e6c826ed53c -+Output = c2ea7454de25afb27065f4676a392385 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:218f47301a3adf39a4e1ddc25a1df2b7db53d7780c207f47ab4cefcaa960ed82cb6cbc34b97b4c332d52ca81cc40cb9a -+Ctrl.hexinfo = hexinfo:60dcb116d7cfd3cca7315c9dc7e9650f886b67d9fbcd98c226239a0f66eff075da23c6cb750a2129ae71b9582934f57423a815249cac2c61f958b35d -+Output = 26b01d94c4dd51a9c8b54f78647257f9e937a8d67dffa78f85749cdfb22db620 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:426c4facbacecb654555bc9843f9864a53e14c9a5e19600abf57b03cf8b6f825f71191eaaf3cfd70961314acbf1e6e29 -+Ctrl.hexinfo = hexinfo:d224dc52dd16bde3391fab24fa875b695d63215e182efa970537904f4cd1d7f929f87c17fa97bd490f10cfc3bb80353ea4a4bb403f79e18677c39d29 -+Output = 431c73810e9fe4f4982202f55eb5f0212f302142 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:522a72c006a6b77911915c78952dd61848725a4b0789b2cfce3b29d947d9faa145417740c0365bd81a860a600012543b -+Ctrl.hexinfo = hexinfo:4a3cd102c4b95fe193660c4c174f02c725207449b785edb8fa8c4404f01a25bef3238637d3bae370758332c678deb578322e031ec3970876600196d2 -+Output = 2f5d52226949aecfe6359561a5fdd87a843457019e24faacacedd34177cda6cba18cc78cc8c78cef -+ -+ -+# [PRF=HMAC_SHA384] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=16_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:26ef897e4b617b597f766ec8d8ccf44c543e790a7d218f029dcb4a3695ae2caccce9d3e935f6741581f2f53e49cd46f8 -+Ctrl.hexinfo = hexinfo:bc2c728f9dc6db426dd4e85fdb493826a31fec0607644209f9bf2264b6401b5db3004c1a76aa08d93f08d3d9e2ba434b682e480004fb0d9271a8e8cd -+Output = a43d31f07f0ee484455ae11805803f60 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:269cce234dd4783067ceaa04a70deb1c9700acf705548495767c22f78493851ca9c699077a002874caacb760106016c6 -+Ctrl.hexinfo = hexinfo:f64bfb4bdaac81b5801d2f9f08bc2e4d009990b67290fd49b3730c3a145696447aceae6a82f7508a19c396a548c9c33d943dab82b2538c18b8eee871 -+Output = ab4182261c5d9c0d23a26477f14a507dd7f5e9550d04f48de29e644ed55f3406 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:ec71de96c9520386f9d11bebe474bae0c0549e2b2e8fda6b2336050ee3acbec38bc57d56e6422d3cd493ead69772a059 -+Ctrl.hexinfo = hexinfo:4313d1efba21dded84ce12bf80b1be54400619d3bb1987f18bf85400e335103969e77c819a5360cf1dd3f4addb6b8eec0199508c75adfe2cfc067dc8 -+Output = 8e37ecc86dcb5ee7cf48d8a07f06c47cdce624cc -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:afe2d3a4746792908aca8ece67ba8562382000b4e26122414b3ef2e120511bae68448955cf186be87caf69eaced47e87 -+Ctrl.hexinfo = hexinfo:1f6dd0b17fed7f479c4f62927291a95292a4e232441c30ffcaa1d347543e50db939360bb37976eacb911f76c38ad8cce12a0c263875bbcd7f6011ffd -+Output = 17b671ca433cea81384b03b69c26a55257085cdfa48e6d8529431464bd439a881de560294afb0073 -+ -+ -+# [PRF=HMAC_SHA384] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=24_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:4fab4f1e3512b5f443ec31d2f6425d5f0fc13a5f82c83f72788a48a1bd499495ff18fb7acc0d4c1666c99db12e28f725 -+Ctrl.hexinfo = hexinfo:f0f010f99fbd8ec1bd0f23cd12bb41b2b8acb8713bb031f927e439f616e6ae27aed3f5582f8206893deea1204df125cedce35ce2b01b32bcefb388fd -+Output = c3c263b5aa6d0cfe5304a7c9d21a44ba -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:af3cd100d14dcb5e63f8915eced4b59477936c48e0e2b9232449a97d53d3eddf9e00bf44a8f2370c38a13434c13e0977 -+Ctrl.hexinfo = hexinfo:81f178f11615309844af84e163ff694f1936f7528aba6f0e60d41b4afac87e9dd48fbb5aebe534733f576950484aab15b386b468a055a1e0be8982c0 -+Output = 0b52be4ebd8b2116df895a42317ac78808993673c99da6391f0eee13cc8470fa -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:fc3ba84439d8b7ead37ac6c825e088fc80152788bbc9c68569213dd6189d5fd552c37ab73b3d53ee9809a485194fb3cd -+Ctrl.hexinfo = hexinfo:df5728d5d146898b68d8713aa8053d03db52b7227d502d3effcd51a22d52ecd9175a4b01d2f27ecfc8abf02c1dd80f5c90a5e01396c1107dddb02226 -+Output = 87ff36ca26778fcaf4f9209d38095c55c40f5e22 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:08d867a61b13cd8c79d3a1cbec3493925ece900e06993063bc0dfe0247cd059ba50a5fb6afc65ac469793817a1f2dfee -+Ctrl.hexinfo = hexinfo:af0c83a659267869bd7cde387bf1c29c9c0ff3c6cabf512c73fd671748e4e9e49218de9350fc0dde27839eb1e2878f900689abeb7b540c70203e5a95 -+Output = 3fef69d875b9b6047c33f295619f6e7c7125c875d55409500100f71bee6551d511327fbde607ac41 -+ -+ -+# [PRF=HMAC_SHA384] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=32_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:216ed044769c4c3908188ece61601af8819c30f501d12995df608e06f5e0e607ab54f542ee2da41906dfdb4971f20f9d -+Ctrl.hexinfo = hexinfo:638e9506a2c7be69ea346b84629a010c0e225b7548f508162c89f29c1ddbfd70472c2b58e7dc8aa6a5b06602f1c8ed4948cda79c62708218e26ac0e2 -+Output = d4b144bb40c7cabed13963d7d4318e72 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:8fca201473433f2dc8f6ae51e48de1a5654ce687e711d2d65f0dc5da6fee9a6a3db9d8535d3e4455ab53d35850c88272 -+Ctrl.hexinfo = hexinfo:195bd88aa2d4211912334fe2fd9bd24522f7d9fb08e04747609bc34f2538089a9d28bbc70b2e1336c3643753cec6e5cd3f246caa915e3c3a6b94d3b6 -+Output = f51ac86b0f462388d189ed0197ef99c2ff3a65816d8442e5ea304397b98dd11f -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:bc3157b8932e88d1b1cf8e4622137010a242d3527b1d23d6d9c0db9cc9edfc20e5135de823977bf4defafae44d6cdab6 -+Ctrl.hexinfo = hexinfo:b42a8e43cc2d4e5c69ee5e4f6b19ff6b8071d26bab4dfe45650b92b1f47652d25162d4b61441d8448c54918ae568ae2fb53091c624dbfffacee51d88 -+Output = 91314bdf542162031643247d6507838eaba50f1a -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA384 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:582f968a54b8797b9ea8c655b42e397adb73d773b1984b1e1c429cd597b8015d2f91d59e4136a9d523bf6491a4733c7a -+Ctrl.hexinfo = hexinfo:e6d3c193eff34e34f8b7b00e66565aeb01f63206bb27e27aa281592afc06ae1ec5b7eb97a39684ce773d7c3528f2667c1f5d428406e78ce4cf39f652 -+Output = 691726c111e5030b5f9657069107861ecc18bc5835a814c3d2e5092c901cb1fb6c1a7cd3eb0be2a7 -+ -+ -+# [PRF=HMAC_SHA512] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=8_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:6ea2c385bb3e7bbafc2225cee1d3ee103ce300c1fdf033d0c1e99c57e6a596e037020838e857c0434040b58a5ca5410be672b888ef9955bdd54eb6a67416ff6a -+Ctrl.hexinfo = hexinfo:be119901ed8679b243508b97663f35da322774d7d2012d6557da6657c1176a115ebc73b0f1bfa1dba6b8c3b124f0a47cff2998b230c955b0ea809784 -+Output = e0755fa6f116ef7a8e8361f47fd57511 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:0ef984d7b4ee76f5c9e080b27f45ccab4ac2362c4cafa68198786b18e239d0f69ee62148373643ad9aa42474700348ef651fee9973130a42e76b7e7633eba1e9 -+Ctrl.hexinfo = hexinfo:56ece7c14c1fc5467f8316f3a931a7ddfa490969f442d7a132f3755809f6ca11dbc9c6493a541c244c32be6656e13ef2868cb79415b807b3882f00d2 -+Output = 19aa765affdd3cc7294b2c97e1bd5adc368523a3283c387d0719761e938f83db -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:a35728d4ec0d7e94019a45d52264e5cd63c7540c21e30a9882d8d531cbb510edaa78e42c03994c18d8efcf7f826a1a9fdbbbacc55c640e7b532cc08e0615a093 -+Ctrl.hexinfo = hexinfo:f501cc527bad6fe5d8e4f1f0f53d416ab17235f380f7e0d1c90dca18206af1fb1d977551e2e0e25c1fe41a8f825fbae2c07c94b768e98ad5ab8ddb2e -+Output = 54cf238101418ce050eee03aae0c39c4602ab838 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:8 -+Ctrl.hexkey = hexkey:baed493b0294c9a5dbbe4547a30f0602c6124cedb549b45cff0ee4f3689a7ae5b695e5ecdfebf611bba1174e5e3a8824383e555daef396dc58c2842f77d5a674 -+Ctrl.hexinfo = hexinfo:1371182cb0725416b1eccf4ac9fb20cf4e0f77e7d006a531e0ab2b2b46e0859473dad9dcae65ba5eb902228787dae19e735d002c919a4b74012f8904 -+Output = 09bb55c9f3cee604f4bc5544a802be8b02b34b99f7928ceee696221975f947905f1b5979d9d4c2a1 -+ -+ -+# [PRF=HMAC_SHA512] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=16_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:bb0c55c7201ceb2e1369a6c49e2cdc1ae5e4cd1d64638105072c3a9172b2fa6a127c4d6d55132585fb2644b5ae3cf9d347875e0d0bf80945eaabef3b4319605e -+Ctrl.hexinfo = hexinfo:89bf925033f00635c100e2c88a98ad9f08cd6a002b934617d4ebfffc0fe9bca1d19bd942da3704da127c7493cc62c67f507c415e4cb67d7d0be70005 -+Output = 05efd62522beb9bfff6492ecd24501a7 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:393eb889e9c2f251b95aa147d53e4cd029fd0391110be9c6b2f8ba32857864847c448a9a591686de88da7486d0a0f0f8c927560fa8f79c30e66a7efaacaa638f -+Ctrl.hexinfo = hexinfo:116bf7f9e5eb884c86cd0d3a2b33d41de7735677e6bd727e83fbde5c8113de56bf84c9f80610db760ae2df73f4f0db9df0cc1655ea9bc98bb06beeda -+Output = 212e4e4057a6871e166e7563205833bc7f01e86c724b6a61166d9311c55b5044 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:eeec4383a808fae57f24a7a5eb6157cca66483a613590c89ed39f59617ea97fcfa7cdfc83ba8140fa0d8542263d6423a9bcca70e11addb7a646f194ff0878cac -+Ctrl.hexinfo = hexinfo:b2565a20171eef1eaa04728e6c369405b251062bbd0a2b9171c8c6fedf0ff783691db787f153bbf5167301808f768a03df0deec99f2b9efb90cab571 -+Output = 4f31b7bcd54c74d8a7d31aca187b8736f0a59db7 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:16 -+Ctrl.hexkey = hexkey:62690d8ef259d175911d8eb52a331af29a8e3b797c4b315a67fa5cd1b00e585b2f7d97341284d0fcaa15a080732f7958e3b33e938e730623d1e651dbea9b2233 -+Ctrl.hexinfo = hexinfo:266535b58de26ed62f936bc7147c8c3b31ee0c1bb92c5ef63699ac7225e01cec5afd2e6e39cf095882324c7dc94b0daa2befc50f790da0547d7c6184 -+Output = 9336a88737d9ae01b5c43be5789c8545689557aad295ea3c03d2a2e0143603365fea1656175c20bf -+ -+ -+# [PRF=HMAC_SHA512] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=24_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:d10933b0683f6787c33eccea1c311b8444270504fb3980bfd56443ba4068722184c31541d9174f71068b7789440bc34cec456e115067f9c65a5f2883c6868204 -+Ctrl.hexinfo = hexinfo:dcb2ea8d715821d6393bd49a3e35f69a6c2519edb614f80fbc3f7ae1d65ff4a04c499e75d08819a09092ddaadba510e03cb2ac898804590dbd61fb7e -+Output = 876d73040d03d569e2fcae33b241d98e -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:44e6e9abd8572a19ba127dfa2ca6a1b53beaef8c19a1ec5b67f1f6f7919671cd80ade7ded7c0f096525936ef427b152339de915f024964ca9ea908a120e2553a -+Ctrl.hexinfo = hexinfo:c2884a0c3ea2ff5b0bc848698f49f2c59eff511d77caddba897dec7714a0984e54f330dd9e9fdca9c033dfbc36d3293eca0ce7601e316463966ad4fd -+Output = b294537440bec490953bf6e9a77c4510536916b84a5a2f45b5bf9f76666d8f12 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:a39131ca2f8df817ea2f155aac72d58a696d915b66b7cbe172a0f48a407aa8af0edbaea051eb027fe8fcc435cc7f160feeb57bd39a39d94104fe35167dac1aae -+Ctrl.hexinfo = hexinfo:52b6d1f6381fc3dd44baf1c9d36f0c313e58bf4fdb936b78103afdb90373079de90e4bb7d7089e65e0aef23f2a34df5198b8392aac705eb998c1f8cd -+Output = e707c910b4db3a648815fcad5ca7af18e5354c2e -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:24 -+Ctrl.hexkey = hexkey:af5a39f0303b11bca55584ce24162dabd1625aed14ce54f9e407866e03efb24b12a36e164f96faf36bc92a08acd194285107173fb84caef787672d6471028459 -+Ctrl.hexinfo = hexinfo:1cd84829b89d3149948967494aece985f1df3d7ec7735e8cc468bb3e6fdb50964d32dcde5521a82402577371047bf77e34714437e9d213561055b9db -+Output = a0e81b336a6f4ab395aada28314d8ba96b9216ae389b01aaec158e166239e554a217e69f603988fb -+ -+ -+# [PRF=HMAC_SHA512] -+# [CTRLOCATION=BEFORE_FIXED] -+# [RLEN=32_BITS] -+ -+# COUNT=0 -+# L = 128 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:dd5dbd45593ee2ac139748e7645b450f223d2ff297b73fd71cbcebe71d41653c950b88500de5322d99ef18dfdd30428294c4b3094f4c954334e593bd982ec614 -+Ctrl.hexinfo = hexinfo:b50b0c963c6b3034b8cf19cd3f5c4ebe4f4985af0c03e575db62e6fdf1ecfe4f28b95d7ce16df85843246e1557ce95bb26cc9a21974bbd2eb69e8355 -+Output = e5993bf9bd2aa1c45746042e12598155 -+ -+# COUNT=10 -+# L = 256 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:5be2bf7f5e2527e15fe65cde4507d98ba55457006867de9e4f36645bcff4ca38754f92898b1c5544718102593b8c26d45d1fceaea27d97ede9de8b9ebfe88093 -+Ctrl.hexinfo = hexinfo:004b13c1f628cb7a00d9498937bf437b71fe196cc916c47d298fa296c6b86188073543bbc66b7535eb17b5cf43c37944b6ca1225298a9e563413e5bb -+Output = cee0c11be2d8110b808f738523e718447d785878bbb783fb081a055160590072 -+ -+# COUNT=20 -+# L = 160 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:9dd03864a31aa4156ca7a12000f541680ce0a5f4775eef1088ac13368200b447a78d0bf14416a1d583c54b0f11200ff4a8983dd775ce9c0302d262483e300ae6 -+Ctrl.hexinfo = hexinfo:037369f142d669fca9e87e9f37ae8f2c8d506b753fdfe8a3b72f75cac1c50fa1f8620883b8dcb8dcc67adcc95e70aa624adb9fe1b2cb396692b0d2e8 -+Output = 96e8d1bc01dc95c0bf42c3c38fc54c090373ced4 -+ -+# COUNT=30 -+# L = 320 -+KDF = KBKDF -+Ctrl.mode = mode:COUNTER -+Ctrl.digest = digest:SHA512 -+Ctrl.mac = mac:HMAC -+Ctrl.use-l = use-l:0 -+Ctrl.use-separator = use-separator:0 -+Ctrl.r = r:32 -+Ctrl.hexkey = hexkey:a9f4a2c5af839867f5db5a1e520ab3cca72a166ca60de512fd7fe7e64cf94f92cf1d8b636175f293e003275e021018c3f0ede495997a505ec9a2afeb0495be57 -+Ctrl.hexinfo = hexinfo:8e9db3335779db688bcfe096668d9c3bc64e193e3529c430e68d09d56c837dd6c0f94678f121a68ee1feea4735da85a49d34a5290aa39f7b40de435f -+Output = 6db880daac98b078ee389a2164252ded61322d661e2b49247ea921e544675d8f17af2bf66dd40d81 -+ diff --git a/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch b/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch index cd61840..5dcc34c 100644 --- a/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch +++ b/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch @@ -1,4 +1,4 @@ -From b9e2912acb72837b2fdef5cd8f96dc4e0d2a8fea Mon Sep 17 00:00:00 2001 +From 033a4a68f259e32ea58e5a9f478f59d7dabe70af Mon Sep 17 00:00:00 2001 From: Clemens Lang Date: Tue, 1 Mar 2022 15:44:18 +0100 Subject: [PATCH 23/38] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = @@ -13,7 +13,7 @@ References: rhbz#2055796 4 files changed, 79 insertions(+), 18 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 9384f1da9bad9e104550ff270d9ae8dc61da073d..859d5caf4529e193336022bc8a4bdd640df26066 100644 +index d19efeaa99..451fa10bf2 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -25,6 +25,7 @@ @@ -24,7 +24,7 @@ index 9384f1da9bad9e104550ff270d9ae8dc61da073d..859d5caf4529e193336022bc8a4bdd64 #include "crypto/x509.h" #include "x509_local.h" -@@ -3430,14 +3431,30 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) +@@ -3438,14 +3439,30 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) { int secbits = -1; int level = ctx->param->auth_level; @@ -57,10 +57,10 @@ index 9384f1da9bad9e104550ff270d9ae8dc61da073d..859d5caf4529e193336022bc8a4bdd64 return secbits >= minbits_table[level - 1]; } diff --git a/doc/man5/config.pod b/doc/man5/config.pod -index f7ac6a743b44c786cf18ccf2ed28105855ceb3ac..f850075d2d0da73e2ab8fc402b1884d3ef6254a8 100644 +index e5a88d11aa..2d5649f90b 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod -@@ -313,7 +313,12 @@ When set to B, any attempt to create or verify a signature with a SHA1 +@@ -305,7 +305,12 @@ When set to B, any attempt to create or verify a signature with a SHA1 digest will fail. For compatibility with older versions of OpenSSL, set this option to B. This setting also affects TLS, where signature algorithms that use SHA1 as digest will no longer be supported if this option is set to @@ -75,7 +75,7 @@ index f7ac6a743b44c786cf18ccf2ed28105855ceb3ac..f850075d2d0da73e2ab8fc402b1884d3 =item B (deprecated) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd6d7a06ed 100644 +index 8bc550ea5b..a9d21a6a96 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -20,6 +20,7 @@ @@ -86,7 +86,7 @@ index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd #include "internal/sslconf.h" #include "internal/nelem.h" #include "internal/sizes.h" -@@ -1566,19 +1567,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) +@@ -1567,19 +1568,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST); return 0; } @@ -127,7 +127,7 @@ index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd } /* Store the sigalg the peer uses */ s->s3.tmp.peer_sigalg = lu; -@@ -2116,6 +2125,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) +@@ -2117,6 +2126,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) } } @@ -142,7 +142,7 @@ index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd /* Finally see if security callback allows it */ secbits = sigalg_security_bits(s->ctx, lu); sigalgstr[0] = (lu->sigalg >> 8) & 0xff; -@@ -2985,6 +3002,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) +@@ -2986,6 +3003,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) { /* Lookup signature algorithm digest */ int secbits, nid, pknid; @@ -151,7 +151,7 @@ index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd /* Don't check signature if self signed */ if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) return 1; -@@ -2993,6 +3012,25 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) +@@ -2994,6 +3013,25 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) /* If digest NID not defined use signature NID */ if (nid == NID_undef) nid = pknid; @@ -178,19 +178,19 @@ index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd return ssl_security(s, op, secbits, nid, x); else diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t -index 2a4c36e86daff04f87ad4726a9fb359d958189bf..309cda877d15ff18f5e492c05372f5c9f1393525 100644 +index f69af793e4..a7481254e1 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -29,7 +29,7 @@ sub verify { run(app([@args])); } --plan tests => 164; -+plan tests => 163; +-plan tests => 175; ++plan tests => 174; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), -@@ -419,8 +419,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0" +@@ -439,8 +439,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0" ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ), "CA with PSS signature using SHA256"); @@ -203,5 +203,5 @@ index 2a4c36e86daff04f87ad4726a9fb359d958189bf..309cda877d15ff18f5e492c05372f5c9 ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"), "PSS signature using SHA256 and auth level 2"); -- -2.39.1 +2.40.1 diff --git a/0053-Add-SHA1-probes.patch b/0053-Add-SHA1-probes.patch deleted file mode 100644 index e0493a3..0000000 --- a/0053-Add-SHA1-probes.patch +++ /dev/null @@ -1,238 +0,0 @@ -From 428369896db1656af748a67bb36fba039e7b39ad Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Mon, 25 Apr 2022 15:21:46 +0200 -Subject: [PATCH] Instrument SHA-1 signatures with USDT probes - -In order to discover remaining uses of SHA-1 in signatures without -forcefully breaking the code paths, add USDT probes that can be queried -with systemtap at runtime. - -This should allow identifying components that still use SHA-1 signatures -in production so that they can be transitioned to more modern hash -algorithms. ---- - crypto/evp/m_sigver.c | 13 +++++++++---- - crypto/evp/pmeth_lib.c | 13 +++++++++---- - crypto/x509/x509_vfy.c | 6 +++++- - providers/common/securitycheck.c | 22 +++++++++++++++------- - providers/common/securitycheck_default.c | 13 +++++++++++-- - ssl/t1_lib.c | 8 +++++++- - 6 files changed, 56 insertions(+), 19 deletions(-) - -diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c -index 8da2183ce0..c17cdfa5d5 100644 ---- a/crypto/evp/m_sigver.c -+++ b/crypto/evp/m_sigver.c -@@ -16,6 +16,8 @@ - #include "internal/numbers.h" /* includes SIZE_MAX */ - #include "evp_local.h" - -+#include -+ - typedef struct ossl_legacy_digest_signatures_st { - int allowed; - } OSSL_LEGACY_DIGEST_SIGNATURES; -@@ -336,10 +338,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) - && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) { - int mdnid = EVP_MD_nid(ctx->reqdigest); -- if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0) -- && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) { -- ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); -- goto err; -+ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) { -+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)) { -+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); -+ goto err; -+ } else { -+ DTRACE_PROBE1(libcrypto, fedora_do_sigver_init_1, mdnid); -+ } - } - } - -diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c -index b96f148c0d..54fcf24945 100644 ---- a/crypto/evp/pmeth_lib.c -+++ b/crypto/evp/pmeth_lib.c -@@ -37,6 +37,8 @@ - #include "internal/sslconf.h" - #include "evp_local.h" - -+#include -+ - #ifndef FIPS_MODULE - - static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx, -@@ -956,10 +958,13 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, - && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf) - && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) { - int mdnid = EVP_MD_nid(md); -- if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) -- && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) { -- ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); -- return -1; -+ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) { -+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) { -+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); -+ return -1; -+ } else { -+ DTRACE_PROBE1(libcrypto, fedora_evp_pkey_ctx_set_md_1, mdnid); -+ } - } - } - -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index bf0c608839..78638ce80e 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -29,6 +29,8 @@ - #include "crypto/x509.h" - #include "x509_local.h" - -+#include -+ - /* CRL score values */ - - #define CRL_SCORE_NOCRITICAL 0x100 /* No unhandled critical extensions */ -@@ -3462,11 +3464,13 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) - - if ((nid == NID_sha1 || nid == NID_md5_sha1) - && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) -- && ctx->param->auth_level < 2) -+ && ctx->param->auth_level < 2) { -+ DTRACE_PROBE1(libcrypto, fedora_check_sig_level_1, nid); - /* When rh-allow-sha1-signatures = yes and security level <= 1, - * explicitly allow SHA1 for backwards compatibility. Also allow - * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ - return 1; -+ } - - return secbits >= minbits_table[level - 1]; - } -diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c -index e534ad0a5f..bf496450cf 100644 ---- a/providers/common/securitycheck.c -+++ b/providers/common/securitycheck.c -@@ -21,6 +21,8 @@ - #include "prov/securitycheck.h" - #include "internal/sslconf.h" - -+#include -+ - /* - * FIPS requires a minimum security strength of 112 bits (for encryption or - * signing), and for legacy purposes 80 bits (for decryption or verifying). -@@ -238,11 +240,14 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, - # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ - - #ifndef FIPS_MODULE -- if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) -- /* SHA1 is globally disabled, check whether we want to locally allow -- * it. */ -- if (mdnid == NID_sha1 && !sha1_allowed) -+ if (mdnid == NID_sha1 && !sha1_allowed) { -+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) -+ /* SHA1 is globally disabled, check whether we want to locally allow -+ * it. */ - mdnid = -1; -+ else -+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_get_approved_nid_with_sha1_1, mdnid); -+ } - #endif - - return mdnid; -@@ -258,9 +263,12 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md) - #ifndef FIPS_MODULE - { - int mdnid = EVP_MD_nid(md); -- if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) -- && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) -- return 0; -+ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) { -+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) -+ return 0; -+ else -+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_is_allowed_1, mdnid); -+ } - } - #endif - -diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c -index ce54a94fbc..2d21e4a7df 100644 ---- a/providers/common/securitycheck_default.c -+++ b/providers/common/securitycheck_default.c -@@ -17,6 +17,8 @@ - #include "internal/nelem.h" - #include "internal/sslconf.h" - -+#include -+ - /* Disable the security checks in the default provider */ - int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) - { -@@ -40,9 +42,16 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, - - ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0); - mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed); -+ if (mdnid == NID_sha1) -+ /* This will only happen if SHA1 is allowed, otherwise mdnid is -1. */ -+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_rsa_sign_get_md_nid_1, mdnid); - if (mdnid == NID_undef) - mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid)); -- if (mdnid == NID_md5_sha1 && !ldsigs_allowed) -- mdnid = -1; -+ if (mdnid == NID_md5_sha1) { -+ if (ldsigs_allowed) -+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_rsa_sign_get_md_nid_2, mdnid); -+ else -+ mdnid = -1; -+ } - return mdnid; - } -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index 0b50266b69..d05e696a28 100644 ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -28,6 +28,8 @@ - #include "ssl_local.h" - #include - -+#include -+ - static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey); - static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu); - -@@ -1569,6 +1571,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) - /* When rh-allow-sha1-signatures = yes and security level <= 1, - * explicitly allow SHA1 for backwards compatibility. Also allow - * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ -+ DTRACE_PROBE1(libssl, fedora_tls12_check_peer_sigalg_1, lu->hash); - } else { - /* - * Make sure security callback allows algorithm. For historical -@@ -2122,6 +2125,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) - /* When rh-allow-sha1-signatures = yes and security level <= 1, - * explicitly allow SHA1 for backwards compatibility. Also allow - * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ -+ DTRACE_PROBE1(libssl, fedora_tls12_sigalg_allowed_1, lu->hash); - return 1; - } - -@@ -3020,11 +3024,13 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) - && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) - && ((s != NULL && SSL_get_security_level(s) < 2) - || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2) -- )) -+ )) { - /* When rh-allow-sha1-signatures = yes and security level <= 1, - * explicitly allow SHA1 for backwards compatibility. Also allow - * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */ -+ DTRACE_PROBE1(libssl, fedora_ssl_security_cert_sig_1, nid); - return 1; -+ } - - if (s) - return ssl_security(s, op, secbits, nid, x); --- -2.35.1 - diff --git a/0056-strcasecmp.patch b/0056-strcasecmp.patch index da64805..a2c8d6e 100644 --- a/0056-strcasecmp.patch +++ b/0056-strcasecmp.patch @@ -1,15 +1,13 @@ diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num --- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200 +++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200 -@@ -5425,6 +5425,8 @@ ASN1_item_d2i_ex - OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: - OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: - OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP +@@ -5425,4 +5425,6 @@ ASN1_item_d2i_ex + EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION: + BN_are_coprime 5564 3_1_0 EXIST::FUNCTION: + OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP +OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION: +OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION: ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: - ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: - ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c --- openssl-3.0.7/crypto/o_str.c.cmp 2022-11-25 12:50:22.449760653 +0100 +++ openssl-3.0.7/crypto/o_str.c 2022-11-25 12:51:19.416350584 +0100 diff --git a/0060-FIPS-KAT-signature-tests.patch b/0060-FIPS-KAT-signature-tests.patch deleted file mode 100644 index 184b150..0000000 --- a/0060-FIPS-KAT-signature-tests.patch +++ /dev/null @@ -1,420 +0,0 @@ -diff -up openssl-3.0.1/crypto/ec/ec_backend.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_backend.c ---- openssl-3.0.1/crypto/ec/ec_backend.c.fips_kat_signature 2022-04-04 15:49:24.786455707 +0200 -+++ openssl-3.0.1/crypto/ec/ec_backend.c 2022-04-04 16:06:13.250271963 +0200 -@@ -393,6 +393,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con - const OSSL_PARAM *param_priv_key = NULL, *param_pub_key = NULL; - BN_CTX *ctx = NULL; - BIGNUM *priv_key = NULL; -+#ifdef FIPS_MODULE -+ const OSSL_PARAM *param_sign_kat_k = NULL; -+ BIGNUM *sign_kat_k = NULL; -+#endif - unsigned char *pub_key = NULL; - size_t pub_key_len; - const EC_GROUP *ecg = NULL; -@@ -408,7 +412,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con - if (include_private) - param_priv_key = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); -- -+#ifdef FIPS_MODULE -+ param_sign_kat_k = -+ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K); -+#endif - ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(ec)); - if (ctx == NULL) - goto err; -@@ -481,6 +489,17 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con - && !EC_KEY_set_public_key(ec, pub_point)) - goto err; - -+#ifdef FIPS_MODULE -+ if (param_sign_kat_k) { -+ if ((sign_kat_k = BN_secure_new()) == NULL) -+ goto err; -+ BN_set_flags(sign_kat_k, BN_FLG_CONSTTIME); -+ -+ if (!OSSL_PARAM_get_BN(param_sign_kat_k, &sign_kat_k)) -+ goto err; -+ ec->sign_kat_k = sign_kat_k; -+ } -+#endif - ok = 1; - - err: -diff -up openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature openssl-3.0.1/crypto/ec/ecdsa_ossl.c ---- openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature 2022-04-04 17:01:35.725323127 +0200 -+++ openssl-3.0.1/crypto/ec/ecdsa_ossl.c 2022-04-04 17:03:42.000427050 +0200 -@@ -20,6 +20,10 @@ - #include "crypto/bn.h" - #include "ec_local.h" - -+#ifdef FIPS_MODULE -+extern int REDHAT_FIPS_signature_st; -+#endif -+ - int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp) - { -@@ -126,6 +130,11 @@ static int ecdsa_sign_setup(EC_KEY *ecke - goto err; - - do { -+#ifdef FIPS_MODULE -+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) { -+ BN_copy(k, eckey->sign_kat_k); -+ } else { -+#endif - /* get random k */ - do { - if (dgst != NULL) { -@@ -141,7 +150,9 @@ static int ecdsa_sign_setup(EC_KEY *ecke - } - } - } while (BN_is_zero(k)); -- -+#ifdef FIPS_MODULE -+ } -+#endif - /* compute r the x-coordinate of generator * k */ - if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); -diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_key.c ---- openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature 2022-04-04 13:48:52.231172299 +0200 -+++ openssl-3.0.1/crypto/ec/ec_key.c 2022-04-04 14:00:35.077368605 +0200 -@@ -97,6 +97,9 @@ void EC_KEY_free(EC_KEY *r) - EC_GROUP_free(r->group); - EC_POINT_free(r->pub_key); - BN_clear_free(r->priv_key); -+#ifdef FIPS_MODULE -+ BN_clear_free(r->sign_kat_k); -+#endif - OPENSSL_free(r->propq); - - OPENSSL_clear_free((void *)r, sizeof(EC_KEY)); -diff -up openssl-3.0.1/crypto/ec/ec_local.h.fips_kat_signature openssl-3.0.1/crypto/ec/ec_local.h ---- openssl-3.0.1/crypto/ec/ec_local.h.fips_kat_signature 2022-04-04 13:46:57.576161867 +0200 -+++ openssl-3.0.1/crypto/ec/ec_local.h 2022-04-04 13:48:07.827780835 +0200 -@@ -298,6 +298,9 @@ struct ec_key_st { - #ifndef FIPS_MODULE - CRYPTO_EX_DATA ex_data; - #endif -+#ifdef FIPS_MODULE -+ BIGNUM *sign_kat_k; -+#endif - CRYPTO_RWLOCK *lock; - OSSL_LIB_CTX *libctx; - char *propq; -diff -up openssl-3.0.1/include/openssl/core_names.h.fips_kat_signature openssl-3.0.1/include/openssl/core_names.h ---- openssl-3.0.1/include/openssl/core_names.h.fips_kat_signature 2022-04-04 14:06:15.717370014 +0200 -+++ openssl-3.0.1/include/openssl/core_names.h 2022-04-04 14:07:35.376071229 +0200 -@@ -293,6 +293,7 @@ extern "C" { - #define OSSL_PKEY_PARAM_DIST_ID "distid" - #define OSSL_PKEY_PARAM_PUB_KEY "pub" - #define OSSL_PKEY_PARAM_PRIV_KEY "priv" -+#define OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K "rh_sign_kat_k" - - /* Diffie-Hellman/DSA Parameters */ - #define OSSL_PKEY_PARAM_FFC_P "p" -diff -up openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.fips_kat_signature openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c ---- openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.fips_kat_signature 2022-04-04 14:21:03.043180906 +0200 -+++ openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c 2022-04-04 14:38:33.949406645 +0200 -@@ -530,7 +530,8 @@ end: - # define EC_IMEXPORTABLE_PUBLIC_KEY \ - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) - # define EC_IMEXPORTABLE_PRIVATE_KEY \ -- OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0) -+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), \ -+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, NULL, 0) - # define EC_IMEXPORTABLE_OTHER_PARAMETERS \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL) -diff -up openssl-3.0.1/providers/fips/self_test_kats.c.kat openssl-3.0.1/providers/fips/self_test_kats.c ---- openssl-3.0.1/providers/fips/self_test_kats.c.kat 2022-05-10 15:10:32.502185265 +0200 -+++ openssl-3.0.1/providers/fips/self_test_kats.c 2022-05-10 15:13:21.465653720 +0200 -@@ -17,6 +17,8 @@ - #include "self_test.h" - #include "self_test_data.inc" - -+int REDHAT_FIPS_signature_st = 0; -+ - static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st, - OSSL_LIB_CTX *libctx) - { -@@ -446,6 +448,7 @@ static int self_test_sign(const ST_KAT_S - EVP_PKEY *pkey = NULL; - unsigned char sig[256]; - BN_CTX *bnctx = NULL; -+ BIGNUM *K = NULL; - size_t siglen = sizeof(sig); - static const unsigned char dgst[] = { - 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, -@@ -462,6 +465,9 @@ static int self_test_sign(const ST_KAT_S - bnctx = BN_CTX_new_ex(libctx); - if (bnctx == NULL) - goto err; -+ K = BN_CTX_get(bnctx); -+ if (K == NULL || BN_bin2bn(dgst, sizeof(dgst), K) == NULL) -+ goto err; - - bld = OSSL_PARAM_BLD_new(); - if (bld == NULL) -@@ -469,6 +475,9 @@ static int self_test_sign(const ST_KAT_S - - if (!add_params(bld, t->key, bnctx)) - goto err; -+ /* set K for ECDSA KAT tests */ -+ if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, K)) -+ goto err; - params = OSSL_PARAM_BLD_to_param(bld); - - /* Create a EVP_PKEY_CTX to load the DSA key into */ -@@ -689,11 +698,13 @@ static int self_test_kas(OSSL_SELF_TEST - static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) - { - int i, ret = 1; -+ REDHAT_FIPS_signature_st = 1; - - for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) { - if (!self_test_sign(&st_kat_sign_tests[i], st, libctx)) - ret = 0; - } -+ REDHAT_FIPS_signature_st = 0; - return ret; - } - -diff -up openssl-3.0.1/providers/fips/self_test_data.inc.kat openssl-3.0.1/providers/fips/self_test_data.inc ---- openssl-3.0.1/providers/fips/self_test_data.inc.kat 2022-05-16 17:37:34.962807400 +0200 -+++ openssl-3.0.1/providers/fips/self_test_data.inc 2022-05-16 17:48:10.709376779 +0200 -@@ -1399,7 +1399,151 @@ static const ST_KAT_PARAM ecdsa_prime_ke - ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv), - ST_KAT_PARAM_END() - }; -+static const unsigned char ec224r1_kat_sig[] = { -+0x30, 0x3c, 0x02, 0x1c, 0x2f, 0x24, 0x30, 0x96, 0x3b, 0x39, 0xe0, 0xab, 0xe2, 0x5a, 0x6f, 0xe0, -+0x40, 0x7e, 0x19, 0x30, 0x6e, 0x6a, 0xfd, 0x7a, 0x2b, 0x5d, 0xaa, 0xc2, 0x34, 0x6c, 0xc8, 0xce, -+0x02, 0x1c, 0x47, 0xe1, 0xac, 0xfd, 0xb4, 0xb8, 0x2b, 0x8c, 0x49, 0xb6, 0x36, 0xcd, 0xdd, 0x22, -+0x2a, 0x2d, 0x29, 0x64, 0x70, 0x61, 0xc3, 0x3e, 0x18, 0x51, 0xec, 0xf2, 0xad, 0x3c -+}; - -+static const char ecd_prime_curve_name384[] = "secp384r1"; -+/* -+priv: -+ 58:12:2b:94:be:29:23:13:83:f5:c4:20:e8:22:34: -+ 54:73:49:91:10:05:e9:10:e9:d7:2d:72:9c:5e:6a: -+ ba:8f:6d:d6:e4:a7:eb:e0:ae:e3:d4:c9:aa:33:87: -+ 4c:91:87 -+pub: -+ 04:d1:86:8b:f5:c4:a2:f7:a5:92:e6:85:2a:d2:92: -+ 81:97:0a:8d:fa:09:3f:84:6c:17:43:03:43:49:23: -+ 77:c4:31:f4:0a:a4:de:87:ac:5c:c0:d1:bc:e4:43: -+ 7f:8d:44:e1:3b:5f:bc:27:c8:79:0f:d0:31:9f:a7: -+ 6d:de:fb:f7:da:19:40:fd:aa:83:dc:69:ce:a6:f3: -+ 4d:65:20:1c:66:82:80:03:f7:7b:2e:f3:b3:7c:1f: -+ 11:f2:a3:bf:e8:0e:88 -+*/ -+static const unsigned char ecd_prime_priv384[] = { -+ 0x58, 0x12, 0x2b, 0x94, 0xbe, 0x29, 0x23, 0x13, 0x83, 0xf5, 0xc4, 0x20, 0xe8, 0x22, 0x34, -+ 0x54, 0x73, 0x49, 0x91, 0x10, 0x05, 0xe9, 0x10, 0xe9, 0xd7, 0x2d, 0x72, 0x9c, 0x5e, 0x6a, -+ 0xba, 0x8f, 0x6d, 0xd6, 0xe4, 0xa7, 0xeb, 0xe0, 0xae, 0xe3, 0xd4, 0xc9, 0xaa, 0x33, 0x87, -+ 0x4c, 0x91, 0x87 -+}; -+static const unsigned char ecd_prime_pub384[] = { -+ 0x04, 0xd1, 0x86, 0x8b, 0xf5, 0xc4, 0xa2, 0xf7, 0xa5, 0x92, 0xe6, 0x85, 0x2a, 0xd2, 0x92, -+ 0x81, 0x97, 0x0a, 0x8d, 0xfa, 0x09, 0x3f, 0x84, 0x6c, 0x17, 0x43, 0x03, 0x43, 0x49, 0x23, -+ 0x77, 0xc4, 0x31, 0xf4, 0x0a, 0xa4, 0xde, 0x87, 0xac, 0x5c, 0xc0, 0xd1, 0xbc, 0xe4, 0x43, -+ 0x7f, 0x8d, 0x44, 0xe1, 0x3b, 0x5f, 0xbc, 0x27, 0xc8, 0x79, 0x0f, 0xd0, 0x31, 0x9f, 0xa7, -+ 0x6d, 0xde, 0xfb, 0xf7, 0xda, 0x19, 0x40, 0xfd, 0xaa, 0x83, 0xdc, 0x69, 0xce, 0xa6, 0xf3, -+ 0x4d, 0x65, 0x20, 0x1c, 0x66, 0x82, 0x80, 0x03, 0xf7, 0x7b, 0x2e, 0xf3, 0xb3, 0x7c, 0x1f, -+ 0x11, 0xf2, 0xa3, 0xbf, 0xe8, 0x0e, 0x88 -+}; -+static const ST_KAT_PARAM ecdsa_prime_key384[] = { -+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name384), -+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub384), -+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv384), -+ ST_KAT_PARAM_END() -+}; -+static const unsigned char ec384r1_kat_sig[] = { -+0x30, 0x65, 0x02, 0x30, 0x1a, 0xd5, 0x57, 0x1b, 0x28, 0x0f, 0xf1, 0x68, 0x66, 0x68, 0x8a, 0x98, -+0xe3, 0x9c, 0xce, 0x7f, 0xa7, 0x68, 0xdc, 0x84, 0x5a, 0x65, 0xdc, 0x2b, 0x5d, 0x7e, 0xf3, 0x9b, -+0xa0, 0x40, 0xe8, 0x7a, 0x02, 0xc7, 0x82, 0xe0, 0x0c, 0x81, 0xa5, 0xda, 0x55, 0x27, 0xbf, 0x79, -+0xee, 0x72, 0xc2, 0x14, 0x02, 0x31, 0x00, 0xd1, 0x9d, 0x67, 0xda, 0x5a, 0xd2, 0x58, 0x68, 0xe7, -+0x71, 0x08, 0xb2, 0xa4, 0xe4, 0xe8, 0x74, 0xb4, 0x0a, 0x3d, 0x76, 0x49, 0x31, 0x17, 0x6e, 0x33, -+0x16, 0xf0, 0x00, 0x1f, 0x3c, 0x1f, 0xf9, 0x7c, 0xdb, 0x93, 0x49, 0x9c, 0x7d, 0xb3, 0xd3, 0x30, -+0x98, 0x81, 0x6f, 0xb0, 0xc9, 0x30, 0x2f -+}; -+static const char ecd_prime_curve_name521[] = "secp521r1"; -+/* -+priv: -+ 00:44:0f:96:31:a9:87:f2:5f:be:a0:bc:ef:0c:ae: -+ 58:cc:5f:f8:44:9e:89:86:7e:bf:db:ce:cb:0e:20: -+ 10:4a:11:ec:0b:51:1d:e4:91:ca:c6:40:fb:c6:69: -+ ad:68:33:9e:c8:f5:c4:c6:a5:93:a8:4d:a9:a9:a2: -+ af:fe:6d:cb:c2:3b -+pub: -+ 04:01:5f:58:a9:40:0c:ee:9b:ed:4a:f4:7a:3c:a3: -+ 89:c2:f3:7e:2c:f4:b5:53:80:ae:33:7d:36:d1:b5: -+ 18:bd:ef:a9:48:00:ea:88:ee:00:5c:ca:07:08:b5: -+ 67:4a:c3:2b:10:c6:07:b0:c2:45:37:b7:1d:e3:6c: -+ e1:bf:2c:44:18:4a:aa:01:af:75:40:6a:e3:f5:b2: -+ 7f:d1:9d:1b:8b:29:1f:91:4d:db:93:bf:bd:8c:b7: -+ 6a:8d:4b:2c:36:2a:6b:ab:54:9d:7b:31:99:a4:de: -+ c9:10:c4:f4:a3:f4:6d:94:97:62:16:a5:34:65:1f: -+ 42:cd:8b:9e:e6:db:14:5d:a9:8d:19:95:8d -+*/ -+static const unsigned char ecd_prime_priv521[] = { -+ 0x00, 0x44, 0x0f, 0x96, 0x31, 0xa9, 0x87, 0xf2, 0x5f, 0xbe, 0xa0, 0xbc, 0xef, 0x0c, 0xae, -+ 0x58, 0xcc, 0x5f, 0xf8, 0x44, 0x9e, 0x89, 0x86, 0x7e, 0xbf, 0xdb, 0xce, 0xcb, 0x0e, 0x20, -+ 0x10, 0x4a, 0x11, 0xec, 0x0b, 0x51, 0x1d, 0xe4, 0x91, 0xca, 0xc6, 0x40, 0xfb, 0xc6, 0x69, -+ 0xad, 0x68, 0x33, 0x9e, 0xc8, 0xf5, 0xc4, 0xc6, 0xa5, 0x93, 0xa8, 0x4d, 0xa9, 0xa9, 0xa2, -+ 0xaf, 0xfe, 0x6d, 0xcb, 0xc2, 0x3b -+}; -+static const unsigned char ecd_prime_pub521[] = { -+ 0x04, 0x01, 0x5f, 0x58, 0xa9, 0x40, 0x0c, 0xee, 0x9b, 0xed, 0x4a, 0xf4, 0x7a, 0x3c, 0xa3, -+ 0x89, 0xc2, 0xf3, 0x7e, 0x2c, 0xf4, 0xb5, 0x53, 0x80, 0xae, 0x33, 0x7d, 0x36, 0xd1, 0xb5, -+ 0x18, 0xbd, 0xef, 0xa9, 0x48, 0x00, 0xea, 0x88, 0xee, 0x00, 0x5c, 0xca, 0x07, 0x08, 0xb5, -+ 0x67, 0x4a, 0xc3, 0x2b, 0x10, 0xc6, 0x07, 0xb0, 0xc2, 0x45, 0x37, 0xb7, 0x1d, 0xe3, 0x6c, -+ 0xe1, 0xbf, 0x2c, 0x44, 0x18, 0x4a, 0xaa, 0x01, 0xaf, 0x75, 0x40, 0x6a, 0xe3, 0xf5, 0xb2, -+ 0x7f, 0xd1, 0x9d, 0x1b, 0x8b, 0x29, 0x1f, 0x91, 0x4d, 0xdb, 0x93, 0xbf, 0xbd, 0x8c, 0xb7, -+ 0x6a, 0x8d, 0x4b, 0x2c, 0x36, 0x2a, 0x6b, 0xab, 0x54, 0x9d, 0x7b, 0x31, 0x99, 0xa4, 0xde, -+ 0xc9, 0x10, 0xc4, 0xf4, 0xa3, 0xf4, 0x6d, 0x94, 0x97, 0x62, 0x16, 0xa5, 0x34, 0x65, 0x1f, -+ 0x42, 0xcd, 0x8b, 0x9e, 0xe6, 0xdb, 0x14, 0x5d, 0xa9, 0x8d, 0x19, 0x95, 0x8d -+}; -+static const ST_KAT_PARAM ecdsa_prime_key521[] = { -+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name521), -+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub521), -+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv521), -+ ST_KAT_PARAM_END() -+}; -+static const unsigned char ec521r1_kat_sig[] = { -+0x30, 0x81, 0x88, 0x02, 0x42, 0x00, 0xdf, 0x64, 0x9c, 0xc8, 0x5b, 0xdd, 0x0b, 0x7f, 0x69, 0x7e, -+0xdb, 0x83, 0x58, 0x67, 0x63, 0x43, 0xb7, 0xfa, 0x40, 0x29, 0xde, 0xb9, 0xde, 0xe9, 0x96, 0x65, -+0xe6, 0x8e, 0xf4, 0xeb, 0xd0, 0xe9, 0x6a, 0xd3, 0x27, 0x6c, 0x4d, 0x60, 0x47, 0x9c, 0x62, 0xb8, -+0x6c, 0xc1, 0x36, 0x19, 0x65, 0xff, 0xab, 0xcf, 0x24, 0xa3, 0xde, 0xd1, 0x4b, 0x1b, 0xdd, 0x89, -+0xcf, 0xf8, 0x72, 0x7b, 0x92, 0xbc, 0x02, 0x02, 0x42, 0x01, 0xf8, 0x07, 0x77, 0xb8, 0xcb, 0xa2, -+0xe2, 0x1f, 0x53, 0x9a, 0x7c, 0x16, 0xb5, 0x8e, 0xad, 0xe3, 0xc3, 0xac, 0xb7, 0xb2, 0x51, 0x8f, -+0xf9, 0x09, 0x65, 0x43, 0xf8, 0xd8, 0x3c, 0xe3, 0x5c, 0x4a, 0x5e, 0x3d, 0x6f, 0xb7, 0xbb, 0x5a, -+0x92, 0x69, 0xec, 0x71, 0xa2, 0x35, 0xe5, 0x29, 0x17, 0xaf, 0xc9, 0x69, 0xa7, 0xaa, 0x94, 0xf9, -+0xf9, 0x50, 0x87, 0x7b, 0x5d, 0x87, 0xe3, 0xd6, 0x3f, 0xb6, 0x6e -+}; -+static const char ecd_prime_curve_name256[] = "prime256v1"; -+/* -+priv: -+ 84:88:11:3f:a9:c9:9e:23:72:8b:40:cb:a2:b1:88: -+ 01:1e:92:48:af:13:2d:9b:33:8e:6d:43:40:30:c7: -+ 30:fa -+pub: -+ 04:22:58:b6:f9:01:3b:8c:a6:9b:9f:ae:75:fc:73: -+ cf:1b:f0:81:dc:55:a3:cc:5d:81:46:85:06:32:34: -+ 99:0d:c5:7e:a1:95:bb:21:73:33:40:4b:35:17:f6: -+ 8e:26:61:46:94:2c:4c:ac:9b:20:f8:08:72:25:74: -+ 98:66:c4:63:a6 -+*/ -+static const unsigned char ecd_prime_priv256[] = { -+ 0x84, 0x88, 0x11, 0x3f, 0xa9, 0xc9, 0x9e, 0x23, 0x72, 0x8b, 0x40, 0xcb, 0xa2, 0xb1, 0x88, -+ 0x01, 0x1e, 0x92, 0x48, 0xaf, 0x13, 0x2d, 0x9b, 0x33, 0x8e, 0x6d, 0x43, 0x40, 0x30, 0xc7, -+ 0x30, 0xfa -+}; -+static const unsigned char ecd_prime_pub256[] = { -+ 0x04, 0x22, 0x58, 0xb6, 0xf9, 0x01, 0x3b, 0x8c, 0xa6, 0x9b, 0x9f, 0xae, 0x75, 0xfc, 0x73, -+ 0xcf, 0x1b, 0xf0, 0x81, 0xdc, 0x55, 0xa3, 0xcc, 0x5d, 0x81, 0x46, 0x85, 0x06, 0x32, 0x34, -+ 0x99, 0x0d, 0xc5, 0x7e, 0xa1, 0x95, 0xbb, 0x21, 0x73, 0x33, 0x40, 0x4b, 0x35, 0x17, 0xf6, -+ 0x8e, 0x26, 0x61, 0x46, 0x94, 0x2c, 0x4c, 0xac, 0x9b, 0x20, 0xf8, 0x08, 0x72, 0x25, 0x74, -+ 0x98, 0x66, 0xc4, 0x63, 0xa6 -+}; -+static const ST_KAT_PARAM ecdsa_prime_key256[] = { -+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name256), -+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub256), -+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv256), -+ ST_KAT_PARAM_END() -+}; -+static const unsigned char ec256v1_kat_sig[] = { -+0x30, 0x46, 0x02, 0x21, 0x00, 0xc9, 0x11, 0x27, 0x06, 0x51, 0x2b, 0x50, 0x8c, 0x6b, 0xc0, 0xa6, -+0x85, 0xaa, 0xf4, 0x66, 0x0d, 0xe4, 0x54, 0x0a, 0x10, 0xb6, 0x9f, 0x87, 0xfc, 0xa2, 0xbc, 0x8f, -+0x3c, 0x58, 0xb4, 0xe9, 0x41, 0x02, 0x21, 0x00, 0xc9, 0x72, 0x94, 0xa9, 0xdd, 0x52, 0xca, 0x21, -+0x82, 0x66, 0x7a, 0x68, 0xcb, 0x1e, 0x3b, 0x12, 0x71, 0x4d, 0x56, 0xb5, 0xb7, 0xdd, 0xca, 0x2b, -+0x18, 0xa3, 0xa7, 0x08, 0x0d, 0xfa, 0x9c, 0x66 -+}; - # ifndef OPENSSL_NO_EC2M - static const char ecd_bin_curve_name[] = "sect233r1"; - static const unsigned char ecd_bin_priv[] = { -@@ -1571,8 +1715,42 @@ static const ST_KAT_SIGN st_kat_sign_tes - ecdsa_prime_key, - /* - * The ECDSA signature changes each time due to it using a random k. -- * So there is no expected KAT for this case. -+ * We provide this value in our build -+ */ -+ ITM(ec224r1_kat_sig) -+ }, -+ { -+ OSSL_SELF_TEST_DESC_SIGN_ECDSA, -+ "EC", -+ "SHA-256", -+ ecdsa_prime_key384, -+ /* -+ * The ECDSA signature changes each time due to it using a random k. -+ * We provide this value in our build -+ */ -+ ITM(ec384r1_kat_sig) -+ }, -+ { -+ OSSL_SELF_TEST_DESC_SIGN_ECDSA, -+ "EC", -+ "SHA-256", -+ ecdsa_prime_key521, -+ /* -+ * The ECDSA signature changes each time due to it using a random k. -+ * We provide this value in our build -+ */ -+ ITM(ec521r1_kat_sig) -+ }, -+ { -+ OSSL_SELF_TEST_DESC_SIGN_ECDSA, -+ "EC", -+ "SHA-256", -+ ecdsa_prime_key256, -+ /* -+ * The ECDSA signature changes each time due to it using a random k. -+ * We provide this value in our build - */ -+ ITM(ec256v1_kat_sig) - }, - # ifndef OPENSSL_NO_EC2M - { -diff -up openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c ---- openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat 2022-05-30 14:48:53.180999124 +0200 -+++ openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c 2022-05-30 14:58:52.841286228 +0200 -@@ -44,6 +44,10 @@ - #define S390X_OFF_RN(n) (4 * n) - #define S390X_OFF_Y(n) (4 * n) - -+#ifdef FIPS_MODULE -+extern int REDHAT_FIPS_signature_st; -+#endif -+ - static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, - size_t num, const EC_POINT *points[], -@@ -183,11 +187,21 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign - * because kdsa instruction constructs an in-range, invertible nonce - * internally implementing counter-measures for RNG weakness. - */ -+#ifdef FIPS_MODULE -+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) { -+ BN_bn2binpad(eckey->sign_kat_k, param + S390X_OFF_RN(len), len); -+ /* Turns KDSA internal nonce-generation off. */ -+ fc |= S390X_KDSA_D; -+ } else { -+#endif - if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len), - (size_t)len, 0) != 1) { - ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); - goto ret; - } -+#ifdef FIPS_MODULE -+ } -+#endif - } else { - /* Reconstruct k = (k^-1)^-1. */ - if (ossl_ec_group_do_inverse_ord(group, k, kinv, NULL) == 0 diff --git a/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch b/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch index 286852c..9991c5c 100644 --- a/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch +++ b/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch @@ -568,851 +568,3 @@ index 8c52b637fc..ff75c5b6ec 100644 SKIP: { skip "No IPv4 available on this machine", 4 -diff -up openssl-3.0.5/test/smime-certs/smdh.pem.0061 openssl-3.0.5/test/smime-certs/smdh.pem ---- openssl-3.0.5/test/smime-certs/smdh.pem.0061 2022-09-02 14:17:15.331436663 +0200 -+++ openssl-3.0.5/test/smime-certs/smdh.pem 2022-09-02 14:17:15.347436804 +0200 -@@ -1,47 +1,47 @@ - -----BEGIN PRIVATE KEY----- --MIICXAIBADCCAjUGByqGSM4+AgEwggIoAoIBAQCB6AUA/1eXRh+iLWHXe+lUl6e+ --+460tAIIpsQ1jw1ZaTmlH9SlrWSBNVRVHwDuBW7vA+lKgBvDpCIjmhRbgrZIGwcZ --6ruCYy5KF/B3AW5MApC9QCDaVrG6Hb7NfpMgwuUIKvvvOMrrvn4r5Oxtsx9rORTE --bdS33MuZCOIbodjs5u+e/2hhssOwgUTMASDwXppJTyeMwAAZ+p78ByrSULP6yYdP --PTh8sK1begDG6YTSKE3VqYNg1yaE5tQvCQ0U2L4qZ8JqexAVHbR8LA8MNhtA1pma --Zj4q2WNAEevpprIIRXgJEZY278nPlvVeoKfOef9RBHgQ6ZTnZ1Et5iLMCwYHAoIB --AFVgJaHfnBVJYfaQh1NyoVZJ5xX6UvvL5xEKUwwEMgs8JSOzp2UI+KRDpy9KbNH7 --93Kwa2d8Q7ynciDiCmd1ygF4CJKb4ZOwjWjpZ4DedHr0XokGhyBCyjaBxOi3i4tP --EFO8YHs5B/yOZHzcpTfs2VxJqIm3KF8q0Ify9PWDAsgo+d21/+eye60FHjF9o2/D --l3NRlOhUhHNGykfqFgKEEEof3/3c6r5BS0oRXdsu6dx/y2/v8j9aJoHfyGHkswxr --ULSBxJENOBB89C+GET6yhbxV1e4SFwzHnXgG8bWXwk7bea6ZqXbHq0pT3kUiQeKe --assXKqRBAG9NLbQ3mmx8RFkCHQDIVBWPf6VwBa2s1CAcsIziVJ8qr/KAKx9DZ3h5 --BB4CHAF3VZBAC/TB85J4PzsLJ+VrOWr0c8kQlYUR9rw= -+MIICXQIBADCCAjUGByqGSM4+AgEwggIoAoIBAQCCyx9ZhD6HY5xgusGDrJZJ+FdT -+e9OxD/p9DQNKqoLyJ10TAUXuycozVqDAD4v1wsOAPH0TDOX9Ns87PXgTbd6DpSJt -+F1ZLW+1pklZs2m0cLl4raOe8CZGHkSgia0wC40LAg/u/JZ6NAG2YSiFEtjbkf81l -+pvL0946LiHfHklMtSOkK3H9PkGB/KrXMITRR2P1u78AzTvc2YL7iLlCu6mV2g6v4 -+ieeWprywTaZ8gp3NBMjyuRJniGCQ52jPfOvT32w/sBTIfUO+95u/eEHrTP4K+vTk -+VS3wLo5ypgrveRdALKvqkHe0qfNr5VQRk2Pt6ReH35kjiUPLZCccgJr9h80hAoIB -+AE50cpgSJBYr9+5dj+fJJcXf/KX9rttlBXyveUP+vbSm/oW443/IksO3oLMy1Raq -+tHTDBhtNrH7rSK6CDStKrMkgHsjTYkZOU85vCdrVi3UZBz0GiYO/8kQ8aLeTe3LB -+7QB0kkkUgZ7etsnNxEkz9WQwohTvGBHBFNDKDqWadP9BpNrFoDCYojit7GOZPQgt -+eEiCO8D9xu0sEXT8ZdRqWcmkTfeMRojrzxt0LpT/vUKHGsBFmUN7kH4Hy9z2LJxB -+DrYYkV3LSAweuUQKBocNI7bbbOvPByUvHVMfJBrBmwIJI3vc3091njOH53zATNNv -+ta+9S7L4zNsvbg8RtJyH8i4CHQCY12PTXj6Ipxbqq4d1Q+AoUqnN/H9lAS46teXv -+BB8CHQCGE6pxpX5lWcH6+TGLDoLo3T5L2/5KTd0tRNdj - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFmDCCBICgAwIBAgIUWlJkHZZ2eZgkGCHFtcMAjlLdDH8wDQYJKoZIhvcNAQEL -+MIIFljCCBH6gAwIBAgIUMNF4DNf+H6AXGApe99UrJWFcAnwwDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw --NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgREggIzEwggNCMIICNQYHKoZIzj4C --ATCCAigCggEBAIHoBQD/V5dGH6ItYdd76VSXp777jrS0AgimxDWPDVlpOaUf1KWt --ZIE1VFUfAO4Fbu8D6UqAG8OkIiOaFFuCtkgbBxnqu4JjLkoX8HcBbkwCkL1AINpW --sbodvs1+kyDC5Qgq++84yuu+fivk7G2zH2s5FMRt1Lfcy5kI4huh2Ozm757/aGGy --w7CBRMwBIPBemklPJ4zAABn6nvwHKtJQs/rJh089OHywrVt6AMbphNIoTdWpg2DX --JoTm1C8JDRTYvipnwmp7EBUdtHwsDww2G0DWmZpmPirZY0AR6+mmsghFeAkRljbv --yc+W9V6gp855/1EEeBDplOdnUS3mIswLBgcCggEAVWAlod+cFUlh9pCHU3KhVknn --FfpS+8vnEQpTDAQyCzwlI7OnZQj4pEOnL0ps0fv3crBrZ3xDvKdyIOIKZ3XKAXgI --kpvhk7CNaOlngN50evReiQaHIELKNoHE6LeLi08QU7xgezkH/I5kfNylN+zZXEmo --ibcoXyrQh/L09YMCyCj53bX/57J7rQUeMX2jb8OXc1GU6FSEc0bKR+oWAoQQSh/f --/dzqvkFLShFd2y7p3H/Lb+/yP1omgd/IYeSzDGtQtIHEkQ04EHz0L4YRPrKFvFXV --7hIXDMedeAbxtZfCTtt5rpmpdserSlPeRSJB4p5qyxcqpEEAb00ttDeabHxEWQId --AMhUFY9/pXAFrazUIBywjOJUnyqv8oArH0NneHkDggEFAAKCAQBigH0Mp4jUMSfK --yOhKlEfyZ/hj/EImsUYW4+u8xjBN+ruOJUTJ06Mtgw3g2iLkhQoO9NROqvC9rdLj --+j3e+1QWm9EDNKQAa4nUp8/W+XZ5KkQWudmtaojEXD1+kd44ieNLtPGuVnPtDGO4 --zPf04IUq7tDGbMDMMn6YXvW6f28lR3gF5vvVIsnjsd/Lau6orzmNSrymXegsEsFR --Q7hT+/tPoAtro6Hx9rBrYb/0OCiRe4YuYrFKkC0aaJfUQepVyuVMSTxxKTzq8T06 --M8SBITlmkPFZJHyGzV/+a72hpJsAa0BaDnpxH3cFpEMzeYG1XQK461zexoIYN3ub --i3xNPUzPo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4E --FgQULayIqKcWHtUH4pFolI6dKxycIG8wHwYDVR0jBBgwFoAUFcETIWviVV+nah1X --INbP86lzZFkwDQYJKoZIhvcNAQELBQADggEBAKjKvvJ6Vc9HiQXACqqRZnekz2gO --ue71nsXXDr2+y4PPpgcDzgtO3vhQc7Akv6Uyca9LY7w/X+temP63yxdLpKXTV19w --Or0p4VEvTZ8AttMjFh4Hl8caVYk/J4TIudSXLIfKROP6sFu5GOw7W3xpBkL5Zio6 --3dqe6xAYK0woNQPDfj5yOAlqj1Ohth81JywW5h2g8GfLtNe62coAqwjMJT+ExHfU --EkF/beSqRGOvXwyhSxFpe7HVjUMgrgdfoZnNsoPmpH3eTiF4BjamGWI1+Z0o+RHa --oPwN+cCzbDsi9uTQJO1D5S697heX00zzzU/KSW7djNzKv55vm24znuFkXTM= -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MzM0NloXDTMyMDMz -+MTE0MzM0NlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIERIICMxMIIDQjCCAjUGByqGSM4+AgEw -+ggIoAoIBAQCCyx9ZhD6HY5xgusGDrJZJ+FdTe9OxD/p9DQNKqoLyJ10TAUXuycoz -+VqDAD4v1wsOAPH0TDOX9Ns87PXgTbd6DpSJtF1ZLW+1pklZs2m0cLl4raOe8CZGH -+kSgia0wC40LAg/u/JZ6NAG2YSiFEtjbkf81lpvL0946LiHfHklMtSOkK3H9PkGB/ -+KrXMITRR2P1u78AzTvc2YL7iLlCu6mV2g6v4ieeWprywTaZ8gp3NBMjyuRJniGCQ -+52jPfOvT32w/sBTIfUO+95u/eEHrTP4K+vTkVS3wLo5ypgrveRdALKvqkHe0qfNr -+5VQRk2Pt6ReH35kjiUPLZCccgJr9h80hAoIBAE50cpgSJBYr9+5dj+fJJcXf/KX9 -+rttlBXyveUP+vbSm/oW443/IksO3oLMy1RaqtHTDBhtNrH7rSK6CDStKrMkgHsjT -+YkZOU85vCdrVi3UZBz0GiYO/8kQ8aLeTe3LB7QB0kkkUgZ7etsnNxEkz9WQwohTv -+GBHBFNDKDqWadP9BpNrFoDCYojit7GOZPQgteEiCO8D9xu0sEXT8ZdRqWcmkTfeM -+Rojrzxt0LpT/vUKHGsBFmUN7kH4Hy9z2LJxBDrYYkV3LSAweuUQKBocNI7bbbOvP -+ByUvHVMfJBrBmwIJI3vc3091njOH53zATNNvta+9S7L4zNsvbg8RtJyH8i4CHQCY -+12PTXj6Ipxbqq4d1Q+AoUqnN/H9lAS46teXvA4IBBQACggEAJP4Vy6vcIa7jLa93 -+DWeT0pxe4zeYXxRWbvS7reLoZcBIhH253/QfXj+0UhcjtAa5A2X519anBuetUern -+ecBmHO9vAj9F7J6feK+pUxE8cl793gmWzcGijMXCuRorW7GZ3XBTuQbWaJLtxB4a -+rS54+CFMUfqR5coxGrraGPGjR9P6YCpJgWL74yxiQVzjEdwPLEz/0ehKeDkSvuj8 -+Ixe06fY0eA9sfxx7+4lm2Jhw7XaIfguo8mgrfWjBzkkT2mcAHss/fdKcXNYrg+A+ -+xgApPiyuy7S4YkQSsdV5Ns8UFttBCuojzEuWQ49fMZcv/rIHSHSxpbg2Sdka+d6h -+wOQHK6NgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYE -+FLG7SOccVVRWmPw87GRrYH/NCegTMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaI -+qSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQB9J2dIIbIAiB8ToXJcyO7HRPhdWC/Y -+TE8cqeL+JiWNvIMB9fl2gOx6gj2h+yEr3lCpK/XDoWOs576UScS/vvs6fOjFHfkb -+L4i9nHXD2KizXkM2hr9FzTRXd9c3XXLyB9t1z38qcpOMxoxAbnH8hWLQDPjFdArC -+KWIqK/Vqxz4ZcIveM9GcVf78FU2DbQF4pwHjO9TsG7AbXiV4PXyJK75W5okAbZmQ -+EmMmVXEJdXSOS4prP8DCW/LYJ5UddsVZba2BCHD3c1c2YTA4GsP3ZMoXvQoyj0L2 -+/xazs/AS373Of6H0s00itRTFABxve1I7kE5dQdc3oZjn6A/DbfjYUmr5 - -----END CERTIFICATE----- -diff -up openssl-3.0.5/test/smime-certs/smdsa1.pem.0061 openssl-3.0.5/test/smime-certs/smdsa1.pem ---- openssl-3.0.5/test/smime-certs/smdsa1.pem.0061 2022-09-02 14:17:15.326436618 +0200 -+++ openssl-3.0.5/test/smime-certs/smdsa1.pem 2022-09-02 14:17:15.346436795 +0200 -@@ -1,47 +1,47 @@ - -----BEGIN PRIVATE KEY----- --MIICXQIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1 --i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t --4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa --kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg --c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S --8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A --mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw --V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7 --ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR --CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL --5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL --QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX --ygQeAhwE9yuqObvNXzUTN+PY2rg00PzdyJw3XJAUrmlY -+MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 -+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou -+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO -+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK -+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC -+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA -+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM -+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx -+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy -+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 -+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h -+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ -+TQMsxQQjAiEAkolGvb/76X3vm5Ov09ezqyBYt9cdj/FLH7DyMkxO7X0= - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFmjCCBIKgAwIBAgIUUoOmJmXAY29/2rWY0wJphQ5/pzUwDQYJKoZIhvcNAQEL -+MIIFmzCCBIOgAwIBAgIUWGMqmBZZ1ykguVDk2Whn+2uKMA0wDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw --NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMxMIIDQzCCAjYGByqGSM44 --BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL --J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5 --LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd --62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt --MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l --aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK --3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b --bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ --9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2 --DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B --E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV --hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBACGS7hCpTL0g --lx9C1Bwz5xfVd0mwCqx9UGiH8Bf4lRsSagL0Irwvnjz++WH1vecZa2bWsYsPhQ+D --KDzaCo20CYln4IFEPgY0fSE+KTF1icFj/mD+MgxWgsgKoTI120ENPGHqHpKkv0Uv --OlwTImU4BxxkctZ5273XEv3VPQE8COGnXgqt7NBazU/O7vibFm0iaEsVjHFHYcoo --+sMcm3F2E/gvR9IJGaGPeCk0sMW8qloPzErWIugx/OGqM7fni2cIcZwGdju52O+l --cLV0tZdgC7eTbVDMLspyuiYME+zvEzRwCQF/GqcCDSn68zxJv/zSNZ9XxOgZaBfs --Na7e8YGATiujYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud --DgQWBBSFVrWPZrHzhHUg0MMEAAKwQIfsazAfBgNVHSMEGDAWgBQVwRMha+JVX6dq --HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAbm49FB+eyeX7OBUC/akhnkFw --cDXqw7Fl2OibRK+g/08zp4CruwJdb72j5+pTmG+9SF7tGyQBfHFf1+epa3ZiIc+0 --UzFf2xQBMyHjesL19cTe4i176dHz8pCxx9OEow0GlZVV85+Anev101NskKVNNVA7 --YnB2xKQWgf8HORh66XVCk54xMcd99ng8xQ8vhZC6KckVbheQgdPp7gUAcDgxH2Yo --JF8jHQlsWNcCGURDldP6FQ49TGWHj24IGjnjGapWxMUjvCz+kV6sGW/OIYu+MM9w --FMIOyEdUUtKowWT6eXwrITup3T6pspPTicbK61ZCPuxMvP2JBFGZsqat+F5g+w== -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjA0OFoXDTMyMDMz -+MTE0MjA0OFowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMTCCA0YwggI5BgcqhkjOOAQB -+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw -+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs -+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 -+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt -+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J -+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 -+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 -+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ -+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV -+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv -+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA -+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAZdJAANu5E -+hkGOJDo2KTBmX7EQMR98gTRFZu/B/W19bHDhm9qc792PLPkV487QAgkMEItSOv0P -+faeSYgbUe7d1aBXzqSdCwzq4WIxLNj2eQkZk6UffDg0csTvymTvnFHWyDUwRmvjH -++35r95r1jgBeSUQMJxoe2kwZ4DHdkCpIp5z7NA44DvclY/X+BgcZ1jJNClC3BFOy -+HQaLmY452mgnS+k7zfFhsUJn5lkpfVFY6Ml7Y5AFG3Dvf2rWdGBrVUwsBP8sVJCx -+ITcg6nyGJZuOeK3VITqrcgjZr9odkf/Hg7OzN+a1B+Z6u3Ld5BKrduBqN/EKxxyd -+GNJst42JrNFIo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV -+HQ4EFgQU0dBhM47Fpn83rw6nGqMcq5q3DqwwHwYDVR0jBBgwFoAUyZFTCmN7FluL -+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAC3W5L4plRWiaX03PncMHnaL -+sp48+2jJen4avzNpRZF/bTQ621x/KLWelbMzBTMxU6jtU1LwCvsiOTSenUZ6W5vq -+TGy6nwkMUrBN0nHmymVz5v40VBLtc2/5xF9UBZ1GMnmYko+d7VHBD6qu4hpi6OD1 -+3Z2kxCRaZ87y3IbVnl6zqdqxDxKCj4Ca+TT6AApm/MYVwpuvCVmuXrBBvJYTFFeZ -+2J90jHlQep2rAaZu41oiIlmQUEf9flV0iPYjj+Pqdzr9ovWVbqt7l1WKOBDYdzJW -+fQ8TvFSExkDQsDc0nkkLIfJBFUFuOpNmODvq+Ac8AGUBnl/Z3pAV4KVnnobIXHw= - -----END CERTIFICATE----- -diff -up openssl-3.0.5/test/smime-certs/smdsa2.pem.0061 openssl-3.0.5/test/smime-certs/smdsa2.pem ---- openssl-3.0.5/test/smime-certs/smdsa2.pem.0061 2022-09-02 14:17:15.332436671 +0200 -+++ openssl-3.0.5/test/smime-certs/smdsa2.pem 2022-09-02 14:17:15.347436804 +0200 -@@ -1,47 +1,47 @@ - -----BEGIN PRIVATE KEY----- --MIICXQIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1 --i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t --4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa --kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg --c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S --8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A --mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw --V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7 --ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR --CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL --5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL --QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX --ygQeAhwmRauZi+nQ3kQ+GSKD7JCwv8XkD9NObMGlW018 -+MIICZAIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 -+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou -+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO -+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK -+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC -+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA -+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM -+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx -+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy -+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 -+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h -+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ -+TQMsxQQiAiAdCUJ5n2Q9hIynN8BMpnRcdfH696BKejGx+2Mr2kfnnA== - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFmjCCBIKgAwIBAgIUHGKu2FMhT1wCiJTK3uAnklo55uowDQYJKoZIhvcNAQEL -+MIIFmzCCBIOgAwIBAgIUXgHGnvOCmrOH9biRq3yTCcDsliUwDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw --NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMyMIIDQzCCAjYGByqGSM44 --BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL --J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5 --LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd --62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt --MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l --aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK --3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b --bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ --9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2 --DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B --E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV --hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBAE0+OYS0s8/o --HwuuiPsBZTlRynqdwF6FHdE0Ei2uVTxnJouPYB2HvaMioG2inbISzPtEcnLF9Pyx --4hsXz7D49yqyMFjE3G8ObBOs/Vdno6E9ZZshWiRDwPf8JmoYp551UuJDoVaOTnhx --pEs30nuidtqd54PMdWUQPfp58kTu6bXvcRxdUj5CK/PyjavJCnGfppq/6j8jtrji --mOjIIeLZIbWp7hTVS/ffmfqZ8Lx/ShOcUzDa0VS3lfO28XqXpeqbyHdojsYlG2oA --shKJL7/scq3ab8cI5QuHEIGSbxinKfjCX4OEQ04CNsgUwMY9emPSaNdYDZOPqq/K --3bGk2PLcRsyjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud --DgQWBBTQAQyUCqYWGo5RuwGCtHNgXgzEQzAfBgNVHSMEGDAWgBQVwRMha+JVX6dq --HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAc3rayE2FGgG1RhLXAHYAs1Ky --4fcVcrzaPaz5jjWbpBCStkx+gNcUiBf+aSxNrRvUoPOSwMDLpMhbNBj2cjJqQ0W1 --oq4RUQth11qH89uPtBqiOqRTdlWAGZJbUTtVfrlc58DsDxFCwdcktSDYZwlO2lGO --vMCOn9N7oqEEuwRa++xVnYc8ZbY8lGwJD3bGR6iC7NkYk+2LSqPS52m8e0GO8dpf --RUrndbhmtsYa925dj2LlI218F3XwVcAUPW67dbpeEVw5OG8OCHRHqrwBEJj2PMV3 --tHeNXDEhjTzI3wiFia4kDBAKIsrC/XQ4tEiFzq0V00BiVY0ykhy+v/qNPskTsg== -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjIyNloXDTMyMDMz -+MTE0MjIyNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMjCCA0YwggI5BgcqhkjOOAQB -+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw -+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs -+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 -+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt -+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J -+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 -+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 -+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ -+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV -+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv -+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA -+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAi1CUW7S3s -+zDUcdE667AotL4SHZY01k/3owtBPKA5WWqBolj7WYkvO+X/nUssfph7NfS3z1nYO -+b/dI4kR02t1sgS21u7mvPKZfEWFzy5ohhkWFJPfyhDAk6MzzAWK0BARJ7r/0dmOR -+7EypKrH+vloQpNosGKeoDUElEjvZKjX/V2/w/30Vq88AN2PxXt8BxxF4oRAqd+fA -+DuaucP46UioUoWffAIaTxLDu1In2DqOAIj7MXCsqfbD7D6Ki386DGX3IwC0qYB3r -+z0gBmvkY8+9XbLQo6iAKJRiBJNJrBmGv6uPIVq98jl0FbMyri0rH/MCLown7qEYm -+MnyMehP0kA+Zo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV -+HQ4EFgQUZrHDTiSqm594ZkL5NMGrygydfKswHwYDVR0jBBgwFoAUyZFTCmN7FluL -+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBADhpm4d9pgdWTiX1ci4qxOat -+MK+eAc3y8dwjacwiTD94fFy+MFzItAI2msF+ILXDCYDUpFZpBjlCNRzMu/ETghJx -+53g4Hg6ioYmtLcYIAFQVIz4skdgV8npztK3ZQMSN3dcateZBf8KaEdP+cRtQs4IW -+Y+EAZ6Fve2j/kz1x/cmhSFQdWhhS+WzYUCY+FLWDXMuNLh7rDWy1t8VaRHLBU4TU -+q6W/qDaN2e6dKrzjEkqUstdGZ+JAkAZ+6CIABEnHeco1dEQUU5Atry7djeRhY68r -+us++ajRd6DLWXrD4KePyTYSPc7rAcbBBYSwe48cTxlPfKItTCrRXmWJHCCZ0UBA= - -----END CERTIFICATE----- -diff -up openssl-3.0.5/test/smime-certs/smdsa3.pem.0061 openssl-3.0.5/test/smime-certs/smdsa3.pem ---- openssl-3.0.5/test/smime-certs/smdsa3.pem.0061 2022-09-02 14:17:15.334436689 +0200 -+++ openssl-3.0.5/test/smime-certs/smdsa3.pem 2022-09-02 14:17:15.348436813 +0200 -@@ -1,47 +1,47 @@ - -----BEGIN PRIVATE KEY----- --MIICXgIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1 --i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t --4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa --kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg --c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S --8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A --mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw --V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7 --ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR --CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL --5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL --QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX --ygQfAh0AkfI6533W5nBIVrDPcp2DCXC8u2SIwBob6OoK5A== -+MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 -+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou -+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO -+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK -+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC -+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA -+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM -+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx -+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy -+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 -+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h -+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ -+TQMsxQQjAiEArJr6p2zTbhRppQurHGTdmdYHqrDdZH4MCsD9tQCw1xY= - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFmjCCBIKgAwIBAgIUO2QHMd9V/S6KlrFDIPd7asRP4FAwDQYJKoZIhvcNAQEL -+MIIFmzCCBIOgAwIBAgIUMMzeluWS9FTgzFM2PCI6rSt0++QwDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw --NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMzMIIDQzCCAjYGByqGSM44 --BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL --J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5 --LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd --62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt --MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l --aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK --3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b --bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ --9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2 --DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B --E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV --hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBAEj25Os9f57G --TaxsP8NzdCRBThCLqZWqLADh6S/aFOQQFpRRk3vGkvrOK/5La8KGKIDyzCEQo7Kg --sPwI1o4N5GKx15Cer2ekDWLtP4hA2CChs4tWJzEa8VxIDTg4EUnASFCbfDUY/Yt0 --5NM4nxtBhnr6PT7XmRehEFaTAgmsQFJ29jKx4tJkr+Gmj9J4i10CPd9DvIgIEnNt --rYMAlfbGovaZVCgKp5INVA4IkDfCcbzDeNiOGaACeV+4QuEbgIbUhMq9vbw3Vvqe --jwozPdrTYjd7oNxx/tY7gqxFRFxdDPXPno230afsAJsHmNF7lpj9Q4vBhy8w/EI1 --jGzuiXjei9qjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud --DgQWBBTwbCT+wSR9cvTg70jA2yIWgQSDZjAfBgNVHSMEGDAWgBQVwRMha+JVX6dq --HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAe5t9oi8K76y+wnV6I21vKgEh --M6DEe3+XTq10kAgYbcbMm+a6n86beaID7FANGET+3bsShxFeAX9g4Qsdw+Z3PF3P --wvqiBD8MaXczj28zP6j9TxsjGzpAsV3xo1n7aQ+hHzpopJUxAyx4hLBqSSwdj/xe --azELeVKoXY/nlokXnONWC5AvtfR7m7mKFPOmUghbeGCJH7+FXnC58eiF7BEpSbQl --SniAdQFis+Dne6/kwZnQQaSDg55ELfaZOLhaLcRtqqgU+kv24mXGGEBhs9bBKMz5 --ZNiKLafE3tCGRA5iMRwzdeSgrdnkQDHFiYXh3JHk5oKwGOdxusgt3DTHAFej1A== -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjI0MloXDTMyMDMz -+MTE0MjI0MlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMzCCA0YwggI5BgcqhkjOOAQB -+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw -+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs -+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 -+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt -+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J -+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 -+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 -+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ -+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV -+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv -+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA -+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQBxe+1+Il8h -+nTCAak3vZl4asn2axRc7GjDvDd8Ns/yvyd9WQE1t+FryvHR5jp9REVVnMg53wQcY -+rKlwfWBLp5k25x/OCwfWDmvlxFqExmaAZcEQGxauHYhoMbtVIq372CHPbsQqCMBA -+LPIdAvkUImBHanty/RXhJGqCIAZiUnX3WTZa0s6xV3yRf/+OPWXxNSATtOqm5ISl -+pLJDifMlE6llZmk3VHAWYJRFF7KQAFT83OKf/6tme9munxahdJcSrF4HiZKFFJof -+nvEWckKlHAonipLa6EBPMloofu+7reTcON+1tIFWH7fZhfC0dz4EaOzxLZoO0Jbc -+W0MDtnonwEjFo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV -+HQ4EFgQUwnFq0MQUIQUaXi6iJBDXTnQm71EwHwYDVR0jBBgwFoAUyZFTCmN7FluL -+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAJNW/oEmpz6jZ7EjUkHhxDXR -+egsZVjBO+E2hPCciEoZaM6jIDYphrCVbdOOyy1RvLBv3SRblaECmInsRpCNwf5B5 -+OaGN3hdsvx23IKnLJ7EKDauIOGhkzCMWjO8tez48UL0Wgta0+TpuiOT+UBoKb9fw -+f0f4ab9wD9pED7ghMKlwI6/oppS4PrhwYS2nwYwGXpmgu6QZDln/cgoU7cQV7r3J -+deMCpKGPyS429B9mUxlggZYvvJOm35ZiI7UAcGhJWIUrdXBxqx3DQ3CSf75vGP87 -+2vn6ZoXRXSLfE48GpUtQzP6/gZti68vZrHdzKWTyZxMs4+PGoHrW5hbNDsghKDs= - -----END CERTIFICATE----- -diff -up openssl-3.0.5/test/smime-certs/smec1.pem.0061 openssl-3.0.5/test/smime-certs/smec1.pem ---- openssl-3.0.5/test/smime-certs/smec1.pem.0061 2022-09-02 14:17:15.325436610 +0200 -+++ openssl-3.0.5/test/smime-certs/smec1.pem 2022-09-02 14:17:15.345436786 +0200 -@@ -1,22 +1,22 @@ - -----BEGIN PRIVATE KEY----- --MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgdOomk0EB/oWMnTZB --Qm5XMjlKnZNF4PMpwgov0Tj3u8OhRANCAATbG6XprSqHiD9AxWJiXRFgS+y38DGZ --7hpSjs4bd95L+Lli+O91/lUy7Tb8aJ6VU2CoyWQjV4sQjbdVqeD+y4Ky -+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgXzBRX9Z5Ib4LAVAS -+DMlYvkj0SmLmYvWULe2LfyXRmpWhRANCAAS+SIj2FY2DouPRuNDp9WVpsqef58tV -+3gIwV0EOV/xyYTzZhufZi/aBcXugWR1x758x4nHus2uEuEFi3Mr3K3+x - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIICrTCCAZWgAwIBAgIUdLT4B443vbxt0B8Mzy0sR4+6AyowDQYJKoZIhvcNAQEL -+MIICqzCCAZOgAwIBAgIUZsuXIOmILju0nz1jVSgag5GrPyMwDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw --NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgRUMgIzEwWTATBgcqhkjOPQIBBggq --hkjOPQMBBwNCAATbG6XprSqHiD9AxWJiXRFgS+y38DGZ7hpSjs4bd95L+Lli+O91 --/lUy7Tb8aJ6VU2CoyWQjV4sQjbdVqeD+y4Kyo2AwXjAMBgNVHRMBAf8EAjAAMA4G --A1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUOia9H7l0qw3ftsDgEEeSBrHwQrwwHwYD --VR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZIhvcNAQELBQADggEB --AC7h/QkMocYANPqMQAO2okygG+OaE4qpKnlzHPUFMYedJGCvAWrwxu4hWL9T+hZo --qilM7Fwaxw/P4Zaaa15SOOhXkIdn9Fu2ROmBQtEiklmWGMjiZ6F+9NCZPk0cTAXK --2WQZOy41YNuvts+20osD4X/8x3fiARlokufj/TVyE73wG8pSSDh4KxWDfKv5Pi1F --PC5IJh8XVELnFkeY3xjtoux5AYT+1xIQHO4eBua02Y1oPiWG7l/sK3grVlxrupd9 --pXowwFlezWZP9q12VlWkcqwNb9hF9PkZge9bpiOJipSYgyobtAnms/CRHu3e6izl --LJRua7p4Wt/8GQENDrVkHqU= -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjUyNFoXDTMyMDMz -+MTE0MjUyNFowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMxMFkwEwYHKoZIzj0CAQYIKoZI -+zj0DAQcDQgAEvkiI9hWNg6Lj0bjQ6fVlabKnn+fLVd4CMFdBDlf8cmE82Ybn2Yv2 -+gXF7oFkdce+fMeJx7rNrhLhBYtzK9yt/saNgMF4wDAYDVR0TAQH/BAIwADAOBgNV -+HQ8BAf8EBAMCBeAwHQYDVR0OBBYEFH/JvELYMj4nJ2HHUUyA9sxOYvNHMB8GA1Ud -+IwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQCp -+sSEupiqT7S6oPS/5qtRF6POyxmhkH/Eh+RJitOODutxneJh+NdDqAQAOCexqcsF9 -+1BH9hB/H6b3mS4CbcRG6R/EwzqMPUgy8OYXTrqWI9jzMKGyrBo59QFfGrwP1h8hj -+weVOVQU1iOloWPOfvMHehjX1Wt79/6BMMBvw+2qXXLAw2xpLFa4lU6HSoTiwoS5R -+mimrHnZ9tQZb54bsvdrW84kV3u1FIQ5G7jAduu97Wfr3eZGaJhW1MZLeoL7Z4Usy -+hRd2TJ6bZanb+wUJBcHOeW5ETj9MPtPsGIp8vETmY5XDm4UlX6tp4gAe4oeoIXFQ -+V5ASvNRiGWIJK5XF+zRY - -----END CERTIFICATE----- -diff -up openssl-3.0.5/test/smime-certs/smec2.pem.0061 openssl-3.0.5/test/smime-certs/smec2.pem ---- openssl-3.0.5/test/smime-certs/smec2.pem.0061 2022-09-02 14:17:15.330436654 +0200 -+++ openssl-3.0.5/test/smime-certs/smec2.pem 2022-09-02 14:17:15.347436804 +0200 -@@ -1,23 +1,23 @@ - -----BEGIN PRIVATE KEY----- --MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAEkuzLBwx5bIw3Q2PMNQ --HzaY8yL3QLjzaJ8tCHrI/JTb9Q7VoUwDSgAEAu8b2HvLzKd0qhPtIw65Lh3OgF3X --IN5874qHwt9zPSvokijSAH3v9tcBJPdRLD3Lweh2ZPn5hMwVwVorHqSgASk5vnjp --HqER -+MIGPAgEAMBAGByqGSM49AgEGBSuBBAAQBHgwdgIBAQQjhHaq507MOBznelrLG/pl -+brnnJi/iEJUUp+Pm3PEiteXqckmhTANKAAQF2zs6vobmoT+M+P2+9LZ7asvFBNi7 -+uCzLYF/8j1Scn/spczoC9vNzVhNw+Lg7dnjNL4EDIyYZLl7E0v69luzbvy+q44/8 -+6bQ= - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIICsjCCAZqgAwIBAgIUFMjrNKt+D8tzvn7jtjZ5HrLcUlswDQYJKoZIhvcNAQEL -+MIICsDCCAZigAwIBAgIUWJSICrM9ZdmN6/jF/PoKng63XR0wDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw --NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgRUMgIzIwXjAQBgcqhkjOPQIBBgUr --gQQAEANKAAQC7xvYe8vMp3SqE+0jDrkuHc6AXdcg3nzviofC33M9K+iSKNIAfe/2 --1wEk91EsPcvB6HZk+fmEzBXBWisepKABKTm+eOkeoRGjYDBeMAwGA1UdEwEB/wQC --MAAwDgYDVR0PAQH/BAQDAgXgMB0GA1UdDgQWBBSqWRYUy2syIUwfSR31e19LeNXK --9TAfBgNVHSMEGDAWgBQVwRMha+JVX6dqHVcg1s/zqXNkWTANBgkqhkiG9w0BAQsF --AAOCAQEASbh+sI03xUMMzPT8bRbWNF5gG3ab8IUzqm05rTa54NCPRSn+ZdMXcCFz --5fSU0T1dgEjeD+cCRVAZxskTZF7FWmRLc2weJMf7x+nPE5KaWyRAoD7FIKGP2m6m --IMCVOmiafuzmHASBYOz6RwjgWS0AWES48DJX6o0KpuT4bsknz+H7Xo+4+NYGCRao --enqIMZmWesGVXJ63pl32jUlXeAg59W6PpV2L9XRWLzDW1t1q2Uji7coCWtNjkojZ --rv0yRMc1czkT+mAJRAJ8D9MoTnRXm1dH4bOxte4BGUHNQ2P1HeV01vkd1RTL0g0R --lPyDAlBASvMn7RZ9nX8G3UOOL6gtVA== -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjgxOVoXDTMyMDMz -+MTE0MjgxOVowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMyMF4wEAYHKoZIzj0CAQYFK4EE -+ABADSgAEBds7Or6G5qE/jPj9vvS2e2rLxQTYu7gsy2Bf/I9UnJ/7KXM6Avbzc1YT -+cPi4O3Z4zS+BAyMmGS5exNL+vZbs278vquOP/Om0o2AwXjAMBgNVHRMBAf8EAjAA -+MA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUZ/5BJCWQ3bQ+w03vH6OZAgkENxcw -+HwYDVR0jBBgwFoAUyZFTCmN7FluLvUTwdoipJObltmwwDQYJKoZIhvcNAQELBQAD -+ggEBACMGL6tuV/1lfrnx7TN/CnWdLEp55AlmzJ3MT9dXSOO1/df/fO3uAiiBNMyQ -+Rcf4vOeBZEk/Xq6GIaAbuuT5ECg50uopEGjUDR9sRWC5yiw2CRQ5ZWTcqMapv+E5 -+7/1/tpaVHy+ZkJpbTV6O9gogEPy6uoft+tsel6NFoAj9ulkjuX9TortkVGPTfedd -+oevI32G3z4L4Gv1PCZvFMwEIiAuFDZBbD86gw7rH4BNihRujJRhpnxeRu8zJYB60 -+cNeR2N7humdUy5uZnj6YHy3g2j0EDKOITHydIvL1KkSlihQrxEX5kMRr9RWRyFXJ -+/UfNk+5Y3g5Mm642MLvjBEUqurw= - -----END CERTIFICATE----- -diff -up openssl-3.0.5/test/smime-certs/smroot.pem.0061 openssl-3.0.5/test/smime-certs/smroot.pem ---- openssl-3.0.5/test/smime-certs/smroot.pem.0061 2022-09-02 14:17:15.329436645 +0200 -+++ openssl-3.0.5/test/smime-certs/smroot.pem 2022-09-02 14:17:15.346436795 +0200 -@@ -1,49 +1,49 @@ - -----BEGIN PRIVATE KEY----- --MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDZLSl8LdU54OUA --T8ctFuKLShJul2IMzaEDkFLoL4agccajgvsRxW+8vbc2Re0y1mVMvfNz7Cg5a7Ke --iSuFJOrQtvDt+HkU5c706YDmw15mBpDSHapkXr80G/ABFbstWafOfagVW45wv65K --H4cnpcqwrLhagmC8QG0KfWbf+Z2efOxaGu/dTNA3Cnq/BQGTdlkQ28xbrvd+Ubzg --cY4Y/hJ7Fw1/IeEhgr/iVJhQIUAklp9B+xqDfWuxIt5mNwWWh/Lfk+UxqE99EhQR --0YZWyIKfKzbeJLBzDqY2hQzVL6kAvY9cR1WbBItTA0G2F5qZ9B/3EHEFWZMBvobt --+UTEkuBdAgMBAAECggEAF3Eagz7nPyIZVdlGpIVN2r8aEjng6YTglmPjrxBCNdtS --F6AxvY9UKklIF2Gg4tXlhU0TlDWvedM4Koif2/VKK1Ez3FvvpePQXPs/YKlB7T1U --MHnnRII9nUBOva88zv5YcJ97nyKM03q9M18H1a29nShnlc1w56EEpBc5HX/yFYMv --kMYydvB5j0DQkJlkQNFn4yRag0wIIPeyXwwh5l98SMlr40hO10OYTOQPrrgP/ham --AOZ//DvGo5gF8hGJYoqG4vcYbxRfTqbc2lQ4XRknOT182l9gRum52ahkBY6LKb4r --IZXPStS6fCAR5S0lcdBb3uN/ap9SUfb9w/Dhj5DZAQKBgQDr06DcsBpoGV2dK9ib --YL5MxC5JL7G79IBPi3ThRiOSttKXv3oDAFB0AlJvFKwYmVz8SxXqQ2JUA4BfvMGF --TNrbhukzo0ou5boExnQW/RjLN3fWVq1JM7iLbNU9YYpPCIG5LXrt4ZDOwITeGe8f --bmZK9zxWxc6BBJtc3mTFS5tm4QKBgQDrwRyEn6oZ9TPbR69fPgWvDqQwKs+6TtYn --0otMG9UejbSMcyU4sI+bZouoca2CzoNi2qZVIvI9aOygUHQAP7Dyq1KhsvYtzJub --KEua379WnzBMMjJ56Q/e4aKTq229QvOk+ZEYl6aklZX7xnYetYNZQrp4QzUyOQTG --gfxgxKi0/QKBgQCy1esAUJ/F366JOS3rLqNBjehX4c5T7ae8KtJ433qskO4E29TI --H93jC7u9txyHDw5f2QUGgRE5Cuq4L2lGEDFMFvQUD7l69QVrB6ATqt25hhffuB1z --DMDfIqpXAPgk1Rui9SVq7gqlb4OS9nHLESqLoQ/l8d2XI4o6FACxSZPQoQKBgQCR --8AvwSUoqIXDFaB22jpVEJYMb0hSfFxhYtGvIZF5MOJowa0L6UcnD//mp/xzSoXYR --pppaj3R28VGxd7wnP0YRIl7XfAoKleMpbAtJRwKR458pO9WlQ9GwPeq/ENqw0xYx --5M+d8pqUvYiHv/X00pYJllYKBkiS21sKawLJAFQTHQKBgQCJCwVHxvxkdQ8G0sU2 --Vtv2W38hWOSg5+cxa+g1W6My2LhX34RkgKzuaUpYMlWGHzILpxIxhPrVLk1ZIjil --GIP969XJ1BjB/kFtLWdxXG8tH1If3JgzfSHUofPHF3CENoJYEZ1ugEfIPzWPZJDI --DL5zP8gmBL9ZAOO/J9YacxWYMQ== -+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyyQXED5HyVWwq -+nXyzmY317yMUJrIfsKvREG2C691dJNHgNg+oq5sjt/fzkyS84AvdOiicAsao4cYL -+DulthaLpbC7msEBhvwAil0FNb5g3ERupe1KuTdUV1UuD/i6S2VoaNXUBBn1rD9Wc -+BBc0lnx/4Wt92eQTI6925pt7ZHPQw2Olp7TQDElyi5qPxCem4uT0g3zbZsWqmmsI -+MXbu+K3dEprzqA1ucKXbxUmZNkMwVs2XCmlLxrRUj8C3/zENtH17HWCznhR/IVcV -+kgIuklkeiDsEhbWvUQumVXR7oPh/CPZAbjGqq5mVueHSHrp7brBVZKHZvoUka28Q -+LWitq1W5AgMBAAECggEASkRnOMKfBeOmQy2Yl6K57eeg0sYgSDnDpd0FINWJ5x9c -+b58FcjOXBodtYKlHIY6QXx3BsM0WaSEge4d+QBi7S+u8r+eXVwNYswXSArDQsk9R -+Bl5MQkvisGciL3pvLmFLpIeASyS/BLJXMbAhU58PqK+jT2wr6idwxBuXivJ3ichu -+ISdT1s2aMmnD86ulCD2DruZ4g0mmk5ffV+Cdj+WWkyvEaJW2GRYov2qdaqwSOxV4 -+Yve9qStvEIWAf2cISQjbnw2Ww6Z5ebrqlOz9etkmwIly6DTbrIneBnoqJlFFWGlF -+ghuzc5RE2w1GbcKSOt0qXH44MTf/j0r86dlu7UIxgQKBgQDq0pEaiZuXHi9OQAOp -+PsDEIznCU1bcTDJewANHag5DPEnMKLltTNyLaBRulMypI+CrDbou0nDr29VOzfXx -+mNvi/c7RttOBOx7kXKvu0JUFKe2oIWRsg0KsyMX7UFMVaHFgrW+8DhQc7HK7URiw -+nitOnA7YwIHRF9BMmcWcLFEYBQKBgQDC6LPbXV8COKO0YCfGXPnE7EZGD/p0Q92Z -+8CoSefphEScSdO1IpxFXG7fOZ4x2GQb9q7D3IvaeKAqNjUjkuyxdB30lIWDBwSWw -+fFgsa2SZwD5P60G/ar50YJr6LiF333aUMDVmC9swFfZERAEmGUz2NTrPWQdIx/lu -+PyDtUR75JQKBgHaoCCJ8vl5SJl1IA5GV4Bo8IoeLTSzsY9d09zMy6BoZcMD1Ix2T -+5S2cXhayoegl9PT6bsYSGHVWFCdJ86ktMI826TcXRzDaCvYhzc9THroJQcnfdbtP -+aHWezkv7fsAmkoPjn75K7ubeo+r7Q5qbkg6a1PW58N8TRXIvkackzaVxAoGBALAq -+qh3U+AHG9dgbrPeyo6KkuCOtX39ks8/mbfCDRZYkbb9V5f5r2tVz3R93IlK/7jyr -+yWimtmde46Lrl33922w+T5OW5qBZllo9GWkUrDn3s5qClcuQjJIdmxYTSfbSCJiK -+NkmE39lHkG5FVRB9f71tgTlWS6ox7TYDYxx83NTtAoGAUJPAkGt4yGAN4Pdebv53 -+bSEpAAULBHntiqDEOu3lVColHuZIucml/gbTpQDruE4ww4wE7dOhY8Q4wEBVYbRI -+vHkSiWpJUvZCuKG8Foh5pm9hU0qb+rbQV7NhLJ02qn1AMGO3F/WKrHPPY8/b9YhQ -+KfvPCYimQwBjVrEnSntLPR0= - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDezCCAmOgAwIBAgIUBxh2L3ItsVPuBogDI0WfUX1lFnMwDQYJKoZIhvcNAQEL -+MIIDeTCCAmGgAwIBAgIUF/2lFo3fH3uYuFalQVSIFqcYtd4wDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw --NTEwMTUzMzEzWjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgUlNBIFJvb3QwggEiMA0GCSqGSIb3DQEB --AQUAA4IBDwAwggEKAoIBAQDZLSl8LdU54OUAT8ctFuKLShJul2IMzaEDkFLoL4ag --ccajgvsRxW+8vbc2Re0y1mVMvfNz7Cg5a7KeiSuFJOrQtvDt+HkU5c706YDmw15m --BpDSHapkXr80G/ABFbstWafOfagVW45wv65KH4cnpcqwrLhagmC8QG0KfWbf+Z2e --fOxaGu/dTNA3Cnq/BQGTdlkQ28xbrvd+UbzgcY4Y/hJ7Fw1/IeEhgr/iVJhQIUAk --lp9B+xqDfWuxIt5mNwWWh/Lfk+UxqE99EhQR0YZWyIKfKzbeJLBzDqY2hQzVL6kA --vY9cR1WbBItTA0G2F5qZ9B/3EHEFWZMBvobt+UTEkuBdAgMBAAGjYzBhMB0GA1Ud --DgQWBBQVwRMha+JVX6dqHVcg1s/zqXNkWTAfBgNVHSMEGDAWgBQVwRMha+JVX6dq --HVcg1s/zqXNkWTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkq --hkiG9w0BAQsFAAOCAQEAvdAmpDPi1Wt7Hk30dXKF7Ug6MUKETi+uoO1Suo9JhNko --/cpvoi8fbo/dnWVDfHVoItEn644Svver5UJdKJY62DvhilpCtAywYfCpgxkpKoKE --dnpjnRBSMcbVDImsqvf1YjzFKiOiD7kcVvz4V0NZY91ZWwu3vgaSvcTJQkpWN0a+ --LWanpVKqigl8nskttnBeiHDHGebxj3hawlIdtVlkbQwLLwlVkX99x1F73uS33IzB --Y6+ZJ2is7mD839B8fOVd9pvPvBBgahIrw5tzJ/Q+gITuVQd9E6RVXh10/Aw+i/8S --7tHpEUgP3hBk1P+wRQBWDxbHB28lE+41jvh3JObQWQ== -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDE1MloXDTMyMDUy -+MDE0MDE1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MIIBIjANBgkqhkiG9w0BAQEF -+AAOCAQ8AMIIBCgKCAQEAsskFxA+R8lVsKp18s5mN9e8jFCayH7Cr0RBtguvdXSTR -+4DYPqKubI7f385MkvOAL3ToonALGqOHGCw7pbYWi6Wwu5rBAYb8AIpdBTW+YNxEb -+qXtSrk3VFdVLg/4uktlaGjV1AQZ9aw/VnAQXNJZ8f+FrfdnkEyOvduabe2Rz0MNj -+pae00AxJcouaj8QnpuLk9IN822bFqpprCDF27vit3RKa86gNbnCl28VJmTZDMFbN -+lwppS8a0VI/At/8xDbR9ex1gs54UfyFXFZICLpJZHog7BIW1r1ELplV0e6D4fwj2 -+QG4xqquZlbnh0h66e26wVWSh2b6FJGtvEC1oratVuQIDAQABo2MwYTAdBgNVHQ4E -+FgQUyZFTCmN7FluLvUTwdoipJObltmwwHwYDVR0jBBgwFoAUyZFTCmN7FluLvUTw -+doipJObltmwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI -+hvcNAQELBQADggEBAFUbNCqSA5JTIk4wkLiDxs6sGVgSGS/XyFurT5WtyLwR6eiN -+r1Osq3DrF1805xzOjFfk3yYk2ctMMMXVEfXZavfNWgGSyUi6GrS+X1+y5snMpP7Z -+tFlb7iXxiSn5lUE1IS3y9bAlWUwTnOwdX2RuALVAzQ6oAvGIIOhb7FTkMqwsQBDx -+kBA9sgdCKv4d7zgFGdDMh1PGuia7+ZPWS9Nt3+WfRKzy4cf2p8+FTWkv1z7PtCSo -+bZySoXgav6WYGdA0VZY29HzVWC5d/LwSkeJr7pw09UjXBPnrDHbJRa+4JpwwsMT2 -+b1E+cp36aagmQW97e8dCf3VzZWcD2bNJ9QM59d8= - -----END CERTIFICATE----- -diff -up openssl-3.0.5/test/smime-certs/smrsa1.pem.0061 openssl-3.0.5/test/smime-certs/smrsa1.pem ---- openssl-3.0.5/test/smime-certs/smrsa1.pem.0061 2022-09-02 14:17:15.328436636 +0200 -+++ openssl-3.0.5/test/smime-certs/smrsa1.pem 2022-09-02 14:17:15.346436795 +0200 -@@ -1,49 +1,49 @@ - -----BEGIN PRIVATE KEY----- --MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDax3T7alefZcbm --CcdN0kEoBLwV8H25vre43RYjuPo64TBjeKUy27ayC1TXydF1eYm3HPrFYfkS0fZ6 --YK0xvwyxiQnesvcfnVe2fpXFPsl5RQvu1JKM7rJAuLC+YTRLez07IHhQnHQ25ZkR --+B4SL5mIhuOSJ9yyFJYJQ3Kdw/aX/jtnWVR8p3FyghJptWIm90ufW4xWFY0yNSW1 --KmkZuOWF7VPh5RC1C7woB/RHhyD2gOP7tF+eDJ/QbX4iki4gPRFHuNrSV8ZpvDkI --qqyF5BW8tyJneDkoWW8IuEpmNIzfbOCHvI6y7roeAmRrwH4/o5WxaEIsnQ/3pNvj --n6+vA+nfAgMBAAECggEAFR5MHQQYCYjDXoDoI7YdgwA+AFIoGLjKYZu5yjX4tZv3 --gJ/si7sTaMlY5cGTU1HUPirxIVeCjv4Eha31BJ3KsGJ9jj6Gm0nOuzd/O+ctKeRv --2/HaDvpFlk4dsCrlkjmxteuS9u5l9hygniWYutcBwjY0cRnMScZcm0VO+DVVMDj0 --9yNrFzhlmqV+ckawjK/J91r0uvnCVIsGA6akhlc5K0gwvFb/CC1WuceEeGx/38k3 --4OuiHtLyJfIlgyGD8C3QfJlMOBHeQ/DCo6GMqrOAad/chtcO7JklcJ+k2qylP2gu --e25NJCQVh+L32b9WrH3quH6fbLIg8a8MmUWl6te3FQKBgQDddu0Dp8R8fe2WnAE5 --oXdASAf2BpthRNqUdYpkkO7gOV0MXCKIEiGZ+WuWEYmNlsXZCJRABprqLw9O/5Td --2q+rCbdG9mSW2x82t/Ia4zd3r0RSHZyKbtOLtgmWfQkwVHy+rED8Juie5bNzHbjS --1mYtFP2KDQ5yZA95yFg8ZtXOawKBgQD85VOPnfXGOJ783JHepAn4J2x1Edi+ZDQ+ --Ml9g2LwetI46dQ0bF6V8RtcyWp0+6+ydX5U4JKhERFDivolD7Z1KFmlNLPs0cqSX --5g5kzTD+R+zpr9FRragYKyLdHsLP0ur75Rh5FQkUl2DmeKCMvMKAkio0cduVpVXT --SvWUBtkHXQKBgBy4VoZZ1GZcolocwx/pK6DfdoDWXIIhvsLv91GRZhkX91QqAqRo --zYi9StF8Vr1Q5zl9HlSrRp3GGpMhG/olaRCiQu1l+KeDpSmgczo/aysPRKntgyaE --ttRweA/XCUEGQ+MqTYcluJcarMnp+dUFztxb04F6rfvxs/wUGjVDFMkfAoGBAK+F --wx9UtPZk6gP6Wsu58qlnQ2Flh5dtGM1qTMR86OQu0OBFyVjaaqL8z/NE7Qp02H7J --jlmvJ5JqD/Gv6Llau+Zl86P66kcWoqJCrA7OU4jJBueSfadA7gAIQGRUK0Xuz+UQ --tpGjRfAiuMB9TIEhqaVuzRglRhBw9kZ2KkgZEJyJAoGBANrEpEwOhCv8Vt1Yiw6o --co96wYj+0LARJXw6rIfEuLkthBRRoHqQMKqwIGMrwjHlHXPnQmajONzIJd+u+OS4 --psCGetAIGegd3xNVpK2uZv9QBWBpQbuofOh/c2Ctmm2phL2sVwCZ0qwIeXuBwJEc --NOlOojKDO+dELErpShJgFIaU -+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDXr9uzB/20QXKC -+xhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK2bcj54XB26i1kXuOrxID -+3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt+W6lSd6Hmfrk4GmE9LTU -+/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JFYg4c7qt5RCk/w8kwrQ0D -+orQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSebvt0APeqgRxSpCxqYnHs -+CoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxMkjpJSv3/ekDG2CHYxXSH -+XxpJstxZAgMBAAECggEASY4xsJaTEPwY3zxLqPdag2/yibBBW7ivz/9p80HQTlXp -+KnbxXj8nNXLjCytAZ8A3P2t316PrrTdLP4ML5lGwkM4MNPhek00GY79syhozTa0i -+cPHVJt+5Kwee/aVI9JmCiGAczh0yHyOM3+6ttIZvvXMVaSl4BUHvJ0ikQBc5YdzL -+s6VM2gCOR6K6n+39QHDI/T7WwO9FFSNnpWFOCHwAWtyBMlleVj+xeZX8OZ/aT+35 -+27yjsGNBftWKku29VDineiQC+o+fZGJs6w4JZHoBSP8TfxP8fRCFVNA281G78Xak -+cEnKXwZ54bpoSa3ThKl+56J6NHkkfRGb8Rgt/ipJYQKBgQD5DKb82mLw85iReqsT -+8bkp408nPOBGz7KYnQsZqAVNGfehM02+dcN5z+w0jOj6GMPLPg5whlEo/O+rt9ze -+j6c2+8/+B4Bt5oqCKoOCIndH68jl65+oUxFkcHYxa3zYKGC9Uvb+x2BtBmYgvDRG -+ew6I2Q3Zyd2ThZhJygUZpsjsbQKBgQDdtNiGTkgWOm+WuqBI1LT5cQfoPfgI7/da -+ZA+37NBUQRe0cM7ddEcNqx7E3uUa1JJOoOYv65VyGI33Ul+evI8h5WE5bupcCEFk -+LolzbMc4YQUlsySY9eUXM8jQtfVtaWhuQaABt97l+9oADkrhA+YNdEu2yiz3T6W+ -+msI5AnvkHQKBgDEjuPMdF/aY6dqSjJzjzfgg3KZOUaZHJuML4XvPdjRPUlfhKo7Q -+55/qUZ3Qy8tFBaTderXjGrJurc+A+LiFOaYUq2ZhDosguOWUA9yydjyfnkUXZ6or -+sbvSoM+BeOGhnezdKNT+e90nLRF6cQoTD7war6vwM6L+8hxlGvqDuRNFAoGAD4K8 -+d0D4yB1Uez4ZQp8m/iCLRhM3zCBFtNw1QU/fD1Xye5w8zL96zRkAsRNLAgKHLdsR -+355iuTXAkOIBcJCOjveGQsdgvAmT0Zdz5FBi663V91o+IDlryqDD1t40CnCKbtRG -+hng/ruVczg4x7OYh7SUKuwIP/UlkNh6LogNreX0CgYBQF9troLex6X94VTi1V5hu -+iCwzDT6AJj63cS3VRO2ait3ZiLdpKdSNNW2WrlZs8FZr/mVutGEcWho8BugGMWST -+1iZkYwly9Xfjnpd0I00ZIlr2/B3+ZsK8w5cOW5Lpb7frol6+BkDnBjbNZI5kQndn -+zQpuMJliRlrq/5JkIbH6SA== - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDeTCCAmGgAwIBAgIUM6U1Peo3wzfAJIrzINejJJfmRzkwDQYJKoZIhvcNAQEL -+MIIDdzCCAl+gAwIBAgIUNrEw2I4NEV0Nbo7AVOF9z4mPBiYwDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw --NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMxMIIBIjANBgkqhkiG9w0B --AQEFAAOCAQ8AMIIBCgKCAQEA2sd0+2pXn2XG5gnHTdJBKAS8FfB9ub63uN0WI7j6 --OuEwY3ilMtu2sgtU18nRdXmJtxz6xWH5EtH2emCtMb8MsYkJ3rL3H51Xtn6VxT7J --eUUL7tSSjO6yQLiwvmE0S3s9OyB4UJx0NuWZEfgeEi+ZiIbjkifcshSWCUNyncP2 --l/47Z1lUfKdxcoISabViJvdLn1uMVhWNMjUltSppGbjlhe1T4eUQtQu8KAf0R4cg --9oDj+7Rfngyf0G1+IpIuID0RR7ja0lfGabw5CKqsheQVvLciZ3g5KFlvCLhKZjSM --32zgh7yOsu66HgJka8B+P6OVsWhCLJ0P96Tb45+vrwPp3wIDAQABo2AwXjAMBgNV --HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUHw4Us7FXwgLtZ1JB --MOAHSkNYfEkwHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI --hvcNAQELBQADggEBAAMAXEjTNo7evn6BvfEaG2q21q9xfFear/M0zxc5xcTj+WP+ --BKrlxXg5RlVFyvmzGhwZBERsDMJYa54aw8scDJsy/0zPdWST39dNev7xH13pP8nF --QF4MGPKIqBzX8iDCqhz70p1w2ndLjz1dvsAqn6z9/Sh3T2kj6DfZY3jA49pMEim1 --vYd4lWa5AezU3+cLtBbo2c2iyG2W7SFpnNTjLX823f9rbVPnUb93ZI/tDXDIf5hL --0hocZs+MWdC7Ly1Ru4PXa6+DeOM0z673me/Q27e24OBbG2eq5g7eW5euxJinGkpI --XGGKTKrBCPxSdTtwSNHU9HsggT8a0wXL2QocZ3w= -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDczN1oXDTMyMDMz -+MTE0MDczN1owRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMTCCASIwDQYJKoZIhvcNAQEB -+BQADggEPADCCAQoCggEBANev27MH/bRBcoLGGR82cm+XbGXWHN05ytCYCqj4AABw -+D8Pj0ia4kNVBForZtyPnhcHbqLWRe46vEgPf961RvzK51/Hw4BXCHwbTFUDjOGvy -+5dbzlba0Gvi/Qu35bqVJ3oeZ+uTgaYT0tNT+/OX0dQ9bpJlKE3UbSdjqh5Re8uLS -+9qwRQq/drnVPokViDhzuq3lEKT/DyTCtDQOitDAJ2Q48QiILhv6c9K0XXZJWblvH -+yttjOKjG5j891J5u+3QA96qBHFKkLGpicewKg14fNKsZdw/QI7MV5Q7Pa12uGYfT -+0ktsZmziduiM/EySOklK/f96QMbYIdjFdIdfGkmy3FkCAwEAAaNgMF4wDAYDVR0T -+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFOaNz6WtNC5jH9UE4EaM -+y+59qO+EMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 -+DQEBCwUAA4IBAQBMz3Ef3U0blTGhfP9HIBq09fWCgUN3aDDLZ/B6biFfWM87wlAm -+CdIuy2jhiEt8Ld8U9y8dbO7c2gzHBGc9FhScBkfQInrbhSctXL/r/wOc0divK9rq -+oXL2cL/CFfzcYPWNN3w6JAJyOhkhWnqF+/0T8+NdiRLE3a9NfX3a83GpfBVccYKQ -+kKKeVIw2K1dYbtlSo1HwOckxqUzN00IPs3xC8U9KNXKy7o0kdetKhk70DzXQ64j0 -+EcmXxqPaCkgo3fl9z9nzKlWhg/qIi/1Bd1bpMP8IXAPEURDqhi0KI0w9GPCQRjfY -+7NwXrLEayBoL8TNxcJ3FwdI20+bmhhILBZgO - -----END CERTIFICATE----- -diff -up openssl-3.0.5/test/smime-certs/smrsa2.pem.0061 openssl-3.0.5/test/smime-certs/smrsa2.pem ---- openssl-3.0.5/test/smime-certs/smrsa2.pem.0061 2022-09-02 14:17:15.333436680 +0200 -+++ openssl-3.0.5/test/smime-certs/smrsa2.pem 2022-09-02 14:17:15.347436804 +0200 -@@ -1,49 +1,49 @@ - -----BEGIN PRIVATE KEY----- --MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDkoMi4sqj2mN8j --SaFAibXEfeYYrzBHIdCm/uaXWit81fXOSFVw1rbeAppxz7bOcSEN50lpdP2UX3/b --FYFD3exHXjvch9NPNgQaNkCqTNTuYa2L9wrpltXnon7tH3W/zZfF+/qpUSu1f6rk --GyxjVXxLwjIawCX0rbLcdFCVVy+EyvQkvSxXjafrDMzshWzPDbtjUv3SH6avqrPn --4NX0fv3BdBwTfDLAw/m8nN+9B9Mg0V7UNM1IJY/Vo5pLhv+MrEf8SnAS+1Wt43rT --3PY9iMZMMWUswdgmPY0yCN95ggwNrSMGV60yvEDxINWuJoR8s0lybDdFa+AB5v4T --hqKpspFNAgMBAAECggEAZmWu0K5QJ7Y7Rlo9ayLicsFyk36vUESQZ6MF0ybzEEPi --BkR2ZAX+vDuNQckm1pprlAcRZbactl35bT3Z+fQE1cgaZoC8/x6xwq2m0796pNPB --v0zjqdBBOLAaSgjLm56wyd88GqZ8vZsTBnw3KrxIYcP13e5OcaJ0V/GOf/yfD0lg --Tq9i7V5Iq++Fpo2KvJA8FMgqcfhvhdo40rRykoBfzEZpBk4Ia/Yijsbx5sE15pFZ --DfmsMbD+vViuM8IavHo61mBNyYeydwlgIMqUgP/6xbYUov/XSUojrLG+IQuvDx9D --xzTHGM+IBJxQZMza/mDVcjUAcDEjWt/Mve8ibTQCbwKBgQDyaiGsURtlf/8xmmvT --RQQFFFsJ8SXHNYmnceNULIjfDxpLk1yC4kBNUD+liAJscoVlOcByHmXQRtnY1PHq --AwyrwplGd82773mtriDVFSjhD+GB7I0Hv2j+uiFZury0jR/6/AsWKCtTqd0opyuB --8rGZjguiwZIjeyxd8mL1dncUHwKBgQDxcNxHUvIeDBvAmtK65xWUuLcqtK9BblBH --YVA7p93RqX4E+w3J0OCvQRQ3r1GCMMzFEO0oOvNfMucU4rbQmx1pbzF8aQU+8iEW --kYpaWUbPUQ2hmBblhjGYHsigt/BrzaW0QveVIWcGiyVVX9wiCzJH5moJlCRK2oHR --B36hdlmNEwKBgQCSlWSpOx4y4RQiHXtn9Eq6+5UVTPGIJTKIwxAwnQFiyFIhMwl0 --x3UUixsBcF3uz80j6akaGJF+QOmH+TQTSibGUdS3TMhmBSfxwuJtlu7yMNUu6Chb --b/4AUfLKvGVRVCjrbq8Rhda1L3jhFTz0xhlofgFBOIWy2M96O5BlV24oBwKBgQDs --cf93ZfawkGEZVUXsPeQ3mlHe48YCCPtbfCSr13B3JErCq+5L52AyoUQgaHQlUI8o --qrPmQx0V7O662G/6iP3bxEYtNVgq1cqrpGpeorGi1BjKWPyLWMj21abbJmev21xc --1XxLMsQHd3tfSZp2SIq8OR09NjP4jla1k2Ziz1lRuwKBgQCUJXjhW4dPoOzC7DJK --u4PsxcKkJDwwtfNudVDaHcbvvaHELTAkE2639vawH0TRwP6TDwmlbTQJP4EW+/0q --13VcNXVAZSruA9dvxlh4vNUH3PzTDdFIJzGVbYbV9p5t++EQ7gRLuLZqs99BOzM9 --k6W9F60mEFz1Owh+lQv7WfSIVA== -+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcYC4tS2Uvn1Z2 -+iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iFAzAnwqR/UB1R67ETrsWq -+V8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFpcXepPWQacpuBq2VvcKRD -+lDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS0PZ9EZB63T1gmwaK1Rd5 -+U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1NcojhptIWyI0r7dgn5J3 -+NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0EFWyQf7iDxGaA93Y9ePB -+Jv5iFZVZAgMBAAECggEBAILIPX856EHb0KclbhlpfY4grFcdg9LS04grrcTISQW1 -+J3p9nBpZ+snKe6I8Yx6lf5PiipPsSLlCliHiWpIzJZVQCkAQiSPiHttpEYgP2IYI -+dH8dtznkdVbLRthZs0bnnPmpHCpW+iqpcYJ9eqkz0cvUNUGOjjWmwWmoRqwp/8CW -+3S1qbkQiCh0Mk2fQeGar76R06kXQ9MKDEj14zyS3rJX+cokjEoMSlH8Sbmdh2mJz -+XlNZcvqmeGJZwQWgbVVHOMUuZaKJiFa+lqvOdppbqSx0AsCRq6vjmjEYQEoOefYK -+3IJM9IvqW5UNx0Cy4kQdjhZFFwMO/ALD3QyF21iP4gECgYEA+isQiaWdaY4UYxwK -+Dg+pnSCKD7UGZUaCUIv9ds3CbntMOONFe0FxPsgcc4jRYQYj1rpQiFB8F11+qXGa -+P/IHcnjr2+mTrNY4I9Bt1Lg+pHSS8QCgzeueFybYMLaSsXUo7tGwpvw6UUb6/YWI -+LNCzZbrCLg1KZjGODhhxtvN45ZkCgYEA4YNSe+GMZlxgsvxbLs86WOm6DzJUPvxN -+bWmni0+Oe0cbevgGEUjDVc895uMFnpvlgO49/C0AYJ+VVbStjIMgAeMnWj6OZoSX -+q49rI8KmKUxKgORZiiaMqGWQ7Rxv68+4S8WANsjFxoUrE6dNV3uYDIUsiSLbZeI8 -+38KVTcLohcECgYEAiOdyWHGq0G4xl/9rPUCzCMsa4velNV09yYiiwBZgVgfhsawm -+hQpOSBZJA60XMGqkyEkT81VgY4UF4QLLcD0qeCnWoXWVHFvrQyY4RNZDacpl87/t -+QGO2E2NtolL3umesa+2TJ/8Whw46Iu2llSjtVDm9NGiPk5eA7xPPf1iEi9kCgYAb -+0EmVE91wJoaarLtGS7LDkpgrFacEWbPnAbfzW62UENIX2Y1OBm5pH/Vfi7J+vHWS -+8E9e0eIRCL2vY2hgQy/oa67H151SkZnvQ/IP6Ar8Xvd1bDSK8HQ6tMQqKm63Y9g0 -+KDjHCP4znOsSMnk8h/bZ3HcAtvbeWwftBR/LBnYNQQKBgA1leIXLLHRoX0VtS/7e -+y7Xmn7gepj+gDbSuCs5wGtgw0RB/1z/S3QoS2TCbZzKPBo20+ivoRP7gcuFhduFR -+hT8V87esr/QzLVpjLedQDW8Xb7GiO3BsU/gVC9VcngenbL7JObl3NgvdreIYo6+n -+yrLyf+8hjm6H6zkjqiOkHAl+ - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDeTCCAmGgAwIBAgIUTMQXiTcI/rpzqO91NyFWpjLE3KkwDQYJKoZIhvcNAQEL -+MIIDdzCCAl+gAwIBAgIUdWyHziJTdWjooy8SanPMwLxNsPEwDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw --NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMyMIIBIjANBgkqhkiG9w0B --AQEFAAOCAQ8AMIIBCgKCAQEA5KDIuLKo9pjfI0mhQIm1xH3mGK8wRyHQpv7ml1or --fNX1zkhVcNa23gKacc+2znEhDedJaXT9lF9/2xWBQ93sR1473IfTTzYEGjZAqkzU --7mGti/cK6ZbV56J+7R91v82Xxfv6qVErtX+q5BssY1V8S8IyGsAl9K2y3HRQlVcv --hMr0JL0sV42n6wzM7IVszw27Y1L90h+mr6qz5+DV9H79wXQcE3wywMP5vJzfvQfT --INFe1DTNSCWP1aOaS4b/jKxH/EpwEvtVreN609z2PYjGTDFlLMHYJj2NMgjfeYIM --Da0jBletMrxA8SDVriaEfLNJcmw3RWvgAeb+E4aiqbKRTQIDAQABo2AwXjAMBgNV --HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUSJ0v3SKahe6eKssR --rBvYLBprFTgwHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI --hvcNAQELBQADggEBAKoyszyZ3DfCOIVzeJrnScXuMvRkVqO5aGmgZxtY9r6gPk8v --gXaEFXDKqRbGqEnuwEjpew+SVZO8nrVpdIP7fydpufy7Cu91Ev4YL1ui5Vc66+IK --7dXV7eZYcH/dDJBPZddHx9vGhcr0w8B1W9nldM3aQE/RQjOmMRDc7/Hnk0f0RzJp --LA0adW3ry27z2s4qeCwkV9DNSh1KoGfcLwydBiXmJ1XINMFH/scD4pk9UeJpUL+5 --zvTaDzUmzLsI1gH3j/rlzJuNJ7EMfggKlfQdit9Qn6+6Gjk6T5jkZfzcq3LszuEA --EFtkxWyBmmEgh4EmvZGAyrUvne1hIIksKe3iJ+E= -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDkyNVoXDTMyMDMz -+MTE0MDkyNVowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMjCCASIwDQYJKoZIhvcNAQEB -+BQADggEPADCCAQoCggEBANxgLi1LZS+fVnaIOC1+QkDm0CqBs3pfjIrTZG1UfnF6 -+RX37r55O3/1L6IUDMCfCpH9QHVHrsROuxapXy73EuDl8cjAiSa73/o/fVRT1yCE7 -+snWVyuEe+igdoWlxd6k9ZBpym4GrZW9wpEOUN9WZ0znPp5Ld1Jk9M4ww//GTieFk -+HyZzDbuqJxw+J5LQ9n0RkHrdPWCbBorVF3lT3g+XT7OkOqFWK5eYF+IgNaOPPQHM -+ecdLPlGDhLehcXU1yiOGm0hbIjSvt2Cfknc3ELiSAp2PPKzGjqJZ3ScuDPuHSNR2 -+Pv0Q6Kzh+D0bh/QQVbJB/uIPEZoD3dj148Em/mIVlVkCAwEAAaNgMF4wDAYDVR0T -+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFPRqunJgwdcM9Uvsy/MT -+6XHvUvuyMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 -+DQEBCwUAA4IBAQBz02v4hd+EjW5NaMubkqPbgUTDRKdRq1RZM+C6m1MTMKy+8zTD -+QSKRCFf0UmSPMsdTArry9x15fmHIJW21F3bw4ISeVXRyzBhOnrGKXUt2Lg9c2MLa -+9C394ex0vw4ZGSNkrIARbM3084Chegs4PLMWLFam1H5J6wpvH8iXXYvhESW98luv -+i3HVQzqLXw7/9XHxf8RnrRcy/WhAA+KegAQMGHTo5KPLliXtypYdCxBHNcmOwJlR -+pSOp6fxhiRKN5DzcBPHOE/brZc4aNGgBHZgGg1g1Wb2lAylopgJrbyNkhEEwHVNM -+1uLCnXKV1nX+EiMKkhSV761ozdhMGljYb+GE - -----END CERTIFICATE----- -diff -up openssl-3.0.5/test/smime-certs/smrsa3.pem.0061 openssl-3.0.5/test/smime-certs/smrsa3.pem ---- openssl-3.0.5/test/smime-certs/smrsa3.pem.0061 2022-09-02 14:17:15.327436627 +0200 -+++ openssl-3.0.5/test/smime-certs/smrsa3.pem 2022-09-02 14:17:15.346436795 +0200 -@@ -1,49 +1,49 @@ - -----BEGIN PRIVATE KEY----- --MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD5A/t3norj/167 --toKG1Ygtg3G+pZ4Nwl5a9flnm8JdSMW5TEEP1TSvDVIEuAVi7xqoAn6heypoaMkB --GJ+AoSo9R7umdhhq2vnmWFNsdH6oDzynVXixyURo81YrN3sn9Xd55ivTiSpZXldi --ECr2T0BYvOw0h497bPs6gY9LqgrBHNYVF3lFhdOmYWv+2qSdti+1gV3t24pv1CrK --2AdX5Epdd5jR+eNnt+suZqoPC0hTcNjszJLcfDYFXHva9BcE0DfrgcYSmoSBU53M --jt63TClK6ZoVcPJ7vXjFRHncvs1/d+nc9BdL9FsGI1ezspSwcJHqex2wgo76yDrq --DE4s23rPAgMBAAECggEAEDi+VWD5VUpjD5zWOoPQiRDGBJBhtMAKkl6okxEmXvWb --Xz3STFnjHgA1JFHW3bRU9BHI9k8vSHmnlnkfKb3V/ZX5IHNcKCHb/x9NBak+QLVQ --0zLtfE9vxiTC0B/oac+MPaiD4hYFQ81pFwK6VS0Poi8ZCBJtOkRqfUvsyV8zZrgh --/6cs4mwOVyZPFRgF9eWXYv7PJz8pNRizhII0iv9H/r2I3DzsZLPCg7c29mP+I/SG --A7Pl82UXjtOc0KurGY2M5VheZjxJT/k/FLMkWY2GS5n6dfcyzsVSKb25HoeuvQsI --vs1mKs+Onbobdc17hCcKVJzbi3DwXs5XDhrEzfHccQKBgQD88uBxVCRV31PsCN6I --pKxQDGgz+1BqPqe7KMRiZI7HgDUK0eCM3/oG089/jsBtJcSxnScLSVNBjQ+xGiFi --YCD4icQoJSzpqJyR6gDq5lTHASAe+9LWRW771MrtyACQWNXowYEyu8AjekrZkCUS --wIKVpw57oWykzIoS7ixZsJ8gxwKBgQD8BPWqJEsLiQvOlS5E/g88eV1KTpxm9Xs+ --BbwsDXZ7m4Iw5lYaUu5CwBB/2jkGGRl8Q/EfAdUT7gXv3t6x5b1qMXaIczmRGYto --NuI3AH2MPxAa7lg5TgBgie1r7PKwyPMfG3CtDx6n8W5sexgJpbIy5u7E+U6d8s1o --c7EcsefduQKBgCkHJAx9v18GWFBip+W2ABUDzisQSlzRSNd8p03mTZpiWzgkDq4K --7j0JQhDIkMGjbKH6gYi9Hfn17WOmf1+7g92MSvrP/NbxeGPadsejEIEu14zu/6Wt --oXDLdRbYZ+8B2cBlEpWuCl42yck8Lic6fnPTou++oSah3otvglYR5d2lAoGACd8L --3FE1m0sP6lSPjmZBJIZAcDOqDqJY5HIHD9arKGZL8CxlfPx4lqa9PrTGfQWoqORk --YmmI9hHhq6aYJHGyPKGZWfjhbVyJyFg1/h+Hy2GA+P0S+ZOjkiR050BNtTz5wOMr --Q6wO8FcVkywzIdWaqEHBYne9a5RiFVBKxKv3QAkCgYBxmCBKajFkMVb4Uc55WqJs --Add0mctGgmZ1l5vq81eWe3wjM8wgfJgaD3Q3gwx2ABUX/R+OsVWSh4o5ZR86sYoz --TviknBHF8GeDLjpT49+04fEaz336J2JOptF9zIpz7ZK1nrOEjzaZGtumReVjUP7X --fNcb5iDYqZRzD8ixBbLxUw== -+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCyK+BTAOJKJjji -+OhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVCFoVBz5doMf3M6QIS2jL3 -+Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsFSTxytUVpfcByrubWiLKX -+63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuWm/gavozkK103gQ+dUq4H -+XamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enhav2sXDfOmZp/DYf9IqS7l -+vFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p1diWRpaSn62bbkRN49j6 -+L2dVb+DfAgMBAAECggEAciwDl6zdVT6g/PbT/+SMA+7qgYHSN+1koEQaJpgjzGEP -+lUUfj8TewCtzXaIoyj9IepBuXryBg6snNXpT/w3bqgYon/7zFBvxkUpDj4A5tvKf -+BuY2fZFlpBvUu1Ju1eKrFCptBBBoA9mc+BUB/ze4ktrAdJFcxZoMlVScjqGB3GdR -+OHw2x9BdWGCJBhiu9VHhAAb/LVWi6xgDumYSWZwN2yovg+7J91t5bsENeBRHycK+ -+i5dNFh1umIK9N0SH6bpHPnLHrCRchrQ6ZRRxL4ZBKA9jFRDeI7OOsJuCvhGyJ1se -+snsLjr/Ahg00aiHCcC1SPQ6pmXAVBCG7hf4AX82V4QKBgQDaFDE+Fcpv84mFo4s9 -+wn4CZ8ymoNIaf5zPl/gpH7MGots4NT5+Ns+6zzJQ6TEpDjTPx+vDaabP7QGXwVZn -+8NAHYvCQK37b+u9HrOt256YYRDOmnJFSbsJdmqzMEzpTNmQ8GuI37cZCS9CmSMv+ -+ab/plcwuv0cJRSC83NN2AFyu1QKBgQDRJzKIBQlpprF9rA0D5ZjLVW4OH18A0Mmm -+oanw7qVutBaM4taFN4M851WnNIROyYIlkk2fNgW57Y4M8LER4zLrjU5HY4lB0BMX -+LQWDbyz4Y7L4lVnnEKfQxWFt9avNZwiCxCxEKy/n/icmVCzc91j9uwKcupdzrN6E -+yzPd1s5y4wKBgQCkJvzmAdsOp9/Fg1RFWcgmIWHvrzBXl+U+ceLveZf1j9K5nYJ7 -+2OBGer4iH1XM1I+2M4No5XcWHg3L4FEdDixY0wXHT6Y/CcThS+015Kqmq3fBmyrc -+RNjzQoF9X5/QkSmkAIx1kvpgXtcgw70htRIrToGSUpKzDKDW6NYXhbA+PQKBgDJK -+KH5IJ8E9kYPUMLT1Kc4KVpISvPcnPLVSPdhuqVx69MkfadFSTb4BKbkwiXegQCjk -+isFzbeEM25EE9q6EYKP+sAm+RyyJ6W0zKBY4TynSXyAiWSGUAaXTL+AOqCaVVZiL -+rtEdSUGQ/LzclIT0/HLV2oTw4KWxtTdc3LXEhpNdAoGBAM3LckiHENqtoeK2gVNw -+IPeEuruEqoN4n+XltbEEv6Ymhxrs6T6HSKsEsLhqsUiIvIzH43KMm45SNYTn5eZh -+yzYMXLmervN7c1jJe2Y2MYv6hE+Ypj1xGW4w7s8WNKmVzLv97beisD9AZrS7sXfF -+RvOAi5wVkYylDxV4238MAZIq - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDeTCCAmGgAwIBAgIUIDyc//j/LoNDesZTGbPBoVarv4EwDQYJKoZIhvcNAQEL -+MIIDdzCCAl+gAwIBAgIUAKvI4FWjFLx8iBGifOW3mG/xkT0wDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw --NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 --cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMzMIIBIjANBgkqhkiG9w0B --AQEFAAOCAQ8AMIIBCgKCAQEA+QP7d56K4/9eu7aChtWILYNxvqWeDcJeWvX5Z5vC --XUjFuUxBD9U0rw1SBLgFYu8aqAJ+oXsqaGjJARifgKEqPUe7pnYYatr55lhTbHR+ --qA88p1V4sclEaPNWKzd7J/V3eeYr04kqWV5XYhAq9k9AWLzsNIePe2z7OoGPS6oK --wRzWFRd5RYXTpmFr/tqknbYvtYFd7duKb9QqytgHV+RKXXeY0fnjZ7frLmaqDwtI --U3DY7MyS3Hw2BVx72vQXBNA364HGEpqEgVOdzI7et0wpSumaFXDye714xUR53L7N --f3fp3PQXS/RbBiNXs7KUsHCR6nsdsIKO+sg66gxOLNt6zwIDAQABo2AwXjAMBgNV --HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUN9pGq/UFS3o50rTi --V+AYgAk+3R4wHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI --hvcNAQELBQADggEBAGcOh380/6aJqMpYBssuf2CB3DX/hGKdvEF7fF8iNSfl5HHq --112kHl3MhbL9Th/safJq9sLDJqjXRNdVCUJJbU4YI2P2gsi04paC0qxWxMLtzQLd --CE7ki2xH94Fuu/dThbpzZBABROO1RrdI24GDGt9t4Gf0WVkobmT/zNlwGppKTIB2 --iV/Ug30iKr/C49UzwUIa+XXXujkjPTmGSnrKwVQNxQh81rb+iTL7GEnNuqDsatHW --ZyLS2SaVdG5tMqDkITPMDGjehUzJcAbVc8Bv4m8Ukuov3uDj2Doc6MxlvrVkV0AE --BcSCb/bWQJJ/X4LQZlx9cMk4NINxV9UeFPZOefg= -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MTEwNloXDTMyMDMz -+MTE0MTEwNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMzCCASIwDQYJKoZIhvcNAQEB -+BQADggEPADCCAQoCggEBALIr4FMA4komOOI6FjrQ15mPMYZnEQF8KbrafSbCTO6x -+b9X97re7CPq45UIWhUHPl2gx/czpAhLaMvcDDpCzn69y4sDSAeuojCNhDPVRnkRM -+sosptDDpg4hV+wVJPHK1RWl9wHKu5taIspfre2F4bX8hWiQMr/3+TnYrK37BwKO5 -+FvsAlAWPY4sNG5ab+Bq+jOQrXTeBD51SrgddqZky1OrUSFA59zQhR4I4QvrHPiPO -+Ucd/Mt2S9vsSeFq/axcN86Zmn8Nh/0ipLuW8WSQg09VtgUFN7Fo9mUXCakZGOSaj -+If/D4mVynOz7DqnV2JZGlpKfrZtuRE3j2PovZ1Vv4N8CAwEAAaNgMF4wDAYDVR0T -+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFDoKRbmxroesGxa+4868 -+yPIvkCewMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 -+DQEBCwUAA4IBAQBfCCzWyZzIvq/ci6E74ovJ8mMel5Z9MU9EcvY0k7pJSUbpCg3c -+P48CiAzt8r8Em4AymADfK1pYvvpTNVpU/USbdKR1hyxZjqWrYdsY7tlVuvZ92oFs -+s3komuKHCx2SQAe5b+LWjC1Bf8JUFx+XTjYb/BBg7nQRwi3TkYVVmW7hXLYvf4Jn -+Uyu0x02pDzUu+62jeYbNIVJnYwSU0gLHEo81QmNs06RLjnAhbneUZ6P6YuJOdDo7 -+xMw/ywijZM0FxsWxRSsCBwavhabg1Kb1lO//pbgcSa9T0D7ax1XoMni3RJnHj6gu -+r0Mi3QjgZaxghR3TPh83dQLilECYDuD0uTzf - -----END CERTIFICATE----- diff --git a/0062-fips-Expose-a-FIPS-indicator.patch b/0062-fips-Expose-a-FIPS-indicator.patch index d2e9b0a..f1ad59d 100644 --- a/0062-fips-Expose-a-FIPS-indicator.patch +++ b/0062-fips-Expose-a-FIPS-indicator.patch @@ -248,8 +248,8 @@ index de391ce067..1cfd71c5cf 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -23,6 +23,7 @@ - #include "prov/seeding.h" #include "self_test.h" + #include "crypto/context.h" #include "internal/core.h" +#include "indicator.h" diff --git a/0071-AES-GCM-performance-optimization.patch b/0071-AES-GCM-performance-optimization.patch deleted file mode 100644 index edf40ec..0000000 --- a/0071-AES-GCM-performance-optimization.patch +++ /dev/null @@ -1,1635 +0,0 @@ -Upstream-Status: Backport [https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c, https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd] -diff --git a/crypto/modes/asm/aes-gcm-ppc.pl b/crypto/modes/asm/aes-gcm-ppc.pl -new file mode 100644 -index 0000000..6624e6c ---- /dev/null -+++ b/crypto/modes/asm/aes-gcm-ppc.pl -@@ -0,0 +1,1438 @@ -+#! /usr/bin/env perl -+# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -+# Copyright 2021- IBM Inc. All rights reserved -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+# -+#=================================================================================== -+# Written by Danny Tsen for OpenSSL Project, -+# -+# GHASH is based on the Karatsuba multiplication method. -+# -+# Xi xor X1 -+# -+# X1 * H^4 + X2 * H^3 + x3 * H^2 + X4 * H = -+# (X1.h * H4.h + xX.l * H4.l + X1 * H4) + -+# (X2.h * H3.h + X2.l * H3.l + X2 * H3) + -+# (X3.h * H2.h + X3.l * H2.l + X3 * H2) + -+# (X4.h * H.h + X4.l * H.l + X4 * H) -+# -+# Xi = v0 -+# H Poly = v2 -+# Hash keys = v3 - v14 -+# ( H.l, H, H.h) -+# ( H^2.l, H^2, H^2.h) -+# ( H^3.l, H^3, H^3.h) -+# ( H^4.l, H^4, H^4.h) -+# -+# v30 is IV -+# v31 - counter 1 -+# -+# AES used, -+# vs0 - vs14 for round keys -+# v15, v16, v17, v18, v19, v20, v21, v22 for 8 blocks (encrypted) -+# -+# This implementation uses stitched AES-GCM approach to improve overall performance. -+# AES is implemented with 8x blocks and GHASH is using 2 4x blocks. -+# -+# Current large block (16384 bytes) performance per second with 128 bit key -- -+# -+# Encrypt Decrypt -+# Power10[le] (3.5GHz) 5.32G 5.26G -+# -+# =================================================================================== -+# -+# $output is the last argument if it looks like a file (it has an extension) -+# $flavour is the first argument if it doesn't look like a file -+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -+$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; -+ -+if ($flavour =~ /64/) { -+ $SIZE_T=8; -+ $LRSAVE=2*$SIZE_T; -+ $STU="stdu"; -+ $POP="ld"; -+ $PUSH="std"; -+ $UCMP="cmpld"; -+ $SHRI="srdi"; -+} elsif ($flavour =~ /32/) { -+ $SIZE_T=4; -+ $LRSAVE=$SIZE_T; -+ $STU="stwu"; -+ $POP="lwz"; -+ $PUSH="stw"; -+ $UCMP="cmplw"; -+ $SHRI="srwi"; -+} else { die "nonsense $flavour"; } -+ -+$sp="r1"; -+$FRAME=6*$SIZE_T+13*16; # 13*16 is for v20-v31 offload -+ -+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -+die "can't locate ppc-xlate.pl"; -+ -+open STDOUT,"| $^X $xlate $flavour \"$output\"" -+ or die "can't call $xlate: $!"; -+ -+$code=<<___; -+.machine "any" -+.text -+ -+# 4x loops -+# v15 - v18 - input states -+# vs1 - vs9 - round keys -+# -+.macro Loop_aes_middle4x -+ xxlor 19+32, 1, 1 -+ xxlor 20+32, 2, 2 -+ xxlor 21+32, 3, 3 -+ xxlor 22+32, 4, 4 -+ -+ vcipher 15, 15, 19 -+ vcipher 16, 16, 19 -+ vcipher 17, 17, 19 -+ vcipher 18, 18, 19 -+ -+ vcipher 15, 15, 20 -+ vcipher 16, 16, 20 -+ vcipher 17, 17, 20 -+ vcipher 18, 18, 20 -+ -+ vcipher 15, 15, 21 -+ vcipher 16, 16, 21 -+ vcipher 17, 17, 21 -+ vcipher 18, 18, 21 -+ -+ vcipher 15, 15, 22 -+ vcipher 16, 16, 22 -+ vcipher 17, 17, 22 -+ vcipher 18, 18, 22 -+ -+ xxlor 19+32, 5, 5 -+ xxlor 20+32, 6, 6 -+ xxlor 21+32, 7, 7 -+ xxlor 22+32, 8, 8 -+ -+ vcipher 15, 15, 19 -+ vcipher 16, 16, 19 -+ vcipher 17, 17, 19 -+ vcipher 18, 18, 19 -+ -+ vcipher 15, 15, 20 -+ vcipher 16, 16, 20 -+ vcipher 17, 17, 20 -+ vcipher 18, 18, 20 -+ -+ vcipher 15, 15, 21 -+ vcipher 16, 16, 21 -+ vcipher 17, 17, 21 -+ vcipher 18, 18, 21 -+ -+ vcipher 15, 15, 22 -+ vcipher 16, 16, 22 -+ vcipher 17, 17, 22 -+ vcipher 18, 18, 22 -+ -+ xxlor 23+32, 9, 9 -+ vcipher 15, 15, 23 -+ vcipher 16, 16, 23 -+ vcipher 17, 17, 23 -+ vcipher 18, 18, 23 -+.endm -+ -+# 8x loops -+# v15 - v22 - input states -+# vs1 - vs9 - round keys -+# -+.macro Loop_aes_middle8x -+ xxlor 23+32, 1, 1 -+ xxlor 24+32, 2, 2 -+ xxlor 25+32, 3, 3 -+ xxlor 26+32, 4, 4 -+ -+ vcipher 15, 15, 23 -+ vcipher 16, 16, 23 -+ vcipher 17, 17, 23 -+ vcipher 18, 18, 23 -+ vcipher 19, 19, 23 -+ vcipher 20, 20, 23 -+ vcipher 21, 21, 23 -+ vcipher 22, 22, 23 -+ -+ vcipher 15, 15, 24 -+ vcipher 16, 16, 24 -+ vcipher 17, 17, 24 -+ vcipher 18, 18, 24 -+ vcipher 19, 19, 24 -+ vcipher 20, 20, 24 -+ vcipher 21, 21, 24 -+ vcipher 22, 22, 24 -+ -+ vcipher 15, 15, 25 -+ vcipher 16, 16, 25 -+ vcipher 17, 17, 25 -+ vcipher 18, 18, 25 -+ vcipher 19, 19, 25 -+ vcipher 20, 20, 25 -+ vcipher 21, 21, 25 -+ vcipher 22, 22, 25 -+ -+ vcipher 15, 15, 26 -+ vcipher 16, 16, 26 -+ vcipher 17, 17, 26 -+ vcipher 18, 18, 26 -+ vcipher 19, 19, 26 -+ vcipher 20, 20, 26 -+ vcipher 21, 21, 26 -+ vcipher 22, 22, 26 -+ -+ xxlor 23+32, 5, 5 -+ xxlor 24+32, 6, 6 -+ xxlor 25+32, 7, 7 -+ xxlor 26+32, 8, 8 -+ -+ vcipher 15, 15, 23 -+ vcipher 16, 16, 23 -+ vcipher 17, 17, 23 -+ vcipher 18, 18, 23 -+ vcipher 19, 19, 23 -+ vcipher 20, 20, 23 -+ vcipher 21, 21, 23 -+ vcipher 22, 22, 23 -+ -+ vcipher 15, 15, 24 -+ vcipher 16, 16, 24 -+ vcipher 17, 17, 24 -+ vcipher 18, 18, 24 -+ vcipher 19, 19, 24 -+ vcipher 20, 20, 24 -+ vcipher 21, 21, 24 -+ vcipher 22, 22, 24 -+ -+ vcipher 15, 15, 25 -+ vcipher 16, 16, 25 -+ vcipher 17, 17, 25 -+ vcipher 18, 18, 25 -+ vcipher 19, 19, 25 -+ vcipher 20, 20, 25 -+ vcipher 21, 21, 25 -+ vcipher 22, 22, 25 -+ -+ vcipher 15, 15, 26 -+ vcipher 16, 16, 26 -+ vcipher 17, 17, 26 -+ vcipher 18, 18, 26 -+ vcipher 19, 19, 26 -+ vcipher 20, 20, 26 -+ vcipher 21, 21, 26 -+ vcipher 22, 22, 26 -+ -+ xxlor 23+32, 9, 9 -+ vcipher 15, 15, 23 -+ vcipher 16, 16, 23 -+ vcipher 17, 17, 23 -+ vcipher 18, 18, 23 -+ vcipher 19, 19, 23 -+ vcipher 20, 20, 23 -+ vcipher 21, 21, 23 -+ vcipher 22, 22, 23 -+.endm -+ -+# -+# Compute 4x hash values based on Karatsuba method. -+# -+ppc_aes_gcm_ghash: -+ vxor 15, 15, 0 -+ -+ xxlxor 29, 29, 29 -+ -+ vpmsumd 23, 12, 15 # H4.L * X.L -+ vpmsumd 24, 9, 16 -+ vpmsumd 25, 6, 17 -+ vpmsumd 26, 3, 18 -+ -+ vxor 23, 23, 24 -+ vxor 23, 23, 25 -+ vxor 23, 23, 26 # L -+ -+ vpmsumd 24, 13, 15 # H4.L * X.H + H4.H * X.L -+ vpmsumd 25, 10, 16 # H3.L * X1.H + H3.H * X1.L -+ vpmsumd 26, 7, 17 -+ vpmsumd 27, 4, 18 -+ -+ vxor 24, 24, 25 -+ vxor 24, 24, 26 -+ vxor 24, 24, 27 # M -+ -+ # sum hash and reduction with H Poly -+ vpmsumd 28, 23, 2 # reduction -+ -+ xxlor 29+32, 29, 29 -+ vsldoi 26, 24, 29, 8 # mL -+ vsldoi 29, 29, 24, 8 # mH -+ vxor 23, 23, 26 # mL + L -+ -+ vsldoi 23, 23, 23, 8 # swap -+ vxor 23, 23, 28 -+ -+ vpmsumd 24, 14, 15 # H4.H * X.H -+ vpmsumd 25, 11, 16 -+ vpmsumd 26, 8, 17 -+ vpmsumd 27, 5, 18 -+ -+ vxor 24, 24, 25 -+ vxor 24, 24, 26 -+ vxor 24, 24, 27 -+ -+ vxor 24, 24, 29 -+ -+ # sum hash and reduction with H Poly -+ vsldoi 27, 23, 23, 8 # swap -+ vpmsumd 23, 23, 2 -+ vxor 27, 27, 24 -+ vxor 23, 23, 27 -+ -+ xxlor 32, 23+32, 23+32 # update hash -+ -+ blr -+ -+# -+# Combine two 4x ghash -+# v15 - v22 - input blocks -+# -+.macro ppc_aes_gcm_ghash2_4x -+ # first 4x hash -+ vxor 15, 15, 0 # Xi + X -+ -+ xxlxor 29, 29, 29 -+ -+ vpmsumd 23, 12, 15 # H4.L * X.L -+ vpmsumd 24, 9, 16 -+ vpmsumd 25, 6, 17 -+ vpmsumd 26, 3, 18 -+ -+ vxor 23, 23, 24 -+ vxor 23, 23, 25 -+ vxor 23, 23, 26 # L -+ -+ vpmsumd 24, 13, 15 # H4.L * X.H + H4.H * X.L -+ vpmsumd 25, 10, 16 # H3.L * X1.H + H3.H * X1.L -+ vpmsumd 26, 7, 17 -+ vpmsumd 27, 4, 18 -+ -+ vxor 24, 24, 25 -+ vxor 24, 24, 26 -+ -+ # sum hash and reduction with H Poly -+ vpmsumd 28, 23, 2 # reduction -+ -+ xxlor 29+32, 29, 29 -+ -+ vxor 24, 24, 27 # M -+ vsldoi 26, 24, 29, 8 # mL -+ vsldoi 29, 29, 24, 8 # mH -+ vxor 23, 23, 26 # mL + L -+ -+ vsldoi 23, 23, 23, 8 # swap -+ vxor 23, 23, 28 -+ -+ vpmsumd 24, 14, 15 # H4.H * X.H -+ vpmsumd 25, 11, 16 -+ vpmsumd 26, 8, 17 -+ vpmsumd 27, 5, 18 -+ -+ vxor 24, 24, 25 -+ vxor 24, 24, 26 -+ vxor 24, 24, 27 # H -+ -+ vxor 24, 24, 29 # H + mH -+ -+ # sum hash and reduction with H Poly -+ vsldoi 27, 23, 23, 8 # swap -+ vpmsumd 23, 23, 2 -+ vxor 27, 27, 24 -+ vxor 27, 23, 27 # 1st Xi -+ -+ # 2nd 4x hash -+ vpmsumd 24, 9, 20 -+ vpmsumd 25, 6, 21 -+ vpmsumd 26, 3, 22 -+ vxor 19, 19, 27 # Xi + X -+ vpmsumd 23, 12, 19 # H4.L * X.L -+ -+ vxor 23, 23, 24 -+ vxor 23, 23, 25 -+ vxor 23, 23, 26 # L -+ -+ vpmsumd 24, 13, 19 # H4.L * X.H + H4.H * X.L -+ vpmsumd 25, 10, 20 # H3.L * X1.H + H3.H * X1.L -+ vpmsumd 26, 7, 21 -+ vpmsumd 27, 4, 22 -+ -+ vxor 24, 24, 25 -+ vxor 24, 24, 26 -+ -+ # sum hash and reduction with H Poly -+ vpmsumd 28, 23, 2 # reduction -+ -+ xxlor 29+32, 29, 29 -+ -+ vxor 24, 24, 27 # M -+ vsldoi 26, 24, 29, 8 # mL -+ vsldoi 29, 29, 24, 8 # mH -+ vxor 23, 23, 26 # mL + L -+ -+ vsldoi 23, 23, 23, 8 # swap -+ vxor 23, 23, 28 -+ -+ vpmsumd 24, 14, 19 # H4.H * X.H -+ vpmsumd 25, 11, 20 -+ vpmsumd 26, 8, 21 -+ vpmsumd 27, 5, 22 -+ -+ vxor 24, 24, 25 -+ vxor 24, 24, 26 -+ vxor 24, 24, 27 # H -+ -+ vxor 24, 24, 29 # H + mH -+ -+ # sum hash and reduction with H Poly -+ vsldoi 27, 23, 23, 8 # swap -+ vpmsumd 23, 23, 2 -+ vxor 27, 27, 24 -+ vxor 23, 23, 27 -+ -+ xxlor 32, 23+32, 23+32 # update hash -+ -+.endm -+ -+# -+# Compute update single hash -+# -+.macro ppc_update_hash_1x -+ vxor 28, 28, 0 -+ -+ vxor 19, 19, 19 -+ -+ vpmsumd 22, 3, 28 # L -+ vpmsumd 23, 4, 28 # M -+ vpmsumd 24, 5, 28 # H -+ -+ vpmsumd 27, 22, 2 # reduction -+ -+ vsldoi 25, 23, 19, 8 # mL -+ vsldoi 26, 19, 23, 8 # mH -+ vxor 22, 22, 25 # LL + LL -+ vxor 24, 24, 26 # HH + HH -+ -+ vsldoi 22, 22, 22, 8 # swap -+ vxor 22, 22, 27 -+ -+ vsldoi 20, 22, 22, 8 # swap -+ vpmsumd 22, 22, 2 # reduction -+ vxor 20, 20, 24 -+ vxor 22, 22, 20 -+ -+ vmr 0, 22 # update hash -+ -+.endm -+ -+# -+# ppc_aes_gcm_encrypt (const void *inp, void *out, size_t len, -+# const AES_KEY *key, unsigned char iv[16], -+# void *Xip); -+# -+# r3 - inp -+# r4 - out -+# r5 - len -+# r6 - AES round keys -+# r7 - iv -+# r8 - Xi, HPoli, hash keys -+# -+.global ppc_aes_gcm_encrypt -+.align 5 -+ppc_aes_gcm_encrypt: -+_ppc_aes_gcm_encrypt: -+ -+ stdu 1,-512(1) -+ mflr 0 -+ -+ std 14,112(1) -+ std 15,120(1) -+ std 16,128(1) -+ std 17,136(1) -+ std 18,144(1) -+ std 19,152(1) -+ std 20,160(1) -+ std 21,168(1) -+ li 9, 256 -+ stvx 20, 9, 1 -+ addi 9, 9, 16 -+ stvx 21, 9, 1 -+ addi 9, 9, 16 -+ stvx 22, 9, 1 -+ addi 9, 9, 16 -+ stvx 23, 9, 1 -+ addi 9, 9, 16 -+ stvx 24, 9, 1 -+ addi 9, 9, 16 -+ stvx 25, 9, 1 -+ addi 9, 9, 16 -+ stvx 26, 9, 1 -+ addi 9, 9, 16 -+ stvx 27, 9, 1 -+ addi 9, 9, 16 -+ stvx 28, 9, 1 -+ addi 9, 9, 16 -+ stvx 29, 9, 1 -+ addi 9, 9, 16 -+ stvx 30, 9, 1 -+ addi 9, 9, 16 -+ stvx 31, 9, 1 -+ std 0, 528(1) -+ -+ # Load Xi -+ lxvb16x 32, 0, 8 # load Xi -+ -+ # load Hash - h^4, h^3, h^2, h -+ li 10, 32 -+ lxvd2x 2+32, 10, 8 # H Poli -+ li 10, 48 -+ lxvd2x 3+32, 10, 8 # Hl -+ li 10, 64 -+ lxvd2x 4+32, 10, 8 # H -+ li 10, 80 -+ lxvd2x 5+32, 10, 8 # Hh -+ -+ li 10, 96 -+ lxvd2x 6+32, 10, 8 # H^2l -+ li 10, 112 -+ lxvd2x 7+32, 10, 8 # H^2 -+ li 10, 128 -+ lxvd2x 8+32, 10, 8 # H^2h -+ -+ li 10, 144 -+ lxvd2x 9+32, 10, 8 # H^3l -+ li 10, 160 -+ lxvd2x 10+32, 10, 8 # H^3 -+ li 10, 176 -+ lxvd2x 11+32, 10, 8 # H^3h -+ -+ li 10, 192 -+ lxvd2x 12+32, 10, 8 # H^4l -+ li 10, 208 -+ lxvd2x 13+32, 10, 8 # H^4 -+ li 10, 224 -+ lxvd2x 14+32, 10, 8 # H^4h -+ -+ # initialize ICB: GHASH( IV ), IV - r7 -+ lxvb16x 30+32, 0, 7 # load IV - v30 -+ -+ mr 12, 5 # length -+ li 11, 0 # block index -+ -+ # counter 1 -+ vxor 31, 31, 31 -+ vspltisb 22, 1 -+ vsldoi 31, 31, 22,1 # counter 1 -+ -+ # load round key to VSR -+ lxv 0, 0(6) -+ lxv 1, 0x10(6) -+ lxv 2, 0x20(6) -+ lxv 3, 0x30(6) -+ lxv 4, 0x40(6) -+ lxv 5, 0x50(6) -+ lxv 6, 0x60(6) -+ lxv 7, 0x70(6) -+ lxv 8, 0x80(6) -+ lxv 9, 0x90(6) -+ lxv 10, 0xa0(6) -+ -+ # load rounds - 10 (128), 12 (192), 14 (256) -+ lwz 9,240(6) -+ -+ # -+ # vxor state, state, w # addroundkey -+ xxlor 32+29, 0, 0 -+ vxor 15, 30, 29 # IV + round key - add round key 0 -+ -+ cmpdi 9, 10 -+ beq Loop_aes_gcm_8x -+ -+ # load 2 more round keys (v11, v12) -+ lxv 11, 0xb0(6) -+ lxv 12, 0xc0(6) -+ -+ cmpdi 9, 12 -+ beq Loop_aes_gcm_8x -+ -+ # load 2 more round keys (v11, v12, v13, v14) -+ lxv 13, 0xd0(6) -+ lxv 14, 0xe0(6) -+ cmpdi 9, 14 -+ beq Loop_aes_gcm_8x -+ -+ b aes_gcm_out -+ -+.align 5 -+Loop_aes_gcm_8x: -+ mr 14, 3 -+ mr 9, 4 -+ -+ # n blocks -+ li 10, 128 -+ divdu 10, 5, 10 # n 128 bytes-blocks -+ cmpdi 10, 0 -+ beq Loop_last_block -+ -+ vaddudm 30, 30, 31 # IV + counter -+ vxor 16, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 17, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 18, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 19, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 20, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 21, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 22, 30, 29 -+ -+ mtctr 10 -+ -+ li 15, 16 -+ li 16, 32 -+ li 17, 48 -+ li 18, 64 -+ li 19, 80 -+ li 20, 96 -+ li 21, 112 -+ -+ lwz 10, 240(6) -+ -+Loop_8x_block: -+ -+ lxvb16x 15, 0, 14 # load block -+ lxvb16x 16, 15, 14 # load block -+ lxvb16x 17, 16, 14 # load block -+ lxvb16x 18, 17, 14 # load block -+ lxvb16x 19, 18, 14 # load block -+ lxvb16x 20, 19, 14 # load block -+ lxvb16x 21, 20, 14 # load block -+ lxvb16x 22, 21, 14 # load block -+ addi 14, 14, 128 -+ -+ Loop_aes_middle8x -+ -+ xxlor 23+32, 10, 10 -+ -+ cmpdi 10, 10 -+ beq Do_next_ghash -+ -+ # 192 bits -+ xxlor 24+32, 11, 11 -+ -+ vcipher 15, 15, 23 -+ vcipher 16, 16, 23 -+ vcipher 17, 17, 23 -+ vcipher 18, 18, 23 -+ vcipher 19, 19, 23 -+ vcipher 20, 20, 23 -+ vcipher 21, 21, 23 -+ vcipher 22, 22, 23 -+ -+ vcipher 15, 15, 24 -+ vcipher 16, 16, 24 -+ vcipher 17, 17, 24 -+ vcipher 18, 18, 24 -+ vcipher 19, 19, 24 -+ vcipher 20, 20, 24 -+ vcipher 21, 21, 24 -+ vcipher 22, 22, 24 -+ -+ xxlor 23+32, 12, 12 -+ -+ cmpdi 10, 12 -+ beq Do_next_ghash -+ -+ # 256 bits -+ xxlor 24+32, 13, 13 -+ -+ vcipher 15, 15, 23 -+ vcipher 16, 16, 23 -+ vcipher 17, 17, 23 -+ vcipher 18, 18, 23 -+ vcipher 19, 19, 23 -+ vcipher 20, 20, 23 -+ vcipher 21, 21, 23 -+ vcipher 22, 22, 23 -+ -+ vcipher 15, 15, 24 -+ vcipher 16, 16, 24 -+ vcipher 17, 17, 24 -+ vcipher 18, 18, 24 -+ vcipher 19, 19, 24 -+ vcipher 20, 20, 24 -+ vcipher 21, 21, 24 -+ vcipher 22, 22, 24 -+ -+ xxlor 23+32, 14, 14 -+ -+ cmpdi 10, 14 -+ beq Do_next_ghash -+ b aes_gcm_out -+ -+Do_next_ghash: -+ -+ # -+ # last round -+ vcipherlast 15, 15, 23 -+ vcipherlast 16, 16, 23 -+ -+ xxlxor 47, 47, 15 -+ stxvb16x 47, 0, 9 # store output -+ xxlxor 48, 48, 16 -+ stxvb16x 48, 15, 9 # store output -+ -+ vcipherlast 17, 17, 23 -+ vcipherlast 18, 18, 23 -+ -+ xxlxor 49, 49, 17 -+ stxvb16x 49, 16, 9 # store output -+ xxlxor 50, 50, 18 -+ stxvb16x 50, 17, 9 # store output -+ -+ vcipherlast 19, 19, 23 -+ vcipherlast 20, 20, 23 -+ -+ xxlxor 51, 51, 19 -+ stxvb16x 51, 18, 9 # store output -+ xxlxor 52, 52, 20 -+ stxvb16x 52, 19, 9 # store output -+ -+ vcipherlast 21, 21, 23 -+ vcipherlast 22, 22, 23 -+ -+ xxlxor 53, 53, 21 -+ stxvb16x 53, 20, 9 # store output -+ xxlxor 54, 54, 22 -+ stxvb16x 54, 21, 9 # store output -+ -+ addi 9, 9, 128 -+ -+ # ghash here -+ ppc_aes_gcm_ghash2_4x -+ -+ xxlor 27+32, 0, 0 -+ vaddudm 30, 30, 31 # IV + counter -+ vmr 29, 30 -+ vxor 15, 30, 27 # add round key -+ vaddudm 30, 30, 31 -+ vxor 16, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 17, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 18, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 19, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 20, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 21, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 22, 30, 27 -+ -+ addi 12, 12, -128 -+ addi 11, 11, 128 -+ -+ bdnz Loop_8x_block -+ -+ vmr 30, 29 -+ -+Loop_last_block: -+ cmpdi 12, 0 -+ beq aes_gcm_out -+ -+ # loop last few blocks -+ li 10, 16 -+ divdu 10, 12, 10 -+ -+ mtctr 10 -+ -+ lwz 10, 240(6) -+ -+ cmpdi 12, 16 -+ blt Final_block -+ -+.macro Loop_aes_middle_1x -+ xxlor 19+32, 1, 1 -+ xxlor 20+32, 2, 2 -+ xxlor 21+32, 3, 3 -+ xxlor 22+32, 4, 4 -+ -+ vcipher 15, 15, 19 -+ vcipher 15, 15, 20 -+ vcipher 15, 15, 21 -+ vcipher 15, 15, 22 -+ -+ xxlor 19+32, 5, 5 -+ xxlor 20+32, 6, 6 -+ xxlor 21+32, 7, 7 -+ xxlor 22+32, 8, 8 -+ -+ vcipher 15, 15, 19 -+ vcipher 15, 15, 20 -+ vcipher 15, 15, 21 -+ vcipher 15, 15, 22 -+ -+ xxlor 19+32, 9, 9 -+ vcipher 15, 15, 19 -+.endm -+ -+Next_rem_block: -+ lxvb16x 15, 0, 14 # load block -+ -+ Loop_aes_middle_1x -+ -+ xxlor 23+32, 10, 10 -+ -+ cmpdi 10, 10 -+ beq Do_next_1x -+ -+ # 192 bits -+ xxlor 24+32, 11, 11 -+ -+ vcipher 15, 15, 23 -+ vcipher 15, 15, 24 -+ -+ xxlor 23+32, 12, 12 -+ -+ cmpdi 10, 12 -+ beq Do_next_1x -+ -+ # 256 bits -+ xxlor 24+32, 13, 13 -+ -+ vcipher 15, 15, 23 -+ vcipher 15, 15, 24 -+ -+ xxlor 23+32, 14, 14 -+ -+ cmpdi 10, 14 -+ beq Do_next_1x -+ -+Do_next_1x: -+ vcipherlast 15, 15, 23 -+ -+ xxlxor 47, 47, 15 -+ stxvb16x 47, 0, 9 # store output -+ addi 14, 14, 16 -+ addi 9, 9, 16 -+ -+ vmr 28, 15 -+ ppc_update_hash_1x -+ -+ addi 12, 12, -16 -+ addi 11, 11, 16 -+ xxlor 19+32, 0, 0 -+ vaddudm 30, 30, 31 # IV + counter -+ vxor 15, 30, 19 # add round key -+ -+ bdnz Next_rem_block -+ -+ cmpdi 12, 0 -+ beq aes_gcm_out -+ -+Final_block: -+ Loop_aes_middle_1x -+ -+ xxlor 23+32, 10, 10 -+ -+ cmpdi 10, 10 -+ beq Do_final_1x -+ -+ # 192 bits -+ xxlor 24+32, 11, 11 -+ -+ vcipher 15, 15, 23 -+ vcipher 15, 15, 24 -+ -+ xxlor 23+32, 12, 12 -+ -+ cmpdi 10, 12 -+ beq Do_final_1x -+ -+ # 256 bits -+ xxlor 24+32, 13, 13 -+ -+ vcipher 15, 15, 23 -+ vcipher 15, 15, 24 -+ -+ xxlor 23+32, 14, 14 -+ -+ cmpdi 10, 14 -+ beq Do_final_1x -+ -+Do_final_1x: -+ vcipherlast 15, 15, 23 -+ -+ lxvb16x 15, 0, 14 # load last block -+ xxlxor 47, 47, 15 -+ -+ # create partial block mask -+ li 15, 16 -+ sub 15, 15, 12 # index to the mask -+ -+ vspltisb 16, -1 # first 16 bytes - 0xffff...ff -+ vspltisb 17, 0 # second 16 bytes - 0x0000...00 -+ li 10, 192 -+ stvx 16, 10, 1 -+ addi 10, 10, 16 -+ stvx 17, 10, 1 -+ -+ addi 10, 1, 192 -+ lxvb16x 16, 15, 10 # load partial block mask -+ xxland 47, 47, 16 -+ -+ vmr 28, 15 -+ ppc_update_hash_1x -+ -+ # * should store only the remaining bytes. -+ bl Write_partial_block -+ -+ b aes_gcm_out -+ -+# -+# Write partial block -+# r9 - output -+# r12 - remaining bytes -+# v15 - partial input data -+# -+Write_partial_block: -+ li 10, 192 -+ stxvb16x 15+32, 10, 1 # last block -+ -+ #add 10, 9, 11 # Output -+ addi 10, 9, -1 -+ addi 16, 1, 191 -+ -+ mtctr 12 # remaining bytes -+ li 15, 0 -+ -+Write_last_byte: -+ lbzu 14, 1(16) -+ stbu 14, 1(10) -+ bdnz Write_last_byte -+ blr -+ -+aes_gcm_out: -+ # out = state -+ stxvb16x 32, 0, 8 # write out Xi -+ add 3, 11, 12 # return count -+ -+ li 9, 256 -+ lvx 20, 9, 1 -+ addi 9, 9, 16 -+ lvx 21, 9, 1 -+ addi 9, 9, 16 -+ lvx 22, 9, 1 -+ addi 9, 9, 16 -+ lvx 23, 9, 1 -+ addi 9, 9, 16 -+ lvx 24, 9, 1 -+ addi 9, 9, 16 -+ lvx 25, 9, 1 -+ addi 9, 9, 16 -+ lvx 26, 9, 1 -+ addi 9, 9, 16 -+ lvx 27, 9, 1 -+ addi 9, 9, 16 -+ lvx 28, 9, 1 -+ addi 9, 9, 16 -+ lvx 29, 9, 1 -+ addi 9, 9, 16 -+ lvx 30, 9, 1 -+ addi 9, 9, 16 -+ lvx 31, 9, 1 -+ -+ ld 0, 528(1) -+ ld 14,112(1) -+ ld 15,120(1) -+ ld 16,128(1) -+ ld 17,136(1) -+ ld 18,144(1) -+ ld 19,152(1) -+ ld 20,160(1) -+ ld 21,168(1) -+ -+ mtlr 0 -+ addi 1, 1, 512 -+ blr -+ -+# -+# 8x Decrypt -+# -+.global ppc_aes_gcm_decrypt -+.align 5 -+ppc_aes_gcm_decrypt: -+_ppc_aes_gcm_decrypt: -+ -+ stdu 1,-512(1) -+ mflr 0 -+ -+ std 14,112(1) -+ std 15,120(1) -+ std 16,128(1) -+ std 17,136(1) -+ std 18,144(1) -+ std 19,152(1) -+ std 20,160(1) -+ std 21,168(1) -+ li 9, 256 -+ stvx 20, 9, 1 -+ addi 9, 9, 16 -+ stvx 21, 9, 1 -+ addi 9, 9, 16 -+ stvx 22, 9, 1 -+ addi 9, 9, 16 -+ stvx 23, 9, 1 -+ addi 9, 9, 16 -+ stvx 24, 9, 1 -+ addi 9, 9, 16 -+ stvx 25, 9, 1 -+ addi 9, 9, 16 -+ stvx 26, 9, 1 -+ addi 9, 9, 16 -+ stvx 27, 9, 1 -+ addi 9, 9, 16 -+ stvx 28, 9, 1 -+ addi 9, 9, 16 -+ stvx 29, 9, 1 -+ addi 9, 9, 16 -+ stvx 30, 9, 1 -+ addi 9, 9, 16 -+ stvx 31, 9, 1 -+ std 0, 528(1) -+ -+ # Load Xi -+ lxvb16x 32, 0, 8 # load Xi -+ -+ # load Hash - h^4, h^3, h^2, h -+ li 10, 32 -+ lxvd2x 2+32, 10, 8 # H Poli -+ li 10, 48 -+ lxvd2x 3+32, 10, 8 # Hl -+ li 10, 64 -+ lxvd2x 4+32, 10, 8 # H -+ li 10, 80 -+ lxvd2x 5+32, 10, 8 # Hh -+ -+ li 10, 96 -+ lxvd2x 6+32, 10, 8 # H^2l -+ li 10, 112 -+ lxvd2x 7+32, 10, 8 # H^2 -+ li 10, 128 -+ lxvd2x 8+32, 10, 8 # H^2h -+ -+ li 10, 144 -+ lxvd2x 9+32, 10, 8 # H^3l -+ li 10, 160 -+ lxvd2x 10+32, 10, 8 # H^3 -+ li 10, 176 -+ lxvd2x 11+32, 10, 8 # H^3h -+ -+ li 10, 192 -+ lxvd2x 12+32, 10, 8 # H^4l -+ li 10, 208 -+ lxvd2x 13+32, 10, 8 # H^4 -+ li 10, 224 -+ lxvd2x 14+32, 10, 8 # H^4h -+ -+ # initialize ICB: GHASH( IV ), IV - r7 -+ lxvb16x 30+32, 0, 7 # load IV - v30 -+ -+ mr 12, 5 # length -+ li 11, 0 # block index -+ -+ # counter 1 -+ vxor 31, 31, 31 -+ vspltisb 22, 1 -+ vsldoi 31, 31, 22,1 # counter 1 -+ -+ # load round key to VSR -+ lxv 0, 0(6) -+ lxv 1, 0x10(6) -+ lxv 2, 0x20(6) -+ lxv 3, 0x30(6) -+ lxv 4, 0x40(6) -+ lxv 5, 0x50(6) -+ lxv 6, 0x60(6) -+ lxv 7, 0x70(6) -+ lxv 8, 0x80(6) -+ lxv 9, 0x90(6) -+ lxv 10, 0xa0(6) -+ -+ # load rounds - 10 (128), 12 (192), 14 (256) -+ lwz 9,240(6) -+ -+ # -+ # vxor state, state, w # addroundkey -+ xxlor 32+29, 0, 0 -+ vxor 15, 30, 29 # IV + round key - add round key 0 -+ -+ cmpdi 9, 10 -+ beq Loop_aes_gcm_8x_dec -+ -+ # load 2 more round keys (v11, v12) -+ lxv 11, 0xb0(6) -+ lxv 12, 0xc0(6) -+ -+ cmpdi 9, 12 -+ beq Loop_aes_gcm_8x_dec -+ -+ # load 2 more round keys (v11, v12, v13, v14) -+ lxv 13, 0xd0(6) -+ lxv 14, 0xe0(6) -+ cmpdi 9, 14 -+ beq Loop_aes_gcm_8x_dec -+ -+ b aes_gcm_out -+ -+.align 5 -+Loop_aes_gcm_8x_dec: -+ mr 14, 3 -+ mr 9, 4 -+ -+ # n blocks -+ li 10, 128 -+ divdu 10, 5, 10 # n 128 bytes-blocks -+ cmpdi 10, 0 -+ beq Loop_last_block_dec -+ -+ vaddudm 30, 30, 31 # IV + counter -+ vxor 16, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 17, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 18, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 19, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 20, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 21, 30, 29 -+ vaddudm 30, 30, 31 -+ vxor 22, 30, 29 -+ -+ mtctr 10 -+ -+ li 15, 16 -+ li 16, 32 -+ li 17, 48 -+ li 18, 64 -+ li 19, 80 -+ li 20, 96 -+ li 21, 112 -+ -+ lwz 10, 240(6) -+ -+Loop_8x_block_dec: -+ -+ lxvb16x 15, 0, 14 # load block -+ lxvb16x 16, 15, 14 # load block -+ lxvb16x 17, 16, 14 # load block -+ lxvb16x 18, 17, 14 # load block -+ lxvb16x 19, 18, 14 # load block -+ lxvb16x 20, 19, 14 # load block -+ lxvb16x 21, 20, 14 # load block -+ lxvb16x 22, 21, 14 # load block -+ addi 14, 14, 128 -+ -+ Loop_aes_middle8x -+ -+ xxlor 23+32, 10, 10 -+ -+ cmpdi 10, 10 -+ beq Do_last_aes_dec -+ -+ # 192 bits -+ xxlor 24+32, 11, 11 -+ -+ vcipher 15, 15, 23 -+ vcipher 16, 16, 23 -+ vcipher 17, 17, 23 -+ vcipher 18, 18, 23 -+ vcipher 19, 19, 23 -+ vcipher 20, 20, 23 -+ vcipher 21, 21, 23 -+ vcipher 22, 22, 23 -+ -+ vcipher 15, 15, 24 -+ vcipher 16, 16, 24 -+ vcipher 17, 17, 24 -+ vcipher 18, 18, 24 -+ vcipher 19, 19, 24 -+ vcipher 20, 20, 24 -+ vcipher 21, 21, 24 -+ vcipher 22, 22, 24 -+ -+ xxlor 23+32, 12, 12 -+ -+ cmpdi 10, 12 -+ beq Do_last_aes_dec -+ -+ # 256 bits -+ xxlor 24+32, 13, 13 -+ -+ vcipher 15, 15, 23 -+ vcipher 16, 16, 23 -+ vcipher 17, 17, 23 -+ vcipher 18, 18, 23 -+ vcipher 19, 19, 23 -+ vcipher 20, 20, 23 -+ vcipher 21, 21, 23 -+ vcipher 22, 22, 23 -+ -+ vcipher 15, 15, 24 -+ vcipher 16, 16, 24 -+ vcipher 17, 17, 24 -+ vcipher 18, 18, 24 -+ vcipher 19, 19, 24 -+ vcipher 20, 20, 24 -+ vcipher 21, 21, 24 -+ vcipher 22, 22, 24 -+ -+ xxlor 23+32, 14, 14 -+ -+ cmpdi 10, 14 -+ beq Do_last_aes_dec -+ b aes_gcm_out -+ -+Do_last_aes_dec: -+ -+ # -+ # last round -+ vcipherlast 15, 15, 23 -+ vcipherlast 16, 16, 23 -+ -+ xxlxor 47, 47, 15 -+ stxvb16x 47, 0, 9 # store output -+ xxlxor 48, 48, 16 -+ stxvb16x 48, 15, 9 # store output -+ -+ vcipherlast 17, 17, 23 -+ vcipherlast 18, 18, 23 -+ -+ xxlxor 49, 49, 17 -+ stxvb16x 49, 16, 9 # store output -+ xxlxor 50, 50, 18 -+ stxvb16x 50, 17, 9 # store output -+ -+ vcipherlast 19, 19, 23 -+ vcipherlast 20, 20, 23 -+ -+ xxlxor 51, 51, 19 -+ stxvb16x 51, 18, 9 # store output -+ xxlxor 52, 52, 20 -+ stxvb16x 52, 19, 9 # store output -+ -+ vcipherlast 21, 21, 23 -+ vcipherlast 22, 22, 23 -+ -+ xxlxor 53, 53, 21 -+ stxvb16x 53, 20, 9 # store output -+ xxlxor 54, 54, 22 -+ stxvb16x 54, 21, 9 # store output -+ -+ addi 9, 9, 128 -+ -+ xxlor 15+32, 15, 15 -+ xxlor 16+32, 16, 16 -+ xxlor 17+32, 17, 17 -+ xxlor 18+32, 18, 18 -+ xxlor 19+32, 19, 19 -+ xxlor 20+32, 20, 20 -+ xxlor 21+32, 21, 21 -+ xxlor 22+32, 22, 22 -+ -+ # ghash here -+ ppc_aes_gcm_ghash2_4x -+ -+ xxlor 27+32, 0, 0 -+ vaddudm 30, 30, 31 # IV + counter -+ vmr 29, 30 -+ vxor 15, 30, 27 # add round key -+ vaddudm 30, 30, 31 -+ vxor 16, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 17, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 18, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 19, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 20, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 21, 30, 27 -+ vaddudm 30, 30, 31 -+ vxor 22, 30, 27 -+ addi 12, 12, -128 -+ addi 11, 11, 128 -+ -+ bdnz Loop_8x_block_dec -+ -+ vmr 30, 29 -+ -+Loop_last_block_dec: -+ cmpdi 12, 0 -+ beq aes_gcm_out -+ -+ # loop last few blocks -+ li 10, 16 -+ divdu 10, 12, 10 -+ -+ mtctr 10 -+ -+ lwz 10,240(6) -+ -+ cmpdi 12, 16 -+ blt Final_block_dec -+ -+Next_rem_block_dec: -+ lxvb16x 15, 0, 14 # load block -+ -+ Loop_aes_middle_1x -+ -+ xxlor 23+32, 10, 10 -+ -+ cmpdi 10, 10 -+ beq Do_next_1x_dec -+ -+ # 192 bits -+ xxlor 24+32, 11, 11 -+ -+ vcipher 15, 15, 23 -+ vcipher 15, 15, 24 -+ -+ xxlor 23+32, 12, 12 -+ -+ cmpdi 10, 12 -+ beq Do_next_1x_dec -+ -+ # 256 bits -+ xxlor 24+32, 13, 13 -+ -+ vcipher 15, 15, 23 -+ vcipher 15, 15, 24 -+ -+ xxlor 23+32, 14, 14 -+ -+ cmpdi 10, 14 -+ beq Do_next_1x_dec -+ -+Do_next_1x_dec: -+ vcipherlast 15, 15, 23 -+ -+ xxlxor 47, 47, 15 -+ stxvb16x 47, 0, 9 # store output -+ addi 14, 14, 16 -+ addi 9, 9, 16 -+ -+ xxlor 28+32, 15, 15 -+ ppc_update_hash_1x -+ -+ addi 12, 12, -16 -+ addi 11, 11, 16 -+ xxlor 19+32, 0, 0 -+ vaddudm 30, 30, 31 # IV + counter -+ vxor 15, 30, 19 # add round key -+ -+ bdnz Next_rem_block_dec -+ -+ cmpdi 12, 0 -+ beq aes_gcm_out -+ -+Final_block_dec: -+ Loop_aes_middle_1x -+ -+ xxlor 23+32, 10, 10 -+ -+ cmpdi 10, 10 -+ beq Do_final_1x_dec -+ -+ # 192 bits -+ xxlor 24+32, 11, 11 -+ -+ vcipher 15, 15, 23 -+ vcipher 15, 15, 24 -+ -+ xxlor 23+32, 12, 12 -+ -+ cmpdi 10, 12 -+ beq Do_final_1x_dec -+ -+ # 256 bits -+ xxlor 24+32, 13, 13 -+ -+ vcipher 15, 15, 23 -+ vcipher 15, 15, 24 -+ -+ xxlor 23+32, 14, 14 -+ -+ cmpdi 10, 14 -+ beq Do_final_1x_dec -+ -+Do_final_1x_dec: -+ vcipherlast 15, 15, 23 -+ -+ lxvb16x 15, 0, 14 # load block -+ xxlxor 47, 47, 15 -+ -+ # create partial block mask -+ li 15, 16 -+ sub 15, 15, 12 # index to the mask -+ -+ vspltisb 16, -1 # first 16 bytes - 0xffff...ff -+ vspltisb 17, 0 # second 16 bytes - 0x0000...00 -+ li 10, 192 -+ stvx 16, 10, 1 -+ addi 10, 10, 16 -+ stvx 17, 10, 1 -+ -+ addi 10, 1, 192 -+ lxvb16x 16, 15, 10 # load block mask -+ xxland 47, 47, 16 -+ -+ xxlor 28+32, 15, 15 -+ ppc_update_hash_1x -+ -+ # * should store only the remaining bytes. -+ bl Write_partial_block -+ -+ b aes_gcm_out -+ -+ -+___ -+ -+foreach (split("\n",$code)) { -+ s/\`([^\`]*)\`/eval $1/geo; -+ -+ if ($flavour =~ /le$/o) { # little-endian -+ s/le\?//o or -+ s/be\?/#be#/o; -+ } else { -+ s/le\?/#le#/o or -+ s/be\?//o; -+ } -+ print $_,"\n"; -+} -+ -+close STDOUT or die "error closing STDOUT: $!"; # enforce flush -diff --git a/crypto/modes/build.info b/crypto/modes/build.info -index 687e872..0ea122e 100644 ---- a/crypto/modes/build.info -+++ b/crypto/modes/build.info -@@ -32,7 +32,7 @@ IF[{- !$disabled{asm} -}] - $MODESASM_parisc20_64=$MODESASM_parisc11 - $MODESDEF_parisc20_64=$MODESDEF_parisc11 - -- $MODESASM_ppc32=ghashp8-ppc.s -+ $MODESASM_ppc32=ghashp8-ppc.s aes-gcm-ppc.s - $MODESDEF_ppc32= - $MODESASM_ppc64=$MODESASM_ppc32 - $MODESDEF_ppc64=$MODESDEF_ppc32 -@@ -71,6 +71,7 @@ INCLUDE[ghash-sparcv9.o]=.. - GENERATE[ghash-alpha.S]=asm/ghash-alpha.pl - GENERATE[ghash-parisc.s]=asm/ghash-parisc.pl - GENERATE[ghashp8-ppc.s]=asm/ghashp8-ppc.pl -+GENERATE[aes-gcm-ppc.s]=asm/aes-gcm-ppc.pl - GENERATE[ghash-armv4.S]=asm/ghash-armv4.pl - INCLUDE[ghash-armv4.o]=.. - GENERATE[ghashv8-armx.S]=asm/ghashv8-armx.pl -diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h -index e95ad5a..0c281a3 100644 ---- a/include/crypto/aes_platform.h -+++ b/include/crypto/aes_platform.h -@@ -74,6 +74,26 @@ void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, - # define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks - # define HWAES_xts_encrypt aes_p8_xts_encrypt - # define HWAES_xts_decrypt aes_p8_xts_decrypt -+# define PPC_AES_GCM_CAPABLE (OPENSSL_ppccap_P & PPC_MADD300) -+# define AES_GCM_ENC_BYTES 128 -+# define AES_GCM_DEC_BYTES 128 -+size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, -+ size_t len, const void *key, unsigned char ivec[16], -+ u64 *Xi); -+size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, -+ size_t len, const void *key, unsigned char ivec[16], -+ u64 *Xi); -+size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, -+ size_t len, const void *key, -+ unsigned char ivec[16], u64 *Xi); -+size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, -+ size_t len, const void *key, -+ unsigned char ivec[16], u64 *Xi); -+# define AES_gcm_encrypt ppc_aes_gcm_encrypt_wrap -+# define AES_gcm_decrypt ppc_aes_gcm_decrypt_wrap -+# define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \ -+ (gctx)->gcm.ghash==gcm_ghash_p8) -+void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); - # endif /* PPC */ - - # if (defined(__arm__) || defined(__arm) || defined(__aarch64__)) -diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw.c b/providers/implementations/ciphers/cipher_aes_gcm_hw.c -index 44fa9d4..789ec12 100644 ---- a/providers/implementations/ciphers/cipher_aes_gcm_hw.c -+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw.c -@@ -141,6 +141,8 @@ static const PROV_GCM_HW aes_gcm = { - # include "cipher_aes_gcm_hw_t4.inc" - #elif defined(AES_PMULL_CAPABLE) && defined(AES_GCM_ASM) - # include "cipher_aes_gcm_hw_armv8.inc" -+#elif defined(PPC_AES_GCM_CAPABLE) -+# include "cipher_aes_gcm_hw_ppc.inc" - #else - const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits) - { -diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc -new file mode 100644 -index 0000000..4eed0f4 ---- /dev/null -+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc -@@ -0,0 +1,119 @@ -+/* -+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+/*- -+ * PPC support for AES GCM. -+ * This file is included by cipher_aes_gcm_hw.c -+ */ -+ -+static int aes_ppc_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key, -+ size_t keylen) -+{ -+ PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; -+ AES_KEY *ks = &actx->ks.ks; -+ -+ GCM_HW_SET_KEY_CTR_FN(ks, aes_p8_set_encrypt_key, aes_p8_encrypt, -+ aes_p8_ctr32_encrypt_blocks); -+ return 1; -+} -+ -+ -+extern size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, -+ const void *key, unsigned char ivec[16], u64 *Xi); -+extern size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, -+ const void *key, unsigned char ivec[16], u64 *Xi); -+ -+static inline u32 UTO32(unsigned char *buf) -+{ -+ return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) | ((u32) buf[2] << 8) | ((u32) buf[3]); -+} -+ -+static inline u32 add32TOU(unsigned char buf[4], u32 n) -+{ -+ u32 r; -+ -+ r = UTO32(buf); -+ r += n; -+ buf[0] = (unsigned char) (r >> 24) & 0xFF; -+ buf[1] = (unsigned char) (r >> 16) & 0xFF; -+ buf[2] = (unsigned char) (r >> 8) & 0xFF; -+ buf[3] = (unsigned char) r & 0xFF; -+ return r; -+} -+ -+static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len, -+ const void *key, unsigned char ivec[16], u64 *Xi, int encrypt) -+{ -+ int s = 0; -+ int ndone = 0; -+ int ctr_reset = 0; -+ u64 blocks_unused; -+ u64 nb = len / 16; -+ u64 next_ctr = 0; -+ unsigned char ctr_saved[12]; -+ -+ memcpy(ctr_saved, ivec, 12); -+ -+ while (nb) { -+ blocks_unused = (u64) 0xffffffffU + 1 - (u64) UTO32 (ivec + 12); -+ if (nb > blocks_unused) { -+ len = blocks_unused * 16; -+ nb -= blocks_unused; -+ next_ctr = blocks_unused; -+ ctr_reset = 1; -+ } else { -+ len = nb * 16; -+ next_ctr = nb; -+ nb = 0; -+ } -+ -+ s = encrypt ? ppc_aes_gcm_encrypt(in, out, len, key, ivec, Xi) -+ : ppc_aes_gcm_decrypt(in, out, len, key, ivec, Xi); -+ -+ /* add counter to ivec */ -+ add32TOU(ivec + 12, (u32) next_ctr); -+ if (ctr_reset) { -+ ctr_reset = 0; -+ in += len; -+ out += len; -+ } -+ memcpy(ivec, ctr_saved, 12); -+ ndone += s; -+ } -+ -+ return ndone; -+} -+ -+size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, size_t len, -+ const void *key, unsigned char ivec[16], u64 *Xi) -+{ -+ return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 1); -+} -+ -+size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, size_t len, -+ const void *key, unsigned char ivec[16], u64 *Xi) -+{ -+ return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 0); -+} -+ -+ -+static const PROV_GCM_HW aes_ppc_gcm = { -+ aes_ppc_gcm_initkey, -+ ossl_gcm_setiv, -+ ossl_gcm_aad_update, -+ generic_aes_gcm_cipher_update, -+ ossl_gcm_cipher_final, -+ ossl_gcm_one_shot -+}; -+ -+const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits) -+{ -+ return PPC_AES_GCM_CAPABLE ? &aes_ppc_gcm : &aes_gcm; -+} -+ diff --git a/0072-ChaCha20-performance-optimizations-for-ppc64le.patch b/0072-ChaCha20-performance-optimizations-for-ppc64le.patch deleted file mode 100644 index e5e7f9b..0000000 --- a/0072-ChaCha20-performance-optimizations-for-ppc64le.patch +++ /dev/null @@ -1,1493 +0,0 @@ -Upstream-Status: Backport [ - https://github.com/openssl/openssl/commit/f596bbe4da779b56eea34d96168b557d78e1149, - https://github.com/openssl/openssl/commit/7e1f3ffcc5bc15fb9a12b9e3bb202f544c6ed5aa, - hunks in crypto/ppccap.c from https://github.com/openssl/openssl/commit/f5485b97b6c9977c0d39c7669b9f97a879312447 -] -diff --git a/crypto/chacha/asm/chachap10-ppc.pl b/crypto/chacha/asm/chachap10-ppc.pl -new file mode 100755 -index 0000000..36e9a8d ---- /dev/null -+++ b/crypto/chacha/asm/chachap10-ppc.pl -@@ -0,0 +1,1288 @@ -+#! /usr/bin/env perl -+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+# -+# ==================================================================== -+# Written by Andy Polyakov for the OpenSSL -+# project. The module is, however, dual licensed under OpenSSL and -+# CRYPTOGAMS licenses depending on where you obtain it. For further -+# details see http://www.openssl.org/~appro/cryptogams/. -+# ==================================================================== -+# -+# October 2015 -+# -+# ChaCha20 for PowerPC/AltiVec. -+# -+# June 2018 -+# -+# Add VSX 2.07 code path. Original 3xAltiVec+1xIALU is well-suited for -+# processors that can't issue more than one vector instruction per -+# cycle. But POWER8 (and POWER9) can issue a pair, and vector-only 4x -+# interleave would perform better. Incidentally PowerISA 2.07 (first -+# implemented by POWER8) defined new usable instructions, hence 4xVSX -+# code path... -+# -+# Performance in cycles per byte out of large buffer. -+# -+# IALU/gcc-4.x 3xAltiVec+1xIALU 4xVSX -+# -+# Freescale e300 13.6/+115% - - -+# PPC74x0/G4e 6.81/+310% 3.81 - -+# PPC970/G5 9.29/+160% ? - -+# POWER7 8.62/+61% 3.35 - -+# POWER8 8.70/+51% 2.91 2.09 -+# POWER9 8.80/+29% 4.44(*) 2.45(**) -+# -+# (*) this is trade-off result, it's possible to improve it, but -+# then it would negatively affect all others; -+# (**) POWER9 seems to be "allergic" to mixing vector and integer -+# instructions, which is why switch to vector-only code pays -+# off that much; -+ -+# $output is the last argument if it looks like a file (it has an extension) -+# $flavour is the first argument if it doesn't look like a file -+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -+$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; -+ -+if ($flavour =~ /64/) { -+ $SIZE_T =8; -+ $LRSAVE =2*$SIZE_T; -+ $STU ="stdu"; -+ $POP ="ld"; -+ $PUSH ="std"; -+ $UCMP ="cmpld"; -+} elsif ($flavour =~ /32/) { -+ $SIZE_T =4; -+ $LRSAVE =$SIZE_T; -+ $STU ="stwu"; -+ $POP ="lwz"; -+ $PUSH ="stw"; -+ $UCMP ="cmplw"; -+} else { die "nonsense $flavour"; } -+ -+$LITTLE_ENDIAN = ($flavour=~/le$/) ? 1 : 0; -+ -+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -+die "can't locate ppc-xlate.pl"; -+ -+open STDOUT,"| $^X $xlate $flavour \"$output\"" -+ or die "can't call $xlate: $!"; -+ -+$LOCALS=6*$SIZE_T; -+$FRAME=$LOCALS+64+18*$SIZE_T; # 64 is for local variables -+ -+sub AUTOLOAD() # thunk [simplified] x86-style perlasm -+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./; -+ $code .= "\t$opcode\t".join(',',@_)."\n"; -+} -+ -+my $sp = "r1"; -+ -+my ($out,$inp,$len,$key,$ctr) = map("r$_",(3..7)); -+ -+ -+{{{ -+my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, -+ $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3) = map("v$_",(0..15)); -+my @K = map("v$_",(16..19)); -+my $CTR = "v26"; -+my ($xt0,$xt1,$xt2,$xt3) = map("v$_",(27..30)); -+my ($sixteen,$twelve,$eight,$seven) = ($xt0,$xt1,$xt2,$xt3); -+my $beperm = "v31"; -+ -+my ($x00,$x10,$x20,$x30) = (0, map("r$_",(8..10))); -+ -+my $FRAME=$LOCALS+64+7*16; # 7*16 is for v26-v31 offload -+ -+ -+sub VSX_lane_ROUND_4x { -+my ($a0,$b0,$c0,$d0)=@_; -+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); -+my @x=map("\"v$_\"",(0..15)); -+ -+ ( -+ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", # Q1 -+ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", # Q2 -+ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", # Q3 -+ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", # Q4 -+ "&vxor (@x[$d0],@x[$d0],@x[$a0])", -+ "&vxor (@x[$d1],@x[$d1],@x[$a1])", -+ "&vxor (@x[$d2],@x[$d2],@x[$a2])", -+ "&vxor (@x[$d3],@x[$d3],@x[$a3])", -+ "&vrlw (@x[$d0],@x[$d0],'$sixteen')", -+ "&vrlw (@x[$d1],@x[$d1],'$sixteen')", -+ "&vrlw (@x[$d2],@x[$d2],'$sixteen')", -+ "&vrlw (@x[$d3],@x[$d3],'$sixteen')", -+ -+ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", -+ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", -+ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", -+ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", -+ "&vxor (@x[$b0],@x[$b0],@x[$c0])", -+ "&vxor (@x[$b1],@x[$b1],@x[$c1])", -+ "&vxor (@x[$b2],@x[$b2],@x[$c2])", -+ "&vxor (@x[$b3],@x[$b3],@x[$c3])", -+ "&vrlw (@x[$b0],@x[$b0],'$twelve')", -+ "&vrlw (@x[$b1],@x[$b1],'$twelve')", -+ "&vrlw (@x[$b2],@x[$b2],'$twelve')", -+ "&vrlw (@x[$b3],@x[$b3],'$twelve')", -+ -+ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", -+ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", -+ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", -+ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", -+ "&vxor (@x[$d0],@x[$d0],@x[$a0])", -+ "&vxor (@x[$d1],@x[$d1],@x[$a1])", -+ "&vxor (@x[$d2],@x[$d2],@x[$a2])", -+ "&vxor (@x[$d3],@x[$d3],@x[$a3])", -+ "&vrlw (@x[$d0],@x[$d0],'$eight')", -+ "&vrlw (@x[$d1],@x[$d1],'$eight')", -+ "&vrlw (@x[$d2],@x[$d2],'$eight')", -+ "&vrlw (@x[$d3],@x[$d3],'$eight')", -+ -+ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", -+ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", -+ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", -+ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", -+ "&vxor (@x[$b0],@x[$b0],@x[$c0])", -+ "&vxor (@x[$b1],@x[$b1],@x[$c1])", -+ "&vxor (@x[$b2],@x[$b2],@x[$c2])", -+ "&vxor (@x[$b3],@x[$b3],@x[$c3])", -+ "&vrlw (@x[$b0],@x[$b0],'$seven')", -+ "&vrlw (@x[$b1],@x[$b1],'$seven')", -+ "&vrlw (@x[$b2],@x[$b2],'$seven')", -+ "&vrlw (@x[$b3],@x[$b3],'$seven')" -+ ); -+} -+ -+$code.=<<___; -+ -+.globl .ChaCha20_ctr32_vsx_p10 -+.align 5 -+.ChaCha20_ctr32_vsx_p10: -+ ${UCMP}i $len,255 -+ bgt ChaCha20_ctr32_vsx_8x -+ $STU $sp,-$FRAME($sp) -+ mflr r0 -+ li r10,`15+$LOCALS+64` -+ li r11,`31+$LOCALS+64` -+ mfspr r12,256 -+ stvx v26,r10,$sp -+ addi r10,r10,32 -+ stvx v27,r11,$sp -+ addi r11,r11,32 -+ stvx v28,r10,$sp -+ addi r10,r10,32 -+ stvx v29,r11,$sp -+ addi r11,r11,32 -+ stvx v30,r10,$sp -+ stvx v31,r11,$sp -+ stw r12,`$FRAME-4`($sp) # save vrsave -+ li r12,-4096+63 -+ $PUSH r0, `$FRAME+$LRSAVE`($sp) -+ mtspr 256,r12 # preserve 29 AltiVec registers -+ -+ bl Lconsts # returns pointer Lsigma in r12 -+ lvx_4w @K[0],0,r12 # load sigma -+ addi r12,r12,0x70 -+ li $x10,16 -+ li $x20,32 -+ li $x30,48 -+ li r11,64 -+ -+ lvx_4w @K[1],0,$key # load key -+ lvx_4w @K[2],$x10,$key -+ lvx_4w @K[3],0,$ctr # load counter -+ -+ vxor $xt0,$xt0,$xt0 -+ lvx_4w $xt1,r11,r12 -+ vspltw $CTR,@K[3],0 -+ vsldoi @K[3],@K[3],$xt0,4 -+ vsldoi @K[3],$xt0,@K[3],12 # clear @K[3].word[0] -+ vadduwm $CTR,$CTR,$xt1 -+ -+ be?lvsl $beperm,0,$x10 # 0x00..0f -+ be?vspltisb $xt0,3 # 0x03..03 -+ be?vxor $beperm,$beperm,$xt0 # swap bytes within words -+ -+ li r0,10 # inner loop counter -+ mtctr r0 -+ b Loop_outer_vsx -+ -+.align 5 -+Loop_outer_vsx: -+ lvx $xa0,$x00,r12 # load [smashed] sigma -+ lvx $xa1,$x10,r12 -+ lvx $xa2,$x20,r12 -+ lvx $xa3,$x30,r12 -+ -+ vspltw $xb0,@K[1],0 # smash the key -+ vspltw $xb1,@K[1],1 -+ vspltw $xb2,@K[1],2 -+ vspltw $xb3,@K[1],3 -+ -+ vspltw $xc0,@K[2],0 -+ vspltw $xc1,@K[2],1 -+ vspltw $xc2,@K[2],2 -+ vspltw $xc3,@K[2],3 -+ -+ vmr $xd0,$CTR # smash the counter -+ vspltw $xd1,@K[3],1 -+ vspltw $xd2,@K[3],2 -+ vspltw $xd3,@K[3],3 -+ -+ vspltisw $sixteen,-16 # synthesize constants -+ vspltisw $twelve,12 -+ vspltisw $eight,8 -+ vspltisw $seven,7 -+ -+Loop_vsx_4x: -+___ -+ foreach (&VSX_lane_ROUND_4x(0, 4, 8,12)) { eval; } -+ foreach (&VSX_lane_ROUND_4x(0, 5,10,15)) { eval; } -+$code.=<<___; -+ -+ bdnz Loop_vsx_4x -+ -+ vadduwm $xd0,$xd0,$CTR -+ -+ vmrgew $xt0,$xa0,$xa1 # transpose data -+ vmrgew $xt1,$xa2,$xa3 -+ vmrgow $xa0,$xa0,$xa1 -+ vmrgow $xa2,$xa2,$xa3 -+ vmrgew $xt2,$xb0,$xb1 -+ vmrgew $xt3,$xb2,$xb3 -+ vpermdi $xa1,$xa0,$xa2,0b00 -+ vpermdi $xa3,$xa0,$xa2,0b11 -+ vpermdi $xa0,$xt0,$xt1,0b00 -+ vpermdi $xa2,$xt0,$xt1,0b11 -+ -+ vmrgow $xb0,$xb0,$xb1 -+ vmrgow $xb2,$xb2,$xb3 -+ vmrgew $xt0,$xc0,$xc1 -+ vmrgew $xt1,$xc2,$xc3 -+ vpermdi $xb1,$xb0,$xb2,0b00 -+ vpermdi $xb3,$xb0,$xb2,0b11 -+ vpermdi $xb0,$xt2,$xt3,0b00 -+ vpermdi $xb2,$xt2,$xt3,0b11 -+ -+ vmrgow $xc0,$xc0,$xc1 -+ vmrgow $xc2,$xc2,$xc3 -+ vmrgew $xt2,$xd0,$xd1 -+ vmrgew $xt3,$xd2,$xd3 -+ vpermdi $xc1,$xc0,$xc2,0b00 -+ vpermdi $xc3,$xc0,$xc2,0b11 -+ vpermdi $xc0,$xt0,$xt1,0b00 -+ vpermdi $xc2,$xt0,$xt1,0b11 -+ -+ vmrgow $xd0,$xd0,$xd1 -+ vmrgow $xd2,$xd2,$xd3 -+ vspltisw $xt0,4 -+ vadduwm $CTR,$CTR,$xt0 # next counter value -+ vpermdi $xd1,$xd0,$xd2,0b00 -+ vpermdi $xd3,$xd0,$xd2,0b11 -+ vpermdi $xd0,$xt2,$xt3,0b00 -+ vpermdi $xd2,$xt2,$xt3,0b11 -+ -+ vadduwm $xa0,$xa0,@K[0] -+ vadduwm $xb0,$xb0,@K[1] -+ vadduwm $xc0,$xc0,@K[2] -+ vadduwm $xd0,$xd0,@K[3] -+ -+ be?vperm $xa0,$xa0,$xa0,$beperm -+ be?vperm $xb0,$xb0,$xb0,$beperm -+ be?vperm $xc0,$xc0,$xc0,$beperm -+ be?vperm $xd0,$xd0,$xd0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx -+ -+ lvx_4w $xt0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xt0,$xt0,$xa0 -+ vxor $xt1,$xt1,$xb0 -+ vxor $xt2,$xt2,$xc0 -+ vxor $xt3,$xt3,$xd0 -+ -+ stvx_4w $xt0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx -+ -+ vadduwm $xa0,$xa1,@K[0] -+ vadduwm $xb0,$xb1,@K[1] -+ vadduwm $xc0,$xc1,@K[2] -+ vadduwm $xd0,$xd1,@K[3] -+ -+ be?vperm $xa0,$xa0,$xa0,$beperm -+ be?vperm $xb0,$xb0,$xb0,$beperm -+ be?vperm $xc0,$xc0,$xc0,$beperm -+ be?vperm $xd0,$xd0,$xd0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx -+ -+ lvx_4w $xt0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xt0,$xt0,$xa0 -+ vxor $xt1,$xt1,$xb0 -+ vxor $xt2,$xt2,$xc0 -+ vxor $xt3,$xt3,$xd0 -+ -+ stvx_4w $xt0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx -+ -+ vadduwm $xa0,$xa2,@K[0] -+ vadduwm $xb0,$xb2,@K[1] -+ vadduwm $xc0,$xc2,@K[2] -+ vadduwm $xd0,$xd2,@K[3] -+ -+ be?vperm $xa0,$xa0,$xa0,$beperm -+ be?vperm $xb0,$xb0,$xb0,$beperm -+ be?vperm $xc0,$xc0,$xc0,$beperm -+ be?vperm $xd0,$xd0,$xd0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx -+ -+ lvx_4w $xt0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xt0,$xt0,$xa0 -+ vxor $xt1,$xt1,$xb0 -+ vxor $xt2,$xt2,$xc0 -+ vxor $xt3,$xt3,$xd0 -+ -+ stvx_4w $xt0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx -+ -+ vadduwm $xa0,$xa3,@K[0] -+ vadduwm $xb0,$xb3,@K[1] -+ vadduwm $xc0,$xc3,@K[2] -+ vadduwm $xd0,$xd3,@K[3] -+ -+ be?vperm $xa0,$xa0,$xa0,$beperm -+ be?vperm $xb0,$xb0,$xb0,$beperm -+ be?vperm $xc0,$xc0,$xc0,$beperm -+ be?vperm $xd0,$xd0,$xd0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx -+ -+ lvx_4w $xt0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xt0,$xt0,$xa0 -+ vxor $xt1,$xt1,$xb0 -+ vxor $xt2,$xt2,$xc0 -+ vxor $xt3,$xt3,$xd0 -+ -+ stvx_4w $xt0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ mtctr r0 -+ bne Loop_outer_vsx -+ -+Ldone_vsx: -+ lwz r12,`$FRAME-4`($sp) # pull vrsave -+ li r10,`15+$LOCALS+64` -+ li r11,`31+$LOCALS+64` -+ $POP r0, `$FRAME+$LRSAVE`($sp) -+ mtspr 256,r12 # restore vrsave -+ lvx v26,r10,$sp -+ addi r10,r10,32 -+ lvx v27,r11,$sp -+ addi r11,r11,32 -+ lvx v28,r10,$sp -+ addi r10,r10,32 -+ lvx v29,r11,$sp -+ addi r11,r11,32 -+ lvx v30,r10,$sp -+ lvx v31,r11,$sp -+ mtlr r0 -+ addi $sp,$sp,$FRAME -+ blr -+ -+.align 4 -+Ltail_vsx: -+ addi r11,$sp,$LOCALS -+ mtctr $len -+ stvx_4w $xa0,$x00,r11 # offload block to stack -+ stvx_4w $xb0,$x10,r11 -+ stvx_4w $xc0,$x20,r11 -+ stvx_4w $xd0,$x30,r11 -+ subi r12,r11,1 # prepare for *++ptr -+ subi $inp,$inp,1 -+ subi $out,$out,1 -+ -+Loop_tail_vsx: -+ lbzu r6,1(r12) -+ lbzu r7,1($inp) -+ xor r6,r6,r7 -+ stbu r6,1($out) -+ bdnz Loop_tail_vsx -+ -+ stvx_4w $K[0],$x00,r11 # wipe copy of the block -+ stvx_4w $K[0],$x10,r11 -+ stvx_4w $K[0],$x20,r11 -+ stvx_4w $K[0],$x30,r11 -+ -+ b Ldone_vsx -+ .long 0 -+ .byte 0,12,0x04,1,0x80,0,5,0 -+ .long 0 -+.size .ChaCha20_ctr32_vsx_p10,.-.ChaCha20_ctr32_vsx_p10 -+___ -+}}} -+ -+##This is 8 block in parallel implementation. The heart of chacha round uses vector instruction that has access to -+# vsr[32+X]. To perform the 8 parallel block we tend to use all 32 register to hold the 8 block info. -+# WE need to store few register value on side, so we can use VSR{32+X} for few vector instructions used in round op and hold intermediate value. -+# WE use the VSR[0]-VSR[31] for holding intermediate value and perform 8 block in parallel. -+# -+{{{ -+#### ($out,$inp,$len,$key,$ctr) = map("r$_",(3..7)); -+my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, -+ $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3, -+ $xa4,$xa5,$xa6,$xa7, $xb4,$xb5,$xb6,$xb7, -+ $xc4,$xc5,$xc6,$xc7, $xd4,$xd5,$xd6,$xd7) = map("v$_",(0..31)); -+my ($xcn4,$xcn5,$xcn6,$xcn7, $xdn4,$xdn5,$xdn6,$xdn7) = map("v$_",(8..15)); -+my ($xan0,$xbn0,$xcn0,$xdn0) = map("v$_",(0..3)); -+my @K = map("v$_",27,(24..26)); -+my ($xt0,$xt1,$xt2,$xt3,$xt4) = map("v$_",23,(28..31)); -+my $xr0 = "v4"; -+my $CTR0 = "v22"; -+my $CTR1 = "v5"; -+my $beperm = "v31"; -+my ($x00,$x10,$x20,$x30) = (0, map("r$_",(8..10))); -+my ($xv0,$xv1,$xv2,$xv3,$xv4,$xv5,$xv6,$xv7) = map("v$_",(0..7)); -+my ($xv8,$xv9,$xv10,$xv11,$xv12,$xv13,$xv14,$xv15,$xv16,$xv17) = map("v$_",(8..17)); -+my ($xv18,$xv19,$xv20,$xv21) = map("v$_",(18..21)); -+my ($xv22,$xv23,$xv24,$xv25,$xv26) = map("v$_",(22..26)); -+ -+my $FRAME=$LOCALS+64+9*16; # 8*16 is for v24-v31 offload -+ -+sub VSX_lane_ROUND_8x { -+my ($a0,$b0,$c0,$d0,$a4,$b4,$c4,$d4)=@_; -+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); -+my ($a5,$b5,$c5,$d5)=map(($_&~3)+(($_+1)&3),($a4,$b4,$c4,$d4)); -+my ($a6,$b6,$c6,$d6)=map(($_&~3)+(($_+1)&3),($a5,$b5,$c5,$d5)); -+my ($a7,$b7,$c7,$d7)=map(($_&~3)+(($_+1)&3),($a6,$b6,$c6,$d6)); -+my ($xv8,$xv9,$xv10,$xv11,$xv12,$xv13,$xv14,$xv15,$xv16,$xv17) = map("\"v$_\"",(8..17)); -+my @x=map("\"v$_\"",(0..31)); -+ -+ ( -+ "&vxxlor ($xv15 ,@x[$c7],@x[$c7])", #copy v30 to v13 -+ "&vxxlorc (@x[$c7], $xv9,$xv9)", -+ -+ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", # Q1 -+ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", # Q2 -+ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", # Q3 -+ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", # Q4 -+ "&vadduwm (@x[$a4],@x[$a4],@x[$b4])", # Q1 -+ "&vadduwm (@x[$a5],@x[$a5],@x[$b5])", # Q2 -+ "&vadduwm (@x[$a6],@x[$a6],@x[$b6])", # Q3 -+ "&vadduwm (@x[$a7],@x[$a7],@x[$b7])", # Q4 -+ -+ "&vxor (@x[$d0],@x[$d0],@x[$a0])", -+ "&vxor (@x[$d1],@x[$d1],@x[$a1])", -+ "&vxor (@x[$d2],@x[$d2],@x[$a2])", -+ "&vxor (@x[$d3],@x[$d3],@x[$a3])", -+ "&vxor (@x[$d4],@x[$d4],@x[$a4])", -+ "&vxor (@x[$d5],@x[$d5],@x[$a5])", -+ "&vxor (@x[$d6],@x[$d6],@x[$a6])", -+ "&vxor (@x[$d7],@x[$d7],@x[$a7])", -+ -+ "&vrlw (@x[$d0],@x[$d0],@x[$c7])", -+ "&vrlw (@x[$d1],@x[$d1],@x[$c7])", -+ "&vrlw (@x[$d2],@x[$d2],@x[$c7])", -+ "&vrlw (@x[$d3],@x[$d3],@x[$c7])", -+ "&vrlw (@x[$d4],@x[$d4],@x[$c7])", -+ "&vrlw (@x[$d5],@x[$d5],@x[$c7])", -+ "&vrlw (@x[$d6],@x[$d6],@x[$c7])", -+ "&vrlw (@x[$d7],@x[$d7],@x[$c7])", -+ -+ "&vxxlor ($xv13 ,@x[$a7],@x[$a7])", -+ "&vxxlorc (@x[$c7], $xv15,$xv15)", -+ "&vxxlorc (@x[$a7], $xv10,$xv10)", -+ -+ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", -+ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", -+ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", -+ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", -+ "&vadduwm (@x[$c4],@x[$c4],@x[$d4])", -+ "&vadduwm (@x[$c5],@x[$c5],@x[$d5])", -+ "&vadduwm (@x[$c6],@x[$c6],@x[$d6])", -+ "&vadduwm (@x[$c7],@x[$c7],@x[$d7])", -+ -+ "&vxor (@x[$b0],@x[$b0],@x[$c0])", -+ "&vxor (@x[$b1],@x[$b1],@x[$c1])", -+ "&vxor (@x[$b2],@x[$b2],@x[$c2])", -+ "&vxor (@x[$b3],@x[$b3],@x[$c3])", -+ "&vxor (@x[$b4],@x[$b4],@x[$c4])", -+ "&vxor (@x[$b5],@x[$b5],@x[$c5])", -+ "&vxor (@x[$b6],@x[$b6],@x[$c6])", -+ "&vxor (@x[$b7],@x[$b7],@x[$c7])", -+ -+ "&vrlw (@x[$b0],@x[$b0],@x[$a7])", -+ "&vrlw (@x[$b1],@x[$b1],@x[$a7])", -+ "&vrlw (@x[$b2],@x[$b2],@x[$a7])", -+ "&vrlw (@x[$b3],@x[$b3],@x[$a7])", -+ "&vrlw (@x[$b4],@x[$b4],@x[$a7])", -+ "&vrlw (@x[$b5],@x[$b5],@x[$a7])", -+ "&vrlw (@x[$b6],@x[$b6],@x[$a7])", -+ "&vrlw (@x[$b7],@x[$b7],@x[$a7])", -+ -+ "&vxxlorc (@x[$a7], $xv13,$xv13)", -+ "&vxxlor ($xv15 ,@x[$c7],@x[$c7])", -+ "&vxxlorc (@x[$c7], $xv11,$xv11)", -+ -+ -+ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", -+ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", -+ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", -+ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", -+ "&vadduwm (@x[$a4],@x[$a4],@x[$b4])", -+ "&vadduwm (@x[$a5],@x[$a5],@x[$b5])", -+ "&vadduwm (@x[$a6],@x[$a6],@x[$b6])", -+ "&vadduwm (@x[$a7],@x[$a7],@x[$b7])", -+ -+ "&vxor (@x[$d0],@x[$d0],@x[$a0])", -+ "&vxor (@x[$d1],@x[$d1],@x[$a1])", -+ "&vxor (@x[$d2],@x[$d2],@x[$a2])", -+ "&vxor (@x[$d3],@x[$d3],@x[$a3])", -+ "&vxor (@x[$d4],@x[$d4],@x[$a4])", -+ "&vxor (@x[$d5],@x[$d5],@x[$a5])", -+ "&vxor (@x[$d6],@x[$d6],@x[$a6])", -+ "&vxor (@x[$d7],@x[$d7],@x[$a7])", -+ -+ "&vrlw (@x[$d0],@x[$d0],@x[$c7])", -+ "&vrlw (@x[$d1],@x[$d1],@x[$c7])", -+ "&vrlw (@x[$d2],@x[$d2],@x[$c7])", -+ "&vrlw (@x[$d3],@x[$d3],@x[$c7])", -+ "&vrlw (@x[$d4],@x[$d4],@x[$c7])", -+ "&vrlw (@x[$d5],@x[$d5],@x[$c7])", -+ "&vrlw (@x[$d6],@x[$d6],@x[$c7])", -+ "&vrlw (@x[$d7],@x[$d7],@x[$c7])", -+ -+ "&vxxlorc (@x[$c7], $xv15,$xv15)", -+ "&vxxlor ($xv13 ,@x[$a7],@x[$a7])", -+ "&vxxlorc (@x[$a7], $xv12,$xv12)", -+ -+ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", -+ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", -+ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", -+ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", -+ "&vadduwm (@x[$c4],@x[$c4],@x[$d4])", -+ "&vadduwm (@x[$c5],@x[$c5],@x[$d5])", -+ "&vadduwm (@x[$c6],@x[$c6],@x[$d6])", -+ "&vadduwm (@x[$c7],@x[$c7],@x[$d7])", -+ "&vxor (@x[$b0],@x[$b0],@x[$c0])", -+ "&vxor (@x[$b1],@x[$b1],@x[$c1])", -+ "&vxor (@x[$b2],@x[$b2],@x[$c2])", -+ "&vxor (@x[$b3],@x[$b3],@x[$c3])", -+ "&vxor (@x[$b4],@x[$b4],@x[$c4])", -+ "&vxor (@x[$b5],@x[$b5],@x[$c5])", -+ "&vxor (@x[$b6],@x[$b6],@x[$c6])", -+ "&vxor (@x[$b7],@x[$b7],@x[$c7])", -+ "&vrlw (@x[$b0],@x[$b0],@x[$a7])", -+ "&vrlw (@x[$b1],@x[$b1],@x[$a7])", -+ "&vrlw (@x[$b2],@x[$b2],@x[$a7])", -+ "&vrlw (@x[$b3],@x[$b3],@x[$a7])", -+ "&vrlw (@x[$b4],@x[$b4],@x[$a7])", -+ "&vrlw (@x[$b5],@x[$b5],@x[$a7])", -+ "&vrlw (@x[$b6],@x[$b6],@x[$a7])", -+ "&vrlw (@x[$b7],@x[$b7],@x[$a7])", -+ -+ "&vxxlorc (@x[$a7], $xv13,$xv13)", -+ ); -+} -+ -+$code.=<<___; -+ -+.globl .ChaCha20_ctr32_vsx_8x -+.align 5 -+.ChaCha20_ctr32_vsx_8x: -+ $STU $sp,-$FRAME($sp) -+ mflr r0 -+ li r10,`15+$LOCALS+64` -+ li r11,`31+$LOCALS+64` -+ mfspr r12,256 -+ stvx v24,r10,$sp -+ addi r10,r10,32 -+ stvx v25,r11,$sp -+ addi r11,r11,32 -+ stvx v26,r10,$sp -+ addi r10,r10,32 -+ stvx v27,r11,$sp -+ addi r11,r11,32 -+ stvx v28,r10,$sp -+ addi r10,r10,32 -+ stvx v29,r11,$sp -+ addi r11,r11,32 -+ stvx v30,r10,$sp -+ stvx v31,r11,$sp -+ stw r12,`$FRAME-4`($sp) # save vrsave -+ li r12,-4096+63 -+ $PUSH r0, `$FRAME+$LRSAVE`($sp) -+ mtspr 256,r12 # preserve 29 AltiVec registers -+ -+ bl Lconsts # returns pointer Lsigma in r12 -+ -+ lvx_4w @K[0],0,r12 # load sigma -+ addi r12,r12,0x70 -+ li $x10,16 -+ li $x20,32 -+ li $x30,48 -+ li r11,64 -+ -+ vspltisw $xa4,-16 # synthesize constants -+ vspltisw $xb4,12 # synthesize constants -+ vspltisw $xc4,8 # synthesize constants -+ vspltisw $xd4,7 # synthesize constants -+ -+ lvx $xa0,$x00,r12 # load [smashed] sigma -+ lvx $xa1,$x10,r12 -+ lvx $xa2,$x20,r12 -+ lvx $xa3,$x30,r12 -+ -+ vxxlor $xv9 ,$xa4,$xa4 #save shift val in vr9-12 -+ vxxlor $xv10 ,$xb4,$xb4 -+ vxxlor $xv11 ,$xc4,$xc4 -+ vxxlor $xv12 ,$xd4,$xd4 -+ vxxlor $xv22 ,$xa0,$xa0 #save sigma in vr22-25 -+ vxxlor $xv23 ,$xa1,$xa1 -+ vxxlor $xv24 ,$xa2,$xa2 -+ vxxlor $xv25 ,$xa3,$xa3 -+ -+ lvx_4w @K[1],0,$key # load key -+ lvx_4w @K[2],$x10,$key -+ lvx_4w @K[3],0,$ctr # load counter -+ vspltisw $xt3,4 -+ -+ -+ vxor $xt2,$xt2,$xt2 -+ lvx_4w $xt1,r11,r12 -+ vspltw $xa2,@K[3],0 #save the original count after spltw -+ vsldoi @K[3],@K[3],$xt2,4 -+ vsldoi @K[3],$xt2,@K[3],12 # clear @K[3].word[0] -+ vadduwm $xt1,$xa2,$xt1 -+ vadduwm $xt3,$xt1,$xt3 # next counter value -+ vspltw $xa0,@K[2],2 # save the K[2] spltw 2 and save v8. -+ -+ be?lvsl $beperm,0,$x10 # 0x00..0f -+ be?vspltisb $xt0,3 # 0x03..03 -+ be?vxor $beperm,$beperm,$xt0 # swap bytes within words -+ be?vxxlor $xv26 ,$beperm,$beperm -+ -+ vxxlor $xv0 ,@K[0],@K[0] # K0,k1,k2 to vr0,1,2 -+ vxxlor $xv1 ,@K[1],@K[1] -+ vxxlor $xv2 ,@K[2],@K[2] -+ vxxlor $xv3 ,@K[3],@K[3] -+ vxxlor $xv4 ,$xt1,$xt1 #CTR ->4, CTR+4-> 5 -+ vxxlor $xv5 ,$xt3,$xt3 -+ vxxlor $xv8 ,$xa0,$xa0 -+ -+ li r0,10 # inner loop counter -+ mtctr r0 -+ b Loop_outer_vsx_8x -+ -+.align 5 -+Loop_outer_vsx_8x: -+ vxxlorc $xa0,$xv22,$xv22 # load [smashed] sigma -+ vxxlorc $xa1,$xv23,$xv23 -+ vxxlorc $xa2,$xv24,$xv24 -+ vxxlorc $xa3,$xv25,$xv25 -+ vxxlorc $xa4,$xv22,$xv22 -+ vxxlorc $xa5,$xv23,$xv23 -+ vxxlorc $xa6,$xv24,$xv24 -+ vxxlorc $xa7,$xv25,$xv25 -+ -+ vspltw $xb0,@K[1],0 # smash the key -+ vspltw $xb1,@K[1],1 -+ vspltw $xb2,@K[1],2 -+ vspltw $xb3,@K[1],3 -+ vspltw $xb4,@K[1],0 # smash the key -+ vspltw $xb5,@K[1],1 -+ vspltw $xb6,@K[1],2 -+ vspltw $xb7,@K[1],3 -+ -+ vspltw $xc0,@K[2],0 -+ vspltw $xc1,@K[2],1 -+ vspltw $xc2,@K[2],2 -+ vspltw $xc3,@K[2],3 -+ vspltw $xc4,@K[2],0 -+ vspltw $xc7,@K[2],3 -+ vspltw $xc5,@K[2],1 -+ -+ vxxlorc $xd0,$xv4,$xv4 # smash the counter -+ vspltw $xd1,@K[3],1 -+ vspltw $xd2,@K[3],2 -+ vspltw $xd3,@K[3],3 -+ vxxlorc $xd4,$xv5,$xv5 # smash the counter -+ vspltw $xd5,@K[3],1 -+ vspltw $xd6,@K[3],2 -+ vspltw $xd7,@K[3],3 -+ vxxlorc $xc6,$xv8,$xv8 #copy of vlspt k[2],2 is in v8.v26 ->k[3] so need to wait until k3 is done -+ -+Loop_vsx_8x: -+___ -+ foreach (&VSX_lane_ROUND_8x(0,4, 8,12,16,20,24,28)) { eval; } -+ foreach (&VSX_lane_ROUND_8x(0,5,10,15,16,21,26,31)) { eval; } -+$code.=<<___; -+ -+ bdnz Loop_vsx_8x -+ vxxlor $xv13 ,$xd4,$xd4 # save the register vr24-31 -+ vxxlor $xv14 ,$xd5,$xd5 # -+ vxxlor $xv15 ,$xd6,$xd6 # -+ vxxlor $xv16 ,$xd7,$xd7 # -+ -+ vxxlor $xv18 ,$xc4,$xc4 # -+ vxxlor $xv19 ,$xc5,$xc5 # -+ vxxlor $xv20 ,$xc6,$xc6 # -+ vxxlor $xv21 ,$xc7,$xc7 # -+ -+ vxxlor $xv6 ,$xb6,$xb6 # save vr23, so we get 8 regs -+ vxxlor $xv7 ,$xb7,$xb7 # save vr23, so we get 8 regs -+ be?vxxlorc $beperm,$xv26,$xv26 # copy back the the beperm. -+ -+ vxxlorc @K[0],$xv0,$xv0 #27 -+ vxxlorc @K[1],$xv1,$xv1 #24 -+ vxxlorc @K[2],$xv2,$xv2 #25 -+ vxxlorc @K[3],$xv3,$xv3 #26 -+ vxxlorc $CTR0,$xv4,$xv4 -+###changing to vertical -+ -+ vmrgew $xt0,$xa0,$xa1 # transpose data -+ vmrgew $xt1,$xa2,$xa3 -+ vmrgow $xa0,$xa0,$xa1 -+ vmrgow $xa2,$xa2,$xa3 -+ -+ vmrgew $xt2,$xb0,$xb1 -+ vmrgew $xt3,$xb2,$xb3 -+ vmrgow $xb0,$xb0,$xb1 -+ vmrgow $xb2,$xb2,$xb3 -+ -+ vadduwm $xd0,$xd0,$CTR0 -+ -+ vpermdi $xa1,$xa0,$xa2,0b00 -+ vpermdi $xa3,$xa0,$xa2,0b11 -+ vpermdi $xa0,$xt0,$xt1,0b00 -+ vpermdi $xa2,$xt0,$xt1,0b11 -+ vpermdi $xb1,$xb0,$xb2,0b00 -+ vpermdi $xb3,$xb0,$xb2,0b11 -+ vpermdi $xb0,$xt2,$xt3,0b00 -+ vpermdi $xb2,$xt2,$xt3,0b11 -+ -+ vmrgew $xt0,$xc0,$xc1 -+ vmrgew $xt1,$xc2,$xc3 -+ vmrgow $xc0,$xc0,$xc1 -+ vmrgow $xc2,$xc2,$xc3 -+ vmrgew $xt2,$xd0,$xd1 -+ vmrgew $xt3,$xd2,$xd3 -+ vmrgow $xd0,$xd0,$xd1 -+ vmrgow $xd2,$xd2,$xd3 -+ -+ vpermdi $xc1,$xc0,$xc2,0b00 -+ vpermdi $xc3,$xc0,$xc2,0b11 -+ vpermdi $xc0,$xt0,$xt1,0b00 -+ vpermdi $xc2,$xt0,$xt1,0b11 -+ vpermdi $xd1,$xd0,$xd2,0b00 -+ vpermdi $xd3,$xd0,$xd2,0b11 -+ vpermdi $xd0,$xt2,$xt3,0b00 -+ vpermdi $xd2,$xt2,$xt3,0b11 -+ -+ vspltisw $xt0,8 -+ vadduwm $CTR0,$CTR0,$xt0 # next counter value -+ vxxlor $xv4 ,$CTR0,$CTR0 #CTR+4-> 5 -+ -+ vadduwm $xa0,$xa0,@K[0] -+ vadduwm $xb0,$xb0,@K[1] -+ vadduwm $xc0,$xc0,@K[2] -+ vadduwm $xd0,$xd0,@K[3] -+ -+ be?vperm $xa0,$xa0,$xa0,$beperm -+ be?vperm $xb0,$xb0,$xb0,$beperm -+ be?vperm $xc0,$xc0,$xc0,$beperm -+ be?vperm $xd0,$xd0,$xd0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx_8x -+ -+ lvx_4w $xt0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xt0,$xt0,$xa0 -+ vxor $xt1,$xt1,$xb0 -+ vxor $xt2,$xt2,$xc0 -+ vxor $xt3,$xt3,$xd0 -+ -+ stvx_4w $xt0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx_8x -+ -+ vadduwm $xa0,$xa1,@K[0] -+ vadduwm $xb0,$xb1,@K[1] -+ vadduwm $xc0,$xc1,@K[2] -+ vadduwm $xd0,$xd1,@K[3] -+ -+ be?vperm $xa0,$xa0,$xa0,$beperm -+ be?vperm $xb0,$xb0,$xb0,$beperm -+ be?vperm $xc0,$xc0,$xc0,$beperm -+ be?vperm $xd0,$xd0,$xd0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx_8x -+ -+ lvx_4w $xt0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xt0,$xt0,$xa0 -+ vxor $xt1,$xt1,$xb0 -+ vxor $xt2,$xt2,$xc0 -+ vxor $xt3,$xt3,$xd0 -+ -+ stvx_4w $xt0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx_8x -+ -+ vadduwm $xa0,$xa2,@K[0] -+ vadduwm $xb0,$xb2,@K[1] -+ vadduwm $xc0,$xc2,@K[2] -+ vadduwm $xd0,$xd2,@K[3] -+ -+ be?vperm $xa0,$xa0,$xa0,$beperm -+ be?vperm $xb0,$xb0,$xb0,$beperm -+ be?vperm $xc0,$xc0,$xc0,$beperm -+ be?vperm $xd0,$xd0,$xd0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx_8x -+ -+ lvx_4w $xt0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xt0,$xt0,$xa0 -+ vxor $xt1,$xt1,$xb0 -+ vxor $xt2,$xt2,$xc0 -+ vxor $xt3,$xt3,$xd0 -+ -+ stvx_4w $xt0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx_8x -+ -+ vadduwm $xa0,$xa3,@K[0] -+ vadduwm $xb0,$xb3,@K[1] -+ vadduwm $xc0,$xc3,@K[2] -+ vadduwm $xd0,$xd3,@K[3] -+ -+ be?vperm $xa0,$xa0,$xa0,$beperm -+ be?vperm $xb0,$xb0,$xb0,$beperm -+ be?vperm $xc0,$xc0,$xc0,$beperm -+ be?vperm $xd0,$xd0,$xd0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx_8x -+ -+ lvx_4w $xt0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xt0,$xt0,$xa0 -+ vxor $xt1,$xt1,$xb0 -+ vxor $xt2,$xt2,$xc0 -+ vxor $xt3,$xt3,$xd0 -+ -+ stvx_4w $xt0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx_8x -+ -+#blk4-7: 24:31 remain the same as we can use the same logic above . Reg a4-b7 remain same.Load c4,d7--> position 8-15.we can reuse vr24-31. -+#VR0-3 : are used to load temp value, vr4 --> as xr0 instead of xt0. -+ -+ vxxlorc $CTR1 ,$xv5,$xv5 -+ -+ vxxlorc $xcn4 ,$xv18,$xv18 -+ vxxlorc $xcn5 ,$xv19,$xv19 -+ vxxlorc $xcn6 ,$xv20,$xv20 -+ vxxlorc $xcn7 ,$xv21,$xv21 -+ -+ vxxlorc $xdn4 ,$xv13,$xv13 -+ vxxlorc $xdn5 ,$xv14,$xv14 -+ vxxlorc $xdn6 ,$xv15,$xv15 -+ vxxlorc $xdn7 ,$xv16,$xv16 -+ vadduwm $xdn4,$xdn4,$CTR1 -+ -+ vxxlorc $xb6 ,$xv6,$xv6 -+ vxxlorc $xb7 ,$xv7,$xv7 -+#use xa1->xr0, as xt0...in the block 4-7 -+ -+ vmrgew $xr0,$xa4,$xa5 # transpose data -+ vmrgew $xt1,$xa6,$xa7 -+ vmrgow $xa4,$xa4,$xa5 -+ vmrgow $xa6,$xa6,$xa7 -+ vmrgew $xt2,$xb4,$xb5 -+ vmrgew $xt3,$xb6,$xb7 -+ vmrgow $xb4,$xb4,$xb5 -+ vmrgow $xb6,$xb6,$xb7 -+ -+ vpermdi $xa5,$xa4,$xa6,0b00 -+ vpermdi $xa7,$xa4,$xa6,0b11 -+ vpermdi $xa4,$xr0,$xt1,0b00 -+ vpermdi $xa6,$xr0,$xt1,0b11 -+ vpermdi $xb5,$xb4,$xb6,0b00 -+ vpermdi $xb7,$xb4,$xb6,0b11 -+ vpermdi $xb4,$xt2,$xt3,0b00 -+ vpermdi $xb6,$xt2,$xt3,0b11 -+ -+ vmrgew $xr0,$xcn4,$xcn5 -+ vmrgew $xt1,$xcn6,$xcn7 -+ vmrgow $xcn4,$xcn4,$xcn5 -+ vmrgow $xcn6,$xcn6,$xcn7 -+ vmrgew $xt2,$xdn4,$xdn5 -+ vmrgew $xt3,$xdn6,$xdn7 -+ vmrgow $xdn4,$xdn4,$xdn5 -+ vmrgow $xdn6,$xdn6,$xdn7 -+ -+ vpermdi $xcn5,$xcn4,$xcn6,0b00 -+ vpermdi $xcn7,$xcn4,$xcn6,0b11 -+ vpermdi $xcn4,$xr0,$xt1,0b00 -+ vpermdi $xcn6,$xr0,$xt1,0b11 -+ vpermdi $xdn5,$xdn4,$xdn6,0b00 -+ vpermdi $xdn7,$xdn4,$xdn6,0b11 -+ vpermdi $xdn4,$xt2,$xt3,0b00 -+ vpermdi $xdn6,$xt2,$xt3,0b11 -+ -+ vspltisw $xr0,8 -+ vadduwm $CTR1,$CTR1,$xr0 # next counter value -+ vxxlor $xv5 ,$CTR1,$CTR1 #CTR+4-> 5 -+ -+ vadduwm $xan0,$xa4,@K[0] -+ vadduwm $xbn0,$xb4,@K[1] -+ vadduwm $xcn0,$xcn4,@K[2] -+ vadduwm $xdn0,$xdn4,@K[3] -+ -+ be?vperm $xan0,$xa4,$xa4,$beperm -+ be?vperm $xbn0,$xb4,$xb4,$beperm -+ be?vperm $xcn0,$xcn4,$xcn4,$beperm -+ be?vperm $xdn0,$xdn4,$xdn4,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx_8x_1 -+ -+ lvx_4w $xr0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xr0,$xr0,$xan0 -+ vxor $xt1,$xt1,$xbn0 -+ vxor $xt2,$xt2,$xcn0 -+ vxor $xt3,$xt3,$xdn0 -+ -+ stvx_4w $xr0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx_8x -+ -+ vadduwm $xan0,$xa5,@K[0] -+ vadduwm $xbn0,$xb5,@K[1] -+ vadduwm $xcn0,$xcn5,@K[2] -+ vadduwm $xdn0,$xdn5,@K[3] -+ -+ be?vperm $xan0,$xan0,$xan0,$beperm -+ be?vperm $xbn0,$xbn0,$xbn0,$beperm -+ be?vperm $xcn0,$xcn0,$xcn0,$beperm -+ be?vperm $xdn0,$xdn0,$xdn0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx_8x_1 -+ -+ lvx_4w $xr0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xr0,$xr0,$xan0 -+ vxor $xt1,$xt1,$xbn0 -+ vxor $xt2,$xt2,$xcn0 -+ vxor $xt3,$xt3,$xdn0 -+ -+ stvx_4w $xr0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx_8x -+ -+ vadduwm $xan0,$xa6,@K[0] -+ vadduwm $xbn0,$xb6,@K[1] -+ vadduwm $xcn0,$xcn6,@K[2] -+ vadduwm $xdn0,$xdn6,@K[3] -+ -+ be?vperm $xan0,$xan0,$xan0,$beperm -+ be?vperm $xbn0,$xbn0,$xbn0,$beperm -+ be?vperm $xcn0,$xcn0,$xcn0,$beperm -+ be?vperm $xdn0,$xdn0,$xdn0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx_8x_1 -+ -+ lvx_4w $xr0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xr0,$xr0,$xan0 -+ vxor $xt1,$xt1,$xbn0 -+ vxor $xt2,$xt2,$xcn0 -+ vxor $xt3,$xt3,$xdn0 -+ -+ stvx_4w $xr0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx_8x -+ -+ vadduwm $xan0,$xa7,@K[0] -+ vadduwm $xbn0,$xb7,@K[1] -+ vadduwm $xcn0,$xcn7,@K[2] -+ vadduwm $xdn0,$xdn7,@K[3] -+ -+ be?vperm $xan0,$xan0,$xan0,$beperm -+ be?vperm $xbn0,$xbn0,$xbn0,$beperm -+ be?vperm $xcn0,$xcn0,$xcn0,$beperm -+ be?vperm $xdn0,$xdn0,$xdn0,$beperm -+ -+ ${UCMP}i $len,0x40 -+ blt Ltail_vsx_8x_1 -+ -+ lvx_4w $xr0,$x00,$inp -+ lvx_4w $xt1,$x10,$inp -+ lvx_4w $xt2,$x20,$inp -+ lvx_4w $xt3,$x30,$inp -+ -+ vxor $xr0,$xr0,$xan0 -+ vxor $xt1,$xt1,$xbn0 -+ vxor $xt2,$xt2,$xcn0 -+ vxor $xt3,$xt3,$xdn0 -+ -+ stvx_4w $xr0,$x00,$out -+ stvx_4w $xt1,$x10,$out -+ addi $inp,$inp,0x40 -+ stvx_4w $xt2,$x20,$out -+ subi $len,$len,0x40 -+ stvx_4w $xt3,$x30,$out -+ addi $out,$out,0x40 -+ beq Ldone_vsx_8x -+ -+ mtctr r0 -+ bne Loop_outer_vsx_8x -+ -+Ldone_vsx_8x: -+ lwz r12,`$FRAME-4`($sp) # pull vrsave -+ li r10,`15+$LOCALS+64` -+ li r11,`31+$LOCALS+64` -+ $POP r0, `$FRAME+$LRSAVE`($sp) -+ mtspr 256,r12 # restore vrsave -+ lvx v24,r10,$sp -+ addi r10,r10,32 -+ lvx v25,r11,$sp -+ addi r11,r11,32 -+ lvx v26,r10,$sp -+ addi r10,r10,32 -+ lvx v27,r11,$sp -+ addi r11,r11,32 -+ lvx v28,r10,$sp -+ addi r10,r10,32 -+ lvx v29,r11,$sp -+ addi r11,r11,32 -+ lvx v30,r10,$sp -+ lvx v31,r11,$sp -+ mtlr r0 -+ addi $sp,$sp,$FRAME -+ blr -+ -+.align 4 -+Ltail_vsx_8x: -+ addi r11,$sp,$LOCALS -+ mtctr $len -+ stvx_4w $xa0,$x00,r11 # offload block to stack -+ stvx_4w $xb0,$x10,r11 -+ stvx_4w $xc0,$x20,r11 -+ stvx_4w $xd0,$x30,r11 -+ subi r12,r11,1 # prepare for *++ptr -+ subi $inp,$inp,1 -+ subi $out,$out,1 -+ bl Loop_tail_vsx_8x -+Ltail_vsx_8x_1: -+ addi r11,$sp,$LOCALS -+ mtctr $len -+ stvx_4w $xan0,$x00,r11 # offload block to stack -+ stvx_4w $xbn0,$x10,r11 -+ stvx_4w $xcn0,$x20,r11 -+ stvx_4w $xdn0,$x30,r11 -+ subi r12,r11,1 # prepare for *++ptr -+ subi $inp,$inp,1 -+ subi $out,$out,1 -+ bl Loop_tail_vsx_8x -+ -+Loop_tail_vsx_8x: -+ lbzu r6,1(r12) -+ lbzu r7,1($inp) -+ xor r6,r6,r7 -+ stbu r6,1($out) -+ bdnz Loop_tail_vsx_8x -+ -+ stvx_4w $K[0],$x00,r11 # wipe copy of the block -+ stvx_4w $K[0],$x10,r11 -+ stvx_4w $K[0],$x20,r11 -+ stvx_4w $K[0],$x30,r11 -+ -+ b Ldone_vsx_8x -+ .long 0 -+ .byte 0,12,0x04,1,0x80,0,5,0 -+ .long 0 -+.size .ChaCha20_ctr32_vsx_8x,.-.ChaCha20_ctr32_vsx_8x -+___ -+}}} -+ -+ -+$code.=<<___; -+.align 5 -+Lconsts: -+ mflr r0 -+ bcl 20,31,\$+4 -+ mflr r12 #vvvvv "distance between . and Lsigma -+ addi r12,r12,`64-8` -+ mtlr r0 -+ blr -+ .long 0 -+ .byte 0,12,0x14,0,0,0,0,0 -+ .space `64-9*4` -+Lsigma: -+ .long 0x61707865,0x3320646e,0x79622d32,0x6b206574 -+ .long 1,0,0,0 -+ .long 2,0,0,0 -+ .long 3,0,0,0 -+ .long 4,0,0,0 -+___ -+$code.=<<___ if ($LITTLE_ENDIAN); -+ .long 0x0e0f0c0d,0x0a0b0809,0x06070405,0x02030001 -+ .long 0x0d0e0f0c,0x090a0b08,0x05060704,0x01020300 -+___ -+$code.=<<___ if (!$LITTLE_ENDIAN); # flipped words -+ .long 0x02030001,0x06070405,0x0a0b0809,0x0e0f0c0d -+ .long 0x01020300,0x05060704,0x090a0b08,0x0d0e0f0c -+___ -+$code.=<<___; -+ .long 0x61707865,0x61707865,0x61707865,0x61707865 -+ .long 0x3320646e,0x3320646e,0x3320646e,0x3320646e -+ .long 0x79622d32,0x79622d32,0x79622d32,0x79622d32 -+ .long 0x6b206574,0x6b206574,0x6b206574,0x6b206574 -+ .long 0,1,2,3 -+ .long 0x03020100,0x07060504,0x0b0a0908,0x0f0e0d0c -+.asciz "ChaCha20 for PowerPC/AltiVec, CRYPTOGAMS by " -+.align 2 -+___ -+ -+foreach (split("\n",$code)) { -+ s/\`([^\`]*)\`/eval $1/ge; -+ -+ # instructions prefixed with '?' are endian-specific and need -+ # to be adjusted accordingly... -+ if ($flavour !~ /le$/) { # big-endian -+ s/be\?// or -+ s/le\?/#le#/ or -+ s/\?lvsr/lvsl/ or -+ s/\?lvsl/lvsr/ or -+ s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/ or -+ s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 16-$3/; -+ } else { # little-endian -+ s/le\?// or -+ s/be\?/#be#/ or -+ s/\?([a-z]+)/$1/ or -+ s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 $3/; -+ } -+ -+ print $_,"\n"; -+} -+ -+close STDOUT or die "error closing STDOUT: $!"; -diff --git a/crypto/chacha/build.info b/crypto/chacha/build.info -index c12cb9c..2a819b2 100644 ---- a/crypto/chacha/build.info -+++ b/crypto/chacha/build.info -@@ -12,7 +12,7 @@ IF[{- !$disabled{asm} -}] - $CHACHAASM_armv4=chacha-armv4.S - $CHACHAASM_aarch64=chacha-armv8.S - -- $CHACHAASM_ppc32=chacha_ppc.c chacha-ppc.s -+ $CHACHAASM_ppc32=chacha_ppc.c chacha-ppc.s chachap10-ppc.s - $CHACHAASM_ppc64=$CHACHAASM_ppc32 - - $CHACHAASM_c64xplus=chacha-c64xplus.s -@@ -29,6 +29,7 @@ SOURCE[../../libcrypto]=$CHACHAASM - GENERATE[chacha-x86.S]=asm/chacha-x86.pl - GENERATE[chacha-x86_64.s]=asm/chacha-x86_64.pl - GENERATE[chacha-ppc.s]=asm/chacha-ppc.pl -+GENERATE[chachap10-ppc.s]=asm/chachap10-ppc.pl - GENERATE[chacha-armv4.S]=asm/chacha-armv4.pl - INCLUDE[chacha-armv4.o]=.. - GENERATE[chacha-armv8.S]=asm/chacha-armv8.pl -diff --git a/crypto/chacha/chacha_ppc.c b/crypto/chacha/chacha_ppc.c -index 5319040..f99cca8 100644 ---- a/crypto/chacha/chacha_ppc.c -+++ b/crypto/chacha/chacha_ppc.c -@@ -23,13 +23,18 @@ void ChaCha20_ctr32_vmx(unsigned char *out, const unsigned char *inp, - void ChaCha20_ctr32_vsx(unsigned char *out, const unsigned char *inp, - size_t len, const unsigned int key[8], - const unsigned int counter[4]); -+void ChaCha20_ctr32_vsx_p10(unsigned char *out, const unsigned char *inp, -+ size_t len, const unsigned int key[8], -+ const unsigned int counter[4]); - void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, - size_t len, const unsigned int key[8], - const unsigned int counter[4]) - { -- OPENSSL_ppccap_P & PPC_CRYPTO207 -- ? ChaCha20_ctr32_vsx(out, inp, len, key, counter) -- : OPENSSL_ppccap_P & PPC_ALTIVEC -- ? ChaCha20_ctr32_vmx(out, inp, len, key, counter) -- : ChaCha20_ctr32_int(out, inp, len, key, counter); -+ OPENSSL_ppccap_P & PPC_BRD31 -+ ? ChaCha20_ctr32_vsx_p10(out, inp, len, key, counter) -+ :OPENSSL_ppccap_P & PPC_CRYPTO207 -+ ? ChaCha20_ctr32_vsx(out, inp, len, key, counter) -+ : OPENSSL_ppccap_P & PPC_ALTIVEC -+ ? ChaCha20_ctr32_vmx(out, inp, len, key, counter) -+ : ChaCha20_ctr32_int(out, inp, len, key, counter); - } -diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl -index 2ee4440..4590340 100755 ---- a/crypto/perlasm/ppc-xlate.pl -+++ b/crypto/perlasm/ppc-xlate.pl -@@ -293,6 +293,14 @@ my $vpermdi = sub { # xxpermdi - $dm = oct($dm) if ($dm =~ /^0/); - " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($dm<<8)|(10<<3)|7; - }; -+my $vxxlor = sub { # xxlor -+ my ($f, $vrt, $vra, $vrb) = @_; -+ " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|(146<<3)|6; -+}; -+my $vxxlorc = sub { # xxlor -+ my ($f, $vrt, $vra, $vrb) = @_; -+ " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|(146<<3)|1; -+}; - - # PowerISA 2.07 stuff - sub vcrypto_op { -@@ -377,6 +385,15 @@ my $addex = sub { - }; - my $vmsumudm = sub { vfour_vsr(@_, 35); }; - -+# PowerISA 3.1 stuff -+my $brd = sub { -+ my ($f, $ra, $rs) = @_; -+ " .long ".sprintf "0x%X",(31<<26)|($rs<<21)|($ra<<16)|(187<<1); -+}; -+my $vsrq = sub { vcrypto_op(@_, 517); }; -+ -+ -+ - while($line=<>) { - - $line =~ s|[#!;].*$||; # get rid of asm-style comments... -diff --git a/crypto/ppccap.c b/crypto/ppccap.c -index 8bcfed2..664627c 100644 ---- a/crypto/ppccap.c -+++ b/crypto/ppccap.c -@@ -45,6 +45,7 @@ void OPENSSL_ppc64_probe(void); - void OPENSSL_altivec_probe(void); - void OPENSSL_crypto207_probe(void); - void OPENSSL_madd300_probe(void); -+void OPENSSL_brd31_probe(void); - - long OPENSSL_rdtsc_mftb(void); - long OPENSSL_rdtsc_mfspr268(void); -@@ -117,16 +118,21 @@ static unsigned long getauxval(unsigned long key) - #endif - - /* I wish was universally available */ --#define HWCAP 16 /* AT_HWCAP */ -+#ifndef AT_HWCAP -+# define AT_HWCAP 16 /* AT_HWCAP */ -+#endif - #define HWCAP_PPC64 (1U << 30) - #define HWCAP_ALTIVEC (1U << 28) - #define HWCAP_FPU (1U << 27) - #define HWCAP_POWER6_EXT (1U << 9) - #define HWCAP_VSX (1U << 7) - --#define HWCAP2 26 /* AT_HWCAP2 */ -+#ifndef AT_HWCAP2 -+# define AT_HWCAP2 26 /* AT_HWCAP2 */ -+#endif - #define HWCAP_VEC_CRYPTO (1U << 25) - #define HWCAP_ARCH_3_00 (1U << 23) -+#define HWCAP_ARCH_3_1 (1U << 18) - - # if defined(__GNUC__) && __GNUC__>=2 - __attribute__ ((constructor)) -@@ -187,6 +193,9 @@ void OPENSSL_cpuid_setup(void) - if (__power_set(0xffffffffU<<17)) /* POWER9 and later */ - OPENSSL_ppccap_P |= PPC_MADD300; - -+ if (__power_set(0xffffffffU<<18)) /* POWER10 and later */ -+ OPENSSL_ppccap_P |= PPC_BRD31; -+ - return; - # endif - #endif -@@ -215,8 +224,8 @@ void OPENSSL_cpuid_setup(void) - - #ifdef OSSL_IMPLEMENT_GETAUXVAL - { -- unsigned long hwcap = getauxval(HWCAP); -- unsigned long hwcap2 = getauxval(HWCAP2); -+ unsigned long hwcap = getauxval(AT_HWCAP); -+ unsigned long hwcap2 = getauxval(AT_HWCAP2); - - if (hwcap & HWCAP_FPU) { - OPENSSL_ppccap_P |= PPC_FPU; -@@ -242,6 +251,10 @@ void OPENSSL_cpuid_setup(void) - if (hwcap2 & HWCAP_ARCH_3_00) { - OPENSSL_ppccap_P |= PPC_MADD300; - } -+ -+ if (hwcap2 & HWCAP_ARCH_3_1) { -+ OPENSSL_ppccap_P |= PPC_BRD31; -+ } - } - #endif - -@@ -263,7 +276,7 @@ void OPENSSL_cpuid_setup(void) - sigaction(SIGILL, &ill_act, &ill_oact); - - #ifndef OSSL_IMPLEMENT_GETAUXVAL -- if (sigsetjmp(ill_jmp,1) == 0) { -+ if (sigsetjmp(ill_jmp, 1) == 0) { - OPENSSL_fpu_probe(); - OPENSSL_ppccap_P |= PPC_FPU; - -diff --git a/crypto/ppccpuid.pl b/crypto/ppccpuid.pl -index c6555df..706164a 100755 ---- a/crypto/ppccpuid.pl -+++ b/crypto/ppccpuid.pl -@@ -81,6 +81,17 @@ $code=<<___; - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - -+.globl .OPENSSL_brd31_probe -+.align 4 -+.OPENSSL_brd31_probe: -+ xor r0,r0,r0 -+ brd r3,r0 -+ blr -+ .long 0 -+ .byte 0,12,0x14,0,0,0,0,0 -+.size .OPENSSL_brd31_probe,.-.OPENSSL_brd31_probe -+ -+ - .globl .OPENSSL_wipe_cpu - .align 4 - .OPENSSL_wipe_cpu: -diff --git a/include/crypto/ppc_arch.h b/include/crypto/ppc_arch.h -index 3b3ce4b..fcc846c 100644 ---- a/include/crypto/ppc_arch.h -+++ b/include/crypto/ppc_arch.h -@@ -24,5 +24,6 @@ extern unsigned int OPENSSL_ppccap_P; - # define PPC_MADD300 (1<<4) - # define PPC_MFTB (1<<5) - # define PPC_MFSPR268 (1<<6) -+# define PPC_BRD31 (1<<7) - - #endif diff --git a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch index eeafbfa..85338b9 100644 --- a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch +++ b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch @@ -295,7 +295,7 @@ index 00cf65fcd6..83be3d8ede 100644 static void *rsa_newctx(void *provctx) @@ -190,12 +196,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, - return 0; + } } ret = - ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf, diff --git a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch index 0b6a9fb..30d5465 100644 --- a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch +++ b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch @@ -231,7 +231,7 @@ diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index b6d5e8e134..77eec075e6 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c -@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t, +@@ -444,10 +444,13 @@ static int self_test_sign(const ST_KAT_SIGN *t, int ret = 0; OSSL_PARAM *params = NULL, *params_sig = NULL; OSSL_PARAM_BLD *bld = NULL; @@ -241,7 +241,6 @@ index b6d5e8e134..77eec075e6 100644 EVP_PKEY *pkey = NULL; - unsigned char sig[256]; BN_CTX *bnctx = NULL; - BIGNUM *K = NULL; + const char *msg = "Hello World!"; + unsigned char sig[256]; size_t siglen = sizeof(sig); diff --git a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch index 807b3c4..30d5465 100644 --- a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +++ b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch @@ -90,7 +90,7 @@ index db1a1d7bc3..c94c3c53bd 100644 && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) @@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - } + goto err; } } +#endif /* !defined(FIPS_MODULE) */ @@ -231,7 +231,7 @@ diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index b6d5e8e134..77eec075e6 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c -@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t, +@@ -444,10 +444,13 @@ static int self_test_sign(const ST_KAT_SIGN *t, int ret = 0; OSSL_PARAM *params = NULL, *params_sig = NULL; OSSL_PARAM_BLD *bld = NULL; @@ -241,7 +241,6 @@ index b6d5e8e134..77eec075e6 100644 EVP_PKEY *pkey = NULL; - unsigned char sig[256]; BN_CTX *bnctx = NULL; - BIGNUM *K = NULL; + const char *msg = "Hello World!"; + unsigned char sig[256]; size_t siglen = sizeof(sig); diff --git a/0076-FIPS-140-3-DRBG.patch b/0076-FIPS-140-3-DRBG.patch index 0d91598..6577995 100644 --- a/0076-FIPS-140-3-DRBG.patch +++ b/0076-FIPS-140-3-DRBG.patch @@ -9,7 +9,7 @@ diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsr +# include static uint64_t get_time_stamp(void); - static uint64_t get_timer_bits(void); + @@ -342,66 +342,8 @@ static ssize_t syscall_random(void *buf, * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion * between size_t and ssize_t is safe even without a range check. diff --git a/0079-Fix-AES-GCM-on-Power-8-CPUs.patch b/0079-Fix-AES-GCM-on-Power-8-CPUs.patch deleted file mode 100644 index 05c642e..0000000 --- a/0079-Fix-AES-GCM-on-Power-8-CPUs.patch +++ /dev/null @@ -1,146 +0,0 @@ -From 5dee3e41a5b3f8934277de17a2ae192f43601948 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Fri, 9 Sep 2022 14:46:24 +0200 -Subject: [PATCH] Fix AES-GCM on Power 8 CPUs - -Properly fallback to the default implementation on CPUs -missing necessary instructions. - -Fixes #19163 - -(cherry picked from commit 24344d387178d45b37a1fbc51519c390e9a4effe) ---- - include/crypto/aes_platform.h | 12 +--- - .../ciphers/cipher_aes_gcm_hw_ppc.inc | 72 ++++++++++++++----- - 2 files changed, 56 insertions(+), 28 deletions(-) - -diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h -index 0c281a366a..6830bad0e9 100644 ---- a/include/crypto/aes_platform.h -+++ b/include/crypto/aes_platform.h -@@ -83,16 +83,8 @@ size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, - size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, unsigned char ivec[16], - u64 *Xi); --size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, -- size_t len, const void *key, -- unsigned char ivec[16], u64 *Xi); --size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, -- size_t len, const void *key, -- unsigned char ivec[16], u64 *Xi); --# define AES_gcm_encrypt ppc_aes_gcm_encrypt_wrap --# define AES_gcm_decrypt ppc_aes_gcm_decrypt_wrap --# define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \ -- (gctx)->gcm.ghash==gcm_ghash_p8) -+# define AES_GCM_ASM_PPC(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \ -+ (gctx)->gcm.ghash==gcm_ghash_p8) - void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len); - # endif /* PPC */ - -diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc -index 4eed0f4ab0..03e3eddc41 100644 ---- a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc -+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc -@@ -23,12 +23,6 @@ static int aes_ppc_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key, - return 1; - } - -- --extern size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, -- const void *key, unsigned char ivec[16], u64 *Xi); --extern size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, -- const void *key, unsigned char ivec[16], u64 *Xi); -- - static inline u32 UTO32(unsigned char *buf) - { - return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) | ((u32) buf[2] << 8) | ((u32) buf[3]); -@@ -47,7 +41,7 @@ static inline u32 add32TOU(unsigned char buf[4], u32 n) - return r; - } - --static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len, -+static size_t ppc_aes_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len, - const void *key, unsigned char ivec[16], u64 *Xi, int encrypt) - { - int s = 0; -@@ -90,24 +84,66 @@ static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, siz - return ndone; - } - --size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, size_t len, -- const void *key, unsigned char ivec[16], u64 *Xi) --{ -- return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 1); --} -- --size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, size_t len, -- const void *key, unsigned char ivec[16], u64 *Xi) -+static int ppc_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in, -+ size_t len, unsigned char *out) - { -- return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 0); -+ if (ctx->enc) { -+ if (ctx->ctr != NULL) { -+ size_t bulk = 0; -+ -+ if (len >= AES_GCM_ENC_BYTES && AES_GCM_ASM_PPC(ctx)) { -+ size_t res = (16 - ctx->gcm.mres) % 16; -+ -+ if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, res)) -+ return 0; -+ -+ bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res, -+ ctx->gcm.key, -+ ctx->gcm.Yi.c, ctx->gcm.Xi.u, 1); -+ -+ ctx->gcm.len.u[1] += bulk; -+ bulk += res; -+ } -+ if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in + bulk, out + bulk, -+ len - bulk, ctx->ctr)) -+ return 0; -+ } else { -+ if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len)) -+ return 0; -+ } -+ } else { -+ if (ctx->ctr != NULL) { -+ size_t bulk = 0; -+ -+ if (len >= AES_GCM_DEC_BYTES && AES_GCM_ASM_PPC(ctx)) { -+ size_t res = (16 - ctx->gcm.mres) % 16; -+ -+ if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res)) -+ return -1; -+ -+ bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res, -+ ctx->gcm.key, -+ ctx->gcm.Yi.c, ctx->gcm.Xi.u, 0); -+ -+ ctx->gcm.len.u[1] += bulk; -+ bulk += res; -+ } -+ if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in + bulk, out + bulk, -+ len - bulk, ctx->ctr)) -+ return 0; -+ } else { -+ if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len)) -+ return 0; -+ } -+ } -+ return 1; - } - -- - static const PROV_GCM_HW aes_ppc_gcm = { - aes_ppc_gcm_initkey, - ossl_gcm_setiv, - ossl_gcm_aad_update, -- generic_aes_gcm_cipher_update, -+ ppc_aes_gcm_cipher_update, - ossl_gcm_cipher_final, - ossl_gcm_one_shot - }; --- -2.37.3 - diff --git a/0100-RSA-PKCS15-implicit-rejection.patch b/0100-RSA-PKCS15-implicit-rejection.patch index 40b8078..6821325 100644 --- a/0100-RSA-PKCS15-implicit-rejection.patch +++ b/0100-RSA-PKCS15-implicit-rejection.patch @@ -183,11 +183,11 @@ index 54e2a1c61ca..094a6632b66 100644 + } + } + - if (blinding) { - /* - * ossl_bn_rsa_do_unblind() combines blinding inversion and + if (blinding) + if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) + goto err; @@ -471,9 +545,12 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, - } + goto err; switch (padding) { - case RSA_PKCS1_PADDING: @@ -739,9 +739,9 @@ index e6c4758a33e..6e4a4f8539d 100644 #define OSSL_PKEY_PARAM_PUB_KEY "pub" #define OSSL_PKEY_PARAM_PRIV_KEY "priv" +#define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection" - #define OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K "rh_sign_kat_k" /* Diffie-Hellman/DSA Parameters */ + #define OSSL_PKEY_PARAM_FFC_P "p" @@ -482,6 +483,7 @@ extern "C" { #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" diff --git a/openssl.spec b/openssl.spec index 9828c2f..d6cc90f 100644 --- a/openssl.spec +++ b/openssl.spec @@ -28,8 +28,8 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 3.0.8 -Release: 4%{?dist} +Version: 3.1.1 +Release: 1%{?dist} Epoch: 1 Source: openssl-%{version}.tar.gz Source2: Makefile.certificate @@ -95,8 +95,6 @@ Patch49: 0049-Selectively-disallow-SHA1-signatures.patch # Selectively disallow SHA1 signatures rhbz#2070977 Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch %endif -# Backport of patch for RHEL for Edge rhbz #2027261 -Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch %if 0%{?rhel} # Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch @@ -108,7 +106,7 @@ Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch # no USDT probe instrumentation required %else # Instrument with USDT probes related to SHA-1 deprecation -Patch53: 0053-Add-SHA1-probes.patch +#Patch53: 0053-Add-SHA1-probes.patch %endif # https://github.com/openssl/openssl/pull/18103 # The patch is incorporated in 3.0.3 but we provide this function since 3.0.1 @@ -118,19 +116,9 @@ Patch56: 0056-strcasecmp.patch # Patch57: 0057-strcasecmp-fix.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 Patch58: 0058-FIPS-limit-rsa-encrypt.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2069235 -Patch60: 0060-FIPS-KAT-signature-tests.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2087147 Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch Patch62: 0062-fips-Expose-a-FIPS-indicator.patch -# https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c -# https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd -# Regression on Power8, see rhbz2124845, https://github.com/openssl/openssl/issues/19163; fix in 0079-Fix-AES-GCM-on-Power-8-CPUs.patch -Patch71: 0071-AES-GCM-performance-optimization.patch -# https://github.com/openssl/openssl/commit/f596bbe4da779b56eea34d96168b557d78e1149 -# https://github.com/openssl/openssl/commit/7e1f3ffcc5bc15fb9a12b9e3bb202f544c6ed5aa -# hunks in crypto/ppccap.c from https://github.com/openssl/openssl/commit/f5485b97b6c9977c0d39c7669b9f97a879312447 -Patch72: 0072-ChaCha20-performance-optimizations-for-ppc64le.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2102535 @@ -148,8 +136,6 @@ Patch76: 0076-FIPS-140-3-DRBG.patch Patch77: 0077-FIPS-140-3-zeroization.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2114772 Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2124845, https://github.com/openssl/openssl/pull/19182 -Patch79: 0079-Fix-AES-GCM-on-Power-8-CPUs.patch # https://github.com/openssl/openssl/pull/13817 Patch100: 0100-RSA-PKCS15-implicit-rejection.patch @@ -330,7 +316,7 @@ export OPENSSL_ENABLE_SHA1_SIGNATURES OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file export OPENSSL_SYSTEM_CIPHERS_OVERRIDE #embed HMAC into fips provider for test run -LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac +OPENSSL_CONF=/dev/null LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac mv providers/fips.so.mac providers/fips.so #run tests itself @@ -343,7 +329,7 @@ make test HARNESS_JOBS=8 %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ - LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so > $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \ + OPENSSL_CONF=/dev/null LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so > $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \ objcopy --update-section .rodata1=$RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac \ mv $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so \ rm $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \ @@ -483,6 +469,14 @@ install -m644 %{SOURCE9} \ %ldconfig_scriptlets libs %changelog +* Thu Jul 27 2023 Sahana Prasad - 1:3.1.1-1 +- Rebase to upstream version 3.1.1 + Resolves: CVE-2023-0464 + Resolves: CVE-2023-0465 + Resolves: CVE-2023-0466 + Resolves: CVE-2023-1255 + Resolves: CVE-2023-2650 + * Thu Jul 27 2023 Dmitry Belyavskiy - 1:3.0.8-4 - Forbid custom EC more completely Resolves: rhbz#2223953 diff --git a/sources b/sources index 1c23723..b60869c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-3.0.8.tar.gz) = 6c5651e1ed66a567238948b306aa9140c407a153da9c6afe14268c830748df252c955819fac4eb0759dae4dcbc9ec98f5cc2a4a90bb575747b1b040e104c7ffd +SHA512 (openssl-3.1.1.tar.gz) = 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9