From 4f828b924f54507141fb95ebe49dfcd261945e85 Mon Sep 17 00:00:00 2001
From: djm <>
Date: Tue, 27 Jun 2006 05:05:40 +0000
Subject: import of openssl-0.9.7j
---
src/lib/libcrypto/Attic/Makefile | 2 +-
src/lib/libcrypto/asn1/Makefile | 2 +-
src/lib/libcrypto/bf/Makefile | 10 +-
src/lib/libcrypto/bio/Makefile | 2 +-
src/lib/libcrypto/bn/Makefile | 8 +-
src/lib/libcrypto/bn/bntest.c | 56 +
src/lib/libcrypto/bn/expspeed.c | 2 +-
src/lib/libcrypto/bn/exptest.c | 18 +-
src/lib/libcrypto/buffer/Makefile | 2 +-
src/lib/libcrypto/cast/Makefile | 9 +-
src/lib/libcrypto/comp/Makefile | 2 +-
src/lib/libcrypto/conf/Makefile | 2 +-
src/lib/libcrypto/crypto-lib.com | 23 +-
src/lib/libcrypto/des/Makefile | 2 +-
src/lib/libcrypto/dh/Makefile | 2 +-
src/lib/libcrypto/dh/dhtest.c | 4 +
src/lib/libcrypto/dsa/Makefile | 2 +-
src/lib/libcrypto/dsa/dsatest.c | 9 +
src/lib/libcrypto/dso/Makefile | 2 +-
src/lib/libcrypto/dso/dso_dl.c | 35 +-
src/lib/libcrypto/dso/dso_win32.c | 21 +-
src/lib/libcrypto/engine/hw_aep.c | 1 +
src/lib/libcrypto/engine/hw_atalla.c | 1 +
src/lib/libcrypto/engine/hw_cswift.c | 204 +-
src/lib/libcrypto/engine/hw_ubsec.c | 1 +
src/lib/libcrypto/err/Makefile | 2 +-
src/lib/libcrypto/evp/Makefile | 2 +-
src/lib/libcrypto/evp/c_alld.c | 10 +
src/lib/libcrypto/evp/m_sha.c | 3 +
src/lib/libcrypto/hmac/Makefile | 2 +-
src/lib/libcrypto/idea/Makefile | 10 +-
src/lib/libcrypto/lhash/Makefile | 2 +-
src/lib/libcrypto/md2/Makefile | 2 +-
src/lib/libcrypto/md2/md2_one.c | 3 +-
src/lib/libcrypto/md4/Makefile | 2 +-
src/lib/libcrypto/md5/Makefile | 2 +-
src/lib/libcrypto/mdc2/Makefile | 2 +-
src/lib/libcrypto/objects/Makefile | 2 +-
src/lib/libcrypto/objects/obj_dat.h | 99 +-
src/lib/libcrypto/objects/obj_mac.h | 65 +-
src/lib/libcrypto/pem/Makefile | 2 +-
src/lib/libcrypto/perlasm/x86nasm.pl | 10 +-
src/lib/libcrypto/pkcs12/Makefile | 2 +-
src/lib/libcrypto/pkcs7/Makefile | 2 +-
src/lib/libcrypto/rand/Makefile | 2 +-
src/lib/libcrypto/rc2/Makefile | 4 +-
src/lib/libcrypto/rc2/rc2speed.c | 6 +-
src/lib/libcrypto/rc4/Makefile | 13 +-
src/lib/libcrypto/rc4/asm/rc4-ia64.S | 65 +-
src/lib/libcrypto/rc5/Makefile | 4 +-
src/lib/libcrypto/ripemd/Makefile | 2 +-
src/lib/libcrypto/rsa/Makefile | 36 +-
src/lib/libcrypto/rsa/rsa_test.c | 5 +-
src/lib/libcrypto/sha/Makefile | 2 +-
src/lib/libcrypto/sha/sha_one.c | 3 +-
src/lib/libcrypto/stack/Makefile | 2 +-
src/lib/libcrypto/txt_db/Makefile | 2 +-
src/lib/libcrypto/util/checkhash.pl | 222 ++
src/lib/libcrypto/util/fipslink.pl | 78 +
src/lib/libcrypto/util/libeay.num | 42 +-
src/lib/libcrypto/util/mk1mf.pl | 337 ++-
src/lib/libcrypto/util/mkdef.pl | 11 +-
src/lib/libcrypto/util/mkfiles.pl | 17 +-
src/lib/libcrypto/util/mklink.pl | 7 +-
src/lib/libcrypto/util/pl/BC-32.pl | 14 +-
src/lib/libcrypto/util/pl/OS2-EMX.pl | 1 +
src/lib/libcrypto/util/pl/VC-32-GMAKE.pl | 222 ++
src/lib/libcrypto/util/pl/VC-32.pl | 99 +-
src/lib/libcrypto/util/pod2man.pl | 1 +
src/lib/libcrypto/util/selftest.pl | 26 +-
src/lib/libcrypto/x509/Makefile | 2 +-
src/lib/libcrypto/x509v3/Makefile | 2 +-
src/lib/libssl/src/CHANGES | 114 +-
src/lib/libssl/src/Configure | 147 +-
src/lib/libssl/src/FAQ | 6 +-
src/lib/libssl/src/LICENSE | 2 +-
src/lib/libssl/src/Makefile | 146 +-
src/lib/libssl/src/Makefile.org | 144 +-
src/lib/libssl/src/NEWS | 14 +
src/lib/libssl/src/PROBLEMS | 56 +-
src/lib/libssl/src/README | 27 +-
src/lib/libssl/src/apps/CA.pl | 15 +-
src/lib/libssl/src/apps/CA.pl.in | 15 +-
src/lib/libssl/src/apps/CA.sh | 8 +-
src/lib/libssl/src/apps/Makefile | 19 +-
src/lib/libssl/src/apps/apps.c | 24 +-
src/lib/libssl/src/apps/asn1pars.c | 2 +-
src/lib/libssl/src/apps/ca.c | 1 -
src/lib/libssl/src/apps/engine.c | 4 +
src/lib/libssl/src/apps/genrsa.c | 27 +-
src/lib/libssl/src/apps/makeapps.com | 2 +-
src/lib/libssl/src/apps/openssl.c | 11 +-
src/lib/libssl/src/apps/rsautl.c | 3 +-
src/lib/libssl/src/apps/speed.c | 4 +-
src/lib/libssl/src/certs/argena.pem | 39 +
src/lib/libssl/src/certs/argeng.pem | 23 +
src/lib/libssl/src/config | 22 +-
src/lib/libssl/src/crypto/Makefile | 2 +-
src/lib/libssl/src/crypto/aes/aes_cbc.c | 2 +
src/lib/libssl/src/crypto/asn1/Makefile | 2 +-
src/lib/libssl/src/crypto/asn1/asn1.h | 2 +
src/lib/libssl/src/crypto/asn1/asn1_err.c | 324 +--
src/lib/libssl/src/crypto/asn1/tasn_dec.c | 78 +-
src/lib/libssl/src/crypto/asn1/tasn_enc.c | 9 +-
src/lib/libssl/src/crypto/bf/Makefile | 10 +-
src/lib/libssl/src/crypto/bf/bf_skey.c | 1 +
src/lib/libssl/src/crypto/bio/Makefile | 2 +-
src/lib/libssl/src/crypto/bio/b_print.c | 8 +-
src/lib/libssl/src/crypto/bio/bio_err.c | 130 +-
src/lib/libssl/src/crypto/bio/bss_conn.c | 2 +-
src/lib/libssl/src/crypto/bn/Makefile | 8 +-
src/lib/libssl/src/crypto/bn/asm/ppc.pl | 23 +-
src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S | 16 +-
src/lib/libssl/src/crypto/bn/bn.h | 34 +
src/lib/libssl/src/crypto/bn/bn_asm.c | 2 +-
src/lib/libssl/src/crypto/bn/bn_err.c | 92 +-
src/lib/libssl/src/crypto/bn/bn_exp.c | 244 +-
src/lib/libssl/src/crypto/bn/bn_lcl.h | 39 +
src/lib/libssl/src/crypto/bn/bn_mont.c | 20 +
src/lib/libssl/src/crypto/bn/bntest.c | 56 +
src/lib/libssl/src/crypto/bn/expspeed.c | 2 +-
src/lib/libssl/src/crypto/bn/exptest.c | 18 +-
src/lib/libssl/src/crypto/buffer/Makefile | 2 +-
src/lib/libssl/src/crypto/buffer/buf_err.c | 16 +-
src/lib/libssl/src/crypto/cast/Makefile | 9 +-
src/lib/libssl/src/crypto/cast/c_skey.c | 1 +
src/lib/libssl/src/crypto/cast/cast_lcl.h | 21 +-
src/lib/libssl/src/crypto/comp/Makefile | 2 +-
src/lib/libssl/src/crypto/comp/c_zlib.c | 88 +-
src/lib/libssl/src/crypto/conf/Makefile | 2 +-
src/lib/libssl/src/crypto/conf/conf_def.c | 13 +-
src/lib/libssl/src/crypto/conf/conf_err.c | 78 +-
src/lib/libssl/src/crypto/cpt_err.c | 30 +-
src/lib/libssl/src/crypto/cryptlib.c | 218 +-
src/lib/libssl/src/crypto/cryptlib.h | 4 +
src/lib/libssl/src/crypto/crypto-lib.com | 23 +-
src/lib/libssl/src/crypto/crypto.h | 5 +-
src/lib/libssl/src/crypto/des/Makefile | 2 +-
src/lib/libssl/src/crypto/des/des_locl.h | 2 +-
src/lib/libssl/src/crypto/dh/Makefile | 2 +-
src/lib/libssl/src/crypto/dh/dh.h | 9 +-
src/lib/libssl/src/crypto/dh/dh_err.c | 26 +-
src/lib/libssl/src/crypto/dh/dh_key.c | 63 +-
src/lib/libssl/src/crypto/dh/dhtest.c | 4 +
src/lib/libssl/src/crypto/dsa/Makefile | 2 +-
src/lib/libssl/src/crypto/dsa/dsa.h | 14 +
src/lib/libssl/src/crypto/dsa/dsa_err.c | 42 +-
src/lib/libssl/src/crypto/dsa/dsa_key.c | 16 +-
src/lib/libssl/src/crypto/dsa/dsa_ossl.c | 55 +-
src/lib/libssl/src/crypto/dsa/dsa_sign.c | 6 +-
src/lib/libssl/src/crypto/dsa/dsa_vrf.c | 3 +-
src/lib/libssl/src/crypto/dsa/dsatest.c | 9 +
src/lib/libssl/src/crypto/dso/Makefile | 2 +-
src/lib/libssl/src/crypto/dso/dso_dl.c | 35 +-
src/lib/libssl/src/crypto/dso/dso_dlfcn.c | 36 +-
src/lib/libssl/src/crypto/dso/dso_err.c | 96 +-
src/lib/libssl/src/crypto/dso/dso_win32.c | 21 +-
src/lib/libssl/src/crypto/ec/ec_err.c | 124 +-
src/lib/libssl/src/crypto/engine/eng_cnf.c | 2 +-
src/lib/libssl/src/crypto/engine/eng_err.c | 158 +-
src/lib/libssl/src/crypto/engine/hw_aep.c | 1 +
src/lib/libssl/src/crypto/engine/hw_atalla.c | 1 +
src/lib/libssl/src/crypto/engine/hw_cswift.c | 204 +-
src/lib/libssl/src/crypto/engine/hw_ubsec.c | 1 +
src/lib/libssl/src/crypto/engine/tb_dsa.c | 2 +-
src/lib/libssl/src/crypto/err/Makefile | 2 +-
src/lib/libssl/src/crypto/err/err.c | 6 +-
src/lib/libssl/src/crypto/err/openssl.ec | 2 +-
src/lib/libssl/src/crypto/evp/Makefile | 2 +-
src/lib/libssl/src/crypto/evp/bio_enc.c | 2 +-
src/lib/libssl/src/crypto/evp/c_alld.c | 10 +
src/lib/libssl/src/crypto/evp/e_aes.c | 6 +-
src/lib/libssl/src/crypto/evp/encode.c | 2 +-
src/lib/libssl/src/crypto/evp/evp.h | 20 +-
src/lib/libssl/src/crypto/evp/evp_err.c | 158 +-
src/lib/libssl/src/crypto/evp/evp_key.c | 3 +-
src/lib/libssl/src/crypto/evp/m_dss1.c | 9 +-
src/lib/libssl/src/crypto/evp/m_sha.c | 3 +
src/lib/libssl/src/crypto/evp/m_sha1.c | 119 +
src/lib/libssl/src/crypto/evp/p5_crpt2.c | 11 +-
src/lib/libssl/src/crypto/hmac/Makefile | 2 +-
src/lib/libssl/src/crypto/hmac/hmac.c | 12 +-
src/lib/libssl/src/crypto/hmac/hmac.h | 4 +
src/lib/libssl/src/crypto/idea/Makefile | 10 +-
src/lib/libssl/src/crypto/lhash/Makefile | 2 +-
src/lib/libssl/src/crypto/md2/Makefile | 2 +-
src/lib/libssl/src/crypto/md2/md2_one.c | 3 +-
src/lib/libssl/src/crypto/md4/Makefile | 2 +-
src/lib/libssl/src/crypto/md4/md4_one.c | 3 +-
src/lib/libssl/src/crypto/md5/Makefile | 2 +-
src/lib/libssl/src/crypto/md5/md5_one.c | 3 +-
src/lib/libssl/src/crypto/mdc2/Makefile | 2 +-
src/lib/libssl/src/crypto/objects/Makefile | 2 +-
src/lib/libssl/src/crypto/objects/obj_dat.h | 99 +-
src/lib/libssl/src/crypto/objects/obj_err.c | 28 +-
src/lib/libssl/src/crypto/objects/obj_mac.h | 65 +-
src/lib/libssl/src/crypto/objects/obj_mac.num | 16 +-
src/lib/libssl/src/crypto/objects/objects.txt | 20 +-
src/lib/libssl/src/crypto/ocsp/ocsp_err.c | 104 +-
src/lib/libssl/src/crypto/opensslv.h | 6 +-
src/lib/libssl/src/crypto/pem/Makefile | 2 +-
src/lib/libssl/src/crypto/pem/pem_err.c | 88 +-
src/lib/libssl/src/crypto/perlasm/x86asm.pl | 2 +-
src/lib/libssl/src/crypto/perlasm/x86nasm.pl | 10 +-
src/lib/libssl/src/crypto/pkcs12/Makefile | 2 +-
src/lib/libssl/src/crypto/pkcs12/p12_add.c | 11 +-
src/lib/libssl/src/crypto/pkcs12/p12_crt.c | 10 +-
src/lib/libssl/src/crypto/pkcs12/p12_mutl.c | 6 +
src/lib/libssl/src/crypto/pkcs12/pk12err.c | 107 +-
src/lib/libssl/src/crypto/pkcs12/pkcs12.h | 3 +
src/lib/libssl/src/crypto/pkcs7/Makefile | 2 +-
src/lib/libssl/src/crypto/pkcs7/pk7_mime.c | 24 +-
src/lib/libssl/src/crypto/pkcs7/pk7_smime.c | 6 +-
src/lib/libssl/src/crypto/pkcs7/pkcs7err.c | 146 +-
src/lib/libssl/src/crypto/rand/Makefile | 2 +-
src/lib/libssl/src/crypto/rand/rand_err.c | 28 +-
src/lib/libssl/src/crypto/rand/rand_lib.c | 26 +-
src/lib/libssl/src/crypto/rand/randfile.c | 2 +-
src/lib/libssl/src/crypto/rc2/Makefile | 4 +-
src/lib/libssl/src/crypto/rc2/rc2_skey.c | 1 +
src/lib/libssl/src/crypto/rc2/rc2speed.c | 6 +-
src/lib/libssl/src/crypto/rc4/Makefile | 13 +-
src/lib/libssl/src/crypto/rc4/asm/rc4-ia64.S | 65 +-
src/lib/libssl/src/crypto/rc4/rc4.h | 4 -
src/lib/libssl/src/crypto/rc4/rc4_enc.c | 4 -
src/lib/libssl/src/crypto/rc4/rc4_skey.c | 5 +-
src/lib/libssl/src/crypto/rc5/Makefile | 4 +-
src/lib/libssl/src/crypto/ripemd/Makefile | 2 +-
src/lib/libssl/src/crypto/ripemd/rmd_one.c | 3 +-
src/lib/libssl/src/crypto/rsa/Makefile | 36 +-
src/lib/libssl/src/crypto/rsa/rsa.h | 67 +-
src/lib/libssl/src/crypto/rsa/rsa_eay.c | 247 +-
src/lib/libssl/src/crypto/rsa/rsa_err.c | 135 +-
src/lib/libssl/src/crypto/rsa/rsa_gen.c | 3 +-
src/lib/libssl/src/crypto/rsa/rsa_oaep.c | 32 +-
src/lib/libssl/src/crypto/rsa/rsa_test.c | 5 +-
src/lib/libssl/src/crypto/sha/Makefile | 2 +-
src/lib/libssl/src/crypto/sha/sha1_one.c | 5 +-
src/lib/libssl/src/crypto/sha/sha_one.c | 3 +-
src/lib/libssl/src/crypto/stack/Makefile | 2 +-
src/lib/libssl/src/crypto/stack/safestack.h | 53 +-
src/lib/libssl/src/crypto/txt_db/Makefile | 2 +-
src/lib/libssl/src/crypto/ui/ui_err.c | 48 +-
src/lib/libssl/src/crypto/x509/Makefile | 2 +-
src/lib/libssl/src/crypto/x509/by_dir.c | 15 +-
src/lib/libssl/src/crypto/x509/x509_err.c | 138 +-
src/lib/libssl/src/crypto/x509/x509_vfy.c | 2 +-
src/lib/libssl/src/crypto/x509v3/Makefile | 2 +-
src/lib/libssl/src/crypto/x509v3/v3_cpols.c | 9 +
src/lib/libssl/src/crypto/x509v3/v3err.c | 210 +-
src/lib/libssl/src/doc/HOWTO/keys.txt | 6 +-
src/lib/libssl/src/doc/apps/CA.pl.pod | 2 +-
src/lib/libssl/src/doc/apps/ca.pod | 6 +-
src/lib/libssl/src/doc/apps/enc.pod | 16 +-
src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod | 6 +-
src/lib/libssl/src/doc/crypto/OPENSSL_config.pod | 2 +-
src/lib/libssl/src/doc/crypto/PKCS7_verify.pod | 2 +-
src/lib/libssl/src/doc/crypto/hmac.pod | 2 +-
src/lib/libssl/src/doc/crypto/threads.pod | 25 +-
src/lib/libssl/src/doc/fingerprints.txt | 29 +
src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod | 2 +-
src/lib/libssl/src/e_os.h | 2 +
src/lib/libssl/src/e_os2.h | 4 +-
src/lib/libssl/src/fips-1.0/Makefile | 242 ++
src/lib/libssl/src/fips-1.0/aes/Makefile | 121 +
.../libssl/src/fips-1.0/aes/asm/fips-ax86-elf.s | 1711 +++++++++++++
src/lib/libssl/src/fips-1.0/aes/fips_aes_core.c | 1263 +++++++++
src/lib/libssl/src/fips-1.0/aes/fips_aes_locl.h | 85 +
.../libssl/src/fips-1.0/aes/fips_aes_selftest.c | 112 +
src/lib/libssl/src/fips-1.0/aes/fips_aesavs.c | 1005 ++++++++
src/lib/libssl/src/fips-1.0/des/Makefile | 135 +
.../libssl/src/fips-1.0/des/asm/fips-dx86-elf.s | 2707 ++++++++++++++++++++
src/lib/libssl/src/fips-1.0/des/fips_des_enc.c | 310 +++
src/lib/libssl/src/fips-1.0/des/fips_des_locl.h | 428 ++++
.../libssl/src/fips-1.0/des/fips_des_selftest.c | 200 ++
src/lib/libssl/src/fips-1.0/des/fips_desmovs.c | 833 ++++++
src/lib/libssl/src/fips-1.0/des/fips_set_key.c | 417 +++
src/lib/libssl/src/fips-1.0/dh/Makefile | 104 +
src/lib/libssl/src/fips-1.0/dh/fips_dh_check.c | 125 +
src/lib/libssl/src/fips-1.0/dh/fips_dh_gen.c | 186 ++
src/lib/libssl/src/fips-1.0/dh/fips_dh_key.c | 256 ++
src/lib/libssl/src/fips-1.0/dsa/Makefile | 147 ++
src/lib/libssl/src/fips-1.0/dsa/fips_dsa_gen.c | 374 +++
src/lib/libssl/src/fips-1.0/dsa/fips_dsa_ossl.c | 408 +++
.../libssl/src/fips-1.0/dsa/fips_dsa_selftest.c | 168 ++
src/lib/libssl/src/fips-1.0/dsa/fips_dsatest.c | 257 ++
src/lib/libssl/src/fips-1.0/dsa/fips_dssvs.c | 319 +++
src/lib/libssl/src/fips-1.0/fips-lib.com | 1196 +++++++++
src/lib/libssl/src/fips-1.0/fips.c | 313 +++
src/lib/libssl/src/fips-1.0/fips.h | 131 +
src/lib/libssl/src/fips-1.0/fips_canister.c | 171 ++
src/lib/libssl/src/fips-1.0/fips_err.h | 133 +
src/lib/libssl/src/fips-1.0/fips_err_wrapper.c | 7 +
src/lib/libssl/src/fips-1.0/fips_locl.h | 71 +
src/lib/libssl/src/fips-1.0/fips_premain.c | 171 ++
src/lib/libssl/src/fips-1.0/fips_test_suite.c | 510 ++++
src/lib/libssl/src/fips-1.0/fipshashes.c | 43 +
src/lib/libssl/src/fips-1.0/fipsld | 147 ++
src/lib/libssl/src/fips-1.0/hmac/Makefile | 155 ++
src/lib/libssl/src/fips-1.0/hmac/fips_hmac.c | 190 ++
.../libssl/src/fips-1.0/hmac/fips_hmac_selftest.c | 135 +
src/lib/libssl/src/fips-1.0/hmac/fips_hmactest.c | 335 +++
src/lib/libssl/src/fips-1.0/install.com | 57 +
.../libssl/src/fips-1.0/openssl_fips_fingerprint | 31 +
src/lib/libssl/src/fips-1.0/rand/Makefile | 126 +
src/lib/libssl/src/fips-1.0/rand/fips_rand.c | 359 +++
src/lib/libssl/src/fips-1.0/rand/fips_rand.h | 73 +
.../libssl/src/fips-1.0/rand/fips_rand_selftest.c | 120 +
src/lib/libssl/src/fips-1.0/rand/fips_randtest.c | 369 +++
src/lib/libssl/src/fips-1.0/rand/fips_rngvs.c | 234 ++
src/lib/libssl/src/fips-1.0/rsa/Makefile | 208 ++
src/lib/libssl/src/fips-1.0/rsa/fips_rsa_eay.c | 788 ++++++
src/lib/libssl/src/fips-1.0/rsa/fips_rsa_gen.c | 282 ++
.../libssl/src/fips-1.0/rsa/fips_rsa_selftest.c | 251 ++
src/lib/libssl/src/fips-1.0/rsa/fips_rsa_x931g.c | 289 +++
src/lib/libssl/src/fips-1.0/rsa/fips_rsagtest.c | 420 +++
src/lib/libssl/src/fips-1.0/rsa/fips_rsastest.c | 402 +++
src/lib/libssl/src/fips-1.0/rsa/fips_rsavtest.c | 425 +++
src/lib/libssl/src/fips-1.0/sha/Makefile | 200 ++
src/lib/libssl/src/fips-1.0/sha/SHAmix.fax | 129 +
src/lib/libssl/src/fips-1.0/sha/SHAmix.req | 99 +
.../libssl/src/fips-1.0/sha/asm/fips-sx86-elf.s | 1568 ++++++++++++
src/lib/libssl/src/fips-1.0/sha/fips_md32_common.h | 623 +++++
src/lib/libssl/src/fips-1.0/sha/fips_sha.h | 186 ++
.../libssl/src/fips-1.0/sha/fips_sha1_selftest.c | 96 +
src/lib/libssl/src/fips-1.0/sha/fips_sha1dgst.c | 96 +
src/lib/libssl/src/fips-1.0/sha/fips_sha256.c | 325 +++
src/lib/libssl/src/fips-1.0/sha/fips_sha512.c | 487 ++++
src/lib/libssl/src/fips-1.0/sha/fips_sha_locl.h | 482 ++++
src/lib/libssl/src/fips-1.0/sha/fips_shatest.c | 399 +++
.../libssl/src/fips-1.0/sha/fips_standalone_sha1.c | 170 ++
src/lib/libssl/src/makevms.com | 16 +-
src/lib/libssl/src/ms/do_masm.bat | 3 +-
src/lib/libssl/src/ms/do_ms.bat | 2 +-
src/lib/libssl/src/ms/fipscheck.pl | 38 +
src/lib/libssl/src/openssl.spec | 7 +-
src/lib/libssl/src/ssl/Makefile | 2 +-
src/lib/libssl/src/ssl/kssl.c | 6 +-
src/lib/libssl/src/ssl/s23_clnt.c | 225 +-
src/lib/libssl/src/ssl/s23_srvr.c | 9 +-
src/lib/libssl/src/ssl/s2_clnt.c | 4 +-
src/lib/libssl/src/ssl/s2_srvr.c | 4 +-
src/lib/libssl/src/ssl/s3_clnt.c | 6 +-
src/lib/libssl/src/ssl/s3_lib.c | 12 +-
src/lib/libssl/src/ssl/s3_srvr.c | 4 +-
src/lib/libssl/src/ssl/ssl-lib.com | 2 +-
src/lib/libssl/src/ssl/ssl.h | 57 +-
src/lib/libssl/src/ssl/ssl_asn1.c | 2 +-
src/lib/libssl/src/ssl/ssl_cert.c | 16 +-
src/lib/libssl/src/ssl/ssl_ciph.c | 64 +-
src/lib/libssl/src/ssl/ssl_err.c | 745 +++---
src/lib/libssl/src/ssl/ssl_lib.c | 38 +-
src/lib/libssl/src/ssl/ssl_locl.h | 5 +-
src/lib/libssl/src/ssl/ssl_sess.c | 4 +-
src/lib/libssl/src/ssl/ssltest.c | 20 +-
src/lib/libssl/src/test/Makefile | 242 +-
src/lib/libssl/src/test/SHAmix.fax | 129 +
src/lib/libssl/src/test/SHAmix.req | 99 +
src/lib/libssl/src/test/maketests.com | 2 +-
src/lib/libssl/src/test/tverify.com | 14 +-
src/lib/libssl/src/tools/Makefile | 2 +-
src/lib/libssl/src/util/checkhash.pl | 222 ++
src/lib/libssl/src/util/fipslink.pl | 78 +
src/lib/libssl/src/util/libeay.num | 42 +-
src/lib/libssl/src/util/mk1mf.pl | 337 ++-
src/lib/libssl/src/util/mkdef.pl | 11 +-
src/lib/libssl/src/util/mkerr.pl | 37 +-
src/lib/libssl/src/util/mkfiles.pl | 17 +-
src/lib/libssl/src/util/mklink.pl | 7 +-
src/lib/libssl/src/util/pl/BC-32.pl | 14 +-
src/lib/libssl/src/util/pl/OS2-EMX.pl | 1 +
src/lib/libssl/src/util/pl/VC-32-GMAKE.pl | 222 ++
src/lib/libssl/src/util/pl/VC-32.pl | 99 +-
src/lib/libssl/src/util/pod2man.pl | 1 +
src/lib/libssl/src/util/selftest.pl | 26 +-
src/lib/libssl/test/Makefile | 242 +-
src/lib/libssl/test/SHAmix.fax | 129 +
src/lib/libssl/test/SHAmix.req | 99 +
src/lib/libssl/test/maketests.com | 2 +-
src/lib/libssl/test/tverify.com | 14 +-
380 files changed, 32917 insertions(+), 3153 deletions(-)
create mode 100644 src/lib/libcrypto/util/checkhash.pl
create mode 100644 src/lib/libcrypto/util/fipslink.pl
create mode 100644 src/lib/libcrypto/util/pl/VC-32-GMAKE.pl
create mode 100644 src/lib/libssl/src/certs/argena.pem
create mode 100644 src/lib/libssl/src/certs/argeng.pem
create mode 100644 src/lib/libssl/src/fips-1.0/Makefile
create mode 100644 src/lib/libssl/src/fips-1.0/aes/Makefile
create mode 100644 src/lib/libssl/src/fips-1.0/aes/asm/fips-ax86-elf.s
create mode 100644 src/lib/libssl/src/fips-1.0/aes/fips_aes_core.c
create mode 100644 src/lib/libssl/src/fips-1.0/aes/fips_aes_locl.h
create mode 100644 src/lib/libssl/src/fips-1.0/aes/fips_aes_selftest.c
create mode 100644 src/lib/libssl/src/fips-1.0/aes/fips_aesavs.c
create mode 100644 src/lib/libssl/src/fips-1.0/des/Makefile
create mode 100644 src/lib/libssl/src/fips-1.0/des/asm/fips-dx86-elf.s
create mode 100644 src/lib/libssl/src/fips-1.0/des/fips_des_enc.c
create mode 100644 src/lib/libssl/src/fips-1.0/des/fips_des_locl.h
create mode 100644 src/lib/libssl/src/fips-1.0/des/fips_des_selftest.c
create mode 100644 src/lib/libssl/src/fips-1.0/des/fips_desmovs.c
create mode 100644 src/lib/libssl/src/fips-1.0/des/fips_set_key.c
create mode 100644 src/lib/libssl/src/fips-1.0/dh/Makefile
create mode 100644 src/lib/libssl/src/fips-1.0/dh/fips_dh_check.c
create mode 100644 src/lib/libssl/src/fips-1.0/dh/fips_dh_gen.c
create mode 100644 src/lib/libssl/src/fips-1.0/dh/fips_dh_key.c
create mode 100644 src/lib/libssl/src/fips-1.0/dsa/Makefile
create mode 100644 src/lib/libssl/src/fips-1.0/dsa/fips_dsa_gen.c
create mode 100644 src/lib/libssl/src/fips-1.0/dsa/fips_dsa_ossl.c
create mode 100644 src/lib/libssl/src/fips-1.0/dsa/fips_dsa_selftest.c
create mode 100644 src/lib/libssl/src/fips-1.0/dsa/fips_dsatest.c
create mode 100644 src/lib/libssl/src/fips-1.0/dsa/fips_dssvs.c
create mode 100644 src/lib/libssl/src/fips-1.0/fips-lib.com
create mode 100644 src/lib/libssl/src/fips-1.0/fips.c
create mode 100644 src/lib/libssl/src/fips-1.0/fips.h
create mode 100644 src/lib/libssl/src/fips-1.0/fips_canister.c
create mode 100644 src/lib/libssl/src/fips-1.0/fips_err.h
create mode 100644 src/lib/libssl/src/fips-1.0/fips_err_wrapper.c
create mode 100644 src/lib/libssl/src/fips-1.0/fips_locl.h
create mode 100644 src/lib/libssl/src/fips-1.0/fips_premain.c
create mode 100644 src/lib/libssl/src/fips-1.0/fips_test_suite.c
create mode 100644 src/lib/libssl/src/fips-1.0/fipshashes.c
create mode 100755 src/lib/libssl/src/fips-1.0/fipsld
create mode 100644 src/lib/libssl/src/fips-1.0/hmac/Makefile
create mode 100644 src/lib/libssl/src/fips-1.0/hmac/fips_hmac.c
create mode 100644 src/lib/libssl/src/fips-1.0/hmac/fips_hmac_selftest.c
create mode 100644 src/lib/libssl/src/fips-1.0/hmac/fips_hmactest.c
create mode 100644 src/lib/libssl/src/fips-1.0/install.com
create mode 100755 src/lib/libssl/src/fips-1.0/openssl_fips_fingerprint
create mode 100644 src/lib/libssl/src/fips-1.0/rand/Makefile
create mode 100644 src/lib/libssl/src/fips-1.0/rand/fips_rand.c
create mode 100644 src/lib/libssl/src/fips-1.0/rand/fips_rand.h
create mode 100644 src/lib/libssl/src/fips-1.0/rand/fips_rand_selftest.c
create mode 100644 src/lib/libssl/src/fips-1.0/rand/fips_randtest.c
create mode 100644 src/lib/libssl/src/fips-1.0/rand/fips_rngvs.c
create mode 100644 src/lib/libssl/src/fips-1.0/rsa/Makefile
create mode 100644 src/lib/libssl/src/fips-1.0/rsa/fips_rsa_eay.c
create mode 100644 src/lib/libssl/src/fips-1.0/rsa/fips_rsa_gen.c
create mode 100644 src/lib/libssl/src/fips-1.0/rsa/fips_rsa_selftest.c
create mode 100644 src/lib/libssl/src/fips-1.0/rsa/fips_rsa_x931g.c
create mode 100644 src/lib/libssl/src/fips-1.0/rsa/fips_rsagtest.c
create mode 100644 src/lib/libssl/src/fips-1.0/rsa/fips_rsastest.c
create mode 100644 src/lib/libssl/src/fips-1.0/rsa/fips_rsavtest.c
create mode 100644 src/lib/libssl/src/fips-1.0/sha/Makefile
create mode 100644 src/lib/libssl/src/fips-1.0/sha/SHAmix.fax
create mode 100644 src/lib/libssl/src/fips-1.0/sha/SHAmix.req
create mode 100644 src/lib/libssl/src/fips-1.0/sha/asm/fips-sx86-elf.s
create mode 100644 src/lib/libssl/src/fips-1.0/sha/fips_md32_common.h
create mode 100644 src/lib/libssl/src/fips-1.0/sha/fips_sha.h
create mode 100644 src/lib/libssl/src/fips-1.0/sha/fips_sha1_selftest.c
create mode 100644 src/lib/libssl/src/fips-1.0/sha/fips_sha1dgst.c
create mode 100644 src/lib/libssl/src/fips-1.0/sha/fips_sha256.c
create mode 100644 src/lib/libssl/src/fips-1.0/sha/fips_sha512.c
create mode 100644 src/lib/libssl/src/fips-1.0/sha/fips_sha_locl.h
create mode 100644 src/lib/libssl/src/fips-1.0/sha/fips_shatest.c
create mode 100644 src/lib/libssl/src/fips-1.0/sha/fips_standalone_sha1.c
create mode 100644 src/lib/libssl/src/ms/fipscheck.pl
create mode 100644 src/lib/libssl/src/test/SHAmix.fax
create mode 100644 src/lib/libssl/src/test/SHAmix.req
create mode 100644 src/lib/libssl/src/util/checkhash.pl
create mode 100644 src/lib/libssl/src/util/fipslink.pl
create mode 100644 src/lib/libssl/src/util/pl/VC-32-GMAKE.pl
create mode 100644 src/lib/libssl/test/SHAmix.fax
create mode 100644 src/lib/libssl/test/SHAmix.req
(limited to 'src')
diff --git a/src/lib/libcrypto/Attic/Makefile b/src/lib/libcrypto/Attic/Makefile
index cffaeedc5d..cda9de0ac9 100644
--- a/src/lib/libcrypto/Attic/Makefile
+++ b/src/lib/libcrypto/Attic/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/Makefile
+# OpenSSL/crypto/Makefile
#
DIR= crypto
diff --git a/src/lib/libcrypto/asn1/Makefile b/src/lib/libcrypto/asn1/Makefile
index b11298d621..d1c2d8f490 100644
--- a/src/lib/libcrypto/asn1/Makefile
+++ b/src/lib/libcrypto/asn1/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/asn1/Makefile
+# OpenSSL/crypto/asn1/Makefile
#
DIR= asn1
diff --git a/src/lib/libcrypto/bf/Makefile b/src/lib/libcrypto/bf/Makefile
index 0e2121efdc..42e2c050f8 100644
--- a/src/lib/libcrypto/bf/Makefile
+++ b/src/lib/libcrypto/bf/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/blowfish/Makefile
+# OpenSSL/crypto/blowfish/Makefile
#
DIR= bf
@@ -110,7 +110,7 @@ bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/crypto.h
-bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-bf_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bf_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bf_skey.o: bf_locl.h bf_pi.h bf_skey.c
+bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+bf_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bf_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bf_skey.o: ../../include/openssl/symhacks.h bf_locl.h bf_pi.h bf_skey.c
diff --git a/src/lib/libcrypto/bio/Makefile b/src/lib/libcrypto/bio/Makefile
index 19d9350760..a565154499 100644
--- a/src/lib/libcrypto/bio/Makefile
+++ b/src/lib/libcrypto/bio/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/bio/Makefile
+# OpenSSL/crypto/bio/Makefile
#
DIR= bio
diff --git a/src/lib/libcrypto/bn/Makefile b/src/lib/libcrypto/bn/Makefile
index f693d35d87..9969d242cc 100644
--- a/src/lib/libcrypto/bn/Makefile
+++ b/src/lib/libcrypto/bn/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/bn/Makefile
+# OpenSSL/crypto/bn/Makefile
#
DIR= bn
@@ -31,12 +31,12 @@ LIB=$(TOP)/libcrypto.a
LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
- bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c
+ bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_x931p.c
LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
- bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o
+ bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_x931p.o
SRC= $(LIBSRC)
@@ -329,3 +329,5 @@ bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
bn_word.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
bn_word.o: ../cryptlib.h bn_lcl.h bn_word.c
+bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+bn_x931p.o: ../../include/openssl/opensslconf.h bn_x931p.c
diff --git a/src/lib/libcrypto/bn/bntest.c b/src/lib/libcrypto/bn/bntest.c
index 28cd3339da..685007d330 100644
--- a/src/lib/libcrypto/bn/bntest.c
+++ b/src/lib/libcrypto/bn/bntest.c
@@ -86,6 +86,7 @@ int test_mont(BIO *bp,BN_CTX *ctx);
int test_mod(BIO *bp,BN_CTX *ctx);
int test_mod_mul(BIO *bp,BN_CTX *ctx);
int test_mod_exp(BIO *bp,BN_CTX *ctx);
+int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
int test_exp(BIO *bp,BN_CTX *ctx);
int test_kron(BIO *bp,BN_CTX *ctx);
int test_sqrt(BIO *bp,BN_CTX *ctx);
@@ -213,6 +214,10 @@ int main(int argc, char *argv[])
if (!test_mod_exp(out,ctx)) goto err;
BIO_flush(out);
+ message(out,"BN_mod_exp_mont_consttime");
+ if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
+ BIO_flush(out);
+
message(out,"BN_exp");
if (!test_exp(out,ctx)) goto err;
BIO_flush(out);
@@ -813,6 +818,57 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
return(1);
}
+int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM *a,*b,*c,*d,*e;
+ int i;
+
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+
+ BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
+ for (i=0; i<num2; i++)
+ {
+ BN_bntest_rand(a,20+i*5,0,0); /**/
+ BN_bntest_rand(b,2+i,0,0); /**/
+
+ if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
+ return(00);
+
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," ^ ");
+ BN_print(bp,b);
+ BIO_puts(bp," % ");
+ BN_print(bp,c);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,d);
+ BIO_puts(bp,"\n");
+ }
+ BN_exp(e,a,b,ctx);
+ BN_sub(e,e,d);
+ BN_div(a,b,e,c,ctx);
+ if(!BN_is_zero(b))
+ {
+ fprintf(stderr,"Modulo exponentiation test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return(1);
+ }
+
int test_exp(BIO *bp, BN_CTX *ctx)
{
BIGNUM *a,*b,*d,*e,*one;
diff --git a/src/lib/libcrypto/bn/expspeed.c b/src/lib/libcrypto/bn/expspeed.c
index 07a1bcf51c..4d5f221f33 100644
--- a/src/lib/libcrypto/bn/expspeed.c
+++ b/src/lib/libcrypto/bn/expspeed.c
@@ -321,7 +321,7 @@ void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
#else /* TEST_SQRT */
"2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d"
#endif
- " -> %8.3fms %5.1f (%ld)\n",
+ " -> %8.6fms %5.1f (%ld)\n",
#ifdef TEST_SQRT
P_MOD_64,
#endif
diff --git a/src/lib/libcrypto/bn/exptest.c b/src/lib/libcrypto/bn/exptest.c
index b09cf88705..28aaac2ac1 100644
--- a/src/lib/libcrypto/bn/exptest.c
+++ b/src/lib/libcrypto/bn/exptest.c
@@ -77,7 +77,7 @@ int main(int argc, char *argv[])
BIO *out=NULL;
int i,ret;
unsigned char c;
- BIGNUM *r_mont,*r_recp,*r_simple,*a,*b,*m;
+ BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;
RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
* even check its return value
@@ -88,6 +88,7 @@ int main(int argc, char *argv[])
ctx=BN_CTX_new();
if (ctx == NULL) EXIT(1);
r_mont=BN_new();
+ r_mont_const=BN_new();
r_recp=BN_new();
r_simple=BN_new();
a=BN_new();
@@ -143,8 +144,17 @@ int main(int argc, char *argv[])
EXIT(1);
}
+ ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);
+ if (ret <= 0)
+ {
+ printf("BN_mod_exp_mont_consttime() problems\n");
+ ERR_print_errors(out);
+ EXIT(1);
+ }
+
if (BN_cmp(r_simple, r_mont) == 0
- && BN_cmp(r_simple,r_recp) == 0)
+ && BN_cmp(r_simple,r_recp) == 0
+ && BN_cmp(r_simple,r_mont_const) == 0)
{
printf(".");
fflush(stdout);
@@ -153,6 +163,8 @@ int main(int argc, char *argv[])
{
if (BN_cmp(r_simple,r_mont) != 0)
printf("\nsimple and mont results differ\n");
+ if (BN_cmp(r_simple,r_mont) != 0)
+ printf("\nsimple and mont const time results differ\n");
if (BN_cmp(r_simple,r_recp) != 0)
printf("\nsimple and recp results differ\n");
@@ -162,11 +174,13 @@ int main(int argc, char *argv[])
printf("\nsimple ="); BN_print(out,r_simple);
printf("\nrecp ="); BN_print(out,r_recp);
printf("\nmont ="); BN_print(out,r_mont);
+ printf("\nmont_ct ="); BN_print(out,r_mont_const);
printf("\n");
EXIT(1);
}
}
BN_free(r_mont);
+ BN_free(r_mont_const);
BN_free(r_recp);
BN_free(r_simple);
BN_free(a);
diff --git a/src/lib/libcrypto/buffer/Makefile b/src/lib/libcrypto/buffer/Makefile
index 3911baf513..4b53c595a3 100644
--- a/src/lib/libcrypto/buffer/Makefile
+++ b/src/lib/libcrypto/buffer/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/buffer/Makefile
+# OpenSSL/crypto/buffer/Makefile
#
DIR= buffer
diff --git a/src/lib/libcrypto/cast/Makefile b/src/lib/libcrypto/cast/Makefile
index 8b0d04bb7c..b388f6271c 100644
--- a/src/lib/libcrypto/cast/Makefile
+++ b/src/lib/libcrypto/cast/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/cast/Makefile
+# OpenSSL/crypto/cast/Makefile
#
DIR= cast
@@ -115,6 +115,7 @@ c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
c_ofb64.o: c_ofb64.c cast_lcl.h
c_skey.o: ../../e_os.h ../../include/openssl/cast.h
c_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-c_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-c_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-c_skey.o: ../../include/openssl/symhacks.h c_skey.c cast_lcl.h cast_s.h
+c_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+c_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+c_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_skey.o: c_skey.c cast_lcl.h cast_s.h
diff --git a/src/lib/libcrypto/comp/Makefile b/src/lib/libcrypto/comp/Makefile
index 68109a8013..df1babec5c 100644
--- a/src/lib/libcrypto/comp/Makefile
+++ b/src/lib/libcrypto/comp/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/comp/Makefile
+# OpenSSL/crypto/comp/Makefile
#
DIR= comp
diff --git a/src/lib/libcrypto/conf/Makefile b/src/lib/libcrypto/conf/Makefile
index 6d2f8ffd9a..403d12b28c 100644
--- a/src/lib/libcrypto/conf/Makefile
+++ b/src/lib/libcrypto/conf/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/conf/Makefile
+# OpenSSL/crypto/conf/Makefile
#
DIR= conf
diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com
index c044ce0099..427c321f25 100644
--- a/src/lib/libcrypto/crypto-lib.com
+++ b/src/lib/libcrypto/crypto-lib.com
@@ -184,10 +184,10 @@ $ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm"
$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
"bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
"bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
- "bn_recp,bn_mont,bn_mpi,bn_exp2"
+ "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_x931p"
$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
"rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
- "rsa_asn1"
+ "rsa_pss,rsa_x931,rsa_asn1"
$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_recp,ecp_nist,ec_cvt,ec_mult,"+ -
"ec_err"
$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
@@ -265,10 +265,15 @@ $ LIB_KRB5 = "krb5_asn"
$!
$! Setup exceptional compilations
$!
+$ ! Add definitions for no threads on OpenVMS 7.1 and higher
$ COMPILEWITH_CC3 = ",bss_rtcp,"
+$ ! Disable the DOLLARID warning
$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,"
+$ ! Disable disjoint optimization
$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
"sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
+$ ! Disable the MIXLINKAGE warning
+$ COMPILEWITH_CC6 = ",enc_read,set_key,"
$!
$! Figure Out What Other Modules We Are To Build.
$!
@@ -497,7 +502,12 @@ $ IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
$ THEN
$ CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
$ ELSE
-$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6
+$ THEN
+$ CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ELSE
+$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ENDIF
$ ENDIF
$ ENDIF
$ ENDIF
@@ -960,7 +970,7 @@ $ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
$ CCEXTRAFLAGS = ""
$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
$!
@@ -1077,14 +1087,18 @@ $ THEN
$ IF CCDISABLEWARNINGS .EQS. ""
$ THEN
$ CC4DISABLEWARNINGS = "DOLLARID"
+$ CC6DISABLEWARNINGS = "MIXLINKAGE"
$ ELSE
$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$ CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE"
$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
$ ENDIF
$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$ CC6DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
$ ELSE
$ CCDISABLEWARNINGS = ""
$ CC4DISABLEWARNINGS = ""
+$ CC6DISABLEWARNINGS = ""
$ ENDIF
$ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
@@ -1095,6 +1109,7 @@ $ ELSE
$ CC5 = CC + "/NOOPTIMIZE"
$ ENDIF
$ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
+$ CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS
$!
$! Show user the result
$!
diff --git a/src/lib/libcrypto/des/Makefile b/src/lib/libcrypto/des/Makefile
index 655f2ea1a8..800af0b123 100644
--- a/src/lib/libcrypto/des/Makefile
+++ b/src/lib/libcrypto/des/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/des/Makefile
+# OpenSSL/crypto/des/Makefile
#
DIR= des
diff --git a/src/lib/libcrypto/dh/Makefile b/src/lib/libcrypto/dh/Makefile
index c091a8130a..352678b94a 100644
--- a/src/lib/libcrypto/dh/Makefile
+++ b/src/lib/libcrypto/dh/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/dh/Makefile
+# OpenSSL/crypto/dh/Makefile
#
DIR= dh
diff --git a/src/lib/libcrypto/dh/dhtest.c b/src/lib/libcrypto/dh/dhtest.c
index d75077f9fa..b76dede771 100644
--- a/src/lib/libcrypto/dh/dhtest.c
+++ b/src/lib/libcrypto/dh/dhtest.c
@@ -136,6 +136,10 @@ int main(int argc, char *argv[])
b->g=BN_dup(a->g);
if ((b->p == NULL) || (b->g == NULL)) goto err;
+ /* Set a to run with normal modexp and b to use constant time */
+ a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
+ b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
+
if (!DH_generate_key(a)) goto err;
BIO_puts(out,"pri 1=");
BN_print(out,a->priv_key);
diff --git a/src/lib/libcrypto/dsa/Makefile b/src/lib/libcrypto/dsa/Makefile
index 3a55058973..4f10278039 100644
--- a/src/lib/libcrypto/dsa/Makefile
+++ b/src/lib/libcrypto/dsa/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/dsa/Makefile
+# OpenSSL/crypto/dsa/Makefile
#
DIR= dsa
diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c
index 4734ce4af8..55a3756aff 100644
--- a/src/lib/libcrypto/dsa/dsatest.c
+++ b/src/lib/libcrypto/dsa/dsatest.c
@@ -194,10 +194,19 @@ int main(int argc, char **argv)
BIO_printf(bio_err,"g value is wrong\n");
goto end;
}
+
+ dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
DSA_generate_key(dsa);
DSA_sign(0, str1, 20, sig, &siglen, dsa);
if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
ret=1;
+
+ dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
+ DSA_generate_key(dsa);
+ DSA_sign(0, str1, 20, sig, &siglen, dsa);
+ if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+ ret=1;
+
end:
if (!ret)
ERR_print_errors(bio_err);
diff --git a/src/lib/libcrypto/dso/Makefile b/src/lib/libcrypto/dso/Makefile
index 168951bc3e..c16278c3ff 100644
--- a/src/lib/libcrypto/dso/Makefile
+++ b/src/lib/libcrypto/dso/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/dso/Makefile
+# OpenSSL/crypto/dso/Makefile
#
DIR= dso
diff --git a/src/lib/libcrypto/dso/dso_dl.c b/src/lib/libcrypto/dso/dso_dl.c
index 79d2cb4d8c..f7b4dfc0c3 100644
--- a/src/lib/libcrypto/dso/dso_dl.c
+++ b/src/lib/libcrypto/dso/dso_dl.c
@@ -126,7 +126,8 @@ static int dl_load(DSO *dso)
DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
goto err;
}
- ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, 0L);
+ ptr = shl_load(filename, BIND_IMMEDIATE |
+ (dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L);
if(ptr == NULL)
{
DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
@@ -281,4 +282,36 @@ static char *dl_name_converter(DSO *dso, const char *filename)
return(translated);
}
+#ifdef OPENSSL_FIPS
+static void dl_ref_point(){}
+
+int DSO_pathbyaddr(void *addr,char *path,int sz)
+ {
+ struct shl_descriptor inf;
+ int i,len;
+
+ if (addr == NULL)
+ {
+ union { void(*f)(); void *p; } t = { dl_ref_point };
+ addr = t.p;
+ }
+
+ for (i=-1;shl_get_r(i,&inf)==0;i++)
+ {
+ if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
+ ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend))
+ {
+ len = (int)strlen(inf.filename);
+ if (sz <= 0) return len+1;
+ if (len >= sz) len=sz-1;
+ memcpy(path,inf.filename,len);
+ path[len++] = 0;
+ return len;
+ }
+ }
+
+ return -1;
+ }
+#endif
+
#endif /* DSO_DL */
diff --git a/src/lib/libcrypto/dso/dso_win32.c b/src/lib/libcrypto/dso/dso_win32.c
index 3fa90eb27c..cc4ac68696 100644
--- a/src/lib/libcrypto/dso/dso_win32.c
+++ b/src/lib/libcrypto/dso/dso_win32.c
@@ -68,6 +68,25 @@ DSO_METHOD *DSO_METHOD_win32(void)
}
#else
+#ifdef _WIN32_WCE
+# if _WIN32_WCE < 300
+static FARPROC GetProcAddressA(HMODULE hModule,LPCSTR lpProcName)
+ {
+ WCHAR lpProcNameW[64];
+ int i;
+
+ for (i=0;lpProcName[i] && i<64;i++)
+ lpProcNameW[i] = (WCHAR)lpProcName[i];
+ if (i==64) return NULL;
+ lpProcNameW[i] = 0;
+
+ return GetProcAddressW(hModule,lpProcNameW);
+ }
+# endif
+# undef GetProcAddress
+# define GetProcAddress GetProcAddressA
+#endif
+
/* Part of the hack in "win32_load" ... */
#define DSO_MAX_TRANSLATED_SIZE 256
@@ -122,7 +141,7 @@ static int win32_load(DSO *dso)
DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME);
goto err;
}
- h = LoadLibrary(filename);
+ h = LoadLibraryA(filename);
if(h == NULL)
{
DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED);
diff --git a/src/lib/libcrypto/engine/hw_aep.c b/src/lib/libcrypto/engine/hw_aep.c
index 8b8380a582..5f1772ea99 100644
--- a/src/lib/libcrypto/engine/hw_aep.c
+++ b/src/lib/libcrypto/engine/hw_aep.c
@@ -474,6 +474,7 @@ static int aep_init(ENGINE *e)
if(aep_dso)
DSO_free(aep_dso);
+ aep_dso = NULL;
p_AEP_OpenConnection = NULL;
p_AEP_ModExp = NULL;
diff --git a/src/lib/libcrypto/engine/hw_atalla.c b/src/lib/libcrypto/engine/hw_atalla.c
index e9eff9fad1..2b8342bbdd 100644
--- a/src/lib/libcrypto/engine/hw_atalla.c
+++ b/src/lib/libcrypto/engine/hw_atalla.c
@@ -375,6 +375,7 @@ static int atalla_init(ENGINE *e)
err:
if(atalla_dso)
DSO_free(atalla_dso);
+ atalla_dso = NULL;
p_Atalla_GetHardwareConfig = NULL;
p_Atalla_RSAPrivateKeyOpFn = NULL;
p_Atalla_GetPerformanceStatistics = NULL;
diff --git a/src/lib/libcrypto/engine/hw_cswift.c b/src/lib/libcrypto/engine/hw_cswift.c
index f128ee5a68..1411fd8333 100644
--- a/src/lib/libcrypto/engine/hw_cswift.c
+++ b/src/lib/libcrypto/engine/hw_cswift.c
@@ -90,6 +90,7 @@ static int cswift_destroy(ENGINE *e);
static int cswift_init(ENGINE *e);
static int cswift_finish(ENGINE *e);
static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
/* BIGNUM stuff */
static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -403,7 +404,10 @@ static int cswift_init(ENGINE *e)
return 1;
err:
if(cswift_dso)
+ {
DSO_free(cswift_dso);
+ cswift_dso = NULL;
+ }
p_CSwift_AcquireAccContext = NULL;
p_CSwift_AttachKeyParam = NULL;
p_CSwift_SimpleRequest = NULL;
@@ -553,6 +557,29 @@ err:
return to_return;
}
+
+int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
+{
+ int mod;
+ int numbytes = BN_num_bytes(in);
+
+ mod = 0;
+ while( ((out->nbytes = (numbytes+mod)) % 32) )
+ {
+ mod++;
+ }
+ out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
+ if(!out->value)
+ {
+ return 0;
+ }
+ BN_bn2bin(in, &out->value[mod]);
+ if(mod)
+ memset(out->value, 0, mod);
+
+ return 1;
+}
+
/* Un petit mod_exp chinois */
static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
@@ -562,15 +589,16 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
SW_LARGENUMBER arg, res;
SW_PARAM sw_param;
SW_CONTEXT_HANDLE hac;
- BIGNUM *rsa_p = NULL;
- BIGNUM *rsa_q = NULL;
- BIGNUM *rsa_dmp1 = NULL;
- BIGNUM *rsa_dmq1 = NULL;
- BIGNUM *rsa_iqmp = NULL;
- BIGNUM *argument = NULL;
BIGNUM *result = NULL;
+ BIGNUM *argument = NULL;
int to_return = 0; /* expect failure */
int acquired = 0;
+
+ sw_param.up.crt.p.value = NULL;
+ sw_param.up.crt.q.value = NULL;
+ sw_param.up.crt.dmp1.value = NULL;
+ sw_param.up.crt.dmq1.value = NULL;
+ sw_param.up.crt.iqmp.value = NULL;
if(!get_context(&hac))
{
@@ -578,44 +606,55 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
goto err;
}
acquired = 1;
+
/* Prepare the params */
- BN_CTX_start(ctx);
- rsa_p = BN_CTX_get(ctx);
- rsa_q = BN_CTX_get(ctx);
- rsa_dmp1 = BN_CTX_get(ctx);
- rsa_dmq1 = BN_CTX_get(ctx);
- rsa_iqmp = BN_CTX_get(ctx);
- argument = BN_CTX_get(ctx);
- result = BN_CTX_get(ctx);
- if(!result)
+ argument = BN_new();
+ result = BN_new();
+ if(!result || !argument)
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
goto err;
}
- if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
- !bn_wexpand(rsa_dmp1, dmp1->top) ||
- !bn_wexpand(rsa_dmq1, dmq1->top) ||
- !bn_wexpand(rsa_iqmp, iqmp->top) ||
- !bn_wexpand(argument, a->top) ||
+
+
+ sw_param.type = SW_ALG_CRT;
+ /************************************************************************/
+ /* 04/02/2003 */
+ /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
+ /* limitation of cswift with values not a multiple of 32 */
+ /************************************************************************/
+ if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if( !bn_wexpand(argument, a->top) ||
!bn_wexpand(result, p->top + q->top))
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
- sw_param.type = SW_ALG_CRT;
- sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
- sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
- sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
- sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
- sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
- (unsigned char *)rsa_dmp1->d);
- sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
- sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
- (unsigned char *)rsa_dmq1->d);
- sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
- sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
- (unsigned char *)rsa_iqmp->d);
- sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
+
/* Attach the key params */
sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
switch(sw_status)
@@ -654,9 +693,22 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
to_return = 1;
err:
+ if(sw_param.up.crt.p.value)
+ OPENSSL_free(sw_param.up.crt.p.value);
+ if(sw_param.up.crt.q.value)
+ OPENSSL_free(sw_param.up.crt.q.value);
+ if(sw_param.up.crt.dmp1.value)
+ OPENSSL_free(sw_param.up.crt.dmp1.value);
+ if(sw_param.up.crt.dmq1.value)
+ OPENSSL_free(sw_param.up.crt.dmq1.value);
+ if(sw_param.up.crt.iqmp.value)
+ OPENSSL_free(sw_param.up.crt.iqmp.value);
+ if(result)
+ BN_free(result);
+ if(argument)
+ BN_free(argument);
if(acquired)
release_context(hac);
- BN_CTX_end(ctx);
return to_return;
}
@@ -665,6 +717,27 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
BN_CTX *ctx;
int to_return = 0;
+ const RSA_METHOD * def_rsa_method;
+
+ /* Try the limits of RSA (2048 bits) */
+ if(BN_num_bytes(rsa->p) > 128 ||
+ BN_num_bytes(rsa->q) > 128 ||
+ BN_num_bytes(rsa->dmp1) > 128 ||
+ BN_num_bytes(rsa->dmq1) > 128 ||
+ BN_num_bytes(rsa->iqmp) > 128)
+ {
+#ifdef RSA_NULL
+ def_rsa_method=RSA_null_method();
+#else
+#if 0
+ def_rsa_method=RSA_PKCS1_RSAref();
+#else
+ def_rsa_method=RSA_PKCS1_SSLeay();
+#endif
+#endif
+ if(def_rsa_method)
+ return def_rsa_method->rsa_mod_exp(r0, I, rsa);
+ }
if((ctx = BN_CTX_new()) == NULL)
goto err;
@@ -686,6 +759,26 @@ err:
static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
+ const RSA_METHOD * def_rsa_method;
+
+ /* Try the limits of RSA (2048 bits) */
+ if(BN_num_bytes(r) > 256 ||
+ BN_num_bytes(a) > 256 ||
+ BN_num_bytes(m) > 256)
+ {
+#ifdef RSA_NULL
+ def_rsa_method=RSA_null_method();
+#else
+#if 0
+ def_rsa_method=RSA_PKCS1_RSAref();
+#else
+ def_rsa_method=RSA_PKCS1_SSLeay();
+#endif
+#endif
+ if(def_rsa_method)
+ return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
+ }
+
return cswift_mod_exp(r, a, p, m, ctx);
}
@@ -930,9 +1023,10 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
SW_CONTEXT_HANDLE hac;
SW_STATUS swrc;
SW_LARGENUMBER largenum;
- size_t nbytes = 0;
int acquired = 0;
int to_return = 0; /* assume failure */
+ unsigned char buf32[1024];
+
if (!get_context(&hac))
{
@@ -941,17 +1035,19 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
}
acquired = 1;
- while (nbytes < (size_t)num)
+ /************************************************************************/
+ /* 04/02/2003 */
+ /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
+ /* limitation of cswift with values not a multiple of 32 */
+ /************************************************************************/
+
+ while(num >= sizeof(buf32))
{
+ largenum.value = buf;
+ largenum.nbytes = sizeof(buf32);
/* tell CryptoSwift how many bytes we want and where we want it.
* Note: - CryptoSwift cannot do more than 4096 bytes at a time.
* - CryptoSwift can only do multiple of 32-bits. */
- largenum.value = (SW_BYTE *) buf + nbytes;
- if (4096 > num - nbytes)
- largenum.nbytes = num - nbytes;
- else
- largenum.nbytes = 4096;
-
swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
if (swrc != SW_OK)
{
@@ -961,14 +1057,30 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
goto err;
}
-
- nbytes += largenum.nbytes;
+ buf += sizeof(buf32);
+ num -= sizeof(buf32);
+ }
+ if(num)
+ {
+ largenum.nbytes = sizeof(buf32);
+ largenum.value = buf32;
+ swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
+ if (swrc != SW_OK)
+ {
+ char tmpbuf[20];
+ CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", swrc);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ goto err;
+ }
+ memcpy(buf, largenum.value, num);
}
- to_return = 1; /* success */
+ to_return = 1; /* success */
err:
if (acquired)
release_context(hac);
+
return to_return;
}
diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c
index 5234a08a07..8fb834af31 100644
--- a/src/lib/libcrypto/engine/hw_ubsec.c
+++ b/src/lib/libcrypto/engine/hw_ubsec.c
@@ -454,6 +454,7 @@ static int ubsec_init(ENGINE *e)
err:
if(ubsec_dso)
DSO_free(ubsec_dso);
+ ubsec_dso = NULL;
p_UBSEC_ubsec_bytes_to_bits = NULL;
p_UBSEC_ubsec_bits_to_bytes = NULL;
p_UBSEC_ubsec_open = NULL;
diff --git a/src/lib/libcrypto/err/Makefile b/src/lib/libcrypto/err/Makefile
index 149f3e0eb9..4adec55302 100644
--- a/src/lib/libcrypto/err/Makefile
+++ b/src/lib/libcrypto/err/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/err/Makefile
+# OpenSSL/crypto/err/Makefile
#
DIR= err
diff --git a/src/lib/libcrypto/evp/Makefile b/src/lib/libcrypto/evp/Makefile
index 5027a3855a..d1c2a272bb 100644
--- a/src/lib/libcrypto/evp/Makefile
+++ b/src/lib/libcrypto/evp/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/evp/Makefile
+# OpenSSL/crypto/evp/Makefile
#
DIR= evp
diff --git a/src/lib/libcrypto/evp/c_alld.c b/src/lib/libcrypto/evp/c_alld.c
index aae7bf7482..929ea56a3e 100644
--- a/src/lib/libcrypto/evp/c_alld.c
+++ b/src/lib/libcrypto/evp/c_alld.c
@@ -99,5 +99,15 @@ void OpenSSL_add_all_digests(void)
EVP_add_digest(EVP_ripemd160());
EVP_add_digest_alias(SN_ripemd160,"ripemd");
EVP_add_digest_alias(SN_ripemd160,"rmd160");
+#endif
+#ifdef OPENSSL_FIPS
+#ifndef OPENSSL_NO_SHA256
+ EVP_add_digest(EVP_sha224());
+ EVP_add_digest(EVP_sha256());
+#endif
+#ifndef OPENSSL_NO_SHA512
+ EVP_add_digest(EVP_sha384());
+ EVP_add_digest(EVP_sha512());
+#endif
#endif
}
diff --git a/src/lib/libcrypto/evp/m_sha.c b/src/lib/libcrypto/evp/m_sha.c
index d1785e5f74..ed54909b16 100644
--- a/src/lib/libcrypto/evp/m_sha.c
+++ b/src/lib/libcrypto/evp/m_sha.c
@@ -59,6 +59,9 @@
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
#include <stdio.h>
#include "cryptlib.h"
+/* Including sha.h prior evp.h masks FIPS SHA declarations, but that's
+ * exactly what we want to achieve here... */
+#include <openssl/sha.h>
#include <openssl/evp.h>
#include "evp_locl.h"
#include <openssl/objects.h>
diff --git a/src/lib/libcrypto/hmac/Makefile b/src/lib/libcrypto/hmac/Makefile
index f634dab79d..3d53d8240f 100644
--- a/src/lib/libcrypto/hmac/Makefile
+++ b/src/lib/libcrypto/hmac/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/md/Makefile
+# OpenSSL/crypto/md/Makefile
#
DIR= hmac
diff --git a/src/lib/libcrypto/idea/Makefile b/src/lib/libcrypto/idea/Makefile
index f652783027..6b8e530d9d 100644
--- a/src/lib/libcrypto/idea/Makefile
+++ b/src/lib/libcrypto/idea/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/idea/Makefile
+# OpenSSL/crypto/idea/Makefile
#
DIR= idea
@@ -86,7 +86,7 @@ i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
i_ofb64.o: i_ofb64.c idea_lcl.h
i_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
-i_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i_skey.o: i_skey.c idea_lcl.h
+i_skey.o: ../../include/openssl/fips.h ../../include/openssl/idea.h
+i_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i_skey.o: ../../include/openssl/symhacks.h i_skey.c idea_lcl.h
diff --git a/src/lib/libcrypto/lhash/Makefile b/src/lib/libcrypto/lhash/Makefile
index d325a1644d..cdb0e77fad 100644
--- a/src/lib/libcrypto/lhash/Makefile
+++ b/src/lib/libcrypto/lhash/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/lhash/Makefile
+# OpenSSL/crypto/lhash/Makefile
#
DIR= lhash
diff --git a/src/lib/libcrypto/md2/Makefile b/src/lib/libcrypto/md2/Makefile
index 90628511da..9d0351bb2f 100644
--- a/src/lib/libcrypto/md2/Makefile
+++ b/src/lib/libcrypto/md2/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/md/Makefile
+# OpenSSL/crypto/md/Makefile
#
DIR= md2
diff --git a/src/lib/libcrypto/md2/md2_one.c b/src/lib/libcrypto/md2/md2_one.c
index 835160ef56..8c36ba5779 100644
--- a/src/lib/libcrypto/md2/md2_one.c
+++ b/src/lib/libcrypto/md2/md2_one.c
@@ -69,7 +69,8 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md)
static unsigned char m[MD2_DIGEST_LENGTH];
if (md == NULL) md=m;
- MD2_Init(&c);
+ if (!MD2_Init(&c))
+ return NULL;
#ifndef CHARSET_EBCDIC
MD2_Update(&c,d,n);
#else
diff --git a/src/lib/libcrypto/md4/Makefile b/src/lib/libcrypto/md4/Makefile
index 0b7c8d7ad8..eeb457f20f 100644
--- a/src/lib/libcrypto/md4/Makefile
+++ b/src/lib/libcrypto/md4/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/md4/Makefile
+# OpenSSL/crypto/md4/Makefile
#
DIR= md4
diff --git a/src/lib/libcrypto/md5/Makefile b/src/lib/libcrypto/md5/Makefile
index 832446fff2..1ed018526f 100644
--- a/src/lib/libcrypto/md5/Makefile
+++ b/src/lib/libcrypto/md5/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/md5/Makefile
+# OpenSSL/crypto/md5/Makefile
#
DIR= md5
diff --git a/src/lib/libcrypto/mdc2/Makefile b/src/lib/libcrypto/mdc2/Makefile
index 38c785bf95..b8e9a9a4fa 100644
--- a/src/lib/libcrypto/mdc2/Makefile
+++ b/src/lib/libcrypto/mdc2/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/mdc2/Makefile
+# OpenSSL/crypto/mdc2/Makefile
#
DIR= mdc2
diff --git a/src/lib/libcrypto/objects/Makefile b/src/lib/libcrypto/objects/Makefile
index e449147129..23b2a69e6d 100644
--- a/src/lib/libcrypto/objects/Makefile
+++ b/src/lib/libcrypto/objects/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/objects/Makefile
+# OpenSSL/crypto/objects/Makefile
#
DIR= objects
diff --git a/src/lib/libcrypto/objects/obj_dat.h b/src/lib/libcrypto/objects/obj_dat.h
index 8785127055..cc22152682 100644
--- a/src/lib/libcrypto/objects/obj_dat.h
+++ b/src/lib/libcrypto/objects/obj_dat.h
@@ -62,12 +62,12 @@
* [including the GNU Public Licence.]
*/
-#define NUM_NID 668
-#define NUM_SN 660
-#define NUM_LN 660
-#define NUM_OBJ 624
+#define NUM_NID 676
+#define NUM_SN 669
+#define NUM_LN 669
+#define NUM_OBJ 633
-static unsigned char lvalues[4500]={
+static unsigned char lvalues[4575]={
0x00, /* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
@@ -330,9 +330,9 @@ static unsigned char lvalues[4500]={
0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2092] OBJ_ac_auditEntity */
0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2100] OBJ_ac_targeting */
0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2108] OBJ_aaControls */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2116] OBJ_sbqp_ipAddrBlock */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2124] OBJ_sbqp_autonomousSysNum */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2132] OBJ_sbqp_routerIdentifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2116] OBJ_sbgp_ipAddrBlock */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2124] OBJ_sbgp_autonomousSysNum */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2132] OBJ_sbgp_routerIdentifier */
0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2140] OBJ_textNotice */
0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2148] OBJ_ipsecEndSystem */
0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2156] OBJ_ipsecTunnel */
@@ -691,7 +691,16 @@ static unsigned char lvalues[4500]={
0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4467] OBJ_proxyCertInfo */
0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4475] OBJ_id_ppl_anyLanguage */
0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4483] OBJ_id_ppl_inheritAll */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4491] OBJ_Independent */
+0x55,0x1D,0x1E, /* [4491] OBJ_name_constraints */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4494] OBJ_Independent */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4502] OBJ_sha256WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4511] OBJ_sha384WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4520] OBJ_sha512WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4529] OBJ_sha224WithRSAEncryption */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4538] OBJ_sha256 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4547] OBJ_sha384 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4556] OBJ_sha512 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4565] OBJ_sha224 */
};
static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -1134,12 +1143,12 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
&(lvalues[2092]),0},
{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2100]),0},
{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2108]),0},
-{"sbqp-ipAddrBlock","sbqp-ipAddrBlock",NID_sbqp_ipAddrBlock,8,
+{"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8,
&(lvalues[2116]),0},
-{"sbqp-autonomousSysNum","sbqp-autonomousSysNum",
- NID_sbqp_autonomousSysNum,8,&(lvalues[2124]),0},
-{"sbqp-routerIdentifier","sbqp-routerIdentifier",
- NID_sbqp_routerIdentifier,8,&(lvalues[2132]),0},
+{"sbgp-autonomousSysNum","sbgp-autonomousSysNum",
+ NID_sbgp_autonomousSysNum,8,&(lvalues[2124]),0},
+{"sbgp-routerIdentifier","sbgp-routerIdentifier",
+ NID_sbgp_routerIdentifier,8,&(lvalues[2132]),0},
{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2140]),0},
{"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8,
&(lvalues[2148]),0},
@@ -1754,8 +1763,21 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
&(lvalues[4475]),0},
{"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8,
&(lvalues[4483]),0},
-{NULL,NULL,NID_undef,0,NULL},
-{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4491]),0},
+{"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3,
+ &(lvalues[4491]),0},
+{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4494]),0},
+{"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9,
+ &(lvalues[4502]),0},
+{"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9,
+ &(lvalues[4511]),0},
+{"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9,
+ &(lvalues[4520]),0},
+{"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9,
+ &(lvalues[4529]),0},
+{"SHA256","sha256",NID_sha256,9,&(lvalues[4538]),0},
+{"SHA384","sha384",NID_sha384,9,&(lvalues[4547]),0},
+{"SHA512","sha512",NID_sha512,9,&(lvalues[4556]),0},
+{"SHA224","sha224",NID_sha224,9,&(lvalues[4565]),0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -1881,8 +1903,16 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[42]),/* "RSA-SHA" */
&(nid_objs[65]),/* "RSA-SHA1" */
&(nid_objs[115]),/* "RSA-SHA1-2" */
+&(nid_objs[671]),/* "RSA-SHA224" */
+&(nid_objs[668]),/* "RSA-SHA256" */
+&(nid_objs[669]),/* "RSA-SHA384" */
+&(nid_objs[670]),/* "RSA-SHA512" */
&(nid_objs[41]),/* "SHA" */
&(nid_objs[64]),/* "SHA1" */
+&(nid_objs[675]),/* "SHA224" */
+&(nid_objs[672]),/* "SHA256" */
+&(nid_objs[673]),/* "SHA384" */
+&(nid_objs[674]),/* "SHA512" */
&(nid_objs[188]),/* "SMIME" */
&(nid_objs[167]),/* "SMIME-CAPS" */
&(nid_objs[100]),/* "SN" */
@@ -2182,6 +2212,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[649]),/* "msUPN" */
&(nid_objs[481]),/* "nSRecord" */
&(nid_objs[173]),/* "name" */
+&(nid_objs[666]),/* "nameConstraints" */
&(nid_objs[369]),/* "noCheck" */
&(nid_objs[403]),/* "noRevAvail" */
&(nid_objs[72]),/* "nsBaseUrl" */
@@ -2254,9 +2285,9 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[ 1]),/* "rsadsi" */
&(nid_objs[482]),/* "sOARecord" */
&(nid_objs[155]),/* "safeContentsBag" */
-&(nid_objs[291]),/* "sbqp-autonomousSysNum" */
-&(nid_objs[290]),/* "sbqp-ipAddrBlock" */
-&(nid_objs[292]),/* "sbqp-routerIdentifier" */
+&(nid_objs[291]),/* "sbgp-autonomousSysNum" */
+&(nid_objs[290]),/* "sbgp-ipAddrBlock" */
+&(nid_objs[292]),/* "sbgp-routerIdentifier" */
&(nid_objs[159]),/* "sdsiCertificate" */
&(nid_objs[154]),/* "secretBag" */
&(nid_objs[474]),/* "secretary" */
@@ -2517,6 +2548,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[126]),/* "X509v3 Extended Key Usage" */
&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
&(nid_objs[83]),/* "X509v3 Key Usage" */
+&(nid_objs[666]),/* "X509v3 Name Constraints" */
&(nid_objs[403]),/* "X509v3 No Revocation Available" */
&(nid_objs[401]),/* "X509v3 Policy Constraints" */
&(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
@@ -2930,9 +2962,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[124]),/* "run length compression" */
&(nid_objs[482]),/* "sOARecord" */
&(nid_objs[155]),/* "safeContentsBag" */
-&(nid_objs[291]),/* "sbqp-autonomousSysNum" */
-&(nid_objs[290]),/* "sbqp-ipAddrBlock" */
-&(nid_objs[292]),/* "sbqp-routerIdentifier" */
+&(nid_objs[291]),/* "sbgp-autonomousSysNum" */
+&(nid_objs[290]),/* "sbgp-ipAddrBlock" */
+&(nid_objs[292]),/* "sbgp-routerIdentifier" */
&(nid_objs[159]),/* "sdsiCertificate" */
&(nid_objs[154]),/* "secretBag" */
&(nid_objs[474]),/* "secretary" */
@@ -3059,6 +3091,14 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[64]),/* "sha1" */
&(nid_objs[115]),/* "sha1WithRSA" */
&(nid_objs[65]),/* "sha1WithRSAEncryption" */
+&(nid_objs[675]),/* "sha224" */
+&(nid_objs[671]),/* "sha224WithRSAEncryption" */
+&(nid_objs[672]),/* "sha256" */
+&(nid_objs[668]),/* "sha256WithRSAEncryption" */
+&(nid_objs[673]),/* "sha384" */
+&(nid_objs[669]),/* "sha384WithRSAEncryption" */
+&(nid_objs[674]),/* "sha512" */
+&(nid_objs[670]),/* "sha512WithRSAEncryption" */
&(nid_objs[42]),/* "shaWithRSAEncryption" */
&(nid_objs[52]),/* "signingTime" */
&(nid_objs[454]),/* "simpleSecurityObject" */
@@ -3133,6 +3173,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[430]),/* OBJ_hold_instruction_code 2 5 29 23 */
&(nid_objs[142]),/* OBJ_invalidity_date 2 5 29 24 */
&(nid_objs[140]),/* OBJ_delta_crl 2 5 29 27 */
+&(nid_objs[666]),/* OBJ_name_constraints 2 5 29 30 */
&(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */
&(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */
&(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */
@@ -3383,9 +3424,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[287]),/* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */
&(nid_objs[288]),/* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */
&(nid_objs[289]),/* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */
-&(nid_objs[290]),/* OBJ_sbqp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */
-&(nid_objs[291]),/* OBJ_sbqp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */
-&(nid_objs[292]),/* OBJ_sbqp_routerIdentifier 1 3 6 1 5 5 7 1 9 */
+&(nid_objs[290]),/* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */
+&(nid_objs[291]),/* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */
+&(nid_objs[292]),/* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */
&(nid_objs[397]),/* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */
&(nid_objs[398]),/* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */
&(nid_objs[663]),/* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */
@@ -3480,6 +3521,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */
&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */
&(nid_objs[644]),/* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */
+&(nid_objs[668]),/* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */
+&(nid_objs[669]),/* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */
+&(nid_objs[670]),/* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */
+&(nid_objs[671]),/* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */
&(nid_objs[28]),/* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */
&(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */
&(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */
@@ -3544,6 +3589,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[427]),/* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */
&(nid_objs[428]),/* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */
&(nid_objs[429]),/* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */
+&(nid_objs[672]),/* OBJ_sha256 2 16 840 1 101 3 4 2 1 */
+&(nid_objs[673]),/* OBJ_sha384 2 16 840 1 101 3 4 2 2 */
+&(nid_objs[674]),/* OBJ_sha512 2 16 840 1 101 3 4 2 3 */
+&(nid_objs[675]),/* OBJ_sha224 2 16 840 1 101 3 4 2 4 */
&(nid_objs[71]),/* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */
&(nid_objs[72]),/* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */
&(nid_objs[73]),/* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */
diff --git a/src/lib/libcrypto/objects/obj_mac.h b/src/lib/libcrypto/objects/obj_mac.h
index d28894cf41..51bb50047f 100644
--- a/src/lib/libcrypto/objects/obj_mac.h
+++ b/src/lib/libcrypto/objects/obj_mac.h
@@ -241,6 +241,26 @@
#define NID_sha1WithRSAEncryption 65
#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L
+#define SN_sha256WithRSAEncryption "RSA-SHA256"
+#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption"
+#define NID_sha256WithRSAEncryption 668
+#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L
+
+#define SN_sha384WithRSAEncryption "RSA-SHA384"
+#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption"
+#define NID_sha384WithRSAEncryption 669
+#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L
+
+#define SN_sha512WithRSAEncryption "RSA-SHA512"
+#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption"
+#define NID_sha512WithRSAEncryption 670
+#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L
+
+#define SN_sha224WithRSAEncryption "RSA-SHA224"
+#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption"
+#define NID_sha224WithRSAEncryption 671
+#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L
+
#define SN_pkcs3 "pkcs3"
#define NID_pkcs3 27
#define OBJ_pkcs3 OBJ_pkcs,3L
@@ -1048,17 +1068,17 @@
#define NID_aaControls 289
#define OBJ_aaControls OBJ_id_pe,6L
-#define SN_sbqp_ipAddrBlock "sbqp-ipAddrBlock"
-#define NID_sbqp_ipAddrBlock 290
-#define OBJ_sbqp_ipAddrBlock OBJ_id_pe,7L
+#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock"
+#define NID_sbgp_ipAddrBlock 290
+#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L
-#define SN_sbqp_autonomousSysNum "sbqp-autonomousSysNum"
-#define NID_sbqp_autonomousSysNum 291
-#define OBJ_sbqp_autonomousSysNum OBJ_id_pe,8L
+#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum"
+#define NID_sbgp_autonomousSysNum 291
+#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L
-#define SN_sbqp_routerIdentifier "sbqp-routerIdentifier"
-#define NID_sbqp_routerIdentifier 292
-#define OBJ_sbqp_routerIdentifier OBJ_id_pe,9L
+#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier"
+#define NID_sbgp_routerIdentifier 292
+#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L
#define SN_ac_proxying "ac-proxying"
#define NID_ac_proxying 397
@@ -1779,6 +1799,11 @@
#define NID_delta_crl 140
#define OBJ_delta_crl OBJ_id_ce,27L
+#define SN_name_constraints "nameConstraints"
+#define LN_name_constraints "X509v3 Name Constraints"
+#define NID_name_constraints 666
+#define OBJ_name_constraints OBJ_id_ce,30L
+
#define SN_crl_distribution_points "crlDistributionPoints"
#define LN_crl_distribution_points "X509v3 CRL Distribution Points"
#define NID_crl_distribution_points 103
@@ -2081,6 +2106,28 @@
#define LN_des_ede3_cfb8 "des-ede3-cfb8"
#define NID_des_ede3_cfb8 659
+#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L
+
+#define SN_sha256 "SHA256"
+#define LN_sha256 "sha256"
+#define NID_sha256 672
+#define OBJ_sha256 OBJ_nist_hashalgs,1L
+
+#define SN_sha384 "SHA384"
+#define LN_sha384 "sha384"
+#define NID_sha384 673
+#define OBJ_sha384 OBJ_nist_hashalgs,2L
+
+#define SN_sha512 "SHA512"
+#define LN_sha512 "sha512"
+#define NID_sha512 674
+#define OBJ_sha512 OBJ_nist_hashalgs,3L
+
+#define SN_sha224 "SHA224"
+#define LN_sha224 "sha224"
+#define NID_sha224 675
+#define OBJ_sha224 OBJ_nist_hashalgs,4L
+
#define SN_hold_instruction_code "holdInstructionCode"
#define LN_hold_instruction_code "Hold Instruction Code"
#define NID_hold_instruction_code 430
diff --git a/src/lib/libcrypto/pem/Makefile b/src/lib/libcrypto/pem/Makefile
index f3dfea2ac8..fbc2b5d056 100644
--- a/src/lib/libcrypto/pem/Makefile
+++ b/src/lib/libcrypto/pem/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/pem/Makefile
+# OpenSSL/crypto/pem/Makefile
#
DIR= pem
diff --git a/src/lib/libcrypto/perlasm/x86nasm.pl b/src/lib/libcrypto/perlasm/x86nasm.pl
index 5009acb4b3..4bdb3fe180 100644
--- a/src/lib/libcrypto/perlasm/x86nasm.pl
+++ b/src/lib/libcrypto/perlasm/x86nasm.pl
@@ -221,7 +221,15 @@ sub using486
sub main'file
{
- push(@out, "segment .text use32\n");
+ local $tmp;
+ $tmp=<<___;
+%ifdef __omf__
+section code use32 class=code
+%else
+section .text
+%endif
+___
+ push(@out,$tmp);
}
sub main'function_begin
diff --git a/src/lib/libcrypto/pkcs12/Makefile b/src/lib/libcrypto/pkcs12/Makefile
index 854b641f7c..bef4f27912 100644
--- a/src/lib/libcrypto/pkcs12/Makefile
+++ b/src/lib/libcrypto/pkcs12/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/pkcs12/Makefile
+# OpenSSL/crypto/pkcs12/Makefile
#
DIR= pkcs12
diff --git a/src/lib/libcrypto/pkcs7/Makefile b/src/lib/libcrypto/pkcs7/Makefile
index f15c65f690..a213ae2227 100644
--- a/src/lib/libcrypto/pkcs7/Makefile
+++ b/src/lib/libcrypto/pkcs7/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/pkcs7/Makefile
+# OpenSSL/crypto/pkcs7/Makefile
#
DIR= pkcs7
diff --git a/src/lib/libcrypto/rand/Makefile b/src/lib/libcrypto/rand/Makefile
index 665eaa18e5..b1d1a75f98 100644
--- a/src/lib/libcrypto/rand/Makefile
+++ b/src/lib/libcrypto/rand/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/rand/Makefile
+# OpenSSL/crypto/rand/Makefile
#
DIR= rand
diff --git a/src/lib/libcrypto/rc2/Makefile b/src/lib/libcrypto/rc2/Makefile
index 18edaca6c6..34080ab741 100644
--- a/src/lib/libcrypto/rc2/Makefile
+++ b/src/lib/libcrypto/rc2/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/rc2/Makefile
+# OpenSSL/crypto/rc2/Makefile
#
DIR= rc2
@@ -82,7 +82,7 @@ rc2_cbc.o: rc2_cbc.c rc2_locl.h
rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h
rc2_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-rc2_skey.o: ../../include/openssl/opensslconf.h
+rc2_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
rc2_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
rc2_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rc2_skey.o: ../../include/openssl/symhacks.h rc2_locl.h rc2_skey.c
diff --git a/src/lib/libcrypto/rc2/rc2speed.c b/src/lib/libcrypto/rc2/rc2speed.c
index 47d34b444e..4d0e1242ea 100644
--- a/src/lib/libcrypto/rc2/rc2speed.c
+++ b/src/lib/libcrypto/rc2/rc2speed.c
@@ -102,10 +102,10 @@ OPENSSL_DECLARE_EXIT
#ifndef HZ
#ifndef CLK_TCK
#define HZ 100.0
-#endif
-#else /* CLK_TCK */
+#else /* CLK_TCK */
#define HZ ((double)CLK_TCK)
-#endif
+#endif /* CLK_TCK */
+#endif /* HZ */
#define BUFSIZE ((long)1024)
long run=0;
diff --git a/src/lib/libcrypto/rc4/Makefile b/src/lib/libcrypto/rc4/Makefile
index 64e06924f4..20d078ec87 100644
--- a/src/lib/libcrypto/rc4/Makefile
+++ b/src/lib/libcrypto/rc4/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/rc4/Makefile
+# OpenSSL/crypto/rc4/Makefile
#
DIR= rc4
@@ -66,10 +66,14 @@ asm/rx86bsdi.o: asm/rx86unix.cpp
asm/rx86unix.cpp: asm/rc4-586.pl ../perlasm/x86asm.pl
(cd asm; $(PERL) rc4-586.pl cpp >rx86unix.cpp)
-asm/rc4-amd64.s: asm/rc4-amd64.pl; $(PERL) asm/rc4-amd64.pl $@
+asm/rc4-x86_64.s: asm/rc4-x86_64.pl; $(PERL) asm/rc4-x86_64.pl $@
asm/rc4-ia64.s: asm/rc4-ia64.S
- $(CC) $(CFLAGS) -E asm/rc4-ia64.S > $@
+ @case `awk '/^#define RC4_INT/{print$$NF}' $(TOP)/include/openssl/opensslconf.h` in \
+ int) set -x; $(CC) $(CFLAGS) -DSZ=4 -E asm/rc4-ia64.S > $@ ;; \
+ char) set -x; $(CC) $(CFLAGS) -DSZ=1 -E asm/rc4-ia64.S > $@ ;; \
+ *) exit 1 ;; \
+ esac
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -116,7 +120,8 @@ rc4_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h rc4_enc.c rc4_locl.h
rc4_skey.o: ../../e_os.h ../../include/openssl/bio.h
rc4_skey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rc4_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rc4_skey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rc4_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rc4_skey.o: ../../include/openssl/opensslconf.h
rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc4.h
rc4_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rc4_skey.o: ../../include/openssl/symhacks.h ../cryptlib.h rc4_locl.h
diff --git a/src/lib/libcrypto/rc4/asm/rc4-ia64.S b/src/lib/libcrypto/rc4/asm/rc4-ia64.S
index b517d2e88f..a322d0c718 100644
--- a/src/lib/libcrypto/rc4/asm/rc4-ia64.S
+++ b/src/lib/libcrypto/rc4/asm/rc4-ia64.S
@@ -7,7 +7,7 @@
// disclaimed.
// ====================================================================
-.ident "rc4-ia64.S, Version 1.1"
+.ident "rc4-ia64.S, Version 2.0"
.ident "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
// What's wrong with compiler generated code? Because of the nature of
@@ -27,17 +27,10 @@
// Legitimate "collisions" do occur within every 256^2 bytes window.
// Fortunately there're enough free instruction slots to keep prior
// reference to key[x+1], detect "collision" and compensate for it.
-// All this without sacrificing a single clock cycle:-)
-// Furthermore. In order to compress loop body to the minimum, I chose
-// to deploy deposit instruction, which substitutes for the whole
-// key->data+((x&255)<<log2(sizeof(key->data[0]))). This unfortunately
-// requires key->data to be aligned at sizeof(key->data) boundary.
-// This is why you'll find "RC4_INT pad[512-256-2];" addenum to RC4_KEY
-// and "d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));" in
-// rc4_skey.c [and rc4_enc.c, where it's retained for debugging
-// purposes]. Throughput is ~210MBps on 900MHz CPU, which is is >3x
-// faster than gcc generated code and +30% - if compared to HP-UX C.
-// Unrolling loop below should give >30% on top of that...
+// All this without sacrificing a single clock cycle:-) Throughput is
+// ~210MBps on 900MHz CPU, which is is >3x faster than gcc generated
+// code and +30% - if compared to HP-UX C. Unrolling loop below should
+// give >30% on top of that...
.text
.explicit
@@ -48,7 +41,9 @@
# define ADDP add
#endif
+#ifndef SZ
#define SZ 4 // this is set to sizeof(RC4_INT)
+#endif
// SZ==4 seems to be optimal. At least SZ==8 is not any faster, not for
// assembler implementation, while SZ==1 code is ~30% slower.
#if SZ==1 // RC4_INT is unsigned char
@@ -101,45 +96,53 @@ RC4:
ADDP out=0,in3
brp.loop.imp .Ltop,.Lexit-16 };;
{ .mmi; LDKEY yy=[key] // load key->y
- add ksch=(255+1)*SZ,key // as ksch will be used with
- // deposit instruction only,
- // I don't have to &~255...
+ add ksch=SZ,key
mov ar.lc=in1 }
{ .mmi; mov key_y[1]=r0 // guarantee inequality
// in first iteration
add xx=1,xx
mov pr.rot=1<<16 };;
{ .mii; nop.m 0
- dep key_x[1]=xx,ksch,OFF,8
+ dep key_x[1]=xx,r0,OFF,8
mov ar.ec=3 };; // note that epilogue counter
// is off by 1. I compensate
// for this at exit...
.Ltop:
-// The loop is scheduled for 3*(n+2) spin-rate on Itanium 2, which
+// The loop is scheduled for 4*(n+2) spin-rate on Itanium 2, which
// theoretically gives asymptotic performance of clock frequency
-// divided by 3 bytes per seconds, or 500MBps on 1.5GHz CPU. Measured
-// performance however is distinctly lower than 1/4:-( The culplrit
-// seems to be *(out++)=dat, which inadvertently splits the bundle,
-// even though there is M-port available... Unrolling is due...
-// Unrolled loop should collect output with variable shift instruction
-// in order to avoid starvation for integer shifter... It should be
-// possible to get pretty close to theoretical peak...
-{ .mmi; (p16) LDKEY tx[0]=[key_x[1]] // tx=key[xx]
- (p17) LDKEY ty[0]=[key_y[1]] // ty=key[yy]
- (p18) dep rnd[1]=rnd[1],ksch,OFF,8} // &key[(tx+ty)&255]
+// divided by 4 bytes per seconds, or 400MBps on 1.6GHz CPU. This is
+// for sizeof(RC4_INT)==4. For smaller RC4_INT STKEY inadvertently
+// splits the last bundle and you end up with 5*n spin-rate:-(
+// Originally the loop was scheduled for 3*n and relied on key
+// schedule to be aligned at 256*sizeof(RC4_INT) boundary. But
+// *(out++)=dat, which maps to st1, had same effect [inadvertent
+// bundle split] and holded the loop back. Rescheduling for 4*n
+// made it possible to eliminate dependence on specific alignment
+// and allow OpenSSH keep "abusing" our API. Reaching for 3*n would
+// require unrolling, sticking to variable shift instruction for
+// collecting output [to avoid starvation for integer shifter] and
+// copying of key schedule to controlled place in stack [so that
+// deposit instruction can serve as substitute for whole
+// key->data+((x&255)<<log2(sizeof(key->data[0])))]...
{ .mmi; (p19) st1 [out]=dat[3],1 // *(out++)=dat
(p16) add xx=1,xx // x++
- (p16) cmp.ne.unc p20,p21=key_x[1],key_y[1] };;
+ (p18) dep rnd[1]=rnd[1],r0,OFF,8 } // ((tx+ty)&255)<<OFF
+{ .mmi; (p16) add key_x[1]=ksch,key_x[1] // &key[xx&255]
+ (p17) add key_y[1]=ksch,key_y[1] };; // &key[yy&255]
+{ .mmi; (p16) LDKEY tx[0]=[key_x[1]] // tx=key[xx]
+ (p17) LDKEY ty[0]=[key_y[1]] // ty=key[yy]
+ (p16) dep key_x[0]=xx,r0,OFF,8 } // (xx&255)<<OFF
+{ .mmi; (p18) add rnd[1]=ksch,rnd[1] // &key[(tx+ty)&255]
+ (p16) cmp.ne.unc p20,p21=key_x[1],key_y[1] };;
{ .mmi; (p18) LDKEY rnd[1]=[rnd[1]] // rnd=key[(tx+ty)&255]
- (p16) ld1 dat[0]=[inp],1 // dat=*(inp++)
- (p16) dep key_x[0]=xx,ksch,OFF,8 } // &key[xx&255]
+ (p16) ld1 dat[0]=[inp],1 } // dat=*(inp++)
.pred.rel "mutex",p20,p21
{ .mmi; (p21) add yy=yy,tx[1] // (p16)
(p20) add yy=yy,tx[0] // (p16) y+=tx
(p21) mov tx[0]=tx[1] };; // (p16)
{ .mmi; (p17) STKEY [key_y[1]]=tx[1] // key[yy]=tx
(p17) STKEY [key_x[2]]=ty[0] // key[xx]=ty
- (p16) dep key_y[0]=yy,ksch,OFF,8 } // &key[yy&255]
+ (p16) dep key_y[0]=yy,r0,OFF,8 } // &key[yy&255]
{ .mmb; (p17) add rnd[0]=tx[1],ty[0] // tx+=ty
(p18) xor dat[2]=dat[2],rnd[1] // dat^=rnd
br.ctop.sptk .Ltop };;
diff --git a/src/lib/libcrypto/rc5/Makefile b/src/lib/libcrypto/rc5/Makefile
index 3a8d309b29..16e6a60017 100644
--- a/src/lib/libcrypto/rc5/Makefile
+++ b/src/lib/libcrypto/rc5/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/rc5/Makefile
+# OpenSSL/crypto/rc5/Makefile
#
DIR= rc5
@@ -102,7 +102,7 @@ rc5_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h
rc5_ecb.o: rc5_ecb.c rc5_locl.h
rc5_enc.o: ../../include/openssl/rc5.h rc5_enc.c rc5_locl.h
rc5_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-rc5_skey.o: ../../include/openssl/opensslconf.h
+rc5_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
rc5_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h
rc5_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rc5_skey.o: ../../include/openssl/symhacks.h rc5_locl.h rc5_skey.c
diff --git a/src/lib/libcrypto/ripemd/Makefile b/src/lib/libcrypto/ripemd/Makefile
index dc086e3434..20c8b4d8db 100644
--- a/src/lib/libcrypto/ripemd/Makefile
+++ b/src/lib/libcrypto/ripemd/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/ripemd/Makefile
+# OpenSSL/crypto/ripemd/Makefile
#
DIR= ripemd
diff --git a/src/lib/libcrypto/rsa/Makefile b/src/lib/libcrypto/rsa/Makefile
index 5748b0d3d0..8851825250 100644
--- a/src/lib/libcrypto/rsa/Makefile
+++ b/src/lib/libcrypto/rsa/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/rsa/Makefile
+# OpenSSL/crypto/rsa/Makefile
#
DIR= rsa
@@ -24,10 +24,10 @@ APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
- rsa_asn1.c
+ rsa_pss.c rsa_x931.c rsa_asn1.c
LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
- rsa_asn1.o
+ rsa_pss.o rsa_x931.o rsa_asn1.o
SRC= $(LIBSRC)
@@ -184,6 +184,26 @@ rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
+rsa_pss.o: ../../e_os.h ../../include/openssl/aes.h
+rsa_pss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_pss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_pss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_pss.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_pss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_pss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_pss.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_pss.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_pss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rsa_pss.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+rsa_pss.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_pss.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rsa_pss.o: ../../include/openssl/ui_compat.h ../cryptlib.h rsa_pss.c
rsa_saos.o: ../../e_os.h ../../include/openssl/aes.h
rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -237,3 +257,13 @@ rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c
+rsa_x931.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_x931.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_x931.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_x931.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_x931.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_x931.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c
diff --git a/src/lib/libcrypto/rsa/rsa_test.c b/src/lib/libcrypto/rsa/rsa_test.c
index 924e9ad1f6..218bb2a39b 100644
--- a/src/lib/libcrypto/rsa/rsa_test.c
+++ b/src/lib/libcrypto/rsa/rsa_test.c
@@ -227,10 +227,10 @@ int main(int argc, char *argv[])
plen = sizeof(ptext_ex) - 1;
- for (v = 0; v < 3; v++)
+ for (v = 0; v < 6; v++)
{
key = RSA_new();
- switch (v) {
+ switch (v%3) {
case 0:
clen = key1(key, ctext_ex);
break;
@@ -241,6 +241,7 @@ int main(int argc, char *argv[])
clen = key3(key, ctext_ex);
break;
}
+ if (v/3 > 1) key->flags |= RSA_FLAG_NO_EXP_CONSTTIME;
num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
RSA_PKCS1_PADDING);
diff --git a/src/lib/libcrypto/sha/Makefile b/src/lib/libcrypto/sha/Makefile
index 0426786aa0..46103bbc83 100644
--- a/src/lib/libcrypto/sha/Makefile
+++ b/src/lib/libcrypto/sha/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/sha/Makefile
+# OpenSSL/crypto/sha/Makefile
#
DIR= sha
diff --git a/src/lib/libcrypto/sha/sha_one.c b/src/lib/libcrypto/sha/sha_one.c
index e61c63f3e9..d4f4d344df 100644
--- a/src/lib/libcrypto/sha/sha_one.c
+++ b/src/lib/libcrypto/sha/sha_one.c
@@ -68,7 +68,8 @@ unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
static unsigned char m[SHA_DIGEST_LENGTH];
if (md == NULL) md=m;
- SHA_Init(&c);
+ if (!SHA_Init(&c))
+ return NULL;
SHA_Update(&c,d,n);
SHA_Final(md,&c);
OPENSSL_cleanse(&c,sizeof(c));
diff --git a/src/lib/libcrypto/stack/Makefile b/src/lib/libcrypto/stack/Makefile
index 4d5199a000..711b16832a 100644
--- a/src/lib/libcrypto/stack/Makefile
+++ b/src/lib/libcrypto/stack/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/stack/Makefile
+# OpenSSL/crypto/stack/Makefile
#
DIR= stack
diff --git a/src/lib/libcrypto/txt_db/Makefile b/src/lib/libcrypto/txt_db/Makefile
index f91a08f006..3cb550a795 100644
--- a/src/lib/libcrypto/txt_db/Makefile
+++ b/src/lib/libcrypto/txt_db/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/txt_db/Makefile
+# OpenSSL/crypto/txt_db/Makefile
#
DIR= txt_db
diff --git a/src/lib/libcrypto/util/checkhash.pl b/src/lib/libcrypto/util/checkhash.pl
new file mode 100644
index 0000000000..c61fa72178
--- /dev/null
+++ b/src/lib/libcrypto/util/checkhash.pl
@@ -0,0 +1,222 @@
+#!/usr/bin/env perl -w
+
+my $package = caller;
+
+if (!(defined $package))
+ {
+ my $retval = check_hashes(@ARGV);
+ exit $retval;
+ }
+
+1;
+
+sub check_hashes
+ {
+
+ my @args = @_;
+
+ my $change_dir = "";
+ my $check_program = "sha/fips_standalone_sha1";
+
+ my $verbose = 0;
+ my $badfiles = 0;
+ my $rebuild = 0;
+ my $force_rewrite = 0;
+ my $hash_file = "fipshashes.c";
+ my $recurse = 0;
+
+ my @fingerprint_files;
+
+ while (@args)
+ {
+ my $arg = $args[0];
+ if ($arg eq "-chdir")
+ {
+ shift @args;
+ $change_dir = shift @args;
+ }
+ elsif ($arg eq "-rebuild")
+ {
+ shift @args;
+ $rebuild = 1;
+ }
+ elsif ($arg eq "-verbose")
+ {
+ shift @args;
+ $verbose = 1;
+ }
+ elsif ($arg eq "-force-rewrite")
+ {
+ shift @args;
+ $force_rewrite = 1;
+ }
+ elsif ($arg eq "-hash_file")
+ {
+ shift @args;
+ $hash_file = shift @args;
+ }
+ elsif ($arg eq "-recurse")
+ {
+ shift @args;
+ $recurse = 1;
+ }
+ elsif ($arg eq "-program_path")
+ {
+ shift @args;
+ $check_program = shift @args;
+ }
+ else
+ {
+ print STDERR "Unknown Option $arg";
+ return 1;
+ }
+
+ }
+
+ chdir $change_dir if $change_dir ne "";
+
+ if ($recurse)
+ {
+ @fingerprint_files = ("fingerprint.sha1",
+ <*/fingerprint.sha1>);
+ }
+ else
+ {
+ push @fingerprint_files, $hash_file;
+ }
+
+ foreach $fp (@fingerprint_files)
+ {
+ if (!open(IN, "$fp"))
+ {
+ print STDERR "Can't open file $fp";
+ return 1;
+ }
+ print STDERR "Opening Fingerprint file $fp\n" if $verbose;
+ my $dir = $fp;
+ $dir =~ s/[^\/]*$//;
+ while (<IN>)
+ {
+ chomp;
+ if (!(($file, $hash) = /^\"HMAC-SHA1\((.*)\)\s*=\s*(\w*)\",$/))
+ {
+ /^\"/ || next;
+ print STDERR "FATAL: Invalid syntax in file $fp\n";
+ print STDERR "Line:\n$_\n";
+ fatal_error();
+ return 1;
+ }
+ if (!$rebuild && length($hash) != 40)
+ {
+ print STDERR "FATAL: Invalid hash length in $fp for file $file\n";
+ fatal_error();
+ return 1;
+ }
+ push @hashed_files, "$dir$file";
+ if (exists $hashes{"$dir$file"})
+ {
+ print STDERR "FATAL: Duplicate Hash file $dir$file\n";
+ fatal_error();
+ return 1;
+ }
+ if (! -r "$dir$file")
+ {
+ print STDERR "FATAL: Can't access $dir$file\n";
+ fatal_error();
+ return 1;
+ }
+ $hashes{"$dir$file"} = $hash;
+ }
+ close IN;
+ }
+
+ @checked_hashes = `$check_program @hashed_files`;
+
+ if ($? != 0)
+ {
+ print STDERR "Error running hash program $check_program\n";
+ fatal_error();
+ return 1;
+ }
+
+ if (@checked_hashes != @hashed_files)
+ {
+ print STDERR "FATAL: hash count incorrect\n";
+ fatal_error();
+ return 1;
+ }
+
+ foreach (@checked_hashes)
+ {
+ chomp;
+ if (!(($file, $hash) = /^HMAC-SHA1\((.*)\)\s*=\s*(\w*)$/))
+ {
+ print STDERR "FATAL: Invalid syntax in file $fp\n";
+ print STDERR "Line:\n$_\n";
+ fatal_error();
+ return 1;
+ }
+ if (length($hash) != 40)
+ {
+ print STDERR "FATAL: Invalid hash length for file $file\n";
+ fatal_error();
+ return 1;
+ }
+ if ($hash ne $hashes{$file})
+ {
+ if ($rebuild)
+ {
+ print STDERR "Updating hash on file $file\n";
+ $hashes{$file} = $hash;
+ }
+ else
+ {
+ print STDERR "Hash check failed for file $file\n";
+ }
+ $badfiles++;
+ }
+ elsif ($verbose)
+ { print "Hash Check OK for $file\n";}
+ }
+
+
+ if ($badfiles && !$rebuild)
+ {
+ print STDERR "FATAL: hash mismatch on $badfiles files\n";
+ fatal_error();
+ return 1;
+ }
+
+ if ($badfiles || $force_rewrite)
+ {
+ print "Updating Hash file $hash_file\n";
+ if (!open(OUT, ">$hash_file"))
+ {
+ print STDERR "Error rewriting $hash_file";
+ return 1;
+ }
+ print OUT "const char * const FIPS_source_hashes[] = {\n";
+ foreach (@hashed_files)
+ {
+ print OUT "\"HMAC-SHA1($_)= $hashes{$_}\",\n";
+ }
+ print OUT "};\n";
+ close OUT;
+ }
+
+ if (!$badfiles)
+ {
+ print "FIPS hash check successful\n";
+ }
+
+ return 0;
+
+ }
+
+
+sub fatal_error
+ {
+ print STDERR "*** Your source code does not match the FIPS validated source ***\n";
+ }
+
+
diff --git a/src/lib/libcrypto/util/fipslink.pl b/src/lib/libcrypto/util/fipslink.pl
new file mode 100644
index 0000000000..a893833c5c
--- /dev/null
+++ b/src/lib/libcrypto/util/fipslink.pl
@@ -0,0 +1,78 @@
+#!/usr/bin/perl
+
+sub check_env
+ {
+ my @ret;
+ foreach (@_)
+ {
+ die "Environment variable $_ not defined!\n" unless exists $ENV{$_};
+ push @ret, $ENV{$_};
+ }
+ return @ret;
+ }
+
+
+my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe)
+ = check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET",
+ "FIPSLIB_D", "FIPS_SHA1_EXE");
+
+
+
+if (exists $ENV{"PREMAIN_DSO_EXE"})
+ {
+ $fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"};
+ }
+ else
+ {
+ $fips_premain_dso = "";
+ }
+
+check_hash($sha1_exe, "fips_premain.c");
+check_hash($sha1_exe, "fipscanister.o");
+
+
+print "Integrity check OK\n";
+
+print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n";
+system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c";
+die "First stage Compile failure" if $? != 0;
+
+print "$fips_link @ARGV\n";
+system "$fips_link @ARGV";
+die "First stage Link failure" if $? != 0;
+
+
+print "$fips_premain_dso $fips_target\n";
+$fips_hash=`$fips_premain_dso $fips_target`;
+chomp $fips_hash;
+die "Get hash failure" if $? != 0;
+
+
+print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n";
+system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c";
+die "Second stage Compile failure" if $? != 0;
+
+
+print "$fips_link @ARGV\n";
+system "$fips_link @ARGV";
+die "Second stage Link failure" if $? != 0;
+
+sub check_hash
+ {
+ my ($sha1_exe, $filename) = @_;
+ my ($hashfile, $hashval);
+
+ open(IN, "${fips_libdir}/${filename}.sha1") || die "Cannot open file hash file ${fips_libdir}/${filename}.sha1";
+ $hashfile = <IN>;
+ close IN;
+ $hashval = `$sha1_exe ${fips_libdir}/$filename`;
+ chomp $hashfile;
+ chomp $hashval;
+ $hashfile =~ s/^.*=\s+//;
+ $hashval =~ s/^.*=\s+//;
+ die "Invalid hash syntax in file" if (length($hashfile) != 40);
+ die "Invalid hash received for file" if (length($hashval) != 40);
+ die "***HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile);
+ }
+
+
diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num
index 56fb7446e0..4222bef6d6 100644
--- a/src/lib/libcrypto/util/libeay.num
+++ b/src/lib/libcrypto/util/libeay.num
@@ -2811,7 +2811,7 @@ EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES
FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION:
FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION:
EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES
-FIPS_allow_md5 3256 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_allow_md5 3256 NOEXIST::FUNCTION:
DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES
EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES
FIPS_rand_seeded 3259 EXIST:OPENSSL_FIPS:FUNCTION:
@@ -2837,7 +2837,7 @@ FIPS_dsa_check 3278 EXIST:OPENSSL_FIPS:FUNCTION:
AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES
EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES
FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_md5_allowed 3282 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_md5_allowed 3282 NOEXIST::FUNCTION:
FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION:
FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION:
sk_is_sorted 3285 EXIST::FUNCTION:
@@ -2867,3 +2867,41 @@ PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
PROXY_POLICY_free 3308 EXIST::FUNCTION:
PROXY_POLICY_new 3309 EXIST::FUNCTION:
+BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION:
+FIPS_selftest_rng 3311 EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_sha384 3312 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+EVP_sha512 3313 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+EVP_sha224 3314 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+EVP_sha256 3315 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+FIPS_selftest_hmac 3316 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_rng 3317 EXIST:OPENSSL_FIPS:FUNCTION:
+BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION:
+RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA
+RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA
+RSA_verify_PKCS1_PSS 3321 EXIST::FUNCTION:RSA
+RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA
+PKCS1_MGF1 3324 EXIST::FUNCTION:RSA
+BN_X931_generate_Xpq 3325 EXIST:OPENSSL_FIPS:FUNCTION:
+RSA_X931_generate_key 3326 EXIST:OPENSSL_FIPS:FUNCTION:RSA
+BN_X931_derive_prime 3327 EXIST:OPENSSL_FIPS:FUNCTION:
+BN_X931_generate_prime 3328 EXIST:OPENSSL_FIPS:FUNCTION:
+RSA_X931_derive 3329 EXIST:OPENSSL_FIPS:FUNCTION:RSA
+SHA512_Update 3356 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA256_Init 3479 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA224 3510 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA384_Update 3551 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA224_Final 3560 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA224_Update 3562 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA512_Final 3581 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA224_Init 3631 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA512_Init 3633 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA256 3654 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA256_Transform 3664 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA512 3669 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA512_Transform 3675 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA256_Final 3712 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA384_Init 3737 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA384_Final 3740 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA384 3745 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA256_Update 3765 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl
index 957264c6b5..05a6086164 100644
--- a/src/lib/libcrypto/util/mk1mf.pl
+++ b/src/lib/libcrypto/util/mk1mf.pl
@@ -10,6 +10,20 @@ $OPTIONS="";
$ssl_version="";
$banner="\t\@echo Building OpenSSL";
+local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic
+local $zlib_lib = "";
+
+my $fips_canister_path = "";
+my $fips_premain_dso_exe_path = "";
+my $fips_premain_c_path = "";
+my $fips_sha1_exe_path = "";
+
+my $fipslibdir = "";
+my $baseaddr = "";
+
+my $ex_l_libs = "";
+
+
open(IN,"<Makefile") || die "unable to open Makefile!\n";
while(<IN>) {
$ssl_version=$1 if (/^VERSION=(.*)$/);
@@ -24,6 +38,7 @@ $infile="MINFO";
%ops=(
"VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X",
+ "VC-WIN32-GMAKE", "Microsoft Visual C++ [4-6] - Windows NT or 9X, GNU make",
"VC-CE", "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY",
"VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY",
"VC-W31-16", "Microsoft Visual C++ 1.52 - Windows 3.1 - 286",
@@ -43,6 +58,7 @@ $infile="MINFO";
);
$platform="";
+my $xcflags="";
foreach (@ARGV)
{
if (!&read_options && !defined($ops{$_}))
@@ -104,8 +120,12 @@ $inc_def="outinc";
$tmp_def="tmp";
$mkdir="-mkdir";
+$mkcanister="ld -r -o";
+
+$ex_build_targets = "";
($ssl,$crypto)=("ssl","crypto");
+$cryptocompat = "";
$ranlib="echo ranlib";
$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
@@ -140,6 +160,10 @@ elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT"))
$NT = 1 if $platform eq "VC-NT";
require 'VC-32.pl';
}
+elsif ($platform eq "VC-WIN32-GMAKE")
+ {
+ require 'VC-32-GMAKE.pl';
+ }
elsif ($platform eq "VC-CE")
{
require 'VC-CE.pl';
@@ -210,6 +234,8 @@ $inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
+$cflags= "$xcflags$cflags" if $xcflags ne "";
+
$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea;
$cflags.=" -DOPENSSL_NO_AES" if $no_aes;
$cflags.=" -DOPENSSL_NO_RC2" if $no_rc2;
@@ -239,6 +265,9 @@ $cflags.=" -DOPENSSL_NO_HW" if $no_hw;
$cflags.=" -DOPENSSL_FIPS" if $fips;
#$cflags.=" -DRSAref" if $rsaref ne "";
+$cflags.= " -DZLIB" if $zlib_opt;
+$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
+
## if ($unix)
## { $cflags="$c_flags" if ($c_flags ne ""); }
##else
@@ -246,6 +275,7 @@ $cflags.=" -DOPENSSL_FIPS" if $fips;
$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
+
%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
"CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
@@ -262,6 +292,135 @@ $link="$bin_dir$link" if ($link !~ /^\$/);
$INSTALLTOP =~ s|/|$o|g;
+#############################################
+# We parse in input file and 'store' info for later printing.
+open(IN,"<$infile") || die "unable to open $infile:$!\n";
+$_=<IN>;
+for (;;)
+ {
+ chop;
+
+ ($key,$val)=/^([^=]+)=(.*)/;
+ if ($key eq "RELATIVE_DIRECTORY")
+ {
+ if ($lib ne "")
+ {
+ if ($fips && $dir =~ /^fips/)
+ {
+ $uc = "FIPS";
+ }
+ else
+ {
+ $uc=$lib;
+ $uc =~ s/^lib(.*)\.a/$1/;
+ $uc =~ tr/a-z/A-Z/;
+ }
+ if (($uc ne "FIPS") || $fips_canister_build)
+ {
+ $lib_nam{$uc}=$uc;
+ $lib_obj{$uc}.=$libobj." ";
+ }
+ }
+ last if ($val eq "FINISHED");
+ $lib="";
+ $libobj="";
+ $dir=$val;
+ }
+
+ if ($key eq "KRB5_INCLUDES")
+ { $cflags .= " $val";}
+
+ if ($key eq "ZLIB_INCLUDE")
+ { $cflags .= " $val" if $val ne "";}
+
+ if ($key eq "LIBZLIB")
+ { $zlib_lib = "$val" if $val ne "";}
+
+ if ($key eq "LIBKRB5")
+ { $ex_libs .= " $val" if $val ne "";}
+
+ if ($key eq "TEST")
+ { $test.=&var_add($dir,$val); }
+
+ if (($key eq "PROGS") || ($key eq "E_OBJ"))
+ { $e_exe.=&var_add($dir,$val); }
+
+ if ($key eq "LIB")
+ {
+ $lib=$val;
+ $lib =~ s/^.*\/([^\/]+)$/$1/;
+ }
+
+ if ($key eq "EXHEADER")
+ { $exheader.=&var_add($dir,$val); }
+
+ if ($key eq "HEADER")
+ { $header.=&var_add($dir,$val); }
+
+ if ($key eq "LIBOBJ")
+ { $libobj=&var_add($dir,$val); }
+
+ if ($key eq "FIPSLIBDIR")
+ { $fipslibdir=$val;}
+
+ if ($key eq "BASEADDR")
+ { $baseaddr=$val;}
+
+ if (!($_=<IN>))
+ { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
+ }
+close(IN);
+
+if ($fips_canister_path eq "")
+ {
+ $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.o";
+ }
+
+if ($fips_premain_c_path eq "")
+ {
+ $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c";
+ }
+
+if ($fips)
+ {
+ if ($fips_sha1_exe_path eq "")
+ {
+ $fips_sha1_exe_path =
+ "\$(BIN_D)${o}fips_standalone_sha1$exep";
+ }
+ }
+ else
+ {
+ $fips_sha1_exe_path = "";
+ }
+
+if ($fips_premain_dso_exe_path eq "")
+ {
+ $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep";
+ }
+
+# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips);
+
+if ($fips)
+ {
+ if (!$shlib)
+ {
+ $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
+ $ex_l_libs .= " \$(O_FIPSCANISTER)";
+ }
+ if ($fipslibdir eq "")
+ {
+ open (IN, "util/fipslib_path.txt") || fipslib_error();
+ $fipslibdir = <IN>;
+ chomp $fipslibdir;
+ close IN;
+ }
+ fips_check_files($fipslibdir,
+ "fipscanister.o", "fipscanister.o.sha1",
+ "fips_premain.c", "fips_premain.c.sha1");
+ }
+
+
$defs= <<"EOF";
# This makefile has been automatically generated from the OpenSSL distribution.
# This single makefile will build the complete OpenSSL distribution and
@@ -286,6 +445,7 @@ if ($platform eq "VC-CE")
!INCLUDE <\$(WCECOMPAT)/wcedefs.mak>
EOF
+ $ex_libs .= " $zlib_lib" if $zlib_opt == 1;
}
$defs.= <<"EOF";
@@ -308,6 +468,8 @@ EX_LIBS=$ex_libs
SRC_D=$src_dir
LINK=$link
+PERL=perl
+FIPSLINK=\$(PERL) util${o}fipslink.pl
LFLAGS=$lflags
BN_ASM_OBJ=$bn_asm_obj
@@ -339,6 +501,9 @@ TMP_D=$tmp_dir
INC_D=$inc_dir
INCO_D=$inc_dir${o}openssl
+# Directory containing FIPS module
+
+
CP=$cp
RM=$rm
RANLIB=$ranlib
@@ -346,6 +511,18 @@ MKDIR=$mkdir
MKLIB=$bin_dir$mklib
MLFLAGS=$mlflags
ASM=$bin_dir$asm
+MKCANISTER=$mkcanister
+
+# FIPS validated module and support file locations
+
+E_PREMAIN_DSO=fips_premain_dso
+
+FIPSLIB_D=$fipslibdir
+BASEADDR=$baseaddr
+FIPS_PREMAIN_SRC=$fips_premain_c_path
+O_FIPSCANISTER=$fips_canister_path
+FIPS_SHA1_EXE=$fips_sha1_exe_path
+PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
######################################################
# You should not need to touch anything below this point
@@ -377,7 +554,7 @@ SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp
L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp
-L_LIBS= \$(L_SSL) \$(L_CRYPTO)
+L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
######################################################
# Don't touch anything below this point
@@ -387,13 +564,13 @@ INC=-I\$(INC_D) -I\$(INCL_D)
APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
-LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
+LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep
#############################################
EOF
$rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets
banner:
$banner
@@ -479,57 +656,6 @@ printf OUT " #define DATE \"%s\"\n", scalar gmtime();
printf OUT "#endif\n";
close(OUT);
-#############################################
-# We parse in input file and 'store' info for later printing.
-open(IN,"<$infile") || die "unable to open $infile:$!\n";
-$_=<IN>;
-for (;;)
- {
- chop;
-
- ($key,$val)=/^([^=]+)=(.*)/;
- if ($key eq "RELATIVE_DIRECTORY")
- {
- if ($lib ne "")
- {
- $uc=$lib;
- $uc =~ s/^lib(.*)\.a/$1/;
- $uc =~ tr/a-z/A-Z/;
- $lib_nam{$uc}=$uc;
- $lib_obj{$uc}.=$libobj." ";
- }
- last if ($val eq "FINISHED");
- $lib="";
- $libobj="";
- $dir=$val;
- }
-
- if ($key eq "TEST")
- { $test.=&var_add($dir,$val); }
-
- if (($key eq "PROGS") || ($key eq "E_OBJ"))
- { $e_exe.=&var_add($dir,$val); }
-
- if ($key eq "LIB")
- {
- $lib=$val;
- $lib =~ s/^.*\/([^\/]+)$/$1/;
- }
-
- if ($key eq "EXHEADER")
- { $exheader.=&var_add($dir,$val); }
-
- if ($key eq "HEADER")
- { $header.=&var_add($dir,$val); }
-
- if ($key eq "LIBOBJ")
- { $libobj=&var_add($dir,$val); }
-
- if (!($_=<IN>))
- { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
- }
-close(IN);
-
# Strip of trailing ' '
foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }
$test=&clean_up_ws($test);
@@ -554,6 +680,29 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
+# Special case rules for fips_start and fips_end fips_premain_dso
+
+if ($fips)
+ {
+ if ($fips_canister_build)
+ {
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",
+ "fips-1.0${o}fips_canister.c",
+ "-DFIPS_START \$(SHLIB_CFLAGS)");
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",
+ "fips-1.0${o}fips_canister.c", "\$(SHLIB_CFLAGS)");
+ }
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
+ "fips-1.0${o}sha${o}fips_standalone_sha1.c",
+ "\$(SHLIB_CFLAGS)");
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_sha1dgst$obj",
+ "fips-1.0${o}sha${o}fips_sha1dgst.c",
+ "\$(SHLIB_CFLAGS)") unless $fips_canister_build;
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
+ "fips-1.0${o}fips_premain.c",
+ "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");
+ }
+
foreach (values %lib_nam)
{
$lib_obj=$lib_obj{$_};
@@ -630,16 +779,42 @@ foreach (split(/\s+/,$test))
}
$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
-$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
+
if ($fips)
{
- $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)","\$(BIN_D)$o.sha1","\$(BIN_D)$o\$(E_EXE)$exep");
+ if ($shlib)
+ {
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+ "\$(O_CRYPTO)",
+ "$crypto",
+ $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
+ }
+ else
+ {
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
+ "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+ "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+ }
}
-else
+ else
{
- $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
+ "\$(SO_CRYPTO)");
}
+
+
+if ($fips)
+ {
+ $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(FIPSLIB_D)${o}fips_standalone_sha1$exep", "") if $fips_canister_build;
+ $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
+
+ $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)","\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}fips_sha1dgst$obj","","", 1);
+ }
+
+ $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)",0);
+
print $defs;
if ($platform eq "linux-elf") {
@@ -935,6 +1110,24 @@ sub read_options
elsif (/^shlib$/) { $shlib=1; }
elsif (/^dll$/) { $shlib=1; }
elsif (/^shared$/) { } # We just need to ignore it for now...
+ elsif (/^zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 }
+ elsif (/^zlib-dynamic$/){ $zlib_opt = 2; }
+ elsif (/^--with-krb5-flavor=(.*)$/)
+ {
+ my $krb5_flavor = $1;
+ if ($krb5_flavor =~ /^force-[Hh]eimdal$/)
+ {
+ $xcflags="-DKRB5_HEIMDAL $xcflags";
+ }
+ elsif ($krb5_flavor =~ /^MIT/i)
+ {
+ $xcflags="-DKRB5_MIT $xcflags";
+ if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i)
+ {
+ $xcflags="-DKRB5_MIT_OLD11 $xcflags"
+ }
+ }
+ }
elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
elsif (/^-[lL].*$/) { $l_flags.="$_ "; }
elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
@@ -942,3 +1135,31 @@ sub read_options
else { return(0); }
return(1);
}
+
+sub fipslib_error
+ {
+ print STDERR "***FIPS module directory sanity check failed***\n";
+ print STDERR "FIPS module build failed, or was deleted\n";
+ print STDERR "Please rebuild FIPS module.\n";
+ exit 1;
+ }
+
+sub fips_check_files
+ {
+ my $dir = shift @_;
+ my $ret = 1;
+ if (!-d $dir)
+ {
+ print STDERR "FIPS module directory $dir does not exist\n";
+ fipslib_error();
+ }
+ foreach (@_)
+ {
+ if (!-f "$dir${o}$_")
+ {
+ print STDERR "FIPS module file $_ does not exist!\n";
+ $ret = 0;
+ }
+ }
+ fipslib_error() if ($ret == 0);
+ }
diff --git a/src/lib/libcrypto/util/mkdef.pl b/src/lib/libcrypto/util/mkdef.pl
index 9918c3d549..6c1e53bb14 100644
--- a/src/lib/libcrypto/util/mkdef.pl
+++ b/src/lib/libcrypto/util/mkdef.pl
@@ -83,7 +83,7 @@ my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
- "RIPEMD",
+ "SHA256", "SHA512", "RIPEMD",
"MDC2", "RSA", "DSA", "DH", "EC", "HMAC", "AES",
# Envelope "algorithms"
"EVP", "X509", "ASN1_TYPEDEFS",
@@ -267,7 +267,7 @@ $crypto.=" crypto/ocsp/ocsp.h";
$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
$crypto.=" crypto/krb5/krb5_asn.h";
$crypto.=" crypto/tmdiff.h";
-$crypto.=" fips/fips.h fips/rand/fips_rand.h";
+$crypto.=" fips-1.0/fips.h fips-1.0/rand/fips_rand.h fips-1.0/sha/fips_sha.h";
my $symhacks="crypto/symhacks.h";
@@ -864,6 +864,9 @@ sub do_defs
$a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
$a .= ",RSA" if($s =~ /RSAPrivateKey/);
$a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/);
+ # SHA2 algorithms only defined in FIPS mode for
+ # OpenSSL 0.9.7
+ $p .= "OPENSSL_FIPS" if($s =~ /SHA[235]/);
$platform{$s} =
&reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);
@@ -1011,7 +1014,7 @@ sub is_valid
{
my ($keywords_txt,$platforms) = @_;
my (@keywords) = split /,/,$keywords_txt;
- my ($falsesum, $truesum) = (0, !grep(/^[^!]/,@keywords));
+ my ($falsesum, $truesum) = (0, 1);
# Param: one keyword
sub recognise
@@ -1079,7 +1082,7 @@ sub is_valid
if ($k =~ /^!(.*)$/) {
$falsesum += &recognise($1,$platforms);
} else {
- $truesum += &recognise($k,$platforms);
+ $truesum *= &recognise($k,$platforms);
}
}
print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug;
diff --git a/src/lib/libcrypto/util/mkfiles.pl b/src/lib/libcrypto/util/mkfiles.pl
index 928a274303..bc78510f56 100644
--- a/src/lib/libcrypto/util/mkfiles.pl
+++ b/src/lib/libcrypto/util/mkfiles.pl
@@ -51,14 +51,15 @@ my @dirs = (
"crypto/ocsp",
"crypto/ui",
"crypto/krb5",
-"fips",
-"fips/aes",
-"fips/des",
-"fips/dsa",
-"fips/dh",
-"fips/rand",
-"fips/rsa",
-"fips/sha1",
+"fips-1.0",
+"fips-1.0/aes",
+"fips-1.0/des",
+"fips-1.0/dsa",
+"fips-1.0/dh",
+"fips-1.0/hmac",
+"fips-1.0/rand",
+"fips-1.0/rsa",
+"fips-1.0/sha",
"ssl",
"apps",
"test",
diff --git a/src/lib/libcrypto/util/mklink.pl b/src/lib/libcrypto/util/mklink.pl
index c8653cecc3..182732d959 100644
--- a/src/lib/libcrypto/util/mklink.pl
+++ b/src/lib/libcrypto/util/mklink.pl
@@ -14,13 +14,16 @@
# not contain symbolic links and that the parent of / is never referenced.
# Apart from this, this script should be able to handle even the most
# pathological cases.
+#
+
+use Cwd;
my $from = shift;
my @files = @ARGV;
my @from_path = split(/[\\\/]/, $from);
-my $pwd = `pwd`;
-chop($pwd);
+my $pwd = getcwd();
+chomp($pwd);
my @pwd_path = split(/[\\\/]/, $pwd);
my @to_path = ();
diff --git a/src/lib/libcrypto/util/pl/BC-32.pl b/src/lib/libcrypto/util/pl/BC-32.pl
index 897ae9d824..28869c868d 100644
--- a/src/lib/libcrypto/util/pl/BC-32.pl
+++ b/src/lib/libcrypto/util/pl/BC-32.pl
@@ -18,7 +18,7 @@ $out_def="out32";
$tmp_def="tmp32";
$inc_def="inc32";
#enable max error messages, disable most common warnings
-$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp ";
+$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ";
if ($debug)
{
$cflags.="-Od -y -v -vi- -D_DEBUG";
@@ -51,7 +51,7 @@ $lfile='';
$shlib_ex_obj="";
$app_ex_obj="c0x32.obj";
-$asm='nasmw -f obj';
+$asm='nasmw -f obj -d__omf__';
$asm.=" /Zi" if $debug;
$afile='-o';
@@ -106,9 +106,13 @@ sub do_lib_rule
$ret.="$target: $objs\n";
if (!$shlib)
{
- # $ret.="\t\$(RM) \$(O_$Name)\n";
- $ret.="\techo LIB $<\n";
- $ret.="\t&\$(MKLIB) $lfile$target -+\$**\n";
+ $ret.=<<___;
+ -\$(RM) $lfile$target
+ \$(MKLIB) $lfile$target \@&&!
++\$(**: = &^
++)
+!
+___
}
else
{
diff --git a/src/lib/libcrypto/util/pl/OS2-EMX.pl b/src/lib/libcrypto/util/pl/OS2-EMX.pl
index 75d72ebbcb..8dbeaa7a08 100644
--- a/src/lib/libcrypto/util/pl/OS2-EMX.pl
+++ b/src/lib/libcrypto/util/pl/OS2-EMX.pl
@@ -68,6 +68,7 @@ if (!$no_asm && !$fips)
$sha1_asm_src="crypto/sha/asm/s1-os2.asm";
$rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj";
$rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm";
+ $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
}
if ($shlib)
diff --git a/src/lib/libcrypto/util/pl/VC-32-GMAKE.pl b/src/lib/libcrypto/util/pl/VC-32-GMAKE.pl
new file mode 100644
index 0000000000..b5bbcac6c2
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/VC-32-GMAKE.pl
@@ -0,0 +1,222 @@
+#!/usr/local/bin/perl
+# VCw32lib.pl - the file for Visual C++ 4.[01] for windows NT, static libraries
+#
+
+
+if ($fips && !$shlib)
+ {
+ $crypto="libeayfips32";
+ $crypto_compat = "libeaycompat32.lib";
+ }
+else
+ {
+ $crypto="libeay32";
+ }
+$ssl= "ssleay32";
+
+$o='/';
+#$cp='copy nul+'; # Timestamps get stuffed otherwise
+#$rm='del';
+
+$cp='cp';
+$rm='rm';
+
+$zlib_lib="zlib1.lib";
+
+# C compiler stuff
+$cc='cl';
+$cflags=' -MD -W3 -WX -Ox -O2 -Ob2 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
+$cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8
+$cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8
+$lflags="-nologo -subsystem:console -machine:I386 -opt:ref";
+$mlflags='';
+
+$out_def="gmout32";
+$tmp_def="gmtmp32";
+$inc_def="gminc32";
+
+if ($debug)
+ {
+ $cflags=" -MDd -W3 -WX -Zi -Yd -Od -nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
+ $lflags.=" -debug";
+ $mlflags.=' -debug';
+ }
+$cflags .= " -DOPENSSL_SYSNAME_WINNT" if $NT == 1;
+
+$obj='.obj';
+$ofile="-Fo";
+
+# EXE linking stuff
+$link="link";
+$efile="-out:";
+$exep='.exe';
+if ($no_sock)
+ { $ex_libs=""; }
+else { $ex_libs="wsock32.lib user32.lib gdi32.lib"; }
+
+# static library stuff
+$mklib='lib';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='-out:';
+
+$shlib_ex_obj="";
+$app_ex_obj="setargv.obj";
+if ($nasm) {
+ $asm='nasmw -f win32';
+ $afile='-o ';
+} else {
+ $asm='ml -Cp -coff -c -Cx';
+ $asm.=" -Zi" if $debug;
+ $afile='-Fo';
+}
+
+$bn_asm_obj='';
+$bn_asm_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+
+if (!$no_asm && !$fips)
+ {
+ $bn_asm_obj='crypto/bn/asm/bn_win32.obj';
+ $bn_asm_src='crypto/bn/asm/bn_win32.asm';
+ $des_enc_obj='crypto/des/asm/d_win32.obj crypto/des/asm/y_win32.obj';
+ $des_enc_src='crypto/des/asm/d_win32.asm crypto/des/asm/y_win32.asm';
+ $bf_enc_obj='crypto/bf/asm/b_win32.obj';
+ $bf_enc_src='crypto/bf/asm/b_win32.asm';
+ $cast_enc_obj='crypto/cast/asm/c_win32.obj';
+ $cast_enc_src='crypto/cast/asm/c_win32.asm';
+ $rc4_enc_obj='crypto/rc4/asm/r4_win32.obj';
+ $rc4_enc_src='crypto/rc4/asm/r4_win32.asm';
+ $rc5_enc_obj='crypto/rc5/asm/r5_win32.obj';
+ $rc5_enc_src='crypto/rc5/asm/r5_win32.asm';
+ $md5_asm_obj='crypto/md5/asm/m5_win32.obj';
+ $md5_asm_src='crypto/md5/asm/m5_win32.asm';
+ $sha1_asm_obj='crypto/sha/asm/s1_win32.obj';
+ $sha1_asm_src='crypto/sha/asm/s1_win32.asm';
+ $rmd160_asm_obj='crypto/ripemd/asm/rm_win32.obj';
+ $rmd160_asm_src='crypto/ripemd/asm/rm_win32.asm';
+ $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+ }
+
+if ($shlib)
+ {
+ $mlflags.=" $lflags -dll";
+# $cflags =~ s| -MD| -MT|;
+ $lib_cflag=" -D_WINDLL";
+ $out_def="gmout32dll";
+ $tmp_def="gmtmp32dll";
+ }
+
+$cflags.=" -Fd$out_def";
+
+sub do_lib_rule
+ {
+ local($objs,$target,$name,$shlib,$ign,$base_addr, $fips_get_sig, $fips_premain_src)=@_;
+ local($ret,$Name);
+
+ $taget =~ s/\//$o/g if $o ne '/';
+ ($Name=$name) =~ tr/a-z/A-Z/;
+ my $base_arg;
+ if ($base_addr ne "")
+ {
+ $base_arg= " -base:$base_addr";
+ }
+ else
+ {
+ $base_arg = "";
+ }
+
+
+# $target="\$(LIB_D)$o$target";
+ if (!$shlib)
+ {
+# $ret.="\t\$(RM) \$(O_$Name)\n";
+ $ret.="$target: $objs\n";
+ $ex =' advapi32.lib';
+ $ret.="\t\$(MKLIB) $lfile$target $objs $ex\n\n";
+ }
+ else
+ {
+ local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+ $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
+ $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
+ if (defined $fips_get_sig)
+ {
+ $ret.="$target: \$(O_FIPSCANISTER) $objs $fips_get_sig\n";
+ $ret.="\tFIPS_LINK=\$(LINK) ";
+ $ret.="FIPS_CC=\$(CC) ";
+ $ret.="FIPS_CC_ARGS=\"-Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\" ";
+ $ret.="FIPS_PREMAIN_DSO=$fips_get_sig ";
+ $ret.="FIPS_TARGET=$target ";
+ $ret.="FIPS_LIBDIR=\$(FIPSLIB_D) ";
+ $ret.="\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target ";
+ $ret.="-def:ms/${Name}.def \$(SHLIB_EX_OBJ) $objs ";
+ $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n\n";
+ }
+ else
+ {
+ $ret.="$target: $objs\n";
+ $ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def \$(SHLIB_EX_OBJ) $objs $ex\n\n";
+ }
+ }
+ $ret.="\n";
+ return($ret);
+ }
+
+sub do_link_rule
+ {
+ local($target,$files,$dep_libs,$libs,$standalone)=@_;
+ local($ret,$_);
+ $file =~ s/\//$o/g if $o ne '/';
+ $n=&bname($targer);
+ if ($standalone)
+ {
+ $ret.="$target: $files $dep_libs\n";
+ $ret.="\t\$(LINK) \$(LFLAGS) $efile$target ";
+ $ret.="$files $libs\n\n";
+ }
+ elsif ($fips && !$shlib)
+ {
+ $ret.="$target: \$(O_FIPSCANISTER) $files $dep_libs\n";
+ $ret.="\tFIPS_LINK=\$(LINK) ";
+ $ret.="FIPS_CC=\$(CC) ";
+ $ret.="FIPS_CC_ARGS=\"-Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\" ";
+ $ret.="FIPS_PREMAIN_DSO= ";
+ $ret.="FIPS_TARGET=$target ";
+ $ret.="FIPS_LIBDIR=\$(FIPSLIB_D) ";
+ $ret.=" \$(FIPSLINK) \$(LFLAGS) $efile$target ";
+ $ret.="\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n\n";
+ }
+ else
+ {
+ $ret.="$target: $files $dep_libs\n";
+ $ret.="\t\$(LINK) \$(LFLAGS) $efile$target ";
+ $ret.="\$(APP_EX_OBJ) $files $libs\n\n";
+ }
+ $ret.="\n";
+ return($ret);
+ }
+
+sub do_rlink_rule
+ {
+ local($target,$files,$check_hash, $deps)=@_;
+ local($ret,$_);
+
+ $file =~ s/\//$o/g if $o ne '/';
+ $n=&bname($targer);
+ $ret.="$target: $check_hash $files $deps\n";
+ $ret.="\t\$(PERL) util${o}checkhash.pl -chdir fips-1.0 -program_path ..$o$check_hash\n";
+ $ret.="\t\$(MKCANISTER) $target $files\n";
+ $ret.="\t$check_hash $target > $target.sha1\n";
+ $ret.="\t\$(CP) fips-1.0${o}fips_premain.c \$(FIPSLIB_D)\n";
+ $ret.="\t$check_hash \$(FIPSLIB_D)${o}fips_premain.c > \$(FIPSLIB_D)${o}fips_premain.c.sha1\n\n";
+ return($ret);
+ }
+
+
+1;
diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl
index cf689b9feb..4e97dfa9af 100644
--- a/src/lib/libcrypto/util/pl/VC-32.pl
+++ b/src/lib/libcrypto/util/pl/VC-32.pl
@@ -3,15 +3,28 @@
#
$ssl= "ssleay32";
-$crypto="libeay32";
+
+if ($fips && !$shlib)
+ {
+ $crypto="libeayfips32";
+ $crypto_compat = "libeaycompat32.lib";
+ }
+else
+ {
+ $crypto="libeay32";
+ }
$o='\\';
$cp='copy nul+'; # Timestamps get stuffed otherwise
$rm='del';
+$zlib_lib="zlib1.lib";
+
# C compiler stuff
$cc='cl';
-$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
+$cflags=' /MD /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
+$cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8
+$cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8
$lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
$mlflags='';
@@ -100,25 +113,56 @@ $cflags.=" /Fd$out_def";
sub do_lib_rule
{
- local($objs,$target,$name,$shlib)=@_;
+ local($objs,$target,$name,$shlib,$ign,$base_addr) = @_;
local($ret,$Name);
$taget =~ s/\//$o/g if $o ne '/';
($Name=$name) =~ tr/a-z/A-Z/;
+ my $base_arg;
+ if ($base_addr ne "")
+ {
+ $base_arg= " /base:$base_addr";
+ }
+ else
+ {
+ $base_arg = "";
+ }
+
# $target="\$(LIB_D)$o$target";
- $ret.="$target: $objs\n";
if (!$shlib)
{
# $ret.="\t\$(RM) \$(O_$Name)\n";
+ $ret.="$target: $objs\n";
$ex =' advapi32.lib';
+ $ex.=" \$(FIPSLIB_D)${o}_chkstk.o" if $fips && $target =~ /O_CRYPTO/;
$ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n";
}
else
{
local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
- $ex.=' wsock32.lib gdi32.lib advapi32.lib';
- $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+ $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
+ $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
+ if ($fips && $target =~ /O_CRYPTO/)
+ {
+ $ex.=" \$(FIPSLIB_D)${o}_chkstk.o";
+ $ret.="$target: $objs \$(PREMAIN_DSO_EXE)\n";
+ $ret.="\tSET FIPS_LINK=\$(LINK)\n";
+ $ret.="\tSET FIPS_CC=\$(CC)\n";
+ $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+ $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
+ $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+ $ret.="\tSET FIPS_TARGET=$target\n";
+ $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+ $ret.="\t\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target ";
+ $ret.="/def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs ";
+ $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
+ }
+ else
+ {
+ $ret.="$target: $objs\n";
+ $ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+ }
}
$ret.="\n";
return($ret);
@@ -126,20 +170,51 @@ sub do_lib_rule
sub do_link_rule
{
- local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_;
+ local($target,$files,$dep_libs,$libs,$standalone)=@_;
local($ret,$_);
-
$file =~ s/\//$o/g if $o ne '/';
$n=&bname($targer);
$ret.="$target: $files $dep_libs\n";
- $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n";
- $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n";
- if (defined $sha1file)
+ if ($standalone)
+ {
+ $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
+ $ret.="\$(FIPSLIB_D)${o}_chkstk.o " if ($files =~ /O_FIPSCANISTER/);
+ $ret.="$files $libs\n<<\n";
+ }
+ elsif ($fips && !$shlib)
{
- $ret.=" $openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";
+ $ret.="\tSET FIPS_LINK=\$(LINK)\n";
+ $ret.="\tSET FIPS_CC=\$(CC)\n";
+ $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+ $ret.="\tSET PREMAIN_DSO_EXE=\n";
+ $ret.="\tSET FIPS_TARGET=$target\n";
+ $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+ $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+ $ret.=" \$(FIPSLINK) \$(LFLAGS) $efile$target @<<\n";
+ $ret.=" \$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
}
+ else
+ {
+ $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n";
+ $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n";
+ }
+ $ret.="\n";
+ return($ret);
+ }
+
+sub do_rlink_rule
+ {
+ local($target,$files,$dep_libs,$libs)=@_;
+ local($ret,$_);
+
+ $file =~ s/\//$o/g if $o ne '/';
+ $n=&bname($targer);
+ $ret.="$target: $files $dep_libs\n";
+ $ret.=" \$(MKCANISTER) $target <<\n";
+ $ret.="INPUT($files)\n<<\n";
$ret.="\n";
return($ret);
}
+
1;
diff --git a/src/lib/libcrypto/util/pod2man.pl b/src/lib/libcrypto/util/pod2man.pl
index 657e4e264e..546d1ec186 100644
--- a/src/lib/libcrypto/util/pod2man.pl
+++ b/src/lib/libcrypto/util/pod2man.pl
@@ -425,6 +425,7 @@ if ($name ne 'something') {
}
next if /^=cut\b/; # DB_File and Net::Ping have =cut before NAME
next if /^=pod\b/; # It is OK to have =pod before NAME
+ next if /^=for\s+comment\b/; # It is OK to have =for comment before NAME
die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax;
}
die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax;
diff --git a/src/lib/libcrypto/util/selftest.pl b/src/lib/libcrypto/util/selftest.pl
index e9d5aa8938..4778c5ab01 100644
--- a/src/lib/libcrypto/util/selftest.pl
+++ b/src/lib/libcrypto/util/selftest.pl
@@ -49,7 +49,7 @@ if (open(IN,"<Makefile")) {
}
$cversion=`$cc -v 2>&1`;
-$cversion=`$cc -V 2>&1` if $cversion =~ "usage";
+$cversion=`$cc -V 2>&1` if $cversion =~ "[Uu]sage";
$cversion=`$cc -V |head -1` if $cversion =~ "Error";
$cversion=`$cc --version` if $cversion eq "";
$cversion =~ s/Reading specs.*\n//;
@@ -130,15 +130,21 @@ if (system("make 2>&1 | tee make.log") > 255) {
goto err;
}
-$_=$options;
-s/no-asm//;
-s/no-shared//;
-s/no-krb5//;
-if (/no-/)
-{
- print OUT "Test skipped.\n";
- goto err;
-}
+# Not sure why this is here. The tests themselves can detect if their
+# particular feature isn't included, and should therefore skip themselves.
+# To skip *all* tests just because one algorithm isn't included is like
+# shooting mosquito with an elephant gun...
+# -- Richard Levitte, inspired by problem report 1089
+#
+#$_=$options;
+#s/no-asm//;
+#s/no-shared//;
+#s/no-krb5//;
+#if (/no-/)
+#{
+# print OUT "Test skipped.\n";
+# goto err;
+#}
print "Running make test...\n";
if (system("make test 2>&1 | tee maketest.log") > 255)
diff --git a/src/lib/libcrypto/x509/Makefile b/src/lib/libcrypto/x509/Makefile
index 5fb774f1c7..ee3f8a4a23 100644
--- a/src/lib/libcrypto/x509/Makefile
+++ b/src/lib/libcrypto/x509/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/x509/Makefile
+# OpenSSL/crypto/x509/Makefile
#
DIR= x509
diff --git a/src/lib/libcrypto/x509v3/Makefile b/src/lib/libcrypto/x509v3/Makefile
index ed2f91cbb3..49423f39f7 100644
--- a/src/lib/libcrypto/x509v3/Makefile
+++ b/src/lib/libcrypto/x509v3/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/x509v3/Makefile
+# OpenSSL/crypto/x509v3/Makefile
#
DIR= x509v3
diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES
index cccc4f812f..2840a36a6d 100644
--- a/src/lib/libssl/src/CHANGES
+++ b/src/lib/libssl/src/CHANGES
@@ -2,8 +2,94 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.7i and 0.9.7j [04 May 2006]
+
+ *) Adapt fipsld and the build system to link against the validated FIPS
+ module in FIPS mode.
+ [Steve Henson]
+
+ *) Fixes for VC++ 2005 build under Windows.
+ [Steve Henson]
+
+ *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make
+ from a Windows bash shell such as MSYS. It is autodetected from the
+ "config" script when run from a VC++ environment. Modify standard VC++
+ build to use fipscanister.o from the GNU make build.
+ [Steve Henson]
+
+ Changes between 0.9.7h and 0.9.7i [14 Oct 2005]
+
+ *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
+ The value now differs depending on if you build for FIPS or not.
+ BEWARE! A program linked with a shared FIPSed libcrypto can't be
+ safely run with a non-FIPSed libcrypto, as it may crash because of
+ the difference induced by this change.
+ [Andy Polyakov]
+
+ Changes between 0.9.7g and 0.9.7h [11 Oct 2005]
+
+ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+ (part of SSL_OP_ALL). This option used to disable the
+ countermeasure against man-in-the-middle protocol-version
+ rollback in the SSL 2.0 server implementation, which is a bad
+ idea. (CVE-2005-2969)
+
+ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+ for Information Security, National Institute of Advanced Industrial
+ Science and Technology [AIST], Japan)]
+
+ *) Minimal support for X9.31 signatures and PSS padding modes. This is
+ mainly for FIPS compliance and not fully integrated at this stage.
+ [Steve Henson]
+
+ *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
+ the exponentiation using a fixed-length exponent. (Otherwise,
+ the information leaked through timing could expose the secret key
+ after many signatures; cf. Bleichenbacher's attack on DSA with
+ biased k.)
+ [Bodo Moeller]
+
+ *) Make a new fixed-window mod_exp implementation the default for
+ RSA, DSA, and DH private-key operations so that the sequence of
+ squares and multiplies and the memory access pattern are
+ independent of the particular secret key. This will mitigate
+ cache-timing and potential related attacks.
+
+ BN_mod_exp_mont_consttime() is the new exponentiation implementation,
+ and this is automatically used by BN_mod_exp_mont() if the new flag
+ BN_FLG_EXP_CONSTTIME is set for the exponent. RSA, DSA, and DH
+ will use this BN flag for private exponents unless the flag
+ RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or
+ DH_FLAG_NO_EXP_CONSTTIME, respectively, is set.
+
+ [Matthew D Wood (Intel Corp), with some changes by Bodo Moeller]
+
+ *) Change the client implementation for SSLv23_method() and
+ SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
+ Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
+ (Previously, the SSL 2.0 backwards compatible Client Hello
+ message format would be used even with SSL_OP_NO_SSLv2.)
+ [Bodo Moeller]
+
+ *) Add support for smime-type MIME parameter in S/MIME messages which some
+ clients need.
+ [Steve Henson]
+
+ *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in
+ a threadsafe manner. Modify rsa code to use new function and add calls
+ to dsa and dh code (which had race conditions before).
+ [Steve Henson]
+
+ *) Include the fixed error library code in the C error file definitions
+ instead of fixing them up at runtime. This keeps the error code
+ structures constant.
+ [Steve Henson]
+
Changes between 0.9.7f and 0.9.7g [11 Apr 2005]
+ [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
+ OpenSSL 0.9.8.]
+
*) Fixes for newer kerberos headers. NB: the casts are needed because
the 'length' field is signed on one version and unsigned on another
with no (?) obvious way to tell the difference, without these VC++
@@ -111,11 +197,11 @@
Changes between 0.9.7c and 0.9.7d [17 Mar 2004]
*) Fix null-pointer assignment in do_change_cipher_spec() revealed
- by using the Codenomicon TLS Test Tool (CAN-2004-0079)
+ by using the Codenomicon TLS Test Tool (CVE-2004-0079)
[Joe Orton, Steve Henson]
*) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
- (CAN-2004-0112)
+ (CVE-2004-0112)
[Joe Orton, Steve Henson]
*) Make it possible to have multiple active certificates with the same
@@ -158,9 +244,9 @@
*) Fix various bugs revealed by running the NISCC test suite:
Stop out of bounds reads in the ASN1 code when presented with
- invalid tags (CAN-2003-0543 and CAN-2003-0544).
+ invalid tags (CVE-2003-0543 and CVE-2003-0544).
- Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
+ Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).
If verify callback ignores invalid public key errors don't try to check
certificate signature with the NULL public key.
@@ -245,7 +331,7 @@
via timing by performing a MAC computation even if incorrrect
block cipher padding has been found. This is a countermeasure
against active attacks where the attacker has to distinguish
- between bad padding and a MAC verification error. (CAN-2003-0078)
+ between bad padding and a MAC verification error. (CVE-2003-0078)
[Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
@@ -462,7 +548,7 @@
Remote buffer overflow in SSL3 protocol - an attacker could
supply an oversized master key in Kerberos-enabled versions.
- (CAN-2002-0657)
+ (CVE-2002-0657)
[Ben Laurie (CHATS)]
*) Change the SSL kerb5 codes to match RFC 2712.
@@ -2146,7 +2232,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
Changes between 0.9.6l and 0.9.6m [17 Mar 2004]
*) Fix null-pointer assignment in do_change_cipher_spec() revealed
- by using the Codenomicon TLS Test Tool (CAN-2004-0079)
+ by using the Codenomicon TLS Test Tool (CVE-2004-0079)
[Joe Orton, Steve Henson]
Changes between 0.9.6k and 0.9.6l [04 Nov 2003]
@@ -2154,7 +2240,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) Fix additional bug revealed by the NISCC test suite:
Stop bug triggering large recursion when presented with
- certain ASN.1 tags (CAN-2003-0851)
+ certain ASN.1 tags (CVE-2003-0851)
[Steve Henson]
Changes between 0.9.6j and 0.9.6k [30 Sep 2003]
@@ -2162,7 +2248,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) Fix various bugs revealed by running the NISCC test suite:
Stop out of bounds reads in the ASN1 code when presented with
- invalid tags (CAN-2003-0543 and CAN-2003-0544).
+ invalid tags (CVE-2003-0543 and CVE-2003-0544).
If verify callback ignores invalid public key errors don't try to check
certificate signature with the NULL public key.
@@ -2214,7 +2300,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
via timing by performing a MAC computation even if incorrrect
block cipher padding has been found. This is a countermeasure
against active attacks where the attacker has to distinguish
- between bad padding and a MAC verification error. (CAN-2003-0078)
+ between bad padding and a MAC verification error. (CVE-2003-0078)
[Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
@@ -2347,7 +2433,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) Add various sanity checks to asn1_get_length() to reject
the ASN1 length bytes if they exceed sizeof(long), will appear
negative or the content length exceeds the length of the
- supplied buffer. (CAN-2002-0659)
+ supplied buffer. (CVE-2002-0659)
[Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
*) Assertions for various potential buffer overflows, not known to
@@ -2355,15 +2441,15 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Ben Laurie (CHATS)]
*) Various temporary buffers to hold ASCII versions of integers were
- too small for 64 bit platforms. (CAN-2002-0655)
+ too small for 64 bit platforms. (CVE-2002-0655)
[Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
*) Remote buffer overflow in SSL3 protocol - an attacker could
- supply an oversized session ID to a client. (CAN-2002-0656)
+ supply an oversized session ID to a client. (CVE-2002-0656)
[Ben Laurie (CHATS)]
*) Remote buffer overflow in SSL2 protocol - an attacker could
- supply an oversized client master key. (CAN-2002-0656)
+ supply an oversized client master key. (CVE-2002-0656)
[Ben Laurie (CHATS)]
Changes between 0.9.6c and 0.9.6d [9 May 2002]
diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure
index e0e732c445..a38783dd98 100644
--- a/src/lib/libssl/src/Configure
+++ b/src/lib/libssl/src/Configure
@@ -177,11 +177,11 @@ my %table=(
# actually recommend to consider using gcc shared build even with vendor
# compiler:-)
# <appro@fy.chalmers.se>
-"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-amd64.o:::dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-x86_64.o:::dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Solaris x86 with Sun C setups
-"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL::::::::::dlfcn:solaris-shared:-KPIC:-xarch=amd64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL::::::::::dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Solaris with GNU C setups
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -200,17 +200,17 @@ my %table=(
#### SPARC Solaris with Sun C setups
# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests
-"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
# SC5.0 note: Compiler common patch 107357-01 or later is required!
-"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
####
-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Linux setups
"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
@@ -271,56 +271,56 @@ my %table=(
#
#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
# Since there is mention of this in shlib/hpux10-cc.sh
-"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-Wl,+cdp,../%3a,+cdp,./%3a,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+cdp,../%3a,+cdp,./%3a,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# 64bit PARISC for GCC without optimization, which seems to make problems.
# Submitted by <ross.alexander@uk.neceur.com>
-"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# IA-64 targets
-"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z:-b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
# with debugging of the following config.
-"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux64-shared:+Z::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# More attempts at unified 10.X and 11.X targets for HP C compiler.
#
# Chris Ruemmler <ruemmler@cup.hp.com>
# Kevin Steves <ks@hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+cdp,../%3a,+cdp,./%3a,+s,+b,\$(INSTALLTOP)/lib -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+cdp,../%3a,+cdp,./%3a,+s,+b,\$(INSTALLTOP)/lib -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# Isn't the line below meaningless? HP-UX cc optimizes for host by default.
# hpux-parisc1_0-cc with +DAportable flag would make more sense. <appro>
-"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+cdp,../%3a,+cdp,./%3a,+s,+b,\$(INSTALLTOP)/lib -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# HPUX 9.X config.
# Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or
# egcs. gcc 2.8.1 is also broken.
-"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown)::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
# please report your OS and compiler version to the openssl-bugs@openssl.org
# mailing list.
-"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# If hpux-gcc fails, try this one:
-"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# HPUX 9.X on Motorola 68k platforms with gcc
"hpux-m68k-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):::BN_LLONG DES_PTR DES_UNROLL:::::::::::::",
# HPUX 10.X config. Supports threads.
-"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
-"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# If hpux10-gcc fails, try this one:
-"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# HPUX 11.X from www.globus.org.
# Only works on PA-RISC 2.0 cpus, and not optimized. Why?
@@ -409,10 +409,9 @@ my %table=(
"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-ecc", "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-amd64.o:::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-em64t", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o:::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-ecc", "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-x86_64.o:::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -530,17 +529,17 @@ my %table=(
"BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
# MinGW
-"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll",
+"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall -D_WIN32_WINNT=0x333:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_out_asm}:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
# UWIN
"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
# Cygwin
"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:cygwin-shared:-D_WINDLL::.dll",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:cygwin-shared:-D_WINDLL::.dll.a",
# DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall -DDEVRANDOM=\"/dev/urandom\\x24\":::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
@@ -563,8 +562,8 @@ my %table=(
##### MacOS X (a.k.a. Rhapsody or Darwin) setup
"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
-"darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/osx_ppc32.o::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/osx_ppc32.o:::::::::dlfcn:darwin-shared:-fPIC -fno-common::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
##### A/UX
"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
@@ -622,6 +621,8 @@ my $prefix="";
my $openssldir="";
my $exe_ext="";
my $install_prefix="";
+my $fipslibdir="/usr/local/ssl/lib";
+my $baseaddr="0xFB00000";
my $no_threads=0;
my $no_shared=1;
my $zlib=0;
@@ -807,7 +808,7 @@ PROCESS_ARGS:
{
while (<IN>)
{
- chop;
+ chomp;
if (/^CONFIGURE_ARGS=(.*)/)
{
$argvstring=$1;
@@ -866,6 +867,22 @@ PROCESS_ARGS:
{
$withargs{"krb5-".$1}=$2;
}
+ elsif (/^--with-zlib-lib=(.*)$/)
+ {
+ $withargs{"zlib-lib"}=$1;
+ }
+ elsif (/^--with-fipslibdir=(.*)$/)
+ {
+ $fipslibdir="$1";
+ }
+ elsif (/^--with-baseaddr=(.*)$/)
+ {
+ $baseaddr="$1";
+ }
+ elsif (/^--with-zlib-include=(.*)$/)
+ {
+ $withargs{"zlib-include"}="-I$1";
+ }
else
{
print STDERR $usage;
@@ -879,7 +896,7 @@ PROCESS_ARGS:
}
else
{
- die "target already defined - $target\n" if ($target ne "");
+ die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
$target=$_;
}
unless ($_ eq $target) {
@@ -965,10 +982,26 @@ chop $prefix if $prefix =~ /\/$/;
$openssldir=$prefix . "/ssl" if $openssldir eq "";
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
+if ($fips && ! -f "$fipslibdir/fipscanister.o")
+ {
+ my $fipswinerr = "";
+ $fipswinerr = <<EOF if $IsWindows;
+ Ensure that the correct path to the FIPS module directory
+has been given to the --with-fipslibdir option.
+EOF
+ print STDERR <<EOF;
+The file fipscanister.o could not be located. Please build and install the
+FIPS module using the instructions in the user guide before compiling OpenSSL
+in FIPS mode.$fipswinerr
+EOF
+ exit 1;
+ }
+
print "IsWindows=$IsWindows\n";
my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+for (@fields) { s/%([\dA-Fa-f]{2})/chr(hex($1))/eg; }
my $cc = $fields[$idx_cc];
my $cflags = $fields[$idx_cflags];
my $unistd = $fields[$idx_unistd];
@@ -1027,7 +1060,7 @@ else
if $withargs{"krb5-dir"} eq "";
$withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
"/lib -lgssapi -lkrb5 -lcom_err"
- if $withargs{"krb5-lib"} eq "";
+ if $withargs{"krb5-lib"} eq "" && !$IsWindows;
$cflags="-DKRB5_HEIMDAL $cflags";
}
if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/)
@@ -1036,7 +1069,7 @@ else
if $withargs{"krb5-dir"} eq "";
$withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
"/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto"
- if $withargs{"krb5-lib"} eq "";
+ if $withargs{"krb5-lib"} eq "" && !$IsWindows;
$cflags="-DKRB5_MIT $cflags";
$withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//;
if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/)
@@ -1055,7 +1088,7 @@ else
}
}
$withargs{"krb5-lib"} .= " -lresolv"
- if ("$lresolv" ne "");
+ if ("$lresolv" ne "" && !$IsWindows);
$withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
if $withargs{"krb5-include"} eq "" &&
$withargs{"krb5-dir"} ne "";
@@ -1151,7 +1184,8 @@ if (!$no_shared)
{
if ($shared_cflag ne "")
{
- $cflags = "$shared_cflag $cflags";
+ $cflags = "$shared_cflag -DOPENSSL_PIC $cflags";
+ $shared_ldflag = "$shared_ldflag $shared_cflag" if($fips);
}
}
@@ -1174,16 +1208,22 @@ if ($ranlib eq "")
$bn_obj = $bn_asm unless $bn_obj ne "";
my $fips_des_obj;
+my $fips_aes_obj;
my $fips_sha1_obj;
if ($fips)
{
- if ($des_obj =~ /\-elf\.o$/ && $no_shared) # FIPS DES module is not PIC
+ if ($des_obj =~ /\-elf\.o$/)
{
$fips_des_obj='asm/fips-dx86-elf.o';
$openssl_other_defines.="#define OPENSSL_FIPS_DES_ASM\n";
+ $fips_aes_obj='asm/fips-ax86-elf.o';
+ $openssl_other_defines.="#define OPENSSL_FIPS_AES_ASM\n";
+ }
+ else {
+ $fips_des_obj=$fips_des_enc;
+ $fips_aes_obj='fips_aes_core.o';
}
- else { $fips_des_obj=$fips_des_enc; }
- $fips_sha1_obj='asm/sx86-elf.o' if ($sha1_obj =~ /\-elf\.o$/);
+ $fips_sha1_obj='asm/fips-sx86-elf.o' if ($sha1_obj =~ /\-elf\.o$/);
$des_obj=$sha1_obj="";
$openssl_other_defines.="#define OPENSSL_FIPS\n";
}
@@ -1255,7 +1295,7 @@ print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
my $sdirs=0;
while (<IN>)
{
- chop;
+ chomp;
$sdirs = 1 if /^SDIRS=/;
if ($sdirs) {
my $dir;
@@ -1287,6 +1327,7 @@ while (<IN>)
s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
s/^DES_ENC=.*$/DES_ENC= $des_obj/;
s/^FIPS_DES_ENC=.*$/FIPS_DES_ENC= $fips_des_obj/;
+ s/^FIPS_AES_ENC=.*$/FIPS_AES_ENC= $fips_aes_obj/;
s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
@@ -1301,6 +1342,10 @@ while (<IN>)
s/^PERL=.*/PERL= $perl/;
s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
+ s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
+ s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
+ s/^BASEADDR=.*/BASEADDR=$baseaddr/;
+ s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
@@ -1654,12 +1699,13 @@ sub print_table_entry
{
my $target = shift;
+ my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+ for (@fields) { s/%([\dA-Fa-f]{2})/chr(hex($1))/eg; }
(my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
- my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)=
- split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+ my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)=@fields;
print <<EOF
@@ -1702,6 +1748,7 @@ sub test_sanity
foreach $target (sort keys %table)
{
@fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+ for (@fields) { s/%([\dA-Fa-f]{2})/chr(hex($1))/eg; }
if ($fields[$idx_dso_scheme-1] =~ /^(dl|dlfcn|win32|vms)$/)
{
diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ
index 943fc9d4a3..6545cd72aa 100644
--- a/src/lib/libssl/src/FAQ
+++ b/src/lib/libssl/src/FAQ
@@ -70,7 +70,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7g was released on April 11, 2005.
+OpenSSL 0.9.7j was released on May 4, 2006.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@@ -141,8 +141,8 @@ less Unix-centric, it might have been used much earlier.
With version 0.9.6 OpenSSL was extended to interface to external crypto
hardware. This was realized in a special release '0.9.6-engine'. With
-version 0.9.7 (not yet released) the changes were merged into the main
-development line, so that the special release is no longer necessary.
+version 0.9.7 the changes were merged into the main development line,
+so that the special release is no longer necessary.
* How do I check the authenticity of the OpenSSL distribution?
diff --git a/src/lib/libssl/src/LICENSE b/src/lib/libssl/src/LICENSE
index 40277883a5..e6afecc724 100644
--- a/src/lib/libssl/src/LICENSE
+++ b/src/lib/libssl/src/LICENSE
@@ -12,7 +12,7 @@
---------------
/* ====================================================================
- * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/src/Makefile b/src/lib/libssl/src/Makefile
index 45d2befa5c..398fd3d5fd 100644
--- a/src/lib/libssl/src/Makefile
+++ b/src/lib/libssl/src/Makefile
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=0.9.7g
+VERSION=0.9.7j
MAJOR=0
MINOR=9.7
SHLIB_VERSION_NUMBER=0.9.7
@@ -104,6 +104,7 @@ PROCESSOR=
# Set DES_ENC to des_enc.o if you want to use the C version
#There are 4 x86 assember options.
FIPS_DES_ENC=
+FIPS_AES_ENC=
DES_ENC= des_enc.o fcrypt_b.o
#DES_ENC= des_enc.o fcrypt_b.o # C
#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
@@ -173,11 +174,29 @@ RMD160_ASM_OBJ=
KRB5_INCLUDES=
LIBKRB5=
+# Zlib stuff
+ZLIB_INCLUDE=
+LIBZLIB=
+
+# This is the location of fipscanister.o and friends.
+# The FIPS module build will place it $(INSTALLTOP)/lib
+# but since $(INSTALLTOP) can only take the default value
+# when the module is built it will be in /usr/local/ssl/lib
+# $(INSTALLTOP) for this build make be different so hard
+# code the path.
+
+FIPSLIBDIR=/usr/local/ssl/lib
+
+# Shared library base address. Currently only used on Windows.
+#
+
+BASEADDR=0xFB00000
+
# When we're prepared to use shared libraries in the programs we link here
# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
SHLIB_MARK=
-DIRS= crypto fips ssl $(SHLIB_MARK) sigs apps test tools
+DIRS= crypto fips-1.0 ssl $(SHLIB_MARK) apps test tools
SHLIBDIRS= crypto ssl
# dirs in crypto to build
@@ -188,7 +207,7 @@ SDIRS= objects \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
-FDIRS= sha1 rand des aes dsa rsa dh
+FDIRS= sha rand des aes dsa rsa dh hmac
# tests to perform. "alltests" is a special word indicating that all tests
# should be performed.
@@ -207,7 +226,6 @@ ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS= libcrypto.a libssl.a
-SIGS= libcrypto.a.sha1
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_LIBS=
@@ -227,19 +245,12 @@ HEADER= e_os.h
all: Makefile sub_all openssl.pc
-sigs: $(SIGS)
-libcrypto.a.sha1: libcrypto.a
- @if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- $(RANLIB) libcrypto.a; \
- fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
- fi
-
sub_all:
@for i in $(DIRS); \
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making all in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' FIPS_AES_ENC='${FIPS_AES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' FIPSLIBDIR='${FIPSLIBDIR}' all ) || exit 1; \
else \
$(MAKE) $$i; \
fi; \
@@ -250,7 +261,7 @@ sub_target:
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making $(TARGET) in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' FIPS_AES_ENC='${FIPS_AES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \
else \
$(MAKE) $$i; \
fi; \
@@ -306,12 +317,12 @@ do_gnu-shared:
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-Bsymbolic \
-Wl,--whole-archive lib$$i.a \
- -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+ -Wl,--no-whole-archive $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
done
@@ -323,7 +334,8 @@ do_darwin-shared:
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
+ --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
@@ -340,14 +352,15 @@ do_cygwin-shared:
[ "$(PLATFORM)" = "mingw" ] && shlib=$${i}eay32.dll; \
[ -f apps/$$shlib ] && rm apps/$$shlib; \
[ -f test/$$shlib ] && rm test/$$shlib; \
- base=; [ $$i = "crypto" ] && base=-Wl,--image-base,0xFE00000; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ base=; [ $$i = "crypto" ] && base=-Wl,--image-base,0x63000000; \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared $$base -o $$shlib \
-Wl,-Bsymbolic \
-Wl,--whole-archive lib$$i.a \
-Wl,--out-implib,lib$$i.dll.a \
-Wl,--no-whole-archive $$libs ${EX_LIBS} ) || exit 1; \
cp -p $$shlib apps/; cp -p $$shlib test/; \
+ touch -c lib$$i.dll.a; \
libs="-l$$i $$libs"; \
done
@@ -360,10 +373,10 @@ do_alpha-osf1-shared:
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
- -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+ -all lib$$i.a -none $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
@@ -379,10 +392,10 @@ do_tru64-shared:
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared -msym -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
- -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+ -all lib$$i.a -none $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
@@ -398,11 +411,11 @@ do_tru64-shared-rpath:
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared -msym -o lib$$i.so \
-rpath ${INSTALLTOP}/lib \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
- -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+ -all lib$$i.a -none $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
@@ -420,12 +433,12 @@ do_solaris-shared:
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
MINUSZ='-z '; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
- set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \
+ set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-Bsymbolic \
$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
- $$libs ${EX_LIBS} -lc ) || exit 1; \
+ $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
@@ -445,7 +458,7 @@ do_svr3-shared:
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
- set -x; ${CC} ${SHARED_LDFLAGS} \
+ set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
@@ -471,7 +484,7 @@ do_svr5-shared:
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
- ${CC} ${SHARED_LDFLAGS} \
+ $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
$${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
@@ -490,24 +503,15 @@ do_irix-shared:
fi; \
( WHOLELIB="-all lib$$i.a -none"; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-none"; \
- set -x; ${CC} ${SHARED_LDFLAGS} \
+ set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- $${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \
+ $${WHOLELIB} $$libs ${EX_LIBS}) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
# This assumes that GNU utilities are *not* used
-# HP-UX includes the full pathname of libs we depend on, so we would get
-# ./libcrypto (with ./ as path information) compiled into libssl, hence
-# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
-# anyway.
-# The object modules are loaded from lib$i.a using the undocumented -Fl
-# option.
-#
-# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
-# by temporarily specifying "+s"!
#
do_hpux-shared:
for i in ${SHLIBDIRS}; do \
@@ -520,38 +524,11 @@ do_hpux-shared:
shlib=lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
fi; \
[ -f $$shlib ] && rm -f $$shlib; \
- ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
- +vnocompatwarnings \
- -b -z +s \
- -o $$shlib +h $$shlib \
- -Fl lib$$i.a -ldld -lc ) || exit 1; \
- chmod a=rx $$shlib; \
- done
-
-# This assumes that GNU utilities are *not* used
-# HP-UX includes the full pathname of libs we depend on, so we would get
-# ./libcrypto (with ./ as path information) compiled into libssl, hence
-# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
-# anyway.
-#
-# HP-UX in 64bit mode has "+s" enabled by default; it will search for
-# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
-#
-do_hpux64-shared:
- for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- if expr $(PLATFORM) : '.*ia64' > /dev/null; then \
- shlib=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
- else \
- shlib=lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
- fi; \
- [ -f $$shlib ] && rm -f $$shlib; \
- ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
- -b -z \
- -o $$shlib +h $$shlib \
- +forceload lib$$i.a -ldl -lc ) || exit 1; \
+ ALLSYMSFLAGS='-Wl,-Fl'; \
+ expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
+ -Wl,-B,symbolic,+vnocompatwarnings,-z,+h,$$shlib \
+ -o $$shlib $$ALLSYMSFLAGS,lib$$i.a -ldld ) || exit 1; \
chmod a=rx $$shlib; \
done
@@ -597,7 +574,7 @@ do_aix-shared:
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
- $(SHAREDCMD) $(SHAREDFLAGS) \
+ $${FIPSLD:-${CC}} $(SHAREDFLAGS) \
-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
$$libs ${EX_LIBS} ) ) \
|| exit 1; \
@@ -613,7 +590,7 @@ do_reliantunix-shared:
( set -x; \
( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
- ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
+ $${FIPSLD:-${CC}} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
) || exit 1; \
cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
) || exit 1; \
@@ -759,11 +736,15 @@ crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt c
apps/openssl-vms.cnf: apps/openssl.cnf
$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
+crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+ $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+
+
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE
-update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf TABLE
+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
# Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar
@@ -868,15 +849,6 @@ install_sw:
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
fi; \
fi
- @for i in $(SIGS) ;\
- do \
- if [ -f "$$i" ]; then \
- ( echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
- fi; \
- done;
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
@@ -902,8 +874,8 @@ install_docs:
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
- grep -v $$filecase "^$$fn\$$" | \
- grep -v "[ ]" | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
@@ -919,8 +891,8 @@ install_docs:
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
- grep -v $$filecase "^$$fn\$$" | \
- grep -v "[ ]" | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org
index cc4000b148..b9db0dd57d 100644
--- a/src/lib/libssl/src/Makefile.org
+++ b/src/lib/libssl/src/Makefile.org
@@ -102,6 +102,7 @@ PROCESSOR=
# Set DES_ENC to des_enc.o if you want to use the C version
#There are 4 x86 assember options.
FIPS_DES_ENC= des_enc.o fcrypt_b.o
+FIPS_AES_ENC= fips_aes_core.o
DES_ENC= asm/dx86-out.o asm/yx86-out.o
#DES_ENC= des_enc.o fcrypt_b.o # C
#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
@@ -171,11 +172,29 @@ RMD160_ASM_OBJ= asm/rm86-out.o
KRB5_INCLUDES=
LIBKRB5=
+# Zlib stuff
+ZLIB_INCLUDE=
+LIBZLIB=
+
+# This is the location of fipscanister.o and friends.
+# The FIPS module build will place it $(INSTALLTOP)/lib
+# but since $(INSTALLTOP) can only take the default value
+# when the module is built it will be in /usr/local/ssl/lib
+# $(INSTALLTOP) for this build make be different so hard
+# code the path.
+
+FIPSLIBDIR=/usr/local/ssl/lib
+
+# Shared library base address. Currently only used on Windows.
+#
+
+BASEADDR=
+
# When we're prepared to use shared libraries in the programs we link here
# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
SHLIB_MARK=
-DIRS= crypto fips ssl $(SHLIB_MARK) sigs apps test tools
+DIRS= crypto fips-1.0 ssl $(SHLIB_MARK) apps test tools
SHLIBDIRS= crypto ssl
# dirs in crypto to build
@@ -186,7 +205,7 @@ SDIRS= objects \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
-FDIRS= sha1 rand des aes dsa rsa dh
+FDIRS= sha rand des aes dsa rsa dh hmac
# tests to perform. "alltests" is a special word indicating that all tests
# should be performed.
@@ -205,7 +224,6 @@ ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS= libcrypto.a libssl.a
-SIGS= libcrypto.a.sha1
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_LIBS=
@@ -225,19 +243,12 @@ HEADER= e_os.h
all: Makefile sub_all openssl.pc
-sigs: $(SIGS)
-libcrypto.a.sha1: libcrypto.a
- @if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- $(RANLIB) libcrypto.a; \
- fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
- fi
-
sub_all:
@for i in $(DIRS); \
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making all in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' FIPS_AES_ENC='${FIPS_AES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' FIPSLIBDIR='${FIPSLIBDIR}' all ) || exit 1; \
else \
$(MAKE) $$i; \
fi; \
@@ -248,7 +259,7 @@ sub_target:
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making $(TARGET) in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' FIPS_AES_ENC='${FIPS_AES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \
else \
$(MAKE) $$i; \
fi; \
@@ -304,12 +315,12 @@ do_gnu-shared:
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-Bsymbolic \
-Wl,--whole-archive lib$$i.a \
- -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+ -Wl,--no-whole-archive $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
done
@@ -321,7 +332,8 @@ do_darwin-shared:
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
+ --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
@@ -338,14 +350,15 @@ do_cygwin-shared:
[ "$(PLATFORM)" = "mingw" ] && shlib=$${i}eay32.dll; \
[ -f apps/$$shlib ] && rm apps/$$shlib; \
[ -f test/$$shlib ] && rm test/$$shlib; \
- base=; [ $$i = "crypto" ] && base=-Wl,--image-base,0xFE00000; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ base=; [ $$i = "crypto" ] && base=-Wl,--image-base,0x63000000; \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared $$base -o $$shlib \
-Wl,-Bsymbolic \
-Wl,--whole-archive lib$$i.a \
-Wl,--out-implib,lib$$i.dll.a \
-Wl,--no-whole-archive $$libs ${EX_LIBS} ) || exit 1; \
cp -p $$shlib apps/; cp -p $$shlib test/; \
+ touch -c lib$$i.dll.a; \
libs="-l$$i $$libs"; \
done
@@ -358,10 +371,10 @@ do_alpha-osf1-shared:
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
- -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+ -all lib$$i.a -none $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
@@ -377,10 +390,10 @@ do_tru64-shared:
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared -msym -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
- -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+ -all lib$$i.a -none $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
@@ -396,11 +409,11 @@ do_tru64-shared-rpath:
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared -msym -o lib$$i.so \
-rpath ${INSTALLTOP}/lib \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
- -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+ -all lib$$i.a -none $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
@@ -418,12 +431,12 @@ do_solaris-shared:
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
MINUSZ='-z '; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
- set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \
+ set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-Bsymbolic \
$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
- $$libs ${EX_LIBS} -lc ) || exit 1; \
+ $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
@@ -443,7 +456,7 @@ do_svr3-shared:
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
- set -x; ${CC} ${SHARED_LDFLAGS} \
+ set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
@@ -469,7 +482,7 @@ do_svr5-shared:
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
- ${CC} ${SHARED_LDFLAGS} \
+ $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
$${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
@@ -488,24 +501,15 @@ do_irix-shared:
fi; \
( WHOLELIB="-all lib$$i.a -none"; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-none"; \
- set -x; ${CC} ${SHARED_LDFLAGS} \
+ set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
- $${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \
+ $${WHOLELIB} $$libs ${EX_LIBS}) || exit 1; \
libs="-l$$i $$libs"; \
done; \
fi
# This assumes that GNU utilities are *not* used
-# HP-UX includes the full pathname of libs we depend on, so we would get
-# ./libcrypto (with ./ as path information) compiled into libssl, hence
-# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
-# anyway.
-# The object modules are loaded from lib$i.a using the undocumented -Fl
-# option.
-#
-# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
-# by temporarily specifying "+s"!
#
do_hpux-shared:
for i in ${SHLIBDIRS}; do \
@@ -518,38 +522,11 @@ do_hpux-shared:
shlib=lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
fi; \
[ -f $$shlib ] && rm -f $$shlib; \
- ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
- +vnocompatwarnings \
- -b -z +s \
- -o $$shlib +h $$shlib \
- -Fl lib$$i.a -ldld -lc ) || exit 1; \
- chmod a=rx $$shlib; \
- done
-
-# This assumes that GNU utilities are *not* used
-# HP-UX includes the full pathname of libs we depend on, so we would get
-# ./libcrypto (with ./ as path information) compiled into libssl, hence
-# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
-# anyway.
-#
-# HP-UX in 64bit mode has "+s" enabled by default; it will search for
-# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
-#
-do_hpux64-shared:
- for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- if expr $(PLATFORM) : '.*ia64' > /dev/null; then \
- shlib=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
- else \
- shlib=lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
- fi; \
- [ -f $$shlib ] && rm -f $$shlib; \
- ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
- -b -z \
- -o $$shlib +h $$shlib \
- +forceload lib$$i.a -ldl -lc ) || exit 1; \
+ ALLSYMSFLAGS='-Wl,-Fl'; \
+ expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
+ -Wl,-B,symbolic,+vnocompatwarnings,-z,+h,$$shlib \
+ -o $$shlib $$ALLSYMSFLAGS,lib$$i.a -ldld ) || exit 1; \
chmod a=rx $$shlib; \
done
@@ -595,7 +572,7 @@ do_aix-shared:
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
- $(SHAREDCMD) $(SHAREDFLAGS) \
+ $${FIPSLD:-${CC}} $(SHAREDFLAGS) \
-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
$$libs ${EX_LIBS} ) ) \
|| exit 1; \
@@ -611,7 +588,7 @@ do_reliantunix-shared:
( set -x; \
( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
- ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
+ $${FIPSLD:-${CC}} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
) || exit 1; \
cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
) || exit 1; \
@@ -757,11 +734,15 @@ crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt c
apps/openssl-vms.cnf: apps/openssl.cnf
$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
+crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+ $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+
+
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE
-update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf TABLE
+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
# Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar
@@ -866,15 +847,6 @@ install_sw:
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
fi; \
fi
- @for i in $(SIGS) ;\
- do \
- if [ -f "$$i" ]; then \
- ( echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
- fi; \
- done;
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
@@ -900,8 +872,8 @@ install_docs:
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
- grep -v $$filecase "^$$fn\$$" | \
- grep -v "[ ]" | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
@@ -917,8 +889,8 @@ install_docs:
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
- grep -v $$filecase "^$$fn\$$" | \
- grep -v "[ ]" | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS
index 8e1ce65a5f..49b443ed4d 100644
--- a/src/lib/libssl/src/NEWS
+++ b/src/lib/libssl/src/NEWS
@@ -5,6 +5,20 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j:
+
+ o Update Windows build system for FIPS.
+
+ Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i:
+
+ o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
+
+ Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h:
+
+ o Fix SSL 2.0 Rollback, CAN-2005-2969
+ o Allow use of fixed-length exponent on DSA signing
+ o Default fixed-window RSA, DSA, DH private-key operations
+
Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
o More compilation issues fixed.
diff --git a/src/lib/libssl/src/PROBLEMS b/src/lib/libssl/src/PROBLEMS
index cbefadb40e..6f39eb345d 100644
--- a/src/lib/libssl/src/PROBLEMS
+++ b/src/lib/libssl/src/PROBLEMS
@@ -48,20 +48,28 @@ will interfere with each other and lead to test failure.
The solution is simple for now: don't run parallell make when testing.
-* Bugs in gcc 3.0 triggered
+* Bugs in gcc triggered
-According to a problem report, there are bugs in gcc 3.0 that are
-triggered by some of the code in OpenSSL, more specifically in
-PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
+- According to a problem report, there are bugs in gcc 3.0 that are
+ triggered by some of the code in OpenSSL, more specifically in
+ PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
header+=11;
if (*header != '4') return(0); header++;
if (*header != ',') return(0); header++;
-What happens is that gcc might optimize a little too agressively, and
-you end up with an extra incrementation when *header != '4'.
+ What happens is that gcc might optimize a little too agressively, and
+ you end up with an extra incrementation when *header != '4'.
-We recommend that you upgrade gcc to as high a 3.x version as you can.
+ We recommend that you upgrade gcc to as high a 3.x version as you can.
+
+- According to multiple problem reports, some of our message digest
+ implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64
+ and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while
+ latter - SHA one.
+
+ The recomendation is to upgrade your compiler. This naturally applies to
+ other similar cases.
* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
@@ -120,3 +128,37 @@ Any information helping to solve this issue would be deeply
appreciated.
NOTE: building non-shared doesn't come with this problem.
+
+* ULTRIX build fails with shell errors, such as "bad substitution"
+ and "test: argument expected"
+
+The problem is caused by ULTRIX /bin/sh supporting only original
+Bourne shell syntax/semantics, and the trouble is that the vast
+majority is so accustomed to more modern syntax, that very few
+people [if any] would recognize the ancient syntax even as valid.
+This inevitably results in non-trivial scripts breaking on ULTRIX,
+and OpenSSL isn't an exclusion. Fortunately there is workaround,
+hire /bin/ksh to do the job /bin/sh fails to do.
+
+1. Trick make(1) to use /bin/ksh by setting up following environ-
+ ment variables *prior* you execute ./Configure and make:
+
+ PROG_ENV=POSIX
+ MAKESHELL=/bin/ksh
+ export PROG_ENV MAKESHELL
+
+ or if your shell is csh-compatible:
+
+ setenv PROG_ENV POSIX
+ setenv MAKESHELL /bin/ksh
+
+2. Trick /bin/sh to use alternative expression evaluator. Create
+ following 'test' script for example in /tmp:
+
+ #!/bin/ksh
+ ${0##*/} "$@"
+
+ Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend*
+ your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter-
+ natively just replace system /bin/test and /bin/[ with the
+ above script.
diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README
index c52c2d94bd..a6a97c8858 100644
--- a/src/lib/libssl/src/README
+++ b/src/lib/libssl/src/README
@@ -1,5 +1,5 @@
- OpenSSL 0.9.7g 11 April 2005
+ OpenSSL 0.9.7j 04 May 2006
Copyright (c) 1998-2005 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -14,13 +14,13 @@
protocols as well as a full-strength general purpose cryptography library.
The project is managed by a worldwide community of volunteers that use the
Internet to communicate, plan, and develop the OpenSSL toolkit and its
- related documentation.
+ related documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
OpenSSL license plus the SSLeay license) situation, which basically means
that you are free to get and use it for commercial and non-commercial
- purposes as long as you fulfill the conditions of both licenses.
+ purposes as long as you fulfill the conditions of both licenses.
OVERVIEW
--------
@@ -53,11 +53,11 @@
MDC2 message digest. A DES based hash that is popular on smart cards.
Public Key
- RSA encryption/decryption/generation.
+ RSA encryption/decryption/generation.
There is no limit on the number of bits.
- DSA encryption/decryption/generation.
+ DSA encryption/decryption/generation.
There is no limit on the number of bits.
- Diffie-Hellman key-exchange/key generation.
+ Diffie-Hellman key-exchange/key generation.
There is no limit on the number of bits.
X.509v3 certificates
@@ -80,16 +80,16 @@
A simple stack.
A Configuration loader that uses a format similar to MS .ini files.
- openssl:
+ openssl:
A command line tool that can be used for:
Creation of RSA, DH and DSA key parameters
- Creation of X.509 certificates, CSRs and CRLs
+ Creation of X.509 certificates, CSRs and CRLs
Calculation of Message Digests
Encryption and Decryption with Ciphers
SSL/TLS Client and Server Tests
Handling of S/MIME signed or encrypted mail
-
+
PATENTS
-------
@@ -104,13 +104,15 @@
licensing conditions. Their web page is http://www.rsasecurity.com/.
RC4 is a trademark of RSA Security, so use of this label should perhaps
- only be used with RSA Security's permission.
+ only be used with RSA Security's permission.
The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They
should be contacted if that algorithm is to be used; their web page is
http://www.ascom.ch/.
+ The MDC2 algorithm is patented by IBM.
+
INSTALLATION
------------
@@ -129,7 +131,7 @@
or application author. We try to collect those in doc/PROBLEMS, with current
thoughts on how they should be solved in a future of OpenSSL.
- SUPPORT
+ SUPPORT
-------
If you have any problems with OpenSSL then please take the following steps
@@ -138,7 +140,7 @@
- Download the current snapshot from ftp://ftp.openssl.org/snapshot/
to see if the problem has already been addressed
- Remove ASM versions of libraries
- - Remove compiler optimisation flags
+ - Remove compiler optimisation flags
If you wish to report a bug then please include the following information in
any bug report:
@@ -191,3 +193,4 @@
# ./Configure dist; make clean
# cd ..
# diff -ur openssl-orig openssl-work > mydiffs.patch
+
diff --git a/src/lib/libssl/src/apps/CA.pl b/src/lib/libssl/src/apps/CA.pl
index 4f3ba0f08c..9f06cd0232 100644
--- a/src/lib/libssl/src/apps/CA.pl
+++ b/src/lib/libssl/src/apps/CA.pl
@@ -66,19 +66,19 @@ foreach (@ARGV) {
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
- system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
+ system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
$RET=$?;
- print "Certificate (and private key) is in newreq.pem\n"
+ print "Certificate is in newcert.pem, private key is in newkey.pem\n"
} elsif (/^-newreq$/) {
# create a certificate request
- system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
+ system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
- print "Request (and private key) is in newreq.pem\n";
+ print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newreq-nodes$/) {
# create a certificate request
- system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
+ system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
- print "Request (and private key) is in newreq.pem\n";
+ print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
@@ -118,10 +118,11 @@ foreach (@ARGV) {
} elsif (/^-pkcs12$/) {
my $cname = $ARGV[1];
$cname = "My Certificate" unless defined $cname;
- system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
+ system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
"-export -name \"$cname\"");
$RET=$?;
+ print "PKCS #12 file is in newcert.p12\n";
exit $RET;
} elsif (/^-xsign$/) {
system ("$CA -policy policy_anything -infiles newreq.pem");
diff --git a/src/lib/libssl/src/apps/CA.pl.in b/src/lib/libssl/src/apps/CA.pl.in
index 39f267d313..9c99739092 100644
--- a/src/lib/libssl/src/apps/CA.pl.in
+++ b/src/lib/libssl/src/apps/CA.pl.in
@@ -66,19 +66,19 @@ foreach (@ARGV) {
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
- system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
+ system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
$RET=$?;
- print "Certificate (and private key) is in newreq.pem\n"
+ print "Certificate is in newcert.pem, private key is in newkey.pem\n"
} elsif (/^-newreq$/) {
# create a certificate request
- system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
+ system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
- print "Request (and private key) is in newreq.pem\n";
+ print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newreq-nodes$/) {
# create a certificate request
- system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
+ system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
- print "Request (and private key) is in newreq.pem\n";
+ print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
@@ -118,10 +118,11 @@ foreach (@ARGV) {
} elsif (/^-pkcs12$/) {
my $cname = $ARGV[1];
$cname = "My Certificate" unless defined $cname;
- system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
+ system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
"-export -name \"$cname\"");
$RET=$?;
+ print "PKCS #12 file is in newcert.p12\n";
exit $RET;
} elsif (/^-xsign$/) {
system ("$CA -policy policy_anything -infiles newreq.pem");
diff --git a/src/lib/libssl/src/apps/CA.sh b/src/lib/libssl/src/apps/CA.sh
index 030a11fc25..84d7ec0b33 100644
--- a/src/lib/libssl/src/apps/CA.sh
+++ b/src/lib/libssl/src/apps/CA.sh
@@ -51,15 +51,15 @@ case $i in
;;
-newcert)
# create a certificate
- $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS
+ $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
RET=$?
- echo "Certificate (and private key) is in newreq.pem"
+ echo "Certificate is in newcert.pem, private key is in newkey.pem"
;;
-newreq)
# create a certificate request
- $REQ -new -keyout newreq.pem -out newreq.pem $DAYS
+ $REQ -new -keyout newkey.pem -out newreq.pem $DAYS
RET=$?
- echo "Request (and private key) is in newreq.pem"
+ echo "Request is in newreq.pem, private key is in newkey.pem"
;;
-newca)
# if explicitly asked for or it doesn't exist then setup the directory
diff --git a/src/lib/libssl/src/apps/Makefile b/src/lib/libssl/src/apps/Makefile
index 93dcf765e6..4daa92382f 100644
--- a/src/lib/libssl/src/apps/Makefile
+++ b/src/lib/libssl/src/apps/Makefile
@@ -101,8 +101,9 @@ install:
(echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
- done;
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
+ ) done;
@for i in $(SCRIPTS); \
do \
(echo installing $$i; \
@@ -143,17 +144,19 @@ $(DLIBCRYPTO):
$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(EXE)
- if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+ @if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
+ FIPSLD_CC=$(CC); CC=$(TOP)/fips-1.0/fipsld; export CC FIPSLD_CC; \
+ fi; \
+ SHARED_LIBS="$(SHARED_LIBS)"; \
+ if [ "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+ SHARED_LIBS=""; \
+ fi; \
+ if [ -z "$$SHARED_LIBS" ]; then \
set -x; $${CC:-$(CC)} -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
- elif [ -z "$(SHARED_LIBS)" ]; then \
- set -x; $${CC:-$(CC)} -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
else \
set -x; LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
$(CC) -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
fi
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(EXE); \
- fi
-(cd ..; \
OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
$(PERL) tools/c_rehash certs)
diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c
index 9157cdfcdc..9b07e913c5 100644
--- a/src/lib/libssl/src/apps/apps.c
+++ b/src/lib/libssl/src/apps/apps.c
@@ -361,10 +361,17 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
/* The start of something good :-) */
if (num >= arg->count)
{
- arg->count+=20;
- arg->data=(char **)OPENSSL_realloc(arg->data,
- sizeof(char *)*arg->count);
- if (argc == 0) return(0);
+ char **tmp_p;
+ int tlen = arg->count + 20;
+ tmp_p = (char **)OPENSSL_realloc(arg->data,
+ sizeof(char *)*tlen);
+ if (tmp_p == NULL)
+ return 0;
+ arg->data = tmp_p;
+ arg->count = tlen;
+ /* initialize newly allocated data */
+ for (i = num; i < arg->count; i++)
+ arg->data[i] = NULL;
}
arg->data[num++]=p;
@@ -1591,8 +1598,9 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
{
if (errno != ENOENT
#ifdef ENOTDIR
- && errno != ENOTDIR)
+ && errno != ENOTDIR
#endif
+ )
goto err;
}
else
@@ -1893,8 +1901,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
{
if (errno != ENOENT
#ifdef ENOTDIR
- && errno != ENOTDIR)
+ && errno != ENOTDIR
#endif
+ )
goto err;
}
else
@@ -1929,8 +1938,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
{
if (errno != ENOENT
#ifdef ENOTDIR
- && errno != ENOTDIR)
+ && errno != ENOTDIR
#endif
+ )
goto err;
}
else
diff --git a/src/lib/libssl/src/apps/asn1pars.c b/src/lib/libssl/src/apps/asn1pars.c
index c89b358b23..a6b6c41f13 100644
--- a/src/lib/libssl/src/apps/asn1pars.c
+++ b/src/lib/libssl/src/apps/asn1pars.c
@@ -182,7 +182,7 @@ int MAIN(int argc, char **argv)
bad:
BIO_printf(bio_err,"%s [options] <infile\n",prog);
BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file (output format is always DER\n");
BIO_printf(bio_err," -noout arg don't produce any output\n");
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
index e98885d7e3..928c6f7f24 100644
--- a/src/lib/libssl/src/apps/ca.c
+++ b/src/lib/libssl/src/apps/ca.c
@@ -943,7 +943,6 @@ bad:
if (verbose) BIO_printf(bio_err,
"Done. %d entries marked as expired\n",i);
}
- goto err;
}
/*****************************************************************/
diff --git a/src/lib/libssl/src/apps/engine.c b/src/lib/libssl/src/apps/engine.c
index 12283d0aed..e8a599f9e5 100644
--- a/src/lib/libssl/src/apps/engine.c
+++ b/src/lib/libssl/src/apps/engine.c
@@ -387,11 +387,15 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-pre") == 0)
{
argc--; argv++;
+ if (argc == 0)
+ goto skip_arg_loop;
sk_push(pre_cmds,*argv);
}
else if (strcmp(*argv,"-post") == 0)
{
argc--; argv++;
+ if (argc == 0)
+ goto skip_arg_loop;
sk_push(post_cmds,*argv);
}
else if ((strncmp(*argv,"-h",2) == 0) ||
diff --git a/src/lib/libssl/src/apps/genrsa.c b/src/lib/libssl/src/apps/genrsa.c
index 63be873b7b..7dbd0923b6 100644
--- a/src/lib/libssl/src/apps/genrsa.c
+++ b/src/lib/libssl/src/apps/genrsa.c
@@ -88,6 +88,9 @@ int MAIN(int argc, char **argv)
RSA *rsa=NULL;
int i,num=DEFBITS;
long l;
+#ifdef OPENSSL_FIPS
+ int use_x931 = 0;
+#endif
const EVP_CIPHER *enc=NULL;
unsigned long f4=RSA_F4;
char *outfile=NULL;
@@ -126,6 +129,10 @@ int MAIN(int argc, char **argv)
f4=3;
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
f4=RSA_F4;
+#ifdef OPENSSL_FIPS
+ else if (strcmp(*argv,"-x931") == 0)
+ use_x931 = 1;
+#endif
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
@@ -233,11 +240,27 @@ bad:
BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
num);
- rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
+#ifdef OPENSSL_FIPS
+ if (use_x931)
+ {
+ BIGNUM *pubexp;
+ pubexp = BN_new();
+ BN_set_word(pubexp, f4);
+ rsa = RSA_X931_generate_key(num, pubexp, genrsa_cb, bio_err);
+ BN_free(pubexp);
+ }
+ else
+#endif
+ rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
app_RAND_write_file(NULL, bio_err);
- if (rsa == NULL) goto err;
+ if (rsa == NULL)
+ {
+ BIO_printf(bio_err, "Key Generation error\n");
+
+ goto err;
+ }
/* We need to do the following for when the base number size is <
* long, esp windows 3.1 :-(. */
diff --git a/src/lib/libssl/src/apps/makeapps.com b/src/lib/libssl/src/apps/makeapps.com
index 2f1af9ec94..7b5ff90c62 100644
--- a/src/lib/libssl/src/apps/makeapps.com
+++ b/src/lib/libssl/src/apps/makeapps.com
@@ -650,7 +650,7 @@ $ CCDEFS = "MONOLITH"
$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
$ CCEXTRAFLAGS = ""
$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
$!
diff --git a/src/lib/libssl/src/apps/openssl.c b/src/lib/libssl/src/apps/openssl.c
index 65a9ee8a66..cb6ee740e7 100644
--- a/src/lib/libssl/src/apps/openssl.c
+++ b/src/lib/libssl/src/apps/openssl.c
@@ -237,21 +237,12 @@ int main(int Argc, char *Argv[])
#ifdef OPENSSL_FIPS
if(getenv("OPENSSL_FIPS")) {
-#if defined(_WIN32)
- char filename[MAX_PATH] = "";
- GetModuleFileNameA( NULL, filename, MAX_PATH) ;
- p = filename;
-#else
- p = Argv[0];
-#endif
- if (!FIPS_mode_set(1,p)) {
+ if (!FIPS_mode_set(1)) {
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
EXIT(1);
}
in_FIPS_mode = 1;
- if (getenv("OPENSSL_FIPS_MD5"))
- FIPS_allow_md5(1);
}
#endif
if (bio_err == NULL)
diff --git a/src/lib/libssl/src/apps/rsautl.c b/src/lib/libssl/src/apps/rsautl.c
index 5db6fe7cd7..bdfbe31c14 100644
--- a/src/lib/libssl/src/apps/rsautl.c
+++ b/src/lib/libssl/src/apps/rsautl.c
@@ -3,7 +3,7 @@
* project 2000.
*/
/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -147,6 +147,7 @@ int MAIN(int argc, char **argv)
else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
+ else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;
else if(!strcmp(*argv, "-sign")) {
rsa_mode = RSA_SIGN;
need_priv = 1;
diff --git a/src/lib/libssl/src/apps/speed.c b/src/lib/libssl/src/apps/speed.c
index 5ed510ced6..2fc327c375 100644
--- a/src/lib/libssl/src/apps/speed.c
+++ b/src/lib/libssl/src/apps/speed.c
@@ -1706,7 +1706,7 @@ show_res:
k,rsa_bits[k],rsa_results[k][0],
rsa_results[k][1]);
else
- fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n",
+ fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
}
@@ -1725,7 +1725,7 @@ show_res:
fprintf(stdout,"+F3:%u:%u:%f:%f\n",
k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
else
- fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n",
+ fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
}
diff --git a/src/lib/libssl/src/certs/argena.pem b/src/lib/libssl/src/certs/argena.pem
new file mode 100644
index 0000000000..db730e38dd
--- /dev/null
+++ b/src/lib/libssl/src/certs/argena.pem
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIG0zCCBbugAwIBAgIBADANBgkqhkiG9w0BAQUFADCBzDELMAkGA1UEBhMCQVQx
+EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTE6MDgGA1UEChMxQVJH
+RSBEQVRFTiAtIEF1c3RyaWFuIFNvY2lldHkgZm9yIERhdGEgUHJvdGVjdGlvbjEl
+MCMGA1UECxMcQS1DRVJUIENlcnRpZmljYXRpb24gU2VydmljZTEYMBYGA1UEAxMP
+QS1DRVJUIEFEVkFOQ0VEMR0wGwYJKoZIhvcNAQkBFg5pbmZvQGEtY2VydC5hdDAe
+Fw0wNDEwMjMxNDE0MTRaFw0xMTEwMjMxNDE0MTRaMIHMMQswCQYDVQQGEwJBVDEQ
+MA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQKEzFBUkdF
+IERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0aW9uMSUw
+IwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYDVQQDEw9B
+LUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0LmF0MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3euXIy+mnf6BYKbK+QH5k679
+tUFqeT8jlZxMew8eNiHuw9KoxWBzL6KksK+5uK7Gatw+sbAYntEGE80P+Jg1hADM
+e+Fr5V0bc6QS3gkVtfUCW/RIvfMM39oxvmqJmOgPnJU7H6+nmLtsq61tv9kVJi/2
+4Y5wXW3odet72sF57EoG6s78w0BUVLNcMngS9bZZzmdG3/d6JbkGgoNF/8DcgCBJ
+W/t0JrcIzyppXIOVtUzzOrrU86zuUgT3Rtkl5kjG7DEHpFb9H0fTOY1v8+gRoaO6
+2gA0PCiysgVZjwgVeYe3KAg11nznyleDv198uK3Dc1oXIGYjJx2FpKWUvAuAEwID
+AQABo4ICvDCCArgwHQYDVR0OBBYEFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYMIH5BgNV
+HSMEgfEwge6AFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYoYHSpIHPMIHMMQswCQYDVQQG
+EwJBVDEQMA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQK
+EzFBUkdFIERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0
+aW9uMSUwIwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYD
+VQQDEw9BLUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0
+LmF0ggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgHmMEcGA1UdJQRAMD4G
+CCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcD
+CAYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAP8wUQYDVR0gBEowSDBGBggq
+KAAYAQEBAzA6MDgGCCsGAQUFBwIBFixodHRwOi8vd3d3LmEtY2VydC5hdC9jZXJ0
+aWZpY2F0ZS1wb2xpY3kuaHRtbDA7BglghkgBhvhCAQgELhYsaHR0cDovL3d3dy5h
+LWNlcnQuYXQvY2VydGlmaWNhdGUtcG9saWN5Lmh0bWwwGQYDVR0RBBIwEIEOaW5m
+b0BhLWNlcnQuYXQwLwYDVR0SBCgwJoEOaW5mb0BhLWNlcnQuYXSGFGh0dHA6Ly93
+d3cuYS1jZXJ0LmF0MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHBzOi8vc2VjdXJlLmEt
+Y2VydC5hdC9jZ2ktYmluL2EtY2VydC1hZHZhbmNlZC5jZ2kwDQYJKoZIhvcNAQEF
+BQADggEBACX1IvgfdG2rvfv35O48vSEvcVaEdlN8USFBHWz3JRAozgzvaBtwHkjK
+Zwt5l/BWOtjbvHfRjDt7ijlBEcxOOrNC1ffyMHwHrXpvff6YpQ5wnxmIYEQcURiG
+HMqruEX0WkuDNgSKwefsgXs27eeBauHgNGVcTYH1rmHu/ZyLpLxOyJQ2PCzA1DzW
+3rWkIX92ogJ7lTRdWrbxwUL1XGinxnnaQ74+/y0pI9JNEv7ic2tpkweRMpkedaLW
+msC1+orfKTebsg69aMaCx7o6jNONRmR/7TVaPf8/k6g52cHZ9YWjQvup22b5rWxG
+J5r5LZ4vCPmF4+T4lutjUYAa/lGuQTg=
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/certs/argeng.pem b/src/lib/libssl/src/certs/argeng.pem
new file mode 100644
index 0000000000..621e30e208
--- /dev/null
+++ b/src/lib/libssl/src/certs/argeng.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAyygAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmDELMAkGA1UEBhMCQVQx
+EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAGA1UEChM5QXJn
+ZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBmdWVyIERhdGVu
+c2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVuLmF0MB4XDTAx
+MDIxMjExMzAzMFoXDTA5MDIxMjExMzAzMFowgZgxCzAJBgNVBAYTAkFUMRAwDgYD
+VQQIEwdBdXN0cmlhMQ8wDQYDVQQHEwZWaWVubmExQjBABgNVBAoTOUFyZ2UgRGF0
+ZW4gT2VzdGVycmVpY2hpc2NoZSBHZXNlbGxzY2hhZnQgZnVlciBEYXRlbnNjaHV0
+ejEiMCAGCSqGSIb3DQEJARYTYS1jZXJ0QGFyZ2VkYXRlbi5hdDCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAwgsHqoNtmmrJ86+e1I4hOVBaL4kokqKN2IPOIL+1
+XwY8vfOOUfPEdhWpaC0ldt7VYrksgDiUccgH0FROANWK2GkfKMDzjjXHysR04uEb
+Om7Kqjqn0nproOGkFG+QvBZgs+Ws+HXNFJA6V76fU4+JXq4452LSK4Lr5YcBquu3
+NJECAwEAAaOCARkwggEVMB0GA1UdDgQWBBQ0j59zH/G31zRjgK1y2P//tSAWZjCB
+xQYDVR0jBIG9MIG6gBQ0j59zH/G31zRjgK1y2P//tSAWZqGBnqSBmzCBmDELMAkG
+A1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAG
+A1UEChM5QXJnZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBm
+dWVyIERhdGVuc2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVu
+LmF0ggEAMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQE
+AwICBDANBgkqhkiG9w0BAQQFAAOBgQBFuJYncqMYB6gXQS3eDOI90BEHfFTKy/dV
+AV+K7QdAYikWmqgBheRdPKddJdccPy/Zl/p3ZT7GhDyC5f3wZjcuu8AJ27BNwbCA
+x54dgxgCNcyPm79nY8MRtEdEpoRGdSsFKJemz6hpXM++MWFciyrRWIIA44XB0Gv3
+US0spjsDPQ==
+-----END CERTIFICATE-----
diff --git a/src/lib/libssl/src/config b/src/lib/libssl/src/config
index 0715d378d9..c2f504f59e 100644
--- a/src/lib/libssl/src/config
+++ b/src/lib/libssl/src/config
@@ -54,6 +54,22 @@ SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown"
VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
+
+
+
+# Check for VC++ presence first.
+#
+#if [ "x$MSVCDIR" != "x" -o "x$VCINSTALLDIR" != "x" ]; then
+# perl Configure VC-WIN32 $*
+# cmd /c ms\\do_masm.bat
+# perl util/mk1mf.pl VC-WIN32-GMAKE >mak.tmp
+# rm Makefile
+# mv mak.tmp Makefile
+# echo "Configured for VC++ using GNU make"
+# exit 0
+#fi
+#
+
# Now test for ISC and SCO, since it is has a braindamaged uname.
#
# We need to work around FreeBSD 1.1.5.1
@@ -339,6 +355,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
MINGW*)
echo "${MACHINE}-whatever-mingw"; echo 0;
+ # Save fipslib path so VC++ build can find it
+ (cd /usr/local/ssl/lib ; pwd -W ) > util/fipslib_path.txt
+ # Extract _chkstk.o so VC++ can use it, to avoid __alloca link error
+ (cd ms ; ar x `gcc -print-libgcc-file-name` _chkstk.o)
;;
CYGWIN*)
case "$RELEASE" in
@@ -407,7 +427,7 @@ if [ "$GCCVER" != "" ]; then
CC=gcc
# then strip off whatever prefix egcs prepends the number with...
# Hopefully, this will work for any future prefixes as well.
- GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'`
+ GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'`
# Since gcc 3.1 gcc --version behaviour has changed. gcc -dumpversion
# does give us what we want though, so we use that. We just just the
# major and minor version numbers.
diff --git a/src/lib/libssl/src/crypto/Makefile b/src/lib/libssl/src/crypto/Makefile
index cffaeedc5d..cda9de0ac9 100644
--- a/src/lib/libssl/src/crypto/Makefile
+++ b/src/lib/libssl/src/crypto/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/Makefile
+# OpenSSL/crypto/Makefile
#
DIR= crypto
diff --git a/src/lib/libssl/src/crypto/aes/aes_cbc.c b/src/lib/libssl/src/crypto/aes/aes_cbc.c
index d2ba6bcdb4..373864cd4b 100644
--- a/src/lib/libssl/src/crypto/aes/aes_cbc.c
+++ b/src/lib/libssl/src/crypto/aes/aes_cbc.c
@@ -59,6 +59,7 @@
#include <openssl/aes.h>
#include "aes_locl.h"
+#if !defined(OPENSSL_FIPS_AES_ASM)
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
unsigned char *ivec, const int enc) {
@@ -129,3 +130,4 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
}
}
}
+#endif
diff --git a/src/lib/libssl/src/crypto/asn1/Makefile b/src/lib/libssl/src/crypto/asn1/Makefile
index b11298d621..d1c2d8f490 100644
--- a/src/lib/libssl/src/crypto/asn1/Makefile
+++ b/src/lib/libssl/src/crypto/asn1/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/asn1/Makefile
+# OpenSSL/crypto/asn1/Makefile
#
DIR= asn1
diff --git a/src/lib/libssl/src/crypto/asn1/asn1.h b/src/lib/libssl/src/crypto/asn1/asn1.h
index ceaeb4cbe3..0184b475a7 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1.h
+++ b/src/lib/libssl/src/crypto/asn1/asn1.h
@@ -962,6 +962,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_F_ASN1_DUP 111
#define ASN1_F_ASN1_ENUMERATED_SET 112
#define ASN1_F_ASN1_ENUMERATED_TO_BN 113
+#define ASN1_F_ASN1_FIND_END 182
#define ASN1_F_ASN1_GENERALIZEDTIME_SET 178
#define ASN1_F_ASN1_GET_OBJECT 114
#define ASN1_F_ASN1_HEADER_NEW 115
@@ -1075,6 +1076,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_MISSING_SECOND_NUMBER 138
#define ASN1_R_MSTRING_NOT_UNIVERSAL 139
#define ASN1_R_MSTRING_WRONG_TAG 140
+#define ASN1_R_NESTED_ASN1_STRING 174
#define ASN1_R_NON_HEX_CHARACTERS 141
#define ASN1_R_NOT_ENOUGH_DATA 142
#define ASN1_R_NO_MATCHING_CHOICE_TYPE 143
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_err.c b/src/lib/libssl/src/crypto/asn1/asn1_err.c
index 3b57c8fbae..315d0a0807 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_err.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
/* crypto/asn1/asn1_err.c */
/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,169 +64,175 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
+
static ERR_STRING_DATA ASN1_str_functs[]=
{
-{ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0), "a2d_ASN1_OBJECT"},
-{ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0), "a2i_ASN1_ENUMERATED"},
-{ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0), "a2i_ASN1_STRING"},
-{ERR_PACK(0,ASN1_F_ASN1_BIT_STRING_SET_BIT,0), "ASN1_BIT_STRING_set_bit"},
-{ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0), "ASN1_CHECK_TLEN"},
-{ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0), "ASN1_COLLATE_PRIMITIVE"},
-{ERR_PACK(0,ASN1_F_ASN1_COLLECT,0), "ASN1_COLLECT"},
-{ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0), "ASN1_d2i_bio"},
-{ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0), "ASN1_D2I_EX_PRIMITIVE"},
-{ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0), "ASN1_d2i_fp"},
-{ERR_PACK(0,ASN1_F_ASN1_DIGEST,0), "ASN1_digest"},
-{ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0), "ASN1_DO_ADB"},
-{ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"},
-{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0), "ASN1_ENUMERATED_set"},
-{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0), "ASN1_ENUMERATED_to_BN"},
-{ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_SET,0), "ASN1_GENERALIZEDTIME_set"},
-{ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0), "ASN1_get_object"},
-{ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0), "ASN1_HEADER_new"},
-{ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0), "ASN1_i2d_bio"},
-{ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0), "ASN1_i2d_fp"},
-{ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0), "ASN1_INTEGER_set"},
-{ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0), "ASN1_INTEGER_to_BN"},
-{ERR_PACK(0,ASN1_F_ASN1_ITEM_EX_D2I,0), "ASN1_ITEM_EX_D2I"},
-{ERR_PACK(0,ASN1_F_ASN1_ITEM_NEW,0), "ASN1_item_new"},
-{ERR_PACK(0,ASN1_F_ASN1_MBSTRING_COPY,0), "ASN1_mbstring_copy"},
-{ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0), "ASN1_OBJECT_new"},
-{ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0), "ASN1_pack_string"},
-{ERR_PACK(0,ASN1_F_ASN1_PBE_SET,0), "ASN1_PBE_SET"},
-{ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0), "ASN1_seq_pack"},
-{ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0), "ASN1_seq_unpack"},
-{ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_sign"},
-{ERR_PACK(0,ASN1_F_ASN1_STRING_SET,0), "ASN1_STRING_set"},
-{ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0), "ASN1_STRING_TABLE_add"},
-{ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"},
-{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"},
-{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0), "ASN1_TEMPLATE_EX_D2I"},
-{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0), "ASN1_TEMPLATE_NEW"},
-{ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0), "ASN1_TIME_set"},
-{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"},
-{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"},
-{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"},
-{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_SET,0), "ASN1_UTCTIME_set"},
-{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0), "ASN1_verify"},
-{ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0), "BN_to_ASN1_ENUMERATED"},
-{ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0), "BN_to_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_COLLECT_DATA,0), "COLLECT_DATA"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0), "D2I_ASN1_BIT_STRING"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0), "d2i_ASN1_BOOLEAN"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0), "d2i_ASN1_bytes"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0), "D2I_ASN1_GENERALIZEDTIME"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0), "d2i_ASN1_HEADER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0), "D2I_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0), "d2i_ASN1_OBJECT"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0), "d2i_ASN1_SET"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0), "d2i_ASN1_type_bytes"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0), "d2i_ASN1_UINTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0), "D2I_ASN1_UTCTIME"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0), "d2i_Netscape_RSA"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0), "D2I_NETSCAPE_RSA_2"},
-{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0), "d2i_PrivateKey"},
-{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0), "d2i_PublicKey"},
-{ERR_PACK(0,ASN1_F_D2I_X509,0), "D2I_X509"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0), "D2I_X509_CINF"},
-{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0), "D2I_X509_NAME"},
-{ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0), "d2i_X509_PKEY"},
-{ERR_PACK(0,ASN1_F_I2D_ASN1_SET,0), "i2d_ASN1_SET"},
-{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "I2D_ASN1_TIME"},
-{ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0), "i2d_DSA_PUBKEY"},
-{ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "i2d_Netscape_RSA"},
-{ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0), "i2d_PrivateKey"},
-{ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0), "i2d_PublicKey"},
-{ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0), "i2d_RSA_PUBKEY"},
-{ERR_PACK(0,ASN1_F_LONG_C2I,0), "LONG_C2I"},
-{ERR_PACK(0,ASN1_F_OID_MODULE_INIT,0), "OID_MODULE_INIT"},
-{ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0), "PKCS5_pbe2_set"},
-{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0), "X509_CINF_NEW"},
-{ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0), "X509_CRL_add0_revoked"},
-{ERR_PACK(0,ASN1_F_X509_INFO_NEW,0), "X509_INFO_new"},
-{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0), "X509_NAME_NEW"},
-{ERR_PACK(0,ASN1_F_X509_NEW,0), "X509_NEW"},
-{ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0), "X509_PKEY_new"},
+{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"},
+{ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"},
+{ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"},
+{ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"},
+{ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"},
+{ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"},
+{ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"},
+{ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"},
+{ERR_FUNC(ASN1_F_ASN1_D2I_BIO), "ASN1_d2i_bio"},
+{ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"},
+{ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"},
+{ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"},
+{ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"},
+{ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"},
+{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"},
+{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"},
+{ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"},
+{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"},
+{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"},
+{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new"},
+{ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
+{ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"},
+{ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"},
+{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_NEW), "ASN1_item_new"},
+{ERR_FUNC(ASN1_F_ASN1_MBSTRING_COPY), "ASN1_mbstring_copy"},
+{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"},
+{ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"},
+{ERR_FUNC(ASN1_F_ASN1_PBE_SET), "ASN1_PBE_SET"},
+{ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"},
+{ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"},
+{ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"},
+{ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"},
+{ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"},
+{ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
+{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_D2I), "ASN1_TEMPLATE_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"},
+{ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"},
+{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1_TYPE_get_int_octetstring"},
+{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"},
+{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"},
+{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"},
+{ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
+{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"},
+{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"},
+{ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "d2i_ASN1_HEADER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"},
+{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"},
+{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"},
+{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
+{ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
+{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
+{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
+{ERR_FUNC(ASN1_F_D2I_X509_NAME), "D2I_X509_NAME"},
+{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
+{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
+{ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
+{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
+{ERR_FUNC(ASN1_F_I2D_NETSCAPE_RSA), "i2d_Netscape_RSA"},
+{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
+{ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
+{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
+{ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"},
+{ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"},
+{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"},
+{ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"},
+{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
+{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
+{ERR_FUNC(ASN1_F_X509_NAME_NEW), "X509_NAME_NEW"},
+{ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"},
+{ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"},
{0,NULL}
};
static ERR_STRING_DATA ASN1_str_reasons[]=
{
-{ASN1_R_ADDING_OBJECT ,"adding object"},
-{ASN1_R_AUX_ERROR ,"aux error"},
-{ASN1_R_BAD_CLASS ,"bad class"},
-{ASN1_R_BAD_OBJECT_HEADER ,"bad object header"},
-{ASN1_R_BAD_PASSWORD_READ ,"bad password read"},
-{ASN1_R_BAD_TAG ,"bad tag"},
-{ASN1_R_BN_LIB ,"bn lib"},
-{ASN1_R_BOOLEAN_IS_WRONG_LENGTH ,"boolean is wrong length"},
-{ASN1_R_BUFFER_TOO_SMALL ,"buffer too small"},
-{ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"},
-{ASN1_R_DATA_IS_WRONG ,"data is wrong"},
-{ASN1_R_DECODE_ERROR ,"decode error"},
-{ASN1_R_DECODING_ERROR ,"decoding error"},
-{ASN1_R_ENCODE_ERROR ,"encode error"},
-{ASN1_R_ERROR_GETTING_TIME ,"error getting time"},
-{ASN1_R_ERROR_LOADING_SECTION ,"error loading section"},
-{ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"},
-{ASN1_R_ERROR_SETTING_CIPHER_PARAMS ,"error setting cipher params"},
-{ASN1_R_EXPECTING_AN_INTEGER ,"expecting an integer"},
-{ASN1_R_EXPECTING_AN_OBJECT ,"expecting an object"},
-{ASN1_R_EXPECTING_A_BOOLEAN ,"expecting a boolean"},
-{ASN1_R_EXPECTING_A_TIME ,"expecting a time"},
-{ASN1_R_EXPLICIT_LENGTH_MISMATCH ,"explicit length mismatch"},
-{ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED ,"explicit tag not constructed"},
-{ASN1_R_FIELD_MISSING ,"field missing"},
-{ASN1_R_FIRST_NUM_TOO_LARGE ,"first num too large"},
-{ASN1_R_HEADER_TOO_LONG ,"header too long"},
-{ASN1_R_ILLEGAL_CHARACTERS ,"illegal characters"},
-{ASN1_R_ILLEGAL_NULL ,"illegal null"},
-{ASN1_R_ILLEGAL_OPTIONAL_ANY ,"illegal optional any"},
-{ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ,"illegal options on item template"},
-{ASN1_R_ILLEGAL_TAGGED_ANY ,"illegal tagged any"},
-{ASN1_R_INTEGER_TOO_LARGE_FOR_LONG ,"integer too large for long"},
-{ASN1_R_INVALID_BMPSTRING_LENGTH ,"invalid bmpstring length"},
-{ASN1_R_INVALID_DIGIT ,"invalid digit"},
-{ASN1_R_INVALID_SEPARATOR ,"invalid separator"},
-{ASN1_R_INVALID_TIME_FORMAT ,"invalid time format"},
-{ASN1_R_INVALID_UNIVERSALSTRING_LENGTH ,"invalid universalstring length"},
-{ASN1_R_INVALID_UTF8STRING ,"invalid utf8string"},
-{ASN1_R_IV_TOO_LARGE ,"iv too large"},
-{ASN1_R_LENGTH_ERROR ,"length error"},
-{ASN1_R_MISSING_EOC ,"missing eoc"},
-{ASN1_R_MISSING_SECOND_NUMBER ,"missing second number"},
-{ASN1_R_MSTRING_NOT_UNIVERSAL ,"mstring not universal"},
-{ASN1_R_MSTRING_WRONG_TAG ,"mstring wrong tag"},
-{ASN1_R_NON_HEX_CHARACTERS ,"non hex characters"},
-{ASN1_R_NOT_ENOUGH_DATA ,"not enough data"},
-{ASN1_R_NO_MATCHING_CHOICE_TYPE ,"no matching choice type"},
-{ASN1_R_NULL_IS_WRONG_LENGTH ,"null is wrong length"},
-{ASN1_R_ODD_NUMBER_OF_CHARS ,"odd number of chars"},
-{ASN1_R_PRIVATE_KEY_HEADER_MISSING ,"private key header missing"},
-{ASN1_R_SECOND_NUMBER_TOO_LARGE ,"second number too large"},
-{ASN1_R_SEQUENCE_LENGTH_MISMATCH ,"sequence length mismatch"},
-{ASN1_R_SEQUENCE_NOT_CONSTRUCTED ,"sequence not constructed"},
-{ASN1_R_SHORT_LINE ,"short line"},
-{ASN1_R_STRING_TOO_LONG ,"string too long"},
-{ASN1_R_STRING_TOO_SHORT ,"string too short"},
-{ASN1_R_TAG_VALUE_TOO_HIGH ,"tag value too high"},
-{ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
-{ASN1_R_TOO_LONG ,"too long"},
-{ASN1_R_TYPE_NOT_CONSTRUCTED ,"type not constructed"},
-{ASN1_R_UNABLE_TO_DECODE_RSA_KEY ,"unable to decode rsa key"},
-{ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"},
-{ASN1_R_UNEXPECTED_EOC ,"unexpected eoc"},
-{ASN1_R_UNKNOWN_FORMAT ,"unknown format"},
-{ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
-{ASN1_R_UNKNOWN_OBJECT_TYPE ,"unknown object type"},
-{ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE ,"unknown public key type"},
-{ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE ,"unsupported any defined by type"},
-{ASN1_R_UNSUPPORTED_CIPHER ,"unsupported cipher"},
-{ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"},
-{ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE ,"unsupported public key type"},
-{ASN1_R_WRONG_TAG ,"wrong tag"},
-{ASN1_R_WRONG_TYPE ,"wrong type"},
+{ERR_REASON(ASN1_R_ADDING_OBJECT) ,"adding object"},
+{ERR_REASON(ASN1_R_AUX_ERROR) ,"aux error"},
+{ERR_REASON(ASN1_R_BAD_CLASS) ,"bad class"},
+{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"},
+{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"},
+{ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"},
+{ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"},
+{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
+{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"},
+{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
+{ERR_REASON(ASN1_R_DATA_IS_WRONG) ,"data is wrong"},
+{ERR_REASON(ASN1_R_DECODE_ERROR) ,"decode error"},
+{ERR_REASON(ASN1_R_DECODING_ERROR) ,"decoding error"},
+{ERR_REASON(ASN1_R_ENCODE_ERROR) ,"encode error"},
+{ERR_REASON(ASN1_R_ERROR_GETTING_TIME) ,"error getting time"},
+{ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"},
+{ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),"error parsing set element"},
+{ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),"error setting cipher params"},
+{ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER) ,"expecting an integer"},
+{ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT) ,"expecting an object"},
+{ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN) ,"expecting a boolean"},
+{ERR_REASON(ASN1_R_EXPECTING_A_TIME) ,"expecting a time"},
+{ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH),"explicit length mismatch"},
+{ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),"explicit tag not constructed"},
+{ERR_REASON(ASN1_R_FIELD_MISSING) ,"field missing"},
+{ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE) ,"first num too large"},
+{ERR_REASON(ASN1_R_HEADER_TOO_LONG) ,"header too long"},
+{ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS) ,"illegal characters"},
+{ERR_REASON(ASN1_R_ILLEGAL_NULL) ,"illegal null"},
+{ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"},
+{ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"},
+{ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY) ,"illegal tagged any"},
+{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
+{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
+{ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"},
+{ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"},
+{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"},
+{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},
+{ERR_REASON(ASN1_R_INVALID_UTF8STRING) ,"invalid utf8string"},
+{ERR_REASON(ASN1_R_IV_TOO_LARGE) ,"iv too large"},
+{ERR_REASON(ASN1_R_LENGTH_ERROR) ,"length error"},
+{ERR_REASON(ASN1_R_MISSING_EOC) ,"missing eoc"},
+{ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},
+{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"},
+{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG) ,"mstring wrong tag"},
+{ERR_REASON(ASN1_R_NESTED_ASN1_STRING) ,"nested asn1 string"},
+{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"},
+{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"},
+{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
+{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},
+{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS) ,"odd number of chars"},
+{ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"},
+{ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"},
+{ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"},
+{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},
+{ERR_REASON(ASN1_R_SHORT_LINE) ,"short line"},
+{ERR_REASON(ASN1_R_STRING_TOO_LONG) ,"string too long"},
+{ERR_REASON(ASN1_R_STRING_TOO_SHORT) ,"string too short"},
+{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) ,"tag value too high"},
+{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
+{ERR_REASON(ASN1_R_TOO_LONG) ,"too long"},
+{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
+{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
+{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
+{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"},
+{ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"},
+{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
+{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"},
+{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"},
+{ERR_REASON(ASN1_R_WRONG_TAG) ,"wrong tag"},
+{ERR_REASON(ASN1_R_WRONG_TYPE) ,"wrong type"},
{0,NULL}
};
@@ -240,8 +246,8 @@ void ERR_load_ASN1_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs);
- ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons);
+ ERR_load_strings(0,ASN1_str_functs);
+ ERR_load_strings(0,ASN1_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
index 2426cb6253..c22501fc63 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
@@ -66,6 +66,7 @@
#include <openssl/err.h>
static int asn1_check_eoc(unsigned char **in, long len);
+static int asn1_find_end(unsigned char **in, long len, char inf);
static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass);
static int collect_data(BUF_MEM *buf, unsigned char **p, long plen);
static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
@@ -644,7 +645,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl
cont = *in;
/* If indefinite length constructed find the real end */
if(inf) {
- if(!asn1_collect(NULL, &p, plen, inf, -1, -1)) goto err;
+ if(!asn1_find_end(&p, plen, inf)) goto err;
len = p - cont;
} else {
len = p - cont + plen;
@@ -807,12 +808,66 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
return ret;
}
+/* This function finds the end of an ASN1 structure when passed its maximum
+ * length, whether it is indefinite length and a pointer to the content.
+ * This is more efficient than calling asn1_collect because it does not
+ * recurse on each indefinite length header.
+ */
+
+static int asn1_find_end(unsigned char **in, long len, char inf)
+ {
+ int expected_eoc;
+ long plen;
+ unsigned char *p = *in, *q;
+ /* If not indefinite length constructed just add length */
+ if (inf == 0)
+ {
+ *in += len;
+ return 1;
+ }
+ expected_eoc = 1;
+ /* Indefinite length constructed form. Find the end when enough EOCs
+ * are found. If more indefinite length constructed headers
+ * are encountered increment the expected eoc count otherwise justi
+ * skip to the end of the data.
+ */
+ while (len > 0)
+ {
+ if(asn1_check_eoc(&p, len))
+ {
+ expected_eoc--;
+ if (expected_eoc == 0)
+ break;
+ len -= 2;
+ continue;
+ }
+ q = p;
+ /* Just read in a header: only care about the length */
+ if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
+ -1, 0, 0, NULL))
+ {
+ ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ }
+ if (inf)
+ expected_eoc++;
+ else
+ p += plen;
+ len -= p - q;
+ }
+ if (expected_eoc)
+ {
+ ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
+ return 0;
+ }
+ *in = p;
+ return 1;
+ }
+
/* This function collects the asn1 data from a constructred string
* type into a buffer. The values of 'in' and 'len' should refer
* to the contents of the constructed type and 'inf' should be set
- * if it is indefinite length. If 'buf' is NULL then we just want
- * to find the end of the current structure: useful for indefinite
- * length constructed stuff.
+ * if it is indefinite length.
*/
static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass)
@@ -822,11 +877,6 @@ static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, in
char cst, ininf;
p = *in;
inf &= 1;
- /* If no buffer and not indefinite length constructed just pass over the encoded data */
- if(!buf && !inf) {
- *in += len;
- return 1;
- }
while(len > 0) {
q = p;
/* Check for EOC */
@@ -845,9 +895,15 @@ static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, in
}
/* If indefinite length constructed update max length */
if(cst) {
- if(!asn1_collect(buf, &p, plen, ininf, tag, aclass)) return 0;
+#ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS
+ if (!asn1_collect(buf, &p, plen, ininf, tag, aclass))
+ return 0;
+#else
+ ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
+ return 0;
+#endif
} else {
- if(!collect_data(buf, &p, plen)) return 0;
+ if(plen && !collect_data(buf, &p, plen)) return 0;
}
len -= p - q;
}
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_enc.c b/src/lib/libssl/src/crypto/asn1/tasn_enc.c
index f6c8ddef0a..c675c3c832 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_enc.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_enc.c
@@ -445,9 +445,12 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_
case V_ASN1_BOOLEAN:
tbool = (ASN1_BOOLEAN *)pval;
if(*tbool == -1) return -1;
- /* Default handling if value == size field then omit */
- if(*tbool && (it->size > 0)) return -1;
- if(!*tbool && !it->size) return -1;
+ if (it->utype != V_ASN1_ANY)
+ {
+ /* Default handling if value == size field then omit */
+ if(*tbool && (it->size > 0)) return -1;
+ if(!*tbool && !it->size) return -1;
+ }
c = (unsigned char)*tbool;
cont = &c;
len = 1;
diff --git a/src/lib/libssl/src/crypto/bf/Makefile b/src/lib/libssl/src/crypto/bf/Makefile
index 0e2121efdc..42e2c050f8 100644
--- a/src/lib/libssl/src/crypto/bf/Makefile
+++ b/src/lib/libssl/src/crypto/bf/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/blowfish/Makefile
+# OpenSSL/crypto/blowfish/Makefile
#
DIR= bf
@@ -110,7 +110,7 @@ bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/crypto.h
-bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-bf_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bf_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bf_skey.o: bf_locl.h bf_pi.h bf_skey.c
+bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+bf_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bf_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bf_skey.o: ../../include/openssl/symhacks.h bf_locl.h bf_pi.h bf_skey.c
diff --git a/src/lib/libssl/src/crypto/bf/bf_skey.c b/src/lib/libssl/src/crypto/bf/bf_skey.c
index fc5bebefce..1931aba83f 100644
--- a/src/lib/libssl/src/crypto/bf/bf_skey.c
+++ b/src/lib/libssl/src/crypto/bf/bf_skey.c
@@ -60,6 +60,7 @@
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/blowfish.h>
+#include <openssl/fips.h>
#include "bf_locl.h"
#include "bf_pi.h"
diff --git a/src/lib/libssl/src/crypto/bio/Makefile b/src/lib/libssl/src/crypto/bio/Makefile
index 19d9350760..a565154499 100644
--- a/src/lib/libssl/src/crypto/bio/Makefile
+++ b/src/lib/libssl/src/crypto/bio/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/bio/Makefile
+# OpenSSL/crypto/bio/Makefile
#
DIR= bio
diff --git a/src/lib/libssl/src/crypto/bio/b_print.c b/src/lib/libssl/src/crypto/bio/b_print.c
index c2bb357b4c..165f046295 100644
--- a/src/lib/libssl/src/crypto/bio/b_print.c
+++ b/src/lib/libssl/src/crypto/bio/b_print.c
@@ -576,7 +576,7 @@ abs_val(LDOUBLE value)
}
static LDOUBLE
-pow10(int in_exp)
+pow_10(int in_exp)
{
LDOUBLE result = 1;
while (in_exp) {
@@ -639,11 +639,11 @@ fmtfp(
/* we "cheat" by converting the fractional part to integer by
multiplying by a factor of 10 */
- fracpart = roundv((pow10(max)) * (ufvalue - intpart));
+ fracpart = roundv((pow_10(max)) * (ufvalue - intpart));
- if (fracpart >= (long)pow10(max)) {
+ if (fracpart >= (long)pow_10(max)) {
intpart++;
- fracpart -= (long)pow10(max);
+ fracpart -= (long)pow_10(max);
}
/* convert integer part */
diff --git a/src/lib/libssl/src/crypto/bio/bio_err.c b/src/lib/libssl/src/crypto/bio/bio_err.c
index 68a119d895..8859a58ae4 100644
--- a/src/lib/libssl/src/crypto/bio/bio_err.c
+++ b/src/lib/libssl/src/crypto/bio/bio_err.c
@@ -1,6 +1,6 @@
/* crypto/bio/bio_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,73 +64,77 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)
+
static ERR_STRING_DATA BIO_str_functs[]=
{
-{ERR_PACK(0,BIO_F_ACPT_STATE,0), "ACPT_STATE"},
-{ERR_PACK(0,BIO_F_BIO_ACCEPT,0), "BIO_accept"},
-{ERR_PACK(0,BIO_F_BIO_BER_GET_HEADER,0), "BIO_BER_GET_HEADER"},
-{ERR_PACK(0,BIO_F_BIO_CTRL,0), "BIO_ctrl"},
-{ERR_PACK(0,BIO_F_BIO_GETHOSTBYNAME,0), "BIO_gethostbyname"},
-{ERR_PACK(0,BIO_F_BIO_GETS,0), "BIO_gets"},
-{ERR_PACK(0,BIO_F_BIO_GET_ACCEPT_SOCKET,0), "BIO_get_accept_socket"},
-{ERR_PACK(0,BIO_F_BIO_GET_HOST_IP,0), "BIO_get_host_ip"},
-{ERR_PACK(0,BIO_F_BIO_GET_PORT,0), "BIO_get_port"},
-{ERR_PACK(0,BIO_F_BIO_MAKE_PAIR,0), "BIO_MAKE_PAIR"},
-{ERR_PACK(0,BIO_F_BIO_NEW,0), "BIO_new"},
-{ERR_PACK(0,BIO_F_BIO_NEW_FILE,0), "BIO_new_file"},
-{ERR_PACK(0,BIO_F_BIO_NEW_MEM_BUF,0), "BIO_new_mem_buf"},
-{ERR_PACK(0,BIO_F_BIO_NREAD,0), "BIO_nread"},
-{ERR_PACK(0,BIO_F_BIO_NREAD0,0), "BIO_nread0"},
-{ERR_PACK(0,BIO_F_BIO_NWRITE,0), "BIO_nwrite"},
-{ERR_PACK(0,BIO_F_BIO_NWRITE0,0), "BIO_nwrite0"},
-{ERR_PACK(0,BIO_F_BIO_PUTS,0), "BIO_puts"},
-{ERR_PACK(0,BIO_F_BIO_READ,0), "BIO_read"},
-{ERR_PACK(0,BIO_F_BIO_SOCK_INIT,0), "BIO_sock_init"},
-{ERR_PACK(0,BIO_F_BIO_WRITE,0), "BIO_write"},
-{ERR_PACK(0,BIO_F_BUFFER_CTRL,0), "BUFFER_CTRL"},
-{ERR_PACK(0,BIO_F_CONN_CTRL,0), "CONN_CTRL"},
-{ERR_PACK(0,BIO_F_CONN_STATE,0), "CONN_STATE"},
-{ERR_PACK(0,BIO_F_FILE_CTRL,0), "FILE_CTRL"},
-{ERR_PACK(0,BIO_F_FILE_READ,0), "FILE_READ"},
-{ERR_PACK(0,BIO_F_LINEBUFFER_CTRL,0), "LINEBUFFER_CTRL"},
-{ERR_PACK(0,BIO_F_MEM_READ,0), "MEM_READ"},
-{ERR_PACK(0,BIO_F_MEM_WRITE,0), "MEM_WRITE"},
-{ERR_PACK(0,BIO_F_SSL_NEW,0), "SSL_new"},
-{ERR_PACK(0,BIO_F_WSASTARTUP,0), "WSASTARTUP"},
+{ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"},
+{ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"},
+{ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"},
+{ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"},
+{ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"},
+{ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"},
+{ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"},
+{ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"},
+{ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"},
+{ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"},
+{ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"},
+{ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"},
+{ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"},
+{ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"},
+{ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"},
+{ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"},
+{ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"},
+{ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"},
+{ERR_FUNC(BIO_F_BIO_READ), "BIO_read"},
+{ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"},
+{ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"},
+{ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"},
+{ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"},
+{ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"},
+{ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"},
+{ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"},
+{ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"},
+{ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"},
+{ERR_FUNC(BIO_F_MEM_WRITE), "MEM_WRITE"},
+{ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"},
+{ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"},
{0,NULL}
};
static ERR_STRING_DATA BIO_str_reasons[]=
{
-{BIO_R_ACCEPT_ERROR ,"accept error"},
-{BIO_R_BAD_FOPEN_MODE ,"bad fopen mode"},
-{BIO_R_BAD_HOSTNAME_LOOKUP ,"bad hostname lookup"},
-{BIO_R_BROKEN_PIPE ,"broken pipe"},
-{BIO_R_CONNECT_ERROR ,"connect error"},
-{BIO_R_EOF_ON_MEMORY_BIO ,"EOF on memory BIO"},
-{BIO_R_ERROR_SETTING_NBIO ,"error setting nbio"},
-{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET,"error setting nbio on accepted socket"},
-{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET,"error setting nbio on accept socket"},
-{BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET ,"gethostbyname addr is not af inet"},
-{BIO_R_INVALID_ARGUMENT ,"invalid argument"},
-{BIO_R_INVALID_IP_ADDRESS ,"invalid ip address"},
-{BIO_R_IN_USE ,"in use"},
-{BIO_R_KEEPALIVE ,"keepalive"},
-{BIO_R_NBIO_CONNECT_ERROR ,"nbio connect error"},
-{BIO_R_NO_ACCEPT_PORT_SPECIFIED ,"no accept port specified"},
-{BIO_R_NO_HOSTNAME_SPECIFIED ,"no hostname specified"},
-{BIO_R_NO_PORT_DEFINED ,"no port defined"},
-{BIO_R_NO_PORT_SPECIFIED ,"no port specified"},
-{BIO_R_NO_SUCH_FILE ,"no such file"},
-{BIO_R_NULL_PARAMETER ,"null parameter"},
-{BIO_R_TAG_MISMATCH ,"tag mismatch"},
-{BIO_R_UNABLE_TO_BIND_SOCKET ,"unable to bind socket"},
-{BIO_R_UNABLE_TO_CREATE_SOCKET ,"unable to create socket"},
-{BIO_R_UNABLE_TO_LISTEN_SOCKET ,"unable to listen socket"},
-{BIO_R_UNINITIALIZED ,"uninitialized"},
-{BIO_R_UNSUPPORTED_METHOD ,"unsupported method"},
-{BIO_R_WRITE_TO_READ_ONLY_BIO ,"write to read only BIO"},
-{BIO_R_WSASTARTUP ,"WSAStartup"},
+{ERR_REASON(BIO_R_ACCEPT_ERROR) ,"accept error"},
+{ERR_REASON(BIO_R_BAD_FOPEN_MODE) ,"bad fopen mode"},
+{ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP) ,"bad hostname lookup"},
+{ERR_REASON(BIO_R_BROKEN_PIPE) ,"broken pipe"},
+{ERR_REASON(BIO_R_CONNECT_ERROR) ,"connect error"},
+{ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO) ,"EOF on memory BIO"},
+{ERR_REASON(BIO_R_ERROR_SETTING_NBIO) ,"error setting nbio"},
+{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET),"error setting nbio on accepted socket"},
+{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET),"error setting nbio on accept socket"},
+{ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),"gethostbyname addr is not af inet"},
+{ERR_REASON(BIO_R_INVALID_ARGUMENT) ,"invalid argument"},
+{ERR_REASON(BIO_R_INVALID_IP_ADDRESS) ,"invalid ip address"},
+{ERR_REASON(BIO_R_IN_USE) ,"in use"},
+{ERR_REASON(BIO_R_KEEPALIVE) ,"keepalive"},
+{ERR_REASON(BIO_R_NBIO_CONNECT_ERROR) ,"nbio connect error"},
+{ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED),"no accept port specified"},
+{ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED) ,"no hostname specified"},
+{ERR_REASON(BIO_R_NO_PORT_DEFINED) ,"no port defined"},
+{ERR_REASON(BIO_R_NO_PORT_SPECIFIED) ,"no port specified"},
+{ERR_REASON(BIO_R_NO_SUCH_FILE) ,"no such file"},
+{ERR_REASON(BIO_R_NULL_PARAMETER) ,"null parameter"},
+{ERR_REASON(BIO_R_TAG_MISMATCH) ,"tag mismatch"},
+{ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET) ,"unable to bind socket"},
+{ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET),"unable to create socket"},
+{ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET),"unable to listen socket"},
+{ERR_REASON(BIO_R_UNINITIALIZED) ,"uninitialized"},
+{ERR_REASON(BIO_R_UNSUPPORTED_METHOD) ,"unsupported method"},
+{ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO),"write to read only BIO"},
+{ERR_REASON(BIO_R_WSASTARTUP) ,"WSAStartup"},
{0,NULL}
};
@@ -144,8 +148,8 @@ void ERR_load_BIO_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_BIO,BIO_str_functs);
- ERR_load_strings(ERR_LIB_BIO,BIO_str_reasons);
+ ERR_load_strings(0,BIO_str_functs);
+ ERR_load_strings(0,BIO_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/bio/bss_conn.c b/src/lib/libssl/src/crypto/bio/bss_conn.c
index f5d0e759e2..216780ed5e 100644
--- a/src/lib/libssl/src/crypto/bio/bss_conn.c
+++ b/src/lib/libssl/src/crypto/bio/bss_conn.c
@@ -469,7 +469,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
break;
case BIO_C_DO_STATE_MACHINE:
/* use this one to start the connection */
- if (!data->state != BIO_CONN_S_OK)
+ if (data->state != BIO_CONN_S_OK)
ret=(long)conn_state(b,data);
else
ret=1;
diff --git a/src/lib/libssl/src/crypto/bn/Makefile b/src/lib/libssl/src/crypto/bn/Makefile
index f693d35d87..9969d242cc 100644
--- a/src/lib/libssl/src/crypto/bn/Makefile
+++ b/src/lib/libssl/src/crypto/bn/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/bn/Makefile
+# OpenSSL/crypto/bn/Makefile
#
DIR= bn
@@ -31,12 +31,12 @@ LIB=$(TOP)/libcrypto.a
LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
- bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c
+ bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_x931p.c
LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
- bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o
+ bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_x931p.o
SRC= $(LIBSRC)
@@ -329,3 +329,5 @@ bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
bn_word.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
bn_word.o: ../cryptlib.h bn_lcl.h bn_word.c
+bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+bn_x931p.o: ../../include/openssl/opensslconf.h bn_x931p.c
diff --git a/src/lib/libssl/src/crypto/bn/asm/ppc.pl b/src/lib/libssl/src/crypto/bn/asm/ppc.pl
index 307c7ccb35..08e0053473 100644
--- a/src/lib/libssl/src/crypto/bn/asm/ppc.pl
+++ b/src/lib/libssl/src/crypto/bn/asm/ppc.pl
@@ -116,7 +116,7 @@ if ($opf =~ /32\.s/) {
$UDIV= "divwu"; # unsigned divide
$UCMPI= "cmplwi"; # unsigned compare with immediate
$UCMP= "cmplw"; # unsigned compare
- $COUNTZ="cntlzw"; # count leading zeros
+ $CNTLZ= "cntlzw"; # count leading zeros
$SHL= "slw"; # shift left
$SHR= "srw"; # unsigned shift right
$SHRI= "srwi"; # unsigned shift right by immediate
@@ -124,6 +124,7 @@ if ($opf =~ /32\.s/) {
$CLRU= "clrlwi"; # clear upper bits
$INSR= "insrwi"; # insert right
$ROTL= "rotlwi"; # rotate left by immediate
+ $TR= "tw"; # conditional trap
} elsif ($opf =~ /64\.s/) {
$BITS= 64;
$BNSZ= $BITS/8;
@@ -139,7 +140,7 @@ if ($opf =~ /32\.s/) {
$UDIV= "divdu"; # unsigned divide
$UCMPI= "cmpldi"; # unsigned compare with immediate
$UCMP= "cmpld"; # unsigned compare
- $COUNTZ="cntlzd"; # count leading zeros
+ $CNTLZ= "cntlzd"; # count leading zeros
$SHL= "sld"; # shift left
$SHR= "srd"; # unsigned shift right
$SHRI= "srdi"; # unsigned shift right by immediate
@@ -147,6 +148,7 @@ if ($opf =~ /32\.s/) {
$CLRU= "clrldi"; # clear upper bits
$INSR= "insrdi"; # insert right
$ROTL= "rotldi"; # rotate left by immediate
+ $TR= "td"; # conditional trap
} else { die "nonsense $opf"; }
( defined shift || open STDOUT,">$opf" ) || die "can't open $opf: $!";
@@ -1710,17 +1712,12 @@ Lppcasm_add_adios:
bclr BO_ALWAYS,CR0_LT
Lppcasm_div1:
xor r0,r0,r0 #r0=0
- $COUNTZ r7,r5 #r7 = num leading 0s in d.
- subfic r8,r7,$BITS #r8 = BN_num_bits_word(d)
- cmpi 0,0,r8,$BITS #
- bc BO_IF,CR0_EQ,Lppcasm_div2 #proceed if (r8==$BITS)
- li r9,1 # r9=1
- $SHL r10,r9,r8 # r9<<=r8
- $UCMP 0,r3,r10 #
- bc BO_IF,CR0_GT,Lppcasm_div2 #or if (h > (1<<r8))
- $UDIV r3,r3,r0 #if not assert(0) divide by 0!
- #that's how we signal overflow
- bclr BO_ALWAYS,CR0_LT #return. NEVER REACHED.
+ li r8,$BITS
+ $CNTLZ. r7,r5 #r7 = num leading 0s in d.
+ bc BO_IF,CR0_EQ,Lppcasm_div2 #proceed if no leading zeros
+ subf r8,r7,r8 #r8 = BN_num_bits_word(d)
+ $SHR. r9,r3,r8 #are there any bits above r8'th?
+ $TR 16,r9,r0 #if there're, signal to dump core...
Lppcasm_div2:
$UCMP 0,r3,r5 #h>=d?
bc BO_IF,CR0_LT,Lppcasm_div3 #goto Lppcasm_div3 if not
diff --git a/src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S b/src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S
index 0074dfdb75..8c56e2e7e7 100644
--- a/src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S
+++ b/src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S
@@ -162,10 +162,14 @@
* BN_ULONG w;
*/
bn_mul_add_words:
+ sra %o2,%g0,%o2 ! signx %o2
brgz,a %o2,.L_bn_mul_add_words_proceed
lduw [%o1],%g2
retl
clr %o0
+ nop
+ nop
+ nop
.L_bn_mul_add_words_proceed:
srl %o3,%g0,%o3 ! clruw %o3
@@ -260,10 +264,14 @@ bn_mul_add_words:
* BN_ULONG w;
*/
bn_mul_words:
+ sra %o2,%g0,%o2 ! signx %o2
brgz,a %o2,.L_bn_mul_words_proceeed
lduw [%o1],%g2
retl
clr %o0
+ nop
+ nop
+ nop
.L_bn_mul_words_proceeed:
srl %o3,%g0,%o3 ! clruw %o3
@@ -344,10 +352,14 @@ bn_mul_words:
* int n;
*/
bn_sqr_words:
+ sra %o2,%g0,%o2 ! signx %o2
brgz,a %o2,.L_bn_sqr_words_proceeed
lduw [%o1],%g2
retl
clr %o0
+ nop
+ nop
+ nop
.L_bn_sqr_words_proceeed:
andcc %o2,-4,%g0
@@ -445,6 +457,7 @@ bn_div_words:
* int n;
*/
bn_add_words:
+ sra %o3,%g0,%o3 ! signx %o3
brgz,a %o3,.L_bn_add_words_proceed
lduw [%o1],%o4
retl
@@ -454,7 +467,6 @@ bn_add_words:
andcc %o3,-4,%g0
bz,pn %icc,.L_bn_add_words_tail
addcc %g0,0,%g0 ! clear carry flag
- nop
.L_bn_add_words_loop: ! wow! 32 aligned!
dec 4,%o3
@@ -523,6 +535,7 @@ bn_add_words:
* int n;
*/
bn_sub_words:
+ sra %o3,%g0,%o3 ! signx %o3
brgz,a %o3,.L_bn_sub_words_proceed
lduw [%o1],%o4
retl
@@ -532,7 +545,6 @@ bn_sub_words:
andcc %o3,-4,%g0
bz,pn %icc,.L_bn_sub_words_tail
addcc %g0,0,%g0 ! clear carry flag
- nop
.L_bn_sub_words_loop: ! wow! 32 aligned!
dec 4,%o3
diff --git a/src/lib/libssl/src/crypto/bn/bn.h b/src/lib/libssl/src/crypto/bn/bn.h
index 3da6d8ced9..1251521c54 100644
--- a/src/lib/libssl/src/crypto/bn/bn.h
+++ b/src/lib/libssl/src/crypto/bn/bn.h
@@ -225,10 +225,23 @@ extern "C" {
#define BN_FLG_MALLOCED 0x01
#define BN_FLG_STATIC_DATA 0x02
+#define BN_FLG_EXP_CONSTTIME 0x04 /* avoid leaking exponent information through timings
+ * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
#define BN_FLG_FREE 0x8000 /* used for debuging */
#define BN_set_flags(b,n) ((b)->flags|=(n))
#define BN_get_flags(b,n) ((b)->flags&(n))
+/* get a clone of a BIGNUM with changed flags, for *temporary* use only
+ * (the two BIGNUMs cannot not be used in parallel!) */
+#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \
+ (dest)->top=(b)->top, \
+ (dest)->dmax=(b)->dmax, \
+ (dest)->neg=(b)->neg, \
+ (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \
+ | ((b)->flags & ~BN_FLG_MALLOCED) \
+ | BN_FLG_STATIC_DATA \
+ | (n)))
+
typedef struct bignum_st
{
BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
@@ -378,6 +391,8 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m,BN_CTX *ctx);
int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
@@ -423,6 +438,19 @@ int BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
int do_trial_division);
+#ifdef OPENSSL_FIPS
+int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+ void (*cb)(int, int, void *), void *cb_arg,
+ const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
+ const BIGNUM *e, BN_CTX *ctx);
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+ BIGNUM *Xp1, BIGNUM *Xp2,
+ const BIGNUM *Xp,
+ const BIGNUM *e, BN_CTX *ctx,
+ void (*cb)(int, int, void *), void *cb_arg);
+#endif
+
BN_MONT_CTX *BN_MONT_CTX_new(void );
void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
@@ -434,6 +462,8 @@ int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
void BN_MONT_CTX_free(BN_MONT_CTX *mont);
int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
+ const BIGNUM *mod, BN_CTX *ctx);
BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
void BN_BLINDING_free(BN_BLINDING *b);
@@ -510,11 +540,15 @@ void ERR_load_BN_strings(void);
#define BN_F_BN_CTX_GET 116
#define BN_F_BN_CTX_NEW 106
#define BN_F_BN_DIV 107
+#define BN_F_BN_EXP 123
#define BN_F_BN_EXPAND2 108
#define BN_F_BN_EXPAND_INTERNAL 120
#define BN_F_BN_MOD_EXP2_MONT 118
#define BN_F_BN_MOD_EXP_MONT 109
+#define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124
#define BN_F_BN_MOD_EXP_MONT_WORD 117
+#define BN_F_BN_MOD_EXP_RECP 125
+#define BN_F_BN_MOD_EXP_SIMPLE 126
#define BN_F_BN_MOD_INVERSE 110
#define BN_F_BN_MOD_LSHIFT_QUICK 119
#define BN_F_BN_MOD_MUL_RECIPROCAL 111
diff --git a/src/lib/libssl/src/crypto/bn/bn_asm.c b/src/lib/libssl/src/crypto/bn/bn_asm.c
index be8aa3ffc5..19978085b2 100644
--- a/src/lib/libssl/src/crypto/bn/bn_asm.c
+++ b/src/lib/libssl/src/crypto/bn/bn_asm.c
@@ -237,7 +237,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
if (d == 0) return(BN_MASK2);
i=BN_num_bits_word(d);
- assert((i == BN_BITS2) || (h > (BN_ULONG)1<<i));
+ assert((i == BN_BITS2) || (h <= (BN_ULONG)1<<i));
i=BN_BITS2-i;
if (h >= d) h-=d;
diff --git a/src/lib/libssl/src/crypto/bn/bn_err.c b/src/lib/libssl/src/crypto/bn/bn_err.c
index fb84ee96d8..5dfac00c88 100644
--- a/src/lib/libssl/src/crypto/bn/bn_err.c
+++ b/src/lib/libssl/src/crypto/bn/bn_err.c
@@ -1,6 +1,6 @@
/* crypto/bn/bn_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,52 +64,60 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
+
static ERR_STRING_DATA BN_str_functs[]=
{
-{ERR_PACK(0,BN_F_BN_BLINDING_CONVERT,0), "BN_BLINDING_convert"},
-{ERR_PACK(0,BN_F_BN_BLINDING_INVERT,0), "BN_BLINDING_invert"},
-{ERR_PACK(0,BN_F_BN_BLINDING_NEW,0), "BN_BLINDING_new"},
-{ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0), "BN_BLINDING_update"},
-{ERR_PACK(0,BN_F_BN_BN2DEC,0), "BN_bn2dec"},
-{ERR_PACK(0,BN_F_BN_BN2HEX,0), "BN_bn2hex"},
-{ERR_PACK(0,BN_F_BN_CTX_GET,0), "BN_CTX_get"},
-{ERR_PACK(0,BN_F_BN_CTX_NEW,0), "BN_CTX_new"},
-{ERR_PACK(0,BN_F_BN_DIV,0), "BN_div"},
-{ERR_PACK(0,BN_F_BN_EXPAND2,0), "bn_expand2"},
-{ERR_PACK(0,BN_F_BN_EXPAND_INTERNAL,0), "BN_EXPAND_INTERNAL"},
-{ERR_PACK(0,BN_F_BN_MOD_EXP2_MONT,0), "BN_mod_exp2_mont"},
-{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0), "BN_mod_exp_mont"},
-{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT_WORD,0), "BN_mod_exp_mont_word"},
-{ERR_PACK(0,BN_F_BN_MOD_INVERSE,0), "BN_mod_inverse"},
-{ERR_PACK(0,BN_F_BN_MOD_LSHIFT_QUICK,0), "BN_mod_lshift_quick"},
-{ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0), "BN_mod_mul_reciprocal"},
-{ERR_PACK(0,BN_F_BN_MOD_SQRT,0), "BN_mod_sqrt"},
-{ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"},
-{ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"},
-{ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"},
-{ERR_PACK(0,BN_F_BN_RAND_RANGE,0), "BN_rand_range"},
-{ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"},
+{ERR_FUNC(BN_F_BN_BLINDING_CONVERT), "BN_BLINDING_convert"},
+{ERR_FUNC(BN_F_BN_BLINDING_INVERT), "BN_BLINDING_invert"},
+{ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"},
+{ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"},
+{ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"},
+{ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"},
+{ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"},
+{ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
+{ERR_FUNC(BN_F_BN_DIV), "BN_div"},
+{ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
+{ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"},
+{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"},
+{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
+{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
+{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
+{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"},
+{ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"},
+{ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"},
+{ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
+{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
+{ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"},
+{ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
+{ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
+{ERR_FUNC(BN_F_BN_NEW), "BN_new"},
+{ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
+{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
+{ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
{0,NULL}
};
static ERR_STRING_DATA BN_str_reasons[]=
{
-{BN_R_ARG2_LT_ARG3 ,"arg2 lt arg3"},
-{BN_R_BAD_RECIPROCAL ,"bad reciprocal"},
-{BN_R_BIGNUM_TOO_LONG ,"bignum too long"},
-{BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"},
-{BN_R_DIV_BY_ZERO ,"div by zero"},
-{BN_R_ENCODING_ERROR ,"encoding error"},
-{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"},
-{BN_R_INPUT_NOT_REDUCED ,"input not reduced"},
-{BN_R_INVALID_LENGTH ,"invalid length"},
-{BN_R_INVALID_RANGE ,"invalid range"},
-{BN_R_NOT_A_SQUARE ,"not a square"},
-{BN_R_NOT_INITIALIZED ,"not initialized"},
-{BN_R_NO_INVERSE ,"no inverse"},
-{BN_R_P_IS_NOT_PRIME ,"p is not prime"},
-{BN_R_TOO_MANY_ITERATIONS ,"too many iterations"},
-{BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"},
+{ERR_REASON(BN_R_ARG2_LT_ARG3) ,"arg2 lt arg3"},
+{ERR_REASON(BN_R_BAD_RECIPROCAL) ,"bad reciprocal"},
+{ERR_REASON(BN_R_BIGNUM_TOO_LONG) ,"bignum too long"},
+{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS),"called with even modulus"},
+{ERR_REASON(BN_R_DIV_BY_ZERO) ,"div by zero"},
+{ERR_REASON(BN_R_ENCODING_ERROR) ,"encoding error"},
+{ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),"expand on static bignum data"},
+{ERR_REASON(BN_R_INPUT_NOT_REDUCED) ,"input not reduced"},
+{ERR_REASON(BN_R_INVALID_LENGTH) ,"invalid length"},
+{ERR_REASON(BN_R_INVALID_RANGE) ,"invalid range"},
+{ERR_REASON(BN_R_NOT_A_SQUARE) ,"not a square"},
+{ERR_REASON(BN_R_NOT_INITIALIZED) ,"not initialized"},
+{ERR_REASON(BN_R_NO_INVERSE) ,"no inverse"},
+{ERR_REASON(BN_R_P_IS_NOT_PRIME) ,"p is not prime"},
+{ERR_REASON(BN_R_TOO_MANY_ITERATIONS) ,"too many iterations"},
+{ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"},
{0,NULL}
};
@@ -123,8 +131,8 @@ void ERR_load_BN_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_BN,BN_str_functs);
- ERR_load_strings(ERR_LIB_BN,BN_str_reasons);
+ ERR_load_strings(0,BN_str_functs);
+ ERR_load_strings(0,BN_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/bn/bn_exp.c b/src/lib/libssl/src/crypto/bn/bn_exp.c
index afdfd580fb..9e1e88abe8 100644
--- a/src/lib/libssl/src/crypto/bn/bn_exp.c
+++ b/src/lib/libssl/src/crypto/bn/bn_exp.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -113,6 +113,7 @@
#include "cryptlib.h"
#include "bn_lcl.h"
+/* maximum precomputation table size for *variable* sliding windows */
#define TABLE_SIZE 32
/* this one works - simple but works */
@@ -121,6 +122,13 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
int i,bits,ret=0;
BIGNUM *v,*rr;
+ if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
+ {
+ /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
+ BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+
BN_CTX_start(ctx);
if ((r == a) || (r == p))
rr = BN_CTX_get(ctx);
@@ -204,7 +212,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
if (BN_is_odd(m))
{
# ifdef MONT_EXP_WORD
- if (a->top == 1 && !a->neg)
+ if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) == 0))
{
BN_ULONG A = a->d[0];
ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
@@ -234,6 +242,13 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BIGNUM val[TABLE_SIZE];
BN_RECP_CTX recp;
+ if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
+ {
+ /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
+ BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+
bits=BN_num_bits(p);
if (bits == 0)
@@ -361,6 +376,11 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
BIGNUM val[TABLE_SIZE];
BN_MONT_CTX *mont=NULL;
+ if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
+ {
+ return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
+ }
+
bn_check_top(a);
bn_check_top(p);
bn_check_top(m);
@@ -493,6 +513,212 @@ err:
return(ret);
}
+
+/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout
+ * so that accessing any of these table values shows the same access pattern as far
+ * as cache lines are concerned. The following functions are used to transfer a BIGNUM
+ * from/to that table. */
+
+static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
+ {
+ size_t i, j;
+
+ if (bn_wexpand(b, top) == NULL)
+ return 0;
+ while (b->top < top)
+ {
+ b->d[b->top++] = 0;
+ }
+
+ for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
+ {
+ buf[j] = ((unsigned char*)b->d)[i];
+ }
+
+ bn_fix_top(b);
+ return 1;
+ }
+
+static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
+ {
+ size_t i, j;
+
+ if (bn_wexpand(b, top) == NULL)
+ return 0;
+
+ for (i=0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
+ {
+ ((unsigned char*)b->d)[i] = buf[j];
+ }
+
+ b->top = top;
+ bn_fix_top(b);
+ return 1;
+ }
+
+/* Given a pointer value, compute the next address that is a cache line multiple. */
+#define MOD_EXP_CTIME_ALIGN(x_) \
+ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+
+/* This variant of BN_mod_exp_mont() uses fixed windows and the special
+ * precomputation memory layout to limit data-dependency to a minimum
+ * to protect secret exponents (cf. the hyper-threading timing attacks
+ * pointed out by Colin Percival,
+ * http://www.daemonology.net/hyperthreading-considered-harmful/)
+ */
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+ {
+ int i,bits,ret=0,idx,window,wvalue;
+ int top;
+ BIGNUM *r;
+ const BIGNUM *aa;
+ BN_MONT_CTX *mont=NULL;
+
+ int numPowers;
+ unsigned char *powerbufFree=NULL;
+ int powerbufLen = 0;
+ unsigned char *powerbuf=NULL;
+ BIGNUM *computeTemp=NULL, *am=NULL;
+
+ bn_check_top(a);
+ bn_check_top(p);
+ bn_check_top(m);
+
+ top = m->top;
+
+ if (!(m->d[0] & 1))
+ {
+ BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,BN_R_CALLED_WITH_EVEN_MODULUS);
+ return(0);
+ }
+ bits=BN_num_bits(p);
+ if (bits == 0)
+ {
+ ret = BN_one(rr);
+ return ret;
+ }
+
+ /* Initialize BIGNUM context and allocate intermediate result */
+ BN_CTX_start(ctx);
+ r = BN_CTX_get(ctx);
+ if (r == NULL) goto err;
+
+ /* Allocate a montgomery context if it was not supplied by the caller.
+ * If this is not done, things will break in the montgomery part.
+ */
+ if (in_mont != NULL)
+ mont=in_mont;
+ else
+ {
+ if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+ if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
+ }
+
+ /* Get the window size to use with size of p. */
+ window = BN_window_bits_for_ctime_exponent_size(bits);
+
+ /* Allocate a buffer large enough to hold all of the pre-computed
+ * powers of a.
+ */
+ numPowers = 1 << window;
+ powerbufLen = sizeof(m->d[0])*top*numPowers;
+ if ((powerbufFree=(unsigned char*)OPENSSL_malloc(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
+ goto err;
+
+ powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
+ memset(powerbuf, 0, powerbufLen);
+
+ /* Initialize the intermediate result. Do this early to save double conversion,
+ * once each for a^0 and intermediate result.
+ */
+ if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers)) goto err;
+
+ /* Initialize computeTemp as a^1 with montgomery precalcs */
+ computeTemp = BN_CTX_get(ctx);
+ am = BN_CTX_get(ctx);
+ if (computeTemp==NULL || am==NULL) goto err;
+
+ if (a->neg || BN_ucmp(a,m) >= 0)
+ {
+ if (!BN_mod(am,a,m,ctx))
+ goto err;
+ aa= am;
+ }
+ else
+ aa=a;
+ if (!BN_to_montgomery(am,aa,mont,ctx)) goto err;
+ if (!BN_copy(computeTemp, am)) goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers)) goto err;
+
+ /* If the window size is greater than 1, then calculate
+ * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
+ * (even powers could instead be computed as (a^(i/2))^2
+ * to use the slight performance advantage of sqr over mul).
+ */
+ if (window > 1)
+ {
+ for (i=2; i<numPowers; i++)
+ {
+ /* Calculate a^i = a^(i-1) * a */
+ if (!BN_mod_mul_montgomery(computeTemp,am,computeTemp,mont,ctx))
+ goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(computeTemp, top, powerbuf, i, numPowers)) goto err;
+ }
+ }
+
+ /* Adjust the number of bits up to a multiple of the window size.
+ * If the exponent length is not a multiple of the window size, then
+ * this pads the most significant bits with zeros to normalize the
+ * scanning loop to there's no special cases.
+ *
+ * * NOTE: Making the window size a power of two less than the native
+ * * word size ensures that the padded bits won't go past the last
+ * * word in the internal BIGNUM structure. Going past the end will
+ * * still produce the correct result, but causes a different branch
+ * * to be taken in the BN_is_bit_set function.
+ */
+ bits = ((bits+window-1)/window)*window;
+ idx=bits-1; /* The top bit of the window */
+
+ /* Scan the exponent one window at a time starting from the most
+ * significant bits.
+ */
+ while (idx >= 0)
+ {
+ wvalue=0; /* The 'value' of the window */
+
+ /* Scan the window, squaring the result as we go */
+ for (i=0; i<window; i++,idx--)
+ {
+ if (!BN_mod_mul_montgomery(r,r,r,mont,ctx)) goto err;
+ wvalue = (wvalue<<1)+BN_is_bit_set(p,idx);
+ }
+
+ /* Fetch the appropriate pre-computed value from the pre-buf */
+ if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(computeTemp, top, powerbuf, wvalue, numPowers)) goto err;
+
+ /* Multiply the result into the intermediate result */
+ if (!BN_mod_mul_montgomery(r,r,computeTemp,mont,ctx)) goto err;
+ }
+
+ /* Convert the final result from montgomery to standard format */
+ if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
+ ret=1;
+err:
+ if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+ if (powerbuf!=NULL)
+ {
+ OPENSSL_cleanse(powerbuf,powerbufLen);
+ OPENSSL_free(powerbufFree);
+ }
+ if (am!=NULL) BN_clear(am);
+ if (computeTemp!=NULL) BN_clear(computeTemp);
+ BN_CTX_end(ctx);
+ return(ret);
+ }
+
int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
@@ -517,6 +743,13 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
(BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
+ if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
+ {
+ /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
+ BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+
bn_check_top(p);
bn_check_top(m);
@@ -644,6 +877,13 @@ int BN_mod_exp_simple(BIGNUM *r,
BIGNUM *d;
BIGNUM val[TABLE_SIZE];
+ if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
+ {
+ /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
+ BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+
bits=BN_num_bits(p);
if (bits == 0)
diff --git a/src/lib/libssl/src/crypto/bn/bn_lcl.h b/src/lib/libssl/src/crypto/bn/bn_lcl.h
index 253e195e23..a84998f2bd 100644
--- a/src/lib/libssl/src/crypto/bn/bn_lcl.h
+++ b/src/lib/libssl/src/crypto/bn/bn_lcl.h
@@ -177,6 +177,45 @@ struct bignum_ctx
+/* BN_mod_exp_mont_conttime is based on the assumption that the
+ * L1 data cache line width of the target processor is at least
+ * the following value.
+ */
+#define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 )
+#define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)
+
+/* Window sizes optimized for fixed window size modular exponentiation
+ * algorithm (BN_mod_exp_mont_consttime).
+ *
+ * To achieve the security goals of BN_mode_exp_mont_consttime, the
+ * maximum size of the window must not exceed
+ * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH).
+ *
+ * Window size thresholds are defined for cache line sizes of 32 and 64,
+ * cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A
+ * window size of 7 should only be used on processors that have a 128
+ * byte or greater cache line size.
+ */
+#if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64
+
+# define BN_window_bits_for_ctime_exponent_size(b) \
+ ((b) > 937 ? 6 : \
+ (b) > 306 ? 5 : \
+ (b) > 89 ? 4 : \
+ (b) > 22 ? 3 : 1)
+# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6)
+
+#elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32
+
+# define BN_window_bits_for_ctime_exponent_size(b) \
+ ((b) > 306 ? 5 : \
+ (b) > 89 ? 4 : \
+ (b) > 22 ? 3 : 1)
+# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5)
+
+#endif
+
+
/* Pentium pro 16,16,16,32,64 */
/* Alpha 16,16,16,16.64 */
#define BN_MULL_SIZE_NORMAL (16) /* 32 */
diff --git a/src/lib/libssl/src/crypto/bn/bn_mont.c b/src/lib/libssl/src/crypto/bn/bn_mont.c
index b79b1b60da..3572e5a690 100644
--- a/src/lib/libssl/src/crypto/bn/bn_mont.c
+++ b/src/lib/libssl/src/crypto/bn/bn_mont.c
@@ -347,3 +347,23 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
return(to);
}
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
+ const BIGNUM *mod, BN_CTX *ctx)
+ {
+ if (*pmont)
+ return *pmont;
+ CRYPTO_w_lock(lock);
+ if (!*pmont)
+ {
+ *pmont = BN_MONT_CTX_new();
+ if (*pmont && !BN_MONT_CTX_set(*pmont, mod, ctx))
+ {
+ BN_MONT_CTX_free(*pmont);
+ *pmont = NULL;
+ }
+ }
+ CRYPTO_w_unlock(lock);
+ return *pmont;
+ }
+
+
diff --git a/src/lib/libssl/src/crypto/bn/bntest.c b/src/lib/libssl/src/crypto/bn/bntest.c
index 28cd3339da..685007d330 100644
--- a/src/lib/libssl/src/crypto/bn/bntest.c
+++ b/src/lib/libssl/src/crypto/bn/bntest.c
@@ -86,6 +86,7 @@ int test_mont(BIO *bp,BN_CTX *ctx);
int test_mod(BIO *bp,BN_CTX *ctx);
int test_mod_mul(BIO *bp,BN_CTX *ctx);
int test_mod_exp(BIO *bp,BN_CTX *ctx);
+int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
int test_exp(BIO *bp,BN_CTX *ctx);
int test_kron(BIO *bp,BN_CTX *ctx);
int test_sqrt(BIO *bp,BN_CTX *ctx);
@@ -213,6 +214,10 @@ int main(int argc, char *argv[])
if (!test_mod_exp(out,ctx)) goto err;
BIO_flush(out);
+ message(out,"BN_mod_exp_mont_consttime");
+ if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
+ BIO_flush(out);
+
message(out,"BN_exp");
if (!test_exp(out,ctx)) goto err;
BIO_flush(out);
@@ -813,6 +818,57 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
return(1);
}
+int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM *a,*b,*c,*d,*e;
+ int i;
+
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+
+ BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
+ for (i=0; i<num2; i++)
+ {
+ BN_bntest_rand(a,20+i*5,0,0); /**/
+ BN_bntest_rand(b,2+i,0,0); /**/
+
+ if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
+ return(00);
+
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," ^ ");
+ BN_print(bp,b);
+ BIO_puts(bp," % ");
+ BN_print(bp,c);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,d);
+ BIO_puts(bp,"\n");
+ }
+ BN_exp(e,a,b,ctx);
+ BN_sub(e,e,d);
+ BN_div(a,b,e,c,ctx);
+ if(!BN_is_zero(b))
+ {
+ fprintf(stderr,"Modulo exponentiation test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return(1);
+ }
+
int test_exp(BIO *bp, BN_CTX *ctx)
{
BIGNUM *a,*b,*d,*e,*one;
diff --git a/src/lib/libssl/src/crypto/bn/expspeed.c b/src/lib/libssl/src/crypto/bn/expspeed.c
index 07a1bcf51c..4d5f221f33 100644
--- a/src/lib/libssl/src/crypto/bn/expspeed.c
+++ b/src/lib/libssl/src/crypto/bn/expspeed.c
@@ -321,7 +321,7 @@ void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
#else /* TEST_SQRT */
"2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d"
#endif
- " -> %8.3fms %5.1f (%ld)\n",
+ " -> %8.6fms %5.1f (%ld)\n",
#ifdef TEST_SQRT
P_MOD_64,
#endif
diff --git a/src/lib/libssl/src/crypto/bn/exptest.c b/src/lib/libssl/src/crypto/bn/exptest.c
index b09cf88705..28aaac2ac1 100644
--- a/src/lib/libssl/src/crypto/bn/exptest.c
+++ b/src/lib/libssl/src/crypto/bn/exptest.c
@@ -77,7 +77,7 @@ int main(int argc, char *argv[])
BIO *out=NULL;
int i,ret;
unsigned char c;
- BIGNUM *r_mont,*r_recp,*r_simple,*a,*b,*m;
+ BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;
RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
* even check its return value
@@ -88,6 +88,7 @@ int main(int argc, char *argv[])
ctx=BN_CTX_new();
if (ctx == NULL) EXIT(1);
r_mont=BN_new();
+ r_mont_const=BN_new();
r_recp=BN_new();
r_simple=BN_new();
a=BN_new();
@@ -143,8 +144,17 @@ int main(int argc, char *argv[])
EXIT(1);
}
+ ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);
+ if (ret <= 0)
+ {
+ printf("BN_mod_exp_mont_consttime() problems\n");
+ ERR_print_errors(out);
+ EXIT(1);
+ }
+
if (BN_cmp(r_simple, r_mont) == 0
- && BN_cmp(r_simple,r_recp) == 0)
+ && BN_cmp(r_simple,r_recp) == 0
+ && BN_cmp(r_simple,r_mont_const) == 0)
{
printf(".");
fflush(stdout);
@@ -153,6 +163,8 @@ int main(int argc, char *argv[])
{
if (BN_cmp(r_simple,r_mont) != 0)
printf("\nsimple and mont results differ\n");
+ if (BN_cmp(r_simple,r_mont) != 0)
+ printf("\nsimple and mont const time results differ\n");
if (BN_cmp(r_simple,r_recp) != 0)
printf("\nsimple and recp results differ\n");
@@ -162,11 +174,13 @@ int main(int argc, char *argv[])
printf("\nsimple ="); BN_print(out,r_simple);
printf("\nrecp ="); BN_print(out,r_recp);
printf("\nmont ="); BN_print(out,r_mont);
+ printf("\nmont_ct ="); BN_print(out,r_mont_const);
printf("\n");
EXIT(1);
}
}
BN_free(r_mont);
+ BN_free(r_mont_const);
BN_free(r_recp);
BN_free(r_simple);
BN_free(a);
diff --git a/src/lib/libssl/src/crypto/buffer/Makefile b/src/lib/libssl/src/crypto/buffer/Makefile
index 3911baf513..4b53c595a3 100644
--- a/src/lib/libssl/src/crypto/buffer/Makefile
+++ b/src/lib/libssl/src/crypto/buffer/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/buffer/Makefile
+# OpenSSL/crypto/buffer/Makefile
#
DIR= buffer
diff --git a/src/lib/libssl/src/crypto/buffer/buf_err.c b/src/lib/libssl/src/crypto/buffer/buf_err.c
index 5eee653e14..1fc32a6861 100644
--- a/src/lib/libssl/src/crypto/buffer/buf_err.c
+++ b/src/lib/libssl/src/crypto/buffer/buf_err.c
@@ -1,6 +1,6 @@
/* crypto/buffer/buf_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,11 +64,15 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)
+
static ERR_STRING_DATA BUF_str_functs[]=
{
-{ERR_PACK(0,BUF_F_BUF_MEM_GROW,0), "BUF_MEM_grow"},
-{ERR_PACK(0,BUF_F_BUF_MEM_NEW,0), "BUF_MEM_new"},
-{ERR_PACK(0,BUF_F_BUF_STRDUP,0), "BUF_strdup"},
+{ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"},
+{ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"},
+{ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"},
{0,NULL}
};
@@ -87,8 +91,8 @@ void ERR_load_BUF_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_BUF,BUF_str_functs);
- ERR_load_strings(ERR_LIB_BUF,BUF_str_reasons);
+ ERR_load_strings(0,BUF_str_functs);
+ ERR_load_strings(0,BUF_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/cast/Makefile b/src/lib/libssl/src/crypto/cast/Makefile
index 8b0d04bb7c..b388f6271c 100644
--- a/src/lib/libssl/src/crypto/cast/Makefile
+++ b/src/lib/libssl/src/crypto/cast/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/cast/Makefile
+# OpenSSL/crypto/cast/Makefile
#
DIR= cast
@@ -115,6 +115,7 @@ c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
c_ofb64.o: c_ofb64.c cast_lcl.h
c_skey.o: ../../e_os.h ../../include/openssl/cast.h
c_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-c_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-c_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-c_skey.o: ../../include/openssl/symhacks.h c_skey.c cast_lcl.h cast_s.h
+c_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+c_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+c_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_skey.o: c_skey.c cast_lcl.h cast_s.h
diff --git a/src/lib/libssl/src/crypto/cast/c_skey.c b/src/lib/libssl/src/crypto/cast/c_skey.c
index dc4791a8cf..db9b7573e0 100644
--- a/src/lib/libssl/src/crypto/cast/c_skey.c
+++ b/src/lib/libssl/src/crypto/cast/c_skey.c
@@ -57,6 +57,7 @@
*/
#include <openssl/crypto.h>
+#include <openssl/fips.h>
#include <openssl/cast.h>
#include "cast_lcl.h"
diff --git a/src/lib/libssl/src/crypto/cast/cast_lcl.h b/src/lib/libssl/src/crypto/cast/cast_lcl.h
index 37f41cc6a4..e756021a33 100644
--- a/src/lib/libssl/src/crypto/cast/cast_lcl.h
+++ b/src/lib/libssl/src/crypto/cast/cast_lcl.h
@@ -64,11 +64,6 @@
#endif
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
#undef c2l
#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
l|=((unsigned long)(*((c)++)))<< 8L, \
@@ -222,11 +217,11 @@
}
#endif
-OPENSSL_EXTERN const CAST_LONG CAST_S_table0[256];
-OPENSSL_EXTERN const CAST_LONG CAST_S_table1[256];
-OPENSSL_EXTERN const CAST_LONG CAST_S_table2[256];
-OPENSSL_EXTERN const CAST_LONG CAST_S_table3[256];
-OPENSSL_EXTERN const CAST_LONG CAST_S_table4[256];
-OPENSSL_EXTERN const CAST_LONG CAST_S_table5[256];
-OPENSSL_EXTERN const CAST_LONG CAST_S_table6[256];
-OPENSSL_EXTERN const CAST_LONG CAST_S_table7[256];
+extern const CAST_LONG CAST_S_table0[256];
+extern const CAST_LONG CAST_S_table1[256];
+extern const CAST_LONG CAST_S_table2[256];
+extern const CAST_LONG CAST_S_table3[256];
+extern const CAST_LONG CAST_S_table4[256];
+extern const CAST_LONG CAST_S_table5[256];
+extern const CAST_LONG CAST_S_table6[256];
+extern const CAST_LONG CAST_S_table7[256];
diff --git a/src/lib/libssl/src/crypto/comp/Makefile b/src/lib/libssl/src/crypto/comp/Makefile
index 68109a8013..df1babec5c 100644
--- a/src/lib/libssl/src/crypto/comp/Makefile
+++ b/src/lib/libssl/src/crypto/comp/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/comp/Makefile
+# OpenSSL/crypto/comp/Makefile
#
DIR= comp
diff --git a/src/lib/libssl/src/crypto/comp/c_zlib.c b/src/lib/libssl/src/crypto/comp/c_zlib.c
index 1bd2850d15..5fcb521ffb 100644
--- a/src/lib/libssl/src/crypto/comp/c_zlib.c
+++ b/src/lib/libssl/src/crypto/comp/c_zlib.c
@@ -51,30 +51,17 @@ static COMP_METHOD zlib_method={
*/
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
# include <windows.h>
-
-# define Z_CALLCONV _stdcall
-# define ZLIB_SHARED
-#else
-# define Z_CALLCONV
#endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */
#ifdef ZLIB_SHARED
#include <openssl/dso.h>
-/* Prototypes for built in stubs */
-static int stub_compress(Bytef *dest,uLongf *destLen,
- const Bytef *source, uLong sourceLen);
-static int stub_inflateEnd(z_streamp strm);
-static int stub_inflate(z_streamp strm, int flush);
-static int stub_inflateInit_(z_streamp strm, const char * version,
- int stream_size);
-
/* Function pointers */
-typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen,
+typedef int (*compress_ft)(Bytef *dest,uLongf *destLen,
const Bytef *source, uLong sourceLen);
-typedef int (Z_CALLCONV *inflateEnd_ft)(z_streamp strm);
-typedef int (Z_CALLCONV *inflate_ft)(z_streamp strm, int flush);
-typedef int (Z_CALLCONV *inflateInit__ft)(z_streamp strm,
+typedef int (*inflateEnd_ft)(z_streamp strm);
+typedef int (*inflate_ft)(z_streamp strm, int flush);
+typedef int (*inflateInit__ft)(z_streamp strm,
const char * version, int stream_size);
static compress_ft p_compress=NULL;
static inflateEnd_ft p_inflateEnd=NULL;
@@ -84,10 +71,10 @@ static inflateInit__ft p_inflateInit_=NULL;
static int zlib_loaded = 0; /* only attempt to init func pts once */
static DSO *zlib_dso = NULL;
-#define compress stub_compress
-#define inflateEnd stub_inflateEnd
-#define inflate stub_inflate
-#define inflateInit_ stub_inflateInit_
+#define compress p_compress
+#define inflateEnd p_inflateEnd
+#define inflate p_inflate
+#define inflateInit_ p_inflateInit_
#endif /* ZLIB_SHARED */
static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
@@ -191,16 +178,6 @@ COMP_METHOD *COMP_zlib(void)
{
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0);
- if (!zlib_dso)
- {
- zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0);
- if (zlib_dso)
- {
- /* Clear the errors from the first failed
- DSO_load() */
- ERR_clear_error();
- }
- }
#else
zlib_dso = DSO_load(NULL, "z", NULL, 0);
#endif
@@ -218,54 +195,21 @@ COMP_METHOD *COMP_zlib(void)
p_inflateInit_
= (inflateInit__ft) DSO_bind_func(zlib_dso,
"inflateInit_");
- zlib_loaded++;
+
+ if (p_compress && p_inflateEnd && p_inflate
+ && p_inflateInit_)
+ zlib_loaded++;
}
}
#endif
+#ifdef ZLIB_SHARED
+ if (zlib_loaded)
+#endif
#if defined(ZLIB) || defined(ZLIB_SHARED)
- meth = &zlib_method;
+ meth = &zlib_method;
#endif
return(meth);
}
-#ifdef ZLIB_SHARED
-/* Stubs for each function to be dynamicly loaded */
-static int
-stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen)
- {
- if (p_compress)
- return(p_compress(dest,destLen,source,sourceLen));
- else
- return(Z_MEM_ERROR);
- }
-
-static int
-stub_inflateEnd(z_streamp strm)
- {
- if ( p_inflateEnd )
- return(p_inflateEnd(strm));
- else
- return(Z_MEM_ERROR);
- }
-
-static int
-stub_inflate(z_streamp strm, int flush)
- {
- if ( p_inflate )
- return(p_inflate(strm,flush));
- else
- return(Z_MEM_ERROR);
- }
-
-static int
-stub_inflateInit_(z_streamp strm, const char * version, int stream_size)
- {
- if ( p_inflateInit_ )
- return(p_inflateInit_(strm,version,stream_size));
- else
- return(Z_MEM_ERROR);
- }
-
-#endif /* ZLIB_SHARED */
diff --git a/src/lib/libssl/src/crypto/conf/Makefile b/src/lib/libssl/src/crypto/conf/Makefile
index 6d2f8ffd9a..403d12b28c 100644
--- a/src/lib/libssl/src/crypto/conf/Makefile
+++ b/src/lib/libssl/src/crypto/conf/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/conf/Makefile
+# OpenSSL/crypto/conf/Makefile
#
DIR= conf
diff --git a/src/lib/libssl/src/crypto/conf/conf_def.c b/src/lib/libssl/src/crypto/conf/conf_def.c
index b5a876ae68..2464f8ed90 100644
--- a/src/lib/libssl/src/crypto/conf/conf_def.c
+++ b/src/lib/libssl/src/crypto/conf/conf_def.c
@@ -613,13 +613,13 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
e++;
}
/* So at this point we have
- * ns which is the start of the name string which is
+ * np which is the start of the name string which is
* '\0' terminated.
- * cs which is the start of the section string which is
+ * cp which is the start of the section string which is
* '\0' terminated.
* e is the 'next point after'.
- * r and s are the chars replaced by the '\0'
- * rp and sp is where 'r' and 's' came from.
+ * r and rr are the chars replaced by the '\0'
+ * rp and rrp is where 'r' and 'rr' came from.
*/
p=_CONF_get_string(conf,cp,np);
if (rrp != NULL) *rrp=rr;
@@ -638,6 +638,11 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
points at. /RL */
len -= e-from;
from=e;
+
+ /* In case there were no braces or parenthesis around
+ the variable reference, we have to put back the
+ character that was replaced with a '\0'. /RL */
+ *rp = r;
}
else
buf->data[to++]= *(from++);
diff --git a/src/lib/libssl/src/crypto/conf/conf_err.c b/src/lib/libssl/src/crypto/conf/conf_err.c
index ee07bfe9d9..f5e2ca4bf0 100644
--- a/src/lib/libssl/src/crypto/conf/conf_err.c
+++ b/src/lib/libssl/src/crypto/conf/conf_err.c
@@ -1,6 +1,6 @@
/* crypto/conf/conf_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,47 +64,51 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason)
+
static ERR_STRING_DATA CONF_str_functs[]=
{
-{ERR_PACK(0,CONF_F_CONF_DUMP_FP,0), "CONF_dump_fp"},
-{ERR_PACK(0,CONF_F_CONF_LOAD,0), "CONF_load"},
-{ERR_PACK(0,CONF_F_CONF_LOAD_BIO,0), "CONF_load_bio"},
-{ERR_PACK(0,CONF_F_CONF_LOAD_FP,0), "CONF_load_fp"},
-{ERR_PACK(0,CONF_F_CONF_MODULES_LOAD,0), "CONF_modules_load"},
-{ERR_PACK(0,CONF_F_MODULE_INIT,0), "MODULE_INIT"},
-{ERR_PACK(0,CONF_F_MODULE_LOAD_DSO,0), "MODULE_LOAD_DSO"},
-{ERR_PACK(0,CONF_F_MODULE_RUN,0), "MODULE_RUN"},
-{ERR_PACK(0,CONF_F_NCONF_DUMP_BIO,0), "NCONF_dump_bio"},
-{ERR_PACK(0,CONF_F_NCONF_DUMP_FP,0), "NCONF_dump_fp"},
-{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER,0), "NCONF_get_number"},
-{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER_E,0), "NCONF_get_number_e"},
-{ERR_PACK(0,CONF_F_NCONF_GET_SECTION,0), "NCONF_get_section"},
-{ERR_PACK(0,CONF_F_NCONF_GET_STRING,0), "NCONF_get_string"},
-{ERR_PACK(0,CONF_F_NCONF_LOAD,0), "NCONF_load"},
-{ERR_PACK(0,CONF_F_NCONF_LOAD_BIO,0), "NCONF_load_bio"},
-{ERR_PACK(0,CONF_F_NCONF_LOAD_FP,0), "NCONF_load_fp"},
-{ERR_PACK(0,CONF_F_NCONF_NEW,0), "NCONF_new"},
-{ERR_PACK(0,CONF_F_STR_COPY,0), "STR_COPY"},
+{ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"},
+{ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"},
+{ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"},
+{ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"},
+{ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"},
+{ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"},
+{ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"},
+{ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"},
+{ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"},
+{ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"},
+{ERR_FUNC(CONF_F_NCONF_GET_NUMBER), "NCONF_get_number"},
+{ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"},
+{ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"},
+{ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"},
+{ERR_FUNC(CONF_F_NCONF_LOAD), "NCONF_load"},
+{ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"},
+{ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"},
+{ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"},
+{ERR_FUNC(CONF_F_STR_COPY), "STR_COPY"},
{0,NULL}
};
static ERR_STRING_DATA CONF_str_reasons[]=
{
-{CONF_R_ERROR_LOADING_DSO ,"error loading dso"},
-{CONF_R_MISSING_CLOSE_SQUARE_BRACKET ,"missing close square bracket"},
-{CONF_R_MISSING_EQUAL_SIGN ,"missing equal sign"},
-{CONF_R_MISSING_FINISH_FUNCTION ,"missing finish function"},
-{CONF_R_MISSING_INIT_FUNCTION ,"missing init function"},
-{CONF_R_MODULE_INITIALIZATION_ERROR ,"module initialization error"},
-{CONF_R_NO_CLOSE_BRACE ,"no close brace"},
-{CONF_R_NO_CONF ,"no conf"},
-{CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE ,"no conf or environment variable"},
-{CONF_R_NO_SECTION ,"no section"},
-{CONF_R_NO_SUCH_FILE ,"no such file"},
-{CONF_R_NO_VALUE ,"no value"},
-{CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"},
-{CONF_R_UNKNOWN_MODULE_NAME ,"unknown module name"},
-{CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"},
+{ERR_REASON(CONF_R_ERROR_LOADING_DSO) ,"error loading dso"},
+{ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),"missing close square bracket"},
+{ERR_REASON(CONF_R_MISSING_EQUAL_SIGN) ,"missing equal sign"},
+{ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION),"missing finish function"},
+{ERR_REASON(CONF_R_MISSING_INIT_FUNCTION),"missing init function"},
+{ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),"module initialization error"},
+{ERR_REASON(CONF_R_NO_CLOSE_BRACE) ,"no close brace"},
+{ERR_REASON(CONF_R_NO_CONF) ,"no conf"},
+{ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),"no conf or environment variable"},
+{ERR_REASON(CONF_R_NO_SECTION) ,"no section"},
+{ERR_REASON(CONF_R_NO_SUCH_FILE) ,"no such file"},
+{ERR_REASON(CONF_R_NO_VALUE) ,"no value"},
+{ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),"unable to create new section"},
+{ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME) ,"unknown module name"},
+{ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE),"variable has no value"},
{0,NULL}
};
@@ -118,8 +122,8 @@ void ERR_load_CONF_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_CONF,CONF_str_functs);
- ERR_load_strings(ERR_LIB_CONF,CONF_str_reasons);
+ ERR_load_strings(0,CONF_str_functs);
+ ERR_load_strings(0,CONF_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/cpt_err.c b/src/lib/libssl/src/crypto/cpt_err.c
index 1b4a1cb4d4..06a6109cce 100644
--- a/src/lib/libssl/src/crypto/cpt_err.c
+++ b/src/lib/libssl/src/crypto/cpt_err.c
@@ -1,6 +1,6 @@
/* crypto/cpt_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,23 +64,27 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason)
+
static ERR_STRING_DATA CRYPTO_str_functs[]=
{
-{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,0), "CRYPTO_get_ex_new_index"},
-{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,0), "CRYPTO_get_new_dynlockid"},
-{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_LOCKID,0), "CRYPTO_get_new_lockid"},
-{ERR_PACK(0,CRYPTO_F_CRYPTO_SET_EX_DATA,0), "CRYPTO_set_ex_data"},
-{ERR_PACK(0,CRYPTO_F_DEF_ADD_INDEX,0), "DEF_ADD_INDEX"},
-{ERR_PACK(0,CRYPTO_F_DEF_GET_CLASS,0), "DEF_GET_CLASS"},
-{ERR_PACK(0,CRYPTO_F_INT_DUP_EX_DATA,0), "INT_DUP_EX_DATA"},
-{ERR_PACK(0,CRYPTO_F_INT_FREE_EX_DATA,0), "INT_FREE_EX_DATA"},
-{ERR_PACK(0,CRYPTO_F_INT_NEW_EX_DATA,0), "INT_NEW_EX_DATA"},
+{ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"},
+{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"},
+{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"},
+{ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"},
+{ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"},
+{ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"},
+{ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"},
+{ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"},
+{ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"},
{0,NULL}
};
static ERR_STRING_DATA CRYPTO_str_reasons[]=
{
-{CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK ,"no dynlock create callback"},
+{ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK),"no dynlock create callback"},
{0,NULL}
};
@@ -94,8 +98,8 @@ void ERR_load_CRYPTO_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_functs);
- ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_reasons);
+ ERR_load_strings(0,CRYPTO_str_functs);
+ ERR_load_strings(0,CRYPTO_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/cryptlib.c b/src/lib/libssl/src/crypto/cryptlib.c
index fef0afb29f..e63bbe8dba 100644
--- a/src/lib/libssl/src/crypto/cryptlib.c
+++ b/src/lib/libssl/src/crypto/cryptlib.c
@@ -480,6 +480,8 @@ const char *CRYPTO_get_lock_name(int type)
return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
}
+int OPENSSL_NONPIC_relocated=0;
+
#if defined(_WIN32) && defined(_WINDLL)
/* All we really need to do is remove the 'error' state when a thread
@@ -491,6 +493,21 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
switch(fdwReason)
{
case DLL_PROCESS_ATTACH:
+#if defined(_WIN32_WINNT)
+ {
+ IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)hinstDLL;
+ IMAGE_NT_HEADERS *nt_headers;
+
+ if (dos_header->e_magic==IMAGE_DOS_SIGNATURE)
+ {
+ nt_headers = (IMAGE_NT_HEADERS *)((char *)dos_header
+ + dos_header->e_lfanew);
+ if (nt_headers->Signature==IMAGE_NT_SIGNATURE &&
+ hinstDLL!=(HINSTANCE)(nt_headers->OptionalHeader.ImageBase))
+ OPENSSL_NONPIC_relocated=1;
+ }
+ }
+#endif
break;
case DLL_THREAD_ATTACH:
break;
@@ -504,18 +521,160 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
}
#endif
+#if defined(_WIN32)
+#include <tchar.h>
+
+#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+static int IsService(void)
+{ HWINSTA h;
+ DWORD len;
+ WCHAR *name;
+
+ (void)GetDesktopWindow(); /* return value is ignored */
+
+ h = GetProcessWindowStation();
+ if (h==NULL) return -1;
+
+ if (GetUserObjectInformationW (h,UOI_NAME,NULL,0,&len) ||
+ GetLastError() != ERROR_INSUFFICIENT_BUFFER)
+ return -1;
+
+ if (len>512) return -1; /* paranoia */
+ len++,len&=~1; /* paranoia */
+#ifdef _MSC_VER
+ name=(WCHAR *)_alloca(len+sizeof(WCHAR));
+#else
+ name=(WCHAR *)alloca(len+sizeof(WCHAR));
+#endif
+ if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len))
+ return -1;
+
+ len++,len&=~1; /* paranoia */
+ name[len/sizeof(WCHAR)]=L'\0'; /* paranoia */
+#if 1
+ /* This doesn't cover "interactive" services [working with real
+ * WinSta0's] nor programs started non-interactively by Task
+ * Scheduler [those are working with SAWinSta]. */
+ if (wcsstr(name,L"Service-0x")) return 1;
+#else
+ /* This covers all non-interactive programs such as services. */
+ if (!wcsstr(name,L"WinSta0")) return 1;
+#endif
+ else return 0;
+}
+#endif
+
+void OPENSSL_showfatal (const char *fmta,...)
+{ va_list ap;
+ TCHAR buf[256];
+ const TCHAR *fmt;
+ HANDLE h;
+
+ if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
+ GetFileType(h)!=FILE_TYPE_UNKNOWN)
+ { /* must be console application */
+ va_start (ap,fmta);
+ vfprintf (stderr,fmta,ap);
+ va_end (ap);
+ return;
+ }
+
+ if (sizeof(TCHAR)==sizeof(char))
+ fmt=(const TCHAR *)fmta;
+ else do
+ { int keepgoing;
+ size_t len_0=strlen(fmta)+1,i;
+ WCHAR *fmtw;
+
+#ifdef _MSC_VER
+ fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR));
+#else
+ fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR));
+#endif
+ if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; }
+
+#ifndef OPENSSL_NO_MULTIBYTE
+ if (!MultiByteToWideChar(CP_ACP,0,fmta,len_0,fmtw,len_0))
+#endif
+ for (i=0;i<len_0;i++) fmtw[i]=(WCHAR)fmta[i];
+
+ for (i=0;i<len_0;i++)
+ { if (fmtw[i]==L'%') do
+ { keepgoing=0;
+ switch (fmtw[i+1])
+ { case L'0': case L'1': case L'2': case L'3': case L'4':
+ case L'5': case L'6': case L'7': case L'8': case L'9':
+ case L'.': case L'*':
+ case L'-': i++; keepgoing=1; break;
+ case L's': fmtw[i+1]=L'S'; break;
+ case L'S': fmtw[i+1]=L's'; break;
+ case L'c': fmtw[i+1]=L'C'; break;
+ case L'C': fmtw[i+1]=L'c'; break;
+ }
+ } while (keepgoing);
+ }
+ fmt = (const TCHAR *)fmtw;
+ } while (0);
+
+ va_start (ap,fmta);
+ _vsntprintf (buf,sizeof(buf)/sizeof(TCHAR)-1,fmt,ap);
+ buf [sizeof(buf)/sizeof(TCHAR)-1] = _T('\0');
+ va_end (ap);
+
+#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+ /* this -------------v--- guards NT-specific calls */
+ if (GetVersion() < 0x80000000 && IsService())
+ { HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
+ const TCHAR *pmsg=buf;
+ ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
+ DeregisterEventSource(h);
+ }
+ else
+#endif
+ { MSGBOXPARAMS m;
+
+ m.cbSize = sizeof(m);
+ m.hwndOwner = NULL;
+ m.lpszCaption = _T("OpenSSL: FATAL");
+ m.dwStyle = MB_OK;
+ m.hInstance = NULL;
+ m.lpszIcon = IDI_ERROR;
+ m.dwContextHelpId = 0;
+ m.lpfnMsgBoxCallback = NULL;
+ m.dwLanguageId = MAKELANGID(LANG_ENGLISH,SUBLANG_ENGLISH_US);
+ m.lpszText = buf;
+
+ MessageBoxIndirect (&m);
+ }
+}
+#else
+void OPENSSL_showfatal (const char *fmta,...)
+{ va_list ap;
+
+ va_start (ap,fmta);
+ vfprintf (stderr,fmta,ap);
+ va_end (ap);
+}
+#endif
+
void OpenSSLDie(const char *file,int line,const char *assertion)
{
- fprintf(stderr,
+ OPENSSL_showfatal(
"%s(%d): OpenSSL internal error, assertion failed: %s\n",
file,line,assertion);
abort();
}
+void *OPENSSL_stderr(void) { return stderr; }
+
#ifdef OPENSSL_FIPS
+
+void fips_w_lock(void) { CRYPTO_w_lock(CRYPTO_LOCK_FIPS); }
+void fips_w_unlock(void) { CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); }
+void fips_r_lock(void) { CRYPTO_r_lock(CRYPTO_LOCK_FIPS); }
+void fips_r_unlock(void) { CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); }
+
static int fips_started = 0;
-static int fips_mode = 0;
-static void *fips_rand_check = 0;
static unsigned long fips_thread = 0;
void fips_set_started(void)
@@ -576,57 +735,10 @@ int fips_clear_owning_thread(void)
return ret;
}
-void fips_set_mode(int onoff)
- {
- int owning_thread = fips_is_owning_thread();
-
- if (fips_is_started())
- {
- if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
- fips_mode = onoff;
- if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
- }
- }
-
-void fips_set_rand_check(void *rand_check)
- {
- int owning_thread = fips_is_owning_thread();
-
- if (fips_is_started())
- {
- if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
- fips_rand_check = rand_check;
- if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
- }
- }
-
-int FIPS_mode(void)
- {
- int ret = 0;
- int owning_thread = fips_is_owning_thread();
-
- if (fips_is_started())
- {
- if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
- ret = fips_mode;
- if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
- }
- return ret;
- }
-
-void *FIPS_rand_check(void)
+unsigned char *fips_signature_witness(void)
{
- void *ret = 0;
- int owning_thread = fips_is_owning_thread();
-
- if (fips_is_started())
- {
- if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
- ret = fips_rand_check;
- if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
- }
- return ret;
+ extern unsigned char FIPS_signature[];
+ return FIPS_signature;
}
-
#endif /* OPENSSL_FIPS */
diff --git a/src/lib/libssl/src/crypto/cryptlib.h b/src/lib/libssl/src/crypto/cryptlib.h
index 0d6b9d59f0..6f59e08ca6 100644
--- a/src/lib/libssl/src/crypto/cryptlib.h
+++ b/src/lib/libssl/src/crypto/cryptlib.h
@@ -93,6 +93,10 @@ extern "C" {
#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
#define HEX_SIZE(type) (sizeof(type)*2)
+void OPENSSL_showfatal(const char *,...);
+void *OPENSSL_stderr(void);
+extern int OPENSSL_NONPIC_relocated;
+
#ifdef __cplusplus
}
#endif
diff --git a/src/lib/libssl/src/crypto/crypto-lib.com b/src/lib/libssl/src/crypto/crypto-lib.com
index c044ce0099..427c321f25 100644
--- a/src/lib/libssl/src/crypto/crypto-lib.com
+++ b/src/lib/libssl/src/crypto/crypto-lib.com
@@ -184,10 +184,10 @@ $ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm"
$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
"bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
"bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
- "bn_recp,bn_mont,bn_mpi,bn_exp2"
+ "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_x931p"
$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
"rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
- "rsa_asn1"
+ "rsa_pss,rsa_x931,rsa_asn1"
$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_recp,ecp_nist,ec_cvt,ec_mult,"+ -
"ec_err"
$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
@@ -265,10 +265,15 @@ $ LIB_KRB5 = "krb5_asn"
$!
$! Setup exceptional compilations
$!
+$ ! Add definitions for no threads on OpenVMS 7.1 and higher
$ COMPILEWITH_CC3 = ",bss_rtcp,"
+$ ! Disable the DOLLARID warning
$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,"
+$ ! Disable disjoint optimization
$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
"sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
+$ ! Disable the MIXLINKAGE warning
+$ COMPILEWITH_CC6 = ",enc_read,set_key,"
$!
$! Figure Out What Other Modules We Are To Build.
$!
@@ -497,7 +502,12 @@ $ IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
$ THEN
$ CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
$ ELSE
-$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6
+$ THEN
+$ CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ELSE
+$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ENDIF
$ ENDIF
$ ENDIF
$ ENDIF
@@ -960,7 +970,7 @@ $ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
$ CCEXTRAFLAGS = ""
$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
$!
@@ -1077,14 +1087,18 @@ $ THEN
$ IF CCDISABLEWARNINGS .EQS. ""
$ THEN
$ CC4DISABLEWARNINGS = "DOLLARID"
+$ CC6DISABLEWARNINGS = "MIXLINKAGE"
$ ELSE
$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$ CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE"
$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
$ ENDIF
$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$ CC6DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
$ ELSE
$ CCDISABLEWARNINGS = ""
$ CC4DISABLEWARNINGS = ""
+$ CC6DISABLEWARNINGS = ""
$ ENDIF
$ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
@@ -1095,6 +1109,7 @@ $ ELSE
$ CC5 = CC + "/NOOPTIMIZE"
$ ENDIF
$ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
+$ CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS
$!
$! Show user the result
$!
diff --git a/src/lib/libssl/src/crypto/crypto.h b/src/lib/libssl/src/crypto/crypto.h
index 4d1dfac7f1..22fd939e65 100644
--- a/src/lib/libssl/src/crypto/crypto.h
+++ b/src/lib/libssl/src/crypto/crypto.h
@@ -434,12 +434,9 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
/* die if we have to */
void OpenSSLDie(const char *file,int line,const char *assertion);
-#define OPENSSL_assert(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
#ifdef OPENSSL_FIPS
-int FIPS_mode(void);
-void *FIPS_rand_check(void);
-
#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
alg " previous FIPS forbidden algorithm error ignored");
diff --git a/src/lib/libssl/src/crypto/des/Makefile b/src/lib/libssl/src/crypto/des/Makefile
index 655f2ea1a8..800af0b123 100644
--- a/src/lib/libssl/src/crypto/des/Makefile
+++ b/src/lib/libssl/src/crypto/des/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/des/Makefile
+# OpenSSL/crypto/des/Makefile
#
DIR= des
diff --git a/src/lib/libssl/src/crypto/des/des_locl.h b/src/lib/libssl/src/crypto/des/des_locl.h
index e44e8e98b2..8f04b18c50 100644
--- a/src/lib/libssl/src/crypto/des/des_locl.h
+++ b/src/lib/libssl/src/crypto/des/des_locl.h
@@ -421,7 +421,7 @@
PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
}
-OPENSSL_EXTERN const DES_LONG DES_SPtrans[8][64];
+extern const DES_LONG DES_SPtrans[8][64];
void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
DES_LONG Eswap0, DES_LONG Eswap1);
diff --git a/src/lib/libssl/src/crypto/dh/Makefile b/src/lib/libssl/src/crypto/dh/Makefile
index c091a8130a..352678b94a 100644
--- a/src/lib/libssl/src/crypto/dh/Makefile
+++ b/src/lib/libssl/src/crypto/dh/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/dh/Makefile
+# OpenSSL/crypto/dh/Makefile
#
DIR= dh
diff --git a/src/lib/libssl/src/crypto/dh/dh.h b/src/lib/libssl/src/crypto/dh/dh.h
index 05851f8429..92c7481e10 100644
--- a/src/lib/libssl/src/crypto/dh/dh.h
+++ b/src/lib/libssl/src/crypto/dh/dh.h
@@ -70,7 +70,14 @@
#include <openssl/crypto.h>
#include <openssl/ossl_typ.h>
-#define DH_FLAG_CACHE_MONT_P 0x01
+#define DH_FLAG_CACHE_MONT_P 0x01
+#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
+ * implementation now uses constant time
+ * modular exponentiation for secret exponents
+ * by default. This flag causes the
+ * faster variable sliding window method to
+ * be used for all exponents.
+ */
#ifdef __cplusplus
extern "C" {
diff --git a/src/lib/libssl/src/crypto/dh/dh_err.c b/src/lib/libssl/src/crypto/dh/dh_err.c
index c2715044c9..83ccb41221 100644
--- a/src/lib/libssl/src/crypto/dh/dh_err.c
+++ b/src/lib/libssl/src/crypto/dh/dh_err.c
@@ -1,6 +1,6 @@
/* crypto/dh/dh_err.c */
/* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,21 +64,25 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
+
static ERR_STRING_DATA DH_str_functs[]=
{
-{ERR_PACK(0,DH_F_DHPARAMS_PRINT,0), "DHparams_print"},
-{ERR_PACK(0,DH_F_DHPARAMS_PRINT_FP,0), "DHparams_print_fp"},
-{ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0), "DH_compute_key"},
-{ERR_PACK(0,DH_F_DH_GENERATE_KEY,0), "DH_generate_key"},
-{ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0), "DH_generate_parameters"},
-{ERR_PACK(0,DH_F_DH_NEW_METHOD,0), "DH_new_method"},
+{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"},
+{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
+{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
+{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"},
+{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"},
+{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
{0,NULL}
};
static ERR_STRING_DATA DH_str_reasons[]=
{
-{DH_R_BAD_GENERATOR ,"bad generator"},
-{DH_R_NO_PRIVATE_VALUE ,"no private value"},
+{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
+{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
{0,NULL}
};
@@ -92,8 +96,8 @@ void ERR_load_DH_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_DH,DH_str_functs);
- ERR_load_strings(ERR_LIB_DH,DH_str_reasons);
+ ERR_load_strings(0,DH_str_functs);
+ ERR_load_strings(0,DH_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/dh/dh_key.c b/src/lib/libssl/src/crypto/dh/dh_key.c
index ff125c2296..3a39f7c8ca 100644
--- a/src/lib/libssl/src/crypto/dh/dh_key.c
+++ b/src/lib/libssl/src/crypto/dh/dh_key.c
@@ -105,7 +105,7 @@ static int generate_key(DH *dh)
int generate_new_key=0;
unsigned l;
BN_CTX *ctx;
- BN_MONT_CTX *mont;
+ BN_MONT_CTX *mont=NULL;
BIGNUM *pub_key=NULL,*priv_key=NULL;
ctx = BN_CTX_new();
@@ -128,21 +128,37 @@ static int generate_key(DH *dh)
else
pub_key=dh->pub_key;
- if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+
+ if (dh->flags & DH_FLAG_CACHE_MONT_P)
{
- if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
- if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
- dh->p,ctx)) goto err;
+ mont = BN_MONT_CTX_set_locked(
+ (BN_MONT_CTX **)&dh->method_mont_p,
+ CRYPTO_LOCK_DH, dh->p, ctx);
+ if (!mont)
+ goto err;
}
- mont=(BN_MONT_CTX *)dh->method_mont_p;
if (generate_new_key)
{
l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
if (!BN_rand(priv_key, l, 0, 0)) goto err;
}
- if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont))
- goto err;
+
+ {
+ BIGNUM local_prk;
+ BIGNUM *prk;
+
+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
+ {
+ BN_init(&local_prk);
+ prk = &local_prk;
+ BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ prk = priv_key;
+
+ if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;
+ }
dh->pub_key=pub_key;
dh->priv_key=priv_key;
@@ -160,7 +176,7 @@ err:
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
BN_CTX *ctx;
- BN_MONT_CTX *mont;
+ BN_MONT_CTX *mont=NULL;
BIGNUM *tmp;
int ret= -1;
@@ -174,14 +190,21 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
goto err;
}
- if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+
+ if (dh->flags & DH_FLAG_CACHE_MONT_P)
{
- if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
- if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
- dh->p,ctx)) goto err;
+ mont = BN_MONT_CTX_set_locked(
+ (BN_MONT_CTX **)&dh->method_mont_p,
+ CRYPTO_LOCK_DH, dh->p, ctx);
+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
+ {
+ /* XXX */
+ BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME);
+ }
+ if (!mont)
+ goto err;
}
- mont=(BN_MONT_CTX *)dh->method_mont_p;
if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
{
DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
@@ -190,8 +213,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
ret=BN_bn2bin(tmp,key);
err:
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
+ if (ctx != NULL)
+ {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
return(ret);
}
@@ -200,7 +226,10 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
- if (a->top == 1)
+ /* If a is only one word long and constant time is false, use the faster
+ * exponenentiation function.
+ */
+ if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
{
BN_ULONG A = a->d[0];
return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
diff --git a/src/lib/libssl/src/crypto/dh/dhtest.c b/src/lib/libssl/src/crypto/dh/dhtest.c
index d75077f9fa..b76dede771 100644
--- a/src/lib/libssl/src/crypto/dh/dhtest.c
+++ b/src/lib/libssl/src/crypto/dh/dhtest.c
@@ -136,6 +136,10 @@ int main(int argc, char *argv[])
b->g=BN_dup(a->g);
if ((b->p == NULL) || (b->g == NULL)) goto err;
+ /* Set a to run with normal modexp and b to use constant time */
+ a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
+ b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
+
if (!DH_generate_key(a)) goto err;
BIO_puts(out,"pri 1=");
BN_print(out,a->priv_key);
diff --git a/src/lib/libssl/src/crypto/dsa/Makefile b/src/lib/libssl/src/crypto/dsa/Makefile
index 3a55058973..4f10278039 100644
--- a/src/lib/libssl/src/crypto/dsa/Makefile
+++ b/src/lib/libssl/src/crypto/dsa/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/dsa/Makefile
+# OpenSSL/crypto/dsa/Makefile
#
DIR= dsa
diff --git a/src/lib/libssl/src/crypto/dsa/dsa.h b/src/lib/libssl/src/crypto/dsa/dsa.h
index 225ff391f9..851e3f0445 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa.h
+++ b/src/lib/libssl/src/crypto/dsa/dsa.h
@@ -80,6 +80,20 @@
#endif
#define DSA_FLAG_CACHE_MONT_P 0x01
+#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
+ * implementation now uses constant time
+ * modular exponentiation for secret exponents
+ * by default. This flag causes the
+ * faster variable sliding window method to
+ * be used for all exponents.
+ */
+
+/* If this flag is set external DSA_METHOD callbacks are allowed in FIPS mode
+ * it is then the applications responsibility to ensure the external method
+ * is compliant.
+ */
+
+#define DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW 0x04
#if defined(OPENSSL_FIPS)
#define FIPS_DSA_SIZE_T int
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_err.c b/src/lib/libssl/src/crypto/dsa/dsa_err.c
index 79aa4ff526..fd42053572 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_err.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_err.c
@@ -1,6 +1,6 @@
/* crypto/dsa/dsa_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,29 +64,33 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
+
static ERR_STRING_DATA DSA_str_functs[]=
{
-{ERR_PACK(0,DSA_F_D2I_DSA_SIG,0), "d2i_DSA_SIG"},
-{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0), "DSAparams_print"},
-{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"},
-{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"},
-{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"},
-{ERR_PACK(0,DSA_F_DSA_NEW_METHOD,0), "DSA_new_method"},
-{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"},
-{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"},
-{ERR_PACK(0,DSA_F_DSA_SIGN,0), "DSA_sign"},
-{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0), "DSA_sign_setup"},
-{ERR_PACK(0,DSA_F_DSA_SIG_NEW,0), "DSA_SIG_new"},
-{ERR_PACK(0,DSA_F_DSA_VERIFY,0), "DSA_verify"},
-{ERR_PACK(0,DSA_F_I2D_DSA_SIG,0), "i2d_DSA_SIG"},
-{ERR_PACK(0,DSA_F_SIG_CB,0), "SIG_CB"},
+{ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"},
+{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
+{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
+{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
+{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
+{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
+{ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"},
+{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
+{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
+{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
+{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
+{ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"},
+{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
+{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"},
{0,NULL}
};
static ERR_STRING_DATA DSA_str_reasons[]=
{
-{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
-{DSA_R_MISSING_PARAMETERS ,"missing parameters"},
+{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
+{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
{0,NULL}
};
@@ -100,8 +104,8 @@ void ERR_load_DSA_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_DSA,DSA_str_functs);
- ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons);
+ ERR_load_strings(0,DSA_str_functs);
+ ERR_load_strings(0,DSA_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_key.c b/src/lib/libssl/src/crypto/dsa/dsa_key.c
index 30607ca579..980b6dc2d3 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_key.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_key.c
@@ -90,8 +90,22 @@ int DSA_generate_key(DSA *dsa)
}
else
pub_key=dsa->pub_key;
+
+ {
+ BIGNUM local_prk;
+ BIGNUM *prk;
+
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+ {
+ BN_init(&local_prk);
+ prk = &local_prk;
+ BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ prk = priv_key;
- if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err;
+ if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;
+ }
dsa->priv_key=priv_key;
dsa->pub_key=pub_key;
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
index f1a85afcde..12509a7083 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
@@ -172,7 +172,7 @@ err:
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
BN_CTX *ctx;
- BIGNUM k,*kinv=NULL,*r=NULL;
+ BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
int ret=0;
if (!dsa->p || !dsa->q || !dsa->g)
@@ -182,6 +182,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
}
BN_init(&k);
+ BN_init(&kq);
if (ctx_in == NULL)
{
@@ -191,22 +192,49 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
ctx=ctx_in;
if ((r=BN_new()) == NULL) goto err;
- kinv=NULL;
/* Get random k */
do
if (!BN_rand_range(&k, dsa->q)) goto err;
while (BN_is_zero(&k));
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+ {
+ BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
+ }
- if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
{
- if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
- if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
- dsa->p,ctx)) goto err;
+ if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
+ CRYPTO_LOCK_DSA,
+ dsa->p, ctx))
+ goto err;
}
/* Compute r = (g^k mod p) mod q */
- if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+ {
+ if (!BN_copy(&kq, &k)) goto err;
+
+ /* We do not want timing information to leak the length of k,
+ * so we compute g^k using an equivalent exponent of fixed length.
+ *
+ * (This is a kludge that we need because the BN_mod_exp_mont()
+ * does not let us specify the desired timing behaviour.) */
+
+ if (!BN_add(&kq, &kq, dsa->q)) goto err;
+ if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
+ {
+ if (!BN_add(&kq, &kq, dsa->q)) goto err;
+ }
+
+ K = &kq;
+ }
+ else
+ {
+ K = &k;
+ }
+ if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
if (!BN_mod(r,r,dsa->q,ctx)) goto err;
@@ -229,6 +257,7 @@ err:
if (ctx_in == NULL) BN_CTX_free(ctx);
if (kinv != NULL) BN_clear_free(kinv);
BN_clear_free(&k);
+ BN_clear_free(&kq);
return(ret);
}
@@ -275,13 +304,15 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
/* u2 = r * w mod q */
if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
- if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+
+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
{
- if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
- if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
- dsa->p,ctx)) goto err;
+ mont = BN_MONT_CTX_set_locked(
+ (BN_MONT_CTX **)&dsa->method_mont_p,
+ CRYPTO_LOCK_DSA, dsa->p, ctx);
+ if (!mont)
+ goto err;
}
- mont=(BN_MONT_CTX *)dsa->method_mont_p;
#if 0
{
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_sign.c b/src/lib/libssl/src/crypto/dsa/dsa_sign.c
index 3c9753bac3..37c65efb20 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_sign.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_sign.c
@@ -72,7 +72,8 @@
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !FIPS_dsa_check(dsa))
+ if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
+ && !FIPS_dsa_check(dsa))
return NULL;
#endif
return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
@@ -96,7 +97,8 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !FIPS_dsa_check(dsa))
+ if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
+ && !FIPS_dsa_check(dsa))
return 0;
#endif
return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
index 8ef0c45025..c9784bed48 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
@@ -74,7 +74,8 @@ int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSA *dsa)
{
#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !FIPS_dsa_check(dsa))
+ if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
+ && !FIPS_dsa_check(dsa))
return -1;
#endif
return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
diff --git a/src/lib/libssl/src/crypto/dsa/dsatest.c b/src/lib/libssl/src/crypto/dsa/dsatest.c
index 4734ce4af8..55a3756aff 100644
--- a/src/lib/libssl/src/crypto/dsa/dsatest.c
+++ b/src/lib/libssl/src/crypto/dsa/dsatest.c
@@ -194,10 +194,19 @@ int main(int argc, char **argv)
BIO_printf(bio_err,"g value is wrong\n");
goto end;
}
+
+ dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
DSA_generate_key(dsa);
DSA_sign(0, str1, 20, sig, &siglen, dsa);
if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
ret=1;
+
+ dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
+ DSA_generate_key(dsa);
+ DSA_sign(0, str1, 20, sig, &siglen, dsa);
+ if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+ ret=1;
+
end:
if (!ret)
ERR_print_errors(bio_err);
diff --git a/src/lib/libssl/src/crypto/dso/Makefile b/src/lib/libssl/src/crypto/dso/Makefile
index 168951bc3e..c16278c3ff 100644
--- a/src/lib/libssl/src/crypto/dso/Makefile
+++ b/src/lib/libssl/src/crypto/dso/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/dso/Makefile
+# OpenSSL/crypto/dso/Makefile
#
DIR= dso
diff --git a/src/lib/libssl/src/crypto/dso/dso_dl.c b/src/lib/libssl/src/crypto/dso/dso_dl.c
index 79d2cb4d8c..f7b4dfc0c3 100644
--- a/src/lib/libssl/src/crypto/dso/dso_dl.c
+++ b/src/lib/libssl/src/crypto/dso/dso_dl.c
@@ -126,7 +126,8 @@ static int dl_load(DSO *dso)
DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
goto err;
}
- ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, 0L);
+ ptr = shl_load(filename, BIND_IMMEDIATE |
+ (dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L);
if(ptr == NULL)
{
DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
@@ -281,4 +282,36 @@ static char *dl_name_converter(DSO *dso, const char *filename)
return(translated);
}
+#ifdef OPENSSL_FIPS
+static void dl_ref_point(){}
+
+int DSO_pathbyaddr(void *addr,char *path,int sz)
+ {
+ struct shl_descriptor inf;
+ int i,len;
+
+ if (addr == NULL)
+ {
+ union { void(*f)(); void *p; } t = { dl_ref_point };
+ addr = t.p;
+ }
+
+ for (i=-1;shl_get_r(i,&inf)==0;i++)
+ {
+ if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
+ ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend))
+ {
+ len = (int)strlen(inf.filename);
+ if (sz <= 0) return len+1;
+ if (len >= sz) len=sz-1;
+ memcpy(path,inf.filename,len);
+ path[len++] = 0;
+ return len;
+ }
+ }
+
+ return -1;
+ }
+#endif
+
#endif /* DSO_DL */
diff --git a/src/lib/libssl/src/crypto/dso/dso_dlfcn.c b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c
index 9d49ebc253..0422a4859a 100644
--- a/src/lib/libssl/src/crypto/dso/dso_dlfcn.c
+++ b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c
@@ -56,6 +56,10 @@
*
*/
+#ifdef __linux
+#define _GNU_SOURCE
+#endif
+
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/dso.h>
@@ -228,7 +232,7 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname)
static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
{
void *ptr;
- DSO_FUNC_TYPE sym;
+ DSO_FUNC_TYPE sym, *tsym = &sym;
if((dso == NULL) || (symname == NULL))
{
@@ -246,7 +250,7 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
return(NULL);
}
- sym = (DSO_FUNC_TYPE)dlsym(ptr, symname);
+ *(void**)(tsym) = dlsym(ptr, symname);
if(sym == NULL)
{
DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
@@ -290,4 +294,32 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
return(translated);
}
+#ifdef OPENSSL_FIPS
+static void dlfcn_ref_point(){}
+
+int DSO_pathbyaddr(void *addr,char *path,int sz)
+ {
+ Dl_info dli;
+ int len;
+
+ if (addr == NULL)
+ {
+ union { void(*f)(void); void *p; } t = { dlfcn_ref_point };
+ addr = t.p;
+ }
+
+ if (dladdr(addr,&dli))
+ {
+ len = (int)strlen(dli.dli_fname);
+ if (sz <= 0) return len+1;
+ if (len >= sz) len=sz-1;
+ memcpy(path,dli.dli_fname,len);
+ path[len++]=0;
+ return len;
+ }
+
+ ERR_add_error_data(4, "dlfcn_pathbyaddr(): ", dlerror());
+ return -1;
+ }
+#endif
#endif /* DSO_DLFCN */
diff --git a/src/lib/libssl/src/crypto/dso/dso_err.c b/src/lib/libssl/src/crypto/dso/dso_err.c
index cf452de1aa..581677cc36 100644
--- a/src/lib/libssl/src/crypto/dso/dso_err.c
+++ b/src/lib/libssl/src/crypto/dso/dso_err.c
@@ -1,6 +1,6 @@
/* crypto/dso/dso_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,56 +64,60 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason)
+
static ERR_STRING_DATA DSO_str_functs[]=
{
-{ERR_PACK(0,DSO_F_DLFCN_BIND_FUNC,0), "DLFCN_BIND_FUNC"},
-{ERR_PACK(0,DSO_F_DLFCN_BIND_VAR,0), "DLFCN_BIND_VAR"},
-{ERR_PACK(0,DSO_F_DLFCN_LOAD,0), "DLFCN_LOAD"},
-{ERR_PACK(0,DSO_F_DLFCN_NAME_CONVERTER,0), "DLFCN_NAME_CONVERTER"},
-{ERR_PACK(0,DSO_F_DLFCN_UNLOAD,0), "DLFCN_UNLOAD"},
-{ERR_PACK(0,DSO_F_DL_BIND_FUNC,0), "DL_BIND_FUNC"},
-{ERR_PACK(0,DSO_F_DL_BIND_VAR,0), "DL_BIND_VAR"},
-{ERR_PACK(0,DSO_F_DL_LOAD,0), "DL_LOAD"},
-{ERR_PACK(0,DSO_F_DL_NAME_CONVERTER,0), "DL_NAME_CONVERTER"},
-{ERR_PACK(0,DSO_F_DL_UNLOAD,0), "DL_UNLOAD"},
-{ERR_PACK(0,DSO_F_DSO_BIND_FUNC,0), "DSO_bind_func"},
-{ERR_PACK(0,DSO_F_DSO_BIND_VAR,0), "DSO_bind_var"},
-{ERR_PACK(0,DSO_F_DSO_CONVERT_FILENAME,0), "DSO_convert_filename"},
-{ERR_PACK(0,DSO_F_DSO_CTRL,0), "DSO_ctrl"},
-{ERR_PACK(0,DSO_F_DSO_FREE,0), "DSO_free"},
-{ERR_PACK(0,DSO_F_DSO_GET_FILENAME,0), "DSO_get_filename"},
-{ERR_PACK(0,DSO_F_DSO_GET_LOADED_FILENAME,0), "DSO_get_loaded_filename"},
-{ERR_PACK(0,DSO_F_DSO_LOAD,0), "DSO_load"},
-{ERR_PACK(0,DSO_F_DSO_NEW_METHOD,0), "DSO_new_method"},
-{ERR_PACK(0,DSO_F_DSO_SET_FILENAME,0), "DSO_set_filename"},
-{ERR_PACK(0,DSO_F_DSO_SET_NAME_CONVERTER,0), "DSO_set_name_converter"},
-{ERR_PACK(0,DSO_F_DSO_UP_REF,0), "DSO_up_ref"},
-{ERR_PACK(0,DSO_F_VMS_BIND_VAR,0), "VMS_BIND_VAR"},
-{ERR_PACK(0,DSO_F_VMS_LOAD,0), "VMS_LOAD"},
-{ERR_PACK(0,DSO_F_VMS_UNLOAD,0), "VMS_UNLOAD"},
-{ERR_PACK(0,DSO_F_WIN32_BIND_FUNC,0), "WIN32_BIND_FUNC"},
-{ERR_PACK(0,DSO_F_WIN32_BIND_VAR,0), "WIN32_BIND_VAR"},
-{ERR_PACK(0,DSO_F_WIN32_LOAD,0), "WIN32_LOAD"},
-{ERR_PACK(0,DSO_F_WIN32_NAME_CONVERTER,0), "WIN32_NAME_CONVERTER"},
-{ERR_PACK(0,DSO_F_WIN32_UNLOAD,0), "WIN32_UNLOAD"},
+{ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"},
+{ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"},
+{ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"},
+{ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"},
+{ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"},
+{ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"},
+{ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"},
+{ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"},
+{ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"},
+{ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"},
+{ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"},
+{ERR_FUNC(DSO_F_DSO_BIND_VAR), "DSO_bind_var"},
+{ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"},
+{ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"},
+{ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"},
+{ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"},
+{ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"},
+{ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"},
+{ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"},
+{ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"},
+{ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"},
+{ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"},
+{ERR_FUNC(DSO_F_VMS_BIND_VAR), "VMS_BIND_VAR"},
+{ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"},
+{ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"},
+{ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"},
+{ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"},
+{ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"},
+{ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"},
+{ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"},
{0,NULL}
};
static ERR_STRING_DATA DSO_str_reasons[]=
{
-{DSO_R_CTRL_FAILED ,"control command failed"},
-{DSO_R_DSO_ALREADY_LOADED ,"dso already loaded"},
-{DSO_R_FILENAME_TOO_BIG ,"filename too big"},
-{DSO_R_FINISH_FAILED ,"cleanup method function failed"},
-{DSO_R_LOAD_FAILED ,"could not load the shared library"},
-{DSO_R_NAME_TRANSLATION_FAILED ,"name translation failed"},
-{DSO_R_NO_FILENAME ,"no filename"},
-{DSO_R_NULL_HANDLE ,"a null shared library handle was used"},
-{DSO_R_SET_FILENAME_FAILED ,"set filename failed"},
-{DSO_R_STACK_ERROR ,"the meth_data stack is corrupt"},
-{DSO_R_SYM_FAILURE ,"could not bind to the requested symbol name"},
-{DSO_R_UNLOAD_FAILED ,"could not unload the shared library"},
-{DSO_R_UNSUPPORTED ,"functionality not supported"},
+{ERR_REASON(DSO_R_CTRL_FAILED) ,"control command failed"},
+{ERR_REASON(DSO_R_DSO_ALREADY_LOADED) ,"dso already loaded"},
+{ERR_REASON(DSO_R_FILENAME_TOO_BIG) ,"filename too big"},
+{ERR_REASON(DSO_R_FINISH_FAILED) ,"cleanup method function failed"},
+{ERR_REASON(DSO_R_LOAD_FAILED) ,"could not load the shared library"},
+{ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED),"name translation failed"},
+{ERR_REASON(DSO_R_NO_FILENAME) ,"no filename"},
+{ERR_REASON(DSO_R_NULL_HANDLE) ,"a null shared library handle was used"},
+{ERR_REASON(DSO_R_SET_FILENAME_FAILED) ,"set filename failed"},
+{ERR_REASON(DSO_R_STACK_ERROR) ,"the meth_data stack is corrupt"},
+{ERR_REASON(DSO_R_SYM_FAILURE) ,"could not bind to the requested symbol name"},
+{ERR_REASON(DSO_R_UNLOAD_FAILED) ,"could not unload the shared library"},
+{ERR_REASON(DSO_R_UNSUPPORTED) ,"functionality not supported"},
{0,NULL}
};
@@ -127,8 +131,8 @@ void ERR_load_DSO_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_DSO,DSO_str_functs);
- ERR_load_strings(ERR_LIB_DSO,DSO_str_reasons);
+ ERR_load_strings(0,DSO_str_functs);
+ ERR_load_strings(0,DSO_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/dso/dso_win32.c b/src/lib/libssl/src/crypto/dso/dso_win32.c
index 3fa90eb27c..cc4ac68696 100644
--- a/src/lib/libssl/src/crypto/dso/dso_win32.c
+++ b/src/lib/libssl/src/crypto/dso/dso_win32.c
@@ -68,6 +68,25 @@ DSO_METHOD *DSO_METHOD_win32(void)
}
#else
+#ifdef _WIN32_WCE
+# if _WIN32_WCE < 300
+static FARPROC GetProcAddressA(HMODULE hModule,LPCSTR lpProcName)
+ {
+ WCHAR lpProcNameW[64];
+ int i;
+
+ for (i=0;lpProcName[i] && i<64;i++)
+ lpProcNameW[i] = (WCHAR)lpProcName[i];
+ if (i==64) return NULL;
+ lpProcNameW[i] = 0;
+
+ return GetProcAddressW(hModule,lpProcNameW);
+ }
+# endif
+# undef GetProcAddress
+# define GetProcAddress GetProcAddressA
+#endif
+
/* Part of the hack in "win32_load" ... */
#define DSO_MAX_TRANSLATED_SIZE 256
@@ -122,7 +141,7 @@ static int win32_load(DSO *dso)
DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME);
goto err;
}
- h = LoadLibrary(filename);
+ h = LoadLibraryA(filename);
if(h == NULL)
{
DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED);
diff --git a/src/lib/libssl/src/crypto/ec/ec_err.c b/src/lib/libssl/src/crypto/ec/ec_err.c
index d37b6aba87..5b70f94382 100644
--- a/src/lib/libssl/src/crypto/ec/ec_err.c
+++ b/src/lib/libssl/src/crypto/ec/ec_err.c
@@ -1,6 +1,6 @@
/* crypto/ec/ec_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,70 +64,74 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)
+
static ERR_STRING_DATA EC_str_functs[]=
{
-{ERR_PACK(0,EC_F_COMPUTE_WNAF,0), "COMPUTE_WNAF"},
-{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_DECODE,0), "ec_GFp_mont_field_decode"},
-{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_ENCODE,0), "ec_GFp_mont_field_encode"},
-{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_MUL,0), "ec_GFp_mont_field_mul"},
-{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_SQR,0), "ec_GFp_mont_field_sqr"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP,0), "ec_GFp_simple_group_set_curve_GFp"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR,0), "ec_GFp_simple_group_set_generator"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_MAKE_AFFINE,0), "ec_GFp_simple_make_affine"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_OCT2POINT,0), "ec_GFp_simple_oct2point"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT2OCT,0), "ec_GFp_simple_point2oct"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE,0), "ec_GFp_simple_points_make_affine"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP,0), "ec_GFp_simple_point_get_affine_coordinates_GFp"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP,0), "ec_GFp_simple_point_set_affine_coordinates_GFp"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP,0), "ec_GFp_simple_set_compressed_coordinates_GFp"},
-{ERR_PACK(0,EC_F_EC_GROUP_COPY,0), "EC_GROUP_copy"},
-{ERR_PACK(0,EC_F_EC_GROUP_GET0_GENERATOR,0), "EC_GROUP_get0_generator"},
-{ERR_PACK(0,EC_F_EC_GROUP_GET_COFACTOR,0), "EC_GROUP_get_cofactor"},
-{ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0), "EC_GROUP_get_curve_GFp"},
-{ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0), "EC_GROUP_get_order"},
-{ERR_PACK(0,EC_F_EC_GROUP_NEW,0), "EC_GROUP_new"},
-{ERR_PACK(0,EC_F_EC_GROUP_PRECOMPUTE_MULT,0), "EC_GROUP_precompute_mult"},
-{ERR_PACK(0,EC_F_EC_GROUP_SET_CURVE_GFP,0), "EC_GROUP_set_curve_GFp"},
-{ERR_PACK(0,EC_F_EC_GROUP_SET_EXTRA_DATA,0), "EC_GROUP_set_extra_data"},
-{ERR_PACK(0,EC_F_EC_GROUP_SET_GENERATOR,0), "EC_GROUP_set_generator"},
-{ERR_PACK(0,EC_F_EC_POINTS_MAKE_AFFINE,0), "EC_POINTs_make_affine"},
-{ERR_PACK(0,EC_F_EC_POINTS_MUL,0), "EC_POINTs_mul"},
-{ERR_PACK(0,EC_F_EC_POINT_ADD,0), "EC_POINT_add"},
-{ERR_PACK(0,EC_F_EC_POINT_CMP,0), "EC_POINT_cmp"},
-{ERR_PACK(0,EC_F_EC_POINT_COPY,0), "EC_POINT_copy"},
-{ERR_PACK(0,EC_F_EC_POINT_DBL,0), "EC_POINT_dbl"},
-{ERR_PACK(0,EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,0), "EC_POINT_get_affine_coordinates_GFp"},
-{ERR_PACK(0,EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,0), "EC_POINT_get_Jprojective_coordinates_GFp"},
-{ERR_PACK(0,EC_F_EC_POINT_IS_AT_INFINITY,0), "EC_POINT_is_at_infinity"},
-{ERR_PACK(0,EC_F_EC_POINT_IS_ON_CURVE,0), "EC_POINT_is_on_curve"},
-{ERR_PACK(0,EC_F_EC_POINT_MAKE_AFFINE,0), "EC_POINT_make_affine"},
-{ERR_PACK(0,EC_F_EC_POINT_NEW,0), "EC_POINT_new"},
-{ERR_PACK(0,EC_F_EC_POINT_OCT2POINT,0), "EC_POINT_oct2point"},
-{ERR_PACK(0,EC_F_EC_POINT_POINT2OCT,0), "EC_POINT_point2oct"},
-{ERR_PACK(0,EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,0), "EC_POINT_set_affine_coordinates_GFp"},
-{ERR_PACK(0,EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,0), "EC_POINT_set_compressed_coordinates_GFp"},
-{ERR_PACK(0,EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,0), "EC_POINT_set_Jprojective_coordinates_GFp"},
-{ERR_PACK(0,EC_F_EC_POINT_SET_TO_INFINITY,0), "EC_POINT_set_to_infinity"},
-{ERR_PACK(0,EC_F_GFP_MONT_GROUP_SET_CURVE_GFP,0), "GFP_MONT_GROUP_SET_CURVE_GFP"},
+{ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"},
+{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"},
+{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"},
+{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"},
+{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP), "ec_GFp_simple_group_set_curve_GFp"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR), "ec_GFp_simple_group_set_generator"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), "ec_GFp_simple_points_make_affine"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), "ec_GFp_simple_point_get_affine_coordinates_GFp"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), "ec_GFp_simple_point_set_affine_coordinates_GFp"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP), "ec_GFp_simple_set_compressed_coordinates_GFp"},
+{ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"},
+{ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"},
+{ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"},
+{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"},
+{ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"},
+{ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"},
+{ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"},
+{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"},
+{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_set_extra_data"},
+{ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
+{ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"},
+{ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"},
+{ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"},
+{ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"},
+{ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"},
+{ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"},
+{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), "EC_POINT_get_affine_coordinates_GFp"},
+{ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_get_Jprojective_coordinates_GFp"},
+{ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"},
+{ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"},
+{ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"},
+{ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"},
+{ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"},
+{ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"},
+{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), "EC_POINT_set_affine_coordinates_GFp"},
+{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), "EC_POINT_set_compressed_coordinates_GFp"},
+{ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"},
+{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
+{ERR_FUNC(EC_F_GFP_MONT_GROUP_SET_CURVE_GFP), "GFP_MONT_GROUP_SET_CURVE_GFP"},
{0,NULL}
};
static ERR_STRING_DATA EC_str_reasons[]=
{
-{EC_R_BUFFER_TOO_SMALL ,"buffer too small"},
-{EC_R_INCOMPATIBLE_OBJECTS ,"incompatible objects"},
-{EC_R_INVALID_ARGUMENT ,"invalid argument"},
-{EC_R_INVALID_COMPRESSED_POINT ,"invalid compressed point"},
-{EC_R_INVALID_COMPRESSION_BIT ,"invalid compression bit"},
-{EC_R_INVALID_ENCODING ,"invalid encoding"},
-{EC_R_INVALID_FIELD ,"invalid field"},
-{EC_R_INVALID_FORM ,"invalid form"},
-{EC_R_NOT_INITIALIZED ,"not initialized"},
-{EC_R_POINT_AT_INFINITY ,"point at infinity"},
-{EC_R_POINT_IS_NOT_ON_CURVE ,"point is not on curve"},
-{EC_R_SLOT_FULL ,"slot full"},
-{EC_R_UNDEFINED_GENERATOR ,"undefined generator"},
-{EC_R_UNKNOWN_ORDER ,"unknown order"},
+{ERR_REASON(EC_R_BUFFER_TOO_SMALL) ,"buffer too small"},
+{ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS) ,"incompatible objects"},
+{ERR_REASON(EC_R_INVALID_ARGUMENT) ,"invalid argument"},
+{ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"},
+{ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"},
+{ERR_REASON(EC_R_INVALID_ENCODING) ,"invalid encoding"},
+{ERR_REASON(EC_R_INVALID_FIELD) ,"invalid field"},
+{ERR_REASON(EC_R_INVALID_FORM) ,"invalid form"},
+{ERR_REASON(EC_R_NOT_INITIALIZED) ,"not initialized"},
+{ERR_REASON(EC_R_POINT_AT_INFINITY) ,"point at infinity"},
+{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE) ,"point is not on curve"},
+{ERR_REASON(EC_R_SLOT_FULL) ,"slot full"},
+{ERR_REASON(EC_R_UNDEFINED_GENERATOR) ,"undefined generator"},
+{ERR_REASON(EC_R_UNKNOWN_ORDER) ,"unknown order"},
{0,NULL}
};
@@ -141,8 +145,8 @@ void ERR_load_EC_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_EC,EC_str_functs);
- ERR_load_strings(ERR_LIB_EC,EC_str_reasons);
+ ERR_load_strings(0,EC_str_functs);
+ ERR_load_strings(0,EC_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/engine/eng_cnf.c b/src/lib/libssl/src/crypto/engine/eng_cnf.c
index cdf670901a..4225760af1 100644
--- a/src/lib/libssl/src/crypto/engine/eng_cnf.c
+++ b/src/lib/libssl/src/crypto/engine/eng_cnf.c
@@ -158,7 +158,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
*/
if (!strcmp(ctrlvalue, "EMPTY"))
ctrlvalue = NULL;
- else if (!strcmp(ctrlname, "init"))
+ if (!strcmp(ctrlname, "init"))
{
if (!NCONF_get_number_e(cnf, value, "init", &do_init))
goto err;
diff --git a/src/lib/libssl/src/crypto/engine/eng_err.c b/src/lib/libssl/src/crypto/engine/eng_err.c
index 814d95ee32..fdc0e7be0f 100644
--- a/src/lib/libssl/src/crypto/engine/eng_err.c
+++ b/src/lib/libssl/src/crypto/engine/eng_err.c
@@ -1,6 +1,6 @@
/* crypto/engine/eng_err.c */
/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,87 +64,91 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
+
static ERR_STRING_DATA ENGINE_str_functs[]=
{
-{ERR_PACK(0,ENGINE_F_DYNAMIC_CTRL,0), "DYNAMIC_CTRL"},
-{ERR_PACK(0,ENGINE_F_DYNAMIC_GET_DATA_CTX,0), "DYNAMIC_GET_DATA_CTX"},
-{ERR_PACK(0,ENGINE_F_DYNAMIC_LOAD,0), "DYNAMIC_LOAD"},
-{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0), "ENGINE_add"},
-{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0), "ENGINE_by_id"},
-{ERR_PACK(0,ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,0), "ENGINE_cmd_is_executable"},
-{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0), "ENGINE_ctrl"},
-{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD,0), "ENGINE_ctrl_cmd"},
-{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD_STRING,0), "ENGINE_ctrl_cmd_string"},
-{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0), "ENGINE_finish"},
-{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0), "ENGINE_free"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_CIPHER,0), "ENGINE_get_cipher"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_DEFAULT_TYPE,0), "ENGINE_GET_DEFAULT_TYPE"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_DIGEST,0), "ENGINE_get_digest"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0), "ENGINE_get_next"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0), "ENGINE_get_prev"},
-{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0), "ENGINE_LIST_ADD"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0), "ENGINE_LIST_REMOVE"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0), "ENGINE_load_private_key"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"},
-{ERR_PACK(0,ENGINE_F_ENGINE_MODULE_INIT,0), "ENGINE_MODULE_INIT"},
-{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0), "ENGINE_new"},
-{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0), "ENGINE_remove"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_STRING,0), "ENGINE_set_default_string"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0), "ENGINE_SET_DEFAULT_TYPE"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"},
-{ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0), "ENGINE_TABLE_REGISTER"},
-{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"},
-{ERR_PACK(0,ENGINE_F_ENGINE_UP_REF,0), "ENGINE_up_ref"},
-{ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0), "INT_CTRL_HELPER"},
-{ERR_PACK(0,ENGINE_F_INT_ENGINE_CONFIGURE,0), "INT_ENGINE_CONFIGURE"},
-{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0), "LOG_MESSAGE"},
-{ERR_PACK(0,ENGINE_F_SET_DATA_CTX,0), "SET_DATA_CTX"},
+{ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"},
+{ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"},
+{ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"},
+{ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
+{ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"},
+{ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"},
+{ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"},
+{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"},
+{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"},
+{ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"},
+{ERR_FUNC(ENGINE_F_ENGINE_FREE), "ENGINE_free"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"},
+{ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"},
+{ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"},
+{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
+{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"},
+{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"},
+{ERR_FUNC(ENGINE_F_ENGINE_MODULE_INIT), "ENGINE_MODULE_INIT"},
+{ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
+{ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
+{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"},
+{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"},
+{ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"},
+{ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"},
+{ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"},
+{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"},
+{ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"},
+{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"},
+{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"},
+{ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"},
+{ERR_FUNC(ENGINE_F_SET_DATA_CTX), "SET_DATA_CTX"},
{0,NULL}
};
static ERR_STRING_DATA ENGINE_str_reasons[]=
{
-{ENGINE_R_ALREADY_LOADED ,"already loaded"},
-{ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER ,"argument is not a number"},
-{ENGINE_R_CMD_NOT_EXECUTABLE ,"cmd not executable"},
-{ENGINE_R_COMMAND_TAKES_INPUT ,"command takes input"},
-{ENGINE_R_COMMAND_TAKES_NO_INPUT ,"command takes no input"},
-{ENGINE_R_CONFLICTING_ENGINE_ID ,"conflicting engine id"},
-{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
-{ENGINE_R_DH_NOT_IMPLEMENTED ,"dh not implemented"},
-{ENGINE_R_DSA_NOT_IMPLEMENTED ,"dsa not implemented"},
-{ENGINE_R_DSO_FAILURE ,"DSO failure"},
-{ENGINE_R_DSO_NOT_FOUND ,"dso not found"},
-{ENGINE_R_ENGINES_SECTION_ERROR ,"engines section error"},
-{ENGINE_R_ENGINE_IS_NOT_IN_LIST ,"engine is not in the list"},
-{ENGINE_R_ENGINE_SECTION_ERROR ,"engine section error"},
-{ENGINE_R_FAILED_LOADING_PRIVATE_KEY ,"failed loading private key"},
-{ENGINE_R_FAILED_LOADING_PUBLIC_KEY ,"failed loading public key"},
-{ENGINE_R_FINISH_FAILED ,"finish failed"},
-{ENGINE_R_GET_HANDLE_FAILED ,"could not obtain hardware handle"},
-{ENGINE_R_ID_OR_NAME_MISSING ,"'id' or 'name' missing"},
-{ENGINE_R_INIT_FAILED ,"init failed"},
-{ENGINE_R_INTERNAL_LIST_ERROR ,"internal list error"},
-{ENGINE_R_INVALID_ARGUMENT ,"invalid argument"},
-{ENGINE_R_INVALID_CMD_NAME ,"invalid cmd name"},
-{ENGINE_R_INVALID_CMD_NUMBER ,"invalid cmd number"},
-{ENGINE_R_INVALID_INIT_VALUE ,"invalid init value"},
-{ENGINE_R_INVALID_STRING ,"invalid string"},
-{ENGINE_R_NOT_INITIALISED ,"not initialised"},
-{ENGINE_R_NOT_LOADED ,"not loaded"},
-{ENGINE_R_NO_CONTROL_FUNCTION ,"no control function"},
-{ENGINE_R_NO_INDEX ,"no index"},
-{ENGINE_R_NO_LOAD_FUNCTION ,"no load function"},
-{ENGINE_R_NO_REFERENCE ,"no reference"},
-{ENGINE_R_NO_SUCH_ENGINE ,"no such engine"},
-{ENGINE_R_NO_UNLOAD_FUNCTION ,"no unload function"},
-{ENGINE_R_PROVIDE_PARAMETERS ,"provide parameters"},
-{ENGINE_R_RSA_NOT_IMPLEMENTED ,"rsa not implemented"},
-{ENGINE_R_UNIMPLEMENTED_CIPHER ,"unimplemented cipher"},
-{ENGINE_R_UNIMPLEMENTED_DIGEST ,"unimplemented digest"},
-{ENGINE_R_VERSION_INCOMPATIBILITY ,"version incompatibility"},
+{ERR_REASON(ENGINE_R_ALREADY_LOADED) ,"already loaded"},
+{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),"argument is not a number"},
+{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) ,"cmd not executable"},
+{ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT),"command takes input"},
+{ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT),"command takes no input"},
+{ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID),"conflicting engine id"},
+{ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
+{ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) ,"dh not implemented"},
+{ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED),"dsa not implemented"},
+{ERR_REASON(ENGINE_R_DSO_FAILURE) ,"DSO failure"},
+{ERR_REASON(ENGINE_R_DSO_NOT_FOUND) ,"dso not found"},
+{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},
+{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},
+{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},
+{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
+{ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},
+{ERR_REASON(ENGINE_R_FINISH_FAILED) ,"finish failed"},
+{ERR_REASON(ENGINE_R_GET_HANDLE_FAILED) ,"could not obtain hardware handle"},
+{ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) ,"'id' or 'name' missing"},
+{ERR_REASON(ENGINE_R_INIT_FAILED) ,"init failed"},
+{ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR),"internal list error"},
+{ERR_REASON(ENGINE_R_INVALID_ARGUMENT) ,"invalid argument"},
+{ERR_REASON(ENGINE_R_INVALID_CMD_NAME) ,"invalid cmd name"},
+{ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) ,"invalid cmd number"},
+{ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) ,"invalid init value"},
+{ERR_REASON(ENGINE_R_INVALID_STRING) ,"invalid string"},
+{ERR_REASON(ENGINE_R_NOT_INITIALISED) ,"not initialised"},
+{ERR_REASON(ENGINE_R_NOT_LOADED) ,"not loaded"},
+{ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION),"no control function"},
+{ERR_REASON(ENGINE_R_NO_INDEX) ,"no index"},
+{ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION) ,"no load function"},
+{ERR_REASON(ENGINE_R_NO_REFERENCE) ,"no reference"},
+{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE) ,"no such engine"},
+{ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) ,"no unload function"},
+{ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) ,"provide parameters"},
+{ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"},
+{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"},
+{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"},
+{ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"},
{0,NULL}
};
@@ -158,8 +162,8 @@ void ERR_load_ENGINE_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs);
- ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons);
+ ERR_load_strings(0,ENGINE_str_functs);
+ ERR_load_strings(0,ENGINE_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/engine/hw_aep.c b/src/lib/libssl/src/crypto/engine/hw_aep.c
index 8b8380a582..5f1772ea99 100644
--- a/src/lib/libssl/src/crypto/engine/hw_aep.c
+++ b/src/lib/libssl/src/crypto/engine/hw_aep.c
@@ -474,6 +474,7 @@ static int aep_init(ENGINE *e)
if(aep_dso)
DSO_free(aep_dso);
+ aep_dso = NULL;
p_AEP_OpenConnection = NULL;
p_AEP_ModExp = NULL;
diff --git a/src/lib/libssl/src/crypto/engine/hw_atalla.c b/src/lib/libssl/src/crypto/engine/hw_atalla.c
index e9eff9fad1..2b8342bbdd 100644
--- a/src/lib/libssl/src/crypto/engine/hw_atalla.c
+++ b/src/lib/libssl/src/crypto/engine/hw_atalla.c
@@ -375,6 +375,7 @@ static int atalla_init(ENGINE *e)
err:
if(atalla_dso)
DSO_free(atalla_dso);
+ atalla_dso = NULL;
p_Atalla_GetHardwareConfig = NULL;
p_Atalla_RSAPrivateKeyOpFn = NULL;
p_Atalla_GetPerformanceStatistics = NULL;
diff --git a/src/lib/libssl/src/crypto/engine/hw_cswift.c b/src/lib/libssl/src/crypto/engine/hw_cswift.c
index f128ee5a68..1411fd8333 100644
--- a/src/lib/libssl/src/crypto/engine/hw_cswift.c
+++ b/src/lib/libssl/src/crypto/engine/hw_cswift.c
@@ -90,6 +90,7 @@ static int cswift_destroy(ENGINE *e);
static int cswift_init(ENGINE *e);
static int cswift_finish(ENGINE *e);
static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
/* BIGNUM stuff */
static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -403,7 +404,10 @@ static int cswift_init(ENGINE *e)
return 1;
err:
if(cswift_dso)
+ {
DSO_free(cswift_dso);
+ cswift_dso = NULL;
+ }
p_CSwift_AcquireAccContext = NULL;
p_CSwift_AttachKeyParam = NULL;
p_CSwift_SimpleRequest = NULL;
@@ -553,6 +557,29 @@ err:
return to_return;
}
+
+int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
+{
+ int mod;
+ int numbytes = BN_num_bytes(in);
+
+ mod = 0;
+ while( ((out->nbytes = (numbytes+mod)) % 32) )
+ {
+ mod++;
+ }
+ out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
+ if(!out->value)
+ {
+ return 0;
+ }
+ BN_bn2bin(in, &out->value[mod]);
+ if(mod)
+ memset(out->value, 0, mod);
+
+ return 1;
+}
+
/* Un petit mod_exp chinois */
static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
@@ -562,15 +589,16 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
SW_LARGENUMBER arg, res;
SW_PARAM sw_param;
SW_CONTEXT_HANDLE hac;
- BIGNUM *rsa_p = NULL;
- BIGNUM *rsa_q = NULL;
- BIGNUM *rsa_dmp1 = NULL;
- BIGNUM *rsa_dmq1 = NULL;
- BIGNUM *rsa_iqmp = NULL;
- BIGNUM *argument = NULL;
BIGNUM *result = NULL;
+ BIGNUM *argument = NULL;
int to_return = 0; /* expect failure */
int acquired = 0;
+
+ sw_param.up.crt.p.value = NULL;
+ sw_param.up.crt.q.value = NULL;
+ sw_param.up.crt.dmp1.value = NULL;
+ sw_param.up.crt.dmq1.value = NULL;
+ sw_param.up.crt.iqmp.value = NULL;
if(!get_context(&hac))
{
@@ -578,44 +606,55 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
goto err;
}
acquired = 1;
+
/* Prepare the params */
- BN_CTX_start(ctx);
- rsa_p = BN_CTX_get(ctx);
- rsa_q = BN_CTX_get(ctx);
- rsa_dmp1 = BN_CTX_get(ctx);
- rsa_dmq1 = BN_CTX_get(ctx);
- rsa_iqmp = BN_CTX_get(ctx);
- argument = BN_CTX_get(ctx);
- result = BN_CTX_get(ctx);
- if(!result)
+ argument = BN_new();
+ result = BN_new();
+ if(!result || !argument)
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
goto err;
}
- if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
- !bn_wexpand(rsa_dmp1, dmp1->top) ||
- !bn_wexpand(rsa_dmq1, dmq1->top) ||
- !bn_wexpand(rsa_iqmp, iqmp->top) ||
- !bn_wexpand(argument, a->top) ||
+
+
+ sw_param.type = SW_ALG_CRT;
+ /************************************************************************/
+ /* 04/02/2003 */
+ /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
+ /* limitation of cswift with values not a multiple of 32 */
+ /************************************************************************/
+ if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if( !bn_wexpand(argument, a->top) ||
!bn_wexpand(result, p->top + q->top))
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
- sw_param.type = SW_ALG_CRT;
- sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
- sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
- sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
- sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
- sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
- (unsigned char *)rsa_dmp1->d);
- sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
- sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
- (unsigned char *)rsa_dmq1->d);
- sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
- sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
- (unsigned char *)rsa_iqmp->d);
- sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
+
/* Attach the key params */
sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
switch(sw_status)
@@ -654,9 +693,22 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
to_return = 1;
err:
+ if(sw_param.up.crt.p.value)
+ OPENSSL_free(sw_param.up.crt.p.value);
+ if(sw_param.up.crt.q.value)
+ OPENSSL_free(sw_param.up.crt.q.value);
+ if(sw_param.up.crt.dmp1.value)
+ OPENSSL_free(sw_param.up.crt.dmp1.value);
+ if(sw_param.up.crt.dmq1.value)
+ OPENSSL_free(sw_param.up.crt.dmq1.value);
+ if(sw_param.up.crt.iqmp.value)
+ OPENSSL_free(sw_param.up.crt.iqmp.value);
+ if(result)
+ BN_free(result);
+ if(argument)
+ BN_free(argument);
if(acquired)
release_context(hac);
- BN_CTX_end(ctx);
return to_return;
}
@@ -665,6 +717,27 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
BN_CTX *ctx;
int to_return = 0;
+ const RSA_METHOD * def_rsa_method;
+
+ /* Try the limits of RSA (2048 bits) */
+ if(BN_num_bytes(rsa->p) > 128 ||
+ BN_num_bytes(rsa->q) > 128 ||
+ BN_num_bytes(rsa->dmp1) > 128 ||
+ BN_num_bytes(rsa->dmq1) > 128 ||
+ BN_num_bytes(rsa->iqmp) > 128)
+ {
+#ifdef RSA_NULL
+ def_rsa_method=RSA_null_method();
+#else
+#if 0
+ def_rsa_method=RSA_PKCS1_RSAref();
+#else
+ def_rsa_method=RSA_PKCS1_SSLeay();
+#endif
+#endif
+ if(def_rsa_method)
+ return def_rsa_method->rsa_mod_exp(r0, I, rsa);
+ }
if((ctx = BN_CTX_new()) == NULL)
goto err;
@@ -686,6 +759,26 @@ err:
static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
+ const RSA_METHOD * def_rsa_method;
+
+ /* Try the limits of RSA (2048 bits) */
+ if(BN_num_bytes(r) > 256 ||
+ BN_num_bytes(a) > 256 ||
+ BN_num_bytes(m) > 256)
+ {
+#ifdef RSA_NULL
+ def_rsa_method=RSA_null_method();
+#else
+#if 0
+ def_rsa_method=RSA_PKCS1_RSAref();
+#else
+ def_rsa_method=RSA_PKCS1_SSLeay();
+#endif
+#endif
+ if(def_rsa_method)
+ return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
+ }
+
return cswift_mod_exp(r, a, p, m, ctx);
}
@@ -930,9 +1023,10 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
SW_CONTEXT_HANDLE hac;
SW_STATUS swrc;
SW_LARGENUMBER largenum;
- size_t nbytes = 0;
int acquired = 0;
int to_return = 0; /* assume failure */
+ unsigned char buf32[1024];
+
if (!get_context(&hac))
{
@@ -941,17 +1035,19 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
}
acquired = 1;
- while (nbytes < (size_t)num)
+ /************************************************************************/
+ /* 04/02/2003 */
+ /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
+ /* limitation of cswift with values not a multiple of 32 */
+ /************************************************************************/
+
+ while(num >= sizeof(buf32))
{
+ largenum.value = buf;
+ largenum.nbytes = sizeof(buf32);
/* tell CryptoSwift how many bytes we want and where we want it.
* Note: - CryptoSwift cannot do more than 4096 bytes at a time.
* - CryptoSwift can only do multiple of 32-bits. */
- largenum.value = (SW_BYTE *) buf + nbytes;
- if (4096 > num - nbytes)
- largenum.nbytes = num - nbytes;
- else
- largenum.nbytes = 4096;
-
swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
if (swrc != SW_OK)
{
@@ -961,14 +1057,30 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
goto err;
}
-
- nbytes += largenum.nbytes;
+ buf += sizeof(buf32);
+ num -= sizeof(buf32);
+ }
+ if(num)
+ {
+ largenum.nbytes = sizeof(buf32);
+ largenum.value = buf32;
+ swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
+ if (swrc != SW_OK)
+ {
+ char tmpbuf[20];
+ CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", swrc);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ goto err;
+ }
+ memcpy(buf, largenum.value, num);
}
- to_return = 1; /* success */
+ to_return = 1; /* success */
err:
if (acquired)
release_context(hac);
+
return to_return;
}
diff --git a/src/lib/libssl/src/crypto/engine/hw_ubsec.c b/src/lib/libssl/src/crypto/engine/hw_ubsec.c
index 5234a08a07..8fb834af31 100644
--- a/src/lib/libssl/src/crypto/engine/hw_ubsec.c
+++ b/src/lib/libssl/src/crypto/engine/hw_ubsec.c
@@ -454,6 +454,7 @@ static int ubsec_init(ENGINE *e)
err:
if(ubsec_dso)
DSO_free(ubsec_dso);
+ ubsec_dso = NULL;
p_UBSEC_ubsec_bytes_to_bits = NULL;
p_UBSEC_ubsec_bits_to_bytes = NULL;
p_UBSEC_ubsec_open = NULL;
diff --git a/src/lib/libssl/src/crypto/engine/tb_dsa.c b/src/lib/libssl/src/crypto/engine/tb_dsa.c
index 80170591f2..7efe181927 100644
--- a/src/lib/libssl/src/crypto/engine/tb_dsa.c
+++ b/src/lib/libssl/src/crypto/engine/tb_dsa.c
@@ -94,7 +94,7 @@ int ENGINE_set_default_DSA(ENGINE *e)
{
if(e->dsa_meth)
return engine_table_register(&dsa_table,
- engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
+ engine_unregister_all_DSA, e, &dummy_nid, 1, 1);
return 1;
}
diff --git a/src/lib/libssl/src/crypto/err/Makefile b/src/lib/libssl/src/crypto/err/Makefile
index 149f3e0eb9..4adec55302 100644
--- a/src/lib/libssl/src/crypto/err/Makefile
+++ b/src/lib/libssl/src/crypto/err/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/err/Makefile
+# OpenSSL/crypto/err/Makefile
#
DIR= err
diff --git a/src/lib/libssl/src/crypto/err/err.c b/src/lib/libssl/src/crypto/err/err.c
index c78790a54c..53687d79ab 100644
--- a/src/lib/libssl/src/crypto/err/err.c
+++ b/src/lib/libssl/src/crypto/err/err.c
@@ -621,7 +621,8 @@ static void err_load_strings(int lib, ERR_STRING_DATA *str)
{
while (str->error)
{
- str->error|=ERR_PACK(lib,0,0);
+ if (lib)
+ str->error|=ERR_PACK(lib,0,0);
ERRFN(err_set_item)(str);
str++;
}
@@ -637,7 +638,8 @@ void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
{
while (str->error)
{
- str->error|=ERR_PACK(lib,0,0);
+ if (lib)
+ str->error|=ERR_PACK(lib,0,0);
ERRFN(err_del_item)(str);
str++;
}
diff --git a/src/lib/libssl/src/crypto/err/openssl.ec b/src/lib/libssl/src/crypto/err/openssl.ec
index 447a7f87ed..f8cd6937e7 100644
--- a/src/lib/libssl/src/crypto/err/openssl.ec
+++ b/src/lib/libssl/src/crypto/err/openssl.ec
@@ -27,7 +27,7 @@ L DSO crypto/dso/dso.h crypto/dso/dso_err.c
L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c
L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c
L UI crypto/ui/ui.h crypto/ui/ui_err.c
-L FIPS fips/fips.h fips/fips_err.h
+L FIPS fips-1.0/fips.h fips-1.0/fips_err.h
# additional header files to be scanned for function names
L NONE crypto/x509/x509_vfy.h NONE
diff --git a/src/lib/libssl/src/crypto/evp/Makefile b/src/lib/libssl/src/crypto/evp/Makefile
index 5027a3855a..d1c2a272bb 100644
--- a/src/lib/libssl/src/crypto/evp/Makefile
+++ b/src/lib/libssl/src/crypto/evp/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/evp/Makefile
+# OpenSSL/crypto/evp/Makefile
#
DIR= evp
diff --git a/src/lib/libssl/src/crypto/evp/bio_enc.c b/src/lib/libssl/src/crypto/evp/bio_enc.c
index ab81851503..b8cda1a9f0 100644
--- a/src/lib/libssl/src/crypto/evp/bio_enc.c
+++ b/src/lib/libssl/src/crypto/evp/bio_enc.c
@@ -71,7 +71,7 @@ static int enc_new(BIO *h);
static int enc_free(BIO *data);
static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps);
#define ENC_BLOCK_SIZE (1024*4)
-#define BUF_OFFSET EVP_MAX_BLOCK_LENGTH
+#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2)
typedef struct enc_struct
{
diff --git a/src/lib/libssl/src/crypto/evp/c_alld.c b/src/lib/libssl/src/crypto/evp/c_alld.c
index aae7bf7482..929ea56a3e 100644
--- a/src/lib/libssl/src/crypto/evp/c_alld.c
+++ b/src/lib/libssl/src/crypto/evp/c_alld.c
@@ -99,5 +99,15 @@ void OpenSSL_add_all_digests(void)
EVP_add_digest(EVP_ripemd160());
EVP_add_digest_alias(SN_ripemd160,"ripemd");
EVP_add_digest_alias(SN_ripemd160,"rmd160");
+#endif
+#ifdef OPENSSL_FIPS
+#ifndef OPENSSL_NO_SHA256
+ EVP_add_digest(EVP_sha224());
+ EVP_add_digest(EVP_sha256());
+#endif
+#ifndef OPENSSL_NO_SHA512
+ EVP_add_digest(EVP_sha384());
+ EVP_add_digest(EVP_sha512());
+#endif
#endif
}
diff --git a/src/lib/libssl/src/crypto/evp/e_aes.c b/src/lib/libssl/src/crypto/evp/e_aes.c
index f35036c9d7..7b67984fa1 100644
--- a/src/lib/libssl/src/crypto/evp/e_aes.c
+++ b/src/lib/libssl/src/crypto/evp/e_aes.c
@@ -86,9 +86,9 @@ IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
-IMPLEMENT_AES_CFBR(128,1,0)
-IMPLEMENT_AES_CFBR(192,1,0)
-IMPLEMENT_AES_CFBR(256,1,0)
+IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS)
IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
diff --git a/src/lib/libssl/src/crypto/evp/encode.c b/src/lib/libssl/src/crypto/evp/encode.c
index 08209357ce..33e540087d 100644
--- a/src/lib/libssl/src/crypto/evp/encode.c
+++ b/src/lib/libssl/src/crypto/evp/encode.c
@@ -313,7 +313,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
/* There will never be more than two '=' */
}
- if ((v == B64_EOF) || (n >= 64))
+ if ((v == B64_EOF && (n&3) == 0) || (n >= 64))
{
/* This is needed to work correctly on 64 byte input
* lines. We process the line and then need to
diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h
index 5cde88ae76..56eec23fef 100644
--- a/src/lib/libssl/src/crypto/evp/evp.h
+++ b/src/lib/libssl/src/crypto/evp/evp.h
@@ -84,7 +84,11 @@
#include <openssl/md5.h>
#endif
#ifndef OPENSSL_NO_SHA
+#ifndef OPENSSL_FIPS
#include <openssl/sha.h>
+#else
+#include <openssl/fips_sha.h>
+#endif
#endif
#ifndef OPENSSL_NO_RIPEMD
#include <openssl/ripemd.h>
@@ -128,7 +132,11 @@
#define EVP_CAST5_KEY_SIZE 16
#define EVP_RC5_32_12_16_KEY_SIZE 16
*/
-#define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
+#ifdef OPENSSL_FIPS
+#define EVP_MAX_MD_SIZE 64 /* longest known SHA512 */
+#else
+#define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
+#endif
#define EVP_MAX_KEY_LENGTH 32
#define EVP_MAX_IV_LENGTH 16
#define EVP_MAX_BLOCK_LENGTH 32
@@ -642,6 +650,16 @@ const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_dss(void);
const EVP_MD *EVP_dss1(void);
+#ifdef OPENSSL_FIPS
+#ifndef OPENSSL_NO_SHA256
+const EVP_MD *EVP_sha224(void);
+const EVP_MD *EVP_sha256(void);
+#endif
+#ifndef OPENSSL_NO_SHA512
+const EVP_MD *EVP_sha384(void);
+const EVP_MD *EVP_sha512(void);
+#endif
+#endif
#endif
#ifndef OPENSSL_NO_MDC2
const EVP_MD *EVP_mdc2(void);
diff --git a/src/lib/libssl/src/crypto/evp/evp_err.c b/src/lib/libssl/src/crypto/evp/evp_err.c
index 40135d0729..77eee070d3 100644
--- a/src/lib/libssl/src/crypto/evp/evp_err.c
+++ b/src/lib/libssl/src/crypto/evp/evp_err.c
@@ -64,88 +64,92 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)
+
static ERR_STRING_DATA EVP_str_functs[]=
{
-{ERR_PACK(0,EVP_F_AES_INIT_KEY,0), "AES_INIT_KEY"},
-{ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"},
-{ERR_PACK(0,EVP_F_EVP_ADD_CIPHER,0), "EVP_add_cipher"},
-{ERR_PACK(0,EVP_F_EVP_ADD_DIGEST,0), "EVP_add_digest"},
-{ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"},
-{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"},
-{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"},
-{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"},
-{ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"},
-{ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"},
-{ERR_PACK(0,EVP_F_EVP_GET_CIPHERBYNAME,0), "EVP_get_cipherbyname"},
-{ERR_PACK(0,EVP_F_EVP_GET_DIGESTBYNAME,0), "EVP_get_digestbyname"},
-{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"},
-{ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"},
-{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"},
-{ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0), "EVP_PBE_CipherInit"},
-{ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0), "EVP_PKCS82PKEY"},
-{ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0), "EVP_PKCS8_SET_BROKEN"},
-{ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0), "EVP_PKEY2PKCS8"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0), "EVP_PKEY_decrypt"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0), "EVP_PKEY_encrypt"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DH,0), "EVP_PKEY_get1_DH"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DSA,0), "EVP_PKEY_get1_DSA"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_RSA,0), "EVP_PKEY_get1_RSA"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0), "EVP_PKEY_new"},
-{ERR_PACK(0,EVP_F_EVP_RIJNDAEL,0), "EVP_RIJNDAEL"},
-{ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0), "EVP_SignFinal"},
-{ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0), "EVP_VerifyFinal"},
-{ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0), "PKCS5_PBE_keyivgen"},
-{ERR_PACK(0,EVP_F_PKCS5_V2_PBE_KEYIVGEN,0), "PKCS5_v2_PBE_keyivgen"},
-{ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0), "RC2_MAGIC_TO_METH"},
-{ERR_PACK(0,EVP_F_RC5_CTRL,0), "RC5_CTRL"},
+{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
+{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
+{ERR_FUNC(EVP_F_EVP_ADD_CIPHER), "EVP_add_cipher"},
+{ERR_FUNC(EVP_F_EVP_ADD_DIGEST), "EVP_add_digest"},
+{ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"},
+{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
+{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"},
+{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL), "EVP_DecryptFinal"},
+{ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"},
+{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL), "EVP_EncryptFinal"},
+{ERR_FUNC(EVP_F_EVP_GET_CIPHERBYNAME), "EVP_get_cipherbyname"},
+{ERR_FUNC(EVP_F_EVP_GET_DIGESTBYNAME), "EVP_get_digestbyname"},
+{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY), "EVP_MD_CTX_copy"},
+{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
+{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
+{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"},
+{ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"},
+{ERR_FUNC(EVP_F_EVP_PKCS8_SET_BROKEN), "EVP_PKCS8_SET_BROKEN"},
+{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"},
+{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"},
+{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"},
+{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
+{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"},
+{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"},
+{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"},
+{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
+{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
+{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
+{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
+{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
+{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
+{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
+{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"},
{0,NULL}
};
static ERR_STRING_DATA EVP_str_reasons[]=
{
-{EVP_R_AES_KEY_SETUP_FAILED ,"aes key setup failed"},
-{EVP_R_BAD_BLOCK_LENGTH ,"bad block length"},
-{EVP_R_BAD_DECRYPT ,"bad decrypt"},
-{EVP_R_BAD_KEY_LENGTH ,"bad key length"},
-{EVP_R_BN_DECODE_ERROR ,"bn decode error"},
-{EVP_R_BN_PUBKEY_ERROR ,"bn pubkey error"},
-{EVP_R_CIPHER_PARAMETER_ERROR ,"cipher parameter error"},
-{EVP_R_CTRL_NOT_IMPLEMENTED ,"ctrl not implemented"},
-{EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED ,"ctrl operation not implemented"},
-{EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"},
-{EVP_R_DECODE_ERROR ,"decode error"},
-{EVP_R_DIFFERENT_KEY_TYPES ,"different key types"},
-{EVP_R_DISABLED_FOR_FIPS ,"disabled for fips"},
-{EVP_R_ENCODE_ERROR ,"encode error"},
-{EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"},
-{EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"},
-{EVP_R_EXPECTING_A_DH_KEY ,"expecting a dh key"},
-{EVP_R_EXPECTING_A_DSA_KEY ,"expecting a dsa key"},
-{EVP_R_INITIALIZATION_ERROR ,"initialization error"},
-{EVP_R_INPUT_NOT_INITIALIZED ,"input not initialized"},
-{EVP_R_INVALID_KEY_LENGTH ,"invalid key length"},
-{EVP_R_IV_TOO_LARGE ,"iv too large"},
-{EVP_R_KEYGEN_FAILURE ,"keygen failure"},
-{EVP_R_MISSING_PARAMETERS ,"missing parameters"},
-{EVP_R_NO_CIPHER_SET ,"no cipher set"},
-{EVP_R_NO_DIGEST_SET ,"no digest set"},
-{EVP_R_NO_DSA_PARAMETERS ,"no dsa parameters"},
-{EVP_R_NO_SIGN_FUNCTION_CONFIGURED ,"no sign function configured"},
-{EVP_R_NO_VERIFY_FUNCTION_CONFIGURED ,"no verify function configured"},
-{EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE ,"pkcs8 unknown broken type"},
-{EVP_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"},
-{EVP_R_UNKNOWN_PBE_ALGORITHM ,"unknown pbe algorithm"},
-{EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS ,"unsuported number of rounds"},
-{EVP_R_UNSUPPORTED_CIPHER ,"unsupported cipher"},
-{EVP_R_UNSUPPORTED_KEYLENGTH ,"unsupported keylength"},
-{EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION,"unsupported key derivation function"},
-{EVP_R_UNSUPPORTED_KEY_SIZE ,"unsupported key size"},
-{EVP_R_UNSUPPORTED_PRF ,"unsupported prf"},
-{EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"},
-{EVP_R_UNSUPPORTED_SALT_TYPE ,"unsupported salt type"},
-{EVP_R_WRONG_FINAL_BLOCK_LENGTH ,"wrong final block length"},
-{EVP_R_WRONG_PUBLIC_KEY_TYPE ,"wrong public key type"},
+{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"},
+{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"},
+{ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"},
+{ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"},
+{ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"},
+{ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"},
+{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"},
+{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"},
+{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"},
+{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},
+{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"},
+{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"},
+{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"},
+{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"},
+{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
+{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"},
+{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"},
+{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"},
+{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"},
+{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
+{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"},
+{ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"},
+{ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"},
+{ERR_REASON(EVP_R_MISSING_PARAMETERS) ,"missing parameters"},
+{ERR_REASON(EVP_R_NO_CIPHER_SET) ,"no cipher set"},
+{ERR_REASON(EVP_R_NO_DIGEST_SET) ,"no digest set"},
+{ERR_REASON(EVP_R_NO_DSA_PARAMETERS) ,"no dsa parameters"},
+{ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"},
+{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
+{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
+{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
+{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
+{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
+{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
+{ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"},
+{ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"},
+{ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE) ,"unsupported key size"},
+{ERR_REASON(EVP_R_UNSUPPORTED_PRF) ,"unsupported prf"},
+{ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),"unsupported private key algorithm"},
+{ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) ,"unsupported salt type"},
+{ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"},
+{ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"},
{0,NULL}
};
@@ -159,8 +163,8 @@ void ERR_load_EVP_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_EVP,EVP_str_functs);
- ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons);
+ ERR_load_strings(0,EVP_str_functs);
+ ERR_load_strings(0,EVP_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/evp/evp_key.c b/src/lib/libssl/src/crypto/evp/evp_key.c
index 5f387a94d3..f8650d5df6 100644
--- a/src/lib/libssl/src/crypto/evp/evp_key.c
+++ b/src/lib/libssl/src/crypto/evp/evp_key.c
@@ -126,7 +126,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
EVP_MD_CTX_init(&c);
for (;;)
{
- EVP_DigestInit_ex(&c,md, NULL);
+ if (!EVP_DigestInit_ex(&c,md, NULL))
+ return 0;
if (addmd++)
EVP_DigestUpdate(&c,&(md_buf[0]),mds);
EVP_DigestUpdate(&c,data,datal);
diff --git a/src/lib/libssl/src/crypto/evp/m_dss1.c b/src/lib/libssl/src/crypto/evp/m_dss1.c
index f5668ebda0..23b90d0538 100644
--- a/src/lib/libssl/src/crypto/evp/m_dss1.c
+++ b/src/lib/libssl/src/crypto/evp/m_dss1.c
@@ -67,7 +67,14 @@ static int init(EVP_MD_CTX *ctx)
{ return SHA1_Init(ctx->md_data); }
static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+#ifndef OPENSSL_FIPS
{ return SHA1_Update(ctx->md_data,data,count); }
+#else
+ {
+ OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+ return SHA1_Update(ctx->md_data,data,count);
+ }
+#endif
static int final(EVP_MD_CTX *ctx,unsigned char *md)
{ return SHA1_Final(md,ctx->md_data); }
@@ -77,7 +84,7 @@ static const EVP_MD dss1_md=
NID_dsa,
NID_dsaWithSHA1,
SHA_DIGEST_LENGTH,
- 0,
+ EVP_MD_FLAG_FIPS,
init,
update,
final,
diff --git a/src/lib/libssl/src/crypto/evp/m_sha.c b/src/lib/libssl/src/crypto/evp/m_sha.c
index d1785e5f74..ed54909b16 100644
--- a/src/lib/libssl/src/crypto/evp/m_sha.c
+++ b/src/lib/libssl/src/crypto/evp/m_sha.c
@@ -59,6 +59,9 @@
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
#include <stdio.h>
#include "cryptlib.h"
+/* Including sha.h prior evp.h masks FIPS SHA declarations, but that's
+ * exactly what we want to achieve here... */
+#include <openssl/sha.h>
#include <openssl/evp.h>
#include "evp_locl.h"
#include <openssl/objects.h>
diff --git a/src/lib/libssl/src/crypto/evp/m_sha1.c b/src/lib/libssl/src/crypto/evp/m_sha1.c
index fe4402389a..60da93873c 100644
--- a/src/lib/libssl/src/crypto/evp/m_sha1.c
+++ b/src/lib/libssl/src/crypto/evp/m_sha1.c
@@ -67,7 +67,14 @@ static int init(EVP_MD_CTX *ctx)
{ return SHA1_Init(ctx->md_data); }
static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+#ifndef OPENSSL_FIPS
{ return SHA1_Update(ctx->md_data,data,count); }
+#else
+ {
+ OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+ return SHA1_Update(ctx->md_data,data,count);
+ }
+#endif
static int final(EVP_MD_CTX *ctx,unsigned char *md)
{ return SHA1_Final(md,ctx->md_data); }
@@ -93,3 +100,115 @@ const EVP_MD *EVP_sha1(void)
return(&sha1_md);
}
#endif
+
+#ifdef OPENSSL_FIPS
+#ifndef OPENSSL_NO_SHA256
+static int init224(EVP_MD_CTX *ctx)
+ { return SHA224_Init(ctx->md_data); }
+static int init256(EVP_MD_CTX *ctx)
+ { return SHA256_Init(ctx->md_data); }
+/*
+ * Even though there're separate SHA224_[Update|Final], we call
+ * SHA256 functions even in SHA224 context. This is what happens
+ * there anyway, so we can spare few CPU cycles:-)
+ */
+static int update256(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+ {
+ OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+ return SHA256_Update(ctx->md_data,data,count);
+ }
+static int final256(EVP_MD_CTX *ctx,unsigned char *md)
+ { return SHA256_Final(md,ctx->md_data); }
+
+static const EVP_MD sha224_md=
+ {
+ NID_sha224,
+ NID_sha224WithRSAEncryption,
+ SHA224_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS,
+ init224,
+ update256,
+ final256,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+ };
+
+const EVP_MD *EVP_sha224(void)
+ { return(&sha224_md); }
+
+static const EVP_MD sha256_md=
+ {
+ NID_sha256,
+ NID_sha256WithRSAEncryption,
+ SHA256_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS,
+ init256,
+ update256,
+ final256,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+ };
+
+const EVP_MD *EVP_sha256(void)
+ { return(&sha256_md); }
+#endif /* ifndef OPENSSL_NO_SHA256 */
+
+#ifndef OPENSSL_NO_SHA512
+static int init384(EVP_MD_CTX *ctx)
+ { return SHA384_Init(ctx->md_data); }
+static int init512(EVP_MD_CTX *ctx)
+ { return SHA512_Init(ctx->md_data); }
+/* See comment in SHA224/256 section */
+static int update512(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+ {
+ OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+ return SHA512_Update(ctx->md_data,data,count);
+ }
+static int final512(EVP_MD_CTX *ctx,unsigned char *md)
+ { return SHA512_Final(md,ctx->md_data); }
+
+static const EVP_MD sha384_md=
+ {
+ NID_sha384,
+ NID_sha384WithRSAEncryption,
+ SHA384_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS,
+ init384,
+ update512,
+ final512,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+ };
+
+const EVP_MD *EVP_sha384(void)
+ { return(&sha384_md); }
+
+static const EVP_MD sha512_md=
+ {
+ NID_sha512,
+ NID_sha512WithRSAEncryption,
+ SHA512_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS,
+ init512,
+ update512,
+ final512,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+ };
+
+const EVP_MD *EVP_sha512(void)
+ { return(&sha512_md); }
+#endif /* ifndef OPENSSL_NO_SHA512 */
+#endif /* ifdef OPENSSL_FIPS */
diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt2.c b/src/lib/libssl/src/crypto/evp/p5_crpt2.c
index 1f94e1ef88..1d5fabc4b2 100644
--- a/src/lib/libssl/src/crypto/evp/p5_crpt2.c
+++ b/src/lib/libssl/src/crypto/evp/p5_crpt2.c
@@ -194,11 +194,16 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
/* Now decode key derivation function */
+ if(!pbe2->keyfunc->parameter ||
+ (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE))
+ {
+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+ goto err;
+ }
+
pbuf = pbe2->keyfunc->parameter->value.sequence->data;
plen = pbe2->keyfunc->parameter->value.sequence->length;
- if(!pbe2->keyfunc->parameter ||
- (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE) ||
- !(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
+ if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
goto err;
}
diff --git a/src/lib/libssl/src/crypto/hmac/Makefile b/src/lib/libssl/src/crypto/hmac/Makefile
index f634dab79d..3d53d8240f 100644
--- a/src/lib/libssl/src/crypto/hmac/Makefile
+++ b/src/lib/libssl/src/crypto/hmac/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/md/Makefile
+# OpenSSL/crypto/md/Makefile
#
DIR= hmac
diff --git a/src/lib/libssl/src/crypto/hmac/hmac.c b/src/lib/libssl/src/crypto/hmac/hmac.c
index 06ee80761f..6c110bd52b 100644
--- a/src/lib/libssl/src/crypto/hmac/hmac.c
+++ b/src/lib/libssl/src/crypto/hmac/hmac.c
@@ -61,6 +61,8 @@
#include <openssl/hmac.h>
#include "cryptlib.h"
+#ifndef OPENSSL_FIPS
+
void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
const EVP_MD *md, ENGINE *impl)
{
@@ -77,15 +79,6 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
if (key != NULL)
{
-#ifdef OPENSSL_FIPS
- if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS)
- && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
- || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
- || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
- OpenSSLDie(__FILE__,__LINE__,
- "HMAC: digest not allowed in FIPS mode");
-#endif
-
reset=1;
j=EVP_MD_block_size(md);
OPENSSL_assert(j <= sizeof ctx->key);
@@ -187,3 +180,4 @@ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
}
+#endif
diff --git a/src/lib/libssl/src/crypto/hmac/hmac.h b/src/lib/libssl/src/crypto/hmac/hmac.h
index 294ab3b36a..c6489c04c8 100644
--- a/src/lib/libssl/src/crypto/hmac/hmac.h
+++ b/src/lib/libssl/src/crypto/hmac/hmac.h
@@ -64,7 +64,11 @@
#include <openssl/evp.h>
+#ifdef OPENSSL_FIPS
+#define HMAC_MAX_MD_CBLOCK 128
+#else
#define HMAC_MAX_MD_CBLOCK 64
+#endif
#ifdef __cplusplus
extern "C" {
diff --git a/src/lib/libssl/src/crypto/idea/Makefile b/src/lib/libssl/src/crypto/idea/Makefile
index f652783027..6b8e530d9d 100644
--- a/src/lib/libssl/src/crypto/idea/Makefile
+++ b/src/lib/libssl/src/crypto/idea/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/idea/Makefile
+# OpenSSL/crypto/idea/Makefile
#
DIR= idea
@@ -86,7 +86,7 @@ i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
i_ofb64.o: i_ofb64.c idea_lcl.h
i_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
-i_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i_skey.o: i_skey.c idea_lcl.h
+i_skey.o: ../../include/openssl/fips.h ../../include/openssl/idea.h
+i_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i_skey.o: ../../include/openssl/symhacks.h i_skey.c idea_lcl.h
diff --git a/src/lib/libssl/src/crypto/lhash/Makefile b/src/lib/libssl/src/crypto/lhash/Makefile
index d325a1644d..cdb0e77fad 100644
--- a/src/lib/libssl/src/crypto/lhash/Makefile
+++ b/src/lib/libssl/src/crypto/lhash/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/lhash/Makefile
+# OpenSSL/crypto/lhash/Makefile
#
DIR= lhash
diff --git a/src/lib/libssl/src/crypto/md2/Makefile b/src/lib/libssl/src/crypto/md2/Makefile
index 90628511da..9d0351bb2f 100644
--- a/src/lib/libssl/src/crypto/md2/Makefile
+++ b/src/lib/libssl/src/crypto/md2/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/md/Makefile
+# OpenSSL/crypto/md/Makefile
#
DIR= md2
diff --git a/src/lib/libssl/src/crypto/md2/md2_one.c b/src/lib/libssl/src/crypto/md2/md2_one.c
index 835160ef56..8c36ba5779 100644
--- a/src/lib/libssl/src/crypto/md2/md2_one.c
+++ b/src/lib/libssl/src/crypto/md2/md2_one.c
@@ -69,7 +69,8 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md)
static unsigned char m[MD2_DIGEST_LENGTH];
if (md == NULL) md=m;
- MD2_Init(&c);
+ if (!MD2_Init(&c))
+ return NULL;
#ifndef CHARSET_EBCDIC
MD2_Update(&c,d,n);
#else
diff --git a/src/lib/libssl/src/crypto/md4/Makefile b/src/lib/libssl/src/crypto/md4/Makefile
index 0b7c8d7ad8..eeb457f20f 100644
--- a/src/lib/libssl/src/crypto/md4/Makefile
+++ b/src/lib/libssl/src/crypto/md4/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/md4/Makefile
+# OpenSSL/crypto/md4/Makefile
#
DIR= md4
diff --git a/src/lib/libssl/src/crypto/md4/md4_one.c b/src/lib/libssl/src/crypto/md4/md4_one.c
index 00565507e4..50f79352f6 100644
--- a/src/lib/libssl/src/crypto/md4/md4_one.c
+++ b/src/lib/libssl/src/crypto/md4/md4_one.c
@@ -71,7 +71,8 @@ unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md)
static unsigned char m[MD4_DIGEST_LENGTH];
if (md == NULL) md=m;
- MD4_Init(&c);
+ if (!MD4_Init(&c))
+ return NULL;
#ifndef CHARSET_EBCDIC
MD4_Update(&c,d,n);
#else
diff --git a/src/lib/libssl/src/crypto/md5/Makefile b/src/lib/libssl/src/crypto/md5/Makefile
index 832446fff2..1ed018526f 100644
--- a/src/lib/libssl/src/crypto/md5/Makefile
+++ b/src/lib/libssl/src/crypto/md5/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/md5/Makefile
+# OpenSSL/crypto/md5/Makefile
#
DIR= md5
diff --git a/src/lib/libssl/src/crypto/md5/md5_one.c b/src/lib/libssl/src/crypto/md5/md5_one.c
index c5dd2d81db..44c6c455d1 100644
--- a/src/lib/libssl/src/crypto/md5/md5_one.c
+++ b/src/lib/libssl/src/crypto/md5/md5_one.c
@@ -71,7 +71,8 @@ unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md)
static unsigned char m[MD5_DIGEST_LENGTH];
if (md == NULL) md=m;
- MD5_Init(&c);
+ if (!MD5_Init(&c))
+ return NULL;
#ifndef CHARSET_EBCDIC
MD5_Update(&c,d,n);
#else
diff --git a/src/lib/libssl/src/crypto/mdc2/Makefile b/src/lib/libssl/src/crypto/mdc2/Makefile
index 38c785bf95..b8e9a9a4fa 100644
--- a/src/lib/libssl/src/crypto/mdc2/Makefile
+++ b/src/lib/libssl/src/crypto/mdc2/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/mdc2/Makefile
+# OpenSSL/crypto/mdc2/Makefile
#
DIR= mdc2
diff --git a/src/lib/libssl/src/crypto/objects/Makefile b/src/lib/libssl/src/crypto/objects/Makefile
index e449147129..23b2a69e6d 100644
--- a/src/lib/libssl/src/crypto/objects/Makefile
+++ b/src/lib/libssl/src/crypto/objects/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/objects/Makefile
+# OpenSSL/crypto/objects/Makefile
#
DIR= objects
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.h b/src/lib/libssl/src/crypto/objects/obj_dat.h
index 8785127055..cc22152682 100644
--- a/src/lib/libssl/src/crypto/objects/obj_dat.h
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.h
@@ -62,12 +62,12 @@
* [including the GNU Public Licence.]
*/
-#define NUM_NID 668
-#define NUM_SN 660
-#define NUM_LN 660
-#define NUM_OBJ 624
+#define NUM_NID 676
+#define NUM_SN 669
+#define NUM_LN 669
+#define NUM_OBJ 633
-static unsigned char lvalues[4500]={
+static unsigned char lvalues[4575]={
0x00, /* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
@@ -330,9 +330,9 @@ static unsigned char lvalues[4500]={
0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2092] OBJ_ac_auditEntity */
0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2100] OBJ_ac_targeting */
0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2108] OBJ_aaControls */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2116] OBJ_sbqp_ipAddrBlock */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2124] OBJ_sbqp_autonomousSysNum */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2132] OBJ_sbqp_routerIdentifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2116] OBJ_sbgp_ipAddrBlock */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2124] OBJ_sbgp_autonomousSysNum */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2132] OBJ_sbgp_routerIdentifier */
0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2140] OBJ_textNotice */
0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2148] OBJ_ipsecEndSystem */
0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2156] OBJ_ipsecTunnel */
@@ -691,7 +691,16 @@ static unsigned char lvalues[4500]={
0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4467] OBJ_proxyCertInfo */
0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4475] OBJ_id_ppl_anyLanguage */
0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4483] OBJ_id_ppl_inheritAll */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4491] OBJ_Independent */
+0x55,0x1D,0x1E, /* [4491] OBJ_name_constraints */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4494] OBJ_Independent */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4502] OBJ_sha256WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4511] OBJ_sha384WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4520] OBJ_sha512WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4529] OBJ_sha224WithRSAEncryption */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4538] OBJ_sha256 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4547] OBJ_sha384 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4556] OBJ_sha512 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4565] OBJ_sha224 */
};
static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -1134,12 +1143,12 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
&(lvalues[2092]),0},
{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2100]),0},
{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2108]),0},
-{"sbqp-ipAddrBlock","sbqp-ipAddrBlock",NID_sbqp_ipAddrBlock,8,
+{"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8,
&(lvalues[2116]),0},
-{"sbqp-autonomousSysNum","sbqp-autonomousSysNum",
- NID_sbqp_autonomousSysNum,8,&(lvalues[2124]),0},
-{"sbqp-routerIdentifier","sbqp-routerIdentifier",
- NID_sbqp_routerIdentifier,8,&(lvalues[2132]),0},
+{"sbgp-autonomousSysNum","sbgp-autonomousSysNum",
+ NID_sbgp_autonomousSysNum,8,&(lvalues[2124]),0},
+{"sbgp-routerIdentifier","sbgp-routerIdentifier",
+ NID_sbgp_routerIdentifier,8,&(lvalues[2132]),0},
{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2140]),0},
{"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8,
&(lvalues[2148]),0},
@@ -1754,8 +1763,21 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
&(lvalues[4475]),0},
{"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8,
&(lvalues[4483]),0},
-{NULL,NULL,NID_undef,0,NULL},
-{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4491]),0},
+{"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3,
+ &(lvalues[4491]),0},
+{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4494]),0},
+{"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9,
+ &(lvalues[4502]),0},
+{"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9,
+ &(lvalues[4511]),0},
+{"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9,
+ &(lvalues[4520]),0},
+{"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9,
+ &(lvalues[4529]),0},
+{"SHA256","sha256",NID_sha256,9,&(lvalues[4538]),0},
+{"SHA384","sha384",NID_sha384,9,&(lvalues[4547]),0},
+{"SHA512","sha512",NID_sha512,9,&(lvalues[4556]),0},
+{"SHA224","sha224",NID_sha224,9,&(lvalues[4565]),0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -1881,8 +1903,16 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[42]),/* "RSA-SHA" */
&(nid_objs[65]),/* "RSA-SHA1" */
&(nid_objs[115]),/* "RSA-SHA1-2" */
+&(nid_objs[671]),/* "RSA-SHA224" */
+&(nid_objs[668]),/* "RSA-SHA256" */
+&(nid_objs[669]),/* "RSA-SHA384" */
+&(nid_objs[670]),/* "RSA-SHA512" */
&(nid_objs[41]),/* "SHA" */
&(nid_objs[64]),/* "SHA1" */
+&(nid_objs[675]),/* "SHA224" */
+&(nid_objs[672]),/* "SHA256" */
+&(nid_objs[673]),/* "SHA384" */
+&(nid_objs[674]),/* "SHA512" */
&(nid_objs[188]),/* "SMIME" */
&(nid_objs[167]),/* "SMIME-CAPS" */
&(nid_objs[100]),/* "SN" */
@@ -2182,6 +2212,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[649]),/* "msUPN" */
&(nid_objs[481]),/* "nSRecord" */
&(nid_objs[173]),/* "name" */
+&(nid_objs[666]),/* "nameConstraints" */
&(nid_objs[369]),/* "noCheck" */
&(nid_objs[403]),/* "noRevAvail" */
&(nid_objs[72]),/* "nsBaseUrl" */
@@ -2254,9 +2285,9 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[ 1]),/* "rsadsi" */
&(nid_objs[482]),/* "sOARecord" */
&(nid_objs[155]),/* "safeContentsBag" */
-&(nid_objs[291]),/* "sbqp-autonomousSysNum" */
-&(nid_objs[290]),/* "sbqp-ipAddrBlock" */
-&(nid_objs[292]),/* "sbqp-routerIdentifier" */
+&(nid_objs[291]),/* "sbgp-autonomousSysNum" */
+&(nid_objs[290]),/* "sbgp-ipAddrBlock" */
+&(nid_objs[292]),/* "sbgp-routerIdentifier" */
&(nid_objs[159]),/* "sdsiCertificate" */
&(nid_objs[154]),/* "secretBag" */
&(nid_objs[474]),/* "secretary" */
@@ -2517,6 +2548,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[126]),/* "X509v3 Extended Key Usage" */
&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
&(nid_objs[83]),/* "X509v3 Key Usage" */
+&(nid_objs[666]),/* "X509v3 Name Constraints" */
&(nid_objs[403]),/* "X509v3 No Revocation Available" */
&(nid_objs[401]),/* "X509v3 Policy Constraints" */
&(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
@@ -2930,9 +2962,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[124]),/* "run length compression" */
&(nid_objs[482]),/* "sOARecord" */
&(nid_objs[155]),/* "safeContentsBag" */
-&(nid_objs[291]),/* "sbqp-autonomousSysNum" */
-&(nid_objs[290]),/* "sbqp-ipAddrBlock" */
-&(nid_objs[292]),/* "sbqp-routerIdentifier" */
+&(nid_objs[291]),/* "sbgp-autonomousSysNum" */
+&(nid_objs[290]),/* "sbgp-ipAddrBlock" */
+&(nid_objs[292]),/* "sbgp-routerIdentifier" */
&(nid_objs[159]),/* "sdsiCertificate" */
&(nid_objs[154]),/* "secretBag" */
&(nid_objs[474]),/* "secretary" */
@@ -3059,6 +3091,14 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[64]),/* "sha1" */
&(nid_objs[115]),/* "sha1WithRSA" */
&(nid_objs[65]),/* "sha1WithRSAEncryption" */
+&(nid_objs[675]),/* "sha224" */
+&(nid_objs[671]),/* "sha224WithRSAEncryption" */
+&(nid_objs[672]),/* "sha256" */
+&(nid_objs[668]),/* "sha256WithRSAEncryption" */
+&(nid_objs[673]),/* "sha384" */
+&(nid_objs[669]),/* "sha384WithRSAEncryption" */
+&(nid_objs[674]),/* "sha512" */
+&(nid_objs[670]),/* "sha512WithRSAEncryption" */
&(nid_objs[42]),/* "shaWithRSAEncryption" */
&(nid_objs[52]),/* "signingTime" */
&(nid_objs[454]),/* "simpleSecurityObject" */
@@ -3133,6 +3173,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[430]),/* OBJ_hold_instruction_code 2 5 29 23 */
&(nid_objs[142]),/* OBJ_invalidity_date 2 5 29 24 */
&(nid_objs[140]),/* OBJ_delta_crl 2 5 29 27 */
+&(nid_objs[666]),/* OBJ_name_constraints 2 5 29 30 */
&(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */
&(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */
&(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */
@@ -3383,9 +3424,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[287]),/* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */
&(nid_objs[288]),/* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */
&(nid_objs[289]),/* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */
-&(nid_objs[290]),/* OBJ_sbqp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */
-&(nid_objs[291]),/* OBJ_sbqp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */
-&(nid_objs[292]),/* OBJ_sbqp_routerIdentifier 1 3 6 1 5 5 7 1 9 */
+&(nid_objs[290]),/* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */
+&(nid_objs[291]),/* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */
+&(nid_objs[292]),/* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */
&(nid_objs[397]),/* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */
&(nid_objs[398]),/* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */
&(nid_objs[663]),/* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */
@@ -3480,6 +3521,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */
&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */
&(nid_objs[644]),/* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */
+&(nid_objs[668]),/* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */
+&(nid_objs[669]),/* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */
+&(nid_objs[670]),/* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */
+&(nid_objs[671]),/* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */
&(nid_objs[28]),/* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */
&(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */
&(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */
@@ -3544,6 +3589,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[427]),/* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */
&(nid_objs[428]),/* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */
&(nid_objs[429]),/* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */
+&(nid_objs[672]),/* OBJ_sha256 2 16 840 1 101 3 4 2 1 */
+&(nid_objs[673]),/* OBJ_sha384 2 16 840 1 101 3 4 2 2 */
+&(nid_objs[674]),/* OBJ_sha512 2 16 840 1 101 3 4 2 3 */
+&(nid_objs[675]),/* OBJ_sha224 2 16 840 1 101 3 4 2 4 */
&(nid_objs[71]),/* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */
&(nid_objs[72]),/* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */
&(nid_objs[73]),/* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */
diff --git a/src/lib/libssl/src/crypto/objects/obj_err.c b/src/lib/libssl/src/crypto/objects/obj_err.c
index 2b5f43e3cc..0682979b38 100644
--- a/src/lib/libssl/src/crypto/objects/obj_err.c
+++ b/src/lib/libssl/src/crypto/objects/obj_err.c
@@ -1,6 +1,6 @@
/* crypto/objects/obj_err.c */
/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,22 +64,26 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason)
+
static ERR_STRING_DATA OBJ_str_functs[]=
{
-{ERR_PACK(0,OBJ_F_OBJ_ADD_OBJECT,0), "OBJ_add_object"},
-{ERR_PACK(0,OBJ_F_OBJ_CREATE,0), "OBJ_create"},
-{ERR_PACK(0,OBJ_F_OBJ_DUP,0), "OBJ_dup"},
-{ERR_PACK(0,OBJ_F_OBJ_NAME_NEW_INDEX,0), "OBJ_NAME_new_index"},
-{ERR_PACK(0,OBJ_F_OBJ_NID2LN,0), "OBJ_nid2ln"},
-{ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0), "OBJ_nid2obj"},
-{ERR_PACK(0,OBJ_F_OBJ_NID2SN,0), "OBJ_nid2sn"},
+{ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT), "OBJ_add_object"},
+{ERR_FUNC(OBJ_F_OBJ_CREATE), "OBJ_create"},
+{ERR_FUNC(OBJ_F_OBJ_DUP), "OBJ_dup"},
+{ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX), "OBJ_NAME_new_index"},
+{ERR_FUNC(OBJ_F_OBJ_NID2LN), "OBJ_nid2ln"},
+{ERR_FUNC(OBJ_F_OBJ_NID2OBJ), "OBJ_nid2obj"},
+{ERR_FUNC(OBJ_F_OBJ_NID2SN), "OBJ_nid2sn"},
{0,NULL}
};
static ERR_STRING_DATA OBJ_str_reasons[]=
{
-{OBJ_R_MALLOC_FAILURE ,"malloc failure"},
-{OBJ_R_UNKNOWN_NID ,"unknown nid"},
+{ERR_REASON(OBJ_R_MALLOC_FAILURE) ,"malloc failure"},
+{ERR_REASON(OBJ_R_UNKNOWN_NID) ,"unknown nid"},
{0,NULL}
};
@@ -93,8 +97,8 @@ void ERR_load_OBJ_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_OBJ,OBJ_str_functs);
- ERR_load_strings(ERR_LIB_OBJ,OBJ_str_reasons);
+ ERR_load_strings(0,OBJ_str_functs);
+ ERR_load_strings(0,OBJ_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/objects/obj_mac.h b/src/lib/libssl/src/crypto/objects/obj_mac.h
index d28894cf41..51bb50047f 100644
--- a/src/lib/libssl/src/crypto/objects/obj_mac.h
+++ b/src/lib/libssl/src/crypto/objects/obj_mac.h
@@ -241,6 +241,26 @@
#define NID_sha1WithRSAEncryption 65
#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L
+#define SN_sha256WithRSAEncryption "RSA-SHA256"
+#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption"
+#define NID_sha256WithRSAEncryption 668
+#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L
+
+#define SN_sha384WithRSAEncryption "RSA-SHA384"
+#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption"
+#define NID_sha384WithRSAEncryption 669
+#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L
+
+#define SN_sha512WithRSAEncryption "RSA-SHA512"
+#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption"
+#define NID_sha512WithRSAEncryption 670
+#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L
+
+#define SN_sha224WithRSAEncryption "RSA-SHA224"
+#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption"
+#define NID_sha224WithRSAEncryption 671
+#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L
+
#define SN_pkcs3 "pkcs3"
#define NID_pkcs3 27
#define OBJ_pkcs3 OBJ_pkcs,3L
@@ -1048,17 +1068,17 @@
#define NID_aaControls 289
#define OBJ_aaControls OBJ_id_pe,6L
-#define SN_sbqp_ipAddrBlock "sbqp-ipAddrBlock"
-#define NID_sbqp_ipAddrBlock 290
-#define OBJ_sbqp_ipAddrBlock OBJ_id_pe,7L
+#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock"
+#define NID_sbgp_ipAddrBlock 290
+#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L
-#define SN_sbqp_autonomousSysNum "sbqp-autonomousSysNum"
-#define NID_sbqp_autonomousSysNum 291
-#define OBJ_sbqp_autonomousSysNum OBJ_id_pe,8L
+#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum"
+#define NID_sbgp_autonomousSysNum 291
+#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L
-#define SN_sbqp_routerIdentifier "sbqp-routerIdentifier"
-#define NID_sbqp_routerIdentifier 292
-#define OBJ_sbqp_routerIdentifier OBJ_id_pe,9L
+#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier"
+#define NID_sbgp_routerIdentifier 292
+#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L
#define SN_ac_proxying "ac-proxying"
#define NID_ac_proxying 397
@@ -1779,6 +1799,11 @@
#define NID_delta_crl 140
#define OBJ_delta_crl OBJ_id_ce,27L
+#define SN_name_constraints "nameConstraints"
+#define LN_name_constraints "X509v3 Name Constraints"
+#define NID_name_constraints 666
+#define OBJ_name_constraints OBJ_id_ce,30L
+
#define SN_crl_distribution_points "crlDistributionPoints"
#define LN_crl_distribution_points "X509v3 CRL Distribution Points"
#define NID_crl_distribution_points 103
@@ -2081,6 +2106,28 @@
#define LN_des_ede3_cfb8 "des-ede3-cfb8"
#define NID_des_ede3_cfb8 659
+#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L
+
+#define SN_sha256 "SHA256"
+#define LN_sha256 "sha256"
+#define NID_sha256 672
+#define OBJ_sha256 OBJ_nist_hashalgs,1L
+
+#define SN_sha384 "SHA384"
+#define LN_sha384 "sha384"
+#define NID_sha384 673
+#define OBJ_sha384 OBJ_nist_hashalgs,2L
+
+#define SN_sha512 "SHA512"
+#define LN_sha512 "sha512"
+#define NID_sha512 674
+#define OBJ_sha512 OBJ_nist_hashalgs,3L
+
+#define SN_sha224 "SHA224"
+#define LN_sha224 "sha224"
+#define NID_sha224 675
+#define OBJ_sha224 OBJ_nist_hashalgs,4L
+
#define SN_hold_instruction_code "holdInstructionCode"
#define LN_hold_instruction_code "Hold Instruction Code"
#define NID_hold_instruction_code 430
diff --git a/src/lib/libssl/src/crypto/objects/obj_mac.num b/src/lib/libssl/src/crypto/objects/obj_mac.num
index 0e64a929ba..84555d936e 100644
--- a/src/lib/libssl/src/crypto/objects/obj_mac.num
+++ b/src/lib/libssl/src/crypto/objects/obj_mac.num
@@ -287,9 +287,9 @@ qcStatements 286
ac_auditEntity 287
ac_targeting 288
aaControls 289
-sbqp_ipAddrBlock 290
-sbqp_autonomousSysNum 291
-sbqp_routerIdentifier 292
+sbgp_ipAddrBlock 290
+sbgp_autonomousSysNum 291
+sbgp_routerIdentifier 292
textNotice 293
ipsecEndSystem 294
ipsecTunnel 295
@@ -663,5 +663,13 @@ id_ppl 662
proxyCertInfo 663
id_ppl_anyLanguage 664
id_ppl_inheritAll 665
-id_ppl_independent 666
+name_constraints 666
Independent 667
+sha256WithRSAEncryption 668
+sha384WithRSAEncryption 669
+sha512WithRSAEncryption 670
+sha224WithRSAEncryption 671
+sha256 672
+sha384 673
+sha512 674
+sha224 675
diff --git a/src/lib/libssl/src/crypto/objects/objects.txt b/src/lib/libssl/src/crypto/objects/objects.txt
index 50e9031e61..2635c4e667 100644
--- a/src/lib/libssl/src/crypto/objects/objects.txt
+++ b/src/lib/libssl/src/crypto/objects/objects.txt
@@ -63,6 +63,11 @@ pkcs1 2 : RSA-MD2 : md2WithRSAEncryption
pkcs1 3 : RSA-MD4 : md4WithRSAEncryption
pkcs1 4 : RSA-MD5 : md5WithRSAEncryption
pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption
+# According to PKCS #1 version 2.1
+pkcs1 11 : RSA-SHA256 : sha256WithRSAEncryption
+pkcs1 12 : RSA-SHA384 : sha384WithRSAEncryption
+pkcs1 13 : RSA-SHA512 : sha512WithRSAEncryption
+pkcs1 14 : RSA-SHA224 : sha224WithRSAEncryption
pkcs 3 : pkcs3
pkcs3 1 : : dhKeyAgreement
@@ -341,9 +346,9 @@ id-pe 3 : qcStatements
id-pe 4 : ac-auditEntity
id-pe 5 : ac-targeting
id-pe 6 : aaControls
-id-pe 7 : sbqp-ipAddrBlock
-id-pe 8 : sbqp-autonomousSysNum
-id-pe 9 : sbqp-routerIdentifier
+id-pe 7 : sbgp-ipAddrBlock
+id-pe 8 : sbgp-autonomousSysNum
+id-pe 9 : sbgp-routerIdentifier
id-pe 10 : ac-proxying
!Cname sinfo-access
id-pe 11 : subjectInfoAccess : Subject Information Access
@@ -584,6 +589,8 @@ id-ce 21 : CRLReason : X509v3 CRL Reason Code
id-ce 24 : invalidityDate : Invalidity Date
!Cname delta-crl
id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator
+!Cname name-constraints
+id-ce 30 : nameConstraints : X509v3 Name Constraints
!Cname crl-distribution-points
id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points
!Cname certificate-policies
@@ -703,6 +710,13 @@ aes 44 : AES-256-CFB : aes-256-cfb
: DES-EDE3-CFB1 : des-ede3-cfb1
: DES-EDE3-CFB8 : des-ede3-cfb8
+# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
+!Alias nist_hashalgs nistAlgorithms 2
+nist_hashalgs 1 : SHA256 : sha256
+nist_hashalgs 2 : SHA384 : sha384
+nist_hashalgs 3 : SHA512 : sha512
+nist_hashalgs 4 : SHA224 : sha224
+
# Hold instruction CRL entry extension
!Cname hold-instruction-code
id-ce 23 : holdInstructionCode : Hold Instruction Code
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_err.c b/src/lib/libssl/src/crypto/ocsp/ocsp_err.c
index 4c4d8306f8..65e6093fbc 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_err.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_err.c
@@ -1,6 +1,6 @@
/* crypto/ocsp/ocsp_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,60 +64,64 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
+
static ERR_STRING_DATA OCSP_str_functs[]=
{
-{ERR_PACK(0,OCSP_F_ASN1_STRING_ENCODE,0), "ASN1_STRING_encode"},
-{ERR_PACK(0,OCSP_F_CERT_ID_NEW,0), "CERT_ID_NEW"},
-{ERR_PACK(0,OCSP_F_D2I_OCSP_NONCE,0), "D2I_OCSP_NONCE"},
-{ERR_PACK(0,OCSP_F_OCSP_BASIC_ADD1_STATUS,0), "OCSP_basic_add1_status"},
-{ERR_PACK(0,OCSP_F_OCSP_BASIC_SIGN,0), "OCSP_basic_sign"},
-{ERR_PACK(0,OCSP_F_OCSP_BASIC_VERIFY,0), "OCSP_basic_verify"},
-{ERR_PACK(0,OCSP_F_OCSP_CHECK_DELEGATED,0), "OCSP_CHECK_DELEGATED"},
-{ERR_PACK(0,OCSP_F_OCSP_CHECK_IDS,0), "OCSP_CHECK_IDS"},
-{ERR_PACK(0,OCSP_F_OCSP_CHECK_ISSUER,0), "OCSP_CHECK_ISSUER"},
-{ERR_PACK(0,OCSP_F_OCSP_CHECK_VALIDITY,0), "OCSP_check_validity"},
-{ERR_PACK(0,OCSP_F_OCSP_MATCH_ISSUERID,0), "OCSP_MATCH_ISSUERID"},
-{ERR_PACK(0,OCSP_F_OCSP_PARSE_URL,0), "OCSP_parse_url"},
-{ERR_PACK(0,OCSP_F_OCSP_REQUEST_SIGN,0), "OCSP_request_sign"},
-{ERR_PACK(0,OCSP_F_OCSP_REQUEST_VERIFY,0), "OCSP_request_verify"},
-{ERR_PACK(0,OCSP_F_OCSP_RESPONSE_GET1_BASIC,0), "OCSP_response_get1_basic"},
-{ERR_PACK(0,OCSP_F_OCSP_SENDREQ_BIO,0), "OCSP_sendreq_bio"},
-{ERR_PACK(0,OCSP_F_REQUEST_VERIFY,0), "REQUEST_VERIFY"},
+{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"},
+{ERR_FUNC(OCSP_F_CERT_ID_NEW), "CERT_ID_NEW"},
+{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"},
+{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
+{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
+{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"},
+{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
+{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"},
+{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"},
+{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"},
+{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"},
+{ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"},
+{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},
+{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
+{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
+{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"},
+{ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"},
{0,NULL}
};
static ERR_STRING_DATA OCSP_str_reasons[]=
{
-{OCSP_R_BAD_DATA ,"bad data"},
-{OCSP_R_CERTIFICATE_VERIFY_ERROR ,"certificate verify error"},
-{OCSP_R_DIGEST_ERR ,"digest err"},
-{OCSP_R_ERROR_IN_NEXTUPDATE_FIELD ,"error in nextupdate field"},
-{OCSP_R_ERROR_IN_THISUPDATE_FIELD ,"error in thisupdate field"},
-{OCSP_R_ERROR_PARSING_URL ,"error parsing url"},
-{OCSP_R_MISSING_OCSPSIGNING_USAGE ,"missing ocspsigning usage"},
-{OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE ,"nextupdate before thisupdate"},
-{OCSP_R_NOT_BASIC_RESPONSE ,"not basic response"},
-{OCSP_R_NO_CERTIFICATES_IN_CHAIN ,"no certificates in chain"},
-{OCSP_R_NO_CONTENT ,"no content"},
-{OCSP_R_NO_PUBLIC_KEY ,"no public key"},
-{OCSP_R_NO_RESPONSE_DATA ,"no response data"},
-{OCSP_R_NO_REVOKED_TIME ,"no revoked time"},
-{OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"},
-{OCSP_R_REQUEST_NOT_SIGNED ,"request not signed"},
-{OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA,"response contains no revocation data"},
-{OCSP_R_ROOT_CA_NOT_TRUSTED ,"root ca not trusted"},
-{OCSP_R_SERVER_READ_ERROR ,"server read error"},
-{OCSP_R_SERVER_RESPONSE_ERROR ,"server response error"},
-{OCSP_R_SERVER_RESPONSE_PARSE_ERROR ,"server response parse error"},
-{OCSP_R_SERVER_WRITE_ERROR ,"server write error"},
-{OCSP_R_SIGNATURE_FAILURE ,"signature failure"},
-{OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND ,"signer certificate not found"},
-{OCSP_R_STATUS_EXPIRED ,"status expired"},
-{OCSP_R_STATUS_NOT_YET_VALID ,"status not yet valid"},
-{OCSP_R_STATUS_TOO_OLD ,"status too old"},
-{OCSP_R_UNKNOWN_MESSAGE_DIGEST ,"unknown message digest"},
-{OCSP_R_UNKNOWN_NID ,"unknown nid"},
-{OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE ,"unsupported requestorname type"},
+{ERR_REASON(OCSP_R_BAD_DATA) ,"bad data"},
+{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
+{ERR_REASON(OCSP_R_DIGEST_ERR) ,"digest err"},
+{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"},
+{ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"},
+{ERR_REASON(OCSP_R_ERROR_PARSING_URL) ,"error parsing url"},
+{ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"},
+{ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"},
+{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) ,"not basic response"},
+{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"},
+{ERR_REASON(OCSP_R_NO_CONTENT) ,"no content"},
+{ERR_REASON(OCSP_R_NO_PUBLIC_KEY) ,"no public key"},
+{ERR_REASON(OCSP_R_NO_RESPONSE_DATA) ,"no response data"},
+{ERR_REASON(OCSP_R_NO_REVOKED_TIME) ,"no revoked time"},
+{ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
+{ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) ,"request not signed"},
+{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"},
+{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) ,"root ca not trusted"},
+{ERR_REASON(OCSP_R_SERVER_READ_ERROR) ,"server read error"},
+{ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"},
+{ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"},
+{ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) ,"server write error"},
+{ERR_REASON(OCSP_R_SIGNATURE_FAILURE) ,"signature failure"},
+{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
+{ERR_REASON(OCSP_R_STATUS_EXPIRED) ,"status expired"},
+{ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"},
+{ERR_REASON(OCSP_R_STATUS_TOO_OLD) ,"status too old"},
+{ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"},
+{ERR_REASON(OCSP_R_UNKNOWN_NID) ,"unknown nid"},
+{ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"},
{0,NULL}
};
@@ -131,8 +135,8 @@ void ERR_load_OCSP_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_OCSP,OCSP_str_functs);
- ERR_load_strings(ERR_LIB_OCSP,OCSP_str_reasons);
+ ERR_load_strings(0,OCSP_str_functs);
+ ERR_load_strings(0,OCSP_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/opensslv.h b/src/lib/libssl/src/crypto/opensslv.h
index 5d5f688edd..e50c1baf00 100644
--- a/src/lib/libssl/src/crypto/opensslv.h
+++ b/src/lib/libssl/src/crypto/opensslv.h
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x0090707fL
+#define OPENSSL_VERSION_NUMBER 0x009070afL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7g-fips 11 Apr 2005"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7j-fips 04 May 2006"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7g 11 Apr 2005"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7j 04 May 2006"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/src/lib/libssl/src/crypto/pem/Makefile b/src/lib/libssl/src/crypto/pem/Makefile
index f3dfea2ac8..fbc2b5d056 100644
--- a/src/lib/libssl/src/crypto/pem/Makefile
+++ b/src/lib/libssl/src/crypto/pem/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/pem/Makefile
+# OpenSSL/crypto/pem/Makefile
#
DIR= pem
diff --git a/src/lib/libssl/src/crypto/pem/pem_err.c b/src/lib/libssl/src/crypto/pem/pem_err.c
index 3b39b84d66..8527028ebc 100644
--- a/src/lib/libssl/src/crypto/pem/pem_err.c
+++ b/src/lib/libssl/src/crypto/pem/pem_err.c
@@ -1,6 +1,6 @@
/* crypto/pem/pem_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,52 +64,56 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
+
static ERR_STRING_DATA PEM_str_functs[]=
{
-{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_BIO,0), "d2i_PKCS8PrivateKey_bio"},
-{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_FP,0), "d2i_PKCS8PrivateKey_fp"},
-{ERR_PACK(0,PEM_F_DEF_CALLBACK,0), "DEF_CALLBACK"},
-{ERR_PACK(0,PEM_F_LOAD_IV,0), "LOAD_IV"},
-{ERR_PACK(0,PEM_F_PEM_ASN1_READ,0), "PEM_ASN1_read"},
-{ERR_PACK(0,PEM_F_PEM_ASN1_READ_BIO,0), "PEM_ASN1_read_bio"},
-{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE,0), "PEM_ASN1_write"},
-{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE_BIO,0), "PEM_ASN1_write_bio"},
-{ERR_PACK(0,PEM_F_PEM_DO_HEADER,0), "PEM_do_header"},
-{ERR_PACK(0,PEM_F_PEM_F_DO_PK8KEY_FP,0), "PEM_F_DO_PK8KEY_FP"},
-{ERR_PACK(0,PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,0), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
-{ERR_PACK(0,PEM_F_PEM_GET_EVP_CIPHER_INFO,0), "PEM_get_EVP_CIPHER_INFO"},
-{ERR_PACK(0,PEM_F_PEM_READ,0), "PEM_read"},
-{ERR_PACK(0,PEM_F_PEM_READ_BIO,0), "PEM_read_bio"},
-{ERR_PACK(0,PEM_F_PEM_SEALFINAL,0), "PEM_SealFinal"},
-{ERR_PACK(0,PEM_F_PEM_SEALINIT,0), "PEM_SealInit"},
-{ERR_PACK(0,PEM_F_PEM_SIGNFINAL,0), "PEM_SignFinal"},
-{ERR_PACK(0,PEM_F_PEM_WRITE,0), "PEM_write"},
-{ERR_PACK(0,PEM_F_PEM_WRITE_BIO,0), "PEM_write_bio"},
-{ERR_PACK(0,PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,0), "PEM_write_bio_PKCS8PrivateKey"},
-{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ,0), "PEM_X509_INFO_read"},
-{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ_BIO,0), "PEM_X509_INFO_read_bio"},
-{ERR_PACK(0,PEM_F_PEM_X509_INFO_WRITE_BIO,0), "PEM_X509_INFO_write_bio"},
+{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"},
+{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"},
+{ERR_FUNC(PEM_F_DEF_CALLBACK), "DEF_CALLBACK"},
+{ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"},
+{ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
+{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"},
+{ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"},
+{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
+{ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
+{ERR_FUNC(PEM_F_PEM_F_DO_PK8KEY_FP), "PEM_F_DO_PK8KEY_FP"},
+{ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
+{ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"},
+{ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
+{ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
+{ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
+{ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"},
+{ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
+{ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"},
+{ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
+{ERR_FUNC(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY), "PEM_write_bio_PKCS8PrivateKey"},
+{ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"},
+{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"},
+{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"},
{0,NULL}
};
static ERR_STRING_DATA PEM_str_reasons[]=
{
-{PEM_R_BAD_BASE64_DECODE ,"bad base64 decode"},
-{PEM_R_BAD_DECRYPT ,"bad decrypt"},
-{PEM_R_BAD_END_LINE ,"bad end line"},
-{PEM_R_BAD_IV_CHARS ,"bad iv chars"},
-{PEM_R_BAD_PASSWORD_READ ,"bad password read"},
-{PEM_R_ERROR_CONVERTING_PRIVATE_KEY ,"error converting private key"},
-{PEM_R_NOT_DEK_INFO ,"not dek info"},
-{PEM_R_NOT_ENCRYPTED ,"not encrypted"},
-{PEM_R_NOT_PROC_TYPE ,"not proc type"},
-{PEM_R_NO_START_LINE ,"no start line"},
-{PEM_R_PROBLEMS_GETTING_PASSWORD ,"problems getting password"},
-{PEM_R_PUBLIC_KEY_NO_RSA ,"public key no rsa"},
-{PEM_R_READ_KEY ,"read key"},
-{PEM_R_SHORT_HEADER ,"short header"},
-{PEM_R_UNSUPPORTED_CIPHER ,"unsupported cipher"},
-{PEM_R_UNSUPPORTED_ENCRYPTION ,"unsupported encryption"},
+{ERR_REASON(PEM_R_BAD_BASE64_DECODE) ,"bad base64 decode"},
+{ERR_REASON(PEM_R_BAD_DECRYPT) ,"bad decrypt"},
+{ERR_REASON(PEM_R_BAD_END_LINE) ,"bad end line"},
+{ERR_REASON(PEM_R_BAD_IV_CHARS) ,"bad iv chars"},
+{ERR_REASON(PEM_R_BAD_PASSWORD_READ) ,"bad password read"},
+{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"},
+{ERR_REASON(PEM_R_NOT_DEK_INFO) ,"not dek info"},
+{ERR_REASON(PEM_R_NOT_ENCRYPTED) ,"not encrypted"},
+{ERR_REASON(PEM_R_NOT_PROC_TYPE) ,"not proc type"},
+{ERR_REASON(PEM_R_NO_START_LINE) ,"no start line"},
+{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"},
+{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) ,"public key no rsa"},
+{ERR_REASON(PEM_R_READ_KEY) ,"read key"},
+{ERR_REASON(PEM_R_SHORT_HEADER) ,"short header"},
+{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
+{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"},
{0,NULL}
};
@@ -123,8 +127,8 @@ void ERR_load_PEM_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_PEM,PEM_str_functs);
- ERR_load_strings(ERR_LIB_PEM,PEM_str_reasons);
+ ERR_load_strings(0,PEM_str_functs);
+ ERR_load_strings(0,PEM_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/perlasm/x86asm.pl b/src/lib/libssl/src/crypto/perlasm/x86asm.pl
index bef2667079..ea54a1edc5 100644
--- a/src/lib/libssl/src/crypto/perlasm/x86asm.pl
+++ b/src/lib/libssl/src/crypto/perlasm/x86asm.pl
@@ -90,7 +90,7 @@ $tmp
#ifdef OUT
#define OK 1
#define ALIGN 4
-#if defined(__CYGWIN__) || defined(__DJGPP__)
+#if defined(__CYGWIN__) || defined(__DJGPP__) || defined(__MINGW32__)
#undef SIZE
#undef TYPE
#define SIZE(a,b)
diff --git a/src/lib/libssl/src/crypto/perlasm/x86nasm.pl b/src/lib/libssl/src/crypto/perlasm/x86nasm.pl
index 5009acb4b3..4bdb3fe180 100644
--- a/src/lib/libssl/src/crypto/perlasm/x86nasm.pl
+++ b/src/lib/libssl/src/crypto/perlasm/x86nasm.pl
@@ -221,7 +221,15 @@ sub using486
sub main'file
{
- push(@out, "segment .text use32\n");
+ local $tmp;
+ $tmp=<<___;
+%ifdef __omf__
+section code use32 class=code
+%else
+section .text
+%endif
+___
+ push(@out,$tmp);
}
sub main'function_begin
diff --git a/src/lib/libssl/src/crypto/pkcs12/Makefile b/src/lib/libssl/src/crypto/pkcs12/Makefile
index 854b641f7c..bef4f27912 100644
--- a/src/lib/libssl/src/crypto/pkcs12/Makefile
+++ b/src/lib/libssl/src/crypto/pkcs12/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/pkcs12/Makefile
+# OpenSSL/crypto/pkcs12/Makefile
#
DIR= pkcs12
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_add.c b/src/lib/libssl/src/crypto/pkcs12/p12_add.c
index 1909f28506..27015dd8c3 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_add.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_add.c
@@ -148,7 +148,11 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
{
- if(!PKCS7_type_is_data(p7)) return NULL;
+ if(!PKCS7_type_is_data(p7))
+ {
+ PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA);
+ return NULL;
+ }
return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
}
@@ -211,5 +215,10 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
{
+ if (!PKCS7_type_is_data(p12->authsafes))
+ {
+ PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA);
+ return NULL;
+ }
return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
}
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
index 4c36c643ce..40340a7bef 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
@@ -76,7 +76,15 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
unsigned int keyidlen;
/* Set defaults */
- if(!nid_cert) nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+ if(!nid_cert)
+ {
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else
+#endif
+ nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+ }
if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
if(!iter) iter = PKCS12_DEFAULT_ITER;
if(!mac_iter) mac_iter = 1;
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c b/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c
index 4886b9b289..140d21155e 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c
@@ -72,6 +72,12 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
int saltlen, iter;
+ if (!PKCS7_type_is_data(p12->authsafes))
+ {
+ PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA);
+ return 0;
+ }
+
salt = p12->mac->salt->data;
saltlen = p12->mac->salt->length;
if (!p12->mac->iter) iter = 1;
diff --git a/src/lib/libssl/src/crypto/pkcs12/pk12err.c b/src/lib/libssl/src/crypto/pkcs12/pk12err.c
index 10ab80502c..a33b37b1c7 100644
--- a/src/lib/libssl/src/crypto/pkcs12/pk12err.c
+++ b/src/lib/libssl/src/crypto/pkcs12/pk12err.c
@@ -1,6 +1,6 @@
/* crypto/pkcs12/pk12err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,60 +64,67 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
+
static ERR_STRING_DATA PKCS12_str_functs[]=
{
-{ERR_PACK(0,PKCS12_F_PARSE_BAGS,0), "PARSE_BAGS"},
-{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME,0), "PKCS12_ADD_FRIENDLYNAME"},
-{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,0), "PKCS12_add_friendlyname_asc"},
-{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,0), "PKCS12_add_friendlyname_uni"},
-{ERR_PACK(0,PKCS12_F_PKCS12_ADD_LOCALKEYID,0), "PKCS12_add_localkeyid"},
-{ERR_PACK(0,PKCS12_F_PKCS12_CREATE,0), "PKCS12_create"},
-{ERR_PACK(0,PKCS12_F_PKCS12_DECRYPT_D2I,0), "PKCS12_decrypt_d2i"},
-{ERR_PACK(0,PKCS12_F_PKCS12_GEN_MAC,0), "PKCS12_gen_mac"},
-{ERR_PACK(0,PKCS12_F_PKCS12_I2D_ENCRYPT,0), "PKCS12_i2d_encrypt"},
-{ERR_PACK(0,PKCS12_F_PKCS12_INIT,0), "PKCS12_init"},
-{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_ASC,0), "PKCS12_key_gen_asc"},
-{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"},
-{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"},
-{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"},
-{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"},
-{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"},
-{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"},
-{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"},
-{ERR_PACK(0,PKCS12_F_PKCS12_PARSE,0), "PKCS12_parse"},
-{ERR_PACK(0,PKCS12_F_PKCS12_PBE_CRYPT,0), "PKCS12_pbe_crypt"},
-{ERR_PACK(0,PKCS12_F_PKCS12_PBE_KEYIVGEN,0), "PKCS12_PBE_keyivgen"},
-{ERR_PACK(0,PKCS12_F_PKCS12_SETUP_MAC,0), "PKCS12_setup_mac"},
-{ERR_PACK(0,PKCS12_F_PKCS12_SET_MAC,0), "PKCS12_set_mac"},
-{ERR_PACK(0,PKCS12_F_PKCS8_ADD_KEYUSAGE,0), "PKCS8_add_keyusage"},
-{ERR_PACK(0,PKCS12_F_PKCS8_ENCRYPT,0), "PKCS8_encrypt"},
-{ERR_PACK(0,PKCS12_F_VERIFY_MAC,0), "VERIFY_MAC"},
+{ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"},
+{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"},
+{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), "PKCS12_add_friendlyname_asc"},
+{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), "PKCS12_add_friendlyname_uni"},
+{ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"},
+{ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"},
+{ERR_FUNC(PKCS12_F_PKCS12_DECRYPT_D2I), "PKCS12_DECRYPT_D2I"},
+{ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"},
+{ERR_FUNC(PKCS12_F_PKCS12_I2D_ENCRYPT), "PKCS12_I2D_ENCRYPT"},
+{ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"},
+{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
+{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
+{ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"},
+{ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"},
+{ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"},
+{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
+{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"},
+{ERR_FUNC(PKCS12_F_PKCS12_PACK_SAFEBAG), "PKCS12_PACK_SAFEBAG"},
+{ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"},
+{ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"},
+{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"},
+{ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"},
+{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"},
+{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},
+{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"},
+{ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"},
+{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"},
+{ERR_FUNC(PKCS12_F_VERIFY_MAC), "VERIFY_MAC"},
{0,NULL}
};
static ERR_STRING_DATA PKCS12_str_reasons[]=
{
-{PKCS12_R_CANT_PACK_STRUCTURE ,"cant pack structure"},
-{PKCS12_R_DECODE_ERROR ,"decode error"},
-{PKCS12_R_ENCODE_ERROR ,"encode error"},
-{PKCS12_R_ENCRYPT_ERROR ,"encrypt error"},
-{PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE,"error setting encrypted data type"},
-{PKCS12_R_INVALID_NULL_ARGUMENT ,"invalid null argument"},
-{PKCS12_R_INVALID_NULL_PKCS12_POINTER ,"invalid null pkcs12 pointer"},
-{PKCS12_R_IV_GEN_ERROR ,"iv gen error"},
-{PKCS12_R_KEY_GEN_ERROR ,"key gen error"},
-{PKCS12_R_MAC_ABSENT ,"mac absent"},
-{PKCS12_R_MAC_GENERATION_ERROR ,"mac generation error"},
-{PKCS12_R_MAC_SETUP_ERROR ,"mac setup error"},
-{PKCS12_R_MAC_STRING_SET_ERROR ,"mac string set error"},
-{PKCS12_R_MAC_VERIFY_ERROR ,"mac verify error"},
-{PKCS12_R_MAC_VERIFY_FAILURE ,"mac verify failure"},
-{PKCS12_R_PARSE_ERROR ,"parse error"},
-{PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR ,"pkcs12 algor cipherinit error"},
-{PKCS12_R_PKCS12_CIPHERFINAL_ERROR ,"pkcs12 cipherfinal error"},
-{PKCS12_R_PKCS12_PBE_CRYPT_ERROR ,"pkcs12 pbe crypt error"},
-{PKCS12_R_UNKNOWN_DIGEST_ALGORITHM ,"unknown digest algorithm"},
-{PKCS12_R_UNSUPPORTED_PKCS12_MODE ,"unsupported pkcs12 mode"},
+{ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"},
+{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"},
+{ERR_REASON(PKCS12_R_DECODE_ERROR) ,"decode error"},
+{ERR_REASON(PKCS12_R_ENCODE_ERROR) ,"encode error"},
+{ERR_REASON(PKCS12_R_ENCRYPT_ERROR) ,"encrypt error"},
+{ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),"error setting encrypted data type"},
+{ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
+{ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),"invalid null pkcs12 pointer"},
+{ERR_REASON(PKCS12_R_IV_GEN_ERROR) ,"iv gen error"},
+{ERR_REASON(PKCS12_R_KEY_GEN_ERROR) ,"key gen error"},
+{ERR_REASON(PKCS12_R_MAC_ABSENT) ,"mac absent"},
+{ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR),"mac generation error"},
+{ERR_REASON(PKCS12_R_MAC_SETUP_ERROR) ,"mac setup error"},
+{ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR),"mac string set error"},
+{ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR) ,"mac verify error"},
+{ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) ,"mac verify failure"},
+{ERR_REASON(PKCS12_R_PARSE_ERROR) ,"parse error"},
+{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),"pkcs12 algor cipherinit error"},
+{ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),"pkcs12 cipherfinal error"},
+{ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR),"pkcs12 pbe crypt error"},
+{ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),"unknown digest algorithm"},
+{ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE),"unsupported pkcs12 mode"},
{0,NULL}
};
@@ -131,8 +138,8 @@ void ERR_load_PKCS12_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs);
- ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons);
+ ERR_load_strings(0,PKCS12_str_functs);
+ ERR_load_strings(0,PKCS12_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/pkcs12/pkcs12.h b/src/lib/libssl/src/crypto/pkcs12/pkcs12.h
index dd338f266c..fb8af82d4f 100644
--- a/src/lib/libssl/src/crypto/pkcs12/pkcs12.h
+++ b/src/lib/libssl/src/crypto/pkcs12/pkcs12.h
@@ -287,12 +287,15 @@ void ERR_load_PKCS12_strings(void);
#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120
#define PKCS12_F_PKCS12_SETUP_MAC 122
#define PKCS12_F_PKCS12_SET_MAC 123
+#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 129
+#define PKCS12_F_PKCS12_UNPACK_P7DATA 130
#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124
#define PKCS12_F_PKCS8_ENCRYPT 125
#define PKCS12_F_VERIFY_MAC 126
/* Reason codes. */
#define PKCS12_R_CANT_PACK_STRUCTURE 100
+#define PKCS12_R_CONTENT_TYPE_NOT_DATA 121
#define PKCS12_R_DECODE_ERROR 101
#define PKCS12_R_ENCODE_ERROR 102
#define PKCS12_R_ENCRYPT_ERROR 103
diff --git a/src/lib/libssl/src/crypto/pkcs7/Makefile b/src/lib/libssl/src/crypto/pkcs7/Makefile
index f15c65f690..a213ae2227 100644
--- a/src/lib/libssl/src/crypto/pkcs7/Makefile
+++ b/src/lib/libssl/src/crypto/pkcs7/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/pkcs7/Makefile
+# OpenSSL/crypto/pkcs7/Makefile
#
DIR= pkcs7
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
index 5d2a97839d..927b88c3e7 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
@@ -3,7 +3,7 @@
* project 1999.
*/
/* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -152,11 +152,12 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
{
char bound[33], c;
int i;
- char *mime_prefix, *mime_eol;
+ char *mime_prefix, *mime_eol, *msg_type=NULL;
if (flags & PKCS7_NOOLDMIMETYPE)
mime_prefix = "application/pkcs7-";
else
mime_prefix = "application/x-pkcs7-";
+
if (flags & PKCS7_CRLFEOL)
mime_eol = "\r\n";
else
@@ -198,11 +199,30 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
mime_eol, mime_eol);
return 1;
}
+
+ /* Determine smime-type header */
+
+ if (PKCS7_type_is_enveloped(p7))
+ msg_type = "enveloped-data";
+ else if (PKCS7_type_is_signed(p7))
+ {
+ /* If we have any signers it is signed-data othewise
+ * certs-only.
+ */
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ sinfos = PKCS7_get_signer_info(p7);
+ if (sk_PKCS7_SIGNER_INFO_num(sinfos) > 0)
+ msg_type = "signed-data";
+ else
+ msg_type = "certs-only";
+ }
/* MIME headers */
BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
BIO_printf(bio, "Content-Disposition: attachment;");
BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+ if (msg_type)
+ BIO_printf(bio, " smime-type=%s;", msg_type);
BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
mime_eol, mime_eol);
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
index a852b49235..99a0d63f38 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
@@ -296,11 +296,9 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
if (tmpin == indata)
{
- if(indata) BIO_pop(p7bio);
- BIO_free_all(p7bio);
+ if (indata) BIO_pop(p7bio);
}
- else
- BIO_free_all(tmpin);
+ BIO_free_all(p7bio);
sk_X509_free(signers);
diff --git a/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c b/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c
index 5e51527a40..19894c80a4 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c
@@ -1,6 +1,6 @@
/* crypto/pkcs7/pkcs7err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,81 +64,85 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)
+
static ERR_STRING_DATA PKCS7_str_functs[]=
{
-{ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0), "B64_READ_PKCS7"},
-{ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0), "B64_WRITE_PKCS7"},
-{ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0), "PKCS7_add_attrib_smimecap"},
-{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0), "PKCS7_add_certificate"},
-{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0), "PKCS7_add_crl"},
-{ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0), "PKCS7_add_recipient_info"},
-{ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0), "PKCS7_add_signer"},
-{ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0), "PKCS7_ctrl"},
-{ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0), "PKCS7_dataDecode"},
-{ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"},
-{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0), "PKCS7_DATASIGN"},
-{ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0), "PKCS7_dataVerify"},
-{ERR_PACK(0,PKCS7_F_PKCS7_DECRYPT,0), "PKCS7_decrypt"},
-{ERR_PACK(0,PKCS7_F_PKCS7_ENCRYPT,0), "PKCS7_encrypt"},
-{ERR_PACK(0,PKCS7_F_PKCS7_GET0_SIGNERS,0), "PKCS7_get0_signers"},
-{ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0), "PKCS7_set_cipher"},
-{ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"},
-{ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"},
-{ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0), "PKCS7_sign"},
-{ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0), "PKCS7_signatureVerify"},
-{ERR_PACK(0,PKCS7_F_PKCS7_SIMPLE_SMIMECAP,0), "PKCS7_simple_smimecap"},
-{ERR_PACK(0,PKCS7_F_PKCS7_VERIFY,0), "PKCS7_verify"},
-{ERR_PACK(0,PKCS7_F_SMIME_READ_PKCS7,0), "SMIME_read_PKCS7"},
-{ERR_PACK(0,PKCS7_F_SMIME_TEXT,0), "SMIME_text"},
+{ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"},
+{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"},
+{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"},
+{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"},
+{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"},
+{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"},
+{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"},
+{ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"},
+{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"},
+{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"},
+{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"},
+{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"},
+{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"},
+{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"},
+{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"},
+{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"},
+{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"},
+{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"},
+{ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"},
+{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"},
+{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"},
+{ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"},
+{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"},
+{ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"},
{0,NULL}
};
static ERR_STRING_DATA PKCS7_str_reasons[]=
{
-{PKCS7_R_CERTIFICATE_VERIFY_ERROR ,"certificate verify error"},
-{PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"},
-{PKCS7_R_CIPHER_NOT_INITIALIZED ,"cipher not initialized"},
-{PKCS7_R_CONTENT_AND_DATA_PRESENT ,"content and data present"},
-{PKCS7_R_DECODE_ERROR ,"decode error"},
-{PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH ,"decrypted key is wrong length"},
-{PKCS7_R_DECRYPT_ERROR ,"decrypt error"},
-{PKCS7_R_DIGEST_FAILURE ,"digest failure"},
-{PKCS7_R_ERROR_ADDING_RECIPIENT ,"error adding recipient"},
-{PKCS7_R_ERROR_SETTING_CIPHER ,"error setting cipher"},
-{PKCS7_R_INVALID_MIME_TYPE ,"invalid mime type"},
-{PKCS7_R_INVALID_NULL_POINTER ,"invalid null pointer"},
-{PKCS7_R_MIME_NO_CONTENT_TYPE ,"mime no content type"},
-{PKCS7_R_MIME_PARSE_ERROR ,"mime parse error"},
-{PKCS7_R_MIME_SIG_PARSE_ERROR ,"mime sig parse error"},
-{PKCS7_R_MISSING_CERIPEND_INFO ,"missing ceripend info"},
-{PKCS7_R_NO_CONTENT ,"no content"},
-{PKCS7_R_NO_CONTENT_TYPE ,"no content type"},
-{PKCS7_R_NO_MULTIPART_BODY_FAILURE ,"no multipart body failure"},
-{PKCS7_R_NO_MULTIPART_BOUNDARY ,"no multipart boundary"},
-{PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"},
-{PKCS7_R_NO_SIGNATURES_ON_DATA ,"no signatures on data"},
-{PKCS7_R_NO_SIGNERS ,"no signers"},
-{PKCS7_R_NO_SIG_CONTENT_TYPE ,"no sig content type"},
-{PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"},
-{PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR ,"pkcs7 add signature error"},
-{PKCS7_R_PKCS7_DATAFINAL_ERROR ,"pkcs7 datafinal error"},
-{PKCS7_R_PKCS7_DATASIGN ,"pkcs7 datasign"},
-{PKCS7_R_PKCS7_PARSE_ERROR ,"pkcs7 parse error"},
-{PKCS7_R_PKCS7_SIG_PARSE_ERROR ,"pkcs7 sig parse error"},
-{PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"},
-{PKCS7_R_SIGNATURE_FAILURE ,"signature failure"},
-{PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND ,"signer certificate not found"},
-{PKCS7_R_SIG_INVALID_MIME_TYPE ,"sig invalid mime type"},
-{PKCS7_R_SMIME_TEXT_ERROR ,"smime text error"},
-{PKCS7_R_UNABLE_TO_FIND_CERTIFICATE ,"unable to find certificate"},
-{PKCS7_R_UNABLE_TO_FIND_MEM_BIO ,"unable to find mem bio"},
-{PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST ,"unable to find message digest"},
-{PKCS7_R_UNKNOWN_DIGEST_TYPE ,"unknown digest type"},
-{PKCS7_R_UNKNOWN_OPERATION ,"unknown operation"},
-{PKCS7_R_UNSUPPORTED_CIPHER_TYPE ,"unsupported cipher type"},
-{PKCS7_R_UNSUPPORTED_CONTENT_TYPE ,"unsupported content type"},
-{PKCS7_R_WRONG_CONTENT_TYPE ,"wrong content type"},
-{PKCS7_R_WRONG_PKCS7_TYPE ,"wrong pkcs7 type"},
+{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
+{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
+{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"},
+{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"},
+{ERR_REASON(PKCS7_R_DECODE_ERROR) ,"decode error"},
+{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"},
+{ERR_REASON(PKCS7_R_DECRYPT_ERROR) ,"decrypt error"},
+{ERR_REASON(PKCS7_R_DIGEST_FAILURE) ,"digest failure"},
+{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"},
+{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"},
+{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) ,"invalid mime type"},
+{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"},
+{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"},
+{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR) ,"mime parse error"},
+{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"},
+{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"},
+{ERR_REASON(PKCS7_R_NO_CONTENT) ,"no content"},
+{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) ,"no content type"},
+{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
+{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
+{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"},
+{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"},
+{ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"},
+{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
+{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"},
+{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"},
+{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"},
+{ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"},
+{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) ,"pkcs7 parse error"},
+{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"},
+{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
+{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) ,"signature failure"},
+{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
+{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
+{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) ,"smime text error"},
+{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"},
+{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"},
+{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"},
+{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"},
+{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION) ,"unknown operation"},
+{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"},
+{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
+{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE) ,"wrong content type"},
+{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE) ,"wrong pkcs7 type"},
{0,NULL}
};
@@ -152,8 +156,8 @@ void ERR_load_PKCS7_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs);
- ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons);
+ ERR_load_strings(0,PKCS7_str_functs);
+ ERR_load_strings(0,PKCS7_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/rand/Makefile b/src/lib/libssl/src/crypto/rand/Makefile
index 665eaa18e5..b1d1a75f98 100644
--- a/src/lib/libssl/src/crypto/rand/Makefile
+++ b/src/lib/libssl/src/crypto/rand/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/rand/Makefile
+# OpenSSL/crypto/rand/Makefile
#
DIR= rand
diff --git a/src/lib/libssl/src/crypto/rand/rand_err.c b/src/lib/libssl/src/crypto/rand/rand_err.c
index 95574659ac..97f96e1aee 100644
--- a/src/lib/libssl/src/crypto/rand/rand_err.c
+++ b/src/lib/libssl/src/crypto/rand/rand_err.c
@@ -1,6 +1,6 @@
/* crypto/rand/rand_err.c */
/* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,22 +64,26 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
+
static ERR_STRING_DATA RAND_str_functs[]=
{
-{ERR_PACK(0,RAND_F_FIPS_RAND_BYTES,0), "FIPS_RAND_BYTES"},
-{ERR_PACK(0,RAND_F_RAND_GET_RAND_METHOD,0), "RAND_get_rand_method"},
-{ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"},
+{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"},
+{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
+{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
{0,NULL}
};
static ERR_STRING_DATA RAND_str_reasons[]=
{
-{RAND_R_NON_FIPS_METHOD ,"non fips method"},
-{RAND_R_PRNG_ASKING_FOR_TOO_MUCH ,"prng asking for too much"},
-{RAND_R_PRNG_NOT_REKEYED ,"prng not rekeyed"},
-{RAND_R_PRNG_NOT_RESEEDED ,"prng not reseeded"},
-{RAND_R_PRNG_NOT_SEEDED ,"PRNG not seeded"},
-{RAND_R_PRNG_STUCK ,"prng stuck"},
+{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"},
+{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
+{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"},
+{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"},
+{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"},
+{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"},
{0,NULL}
};
@@ -93,8 +97,8 @@ void ERR_load_RAND_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_RAND,RAND_str_functs);
- ERR_load_strings(ERR_LIB_RAND,RAND_str_reasons);
+ ERR_load_strings(0,RAND_str_functs);
+ ERR_load_strings(0,RAND_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/rand/rand_lib.c b/src/lib/libssl/src/crypto/rand/rand_lib.c
index 88f1b56d91..a21bde79de 100644
--- a/src/lib/libssl/src/crypto/rand/rand_lib.c
+++ b/src/lib/libssl/src/crypto/rand/rand_lib.c
@@ -87,16 +87,6 @@ int RAND_set_rand_method(const RAND_METHOD *meth)
const RAND_METHOD *RAND_get_rand_method(void)
{
-#ifdef OPENSSL_FIPS
- if(FIPS_mode()
- && default_RAND_meth != FIPS_rand_check())
- {
- RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
- return 0;
- }
-#endif
-
-
if (!default_RAND_meth)
{
#ifndef OPENSSL_NO_ENGINE
@@ -114,8 +104,22 @@ const RAND_METHOD *RAND_get_rand_method(void)
funct_ref = e;
else
#endif
- default_RAND_meth = RAND_SSLeay();
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode())
+ default_RAND_meth=FIPS_rand_method();
+ else
+#endif
+ default_RAND_meth = RAND_SSLeay();
}
+
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode()
+ && default_RAND_meth != FIPS_rand_check())
+ {
+ RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
+ return 0;
+ }
+#endif
return default_RAND_meth;
}
diff --git a/src/lib/libssl/src/crypto/rand/randfile.c b/src/lib/libssl/src/crypto/rand/randfile.c
index c7fba496a8..7183fa32e4 100644
--- a/src/lib/libssl/src/crypto/rand/randfile.c
+++ b/src/lib/libssl/src/crypto/rand/randfile.c
@@ -57,7 +57,7 @@
*/
/* We need to define this to get macros like S_IFBLK and S_IFCHR */
-#define _XOPEN_SOURCE 1
+#define _XOPEN_SOURCE 500
#include <errno.h>
#include <stdio.h>
diff --git a/src/lib/libssl/src/crypto/rc2/Makefile b/src/lib/libssl/src/crypto/rc2/Makefile
index 18edaca6c6..34080ab741 100644
--- a/src/lib/libssl/src/crypto/rc2/Makefile
+++ b/src/lib/libssl/src/crypto/rc2/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/rc2/Makefile
+# OpenSSL/crypto/rc2/Makefile
#
DIR= rc2
@@ -82,7 +82,7 @@ rc2_cbc.o: rc2_cbc.c rc2_locl.h
rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h
rc2_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-rc2_skey.o: ../../include/openssl/opensslconf.h
+rc2_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
rc2_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
rc2_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rc2_skey.o: ../../include/openssl/symhacks.h rc2_locl.h rc2_skey.c
diff --git a/src/lib/libssl/src/crypto/rc2/rc2_skey.c b/src/lib/libssl/src/crypto/rc2/rc2_skey.c
index 22f372f85c..9652865188 100644
--- a/src/lib/libssl/src/crypto/rc2/rc2_skey.c
+++ b/src/lib/libssl/src/crypto/rc2/rc2_skey.c
@@ -58,6 +58,7 @@
#include <openssl/rc2.h>
#include <openssl/crypto.h>
+#include <openssl/fips.h>
#include "rc2_locl.h"
static unsigned char key_table[256]={
diff --git a/src/lib/libssl/src/crypto/rc2/rc2speed.c b/src/lib/libssl/src/crypto/rc2/rc2speed.c
index 47d34b444e..4d0e1242ea 100644
--- a/src/lib/libssl/src/crypto/rc2/rc2speed.c
+++ b/src/lib/libssl/src/crypto/rc2/rc2speed.c
@@ -102,10 +102,10 @@ OPENSSL_DECLARE_EXIT
#ifndef HZ
#ifndef CLK_TCK
#define HZ 100.0
-#endif
-#else /* CLK_TCK */
+#else /* CLK_TCK */
#define HZ ((double)CLK_TCK)
-#endif
+#endif /* CLK_TCK */
+#endif /* HZ */
#define BUFSIZE ((long)1024)
long run=0;
diff --git a/src/lib/libssl/src/crypto/rc4/Makefile b/src/lib/libssl/src/crypto/rc4/Makefile
index 64e06924f4..20d078ec87 100644
--- a/src/lib/libssl/src/crypto/rc4/Makefile
+++ b/src/lib/libssl/src/crypto/rc4/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/rc4/Makefile
+# OpenSSL/crypto/rc4/Makefile
#
DIR= rc4
@@ -66,10 +66,14 @@ asm/rx86bsdi.o: asm/rx86unix.cpp
asm/rx86unix.cpp: asm/rc4-586.pl ../perlasm/x86asm.pl
(cd asm; $(PERL) rc4-586.pl cpp >rx86unix.cpp)
-asm/rc4-amd64.s: asm/rc4-amd64.pl; $(PERL) asm/rc4-amd64.pl $@
+asm/rc4-x86_64.s: asm/rc4-x86_64.pl; $(PERL) asm/rc4-x86_64.pl $@
asm/rc4-ia64.s: asm/rc4-ia64.S
- $(CC) $(CFLAGS) -E asm/rc4-ia64.S > $@
+ @case `awk '/^#define RC4_INT/{print$$NF}' $(TOP)/include/openssl/opensslconf.h` in \
+ int) set -x; $(CC) $(CFLAGS) -DSZ=4 -E asm/rc4-ia64.S > $@ ;; \
+ char) set -x; $(CC) $(CFLAGS) -DSZ=1 -E asm/rc4-ia64.S > $@ ;; \
+ *) exit 1 ;; \
+ esac
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -116,7 +120,8 @@ rc4_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h rc4_enc.c rc4_locl.h
rc4_skey.o: ../../e_os.h ../../include/openssl/bio.h
rc4_skey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rc4_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rc4_skey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rc4_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rc4_skey.o: ../../include/openssl/opensslconf.h
rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc4.h
rc4_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rc4_skey.o: ../../include/openssl/symhacks.h ../cryptlib.h rc4_locl.h
diff --git a/src/lib/libssl/src/crypto/rc4/asm/rc4-ia64.S b/src/lib/libssl/src/crypto/rc4/asm/rc4-ia64.S
index b517d2e88f..a322d0c718 100644
--- a/src/lib/libssl/src/crypto/rc4/asm/rc4-ia64.S
+++ b/src/lib/libssl/src/crypto/rc4/asm/rc4-ia64.S
@@ -7,7 +7,7 @@
// disclaimed.
// ====================================================================
-.ident "rc4-ia64.S, Version 1.1"
+.ident "rc4-ia64.S, Version 2.0"
.ident "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
// What's wrong with compiler generated code? Because of the nature of
@@ -27,17 +27,10 @@
// Legitimate "collisions" do occur within every 256^2 bytes window.
// Fortunately there're enough free instruction slots to keep prior
// reference to key[x+1], detect "collision" and compensate for it.
-// All this without sacrificing a single clock cycle:-)
-// Furthermore. In order to compress loop body to the minimum, I chose
-// to deploy deposit instruction, which substitutes for the whole
-// key->data+((x&255)<<log2(sizeof(key->data[0]))). This unfortunately
-// requires key->data to be aligned at sizeof(key->data) boundary.
-// This is why you'll find "RC4_INT pad[512-256-2];" addenum to RC4_KEY
-// and "d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));" in
-// rc4_skey.c [and rc4_enc.c, where it's retained for debugging
-// purposes]. Throughput is ~210MBps on 900MHz CPU, which is is >3x
-// faster than gcc generated code and +30% - if compared to HP-UX C.
-// Unrolling loop below should give >30% on top of that...
+// All this without sacrificing a single clock cycle:-) Throughput is
+// ~210MBps on 900MHz CPU, which is is >3x faster than gcc generated
+// code and +30% - if compared to HP-UX C. Unrolling loop below should
+// give >30% on top of that...
.text
.explicit
@@ -48,7 +41,9 @@
# define ADDP add
#endif
+#ifndef SZ
#define SZ 4 // this is set to sizeof(RC4_INT)
+#endif
// SZ==4 seems to be optimal. At least SZ==8 is not any faster, not for
// assembler implementation, while SZ==1 code is ~30% slower.
#if SZ==1 // RC4_INT is unsigned char
@@ -101,45 +96,53 @@ RC4:
ADDP out=0,in3
brp.loop.imp .Ltop,.Lexit-16 };;
{ .mmi; LDKEY yy=[key] // load key->y
- add ksch=(255+1)*SZ,key // as ksch will be used with
- // deposit instruction only,
- // I don't have to &~255...
+ add ksch=SZ,key
mov ar.lc=in1 }
{ .mmi; mov key_y[1]=r0 // guarantee inequality
// in first iteration
add xx=1,xx
mov pr.rot=1<<16 };;
{ .mii; nop.m 0
- dep key_x[1]=xx,ksch,OFF,8
+ dep key_x[1]=xx,r0,OFF,8
mov ar.ec=3 };; // note that epilogue counter
// is off by 1. I compensate
// for this at exit...
.Ltop:
-// The loop is scheduled for 3*(n+2) spin-rate on Itanium 2, which
+// The loop is scheduled for 4*(n+2) spin-rate on Itanium 2, which
// theoretically gives asymptotic performance of clock frequency
-// divided by 3 bytes per seconds, or 500MBps on 1.5GHz CPU. Measured
-// performance however is distinctly lower than 1/4:-( The culplrit
-// seems to be *(out++)=dat, which inadvertently splits the bundle,
-// even though there is M-port available... Unrolling is due...
-// Unrolled loop should collect output with variable shift instruction
-// in order to avoid starvation for integer shifter... It should be
-// possible to get pretty close to theoretical peak...
-{ .mmi; (p16) LDKEY tx[0]=[key_x[1]] // tx=key[xx]
- (p17) LDKEY ty[0]=[key_y[1]] // ty=key[yy]
- (p18) dep rnd[1]=rnd[1],ksch,OFF,8} // &key[(tx+ty)&255]
+// divided by 4 bytes per seconds, or 400MBps on 1.6GHz CPU. This is
+// for sizeof(RC4_INT)==4. For smaller RC4_INT STKEY inadvertently
+// splits the last bundle and you end up with 5*n spin-rate:-(
+// Originally the loop was scheduled for 3*n and relied on key
+// schedule to be aligned at 256*sizeof(RC4_INT) boundary. But
+// *(out++)=dat, which maps to st1, had same effect [inadvertent
+// bundle split] and holded the loop back. Rescheduling for 4*n
+// made it possible to eliminate dependence on specific alignment
+// and allow OpenSSH keep "abusing" our API. Reaching for 3*n would
+// require unrolling, sticking to variable shift instruction for
+// collecting output [to avoid starvation for integer shifter] and
+// copying of key schedule to controlled place in stack [so that
+// deposit instruction can serve as substitute for whole
+// key->data+((x&255)<<log2(sizeof(key->data[0])))]...
{ .mmi; (p19) st1 [out]=dat[3],1 // *(out++)=dat
(p16) add xx=1,xx // x++
- (p16) cmp.ne.unc p20,p21=key_x[1],key_y[1] };;
+ (p18) dep rnd[1]=rnd[1],r0,OFF,8 } // ((tx+ty)&255)<<OFF
+{ .mmi; (p16) add key_x[1]=ksch,key_x[1] // &key[xx&255]
+ (p17) add key_y[1]=ksch,key_y[1] };; // &key[yy&255]
+{ .mmi; (p16) LDKEY tx[0]=[key_x[1]] // tx=key[xx]
+ (p17) LDKEY ty[0]=[key_y[1]] // ty=key[yy]
+ (p16) dep key_x[0]=xx,r0,OFF,8 } // (xx&255)<<OFF
+{ .mmi; (p18) add rnd[1]=ksch,rnd[1] // &key[(tx+ty)&255]
+ (p16) cmp.ne.unc p20,p21=key_x[1],key_y[1] };;
{ .mmi; (p18) LDKEY rnd[1]=[rnd[1]] // rnd=key[(tx+ty)&255]
- (p16) ld1 dat[0]=[inp],1 // dat=*(inp++)
- (p16) dep key_x[0]=xx,ksch,OFF,8 } // &key[xx&255]
+ (p16) ld1 dat[0]=[inp],1 } // dat=*(inp++)
.pred.rel "mutex",p20,p21
{ .mmi; (p21) add yy=yy,tx[1] // (p16)
(p20) add yy=yy,tx[0] // (p16) y+=tx
(p21) mov tx[0]=tx[1] };; // (p16)
{ .mmi; (p17) STKEY [key_y[1]]=tx[1] // key[yy]=tx
(p17) STKEY [key_x[2]]=ty[0] // key[xx]=ty
- (p16) dep key_y[0]=yy,ksch,OFF,8 } // &key[yy&255]
+ (p16) dep key_y[0]=yy,r0,OFF,8 } // &key[yy&255]
{ .mmb; (p17) add rnd[0]=tx[1],ty[0] // tx+=ty
(p18) xor dat[2]=dat[2],rnd[1] // dat^=rnd
br.ctop.sptk .Ltop };;
diff --git a/src/lib/libssl/src/crypto/rc4/rc4.h b/src/lib/libssl/src/crypto/rc4/rc4.h
index dd90d9fde0..ae0cea75b8 100644
--- a/src/lib/libssl/src/crypto/rc4/rc4.h
+++ b/src/lib/libssl/src/crypto/rc4/rc4.h
@@ -73,10 +73,6 @@ typedef struct rc4_key_st
{
RC4_INT x,y;
RC4_INT data[256];
-#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
- /* see crypto/rc4/asm/rc4-ia64.S for further details... */
- RC4_INT pad[512-256-2];
-#endif
} RC4_KEY;
diff --git a/src/lib/libssl/src/crypto/rc4/rc4_enc.c b/src/lib/libssl/src/crypto/rc4/rc4_enc.c
index 81a97ea3b7..d5f18a3a70 100644
--- a/src/lib/libssl/src/crypto/rc4/rc4_enc.c
+++ b/src/lib/libssl/src/crypto/rc4/rc4_enc.c
@@ -77,10 +77,6 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
x=key->x;
y=key->y;
d=key->data;
-#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
- /* see crypto/rc4/asm/rc4-ia64.S for further details... */
- d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));
-#endif
#if defined(RC4_CHUNK)
/*
diff --git a/src/lib/libssl/src/crypto/rc4/rc4_skey.c b/src/lib/libssl/src/crypto/rc4/rc4_skey.c
index 07234f061a..60510624fd 100644
--- a/src/lib/libssl/src/crypto/rc4/rc4_skey.c
+++ b/src/lib/libssl/src/crypto/rc4/rc4_skey.c
@@ -58,6 +58,7 @@
#include <openssl/rc4.h>
#include <openssl/crypto.h>
+#include <openssl/fips.h>
#include "rc4_locl.h"
#include <openssl/opensslv.h>
@@ -94,10 +95,6 @@ FIPS_NON_FIPS_VCIPHER_Init(RC4)
unsigned int i;
d= &(key->data[0]);
-#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
- /* see crypto/rc4/asm/rc4-ia64.S for further details... */
- d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));
-#endif
for (i=0; i<256; i++)
d[i]=i;
diff --git a/src/lib/libssl/src/crypto/rc5/Makefile b/src/lib/libssl/src/crypto/rc5/Makefile
index 3a8d309b29..16e6a60017 100644
--- a/src/lib/libssl/src/crypto/rc5/Makefile
+++ b/src/lib/libssl/src/crypto/rc5/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/rc5/Makefile
+# OpenSSL/crypto/rc5/Makefile
#
DIR= rc5
@@ -102,7 +102,7 @@ rc5_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h
rc5_ecb.o: rc5_ecb.c rc5_locl.h
rc5_enc.o: ../../include/openssl/rc5.h rc5_enc.c rc5_locl.h
rc5_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-rc5_skey.o: ../../include/openssl/opensslconf.h
+rc5_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
rc5_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h
rc5_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rc5_skey.o: ../../include/openssl/symhacks.h rc5_locl.h rc5_skey.c
diff --git a/src/lib/libssl/src/crypto/ripemd/Makefile b/src/lib/libssl/src/crypto/ripemd/Makefile
index dc086e3434..20c8b4d8db 100644
--- a/src/lib/libssl/src/crypto/ripemd/Makefile
+++ b/src/lib/libssl/src/crypto/ripemd/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/ripemd/Makefile
+# OpenSSL/crypto/ripemd/Makefile
#
DIR= ripemd
diff --git a/src/lib/libssl/src/crypto/ripemd/rmd_one.c b/src/lib/libssl/src/crypto/ripemd/rmd_one.c
index f8b580c33a..b88446b267 100644
--- a/src/lib/libssl/src/crypto/ripemd/rmd_one.c
+++ b/src/lib/libssl/src/crypto/ripemd/rmd_one.c
@@ -68,7 +68,8 @@ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
static unsigned char m[RIPEMD160_DIGEST_LENGTH];
if (md == NULL) md=m;
- RIPEMD160_Init(&c);
+ if (!RIPEMD160_Init(&c))
+ return NULL;
RIPEMD160_Update(&c,d,n);
RIPEMD160_Final(md,&c);
OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
diff --git a/src/lib/libssl/src/crypto/rsa/Makefile b/src/lib/libssl/src/crypto/rsa/Makefile
index 5748b0d3d0..8851825250 100644
--- a/src/lib/libssl/src/crypto/rsa/Makefile
+++ b/src/lib/libssl/src/crypto/rsa/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/rsa/Makefile
+# OpenSSL/crypto/rsa/Makefile
#
DIR= rsa
@@ -24,10 +24,10 @@ APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
- rsa_asn1.c
+ rsa_pss.c rsa_x931.c rsa_asn1.c
LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
- rsa_asn1.o
+ rsa_pss.o rsa_x931.o rsa_asn1.o
SRC= $(LIBSRC)
@@ -184,6 +184,26 @@ rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
+rsa_pss.o: ../../e_os.h ../../include/openssl/aes.h
+rsa_pss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_pss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_pss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_pss.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_pss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_pss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_pss.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_pss.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_pss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rsa_pss.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+rsa_pss.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_pss.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rsa_pss.o: ../../include/openssl/ui_compat.h ../cryptlib.h rsa_pss.c
rsa_saos.o: ../../e_os.h ../../include/openssl/aes.h
rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -237,3 +257,13 @@ rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c
+rsa_x931.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_x931.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_x931.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_x931.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_x931.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_x931.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c
diff --git a/src/lib/libssl/src/crypto/rsa/rsa.h b/src/lib/libssl/src/crypto/rsa/rsa.h
index fc3bb5f86d..0b639cd37f 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa.h
+++ b/src/lib/libssl/src/crypto/rsa/rsa.h
@@ -157,33 +157,41 @@ struct rsa_st
#define RSA_3 0x3L
#define RSA_F4 0x10001L
-#define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */
+#define RSA_METHOD_FLAG_NO_CHECK 0x0001 /* don't check pub/private match */
-#define RSA_FLAG_CACHE_PUBLIC 0x02
-#define RSA_FLAG_CACHE_PRIVATE 0x04
-#define RSA_FLAG_BLINDING 0x08
-#define RSA_FLAG_THREAD_SAFE 0x10
+#define RSA_FLAG_CACHE_PUBLIC 0x0002
+#define RSA_FLAG_CACHE_PRIVATE 0x0004
+#define RSA_FLAG_BLINDING 0x0008
+#define RSA_FLAG_THREAD_SAFE 0x0010
/* This flag means the private key operations will be handled by rsa_mod_exp
* and that they do not depend on the private key components being present:
* for example a key stored in external hardware. Without this flag bn_mod_exp
* gets called when private key components are absent.
*/
-#define RSA_FLAG_EXT_PKEY 0x20
+#define RSA_FLAG_EXT_PKEY 0x0020
/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.
*/
-#define RSA_FLAG_SIGN_VER 0x40
-
-#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in
- * RSA implementation now uses blinding by
- * default (ignoring RSA_FLAG_BLINDING),
- * but other engines might not need it
- */
+#define RSA_FLAG_SIGN_VER 0x0040
+
+#define RSA_FLAG_NO_BLINDING 0x0080 /* new with 0.9.6j and 0.9.7b; the built-in
+ * RSA implementation now uses blinding by
+ * default (ignoring RSA_FLAG_BLINDING),
+ * but other engines might not need it
+ */
+#define RSA_FLAG_NO_EXP_CONSTTIME 0x0100 /* new with 0.9.7h; the built-in RSA
+ * implementation now uses constant time
+ * modular exponentiation for secret exponents
+ * by default. This flag causes the
+ * faster variable sliding window method to
+ * be used for all exponents.
+ */
#define RSA_PKCS1_PADDING 1
#define RSA_SSLV23_PADDING 2
#define RSA_NO_PADDING 3
#define RSA_PKCS1_OAEP_PADDING 4
+#define RSA_X931_PADDING 5
#define RSA_PKCS1_PADDING_SIZE 11
@@ -196,6 +204,15 @@ int RSA_size(const RSA *);
RSA * RSA_generate_key(int bits, unsigned long e,void
(*callback)(int,int,void *),void *cb_arg);
int RSA_check_key(const RSA *);
+#ifdef OPENSSL_FIPS
+int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
+ void (*cb)(int, int, void *), void *cb_arg,
+ const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
+ const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
+ const BIGNUM *e);
+RSA *RSA_X931_generate_key(int bits, const BIGNUM *e,
+ void (*cb)(int,int,void *), void *cb_arg);
+#endif
/* next 4 return -1 on error */
int RSA_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,int padding);
@@ -268,6 +285,8 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
const unsigned char *f,int fl);
int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
const unsigned char *f,int fl,int rsa_len);
+int PKCS1_MGF1(unsigned char *mask, long len,
+ const unsigned char *seed, long seedlen, const EVP_MD *dgst);
int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
const unsigned char *f,int fl,
const unsigned char *p,int pl);
@@ -282,6 +301,17 @@ int RSA_padding_add_none(unsigned char *to,int tlen,
const unsigned char *f,int fl);
int RSA_padding_check_none(unsigned char *to,int tlen,
const unsigned char *f,int fl,int rsa_len);
+int RSA_padding_add_X931(unsigned char *to,int tlen,
+ const unsigned char *f,int fl);
+int RSA_padding_check_X931(unsigned char *to,int tlen,
+ const unsigned char *f,int fl,int rsa_len);
+int RSA_X931_hash_id(int nid);
+
+int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+ const EVP_MD *Hash, const unsigned char *EM, int sLen);
+int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+ const unsigned char *mHash,
+ const EVP_MD *Hash, int sLen);
int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
@@ -311,20 +341,24 @@ void ERR_load_RSA_strings(void);
#define RSA_F_RSA_NULL 124
#define RSA_F_RSA_PADDING_ADD_NONE 107
#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
+#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125
#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
#define RSA_F_RSA_PADDING_ADD_SSLV23 110
+#define RSA_F_RSA_PADDING_ADD_X931 127
#define RSA_F_RSA_PADDING_CHECK_NONE 111
#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122
#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112
#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113
#define RSA_F_RSA_PADDING_CHECK_SSLV23 114
+#define RSA_F_RSA_PADDING_CHECK_X931 128
#define RSA_F_RSA_PRINT 115
#define RSA_F_RSA_PRINT_FP 116
#define RSA_F_RSA_SIGN 117
#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
#define RSA_F_RSA_VERIFY 119
#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
+#define RSA_F_RSA_VERIFY_PKCS1_PSS 126
/* Reason codes. */
#define RSA_R_ALGORITHM_MISMATCH 100
@@ -344,9 +378,14 @@ void ERR_load_RSA_strings(void);
#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124
#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125
#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
+#define RSA_R_FIRST_OCTET_INVALID 133
+#define RSA_R_INVALID_HEADER 137
#define RSA_R_INVALID_MESSAGE_LENGTH 131
+#define RSA_R_INVALID_PADDING 138
+#define RSA_R_INVALID_TRAILER 139
#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
#define RSA_R_KEY_SIZE_TOO_SMALL 120
+#define RSA_R_LAST_OCTET_INVALID 134
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
#define RSA_R_OAEP_DECODING_ERROR 121
@@ -354,6 +393,8 @@ void ERR_load_RSA_strings(void);
#define RSA_R_P_NOT_PRIME 128
#define RSA_R_Q_NOT_PRIME 129
#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
+#define RSA_R_SLEN_CHECK_FAILED 136
+#define RSA_R_SLEN_RECOVERY_FAILED 135
#define RSA_R_SSLV3_ROLLBACK_ATTACK 115
#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
index d4caab3f95..be4ac96ce3 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include <stdio.h>
#include "cryptlib.h"
@@ -145,30 +198,13 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
goto err;
}
- if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
{
- BN_MONT_CTX* bn_mont_ctx;
- if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
- goto err;
- if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
- {
- BN_MONT_CTX_free(bn_mont_ctx);
+ if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
+ CRYPTO_LOCK_RSA, rsa->n, ctx))
goto err;
- }
- if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- if (rsa->_method_mod_n == NULL)
- {
- rsa->_method_mod_n = bn_mont_ctx;
- bn_mont_ctx = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
- }
- if (bn_mont_ctx)
- BN_MONT_CTX_free(bn_mont_ctx);
}
-
+
if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err;
@@ -249,7 +285,7 @@ err:
static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
- BIGNUM f,ret;
+ BIGNUM f,ret, *res;
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
@@ -331,19 +367,43 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
(rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) &&
(rsa->iqmp != NULL)) )
- { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+ {
+ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
+ }
else
{
- if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ {
+ BN_init(&local_d);
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ d = rsa->d;
+ if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL)) goto err;
}
if (blinding)
if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
+ if (padding == RSA_X931_PADDING)
+ {
+ BN_sub(&f, rsa->n, &ret);
+ if (BN_cmp(&ret, &f))
+ res = &f;
+ else
+ res = &ret;
+ }
+ else
+ res = &ret;
+
/* put in leading 0 bytes if the number is less than the
* length of the modulus */
- j=BN_num_bytes(&ret);
- i=BN_bn2bin(&ret,&(to[num-j]));
+ j=BN_num_bytes(res);
+ i=BN_bn2bin(res,&(to[num-j]));
for (k=0; k<(num-i); k++)
to[k]=0;
@@ -444,10 +504,22 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
(rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) &&
(rsa->iqmp != NULL)) )
- { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+ {
+ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
+ }
else
{
- if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ {
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ d = rsa->d;
+ if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL))
goto err;
}
@@ -534,33 +606,20 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
}
/* do the decrypt */
- if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+
+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
{
- BN_MONT_CTX* bn_mont_ctx;
- if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
- goto err;
- if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
- {
- BN_MONT_CTX_free(bn_mont_ctx);
+ if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
+ CRYPTO_LOCK_RSA, rsa->n, ctx))
goto err;
- }
- if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- if (rsa->_method_mod_n == NULL)
- {
- rsa->_method_mod_n = bn_mont_ctx;
- bn_mont_ctx = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
- }
- if (bn_mont_ctx)
- BN_MONT_CTX_free(bn_mont_ctx);
}
-
+
if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err;
+ if ((padding == RSA_X931_PADDING) && ((ret.d[0] & 0xf) != 12))
+ BN_sub(&ret, rsa->n, &ret);
+
p=buf;
i=BN_bn2bin(&ret,p);
@@ -594,6 +653,8 @@ err:
static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
BIGNUM r1,m1,vrfy;
+ BIGNUM local_dmp1, local_dmq1;
+ BIGNUM *dmp1, *dmq1;
int ret=0;
BN_CTX *ctx;
@@ -604,61 +665,34 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
{
- if (rsa->_method_mod_p == NULL)
- {
- BN_MONT_CTX* bn_mont_ctx;
- if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
- goto err;
- if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx))
- {
- BN_MONT_CTX_free(bn_mont_ctx);
- goto err;
- }
- if (rsa->_method_mod_p == NULL) /* other thread may have finished first */
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- if (rsa->_method_mod_p == NULL)
- {
- rsa->_method_mod_p = bn_mont_ctx;
- bn_mont_ctx = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
- }
- if (bn_mont_ctx)
- BN_MONT_CTX_free(bn_mont_ctx);
- }
-
- if (rsa->_method_mod_q == NULL)
- {
- BN_MONT_CTX* bn_mont_ctx;
- if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
- goto err;
- if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))
- {
- BN_MONT_CTX_free(bn_mont_ctx);
- goto err;
- }
- if (rsa->_method_mod_q == NULL) /* other thread may have finished first */
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- if (rsa->_method_mod_q == NULL)
- {
- rsa->_method_mod_q = bn_mont_ctx;
- bn_mont_ctx = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
- }
- if (bn_mont_ctx)
- BN_MONT_CTX_free(bn_mont_ctx);
- }
+ if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p,
+ CRYPTO_LOCK_RSA, rsa->p, ctx))
+ goto err;
+ if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q,
+ CRYPTO_LOCK_RSA, rsa->q, ctx))
+ goto err;
}
-
+
if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
- if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
+ if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ {
+ dmq1 = &local_dmq1;
+ BN_with_flags(dmq1, rsa->dmq1, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ dmq1 = rsa->dmq1;
+ if (!rsa->meth->bn_mod_exp(&m1,&r1,dmq1,rsa->q,ctx,
rsa->_method_mod_q)) goto err;
if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
- if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
+ if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ {
+ dmp1 = &local_dmp1;
+ BN_with_flags(dmp1, rsa->dmp1, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ dmp1 = rsa->dmp1;
+ if (!rsa->meth->bn_mod_exp(r0,&r1,dmp1,rsa->p,ctx,
rsa->_method_mod_p)) goto err;
if (!BN_sub(r0,r0,&m1)) goto err;
@@ -693,10 +727,23 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
if (vrfy.neg)
if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err;
if (!BN_is_zero(&vrfy))
+ {
/* 'I' and 'vrfy' aren't congruent mod n. Don't leak
* miscalculated CRT output, just do a raw (slower)
* mod_exp and return that instead. */
- if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
+
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ {
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ d = rsa->d;
+ if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,NULL)) goto err;
+ }
}
ret=1;
err:
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_err.c b/src/lib/libssl/src/crypto/rsa/rsa_err.c
index a7766c3b76..2ec4b30ff7 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_err.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
/* crypto/rsa/rsa_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,70 +64,85 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
+
static ERR_STRING_DATA RSA_str_functs[]=
{
-{ERR_PACK(0,RSA_F_MEMORY_LOCK,0), "MEMORY_LOCK"},
-{ERR_PACK(0,RSA_F_RSA_CHECK_KEY,0), "RSA_check_key"},
-{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"},
-{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"},
-{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"},
-{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0), "RSA_EAY_PUBLIC_ENCRYPT"},
-{ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"},
-{ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"},
-{ERR_PACK(0,RSA_F_RSA_NULL,0), "RSA_NULL"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,0), "RSA_padding_add_PKCS1_OAEP"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0), "RSA_padding_add_PKCS1_type_2"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0), "RSA_padding_add_SSLv23"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0), "RSA_padding_check_none"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,0), "RSA_padding_check_PKCS1_OAEP"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0), "RSA_padding_check_PKCS1_type_1"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0), "RSA_padding_check_PKCS1_type_2"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0), "RSA_padding_check_SSLv23"},
-{ERR_PACK(0,RSA_F_RSA_PRINT,0), "RSA_print"},
-{ERR_PACK(0,RSA_F_RSA_PRINT_FP,0), "RSA_print_fp"},
-{ERR_PACK(0,RSA_F_RSA_SIGN,0), "RSA_sign"},
-{ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0), "RSA_sign_ASN1_OCTET_STRING"},
-{ERR_PACK(0,RSA_F_RSA_VERIFY,0), "RSA_verify"},
-{ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0), "RSA_verify_ASN1_OCTET_STRING"},
+{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
+{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
+{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
+{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
+{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
+{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
+{ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"},
+{ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
+{ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"},
+{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"},
+{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), "RSA_padding_check_PKCS1_OAEP"},
+{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1), "RSA_padding_check_PKCS1_type_1"},
+{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2), "RSA_padding_check_PKCS1_type_2"},
+{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"},
+{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
+{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
+{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
+{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
+{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
+{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
+{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"},
+{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"},
{0,NULL}
};
static ERR_STRING_DATA RSA_str_reasons[]=
{
-{RSA_R_ALGORITHM_MISMATCH ,"algorithm mismatch"},
-{RSA_R_BAD_E_VALUE ,"bad e value"},
-{RSA_R_BAD_FIXED_HEADER_DECRYPT ,"bad fixed header decrypt"},
-{RSA_R_BAD_PAD_BYTE_COUNT ,"bad pad byte count"},
-{RSA_R_BAD_SIGNATURE ,"bad signature"},
-{RSA_R_BLOCK_TYPE_IS_NOT_01 ,"block type is not 01"},
-{RSA_R_BLOCK_TYPE_IS_NOT_02 ,"block type is not 02"},
-{RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"},
-{RSA_R_DATA_TOO_LARGE ,"data too large"},
-{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
-{RSA_R_DATA_TOO_LARGE_FOR_MODULUS ,"data too large for modulus"},
-{RSA_R_DATA_TOO_SMALL ,"data too small"},
-{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"},
-{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"},
-{RSA_R_DMP1_NOT_CONGRUENT_TO_D ,"dmp1 not congruent to d"},
-{RSA_R_DMQ1_NOT_CONGRUENT_TO_D ,"dmq1 not congruent to d"},
-{RSA_R_D_E_NOT_CONGRUENT_TO_1 ,"d e not congruent to 1"},
-{RSA_R_INVALID_MESSAGE_LENGTH ,"invalid message length"},
-{RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"},
-{RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"},
-{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"},
-{RSA_R_N_DOES_NOT_EQUAL_P_Q ,"n does not equal p q"},
-{RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"},
-{RSA_R_PADDING_CHECK_FAILED ,"padding check failed"},
-{RSA_R_P_NOT_PRIME ,"p not prime"},
-{RSA_R_Q_NOT_PRIME ,"q not prime"},
-{RSA_R_RSA_OPERATIONS_NOT_SUPPORTED ,"rsa operations not supported"},
-{RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"},
-{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
-{RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"},
-{RSA_R_UNKNOWN_PADDING_TYPE ,"unknown padding type"},
-{RSA_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"},
+{ERR_REASON(RSA_R_ALGORITHM_MISMATCH) ,"algorithm mismatch"},
+{ERR_REASON(RSA_R_BAD_E_VALUE) ,"bad e value"},
+{ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT),"bad fixed header decrypt"},
+{ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT) ,"bad pad byte count"},
+{ERR_REASON(RSA_R_BAD_SIGNATURE) ,"bad signature"},
+{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01) ,"block type is not 01"},
+{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02) ,"block type is not 02"},
+{ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),"data greater than mod len"},
+{ERR_REASON(RSA_R_DATA_TOO_LARGE) ,"data too large"},
+{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
+{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),"data too large for modulus"},
+{ERR_REASON(RSA_R_DATA_TOO_SMALL) ,"data too small"},
+{ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),"data too small for key size"},
+{ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),"digest too big for rsa key"},
+{ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"},
+{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
+{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
+{ERR_REASON(RSA_R_FIRST_OCTET_INVALID) ,"first octet invalid"},
+{ERR_REASON(RSA_R_INVALID_HEADER) ,"invalid header"},
+{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
+{ERR_REASON(RSA_R_INVALID_PADDING) ,"invalid padding"},
+{ERR_REASON(RSA_R_INVALID_TRAILER) ,"invalid trailer"},
+{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
+{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
+{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},
+{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
+{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
+{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
+{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED) ,"salt length recovery failed"},
+{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
+{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
+{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
+{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
+{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"},
+{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
+{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
+{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"},
+{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
+{ERR_REASON(RSA_R_SLEN_CHECK_FAILED) ,"salt length check failed"},
{0,NULL}
};
@@ -141,8 +156,8 @@ void ERR_load_RSA_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_RSA,RSA_str_functs);
- ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons);
+ ERR_load_strings(0,RSA_str_functs);
+ ERR_load_strings(0,RSA_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_gen.c b/src/lib/libssl/src/crypto/rsa/rsa_gen.c
index adb5e34da5..dd1422cc98 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_gen.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_gen.c
@@ -184,7 +184,8 @@ err:
RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN);
ok=0;
}
- BN_CTX_end(ctx);
+ if (ctx != NULL)
+ BN_CTX_end(ctx);
BN_CTX_free(ctx);
BN_CTX_free(ctx2);
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
index e3f7c608ec..d43ecaca63 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
@@ -28,9 +28,6 @@
#include <openssl/rand.h>
#include <openssl/sha.h>
-int MGF1(unsigned char *mask, long len,
- const unsigned char *seed, long seedlen);
-
int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *from, int flen,
const unsigned char *param, int plen)
@@ -76,11 +73,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
20);
#endif
- MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+ PKCS1_MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH,
+ EVP_sha1());
for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
db[i] ^= dbmask[i];
- MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+ PKCS1_MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH,
+ EVP_sha1());
for (i = 0; i < SHA_DIGEST_LENGTH; i++)
seed[i] ^= seedmask[i];
@@ -126,11 +125,11 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
return -1;
}
- MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+ PKCS1_MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen, EVP_sha1());
for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
seed[i] ^= from[i - lzero];
- MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+ PKCS1_MGF1(db, dblen, seed, SHA_DIGEST_LENGTH, EVP_sha1());
for (i = 0; i < dblen; i++)
db[i] ^= maskeddb[i];
@@ -170,28 +169,30 @@ decoding_err:
return -1;
}
-int MGF1(unsigned char *mask, long len,
- const unsigned char *seed, long seedlen)
+int PKCS1_MGF1(unsigned char *mask, long len,
+ const unsigned char *seed, long seedlen, const EVP_MD *dgst)
{
long i, outlen = 0;
unsigned char cnt[4];
EVP_MD_CTX c;
- unsigned char md[SHA_DIGEST_LENGTH];
+ unsigned char md[EVP_MAX_MD_SIZE];
+ int mdlen;
EVP_MD_CTX_init(&c);
+ mdlen = EVP_MD_size(dgst);
for (i = 0; outlen < len; i++)
{
cnt[0] = (unsigned char)((i >> 24) & 255);
cnt[1] = (unsigned char)((i >> 16) & 255);
cnt[2] = (unsigned char)((i >> 8)) & 255;
cnt[3] = (unsigned char)(i & 255);
- EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
+ EVP_DigestInit_ex(&c,dgst, NULL);
EVP_DigestUpdate(&c, seed, seedlen);
EVP_DigestUpdate(&c, cnt, 4);
- if (outlen + SHA_DIGEST_LENGTH <= len)
+ if (outlen + mdlen <= len)
{
EVP_DigestFinal_ex(&c, mask + outlen, NULL);
- outlen += SHA_DIGEST_LENGTH;
+ outlen += mdlen;
}
else
{
@@ -203,4 +204,9 @@ int MGF1(unsigned char *mask, long len,
EVP_MD_CTX_cleanup(&c);
return 0;
}
+
+int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)
+ {
+ return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
+ }
#endif
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_test.c b/src/lib/libssl/src/crypto/rsa/rsa_test.c
index 924e9ad1f6..218bb2a39b 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_test.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_test.c
@@ -227,10 +227,10 @@ int main(int argc, char *argv[])
plen = sizeof(ptext_ex) - 1;
- for (v = 0; v < 3; v++)
+ for (v = 0; v < 6; v++)
{
key = RSA_new();
- switch (v) {
+ switch (v%3) {
case 0:
clen = key1(key, ctext_ex);
break;
@@ -241,6 +241,7 @@ int main(int argc, char *argv[])
clen = key3(key, ctext_ex);
break;
}
+ if (v/3 > 1) key->flags |= RSA_FLAG_NO_EXP_CONSTTIME;
num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
RSA_PKCS1_PADDING);
diff --git a/src/lib/libssl/src/crypto/sha/Makefile b/src/lib/libssl/src/crypto/sha/Makefile
index 0426786aa0..46103bbc83 100644
--- a/src/lib/libssl/src/crypto/sha/Makefile
+++ b/src/lib/libssl/src/crypto/sha/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/sha/Makefile
+# OpenSSL/crypto/sha/Makefile
#
DIR= sha
diff --git a/src/lib/libssl/src/crypto/sha/sha1_one.c b/src/lib/libssl/src/crypto/sha/sha1_one.c
index 20e660c71d..f4694b701b 100644
--- a/src/lib/libssl/src/crypto/sha/sha1_one.c
+++ b/src/lib/libssl/src/crypto/sha/sha1_one.c
@@ -61,14 +61,15 @@
#include <openssl/sha.h>
#include <openssl/crypto.h>
-#ifndef OPENSSL_NO_SHA1
+#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_FIPS)
unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
{
SHA_CTX c;
static unsigned char m[SHA_DIGEST_LENGTH];
if (md == NULL) md=m;
- SHA1_Init(&c);
+ if (!SHA1_Init(&c))
+ return NULL;
SHA1_Update(&c,d,n);
SHA1_Final(md,&c);
OPENSSL_cleanse(&c,sizeof(c));
diff --git a/src/lib/libssl/src/crypto/sha/sha_one.c b/src/lib/libssl/src/crypto/sha/sha_one.c
index e61c63f3e9..d4f4d344df 100644
--- a/src/lib/libssl/src/crypto/sha/sha_one.c
+++ b/src/lib/libssl/src/crypto/sha/sha_one.c
@@ -68,7 +68,8 @@ unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
static unsigned char m[SHA_DIGEST_LENGTH];
if (md == NULL) md=m;
- SHA_Init(&c);
+ if (!SHA_Init(&c))
+ return NULL;
SHA_Update(&c,d,n);
SHA_Final(md,&c);
OPENSSL_cleanse(&c,sizeof(c));
diff --git a/src/lib/libssl/src/crypto/stack/Makefile b/src/lib/libssl/src/crypto/stack/Makefile
index 4d5199a000..711b16832a 100644
--- a/src/lib/libssl/src/crypto/stack/Makefile
+++ b/src/lib/libssl/src/crypto/stack/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/stack/Makefile
+# OpenSSL/crypto/stack/Makefile
#
DIR= stack
diff --git a/src/lib/libssl/src/crypto/stack/safestack.h b/src/lib/libssl/src/crypto/stack/safestack.h
index bd1121c279..6010b7f122 100644
--- a/src/lib/libssl/src/crypto/stack/safestack.h
+++ b/src/lib/libssl/src/crypto/stack/safestack.h
@@ -55,6 +55,9 @@
#ifndef HEADER_SAFESTACK_H
#define HEADER_SAFESTACK_H
+typedef void (*openssl_fptr)(void);
+#define openssl_fcast(f) ((openssl_fptr)f)
+
#include <openssl/stack.h>
#ifdef DEBUG_SAFESTACK
@@ -73,74 +76,74 @@ STACK_OF(type) \
/* SKM_sk_... stack macros are internal to safestack.h:
* never use them directly, use sk_<type>_... instead */
#define SKM_sk_new(type, cmp) \
- ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))sk_new)(cmp)
+ ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))openssl_fcast(sk_new))(cmp)
#define SKM_sk_new_null(type) \
- ((STACK_OF(type) * (*)(void))sk_new_null)()
+ ((STACK_OF(type) * (*)(void))openssl_fcast(sk_new_null))()
#define SKM_sk_free(type, st) \
- ((void (*)(STACK_OF(type) *))sk_free)(st)
+ ((void (*)(STACK_OF(type) *))openssl_fcast(sk_free))(st)
#define SKM_sk_num(type, st) \
- ((int (*)(const STACK_OF(type) *))sk_num)(st)
+ ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_num))(st)
#define SKM_sk_value(type, st,i) \
- ((type * (*)(const STACK_OF(type) *, int))sk_value)(st, i)
+ ((type * (*)(const STACK_OF(type) *, int))openssl_fcast(sk_value))(st, i)
#define SKM_sk_set(type, st,i,val) \
- ((type * (*)(STACK_OF(type) *, int, type *))sk_set)(st, i, val)
+ ((type * (*)(STACK_OF(type) *, int, type *))openssl_fcast(sk_set))(st, i, val)
#define SKM_sk_zero(type, st) \
- ((void (*)(STACK_OF(type) *))sk_zero)(st)
+ ((void (*)(STACK_OF(type) *))openssl_fcast(sk_zero))(st)
#define SKM_sk_push(type, st,val) \
- ((int (*)(STACK_OF(type) *, type *))sk_push)(st, val)
+ ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_push))(st, val)
#define SKM_sk_unshift(type, st,val) \
- ((int (*)(STACK_OF(type) *, type *))sk_unshift)(st, val)
+ ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_unshift))(st, val)
#define SKM_sk_find(type, st,val) \
- ((int (*)(STACK_OF(type) *, type *))sk_find)(st, val)
+ ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_find))(st, val)
#define SKM_sk_delete(type, st,i) \
- ((type * (*)(STACK_OF(type) *, int))sk_delete)(st, i)
+ ((type * (*)(STACK_OF(type) *, int))openssl_fcast(sk_delete))(st, i)
#define SKM_sk_delete_ptr(type, st,ptr) \
- ((type * (*)(STACK_OF(type) *, type *))sk_delete_ptr)(st, ptr)
+ ((type * (*)(STACK_OF(type) *, type *))openssl_fcast(sk_delete_ptr))(st, ptr)
#define SKM_sk_insert(type, st,val,i) \
- ((int (*)(STACK_OF(type) *, type *, int))sk_insert)(st, val, i)
+ ((int (*)(STACK_OF(type) *, type *, int))openssl_fcast(sk_insert))(st, val, i)
#define SKM_sk_set_cmp_func(type, st,cmp) \
((int (*(*)(STACK_OF(type) *, int (*)(const type * const *, const type * const *))) \
- (const type * const *, const type * const *))sk_set_cmp_func)\
+ (const type * const *, const type * const *))openssl_fcast(sk_set_cmp_func))\
(st, cmp)
#define SKM_sk_dup(type, st) \
- ((STACK_OF(type) *(*)(STACK_OF(type) *))sk_dup)(st)
+ ((STACK_OF(type) *(*)(STACK_OF(type) *))openssl_fcast(sk_dup))(st)
#define SKM_sk_pop_free(type, st,free_func) \
- ((void (*)(STACK_OF(type) *, void (*)(type *)))sk_pop_free)\
+ ((void (*)(STACK_OF(type) *, void (*)(type *)))openssl_fcast(sk_pop_free))\
(st, free_func)
#define SKM_sk_shift(type, st) \
- ((type * (*)(STACK_OF(type) *))sk_shift)(st)
+ ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_shift))(st)
#define SKM_sk_pop(type, st) \
- ((type * (*)(STACK_OF(type) *))sk_pop)(st)
+ ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_pop))(st)
#define SKM_sk_sort(type, st) \
- ((void (*)(STACK_OF(type) *))sk_sort)(st)
+ ((void (*)(STACK_OF(type) *))openssl_fcast(sk_sort))(st)
#define SKM_sk_is_sorted(type, st) \
- ((int (*)(const STACK_OF(type) *))sk_is_sorted)(st)
+ ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_is_sorted))(st)
#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \
type *(*)(type **, unsigned char **,long), \
- void (*)(type *), int ,int )) d2i_ASN1_SET) \
+ void (*)(type *), int ,int )) openssl_fcast(d2i_ASN1_SET)) \
(st,pp,length, d2i_func, free_func, ex_tag,ex_class)
#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
((int (*)(STACK_OF(type) *,unsigned char **, \
- int (*)(type *,unsigned char **), int , int , int)) i2d_ASN1_SET) \
+ int (*)(type *,unsigned char **), int , int , int)) openssl_fcast(i2d_ASN1_SET)) \
(st,pp,i2d_func,ex_tag,ex_class,is_set)
#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
((unsigned char *(*)(STACK_OF(type) *, \
- int (*)(type *,unsigned char **), unsigned char **,int *)) ASN1_seq_pack) \
+ int (*)(type *,unsigned char **), unsigned char **,int *)) openssl_fcast(ASN1_seq_pack)) \
(st, i2d_func, buf, len)
#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
((STACK_OF(type) * (*)(unsigned char *,int, \
type *(*)(type **,unsigned char **, long), \
- void (*)(type *)))ASN1_seq_unpack) \
+ void (*)(type *)))openssl_fcast(ASN1_seq_unpack)) \
(buf,len,d2i_func, free_func)
#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
((STACK_OF(type) * (*)(X509_ALGOR *, \
type *(*)(type **, unsigned char **, long), void (*)(type *), \
const char *, int, \
- ASN1_STRING *, int))PKCS12_decrypt_d2i) \
+ ASN1_STRING *, int))openssl_fcast(PKCS12_decrypt_d2i)) \
(algor,d2i_func,free_func,pass,passlen,oct,seq)
#else
diff --git a/src/lib/libssl/src/crypto/txt_db/Makefile b/src/lib/libssl/src/crypto/txt_db/Makefile
index f91a08f006..3cb550a795 100644
--- a/src/lib/libssl/src/crypto/txt_db/Makefile
+++ b/src/lib/libssl/src/crypto/txt_db/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/txt_db/Makefile
+# OpenSSL/crypto/txt_db/Makefile
#
DIR= txt_db
diff --git a/src/lib/libssl/src/crypto/ui/ui_err.c b/src/lib/libssl/src/crypto/ui/ui_err.c
index 39a62ae737..d983cdd66f 100644
--- a/src/lib/libssl/src/crypto/ui/ui_err.c
+++ b/src/lib/libssl/src/crypto/ui/ui_err.c
@@ -1,6 +1,6 @@
/* crypto/ui/ui_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,32 +64,36 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason)
+
static ERR_STRING_DATA UI_str_functs[]=
{
-{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_BOOLEAN,0), "GENERAL_ALLOCATE_BOOLEAN"},
-{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_PROMPT,0), "GENERAL_ALLOCATE_PROMPT"},
-{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_STRING,0), "GENERAL_ALLOCATE_STRING"},
-{ERR_PACK(0,UI_F_UI_CTRL,0), "UI_ctrl"},
-{ERR_PACK(0,UI_F_UI_DUP_ERROR_STRING,0), "UI_dup_error_string"},
-{ERR_PACK(0,UI_F_UI_DUP_INFO_STRING,0), "UI_dup_info_string"},
-{ERR_PACK(0,UI_F_UI_DUP_INPUT_BOOLEAN,0), "UI_dup_input_boolean"},
-{ERR_PACK(0,UI_F_UI_DUP_INPUT_STRING,0), "UI_dup_input_string"},
-{ERR_PACK(0,UI_F_UI_DUP_VERIFY_STRING,0), "UI_dup_verify_string"},
-{ERR_PACK(0,UI_F_UI_GET0_RESULT,0), "UI_get0_result"},
-{ERR_PACK(0,UI_F_UI_NEW_METHOD,0), "UI_new_method"},
-{ERR_PACK(0,UI_F_UI_SET_RESULT,0), "UI_set_result"},
+{ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "GENERAL_ALLOCATE_BOOLEAN"},
+{ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "GENERAL_ALLOCATE_PROMPT"},
+{ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"},
+{ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"},
+{ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"},
+{ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"},
+{ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"},
+{ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"},
+{ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"},
+{ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"},
+{ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"},
+{ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"},
{0,NULL}
};
static ERR_STRING_DATA UI_str_reasons[]=
{
-{UI_R_COMMON_OK_AND_CANCEL_CHARACTERS ,"common ok and cancel characters"},
-{UI_R_INDEX_TOO_LARGE ,"index too large"},
-{UI_R_INDEX_TOO_SMALL ,"index too small"},
-{UI_R_NO_RESULT_BUFFER ,"no result buffer"},
-{UI_R_RESULT_TOO_LARGE ,"result too large"},
-{UI_R_RESULT_TOO_SMALL ,"result too small"},
-{UI_R_UNKNOWN_CONTROL_COMMAND ,"unknown control command"},
+{ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),"common ok and cancel characters"},
+{ERR_REASON(UI_R_INDEX_TOO_LARGE) ,"index too large"},
+{ERR_REASON(UI_R_INDEX_TOO_SMALL) ,"index too small"},
+{ERR_REASON(UI_R_NO_RESULT_BUFFER) ,"no result buffer"},
+{ERR_REASON(UI_R_RESULT_TOO_LARGE) ,"result too large"},
+{ERR_REASON(UI_R_RESULT_TOO_SMALL) ,"result too small"},
+{ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND),"unknown control command"},
{0,NULL}
};
@@ -103,8 +107,8 @@ void ERR_load_UI_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_UI,UI_str_functs);
- ERR_load_strings(ERR_LIB_UI,UI_str_reasons);
+ ERR_load_strings(0,UI_str_functs);
+ ERR_load_strings(0,UI_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/x509/Makefile b/src/lib/libssl/src/crypto/x509/Makefile
index 5fb774f1c7..ee3f8a4a23 100644
--- a/src/lib/libssl/src/crypto/x509/Makefile
+++ b/src/lib/libssl/src/crypto/x509/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/x509/Makefile
+# OpenSSL/crypto/x509/Makefile
#
DIR= x509
diff --git a/src/lib/libssl/src/crypto/x509/by_dir.c b/src/lib/libssl/src/crypto/x509/by_dir.c
index 6207340472..ea689aed1a 100644
--- a/src/lib/libssl/src/crypto/x509/by_dir.c
+++ b/src/lib/libssl/src/crypto/x509/by_dir.c
@@ -114,7 +114,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
{
int ret=0;
BY_DIR *ld;
- char *dir;
+ char *dir = NULL;
ld=(BY_DIR *)ctx->method_data;
@@ -123,17 +123,16 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
case X509_L_ADD_DIR:
if (argl == X509_FILETYPE_DEFAULT)
{
- ret=add_cert_dir(ld,X509_get_default_cert_dir(),
- X509_FILETYPE_PEM);
+ dir=(char *)Getenv(X509_get_default_cert_dir_env());
+ if (dir)
+ ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
+ else
+ ret=add_cert_dir(ld,X509_get_default_cert_dir(),
+ X509_FILETYPE_PEM);
if (!ret)
{
X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
}
- else
- {
- dir=(char *)Getenv(X509_get_default_cert_dir_env());
- ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
- }
}
else
ret=add_cert_dir(ld,argp,(int)argl);
diff --git a/src/lib/libssl/src/crypto/x509/x509_err.c b/src/lib/libssl/src/crypto/x509/x509_err.c
index 5bbf4acf76..d44d046027 100644
--- a/src/lib/libssl/src/crypto/x509/x509_err.c
+++ b/src/lib/libssl/src/crypto/x509/x509_err.c
@@ -1,6 +1,6 @@
/* crypto/x509/x509_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,77 +64,81 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
+
static ERR_STRING_DATA X509_str_functs[]=
{
-{ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"},
-{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"},
-{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"},
-{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"},
-{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_DECODE,0), "NETSCAPE_SPKI_b64_decode"},
-{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_ENCODE,0), "NETSCAPE_SPKI_b64_encode"},
-{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"},
-{ERR_PACK(0,X509_F_X509_ADD_ATTR,0), "X509_ADD_ATTR"},
-{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_NID,0), "X509_ATTRIBUTE_create_by_NID"},
-{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,0), "X509_ATTRIBUTE_create_by_OBJ"},
-{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,0), "X509_ATTRIBUTE_create_by_txt"},
-{ERR_PACK(0,X509_F_X509_ATTRIBUTE_GET0_DATA,0), "X509_ATTRIBUTE_get0_data"},
-{ERR_PACK(0,X509_F_X509_ATTRIBUTE_SET1_DATA,0), "X509_ATTRIBUTE_set1_data"},
-{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"},
-{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"},
-{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"},
-{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"},
-{ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0), "X509_load_cert_crl_file"},
-{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"},
-{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"},
-{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"},
-{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"},
-{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,0), "X509_NAME_ENTRY_create_by_txt"},
-{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"},
-{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"},
-{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"},
-{ERR_PACK(0,X509_F_X509_PRINT_FP,0), "X509_print_fp"},
-{ERR_PACK(0,X509_F_X509_PUBKEY_GET,0), "X509_PUBKEY_get"},
-{ERR_PACK(0,X509_F_X509_PUBKEY_SET,0), "X509_PUBKEY_set"},
-{ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"},
-{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"},
-{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"},
-{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"},
-{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"},
-{ERR_PACK(0,X509_F_X509_STORE_CTX_INIT,0), "X509_STORE_CTX_init"},
-{ERR_PACK(0,X509_F_X509_STORE_CTX_NEW,0), "X509_STORE_CTX_new"},
-{ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0), "X509_STORE_CTX_purpose_inherit"},
-{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"},
-{ERR_PACK(0,X509_F_X509_TRUST_ADD,0), "X509_TRUST_add"},
-{ERR_PACK(0,X509_F_X509_TRUST_SET,0), "X509_TRUST_set"},
-{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"},
+{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
+{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
+{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
+{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
+{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
+{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
+{ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
+{ERR_FUNC(X509_F_X509_ADD_ATTR), "X509_ADD_ATTR"},
+{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"},
+{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"},
+{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"},
+{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
+{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
+{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
+{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"},
+{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"},
+{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"},
+{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
+{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
+{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
+{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
+{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"},
+{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"},
+{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"},
+{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
+{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
+{ERR_FUNC(X509_F_X509_PRINT_FP), "X509_print_fp"},
+{ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
+{ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
+{ERR_FUNC(X509_F_X509_REQ_PRINT), "X509_REQ_print"},
+{ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
+{ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
+{ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
+{ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
+{ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
+{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
+{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"},
+{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
+{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
+{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
+{ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
{0,NULL}
};
static ERR_STRING_DATA X509_str_reasons[]=
{
-{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"},
-{X509_R_BASE64_DECODE_ERROR ,"base64 decode error"},
-{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"},
-{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"},
-{X509_R_ERR_ASN1_LIB ,"err asn1 lib"},
-{X509_R_INVALID_DIRECTORY ,"invalid directory"},
-{X509_R_INVALID_FIELD_NAME ,"invalid field name"},
-{X509_R_INVALID_TRUST ,"invalid trust"},
-{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"},
-{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"},
-{X509_R_LOADING_CERT_DIR ,"loading cert dir"},
-{X509_R_LOADING_DEFAULTS ,"loading defaults"},
-{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"},
-{X509_R_SHOULD_RETRY ,"should retry"},
-{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
-{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"},
-{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"},
-{X509_R_UNKNOWN_NID ,"unknown nid"},
-{X509_R_UNKNOWN_PURPOSE_ID ,"unknown purpose id"},
-{X509_R_UNKNOWN_TRUST_ID ,"unknown trust id"},
-{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"},
-{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"},
-{X509_R_WRONG_TYPE ,"wrong type"},
+{ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"},
+{ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"},
+{ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"},
+{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"},
+{ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"},
+{ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"},
+{ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"},
+{ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"},
+{ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"},
+{ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"},
+{ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"},
+{ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"},
+{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"},
+{ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"},
+{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"},
+{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"},
+{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) ,"unknown key type"},
+{ERR_REASON(X509_R_UNKNOWN_NID) ,"unknown nid"},
+{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) ,"unknown purpose id"},
+{ERR_REASON(X509_R_UNKNOWN_TRUST_ID) ,"unknown trust id"},
+{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"},
+{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) ,"wrong lookup type"},
+{ERR_REASON(X509_R_WRONG_TYPE) ,"wrong type"},
{0,NULL}
};
@@ -148,8 +152,8 @@ void ERR_load_X509_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_X509,X509_str_functs);
- ERR_load_strings(ERR_LIB_X509,X509_str_reasons);
+ ERR_load_strings(0,X509_str_functs);
+ ERR_load_strings(0,X509_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c
index e43c861ee7..383e082aba 100644
--- a/src/lib/libssl/src/crypto/x509/x509_vfy.c
+++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c
@@ -944,7 +944,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
offset=0;
else
{
- if ((*str != '+') && (str[5] != '-'))
+ if ((*str != '+') && (*str != '-'))
return 0;
offset=((str[1]-'0')*10+(str[2]-'0'))*60;
offset+=(str[3]-'0')*10+(str[4]-'0');
diff --git a/src/lib/libssl/src/crypto/x509v3/Makefile b/src/lib/libssl/src/crypto/x509v3/Makefile
index ed2f91cbb3..49423f39f7 100644
--- a/src/lib/libssl/src/crypto/x509v3/Makefile
+++ b/src/lib/libssl/src/crypto/x509v3/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/x509v3/Makefile
+# OpenSSL/crypto/x509v3/Makefile
#
DIR= x509v3
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
index 0d554f3a2c..867525f336 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
@@ -137,7 +137,15 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
CONF_VALUE *cnf;
int i, ia5org;
pols = sk_POLICYINFO_new_null();
+ if (pols == NULL) {
+ X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
vals = X509V3_parse_list(value);
+ if (vals == NULL) {
+ X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
+ goto err;
+ }
ia5org = 0;
for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
cnf = sk_CONF_VALUE_value(vals, i);
@@ -176,6 +184,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
return pols;
err:
+ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
return NULL;
}
diff --git a/src/lib/libssl/src/crypto/x509v3/v3err.c b/src/lib/libssl/src/crypto/x509v3/v3err.c
index 2df0c3ef01..e1edaf5248 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3err.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3err.c
@@ -64,114 +64,118 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)
+
static ERR_STRING_DATA X509V3_str_functs[]=
{
-{ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"},
-{ERR_PACK(0,X509V3_F_COPY_ISSUER,0), "COPY_ISSUER"},
-{ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"},
-{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"},
-{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
-{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"},
-{ERR_PACK(0,X509V3_F_I2S_ASN1_IA5STRING,0), "I2S_ASN1_IA5STRING"},
-{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"},
-{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"},
-{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"},
-{ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"},
-{ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"},
-{ERR_PACK(0,X509V3_F_R2I_CERTPOL,0), "R2I_CERTPOL"},
-{ERR_PACK(0,X509V3_F_R2I_PCI,0), "R2I_PCI"},
-{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"},
-{ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0), "s2i_ASN1_INTEGER"},
-{ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"},
-{ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0), "S2I_ASN1_SKEY_ID"},
-{ERR_PACK(0,X509V3_F_S2I_S2I_SKEY_ID,0), "S2I_S2I_SKEY_ID"},
-{ERR_PACK(0,X509V3_F_STRING_TO_HEX,0), "string_to_hex"},
-{ERR_PACK(0,X509V3_F_SXNET_ADD_ASC,0), "SXNET_ADD_ASC"},
-{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_INTEGER,0), "SXNET_add_id_INTEGER"},
-{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"},
-{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"},
-{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"},
-{ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0), "V2I_ACCESS_DESCRIPTION"},
-{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"},
-{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"},
-{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"},
-{ERR_PACK(0,X509V3_F_V2I_CRLD,0), "V2I_CRLD"},
-{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"},
-{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"},
-{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"},
-{ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"},
-{ERR_PACK(0,X509V3_F_X509V3_ADD_I2D,0), "X509V3_ADD_I2D"},
-{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"},
-{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"},
-{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"},
-{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"},
-{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"},
-{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"},
-{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"},
-{ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"},
-{ERR_PACK(0,X509V3_F_X509_PURPOSE_SET,0), "X509_PURPOSE_set"},
+{ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"},
+{ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"},
+{ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"},
+{ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"},
+{ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"},
+{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"},
+{ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"},
+{ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"},
+{ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), "I2V_AUTHORITY_INFO_ACCESS"},
+{ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"},
+{ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"},
+{ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"},
+{ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"},
+{ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"},
+{ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"},
+{ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"},
+{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"},
+{ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"},
+{ERR_FUNC(X509V3_F_S2I_S2I_SKEY_ID), "S2I_S2I_SKEY_ID"},
+{ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"},
+{ERR_FUNC(X509V3_F_SXNET_ADD_ASC), "SXNET_ADD_ASC"},
+{ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"},
+{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"},
+{ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"},
+{ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"},
+{ERR_FUNC(X509V3_F_V2I_ACCESS_DESCRIPTION), "V2I_ACCESS_DESCRIPTION"},
+{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "V2I_ASN1_BIT_STRING"},
+{ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"},
+{ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"},
+{ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"},
+{ERR_FUNC(X509V3_F_V2I_EXT_KU), "V2I_EXT_KU"},
+{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME), "v2i_GENERAL_NAME"},
+{ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"},
+{ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"},
+{ERR_FUNC(X509V3_F_X509V3_ADD_I2D), "X509V3_ADD_I2D"},
+{ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"},
+{ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"},
+{ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"},
+{ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"},
+{ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"},
+{ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"},
+{ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"},
+{ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"},
+{ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"},
{0,NULL}
};
static ERR_STRING_DATA X509V3_str_reasons[]=
{
-{X509V3_R_BAD_IP_ADDRESS ,"bad ip address"},
-{X509V3_R_BAD_OBJECT ,"bad object"},
-{X509V3_R_BN_DEC2BN_ERROR ,"bn dec2bn error"},
-{X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"},
-{X509V3_R_DUPLICATE_ZONE_ID ,"duplicate zone id"},
-{X509V3_R_ERROR_CONVERTING_ZONE ,"error converting zone"},
-{X509V3_R_ERROR_CREATING_EXTENSION ,"error creating extension"},
-{X509V3_R_ERROR_IN_EXTENSION ,"error in extension"},
-{X509V3_R_EXPECTED_A_SECTION_NAME ,"expected a section name"},
-{X509V3_R_EXTENSION_EXISTS ,"extension exists"},
-{X509V3_R_EXTENSION_NAME_ERROR ,"extension name error"},
-{X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"},
-{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"},
-{X509V3_R_EXTENSION_VALUE_ERROR ,"extension value error"},
-{X509V3_R_ILLEGAL_HEX_DIGIT ,"illegal hex digit"},
-{X509V3_R_INCORRECT_POLICY_SYNTAX_TAG ,"incorrect policy syntax tag"},
-{X509V3_R_INVALID_BOOLEAN_STRING ,"invalid boolean string"},
-{X509V3_R_INVALID_EXTENSION_STRING ,"invalid extension string"},
-{X509V3_R_INVALID_NAME ,"invalid name"},
-{X509V3_R_INVALID_NULL_ARGUMENT ,"invalid null argument"},
-{X509V3_R_INVALID_NULL_NAME ,"invalid null name"},
-{X509V3_R_INVALID_NULL_VALUE ,"invalid null value"},
-{X509V3_R_INVALID_NUMBER ,"invalid number"},
-{X509V3_R_INVALID_NUMBERS ,"invalid numbers"},
-{X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"},
-{X509V3_R_INVALID_OPTION ,"invalid option"},
-{X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"},
-{X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER,"invalid proxy policy identifier"},
-{X509V3_R_INVALID_PROXY_POLICY_SETTING ,"invalid proxy policy setting"},
-{X509V3_R_INVALID_PURPOSE ,"invalid purpose"},
-{X509V3_R_INVALID_SECTION ,"invalid section"},
-{X509V3_R_INVALID_SYNTAX ,"invalid syntax"},
-{X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"},
-{X509V3_R_MISSING_VALUE ,"missing value"},
-{X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"},
-{X509V3_R_NO_CONFIG_DATABASE ,"no config database"},
-{X509V3_R_NO_ISSUER_CERTIFICATE ,"no issuer certificate"},
-{X509V3_R_NO_ISSUER_DETAILS ,"no issuer details"},
-{X509V3_R_NO_POLICY_IDENTIFIER ,"no policy identifier"},
-{X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED,"no proxy cert policy language defined"},
-{X509V3_R_NO_PUBLIC_KEY ,"no public key"},
-{X509V3_R_NO_SUBJECT_DETAILS ,"no subject details"},
-{X509V3_R_ODD_NUMBER_OF_DIGITS ,"odd number of digits"},
-{X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED,"policy language alreadty defined"},
-{X509V3_R_POLICY_PATH_LENGTH ,"policy path length"},
-{X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED,"policy path length alreadty defined"},
-{X509V3_R_POLICY_SYNTAX_NOT ,"policy syntax not"},
-{X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED,"policy syntax not currently supported"},
-{X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY,"policy when proxy language requires no policy"},
-{X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ,"unable to get issuer details"},
-{X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ,"unable to get issuer keyid"},
-{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"},
-{X509V3_R_UNKNOWN_EXTENSION ,"unknown extension"},
-{X509V3_R_UNKNOWN_EXTENSION_NAME ,"unknown extension name"},
-{X509V3_R_UNKNOWN_OPTION ,"unknown option"},
-{X509V3_R_UNSUPPORTED_OPTION ,"unsupported option"},
-{X509V3_R_USER_TOO_LONG ,"user too long"},
+{ERR_REASON(X509V3_R_BAD_IP_ADDRESS) ,"bad ip address"},
+{ERR_REASON(X509V3_R_BAD_OBJECT) ,"bad object"},
+{ERR_REASON(X509V3_R_BN_DEC2BN_ERROR) ,"bn dec2bn error"},
+{ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"},
+{ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID) ,"duplicate zone id"},
+{ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"},
+{ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"},
+{ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) ,"error in extension"},
+{ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME),"expected a section name"},
+{ERR_REASON(X509V3_R_EXTENSION_EXISTS) ,"extension exists"},
+{ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR),"extension name error"},
+{ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"},
+{ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"},
+{ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"},
+{ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT) ,"illegal hex digit"},
+{ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"},
+{ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"},
+{ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"},
+{ERR_REASON(X509V3_R_INVALID_NAME) ,"invalid name"},
+{ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
+{ERR_REASON(X509V3_R_INVALID_NULL_NAME) ,"invalid null name"},
+{ERR_REASON(X509V3_R_INVALID_NULL_VALUE) ,"invalid null value"},
+{ERR_REASON(X509V3_R_INVALID_NUMBER) ,"invalid number"},
+{ERR_REASON(X509V3_R_INVALID_NUMBERS) ,"invalid numbers"},
+{ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"},
+{ERR_REASON(X509V3_R_INVALID_OPTION) ,"invalid option"},
+{ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"},
+{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER),"invalid proxy policy identifier"},
+{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"},
+{ERR_REASON(X509V3_R_INVALID_PURPOSE) ,"invalid purpose"},
+{ERR_REASON(X509V3_R_INVALID_SECTION) ,"invalid section"},
+{ERR_REASON(X509V3_R_INVALID_SYNTAX) ,"invalid syntax"},
+{ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"},
+{ERR_REASON(X509V3_R_MISSING_VALUE) ,"missing value"},
+{ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),"need organization and numbers"},
+{ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) ,"no config database"},
+{ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE),"no issuer certificate"},
+{ERR_REASON(X509V3_R_NO_ISSUER_DETAILS) ,"no issuer details"},
+{ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER),"no policy identifier"},
+{ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),"no proxy cert policy language defined"},
+{ERR_REASON(X509V3_R_NO_PUBLIC_KEY) ,"no public key"},
+{ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"},
+{ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"},
+{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"},
+{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"},
+{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"},
+{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT) ,"policy syntax not"},
+{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"},
+{ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"},
+{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"},
+{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"},
+{ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"},
+{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION) ,"unknown extension"},
+{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"},
+{ERR_REASON(X509V3_R_UNKNOWN_OPTION) ,"unknown option"},
+{ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"},
+{ERR_REASON(X509V3_R_USER_TOO_LONG) ,"user too long"},
{0,NULL}
};
@@ -185,8 +189,8 @@ void ERR_load_X509V3_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs);
- ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons);
+ ERR_load_strings(0,X509V3_str_functs);
+ ERR_load_strings(0,X509V3_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/doc/HOWTO/keys.txt b/src/lib/libssl/src/doc/HOWTO/keys.txt
index 45f42eaaf1..7ae2a3a118 100644
--- a/src/lib/libssl/src/doc/HOWTO/keys.txt
+++ b/src/lib/libssl/src/doc/HOWTO/keys.txt
@@ -40,9 +40,9 @@ consider insecure or to be insecure pretty soon.
3. To generate a DSA key
-A DSA key can be used both for signing only. This is important to
-keep in mind to know what kind of purposes a certificate request with
-a DSA key can really be used for.
+A DSA key can be used for signing only. This is important to keep
+in mind to know what kind of purposes a certificate request with a
+DSA key can really be used for.
Generating a key for the DSA algorithm is a two-step process. First,
you have to generate parameters from which to generate the key:
diff --git a/src/lib/libssl/src/doc/apps/CA.pl.pod b/src/lib/libssl/src/doc/apps/CA.pl.pod
index 58e0f52001..ed69952f37 100644
--- a/src/lib/libssl/src/doc/apps/CA.pl.pod
+++ b/src/lib/libssl/src/doc/apps/CA.pl.pod
@@ -47,7 +47,7 @@ written to the file "newreq.pem".
creates a new certificate request. The private key and request are
written to the file "newreq.pem".
-=item B<-newreq-nowdes>
+=item B<-newreq-nodes>
is like B<-newreq> except that the private key will not be encrypted.
diff --git a/src/lib/libssl/src/doc/apps/ca.pod b/src/lib/libssl/src/doc/apps/ca.pod
index 74f45ca2f9..f15df49d4f 100644
--- a/src/lib/libssl/src/doc/apps/ca.pod
+++ b/src/lib/libssl/src/doc/apps/ca.pod
@@ -391,7 +391,7 @@ the same as B<-msie_hack>
the same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section
for more information.
-=item B<nameopt>, B<certopt>
+=item B<name_opt>, B<cert_opt>
these options allow the format used to display the certificate details
when asking the user to confirm signing. All the options supported by
@@ -513,8 +513,8 @@ A sample configuration file with the relevant sections for B<ca>:
policy = policy_any # default policy
email_in_dn = no # Don't add the email into cert DN
- nameopt = ca_default # Subject name display option
- certopt = ca_default # Certificate display option
+ name_opt = ca_default # Subject name display option
+ cert_opt = ca_default # Certificate display option
copy_extensions = none # Don't copy extensions from request
[ policy_any ]
diff --git a/src/lib/libssl/src/doc/apps/enc.pod b/src/lib/libssl/src/doc/apps/enc.pod
index 18fe7c81c7..c43da5b3f1 100644
--- a/src/lib/libssl/src/doc/apps/enc.pod
+++ b/src/lib/libssl/src/doc/apps/enc.pod
@@ -191,12 +191,12 @@ Blowfish and RC5 algorithms use a 128 bit key.
des-ecb DES in ECB mode
des-ede-cbc Two key triple DES EDE in CBC mode
- des-ede Alias for des-ede
+ des-ede Two key triple DES EDE in ECB mode
des-ede-cfb Two key triple DES EDE in CFB mode
des-ede-ofb Two key triple DES EDE in OFB mode
des-ede3-cbc Three key triple DES EDE in CBC mode
- des-ede3 Alias for des-ede3-cbc
+ des-ede3 Three key triple DES EDE in ECB mode
des3 Alias for des-ede3-cbc
des-ede3-cfb Three key triple DES EDE CFB mode
des-ede3-ofb Three key triple DES EDE in OFB mode
@@ -211,9 +211,9 @@ Blowfish and RC5 algorithms use a 128 bit key.
rc2-cbc 128 bit RC2 in CBC mode
rc2 Alias for rc2-cbc
- rc2-cfb 128 bit RC2 in CBC mode
- rc2-ecb 128 bit RC2 in CBC mode
- rc2-ofb 128 bit RC2 in CBC mode
+ rc2-cfb 128 bit RC2 in CFB mode
+ rc2-ecb 128 bit RC2 in ECB mode
+ rc2-ofb 128 bit RC2 in OFB mode
rc2-64-cbc 64 bit RC2 in CBC mode
rc2-40-cbc 40 bit RC2 in CBC mode
@@ -223,9 +223,9 @@ Blowfish and RC5 algorithms use a 128 bit key.
rc5-cbc RC5 cipher in CBC mode
rc5 Alias for rc5-cbc
- rc5-cfb RC5 cipher in CBC mode
- rc5-ecb RC5 cipher in CBC mode
- rc5-ofb RC5 cipher in CBC mode
+ rc5-cfb RC5 cipher in CFB mode
+ rc5-ecb RC5 cipher in ECB mode
+ rc5-ofb RC5 cipher in OFB mode
=head1 EXAMPLES
diff --git a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
index 40e525dd56..8271d3dfc4 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
@@ -22,7 +22,7 @@ EVP_CIPHER_CTX_set_padding - EVP cipher routines
#include <openssl/evp.h>
- int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
+ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
ENGINE *impl, unsigned char *key, unsigned char *iv);
@@ -236,8 +236,8 @@ RC5 can be set.
=head1 RETURN VALUES
-EVP_CIPHER_CTX_init, EVP_EncryptInit_ex(), EVP_EncryptUpdate() and
-EVP_EncryptFinal_ex() return 1 for success and 0 for failure.
+EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex()
+return 1 for success and 0 for failure.
EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure.
EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success.
diff --git a/src/lib/libssl/src/doc/crypto/OPENSSL_config.pod b/src/lib/libssl/src/doc/crypto/OPENSSL_config.pod
index 16600620cc..e7bba2aaca 100644
--- a/src/lib/libssl/src/doc/crypto/OPENSSL_config.pod
+++ b/src/lib/libssl/src/doc/crypto/OPENSSL_config.pod
@@ -35,7 +35,7 @@ calls OPENSSL_add_all_algorithms() by compiling an application with the
preprocessor symbol B<OPENSSL_LOAD_CONF> #define'd. In this way configuration
can be added without source changes.
-The environment variable B<OPENSSL_CONFIG> can be set to specify the location
+The environment variable B<OPENSSL_CONF> can be set to specify the location
of the configuration file.
Currently ASN1 OBJECTs and ENGINE configuration can be performed future
diff --git a/src/lib/libssl/src/doc/crypto/PKCS7_verify.pod b/src/lib/libssl/src/doc/crypto/PKCS7_verify.pod
index 07c9fdad40..3490b5dc82 100644
--- a/src/lib/libssl/src/doc/crypto/PKCS7_verify.pod
+++ b/src/lib/libssl/src/doc/crypto/PKCS7_verify.pod
@@ -8,7 +8,7 @@ PKCS7_verify - verify a PKCS#7 signedData structure
int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
-int PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
=head1 DESCRIPTION
diff --git a/src/lib/libssl/src/doc/crypto/hmac.pod b/src/lib/libssl/src/doc/crypto/hmac.pod
index 3976baf226..0bd79a6d3a 100644
--- a/src/lib/libssl/src/doc/crypto/hmac.pod
+++ b/src/lib/libssl/src/doc/crypto/hmac.pod
@@ -18,7 +18,7 @@ authentication code
void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
const EVP_MD *md);
void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
- const EVP_MD *md);
+ const EVP_MD *md, ENGINE *impl);
void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
diff --git a/src/lib/libssl/src/doc/crypto/threads.pod b/src/lib/libssl/src/doc/crypto/threads.pod
index afa45cd76c..3df4ecd776 100644
--- a/src/lib/libssl/src/doc/crypto/threads.pod
+++ b/src/lib/libssl/src/doc/crypto/threads.pod
@@ -65,9 +65,10 @@ B<CRYPTO_LOCK>, and releases it otherwise.
B<file> and B<line> are the file number of the function setting the
lock. They can be useful for debugging.
-id_function(void) is a function that returns a thread ID. It is not
+id_function(void) is a function that returns a thread ID, for example
+pthread_self() if it returns an integer (see NOTES below). It isn't
needed on Windows nor on platforms where getpid() returns a different
-ID for each thread (most notably Linux).
+ID for each thread (see NOTES below).
Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
of OpenSSL need it for better performance. To enable this, the following
@@ -124,13 +125,13 @@ CRYPTO_get_new_dynlockid() returns the index to the newly created lock.
The other functions return no values.
-=head1 NOTE
+=head1 NOTES
You can find out if OpenSSL was configured with thread support:
#define OPENSSL_THREAD_DEFINES
#include <openssl/opensslconf.h>
- #if defined(THREADS)
+ #if defined(OPENSSL_THREADS)
// thread support enabled
#else
// no thread support
@@ -139,6 +140,22 @@ You can find out if OpenSSL was configured with thread support:
Also, dynamic locks are currently not used internally by OpenSSL, but
may do so in the future.
+Defining id_function(void) has it's own issues. Generally speaking,
+pthread_self() should be used, even on platforms where getpid() gives
+different answers in each thread, since that may depend on the machine
+the program is run on, not the machine where the program is being
+compiled. For instance, Red Hat 8 Linux and earlier used
+LinuxThreads, whose getpid() returns a different value for each
+thread. Red Hat 9 Linux and later use NPTL, which is
+Posix-conformant, and has a getpid() that returns the same value for
+all threads in a process. A program compiled on Red Hat 8 and run on
+Red Hat 9 will therefore see getpid() returning the same value for
+all threads.
+
+There is still the issue of platforms where pthread_self() returns
+something other than an integer. This is a bit unusual, and this
+manual has no cookbook solution for that case.
+
=head1 EXAMPLES
B<crypto/threads/mttest.c> shows examples of the callback functions on
diff --git a/src/lib/libssl/src/doc/fingerprints.txt b/src/lib/libssl/src/doc/fingerprints.txt
index c350d381eb..7d05a85594 100644
--- a/src/lib/libssl/src/doc/fingerprints.txt
+++ b/src/lib/libssl/src/doc/fingerprints.txt
@@ -26,3 +26,32 @@ pub 1024R/49A563D9 1997-02-24
uid Mark Cox <mjc@redhat.com>
uid Mark Cox <mark@awe.com>
uid Mark Cox <mjc@apache.org>
+
+pub 1024R/26BB437D 1997-04-28
+ Key fingerprint = 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
+uid Ralf S. Engelschall <rse@engelschall.com>
+
+pub 1024R/9C58A66D 1997-04-03
+ Key fingerprint = 13 D0 B8 9D 37 30 C3 ED AC 9C 24 7D 45 8C 17 67
+uid jaenicke@openssl.org
+uid Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+
+pub 1024D/2118CF83 1998-07-13
+ Key fingerprint = 7656 55DE 62E3 96FF 2587 EB6C 4F6D E156 2118 CF83
+uid Ben Laurie <ben@thebunker.net>
+uid Ben Laurie <ben@cryptix.org>
+uid Ben Laurie <ben@algroup.co.uk>
+sub 4096g/1F5143E7 1998-07-13
+
+pub 1024R/5A6A9B85 1994-03-22
+ Key fingerprint = C7 AC 7E AD 56 6A 65 EC F6 16 66 83 7E 86 68 28
+uid Bodo Moeller <2005@bmoeller.de>
+uid Bodo Moeller <2003@bmoeller.de>
+uid Bodo Moeller <2004@bmoeller.de>
+uid Bodo Moeller <bmoeller@acm.org>
+uid Bodo Moeller <bodo@openssl.org>
+uid Bodo Moeller <bm@ulf.mali.sub.org>
+uid Bodo Moeller <3moeller@informatik.uni-hamburg.de>
+uid Bodo Moeller <Bodo_Moeller@public.uni-hamburg.de>
+uid Bodo Moeller <3moeller@rzdspc5.informatik.uni-hamburg.de>
+
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
index 5ab1b32f93..fa63263601 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
@@ -86,7 +86,7 @@ doing a re-connect, always takes the first cipher in the cipher list.
=item SSL_OP_MSIE_SSLV2_RSA_PADDING
-...
+As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect.
=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
diff --git a/src/lib/libssl/src/e_os.h b/src/lib/libssl/src/e_os.h
index 5a328b7fa8..e2b6561066 100644
--- a/src/lib/libssl/src/e_os.h
+++ b/src/lib/libssl/src/e_os.h
@@ -214,6 +214,8 @@ extern "C" {
# define _setmode setmode
# define _O_TEXT O_TEXT
# define _O_BINARY O_BINARY
+# undef DEVRANDOM
+# define DEVRANDOM "/dev/urandom\x24"
# endif /* __DJGPP__ */
# ifndef S_IFDIR
diff --git a/src/lib/libssl/src/e_os2.h b/src/lib/libssl/src/e_os2.h
index 4ca79a4d65..d8de8beead 100644
--- a/src/lib/libssl/src/e_os2.h
+++ b/src/lib/libssl/src/e_os2.h
@@ -237,8 +237,8 @@ extern "C" {
# define OPENSSL_IMPORT globalref
# define OPENSSL_GLOBAL globaldef
#elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL)
-# define OPENSSL_EXPORT extern _declspec(dllexport)
-# define OPENSSL_IMPORT extern _declspec(dllimport)
+# define OPENSSL_EXPORT extern __declspec(dllexport)
+# define OPENSSL_IMPORT extern __declspec(dllimport)
# define OPENSSL_GLOBAL
#else
# define OPENSSL_EXPORT extern
diff --git a/src/lib/libssl/src/fips-1.0/Makefile b/src/lib/libssl/src/fips-1.0/Makefile
new file mode 100644
index 0000000000..891a40b36a
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/Makefile
@@ -0,0 +1,242 @@
+#
+# OpenSSL/fips-1.0/Makefile
+#
+
+DIR= fips-1.0
+TOP= ..
+CC= cc
+INCLUDE= -I. -I$(TOP) -I../include
+INCLUDES= -I.. -I../.. -I../../include
+CFLAG= -g
+INSTALL_PREFIX=
+OPENSSLDIR= /usr/local/ssl
+INSTALLTOP= /usr/local/ssl
+MAKEFILE= Makefile
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+PERL= perl
+RM= rm -f
+AR= ar r
+
+PEX_LIBS=
+EX_LIBS=
+
+CFLAGS= $(INCLUDE) $(CFLAG) -DHMAC_EXT=\"$${HMAC_EXT:-sha1}\"
+
+
+LIBS=
+
+FDIRS=sha rand des aes dsa rsa dh hmac
+
+GENERAL=Makefile README fips-lib.com install.com
+
+LIB= $(TOP)/libcrypto.a
+SHARED_LIB= libcrypto$(SHLIB_EXT)
+LIBSRC=fips.c fips_err_wrapper.c fipshashes.c
+LIBOBJ=fips.o fips_err_wrapper.o fipshashes.o
+
+FIPS_OBJ_LISTS=sha/lib hmac/lib rand/lib des/lib aes/lib dsa/lib rsa/lib dh/lib
+
+SRC= $(LIBSRC)
+
+EXHEADER=fips.h
+HEADER=$(EXHEADER) fips_err.h
+EXE=fipsld
+TEST=fips_test_suite.c
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ @(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all:
+ @if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
+ $(MAKE) -e subdirs check lib shared; \
+ fi
+
+check:
+# $(PERL) ../util/checkhash.pl || (rm fipscanister.o* 2>/dev/null; exit 1)
+ echo FIPS module not built: no check done
+
+# Idea behind fipscanister.o is to "seize" the sequestered code between
+# known symbols for fingerprinting purposes, which would be commonly
+# done with ld -r start.o ... end.o. The latter however presents a minor
+# challenge on multi-ABI platforms. As just implied, we'd rather use ld,
+# but the trouble is that we don't generally know how ABI-selection
+# compiler flag is translated to corresponding linker flag. All compiler
+# drivers seem to recognize -r flag and pass it down to linker, but some
+# of them, including gcc, erroneously add -lc, as well as run-time
+# components, such as crt1.o and alike. Fortunately among those vendor
+# compilers which were observed to misinterpret -r flag multi-ABI ones
+# are equipped with smart linkers, which don't require any ABI-selection
+# flag and simply assume that all objects are of the same type as first
+# one in command line. So the idea is to identify gcc and deficient
+# vendor compiler drivers...
+
+fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o
+ @objs="fips_start.o $(LIBOBJ)"; \
+ for i in $(FIPS_OBJ_LISTS); do \
+ dir=`dirname $$i`; script="s|^|$$dir/|;s| | $$dir/|g"; \
+ objs="$$objs `sed "$$script" $$i`"; \
+ done; \
+ objs="$$objs fips_end.o" ; \
+ if [ -n "${FIPS_SITE_LD}" ]; then \
+ set -x; ${FIPS_SITE_LD} -r -o $@ $$objs; \
+ elif $(CC) -dumpversion >/dev/null 2>&1; then \
+ set -x; $(CC) $(CFLAGS) -r -nostdlib -o $@ $$objs ; \
+ else case "`(uname -s) 2>/dev/null`" in \
+ HP-UX|OSF1|SunOS) set -x; /usr/ccs/bin/ld -r -o $@ $$objs ;; \
+ *) set -x; $(CC) $(CFLAGS) -r -o $@ $$objs ;; \
+ esac fi
+ sha/fips_standalone_sha1 fipscanister.o > fipscanister.o.sha1
+
+# If another exception is immediately required, assign approprite
+# site-specific ld command to FIPS_SITE_LD environment variable.
+
+fips_start.o: fips_canister.c
+ $(CC) $(CFLAGS) -DFIPS_START -c -o $@ fips_canister.c
+fips_end.o: fips_canister.c
+ $(CC) $(CFLAGS) -DFIPS_END -c -o $@ fips_canister.c
+fips_premain_dso$(EXE_EXT): fips_premain.c
+ $(CC) $(CFLAGS) -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ fips_premain.c \
+ ../libcrypto.a $(EX_LIBS)
+
+subdirs:
+ @for i in $(FDIRS) ;\
+ do \
+ (cd $$i && echo "making all in fips/$$i..." && \
+ $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+ done;
+
+sub_target:
+ @for i in $(FDIRS) ;\
+ do \
+ (cd $$i && echo "making $(TARGET) in fips/$$i..." && \
+ $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' $(TARGET) ) || exit 1; \
+ done;
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+ @for i in $(FDIRS) ;\
+ do \
+ (cd $$i && echo "making 'files' in fips/$$i..." && \
+ $(MAKE) PERL='${PERL}' files ); \
+ done;
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+ @for i in $(FDIRS); do \
+ (cd $$i && echo "making links in fips/$$i..." && \
+ $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
+ done;
+
+lib: $(FIPSLIBDIR)/fipscanister.o
+ $(AR) $(LIB) $(FIPSLIBDIR)/fipscanister.o
+ $(RANLIB) $(LIB) || echo Never mind.
+ @touch lib
+
+shared: fips_premain_dso$(EXE_EXT)
+ if [ -n "$(SHARED_LIBS)" ]; then \
+ (cd ..; $(MAKE) FIPSLD_CC=$(CC) FIPSLD=fips-1.0/fipsld $(SHARED_LIB)); \
+ fi
+
+libs:
+ @for i in $(FDIRS) ;\
+ do \
+ (cd $$i && echo "making libs in fips/$$i..." && \
+ $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
+ done;
+
+tests:
+ (cd ..; make DIRS=test)
+
+fips_test: top tests
+ -cd testvectors && perl -p -i -e 's/COUNT=/COUNT = /' des[23]/req/*.req
+ @for i in dsa sha aes des hmac rand rsa; \
+ do \
+ (cd $$i && echo "making fips_test in fips/$$i..." && $(MAKE) fips_test) \
+ done;
+
+install:
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+ @for i in $(FDIRS) ;\
+ do \
+ (cd $$i && echo "making install in fips/$$i..." && \
+ $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
+ done;
+ @for i in $(EXE) ; \
+ do \
+ echo "installing $$i"; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
+ done
+ @cp -p -f fipscanister.o fipscanister.o.sha1 fips_premain.c \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/lib/; \
+ strings fipscanister.o | grep "HMAC-SHA1(fips_premain\\.c)" > \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/lib/fips_premain.c.sha1; \
+ chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/fips*
+
+lint:
+ @for i in $(FDIRS) ;\
+ do \
+ (cd $$i && echo "making lint in fips/$$i..." && \
+ $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
+ done;
+
+depend:
+ if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(SRC)
+ if [ ! -s buildinf.h ]; then rm buildinf.h; fi
+ @for i in $(FDIRS) ;\
+ do \
+ (cd $$i && echo "making depend in fips/$$i..." && \
+ $(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ); \
+ done;
+
+clean:
+ rm -f buildinf.h *.o *.obj fips_premain_dso$(EXE_EXT) lib tags core .pure .nfs* *.old *.bak fluff
+ @for i in $(FDIRS) ;\
+ do \
+ (cd $$i && echo "making clean in fips/$$i..." && \
+ $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
+ done;
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+ @for i in $(FDIRS) ;\
+ do \
+ (cd $$i && echo "making dclean in fips/$$i..." && \
+ $(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
+ done;
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+fips.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+fips.o: ../include/openssl/bn.h ../include/openssl/cast.h
+fips.o: ../include/openssl/crypto.h ../include/openssl/des.h
+fips.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+fips.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+fips.o: ../include/openssl/err.h ../include/openssl/evp.h
+fips.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
+fips.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+fips.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+fips.o: ../include/openssl/md4.h ../include/openssl/md5.h
+fips.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+fips.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+fips.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fips.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+fips.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+fips.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+fips.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+fips.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h fips.c
+fips.o: fips_locl.h
+fips_err_wrapper.o: ../include/openssl/opensslconf.h fips_err_wrapper.c
diff --git a/src/lib/libssl/src/fips-1.0/aes/Makefile b/src/lib/libssl/src/fips-1.0/aes/Makefile
new file mode 100644
index 0000000000..d2a72b3988
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/aes/Makefile
@@ -0,0 +1,121 @@
+#
+# OpenSSL/fips-1.0/aes/Makefile
+#
+
+DIR= aes
+TOP= ../..
+CC= cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR= /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE= Makefile
+AR= ar r
+
+FIPS_AES_ENC=fips_aes_core.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=fips_aesavs.c
+TESTDATA=fips_aes_data
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=fips_aes_core.c asm/fips-ax86-elf.s fips_aes_selftest.c
+LIBOBJ=$(FIPS_AES_ENC) fips_aes_selftest.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=
+HEADER= $(EXHEADER) fips_aes_locl.h
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ @echo $(LIBOBJ) > lib
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TESTDATA)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+
+install:
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+fips_test:
+ -find ../testvectors/aes/req -name '*.req' > testlist
+ -rm -rf ../testvectors/aes/rsp
+ mkdir ../testvectors/aes/rsp
+ if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_aesavs -d testlist; fi
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) \
+ $(SRC) $(TEST)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips_aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+fips_aes_core.o: ../../include/openssl/fips.h
+fips_aes_core.o: ../../include/openssl/opensslconf.h fips_aes_core.c
+fips_aes_core.o: fips_aes_locl.h
+fips_aes_selftest.o: ../../include/openssl/aes.h ../../include/openssl/bio.h
+fips_aes_selftest.o: ../../include/openssl/crypto.h
+fips_aes_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_aes_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_aes_selftest.o: ../../include/openssl/opensslconf.h
+fips_aes_selftest.o: ../../include/openssl/opensslv.h
+fips_aes_selftest.o: ../../include/openssl/safestack.h
+fips_aes_selftest.o: ../../include/openssl/stack.h
+fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c
+fips_aesavs.o: ../../e_os.h ../../include/openssl/aes.h
+fips_aesavs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_aesavs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+fips_aesavs.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+fips_aesavs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+fips_aesavs.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+fips_aesavs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_aesavs.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_aesavs.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+fips_aesavs.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+fips_aesavs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+fips_aesavs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_aesavs.o: ../../include/openssl/opensslconf.h
+fips_aesavs.o: ../../include/openssl/opensslv.h
+fips_aesavs.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+fips_aesavs.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+fips_aesavs.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+fips_aesavs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+fips_aesavs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_aesavs.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+fips_aesavs.o: fips_aesavs.c
diff --git a/src/lib/libssl/src/fips-1.0/aes/asm/fips-ax86-elf.s b/src/lib/libssl/src/fips-1.0/aes/asm/fips-ax86-elf.s
new file mode 100644
index 0000000000..a3aa8fa9d9
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/aes/asm/fips-ax86-elf.s
@@ -0,0 +1,1711 @@
+
+
+
+
+
+
+ .file "aes-586.s"
+.globl AES_Te
+.text
+.globl _x86_AES_encrypt
+.type _x86_AES_encrypt,@function
+.align 16
+_x86_AES_encrypt:
+ movl %edi, 12(%esp)
+ xorl (%edi), %eax
+ xorl 4(%edi), %ebx
+ xorl 8(%edi), %ecx
+ xorl 12(%edi), %edx
+ movl 240(%edi), %esi
+ leal -2(%esi,%esi), %esi
+ leal (%edi,%esi,8), %esi
+ movl %esi, 16(%esp)
+.align 4
+.L000loop:
+ movl %eax, %esi
+ andl $255, %esi
+ movl (%ebp,%esi,8), %esi
+ movzbl %bh, %edi
+ xorl 3(%ebp,%edi,8), %esi
+ movl %ecx, %edi
+ shrl $16, %edi
+ andl $255, %edi
+ xorl 2(%ebp,%edi,8), %esi
+ movl %edx, %edi
+ shrl $24, %edi
+ xorl 1(%ebp,%edi,8), %esi
+ movl %esi, 4(%esp)
+
+ movl %ebx, %esi
+ andl $255, %esi
+ shrl $16, %ebx
+ movl (%ebp,%esi,8), %esi
+ movzbl %ch, %edi
+ xorl 3(%ebp,%edi,8), %esi
+ movl %edx, %edi
+ shrl $16, %edi
+ andl $255, %edi
+ xorl 2(%ebp,%edi,8), %esi
+ movl %eax, %edi
+ shrl $24, %edi
+ xorl 1(%ebp,%edi,8), %esi
+ movl %esi, 8(%esp)
+
+ movl %ecx, %esi
+ andl $255, %esi
+ shrl $24, %ecx
+ movl (%ebp,%esi,8), %esi
+ movzbl %dh, %edi
+ xorl 3(%ebp,%edi,8), %esi
+ movl %eax, %edi
+ shrl $16, %edi
+ andl $255, %edx
+ andl $255, %edi
+ xorl 2(%ebp,%edi,8), %esi
+ movzbl %bh, %edi
+ xorl 1(%ebp,%edi,8), %esi
+
+ movl 12(%esp), %edi
+ movl (%ebp,%edx,8), %edx
+ movzbl %ah, %eax
+ xorl 3(%ebp,%eax,8), %edx
+ movl 4(%esp), %eax
+ andl $255, %ebx
+ xorl 2(%ebp,%ebx,8), %edx
+ movl 8(%esp), %ebx
+ xorl 1(%ebp,%ecx,8), %edx
+ movl %esi, %ecx
+
+ addl $16, %edi
+ xorl (%edi), %eax
+ xorl 4(%edi), %ebx
+ xorl 8(%edi), %ecx
+ xorl 12(%edi), %edx
+ cmpl 16(%esp), %edi
+ movl %edi, 12(%esp)
+ jb .L000loop
+ movl %eax, %esi
+ andl $255, %esi
+ movl 2(%ebp,%esi,8), %esi
+ andl $255, %esi
+ movzbl %bh, %edi
+ movl (%ebp,%edi,8), %edi
+ andl $65280, %edi
+ xorl %edi, %esi
+ movl %ecx, %edi
+ shrl $16, %edi
+ andl $255, %edi
+ movl (%ebp,%edi,8), %edi
+ andl $16711680, %edi
+ xorl %edi, %esi
+ movl %edx, %edi
+ shrl $24, %edi
+ movl 2(%ebp,%edi,8), %edi
+ andl $4278190080, %edi
+ xorl %edi, %esi
+ movl %esi, 4(%esp)
+ movl %ebx, %esi
+ andl $255, %esi
+ shrl $16, %ebx
+ movl 2(%ebp,%esi,8), %esi
+ andl $255, %esi
+ movzbl %ch, %edi
+ movl (%ebp,%edi,8), %edi
+ andl $65280, %edi
+ xorl %edi, %esi
+ movl %edx, %edi
+ shrl $16, %edi
+ andl $255, %edi
+ movl (%ebp,%edi,8), %edi
+ andl $16711680, %edi
+ xorl %edi, %esi
+ movl %eax, %edi
+ shrl $24, %edi
+ movl 2(%ebp,%edi,8), %edi
+ andl $4278190080, %edi
+ xorl %edi, %esi
+ movl %esi, 8(%esp)
+ movl %ecx, %esi
+ andl $255, %esi
+ shrl $24, %ecx
+ movl 2(%ebp,%esi,8), %esi
+ andl $255, %esi
+ movzbl %dh, %edi
+ movl (%ebp,%edi,8), %edi
+ andl $65280, %edi
+ xorl %edi, %esi
+ movl %eax, %edi
+ shrl $16, %edi
+ andl $255, %edx
+ andl $255, %edi
+ movl (%ebp,%edi,8), %edi
+ andl $16711680, %edi
+ xorl %edi, %esi
+ movzbl %bh, %edi
+ movl 2(%ebp,%edi,8), %edi
+ andl $4278190080, %edi
+ xorl %edi, %esi
+ movl 12(%esp), %edi
+ andl $255, %edx
+ movl 2(%ebp,%edx,8), %edx
+ andl $255, %edx
+ movzbl %ah, %eax
+ movl (%ebp,%eax,8), %eax
+ andl $65280, %eax
+ xorl %eax, %edx
+ movl 4(%esp), %eax
+ andl $255, %ebx
+ movl (%ebp,%ebx,8), %ebx
+ andl $16711680, %ebx
+ xorl %ebx, %edx
+ movl 8(%esp), %ebx
+ movl 2(%ebp,%ecx,8), %ecx
+ andl $4278190080, %ecx
+ xorl %ecx, %edx
+ movl %esi, %ecx
+ addl $16, %edi
+ xorl (%edi), %eax
+ xorl 4(%edi), %ebx
+ xorl 8(%edi), %ecx
+ xorl 12(%edi), %edx
+ ret
+.align 64
+AES_Te:
+ .long 2774754246,2774754246
+ .long 2222750968,2222750968
+ .long 2574743534,2574743534
+ .long 2373680118,2373680118
+ .long 234025727,234025727
+ .long 3177933782,3177933782
+ .long 2976870366,2976870366
+ .long 1422247313,1422247313
+ .long 1345335392,1345335392
+ .long 50397442,50397442
+ .long 2842126286,2842126286
+ .long 2099981142,2099981142
+ .long 436141799,436141799
+ .long 1658312629,1658312629
+ .long 3870010189,3870010189
+ .long 2591454956,2591454956
+ .long 1170918031,1170918031
+ .long 2642575903,2642575903
+ .long 1086966153,1086966153
+ .long 2273148410,2273148410
+ .long 368769775,368769775
+ .long 3948501426,3948501426
+ .long 3376891790,3376891790
+ .long 200339707,200339707
+ .long 3970805057,3970805057
+ .long 1742001331,1742001331
+ .long 4255294047,4255294047
+ .long 3937382213,3937382213
+ .long 3214711843,3214711843
+ .long 4154762323,4154762323
+ .long 2524082916,2524082916
+ .long 1539358875,1539358875
+ .long 3266819957,3266819957
+ .long 486407649,486407649
+ .long 2928907069,2928907069
+ .long 1780885068,1780885068
+ .long 1513502316,1513502316
+ .long 1094664062,1094664062
+ .long 49805301,49805301
+ .long 1338821763,1338821763
+ .long 1546925160,1546925160
+ .long 4104496465,4104496465
+ .long 887481809,887481809
+ .long 150073849,150073849
+ .long 2473685474,2473685474
+ .long 1943591083,1943591083
+ .long 1395732834,1395732834
+ .long 1058346282,1058346282
+ .long 201589768,201589768
+ .long 1388824469,1388824469
+ .long 1696801606,1696801606
+ .long 1589887901,1589887901
+ .long 672667696,672667696
+ .long 2711000631,2711000631
+ .long 251987210,251987210
+ .long 3046808111,3046808111
+ .long 151455502,151455502
+ .long 907153956,907153956
+ .long 2608889883,2608889883
+ .long 1038279391,1038279391
+ .long 652995533,652995533
+ .long 1764173646,1764173646
+ .long 3451040383,3451040383
+ .long 2675275242,2675275242
+ .long 453576978,453576978
+ .long 2659418909,2659418909
+ .long 1949051992,1949051992
+ .long 773462580,773462580
+ .long 756751158,756751158
+ .long 2993581788,2993581788
+ .long 3998898868,3998898868
+ .long 4221608027,4221608027
+ .long 4132590244,4132590244
+ .long 1295727478,1295727478
+ .long 1641469623,1641469623
+ .long 3467883389,3467883389
+ .long 2066295122,2066295122
+ .long 1055122397,1055122397
+ .long 1898917726,1898917726
+ .long 2542044179,2542044179
+ .long 4115878822,4115878822
+ .long 1758581177,1758581177
+ .long 0,0
+ .long 753790401,753790401
+ .long 1612718144,1612718144
+ .long 536673507,536673507
+ .long 3367088505,3367088505
+ .long 3982187446,3982187446
+ .long 3194645204,3194645204
+ .long 1187761037,1187761037
+ .long 3653156455,3653156455
+ .long 1262041458,1262041458
+ .long 3729410708,3729410708
+ .long 3561770136,3561770136
+ .long 3898103984,3898103984
+ .long 1255133061,1255133061
+ .long 1808847035,1808847035
+ .long 720367557,720367557
+ .long 3853167183,3853167183
+ .long 385612781,385612781
+ .long 3309519750,3309519750
+ .long 3612167578,3612167578
+ .long 1429418854,1429418854
+ .long 2491778321,2491778321
+ .long 3477423498,3477423498
+ .long 284817897,284817897
+ .long 100794884,100794884
+ .long 2172616702,2172616702
+ .long 4031795360,4031795360
+ .long 1144798328,1144798328
+ .long 3131023141,3131023141
+ .long 3819481163,3819481163
+ .long 4082192802,4082192802
+ .long 4272137053,4272137053
+ .long 3225436288,3225436288
+ .long 2324664069,2324664069
+ .long 2912064063,2912064063
+ .long 3164445985,3164445985
+ .long 1211644016,1211644016
+ .long 83228145,83228145
+ .long 3753688163,3753688163
+ .long 3249976951,3249976951
+ .long 1977277103,1977277103
+ .long 1663115586,1663115586
+ .long 806359072,806359072
+ .long 452984805,452984805
+ .long 250868733,250868733
+ .long 1842533055,1842533055
+ .long 1288555905,1288555905
+ .long 336333848,336333848
+ .long 890442534,890442534
+ .long 804056259,804056259
+ .long 3781124030,3781124030
+ .long 2727843637,2727843637
+ .long 3427026056,3427026056
+ .long 957814574,957814574
+ .long 1472513171,1472513171
+ .long 4071073621,4071073621
+ .long 2189328124,2189328124
+ .long 1195195770,1195195770
+ .long 2892260552,2892260552
+ .long 3881655738,3881655738
+ .long 723065138,723065138
+ .long 2507371494,2507371494
+ .long 2690670784,2690670784
+ .long 2558624025,2558624025
+ .long 3511635870,3511635870
+ .long 2145180835,2145180835
+ .long 1713513028,1713513028
+ .long 2116692564,2116692564
+ .long 2878378043,2878378043
+ .long 2206763019,2206763019
+ .long 3393603212,3393603212
+ .long 703524551,703524551
+ .long 3552098411,3552098411
+ .long 1007948840,1007948840
+ .long 2044649127,2044649127
+ .long 3797835452,3797835452
+ .long 487262998,487262998
+ .long 1994120109,1994120109
+ .long 1004593371,1004593371
+ .long 1446130276,1446130276
+ .long 1312438900,1312438900
+ .long 503974420,503974420
+ .long 3679013266,3679013266
+ .long 168166924,168166924
+ .long 1814307912,1814307912
+ .long 3831258296,3831258296
+ .long 1573044895,1573044895
+ .long 1859376061,1859376061
+ .long 4021070915,4021070915
+ .long 2791465668,2791465668
+ .long 2828112185,2828112185
+ .long 2761266481,2761266481
+ .long 937747667,937747667
+ .long 2339994098,2339994098
+ .long 854058965,854058965
+ .long 1137232011,1137232011
+ .long 1496790894,1496790894
+ .long 3077402074,3077402074
+ .long 2358086913,2358086913
+ .long 1691735473,1691735473
+ .long 3528347292,3528347292
+ .long 3769215305,3769215305
+ .long 3027004632,3027004632
+ .long 4199962284,4199962284
+ .long 133494003,133494003
+ .long 636152527,636152527
+ .long 2942657994,2942657994
+ .long 2390391540,2390391540
+ .long 3920539207,3920539207
+ .long 403179536,403179536
+ .long 3585784431,3585784431
+ .long 2289596656,2289596656
+ .long 1864705354,1864705354
+ .long 1915629148,1915629148
+ .long 605822008,605822008
+ .long 4054230615,4054230615
+ .long 3350508659,3350508659
+ .long 1371981463,1371981463
+ .long 602466507,602466507
+ .long 2094914977,2094914977
+ .long 2624877800,2624877800
+ .long 555687742,555687742
+ .long 3712699286,3712699286
+ .long 3703422305,3703422305
+ .long 2257292045,2257292045
+ .long 2240449039,2240449039
+ .long 2423288032,2423288032
+ .long 1111375484,1111375484
+ .long 3300242801,3300242801
+ .long 2858837708,2858837708
+ .long 3628615824,3628615824
+ .long 84083462,84083462
+ .long 32962295,32962295
+ .long 302911004,302911004
+ .long 2741068226,2741068226
+ .long 1597322602,1597322602
+ .long 4183250862,4183250862
+ .long 3501832553,3501832553
+ .long 2441512471,2441512471
+ .long 1489093017,1489093017
+ .long 656219450,656219450
+ .long 3114180135,3114180135
+ .long 954327513,954327513
+ .long 335083755,335083755
+ .long 3013122091,3013122091
+ .long 856756514,856756514
+ .long 3144247762,3144247762
+ .long 1893325225,1893325225
+ .long 2307821063,2307821063
+ .long 2811532339,2811532339
+ .long 3063651117,3063651117
+ .long 572399164,572399164
+ .long 2458355477,2458355477
+ .long 552200649,552200649
+ .long 1238290055,1238290055
+ .long 4283782570,4283782570
+ .long 2015897680,2015897680
+ .long 2061492133,2061492133
+ .long 2408352771,2408352771
+ .long 4171342169,4171342169
+ .long 2156497161,2156497161
+ .long 386731290,386731290
+ .long 3669999461,3669999461
+ .long 837215959,837215959
+ .long 3326231172,3326231172
+ .long 3093850320,3093850320
+ .long 3275833730,3275833730
+ .long 2962856233,2962856233
+ .long 1999449434,1999449434
+ .long 286199582,286199582
+ .long 3417354363,3417354363
+ .long 4233385128,4233385128
+ .long 3602627437,3602627437
+ .long 974525996,974525996
+ .long 1,2,4,8
+ .long 16,32,64,128
+ .long 27,54,0,0,
+ .long 0,0,0,0
+.L__x86_AES_encrypt_end:
+.size _x86_AES_encrypt,.L__x86_AES_encrypt_end-_x86_AES_encrypt
+.ident "_x86_AES_encrypt"
+.globl AES_Te
+.text
+.globl AES_encrypt
+.type AES_encrypt,@function
+.align 16
+AES_encrypt:
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+
+ movl 20(%esp), %esi
+ movl 28(%esp), %edi
+ movl %esp, %eax
+ subl $24, %esp
+ andl $-64, %esp
+ addl $4, %esp
+ movl %eax, 16(%esp)
+ call .L001pic_point
+.L001pic_point:
+ popl %ebp
+ leal AES_Te-.L001pic_point(%ebp),%ebp
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl 8(%esi), %ecx
+ movl 12(%esi), %edx
+ call _x86_AES_encrypt
+ movl 16(%esp), %esp
+ movl 24(%esp), %esi
+ movl %eax, (%esi)
+ movl %ebx, 4(%esi)
+ movl %ecx, 8(%esi)
+ movl %edx, 12(%esi)
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_AES_encrypt_end:
+.size AES_encrypt,.L_AES_encrypt_end-AES_encrypt
+.ident "AES_encrypt"
+.globl AES_Td
+.text
+.globl _x86_AES_decrypt
+.type _x86_AES_decrypt,@function
+.align 16
+_x86_AES_decrypt:
+ movl %edi, 12(%esp)
+ xorl (%edi), %eax
+ xorl 4(%edi), %ebx
+ xorl 8(%edi), %ecx
+ xorl 12(%edi), %edx
+ movl 240(%edi), %esi
+ leal -2(%esi,%esi), %esi
+ leal (%edi,%esi,8), %esi
+ movl %esi, 16(%esp)
+.align 4
+.L002loop:
+ movl %eax, %esi
+ andl $255, %esi
+ movl (%ebp,%esi,8), %esi
+ movzbl %dh, %edi
+ xorl 3(%ebp,%edi,8), %esi
+ movl %ecx, %edi
+ shrl $16, %edi
+ andl $255, %edi
+ xorl 2(%ebp,%edi,8), %esi
+ movl %ebx, %edi
+ shrl $24, %edi
+ xorl 1(%ebp,%edi,8), %esi
+ movl %esi, 4(%esp)
+
+ movl %ebx, %esi
+ andl $255, %esi
+ movl (%ebp,%esi,8), %esi
+ movzbl %ah, %edi
+ xorl 3(%ebp,%edi,8), %esi
+ movl %edx, %edi
+ shrl $16, %edi
+ andl $255, %edi
+ xorl 2(%ebp,%edi,8), %esi
+ movl %ecx, %edi
+ shrl $24, %edi
+ xorl 1(%ebp,%edi,8), %esi
+ movl %esi, 8(%esp)
+
+ movl %ecx, %esi
+ andl $255, %esi
+ movl (%ebp,%esi,8), %esi
+ movzbl %bh, %edi
+ xorl 3(%ebp,%edi,8), %esi
+ movl %eax, %edi
+ shrl $16, %edi
+ andl $255, %edi
+ xorl 2(%ebp,%edi,8), %esi
+ movl %edx, %edi
+ shrl $24, %edi
+ xorl 1(%ebp,%edi,8), %esi
+
+ movl 12(%esp), %edi
+ andl $255, %edx
+ movl (%ebp,%edx,8), %edx
+ movzbl %ch, %ecx
+ xorl 3(%ebp,%ecx,8), %edx
+ movl %esi, %ecx
+ shrl $16, %ebx
+ andl $255, %ebx
+ xorl 2(%ebp,%ebx,8), %edx
+ movl 8(%esp), %ebx
+ shrl $24, %eax
+ xorl 1(%ebp,%eax,8), %edx
+ movl 4(%esp), %eax
+
+ addl $16, %edi
+ xorl (%edi), %eax
+ xorl 4(%edi), %ebx
+ xorl 8(%edi), %ecx
+ xorl 12(%edi), %edx
+ cmpl 16(%esp), %edi
+ movl %edi, 12(%esp)
+ jb .L002loop
+ movl %eax, %esi
+ andl $255, %esi
+ movl 2048(%ebp,%esi,4),%esi
+ andl $255, %esi
+ movzbl %dh, %edi
+ movl 2048(%ebp,%edi,4),%edi
+ andl $65280, %edi
+ xorl %edi, %esi
+ movl %ecx, %edi
+ shrl $16, %edi
+ andl $255, %edi
+ movl 2048(%ebp,%edi,4),%edi
+ andl $16711680, %edi
+ xorl %edi, %esi
+ movl %ebx, %edi
+ shrl $24, %edi
+ movl 2048(%ebp,%edi,4),%edi
+ andl $4278190080, %edi
+ xorl %edi, %esi
+ movl %esi, 4(%esp)
+ movl %ebx, %esi
+ andl $255, %esi
+ movl 2048(%ebp,%esi,4),%esi
+ andl $255, %esi
+ movzbl %ah, %edi
+ movl 2048(%ebp,%edi,4),%edi
+ andl $65280, %edi
+ xorl %edi, %esi
+ movl %edx, %edi
+ shrl $16, %edi
+ andl $255, %edi
+ movl 2048(%ebp,%edi,4),%edi
+ andl $16711680, %edi
+ xorl %edi, %esi
+ movl %ecx, %edi
+ shrl $24, %edi
+ movl 2048(%ebp,%edi,4),%edi
+ andl $4278190080, %edi
+ xorl %edi, %esi
+ movl %esi, 8(%esp)
+ movl %ecx, %esi
+ andl $255, %esi
+ movl 2048(%ebp,%esi,4),%esi
+ andl $255, %esi
+ movzbl %bh, %edi
+ movl 2048(%ebp,%edi,4),%edi
+ andl $65280, %edi
+ xorl %edi, %esi
+ movl %eax, %edi
+ shrl $16, %edi
+ andl $255, %edi
+ movl 2048(%ebp,%edi,4),%edi
+ andl $16711680, %edi
+ xorl %edi, %esi
+ movl %edx, %edi
+ shrl $24, %edi
+ movl 2048(%ebp,%edi,4),%edi
+ andl $4278190080, %edi
+ xorl %edi, %esi
+ movl 12(%esp), %edi
+ andl $255, %edx
+ movl 2048(%ebp,%edx,4),%edx
+ andl $255, %edx
+ movzbl %ch, %ecx
+ movl 2048(%ebp,%ecx,4),%ecx
+ andl $65280, %ecx
+ xorl %ecx, %edx
+ movl %esi, %ecx
+ shrl $16, %ebx
+ andl $255, %ebx
+ movl 2048(%ebp,%ebx,4),%ebx
+ andl $16711680, %ebx
+ xorl %ebx, %edx
+ movl 8(%esp), %ebx
+ shrl $24, %eax
+ movl 2048(%ebp,%eax,4),%eax
+ andl $4278190080, %eax
+ xorl %eax, %edx
+ movl 4(%esp), %eax
+ addl $16, %edi
+ xorl (%edi), %eax
+ xorl 4(%edi), %ebx
+ xorl 8(%edi), %ecx
+ xorl 12(%edi), %edx
+ ret
+.align 64
+AES_Td:
+ .long 1353184337,1353184337
+ .long 1399144830,1399144830
+ .long 3282310938,3282310938
+ .long 2522752826,2522752826
+ .long 3412831035,3412831035
+ .long 4047871263,4047871263
+ .long 2874735276,2874735276
+ .long 2466505547,2466505547
+ .long 1442459680,1442459680
+ .long 4134368941,4134368941
+ .long 2440481928,2440481928
+ .long 625738485,625738485
+ .long 4242007375,4242007375
+ .long 3620416197,3620416197
+ .long 2151953702,2151953702
+ .long 2409849525,2409849525
+ .long 1230680542,1230680542
+ .long 1729870373,1729870373
+ .long 2551114309,2551114309
+ .long 3787521629,3787521629
+ .long 41234371,41234371
+ .long 317738113,317738113
+ .long 2744600205,2744600205
+ .long 3338261355,3338261355
+ .long 3881799427,3881799427
+ .long 2510066197,2510066197
+ .long 3950669247,3950669247
+ .long 3663286933,3663286933
+ .long 763608788,763608788
+ .long 3542185048,3542185048
+ .long 694804553,694804553
+ .long 1154009486,1154009486
+ .long 1787413109,1787413109
+ .long 2021232372,2021232372
+ .long 1799248025,1799248025
+ .long 3715217703,3715217703
+ .long 3058688446,3058688446
+ .long 397248752,397248752
+ .long 1722556617,1722556617
+ .long 3023752829,3023752829
+ .long 407560035,407560035
+ .long 2184256229,2184256229
+ .long 1613975959,1613975959
+ .long 1165972322,1165972322
+ .long 3765920945,3765920945
+ .long 2226023355,2226023355
+ .long 480281086,480281086
+ .long 2485848313,2485848313
+ .long 1483229296,1483229296
+ .long 436028815,436028815
+ .long 2272059028,2272059028
+ .long 3086515026,3086515026
+ .long 601060267,601060267
+ .long 3791801202,3791801202
+ .long 1468997603,1468997603
+ .long 715871590,715871590
+ .long 120122290,120122290
+ .long 63092015,63092015
+ .long 2591802758,2591802758
+ .long 2768779219,2768779219
+ .long 4068943920,4068943920
+ .long 2997206819,2997206819
+ .long 3127509762,3127509762
+ .long 1552029421,1552029421
+ .long 723308426,723308426
+ .long 2461301159,2461301159
+ .long 4042393587,4042393587
+ .long 2715969870,2715969870
+ .long 3455375973,3455375973
+ .long 3586000134,3586000134
+ .long 526529745,526529745
+ .long 2331944644,2331944644
+ .long 2639474228,2639474228
+ .long 2689987490,2689987490
+ .long 853641733,853641733
+ .long 1978398372,1978398372
+ .long 971801355,971801355
+ .long 2867814464,2867814464
+ .long 111112542,111112542
+ .long 1360031421,1360031421
+ .long 4186579262,4186579262
+ .long 1023860118,1023860118
+ .long 2919579357,2919579357
+ .long 1186850381,1186850381
+ .long 3045938321,3045938321
+ .long 90031217,90031217
+ .long 1876166148,1876166148
+ .long 4279586912,4279586912
+ .long 620468249,620468249
+ .long 2548678102,2548678102
+ .long 3426959497,3426959497
+ .long 2006899047,2006899047
+ .long 3175278768,3175278768
+ .long 2290845959,2290845959
+ .long 945494503,945494503
+ .long 3689859193,3689859193
+ .long 1191869601,1191869601
+ .long 3910091388,3910091388
+ .long 3374220536,3374220536
+ .long 0,0
+ .long 2206629897,2206629897
+ .long 1223502642,1223502642
+ .long 2893025566,2893025566
+ .long 1316117100,1316117100
+ .long 4227796733,4227796733
+ .long 1446544655,1446544655
+ .long 517320253,517320253
+ .long 658058550,658058550
+ .long 1691946762,1691946762
+ .long 564550760,564550760
+ .long 3511966619,3511966619
+ .long 976107044,976107044
+ .long 2976320012,2976320012
+ .long 266819475,266819475
+ .long 3533106868,3533106868
+ .long 2660342555,2660342555
+ .long 1338359936,1338359936
+ .long 2720062561,2720062561
+ .long 1766553434,1766553434
+ .long 370807324,370807324
+ .long 179999714,179999714
+ .long 3844776128,3844776128
+ .long 1138762300,1138762300
+ .long 488053522,488053522
+ .long 185403662,185403662
+ .long 2915535858,2915535858
+ .long 3114841645,3114841645
+ .long 3366526484,3366526484
+ .long 2233069911,2233069911
+ .long 1275557295,1275557295
+ .long 3151862254,3151862254
+ .long 4250959779,4250959779
+ .long 2670068215,2670068215
+ .long 3170202204,3170202204
+ .long 3309004356,3309004356
+ .long 880737115,880737115
+ .long 1982415755,1982415755
+ .long 3703972811,3703972811
+ .long 1761406390,1761406390
+ .long 1676797112,1676797112
+ .long 3403428311,3403428311
+ .long 277177154,277177154
+ .long 1076008723,1076008723
+ .long 538035844,538035844
+ .long 2099530373,2099530373
+ .long 4164795346,4164795346
+ .long 288553390,288553390
+ .long 1839278535,1839278535
+ .long 1261411869,1261411869
+ .long 4080055004,4080055004
+ .long 3964831245,3964831245
+ .long 3504587127,3504587127
+ .long 1813426987,1813426987
+ .long 2579067049,2579067049
+ .long 4199060497,4199060497
+ .long 577038663,577038663
+ .long 3297574056,3297574056
+ .long 440397984,440397984
+ .long 3626794326,3626794326
+ .long 4019204898,4019204898
+ .long 3343796615,3343796615
+ .long 3251714265,3251714265
+ .long 4272081548,4272081548
+ .long 906744984,906744984
+ .long 3481400742,3481400742
+ .long 685669029,685669029
+ .long 646887386,646887386
+ .long 2764025151,2764025151
+ .long 3835509292,3835509292
+ .long 227702864,227702864
+ .long 2613862250,2613862250
+ .long 1648787028,1648787028
+ .long 3256061430,3256061430
+ .long 3904428176,3904428176
+ .long 1593260334,1593260334
+ .long 4121936770,4121936770
+ .long 3196083615,3196083615
+ .long 2090061929,2090061929
+ .long 2838353263,2838353263
+ .long 3004310991,3004310991
+ .long 999926984,999926984
+ .long 2809993232,2809993232
+ .long 1852021992,1852021992
+ .long 2075868123,2075868123
+ .long 158869197,158869197
+ .long 4095236462,4095236462
+ .long 28809964,28809964
+ .long 2828685187,2828685187
+ .long 1701746150,1701746150
+ .long 2129067946,2129067946
+ .long 147831841,147831841
+ .long 3873969647,3873969647
+ .long 3650873274,3650873274
+ .long 3459673930,3459673930
+ .long 3557400554,3557400554
+ .long 3598495785,3598495785
+ .long 2947720241,2947720241
+ .long 824393514,824393514
+ .long 815048134,815048134
+ .long 3227951669,3227951669
+ .long 935087732,935087732
+ .long 2798289660,2798289660
+ .long 2966458592,2966458592
+ .long 366520115,366520115
+ .long 1251476721,1251476721
+ .long 4158319681,4158319681
+ .long 240176511,240176511
+ .long 804688151,804688151
+ .long 2379631990,2379631990
+ .long 1303441219,1303441219
+ .long 1414376140,1414376140
+ .long 3741619940,3741619940
+ .long 3820343710,3820343710
+ .long 461924940,461924940
+ .long 3089050817,3089050817
+ .long 2136040774,2136040774
+ .long 82468509,82468509
+ .long 1563790337,1563790337
+ .long 1937016826,1937016826
+ .long 776014843,776014843
+ .long 1511876531,1511876531
+ .long 1389550482,1389550482
+ .long 861278441,861278441
+ .long 323475053,323475053
+ .long 2355222426,2355222426
+ .long 2047648055,2047648055
+ .long 2383738969,2383738969
+ .long 2302415851,2302415851
+ .long 3995576782,3995576782
+ .long 902390199,902390199
+ .long 3991215329,3991215329
+ .long 1018251130,1018251130
+ .long 1507840668,1507840668
+ .long 1064563285,1064563285
+ .long 2043548696,2043548696
+ .long 3208103795,3208103795
+ .long 3939366739,3939366739
+ .long 1537932639,1537932639
+ .long 342834655,342834655
+ .long 2262516856,2262516856
+ .long 2180231114,2180231114
+ .long 1053059257,1053059257
+ .long 741614648,741614648
+ .long 1598071746,1598071746
+ .long 1925389590,1925389590
+ .long 203809468,203809468
+ .long 2336832552,2336832552
+ .long 1100287487,1100287487
+ .long 1895934009,1895934009
+ .long 3736275976,3736275976
+ .long 2632234200,2632234200
+ .long 2428589668,2428589668
+ .long 1636092795,1636092795
+ .long 1890988757,1890988757
+ .long 1952214088,1952214088
+ .long 1113045200,1113045200
+ .long 1381126738,151587081,1785358954,3587560917
+ .long 808464432,909522486,2779096485,943208504
+ .long 3217014719,1077952576,2745410467,2661195422
+ .long 2172748161,4092851187,3621246935,4227595259
+ .long 2088533116,3823363043,960051513,2189591170
+ .long 2610666395,791621423,4294967295,2273806215
+ .long 875836468,2391707278,1128481603,1145324612
+ .long 3301229764,3739147998,3924421097,3419130827
+ .long 1414812756,2071690107,2492765332,842150450
+ .long 2795939494,3267543746,589505315,1027423549
+ .long 4008636142,1280068684,2509608341,185273099
+ .long 1111638594,4210752250,3284386755,1313754702
+ .long 134744072,774778414,2711724449,1717986918
+ .long 673720360,3654932953,606348324,2998055602
+ .long 1987475062,1532713819,2728567458,1229539657
+ .long 1835887981,2341178251,3520188881,623191333
+ .long 1920103026,4177066232,4143380214,1684300900
+ .long 2256963206,1751672936,2560137368,370546198
+ .long 3570717908,2762253476,1549556828,3435973836
+ .long 1566399837,1701143909,3065427638,2459079314
+ .long 1819044972,1886417008,1212696648,1347440720
+ .long 4261281277,3991793133,3115956665,3671775962
+ .long 1583242846,353703189,1179010630,1465341783
+ .long 2812782503,2374864269,2644352413,2223277188
+ .long 2425393296,3638089944,2880154539,0
+ .long 2358021260,3166485692,3553874899,168430090
+ .long 4160223223,3840206052,1482184792,84215045
+ .long 3099113656,3014898611,1162167621,101058054
+ .long 3503345872,741092396,505290270,2408550287
+ .long 3402287818,1061109567,252645135,33686018
+ .long 3250700737,2947526575,3183328701,50529027
+ .long 16843009,320017171,2324335242,1802201963
+ .long 976894522,2442236305,286331153,1094795585
+ .long 1330597711,1734829927,3705461980,3941264106
+ .long 2543294359,4076008178,3486502863,3469659854
+ .long 4042322160,3031741620,3873892070,1936946035
+ .long 2526451350,2896997548,1953789044,572662306
+ .long 3890735079,2913840557,892679477,2240120197
+ .long 3806520034,4193909241,926365495,3907578088
+ .long 471604252,1970632053,3755991007,1852730990
+ .long 1195853639,4059165169,437918234,1903260017
+ .long 488447261,690563369,3318072773,2307492233
+ .long 1869573999,3082270647,1650614882,235802126
+ .long 2863311530,404232216,3200171710,454761243
+ .long 4244438268,1448498774,1044266558,1263225675
+ .long 3334915782,3537031890,2038004089,538976288
+ .long 2593823386,3688618971,3233857728,4278124286
+ .long 2021161080,3452816845,1515870810,4109694196
+ .long 522133279,3722304989,2829625512,858993459
+ .long 2290649224,117901063,3351758791,825307441
+ .long 2981212593,303174162,269488144,1499027801
+ .long 656877351,2155905152,3974950124,1600085855
+ .long 1616928864,1364283729,2139062143,2846468521
+ .long 421075225,3048584629,1246382666,218959117
+ .long 757935405,3857049061,2054847098,2678038431
+ .long 2475922323,3385444809,2627509404,4025479151
+ .long 2694881440,3772834016,993737531,1296911693
+ .long 2930683566,707406378,4126537205,2964369584
+ .long 3368601800,3958107115,3149642683,1010580540
+ .long 2206434179,1397969747,2576980377,1633771873
+ .long 387389207,724249387,67372036,2122219134
+ .long 3132799674,2004318071,3604403926,640034342
+ .long 3789677025,1768515945,336860180,1667457891
+ .long 1431655765,555819297,202116108,2105376125
+.L__x86_AES_decrypt_end:
+.size _x86_AES_decrypt,.L__x86_AES_decrypt_end-_x86_AES_decrypt
+.ident "_x86_AES_decrypt"
+.globl AES_Td
+.text
+.globl AES_decrypt
+.type AES_decrypt,@function
+.align 16
+AES_decrypt:
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+
+ movl 20(%esp), %esi
+ movl 28(%esp), %edi
+ movl %esp, %eax
+ subl $24, %esp
+ andl $-64, %esp
+ addl $4, %esp
+ movl %eax, 16(%esp)
+ call .L003pic_point
+.L003pic_point:
+ popl %ebp
+ leal AES_Td-.L003pic_point(%ebp),%ebp
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl 8(%esi), %ecx
+ movl 12(%esi), %edx
+ call _x86_AES_decrypt
+ movl 16(%esp), %esp
+ movl 24(%esp), %esi
+ movl %eax, (%esi)
+ movl %ebx, 4(%esi)
+ movl %ecx, 8(%esi)
+ movl %edx, 12(%esi)
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_AES_decrypt_end:
+.size AES_decrypt,.L_AES_decrypt_end-AES_decrypt
+.ident "AES_decrypt"
+.globl AES_Te
+.globl AES_Td
+.text
+.globl AES_cbc_encrypt
+.type AES_cbc_encrypt,@function
+.align 16
+AES_cbc_encrypt:
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+
+ movl 28(%esp), %ecx
+ cmpl $0, %ecx
+ je .L004enc_out
+ call .L005pic_point
+.L005pic_point:
+ popl %ebp
+ pushfl
+ cld
+ cmpl $0, 44(%esp)
+ je .L006DECRYPT
+ leal AES_Te-.L005pic_point(%ebp),%ebp
+ leal -308(%esp), %edi
+ andl $-64, %edi
+ movl %ebp, %eax
+ leal 2048(%ebp), %ebx
+ movl %edi, %edx
+ andl $4095, %eax
+ andl $4095, %ebx
+ andl $4095, %edx
+ cmpl %ebx, %edx
+ jb .L007te_break_out
+ subl %ebx, %edx
+ subl %edx, %edi
+ jmp .L008te_ok
+.L007te_break_out:
+ subl %eax, %edx
+ andl $4095, %edx
+ addl $320, %edx
+ subl %edx, %edi
+.align 4
+.L008te_ok:
+ movl 24(%esp), %eax
+ movl 28(%esp), %ebx
+ movl 36(%esp), %edx
+ movl 40(%esp), %esi
+ xchgl %edi, %esp
+ addl $4, %esp
+ movl %edi, 16(%esp)
+ movl %eax, 20(%esp)
+ movl %ebx, 24(%esp)
+ movl %ecx, 28(%esp)
+ movl %edx, 32(%esp)
+ movl %esi, 36(%esp)
+ movl $61, %ecx
+ movl %edx, %esi
+ leal 60(%esp), %edi
+ movl %edi, 32(%esp)
+.align 4
+ .long 4136216051
+ movl %eax, %esi
+ movl $16, %edi
+.align 4
+.L009prefetch_te:
+ movl (%ebp), %eax
+ movl 32(%ebp), %ebx
+ movl 64(%ebp), %ecx
+ movl 96(%ebp), %edx
+ leal 128(%ebp), %ebp
+ decl %edi
+ jnz .L009prefetch_te
+ subl $2048, %ebp
+ movl 28(%esp), %ecx
+ movl 36(%esp), %edi
+ testl $4294967280, %ecx
+ jz .L010enc_tail
+ movl (%edi), %eax
+ movl 4(%edi), %ebx
+.align 4
+.L011enc_loop:
+ movl 8(%edi), %ecx
+ movl 12(%edi), %edx
+ xorl (%esi), %eax
+ xorl 4(%esi), %ebx
+ xorl 8(%esi), %ecx
+ xorl 12(%esi), %edx
+ movl 32(%esp), %edi
+ call _x86_AES_encrypt
+ movl 20(%esp), %esi
+ movl 24(%esp), %edi
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ movl %ecx, 8(%edi)
+ movl %edx, 12(%edi)
+ movl 28(%esp), %ecx
+ leal 16(%esi), %esi
+ movl %esi, 20(%esp)
+ leal 16(%edi), %edx
+ movl %edx, 24(%esp)
+ subl $16, %ecx
+ testl $4294967280, %ecx
+ movl %ecx, 28(%esp)
+ jnz .L011enc_loop
+ testl $15, %ecx
+ jnz .L010enc_tail
+ movl 36(%esp), %esi
+ movl 8(%edi), %ecx
+ movl 12(%edi), %edx
+ movl %eax, (%esi)
+ movl %ebx, 4(%esi)
+ movl %ecx, 8(%esi)
+ movl %edx, 12(%esi)
+ movl 32(%esp), %edi
+ movl 16(%esp), %esp
+ movl $60, %ecx
+ xorl %eax, %eax
+.align 4
+ .long 4136217587
+ popfl
+.L004enc_out:
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+ pushfl
+.align 4
+.L010enc_tail:
+ pushl %edi
+ movl 24(%esp), %edi
+ movl $16, %ebx
+ subl %ecx, %ebx
+ cmpl %esi, %edi
+ je .L012enc_in_place
+.align 4
+ .long 4136215795
+ jmp .L013enc_skip_in_place
+.L012enc_in_place:
+ leal (%edi,%ecx), %edi
+.L013enc_skip_in_place:
+ movl %ebx, %ecx
+ xorl %eax, %eax
+.align 4
+ .long 4136217331
+ popl %edi
+ movl 24(%esp), %esi
+ movl (%edi), %eax
+ movl 4(%edi), %ebx
+ movl $16, 28(%esp)
+ jmp .L011enc_loop
+.align 4
+.L006DECRYPT:
+ leal AES_Td-.L005pic_point(%ebp),%ebp
+ leal -308(%esp), %edi
+ andl $-64, %edi
+ movl %ebp, %eax
+ leal 3072(%ebp), %ebx
+ movl %edi, %edx
+ andl $4095, %eax
+ andl $4095, %ebx
+ andl $4095, %edx
+ cmpl %ebx, %edx
+ jb .L014td_break_out
+ subl %ebx, %edx
+ subl %edx, %edi
+ jmp .L015td_ok
+.L014td_break_out:
+ subl %eax, %edx
+ andl $4095, %edx
+ addl $320, %edx
+ subl %edx, %edi
+.align 4
+.L015td_ok:
+ movl 24(%esp), %eax
+ movl 28(%esp), %ebx
+ movl 36(%esp), %edx
+ movl 40(%esp), %esi
+ xchgl %edi, %esp
+ addl $4, %esp
+ movl %edi, 16(%esp)
+ movl %eax, 20(%esp)
+ movl %ebx, 24(%esp)
+ movl %ecx, 28(%esp)
+ movl %edx, 32(%esp)
+ movl %esi, 36(%esp)
+ movl $61, %ecx
+ movl %edx, %esi
+ leal 60(%esp), %edi
+ movl %edi, 32(%esp)
+.align 4
+ .long 4136216051
+ movl %eax, %esi
+ movl $24, %edi
+.align 4
+.L016prefetch_td:
+ movl (%ebp), %eax
+ movl 32(%ebp), %ebx
+ movl 64(%ebp), %ecx
+ movl 96(%ebp), %edx
+ leal 128(%ebp), %ebp
+ decl %edi
+ jnz .L016prefetch_td
+ subl $3072, %ebp
+ cmpl 24(%esp), %esi
+ je .L017dec_in_place
+ movl 36(%esp), %edi
+ movl %edi, 40(%esp)
+.align 4
+.L018dec_loop:
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl 8(%esi), %ecx
+ movl 12(%esi), %edx
+ movl 32(%esp), %edi
+ call _x86_AES_decrypt
+ movl 40(%esp), %edi
+ movl 28(%esp), %esi
+ xorl (%edi), %eax
+ xorl 4(%edi), %ebx
+ xorl 8(%edi), %ecx
+ xorl 12(%edi), %edx
+ subl $16, %esi
+ jc .L019dec_partial
+ movl %esi, 28(%esp)
+ movl 20(%esp), %esi
+ movl 24(%esp), %edi
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ movl %ecx, 8(%edi)
+ movl %edx, 12(%edi)
+ movl %esi, 40(%esp)
+ leal 16(%esi), %esi
+ movl %esi, 20(%esp)
+ leal 16(%edi), %edi
+ movl %edi, 24(%esp)
+ jnz .L018dec_loop
+ movl 40(%esp), %edi
+.L020dec_end:
+ movl 36(%esp), %esi
+ movl (%edi), %eax
+ movl 4(%edi), %ebx
+ movl 8(%edi), %ecx
+ movl 12(%edi), %edx
+ movl %eax, (%esi)
+ movl %ebx, 4(%esi)
+ movl %ecx, 8(%esi)
+ movl %edx, 12(%esi)
+ jmp .L021dec_out
+.align 4
+.L019dec_partial:
+ leal 44(%esp), %edi
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ movl %ecx, 8(%edi)
+ movl %edx, 12(%edi)
+ leal 16(%esi), %ecx
+ movl %edi, %esi
+ movl 24(%esp), %edi
+ .long 4136215795
+ movl 20(%esp), %edi
+ jmp .L020dec_end
+.align 4
+.L017dec_in_place:
+.L022dec_in_place_loop:
+ leal 44(%esp), %edi
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl 8(%esi), %ecx
+ movl 12(%esi), %edx
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ movl %ecx, 8(%edi)
+ movl %edx, 12(%edi)
+ movl 32(%esp), %edi
+ call _x86_AES_decrypt
+ movl 36(%esp), %edi
+ movl 24(%esp), %esi
+ xorl (%edi), %eax
+ xorl 4(%edi), %ebx
+ xorl 8(%edi), %ecx
+ xorl 12(%edi), %edx
+ movl %eax, (%esi)
+ movl %ebx, 4(%esi)
+ movl %ecx, 8(%esi)
+ movl %edx, 12(%esi)
+ leal 16(%esi), %esi
+ movl %esi, 24(%esp)
+ leal 44(%esp), %esi
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl 8(%esi), %ecx
+ movl 12(%esi), %edx
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ movl %ecx, 8(%edi)
+ movl %edx, 12(%edi)
+ movl 20(%esp), %esi
+ leal 16(%esi), %esi
+ movl %esi, 20(%esp)
+ movl 28(%esp), %ecx
+ subl $16, %ecx
+ jc .L023dec_in_place_partial
+ movl %ecx, 28(%esp)
+ jnz .L022dec_in_place_loop
+ jmp .L021dec_out
+.align 4
+.L023dec_in_place_partial:
+ movl 24(%esp), %edi
+ leal 44(%esp), %esi
+ leal (%edi,%ecx), %edi
+ leal 16(%esi,%ecx), %esi
+ negl %ecx
+ .long 4136215795
+.align 4
+.L021dec_out:
+ movl 32(%esp), %edi
+ movl 16(%esp), %esp
+ movl $60, %ecx
+ xorl %eax, %eax
+.align 4
+ .long 4136217587
+ popfl
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_AES_cbc_encrypt_end:
+.size AES_cbc_encrypt,.L_AES_cbc_encrypt_end-AES_cbc_encrypt
+.ident "AES_cbc_encrypt"
+.globl AES_Te
+.text
+.globl AES_set_encrypt_key
+.type AES_set_encrypt_key,@function
+.align 16
+AES_set_encrypt_key:
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+
+ call FIPS_selftest_failed
+ cmpl $0,%eax
+ mov $-3,%eax
+ jne .L029exit
+
+ movl 20(%esp), %esi
+ movl 28(%esp), %edi
+ testl $-1, %esi
+ jz .L024badpointer
+ testl $-1, %edi
+ jz .L024badpointer
+ call .L025pic_point
+.L025pic_point:
+ popl %ebp
+ leal AES_Te-.L025pic_point(%ebp),%ebp
+ movl 24(%esp), %ecx
+ cmpl $128, %ecx
+ je .L02610rounds
+ cmpl $192, %ecx
+ je .L02712rounds
+ cmpl $256, %ecx
+ je .L02814rounds
+ movl $-2, %eax
+ jmp .L029exit
+.L02610rounds:
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl 8(%esi), %ecx
+ movl 12(%esi), %edx
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ movl %ecx, 8(%edi)
+ movl %edx, 12(%edi)
+ xorl %ecx, %ecx
+ jmp .L03010shortcut
+.align 4
+.L03110loop:
+ movl (%edi), %eax
+ movl 12(%edi), %edx
+.L03010shortcut:
+ movzbl %dl, %esi
+ movl 2(%ebp,%esi,8), %ebx
+ movzbl %dh, %esi
+ andl $4278190080, %ebx
+ xorl %ebx, %eax
+ movl 2(%ebp,%esi,8), %ebx
+ shrl $16, %edx
+ andl $255, %ebx
+ movzbl %dl, %esi
+ xorl %ebx, %eax
+ movl (%ebp,%esi,8), %ebx
+ movzbl %dh, %esi
+ andl $65280, %ebx
+ xorl %ebx, %eax
+ movl (%ebp,%esi,8), %ebx
+ andl $16711680, %ebx
+ xorl %ebx, %eax
+ xorl 2048(%ebp,%ecx,4),%eax
+ movl %eax, 16(%edi)
+ xorl 4(%edi), %eax
+ movl %eax, 20(%edi)
+ xorl 8(%edi), %eax
+ movl %eax, 24(%edi)
+ xorl 12(%edi), %eax
+ movl %eax, 28(%edi)
+ incl %ecx
+ addl $16, %edi
+ cmpl $10, %ecx
+ jl .L03110loop
+ movl $10, 80(%edi)
+ xorl %eax, %eax
+ jmp .L029exit
+.L02712rounds:
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl 8(%esi), %ecx
+ movl 12(%esi), %edx
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ movl %ecx, 8(%edi)
+ movl %edx, 12(%edi)
+ movl 16(%esi), %ecx
+ movl 20(%esi), %edx
+ movl %ecx, 16(%edi)
+ movl %edx, 20(%edi)
+ xorl %ecx, %ecx
+ jmp .L03212shortcut
+.align 4
+.L03312loop:
+ movl (%edi), %eax
+ movl 20(%edi), %edx
+.L03212shortcut:
+ movzbl %dl, %esi
+ movl 2(%ebp,%esi,8), %ebx
+ movzbl %dh, %esi
+ andl $4278190080, %ebx
+ xorl %ebx, %eax
+ movl 2(%ebp,%esi,8), %ebx
+ shrl $16, %edx
+ andl $255, %ebx
+ movzbl %dl, %esi
+ xorl %ebx, %eax
+ movl (%ebp,%esi,8), %ebx
+ movzbl %dh, %esi
+ andl $65280, %ebx
+ xorl %ebx, %eax
+ movl (%ebp,%esi,8), %ebx
+ andl $16711680, %ebx
+ xorl %ebx, %eax
+ xorl 2048(%ebp,%ecx,4),%eax
+ movl %eax, 24(%edi)
+ xorl 4(%edi), %eax
+ movl %eax, 28(%edi)
+ xorl 8(%edi), %eax
+ movl %eax, 32(%edi)
+ xorl 12(%edi), %eax
+ movl %eax, 36(%edi)
+ cmpl $7, %ecx
+ je .L03412break
+ incl %ecx
+ xorl 16(%edi), %eax
+ movl %eax, 40(%edi)
+ xorl 20(%edi), %eax
+ movl %eax, 44(%edi)
+ addl $24, %edi
+ jmp .L03312loop
+.L03412break:
+ movl $12, 72(%edi)
+ xorl %eax, %eax
+ jmp .L029exit
+.L02814rounds:
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl 8(%esi), %ecx
+ movl 12(%esi), %edx
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ movl %ecx, 8(%edi)
+ movl %edx, 12(%edi)
+ movl 16(%esi), %eax
+ movl 20(%esi), %ebx
+ movl 24(%esi), %ecx
+ movl 28(%esi), %edx
+ movl %eax, 16(%edi)
+ movl %ebx, 20(%edi)
+ movl %ecx, 24(%edi)
+ movl %edx, 28(%edi)
+ xorl %ecx, %ecx
+ jmp .L03514shortcut
+.align 4
+.L03614loop:
+ movl 28(%edi), %edx
+.L03514shortcut:
+ movl (%edi), %eax
+ movzbl %dl, %esi
+ movl 2(%ebp,%esi,8), %ebx
+ movzbl %dh, %esi
+ andl $4278190080, %ebx
+ xorl %ebx, %eax
+ movl 2(%ebp,%esi,8), %ebx
+ shrl $16, %edx
+ andl $255, %ebx
+ movzbl %dl, %esi
+ xorl %ebx, %eax
+ movl (%ebp,%esi,8), %ebx
+ movzbl %dh, %esi
+ andl $65280, %ebx
+ xorl %ebx, %eax
+ movl (%ebp,%esi,8), %ebx
+ andl $16711680, %ebx
+ xorl %ebx, %eax
+ xorl 2048(%ebp,%ecx,4),%eax
+ movl %eax, 32(%edi)
+ xorl 4(%edi), %eax
+ movl %eax, 36(%edi)
+ xorl 8(%edi), %eax
+ movl %eax, 40(%edi)
+ xorl 12(%edi), %eax
+ movl %eax, 44(%edi)
+ cmpl $6, %ecx
+ je .L03714break
+ incl %ecx
+ movl %eax, %edx
+ movl 16(%edi), %eax
+ movzbl %dl, %esi
+ movl 2(%ebp,%esi,8), %ebx
+ movzbl %dh, %esi
+ andl $255, %ebx
+ xorl %ebx, %eax
+ movl (%ebp,%esi,8), %ebx
+ shrl $16, %edx
+ andl $65280, %ebx
+ movzbl %dl, %esi
+ xorl %ebx, %eax
+ movl (%ebp,%esi,8), %ebx
+ movzbl %dh, %esi
+ andl $16711680, %ebx
+ xorl %ebx, %eax
+ movl 2(%ebp,%esi,8), %ebx
+ andl $4278190080, %ebx
+ xorl %ebx, %eax
+ movl %eax, 48(%edi)
+ xorl 20(%edi), %eax
+ movl %eax, 52(%edi)
+ xorl 24(%edi), %eax
+ movl %eax, 56(%edi)
+ xorl 28(%edi), %eax
+ movl %eax, 60(%edi)
+ addl $32, %edi
+ jmp .L03614loop
+.L03714break:
+ movl $14, 48(%edi)
+ xorl %eax, %eax
+ jmp .L029exit
+.L024badpointer:
+ movl $-1, %eax
+.L029exit:
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_AES_set_encrypt_key_end:
+.size AES_set_encrypt_key,.L_AES_set_encrypt_key_end-AES_set_encrypt_key
+.ident "AES_set_encrypt_key"
+.globl AES_Td
+.globl AES_Te
+.text
+.globl AES_set_decrypt_key
+.type AES_set_decrypt_key,@function
+.align 16
+AES_set_decrypt_key:
+ movl 4(%esp), %eax
+ movl 8(%esp), %ecx
+ movl 12(%esp), %edx
+ subl $12, %esp
+ movl %eax, (%esp)
+ movl %ecx, 4(%esp)
+ movl %edx, 8(%esp)
+ call AES_set_encrypt_key
+ addl $12, %esp
+ cmpl $0, %eax
+ je .L038proceed
+ ret
+.L038proceed:
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+ movl 28(%esp), %esi
+ movl 240(%esi), %ecx
+ leal (,%ecx,4), %ecx
+ leal (%esi,%ecx,4), %edi
+.align 4
+.L039invert:
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl (%edi), %ecx
+ movl 4(%edi), %edx
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ movl %ecx, (%esi)
+ movl %edx, 4(%esi)
+ movl 8(%esi), %eax
+ movl 12(%esi), %ebx
+ movl 8(%edi), %ecx
+ movl 12(%edi), %edx
+ movl %eax, 8(%edi)
+ movl %ebx, 12(%edi)
+ movl %ecx, 8(%esi)
+ movl %edx, 12(%esi)
+ addl $16, %esi
+ subl $16, %edi
+ cmpl %edi, %esi
+ jne .L039invert
+ call .L040pic_point
+.L040pic_point:
+ popl %ebp
+ leal AES_Td-.L040pic_point(%ebp),%edi
+ leal AES_Te-.L040pic_point(%ebp),%ebp
+ movl 28(%esp), %esi
+ movl 240(%esi), %ecx
+ decl %ecx
+.align 4
+.L041permute:
+ addl $16, %esi
+ movl (%esi), %eax
+ movl %eax, %edx
+ movzbl %ah, %ebx
+ shrl $16, %edx
+ andl $255, %eax
+ movzbl 2(%ebp,%eax,8), %eax
+ movzbl 2(%ebp,%ebx,8), %ebx
+ movl (%edi,%eax,8), %eax
+ xorl 3(%edi,%ebx,8), %eax
+ movzbl %dh, %ebx
+ andl $255, %edx
+ movzbl 2(%ebp,%edx,8), %edx
+ movzbl 2(%ebp,%ebx,8), %ebx
+ xorl 2(%edi,%edx,8), %eax
+ xorl 1(%edi,%ebx,8), %eax
+ movl %eax, (%esi)
+ movl 4(%esi), %eax
+ movl %eax, %edx
+ movzbl %ah, %ebx
+ shrl $16, %edx
+ andl $255, %eax
+ movzbl 2(%ebp,%eax,8), %eax
+ movzbl 2(%ebp,%ebx,8), %ebx
+ movl (%edi,%eax,8), %eax
+ xorl 3(%edi,%ebx,8), %eax
+ movzbl %dh, %ebx
+ andl $255, %edx
+ movzbl 2(%ebp,%edx,8), %edx
+ movzbl 2(%ebp,%ebx,8), %ebx
+ xorl 2(%edi,%edx,8), %eax
+ xorl 1(%edi,%ebx,8), %eax
+ movl %eax, 4(%esi)
+ movl 8(%esi), %eax
+ movl %eax, %edx
+ movzbl %ah, %ebx
+ shrl $16, %edx
+ andl $255, %eax
+ movzbl 2(%ebp,%eax,8), %eax
+ movzbl 2(%ebp,%ebx,8), %ebx
+ movl (%edi,%eax,8), %eax
+ xorl 3(%edi,%ebx,8), %eax
+ movzbl %dh, %ebx
+ andl $255, %edx
+ movzbl 2(%ebp,%edx,8), %edx
+ movzbl 2(%ebp,%ebx,8), %ebx
+ xorl 2(%edi,%edx,8), %eax
+ xorl 1(%edi,%ebx,8), %eax
+ movl %eax, 8(%esi)
+ movl 12(%esi), %eax
+ movl %eax, %edx
+ movzbl %ah, %ebx
+ shrl $16, %edx
+ andl $255, %eax
+ movzbl 2(%ebp,%eax,8), %eax
+ movzbl 2(%ebp,%ebx,8), %ebx
+ movl (%edi,%eax,8), %eax
+ xorl 3(%edi,%ebx,8), %eax
+ movzbl %dh, %ebx
+ andl $255, %edx
+ movzbl 2(%ebp,%edx,8), %edx
+ movzbl 2(%ebp,%ebx,8), %ebx
+ xorl 2(%edi,%edx,8), %eax
+ xorl 1(%edi,%ebx,8), %eax
+ movl %eax, 12(%esi)
+ decl %ecx
+ jnz .L041permute
+ xorl %eax, %eax
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_AES_set_decrypt_key_end:
+.size AES_set_decrypt_key,.L_AES_set_decrypt_key_end-AES_set_decrypt_key
+.ident "AES_set_decrypt_key"
diff --git a/src/lib/libssl/src/fips-1.0/aes/fips_aes_core.c b/src/lib/libssl/src/fips-1.0/aes/fips_aes_core.c
new file mode 100644
index 0000000000..82199c92e6
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/aes/fips_aes_core.c
@@ -0,0 +1,1263 @@
+/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
+/**
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Note: rewritten a little bit to provide error control and an OpenSSL-
+ compatible API */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <stdlib.h>
+#include <openssl/aes.h>
+#include "fips_aes_locl.h"
+#include <openssl/fips.h>
+
+#ifdef OPENSSL_FIPS
+
+/*
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+Te4[x] = S [x].[01, 01, 01, 01];
+
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01, 01, 01, 01];
+*/
+
+static const u32 Te0[256] = {
+ 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+ 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+ 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+ 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+ 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+ 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+ 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+ 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+ 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+ 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+ 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+ 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+ 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+ 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+ 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+ 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+ 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+ 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+ 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+ 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+ 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+ 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+ 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+ 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+ 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+ 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+ 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+ 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+ 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+ 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+ 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+ 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+ 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+ 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+ 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+ 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+ 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+ 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+ 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+ 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+ 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+ 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+ 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+ 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+ 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+ 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+ 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+ 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+ 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+ 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+ 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+ 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+ 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+ 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+ 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+ 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+ 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+ 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+ 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+ 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+ 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+ 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+ 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+ 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+};
+static const u32 Te1[256] = {
+ 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+ 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+ 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+ 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+ 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+ 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+ 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+ 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+ 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+ 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+ 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+ 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+ 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+ 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+ 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+ 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+ 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+ 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+ 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+ 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+ 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+ 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+ 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+ 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+ 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+ 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+ 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+ 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+ 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+ 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+ 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+ 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+ 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+ 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+ 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+ 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+ 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+ 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+ 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+ 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+ 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+ 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+ 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+ 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+ 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+ 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+ 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+ 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+ 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+ 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+ 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+ 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+ 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+ 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+ 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+ 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+ 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+ 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+ 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+ 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+ 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+ 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+ 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+ 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+};
+static const u32 Te2[256] = {
+ 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+ 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+ 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+ 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+ 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+ 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+ 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+ 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+ 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+ 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+ 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+ 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+ 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+ 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+ 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+ 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+ 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+ 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+ 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+ 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+ 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+ 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+ 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+ 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+ 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+ 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+ 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+ 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+ 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+ 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+ 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+ 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+ 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+ 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+ 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+ 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+ 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+ 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+ 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+ 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+ 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+ 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+ 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+ 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+ 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+ 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+ 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+ 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+ 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+ 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+ 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+ 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+ 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+ 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+ 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+ 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+ 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+ 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+ 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+ 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+ 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+ 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+ 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+ 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+};
+static const u32 Te3[256] = {
+
+ 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+ 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+ 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+ 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+ 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+ 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+ 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+ 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+ 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+ 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+ 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+ 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+ 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+ 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+ 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+ 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+ 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+ 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+ 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+ 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+ 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+ 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+ 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+ 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+ 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+ 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+ 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+ 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+ 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+ 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+ 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+ 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+ 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+ 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+ 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+ 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+ 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+ 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+ 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+ 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+ 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+ 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+ 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+ 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+ 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+ 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+ 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+ 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+ 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+ 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+ 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+ 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+ 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+ 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+ 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+ 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+ 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+ 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+ 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+ 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+ 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+ 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+ 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+ 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+};
+static const u32 Te4[256] = {
+ 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
+ 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
+ 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
+ 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
+ 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
+ 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
+ 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
+ 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
+ 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
+ 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
+ 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
+ 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
+ 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
+ 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
+ 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
+ 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
+ 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
+ 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
+ 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
+ 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
+ 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
+ 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
+ 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
+ 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
+ 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
+ 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
+ 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
+ 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
+ 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
+ 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
+ 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
+ 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
+ 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
+ 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
+ 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
+ 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
+ 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
+ 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
+ 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
+ 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
+ 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
+ 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
+ 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
+ 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
+ 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
+ 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
+ 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
+ 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
+ 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
+ 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
+ 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
+ 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
+ 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
+ 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
+ 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
+ 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
+ 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
+ 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
+ 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
+ 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
+ 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
+ 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
+ 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
+ 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
+};
+static const u32 Td0[256] = {
+ 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+ 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+ 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+ 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+ 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+ 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+ 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+ 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+ 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+ 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+ 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+ 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+ 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+ 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+ 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+ 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+ 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+ 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+ 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+ 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+ 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+ 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+ 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+ 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+ 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+ 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+ 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+ 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+ 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+ 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+ 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+ 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+ 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+ 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+ 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+ 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+ 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+ 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+ 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+ 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+ 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+ 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+ 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+ 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+ 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+ 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+ 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+ 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+ 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+ 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+ 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+ 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+ 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+ 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+ 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+ 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+ 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+ 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+ 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+ 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+ 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+ 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+ 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+ 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+};
+static const u32 Td1[256] = {
+ 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+ 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+ 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+ 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+ 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+ 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+ 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+ 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+ 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+ 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+ 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+ 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+ 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+ 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+ 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+ 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+ 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+ 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+ 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+ 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+ 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+ 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+ 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+ 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+ 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+ 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+ 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+ 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+ 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+ 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+ 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+ 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+ 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+ 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+ 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+ 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+ 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+ 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+ 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+ 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+ 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+ 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+ 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+ 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+ 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+ 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+ 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+ 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+ 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+ 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+ 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+ 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+ 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+ 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+ 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+ 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+ 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+ 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+ 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+ 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+ 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+ 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+ 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+ 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+};
+static const u32 Td2[256] = {
+ 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+ 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+ 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+ 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+ 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+ 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+ 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+ 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+ 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+ 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+ 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+ 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+ 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+ 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+ 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+ 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+ 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+ 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+ 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+ 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
+
+ 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+ 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+ 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+ 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+ 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+ 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+ 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+ 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+ 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+ 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+ 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+ 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+ 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+ 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+ 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+ 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+ 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+ 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+ 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+ 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+ 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+ 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+ 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+ 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+ 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+ 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+ 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+ 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+ 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+ 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+ 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+ 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+ 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+ 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+ 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+ 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+ 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+ 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+ 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+ 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+ 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+ 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+ 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+ 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+};
+static const u32 Td3[256] = {
+ 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+ 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+ 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+ 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+ 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+ 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+ 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+ 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+ 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+ 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+ 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+ 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+ 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+ 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+ 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+ 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+ 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+ 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+ 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+ 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+ 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+ 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+ 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+ 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+ 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+ 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+ 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+ 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+ 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+ 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+ 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+ 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+ 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+ 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+ 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+ 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+ 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+ 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+ 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+ 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+ 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+ 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+ 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+ 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+ 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+ 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+ 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+ 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+ 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+ 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+ 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+ 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+ 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+ 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+ 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+ 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+ 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+ 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+ 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+ 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+ 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+ 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+ 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+ 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+};
+static const u32 Td4[256] = {
+ 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
+ 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
+ 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
+ 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
+ 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
+ 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
+ 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
+ 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
+ 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
+ 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
+ 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
+ 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
+ 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
+ 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
+ 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
+ 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
+ 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
+ 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
+ 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
+ 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
+ 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
+ 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
+ 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
+ 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
+ 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
+ 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
+ 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
+ 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
+ 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
+ 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
+ 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
+ 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
+ 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
+ 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
+ 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
+ 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
+ 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
+ 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
+ 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
+ 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
+ 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
+ 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
+ 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
+ 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
+ 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
+ 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
+ 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
+ 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
+ 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
+ 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
+ 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
+ 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
+ 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
+ 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
+ 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
+ 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
+ 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
+ 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
+ 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
+ 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
+ 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
+ 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
+ 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
+ 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
+};
+static const u32 rcon[] = {
+ 0x01000000, 0x02000000, 0x04000000, 0x08000000,
+ 0x10000000, 0x20000000, 0x40000000, 0x80000000,
+ 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey,
+ const FIPS_AES_SIZE_T bits, AES_KEY *key) {
+
+ u32 *rk;
+ int i = 0;
+ u32 temp;
+
+ if (!userKey || !key)
+ return -1;
+ if (bits != 128 && bits != 192 && bits != 256)
+ return -2;
+ if(FIPS_selftest_failed())
+ return -3;
+
+ rk = key->rd_key;
+
+ if (bits==128)
+ key->rounds = 10;
+ else if (bits==192)
+ key->rounds = 12;
+ else
+ key->rounds = 14;
+
+ rk[0] = GETU32(userKey );
+ rk[1] = GETU32(userKey + 4);
+ rk[2] = GETU32(userKey + 8);
+ rk[3] = GETU32(userKey + 12);
+ if (bits == 128) {
+ while (1) {
+ temp = rk[3];
+ rk[4] = rk[0] ^
+ (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+ (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
+ (Te4[(temp ) & 0xff] & 0x0000ff00) ^
+ (Te4[(temp >> 24) ] & 0x000000ff) ^
+ rcon[i];
+ rk[5] = rk[1] ^ rk[4];
+ rk[6] = rk[2] ^ rk[5];
+ rk[7] = rk[3] ^ rk[6];
+ if (++i == 10) {
+ return 0;
+ }
+ rk += 4;
+ }
+ }
+ rk[4] = GETU32(userKey + 16);
+ rk[5] = GETU32(userKey + 20);
+ if (bits == 192) {
+ while (1) {
+ temp = rk[ 5];
+ rk[ 6] = rk[ 0] ^
+ (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+ (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
+ (Te4[(temp ) & 0xff] & 0x0000ff00) ^
+ (Te4[(temp >> 24) ] & 0x000000ff) ^
+ rcon[i];
+ rk[ 7] = rk[ 1] ^ rk[ 6];
+ rk[ 8] = rk[ 2] ^ rk[ 7];
+ rk[ 9] = rk[ 3] ^ rk[ 8];
+ if (++i == 8) {
+ return 0;
+ }
+ rk[10] = rk[ 4] ^ rk[ 9];
+ rk[11] = rk[ 5] ^ rk[10];
+ rk += 6;
+ }
+ }
+ rk[6] = GETU32(userKey + 24);
+ rk[7] = GETU32(userKey + 28);
+ if (bits == 256) {
+ while (1) {
+ temp = rk[ 7];
+ rk[ 8] = rk[ 0] ^
+ (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+ (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
+ (Te4[(temp ) & 0xff] & 0x0000ff00) ^
+ (Te4[(temp >> 24) ] & 0x000000ff) ^
+ rcon[i];
+ rk[ 9] = rk[ 1] ^ rk[ 8];
+ rk[10] = rk[ 2] ^ rk[ 9];
+ rk[11] = rk[ 3] ^ rk[10];
+ if (++i == 7) {
+ return 0;
+ }
+ temp = rk[11];
+ rk[12] = rk[ 4] ^
+ (Te4[(temp >> 24) ] & 0xff000000) ^
+ (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
+ (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
+ (Te4[(temp ) & 0xff] & 0x000000ff);
+ rk[13] = rk[ 5] ^ rk[12];
+ rk[14] = rk[ 6] ^ rk[13];
+ rk[15] = rk[ 7] ^ rk[14];
+
+ rk += 8;
+ }
+ }
+ return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey,
+ const FIPS_AES_SIZE_T bits, AES_KEY *key) {
+
+ u32 *rk;
+ int i, j, status;
+ u32 temp;
+
+ /* first, start with an encryption schedule */
+ status = AES_set_encrypt_key(userKey, bits, key);
+ if (status < 0)
+ return status;
+
+ rk = key->rd_key;
+
+ /* invert the order of the round keys: */
+ for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+ temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
+ temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+ temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+ temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+ }
+ /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+ for (i = 1; i < (key->rounds); i++) {
+ rk += 4;
+ rk[0] =
+ Td0[Te4[(rk[0] >> 24) ] & 0xff] ^
+ Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
+ Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^
+ Td3[Te4[(rk[0] ) & 0xff] & 0xff];
+ rk[1] =
+ Td0[Te4[(rk[1] >> 24) ] & 0xff] ^
+ Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
+ Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^
+ Td3[Te4[(rk[1] ) & 0xff] & 0xff];
+ rk[2] =
+ Td0[Te4[(rk[2] >> 24) ] & 0xff] ^
+ Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
+ Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^
+ Td3[Te4[(rk[2] ) & 0xff] & 0xff];
+ rk[3] =
+ Td0[Te4[(rk[3] >> 24) ] & 0xff] ^
+ Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
+ Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^
+ Td3[Te4[(rk[3] ) & 0xff] & 0xff];
+ }
+ return 0;
+}
+
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key) {
+
+ const u32 *rk;
+ u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+ int r;
+#endif /* ?FULL_UNROLL */
+
+ assert(in && out && key);
+ rk = key->rd_key;
+
+ /*
+ * map byte array block to cipher state
+ * and add initial round key:
+ */
+ s0 = GETU32(in ) ^ rk[0];
+ s1 = GETU32(in + 4) ^ rk[1];
+ s2 = GETU32(in + 8) ^ rk[2];
+ s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+ /* round 1: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
+ /* round 2: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
+ /* round 3: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
+ /* round 4: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
+ /* round 5: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
+ /* round 6: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
+ /* round 7: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
+ /* round 8: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
+ /* round 9: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
+ if (key->rounds > 10) {
+ /* round 10: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
+ /* round 11: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
+ if (key->rounds > 12) {
+ /* round 12: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
+ /* round 13: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
+ }
+ }
+ rk += key->rounds << 2;
+#else /* !FULL_UNROLL */
+ /*
+ * Nr - 1 full rounds:
+ */
+ r = key->rounds >> 1;
+ for (;;) {
+ t0 =
+ Te0[(s0 >> 24) ] ^
+ Te1[(s1 >> 16) & 0xff] ^
+ Te2[(s2 >> 8) & 0xff] ^
+ Te3[(s3 ) & 0xff] ^
+ rk[4];
+ t1 =
+ Te0[(s1 >> 24) ] ^
+ Te1[(s2 >> 16) & 0xff] ^
+ Te2[(s3 >> 8) & 0xff] ^
+ Te3[(s0 ) & 0xff] ^
+ rk[5];
+ t2 =
+ Te0[(s2 >> 24) ] ^
+ Te1[(s3 >> 16) & 0xff] ^
+ Te2[(s0 >> 8) & 0xff] ^
+ Te3[(s1 ) & 0xff] ^
+ rk[6];
+ t3 =
+ Te0[(s3 >> 24) ] ^
+ Te1[(s0 >> 16) & 0xff] ^
+ Te2[(s1 >> 8) & 0xff] ^
+ Te3[(s2 ) & 0xff] ^
+ rk[7];
+
+ rk += 8;
+ if (--r == 0) {
+ break;
+ }
+
+ s0 =
+ Te0[(t0 >> 24) ] ^
+ Te1[(t1 >> 16) & 0xff] ^
+ Te2[(t2 >> 8) & 0xff] ^
+ Te3[(t3 ) & 0xff] ^
+ rk[0];
+ s1 =
+ Te0[(t1 >> 24) ] ^
+ Te1[(t2 >> 16) & 0xff] ^
+ Te2[(t3 >> 8) & 0xff] ^
+ Te3[(t0 ) & 0xff] ^
+ rk[1];
+ s2 =
+ Te0[(t2 >> 24) ] ^
+ Te1[(t3 >> 16) & 0xff] ^
+ Te2[(t0 >> 8) & 0xff] ^
+ Te3[(t1 ) & 0xff] ^
+ rk[2];
+ s3 =
+ Te0[(t3 >> 24) ] ^
+ Te1[(t0 >> 16) & 0xff] ^
+ Te2[(t1 >> 8) & 0xff] ^
+ Te3[(t2 ) & 0xff] ^
+ rk[3];
+ }
+#endif /* ?FULL_UNROLL */
+ /*
+ * apply last round and
+ * map cipher state to byte array block:
+ */
+ s0 =
+ (Te4[(t0 >> 24) ] & 0xff000000) ^
+ (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+ (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
+ (Te4[(t3 ) & 0xff] & 0x000000ff) ^
+ rk[0];
+ PUTU32(out , s0);
+ s1 =
+ (Te4[(t1 >> 24) ] & 0xff000000) ^
+ (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+ (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
+ (Te4[(t0 ) & 0xff] & 0x000000ff) ^
+ rk[1];
+ PUTU32(out + 4, s1);
+ s2 =
+ (Te4[(t2 >> 24) ] & 0xff000000) ^
+ (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+ (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
+ (Te4[(t1 ) & 0xff] & 0x000000ff) ^
+ rk[2];
+ PUTU32(out + 8, s2);
+ s3 =
+ (Te4[(t3 >> 24) ] & 0xff000000) ^
+ (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+ (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
+ (Te4[(t2 ) & 0xff] & 0x000000ff) ^
+ rk[3];
+ PUTU32(out + 12, s3);
+}
+
+/*
+ * Decrypt a single block
+ * in and out can overlap
+ */
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key) {
+
+ const u32 *rk;
+ u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+ int r;
+#endif /* ?FULL_UNROLL */
+
+ assert(in && out && key);
+ rk = key->rd_key;
+
+ /*
+ * map byte array block to cipher state
+ * and add initial round key:
+ */
+ s0 = GETU32(in ) ^ rk[0];
+ s1 = GETU32(in + 4) ^ rk[1];
+ s2 = GETU32(in + 8) ^ rk[2];
+ s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+ /* round 1: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
+ /* round 2: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
+ /* round 3: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
+ /* round 4: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
+ /* round 5: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
+ /* round 6: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
+ /* round 7: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
+ /* round 8: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
+ /* round 9: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
+ if (key->rounds > 10) {
+ /* round 10: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
+ /* round 11: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
+ if (key->rounds > 12) {
+ /* round 12: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
+ /* round 13: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
+ }
+ }
+ rk += key->rounds << 2;
+#else /* !FULL_UNROLL */
+ /*
+ * Nr - 1 full rounds:
+ */
+ r = key->rounds >> 1;
+ for (;;) {
+ t0 =
+ Td0[(s0 >> 24) ] ^
+ Td1[(s3 >> 16) & 0xff] ^
+ Td2[(s2 >> 8) & 0xff] ^
+ Td3[(s1 ) & 0xff] ^
+ rk[4];
+ t1 =
+ Td0[(s1 >> 24) ] ^
+ Td1[(s0 >> 16) & 0xff] ^
+ Td2[(s3 >> 8) & 0xff] ^
+ Td3[(s2 ) & 0xff] ^
+ rk[5];
+ t2 =
+ Td0[(s2 >> 24) ] ^
+ Td1[(s1 >> 16) & 0xff] ^
+ Td2[(s0 >> 8) & 0xff] ^
+ Td3[(s3 ) & 0xff] ^
+ rk[6];
+ t3 =
+ Td0[(s3 >> 24) ] ^
+ Td1[(s2 >> 16) & 0xff] ^
+ Td2[(s1 >> 8) & 0xff] ^
+ Td3[(s0 ) & 0xff] ^
+ rk[7];
+
+ rk += 8;
+ if (--r == 0) {
+ break;
+ }
+
+ s0 =
+ Td0[(t0 >> 24) ] ^
+ Td1[(t3 >> 16) & 0xff] ^
+ Td2[(t2 >> 8) & 0xff] ^
+ Td3[(t1 ) & 0xff] ^
+ rk[0];
+ s1 =
+ Td0[(t1 >> 24) ] ^
+ Td1[(t0 >> 16) & 0xff] ^
+ Td2[(t3 >> 8) & 0xff] ^
+ Td3[(t2 ) & 0xff] ^
+ rk[1];
+ s2 =
+ Td0[(t2 >> 24) ] ^
+ Td1[(t1 >> 16) & 0xff] ^
+ Td2[(t0 >> 8) & 0xff] ^
+ Td3[(t3 ) & 0xff] ^
+ rk[2];
+ s3 =
+ Td0[(t3 >> 24) ] ^
+ Td1[(t2 >> 16) & 0xff] ^
+ Td2[(t1 >> 8) & 0xff] ^
+ Td3[(t0 ) & 0xff] ^
+ rk[3];
+ }
+#endif /* ?FULL_UNROLL */
+ /*
+ * apply last round and
+ * map cipher state to byte array block:
+ */
+ s0 =
+ (Td4[(t0 >> 24) ] & 0xff000000) ^
+ (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+ (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
+ (Td4[(t1 ) & 0xff] & 0x000000ff) ^
+ rk[0];
+ PUTU32(out , s0);
+ s1 =
+ (Td4[(t1 >> 24) ] & 0xff000000) ^
+ (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+ (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
+ (Td4[(t2 ) & 0xff] & 0x000000ff) ^
+ rk[1];
+ PUTU32(out + 4, s1);
+ s2 =
+ (Td4[(t2 >> 24) ] & 0xff000000) ^
+ (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+ (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
+ (Td4[(t3 ) & 0xff] & 0x000000ff) ^
+ rk[2];
+ PUTU32(out + 8, s2);
+ s3 =
+ (Td4[(t3 >> 24) ] & 0xff000000) ^
+ (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+ (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
+ (Td4[(t0 ) & 0xff] & 0x000000ff) ^
+ rk[3];
+ PUTU32(out + 12, s3);
+}
+
+#endif /* def OPENSSL_FIPS */
diff --git a/src/lib/libssl/src/fips-1.0/aes/fips_aes_locl.h b/src/lib/libssl/src/fips-1.0/aes/fips_aes_locl.h
new file mode 100644
index 0000000000..4184729e34
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/aes/fips_aes_locl.h
@@ -0,0 +1,85 @@
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_AES_LOCL_H
+#define HEADER_AES_LOCL_H
+
+#include <openssl/e_os2.h>
+
+#ifdef OPENSSL_NO_AES
+#error AES is disabled.
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(_MSC_VER) && !defined(_M_IA64) && !defined(OPENSSL_SYS_WINCE)
+# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+# define GETU32(p) SWAP(*((u32 *)(p)))
+# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
+#else
+# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
+# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
+#endif
+
+typedef unsigned long u32;
+typedef unsigned short u16;
+typedef unsigned char u8;
+
+#define MAXKC (256/32)
+#define MAXKB (256/8)
+#define MAXNR 14
+
+/* This controls loop-unrolling in aes_core.c */
+#undef FULL_UNROLL
+
+#endif /* !HEADER_AES_LOCL_H */
diff --git a/src/lib/libssl/src/fips-1.0/aes/fips_aes_selftest.c b/src/lib/libssl/src/fips-1.0/aes/fips_aes_selftest.c
new file mode 100644
index 0000000000..0e53d21bd0
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/aes/fips_aes_selftest.c
@@ -0,0 +1,112 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/aes.h>
+
+#ifdef OPENSSL_FIPS
+static struct
+ {
+ unsigned char key[16];
+ unsigned char plaintext[16];
+ unsigned char ciphertext[16];
+ } tests[]=
+ {
+ {
+ { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+ 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F },
+ { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
+ 0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF },
+ { 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30,
+ 0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A },
+ },
+ };
+
+void FIPS_corrupt_aes()
+ {
+ tests[0].key[0]++;
+ }
+
+int FIPS_selftest_aes()
+ {
+ int n;
+
+ /* Encrypt and check against known ciphertext */
+ for(n=0 ; n < 1 ; ++n)
+ {
+ AES_KEY key;
+ unsigned char buf[16];
+
+ AES_set_encrypt_key(tests[n].key,128,&key);
+ AES_encrypt(tests[n].plaintext,buf,&key);
+ if(memcmp(buf,tests[n].ciphertext,sizeof buf))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ }
+ /* Decrypt and check against known plaintext */
+ for(n=0 ; n < 1 ; ++n)
+ {
+ AES_KEY key;
+ unsigned char buf[16];
+
+ AES_set_decrypt_key(tests[n].key,128,&key);
+ AES_decrypt(tests[n].ciphertext,buf,&key);
+ if(memcmp(buf,tests[n].plaintext,sizeof buf))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ }
+ return 1;
+ }
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/aes/fips_aesavs.c b/src/lib/libssl/src/fips-1.0/aes/fips_aesavs.c
new file mode 100644
index 0000000000..6bb9b899c8
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/aes/fips_aesavs.c
@@ -0,0 +1,1005 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+/*---------------------------------------------
+ NIST AES Algorithm Validation Suite
+ Test Program
+
+ Donated to OpenSSL by:
+ V-ONE Corporation
+ 20250 Century Blvd, Suite 300
+ Germantown, MD 20874
+ U.S.A.
+ ----------------------------------------------*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include <openssl/evp.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include "e_os.h"
+
+#define AES_BLOCK_SIZE 16
+
+#define VERBOSE 1
+
+/*-----------------------------------------------*/
+
+int AESTest(EVP_CIPHER_CTX *ctx,
+ char *amode, int akeysz, unsigned char *aKey,
+ unsigned char *iVec,
+ int dir, /* 0 = decrypt, 1 = encrypt */
+ unsigned char *plaintext, unsigned char *ciphertext, int len)
+ {
+ const EVP_CIPHER *cipher = NULL;
+ int ret = 1;
+ int kt = 0;
+
+ if (ctx)
+ memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
+
+ if (strcasecmp(amode, "CBC") == 0)
+ kt = 1000;
+ else if (strcasecmp(amode, "ECB") == 0)
+ kt = 2000;
+ else if (strcasecmp(amode, "CFB128") == 0)
+ kt = 3000;
+ else if (strncasecmp(amode, "OFB", 3) == 0)
+ kt = 4000;
+ else if(!strcasecmp(amode,"CFB1"))
+ kt=5000;
+ else if(!strcasecmp(amode,"CFB8"))
+ kt=6000;
+ else
+ {
+ printf("Unknown mode: %s\n", amode);
+ EXIT(1);
+ }
+ if (ret)
+ {
+ if ((akeysz != 128) && (akeysz != 192) && (akeysz != 256))
+ {
+ printf("Invalid key size: %d\n", akeysz);
+ ret = 0;
+ }
+ else
+ {
+ kt += akeysz;
+ switch (kt)
+ {
+ case 1128: /* CBC 128 */
+ cipher = EVP_aes_128_cbc();
+ break;
+ case 1192: /* CBC 192 */
+ cipher = EVP_aes_192_cbc();
+ break;
+ case 1256: /* CBC 256 */
+ cipher = EVP_aes_256_cbc();
+ break;
+ case 2128: /* ECB 128 */
+ cipher = EVP_aes_128_ecb();
+ break;
+ case 2192: /* ECB 192 */
+ cipher = EVP_aes_192_ecb();
+ break;
+ case 2256: /* ECB 256 */
+ cipher = EVP_aes_256_ecb();
+ break;
+ case 3128: /* CFB 128 */
+ cipher = EVP_aes_128_cfb();
+ break;
+ case 3192: /* CFB 192 */
+ cipher = EVP_aes_192_cfb();
+ break;
+ case 3256: /* CFB 256 */
+ cipher = EVP_aes_256_cfb();
+ break;
+ case 4128: /* OFB 128 */
+ cipher = EVP_aes_128_ofb();
+ break;
+ case 4192: /* OFB 192 */
+ cipher = EVP_aes_192_ofb();
+ break;
+ case 4256: /* OFB 256 */
+ cipher = EVP_aes_256_ofb();
+ break;
+ case 5128:
+ cipher=EVP_aes_128_cfb1();
+ break;
+ case 5192:
+ cipher=EVP_aes_192_cfb1();
+ break;
+ case 5256:
+ cipher=EVP_aes_256_cfb1();
+ break;
+ case 6128:
+ cipher=EVP_aes_128_cfb8();
+ break;
+ case 6192:
+ cipher=EVP_aes_192_cfb8();
+ break;
+ case 6256:
+ cipher=EVP_aes_256_cfb8();
+ break;
+ default:
+ printf("Didn't handle mode %d\n",kt);
+ EXIT(1);
+ }
+ if (dir)
+ { /* encrypt */
+ if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_ENCRYPT))
+ {
+ ERR_print_errors_fp(stderr);
+ EXIT(1);
+ }
+
+ EVP_Cipher(ctx, ciphertext, (unsigned char*)plaintext, len);
+ }
+ else
+ { /* decrypt */
+ if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_DECRYPT))
+ {
+ ERR_print_errors_fp(stderr);
+ EXIT(1);
+ }
+ EVP_Cipher(ctx, (unsigned char*)plaintext, ciphertext, len);
+ }
+ }
+ }
+ return ret;
+ }
+
+/*-----------------------------------------------*/
+
+int hex2bin(char *in, int len, unsigned char *out)
+{
+ int n1, n2;
+ unsigned char ch;
+
+ for (n1 = 0, n2 = 0; n1 < len; )
+ { /* first byte */
+ if ((in[n1] >= '0') && (in[n1] <= '9'))
+ ch = in[n1++] - '0';
+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+ ch = in[n1++] - 'A' + 10;
+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+ ch = in[n1++] - 'a' + 10;
+ else
+ return -1;
+ if(len == 1)
+ {
+ out[n2++]=ch;
+ break;
+ }
+ out[n2] = ch << 4;
+ /* second byte */
+ if ((in[n1] >= '0') && (in[n1] <= '9'))
+ ch = in[n1++] - '0';
+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+ ch = in[n1++] - 'A' + 10;
+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+ ch = in[n1++] - 'a' + 10;
+ else
+ return -1;
+ out[n2++] |= ch;
+ }
+ return n2;
+}
+
+/*-----------------------------------------------*/
+
+int bin2hex(unsigned char *in, int len, char *out)
+{
+ int n1, n2;
+ unsigned char ch;
+
+ for (n1 = 0, n2 = 0; n1 < len; ++n1)
+ {
+ /* first nibble */
+ ch = in[n1] >> 4;
+ if (ch <= 0x09)
+ out[n2++] = ch + '0';
+ else
+ out[n2++] = ch - 10 + 'a';
+ /* second nibble */
+ ch = in[n1] & 0x0f;
+ if (ch <= 0x09)
+ out[n2++] = ch + '0';
+ else
+ out[n2++] = ch - 10 + 'a';
+ }
+ return n2;
+}
+
+/* NB: this return the number of _bits_ read */
+int bint2bin(const char *in, int len, unsigned char *out)
+ {
+ int n;
+
+ memset(out,0,len);
+ for(n=0 ; n < len ; ++n)
+ if(in[n] == '1')
+ out[n/8]|=(0x80 >> (n%8));
+ return len;
+ }
+
+int bin2bint(const unsigned char *in,int len,char *out)
+ {
+ int n;
+
+ for(n=0 ; n < len ; ++n)
+ out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
+ return n;
+ }
+
+/*-----------------------------------------------*/
+
+void PrintValue(char *tag, unsigned char *val, int len)
+{
+#if VERBOSE
+ char obuf[2048];
+ int olen;
+ olen = bin2hex(val, len, obuf);
+ printf("%s = %.*s\n", tag, olen, obuf);
+#endif
+}
+
+void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
+ {
+ char obuf[2048];
+ int olen;
+
+ if(bitmode)
+ olen=bin2bint(val,len,obuf);
+ else
+ olen=bin2hex(val,len,obuf);
+
+ fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
+#if VERBOSE
+ printf("%s = %.*s\n", tag, olen, obuf);
+#endif
+ }
+
+/*-----------------------------------------------*/
+char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
+char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"};
+enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128};
+enum XCrypt {XDECRYPT, XENCRYPT};
+
+/*=============================*/
+/* Monte Carlo Tests */
+/*-----------------------------*/
+
+/*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/
+/*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/
+
+#define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1)
+#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8)))
+
+int do_mct(char *amode,
+ int akeysz, unsigned char *aKey,unsigned char *iVec,
+ int dir, unsigned char *text, int len,
+ FILE *rfp)
+ {
+ int ret = 0;
+ unsigned char key[101][32];
+ unsigned char iv[101][AES_BLOCK_SIZE];
+ unsigned char ptext[1001][32];
+ unsigned char ctext[1001][32];
+ unsigned char ciphertext[64+4];
+ int i, j, n, n1, n2;
+ int imode = 0, nkeysz = akeysz/8;
+ EVP_CIPHER_CTX ctx;
+
+ if (len > 32)
+ {
+ printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n",
+ amode, akeysz);
+ return -1;
+ }
+ for (imode = 0; imode < 6; ++imode)
+ if (strcmp(amode, t_mode[imode]) == 0)
+ break;
+ if (imode == 6)
+ {
+ printf("Unrecognized mode: %s\n", amode);
+ return -1;
+ }
+
+ memcpy(key[0], aKey, nkeysz);
+ if (iVec)
+ memcpy(iv[0], iVec, AES_BLOCK_SIZE);
+ if (dir == XENCRYPT)
+ memcpy(ptext[0], text, len);
+ else
+ memcpy(ctext[0], text, len);
+ for (i = 0; i < 100; ++i)
+ {
+ /* printf("Iteration %d\n", i); */
+ if (i > 0)
+ {
+ fprintf(rfp,"COUNT = %d\n",i);
+ OutputValue("KEY",key[i],nkeysz,rfp,0);
+ if (imode != ECB) /* ECB */
+ OutputValue("IV",iv[i],AES_BLOCK_SIZE,rfp,0);
+ /* Output Ciphertext | Plaintext */
+ OutputValue(t_tag[dir^1],dir ? ptext[0] : ctext[0],len,rfp,
+ imode == CFB1);
+ }
+ for (j = 0; j < 1000; ++j)
+ {
+ switch (imode)
+ {
+ case ECB:
+ if (j == 0)
+ { /* set up encryption */
+ ret = AESTest(&ctx, amode, akeysz, key[i], NULL,
+ dir, /* 0 = decrypt, 1 = encrypt */
+ ptext[j], ctext[j], len);
+ if (dir == XENCRYPT)
+ memcpy(ptext[j+1], ctext[j], len);
+ else
+ memcpy(ctext[j+1], ptext[j], len);
+ }
+ else
+ {
+ if (dir == XENCRYPT)
+ {
+ EVP_Cipher(&ctx, ctext[j], ptext[j], len);
+ memcpy(ptext[j+1], ctext[j], len);
+ }
+ else
+ {
+ EVP_Cipher(&ctx, ptext[j], ctext[j], len);
+ memcpy(ctext[j+1], ptext[j], len);
+ }
+ }
+ break;
+
+ case CBC:
+ case OFB:
+ case CFB128:
+ if (j == 0)
+ {
+ ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
+ dir, /* 0 = decrypt, 1 = encrypt */
+ ptext[j], ctext[j], len);
+ if (dir == XENCRYPT)
+ memcpy(ptext[j+1], iv[i], len);
+ else
+ memcpy(ctext[j+1], iv[i], len);
+ }
+ else
+ {
+ if (dir == XENCRYPT)
+ {
+ EVP_Cipher(&ctx, ctext[j], ptext[j], len);
+ memcpy(ptext[j+1], ctext[j-1], len);
+ }
+ else
+ {
+ EVP_Cipher(&ctx, ptext[j], ctext[j], len);
+ memcpy(ctext[j+1], ptext[j-1], len);
+ }
+ }
+ break;
+
+ case CFB8:
+ if (j == 0)
+ {
+ ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
+ dir, /* 0 = decrypt, 1 = encrypt */
+ ptext[j], ctext[j], len);
+ }
+ else
+ {
+ if (dir == XENCRYPT)
+ EVP_Cipher(&ctx, ctext[j], ptext[j], len);
+ else
+ EVP_Cipher(&ctx, ptext[j], ctext[j], len);
+ }
+ if (dir == XENCRYPT)
+ {
+ if (j < 16)
+ memcpy(ptext[j+1], &iv[i][j], len);
+ else
+ memcpy(ptext[j+1], ctext[j-16], len);
+ }
+ else
+ {
+ if (j < 16)
+ memcpy(ctext[j+1], &iv[i][j], len);
+ else
+ memcpy(ctext[j+1], ptext[j-16], len);
+ }
+ break;
+
+ case CFB1:
+ if(j == 0)
+ {
+ /* compensate for wrong endianness of input file */
+ if(i == 0)
+ ptext[0][0]<<=7;
+ ret=AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
+ ptext[j], ctext[j], len);
+ }
+ else
+ {
+ if (dir == XENCRYPT)
+ EVP_Cipher(&ctx, ctext[j], ptext[j], len);
+ else
+ EVP_Cipher(&ctx, ptext[j], ctext[j], len);
+
+ }
+ if(dir == XENCRYPT)
+ {
+ if(j < 128)
+ sb(ptext[j+1],0,gb(iv[i],j));
+ else
+ sb(ptext[j+1],0,gb(ctext[j-128],0));
+ }
+ else
+ {
+ if(j < 128)
+ sb(ctext[j+1],0,gb(iv[i],j));
+ else
+ sb(ctext[j+1],0,gb(ptext[j-128],0));
+ }
+ break;
+ }
+ }
+ --j; /* reset to last of range */
+ /* Output Ciphertext | Plaintext */
+ OutputValue(t_tag[dir],dir ? ctext[j] : ptext[j],len,rfp,
+ imode == CFB1);
+ fprintf(rfp, "\n"); /* add separator */
+
+ /* Compute next KEY */
+ if (dir == XENCRYPT)
+ {
+ if (imode == CFB8)
+ { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
+ for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
+ ciphertext[n1] = ctext[j-n2][0];
+ }
+ else if(imode == CFB1)
+ {
+ for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
+ sb(ciphertext,n1,gb(ctext[j-n2],0));
+ }
+ else
+ switch (akeysz)
+ {
+ case 128:
+ memcpy(ciphertext, ctext[j], 16);
+ break;
+ case 192:
+ memcpy(ciphertext, ctext[j-1]+8, 8);
+ memcpy(ciphertext+8, ctext[j], 16);
+ break;
+ case 256:
+ memcpy(ciphertext, ctext[j-1], 16);
+ memcpy(ciphertext+16, ctext[j], 16);
+ break;
+ }
+ }
+ else
+ {
+ if (imode == CFB8)
+ { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
+ for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
+ ciphertext[n1] = ptext[j-n2][0];
+ }
+ else if(imode == CFB1)
+ {
+ for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
+ sb(ciphertext,n1,gb(ptext[j-n2],0));
+ }
+ else
+ switch (akeysz)
+ {
+ case 128:
+ memcpy(ciphertext, ptext[j], 16);
+ break;
+ case 192:
+ memcpy(ciphertext, ptext[j-1]+8, 8);
+ memcpy(ciphertext+8, ptext[j], 16);
+ break;
+ case 256:
+ memcpy(ciphertext, ptext[j-1], 16);
+ memcpy(ciphertext+16, ptext[j], 16);
+ break;
+ }
+ }
+ /* Compute next key: Key[i+1] = Key[i] xor ct */
+ for (n = 0; n < nkeysz; ++n)
+ key[i+1][n] = key[i][n] ^ ciphertext[n];
+
+ /* Compute next IV and text */
+ if (dir == XENCRYPT)
+ {
+ switch (imode)
+ {
+ case ECB:
+ memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE);
+ break;
+ case CBC:
+ case OFB:
+ case CFB128:
+ memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE);
+ memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE);
+ break;
+ case CFB8:
+ /* IV[i+1] = ct */
+ for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
+ iv[i+1][n1] = ctext[j-n2][0];
+ ptext[0][0] = ctext[j-16][0];
+ break;
+ case CFB1:
+ for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
+ sb(iv[i+1],n1,gb(ctext[j-n2],0));
+ ptext[0][0]=ctext[j-128][0]&0x80;
+ break;
+ }
+ }
+ else
+ {
+ switch (imode)
+ {
+ case ECB:
+ memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE);
+ break;
+ case CBC:
+ case OFB:
+ case CFB128:
+ memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE);
+ memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE);
+ break;
+ case CFB8:
+ for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
+ iv[i+1][n1] = ptext[j-n2][0];
+ ctext[0][0] = ptext[j-16][0];
+ break;
+ case CFB1:
+ for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
+ sb(iv[i+1],n1,gb(ptext[j-n2],0));
+ ctext[0][0]=ptext[j-128][0]&0x80;
+ break;
+ }
+ }
+ }
+
+ return ret;
+ }
+
+/*================================================*/
+/*----------------------------
+ # Config info for v-one
+ # AESVS MMT test data for ECB
+ # State : Encrypt and Decrypt
+ # Key Length : 256
+ # Fri Aug 30 04:07:22 PM
+ ----------------------------*/
+
+int proc_file(char *rqfile)
+ {
+ char afn[256], rfn[256];
+ FILE *afp = NULL, *rfp = NULL;
+ char ibuf[2048];
+ int ilen, len, ret = 0;
+ char algo[8] = "";
+ char amode[8] = "";
+ char atest[8] = "";
+ int akeysz = 0;
+ unsigned char iVec[20], aKey[40];
+ int dir = -1, err = 0, step = 0;
+ unsigned char plaintext[2048];
+ unsigned char ciphertext[2048];
+ char *rp;
+ EVP_CIPHER_CTX ctx;
+
+ if (!rqfile || !(*rqfile))
+ {
+ printf("No req file\n");
+ return -1;
+ }
+ strcpy(afn, rqfile);
+
+ if ((afp = fopen(afn, "r")) == NULL)
+ {
+ printf("Cannot open file: %s, %s\n",
+ afn, strerror(errno));
+ return -1;
+ }
+ strcpy(rfn,afn);
+ rp=strstr(rfn,"req/");
+ assert(rp);
+ memcpy(rp,"rsp",3);
+ rp = strstr(rfn, ".req");
+ memcpy(rp, ".rsp", 4);
+ if ((rfp = fopen(rfn, "w")) == NULL)
+ {
+ printf("Cannot open file: %s, %s\n",
+ rfn, strerror(errno));
+ fclose(afp);
+ afp = NULL;
+ return -1;
+ }
+ while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
+ {
+ ilen = strlen(ibuf);
+ /* printf("step=%d ibuf=%s",step,ibuf); */
+ switch (step)
+ {
+ case 0: /* read preamble */
+ if (ibuf[0] == '\n')
+ { /* end of preamble */
+ if ((*algo == '\0') ||
+ (*amode == '\0') ||
+ (akeysz == 0))
+ {
+ printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n",
+ algo,amode,akeysz);
+ err = 1;
+ }
+ else
+ {
+ fputs(ibuf, rfp);
+ ++ step;
+ }
+ }
+ else if (ibuf[0] != '#')
+ {
+ printf("Invalid preamble item: %s\n", ibuf);
+ err = 1;
+ }
+ else
+ { /* process preamble */
+ char *xp, *pp = ibuf+2;
+ int n;
+ if (akeysz)
+ { /* insert current time & date */
+ time_t rtim = time(0);
+ fprintf(rfp, "# %s", ctime(&rtim));
+ }
+ else
+ {
+ fputs(ibuf, rfp);
+ if (strncmp(pp, "AESVS ", 6) == 0)
+ {
+ strcpy(algo, "AES");
+ /* get test type */
+ pp += 6;
+ xp = strchr(pp, ' ');
+ n = xp-pp;
+ strncpy(atest, pp, n);
+ atest[n] = '\0';
+ /* get mode */
+ xp = strrchr(pp, ' '); /* get mode" */
+ n = strlen(xp+1)-1;
+ strncpy(amode, xp+1, n);
+ amode[n] = '\0';
+ /* amode[3] = '\0'; */
+ printf("Test = %s, Mode = %s\n", atest, amode);
+ }
+ else if (strncasecmp(pp, "Key Length : ", 13) == 0)
+ {
+ akeysz = atoi(pp+13);
+ printf("Key size = %d\n", akeysz);
+ }
+ }
+ }
+ break;
+
+ case 1: /* [ENCRYPT] | [DECRYPT] */
+ if (ibuf[0] == '[')
+ {
+ fputs(ibuf, rfp);
+ ++step;
+ if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
+ dir = 1;
+ else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
+ dir = 0;
+ else
+ {
+ printf("Invalid keyword: %s\n", ibuf);
+ err = 1;
+ }
+ break;
+ }
+ else if (dir == -1)
+ {
+ err = 1;
+ printf("Missing ENCRYPT/DECRYPT keyword\n");
+ break;
+ }
+ else
+ step = 2;
+
+ case 2: /* KEY = xxxx */
+ fputs(ibuf, rfp);
+ if(*ibuf == '\n')
+ break;
+ if(!strncasecmp(ibuf,"COUNT = ",8))
+ break;
+
+ if (strncasecmp(ibuf, "KEY = ", 6) != 0)
+ {
+ printf("Missing KEY\n");
+ err = 1;
+ }
+ else
+ {
+ len = hex2bin((char*)ibuf+6, strlen(ibuf+6)-1, aKey);
+ if (len < 0)
+ {
+ printf("Invalid KEY\n");
+ err =1;
+ break;
+ }
+ PrintValue("KEY", aKey, len);
+ if (strcmp(amode, "ECB") == 0)
+ {
+ memset(iVec, 0, sizeof(iVec));
+ step = (dir)? 4: 5; /* no ivec for ECB */
+ }
+ else
+ ++step;
+ }
+ break;
+
+ case 3: /* IV = xxxx */
+ fputs(ibuf, rfp);
+ if (strncasecmp(ibuf, "IV = ", 5) != 0)
+ {
+ printf("Missing IV\n");
+ err = 1;
+ }
+ else
+ {
+ len = hex2bin((char*)ibuf+5, strlen(ibuf+5)-1, iVec);
+ if (len < 0)
+ {
+ printf("Invalid IV\n");
+ err =1;
+ break;
+ }
+ PrintValue("IV", iVec, len);
+ step = (dir)? 4: 5;
+ }
+ break;
+
+ case 4: /* PLAINTEXT = xxxx */
+ fputs(ibuf, rfp);
+ if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
+ {
+ printf("Missing PLAINTEXT\n");
+ err = 1;
+ }
+ else
+ {
+ int nn = strlen(ibuf+12);
+ if(!strcmp(amode,"CFB1"))
+ len=bint2bin(ibuf+12,nn-1,plaintext);
+ else
+ len=hex2bin(ibuf+12, nn-1,plaintext);
+ if (len < 0)
+ {
+ printf("Invalid PLAINTEXT: %s", ibuf+12);
+ err =1;
+ break;
+ }
+ if (len >= sizeof(plaintext))
+ {
+ printf("Buffer overflow\n");
+ }
+ PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
+ if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
+ {
+ if(do_mct(amode, akeysz, aKey, iVec,
+ dir, (unsigned char*)plaintext, len,
+ rfp) < 0)
+ EXIT(1);
+ }
+ else
+ {
+ ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
+ dir, /* 0 = decrypt, 1 = encrypt */
+ plaintext, ciphertext, len);
+ OutputValue("CIPHERTEXT",ciphertext,len,rfp,
+ !strcmp(amode,"CFB1"));
+ }
+ step = 6;
+ }
+ break;
+
+ case 5: /* CIPHERTEXT = xxxx */
+ fputs(ibuf, rfp);
+ if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
+ {
+ printf("Missing KEY\n");
+ err = 1;
+ }
+ else
+ {
+ if(!strcmp(amode,"CFB1"))
+ len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
+ else
+ len = hex2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
+ if (len < 0)
+ {
+ printf("Invalid CIPHERTEXT\n");
+ err =1;
+ break;
+ }
+
+ PrintValue("CIPHERTEXT", ciphertext, len);
+ if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
+ {
+ do_mct(amode, akeysz, aKey, iVec,
+ dir, ciphertext, len, rfp);
+ }
+ else
+ {
+ ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
+ dir, /* 0 = decrypt, 1 = encrypt */
+ plaintext, ciphertext, len);
+ OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
+ !strcmp(amode,"CFB1"));
+ }
+ step = 6;
+ }
+ break;
+
+ case 6:
+ if (ibuf[0] != '\n')
+ {
+ err = 1;
+ printf("Missing terminator\n");
+ }
+ else if (strcmp(atest, "MCT") != 0)
+ { /* MCT already added terminating nl */
+ fputs(ibuf, rfp);
+ }
+ step = 1;
+ break;
+ }
+ }
+ if (rfp)
+ fclose(rfp);
+ if (afp)
+ fclose(afp);
+ return err;
+ }
+
+/*--------------------------------------------------
+ Processes either a single file or
+ a set of files whose names are passed in a file.
+ A single file is specified as:
+ aes_test -f xxx.req
+ A set of files is specified as:
+ aes_test -d xxxxx.xxx
+ The default is: -d req.txt
+--------------------------------------------------*/
+int main(int argc, char **argv)
+ {
+ char *rqlist = "req.txt";
+ FILE *fp = NULL;
+ char fn[250] = "", rfn[256] = "";
+ int f_opt = 0, d_opt = 1;
+
+#ifdef OPENSSL_FIPS
+ if(!FIPS_mode_set(1))
+ {
+ ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+ EXIT(1);
+ }
+#endif
+ ERR_load_crypto_strings();
+ if (argc > 1)
+ {
+ if (strcasecmp(argv[1], "-d") == 0)
+ {
+ d_opt = 1;
+ }
+ else if (strcasecmp(argv[1], "-f") == 0)
+ {
+ f_opt = 1;
+ d_opt = 0;
+ }
+ else
+ {
+ printf("Invalid parameter: %s\n", argv[1]);
+ return 0;
+ }
+ if (argc < 3)
+ {
+ printf("Missing parameter\n");
+ return 0;
+ }
+ if (d_opt)
+ rqlist = argv[2];
+ else
+ strcpy(fn, argv[2]);
+ }
+ if (d_opt)
+ { /* list of files (directory) */
+ if (!(fp = fopen(rqlist, "r")))
+ {
+ printf("Cannot open req list file\n");
+ return -1;
+ }
+ while (fgets(fn, sizeof(fn), fp))
+ {
+ strtok(fn, "\r\n");
+ strcpy(rfn, fn);
+ printf("Processing: %s\n", rfn);
+ if (proc_file(rfn))
+ {
+ printf(">>> Processing failed for: %s <<<\n", rfn);
+ EXIT(1);
+ }
+ }
+ fclose(fp);
+ }
+ else /* single file */
+ {
+ printf("Processing: %s\n", fn);
+ if (proc_file(fn))
+ {
+ printf(">>> Processing failed for: %s <<<\n", fn);
+ }
+ }
+ EXIT(0);
+ return 0;
+ }
diff --git a/src/lib/libssl/src/fips-1.0/des/Makefile b/src/lib/libssl/src/fips-1.0/des/Makefile
new file mode 100644
index 0000000000..772d775790
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/des/Makefile
@@ -0,0 +1,135 @@
+#
+# OpenSSL/fips-1.0/des/Makefile
+#
+
+DIR= des
+TOP= ../..
+CC= cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR= /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE= Makefile
+AR= ar r
+
+FIPS_DES_ENC=fips_des_enc.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= fips_desmovs.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=fips_des_enc.c asm/fips-dx86-elf.s fips_des_selftest.c fips_set_key.c
+LIBOBJ=$(FIPS_DES_ENC) fips_des_selftest.o fips_set_key.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=
+HEADER= $(EXHEADER) fips_des_locl.h
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ @echo $(LIBOBJ) > lib
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+
+install:
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+fips_test:
+ -find ../testvectors/tdes/req -name '*.req' > testlist
+ -rm -rf ../testvectors/tdes/rsp
+ mkdir ../testvectors/tdes/rsp
+ if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_desmovs -d testlist; fi
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) \
+ $(SRC) $(TEST)
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips_des_enc.o: ../../e_os.h ../../include/openssl/crypto.h
+fips_des_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+fips_des_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+fips_des_enc.o: ../../include/openssl/opensslconf.h
+fips_des_enc.o: ../../include/openssl/opensslv.h
+fips_des_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_des_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fips_des_enc.o: ../../include/openssl/ui_compat.h fips_des_enc.c
+fips_des_enc.o: fips_des_locl.h
+fips_des_selftest.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+fips_des_selftest.o: ../../include/openssl/des.h
+fips_des_selftest.o: ../../include/openssl/des_old.h
+fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_des_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_des_selftest.o: ../../include/openssl/opensslconf.h
+fips_des_selftest.o: ../../include/openssl/opensslv.h
+fips_des_selftest.o: ../../include/openssl/safestack.h
+fips_des_selftest.o: ../../include/openssl/stack.h
+fips_des_selftest.o: ../../include/openssl/symhacks.h
+fips_des_selftest.o: ../../include/openssl/ui.h
+fips_des_selftest.o: ../../include/openssl/ui_compat.h fips_des_selftest.c
+fips_desmovs.o: ../../e_os.h ../../include/openssl/aes.h
+fips_desmovs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_desmovs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+fips_desmovs.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+fips_desmovs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+fips_desmovs.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+fips_desmovs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_desmovs.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_desmovs.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+fips_desmovs.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+fips_desmovs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+fips_desmovs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_desmovs.o: ../../include/openssl/opensslconf.h
+fips_desmovs.o: ../../include/openssl/opensslv.h
+fips_desmovs.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+fips_desmovs.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+fips_desmovs.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+fips_desmovs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+fips_desmovs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_desmovs.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+fips_desmovs.o: fips_desmovs.c
+fips_set_key.o: ../../e_os.h ../../include/openssl/crypto.h
+fips_set_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+fips_set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+fips_set_key.o: ../../include/openssl/opensslconf.h
+fips_set_key.o: ../../include/openssl/opensslv.h
+fips_set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fips_set_key.o: ../../include/openssl/ui_compat.h fips_des_locl.h
+fips_set_key.o: fips_set_key.c
diff --git a/src/lib/libssl/src/fips-1.0/des/asm/fips-dx86-elf.s b/src/lib/libssl/src/fips-1.0/des/asm/fips-dx86-elf.s
new file mode 100644
index 0000000000..7b4b11f0f3
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/des/asm/fips-dx86-elf.s
@@ -0,0 +1,2707 @@
+
+
+
+
+
+
+ .file "des-586.s"
+ .version "01.01"
+gcc2_compiled.:
+.text
+ .align 16
+.globl DES_encrypt1
+ .type DES_encrypt1,@function
+DES_encrypt1:
+ pushl %esi
+ pushl %edi
+
+
+ movl 12(%esp), %esi
+ xorl %ecx, %ecx
+ pushl %ebx
+ pushl %ebp
+ movl (%esi), %eax
+ movl 28(%esp), %ebx
+ movl 4(%esi), %edi
+
+
+ roll $4, %eax
+ movl %eax, %esi
+ xorl %edi, %eax
+ andl $0xf0f0f0f0, %eax
+ xorl %eax, %esi
+ xorl %eax, %edi
+
+ roll $20, %edi
+ movl %edi, %eax
+ xorl %esi, %edi
+ andl $0xfff0000f, %edi
+ xorl %edi, %eax
+ xorl %edi, %esi
+
+ roll $14, %eax
+ movl %eax, %edi
+ xorl %esi, %eax
+ andl $0x33333333, %eax
+ xorl %eax, %edi
+ xorl %eax, %esi
+
+ roll $22, %esi
+ movl %esi, %eax
+ xorl %edi, %esi
+ andl $0x03fc03fc, %esi
+ xorl %esi, %eax
+ xorl %esi, %edi
+
+ roll $9, %eax
+ movl %eax, %esi
+ xorl %edi, %eax
+ andl $0xaaaaaaaa, %eax
+ xorl %eax, %esi
+ xorl %eax, %edi
+
+.byte 209
+.byte 199
+ .align 8
+ call .L000PIC_me_up
+.L000PIC_me_up:
+ popl %ebp
+ addl $_GLOBAL_OFFSET_TABLE_+[.-.L000PIC_me_up],%ebp
+ movl DES_SPtrans@GOT(%ebp),%ebp
+ movl 24(%esp), %ecx
+ cmpl $0, %ebx
+ je .L001start_decrypt
+
+
+ movl (%ecx), %eax
+ xorl %ebx, %ebx
+ movl 4(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 8(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 12(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 16(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 20(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 24(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 28(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 32(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 36(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 40(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 44(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 48(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 52(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 56(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 60(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 64(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 68(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 72(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 76(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 80(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 84(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 88(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 92(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 96(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 100(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 104(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 108(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 112(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 116(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 120(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 124(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+ jmp .L002end
+.L001start_decrypt:
+
+
+ movl 120(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 124(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 112(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 116(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 104(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 108(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 96(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 100(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 88(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 92(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 80(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 84(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 72(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 76(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 64(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 68(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 56(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 60(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 48(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 52(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 40(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 44(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 32(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 36(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 24(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 28(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 16(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 20(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 8(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 12(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl (%ecx), %eax
+ xorl %ebx, %ebx
+ movl 4(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+.L002end:
+
+
+ movl 20(%esp), %edx
+.byte 209
+.byte 206
+ movl %edi, %eax
+ xorl %esi, %edi
+ andl $0xaaaaaaaa, %edi
+ xorl %edi, %eax
+ xorl %edi, %esi
+
+ roll $23, %eax
+ movl %eax, %edi
+ xorl %esi, %eax
+ andl $0x03fc03fc, %eax
+ xorl %eax, %edi
+ xorl %eax, %esi
+
+ roll $10, %edi
+ movl %edi, %eax
+ xorl %esi, %edi
+ andl $0x33333333, %edi
+ xorl %edi, %eax
+ xorl %edi, %esi
+
+ roll $18, %esi
+ movl %esi, %edi
+ xorl %eax, %esi
+ andl $0xfff0000f, %esi
+ xorl %esi, %edi
+ xorl %esi, %eax
+
+ roll $12, %edi
+ movl %edi, %esi
+ xorl %eax, %edi
+ andl $0xf0f0f0f0, %edi
+ xorl %edi, %esi
+ xorl %edi, %eax
+
+ rorl $4, %eax
+ movl %eax, (%edx)
+ movl %esi, 4(%edx)
+ popl %ebp
+ popl %ebx
+ popl %edi
+ popl %esi
+ ret
+.L_DES_encrypt1_end:
+ .size DES_encrypt1,.L_DES_encrypt1_end-DES_encrypt1
+.ident "desasm.pl"
+.text
+ .align 16
+.globl DES_encrypt2
+ .type DES_encrypt2,@function
+DES_encrypt2:
+ pushl %esi
+ pushl %edi
+
+
+ movl 12(%esp), %eax
+ xorl %ecx, %ecx
+ pushl %ebx
+ pushl %ebp
+ movl (%eax), %esi
+ movl 28(%esp), %ebx
+ roll $3, %esi
+ movl 4(%eax), %edi
+ roll $3, %edi
+ .align 8
+ call .L003PIC_me_up
+.L003PIC_me_up:
+ popl %ebp
+ addl $_GLOBAL_OFFSET_TABLE_+[.-.L003PIC_me_up],%ebp
+ movl DES_SPtrans@GOT(%ebp),%ebp
+ movl 24(%esp), %ecx
+ cmpl $0, %ebx
+ je .L004start_decrypt
+
+
+ movl (%ecx), %eax
+ xorl %ebx, %ebx
+ movl 4(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 8(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 12(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 16(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 20(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 24(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 28(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 32(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 36(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 40(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 44(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 48(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 52(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 56(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 60(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 64(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 68(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 72(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 76(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 80(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 84(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 88(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 92(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 96(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 100(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 104(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 108(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 112(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 116(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 120(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 124(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+ jmp .L005end
+.L004start_decrypt:
+
+
+ movl 120(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 124(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 112(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 116(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 104(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 108(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 96(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 100(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 88(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 92(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 80(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 84(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 72(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 76(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 64(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 68(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 56(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 60(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 48(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 52(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 40(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 44(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 32(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 36(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 24(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 28(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 16(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 20(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 8(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 12(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl (%ecx), %eax
+ xorl %ebx, %ebx
+ movl 4(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+.L005end:
+
+
+ rorl $3, %edi
+ movl 20(%esp), %eax
+ rorl $3, %esi
+ movl %edi, (%eax)
+ movl %esi, 4(%eax)
+ popl %ebp
+ popl %ebx
+ popl %edi
+ popl %esi
+ ret
+.L_DES_encrypt2_end:
+ .size DES_encrypt2,.L_DES_encrypt2_end-DES_encrypt2
+.ident "desasm.pl"
+.text
+ .align 16
+.globl DES_encrypt3
+ .type DES_encrypt3,@function
+DES_encrypt3:
+ pushl %ebx
+ movl 8(%esp), %ebx
+ pushl %ebp
+ pushl %esi
+ pushl %edi
+
+
+ movl (%ebx), %edi
+ movl 4(%ebx), %esi
+ subl $12, %esp
+
+
+ roll $4, %edi
+ movl %edi, %edx
+ xorl %esi, %edi
+ andl $0xf0f0f0f0, %edi
+ xorl %edi, %edx
+ xorl %edi, %esi
+
+ roll $20, %esi
+ movl %esi, %edi
+ xorl %edx, %esi
+ andl $0xfff0000f, %esi
+ xorl %esi, %edi
+ xorl %esi, %edx
+
+ roll $14, %edi
+ movl %edi, %esi
+ xorl %edx, %edi
+ andl $0x33333333, %edi
+ xorl %edi, %esi
+ xorl %edi, %edx
+
+ roll $22, %edx
+ movl %edx, %edi
+ xorl %esi, %edx
+ andl $0x03fc03fc, %edx
+ xorl %edx, %edi
+ xorl %edx, %esi
+
+ roll $9, %edi
+ movl %edi, %edx
+ xorl %esi, %edi
+ andl $0xaaaaaaaa, %edi
+ xorl %edi, %edx
+ xorl %edi, %esi
+
+ rorl $3, %edx
+ rorl $2, %esi
+ movl %esi, 4(%ebx)
+ movl 36(%esp), %eax
+ movl %edx, (%ebx)
+ movl 40(%esp), %edi
+ movl 44(%esp), %esi
+ movl $1, 8(%esp)
+ movl %eax, 4(%esp)
+ movl %ebx, (%esp)
+ call DES_encrypt2
+ movl $0, 8(%esp)
+ movl %edi, 4(%esp)
+ movl %ebx, (%esp)
+ call DES_encrypt2
+ movl $1, 8(%esp)
+ movl %esi, 4(%esp)
+ movl %ebx, (%esp)
+ call DES_encrypt2
+ addl $12, %esp
+ movl (%ebx), %edi
+ movl 4(%ebx), %esi
+
+
+ roll $2, %esi
+ roll $3, %edi
+ movl %edi, %eax
+ xorl %esi, %edi
+ andl $0xaaaaaaaa, %edi
+ xorl %edi, %eax
+ xorl %edi, %esi
+
+ roll $23, %eax
+ movl %eax, %edi
+ xorl %esi, %eax
+ andl $0x03fc03fc, %eax
+ xorl %eax, %edi
+ xorl %eax, %esi
+
+ roll $10, %edi
+ movl %edi, %eax
+ xorl %esi, %edi
+ andl $0x33333333, %edi
+ xorl %edi, %eax
+ xorl %edi, %esi
+
+ roll $18, %esi
+ movl %esi, %edi
+ xorl %eax, %esi
+ andl $0xfff0000f, %esi
+ xorl %esi, %edi
+ xorl %esi, %eax
+
+ roll $12, %edi
+ movl %edi, %esi
+ xorl %eax, %edi
+ andl $0xf0f0f0f0, %edi
+ xorl %edi, %esi
+ xorl %edi, %eax
+
+ rorl $4, %eax
+ movl %eax, (%ebx)
+ movl %esi, 4(%ebx)
+ popl %edi
+ popl %esi
+ popl %ebp
+ popl %ebx
+ ret
+.L_DES_encrypt3_end:
+ .size DES_encrypt3,.L_DES_encrypt3_end-DES_encrypt3
+.ident "desasm.pl"
+.text
+ .align 16
+.globl DES_decrypt3
+ .type DES_decrypt3,@function
+DES_decrypt3:
+ pushl %ebx
+ movl 8(%esp), %ebx
+ pushl %ebp
+ pushl %esi
+ pushl %edi
+
+
+ movl (%ebx), %edi
+ movl 4(%ebx), %esi
+ subl $12, %esp
+
+
+ roll $4, %edi
+ movl %edi, %edx
+ xorl %esi, %edi
+ andl $0xf0f0f0f0, %edi
+ xorl %edi, %edx
+ xorl %edi, %esi
+
+ roll $20, %esi
+ movl %esi, %edi
+ xorl %edx, %esi
+ andl $0xfff0000f, %esi
+ xorl %esi, %edi
+ xorl %esi, %edx
+
+ roll $14, %edi
+ movl %edi, %esi
+ xorl %edx, %edi
+ andl $0x33333333, %edi
+ xorl %edi, %esi
+ xorl %edi, %edx
+
+ roll $22, %edx
+ movl %edx, %edi
+ xorl %esi, %edx
+ andl $0x03fc03fc, %edx
+ xorl %edx, %edi
+ xorl %edx, %esi
+
+ roll $9, %edi
+ movl %edi, %edx
+ xorl %esi, %edi
+ andl $0xaaaaaaaa, %edi
+ xorl %edi, %edx
+ xorl %edi, %esi
+
+ rorl $3, %edx
+ rorl $2, %esi
+ movl %esi, 4(%ebx)
+ movl 36(%esp), %esi
+ movl %edx, (%ebx)
+ movl 40(%esp), %edi
+ movl 44(%esp), %eax
+ movl $0, 8(%esp)
+ movl %eax, 4(%esp)
+ movl %ebx, (%esp)
+ call DES_encrypt2
+ movl $1, 8(%esp)
+ movl %edi, 4(%esp)
+ movl %ebx, (%esp)
+ call DES_encrypt2
+ movl $0, 8(%esp)
+ movl %esi, 4(%esp)
+ movl %ebx, (%esp)
+ call DES_encrypt2
+ addl $12, %esp
+ movl (%ebx), %edi
+ movl 4(%ebx), %esi
+
+
+ roll $2, %esi
+ roll $3, %edi
+ movl %edi, %eax
+ xorl %esi, %edi
+ andl $0xaaaaaaaa, %edi
+ xorl %edi, %eax
+ xorl %edi, %esi
+
+ roll $23, %eax
+ movl %eax, %edi
+ xorl %esi, %eax
+ andl $0x03fc03fc, %eax
+ xorl %eax, %edi
+ xorl %eax, %esi
+
+ roll $10, %edi
+ movl %edi, %eax
+ xorl %esi, %edi
+ andl $0x33333333, %edi
+ xorl %edi, %eax
+ xorl %edi, %esi
+
+ roll $18, %esi
+ movl %esi, %edi
+ xorl %eax, %esi
+ andl $0xfff0000f, %esi
+ xorl %esi, %edi
+ xorl %esi, %eax
+
+ roll $12, %edi
+ movl %edi, %esi
+ xorl %eax, %edi
+ andl $0xf0f0f0f0, %edi
+ xorl %edi, %esi
+ xorl %edi, %eax
+
+ rorl $4, %eax
+ movl %eax, (%ebx)
+ movl %esi, 4(%ebx)
+ popl %edi
+ popl %esi
+ popl %ebp
+ popl %ebx
+ ret
+.L_DES_decrypt3_end:
+ .size DES_decrypt3,.L_DES_decrypt3_end-DES_decrypt3
+.ident "desasm.pl"
+.text
+ .align 16
+.globl DES_ncbc_encrypt
+ .type DES_ncbc_encrypt,@function
+DES_ncbc_encrypt:
+
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+ movl 28(%esp), %ebp
+
+ movl 36(%esp), %ebx
+ movl (%ebx), %esi
+ movl 4(%ebx), %edi
+ pushl %edi
+ pushl %esi
+ pushl %edi
+ pushl %esi
+ movl %esp, %ebx
+ movl 36(%esp), %esi
+ movl 40(%esp), %edi
+
+ movl 56(%esp), %ecx
+
+ pushl %ecx
+
+ movl 52(%esp), %eax
+ pushl %eax
+ pushl %ebx
+ cmpl $0, %ecx
+ jz .L006decrypt
+ andl $4294967288, %ebp
+ movl 12(%esp), %eax
+ movl 16(%esp), %ebx
+ jz .L007encrypt_finish
+.L008encrypt_loop:
+ movl (%esi), %ecx
+ movl 4(%esi), %edx
+ xorl %ecx, %eax
+ xorl %edx, %ebx
+ movl %eax, 12(%esp)
+ movl %ebx, 16(%esp)
+ call DES_encrypt1
+ movl 12(%esp), %eax
+ movl 16(%esp), %ebx
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ addl $8, %esi
+ addl $8, %edi
+ subl $8, %ebp
+ jnz .L008encrypt_loop
+.L007encrypt_finish:
+ movl 56(%esp), %ebp
+ andl $7, %ebp
+ jz .L009finish
+ call .L010PIC_point
+.L010PIC_point:
+ popl %edx
+ leal .L011cbc_enc_jmp_table-.L010PIC_point(%edx),%ecx
+ movl (%ecx,%ebp,4), %ebp
+ addl %edx, %ebp
+ xorl %ecx, %ecx
+ xorl %edx, %edx
+ jmp *%ebp
+.L012ej7:
+ movb 6(%esi), %dh
+ sall $8, %edx
+.L013ej6:
+ movb 5(%esi), %dh
+.L014ej5:
+ movb 4(%esi), %dl
+.L015ej4:
+ movl (%esi), %ecx
+ jmp .L016ejend
+.L017ej3:
+ movb 2(%esi), %ch
+ sall $8, %ecx
+.L018ej2:
+ movb 1(%esi), %ch
+.L019ej1:
+ movb (%esi), %cl
+.L016ejend:
+ xorl %ecx, %eax
+ xorl %edx, %ebx
+ movl %eax, 12(%esp)
+ movl %ebx, 16(%esp)
+ call DES_encrypt1
+ movl 12(%esp), %eax
+ movl 16(%esp), %ebx
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ jmp .L009finish
+.align 16
+.L006decrypt:
+ andl $4294967288, %ebp
+ movl 20(%esp), %eax
+ movl 24(%esp), %ebx
+ jz .L020decrypt_finish
+.L021decrypt_loop:
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %eax, 12(%esp)
+ movl %ebx, 16(%esp)
+ call DES_encrypt1
+ movl 12(%esp), %eax
+ movl 16(%esp), %ebx
+ movl 20(%esp), %ecx
+ movl 24(%esp), %edx
+ xorl %eax, %ecx
+ xorl %ebx, %edx
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %ecx, (%edi)
+ movl %edx, 4(%edi)
+ movl %eax, 20(%esp)
+ movl %ebx, 24(%esp)
+ addl $8, %esi
+ addl $8, %edi
+ subl $8, %ebp
+ jnz .L021decrypt_loop
+.L020decrypt_finish:
+ movl 56(%esp), %ebp
+ andl $7, %ebp
+ jz .L009finish
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %eax, 12(%esp)
+ movl %ebx, 16(%esp)
+ call DES_encrypt1
+ movl 12(%esp), %eax
+ movl 16(%esp), %ebx
+ movl 20(%esp), %ecx
+ movl 24(%esp), %edx
+ xorl %eax, %ecx
+ xorl %ebx, %edx
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+.L022dj7:
+ rorl $16, %edx
+ movb %dl, 6(%edi)
+ shrl $16, %edx
+.L023dj6:
+ movb %dh, 5(%edi)
+.L024dj5:
+ movb %dl, 4(%edi)
+.L025dj4:
+ movl %ecx, (%edi)
+ jmp .L026djend
+.L027dj3:
+ rorl $16, %ecx
+ movb %cl, 2(%edi)
+ sall $16, %ecx
+.L028dj2:
+ movb %ch, 1(%esi)
+.L029dj1:
+ movb %cl, (%esi)
+.L026djend:
+ jmp .L009finish
+.align 16
+.L009finish:
+ movl 64(%esp), %ecx
+ addl $28, %esp
+ movl %eax, (%ecx)
+ movl %ebx, 4(%ecx)
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.align 16
+.L011cbc_enc_jmp_table:
+ .long 0
+ .long .L019ej1-.L010PIC_point
+ .long .L018ej2-.L010PIC_point
+ .long .L017ej3-.L010PIC_point
+ .long .L015ej4-.L010PIC_point
+ .long .L014ej5-.L010PIC_point
+ .long .L013ej6-.L010PIC_point
+ .long .L012ej7-.L010PIC_point
+.L_DES_ncbc_encrypt_end:
+ .size DES_ncbc_encrypt,.L_DES_ncbc_encrypt_end-DES_ncbc_encrypt
+.ident "desasm.pl"
+.text
+ .align 16
+.globl DES_ede3_cbc_encrypt
+ .type DES_ede3_cbc_encrypt,@function
+DES_ede3_cbc_encrypt:
+
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+ movl 28(%esp), %ebp
+
+ movl 44(%esp), %ebx
+ movl (%ebx), %esi
+ movl 4(%ebx), %edi
+ pushl %edi
+ pushl %esi
+ pushl %edi
+ pushl %esi
+ movl %esp, %ebx
+ movl 36(%esp), %esi
+ movl 40(%esp), %edi
+
+ movl 64(%esp), %ecx
+
+ movl 56(%esp), %eax
+ pushl %eax
+
+ movl 56(%esp), %eax
+ pushl %eax
+
+ movl 56(%esp), %eax
+ pushl %eax
+ pushl %ebx
+ cmpl $0, %ecx
+ jz .L030decrypt
+ andl $4294967288, %ebp
+ movl 16(%esp), %eax
+ movl 20(%esp), %ebx
+ jz .L031encrypt_finish
+.L032encrypt_loop:
+ movl (%esi), %ecx
+ movl 4(%esi), %edx
+ xorl %ecx, %eax
+ xorl %edx, %ebx
+ movl %eax, 16(%esp)
+ movl %ebx, 20(%esp)
+ call DES_encrypt3
+ movl 16(%esp), %eax
+ movl 20(%esp), %ebx
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ addl $8, %esi
+ addl $8, %edi
+ subl $8, %ebp
+ jnz .L032encrypt_loop
+.L031encrypt_finish:
+ movl 60(%esp), %ebp
+ andl $7, %ebp
+ jz .L033finish
+ call .L034PIC_point
+.L034PIC_point:
+ popl %edx
+ leal .L035cbc_enc_jmp_table-.L034PIC_point(%edx),%ecx
+ movl (%ecx,%ebp,4), %ebp
+ addl %edx, %ebp
+ xorl %ecx, %ecx
+ xorl %edx, %edx
+ jmp *%ebp
+.L036ej7:
+ movb 6(%esi), %dh
+ sall $8, %edx
+.L037ej6:
+ movb 5(%esi), %dh
+.L038ej5:
+ movb 4(%esi), %dl
+.L039ej4:
+ movl (%esi), %ecx
+ jmp .L040ejend
+.L041ej3:
+ movb 2(%esi), %ch
+ sall $8, %ecx
+.L042ej2:
+ movb 1(%esi), %ch
+.L043ej1:
+ movb (%esi), %cl
+.L040ejend:
+ xorl %ecx, %eax
+ xorl %edx, %ebx
+ movl %eax, 16(%esp)
+ movl %ebx, 20(%esp)
+ call DES_encrypt3
+ movl 16(%esp), %eax
+ movl 20(%esp), %ebx
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ jmp .L033finish
+.align 16
+.L030decrypt:
+ andl $4294967288, %ebp
+ movl 24(%esp), %eax
+ movl 28(%esp), %ebx
+ jz .L044decrypt_finish
+.L045decrypt_loop:
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %eax, 16(%esp)
+ movl %ebx, 20(%esp)
+ call DES_decrypt3
+ movl 16(%esp), %eax
+ movl 20(%esp), %ebx
+ movl 24(%esp), %ecx
+ movl 28(%esp), %edx
+ xorl %eax, %ecx
+ xorl %ebx, %edx
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %ecx, (%edi)
+ movl %edx, 4(%edi)
+ movl %eax, 24(%esp)
+ movl %ebx, 28(%esp)
+ addl $8, %esi
+ addl $8, %edi
+ subl $8, %ebp
+ jnz .L045decrypt_loop
+.L044decrypt_finish:
+ movl 60(%esp), %ebp
+ andl $7, %ebp
+ jz .L033finish
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %eax, 16(%esp)
+ movl %ebx, 20(%esp)
+ call DES_decrypt3
+ movl 16(%esp), %eax
+ movl 20(%esp), %ebx
+ movl 24(%esp), %ecx
+ movl 28(%esp), %edx
+ xorl %eax, %ecx
+ xorl %ebx, %edx
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+.L046dj7:
+ rorl $16, %edx
+ movb %dl, 6(%edi)
+ shrl $16, %edx
+.L047dj6:
+ movb %dh, 5(%edi)
+.L048dj5:
+ movb %dl, 4(%edi)
+.L049dj4:
+ movl %ecx, (%edi)
+ jmp .L050djend
+.L051dj3:
+ rorl $16, %ecx
+ movb %cl, 2(%edi)
+ sall $16, %ecx
+.L052dj2:
+ movb %ch, 1(%esi)
+.L053dj1:
+ movb %cl, (%esi)
+.L050djend:
+ jmp .L033finish
+.align 16
+.L033finish:
+ movl 76(%esp), %ecx
+ addl $32, %esp
+ movl %eax, (%ecx)
+ movl %ebx, 4(%ecx)
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.align 16
+.L035cbc_enc_jmp_table:
+ .long 0
+ .long .L043ej1-.L034PIC_point
+ .long .L042ej2-.L034PIC_point
+ .long .L041ej3-.L034PIC_point
+ .long .L039ej4-.L034PIC_point
+ .long .L038ej5-.L034PIC_point
+ .long .L037ej6-.L034PIC_point
+ .long .L036ej7-.L034PIC_point
+.L_DES_ede3_cbc_encrypt_end:
+ .size DES_ede3_cbc_encrypt,.L_DES_ede3_cbc_encrypt_end-DES_ede3_cbc_encrypt
+.ident "desasm.pl"
diff --git a/src/lib/libssl/src/fips-1.0/des/fips_des_enc.c b/src/lib/libssl/src/fips-1.0/des/fips_des_enc.c
new file mode 100644
index 0000000000..40e25efa58
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/des/fips_des_enc.c
@@ -0,0 +1,310 @@
+/* crypto/des/des_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "fips_des_locl.h"
+#include <openssl/fips.h>
+
+#ifdef OPENSSL_FIPS
+
+void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
+ {
+ register DES_LONG l,r,t,u;
+#ifdef DES_PTR
+ register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
+#endif
+#ifndef DES_UNROLL
+ register int i;
+#endif
+ register DES_LONG *s;
+
+ if(FIPS_selftest_failed())
+ {
+ data[0]=data[1]=0;
+ return;
+ }
+
+ r=data[0];
+ l=data[1];
+
+ IP(r,l);
+ /* Things have been modified so that the initial rotate is
+ * done outside the loop. This required the
+ * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
+ * One perl script later and things have a 5% speed up on a sparc2.
+ * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+ * for pointing this out. */
+ /* clear the top bits on machines with 8byte longs */
+ /* shift left by 2 */
+ r=ROTATE(r,29)&0xffffffffL;
+ l=ROTATE(l,29)&0xffffffffL;
+
+ s=ks->ks->deslong;
+ /* I don't know if it is worth the effort of loop unrolling the
+ * inner loop */
+ if (enc)
+ {
+#ifdef DES_UNROLL
+ D_ENCRYPT(l,r, 0); /* 1 */
+ D_ENCRYPT(r,l, 2); /* 2 */
+ D_ENCRYPT(l,r, 4); /* 3 */
+ D_ENCRYPT(r,l, 6); /* 4 */
+ D_ENCRYPT(l,r, 8); /* 5 */
+ D_ENCRYPT(r,l,10); /* 6 */
+ D_ENCRYPT(l,r,12); /* 7 */
+ D_ENCRYPT(r,l,14); /* 8 */
+ D_ENCRYPT(l,r,16); /* 9 */
+ D_ENCRYPT(r,l,18); /* 10 */
+ D_ENCRYPT(l,r,20); /* 11 */
+ D_ENCRYPT(r,l,22); /* 12 */
+ D_ENCRYPT(l,r,24); /* 13 */
+ D_ENCRYPT(r,l,26); /* 14 */
+ D_ENCRYPT(l,r,28); /* 15 */
+ D_ENCRYPT(r,l,30); /* 16 */
+#else
+ for (i=0; i<32; i+=8)
+ {
+ D_ENCRYPT(l,r,i+0); /* 1 */
+ D_ENCRYPT(r,l,i+2); /* 2 */
+ D_ENCRYPT(l,r,i+4); /* 3 */
+ D_ENCRYPT(r,l,i+6); /* 4 */
+ }
+#endif
+ }
+ else
+ {
+#ifdef DES_UNROLL
+ D_ENCRYPT(l,r,30); /* 16 */
+ D_ENCRYPT(r,l,28); /* 15 */
+ D_ENCRYPT(l,r,26); /* 14 */
+ D_ENCRYPT(r,l,24); /* 13 */
+ D_ENCRYPT(l,r,22); /* 12 */
+ D_ENCRYPT(r,l,20); /* 11 */
+ D_ENCRYPT(l,r,18); /* 10 */
+ D_ENCRYPT(r,l,16); /* 9 */
+ D_ENCRYPT(l,r,14); /* 8 */
+ D_ENCRYPT(r,l,12); /* 7 */
+ D_ENCRYPT(l,r,10); /* 6 */
+ D_ENCRYPT(r,l, 8); /* 5 */
+ D_ENCRYPT(l,r, 6); /* 4 */
+ D_ENCRYPT(r,l, 4); /* 3 */
+ D_ENCRYPT(l,r, 2); /* 2 */
+ D_ENCRYPT(r,l, 0); /* 1 */
+#else
+ for (i=30; i>0; i-=8)
+ {
+ D_ENCRYPT(l,r,i-0); /* 16 */
+ D_ENCRYPT(r,l,i-2); /* 15 */
+ D_ENCRYPT(l,r,i-4); /* 14 */
+ D_ENCRYPT(r,l,i-6); /* 13 */
+ }
+#endif
+ }
+
+ /* rotate and clear the top bits on machines with 8byte longs */
+ l=ROTATE(l,3)&0xffffffffL;
+ r=ROTATE(r,3)&0xffffffffL;
+
+ FP(r,l);
+ data[0]=l;
+ data[1]=r;
+ l=r=t=u=0;
+ }
+
+void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
+ {
+ register DES_LONG l,r,t,u;
+#ifdef DES_PTR
+ register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
+#endif
+#ifndef DES_UNROLL
+ register int i;
+#endif
+ register DES_LONG *s;
+
+ if(FIPS_selftest_failed())
+ {
+ data[0]=data[1]=0;
+ return;
+ }
+
+ r=data[0];
+ l=data[1];
+
+ /* Things have been modified so that the initial rotate is
+ * done outside the loop. This required the
+ * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
+ * One perl script later and things have a 5% speed up on a sparc2.
+ * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+ * for pointing this out. */
+ /* clear the top bits on machines with 8byte longs */
+ r=ROTATE(r,29)&0xffffffffL;
+ l=ROTATE(l,29)&0xffffffffL;
+
+ s=ks->ks->deslong;
+ /* I don't know if it is worth the effort of loop unrolling the
+ * inner loop */
+ if (enc)
+ {
+#ifdef DES_UNROLL
+ D_ENCRYPT(l,r, 0); /* 1 */
+ D_ENCRYPT(r,l, 2); /* 2 */
+ D_ENCRYPT(l,r, 4); /* 3 */
+ D_ENCRYPT(r,l, 6); /* 4 */
+ D_ENCRYPT(l,r, 8); /* 5 */
+ D_ENCRYPT(r,l,10); /* 6 */
+ D_ENCRYPT(l,r,12); /* 7 */
+ D_ENCRYPT(r,l,14); /* 8 */
+ D_ENCRYPT(l,r,16); /* 9 */
+ D_ENCRYPT(r,l,18); /* 10 */
+ D_ENCRYPT(l,r,20); /* 11 */
+ D_ENCRYPT(r,l,22); /* 12 */
+ D_ENCRYPT(l,r,24); /* 13 */
+ D_ENCRYPT(r,l,26); /* 14 */
+ D_ENCRYPT(l,r,28); /* 15 */
+ D_ENCRYPT(r,l,30); /* 16 */
+#else
+ for (i=0; i<32; i+=8)
+ {
+ D_ENCRYPT(l,r,i+0); /* 1 */
+ D_ENCRYPT(r,l,i+2); /* 2 */
+ D_ENCRYPT(l,r,i+4); /* 3 */
+ D_ENCRYPT(r,l,i+6); /* 4 */
+ }
+#endif
+ }
+ else
+ {
+#ifdef DES_UNROLL
+ D_ENCRYPT(l,r,30); /* 16 */
+ D_ENCRYPT(r,l,28); /* 15 */
+ D_ENCRYPT(l,r,26); /* 14 */
+ D_ENCRYPT(r,l,24); /* 13 */
+ D_ENCRYPT(l,r,22); /* 12 */
+ D_ENCRYPT(r,l,20); /* 11 */
+ D_ENCRYPT(l,r,18); /* 10 */
+ D_ENCRYPT(r,l,16); /* 9 */
+ D_ENCRYPT(l,r,14); /* 8 */
+ D_ENCRYPT(r,l,12); /* 7 */
+ D_ENCRYPT(l,r,10); /* 6 */
+ D_ENCRYPT(r,l, 8); /* 5 */
+ D_ENCRYPT(l,r, 6); /* 4 */
+ D_ENCRYPT(r,l, 4); /* 3 */
+ D_ENCRYPT(l,r, 2); /* 2 */
+ D_ENCRYPT(r,l, 0); /* 1 */
+#else
+ for (i=30; i>0; i-=8)
+ {
+ D_ENCRYPT(l,r,i-0); /* 16 */
+ D_ENCRYPT(r,l,i-2); /* 15 */
+ D_ENCRYPT(l,r,i-4); /* 14 */
+ D_ENCRYPT(r,l,i-6); /* 13 */
+ }
+#endif
+ }
+ /* rotate and clear the top bits on machines with 8byte longs */
+ data[0]=ROTATE(l,3)&0xffffffffL;
+ data[1]=ROTATE(r,3)&0xffffffffL;
+ l=r=t=u=0;
+ }
+
+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3)
+ {
+ register DES_LONG l,r;
+
+ l=data[0];
+ r=data[1];
+ IP(l,r);
+ data[0]=l;
+ data[1]=r;
+ DES_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);
+ DES_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);
+ DES_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);
+ l=data[0];
+ r=data[1];
+ FP(r,l);
+ data[0]=l;
+ data[1]=r;
+ }
+
+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3)
+ {
+ register DES_LONG l,r;
+
+ l=data[0];
+ r=data[1];
+ IP(l,r);
+ data[0]=l;
+ data[1]=r;
+ DES_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);
+ DES_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);
+ DES_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);
+ l=data[0];
+ r=data[1];
+ FP(r,l);
+ data[0]=l;
+ data[1]=r;
+ }
+
+#else /* ndef OPENSSL_FIPS */
+
+static void *dummy=&dummy;
+
+#endif /* ndef OPENSSL_FIPS */
+
diff --git a/src/lib/libssl/src/fips-1.0/des/fips_des_locl.h b/src/lib/libssl/src/fips-1.0/des/fips_des_locl.h
new file mode 100644
index 0000000000..5c466a5561
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/des/fips_des_locl.h
@@ -0,0 +1,428 @@
+/* crypto/des/des_locl.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_DES_LOCL_H
+#define HEADER_DES_LOCL_H
+
+#include "e_os.h"
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+#ifndef OPENSSL_SYS_MSDOS
+#define OPENSSL_SYS_MSDOS
+#endif
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#ifndef OPENSSL_SYS_MSDOS
+#if !defined(OPENSSL_SYS_VMS) || defined(__DECC)
+#ifdef OPENSSL_UNISTD
+# include OPENSSL_UNISTD
+#else
+# include <unistd.h>
+#endif
+#include <math.h>
+#endif
+#endif
+#include <openssl/des.h>
+
+#ifdef OPENSSL_SYS_MSDOS /* Visual C++ 2.1 (Windows NT/95) */
+#include <stdlib.h>
+#include <errno.h>
+#include <time.h>
+#include <io.h>
+#endif
+
+#if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS)
+#include <string.h>
+#endif
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+#define ITERATIONS 16
+#define HALF_ITERATIONS 8
+
+/* used in des_read and des_write */
+#define MAXWRITE (1024*16)
+#define BSIZE (MAXWRITE+4)
+
+#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
+ l|=((DES_LONG)(*((c)++)))<< 8L, \
+ l|=((DES_LONG)(*((c)++)))<<16L, \
+ l|=((DES_LONG)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#define c2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
+ case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
+ case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
+ case 5: l2|=((DES_LONG)(*(--(c)))); \
+ case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
+ case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
+ case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
+ case 1: l1|=((DES_LONG)(*(--(c)))); \
+ } \
+ }
+
+#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* replacements for htonl and ntohl since I have no idea what to do
+ * when faced with machines with 8 byte longs. */
+#define HDRSIZE 4
+
+#define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \
+ l|=((DES_LONG)(*((c)++)))<<16L, \
+ l|=((DES_LONG)(*((c)++)))<< 8L, \
+ l|=((DES_LONG)(*((c)++))))
+
+#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#define l2cn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ } \
+ }
+
+#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
+#define ROTATE(a,n) (_lrotr(a,n))
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+# define ROTATE(a,n) ({ register unsigned int ret; \
+ asm ("rorl %1,%0" \
+ : "=r"(ret) \
+ : "I"(n),"0"(a) \
+ : "cc"); \
+ ret; \
+ })
+# endif
+#endif
+#ifndef ROTATE
+#define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n))))
+#endif
+
+/* Don't worry about the LOAD_DATA() stuff, that is used by
+ * fcrypt() to add it's little bit to the front */
+
+#ifdef DES_FCRYPT
+
+#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
+ { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
+
+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+ t=R^(R>>16L); \
+ u=t&E0; t&=E1; \
+ tmp=(u<<16); u^=R^s[S ]; u^=tmp; \
+ tmp=(t<<16); t^=R^s[S+1]; t^=tmp
+#else
+#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+ u=R^s[S ]; \
+ t=R^s[S+1]
+#endif
+
+/* The changes to this macro may help or hinder, depending on the
+ * compiler and the architecture. gcc2 always seems to do well :-).
+ * Inspired by Dana How <how@isl.stanford.edu>
+ * DO NOT use the alternative version on machines with 8 byte longs.
+ * It does not seem to work on the Alpha, even when DES_LONG is 4
+ * bytes, probably an issue of accessing non-word aligned objects :-( */
+#ifdef DES_PTR
+
+/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there
+ * is no reason to not xor all the sub items together. This potentially
+ * saves a register since things can be xored directly into L */
+
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+#define D_ENCRYPT(LL,R,S) { \
+ unsigned int u1,u2,u3; \
+ LOAD_DATA(R,S,u,t,E0,E1,u1); \
+ u2=(int)u>>8L; \
+ u1=(int)u&0xfc; \
+ u2&=0xfc; \
+ t=ROTATE(t,4); \
+ u>>=16L; \
+ LL^= *(const DES_LONG *)(des_SP +u1); \
+ LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
+ u3=(int)(u>>8L); \
+ u1=(int)u&0xfc; \
+ u3&=0xfc; \
+ LL^= *(const DES_LONG *)(des_SP+0x400+u1); \
+ LL^= *(const DES_LONG *)(des_SP+0x600+u3); \
+ u2=(int)t>>8L; \
+ u1=(int)t&0xfc; \
+ u2&=0xfc; \
+ t>>=16L; \
+ LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
+ LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
+ u3=(int)t>>8L; \
+ u1=(int)t&0xfc; \
+ u3&=0xfc; \
+ LL^= *(const DES_LONG *)(des_SP+0x500+u1); \
+ LL^= *(const DES_LONG *)(des_SP+0x700+u3); }
+#endif
+#ifdef DES_RISC2
+#define D_ENCRYPT(LL,R,S) { \
+ unsigned int u1,u2,s1,s2; \
+ LOAD_DATA(R,S,u,t,E0,E1,u1); \
+ u2=(int)u>>8L; \
+ u1=(int)u&0xfc; \
+ u2&=0xfc; \
+ t=ROTATE(t,4); \
+ LL^= *(const DES_LONG *)(des_SP +u1); \
+ LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
+ s1=(int)(u>>16L); \
+ s2=(int)(u>>24L); \
+ s1&=0xfc; \
+ s2&=0xfc; \
+ LL^= *(const DES_LONG *)(des_SP+0x400+s1); \
+ LL^= *(const DES_LONG *)(des_SP+0x600+s2); \
+ u2=(int)t>>8L; \
+ u1=(int)t&0xfc; \
+ u2&=0xfc; \
+ LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
+ LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
+ s1=(int)(t>>16L); \
+ s2=(int)(t>>24L); \
+ s1&=0xfc; \
+ s2&=0xfc; \
+ LL^= *(const DES_LONG *)(des_SP+0x500+s1); \
+ LL^= *(const DES_LONG *)(des_SP+0x700+s2); }
+#endif
+#else
+#define D_ENCRYPT(LL,R,S) { \
+ LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+ t=ROTATE(t,4); \
+ LL^= \
+ *(const DES_LONG *)(des_SP +((u )&0xfc))^ \
+ *(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \
+ *(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \
+ *(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \
+ *(const DES_LONG *)(des_SP+0x100+((t )&0xfc))^ \
+ *(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \
+ *(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \
+ *(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); }
+#endif
+
+#else /* original version */
+
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+#define D_ENCRYPT(LL,R,S) {\
+ unsigned int u1,u2,u3; \
+ LOAD_DATA(R,S,u,t,E0,E1,u1); \
+ u>>=2L; \
+ t=ROTATE(t,6); \
+ u2=(int)u>>8L; \
+ u1=(int)u&0x3f; \
+ u2&=0x3f; \
+ u>>=16L; \
+ LL^=DES_SPtrans[0][u1]; \
+ LL^=DES_SPtrans[2][u2]; \
+ u3=(int)u>>8L; \
+ u1=(int)u&0x3f; \
+ u3&=0x3f; \
+ LL^=DES_SPtrans[4][u1]; \
+ LL^=DES_SPtrans[6][u3]; \
+ u2=(int)t>>8L; \
+ u1=(int)t&0x3f; \
+ u2&=0x3f; \
+ t>>=16L; \
+ LL^=DES_SPtrans[1][u1]; \
+ LL^=DES_SPtrans[3][u2]; \
+ u3=(int)t>>8L; \
+ u1=(int)t&0x3f; \
+ u3&=0x3f; \
+ LL^=DES_SPtrans[5][u1]; \
+ LL^=DES_SPtrans[7][u3]; }
+#endif
+#ifdef DES_RISC2
+#define D_ENCRYPT(LL,R,S) {\
+ unsigned int u1,u2,s1,s2; \
+ LOAD_DATA(R,S,u,t,E0,E1,u1); \
+ u>>=2L; \
+ t=ROTATE(t,6); \
+ u2=(int)u>>8L; \
+ u1=(int)u&0x3f; \
+ u2&=0x3f; \
+ LL^=DES_SPtrans[0][u1]; \
+ LL^=DES_SPtrans[2][u2]; \
+ s1=(int)u>>16L; \
+ s2=(int)u>>24L; \
+ s1&=0x3f; \
+ s2&=0x3f; \
+ LL^=DES_SPtrans[4][s1]; \
+ LL^=DES_SPtrans[6][s2]; \
+ u2=(int)t>>8L; \
+ u1=(int)t&0x3f; \
+ u2&=0x3f; \
+ LL^=DES_SPtrans[1][u1]; \
+ LL^=DES_SPtrans[3][u2]; \
+ s1=(int)t>>16; \
+ s2=(int)t>>24L; \
+ s1&=0x3f; \
+ s2&=0x3f; \
+ LL^=DES_SPtrans[5][s1]; \
+ LL^=DES_SPtrans[7][s2]; }
+#endif
+
+#else
+
+#define D_ENCRYPT(LL,R,S) {\
+ LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+ t=ROTATE(t,4); \
+ LL^=\
+ DES_SPtrans[0][(u>> 2L)&0x3f]^ \
+ DES_SPtrans[2][(u>>10L)&0x3f]^ \
+ DES_SPtrans[4][(u>>18L)&0x3f]^ \
+ DES_SPtrans[6][(u>>26L)&0x3f]^ \
+ DES_SPtrans[1][(t>> 2L)&0x3f]^ \
+ DES_SPtrans[3][(t>>10L)&0x3f]^ \
+ DES_SPtrans[5][(t>>18L)&0x3f]^ \
+ DES_SPtrans[7][(t>>26L)&0x3f]; }
+#endif
+#endif
+
+ /* IP and FP
+ * The problem is more of a geometric problem that random bit fiddling.
+ 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
+ 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
+ 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
+ 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
+
+ 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
+ 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
+ 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
+ 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
+
+ The output has been subject to swaps of the form
+ 0 1 -> 3 1 but the odd and even bits have been put into
+ 2 3 2 0
+ different words. The main trick is to remember that
+ t=((l>>size)^r)&(mask);
+ r^=t;
+ l^=(t<<size);
+ can be used to swap and move bits between words.
+
+ So l = 0 1 2 3 r = 16 17 18 19
+ 4 5 6 7 20 21 22 23
+ 8 9 10 11 24 25 26 27
+ 12 13 14 15 28 29 30 31
+ becomes (for size == 2 and mask == 0x3333)
+ t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19
+ 6^20 7^21 -- -- 4 5 20 21 6 7 22 23
+ 10^24 11^25 -- -- 8 9 24 25 10 11 24 25
+ 14^28 15^29 -- -- 12 13 28 29 14 15 28 29
+
+ Thanks for hints from Richard Outerbridge - he told me IP&FP
+ could be done in 15 xor, 10 shifts and 5 ands.
+ When I finally started to think of the problem in 2D
+ I first got ~42 operations without xors. When I remembered
+ how to use xors :-) I got it to its final state.
+ */
+#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+ (b)^=(t),\
+ (a)^=((t)<<(n)))
+
+#define IP(l,r) \
+ { \
+ register DES_LONG tt; \
+ PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
+ PERM_OP(l,r,tt,16,0x0000ffffL); \
+ PERM_OP(r,l,tt, 2,0x33333333L); \
+ PERM_OP(l,r,tt, 8,0x00ff00ffL); \
+ PERM_OP(r,l,tt, 1,0x55555555L); \
+ }
+
+#define FP(l,r) \
+ { \
+ register DES_LONG tt; \
+ PERM_OP(l,r,tt, 1,0x55555555L); \
+ PERM_OP(r,l,tt, 8,0x00ff00ffL); \
+ PERM_OP(l,r,tt, 2,0x33333333L); \
+ PERM_OP(r,l,tt,16,0x0000ffffL); \
+ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
+ }
+
+extern const DES_LONG DES_SPtrans[8][64];
+
+void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
+ DES_LONG Eswap0, DES_LONG Eswap1);
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/des/fips_des_selftest.c b/src/lib/libssl/src/fips-1.0/des/fips_des_selftest.c
new file mode 100644
index 0000000000..3e0778eb5e
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/des/fips_des_selftest.c
@@ -0,0 +1,200 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/des.h>
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_FIPS
+static struct
+ {
+ DES_cblock key;
+ unsigned char plaintext[8];
+ unsigned char ciphertext[8];
+ } tests[]=
+ {
+ {
+ { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
+ { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
+ { 0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7 }
+ },
+ {
+ { 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10 },
+ { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
+ { 0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
+ },
+ };
+
+static struct
+ {
+ DES_cblock key1;
+ DES_cblock key2;
+ unsigned char plaintext[8];
+ unsigned char ciphertext[8];
+ } tests2[]=
+ {
+ {
+ { 0x7c,0x4f,0x6e,0xf7,0xa2,0x04,0x16,0xec },
+ { 0x0b,0x6b,0x7c,0x9e,0x5e,0x19,0xa7,0xc4 },
+ { 0x06,0xa7,0xd8,0x79,0xaa,0xce,0x69,0xef },
+ { 0x4c,0x11,0x17,0x55,0xbf,0xc4,0x4e,0xfd }
+ },
+ {
+ { 0x5d,0x9e,0x01,0xd3,0x25,0xc7,0x3e,0x34 },
+ { 0x01,0x16,0x7c,0x85,0x23,0xdf,0xe0,0x68 },
+ { 0x9c,0x50,0x09,0x0f,0x5e,0x7d,0x69,0x7e },
+ { 0xd2,0x0b,0x18,0xdf,0xd9,0x0d,0x9e,0xff },
+ }
+ };
+
+static struct
+ {
+ DES_cblock key1;
+ DES_cblock key2;
+ DES_cblock key3;
+ unsigned char plaintext[8];
+ unsigned char ciphertext[8];
+ } tests3[]=
+ {
+ {
+ { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
+ { 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10 },
+ { 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0 },
+ { 0x8f,0x8f,0xbf,0x9b,0x5d,0x48,0xb4,0x1c},
+ { 0x59,0x8c,0xe5,0xd3,0x6c,0xa2,0xea,0x1b},
+ },
+ {
+ { 0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,0xFE },
+ { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
+ { 0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
+ { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
+ { 0x11,0x25,0xb0,0x35,0xbe,0xa0,0x82,0x86 },
+ },
+ };
+
+void FIPS_corrupt_des()
+ {
+ tests[0].plaintext[0]++;
+ }
+
+int FIPS_selftest_des()
+ {
+ int n;
+
+ /* Encrypt/decrypt with DES and compare to known answers */
+ for(n=0 ; n < 2 ; ++n)
+ {
+ DES_key_schedule key;
+ DES_cblock buf;
+
+ DES_set_key(&tests[n].key,&key);
+ DES_ecb_encrypt(&tests[n].plaintext,&buf,&key,1);
+ if(memcmp(buf,tests[n].ciphertext,sizeof buf))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ DES_ecb_encrypt(&tests[n].ciphertext,&buf,&key,0);
+ if(memcmp(buf,tests[n].plaintext,sizeof buf))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ }
+
+ /* Encrypt/decrypt with 2-key 3DES and compare to known answers */
+ for(n=0 ; n < 2 ; ++n)
+ {
+ DES_key_schedule key1, key2;
+ unsigned char buf[8];
+
+ DES_set_key(&tests2[n].key1,&key1);
+ DES_set_key(&tests2[n].key2,&key2);
+ DES_ecb2_encrypt(tests2[n].plaintext,buf,&key1,&key2,1);
+ if(memcmp(buf,tests2[n].ciphertext,sizeof buf))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ DES_ecb2_encrypt(tests2[n].ciphertext,buf,&key1,&key2,0);
+ if(memcmp(buf,tests2[n].plaintext,sizeof buf))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ }
+
+ /* Encrypt/decrypt with 3DES and compare to known answers */
+ for(n=0 ; n < 2 ; ++n)
+ {
+ DES_key_schedule key1, key2, key3;
+ unsigned char buf[8];
+
+ DES_set_key(&tests3[n].key1,&key1);
+ DES_set_key(&tests3[n].key2,&key2);
+ DES_set_key(&tests3[n].key3,&key3);
+ DES_ecb3_encrypt(tests3[n].plaintext,buf,&key1,&key2,&key3,1);
+ if(memcmp(buf,tests3[n].ciphertext,sizeof buf))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ DES_ecb3_encrypt(tests3[n].ciphertext,buf,&key1,&key2,&key3,0);
+ if(memcmp(buf,tests3[n].plaintext,sizeof buf))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ }
+
+ return 1;
+ }
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/des/fips_desmovs.c b/src/lib/libssl/src/fips-1.0/des/fips_desmovs.c
new file mode 100644
index 0000000000..5eb55726e3
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/des/fips_desmovs.c
@@ -0,0 +1,833 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+/*---------------------------------------------
+ NIST DES Modes of Operation Validation System
+ Test Program
+
+ Based on the AES Validation Suite, which was:
+ Donated to OpenSSL by:
+ V-ONE Corporation
+ 20250 Century Blvd, Suite 300
+ Germantown, MD 20874
+ U.S.A.
+ ----------------------------------------------*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include <openssl/des.h>
+#include <openssl/evp.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include "e_os.h"
+
+/*#define AES_BLOCK_SIZE 16*/
+
+#define VERBOSE 0
+
+/*-----------------------------------------------*/
+
+int DESTest(EVP_CIPHER_CTX *ctx,
+ char *amode, int akeysz, unsigned char *aKey,
+ unsigned char *iVec,
+ int dir, /* 0 = decrypt, 1 = encrypt */
+ unsigned char *out, unsigned char *in, int len)
+ {
+ const EVP_CIPHER *cipher = NULL;
+ int kt = 0;
+
+ if (ctx)
+ memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
+
+ if (strcasecmp(amode, "CBC") == 0)
+ kt = 1000;
+ else if (strcasecmp(amode, "ECB") == 0)
+ kt = 2000;
+ else if (strcasecmp(amode, "CFB64") == 0)
+ kt = 3000;
+ else if (strncasecmp(amode, "OFB", 3) == 0)
+ kt = 4000;
+ else if(!strcasecmp(amode,"CFB1"))
+ kt=5000;
+ else if(!strcasecmp(amode,"CFB8"))
+ kt=6000;
+ else
+ {
+ printf("Unknown mode: %s\n", amode);
+ EXIT(1);
+ }
+ if (akeysz != 64 && akeysz != 192)
+ {
+ printf("Invalid key size: %d\n", akeysz);
+ EXIT(1);
+ }
+ else
+ {
+ kt += akeysz;
+ switch (kt)
+ {
+ case 1064:
+ cipher=EVP_des_cbc();
+ break;
+ case 1192:
+ cipher=EVP_des_ede3_cbc();
+ break;
+ case 2064:
+ cipher=EVP_des_ecb();
+ break;
+ case 2192:
+ cipher=EVP_des_ede3_ecb();
+ break;
+ case 3064:
+ cipher=EVP_des_cfb64();
+ break;
+ case 3192:
+ cipher=EVP_des_ede3_cfb64();
+ break;
+ case 4064:
+ cipher=EVP_des_ofb();
+ break;
+ case 4192:
+ cipher=EVP_des_ede3_ofb();
+ break;
+ case 5064:
+ cipher=EVP_des_cfb1();
+ break;
+ case 5192:
+ cipher=EVP_des_ede3_cfb1();
+ break;
+ case 6064:
+ cipher=EVP_des_cfb8();
+ break;
+ case 6192:
+ cipher=EVP_des_ede3_cfb8();
+ break;
+ default:
+ printf("Didn't handle mode %d\n",kt);
+ EXIT(1);
+ }
+ if(!EVP_CipherInit(ctx, cipher, aKey, iVec, dir))
+ {
+ ERR_print_errors_fp(stderr);
+ EXIT(1);
+ }
+ EVP_Cipher(ctx, out, in, len);
+ }
+ return 1;
+ }
+
+/*-----------------------------------------------*/
+
+int hex2bin(char *in, int len, unsigned char *out)
+ {
+ int n1, n2;
+ unsigned char ch;
+
+ for (n1 = 0, n2 = 0; n1 < len; )
+ { /* first byte */
+ if ((in[n1] >= '0') && (in[n1] <= '9'))
+ ch = in[n1++] - '0';
+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+ ch = in[n1++] - 'A' + 10;
+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+ ch = in[n1++] - 'a' + 10;
+ else
+ return -1;
+ if(len == 1)
+ {
+ out[n2++]=ch;
+ break;
+ }
+ out[n2] = ch << 4;
+ /* second byte */
+ if ((in[n1] >= '0') && (in[n1] <= '9'))
+ ch = in[n1++] - '0';
+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+ ch = in[n1++] - 'A' + 10;
+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+ ch = in[n1++] - 'a' + 10;
+ else
+ return -1;
+ out[n2++] |= ch;
+ }
+ return n2;
+ }
+
+/*-----------------------------------------------*/
+
+int bin2hex(unsigned char *in, int len, char *out)
+ {
+ int n1, n2;
+ unsigned char ch;
+
+ for (n1 = 0, n2 = 0; n1 < len; ++n1)
+ {
+ /* first nibble */
+ ch = in[n1] >> 4;
+ if (ch <= 0x09)
+ out[n2++] = ch + '0';
+ else
+ out[n2++] = ch - 10 + 'a';
+ /* second nibble */
+ ch = in[n1] & 0x0f;
+ if (ch <= 0x09)
+ out[n2++] = ch + '0';
+ else
+ out[n2++] = ch - 10 + 'a';
+ }
+ return n2;
+ }
+
+/* NB: this return the number of _bits_ read */
+int bint2bin(const char *in, int len, unsigned char *out)
+ {
+ int n;
+
+ memset(out,0,len);
+ for(n=0 ; n < len ; ++n)
+ if(in[n] == '1')
+ out[n/8]|=(0x80 >> (n%8));
+ return len;
+ }
+
+int bin2bint(const unsigned char *in,int len,char *out)
+ {
+ int n;
+
+ for(n=0 ; n < len ; ++n)
+ out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
+ return n;
+ }
+
+/*-----------------------------------------------*/
+
+void PrintValue(char *tag, unsigned char *val, int len)
+ {
+#if VERBOSE
+ char obuf[2048];
+ int olen;
+ olen = bin2hex(val, len, obuf);
+ printf("%s = %.*s\n", tag, olen, obuf);
+#endif
+ }
+
+void DebugValue(char *tag, unsigned char *val, int len)
+ {
+ char obuf[2048];
+ int olen;
+ olen = bin2hex(val, len, obuf);
+ printf("%s = %.*s\n", tag, olen, obuf);
+ }
+
+void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
+ {
+ char obuf[2048];
+ int olen;
+
+ if(bitmode)
+ olen=bin2bint(val,len,obuf);
+ else
+ olen=bin2hex(val,len,obuf);
+
+ fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
+#if VERBOSE
+ printf("%s = %.*s\n", tag, olen, obuf);
+#endif
+ }
+
+void shiftin(unsigned char *dst,unsigned char *src,int nbits)
+ {
+ int n;
+
+ /* move the bytes... */
+ memmove(dst,dst+nbits/8,3*8-nbits/8);
+ /* append new data */
+ memcpy(dst+3*8-nbits/8,src,(nbits+7)/8);
+ /* left shift the bits */
+ if(nbits%8)
+ for(n=0 ; n < 3*8 ; ++n)
+ dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8));
+ }
+
+/*-----------------------------------------------*/
+char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
+char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"};
+enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB64};
+int Sizes[6]={64,64,64,1,8,64};
+
+void do_mct(char *amode,
+ int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec,
+ int dir, unsigned char *text, int len,
+ FILE *rfp)
+ {
+ int i,imode;
+ unsigned char nk[4*8]; /* longest key+8 */
+ unsigned char text0[8];
+
+ for (imode=0 ; imode < 6 ; ++imode)
+ if(!strcmp(amode,t_mode[imode]))
+ break;
+ if (imode == 6)
+ {
+ printf("Unrecognized mode: %s\n", amode);
+ EXIT(1);
+ }
+
+ for(i=0 ; i < 400 ; ++i)
+ {
+ int j;
+ int n;
+ EVP_CIPHER_CTX ctx;
+ int kp=akeysz/64;
+ unsigned char old_iv[8];
+
+ fprintf(rfp,"\nCOUNT = %d\n",i);
+ if(kp == 1)
+ OutputValue("KEY",akey,8,rfp,0);
+ else
+ for(n=0 ; n < kp ; ++n)
+ {
+ fprintf(rfp,"KEY%d",n+1);
+ OutputValue("",akey+n*8,8,rfp,0);
+ }
+
+ if(imode != ECB)
+ OutputValue("IV",ivec,8,rfp,0);
+ OutputValue(t_tag[dir^1],text,len,rfp,imode == CFB1);
+
+ /* compensate for endianness */
+ if(imode == CFB1)
+ text[0]<<=7;
+
+ memcpy(text0,text,8);
+
+ for(j=0 ; j < 10000 ; ++j)
+ {
+ unsigned char old_text[8];
+
+ memcpy(old_text,text,8);
+ if(j == 0)
+ {
+ memcpy(old_iv,ivec,8);
+ DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len);
+ }
+ else
+ {
+ memcpy(old_iv,ctx.iv,8);
+ EVP_Cipher(&ctx,text,text,len);
+ }
+ if(j == 9999)
+ {
+ OutputValue(t_tag[dir],text,len,rfp,imode == CFB1);
+ /* memcpy(ivec,text,8); */
+ }
+ /* DebugValue("iv",ctx.iv,8); */
+ /* accumulate material for the next key */
+ shiftin(nk,text,Sizes[imode]);
+ /* DebugValue("nk",nk,24);*/
+ if((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64
+ || imode == CBC)) || imode == OFB)
+ memcpy(text,old_iv,8);
+
+ if(!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64))
+ {
+ /* the test specifies using the output of the raw DES operation
+ which we don't have, so reconstruct it... */
+ for(n=0 ; n < 8 ; ++n)
+ text[n]^=old_text[n];
+ }
+ }
+ for(n=0 ; n < 8 ; ++n)
+ akey[n]^=nk[16+n];
+ for(n=0 ; n < 8 ; ++n)
+ akey[8+n]^=nk[8+n];
+ for(n=0 ; n < 8 ; ++n)
+ akey[16+n]^=nk[n];
+ if(numkeys < 3)
+ memcpy(&akey[2*8],akey,8);
+ if(numkeys < 2)
+ memcpy(&akey[8],akey,8);
+ DES_set_odd_parity((DES_cblock *)akey);
+ DES_set_odd_parity((DES_cblock *)(akey+8));
+ DES_set_odd_parity((DES_cblock *)(akey+16));
+ memcpy(ivec,ctx.iv,8);
+
+ /* pointless exercise - the final text doesn't depend on the
+ initial text in OFB mode, so who cares what it is? (Who
+ designed these tests?) */
+ if(imode == OFB)
+ for(n=0 ; n < 8 ; ++n)
+ text[n]=text0[n]^old_iv[n];
+ }
+ }
+
+int proc_file(char *rqfile)
+ {
+ char afn[256], rfn[256];
+ FILE *afp = NULL, *rfp = NULL;
+ char ibuf[2048];
+ int ilen, len, ret = 0;
+ char amode[8] = "";
+ char atest[100] = "";
+ int akeysz=0;
+ unsigned char iVec[20], aKey[40];
+ int dir = -1, err = 0, step = 0;
+ unsigned char plaintext[2048];
+ unsigned char ciphertext[2048];
+ char *rp;
+ EVP_CIPHER_CTX ctx;
+ int numkeys=1;
+
+ if (!rqfile || !(*rqfile))
+ {
+ printf("No req file\n");
+ return -1;
+ }
+ strcpy(afn, rqfile);
+
+ if ((afp = fopen(afn, "r")) == NULL)
+ {
+ printf("Cannot open file: %s, %s\n",
+ afn, strerror(errno));
+ return -1;
+ }
+ strcpy(rfn,afn);
+ rp=strstr(rfn,"req/");
+ assert(rp);
+ memcpy(rp,"rsp",3);
+ rp = strstr(rfn, ".req");
+ memcpy(rp, ".rsp", 4);
+ if ((rfp = fopen(rfn, "w")) == NULL)
+ {
+ printf("Cannot open file: %s, %s\n",
+ rfn, strerror(errno));
+ fclose(afp);
+ afp = NULL;
+ return -1;
+ }
+ while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
+ {
+ ilen = strlen(ibuf);
+ /* printf("step=%d ibuf=%s",step,ibuf);*/
+ if(step == 3 && !strcmp(amode,"ECB"))
+ {
+ memset(iVec, 0, sizeof(iVec));
+ step = (dir)? 4: 5; /* no ivec for ECB */
+ }
+ switch (step)
+ {
+ case 0: /* read preamble */
+ if (ibuf[0] == '\n')
+ { /* end of preamble */
+ if (*amode == '\0')
+ {
+ printf("Missing Mode\n");
+ err = 1;
+ }
+ else
+ {
+ fputs(ibuf, rfp);
+ ++ step;
+ }
+ }
+ else if (ibuf[0] != '#')
+ {
+ printf("Invalid preamble item: %s\n", ibuf);
+ err = 1;
+ }
+ else
+ { /* process preamble */
+ char *xp, *pp = ibuf+2;
+ int n;
+ if(*amode)
+ { /* insert current time & date */
+ time_t rtim = time(0);
+ fprintf(rfp, "# %s", ctime(&rtim));
+ }
+ else
+ {
+ fputs(ibuf, rfp);
+ if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4)
+ || !strncmp(pp,"TDES ",5)
+ || !strncmp(pp,"PERMUTATION ",12)
+ || !strncmp(pp,"SUBSTITUTION ",13)
+ || !strncmp(pp,"VARIABLE ",9))
+ {
+ /* get test type */
+ if(!strncmp(pp,"DES ",4))
+ pp+=4;
+ else if(!strncmp(pp,"TDES ",5))
+ pp+=5;
+ xp = strchr(pp, ' ');
+ n = xp-pp;
+ strncpy(atest, pp, n);
+ atest[n] = '\0';
+ /* get mode */
+ xp = strrchr(pp, ' '); /* get mode" */
+ n = strlen(xp+1)-1;
+ strncpy(amode, xp+1, n);
+ amode[n] = '\0';
+ /* amode[3] = '\0'; */
+ printf("Test=%s, Mode=%s\n",atest,amode);
+ }
+ }
+ }
+ break;
+
+ case 1: /* [ENCRYPT] | [DECRYPT] */
+ if(ibuf[0] == '\n')
+ break;
+ if (ibuf[0] == '[')
+ {
+ fputs(ibuf, rfp);
+ ++step;
+ if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
+ dir = 1;
+ else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
+ dir = 0;
+ else
+ {
+ printf("Invalid keyword: %s\n", ibuf);
+ err = 1;
+ }
+ break;
+ }
+ else if (dir == -1)
+ {
+ err = 1;
+ printf("Missing ENCRYPT/DECRYPT keyword\n");
+ break;
+ }
+ else
+ step = 2;
+
+ case 2: /* KEY = xxxx */
+ if(*ibuf == '\n')
+ {
+ fputs(ibuf, rfp);
+ break;
+ }
+ if(!strncasecmp(ibuf,"COUNT = ",8))
+ {
+ fputs(ibuf, rfp);
+ break;
+ }
+ if(!strncasecmp(ibuf,"COUNT=",6))
+ {
+ fputs(ibuf, rfp);
+ break;
+ }
+ if(!strncasecmp(ibuf,"NumKeys = ",10))
+ {
+ numkeys=atoi(ibuf+10);
+ break;
+ }
+
+ fputs(ibuf, rfp);
+ if(!strncasecmp(ibuf,"KEY = ",6))
+ {
+ akeysz=64;
+ len = hex2bin((char*)ibuf+6, strlen(ibuf+6)-1, aKey);
+ if (len < 0)
+ {
+ printf("Invalid KEY\n");
+ err=1;
+ break;
+ }
+ PrintValue("KEY", aKey, len);
+ ++step;
+ }
+ else if(!strncasecmp(ibuf,"KEYs = ",7))
+ {
+ akeysz=64*3;
+ len=hex2bin(ibuf+7,strlen(ibuf+7)-1,aKey);
+ if(len != 8)
+ {
+ printf("Invalid KEY\n");
+ err=1;
+ break;
+ }
+ memcpy(aKey+8,aKey,8);
+ memcpy(aKey+16,aKey,8);
+ ibuf[4]='\0';
+ PrintValue("KEYs",aKey,len);
+ ++step;
+ }
+ else if(!strncasecmp(ibuf,"KEY",3))
+ {
+ int n=ibuf[3]-'1';
+
+ akeysz=64*3;
+ len=hex2bin(ibuf+7,strlen(ibuf+7)-1,aKey+n*8);
+ if(len != 8)
+ {
+ printf("Invalid KEY\n");
+ err=1;
+ break;
+ }
+ ibuf[4]='\0';
+ PrintValue(ibuf,aKey,len);
+ if(n == 2)
+ ++step;
+ }
+ else
+ {
+ printf("Missing KEY\n");
+ err = 1;
+ }
+ break;
+
+ case 3: /* IV = xxxx */
+ fputs(ibuf, rfp);
+ if (strncasecmp(ibuf, "IV = ", 5) != 0)
+ {
+ printf("Missing IV\n");
+ err = 1;
+ }
+ else
+ {
+ len = hex2bin((char*)ibuf+5, strlen(ibuf+5)-1, iVec);
+ if (len < 0)
+ {
+ printf("Invalid IV\n");
+ err =1;
+ break;
+ }
+ PrintValue("IV", iVec, len);
+ step = (dir)? 4: 5;
+ }
+ break;
+
+ case 4: /* PLAINTEXT = xxxx */
+ fputs(ibuf, rfp);
+ if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
+ {
+ printf("Missing PLAINTEXT\n");
+ err = 1;
+ }
+ else
+ {
+ int nn = strlen(ibuf+12);
+ if(!strcmp(amode,"CFB1"))
+ len=bint2bin(ibuf+12,nn-1,plaintext);
+ else
+ len=hex2bin(ibuf+12, nn-1,plaintext);
+ if (len < 0)
+ {
+ printf("Invalid PLAINTEXT: %s", ibuf+12);
+ err =1;
+ break;
+ }
+ if (len >= sizeof(plaintext))
+ {
+ printf("Buffer overflow\n");
+ }
+ PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
+ if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
+ {
+ do_mct(amode,akeysz,numkeys,aKey,iVec,dir,plaintext,len,rfp);
+ }
+ else
+ {
+ assert(dir == 1);
+ ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
+ dir, /* 0 = decrypt, 1 = encrypt */
+ ciphertext, plaintext, len);
+ OutputValue("CIPHERTEXT",ciphertext,len,rfp,
+ !strcmp(amode,"CFB1"));
+ }
+ step = 6;
+ }
+ break;
+
+ case 5: /* CIPHERTEXT = xxxx */
+ fputs(ibuf, rfp);
+ if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
+ {
+ printf("Missing KEY\n");
+ err = 1;
+ }
+ else
+ {
+ if(!strcmp(amode,"CFB1"))
+ len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
+ else
+ len = hex2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
+ if (len < 0)
+ {
+ printf("Invalid CIPHERTEXT\n");
+ err =1;
+ break;
+ }
+
+ PrintValue("CIPHERTEXT", ciphertext, len);
+ if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
+ {
+ do_mct(amode, akeysz, numkeys, aKey, iVec,
+ dir, ciphertext, len, rfp);
+ }
+ else
+ {
+ assert(dir == 0);
+ ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
+ dir, /* 0 = decrypt, 1 = encrypt */
+ plaintext, ciphertext, len);
+ OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
+ !strcmp(amode,"CFB1"));
+ }
+ step = 6;
+ }
+ break;
+
+ case 6:
+ if (ibuf[0] != '\n')
+ {
+ err = 1;
+ printf("Missing terminator\n");
+ }
+ else if (strcmp(atest, "MCT") != 0)
+ { /* MCT already added terminating nl */
+ fputs(ibuf, rfp);
+ }
+ step = 1;
+ break;
+ }
+ }
+ if (rfp)
+ fclose(rfp);
+ if (afp)
+ fclose(afp);
+ return err;
+ }
+
+/*--------------------------------------------------
+ Processes either a single file or
+ a set of files whose names are passed in a file.
+ A single file is specified as:
+ aes_test -f xxx.req
+ A set of files is specified as:
+ aes_test -d xxxxx.xxx
+ The default is: -d req.txt
+--------------------------------------------------*/
+int main(int argc, char **argv)
+ {
+ char *rqlist = "req.txt";
+ FILE *fp = NULL;
+ char fn[250] = "", rfn[256] = "";
+ int f_opt = 0, d_opt = 1;
+
+#ifdef OPENSSL_FIPS
+ if(!FIPS_mode_set(1))
+ {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+ EXIT(1);
+ }
+#endif
+ ERR_load_crypto_strings();
+ if (argc > 1)
+ {
+ if (strcasecmp(argv[1], "-d") == 0)
+ {
+ d_opt = 1;
+ }
+ else if (strcasecmp(argv[1], "-f") == 0)
+ {
+ f_opt = 1;
+ d_opt = 0;
+ }
+ else
+ {
+ printf("Invalid parameter: %s\n", argv[1]);
+ return 0;
+ }
+ if (argc < 3)
+ {
+ printf("Missing parameter\n");
+ return 0;
+ }
+ if (d_opt)
+ rqlist = argv[2];
+ else
+ strcpy(fn, argv[2]);
+ }
+ if (d_opt)
+ { /* list of files (directory) */
+ if (!(fp = fopen(rqlist, "r")))
+ {
+ printf("Cannot open req list file\n");
+ return -1;
+ }
+ while (fgets(fn, sizeof(fn), fp))
+ {
+ strtok(fn, "\r\n");
+ strcpy(rfn, fn);
+ printf("Processing: %s\n", rfn);
+ if (proc_file(rfn))
+ {
+ printf(">>> Processing failed for: %s <<<\n", rfn);
+ EXIT(1);
+ }
+ }
+ fclose(fp);
+ }
+ else /* single file */
+ {
+ printf("Processing: %s\n", fn);
+ if (proc_file(fn))
+ {
+ printf(">>> Processing failed for: %s <<<\n", fn);
+ }
+ }
+ EXIT(0);
+ return 0;
+ }
diff --git a/src/lib/libssl/src/fips-1.0/des/fips_set_key.c b/src/lib/libssl/src/fips-1.0/des/fips_set_key.c
new file mode 100644
index 0000000000..a508ee5acb
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/des/fips_set_key.c
@@ -0,0 +1,417 @@
+/* crypto/des/set_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* set_key.c v 1.4 eay 24/9/91
+ * 1.4 Speed up by 400% :-)
+ * 1.3 added register declarations.
+ * 1.2 unrolled make_key_sched a bit more
+ * 1.1 added norm_expand_bits
+ * 1.0 First working version
+ */
+#include "fips_des_locl.h"
+#include <openssl/fips.h>
+
+#ifdef OPENSSL_FIPS
+
+OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */
+
+static const unsigned char odd_parity[256]={
+ 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
+ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+ 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
+112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
+128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
+145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
+161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
+176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
+193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
+208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
+224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
+241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
+
+void DES_set_odd_parity(DES_cblock *key)
+ {
+ int i;
+
+ for (i=0; i<DES_KEY_SZ; i++)
+ (*key)[i]=odd_parity[(*key)[i]];
+ }
+
+int DES_check_key_parity(const_DES_cblock *key)
+ {
+ int i;
+
+ for (i=0; i<DES_KEY_SZ; i++)
+ {
+ if ((*key)[i] != odd_parity[(*key)[i]])
+ return(0);
+ }
+ return(1);
+ }
+
+/* Weak and semi week keys as take from
+ * %A D.W. Davies
+ * %A W.L. Price
+ * %T Security for Computer Networks
+ * %I John Wiley & Sons
+ * %D 1984
+ * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
+ * (and actual cblock values).
+ */
+#define NUM_WEAK_KEY 16
+static const DES_cblock weak_keys[NUM_WEAK_KEY]={
+ /* weak keys */
+ {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+ {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
+ {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+ {0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1},
+ /* semi-weak keys */
+ {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
+ {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
+ {0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
+ {0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
+ {0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
+ {0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
+ {0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
+ {0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
+ {0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
+ {0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
+ {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+ {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
+
+int DES_is_weak_key(const_DES_cblock *key)
+ {
+ int i;
+
+ for (i=0; i<NUM_WEAK_KEY; i++)
+ /* Added == 0 to comparison, I obviously don't run
+ * this section very often :-(, thanks to
+ * engineering@MorningStar.Com for the fix
+ * eay 93/06/29
+ * Another problem, I was comparing only the first 4
+ * bytes, 97/03/18 */
+ if (memcmp(weak_keys[i],key,sizeof(DES_cblock)) == 0) return(1);
+ return(0);
+ }
+
+/* NOW DEFINED IN des_local.h
+ * See ecb_encrypt.c for a pseudo description of these macros.
+ * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+ * (b)^=(t),\
+ * (a)=((a)^((t)<<(n))))
+ */
+
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+ (a)=(a)^(t)^(t>>(16-(n))))
+
+static const DES_LONG des_skb[8][64]={
+ {
+ /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+ 0x00000000L,0x00000010L,0x20000000L,0x20000010L,
+ 0x00010000L,0x00010010L,0x20010000L,0x20010010L,
+ 0x00000800L,0x00000810L,0x20000800L,0x20000810L,
+ 0x00010800L,0x00010810L,0x20010800L,0x20010810L,
+ 0x00000020L,0x00000030L,0x20000020L,0x20000030L,
+ 0x00010020L,0x00010030L,0x20010020L,0x20010030L,
+ 0x00000820L,0x00000830L,0x20000820L,0x20000830L,
+ 0x00010820L,0x00010830L,0x20010820L,0x20010830L,
+ 0x00080000L,0x00080010L,0x20080000L,0x20080010L,
+ 0x00090000L,0x00090010L,0x20090000L,0x20090010L,
+ 0x00080800L,0x00080810L,0x20080800L,0x20080810L,
+ 0x00090800L,0x00090810L,0x20090800L,0x20090810L,
+ 0x00080020L,0x00080030L,0x20080020L,0x20080030L,
+ 0x00090020L,0x00090030L,0x20090020L,0x20090030L,
+ 0x00080820L,0x00080830L,0x20080820L,0x20080830L,
+ 0x00090820L,0x00090830L,0x20090820L,0x20090830L,
+ },{
+ /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+ 0x00000000L,0x02000000L,0x00002000L,0x02002000L,
+ 0x00200000L,0x02200000L,0x00202000L,0x02202000L,
+ 0x00000004L,0x02000004L,0x00002004L,0x02002004L,
+ 0x00200004L,0x02200004L,0x00202004L,0x02202004L,
+ 0x00000400L,0x02000400L,0x00002400L,0x02002400L,
+ 0x00200400L,0x02200400L,0x00202400L,0x02202400L,
+ 0x00000404L,0x02000404L,0x00002404L,0x02002404L,
+ 0x00200404L,0x02200404L,0x00202404L,0x02202404L,
+ 0x10000000L,0x12000000L,0x10002000L,0x12002000L,
+ 0x10200000L,0x12200000L,0x10202000L,0x12202000L,
+ 0x10000004L,0x12000004L,0x10002004L,0x12002004L,
+ 0x10200004L,0x12200004L,0x10202004L,0x12202004L,
+ 0x10000400L,0x12000400L,0x10002400L,0x12002400L,
+ 0x10200400L,0x12200400L,0x10202400L,0x12202400L,
+ 0x10000404L,0x12000404L,0x10002404L,0x12002404L,
+ 0x10200404L,0x12200404L,0x10202404L,0x12202404L,
+ },{
+ /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+ 0x00000000L,0x00000001L,0x00040000L,0x00040001L,
+ 0x01000000L,0x01000001L,0x01040000L,0x01040001L,
+ 0x00000002L,0x00000003L,0x00040002L,0x00040003L,
+ 0x01000002L,0x01000003L,0x01040002L,0x01040003L,
+ 0x00000200L,0x00000201L,0x00040200L,0x00040201L,
+ 0x01000200L,0x01000201L,0x01040200L,0x01040201L,
+ 0x00000202L,0x00000203L,0x00040202L,0x00040203L,
+ 0x01000202L,0x01000203L,0x01040202L,0x01040203L,
+ 0x08000000L,0x08000001L,0x08040000L,0x08040001L,
+ 0x09000000L,0x09000001L,0x09040000L,0x09040001L,
+ 0x08000002L,0x08000003L,0x08040002L,0x08040003L,
+ 0x09000002L,0x09000003L,0x09040002L,0x09040003L,
+ 0x08000200L,0x08000201L,0x08040200L,0x08040201L,
+ 0x09000200L,0x09000201L,0x09040200L,0x09040201L,
+ 0x08000202L,0x08000203L,0x08040202L,0x08040203L,
+ 0x09000202L,0x09000203L,0x09040202L,0x09040203L,
+ },{
+ /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+ 0x00000000L,0x00100000L,0x00000100L,0x00100100L,
+ 0x00000008L,0x00100008L,0x00000108L,0x00100108L,
+ 0x00001000L,0x00101000L,0x00001100L,0x00101100L,
+ 0x00001008L,0x00101008L,0x00001108L,0x00101108L,
+ 0x04000000L,0x04100000L,0x04000100L,0x04100100L,
+ 0x04000008L,0x04100008L,0x04000108L,0x04100108L,
+ 0x04001000L,0x04101000L,0x04001100L,0x04101100L,
+ 0x04001008L,0x04101008L,0x04001108L,0x04101108L,
+ 0x00020000L,0x00120000L,0x00020100L,0x00120100L,
+ 0x00020008L,0x00120008L,0x00020108L,0x00120108L,
+ 0x00021000L,0x00121000L,0x00021100L,0x00121100L,
+ 0x00021008L,0x00121008L,0x00021108L,0x00121108L,
+ 0x04020000L,0x04120000L,0x04020100L,0x04120100L,
+ 0x04020008L,0x04120008L,0x04020108L,0x04120108L,
+ 0x04021000L,0x04121000L,0x04021100L,0x04121100L,
+ 0x04021008L,0x04121008L,0x04021108L,0x04121108L,
+ },{
+ /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+ 0x00000000L,0x10000000L,0x00010000L,0x10010000L,
+ 0x00000004L,0x10000004L,0x00010004L,0x10010004L,
+ 0x20000000L,0x30000000L,0x20010000L,0x30010000L,
+ 0x20000004L,0x30000004L,0x20010004L,0x30010004L,
+ 0x00100000L,0x10100000L,0x00110000L,0x10110000L,
+ 0x00100004L,0x10100004L,0x00110004L,0x10110004L,
+ 0x20100000L,0x30100000L,0x20110000L,0x30110000L,
+ 0x20100004L,0x30100004L,0x20110004L,0x30110004L,
+ 0x00001000L,0x10001000L,0x00011000L,0x10011000L,
+ 0x00001004L,0x10001004L,0x00011004L,0x10011004L,
+ 0x20001000L,0x30001000L,0x20011000L,0x30011000L,
+ 0x20001004L,0x30001004L,0x20011004L,0x30011004L,
+ 0x00101000L,0x10101000L,0x00111000L,0x10111000L,
+ 0x00101004L,0x10101004L,0x00111004L,0x10111004L,
+ 0x20101000L,0x30101000L,0x20111000L,0x30111000L,
+ 0x20101004L,0x30101004L,0x20111004L,0x30111004L,
+ },{
+ /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+ 0x00000000L,0x08000000L,0x00000008L,0x08000008L,
+ 0x00000400L,0x08000400L,0x00000408L,0x08000408L,
+ 0x00020000L,0x08020000L,0x00020008L,0x08020008L,
+ 0x00020400L,0x08020400L,0x00020408L,0x08020408L,
+ 0x00000001L,0x08000001L,0x00000009L,0x08000009L,
+ 0x00000401L,0x08000401L,0x00000409L,0x08000409L,
+ 0x00020001L,0x08020001L,0x00020009L,0x08020009L,
+ 0x00020401L,0x08020401L,0x00020409L,0x08020409L,
+ 0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
+ 0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
+ 0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
+ 0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
+ 0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
+ 0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
+ 0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
+ 0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
+ },{
+ /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+ 0x00000000L,0x00000100L,0x00080000L,0x00080100L,
+ 0x01000000L,0x01000100L,0x01080000L,0x01080100L,
+ 0x00000010L,0x00000110L,0x00080010L,0x00080110L,
+ 0x01000010L,0x01000110L,0x01080010L,0x01080110L,
+ 0x00200000L,0x00200100L,0x00280000L,0x00280100L,
+ 0x01200000L,0x01200100L,0x01280000L,0x01280100L,
+ 0x00200010L,0x00200110L,0x00280010L,0x00280110L,
+ 0x01200010L,0x01200110L,0x01280010L,0x01280110L,
+ 0x00000200L,0x00000300L,0x00080200L,0x00080300L,
+ 0x01000200L,0x01000300L,0x01080200L,0x01080300L,
+ 0x00000210L,0x00000310L,0x00080210L,0x00080310L,
+ 0x01000210L,0x01000310L,0x01080210L,0x01080310L,
+ 0x00200200L,0x00200300L,0x00280200L,0x00280300L,
+ 0x01200200L,0x01200300L,0x01280200L,0x01280300L,
+ 0x00200210L,0x00200310L,0x00280210L,0x00280310L,
+ 0x01200210L,0x01200310L,0x01280210L,0x01280310L,
+ },{
+ /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+ 0x00000000L,0x04000000L,0x00040000L,0x04040000L,
+ 0x00000002L,0x04000002L,0x00040002L,0x04040002L,
+ 0x00002000L,0x04002000L,0x00042000L,0x04042000L,
+ 0x00002002L,0x04002002L,0x00042002L,0x04042002L,
+ 0x00000020L,0x04000020L,0x00040020L,0x04040020L,
+ 0x00000022L,0x04000022L,0x00040022L,0x04040022L,
+ 0x00002020L,0x04002020L,0x00042020L,0x04042020L,
+ 0x00002022L,0x04002022L,0x00042022L,0x04042022L,
+ 0x00000800L,0x04000800L,0x00040800L,0x04040800L,
+ 0x00000802L,0x04000802L,0x00040802L,0x04040802L,
+ 0x00002800L,0x04002800L,0x00042800L,0x04042800L,
+ 0x00002802L,0x04002802L,0x00042802L,0x04042802L,
+ 0x00000820L,0x04000820L,0x00040820L,0x04040820L,
+ 0x00000822L,0x04000822L,0x00040822L,0x04040822L,
+ 0x00002820L,0x04002820L,0x00042820L,0x04042820L,
+ 0x00002822L,0x04002822L,0x00042822L,0x04042822L,
+ }};
+
+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
+ {
+ if (FIPS_selftest_failed())
+ return -3;
+ if (DES_check_key)
+ {
+ return DES_set_key_checked(key, schedule);
+ }
+ else
+ {
+ DES_set_key_unchecked(key, schedule);
+ return 0;
+ }
+ }
+
+/* return 0 if key parity is odd (correct),
+ * return -1 if key parity error,
+ * return -2 if illegal weak key.
+ */
+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
+ {
+ if (!DES_check_key_parity(key))
+ return(-1);
+ if (DES_is_weak_key(key))
+ return(-2);
+ if (FIPS_selftest_failed())
+ return -3;
+
+ DES_set_key_unchecked(key, schedule);
+ return 0;
+ }
+
+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
+ {
+ static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
+ register DES_LONG c,d,t,s,t2;
+ register const unsigned char *in;
+ register DES_LONG *k;
+ register int i;
+
+#ifdef OPENBSD_DEV_CRYPTO
+ memcpy(schedule->key,key,sizeof schedule->key);
+ schedule->session=NULL;
+#endif
+ k = &schedule->ks->deslong[0];
+ in = &(*key)[0];
+
+ c2l(in,c);
+ c2l(in,d);
+
+ /* do PC1 in 47 simple operations :-)
+ * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
+ * for the inspiration. :-) */
+ PERM_OP (d,c,t,4,0x0f0f0f0fL);
+ HPERM_OP(c,t,-2,0xcccc0000L);
+ HPERM_OP(d,t,-2,0xcccc0000L);
+ PERM_OP (d,c,t,1,0x55555555L);
+ PERM_OP (c,d,t,8,0x00ff00ffL);
+ PERM_OP (d,c,t,1,0x55555555L);
+ d= (((d&0x000000ffL)<<16L)| (d&0x0000ff00L) |
+ ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L));
+ c&=0x0fffffffL;
+
+ for (i=0; i<ITERATIONS; i++)
+ {
+ if (shifts2[i])
+ { c=((c>>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); }
+ else
+ { c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); }
+ c&=0x0fffffffL;
+ d&=0x0fffffffL;
+ /* could be a few less shifts but I am to lazy at this
+ * point in time to investigate */
+ s= des_skb[0][ (c )&0x3f ]|
+ des_skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]|
+ des_skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]|
+ des_skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) |
+ ((c>>22L)&0x38)];
+ t= des_skb[4][ (d )&0x3f ]|
+ des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
+ des_skb[6][ (d>>15L)&0x3f ]|
+ des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];
+
+ /* table contained 0213 4657 */
+ t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL;
+ *(k++)=ROTATE(t2,30)&0xffffffffL;
+
+ t2=((s>>16L)|(t&0xffff0000L));
+ *(k++)=ROTATE(t2,26)&0xffffffffL;
+ }
+ }
+
+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
+ {
+ return(DES_set_key(key,schedule));
+ }
+/*
+#undef des_fixup_key_parity
+void des_fixup_key_parity(des_cblock *key)
+ {
+ des_set_odd_parity(key);
+ }
+*/
+
+#endif /* def OPENSSL_FIPS */
diff --git a/src/lib/libssl/src/fips-1.0/dh/Makefile b/src/lib/libssl/src/fips-1.0/dh/Makefile
new file mode 100644
index 0000000000..1166ca6e84
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/dh/Makefile
@@ -0,0 +1,104 @@
+#
+# OpenSSL/fips-1.0/dh/Makefile
+#
+
+DIR= dh
+TOP= ../..
+CC= cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR= /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE= Makefile
+AR= ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=fips_dh_check.c fips_dh_gen.c fips_dh_key.c
+LIBOBJ=fips_dh_check.o fips_dh_gen.o fips_dh_key.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=
+HEADER= $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ @echo $(LIBOBJ) > lib
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+
+install:
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips_dh_check.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_dh_check.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+fips_dh_check.o: ../../include/openssl/e_os2.h
+fips_dh_check.o: ../../include/openssl/opensslconf.h
+fips_dh_check.o: ../../include/openssl/opensslv.h
+fips_dh_check.o: ../../include/openssl/ossl_typ.h
+fips_dh_check.o: ../../include/openssl/safestack.h
+fips_dh_check.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_dh_check.o: fips_dh_check.c
+fips_dh_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_dh_gen.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+fips_dh_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_dh_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_dh_gen.o: ../../include/openssl/opensslconf.h
+fips_dh_gen.o: ../../include/openssl/opensslv.h
+fips_dh_gen.o: ../../include/openssl/ossl_typ.h
+fips_dh_gen.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dh_gen.o: ../../include/openssl/symhacks.h fips_dh_gen.c
+fips_dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+fips_dh_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_dh_key.o: ../../include/openssl/lhash.h
+fips_dh_key.o: ../../include/openssl/opensslconf.h
+fips_dh_key.o: ../../include/openssl/opensslv.h
+fips_dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+fips_dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dh_key.o: ../../include/openssl/symhacks.h fips_dh_key.c
diff --git a/src/lib/libssl/src/fips-1.0/dh/fips_dh_check.c b/src/lib/libssl/src/fips-1.0/dh/fips_dh_check.c
new file mode 100644
index 0000000000..874920b466
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/dh/fips_dh_check.c
@@ -0,0 +1,125 @@
+/* crypto/dh/dh_check.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+
+#ifdef OPENSSL_FIPS
+
+/* Check that p is a safe prime and
+ * if g is 2, 3 or 5, check that is is a suitable generator
+ * where
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5
+ * for 5, p mod 10 == 3 or 7
+ * should hold.
+ */
+
+int DH_check(const DH *dh, int *ret)
+ {
+ int ok=0;
+ BN_CTX *ctx=NULL;
+ BN_ULONG l;
+ BIGNUM *q=NULL;
+
+ *ret=0;
+ ctx=BN_CTX_new();
+ if (ctx == NULL) goto err;
+ q=BN_new();
+ if (q == NULL) goto err;
+
+ if (BN_is_word(dh->g,DH_GENERATOR_2))
+ {
+ l=BN_mod_word(dh->p,24);
+ if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
+ }
+#if 0
+ else if (BN_is_word(dh->g,DH_GENERATOR_3))
+ {
+ l=BN_mod_word(dh->p,12);
+ if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
+ }
+#endif
+ else if (BN_is_word(dh->g,DH_GENERATOR_5))
+ {
+ l=BN_mod_word(dh->p,10);
+ if ((l != 3) && (l != 7))
+ *ret|=DH_NOT_SUITABLE_GENERATOR;
+ }
+ else
+ *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
+
+ if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
+ *ret|=DH_CHECK_P_NOT_PRIME;
+ else
+ {
+ if (!BN_rshift1(q,dh->p)) goto err;
+ if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
+ *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
+ }
+ ok=1;
+err:
+ if (ctx != NULL) BN_CTX_free(ctx);
+ if (q != NULL) BN_free(q);
+ return(ok);
+ }
+
+#endif
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/dh/fips_dh_gen.c b/src/lib/libssl/src/fips-1.0/dh/fips_dh_gen.c
new file mode 100644
index 0000000000..b569e3912d
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/dh/fips_dh_gen.c
@@ -0,0 +1,186 @@
+/* crypto/dh/dh_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#include <openssl/fips.h>
+
+#ifndef OPENSSL_NO_DH
+#ifdef OPENSSL_FIPS
+
+/* We generate DH parameters as follows
+ * find a prime q which is prime_len/2 bits long.
+ * p=(2*q)+1 or (p-1)/2 = q
+ * For this case, g is a generator if
+ * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
+ * Since the factors of p-1 are q and 2, we just need to check
+ * g^2 mod p != 1 and g^q mod p != 1.
+ *
+ * Having said all that,
+ * there is another special case method for the generators 2, 3 and 5.
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5 <<<<< does not work for safe primes.
+ * for 5, p mod 10 == 3 or 7
+ *
+ * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
+ * special generators and for answering some of my questions.
+ *
+ * I've implemented the second simple method :-).
+ * Since DH should be using a safe prime (both p and q are prime),
+ * this generator function can take a very very long time to run.
+ */
+/* Actually there is no reason to insist that 'generator' be a generator.
+ * It's just as OK (and in some sense better) to use a generator of the
+ * order-q subgroup.
+ */
+
+DH *DH_generate_parameters(int prime_len, int generator,
+ void (*callback)(int,int,void *), void *cb_arg)
+ {
+ BIGNUM *p=NULL,*t1,*t2;
+ DH *ret=NULL;
+ int g,ok= -1;
+ BN_CTX *ctx=NULL;
+
+ if(FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_DH_GENERATE_PARAMETERS,FIPS_R_FIPS_SELFTEST_FAILED);
+ return NULL;
+ }
+
+ ret=DH_new();
+ if (ret == NULL) goto err;
+ ctx=BN_CTX_new();
+ if (ctx == NULL) goto err;
+ BN_CTX_start(ctx);
+ t1 = BN_CTX_get(ctx);
+ t2 = BN_CTX_get(ctx);
+ if (t1 == NULL || t2 == NULL) goto err;
+
+ if (generator <= 1)
+ {
+ DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR);
+ goto err;
+ }
+ if (generator == DH_GENERATOR_2)
+ {
+ if (!BN_set_word(t1,24)) goto err;
+ if (!BN_set_word(t2,11)) goto err;
+ g=2;
+ }
+#if 0 /* does not work for safe primes */
+ else if (generator == DH_GENERATOR_3)
+ {
+ if (!BN_set_word(t1,12)) goto err;
+ if (!BN_set_word(t2,5)) goto err;
+ g=3;
+ }
+#endif
+ else if (generator == DH_GENERATOR_5)
+ {
+ if (!BN_set_word(t1,10)) goto err;
+ if (!BN_set_word(t2,3)) goto err;
+ /* BN_set_word(t3,7); just have to miss
+ * out on these ones :-( */
+ g=5;
+ }
+ else
+ {
+ /* in the general case, don't worry if 'generator' is a
+ * generator or not: since we are using safe primes,
+ * it will generate either an order-q or an order-2q group,
+ * which both is OK */
+ if (!BN_set_word(t1,2)) goto err;
+ if (!BN_set_word(t2,1)) goto err;
+ g=generator;
+ }
+
+ p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
+ if (p == NULL) goto err;
+ if (callback != NULL) callback(3,0,cb_arg);
+ ret->p=p;
+ ret->g=BN_new();
+ if (!BN_set_word(ret->g,g)) goto err;
+ ok=1;
+err:
+ if (ok == -1)
+ {
+ DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB);
+ ok=0;
+ }
+
+ if (ctx != NULL)
+ {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (!ok && (ret != NULL))
+ {
+ DH_free(ret);
+ ret=NULL;
+ }
+ return(ret);
+ }
+
+#endif
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/dh/fips_dh_key.c b/src/lib/libssl/src/fips-1.0/dh/fips_dh_key.c
new file mode 100644
index 0000000000..79c10404d5
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/dh/fips_dh_key.c
@@ -0,0 +1,256 @@
+/* crypto/dh/dh_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RAND
+#include <openssl/rand.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+
+#ifdef OPENSSL_FIPS
+
+static int generate_key(DH *dh);
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+static int dh_init(DH *dh);
+static int dh_finish(DH *dh);
+
+int DH_generate_key(DH *dh)
+ {
+ return dh->meth->generate_key(dh);
+ }
+
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+ {
+ return dh->meth->compute_key(key, pub_key, dh);
+ }
+
+static const DH_METHOD dh_ossl = {
+"OpenSSL DH Method",
+generate_key,
+compute_key,
+dh_bn_mod_exp,
+dh_init,
+dh_finish,
+0,
+NULL
+};
+
+const DH_METHOD *DH_OpenSSL(void)
+{
+ return &dh_ossl;
+}
+
+static int generate_key(DH *dh)
+ {
+ int ok=0;
+ int generate_new_key=0;
+ unsigned l;
+ BN_CTX *ctx;
+ BN_MONT_CTX *mont=NULL;
+ BIGNUM *pub_key=NULL,*priv_key=NULL;
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL) goto err;
+
+ if (dh->priv_key == NULL)
+ {
+ priv_key=BN_new();
+ if (priv_key == NULL) goto err;
+ generate_new_key=1;
+ }
+ else
+ priv_key=dh->priv_key;
+
+ if (dh->pub_key == NULL)
+ {
+ pub_key=BN_new();
+ if (pub_key == NULL) goto err;
+ }
+ else
+ pub_key=dh->pub_key;
+
+ if (dh->flags & DH_FLAG_CACHE_MONT_P)
+ {
+ mont = BN_MONT_CTX_set_locked(
+ (BN_MONT_CTX **)&dh->method_mont_p,
+ CRYPTO_LOCK_DH, dh->p, ctx);
+ if (!mont)
+ goto err;
+ }
+
+ if (generate_new_key)
+ {
+ l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
+ if (!BN_rand(priv_key, l, 0, 0)) goto err;
+ }
+
+ {
+ BIGNUM local_prk;
+ BIGNUM *prk;
+
+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
+ {
+ BN_init(&local_prk);
+ prk = &local_prk;
+ BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ prk = priv_key;
+
+ if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont))
+ goto err;
+ }
+
+ dh->pub_key=pub_key;
+ dh->priv_key=priv_key;
+ ok=1;
+err:
+ if (ok != 1)
+ DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB);
+
+ if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key);
+ if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
+ BN_CTX_free(ctx);
+ return(ok);
+ }
+
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+ {
+ BN_CTX *ctx;
+ BN_MONT_CTX *mont=NULL;
+ BIGNUM *tmp;
+ int ret= -1;
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL) goto err;
+ BN_CTX_start(ctx);
+ tmp = BN_CTX_get(ctx);
+
+ if (dh->priv_key == NULL)
+ {
+ DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
+ goto err;
+ }
+
+ if (dh->flags & DH_FLAG_CACHE_MONT_P)
+ {
+ mont = BN_MONT_CTX_set_locked(
+ (BN_MONT_CTX **)&dh->method_mont_p,
+ CRYPTO_LOCK_DH, dh->p, ctx);
+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
+ {
+ /* XXX */
+ BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME);
+ }
+ if (!mont)
+ goto err;
+ }
+
+ if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
+ {
+ DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
+ goto err;
+ }
+
+ ret=BN_bn2bin(tmp,key);
+err:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return(ret);
+ }
+
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+ {
+ /* If a is only one word long and constant time is false, use the faster
+ * exponenentiation function.
+ */
+ if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
+ {
+ BN_ULONG A = a->d[0];
+ return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
+ }
+ else
+ return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
+ }
+
+
+static int dh_init(DH *dh)
+ {
+ dh->flags |= DH_FLAG_CACHE_MONT_P;
+ return(1);
+ }
+
+static int dh_finish(DH *dh)
+ {
+ if(dh->method_mont_p)
+ BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p);
+ return(1);
+ }
+
+#endif
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/dsa/Makefile b/src/lib/libssl/src/fips-1.0/dsa/Makefile
new file mode 100644
index 0000000000..aeb08b5943
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/dsa/Makefile
@@ -0,0 +1,147 @@
+#
+# OpenSSL/fips-1.0/dsa/Makefile
+#
+
+DIR= dsa
+TOP= ../..
+CC= cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR= /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE= Makefile
+AR= ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=fips_dsatest.c fips_dssvs.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=fips_dsa_ossl.c fips_dsa_gen.c fips_dsa_selftest.c
+LIBOBJ=fips_dsa_ossl.o fips_dsa_gen.o fips_dsa_selftest.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=
+HEADER= $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ @echo $(LIBOBJ) > lib
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+
+install:
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+Q=../testvectors/dsa/req
+A=../testvectors/dsa/rsp
+
+fips_test:
+ -rm -rf $A
+ mkdir $A
+ if [ -f $(Q)/PQGGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs pqg < $(Q)/PQGGen.req > $(A)/PQGGen.rsp; fi
+ if [ -f $(Q)/KeyPair.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs keypair < $(Q)/KeyPair.req > $(A)/KeyPair.rsp; fi
+ if [ -f $(Q)/SigGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs siggen < $(Q)/SigGen.req > $(A)/SigGen.rsp; fi
+ if [ -f $(Q)/SigVer.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs sigver < $Q/SigVer.req > $A/SigVer.rsp; fi
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips_dsa_gen.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+fips_dsa_gen.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+fips_dsa_gen.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fips_dsa_gen.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+fips_dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/fips_sha.h
+fips_dsa_gen.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+fips_dsa_gen.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+fips_dsa_gen.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+fips_dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_dsa_gen.o: ../../include/openssl/opensslconf.h
+fips_dsa_gen.o: ../../include/openssl/opensslv.h
+fips_dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+fips_dsa_gen.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+fips_dsa_gen.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+fips_dsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+fips_dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_dsa_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fips_dsa_gen.o: ../../include/openssl/ui_compat.h fips_dsa_gen.c
+fips_dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+fips_dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+fips_dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/fips.h
+fips_dsa_ossl.o: ../../include/openssl/lhash.h
+fips_dsa_ossl.o: ../../include/openssl/opensslconf.h
+fips_dsa_ossl.o: ../../include/openssl/opensslv.h
+fips_dsa_ossl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+fips_dsa_ossl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+fips_dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_dsa_ossl.o: ../../include/openssl/ui.h fips_dsa_ossl.c
+fips_dsa_selftest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_dsa_selftest.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/fips.h
+fips_dsa_selftest.o: ../../include/openssl/lhash.h
+fips_dsa_selftest.o: ../../include/openssl/opensslconf.h
+fips_dsa_selftest.o: ../../include/openssl/opensslv.h
+fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h
+fips_dsa_selftest.o: ../../include/openssl/safestack.h
+fips_dsa_selftest.o: ../../include/openssl/stack.h
+fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
+fips_dsatest.o: ../../e_os.h ../../include/openssl/asn1.h
+fips_dsatest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_dsatest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fips_dsatest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+fips_dsatest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsatest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+fips_dsatest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_dsatest.o: ../../include/openssl/lhash.h
+fips_dsatest.o: ../../include/openssl/opensslconf.h
+fips_dsatest.o: ../../include/openssl/opensslv.h
+fips_dsatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+fips_dsatest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+fips_dsatest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_dsatest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+fips_dsatest.o: fips_dsatest.c
+fips_dssvs.o: ../../include/openssl/opensslconf.h fips_dssvs.c
diff --git a/src/lib/libssl/src/fips-1.0/dsa/fips_dsa_gen.c b/src/lib/libssl/src/fips-1.0/dsa/fips_dsa_gen.c
new file mode 100644
index 0000000000..8ed1de0195
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/dsa/fips_dsa_gen.c
@@ -0,0 +1,374 @@
+/* crypto/dsa/dsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#undef GENUINE_DSA
+
+#ifdef GENUINE_DSA
+/* Parameter generation follows the original release of FIPS PUB 186,
+ * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
+#define HASH EVP_sha()
+#else
+/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
+ * FIPS PUB 180-1) */
+#define HASH EVP_sha1()
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+/*#include "cryptlib.h"*/
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_RAND
+#include <openssl/rand.h>
+#endif
+#ifndef OPENSSL_NO_SHA
+#include <openssl/fips_sha.h>
+#endif
+#include <openssl/fips.h>
+#include <openssl/err.h>
+
+#ifndef OPENSSL_NO_DSA
+#ifdef OPENSSL_FIPS
+
+static int fips_check_dsa(DSA *dsa)
+ {
+ static const unsigned char str1[]="12345678901234567890";
+ unsigned char sig[256];
+ unsigned int siglen;
+
+ DSA_sign(0, str1, 20, sig, &siglen, dsa);
+ if(DSA_verify(0, str1, 20, sig, siglen, dsa) != 1)
+ {
+ FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
+ return 0;
+ }
+ return 1;
+ }
+
+DSA *DSA_generate_parameters(FIPS_DSA_SIZE_T bits,
+ unsigned char *seed_in, FIPS_DSA_SIZE_T seed_len,
+ int *counter_ret, unsigned long *h_ret,
+ void (*callback)(int, int, void *),
+ void *cb_arg)
+ {
+ int ok=0;
+ unsigned char seed[SHA_DIGEST_LENGTH];
+ unsigned char md[SHA_DIGEST_LENGTH];
+ unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
+ BIGNUM *r0,*W,*X,*c,*test;
+ BIGNUM *g=NULL,*q=NULL,*p=NULL;
+ BN_MONT_CTX *mont=NULL;
+ int k,n=0,i,b,m=0;
+ int counter=0;
+ int r=0;
+ BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL;
+ unsigned int h=2;
+ DSA *ret=NULL;
+ unsigned char *seed_out=seed_in;
+
+ if(FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_DSA_GENERATE_PARAMETERS,
+ FIPS_R_FIPS_SELFTEST_FAILED);
+ goto err;
+ }
+
+ if (bits < 512) bits=512;
+ bits=(bits+63)/64*64;
+
+ if (seed_len < 20)
+ seed_in = NULL; /* seed buffer too small -- ignore */
+ if (seed_len > 20)
+ seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
+ * but our internal buffers are restricted to 160 bits*/
+ if ((seed_in != NULL) && (seed_len == 20))
+ memcpy(seed,seed_in,seed_len);
+
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+ if ((ctx2=BN_CTX_new()) == NULL) goto err;
+ if ((ctx3=BN_CTX_new()) == NULL) goto err;
+ if ((ret=DSA_new()) == NULL) goto err;
+
+ if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+
+ BN_CTX_start(ctx2);
+ r0 = BN_CTX_get(ctx2);
+ g = BN_CTX_get(ctx2);
+ W = BN_CTX_get(ctx2);
+ q = BN_CTX_get(ctx2);
+ X = BN_CTX_get(ctx2);
+ c = BN_CTX_get(ctx2);
+ p = BN_CTX_get(ctx2);
+ test = BN_CTX_get(ctx2);
+
+ BN_lshift(test,BN_value_one(),bits-1);
+
+ for (;;)
+ {
+ for (;;) /* find q */
+ {
+ int seed_is_random;
+
+ /* step 1 */
+ if (callback != NULL) callback(0,m++,cb_arg);
+
+ if (!seed_len)
+ {
+ if(RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH) < 0)
+ goto err;
+ seed_is_random = 1;
+ }
+ else
+ {
+ seed_is_random = 0;
+ seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
+ }
+ memcpy(buf,seed,SHA_DIGEST_LENGTH);
+ memcpy(buf2,seed,SHA_DIGEST_LENGTH);
+ /* precompute "SEED + 1" for step 7: */
+ for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+ {
+ buf[i]++;
+ if (buf[i] != 0) break;
+ }
+
+ /* step 2 */
+ EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
+ EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
+ for (i=0; i<SHA_DIGEST_LENGTH; i++)
+ md[i]^=buf2[i];
+
+ /* step 3 */
+ md[0]|=0x80;
+ md[SHA_DIGEST_LENGTH-1]|=0x01;
+ if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
+
+ /* step 4 */
+ r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random);
+ if (r > 0)
+ break;
+ if (r != 0)
+ goto err;
+
+ /* do a callback call */
+ /* step 5 */
+ }
+
+ if (callback != NULL) callback(2,0,cb_arg);
+ if (callback != NULL) callback(3,0,cb_arg);
+
+ /* step 6 */
+ counter=0;
+ /* "offset = 2" */
+
+ n=(bits-1)/160;
+ b=(bits-1)-n*160;
+
+ for (;;)
+ {
+ if (callback != NULL && counter != 0)
+ callback(0,counter,cb_arg);
+
+ /* step 7 */
+ BN_zero(W);
+ /* now 'buf' contains "SEED + offset - 1" */
+ for (k=0; k<=n; k++)
+ {
+ /* obtain "SEED + offset + k" by incrementing: */
+ for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+ {
+ buf[i]++;
+ if (buf[i] != 0) break;
+ }
+
+ EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
+
+ /* step 8 */
+ if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
+ goto err;
+ BN_lshift(r0,r0,160*k);
+ BN_add(W,W,r0);
+ }
+
+ /* more of step 8 */
+ BN_mask_bits(W,bits-1);
+ BN_copy(X,W); /* this should be ok */
+ BN_add(X,X,test); /* this should be ok */
+
+ /* step 9 */
+ BN_lshift1(r0,q);
+ BN_mod(c,X,r0,ctx);
+ BN_sub(r0,c,BN_value_one());
+ BN_sub(p,X,r0);
+
+ /* step 10 */
+ if (BN_cmp(p,test) >= 0)
+ {
+ /* step 11 */
+ r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1);
+ if (r > 0)
+ goto end; /* found it */
+ if (r != 0)
+ goto err;
+ }
+
+ /* step 13 */
+ counter++;
+ /* "offset = offset + n + 1" */
+
+ /* step 14 */
+ if (counter >= 4096) break;
+ }
+ }
+end:
+ if (callback != NULL) callback(2,1,cb_arg);
+
+ /* We now need to generate g */
+ /* Set r0=(p-1)/q */
+ BN_sub(test,p,BN_value_one());
+ BN_div(r0,NULL,test,q,ctx);
+
+ BN_set_word(test,h);
+ BN_MONT_CTX_set(mont,p,ctx);
+
+ for (;;)
+ {
+ /* g=test^r0%p */
+ BN_mod_exp_mont(g,test,r0,p,ctx,mont);
+ if (!BN_is_one(g)) break;
+ BN_add(test,test,BN_value_one());
+ h++;
+ }
+
+ if (callback != NULL) callback(3,1,cb_arg);
+
+ ok=1;
+err:
+ if (!ok)
+ {
+ if (ret != NULL) DSA_free(ret);
+ }
+ else
+ {
+ ret->p=BN_dup(p);
+ ret->q=BN_dup(q);
+ ret->g=BN_dup(g);
+ if(seed_out != NULL) memcpy(seed_out,seed,20);
+ if (counter_ret != NULL) *counter_ret=counter;
+ if (h_ret != NULL) *h_ret=h;
+ }
+ if (ctx != NULL) BN_CTX_free(ctx);
+ if (ctx2 != NULL)
+ {
+ BN_CTX_end(ctx2);
+ BN_CTX_free(ctx2);
+ }
+ if (ctx3 != NULL) BN_CTX_free(ctx3);
+ if (mont != NULL) BN_MONT_CTX_free(mont);
+ return(ok?ret:NULL);
+ }
+
+int DSA_generate_key(DSA *dsa)
+ {
+ int ok=0;
+ BN_CTX *ctx=NULL;
+ BIGNUM *pub_key=NULL,*priv_key=NULL;
+
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+ if (dsa->priv_key == NULL)
+ {
+ if ((priv_key=BN_new()) == NULL) goto err;
+ }
+ else
+ priv_key=dsa->priv_key;
+
+ do
+ if (!BN_rand_range(priv_key,dsa->q)) goto err;
+ while (BN_is_zero(priv_key));
+
+ if (dsa->pub_key == NULL)
+ {
+ if ((pub_key=BN_new()) == NULL) goto err;
+ }
+ else
+ pub_key=dsa->pub_key;
+
+ if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err;
+
+ dsa->priv_key=priv_key;
+ dsa->pub_key=pub_key;
+
+ if(!fips_check_dsa(dsa))
+ goto err;
+
+ ok=1;
+
+err:
+ if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
+ if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
+ if (ctx != NULL) BN_CTX_free(ctx);
+ return(ok);
+ }
+#endif
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/dsa/fips_dsa_ossl.c b/src/lib/libssl/src/fips-1.0/dsa/fips_dsa_ossl.c
new file mode 100644
index 0000000000..f8f3a39343
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/dsa/fips_dsa_ossl.c
@@ -0,0 +1,408 @@
+/* crypto/dsa/dsa_ossl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/fips.h>
+
+#ifdef OPENSSL_FIPS
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA *dsa);
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
+static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DSA_SIG *sig,
+ DSA *dsa);
+static int dsa_init(DSA *dsa);
+static int dsa_finish(DSA *dsa);
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+ BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont);
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+
+static const DSA_METHOD openssl_dsa_meth = {
+"OpenSSL FIPS DSA method",
+dsa_do_sign,
+dsa_sign_setup,
+dsa_do_verify,
+dsa_mod_exp,
+dsa_bn_mod_exp,
+dsa_init,
+dsa_finish,
+0,
+NULL
+};
+
+int FIPS_dsa_check(struct dsa_st *dsa)
+ {
+ if(dsa->meth != &openssl_dsa_meth || dsa->meth->dsa_do_sign != dsa_do_sign
+ || dsa->meth->dsa_sign_setup != dsa_sign_setup
+ || dsa->meth->dsa_mod_exp != dsa_mod_exp
+ || dsa->meth->bn_mod_exp != dsa_bn_mod_exp
+ || dsa->meth->init != dsa_init
+ || dsa->meth->finish != dsa_finish)
+ {
+ FIPSerr(FIPS_F_FIPS_DSA_CHECK,FIPS_R_NON_FIPS_METHOD);
+ return 0;
+ }
+ return 1;
+ }
+
+const DSA_METHOD *DSA_OpenSSL(void)
+{
+ return &openssl_dsa_meth;
+}
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA *dsa)
+ {
+ BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
+ BIGNUM m;
+ BIGNUM xr;
+ BN_CTX *ctx=NULL;
+ int i,reason=ERR_R_BN_LIB;
+ DSA_SIG *ret=NULL;
+
+ if(FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_DSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
+ return NULL;
+ }
+
+ BN_init(&m);
+ BN_init(&xr);
+
+ if (!dsa->p || !dsa->q || !dsa->g)
+ {
+ reason=DSA_R_MISSING_PARAMETERS;
+ goto err;
+ }
+
+ s=BN_new();
+ if (s == NULL) goto err;
+
+ i=BN_num_bytes(dsa->q); /* should be 20 */
+ if ((dlen > i) || (dlen > 50))
+ {
+ reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+ goto err;
+ }
+
+ ctx=BN_CTX_new();
+ if (ctx == NULL) goto err;
+
+ if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
+
+ if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
+
+ /* Compute s = inv(k) (m + xr) mod q */
+ if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
+ if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
+ if (BN_cmp(s,dsa->q) > 0)
+ BN_sub(s,s,dsa->q);
+ if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
+
+ ret=DSA_SIG_new();
+ if (ret == NULL) goto err;
+ ret->r = r;
+ ret->s = s;
+
+err:
+ if (!ret)
+ {
+ DSAerr(DSA_F_DSA_DO_SIGN,reason);
+ BN_free(r);
+ BN_free(s);
+ }
+ if (ctx != NULL) BN_CTX_free(ctx);
+ BN_clear_free(&m);
+ BN_clear_free(&xr);
+ if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
+ BN_clear_free(kinv);
+ return(ret);
+ }
+
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+ {
+ BN_CTX *ctx;
+ BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
+ int ret=0;
+
+ if (!dsa->p || !dsa->q || !dsa->g)
+ {
+ DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
+ return 0;
+ }
+
+ BN_init(&k);
+ BN_init(&kq);
+
+ if (ctx_in == NULL)
+ {
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+ }
+ else
+ ctx=ctx_in;
+
+ if ((r=BN_new()) == NULL) goto err;
+
+ /* Get random k */
+ do
+ if (!BN_rand_range(&k, dsa->q)) goto err;
+ while (BN_is_zero(&k));
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+ {
+ BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
+ }
+
+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
+ {
+ if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
+ CRYPTO_LOCK_DSA,
+ dsa->p, ctx))
+ goto err;
+ }
+
+ /* Compute r = (g^k mod p) mod q */
+
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+ {
+ if (!BN_copy(&kq, &k)) goto err;
+
+ /* We do not want timing information to leak the length of k,
+ * so we compute g^k using an equivalent exponent of fixed length.
+ *
+ * (This is a kludge that we need because the BN_mod_exp_mont()
+ * does not let us specify the desired timing behaviour.) */
+
+ if (!BN_add(&kq, &kq, dsa->q)) goto err;
+ if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
+ {
+ if (!BN_add(&kq, &kq, dsa->q)) goto err;
+ }
+
+ K = &kq;
+ }
+ else
+ {
+ K = &k;
+ }
+ if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
+ (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
+ if (!BN_mod(r,r,dsa->q,ctx)) goto err;
+
+ /* Compute part of 's = inv(k) (m + xr) mod q' */
+ if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
+
+ if (*kinvp != NULL) BN_clear_free(*kinvp);
+ *kinvp=kinv;
+ kinv=NULL;
+ if (*rp != NULL) BN_clear_free(*rp);
+ *rp=r;
+ ret=1;
+err:
+ if (!ret)
+ {
+ DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
+ if (kinv != NULL) BN_clear_free(kinv);
+ if (r != NULL) BN_clear_free(r);
+ }
+ if (ctx_in == NULL) BN_CTX_free(ctx);
+ if (kinv != NULL) BN_clear_free(kinv);
+ BN_clear_free(&k);
+ BN_clear_free(&kq);
+ return(ret);
+ }
+
+static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DSA_SIG *sig,
+ DSA *dsa)
+ {
+ BN_CTX *ctx;
+ BIGNUM u1,u2,t1;
+ BN_MONT_CTX *mont=NULL;
+ int ret = -1;
+
+ if (!dsa->p || !dsa->q || !dsa->g)
+ {
+ DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
+ return -1;
+ }
+
+ if(FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_DSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
+ return -1;
+ }
+
+ BN_init(&u1);
+ BN_init(&u2);
+ BN_init(&t1);
+
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+ if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
+ {
+ ret = 0;
+ goto err;
+ }
+ if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
+ {
+ ret = 0;
+ goto err;
+ }
+
+ /* Calculate W = inv(S) mod Q
+ * save W in u2 */
+ if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
+
+ /* save M in u1 */
+ if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
+
+ /* u1 = M * w mod q */
+ if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
+
+ /* u2 = r * w mod q */
+ if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
+
+
+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
+ {
+ mont = BN_MONT_CTX_set_locked(
+ (BN_MONT_CTX **)&dsa->method_mont_p,
+ CRYPTO_LOCK_DSA, dsa->p, ctx);
+ if (!mont)
+ goto err;
+ }
+
+#if 0
+ {
+ BIGNUM t2;
+
+ BN_init(&t2);
+ /* v = ( g^u1 * y^u2 mod p ) mod q */
+ /* let t1 = g ^ u1 mod p */
+ if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
+ /* let t2 = y ^ u2 mod p */
+ if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
+ /* let u1 = t1 * t2 mod p */
+ if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
+ BN_free(&t2);
+ }
+ /* let u1 = u1 mod q */
+ if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
+#else
+ {
+ if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+ dsa->p,ctx,mont)) goto err;
+ /* BN_copy(&u1,&t1); */
+ /* let u1 = u1 mod q */
+ if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
+ }
+#endif
+ /* V is now in u1. If the signature is correct, it will be
+ * equal to R. */
+ ret=(BN_ucmp(&u1, sig->r) == 0);
+
+ err:
+ if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
+ if (ctx != NULL) BN_CTX_free(ctx);
+ BN_free(&u1);
+ BN_free(&u2);
+ BN_free(&t1);
+ return(ret);
+ }
+
+static int dsa_init(DSA *dsa)
+{
+ dsa->flags|=DSA_FLAG_CACHE_MONT_P;
+ return(1);
+}
+
+static int dsa_finish(DSA *dsa)
+{
+ if(dsa->method_mont_p)
+ BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
+ return(1);
+}
+
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+ BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont)
+{
+ return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
+}
+
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
+
+#else /* ndef OPENSSL_FIPS */
+
+static void *dummy=&dummy;
+
+#endif /* ndef OPENSSL_FIPS */
diff --git a/src/lib/libssl/src/fips-1.0/dsa/fips_dsa_selftest.c b/src/lib/libssl/src/fips-1.0/dsa/fips_dsa_selftest.c
new file mode 100644
index 0000000000..795fda9587
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/dsa/fips_dsa_selftest.c
@@ -0,0 +1,168 @@
+/* crypto/dsa/dsatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/dsa.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+
+#ifdef OPENSSL_FIPS
+
+/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
+ * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
+static unsigned char seed[20]={
+ 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
+ 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
+ };
+
+static const unsigned char out_p[]={
+ 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
+ 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
+ 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
+ 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
+ 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
+ 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
+ 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
+ 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
+ };
+
+static const unsigned char out_q[]={
+ 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
+ 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
+ 0xda,0xce,0x91,0x5f,
+ };
+
+static const unsigned char out_g[]={
+ 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
+ 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
+ 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
+ 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
+ 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
+ 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
+ 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
+ 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
+ };
+
+static const unsigned char str1[]="12345678901234567890";
+
+void FIPS_corrupt_dsa()
+ {
+ ++seed[0];
+ }
+
+int FIPS_selftest_dsa()
+ {
+ DSA *dsa=NULL;
+ int counter,i,j;
+ unsigned char buf[256];
+ unsigned long h;
+ unsigned char sig[256];
+ unsigned int siglen;
+
+ dsa=DSA_generate_parameters(512,seed,20,&counter,&h,NULL,NULL);
+
+ if(dsa == NULL)
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ if (counter != 105)
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ if (h != 2)
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ i=BN_bn2bin(dsa->q,buf);
+ j=sizeof(out_q);
+ if (i != j || memcmp(buf,out_q,i) != 0)
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+
+ i=BN_bn2bin(dsa->p,buf);
+ j=sizeof(out_p);
+ if (i != j || memcmp(buf,out_p,i) != 0)
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+
+ i=BN_bn2bin(dsa->g,buf);
+ j=sizeof(out_g);
+ if (i != j || memcmp(buf,out_g,i) != 0)
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ DSA_generate_key(dsa);
+ DSA_sign(0, str1, 20, sig, &siglen, dsa);
+ if(DSA_verify(0, str1, 20, sig, siglen, dsa) != 1)
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ DSA_free(dsa);
+ return 1;
+ }
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/dsa/fips_dsatest.c b/src/lib/libssl/src/fips-1.0/dsa/fips_dsatest.c
new file mode 100644
index 0000000000..5970b201e9
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/dsa/fips_dsatest.c
@@ -0,0 +1,257 @@
+/* crypto/dsa/dsatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include "e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+
+#if defined(OPENSSL_NO_DSA) || !defined(OPENSSL_FIPS)
+int main(int argc, char *argv[])
+{
+ printf("No FIPS DSA support\n");
+ return(0);
+}
+#else
+#include <openssl/dsa.h>
+
+#ifdef OPENSSL_SYS_WIN16
+#define MS_CALLBACK _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
+
+/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
+ * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
+static unsigned char seed[20]={
+ 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
+ 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
+ };
+
+static unsigned char out_p[]={
+ 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
+ 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
+ 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
+ 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
+ 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
+ 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
+ 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
+ 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
+ };
+
+static unsigned char out_q[]={
+ 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
+ 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
+ 0xda,0xce,0x91,0x5f,
+ };
+
+static unsigned char out_g[]={
+ 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
+ 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
+ 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
+ 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
+ 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
+ 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
+ 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
+ 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
+ };
+
+static const unsigned char str1[]="12345678901234567890";
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+static const unsigned char rnd_key1[]="12345678";
+static const unsigned char rnd_key2[]="abcdefgh";
+
+static BIO *bio_err=NULL;
+
+int main(int argc, char **argv)
+ {
+ DSA *dsa=NULL;
+ int counter,ret=0,i,j;
+ unsigned char buf[256];
+ unsigned long h;
+ unsigned char sig[256];
+ unsigned int siglen;
+
+ if (bio_err == NULL)
+ bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+#ifdef OPENSSL_FIPS
+ if(!FIPS_mode_set(1))
+ {
+ ERR_print_errors(bio_err);
+ EXIT(1);
+ }
+#endif
+ CRYPTO_malloc_debug_init();
+ CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ ERR_load_crypto_strings();
+ FIPS_set_prng_key(rnd_key1,rnd_key2);
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+
+ BIO_printf(bio_err,"test generation of DSA parameters\n");
+
+ dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);
+
+ BIO_printf(bio_err,"seed\n");
+ for (i=0; i<20; i+=4)
+ {
+ BIO_printf(bio_err,"%02X%02X%02X%02X ",
+ seed[i],seed[i+1],seed[i+2],seed[i+3]);
+ }
+ BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h);
+
+ if (dsa == NULL) goto end;
+ DSA_print(bio_err,dsa,0);
+ if (counter != 105)
+ {
+ BIO_printf(bio_err,"counter should be 105\n");
+ goto end;
+ }
+ if (h != 2)
+ {
+ BIO_printf(bio_err,"h should be 2\n");
+ goto end;
+ }
+
+ i=BN_bn2bin(dsa->q,buf);
+ j=sizeof(out_q);
+ if ((i != j) || (memcmp(buf,out_q,i) != 0))
+ {
+ BIO_printf(bio_err,"q value is wrong\n");
+ goto end;
+ }
+
+ i=BN_bn2bin(dsa->p,buf);
+ j=sizeof(out_p);
+ if ((i != j) || (memcmp(buf,out_p,i) != 0))
+ {
+ BIO_printf(bio_err,"p value is wrong\n");
+ goto end;
+ }
+
+ i=BN_bn2bin(dsa->g,buf);
+ j=sizeof(out_g);
+ if ((i != j) || (memcmp(buf,out_g,i) != 0))
+ {
+ BIO_printf(bio_err,"g value is wrong\n");
+ goto end;
+ }
+ DSA_generate_key(dsa);
+ DSA_sign(0, str1, 20, sig, &siglen, dsa);
+ if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+ ret=1;
+end:
+ if (!ret)
+ ERR_print_errors(bio_err);
+ if (dsa != NULL) DSA_free(dsa);
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_state(0);
+ ERR_free_strings();
+ CRYPTO_mem_leaks(bio_err);
+ if (bio_err != NULL)
+ {
+ BIO_free(bio_err);
+ bio_err = NULL;
+ }
+ EXIT(!ret);
+ return(!ret);
+ }
+
+static int cb_exit(int ec)
+ {
+ EXIT(ec);
+ return(0); /* To keep some compilers quiet */
+ }
+
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+ {
+ char c='*';
+ static int ok=0,num=0;
+
+ if (p == 0) { c='.'; num++; };
+ if (p == 1) c='+';
+ if (p == 2) { c='*'; ok++; }
+ if (p == 3) c='\n';
+ BIO_write(arg,&c,1);
+ (void)BIO_flush(arg);
+
+ if (!ok && (p == 0) && (num > 1))
+ {
+ BIO_printf((BIO *)arg,"error in dsatest\n");
+ cb_exit(1);
+ }
+ }
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/dsa/fips_dssvs.c b/src/lib/libssl/src/fips-1.0/dsa/fips_dssvs.c
new file mode 100644
index 0000000000..560d635981
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/dsa/fips_dssvs.c
@@ -0,0 +1,319 @@
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+#include <stdio.h>
+
+int main()
+{
+ printf("No FIPS DSA support\n");
+ return(0);
+}
+#else
+
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/fips_sha.h>
+#include <string.h>
+
+int hex2bin(const char *in, unsigned char *out)
+ {
+ int n1, n2;
+ unsigned char ch;
+
+ for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
+ { /* first byte */
+ if ((in[n1] >= '0') && (in[n1] <= '9'))
+ ch = in[n1++] - '0';
+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+ ch = in[n1++] - 'A' + 10;
+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+ ch = in[n1++] - 'a' + 10;
+ else
+ return -1;
+ if(!in[n1])
+ {
+ out[n2++]=ch;
+ break;
+ }
+ out[n2] = ch << 4;
+ /* second byte */
+ if ((in[n1] >= '0') && (in[n1] <= '9'))
+ ch = in[n1++] - '0';
+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+ ch = in[n1++] - 'A' + 10;
+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+ ch = in[n1++] - 'a' + 10;
+ else
+ return -1;
+ out[n2++] |= ch;
+ }
+ return n2;
+ }
+
+BIGNUM *hex2bn(const char *in)
+ {
+ BIGNUM *p=BN_new();
+
+ BN_hex2bn(&p,in);
+
+ return p;
+ }
+
+int bin2hex(const unsigned char *in,int len,char *out)
+ {
+ int n1, n2;
+ unsigned char ch;
+
+ for (n1=0,n2=0 ; n1 < len ; ++n1)
+ {
+ ch=in[n1] >> 4;
+ if (ch <= 0x09)
+ out[n2++]=ch+'0';
+ else
+ out[n2++]=ch-10+'a';
+ ch=in[n1] & 0x0f;
+ if(ch <= 0x09)
+ out[n2++]=ch+'0';
+ else
+ out[n2++]=ch-10+'a';
+ }
+ out[n2]='\0';
+ return n2;
+ }
+
+void pv(const char *tag,const unsigned char *val,int len)
+ {
+ char obuf[2048];
+
+ bin2hex(val,len,obuf);
+ printf("%s = %s\n",tag,obuf);
+ }
+
+void pbn(const char *tag,const BIGNUM *val)
+ {
+ printf("%s = %s\n",tag,BN_bn2hex(val));
+ }
+
+void primes()
+ {
+ char buf[10240];
+
+ while(fgets(buf,sizeof buf,stdin) != NULL)
+ {
+ fputs(buf,stdout);
+ if(!strncmp(buf,"Prime= ",7))
+ {
+ BIGNUM *pp;
+
+ pp=BN_new();
+ BN_hex2bn(&pp,buf+7);
+ printf("result= %c\n",
+ BN_is_prime(pp,20,NULL,NULL,NULL) ? 'P' : 'F');
+ }
+ }
+ }
+
+void pqg()
+ {
+ char buf[1024];
+ int nmod=0;
+
+ while(fgets(buf,sizeof buf,stdin) != NULL)
+ {
+ if(!strncmp(buf,"[mod = ",7))
+ nmod=atoi(buf+7);
+ else if(!strncmp(buf,"N = ",4))
+ {
+ int n=atoi(buf+4);
+
+ printf("[mod = %d]\n\n",nmod);
+
+ while(n--)
+ {
+ unsigned char seed[20];
+ DSA *dsa;
+ int counter;
+ unsigned long h;
+
+ dsa=DSA_generate_parameters(nmod,seed,0,&counter,&h,NULL,NULL);
+ printf("P = %s\n",BN_bn2hex(dsa->p));
+ printf("Q = %s\n",BN_bn2hex(dsa->q));
+ printf("G = %s\n",BN_bn2hex(dsa->g));
+ pv("Seed",seed,20);
+ printf("c = %d\n",counter);
+ printf("H = %lx\n",h);
+ putc('\n',stdout);
+ }
+ }
+ else
+ fputs(buf,stdout);
+ }
+ }
+
+void keypair()
+ {
+ char buf[1024];
+ int nmod=0;
+
+ while(fgets(buf,sizeof buf,stdin) != NULL)
+ {
+ if(!strncmp(buf,"[mod = ",7))
+ nmod=atoi(buf+7);
+ else if(!strncmp(buf,"N = ",4))
+ {
+ DSA *dsa;
+ int n=atoi(buf+4);
+
+ printf("[mod = %d]\n\n",nmod);
+
+ dsa=DSA_generate_parameters(nmod,NULL,0,NULL,NULL,NULL,NULL);
+ pbn("P",dsa->p);
+ pbn("Q",dsa->q);
+ pbn("G",dsa->g);
+ putc('\n',stdout);
+
+ while(n--)
+ {
+ DSA_generate_key(dsa);
+
+ pbn("X",dsa->priv_key);
+ pbn("Y",dsa->pub_key);
+ putc('\n',stdout);
+ }
+ }
+ }
+ }
+
+void siggen()
+ {
+ char buf[1024];
+ int nmod=0;
+ DSA *dsa=NULL;
+
+ while(fgets(buf,sizeof buf,stdin) != NULL)
+ {
+ if(!strncmp(buf,"[mod = ",7))
+ {
+ nmod=atoi(buf+7);
+ printf("[mod = %d]\n\n",nmod);
+
+ dsa=DSA_generate_parameters(nmod,NULL,0,NULL,NULL,NULL,NULL);
+ pbn("P",dsa->p);
+ pbn("Q",dsa->q);
+ pbn("G",dsa->g);
+ putc('\n',stdout);
+ }
+ else if(!strncmp(buf,"Msg = ",6))
+ {
+ unsigned char msg[1024];
+ unsigned char hash[20];
+ int n;
+ DSA_SIG *sig;
+
+ n=hex2bin(buf+6,msg);
+ pv("Msg",msg,n);
+
+ DSA_generate_key(dsa);
+ pbn("Y",dsa->pub_key);
+
+ SHA1(msg,n,hash);
+ sig=DSA_do_sign(hash,sizeof hash,dsa);
+ pbn("R",sig->r);
+ pbn("S",sig->s);
+ putc('\n',stdout);
+ }
+ }
+ }
+
+void sigver()
+ {
+ DSA *dsa=NULL;
+ char buf[1024];
+ int nmod=0;
+ unsigned char hash[20];
+ DSA_SIG *sig=DSA_SIG_new();
+
+ while(fgets(buf,sizeof buf,stdin) != NULL)
+ {
+ if(!strncmp(buf,"[mod = ",7))
+ {
+ nmod=atoi(buf+7);
+ if(dsa)
+ DSA_free(dsa);
+ dsa=DSA_new();
+ }
+ else if(!strncmp(buf,"P = ",4))
+ dsa->p=hex2bn(buf+4);
+ else if(!strncmp(buf,"Q = ",4))
+ dsa->q=hex2bn(buf+4);
+ else if(!strncmp(buf,"G = ",4))
+ {
+ dsa->g=hex2bn(buf+4);
+
+ printf("[mod = %d]\n\n",nmod);
+ pbn("P",dsa->p);
+ pbn("Q",dsa->q);
+ pbn("G",dsa->g);
+ putc('\n',stdout);
+ }
+ else if(!strncmp(buf,"Msg = ",6))
+ {
+ unsigned char msg[1024];
+ int n;
+
+ n=hex2bin(buf+6,msg);
+ pv("Msg",msg,n);
+ SHA1(msg,n,hash);
+ }
+ else if(!strncmp(buf,"Y = ",4))
+ dsa->pub_key=hex2bn(buf+4);
+ else if(!strncmp(buf,"R = ",4))
+ sig->r=hex2bn(buf+4);
+ else if(!strncmp(buf,"S = ",4))
+ {
+ sig->s=hex2bn(buf+4);
+
+ pbn("Y",dsa->pub_key);
+ pbn("R",sig->r);
+ pbn("S",sig->s);
+ printf("Result = %c\n",DSA_do_verify(hash,sizeof hash,sig,dsa)
+ ? 'P' : 'F');
+ putc('\n',stdout);
+ }
+ }
+ }
+
+int main(int argc,char **argv)
+ {
+ if(argc != 2)
+ {
+ fprintf(stderr,"%s [prime|pqg]\n",argv[0]);
+ exit(1);
+ }
+ if(!FIPS_mode_set(1))
+ {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+ exit(1);
+ }
+ if(!strcmp(argv[1],"prime"))
+ primes();
+ else if(!strcmp(argv[1],"pqg"))
+ pqg();
+ else if(!strcmp(argv[1],"keypair"))
+ keypair();
+ else if(!strcmp(argv[1],"siggen"))
+ siggen();
+ else if(!strcmp(argv[1],"sigver"))
+ sigver();
+ else
+ {
+ fprintf(stderr,"Don't know how to %s.\n",argv[1]);
+ exit(1);
+ }
+
+ return 0;
+ }
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/fips-lib.com b/src/lib/libssl/src/fips-1.0/fips-lib.com
new file mode 100644
index 0000000000..539117b2ed
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/fips-lib.com
@@ -0,0 +1,1196 @@
+$!
+$! FIPS-LIB.COM
+$! Written By: Robert Byer
+$! Vice-President
+$! A-Com Computing, Inc.
+$! byer@mail.all-net.net
+$!
+$! Changes by Richard Levitte <richard@levitte.org>
+$!
+$! This command files compiles and creates the FIPS parts of the
+$! "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library for OpenSSL. The "xxx"
+$! denotes the machine architecture of AXP or VAX.
+$!
+$! It was re-written so it would try to determine what "C" compiler to use
+$! or you can specify which "C" compiler to use.
+$!
+$! Specify the following as P1 to build just that part or ALL to just
+$! build everything.
+$!
+$! LIBRARY To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
+$! APPS To just compile the [.xxx.EXE.CRYPTO]*.EXE
+$! ALL To do both LIBRARY and APPS
+$!
+$! Specify DEBUG or NODEBUG as P2 to compile with or without debugger
+$! information.
+$!
+$! Specify which compiler at P3 to try to compile under.
+$!
+$! VAXC For VAX C.
+$! DECC For DEC C.
+$! GNUC For GNU C.
+$!
+$! If you don't speficy a compiler, it will try to determine which
+$! "C" compiler to use.
+$!
+$! P4, if defined, sets a TCP/IP library to use, through one of the following
+$! keywords:
+$!
+$! UCX for UCX
+$! TCPIP for TCPIP (post UCX)
+$! SOCKETSHR for SOCKETSHR+NETLIB
+$!
+$! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$! P6, if defined, sets a choice of crypto methods to compile.
+$! WARNING: this should only be done to recompile some part of an already
+$! fully compiled library.
+$!
+$!
+$! Define A TCP/IP Library That We Will Need To Link To.
+$! (That Is, If We Need To Link To One.)
+$!
+$ TCPIP_LIB = ""
+$!
+$! Check Which Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").GE.128)
+$ THEN
+$!
+$! The Architecture Is AXP
+$!
+$ ARCH := AXP
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! The Architecture Is VAX.
+$!
+$ ARCH := VAX
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Define The Different Encryption Types.
+$!
+$ ENCRYPT_TYPES = "Basic,SHA,RAND,DES,AES,DSA,RSA,DH,HMAC"
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Initialise logical names and such
+$!
+$ GOSUB INITIALISE
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
+$! Define The OBJ Directory.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO]
+$!
+$! Check To See If The Architecture Specific OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$! It Dosen't Exist, So Create It.
+$!
+$ CREATE/DIR 'OBJ_DIR'
+$!
+$! End The Architecture Specific OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]
+$!
+$! Check To See If The Architecture Specific Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$! It Dosen't Exist, So Create It.
+$!
+$ CREATE/DIRECTORY 'EXE_DIR'
+$!
+$! End The Architecture Specific Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The Library Name.
+$!
+$ LIB_NAME := 'EXE_DIR'LIBCRYPTO.OLB
+$!
+$! Define The CRYPTO-LIB We Are To Use.
+$!
+$ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO.OLB
+$!
+$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library...
+$!
+$ IF (F$SEARCH(LIB_NAME).EQS."")
+$ THEN
+$!
+$! Guess Not, Create The Library.
+$!
+$ LIBRARY/CREATE/OBJECT 'LIB_NAME'
+$!
+$! End The Library Check.
+$!
+$ ENDIF
+$!
+$! Build our options file for the application
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Define The Different Encryption "library" Strings.
+$!
+$ LIB_ = "fips,fips_err_wrapper"
+$ LIB_SHA = "fips_sha1dgst,fips_sha1_selftest,fips_sha256,fips_sha512"
+$ LIB_RAND = "fips_rand,fips_rand_selftest"
+$ LIB_DES = "fips_des_enc,fips_des_selftest,fips_set_key"
+$ LIB_AES = "fips_aes_core,fips_aes_selftest"
+$ LIB_DSA = "fips_dsa_ossl,fips_dsa_gen,fips_dsa_selftest"
+$ LIB_RSA = "fips_rsa_eay,fips_rsa_gen,fips_rsa_selftest,fips_rsa_x931g"
+$ LIB_DH = "fips_dh_check,fips_dh_gen,fips_dh_key"
+$ LIB_HMAC = "fips_hmac,fips_hmac_selftest"
+$!
+$! Setup exceptional compilations
+$!
+$ ! Add definitions for no threads on OpenVMS 7.1 and higher
+$ COMPILEWITH_CC3 = ",bss_rtcp,"
+$ ! Disable the DOLLARID warning
+$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,"
+$ ! Disable disjoint optimization
+$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
+ "sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
+$ ! Disable the MIXLINKAGE warning
+$ COMPILEWITH_CC6 = ",fips_set_key,"
+$!
+$! Figure Out What Other Modules We Are To Build.
+$!
+$ BUILD_SET:
+$!
+$! Define A Module Counter.
+$!
+$ MODULE_COUNTER = 0
+$!
+$! Top Of The Loop.
+$!
+$ MODULE_NEXT:
+$!
+$! Extract The Module Name From The Encryption List.
+$!
+$ MODULE_NAME = F$ELEMENT(MODULE_COUNTER,",",ENCRYPT_TYPES)
+$ IF MODULE_NAME.EQS."Basic" THEN MODULE_NAME = ""
+$ MODULE_NAME1 = MODULE_NAME
+$!
+$! Check To See If We Are At The End Of The Module List.
+$!
+$ IF (MODULE_NAME.EQS.",")
+$ THEN
+$!
+$! We Are At The End Of The Module List, Go To MODULE_DONE.
+$!
+$ GOTO MODULE_DONE
+$!
+$! End The Module List Check.
+$!
+$ ENDIF
+$!
+$! Increment The Moudle Counter.
+$!
+$ MODULE_COUNTER = MODULE_COUNTER + 1
+$!
+$! Create The Library and Apps Module Names.
+$!
+$ LIB_MODULE = "LIB_" + MODULE_NAME
+$ APPS_MODULE = "APPS_" + MODULE_NAME
+$ IF (MODULE_NAME.EQS."ASN1_2")
+$ THEN
+$ MODULE_NAME = "ASN1"
+$ ENDIF
+$ IF (MODULE_NAME.EQS."EVP_2")
+$ THEN
+$ MODULE_NAME = "EVP"
+$ ENDIF
+$!
+$! Set state (can be LIB and APPS)
+$!
+$ STATE = "LIB"
+$ IF BUILDALL .EQS. "APPS" THEN STATE = "APPS"
+$!
+$! Check if the library module name actually is defined
+$!
+$ IF F$TYPE('LIB_MODULE') .EQS. ""
+$ THEN
+$ WRITE SYS$ERROR ""
+$ WRITE SYS$ERROR "The module ",MODULE_NAME," does not exist. Continuing..."
+$ WRITE SYS$ERROR ""
+$ GOTO MODULE_NEXT
+$ ENDIF
+$!
+$! Top Of The Module Loop.
+$!
+$ MODULE_AGAIN:
+$!
+$! Tell The User What Module We Are Building.
+$!
+$ IF (MODULE_NAME1.NES."")
+$ THEN
+$ IF STATE .EQS. "LIB"
+$ THEN
+$ WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Library Files. (",BUILDALL,",",STATE,")"
+$ ELSE IF F$TYPE('APPS_MODULE') .NES. ""
+$ THEN
+$ WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Applications. (",BUILDALL,",",STATE,")"
+$ ENDIF
+$ ENDIF
+$ ENDIF
+$!
+$! Define A File Counter And Set It To "0".
+$!
+$ FILE_COUNTER = 0
+$ APPLICATION = ""
+$ APPLICATION_COUNTER = 0
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! Look in the LIB_MODULE is we're in state LIB
+$!
+$ IF STATE .EQS. "LIB"
+$ THEN
+$!
+$! O.K, Extract The File Name From The File List.
+$!
+$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_MODULE')
+$!
+$! else
+$!
+$ ELSE
+$ FILE_NAME = ","
+$!
+$ IF F$TYPE('APPS_MODULE') .NES. ""
+$ THEN
+$!
+$! Extract The File Name From The File List.
+$! This part is a bit more complicated.
+$!
+$ IF APPLICATION .EQS. ""
+$ THEN
+$ APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
+$ APPLICATION_COUNTER = APPLICATION_COUNTER + 1
+$ APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
+$ APPLICATION = F$ELEMENT(0,"/",APPLICATION)
+$ FILE_COUNTER = 0
+$ ENDIF
+$
+$! WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
+$! SHOW SYMBOL APPLICATION*
+$!
+$ IF APPLICATION .NES. ";"
+$ THEN
+$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",APPLICATION_OBJECTS)
+$ IF FILE_NAME .EQS. ","
+$ THEN
+$ APPLICATION = ""
+$ GOTO NEXT_FILE
+$ ENDIF
+$ ENDIF
+$ ENDIF
+$ ENDIF
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME.EQS.",")
+$ THEN
+$!
+$! We Are At The End Of The File List, Change State Or Goto FILE_DONE.
+$!
+$ IF STATE .EQS. "LIB" .AND. BUILDALL .NES. "LIBRARY"
+$ THEN
+$ STATE = "APPS"
+$ GOTO MODULE_AGAIN
+$ ELSE
+$ GOTO FILE_DONE
+$ ENDIF
+$!
+$! End The File List Check.
+$!
+$ ENDIF
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Create The Source File Name.
+$!
+$ TMP_FILE_NAME = F$ELEMENT(1,"]",FILE_NAME)
+$ IF TMP_FILE_NAME .EQS. "]" THEN TMP_FILE_NAME = FILE_NAME
+$ IF F$ELEMENT(0,".",TMP_FILE_NAME) .EQS. TMP_FILE_NAME THEN -
+ FILE_NAME = FILE_NAME + ".c"
+$ IF (MODULE_NAME.NES."")
+$ THEN
+$ SOURCE_FILE = "SYS$DISK:[." + MODULE_NAME+ "]" + FILE_NAME
+$ ELSE
+$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME
+$ ENDIF
+$ SOURCE_FILE = SOURCE_FILE - "]["
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + F$PARSE(FILE_NAME,,,"NAME","SYNTAX_ONLY") + ".OBJ"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Is Actually There.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$! Tell The User That The File Doesn't Exist.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Doesn't Exist."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Exit The Build.
+$!
+$ GOTO EXIT
+$!
+$! End The File Exist Check.
+$!
+$ ENDIF
+$!
+$! Tell The User We Are Compiling The File.
+$!
+$ IF (MODULE_NAME.EQS."")
+$ THEN
+$ WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File. (",BUILDALL,",",STATE,")"
+$ ENDIF
+$ IF (MODULE_NAME.NES."")
+$ THEN
+$ WRITE SYS$OUTPUT " ",FILE_NAME,""
+$ ENDIF
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ FILE_NAME0 = F$ELEMENT(0,".",FILE_NAME)
+$ IF FILE_NAME - ".mar" .NES. FILE_NAME
+$ THEN
+$ MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ELSE
+$ IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3
+$ THEN
+$ CC3/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ELSE
+$ IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4
+$ THEN
+$ CC4/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ELSE
+$ IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
+$ THEN
+$ CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ELSE
+$ IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6
+$ THEN
+$ CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ELSE
+$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ENDIF
+$ ENDIF
+$ ENDIF
+$ ENDIF
+$ ENDIF
+$ IF STATE .EQS. "LIB"
+$ THEN
+$!
+$! Add It To The Library.
+$!
+$ LIBRARY/REPLACE 'LIB_NAME' 'OBJECT_FILE'
+$!
+$! Time To Clean Up The Object File.
+$!
+$ DELETE 'OBJECT_FILE';*
+$ ENDIF
+$!
+$! Go Back And Do It Again.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This Library Part.
+$!
+$ FILE_DONE:
+$!
+$! Time To Build Some Applications
+$!
+$ IF F$TYPE('APPS_MODULE') .NES. "" .AND. BUILDALL .NES. "LIBRARY"
+$ THEN
+$ APPLICATION_COUNTER = 0
+$ NEXT_APPLICATION:
+$ APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
+$ IF APPLICATION .EQS. ";" THEN GOTO APPLICATION_DONE
+$
+$ APPLICATION_COUNTER = APPLICATION_COUNTER + 1
+$ APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
+$ APPLICATION = F$ELEMENT(0,"/",APPLICATION)
+$
+$! WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
+$! SHOW SYMBOL APPLICATION*
+$!
+$! Tell the user what happens
+$!
+$ WRITE SYS$OUTPUT " ",APPLICATION,".exe"
+$!
+$! Link The Program.
+$!
+$ ON ERROR THEN GOTO NEXT_APPLICATION
+$!
+$! Check To See If We Are To Link With A Specific TCP/IP Library.
+$!
+$ IF (TCPIP_LIB.NES."")
+$ THEN
+$!
+$! Link With A TCP/IP Library.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE -
+ 'OBJ_DIR''APPLICATION_OBJECTS', -
+ 'CRYPTO_LIB'/LIBRARY, -
+ 'TCPIP_LIB','OPT_FILE'/OPTION
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Don't Link With A TCP/IP Library.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE -
+ 'OBJ_DIR''APPLICATION_OBJECTS',-
+ 'CRYPTO_LIB'/LIBRARY, -
+ 'OPT_FILE'/OPTION
+$!
+$! End The TCP/IP Library Check.
+$!
+$ ENDIF
+$ GOTO NEXT_APPLICATION
+$ APPLICATION_DONE:
+$ ENDIF
+$!
+$! Go Back And Get The Next Module.
+$!
+$ GOTO MODULE_NEXT
+$!
+$! All Done With This Module.
+$!
+$ MODULE_DONE:
+$!
+$! Tell The User That We Are All Done.
+$!
+$ WRITE SYS$OUTPUT "All Done..."
+$ EXIT:
+$ GOSUB CLEANUP
+$ EXIT
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$! Check To See If We Already Have A VAX C Linker Option File.
+$!
+$ IF (F$SEARCH(OPT_FILE).EQS."")
+$ THEN
+$!
+$! We Need A VAX C Linker Option File.
+$!
+$ CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$! End The Option File Check.
+$!
+$ ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$! Check To See If We Already Have A GNU C Linker Option File.
+$!
+$ IF (F$SEARCH(OPT_FILE).EQS."")
+$ THEN
+$!
+$! We Need A GNU C Linker Option File.
+$!
+$ CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$! End The Option File Check.
+$!
+$ ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$! Check To See If We Already Have A DEC C Linker Option File.
+$!
+$ IF (F$SEARCH(OPT_FILE).EQS."")
+$ THEN
+$!
+$! Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$!
+$! We Need A DEC C Linker Option File For VAX.
+$!
+$ CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Create The AXP Linker Option File.
+$!
+$ CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For AXP To Link Agianst
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$! End The VAX/AXP DEC C Option File Check.
+$!
+$ ENDIF
+$!
+$! End The Option File Search.
+$!
+$ ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If P1 Is Blank.
+$!
+$ IF (P1.EQS."ALL")
+$ THEN
+$!
+$! P1 Is Blank, So Build Everything.
+$!
+$ BUILDALL = "TRUE"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Else, Check To See If P1 Has A Valid Arguement.
+$!
+$ IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS")
+$ THEN
+$!
+$! A Valid Arguement.
+$!
+$ BUILDALL = P1
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Tell The User We Don't Know What They Want.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " ALL : Just Build Everything."
+$ WRITE SYS$OUTPUT " LIBRARY : To Compile Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
+$ WRITE SYS$OUTPUT " APPS : To Compile Just The [.xxx.EXE.CRYPTO]*.EXE Programs."
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " AXP : Alpha Architecture."
+$ WRITE SYS$OUTPUT " VAX : VAX Architecture."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P2 Is Blank.
+$!
+$ IF (P2.EQS."NODEBUG")
+$ THEN
+$!
+$! P2 Is NODEBUG, So Compile Without The Debugger Information.
+$!
+$ DEBUGGER = "NODEBUG"
+$ TRACEBACK = "NOTRACEBACK"
+$ GCC_OPTIMIZE = "OPTIMIZE"
+$ CC_OPTIMIZE = "OPTIMIZE"
+$ MACRO_OPTIMIZE = "OPTIMIZE"
+$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$ ELSE
+$!
+$! Check To See If We Are To Compile With Debugger Information.
+$!
+$ IF (P2.EQS."DEBUG")
+$ THEN
+$!
+$! Compile With Debugger Information.
+$!
+$ DEBUGGER = "DEBUG"
+$ TRACEBACK = "TRACEBACK"
+$ GCC_OPTIMIZE = "NOOPTIMIZE"
+$ CC_OPTIMIZE = "NOOPTIMIZE"
+$ MACRO_OPTIMIZE = "NOOPTIMIZE"
+$ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$ ELSE
+$!
+$! They Entered An Invalid Option..
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information."
+$ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later
+$!
+$! Written By: Richard Levitte
+$! richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P5.
+$!
+$ IF (P5.EQS."")
+$ THEN
+$!
+$! Get The Version Of VMS We Are Using.
+$!
+$ ISSEVEN :=
+$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$ TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$! Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$ IF (TMP.GE.71)
+$ THEN
+$!
+$! We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$ ISSEVEN := ,PTHREAD_USE_D4
+$!
+$! End The VMS Version Check.
+$!
+$ ENDIF
+$!
+$! End The P5 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P3 Is Blank.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$! O.K., The User Didn't Specify A Compiler, Let's Try To
+$! Find Out Which One To Use.
+$!
+$! Check To See If We Have GNU C.
+$!
+$ IF (F$TRNLNM("GNU_CC").NES."")
+$ THEN
+$!
+$! Looks Like GNUC, Set To Use GNUC.
+$!
+$ P3 = "GNUC"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Check To See If We Have VAXC Or DECC.
+$!
+$ IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$ THEN
+$!
+$! Looks Like DECC, Set To Use DECC.
+$!
+$ P3 = "DECC"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Looks Like VAXC, Set To Use VAXC.
+$!
+$ P3 = "VAXC"
+$!
+$! End The VAXC Compiler Check.
+$!
+$ ENDIF
+$!
+$! End The DECC & VAXC Compiler Check.
+$!
+$ ENDIF
+$!
+$! End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$! Find out what socket library we have available
+$!
+$ IF F$PARSE("SOCKETSHR:") .NES. ""
+$ THEN
+$!
+$! We have SOCKETSHR, and it is my opinion that it's the best to use.
+$!
+$ P4 = "SOCKETSHR"
+$!
+$! Tell the user
+$!
+$ WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
+$!
+$! Else, let's look for something else
+$!
+$ ELSE
+$!
+$! Like UCX (the reason to do this before Multinet is that the UCX
+$! emulation is easier to use...)
+$!
+$ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
+ .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
+ .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
+$ THEN
+$!
+$! Last resort: a UCX or UCX-compatible library
+$!
+$ P4 = "UCX"
+$!
+$! Tell the user
+$!
+$ WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
+$!
+$! That was all...
+$!
+$ ENDIF
+$ ENDIF
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+ CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
+$!
+$! Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
+$ THEN
+$!
+$! Check To See If The User Wanted DECC.
+$!
+$ IF (P3.EQS."DECC")
+$ THEN
+$!
+$! Looks Like DECC, Set To Use DECC.
+$!
+$ COMPILER = "DECC"
+$!
+$! Tell The User We Are Using DECC.
+$!
+$ WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$! Use DECC...
+$!
+$ CC = "CC"
+$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+ THEN CC = "CC/DECC"
+$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+ "/NOLIST/PREFIX=ALL" + -
+ "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + -
+ CCEXTRAFLAGS
+$!
+$! Define The Linker Options File Name.
+$!
+$ OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$!
+$! End DECC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Are To Use VAXC.
+$!
+$ IF (P3.EQS."VAXC")
+$ THEN
+$!
+$! Looks Like VAXC, Set To Use VAXC.
+$!
+$ COMPILER = "VAXC"
+$!
+$! Tell The User We Are Using VAX C.
+$!
+$ WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$! Compile Using VAXC.
+$!
+$ CC = "CC"
+$ IF ARCH.EQS."AXP"
+$ THEN
+$ WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$ EXIT
+$ ENDIF
+$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+ "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + -
+ CCEXTRAFLAGS
+$ CCDEFS = """VAXC""," + CCDEFS
+$!
+$! Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$! Define The Linker Options File Name.
+$!
+$ OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$!
+$! End VAXC Check
+$!
+$ ENDIF
+$!
+$! Check To See If We Are To Use GNU C.
+$!
+$ IF (P3.EQS."GNUC")
+$ THEN
+$!
+$! Looks Like GNUC, Set To Use GNUC.
+$!
+$ COMPILER = "GNUC"
+$!
+$! Tell The User We Are Using GNUC.
+$!
+$ WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$! Use GNU C...
+$!
+$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+ "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + -
+ CCEXTRAFLAGS
+$!
+$! Define The Linker Options File Name.
+$!
+$ OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Set up default defines
+$!
+$ CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$! Finish up the definition of CC.
+$!
+$ IF COMPILER .EQS. "DECC"
+$ THEN
+$ IF CCDISABLEWARNINGS .EQS. ""
+$ THEN
+$ CC4DISABLEWARNINGS = "DOLLARID"
+$ CC6DISABLEWARNINGS = "MIXLINKAGE"
+$ ELSE
+$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$ CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE"
+$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$ ENDIF
+$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$ CC6DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
+$ ELSE
+$ CCDISABLEWARNINGS = ""
+$ CC4DISABLEWARNINGS = ""
+$ CC6DISABLEWARNINGS = ""
+$ ENDIF
+$ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
+$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$ IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG"
+$ THEN
+$ CC5 = CC + "/OPTIMIZE=NODISJOINT"
+$ ELSE
+$ CC5 = CC + "/NOOPTIMIZE"
+$ ENDIF
+$ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
+$ CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS
+$!
+$! Show user the result
+$!
+$ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
+$!
+$! Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$! Tell The User We Don't Know What They Want.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C."
+$ WRITE SYS$OUTPUT " DECC : To Compile With DEC C."
+$ WRITE SYS$OUTPUT " GNUC : To Compile With GNU C."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$!
+$! Build a MACRO command for the architecture at hand
+$!
+$ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'"
+$ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
+$!
+$! Show user the result
+$!
+$ WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
+$!
+$! Time to check the contents, and to make sure we get the correct library.
+$!
+$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" -
+ .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE"
+$ THEN
+$!
+$! Check to see if SOCKETSHR was chosen
+$!
+$ IF P4.EQS."SOCKETSHR"
+$ THEN
+$!
+$! Set the library to use SOCKETSHR
+$!
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$!
+$! Done with SOCKETSHR
+$!
+$ ENDIF
+$!
+$! Check to see if MULTINET was chosen
+$!
+$ IF P4.EQS."MULTINET"
+$ THEN
+$!
+$! Set the library to use UCX emulation.
+$!
+$ P4 = "UCX"
+$!
+$! Done with MULTINET
+$!
+$ ENDIF
+$!
+$! Check to see if UCX was chosen
+$!
+$ IF P4.EQS."UCX"
+$ THEN
+$!
+$! Set the library to use UCX.
+$!
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$ IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
+$ THEN
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$ ELSE
+$ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
+ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+$ ENDIF
+$!
+$! Done with UCX
+$!
+$ ENDIF
+$!
+$! Check to see if TCPIP was chosen
+$!
+$ IF P4.EQS."TCPIP"
+$ THEN
+$!
+$! Set the library to use TCPIP (post UCX).
+$!
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$!
+$! Done with TCPIP
+$!
+$ ENDIF
+$!
+$! Check to see if NONE was chosen
+$!
+$ IF P4.EQS."NONE"
+$ THEN
+$!
+$! Do not use a TCPIP library.
+$!
+$ TCPIP_LIB = ""
+$!
+$! Done with TCPIP
+$!
+$ ENDIF
+$!
+$! Print info
+$!
+$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$!
+$! Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$! Tell The User We Don't Know What They Want.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library."
+$ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library."
+$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP (post UCX) TCP/IP library."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$!
+$! Done with TCP/IP libraries
+$!
+$ ENDIF
+$!
+$! Check if the user wanted to compile just a subset of all the encryption
+$! methods.
+$!
+$ IF P6 .NES. ""
+$ THEN
+$ ENCRYPT_TYPES = P6
+$ ENDIF
+$!
+$! Time To RETURN...
+$!
+$ RETURN
+$!
+$ INITIALISE:
+$!
+$! Save old value of the logical name OPENSSL
+$!
+$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
+$!
+$! Save directory information
+$!
+$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __HERE = F$EDIT(__HERE,"UPCASE")
+$ __TOP = __HERE - "FIPS-1_0]"
+$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$!
+$! Set up the logical name OPENSSL to point at the include directory
+$!
+$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$!
+$! Done
+$!
+$ RETURN
+$!
+$ CLEANUP:
+$!
+$! Restore the logical name OPENSSL if it had a value
+$!
+$ IF __SAVE_OPENSSL .EQS. ""
+$ THEN
+$ DEASSIGN OPENSSL
+$ ELSE
+$ DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
+$ ENDIF
+$!
+$! Done
+$!
+$ RETURN
diff --git a/src/lib/libssl/src/fips-1.0/fips.c b/src/lib/libssl/src/fips-1.0/fips.c
new file mode 100644
index 0000000000..bb833bfa2c
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/fips.c
@@ -0,0 +1,313 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <openssl/fips.h>
+#include <openssl/rand.h>
+#include <openssl/fips_rand.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>
+#include <openssl/hmac.h>
+#include <string.h>
+#include <limits.h>
+#include "fips_locl.h"
+
+#ifdef OPENSSL_FIPS
+
+#ifndef PATH_MAX
+#define PATH_MAX 1024
+#endif
+
+static int fips_selftest_fail;
+static int fips_mode;
+static const void *fips_rand_check;
+
+static void fips_set_mode(int onoff)
+ {
+ int owning_thread = fips_is_owning_thread();
+
+ if (fips_is_started())
+ {
+ if (!owning_thread) fips_w_lock();
+ fips_mode = onoff;
+ if (!owning_thread) fips_w_unlock();
+ }
+ }
+
+static void fips_set_rand_check(const void *rand_check)
+ {
+ int owning_thread = fips_is_owning_thread();
+
+ if (fips_is_started())
+ {
+ if (!owning_thread) fips_w_lock();
+ fips_rand_check = rand_check;
+ if (!owning_thread) fips_w_unlock();
+ }
+ }
+
+int FIPS_mode(void)
+ {
+ int ret = 0;
+ int owning_thread = fips_is_owning_thread();
+
+ if (fips_is_started())
+ {
+ if (!owning_thread) fips_r_lock();
+ ret = fips_mode;
+ if (!owning_thread) fips_r_unlock();
+ }
+ return ret;
+ }
+
+const void *FIPS_rand_check(void)
+ {
+ const void *ret = 0;
+ int owning_thread = fips_is_owning_thread();
+
+ if (fips_is_started())
+ {
+ if (!owning_thread) fips_r_lock();
+ ret = fips_rand_check;
+ if (!owning_thread) fips_r_unlock();
+ }
+ return ret;
+ }
+
+int FIPS_selftest_failed(void)
+ {
+ int ret = 0;
+ if (fips_is_started())
+ {
+ int owning_thread = fips_is_owning_thread();
+
+ if (!owning_thread) fips_r_lock();
+ ret = fips_selftest_fail;
+ if (!owning_thread) fips_r_unlock();
+ }
+ return ret;
+ }
+
+int FIPS_selftest()
+ {
+ ERR_load_crypto_strings();
+
+ return FIPS_selftest_sha1()
+ && FIPS_selftest_hmac()
+ && FIPS_selftest_aes()
+ && FIPS_selftest_des()
+ && FIPS_selftest_rsa()
+ && FIPS_selftest_dsa();
+ }
+
+extern const void *FIPS_text_start(), *FIPS_text_end();
+extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
+unsigned char FIPS_signature [20] = { 0 };
+static const char FIPS_hmac_key[]="etaonrishdlcupfm";
+
+unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len)
+ {
+ const unsigned char *p1 = FIPS_text_start();
+ const unsigned char *p2 = FIPS_text_end();
+ const unsigned char *p3 = FIPS_rodata_start;
+ const unsigned char *p4 = FIPS_rodata_end;
+ HMAC_CTX c;
+
+ HMAC_CTX_init(&c);
+ HMAC_Init(&c,FIPS_hmac_key,strlen(FIPS_hmac_key),EVP_sha1());
+
+ /* detect overlapping regions */
+ if (p1<=p3 && p2>=p3)
+ p3=p1, p4=p2>p4?p2:p4, p1=NULL, p2=NULL;
+ else if (p3<=p1 && p4>=p1)
+ p3=p3, p4=p2>p4?p2:p4, p1=NULL, p2=NULL;
+
+ if (p1)
+ HMAC_Update(&c,p1,(size_t)p2-(size_t)p1);
+
+ if (FIPS_signature>=p3 && FIPS_signature<p4)
+ {
+ /* "punch" hole */
+ HMAC_Update(&c,p3,(size_t)FIPS_signature-(size_t)p3);
+ p3 = FIPS_signature+sizeof(FIPS_signature);
+ if (p3<p4)
+ HMAC_Update(&c,p3,(size_t)p4-(size_t)p3);
+ }
+ else
+ HMAC_Update(&c,p3,(size_t)p4-(size_t)p3);
+
+ HMAC_Final(&c,sig,&len);
+ HMAC_CTX_cleanup(&c);
+
+ return len;
+ }
+
+int FIPS_check_incore_fingerprint(void)
+ {
+ unsigned char sig[EVP_MAX_MD_SIZE];
+ unsigned int len;
+ extern int OPENSSL_NONPIC_relocated;
+
+ if (FIPS_text_start()==NULL)
+ {
+ FIPSerr(FIPS_F_FIPS_CHECK_FINGERPRINT,FIPS_R_UNSUPPORTED_PLATFORM);
+ return 0;
+ }
+
+ len=FIPS_incore_fingerprint (sig,sizeof(sig));
+
+ if (len!=sizeof(FIPS_signature) ||
+ memcmp(FIPS_signature,sig,sizeof(FIPS_signature)))
+ {
+ if (FIPS_signature>=FIPS_rodata_start && FIPS_signature<FIPS_rodata_end)
+ FIPSerr(FIPS_F_FIPS_CHECK_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING);
+ else if (OPENSSL_NONPIC_relocated)
+ FIPSerr(FIPS_F_FIPS_CHECK_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED);
+ else
+ FIPSerr(FIPS_F_FIPS_CHECK_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+ return 0;
+ }
+
+ return 1;
+ }
+
+int FIPS_mode_set(int onoff)
+ {
+ int fips_set_owning_thread();
+ int fips_clear_owning_thread();
+ int ret = 0;
+
+ fips_w_lock();
+ fips_set_started();
+ fips_set_owning_thread();
+
+ if(onoff)
+ {
+ unsigned char buf[24];
+
+ fips_selftest_fail = 0;
+
+ /* Don't go into FIPS mode twice, just so we can do automagic
+ seeding */
+ if(FIPS_mode())
+ {
+ FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET);
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+
+ if(fips_signature_witness() != FIPS_signature)
+ {
+ FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_CONTRADICTING_EVIDENCE);
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+
+ if(!FIPS_check_incore_fingerprint())
+ {
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+
+ /* Perform RNG KAT before seeding */
+ if (!FIPS_selftest_rng())
+ {
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+
+ /* automagically seed PRNG if not already seeded */
+ if(!FIPS_rand_seeded())
+ {
+ if(RAND_bytes(buf,sizeof buf) <= 0)
+ {
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+ FIPS_set_prng_key(buf,buf+8);
+ FIPS_rand_seed(buf+16,8);
+ }
+
+ /* now switch into FIPS mode */
+ fips_set_rand_check(FIPS_rand_method());
+ RAND_set_rand_method(FIPS_rand_method());
+ if(FIPS_selftest())
+ fips_set_mode(1);
+ else
+ {
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+ ret = 1;
+ goto end;
+ }
+ fips_set_mode(0);
+ fips_selftest_fail = 0;
+ ret = 1;
+end:
+ fips_clear_owning_thread();
+ fips_w_unlock();
+ return ret;
+ }
+
+#if 0
+/* here just to cause error codes to exist */
+static void dummy()
+ {
+ FIPSerr(FIPS_F_HASH_FINAL,FIPS_F_NON_FIPS_METHOD);
+ FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_FIPS_SELFTEST_FAILED);
+ }
+#endif
+
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/fips.h b/src/lib/libssl/src/fips-1.0/fips.h
new file mode 100644
index 0000000000..f67bb885c8
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/fips.h
@@ -0,0 +1,131 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_FIPS
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct dsa_st;
+
+int FIPS_mode_set(int onoff);
+int FIPS_mode(void);
+const void *FIPS_rand_check(void);
+int FIPS_selftest_failed(void);
+int FIPS_dsa_check(struct dsa_st *dsa);
+void FIPS_corrupt_sha1(void);
+int FIPS_selftest_sha1(void);
+void FIPS_corrupt_aes(void);
+int FIPS_selftest_aes(void);
+void FIPS_corrupt_des(void);
+int FIPS_selftest_des(void);
+void FIPS_corrupt_rsa(void);
+int FIPS_selftest_rsa(void);
+void FIPS_corrupt_dsa(void);
+int FIPS_selftest_dsa(void);
+void FIPS_corrupt_rng(void);
+int FIPS_selftest_rng(void);
+int FIPS_selftest_hmac(void);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_FIPS_strings(void);
+
+/* Error codes for the FIPS functions. */
+
+/* Function codes. */
+#define FIPS_F_DH_GENERATE_PARAMETERS 117
+#define FIPS_F_DSA_DO_SIGN 111
+#define FIPS_F_DSA_DO_VERIFY 112
+#define FIPS_F_DSA_GENERATE_PARAMETERS 110
+#define FIPS_F_FIPS_CHECK_DSA 116
+#define FIPS_F_FIPS_CHECK_EXE 106
+#define FIPS_F_FIPS_CHECK_FINGERPRINT 120
+#define FIPS_F_FIPS_CHECK_RSA 115
+#define FIPS_F_FIPS_DSA_CHECK 102
+#define FIPS_F_FIPS_MODE_SET 105
+#define FIPS_F_FIPS_SELFTEST_AES 104
+#define FIPS_F_FIPS_SELFTEST_DES 107
+#define FIPS_F_FIPS_SELFTEST_DSA 109
+#define FIPS_F_FIPS_SELFTEST_RNG 118
+#define FIPS_F_FIPS_SELFTEST_RSA 108
+#define FIPS_F_FIPS_SELFTEST_SHA 103
+#define FIPS_F_HASH_FINAL 100
+#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 114
+#define FIPS_F_RSA_GENERATE_KEY 113
+#define FIPS_F_RSA_X931_GENERATE_KEY 119
+#define FIPS_F_SSLEAY_RAND_BYTES 101
+#define FIPS_F_FIPS_CHECK_DSO 120
+
+/* Reason codes. */
+#define FIPS_R_CANNOT_READ_EXE 103
+#define FIPS_R_CANNOT_READ_EXE_DIGEST 104
+#define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH 105
+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 110
+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111
+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112
+#define FIPS_R_FIPS_MODE_ALREADY_SET 102
+#define FIPS_R_FIPS_SELFTEST_FAILED 106
+#define FIPS_R_INVALID_KEY_LENGTH 109
+#define FIPS_R_KEY_TOO_SHORT 108
+#define FIPS_R_NON_FIPS_METHOD 100
+#define FIPS_R_PAIRWISE_TEST_FAILED 107
+#define FIPS_R_SELFTEST_FAILED 101
+#define FIPS_R_UNSUPPORTED_PLATFORM 113
+#define FIPS_R_CONTRADICTING_EVIDENCE 114
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/fips_canister.c b/src/lib/libssl/src/fips-1.0/fips_canister.c
new file mode 100644
index 0000000000..7dec62bb64
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/fips_canister.c
@@ -0,0 +1,171 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
+ * and usage in source and binary forms are granted according to the
+ * OpenSSL license.
+ */
+
+#include <stdio.h>
+#if defined(__DECC)
+# include <c_asm.h>
+# pragma __nostandard
+#endif
+
+#include "e_os.h"
+
+#if !defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
+# if (defined(__sun) && (defined(__sparc) || defined(__sparcv9))) || \
+ (defined(__sgi) && (defined(__mips) || defined(mips))) || \
+ (defined(__osf__) && defined(__alpha)) || \
+ (defined(__linux) && (defined(__arm) || defined(__arm__))) || \
+ (defined(__i386) || defined(__i386__)) || \
+ (defined(__x86_64) || defined(__x86_64__)) || \
+ (defined(vax) || defined(__vax__))
+# define POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION
+# endif
+#endif
+
+#ifdef FIPS_START
+#define FIPS_ref_point FIPS_text_start
+/* Some compilers put string literals into a separate segment. As we
+ * are mostly interested to hash AES tables in .rodata, we declare
+ * reference points accordingly. In case you wonder, the values are
+ * big-endian encoded variable names, just to prevent these arrays
+ * from being merged by linker. */
+const unsigned int FIPS_rodata_start[]=
+ { 0x46495053, 0x5f726f64, 0x6174615f, 0x73746172 };
+#else
+#define FIPS_ref_point FIPS_text_end
+const unsigned int FIPS_rodata_end[]=
+ { 0x46495053, 0x5f726f64, 0x6174615f, 0x656e645b };
+#endif
+
+/*
+ * I declare reference function as static in order to avoid certain
+ * pitfalls in -dynamic linker behaviour...
+ */
+static void *instruction_pointer(void)
+{ void *ret=NULL;
+/* These are ABI-neutral CPU-specific snippets. ABI-neutrality means
+ * that they are designed to work under any OS running on particular
+ * CPU, which is why you don't find any #ifdef THIS_OR_THAT_OS in
+ * this function. */
+#if defined(INSTRUCTION_POINTER_IMPLEMENTED)
+ INSTRUCTION_POINTER_IMPLEMENTED(ret);
+#elif defined(__GNUC__) && __GNUC__>=2
+# if defined(__alpha) || defined(__alpha__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "br %0,1f\n1:" : "=r"(ret) );
+# elif defined(__i386) || defined(__i386__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "call 1f\n1: popl %0" : "=r"(ret) );
+ ret = (void *)((size_t)ret&~3UL); /* align for better performance */
+# elif defined(__ia64) || defined(__ia64__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "mov %0=ip" : "=r"(ret) );
+# elif defined(__hppa) || defined(__hppa__) || defined(__pa_risc)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "blr %%r0,%0\n\tnop" : "=r"(ret) );
+ ret = (void *)((size_t)ret&~3UL); /* mask privilege level */
+# elif defined(__mips) || defined(__mips__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ __asm __volatile ( "move %1,$31\n\t" /* save ra */
+ "bal .+8; nop\n\t"
+ "move %0,$31\n\t"
+ "move $31,%1" /* restore ra */
+ : "=r"(ret),"=r"(scratch) );
+# elif defined(__ppc__) || defined(__powerpc) || defined(__powerpc__) || \
+ defined(__POWERPC__) || defined(_POWER) || defined(__PPC__) || \
+ defined(__PPC64__) || defined(__powerpc64__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ __asm __volatile ( "mfspr %1,8\n\t" /* save lr */
+ "bl .+4\n\t"
+ "mfspr %0,8\n\t" /* mflr ret */
+ "mtspr 8,%1" /* restore lr */
+ : "=r"(ret),"=r"(scratch) );
+# elif defined(__sparc) || defined(__sparc__) || defined(__sparcv9)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ __asm __volatile ( "mov %%o7,%1\n\t"
+ "call .+8; nop\n\t"
+ "mov %%o7,%0\n\t"
+ "mov %1,%%o7"
+ : "=r"(ret),"=r"(scratch) );
+# elif defined(__x86_64) || defined(__x86_64__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "leaq 0(%%rip),%0" : "=r"(ret) );
+ ret = (void *)((size_t)ret&~3UL); /* align for better performance */
+# endif
+#elif defined(__DECC) && defined(__alpha)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ ret = (void *)(size_t)asm("br %v0,1f\n1:");
+#elif defined(_MSC_VER) && defined(_M_IX86)
+# undef INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ _asm {
+ call self
+ self: pop eax
+ mov scratch,eax
+ }
+ ret = (void *)((size_t)scratch&~3UL);
+#endif
+ return ret;
+}
+
+/*
+ * This function returns pointer to an instruction in the vicinity of
+ * its entry point, but not outside this object module. This guarantees
+ * that sequestered code is covered...
+ */
+void *FIPS_ref_point()
+{
+#if defined(INSTRUCTION_POINTER_IMPLEMENTED)
+ return instruction_pointer();
+/* Below we essentially cover vendor compilers which do not support
+ * inline assembler... */
+#elif defined(_AIX)
+ struct { void *ip,*gp,*env; } *p = (void *)instruction_pointer;
+ return p->ip;
+#elif defined(_HPUX_SOURCE)
+# if defined(__hppa) || defined(__hppa__)
+ struct { void *i[4]; } *p = (void *)FIPS_ref_point;
+
+ if (sizeof(p) == 8) /* 64-bit */
+ return p->i[2];
+ else if ((size_t)p & 2)
+ { p = (void *)((size_t)p&~3UL);
+ return p->i[0];
+ }
+ else
+ return (void *)p;
+# elif defined(__ia64) || defined(__ia64__)
+ struct { unsigned long long ip,gp; } *p=(void *)instruction_pointer;
+ return (void *)(size_t)p->ip;
+# endif
+#elif (defined(__VMS) || defined(VMS)) && !(defined(vax) || defined(__vax__))
+ /* applies to both alpha and ia64 */
+ struct { unsigned __int64 opaque,ip; } *p=(void *)instruction_pointer;
+ return (void *)(size_t)p->ip;
+#elif defined(__VOS__)
+ /* applies to both pa-risc and ia32 */
+ struct { void *dp,*ip,*gp; } *p = (void *)instruction_pointer;
+ return p->ip;
+#elif defined(_WIN32)
+# if defined(_WIN64) && defined(_M_IA64)
+ struct { void *ip,*gp; } *p = (void *)FIPS_ref_point;
+ return p->ip;
+# else
+ return (void *)FIPS_ref_point;
+# endif
+/*
+ * In case you wonder why there is no #ifdef __linux. All Linux targets
+ * are GCC-based and therefore are covered by instruction_pointer above
+ * [well, some are covered by by the one below]...
+ */
+#elif defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
+ return (void *)instruction_pointer;
+#else
+ return NULL;
+#endif
+}
diff --git a/src/lib/libssl/src/fips-1.0/fips_err.h b/src/lib/libssl/src/fips-1.0/fips_err.h
new file mode 100644
index 0000000000..c57aebf8a3
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/fips_err.h
@@ -0,0 +1,133 @@
+/* fips/fips_err.h */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_FIPS,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_FIPS,0,reason)
+
+static ERR_STRING_DATA FIPS_str_functs[]=
+ {
+{ERR_FUNC(FIPS_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"},
+{ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"},
+{ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"},
+{ERR_FUNC(FIPS_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "FIPS_CHECK_DSA"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_EXE), "FIPS_CHECK_EXE"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_FINGERPRINT), "FIPS_CHECK_FINGERPRINT"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "FIPS_CHECK_RSA"},
+{ERR_FUNC(FIPS_F_FIPS_DSA_CHECK), "FIPS_dsa_check"},
+{ERR_FUNC(FIPS_F_FIPS_MODE_SET), "FIPS_mode_set"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES), "FIPS_selftest_aes"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES), "FIPS_selftest_des"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_RNG), "FIPS_selftest_rng"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_RSA), "FIPS_selftest_rsa"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA), "FIPS_SELFTEST_SHA"},
+{ERR_FUNC(FIPS_F_HASH_FINAL), "HASH_FINAL"},
+{ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
+{ERR_FUNC(FIPS_F_RSA_GENERATE_KEY), "RSA_generate_key"},
+{ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY), "RSA_X931_generate_key"},
+{ERR_FUNC(FIPS_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_DSO), "FIPS_check_dso"},
+{0,NULL}
+ };
+
+static ERR_STRING_DATA FIPS_str_reasons[]=
+ {
+{ERR_REASON(FIPS_R_CANNOT_READ_EXE) ,"cannot access executable object"},
+{ERR_REASON(FIPS_R_CANNOT_READ_EXE_DIGEST),"cannot access detached digest"},
+{ERR_REASON(FIPS_R_EXE_DIGEST_DOES_NOT_MATCH),"detached digest verification failed"},
+{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH),"fingerprint does not match"},
+{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED),"fingerprint does not match, possibly because non-PIC was relocated"},
+{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING),"fingerprint does not match, invalid segment aliasing"},
+{ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET),"fips mode already set"},
+{ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED) ,"fips selftest failed"},
+{ERR_REASON(FIPS_R_INVALID_KEY_LENGTH) ,"invalid key length"},
+{ERR_REASON(FIPS_R_KEY_TOO_SHORT) ,"key too short"},
+{ERR_REASON(FIPS_R_NON_FIPS_METHOD) ,"non fips method"},
+{ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"},
+{ERR_REASON(FIPS_R_SELFTEST_FAILED) ,"selftest failed"},
+{ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM) ,"unsupported platform"},
+{ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"duplicate code detected, check your linking procedure"},
+{0,NULL}
+ };
+
+#endif
+
+void ERR_load_FIPS_strings(void)
+ {
+ static int init;
+
+ if (!init)
+ {
+ init=1;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(0,FIPS_str_functs);
+ ERR_load_strings(0,FIPS_str_reasons);
+#endif
+
+ }
+ }
diff --git a/src/lib/libssl/src/fips-1.0/fips_err_wrapper.c b/src/lib/libssl/src/fips-1.0/fips_err_wrapper.c
new file mode 100644
index 0000000000..09f11748f6
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/fips_err_wrapper.c
@@ -0,0 +1,7 @@
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_FIPS
+# include "fips_err.h"
+#else
+static void *dummy=&dummy;
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/fips_locl.h b/src/lib/libssl/src/fips-1.0/fips_locl.h
new file mode 100644
index 0000000000..bbddfaab82
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/fips_locl.h
@@ -0,0 +1,71 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef OPENSSL_FIPS
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* These are trampolines implemented in crypto/cryptlib.c */
+void fips_w_lock(void);
+void fips_w_unlock(void);
+void fips_r_lock(void);
+void fips_r_unlock(void);
+int fips_is_started(void);
+void fips_set_started(void);
+int fips_is_owning_thread(void);
+int fips_set_owning_thread(void);
+int fips_clear_owning_thread(void);
+unsigned char *fips_signature_witness(void);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/fips_premain.c b/src/lib/libssl/src/fips-1.0/fips_premain.c
new file mode 100644
index 0000000000..6a75d909eb
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/fips_premain.c
@@ -0,0 +1,171 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
+ * and usage in source and binary forms are granted according to the
+ * OpenSSL license.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#if defined(__unix) || defined(__unix__)
+#include <unistd.h>
+#endif
+
+#ifndef FINGERPRINT_PREMAIN_DSO_LOAD
+
+#if defined(__GNUC__) && __GNUC__>=2
+ void FINGERPRINT_premain(void) __attribute__((constructor));
+ /* Most commonly this results in pointer to premain to be dropped
+ * to .ctors segment, which is traversed by GCC crtbegin.o upon
+ * program startup. Except on a.out OpenBSD where it results in
+ * _GLOBAL_$I$premain() {premain();} being auto-generated by
+ * compiler... But one way or another this is believed to cover
+ * *all* GCC targets. */
+#elif defined(_MSC_VER)
+# ifdef _WINDLL
+ __declspec(dllexport) /* this is essentially cosmetics... */
+# endif
+ void FINGERPRINT_premain(void);
+ static int premain_wrapper(void) { FINGERPRINT_premain(); return 0; }
+# pragma data_seg(".CRT$XCU")
+ static int (*p)(void) = premain_wrapper;
+ /* This results in pointer to premain to appear in .CRT segment,
+ * which is traversed by Visual C run-time initialization code.
+ * This applies to both Win32 and [all flavors of] Win64. */
+# pragma data_seg()
+#elif defined(__SUNPRO_C)
+ void FINGERPRINT_premain(void);
+# pragma init(FINGERPRINT_premain)
+ /* This results in a call to premain to appear in .init segment. */
+#elif defined(__DECC) && (defined(__VMS) || defined(VMS))
+ void FINGERPRINT_premain(void);
+# pragma __nostandard
+ globaldef { "LIB$INITIALIZ" } readonly _align (LONGWORD)
+ int spare[8] = {0};
+ globaldef { "LIB$INITIALIZE" } readonly _align (LONGWORD)
+ void (*x_FINGERPRINT_premain)(void) = FINGERPRINT_premain;
+ /* Refer to LIB$INITIALIZE to ensure it exists in the image. */
+ int lib$initialize();
+ globaldef int (*lib_init_ref)() = lib$initialize;
+# pragma __standard
+#elif 0
+ The rest has to be taken care of through command line:
+
+ -Wl,-init,FINGERPRINT_premain on OSF1 and IRIX
+ -Wl,+init,FINGERPRINT_premain on HP-UX
+ -Wl,-binitfini:FINGERPRINT_premain on AIX
+
+ On ELF platforms this results in a call to premain to appear in
+ .init segment...
+#endif
+
+#ifndef HMAC_SHA1_SIG
+#define HMAC_SHA1_SIG "?have to make sure this string is unique"
+#endif
+
+static const unsigned char FINGERPRINT_ascii_value[40] = HMAC_SHA1_SIG;
+
+#define atox(c) ((c)>='a'?((c)-'a'+10):((c)>='A'?(c)-'A'+10:(c)-'0'))
+
+extern const void *FIPS_text_start(), *FIPS_text_end();
+extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
+extern unsigned char FIPS_signature[20];
+extern unsigned int FIPS_incore_fingerprint(unsigned char *,unsigned int);
+
+/*
+ * As name suggests this code is executed prior main(). We use this
+ * opportunity to fingerprint sequestered code in virtual address
+ * space of target application.
+ */
+void FINGERPRINT_premain(void)
+{ unsigned char sig[sizeof(FIPS_signature)];
+ const unsigned char *p=FINGERPRINT_ascii_value;
+ unsigned int len=sizeof(sig),i;
+
+ /* "volatilization" is done to disengage unwanted optimization... */
+ if (*((volatile unsigned char *)p)=='?')
+ { if (FIPS_text_start()==NULL)
+ { fprintf(stderr,"FIPS_text_start() returns NULL\n");
+ _exit(1);
+ }
+#if defined(DEBUG_FINGERPRINT_PREMAIN)
+ fprintf(stderr,".text:%p+%d=%p\n",FIPS_text_start(),
+ (int)((size_t)FIPS_text_end()-(size_t)FIPS_text_start()),
+ FIPS_text_end());
+ fprintf(stderr,".rodata:%p+%d=%p\n",FIPS_rodata_start,
+ (int)((size_t)FIPS_rodata_end-(size_t)FIPS_rodata_start),
+ FIPS_rodata_end);
+#endif
+
+ len=FIPS_incore_fingerprint(sig,sizeof(sig));
+
+ if (len!=sizeof(sig))
+ { fprintf(stderr,"fingerprint length mismatch: %u\n",len);
+ _exit(1);
+ }
+
+ for (i=0;i<len;i++) printf("%02x",sig[i]);
+ printf("\n");
+ fflush(stdout);
+ _exit(0);
+ }
+ else if (FIPS_signature[0]=='\0') do
+ { for (i=0;i<sizeof(FIPS_signature);i++,p+=2)
+ FIPS_signature[i] = (atox(p[0])<<4)|atox(p[1]);
+
+#if defined(DEBUG_FINGERPRINT_PREMAIN)
+ if (getenv("OPENSSL_FIPS")==NULL) break;
+
+ len=FIPS_incore_fingerprint(sig,sizeof(sig));
+
+ if (memcmp(FIPS_signature,sig,sizeof(FIPS_signature)))
+ { fprintf(stderr,"FINGERPRINT_premain: FIPS_signature mismatch\n");
+ _exit(1);
+ }
+#endif
+ } while(0);
+}
+
+#else
+
+#include <openssl/bio.h>
+#include <openssl/dso.h>
+#include <openssl/err.h>
+
+int main(int argc,char *argv[])
+{ DSO *dso;
+ DSO_FUNC_TYPE func;
+ BIO *bio_err;
+
+ if (argc < 2)
+ { fprintf (stderr,"usage: %s libcrypto.dso\n",argv[0]);
+ return 1;
+ }
+
+ if ((bio_err=BIO_new(BIO_s_file())) == NULL)
+ { fprintf (stderr,"unable to allocate BIO\n");
+ return 1;
+ }
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ ERR_load_crypto_strings();
+
+ dso = DSO_load(NULL,argv[1],NULL,DSO_FLAG_NO_NAME_TRANSLATION);
+ if (dso == NULL)
+ { ERR_print_errors(bio_err);
+ return 1;
+ }
+
+ /* This is not normally reached, because FINGERPRINT_premain should
+ * have executed and terminated application already upon DSO_load... */
+ func = DSO_bind_func(dso,"FINGERPRINT_premain");
+ if (func == NULL)
+ { ERR_print_errors(bio_err);
+ return 1;
+ }
+
+ (*func)();
+
+ return 0;
+}
+
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/fips_test_suite.c b/src/lib/libssl/src/fips-1.0/fips_test_suite.c
new file mode 100644
index 0000000000..904ff97577
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/fips_test_suite.c
@@ -0,0 +1,510 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ *
+ * This command is intended as a test driver for the FIPS-140 testing
+ * lab performing FIPS-140 validation. It demonstrates the use of the
+ * OpenSSL library ito perform a variety of common cryptographic
+ * functions. A power-up self test is demonstrated by deliberately
+ * pointing to an invalid executable hash
+ *
+ * Contributed by Steve Marquess.
+ *
+ */
+#include <stdio.h>
+#include <assert.h>
+#include <ctype.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/aes.h>
+#include <openssl/des.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/hmac.h>
+#include <openssl/fips_sha.h>
+#include <openssl/md5.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_FIPS
+int main(int argc, char *argv[])
+ {
+ printf("No FIPS support\n");
+ return(0);
+ }
+#else
+
+/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
+*/
+static int FIPS_aes_test()
+ {
+ unsigned char userkey[16] = { 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xf0, 0x0d };
+ unsigned char plaintext[16] = "etaonrishdlcu";
+ unsigned char ciphertext[16];
+ unsigned char buf[16];
+ AES_KEY key;
+ AES_KEY dkey;
+
+ ERR_clear_error();
+ if (AES_set_encrypt_key( userkey, 128, &key ))
+ return 0;
+ AES_encrypt( plaintext, ciphertext, &key);
+ if (AES_set_decrypt_key( userkey, 128, &dkey ))
+ return 0;
+ AES_decrypt( ciphertext, buf, &dkey);
+ if (memcmp(buf, plaintext, sizeof(buf)))
+ return 0;
+ return 1;
+ }
+
+/* DES: encrypt and decrypt known plaintext, verify result matches original plaintext
+*/
+static int FIPS_des_test()
+ {
+ DES_cblock userkey = { 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xf0, 0x0d };
+ DES_cblock plaintext = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
+
+ DES_key_schedule key;
+ DES_cblock ciphertext;
+ DES_cblock buf;
+
+ ERR_clear_error();
+ if (DES_set_key(&userkey, &key) < 0)
+ return 0;
+ DES_ecb_encrypt( &plaintext, &ciphertext, &key, 1);
+ DES_ecb_encrypt( &ciphertext, &buf, &key, 0);
+ if (memcmp(buf, plaintext, sizeof(buf)))
+ return 0;
+ return 1;
+ }
+
+/* DSA: generate key and sign a known digest, then verify the signature
+ * against the digest
+*/
+static int FIPS_dsa_test()
+ {
+ DSA *dsa = NULL;
+ unsigned char dgst[] = "etaonrishdlc";
+ unsigned char sig[256];
+ unsigned int siglen;
+
+ ERR_clear_error();
+ dsa = DSA_generate_parameters(512,NULL,0,NULL,NULL,NULL,NULL);
+ if (!dsa)
+ return 0;
+ if (!DSA_generate_key(dsa))
+ return 0;
+ if ( DSA_sign(0,dgst,sizeof(dgst) - 1,sig,&siglen,dsa) != 1 )
+ return 0;
+ if ( DSA_verify(0,dgst,sizeof(dgst) - 1,sig,siglen,dsa) != 1 )
+ return 0;
+ DSA_free(dsa);
+ return 1;
+ }
+
+/* RSA: generate keys and encrypt and decrypt known plaintext, verify result
+ * matches the original plaintext
+*/
+static int FIPS_rsa_test()
+ {
+ RSA *key;
+ unsigned char input_ptext[] = "etaonrishdlc";
+ unsigned char ctext[256];
+ unsigned char ptext[256];
+ int n;
+
+ ERR_clear_error();
+ key = RSA_generate_key(1024,65537,NULL,NULL);
+ if (!key)
+ return 0;
+ n = RSA_size(key);
+ n = RSA_public_encrypt(sizeof(input_ptext) - 1,input_ptext,ctext,key,RSA_PKCS1_PADDING);
+ if (n < 0)
+ return 0;
+ n = RSA_private_decrypt(n,ctext,ptext,key,RSA_PKCS1_PADDING);
+ if (n < 0)
+ return 0;
+ RSA_free(key);
+ if (memcmp(input_ptext,ptext,sizeof(input_ptext) - 1))
+ return 0;
+ return 1;
+ }
+
+/* SHA1: generate hash of known digest value and compare to known
+ precomputed correct hash
+*/
+static int FIPS_sha1_test()
+ {
+ unsigned char digest[SHA_DIGEST_LENGTH] =
+ { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
+ unsigned char str[] = "etaonrishd";
+
+ unsigned char md[SHA_DIGEST_LENGTH];
+
+ ERR_clear_error();
+ if (!SHA1(str,sizeof(str) - 1,md)) return 0;
+ if (memcmp(md,digest,sizeof(md)))
+ return 0;
+ return 1;
+ }
+
+/* SHA256: generate hash of known digest value and compare to known
+ precomputed correct hash
+*/
+static int FIPS_sha256_test()
+ {
+ unsigned char digest[SHA256_DIGEST_LENGTH] =
+ {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
+ 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
+ unsigned char str[] = "etaonrishd";
+
+ unsigned char md[SHA256_DIGEST_LENGTH];
+
+ ERR_clear_error();
+ if (!SHA256(str,sizeof(str) - 1,md)) return 0;
+ if (memcmp(md,digest,sizeof(md)))
+ return 0;
+ return 1;
+ }
+
+/* SHA512: generate hash of known digest value and compare to known
+ precomputed correct hash
+*/
+static int FIPS_sha512_test()
+ {
+ unsigned char digest[SHA512_DIGEST_LENGTH] =
+ {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
+ 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
+ 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
+ 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
+ unsigned char str[] = "etaonrishd";
+
+ unsigned char md[SHA512_DIGEST_LENGTH];
+
+ ERR_clear_error();
+ if (!SHA512(str,sizeof(str) - 1,md)) return 0;
+ if (memcmp(md,digest,sizeof(md)))
+ return 0;
+ return 1;
+ }
+
+/* HMAC-SHA1: generate hash of known digest value and compare to known
+ precomputed correct hash
+*/
+static int FIPS_hmac_sha1_test()
+ {
+ unsigned char key[] = "etaonrishd";
+ unsigned char iv[] = "Sample text";
+ unsigned char kaval[EVP_MAX_MD_SIZE] =
+ {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
+ 0xb2, 0xfb, 0xec, 0xc6};
+
+ unsigned char out[EVP_MAX_MD_SIZE];
+ unsigned int outlen;
+
+ ERR_clear_error();
+ if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
+ if (memcmp(out,kaval,outlen))
+ return 0;
+ return 1;
+ }
+
+/* HMAC-SHA224: generate hash of known digest value and compare to known
+ precomputed correct hash
+*/
+static int FIPS_hmac_sha224_test()
+ {
+ unsigned char key[] = "etaonrishd";
+ unsigned char iv[] = "Sample text";
+ unsigned char kaval[EVP_MAX_MD_SIZE] =
+ {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
+ 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
+
+ unsigned char out[EVP_MAX_MD_SIZE];
+ unsigned int outlen;
+
+ ERR_clear_error();
+ if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
+ if (memcmp(out,kaval,outlen))
+ return 0;
+ return 1;
+ }
+
+/* HMAC-SHA256: generate hash of known digest value and compare to known
+ precomputed correct hash
+*/
+static int FIPS_hmac_sha256_test()
+ {
+ unsigned char key[] = "etaonrishd";
+ unsigned char iv[] = "Sample text";
+ unsigned char kaval[EVP_MAX_MD_SIZE] =
+ {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
+ 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
+
+ unsigned char out[EVP_MAX_MD_SIZE];
+ unsigned int outlen;
+
+ ERR_clear_error();
+ if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
+ if (memcmp(out,kaval,outlen))
+ return 0;
+ return 1;
+ }
+
+/* HMAC-SHA384: generate hash of known digest value and compare to known
+ precomputed correct hash
+*/
+static int FIPS_hmac_sha384_test()
+ {
+ unsigned char key[] = "etaonrishd";
+ unsigned char iv[] = "Sample text";
+ unsigned char kaval[EVP_MAX_MD_SIZE] =
+ {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
+ 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
+ 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
+
+ unsigned char out[EVP_MAX_MD_SIZE];
+ unsigned int outlen;
+
+ ERR_clear_error();
+ if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
+ if (memcmp(out,kaval,outlen))
+ return 0;
+ return 1;
+ }
+
+/* HMAC-SHA512: generate hash of known digest value and compare to known
+ precomputed correct hash
+*/
+static int FIPS_hmac_sha512_test()
+ {
+ unsigned char key[] = "etaonrishd";
+ unsigned char iv[] = "Sample text";
+ unsigned char kaval[EVP_MAX_MD_SIZE] =
+ {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
+ 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
+ 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
+ 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
+
+ unsigned char out[EVP_MAX_MD_SIZE];
+ unsigned int outlen;
+
+ ERR_clear_error();
+ if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
+ if (memcmp(out,kaval,outlen))
+ return 0;
+ return 1;
+ }
+
+/* MD5: generate hash of known digest value and compare to known
+ precomputed correct hash
+*/
+static int md5_test()
+ {
+ unsigned char digest[MD5_DIGEST_LENGTH] =
+ { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
+ unsigned char str[] = "etaonrishd";
+
+ unsigned char md[MD5_DIGEST_LENGTH];
+
+ ERR_clear_error();
+ if (!MD5(str,sizeof(str) - 1,md))
+ return 0;
+ if (memcmp(md,digest,sizeof(md)))
+ return 0;
+ return 1;
+ }
+
+/* DH: generate shared parameters
+*/
+static int dh_test()
+ {
+ DH *dh;
+
+ ERR_clear_error();
+ dh = DH_generate_parameters(256, 2, NULL, NULL);
+ if (dh)
+ return 1;
+ return 0;
+ }
+
+/* Zeroize
+*/
+static int Zeroize()
+ {
+ RSA *key;
+ unsigned char userkey[16] =
+ { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
+ int i, n;
+
+ key = RSA_generate_key(1024,65537,NULL,NULL);
+ if (!key)
+ return 0;
+ n = BN_num_bytes(key->d);
+ printf(" Generated %d byte RSA private key\n", n);
+ printf("\tBN key before overwriting:\n%s\n", BN_bn2hex(key->d));
+ BN_rand(key->d,n*8,-1,0);
+ printf("\tBN key after overwriting:\n%s\n", BN_bn2hex(key->d));
+
+ printf("\tchar buffer key before overwriting: \n\t\t");
+ for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
+ printf("\n");
+ RAND_bytes(userkey, sizeof userkey);
+ printf("\tchar buffer key after overwriting: \n\t\t");
+ for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
+ printf("\n");
+
+ return 1;
+ }
+
+static int Error;
+const char * Fail(const char *msg)
+ {
+ Error++;
+ return msg;
+ }
+
+int main(int argc,char **argv)
+ {
+
+ printf("\tFIPS-mode test application\n\n");
+
+ /* Load entropy from external file, if any */
+ RAND_load_file(".rnd", 1024);
+
+ if (argv[1]) {
+ /* Corrupted KAT tests */
+ if (!strcmp(argv[1], "aes")) {
+ FIPS_corrupt_aes();
+ printf("AES encryption/decryption with corrupted KAT...\n");
+ } else if (!strcmp(argv[1], "des")) {
+ FIPS_corrupt_des();
+ printf("DES-ECB encryption/decryption with corrupted KAT...\n");
+ } else if (!strcmp(argv[1], "dsa")) {
+ FIPS_corrupt_dsa();
+ printf("DSA key generation and signature validation with corrupted KAT...\n");
+ } else if (!strcmp(argv[1], "rsa")) {
+ FIPS_corrupt_rsa();
+ printf("RSA key generation and encryption/decryption with corrupted KAT...\n");
+ } else if (!strcmp(argv[1], "sha1")) {
+ FIPS_corrupt_sha1();
+ printf("SHA-1 hash with corrupted KAT...\n");
+ } else if (!strcmp(argv[1], "rng")) {
+ FIPS_corrupt_rng();
+ printf("RNG test with corrupted KAT...\n");
+ } else {
+ printf("Bad argument \"%s\"\n", argv[1]);
+ exit(1);
+ }
+ if (!FIPS_mode_set(1))
+ {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+ printf("Power-up self test failed\n");
+ exit(1);
+ }
+ printf("Power-up self test successful\n");
+ exit(0);
+ }
+
+ /* Non-Approved cryptographic operation
+ */
+ printf("1. Non-Approved cryptographic operation test...\n");
+ printf("\ta. Excluded algorithm (MD5)...");
+ printf( md5_test() ? "successful\n" : Fail("FAILED!\n") );
+ printf("\tb. Included algorithm (D-H)...");
+ printf( dh_test() ? "successful\n" : Fail("FAILED!\n") );
+
+ /* Power-up self test
+ */
+ ERR_clear_error();
+ printf("2. Automatic power-up self test...");
+ if (!FIPS_mode_set(1))
+ {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+ printf(Fail("FAILED!\n"));
+ exit(1);
+ }
+ printf("successful\n");
+
+ /* AES encryption/decryption
+ */
+ printf("3. AES encryption/decryption...");
+ printf( FIPS_aes_test() ? "successful\n" : Fail("FAILED!\n") );
+
+ /* RSA key generation and encryption/decryption
+ */
+ printf("4. RSA key generation and encryption/decryption...");
+ printf( FIPS_rsa_test() ? "successful\n" : Fail("FAILED!\n") );
+
+ /* DES-CBC encryption/decryption
+ */
+ printf("5. DES-ECB encryption/decryption...");
+ printf( FIPS_des_test() ? "successful\n" : Fail("FAILED!\n") );
+
+ /* DSA key generation and signature validation
+ */
+ printf("6. DSA key generation and signature validation...");
+ printf( FIPS_dsa_test() ? "successful\n" : Fail("FAILED!\n") );
+
+ /* SHA-1 hash
+ */
+ printf("7a. SHA-1 hash...");
+ printf( FIPS_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
+
+ /* SHA-256 hash
+ */
+ printf("7b. SHA-256 hash...");
+ printf( FIPS_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
+
+ /* SHA-512 hash
+ */
+ printf("7c. SHA-512 hash...");
+ printf( FIPS_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
+
+ /* HMAC-SHA-1 hash
+ */
+ printf("7d. SHA-1 hash...");
+ printf( FIPS_hmac_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
+
+ /* HMAC-SHA-224 hash
+ */
+ printf("7e. SHA-224 hash...");
+ printf( FIPS_hmac_sha224_test() ? "successful\n" : Fail("FAILED!\n") );
+
+ /* HMAC-SHA-256 hash
+ */
+ printf("7f. SHA-256 hash...");
+ printf( FIPS_hmac_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
+
+ /* HMAC-SHA-384 hash
+ */
+ printf("7g. SHA-384 hash...");
+ printf( FIPS_hmac_sha384_test() ? "successful\n" : Fail("FAILED!\n") );
+
+ /* HMAC-SHA-512 hash
+ */
+ printf("7h. SHA-512 hash...");
+ printf( FIPS_hmac_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
+
+ /* Non-Approved cryptographic operation
+ */
+ printf("8. Non-Approved cryptographic operation test...\n");
+ printf("\ta. Excluded algorithm (MD5)...");
+ printf( md5_test() ? Fail("passed INCORRECTLY!\n")
+ : "failed as expected\n" );
+ printf("\tb. Included algorithm (D-H)...");
+ printf( dh_test() ? "successful as expected\n"
+ : Fail("failed INCORRECTLY!\n") );
+
+ /* Zeroization
+ */
+ printf("9. Zero-ization...\n");
+ Zeroize();
+
+ printf("\nAll tests completed with %d errors\n", Error);
+ return 0;
+ }
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/fipshashes.c b/src/lib/libssl/src/fips-1.0/fipshashes.c
new file mode 100644
index 0000000000..b96fe2c51c
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/fipshashes.c
@@ -0,0 +1,43 @@
+const char * const FIPS_source_hashes[] = {
+"HMAC-SHA1(Makefile)= 369e2e023b73789e6af4b8fa2503a7b909c4c3f0",
+"HMAC-SHA1(fips.c)= 3a2deb3c319512952bf5547ed92116a7e0db472b",
+"HMAC-SHA1(fips_err_wrapper.c)= d3e2be316062510312269e98f964cb87e7577898",
+"HMAC-SHA1(fips.h)= 57d602d18efe0594f806fbcc64269e9440638ef4",
+"HMAC-SHA1(fips_err.h)= e0649ee1d60c8162f7eeb293f89f3b63ac85202a",
+"HMAC-SHA1(fips_locl.h)= f90a23c7f68642727012bbfd48ed58706383ad71",
+"HMAC-SHA1(fips_canister.c)= da6d0f5daf9594881fd060773a5f3e057ba302ff",
+"HMAC-SHA1(fips_premain.c)= 6a08d15c578f1258246181bf52134ae974aa5a80",
+"HMAC-SHA1(aes/fips_aes_core.c)= b70bbbd675efe0613da0d57055310926a0104d55",
+"HMAC-SHA1(aes/asm/fips-ax86-elf.s)= f797b524a79196e7f59458a5b223432fcfd4a868",
+"HMAC-SHA1(aes/fips_aes_selftest.c)= 98b01502221e7fe529fd981222f2cbb52eb4cbe0",
+"HMAC-SHA1(aes/fips_aes_locl.h)= a98eb0aa449f1d95b8064e261b2ac2b1f328685e",
+"HMAC-SHA1(des/fips_des_enc.c)= 9527f8ea81602358f1aa11348237fdb1e9eeff32",
+"HMAC-SHA1(des/asm/fips-dx86-elf.s)= 9570b03422ffbe5d3d090f91758ebfd46acd5d57",
+"HMAC-SHA1(des/fips_des_selftest.c)= 3bc574e51647c5f5ab45d1007b2cf461d67764a9",
+"HMAC-SHA1(des/fips_set_key.c)= cd1ba25d29376849523a9ddc194c3156a8a7a913",
+"HMAC-SHA1(des/fips_des_locl.h)= e008da40dc6913e374edd66a20d44e1752f00583",
+"HMAC-SHA1(dh/fips_dh_check.c)= 63347e2007e224381d4a7b6d871633889de72cf3",
+"HMAC-SHA1(dh/fips_dh_gen.c)= 93fe69b758ca9d70d70cda1c57fff4eb5c668e85",
+"HMAC-SHA1(dh/fips_dh_key.c)= 2d79eb8d59929ec129d34f53b5aded4a290a28ca",
+"HMAC-SHA1(dsa/fips_dsa_ossl.c)= 2fadb271897a775f023393aa22ddede8a76eec0d",
+"HMAC-SHA1(dsa/fips_dsa_gen.c)= 78c879484fd849312ca4828b957df3842b70efc0",
+"HMAC-SHA1(dsa/fips_dsa_selftest.c)= 7c2ba8d82feda2aadc8b769a3b6c4c25a6356e01",
+"HMAC-SHA1(rand/fips_rand.c)= 7e3964447a81cfe4e75df981827d14a5fe0c2923",
+"HMAC-SHA1(rand/fips_rand.h)= bf009ea8963e79b1e414442ede9ae7010a03160b",
+"HMAC-SHA1(rand/fips_rand_selftest.c)= 5661f383decf0708d0230409fe1564223e834a3b",
+"HMAC-SHA1(rsa/fips_rsa_eay.c)= 2512f849a220daa083f346b10effdb2ee96d4395",
+"HMAC-SHA1(rsa/fips_rsa_gen.c)= 577466931c054d99caf4ac2aefff0e35efd94024",
+"HMAC-SHA1(rsa/fips_rsa_selftest.c)= a9dc47bd1001f795d1565111d26433c300101e06",
+"HMAC-SHA1(rsa/fips_rsa_x931g.c)= 1827d381bb21c53a38a7194cb1c428a2b5f1e3ab",
+"HMAC-SHA1(sha/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04",
+"HMAC-SHA1(sha/fips_standalone_sha1.c)= 46a66875e68398eabca2e933958a2d865149ca1b",
+"HMAC-SHA1(sha/fips_sha1_selftest.c)= a08f9c1e2c0f63b9aa96b927c0333a03b020749f",
+"HMAC-SHA1(sha/asm/fips-sx86-elf.s)= ae66fb23ab8e1a2287e87a0a2dd30a4b9039fe63",
+"HMAC-SHA1(sha/fips_sha_locl.h)= 30b6d6bdbdc9db0d66dc89010c1f4fe1c7b60574",
+"HMAC-SHA1(sha/fips_md32_common.h)= c34d8b7785d3194ff968cf6d3efdd2bfcaec1fad",
+"HMAC-SHA1(sha/fips_sha.h)= cbe98c211cff1684adfa3fe6e6225e92a0a25f6c",
+"HMAC-SHA1(sha/fips_sha256.c)= 97e6dee22a1fe993cc48aa8ff37af10701d7f599",
+"HMAC-SHA1(sha/fips_sha512.c)= 74e6ef26de96f774d233888b831289e69834dd79",
+"HMAC-SHA1(hmac/fips_hmac.c)= a477cec1da76c0092979c4a875b6469339bff7ef",
+"HMAC-SHA1(hmac/fips_hmac_selftest.c)= ebb32b205babf4300017de767fd6e3f1879765c9",
+};
diff --git a/src/lib/libssl/src/fips-1.0/fipsld b/src/lib/libssl/src/fips-1.0/fipsld
new file mode 100755
index 0000000000..819f68731f
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/fipsld
@@ -0,0 +1,147 @@
+#!/bin/sh -e
+#
+# Copyright (c) 2005 The OpenSSL Project.
+#
+# Depending on output file name, the script either embeds fingerprint
+# into libcrypto.so or static application. "Static" refers to static
+# libcrypto.a, not [necessarily] application per se.
+#
+# Even though this script is called fipsld, it expects C compiler
+# command line syntax and $FIPSLD_CC or $CC environment variable set
+# and can even be used to compile source files.
+
+#set -x
+
+CC=${FIPSLD_CC:-${CC}}
+[ -n "${CC}" ] || { echo '$CC is not defined'; exit 1; }
+
+# Initially -c wasn't intended to be interpreted here, but it might
+# make life easier for those who want to build FIPS-ified applications
+# with minimal [if any] modifications to their Makefiles...
+( while [ "x$1" != "x" -a "x$1" != "x-c" ]; do shift; done;
+ [ $# -ge 1 ]
+) && exec ${CC} "$@"
+
+# Turn on debugging output?
+( while [ "x$1" != "x" -a "x$1" != "x-DDEBUG_FINGERPRINT_PREMAIN" ]; do shift; done;
+ [ $# -ge 1 ]
+) && set -x
+
+TARGET=`(while [ "x$1" != "x" -a "x$1" != "x-o" ]; do shift; done; echo $2)`
+[ -n "${TARGET}" ] || { echo 'no -o specified'; exit 1; }
+
+THERE="`echo $0 | sed -e 's|[^/]*$||'`"..
+
+# Location of installed validated FIPS module
+FIPSLIBDIR=${FIPSLIBDIR:-/usr/local/ssl/lib}
+# If this is a build from a validated tarball use this instead
+# FIPSLIBDIR=${THERE}/fips-1.0
+
+[ -f "${FIPSLIBDIR}/fipscanister.o" ] ||
+ { echo "fipscanister.o not found"; exit 1; }
+
+HMAC_KEY="etaonrishdlcupfm"
+
+case "`(uname -s) 2>/dev/null`" in
+OSF1|IRIX*) _WL_PREMAIN="-Wl,-init,FINGERPRINT_premain" ;;
+HP-UX) _WL_PREMAIN="-Wl,+init,FINGERPRINT_premain" ;;
+AIX) _WL_PREMAIN="-Wl,-binitfini:FINGERPRINT_premain";;
+Darwin) ( while [ "x$1" != "x" -a "x$1" != "x-dynamiclib" ]; do shift; done;
+ [ $# -ge 1 ]
+ ) && _WL_PREMAIN="-Wl,-init,_FINGERPRINT_premain" ;;
+esac
+
+case "${TARGET}" in
+[!/]*) TARGET=./${TARGET} ;;
+esac
+
+case "${TARGET}" in
+*libcrypto*|*.dll) # must be linking a shared lib...
+ # Shared lib creation can be taking place in the source
+ # directory only!!!
+ FINGERTYPE="${THERE}/fips-1.0/sha/fips_standalone_sha1"
+ CANISTER_O="${FIPSLIBDIR}/fipscanister.o"
+ PREMAIN_C="${FIPSLIBDIR}/fips_premain.c"
+
+echo Canister: $CANISTER_O
+
+ # verify fipscanister.o against its detached signature...
+ ${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
+ diff -w "${CANISTER_O}.sha1" - || \
+ { echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
+
+ # verify fips_premain.c against its signature embedded into
+ # fipscanister.o...
+ SIG=`${FINGERTYPE} "${PREMAIN_C}" | sed -n "s/(.*\//(/;/^./p"`
+ REF=`strings "${CANISTER_O}" | grep "HMAC-SHA1(fips_premain\\.c)"`
+ [ "${SIG}" = "${REF}" ] || \
+ { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
+
+ # Temporarily remove fipscanister.o from libcrypto.a!
+ # We are required to use the standalone copy...
+ trap 'ar r "${THERE}/libcrypto.a" "${CANISTER_O}";
+ (ranlib "${THERE}/libcrypto.a") 2>/dev/null;
+ sleep 1;
+ touch -c "${TARGET}"' 0
+
+ ar d "${THERE}/libcrypto.a" fipscanister.o 2>&1 > /dev/null || :
+ (ranlib "${THERE}/libcrypto.a") 2>/dev/null || :
+
+ ${CC} "${CANISTER_O}" \
+ "${PREMAIN_C}" \
+ ${_WL_PREMAIN} "$@"
+
+ # generate signature...
+ SIG=`("${THERE}/fips-1.0/fips_premain_dso" "${TARGET}" || rm "${TARGET}")`
+ if [ -z "${SIG}" ]; then
+ echo "unable to collect signature"; exit 1
+ fi
+
+ # recompile with signature...
+ ${CC} "${CANISTER_O}" \
+ -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
+ ${_WL_PREMAIN} "$@"
+ ;;
+
+*) # must be linking statically...
+ # Static linking can be taking place either in the source
+ # directory or off the installed binary target destination.
+ if [ -x "${THERE}/fips-1.0/sha/fips_standalone_sha1" ]; then
+ FINGERTYPE="${THERE}/fips-1.0/sha/fips_standalone_sha1"
+ else # Installed tree is expected to contain
+ # lib/fipscanister.o, lib/fipscanister.o.sha1 and
+ # lib/fips_premain.c [not to mention bin/openssl].
+ FINGERTYPE="${THERE}/bin/openssl sha1 -hmac ${HMAC_KEY}"
+ fi
+
+ CANISTER_O="${FIPSLIBDIR}/fipscanister.o"
+ PREMAIN_C="${FIPSLIBDIR}/fips_premain.c"
+
+ # verify fipscanister.o against its detached signature...
+ ${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
+ diff -w "${CANISTER_O}.sha1" - || \
+ { echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
+
+ # verify fips_premain.c against its signature embedded into
+ # fipscanister.o...
+ SIG=`${FINGERTYPE} "${PREMAIN_C}" | sed -n "s/(.*\//(/;/^./p"`
+ REF=`strings "${CANISTER_O}" | grep "HMAC-SHA1(fips_premain\\.c)"`
+ [ "${SIG}" = "${REF}" ] || \
+ { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
+
+ ${CC} "${CANISTER_O}" \
+ "${PREMAIN_C}" \
+ ${_WL_PREMAIN} "$@"
+
+ # generate signature...
+ SIG=`("${TARGET}" || /bin/rm "${TARGET}")`
+ if [ -z "${SIG}" ]; then
+ echo "unable to collect signature"; exit 1
+ fi
+
+ # recompile with signature...
+ ${CC} "${CANISTER_O}" \
+ -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
+ ${_WL_PREMAIN} "$@"
+ ;;
+esac
diff --git a/src/lib/libssl/src/fips-1.0/hmac/Makefile b/src/lib/libssl/src/fips-1.0/hmac/Makefile
new file mode 100644
index 0000000000..a5e777f71a
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/hmac/Makefile
@@ -0,0 +1,155 @@
+#
+# OpenSSL/fips-1.0/hmac/Makefile
+#
+
+DIR= hmac
+TOP= ../..
+CC= cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR= /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE= Makefile
+AR= ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=fips_hmactest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=fips_hmac.c fips_hmac_selftest.c
+LIBOBJ=fips_hmac.o fips_hmac_selftest.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=
+HEADER= $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ @echo $(LIBOBJ) > lib
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+
+install:
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+Q=../testvectors/hmac/req
+A=../testvectors/hmac/rsp
+
+fips_test:
+ -rm -rf $(A)
+ mkdir $(A)
+ if [ -f $(Q)/HMAC.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_hmactest < $(Q)/HMAC.req > $(A)/HMAC.rsp; fi
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips_hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_hmac.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+fips_hmac.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+fips_hmac.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fips_hmac.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+fips_hmac.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+fips_hmac.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+fips_hmac.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+fips_hmac.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+fips_hmac.o: ../../include/openssl/objects.h
+fips_hmac.o: ../../include/openssl/opensslconf.h
+fips_hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+fips_hmac.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+fips_hmac.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+fips_hmac.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+fips_hmac.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_hmac.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fips_hmac.o: ../../include/openssl/ui_compat.h fips_hmac.c
+fips_hmac_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_hmac_selftest.o: ../../include/openssl/bio.h
+fips_hmac_selftest.o: ../../include/openssl/blowfish.h
+fips_hmac_selftest.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+fips_hmac_selftest.o: ../../include/openssl/crypto.h
+fips_hmac_selftest.o: ../../include/openssl/des.h
+fips_hmac_selftest.o: ../../include/openssl/des_old.h
+fips_hmac_selftest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_hmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_hmac_selftest.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+fips_hmac_selftest.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+fips_hmac_selftest.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+fips_hmac_selftest.o: ../../include/openssl/mdc2.h
+fips_hmac_selftest.o: ../../include/openssl/obj_mac.h
+fips_hmac_selftest.o: ../../include/openssl/objects.h
+fips_hmac_selftest.o: ../../include/openssl/opensslconf.h
+fips_hmac_selftest.o: ../../include/openssl/opensslv.h
+fips_hmac_selftest.o: ../../include/openssl/ossl_typ.h
+fips_hmac_selftest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+fips_hmac_selftest.o: ../../include/openssl/rc5.h
+fips_hmac_selftest.o: ../../include/openssl/ripemd.h
+fips_hmac_selftest.o: ../../include/openssl/rsa.h
+fips_hmac_selftest.o: ../../include/openssl/safestack.h
+fips_hmac_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_hmac_selftest.o: ../../include/openssl/symhacks.h
+fips_hmac_selftest.o: ../../include/openssl/ui.h
+fips_hmac_selftest.o: ../../include/openssl/ui_compat.h fips_hmac_selftest.c
+fips_hmactest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_hmactest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+fips_hmactest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_hmactest.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+fips_hmactest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fips_hmactest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+fips_hmactest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_hmactest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_hmactest.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+fips_hmactest.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+fips_hmactest.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+fips_hmactest.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+fips_hmactest.o: ../../include/openssl/objects.h
+fips_hmactest.o: ../../include/openssl/opensslconf.h
+fips_hmactest.o: ../../include/openssl/opensslv.h
+fips_hmactest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_hmactest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+fips_hmactest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+fips_hmactest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+fips_hmactest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_hmactest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fips_hmactest.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+fips_hmactest.o: ../../include/openssl/x509_vfy.h
+fips_hmactest.o: ../../include/openssl/x509v3.h fips_hmactest.c
diff --git a/src/lib/libssl/src/fips-1.0/hmac/fips_hmac.c b/src/lib/libssl/src/fips-1.0/hmac/fips_hmac.c
new file mode 100644
index 0000000000..b36f163748
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/hmac/fips_hmac.c
@@ -0,0 +1,190 @@
+/* crypto/hmac/hmac.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/hmac.h>
+
+#ifdef OPENSSL_FIPS
+
+void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+ const EVP_MD *md, ENGINE *impl)
+ {
+ int i,j,reset=0;
+ unsigned char pad[HMAC_MAX_MD_CBLOCK];
+
+ if (md != NULL)
+ {
+ reset=1;
+ ctx->md=md;
+ }
+ else
+ md=ctx->md;
+
+ if (key != NULL)
+ {
+ if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS)
+ && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
+ || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
+ || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
+ OpenSSLDie(__FILE__,__LINE__,
+ "HMAC: digest not allowed in FIPS mode");
+
+ reset=1;
+ j=EVP_MD_block_size(md);
+ OPENSSL_assert(j <= sizeof ctx->key);
+ if (j < len)
+ {
+ EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
+ EVP_DigestUpdate(&ctx->md_ctx,key,len);
+ EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
+ &ctx->key_length);
+ }
+ else
+ {
+ OPENSSL_assert(len <= sizeof ctx->key);
+ memcpy(ctx->key,key,len);
+ ctx->key_length=len;
+ }
+ if(ctx->key_length != HMAC_MAX_MD_CBLOCK)
+ memset(&ctx->key[ctx->key_length], 0,
+ HMAC_MAX_MD_CBLOCK - ctx->key_length);
+ }
+
+ if (reset)
+ {
+ for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
+ pad[i]=0x36^ctx->key[i];
+ EVP_DigestInit_ex(&ctx->i_ctx,md, impl);
+ EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md));
+
+ for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
+ pad[i]=0x5c^ctx->key[i];
+ EVP_DigestInit_ex(&ctx->o_ctx,md, impl);
+ EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md));
+ }
+ EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);
+ }
+
+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+ const EVP_MD *md)
+ {
+ if(key && md)
+ HMAC_CTX_init(ctx);
+ HMAC_Init_ex(ctx,key,len,md, NULL);
+ }
+
+void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len)
+ {
+ EVP_DigestUpdate(&ctx->md_ctx,data,len);
+ }
+
+void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+ {
+ int j;
+ unsigned int i;
+ unsigned char buf[EVP_MAX_MD_SIZE];
+
+ j=EVP_MD_block_size(ctx->md);
+
+ EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
+ EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
+ EVP_DigestUpdate(&ctx->md_ctx,buf,i);
+ EVP_DigestFinal_ex(&ctx->md_ctx,md,len);
+ }
+
+void HMAC_CTX_init(HMAC_CTX *ctx)
+ {
+ EVP_MD_CTX_init(&ctx->i_ctx);
+ EVP_MD_CTX_init(&ctx->o_ctx);
+ EVP_MD_CTX_init(&ctx->md_ctx);
+ }
+
+void HMAC_CTX_cleanup(HMAC_CTX *ctx)
+ {
+ EVP_MD_CTX_cleanup(&ctx->i_ctx);
+ EVP_MD_CTX_cleanup(&ctx->o_ctx);
+ EVP_MD_CTX_cleanup(&ctx->md_ctx);
+ memset(ctx,0,sizeof *ctx);
+ }
+
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+ const unsigned char *d, int n, unsigned char *md,
+ unsigned int *md_len)
+ {
+ HMAC_CTX c;
+ static unsigned char m[EVP_MAX_MD_SIZE];
+
+ if (md == NULL) md=m;
+ HMAC_CTX_init(&c);
+ HMAC_Init(&c,key,key_len,evp_md);
+ HMAC_Update(&c,d,n);
+ HMAC_Final(&c,md,md_len);
+ HMAC_CTX_cleanup(&c);
+ return(md);
+ }
+
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
+ {
+ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
+ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
+ EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
+ }
+
+#endif
+
diff --git a/src/lib/libssl/src/fips-1.0/hmac/fips_hmac_selftest.c b/src/lib/libssl/src/fips-1.0/hmac/fips_hmac_selftest.c
new file mode 100644
index 0000000000..fc599b75ef
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/hmac/fips_hmac_selftest.c
@@ -0,0 +1,135 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/hmac.h>
+
+#ifdef OPENSSL_FIPS
+typedef struct {
+ const EVP_MD *(*alg)(void);
+ const char *key, *iv;
+ unsigned char kaval[EVP_MAX_MD_SIZE];
+} HMAC_KAT;
+
+static const HMAC_KAT vector[] = {
+ { EVP_sha1,
+ /* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */
+ "0123456789:;<=>?@ABC",
+ "Sample #2",
+ { 0x09,0x22,0xd3,0x40,0x5f,0xaa,0x3d,0x19,
+ 0x4f,0x82,0xa4,0x58,0x30,0x73,0x7d,0x5c,
+ 0xc6,0xc7,0x5d,0x24 }
+ },
+ { EVP_sha224,
+ /* just keep extending the above... */
+ "0123456789:;<=>?@ABC",
+ "Sample #2",
+ { 0xdd,0xef,0x0a,0x40,0xcb,0x7d,0x50,0xfb,
+ 0x6e,0xe6,0xce,0xa1,0x20,0xba,0x26,0xaa,
+ 0x08,0xf3,0x07,0x75,0x87,0xb8,0xad,0x1b,
+ 0x8c,0x8d,0x12,0xc7 }
+ },
+ { EVP_sha256,
+ "0123456789:;<=>?@ABC",
+ "Sample #2",
+ { 0xb8,0xf2,0x0d,0xb5,0x41,0xea,0x43,0x09,
+ 0xca,0x4e,0xa9,0x38,0x0c,0xd0,0xe8,0x34,
+ 0xf7,0x1f,0xbe,0x91,0x74,0xa2,0x61,0x38,
+ 0x0d,0xc1,0x7e,0xae,0x6a,0x34,0x51,0xd9 }
+ },
+ { EVP_sha384,
+ "0123456789:;<=>?@ABC",
+ "Sample #2",
+ { 0x08,0xbc,0xb0,0xda,0x49,0x1e,0x87,0xad,
+ 0x9a,0x1d,0x6a,0xce,0x23,0xc5,0x0b,0xf6,
+ 0xb7,0x18,0x06,0xa5,0x77,0xcd,0x49,0x04,
+ 0x89,0xf1,0xe6,0x23,0x44,0x51,0x51,0x9f,
+ 0x85,0x56,0x80,0x79,0x0c,0xbd,0x4d,0x50,
+ 0xa4,0x5f,0x29,0xe3,0x93,0xf0,0xe8,0x7f }
+ },
+ { EVP_sha512,
+ "0123456789:;<=>?@ABC",
+ "Sample #2",
+ { 0x80,0x9d,0x44,0x05,0x7c,0x5b,0x95,0x41,
+ 0x05,0xbd,0x04,0x13,0x16,0xdb,0x0f,0xac,
+ 0x44,0xd5,0xa4,0xd5,0xd0,0x89,0x2b,0xd0,
+ 0x4e,0x86,0x64,0x12,0xc0,0x90,0x77,0x68,
+ 0xf1,0x87,0xb7,0x7c,0x4f,0xae,0x2c,0x2f,
+ 0x21,0xa5,0xb5,0x65,0x9a,0x4f,0x4b,0xa7,
+ 0x47,0x02,0xa3,0xde,0x9b,0x51,0xf1,0x45,
+ 0xbd,0x4f,0x25,0x27,0x42,0x98,0x99,0x05 }
+ },
+};
+
+int FIPS_selftest_hmac()
+ {
+ int n;
+ unsigned int outlen;
+ unsigned char out[EVP_MAX_MD_SIZE];
+ const EVP_MD *md;
+ const HMAC_KAT *t;
+
+ for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
+ {
+ md = (*t->alg)();
+ HMAC(md,t->key,strlen(t->key),
+ (const unsigned char *)t->iv,strlen(t->iv),
+ out,&outlen);
+
+ if(memcmp(out,t->kaval,outlen))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ }
+ return 1;
+ }
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/hmac/fips_hmactest.c b/src/lib/libssl/src/fips-1.0/hmac/fips_hmactest.c
new file mode 100644
index 0000000000..e26e33ee3f
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/hmac/fips_hmactest.c
@@ -0,0 +1,335 @@
+/* fips_hmactest.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+ printf("No FIPS HMAC support\n");
+ return(0);
+}
+
+#else
+
+static int hmac_test(BIO *err, const EVP_MD *md, BIO *out, BIO *in);
+static int print_hmac(BIO *err, const EVP_MD *md, BIO *out,
+ unsigned char *Key, int Klen,
+ unsigned char *Msg, int Msglen, int Tlen);
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *err = NULL;
+
+ int ret = 1;
+
+ ERR_load_crypto_strings();
+
+ err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!err)
+ {
+ fprintf(stderr, "FATAL stderr initialization error\n");
+ goto end;
+ }
+
+ if(!FIPS_mode_set(1))
+ {
+ ERR_print_errors(err);
+ goto end;
+ }
+
+ if (argc == 1)
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+ else
+ in = BIO_new_file(argv[1], "r");
+
+ if (argc < 2)
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ else
+ out = BIO_new_file(argv[2], "w");
+
+ if (!in)
+ {
+ BIO_printf(err, "FATAL input initialization error\n");
+ goto end;
+ }
+
+ if (!out)
+ {
+ fprintf(stderr, "FATAL output initialization error\n");
+ goto end;
+ }
+
+ if (!hmac_test(err, EVP_sha1(), out, in))
+ {
+ fprintf(stderr, "FATAL hmac file processing error\n");
+ goto end;
+ }
+ else
+ ret = 0;
+
+ end:
+
+ if (ret && err)
+ ERR_print_errors(err);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (err)
+ BIO_free(err);
+
+ return ret;
+
+ }
+
+#define HMAC_TEST_MAXLINELEN 1024
+
+int hmac_test(BIO *err, const EVP_MD *md, BIO *out, BIO *in)
+ {
+ char *linebuf, *olinebuf, *p, *q;
+ char *keyword, *value;
+ unsigned char *Key = NULL, *Msg = NULL;
+ int Count, Klen, Tlen;
+ long Keylen, Msglen;
+ int ret = 0;
+ int lnum = 0;
+
+ olinebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN);
+ linebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN);
+
+ if (!linebuf || !olinebuf)
+ goto error;
+
+ Count = -1;
+ Klen = -1;
+ Tlen = -1;
+
+ while (BIO_gets(in, olinebuf, HMAC_TEST_MAXLINELEN) > 0)
+ {
+ lnum++;
+ strcpy(linebuf, olinebuf);
+ keyword = linebuf;
+ /* Skip leading space */
+ while (isspace((unsigned char)*keyword))
+ keyword++;
+
+ /* Look for = sign */
+ p = strchr(linebuf, '=');
+
+ /* If no = or starts with [ (for [L=20] line) just copy */
+ if (!p)
+ {
+ if (!BIO_puts(out, olinebuf))
+ goto error;
+ continue;
+ }
+
+ q = p - 1;
+
+ /* Remove trailing space */
+ while (isspace((unsigned char)*q))
+ *q-- = 0;
+
+ *p = 0;
+ value = p + 1;
+
+ /* Remove leading space from value */
+ while (isspace((unsigned char)*value))
+ value++;
+
+ /* Remove trailing space from value */
+ p = value + strlen(value) - 1;
+
+ while (*p == '\n' || isspace((unsigned char)*p))
+ *p-- = 0;
+
+ if (!strcmp(keyword,"[L") && *p==']')
+ {
+ switch (atoi(value))
+ {
+ case 20: md=EVP_sha1(); break;
+ case 28: md=EVP_sha224(); break;
+ case 32: md=EVP_sha256(); break;
+ case 48: md=EVP_sha384(); break;
+ case 64: md=EVP_sha512(); break;
+ default: goto parse_error;
+ }
+ }
+ else if (!strcmp(keyword, "Count"))
+ {
+ if (Count != -1)
+ goto parse_error;
+ Count = atoi(value);
+ if (Count < 0)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "Klen"))
+ {
+ if (Klen != -1)
+ goto parse_error;
+ Klen = atoi(value);
+ if (Klen < 0)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "Tlen"))
+ {
+ if (Tlen != -1)
+ goto parse_error;
+ Tlen = atoi(value);
+ if (Tlen < 0)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "Msg"))
+ {
+ if (Msg)
+ goto parse_error;
+ Msg = string_to_hex(value, &Msglen);
+ if (!Msg)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "Key"))
+ {
+ if (Key)
+ goto parse_error;
+ Key = string_to_hex(value, &Keylen);
+ if (!Key)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "Mac"))
+ continue;
+ else
+ goto parse_error;
+
+ BIO_puts(out, olinebuf);
+
+ if (Key && Msg && (Tlen > 0) && (Klen > 0))
+ {
+ if (!print_hmac(err, md, out, Key, Klen, Msg, Msglen, Tlen))
+ goto error;
+ OPENSSL_free(Key);
+ Key = NULL;
+ OPENSSL_free(Msg);
+ Msg = NULL;
+ Klen = -1;
+ Tlen = -1;
+ Count = -1;
+ }
+
+ }
+
+
+ ret = 1;
+
+
+ error:
+
+ if (olinebuf)
+ OPENSSL_free(olinebuf);
+ if (linebuf)
+ OPENSSL_free(linebuf);
+ if (Key)
+ OPENSSL_free(Key);
+ if (Msg)
+ OPENSSL_free(Msg);
+
+ return ret;
+
+ parse_error:
+
+ BIO_printf(err, "FATAL parse error processing line %d\n", lnum);
+
+ goto error;
+
+ }
+
+static int print_hmac(BIO *err, const EVP_MD *emd, BIO *out,
+ unsigned char *Key, int Klen,
+ unsigned char *Msg, int Msglen, int Tlen)
+ {
+ int i, mdlen;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ if (!HMAC(emd, Key, Klen, Msg, Msglen, md,
+ (unsigned int *)&mdlen))
+ {
+ BIO_puts(err, "Error calculating HMAC\n");
+ return 0;
+ }
+ if (Tlen > mdlen)
+ {
+ BIO_puts(err, "Parameter error, Tlen > HMAC length\n");
+ return 0;
+ }
+ BIO_puts(out, "Mac = ");
+ for (i = 0; i < Tlen; i++)
+ BIO_printf(out, "%02x", md[i]);
+ BIO_puts(out, "\n");
+ return 1;
+ }
+
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/install.com b/src/lib/libssl/src/fips-1.0/install.com
new file mode 100644
index 0000000000..8867fcf4c0
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/install.com
@@ -0,0 +1,57 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 27-MAY-2004 11:47
+$!
+$! P1 root of the directory tree
+$!
+$ IF P1 .EQS. ""
+$ THEN
+$ WRITE SYS$OUTPUT "First argument missing."
+$ WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$ EXIT
+$ ENDIF
+$
+$ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+ - "[000000." - "][" - "[" - "]"
+$ ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$ DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
+$
+$ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+ CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$ IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
+ CREATE/DIR/LOG WRK_SSLINCLUDE:
+$
+$ FDIRS := ,RAND,SHA1,DES,AES,DSA,RSA,DH,HMAC
+$ EXHEADER_ := fips.h
+$ EXHEADER_SHA := fips_sha.h
+$ EXHEADER_RAND := fips_rand.h
+$ EXHEADER_DES :=
+$ EXHEADER_AES :=
+$ EXHEADER_DSA :=
+$ EXHEADER_RSA :=
+$ EXHEADER_DH :=
+$ EXHEADER_HMAC :=
+$
+$ I = 0
+$ LOOP_FDIRS:
+$ D = F$EDIT(F$ELEMENT(I, ",", FDIRS),"TRIM")
+$ I = I + 1
+$ IF D .EQS. "," THEN GOTO LOOP_FDIRS_END
+$ tmp = EXHEADER_'D'
+$ IF tmp .EQS. "" THEN GOTO LOOP_FDIRS
+$ IF D .EQS. ""
+$ THEN
+$ COPY 'tmp' WRK_SSLINCLUDE: /LOG
+$ ELSE
+$ COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
+$ ENDIF
+$ SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp'
+$ GOTO LOOP_FDIRS
+$ LOOP_FDIRS_END:
+$
+$ EXIT
diff --git a/src/lib/libssl/src/fips-1.0/openssl_fips_fingerprint b/src/lib/libssl/src/fips-1.0/openssl_fips_fingerprint
new file mode 100755
index 0000000000..f59a67d537
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/openssl_fips_fingerprint
@@ -0,0 +1,31 @@
+#!/bin/sh
+#
+# Check the library fingerprint and generate an executable fingerprint, or
+# return an error
+
+lib=$1
+exe=$2
+ext=${HMAC_EXT:-sha1}
+
+# deal with the case where we're run from within the build and OpenSSL is
+# not yet installed. Also, make sure LD_LIBRARY_PATH is properly set in
+# case shared libraries are built.
+if [ "X$TOP" != "X" ]
+then
+ if test "$OSTYPE" = msdosdjgpp; then
+ PATH="$TOP/apps;$TOP;$PATH"
+ else
+ PATH="$TOP/apps:$TOP:$PATH"
+ fi
+ LD_LIBRARY_PATH=$TOP; export LD_LIBRARY_PATH
+else
+ LD_LIBRARY_PATH=.; export LD_LIBRARY_PATH
+fi
+
+echo "Checking library fingerprint for $lib"
+openssl sha1 -hmac etaonrishdlcupfm $lib | sed "s/(.*\//(/" | diff -w $lib.sha1 - || { echo "$libs fingerprint mismatch"; exit 1; }
+
+[ -x $exe.exe ] && exe=$exe.exe
+
+echo "Making fingerprint for $exe"
+openssl sha1 -hmac etaonrishdlcupfm -binary $exe > $exe.$ext || rm $exe.$ext
diff --git a/src/lib/libssl/src/fips-1.0/rand/Makefile b/src/lib/libssl/src/fips-1.0/rand/Makefile
new file mode 100644
index 0000000000..6820f3a205
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/rand/Makefile
@@ -0,0 +1,126 @@
+#
+# OpenSSL/fips-1.0/rand/Makefile
+#
+
+DIR= rand
+TOP= ../..
+CC= cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR= /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE= Makefile
+AR= ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= fips_randtest.c fips_rngvs.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=fips_rand.c fips_rand_selftest.c
+LIBOBJ=fips_rand.o fips_rand_selftest.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= fips_rand.h
+HEADER= $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd $(TOP); $(MAKE) DIRS=fips SDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ @echo $(LIBOBJ) > lib
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+
+install:
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+Q=../testvectors/rng/req
+A=../testvectors/rng/rsp
+
+fips_test:
+ -rm -rf $(A)
+ mkdir $(A)
+ if [ -f $(Q)/ANSI931_TDES2MCT.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs mct < $(Q)/ANSI931_TDES2MCT.req > $(A)/ANSI931_TDES2MCT.rsp; fi
+ if [ -f $(Q)/ANSI931_TDES2VST.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs vst < $(Q)/ANSI931_TDES2VST.req > $(A)/ANSI931_TDES2VST.rsp; fi
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips_rand.o: ../../e_os.h ../../include/openssl/bio.h
+fips_rand.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fips_rand.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+fips_rand.o: ../../include/openssl/err.h ../../include/openssl/fips_rand.h
+fips_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+fips_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+fips_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+fips_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+fips_rand.o: fips_rand.c
+fips_rand_selftest.o: ../../include/openssl/bio.h
+fips_rand_selftest.o: ../../include/openssl/crypto.h
+fips_rand_selftest.o: ../../include/openssl/des.h
+fips_rand_selftest.o: ../../include/openssl/des_old.h
+fips_rand_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_rand_selftest.o: ../../include/openssl/fips.h
+fips_rand_selftest.o: ../../include/openssl/fips_rand.h
+fips_rand_selftest.o: ../../include/openssl/lhash.h
+fips_rand_selftest.o: ../../include/openssl/opensslconf.h
+fips_rand_selftest.o: ../../include/openssl/opensslv.h
+fips_rand_selftest.o: ../../include/openssl/ossl_typ.h
+fips_rand_selftest.o: ../../include/openssl/rand.h
+fips_rand_selftest.o: ../../include/openssl/safestack.h
+fips_rand_selftest.o: ../../include/openssl/stack.h
+fips_rand_selftest.o: ../../include/openssl/symhacks.h
+fips_rand_selftest.o: ../../include/openssl/ui.h
+fips_rand_selftest.o: ../../include/openssl/ui_compat.h fips_rand_selftest.c
+fips_randtest.o: ../../e_os.h ../../include/openssl/bio.h
+fips_randtest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fips_randtest.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+fips_randtest.o: ../../include/openssl/err.h ../../include/openssl/fips_rand.h
+fips_randtest.o: ../../include/openssl/lhash.h
+fips_randtest.o: ../../include/openssl/opensslconf.h
+fips_randtest.o: ../../include/openssl/opensslv.h
+fips_randtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+fips_randtest.o: ../../include/openssl/safestack.h
+fips_randtest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_randtest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+fips_randtest.o: fips_randtest.c
+fips_rngvs.o: ../../include/openssl/opensslconf.h fips_rngvs.c
diff --git a/src/lib/libssl/src/fips-1.0/rand/fips_rand.c b/src/lib/libssl/src/fips-1.0/rand/fips_rand.c
new file mode 100644
index 0000000000..7df2dc804e
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/rand/fips_rand.c
@@ -0,0 +1,359 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*
+ * This is a FIPS approved PRNG, ANSI X9.31 A.2.4.
+ */
+
+#include "e_os.h"
+
+/* If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't
+ be defined and gettimeofday() won't be declared with strict compilers
+ like DEC C in ANSI C mode. */
+#ifndef _XOPEN_SOURCE_EXTENDED
+#define _XOPEN_SOURCE_EXTENDED 1
+#endif
+
+#include <openssl/des.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/fips_rand.h>
+#ifndef OPENSSL_SYS_WIN32
+#include <sys/time.h>
+#endif
+#include <assert.h>
+#ifndef OPENSSL_SYS_WIN32
+# ifdef OPENSSL_UNISTD
+# include OPENSSL_UNISTD
+# else
+# include <unistd.h>
+# endif
+#endif
+#include <string.h>
+
+void *OPENSSL_stderr(void);
+
+#ifdef OPENSSL_FIPS
+
+#define SEED_SIZE 8
+
+static unsigned char seed[SEED_SIZE];
+static FIPS_RAND_SIZE_T n_seed;
+static FIPS_RAND_SIZE_T o_seed;
+static DES_cblock key1;
+static DES_cblock key2;
+static DES_key_schedule ks1,ks2;
+static int key_set;
+static int key_init;
+static int test_mode;
+static unsigned char test_faketime[8];
+
+#ifndef GETPID_IS_MEANINGLESS
+static int seed_pid;
+static int key_pid;
+#endif
+
+static void fips_rand_cleanup(void);
+static void fips_rand_add(const void *buf, FIPS_RAND_SIZE_T num, double add_entropy);
+static int fips_rand_bytes(unsigned char *buf, FIPS_RAND_SIZE_T num);
+static int fips_rand_status(void);
+
+static const RAND_METHOD rand_fips_meth=
+ {
+ FIPS_rand_seed,
+ fips_rand_bytes,
+ fips_rand_cleanup,
+ fips_rand_add,
+ fips_rand_bytes,
+ fips_rand_status
+ };
+
+static int second;
+
+const RAND_METHOD *FIPS_rand_method(void)
+{
+ return &rand_fips_meth;
+}
+
+void FIPS_set_prng_key(const unsigned char k1[8],const unsigned char k2[8])
+ {
+ memcpy(&key1,k1,sizeof key1);
+ memcpy(&key2,k2,sizeof key2);
+ key_set=1;
+#ifndef GETPID_IS_MEANINGLESS
+ key_pid=getpid();
+#endif
+ second=0;
+ }
+
+void FIPS_test_mode(int test,const unsigned char faketime[8])
+ {
+ test_mode=test;
+ if(!test_mode)
+ return;
+ memcpy(test_faketime,faketime,sizeof test_faketime);
+ }
+
+/* NB: this returns true if _partially_ seeded */
+int FIPS_rand_seeded()
+ { return key_set || n_seed; }
+
+static void fips_gettime(unsigned char buf[8])
+ {
+#ifdef OPENSSL_SYS_WIN32
+ FILETIME ft;
+#else
+ struct timeval tv;
+#endif
+
+ if(test_mode)
+ {
+ /* fprintf(OPENSSL_stderr(),"WARNING!!! PRNG IN TEST MODE!!!\n"); */
+ memcpy(buf,test_faketime,sizeof test_faketime);
+ return;
+ }
+#ifdef OPENSSL_SYS_WIN32
+ GetSystemTimeAsFileTime(&ft);
+ buf[0] = (unsigned char) (ft.dwHighDateTime & 0xff);
+ buf[1] = (unsigned char) ((ft.dwHighDateTime >> 8) & 0xff);
+ buf[2] = (unsigned char) ((ft.dwHighDateTime >> 16) & 0xff);
+ buf[3] = (unsigned char) ((ft.dwHighDateTime >> 24) & 0xff);
+ buf[4] = (unsigned char) (ft.dwLowDateTime & 0xff);
+ buf[5] = (unsigned char) ((ft.dwLowDateTime >> 8) & 0xff);
+ buf[6] = (unsigned char) ((ft.dwLowDateTime >> 16) & 0xff);
+ buf[7] = (unsigned char) ((ft.dwLowDateTime >> 24) & 0xff);
+#else
+ gettimeofday(&tv,NULL);
+ buf[0] = (unsigned char) (tv.tv_sec & 0xff);
+ buf[1] = (unsigned char) ((tv.tv_sec >> 8) & 0xff);
+ buf[2] = (unsigned char) ((tv.tv_sec >> 16) & 0xff);
+ buf[3] = (unsigned char) ((tv.tv_sec >> 24) & 0xff);
+ buf[4] = (unsigned char) (tv.tv_usec & 0xff);
+ buf[5] = (unsigned char) ((tv.tv_usec >> 8) & 0xff);
+ buf[6] = (unsigned char) ((tv.tv_usec >> 16) & 0xff);
+ buf[7] = (unsigned char) ((tv.tv_usec >> 24) & 0xff);
+#endif
+
+#if 0 /* This eminently sensible strategy is not acceptable to NIST. Sigh. */
+#ifndef GETPID_IS_MEANINGLESS
+ /* we mix in the PID to ensure that after a fork the children don't give
+ * the same results as each other
+ */
+ pid=getpid();
+ /* make sure we shift the pid to the MSB */
+ if((pid&0xffff0000) == 0)
+ pid<<=16;
+ *(long *)&buf[0]^=pid;
+#endif
+#endif
+ }
+
+static void fips_rand_encrypt(unsigned char *out,const unsigned char *in)
+ {
+ DES_ecb2_encrypt(in,out,&ks1,&ks2,1);
+ }
+
+static void fips_rand_cleanup(void)
+ {
+ OPENSSL_cleanse(seed,sizeof seed);
+ n_seed=0;
+ o_seed=0;
+ key_init=0;
+ }
+
+void FIPS_rand_seed(const void *buf_, FIPS_RAND_SIZE_T num)
+ {
+ const char *buf=buf_;
+ FIPS_RAND_SIZE_T n;
+
+ /* If the key hasn't been set, we can't seed! */
+ if(!key_set)
+ return;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ if(!key_init)
+ {
+ key_init=1;
+ DES_set_key(&key1,&ks1);
+ DES_set_key(&key2,&ks2);
+ }
+
+ /*
+ * This algorithm only uses 64 bits of seed, so ensure that we use
+ * the most recent 64 bits.
+ */
+ for(n=0 ; n < num ; )
+ {
+ FIPS_RAND_SIZE_T t=num-n;
+
+ if(o_seed+t > sizeof seed)
+ t=sizeof seed-o_seed;
+ memcpy(seed+o_seed,buf+n,t);
+ n+=t;
+ o_seed+=t;
+ if(o_seed == sizeof seed)
+ o_seed=0;
+ if(n_seed < sizeof seed)
+ n_seed+=t;
+ }
+
+#ifndef GETPID_IS_MEANINGLESS
+ seed_pid=getpid();
+#endif
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ }
+
+static void fips_rand_add(const void *buf, FIPS_RAND_SIZE_T num, double add_entropy)
+ {
+ FIPS_rand_seed(buf,num);
+ }
+
+static int fips_rand_bytes(unsigned char *buf,FIPS_RAND_SIZE_T num)
+ {
+ FIPS_RAND_SIZE_T n;
+ unsigned char timeseed[8];
+ unsigned char intermediate[SEED_SIZE];
+ unsigned char output[SEED_SIZE];
+ static unsigned char previous[SEED_SIZE];
+#ifndef GETPID_IS_MEANINGLESS
+ int pid;
+#endif
+
+ if(n_seed < sizeof seed)
+ {
+ RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED);
+ return 0;
+ }
+
+#ifdef FIPS_RAND_MAX_SIZE_T
+ if (num > FIPS_RAND_MAX_SIZE_T)
+ {
+#ifdef RAND_R_PRNG_ASKING_FOR_TOO_MUCH
+ RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_ASKING_FOR_TOO_MUCH);
+ return 0;
+#else
+ return -1; /* signal "not supported" condition */
+#endif
+ }
+#endif
+
+#ifndef GETPID_IS_MEANINGLESS
+ pid=getpid();
+ if(pid != seed_pid)
+ {
+ RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_NOT_RESEEDED);
+ return 0;
+ }
+ if(pid != key_pid)
+ {
+ RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_NOT_REKEYED);
+ return 0;
+ }
+#endif
+
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+ for(n=0 ; n < num ; )
+ {
+ unsigned char t[SEED_SIZE];
+ FIPS_RAND_SIZE_T l;
+
+ /* ANS X9.31 A.2.4: I = ede*K(DT)
+ timeseed == DT
+ intermediate == I
+ */
+ fips_gettime(timeseed);
+ fips_rand_encrypt(intermediate,timeseed);
+
+ /* ANS X9.31 A.2.4: R = ede*K(I^V)
+ intermediate == I
+ seed == V
+ output == R
+ */
+ for(l=0 ; l < sizeof t ; ++l)
+ t[l]=intermediate[l]^seed[l];
+ fips_rand_encrypt(output,t);
+
+ /* ANS X9.31 A.2.4: V = ede*K(R^I)
+ output == R
+ intermediate == I
+ seed == V
+ */
+ for(l=0 ; l < sizeof t ; ++l)
+ t[l]=output[l]^intermediate[l];
+ fips_rand_encrypt(seed,t);
+
+ if(second && !memcmp(output,previous,sizeof previous))
+ {
+ RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_STUCK);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ return 0;
+ }
+ memcpy(previous,output,sizeof previous);
+ second=1;
+
+ /* Successive values of R may be concatenated to produce a
+ pseudo random number of the desired length */
+ l=SEED_SIZE < num-n ? SEED_SIZE : num-n;
+ memcpy(buf+n,output,l);
+ n+=l;
+ }
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+ return 1;
+ }
+
+static int fips_rand_status(void)
+ {
+ return n_seed == sizeof seed;
+ }
+
+#endif /* OPENSSL_FIPS */
diff --git a/src/lib/libssl/src/fips-1.0/rand/fips_rand.h b/src/lib/libssl/src/fips-1.0/rand/fips_rand.h
new file mode 100644
index 0000000000..093727240e
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/rand/fips_rand.h
@@ -0,0 +1,73 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef HEADER_FIPS_RAND_H
+#define HEADER_FIPS_RAND_H
+
+#include "des.h"
+
+#ifdef OPENSSL_FIPS
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void FIPS_set_prng_key(const unsigned char k1[8],const unsigned char k2[8]);
+void FIPS_test_mode(int test,const unsigned char faketime[8]);
+void FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num);
+/* NB: this returns true if _partially_ seeded */
+int FIPS_rand_seeded(void);
+
+const RAND_METHOD *FIPS_rand_method(void);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/rand/fips_rand_selftest.c b/src/lib/libssl/src/fips-1.0/rand/fips_rand_selftest.c
new file mode 100644
index 0000000000..691b929d71
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/rand/fips_rand_selftest.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/rand.h>
+#include <openssl/fips_rand.h>
+
+#ifdef OPENSSL_FIPS
+static struct
+ {
+ unsigned char key1[8];
+ unsigned char key2[8];
+ unsigned char seed[8];
+ unsigned char dt[8];
+ } init_iv[] =
+ {
+ {
+ { 0x75, 0xc7, 0x1a, 0xe5, 0xa1, 0x1a, 0x23, 0x2c },
+ { 0x40, 0x25, 0x6d, 0xcd, 0x94, 0xf7, 0x67, 0xb0 },
+ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xc8, 0x9a, 0x1d, 0x88, 0x8e, 0xd1, 0x2f, 0x3c },
+ },
+ {
+ { 0x75, 0xc7, 0x1a, 0xe5, 0xa1, 0x1a, 0x23, 0x2c },
+ { 0x40, 0x25, 0x6d, 0xcd, 0x94, 0xf7, 0x67, 0xb0 },
+ { 0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xc8, 0x9a, 0x1d, 0x88, 0x8e, 0xd1, 0x2f, 0x40 },
+ },
+ {
+ { 0x75, 0xc7, 0x1a, 0xe5, 0xa1, 0x1a, 0x23, 0x2c },
+ { 0x40, 0x25, 0x6d, 0xcd, 0x94, 0xf7, 0x67, 0xb0 },
+ { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
+ { 0xc8, 0x9a, 0x1d, 0x88, 0x8e, 0xd1, 0x2f, 0x7b },
+ },
+ };
+
+static const unsigned char expected_ret[][8]=
+ {
+ { 0x94, 0x4d, 0xc7, 0x21, 0x0d, 0x6d, 0x7f, 0xd7 },
+ { 0x02, 0x43, 0x3c, 0x94, 0x17, 0xa3, 0x32, 0x6f },
+ { 0xe7, 0xe2, 0xb2, 0x96, 0x4f, 0x36, 0xed, 0x41 },
+ };
+
+void FIPS_corrupt_rng()
+ {
+ init_iv[0].dt[0]++;
+ }
+
+int FIPS_selftest_rng()
+ {
+ int n;
+
+ for(n=0 ; n < 3 ; ++n)
+ {
+ unsigned char actual_ret[8];
+
+ FIPS_rand_method()->cleanup();
+ FIPS_set_prng_key(init_iv[n].key1,init_iv[n].key2);
+ FIPS_rand_seed(init_iv[n].seed,8);
+ FIPS_test_mode(1,init_iv[n].dt);
+ if ((FIPS_rand_method()->bytes(actual_ret, 8) <=0) || (memcmp(actual_ret,expected_ret[n],sizeof actual_ret)))
+ {
+ FIPS_test_mode(0,NULL);
+ FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ }
+ FIPS_test_mode(0,NULL);
+ return 1;
+ }
+
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/rand/fips_randtest.c b/src/lib/libssl/src/fips-1.0/rand/fips_randtest.c
new file mode 100644
index 0000000000..6165944e56
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/rand/fips_randtest.c
@@ -0,0 +1,369 @@
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/rand.h>
+#include <openssl/fips_rand.h>
+#include <openssl/err.h>
+
+#include "e_os.h"
+
+#ifndef OPENSSL_FIPS
+int main(int argc, char *argv[])
+{
+ printf("No FIPS RAND support\n");
+ return(0);
+}
+
+#else
+
+/* some FIPS 140-1 random number test */
+/* some simple tests */
+
+static DES_cblock prng_key1={0x21,0x58,0x47,0xb7,0xc2,0x97,0x5a,0x8e};
+static DES_cblock prng_key2={0x61,0x23,0x05,0x96,0x18,0x91,0x86,0xac};
+static unsigned char prng_seed[8]={0x6b,0xa3,0x4f,0x07,0xe4,0x2a,0xb0,0xc};
+
+typedef struct
+ {
+ DES_cblock keys[2];
+ const unsigned char time[8];
+ const unsigned char seed[8];
+ const unsigned char block1[8];
+ const unsigned char block100[8];
+ } PRNGtest;
+
+/* FIXME: these test vectors are made up! */
+static PRNGtest t1=
+ {
+ { { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 },
+ { 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f },
+ },
+ { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
+ { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
+ { 0x33,0xc3,0xdf,0xfe,0x60,0x60,0x49,0x9e },
+ { 0xcd,0x2b,0x41,0xaf,0x80,0x51,0x37,0xd8 }
+ };
+static PRNGtest t2=
+ {
+ { { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff },
+ { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff } },
+ { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff },
+ { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff },
+ { 0x65,0xf1,0xa4,0x07,0x42,0x38,0xd5,0x25 },
+ { 0xbb,0x75,0x84,0x20,0x7a,0x44,0xf0,0xa0 }
+ };
+
+static void dump(const unsigned char *b,int n)
+ {
+ while(n-- > 0)
+ {
+ printf(" %02x",*b++);
+ }
+ }
+
+static void compare(const unsigned char *result,const unsigned char *expected,
+ int n)
+ {
+ int i;
+
+ for(i=0 ; i < n ; ++i)
+ if(result[i] != expected[i])
+ {
+ puts("Random test failed, got:");
+ dump(result,8);
+ puts("\n expected:");
+ dump(expected,8);
+ putchar('\n');
+ EXIT(1);
+ }
+ }
+
+static void run_test(const PRNGtest *t)
+ {
+ unsigned char buf[8];
+ int n;
+
+ FIPS_set_prng_key(t->keys[0],t->keys[1]);
+ FIPS_test_mode(1,t->time);
+ RAND_seed(t->seed,sizeof t->seed);
+
+ if(RAND_bytes(buf,8) <= 0)
+ {
+ ERR_print_errors_fp(stderr);
+ EXIT(2);
+ }
+ compare(buf,t->block1,8);
+ for(n=0 ; n < 99 ; ++n)
+ if(RAND_bytes(buf,8) <= 0)
+ {
+ ERR_print_errors_fp(stderr);
+ EXIT(2);
+ }
+ compare(buf,t->block100,8);
+ FIPS_test_mode(0,NULL);
+ }
+
+int main()
+ {
+ unsigned char buf[2500];
+ int i,j,k,s,sign,nsign,err=0;
+ unsigned long n1;
+ unsigned long n2[16];
+ unsigned long runs[2][34];
+ /*double d; */
+ long d;
+
+ ERR_load_crypto_strings();
+ RAND_set_rand_method(FIPS_rand_method());
+
+ run_test(&t1);
+ run_test(&t2);
+
+ FIPS_set_prng_key(prng_key1,prng_key2);
+ RAND_seed(prng_seed,sizeof prng_seed);
+
+ i = RAND_pseudo_bytes(buf,2500);
+ if (i <= 0)
+ {
+ printf ("init failed, the rand method is not properly installed\n");
+ err++;
+ goto err;
+ }
+
+ n1=0;
+ for (i=0; i<16; i++) n2[i]=0;
+ for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0;
+
+ /* test 1 and 2 */
+ sign=0;
+ nsign=0;
+ for (i=0; i<2500; i++)
+ {
+ j=buf[i];
+
+ n2[j&0x0f]++;
+ n2[(j>>4)&0x0f]++;
+
+ for (k=0; k<8; k++)
+ {
+ s=(j&0x01);
+ if (s == sign)
+ nsign++;
+ else
+ {
+ if (nsign > 34) nsign=34;
+ if (nsign != 0)
+ {
+ runs[sign][nsign-1]++;
+ if (nsign > 6)
+ runs[sign][5]++;
+ }
+ sign=s;
+ nsign=1;
+ }
+
+ if (s) n1++;
+ j>>=1;
+ }
+ }
+ if (nsign > 34) nsign=34;
+ if (nsign != 0) runs[sign][nsign-1]++;
+
+ /* test 1 */
+ if (!((9654 < n1) && (n1 < 10346)))
+ {
+ printf("test 1 failed, X=%lu\n",n1);
+ err++;
+ }
+ printf("test 1 done\n");
+
+ /* test 2 */
+#ifdef undef
+ d=0;
+ for (i=0; i<16; i++)
+ d+=n2[i]*n2[i];
+ d=d*16.0/5000.0-5000.0;
+ if (!((1.03 < d) && (d < 57.4)))
+ {
+ printf("test 2 failed, X=%.2f\n",d);
+ err++;
+ }
+#endif
+ d=0;
+ for (i=0; i<16; i++)
+ d+=n2[i]*n2[i];
+ d=(d*8)/25-500000;
+ if (!((103 < d) && (d < 5740)))
+ {
+ printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L);
+ err++;
+ }
+ printf("test 2 done\n");
+
+ /* test 3 */
+ for (i=0; i<2; i++)
+ {
+ if (!((2267 < runs[i][0]) && (runs[i][0] < 2733)))
+ {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i,1,runs[i][0]);
+ err++;
+ }
+ if (!((1079 < runs[i][1]) && (runs[i][1] < 1421)))
+ {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i,2,runs[i][1]);
+ err++;
+ }
+ if (!(( 502 < runs[i][2]) && (runs[i][2] < 748)))
+ {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i,3,runs[i][2]);
+ err++;
+ }
+ if (!(( 223 < runs[i][3]) && (runs[i][3] < 402)))
+ {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i,4,runs[i][3]);
+ err++;
+ }
+ if (!(( 90 < runs[i][4]) && (runs[i][4] < 223)))
+ {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i,5,runs[i][4]);
+ err++;
+ }
+ if (!(( 90 < runs[i][5]) && (runs[i][5] < 223)))
+ {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i,6,runs[i][5]);
+ err++;
+ }
+ }
+ printf("test 3 done\n");
+
+ /* test 4 */
+ if (runs[0][33] != 0)
+ {
+ printf("test 4 failed, bit=%d run=%d num=%lu\n",
+ 0,34,runs[0][33]);
+ err++;
+ }
+ if (runs[1][33] != 0)
+ {
+ printf("test 4 failed, bit=%d run=%d num=%lu\n",
+ 1,34,runs[1][33]);
+ err++;
+ }
+ printf("test 4 done\n");
+ err:
+ err=((err)?1:0);
+ EXIT(err);
+ return(err);
+ }
+
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/rand/fips_rngvs.c b/src/lib/libssl/src/fips-1.0/rand/fips_rngvs.c
new file mode 100644
index 0000000000..2c3fdbcca7
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/rand/fips_rngvs.c
@@ -0,0 +1,234 @@
+/*
+ * Crude test driver for processing the VST and MCT testvector files
+ * generated by the CMVP RNGVS product.
+ *
+ * Note the input files are assumed to have a _very_ specific format
+ * as described in the NIST document "The Random Number Generator
+ * Validation System (RNGVS)", May 25, 2004.
+ *
+ */
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+#include <stdio.h>
+int main()
+{
+ printf("No FIPS RNG support\n");
+ return 0;
+}
+#else
+
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/fips_rand.h>
+#include <string.h>
+
+int hex2bin(const char *in, unsigned char *out)
+ {
+ int n1, n2;
+ unsigned char ch;
+
+ for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
+ { /* first byte */
+ if ((in[n1] >= '0') && (in[n1] <= '9'))
+ ch = in[n1++] - '0';
+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+ ch = in[n1++] - 'A' + 10;
+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+ ch = in[n1++] - 'a' + 10;
+ else
+ return -1;
+ if(!in[n1])
+ {
+ out[n2++]=ch;
+ break;
+ }
+ out[n2] = ch << 4;
+ /* second byte */
+ if ((in[n1] >= '0') && (in[n1] <= '9'))
+ ch = in[n1++] - '0';
+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+ ch = in[n1++] - 'A' + 10;
+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+ ch = in[n1++] - 'a' + 10;
+ else
+ return -1;
+ out[n2++] |= ch;
+ }
+ return n2;
+ }
+
+int bin2hex(const unsigned char *in,int len,char *out)
+ {
+ int n1, n2;
+ unsigned char ch;
+
+ for (n1=0,n2=0 ; n1 < len ; ++n1)
+ {
+ ch=in[n1] >> 4;
+ if (ch <= 0x09)
+ out[n2++]=ch+'0';
+ else
+ out[n2++]=ch-10+'a';
+ ch=in[n1] & 0x0f;
+ if(ch <= 0x09)
+ out[n2++]=ch+'0';
+ else
+ out[n2++]=ch-10+'a';
+ }
+ out[n2]='\0';
+ return n2;
+ }
+
+void pv(const char *tag,const unsigned char *val,int len)
+ {
+ char obuf[2048];
+
+ bin2hex(val,len,obuf);
+ printf("%s = %s\n",tag,obuf);
+ }
+
+void vst()
+ {
+ unsigned char key1[8];
+ unsigned char key2[8];
+ unsigned char v[8];
+ unsigned char dt[8];
+ unsigned char ret[8];
+ char buf[1024];
+ int n;
+
+ while(fgets(buf,sizeof buf,stdin) != NULL)
+ {
+ if(!strncmp(buf,"Key1 = ",7))
+ {
+ n=hex2bin(buf+7,key1);
+ pv("Key1",key1,n);
+ }
+ else if(!strncmp(buf,"Key2 = ",7))
+ {
+ n=hex2bin(buf+7,key2);
+ pv("Key1",key2,n);
+ }
+ else if(!strncmp(buf,"DT = ",5))
+ {
+ n=hex2bin(buf+5,dt);
+ pv("DT",dt,n);
+ }
+ else if(!strncmp(buf,"V = ",4))
+ {
+ n=hex2bin(buf+4,v);
+ pv("V",v,n);
+
+ FIPS_rand_method()->cleanup();
+ FIPS_set_prng_key(key1,key2);
+ FIPS_rand_seed(v,8);
+ FIPS_test_mode(1,dt);
+ if (FIPS_rand_method()->bytes(ret,8) <= 0)
+ {
+ FIPS_test_mode(0,NULL);
+ FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
+ return;
+ }
+
+ pv("R",ret,8);
+ putc('\n',stdout);
+ }
+ else
+ fputs(buf,stdout);
+ }
+ }
+
+
+void mct()
+ {
+ unsigned char key1[8];
+ unsigned char key2[8];
+ unsigned char v[8];
+ unsigned char dt[8];
+ unsigned char ret[8];
+ char buf[1024];
+ int n;
+
+ BIGNUM *bn;
+ BIGNUM *pbn;
+ bn = BN_new();
+
+ while(fgets(buf,sizeof buf,stdin) != NULL)
+ {
+ if(!strncmp(buf,"Key1 = ",7))
+ {
+ n=hex2bin(buf+7,key1);
+ pv("Key1",key1,n);
+ }
+ else if(!strncmp(buf,"Key2 = ",7))
+ {
+ n=hex2bin(buf+7,key2);
+ pv("Key1",key2,n);
+ }
+ else if(!strncmp(buf,"DT = ",5))
+ {
+ n=hex2bin(buf+5,dt);
+ pv("DT",dt,n);
+ }
+ else if(!strncmp(buf,"V = ",4))
+ {
+ int iter;
+ n=hex2bin(buf+4,v);
+ pv("V",v,n);
+
+ FIPS_rand_method()->cleanup();
+ FIPS_set_prng_key(key1,key2);
+ FIPS_rand_seed(v,8);
+ for (iter=0; iter < 10000; ++iter)
+ {
+ FIPS_test_mode(1,dt);
+ if (FIPS_rand_method()->bytes(ret,8) <= 0)
+ {
+ FIPS_test_mode(0,NULL);
+ FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
+ return;
+ }
+ pbn = BN_bin2bn(dt,8,bn);
+ n = BN_add(bn,bn,BN_value_one());
+ n = BN_bn2bin(bn,dt);
+ }
+
+ pv("R",ret,8);
+ putc('\n',stdout);
+ }
+ else
+ fputs(buf,stdout);
+ }
+ BN_free(bn);
+ }
+
+int main(int argc,char **argv)
+ {
+ if(argc != 2)
+ {
+ fprintf(stderr,"%s [mct|vst]\n",argv[0]);
+ exit(1);
+ }
+ if(!FIPS_mode_set(1))
+ {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+ exit(1);
+ }
+ if(!strcmp(argv[1],"mct"))
+ mct();
+ else if(!strcmp(argv[1],"vst"))
+ vst();
+ else
+ {
+ fprintf(stderr,"Don't know how to %s.\n",argv[1]);
+ exit(1);
+ }
+
+ return 0;
+ }
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/rsa/Makefile b/src/lib/libssl/src/fips-1.0/rsa/Makefile
new file mode 100644
index 0000000000..179df4758a
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/rsa/Makefile
@@ -0,0 +1,208 @@
+#
+# OpenSSL/fips-1.0/rsa/Makefile
+#
+
+DIR= rsa
+TOP= ../..
+CC= cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR= /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE= Makefile
+AR= ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= fips_rsavtest.c fips_rsastest.c fips_rsagtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=fips_rsa_eay.c fips_rsa_gen.c fips_rsa_selftest.c fips_rsa_x931g.c
+LIBOBJ=fips_rsa_eay.o fips_rsa_gen.o fips_rsa_selftest.o fips_rsa_x931g.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=
+HEADER= $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ @echo $(LIBOBJ) > lib
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+
+install:
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+Q=../testvectors/rsa/req
+A=../testvectors/rsa/rsp
+Q62=../testvectors/rsa_salt_62/req
+A62=../testvectors/rsa_salt_62/rsp
+
+fips_test:
+ -rm -rf $(A) $(A62)
+ mkdir $(A) $(A62)
+ if [ -f $(Q)/SigGen15.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest < $(Q)/SigGen15.req > $(A)/SigGen15.rsp; fi
+ if [ -f $(Q)/SigVer15.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest < $(Q)/SigVer15.req > $(A)/SigVer15.rsp; fi
+ if [ -f $(Q)/SigGenPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -saltlen 0 < $(Q)/SigGenPSS.req > $(A)/SigGenPSS.rsp; fi
+ if [ -f $(Q)/SigVerPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -saltlen 0 < $(Q)/SigVerPSS.req > $(A)/SigVerPSS.rsp; fi
+ if [ -f $(Q)/SigGenRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -x931 < $(Q)/SigGenRSA.req > $(A)/SigGenRSA.rsp; fi
+ if [ -f $(Q)/SigVerRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -x931 < $(Q)/SigVerRSA.req > $(A)/SigVerRSA.rsp; fi
+ if [ -f $(Q62)/SigGenPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -saltlen 62 < $(Q62)/SigGenPSS.req >$(A62)/SigGenPSS.rsp; fi
+ if [ -f $(Q62)/SigVerPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -saltlen 62 <$(Q62)/SigVerPSS.req >$(A62)/SigVerPSS.rsp; fi
+ if [ -f $(Q)/KeyGenRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsagtest < $(Q)/KeyGenRSA.req > $(A)/KeyGenRSA.rsp; fi
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips_rsa_eay.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_rsa_eay.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_rsa_eay.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_rsa_eay.o: ../../include/openssl/opensslconf.h
+fips_rsa_eay.o: ../../include/openssl/opensslv.h
+fips_rsa_eay.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+fips_rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+fips_rsa_eay.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_rsa_eay.o: fips_rsa_eay.c
+fips_rsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_rsa_gen.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_rsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_rsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_rsa_gen.o: ../../include/openssl/opensslconf.h
+fips_rsa_gen.o: ../../include/openssl/opensslv.h
+fips_rsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+fips_rsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_rsa_gen.o: ../../include/openssl/symhacks.h fips_rsa_gen.c
+fips_rsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_rsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_rsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_rsa_selftest.o: ../../include/openssl/fips.h
+fips_rsa_selftest.o: ../../include/openssl/fips_sha.h
+fips_rsa_selftest.o: ../../include/openssl/lhash.h
+fips_rsa_selftest.o: ../../include/openssl/opensslconf.h
+fips_rsa_selftest.o: ../../include/openssl/opensslv.h
+fips_rsa_selftest.o: ../../include/openssl/ossl_typ.h
+fips_rsa_selftest.o: ../../include/openssl/rsa.h
+fips_rsa_selftest.o: ../../include/openssl/safestack.h
+fips_rsa_selftest.o: ../../include/openssl/stack.h
+fips_rsa_selftest.o: ../../include/openssl/symhacks.h fips_rsa_selftest.c
+fips_rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_rsa_x931g.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_rsa_x931g.o: ../../include/openssl/opensslconf.h
+fips_rsa_x931g.o: ../../include/openssl/opensslv.h
+fips_rsa_x931g.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+fips_rsa_x931g.o: ../../include/openssl/safestack.h
+fips_rsa_x931g.o: ../../include/openssl/stack.h
+fips_rsa_x931g.o: ../../include/openssl/symhacks.h fips_rsa_x931g.c
+fips_rsagtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_rsagtest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+fips_rsagtest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_rsagtest.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+fips_rsagtest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fips_rsagtest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+fips_rsagtest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_rsagtest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_rsagtest.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+fips_rsagtest.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+fips_rsagtest.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+fips_rsagtest.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+fips_rsagtest.o: ../../include/openssl/objects.h
+fips_rsagtest.o: ../../include/openssl/opensslconf.h
+fips_rsagtest.o: ../../include/openssl/opensslv.h
+fips_rsagtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_rsagtest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+fips_rsagtest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+fips_rsagtest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+fips_rsagtest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_rsagtest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fips_rsagtest.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+fips_rsagtest.o: ../../include/openssl/x509_vfy.h
+fips_rsagtest.o: ../../include/openssl/x509v3.h fips_rsagtest.c
+fips_rsastest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_rsastest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+fips_rsastest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_rsastest.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+fips_rsastest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fips_rsastest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+fips_rsastest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_rsastest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_rsastest.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+fips_rsastest.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+fips_rsastest.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+fips_rsastest.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+fips_rsastest.o: ../../include/openssl/objects.h
+fips_rsastest.o: ../../include/openssl/opensslconf.h
+fips_rsastest.o: ../../include/openssl/opensslv.h
+fips_rsastest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_rsastest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+fips_rsastest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+fips_rsastest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+fips_rsastest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_rsastest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fips_rsastest.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+fips_rsastest.o: ../../include/openssl/x509_vfy.h
+fips_rsastest.o: ../../include/openssl/x509v3.h fips_rsastest.c
+fips_rsavtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_rsavtest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+fips_rsavtest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_rsavtest.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+fips_rsavtest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fips_rsavtest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+fips_rsavtest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_rsavtest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_rsavtest.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+fips_rsavtest.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+fips_rsavtest.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+fips_rsavtest.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+fips_rsavtest.o: ../../include/openssl/objects.h
+fips_rsavtest.o: ../../include/openssl/opensslconf.h
+fips_rsavtest.o: ../../include/openssl/opensslv.h
+fips_rsavtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_rsavtest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+fips_rsavtest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+fips_rsavtest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+fips_rsavtest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_rsavtest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fips_rsavtest.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+fips_rsavtest.o: ../../include/openssl/x509_vfy.h
+fips_rsavtest.o: ../../include/openssl/x509v3.h fips_rsavtest.c
diff --git a/src/lib/libssl/src/fips-1.0/rsa/fips_rsa_eay.c b/src/lib/libssl/src/fips-1.0/rsa/fips_rsa_eay.c
new file mode 100644
index 0000000000..2d0d973f1e
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/rsa/fips_rsa_eay.c
@@ -0,0 +1,788 @@
+/* crypto/rsa/rsa_eay.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+#include <openssl/fips.h>
+
+#if !defined(RSA_NULL) && defined(OPENSSL_FIPS)
+
+static int RSA_eay_public_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_public_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_private_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa);
+static int RSA_eay_init(RSA *rsa);
+static int RSA_eay_finish(RSA *rsa);
+static const RSA_METHOD rsa_pkcs1_eay_meth={
+ "Eric Young's PKCS#1 RSA",
+ RSA_eay_public_encrypt,
+ RSA_eay_public_decrypt, /* signature verification */
+ RSA_eay_private_encrypt, /* signing */
+ RSA_eay_private_decrypt,
+ RSA_eay_mod_exp,
+ BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */
+ RSA_eay_init,
+ RSA_eay_finish,
+ 0, /* flags */
+ NULL,
+ 0, /* rsa_sign */
+ 0 /* rsa_verify */
+ };
+
+const RSA_METHOD *RSA_PKCS1_SSLeay(void)
+ {
+ return(&rsa_pkcs1_eay_meth);
+ }
+
+static int RSA_eay_public_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+ {
+ BIGNUM f,ret;
+ int i,j,k,num=0,r= -1;
+ unsigned char *buf=NULL;
+ BN_CTX *ctx=NULL;
+
+ BN_init(&f);
+ BN_init(&ret);
+
+ if(FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
+ goto err;
+ }
+
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+ num=BN_num_bytes(rsa->n);
+ if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ switch (padding)
+ {
+ case RSA_PKCS1_PADDING:
+ i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
+ break;
+#ifndef OPENSSL_NO_SHA
+ case RSA_PKCS1_OAEP_PADDING:
+ i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
+ break;
+#endif
+ case RSA_SSLV23_PADDING:
+ i=RSA_padding_add_SSLv23(buf,num,from,flen);
+ break;
+ case RSA_NO_PADDING:
+ i=RSA_padding_add_none(buf,num,from,flen);
+ break;
+ default:
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
+ goto err;
+ }
+ if (i <= 0) goto err;
+
+ if (BN_bin2bn(buf,num,&f) == NULL) goto err;
+
+ if (BN_ucmp(&f, rsa->n) >= 0)
+ {
+ /* usually the padding functions would catch this */
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+ goto err;
+ }
+
+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+ {
+ if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
+ CRYPTO_LOCK_RSA, rsa->n, ctx))
+ goto err;
+ }
+
+ if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+ rsa->_method_mod_n)) goto err;
+
+ /* put in leading 0 bytes if the number is less than the
+ * length of the modulus */
+ j=BN_num_bytes(&ret);
+ i=BN_bn2bin(&ret,&(to[num-j]));
+ for (k=0; k<(num-i); k++)
+ to[k]=0;
+
+ r=num;
+err:
+ if (ctx != NULL) BN_CTX_free(ctx);
+ BN_clear_free(&f);
+ BN_clear_free(&ret);
+ if (buf != NULL)
+ {
+ OPENSSL_cleanse(buf,num);
+ OPENSSL_free(buf);
+ }
+ return(r);
+ }
+
+static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
+ {
+ int ret = 1;
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ /* Check again inside the lock - the macro's check is racey */
+ if(rsa->blinding == NULL)
+ ret = RSA_blinding_on(rsa, ctx);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+ return ret;
+ }
+
+#define BLINDING_HELPER(rsa, ctx, err_instr) \
+ do { \
+ if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \
+ ((rsa)->blinding == NULL) && \
+ !rsa_eay_blinding(rsa, ctx)) \
+ err_instr \
+ } while(0)
+
+static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx)
+ {
+ BIGNUM *A, *Ai;
+ BN_BLINDING *ret = NULL;
+
+ /* added in OpenSSL 0.9.6j and 0.9.7b */
+
+ /* NB: similar code appears in RSA_blinding_on (rsa_lib.c);
+ * this should be placed in a new function of its own, but for reasons
+ * of binary compatibility can't */
+
+ BN_CTX_start(ctx);
+ A = BN_CTX_get(ctx);
+ if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
+ {
+ /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
+ RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
+ if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
+ }
+ else
+ {
+ if (!BN_rand_range(A,rsa->n)) goto err;
+ }
+ if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
+
+ if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
+ goto err;
+ ret = BN_BLINDING_new(A,Ai,rsa->n);
+ BN_free(Ai);
+err:
+ BN_CTX_end(ctx);
+ return ret;
+ }
+
+/* signing */
+static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+ {
+ BIGNUM f,ret, *res;
+ int i,j,k,num=0,r= -1;
+ unsigned char *buf=NULL;
+ BN_CTX *ctx=NULL;
+ int local_blinding = 0;
+ BN_BLINDING *blinding = NULL;
+
+ BN_init(&f);
+ BN_init(&ret);
+
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+ num=BN_num_bytes(rsa->n);
+ if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+ {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ switch (padding)
+ {
+ case RSA_PKCS1_PADDING:
+ i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
+ break;
+ case RSA_NO_PADDING:
+ i=RSA_padding_add_none(buf,num,from,flen);
+ break;
+ case RSA_X931_PADDING:
+ i=RSA_padding_add_X931(buf,num,from,flen);
+ break;
+ case RSA_SSLV23_PADDING:
+ default:
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
+ goto err;
+ }
+ if (i <= 0) goto err;
+
+ if (BN_bin2bn(buf,num,&f) == NULL) goto err;
+
+ if (BN_ucmp(&f, rsa->n) >= 0)
+ {
+ /* usually the padding functions would catch this */
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+ goto err;
+ }
+
+ BLINDING_HELPER(rsa, ctx, goto err;);
+ blinding = rsa->blinding;
+
+ /* Now unless blinding is disabled, 'blinding' is non-NULL.
+ * But the BN_BLINDING object may be owned by some other thread
+ * (we don't want to keep it constant and we don't want to use
+ * lots of locking to avoid race conditions, so only a single
+ * thread can use it; other threads have to use local blinding
+ * factors) */
+ if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
+ {
+ if (blinding == NULL)
+ {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ if (blinding != NULL)
+ {
+ if (blinding->thread_id != CRYPTO_thread_id())
+ {
+ /* we need a local one-time blinding factor */
+
+ blinding = setup_blinding(rsa, ctx);
+ if (blinding == NULL)
+ goto err;
+ local_blinding = 1;
+ }
+ }
+
+ if (blinding)
+ if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
+
+ if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+ ((rsa->p != NULL) &&
+ (rsa->q != NULL) &&
+ (rsa->dmp1 != NULL) &&
+ (rsa->dmq1 != NULL) &&
+ (rsa->iqmp != NULL)) )
+ {
+ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
+ }
+ else
+ {
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ {
+ BN_init(&local_d);
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ d = rsa->d;
+ if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL)) goto err;
+ }
+
+ if (blinding)
+ if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
+
+ if (padding == RSA_X931_PADDING)
+ {
+ BN_sub(&f, rsa->n, &ret);
+ if (BN_cmp(&ret, &f))
+ res = &f;
+ else
+ res = &ret;
+ }
+ else
+ res = &ret;
+
+ /* put in leading 0 bytes if the number is less than the
+ * length of the modulus */
+ j=BN_num_bytes(res);
+ i=BN_bn2bin(res,&(to[num-j]));
+ for (k=0; k<(num-i); k++)
+ to[k]=0;
+
+ r=num;
+err:
+ if (ctx != NULL) BN_CTX_free(ctx);
+ BN_clear_free(&ret);
+ BN_clear_free(&f);
+ if (local_blinding)
+ BN_BLINDING_free(blinding);
+ if (buf != NULL)
+ {
+ OPENSSL_cleanse(buf,num);
+ OPENSSL_free(buf);
+ }
+ return(r);
+ }
+
+static int RSA_eay_private_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+ {
+ BIGNUM f,ret;
+ int j,num=0,r= -1;
+ unsigned char *p;
+ unsigned char *buf=NULL;
+ BN_CTX *ctx=NULL;
+ int local_blinding = 0;
+ BN_BLINDING *blinding = NULL;
+
+ BN_init(&f);
+ BN_init(&ret);
+ ctx=BN_CTX_new();
+ if (ctx == NULL) goto err;
+
+ num=BN_num_bytes(rsa->n);
+
+ if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+ {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* This check was for equality but PGP does evil things
+ * and chops off the top '0' bytes */
+ if (flen > num)
+ {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
+ goto err;
+ }
+
+ /* make data into a big number */
+ if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
+
+ if (BN_ucmp(&f, rsa->n) >= 0)
+ {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+ goto err;
+ }
+
+ BLINDING_HELPER(rsa, ctx, goto err;);
+ blinding = rsa->blinding;
+
+ /* Now unless blinding is disabled, 'blinding' is non-NULL.
+ * But the BN_BLINDING object may be owned by some other thread
+ * (we don't want to keep it constant and we don't want to use
+ * lots of locking to avoid race conditions, so only a single
+ * thread can use it; other threads have to use local blinding
+ * factors) */
+ if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
+ {
+ if (blinding == NULL)
+ {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ if (blinding != NULL)
+ {
+ if (blinding->thread_id != CRYPTO_thread_id())
+ {
+ /* we need a local one-time blinding factor */
+
+ blinding = setup_blinding(rsa, ctx);
+ if (blinding == NULL)
+ goto err;
+ local_blinding = 1;
+ }
+ }
+
+ if (blinding)
+ if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
+
+ /* do the decrypt */
+ if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+ ((rsa->p != NULL) &&
+ (rsa->q != NULL) &&
+ (rsa->dmp1 != NULL) &&
+ (rsa->dmq1 != NULL) &&
+ (rsa->iqmp != NULL)) )
+ {
+ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
+ }
+ else
+ {
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ {
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ d = rsa->d;
+ if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL))
+ goto err;
+ }
+
+ if (blinding)
+ if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
+
+ p=buf;
+ j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
+
+ switch (padding)
+ {
+ case RSA_PKCS1_PADDING:
+ r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
+ break;
+#ifndef OPENSSL_NO_SHA
+ case RSA_PKCS1_OAEP_PADDING:
+ r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
+ break;
+#endif
+ case RSA_SSLV23_PADDING:
+ r=RSA_padding_check_SSLv23(to,num,buf,j,num);
+ break;
+ case RSA_NO_PADDING:
+ r=RSA_padding_check_none(to,num,buf,j,num);
+ break;
+ default:
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
+ goto err;
+ }
+ if (r < 0)
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
+
+err:
+ if (ctx != NULL) BN_CTX_free(ctx);
+ BN_clear_free(&f);
+ BN_clear_free(&ret);
+ if (local_blinding)
+ BN_BLINDING_free(blinding);
+ if (buf != NULL)
+ {
+ OPENSSL_cleanse(buf,num);
+ OPENSSL_free(buf);
+ }
+ return(r);
+ }
+
+/* signature verification */
+static int RSA_eay_public_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+ {
+ BIGNUM f,ret;
+ int i,num=0,r= -1;
+ unsigned char *p;
+ unsigned char *buf=NULL;
+ BN_CTX *ctx=NULL;
+
+ BN_init(&f);
+ BN_init(&ret);
+ ctx=BN_CTX_new();
+ if (ctx == NULL) goto err;
+
+ num=BN_num_bytes(rsa->n);
+ buf=(unsigned char *)OPENSSL_malloc(num);
+ if (buf == NULL)
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* This check was for equality but PGP does evil things
+ * and chops off the top '0' bytes */
+ if (flen > num)
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
+ goto err;
+ }
+
+ if (BN_bin2bn(from,flen,&f) == NULL) goto err;
+
+ if (BN_ucmp(&f, rsa->n) >= 0)
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+ goto err;
+ }
+
+ /* do the decrypt */
+
+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+ {
+ if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
+ CRYPTO_LOCK_RSA, rsa->n, ctx))
+ goto err;
+ }
+
+ if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+ rsa->_method_mod_n)) goto err;
+
+ if ((padding == RSA_X931_PADDING) && ((ret.d[0] & 0xf) != 12))
+ BN_sub(&ret, rsa->n, &ret);
+
+ p=buf;
+ i=BN_bn2bin(&ret,p);
+
+ switch (padding)
+ {
+ case RSA_PKCS1_PADDING:
+ r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
+ break;
+ case RSA_X931_PADDING:
+ r=RSA_padding_check_X931(to,num,buf,i,num);
+ break;
+ case RSA_NO_PADDING:
+ r=RSA_padding_check_none(to,num,buf,i,num);
+ break;
+ default:
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
+ goto err;
+ }
+ if (r < 0)
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
+
+err:
+ if (ctx != NULL) BN_CTX_free(ctx);
+ BN_clear_free(&f);
+ BN_clear_free(&ret);
+ if (buf != NULL)
+ {
+ OPENSSL_cleanse(buf,num);
+ OPENSSL_free(buf);
+ }
+ return(r);
+ }
+
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+ {
+ BIGNUM r1,m1,vrfy;
+ BIGNUM local_dmp1, local_dmq1;
+ BIGNUM *dmp1, *dmq1;
+ int ret=0;
+ BN_CTX *ctx;
+
+ BN_init(&m1);
+ BN_init(&r1);
+ BN_init(&vrfy);
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+ if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
+ {
+ if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p,
+ CRYPTO_LOCK_RSA, rsa->p, ctx))
+ goto err;
+ if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q,
+ CRYPTO_LOCK_RSA, rsa->q, ctx))
+ goto err;
+ }
+
+ if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
+ if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ {
+ dmq1 = &local_dmq1;
+ BN_with_flags(dmq1, rsa->dmq1, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ dmq1 = rsa->dmq1;
+ if (!rsa->meth->bn_mod_exp(&m1,&r1,dmq1,rsa->q,ctx,
+ rsa->_method_mod_q)) goto err;
+
+ if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
+ if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ {
+ dmp1 = &local_dmp1;
+ BN_with_flags(dmp1, rsa->dmp1, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ dmp1 = rsa->dmp1;
+ if (!rsa->meth->bn_mod_exp(r0,&r1,dmp1,rsa->p,ctx,
+ rsa->_method_mod_p)) goto err;
+
+ if (!BN_sub(r0,r0,&m1)) goto err;
+ /* This will help stop the size of r0 increasing, which does
+ * affect the multiply if it optimised for a power of 2 size */
+ if (r0->neg)
+ if (!BN_add(r0,r0,rsa->p)) goto err;
+
+ if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
+ if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
+ /* If p < q it is occasionally possible for the correction of
+ * adding 'p' if r0 is negative above to leave the result still
+ * negative. This can break the private key operations: the following
+ * second correction should *always* correct this rare occurrence.
+ * This will *never* happen with OpenSSL generated keys because
+ * they ensure p > q [steve]
+ */
+ if (r0->neg)
+ if (!BN_add(r0,r0,rsa->p)) goto err;
+ if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
+ if (!BN_add(r0,&r1,&m1)) goto err;
+
+ if (rsa->e && rsa->n)
+ {
+ if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
+ /* If 'I' was greater than (or equal to) rsa->n, the operation
+ * will be equivalent to using 'I mod n'. However, the result of
+ * the verify will *always* be less than 'n' so we don't check
+ * for absolute equality, just congruency. */
+ if (!BN_sub(&vrfy, &vrfy, I)) goto err;
+ if (!BN_mod(&vrfy, &vrfy, rsa->n, ctx)) goto err;
+ if (vrfy.neg)
+ if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err;
+ if (!BN_is_zero(&vrfy))
+ {
+ /* 'I' and 'vrfy' aren't congruent mod n. Don't leak
+ * miscalculated CRT output, just do a raw (slower)
+ * mod_exp and return that instead. */
+
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ {
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ d = rsa->d;
+ if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,NULL)) goto err;
+ }
+ }
+ ret=1;
+err:
+ BN_clear_free(&m1);
+ BN_clear_free(&r1);
+ BN_clear_free(&vrfy);
+ BN_CTX_free(ctx);
+ return(ret);
+ }
+
+static int RSA_eay_init(RSA *rsa)
+ {
+ rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
+ return(1);
+ }
+
+static int RSA_eay_finish(RSA *rsa)
+ {
+ if (rsa->_method_mod_n != NULL)
+ BN_MONT_CTX_free(rsa->_method_mod_n);
+ if (rsa->_method_mod_p != NULL)
+ BN_MONT_CTX_free(rsa->_method_mod_p);
+ if (rsa->_method_mod_q != NULL)
+ BN_MONT_CTX_free(rsa->_method_mod_q);
+ return(1);
+ }
+
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/rsa/fips_rsa_gen.c b/src/lib/libssl/src/fips-1.0/rsa/fips_rsa_gen.c
new file mode 100644
index 0000000000..3f50746733
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/rsa/fips_rsa_gen.c
@@ -0,0 +1,282 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/fips.h>
+
+void *OPENSSL_stderr(void);
+
+#ifdef OPENSSL_FIPS
+
+int fips_check_rsa(RSA *rsa)
+ {
+ int n, ret = 0;
+ unsigned char tctext[256], *ctext = tctext;
+ unsigned char tptext[256], *ptext = tptext;
+ /* The longest we can have with PKCS#1 v1.5 padding and a 512 bit key,
+ * namely 512/8-11-1 = 52 bytes */
+ static const unsigned char original_ptext[] =
+ "\x01\x23\x45\x67\x89\xab\xcd\xef\x01\x23\x45\x67\x89\xab\xcd\xef"
+ "\x01\x23\x45\x67\x89\xab\xcd\xef\x01\x23\x45\x67\x89\xab\xcd\xef"
+ "\x01\x23\x45\x67\x89\xab\xcd\xef\x01\x23\x45\x67\x89\xab\xcd\xef"
+ "\x01\x23\x45\x67";
+
+ if (RSA_size(rsa) > sizeof(tctext))
+ {
+ ctext = OPENSSL_malloc(RSA_size(rsa));
+ ptext = OPENSSL_malloc(RSA_size(rsa));
+ if (!ctext || !ptext)
+ {
+ ERR_print_errors_fp(OPENSSL_stderr());
+ exit(1);
+ }
+ }
+
+
+ /* this will fail for keys shorter than 512 bits */
+ n=RSA_private_encrypt(sizeof(original_ptext)-1,original_ptext,ctext,rsa,
+ RSA_PKCS1_PADDING);
+ if(n < 0)
+ {
+ ERR_print_errors_fp(OPENSSL_stderr());
+ exit(1);
+ }
+ if(!memcmp(ctext,original_ptext,n))
+ {
+ FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
+ goto error;
+ }
+ n=RSA_public_decrypt(n,ctext,ptext,rsa,RSA_PKCS1_PADDING);
+ if(n < 0)
+ {
+ ERR_print_errors_fp(OPENSSL_stderr());
+ exit(1);
+ }
+ if(n != sizeof(original_ptext)-1 || memcmp(ptext,original_ptext,n))
+ {
+ FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
+ goto error;
+ }
+
+ ret = 1;
+
+ error:
+
+ if (RSA_size(rsa) > sizeof(tctext))
+ {
+ OPENSSL_free(ctext);
+ OPENSSL_free(ptext);
+ }
+
+ return ret;
+ }
+
+RSA *RSA_generate_key(FIPS_RSA_SIZE_T bits, unsigned long e_value,
+ void (*callback)(int,int,void *), void *cb_arg)
+ {
+ RSA *rsa=NULL;
+ BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
+ int bitsp,bitsq,ok= -1,n=0,i;
+ BN_CTX *ctx=NULL,*ctx2=NULL;
+
+ if (bits < 512)
+ {
+ FIPSerr(FIPS_F_RSA_GENERATE_KEY,FIPS_R_KEY_TOO_SHORT);
+ return NULL;
+ }
+
+ if(FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_RSA_GENERATE_KEY,FIPS_R_FIPS_SELFTEST_FAILED);
+ return NULL;
+ }
+
+ ctx=BN_CTX_new();
+ if (ctx == NULL) goto err;
+ ctx2=BN_CTX_new();
+ if (ctx2 == NULL) goto err;
+ BN_CTX_start(ctx);
+ r0 = BN_CTX_get(ctx);
+ r1 = BN_CTX_get(ctx);
+ r2 = BN_CTX_get(ctx);
+ r3 = BN_CTX_get(ctx);
+ if (r3 == NULL) goto err;
+
+ bitsp=(bits+1)/2;
+ bitsq=bits-bitsp;
+ rsa=RSA_new();
+ if (rsa == NULL) goto err;
+
+ /* set e */
+ rsa->e=BN_new();
+ if (rsa->e == NULL) goto err;
+
+#if 1
+ /* The problem is when building with 8, 16, or 32 BN_ULONG,
+ * unsigned long can be larger */
+ for (i=0; i<sizeof(unsigned long)*8; i++)
+ {
+ if (e_value & (1UL<<i))
+ BN_set_bit(rsa->e,i);
+ }
+#else
+ if (!BN_set_word(rsa->e,e_value)) goto err;
+#endif
+
+ /* generate p and q */
+ for (;;)
+ {
+ rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg);
+ if (rsa->p == NULL) goto err;
+ if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
+ if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
+ if (BN_is_one(r1)) break;
+ if (callback != NULL) callback(2,n++,cb_arg);
+ BN_free(rsa->p);
+ }
+ if (callback != NULL) callback(3,0,cb_arg);
+ for (;;)
+ {
+ rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg);
+ if (rsa->q == NULL) goto err;
+ if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
+ if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
+ if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0))
+ break;
+ if (callback != NULL) callback(2,n++,cb_arg);
+ BN_free(rsa->q);
+ }
+ if (callback != NULL) callback(3,1,cb_arg);
+ if (BN_cmp(rsa->p,rsa->q) < 0)
+ {
+ tmp=rsa->p;
+ rsa->p=rsa->q;
+ rsa->q=tmp;
+ }
+
+ /* calculate n */
+ rsa->n=BN_new();
+ if (rsa->n == NULL) goto err;
+ if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
+
+ /* calculate d */
+ if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */
+ if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */
+ if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */
+
+/* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */
+/* for (;;)
+ {
+ if (!BN_gcd(r3,r0,rsa->e,ctx)) goto err;
+ if (BN_is_one(r3)) break;
+
+ if (1)
+ {
+ if (!BN_add_word(rsa->e,2L)) goto err;
+ continue;
+ }
+ RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_BAD_E_VALUE);
+ goto err;
+ }
+*/
+ rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */
+ if (rsa->d == NULL) goto err;
+
+ /* calculate d mod (p-1) */
+ rsa->dmp1=BN_new();
+ if (rsa->dmp1 == NULL) goto err;
+ if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err;
+
+ /* calculate d mod (q-1) */
+ rsa->dmq1=BN_new();
+ if (rsa->dmq1 == NULL) goto err;
+ if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err;
+
+ /* calculate inverse of q mod p */
+ rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
+ if (rsa->iqmp == NULL) goto err;
+
+ if(!fips_check_rsa(rsa))
+ goto err;
+
+ ok=1;
+err:
+ if (ok == -1)
+ {
+ RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN);
+ ok=0;
+ }
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ BN_CTX_free(ctx2);
+
+ if (!ok)
+ {
+ if (rsa != NULL) RSA_free(rsa);
+ return(NULL);
+ }
+ else
+ return(rsa);
+ }
+
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/rsa/fips_rsa_selftest.c b/src/lib/libssl/src/fips-1.0/rsa/fips_rsa_selftest.c
new file mode 100644
index 0000000000..0b620c717b
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/rsa/fips_rsa_selftest.c
@@ -0,0 +1,251 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/rsa.h>
+#include <openssl/fips_sha.h>
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_FIPS
+#define SetKey \
+ key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
+ key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
+ key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
+ key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
+ key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
+ key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
+ key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
+ key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
+ memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
+ return (sizeof(ctext_ex) - 1);
+
+static unsigned char n[] =
+"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
+"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
+"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
+"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
+"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
+"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
+"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
+"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
+"\xCB";
+
+
+static int setrsakey(RSA *key, unsigned char *c)
+ {
+ static const unsigned char e[] = "\x11";
+
+ static const unsigned char d[] =
+"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
+"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
+"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
+"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
+"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
+"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
+"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
+"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
+"\xC1";
+
+ static const unsigned char p[] =
+"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
+"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
+"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
+"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
+"\x99";
+
+ static const unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
+"\x03";
+
+ static const unsigned char dmp1[] =
+"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
+"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
+"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
+"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
+
+ static const unsigned char dmq1[] =
+"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
+"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
+"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
+"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
+
+ static const unsigned char iqmp[] =
+"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
+"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
+"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
+"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
+"\xF7";
+
+ static const unsigned char ctext_ex[] =
+"\x42\x4b\xc9\x51\x61\xd4\xca\xa0\x18\x6c\x4d\xca\x61\x8f\x2d\x07"
+"\x8c\x63\xc5\x6b\xa2\x4c\x32\xb1\xda\xb7\xdd\x32\xb6\x51\x68\xc3"
+"\x6e\x98\x46\xd6\xbb\x1a\xd5\x99\x05\x92\x7c\xd7\xbc\x08\x9e\xe4"
+"\xc3\x70\x4d\xe6\x99\x7e\x61\x31\x07\x7a\x19\xdb\x3e\x11\xfa\x3d"
+"\x7c\x61\xd7\x78\x14\x3f\x05\x16\xa0\xc4\xbf\xcd\xee\xca\x67\x4c"
+"\x80\x4e\xca\x43\x2f\x35\x43\x58\xa7\x50\x7e\x3e\x52\x82\xab\xac"
+"\xa6\x50\xe8\x39\x9f\xe0\x7f\x58\x1d\x1b\x90\x93\x04\xec\xb3\xf9"
+"\x24\xd3\x75\x3e\x39\xd1\x14\xc6\x33\xce\xd6\xee\x20\x47\xec\xe4";
+
+ SetKey;
+ }
+
+void FIPS_corrupt_rsa()
+ {
+ n[0]++;
+ }
+
+int FIPS_selftest_rsa()
+ {
+ int clen;
+ RSA *key;
+ unsigned char expected_ctext[256];
+ unsigned char ctext[256];
+ unsigned char ptext[256];
+ static const unsigned char original_ptext[] =
+ "\x01\x23\x45\x67\x89\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0"
+ "\x23\x45\x67\x89\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12"
+ "\x45\x67\x89\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34"
+ "\x67\x89\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56"
+ "\x89\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56\x78"
+ "\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56\x78\x9a"
+ "\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56\x78\x9a\xbc"
+ "\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56\x78\x9a\xbc\xde"
+ "\xf0\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56\x78\x9a\xbc\xde";
+ unsigned char md[SHA_DIGEST_LENGTH];
+ static const unsigned char mdkat[SHA_DIGEST_LENGTH] =
+ "\x2d\x57\x1d\x6f\x5c\x37\xf9\xf0\x3b\xb4\x3c\xe8\x2c\x4c\xb3\x04"
+ "\x75\xa2\x0e\xfb";
+ static const unsigned char ctextkat[] =
+ "\x3e\xc5\x0a\xbe\x29\xa2\xca\x9a\x35\x14\x17\x26\xa4\x0f\xa3\x03"
+ "\x65\xb5\x37\xf5\x6a\xaa\xb\xf\x2c\x0d\x8\xc0\x73\x8\x3c\x88\x85"
+ "\x36\x68\x16\xfe\x2f\x59\x77\x7e\x2a\x76\x9a\xc7\x27\x19\x9b\x54"
+ "\x14\x87\xf3\xe0\xce\x1e\x68\x10\x40\x14\xac\xbc\xe6\x6f\x26\x1f"
+ "\x55\xd1\x15\x81\x48\x10\xf4\x89\xe5\x67\x52\x42\x87\x04\x74\x4e"
+ "\x96\x14\x7c\x53\xc9\x1e\x84\x11\x7d\x7d\x23\xbd\xff\x6c\xcb\x00"
+ "\x96\x2e\x7d\xfb\x47\xea\x78\xcd\xd8\x04\x3a\x98\x06\x13\x68\x39"
+ "\xa1\xe2\xbc\x9f\x64\xc7\x62\xf0\x74\x4d\x42\xe0\x0b\xcf\x24\x48";
+ int i;
+
+ /* Perform pairwise consistency test by: ... */
+
+ key=RSA_new();
+ clen=setrsakey(key,expected_ctext);
+ /* ...1) apply public key to plaintext, resulting ciphertext must be
+ * different
+ */
+ i=RSA_public_encrypt(128,original_ptext,ctext,key,
+ RSA_NO_PADDING);
+ if(i != clen || memcmp(ctext,expected_ctext,i))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ if(!memcmp(ctext,original_ptext,i))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ /* ...2) apply private key to ciphertext and compare result to
+ * original plaintext; results must be equal
+ */
+ i=RSA_private_decrypt(i,ctext,ptext,key,RSA_NO_PADDING);
+ if(i != 128 || memcmp(ptext,original_ptext,i))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+
+ /* Perform sign and verify Known Answer Test by... */
+
+ /* ...1) using the same RSA key to encrypt the SHA-1 hash of a
+ * plaintext value larger than the RSA key size
+ */
+ if (RSA_size(key) >= sizeof(original_ptext) - 1)
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ /* ...2) then generate the SHA-1 digest of plaintext, and compare the
+ * digest to the Known Answer (note here we duplicate the SHA-1 KAT)
+ */
+ SHA1(original_ptext,sizeof(original_ptext) - 1,md);
+ if(memcmp(md,mdkat,SHA_DIGEST_LENGTH))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ /* ...3) then encrypt the digest, and compare the ciphertext
+ * to the Known Answer
+ */
+ i=RSA_private_encrypt(sizeof(md),md,ctext,key,RSA_PKCS1_PADDING);
+ if(i != clen || memcmp(ctextkat,ctext,i))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ /* ...4) and finally decrypt the signed digest and compare with
+ * the original Known Answer
+ */
+ i=RSA_public_decrypt(i,ctext,md,key,RSA_PKCS1_PADDING);
+ if(i != sizeof(md) || memcmp(mdkat,md,i))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+
+ RSA_free(key);
+ return 1;
+ }
+
+#endif /* def OPENSSL_FIPS */
diff --git a/src/lib/libssl/src/fips-1.0/rsa/fips_rsa_x931g.c b/src/lib/libssl/src/fips-1.0/rsa/fips_rsa_x931g.c
new file mode 100644
index 0000000000..41e1473bca
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/rsa/fips_rsa_x931g.c
@@ -0,0 +1,289 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/fips.h>
+
+#ifdef OPENSSL_FIPS
+
+extern int fips_check_rsa(RSA *rsa);
+
+
+/* X9.31 RSA key derivation and generation */
+
+int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
+ void (*cb)(int, int, void *), void *cb_arg,
+ const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
+ const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
+ const BIGNUM *e)
+ {
+ BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL;
+ BN_CTX *ctx=NULL,*ctx2=NULL;
+
+ if (!rsa)
+ goto err;
+
+ ctx = BN_CTX_new();
+ BN_CTX_start(ctx);
+ if (!ctx)
+ goto err;
+
+ r0 = BN_CTX_get(ctx);
+ r1 = BN_CTX_get(ctx);
+ r2 = BN_CTX_get(ctx);
+ r3 = BN_CTX_get(ctx);
+
+ if (r3 == NULL)
+ goto err;
+ if (!rsa->e)
+ {
+ rsa->e = BN_dup(e);
+ if (!rsa->e)
+ goto err;
+ }
+ else
+ e = rsa->e;
+
+ /* If not all parameters present only calculate what we can.
+ * This allows test programs to output selective parameters.
+ */
+
+ if (Xp && !rsa->p)
+ {
+ rsa->p = BN_new();
+ if (!rsa->p)
+ goto err;
+
+ if (!BN_X931_derive_prime(rsa->p, p1, p2, cb, cb_arg,
+ Xp, Xp1, Xp2, e, ctx))
+ goto err;
+ }
+
+ if (Xq && !rsa->q)
+ {
+ rsa->q = BN_new();
+ if (!rsa->q)
+ goto err;
+ if (!BN_X931_derive_prime(rsa->q, q1, q2, cb, cb_arg,
+ Xq, Xq1, Xq2, e, ctx))
+ goto err;
+ }
+
+ if (!rsa->p || !rsa->q)
+ {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return 2;
+ }
+
+ /* Since both primes are set we can now calculate all remaining
+ * components.
+ */
+
+ /* calculate n */
+ rsa->n=BN_new();
+ if (rsa->n == NULL)
+ goto err;
+ if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx))
+ goto err;
+
+ /* calculate d */
+ if (!BN_sub(r1,rsa->p,BN_value_one()))
+ goto err; /* p-1 */
+ if (!BN_sub(r2,rsa->q,BN_value_one()))
+ goto err; /* q-1 */
+ if (!BN_mul(r0,r1,r2,ctx))
+ goto err; /* (p-1)(q-1) */
+
+ if (!BN_gcd(r3, r1, r2, ctx))
+ goto err;
+
+ if (!BN_div(r0, NULL, r0, r3, ctx))
+ goto err; /* LCM((p-1)(q-1)) */
+
+ ctx2 = BN_CTX_new();
+ if (!ctx2)
+ goto err;
+
+ rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */
+ if (rsa->d == NULL)
+ goto err;
+
+ /* calculate d mod (p-1) */
+ rsa->dmp1=BN_new();
+ if (rsa->dmp1 == NULL)
+ goto err;
+ if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx))
+ goto err;
+
+ /* calculate d mod (q-1) */
+ rsa->dmq1=BN_new();
+ if (rsa->dmq1 == NULL)
+ goto err;
+ if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx))
+ goto err;
+
+ /* calculate inverse of q mod p */
+ rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
+
+ err:
+ if (ctx)
+ {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (ctx2)
+ BN_CTX_free(ctx2);
+ /* If this is set all calls successful */
+ if (rsa->iqmp != NULL)
+ return 1;
+
+ return 0;
+
+ }
+
+RSA *RSA_X931_generate_key(FIPS_RSA_SIZE_T bits, const BIGNUM *e,
+ void (*cb)(int,int,void *), void *cb_arg)
+ {
+ RSA *rsa = NULL;
+ int ok = 0;
+ BIGNUM *Xp = NULL, *Xq = NULL;
+ BN_CTX *ctx = NULL;
+
+ if (bits < 1024)
+ {
+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY,FIPS_R_KEY_TOO_SHORT);
+ return NULL;
+ }
+
+ if (bits & 0xff)
+ {
+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY,FIPS_R_INVALID_KEY_LENGTH);
+ return NULL;
+ }
+
+ if(FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY,FIPS_R_FIPS_SELFTEST_FAILED);
+ return NULL;
+ }
+
+ ctx = BN_CTX_new();
+ if (!ctx)
+ goto error;
+
+ BN_CTX_start(ctx);
+ Xp = BN_CTX_get(ctx);
+ Xq = BN_CTX_get(ctx);
+ if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
+ goto error;
+
+ rsa = RSA_new();
+ if (!rsa)
+ goto error;
+ rsa->p = BN_new();
+ rsa->q = BN_new();
+ if (!rsa->p || !rsa->q)
+ goto error;
+
+ /* Generate two primes from Xp, Xq */
+
+ if (!BN_X931_generate_prime(rsa->p, NULL, NULL, NULL, NULL, Xp,
+ e, ctx, cb, cb_arg))
+ goto error;
+
+ if (!BN_X931_generate_prime(rsa->q, NULL, NULL, NULL, NULL, Xq,
+ e, ctx, cb, cb_arg))
+ goto error;
+
+ /* Since rsa->p and rsa->q are valid this call will just derive
+ * remaining RSA components.
+ */
+
+ if (!RSA_X931_derive(rsa, NULL, NULL, NULL, NULL, cb, cb_arg,
+ NULL, NULL, NULL, NULL, NULL, NULL, e))
+ goto error;
+
+ if(!fips_check_rsa(rsa))
+ goto error;
+
+ ok = 1;
+
+ error:
+ if (ctx)
+ {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+
+ if (ok)
+ return rsa;
+
+ if (rsa)
+ RSA_free(rsa);
+
+ return NULL;
+
+ }
+
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/rsa/fips_rsagtest.c b/src/lib/libssl/src/fips-1.0/rsa/fips_rsagtest.c
new file mode 100644
index 0000000000..15d3225d53
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/rsa/fips_rsagtest.c
@@ -0,0 +1,420 @@
+/* fips_rsagtest.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+ printf("No FIPS RSA support\n");
+ return(0);
+}
+
+#else
+
+extern int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
+ void (*cb)(int, int, void *), void *cb_arg,
+ const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
+ const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
+ const BIGNUM *e);
+
+int rsa_test(BIO *err, BIO *out, BIO *in);
+static int rsa_printkey1(BIO *err, BIO *out, RSA *rsa,
+ BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
+ BIGNUM *e);
+static int rsa_printkey2(BIO *err, BIO *out, RSA *rsa,
+ BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq);
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *err = NULL;
+
+ int ret = 1;
+ ERR_load_crypto_strings();
+
+ err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!err)
+ {
+ fprintf(stderr, "FATAL stderr initialization error\n");
+ goto end;
+ }
+
+ if(!FIPS_mode_set(1))
+ {
+ ERR_print_errors(err);
+ goto end;
+ }
+
+ if (argc == 1)
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+ else
+ in = BIO_new_file(argv[1], "r");
+
+ if (argc < 2)
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ else
+ out = BIO_new_file(argv[2], "w");
+
+ if (!in)
+ {
+ BIO_printf(err, "FATAL input initialization error\n");
+ goto end;
+ }
+
+ if (!out)
+ {
+ fprintf(stderr, "FATAL output initialization error\n");
+ goto end;
+ }
+
+ if (!rsa_test(err, out, in))
+ {
+ fprintf(stderr, "FATAL RSAVTEST file processing error\n");
+ goto end;
+ }
+ else
+ ret = 0;
+
+ end:
+
+ if (ret && err)
+ ERR_print_errors(err);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (err)
+ BIO_free(err);
+
+ return ret;
+
+ }
+
+
+static void do_bn_print(BIO *out, const char *name, BIGNUM *b)
+ {
+ char *htmp, *p;
+ /* Can't use BN_print_fp because it uses upper case so
+ * use BN_bn2hex() and convert.
+ */
+ htmp = BN_bn2hex(b);
+ for(p = htmp; *p; p++)
+ {
+ if (isupper(*p))
+ *p = tolower(*p);
+ }
+ BIO_printf(out, "%s = %s\n", name, htmp);
+ OPENSSL_free(htmp);
+ }
+
+#define RSA_TEST_MAXLINELEN 10240
+
+int rsa_test(BIO *err, BIO *out, BIO *in)
+ {
+ char *linebuf, *olinebuf, *p, *q;
+ char *keyword, *value;
+ RSA *rsa = NULL;
+ BIGNUM *Xp1 = NULL, *Xp2 = NULL, *Xp = NULL;
+ BIGNUM *Xq1 = NULL, *Xq2 = NULL, *Xq = NULL;
+ BIGNUM *e = NULL;
+ int ret = 0;
+ int lnum = 0;
+
+ olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+ linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+
+ if (!linebuf || !olinebuf)
+ goto error;
+
+ while (BIO_gets(in, olinebuf, RSA_TEST_MAXLINELEN) > 0)
+ {
+ lnum++;
+ strcpy(linebuf, olinebuf);
+ keyword = linebuf;
+ /* Skip leading space */
+ while (isspace((unsigned char)*keyword))
+ keyword++;
+
+ /* Look for = sign */
+ p = strchr(linebuf, '=');
+
+ /* If no = or starts with [ (for [foo = bar] line) just copy */
+ if (!p || *keyword=='[')
+ {
+ if (!BIO_puts(out, olinebuf))
+ goto error;
+ continue;
+ }
+
+ q = p - 1;
+
+ /* Remove trailing space */
+ while (isspace((unsigned char)*q))
+ *q-- = 0;
+
+
+ value = p + 1;
+
+ /* Remove leading space from value */
+ while (isspace((unsigned char)*value))
+ value++;
+
+ /* Remove trailing space from value */
+ p = value + strlen(value) - 1;
+
+ while (*p == '\n' || isspace((unsigned char)*p))
+ *p-- = 0;
+
+ if (!strcmp(keyword, "xp1"))
+ {
+ if (Xp1 || !BN_hex2bn(&Xp1,value))
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "xp2"))
+ {
+ if (Xp2 || !BN_hex2bn(&Xp2,value))
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "Xp"))
+ {
+ if (Xp || !BN_hex2bn(&Xp,value))
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "xq1"))
+ {
+ if (Xq1 || !BN_hex2bn(&Xq1,value))
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "xq2"))
+ {
+ if (Xq2 || !BN_hex2bn(&Xq2,value))
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "Xq"))
+ {
+ if (Xq || !BN_hex2bn(&Xq,value))
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "e"))
+ {
+ if (e || !BN_hex2bn(&e,value))
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "p1"))
+ continue;
+ else if (!strcmp(keyword, "p2"))
+ continue;
+ else if (!strcmp(keyword, "p"))
+ continue;
+ else if (!strcmp(keyword, "q1"))
+ continue;
+ else if (!strcmp(keyword, "q2"))
+ continue;
+ else if (!strcmp(keyword, "q"))
+ continue;
+ else if (!strcmp(keyword, "n"))
+ continue;
+ else if (!strcmp(keyword, "d"))
+ continue;
+ else
+ goto parse_error;
+
+ BIO_puts(out, olinebuf);
+
+ if (e && Xp1 && Xp2 && Xp)
+ {
+ rsa = RSA_new();
+ if (!rsa)
+ goto error;
+ if (!rsa_printkey1(err, out, rsa, Xp1, Xp2, Xp, e))
+ goto error;
+ BN_free(Xp1);
+ Xp1 = NULL;
+ BN_free(Xp2);
+ Xp2 = NULL;
+ BN_free(Xp);
+ Xp = NULL;
+ BN_free(e);
+ e = NULL;
+ }
+
+ if (rsa && Xq1 && Xq2 && Xq)
+ {
+ if (!rsa_printkey2(err, out, rsa, Xq1, Xq2, Xq))
+ goto error;
+ BN_free(Xq1);
+ Xq1 = NULL;
+ BN_free(Xq2);
+ Xq2 = NULL;
+ BN_free(Xq);
+ Xq = NULL;
+ RSA_free(rsa);
+ rsa = NULL;
+ }
+ }
+
+ ret = 1;
+
+ error:
+
+ if (olinebuf)
+ OPENSSL_free(olinebuf);
+ if (linebuf)
+ OPENSSL_free(linebuf);
+
+ if (Xp1)
+ BN_free(Xp1);
+ if (Xp2)
+ BN_free(Xp2);
+ if (Xp)
+ BN_free(Xp);
+ if (Xq1)
+ BN_free(Xq1);
+ if (Xq1)
+ BN_free(Xq1);
+ if (Xq2)
+ BN_free(Xq2);
+ if (Xq)
+ BN_free(Xq);
+ if (e)
+ BN_free(e);
+ if (rsa)
+ RSA_free(rsa);
+
+ return ret;
+
+ parse_error:
+
+ BIO_printf(err, "FATAL parse error processing line %d\n", lnum);
+
+ goto error;
+
+ }
+
+static int rsa_printkey1(BIO *err, BIO *out, RSA *rsa,
+ BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
+ BIGNUM *e)
+ {
+ int ret = 0;
+ BIGNUM *p1 = NULL, *p2 = NULL;
+ p1 = BN_new();
+ p2 = BN_new();
+ if (!p1 || !p2)
+ goto error;
+
+ if (!RSA_X931_derive(rsa, p1, p2, NULL, NULL, 0, NULL, Xp1, Xp2, Xp,
+ NULL, NULL, NULL, e))
+ goto error;
+
+ do_bn_print(out, "p1", p1);
+ do_bn_print(out, "p2", p2);
+ do_bn_print(out, "p", rsa->p);
+
+ ret = 1;
+
+ error:
+ if (p1)
+ BN_free(p1);
+ if (p2)
+ BN_free(p2);
+
+ return ret;
+ }
+
+static int rsa_printkey2(BIO *err, BIO *out, RSA *rsa,
+ BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq)
+ {
+ int ret = 0;
+ BIGNUM *q1 = NULL, *q2 = NULL;
+ q1 = BN_new();
+ q2 = BN_new();
+ if (!q1 || !q2)
+ goto error;
+
+ if (!RSA_X931_derive(rsa, NULL, NULL, q1, q2, 0, NULL, NULL, NULL, NULL,
+ Xq1, Xq2, Xq, NULL))
+ goto error;
+
+ do_bn_print(out, "q1", q1);
+ do_bn_print(out, "q2", q2);
+ do_bn_print(out, "q", rsa->q);
+ do_bn_print(out, "n", rsa->n);
+ do_bn_print(out, "d", rsa->d);
+
+ ret = 1;
+
+ error:
+ if (q1)
+ BN_free(q1);
+ if (q2)
+ BN_free(q2);
+
+ return ret;
+ }
+
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/rsa/fips_rsastest.c b/src/lib/libssl/src/fips-1.0/rsa/fips_rsastest.c
new file mode 100644
index 0000000000..880dd636a7
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/rsa/fips_rsastest.c
@@ -0,0 +1,402 @@
+/* fips_rsastest.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+ printf("No FIPS RSA support\n");
+ return(0);
+}
+
+#else
+
+static int rsa_stest(BIO *err, BIO *out, BIO *in, int Saltlen);
+static int rsa_printsig(BIO *err, BIO *out, RSA *rsa, const EVP_MD *dgst,
+ unsigned char *Msg, long Msglen, int Saltlen);
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *err = NULL;
+
+ int ret = 1, Saltlen = -1;
+ ERR_load_crypto_strings();
+
+ err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!err)
+ {
+ fprintf(stderr, "FATAL stderr initialization error\n");
+ goto end;
+ }
+
+ if(!FIPS_mode_set(1))
+ {
+ ERR_print_errors(err);
+ goto end;
+ }
+
+ if ((argc > 2) && !strcmp("-saltlen", argv[1]))
+ {
+ Saltlen = atoi(argv[2]);
+ if (Saltlen < 0)
+ {
+ BIO_printf(err, "FATAL: Invalid salt length\n");
+ goto end;
+ }
+ argc -= 2;
+ argv += 2;
+ }
+ else if ((argc > 1) && !strcmp("-x931", argv[1]))
+ {
+ Saltlen = -2;
+ argc--;
+ argv++;
+ }
+
+ if (argc == 1)
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+ else
+ in = BIO_new_file(argv[1], "r");
+
+ if (argc < 2)
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ else
+ out = BIO_new_file(argv[2], "w");
+
+ if (!in)
+ {
+ BIO_printf(err, "FATAL input initialization error\n");
+ goto end;
+ }
+
+ if (!out)
+ {
+ fprintf(stderr, "FATAL output initialization error\n");
+ goto end;
+ }
+
+ if (!rsa_stest(err, out, in, Saltlen))
+ {
+ fprintf(stderr, "FATAL RSAVTEST file processing error\n");
+ goto end;
+ }
+ else
+ ret = 0;
+
+ end:
+
+ if (ret && err)
+ ERR_print_errors(err);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (err)
+ BIO_free(err);
+
+ return ret;
+
+ }
+
+#define RSA_TEST_MAXLINELEN 10240
+
+int rsa_stest(BIO *err, BIO *out, BIO *in, int Saltlen)
+ {
+ char *linebuf, *olinebuf, *p, *q;
+ char *keyword, *value;
+ RSA *rsa = NULL;
+ const EVP_MD *dgst = NULL;
+ unsigned char *Msg = NULL;
+ long Msglen;
+ int keylen = -1, current_keylen = -1;
+ int ret = 0;
+ int lnum = 0;
+
+ olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+ linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+
+ if (!linebuf || !olinebuf)
+ goto error;
+
+ while (BIO_gets(in, olinebuf, RSA_TEST_MAXLINELEN) > 0)
+ {
+ lnum++;
+ strcpy(linebuf, olinebuf);
+ keyword = linebuf;
+ /* Skip leading space */
+ while (isspace((unsigned char)*keyword))
+ keyword++;
+
+ /* Look for = sign */
+ p = strchr(linebuf, '=');
+
+ /* If no = just copy */
+ if (!p)
+ {
+ if (!BIO_puts(out, olinebuf))
+ goto error;
+ continue;
+ }
+
+ q = p - 1;
+
+ /* Remove trailing space */
+ while (isspace((unsigned char)*q))
+ *q-- = 0;
+
+
+ value = p + 1;
+
+ /* Remove leading space from value */
+ while (isspace((unsigned char)*value))
+ value++;
+
+ /* Remove trailing space from value */
+ p = value + strlen(value) - 1;
+
+ while (*p == '\n' || isspace((unsigned char)*p))
+ *p-- = 0;
+
+ /* Look for [mod = XXX] for key length */
+
+ if (!strcmp(keyword, "[mod"))
+ {
+ p = value + strlen(value) - 1;
+ if (*p != ']')
+ goto parse_error;
+ *p = 0;
+ keylen = atoi(value);
+ if (keylen < 0)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "SHAAlg"))
+ {
+ if (!strcmp(value, "SHA1"))
+ dgst = EVP_sha1();
+ else if (!strcmp(value, "SHA224"))
+ dgst = EVP_sha224();
+ else if (!strcmp(value, "SHA256"))
+ dgst = EVP_sha256();
+ else if (!strcmp(value, "SHA384"))
+ dgst = EVP_sha384();
+ else if (!strcmp(value, "SHA512"))
+ dgst = EVP_sha512();
+ else
+ {
+ BIO_printf(err,
+ "FATAL: unsupported algorithm \"%s\"\n",
+ value);
+ goto parse_error;
+ }
+ }
+ else if (!strcmp(keyword, "Msg"))
+ {
+ if (Msg)
+ goto parse_error;
+ if (strlen(value) & 1)
+ *(--value) = '0';
+ Msg = string_to_hex(value, &Msglen);
+ if (!Msg)
+ goto parse_error;
+ }
+
+ BIO_puts(out, olinebuf);
+
+ /* If key length has changed, generate and output public
+ * key components of new RSA private key.
+ */
+
+ if (keylen != current_keylen)
+ {
+ if (rsa)
+ RSA_free(rsa);
+ rsa = RSA_generate_key(keylen, 0x1001, 0, NULL);
+ if (!rsa)
+ goto error;
+ BIO_puts(out, "n = ");
+ BN_print(out, rsa->n);
+ BIO_puts(out, "\ne = ");
+ BN_print(out, rsa->e);
+ BIO_puts(out, "\n");
+ current_keylen = keylen;
+ }
+
+ if (Msg && dgst)
+ {
+ if (!rsa_printsig(err, out, rsa, dgst, Msg, Msglen,
+ Saltlen))
+ goto error;
+ OPENSSL_free(Msg);
+ Msg = NULL;
+ }
+
+ }
+
+ ret = 1;
+
+ error:
+
+ if (olinebuf)
+ OPENSSL_free(olinebuf);
+ if (linebuf)
+ OPENSSL_free(linebuf);
+ if (rsa)
+ RSA_free(rsa);
+
+ return ret;
+
+ parse_error:
+
+ BIO_printf(err, "FATAL parse error processing line %d\n", lnum);
+
+ goto error;
+
+ }
+
+static int rsa_printsig(BIO *err, BIO *out, RSA *rsa, const EVP_MD *dgst,
+ unsigned char *Msg, long Msglen, int Saltlen)
+ {
+ int ret = 0;
+ unsigned char *sigbuf = NULL;
+ int i, siglen;
+ /* EVP_PKEY structure */
+ EVP_PKEY *key = NULL;
+ EVP_MD_CTX ctx;
+ key = EVP_PKEY_new();
+ if (!key)
+ goto error;
+ if (!EVP_PKEY_set1_RSA(key, rsa))
+ goto error;
+
+ siglen = EVP_PKEY_size(key);
+ sigbuf = OPENSSL_malloc(siglen);
+ if (!sigbuf)
+ goto error;
+
+ EVP_MD_CTX_init(&ctx);
+
+ if (Saltlen != -1)
+ {
+ unsigned int mdlen;
+ unsigned char mdtmp[EVP_MAX_MD_SIZE + 1];
+
+ if (!EVP_DigestInit_ex(&ctx, dgst, NULL))
+ goto error;
+ if (!EVP_DigestUpdate(&ctx, Msg, Msglen))
+ goto error;
+ if (!EVP_DigestFinal(&ctx, mdtmp, &mdlen))
+ goto error;
+
+ if (Saltlen == -2)
+ {
+ mdtmp[mdlen] = RSA_X931_hash_id(EVP_MD_type(dgst));
+ siglen = RSA_private_encrypt(mdlen + 1, mdtmp,
+ sigbuf, rsa, RSA_X931_PADDING);
+ if (siglen <= 0)
+ goto error;
+ }
+ else
+ {
+ if (!RSA_padding_add_PKCS1_PSS(rsa, sigbuf, mdtmp,
+ dgst, Saltlen))
+ goto error;
+ siglen = RSA_private_encrypt(siglen, sigbuf, sigbuf,
+ rsa, RSA_NO_PADDING);
+ if (siglen <= 0)
+ goto error;
+ }
+ }
+ else
+ {
+ if (!EVP_SignInit_ex(&ctx, dgst, NULL))
+ goto error;
+ if (!EVP_SignUpdate(&ctx, Msg, Msglen))
+ goto error;
+ if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, key))
+ goto error;
+ }
+
+ EVP_MD_CTX_cleanup(&ctx);
+
+ BIO_puts(out, "S = ");
+
+ for (i = 0; i < siglen; i++)
+ BIO_printf(out, "%02X", sigbuf[i]);
+
+ BIO_puts(out, "\n");
+
+ ret = 1;
+
+ error:
+ if (key)
+ EVP_PKEY_free(key);
+
+ return ret;
+ }
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/rsa/fips_rsavtest.c b/src/lib/libssl/src/fips-1.0/rsa/fips_rsavtest.c
new file mode 100644
index 0000000000..7e2c40424d
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/rsa/fips_rsavtest.c
@@ -0,0 +1,425 @@
+/* fips_rsavtest.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+ printf("No FIPS RSA support\n");
+ return(0);
+}
+
+#else
+
+int rsa_test(BIO *err, BIO *out, BIO *in, int saltlen);
+static int rsa_printver(BIO *err, BIO *out,
+ BIGNUM *n, BIGNUM *e,
+ const EVP_MD *dgst,
+ unsigned char *Msg, long Msglen,
+ unsigned char *S, long Slen, int Saltlen);
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *err = NULL;
+
+ int ret = 1;
+ int Saltlen = -1;
+ ERR_load_crypto_strings();
+
+ err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!err)
+ {
+ fprintf(stderr, "FATAL stderr initialization error\n");
+ goto end;
+ }
+
+ if(!FIPS_mode_set(1))
+ {
+ ERR_print_errors(err);
+ goto end;
+ }
+
+ if ((argc > 2) && !strcmp("-saltlen", argv[1]))
+ {
+ Saltlen = atoi(argv[2]);
+ if (Saltlen < 0)
+ {
+ BIO_printf(err, "FATAL: Invalid salt length\n");
+ goto end;
+ }
+ argc -= 2;
+ argv += 2;
+ }
+ else if ((argc > 1) && !strcmp("-x931", argv[1]))
+ {
+ Saltlen = -2;
+ argc--;
+ argv++;
+ }
+
+ if (argc == 1)
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+ else
+ in = BIO_new_file(argv[1], "r");
+
+ if (argc < 2)
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ else
+ out = BIO_new_file(argv[2], "w");
+
+ if (!in)
+ {
+ BIO_printf(err, "FATAL input initialization error\n");
+ goto end;
+ }
+
+ if (!out)
+ {
+ fprintf(stderr, "FATAL output initialization error\n");
+ goto end;
+ }
+
+ if (!rsa_test(err, out, in, Saltlen))
+ {
+ fprintf(stderr, "FATAL RSAVTEST file processing error\n");
+ goto end;
+ }
+ else
+ ret = 0;
+
+ end:
+
+ if (ret && err)
+ ERR_print_errors(err);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (err)
+ BIO_free(err);
+
+ return ret;
+
+ }
+
+#define RSA_TEST_MAXLINELEN 10240
+
+int rsa_test(BIO *err, BIO *out, BIO *in, int Saltlen)
+ {
+ char *linebuf, *olinebuf, *p, *q;
+ char *keyword, *value;
+ const EVP_MD *dgst = NULL;
+ BIGNUM *n = NULL, *e = NULL;
+ unsigned char *Msg = NULL, *S = NULL;
+ long Msglen, Slen;
+ int ret = 0;
+ int lnum = 0;
+
+ olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+ linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+
+ if (!linebuf || !olinebuf)
+ goto error;
+
+ while (BIO_gets(in, olinebuf, RSA_TEST_MAXLINELEN) > 0)
+ {
+ lnum++;
+ strcpy(linebuf, olinebuf);
+ keyword = linebuf;
+ /* Skip leading space */
+ while (isspace((unsigned char)*keyword))
+ keyword++;
+
+ /* Look for = sign */
+ p = strchr(linebuf, '=');
+
+ /* If no = or starts with [ (for [foo = bar] line) just copy */
+ if (!p || *keyword=='[')
+ {
+ if (!BIO_puts(out, olinebuf))
+ goto error;
+ continue;
+ }
+
+ q = p - 1;
+
+ /* Remove trailing space */
+ while (isspace((unsigned char)*q))
+ *q-- = 0;
+
+
+ value = p + 1;
+
+ /* Remove leading space from value */
+ while (isspace((unsigned char)*value))
+ value++;
+
+ /* Remove trailing space from value */
+ p = value + strlen(value) - 1;
+
+ while (*p == '\n' || isspace((unsigned char)*p))
+ *p-- = 0;
+
+ if (!strcmp(keyword, "n"))
+ {
+ if (!BN_hex2bn(&n,value))
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "e"))
+ {
+ if (!BN_hex2bn(&e,value))
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "SHAAlg"))
+ {
+ if (!strcmp(value, "SHA1"))
+ dgst = EVP_sha1();
+ else if (!strcmp(value, "SHA224"))
+ dgst = EVP_sha224();
+ else if (!strcmp(value, "SHA256"))
+ dgst = EVP_sha256();
+ else if (!strcmp(value, "SHA384"))
+ dgst = EVP_sha384();
+ else if (!strcmp(value, "SHA512"))
+ dgst = EVP_sha512();
+ else
+ {
+ BIO_printf(err,
+ "FATAL: unsupported algorithm \"%s\"\n",
+ value);
+ goto parse_error;
+ }
+ }
+ else if (!strcmp(keyword, "Msg"))
+ {
+ if (Msg)
+ goto parse_error;
+ if (strlen(value) & 1)
+ *(--value) = '0';
+ Msg = string_to_hex(value, &Msglen);
+ if (!Msg)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "S"))
+ {
+ if (S)
+ goto parse_error;
+ if (strlen(value) & 1)
+ *(--value) = '0';
+ S = string_to_hex(value, &Slen);
+ if (!S)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "Result"))
+ continue;
+ else
+ goto parse_error;
+
+ BIO_puts(out, olinebuf);
+
+ if (n && e && Msg && S && dgst)
+ {
+ if (!rsa_printver(err, out, n, e, dgst,
+ Msg, Msglen, S, Slen, Saltlen))
+ goto error;
+ OPENSSL_free(Msg);
+ Msg = NULL;
+ OPENSSL_free(S);
+ S = NULL;
+ }
+
+ }
+
+
+ ret = 1;
+
+
+ error:
+
+ if (olinebuf)
+ OPENSSL_free(olinebuf);
+ if (linebuf)
+ OPENSSL_free(linebuf);
+ if (n)
+ BN_free(n);
+ if (e)
+ BN_free(e);
+
+ return ret;
+
+ parse_error:
+
+ BIO_printf(err, "FATAL parse error processing line %d\n", lnum);
+
+ goto error;
+
+ }
+
+static int rsa_printver(BIO *err, BIO *out,
+ BIGNUM *n, BIGNUM *e,
+ const EVP_MD *dgst,
+ unsigned char *Msg, long Msglen,
+ unsigned char *S, long Slen, int Saltlen)
+ {
+ int ret = 0, r;
+ /* Setup RSA and EVP_PKEY structures */
+ RSA *rsa_pubkey = NULL;
+ EVP_PKEY *pubkey = NULL;
+ EVP_MD_CTX ctx;
+ unsigned char *buf = NULL;
+ rsa_pubkey = RSA_new();
+ pubkey = EVP_PKEY_new();
+ if (!rsa_pubkey || !pubkey)
+ goto error;
+ rsa_pubkey->n = BN_dup(n);
+ rsa_pubkey->e = BN_dup(e);
+ if (!rsa_pubkey->n || !rsa_pubkey->e)
+ goto error;
+ if (!EVP_PKEY_set1_RSA(pubkey, rsa_pubkey))
+ goto error;
+
+ EVP_MD_CTX_init(&ctx);
+
+ if (Saltlen != -1)
+ {
+ int pad;
+ unsigned char mdtmp[EVP_MAX_MD_SIZE];
+ buf = OPENSSL_malloc(RSA_size(rsa_pubkey));
+ if (Saltlen == -2)
+ pad = RSA_X931_PADDING;
+ else
+ pad = RSA_NO_PADDING;
+ if (!buf)
+ goto error;
+ r = RSA_public_decrypt(Slen, S, buf, rsa_pubkey, pad);
+
+ if (r > 0)
+ {
+ EVP_DigestInit_ex(&ctx, dgst, NULL);
+ if (!EVP_DigestUpdate(&ctx, Msg, Msglen))
+ goto error;
+ if (!EVP_DigestFinal_ex(&ctx, mdtmp, NULL))
+ goto error;
+ if (pad == RSA_X931_PADDING)
+ {
+ int mdlen = EVP_MD_size(dgst);
+ if (r != mdlen + 1)
+ r = 0;
+ else if (buf[mdlen] !=
+ RSA_X931_hash_id(EVP_MD_type(dgst)))
+ r = 0;
+ else if (memcmp(buf, mdtmp, mdlen))
+ r = 0;
+ else
+ r = 1;
+ }
+ else
+ r = RSA_verify_PKCS1_PSS(rsa_pubkey,
+ mdtmp, dgst,
+ buf, Saltlen);
+ }
+ if (r < 0)
+ r = 0;
+ }
+ else
+ {
+
+ if (!EVP_VerifyInit_ex(&ctx, dgst, NULL))
+ goto error;
+ if (!EVP_VerifyUpdate(&ctx, Msg, Msglen))
+ goto error;
+
+ r = EVP_VerifyFinal(&ctx, S, Slen, pubkey);
+
+ }
+
+ EVP_MD_CTX_cleanup(&ctx);
+
+ if (r < 0)
+ goto error;
+ ERR_clear_error();
+
+ if (r == 0)
+ BIO_puts(out, "Result = F\n");
+ else
+ BIO_puts(out, "Result = P\n");
+
+ ret = 1;
+
+ error:
+ if (rsa_pubkey)
+ RSA_free(rsa_pubkey);
+ if (pubkey)
+ EVP_PKEY_free(pubkey);
+ if (buf)
+ OPENSSL_free(buf);
+
+ return ret;
+ }
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/sha/Makefile b/src/lib/libssl/src/fips-1.0/sha/Makefile
new file mode 100644
index 0000000000..31556697ce
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/sha/Makefile
@@ -0,0 +1,200 @@
+#
+# OpenSSL/fips-1.0/sha/Makefile
+#
+
+DIR= sha
+TOP= ../..
+CC= cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR= /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE= Makefile
+AR= ar r
+EXE_EXT=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= fips_shatest.c
+TESTDATA= SHAmix.req SHAmix.fax
+APPS=
+EXE= fips_standalone_sha1$(EXE_EXT)
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=fips_sha1dgst.c fips_sha1_selftest.c asm/fips-sx86-elf.s \
+ fips_sha256.c fips_sha512.c
+LIBOBJ=fips_sha1dgst.o fips_sha1_selftest.o $(FIPS_SHA1_ASM_OBJ) \
+ fips_sha256.o fips_sha512.o
+
+SRC= $(LIBSRC) fips_standalone_sha1.c
+
+EXHEADER=fips_sha.h
+HEADER= $(EXHEADER) fips_sha_locl.h fips_md32_common.h
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd $(TOP); $(MAKE) DIRS=fips SDIRS=$(DIR) sub_all)
+
+all: fips_standalone_sha1$(EXE_EXT) lib
+
+lib: $(LIBOBJ)
+ @echo $(LIBOBJ) > lib
+
+fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o fips_sha1dgst.o $(FIPS_SHA1_ASM_OBJ)
+ $(CC) -o fips_standalone_sha1$(EXE_EXT) $(CFLAGS) \
+ fips_standalone_sha1.o fips_sha1dgst.o $(FIPS_SHA1_ASM_OBJ)
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+ cp $(TESTDATA) $(TOP)/test
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+
+install:
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+Q=../testvectors/sha/req
+A=../testvectors/sha/rsp
+
+VECTORS = SHA1LongMsg \
+ SHA1Monte \
+ SHA1ShortMsg \
+ SHA224LongMsg \
+ SHA224Monte \
+ SHA224ShortMsg \
+ SHA256LongMsg \
+ SHA256Monte \
+ SHA256ShortMsg \
+ SHA384LongMsg \
+ SHA384Monte \
+ SHA384ShortMsg \
+ SHA512LongMsg \
+ SHA512Monte \
+ SHA512ShortMsg
+
+fips_test:
+ -rm -rf $(A)
+ mkdir $(A)
+ for file in $(VECTORS); do \
+ if [ -f $(Q)/$$file.req ]; then \
+ $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_shatest $(Q)/$$file.req $(A)/$$file.rsp; \
+ fi; \
+ done
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips_sha1_selftest.o: ../../include/openssl/bio.h
+fips_sha1_selftest.o: ../../include/openssl/crypto.h
+fips_sha1_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_sha1_selftest.o: ../../include/openssl/fips.h
+fips_sha1_selftest.o: ../../include/openssl/fips_sha.h
+fips_sha1_selftest.o: ../../include/openssl/lhash.h
+fips_sha1_selftest.o: ../../include/openssl/opensslconf.h
+fips_sha1_selftest.o: ../../include/openssl/opensslv.h
+fips_sha1_selftest.o: ../../include/openssl/safestack.h
+fips_sha1_selftest.o: ../../include/openssl/stack.h
+fips_sha1_selftest.o: ../../include/openssl/symhacks.h fips_sha1_selftest.c
+fips_sha1dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_sha1dgst.o: ../../include/openssl/opensslconf.h
+fips_sha1dgst.o: ../../include/openssl/opensslv.h
+fips_sha1dgst.o: ../../include/openssl/safestack.h
+fips_sha1dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_sha1dgst.o: fips_sha1dgst.c
+fips_sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_sha256.o: ../../include/openssl/fips.h ../../include/openssl/fips_sha.h
+fips_sha256.o: ../../include/openssl/opensslconf.h
+fips_sha256.o: ../../include/openssl/opensslv.h
+fips_sha256.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_sha256.o: ../../include/openssl/symhacks.h fips_sha256.c
+fips_sha512.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_sha512.o: ../../include/openssl/fips.h ../../include/openssl/fips_sha.h
+fips_sha512.o: ../../include/openssl/opensslconf.h
+fips_sha512.o: ../../include/openssl/opensslv.h
+fips_sha512.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_sha512.o: ../../include/openssl/symhacks.h fips_sha512.c
+fips_shatest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_shatest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+fips_shatest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_shatest.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+fips_shatest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fips_shatest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+fips_shatest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_shatest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_shatest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+fips_shatest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+fips_shatest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+fips_shatest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_shatest.o: ../../include/openssl/opensslconf.h
+fips_shatest.o: ../../include/openssl/opensslv.h
+fips_shatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_shatest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+fips_shatest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+fips_shatest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+fips_shatest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_shatest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fips_shatest.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+fips_shatest.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+fips_shatest.o: fips_shatest.c
+fips_standalone_sha1.o: ../../include/openssl/aes.h
+fips_standalone_sha1.o: ../../include/openssl/asn1.h
+fips_standalone_sha1.o: ../../include/openssl/bio.h
+fips_standalone_sha1.o: ../../include/openssl/blowfish.h
+fips_standalone_sha1.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+fips_standalone_sha1.o: ../../include/openssl/crypto.h
+fips_standalone_sha1.o: ../../include/openssl/des.h
+fips_standalone_sha1.o: ../../include/openssl/des_old.h
+fips_standalone_sha1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+fips_standalone_sha1.o: ../../include/openssl/e_os2.h
+fips_standalone_sha1.o: ../../include/openssl/evp.h
+fips_standalone_sha1.o: ../../include/openssl/fips_sha.h
+fips_standalone_sha1.o: ../../include/openssl/hmac.h
+fips_standalone_sha1.o: ../../include/openssl/idea.h
+fips_standalone_sha1.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+fips_standalone_sha1.o: ../../include/openssl/md5.h
+fips_standalone_sha1.o: ../../include/openssl/mdc2.h
+fips_standalone_sha1.o: ../../include/openssl/obj_mac.h
+fips_standalone_sha1.o: ../../include/openssl/objects.h
+fips_standalone_sha1.o: ../../include/openssl/opensslconf.h
+fips_standalone_sha1.o: ../../include/openssl/opensslv.h
+fips_standalone_sha1.o: ../../include/openssl/ossl_typ.h
+fips_standalone_sha1.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+fips_standalone_sha1.o: ../../include/openssl/rc5.h
+fips_standalone_sha1.o: ../../include/openssl/ripemd.h
+fips_standalone_sha1.o: ../../include/openssl/rsa.h
+fips_standalone_sha1.o: ../../include/openssl/safestack.h
+fips_standalone_sha1.o: ../../include/openssl/sha.h
+fips_standalone_sha1.o: ../../include/openssl/stack.h
+fips_standalone_sha1.o: ../../include/openssl/symhacks.h
+fips_standalone_sha1.o: ../../include/openssl/ui.h
+fips_standalone_sha1.o: ../../include/openssl/ui_compat.h
+fips_standalone_sha1.o: fips_standalone_sha1.c
diff --git a/src/lib/libssl/src/fips-1.0/sha/SHAmix.fax b/src/lib/libssl/src/fips-1.0/sha/SHAmix.fax
new file mode 100644
index 0000000000..83bcb14126
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/sha/SHAmix.fax
@@ -0,0 +1,129 @@
+[L = 64]
+
+Len = 16
+Msg = 98a1
+MD = 74d78642f70ca830bec75fc60a585917e388cfa4cd1d23daab1c4d9ff1010cac3e67275df64db5a6a7c7d0fda24f1fc3eb272678a7c8becff6743ee812129078
+
+Len = 104
+Msg = 35a37a46df4ccbadd815942249
+MD = 6f5589ea195e745654885d50de687d7fe682affc8da1fb09e681540525f04ecb93022361a27759b9e272c883564223c5e4ecafeb0daaf1abce6caa4bd4153379
+
+Len = 352
+Msg = a93aed0fa5e163a82c9a934aebaab8180edf7de0b32f0fe99f9c75ec305b24609334cefa372c7c758262dc8f
+MD = 66a16799d606c569d2fcd70d7d8321ec90ef61711481aaf7d747744ebfd08ec2e7aead49429af7b4ceec6d8e147ed018e034efbe07982699e818db5fc4b1d71a
+
+Len = 1016
+Msg = 433e88eb2f8aba562d15c18126fbdffb81d5d6c9397fa052321f5f78cd629708ba099b540da5451e949eeab8687a8d6ac35c531411cb37144ab5ff6a7eb46f1ab28fbcd2ea0444cd87c57bf7d3c02952dba3d3987da07622c16e7c086d90e88ad3d9d4afee301d2bad915d868f54197b70b23c9fa385c443404fbc9abf7e6a
+MD = 790bc4844e9aeef8938df0ccda17890556a4151817111a526a88919cfb172f0b03c216080c1b60210eb1942097f17b6d0691bf5b018b6d959198d6a694b922c9
+
+Len = 13696
+Msg = 2c46a76a9dfbae1f5e59f085e9c3d4b600c24b2d404d062cf948e75a3d4ab5b137a31397be9eb34b2a03c78367e0b85448891b511ddee1f787cccd498b172cb7e656c044a03ffde8e42478330fbe9c34072a9e99ce31b41757cc820d98e7d564e06694b96b66f4be34c5eadd0ae4e61fe6abbe4d7ccee855104fedee8b451a7fcedb793d469b0094c0ed07c97fda00dd8c1662b44e3ee6775a5ef6368cb662d257be561a5967893433a4b63f97295036a37272176d081545df00852bc5c4162324161296cd51f76433f2df867a5840f2d0c8d5be00b4dc89443d82175bf69c3bdceb97facae2b2ed68e06ae74fef36d8bd1f75f130cba509341dd54079d45de22845cc8e77a022977c7540aa3e779cb1127f39f825d4d78e55a967ef45e7c1dfb02d9999fd15af2914ba47177177d94576f1091a0657d9e04fe81e6be7b631fc1baae66584c9c26ddbb568750d77555c927bcda1fbdc15c7cbe3e3fe88ca13ff12c59b383343c12976708c0e3dff78be0e286dd32eecf20b71a09fee50a9d0b13c85a15b320b162690f399282798aa3291fdd2f9c40ed873e829388466ddd1da42f2de16aaa9272ccf44790cf3c95382c304e25ae8cb2fc9d9869808f3ee7d42cb143bb0c3a55e03db6d1202ca1bdb744e448640c0aa60d3ebbda5c21e623bb080f4a073a48822725d764e51d415aad1d7c5a7f17433d15ac7d849f910c375ee0899f6a576dada42fd651343383f286009902bb62deeeb2514de6af7f09892c20d0b238f6021f03b62444b1e1f21beeb89acfcd7136416fe7bd8f202e76afaf5345311798be7cb25351add2bb044d2380221009c4d1cbbaba4cdc8631dc0144f2778a6aa1eb3d3c81df0b1b2142fce111af8214d049e40f536c5d462b9224a978e82cc6c420e70ecc3cdaffb726a183c793845315f730fa4dac9fe46e4180397107a6a051f7f0a58ceb9bf4df37e1a81c8e9569187228e8037df2e59c52ba815566768bedc8e09d5e7bdc9f2bff23aaaaf133bb5a3332750f6124ce185e29fda0851addfa2c3d52bb6dfb530fd4ee27dd5bfdce5dc2f41debe6740274bc651aecd4023b098a7d622e2296b50d51b79c4e3f521695a9d43f038e8f273405e26584d3db179e7c1758114a3d39970df674580bbf2884405974f0b9c4b0d8b3287a2314f3f81b6991812f354d655f62513c9551b378cc2efa4c3e08b313c56cada52217fb6112eb8299b28445aca8f72e7170a1cd8bbfee4d2145fbe8d49c6af8831c4d4fc7177a50ee55a7b484261504af946c6bd5e1d6b89092f3c487c0568fa07c356fae9b8e831b8320289039746a435b122cfbc4a0d316bf90d481d3b7d979cc50d98c1190af8dc58e0035557dd5e94f437f41fab513202643a77748f76c6b77302bf40c392cd18731da082c99bdedeb70e15cd68bff59619cabcc92adcf122753c55afde0817352bc247d1170b8ddba1ad1b0faadfe0efbfc5fe6334377fa372c3435691f53dfc2ad5e08966b2d3525b1eec2d993a5cd4ff34278bd40dd80313a0727d05e0a932156152f3e11a190d8d69726f5c57d20f811e1e8932e86409ffdac96c6251c2a2976b8757adcac5d2de94931d1cbea866ec8bcba5774f8a7fde792f6acfd0f01356fd66fdf54a416af6a9397e00f848a2e9831627cbcbb52b5a868ec174e69b4cfa1ed72cdf23f39d7eaf4bdb318c188b1f0fe75655e34ad71907cdb77a1a2b162cd7c22d93dc45321eafb17cd60282e83736267b3e1fb249c307d49509f50839942f0f493afd9ef37db053a918e3ec83d801bbdead07554a018b8ba348fe9b7dd92ea7c5fc0e65a644ba19aa1fb6c022ab768ec7cb249ba17b9dda2860bd4aaaa3dc70ec009804141ad5ebc61203658e57a0887ec0fded18d844a96e79ba7e879c4253056f23e205a80ab1471953438f85848f4ab31ab175c089e0bbb97ea0dd6a67385770356741966053735e2cc2ecdd2c8c75cc045181dd7267584b901674b553082b2c58fb8f8be0b99306194a6f069f684535423304d40a268d55784a14260fa9c9cb1306b82f91cbee3c9f43dea9e50903135cc1c6505605a100bfa28564a2057974eef0852b7b72ce264815026d0759f691db618ef760edde73ec888e181403834f7221bb27a69479ec9b28a3fb0c3f68d4467d25712fc48ad78763f9ea6e8a2e85260225ca1b1a38b720e589fafca29f07257c5467cb74ee53189b8c81b784c43e93f98abde1ed53af60b27b13df6ce45001c6e1813de3521028981086f7d88ba13f6fb1a800f312fbe2f842eebe847fd760c394668cfbfd353ec14ca0366eccd7b4cd63318116bdc42e20a632a0d2b8c5cddb37bfc0a239ebe3800a787d2ece077a7968036b3d9b31cd906f888e3ed742cd769033e2c24c5a9e3c10b6d300db5a17dd88
+MD = a86e07bcd19080d4a83e1384bd8189f60a7dd7a6998406ade0bf03f805375bd823c7656dd51cd9d63e542f8ade41f16d73794d60d0906424133778156ee54b95
+
+Len = 100816
+Msg = f8ed40e878dc68ceec52cc8e2868722310fb117ca3a52e1839eb85d308b8aa00ed0bf0b76aec8a70eba4f0d14d2d85c5a0e876ce2c8ee59cb36947def6c40a587aa07b368ca8e8a08367018e45b984de0d7f1aa46b977cc18c0cd9b7bb897cbb2814aa0ce8f8c9843e03c86c19f2ba95dd2ac4a466a93aae4b3b05055ff148517ecf43e286c57744a3e10a14d0c26e139a503e7927aa688c78609170ebe3b54104390e5f6cf538093a67922e7210e77fcb584ec9b6844e829be246a266460cb442bad52ca47255fb8cfe276108c36e02f9acbd3d191d34b93d29ec40d80496d1c1bb5ef036221641200e905598c54bc4abb3527c5a5f6258e59d4bf54a0498c108a2725428efc2047e0096b32dfdc6ec69d5d72f81301f881ca62a66c22e5dab9fd9d90084c0a36b2f3a0123cc5327a3bc7a12fd947ab57169ac533e4b6a2cb80fc65b9b527cff9fba26994c7fafb5102a0acd8f9d246a3a54178c23eaa04c0fdfd3c0cd980d1fc7a72b25d74df9b95c3dedce8ca316870c654f9ebea9b806da9767cf40605a4b0c7fb06f6b3f197bae7d8cde9daf38530e25bc51b68f9aa23ec0e95199b14bca96c91f3db15bf8432f714dc46ac87218691bc66cb3a42f6865e1c30f8394c8e68c0ddf5851ab7c5906a1994a9af6ac1c44d0d6b95ff15d9f77825ccea40fb9e516d45888f2378e045d95d936d541cea9c8ca52fe5f7d0d919b2b1c59a42d06105ea4f2943c05178e59d67351c5b2c0051c93a4045e512884fa656b772cf398af89081546d920fd3d24ebd16310506a786ab33293027394c1bcb7b1efe46b550ac28529646e8d2a5ae65c59345e24b44cd7b06673f3ed3b9008aa568a739c26682fa596b7a655842cc6b2758b583487c78d14a76bdac7033806c5c210828ef313f8efc4072681f5fded748c31a58ac933b4665c445f07d603e0905e49b84aa55146eb1c1c99196413832a05efee2e64d6732fefc629b79b37bb9390fcbed7226b412204bda523b8b8af5c4a8bdb263ef9f3f6c7b9e1de3a1dc257c1f33b3d54a9101be5b4f2a9db319993c2cd137c41e35c434ce52e859afd1a635af4d8852252dc5e28c729b2b4c96a56d57f3f3854ded59fe612b9b3a51fee3fc1c83db673b0cc7433bff2472bc74a2eeb6706605e308690fd072a7042ca6474603711d8310909e47063f46f287260a26c4f11fe492298a0f98d28c45948a4899e08fcf443a6ba36457dd8329314d53ac0fd0819fcfc3357426c5bb8d3dfd706e205a81091cf08f31cd3459854f3d07e503991ba5f067e3c406c6c5396d8257496f4ba3703cb1ba25c2fe4aa54577af782cd57e85a88a2d75c54039e8b7bb559219edd6e81e41acb6d575d6f798afb2cbf7f00abd5c9c7b0fceec79f9a0fb040ebcbb7bff3602df7b71357efacd37aa57019350bb81213508a006160acde3dae5c42f03141887eaca22d7b33d6791febfb619d11ebabb13e6c5378e9a72e852ddccd31cc53a43275966b7042ddc51485ca20e1c456dcc7020cafb5407548b044d332229911fc74d7fb97de25abff7efb431da82de2ed7e25d0dcc06ffc74e57ca93a6a9f64d76a5c39776fe2266f88d6d0229b527525fd2e22a1407e26f94c5bc6adb1e7327f3c8bb8d4c983385c579dd8f5623df8cd6da569c7de73d9210e6b9253a177653a13ece075940fc81016d8c35fa4f6542df5120c174158ff32533476f4e059e35117081a24798fbdd1eb10f82809836f8dbefe755611347f75423dd8571695960c6f66cca71f0a01e8fecbe1183bee3335eff10b4ff8104132040e2145ec3164b2448f60c730887b9d7894e5f7df3f876cb17136c99cf32db1c02fba860937378dbd093c4c5112133781f06c8ca07c527c2c085e8ba5e52b399f2909e217aef6e3035ecafe2caeb1004069dea023af7eab873deb5ebcef2313c9827821bb9f89fd3d1570a569673d3ede86a4fb13dff242eb98450a8917fd8865c56e0a9f11d72394b79808b0429f3a83cf2465161596887fa2d557b367a1de9c7753666b0cca9c30cba9f0a749c03c55cdc7a6d45852c76ce2010de3e7f75d95228efdc79949b238d90b25f983868b7f07f585f7b00e45d9e132f3c09ee84f794d899759be3dabd46a256f4cf8da71270617cc2425b24cef25d1d2f3945afa6f81abfccc858cd02e05619649b1a5347650934105c02622d538447223d136a8a0455cf3c6f61f696b32266197b5cd1d936fd3ad4288520fb4a2f59bf95e659f33210446ef18debeb679dd99de0c3c74a6eb3dd783861f5db4e94a151c42ce27519d0bbbf1f3b1163563ec06c8bfd881d94a3b896fc07352fc97ada73685588a2242da1b718f81bb1077bc70fbd58b8b52163489ae403838b533851bec30ed0ecd97d72d1af534f3703db59f1f563bdc39d690a0e90e545506463a37e84974fd7b256bbb912cb4077d3e3f5bdd4bd2bab713b696c830b1f2185734c4d2dbd49d5372fe8b813ce73f5e01c36bddbb376ef4541033f2b0355613eeda8951ebf7377e08f967902eb7e23c0fa798c6ae52401721053f1095cacb1e9496500e83c412236fc21566090b3a3eee55aa402c0b774802fd81c9e8579761cfcfdfb1aa23786b2dc35dacd5ca8d8d283369f53e4a5db18060c2c6b0c303052aeeffe169fcaf7ecc63090a9ade245045ab9c8aebf738772297caaef5f857322a597846c7370083d409df27612e47b0cb240daa3cfa51c57108612ac0dddb0f59791289ccbdb3a2cb1fa9ac31a23dd5440682fb373bf0c1f41c4fe2185ad7c53eb69552807410053b0c2d40132250e637b8c425e6a35d93333b5b7d0557927b6179c848ec455fd1ab38348c0e96c60b2da49bd15118df64b6ce4fa48fbc555a4b2874141718e731a40b85382ae6e86ead31cea77f83bf5c063bf1febf71688a832d615e09d6f14badedeaeb6ffbfe343fc7274e78cd46a2aaec0a349c5f133291ee57cdcb65c5474e46294de6bb50886bce6c6f44dcb95f2a4761ed2e6c9e7bfed51e0964afab4e0f7e0b07960f2590baae66b1ec9a63ba0fb6c0d27e81508c51487dbbdc9beb8879fd58c188dfc774b3d0ddbd77ee8bdcdfa0ed8a9387728e12b13e8b3c10cc1c132bd822c2147c5ddf9a993aedbf78ec256db1be76644ca8ca7727208bf89732657152d34e948d73c47561d156f773136684d4162d02260300020123d13a95f4f835907c344942ddeccafe2abb7dc4792c4f1e39c24748c63cba933b16be0b8853e058c47a1ae2c4dfff39ec2339b345fe3557d03c1df91a0607a711636c4416ffdb73532aeeb74f237ed8bf971388a0659e4682a46b8327e751034cbf2c87c7828da9d24baf07a742ada34d1ef38ab1e8f2b4f801192c146600709533e61bc2665dc1e9e6441bf3c4f6643bc0c102a10f9a69da5b0e3d0a0c7cb694c682493032b5853f02953b5c2fc0e1348565389762fc2dcfbb34fd305f2d9df080e859396ffcbb7da78aae0a0d72e3de76c774bc6a81c87f2872b6afe97ced5269009304a4992c4add0bbe24e57632e19ad0fe37ae910193aab0aeae32cf6d618ab33eba59f6a04fad00b1d2403396e6fa661d31b695a1b349d62f56c08fe6c6eae7a482177adf341e51d03ea511d7959c721bd20bf371860ecd7fce1d25212891850b85648db0a039e6638d9c78bc958add3e41341536b5007be63fd1f7e3308876bcebcb97dc3b05a7b2eaadd00f8fcc8dcfa7b961bbe727c9aed1626ff786d6a0ffdbd1002cae8a7d047b6181962a686c152b2341c7c58c9f1dab5af424d183ed1c7d003165a1d04ea3683ff31a0f68615af6f91c21f736e67df641ed31b998445afadf9052bbe004d5dad08f62e5d353e42fc35a92242d8414d99dc4e7e81c8c027af686baa5c185e3f99abb3855b22cfdff0a62e2f47a632b7df8e00e0317af5c24ce7c64077bbb15ec27e062070cd3eb8e549ed9112469090ad9a96eb59294b021eed81987178cb2dcff67a9a2e930f6032c753e203380f8a7c987cea393234699de03a1d09ce204f0a8b6d5cf522b6887174fdbccb08f3e7c4fe2f778254465b32766c48812a45151ac37ae354dac87419f9476baa27e24b2f322b2da4ddf579750684a5881bae2269351fb7de59b9d5a4badd8951135f2713dafc57215dc626ee170fae7f20bff98e36b864e1fe0f0f9a300c903069bf0e0b6f2f8e78423cf6063e89dde6c81efcf26ef15510563c84730f611ac879a6628e55115e1a29de6945d37fbe4f803fcf2e344712d9e0d6f6c79f8773a9f199b705235e20a7830ee3357c5dca29d7a6c29a3d2628bf2c42c8f076cc4525301d8e1860729070dc53164d9fa08bf63cc889eed01b0130a7146d860bbc09ead3865a3082db0836a45f5506c3e46e452e298764939226cedfd06700e4e33c6b4a78add601140249596831e97f960b973a4e4dc3fe2813fa34eb47f998ce57270368fb81719a09298a223f7e3931ce5cdfab3f658649533354e982c87dc9e49eacebb5bb4af9a767b4f1c03d774431168cd4fec1b2726f1aae3f9a062a825f3295557eebf3af4784487b869fb049de44d03fee71194fc200af72103b157431935b5ab9bc122773ffd313d52d7acf1078386090fc011de695e71567cfd51c06317d4ff8841ceeb74ad35f4e5f4d20921123cb88bb2079674ad39e133cdfd6478d69c9bddc7a818be5d7b254bd9e0abdb030f52846fdfeae8ff370a51a9c5f6017af3c6c3db17c5c614ea18ab0e3ca0dd5de621217dffa36e5c5318fe191040a50cc3ca620683bc34da6c142e1c50afce28a86b8b66d189adcd755561a647080d93f3ede1cf54c3afb7e863fc8a82a2576d3f79e9b2bb634e598507a3d7d017e0176b7868bff3a3dfb4474b3ce03c401f33929364e727fbf8096b77eb351435c7a113b3215cc6246dd86f1517a7e550cf828900248f7c1754e40fed62477b296a37d3e53231360d012c4908b466e49b0e620c0a5031228009f259b030956ebd70e49357c3c3ac2842b6bd6e3ca5a3e985dc03f7105681fec03b320a7ca753b782ad3b52fd9c8e3bd980b48dd6ec8901dbf756108e85015821c880416e0693e0479cb31c0743450f6d9214afabc4feadb9bcee9def460a58d3a02d9e3039970068b8e3fd0a403a6ca7f2c71ae2b46ab3c731b1e65e2104c47fcb1f69e7c8c6df8c09b33f2e1cd4192faab316a44536dcac608832019f5765cc5240eabe3c87445c980c299a5e7ae0acc2c2ed19fdc8f011515bcb00476b03633c7669db1b44f97f6cd402778e9687c740dbe5686789b79d0b13f784a2a866eb91ab2d66f064c49e8df513ec348fd7272ee548ba08e1f9f99696ffb53677550d59c67f88404f6e610455a422d9cd987493ca5c366a397dccface2bba8e3e99719dafa768956cbf6fd8defc4104b8925878716a0514f70cbf3fa2c2bc2f66fabe654eed3076257e71117665703eb88c79e4c2b94e8e856e7a6ef90ee2a358409db78b98056ce1750eb80725d70e35507fdfa5933a61496ba48fbd5555717b33b59d4ef211fe096aefd478859ffc97a41372023ef114adcae5a8d5e03c21369baf1e7f417cb40326bc6db1cdf0904651dda3c1039a2f1755e7c329f7c03bf33f324206ce6e1638711c8c9a45f153aa1f847cca2a5d3af1d24fe7a1e1094819e8e712cbe10ead1012b7371b35cbcc2bd5b10505fb63bea20ac81d25e83ed0105e7595b6c28400f4d336791ce4a584323d0b455bbed44392c5f86c9d5287593f6986d4b0b8f9974a7a4157859ba801251d3b44b2bad84f29cb87dcf1680d6d10d1bfd59f0c95fb7bd07fdb3ea2fccd6e3ee80af438956ccfe31e750972f893ea5dcaa26d077fb3f09d990c2f41c8707368bba007803621ecd76540cdb8705435d74f4300eee04710a936f241c034709e625b0dd5dae1f6e86d034426819c365a05f5be420cdf4042bbff965a666a5756f67259448ebf742b6ea189fa17a4c3bfaf651d19a8a525f09d9cff637c8fac02eaa58d3ee3f7221da1e61833c0b183cd9f47686f09597e8115b435454acef80c079eafaa22b18927d07bf8b7c5ebfdec9c42a52b7824d45decef41e6184dc2db1505ca6f94172fafc10731706e79b9856dfede353d2eadeceaf72a302e3492d7dc81e3777e4e9e1f3d33cc4402833ffedb241a75a09e9495d671f80ad3acf06823bb04a92b815edd0ca7d01dcb3318c1ae5c62d3e99c0ec37908b45b51dd65f6b45b34ede2d6f553f60a45e20fafcb34ae4dbd375f52a5db9c62650deeee78e955087c2bea75ede7c304347b171fe0c1a2a033894be6e04605271307f307b2a9cf6ae24b8c87ce033a3fa4cf2bacdfcf54fcccb1f580476c7d00c631a8529a9eea2a713610341e0e25609dc8927e51c58a0a9197a54963b5cb95877354f4b8316df02ed2bea367704a12274d96bcbe0d0d728923a368bb8ab98d5db5401894c822632308ddfd309071fb4b477d8eac0ea5dbbc3e3606d8510d9051dfb5e4b7cdcf2c57c1b76902d864c3109c901da53019ed33cea84b407490486ad9f980a8a63df3d2e3921064afea137f35179130db3351f5bc3f5e7d590a5ab08b5415efbd345f9d57b71ade7dca939efa5a12d677b9af0af14468176a43712bde10cb15787c18bf066eaef8abcdea77d3a0c61d6c74ae7b54fe90940d0233e4b874c9a141dcc740d7fff43b9fbbc012a933d890232cf74fccb7ff7eac1148e203c7381b7f1d1429b1b1152ec25cbf7562596eb402a9328e43b5dc5cae36592da5523f0b9907a6817ecd395a7c778daae85bb11372b20641a04250b77b3a0ece885d07faf9622650259b874536d6d2b92181c834dc111b6fcba483167be40ecc922fb87006f63b9e8e632879563f37a8f712db9fa68c1a20ab239c0116fe022fad1279f3288b8e74a16d447e467b6381515814dd3aecab5c2a09c400b44e9100c04c720dc7e8c6d9460002da6c52004c16999975fef8752c2f9c229cbd9e6446b226cc454bd68cd665668a17328bb30f301e92ef5c7a2197a326df5c99b422096de8af231d1d8872e6e505bcfff026d4862f28d4bb3856a66ced22c9b0587451d8da4230a38561b5b1c69b523a4701a2001382aa82fcbd60733a14696a540227db44aef346d6c0a7ae5173604d59eb828614cafc1b8cfecda054dcc7306f73925e6d1af56ed74c51c6cdb66e9fee8d7a0078254fedb0c0f5dc85a4686870709b499eafbc8451aebadf848b0598ce8f955688bd2d6032abe10d1391d67c20a049841f95d2ee0c8deae2bc1baca0c098d8718cba1ddcd968981c47cd98d247aca4f838f3bf16d092eab8be8deb1f8d504d37cc44a8c96c9f22f2698036d4ad3bb48b31f109626565c147d20a4a7dfd61fb918f81548fb4f78875c1d138e819f6822651b93a3c92ad77793fba5222d870ea671f9cac967919d18f96e92778548415b2e170d90b201215354fc48a77e62823a2c2bb354782ad052732f08beb278f751529416f37d83ea26248517ae2ef2ead28c1077908995a2d25db0deaa957bcab39715283287fd626ea7388abccba2d90e364a7ff4284c84f70da68ce1aafb5be0401cb9d45e085aab41892a49e10cbd5baf2c34f5e0ca076f2772abea6f622b66020d546f8c2f134a87f96edbeb9b08394b585f2c2f98aa792f97b43b5f3aa9c34189804a9ecc2cfaeefbd0f967d85a25bf3136fd8132dec38aa82e4af6ff677682f3b62be27a180aeb22f918c24f23bf6f5954e0722324cccd06829fc32ae4fe3aee6e5a03b3651900e13fb0a759e544d033418b6ed40d037b4549a0404792c8fddc317b7f028493c4c91d6773932f8486417544f3d007e5f9e6fc02fadff175303f77f6b0e1f709bb3d3a93b38552ccf62688a39da1a602dd5e122e6f4e9171769ada5255cc5cf938dfefcbe3ab0faca434c42dc8c357e89a3d1488fa3df35c3580b124ba3bf6d0d203d586707eb692150ed05a01bf9de5c4e67bb948088784016394d47abb853f2b6b643a066ad81bcd1735aed4e108a8c1fcd025b548de874eb60de7f3c568728959147d1219e4b830e06ca2bee1f8a035e28a54ee6958d4821a84e5d1e41139905f7ec60fe67ce5f4eccdcc2c3d1e4a753a32dd3004970a4ff3824471822fe2b5010b9b6c6b01336dbf0181a95cba2624663215468519871cc39e8a7f4a151c8bd03363b402020f2fb98069b2cb8cc1b7e930938e7540d95d1d223e47865135793f9eb573660ff79f7ed2fae503e68ba44596ee745fbd8fa562c5c666d174cc01b1961736e18b8b517161ab9c8058026e0ddd6c94aed0086a26e1b959a5e05eb9d8c1ff5b2ef518ca23b4f265db61b499a48cc46bed28d23ffc1e8d9c9e345c06079ad47c88dd4e8e286575bd7f9420ab9c2d5c6685488b8b34d4c9ac04e1427ae0994cf789b48b01d1db9c2fe75fc5187727bb11119f82d0739ce4048467a08cd635bf78cc1b6cc9c28fdc199d351064a81456f81c9e56a43aef7332973804b06b18a26caa62523a7d0acc272ba49124b17bb68800d5756afd34ddb2b7e2dd8a118aac3fcf39d9f853c4d2c4fd3ed5bd25a6604d68d57db93d15aa1160f8a97e6c24238e84f272780966867f9c644ca2775cdac4af0ece036cfa6ebb1cd9d701dd7daec5763c9a4de0385db383a5647918e79c6a6de1f4ee1f6b722c561704c8d7efa4710d78dfce8ad2df0d3d82cbb59cef0bcb001f70bdc6e17af1a720b117fe02bb1dd527b18e6bce70e9447cd0cc85cbcf431fe7c006f5e4ef878a974a93b25f492847c9ae020583c9d412f4124246164d8f080b615e2eee267a7aeb5fa0974de52cefef23cdda7b305a33a91e9b50471ceb72dae337c485d636e28d6ee31f5705983808b1567d4d4ae820ec445c56e6a404cad6b408691475397c0dd6cfad232106ba96e5104052700a653e21f9ac6d79578a9f52548f426a1e81dd45bae30acdd4d22a2dafd633564d6b2f45e7d35413503c955cb0a9784b42ae8c2a5933a6729f3922f969a158540dcd201ecb6e32f88b5b4921914a2e8f424c8b031f115ea5d23a21e6f22439ffd7e5d11b08df729f65613b4f6ad3edbc9a066a5e712ecbddfa6fa764cdf170c0485f82d924a99b7e7ad8dc44c1f93e49b6469a9af3de5691944413f1417b753bcb84d5b7a34f362c383cbc802b0c88bd23a7ac471b9287571c42081b1134bfc8ce104a550942ab1f2a074cb00a90558d6e841ff15cfde6951f03e450a1bfc90dec6c513fcb2692ddccc31d22e5274d41036656183c72fce208e44920776f196193137ac67d6d65ce9cfaae774f23a86e6ee8ff3a4e9422a4667d971906e5496a4e80278774899c882708611bad282f6c1d666bc5e7c40082b43a6e98d494a18e9b3cf7f154fdbf90d786e59e83b72ad0ab893c49aca50ed37ea5202e650fda54f5c46ca2a35c476f4b009c5e6733232275abd1341199b63d22386c484cb95c43ea90e609c407bc79ddd00609cc2eb0d82848db239b249f164b7ea384d0239fe1e64d04955b9297472cafa2ff272c5c78100aaa86cdd8120556f25652a3c12da5853338e3be8f505d93ea03cd1cae7e78e95befdc0e26b760d11e05403c348e0523fe036381408033c009a8e1f117af5100a6eb91f08307df465c20bc1dd029875ef7e49338689f602d98f2dc690a57a6f2864e57098f8bd723574944ad3688b292db6d01387a16493912722ac8f91fd12b748899bdaeabdf0479df788eda440d7bf30d1c25d78d757f00b74bb556506637fc1ab87162f05d464e63a6272db3fe56e9357275035d6b6bee32bd92c4a1dc94778551e94ee1d8854f767bfac3811bd0287672aaa01ea18c25650f05a68cbacd9158e479b508e72df778589e1e03dc543b60bb3b10399e5c50de9e728e69774fb3f5fea757ddefccd0f9da75afe4b67f9c54aaaaf646e858fb001a6deed0a8a769ecef0689c988de566b6015fb8c40aeb5f2df7ea4bee60e8e69d15c4a4aa5411dbe63fbdd6418cf025d87f37362f15e22aba83abe1a3de9857c71c2234023b969eacc0bc526363b7f30b092ca114f2a6cefb34394d146866ac86a33fc497a8cb8e2a5bac398579ff7958878421fb08fff4f8f3deb8c9641b8de392647df3017a5467f9d7b23036935ec6e188dd6dbfb544b8a9e04a4b3c7fa1e4d1d9879daf69986b8083e6eb023a4b5eff80fef17f8f65433c882a21565a919448e6091d1b61013fdaf9fc3e45bbe827c9b4ab10b05600a1961e81d31c7404f8e0d32bfcac2937eaed811db167dfdc29286b0d51bad2bcdb9dea76eaf495a31a7fe717c1c98be374a36271cdd06ed06c02ef4c3c06cb42f73b3332ed488416010e6bf2f4dc4dade6e2e61f19e9306bf941868f59fa0939005743dd647f0a04b576a7e71d4c383c479453501e18ec56d7cb79fe31ff534afbd8609ed701ef163f9de31bc58114399fa0f22b62c66c380e8a10c34b7e731df2a8d39dcf36fbf3a66d67b973e3a94bf6ee0bd96f5c76baa76492032fdd2f59ecaee403d486f543f2cd7ae7b0dabe1b5566e681cd40d384a94349e9668650a6f2d2daf86c59a7b02ba466cd03ce1d50c3f0ca4c02dc4b3d1c0e7b9a77df9eae0bfcffa32117d7e05adc7195f4278c93497401629897a58d08ad7141ea52e0163f14992d7a284e7b875ce4640b4dd48ceedad1ea17d8ab1e760773044845e0899602f1bdfff4d42ab80c0765d1a8bde2ba0a830c050923956d06c80b182264ad19ae4f7c39e43195f7d421bdcda00e3eb5ec5ef2ec91d69df691ba7fe250352acf01fa92af5e2c634b9c7c97889e9147e869acc153d88cdc18908f882f371ba9c1e13c26e9cb8e3cbd4c5e1988080ca65a67b3a4c3460cfadbec904d853fddd2f5375b6070941fca53cc106b5748480213cfbdc1c34320a0478b05f76fd0454c75eca069cb1fa7b21704dab67dc40d041c8a1040db378e76655636ad725219c049e6536982d6ee9f11dd032280e622547c7ff44a938a1f233c356a98182d22d5770fbc871e20bb37483dd5d6ea1551993b95b30774a49b50d411ebe0e8c92834094e23ec2664d822c40e96fb42b8607b62b6949e05edcaa436d0ffac6a8ff384068acfc0220c0b098d368fb8113918a4f8c9de37cece74c8695cef2427e54a6e77ad092a9b7f1d94ac9f0836deff41b905b5dafc58ad6063759b0372a634f69a639e19521825d66a282f489c3172a3659264d0132af3571e637782bb6fe5c0afd24547612166fd3409d0991392fa054ea5bd07a4cd0921a13ad7b62a0b5e6d56cd8adb7f3eaa5c99576941c38aff311c49a8c9d8c755869302a2e5e40109c8365a551cd3f859b9421be189d3a0e9ed78830d5cd6a2414e9cc4c25814d94d98f8848e5386d6dbddd65d22b96c5d20020a5dd409c7e5344065871e57e01c91a443501dc8bf619890fe231319b5480c3879dee618d319962596539e2970513fb5c0c8eac3a71ff99962779cf1d7e916566d0e29d121c5cec5d7302a18ed00be9316f3de8c669a64c2a960a588f9c8a42690f6867cda7146e8ce27aa6a7fb27606eed9df6a235a42d17ce71627446e206e879de56025a66556263f06684dedcfd6f083d6a707e5fc8f8212d716e062f0f7fd0c2fc62bea93d68581265a803c31cac3f8ac8939c5f8c464ebd19df42c7e8998494af614c8383294f3f3883f2404ac10404759e182a038c97aea04a85530ec005e203807c5bc30fa9f5339b32fb0427e64915e29a25bb25ac60b92256470e7de5298d42c6b88995f8d2fb704e49d55b66b71e237af90fcbfd71d9093e1a543da2e9911ac4102346dc4704859cb33ac5f5dce2b3331a9dc9fb506461a5436c89bf90d39afcf93cbca4cfc35da6ddb112243928246ae0d1ba269b0fce0468d3ecabbdb925c9ea3241e2dbdc6b151fb4aa724a42f98b0248171fa01fa103f116d0e7deb65dc359b09126f9a420300fd209508ec7a50be56d5b470e387d0c52a1d104625f9571ce1404d1b7af3fb00475b95f752ab96610be112d33ded48624015781e7198f4dcdf917839471fbedb43c34efabe09941fab6b342cf672a29dbb1eed0db788dbfcfcc63bcfe80f7718571f691818dd6f839e3cc282f85f03fe0400171cdf1235049fa53de7450b4c40ed398d5a486f52124c1c63de2afc950e81839f52d17e2a7d32f82788465a65da6cd763c6360763561ed2bf47749080549b6e2db87514e1ee1c85a0bbd346eb6e3cc29267cbedcad67a287fc5be65ec59ba8b6854b31c83dfc5155187d4150685c5c2c342ed68b01ac9e44b60f0c100a347a0f93074dd37d8956fe2f43110dda66e9f9e6185c23dab74cfca21f3ede4bca87687549ea02662f45dfa0ad27f9959a120cacb7c419810e1b1a50fad31c12c47d5bbc61bad77044aa541d29faa6126c60ef088b82eead17a52843307d4bf798b853d90d14c5347ff10615381d85e964331b7a123d15a77a6790d93e920052ddb4db4baaac5e2b27b66ff955e53b8308151c81da4711189ccf0eb393c5bbccfa1f6c94a8d5f4bcd266fc6a12061967ce836ca042257368f567dc42de6ce0be84449234a6163b72069f25b7ead4b2003e1a7665e87ccf211abe94175d1c11bff2c0b6bc110194d34aab96934ef59804cd26e4434ba166d9833fb091be37b139cc10748b881c93690528a96ccccd2dbe024510b8da37dceab567dc52706461c486a0463369cbb99bcca2e8a4d2e005c45401964722a4b3ed37c351c9f21685e8992c9634349379f41796deebffc2928058c8ef6ea37c6e4970dedb78d1c2a00ea9e1ff1e7708470a6c60e6a2b1e966aa872776afdb238e97f716b3df8dfd42bf0f7ceb52bf9eb33731bdba5987b8f48b4599d67b383e77413107857e951ae0625059e5616ccb41131df9a480efd5beab3a9c99615921caedc53dbad675c00ba1030577db1d22731677914fa958b44792cc9c19e2ac71ebe61a05ee67ae7116e39e1c0d103f18bbc9d531164360d901da8234d29fb0b37cd2a60c7aa2adb2a4b297ea2fb14122ad95bd4592ef86c88fdae1e37dc8e44ad03c0fcdfa3801e93796771c5a2ec1e4ab12a64b3ffe48e7442c6224661ed5cc987aada6e778399941f7b20f16f94fb346b916be87f005c9c13789741602039d38270643cce3c347565eef5ee09139330301951c15756be47994de6f1802dc5131b9b011051b1d87d744756831a71cc8528487f032fee9dbffccc751e6a1ee6d07bb218b3a7ec6bf5740ead7a47b6907d7aa95b79aecedf4a637ead8fc6fb8654c93d13ee79f5d6258dcc61993aebc65e4fc14eea7d006e31f6e9f60e3bca8ce52ec559876fd20255e507daa99b185671ce1ac11d448c30bcdf97b9617195e0ccd2d15246308dd6cda74a8071114327fe203b1adbaa780f3243105c5111636a51dce966f5652e39d4f91abbbb4576234d6cacc3ec57cef2dd4dda49a6c33d12bb7595fd5ab5bb15b40301f34ddfb831a5dbf62218f496c003227fe6282e2ac054c45e7f3fc93e51b3ee8690f08612395095a0a12729d663eded879d9ffb325c62f2cb546a48bed51ae232fa6ce28a2494c132a6e09d98c2e3d478d5d2d15dce2e2665e4a3db448931068b99899c2bd8ba87349b0cf9e3c52cffdcf58a59b4fe0089b298b42ad7553f831bd60f5cfa3e09102fe773e4c05412973a678f3b3ed420433cd664dc7f218e816a17c5c9013ecb84abf2dd073557dbc41b92a91e0339d57b8b077a9a44d56427fec5748c47c1460b2e2412094db6d0ad06dea0aa0c1368592594bf0b2f590a9d6149e44dd4adc4cb42e5d9940d59397b83b33b88604c210694e3fbd84795c80c1b09ddb3b1ec8bef6e9dfc4d7f295e551a79436007ca48aa605ef5a89571e59cb26f2766e564e39d3bb441deaa0c8664549881d90a77256c0f6c77241fd6ab74b0e2890f78ff16fd2f9271ef96ebfbd0b878ba9c703900752b7447f4efaa60bd9dc9cd5673a36b39d49f54274caf03c0cf82b95141fa20ed3ce02ebf0dd74d9eff8eb9e2dd3a2976b244b12fd33ee75c1f1c459f86a1cefbc817f42d7f43ba406098165cbeab99df4fe751ae3382efce32af252e461652c7598161e74fd8eeca474fab6b1ede039935f2fd4d7562623b90a422a78941f47a76863d95857c33653d1b42b806bbafcfeccb7bb4a0c58acebf6104b2570afc3ca88e4fdf2719cf39c964a1ea7d2ae4a7fadc938abc95adac495093f6b959b1347501606b3f960b6d739291aa8c13eb49e98b0f78d2b91400b6d8961cb6165c8b684738e4d4db2f2ac30ddaa03a5e0cde4142b625e81907f08c60d7cb5729456806c89ff0efd08397423e44738ff38f8e88684f3a099dcda455521caca37ab4f4d9ed5d37975d4fdd778b97cc93babc804864a35e3a2db04598152e67a2f1f157681c3962d46ada23ea5d9a524f9cdbdd08a07a3a85b1f6fbde11d5a35c7743b83bbefd19aedf6d92241d16aeca7f33cc51839b75f111e8edaeaed808daf2f43fdb3c6f032ea45052ac31d4870c4d0d76aa75d0b88635ce449054013f234c4a16cffc58c95ba1cb8a0a0399861eecb1039bdedfab4d05f0270c6b16f03f6b8e629f687f133ebf2662c7f930530746679aac2791f54d6a95bfab5be0c33739074ed4e7ae88dde4a8036a7d6095cf41776366b6ae3f8f4a0734f48c275e129cfffff5e0abd042f99a957bf6f0f47fc7288750f4fe30198f8cad7067b36cd87ebca08abd3f9475e7443f83cca91a1ebfc42ef3494871f51f6d52a5524b9391c687571be5327c7c94ee2a096653acb410917fd51e56a92be4f24c1db6b97b465ca84c31c04c2f61eae07e952eb6554aa4d8a380d9ee81c1c462c360fcc3cdff2867a953b655562cd06162af8b99bbe662e0c27ce4d9a1c1a907def48a3231c2110c930a2f1498e32dbbfee0e5c5869332f3024fa5dfb0327a27c663cacd4e9902de34dd93529e90eb347bafa5035f56fc578e8386c7571d1f0ba335225ecd8be026b4544ad70f3af11501a53119ee39a8558ca0ed5b3d897ffb9cf0fcab55a0942d3bf7bc6b94ea27a6b748f2cfda431f35252c44610b7e843ed91ebf7e8fe10638f04f52d6d5a7752ec62350efcb7c473f80b1f2a26805151e8346d39d23551e92fbe372df7979c3f756bbb43f6bed09bbc6b65fe6fd241ae1c2f1a0d0b805c582853b85502968f9478e9a84895f9d4ef01ec4f3f571e57cd0bda68ee1f6f7e14fb6e0f4ef8c7dff6796472a935294fc27b16216966d5021339ded059687355b42b55926854bbfbd9f974a0c26eadbfca8a6183093996cf252894e6db910c71ca3ab2e82d90d371c36b92c9409cf7937bb266ea9b29c41d774aa522e103cb30bbabfe872b57beb027623742806aa7694a859ede9bc1fd7b9e32880b064b0030fce1a0e5cdf3ce558a5feaa32e323dbfab6661c5878c9377ee52a615b7c17bf1228e328aa20f92d070c71561969e1af532e76835fb0436810c3d87b982217edfb1143bfc3405ac9f6f3a50145608dfa8658b0ab642a347255c55b59cd1c5897b2cf625a0f0706c30ca1c1321e90cec57b7c3d1bd1af455e3732db80643383c41eaa6781f63da6233360ee720cc04d171ae2445b0c071e339d547f7ac32f407d29ec7abce0a9e1ef5276544877bab2f84bd2eef47ffa66f96e7170cd54d836c9badbc59435146031502c1a3cc744a470f693636d9050c5b894d2d6047df60eb0bac16d905d46cbf017ca69d66427cb88036eca4ea9d0e579f6bfd8a4a850703a0fe49d39c107c9358e98689fb62bd0475aab4b2031446b437c7f9e373caf0270a28d7b15c71f02079dde401e26175bb6e392106a9072021f0e5c5145a1db6f595b032faed8551f6e2ce318db1ab513db876a3eb42d225014949c19543e9c5dfd2290e28c5d72c87223f0195ffbcba1c02c7d0087721efd2af6881dee7dba7565e07abc35bc3fa41c6a4d6a313222ac6dbb117c69c62db2691c68869ac5fc5e987b0ae4335f815c73ea4235da2582dde81d6fdae5911617daef847be17f2bc09edd88830eac03977f89179fe03eb2dc3b38df43803ca2d38455232549110f4580ec3cc04c0d8cfe493013d2cde47c506ef6a8dfc42d998f70378fac5ce4709345926dc477e9e339d8c87ff6287ea6e2873e14d538cdc3f2a47e0e37a2601652f5b665b616a7d1ef3537a3327a76f93990f7694e6484e7a52a10e9eea2edc92b99406abfb2b11ec86667c7af4a333dfe900bf071d1bbcf4f0ad768fae4f450c53817c507d26e926e753e3395201d3ad89061f16706d841994abad283f0db74cada25beb5fe46f48669a62e0b849cb77097e1b4578b45062af4a071b04f0cfddf87519cf2bfa10ebb4b860239ff187e6dad73806ae968e6ac0f738baa88edb3ae4883a9e59be7a6b222c5f54818f95578daff9fc7a7aba8c4a41a699923e85ddf24a32bb71c808516f64d506058a70539276d57984d75161cba7d53a4a864c51a249a6b8fcad5738dd0055ba8468b56579ba5f102642df65c598490f3a0c9b1064f4eb1962c4c38bfb7d55d496a0b0f7b3f90b42f733d112c89176aaf937eea4bada845f3ca4e9b56b3a5a06b4c90fa4c1914ea47020c2f32531e270007ed389246906ecf2c4465f7cc5d6a347583dd73341ad97199021819be81100d867d628323ef7552db945e4c0be604cf6c4a8197958bcbd6c1879387d3286dff979632c54baba2a35ea84efd7726b662b94fae61464d069e0103692599fb86fdc3a06e01c6ae3deb3de6fdb21806c716e5f82b784e4ad3f0e2de629a18e3a2309003dfde9dde8e5101b83312f76e811277afc286b56879f4eb80468e58c60bc088284d05d725ddfe3185b7c51b472a7ff7db3930839142d4a452ddab628e07d43375801d7c6a711a55b452748d770b84ede35920c1ac74b595baef963d21df9418533fcf959593ccf5afccc753e86c4ae231eafe77a158c2472143faf169db29bf2b53c3288d8b3c9added65778095f85e2cb471ab58362041f0a27d874c42bbb06385a0403ca193cba67cf70029cdb7e73c7e2267b856fa0b8dd4c706b45e7174659b0ee2891df911724324f7ca5daf07c912b9b2abff762e62a1817688757492975db7185c4695f3a90895634b8d07453b36dd95197abc31d5d153dfb0d0ec92639540e99d6590f9b394f14c93a5e829fbb33616e810f59c502be44a13b700fd3009545e34c211abf9afe1bb8ced793c6f516d40010649f83a78ddbe9b71d8596582997d0aa54192e1200db61dade30500d72a184ca7dfcbfb80e5442f489d316cc8b75005564835d4b11c482e2c4d0d160f14a8b13ae0a0fb0ba5e3b782770aaca357df0e1c4d1c3b28b776a8b3e0da1abfd4f7190673fca1e1c5a31c688d6e8ddb21300e4178d07c4e854a718ac3f672b0120d6a54c16957c9ec8c444208e47737bc4eeb0bf2d801eb2fcb72f91fe988aa75f38e6cf26e858dc2a718580ff5d281d13e8fc3e3bc30c75c0193481c39c375a5b06b962d9491f3f1fb80f1cb27067f0709e0b0730573a9b5f5bdbee1708ad84b4ceb1a9a61e4c41e90655764057bfa07b8c81cc83a315be1aed6a49715479c0fd0f53f625fe6c7f36fadd001149ab978532e4d0de3d1a38934c74265b161899843704fad16ffc6189f42a5cadec98603e0f98c6889bd4a559079e074cb40678fad4690a20d988735280a1ee8ea71275069132101b35c18ecc9d3c6eceb4cfe9b165e4b6acc17d4f113ef8283c0fb6506f5635401e916d4f7e7bc3cf49aed166587a0c72cdbe673f467d81bc2e9cd08cd8dd16d90b353481df31e89b45e8b
+MD = be3cfa6c965b2ee4e6fb0236665b0b95f66c8da8b338375b7393672283b0e50b96112d7cb76fffaa6db8ea4a7687fc6234dc1ee52e764d69ba8ac40c0f51beba
+
+[L = 48]
+
+Len = 16
+Msg = 3a35
+MD = 87bea682792f6bb4977fe1b92e0cc7017413dd263732c3604f0ebd63c2817ce5ddc5d78c0137f614a06e72ab1cab2f4c
+
+Len = 104
+Msg = 7db15b3ee240b45d4610950996
+MD = 7311a6356ab38a690c0b3a1581c3e7b6de418996c05e79849891b061c51d53dffc0fff2b8ad1c1eff165aee5ef6e18ff
+
+Len = 352
+Msg = d2a1efc725c46cd6a19760f49edf0bae823c1b4992ae2260085746cf65833bd008e56e64002383f51f960239
+MD = adb1778360ec659e90609e74b6af219a01a024f216b68aa944841429ed5b03b139444b8b848f73fd5f350ef02d46b6ce
+
+Len = 1016
+Msg = d11ad1253592c094746da7b5c88d329bc3ce1929913b8be07e82d3f6b7a536a855f31ad197376eba6f2f4534413fc4e4e7673fdff8739f774a710754b568b7c61a473059a41c98aa4e86617aa66d2601d0f0d584cd9f132afeebdc0ce3da6a8b290059e6e4aa080c195c42ae7f7e1e99865223439929b0a3a0d79b46ca6419
+MD = 0cbec7be7299f48f043c3d1aacf833b4258c32190a21a8ac2471666b4a51b63cc77fff6e081aaf5ef21b1b7523d65763
+
+Len = 13696
+Msg = 2f7a9929dffaa4a4dcfeea1fc37b18e3cf935abbaa17cf9d834b3a8d61e9fabfb7683cfc387d6f46ece3f8bf845827c7ebe86a651d6dc1e83c5772cee1a9fee4b04453af2f68430bd87835126cfd1b3f8beea4d3822fb27864570e255cb65b414197480b6bc20a39c5450adf2474da93d72f6ecf8063899722d3755b7a19f71e93e782d89593ab19ddd3ddf053c54e0bf832311fbf132e8b9e540f38e4d9bcc3cdbf69de54e40ef348a9170ba2f65def167f568ce846889c0161448342fe907718a465e451bc1b0f2e4f21f9b911f186589f43dea305811473837c063b915d849c20deb43323bab4b64e61823f1df119e71962dd975700391b411f8778980a3080ba3c14a321d32c082d416ddd2345f0eb751a516d44ee55222395cfa11e7fc4edfbe7cd49bf4ebd4d7428843a2ad5538b3cd201ccd431aeafb146a65d28a4870a6948a7cc0413b0adac7e8dff3a898aeff5f4b65d10b28ceb749bd354c061c3008ec569d5f90a4d4f5caa51d35b49dc4028e738c8ff5939fef3fa202fed9ebef6f2c7dd0ba41cdb5c0c16985f96fd93a65d134fb4a90ffc0fb6cc5396b843c2151bb7c9170f2fa4fb44292a4af28df5481de0c3c917ba1c46467a35302738158493fbf6a0422cee558d4bce3d78e14b4fefb65bb05043e2cc2a6a8ea64565ff6ce2fd2c4f43fc02926ee44ee02fe1dce25cfde0115c9396c9ea06269f17b2caf58e2332cc1c8528d9705c70da1f76f22aeb1d1b93449180640fb5c4c4a708bc4621d7d2bed5b1a752191cfdd45086d34f247ed1df0f24e7c620de32bdfc4d1f882380d2cd7467c926f48abc75cbfac8788f88cd9dc5361517a5eb36311e6b39e21a85fba2038fd47d860f776697bb19cdb5a4d6746fae507e274399c91648537d905015e58910117e5914f44ebcb00e771d38b30c1473e1232d4e222cebceb4810c48e83e0fd4c852f4fffcd643c0ef9e4fae2d0ebc6f102f3f749b02a5e3a61517d53b539cc24120df3957a633d50369d46c0c226f8924cae51dcaf54d716f61385fd8cf38c2c311a32bcd6594d6930133dc18ef36a9671ba8b179abe95f588ef74e8558ebbc974dc73c26bb6eaae78ef464181e18b71f4b0f986ecc8495a9c4dc0b0b96be9806fbd3d32952ca3b4737a06ed6561e9c9581a33a720123fbaa2a70fc3233b83e56444f5aa0cfaf70fb24be6118404f3e11e6ea004cf2d079a3e93a8ac1d4e297cf4fc43851dd26314a7ed6a5a784b386daa26e50c64692f7db28c21d82234289bb45bad5042236667e6d70a24bc9525c3adcb793a6a5725d9b10911e3bc8e3fd604db7998346e7f7dd1815c0cbb735a977bd4b32b5b976932bc92ef3b56bcadc089045ec95f241cdb0a84c67f1f76353da6cb493bb27a881d37a2106b8b3010cf935eb3601ce4dce3e449eff8331e444ab117a20809a1010db4cf3be0c488f777b6532df908112e3d11592f04a0cc16232d62340cbb8b5268a662b8278d37c03d848a04f0ab498f5af43b0a20e310197b7e1395a65299fac29f051bcc5fcd09a5605bfee370ee8ea21f5807d9748acca815a44d81796d68b0014eed3bb6a94233fc51725de3809ac6f538beaacf8cbe3d96aca21a7a763a957f8892f22c6d086d9af2e5ac9d90321e186584f17e964c90739559ddd034df076c4aa38c2b78aab6dec8ef6be9adf33bfb66f159ec4826653ee6cb483539c47a4a1d95663e6cc7a42a3bf628623a4c9500a59a50a312aa104b198ce5f3e58952bb79ff1ccfa9ddba2fd4705e91b5acaddab9d6522d7666264ac5f533b6d8ac4512d8371c69c06b6d322b046ae2a0a20aec1c3bfb05f3d91b9044cabdd873abb5f2b0e3e19740df31e39828f9ff9bbb20b73541a7a70b8174ce4e43e0d356e629cdbc6c08d29bd7acb6a4347823075683ce9d7de4ab3ddda6572b175951f30a15263355fe9641b3322df7dd52077402a884cd472e6d0b6c34cd63ab63cec8760c7ebe384f7cc31066bbdb7a3417425e039c4d340166e4bba4839076ac9457c87459c57957d0a06dced2f7a18acd22b7295785dafa435a2a8a2c3a1fa05d115fe129d19fc44c5a29bf15b4d9c2b375bc8e591f92756cfc573a39b8fccb8395cad7617b11f14a60e2dbf69b897844cbbcb70363010f6e1bc0590ea594aa924597dbb32a868b55551789f82437180b85661809089d34a168d44b4d788dba23b13542715843eee797366d9ce7793e72331735bc78cd61b13421a568ba3e66926921c04e9d00888ba7ddeb474db63813756ea4a02c1823083e36ebd2d32d5c88cdebb98d511304cc276c7799cf84a1699ccac9569b13f530c762732e6bd0f8415001b2c02d11dff36660b717054b16df49ba38425e3764a56052ffddecdfc686aff22079897376cc15591e11579fe4feeccb55f
+MD = 70e1259106fc7a7c6be11d95fb673bfaf0074e342fdaefb458faf4619e7f0edbd68d509b9ca7243d2e5e039d42ee3b47
+
+Len = 100816
+Msg = 5f464d3301c5e0871d6b41b002dcd09abc80a805de3482d97f3fd7b9838745da1c0534168f76b93c3c53bbabd904541ffe5179cae619dea77446140b7400f47d242141c7f2e9894d88f44c9e066861498e7394f206f594a419790d697f6a11187f84bc6fb288186109343eb11172bec076d041a4c7306d7978c009fc2d2d62563614ed3555ba2d21c8fcd70e8389352dbe4ec808af3231ce990452eb05b1b0dc4fbb1b4265e69235cc3561dae4148c386cd770474863a84a822b2e5f905fc255d55f90bd6a760d441dc52240ba7d8c888a5283891a2c99963d1fe680549d6267cdea92cfead167f6c49663668f2bfdc61fa647f5abf3ce5ad2c6c175dbd456ba41436aa06f5f68f5c88e6b74ea86a79934bd05b486210d3d470a0967ad6d67f7385260578088d7e63197849354f651aad07e04ed301f1fe7a6d2047d50ce5dc6bbffbb1da6b47d740898f4eb54e3c5a1fbd18ec93254cc01f705fce04e6100ced132c519674b2345547804a372b5c925bd9ee9701527db33408d37b72f8d18b882d3c4744eb58f011d21fce336d426de1fcd5e09610216248b51fe2b79b96c2bd6ca0155e05a8a516b7a24d529a9a475284735bd9c4c437ddf399864b64fc5d0d6ffc4e5a7a3dbdd476bc39ed29a0a92e1f2b6b3506c2be5452d4f896db6eb4f895b554b2af64c4cb8dc2369b91022dc50b7291404cc9605c31569c32756a64ff8c4fbb0f1bca346c7b58a5c6774b2fc7f7fd50741d34c8564d92f396b97be782923ff3c855ea9757bde419f632c8399763003b58ee9140c2d62e914c1e1fa742661a9166d42267edc40905b35a25d5c3cb3fb457376b7422896df7bb19c23e8f764416731d2e20cf2c1beb8663c07edd8f105e078e2fed05c5e5897c430017fa2160f565a75a4c5c64a15dd7d644bf355d169ae2696ae5ed1a39e8f81055cdf315e5b0c6f9235515fc4dbf30281ef17b83a6ed604f89293904bf78c7183fcb0ab236cb1f8935e59c51559217efabc000b165d819b717118a03facb61a13a99b194f8b6c7ddfe5850127d79078397a56564c7ed6716a129409680434061b2a4782c9006587de927c1ae09d6778a5f1c39fc419fe10493eb0d4ad492fbd05485eee7913c59df82fe7182af2cf06a6e8edf06676200077bd1408f5c1cec537cb8566470cb44895826d04ec20f0aba4297c501add65c75d5767ad2ab63aa81b7b66f01b32590f1d55b7e50e6df1ee077a19c8c895f5ef62d452cc336e9aee171fa997ddcedd7af86e6cc37722fb5838a46c5e58e7f700edfb7c6bf832171d9581f660752867118e9535a6118635709d6f1c1cb21b938068958e956149d9bffc67f355cb88205d4894ba97c3e3c8be9fa2d20abe79f3f93a6a2f4f56fd075bb49a4b7dc83630e58c32a29d757fdbcaa607352f65483cf2cb4208a3bf94ca7a25e2a4e05279be31c33696c10fa4971d1b64ee938dd299f483e5c098845749a3b706a787529bf2ca56693d0a7a98243e6482a43e1f5d3086ca1b00368d8ead5ed2d0fb79b1e2f537ab9340809ca3a9b5eb2900390432293008ab7086c2811d33de0648be5597ef002c7c462b5e0f4e0b1720a98b2299ad7aa55eb78f0c77c2ab4371385f280107ae40ebf814a8223dc74f31483c63d9e4ed09fc7e5a51bac34d69d97163116a66c84ea9fe4263269b71fd228555ae3cf5109c4d6ced7b9049a2b8069bd2f71834d6c07fffbd7561939188bc07dcea08086bc7182a5270427c3199bf5fb5c4549861fd32a38ec81c4ab058c777dc01864787f0275f911a17838272cd65135f66baf06d8d93bc439eeb55d50b7c5adafed8eb8140b4b05f59871dacf954f4b096c30b7857774fcd319c096750bf605db8e31fe02cd1b9294eaf8bb009d4609f2cdb3a8657f650501b8553765de8f572fb91ac77b35db35f402453e5c58f60146f2906ff56b9c6b3a5d0bb6afb9e2201110919ac9c01a7e9750dfdb2f72afbf7a8d6f64b1c68b9de17a2c9abf289eef24074eee9b1649caf3693118165503a30200993d271aa31b8b92606a10a52612dd1fab495b82f9a98cade18b9d8a723a71ceb63fd1d27372bd281f9b40aa1839b0cc2f2177a09aa8e7b159ac118d7c145e7a4f032e788d21facde2b4dbc1d5d2238f530d9bf9bd2798f611d03ed8919f0c85bc2da99750b7a8d6322d2e66ff6ab9ebaf7424e8c1c3f4fe92be61f65359106395f5ef995e925be3868ad513f561f873acdbaf18590c903d64bd275121c11ea655124d091740887868544c5348664399d3da96e2e35fff34f062fb939d656bc072096e510b40b2f75ff010af68d64fd0acc778e2e13c9667de266b1816c4ac449521b02bbb217002c604be72e73051aa9048d192e3210a68769dd2693e5d44951711aed3a751240d42f8925844131daa36c51d7d59bbaf99623fddf1649db954705fd6f3405e63894f5258c9ffecf83208c2c90cc55b1a8d2972ea6b3a049ee54942b50526b7930953986e428b2c75e47ed870bba68dbfa624dd94112f3059da0a80c583baeb570fe8314f5c66501b34116c81148dd22396fcd6479da49f7e952c8084f97d6803ff85c3787222064ca368f596a1ebb6dab20a03916b3ab071c927d87fc10ecc4e7ab4a5761e3eadaea4de1a0dee30aa39a9e4dbee047201d7d8a4df1284cf668ae3ed7dc4cb2cc4b5cae9307353fd2ae4c105c5d9f3bb021535fc3ae9bf3ff54ddda8b2e1037cd9d69822df436dc1c750a9f557d1a3a63fbe73c64261dae0c70bba6edb57519f5b957f138d1aa5fefe01b73c1851aea42938147bac2762527a492cb85da43014c876e223b05597354d7c9b328df67f354d168a84ce86dff57d8a870db034196dbeff83ebef80bbe52425a8810f2c9fea29ee688a201cce4a5f447be789a3881a9da3b6c491288e8f1091719032608b332e0410f4576597e17e0b5dde305f069be2e80d565bb979a3915488f88e3ebb90e81c264bcaddd72b8843af4a4ae31f723d50fa0995b027c334c351128913bb93e67b1b08f101f6b8dc8202b44fbc3d3dfb530f66e5a8f35e69725c86998c05ac87c561a4706e90fa095adab4a566da4fab82bff6b20076e5bdf62dbd6614245b6a6f8cb6bf60106f8d12b9c3e26f8127dc547e2181531ce980a3273f452892110cfe1ea834a30f99d66e026a9d22dc76fc3cec8fda2d7fea701deb84dd45c97dcde57a017693e90983a156f11c4d168d89c06d8a32dbfa590adadd16850854f24bba315b0bbf372f03711a20163afa0c137383b9120b26c59f5e9e7cd2ccaf0ef4e0d70d5a81748ad441ee5fe178e14317cab184fe178fb0cc0d82105d2f423467fdcda0f9871b9d84882609248356f3053a99866dad9f9b0f8c4a897a8cb8f30365a7ae5f3ca6e772d863d445e6d57c6a478e35d719d0e4e84f3a30b1816ddb55bcd79df21ea0e95da72a19cc1fe74fc576120bc108be3ed4cae3bea889fb4ddd67efe858a994237378eb623dab070d954ac780c1e6d2095383c98ba622cbdb18fb53260979fb2672c21a4600f4bf06583a112d303096d4e30e7e1060d869f386eba3cf7aec3052ca17593dcc9969fa9cd88179c262770211cf53f53f175037a5cd445d239cee48f7ed0aa1d715a22ac18a8aeecf191d415e4afd92b76c091803f4c757a9e89f696ab7b11ad6d5f24774e4a004dcb0e3f33705dd8150431f051016af37647b9e44b10bef114276d4b1055b634461c655a82a847639a038ec9f58876e84e9a2955b696e072d8054c3f81173473604d5fcc0a75b4a340dba0c375beb87b8b01a0f2de232bbb8371c3a9d27a0ce521c4c43dd3bdeebf92f42f87d88978d5b4e3e563cba0e5f59dd29c31096885b113ea5c57e66a3be015b703bc26d3fd1d51a7c14f85f65747ac909d7e30c8e800be27eebf4a62e42e538ae30b6883907cebb7fc5e150bc9da3a138f394e817df9a9e44420078f30d0d3d6981ca581791a097a5e3982c983d5cec239096c7d8cc55c87242026d769ef1d04eb96e5b5001e3358af88d417cc61f107659791a35d8b5f7a5767ae24d5b2ba7aa12230076db1f1b9b6f213dceea62949d98bc5db38743b23a59ea75dbe4231a285678f5f07facc053c2048022fcb01f15e8c100d64a877ecd56d196a6ac60ae35e0e09a517224ba409ba7b70d8f9fe65bc427b212a4e9b3cb17b0d332267cea4f3bea7c1e550f7ffe567b20e3057aa0ebb560d00d28e2f7aff718a9f2d4d044f0d20709bb9ad567c98cff7c4810e8c542370cf90a491bc1088f69998d59f344b74db6c1bdb61f284e99b517a11452ca0bb37c7bae77fca6514b341066086e600f098a32a92935380a173c9182a2513584c54ff67e580dfe16b508acf1729a3d649ff1eae286bffd688fe658612d6c8e69e6e7f7de4ba85ec54747cdc42b1f23546b7e490e31280f066e52fac117fd3b0792e4de62d5843ee98c7201529455c85b169fdb90cb05e3403cf2f737148bd20a53c73880880a14ffff37d62130e682e50bc7210ea6c1f0c27656cc1785a0d9ce93ff94dbc5b2877519d9bac4a339e98ec594a7cc76f4ddf994fee8070dd4b8e0fe0e51b93105fcf566f83d914dd862b4ce78de7e9e16f142234bd969ff8005dddc641dcd3c7cfbdd6113cd3ba34a9503a0f433899e90e158abde2ed4ed4b3711c991577c5aafeaa982bce80835f8e6d7c7975571fafb1499991646bc499ec32930367d4b1de76ff656442cab987bdecdbcc2b2bc35ce01816594bfa4b6e33080caa41dbdf8ebf2205649f98a2d3bf331fb16b9ecd1824eacbbc9f81297b115b4d36aa7496e05f7d40d4edd1886c1bac10cf3f97840a03277e6369e7a7e90d932050ab8720fce076de5c355fb17959bd75cfaeff325b0737f8f5b1160de0b0184ba04afcc30bca77a6a37e29662302d01858c0bc1d32b883011b7df5a387805296cd91bbc835a3e76152d017ee929d4cbf137eb78db89d71617dd76cb00707aacb8088ac77a1f52ed710331193edb29933a7efd8cc153e6adfc2c6637e88cd86b06036b8177847b4d086b0ff9b5dc91f3cbd1c08217023d7449253c25331594f0f16a3c5f2e122e0145c4ec94f096b45a1fd0b2dd3f1d51e58978471782a336eae49d7bc4e050d1c6a391658f71a1f752c0ec6302bc2dba9e3766359359ce34955a2db86740c90d09cc50e92dbb76e17a39955fa7108bddeaddaf860d1aff14acec8b609ac1d336270a940604209df91cf45be72edee04277d694a6f968ae6d8e065702f3d607f3baf8db4ab7637fa4c78bb0b7fe69937eb1dcb616fca564a5a521e12df71fefbc321187159bd6a47b066a3440ba634de9153a94546b63aa33aed9da2018e1f30628df37f5360ca4f2660a46ffd73e58183e8abffdea25f7bdf798a2b7cddeaa481bcc6e682a67e99143066963d96d4a928a478951dd6ec59b1be8cb23aa688e1867738aecdd9afade39c92c0b2572bdde84eb912ed990ac618834c412231216fdb84f1e01b3f8414fc6dd0f646fd0fa62bb0157b3535e1497c9272df1cc5dcd4e6ab9a8456222655c56ac73fe0d2aa8b599035daddf0986a45b1a59510abe19a11b6dba065c8bcf8a85d20a3681c2414dab7c036cc1358b1dba98d6ae62c5948c36b5b3e307a6f860c0c822ac724a5c917ed5f98ece548a7a741d366868e6c676394c3659f7f6786594196dde332543376f9ba0724b091d30f431f91d919417e5bf7ba1e9a21cb80f6c204c3a58d59d960a5788b5cba5abd7c7518f4c5170115125de97009a6c3fc4d5773e4f57fdd433eb7422c7c4dccee57a1679633ced3b5f08df763d4577983c5ca8b49bc4e08fa76f8bff36daf0fed068db47f0c87e0e45d518dffe37c129cc6e2f5f9e0430185723098e715284a42f302a6b8368a4f2dc16f534d1e5db9d0b86659fc4ba6f16c982774115d02a57684c7e5489b1f491584b0f0546e4194a6041f5e5be3bfff3852a4fc772d83491023a61a37228ef6260edc0d1cb972cba610d5ad1d92d554700771d8236ef55e983765ed8eb21e7de7c8bb51aee9368758454fee4a3f32179c1e54af1d069e0b9728cd0554351907e018146511e4d6f0450b57c8ebd21c71450116296bdfc779945da60b9192c5bb9a67b1f04d94992df4cbb3e30732dc8af2177fef17e0b7d01740b8a64db16bc29c1e589b6bdfc967edeb2ce8a649ba892bc856a929f0b837a838ca7f917a52436ea3d20e72afacc5b9d58a7fd0fefd96787c65ffa7f910d6d0ada63d64d5c4679960e7f06aeb8c70dfef954f8e39efdb629b72979be208d616071289cfaa0756a4bb5eea5c7baf8fe7a31501e7e2d67d708d461c0c93e85f03afd70bd9e16437171e01a34f475e4b5a58d13ce4e2fba72bbba93403f3f8981e0bbd6a8a6223327bf096c44b36e0ccbf7592a98c1fa67f198b628787ec80aaef848b4fea158c715799e6f458327f399e6420f0e7821f2dc4663bbea065c7bdfe830b6102e2e7193381b9dc7f2381ba808c43b8fdf3addab4b5fa81564716f7d46e0349d9b27b559710d723c7ef2f79eb55c3a9d75b99ae6fde6877b278b583f8ae3cae776b914b0cae0772397fd19b6a27676c7ca02cd07f4b4d49bbe1ec87f2ac7e39e5f7712319c31271dbbbaf4b826af8a9f4acab696c62719f7a6a032c4bcf90922a3c630647b7c1c7b78b10afbd863f07486561a0bc8d9b1ff5fc41998a7e3c604e24af1c1df2da1dd5d83eefa2e4012f7fb5959ef9339574367deff73723484b5a969c8c23dc251a3b887f34b9ea09c9a1838e8aaabb254445d7556dda257dfd5579737fe1dd6c67f3851ca68b011e7cb7b6958d588f143828f0bb24fceca31b47b77d1ce05e75ab05b55d6c9f9107f0c738f2cf8a1629f7e9b2694324e082503937ff8ca7c5098f770289af7d038dcedcf0ed77c8b82e2a9003a6f3db69e14131e144f6be7cf0bb5353ea96aebd78befbc6ceae9bdde97823cdbc5ca8ef8a993a9d9383aee9f2d6a18fc64ab92990672ea2dc9b89ed248aacf7f1a513da43fe5953335afe76d78867a066f226ae9c727c6c60671c50a50732698ef7a492d51998eb6da5368a667baf6d12b77eb36686ee0ca239dc6f3598be0bda79e47f0891fe4d8989df8c685480de11c148a2b44c8a6bea3a50b09be557c51f545a09a30e9362cf3080e6a6bee3dbad370ce24f6c5a6f8091007ca195057fa3af8f99703a601086c2a1ffe55fde4c2c4153dbff8d6601ab68743c0d50d021b0b3099535ba6c40f866ca3ff0df7c19d709a3f58b57b40ab5e43556a8c0c1938c875267bb39c0db6b45840e8ee7c22bf6b48798bd744f70e42fca343a8bdfbd7f55f275ca5d62c7288756d4861fba68d16d842c5b893c1d8171bb3c8b593387d3426f292ace5cee7753c9f9a12e6bb9af5a24192e4184f7d3d191d862d3c3dace7853eaa235b6369fd164e5a7bddd06daa3eec7fe4130e82478d36f88a0999cba1f251ffb3a7689ea2baf016073193898716a9f933448d7ba8e0968c669bdb7dd5e6e32fd84a6ce9e8632b393f9263532ec2107b4c0d2abdf3abb2de2d63511805eb58a70bc4ded040d76640af60ce7f03b9a682b8dd84ed8a47225a48e0b94ea47828f1c8974cd64e5027d8b13d43519875d2bbe4461a7f0f5b5b8d63a472765405ea9c994225806395e64dff88506f7f7f3b6368d769e6e550d4e3e81efb13771cf403e855f75312f1383ce4c2744d0b4e3735a0f1e1b99eb014fa60c0d1ca9035fbc4403330c2fefa8411fb7c3d6ede5b5c8f4736106bbe01923d483a84f031e9685a3b6a70646a2a5059ce35fa496b3f21fca6047471a5bdd33908cc9328de9fb032347c249bf7093390b750696124621dfa67fd9c7fe85d6e5a4d277ad8f8d169f8b5e8dbee280f8443518bd94abc5ca704e781e6cb1868ba2d6fbbaa850326fbfa5a20e4df6fb5f8ee2728e86a758763a8af21e1f7a8584d3f0b09a0b19fe8fcd37bc4fdf45084d7fd92b80544f29aba52496e2c9a0aa4adeb89820be321cfd2f0a53585a15d04c7fe4ec9be6eb5df419e20b71506c1f642df75c53a9e3b2414fe6102fa8af7be3f6c95de824c31fd6fe8ef9d49e26095a2674a33cb574e9e493939bdeaf5b309b4c51256ef71e95dbbcee0a11991693b533f916e1c82ce86d65d89b6d596017fae944ec364546e78abbcbe4322b83e2fcbb4c5d4ccb54d8642c7eb9e28c08598a356a5c46f8813e6b63ec2f3e3bb721b726361f85a734e0514f4e9c4732991ed3998b1ba8f618c2071d1b943eb0f8766fdb7f0492421429bd380deca3325c8d5c7b6ed16429539ae54f1eba39748f09aa44efb67d863cda304e8653ff7499cfad44dc27807779ef8e63be4b376ec403f3c84eda4e5af31c30f9807762e0980b4e5d9dc406cad4e888bfc3ec4186de8ccfcf631b0ba5831747a1c200d45ea06ac82c7952fd09aaae5dcdf5475da427cbc8c1f71ebe5132f2fcae15975ed6fa14a11b38766e1c446894f31c0496b0e5e96507d28e6e4549d6d78841e40630ef306491a1da60eaea3fb69bffcbf192610e2e07bc1124690fea61980e8ed654c5e796f67d26db5de35b4a2c67427833e360ac2a7d4fe7a5ce572144443ed62ac460c1b19402e85c79e3d80e1c143279b20a66d8dcf2bfe1cc44a0f5aa9b0d9b36c46c2cae148dd0f2ffe9a8e6e7274d1832e57aa39fb40553da6414094e838d613a20ce9307d49f97d904648d6460985b01af769800cff9a940f70729fe40e98feb64ff0a81c5b2b096b1a9d832e440c49e4e3684bd17a5169fe138d2544d9806fec027dd2a67f1856178e090f9bb2f9b314a202e7e95f2e41fa80dccf7b1810e9cbcaed2acc2445d60e26f7d63ee4b28e4299e60ea4fc659e7d6f0de91748bf1ede1fdb2acde9482bb76bf6716847eb2dd7517e0a94f0bbf20f248d2c79fa0f518b67a44d5c4c73a9bbc3816ba85ae8344b5f377649da75cf1857d6e4338a76446c48e52cc7bc7ce283d4252f8fac5e1427299edc33f84798316f77bad4a87849e91a1a23c0b7a86898046e278eaaa15ff33730a6d3f885dfe2d1dc0acda2a9e49a71cfecb7dcaa9e70eaa8fe15d4567a280e8960ba49d5289535907e9f277f96e8e652c21d89e81696dd821db5b7e1e53e160584477aa9e4c0e12160c9956df36cce6f4e724dd543827366010ed3d843cdf4319c1bf968a70e9b1b6bcd8af96c9eb0620c569716b7bc42e13251a6adf8201faa129844b5e1d699cafa1b66a674e732c7662b0410e5bca2704c5ebed7850d0ebb825cfb0627a183cc9643b709aedeac2c06700358400c389f99666ae97ccd37f265da7addeb07df9ccad6fa777d0da2fc47b6235179136bbbb409596841e921eb278142a19e6203c7f235bf8461ccadb4b47dd290d36ac27126c808b866f9531261f1e0f5c458a6bab6f064b4efc432e1c7379f9af19ac34c5c22e76e6e7651e48f9ce44eff542f018397889d896cc9001a63e8e455fbe4a9ee9a740edad894fe1af2bb21a1dd0318e28ba982c12ed69c08835ce17336ad1638af3cfe0ea892ab8e83d3f25e6bd98d5e4d36292992e2122c265a26cbb3931dd4c1b0d0ac5ee19974d0dd45777908bb416cbce52531820effcd7f28e1fb2d3d4d826e1b2673e834485a25af9f9d174f566abc3b36732ceefdd91a7c3885e1d10d51c321ff704d0883905b7539309ba5e7b7a2bfefd0494e90e9da7541ec37858ec05ea9a9ec5672b113cd5ad6ebfc5b8fe40ed7c3f17d8a73703dc89086b4d75c5eaf06b840bb2f5b4519a4fb17bfdca9605f17253f203efffc92da96fde023007d22cdad05d18aecb4bf08085c5ca5eecd21f2b611e7e8a0ef981fe7aa2014f5ac6862fab44011dfd33be8a1226943aa7ae5fee9221b0400d9ac2ce5241b09a68cde6b13c47d50bf310ecb37f25c32770a299020d8500d8a4b5d7621e4379dbd6ef34a9aceefd4055ea6144f54bbfedefb5b5b0fbd1d81c7a51a802072ec3d84f34585f22c1df84caca07849b1ef054cbef9b40848e9fd238761df5358cf55a79a53a1bc749e49ffab7c5bd9a28bf24ad5833facf43bcc3852c1e85cfe47929fc49c325c20d74588eb9833519f192243cf96625057899b70a7c93f8fdbfb60d8129d9c43c95f8782ed8293641ffd21d21d91a0b4db69d766f6d6497e9a414ceb04b65425d6ad6c8811da00639dce8d8030038f2d08330c75b0879aab81bfb3330b950e54c13780d308fceed2a103a1a8b77a923b66aba737654ba7995acd306aa7b80f632184412e2369c353c2132ae614553e626f0a3436959104ba6e0040dc597dfbc3602a49e401bf2249699375b2c722083489f54fcdc1f616a133ef6112a1754818158ff78f245b9046100b0e89407f74145fe336976af971c054f12d98002c68b3aa2bd699fbcd71bc4dc071e430bbf694595a951e01098aaa499be2f70611f248a694539ef8936b2e8b7a3c5de8662436fed1f7bc24a4e5c17a663d9a23b4692993301b08cb3bc10f518eca51081c717ec8dfbb0c2669f7987fe6aa0bd98231d8e8b58951b42537f12884a857e02d62de4fda6b88b6b754b1b27394c6a819e0f92f6b2b2473fe245678e252ed31477cc7ec6895bc361b718fcab3aa550fc9faeccfe77cdb5b151ab1db2e569b5bc923ee26f0b6113504d295112d47218140e44652a10af10a088f95c7cf2fccd040fc93980939122411ec643e26e7d69ced3178402e320fe156e774b75b5afc2f3d6b6ab828bb4993b1436faa5728cec34d66f520f59e82716ed6d1324944c3c91d04d5ffc5a921f4716c39de24768484d0096f7d8dbce35aeec22db11f899e5e7e3d57e7668f35d6c0db3542255d9262137d39ae6cf9bcde254dfccc54a6062fcf8982f781d9ffab2df4f49ec04a72eb9646d63bf9e1799bc0bec0ec7f0675ed9f8dc9b8be15d9f2175dfa1c8bc99071c70ad7bedb10a4143fa91c89f54777f84c9eae9361cf7f4c2b7ab873ee5785a5241db0af86f3c6d7f091623d6dc576d07550a42023633a09c8dfa21d7e70cce64c13f37663f75c47921c246f3f2d1d16a8283ce7697da4cb7e016971a2a1d0c59d6202bc18b7cee3828de597efdab53b33a9fb41aa7b49f1c964512901773bb396ac80e90ba1a94c408b2860065ae9aec64a41d76cf8842d299d0babf14d5840d647d075c34175e26a786f30091a24f1ce8db30137520dce1cfffb6318a0d0fdcac883eac603bf365efa2c806eb4f194cae8c16780342165222192f6ee2e103ae2a31dc08a84dfc89c64d2e9ada7ca1839dfff62ddfb7982c79684cfc821a098bc6bf09f87317209b16d14d45c6f38fc99f7bf9bb73460977bb323665d480c87c687cec052a5f08a2c6744c8e177a8a269b4a47a925b9123cd2c014313edae988f8aeaeb633ee5ba6be7f53fe36da3aa37ab2077f5fd75a82a55a0fe62af213b85e9e7694f78cc2b0e63a8c1b89db484722fc62c688678a511c474f0eff8eef1382946d26de00e5c626ec1d7079445c1b7c6f7f05073249b11fd1fb30257724a14cd7bbf451146bf366de2e826fdf1d25705587c4460040ab963e3bd504755b6aa5b18786b68efd3c8e59e8dbd172346fe7f4a18bac98164669d73984044f3c777368f965763742ab86a3720208c64801c796f6e3a1c4748b81e41ac58dcf6ecfa0453b18fad7e3473604f57f7da302e1fa81ad538d4a0280c4ad092007bb9a7a12907227a936871886c699db97d00a1966fdef64d9f3672f1b792c1edadc6781b391c91bea1bd7275f30859dbd1707b1f554e49ceb874ca06e92ab466efa7eeb6990667a27507a7ba789e24d593ea2af8eccb3862cce58daa63eaf212bdd86c01ed471cfc79b191c481ad773d20e821d18af85a7049034e5a9c660357a4c2808b9a6139f32c55c13282b8d98904f4f027d438189dc9487c96172e50dc1100ccc224e7374cf96ea6731032c43fbc9b367a4d1d0b31aa3fa8eb589672e69f1d9144114bbd508d56c2049ecdbfd7b43545375a099ad2885353d8c550d22dbb738e6fe3f104b444c89475a2cc24d7887daced8fa05006c02dfded01c00707e2ad04c41199c5decc1eae34b0c0abb5a5beee1b5253c3350e1a077682767a0b9124a4df2e8879366fd37fc04d4dbcf89883892f46a65ce3aec22123cbe6b3af6364df1f9f5f9751bc8179b6dcc5c126dd65feb7d11a85994e90ab6342834c79c5f82413e88198c73e932c66e3cb60b6e0c0cf438622e5dc5a1036c38afe9cf13559044a9e90f5fd72a3188ef6b1043f5f4e6b40ea51f6235dcb33b3099b2d8c2e02103235f0476ad51bce6d8a2934068549633e521a3ee4c62c22b042fb86c13c8da849233205a5e277aea1129678c31f5c379a71fe08b72fad9449cb923126dd465d1e0ae8a925374149b8248b3afb69f168f3ae701c00f6ea08fe07f1b5338ce6af2f3156ba6f300310114479f2f6119367c88c12c158b84be13b9c8c7b5dd7c90edb5b3ea1fa5927a25ad6d5596992dcd4877f58a134e05dcd80dde4fc2c2a680cc0ccf3084d3f4970e3603fa6bc5a180fcf1ca4241c0b8a1e7c607dc025016e297e2b0645de4ec2fc49851b9374f3ef99edd897c284a67b647ca8c96fcef935d541e9faf334043ea50b99fb8819ecce039227b624e52d8c20003b5a43808e4990da8e4398c4fc172b983351fd11a13dcd2aae5193d42d46e1b57c92e3e01d23fc968c729f3782d6c07dd5a17af2bda96735c12cc7d8023629fb0125e974425f7914690a7ed26508343ae58c8a439ebb6232049a194768d4594f5d65aca37a5686c2a86dd04bef35d74e0755937ac0ce3ebded1c00c8adabf030e5e4a5f44193b62fcf2f1bfa9dca2a25afaf2f1ec06c5d17ef3526d26d17af3e2f257ded24b177ba41c0ba64fd4fbd5042fbd5961a105e0e9f77f3db13c1b6c5bd9a9d04801a5c00a4c544218a21016c65bdff774a44b1d05256e0693e14d76605d67bd10048d3816caf31a6d10886c88c783538bd93e92bbc4484f3388b61adac4b92b911c76ebb1dd11b7b4e40be032bccff610068746f41e34a1fbfbfe5faf57c8a4331008e2c1cfd69f57e74379ac80eb6769f4ce4196795b835201ce4ec85ebcaf5eaaec242fe6695cbce1d53fde5b002e006bba8c8a1ee57da061ceed0d21bdd57ab0cab9e46bf3764d9a6c3ab19736d43b33f32eb955f9174ee4a54666e7f19cefeb49aac7a59b7370d9ae730b7bb4e08413222f0a66bfdac252fb61bcfa838f262312febfde8add8f6843f1d64ea3da42d4ef986498604d65737a44f5a099338520cdbdb65ce73b110dd4bcf8592a4adc3e0170b13404f99f0ec8f9fb225c1275a921f09369db165e9109dd5be472b9bc1901bfd882d264d9ed8d88b4c8f3b35f88b69e3e4b8ef5debb895be536a3af492d968dc1caf31879d672f70ad9869ea98335cf9e4a2760f955fd3e8099e4b2eb4269e354548f9de9921e50e49f3f5cbd63468b9db0cfdf17250c8f13535d4c0a1f21c87967cd798fe93b9b2960447401ef90db22c3adfba0f55f5585ad37040e8d6745184dd536d5a26edec365bd6edff1bcc616cdea3bfc8b9d98c0ef9a626054e361194cd05b2287612399f6d3d3be2f71555f14ad2893af6f60ab61adef663c3c2464ade671dd5ebc71935aad290573588fe6e11f48cd2b7db62e4b9932890d1b96e1b83eff70f026d199db75fb1e83197c937b672613c66ea131f485b4318e27c079b4018d4205484993bf50ce70275b244f2caf47cb47eb2a9ca59afbc78809a912eb56a4bb65cae4694f682c6329c690003a1c355f779b5857a60091b1c3685995a366cb43d753a704d3e59c5f5003c78feed877351e27334b3fdefe5907edd9eb25588a42248b9c4a93efa7cc63bad1e5900b95b70436c35eb85cc8251c4030fab9556920141cca24d6acd3122b92b7e868dc174bf071117958a4797fc90866aca685f1456fab397ae647ab9970348082bd74865bab7f248568db98ced7ed84e8360fa91afde3f23509e6b4caf948349ad9fb6a4efe0a0468302cae7a0f999195af1c19058669fc3b88b2780b9075dc180298498caeb7ba0cf8bd42eb36b1959d5ad3ca6fd1e85f76abd27ec5fb637ee38173ad7d86304d5708b6dc8817e099e77f5d43c1a70624cdb96e4e6103bb25e59eb51d894d1dc533a74005bb79cca35b66e10c61d06b5227fcb071457025d605a0862218ca252b871f8343ec231dbee15688aeb914c0f16ebabe6edb0a489b2bd10d4392c6f1863bb6a62181de7cef61997ab02f3bad0a893cc0cd8a99cd7b3f7773085f0929de36b5d124e3729140c375de9a2d0cd9a360cadf17b9e45b7f2adbdff9e75b743b62642ed67aa703b8ef33dcf51a50edc7dbab42d3d2b49badd2457a9f92847aa6a60ae2beae457a5fce1a9e485ecf907be22913893cd1350f20fc6c81c94be426eaf01864e813a03e4674491b61516bc95d8a77c15f03d0adfc4adc27f27a5ac4165ff6518eda1a5c408708f78a9e26b834179804a312148d4f75f21a77d78387139da40c0a6293c2a59d0162437d68504f189ed970c5abb9ffc6d8e1be2b0877c7f24b1dc273b1765bfc5ce6f4b8d99a96d5b1c92ee53a39f685b304313d909c1ba8130d20d51c824cec420b0315229df295f75b453a6c131afaae0c36d7c4fff70623638a4f7ded5eb7db58d95deb6249a29b171d8ce651556dee8037bf4ca74453a4a76aab7cc07ba44e55de57dbef8542c3851ea353fb8e259ee89bbecf9ce8d8bd6227afc0028afac48a7acd9b4e8cbe982eb1475917ad6be4cdca9cf6e7cddd971b2924f2bb730264801685d387485e41993c3fa0af9987e8b52c21688fd9a9595ad8d1b9f41e0457be18492aa09f69e64e2954d1ca3cc1d32b2915cd9cf6862ca79c80beb47347c4cceadf48a37b29b1d6de4e94717d60cdb4293fcf170bba388bddf7a9035a15d433f20fd697c3e4c8b8c5f590ab44aefdda94681407008ea48d03ff21e9bbb4ae7a9aa37c855fe3537c44106e8079f18c24d2584474bd4a99367660ce6f7e6d7c294961e174366e7babc569d5f80572a21a4bd7086629363e0c9ee2599c8b8863c96613ae6c32cc67ccafc66e1cce79654567ad08e62e9abc99e44d6a79ca4d8de15b7f8a763a4741676af0e1f3bd4e002c8fa1ebfbb3bd3a65ae68a80c230422f98f6e1e9837252e045eafd585ba389958297d59aea1e8e1f665fcbc5f7ff449996aa712dc0faf582cf3caf3dbae80594f9f07fc06de63d9d672d14d7ac4662b4a54f40d4aab2de766910be2fc7f6f679b5708790b5376498d3baf0463dca2f093b51bb7e9f3e7033ba0384af0174becc3bb477bc5e86959a12a5e8924adf0bffdf5e5b9c1cf24d232881ad5c05c5c0f50318ea83d8683339ca6a583c52198c00f7c1abbda282e7fd3b179297338ecf9c923a3a87a130dfc06164e9b4c1fe11d51b382643de44b30a6831dee119241d1b6f84f2484784fdf65e41f78c38e15fb4b00e45df1edc40e3467cdcda351a4c0a0185ac4649e91024377e1c331587a8586cc0a4dfe29e14004c3536d305f5dee0eeb8c2f216c1b8d27375b239f6458e08980badd6d82e9ee9e007578c0a3b48288d9ad0ec3c934a99a8c5741149af937dc82bdb545df26428b87fc935c05f1a4964a8408539f267e23de9bc498e2a4b0083cdb7c8e27de6252bfaf680a6d5b7ec1a6dac6d7d537334a95f1553324a0739414dbdb50445a767b0f589fd4c33b35905577ef5a53b0f097191f9cee4836a908748779941de2a78fe1bde0c2efd9f48cbf232ce101d9df93d3ed40d036ae7aedc3a5ff619abd1c159ca8d2dbda7de13b4ca62576c7f925c52925eae2d7500dc969fe14c0a335ff95a7df1d276a6f242765c781208d59edb5848d412b11638b27ce5a61b8209075976c2a6aae88f6e6d8704fe9e83b425dec4defeeb3cd311b8c5a818d51f917a8a4525361791d5c4fd5d70704d4b9fa9df1ea119882f400e682753a41931712c043c120a98f0fe786a600b47befefc9d64cc5bbe8a16c191490874e258760c9e4fd215bebf848e0b4d35521f53ec5f9308644b785171fc4cc3ff886e034bd833d59dbcacebdae8f00e43c151bcb24d1d226d1cc19ecf349361530a81ba3168af3df5536fbe52b3b93621f57959df298e5b4d3c14928d2ef7b9c977c7dda54242d17f8661978a62d94d565b00abc199790b9b25fbfd4a3ffc35c95ccafe35d9a138a2c24d17f06ae2cc376e822317f16fcbcd56e23f84ec135dc935e58c61b34cfbf5a36cb00350483b6bac786030e5c5045a6b61c9aba7dfaa4f7fb21897539863ee865ae061a77c0359915de3aacb3b5dc8cfe53c4d17b393c2b6bb23652f36390407922969d510cc97b99d1df4361530aef10707d7a021b2d9576b2d49ca88b3cc83ad1baa6d88ef8c81c08f8baaf515637b21ace9d5cc8fd9fe4ca6c3aa129caea7060791d566f4de8662b90f9e5d849cdadf9bd23cf6737b07ca105142663c30de27adcea11d64d433fe1ace84b0f6917c8b655f2a421602f07e0a7127e61ae9859c5e9f652ec82416fd2566f291f417ecdf99bf3231d02864e2e5a1cf34c13f59de9aa2760d8734bbda79576c62f566b8269990e9384a41c1634271acb4c7a8b768f276685c3a8c7f20872e56b683244b1af562c3e7dcf592a9915f44f886cc2ac5f679c07d5aa1fd69cf3a460f25c722073da336a310aa551062d92c7297002060072af2f3500b9310c239bedf45c5e985c2e0d60c7dd68522376dc7b560fb34d1b5089450c32ffcbff07b35a96bb6fe01259a06868d00af697f8bbb238d03d49570a109181c9576c1ea9d2ee02000cc23e63d6c93c6cf3050bbb15b6f73b09c25da62e5abd4c2bdb1110e1f25db39f04885595cd6a388c4726c8d4cdbad87d80d42fcaeae843e2e17f44c9aed25c8f6f9736c7ba1bbd3b839126de40a930024a65aacb872936e446114e706a868444cb140e53d976816983f3dd1d57eeca01eab8211b7aa8ae99d26e35c06ea4b226e0a6e52172a40e7f0df5f67759ae2ee026749ba10b8e33694c3e01a001526f9d75f6c419cdccece3ea3f78d69014e509c741214581034bbc7e2bbaf76db8421154abb2233117a1ffe2786b21424576e295c9baef262e80fa2edb69aff800b3ea436eb827e8adb73abc48d740b86c69d557b16e874038598b25f616afeb4f4a900be7dd0d38b5b6fb4259c51a3aaf4748d7a445f518485ed72b25c7df8ed0906b74bd29bd6a5724ac3a503c990f3697a5db484821f68718470810862728a80ce34599a41fc5bd8bb46dd845a4812ae1532c457ef4211d0e41835e5a6f030247614822571c930c727ba397e723d6b3aeba9244f054e331c82e65b74c9f6504c74b4301499a1a6f6269a3352aff57f88442d4eda42a82ebcf7776c5629f97d6160bffdd8282a40ce2e6375b161e4c22ee53bce7a45f4774aa827e2da657e1a1bc07445f0bbd770b7a5a25b1b469fd58715510dbf8d97af4e1b9459a20b08a8d3fa9d92feb32db95b22d36de0bc8b1c397b09970a6826392fd8392b2d790dcc1295888f42ac81ad213c7328b2324b28be7cc1f4fb8414a7785472f1dd3e11d66017b1756d1697be92490e15f056346d7e9126a1f35fd76cb016fe2841c8996a3507c4fffe7fc45026df10b03b86fb6cf26e8418926a030b5fa62748fbb728fa19dc2f8947468c1477750771e442e4a9d25b76d359211c05df788ade5b7824f8770b5dac0819737dec916ee59b28a49666ee8b7ca81386eec8049542f18a3207e51bdbc291470eeefecac385c096a
+MD = b70acba01bd715f542859a4224d035eb177fe7b34d5447e099acd1716ba6d00f515bd02021b5b3015d736b04687544de
+
+[L = 32]
+
+Len = 16
+Msg = 43cd
+MD = 7c5f9ed821a021ef1850dd4e0b179a656fbe27b104463720f467db32bbfab5a4
+
+Len = 104
+Msg = 5f75a437ce0698a7d8151c3fe0
+MD = 774782a9c3023dcef8b2cb83f7994324e3cca35323419b3914a9b6bc3ace5ce1
+
+Len = 352
+Msg = f88bac738d1e3e10f75e46e3fe026d7e423fdcf3d7e4028b33a291bb4aabca53f780fbf99e0346d610d4a38f
+MD = f114f1a390bfc30f34652751f3a38e8bdc9597625e363689459b80082eb34009
+
+Len = 488
+Msg = 832e5b78a73a1012ee62e00621db7f4d248893007c6e5d6e0e689c6b291baeebc72df9cf10b289fe20e7fab80a2399271d0ac63766049da875eed56264
+MD = 7d00fe393c308eadb8c0a4f771d409e17c9a796e63b45fc8e84c0cb2bdb62532
+
+Len = 13976
+Msg = deab57cdeb41974037a9bef5e292894038264eb4d8993d4d1501e6ef9c68fb0f571f57b0925640925deae9a6317e3bc4d6cdd5a0833e52fb48baca16a9ba9b6c8ca469a0555763b54f04c87d4e41aa549258f30eefe5a52d2ba06657a8773b0842e094857b6d8911d6a0636280025e56356fade362b4bf4c875cc19be0c6644b447be0454dbf390eb966c03e10e9de3487b90d0825d327c12495e3c89ad09c9d591e55c91376fb14c2fde9f7461fb25450df1a65806b65f3caf4d5c81ebc6e664871fcf915b9578bb70ee6776acc62205888dce2baa4024941209e81b4b35f0eda1bdcbd9ab1d6db6140bda4c41776fe675d5c681da5852d50c246dda4ddf9fdd7c5fdfeec85ff6c883c78689c2977584406a1ddef977606c182d6c33561c39c071668a2515e5aa6f4aa1faa392aed95b82ab32b79a15e3b5a07551ab068455131b72493126470f26c30b852e4415e1d8b719b3803ecc336e4facbcc5d1908851f4f39b776bec8b6b9794d47e5965458858560eed5a0305e260240c0849d93a19787b0f8c795eb5ba32be573845256ae6d0b0a3336e42a1beac8bdde6d1b6e0b6207903d4b105f4af2ef89bd099ded870daea2f170e03bd5f6f4490e60bc222d4876e16d4c58aeea6e6c400dbb9e9f4b2b142f0fc9bdeaf4132ded38a4a8366e107cac7210945fa2df4b124be37ef76290e5b9758aa3bfe0091bb0448206323584c2f833e0edfbdc0c33075fc9647a3404ca490bfab94302a0679a1a42fe9fec6af0cd98038b09ffbecd2832b579b2294f6ae5b96328fdc0a0b9b3a32cba04fa8bae3389c3951173bdc17caaefe526aa386f98670b177683d0b804c5875fe9c7afa233ee66349c9fd1b60bb0becf5e1d887e67fd3baf34b4f90d94699d18d6bb9d77d4af358f31edc254de2d6c5fe3ec07425c633b18c1b9e3606b78b40b543e1fd31fb578cf58c45744fc073fbf3c7d7d607e815379a5fc565892d81560eab8fb5f1ae6771b998c592e6d288014f13ab283d53fcbfa66e31a9d107308402191fac2cf2b799c7dae91b93a7676898b8a6e516a86eac58ed8f6d8ed2fd4d38031e4a4466dc8798b90c48e6adb6b4391d47872443cfaffa542b4b132f6c3408f0081af8692aadb4c9bbd55053ea56d8b82998f6b4b41d331891acfe6af1bb0d6679989978368ea463743b514866d2d01fb9950e8990867bc14f1db1142254adeccf3da812949cd03cd1d569e9d0bab7ca7405cc21096e3cd4d007cbb9629372e98584b4c6b97ad0bc314e1ab6ac71184ee555c01973570ed9b115bed956f9e4e349083013098b1e483f0fe44d5e9849f38a2f7ae152b36a266ea1faf263ea8c706632ba8629602187379546fc6b82e57ededd6d074c15c771754710731e07c207899eb47e8d7c72ffd768c36257d373375ffa06f9b3f0af11417f9ff9f9b44e1f1f96ae8aaa429af88b14da1da81c7bb38a0fe9372ed6a9ac6fb5e9e56b82593d94c5192904450227bf040b7ce0904789f979845e112a1f995c849ec3f7e49bd975a474e8201630f40fc0d80e76019f110ae158cd0f8da96ea4561f24237d8e795ebf52368218bff3e9d5b040ecd2caef4ab1e7127e53bfa2b3b4fb74829f9993ac703192aedef79dd9ad24c2c976638b4575afbce22ecacc273ba43379ed55ceeb51838b0adb80585bd1b5f2707ee16b67a7232adf7163415b24b9ff9dc94b7197fdc89e2a90d2b9eccde45e965edd064dc0d1eadabe11b8ec3aad2742b5d3323ebf913a92817749090c20758f98aef2544d4c8b48874e8936d7ee492d5585675c214deeb74fd67c4d170ac5e0aeefa607c6e37abd4f8238e776fde3921afab75cbd8f392d3e88da057903ce2e140797f4a85737bd89455e6aa27c7535687b78cd0ea59848e006c8de9c9c0cbc7a9f5e977be850adc710503ce4ba7c7bd0b042297f518abec6c8ef451c33e030251f506cbc3744228b6bb4dab86877d9e6019a0ea9f39ed37557b3b5527c171da5f013e0d3c480a038cff2c087d6e5d41b17e6c8f90c334b5e2b9ccbe9d4efd99fba1f907d00a49b71b5a08aedb644fed24bcf04e71be67b03cd20d53ccef8f854f5e9f7f28c1e98a8a53496646713bebe15a93f1ea336e6e8a4e68de5dab0fe880bf983eec75d1c5027357f6669e098411e0bc3ea2293138f5b34425f78b6508b94d4c0cc32ee9afaa409a26e5f2a1fddcd6d5ff42a89755a58b08f243957a2e208e24b055f51992ab447bc06876eba169c545fa71b88a0fc15d1e0be9d334a1dd0c86f44bd149b42c07608a9a30d0b7e13574f8d862f2ac72b2ed38904d7cab194fdb9e4dcb615f5610b24e202a36866baccac01fadb575df11dd43e00a3b92fcdd8c7702ea49d951e7dad2a56c075730b4af1ceda2bcb2310256f28312579fad40ff471336ea6a44143edfcffc297258d48bd2ea47efab8f0dc00f1e6dba1a55009ed627b7
+MD = 6e5905b22cb95e48b73c5a885f5463f554d81257bd26301c4393d57fff1c8323
+
+Len = 48824
+Msg = 5223e2fece634a95e1e7c83ad4a11a0478f4a41572bd66c2d7902cf4f94404cd80b1f58fbcb8eeba3984fd759410c12f8ee922865f363f684df5a8787c87ceb3086fb8535157f7f39653dbf5c66ae7219253838ec77cf1c6db518225c5ba0a8212e5911236474b8820ddcb8111b87320adb82ff553986324aa2a21c37ce4a083c89ce9931290d4c1fea933e31d014d7507a28e83aa917ccae10bed1a490e77fe501b299f8e3b78e659407ce1934d5d68c7980800746f26ffa9794ef1d23f793bd2eab7fe524e213e58280f441ba48b40162305335b3a480c2afeac11c27f8d817792fd7805d4b61224eb52d35c0fbf471bcaede505fbc9398b216f43bfd69b1a669a61d44fd21faae410af58ff95e1c3ff1528de1aba93cef56bff4d714d8c4cc88a4ddcda52444ec1208d99ab3fd9fde98c1ee6437d8d138f62c5f782eb4660c5eb28564b5b0d46e3a2546009148f3d02b837c5284e9f508290270b97b9b29e84445a0b4df662d9711e6b73c11cebcb7120dc427034b1ccf57d8e4f5bbdb84d2e1d4bc3862a2b51931d3c9a7a5fd6ee5f4c7327c338abd011af638d730141b6eafe63469eff50f473262e9fdce636eff4c5663acb6075a4fdb00c8b8a8d3322e1700a5b3e7db90b36c1a94991b8f51657121b442db6f890e208f312466778d73bfaa8cc0ead4edd0776155f3eddf9abb1bbfc0c94421adce83d7ee94f99f61e1f25a55fb596f8b40ccedbaa8e5e2cf629496f5ca60bc4cf36d917da4e2b973eb57869dddc409dd66d5061f22642743fe843defa0b19dfb2f56425abeb234181267b5c0d2ab4268c538510feb191bbcd1631b0af6c7451cd4c641025cd8bde2d9ab6e6b948f97c1ee6f35098d553e8e9da9b4d437125046864633f109d6a558b38b270a7dd1785d44d248a863a91e3db5c0a1d7ec133decb65e81c3402c98ee329f660a092172bf6b1a02491895394ebc506882805a6c93e767c0e58a5af717d950a206c0f0055cb39ed88816a9fe3613d15f608e486ac08bfa67d462d24e6a0a37716d3fbdaeb9c0e951c1e847fb884ebc1cfe707dc6e7269eed1c44331d5957bc4ac9dfeaed4b157204a3080fafb9df8917b8d15aff9c49cdc739b8fdc26a546794991c183fa523d14797e051894f48b0d62c2b70834467ff9c993b82fc1152c1f5479ec6144c7e8fb10d1bce26bd1cdbeec4e95ee073f3bcc3c7367328e30543d371b27509a577f5c79f14d5f687ce62b82f856695af9f7dd350543ec763de75b593f1859e44c2ac01ba65f98743cfddd8a89a38115badcb51a0ff5655f830c0122af6a830aec13ae5eb89a93755b3a5a6eca233f21cb12db545a24a5334becb8fa32c3d7f5805faeaaeea85a551fc62c94807faa6474c0d74cae79b5d8ddae07498fcc5b8b4f394867112ef5fad1c9da66765ecbc7fc0f3269d29c9c38817c77778f2c19b5a3c705fde9d76a4eb86aed4a7369a832ad267312903462397f7b8fecfa8b195cc2316cd53e48c3371ed2ecaa3e484b8ecd2e22b1aee910c51ed5d71198936266f5a00655d82c089f49295feda0a2bcc1a54ec8adf565acc3a8b2d74c30eafbbd843c59e67f293f6d8296cf7b611f01b57dafec6e2d4d411a633918068c38ef47b72ceff1fae772891141c3bc496824509d78165c1e4cd4b4989321a8722643eed69950dc120fa8da3e53c3181f252d7c4cd2cedf8f086f788ee77a98ab5b019828aa02108f49ea4a51f457f7adfd2220d3e59d5f4a29194e8f5eac40ff80312ff6888ff6393c3fc0914b08c1b9990d247ad80a441558db1ee1203e07353dd99a885a7ff5d791af2548815dde0ca1f56f89d39ef6b93dbcd0cd54b854173903c12649587433f0425fbcbddfb66ebce3eb4800dfddfe7fc44d9b23a3916b1db68c187da4dd13ff0157352814b1a792de7fff855761abc6fb7b93b48525fa90fbe3a51dea974069f3f5fdea86387eccee13f58a8eeb8abc6a43fd30e9788c3bd9ae1751b30a82d420225b2abdb1bc121b9073380be16107188d20be54f2e9c658d5b443869ea0e991c496104086290b6edcc1b656adf94f0d42458750fbd8d88040c518ebbb644f4dc4f7c6971d8d60eee0272df7b51a3d5248b4b264fb22195ad891fb6ac994ae5c0bc6714ae0b0b9a484edc576638b78ee89b568195a8f33ed8362128c30f9b0c7804b3ce1355abc96b15aa55c1e16a9e9ec90d1f580e7cb412a7e85d8585bfb950acd4de5865214ce4db7f6314d81784c588c1482d5f28c5fb62e7dd7aa8237ce9396ccde3a616754414cdf7b5a958c1eb7f25a48c2781b4e0dba220f8c350d7b02ece252b94f5e2e766189c4ac1a8e67f00acacead402316196a9b0a673e24a33f18b7cb6be4a066d33e1c93abd8252feb1c8d9cff134ac0c0861150a463264e316172d0b8e7d6043f2bbf71bf97fa7f9070ca3a21b93853ec55ab67a96db884c2113bea0822a70ea46f9ae5501eb55ec74eaa3179fa96d7842092d9e023844ed96f3c9fc35bbc8ee953d677c636fdd578fd5507719e0c55702fed2eaf4f32b35ec29a7a515bbc8bf61f9baf89a77aeb8bc6f247706c41d398cae5ec80b76abc3a5380001aea500eb31b10160139d5a8e8f1a976dd2dde5ce439a29dba24d370536a14bb87cf201e088e5e3397b3b61477c6a41e22a98af53cc34bc8c55f15d7924e7e32fed4d3c3ddc2ac8eb1dfc438218c08c6a6a8eea888b208f6092dd9f9df49e7ede8bf11051afd23b0b983a81bcc8d00f7d1f2b27cb04c03aeee59c7df23a17775ae5984eda788eb2015680ac5610fb1380b4e7d7a9cda6178dca98690449f5551b66ad2826cab2b662f56903fc95b4611bc86f7a834a34ddc3be7bf142c8baa096abaa3cd51ad0c0b6d15e590eab9e50a4c60c91061f1ed6373d91974c1ad9d263110a0d43fd8b596396cafc0ae70b7ac24a59bba090a6994ec483db7ed4c572f723670a11c724e8ffa2497d8fccae37eaa1d14ac1537eaf80efbd2e597b2ffac97f2bc3cd2c4017f170544dfbb0d9109478fddf06ec0981542bc8107a725be25070d2cab4716f4edfad75fddd582ebd363c49e8efaed9a76ee51f22304eebc232a4f67f865b04f610a628fdb317116666785fe8ca30619a07c83cc449855202d687f162b12d93b63af6e7ddfb7223d4ab998a5f450523c1d521ab76f4aa113cc2967e04a38dae07c51c2d0f44fdc8605c3c53ccee91a2c73dade5dae021cbc87d5cd6e5fbefb65335827311fe1e91921ecd66b2055a6102d7a976308a80c44e6d47a67718c84f2112d65486a558f1f269b91d9f47e3e11d09c0c748625bad2718e3674898abdb19d3644bcdc9317c09a3ac02f514b2a57e6a706362e5f6e8fb16cc83daea0eec85fdc8c367d84c9230730291440a4b109f7034d510a3f70a22dd4fa69e8b65e5fdf87045d560eec71f4e59531c7711d4f8917a96e22ad07346d2f92a13fb4569fa6a075da6e1acad1eac1cb2ef19ab452264de2357c927c6dfae6598cbc821eaf3b8da754ce91a96c702c95b2c308bf3a550cbf4d22d417745b5f17d36608feb826b862747c59d26a0e8eb96547a1852f9fbd095f1c5d20721804941d462f3ee2f0876ee2825c8df24c4f00f0844e50588ac688127013df8eba3c971362dd255420649245e880212cb3d732fb82f866dda090040f28e09cf1c86eea5dc4fbfc373eb69745b4afd841ca8e172d4a8510e7698345fd4cab9ec2ca0453a274720bb2d2e5468bf0d0f85919dd762fe3df969e6c071285e25c2e2a49659b8a78289aee655965bfa3cbca9b292a19a855ec40293185354ff4da9451ccf98abfda07f1137e79bc89d688963081dec641a99656b040637402890f185edb28e7e6a2f65848a6af158f90eea440aa6246a2e6c31f5d220b9846aae2027afe5a7caad6dc16b56463367cd9e73bf22a1d6172145de4565ee369c55e3b99ccbef70fb080a3748340fbe8f6b95ba46e8b76de5a3c4bedc37c55ae24ad02267da26769a3a732badac2e0f3a5393028dd54d78701647582cd04c8310e9f1ff1b433125229547130e1737a1f33604f0d670ea7221097c3eb9c7fa4b8293d7b429af76191ea8e481dc1da31344537a09b33404d782eda1d6f5775500c1d8efc615778baf0905d9fcba1806ef986c40b1c6a72335104376b58266c36f5939a8b95123e8635c0c95e80aaeb97379b1179d6332dc07539b595ec32eebd3a336a1128f3cf2e2924db6d8504a516b62f26d012b7f75cab765c8374a3824da5a405746023b51894649ab422d636513ee809fa181d5b6fbc63351e37a1b14efc8f739e86ca78ae3e280f1c9e4824b2976ec4dd308ede6171a7474c7f530128089bbd75e10f9e57ee17408b4384f99f886a5f63a2320a9b90eb9bf692e1fc449171eae3bb1bb17a6ed937ea57af3c82db84e073b5306683e1d63705b9742a085fb802cf5a1639818417fc2223f476c2566351f4b3b17a822e11255f3c3412dd39190e200727bcd3f9799519ef792ec7c2b0b9d0e2dccf013d436dee63483c2ce83c15c00a76c4d894a60cb90366ecf9e61221ee8bdaec66d715159876d8305b35c81f96ab2cd8f81f4769e9a6e439c08c329036f5d2591ac42f2747bc0e77d4e566358a3271819b6003b290211b9b847ab70e906aed9f86cc38aae27e1098fdc3bd5d84e66c45292183f198bc329cad794aa4e430534511b7d9a75104061b409676a16c1146af0a286e2de8bf51c4a35193581a902bd3224cb9257c961989042538092af92644a63d6d6f6872a29aceca39341ad29dd22354812c4b7c7068b039ac9ca7e6358e662a28be001d4aa697ace540cc3ed3c97b98d8c5a6fd3543ae9a7962c9229b14b0b646229807747064be3e83191cf24092dd67f675638d9f6510486379f47f5eeda870a3187946819ec9ed05e7b325bfd0eed5c9a0f4a2063d63c1a8a0a309f586c94d4a68bbe860ae9599ce204c92cf9d92cb460ff99cff9e5a8b3824786360e1e1861e71158395faeaebe7aa2f61f76190f174aab9a313f0bf4f1befbbb22768b8c22719cf3fa9ec908b576fa4bbc084b1ee5b5a7eddc89b58b45ae7b421d38215aa6e49304323eb4e202655f3c8b16ebd6b03058e75a907ee63fcf6aad5eb96c1e5faea81b88b5eee525c4663af52877c0f759432913b9d48030903e7f9f70e851cd4e20bc56aaf36cb02293d992b38b583b8f0b25a08c3303d8af5b1b37f5127f7021b13934645ef3020e5caadc5e7326ed4ff56f797e26cb986b6512b0cc76f1d8e7be44aaa88e12cbc644f14a7feb979d2ab66907063c51e052d0f8b25d827377fecc5111be0d365e08d17f559e3134cb9db294f1cac03150f4232f853ec15ecde55fd1023b58e83934869796400088e9177e85a2227ee45addd049c1d6b03e5b29dd570496fdb2fde7d8cc74fbb5fe76266ebd90a3b4d57e6e6cb9f0bbdb7ca03ae955915768011c714c909a27ee20135927af55d4feaf2c345d029a54af942da6f85f2103345d059f66864e6b0578111e2ddd5a1cd8bbf4ae35b60747b93f53ec8ec64c10cf4149909b102a2b88712ff3e5ba3611cf96585a6b36fffb64b8c37a114d6b16a53879136eb0b5e003a5a068e3e8422a4fc8d7c77227cce64ebafcde2437166b62ccf486660a7a2ef37012ebacca26ecd5bdf363feeb06aee39050974c25d6a564594c67f56fcf7ed48b07fab4e25ccffe002bbe460325abafe37f23dd9c145b4667f146a1635e462330f02470b35c5a2519f1350c02b263201ec9026cfc57d3659373910e878f2b6c1c5be774df8e01e775d476956c257bd0ccdec17ee939c46e5653d5813eda752ba7bbb245a99a5db1ae55d19692074c2e5820df97c502a4bd1b12929e1be8e9ce6d802347c3e9c4202de6046436c05ab55b2fcb2c227adade6c2046d98102cfd0d859a91f8104eb9f6f155da2acf93df2405bf2c083eafd3ec41d60b810e0bdef6298b21193642a9c0c646bc6771a5c61a25604d96bdb727abd5a7ebe4ddb2a56a6ddece26d8007b26043ad44279c3c8ffb7e6ffb3cd4e10ea2780f509a8a9bc31f99a7e66201195f1543a0a020f754d9a665a29a896faf673df6811379579891374c71b2234fc61e95d4d46f15d44bdb4d7c3b3be3f46410ca46827b8cca976d8866e8ca33c4945d5c87b705588b78015b529843af0b75a7e1e871fd276c1e947d896b92e6181ab7e3ccc7077bb57fe85a6958667d3d7a790f6cde1cebb494c2912478a0eca2bfaad62492e9f1caaa0cc520da08c0d2d910cd44255f4c2ca0646dc89e789a1cf9a28e2f99315d33accb1639cbaf0c94181b85fef648bb4cc7f66dc65b8e90bf5f3b763e58520098febfe7e47bddc2d9cdd5e40dbf4ddb8d51f51bde2e57432266d248d13ed09e62f66794d188f9861c50ec41f0eee30f76f4ece250956733ee97036098db41991a4a3eb7816196c8e447db3a2913bcd992174a7bde1f42d57c764b47f5bc09533760c1ba74943a0dca291f2746bc1fcc573f9a22c72a5eca347b1679683fbc8f32b08d381baf67b7266b14b3ba46a04a3ee45881ac452f64df1bf17f70f4cf9fa4dfed9ae70184679184784a0451d2f5c19c02031e0e4957b4df68b4a069a6f6f6458f6d773924a1841ba664a55c2c3187dd33416cd410e56e4bf8d3671cf737bf67df2a4cc4dcc786872b9e2dc4009fea0e48a749353ac053d80e36357d24d468dd595bc823017c015d7450fe38149370c5decf13b00b6b0e0a2567ac08b45f7b0c8a7c89d227219d051d17a706ccbea49a42035cb327381568eae23b5e2a3b7e8beef6f260d24ab224827ca8ee9d640dd23eee94ed02c9e26abb3053cbfaeadbb1f365a24d8769d92240da842e0b361524020b5c9c22a2fd8602dc9600aaf02b35344309f6bb018a94d4cbc9639ab7430657c4046f0b25df517e31626abeedd58c2e19aa0ae1a43ed2bacad91dc04a2fdf9cc33cc420f4f04379e95988ab36731d5d5402d89fb47e826f4243bb206124364d63564a0872f8d2826eebd9046c7c6f2e7c951e49d4b22a7eec89da1fbed890d63ef15f26422185143c89da3ee269f83e1de11a7467822146042be92295a585e3a09e720ec522e1cbdcb41acf5ac45ee892677ba3ff670d71339a76ed98237be252ae21268e756f05ba0b094a1803f9da84a8a05d0ec9456cf565e1b548cae95eafa0fb01f091935e6eff2413bcb15f605f15270408216fb5b41ed83dfa1454c522375e35bdefe54275f109d0ab450636ac4d8e4d9e27f2d81a15b8cc5e98549254a1c9162918db3e399118f5864774a9d6a2347e1315753071eb1204c8bf5f52b1a0da37e484ebbe545fdfe6b031215678c3b83a19a24d7b661f626beb01eb82b384f02f42bcad4f40addd48db8a92b90d2297e6143702056123286617f86fbef4fea940f648867d790b8f803abc5f4e0e3f4226954c296afd96e287e21b7243d05e743161810da578096521805edd81f68a45500f6a3a1885cb1f45cbd399dde024df65072eb973c827fca13eeaa3f140842016f509aa9ab4603d2457c92cc9aef24950697a0044e3d7c483b8d8391886cd50dff8c2f16de3d6caa7f864c1b3874750781b2b78b545a94b4da0b0036433c6561f5cfea50eae9f5645302eef18238473606e9b9931880d0f6368fa9970d1ffbe59c4454bf97f4a5e8091801b53ee4a209e0642d83605836f69742071aaebd9d813b10f4ccac03851ee9f20cd1351f8e68554c9bc5f58ad19d474ca128edbf561d195e52ddf3c19bee3bb597ac2f92143bafc98bc09fbda6d18dd4ff2a93cd2ba17f54f75c32d3f141468c2baef4e53b6a340286dc2599bf7bb002aa86688e26f5b51a6aaf32e48ffd539d4f3f4bbf0cde2d20138151c82384f9ff29a634ab4e0103d93340bb9a7b0caa108bc7fdc88d7de14abb17e9efdad2b0f304f0bfcbabaeb1b9db75959dbf54930e67aed3a9c8309aa90506b6b9ed4f1d06c4ced19746e206e1e9b8879663bf56bf6c5c920ac5e09e6579b780cb63e1875ef0a731b726864b7ae5705a2d6d343a4a213a05928b7337a59f900fd04472382610e2a8d25383c9ab5804d609e79a88d70eaef3ea22d3aa9100fa2a6e98e97684ade9fe90d6bfc59dc9dec3d3d8db8990bc2123ba92e64253235e9b4d682e8aa04e23fb9bb6248a77c065e93249de829bb2fc5ea9e396461090222816bb29bca37bf86698fb995f62c50110cf418bbe2078a56c5f1ec9fdf3d0b09a719ac253b5bcd00932ae058b86611aff51c8ca8448978615854b69b0216a6eb8050ce199fd9a13aa0fd652570a1b187f61e6831b3a960521c3705da8c5e6c64c7b196ed4a49c2912d77b670b177c6458a7a49ecc1ffd8c57c0978d2a05cd1f1c7ac9514dd14b7b0933a52cefd40b6452ca0903df1f55828025c7e18109a6e0f2ab25724cad2d6f57cb5d894a6a508134731e9b9c61254f64990941f4faf97394b634b91860cc6ec346aa666600d323c849ea4c4a0ef55acbc56495ca004f3fca42ff0ffb11b0e1164c95ab89bf1db3d4f575ff334d4e0d7d50e0c54c422eac5ef78c5a3be95f2e18872540fccfb597211ec79d9d47b6cf41e385b9c2e92122167fe584210f63bf919c620d
+MD = d7c901f0d92a868dced7e2659e90121108611dd7781325fc57e5c336c2279510
+
+[L = 28]
+
+Len = 16
+Msg = 3dd2
+MD = b7399529fe614af98f9ecd73e45790406883cb22e3bdcdf28fadd033
+
+Len = 104
+Msg = 3d232201038fe7d846ac1bd4c6
+MD = d0aee5482c509540a4ea4b902bf42fc8df3af6de42fb14e903d1b2e4
+
+Len = 352
+Msg = 44c98cfc71f82215dadf494d68d1d6b92bb4eb81fa0fbf945a659d9aa2c2302b5c93fd3eedba31e479e29d36
+MD = 56c22e6066cd4c4d6415c5a225257e7f888b317ba4e98eadb72b4be0
+
+Len = 504
+Msg = 02a5c7b1b749d6d49bed302d9439f23ab83020bd4d573906f4190e74216ad33aceab775f71cd31092bba5cfa42f0845bd16fc1b8bed6434dedc92f80b395aa
+MD = 33a84e66cf1ce6970c35807db25e05ca05809e53d4e34cda9bfc0045
+
+Len = 13976
+Msg = bd70deb2cafa75918308d703a6783fe9dc5e3d21de9bfeb6dbb1cd531ed5dafeec463a02abde302d4ae6ab3cdc2f0f94865e38339c88bde507ff71bbea6b30b9851cd8cf599e950b8c8e620c90adccba0033f934ca66ea0a936afdad575bb6235099beff1a632c9114a8045a0919fdc21083880eb05c0d8c489c7810aecef4a41766f67c37557e28a9db9a0d909c2b167ff7eba79693afd3ee3aeace38eb73a5a02a882cf89b123812cf2a0f6d5edd1d14362ce9c43257474def5cce3adbba8cb48e7af9a45e702a182dbf47e8869b3f99e953ba81628e502c60d4f8ffc551c31b3ad6ca85c52164839d5e9d493deee4d4b76604174bdb5655385d34ced2c1b09dd5a486e1f9ac501bc611f9d7aa5c748f496faecc14c6c18e1dfc6aee2991bd0207ea1701219955a751df43dbf66f57904675a0e9e6d7f9a0b8bb82a8f44951117ab2642d6671daf1e5d1639d48aff6a05781c2b5e8976653b0a164445872d393d30355acf0bb49bf2bed4265c9a3b786249afc7a438d706eadb6f90a7f93ad51bde6d2c8e6ff09dacb3dc67ba0d3030c54c8367e1e4280bb5903274191344610de61c3c770c6820a6cc9d826f7c743f88f13580ba23cfc00598fd733b5dd069bde7f10f2b8961c16b69761b0f308dd137f844a67f6054e065863f226141755b96645a291e3fa3fc853b2475fbe1d3b25ca22f4da4425dc95fc855e63d6699b311ebd5fec1c7753e6e81f747c808ec3f618f63eaeb1221075edff0532225c40ccadee304a8997c03920e7ce4e60e4df4d120611296786516dd4d9cdda2077ac52bce0fdf552e1ee89a0133f1f87a6f6f35f5c53958ed806465919a0a5fa42488bf29caf33a0dd469e13abae351d5c6fb1a800ee384da199c823c965d9d5457a3ef8292c4d9b142e3f1fb502da498eb44d95f8c85bcd6871bbdbf004bfdc09ab35758f5e8b6a0d0f366c3b255333c52c8fcd4ecb4536b5f6e72897649f3415443612d72c3436505249a344feeb04883f41f90ade40af119014b3c56fc108f1ab0a77087d9226665d416cd975e9e4605529c032e8926002a70924820c6c7e264a794b2a3beb63d69ae56e017294fad4d611cbd0d3847212a38f22d623eabe3b884a36464d8814286fff52c4dd366f6c2abfc2eb865e0dc9ec6e55ca9d81f1b8cc47e2629bb162e54655bf2a9e156ab0bafb4b8ce96858aeea6e6665607a3f268036f4890dad759486b15e3c9e791429ec8f11bae4ea7c490656fdb0551dcf0b0be017c08bc674bd97d9d701c3ac955e2941ba7d5f2ba122a6f0c1b164b1caf2d50df111fd4287e9e195d181f6f514d7dadbefdd4274edc234025b727680576046842a834b6ad89eccaff5c5209bb91d652357e3750d8bb0165572fb71d09fdfc60f6b1e5d868c67c0edead427e7aeb734e29b96e03ea174b6b1af523feacaf6bd745ceb1bdecec9251958b7f521182daddf62ff6c4f58977adeba81c616ff2e937ca4f16eb9c44e63f9e974709122083ae45524ff87d7a0cca33a90f09b660db0efeb393c61967de2564315827ef1cf42b71c0f822f471713c9d885a3c3281d7c95dbc96f1c6dde0af70ea11232b00a2d215ec8de8fcf84b6193b6ac9d46de660361aabed3371fa44a6f32107f3854262eac355f9ef98701f580b4649175cefc29950e7a0eec958f629999c4b0a98fd4bdaf5c0bd97c963b551f2220bd41ec00b8726836e949e818a49aa1ac5bf12c64fb9991111ce8be3e0cb9605f753dae1a4c84389416f17fb66cecba45d591b22d64e5a4edcde067a088d9ff7f5dbb9dbf324510000c55d50f480a640fb22da9b4862dd81080d61af9560b601edb5e3346263f5f193df97079a27e3f9876078b80ebdcdb17ca4c50aef0c8329c72a7f77584cd963e105eea9c28a2ad4e95c1d018e27d0e720ea59147f59ad796b80b6293da8a55ed47e8abdd37221db0a5eefff31688e2adc294654ab0fddf9c1ffafd4783f01eb539492cb35a77315d0ad19395f47b18298a7b353dcf5bab0b2f193ff73d99310478d2e5c4ff1c68a2493c138818edef73caec9977bd4eda6249c8933953e06d796b288f78b18c343ef561082fd03bf92b084afaaee741de3004abaf746350048294bc52450e31147173f2da13d6ffc5adc718e149f9df3702f414dd3ee88296ae8a0106b071b589e8696401da7993d58a9bf8e5bf417165498c96b4ff5fd2b45bbf88f551688425122a3737ca54b2992fdb4d60957a93097222c3cf4c45dabe18b9d6a69e6f27567d5adec489e4b6812c29a8fa52f1de642b7b0e749c16f54473ed5ca2fdf2199e885fed308fa62a3e0deb7e0b8e439e25b3e9f95d755fdcb7ebee9d73069dd57dd1cdc5145205882023b54f2c9dec6cced9e3f6d24e8cdbb8ef121b8f3eded574d81908e867af5ac82bfb8ed60848b4bfdc1d998bae3a9ca80c1c49601d11a40409c62b1536f01ca67
+MD = 60700d4ef068822d0fe6df450b4aa8e206b2790d6dcf973229a59889
+
+Len = 48824
+Msg = 5fd54472a44e4476d254c0940071ad42dc723354f76ba61f63fbb9df80d1ee56136f51b6982e66c1da83602fc08093506a9e2cf27cb92085ba5c627dd63f59f8850e91a1d86cb1d4ca38ad03160f3c584b128d9b21e935570e086d3815307ab8df396cfa0c100bf6cbfc0fd7a8258fa1a656bc178e02cfdc868540d8e5ad39dd46794a8bdc205e710555ee7421ca7475a4f3232e6a0cd55d4b5d4525f0bd7eb1e455931aeea6918b9fceb2a32706d31a6d7028a85e102f228417e2e7db68317ae155af70eda98c8dc1ecc32a62e294d92855354c1114c5735a3c81e551b63a81650107557f3237bf953989d17c65a0fafd2bb1e32c237f98f55389e8f8b0810e97e201914c487a68403c6d621a98ddc515780435564245d87ce462b8785def699f7f06ebfdf33dd1ed7dd5a3e781348298c7950a387bff7d1878731d7ac66ad9a6607f2c3a3b6843c2852a5e882a8d78ae9dce2a79d595cdf09626dfa6f1dba7d40ed21caa29e304e7dbd559a89bd1f07d84165dc259ef112dc6e2c5a3e82b1c50106983f6c4965c85073c5deddbe6323003d56abb0df590f69010981ab3407e43eeaa29c6156995c492c931fff1b686eda3741a0bfb9094747d1620b2580415d431ffd6c02245f6cb03e39f87e82834dcea59355b2ba663ce145d2514e15e2b2c60cf518ff510c6c3e2f16d2dc523832762ed8352a320462ddd4d6fe755350672038163d996b44ed3b85d64989291bdf39398cb996de785b9614ec5d4bd73efcfa37fd4470b17d6240b8e4c715759286b04c3d7d791e2689927c9f18320ff2e6bc7306c805e23a5de66eced5f1a630cb43dd46db515f837f6b824b99b86c10b6df7fcf22d97be05284edf0e0be597b3f9c63556db031339f79ac9e6c5f8a1cefdbb4b30f5bcd23c2a4dcf791cbfdd6460284c5af0621ab7c5571e40a87c87be459c85ec81d746930dea24f43bb11d6611ea83409d3bf4f987778d8eed1d5b246a2112ef78ef0252f9ae464810c13f02359441d289958b4766807d9a3be0054897d35b01830deec1151f9e3d42f92b80f4aeedd65c78c6e98afc562a3bcf6d72f238c6e94a38f2288ac7929a7a61c92875c1f115c0ed8d261a727f0794f17ceaa3dabc717478f6ce7f2e8b295f000241e154b4575bfac8483f6b62f9ef4e18f7d341a65faad5e2fc1ddaf2b09adebc155ff09e63d5aa5f95206e66c7f4ef2ae3aaf3ea7c93589efa8c552df8d203e0ea181c1703d7023b56e603f33b4adb9bf44f7af290d8081210f327a6c9b0785709346087fd090c42d2b8b2711b9a1a5173eb5e246320ee27867ad6c3eadc4407bada44561a12cf5d53bf0448308bb536a8a525eabc1410c3a34becee25fd6fda453251ec229b53751f2280e142c6b331daa659ab655b78cfb08bf18e40bb02b7f1650eb2dd4ba1707f0aafa219f21c29521581ce249e2e34f5656b0a04c00485079b040e13cbc038bb9f17f47cb8f908591b26bdc28538d8baffe4cc39b17d2ecffbb9698bc2b8b31b08424034c051b535e0cfdf07b7a0a54781e33ba739759991aeb72c0ed992cbe76eb8ec0ab12c182e8b049cbadd6e82e314f1bf15fef5ae95dc86bd64b8556766f8ff62c33492198e454e5ca59ea856d8e095c04da8045522abac865506096ee1cfa1082af08ca09b3533878ea3580b6c0c57a615e0ab768246b3eda96bb6caa01a2648068e21959f843d853e948588e8c0bfda364ef1f9fbd3235c27916562eb0214891eb55ae0e059f4bf7d1838b5942656c27899dec6d67b823a981d1e1e0aaff5323b0e3d69a7dddf9b12d7787ab763a3c7a2697ac65b655aefc4bae7e6444850ad2540d5193b378682c77a4dbf9aa22e517e68cedfd1ba32e3730ecaa2e3f6ae61a4f427d6e69071dd62a9bf6c860980c9d23ce1fa82a1937e6dc1ce3a2de096b680d23d89ee102912ac0bd769c1c02095678dbb00b4430428797cfb966b2f901480811e1b9cde358b6d499c9e93f0961f050465d7b0c70d4961e75a9fe40a24e36eaad27238231dae6d0a17f446c16bce7348e669be563649eba9f23be29adb8b10f462780a066ae573f74e51215a26097b02469c25180890e06acc53ab063c742e08d51359b0a39749b84b9f6be44f3ae3da8e5a2f340a8607d4eed08877d007928d332d6f49502bb5f416c46d866fc87477c58a22d3c5932a8d6298c1151daa032c84ad92f8f90b8053b5aa6f690d1bf682f314471cbf200f3d30959e07adc6488dd17b0be5279e727f3237b8b4b19b31a220dfe63882937f8d5ead677608c42a57217f2239614c521d94559290e3b0ed8055d5474e96564224f6ca6389b40a71337da11e1c307dead8e4eb43252cc2f1c49addb18781cf20acffd3db693b02e5c8ecc949b51b99005529e0149a13390615f5df6e0bcd68e1ca82b0173d25134dbf76dfe92daa085d3f6b1e4d18217df41b70c4c40101884c2886495f2ef8a473bf23cb47ab6533c93cb38c36c6dcf6837f1272fc91a6962b6e1386fb643e1f1d71fc75ab58d5800bf4081217cdce0c7ae9e3d25de543fc4444314f32067eeb147c08c55c5c8158ed11729837547f28a300eccc312260215f50e98c4e3d4170208a50a4a4def1243538f906df8476b0c46d3449be73866d463d422595300e160840daf8c906ae4aac13a64457853b0ea6d8c32f4efe3b48c0b1450250086d459648b0ab14fd3f341a4a803be77e56a811e7a26827eb0a1a9454f90bc6ece665904adaa3cdeb2c4847858fd1d79750e8cd45d8da9163784b8bd06629410502debfed5eca3cf8fef0fa6bdcef6efaaf35a1986d6fd68e0f436dca9442077a4818ebda4606a94a3c93fda46e7ef5ccfef656896a0d3d93566b02ed8c3f6174417cdcb99a415b0c6e9816d94e64b438c295b4bfd69e0d9ad52911de5509971b7370593160629b641d690eb2828bf363857983e3b9098fcd15e66448f786f196685d2ceaa251b17ad06dacd614d9fa78ce0a8b9c1c360b529d0bc1d17ba0b70ea8ac1b8d67f6e5770f0cbaee0b38109d26b09493060dc851f5fef121e83e30aab9c3efc2b8397e8362aefea1708f7ffa14d3656f7f7610f3a629bce14648a593250c6f309c02c6c552bb42984ac58db920dbc7d98f59295f37f3e9b99da55ef074ed65801b390366669b4c7aa1c483ffd23082793f9e5cbe30c34250f63fa3ea2cd097593dc67e8d27b7e4f07e73a9f7b33a5ef6962df1381a038d4f58fdbca9d71ccf640b917f631b75d4a2e8ba46c64a6223f99cee30f47c1a935dccc7f054fc39d3498c824e10cc3ee337e781a3971f0e98295aca611bde701c2359858914248f6bafc88232bbc27bd85883b00990bba7862fd7a7cbd4c86df049071fcd10d686613ec877758d83927cacc530bed9a596b5b21c6fb748c379d676de7e05719a867c9f934b5dad99ed97dcb4e70a9b6542ed5b2f086d9f56fc9752e788785ef8f7837a31e433438cf2f18f58be37fe8412f6d21a5c35000a5efb862926700079413f76ab2c3e79e20b516eba9d8c29897097bee55157936607cabaac41337ea4cc783c0809c875259f8020e16d5045fcc39ac796d11a82f25fcc9579bf0a010200f5745065175fdc15474ed514cc796672c59637c3c8f236cfc9c0978a3db1194680c58c27746090d76ca09f7c48ee4ee7e1d3cf0ea70dbbbd88e30e8814b57404dfd7c33727a0c84cb7bd468b0bcb3c89b526679c00fb0892d2a5e7a3d73698a3db53fd7d78460cdcf24ed22b5f39b8c00b3506541ae4a5b76fae29c1cd5b0f8c3ce142e0af7ae4efe3fa4c438a604bf4a9abb41e3fef1b9227a7dccc3f4d6026ca289b4b1366d9ed546abbbbd5677c8d582e79e2b544f18dc23809ab753313d84dd10fa3ed2f723f0b46277b8877d4f3e0665e88c50caf0f0708b746b736b00c8c83a7d18500384bd035996aebb7da8f09fd6af9b76fde7fbfc0ee854d7ec02950e76abd23ffb27a6ddf1772465016c79b98a61bd3940547b207b6507e32cb9761a5604f0f546834a8edac7ae06910045de218d761a4accea886188f947b57bd876491709028e2e24b075d6b022b51af1880ca16a8c65b7c69e51b2ad580ee058acc0606f0a3a9ea1cd4342bf4be602e941dc4bef1239bb9bccbc8098a6a17d63186c6fa75ec44b6e4fd38a3fe49c5eb995f0cb884e2f3ed6be02515fa605b98453ad935682c3bac6a2971bb68f4094cefeeaceda92dec803ccd3d346f8b40b48f8f489e118a17367801e85c79e9b3bb5d73ac44a8290cdbf83a154f2f125090d42e1a1cb72f5ebbd42da46c7a4d4b9fad9612a4c800de6467ceb74f831e1395dfbf5799a3429ba34754add4b34b5960a5fee8f752dae78450322a1ab3d7102b77e907fc1eec5355991e0c7d6c0866660e5436248edeb1a37c0e769a0764cfbb6354332d6e55103b9235c84eedaff918af3f0213c435c32ab409a4b5c7eed8ab6ca9e313dba459bcfa3ee92e7d669be0526856ac3c06a57fbecbba553a9cb4655a901d98af02b74098e478076655d325bd7639d73d7ae00c62fdc361a997ea4ff5b0eba33096b12f35cc7cc0eea62950b912b47c11b9fb386a47c4c15c0602d304b2541da889cff299a1fd415e7e25c70ee4cd83feea7e6a9c50c75d9b128458513d61ec5d0299ef8c090472fe0850f384938ed44d36f10cc2c1d31daee3f946a2fa18f9982a988fd6ac973b1569313ce3c8ff5746c4dd85a241f1e9dca0e904c091832ca028533a3e34c184edcc510bf22a27f530bdca3d057928a96f72dafc73a9aa6dbf2552598e468735cc5736c67a620e9455483e9cb2108045ad80569582ea93a53b491e528c8df336fb326ad74317bc1dfb8ec30a73af01a5dff3e437b7fe48ba5dbb3e8f01ae0c6fc28675a415f23a796bb6e0ef0efeb4b14cf20d4ad88ad1966da43a76b454dac8687bdd97b89b8f8eede91eb34ca4a0523ea65736ae39341fb32b9b716f25662a37382c16f3b9c346c84f03bef54acd6efb364c6401b07b3f7679e8e7f8c9b77b75e6e98b90f4df88460f1978d19744eecccb743a999aaedd00b5a94018e9d5a56bac9d5d55f6e93bad52e84aa7340cbbf98d56213d9dd3e1970867e3972dc98e61b3cff40b64ec49463ff79a41c82dbbcaa37a82b761f432849aa83a3d3c9a209e2207b87ae9ed9959ffced165fcb0d8873668c3cd8f18ba0f92f7acd2bf50416c22ce11692bf6132eb9f558dc789cf9776da94e48cf48607f19d9a11d5df4db11dbaa67a1d20e9f0c96f5956ee3f906e371c489efc88b0c1e56d881e7bf8dd5d6742622eb873e253dbe54f2e2e6d0e6136941de8c23e9a632727bb5f88c23170316c7aa0df28d8d07589dd6022828834f7ea9b4e5876a1704944aa3186dbf89e0e81767cfba03bfb38c55a9945209c4dfd88272c49d1745dce5ceb40f0a6713b5139dc2fb87a8a4888406d2610b7b910a9e5782ef0df719028d8e50a40a269dc9bee12157038522d06537bb31fc87d21af9ad4b2e7e127bbdb313e0a116010f65126cedadd4a122d15a71cbcccc346f55100e354b997154567fe3caccd50251d137c58fc3a2048dd5883b6af9248b51040c01a80c051b8a151a8878edf0304b5554746d6116b749221a1d0082ac925e6e140f0c3b6a180742ac8a50ce0e93e6399102f151d7c14000369ff52d0b537fdd51bec99e7271b1255c6fbc36d83408c417f6825a8e2a58b9054ab2c3ead69d97ea9947fec32d720653c123ecf51a9a3f0ed88743e3fb7b94aea59d0bf0219ee50825ef220554312cb907edb90e4d85f29e316ad57d3b90d859391fcfc63e6c0fd3ec27d4e1efd6e0b5ca8165cbd6af25ed8792d805f27fce308ca1d51335ed5d727558dafe05486a6f9149b8d3bc022026656714222830be582889e6800c0b170e48ebfd069e711210e4ac7acf07652a6f5051507de68aeffc9540cab5cdac84ceee46059ec23820c04b127266c0bf8df0d2b856be3377ab42592f495980baeddbeed3ba707a85dba64fe36941eefa8fd37204ec8c18df3852febd2b142b1c9a5cd0f9e424cd408ceb7788270899fd793db99ddb8f9ca8df550c513790d8bad37a1d1f4a62c4527bb64c677462c9b093582decea70c7bbe873095536728e7ce05d5cafb5d166a1f03055e918f787fb244c5857e3d7a1009bd37f30f165564a082c1510ed19bb1633811a76da70dac67641c2478c6b335f409ef54a2d0f370c9510d0aabae3cb998bd023778375cbf9cf5ef125afd584c11efbf40bb51839aacd3016e5e4d79f134245f952dbad617c78cb6f5712bd9c0c7e1303db5029640cf9b56e29329c3e6a9e0a2371aac1a437b9b1c4477ec9842aa80eaa22c5eac11b60c661de6ddbb088e844293ab8589c13d938765bbaa44301e4137148dd0257bd4c8c766c5d3bfe53671e9417cd1b52f622870ffd90f4e17b7a4ae1b5601a2edb032e353bca652fb565beea6fb0b2cdcadac71794c662677fb1dc81d116d94f5eced526b37c004b95284cb6aa2ac415754a1f14882595dcf4d3f1d905c6e8c12cf5a9d23d3ab55bdaf9f17d2f03f933e1bab89040753648c426b072b73aee8c2fc0d1c03fce2c656e20d4c96803fb2ef471b912267eecb4d6f342d3513894b94d77767823fe0c7438e51f21bcf16f0e98b94b23a10760271281cf843989824f7061bf834f93fd8d2090f70e939700dcb4d8964a19da39a9601a7e0ed9f55f567fc7d5682d55a9ba0e68861756bb549f2f17c10ff6bd2042a80477f89743d3d762f1dfaf230bb502eab6f4c46b26135ff3bef5faa179bdfbd288e3cadd3d88d8012706e19b7fcc6e9cc2699d3ba0e624e715599480d6b7dbc6eeea0d12a9236444b17285fc7794040dd40c2b2ef175f7f3641664fc9bb7ea6d7eb3489d504f8013d64a23aebcb5ce233405f5ade067dffff253f27e926431ad806703e8fab23656e0b7431916d8d4c72a7d831e3664e5f30839c76c8167b76f3b2dc75a6ef48df515e06ea54ca51de2fd9c5eeabb1610b7eef06a2f3167859cf82e1a5b76be8ed8beee2bba28c3b15af6890d7a37226834ec9f63306a0da11aff918753d8b83fe7220803c070db98195d6d18357233f5504a6e3bd6f30115d3987f93aa5d89aa0b8b577d1fed94da057a6f088233efc0f44f86798896eae9ad0b20c8c9cdd9d72a3f02213f6797800894b864cb44fed009440fa5b0197023929f9bad16f052cc2d87327788a68b9209f46fb4776b092d75713048b5453ccd699d19cafa8e9a93fdab0f0863711916efe3bd81ee71b8e0221e12e9ffe2f6ee1a4dc1a8de6e593480f3c05b3691e916a4a7ca51971eb2f0f693dd10f6b8468f8cf7bcce285938b5a0a76ef86acfa2990f88bdafdc39a065db17b845028ed2b7a9e331c44217de20440e406868f1eca818d0be20248c2948b8f4cb118b2e456e585949139270f57c54715f3297bf714aa7c5f72ed8ddf6a074703ffbf95e45bc81a02c42822c22d2b718f2de5e03d687a4b18d605ef5ae75f9d43c8cb4e77aaa0c0101d978120f29574b22f52783c667f7daab3e1f9cfacf2e68e94a24918e3fe2c4f061deeb64891b5217fe5908e7f389897751839982b7fb736fbfb1232684e93123611b7fc8fbeb74f8815b5ae13240051920f3b6ed34483ff673c467ed7f0a8fbf619796e485affbed0697415d2d0598ba34d5b9e44ffd12a5edc323883a2e28efe9baf860324f2d2016748503eac1888213926b0e0f0335a4b51820a2bd3b42d982ec6ce307b453b6385aed7a735a1e98479394147c40f01c532926e10e1b26a5b395bc150ec4b4daf5b1436bd0baa225583ffc9d9e9d8a354f60fded37b41c7c051daea04e689ab2d4e24d7d07c75c50ccfd6a527e024d1632246c6f40f06b86ffec0b29cf894b665d53d459226b93422d37a8da23587fe884dc3c0f2fb55dea296a9a5b9a0d101f186d9fa6288c912202547cdf958569d2cbf235740eed38d10b0025dbb6de31058e98780d22149c19d4bcaf06dd7353fd91cd1f47e47f45622e1472542be2f63f463d253617eafd4f2ad609f9020884905dd5c22fba53ccc619104b6c0203a7f6c8c26fc80ff6fceb8c0c51600c2e46b4b872e6d597511524545a76cb42278b519d911e6c1320e01682c551e204ccdf91290c52e0836167a5685cbb1af338eb794c10fac92950f3f7956acf28f1ca984e380bcff9876b0c71dc7ce4011d1d0f955da9ca885c6e7bb74c6194dadb0fb9146dd725c8a9574aaf3824b727c9be3fce59c35850b162c17d3013689fca858a0a51d81cf4f30d6a8705bbfe35ff03c34cc7c56aca32140d72c8e8121fc71353596b777b266d75b322c9a97fd2c5d4e2362f19c99de66da7bd9c495c03d9a15b28431a0c051e786fa80f5503a72519e6b419263d72d553d688349c0cf30918eba0622b953a0efce4415c29515c26ba15f00e548ef108afe3f8194aeb965e5e4be94f10df6c45ea5c133a8c3398d09fb80f950b83c1866a1637d2bcc195e05cc32a9233b244cc2b1d4930e66f032cb1163c37b3e58b576ab76de759569797fa9b8bb4fad66aaaa56f09c7a0ce4641d6799d7bb47cf684990ec1e08871458c211a353ccf1285e7429c7b8520180918f7
+MD = 85747c796a910421ecb364b4b4f0e68b49e9217944f6586eac4993ec
+
+[L = 20]
+
+Len = 16
+Msg = 8a61
+MD = 60bdeabf39efdf21ba9c0f94af6552d2ffe699e1
+
+Len = 104
+Msg = 37487aa02b03bdbc6bc62e7e26
+MD = f146072f92dc4a551721a10bf0b01564cc2b43df
+
+Len = 352
+Msg = 6ecd002568bae3bf1873993041bfa292eb94e9ad092d8eb3585be82e8a20cb36a47a06e7a57d301268a4a533
+MD = b0a2d6033cf1d8ff120a605b745d736ee4aa06d2
+
+Len = 504
+Msg = f6dc1d2f6b8e126d99939664693d8709513f97d730074ec2794e536d94ede79c81f2b2ecbff3c2c26ca2d181ada2c60050997f3bb087ce48d956c18dedb227
+MD = 395dd2989edc854746e384f339f0808c515747be
+
+Len = 13976
+Msg = 07a6372c863c7d7c6764e4f05addbbe161762735dfd2d23bf268e2d603cd28de9c369ac379390473e1d3fa7e37af1178cca54fa0f782dfbe68070952b93462ea46c640d43ffe71f5fba42df98f4c48ada0d8aca8753e0731508bc15dff283178ae5c10a6ff132eca5dde63a78d3ac94685152897828eb25a55fdf140fd33fd4e7b03f283e201a1baae8986d25603fb0b2566aab345fb48031d648144dddc2e3556c0ceb1104f348d96ae7dc0152e45c625d21b46e70c31f250c858aec4ab2cf5e79d8c79b0854e0abf5330b9f044113d306161968f4ad6f0973160c9dc296056d5a11523ea2b56fbce8387070fccc639ec1c65ec663b9dc49aa880dc4ddd3020c9d44ff7e8cab6266e436af19b4ecb82010a0f8f9469ef380034a02e3f50051a6a3f233dcfe9d553459dc1bebc538ae0183448c9405c351271dea808d908480e61e9793cca111b4cfb9874b799626a1bd9a0f6e0929ad51b97ad81b2438f5fc255db3a3dfec9f0d8393c6b245b03d3faeb58021db3ad391b17a91174a66db4feef1b4c889699bcbea7928f4d29be2d47f76455c8cb1dc7da9cda41962a28ad8cd7b39965b809e7c7eca1c6792c1ce1c8a4cad6290170e91fcc49fa5ff64ab433b4aa081c8da2d9bbb072f9f18ca455469b946c877e3006b34ffd2219335b30ba2e0980f43cebfb629d0b11fe70dff28883ca012c6ae4855fcefea20a08e189eaeed7eb36ed6db3835976f4e60053205805727c5eec15d0e9f155637a9e66268b9c1c302bcaae6ae88cbb8cf1668a487cc996c4662c4a4e195f094cb31c717165e0e13718f8388957dfe0bf69c70cd0bd763dc38c530b67b9c12244fcab8bd13f602de848a2937699f9ef77944e5f22e3b470601789e1838fbea9359c733aaee2c7082b02ee459b7684ef9bbc200da4b62d368351f5520a65ffa506dc9b097117bb7ae88d04d85fb525e91327689ec0fe86971480c0e864012b1e9f044c7d80a4e48c07320dd4292086e4c71d4c98dd826a9bfced112bfa2beb1ce85cad204451ec45703931bf637d4fe89fe8f485620b7f4b21e011a232ade7a8c92be77925e878ae0bea9723749528fe83cf89ecb9616dae6ca0e8d5754ec6c92abb21108c2f33cdc18c6887c430b72c5b193356494cddccc577bd4c2cd53188f352846edff0c2ac7869cb74bb16a77c0f0f194a7a9477ae15abb890bd0bcfeb0c39381a87f1d05319c7e971c10e9ef687f96450b400e25b4285032892b849fd5db8649cedfb03c88defea063ee144a1ab1f3bf05f59c7db364dc39c11a446c3ce16307d78d50315ba29f5bb9a57438564c8c7b3e367cd37d74b2375a4966f47489dc5448f4979428abd32193d3840aa983d3020a9f29d760fc7493ab2576c90b1934b799c1d0d55e4f2caa78f4ce61930c79dc017c2dea0c5085d73a3b0e4a6f341e9a5061a6658af11e5edf95bdad915ac3619969e39bee15788a8de667f92f4efc84f35082d52d562aa74e12cc7f22d3425b58f5056d74afcf162cd44e65b9ee510ff91af094c3d2d42c3b088536d62a98f1c689edcf3ea3fc228d711c109d76ae83d82d6a34dcfbad563cf3726519b519fd48b51741aa86720836494b7a589c778927047a25d73508adaa401e9a6c0767a675e31c5556cbe35fadc9671359b45e985c3c8af84113989b299ae4474b85e4b5d4b0578ab1e8a2915a8df97c4f52a639fe32272cb91bbfb721505dec46d51383cb8973425a714245c2e37d0577fbe0d66381d9239db1f08a380cf609dc699698e0fada2caeda44d58d766c4f8214b10642b80b8d7d8add7cc41d47108ab7d07dab71069a2d982cc900b331caec317942122158bac6eac9175c2dcba0c04443aa9188832b553f5ca8c336880824d6bc02486a2b4c086665d276aafe3b1b93729829adca50c44466fd5b5cb977aa78fbcf5c0f0da1b09216468a11493ffb39efdeda5d669ae92bee2f2fb250aa1b9cbb11c36c7a6c6dd26cdc3cfd572ffd8c1dd72a13c27a327a34c6b6b3d80fc6c67c72152eec0c8ecbdc1bd5cb829b811e7f29af6d786f4e93dd4c96fdda295a6aa258d7b2fcf291c2d68e0b1866032475964ec0c6f2fa8c2d6a3936ecb187350def4e818507bf157c0e9b33406be7660605af14cccc9c799b4e051d0d0899e53495bb8931a6e2984bc6dbe4e02ec8b4642fc2f1cb5fd5a5520b48cfcb49e1f9533838753554dd98b6a1b8a67409279df477330e5f37367e06247ca5c3ffefd00e693dcc0c9c30754121c9ee88a574915b9e77c104fd2f921c2c096573951407ba9b440423d76bdc6fc978237a6e302cede7f99038ec31500884775556941f1edc30e3a417b0e02cb6fb5bfbe5cdfacf4006411287bedc565fb06f1be987416407dc852254934df4ab59edce476f3506e65be6ce6ddf91038642291fb8e92ba5b1f0b105670905a2c14796110bac6f52455b430a47b8eff61
+MD = 1adccf11e5b7ce2a3ddf71e920138c8647ad699c
+
+Len = 48824
+Msg = cd8490c93613bdf1f284b94b330f6d6f45a39c651d2a160b340e2eb696fc6d1c35e88872845190d141c669de92a97daa5433b1d7b0b899fdef2ce74b8fe72a7296a5b5be26d1dc86520367c730c7400c2fa06f91ab4c48a7bf4ae35a5b9acd5296c4fdf7451b0ad9cc439b4e34f11e5d7ef2bdda376f8dd34d6f092b219dc085dd4c4a6308b8808f588eedbbc7af7f64e83182fc7ca7cf4741a341060a7969d31445834c982fa8739ded4555108acbea1666a83da17f77cc42ee73323eb53203e3b790f81c08e94c44678b6538096ab7b09916e6cf7ceb2af85987f8e4d982dff1ab59b0bdccaae1f405a73366b5c5935dd0b43e2d2894290ceb66a0246dc02de728c5bba30255fb56ce8107c3144246c5156a8fe40ada9126adf67227fa56b66c37be63f532516211ca012977b04a97916f201f1baa2629eda520b51508ab4229df2ceedce406dece0110e0a911464f69e7be38fb91deba0addcdb3161d2799c628f5a57fa1dc37357c947681bd9c36f4832c20ac466c0c245de3b250c33282ea1a02d007f03b34ed427631283eb614db4d521f555136e7e42b4cfbee8134c63dbe3bb79b5a8b9f9f5b9f5ac61cfab1c54d197f1e3ba613f251eed616df952d691b88a16466343ef2d0f63882ddd2d55b8a6786308b2257f5d7b38af166bd7f1339d2d8899c9eda8fa86215850ba547450c267eb3c9147d96c38161a69d1584e521ffa23384313a1debcd37f72ddad02adb3cadce7ee34b7c1f42a15d0d030487daf9488aa7562845a11ee7ffccdb38b300935caa31f78a4ff3dd93403cf0c6a16ca611b58c736aafd33d6dc56f0f47878211d26f6ab801b9453a7f74b44593dae0f047ddbbf2c902891111729edec44f69a05944b18e7a601f41ad24fd6833da3dbe3029bd390de7c9841b2ee2b079b2bd2737518fe1bbec88da64769dc36e4a8bf716c219b2fe059d7dd220c1ed2c59878db5bf8b198e0689edee921ebc0cd2d3853fcf57c363050ce58071c5fda6ebcfbc1bb62e9eb956286291a108bdd4191c4ff47900d6068e1ea26b487649af119b9bb15dfed804836f2196cbe12d8fc86e3d7ce89b52ad49dc9ddbce5b370f73f512bedd853039366612453733740586d1372143b09f21dd4dbe1a2bfc308db8e4098c5e4b0c1e16141ee50e85fafefc4e2529b3c7252af37aee6f86e19df28871686107d7d57dcc812bc077602642d2ecefdd5f694b8f336913210793e4068da2178600b1f41cffb5221c9b4b6298afb47e85701d7b1a44241679d8996f916c81ff437261cfc358b9ec42a2ce16ca3bacb8690d6c1d91cfb3e0bf1e7ba45bd01606df856fd03c7e946f7ab371a89e1fde86d05fdd97bd7b1c583b04c2ed2b5f6815a460645e4e1b4e950bf6bd81dd0352d1048df85266f1696534aff5b1cbc17f15d82cc8e0c0d4f0453f9439094f8e0f7f4bc045b654d9a2f1f44a9c57019f63ecc41021c05b5380675cb56ea8bb691d79ee204d2c4edacde3c1fb3f4996a11d84b035f965e74009e2ab80e2c7ea3c84a834d4971a1e9cf423e4ea67ee526eb3c3e4c2d7372c4290a0741e1fcca5ae4cf36705abe98ac81e98a5419baefcaf3093a7e0449ef1021f88ffb7ad21b2677e41cdda12025b06542c4b2564f15e0b99db43b7c7020028bd829372122cd910227cb07c53cb58fd9dc620c0491f3e2bf883fe6ee8cb1f5b73767977d857e4513e8b5612f6ae4b56014e6a3ad2a065b65472212e2f611743484cfaef860999d1dc5608c58412fab888ad72bb87dd9b55b692f31e252daf8944ec5c02a5a9c23903c50dbd845f2fcc3bc9806af13ca7b025cabe675195b1d56f3fe7d7bca12530bcc0af217efcb03a218bdb6f9726536ea902c8303b02e3ced22be59753588b5f0e2f3419fa5345a942dbcdf3010465384a225ba26cdd0f1d74999c69f336bb6d01fae5cf81cbb8c1a7a29c1eb83ca6b51113bde56b8cfb6a5d72557622a37f039d090a689accd02b57c691174338de8e05bb3620c079705c969c58e56b079dc9eb44eb0fcebe548f5a31f4072a5ed56a2f03107bf40a359b2601eddf53cade66f294cfeaa40a0d94b9c90d15f61852f295d3911f8ea914d015885c8c64540a83badf0021a416c3e37b78236a2ecd1fce4114033416bdd3a36c18ec13250ee9c74c0fc4dd564b3d24a825802d5ae402a53bacace115ae3bbb329be79d1e5e42dbaf0a6446431145fe49b86a8703c7c41f8985d54f12e314c16ff89351d8addf66ebba2783f2d1a11965182aa0b0dd2de53586c5a695c6265c2b173958da648611090557bdebf11a1e042f089fe98e049f4796c60d26be38356fe020d9ace9008410d53a1bb7db78b52ee44bac364213f5c59f1eac4e3314f3423b92fdd7a6156608111ac6ddf58385ec1f3df12061208db98816ac948d803fad10d5ece2018c60faa13de5e5a9033745c824932e53f4122a39f635813545c1b74732cd55642f19ed6deca1585ebf7242c849bde981572a2199066e9c912b2068c8f1c8b936c43ae95c6e22bd7b80dfea05f495d751107da5928e806d0af905c87b5a0795df146af6580d8f9c6a0e2645686d43822ce9b4be0bd5937c097917e048b5af71c7e7521d490f107e9231ee5bd9fbf0727ba87774ed24cd52f471ffb71849ebd55605996515bdcfe95bb1df3541e7c42da4166dd01ec3597634aa6455d15fe14af435e8d7a55ff1682d55a2da867ae63d11fb3fd987fa5d7032ecefc35d3fb9570940e779e13da18070e6df5292f97f2a281f9598101102c955fe4808a2319c85fdef3d55b19e05bb8c2d3da64bafb67a53491513a24f6f0804aa162c8a7db25b38089373fecc45a0eaef65dd9be3b4b7f9436a5423fdcdb5a9b60138fc6a2261225390d9ae0d8ab7f0f7ffff69dca06881d33a637d634358abebb333df41151f239add91abaafc89070cb2159ce3a31655c22e4696c9fa7a7211d1251d4bb21ea4a321a3dbebc29d97f526251e40e548dcd7ed07587719a266f006179dcd22e50b3705152817057b097b043ad63b8d867edc20aea9b4c959ef4ff70f47128cfcc21e31f17978ecacc366f459ac1cc459a3976e4173ca322675f84f18036119ec2f204c3fb554a0b72f7e9d8c882ab147b3d280ca9dff7b9160b1b437b901f03cbc05fe05c6f44824b48aa8da52ae7dda1653fd500f9ccd221843cf76513b3b74d094f14d93a00d7cb954bc4cf2f04f9a35e38edcb1e84f62057647dcb3571f1dd296ca1e049f1746a8a282e85138500e7649db756b2d2ad88f11c471c89dc6be2cd43481013b8d0ae83da2b855cea7be424f8b2325b1850d1fdef03e765458df4513d57c72ba9751e1edc3c4e7f97e3202bb46eec7be89871ba3704aa6c6fc08851e551a3f655fa1fb798d12f003faf31c56b6df399a5dd0ed29ef9e4139dbc254bc5d6051840a859eabaaad56324588fae881fd638d2b70fb3813402df61d941ab495588e5fc3823249bf9a03cf877902394f512de118edaf98843a5445e9073fcfa409df3db0221f1c77e2dd21e74f9e10c9e180dc4ed17010eb949c6d67a22bd5337b2c68f9eccdec778ece728e91353696b742c8f5a3a569f054efb8c1ed478ee9b75e26c768a5816aa6bd08a4c72e745fdb5deb34ecb86b3a84346c1c70f9c16fc45bc0421f0da2f630912d5079f390cc53b78e343310de722b53d2a3b4aa386caa0d7e91986e19c3363426ba30eb5284293af81d00158a3f5233327b40c3b989725ba7dd5b31ac7abf8d3e0b737e843065cd7316dc2f374a00bed4cf9caa0d6e232c854df1bc24c3d484bc6bcb14ec770d5745474dc6ac3b3ddbffc551c9fcc2c56a5e0ae17948457c01e701bf1554022bc2b7d9dd42b2b91172fd85e6874d2d61fc7b3bb3cee2a9bfec09f6d7e98279c6f511f4140b116c856c1438e34bca59fdca2409f025b896a52d68719bf93e82e7d89bbf798991fda0af8d06d17f39eba4bca09c1fe594b537ad4c9b94ab52c895539d639425f9146b24b016368a638e5bba391bc8763cae7c52ff9c496884f1d84e5e08ed451358ecb3c4919dd410e82cac35ae744078287c05c89b42999ea6b8b127d40d53a5722d45139e8bc507a11e7add7fa9ab12cc40afeec008a4668e3e6440f27bb5780936c0e3668ac51262390c79b3f21fd041cf36ba3522f3a552714ff188bfd554c60d0e7d11213cf7d3864a5175d4047c2f3284741f18ec22995a5b82bf62190151bc1529c6d9927f9b0c1dacebd9c2dc406f7f64a973f9a70cff6e3abeebeb46514bbf2ead382f7262d46bd43d88c1b91a9011d1f8ba81fa536a7162aee2b2ec6fc0f2d6efc87b98d2e41e0f946969da659c21053775ece415a34d42b6cfd5bc52259867b411dfb991461ca618052309ca9c96468c2da12dfab0e822ff3bbe7ba281982a239ac19c47024fe1f0e3550cf0975add1f680a9dac9b2c4ab0aed4f409ddda6765eb8a0a9d1e9d07458c69ac8195541219b18efcd06c0001f2ae7fee2d404666a18ca3cb3aa4f0623e86c5b1229f6c2ca28d951111294b91edc52730b6b2c46e000672a7c89b2f38045bd3e37dbb8a75e18687a514dcf740c87a34834d3c3cc8aadf6166ec0c42d2be92f90a3af49633ff23cd80848ceb57ac550eaf9ae496bdc6a2d7cf50fe107895b4a1ed014f78af24eccd6a07420f1dc0df1e7c44b4ba937dd43cab9c798371b148325578d61931766af02b45054bdc2d9fcab2f4b49092f6fff7c27886820739d6140a4a905f0020249e8ae8dd87da1a1e7b1851eb01045aaa72dc8a2bf68055e7aed41d85336648a3405195d2ab61b0e29a770461f32fd05e14c17d72c5252f026a7b9abe7ea9176d3c46f6ed9fb716758d97b41e4f5d81a24538f763d83eecafafc668422612b40cfc32b3354b24755fbe400a2bfed494fe6d0ba0051713b776e67e2f1915e94708e6dc74b398f2f526933aad8fe7dc32faf40022606aebb6e0756b994c3176fae7640ee06d6c67bd54764c4752f1bf831f43e0227cba101174c5554ce26400f333dd8e9f6db1cdf670ce407d7d06c3aef4c0724b62edc8f1ba3e04f0e394d15a73b9255abb4d6ac70303dcf9160d32dc02d4804219ed5c7e3b48402e58ab2f58305f9bb95d2a8759947de96328ed5234cfe7d0b2a9a014df7e4cd0ae48906315f139b8635d2e6bd4aba32e62b8906cdfe5622c411bf0373d0cb07d17bb2bb5b83eae4401c243605fd1df759fd0ddc704ccab5a9776c40fbf6bde0f11b9646c699f26063a9550ac228c9884c277bcadcc0a2c225dc203e28e253c4e464b23d2529d09c7b7dd3c984667372472b615645f294c4e3b0797f9d1c234015b78502d98bfc04f1fa2f16cf3e7221d5794d035e4b172a4d84e679cb1c82df2fb49d3c6668eb1661bed56705096c2371a19d668832808eedd9e5b1256c18fe7ccc494e5e29145d453c553ec86fb7f3a634d0d45661875f2f1005ba5e734c1a976f37cd23450e4606e32d027bc9ec2edd9395e14b2082179bd7b4f9b8caa2d00a2de71d48553f7d4153cb56a1b08f11925e4b11c9281744ae9171f3d6faa3ab3f88c5c34fd23e4f6efeceafdcbc07686ef56efa62c0ad62f1cdcb4d3b5bc508c1f05263bc347158fa5495828f34eb7fcde98fefaa82bafeefed3f4a58968d751c051b52e0047f066de5be533bc3b1e439ab1c8602f6c67503803c8fa113737cb8279f358dbacdf45432b7a654d0e1122cca93420e956661d7275181c75b0d9c20e84c7007dfc49f27bc00007cf4ffa631c892981fd70141d532fcd51de5c23fe0b7a186d0dc296362f235d61698740cc315891cc9342da17843bcde274c17e462263d0e8b4832dd9075a7bbb443d4b26b41e534ad5551ed5ada102175e695363fb48d6b99ac978a3aa6f405d87f983384ce35740e930491d75675337c5dc081e3d301228e61bde5cc169968e5b4350cca2b085f9f75cc4b88497a78cd0a0073d90246c7dc102c7cbf3516498e8a41aa85d8cc5bc285ff66e8338e85ca83fb6889e2bccff52059bb9e92e92c155a349952680ffd0a3c346061a53fdf074417fc90c4d1af7c2acc3ee4b080752cbc9455ba5931b7e910f1e4af0efce905d2cc9c685923ead387fa532c0e8ad92719c76c281cd010e1acce500ae1443838b8afb48af032069dd07aa4df0d56bcb70a64592633699c8658102f1fbca441325e27f1732a7a973d8cb3a0684d72943ef6f1892f2d7ccf39bb6dfe5801ab98653bdbcfbb787bf125253be2624f6cf44177d588bd7b780d9e3f4e3a4e50b8a253fa21abce6a94b9073289c76773b46140f5a6e46b9de9ec066c176f5d1a69f380e1901216617363362d13ebb26ad74fb008ec08841550ff14ca800a1ecf2e007ebaad9f4e0d9664448d60ac0d8544243129fb81c1723b9b4bc2ee971dff736d9fcde0afbfbf5c50a4cc06a4c363998326c17bdc9e2508651dedd9a2a52bd87f8693cfcff60753acf9716c526e8635f12377e36564ae55d0fdb3c7997ec4dbdaa5b4d18c7b660acd95060831795da7d299a5a8d8cf9e92537dbd3ef7f56aebe38fa97c41da6bf0572a0270be7e5a7dcc0be3529339464c811052b65a938e874ea6da469c7d8992ce0aff1c75e82d1621ecb967213c65f2de582cb41de3804c507ddfc708ef3f6096ba4491e431160f98de806d0f334e03cfb7a3bece601099bd971253f3aa0df845da8b478603d5d88533d0cab9c89f2dd9a1404cf8939ffdda652a94093865a85fce2bc3d7babcff7b9f3306bd76b9af80c78ad518f89ee73b7a710da604e72f4927be8d65d06be2e0732fa786a83e27597cfbed9bf98df445499e0746b9f2cb9659ac0a9cef433148521f33b1d78d13c8441c0d1e20fd93ac450a3787a2292bcbd68cd1f961d34937be9a21abaf26f361bf53aa0c095e53c51f3e04d567eabe6e40d96a17c2bcc9230b18f7e079bc549a314b4ae21d30a3341aa205bc75c7f1d21b0a49549c300faeda243d0ce18da5e66c5b663cd705005dd9fea0a9564174abb797d64c58fdab1fae44576d514b75eaa31c9278b15bf9b6df7c6c2873d7a56fb91ab77b83761a09f9e1ddae535622fb87f7462256a60dd39dd3ceb6690b0272920b635ea639daf24f95462c523e5bbd8d8407c61163ab38877d5edfa04c2a78d4d240523ba97c7d01c71783f8748e85164b4dd08c25506a4ed18300b42b7bc6e417f512ae456ceec2ffc83190991a06d4a58ede215babcd3688e1d61f1975016244e80c88ae2aec05c7eeb1c50caca72b3b415b6b870bf5e10bd1ac3ba6b4acb1d1afac554444d94c97e171005fa4ea9c651bb4e527ff58d0c2f90fb453a92d6546a26e9e98395b09e8471bdcf2a145aacb649708cf048a7856ce8cf390c107ff2c66efbf2a76c5b041860ea576103cd8c6b25e50eca9ff6a2fa88083fe9ac0d1fb639c516b9bcdf23c34c6145a705498ff9b9747f15e1c08c63da6efeda4eca02c3f00dfec06c82220c9de840040118dde76be788daf84e6a2f44c81fe6defcc474f99c51c4648d297cbc48f081e0809dbda505d020cbe865e430e0491644ec8c52bd3ab8ce8c4862990f49fe2588caf804ce9500ef42d5a50c057c257168e283e4a4aedbe4ccfaf3eeffb212f9e23d15434d60bf4f455f512e2b655aff3225d1b217c261110cec0400f54dd303d6231d028c2eb649bccc91d30a6391c88bff9d447c3cf35a3467be5957e0ea4d4dc237c9f2c68ce48f658f820a3d72d559b60f233ce538c92cb148808e34fedf2d648c21e7f2ea29a77270c393bda42d869351d6c085d965dc12cbfd0311b8bf604f4391d378781eea3b5f1e0da9d0d8f8de88e56fe47d362cd46f591d3ec0f7cccb85a21f21ddcd4107821ce0ca9ddf99dfdfd9b0c9cd45053e5b1b4385bd8f5b227ada31b5c23e9420014474e8b4494fde7c38edfe70994d97b8cbdfac588df49a49c472fcce78cccc051f31cbbc1e0422878d8d490f3aee28adf1587c38fb7e7d1be54abeaa83cf54b633803a5e669ff4295df8735231ce39631616bd05e0e31117c722c2fd6787003b0bc7fe422a089c89329544e085d71102c1813769450a9f66f160d1702cdb17bd2c6fdf0f722762d193ce83623eeffab17b01b10a31db6e2feb6eb3abdbb2e36320e1a56e44e48d26090afa7f65003a98cbfef590ac3ec89b3eb230557cf6aa566e841806aa2767b21bb26fe001f11ae039e0c9a4bf1bf3d271960f16158eb5bd9ebf0080abd8369d512cab2d1aaae2b14d0ff6ee705a38fb0c801a98b0624cc138fc24834fdf430f33e1760db913da3290f34415c9e3df3e97da1780545ab68ac5a24db89f24d62f4a399728e4144a8c89f47ac2d29e30c49b0bcf790a5e3d3fcd1943c6a28f37251d9dd827a69579e6c17b629c927473b5a07b0a29d9562708d6c8ce576109ad1a3473ffb2047eb069beeec24c114bef392c929038c92abd0e6a19b610e27881361824d57008b7373d0ab76379570ded76c9b8284fe2c247791073c29b2fc6fca05019220ab92856892d3c0dcc6da0b597fe559c162d060d71513ebca050d9638164b9ae271fba5575ade787ec5aee8fc253d1b234b1df561db3e36ac64b9b0100dd6b407043537b2b141f
+MD = 2cbc07b9b9c819b8fd38d8a614a8a9c3fa7e40ee
diff --git a/src/lib/libssl/src/fips-1.0/sha/SHAmix.req b/src/lib/libssl/src/fips-1.0/sha/SHAmix.req
new file mode 100644
index 0000000000..453fce20ce
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/sha/SHAmix.req
@@ -0,0 +1,99 @@
+[L = 64]
+
+Len = 16
+Msg = 98a1
+
+Len = 104
+Msg = 35a37a46df4ccbadd815942249
+
+Len = 352
+Msg = a93aed0fa5e163a82c9a934aebaab8180edf7de0b32f0fe99f9c75ec305b24609334cefa372c7c758262dc8f
+
+Len = 1016
+Msg = 433e88eb2f8aba562d15c18126fbdffb81d5d6c9397fa052321f5f78cd629708ba099b540da5451e949eeab8687a8d6ac35c531411cb37144ab5ff6a7eb46f1ab28fbcd2ea0444cd87c57bf7d3c02952dba3d3987da07622c16e7c086d90e88ad3d9d4afee301d2bad915d868f54197b70b23c9fa385c443404fbc9abf7e6a
+
+Len = 13696
+Msg = 2c46a76a9dfbae1f5e59f085e9c3d4b600c24b2d404d062cf948e75a3d4ab5b137a31397be9eb34b2a03c78367e0b85448891b511ddee1f787cccd498b172cb7e656c044a03ffde8e42478330fbe9c34072a9e99ce31b41757cc820d98e7d564e06694b96b66f4be34c5eadd0ae4e61fe6abbe4d7ccee855104fedee8b451a7fcedb793d469b0094c0ed07c97fda00dd8c1662b44e3ee6775a5ef6368cb662d257be561a5967893433a4b63f97295036a37272176d081545df00852bc5c4162324161296cd51f76433f2df867a5840f2d0c8d5be00b4dc89443d82175bf69c3bdceb97facae2b2ed68e06ae74fef36d8bd1f75f130cba509341dd54079d45de22845cc8e77a022977c7540aa3e779cb1127f39f825d4d78e55a967ef45e7c1dfb02d9999fd15af2914ba47177177d94576f1091a0657d9e04fe81e6be7b631fc1baae66584c9c26ddbb568750d77555c927bcda1fbdc15c7cbe3e3fe88ca13ff12c59b383343c12976708c0e3dff78be0e286dd32eecf20b71a09fee50a9d0b13c85a15b320b162690f399282798aa3291fdd2f9c40ed873e829388466ddd1da42f2de16aaa9272ccf44790cf3c95382c304e25ae8cb2fc9d9869808f3ee7d42cb143bb0c3a55e03db6d1202ca1bdb744e448640c0aa60d3ebbda5c21e623bb080f4a073a48822725d764e51d415aad1d7c5a7f17433d15ac7d849f910c375ee0899f6a576dada42fd651343383f286009902bb62deeeb2514de6af7f09892c20d0b238f6021f03b62444b1e1f21beeb89acfcd7136416fe7bd8f202e76afaf5345311798be7cb25351add2bb044d2380221009c4d1cbbaba4cdc8631dc0144f2778a6aa1eb3d3c81df0b1b2142fce111af8214d049e40f536c5d462b9224a978e82cc6c420e70ecc3cdaffb726a183c793845315f730fa4dac9fe46e4180397107a6a051f7f0a58ceb9bf4df37e1a81c8e9569187228e8037df2e59c52ba815566768bedc8e09d5e7bdc9f2bff23aaaaf133bb5a3332750f6124ce185e29fda0851addfa2c3d52bb6dfb530fd4ee27dd5bfdce5dc2f41debe6740274bc651aecd4023b098a7d622e2296b50d51b79c4e3f521695a9d43f038e8f273405e26584d3db179e7c1758114a3d39970df674580bbf2884405974f0b9c4b0d8b3287a2314f3f81b6991812f354d655f62513c9551b378cc2efa4c3e08b313c56cada52217fb6112eb8299b28445aca8f72e7170a1cd8bbfee4d2145fbe8d49c6af8831c4d4fc7177a50ee55a7b484261504af946c6bd5e1d6b89092f3c487c0568fa07c356fae9b8e831b8320289039746a435b122cfbc4a0d316bf90d481d3b7d979cc50d98c1190af8dc58e0035557dd5e94f437f41fab513202643a77748f76c6b77302bf40c392cd18731da082c99bdedeb70e15cd68bff59619cabcc92adcf122753c55afde0817352bc247d1170b8ddba1ad1b0faadfe0efbfc5fe6334377fa372c3435691f53dfc2ad5e08966b2d3525b1eec2d993a5cd4ff34278bd40dd80313a0727d05e0a932156152f3e11a190d8d69726f5c57d20f811e1e8932e86409ffdac96c6251c2a2976b8757adcac5d2de94931d1cbea866ec8bcba5774f8a7fde792f6acfd0f01356fd66fdf54a416af6a9397e00f848a2e9831627cbcbb52b5a868ec174e69b4cfa1ed72cdf23f39d7eaf4bdb318c188b1f0fe75655e34ad71907cdb77a1a2b162cd7c22d93dc45321eafb17cd60282e83736267b3e1fb249c307d49509f50839942f0f493afd9ef37db053a918e3ec83d801bbdead07554a018b8ba348fe9b7dd92ea7c5fc0e65a644ba19aa1fb6c022ab768ec7cb249ba17b9dda2860bd4aaaa3dc70ec009804141ad5ebc61203658e57a0887ec0fded18d844a96e79ba7e879c4253056f23e205a80ab1471953438f85848f4ab31ab175c089e0bbb97ea0dd6a67385770356741966053735e2cc2ecdd2c8c75cc045181dd7267584b901674b553082b2c58fb8f8be0b99306194a6f069f684535423304d40a268d55784a14260fa9c9cb1306b82f91cbee3c9f43dea9e50903135cc1c6505605a100bfa28564a2057974eef0852b7b72ce264815026d0759f691db618ef760edde73ec888e181403834f7221bb27a69479ec9b28a3fb0c3f68d4467d25712fc48ad78763f9ea6e8a2e85260225ca1b1a38b720e589fafca29f07257c5467cb74ee53189b8c81b784c43e93f98abde1ed53af60b27b13df6ce45001c6e1813de3521028981086f7d88ba13f6fb1a800f312fbe2f842eebe847fd760c394668cfbfd353ec14ca0366eccd7b4cd63318116bdc42e20a632a0d2b8c5cddb37bfc0a239ebe3800a787d2ece077a7968036b3d9b31cd906f888e3ed742cd769033e2c24c5a9e3c10b6d300db5a17dd88
+
+Len = 100816
+Msg = f8ed40e878dc68ceec52cc8e2868722310fb117ca3a52e1839eb85d308b8aa00ed0bf0b76aec8a70eba4f0d14d2d85c5a0e876ce2c8ee59cb36947def6c40a587aa07b368ca8e8a08367018e45b984de0d7f1aa46b977cc18c0cd9b7bb897cbb2814aa0ce8f8c9843e03c86c19f2ba95dd2ac4a466a93aae4b3b05055ff148517ecf43e286c57744a3e10a14d0c26e139a503e7927aa688c78609170ebe3b54104390e5f6cf538093a67922e7210e77fcb584ec9b6844e829be246a266460cb442bad52ca47255fb8cfe276108c36e02f9acbd3d191d34b93d29ec40d80496d1c1bb5ef036221641200e905598c54bc4abb3527c5a5f6258e59d4bf54a0498c108a2725428efc2047e0096b32dfdc6ec69d5d72f81301f881ca62a66c22e5dab9fd9d90084c0a36b2f3a0123cc5327a3bc7a12fd947ab57169ac533e4b6a2cb80fc65b9b527cff9fba26994c7fafb5102a0acd8f9d246a3a54178c23eaa04c0fdfd3c0cd980d1fc7a72b25d74df9b95c3dedce8ca316870c654f9ebea9b806da9767cf40605a4b0c7fb06f6b3f197bae7d8cde9daf38530e25bc51b68f9aa23ec0e95199b14bca96c91f3db15bf8432f714dc46ac87218691bc66cb3a42f6865e1c30f8394c8e68c0ddf5851ab7c5906a1994a9af6ac1c44d0d6b95ff15d9f77825ccea40fb9e516d45888f2378e045d95d936d541cea9c8ca52fe5f7d0d919b2b1c59a42d06105ea4f2943c05178e59d67351c5b2c0051c93a4045e512884fa656b772cf398af89081546d920fd3d24ebd16310506a786ab33293027394c1bcb7b1efe46b550ac28529646e8d2a5ae65c59345e24b44cd7b06673f3ed3b9008aa568a739c26682fa596b7a655842cc6b2758b583487c78d14a76bdac7033806c5c210828ef313f8efc4072681f5fded748c31a58ac933b4665c445f07d603e0905e49b84aa55146eb1c1c99196413832a05efee2e64d6732fefc629b79b37bb9390fcbed7226b412204bda523b8b8af5c4a8bdb263ef9f3f6c7b9e1de3a1dc257c1f33b3d54a9101be5b4f2a9db319993c2cd137c41e35c434ce52e859afd1a635af4d8852252dc5e28c729b2b4c96a56d57f3f3854ded59fe612b9b3a51fee3fc1c83db673b0cc7433bff2472bc74a2eeb6706605e308690fd072a7042ca6474603711d8310909e47063f46f287260a26c4f11fe492298a0f98d28c45948a4899e08fcf443a6ba36457dd8329314d53ac0fd0819fcfc3357426c5bb8d3dfd706e205a81091cf08f31cd3459854f3d07e503991ba5f067e3c406c6c5396d8257496f4ba3703cb1ba25c2fe4aa54577af782cd57e85a88a2d75c54039e8b7bb559219edd6e81e41acb6d575d6f798afb2cbf7f00abd5c9c7b0fceec79f9a0fb040ebcbb7bff3602df7b71357efacd37aa57019350bb81213508a006160acde3dae5c42f03141887eaca22d7b33d6791febfb619d11ebabb13e6c5378e9a72e852ddccd31cc53a43275966b7042ddc51485ca20e1c456dcc7020cafb5407548b044d332229911fc74d7fb97de25abff7efb431da82de2ed7e25d0dcc06ffc74e57ca93a6a9f64d76a5c39776fe2266f88d6d0229b527525fd2e22a1407e26f94c5bc6adb1e7327f3c8bb8d4c983385c579dd8f5623df8cd6da569c7de73d9210e6b9253a177653a13ece075940fc81016d8c35fa4f6542df5120c174158ff32533476f4e059e35117081a24798fbdd1eb10f82809836f8dbefe755611347f75423dd8571695960c6f66cca71f0a01e8fecbe1183bee3335eff10b4ff8104132040e2145ec3164b2448f60c730887b9d7894e5f7df3f876cb17136c99cf32db1c02fba860937378dbd093c4c5112133781f06c8ca07c527c2c085e8ba5e52b399f2909e217aef6e3035ecafe2caeb1004069dea023af7eab873deb5ebcef2313c9827821bb9f89fd3d1570a569673d3ede86a4fb13dff242eb98450a8917fd8865c56e0a9f11d72394b79808b0429f3a83cf2465161596887fa2d557b367a1de9c7753666b0cca9c30cba9f0a749c03c55cdc7a6d45852c76ce2010de3e7f75d95228efdc79949b238d90b25f983868b7f07f585f7b00e45d9e132f3c09ee84f794d899759be3dabd46a256f4cf8da71270617cc2425b24cef25d1d2f3945afa6f81abfccc858cd02e05619649b1a5347650934105c02622d538447223d136a8a0455cf3c6f61f696b32266197b5cd1d936fd3ad4288520fb4a2f59bf95e659f33210446ef18debeb679dd99de0c3c74a6eb3dd783861f5db4e94a151c42ce27519d0bbbf1f3b1163563ec06c8bfd881d94a3b896fc07352fc97ada73685588a2242da1b718f81bb1077bc70fbd58b8b52163489ae403838b533851bec30ed0ecd97d72d1af534f3703db59f1f563bdc39d690a0e90e545506463a37e84974fd7b256bbb912cb4077d3e3f5bdd4bd2bab713b696c830b1f2185734c4d2dbd49d5372fe8b813ce73f5e01c36bddbb376ef4541033f2b0355613eeda8951ebf7377e08f967902eb7e23c0fa798c6ae52401721053f1095cacb1e9496500e83c412236fc21566090b3a3eee55aa402c0b774802fd81c9e8579761cfcfdfb1aa23786b2dc35dacd5ca8d8d283369f53e4a5db18060c2c6b0c303052aeeffe169fcaf7ecc63090a9ade245045ab9c8aebf738772297caaef5f857322a597846c7370083d409df27612e47b0cb240daa3cfa51c57108612ac0dddb0f59791289ccbdb3a2cb1fa9ac31a23dd5440682fb373bf0c1f41c4fe2185ad7c53eb69552807410053b0c2d40132250e637b8c425e6a35d93333b5b7d0557927b6179c848ec455fd1ab38348c0e96c60b2da49bd15118df64b6ce4fa48fbc555a4b2874141718e731a40b85382ae6e86ead31cea77f83bf5c063bf1febf71688a832d615e09d6f14badedeaeb6ffbfe343fc7274e78cd46a2aaec0a349c5f133291ee57cdcb65c5474e46294de6bb50886bce6c6f44dcb95f2a4761ed2e6c9e7bfed51e0964afab4e0f7e0b07960f2590baae66b1ec9a63ba0fb6c0d27e81508c51487dbbdc9beb8879fd58c188dfc774b3d0ddbd77ee8bdcdfa0ed8a9387728e12b13e8b3c10cc1c132bd822c2147c5ddf9a993aedbf78ec256db1be76644ca8ca7727208bf89732657152d34e948d73c47561d156f773136684d4162d02260300020123d13a95f4f835907c344942ddeccafe2abb7dc4792c4f1e39c24748c63cba933b16be0b8853e058c47a1ae2c4dfff39ec2339b345fe3557d03c1df91a0607a711636c4416ffdb73532aeeb74f237ed8bf971388a0659e4682a46b8327e751034cbf2c87c7828da9d24baf07a742ada34d1ef38ab1e8f2b4f801192c146600709533e61bc2665dc1e9e6441bf3c4f6643bc0c102a10f9a69da5b0e3d0a0c7cb694c682493032b5853f02953b5c2fc0e1348565389762fc2dcfbb34fd305f2d9df080e859396ffcbb7da78aae0a0d72e3de76c774bc6a81c87f2872b6afe97ced5269009304a4992c4add0bbe24e57632e19ad0fe37ae910193aab0aeae32cf6d618ab33eba59f6a04fad00b1d2403396e6fa661d31b695a1b349d62f56c08fe6c6eae7a482177adf341e51d03ea511d7959c721bd20bf371860ecd7fce1d25212891850b85648db0a039e6638d9c78bc958add3e41341536b5007be63fd1f7e3308876bcebcb97dc3b05a7b2eaadd00f8fcc8dcfa7b961bbe727c9aed1626ff786d6a0ffdbd1002cae8a7d047b6181962a686c152b2341c7c58c9f1dab5af424d183ed1c7d003165a1d04ea3683ff31a0f68615af6f91c21f736e67df641ed31b998445afadf9052bbe004d5dad08f62e5d353e42fc35a92242d8414d99dc4e7e81c8c027af686baa5c185e3f99abb3855b22cfdff0a62e2f47a632b7df8e00e0317af5c24ce7c64077bbb15ec27e062070cd3eb8e549ed9112469090ad9a96eb59294b021eed81987178cb2dcff67a9a2e930f6032c753e203380f8a7c987cea393234699de03a1d09ce204f0a8b6d5cf522b6887174fdbccb08f3e7c4fe2f778254465b32766c48812a45151ac37ae354dac87419f9476baa27e24b2f322b2da4ddf579750684a5881bae2269351fb7de59b9d5a4badd8951135f2713dafc57215dc626ee170fae7f20bff98e36b864e1fe0f0f9a300c903069bf0e0b6f2f8e78423cf6063e89dde6c81efcf26ef15510563c84730f611ac879a6628e55115e1a29de6945d37fbe4f803fcf2e344712d9e0d6f6c79f8773a9f199b705235e20a7830ee3357c5dca29d7a6c29a3d2628bf2c42c8f076cc4525301d8e1860729070dc53164d9fa08bf63cc889eed01b0130a7146d860bbc09ead3865a3082db0836a45f5506c3e46e452e298764939226cedfd06700e4e33c6b4a78add601140249596831e97f960b973a4e4dc3fe2813fa34eb47f998ce57270368fb81719a09298a223f7e3931ce5cdfab3f658649533354e982c87dc9e49eacebb5bb4af9a767b4f1c03d774431168cd4fec1b2726f1aae3f9a062a825f3295557eebf3af4784487b869fb049de44d03fee71194fc200af72103b157431935b5ab9bc122773ffd313d52d7acf1078386090fc011de695e71567cfd51c06317d4ff8841ceeb74ad35f4e5f4d20921123cb88bb2079674ad39e133cdfd6478d69c9bddc7a818be5d7b254bd9e0abdb030f52846fdfeae8ff370a51a9c5f6017af3c6c3db17c5c614ea18ab0e3ca0dd5de621217dffa36e5c5318fe191040a50cc3ca620683bc34da6c142e1c50afce28a86b8b66d189adcd755561a647080d93f3ede1cf54c3afb7e863fc8a82a2576d3f79e9b2bb634e598507a3d7d017e0176b7868bff3a3dfb4474b3ce03c401f33929364e727fbf8096b77eb351435c7a113b3215cc6246dd86f1517a7e550cf828900248f7c1754e40fed62477b296a37d3e53231360d012c4908b466e49b0e620c0a5031228009f259b030956ebd70e49357c3c3ac2842b6bd6e3ca5a3e985dc03f7105681fec03b320a7ca753b782ad3b52fd9c8e3bd980b48dd6ec8901dbf756108e85015821c880416e0693e0479cb31c0743450f6d9214afabc4feadb9bcee9def460a58d3a02d9e3039970068b8e3fd0a403a6ca7f2c71ae2b46ab3c731b1e65e2104c47fcb1f69e7c8c6df8c09b33f2e1cd4192faab316a44536dcac608832019f5765cc5240eabe3c87445c980c299a5e7ae0acc2c2ed19fdc8f011515bcb00476b03633c7669db1b44f97f6cd402778e9687c740dbe5686789b79d0b13f784a2a866eb91ab2d66f064c49e8df513ec348fd7272ee548ba08e1f9f99696ffb53677550d59c67f88404f6e610455a422d9cd987493ca5c366a397dccface2bba8e3e99719dafa768956cbf6fd8defc4104b8925878716a0514f70cbf3fa2c2bc2f66fabe654eed3076257e71117665703eb88c79e4c2b94e8e856e7a6ef90ee2a358409db78b98056ce1750eb80725d70e35507fdfa5933a61496ba48fbd5555717b33b59d4ef211fe096aefd478859ffc97a41372023ef114adcae5a8d5e03c21369baf1e7f417cb40326bc6db1cdf0904651dda3c1039a2f1755e7c329f7c03bf33f324206ce6e1638711c8c9a45f153aa1f847cca2a5d3af1d24fe7a1e1094819e8e712cbe10ead1012b7371b35cbcc2bd5b10505fb63bea20ac81d25e83ed0105e7595b6c28400f4d336791ce4a584323d0b455bbed44392c5f86c9d5287593f6986d4b0b8f9974a7a4157859ba801251d3b44b2bad84f29cb87dcf1680d6d10d1bfd59f0c95fb7bd07fdb3ea2fccd6e3ee80af438956ccfe31e750972f893ea5dcaa26d077fb3f09d990c2f41c8707368bba007803621ecd76540cdb8705435d74f4300eee04710a936f241c034709e625b0dd5dae1f6e86d034426819c365a05f5be420cdf4042bbff965a666a5756f67259448ebf742b6ea189fa17a4c3bfaf651d19a8a525f09d9cff637c8fac02eaa58d3ee3f7221da1e61833c0b183cd9f47686f09597e8115b435454acef80c079eafaa22b18927d07bf8b7c5ebfdec9c42a52b7824d45decef41e6184dc2db1505ca6f94172fafc10731706e79b9856dfede353d2eadeceaf72a302e3492d7dc81e3777e4e9e1f3d33cc4402833ffedb241a75a09e9495d671f80ad3acf06823bb04a92b815edd0ca7d01dcb3318c1ae5c62d3e99c0ec37908b45b51dd65f6b45b34ede2d6f553f60a45e20fafcb34ae4dbd375f52a5db9c62650deeee78e955087c2bea75ede7c304347b171fe0c1a2a033894be6e04605271307f307b2a9cf6ae24b8c87ce033a3fa4cf2bacdfcf54fcccb1f580476c7d00c631a8529a9eea2a713610341e0e25609dc8927e51c58a0a9197a54963b5cb95877354f4b8316df02ed2bea367704a12274d96bcbe0d0d728923a368bb8ab98d5db5401894c822632308ddfd309071fb4b477d8eac0ea5dbbc3e3606d8510d9051dfb5e4b7cdcf2c57c1b76902d864c3109c901da53019ed33cea84b407490486ad9f980a8a63df3d2e3921064afea137f35179130db3351f5bc3f5e7d590a5ab08b5415efbd345f9d57b71ade7dca939efa5a12d677b9af0af14468176a43712bde10cb15787c18bf066eaef8abcdea77d3a0c61d6c74ae7b54fe90940d0233e4b874c9a141dcc740d7fff43b9fbbc012a933d890232cf74fccb7ff7eac1148e203c7381b7f1d1429b1b1152ec25cbf7562596eb402a9328e43b5dc5cae36592da5523f0b9907a6817ecd395a7c778daae85bb11372b20641a04250b77b3a0ece885d07faf9622650259b874536d6d2b92181c834dc111b6fcba483167be40ecc922fb87006f63b9e8e632879563f37a8f712db9fa68c1a20ab239c0116fe022fad1279f3288b8e74a16d447e467b6381515814dd3aecab5c2a09c400b44e9100c04c720dc7e8c6d9460002da6c52004c16999975fef8752c2f9c229cbd9e6446b226cc454bd68cd665668a17328bb30f301e92ef5c7a2197a326df5c99b422096de8af231d1d8872e6e505bcfff026d4862f28d4bb3856a66ced22c9b0587451d8da4230a38561b5b1c69b523a4701a2001382aa82fcbd60733a14696a540227db44aef346d6c0a7ae5173604d59eb828614cafc1b8cfecda054dcc7306f73925e6d1af56ed74c51c6cdb66e9fee8d7a0078254fedb0c0f5dc85a4686870709b499eafbc8451aebadf848b0598ce8f955688bd2d6032abe10d1391d67c20a049841f95d2ee0c8deae2bc1baca0c098d8718cba1ddcd968981c47cd98d247aca4f838f3bf16d092eab8be8deb1f8d504d37cc44a8c96c9f22f2698036d4ad3bb48b31f109626565c147d20a4a7dfd61fb918f81548fb4f78875c1d138e819f6822651b93a3c92ad77793fba5222d870ea671f9cac967919d18f96e92778548415b2e170d90b201215354fc48a77e62823a2c2bb354782ad052732f08beb278f751529416f37d83ea26248517ae2ef2ead28c1077908995a2d25db0deaa957bcab39715283287fd626ea7388abccba2d90e364a7ff4284c84f70da68ce1aafb5be0401cb9d45e085aab41892a49e10cbd5baf2c34f5e0ca076f2772abea6f622b66020d546f8c2f134a87f96edbeb9b08394b585f2c2f98aa792f97b43b5f3aa9c34189804a9ecc2cfaeefbd0f967d85a25bf3136fd8132dec38aa82e4af6ff677682f3b62be27a180aeb22f918c24f23bf6f5954e0722324cccd06829fc32ae4fe3aee6e5a03b3651900e13fb0a759e544d033418b6ed40d037b4549a0404792c8fddc317b7f028493c4c91d6773932f8486417544f3d007e5f9e6fc02fadff175303f77f6b0e1f709bb3d3a93b38552ccf62688a39da1a602dd5e122e6f4e9171769ada5255cc5cf938dfefcbe3ab0faca434c42dc8c357e89a3d1488fa3df35c3580b124ba3bf6d0d203d586707eb692150ed05a01bf9de5c4e67bb948088784016394d47abb853f2b6b643a066ad81bcd1735aed4e108a8c1fcd025b548de874eb60de7f3c568728959147d1219e4b830e06ca2bee1f8a035e28a54ee6958d4821a84e5d1e41139905f7ec60fe67ce5f4eccdcc2c3d1e4a753a32dd3004970a4ff3824471822fe2b5010b9b6c6b01336dbf0181a95cba2624663215468519871cc39e8a7f4a151c8bd03363b402020f2fb98069b2cb8cc1b7e930938e7540d95d1d223e47865135793f9eb573660ff79f7ed2fae503e68ba44596ee745fbd8fa562c5c666d174cc01b1961736e18b8b517161ab9c8058026e0ddd6c94aed0086a26e1b959a5e05eb9d8c1ff5b2ef518ca23b4f265db61b499a48cc46bed28d23ffc1e8d9c9e345c06079ad47c88dd4e8e286575bd7f9420ab9c2d5c6685488b8b34d4c9ac04e1427ae0994cf789b48b01d1db9c2fe75fc5187727bb11119f82d0739ce4048467a08cd635bf78cc1b6cc9c28fdc199d351064a81456f81c9e56a43aef7332973804b06b18a26caa62523a7d0acc272ba49124b17bb68800d5756afd34ddb2b7e2dd8a118aac3fcf39d9f853c4d2c4fd3ed5bd25a6604d68d57db93d15aa1160f8a97e6c24238e84f272780966867f9c644ca2775cdac4af0ece036cfa6ebb1cd9d701dd7daec5763c9a4de0385db383a5647918e79c6a6de1f4ee1f6b722c561704c8d7efa4710d78dfce8ad2df0d3d82cbb59cef0bcb001f70bdc6e17af1a720b117fe02bb1dd527b18e6bce70e9447cd0cc85cbcf431fe7c006f5e4ef878a974a93b25f492847c9ae020583c9d412f4124246164d8f080b615e2eee267a7aeb5fa0974de52cefef23cdda7b305a33a91e9b50471ceb72dae337c485d636e28d6ee31f5705983808b1567d4d4ae820ec445c56e6a404cad6b408691475397c0dd6cfad232106ba96e5104052700a653e21f9ac6d79578a9f52548f426a1e81dd45bae30acdd4d22a2dafd633564d6b2f45e7d35413503c955cb0a9784b42ae8c2a5933a6729f3922f969a158540dcd201ecb6e32f88b5b4921914a2e8f424c8b031f115ea5d23a21e6f22439ffd7e5d11b08df729f65613b4f6ad3edbc9a066a5e712ecbddfa6fa764cdf170c0485f82d924a99b7e7ad8dc44c1f93e49b6469a9af3de5691944413f1417b753bcb84d5b7a34f362c383cbc802b0c88bd23a7ac471b9287571c42081b1134bfc8ce104a550942ab1f2a074cb00a90558d6e841ff15cfde6951f03e450a1bfc90dec6c513fcb2692ddccc31d22e5274d41036656183c72fce208e44920776f196193137ac67d6d65ce9cfaae774f23a86e6ee8ff3a4e9422a4667d971906e5496a4e80278774899c882708611bad282f6c1d666bc5e7c40082b43a6e98d494a18e9b3cf7f154fdbf90d786e59e83b72ad0ab893c49aca50ed37ea5202e650fda54f5c46ca2a35c476f4b009c5e6733232275abd1341199b63d22386c484cb95c43ea90e609c407bc79ddd00609cc2eb0d82848db239b249f164b7ea384d0239fe1e64d04955b9297472cafa2ff272c5c78100aaa86cdd8120556f25652a3c12da5853338e3be8f505d93ea03cd1cae7e78e95befdc0e26b760d11e05403c348e0523fe036381408033c009a8e1f117af5100a6eb91f08307df465c20bc1dd029875ef7e49338689f602d98f2dc690a57a6f2864e57098f8bd723574944ad3688b292db6d01387a16493912722ac8f91fd12b748899bdaeabdf0479df788eda440d7bf30d1c25d78d757f00b74bb556506637fc1ab87162f05d464e63a6272db3fe56e9357275035d6b6bee32bd92c4a1dc94778551e94ee1d8854f767bfac3811bd0287672aaa01ea18c25650f05a68cbacd9158e479b508e72df778589e1e03dc543b60bb3b10399e5c50de9e728e69774fb3f5fea757ddefccd0f9da75afe4b67f9c54aaaaf646e858fb001a6deed0a8a769ecef0689c988de566b6015fb8c40aeb5f2df7ea4bee60e8e69d15c4a4aa5411dbe63fbdd6418cf025d87f37362f15e22aba83abe1a3de9857c71c2234023b969eacc0bc526363b7f30b092ca114f2a6cefb34394d146866ac86a33fc497a8cb8e2a5bac398579ff7958878421fb08fff4f8f3deb8c9641b8de392647df3017a5467f9d7b23036935ec6e188dd6dbfb544b8a9e04a4b3c7fa1e4d1d9879daf69986b8083e6eb023a4b5eff80fef17f8f65433c882a21565a919448e6091d1b61013fdaf9fc3e45bbe827c9b4ab10b05600a1961e81d31c7404f8e0d32bfcac2937eaed811db167dfdc29286b0d51bad2bcdb9dea76eaf495a31a7fe717c1c98be374a36271cdd06ed06c02ef4c3c06cb42f73b3332ed488416010e6bf2f4dc4dade6e2e61f19e9306bf941868f59fa0939005743dd647f0a04b576a7e71d4c383c479453501e18ec56d7cb79fe31ff534afbd8609ed701ef163f9de31bc58114399fa0f22b62c66c380e8a10c34b7e731df2a8d39dcf36fbf3a66d67b973e3a94bf6ee0bd96f5c76baa76492032fdd2f59ecaee403d486f543f2cd7ae7b0dabe1b5566e681cd40d384a94349e9668650a6f2d2daf86c59a7b02ba466cd03ce1d50c3f0ca4c02dc4b3d1c0e7b9a77df9eae0bfcffa32117d7e05adc7195f4278c93497401629897a58d08ad7141ea52e0163f14992d7a284e7b875ce4640b4dd48ceedad1ea17d8ab1e760773044845e0899602f1bdfff4d42ab80c0765d1a8bde2ba0a830c050923956d06c80b182264ad19ae4f7c39e43195f7d421bdcda00e3eb5ec5ef2ec91d69df691ba7fe250352acf01fa92af5e2c634b9c7c97889e9147e869acc153d88cdc18908f882f371ba9c1e13c26e9cb8e3cbd4c5e1988080ca65a67b3a4c3460cfadbec904d853fddd2f5375b6070941fca53cc106b5748480213cfbdc1c34320a0478b05f76fd0454c75eca069cb1fa7b21704dab67dc40d041c8a1040db378e76655636ad725219c049e6536982d6ee9f11dd032280e622547c7ff44a938a1f233c356a98182d22d5770fbc871e20bb37483dd5d6ea1551993b95b30774a49b50d411ebe0e8c92834094e23ec2664d822c40e96fb42b8607b62b6949e05edcaa436d0ffac6a8ff384068acfc0220c0b098d368fb8113918a4f8c9de37cece74c8695cef2427e54a6e77ad092a9b7f1d94ac9f0836deff41b905b5dafc58ad6063759b0372a634f69a639e19521825d66a282f489c3172a3659264d0132af3571e637782bb6fe5c0afd24547612166fd3409d0991392fa054ea5bd07a4cd0921a13ad7b62a0b5e6d56cd8adb7f3eaa5c99576941c38aff311c49a8c9d8c755869302a2e5e40109c8365a551cd3f859b9421be189d3a0e9ed78830d5cd6a2414e9cc4c25814d94d98f8848e5386d6dbddd65d22b96c5d20020a5dd409c7e5344065871e57e01c91a443501dc8bf619890fe231319b5480c3879dee618d319962596539e2970513fb5c0c8eac3a71ff99962779cf1d7e916566d0e29d121c5cec5d7302a18ed00be9316f3de8c669a64c2a960a588f9c8a42690f6867cda7146e8ce27aa6a7fb27606eed9df6a235a42d17ce71627446e206e879de56025a66556263f06684dedcfd6f083d6a707e5fc8f8212d716e062f0f7fd0c2fc62bea93d68581265a803c31cac3f8ac8939c5f8c464ebd19df42c7e8998494af614c8383294f3f3883f2404ac10404759e182a038c97aea04a85530ec005e203807c5bc30fa9f5339b32fb0427e64915e29a25bb25ac60b92256470e7de5298d42c6b88995f8d2fb704e49d55b66b71e237af90fcbfd71d9093e1a543da2e9911ac4102346dc4704859cb33ac5f5dce2b3331a9dc9fb506461a5436c89bf90d39afcf93cbca4cfc35da6ddb112243928246ae0d1ba269b0fce0468d3ecabbdb925c9ea3241e2dbdc6b151fb4aa724a42f98b0248171fa01fa103f116d0e7deb65dc359b09126f9a420300fd209508ec7a50be56d5b470e387d0c52a1d104625f9571ce1404d1b7af3fb00475b95f752ab96610be112d33ded48624015781e7198f4dcdf917839471fbedb43c34efabe09941fab6b342cf672a29dbb1eed0db788dbfcfcc63bcfe80f7718571f691818dd6f839e3cc282f85f03fe0400171cdf1235049fa53de7450b4c40ed398d5a486f52124c1c63de2afc950e81839f52d17e2a7d32f82788465a65da6cd763c6360763561ed2bf47749080549b6e2db87514e1ee1c85a0bbd346eb6e3cc29267cbedcad67a287fc5be65ec59ba8b6854b31c83dfc5155187d4150685c5c2c342ed68b01ac9e44b60f0c100a347a0f93074dd37d8956fe2f43110dda66e9f9e6185c23dab74cfca21f3ede4bca87687549ea02662f45dfa0ad27f9959a120cacb7c419810e1b1a50fad31c12c47d5bbc61bad77044aa541d29faa6126c60ef088b82eead17a52843307d4bf798b853d90d14c5347ff10615381d85e964331b7a123d15a77a6790d93e920052ddb4db4baaac5e2b27b66ff955e53b8308151c81da4711189ccf0eb393c5bbccfa1f6c94a8d5f4bcd266fc6a12061967ce836ca042257368f567dc42de6ce0be84449234a6163b72069f25b7ead4b2003e1a7665e87ccf211abe94175d1c11bff2c0b6bc110194d34aab96934ef59804cd26e4434ba166d9833fb091be37b139cc10748b881c93690528a96ccccd2dbe024510b8da37dceab567dc52706461c486a0463369cbb99bcca2e8a4d2e005c45401964722a4b3ed37c351c9f21685e8992c9634349379f41796deebffc2928058c8ef6ea37c6e4970dedb78d1c2a00ea9e1ff1e7708470a6c60e6a2b1e966aa872776afdb238e97f716b3df8dfd42bf0f7ceb52bf9eb33731bdba5987b8f48b4599d67b383e77413107857e951ae0625059e5616ccb41131df9a480efd5beab3a9c99615921caedc53dbad675c00ba1030577db1d22731677914fa958b44792cc9c19e2ac71ebe61a05ee67ae7116e39e1c0d103f18bbc9d531164360d901da8234d29fb0b37cd2a60c7aa2adb2a4b297ea2fb14122ad95bd4592ef86c88fdae1e37dc8e44ad03c0fcdfa3801e93796771c5a2ec1e4ab12a64b3ffe48e7442c6224661ed5cc987aada6e778399941f7b20f16f94fb346b916be87f005c9c13789741602039d38270643cce3c347565eef5ee09139330301951c15756be47994de6f1802dc5131b9b011051b1d87d744756831a71cc8528487f032fee9dbffccc751e6a1ee6d07bb218b3a7ec6bf5740ead7a47b6907d7aa95b79aecedf4a637ead8fc6fb8654c93d13ee79f5d6258dcc61993aebc65e4fc14eea7d006e31f6e9f60e3bca8ce52ec559876fd20255e507daa99b185671ce1ac11d448c30bcdf97b9617195e0ccd2d15246308dd6cda74a8071114327fe203b1adbaa780f3243105c5111636a51dce966f5652e39d4f91abbbb4576234d6cacc3ec57cef2dd4dda49a6c33d12bb7595fd5ab5bb15b40301f34ddfb831a5dbf62218f496c003227fe6282e2ac054c45e7f3fc93e51b3ee8690f08612395095a0a12729d663eded879d9ffb325c62f2cb546a48bed51ae232fa6ce28a2494c132a6e09d98c2e3d478d5d2d15dce2e2665e4a3db448931068b99899c2bd8ba87349b0cf9e3c52cffdcf58a59b4fe0089b298b42ad7553f831bd60f5cfa3e09102fe773e4c05412973a678f3b3ed420433cd664dc7f218e816a17c5c9013ecb84abf2dd073557dbc41b92a91e0339d57b8b077a9a44d56427fec5748c47c1460b2e2412094db6d0ad06dea0aa0c1368592594bf0b2f590a9d6149e44dd4adc4cb42e5d9940d59397b83b33b88604c210694e3fbd84795c80c1b09ddb3b1ec8bef6e9dfc4d7f295e551a79436007ca48aa605ef5a89571e59cb26f2766e564e39d3bb441deaa0c8664549881d90a77256c0f6c77241fd6ab74b0e2890f78ff16fd2f9271ef96ebfbd0b878ba9c703900752b7447f4efaa60bd9dc9cd5673a36b39d49f54274caf03c0cf82b95141fa20ed3ce02ebf0dd74d9eff8eb9e2dd3a2976b244b12fd33ee75c1f1c459f86a1cefbc817f42d7f43ba406098165cbeab99df4fe751ae3382efce32af252e461652c7598161e74fd8eeca474fab6b1ede039935f2fd4d7562623b90a422a78941f47a76863d95857c33653d1b42b806bbafcfeccb7bb4a0c58acebf6104b2570afc3ca88e4fdf2719cf39c964a1ea7d2ae4a7fadc938abc95adac495093f6b959b1347501606b3f960b6d739291aa8c13eb49e98b0f78d2b91400b6d8961cb6165c8b684738e4d4db2f2ac30ddaa03a5e0cde4142b625e81907f08c60d7cb5729456806c89ff0efd08397423e44738ff38f8e88684f3a099dcda455521caca37ab4f4d9ed5d37975d4fdd778b97cc93babc804864a35e3a2db04598152e67a2f1f157681c3962d46ada23ea5d9a524f9cdbdd08a07a3a85b1f6fbde11d5a35c7743b83bbefd19aedf6d92241d16aeca7f33cc51839b75f111e8edaeaed808daf2f43fdb3c6f032ea45052ac31d4870c4d0d76aa75d0b88635ce449054013f234c4a16cffc58c95ba1cb8a0a0399861eecb1039bdedfab4d05f0270c6b16f03f6b8e629f687f133ebf2662c7f930530746679aac2791f54d6a95bfab5be0c33739074ed4e7ae88dde4a8036a7d6095cf41776366b6ae3f8f4a0734f48c275e129cfffff5e0abd042f99a957bf6f0f47fc7288750f4fe30198f8cad7067b36cd87ebca08abd3f9475e7443f83cca91a1ebfc42ef3494871f51f6d52a5524b9391c687571be5327c7c94ee2a096653acb410917fd51e56a92be4f24c1db6b97b465ca84c31c04c2f61eae07e952eb6554aa4d8a380d9ee81c1c462c360fcc3cdff2867a953b655562cd06162af8b99bbe662e0c27ce4d9a1c1a907def48a3231c2110c930a2f1498e32dbbfee0e5c5869332f3024fa5dfb0327a27c663cacd4e9902de34dd93529e90eb347bafa5035f56fc578e8386c7571d1f0ba335225ecd8be026b4544ad70f3af11501a53119ee39a8558ca0ed5b3d897ffb9cf0fcab55a0942d3bf7bc6b94ea27a6b748f2cfda431f35252c44610b7e843ed91ebf7e8fe10638f04f52d6d5a7752ec62350efcb7c473f80b1f2a26805151e8346d39d23551e92fbe372df7979c3f756bbb43f6bed09bbc6b65fe6fd241ae1c2f1a0d0b805c582853b85502968f9478e9a84895f9d4ef01ec4f3f571e57cd0bda68ee1f6f7e14fb6e0f4ef8c7dff6796472a935294fc27b16216966d5021339ded059687355b42b55926854bbfbd9f974a0c26eadbfca8a6183093996cf252894e6db910c71ca3ab2e82d90d371c36b92c9409cf7937bb266ea9b29c41d774aa522e103cb30bbabfe872b57beb027623742806aa7694a859ede9bc1fd7b9e32880b064b0030fce1a0e5cdf3ce558a5feaa32e323dbfab6661c5878c9377ee52a615b7c17bf1228e328aa20f92d070c71561969e1af532e76835fb0436810c3d87b982217edfb1143bfc3405ac9f6f3a50145608dfa8658b0ab642a347255c55b59cd1c5897b2cf625a0f0706c30ca1c1321e90cec57b7c3d1bd1af455e3732db80643383c41eaa6781f63da6233360ee720cc04d171ae2445b0c071e339d547f7ac32f407d29ec7abce0a9e1ef5276544877bab2f84bd2eef47ffa66f96e7170cd54d836c9badbc59435146031502c1a3cc744a470f693636d9050c5b894d2d6047df60eb0bac16d905d46cbf017ca69d66427cb88036eca4ea9d0e579f6bfd8a4a850703a0fe49d39c107c9358e98689fb62bd0475aab4b2031446b437c7f9e373caf0270a28d7b15c71f02079dde401e26175bb6e392106a9072021f0e5c5145a1db6f595b032faed8551f6e2ce318db1ab513db876a3eb42d225014949c19543e9c5dfd2290e28c5d72c87223f0195ffbcba1c02c7d0087721efd2af6881dee7dba7565e07abc35bc3fa41c6a4d6a313222ac6dbb117c69c62db2691c68869ac5fc5e987b0ae4335f815c73ea4235da2582dde81d6fdae5911617daef847be17f2bc09edd88830eac03977f89179fe03eb2dc3b38df43803ca2d38455232549110f4580ec3cc04c0d8cfe493013d2cde47c506ef6a8dfc42d998f70378fac5ce4709345926dc477e9e339d8c87ff6287ea6e2873e14d538cdc3f2a47e0e37a2601652f5b665b616a7d1ef3537a3327a76f93990f7694e6484e7a52a10e9eea2edc92b99406abfb2b11ec86667c7af4a333dfe900bf071d1bbcf4f0ad768fae4f450c53817c507d26e926e753e3395201d3ad89061f16706d841994abad283f0db74cada25beb5fe46f48669a62e0b849cb77097e1b4578b45062af4a071b04f0cfddf87519cf2bfa10ebb4b860239ff187e6dad73806ae968e6ac0f738baa88edb3ae4883a9e59be7a6b222c5f54818f95578daff9fc7a7aba8c4a41a699923e85ddf24a32bb71c808516f64d506058a70539276d57984d75161cba7d53a4a864c51a249a6b8fcad5738dd0055ba8468b56579ba5f102642df65c598490f3a0c9b1064f4eb1962c4c38bfb7d55d496a0b0f7b3f90b42f733d112c89176aaf937eea4bada845f3ca4e9b56b3a5a06b4c90fa4c1914ea47020c2f32531e270007ed389246906ecf2c4465f7cc5d6a347583dd73341ad97199021819be81100d867d628323ef7552db945e4c0be604cf6c4a8197958bcbd6c1879387d3286dff979632c54baba2a35ea84efd7726b662b94fae61464d069e0103692599fb86fdc3a06e01c6ae3deb3de6fdb21806c716e5f82b784e4ad3f0e2de629a18e3a2309003dfde9dde8e5101b83312f76e811277afc286b56879f4eb80468e58c60bc088284d05d725ddfe3185b7c51b472a7ff7db3930839142d4a452ddab628e07d43375801d7c6a711a55b452748d770b84ede35920c1ac74b595baef963d21df9418533fcf959593ccf5afccc753e86c4ae231eafe77a158c2472143faf169db29bf2b53c3288d8b3c9added65778095f85e2cb471ab58362041f0a27d874c42bbb06385a0403ca193cba67cf70029cdb7e73c7e2267b856fa0b8dd4c706b45e7174659b0ee2891df911724324f7ca5daf07c912b9b2abff762e62a1817688757492975db7185c4695f3a90895634b8d07453b36dd95197abc31d5d153dfb0d0ec92639540e99d6590f9b394f14c93a5e829fbb33616e810f59c502be44a13b700fd3009545e34c211abf9afe1bb8ced793c6f516d40010649f83a78ddbe9b71d8596582997d0aa54192e1200db61dade30500d72a184ca7dfcbfb80e5442f489d316cc8b75005564835d4b11c482e2c4d0d160f14a8b13ae0a0fb0ba5e3b782770aaca357df0e1c4d1c3b28b776a8b3e0da1abfd4f7190673fca1e1c5a31c688d6e8ddb21300e4178d07c4e854a718ac3f672b0120d6a54c16957c9ec8c444208e47737bc4eeb0bf2d801eb2fcb72f91fe988aa75f38e6cf26e858dc2a718580ff5d281d13e8fc3e3bc30c75c0193481c39c375a5b06b962d9491f3f1fb80f1cb27067f0709e0b0730573a9b5f5bdbee1708ad84b4ceb1a9a61e4c41e90655764057bfa07b8c81cc83a315be1aed6a49715479c0fd0f53f625fe6c7f36fadd001149ab978532e4d0de3d1a38934c74265b161899843704fad16ffc6189f42a5cadec98603e0f98c6889bd4a559079e074cb40678fad4690a20d988735280a1ee8ea71275069132101b35c18ecc9d3c6eceb4cfe9b165e4b6acc17d4f113ef8283c0fb6506f5635401e916d4f7e7bc3cf49aed166587a0c72cdbe673f467d81bc2e9cd08cd8dd16d90b353481df31e89b45e8b
+
+[L = 48]
+
+Len = 16
+Msg = 3a35
+
+Len = 104
+Msg = 7db15b3ee240b45d4610950996
+
+Len = 352
+Msg = d2a1efc725c46cd6a19760f49edf0bae823c1b4992ae2260085746cf65833bd008e56e64002383f51f960239
+
+Len = 1016
+Msg = d11ad1253592c094746da7b5c88d329bc3ce1929913b8be07e82d3f6b7a536a855f31ad197376eba6f2f4534413fc4e4e7673fdff8739f774a710754b568b7c61a473059a41c98aa4e86617aa66d2601d0f0d584cd9f132afeebdc0ce3da6a8b290059e6e4aa080c195c42ae7f7e1e99865223439929b0a3a0d79b46ca6419
+
+Len = 13696
+Msg = 2f7a9929dffaa4a4dcfeea1fc37b18e3cf935abbaa17cf9d834b3a8d61e9fabfb7683cfc387d6f46ece3f8bf845827c7ebe86a651d6dc1e83c5772cee1a9fee4b04453af2f68430bd87835126cfd1b3f8beea4d3822fb27864570e255cb65b414197480b6bc20a39c5450adf2474da93d72f6ecf8063899722d3755b7a19f71e93e782d89593ab19ddd3ddf053c54e0bf832311fbf132e8b9e540f38e4d9bcc3cdbf69de54e40ef348a9170ba2f65def167f568ce846889c0161448342fe907718a465e451bc1b0f2e4f21f9b911f186589f43dea305811473837c063b915d849c20deb43323bab4b64e61823f1df119e71962dd975700391b411f8778980a3080ba3c14a321d32c082d416ddd2345f0eb751a516d44ee55222395cfa11e7fc4edfbe7cd49bf4ebd4d7428843a2ad5538b3cd201ccd431aeafb146a65d28a4870a6948a7cc0413b0adac7e8dff3a898aeff5f4b65d10b28ceb749bd354c061c3008ec569d5f90a4d4f5caa51d35b49dc4028e738c8ff5939fef3fa202fed9ebef6f2c7dd0ba41cdb5c0c16985f96fd93a65d134fb4a90ffc0fb6cc5396b843c2151bb7c9170f2fa4fb44292a4af28df5481de0c3c917ba1c46467a35302738158493fbf6a0422cee558d4bce3d78e14b4fefb65bb05043e2cc2a6a8ea64565ff6ce2fd2c4f43fc02926ee44ee02fe1dce25cfde0115c9396c9ea06269f17b2caf58e2332cc1c8528d9705c70da1f76f22aeb1d1b93449180640fb5c4c4a708bc4621d7d2bed5b1a752191cfdd45086d34f247ed1df0f24e7c620de32bdfc4d1f882380d2cd7467c926f48abc75cbfac8788f88cd9dc5361517a5eb36311e6b39e21a85fba2038fd47d860f776697bb19cdb5a4d6746fae507e274399c91648537d905015e58910117e5914f44ebcb00e771d38b30c1473e1232d4e222cebceb4810c48e83e0fd4c852f4fffcd643c0ef9e4fae2d0ebc6f102f3f749b02a5e3a61517d53b539cc24120df3957a633d50369d46c0c226f8924cae51dcaf54d716f61385fd8cf38c2c311a32bcd6594d6930133dc18ef36a9671ba8b179abe95f588ef74e8558ebbc974dc73c26bb6eaae78ef464181e18b71f4b0f986ecc8495a9c4dc0b0b96be9806fbd3d32952ca3b4737a06ed6561e9c9581a33a720123fbaa2a70fc3233b83e56444f5aa0cfaf70fb24be6118404f3e11e6ea004cf2d079a3e93a8ac1d4e297cf4fc43851dd26314a7ed6a5a784b386daa26e50c64692f7db28c21d82234289bb45bad5042236667e6d70a24bc9525c3adcb793a6a5725d9b10911e3bc8e3fd604db7998346e7f7dd1815c0cbb735a977bd4b32b5b976932bc92ef3b56bcadc089045ec95f241cdb0a84c67f1f76353da6cb493bb27a881d37a2106b8b3010cf935eb3601ce4dce3e449eff8331e444ab117a20809a1010db4cf3be0c488f777b6532df908112e3d11592f04a0cc16232d62340cbb8b5268a662b8278d37c03d848a04f0ab498f5af43b0a20e310197b7e1395a65299fac29f051bcc5fcd09a5605bfee370ee8ea21f5807d9748acca815a44d81796d68b0014eed3bb6a94233fc51725de3809ac6f538beaacf8cbe3d96aca21a7a763a957f8892f22c6d086d9af2e5ac9d90321e186584f17e964c90739559ddd034df076c4aa38c2b78aab6dec8ef6be9adf33bfb66f159ec4826653ee6cb483539c47a4a1d95663e6cc7a42a3bf628623a4c9500a59a50a312aa104b198ce5f3e58952bb79ff1ccfa9ddba2fd4705e91b5acaddab9d6522d7666264ac5f533b6d8ac4512d8371c69c06b6d322b046ae2a0a20aec1c3bfb05f3d91b9044cabdd873abb5f2b0e3e19740df31e39828f9ff9bbb20b73541a7a70b8174ce4e43e0d356e629cdbc6c08d29bd7acb6a4347823075683ce9d7de4ab3ddda6572b175951f30a15263355fe9641b3322df7dd52077402a884cd472e6d0b6c34cd63ab63cec8760c7ebe384f7cc31066bbdb7a3417425e039c4d340166e4bba4839076ac9457c87459c57957d0a06dced2f7a18acd22b7295785dafa435a2a8a2c3a1fa05d115fe129d19fc44c5a29bf15b4d9c2b375bc8e591f92756cfc573a39b8fccb8395cad7617b11f14a60e2dbf69b897844cbbcb70363010f6e1bc0590ea594aa924597dbb32a868b55551789f82437180b85661809089d34a168d44b4d788dba23b13542715843eee797366d9ce7793e72331735bc78cd61b13421a568ba3e66926921c04e9d00888ba7ddeb474db63813756ea4a02c1823083e36ebd2d32d5c88cdebb98d511304cc276c7799cf84a1699ccac9569b13f530c762732e6bd0f8415001b2c02d11dff36660b717054b16df49ba38425e3764a56052ffddecdfc686aff22079897376cc15591e11579fe4feeccb55f
+
+Len = 100816
+Msg = 5f464d3301c5e0871d6b41b002dcd09abc80a805de3482d97f3fd7b9838745da1c0534168f76b93c3c53bbabd904541ffe5179cae619dea77446140b7400f47d242141c7f2e9894d88f44c9e066861498e7394f206f594a419790d697f6a11187f84bc6fb288186109343eb11172bec076d041a4c7306d7978c009fc2d2d62563614ed3555ba2d21c8fcd70e8389352dbe4ec808af3231ce990452eb05b1b0dc4fbb1b4265e69235cc3561dae4148c386cd770474863a84a822b2e5f905fc255d55f90bd6a760d441dc52240ba7d8c888a5283891a2c99963d1fe680549d6267cdea92cfead167f6c49663668f2bfdc61fa647f5abf3ce5ad2c6c175dbd456ba41436aa06f5f68f5c88e6b74ea86a79934bd05b486210d3d470a0967ad6d67f7385260578088d7e63197849354f651aad07e04ed301f1fe7a6d2047d50ce5dc6bbffbb1da6b47d740898f4eb54e3c5a1fbd18ec93254cc01f705fce04e6100ced132c519674b2345547804a372b5c925bd9ee9701527db33408d37b72f8d18b882d3c4744eb58f011d21fce336d426de1fcd5e09610216248b51fe2b79b96c2bd6ca0155e05a8a516b7a24d529a9a475284735bd9c4c437ddf399864b64fc5d0d6ffc4e5a7a3dbdd476bc39ed29a0a92e1f2b6b3506c2be5452d4f896db6eb4f895b554b2af64c4cb8dc2369b91022dc50b7291404cc9605c31569c32756a64ff8c4fbb0f1bca346c7b58a5c6774b2fc7f7fd50741d34c8564d92f396b97be782923ff3c855ea9757bde419f632c8399763003b58ee9140c2d62e914c1e1fa742661a9166d42267edc40905b35a25d5c3cb3fb457376b7422896df7bb19c23e8f764416731d2e20cf2c1beb8663c07edd8f105e078e2fed05c5e5897c430017fa2160f565a75a4c5c64a15dd7d644bf355d169ae2696ae5ed1a39e8f81055cdf315e5b0c6f9235515fc4dbf30281ef17b83a6ed604f89293904bf78c7183fcb0ab236cb1f8935e59c51559217efabc000b165d819b717118a03facb61a13a99b194f8b6c7ddfe5850127d79078397a56564c7ed6716a129409680434061b2a4782c9006587de927c1ae09d6778a5f1c39fc419fe10493eb0d4ad492fbd05485eee7913c59df82fe7182af2cf06a6e8edf06676200077bd1408f5c1cec537cb8566470cb44895826d04ec20f0aba4297c501add65c75d5767ad2ab63aa81b7b66f01b32590f1d55b7e50e6df1ee077a19c8c895f5ef62d452cc336e9aee171fa997ddcedd7af86e6cc37722fb5838a46c5e58e7f700edfb7c6bf832171d9581f660752867118e9535a6118635709d6f1c1cb21b938068958e956149d9bffc67f355cb88205d4894ba97c3e3c8be9fa2d20abe79f3f93a6a2f4f56fd075bb49a4b7dc83630e58c32a29d757fdbcaa607352f65483cf2cb4208a3bf94ca7a25e2a4e05279be31c33696c10fa4971d1b64ee938dd299f483e5c098845749a3b706a787529bf2ca56693d0a7a98243e6482a43e1f5d3086ca1b00368d8ead5ed2d0fb79b1e2f537ab9340809ca3a9b5eb2900390432293008ab7086c2811d33de0648be5597ef002c7c462b5e0f4e0b1720a98b2299ad7aa55eb78f0c77c2ab4371385f280107ae40ebf814a8223dc74f31483c63d9e4ed09fc7e5a51bac34d69d97163116a66c84ea9fe4263269b71fd228555ae3cf5109c4d6ced7b9049a2b8069bd2f71834d6c07fffbd7561939188bc07dcea08086bc7182a5270427c3199bf5fb5c4549861fd32a38ec81c4ab058c777dc01864787f0275f911a17838272cd65135f66baf06d8d93bc439eeb55d50b7c5adafed8eb8140b4b05f59871dacf954f4b096c30b7857774fcd319c096750bf605db8e31fe02cd1b9294eaf8bb009d4609f2cdb3a8657f650501b8553765de8f572fb91ac77b35db35f402453e5c58f60146f2906ff56b9c6b3a5d0bb6afb9e2201110919ac9c01a7e9750dfdb2f72afbf7a8d6f64b1c68b9de17a2c9abf289eef24074eee9b1649caf3693118165503a30200993d271aa31b8b92606a10a52612dd1fab495b82f9a98cade18b9d8a723a71ceb63fd1d27372bd281f9b40aa1839b0cc2f2177a09aa8e7b159ac118d7c145e7a4f032e788d21facde2b4dbc1d5d2238f530d9bf9bd2798f611d03ed8919f0c85bc2da99750b7a8d6322d2e66ff6ab9ebaf7424e8c1c3f4fe92be61f65359106395f5ef995e925be3868ad513f561f873acdbaf18590c903d64bd275121c11ea655124d091740887868544c5348664399d3da96e2e35fff34f062fb939d656bc072096e510b40b2f75ff010af68d64fd0acc778e2e13c9667de266b1816c4ac449521b02bbb217002c604be72e73051aa9048d192e3210a68769dd2693e5d44951711aed3a751240d42f8925844131daa36c51d7d59bbaf99623fddf1649db954705fd6f3405e63894f5258c9ffecf83208c2c90cc55b1a8d2972ea6b3a049ee54942b50526b7930953986e428b2c75e47ed870bba68dbfa624dd94112f3059da0a80c583baeb570fe8314f5c66501b34116c81148dd22396fcd6479da49f7e952c8084f97d6803ff85c3787222064ca368f596a1ebb6dab20a03916b3ab071c927d87fc10ecc4e7ab4a5761e3eadaea4de1a0dee30aa39a9e4dbee047201d7d8a4df1284cf668ae3ed7dc4cb2cc4b5cae9307353fd2ae4c105c5d9f3bb021535fc3ae9bf3ff54ddda8b2e1037cd9d69822df436dc1c750a9f557d1a3a63fbe73c64261dae0c70bba6edb57519f5b957f138d1aa5fefe01b73c1851aea42938147bac2762527a492cb85da43014c876e223b05597354d7c9b328df67f354d168a84ce86dff57d8a870db034196dbeff83ebef80bbe52425a8810f2c9fea29ee688a201cce4a5f447be789a3881a9da3b6c491288e8f1091719032608b332e0410f4576597e17e0b5dde305f069be2e80d565bb979a3915488f88e3ebb90e81c264bcaddd72b8843af4a4ae31f723d50fa0995b027c334c351128913bb93e67b1b08f101f6b8dc8202b44fbc3d3dfb530f66e5a8f35e69725c86998c05ac87c561a4706e90fa095adab4a566da4fab82bff6b20076e5bdf62dbd6614245b6a6f8cb6bf60106f8d12b9c3e26f8127dc547e2181531ce980a3273f452892110cfe1ea834a30f99d66e026a9d22dc76fc3cec8fda2d7fea701deb84dd45c97dcde57a017693e90983a156f11c4d168d89c06d8a32dbfa590adadd16850854f24bba315b0bbf372f03711a20163afa0c137383b9120b26c59f5e9e7cd2ccaf0ef4e0d70d5a81748ad441ee5fe178e14317cab184fe178fb0cc0d82105d2f423467fdcda0f9871b9d84882609248356f3053a99866dad9f9b0f8c4a897a8cb8f30365a7ae5f3ca6e772d863d445e6d57c6a478e35d719d0e4e84f3a30b1816ddb55bcd79df21ea0e95da72a19cc1fe74fc576120bc108be3ed4cae3bea889fb4ddd67efe858a994237378eb623dab070d954ac780c1e6d2095383c98ba622cbdb18fb53260979fb2672c21a4600f4bf06583a112d303096d4e30e7e1060d869f386eba3cf7aec3052ca17593dcc9969fa9cd88179c262770211cf53f53f175037a5cd445d239cee48f7ed0aa1d715a22ac18a8aeecf191d415e4afd92b76c091803f4c757a9e89f696ab7b11ad6d5f24774e4a004dcb0e3f33705dd8150431f051016af37647b9e44b10bef114276d4b1055b634461c655a82a847639a038ec9f58876e84e9a2955b696e072d8054c3f81173473604d5fcc0a75b4a340dba0c375beb87b8b01a0f2de232bbb8371c3a9d27a0ce521c4c43dd3bdeebf92f42f87d88978d5b4e3e563cba0e5f59dd29c31096885b113ea5c57e66a3be015b703bc26d3fd1d51a7c14f85f65747ac909d7e30c8e800be27eebf4a62e42e538ae30b6883907cebb7fc5e150bc9da3a138f394e817df9a9e44420078f30d0d3d6981ca581791a097a5e3982c983d5cec239096c7d8cc55c87242026d769ef1d04eb96e5b5001e3358af88d417cc61f107659791a35d8b5f7a5767ae24d5b2ba7aa12230076db1f1b9b6f213dceea62949d98bc5db38743b23a59ea75dbe4231a285678f5f07facc053c2048022fcb01f15e8c100d64a877ecd56d196a6ac60ae35e0e09a517224ba409ba7b70d8f9fe65bc427b212a4e9b3cb17b0d332267cea4f3bea7c1e550f7ffe567b20e3057aa0ebb560d00d28e2f7aff718a9f2d4d044f0d20709bb9ad567c98cff7c4810e8c542370cf90a491bc1088f69998d59f344b74db6c1bdb61f284e99b517a11452ca0bb37c7bae77fca6514b341066086e600f098a32a92935380a173c9182a2513584c54ff67e580dfe16b508acf1729a3d649ff1eae286bffd688fe658612d6c8e69e6e7f7de4ba85ec54747cdc42b1f23546b7e490e31280f066e52fac117fd3b0792e4de62d5843ee98c7201529455c85b169fdb90cb05e3403cf2f737148bd20a53c73880880a14ffff37d62130e682e50bc7210ea6c1f0c27656cc1785a0d9ce93ff94dbc5b2877519d9bac4a339e98ec594a7cc76f4ddf994fee8070dd4b8e0fe0e51b93105fcf566f83d914dd862b4ce78de7e9e16f142234bd969ff8005dddc641dcd3c7cfbdd6113cd3ba34a9503a0f433899e90e158abde2ed4ed4b3711c991577c5aafeaa982bce80835f8e6d7c7975571fafb1499991646bc499ec32930367d4b1de76ff656442cab987bdecdbcc2b2bc35ce01816594bfa4b6e33080caa41dbdf8ebf2205649f98a2d3bf331fb16b9ecd1824eacbbc9f81297b115b4d36aa7496e05f7d40d4edd1886c1bac10cf3f97840a03277e6369e7a7e90d932050ab8720fce076de5c355fb17959bd75cfaeff325b0737f8f5b1160de0b0184ba04afcc30bca77a6a37e29662302d01858c0bc1d32b883011b7df5a387805296cd91bbc835a3e76152d017ee929d4cbf137eb78db89d71617dd76cb00707aacb8088ac77a1f52ed710331193edb29933a7efd8cc153e6adfc2c6637e88cd86b06036b8177847b4d086b0ff9b5dc91f3cbd1c08217023d7449253c25331594f0f16a3c5f2e122e0145c4ec94f096b45a1fd0b2dd3f1d51e58978471782a336eae49d7bc4e050d1c6a391658f71a1f752c0ec6302bc2dba9e3766359359ce34955a2db86740c90d09cc50e92dbb76e17a39955fa7108bddeaddaf860d1aff14acec8b609ac1d336270a940604209df91cf45be72edee04277d694a6f968ae6d8e065702f3d607f3baf8db4ab7637fa4c78bb0b7fe69937eb1dcb616fca564a5a521e12df71fefbc321187159bd6a47b066a3440ba634de9153a94546b63aa33aed9da2018e1f30628df37f5360ca4f2660a46ffd73e58183e8abffdea25f7bdf798a2b7cddeaa481bcc6e682a67e99143066963d96d4a928a478951dd6ec59b1be8cb23aa688e1867738aecdd9afade39c92c0b2572bdde84eb912ed990ac618834c412231216fdb84f1e01b3f8414fc6dd0f646fd0fa62bb0157b3535e1497c9272df1cc5dcd4e6ab9a8456222655c56ac73fe0d2aa8b599035daddf0986a45b1a59510abe19a11b6dba065c8bcf8a85d20a3681c2414dab7c036cc1358b1dba98d6ae62c5948c36b5b3e307a6f860c0c822ac724a5c917ed5f98ece548a7a741d366868e6c676394c3659f7f6786594196dde332543376f9ba0724b091d30f431f91d919417e5bf7ba1e9a21cb80f6c204c3a58d59d960a5788b5cba5abd7c7518f4c5170115125de97009a6c3fc4d5773e4f57fdd433eb7422c7c4dccee57a1679633ced3b5f08df763d4577983c5ca8b49bc4e08fa76f8bff36daf0fed068db47f0c87e0e45d518dffe37c129cc6e2f5f9e0430185723098e715284a42f302a6b8368a4f2dc16f534d1e5db9d0b86659fc4ba6f16c982774115d02a57684c7e5489b1f491584b0f0546e4194a6041f5e5be3bfff3852a4fc772d83491023a61a37228ef6260edc0d1cb972cba610d5ad1d92d554700771d8236ef55e983765ed8eb21e7de7c8bb51aee9368758454fee4a3f32179c1e54af1d069e0b9728cd0554351907e018146511e4d6f0450b57c8ebd21c71450116296bdfc779945da60b9192c5bb9a67b1f04d94992df4cbb3e30732dc8af2177fef17e0b7d01740b8a64db16bc29c1e589b6bdfc967edeb2ce8a649ba892bc856a929f0b837a838ca7f917a52436ea3d20e72afacc5b9d58a7fd0fefd96787c65ffa7f910d6d0ada63d64d5c4679960e7f06aeb8c70dfef954f8e39efdb629b72979be208d616071289cfaa0756a4bb5eea5c7baf8fe7a31501e7e2d67d708d461c0c93e85f03afd70bd9e16437171e01a34f475e4b5a58d13ce4e2fba72bbba93403f3f8981e0bbd6a8a6223327bf096c44b36e0ccbf7592a98c1fa67f198b628787ec80aaef848b4fea158c715799e6f458327f399e6420f0e7821f2dc4663bbea065c7bdfe830b6102e2e7193381b9dc7f2381ba808c43b8fdf3addab4b5fa81564716f7d46e0349d9b27b559710d723c7ef2f79eb55c3a9d75b99ae6fde6877b278b583f8ae3cae776b914b0cae0772397fd19b6a27676c7ca02cd07f4b4d49bbe1ec87f2ac7e39e5f7712319c31271dbbbaf4b826af8a9f4acab696c62719f7a6a032c4bcf90922a3c630647b7c1c7b78b10afbd863f07486561a0bc8d9b1ff5fc41998a7e3c604e24af1c1df2da1dd5d83eefa2e4012f7fb5959ef9339574367deff73723484b5a969c8c23dc251a3b887f34b9ea09c9a1838e8aaabb254445d7556dda257dfd5579737fe1dd6c67f3851ca68b011e7cb7b6958d588f143828f0bb24fceca31b47b77d1ce05e75ab05b55d6c9f9107f0c738f2cf8a1629f7e9b2694324e082503937ff8ca7c5098f770289af7d038dcedcf0ed77c8b82e2a9003a6f3db69e14131e144f6be7cf0bb5353ea96aebd78befbc6ceae9bdde97823cdbc5ca8ef8a993a9d9383aee9f2d6a18fc64ab92990672ea2dc9b89ed248aacf7f1a513da43fe5953335afe76d78867a066f226ae9c727c6c60671c50a50732698ef7a492d51998eb6da5368a667baf6d12b77eb36686ee0ca239dc6f3598be0bda79e47f0891fe4d8989df8c685480de11c148a2b44c8a6bea3a50b09be557c51f545a09a30e9362cf3080e6a6bee3dbad370ce24f6c5a6f8091007ca195057fa3af8f99703a601086c2a1ffe55fde4c2c4153dbff8d6601ab68743c0d50d021b0b3099535ba6c40f866ca3ff0df7c19d709a3f58b57b40ab5e43556a8c0c1938c875267bb39c0db6b45840e8ee7c22bf6b48798bd744f70e42fca343a8bdfbd7f55f275ca5d62c7288756d4861fba68d16d842c5b893c1d8171bb3c8b593387d3426f292ace5cee7753c9f9a12e6bb9af5a24192e4184f7d3d191d862d3c3dace7853eaa235b6369fd164e5a7bddd06daa3eec7fe4130e82478d36f88a0999cba1f251ffb3a7689ea2baf016073193898716a9f933448d7ba8e0968c669bdb7dd5e6e32fd84a6ce9e8632b393f9263532ec2107b4c0d2abdf3abb2de2d63511805eb58a70bc4ded040d76640af60ce7f03b9a682b8dd84ed8a47225a48e0b94ea47828f1c8974cd64e5027d8b13d43519875d2bbe4461a7f0f5b5b8d63a472765405ea9c994225806395e64dff88506f7f7f3b6368d769e6e550d4e3e81efb13771cf403e855f75312f1383ce4c2744d0b4e3735a0f1e1b99eb014fa60c0d1ca9035fbc4403330c2fefa8411fb7c3d6ede5b5c8f4736106bbe01923d483a84f031e9685a3b6a70646a2a5059ce35fa496b3f21fca6047471a5bdd33908cc9328de9fb032347c249bf7093390b750696124621dfa67fd9c7fe85d6e5a4d277ad8f8d169f8b5e8dbee280f8443518bd94abc5ca704e781e6cb1868ba2d6fbbaa850326fbfa5a20e4df6fb5f8ee2728e86a758763a8af21e1f7a8584d3f0b09a0b19fe8fcd37bc4fdf45084d7fd92b80544f29aba52496e2c9a0aa4adeb89820be321cfd2f0a53585a15d04c7fe4ec9be6eb5df419e20b71506c1f642df75c53a9e3b2414fe6102fa8af7be3f6c95de824c31fd6fe8ef9d49e26095a2674a33cb574e9e493939bdeaf5b309b4c51256ef71e95dbbcee0a11991693b533f916e1c82ce86d65d89b6d596017fae944ec364546e78abbcbe4322b83e2fcbb4c5d4ccb54d8642c7eb9e28c08598a356a5c46f8813e6b63ec2f3e3bb721b726361f85a734e0514f4e9c4732991ed3998b1ba8f618c2071d1b943eb0f8766fdb7f0492421429bd380deca3325c8d5c7b6ed16429539ae54f1eba39748f09aa44efb67d863cda304e8653ff7499cfad44dc27807779ef8e63be4b376ec403f3c84eda4e5af31c30f9807762e0980b4e5d9dc406cad4e888bfc3ec4186de8ccfcf631b0ba5831747a1c200d45ea06ac82c7952fd09aaae5dcdf5475da427cbc8c1f71ebe5132f2fcae15975ed6fa14a11b38766e1c446894f31c0496b0e5e96507d28e6e4549d6d78841e40630ef306491a1da60eaea3fb69bffcbf192610e2e07bc1124690fea61980e8ed654c5e796f67d26db5de35b4a2c67427833e360ac2a7d4fe7a5ce572144443ed62ac460c1b19402e85c79e3d80e1c143279b20a66d8dcf2bfe1cc44a0f5aa9b0d9b36c46c2cae148dd0f2ffe9a8e6e7274d1832e57aa39fb40553da6414094e838d613a20ce9307d49f97d904648d6460985b01af769800cff9a940f70729fe40e98feb64ff0a81c5b2b096b1a9d832e440c49e4e3684bd17a5169fe138d2544d9806fec027dd2a67f1856178e090f9bb2f9b314a202e7e95f2e41fa80dccf7b1810e9cbcaed2acc2445d60e26f7d63ee4b28e4299e60ea4fc659e7d6f0de91748bf1ede1fdb2acde9482bb76bf6716847eb2dd7517e0a94f0bbf20f248d2c79fa0f518b67a44d5c4c73a9bbc3816ba85ae8344b5f377649da75cf1857d6e4338a76446c48e52cc7bc7ce283d4252f8fac5e1427299edc33f84798316f77bad4a87849e91a1a23c0b7a86898046e278eaaa15ff33730a6d3f885dfe2d1dc0acda2a9e49a71cfecb7dcaa9e70eaa8fe15d4567a280e8960ba49d5289535907e9f277f96e8e652c21d89e81696dd821db5b7e1e53e160584477aa9e4c0e12160c9956df36cce6f4e724dd543827366010ed3d843cdf4319c1bf968a70e9b1b6bcd8af96c9eb0620c569716b7bc42e13251a6adf8201faa129844b5e1d699cafa1b66a674e732c7662b0410e5bca2704c5ebed7850d0ebb825cfb0627a183cc9643b709aedeac2c06700358400c389f99666ae97ccd37f265da7addeb07df9ccad6fa777d0da2fc47b6235179136bbbb409596841e921eb278142a19e6203c7f235bf8461ccadb4b47dd290d36ac27126c808b866f9531261f1e0f5c458a6bab6f064b4efc432e1c7379f9af19ac34c5c22e76e6e7651e48f9ce44eff542f018397889d896cc9001a63e8e455fbe4a9ee9a740edad894fe1af2bb21a1dd0318e28ba982c12ed69c08835ce17336ad1638af3cfe0ea892ab8e83d3f25e6bd98d5e4d36292992e2122c265a26cbb3931dd4c1b0d0ac5ee19974d0dd45777908bb416cbce52531820effcd7f28e1fb2d3d4d826e1b2673e834485a25af9f9d174f566abc3b36732ceefdd91a7c3885e1d10d51c321ff704d0883905b7539309ba5e7b7a2bfefd0494e90e9da7541ec37858ec05ea9a9ec5672b113cd5ad6ebfc5b8fe40ed7c3f17d8a73703dc89086b4d75c5eaf06b840bb2f5b4519a4fb17bfdca9605f17253f203efffc92da96fde023007d22cdad05d18aecb4bf08085c5ca5eecd21f2b611e7e8a0ef981fe7aa2014f5ac6862fab44011dfd33be8a1226943aa7ae5fee9221b0400d9ac2ce5241b09a68cde6b13c47d50bf310ecb37f25c32770a299020d8500d8a4b5d7621e4379dbd6ef34a9aceefd4055ea6144f54bbfedefb5b5b0fbd1d81c7a51a802072ec3d84f34585f22c1df84caca07849b1ef054cbef9b40848e9fd238761df5358cf55a79a53a1bc749e49ffab7c5bd9a28bf24ad5833facf43bcc3852c1e85cfe47929fc49c325c20d74588eb9833519f192243cf96625057899b70a7c93f8fdbfb60d8129d9c43c95f8782ed8293641ffd21d21d91a0b4db69d766f6d6497e9a414ceb04b65425d6ad6c8811da00639dce8d8030038f2d08330c75b0879aab81bfb3330b950e54c13780d308fceed2a103a1a8b77a923b66aba737654ba7995acd306aa7b80f632184412e2369c353c2132ae614553e626f0a3436959104ba6e0040dc597dfbc3602a49e401bf2249699375b2c722083489f54fcdc1f616a133ef6112a1754818158ff78f245b9046100b0e89407f74145fe336976af971c054f12d98002c68b3aa2bd699fbcd71bc4dc071e430bbf694595a951e01098aaa499be2f70611f248a694539ef8936b2e8b7a3c5de8662436fed1f7bc24a4e5c17a663d9a23b4692993301b08cb3bc10f518eca51081c717ec8dfbb0c2669f7987fe6aa0bd98231d8e8b58951b42537f12884a857e02d62de4fda6b88b6b754b1b27394c6a819e0f92f6b2b2473fe245678e252ed31477cc7ec6895bc361b718fcab3aa550fc9faeccfe77cdb5b151ab1db2e569b5bc923ee26f0b6113504d295112d47218140e44652a10af10a088f95c7cf2fccd040fc93980939122411ec643e26e7d69ced3178402e320fe156e774b75b5afc2f3d6b6ab828bb4993b1436faa5728cec34d66f520f59e82716ed6d1324944c3c91d04d5ffc5a921f4716c39de24768484d0096f7d8dbce35aeec22db11f899e5e7e3d57e7668f35d6c0db3542255d9262137d39ae6cf9bcde254dfccc54a6062fcf8982f781d9ffab2df4f49ec04a72eb9646d63bf9e1799bc0bec0ec7f0675ed9f8dc9b8be15d9f2175dfa1c8bc99071c70ad7bedb10a4143fa91c89f54777f84c9eae9361cf7f4c2b7ab873ee5785a5241db0af86f3c6d7f091623d6dc576d07550a42023633a09c8dfa21d7e70cce64c13f37663f75c47921c246f3f2d1d16a8283ce7697da4cb7e016971a2a1d0c59d6202bc18b7cee3828de597efdab53b33a9fb41aa7b49f1c964512901773bb396ac80e90ba1a94c408b2860065ae9aec64a41d76cf8842d299d0babf14d5840d647d075c34175e26a786f30091a24f1ce8db30137520dce1cfffb6318a0d0fdcac883eac603bf365efa2c806eb4f194cae8c16780342165222192f6ee2e103ae2a31dc08a84dfc89c64d2e9ada7ca1839dfff62ddfb7982c79684cfc821a098bc6bf09f87317209b16d14d45c6f38fc99f7bf9bb73460977bb323665d480c87c687cec052a5f08a2c6744c8e177a8a269b4a47a925b9123cd2c014313edae988f8aeaeb633ee5ba6be7f53fe36da3aa37ab2077f5fd75a82a55a0fe62af213b85e9e7694f78cc2b0e63a8c1b89db484722fc62c688678a511c474f0eff8eef1382946d26de00e5c626ec1d7079445c1b7c6f7f05073249b11fd1fb30257724a14cd7bbf451146bf366de2e826fdf1d25705587c4460040ab963e3bd504755b6aa5b18786b68efd3c8e59e8dbd172346fe7f4a18bac98164669d73984044f3c777368f965763742ab86a3720208c64801c796f6e3a1c4748b81e41ac58dcf6ecfa0453b18fad7e3473604f57f7da302e1fa81ad538d4a0280c4ad092007bb9a7a12907227a936871886c699db97d00a1966fdef64d9f3672f1b792c1edadc6781b391c91bea1bd7275f30859dbd1707b1f554e49ceb874ca06e92ab466efa7eeb6990667a27507a7ba789e24d593ea2af8eccb3862cce58daa63eaf212bdd86c01ed471cfc79b191c481ad773d20e821d18af85a7049034e5a9c660357a4c2808b9a6139f32c55c13282b8d98904f4f027d438189dc9487c96172e50dc1100ccc224e7374cf96ea6731032c43fbc9b367a4d1d0b31aa3fa8eb589672e69f1d9144114bbd508d56c2049ecdbfd7b43545375a099ad2885353d8c550d22dbb738e6fe3f104b444c89475a2cc24d7887daced8fa05006c02dfded01c00707e2ad04c41199c5decc1eae34b0c0abb5a5beee1b5253c3350e1a077682767a0b9124a4df2e8879366fd37fc04d4dbcf89883892f46a65ce3aec22123cbe6b3af6364df1f9f5f9751bc8179b6dcc5c126dd65feb7d11a85994e90ab6342834c79c5f82413e88198c73e932c66e3cb60b6e0c0cf438622e5dc5a1036c38afe9cf13559044a9e90f5fd72a3188ef6b1043f5f4e6b40ea51f6235dcb33b3099b2d8c2e02103235f0476ad51bce6d8a2934068549633e521a3ee4c62c22b042fb86c13c8da849233205a5e277aea1129678c31f5c379a71fe08b72fad9449cb923126dd465d1e0ae8a925374149b8248b3afb69f168f3ae701c00f6ea08fe07f1b5338ce6af2f3156ba6f300310114479f2f6119367c88c12c158b84be13b9c8c7b5dd7c90edb5b3ea1fa5927a25ad6d5596992dcd4877f58a134e05dcd80dde4fc2c2a680cc0ccf3084d3f4970e3603fa6bc5a180fcf1ca4241c0b8a1e7c607dc025016e297e2b0645de4ec2fc49851b9374f3ef99edd897c284a67b647ca8c96fcef935d541e9faf334043ea50b99fb8819ecce039227b624e52d8c20003b5a43808e4990da8e4398c4fc172b983351fd11a13dcd2aae5193d42d46e1b57c92e3e01d23fc968c729f3782d6c07dd5a17af2bda96735c12cc7d8023629fb0125e974425f7914690a7ed26508343ae58c8a439ebb6232049a194768d4594f5d65aca37a5686c2a86dd04bef35d74e0755937ac0ce3ebded1c00c8adabf030e5e4a5f44193b62fcf2f1bfa9dca2a25afaf2f1ec06c5d17ef3526d26d17af3e2f257ded24b177ba41c0ba64fd4fbd5042fbd5961a105e0e9f77f3db13c1b6c5bd9a9d04801a5c00a4c544218a21016c65bdff774a44b1d05256e0693e14d76605d67bd10048d3816caf31a6d10886c88c783538bd93e92bbc4484f3388b61adac4b92b911c76ebb1dd11b7b4e40be032bccff610068746f41e34a1fbfbfe5faf57c8a4331008e2c1cfd69f57e74379ac80eb6769f4ce4196795b835201ce4ec85ebcaf5eaaec242fe6695cbce1d53fde5b002e006bba8c8a1ee57da061ceed0d21bdd57ab0cab9e46bf3764d9a6c3ab19736d43b33f32eb955f9174ee4a54666e7f19cefeb49aac7a59b7370d9ae730b7bb4e08413222f0a66bfdac252fb61bcfa838f262312febfde8add8f6843f1d64ea3da42d4ef986498604d65737a44f5a099338520cdbdb65ce73b110dd4bcf8592a4adc3e0170b13404f99f0ec8f9fb225c1275a921f09369db165e9109dd5be472b9bc1901bfd882d264d9ed8d88b4c8f3b35f88b69e3e4b8ef5debb895be536a3af492d968dc1caf31879d672f70ad9869ea98335cf9e4a2760f955fd3e8099e4b2eb4269e354548f9de9921e50e49f3f5cbd63468b9db0cfdf17250c8f13535d4c0a1f21c87967cd798fe93b9b2960447401ef90db22c3adfba0f55f5585ad37040e8d6745184dd536d5a26edec365bd6edff1bcc616cdea3bfc8b9d98c0ef9a626054e361194cd05b2287612399f6d3d3be2f71555f14ad2893af6f60ab61adef663c3c2464ade671dd5ebc71935aad290573588fe6e11f48cd2b7db62e4b9932890d1b96e1b83eff70f026d199db75fb1e83197c937b672613c66ea131f485b4318e27c079b4018d4205484993bf50ce70275b244f2caf47cb47eb2a9ca59afbc78809a912eb56a4bb65cae4694f682c6329c690003a1c355f779b5857a60091b1c3685995a366cb43d753a704d3e59c5f5003c78feed877351e27334b3fdefe5907edd9eb25588a42248b9c4a93efa7cc63bad1e5900b95b70436c35eb85cc8251c4030fab9556920141cca24d6acd3122b92b7e868dc174bf071117958a4797fc90866aca685f1456fab397ae647ab9970348082bd74865bab7f248568db98ced7ed84e8360fa91afde3f23509e6b4caf948349ad9fb6a4efe0a0468302cae7a0f999195af1c19058669fc3b88b2780b9075dc180298498caeb7ba0cf8bd42eb36b1959d5ad3ca6fd1e85f76abd27ec5fb637ee38173ad7d86304d5708b6dc8817e099e77f5d43c1a70624cdb96e4e6103bb25e59eb51d894d1dc533a74005bb79cca35b66e10c61d06b5227fcb071457025d605a0862218ca252b871f8343ec231dbee15688aeb914c0f16ebabe6edb0a489b2bd10d4392c6f1863bb6a62181de7cef61997ab02f3bad0a893cc0cd8a99cd7b3f7773085f0929de36b5d124e3729140c375de9a2d0cd9a360cadf17b9e45b7f2adbdff9e75b743b62642ed67aa703b8ef33dcf51a50edc7dbab42d3d2b49badd2457a9f92847aa6a60ae2beae457a5fce1a9e485ecf907be22913893cd1350f20fc6c81c94be426eaf01864e813a03e4674491b61516bc95d8a77c15f03d0adfc4adc27f27a5ac4165ff6518eda1a5c408708f78a9e26b834179804a312148d4f75f21a77d78387139da40c0a6293c2a59d0162437d68504f189ed970c5abb9ffc6d8e1be2b0877c7f24b1dc273b1765bfc5ce6f4b8d99a96d5b1c92ee53a39f685b304313d909c1ba8130d20d51c824cec420b0315229df295f75b453a6c131afaae0c36d7c4fff70623638a4f7ded5eb7db58d95deb6249a29b171d8ce651556dee8037bf4ca74453a4a76aab7cc07ba44e55de57dbef8542c3851ea353fb8e259ee89bbecf9ce8d8bd6227afc0028afac48a7acd9b4e8cbe982eb1475917ad6be4cdca9cf6e7cddd971b2924f2bb730264801685d387485e41993c3fa0af9987e8b52c21688fd9a9595ad8d1b9f41e0457be18492aa09f69e64e2954d1ca3cc1d32b2915cd9cf6862ca79c80beb47347c4cceadf48a37b29b1d6de4e94717d60cdb4293fcf170bba388bddf7a9035a15d433f20fd697c3e4c8b8c5f590ab44aefdda94681407008ea48d03ff21e9bbb4ae7a9aa37c855fe3537c44106e8079f18c24d2584474bd4a99367660ce6f7e6d7c294961e174366e7babc569d5f80572a21a4bd7086629363e0c9ee2599c8b8863c96613ae6c32cc67ccafc66e1cce79654567ad08e62e9abc99e44d6a79ca4d8de15b7f8a763a4741676af0e1f3bd4e002c8fa1ebfbb3bd3a65ae68a80c230422f98f6e1e9837252e045eafd585ba389958297d59aea1e8e1f665fcbc5f7ff449996aa712dc0faf582cf3caf3dbae80594f9f07fc06de63d9d672d14d7ac4662b4a54f40d4aab2de766910be2fc7f6f679b5708790b5376498d3baf0463dca2f093b51bb7e9f3e7033ba0384af0174becc3bb477bc5e86959a12a5e8924adf0bffdf5e5b9c1cf24d232881ad5c05c5c0f50318ea83d8683339ca6a583c52198c00f7c1abbda282e7fd3b179297338ecf9c923a3a87a130dfc06164e9b4c1fe11d51b382643de44b30a6831dee119241d1b6f84f2484784fdf65e41f78c38e15fb4b00e45df1edc40e3467cdcda351a4c0a0185ac4649e91024377e1c331587a8586cc0a4dfe29e14004c3536d305f5dee0eeb8c2f216c1b8d27375b239f6458e08980badd6d82e9ee9e007578c0a3b48288d9ad0ec3c934a99a8c5741149af937dc82bdb545df26428b87fc935c05f1a4964a8408539f267e23de9bc498e2a4b0083cdb7c8e27de6252bfaf680a6d5b7ec1a6dac6d7d537334a95f1553324a0739414dbdb50445a767b0f589fd4c33b35905577ef5a53b0f097191f9cee4836a908748779941de2a78fe1bde0c2efd9f48cbf232ce101d9df93d3ed40d036ae7aedc3a5ff619abd1c159ca8d2dbda7de13b4ca62576c7f925c52925eae2d7500dc969fe14c0a335ff95a7df1d276a6f242765c781208d59edb5848d412b11638b27ce5a61b8209075976c2a6aae88f6e6d8704fe9e83b425dec4defeeb3cd311b8c5a818d51f917a8a4525361791d5c4fd5d70704d4b9fa9df1ea119882f400e682753a41931712c043c120a98f0fe786a600b47befefc9d64cc5bbe8a16c191490874e258760c9e4fd215bebf848e0b4d35521f53ec5f9308644b785171fc4cc3ff886e034bd833d59dbcacebdae8f00e43c151bcb24d1d226d1cc19ecf349361530a81ba3168af3df5536fbe52b3b93621f57959df298e5b4d3c14928d2ef7b9c977c7dda54242d17f8661978a62d94d565b00abc199790b9b25fbfd4a3ffc35c95ccafe35d9a138a2c24d17f06ae2cc376e822317f16fcbcd56e23f84ec135dc935e58c61b34cfbf5a36cb00350483b6bac786030e5c5045a6b61c9aba7dfaa4f7fb21897539863ee865ae061a77c0359915de3aacb3b5dc8cfe53c4d17b393c2b6bb23652f36390407922969d510cc97b99d1df4361530aef10707d7a021b2d9576b2d49ca88b3cc83ad1baa6d88ef8c81c08f8baaf515637b21ace9d5cc8fd9fe4ca6c3aa129caea7060791d566f4de8662b90f9e5d849cdadf9bd23cf6737b07ca105142663c30de27adcea11d64d433fe1ace84b0f6917c8b655f2a421602f07e0a7127e61ae9859c5e9f652ec82416fd2566f291f417ecdf99bf3231d02864e2e5a1cf34c13f59de9aa2760d8734bbda79576c62f566b8269990e9384a41c1634271acb4c7a8b768f276685c3a8c7f20872e56b683244b1af562c3e7dcf592a9915f44f886cc2ac5f679c07d5aa1fd69cf3a460f25c722073da336a310aa551062d92c7297002060072af2f3500b9310c239bedf45c5e985c2e0d60c7dd68522376dc7b560fb34d1b5089450c32ffcbff07b35a96bb6fe01259a06868d00af697f8bbb238d03d49570a109181c9576c1ea9d2ee02000cc23e63d6c93c6cf3050bbb15b6f73b09c25da62e5abd4c2bdb1110e1f25db39f04885595cd6a388c4726c8d4cdbad87d80d42fcaeae843e2e17f44c9aed25c8f6f9736c7ba1bbd3b839126de40a930024a65aacb872936e446114e706a868444cb140e53d976816983f3dd1d57eeca01eab8211b7aa8ae99d26e35c06ea4b226e0a6e52172a40e7f0df5f67759ae2ee026749ba10b8e33694c3e01a001526f9d75f6c419cdccece3ea3f78d69014e509c741214581034bbc7e2bbaf76db8421154abb2233117a1ffe2786b21424576e295c9baef262e80fa2edb69aff800b3ea436eb827e8adb73abc48d740b86c69d557b16e874038598b25f616afeb4f4a900be7dd0d38b5b6fb4259c51a3aaf4748d7a445f518485ed72b25c7df8ed0906b74bd29bd6a5724ac3a503c990f3697a5db484821f68718470810862728a80ce34599a41fc5bd8bb46dd845a4812ae1532c457ef4211d0e41835e5a6f030247614822571c930c727ba397e723d6b3aeba9244f054e331c82e65b74c9f6504c74b4301499a1a6f6269a3352aff57f88442d4eda42a82ebcf7776c5629f97d6160bffdd8282a40ce2e6375b161e4c22ee53bce7a45f4774aa827e2da657e1a1bc07445f0bbd770b7a5a25b1b469fd58715510dbf8d97af4e1b9459a20b08a8d3fa9d92feb32db95b22d36de0bc8b1c397b09970a6826392fd8392b2d790dcc1295888f42ac81ad213c7328b2324b28be7cc1f4fb8414a7785472f1dd3e11d66017b1756d1697be92490e15f056346d7e9126a1f35fd76cb016fe2841c8996a3507c4fffe7fc45026df10b03b86fb6cf26e8418926a030b5fa62748fbb728fa19dc2f8947468c1477750771e442e4a9d25b76d359211c05df788ade5b7824f8770b5dac0819737dec916ee59b28a49666ee8b7ca81386eec8049542f18a3207e51bdbc291470eeefecac385c096a
+
+[L = 32]
+
+Len = 16
+Msg = 43cd
+
+Len = 104
+Msg = 5f75a437ce0698a7d8151c3fe0
+
+Len = 352
+Msg = f88bac738d1e3e10f75e46e3fe026d7e423fdcf3d7e4028b33a291bb4aabca53f780fbf99e0346d610d4a38f
+
+Len = 488
+Msg = 832e5b78a73a1012ee62e00621db7f4d248893007c6e5d6e0e689c6b291baeebc72df9cf10b289fe20e7fab80a2399271d0ac63766049da875eed56264
+
+Len = 13976
+Msg = deab57cdeb41974037a9bef5e292894038264eb4d8993d4d1501e6ef9c68fb0f571f57b0925640925deae9a6317e3bc4d6cdd5a0833e52fb48baca16a9ba9b6c8ca469a0555763b54f04c87d4e41aa549258f30eefe5a52d2ba06657a8773b0842e094857b6d8911d6a0636280025e56356fade362b4bf4c875cc19be0c6644b447be0454dbf390eb966c03e10e9de3487b90d0825d327c12495e3c89ad09c9d591e55c91376fb14c2fde9f7461fb25450df1a65806b65f3caf4d5c81ebc6e664871fcf915b9578bb70ee6776acc62205888dce2baa4024941209e81b4b35f0eda1bdcbd9ab1d6db6140bda4c41776fe675d5c681da5852d50c246dda4ddf9fdd7c5fdfeec85ff6c883c78689c2977584406a1ddef977606c182d6c33561c39c071668a2515e5aa6f4aa1faa392aed95b82ab32b79a15e3b5a07551ab068455131b72493126470f26c30b852e4415e1d8b719b3803ecc336e4facbcc5d1908851f4f39b776bec8b6b9794d47e5965458858560eed5a0305e260240c0849d93a19787b0f8c795eb5ba32be573845256ae6d0b0a3336e42a1beac8bdde6d1b6e0b6207903d4b105f4af2ef89bd099ded870daea2f170e03bd5f6f4490e60bc222d4876e16d4c58aeea6e6c400dbb9e9f4b2b142f0fc9bdeaf4132ded38a4a8366e107cac7210945fa2df4b124be37ef76290e5b9758aa3bfe0091bb0448206323584c2f833e0edfbdc0c33075fc9647a3404ca490bfab94302a0679a1a42fe9fec6af0cd98038b09ffbecd2832b579b2294f6ae5b96328fdc0a0b9b3a32cba04fa8bae3389c3951173bdc17caaefe526aa386f98670b177683d0b804c5875fe9c7afa233ee66349c9fd1b60bb0becf5e1d887e67fd3baf34b4f90d94699d18d6bb9d77d4af358f31edc254de2d6c5fe3ec07425c633b18c1b9e3606b78b40b543e1fd31fb578cf58c45744fc073fbf3c7d7d607e815379a5fc565892d81560eab8fb5f1ae6771b998c592e6d288014f13ab283d53fcbfa66e31a9d107308402191fac2cf2b799c7dae91b93a7676898b8a6e516a86eac58ed8f6d8ed2fd4d38031e4a4466dc8798b90c48e6adb6b4391d47872443cfaffa542b4b132f6c3408f0081af8692aadb4c9bbd55053ea56d8b82998f6b4b41d331891acfe6af1bb0d6679989978368ea463743b514866d2d01fb9950e8990867bc14f1db1142254adeccf3da812949cd03cd1d569e9d0bab7ca7405cc21096e3cd4d007cbb9629372e98584b4c6b97ad0bc314e1ab6ac71184ee555c01973570ed9b115bed956f9e4e349083013098b1e483f0fe44d5e9849f38a2f7ae152b36a266ea1faf263ea8c706632ba8629602187379546fc6b82e57ededd6d074c15c771754710731e07c207899eb47e8d7c72ffd768c36257d373375ffa06f9b3f0af11417f9ff9f9b44e1f1f96ae8aaa429af88b14da1da81c7bb38a0fe9372ed6a9ac6fb5e9e56b82593d94c5192904450227bf040b7ce0904789f979845e112a1f995c849ec3f7e49bd975a474e8201630f40fc0d80e76019f110ae158cd0f8da96ea4561f24237d8e795ebf52368218bff3e9d5b040ecd2caef4ab1e7127e53bfa2b3b4fb74829f9993ac703192aedef79dd9ad24c2c976638b4575afbce22ecacc273ba43379ed55ceeb51838b0adb80585bd1b5f2707ee16b67a7232adf7163415b24b9ff9dc94b7197fdc89e2a90d2b9eccde45e965edd064dc0d1eadabe11b8ec3aad2742b5d3323ebf913a92817749090c20758f98aef2544d4c8b48874e8936d7ee492d5585675c214deeb74fd67c4d170ac5e0aeefa607c6e37abd4f8238e776fde3921afab75cbd8f392d3e88da057903ce2e140797f4a85737bd89455e6aa27c7535687b78cd0ea59848e006c8de9c9c0cbc7a9f5e977be850adc710503ce4ba7c7bd0b042297f518abec6c8ef451c33e030251f506cbc3744228b6bb4dab86877d9e6019a0ea9f39ed37557b3b5527c171da5f013e0d3c480a038cff2c087d6e5d41b17e6c8f90c334b5e2b9ccbe9d4efd99fba1f907d00a49b71b5a08aedb644fed24bcf04e71be67b03cd20d53ccef8f854f5e9f7f28c1e98a8a53496646713bebe15a93f1ea336e6e8a4e68de5dab0fe880bf983eec75d1c5027357f6669e098411e0bc3ea2293138f5b34425f78b6508b94d4c0cc32ee9afaa409a26e5f2a1fddcd6d5ff42a89755a58b08f243957a2e208e24b055f51992ab447bc06876eba169c545fa71b88a0fc15d1e0be9d334a1dd0c86f44bd149b42c07608a9a30d0b7e13574f8d862f2ac72b2ed38904d7cab194fdb9e4dcb615f5610b24e202a36866baccac01fadb575df11dd43e00a3b92fcdd8c7702ea49d951e7dad2a56c075730b4af1ceda2bcb2310256f28312579fad40ff471336ea6a44143edfcffc297258d48bd2ea47efab8f0dc00f1e6dba1a55009ed627b7
+
+Len = 48824
+Msg = 5223e2fece634a95e1e7c83ad4a11a0478f4a41572bd66c2d7902cf4f94404cd80b1f58fbcb8eeba3984fd759410c12f8ee922865f363f684df5a8787c87ceb3086fb8535157f7f39653dbf5c66ae7219253838ec77cf1c6db518225c5ba0a8212e5911236474b8820ddcb8111b87320adb82ff553986324aa2a21c37ce4a083c89ce9931290d4c1fea933e31d014d7507a28e83aa917ccae10bed1a490e77fe501b299f8e3b78e659407ce1934d5d68c7980800746f26ffa9794ef1d23f793bd2eab7fe524e213e58280f441ba48b40162305335b3a480c2afeac11c27f8d817792fd7805d4b61224eb52d35c0fbf471bcaede505fbc9398b216f43bfd69b1a669a61d44fd21faae410af58ff95e1c3ff1528de1aba93cef56bff4d714d8c4cc88a4ddcda52444ec1208d99ab3fd9fde98c1ee6437d8d138f62c5f782eb4660c5eb28564b5b0d46e3a2546009148f3d02b837c5284e9f508290270b97b9b29e84445a0b4df662d9711e6b73c11cebcb7120dc427034b1ccf57d8e4f5bbdb84d2e1d4bc3862a2b51931d3c9a7a5fd6ee5f4c7327c338abd011af638d730141b6eafe63469eff50f473262e9fdce636eff4c5663acb6075a4fdb00c8b8a8d3322e1700a5b3e7db90b36c1a94991b8f51657121b442db6f890e208f312466778d73bfaa8cc0ead4edd0776155f3eddf9abb1bbfc0c94421adce83d7ee94f99f61e1f25a55fb596f8b40ccedbaa8e5e2cf629496f5ca60bc4cf36d917da4e2b973eb57869dddc409dd66d5061f22642743fe843defa0b19dfb2f56425abeb234181267b5c0d2ab4268c538510feb191bbcd1631b0af6c7451cd4c641025cd8bde2d9ab6e6b948f97c1ee6f35098d553e8e9da9b4d437125046864633f109d6a558b38b270a7dd1785d44d248a863a91e3db5c0a1d7ec133decb65e81c3402c98ee329f660a092172bf6b1a02491895394ebc506882805a6c93e767c0e58a5af717d950a206c0f0055cb39ed88816a9fe3613d15f608e486ac08bfa67d462d24e6a0a37716d3fbdaeb9c0e951c1e847fb884ebc1cfe707dc6e7269eed1c44331d5957bc4ac9dfeaed4b157204a3080fafb9df8917b8d15aff9c49cdc739b8fdc26a546794991c183fa523d14797e051894f48b0d62c2b70834467ff9c993b82fc1152c1f5479ec6144c7e8fb10d1bce26bd1cdbeec4e95ee073f3bcc3c7367328e30543d371b27509a577f5c79f14d5f687ce62b82f856695af9f7dd350543ec763de75b593f1859e44c2ac01ba65f98743cfddd8a89a38115badcb51a0ff5655f830c0122af6a830aec13ae5eb89a93755b3a5a6eca233f21cb12db545a24a5334becb8fa32c3d7f5805faeaaeea85a551fc62c94807faa6474c0d74cae79b5d8ddae07498fcc5b8b4f394867112ef5fad1c9da66765ecbc7fc0f3269d29c9c38817c77778f2c19b5a3c705fde9d76a4eb86aed4a7369a832ad267312903462397f7b8fecfa8b195cc2316cd53e48c3371ed2ecaa3e484b8ecd2e22b1aee910c51ed5d71198936266f5a00655d82c089f49295feda0a2bcc1a54ec8adf565acc3a8b2d74c30eafbbd843c59e67f293f6d8296cf7b611f01b57dafec6e2d4d411a633918068c38ef47b72ceff1fae772891141c3bc496824509d78165c1e4cd4b4989321a8722643eed69950dc120fa8da3e53c3181f252d7c4cd2cedf8f086f788ee77a98ab5b019828aa02108f49ea4a51f457f7adfd2220d3e59d5f4a29194e8f5eac40ff80312ff6888ff6393c3fc0914b08c1b9990d247ad80a441558db1ee1203e07353dd99a885a7ff5d791af2548815dde0ca1f56f89d39ef6b93dbcd0cd54b854173903c12649587433f0425fbcbddfb66ebce3eb4800dfddfe7fc44d9b23a3916b1db68c187da4dd13ff0157352814b1a792de7fff855761abc6fb7b93b48525fa90fbe3a51dea974069f3f5fdea86387eccee13f58a8eeb8abc6a43fd30e9788c3bd9ae1751b30a82d420225b2abdb1bc121b9073380be16107188d20be54f2e9c658d5b443869ea0e991c496104086290b6edcc1b656adf94f0d42458750fbd8d88040c518ebbb644f4dc4f7c6971d8d60eee0272df7b51a3d5248b4b264fb22195ad891fb6ac994ae5c0bc6714ae0b0b9a484edc576638b78ee89b568195a8f33ed8362128c30f9b0c7804b3ce1355abc96b15aa55c1e16a9e9ec90d1f580e7cb412a7e85d8585bfb950acd4de5865214ce4db7f6314d81784c588c1482d5f28c5fb62e7dd7aa8237ce9396ccde3a616754414cdf7b5a958c1eb7f25a48c2781b4e0dba220f8c350d7b02ece252b94f5e2e766189c4ac1a8e67f00acacead402316196a9b0a673e24a33f18b7cb6be4a066d33e1c93abd8252feb1c8d9cff134ac0c0861150a463264e316172d0b8e7d6043f2bbf71bf97fa7f9070ca3a21b93853ec55ab67a96db884c2113bea0822a70ea46f9ae5501eb55ec74eaa3179fa96d7842092d9e023844ed96f3c9fc35bbc8ee953d677c636fdd578fd5507719e0c55702fed2eaf4f32b35ec29a7a515bbc8bf61f9baf89a77aeb8bc6f247706c41d398cae5ec80b76abc3a5380001aea500eb31b10160139d5a8e8f1a976dd2dde5ce439a29dba24d370536a14bb87cf201e088e5e3397b3b61477c6a41e22a98af53cc34bc8c55f15d7924e7e32fed4d3c3ddc2ac8eb1dfc438218c08c6a6a8eea888b208f6092dd9f9df49e7ede8bf11051afd23b0b983a81bcc8d00f7d1f2b27cb04c03aeee59c7df23a17775ae5984eda788eb2015680ac5610fb1380b4e7d7a9cda6178dca98690449f5551b66ad2826cab2b662f56903fc95b4611bc86f7a834a34ddc3be7bf142c8baa096abaa3cd51ad0c0b6d15e590eab9e50a4c60c91061f1ed6373d91974c1ad9d263110a0d43fd8b596396cafc0ae70b7ac24a59bba090a6994ec483db7ed4c572f723670a11c724e8ffa2497d8fccae37eaa1d14ac1537eaf80efbd2e597b2ffac97f2bc3cd2c4017f170544dfbb0d9109478fddf06ec0981542bc8107a725be25070d2cab4716f4edfad75fddd582ebd363c49e8efaed9a76ee51f22304eebc232a4f67f865b04f610a628fdb317116666785fe8ca30619a07c83cc449855202d687f162b12d93b63af6e7ddfb7223d4ab998a5f450523c1d521ab76f4aa113cc2967e04a38dae07c51c2d0f44fdc8605c3c53ccee91a2c73dade5dae021cbc87d5cd6e5fbefb65335827311fe1e91921ecd66b2055a6102d7a976308a80c44e6d47a67718c84f2112d65486a558f1f269b91d9f47e3e11d09c0c748625bad2718e3674898abdb19d3644bcdc9317c09a3ac02f514b2a57e6a706362e5f6e8fb16cc83daea0eec85fdc8c367d84c9230730291440a4b109f7034d510a3f70a22dd4fa69e8b65e5fdf87045d560eec71f4e59531c7711d4f8917a96e22ad07346d2f92a13fb4569fa6a075da6e1acad1eac1cb2ef19ab452264de2357c927c6dfae6598cbc821eaf3b8da754ce91a96c702c95b2c308bf3a550cbf4d22d417745b5f17d36608feb826b862747c59d26a0e8eb96547a1852f9fbd095f1c5d20721804941d462f3ee2f0876ee2825c8df24c4f00f0844e50588ac688127013df8eba3c971362dd255420649245e880212cb3d732fb82f866dda090040f28e09cf1c86eea5dc4fbfc373eb69745b4afd841ca8e172d4a8510e7698345fd4cab9ec2ca0453a274720bb2d2e5468bf0d0f85919dd762fe3df969e6c071285e25c2e2a49659b8a78289aee655965bfa3cbca9b292a19a855ec40293185354ff4da9451ccf98abfda07f1137e79bc89d688963081dec641a99656b040637402890f185edb28e7e6a2f65848a6af158f90eea440aa6246a2e6c31f5d220b9846aae2027afe5a7caad6dc16b56463367cd9e73bf22a1d6172145de4565ee369c55e3b99ccbef70fb080a3748340fbe8f6b95ba46e8b76de5a3c4bedc37c55ae24ad02267da26769a3a732badac2e0f3a5393028dd54d78701647582cd04c8310e9f1ff1b433125229547130e1737a1f33604f0d670ea7221097c3eb9c7fa4b8293d7b429af76191ea8e481dc1da31344537a09b33404d782eda1d6f5775500c1d8efc615778baf0905d9fcba1806ef986c40b1c6a72335104376b58266c36f5939a8b95123e8635c0c95e80aaeb97379b1179d6332dc07539b595ec32eebd3a336a1128f3cf2e2924db6d8504a516b62f26d012b7f75cab765c8374a3824da5a405746023b51894649ab422d636513ee809fa181d5b6fbc63351e37a1b14efc8f739e86ca78ae3e280f1c9e4824b2976ec4dd308ede6171a7474c7f530128089bbd75e10f9e57ee17408b4384f99f886a5f63a2320a9b90eb9bf692e1fc449171eae3bb1bb17a6ed937ea57af3c82db84e073b5306683e1d63705b9742a085fb802cf5a1639818417fc2223f476c2566351f4b3b17a822e11255f3c3412dd39190e200727bcd3f9799519ef792ec7c2b0b9d0e2dccf013d436dee63483c2ce83c15c00a76c4d894a60cb90366ecf9e61221ee8bdaec66d715159876d8305b35c81f96ab2cd8f81f4769e9a6e439c08c329036f5d2591ac42f2747bc0e77d4e566358a3271819b6003b290211b9b847ab70e906aed9f86cc38aae27e1098fdc3bd5d84e66c45292183f198bc329cad794aa4e430534511b7d9a75104061b409676a16c1146af0a286e2de8bf51c4a35193581a902bd3224cb9257c961989042538092af92644a63d6d6f6872a29aceca39341ad29dd22354812c4b7c7068b039ac9ca7e6358e662a28be001d4aa697ace540cc3ed3c97b98d8c5a6fd3543ae9a7962c9229b14b0b646229807747064be3e83191cf24092dd67f675638d9f6510486379f47f5eeda870a3187946819ec9ed05e7b325bfd0eed5c9a0f4a2063d63c1a8a0a309f586c94d4a68bbe860ae9599ce204c92cf9d92cb460ff99cff9e5a8b3824786360e1e1861e71158395faeaebe7aa2f61f76190f174aab9a313f0bf4f1befbbb22768b8c22719cf3fa9ec908b576fa4bbc084b1ee5b5a7eddc89b58b45ae7b421d38215aa6e49304323eb4e202655f3c8b16ebd6b03058e75a907ee63fcf6aad5eb96c1e5faea81b88b5eee525c4663af52877c0f759432913b9d48030903e7f9f70e851cd4e20bc56aaf36cb02293d992b38b583b8f0b25a08c3303d8af5b1b37f5127f7021b13934645ef3020e5caadc5e7326ed4ff56f797e26cb986b6512b0cc76f1d8e7be44aaa88e12cbc644f14a7feb979d2ab66907063c51e052d0f8b25d827377fecc5111be0d365e08d17f559e3134cb9db294f1cac03150f4232f853ec15ecde55fd1023b58e83934869796400088e9177e85a2227ee45addd049c1d6b03e5b29dd570496fdb2fde7d8cc74fbb5fe76266ebd90a3b4d57e6e6cb9f0bbdb7ca03ae955915768011c714c909a27ee20135927af55d4feaf2c345d029a54af942da6f85f2103345d059f66864e6b0578111e2ddd5a1cd8bbf4ae35b60747b93f53ec8ec64c10cf4149909b102a2b88712ff3e5ba3611cf96585a6b36fffb64b8c37a114d6b16a53879136eb0b5e003a5a068e3e8422a4fc8d7c77227cce64ebafcde2437166b62ccf486660a7a2ef37012ebacca26ecd5bdf363feeb06aee39050974c25d6a564594c67f56fcf7ed48b07fab4e25ccffe002bbe460325abafe37f23dd9c145b4667f146a1635e462330f02470b35c5a2519f1350c02b263201ec9026cfc57d3659373910e878f2b6c1c5be774df8e01e775d476956c257bd0ccdec17ee939c46e5653d5813eda752ba7bbb245a99a5db1ae55d19692074c2e5820df97c502a4bd1b12929e1be8e9ce6d802347c3e9c4202de6046436c05ab55b2fcb2c227adade6c2046d98102cfd0d859a91f8104eb9f6f155da2acf93df2405bf2c083eafd3ec41d60b810e0bdef6298b21193642a9c0c646bc6771a5c61a25604d96bdb727abd5a7ebe4ddb2a56a6ddece26d8007b26043ad44279c3c8ffb7e6ffb3cd4e10ea2780f509a8a9bc31f99a7e66201195f1543a0a020f754d9a665a29a896faf673df6811379579891374c71b2234fc61e95d4d46f15d44bdb4d7c3b3be3f46410ca46827b8cca976d8866e8ca33c4945d5c87b705588b78015b529843af0b75a7e1e871fd276c1e947d896b92e6181ab7e3ccc7077bb57fe85a6958667d3d7a790f6cde1cebb494c2912478a0eca2bfaad62492e9f1caaa0cc520da08c0d2d910cd44255f4c2ca0646dc89e789a1cf9a28e2f99315d33accb1639cbaf0c94181b85fef648bb4cc7f66dc65b8e90bf5f3b763e58520098febfe7e47bddc2d9cdd5e40dbf4ddb8d51f51bde2e57432266d248d13ed09e62f66794d188f9861c50ec41f0eee30f76f4ece250956733ee97036098db41991a4a3eb7816196c8e447db3a2913bcd992174a7bde1f42d57c764b47f5bc09533760c1ba74943a0dca291f2746bc1fcc573f9a22c72a5eca347b1679683fbc8f32b08d381baf67b7266b14b3ba46a04a3ee45881ac452f64df1bf17f70f4cf9fa4dfed9ae70184679184784a0451d2f5c19c02031e0e4957b4df68b4a069a6f6f6458f6d773924a1841ba664a55c2c3187dd33416cd410e56e4bf8d3671cf737bf67df2a4cc4dcc786872b9e2dc4009fea0e48a749353ac053d80e36357d24d468dd595bc823017c015d7450fe38149370c5decf13b00b6b0e0a2567ac08b45f7b0c8a7c89d227219d051d17a706ccbea49a42035cb327381568eae23b5e2a3b7e8beef6f260d24ab224827ca8ee9d640dd23eee94ed02c9e26abb3053cbfaeadbb1f365a24d8769d92240da842e0b361524020b5c9c22a2fd8602dc9600aaf02b35344309f6bb018a94d4cbc9639ab7430657c4046f0b25df517e31626abeedd58c2e19aa0ae1a43ed2bacad91dc04a2fdf9cc33cc420f4f04379e95988ab36731d5d5402d89fb47e826f4243bb206124364d63564a0872f8d2826eebd9046c7c6f2e7c951e49d4b22a7eec89da1fbed890d63ef15f26422185143c89da3ee269f83e1de11a7467822146042be92295a585e3a09e720ec522e1cbdcb41acf5ac45ee892677ba3ff670d71339a76ed98237be252ae21268e756f05ba0b094a1803f9da84a8a05d0ec9456cf565e1b548cae95eafa0fb01f091935e6eff2413bcb15f605f15270408216fb5b41ed83dfa1454c522375e35bdefe54275f109d0ab450636ac4d8e4d9e27f2d81a15b8cc5e98549254a1c9162918db3e399118f5864774a9d6a2347e1315753071eb1204c8bf5f52b1a0da37e484ebbe545fdfe6b031215678c3b83a19a24d7b661f626beb01eb82b384f02f42bcad4f40addd48db8a92b90d2297e6143702056123286617f86fbef4fea940f648867d790b8f803abc5f4e0e3f4226954c296afd96e287e21b7243d05e743161810da578096521805edd81f68a45500f6a3a1885cb1f45cbd399dde024df65072eb973c827fca13eeaa3f140842016f509aa9ab4603d2457c92cc9aef24950697a0044e3d7c483b8d8391886cd50dff8c2f16de3d6caa7f864c1b3874750781b2b78b545a94b4da0b0036433c6561f5cfea50eae9f5645302eef18238473606e9b9931880d0f6368fa9970d1ffbe59c4454bf97f4a5e8091801b53ee4a209e0642d83605836f69742071aaebd9d813b10f4ccac03851ee9f20cd1351f8e68554c9bc5f58ad19d474ca128edbf561d195e52ddf3c19bee3bb597ac2f92143bafc98bc09fbda6d18dd4ff2a93cd2ba17f54f75c32d3f141468c2baef4e53b6a340286dc2599bf7bb002aa86688e26f5b51a6aaf32e48ffd539d4f3f4bbf0cde2d20138151c82384f9ff29a634ab4e0103d93340bb9a7b0caa108bc7fdc88d7de14abb17e9efdad2b0f304f0bfcbabaeb1b9db75959dbf54930e67aed3a9c8309aa90506b6b9ed4f1d06c4ced19746e206e1e9b8879663bf56bf6c5c920ac5e09e6579b780cb63e1875ef0a731b726864b7ae5705a2d6d343a4a213a05928b7337a59f900fd04472382610e2a8d25383c9ab5804d609e79a88d70eaef3ea22d3aa9100fa2a6e98e97684ade9fe90d6bfc59dc9dec3d3d8db8990bc2123ba92e64253235e9b4d682e8aa04e23fb9bb6248a77c065e93249de829bb2fc5ea9e396461090222816bb29bca37bf86698fb995f62c50110cf418bbe2078a56c5f1ec9fdf3d0b09a719ac253b5bcd00932ae058b86611aff51c8ca8448978615854b69b0216a6eb8050ce199fd9a13aa0fd652570a1b187f61e6831b3a960521c3705da8c5e6c64c7b196ed4a49c2912d77b670b177c6458a7a49ecc1ffd8c57c0978d2a05cd1f1c7ac9514dd14b7b0933a52cefd40b6452ca0903df1f55828025c7e18109a6e0f2ab25724cad2d6f57cb5d894a6a508134731e9b9c61254f64990941f4faf97394b634b91860cc6ec346aa666600d323c849ea4c4a0ef55acbc56495ca004f3fca42ff0ffb11b0e1164c95ab89bf1db3d4f575ff334d4e0d7d50e0c54c422eac5ef78c5a3be95f2e18872540fccfb597211ec79d9d47b6cf41e385b9c2e92122167fe584210f63bf919c620d
+
+[L = 28]
+
+Len = 16
+Msg = 3dd2
+
+Len = 104
+Msg = 3d232201038fe7d846ac1bd4c6
+
+Len = 352
+Msg = 44c98cfc71f82215dadf494d68d1d6b92bb4eb81fa0fbf945a659d9aa2c2302b5c93fd3eedba31e479e29d36
+
+Len = 504
+Msg = 02a5c7b1b749d6d49bed302d9439f23ab83020bd4d573906f4190e74216ad33aceab775f71cd31092bba5cfa42f0845bd16fc1b8bed6434dedc92f80b395aa
+
+Len = 13976
+Msg = bd70deb2cafa75918308d703a6783fe9dc5e3d21de9bfeb6dbb1cd531ed5dafeec463a02abde302d4ae6ab3cdc2f0f94865e38339c88bde507ff71bbea6b30b9851cd8cf599e950b8c8e620c90adccba0033f934ca66ea0a936afdad575bb6235099beff1a632c9114a8045a0919fdc21083880eb05c0d8c489c7810aecef4a41766f67c37557e28a9db9a0d909c2b167ff7eba79693afd3ee3aeace38eb73a5a02a882cf89b123812cf2a0f6d5edd1d14362ce9c43257474def5cce3adbba8cb48e7af9a45e702a182dbf47e8869b3f99e953ba81628e502c60d4f8ffc551c31b3ad6ca85c52164839d5e9d493deee4d4b76604174bdb5655385d34ced2c1b09dd5a486e1f9ac501bc611f9d7aa5c748f496faecc14c6c18e1dfc6aee2991bd0207ea1701219955a751df43dbf66f57904675a0e9e6d7f9a0b8bb82a8f44951117ab2642d6671daf1e5d1639d48aff6a05781c2b5e8976653b0a164445872d393d30355acf0bb49bf2bed4265c9a3b786249afc7a438d706eadb6f90a7f93ad51bde6d2c8e6ff09dacb3dc67ba0d3030c54c8367e1e4280bb5903274191344610de61c3c770c6820a6cc9d826f7c743f88f13580ba23cfc00598fd733b5dd069bde7f10f2b8961c16b69761b0f308dd137f844a67f6054e065863f226141755b96645a291e3fa3fc853b2475fbe1d3b25ca22f4da4425dc95fc855e63d6699b311ebd5fec1c7753e6e81f747c808ec3f618f63eaeb1221075edff0532225c40ccadee304a8997c03920e7ce4e60e4df4d120611296786516dd4d9cdda2077ac52bce0fdf552e1ee89a0133f1f87a6f6f35f5c53958ed806465919a0a5fa42488bf29caf33a0dd469e13abae351d5c6fb1a800ee384da199c823c965d9d5457a3ef8292c4d9b142e3f1fb502da498eb44d95f8c85bcd6871bbdbf004bfdc09ab35758f5e8b6a0d0f366c3b255333c52c8fcd4ecb4536b5f6e72897649f3415443612d72c3436505249a344feeb04883f41f90ade40af119014b3c56fc108f1ab0a77087d9226665d416cd975e9e4605529c032e8926002a70924820c6c7e264a794b2a3beb63d69ae56e017294fad4d611cbd0d3847212a38f22d623eabe3b884a36464d8814286fff52c4dd366f6c2abfc2eb865e0dc9ec6e55ca9d81f1b8cc47e2629bb162e54655bf2a9e156ab0bafb4b8ce96858aeea6e6665607a3f268036f4890dad759486b15e3c9e791429ec8f11bae4ea7c490656fdb0551dcf0b0be017c08bc674bd97d9d701c3ac955e2941ba7d5f2ba122a6f0c1b164b1caf2d50df111fd4287e9e195d181f6f514d7dadbefdd4274edc234025b727680576046842a834b6ad89eccaff5c5209bb91d652357e3750d8bb0165572fb71d09fdfc60f6b1e5d868c67c0edead427e7aeb734e29b96e03ea174b6b1af523feacaf6bd745ceb1bdecec9251958b7f521182daddf62ff6c4f58977adeba81c616ff2e937ca4f16eb9c44e63f9e974709122083ae45524ff87d7a0cca33a90f09b660db0efeb393c61967de2564315827ef1cf42b71c0f822f471713c9d885a3c3281d7c95dbc96f1c6dde0af70ea11232b00a2d215ec8de8fcf84b6193b6ac9d46de660361aabed3371fa44a6f32107f3854262eac355f9ef98701f580b4649175cefc29950e7a0eec958f629999c4b0a98fd4bdaf5c0bd97c963b551f2220bd41ec00b8726836e949e818a49aa1ac5bf12c64fb9991111ce8be3e0cb9605f753dae1a4c84389416f17fb66cecba45d591b22d64e5a4edcde067a088d9ff7f5dbb9dbf324510000c55d50f480a640fb22da9b4862dd81080d61af9560b601edb5e3346263f5f193df97079a27e3f9876078b80ebdcdb17ca4c50aef0c8329c72a7f77584cd963e105eea9c28a2ad4e95c1d018e27d0e720ea59147f59ad796b80b6293da8a55ed47e8abdd37221db0a5eefff31688e2adc294654ab0fddf9c1ffafd4783f01eb539492cb35a77315d0ad19395f47b18298a7b353dcf5bab0b2f193ff73d99310478d2e5c4ff1c68a2493c138818edef73caec9977bd4eda6249c8933953e06d796b288f78b18c343ef561082fd03bf92b084afaaee741de3004abaf746350048294bc52450e31147173f2da13d6ffc5adc718e149f9df3702f414dd3ee88296ae8a0106b071b589e8696401da7993d58a9bf8e5bf417165498c96b4ff5fd2b45bbf88f551688425122a3737ca54b2992fdb4d60957a93097222c3cf4c45dabe18b9d6a69e6f27567d5adec489e4b6812c29a8fa52f1de642b7b0e749c16f54473ed5ca2fdf2199e885fed308fa62a3e0deb7e0b8e439e25b3e9f95d755fdcb7ebee9d73069dd57dd1cdc5145205882023b54f2c9dec6cced9e3f6d24e8cdbb8ef121b8f3eded574d81908e867af5ac82bfb8ed60848b4bfdc1d998bae3a9ca80c1c49601d11a40409c62b1536f01ca67
+
+Len = 48824
+Msg = 5fd54472a44e4476d254c0940071ad42dc723354f76ba61f63fbb9df80d1ee56136f51b6982e66c1da83602fc08093506a9e2cf27cb92085ba5c627dd63f59f8850e91a1d86cb1d4ca38ad03160f3c584b128d9b21e935570e086d3815307ab8df396cfa0c100bf6cbfc0fd7a8258fa1a656bc178e02cfdc868540d8e5ad39dd46794a8bdc205e710555ee7421ca7475a4f3232e6a0cd55d4b5d4525f0bd7eb1e455931aeea6918b9fceb2a32706d31a6d7028a85e102f228417e2e7db68317ae155af70eda98c8dc1ecc32a62e294d92855354c1114c5735a3c81e551b63a81650107557f3237bf953989d17c65a0fafd2bb1e32c237f98f55389e8f8b0810e97e201914c487a68403c6d621a98ddc515780435564245d87ce462b8785def699f7f06ebfdf33dd1ed7dd5a3e781348298c7950a387bff7d1878731d7ac66ad9a6607f2c3a3b6843c2852a5e882a8d78ae9dce2a79d595cdf09626dfa6f1dba7d40ed21caa29e304e7dbd559a89bd1f07d84165dc259ef112dc6e2c5a3e82b1c50106983f6c4965c85073c5deddbe6323003d56abb0df590f69010981ab3407e43eeaa29c6156995c492c931fff1b686eda3741a0bfb9094747d1620b2580415d431ffd6c02245f6cb03e39f87e82834dcea59355b2ba663ce145d2514e15e2b2c60cf518ff510c6c3e2f16d2dc523832762ed8352a320462ddd4d6fe755350672038163d996b44ed3b85d64989291bdf39398cb996de785b9614ec5d4bd73efcfa37fd4470b17d6240b8e4c715759286b04c3d7d791e2689927c9f18320ff2e6bc7306c805e23a5de66eced5f1a630cb43dd46db515f837f6b824b99b86c10b6df7fcf22d97be05284edf0e0be597b3f9c63556db031339f79ac9e6c5f8a1cefdbb4b30f5bcd23c2a4dcf791cbfdd6460284c5af0621ab7c5571e40a87c87be459c85ec81d746930dea24f43bb11d6611ea83409d3bf4f987778d8eed1d5b246a2112ef78ef0252f9ae464810c13f02359441d289958b4766807d9a3be0054897d35b01830deec1151f9e3d42f92b80f4aeedd65c78c6e98afc562a3bcf6d72f238c6e94a38f2288ac7929a7a61c92875c1f115c0ed8d261a727f0794f17ceaa3dabc717478f6ce7f2e8b295f000241e154b4575bfac8483f6b62f9ef4e18f7d341a65faad5e2fc1ddaf2b09adebc155ff09e63d5aa5f95206e66c7f4ef2ae3aaf3ea7c93589efa8c552df8d203e0ea181c1703d7023b56e603f33b4adb9bf44f7af290d8081210f327a6c9b0785709346087fd090c42d2b8b2711b9a1a5173eb5e246320ee27867ad6c3eadc4407bada44561a12cf5d53bf0448308bb536a8a525eabc1410c3a34becee25fd6fda453251ec229b53751f2280e142c6b331daa659ab655b78cfb08bf18e40bb02b7f1650eb2dd4ba1707f0aafa219f21c29521581ce249e2e34f5656b0a04c00485079b040e13cbc038bb9f17f47cb8f908591b26bdc28538d8baffe4cc39b17d2ecffbb9698bc2b8b31b08424034c051b535e0cfdf07b7a0a54781e33ba739759991aeb72c0ed992cbe76eb8ec0ab12c182e8b049cbadd6e82e314f1bf15fef5ae95dc86bd64b8556766f8ff62c33492198e454e5ca59ea856d8e095c04da8045522abac865506096ee1cfa1082af08ca09b3533878ea3580b6c0c57a615e0ab768246b3eda96bb6caa01a2648068e21959f843d853e948588e8c0bfda364ef1f9fbd3235c27916562eb0214891eb55ae0e059f4bf7d1838b5942656c27899dec6d67b823a981d1e1e0aaff5323b0e3d69a7dddf9b12d7787ab763a3c7a2697ac65b655aefc4bae7e6444850ad2540d5193b378682c77a4dbf9aa22e517e68cedfd1ba32e3730ecaa2e3f6ae61a4f427d6e69071dd62a9bf6c860980c9d23ce1fa82a1937e6dc1ce3a2de096b680d23d89ee102912ac0bd769c1c02095678dbb00b4430428797cfb966b2f901480811e1b9cde358b6d499c9e93f0961f050465d7b0c70d4961e75a9fe40a24e36eaad27238231dae6d0a17f446c16bce7348e669be563649eba9f23be29adb8b10f462780a066ae573f74e51215a26097b02469c25180890e06acc53ab063c742e08d51359b0a39749b84b9f6be44f3ae3da8e5a2f340a8607d4eed08877d007928d332d6f49502bb5f416c46d866fc87477c58a22d3c5932a8d6298c1151daa032c84ad92f8f90b8053b5aa6f690d1bf682f314471cbf200f3d30959e07adc6488dd17b0be5279e727f3237b8b4b19b31a220dfe63882937f8d5ead677608c42a57217f2239614c521d94559290e3b0ed8055d5474e96564224f6ca6389b40a71337da11e1c307dead8e4eb43252cc2f1c49addb18781cf20acffd3db693b02e5c8ecc949b51b99005529e0149a13390615f5df6e0bcd68e1ca82b0173d25134dbf76dfe92daa085d3f6b1e4d18217df41b70c4c40101884c2886495f2ef8a473bf23cb47ab6533c93cb38c36c6dcf6837f1272fc91a6962b6e1386fb643e1f1d71fc75ab58d5800bf4081217cdce0c7ae9e3d25de543fc4444314f32067eeb147c08c55c5c8158ed11729837547f28a300eccc312260215f50e98c4e3d4170208a50a4a4def1243538f906df8476b0c46d3449be73866d463d422595300e160840daf8c906ae4aac13a64457853b0ea6d8c32f4efe3b48c0b1450250086d459648b0ab14fd3f341a4a803be77e56a811e7a26827eb0a1a9454f90bc6ece665904adaa3cdeb2c4847858fd1d79750e8cd45d8da9163784b8bd06629410502debfed5eca3cf8fef0fa6bdcef6efaaf35a1986d6fd68e0f436dca9442077a4818ebda4606a94a3c93fda46e7ef5ccfef656896a0d3d93566b02ed8c3f6174417cdcb99a415b0c6e9816d94e64b438c295b4bfd69e0d9ad52911de5509971b7370593160629b641d690eb2828bf363857983e3b9098fcd15e66448f786f196685d2ceaa251b17ad06dacd614d9fa78ce0a8b9c1c360b529d0bc1d17ba0b70ea8ac1b8d67f6e5770f0cbaee0b38109d26b09493060dc851f5fef121e83e30aab9c3efc2b8397e8362aefea1708f7ffa14d3656f7f7610f3a629bce14648a593250c6f309c02c6c552bb42984ac58db920dbc7d98f59295f37f3e9b99da55ef074ed65801b390366669b4c7aa1c483ffd23082793f9e5cbe30c34250f63fa3ea2cd097593dc67e8d27b7e4f07e73a9f7b33a5ef6962df1381a038d4f58fdbca9d71ccf640b917f631b75d4a2e8ba46c64a6223f99cee30f47c1a935dccc7f054fc39d3498c824e10cc3ee337e781a3971f0e98295aca611bde701c2359858914248f6bafc88232bbc27bd85883b00990bba7862fd7a7cbd4c86df049071fcd10d686613ec877758d83927cacc530bed9a596b5b21c6fb748c379d676de7e05719a867c9f934b5dad99ed97dcb4e70a9b6542ed5b2f086d9f56fc9752e788785ef8f7837a31e433438cf2f18f58be37fe8412f6d21a5c35000a5efb862926700079413f76ab2c3e79e20b516eba9d8c29897097bee55157936607cabaac41337ea4cc783c0809c875259f8020e16d5045fcc39ac796d11a82f25fcc9579bf0a010200f5745065175fdc15474ed514cc796672c59637c3c8f236cfc9c0978a3db1194680c58c27746090d76ca09f7c48ee4ee7e1d3cf0ea70dbbbd88e30e8814b57404dfd7c33727a0c84cb7bd468b0bcb3c89b526679c00fb0892d2a5e7a3d73698a3db53fd7d78460cdcf24ed22b5f39b8c00b3506541ae4a5b76fae29c1cd5b0f8c3ce142e0af7ae4efe3fa4c438a604bf4a9abb41e3fef1b9227a7dccc3f4d6026ca289b4b1366d9ed546abbbbd5677c8d582e79e2b544f18dc23809ab753313d84dd10fa3ed2f723f0b46277b8877d4f3e0665e88c50caf0f0708b746b736b00c8c83a7d18500384bd035996aebb7da8f09fd6af9b76fde7fbfc0ee854d7ec02950e76abd23ffb27a6ddf1772465016c79b98a61bd3940547b207b6507e32cb9761a5604f0f546834a8edac7ae06910045de218d761a4accea886188f947b57bd876491709028e2e24b075d6b022b51af1880ca16a8c65b7c69e51b2ad580ee058acc0606f0a3a9ea1cd4342bf4be602e941dc4bef1239bb9bccbc8098a6a17d63186c6fa75ec44b6e4fd38a3fe49c5eb995f0cb884e2f3ed6be02515fa605b98453ad935682c3bac6a2971bb68f4094cefeeaceda92dec803ccd3d346f8b40b48f8f489e118a17367801e85c79e9b3bb5d73ac44a8290cdbf83a154f2f125090d42e1a1cb72f5ebbd42da46c7a4d4b9fad9612a4c800de6467ceb74f831e1395dfbf5799a3429ba34754add4b34b5960a5fee8f752dae78450322a1ab3d7102b77e907fc1eec5355991e0c7d6c0866660e5436248edeb1a37c0e769a0764cfbb6354332d6e55103b9235c84eedaff918af3f0213c435c32ab409a4b5c7eed8ab6ca9e313dba459bcfa3ee92e7d669be0526856ac3c06a57fbecbba553a9cb4655a901d98af02b74098e478076655d325bd7639d73d7ae00c62fdc361a997ea4ff5b0eba33096b12f35cc7cc0eea62950b912b47c11b9fb386a47c4c15c0602d304b2541da889cff299a1fd415e7e25c70ee4cd83feea7e6a9c50c75d9b128458513d61ec5d0299ef8c090472fe0850f384938ed44d36f10cc2c1d31daee3f946a2fa18f9982a988fd6ac973b1569313ce3c8ff5746c4dd85a241f1e9dca0e904c091832ca028533a3e34c184edcc510bf22a27f530bdca3d057928a96f72dafc73a9aa6dbf2552598e468735cc5736c67a620e9455483e9cb2108045ad80569582ea93a53b491e528c8df336fb326ad74317bc1dfb8ec30a73af01a5dff3e437b7fe48ba5dbb3e8f01ae0c6fc28675a415f23a796bb6e0ef0efeb4b14cf20d4ad88ad1966da43a76b454dac8687bdd97b89b8f8eede91eb34ca4a0523ea65736ae39341fb32b9b716f25662a37382c16f3b9c346c84f03bef54acd6efb364c6401b07b3f7679e8e7f8c9b77b75e6e98b90f4df88460f1978d19744eecccb743a999aaedd00b5a94018e9d5a56bac9d5d55f6e93bad52e84aa7340cbbf98d56213d9dd3e1970867e3972dc98e61b3cff40b64ec49463ff79a41c82dbbcaa37a82b761f432849aa83a3d3c9a209e2207b87ae9ed9959ffced165fcb0d8873668c3cd8f18ba0f92f7acd2bf50416c22ce11692bf6132eb9f558dc789cf9776da94e48cf48607f19d9a11d5df4db11dbaa67a1d20e9f0c96f5956ee3f906e371c489efc88b0c1e56d881e7bf8dd5d6742622eb873e253dbe54f2e2e6d0e6136941de8c23e9a632727bb5f88c23170316c7aa0df28d8d07589dd6022828834f7ea9b4e5876a1704944aa3186dbf89e0e81767cfba03bfb38c55a9945209c4dfd88272c49d1745dce5ceb40f0a6713b5139dc2fb87a8a4888406d2610b7b910a9e5782ef0df719028d8e50a40a269dc9bee12157038522d06537bb31fc87d21af9ad4b2e7e127bbdb313e0a116010f65126cedadd4a122d15a71cbcccc346f55100e354b997154567fe3caccd50251d137c58fc3a2048dd5883b6af9248b51040c01a80c051b8a151a8878edf0304b5554746d6116b749221a1d0082ac925e6e140f0c3b6a180742ac8a50ce0e93e6399102f151d7c14000369ff52d0b537fdd51bec99e7271b1255c6fbc36d83408c417f6825a8e2a58b9054ab2c3ead69d97ea9947fec32d720653c123ecf51a9a3f0ed88743e3fb7b94aea59d0bf0219ee50825ef220554312cb907edb90e4d85f29e316ad57d3b90d859391fcfc63e6c0fd3ec27d4e1efd6e0b5ca8165cbd6af25ed8792d805f27fce308ca1d51335ed5d727558dafe05486a6f9149b8d3bc022026656714222830be582889e6800c0b170e48ebfd069e711210e4ac7acf07652a6f5051507de68aeffc9540cab5cdac84ceee46059ec23820c04b127266c0bf8df0d2b856be3377ab42592f495980baeddbeed3ba707a85dba64fe36941eefa8fd37204ec8c18df3852febd2b142b1c9a5cd0f9e424cd408ceb7788270899fd793db99ddb8f9ca8df550c513790d8bad37a1d1f4a62c4527bb64c677462c9b093582decea70c7bbe873095536728e7ce05d5cafb5d166a1f03055e918f787fb244c5857e3d7a1009bd37f30f165564a082c1510ed19bb1633811a76da70dac67641c2478c6b335f409ef54a2d0f370c9510d0aabae3cb998bd023778375cbf9cf5ef125afd584c11efbf40bb51839aacd3016e5e4d79f134245f952dbad617c78cb6f5712bd9c0c7e1303db5029640cf9b56e29329c3e6a9e0a2371aac1a437b9b1c4477ec9842aa80eaa22c5eac11b60c661de6ddbb088e844293ab8589c13d938765bbaa44301e4137148dd0257bd4c8c766c5d3bfe53671e9417cd1b52f622870ffd90f4e17b7a4ae1b5601a2edb032e353bca652fb565beea6fb0b2cdcadac71794c662677fb1dc81d116d94f5eced526b37c004b95284cb6aa2ac415754a1f14882595dcf4d3f1d905c6e8c12cf5a9d23d3ab55bdaf9f17d2f03f933e1bab89040753648c426b072b73aee8c2fc0d1c03fce2c656e20d4c96803fb2ef471b912267eecb4d6f342d3513894b94d77767823fe0c7438e51f21bcf16f0e98b94b23a10760271281cf843989824f7061bf834f93fd8d2090f70e939700dcb4d8964a19da39a9601a7e0ed9f55f567fc7d5682d55a9ba0e68861756bb549f2f17c10ff6bd2042a80477f89743d3d762f1dfaf230bb502eab6f4c46b26135ff3bef5faa179bdfbd288e3cadd3d88d8012706e19b7fcc6e9cc2699d3ba0e624e715599480d6b7dbc6eeea0d12a9236444b17285fc7794040dd40c2b2ef175f7f3641664fc9bb7ea6d7eb3489d504f8013d64a23aebcb5ce233405f5ade067dffff253f27e926431ad806703e8fab23656e0b7431916d8d4c72a7d831e3664e5f30839c76c8167b76f3b2dc75a6ef48df515e06ea54ca51de2fd9c5eeabb1610b7eef06a2f3167859cf82e1a5b76be8ed8beee2bba28c3b15af6890d7a37226834ec9f63306a0da11aff918753d8b83fe7220803c070db98195d6d18357233f5504a6e3bd6f30115d3987f93aa5d89aa0b8b577d1fed94da057a6f088233efc0f44f86798896eae9ad0b20c8c9cdd9d72a3f02213f6797800894b864cb44fed009440fa5b0197023929f9bad16f052cc2d87327788a68b9209f46fb4776b092d75713048b5453ccd699d19cafa8e9a93fdab0f0863711916efe3bd81ee71b8e0221e12e9ffe2f6ee1a4dc1a8de6e593480f3c05b3691e916a4a7ca51971eb2f0f693dd10f6b8468f8cf7bcce285938b5a0a76ef86acfa2990f88bdafdc39a065db17b845028ed2b7a9e331c44217de20440e406868f1eca818d0be20248c2948b8f4cb118b2e456e585949139270f57c54715f3297bf714aa7c5f72ed8ddf6a074703ffbf95e45bc81a02c42822c22d2b718f2de5e03d687a4b18d605ef5ae75f9d43c8cb4e77aaa0c0101d978120f29574b22f52783c667f7daab3e1f9cfacf2e68e94a24918e3fe2c4f061deeb64891b5217fe5908e7f389897751839982b7fb736fbfb1232684e93123611b7fc8fbeb74f8815b5ae13240051920f3b6ed34483ff673c467ed7f0a8fbf619796e485affbed0697415d2d0598ba34d5b9e44ffd12a5edc323883a2e28efe9baf860324f2d2016748503eac1888213926b0e0f0335a4b51820a2bd3b42d982ec6ce307b453b6385aed7a735a1e98479394147c40f01c532926e10e1b26a5b395bc150ec4b4daf5b1436bd0baa225583ffc9d9e9d8a354f60fded37b41c7c051daea04e689ab2d4e24d7d07c75c50ccfd6a527e024d1632246c6f40f06b86ffec0b29cf894b665d53d459226b93422d37a8da23587fe884dc3c0f2fb55dea296a9a5b9a0d101f186d9fa6288c912202547cdf958569d2cbf235740eed38d10b0025dbb6de31058e98780d22149c19d4bcaf06dd7353fd91cd1f47e47f45622e1472542be2f63f463d253617eafd4f2ad609f9020884905dd5c22fba53ccc619104b6c0203a7f6c8c26fc80ff6fceb8c0c51600c2e46b4b872e6d597511524545a76cb42278b519d911e6c1320e01682c551e204ccdf91290c52e0836167a5685cbb1af338eb794c10fac92950f3f7956acf28f1ca984e380bcff9876b0c71dc7ce4011d1d0f955da9ca885c6e7bb74c6194dadb0fb9146dd725c8a9574aaf3824b727c9be3fce59c35850b162c17d3013689fca858a0a51d81cf4f30d6a8705bbfe35ff03c34cc7c56aca32140d72c8e8121fc71353596b777b266d75b322c9a97fd2c5d4e2362f19c99de66da7bd9c495c03d9a15b28431a0c051e786fa80f5503a72519e6b419263d72d553d688349c0cf30918eba0622b953a0efce4415c29515c26ba15f00e548ef108afe3f8194aeb965e5e4be94f10df6c45ea5c133a8c3398d09fb80f950b83c1866a1637d2bcc195e05cc32a9233b244cc2b1d4930e66f032cb1163c37b3e58b576ab76de759569797fa9b8bb4fad66aaaa56f09c7a0ce4641d6799d7bb47cf684990ec1e08871458c211a353ccf1285e7429c7b8520180918f7
+
+[L = 20]
+
+Len = 16
+Msg = 8a61
+
+Len = 104
+Msg = 37487aa02b03bdbc6bc62e7e26
+
+Len = 352
+Msg = 6ecd002568bae3bf1873993041bfa292eb94e9ad092d8eb3585be82e8a20cb36a47a06e7a57d301268a4a533
+
+Len = 504
+Msg = f6dc1d2f6b8e126d99939664693d8709513f97d730074ec2794e536d94ede79c81f2b2ecbff3c2c26ca2d181ada2c60050997f3bb087ce48d956c18dedb227
+
+Len = 13976
+Msg = 07a6372c863c7d7c6764e4f05addbbe161762735dfd2d23bf268e2d603cd28de9c369ac379390473e1d3fa7e37af1178cca54fa0f782dfbe68070952b93462ea46c640d43ffe71f5fba42df98f4c48ada0d8aca8753e0731508bc15dff283178ae5c10a6ff132eca5dde63a78d3ac94685152897828eb25a55fdf140fd33fd4e7b03f283e201a1baae8986d25603fb0b2566aab345fb48031d648144dddc2e3556c0ceb1104f348d96ae7dc0152e45c625d21b46e70c31f250c858aec4ab2cf5e79d8c79b0854e0abf5330b9f044113d306161968f4ad6f0973160c9dc296056d5a11523ea2b56fbce8387070fccc639ec1c65ec663b9dc49aa880dc4ddd3020c9d44ff7e8cab6266e436af19b4ecb82010a0f8f9469ef380034a02e3f50051a6a3f233dcfe9d553459dc1bebc538ae0183448c9405c351271dea808d908480e61e9793cca111b4cfb9874b799626a1bd9a0f6e0929ad51b97ad81b2438f5fc255db3a3dfec9f0d8393c6b245b03d3faeb58021db3ad391b17a91174a66db4feef1b4c889699bcbea7928f4d29be2d47f76455c8cb1dc7da9cda41962a28ad8cd7b39965b809e7c7eca1c6792c1ce1c8a4cad6290170e91fcc49fa5ff64ab433b4aa081c8da2d9bbb072f9f18ca455469b946c877e3006b34ffd2219335b30ba2e0980f43cebfb629d0b11fe70dff28883ca012c6ae4855fcefea20a08e189eaeed7eb36ed6db3835976f4e60053205805727c5eec15d0e9f155637a9e66268b9c1c302bcaae6ae88cbb8cf1668a487cc996c4662c4a4e195f094cb31c717165e0e13718f8388957dfe0bf69c70cd0bd763dc38c530b67b9c12244fcab8bd13f602de848a2937699f9ef77944e5f22e3b470601789e1838fbea9359c733aaee2c7082b02ee459b7684ef9bbc200da4b62d368351f5520a65ffa506dc9b097117bb7ae88d04d85fb525e91327689ec0fe86971480c0e864012b1e9f044c7d80a4e48c07320dd4292086e4c71d4c98dd826a9bfced112bfa2beb1ce85cad204451ec45703931bf637d4fe89fe8f485620b7f4b21e011a232ade7a8c92be77925e878ae0bea9723749528fe83cf89ecb9616dae6ca0e8d5754ec6c92abb21108c2f33cdc18c6887c430b72c5b193356494cddccc577bd4c2cd53188f352846edff0c2ac7869cb74bb16a77c0f0f194a7a9477ae15abb890bd0bcfeb0c39381a87f1d05319c7e971c10e9ef687f96450b400e25b4285032892b849fd5db8649cedfb03c88defea063ee144a1ab1f3bf05f59c7db364dc39c11a446c3ce16307d78d50315ba29f5bb9a57438564c8c7b3e367cd37d74b2375a4966f47489dc5448f4979428abd32193d3840aa983d3020a9f29d760fc7493ab2576c90b1934b799c1d0d55e4f2caa78f4ce61930c79dc017c2dea0c5085d73a3b0e4a6f341e9a5061a6658af11e5edf95bdad915ac3619969e39bee15788a8de667f92f4efc84f35082d52d562aa74e12cc7f22d3425b58f5056d74afcf162cd44e65b9ee510ff91af094c3d2d42c3b088536d62a98f1c689edcf3ea3fc228d711c109d76ae83d82d6a34dcfbad563cf3726519b519fd48b51741aa86720836494b7a589c778927047a25d73508adaa401e9a6c0767a675e31c5556cbe35fadc9671359b45e985c3c8af84113989b299ae4474b85e4b5d4b0578ab1e8a2915a8df97c4f52a639fe32272cb91bbfb721505dec46d51383cb8973425a714245c2e37d0577fbe0d66381d9239db1f08a380cf609dc699698e0fada2caeda44d58d766c4f8214b10642b80b8d7d8add7cc41d47108ab7d07dab71069a2d982cc900b331caec317942122158bac6eac9175c2dcba0c04443aa9188832b553f5ca8c336880824d6bc02486a2b4c086665d276aafe3b1b93729829adca50c44466fd5b5cb977aa78fbcf5c0f0da1b09216468a11493ffb39efdeda5d669ae92bee2f2fb250aa1b9cbb11c36c7a6c6dd26cdc3cfd572ffd8c1dd72a13c27a327a34c6b6b3d80fc6c67c72152eec0c8ecbdc1bd5cb829b811e7f29af6d786f4e93dd4c96fdda295a6aa258d7b2fcf291c2d68e0b1866032475964ec0c6f2fa8c2d6a3936ecb187350def4e818507bf157c0e9b33406be7660605af14cccc9c799b4e051d0d0899e53495bb8931a6e2984bc6dbe4e02ec8b4642fc2f1cb5fd5a5520b48cfcb49e1f9533838753554dd98b6a1b8a67409279df477330e5f37367e06247ca5c3ffefd00e693dcc0c9c30754121c9ee88a574915b9e77c104fd2f921c2c096573951407ba9b440423d76bdc6fc978237a6e302cede7f99038ec31500884775556941f1edc30e3a417b0e02cb6fb5bfbe5cdfacf4006411287bedc565fb06f1be987416407dc852254934df4ab59edce476f3506e65be6ce6ddf91038642291fb8e92ba5b1f0b105670905a2c14796110bac6f52455b430a47b8eff61
+
+Len = 48824
+Msg = cd8490c93613bdf1f284b94b330f6d6f45a39c651d2a160b340e2eb696fc6d1c35e88872845190d141c669de92a97daa5433b1d7b0b899fdef2ce74b8fe72a7296a5b5be26d1dc86520367c730c7400c2fa06f91ab4c48a7bf4ae35a5b9acd5296c4fdf7451b0ad9cc439b4e34f11e5d7ef2bdda376f8dd34d6f092b219dc085dd4c4a6308b8808f588eedbbc7af7f64e83182fc7ca7cf4741a341060a7969d31445834c982fa8739ded4555108acbea1666a83da17f77cc42ee73323eb53203e3b790f81c08e94c44678b6538096ab7b09916e6cf7ceb2af85987f8e4d982dff1ab59b0bdccaae1f405a73366b5c5935dd0b43e2d2894290ceb66a0246dc02de728c5bba30255fb56ce8107c3144246c5156a8fe40ada9126adf67227fa56b66c37be63f532516211ca012977b04a97916f201f1baa2629eda520b51508ab4229df2ceedce406dece0110e0a911464f69e7be38fb91deba0addcdb3161d2799c628f5a57fa1dc37357c947681bd9c36f4832c20ac466c0c245de3b250c33282ea1a02d007f03b34ed427631283eb614db4d521f555136e7e42b4cfbee8134c63dbe3bb79b5a8b9f9f5b9f5ac61cfab1c54d197f1e3ba613f251eed616df952d691b88a16466343ef2d0f63882ddd2d55b8a6786308b2257f5d7b38af166bd7f1339d2d8899c9eda8fa86215850ba547450c267eb3c9147d96c38161a69d1584e521ffa23384313a1debcd37f72ddad02adb3cadce7ee34b7c1f42a15d0d030487daf9488aa7562845a11ee7ffccdb38b300935caa31f78a4ff3dd93403cf0c6a16ca611b58c736aafd33d6dc56f0f47878211d26f6ab801b9453a7f74b44593dae0f047ddbbf2c902891111729edec44f69a05944b18e7a601f41ad24fd6833da3dbe3029bd390de7c9841b2ee2b079b2bd2737518fe1bbec88da64769dc36e4a8bf716c219b2fe059d7dd220c1ed2c59878db5bf8b198e0689edee921ebc0cd2d3853fcf57c363050ce58071c5fda6ebcfbc1bb62e9eb956286291a108bdd4191c4ff47900d6068e1ea26b487649af119b9bb15dfed804836f2196cbe12d8fc86e3d7ce89b52ad49dc9ddbce5b370f73f512bedd853039366612453733740586d1372143b09f21dd4dbe1a2bfc308db8e4098c5e4b0c1e16141ee50e85fafefc4e2529b3c7252af37aee6f86e19df28871686107d7d57dcc812bc077602642d2ecefdd5f694b8f336913210793e4068da2178600b1f41cffb5221c9b4b6298afb47e85701d7b1a44241679d8996f916c81ff437261cfc358b9ec42a2ce16ca3bacb8690d6c1d91cfb3e0bf1e7ba45bd01606df856fd03c7e946f7ab371a89e1fde86d05fdd97bd7b1c583b04c2ed2b5f6815a460645e4e1b4e950bf6bd81dd0352d1048df85266f1696534aff5b1cbc17f15d82cc8e0c0d4f0453f9439094f8e0f7f4bc045b654d9a2f1f44a9c57019f63ecc41021c05b5380675cb56ea8bb691d79ee204d2c4edacde3c1fb3f4996a11d84b035f965e74009e2ab80e2c7ea3c84a834d4971a1e9cf423e4ea67ee526eb3c3e4c2d7372c4290a0741e1fcca5ae4cf36705abe98ac81e98a5419baefcaf3093a7e0449ef1021f88ffb7ad21b2677e41cdda12025b06542c4b2564f15e0b99db43b7c7020028bd829372122cd910227cb07c53cb58fd9dc620c0491f3e2bf883fe6ee8cb1f5b73767977d857e4513e8b5612f6ae4b56014e6a3ad2a065b65472212e2f611743484cfaef860999d1dc5608c58412fab888ad72bb87dd9b55b692f31e252daf8944ec5c02a5a9c23903c50dbd845f2fcc3bc9806af13ca7b025cabe675195b1d56f3fe7d7bca12530bcc0af217efcb03a218bdb6f9726536ea902c8303b02e3ced22be59753588b5f0e2f3419fa5345a942dbcdf3010465384a225ba26cdd0f1d74999c69f336bb6d01fae5cf81cbb8c1a7a29c1eb83ca6b51113bde56b8cfb6a5d72557622a37f039d090a689accd02b57c691174338de8e05bb3620c079705c969c58e56b079dc9eb44eb0fcebe548f5a31f4072a5ed56a2f03107bf40a359b2601eddf53cade66f294cfeaa40a0d94b9c90d15f61852f295d3911f8ea914d015885c8c64540a83badf0021a416c3e37b78236a2ecd1fce4114033416bdd3a36c18ec13250ee9c74c0fc4dd564b3d24a825802d5ae402a53bacace115ae3bbb329be79d1e5e42dbaf0a6446431145fe49b86a8703c7c41f8985d54f12e314c16ff89351d8addf66ebba2783f2d1a11965182aa0b0dd2de53586c5a695c6265c2b173958da648611090557bdebf11a1e042f089fe98e049f4796c60d26be38356fe020d9ace9008410d53a1bb7db78b52ee44bac364213f5c59f1eac4e3314f3423b92fdd7a6156608111ac6ddf58385ec1f3df12061208db98816ac948d803fad10d5ece2018c60faa13de5e5a9033745c824932e53f4122a39f635813545c1b74732cd55642f19ed6deca1585ebf7242c849bde981572a2199066e9c912b2068c8f1c8b936c43ae95c6e22bd7b80dfea05f495d751107da5928e806d0af905c87b5a0795df146af6580d8f9c6a0e2645686d43822ce9b4be0bd5937c097917e048b5af71c7e7521d490f107e9231ee5bd9fbf0727ba87774ed24cd52f471ffb71849ebd55605996515bdcfe95bb1df3541e7c42da4166dd01ec3597634aa6455d15fe14af435e8d7a55ff1682d55a2da867ae63d11fb3fd987fa5d7032ecefc35d3fb9570940e779e13da18070e6df5292f97f2a281f9598101102c955fe4808a2319c85fdef3d55b19e05bb8c2d3da64bafb67a53491513a24f6f0804aa162c8a7db25b38089373fecc45a0eaef65dd9be3b4b7f9436a5423fdcdb5a9b60138fc6a2261225390d9ae0d8ab7f0f7ffff69dca06881d33a637d634358abebb333df41151f239add91abaafc89070cb2159ce3a31655c22e4696c9fa7a7211d1251d4bb21ea4a321a3dbebc29d97f526251e40e548dcd7ed07587719a266f006179dcd22e50b3705152817057b097b043ad63b8d867edc20aea9b4c959ef4ff70f47128cfcc21e31f17978ecacc366f459ac1cc459a3976e4173ca322675f84f18036119ec2f204c3fb554a0b72f7e9d8c882ab147b3d280ca9dff7b9160b1b437b901f03cbc05fe05c6f44824b48aa8da52ae7dda1653fd500f9ccd221843cf76513b3b74d094f14d93a00d7cb954bc4cf2f04f9a35e38edcb1e84f62057647dcb3571f1dd296ca1e049f1746a8a282e85138500e7649db756b2d2ad88f11c471c89dc6be2cd43481013b8d0ae83da2b855cea7be424f8b2325b1850d1fdef03e765458df4513d57c72ba9751e1edc3c4e7f97e3202bb46eec7be89871ba3704aa6c6fc08851e551a3f655fa1fb798d12f003faf31c56b6df399a5dd0ed29ef9e4139dbc254bc5d6051840a859eabaaad56324588fae881fd638d2b70fb3813402df61d941ab495588e5fc3823249bf9a03cf877902394f512de118edaf98843a5445e9073fcfa409df3db0221f1c77e2dd21e74f9e10c9e180dc4ed17010eb949c6d67a22bd5337b2c68f9eccdec778ece728e91353696b742c8f5a3a569f054efb8c1ed478ee9b75e26c768a5816aa6bd08a4c72e745fdb5deb34ecb86b3a84346c1c70f9c16fc45bc0421f0da2f630912d5079f390cc53b78e343310de722b53d2a3b4aa386caa0d7e91986e19c3363426ba30eb5284293af81d00158a3f5233327b40c3b989725ba7dd5b31ac7abf8d3e0b737e843065cd7316dc2f374a00bed4cf9caa0d6e232c854df1bc24c3d484bc6bcb14ec770d5745474dc6ac3b3ddbffc551c9fcc2c56a5e0ae17948457c01e701bf1554022bc2b7d9dd42b2b91172fd85e6874d2d61fc7b3bb3cee2a9bfec09f6d7e98279c6f511f4140b116c856c1438e34bca59fdca2409f025b896a52d68719bf93e82e7d89bbf798991fda0af8d06d17f39eba4bca09c1fe594b537ad4c9b94ab52c895539d639425f9146b24b016368a638e5bba391bc8763cae7c52ff9c496884f1d84e5e08ed451358ecb3c4919dd410e82cac35ae744078287c05c89b42999ea6b8b127d40d53a5722d45139e8bc507a11e7add7fa9ab12cc40afeec008a4668e3e6440f27bb5780936c0e3668ac51262390c79b3f21fd041cf36ba3522f3a552714ff188bfd554c60d0e7d11213cf7d3864a5175d4047c2f3284741f18ec22995a5b82bf62190151bc1529c6d9927f9b0c1dacebd9c2dc406f7f64a973f9a70cff6e3abeebeb46514bbf2ead382f7262d46bd43d88c1b91a9011d1f8ba81fa536a7162aee2b2ec6fc0f2d6efc87b98d2e41e0f946969da659c21053775ece415a34d42b6cfd5bc52259867b411dfb991461ca618052309ca9c96468c2da12dfab0e822ff3bbe7ba281982a239ac19c47024fe1f0e3550cf0975add1f680a9dac9b2c4ab0aed4f409ddda6765eb8a0a9d1e9d07458c69ac8195541219b18efcd06c0001f2ae7fee2d404666a18ca3cb3aa4f0623e86c5b1229f6c2ca28d951111294b91edc52730b6b2c46e000672a7c89b2f38045bd3e37dbb8a75e18687a514dcf740c87a34834d3c3cc8aadf6166ec0c42d2be92f90a3af49633ff23cd80848ceb57ac550eaf9ae496bdc6a2d7cf50fe107895b4a1ed014f78af24eccd6a07420f1dc0df1e7c44b4ba937dd43cab9c798371b148325578d61931766af02b45054bdc2d9fcab2f4b49092f6fff7c27886820739d6140a4a905f0020249e8ae8dd87da1a1e7b1851eb01045aaa72dc8a2bf68055e7aed41d85336648a3405195d2ab61b0e29a770461f32fd05e14c17d72c5252f026a7b9abe7ea9176d3c46f6ed9fb716758d97b41e4f5d81a24538f763d83eecafafc668422612b40cfc32b3354b24755fbe400a2bfed494fe6d0ba0051713b776e67e2f1915e94708e6dc74b398f2f526933aad8fe7dc32faf40022606aebb6e0756b994c3176fae7640ee06d6c67bd54764c4752f1bf831f43e0227cba101174c5554ce26400f333dd8e9f6db1cdf670ce407d7d06c3aef4c0724b62edc8f1ba3e04f0e394d15a73b9255abb4d6ac70303dcf9160d32dc02d4804219ed5c7e3b48402e58ab2f58305f9bb95d2a8759947de96328ed5234cfe7d0b2a9a014df7e4cd0ae48906315f139b8635d2e6bd4aba32e62b8906cdfe5622c411bf0373d0cb07d17bb2bb5b83eae4401c243605fd1df759fd0ddc704ccab5a9776c40fbf6bde0f11b9646c699f26063a9550ac228c9884c277bcadcc0a2c225dc203e28e253c4e464b23d2529d09c7b7dd3c984667372472b615645f294c4e3b0797f9d1c234015b78502d98bfc04f1fa2f16cf3e7221d5794d035e4b172a4d84e679cb1c82df2fb49d3c6668eb1661bed56705096c2371a19d668832808eedd9e5b1256c18fe7ccc494e5e29145d453c553ec86fb7f3a634d0d45661875f2f1005ba5e734c1a976f37cd23450e4606e32d027bc9ec2edd9395e14b2082179bd7b4f9b8caa2d00a2de71d48553f7d4153cb56a1b08f11925e4b11c9281744ae9171f3d6faa3ab3f88c5c34fd23e4f6efeceafdcbc07686ef56efa62c0ad62f1cdcb4d3b5bc508c1f05263bc347158fa5495828f34eb7fcde98fefaa82bafeefed3f4a58968d751c051b52e0047f066de5be533bc3b1e439ab1c8602f6c67503803c8fa113737cb8279f358dbacdf45432b7a654d0e1122cca93420e956661d7275181c75b0d9c20e84c7007dfc49f27bc00007cf4ffa631c892981fd70141d532fcd51de5c23fe0b7a186d0dc296362f235d61698740cc315891cc9342da17843bcde274c17e462263d0e8b4832dd9075a7bbb443d4b26b41e534ad5551ed5ada102175e695363fb48d6b99ac978a3aa6f405d87f983384ce35740e930491d75675337c5dc081e3d301228e61bde5cc169968e5b4350cca2b085f9f75cc4b88497a78cd0a0073d90246c7dc102c7cbf3516498e8a41aa85d8cc5bc285ff66e8338e85ca83fb6889e2bccff52059bb9e92e92c155a349952680ffd0a3c346061a53fdf074417fc90c4d1af7c2acc3ee4b080752cbc9455ba5931b7e910f1e4af0efce905d2cc9c685923ead387fa532c0e8ad92719c76c281cd010e1acce500ae1443838b8afb48af032069dd07aa4df0d56bcb70a64592633699c8658102f1fbca441325e27f1732a7a973d8cb3a0684d72943ef6f1892f2d7ccf39bb6dfe5801ab98653bdbcfbb787bf125253be2624f6cf44177d588bd7b780d9e3f4e3a4e50b8a253fa21abce6a94b9073289c76773b46140f5a6e46b9de9ec066c176f5d1a69f380e1901216617363362d13ebb26ad74fb008ec08841550ff14ca800a1ecf2e007ebaad9f4e0d9664448d60ac0d8544243129fb81c1723b9b4bc2ee971dff736d9fcde0afbfbf5c50a4cc06a4c363998326c17bdc9e2508651dedd9a2a52bd87f8693cfcff60753acf9716c526e8635f12377e36564ae55d0fdb3c7997ec4dbdaa5b4d18c7b660acd95060831795da7d299a5a8d8cf9e92537dbd3ef7f56aebe38fa97c41da6bf0572a0270be7e5a7dcc0be3529339464c811052b65a938e874ea6da469c7d8992ce0aff1c75e82d1621ecb967213c65f2de582cb41de3804c507ddfc708ef3f6096ba4491e431160f98de806d0f334e03cfb7a3bece601099bd971253f3aa0df845da8b478603d5d88533d0cab9c89f2dd9a1404cf8939ffdda652a94093865a85fce2bc3d7babcff7b9f3306bd76b9af80c78ad518f89ee73b7a710da604e72f4927be8d65d06be2e0732fa786a83e27597cfbed9bf98df445499e0746b9f2cb9659ac0a9cef433148521f33b1d78d13c8441c0d1e20fd93ac450a3787a2292bcbd68cd1f961d34937be9a21abaf26f361bf53aa0c095e53c51f3e04d567eabe6e40d96a17c2bcc9230b18f7e079bc549a314b4ae21d30a3341aa205bc75c7f1d21b0a49549c300faeda243d0ce18da5e66c5b663cd705005dd9fea0a9564174abb797d64c58fdab1fae44576d514b75eaa31c9278b15bf9b6df7c6c2873d7a56fb91ab77b83761a09f9e1ddae535622fb87f7462256a60dd39dd3ceb6690b0272920b635ea639daf24f95462c523e5bbd8d8407c61163ab38877d5edfa04c2a78d4d240523ba97c7d01c71783f8748e85164b4dd08c25506a4ed18300b42b7bc6e417f512ae456ceec2ffc83190991a06d4a58ede215babcd3688e1d61f1975016244e80c88ae2aec05c7eeb1c50caca72b3b415b6b870bf5e10bd1ac3ba6b4acb1d1afac554444d94c97e171005fa4ea9c651bb4e527ff58d0c2f90fb453a92d6546a26e9e98395b09e8471bdcf2a145aacb649708cf048a7856ce8cf390c107ff2c66efbf2a76c5b041860ea576103cd8c6b25e50eca9ff6a2fa88083fe9ac0d1fb639c516b9bcdf23c34c6145a705498ff9b9747f15e1c08c63da6efeda4eca02c3f00dfec06c82220c9de840040118dde76be788daf84e6a2f44c81fe6defcc474f99c51c4648d297cbc48f081e0809dbda505d020cbe865e430e0491644ec8c52bd3ab8ce8c4862990f49fe2588caf804ce9500ef42d5a50c057c257168e283e4a4aedbe4ccfaf3eeffb212f9e23d15434d60bf4f455f512e2b655aff3225d1b217c261110cec0400f54dd303d6231d028c2eb649bccc91d30a6391c88bff9d447c3cf35a3467be5957e0ea4d4dc237c9f2c68ce48f658f820a3d72d559b60f233ce538c92cb148808e34fedf2d648c21e7f2ea29a77270c393bda42d869351d6c085d965dc12cbfd0311b8bf604f4391d378781eea3b5f1e0da9d0d8f8de88e56fe47d362cd46f591d3ec0f7cccb85a21f21ddcd4107821ce0ca9ddf99dfdfd9b0c9cd45053e5b1b4385bd8f5b227ada31b5c23e9420014474e8b4494fde7c38edfe70994d97b8cbdfac588df49a49c472fcce78cccc051f31cbbc1e0422878d8d490f3aee28adf1587c38fb7e7d1be54abeaa83cf54b633803a5e669ff4295df8735231ce39631616bd05e0e31117c722c2fd6787003b0bc7fe422a089c89329544e085d71102c1813769450a9f66f160d1702cdb17bd2c6fdf0f722762d193ce83623eeffab17b01b10a31db6e2feb6eb3abdbb2e36320e1a56e44e48d26090afa7f65003a98cbfef590ac3ec89b3eb230557cf6aa566e841806aa2767b21bb26fe001f11ae039e0c9a4bf1bf3d271960f16158eb5bd9ebf0080abd8369d512cab2d1aaae2b14d0ff6ee705a38fb0c801a98b0624cc138fc24834fdf430f33e1760db913da3290f34415c9e3df3e97da1780545ab68ac5a24db89f24d62f4a399728e4144a8c89f47ac2d29e30c49b0bcf790a5e3d3fcd1943c6a28f37251d9dd827a69579e6c17b629c927473b5a07b0a29d9562708d6c8ce576109ad1a3473ffb2047eb069beeec24c114bef392c929038c92abd0e6a19b610e27881361824d57008b7373d0ab76379570ded76c9b8284fe2c247791073c29b2fc6fca05019220ab92856892d3c0dcc6da0b597fe559c162d060d71513ebca050d9638164b9ae271fba5575ade787ec5aee8fc253d1b234b1df561db3e36ac64b9b0100dd6b407043537b2b141f
diff --git a/src/lib/libssl/src/fips-1.0/sha/asm/fips-sx86-elf.s b/src/lib/libssl/src/fips-1.0/sha/asm/fips-sx86-elf.s
new file mode 100644
index 0000000000..2a4d98791d
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/sha/asm/fips-sx86-elf.s
@@ -0,0 +1,1568 @@
+
+
+
+
+
+
+ .file "sha1-586.s"
+ .version "01.01"
+gcc2_compiled.:
+.text
+ .align 16
+.globl sha1_block_asm_data_order
+ .type sha1_block_asm_data_order,@function
+sha1_block_asm_data_order:
+ movl 12(%esp), %ecx
+ pushl %esi
+ sall $6, %ecx
+ movl 12(%esp), %esi
+ pushl %ebp
+ addl %esi, %ecx
+ pushl %ebx
+ movl 16(%esp), %ebp
+ pushl %edi
+ movl 12(%ebp), %edx
+ subl $108, %esp
+ movl 16(%ebp), %edi
+ movl 8(%ebp), %ebx
+ movl %ecx, 68(%esp)
+
+.L000start:
+
+ movl (%esi), %eax
+ movl 4(%esi), %ecx
+
+ xchgb %al, %ah
+ rorl $16, %eax
+ xchgb %al, %ah
+
+ xchgb %cl, %ch
+ rorl $16, %ecx
+ xchgb %cl, %ch
+ movl %eax, (%esp)
+ movl %ecx, 4(%esp)
+ movl 8(%esi), %eax
+ movl 12(%esi), %ecx
+
+ xchgb %al, %ah
+ rorl $16, %eax
+ xchgb %al, %ah
+
+ xchgb %cl, %ch
+ rorl $16, %ecx
+ xchgb %cl, %ch
+ movl %eax, 8(%esp)
+ movl %ecx, 12(%esp)
+ movl 16(%esi), %eax
+ movl 20(%esi), %ecx
+
+ xchgb %al, %ah
+ rorl $16, %eax
+ xchgb %al, %ah
+
+ xchgb %cl, %ch
+ rorl $16, %ecx
+ xchgb %cl, %ch
+ movl %eax, 16(%esp)
+ movl %ecx, 20(%esp)
+ movl 24(%esi), %eax
+ movl 28(%esi), %ecx
+
+ xchgb %al, %ah
+ rorl $16, %eax
+ xchgb %al, %ah
+
+ xchgb %cl, %ch
+ rorl $16, %ecx
+ xchgb %cl, %ch
+ movl %eax, 24(%esp)
+ movl %ecx, 28(%esp)
+ movl 32(%esi), %eax
+ movl 36(%esi), %ecx
+
+ xchgb %al, %ah
+ rorl $16, %eax
+ xchgb %al, %ah
+
+ xchgb %cl, %ch
+ rorl $16, %ecx
+ xchgb %cl, %ch
+ movl %eax, 32(%esp)
+ movl %ecx, 36(%esp)
+ movl 40(%esi), %eax
+ movl 44(%esi), %ecx
+
+ xchgb %al, %ah
+ rorl $16, %eax
+ xchgb %al, %ah
+
+ xchgb %cl, %ch
+ rorl $16, %ecx
+ xchgb %cl, %ch
+ movl %eax, 40(%esp)
+ movl %ecx, 44(%esp)
+ movl 48(%esi), %eax
+ movl 52(%esi), %ecx
+
+ xchgb %al, %ah
+ rorl $16, %eax
+ xchgb %al, %ah
+
+ xchgb %cl, %ch
+ rorl $16, %ecx
+ xchgb %cl, %ch
+ movl %eax, 48(%esp)
+ movl %ecx, 52(%esp)
+ movl 56(%esi), %eax
+ movl 60(%esi), %ecx
+
+ xchgb %al, %ah
+ rorl $16, %eax
+ xchgb %al, %ah
+
+ xchgb %cl, %ch
+ rorl $16, %ecx
+ xchgb %cl, %ch
+ movl %eax, 56(%esp)
+ movl %ecx, 60(%esp)
+
+
+ movl %esi, 132(%esp)
+.L001shortcut:
+
+
+ movl (%ebp), %eax
+ movl 4(%ebp), %ecx
+
+ movl %eax, %ebp
+ movl %ebx, %esi
+ roll $5, %ebp
+ xorl %edx, %esi
+ andl %ecx, %esi
+ rorl $2, %ecx
+ addl %edi, %ebp
+ movl (%esp), %edi
+ xorl %edx, %esi
+ leal 1518500249(%ebp,%edi,1),%ebp
+ addl %ebp, %esi
+
+ movl %esi, %ebp
+ movl %ecx, %edi
+ roll $5, %ebp
+ xorl %ebx, %edi
+ andl %eax, %edi
+ rorl $2, %eax
+ addl %edx, %ebp
+ movl 4(%esp), %edx
+ xorl %ebx, %edi
+ leal 1518500249(%ebp,%edx,1),%ebp
+ addl %ebp, %edi
+
+ movl %edi, %ebp
+ movl %eax, %edx
+ roll $5, %ebp
+ xorl %ecx, %edx
+ andl %esi, %edx
+ rorl $2, %esi
+ addl %ebx, %ebp
+ movl 8(%esp), %ebx
+ xorl %ecx, %edx
+ leal 1518500249(%ebp,%ebx,1),%ebp
+ addl %ebp, %edx
+
+ movl %edx, %ebp
+ movl %esi, %ebx
+ roll $5, %ebp
+ xorl %eax, %ebx
+ andl %edi, %ebx
+ rorl $2, %edi
+ addl %ecx, %ebp
+ movl 12(%esp), %ecx
+ xorl %eax, %ebx
+ leal 1518500249(%ebp,%ecx,1),%ebp
+ addl %ebp, %ebx
+
+ movl %ebx, %ebp
+ movl %edi, %ecx
+ roll $5, %ebp
+ xorl %esi, %ecx
+ andl %edx, %ecx
+ rorl $2, %edx
+ addl %eax, %ebp
+ movl 16(%esp), %eax
+ xorl %esi, %ecx
+ leal 1518500249(%ebp,%eax,1),%ebp
+ addl %ebp, %ecx
+
+ movl %ecx, %ebp
+ movl %edx, %eax
+ roll $5, %ebp
+ xorl %edi, %eax
+ andl %ebx, %eax
+ rorl $2, %ebx
+ addl %esi, %ebp
+ movl 20(%esp), %esi
+ xorl %edi, %eax
+ leal 1518500249(%ebp,%esi,1),%ebp
+ addl %ebp, %eax
+
+ movl %eax, %ebp
+ movl %ebx, %esi
+ roll $5, %ebp
+ xorl %edx, %esi
+ andl %ecx, %esi
+ rorl $2, %ecx
+ addl %edi, %ebp
+ movl 24(%esp), %edi
+ xorl %edx, %esi
+ leal 1518500249(%ebp,%edi,1),%ebp
+ addl %ebp, %esi
+
+ movl %esi, %ebp
+ movl %ecx, %edi
+ roll $5, %ebp
+ xorl %ebx, %edi
+ andl %eax, %edi
+ rorl $2, %eax
+ addl %edx, %ebp
+ movl 28(%esp), %edx
+ xorl %ebx, %edi
+ leal 1518500249(%ebp,%edx,1),%ebp
+ addl %ebp, %edi
+
+ movl %edi, %ebp
+ movl %eax, %edx
+ roll $5, %ebp
+ xorl %ecx, %edx
+ andl %esi, %edx
+ rorl $2, %esi
+ addl %ebx, %ebp
+ movl 32(%esp), %ebx
+ xorl %ecx, %edx
+ leal 1518500249(%ebp,%ebx,1),%ebp
+ addl %ebp, %edx
+
+ movl %edx, %ebp
+ movl %esi, %ebx
+ roll $5, %ebp
+ xorl %eax, %ebx
+ andl %edi, %ebx
+ rorl $2, %edi
+ addl %ecx, %ebp
+ movl 36(%esp), %ecx
+ xorl %eax, %ebx
+ leal 1518500249(%ebp,%ecx,1),%ebp
+ addl %ebp, %ebx
+
+ movl %ebx, %ebp
+ movl %edi, %ecx
+ roll $5, %ebp
+ xorl %esi, %ecx
+ andl %edx, %ecx
+ rorl $2, %edx
+ addl %eax, %ebp
+ movl 40(%esp), %eax
+ xorl %esi, %ecx
+ leal 1518500249(%ebp,%eax,1),%ebp
+ addl %ebp, %ecx
+
+ movl %ecx, %ebp
+ movl %edx, %eax
+ roll $5, %ebp
+ xorl %edi, %eax
+ andl %ebx, %eax
+ rorl $2, %ebx
+ addl %esi, %ebp
+ movl 44(%esp), %esi
+ xorl %edi, %eax
+ leal 1518500249(%ebp,%esi,1),%ebp
+ addl %ebp, %eax
+
+ movl %eax, %ebp
+ movl %ebx, %esi
+ roll $5, %ebp
+ xorl %edx, %esi
+ andl %ecx, %esi
+ rorl $2, %ecx
+ addl %edi, %ebp
+ movl 48(%esp), %edi
+ xorl %edx, %esi
+ leal 1518500249(%ebp,%edi,1),%ebp
+ addl %ebp, %esi
+
+ movl %esi, %ebp
+ movl %ecx, %edi
+ roll $5, %ebp
+ xorl %ebx, %edi
+ andl %eax, %edi
+ rorl $2, %eax
+ addl %edx, %ebp
+ movl 52(%esp), %edx
+ xorl %ebx, %edi
+ leal 1518500249(%ebp,%edx,1),%ebp
+ addl %ebp, %edi
+
+ movl %edi, %ebp
+ movl %eax, %edx
+ roll $5, %ebp
+ xorl %ecx, %edx
+ andl %esi, %edx
+ rorl $2, %esi
+ addl %ebx, %ebp
+ movl 56(%esp), %ebx
+ xorl %ecx, %edx
+ leal 1518500249(%ebp,%ebx,1),%ebp
+ addl %ebp, %edx
+
+ movl %edx, %ebp
+ movl %esi, %ebx
+ roll $5, %ebp
+ xorl %eax, %ebx
+ andl %edi, %ebx
+ rorl $2, %edi
+ addl %ecx, %ebp
+ movl 60(%esp), %ecx
+ xorl %eax, %ebx
+ leal 1518500249(%ebp,%ecx,1),%ebp
+ addl %ebp, %ebx
+
+ movl 8(%esp), %ecx
+ movl %edi, %ebp
+ xorl (%esp), %ecx
+ xorl %esi, %ebp
+ xorl 32(%esp), %ecx
+ andl %edx, %ebp
+ xorl 52(%esp), %ecx
+ rorl $2, %edx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, (%esp)
+ leal 1518500249(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ addl %ebp, %ecx
+ roll $5, %eax
+ addl %eax, %ecx
+
+ movl 12(%esp), %eax
+ movl %edx, %ebp
+ xorl 4(%esp), %eax
+ xorl %edi, %ebp
+ xorl 36(%esp), %eax
+ andl %ebx, %ebp
+ xorl 56(%esp), %eax
+ rorl $2, %ebx
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 4(%esp)
+ leal 1518500249(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ addl %ebp, %eax
+ roll $5, %esi
+ addl %esi, %eax
+
+ movl 16(%esp), %esi
+ movl %ebx, %ebp
+ xorl 8(%esp), %esi
+ xorl %edx, %ebp
+ xorl 40(%esp), %esi
+ andl %ecx, %ebp
+ xorl 60(%esp), %esi
+ rorl $2, %ecx
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 8(%esp)
+ leal 1518500249(%esi,%edi,1),%esi
+ movl %eax, %edi
+ addl %ebp, %esi
+ roll $5, %edi
+ addl %edi, %esi
+
+ movl 20(%esp), %edi
+ movl %ecx, %ebp
+ xorl 12(%esp), %edi
+ xorl %ebx, %ebp
+ xorl 44(%esp), %edi
+ andl %eax, %ebp
+ xorl (%esp), %edi
+ rorl $2, %eax
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 12(%esp)
+ leal 1518500249(%edi,%edx,1),%edi
+ movl %esi, %edx
+ addl %ebp, %edi
+ roll $5, %edx
+ addl %edx, %edi
+
+ movl 16(%esp), %edx
+ movl %esi, %ebp
+ xorl 24(%esp), %edx
+ rorl $2, %esi
+ xorl 48(%esp), %edx
+ xorl %eax, %ebp
+ xorl 4(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 16(%esp)
+ leal 1859775393(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 20(%esp), %ebx
+ movl %edi, %ebp
+ xorl 28(%esp), %ebx
+ rorl $2, %edi
+ xorl 52(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 8(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 20(%esp)
+ leal 1859775393(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 24(%esp), %ecx
+ movl %edx, %ebp
+ xorl 32(%esp), %ecx
+ rorl $2, %edx
+ xorl 56(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 12(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, 24(%esp)
+ leal 1859775393(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 28(%esp), %eax
+ movl %ebx, %ebp
+ xorl 36(%esp), %eax
+ rorl $2, %ebx
+ xorl 60(%esp), %eax
+ xorl %edx, %ebp
+ xorl 16(%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 28(%esp)
+ leal 1859775393(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 32(%esp), %esi
+ movl %ecx, %ebp
+ xorl 40(%esp), %esi
+ rorl $2, %ecx
+ xorl (%esp), %esi
+ xorl %ebx, %ebp
+ xorl 20(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 32(%esp)
+ leal 1859775393(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 36(%esp), %edi
+ movl %eax, %ebp
+ xorl 44(%esp), %edi
+ rorl $2, %eax
+ xorl 4(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 24(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 36(%esp)
+ leal 1859775393(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl 40(%esp), %edx
+ movl %esi, %ebp
+ xorl 48(%esp), %edx
+ rorl $2, %esi
+ xorl 8(%esp), %edx
+ xorl %eax, %ebp
+ xorl 28(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 40(%esp)
+ leal 1859775393(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 44(%esp), %ebx
+ movl %edi, %ebp
+ xorl 52(%esp), %ebx
+ rorl $2, %edi
+ xorl 12(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 32(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 44(%esp)
+ leal 1859775393(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 48(%esp), %ecx
+ movl %edx, %ebp
+ xorl 56(%esp), %ecx
+ rorl $2, %edx
+ xorl 16(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 36(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, 48(%esp)
+ leal 1859775393(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 52(%esp), %eax
+ movl %ebx, %ebp
+ xorl 60(%esp), %eax
+ rorl $2, %ebx
+ xorl 20(%esp), %eax
+ xorl %edx, %ebp
+ xorl 40(%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 52(%esp)
+ leal 1859775393(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 56(%esp), %esi
+ movl %ecx, %ebp
+ xorl (%esp), %esi
+ rorl $2, %ecx
+ xorl 24(%esp), %esi
+ xorl %ebx, %ebp
+ xorl 44(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 56(%esp)
+ leal 1859775393(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 60(%esp), %edi
+ movl %eax, %ebp
+ xorl 4(%esp), %edi
+ rorl $2, %eax
+ xorl 28(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 48(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 60(%esp)
+ leal 1859775393(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl (%esp), %edx
+ movl %esi, %ebp
+ xorl 8(%esp), %edx
+ rorl $2, %esi
+ xorl 32(%esp), %edx
+ xorl %eax, %ebp
+ xorl 52(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, (%esp)
+ leal 1859775393(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 4(%esp), %ebx
+ movl %edi, %ebp
+ xorl 12(%esp), %ebx
+ rorl $2, %edi
+ xorl 36(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 56(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 4(%esp)
+ leal 1859775393(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 8(%esp), %ecx
+ movl %edx, %ebp
+ xorl 16(%esp), %ecx
+ rorl $2, %edx
+ xorl 40(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 60(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, 8(%esp)
+ leal 1859775393(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 12(%esp), %eax
+ movl %ebx, %ebp
+ xorl 20(%esp), %eax
+ rorl $2, %ebx
+ xorl 44(%esp), %eax
+ xorl %edx, %ebp
+ xorl (%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 12(%esp)
+ leal 1859775393(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 16(%esp), %esi
+ movl %ecx, %ebp
+ xorl 24(%esp), %esi
+ rorl $2, %ecx
+ xorl 48(%esp), %esi
+ xorl %ebx, %ebp
+ xorl 4(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 16(%esp)
+ leal 1859775393(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 20(%esp), %edi
+ movl %eax, %ebp
+ xorl 28(%esp), %edi
+ rorl $2, %eax
+ xorl 52(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 8(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 20(%esp)
+ leal 1859775393(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl 24(%esp), %edx
+ movl %esi, %ebp
+ xorl 32(%esp), %edx
+ rorl $2, %esi
+ xorl 56(%esp), %edx
+ xorl %eax, %ebp
+ xorl 12(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 24(%esp)
+ leal 1859775393(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 28(%esp), %ebx
+ movl %edi, %ebp
+ xorl 36(%esp), %ebx
+ rorl $2, %edi
+ xorl 60(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 16(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 28(%esp)
+ leal 1859775393(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 32(%esp), %ecx
+ movl %edx, %ebp
+ xorl 40(%esp), %ecx
+ orl %edi, %ebp
+ xorl (%esp), %ecx
+ andl %esi, %ebp
+ xorl 20(%esp), %ecx
+.byte 209
+.byte 193
+ movl %ecx, 32(%esp)
+ leal 2400959708(%ecx,%eax,1),%ecx
+ movl %edx, %eax
+ rorl $2, %edx
+ andl %edi, %eax
+ orl %eax, %ebp
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %eax, %ebp
+ addl %ebp, %ecx
+
+ movl 36(%esp), %eax
+ movl %ebx, %ebp
+ xorl 44(%esp), %eax
+ orl %edx, %ebp
+ xorl 4(%esp), %eax
+ andl %edi, %ebp
+ xorl 24(%esp), %eax
+.byte 209
+.byte 192
+ movl %eax, 36(%esp)
+ leal 2400959708(%eax,%esi,1),%eax
+ movl %ebx, %esi
+ rorl $2, %ebx
+ andl %edx, %esi
+ orl %esi, %ebp
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %esi, %ebp
+ addl %ebp, %eax
+
+ movl 40(%esp), %esi
+ movl %ecx, %ebp
+ xorl 48(%esp), %esi
+ orl %ebx, %ebp
+ xorl 8(%esp), %esi
+ andl %edx, %ebp
+ xorl 28(%esp), %esi
+.byte 209
+.byte 198
+ movl %esi, 40(%esp)
+ leal 2400959708(%esi,%edi,1),%esi
+ movl %ecx, %edi
+ rorl $2, %ecx
+ andl %ebx, %edi
+ orl %edi, %ebp
+ movl %eax, %edi
+ roll $5, %edi
+ addl %edi, %ebp
+ addl %ebp, %esi
+
+ movl 44(%esp), %edi
+ movl %eax, %ebp
+ xorl 52(%esp), %edi
+ orl %ecx, %ebp
+ xorl 12(%esp), %edi
+ andl %ebx, %ebp
+ xorl 32(%esp), %edi
+.byte 209
+.byte 199
+ movl %edi, 44(%esp)
+ leal 2400959708(%edi,%edx,1),%edi
+ movl %eax, %edx
+ rorl $2, %eax
+ andl %ecx, %edx
+ orl %edx, %ebp
+ movl %esi, %edx
+ roll $5, %edx
+ addl %edx, %ebp
+ addl %ebp, %edi
+
+ movl 48(%esp), %edx
+ movl %esi, %ebp
+ xorl 56(%esp), %edx
+ orl %eax, %ebp
+ xorl 16(%esp), %edx
+ andl %ecx, %ebp
+ xorl 36(%esp), %edx
+.byte 209
+.byte 194
+ movl %edx, 48(%esp)
+ leal 2400959708(%edx,%ebx,1),%edx
+ movl %esi, %ebx
+ rorl $2, %esi
+ andl %eax, %ebx
+ orl %ebx, %ebp
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebx, %ebp
+ addl %ebp, %edx
+
+ movl 52(%esp), %ebx
+ movl %edi, %ebp
+ xorl 60(%esp), %ebx
+ orl %esi, %ebp
+ xorl 20(%esp), %ebx
+ andl %eax, %ebp
+ xorl 40(%esp), %ebx
+.byte 209
+.byte 195
+ movl %ebx, 52(%esp)
+ leal 2400959708(%ebx,%ecx,1),%ebx
+ movl %edi, %ecx
+ rorl $2, %edi
+ andl %esi, %ecx
+ orl %ecx, %ebp
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ecx, %ebp
+ addl %ebp, %ebx
+
+ movl 56(%esp), %ecx
+ movl %edx, %ebp
+ xorl (%esp), %ecx
+ orl %edi, %ebp
+ xorl 24(%esp), %ecx
+ andl %esi, %ebp
+ xorl 44(%esp), %ecx
+.byte 209
+.byte 193
+ movl %ecx, 56(%esp)
+ leal 2400959708(%ecx,%eax,1),%ecx
+ movl %edx, %eax
+ rorl $2, %edx
+ andl %edi, %eax
+ orl %eax, %ebp
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %eax, %ebp
+ addl %ebp, %ecx
+
+ movl 60(%esp), %eax
+ movl %ebx, %ebp
+ xorl 4(%esp), %eax
+ orl %edx, %ebp
+ xorl 28(%esp), %eax
+ andl %edi, %ebp
+ xorl 48(%esp), %eax
+.byte 209
+.byte 192
+ movl %eax, 60(%esp)
+ leal 2400959708(%eax,%esi,1),%eax
+ movl %ebx, %esi
+ rorl $2, %ebx
+ andl %edx, %esi
+ orl %esi, %ebp
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %esi, %ebp
+ addl %ebp, %eax
+
+ movl (%esp), %esi
+ movl %ecx, %ebp
+ xorl 8(%esp), %esi
+ orl %ebx, %ebp
+ xorl 32(%esp), %esi
+ andl %edx, %ebp
+ xorl 52(%esp), %esi
+.byte 209
+.byte 198
+ movl %esi, (%esp)
+ leal 2400959708(%esi,%edi,1),%esi
+ movl %ecx, %edi
+ rorl $2, %ecx
+ andl %ebx, %edi
+ orl %edi, %ebp
+ movl %eax, %edi
+ roll $5, %edi
+ addl %edi, %ebp
+ addl %ebp, %esi
+
+ movl 4(%esp), %edi
+ movl %eax, %ebp
+ xorl 12(%esp), %edi
+ orl %ecx, %ebp
+ xorl 36(%esp), %edi
+ andl %ebx, %ebp
+ xorl 56(%esp), %edi
+.byte 209
+.byte 199
+ movl %edi, 4(%esp)
+ leal 2400959708(%edi,%edx,1),%edi
+ movl %eax, %edx
+ rorl $2, %eax
+ andl %ecx, %edx
+ orl %edx, %ebp
+ movl %esi, %edx
+ roll $5, %edx
+ addl %edx, %ebp
+ addl %ebp, %edi
+
+ movl 8(%esp), %edx
+ movl %esi, %ebp
+ xorl 16(%esp), %edx
+ orl %eax, %ebp
+ xorl 40(%esp), %edx
+ andl %ecx, %ebp
+ xorl 60(%esp), %edx
+.byte 209
+.byte 194
+ movl %edx, 8(%esp)
+ leal 2400959708(%edx,%ebx,1),%edx
+ movl %esi, %ebx
+ rorl $2, %esi
+ andl %eax, %ebx
+ orl %ebx, %ebp
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebx, %ebp
+ addl %ebp, %edx
+
+ movl 12(%esp), %ebx
+ movl %edi, %ebp
+ xorl 20(%esp), %ebx
+ orl %esi, %ebp
+ xorl 44(%esp), %ebx
+ andl %eax, %ebp
+ xorl (%esp), %ebx
+.byte 209
+.byte 195
+ movl %ebx, 12(%esp)
+ leal 2400959708(%ebx,%ecx,1),%ebx
+ movl %edi, %ecx
+ rorl $2, %edi
+ andl %esi, %ecx
+ orl %ecx, %ebp
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ecx, %ebp
+ addl %ebp, %ebx
+
+ movl 16(%esp), %ecx
+ movl %edx, %ebp
+ xorl 24(%esp), %ecx
+ orl %edi, %ebp
+ xorl 48(%esp), %ecx
+ andl %esi, %ebp
+ xorl 4(%esp), %ecx
+.byte 209
+.byte 193
+ movl %ecx, 16(%esp)
+ leal 2400959708(%ecx,%eax,1),%ecx
+ movl %edx, %eax
+ rorl $2, %edx
+ andl %edi, %eax
+ orl %eax, %ebp
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %eax, %ebp
+ addl %ebp, %ecx
+
+ movl 20(%esp), %eax
+ movl %ebx, %ebp
+ xorl 28(%esp), %eax
+ orl %edx, %ebp
+ xorl 52(%esp), %eax
+ andl %edi, %ebp
+ xorl 8(%esp), %eax
+.byte 209
+.byte 192
+ movl %eax, 20(%esp)
+ leal 2400959708(%eax,%esi,1),%eax
+ movl %ebx, %esi
+ rorl $2, %ebx
+ andl %edx, %esi
+ orl %esi, %ebp
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %esi, %ebp
+ addl %ebp, %eax
+
+ movl 24(%esp), %esi
+ movl %ecx, %ebp
+ xorl 32(%esp), %esi
+ orl %ebx, %ebp
+ xorl 56(%esp), %esi
+ andl %edx, %ebp
+ xorl 12(%esp), %esi
+.byte 209
+.byte 198
+ movl %esi, 24(%esp)
+ leal 2400959708(%esi,%edi,1),%esi
+ movl %ecx, %edi
+ rorl $2, %ecx
+ andl %ebx, %edi
+ orl %edi, %ebp
+ movl %eax, %edi
+ roll $5, %edi
+ addl %edi, %ebp
+ addl %ebp, %esi
+
+ movl 28(%esp), %edi
+ movl %eax, %ebp
+ xorl 36(%esp), %edi
+ orl %ecx, %ebp
+ xorl 60(%esp), %edi
+ andl %ebx, %ebp
+ xorl 16(%esp), %edi
+.byte 209
+.byte 199
+ movl %edi, 28(%esp)
+ leal 2400959708(%edi,%edx,1),%edi
+ movl %eax, %edx
+ rorl $2, %eax
+ andl %ecx, %edx
+ orl %edx, %ebp
+ movl %esi, %edx
+ roll $5, %edx
+ addl %edx, %ebp
+ addl %ebp, %edi
+
+ movl 32(%esp), %edx
+ movl %esi, %ebp
+ xorl 40(%esp), %edx
+ orl %eax, %ebp
+ xorl (%esp), %edx
+ andl %ecx, %ebp
+ xorl 20(%esp), %edx
+.byte 209
+.byte 194
+ movl %edx, 32(%esp)
+ leal 2400959708(%edx,%ebx,1),%edx
+ movl %esi, %ebx
+ rorl $2, %esi
+ andl %eax, %ebx
+ orl %ebx, %ebp
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebx, %ebp
+ addl %ebp, %edx
+
+ movl 36(%esp), %ebx
+ movl %edi, %ebp
+ xorl 44(%esp), %ebx
+ orl %esi, %ebp
+ xorl 4(%esp), %ebx
+ andl %eax, %ebp
+ xorl 24(%esp), %ebx
+.byte 209
+.byte 195
+ movl %ebx, 36(%esp)
+ leal 2400959708(%ebx,%ecx,1),%ebx
+ movl %edi, %ecx
+ rorl $2, %edi
+ andl %esi, %ecx
+ orl %ecx, %ebp
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ecx, %ebp
+ addl %ebp, %ebx
+
+ movl 40(%esp), %ecx
+ movl %edx, %ebp
+ xorl 48(%esp), %ecx
+ orl %edi, %ebp
+ xorl 8(%esp), %ecx
+ andl %esi, %ebp
+ xorl 28(%esp), %ecx
+.byte 209
+.byte 193
+ movl %ecx, 40(%esp)
+ leal 2400959708(%ecx,%eax,1),%ecx
+ movl %edx, %eax
+ rorl $2, %edx
+ andl %edi, %eax
+ orl %eax, %ebp
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %eax, %ebp
+ addl %ebp, %ecx
+
+ movl 44(%esp), %eax
+ movl %ebx, %ebp
+ xorl 52(%esp), %eax
+ orl %edx, %ebp
+ xorl 12(%esp), %eax
+ andl %edi, %ebp
+ xorl 32(%esp), %eax
+.byte 209
+.byte 192
+ movl %eax, 44(%esp)
+ leal 2400959708(%eax,%esi,1),%eax
+ movl %ebx, %esi
+ rorl $2, %ebx
+ andl %edx, %esi
+ orl %esi, %ebp
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %esi, %ebp
+ addl %ebp, %eax
+
+ movl 48(%esp), %esi
+ movl %ecx, %ebp
+ xorl 56(%esp), %esi
+ rorl $2, %ecx
+ xorl 16(%esp), %esi
+ xorl %ebx, %ebp
+ xorl 36(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 48(%esp)
+ leal 3395469782(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 52(%esp), %edi
+ movl %eax, %ebp
+ xorl 60(%esp), %edi
+ rorl $2, %eax
+ xorl 20(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 40(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 52(%esp)
+ leal 3395469782(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl 56(%esp), %edx
+ movl %esi, %ebp
+ xorl (%esp), %edx
+ rorl $2, %esi
+ xorl 24(%esp), %edx
+ xorl %eax, %ebp
+ xorl 44(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 56(%esp)
+ leal 3395469782(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 60(%esp), %ebx
+ movl %edi, %ebp
+ xorl 4(%esp), %ebx
+ rorl $2, %edi
+ xorl 28(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 48(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 60(%esp)
+ leal 3395469782(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl (%esp), %ecx
+ movl %edx, %ebp
+ xorl 8(%esp), %ecx
+ rorl $2, %edx
+ xorl 32(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 52(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, (%esp)
+ leal 3395469782(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 4(%esp), %eax
+ movl %ebx, %ebp
+ xorl 12(%esp), %eax
+ rorl $2, %ebx
+ xorl 36(%esp), %eax
+ xorl %edx, %ebp
+ xorl 56(%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 4(%esp)
+ leal 3395469782(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 8(%esp), %esi
+ movl %ecx, %ebp
+ xorl 16(%esp), %esi
+ rorl $2, %ecx
+ xorl 40(%esp), %esi
+ xorl %ebx, %ebp
+ xorl 60(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 8(%esp)
+ leal 3395469782(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 12(%esp), %edi
+ movl %eax, %ebp
+ xorl 20(%esp), %edi
+ rorl $2, %eax
+ xorl 44(%esp), %edi
+ xorl %ecx, %ebp
+ xorl (%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 12(%esp)
+ leal 3395469782(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl 16(%esp), %edx
+ movl %esi, %ebp
+ xorl 24(%esp), %edx
+ rorl $2, %esi
+ xorl 48(%esp), %edx
+ xorl %eax, %ebp
+ xorl 4(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 16(%esp)
+ leal 3395469782(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 20(%esp), %ebx
+ movl %edi, %ebp
+ xorl 28(%esp), %ebx
+ rorl $2, %edi
+ xorl 52(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 8(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 20(%esp)
+ leal 3395469782(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 24(%esp), %ecx
+ movl %edx, %ebp
+ xorl 32(%esp), %ecx
+ rorl $2, %edx
+ xorl 56(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 12(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, 24(%esp)
+ leal 3395469782(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 28(%esp), %eax
+ movl %ebx, %ebp
+ xorl 36(%esp), %eax
+ rorl $2, %ebx
+ xorl 60(%esp), %eax
+ xorl %edx, %ebp
+ xorl 16(%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 28(%esp)
+ leal 3395469782(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 32(%esp), %esi
+ movl %ecx, %ebp
+ xorl 40(%esp), %esi
+ rorl $2, %ecx
+ xorl (%esp), %esi
+ xorl %ebx, %ebp
+ xorl 20(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 32(%esp)
+ leal 3395469782(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 36(%esp), %edi
+ movl %eax, %ebp
+ xorl 44(%esp), %edi
+ rorl $2, %eax
+ xorl 4(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 24(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 36(%esp)
+ leal 3395469782(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl 40(%esp), %edx
+ movl %esi, %ebp
+ xorl 48(%esp), %edx
+ rorl $2, %esi
+ xorl 8(%esp), %edx
+ xorl %eax, %ebp
+ xorl 28(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 40(%esp)
+ leal 3395469782(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 44(%esp), %ebx
+ movl %edi, %ebp
+ xorl 52(%esp), %ebx
+ rorl $2, %edi
+ xorl 12(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 32(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 44(%esp)
+ leal 3395469782(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 48(%esp), %ecx
+ movl %edx, %ebp
+ xorl 56(%esp), %ecx
+ rorl $2, %edx
+ xorl 16(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 36(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, 48(%esp)
+ leal 3395469782(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 52(%esp), %eax
+ movl %ebx, %ebp
+ xorl 60(%esp), %eax
+ rorl $2, %ebx
+ xorl 20(%esp), %eax
+ xorl %edx, %ebp
+ xorl 40(%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 52(%esp)
+ leal 3395469782(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 56(%esp), %esi
+ movl %ecx, %ebp
+ xorl (%esp), %esi
+ rorl $2, %ecx
+ xorl 24(%esp), %esi
+ xorl %ebx, %ebp
+ xorl 44(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 56(%esp)
+ leal 3395469782(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 60(%esp), %edi
+ movl %eax, %ebp
+ xorl 4(%esp), %edi
+ rorl $2, %eax
+ xorl 28(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 48(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 60(%esp)
+ leal 3395469782(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+
+ movl 128(%esp), %ebp
+ movl 12(%ebp), %edx
+ addl %ecx, %edx
+ movl 4(%ebp), %ecx
+ addl %esi, %ecx
+ movl %eax, %esi
+ movl (%ebp), %eax
+ movl %edx, 12(%ebp)
+ addl %edi, %eax
+ movl 16(%ebp), %edi
+ addl %ebx, %edi
+ movl 8(%ebp), %ebx
+ addl %esi, %ebx
+ movl %eax, (%ebp)
+ movl 132(%esp), %esi
+ movl %ebx, 8(%ebp)
+ addl $64, %esi
+ movl 68(%esp), %eax
+ movl %edi, 16(%ebp)
+ cmpl %eax, %esi
+ movl %ecx, 4(%ebp)
+ jb .L000start
+ addl $108, %esp
+ popl %edi
+ popl %ebx
+ popl %ebp
+ popl %esi
+ ret
+.L_sha1_block_asm_data_order_end:
+ .size sha1_block_asm_data_order,.L_sha1_block_asm_data_order_end-sha1_block_asm_data_order
+.ident "desasm.pl"
+.text
+ .align 16
+.globl sha1_block_asm_host_order
+ .type sha1_block_asm_host_order,@function
+sha1_block_asm_host_order:
+ movl 12(%esp), %ecx
+ pushl %esi
+ sall $6, %ecx
+ movl 12(%esp), %esi
+ pushl %ebp
+ addl %esi, %ecx
+ pushl %ebx
+ movl 16(%esp), %ebp
+ pushl %edi
+ movl 12(%ebp), %edx
+ subl $108, %esp
+ movl 16(%ebp), %edi
+ movl 8(%ebp), %ebx
+ movl %ecx, 68(%esp)
+
+ movl (%esi), %eax
+ movl 4(%esi), %ecx
+ movl %eax, (%esp)
+ movl %ecx, 4(%esp)
+ movl 8(%esi), %eax
+ movl 12(%esi), %ecx
+ movl %eax, 8(%esp)
+ movl %ecx, 12(%esp)
+ movl 16(%esi), %eax
+ movl 20(%esi), %ecx
+ movl %eax, 16(%esp)
+ movl %ecx, 20(%esp)
+ movl 24(%esi), %eax
+ movl 28(%esi), %ecx
+ movl %eax, 24(%esp)
+ movl %ecx, 28(%esp)
+ movl 32(%esi), %eax
+ movl 36(%esi), %ecx
+ movl %eax, 32(%esp)
+ movl %ecx, 36(%esp)
+ movl 40(%esi), %eax
+ movl 44(%esi), %ecx
+ movl %eax, 40(%esp)
+ movl %ecx, 44(%esp)
+ movl 48(%esi), %eax
+ movl 52(%esi), %ecx
+ movl %eax, 48(%esp)
+ movl %ecx, 52(%esp)
+ movl 56(%esi), %eax
+ movl 60(%esi), %ecx
+ movl %eax, 56(%esp)
+ movl %ecx, 60(%esp)
+ jmp .L001shortcut
+.L_sha1_block_asm_host_order_end:
+ .size sha1_block_asm_host_order,.L_sha1_block_asm_host_order_end-sha1_block_asm_host_order
+.ident "desasm.pl"
diff --git a/src/lib/libssl/src/fips-1.0/sha/fips_md32_common.h b/src/lib/libssl/src/fips-1.0/sha/fips_md32_common.h
new file mode 100644
index 0000000000..b5ad231e3a
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/sha/fips_md32_common.h
@@ -0,0 +1,623 @@
+/* crypto/md32_common.h */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+ * This is a generic 32 bit "collector" for message digest algorithms.
+ * Whenever needed it collects input character stream into chunks of
+ * 32 bit values and invokes a block function that performs actual hash
+ * calculations.
+ *
+ * Porting guide.
+ *
+ * Obligatory macros:
+ *
+ * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
+ * this macro defines byte order of input stream.
+ * HASH_CBLOCK
+ * size of a unit chunk HASH_BLOCK operates on.
+ * HASH_LONG
+ * has to be at lest 32 bit wide, if it's wider, then
+ * HASH_LONG_LOG2 *has to* be defined along
+ * HASH_CTX
+ * context structure that at least contains following
+ * members:
+ * typedef struct {
+ * ...
+ * HASH_LONG Nl,Nh;
+ * HASH_LONG data[HASH_LBLOCK];
+ * unsigned int num;
+ * ...
+ * } HASH_CTX;
+ * HASH_UPDATE
+ * name of "Update" function, implemented here.
+ * HASH_TRANSFORM
+ * name of "Transform" function, implemented here.
+ * HASH_FINAL
+ * name of "Final" function, implemented here.
+ * HASH_BLOCK_HOST_ORDER
+ * name of "block" function treating *aligned* input message
+ * in host byte order, implemented externally.
+ * HASH_BLOCK_DATA_ORDER
+ * name of "block" function treating *unaligned* input message
+ * in original (data) byte order, implemented externally (it
+ * actually is optional if data and host are of the same
+ * "endianess").
+ * HASH_MAKE_STRING
+ * macro convering context variables to an ASCII hash string.
+ *
+ * Optional macros:
+ *
+ * B_ENDIAN or L_ENDIAN
+ * defines host byte-order.
+ * HASH_LONG_LOG2
+ * defaults to 2 if not states otherwise.
+ * HASH_LBLOCK
+ * assumed to be HASH_CBLOCK/4 if not stated otherwise.
+ * HASH_BLOCK_DATA_ORDER_ALIGNED
+ * alternative "block" function capable of treating
+ * aligned input message in original (data) order,
+ * implemented externally.
+ *
+ * MD5 example:
+ *
+ * #define DATA_ORDER_IS_LITTLE_ENDIAN
+ *
+ * #define HASH_LONG MD5_LONG
+ * #define HASH_LONG_LOG2 MD5_LONG_LOG2
+ * #define HASH_CTX MD5_CTX
+ * #define HASH_CBLOCK MD5_CBLOCK
+ * #define HASH_LBLOCK MD5_LBLOCK
+ * #define HASH_UPDATE MD5_Update
+ * #define HASH_TRANSFORM MD5_Transform
+ * #define HASH_FINAL MD5_Final
+ * #define HASH_BLOCK_HOST_ORDER md5_block_host_order
+ * #define HASH_BLOCK_DATA_ORDER md5_block_data_order
+ *
+ * <appro@fy.chalmers.se>
+ */
+
+#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+#error "DATA_ORDER must be defined!"
+#endif
+
+#ifndef HASH_CBLOCK
+#error "HASH_CBLOCK must be defined!"
+#endif
+#ifndef HASH_LONG
+#error "HASH_LONG must be defined!"
+#endif
+#ifndef HASH_CTX
+#error "HASH_CTX must be defined!"
+#endif
+
+#ifndef HASH_UPDATE
+#error "HASH_UPDATE must be defined!"
+#endif
+#ifndef HASH_TRANSFORM
+#error "HASH_TRANSFORM must be defined!"
+#endif
+#ifndef HASH_FINAL
+#error "HASH_FINAL must be defined!"
+#endif
+
+#ifndef HASH_BLOCK_HOST_ORDER
+#error "HASH_BLOCK_HOST_ORDER must be defined!"
+#endif
+
+#if 0
+/*
+ * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED
+ * isn't defined.
+ */
+#ifndef HASH_BLOCK_DATA_ORDER
+#error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+#endif
+
+#ifndef HASH_LBLOCK
+#define HASH_LBLOCK (HASH_CBLOCK/4)
+#endif
+
+#ifndef HASH_LONG_LOG2
+#define HASH_LONG_LOG2 2
+#endif
+
+/*
+ * Engage compiler specific rotate intrinsic function if available.
+ */
+#undef ROTATE
+#ifndef PEDANTIC
+# if defined(_MSC_VER) || defined(__ICC)
+# define ROTATE(a,n) _lrotl(a,n)
+# elif defined(__MWERKS__)
+# if defined(__POWERPC__)
+# define ROTATE(a,n) __rlwinm(a,n,0,31)
+# elif defined(__MC68K__)
+ /* Motorola specific tweak. <appro@fy.chalmers.se> */
+# define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) )
+# else
+# define ROTATE(a,n) __rol(a,n)
+# endif
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+ /*
+ * Some GNU C inline assembler templates. Note that these are
+ * rotates by *constant* number of bits! But that's exactly
+ * what we need here...
+ * <appro@fy.chalmers.se>
+ */
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+# define ROTATE(a,n) ({ register unsigned int ret; \
+ asm ( \
+ "roll %1,%0" \
+ : "=r"(ret) \
+ : "I"(n), "0"(a) \
+ : "cc"); \
+ ret; \
+ })
+# elif defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
+# define ROTATE(a,n) ({ register unsigned int ret; \
+ asm ( \
+ "rlwinm %0,%1,%2,0,31" \
+ : "=r"(ret) \
+ : "r"(a), "I"(n)); \
+ ret; \
+ })
+# endif
+# endif
+#endif /* PEDANTIC */
+
+#if HASH_LONG_LOG2==2 /* Engage only if sizeof(HASH_LONG)== 4 */
+/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
+#ifdef ROTATE
+/* 5 instructions with rotate instruction, else 9 */
+#define REVERSE_FETCH32(a,l) ( \
+ l=*(const HASH_LONG *)(a), \
+ ((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24))) \
+ )
+#else
+/* 6 instructions with rotate instruction, else 8 */
+#define REVERSE_FETCH32(a,l) ( \
+ l=*(const HASH_LONG *)(a), \
+ l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)), \
+ ROTATE(l,16) \
+ )
+/*
+ * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|...
+ * It's rewritten as above for two reasons:
+ * - RISCs aren't good at long constants and have to explicitely
+ * compose 'em with several (well, usually 2) instructions in a
+ * register before performing the actual operation and (as you
+ * already realized:-) having same constant should inspire the
+ * compiler to permanently allocate the only register for it;
+ * - most modern CPUs have two ALUs, but usually only one has
+ * circuitry for shifts:-( this minor tweak inspires compiler
+ * to schedule shift instructions in a better way...
+ *
+ * <appro@fy.chalmers.se>
+ */
+#endif
+#endif
+
+#ifndef ROTATE
+#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#endif
+
+/*
+ * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED
+ * and HASH_BLOCK_HOST_ORDER ought to be the same if input data
+ * and host are of the same "endianess". It's possible to mask
+ * this with blank #define HASH_BLOCK_DATA_ORDER though...
+ *
+ * <appro@fy.chalmers.se>
+ */
+#if defined(B_ENDIAN)
+# if defined(DATA_ORDER_IS_BIG_ENDIAN)
+# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
+# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER
+# endif
+# endif
+#elif defined(L_ENDIAN)
+# if defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
+# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER
+# endif
+# endif
+#endif
+
+#if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+#ifndef HASH_BLOCK_DATA_ORDER
+#error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+#endif
+
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+
+#ifndef PEDANTIC
+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+ /*
+ * This gives ~30-40% performance improvement in SHA-256 compiled
+ * with gcc [on P4]. Well, first macro to be frank. We can pull
+ * this trick on x86* platforms only, because these CPUs can fetch
+ * unaligned data without raising an exception.
+ */
+# define HOST_c2l(c,l) ({ unsigned int r=*((const unsigned int *)(c)); \
+ asm ("bswapl %0":"=r"(r):"0"(r)); \
+ (c)+=4; (l)=r; })
+# define HOST_l2c(l,c) ({ unsigned int r=(l); \
+ asm ("bswapl %0":"=r"(r):"0"(r)); \
+ *((unsigned int *)(c))=r; (c)+=4; r; })
+# endif
+# endif
+#endif
+
+#ifndef HOST_c2l
+#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
+ l|=(((unsigned long)(*((c)++)))<<16), \
+ l|=(((unsigned long)(*((c)++)))<< 8), \
+ l|=(((unsigned long)(*((c)++))) ), \
+ l)
+#endif
+#define HOST_p_c2l(c,l,n) { \
+ switch (n) { \
+ case 0: l =((unsigned long)(*((c)++)))<<24; \
+ case 1: l|=((unsigned long)(*((c)++)))<<16; \
+ case 2: l|=((unsigned long)(*((c)++)))<< 8; \
+ case 3: l|=((unsigned long)(*((c)++))); \
+ } }
+#define HOST_p_c2l_p(c,l,sc,len) { \
+ switch (sc) { \
+ case 0: l =((unsigned long)(*((c)++)))<<24; \
+ if (--len == 0) break; \
+ case 1: l|=((unsigned long)(*((c)++)))<<16; \
+ if (--len == 0) break; \
+ case 2: l|=((unsigned long)(*((c)++)))<< 8; \
+ } }
+/* NOTE the pointer is not incremented at the end of this */
+#define HOST_c2l_p(c,l,n) { \
+ l=0; (c)+=n; \
+ switch (n) { \
+ case 3: l =((unsigned long)(*(--(c))))<< 8; \
+ case 2: l|=((unsigned long)(*(--(c))))<<16; \
+ case 1: l|=((unsigned long)(*(--(c))))<<24; \
+ } }
+#ifndef HOST_l2c
+#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff), \
+ l)
+#endif
+
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+
+#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+ /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l)
+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l)
+#endif
+
+#ifndef HOST_c2l
+#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
+ l|=(((unsigned long)(*((c)++)))<< 8), \
+ l|=(((unsigned long)(*((c)++)))<<16), \
+ l|=(((unsigned long)(*((c)++)))<<24), \
+ l)
+#endif
+#define HOST_p_c2l(c,l,n) { \
+ switch (n) { \
+ case 0: l =((unsigned long)(*((c)++))); \
+ case 1: l|=((unsigned long)(*((c)++)))<< 8; \
+ case 2: l|=((unsigned long)(*((c)++)))<<16; \
+ case 3: l|=((unsigned long)(*((c)++)))<<24; \
+ } }
+#define HOST_p_c2l_p(c,l,sc,len) { \
+ switch (sc) { \
+ case 0: l =((unsigned long)(*((c)++))); \
+ if (--len == 0) break; \
+ case 1: l|=((unsigned long)(*((c)++)))<< 8; \
+ if (--len == 0) break; \
+ case 2: l|=((unsigned long)(*((c)++)))<<16; \
+ } }
+/* NOTE the pointer is not incremented at the end of this */
+#define HOST_c2l_p(c,l,n) { \
+ l=0; (c)+=n; \
+ switch (n) { \
+ case 3: l =((unsigned long)(*(--(c))))<<16; \
+ case 2: l|=((unsigned long)(*(--(c))))<< 8; \
+ case 1: l|=((unsigned long)(*(--(c)))); \
+ } }
+#ifndef HOST_l2c
+#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+ l)
+#endif
+
+#endif
+
+/*
+ * Time for some action:-)
+ */
+
+int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
+ {
+ const unsigned char *data=data_;
+ register HASH_LONG * p;
+ register HASH_LONG l;
+ size_t sw,sc,ew,ec;
+
+ if(FIPS_selftest_failed())
+ return 0;
+
+ if (len==0) return 1;
+
+ l=(c->Nl+(((HASH_LONG)len)<<3))&0xffffffffUL;
+ /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
+ * Wei Dai <weidai@eskimo.com> for pointing it out. */
+ if (l < c->Nl) /* overflow */
+ c->Nh++;
+ c->Nh+=(len>>29); /* might cause compiler warning on 16-bit */
+ c->Nl=l;
+
+ if (c->num != 0)
+ {
+ p=c->data;
+ sw=c->num>>2;
+ sc=c->num&0x03;
+
+ if ((c->num+len) >= HASH_CBLOCK)
+ {
+ l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
+ for (; sw<HASH_LBLOCK; sw++)
+ {
+ HOST_c2l(data,l); p[sw]=l;
+ }
+ HASH_BLOCK_HOST_ORDER (c,p,1);
+ len-=(HASH_CBLOCK-c->num);
+ c->num=0;
+ /* drop through and do the rest */
+ }
+ else
+ {
+ c->num+=(unsigned int)len;
+ if ((sc+len) < 4) /* ugly, add char's to a word */
+ {
+ l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l;
+ }
+ else
+ {
+ ew=(c->num>>2);
+ ec=(c->num&0x03);
+ if (sc)
+ l=p[sw];
+ HOST_p_c2l(data,l,sc);
+ p[sw++]=l;
+ for (; sw < ew; sw++)
+ {
+ HOST_c2l(data,l); p[sw]=l;
+ }
+ if (ec)
+ {
+ HOST_c2l_p(data,l,ec); p[sw]=l;
+ }
+ }
+ return 1;
+ }
+ }
+
+ sw=len/HASH_CBLOCK;
+ if (sw > 0)
+ {
+#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+ /*
+ * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined
+ * only if sizeof(HASH_LONG)==4.
+ */
+ if ((((size_t)data)%4) == 0)
+ {
+ /* data is properly aligned so that we can cast it: */
+ HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,sw);
+ sw*=HASH_CBLOCK;
+ data+=sw;
+ len-=sw;
+ }
+ else
+#if !defined(HASH_BLOCK_DATA_ORDER)
+ while (sw--)
+ {
+ memcpy (p=c->data,data,HASH_CBLOCK);
+ HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1);
+ data+=HASH_CBLOCK;
+ len-=HASH_CBLOCK;
+ }
+#endif
+#endif
+#if defined(HASH_BLOCK_DATA_ORDER)
+ {
+ HASH_BLOCK_DATA_ORDER(c,data,sw);
+ sw*=HASH_CBLOCK;
+ data+=sw;
+ len-=sw;
+ }
+#endif
+ }
+
+ if (len!=0)
+ {
+ p = c->data;
+ c->num = len;
+ ew=len>>2; /* words to copy */
+ ec=len&0x03;
+ for (; ew; ew--,p++)
+ {
+ HOST_c2l(data,l); *p=l;
+ }
+ HOST_c2l_p(data,l,ec);
+ *p=l;
+ }
+ return 1;
+ }
+
+
+void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)
+ {
+#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+ if ((((size_t)data)%4) == 0)
+ /* data is properly aligned so that we can cast it: */
+ HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,1);
+ else
+#if !defined(HASH_BLOCK_DATA_ORDER)
+ {
+ memcpy (c->data,data,HASH_CBLOCK);
+ HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1);
+ }
+#endif
+#endif
+#if defined(HASH_BLOCK_DATA_ORDER)
+ HASH_BLOCK_DATA_ORDER (c,data,1);
+#endif
+ }
+
+
+int HASH_FINAL (unsigned char *md, HASH_CTX *c)
+ {
+ register HASH_LONG *p;
+ register unsigned long l;
+ register int i,j;
+ static const unsigned char end[4]={0x80,0x00,0x00,0x00};
+ const unsigned char *cp=end;
+
+ /* c->num should definitly have room for at least one more byte. */
+ p=c->data;
+ i=c->num>>2;
+ j=c->num&0x03;
+
+#if 0
+ /* purify often complains about the following line as an
+ * Uninitialized Memory Read. While this can be true, the
+ * following p_c2l macro will reset l when that case is true.
+ * This is because j&0x03 contains the number of 'valid' bytes
+ * already in p[i]. If and only if j&0x03 == 0, the UMR will
+ * occur but this is also the only time p_c2l will do
+ * l= *(cp++) instead of l|= *(cp++)
+ * Many thanks to Alex Tang <altitude@cic.net> for pickup this
+ * 'potential bug' */
+#ifdef PURIFY
+ if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */
+#endif
+ l=p[i];
+#else
+ l = (j==0) ? 0 : p[i];
+#endif
+ HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */
+
+ if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */
+ {
+ if (i<HASH_LBLOCK) p[i]=0;
+ HASH_BLOCK_HOST_ORDER (c,p,1);
+ i=0;
+ }
+ for (; i<(HASH_LBLOCK-2); i++)
+ p[i]=0;
+
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+ p[HASH_LBLOCK-2]=c->Nh;
+ p[HASH_LBLOCK-1]=c->Nl;
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+ p[HASH_LBLOCK-2]=c->Nl;
+ p[HASH_LBLOCK-1]=c->Nh;
+#endif
+ HASH_BLOCK_HOST_ORDER (c,p,1);
+
+#ifndef HASH_MAKE_STRING
+#error "HASH_MAKE_STRING must be defined!"
+#else
+ HASH_MAKE_STRING(c,md);
+#endif
+
+ c->num=0;
+ /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
+ * but I'm not worried :-)
+ OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
+ */
+ return 1;
+ }
+
+#ifndef MD32_REG_T
+#define MD32_REG_T long
+/*
+ * This comment was originaly written for MD5, which is why it
+ * discusses A-D. But it basically applies to all 32-bit digests,
+ * which is why it was moved to common header file.
+ *
+ * In case you wonder why A-D are declared as long and not
+ * as MD5_LONG. Doing so results in slight performance
+ * boost on LP64 architectures. The catch is we don't
+ * really care if 32 MSBs of a 64-bit register get polluted
+ * with eventual overflows as we *save* only 32 LSBs in
+ * *either* case. Now declaring 'em long excuses the compiler
+ * from keeping 32 MSBs zeroed resulting in 13% performance
+ * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+ * Well, to be honest it should say that this *prevents*
+ * performance degradation.
+ * <appro@fy.chalmers.se>
+ * Apparently there're LP64 compilers that generate better
+ * code if A-D are declared int. Most notably GCC-x86_64
+ * generates better code.
+ * <appro@fy.chalmers.se>
+ */
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/sha/fips_sha.h b/src/lib/libssl/src/fips-1.0/sha/fips_sha.h
new file mode 100644
index 0000000000..4520b06ce1
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/sha/fips_sha.h
@@ -0,0 +1,186 @@
+/* fips/sha1/fips_sha.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_SHA_H
+#define HEADER_SHA_H
+
+#include <openssl/e_os2.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
+#error SHA is disabled.
+#endif
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! SHA_LONG_LOG2 has to be defined along. !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#define SHA_LONG unsigned long
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+#define SHA_LONG unsigned long
+#define SHA_LONG_LOG2 3
+#else
+#define SHA_LONG unsigned int
+#endif
+
+#define SHA_LBLOCK 16
+#define SHA_CBLOCK (SHA_LBLOCK*4) /* SHA treats input data as a
+ * contiguous array of 32 bit
+ * wide big-endian values. */
+#define SHA_LAST_BLOCK (SHA_CBLOCK-8)
+#define SHA_DIGEST_LENGTH 20
+
+typedef struct SHAstate_st
+ {
+ SHA_LONG h0,h1,h2,h3,h4;
+ SHA_LONG Nl,Nh;
+ SHA_LONG data[SHA_LBLOCK];
+ unsigned int num;
+ } SHA_CTX;
+
+#ifndef OPENSSL_NO_SHA1
+int SHA1_Init(SHA_CTX *c);
+int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+int SHA1_Final(unsigned char *md, SHA_CTX *c);
+unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
+void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
+#endif
+
+#define SHA256_CBLOCK (SHA_LBLOCK*4) /* SHA-256 treats input data as a
+ * contiguous array of 32 bit
+ * wide big-endian values. */
+#define SHA224_DIGEST_LENGTH 28
+#define SHA256_DIGEST_LENGTH 32
+
+typedef struct SHA256state_st
+ {
+ SHA_LONG h[8];
+ SHA_LONG Nl,Nh;
+ SHA_LONG data[SHA_LBLOCK];
+ unsigned int num,md_len;
+ } SHA256_CTX;
+
+#ifndef OPENSSL_NO_SHA256
+int SHA224_Init(SHA256_CTX *c);
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md);
+int SHA256_Init(SHA256_CTX *c);
+int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md);
+void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
+#endif
+
+#define SHA384_DIGEST_LENGTH 48
+#define SHA512_DIGEST_LENGTH 64
+
+/*
+ * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
+ * being exactly 64-bit wide. See Implementation Notes in sha512.c
+ * for further details.
+ */
+#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a
+ * contiguous array of 64 bit
+ * wide big-endian values. */
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#define SHA_LONG64 unsigned __int64
+#define U64(C) C##UI64
+#elif defined(__arch64__)
+#define SHA_LONG64 unsigned long
+#define U64(C) C##UL
+#else
+#define SHA_LONG64 unsigned long long
+#define U64(C) C##ULL
+#endif
+
+typedef struct SHA512state_st
+ {
+ SHA_LONG64 h[8];
+ SHA_LONG64 Nl,Nh;
+ union {
+ SHA_LONG64 d[SHA_LBLOCK];
+ unsigned char p[SHA512_CBLOCK];
+ } u;
+ unsigned int num,md_len;
+ } SHA512_CTX;
+
+#ifndef OPENSSL_NO_SHA512
+int SHA384_Init(SHA512_CTX *c);
+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md);
+int SHA512_Init(SHA512_CTX *c);
+int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA512_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md);
+void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/sha/fips_sha1_selftest.c b/src/lib/libssl/src/fips-1.0/sha/fips_sha1_selftest.c
new file mode 100644
index 0000000000..73a65cdc06
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/sha/fips_sha1_selftest.c
@@ -0,0 +1,96 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/fips_sha.h>
+
+#ifdef OPENSSL_FIPS
+static char test[][60]=
+ {
+ "",
+ "abc",
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ };
+
+static const unsigned char ret[][SHA_DIGEST_LENGTH]=
+ {
+ { 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55,
+ 0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 },
+ { 0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e,
+ 0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d },
+ { 0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae,
+ 0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 },
+ };
+
+void FIPS_corrupt_sha1()
+ {
+ test[2][0]++;
+ }
+
+int FIPS_selftest_sha1()
+ {
+ int n;
+
+ for(n=0 ; n<sizeof(test)/sizeof(test[0]) ; ++n)
+ {
+ unsigned char md[SHA_DIGEST_LENGTH];
+
+ SHA1((unsigned char*)test[n],strlen(test[n]),md);
+ if(memcmp(md,ret[n],sizeof md))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ }
+ return 1;
+ }
+
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/sha/fips_sha1dgst.c b/src/lib/libssl/src/fips-1.0/sha/fips_sha1dgst.c
new file mode 100644
index 0000000000..fb9e15453c
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/sha/fips_sha1dgst.c
@@ -0,0 +1,96 @@
+/* crypto/sha/sha1dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
+
+#undef SHA_0
+#define SHA_1
+
+#include <openssl/opensslv.h>
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+
+#ifdef OPENSSL_FIPS
+const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
+
+/* The implementation is in fips_md32_common.h */
+#include "fips_sha_locl.h"
+
+unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
+ {
+ SHA_CTX c;
+ static unsigned char m[SHA_DIGEST_LENGTH];
+
+ OPENSSL_assert(sizeof(unsigned long)<=sizeof(size_t));
+ if (md == NULL) md=m;
+ if (!SHA1_Init(&c))
+ return NULL;
+ SHA1_Update(&c,d,n);
+ SHA1_Final(md,&c);
+ OPENSSL_cleanse(&c,sizeof(c));
+ return(md);
+ }
+
+#else /* ndef OPENSSL_FIPS */
+
+static void *dummy=&dummy;
+
+#endif /* ndef OPENSSL_FIPS */
+
+#endif
+
diff --git a/src/lib/libssl/src/fips-1.0/sha/fips_sha256.c b/src/lib/libssl/src/fips-1.0/sha/fips_sha256.c
new file mode 100644
index 0000000000..b5a1ca0cac
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/sha/fips_sha256.c
@@ -0,0 +1,325 @@
+/* crypto/sha/sha256.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved
+ * according to the OpenSSL license [found in ../../LICENSE].
+ * ====================================================================
+ */
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/fips_sha.h>
+#include <openssl/fips.h>
+#include <openssl/opensslv.h>
+
+#ifdef OPENSSL_FIPS
+
+const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
+
+int SHA224_Init (SHA256_CTX *c)
+ {
+ c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL;
+ c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL;
+ c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL;
+ c->h[6]=0x64f98fa7UL; c->h[7]=0xbefa4fa4UL;
+ c->Nl=0; c->Nh=0;
+ c->num=0; c->md_len=SHA224_DIGEST_LENGTH;
+ return 1;
+ }
+
+int SHA256_Init (SHA256_CTX *c)
+ {
+ c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL;
+ c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
+ c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL;
+ c->h[6]=0x1f83d9abUL; c->h[7]=0x5be0cd19UL;
+ c->Nl=0; c->Nh=0;
+ c->num=0; c->md_len=SHA256_DIGEST_LENGTH;
+ return 1;
+ }
+
+unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
+ {
+ SHA256_CTX c;
+ static unsigned char m[SHA224_DIGEST_LENGTH];
+
+ if (md == NULL) md=m;
+ SHA224_Init(&c);
+ SHA256_Update(&c,d,n);
+ SHA256_Final(md,&c);
+ OPENSSL_cleanse(&c,sizeof(c));
+ return(md);
+ }
+
+unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
+ {
+ SHA256_CTX c;
+ static unsigned char m[SHA256_DIGEST_LENGTH];
+
+ if (md == NULL) md=m;
+ SHA256_Init(&c);
+ SHA256_Update(&c,d,n);
+ SHA256_Final(md,&c);
+ OPENSSL_cleanse(&c,sizeof(c));
+ return(md);
+ }
+
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
+{ return SHA256_Update (c,data,len); }
+int SHA224_Final (unsigned char *md, SHA256_CTX *c)
+{ return SHA256_Final (md,c); }
+
+#ifndef SHA_LONG_LOG2
+#define SHA_LONG_LOG2 2 /* default to 32 bits */
+#endif
+
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG SHA_LONG
+#define HASH_LONG_LOG2 SHA_LONG_LOG2
+#define HASH_CTX SHA256_CTX
+#define HASH_CBLOCK SHA_CBLOCK
+#define HASH_LBLOCK SHA_LBLOCK
+/*
+ * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
+ * default: case below covers for it. It's not clear however if it's
+ * permitted to truncate to amount of bytes not divisible by 4. I bet not,
+ * but if it is, then default: case shall be extended. For reference.
+ * Idea behind separate cases for pre-defined lenghts is to let the
+ * compiler decide if it's appropriate to unroll small loops.
+ */
+#define HASH_MAKE_STRING(c,s) do { \
+ unsigned long ll; \
+ unsigned int n; \
+ switch ((c)->md_len) \
+ { case SHA224_DIGEST_LENGTH: \
+ for (n=0;n<SHA224_DIGEST_LENGTH/4;n++) \
+ { ll=(c)->h[n]; HOST_l2c(ll,(s)); } \
+ break; \
+ case SHA256_DIGEST_LENGTH: \
+ for (n=0;n<SHA256_DIGEST_LENGTH/4;n++) \
+ { ll=(c)->h[n]; HOST_l2c(ll,(s)); } \
+ break; \
+ default: \
+ if ((c)->md_len > SHA256_DIGEST_LENGTH) \
+ return 0; \
+ for (n=0;n<(c)->md_len/4;n++) \
+ { ll=(c)->h[n]; HOST_l2c(ll,(s)); } \
+ break; \
+ } \
+ } while (0)
+
+#define HASH_UPDATE SHA256_Update
+#define HASH_TRANSFORM SHA256_Transform
+#define HASH_FINAL SHA256_Final
+#define HASH_BLOCK_HOST_ORDER sha256_block_host_order
+#define HASH_BLOCK_DATA_ORDER sha256_block_data_order
+void sha256_block_host_order (SHA256_CTX *ctx, const void *in, size_t num);
+void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num);
+
+#include "fips_md32_common.h"
+
+#ifdef SHA256_ASM
+void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host);
+#else
+static const SHA_LONG K256[64] = {
+ 0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL,
+ 0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL,
+ 0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL,
+ 0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL,
+ 0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL,
+ 0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL,
+ 0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL,
+ 0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL,
+ 0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL,
+ 0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL,
+ 0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL,
+ 0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL,
+ 0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL,
+ 0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL,
+ 0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL,
+ 0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL };
+
+/*
+ * FIPS specification refers to right rotations, while our ROTATE macro
+ * is left one. This is why you might notice that rotation coefficients
+ * differ from those observed in FIPS document by 32-N...
+ */
+#define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
+#define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
+#define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
+#define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
+
+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#ifdef OPENSSL_SMALL_FOOTPRINT
+
+static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
+ {
+ unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2;
+ SHA_LONG X[16];
+ int i;
+ const unsigned char *data=in;
+
+ while (num--) {
+
+ a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
+ e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
+
+ if (host)
+ {
+ const SHA_LONG *W=(const SHA_LONG *)data;
+
+ for (i=0;i<16;i++)
+ {
+ T1 = X[i] = W[i];
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
+ T2 = Sigma0(a) + Maj(a,b,c);
+ h = g; g = f; f = e; e = d + T1;
+ d = c; c = b; b = a; a = T1 + T2;
+ }
+
+ data += SHA256_CBLOCK;
+ }
+ else
+ {
+ SHA_LONG l;
+
+ for (i=0;i<16;i++)
+ {
+ HOST_c2l(data,l); T1 = X[i] = l;
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
+ T2 = Sigma0(a) + Maj(a,b,c);
+ h = g; g = f; f = e; e = d + T1;
+ d = c; c = b; b = a; a = T1 + T2;
+ }
+ }
+
+ for (;i<64;i++)
+ {
+ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0);
+ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1);
+
+ T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
+ T2 = Sigma0(a) + Maj(a,b,c);
+ h = g; g = f; f = e; e = d + T1;
+ d = c; c = b; b = a; a = T1 + T2;
+ }
+
+ ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
+ ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
+
+ }
+}
+
+#else
+
+#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \
+ h = Sigma0(a) + Maj(a,b,c); \
+ d += T1; h += T1; } while (0)
+
+#define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \
+ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
+ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
+ T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
+ ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
+
+static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
+ {
+ unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1;
+ SHA_LONG X[16];
+ int i;
+ const unsigned char *data=in;
+
+ while (num--) {
+
+ a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
+ e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
+
+ if (host)
+ {
+ const SHA_LONG *W=(const SHA_LONG *)data;
+
+ T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h);
+ T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g);
+ T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f);
+ T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e);
+ T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d);
+ T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c);
+ T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b);
+ T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a);
+ T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h);
+ T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g);
+ T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f);
+ T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e);
+ T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d);
+ T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c);
+ T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b);
+ T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a);
+
+ data += SHA256_CBLOCK;
+ }
+ else
+ {
+ SHA_LONG l;
+
+ HOST_c2l(data,l); T1 = X[0] = l; ROUND_00_15(0,a,b,c,d,e,f,g,h);
+ HOST_c2l(data,l); T1 = X[1] = l; ROUND_00_15(1,h,a,b,c,d,e,f,g);
+ HOST_c2l(data,l); T1 = X[2] = l; ROUND_00_15(2,g,h,a,b,c,d,e,f);
+ HOST_c2l(data,l); T1 = X[3] = l; ROUND_00_15(3,f,g,h,a,b,c,d,e);
+ HOST_c2l(data,l); T1 = X[4] = l; ROUND_00_15(4,e,f,g,h,a,b,c,d);
+ HOST_c2l(data,l); T1 = X[5] = l; ROUND_00_15(5,d,e,f,g,h,a,b,c);
+ HOST_c2l(data,l); T1 = X[6] = l; ROUND_00_15(6,c,d,e,f,g,h,a,b);
+ HOST_c2l(data,l); T1 = X[7] = l; ROUND_00_15(7,b,c,d,e,f,g,h,a);
+ HOST_c2l(data,l); T1 = X[8] = l; ROUND_00_15(8,a,b,c,d,e,f,g,h);
+ HOST_c2l(data,l); T1 = X[9] = l; ROUND_00_15(9,h,a,b,c,d,e,f,g);
+ HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f);
+ HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e);
+ HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d);
+ HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c);
+ HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b);
+ HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a);
+ }
+
+ for (i=16;i<64;i+=8)
+ {
+ ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X);
+ ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X);
+ ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X);
+ ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X);
+ ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X);
+ ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X);
+ ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X);
+ ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X);
+ }
+
+ ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
+ ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
+
+ }
+ }
+
+#endif
+#endif /* SHA256_ASM */
+
+/*
+ * Idea is to trade couple of cycles for some space. On IA-32 we save
+ * about 4K in "big footprint" case. In "small footprint" case any gain
+ * is appreciated:-)
+ */
+void HASH_BLOCK_HOST_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
+{ sha256_block (ctx,in,num,1); }
+
+void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
+{ sha256_block (ctx,in,num,0); }
+
+#endif
+
+#endif /* OPENSSL_NO_SHA256 */
+
diff --git a/src/lib/libssl/src/fips-1.0/sha/fips_sha512.c b/src/lib/libssl/src/fips-1.0/sha/fips_sha512.c
new file mode 100644
index 0000000000..9e906af315
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/sha/fips_sha512.c
@@ -0,0 +1,487 @@
+/* crypto/sha/sha512.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved
+ * according to the OpenSSL license [found in ../../LICENSE].
+ * ====================================================================
+ */
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
+/*
+ * IMPLEMENTATION NOTES.
+ *
+ * As you might have noticed 32-bit hash algorithms:
+ *
+ * - permit SHA_LONG to be wider than 32-bit (case on CRAY);
+ * - optimized versions implement two transform functions: one operating
+ * on [aligned] data in host byte order and one - on data in input
+ * stream byte order;
+ * - share common byte-order neutral collector and padding function
+ * implementations, ../md32_common.h;
+ *
+ * Neither of the above applies to this SHA-512 implementations. Reasons
+ * [in reverse order] are:
+ *
+ * - it's the only 64-bit hash algorithm for the moment of this writing,
+ * there is no need for common collector/padding implementation [yet];
+ * - by supporting only one transform function [which operates on
+ * *aligned* data in input stream byte order, big-endian in this case]
+ * we minimize burden of maintenance in two ways: a) collector/padding
+ * function is simpler; b) only one transform function to stare at;
+ * - SHA_LONG64 is required to be exactly 64-bit in order to be able to
+ * apply a number of optimizations to mitigate potential performance
+ * penalties caused by previous design decision;
+ *
+ * Caveat lector.
+ *
+ * Implementation relies on the fact that "long long" is 64-bit on
+ * both 32- and 64-bit platforms. If some compiler vendor comes up
+ * with 128-bit long long, adjustment to sha.h would be required.
+ * As this implementation relies on 64-bit integer type, it's totally
+ * inappropriate for platforms which don't support it, most notably
+ * 16-bit platforms.
+ * <appro@fy.chalmers.se>
+ */
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/fips_sha.h>
+#include <openssl/fips.h>
+#include <openssl/opensslv.h>
+
+#ifdef OPENSSL_FIPS
+
+const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
+
+#if defined(_M_IX86) || defined(_M_AMD64) || defined(__i386) || defined(__x86_64)
+#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+#endif
+
+int SHA384_Init (SHA512_CTX *c)
+ {
+ c->h[0]=U64(0xcbbb9d5dc1059ed8);
+ c->h[1]=U64(0x629a292a367cd507);
+ c->h[2]=U64(0x9159015a3070dd17);
+ c->h[3]=U64(0x152fecd8f70e5939);
+ c->h[4]=U64(0x67332667ffc00b31);
+ c->h[5]=U64(0x8eb44a8768581511);
+ c->h[6]=U64(0xdb0c2e0d64f98fa7);
+ c->h[7]=U64(0x47b5481dbefa4fa4);
+ c->Nl=0; c->Nh=0;
+ c->num=0; c->md_len=SHA384_DIGEST_LENGTH;
+ return 1;
+ }
+
+int SHA512_Init (SHA512_CTX *c)
+ {
+ c->h[0]=U64(0x6a09e667f3bcc908);
+ c->h[1]=U64(0xbb67ae8584caa73b);
+ c->h[2]=U64(0x3c6ef372fe94f82b);
+ c->h[3]=U64(0xa54ff53a5f1d36f1);
+ c->h[4]=U64(0x510e527fade682d1);
+ c->h[5]=U64(0x9b05688c2b3e6c1f);
+ c->h[6]=U64(0x1f83d9abfb41bd6b);
+ c->h[7]=U64(0x5be0cd19137e2179);
+ c->Nl=0; c->Nh=0;
+ c->num=0; c->md_len=SHA512_DIGEST_LENGTH;
+ return 1;
+ }
+
+#ifndef SHA512_ASM
+static
+#endif
+void sha512_block (SHA512_CTX *ctx, const void *in, size_t num);
+
+int SHA512_Final (unsigned char *md, SHA512_CTX *c)
+ {
+ unsigned char *p=(unsigned char *)c->u.p;
+ size_t n=c->num;
+
+ p[n]=0x80; /* There always is a room for one */
+ n++;
+ if (n > (sizeof(c->u)-16))
+ memset (p+n,0,sizeof(c->u)-n), n=0,
+ sha512_block (c,p,1);
+
+ memset (p+n,0,sizeof(c->u)-16-n);
+#ifdef B_ENDIAN
+ c->u.d[SHA_LBLOCK-2] = c->Nh;
+ c->u.d[SHA_LBLOCK-1] = c->Nl;
+#else
+ p[sizeof(c->u)-1] = (unsigned char)(c->Nl);
+ p[sizeof(c->u)-2] = (unsigned char)(c->Nl>>8);
+ p[sizeof(c->u)-3] = (unsigned char)(c->Nl>>16);
+ p[sizeof(c->u)-4] = (unsigned char)(c->Nl>>24);
+ p[sizeof(c->u)-5] = (unsigned char)(c->Nl>>32);
+ p[sizeof(c->u)-6] = (unsigned char)(c->Nl>>40);
+ p[sizeof(c->u)-7] = (unsigned char)(c->Nl>>48);
+ p[sizeof(c->u)-8] = (unsigned char)(c->Nl>>56);
+ p[sizeof(c->u)-9] = (unsigned char)(c->Nh);
+ p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8);
+ p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16);
+ p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24);
+ p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32);
+ p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40);
+ p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48);
+ p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56);
+#endif
+
+ sha512_block (c,p,1);
+
+ if (md==0) return 0;
+
+ switch (c->md_len)
+ {
+ /* Let compiler decide if it's appropriate to unroll... */
+ case SHA384_DIGEST_LENGTH:
+ for (n=0;n<SHA384_DIGEST_LENGTH/8;n++)
+ {
+ SHA_LONG64 t = c->h[n];
+
+ *(md++) = (unsigned char)(t>>56);
+ *(md++) = (unsigned char)(t>>48);
+ *(md++) = (unsigned char)(t>>40);
+ *(md++) = (unsigned char)(t>>32);
+ *(md++) = (unsigned char)(t>>24);
+ *(md++) = (unsigned char)(t>>16);
+ *(md++) = (unsigned char)(t>>8);
+ *(md++) = (unsigned char)(t);
+ }
+ break;
+ case SHA512_DIGEST_LENGTH:
+ for (n=0;n<SHA512_DIGEST_LENGTH/8;n++)
+ {
+ SHA_LONG64 t = c->h[n];
+
+ *(md++) = (unsigned char)(t>>56);
+ *(md++) = (unsigned char)(t>>48);
+ *(md++) = (unsigned char)(t>>40);
+ *(md++) = (unsigned char)(t>>32);
+ *(md++) = (unsigned char)(t>>24);
+ *(md++) = (unsigned char)(t>>16);
+ *(md++) = (unsigned char)(t>>8);
+ *(md++) = (unsigned char)(t);
+ }
+ break;
+ /* ... as well as make sure md_len is not abused. */
+ default: return 0;
+ }
+
+ return 1;
+ }
+
+int SHA384_Final (unsigned char *md,SHA512_CTX *c)
+{ return SHA512_Final (md,c); }
+
+int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len)
+ {
+ SHA_LONG64 l;
+ unsigned char *p=c->u.p;
+ const unsigned char *data=(const unsigned char *)_data;
+
+ if(FIPS_selftest_failed())
+ return 0;
+
+ if (len==0) return 1;
+
+ l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff);
+ if (l < c->Nl) c->Nh++;
+ if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61);
+ c->Nl=l;
+
+ if (c->num != 0)
+ {
+ size_t n = sizeof(c->u) - c->num;
+
+ if (len < n)
+ {
+ memcpy (p+c->num,data,len), c->num += len;
+ return 1;
+ }
+ else {
+ memcpy (p+c->num,data,n), c->num = 0;
+ len-=n, data+=n;
+ sha512_block (c,p,1);
+ }
+ }
+
+ if (len >= sizeof(c->u))
+ {
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+ if ((size_t)data%sizeof(c->u.d[0]) != 0)
+ while (len >= sizeof(c->u))
+ memcpy (p,data,sizeof(c->u)),
+ sha512_block (c,p,1),
+ len -= sizeof(c->u),
+ data += sizeof(c->u);
+ else
+#endif
+ sha512_block (c,data,len/sizeof(c->u)),
+ data += len,
+ len %= sizeof(c->u),
+ data -= len;
+ }
+
+ if (len != 0) memcpy (p,data,len), c->num = (int)len;
+
+ return 1;
+ }
+
+int SHA384_Update (SHA512_CTX *c, const void *data, size_t len)
+{ return SHA512_Update (c,data,len); }
+
+void SHA512_Transform (SHA512_CTX *c, const unsigned char *data)
+{ sha512_block (c,data,1); }
+
+unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
+ {
+ SHA512_CTX c;
+ static unsigned char m[SHA384_DIGEST_LENGTH];
+
+ if (md == NULL) md=m;
+ SHA384_Init(&c);
+ SHA512_Update(&c,d,n);
+ SHA512_Final(md,&c);
+ OPENSSL_cleanse(&c,sizeof(c));
+ return(md);
+ }
+
+unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
+ {
+ SHA512_CTX c;
+ static unsigned char m[SHA512_DIGEST_LENGTH];
+
+ if (md == NULL) md=m;
+ SHA512_Init(&c);
+ SHA512_Update(&c,d,n);
+ SHA512_Final(md,&c);
+ OPENSSL_cleanse(&c,sizeof(c));
+ return(md);
+ }
+
+#ifndef SHA512_ASM
+static const SHA_LONG64 K512[80] = {
+ U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd),
+ U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc),
+ U64(0x3956c25bf348b538),U64(0x59f111f1b605d019),
+ U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118),
+ U64(0xd807aa98a3030242),U64(0x12835b0145706fbe),
+ U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2),
+ U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1),
+ U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694),
+ U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3),
+ U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65),
+ U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483),
+ U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5),
+ U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210),
+ U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4),
+ U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725),
+ U64(0x06ca6351e003826f),U64(0x142929670a0e6e70),
+ U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926),
+ U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df),
+ U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8),
+ U64(0x81c2c92e47edaee6),U64(0x92722c851482353b),
+ U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001),
+ U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30),
+ U64(0xd192e819d6ef5218),U64(0xd69906245565a910),
+ U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8),
+ U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53),
+ U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8),
+ U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb),
+ U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3),
+ U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60),
+ U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec),
+ U64(0x90befffa23631e28),U64(0xa4506cebde82bde9),
+ U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b),
+ U64(0xca273eceea26619c),U64(0xd186b8c721c0c207),
+ U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178),
+ U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6),
+ U64(0x113f9804bef90dae),U64(0x1b710b35131c471b),
+ U64(0x28db77f523047d84),U64(0x32caab7b40c72493),
+ U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c),
+ U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a),
+ U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) };
+
+#ifndef PEDANTIC
+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(__x86_64) || defined(__x86_64__)
+# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \
+ asm ("bswapq %0" \
+ : "=r"(ret) \
+ : "0"(ret)); ret; })
+# endif
+# endif
+#endif
+
+#ifndef PULL64
+#define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
+#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
+#endif
+
+#ifndef PEDANTIC
+# if defined(_MSC_VER)
+# if defined(_WIN64) /* applies to both IA-64 and AMD64 */
+# define ROTR(a,n) _rotr64((a),n)
+# endif
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(__x86_64) || defined(__x86_64__)
+# define ROTR(a,n) ({ unsigned long ret; \
+ asm ("rorq %1,%0" \
+ : "=r"(ret) \
+ : "J"(n),"0"(a) \
+ : "cc"); ret; })
+# elif defined(_ARCH_PPC) && defined(__64BIT__)
+# define ROTR(a,n) ({ unsigned long ret; \
+ asm ("rotrdi %0,%1,%2" \
+ : "=r"(ret) \
+ : "r"(a),"K"(n)); ret; })
+# endif
+# endif
+#endif
+
+#ifndef ROTR
+#define ROTR(x,s) (((x)>>s) | (x)<<(64-s))
+#endif
+
+#define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+#define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
+#define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
+#define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+
+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#ifdef OPENSSL_SMALL_FOOTPRINT
+
+static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
+ {
+ const SHA_LONG64 *W=in;
+ SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2;
+ SHA_LONG64 X[16];
+ int i;
+
+ while (num--) {
+
+ a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
+ e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
+
+ for (i=0;i<16;i++)
+ {
+#ifdef B_ENDIAN
+ T1 = X[i] = W[i];
+#else
+ T1 = X[i] = PULL64(W[i]);
+#endif
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
+ T2 = Sigma0(a) + Maj(a,b,c);
+ h = g; g = f; f = e; e = d + T1;
+ d = c; c = b; b = a; a = T1 + T2;
+ }
+
+ for (;i<80;i++)
+ {
+ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0);
+ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1);
+
+ T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
+ T2 = Sigma0(a) + Maj(a,b,c);
+ h = g; g = f; f = e; e = d + T1;
+ d = c; c = b; b = a; a = T1 + T2;
+ }
+
+ ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
+ ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
+
+ W+=SHA_LBLOCK;
+ }
+ }
+
+#else
+
+#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \
+ h = Sigma0(a) + Maj(a,b,c); \
+ d += T1; h += T1; } while (0)
+
+#define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \
+ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
+ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
+ T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
+ ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
+
+static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
+ {
+ const SHA_LONG64 *W=in;
+ SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1;
+ SHA_LONG64 X[16];
+ int i;
+
+ while (num--) {
+
+ a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
+ e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
+
+#ifdef B_ENDIAN
+ T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h);
+ T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g);
+ T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f);
+ T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e);
+ T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d);
+ T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c);
+ T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b);
+ T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a);
+ T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h);
+ T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g);
+ T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f);
+ T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e);
+ T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d);
+ T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c);
+ T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b);
+ T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a);
+#else
+ T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h);
+ T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g);
+ T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f);
+ T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e);
+ T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d);
+ T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c);
+ T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b);
+ T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a);
+ T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h);
+ T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g);
+ T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f);
+ T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e);
+ T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d);
+ T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c);
+ T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b);
+ T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a);
+#endif
+
+ for (i=16;i<80;i+=8)
+ {
+ ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X);
+ ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X);
+ ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X);
+ ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X);
+ ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X);
+ ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X);
+ ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X);
+ ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X);
+ }
+
+ ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
+ ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
+
+ W+=SHA_LBLOCK;
+ }
+ }
+
+#endif
+
+#endif /* SHA512_ASM */
+
+#endif
+
+#endif /* OPENSSL_NO_SHA512 */
+
diff --git a/src/lib/libssl/src/fips-1.0/sha/fips_sha_locl.h b/src/lib/libssl/src/fips-1.0/sha/fips_sha_locl.h
new file mode 100644
index 0000000000..bf31d3b845
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/sha/fips_sha_locl.h
@@ -0,0 +1,482 @@
+/* crypto/sha/sha_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/fips_sha.h>
+#include <openssl/fips.h>
+
+#ifndef SHA_LONG_LOG2
+#define SHA_LONG_LOG2 2 /* default to 32 bits */
+#endif
+
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG SHA_LONG
+#define HASH_LONG_LOG2 SHA_LONG_LOG2
+#define HASH_CTX SHA_CTX
+#define HASH_CBLOCK SHA_CBLOCK
+#define HASH_LBLOCK SHA_LBLOCK
+#define HASH_MAKE_STRING(c,s) do { \
+ unsigned long ll; \
+ ll=(c)->h0; HOST_l2c(ll,(s)); \
+ ll=(c)->h1; HOST_l2c(ll,(s)); \
+ ll=(c)->h2; HOST_l2c(ll,(s)); \
+ ll=(c)->h3; HOST_l2c(ll,(s)); \
+ ll=(c)->h4; HOST_l2c(ll,(s)); \
+ } while (0)
+
+#if defined(SHA_0)
+
+# define HASH_UPDATE SHA_Update
+# define HASH_TRANSFORM SHA_Transform
+# define HASH_FINAL SHA_Final
+# define HASH_INIT SHA_Init
+# define HASH_BLOCK_HOST_ORDER sha_block_host_order
+# define HASH_BLOCK_DATA_ORDER sha_block_data_order
+# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id))
+
+ void sha_block_host_order (SHA_CTX *c, const void *p,size_t num);
+ void sha_block_data_order (SHA_CTX *c, const void *p,size_t num);
+
+#elif defined(SHA_1)
+
+# define HASH_UPDATE SHA1_Update
+# define HASH_TRANSFORM SHA1_Transform
+# define HASH_FINAL SHA1_Final
+# define HASH_INIT SHA1_Init
+# define HASH_BLOCK_HOST_ORDER sha1_block_host_order
+# define HASH_BLOCK_DATA_ORDER sha1_block_data_order
+# if defined(__MWERKS__) && defined(__MC68K__)
+ /* Metrowerks for Motorola fails otherwise:-( <appro@fy.chalmers.se> */
+# define Xupdate(a,ix,ia,ib,ic,id) do { (a)=(ia^ib^ic^id); \
+ ix=(a)=ROTATE((a),1); \
+ } while (0)
+# else
+# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \
+ ix=(a)=ROTATE((a),1) \
+ )
+# endif
+
+# ifdef SHA1_ASM
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+# define sha1_block_host_order sha1_block_asm_host_order
+# define DONT_IMPLEMENT_BLOCK_HOST_ORDER
+# define sha1_block_data_order sha1_block_asm_data_order
+# define DONT_IMPLEMENT_BLOCK_DATA_ORDER
+# define HASH_BLOCK_DATA_ORDER_ALIGNED sha1_block_asm_data_order
+# endif
+# endif
+ void sha1_block_host_order (SHA_CTX *c, const void *p,size_t num);
+ void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);
+
+#else
+# error "Either SHA_0 or SHA_1 must be defined."
+#endif
+
+#include "fips_md32_common.h"
+
+#define INIT_DATA_h0 0x67452301UL
+#define INIT_DATA_h1 0xefcdab89UL
+#define INIT_DATA_h2 0x98badcfeUL
+#define INIT_DATA_h3 0x10325476UL
+#define INIT_DATA_h4 0xc3d2e1f0UL
+
+int HASH_INIT (SHA_CTX *c)
+ {
+ /* This assert denotes binary compatibility in 0.9.7 context
+ and commonly optimized away by compiler. */
+ OPENSSL_assert(sizeof(unsigned long)<=sizeof(size_t));
+ c->h0=INIT_DATA_h0;
+ c->h1=INIT_DATA_h1;
+ c->h2=INIT_DATA_h2;
+ c->h3=INIT_DATA_h3;
+ c->h4=INIT_DATA_h4;
+ c->Nl=0;
+ c->Nh=0;
+ c->num=0;
+ return 1;
+ }
+
+#define K_00_19 0x5a827999UL
+#define K_20_39 0x6ed9eba1UL
+#define K_40_59 0x8f1bbcdcUL
+#define K_60_79 0xca62c1d6UL
+
+/* As pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
+ * simplified to the code in F_00_19. Wei attributes these optimisations
+ * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
+ * #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
+ * I've just become aware of another tweak to be made, again from Wei Dai,
+ * in F_40_59, (x&a)|(y&a) -> (x|y)&a
+ */
+#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
+#define F_20_39(b,c,d) ((b) ^ (c) ^ (d))
+#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d)))
+#define F_60_79(b,c,d) F_20_39(b,c,d)
+
+#define BODY_00_15(i,a,b,c,d,e,f,xi) \
+ (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+#define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
+ Xupdate(f,xi,xa,xb,xc,xd); \
+ (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+#define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
+ Xupdate(f,xi,xa,xb,xc,xd); \
+ (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+#define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+ Xupdate(f,xa,xa,xb,xc,xd); \
+ (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+#define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+ Xupdate(f,xa,xa,xb,xc,xd); \
+ (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+#define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+ Xupdate(f,xa,xa,xb,xc,xd); \
+ (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+#ifdef X
+#undef X
+#endif
+#ifndef MD32_XARRAY
+ /*
+ * Originally X was an array. As it's automatic it's natural
+ * to expect RISC compiler to accomodate at least part of it in
+ * the register bank, isn't it? Unfortunately not all compilers
+ * "find" this expectation reasonable:-( On order to make such
+ * compilers generate better code I replace X[] with a bunch of
+ * X0, X1, etc. See the function body below...
+ * <appro@fy.chalmers.se>
+ */
+# define X(i) XX##i
+#else
+ /*
+ * However! Some compilers (most notably HP C) get overwhelmed by
+ * that many local variables so that we have to have the way to
+ * fall down to the original behavior.
+ */
+# define X(i) XX[i]
+#endif
+
+#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER
+void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num)
+ {
+ const SHA_LONG *W=d;
+ register unsigned MD32_REG_T A,B,C,D,E,T;
+#ifndef MD32_XARRAY
+ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+ XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+#else
+ SHA_LONG XX[16];
+#endif
+
+ if(FIPS_selftest_failed())
+ return;
+
+ A=c->h0;
+ B=c->h1;
+ C=c->h2;
+ D=c->h3;
+ E=c->h4;
+
+ for (;;)
+ {
+ BODY_00_15( 0,A,B,C,D,E,T,W[ 0]);
+ BODY_00_15( 1,T,A,B,C,D,E,W[ 1]);
+ BODY_00_15( 2,E,T,A,B,C,D,W[ 2]);
+ BODY_00_15( 3,D,E,T,A,B,C,W[ 3]);
+ BODY_00_15( 4,C,D,E,T,A,B,W[ 4]);
+ BODY_00_15( 5,B,C,D,E,T,A,W[ 5]);
+ BODY_00_15( 6,A,B,C,D,E,T,W[ 6]);
+ BODY_00_15( 7,T,A,B,C,D,E,W[ 7]);
+ BODY_00_15( 8,E,T,A,B,C,D,W[ 8]);
+ BODY_00_15( 9,D,E,T,A,B,C,W[ 9]);
+ BODY_00_15(10,C,D,E,T,A,B,W[10]);
+ BODY_00_15(11,B,C,D,E,T,A,W[11]);
+ BODY_00_15(12,A,B,C,D,E,T,W[12]);
+ BODY_00_15(13,T,A,B,C,D,E,W[13]);
+ BODY_00_15(14,E,T,A,B,C,D,W[14]);
+ BODY_00_15(15,D,E,T,A,B,C,W[15]);
+
+ BODY_16_19(16,C,D,E,T,A,B,X( 0),W[ 0],W[ 2],W[ 8],W[13]);
+ BODY_16_19(17,B,C,D,E,T,A,X( 1),W[ 1],W[ 3],W[ 9],W[14]);
+ BODY_16_19(18,A,B,C,D,E,T,X( 2),W[ 2],W[ 4],W[10],W[15]);
+ BODY_16_19(19,T,A,B,C,D,E,X( 3),W[ 3],W[ 5],W[11],X( 0));
+
+ BODY_20_31(20,E,T,A,B,C,D,X( 4),W[ 4],W[ 6],W[12],X( 1));
+ BODY_20_31(21,D,E,T,A,B,C,X( 5),W[ 5],W[ 7],W[13],X( 2));
+ BODY_20_31(22,C,D,E,T,A,B,X( 6),W[ 6],W[ 8],W[14],X( 3));
+ BODY_20_31(23,B,C,D,E,T,A,X( 7),W[ 7],W[ 9],W[15],X( 4));
+ BODY_20_31(24,A,B,C,D,E,T,X( 8),W[ 8],W[10],X( 0),X( 5));
+ BODY_20_31(25,T,A,B,C,D,E,X( 9),W[ 9],W[11],X( 1),X( 6));
+ BODY_20_31(26,E,T,A,B,C,D,X(10),W[10],W[12],X( 2),X( 7));
+ BODY_20_31(27,D,E,T,A,B,C,X(11),W[11],W[13],X( 3),X( 8));
+ BODY_20_31(28,C,D,E,T,A,B,X(12),W[12],W[14],X( 4),X( 9));
+ BODY_20_31(29,B,C,D,E,T,A,X(13),W[13],W[15],X( 5),X(10));
+ BODY_20_31(30,A,B,C,D,E,T,X(14),W[14],X( 0),X( 6),X(11));
+ BODY_20_31(31,T,A,B,C,D,E,X(15),W[15],X( 1),X( 7),X(12));
+
+ BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
+ BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
+ BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
+ BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
+ BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
+ BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
+ BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
+ BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
+
+ BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
+ BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
+ BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
+ BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
+ BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
+ BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
+ BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
+ BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
+ BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
+ BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
+ BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
+ BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
+ BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
+ BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
+ BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
+ BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
+ BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
+ BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
+ BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
+ BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
+
+ BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
+ BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
+ BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
+ BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
+ BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
+ BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
+ BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
+ BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
+ BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
+ BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
+ BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
+ BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
+ BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
+ BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
+ BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
+ BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
+ BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
+ BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
+ BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
+ BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
+
+ c->h0=(c->h0+E)&0xffffffffL;
+ c->h1=(c->h1+T)&0xffffffffL;
+ c->h2=(c->h2+A)&0xffffffffL;
+ c->h3=(c->h3+B)&0xffffffffL;
+ c->h4=(c->h4+C)&0xffffffffL;
+
+ if (--num == 0) break;
+
+ A=c->h0;
+ B=c->h1;
+ C=c->h2;
+ D=c->h3;
+ E=c->h4;
+
+ W+=SHA_LBLOCK;
+ }
+ }
+#endif
+
+#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER
+void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
+ {
+ const unsigned char *data=p;
+ register unsigned MD32_REG_T A,B,C,D,E,T,l;
+#ifndef MD32_XARRAY
+ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+ XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+#else
+ SHA_LONG XX[16];
+#endif
+
+ if(FIPS_selftest_failed())
+ return;
+
+ A=c->h0;
+ B=c->h1;
+ C=c->h2;
+ D=c->h3;
+ E=c->h4;
+
+ for (;;)
+ {
+
+ HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l;
+ BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l;
+ BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l;
+ BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l;
+ BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l;
+ BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l;
+ BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l;
+ BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l;
+ BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l;
+ BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l;
+ BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l;
+ BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l;
+ BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l;
+ BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l;
+ BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l;
+ BODY_00_15(14,E,T,A,B,C,D,X(14));
+ BODY_00_15(15,D,E,T,A,B,C,X(15));
+
+ BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13));
+ BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14));
+ BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15));
+ BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0));
+
+ BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1));
+ BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2));
+ BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3));
+ BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4));
+ BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5));
+ BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6));
+ BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7));
+ BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8));
+ BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9));
+ BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10));
+ BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11));
+ BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12));
+
+ BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
+ BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
+ BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
+ BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
+ BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
+ BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
+ BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
+ BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
+
+ BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
+ BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
+ BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
+ BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
+ BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
+ BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
+ BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
+ BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
+ BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
+ BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
+ BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
+ BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
+ BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
+ BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
+ BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
+ BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
+ BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
+ BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
+ BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
+ BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
+
+ BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
+ BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
+ BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
+ BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
+ BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
+ BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
+ BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
+ BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
+ BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
+ BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
+ BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
+ BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
+ BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
+ BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
+ BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
+ BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
+ BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
+ BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
+ BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
+ BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
+
+ c->h0=(c->h0+E)&0xffffffffL;
+ c->h1=(c->h1+T)&0xffffffffL;
+ c->h2=(c->h2+A)&0xffffffffL;
+ c->h3=(c->h3+B)&0xffffffffL;
+ c->h4=(c->h4+C)&0xffffffffL;
+
+ if (--num == 0) break;
+
+ A=c->h0;
+ B=c->h1;
+ C=c->h2;
+ D=c->h3;
+ E=c->h4;
+
+ }
+ }
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/sha/fips_shatest.c b/src/lib/libssl/src/fips-1.0/sha/fips_shatest.c
new file mode 100644
index 0000000000..4896b467e4
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/sha/fips_shatest.c
@@ -0,0 +1,399 @@
+/* fips_shatest.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+ printf("No FIPS SHAXXX support\n");
+ return(0);
+}
+
+#else
+
+static int dgst_test(BIO *err, BIO *out, BIO *in);
+static int print_dgst(BIO *err, const EVP_MD *md, BIO *out,
+ unsigned char *Msg, int Msglen);
+static int print_monte(BIO *err, const EVP_MD *md, BIO *out,
+ unsigned char *Seed, int SeedLen);
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *err = NULL;
+
+ int ret = 1;
+
+ ERR_load_crypto_strings();
+
+ err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!err)
+ {
+ fprintf(stderr, "FATAL stderr initialization error\n");
+ goto end;
+ }
+
+ if(!FIPS_mode_set(1))
+ {
+ ERR_print_errors(err);
+ goto end;
+ }
+
+ if (argc == 1)
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+ else
+ in = BIO_new_file(argv[1], "r");
+
+ if (argc < 2)
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ else
+ out = BIO_new_file(argv[2], "w");
+
+ if (!in)
+ {
+ BIO_printf(err, "FATAL input initialization error\n");
+ goto end;
+ }
+
+ if (!out)
+ {
+ fprintf(stderr, "FATAL output initialization error\n");
+ goto end;
+ }
+
+ if (!dgst_test(err, out, in))
+ {
+ fprintf(stderr, "FATAL digest file processing error\n");
+ goto end;
+ }
+ else
+ ret = 0;
+
+ end:
+
+ if (ret && err)
+ ERR_print_errors(err);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (err)
+ BIO_free(err);
+
+ return ret;
+
+ }
+
+#define SHA_TEST_MAX_BITS 102400
+#define SHA_TEST_MAXLINELEN (((SHA_TEST_MAX_BITS >> 3) * 2) + 10)
+
+int dgst_test(BIO *err, BIO *out, BIO *in)
+ {
+ const EVP_MD *md = NULL;
+ char *linebuf, *olinebuf, *p, *q;
+ char *keyword, *value;
+ unsigned char *Msg = NULL, *Seed = NULL;
+ long MsgLen = -1, Len = -1, SeedLen = -1;
+ int ret = 0;
+ int lnum = 0;
+
+ olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
+ linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
+
+ if (!linebuf || !olinebuf)
+ goto error;
+
+
+ while (BIO_gets(in, olinebuf, SHA_TEST_MAXLINELEN) > 0)
+ {
+ lnum++;
+ strcpy(linebuf, olinebuf);
+ keyword = linebuf;
+ /* Skip leading space */
+ while (isspace((unsigned char)*keyword))
+ keyword++;
+
+ /* Look for = sign */
+ p = strchr(linebuf, '=');
+
+ /* If no = or starts with [ (for [L=20] line) just copy */
+ if (!p)
+ {
+ if (!BIO_puts(out, olinebuf))
+ goto error;
+ continue;
+ }
+
+ q = p - 1;
+
+ /* Remove trailing space */
+ while (isspace((unsigned char)*q))
+ *q-- = 0;
+
+ *p = 0;
+ value = p + 1;
+
+ /* Remove leading space from value */
+ while (isspace((unsigned char)*value))
+ value++;
+
+ /* Remove trailing space from value */
+ p = value + strlen(value) - 1;
+
+ while (*p == '\n' || isspace((unsigned char)*p))
+ *p-- = 0;
+
+ if (!strcmp(keyword,"[L") && *p==']')
+ {
+ switch (atoi(value))
+ {
+ case 20: md=EVP_sha1(); break;
+ case 28: md=EVP_sha224(); break;
+ case 32: md=EVP_sha256(); break;
+ case 48: md=EVP_sha384(); break;
+ case 64: md=EVP_sha512(); break;
+ default: goto parse_error;
+ }
+ }
+ else if (!strcmp(keyword, "Len"))
+ {
+ if (Len != -1)
+ goto parse_error;
+ Len = atoi(value);
+ if (Len < 0)
+ goto parse_error;
+ /* Only handle multiples of 8 bits */
+ if (Len & 0x7)
+ goto parse_error;
+ if (Len > SHA_TEST_MAX_BITS)
+ goto parse_error;
+ MsgLen = Len >> 3;
+ }
+
+ else if (!strcmp(keyword, "Msg"))
+ {
+ long tmplen;
+ if (strlen(value) & 1)
+ *(--value) = '0';
+ if (Msg)
+ goto parse_error;
+ Msg = string_to_hex(value, &tmplen);
+ if (!Msg)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "Seed"))
+ {
+ if (strlen(value) & 1)
+ *(--value) = '0';
+ if (Seed)
+ goto parse_error;
+ Seed = string_to_hex(value, &SeedLen);
+ if (!Seed)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "MD"))
+ continue;
+ else
+ goto parse_error;
+
+ BIO_puts(out, olinebuf);
+
+ if (md && Msg && (MsgLen >= 0))
+ {
+ if (!print_dgst(err, md, out, Msg, MsgLen))
+ goto error;
+ OPENSSL_free(Msg);
+ Msg = NULL;
+ MsgLen = -1;
+ Len = -1;
+ }
+ else if (md && Seed && (SeedLen > 0))
+ {
+ if (!print_monte(err, md, out, Seed, SeedLen))
+ goto error;
+ OPENSSL_free(Seed);
+ Seed = NULL;
+ SeedLen = -1;
+ }
+
+
+ }
+
+
+ ret = 1;
+
+
+ error:
+
+ if (olinebuf)
+ OPENSSL_free(olinebuf);
+ if (linebuf)
+ OPENSSL_free(linebuf);
+ if (Msg)
+ OPENSSL_free(Msg);
+ if (Seed)
+ OPENSSL_free(Seed);
+
+ return ret;
+
+ parse_error:
+
+ BIO_printf(err, "FATAL parse error processing line %d\n", lnum);
+
+ goto error;
+
+ }
+
+static int print_dgst(BIO *err, const EVP_MD *emd, BIO *out,
+ unsigned char *Msg, int Msglen)
+ {
+ int i, mdlen;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL))
+ {
+ BIO_puts(err, "Error calculating HASH\n");
+ return 0;
+ }
+ BIO_puts(out, "MD = ");
+ for (i = 0; i < mdlen; i++)
+ BIO_printf(out, "%02x", md[i]);
+ BIO_puts(out, "\n");
+ return 1;
+ }
+
+static int print_monte(BIO *err, const EVP_MD *md, BIO *out,
+ unsigned char *Seed, int SeedLen)
+ {
+ unsigned int i, j, k;
+ int ret = 0;
+ EVP_MD_CTX ctx;
+ unsigned char *m1, *m2, *m3, *p;
+ unsigned int mlen, m1len, m2len, m3len;
+
+ EVP_MD_CTX_init(&ctx);
+
+ if (SeedLen > EVP_MAX_MD_SIZE)
+ mlen = SeedLen;
+ else
+ mlen = EVP_MAX_MD_SIZE;
+
+ m1 = OPENSSL_malloc(mlen);
+ m2 = OPENSSL_malloc(mlen);
+ m3 = OPENSSL_malloc(mlen);
+
+ if (!m1 || !m2 || !m3)
+ goto mc_error;
+
+ m1len = m2len = m3len = SeedLen;
+ memcpy(m1, Seed, SeedLen);
+ memcpy(m2, Seed, SeedLen);
+ memcpy(m3, Seed, SeedLen);
+
+ BIO_puts(out, "\n");
+
+ for (j = 0; j < 100; j++)
+ {
+ for (i = 0; i < 1000; i++)
+ {
+ EVP_DigestInit_ex(&ctx, md, NULL);
+ EVP_DigestUpdate(&ctx, m1, m1len);
+ EVP_DigestUpdate(&ctx, m2, m2len);
+ EVP_DigestUpdate(&ctx, m3, m3len);
+ p = m1;
+ m1 = m2;
+ m1len = m2len;
+ m2 = m3;
+ m2len = m3len;
+ m3 = p;
+ EVP_DigestFinal_ex(&ctx, m3, &m3len);
+ }
+ BIO_printf(out, "COUNT = %d\n", j);
+ BIO_puts(out, "MD = ");
+ for (k = 0; k < m3len; k++)
+ BIO_printf(out, "%02x", m3[k]);
+ BIO_puts(out, "\n\n");
+ memcpy(m1, m3, m3len);
+ memcpy(m2, m3, m3len);
+ m1len = m2len = m3len;
+ }
+
+ ret = 1;
+
+ mc_error:
+ if (m1)
+ OPENSSL_free(m1);
+ if (m2)
+ OPENSSL_free(m2);
+ if (m3)
+ OPENSSL_free(m3);
+
+ EVP_MD_CTX_cleanup(&ctx);
+
+ return ret;
+ }
+
+#endif
diff --git a/src/lib/libssl/src/fips-1.0/sha/fips_standalone_sha1.c b/src/lib/libssl/src/fips-1.0/sha/fips_standalone_sha1.c
new file mode 100644
index 0000000000..8c10c2cd83
--- /dev/null
+++ b/src/lib/libssl/src/fips-1.0/sha/fips_standalone_sha1.c
@@ -0,0 +1,170 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/fips_sha.h>
+#include <openssl/hmac.h>
+
+int FIPS_selftest_failed() { return 0; }
+void OPENSSL_cleanse(void *p,size_t len) {}
+
+#ifdef OPENSSL_FIPS
+
+static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
+ const char *key)
+ {
+ int len=strlen(key);
+ int i;
+ unsigned char keymd[HMAC_MAX_MD_CBLOCK];
+ unsigned char pad[HMAC_MAX_MD_CBLOCK];
+
+ if (len > SHA_CBLOCK)
+ {
+ SHA1_Init(md_ctx);
+ SHA1_Update(md_ctx,key,len);
+ SHA1_Final(keymd,md_ctx);
+ len=20;
+ }
+ else
+ memcpy(keymd,key,len);
+ memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len);
+
+ for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
+ pad[i]=0x36^keymd[i];
+ SHA1_Init(md_ctx);
+ SHA1_Update(md_ctx,pad,SHA_CBLOCK);
+
+ for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
+ pad[i]=0x5c^keymd[i];
+ SHA1_Init(o_ctx);
+ SHA1_Update(o_ctx,pad,SHA_CBLOCK);
+ }
+
+static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
+ {
+ unsigned char buf[20];
+
+ SHA1_Final(buf,md_ctx);
+ SHA1_Update(o_ctx,buf,sizeof buf);
+ SHA1_Final(md,o_ctx);
+ }
+
+#endif
+
+int main(int argc,char **argv)
+ {
+#ifdef OPENSSL_FIPS
+ static char key[]="etaonrishdlcupfm";
+ int n,binary=0;
+
+ if(argc < 2)
+ {
+ fprintf(stderr,"%s [<file>]+\n",argv[0]);
+ exit(1);
+ }
+
+ n=1;
+ if (!strcmp(argv[n],"-binary"))
+ {
+ n++;
+ binary=1; /* emit binary fingerprint... */
+ }
+
+ for(; n < argc ; ++n)
+ {
+ FILE *f=fopen(argv[n],"rb");
+ SHA_CTX md_ctx,o_ctx;
+ unsigned char md[20];
+ int i;
+
+ if(!f)
+ {
+ perror(argv[n]);
+ exit(2);
+ }
+
+ hmac_init(&md_ctx,&o_ctx,key);
+ for( ; ; )
+ {
+ char buf[1024];
+ int l=fread(buf,1,sizeof buf,f);
+
+ if(l == 0)
+ {
+ if(ferror(f))
+ {
+ perror(argv[n]);
+ exit(3);
+ }
+ else
+ break;
+ }
+ SHA1_Update(&md_ctx,buf,l);
+ }
+ hmac_final(md,&md_ctx,&o_ctx);
+
+ if (binary)
+ {
+ fwrite(md,20,1,stdout);
+ break; /* ... for single(!) file */
+ }
+
+ printf("HMAC-SHA1(%s)= ",argv[n]);
+ for(i=0 ; i < 20 ; ++i)
+ printf("%02x",md[i]);
+ printf("\n");
+ }
+#endif
+ return 0;
+ }
+
+
diff --git a/src/lib/libssl/src/makevms.com b/src/lib/libssl/src/makevms.com
index d892fe9f0d..a739625302 100644
--- a/src/lib/libssl/src/makevms.com
+++ b/src/lib/libssl/src/makevms.com
@@ -480,16 +480,18 @@ $!
$ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,kssl.h
$ COPY SYS$DISK:[.SSL]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
$!
-$! Copy All The ".H" Files From The [.FIPS] Directories.
+$! Copy All The ".H" Files From The [.FIPS-1_0] Directories.
$!
-$ FDIRS := ,SHA1,RAND,DES,AES,DSA,RSA
+$ FDIRS := ,SHA,RAND,DES,AES,DSA,RSA,DH,HMAC
$ EXHEADER_ := fips.h
-$ EXHEADER_SHA1 :=
+$ EXHEADER_SHA := fips_sha.h
$ EXHEADER_RAND := fips_rand.h
$ EXHEADER_DES :=
$ EXHEADER_AES :=
$ EXHEADER_DSA :=
$ EXHEADER_RSA :=
+$ EXHEADER_DH :=
+$ EXHEADER_HMAC :=
$
$ I = 0
$ LOOP_FDIRS:
@@ -500,9 +502,9 @@ $ tmp = EXHEADER_'D'
$ IF tmp .EQS. "" THEN GOTO LOOP_FDIRS
$ IF D .EQS. ""
$ THEN
-$ COPY [.FIPS]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
+$ COPY [.FIPS-1_0]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
$ ELSE
-$ COPY [.FIPS.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
+$ COPY [.FIPS-1_0.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
$ ENDIF
$ GOTO LOOP_FDIRS
$ LOOP_FDIRS_END:
@@ -536,9 +538,9 @@ $! Go Back To The Main Directory.
$!
$ SET DEFAULT [-]
$!
-$! Go To The [.FIPS] Directory.
+$! Go To The [.FIPS-1_0] Directory.
$!
-$ SET DEFAULT SYS$DISK:[.FIPS]
+$ SET DEFAULT SYS$DISK:[.FIPS-1_0]
$!
$! Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
$!
diff --git a/src/lib/libssl/src/ms/do_masm.bat b/src/lib/libssl/src/ms/do_masm.bat
index 61c52562f7..ce22a44305 100644
--- a/src/lib/libssl/src/ms/do_masm.bat
+++ b/src/lib/libssl/src/ms/do_masm.bat
@@ -1,4 +1,3 @@
-rem use "fips" as the first argument to make a proper FIPS build.
@echo off
echo Generating x86 for MASM assember
@@ -60,7 +59,7 @@ echo on
perl util\mkfiles.pl >MINFO
rem perl util\mk1mf.pl no-sock %1 VC-MSDOS >ms\msdos.mak
rem perl util\mk1mf.pl %1 VC-W31-32 >ms\w31.mak
-perl util\mk1mf.pl dll %1 VC-W31-32 >ms\w31dll.mak
+rem perl util\mk1mf.pl dll %1 VC-W31-32 >ms\w31dll.mak
perl util\mk1mf.pl %1 VC-WIN32 >ms\nt.mak
perl util\mk1mf.pl dll %1 VC-WIN32 >ms\ntdll.mak
diff --git a/src/lib/libssl/src/ms/do_ms.bat b/src/lib/libssl/src/ms/do_ms.bat
index 72179708bf..4a76921298 100644
--- a/src/lib/libssl/src/ms/do_ms.bat
+++ b/src/lib/libssl/src/ms/do_ms.bat
@@ -2,7 +2,7 @@
perl util\mkfiles.pl >MINFO
rem perl util\mk1mf.pl no-sock %1 VC-MSDOS >ms\msdos.mak
rem perl util\mk1mf.pl %1 VC-W31-32 >ms\w31.mak
-perl util\mk1mf.pl dll %1 VC-W31-32 >ms\w31dll.mak
+rem perl util\mk1mf.pl dll %1 VC-W31-32 >ms\w31dll.mak
perl util\mk1mf.pl no-asm %1 VC-WIN32 >ms\nt.mak
perl util\mk1mf.pl dll no-asm %1 VC-WIN32 >ms\ntdll.mak
perl util\mk1mf.pl no-asm %1 VC-CE >ms\ce.mak
diff --git a/src/lib/libssl/src/ms/fipscheck.pl b/src/lib/libssl/src/ms/fipscheck.pl
new file mode 100644
index 0000000000..80ffbd15ae
--- /dev/null
+++ b/src/lib/libssl/src/ms/fipscheck.pl
@@ -0,0 +1,38 @@
+#!/usr/bin/perl
+
+# fipscheck.pl
+# sample perl script to check integrity of critical FIPS files
+
+my ($fipsdir) = @ARGV;
+
+die "Directory $fipsdir not found or invalid" unless -d $fipsdir;
+
+die "Standalone SHA1 check program ${fipsdir}/fips_standalone_sha1.exe not found" unless -f "${fipsdir}/fips_standalone_sha1.exe";
+
+check_hash("fips_premain.c", $fipsdir);
+check_hash("fipscanister.o", $fipsdir);
+
+sub check_hash
+ {
+ my ($filename, $dir) = @_;
+ my ($hashfile, $hashval);
+
+ $filename = "$dir/$filename";
+
+ die "File $filename does not exist" unless -f $filename;
+ die "File ${filename}.sha1 does not exist" unless -f "${filename}.sha1";
+
+ open(IN, "${filename}.sha1") || die "Cannot open file hash file ${filename}.sha1";
+ $hashfile = <IN>;
+ close IN;
+ $hashval = `${dir}/fips_standalone_sha1.exe $filename`;
+ chomp $hashfile;
+ chomp $hashval;
+ $hashfile =~ s/^.*=\s+//;
+ $hashval =~ s/^.*=\s+//;
+ die "Invalid hash syntax in file" if (length($hashfile) != 40);
+ die "Invalid hash received for file" if (length($hashval) != 40);
+ die "*** HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile);
+ }
+
+
diff --git a/src/lib/libssl/src/openssl.spec b/src/lib/libssl/src/openssl.spec
index 98ef153e3b..3dad37d49b 100644
--- a/src/lib/libssl/src/openssl.spec
+++ b/src/lib/libssl/src/openssl.spec
@@ -1,8 +1,8 @@
%define libmaj 0
%define libmin 9
%define librel 7
-%define librev g
-Release: 1
+%define librev j
+Release: 2
%define openssldir /var/ssl
@@ -121,7 +121,6 @@ rm -rf $RPM_BUILD_ROOT
%config %attr(0644,root,root) %{openssldir}/openssl.cnf
%dir %attr(0755,root,root) %{openssldir}/certs
-%dir %attr(0755,root,root) %{openssldir}/lib
%dir %attr(0755,root,root) %{openssldir}/misc
%dir %attr(0750,root,root) %{openssldir}/private
@@ -146,6 +145,8 @@ ldconfig
ldconfig
%changelog
+* Sun Jun 6 2005 Richard Levitte <richard@levitte.org>
+- Remove the incorrect installation of '%{openssldir}/lib'.
* Wed May 7 2003 Richard Levitte <richard@levitte.org>
- Add /usr/lib/pkgconfig/openssl.pc to the development section.
* Thu Mar 22 2001 Richard Levitte <richard@levitte.org>
diff --git a/src/lib/libssl/src/ssl/Makefile b/src/lib/libssl/src/ssl/Makefile
index baf191b909..14a89e77b2 100644
--- a/src/lib/libssl/src/ssl/Makefile
+++ b/src/lib/libssl/src/ssl/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/ssl/Makefile
+# OpenSSL/ssl/Makefile
#
DIR= ssl
diff --git a/src/lib/libssl/src/ssl/kssl.c b/src/lib/libssl/src/ssl/kssl.c
index 3afa95f3fa..9a41769e75 100644
--- a/src/lib/libssl/src/ssl/kssl.c
+++ b/src/lib/libssl/src/ssl/kssl.c
@@ -68,9 +68,11 @@
#include <openssl/opensslconf.h>
-#define _XOPEN_SOURCE /* glibc2 needs this to declare strptime() */
+#define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */
#include <time.h>
+#if 0 /* Experimental */
#undef _XOPEN_SOURCE /* To avoid clashes with anything else... */
+#endif
#include <string.h>
#define KRB5_PRIVATE 1
@@ -295,7 +297,7 @@ load_krb5_dll(void)
HANDLE hKRB5_32;
krb5_loaded++;
- hKRB5_32 = LoadLibrary("KRB5_32");
+ hKRB5_32 = LoadLibrary(TEXT("KRB5_32"));
if (!hKRB5_32)
return;
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c
index 779e94a35c..86356731ea 100644
--- a/src/lib/libssl/src/ssl/s23_clnt.c
+++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -106,7 +106,7 @@ SSL_METHOD *SSLv23_client_method(void)
int ssl23_connect(SSL *s)
{
BUF_MEM *buf=NULL;
- unsigned long Time=time(NULL);
+ unsigned long Time=(unsigned long)time(NULL);
void (*cb)(const SSL *ssl,int type,int val)=NULL;
int ret= -1;
int new_state,state;
@@ -220,9 +220,28 @@ static int ssl23_client_hello(SSL *s)
{
unsigned char *buf;
unsigned char *p,*d;
- int i,ch_len;
+ int i,j,ch_len;
+ unsigned long Time,l;
+ int ssl2_compat;
+ int version = 0, version_major, version_minor;
+ SSL_COMP *comp;
int ret;
+ ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
+
+ if (!(s->options & SSL_OP_NO_TLSv1))
+ {
+ version = TLS1_VERSION;
+ }
+ else if (!(s->options & SSL_OP_NO_SSLv3))
+ {
+ version = SSL3_VERSION;
+ }
+ else if (!(s->options & SSL_OP_NO_SSLv2))
+ {
+ version = SSL2_VERSION;
+ }
+
buf=(unsigned char *)s->init_buf->data;
if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
{
@@ -235,19 +254,15 @@ static int ssl23_client_hello(SSL *s)
#endif
p=s->s3->client_random;
- if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0)
- return -1;
-
- /* Do the message type and length last */
- d= &(buf[2]);
- p=d+9;
+ Time=(unsigned long)time(NULL); /* Time */
+ l2n(Time,p);
+ if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+ return -1;
- *(d++)=SSL2_MT_CLIENT_HELLO;
- if (!(s->options & SSL_OP_NO_TLSv1))
+ if (version == TLS1_VERSION)
{
- *(d++)=TLS1_VERSION_MAJOR;
- *(d++)=TLS1_VERSION_MINOR;
- s->client_version=TLS1_VERSION;
+ version_major = TLS1_VERSION_MAJOR;
+ version_minor = TLS1_VERSION_MINOR;
}
#ifdef OPENSSL_FIPS
else if(FIPS_mode())
@@ -257,17 +272,15 @@ static int ssl23_client_hello(SSL *s)
return -1;
}
#endif
- else if (!(s->options & SSL_OP_NO_SSLv3))
+ else if (version == SSL3_VERSION)
{
- *(d++)=SSL3_VERSION_MAJOR;
- *(d++)=SSL3_VERSION_MINOR;
- s->client_version=SSL3_VERSION;
+ version_major = SSL3_VERSION_MAJOR;
+ version_minor = SSL3_VERSION_MINOR;
}
- else if (!(s->options & SSL_OP_NO_SSLv2))
+ else if (version == SSL2_VERSION)
{
- *(d++)=SSL2_VERSION_MAJOR;
- *(d++)=SSL2_VERSION_MINOR;
- s->client_version=SSL2_VERSION;
+ version_major = SSL2_VERSION_MAJOR;
+ version_minor = SSL2_VERSION_MINOR;
}
else
{
@@ -275,59 +288,153 @@ static int ssl23_client_hello(SSL *s)
return(-1);
}
- /* Ciphers supported */
- i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p);
- if (i == 0)
+ s->client_version = version;
+
+ if (ssl2_compat)
{
- /* no ciphers */
- SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
- return(-1);
- }
- s2n(i,d);
- p+=i;
+ /* create SSL 2.0 compatible Client Hello */
+
+ /* two byte record header will be written last */
+ d = &(buf[2]);
+ p = d + 9; /* leave space for message type, version, individual length fields */
- /* put in the session-id, zero since there is no
- * reuse. */
+ *(d++) = SSL2_MT_CLIENT_HELLO;
+ *(d++) = version_major;
+ *(d++) = version_minor;
+
+ /* Ciphers supported */
+ i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0);
+ if (i == 0)
+ {
+ /* no ciphers */
+ SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
+ return -1;
+ }
+ s2n(i,d);
+ p+=i;
+
+ /* put in the session-id length (zero since there is no reuse) */
#if 0
- s->session->session_id_length=0;
+ s->session->session_id_length=0;
#endif
- s2n(0,d);
-
- if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
- ch_len=SSL2_CHALLENGE_LENGTH;
+ s2n(0,d);
+
+ if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
+ ch_len=SSL2_CHALLENGE_LENGTH;
+ else
+ ch_len=SSL2_MAX_CHALLENGE_LENGTH;
+
+ /* write out sslv2 challenge */
+ if (SSL3_RANDOM_SIZE < ch_len)
+ i=SSL3_RANDOM_SIZE;
+ else
+ i=ch_len;
+ s2n(i,d);
+ memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
+ if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
+ return -1;
+
+ memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+ p+=i;
+
+ i= p- &(buf[2]);
+ buf[0]=((i>>8)&0xff)|0x80;
+ buf[1]=(i&0xff);
+
+ /* number of bytes to write */
+ s->init_num=i+2;
+ s->init_off=0;
+
+ ssl3_finish_mac(s,&(buf[2]),i);
+ }
else
- ch_len=SSL2_MAX_CHALLENGE_LENGTH;
+ {
+ /* create Client Hello in SSL 3.0/TLS 1.0 format */
- /* write out sslv2 challenge */
- if (SSL3_RANDOM_SIZE < ch_len)
- i=SSL3_RANDOM_SIZE;
- else
- i=ch_len;
- s2n(i,d);
- memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
- if(RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
- return -1;
+ /* do the record header (5 bytes) and handshake message header (4 bytes) last */
+ d = p = &(buf[9]);
+
+ *(p++) = version_major;
+ *(p++) = version_minor;
+
+ /* Random stuff */
+ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+
+ /* Session ID (zero since there is no reuse) */
+ *(p++) = 0;
+
+ /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
+ i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
+ if (i == 0)
+ {
+ SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
+ return -1;
+ }
+ s2n(i,p);
+ p+=i;
+
+ /* COMPRESSION */
+ if (s->ctx->comp_methods == NULL)
+ j=0;
+ else
+ j=sk_SSL_COMP_num(s->ctx->comp_methods);
+ *(p++)=1+j;
+ for (i=0; i<j; i++)
+ {
+ comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
+ *(p++)=comp->id;
+ }
+ *(p++)=0; /* Add the NULL method */
+
+ l = p-d;
+ *p = 42;
- memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
- p+=i;
+ /* fill in 4-byte handshake header */
+ d=&(buf[5]);
+ *(d++)=SSL3_MT_CLIENT_HELLO;
+ l2n3(l,d);
- i= p- &(buf[2]);
- buf[0]=((i>>8)&0xff)|0x80;
- buf[1]=(i&0xff);
+ l += 4;
+
+ if (l > SSL3_RT_MAX_PLAIN_LENGTH)
+ {
+ SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+
+ /* fill in 5-byte record header */
+ d=buf;
+ *(d++) = SSL3_RT_HANDSHAKE;
+ *(d++) = version_major;
+ *(d++) = version_minor; /* arguably we should send the *lowest* suported version here
+ * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
+ s2n((int)l,d);
+
+ /* number of bytes to write */
+ s->init_num=p-buf;
+ s->init_off=0;
+
+ ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
+ }
s->state=SSL23_ST_CW_CLNT_HELLO_B;
- /* number of bytes to write */
- s->init_num=i+2;
s->init_off=0;
-
- ssl3_finish_mac(s,&(buf[2]),i);
}
/* SSL3_ST_CW_CLNT_HELLO_B */
ret = ssl23_write_bytes(s);
- if (ret >= 2)
- if (s->msg_callback)
- s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
+
+ if ((ret >= 2) && s->msg_callback)
+ {
+ /* Client Hello has been sent; tell msg_callback */
+
+ if (ssl2_compat)
+ s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg);
+ else
+ s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);
+ }
+
return ret;
}
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index 92f3391f60..b73abc448f 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -158,7 +158,7 @@ SSL_METHOD *SSLv23_server_method(void)
int ssl23_accept(SSL *s)
{
BUF_MEM *buf;
- unsigned long Time=time(NULL);
+ unsigned long Time=(unsigned long)time(NULL);
void (*cb)(const SSL *ssl,int type,int val)=NULL;
int ret= -1;
int new_state,state;
@@ -268,9 +268,6 @@ int ssl23_get_client_hello(SSL *s)
int n=0,j;
int type=0;
int v[2];
-#ifndef OPENSSL_NO_RSA
- int use_sslv2_strong=0;
-#endif
if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
{
@@ -528,9 +525,7 @@ int ssl23_get_client_hello(SSL *s)
}
s->state=SSL2_ST_GET_CLIENT_HELLO_A;
- if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
- use_sslv2_strong ||
- (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
+ if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
s->s2->ssl2_rollback=0;
else
/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c
index c67829f495..eba04c715b 100644
--- a/src/lib/libssl/src/ssl/s2_clnt.c
+++ b/src/lib/libssl/src/ssl/s2_clnt.c
@@ -162,7 +162,7 @@ SSL_METHOD *SSLv2_client_method(void)
int ssl2_connect(SSL *s)
{
- unsigned long l=time(NULL);
+ unsigned long l=(unsigned long)time(NULL);
BUF_MEM *buf=NULL;
int ret= -1;
void (*cb)(const SSL *ssl,int type,int val)=NULL;
@@ -584,7 +584,7 @@ static int client_hello(SSL *s)
s2n(SSL2_VERSION,p); /* version */
n=j=0;
- n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d);
+ n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d,0);
d+=n;
if (n == 0)
diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c
index 853871f28c..7a4992b7aa 100644
--- a/src/lib/libssl/src/ssl/s2_srvr.c
+++ b/src/lib/libssl/src/ssl/s2_srvr.c
@@ -162,7 +162,7 @@ SSL_METHOD *SSLv2_server_method(void)
int ssl2_accept(SSL *s)
{
- unsigned long l=time(NULL);
+ unsigned long l=(unsigned long)time(NULL);
BUF_MEM *buf=NULL;
int ret= -1;
long num1;
@@ -797,7 +797,7 @@ static int server_hello(SSL *s)
/* lets send out the ciphers we like in the
* prefered order */
sk= s->session->ciphers;
- n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d);
+ n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0);
d+=n;
s2n(n,p); /* add cipher length */
}
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 0969476b25..05194fdb31 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -165,7 +165,7 @@ SSL_METHOD *SSLv3_client_method(void)
int ssl3_connect(SSL *s)
{
BUF_MEM *buf=NULL;
- unsigned long Time=time(NULL),l;
+ unsigned long Time=(unsigned long)time(NULL),l;
long num1;
void (*cb)(const SSL *ssl,int type,int val)=NULL;
int ret= -1;
@@ -533,7 +533,7 @@ static int ssl3_client_hello(SSL *s)
/* else use the pre-loaded session */
p=s->s3->client_random;
- Time=time(NULL); /* Time */
+ Time=(unsigned long)time(NULL); /* Time */
l2n(Time,p);
if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
goto err;
@@ -567,7 +567,7 @@ static int ssl3_client_hello(SSL *s)
}
/* Ciphers supported */
- i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]));
+ i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
if (i == 0)
{
SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 9bf1dbec06..a77588e725 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -835,7 +835,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
TLS1_TXT_RSA_WITH_AES_128_SHA,
TLS1_CK_RSA_WITH_AES_128_SHA,
SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
128,
128,
@@ -848,7 +848,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
TLS1_CK_DH_DSS_WITH_AES_128_SHA,
SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
128,
128,
@@ -861,7 +861,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
TLS1_CK_DH_RSA_WITH_AES_128_SHA,
SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
128,
128,
@@ -874,7 +874,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
128,
128,
@@ -887,7 +887,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
128,
128,
@@ -900,7 +900,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
TLS1_TXT_ADH_WITH_AES_128_SHA,
TLS1_CK_ADH_WITH_AES_128_SHA,
SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
128,
128,
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index c4a1a71523..36fc39d7f8 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -173,7 +173,7 @@ SSL_METHOD *SSLv3_server_method(void)
int ssl3_accept(SSL *s)
{
BUF_MEM *buf;
- unsigned long l,Time=time(NULL);
+ unsigned long l,Time=(unsigned long)time(NULL);
void (*cb)(const SSL *ssl,int type,int val)=NULL;
long num1;
int ret= -1;
@@ -954,7 +954,7 @@ static int ssl3_send_server_hello(SSL *s)
{
buf=(unsigned char *)s->init_buf->data;
p=s->s3->server_random;
- Time=time(NULL); /* Time */
+ Time=(unsigned long)time(NULL); /* Time */
l2n(Time,p);
if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
return -1;
diff --git a/src/lib/libssl/src/ssl/ssl-lib.com b/src/lib/libssl/src/ssl/ssl-lib.com
index 163ade9f7a..f0665c6b86 100644
--- a/src/lib/libssl/src/ssl/ssl-lib.com
+++ b/src/lib/libssl/src/ssl/ssl-lib.com
@@ -749,7 +749,7 @@ $ CCDEFS = "TCPIP_TYPE_''P4'"
$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
$ CCEXTRAFLAGS = ""
$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
$!
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index 3161f532cf..99e188086b 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -467,7 +467,7 @@ typedef struct ssl_session_st
#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
#define SSL_OP_TLS_D5_BUG 0x00000100L
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
@@ -1567,6 +1567,7 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL_CTRL 232
#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
#define SSL_F_SSL_CTX_NEW 169
+#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
#define SSL_F_SSL_CTX_SET_PURPOSE 226
#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
@@ -1596,6 +1597,7 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL_SESSION_PRINT_FP 190
#define SSL_F_SSL_SESS_CERT_NEW 225
#define SSL_F_SSL_SET_CERT 191
+#define SSL_F_SSL_SET_CIPHER_LIST 271
#define SSL_F_SSL_SET_FD 192
#define SSL_F_SSL_SET_PKEY 193
#define SSL_F_SSL_SET_PURPOSE 227
@@ -1674,40 +1676,39 @@ void ERR_load_SSL_strings(void);
#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
#define SSL_R_DATA_LENGTH_TOO_LONG 146
#define SSL_R_DECRYPTION_FAILED 147
-#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 1109
+#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
#define SSL_R_DIGEST_CHECK_FAILED 149
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
-#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092
+#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
#define SSL_R_HTTPS_PROXY_REQUEST 155
#define SSL_R_HTTP_REQUEST 156
-#define SSL_R_ILLEGAL_PADDING 1110
+#define SSL_R_ILLEGAL_PADDING 283
#define SSL_R_INVALID_CHALLENGE_LENGTH 158
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_TRUST 279
-#define SSL_R_KEY_ARG_TOO_LONG 1112
-#define SSL_R_KRB5 1104
-#define SSL_R_KRB5_C_CC_PRINC 1094
-#define SSL_R_KRB5_C_GET_CRED 1095
-#define SSL_R_KRB5_C_INIT 1096
-#define SSL_R_KRB5_C_MK_REQ 1097
-#define SSL_R_KRB5_S_BAD_TICKET 1098
-#define SSL_R_KRB5_S_INIT 1099
-#define SSL_R_KRB5_S_RD_REQ 1108
-#define SSL_R_KRB5_S_TKT_EXPIRED 1105
-#define SSL_R_KRB5_S_TKT_NYV 1106
-#define SSL_R_KRB5_S_TKT_SKEW 1107
+#define SSL_R_KEY_ARG_TOO_LONG 284
+#define SSL_R_KRB5 285
+#define SSL_R_KRB5_C_CC_PRINC 286
+#define SSL_R_KRB5_C_GET_CRED 287
+#define SSL_R_KRB5_C_INIT 288
+#define SSL_R_KRB5_C_MK_REQ 289
+#define SSL_R_KRB5_S_BAD_TICKET 290
+#define SSL_R_KRB5_S_INIT 291
+#define SSL_R_KRB5_S_RD_REQ 292
+#define SSL_R_KRB5_S_TKT_EXPIRED 293
+#define SSL_R_KRB5_S_TKT_NYV 294
+#define SSL_R_KRB5_S_TKT_SKEW 295
#define SSL_R_LENGTH_MISMATCH 159
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_BUG 274
#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
-#define SSL_R_MASTER_KEY_TOO_LONG 1112
-#define SSL_R_MESSAGE_TOO_LONG 1111
+#define SSL_R_MESSAGE_TOO_LONG 296
#define SSL_R_MISSING_DH_DSA_CERT 162
#define SSL_R_MISSING_DH_KEY 163
#define SSL_R_MISSING_DH_RSA_CERT 164
@@ -1744,7 +1745,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_NULL_SSL_CTX 195
#define SSL_R_NULL_SSL_METHOD_PASSED 196
#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
-#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 1115
+#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
#define SSL_R_PACKET_LENGTH_TOO_LONG 198
#define SSL_R_PATH_TOO_LONG 270
#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
@@ -1763,7 +1764,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_READ_WRONG_PACKET_TYPE 212
#define SSL_R_RECORD_LENGTH_MISMATCH 213
#define SSL_R_RECORD_TOO_LARGE 214
-#define SSL_R_RECORD_TOO_SMALL 1093
+#define SSL_R_RECORD_TOO_SMALL 298
#define SSL_R_REQUIRED_CIPHER_MISSING 215
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
@@ -1772,8 +1773,8 @@ void ERR_load_SSL_strings(void);
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
-#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114
-#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
+#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
@@ -1784,20 +1785,15 @@ void ERR_load_SSL_strings(void);
#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 223
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 224
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 225
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
-#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 227
#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
#define SSL_R_SSL_HANDSHAKE_FAILURE 229
#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
-#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 1102
-#define SSL_R_SSL_SESSION_ID_CONFLICT 1103
+#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
+#define SSL_R_SSL_SESSION_ID_CONFLICT 302
#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
-#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 1101
+#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
@@ -1838,7 +1834,6 @@ void ERR_load_SSL_strings(void);
#define SSL_R_UNKNOWN_STATE 255
#define SSL_R_UNSUPPORTED_CIPHER 256
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
-#define SSL_R_UNSUPPORTED_OPTION 1091
#define SSL_R_UNSUPPORTED_PROTOCOL 258
#define SSL_R_UNSUPPORTED_SSL_VERSION 259
#define SSL_R_WRITE_BIO_NOT_SET 260
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c
index 4d5900ad2f..fc5fcce108 100644
--- a/src/lib/libssl/src/ssl/ssl_asn1.c
+++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -344,7 +344,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp,
OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
}
else
- ret->time=time(NULL);
+ ret->time=(unsigned long)time(NULL);
ai.length=0;
M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c
index b8b9bc2390..b779e6bb4d 100644
--- a/src/lib/libssl/src/ssl/ssl_cert.c
+++ b/src/lib/libssl/src/ssl/ssl_cert.c
@@ -616,14 +616,13 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
BIO *in;
X509 *x=NULL;
X509_NAME *xn=NULL;
- STACK_OF(X509_NAME) *ret,*sk;
+ STACK_OF(X509_NAME) *ret = NULL,*sk;
- ret=sk_X509_NAME_new_null();
sk=sk_X509_NAME_new(xname_cmp);
in=BIO_new(BIO_s_file_internal());
- if ((ret == NULL) || (sk == NULL) || (in == NULL))
+ if ((sk == NULL) || (in == NULL))
{
SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
goto err;
@@ -636,6 +635,15 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
{
if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
break;
+ if (ret == NULL)
+ {
+ ret = sk_X509_NAME_new_null();
+ if (ret == NULL)
+ {
+ SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
if ((xn=X509_get_subject_name(x)) == NULL) goto err;
/* check for duplicates */
xn=X509_NAME_dup(xn);
@@ -658,6 +666,8 @@ err:
if (sk != NULL) sk_X509_NAME_free(sk);
if (in != NULL) BIO_free(in);
if (x != NULL) X509_free(x);
+ if (ret != NULL)
+ ERR_clear_error();
return(ret);
}
#endif
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index b68ed81e52..3df5e2fa80 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -700,9 +700,18 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
if (!found)
break; /* ignore this entry */
- algorithms |= ca_list[j]->algorithms;
+ /* New algorithms:
+ * 1 - any old restrictions apply outside new mask
+ * 2 - any new restrictions apply outside old mask
+ * 3 - enforce old & new where masks intersect
+ */
+ algorithms = (algorithms & ~ca_list[j]->mask) | /* 1 */
+ (ca_list[j]->algorithms & ~mask) | /* 2 */
+ (algorithms & ca_list[j]->algorithms); /* 3 */
mask |= ca_list[j]->mask;
- algo_strength |= ca_list[j]->algo_strength;
+ algo_strength = (algo_strength & ~ca_list[j]->mask_strength) |
+ (ca_list[j]->algo_strength & ~mask_strength) |
+ (algo_strength & ca_list[j]->algo_strength);
mask_strength |= ca_list[j]->mask_strength;
if (!multi) break;
@@ -756,7 +765,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
{
int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
unsigned long disabled_mask;
- STACK_OF(SSL_CIPHER) *cipherstack;
+ STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
const char *rule_p;
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
SSL_CIPHER **ca_list = NULL;
@@ -764,7 +773,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
/*
* Return with error if nothing to do.
*/
- if (rule_str == NULL) return(NULL);
+ if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
+ return NULL;
if (init_ciphers)
{
@@ -875,46 +885,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
}
OPENSSL_free(co_list); /* Not needed any longer */
- /*
- * The following passage is a little bit odd. If pointer variables
- * were supplied to hold STACK_OF(SSL_CIPHER) return information,
- * the old memory pointed to is free()ed. Then, however, the
- * cipher_list entry will be assigned just a copy of the returned
- * cipher stack. For cipher_list_by_id a copy of the cipher stack
- * will be created. See next comment...
- */
- if (cipher_list != NULL)
- {
- if (*cipher_list != NULL)
- sk_SSL_CIPHER_free(*cipher_list);
- *cipher_list = cipherstack;
- }
-
- if (cipher_list_by_id != NULL)
- {
- if (*cipher_list_by_id != NULL)
- sk_SSL_CIPHER_free(*cipher_list_by_id);
- *cipher_list_by_id = sk_SSL_CIPHER_dup(cipherstack);
- }
-
- /*
- * Now it is getting really strange. If something failed during
- * the previous pointer assignment or if one of the pointers was
- * not requested, the error condition is met. That might be
- * discussable. The strange thing is however that in this case
- * the memory "ret" pointed to is "free()ed" and hence the pointer
- * cipher_list becomes wild. The memory reserved for
- * cipher_list_by_id however is not "free()ed" and stays intact.
- */
- if ( (cipher_list_by_id == NULL) ||
- (*cipher_list_by_id == NULL) ||
- (cipher_list == NULL) ||
- (*cipher_list == NULL))
+ tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
+ if (tmp_cipher_list == NULL)
{
sk_SSL_CIPHER_free(cipherstack);
- return(NULL);
+ return NULL;
}
-
+ if (*cipher_list != NULL)
+ sk_SSL_CIPHER_free(*cipher_list);
+ *cipher_list = cipherstack;
+ if (*cipher_list_by_id != NULL)
+ sk_SSL_CIPHER_free(*cipher_list_by_id);
+ *cipher_list_by_id = tmp_cipher_list;
sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
return(cipherstack);
diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c
index 29b8ff4788..4bcf591298 100644
--- a/src/lib/libssl/src/ssl/ssl_err.c
+++ b/src/lib/libssl/src/ssl/ssl_err.c
@@ -64,384 +64,383 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
+
static ERR_STRING_DATA SSL_str_functs[]=
{
-{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"},
-{ERR_PACK(0,SSL_F_CLIENT_FINISHED,0), "CLIENT_FINISHED"},
-{ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"},
-{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"},
-{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"},
-{ERR_PACK(0,SSL_F_DO_SSL3_WRITE,0), "DO_SSL3_WRITE"},
-{ERR_PACK(0,SSL_F_GET_CLIENT_FINISHED,0), "GET_CLIENT_FINISHED"},
-{ERR_PACK(0,SSL_F_GET_CLIENT_HELLO,0), "GET_CLIENT_HELLO"},
-{ERR_PACK(0,SSL_F_GET_CLIENT_MASTER_KEY,0), "GET_CLIENT_MASTER_KEY"},
-{ERR_PACK(0,SSL_F_GET_SERVER_FINISHED,0), "GET_SERVER_FINISHED"},
-{ERR_PACK(0,SSL_F_GET_SERVER_HELLO,0), "GET_SERVER_HELLO"},
-{ERR_PACK(0,SSL_F_GET_SERVER_VERIFY,0), "GET_SERVER_VERIFY"},
-{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"},
-{ERR_PACK(0,SSL_F_READ_N,0), "READ_N"},
-{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"},
-{ERR_PACK(0,SSL_F_SERVER_FINISH,0), "SERVER_FINISH"},
-{ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"},
-{ERR_PACK(0,SSL_F_SERVER_VERIFY,0), "SERVER_VERIFY"},
-{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"},
-{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"},
-{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"},
-{ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0), "SSL23_GET_CLIENT_HELLO"},
-{ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0), "SSL23_GET_SERVER_HELLO"},
-{ERR_PACK(0,SSL_F_SSL23_PEEK,0), "SSL23_PEEK"},
-{ERR_PACK(0,SSL_F_SSL23_READ,0), "SSL23_READ"},
-{ERR_PACK(0,SSL_F_SSL23_WRITE,0), "SSL23_WRITE"},
-{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"},
-{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"},
-{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"},
-{ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0), "SSL2_GENERATE_KEY_MATERIAL"},
-{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"},
-{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
-{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"},
-{ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0), "SSL2_SET_CERTIFICATE"},
-{ERR_PACK(0,SSL_F_SSL2_WRITE,0), "SSL2_WRITE"},
-{ERR_PACK(0,SSL_F_SSL3_ACCEPT,0), "SSL3_ACCEPT"},
-{ERR_PACK(0,SSL_F_SSL3_CALLBACK_CTRL,0), "SSL3_CALLBACK_CTRL"},
-{ERR_PACK(0,SSL_F_SSL3_CHANGE_CIPHER_STATE,0), "SSL3_CHANGE_CIPHER_STATE"},
-{ERR_PACK(0,SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,0), "SSL3_CHECK_CERT_AND_ALGORITHM"},
-{ERR_PACK(0,SSL_F_SSL3_CLIENT_HELLO,0), "SSL3_CLIENT_HELLO"},
-{ERR_PACK(0,SSL_F_SSL3_CONNECT,0), "SSL3_CONNECT"},
-{ERR_PACK(0,SSL_F_SSL3_CTRL,0), "SSL3_CTRL"},
-{ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0), "SSL3_CTX_CTRL"},
-{ERR_PACK(0,SSL_F_SSL3_ENC,0), "SSL3_ENC"},
-{ERR_PACK(0,SSL_F_SSL3_GENERATE_KEY_BLOCK,0), "SSL3_GENERATE_KEY_BLOCK"},
-{ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0), "SSL3_GET_CERTIFICATE_REQUEST"},
-{ERR_PACK(0,SSL_F_SSL3_GET_CERT_VERIFY,0), "SSL3_GET_CERT_VERIFY"},
-{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_CERTIFICATE,0), "SSL3_GET_CLIENT_CERTIFICATE"},
-{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_HELLO,0), "SSL3_GET_CLIENT_HELLO"},
-{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,0), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
-{ERR_PACK(0,SSL_F_SSL3_GET_FINISHED,0), "SSL3_GET_FINISHED"},
-{ERR_PACK(0,SSL_F_SSL3_GET_KEY_EXCHANGE,0), "SSL3_GET_KEY_EXCHANGE"},
-{ERR_PACK(0,SSL_F_SSL3_GET_MESSAGE,0), "SSL3_GET_MESSAGE"},
-{ERR_PACK(0,SSL_F_SSL3_GET_RECORD,0), "SSL3_GET_RECORD"},
-{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_CERTIFICATE,0), "SSL3_GET_SERVER_CERTIFICATE"},
-{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0), "SSL3_GET_SERVER_DONE"},
-{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0), "SSL3_GET_SERVER_HELLO"},
-{ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0), "SSL3_OUTPUT_CERT_CHAIN"},
-{ERR_PACK(0,SSL_F_SSL3_PEEK,0), "SSL3_PEEK"},
-{ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0), "SSL3_READ_BYTES"},
-{ERR_PACK(0,SSL_F_SSL3_READ_N,0), "SSL3_READ_N"},
-{ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0), "SSL3_SEND_CERTIFICATE_REQUEST"},
-{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,0), "SSL3_SEND_CLIENT_CERTIFICATE"},
-{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
-{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"},
-{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"},
-{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0), "SSL3_SEND_SERVER_HELLO"},
-{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
-{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"},
-{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"},
-{ERR_PACK(0,SSL_F_SSL3_WRITE_BYTES,0), "SSL3_WRITE_BYTES"},
-{ERR_PACK(0,SSL_F_SSL3_WRITE_PENDING,0), "SSL3_WRITE_PENDING"},
-{ERR_PACK(0,SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,0), "SSL_add_dir_cert_subjects_to_stack"},
-{ERR_PACK(0,SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,0), "SSL_add_file_cert_subjects_to_stack"},
-{ERR_PACK(0,SSL_F_SSL_BAD_METHOD,0), "SSL_BAD_METHOD"},
-{ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0), "SSL_BYTES_TO_CIPHER_LIST"},
-{ERR_PACK(0,SSL_F_SSL_CERT_DUP,0), "SSL_CERT_DUP"},
-{ERR_PACK(0,SSL_F_SSL_CERT_INST,0), "SSL_CERT_INST"},
-{ERR_PACK(0,SSL_F_SSL_CERT_INSTANTIATE,0), "SSL_CERT_INSTANTIATE"},
-{ERR_PACK(0,SSL_F_SSL_CERT_NEW,0), "SSL_CERT_NEW"},
-{ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0), "SSL_check_private_key"},
-{ERR_PACK(0,SSL_F_SSL_CIPHER_PROCESS_RULESTR,0), "SSL_CIPHER_PROCESS_RULESTR"},
-{ERR_PACK(0,SSL_F_SSL_CIPHER_STRENGTH_SORT,0), "SSL_CIPHER_STRENGTH_SORT"},
-{ERR_PACK(0,SSL_F_SSL_CLEAR,0), "SSL_clear"},
-{ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0), "SSL_COMP_add_compression_method"},
-{ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0), "SSL_CREATE_CIPHER_LIST"},
-{ERR_PACK(0,SSL_F_SSL_CTRL,0), "SSL_ctrl"},
-{ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0), "SSL_CTX_check_private_key"},
-{ERR_PACK(0,SSL_F_SSL_CTX_NEW,0), "SSL_CTX_new"},
-{ERR_PACK(0,SSL_F_SSL_CTX_SET_PURPOSE,0), "SSL_CTX_set_purpose"},
-{ERR_PACK(0,SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,0), "SSL_CTX_set_session_id_context"},
-{ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0), "SSL_CTX_set_ssl_version"},
-{ERR_PACK(0,SSL_F_SSL_CTX_SET_TRUST,0), "SSL_CTX_set_trust"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE,0), "SSL_CTX_use_certificate"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,0), "SSL_CTX_use_certificate_ASN1"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,0), "SSL_CTX_use_certificate_chain_file"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,0), "SSL_CTX_use_certificate_file"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY,0), "SSL_CTX_use_PrivateKey"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,0), "SSL_CTX_use_PrivateKey_ASN1"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,0), "SSL_CTX_use_PrivateKey_file"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,0), "SSL_CTX_use_RSAPrivateKey"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,0), "SSL_CTX_use_RSAPrivateKey_ASN1"},
-{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,0), "SSL_CTX_use_RSAPrivateKey_file"},
-{ERR_PACK(0,SSL_F_SSL_DO_HANDSHAKE,0), "SSL_do_handshake"},
-{ERR_PACK(0,SSL_F_SSL_GET_NEW_SESSION,0), "SSL_GET_NEW_SESSION"},
-{ERR_PACK(0,SSL_F_SSL_GET_PREV_SESSION,0), "SSL_GET_PREV_SESSION"},
-{ERR_PACK(0,SSL_F_SSL_GET_SERVER_SEND_CERT,0), "SSL_GET_SERVER_SEND_CERT"},
-{ERR_PACK(0,SSL_F_SSL_GET_SIGN_PKEY,0), "SSL_GET_SIGN_PKEY"},
-{ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0), "SSL_INIT_WBIO_BUFFER"},
-{ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0), "SSL_load_client_CA_file"},
-{ERR_PACK(0,SSL_F_SSL_NEW,0), "SSL_new"},
-{ERR_PACK(0,SSL_F_SSL_READ,0), "SSL_read"},
-{ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0), "SSL_RSA_PRIVATE_DECRYPT"},
-{ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0), "SSL_RSA_PUBLIC_ENCRYPT"},
-{ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0), "SSL_SESSION_new"},
-{ERR_PACK(0,SSL_F_SSL_SESSION_PRINT_FP,0), "SSL_SESSION_print_fp"},
-{ERR_PACK(0,SSL_F_SSL_SESS_CERT_NEW,0), "SSL_SESS_CERT_NEW"},
-{ERR_PACK(0,SSL_F_SSL_SET_CERT,0), "SSL_SET_CERT"},
-{ERR_PACK(0,SSL_F_SSL_SET_FD,0), "SSL_set_fd"},
-{ERR_PACK(0,SSL_F_SSL_SET_PKEY,0), "SSL_SET_PKEY"},
-{ERR_PACK(0,SSL_F_SSL_SET_PURPOSE,0), "SSL_set_purpose"},
-{ERR_PACK(0,SSL_F_SSL_SET_RFD,0), "SSL_set_rfd"},
-{ERR_PACK(0,SSL_F_SSL_SET_SESSION,0), "SSL_set_session"},
-{ERR_PACK(0,SSL_F_SSL_SET_SESSION_ID_CONTEXT,0), "SSL_set_session_id_context"},
-{ERR_PACK(0,SSL_F_SSL_SET_TRUST,0), "SSL_set_trust"},
-{ERR_PACK(0,SSL_F_SSL_SET_WFD,0), "SSL_set_wfd"},
-{ERR_PACK(0,SSL_F_SSL_SHUTDOWN,0), "SSL_shutdown"},
-{ERR_PACK(0,SSL_F_SSL_UNDEFINED_CONST_FUNCTION,0), "SSL_UNDEFINED_CONST_FUNCTION"},
-{ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0), "SSL_UNDEFINED_FUNCTION"},
-{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0), "SSL_use_certificate"},
-{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0), "SSL_use_certificate_ASN1"},
-{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_FILE,0), "SSL_use_certificate_file"},
-{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY,0), "SSL_use_PrivateKey"},
-{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_ASN1,0), "SSL_use_PrivateKey_ASN1"},
-{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_FILE,0), "SSL_use_PrivateKey_file"},
-{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY,0), "SSL_use_RSAPrivateKey"},
-{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,0), "SSL_use_RSAPrivateKey_ASN1"},
-{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,0), "SSL_use_RSAPrivateKey_file"},
-{ERR_PACK(0,SSL_F_SSL_VERIFY_CERT_CHAIN,0), "SSL_VERIFY_CERT_CHAIN"},
-{ERR_PACK(0,SSL_F_SSL_WRITE,0), "SSL_write"},
-{ERR_PACK(0,SSL_F_TLS1_CHANGE_CIPHER_STATE,0), "TLS1_CHANGE_CIPHER_STATE"},
-{ERR_PACK(0,SSL_F_TLS1_ENC,0), "TLS1_ENC"},
-{ERR_PACK(0,SSL_F_TLS1_SETUP_KEY_BLOCK,0), "TLS1_SETUP_KEY_BLOCK"},
-{ERR_PACK(0,SSL_F_WRITE_PENDING,0), "WRITE_PENDING"},
+{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
+{ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
+{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
+{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
+{ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
+{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
+{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"},
+{ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"},
+{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
+{ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"},
+{ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"},
+{ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"},
+{ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"},
+{ERR_FUNC(SSL_F_READ_N), "READ_N"},
+{ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"},
+{ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"},
+{ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"},
+{ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"},
+{ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"},
+{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
+{ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"},
+{ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"},
+{ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"},
+{ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"},
+{ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"},
+{ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"},
+{ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"},
+{ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"},
+{ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"},
+{ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"},
+{ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"},
+{ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"},
+{ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"},
+{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"},
+{ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"},
+{ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"},
+{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
+{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
+{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
+{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
+{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
+{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
+{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
+{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
+{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
+{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
+{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
+{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"},
+{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
+{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
+{ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"},
+{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
+{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
+{ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
+{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},
+{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
+{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
+{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"},
+{ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"},
+{ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
+{ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},
+{ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"},
+{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"},
+{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
+{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},
+{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"},
+{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"},
+{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
+{ERR_FUNC(SSL_F_SSL3_SETUP_BUFFERS), "SSL3_SETUP_BUFFERS"},
+{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"},
+{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"},
+{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"},
+{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"},
+{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"},
+{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"},
+{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"},
+{ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"},
+{ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"},
+{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
+{ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
+{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
+{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"},
+{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
+{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
+{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"},
+{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"},
+{ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
+{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
+{ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
+{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
+{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
+{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"},
+{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
+{ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"},
+{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
+{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"},
+{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"},
+{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"},
+{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
+{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"},
+{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"},
+{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
+{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"},
+{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"},
+{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
+{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
+{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
+{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
+{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
+{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
+{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
+{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
+{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
+{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
+{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
+{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
+{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
+{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
+{ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
+{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
+{ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
+{ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"},
+{ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
+{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
+{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
+{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
+{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
+{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
+{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
+{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"},
+{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"},
+{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
+{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
+{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
+{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
+{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
+{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
+{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
+{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"},
+{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"},
+{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
+{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
+{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"},
+{ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
+{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
+{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
{0,NULL}
};
static ERR_STRING_DATA SSL_str_reasons[]=
{
-{SSL_R_APP_DATA_IN_HANDSHAKE ,"app data in handshake"},
-{SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT,"attempt to reuse session in different context"},
-{SSL_R_BAD_ALERT_RECORD ,"bad alert record"},
-{SSL_R_BAD_AUTHENTICATION_TYPE ,"bad authentication type"},
-{SSL_R_BAD_CHANGE_CIPHER_SPEC ,"bad change cipher spec"},
-{SSL_R_BAD_CHECKSUM ,"bad checksum"},
-{SSL_R_BAD_DATA_RETURNED_BY_CALLBACK ,"bad data returned by callback"},
-{SSL_R_BAD_DECOMPRESSION ,"bad decompression"},
-{SSL_R_BAD_DH_G_LENGTH ,"bad dh g length"},
-{SSL_R_BAD_DH_PUB_KEY_LENGTH ,"bad dh pub key length"},
-{SSL_R_BAD_DH_P_LENGTH ,"bad dh p length"},
-{SSL_R_BAD_DIGEST_LENGTH ,"bad digest length"},
-{SSL_R_BAD_DSA_SIGNATURE ,"bad dsa signature"},
-{SSL_R_BAD_HELLO_REQUEST ,"bad hello request"},
-{SSL_R_BAD_LENGTH ,"bad length"},
-{SSL_R_BAD_MAC_DECODE ,"bad mac decode"},
-{SSL_R_BAD_MESSAGE_TYPE ,"bad message type"},
-{SSL_R_BAD_PACKET_LENGTH ,"bad packet length"},
-{SSL_R_BAD_PROTOCOL_VERSION_NUMBER ,"bad protocol version number"},
-{SSL_R_BAD_RESPONSE_ARGUMENT ,"bad response argument"},
-{SSL_R_BAD_RSA_DECRYPT ,"bad rsa decrypt"},
-{SSL_R_BAD_RSA_ENCRYPT ,"bad rsa encrypt"},
-{SSL_R_BAD_RSA_E_LENGTH ,"bad rsa e length"},
-{SSL_R_BAD_RSA_MODULUS_LENGTH ,"bad rsa modulus length"},
-{SSL_R_BAD_RSA_SIGNATURE ,"bad rsa signature"},
-{SSL_R_BAD_SIGNATURE ,"bad signature"},
-{SSL_R_BAD_SSL_FILETYPE ,"bad ssl filetype"},
-{SSL_R_BAD_SSL_SESSION_ID_LENGTH ,"bad ssl session id length"},
-{SSL_R_BAD_STATE ,"bad state"},
-{SSL_R_BAD_WRITE_RETRY ,"bad write retry"},
-{SSL_R_BIO_NOT_SET ,"bio not set"},
-{SSL_R_BLOCK_CIPHER_PAD_IS_WRONG ,"block cipher pad is wrong"},
-{SSL_R_BN_LIB ,"bn lib"},
-{SSL_R_CA_DN_LENGTH_MISMATCH ,"ca dn length mismatch"},
-{SSL_R_CA_DN_TOO_LONG ,"ca dn too long"},
-{SSL_R_CCS_RECEIVED_EARLY ,"ccs received early"},
-{SSL_R_CERTIFICATE_VERIFY_FAILED ,"certificate verify failed"},
-{SSL_R_CERT_LENGTH_MISMATCH ,"cert length mismatch"},
-{SSL_R_CHALLENGE_IS_DIFFERENT ,"challenge is different"},
-{SSL_R_CIPHER_CODE_WRONG_LENGTH ,"cipher code wrong length"},
-{SSL_R_CIPHER_OR_HASH_UNAVAILABLE ,"cipher or hash unavailable"},
-{SSL_R_CIPHER_TABLE_SRC_ERROR ,"cipher table src error"},
-{SSL_R_COMPRESSED_LENGTH_TOO_LONG ,"compressed length too long"},
-{SSL_R_COMPRESSION_FAILURE ,"compression failure"},
-{SSL_R_COMPRESSION_LIBRARY_ERROR ,"compression library error"},
-{SSL_R_CONNECTION_ID_IS_DIFFERENT ,"connection id is different"},
-{SSL_R_CONNECTION_TYPE_NOT_SET ,"connection type not set"},
-{SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ,"data between ccs and finished"},
-{SSL_R_DATA_LENGTH_TOO_LONG ,"data length too long"},
-{SSL_R_DECRYPTION_FAILED ,"decryption failed"},
-{SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"},
-{SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"},
-{SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"},
-{SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"},
-{SSL_R_ERROR_GENERATING_TMP_RSA_KEY ,"error generating tmp rsa key"},
-{SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST ,"error in received cipher list"},
-{SSL_R_EXCESSIVE_MESSAGE_SIZE ,"excessive message size"},
-{SSL_R_EXTRA_DATA_IN_MESSAGE ,"extra data in message"},
-{SSL_R_GOT_A_FIN_BEFORE_A_CCS ,"got a fin before a ccs"},
-{SSL_R_HTTPS_PROXY_REQUEST ,"https proxy request"},
-{SSL_R_HTTP_REQUEST ,"http request"},
-{SSL_R_ILLEGAL_PADDING ,"illegal padding"},
-{SSL_R_INVALID_CHALLENGE_LENGTH ,"invalid challenge length"},
-{SSL_R_INVALID_COMMAND ,"invalid command"},
-{SSL_R_INVALID_PURPOSE ,"invalid purpose"},
-{SSL_R_INVALID_TRUST ,"invalid trust"},
-{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
-{SSL_R_KRB5 ,"krb5"},
-{SSL_R_KRB5_C_CC_PRINC ,"krb5 client cc principal (no tkt?)"},
-{SSL_R_KRB5_C_GET_CRED ,"krb5 client get cred"},
-{SSL_R_KRB5_C_INIT ,"krb5 client init"},
-{SSL_R_KRB5_C_MK_REQ ,"krb5 client mk_req (expired tkt?)"},
-{SSL_R_KRB5_S_BAD_TICKET ,"krb5 server bad ticket"},
-{SSL_R_KRB5_S_INIT ,"krb5 server init"},
-{SSL_R_KRB5_S_RD_REQ ,"krb5 server rd_req (keytab perms?)"},
-{SSL_R_KRB5_S_TKT_EXPIRED ,"krb5 server tkt expired"},
-{SSL_R_KRB5_S_TKT_NYV ,"krb5 server tkt not yet valid"},
-{SSL_R_KRB5_S_TKT_SKEW ,"krb5 server tkt skew"},
-{SSL_R_LENGTH_MISMATCH ,"length mismatch"},
-{SSL_R_LENGTH_TOO_SHORT ,"length too short"},
-{SSL_R_LIBRARY_BUG ,"library bug"},
-{SSL_R_LIBRARY_HAS_NO_CIPHERS ,"library has no ciphers"},
-{SSL_R_MASTER_KEY_TOO_LONG ,"master key too long"},
-{SSL_R_MESSAGE_TOO_LONG ,"message too long"},
-{SSL_R_MISSING_DH_DSA_CERT ,"missing dh dsa cert"},
-{SSL_R_MISSING_DH_KEY ,"missing dh key"},
-{SSL_R_MISSING_DH_RSA_CERT ,"missing dh rsa cert"},
-{SSL_R_MISSING_DSA_SIGNING_CERT ,"missing dsa signing cert"},
-{SSL_R_MISSING_EXPORT_TMP_DH_KEY ,"missing export tmp dh key"},
-{SSL_R_MISSING_EXPORT_TMP_RSA_KEY ,"missing export tmp rsa key"},
-{SSL_R_MISSING_RSA_CERTIFICATE ,"missing rsa certificate"},
-{SSL_R_MISSING_RSA_ENCRYPTING_CERT ,"missing rsa encrypting cert"},
-{SSL_R_MISSING_RSA_SIGNING_CERT ,"missing rsa signing cert"},
-{SSL_R_MISSING_TMP_DH_KEY ,"missing tmp dh key"},
-{SSL_R_MISSING_TMP_RSA_KEY ,"missing tmp rsa key"},
-{SSL_R_MISSING_TMP_RSA_PKEY ,"missing tmp rsa pkey"},
-{SSL_R_MISSING_VERIFY_MESSAGE ,"missing verify message"},
-{SSL_R_NON_SSLV2_INITIAL_PACKET ,"non sslv2 initial packet"},
-{SSL_R_NO_CERTIFICATES_RETURNED ,"no certificates returned"},
-{SSL_R_NO_CERTIFICATE_ASSIGNED ,"no certificate assigned"},
-{SSL_R_NO_CERTIFICATE_RETURNED ,"no certificate returned"},
-{SSL_R_NO_CERTIFICATE_SET ,"no certificate set"},
-{SSL_R_NO_CERTIFICATE_SPECIFIED ,"no certificate specified"},
-{SSL_R_NO_CIPHERS_AVAILABLE ,"no ciphers available"},
-{SSL_R_NO_CIPHERS_PASSED ,"no ciphers passed"},
-{SSL_R_NO_CIPHERS_SPECIFIED ,"no ciphers specified"},
-{SSL_R_NO_CIPHER_LIST ,"no cipher list"},
-{SSL_R_NO_CIPHER_MATCH ,"no cipher match"},
-{SSL_R_NO_CLIENT_CERT_RECEIVED ,"no client cert received"},
-{SSL_R_NO_COMPRESSION_SPECIFIED ,"no compression specified"},
-{SSL_R_NO_METHOD_SPECIFIED ,"no method specified"},
-{SSL_R_NO_PRIVATEKEY ,"no privatekey"},
-{SSL_R_NO_PRIVATE_KEY_ASSIGNED ,"no private key assigned"},
-{SSL_R_NO_PROTOCOLS_AVAILABLE ,"no protocols available"},
-{SSL_R_NO_PUBLICKEY ,"no publickey"},
-{SSL_R_NO_SHARED_CIPHER ,"no shared cipher"},
-{SSL_R_NO_VERIFY_CALLBACK ,"no verify callback"},
-{SSL_R_NULL_SSL_CTX ,"null ssl ctx"},
-{SSL_R_NULL_SSL_METHOD_PASSED ,"null ssl method passed"},
-{SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED ,"old session cipher not returned"},
-{SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE ,"only tls allowed in fips mode"},
-{SSL_R_PACKET_LENGTH_TOO_LONG ,"packet length too long"},
-{SSL_R_PATH_TOO_LONG ,"path too long"},
-{SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"},
-{SSL_R_PEER_ERROR ,"peer error"},
-{SSL_R_PEER_ERROR_CERTIFICATE ,"peer error certificate"},
-{SSL_R_PEER_ERROR_NO_CERTIFICATE ,"peer error no certificate"},
-{SSL_R_PEER_ERROR_NO_CIPHER ,"peer error no cipher"},
-{SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"peer error unsupported certificate type"},
-{SSL_R_PRE_MAC_LENGTH_TOO_LONG ,"pre mac length too long"},
-{SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS ,"problems mapping cipher functions"},
-{SSL_R_PROTOCOL_IS_SHUTDOWN ,"protocol is shutdown"},
-{SSL_R_PUBLIC_KEY_ENCRYPT_ERROR ,"public key encrypt error"},
-{SSL_R_PUBLIC_KEY_IS_NOT_RSA ,"public key is not rsa"},
-{SSL_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"},
-{SSL_R_READ_BIO_NOT_SET ,"read bio not set"},
-{SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"},
-{SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"},
-{SSL_R_RECORD_TOO_LARGE ,"record too large"},
-{SSL_R_RECORD_TOO_SMALL ,"record too small"},
-{SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"},
-{SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"},
-{SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"},
-{SSL_R_REUSE_CIPHER_LIST_NOT_ZERO ,"reuse cipher list not zero"},
-{SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED ,"session id context uninitialized"},
-{SSL_R_SHORT_READ ,"short read"},
-{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
-{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
-{SSL_R_SSL2_CONNECTION_ID_TOO_LONG ,"ssl2 connection id too long"},
-{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
-{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
-{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
-{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
-{SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED ,"sslv3 alert certificate expired"},
-{SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED ,"sslv3 alert certificate revoked"},
-{SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN ,"sslv3 alert certificate unknown"},
-{SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE ,"sslv3 alert decompression failure"},
-{SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE ,"sslv3 alert handshake failure"},
-{SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER ,"sslv3 alert illegal parameter"},
-{SSL_R_SSLV3_ALERT_NO_CERTIFICATE ,"sslv3 alert no certificate"},
-{SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE,"sslv3 alert peer error certificate"},
-{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE,"sslv3 alert peer error no certificate"},
-{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER ,"sslv3 alert peer error no cipher"},
-{SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"sslv3 alert peer error unsupported certificate type"},
-{SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE ,"sslv3 alert unexpected message"},
-{SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE,"sslv3 alert unknown remote error type"},
-{SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE,"sslv3 alert unsupported certificate"},
-{SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION,"ssl ctx has no default ssl version"},
-{SSL_R_SSL_HANDSHAKE_FAILURE ,"ssl handshake failure"},
-{SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS ,"ssl library has no ciphers"},
-{SSL_R_SSL_SESSION_ID_CALLBACK_FAILED ,"ssl session id callback failed"},
-{SSL_R_SSL_SESSION_ID_CONFLICT ,"ssl session id conflict"},
-{SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG ,"ssl session id context too long"},
-{SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH ,"ssl session id has bad length"},
-{SSL_R_SSL_SESSION_ID_IS_DIFFERENT ,"ssl session id is different"},
-{SSL_R_TLSV1_ALERT_ACCESS_DENIED ,"tlsv1 alert access denied"},
-{SSL_R_TLSV1_ALERT_DECODE_ERROR ,"tlsv1 alert decode error"},
-{SSL_R_TLSV1_ALERT_DECRYPTION_FAILED ,"tlsv1 alert decryption failed"},
-{SSL_R_TLSV1_ALERT_DECRYPT_ERROR ,"tlsv1 alert decrypt error"},
-{SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION ,"tlsv1 alert export restriction"},
-{SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY ,"tlsv1 alert insufficient security"},
-{SSL_R_TLSV1_ALERT_INTERNAL_ERROR ,"tlsv1 alert internal error"},
-{SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ,"tlsv1 alert no renegotiation"},
-{SSL_R_TLSV1_ALERT_PROTOCOL_VERSION ,"tlsv1 alert protocol version"},
-{SSL_R_TLSV1_ALERT_RECORD_OVERFLOW ,"tlsv1 alert record overflow"},
-{SSL_R_TLSV1_ALERT_UNKNOWN_CA ,"tlsv1 alert unknown ca"},
-{SSL_R_TLSV1_ALERT_USER_CANCELLED ,"tlsv1 alert user cancelled"},
-{SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER,"tls client cert req with anon cipher"},
-{SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST,"tls peer did not respond with certificate list"},
-{SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG,"tls rsa encrypted value length is wrong"},
-{SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER ,"tried to use unsupported cipher"},
-{SSL_R_UNABLE_TO_DECODE_DH_CERTS ,"unable to decode dh certs"},
-{SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY ,"unable to extract public key"},
-{SSL_R_UNABLE_TO_FIND_DH_PARAMETERS ,"unable to find dh parameters"},
-{SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS,"unable to find public key parameters"},
-{SSL_R_UNABLE_TO_FIND_SSL_METHOD ,"unable to find ssl method"},
-{SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES ,"unable to load ssl2 md5 routines"},
-{SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES ,"unable to load ssl3 md5 routines"},
-{SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ,"unable to load ssl3 sha1 routines"},
-{SSL_R_UNEXPECTED_MESSAGE ,"unexpected message"},
-{SSL_R_UNEXPECTED_RECORD ,"unexpected record"},
-{SSL_R_UNINITIALIZED ,"uninitialized"},
-{SSL_R_UNKNOWN_ALERT_TYPE ,"unknown alert type"},
-{SSL_R_UNKNOWN_CERTIFICATE_TYPE ,"unknown certificate type"},
-{SSL_R_UNKNOWN_CIPHER_RETURNED ,"unknown cipher returned"},
-{SSL_R_UNKNOWN_CIPHER_TYPE ,"unknown cipher type"},
-{SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE ,"unknown key exchange type"},
-{SSL_R_UNKNOWN_PKEY_TYPE ,"unknown pkey type"},
-{SSL_R_UNKNOWN_PROTOCOL ,"unknown protocol"},
-{SSL_R_UNKNOWN_REMOTE_ERROR_TYPE ,"unknown remote error type"},
-{SSL_R_UNKNOWN_SSL_VERSION ,"unknown ssl version"},
-{SSL_R_UNKNOWN_STATE ,"unknown state"},
-{SSL_R_UNSUPPORTED_CIPHER ,"unsupported cipher"},
-{SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ,"unsupported compression algorithm"},
-{SSL_R_UNSUPPORTED_OPTION ,"unsupported option"},
-{SSL_R_UNSUPPORTED_PROTOCOL ,"unsupported protocol"},
-{SSL_R_UNSUPPORTED_SSL_VERSION ,"unsupported ssl version"},
-{SSL_R_WRITE_BIO_NOT_SET ,"write bio not set"},
-{SSL_R_WRONG_CIPHER_RETURNED ,"wrong cipher returned"},
-{SSL_R_WRONG_MESSAGE_TYPE ,"wrong message type"},
-{SSL_R_WRONG_NUMBER_OF_KEY_BITS ,"wrong number of key bits"},
-{SSL_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"},
-{SSL_R_WRONG_SIGNATURE_SIZE ,"wrong signature size"},
-{SSL_R_WRONG_SSL_VERSION ,"wrong ssl version"},
-{SSL_R_WRONG_VERSION_NUMBER ,"wrong version number"},
-{SSL_R_X509_LIB ,"x509 lib"},
-{SSL_R_X509_VERIFICATION_SETUP_PROBLEMS ,"x509 verification setup problems"},
+{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"},
+{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"},
+{ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"},
+{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},
+{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},
+{ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"},
+{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},
+{ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"},
+{ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"},
+{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"},
+{ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"},
+{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"},
+{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"},
+{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"},
+{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"},
+{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"},
+{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"},
+{ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"},
+{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"},
+{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"},
+{ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"},
+{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"},
+{ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"},
+{ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"},
+{ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"},
+{ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"},
+{ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"},
+{ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"},
+{ERR_REASON(SSL_R_BAD_STATE) ,"bad state"},
+{ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"},
+{ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"},
+{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"},
+{ERR_REASON(SSL_R_BN_LIB) ,"bn lib"},
+{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"},
+{ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"},
+{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"},
+{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
+{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"},
+{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
+{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
+{ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},
+{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
+{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
+{ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"},
+{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
+{ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
+{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
+{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
+{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"},
+{ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"},
+{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
+{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
+{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"},
+{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
+{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
+{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},
+{ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
+{ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
+{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
+{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},
+{ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"},
+{ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"},
+{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
+{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},
+{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"},
+{ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"},
+{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"},
+{ERR_REASON(SSL_R_KRB5) ,"krb5"},
+{ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"},
+{ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"},
+{ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"},
+{ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"},
+{ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"},
+{ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"},
+{ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"},
+{ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"},
+{ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"},
+{ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"},
+{ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"},
+{ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"},
+{ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"},
+{ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"},
+{ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"},
+{ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"},
+{ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"},
+{ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"},
+{ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"},
+{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"},
+{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"},
+{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"},
+{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},
+{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},
+{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"},
+{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"},
+{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"},
+{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
+{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
+{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
+{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
+{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"},
+{ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"},
+{ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"},
+{ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"},
+{ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"},
+{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"},
+{ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"},
+{ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"},
+{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},
+{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
+{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"},
+{ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"},
+{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
+{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
+{ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"},
+{ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"},
+{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"},
+{ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"},
+{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
+{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
+{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
+{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
+{ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"},
+{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"},
+{ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"},
+{ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"},
+{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},
+{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"},
+{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},
+{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
+{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
+{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"},
+{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"},
+{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
+{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
+{ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"},
+{ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"},
+{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
+{ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"},
+{ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"},
+{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"},
+{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
+{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
+{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
+{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
+{ERR_REASON(SSL_R_SHORT_READ) ,"short read"},
+{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
+{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
+{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},
+{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"},
+{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"},
+{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"},
+{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"},
+{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"},
+{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"},
+{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"},
+{ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"},
+{ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"},
+{ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"},
+{ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"},
+{ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"},
+{ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"},
+{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"},
+{ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"},
+{ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"},
+{ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"},
+{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"},
+{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"},
+{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"},
+{ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"},
+{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"},
+{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"},
+{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"},
+{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"},
+{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"},
+{ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"},
+{ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"},
+{ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"},
+{ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"},
+{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"},
+{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},
+{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},
+{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
+{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
+{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"},
+{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"},
+{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"},
+{ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"},
+{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"},
+{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"},
+{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"},
+{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"},
+{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"},
+{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"},
+{ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"},
+{ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"},
+{ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"},
+{ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"},
+{ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"},
+{ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"},
+{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"},
+{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"},
+{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"},
+{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"},
+{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},
+{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"},
+{ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"},
+{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
+{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
+{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"},
+{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
+{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"},
+{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"},
+{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"},
+{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"},
+{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
+{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"},
+{ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"},
+{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"},
+{ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"},
+{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},
{0,NULL}
};
@@ -455,8 +454,8 @@ void ERR_load_SSL_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_SSL,SSL_str_functs);
- ERR_load_strings(ERR_LIB_SSL,SSL_str_reasons);
+ ERR_load_strings(0,SSL_str_functs);
+ ERR_load_strings(0,SSL_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 631229558f..2bd9a5af86 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -125,7 +125,7 @@
const char *SSL_version_str=OPENSSL_VERSION_TEXT;
-OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
+SSL3_ENC_METHOD ssl3_undef_enc_method={
/* evil casts, but these functions are only called if there's a library bug */
(int (*)(SSL *,int))ssl_undefined_function,
(int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
@@ -1130,8 +1130,21 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
&ctx->cipher_list_by_id,str);
-/* XXXX */
- return((sk == NULL)?0:1);
+ /* ssl_create_cipher_list may return an empty stack if it
+ * was unable to find a cipher matching the given rule string
+ * (for example if the rule string specifies a cipher which
+ * has been disabled). This is not an error as far as
+ * ssl_create_cipher_list is concerned, and hence
+ * ctx->cipher_list and ctx->cipher_list_by_id has been
+ * updated. */
+ if (sk == NULL)
+ return 0;
+ else if (sk_SSL_CIPHER_num(sk) == 0)
+ {
+ SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+ return 0;
+ }
+ return 1;
}
/** specify the ciphers to be used by the SSL */
@@ -1141,8 +1154,15 @@ int SSL_set_cipher_list(SSL *s,const char *str)
sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
&s->cipher_list_by_id,str);
-/* XXXX */
- return((sk == NULL)?0:1);
+ /* see comment in SSL_CTX_set_cipher_list */
+ if (sk == NULL)
+ return 0;
+ else if (sk_SSL_CIPHER_num(sk) == 0)
+ {
+ SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+ return 0;
+ }
+ return 1;
}
/* works well for SSLv2, not so good for SSLv3 */
@@ -1181,7 +1201,8 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
return(buf);
}
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
+int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
+ int (*put_cb)(const SSL_CIPHER *, unsigned char *))
{
int i,j=0;
SSL_CIPHER *c;
@@ -1200,7 +1221,8 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
if ((c->algorithms & SSL_KRB5) && nokrb5)
continue;
#endif /* OPENSSL_NO_KRB5 */
- j=ssl_put_cipher_by_char(s,c,p);
+
+ j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
p+=j;
}
return(p-q);
@@ -1694,7 +1716,7 @@ void ssl_update_cache(SSL *s,int mode)
?s->ctx->stats.sess_connect_good
:s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
{
- SSL_CTX_flush_sessions(s->ctx,time(NULL));
+ SSL_CTX_flush_sessions(s->ctx,(unsigned long)time(NULL));
}
}
}
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 25a144a0d0..6a0b7595f4 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -462,7 +462,7 @@ typedef struct ssl3_comp_st
COMP_METHOD *method; /* The method :-) */
} SSL3_COMP;
-OPENSSL_EXTERN SSL3_ENC_METHOD ssl3_undef_enc_method;
+extern SSL3_ENC_METHOD ssl3_undef_enc_method;
OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
@@ -493,7 +493,8 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
const SSL_CIPHER * const *bp);
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
STACK_OF(SSL_CIPHER) **skp);
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p);
+int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
+ int (*put_cb)(const SSL_CIPHER *, unsigned char *));
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
STACK_OF(SSL_CIPHER) **pref,
STACK_OF(SSL_CIPHER) **sorted,
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index 5f12aa361c..2ba8b9612e 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -118,7 +118,7 @@ SSL_SESSION *SSL_SESSION_new(void)
ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
ss->references=1;
ss->timeout=60*5+4; /* 5 minute timeout by default */
- ss->time=time(NULL);
+ ss->time=(unsigned long)time(NULL);
ss->prev=NULL;
ss->next=NULL;
ss->compress_meth=0;
@@ -377,7 +377,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
#endif
- if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
+ if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
{
s->ctx->stats.sess_timeout++;
/* remove it from the cache */
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index 02878981f1..9845ef99ed 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -119,11 +119,14 @@
#include <stdlib.h>
#include <string.h>
#include <time.h>
-#include <ctype.h>
#define USE_SOCKETS
#include "e_os.h"
+#define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on
+ VMS (at least with DECompHP C). */
+#include <ctype.h>
+
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
@@ -388,7 +391,6 @@ int main(int argc, char *argv[])
COMP_METHOD *cm = NULL;
#ifdef OPENSSL_FIPS
int fips_mode=0;
- const char *path=argv[0];
#endif
verbose = 0;
@@ -591,7 +593,7 @@ bad:
#ifdef OPENSSL_FIPS
if(fips_mode)
{
- if(!FIPS_mode_set(1,path))
+ if(!FIPS_mode_set(1))
{
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
@@ -1926,8 +1928,8 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
fprintf(stderr, "In app_verify_callback, allowing cert. ");
fprintf(stderr, "Arg is: %s\n", cb_arg->string);
- fprintf(stderr, "Finished printing do we have a context? 0x%x a cert? 0x%x\n",
- (unsigned int)ctx, (unsigned int)ctx->cert);
+ fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
+ (void *)ctx, (void *)ctx->cert);
if (ctx->cert)
s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
if (s != NULL)
@@ -1975,15 +1977,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
}
#ifndef OPENSSL_NO_X509_VERIFY
-# ifdef OPENSSL_FIPS
- if(s->version == TLS1_VERSION)
- FIPS_allow_md5(1);
-# endif
ok = X509_verify_cert(ctx);
-# ifdef OPENSSL_FIPS
- if(s->version == TLS1_VERSION)
- FIPS_allow_md5(0);
-# endif
#endif
if (cb_arg->proxy_auth)
diff --git a/src/lib/libssl/src/test/Makefile b/src/lib/libssl/src/test/Makefile
index 6aeedf7fa3..189d14ed49 100644
--- a/src/lib/libssl/src/test/Makefile
+++ b/src/lib/libssl/src/test/Makefile
@@ -39,7 +39,7 @@ EXPTEST= exptest
IDEATEST= ideatest
SHATEST= shatest
SHA1TEST= sha1test
-FIPS_SHA1TEST= fips_sha1test
+FIPS_SHATEST= fips_shatest
MDC2TEST= mdc2test
RMDTEST= rmdtest
MD2TEST= md2test
@@ -64,32 +64,47 @@ RSATEST= rsa_test
ENGINETEST= enginetest
EVPTEST= evp_test
FIPS_AESTEST= fips_aesavs
+FIPS_HMACTEST= fips_hmactest
+FIPS_RSAVTEST= fips_rsavtest
+FIPS_RSASTEST= fips_rsastest
+FIPS_RSAGTEST= fips_rsagtest
+FIPS_DSSVS= fips_dssvs
+FIPS_RNGVS= fips_rngvs
+FIPS_TEST_SUITE=fips_test_suite
TESTS= alltests
EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) $(MD2TEST)$(EXE_EXT) $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) \
$(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \
- $(DESTEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(FIPS_SHA1TEST)$(EXE_EXT) $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \
+ $(DESTEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(FIPS_SHATEST)$(EXE_EXT) $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \
$(RANDTEST)$(EXE_EXT) $(FIPS_RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
$(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
- $(EVPTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT)
+ $(EVPTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) \
+ $(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) \
+ $(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \
+ $(FIPS_DSSVS)$(EXE_EXT) $(FIPS_RNGVS)$(EXE_EXT) \
+ $(FIPS_TEST_SUITE)$(EXE_EXT)
# $(METHTEST)$(EXE_EXT)
OBJ= $(BNTEST).o $(ECTEST).o $(IDEATEST).o $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
$(HMACTEST).o \
$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
- $(DESTEST).o $(FIPS_DESTEST).o $(SHATEST).o $(SHA1TEST).o $(FIPS_SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
+ $(DESTEST).o $(FIPS_DESTEST).o $(SHATEST).o $(SHA1TEST).o $(FIPS_SHATEST).o $(MDC2TEST).o $(RMDTEST).o \
$(RANDTEST).o $(FIPS_RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(FIPS_DSATEST).o $(EXPTEST).o $(RSATEST).o \
- $(EVPTEST).o $(FIPS_AESTEST).o
+ $(EVPTEST).o $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \
+ $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o $(FIPS_DSSVS).o $(FIPS_RNGVS).o \
+ $(FIPS_TEST_SUITE).o
SRC= $(BNTEST).c $(ECTEST).c $(IDEATEST).c $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
$(HMACTEST).c \
$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
- $(DESTEST).c $(FIPS_DESTEST).c $(SHATEST).c $(SHA1TEST).c $(FIPS_SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
+ $(DESTEST).c $(FIPS_DESTEST).c $(SHATEST).c $(SHA1TEST).c $(FIPS_SHATEST).c $(MDC2TEST).c $(RMDTEST).c \
$(RANDTEST).c $(FIPS_RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
$(BFTEST).c $(SSLTEST).c $(DSATEST).c $(FIPS_DSATEST).c $(EXPTEST).c $(RSATEST).c \
- $(EVPTEST).c $(FIPS_AESTEST).c
+ $(EVPTEST).c $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \
+ $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c $(FIPS_DSSVS).c $(FIPS_RNGVS).c \
+ $(FIPS_TEST_SUITE).c
EXHEADER=
HEADER= $(EXHEADER)
@@ -153,7 +168,7 @@ test_sha:
../util/shlib_wrap.sh ./$(SHATEST)
../util/shlib_wrap.sh ./$(SHA1TEST)
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- ../util/shlib_wrap.sh ./$(FIPS_SHA1TEST) sha1vectors.txt | sed s/Strings/Hashes/ | cmp sha1hashes.txt - ; \
+ ../util/shlib_wrap.sh ./$(FIPS_SHATEST) < SHAmix.req | diff -w SHAmix.fax - ; \
fi
test_mdc2:
@@ -311,20 +326,43 @@ $(DLIBSSL):
$(DLIBCRYPTO):
(cd ..; $(MAKE) DIRS=crypto all)
-BUILD_CMD=if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+BUILD_CMD=SHARED_LIBS="$(SHARED_LIBS)"; \
+ if [ "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+ SHARED_LIBS=""; \
+ fi; \
+ if [ -z "$$SHARED_LIBS" ]; then \
set -x; $${CC:-$(CC)} -o $$target$(EXE_EXT) $(CFLAGS) $$target.o $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
- elif [ -z "$(SHARED_LIBS)" ]; then \
- set -x; $${CC:-$(CC)} -o $$target$(EXE_EXT) $(CFLAGS) $$target.o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
- else \
- set -x; LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+ else set -x; LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
$(CC) -o $$target$(EXE_EXT) $(CFLAGS) $$target.o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
- fi;
+ fi
+
+FIPS_BUILD_CMD=if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
+ FIPSLD_CC=$(CC); CC=$(TOP)/fips-1.0/fipsld; export CC FIPSLD_CC; \
+ fi; $(BUILD_CMD)
$(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO)
- @target=$(FIPS_AESTEST); $(BUILD_CMD)
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_AESTEST); \
- fi
+ @target=$(FIPS_AESTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_HMACTEST)$(EXE_EXT): $(FIPS_HMACTEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_HMACTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_RSAVTEST)$(EXE_EXT): $(FIPS_RSAVTEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_RSAVTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_RSASTEST)$(EXE_EXT): $(FIPS_RSASTEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_RSASTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_RSAGTEST)$(EXE_EXT): $(FIPS_RSAGTEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_RSAGTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_DSSVS)$(EXE_EXT): $(FIPS_DSSVS).o $(DLIBCRYPTO)
+ @target=$(FIPS_DSSVS); $(FIPS_BUILD_CMD)
+
+$(FIPS_RNGVS)$(EXE_EXT): $(FIPS_RNGVS).o $(DLIBCRYPTO)
+ @target=$(FIPS_RNGVS); $(FIPS_BUILD_CMD)
+
+$(FIPS_TEST_SUITE)$(EXE_EXT): $(FIPS_TEST_SUITE).o $(DLIBCRYPTO)
+ @target=$(FIPS_TEST_SUITE); $(FIPS_BUILD_CMD)
$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
@target=$(RSATEST); $(BUILD_CMD)
@@ -350,11 +388,8 @@ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
$(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
@target=$(SHA1TEST); $(BUILD_CMD)
-$(FIPS_SHA1TEST)$(EXE_EXT): $(FIPS_SHA1TEST).o $(DLIBCRYPTO)
- @target=$(FIPS_SHA1TEST); $(BUILD_CMD)
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_SHA1TEST); \
- fi
+$(FIPS_SHATEST)$(EXE_EXT): $(FIPS_SHATEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_SHATEST); $(FIPS_BUILD_CMD)
$(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
@target=$(RMDTEST); $(BUILD_CMD)
@@ -390,19 +425,13 @@ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
@target=$(DESTEST); $(BUILD_CMD)
$(FIPS_DESTEST)$(EXE_EXT): $(FIPS_DESTEST).o $(DLIBCRYPTO)
- @target=$(FIPS_DESTEST); $(BUILD_CMD)
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_DESTEST); \
- fi
+ @target=$(FIPS_DESTEST); $(FIPS_BUILD_CMD)
$(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
@target=$(RANDTEST); $(BUILD_CMD)
$(FIPS_RANDTEST)$(EXE_EXT): $(FIPS_RANDTEST).o $(DLIBCRYPTO)
- @target=$(FIPS_RANDTEST); $(BUILD_CMD)
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_RANDTEST); \
- fi
+ @target=$(FIPS_RANDTEST); $(FIPS_BUILD_CMD)
$(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
@target=$(DHTEST); $(BUILD_CMD)
@@ -411,19 +440,13 @@ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
@target=$(DSATEST); $(BUILD_CMD)
$(FIPS_DSATEST)$(EXE_EXT): $(FIPS_DSATEST).o $(DLIBCRYPTO)
- @target=$(FIPS_DSATEST); $(BUILD_CMD)
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_DSATEST); \
- fi
+ @target=$(FIPS_DSATEST); $(FIPS_BUILD_CMD)
$(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
@target=$(METHTEST); $(BUILD_CMD)
$(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
- @target=$(SSLTEST); $(BUILD_CMD)
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(SSLTEST); \
- fi
+ @target=$(SSLTEST); $(FIPS_BUILD_CMD)
$(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
@target=$(ENGINETEST); $(BUILD_CMD)
@@ -587,6 +610,29 @@ fips_dsatest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
fips_dsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
fips_dsatest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
fips_dsatest.o: fips_dsatest.c
+fips_dssvs.o: ../include/openssl/opensslconf.h fips_dssvs.c
+fips_hmactest.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+fips_hmactest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+fips_hmactest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+fips_hmactest.o: ../include/openssl/cast.h ../include/openssl/conf.h
+fips_hmactest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+fips_hmactest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+fips_hmactest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+fips_hmactest.o: ../include/openssl/err.h ../include/openssl/evp.h
+fips_hmactest.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+fips_hmactest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+fips_hmactest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+fips_hmactest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+fips_hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+fips_hmactest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fips_hmactest.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+fips_hmactest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+fips_hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+fips_hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+fips_hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+fips_hmactest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+fips_hmactest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+fips_hmactest.o: ../include/openssl/x509v3.h fips_hmactest.c
fips_randtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h
fips_randtest.o: ../include/openssl/des.h ../include/openssl/des_old.h
fips_randtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
@@ -596,13 +642,117 @@ fips_randtest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
fips_randtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
fips_randtest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
fips_randtest.o: ../include/openssl/ui_compat.h fips_randtest.c
-fips_sha1test.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h
-fips_sha1test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-fips_sha1test.o: ../include/openssl/fips.h ../include/openssl/lhash.h
-fips_sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_sha1test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-fips_sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-fips_sha1test.o: fips_sha1test.c
+fips_rngvs.o: ../include/openssl/opensslconf.h fips_rngvs.c
+fips_rsagtest.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+fips_rsagtest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+fips_rsagtest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+fips_rsagtest.o: ../include/openssl/cast.h ../include/openssl/conf.h
+fips_rsagtest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+fips_rsagtest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+fips_rsagtest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+fips_rsagtest.o: ../include/openssl/err.h ../include/openssl/evp.h
+fips_rsagtest.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+fips_rsagtest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+fips_rsagtest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+fips_rsagtest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+fips_rsagtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+fips_rsagtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fips_rsagtest.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+fips_rsagtest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+fips_rsagtest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+fips_rsagtest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+fips_rsagtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+fips_rsagtest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+fips_rsagtest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+fips_rsagtest.o: ../include/openssl/x509v3.h fips_rsagtest.c
+fips_rsastest.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+fips_rsastest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+fips_rsastest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+fips_rsastest.o: ../include/openssl/cast.h ../include/openssl/conf.h
+fips_rsastest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+fips_rsastest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+fips_rsastest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+fips_rsastest.o: ../include/openssl/err.h ../include/openssl/evp.h
+fips_rsastest.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+fips_rsastest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+fips_rsastest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+fips_rsastest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+fips_rsastest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+fips_rsastest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fips_rsastest.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+fips_rsastest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+fips_rsastest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+fips_rsastest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+fips_rsastest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+fips_rsastest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+fips_rsastest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+fips_rsastest.o: ../include/openssl/x509v3.h fips_rsastest.c
+fips_rsavtest.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+fips_rsavtest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+fips_rsavtest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+fips_rsavtest.o: ../include/openssl/cast.h ../include/openssl/conf.h
+fips_rsavtest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+fips_rsavtest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+fips_rsavtest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+fips_rsavtest.o: ../include/openssl/err.h ../include/openssl/evp.h
+fips_rsavtest.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+fips_rsavtest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+fips_rsavtest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+fips_rsavtest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+fips_rsavtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+fips_rsavtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fips_rsavtest.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+fips_rsavtest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+fips_rsavtest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+fips_rsavtest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+fips_rsavtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+fips_rsavtest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+fips_rsavtest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+fips_rsavtest.o: ../include/openssl/x509v3.h fips_rsavtest.c
+fips_shatest.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+fips_shatest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+fips_shatest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+fips_shatest.o: ../include/openssl/cast.h ../include/openssl/conf.h
+fips_shatest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+fips_shatest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+fips_shatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+fips_shatest.o: ../include/openssl/err.h ../include/openssl/evp.h
+fips_shatest.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+fips_shatest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+fips_shatest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+fips_shatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+fips_shatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+fips_shatest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+fips_shatest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+fips_shatest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+fips_shatest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+fips_shatest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+fips_shatest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+fips_shatest.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+fips_shatest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
+fips_shatest.o: fips_shatest.c
+fips_test_suite.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+fips_test_suite.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+fips_test_suite.o: ../include/openssl/bn.h ../include/openssl/cast.h
+fips_test_suite.o: ../include/openssl/crypto.h ../include/openssl/des.h
+fips_test_suite.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+fips_test_suite.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+fips_test_suite.o: ../include/openssl/err.h ../include/openssl/evp.h
+fips_test_suite.o: ../include/openssl/fips.h ../include/openssl/fips_sha.h
+fips_test_suite.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+fips_test_suite.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+fips_test_suite.o: ../include/openssl/md4.h ../include/openssl/md5.h
+fips_test_suite.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+fips_test_suite.o: ../include/openssl/objects.h
+fips_test_suite.o: ../include/openssl/opensslconf.h
+fips_test_suite.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fips_test_suite.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+fips_test_suite.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+fips_test_suite.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+fips_test_suite.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+fips_test_suite.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+fips_test_suite.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+fips_test_suite.o: fips_test_suite.c
hmactest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
hmactest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
hmactest.o: ../include/openssl/bn.h ../include/openssl/cast.h
diff --git a/src/lib/libssl/src/test/SHAmix.fax b/src/lib/libssl/src/test/SHAmix.fax
new file mode 100644
index 0000000000..83bcb14126
--- /dev/null
+++ b/src/lib/libssl/src/test/SHAmix.fax
@@ -0,0 +1,129 @@
+[L = 64]
+
+Len = 16
+Msg = 98a1
+MD = 74d78642f70ca830bec75fc60a585917e388cfa4cd1d23daab1c4d9ff1010cac3e67275df64db5a6a7c7d0fda24f1fc3eb272678a7c8becff6743ee812129078
+
+Len = 104
+Msg = 35a37a46df4ccbadd815942249
+MD = 6f5589ea195e745654885d50de687d7fe682affc8da1fb09e681540525f04ecb93022361a27759b9e272c883564223c5e4ecafeb0daaf1abce6caa4bd4153379
+
+Len = 352
+Msg = a93aed0fa5e163a82c9a934aebaab8180edf7de0b32f0fe99f9c75ec305b24609334cefa372c7c758262dc8f
+MD = 66a16799d606c569d2fcd70d7d8321ec90ef61711481aaf7d747744ebfd08ec2e7aead49429af7b4ceec6d8e147ed018e034efbe07982699e818db5fc4b1d71a
+
+Len = 1016
+Msg = 433e88eb2f8aba562d15c18126fbdffb81d5d6c9397fa052321f5f78cd629708ba099b540da5451e949eeab8687a8d6ac35c531411cb37144ab5ff6a7eb46f1ab28fbcd2ea0444cd87c57bf7d3c02952dba3d3987da07622c16e7c086d90e88ad3d9d4afee301d2bad915d868f54197b70b23c9fa385c443404fbc9abf7e6a
+MD = 790bc4844e9aeef8938df0ccda17890556a4151817111a526a88919cfb172f0b03c216080c1b60210eb1942097f17b6d0691bf5b018b6d959198d6a694b922c9
+
+Len = 13696
+Msg = 2c46a76a9dfbae1f5e59f085e9c3d4b600c24b2d404d062cf948e75a3d4ab5b137a31397be9eb34b2a03c78367e0b85448891b511ddee1f787cccd498b172cb7e656c044a03ffde8e42478330fbe9c34072a9e99ce31b41757cc820d98e7d564e06694b96b66f4be34c5eadd0ae4e61fe6abbe4d7ccee855104fedee8b451a7fcedb793d469b0094c0ed07c97fda00dd8c1662b44e3ee6775a5ef6368cb662d257be561a5967893433a4b63f97295036a37272176d081545df00852bc5c4162324161296cd51f76433f2df867a5840f2d0c8d5be00b4dc89443d82175bf69c3bdceb97facae2b2ed68e06ae74fef36d8bd1f75f130cba509341dd54079d45de22845cc8e77a022977c7540aa3e779cb1127f39f825d4d78e55a967ef45e7c1dfb02d9999fd15af2914ba47177177d94576f1091a0657d9e04fe81e6be7b631fc1baae66584c9c26ddbb568750d77555c927bcda1fbdc15c7cbe3e3fe88ca13ff12c59b383343c12976708c0e3dff78be0e286dd32eecf20b71a09fee50a9d0b13c85a15b320b162690f399282798aa3291fdd2f9c40ed873e829388466ddd1da42f2de16aaa9272ccf44790cf3c95382c304e25ae8cb2fc9d9869808f3ee7d42cb143bb0c3a55e03db6d1202ca1bdb744e448640c0aa60d3ebbda5c21e623bb080f4a073a48822725d764e51d415aad1d7c5a7f17433d15ac7d849f910c375ee0899f6a576dada42fd651343383f286009902bb62deeeb2514de6af7f09892c20d0b238f6021f03b62444b1e1f21beeb89acfcd7136416fe7bd8f202e76afaf5345311798be7cb25351add2bb044d2380221009c4d1cbbaba4cdc8631dc0144f2778a6aa1eb3d3c81df0b1b2142fce111af8214d049e40f536c5d462b9224a978e82cc6c420e70ecc3cdaffb726a183c793845315f730fa4dac9fe46e4180397107a6a051f7f0a58ceb9bf4df37e1a81c8e9569187228e8037df2e59c52ba815566768bedc8e09d5e7bdc9f2bff23aaaaf133bb5a3332750f6124ce185e29fda0851addfa2c3d52bb6dfb530fd4ee27dd5bfdce5dc2f41debe6740274bc651aecd4023b098a7d622e2296b50d51b79c4e3f521695a9d43f038e8f273405e26584d3db179e7c1758114a3d39970df674580bbf2884405974f0b9c4b0d8b3287a2314f3f81b6991812f354d655f62513c9551b378cc2efa4c3e08b313c56cada52217fb6112eb8299b28445aca8f72e7170a1cd8bbfee4d2145fbe8d49c6af8831c4d4fc7177a50ee55a7b484261504af946c6bd5e1d6b89092f3c487c0568fa07c356fae9b8e831b8320289039746a435b122cfbc4a0d316bf90d481d3b7d979cc50d98c1190af8dc58e0035557dd5e94f437f41fab513202643a77748f76c6b77302bf40c392cd18731da082c99bdedeb70e15cd68bff59619cabcc92adcf122753c55afde0817352bc247d1170b8ddba1ad1b0faadfe0efbfc5fe6334377fa372c3435691f53dfc2ad5e08966b2d3525b1eec2d993a5cd4ff34278bd40dd80313a0727d05e0a932156152f3e11a190d8d69726f5c57d20f811e1e8932e86409ffdac96c6251c2a2976b8757adcac5d2de94931d1cbea866ec8bcba5774f8a7fde792f6acfd0f01356fd66fdf54a416af6a9397e00f848a2e9831627cbcbb52b5a868ec174e69b4cfa1ed72cdf23f39d7eaf4bdb318c188b1f0fe75655e34ad71907cdb77a1a2b162cd7c22d93dc45321eafb17cd60282e83736267b3e1fb249c307d49509f50839942f0f493afd9ef37db053a918e3ec83d801bbdead07554a018b8ba348fe9b7dd92ea7c5fc0e65a644ba19aa1fb6c022ab768ec7cb249ba17b9dda2860bd4aaaa3dc70ec009804141ad5ebc61203658e57a0887ec0fded18d844a96e79ba7e879c4253056f23e205a80ab1471953438f85848f4ab31ab175c089e0bbb97ea0dd6a67385770356741966053735e2cc2ecdd2c8c75cc045181dd7267584b901674b553082b2c58fb8f8be0b99306194a6f069f684535423304d40a268d55784a14260fa9c9cb1306b82f91cbee3c9f43dea9e50903135cc1c6505605a100bfa28564a2057974eef0852b7b72ce264815026d0759f691db618ef760edde73ec888e181403834f7221bb27a69479ec9b28a3fb0c3f68d4467d25712fc48ad78763f9ea6e8a2e85260225ca1b1a38b720e589fafca29f07257c5467cb74ee53189b8c81b784c43e93f98abde1ed53af60b27b13df6ce45001c6e1813de3521028981086f7d88ba13f6fb1a800f312fbe2f842eebe847fd760c394668cfbfd353ec14ca0366eccd7b4cd63318116bdc42e20a632a0d2b8c5cddb37bfc0a239ebe3800a787d2ece077a7968036b3d9b31cd906f888e3ed742cd769033e2c24c5a9e3c10b6d300db5a17dd88
+MD = a86e07bcd19080d4a83e1384bd8189f60a7dd7a6998406ade0bf03f805375bd823c7656dd51cd9d63e542f8ade41f16d73794d60d0906424133778156ee54b95
+
+Len = 100816
+Msg = f8ed40e878dc68ceec52cc8e2868722310fb117ca3a52e1839eb85d308b8aa00ed0bf0b76aec8a70eba4f0d14d2d85c5a0e876ce2c8ee59cb36947def6c40a587aa07b368ca8e8a08367018e45b984de0d7f1aa46b977cc18c0cd9b7bb897cbb2814aa0ce8f8c9843e03c86c19f2ba95dd2ac4a466a93aae4b3b05055ff148517ecf43e286c57744a3e10a14d0c26e139a503e7927aa688c78609170ebe3b54104390e5f6cf538093a67922e7210e77fcb584ec9b6844e829be246a266460cb442bad52ca47255fb8cfe276108c36e02f9acbd3d191d34b93d29ec40d80496d1c1bb5ef036221641200e905598c54bc4abb3527c5a5f6258e59d4bf54a0498c108a2725428efc2047e0096b32dfdc6ec69d5d72f81301f881ca62a66c22e5dab9fd9d90084c0a36b2f3a0123cc5327a3bc7a12fd947ab57169ac533e4b6a2cb80fc65b9b527cff9fba26994c7fafb5102a0acd8f9d246a3a54178c23eaa04c0fdfd3c0cd980d1fc7a72b25d74df9b95c3dedce8ca316870c654f9ebea9b806da9767cf40605a4b0c7fb06f6b3f197bae7d8cde9daf38530e25bc51b68f9aa23ec0e95199b14bca96c91f3db15bf8432f714dc46ac87218691bc66cb3a42f6865e1c30f8394c8e68c0ddf5851ab7c5906a1994a9af6ac1c44d0d6b95ff15d9f77825ccea40fb9e516d45888f2378e045d95d936d541cea9c8ca52fe5f7d0d919b2b1c59a42d06105ea4f2943c05178e59d67351c5b2c0051c93a4045e512884fa656b772cf398af89081546d920fd3d24ebd16310506a786ab33293027394c1bcb7b1efe46b550ac28529646e8d2a5ae65c59345e24b44cd7b06673f3ed3b9008aa568a739c26682fa596b7a655842cc6b2758b583487c78d14a76bdac7033806c5c210828ef313f8efc4072681f5fded748c31a58ac933b4665c445f07d603e0905e49b84aa55146eb1c1c99196413832a05efee2e64d6732fefc629b79b37bb9390fcbed7226b412204bda523b8b8af5c4a8bdb263ef9f3f6c7b9e1de3a1dc257c1f33b3d54a9101be5b4f2a9db319993c2cd137c41e35c434ce52e859afd1a635af4d8852252dc5e28c729b2b4c96a56d57f3f3854ded59fe612b9b3a51fee3fc1c83db673b0cc7433bff2472bc74a2eeb6706605e308690fd072a7042ca6474603711d8310909e47063f46f287260a26c4f11fe492298a0f98d28c45948a4899e08fcf443a6ba36457dd8329314d53ac0fd0819fcfc3357426c5bb8d3dfd706e205a81091cf08f31cd3459854f3d07e503991ba5f067e3c406c6c5396d8257496f4ba3703cb1ba25c2fe4aa54577af782cd57e85a88a2d75c54039e8b7bb559219edd6e81e41acb6d575d6f798afb2cbf7f00abd5c9c7b0fceec79f9a0fb040ebcbb7bff3602df7b71357efacd37aa57019350bb81213508a006160acde3dae5c42f03141887eaca22d7b33d6791febfb619d11ebabb13e6c5378e9a72e852ddccd31cc53a43275966b7042ddc51485ca20e1c456dcc7020cafb5407548b044d332229911fc74d7fb97de25abff7efb431da82de2ed7e25d0dcc06ffc74e57ca93a6a9f64d76a5c39776fe2266f88d6d0229b527525fd2e22a1407e26f94c5bc6adb1e7327f3c8bb8d4c983385c579dd8f5623df8cd6da569c7de73d9210e6b9253a177653a13ece075940fc81016d8c35fa4f6542df5120c174158ff32533476f4e059e35117081a24798fbdd1eb10f82809836f8dbefe755611347f75423dd8571695960c6f66cca71f0a01e8fecbe1183bee3335eff10b4ff8104132040e2145ec3164b2448f60c730887b9d7894e5f7df3f876cb17136c99cf32db1c02fba860937378dbd093c4c5112133781f06c8ca07c527c2c085e8ba5e52b399f2909e217aef6e3035ecafe2caeb1004069dea023af7eab873deb5ebcef2313c9827821bb9f89fd3d1570a569673d3ede86a4fb13dff242eb98450a8917fd8865c56e0a9f11d72394b79808b0429f3a83cf2465161596887fa2d557b367a1de9c7753666b0cca9c30cba9f0a749c03c55cdc7a6d45852c76ce2010de3e7f75d95228efdc79949b238d90b25f983868b7f07f585f7b00e45d9e132f3c09ee84f794d899759be3dabd46a256f4cf8da71270617cc2425b24cef25d1d2f3945afa6f81abfccc858cd02e05619649b1a5347650934105c02622d538447223d136a8a0455cf3c6f61f696b32266197b5cd1d936fd3ad4288520fb4a2f59bf95e659f33210446ef18debeb679dd99de0c3c74a6eb3dd783861f5db4e94a151c42ce27519d0bbbf1f3b1163563ec06c8bfd881d94a3b896fc07352fc97ada73685588a2242da1b718f81bb1077bc70fbd58b8b52163489ae403838b533851bec30ed0ecd97d72d1af534f3703db59f1f563bdc39d690a0e90e545506463a37e84974fd7b256bbb912cb4077d3e3f5bdd4bd2bab713b696c830b1f2185734c4d2dbd49d5372fe8b813ce73f5e01c36bddbb376ef4541033f2b0355613eeda8951ebf7377e08f967902eb7e23c0fa798c6ae52401721053f1095cacb1e9496500e83c412236fc21566090b3a3eee55aa402c0b774802fd81c9e8579761cfcfdfb1aa23786b2dc35dacd5ca8d8d283369f53e4a5db18060c2c6b0c303052aeeffe169fcaf7ecc63090a9ade245045ab9c8aebf738772297caaef5f857322a597846c7370083d409df27612e47b0cb240daa3cfa51c57108612ac0dddb0f59791289ccbdb3a2cb1fa9ac31a23dd5440682fb373bf0c1f41c4fe2185ad7c53eb69552807410053b0c2d40132250e637b8c425e6a35d93333b5b7d0557927b6179c848ec455fd1ab38348c0e96c60b2da49bd15118df64b6ce4fa48fbc555a4b2874141718e731a40b85382ae6e86ead31cea77f83bf5c063bf1febf71688a832d615e09d6f14badedeaeb6ffbfe343fc7274e78cd46a2aaec0a349c5f133291ee57cdcb65c5474e46294de6bb50886bce6c6f44dcb95f2a4761ed2e6c9e7bfed51e0964afab4e0f7e0b07960f2590baae66b1ec9a63ba0fb6c0d27e81508c51487dbbdc9beb8879fd58c188dfc774b3d0ddbd77ee8bdcdfa0ed8a9387728e12b13e8b3c10cc1c132bd822c2147c5ddf9a993aedbf78ec256db1be76644ca8ca7727208bf89732657152d34e948d73c47561d156f773136684d4162d02260300020123d13a95f4f835907c344942ddeccafe2abb7dc4792c4f1e39c24748c63cba933b16be0b8853e058c47a1ae2c4dfff39ec2339b345fe3557d03c1df91a0607a711636c4416ffdb73532aeeb74f237ed8bf971388a0659e4682a46b8327e751034cbf2c87c7828da9d24baf07a742ada34d1ef38ab1e8f2b4f801192c146600709533e61bc2665dc1e9e6441bf3c4f6643bc0c102a10f9a69da5b0e3d0a0c7cb694c682493032b5853f02953b5c2fc0e1348565389762fc2dcfbb34fd305f2d9df080e859396ffcbb7da78aae0a0d72e3de76c774bc6a81c87f2872b6afe97ced5269009304a4992c4add0bbe24e57632e19ad0fe37ae910193aab0aeae32cf6d618ab33eba59f6a04fad00b1d2403396e6fa661d31b695a1b349d62f56c08fe6c6eae7a482177adf341e51d03ea511d7959c721bd20bf371860ecd7fce1d25212891850b85648db0a039e6638d9c78bc958add3e41341536b5007be63fd1f7e3308876bcebcb97dc3b05a7b2eaadd00f8fcc8dcfa7b961bbe727c9aed1626ff786d6a0ffdbd1002cae8a7d047b6181962a686c152b2341c7c58c9f1dab5af424d183ed1c7d003165a1d04ea3683ff31a0f68615af6f91c21f736e67df641ed31b998445afadf9052bbe004d5dad08f62e5d353e42fc35a92242d8414d99dc4e7e81c8c027af686baa5c185e3f99abb3855b22cfdff0a62e2f47a632b7df8e00e0317af5c24ce7c64077bbb15ec27e062070cd3eb8e549ed9112469090ad9a96eb59294b021eed81987178cb2dcff67a9a2e930f6032c753e203380f8a7c987cea393234699de03a1d09ce204f0a8b6d5cf522b6887174fdbccb08f3e7c4fe2f778254465b32766c48812a45151ac37ae354dac87419f9476baa27e24b2f322b2da4ddf579750684a5881bae2269351fb7de59b9d5a4badd8951135f2713dafc57215dc626ee170fae7f20bff98e36b864e1fe0f0f9a300c903069bf0e0b6f2f8e78423cf6063e89dde6c81efcf26ef15510563c84730f611ac879a6628e55115e1a29de6945d37fbe4f803fcf2e344712d9e0d6f6c79f8773a9f199b705235e20a7830ee3357c5dca29d7a6c29a3d2628bf2c42c8f076cc4525301d8e1860729070dc53164d9fa08bf63cc889eed01b0130a7146d860bbc09ead3865a3082db0836a45f5506c3e46e452e298764939226cedfd06700e4e33c6b4a78add601140249596831e97f960b973a4e4dc3fe2813fa34eb47f998ce57270368fb81719a09298a223f7e3931ce5cdfab3f658649533354e982c87dc9e49eacebb5bb4af9a767b4f1c03d774431168cd4fec1b2726f1aae3f9a062a825f3295557eebf3af4784487b869fb049de44d03fee71194fc200af72103b157431935b5ab9bc122773ffd313d52d7acf1078386090fc011de695e71567cfd51c06317d4ff8841ceeb74ad35f4e5f4d20921123cb88bb2079674ad39e133cdfd6478d69c9bddc7a818be5d7b254bd9e0abdb030f52846fdfeae8ff370a51a9c5f6017af3c6c3db17c5c614ea18ab0e3ca0dd5de621217dffa36e5c5318fe191040a50cc3ca620683bc34da6c142e1c50afce28a86b8b66d189adcd755561a647080d93f3ede1cf54c3afb7e863fc8a82a2576d3f79e9b2bb634e598507a3d7d017e0176b7868bff3a3dfb4474b3ce03c401f33929364e727fbf8096b77eb351435c7a113b3215cc6246dd86f1517a7e550cf828900248f7c1754e40fed62477b296a37d3e53231360d012c4908b466e49b0e620c0a5031228009f259b030956ebd70e49357c3c3ac2842b6bd6e3ca5a3e985dc03f7105681fec03b320a7ca753b782ad3b52fd9c8e3bd980b48dd6ec8901dbf756108e85015821c880416e0693e0479cb31c0743450f6d9214afabc4feadb9bcee9def460a58d3a02d9e3039970068b8e3fd0a403a6ca7f2c71ae2b46ab3c731b1e65e2104c47fcb1f69e7c8c6df8c09b33f2e1cd4192faab316a44536dcac608832019f5765cc5240eabe3c87445c980c299a5e7ae0acc2c2ed19fdc8f011515bcb00476b03633c7669db1b44f97f6cd402778e9687c740dbe5686789b79d0b13f784a2a866eb91ab2d66f064c49e8df513ec348fd7272ee548ba08e1f9f99696ffb53677550d59c67f88404f6e610455a422d9cd987493ca5c366a397dccface2bba8e3e99719dafa768956cbf6fd8defc4104b8925878716a0514f70cbf3fa2c2bc2f66fabe654eed3076257e71117665703eb88c79e4c2b94e8e856e7a6ef90ee2a358409db78b98056ce1750eb80725d70e35507fdfa5933a61496ba48fbd5555717b33b59d4ef211fe096aefd478859ffc97a41372023ef114adcae5a8d5e03c21369baf1e7f417cb40326bc6db1cdf0904651dda3c1039a2f1755e7c329f7c03bf33f324206ce6e1638711c8c9a45f153aa1f847cca2a5d3af1d24fe7a1e1094819e8e712cbe10ead1012b7371b35cbcc2bd5b10505fb63bea20ac81d25e83ed0105e7595b6c28400f4d336791ce4a584323d0b455bbed44392c5f86c9d5287593f6986d4b0b8f9974a7a4157859ba801251d3b44b2bad84f29cb87dcf1680d6d10d1bfd59f0c95fb7bd07fdb3ea2fccd6e3ee80af438956ccfe31e750972f893ea5dcaa26d077fb3f09d990c2f41c8707368bba007803621ecd76540cdb8705435d74f4300eee04710a936f241c034709e625b0dd5dae1f6e86d034426819c365a05f5be420cdf4042bbff965a666a5756f67259448ebf742b6ea189fa17a4c3bfaf651d19a8a525f09d9cff637c8fac02eaa58d3ee3f7221da1e61833c0b183cd9f47686f09597e8115b435454acef80c079eafaa22b18927d07bf8b7c5ebfdec9c42a52b7824d45decef41e6184dc2db1505ca6f94172fafc10731706e79b9856dfede353d2eadeceaf72a302e3492d7dc81e3777e4e9e1f3d33cc4402833ffedb241a75a09e9495d671f80ad3acf06823bb04a92b815edd0ca7d01dcb3318c1ae5c62d3e99c0ec37908b45b51dd65f6b45b34ede2d6f553f60a45e20fafcb34ae4dbd375f52a5db9c62650deeee78e955087c2bea75ede7c304347b171fe0c1a2a033894be6e04605271307f307b2a9cf6ae24b8c87ce033a3fa4cf2bacdfcf54fcccb1f580476c7d00c631a8529a9eea2a713610341e0e25609dc8927e51c58a0a9197a54963b5cb95877354f4b8316df02ed2bea367704a12274d96bcbe0d0d728923a368bb8ab98d5db5401894c822632308ddfd309071fb4b477d8eac0ea5dbbc3e3606d8510d9051dfb5e4b7cdcf2c57c1b76902d864c3109c901da53019ed33cea84b407490486ad9f980a8a63df3d2e3921064afea137f35179130db3351f5bc3f5e7d590a5ab08b5415efbd345f9d57b71ade7dca939efa5a12d677b9af0af14468176a43712bde10cb15787c18bf066eaef8abcdea77d3a0c61d6c74ae7b54fe90940d0233e4b874c9a141dcc740d7fff43b9fbbc012a933d890232cf74fccb7ff7eac1148e203c7381b7f1d1429b1b1152ec25cbf7562596eb402a9328e43b5dc5cae36592da5523f0b9907a6817ecd395a7c778daae85bb11372b20641a04250b77b3a0ece885d07faf9622650259b874536d6d2b92181c834dc111b6fcba483167be40ecc922fb87006f63b9e8e632879563f37a8f712db9fa68c1a20ab239c0116fe022fad1279f3288b8e74a16d447e467b6381515814dd3aecab5c2a09c400b44e9100c04c720dc7e8c6d9460002da6c52004c16999975fef8752c2f9c229cbd9e6446b226cc454bd68cd665668a17328bb30f301e92ef5c7a2197a326df5c99b422096de8af231d1d8872e6e505bcfff026d4862f28d4bb3856a66ced22c9b0587451d8da4230a38561b5b1c69b523a4701a2001382aa82fcbd60733a14696a540227db44aef346d6c0a7ae5173604d59eb828614cafc1b8cfecda054dcc7306f73925e6d1af56ed74c51c6cdb66e9fee8d7a0078254fedb0c0f5dc85a4686870709b499eafbc8451aebadf848b0598ce8f955688bd2d6032abe10d1391d67c20a049841f95d2ee0c8deae2bc1baca0c098d8718cba1ddcd968981c47cd98d247aca4f838f3bf16d092eab8be8deb1f8d504d37cc44a8c96c9f22f2698036d4ad3bb48b31f109626565c147d20a4a7dfd61fb918f81548fb4f78875c1d138e819f6822651b93a3c92ad77793fba5222d870ea671f9cac967919d18f96e92778548415b2e170d90b201215354fc48a77e62823a2c2bb354782ad052732f08beb278f751529416f37d83ea26248517ae2ef2ead28c1077908995a2d25db0deaa957bcab39715283287fd626ea7388abccba2d90e364a7ff4284c84f70da68ce1aafb5be0401cb9d45e085aab41892a49e10cbd5baf2c34f5e0ca076f2772abea6f622b66020d546f8c2f134a87f96edbeb9b08394b585f2c2f98aa792f97b43b5f3aa9c34189804a9ecc2cfaeefbd0f967d85a25bf3136fd8132dec38aa82e4af6ff677682f3b62be27a180aeb22f918c24f23bf6f5954e0722324cccd06829fc32ae4fe3aee6e5a03b3651900e13fb0a759e544d033418b6ed40d037b4549a0404792c8fddc317b7f028493c4c91d6773932f8486417544f3d007e5f9e6fc02fadff175303f77f6b0e1f709bb3d3a93b38552ccf62688a39da1a602dd5e122e6f4e9171769ada5255cc5cf938dfefcbe3ab0faca434c42dc8c357e89a3d1488fa3df35c3580b124ba3bf6d0d203d586707eb692150ed05a01bf9de5c4e67bb948088784016394d47abb853f2b6b643a066ad81bcd1735aed4e108a8c1fcd025b548de874eb60de7f3c568728959147d1219e4b830e06ca2bee1f8a035e28a54ee6958d4821a84e5d1e41139905f7ec60fe67ce5f4eccdcc2c3d1e4a753a32dd3004970a4ff3824471822fe2b5010b9b6c6b01336dbf0181a95cba2624663215468519871cc39e8a7f4a151c8bd03363b402020f2fb98069b2cb8cc1b7e930938e7540d95d1d223e47865135793f9eb573660ff79f7ed2fae503e68ba44596ee745fbd8fa562c5c666d174cc01b1961736e18b8b517161ab9c8058026e0ddd6c94aed0086a26e1b959a5e05eb9d8c1ff5b2ef518ca23b4f265db61b499a48cc46bed28d23ffc1e8d9c9e345c06079ad47c88dd4e8e286575bd7f9420ab9c2d5c6685488b8b34d4c9ac04e1427ae0994cf789b48b01d1db9c2fe75fc5187727bb11119f82d0739ce4048467a08cd635bf78cc1b6cc9c28fdc199d351064a81456f81c9e56a43aef7332973804b06b18a26caa62523a7d0acc272ba49124b17bb68800d5756afd34ddb2b7e2dd8a118aac3fcf39d9f853c4d2c4fd3ed5bd25a6604d68d57db93d15aa1160f8a97e6c24238e84f272780966867f9c644ca2775cdac4af0ece036cfa6ebb1cd9d701dd7daec5763c9a4de0385db383a5647918e79c6a6de1f4ee1f6b722c561704c8d7efa4710d78dfce8ad2df0d3d82cbb59cef0bcb001f70bdc6e17af1a720b117fe02bb1dd527b18e6bce70e9447cd0cc85cbcf431fe7c006f5e4ef878a974a93b25f492847c9ae020583c9d412f4124246164d8f080b615e2eee267a7aeb5fa0974de52cefef23cdda7b305a33a91e9b50471ceb72dae337c485d636e28d6ee31f5705983808b1567d4d4ae820ec445c56e6a404cad6b408691475397c0dd6cfad232106ba96e5104052700a653e21f9ac6d79578a9f52548f426a1e81dd45bae30acdd4d22a2dafd633564d6b2f45e7d35413503c955cb0a9784b42ae8c2a5933a6729f3922f969a158540dcd201ecb6e32f88b5b4921914a2e8f424c8b031f115ea5d23a21e6f22439ffd7e5d11b08df729f65613b4f6ad3edbc9a066a5e712ecbddfa6fa764cdf170c0485f82d924a99b7e7ad8dc44c1f93e49b6469a9af3de5691944413f1417b753bcb84d5b7a34f362c383cbc802b0c88bd23a7ac471b9287571c42081b1134bfc8ce104a550942ab1f2a074cb00a90558d6e841ff15cfde6951f03e450a1bfc90dec6c513fcb2692ddccc31d22e5274d41036656183c72fce208e44920776f196193137ac67d6d65ce9cfaae774f23a86e6ee8ff3a4e9422a4667d971906e5496a4e80278774899c882708611bad282f6c1d666bc5e7c40082b43a6e98d494a18e9b3cf7f154fdbf90d786e59e83b72ad0ab893c49aca50ed37ea5202e650fda54f5c46ca2a35c476f4b009c5e6733232275abd1341199b63d22386c484cb95c43ea90e609c407bc79ddd00609cc2eb0d82848db239b249f164b7ea384d0239fe1e64d04955b9297472cafa2ff272c5c78100aaa86cdd8120556f25652a3c12da5853338e3be8f505d93ea03cd1cae7e78e95befdc0e26b760d11e05403c348e0523fe036381408033c009a8e1f117af5100a6eb91f08307df465c20bc1dd029875ef7e49338689f602d98f2dc690a57a6f2864e57098f8bd723574944ad3688b292db6d01387a16493912722ac8f91fd12b748899bdaeabdf0479df788eda440d7bf30d1c25d78d757f00b74bb556506637fc1ab87162f05d464e63a6272db3fe56e9357275035d6b6bee32bd92c4a1dc94778551e94ee1d8854f767bfac3811bd0287672aaa01ea18c25650f05a68cbacd9158e479b508e72df778589e1e03dc543b60bb3b10399e5c50de9e728e69774fb3f5fea757ddefccd0f9da75afe4b67f9c54aaaaf646e858fb001a6deed0a8a769ecef0689c988de566b6015fb8c40aeb5f2df7ea4bee60e8e69d15c4a4aa5411dbe63fbdd6418cf025d87f37362f15e22aba83abe1a3de9857c71c2234023b969eacc0bc526363b7f30b092ca114f2a6cefb34394d146866ac86a33fc497a8cb8e2a5bac398579ff7958878421fb08fff4f8f3deb8c9641b8de392647df3017a5467f9d7b23036935ec6e188dd6dbfb544b8a9e04a4b3c7fa1e4d1d9879daf69986b8083e6eb023a4b5eff80fef17f8f65433c882a21565a919448e6091d1b61013fdaf9fc3e45bbe827c9b4ab10b05600a1961e81d31c7404f8e0d32bfcac2937eaed811db167dfdc29286b0d51bad2bcdb9dea76eaf495a31a7fe717c1c98be374a36271cdd06ed06c02ef4c3c06cb42f73b3332ed488416010e6bf2f4dc4dade6e2e61f19e9306bf941868f59fa0939005743dd647f0a04b576a7e71d4c383c479453501e18ec56d7cb79fe31ff534afbd8609ed701ef163f9de31bc58114399fa0f22b62c66c380e8a10c34b7e731df2a8d39dcf36fbf3a66d67b973e3a94bf6ee0bd96f5c76baa76492032fdd2f59ecaee403d486f543f2cd7ae7b0dabe1b5566e681cd40d384a94349e9668650a6f2d2daf86c59a7b02ba466cd03ce1d50c3f0ca4c02dc4b3d1c0e7b9a77df9eae0bfcffa32117d7e05adc7195f4278c93497401629897a58d08ad7141ea52e0163f14992d7a284e7b875ce4640b4dd48ceedad1ea17d8ab1e760773044845e0899602f1bdfff4d42ab80c0765d1a8bde2ba0a830c050923956d06c80b182264ad19ae4f7c39e43195f7d421bdcda00e3eb5ec5ef2ec91d69df691ba7fe250352acf01fa92af5e2c634b9c7c97889e9147e869acc153d88cdc18908f882f371ba9c1e13c26e9cb8e3cbd4c5e1988080ca65a67b3a4c3460cfadbec904d853fddd2f5375b6070941fca53cc106b5748480213cfbdc1c34320a0478b05f76fd0454c75eca069cb1fa7b21704dab67dc40d041c8a1040db378e76655636ad725219c049e6536982d6ee9f11dd032280e622547c7ff44a938a1f233c356a98182d22d5770fbc871e20bb37483dd5d6ea1551993b95b30774a49b50d411ebe0e8c92834094e23ec2664d822c40e96fb42b8607b62b6949e05edcaa436d0ffac6a8ff384068acfc0220c0b098d368fb8113918a4f8c9de37cece74c8695cef2427e54a6e77ad092a9b7f1d94ac9f0836deff41b905b5dafc58ad6063759b0372a634f69a639e19521825d66a282f489c3172a3659264d0132af3571e637782bb6fe5c0afd24547612166fd3409d0991392fa054ea5bd07a4cd0921a13ad7b62a0b5e6d56cd8adb7f3eaa5c99576941c38aff311c49a8c9d8c755869302a2e5e40109c8365a551cd3f859b9421be189d3a0e9ed78830d5cd6a2414e9cc4c25814d94d98f8848e5386d6dbddd65d22b96c5d20020a5dd409c7e5344065871e57e01c91a443501dc8bf619890fe231319b5480c3879dee618d319962596539e2970513fb5c0c8eac3a71ff99962779cf1d7e916566d0e29d121c5cec5d7302a18ed00be9316f3de8c669a64c2a960a588f9c8a42690f6867cda7146e8ce27aa6a7fb27606eed9df6a235a42d17ce71627446e206e879de56025a66556263f06684dedcfd6f083d6a707e5fc8f8212d716e062f0f7fd0c2fc62bea93d68581265a803c31cac3f8ac8939c5f8c464ebd19df42c7e8998494af614c8383294f3f3883f2404ac10404759e182a038c97aea04a85530ec005e203807c5bc30fa9f5339b32fb0427e64915e29a25bb25ac60b92256470e7de5298d42c6b88995f8d2fb704e49d55b66b71e237af90fcbfd71d9093e1a543da2e9911ac4102346dc4704859cb33ac5f5dce2b3331a9dc9fb506461a5436c89bf90d39afcf93cbca4cfc35da6ddb112243928246ae0d1ba269b0fce0468d3ecabbdb925c9ea3241e2dbdc6b151fb4aa724a42f98b0248171fa01fa103f116d0e7deb65dc359b09126f9a420300fd209508ec7a50be56d5b470e387d0c52a1d104625f9571ce1404d1b7af3fb00475b95f752ab96610be112d33ded48624015781e7198f4dcdf917839471fbedb43c34efabe09941fab6b342cf672a29dbb1eed0db788dbfcfcc63bcfe80f7718571f691818dd6f839e3cc282f85f03fe0400171cdf1235049fa53de7450b4c40ed398d5a486f52124c1c63de2afc950e81839f52d17e2a7d32f82788465a65da6cd763c6360763561ed2bf47749080549b6e2db87514e1ee1c85a0bbd346eb6e3cc29267cbedcad67a287fc5be65ec59ba8b6854b31c83dfc5155187d4150685c5c2c342ed68b01ac9e44b60f0c100a347a0f93074dd37d8956fe2f43110dda66e9f9e6185c23dab74cfca21f3ede4bca87687549ea02662f45dfa0ad27f9959a120cacb7c419810e1b1a50fad31c12c47d5bbc61bad77044aa541d29faa6126c60ef088b82eead17a52843307d4bf798b853d90d14c5347ff10615381d85e964331b7a123d15a77a6790d93e920052ddb4db4baaac5e2b27b66ff955e53b8308151c81da4711189ccf0eb393c5bbccfa1f6c94a8d5f4bcd266fc6a12061967ce836ca042257368f567dc42de6ce0be84449234a6163b72069f25b7ead4b2003e1a7665e87ccf211abe94175d1c11bff2c0b6bc110194d34aab96934ef59804cd26e4434ba166d9833fb091be37b139cc10748b881c93690528a96ccccd2dbe024510b8da37dceab567dc52706461c486a0463369cbb99bcca2e8a4d2e005c45401964722a4b3ed37c351c9f21685e8992c9634349379f41796deebffc2928058c8ef6ea37c6e4970dedb78d1c2a00ea9e1ff1e7708470a6c60e6a2b1e966aa872776afdb238e97f716b3df8dfd42bf0f7ceb52bf9eb33731bdba5987b8f48b4599d67b383e77413107857e951ae0625059e5616ccb41131df9a480efd5beab3a9c99615921caedc53dbad675c00ba1030577db1d22731677914fa958b44792cc9c19e2ac71ebe61a05ee67ae7116e39e1c0d103f18bbc9d531164360d901da8234d29fb0b37cd2a60c7aa2adb2a4b297ea2fb14122ad95bd4592ef86c88fdae1e37dc8e44ad03c0fcdfa3801e93796771c5a2ec1e4ab12a64b3ffe48e7442c6224661ed5cc987aada6e778399941f7b20f16f94fb346b916be87f005c9c13789741602039d38270643cce3c347565eef5ee09139330301951c15756be47994de6f1802dc5131b9b011051b1d87d744756831a71cc8528487f032fee9dbffccc751e6a1ee6d07bb218b3a7ec6bf5740ead7a47b6907d7aa95b79aecedf4a637ead8fc6fb8654c93d13ee79f5d6258dcc61993aebc65e4fc14eea7d006e31f6e9f60e3bca8ce52ec559876fd20255e507daa99b185671ce1ac11d448c30bcdf97b9617195e0ccd2d15246308dd6cda74a8071114327fe203b1adbaa780f3243105c5111636a51dce966f5652e39d4f91abbbb4576234d6cacc3ec57cef2dd4dda49a6c33d12bb7595fd5ab5bb15b40301f34ddfb831a5dbf62218f496c003227fe6282e2ac054c45e7f3fc93e51b3ee8690f08612395095a0a12729d663eded879d9ffb325c62f2cb546a48bed51ae232fa6ce28a2494c132a6e09d98c2e3d478d5d2d15dce2e2665e4a3db448931068b99899c2bd8ba87349b0cf9e3c52cffdcf58a59b4fe0089b298b42ad7553f831bd60f5cfa3e09102fe773e4c05412973a678f3b3ed420433cd664dc7f218e816a17c5c9013ecb84abf2dd073557dbc41b92a91e0339d57b8b077a9a44d56427fec5748c47c1460b2e2412094db6d0ad06dea0aa0c1368592594bf0b2f590a9d6149e44dd4adc4cb42e5d9940d59397b83b33b88604c210694e3fbd84795c80c1b09ddb3b1ec8bef6e9dfc4d7f295e551a79436007ca48aa605ef5a89571e59cb26f2766e564e39d3bb441deaa0c8664549881d90a77256c0f6c77241fd6ab74b0e2890f78ff16fd2f9271ef96ebfbd0b878ba9c703900752b7447f4efaa60bd9dc9cd5673a36b39d49f54274caf03c0cf82b95141fa20ed3ce02ebf0dd74d9eff8eb9e2dd3a2976b244b12fd33ee75c1f1c459f86a1cefbc817f42d7f43ba406098165cbeab99df4fe751ae3382efce32af252e461652c7598161e74fd8eeca474fab6b1ede039935f2fd4d7562623b90a422a78941f47a76863d95857c33653d1b42b806bbafcfeccb7bb4a0c58acebf6104b2570afc3ca88e4fdf2719cf39c964a1ea7d2ae4a7fadc938abc95adac495093f6b959b1347501606b3f960b6d739291aa8c13eb49e98b0f78d2b91400b6d8961cb6165c8b684738e4d4db2f2ac30ddaa03a5e0cde4142b625e81907f08c60d7cb5729456806c89ff0efd08397423e44738ff38f8e88684f3a099dcda455521caca37ab4f4d9ed5d37975d4fdd778b97cc93babc804864a35e3a2db04598152e67a2f1f157681c3962d46ada23ea5d9a524f9cdbdd08a07a3a85b1f6fbde11d5a35c7743b83bbefd19aedf6d92241d16aeca7f33cc51839b75f111e8edaeaed808daf2f43fdb3c6f032ea45052ac31d4870c4d0d76aa75d0b88635ce449054013f234c4a16cffc58c95ba1cb8a0a0399861eecb1039bdedfab4d05f0270c6b16f03f6b8e629f687f133ebf2662c7f930530746679aac2791f54d6a95bfab5be0c33739074ed4e7ae88dde4a8036a7d6095cf41776366b6ae3f8f4a0734f48c275e129cfffff5e0abd042f99a957bf6f0f47fc7288750f4fe30198f8cad7067b36cd87ebca08abd3f9475e7443f83cca91a1ebfc42ef3494871f51f6d52a5524b9391c687571be5327c7c94ee2a096653acb410917fd51e56a92be4f24c1db6b97b465ca84c31c04c2f61eae07e952eb6554aa4d8a380d9ee81c1c462c360fcc3cdff2867a953b655562cd06162af8b99bbe662e0c27ce4d9a1c1a907def48a3231c2110c930a2f1498e32dbbfee0e5c5869332f3024fa5dfb0327a27c663cacd4e9902de34dd93529e90eb347bafa5035f56fc578e8386c7571d1f0ba335225ecd8be026b4544ad70f3af11501a53119ee39a8558ca0ed5b3d897ffb9cf0fcab55a0942d3bf7bc6b94ea27a6b748f2cfda431f35252c44610b7e843ed91ebf7e8fe10638f04f52d6d5a7752ec62350efcb7c473f80b1f2a26805151e8346d39d23551e92fbe372df7979c3f756bbb43f6bed09bbc6b65fe6fd241ae1c2f1a0d0b805c582853b85502968f9478e9a84895f9d4ef01ec4f3f571e57cd0bda68ee1f6f7e14fb6e0f4ef8c7dff6796472a935294fc27b16216966d5021339ded059687355b42b55926854bbfbd9f974a0c26eadbfca8a6183093996cf252894e6db910c71ca3ab2e82d90d371c36b92c9409cf7937bb266ea9b29c41d774aa522e103cb30bbabfe872b57beb027623742806aa7694a859ede9bc1fd7b9e32880b064b0030fce1a0e5cdf3ce558a5feaa32e323dbfab6661c5878c9377ee52a615b7c17bf1228e328aa20f92d070c71561969e1af532e76835fb0436810c3d87b982217edfb1143bfc3405ac9f6f3a50145608dfa8658b0ab642a347255c55b59cd1c5897b2cf625a0f0706c30ca1c1321e90cec57b7c3d1bd1af455e3732db80643383c41eaa6781f63da6233360ee720cc04d171ae2445b0c071e339d547f7ac32f407d29ec7abce0a9e1ef5276544877bab2f84bd2eef47ffa66f96e7170cd54d836c9badbc59435146031502c1a3cc744a470f693636d9050c5b894d2d6047df60eb0bac16d905d46cbf017ca69d66427cb88036eca4ea9d0e579f6bfd8a4a850703a0fe49d39c107c9358e98689fb62bd0475aab4b2031446b437c7f9e373caf0270a28d7b15c71f02079dde401e26175bb6e392106a9072021f0e5c5145a1db6f595b032faed8551f6e2ce318db1ab513db876a3eb42d225014949c19543e9c5dfd2290e28c5d72c87223f0195ffbcba1c02c7d0087721efd2af6881dee7dba7565e07abc35bc3fa41c6a4d6a313222ac6dbb117c69c62db2691c68869ac5fc5e987b0ae4335f815c73ea4235da2582dde81d6fdae5911617daef847be17f2bc09edd88830eac03977f89179fe03eb2dc3b38df43803ca2d38455232549110f4580ec3cc04c0d8cfe493013d2cde47c506ef6a8dfc42d998f70378fac5ce4709345926dc477e9e339d8c87ff6287ea6e2873e14d538cdc3f2a47e0e37a2601652f5b665b616a7d1ef3537a3327a76f93990f7694e6484e7a52a10e9eea2edc92b99406abfb2b11ec86667c7af4a333dfe900bf071d1bbcf4f0ad768fae4f450c53817c507d26e926e753e3395201d3ad89061f16706d841994abad283f0db74cada25beb5fe46f48669a62e0b849cb77097e1b4578b45062af4a071b04f0cfddf87519cf2bfa10ebb4b860239ff187e6dad73806ae968e6ac0f738baa88edb3ae4883a9e59be7a6b222c5f54818f95578daff9fc7a7aba8c4a41a699923e85ddf24a32bb71c808516f64d506058a70539276d57984d75161cba7d53a4a864c51a249a6b8fcad5738dd0055ba8468b56579ba5f102642df65c598490f3a0c9b1064f4eb1962c4c38bfb7d55d496a0b0f7b3f90b42f733d112c89176aaf937eea4bada845f3ca4e9b56b3a5a06b4c90fa4c1914ea47020c2f32531e270007ed389246906ecf2c4465f7cc5d6a347583dd73341ad97199021819be81100d867d628323ef7552db945e4c0be604cf6c4a8197958bcbd6c1879387d3286dff979632c54baba2a35ea84efd7726b662b94fae61464d069e0103692599fb86fdc3a06e01c6ae3deb3de6fdb21806c716e5f82b784e4ad3f0e2de629a18e3a2309003dfde9dde8e5101b83312f76e811277afc286b56879f4eb80468e58c60bc088284d05d725ddfe3185b7c51b472a7ff7db3930839142d4a452ddab628e07d43375801d7c6a711a55b452748d770b84ede35920c1ac74b595baef963d21df9418533fcf959593ccf5afccc753e86c4ae231eafe77a158c2472143faf169db29bf2b53c3288d8b3c9added65778095f85e2cb471ab58362041f0a27d874c42bbb06385a0403ca193cba67cf70029cdb7e73c7e2267b856fa0b8dd4c706b45e7174659b0ee2891df911724324f7ca5daf07c912b9b2abff762e62a1817688757492975db7185c4695f3a90895634b8d07453b36dd95197abc31d5d153dfb0d0ec92639540e99d6590f9b394f14c93a5e829fbb33616e810f59c502be44a13b700fd3009545e34c211abf9afe1bb8ced793c6f516d40010649f83a78ddbe9b71d8596582997d0aa54192e1200db61dade30500d72a184ca7dfcbfb80e5442f489d316cc8b75005564835d4b11c482e2c4d0d160f14a8b13ae0a0fb0ba5e3b782770aaca357df0e1c4d1c3b28b776a8b3e0da1abfd4f7190673fca1e1c5a31c688d6e8ddb21300e4178d07c4e854a718ac3f672b0120d6a54c16957c9ec8c444208e47737bc4eeb0bf2d801eb2fcb72f91fe988aa75f38e6cf26e858dc2a718580ff5d281d13e8fc3e3bc30c75c0193481c39c375a5b06b962d9491f3f1fb80f1cb27067f0709e0b0730573a9b5f5bdbee1708ad84b4ceb1a9a61e4c41e90655764057bfa07b8c81cc83a315be1aed6a49715479c0fd0f53f625fe6c7f36fadd001149ab978532e4d0de3d1a38934c74265b161899843704fad16ffc6189f42a5cadec98603e0f98c6889bd4a559079e074cb40678fad4690a20d988735280a1ee8ea71275069132101b35c18ecc9d3c6eceb4cfe9b165e4b6acc17d4f113ef8283c0fb6506f5635401e916d4f7e7bc3cf49aed166587a0c72cdbe673f467d81bc2e9cd08cd8dd16d90b353481df31e89b45e8b
+MD = be3cfa6c965b2ee4e6fb0236665b0b95f66c8da8b338375b7393672283b0e50b96112d7cb76fffaa6db8ea4a7687fc6234dc1ee52e764d69ba8ac40c0f51beba
+
+[L = 48]
+
+Len = 16
+Msg = 3a35
+MD = 87bea682792f6bb4977fe1b92e0cc7017413dd263732c3604f0ebd63c2817ce5ddc5d78c0137f614a06e72ab1cab2f4c
+
+Len = 104
+Msg = 7db15b3ee240b45d4610950996
+MD = 7311a6356ab38a690c0b3a1581c3e7b6de418996c05e79849891b061c51d53dffc0fff2b8ad1c1eff165aee5ef6e18ff
+
+Len = 352
+Msg = d2a1efc725c46cd6a19760f49edf0bae823c1b4992ae2260085746cf65833bd008e56e64002383f51f960239
+MD = adb1778360ec659e90609e74b6af219a01a024f216b68aa944841429ed5b03b139444b8b848f73fd5f350ef02d46b6ce
+
+Len = 1016
+Msg = d11ad1253592c094746da7b5c88d329bc3ce1929913b8be07e82d3f6b7a536a855f31ad197376eba6f2f4534413fc4e4e7673fdff8739f774a710754b568b7c61a473059a41c98aa4e86617aa66d2601d0f0d584cd9f132afeebdc0ce3da6a8b290059e6e4aa080c195c42ae7f7e1e99865223439929b0a3a0d79b46ca6419
+MD = 0cbec7be7299f48f043c3d1aacf833b4258c32190a21a8ac2471666b4a51b63cc77fff6e081aaf5ef21b1b7523d65763
+
+Len = 13696
+Msg = 2f7a9929dffaa4a4dcfeea1fc37b18e3cf935abbaa17cf9d834b3a8d61e9fabfb7683cfc387d6f46ece3f8bf845827c7ebe86a651d6dc1e83c5772cee1a9fee4b04453af2f68430bd87835126cfd1b3f8beea4d3822fb27864570e255cb65b414197480b6bc20a39c5450adf2474da93d72f6ecf8063899722d3755b7a19f71e93e782d89593ab19ddd3ddf053c54e0bf832311fbf132e8b9e540f38e4d9bcc3cdbf69de54e40ef348a9170ba2f65def167f568ce846889c0161448342fe907718a465e451bc1b0f2e4f21f9b911f186589f43dea305811473837c063b915d849c20deb43323bab4b64e61823f1df119e71962dd975700391b411f8778980a3080ba3c14a321d32c082d416ddd2345f0eb751a516d44ee55222395cfa11e7fc4edfbe7cd49bf4ebd4d7428843a2ad5538b3cd201ccd431aeafb146a65d28a4870a6948a7cc0413b0adac7e8dff3a898aeff5f4b65d10b28ceb749bd354c061c3008ec569d5f90a4d4f5caa51d35b49dc4028e738c8ff5939fef3fa202fed9ebef6f2c7dd0ba41cdb5c0c16985f96fd93a65d134fb4a90ffc0fb6cc5396b843c2151bb7c9170f2fa4fb44292a4af28df5481de0c3c917ba1c46467a35302738158493fbf6a0422cee558d4bce3d78e14b4fefb65bb05043e2cc2a6a8ea64565ff6ce2fd2c4f43fc02926ee44ee02fe1dce25cfde0115c9396c9ea06269f17b2caf58e2332cc1c8528d9705c70da1f76f22aeb1d1b93449180640fb5c4c4a708bc4621d7d2bed5b1a752191cfdd45086d34f247ed1df0f24e7c620de32bdfc4d1f882380d2cd7467c926f48abc75cbfac8788f88cd9dc5361517a5eb36311e6b39e21a85fba2038fd47d860f776697bb19cdb5a4d6746fae507e274399c91648537d905015e58910117e5914f44ebcb00e771d38b30c1473e1232d4e222cebceb4810c48e83e0fd4c852f4fffcd643c0ef9e4fae2d0ebc6f102f3f749b02a5e3a61517d53b539cc24120df3957a633d50369d46c0c226f8924cae51dcaf54d716f61385fd8cf38c2c311a32bcd6594d6930133dc18ef36a9671ba8b179abe95f588ef74e8558ebbc974dc73c26bb6eaae78ef464181e18b71f4b0f986ecc8495a9c4dc0b0b96be9806fbd3d32952ca3b4737a06ed6561e9c9581a33a720123fbaa2a70fc3233b83e56444f5aa0cfaf70fb24be6118404f3e11e6ea004cf2d079a3e93a8ac1d4e297cf4fc43851dd26314a7ed6a5a784b386daa26e50c64692f7db28c21d82234289bb45bad5042236667e6d70a24bc9525c3adcb793a6a5725d9b10911e3bc8e3fd604db7998346e7f7dd1815c0cbb735a977bd4b32b5b976932bc92ef3b56bcadc089045ec95f241cdb0a84c67f1f76353da6cb493bb27a881d37a2106b8b3010cf935eb3601ce4dce3e449eff8331e444ab117a20809a1010db4cf3be0c488f777b6532df908112e3d11592f04a0cc16232d62340cbb8b5268a662b8278d37c03d848a04f0ab498f5af43b0a20e310197b7e1395a65299fac29f051bcc5fcd09a5605bfee370ee8ea21f5807d9748acca815a44d81796d68b0014eed3bb6a94233fc51725de3809ac6f538beaacf8cbe3d96aca21a7a763a957f8892f22c6d086d9af2e5ac9d90321e186584f17e964c90739559ddd034df076c4aa38c2b78aab6dec8ef6be9adf33bfb66f159ec4826653ee6cb483539c47a4a1d95663e6cc7a42a3bf628623a4c9500a59a50a312aa104b198ce5f3e58952bb79ff1ccfa9ddba2fd4705e91b5acaddab9d6522d7666264ac5f533b6d8ac4512d8371c69c06b6d322b046ae2a0a20aec1c3bfb05f3d91b9044cabdd873abb5f2b0e3e19740df31e39828f9ff9bbb20b73541a7a70b8174ce4e43e0d356e629cdbc6c08d29bd7acb6a4347823075683ce9d7de4ab3ddda6572b175951f30a15263355fe9641b3322df7dd52077402a884cd472e6d0b6c34cd63ab63cec8760c7ebe384f7cc31066bbdb7a3417425e039c4d340166e4bba4839076ac9457c87459c57957d0a06dced2f7a18acd22b7295785dafa435a2a8a2c3a1fa05d115fe129d19fc44c5a29bf15b4d9c2b375bc8e591f92756cfc573a39b8fccb8395cad7617b11f14a60e2dbf69b897844cbbcb70363010f6e1bc0590ea594aa924597dbb32a868b55551789f82437180b85661809089d34a168d44b4d788dba23b13542715843eee797366d9ce7793e72331735bc78cd61b13421a568ba3e66926921c04e9d00888ba7ddeb474db63813756ea4a02c1823083e36ebd2d32d5c88cdebb98d511304cc276c7799cf84a1699ccac9569b13f530c762732e6bd0f8415001b2c02d11dff36660b717054b16df49ba38425e3764a56052ffddecdfc686aff22079897376cc15591e11579fe4feeccb55f
+MD = 70e1259106fc7a7c6be11d95fb673bfaf0074e342fdaefb458faf4619e7f0edbd68d509b9ca7243d2e5e039d42ee3b47
+
+Len = 100816
+Msg = 5f464d3301c5e0871d6b41b002dcd09abc80a805de3482d97f3fd7b9838745da1c0534168f76b93c3c53bbabd904541ffe5179cae619dea77446140b7400f47d242141c7f2e9894d88f44c9e066861498e7394f206f594a419790d697f6a11187f84bc6fb288186109343eb11172bec076d041a4c7306d7978c009fc2d2d62563614ed3555ba2d21c8fcd70e8389352dbe4ec808af3231ce990452eb05b1b0dc4fbb1b4265e69235cc3561dae4148c386cd770474863a84a822b2e5f905fc255d55f90bd6a760d441dc52240ba7d8c888a5283891a2c99963d1fe680549d6267cdea92cfead167f6c49663668f2bfdc61fa647f5abf3ce5ad2c6c175dbd456ba41436aa06f5f68f5c88e6b74ea86a79934bd05b486210d3d470a0967ad6d67f7385260578088d7e63197849354f651aad07e04ed301f1fe7a6d2047d50ce5dc6bbffbb1da6b47d740898f4eb54e3c5a1fbd18ec93254cc01f705fce04e6100ced132c519674b2345547804a372b5c925bd9ee9701527db33408d37b72f8d18b882d3c4744eb58f011d21fce336d426de1fcd5e09610216248b51fe2b79b96c2bd6ca0155e05a8a516b7a24d529a9a475284735bd9c4c437ddf399864b64fc5d0d6ffc4e5a7a3dbdd476bc39ed29a0a92e1f2b6b3506c2be5452d4f896db6eb4f895b554b2af64c4cb8dc2369b91022dc50b7291404cc9605c31569c32756a64ff8c4fbb0f1bca346c7b58a5c6774b2fc7f7fd50741d34c8564d92f396b97be782923ff3c855ea9757bde419f632c8399763003b58ee9140c2d62e914c1e1fa742661a9166d42267edc40905b35a25d5c3cb3fb457376b7422896df7bb19c23e8f764416731d2e20cf2c1beb8663c07edd8f105e078e2fed05c5e5897c430017fa2160f565a75a4c5c64a15dd7d644bf355d169ae2696ae5ed1a39e8f81055cdf315e5b0c6f9235515fc4dbf30281ef17b83a6ed604f89293904bf78c7183fcb0ab236cb1f8935e59c51559217efabc000b165d819b717118a03facb61a13a99b194f8b6c7ddfe5850127d79078397a56564c7ed6716a129409680434061b2a4782c9006587de927c1ae09d6778a5f1c39fc419fe10493eb0d4ad492fbd05485eee7913c59df82fe7182af2cf06a6e8edf06676200077bd1408f5c1cec537cb8566470cb44895826d04ec20f0aba4297c501add65c75d5767ad2ab63aa81b7b66f01b32590f1d55b7e50e6df1ee077a19c8c895f5ef62d452cc336e9aee171fa997ddcedd7af86e6cc37722fb5838a46c5e58e7f700edfb7c6bf832171d9581f660752867118e9535a6118635709d6f1c1cb21b938068958e956149d9bffc67f355cb88205d4894ba97c3e3c8be9fa2d20abe79f3f93a6a2f4f56fd075bb49a4b7dc83630e58c32a29d757fdbcaa607352f65483cf2cb4208a3bf94ca7a25e2a4e05279be31c33696c10fa4971d1b64ee938dd299f483e5c098845749a3b706a787529bf2ca56693d0a7a98243e6482a43e1f5d3086ca1b00368d8ead5ed2d0fb79b1e2f537ab9340809ca3a9b5eb2900390432293008ab7086c2811d33de0648be5597ef002c7c462b5e0f4e0b1720a98b2299ad7aa55eb78f0c77c2ab4371385f280107ae40ebf814a8223dc74f31483c63d9e4ed09fc7e5a51bac34d69d97163116a66c84ea9fe4263269b71fd228555ae3cf5109c4d6ced7b9049a2b8069bd2f71834d6c07fffbd7561939188bc07dcea08086bc7182a5270427c3199bf5fb5c4549861fd32a38ec81c4ab058c777dc01864787f0275f911a17838272cd65135f66baf06d8d93bc439eeb55d50b7c5adafed8eb8140b4b05f59871dacf954f4b096c30b7857774fcd319c096750bf605db8e31fe02cd1b9294eaf8bb009d4609f2cdb3a8657f650501b8553765de8f572fb91ac77b35db35f402453e5c58f60146f2906ff56b9c6b3a5d0bb6afb9e2201110919ac9c01a7e9750dfdb2f72afbf7a8d6f64b1c68b9de17a2c9abf289eef24074eee9b1649caf3693118165503a30200993d271aa31b8b92606a10a52612dd1fab495b82f9a98cade18b9d8a723a71ceb63fd1d27372bd281f9b40aa1839b0cc2f2177a09aa8e7b159ac118d7c145e7a4f032e788d21facde2b4dbc1d5d2238f530d9bf9bd2798f611d03ed8919f0c85bc2da99750b7a8d6322d2e66ff6ab9ebaf7424e8c1c3f4fe92be61f65359106395f5ef995e925be3868ad513f561f873acdbaf18590c903d64bd275121c11ea655124d091740887868544c5348664399d3da96e2e35fff34f062fb939d656bc072096e510b40b2f75ff010af68d64fd0acc778e2e13c9667de266b1816c4ac449521b02bbb217002c604be72e73051aa9048d192e3210a68769dd2693e5d44951711aed3a751240d42f8925844131daa36c51d7d59bbaf99623fddf1649db954705fd6f3405e63894f5258c9ffecf83208c2c90cc55b1a8d2972ea6b3a049ee54942b50526b7930953986e428b2c75e47ed870bba68dbfa624dd94112f3059da0a80c583baeb570fe8314f5c66501b34116c81148dd22396fcd6479da49f7e952c8084f97d6803ff85c3787222064ca368f596a1ebb6dab20a03916b3ab071c927d87fc10ecc4e7ab4a5761e3eadaea4de1a0dee30aa39a9e4dbee047201d7d8a4df1284cf668ae3ed7dc4cb2cc4b5cae9307353fd2ae4c105c5d9f3bb021535fc3ae9bf3ff54ddda8b2e1037cd9d69822df436dc1c750a9f557d1a3a63fbe73c64261dae0c70bba6edb57519f5b957f138d1aa5fefe01b73c1851aea42938147bac2762527a492cb85da43014c876e223b05597354d7c9b328df67f354d168a84ce86dff57d8a870db034196dbeff83ebef80bbe52425a8810f2c9fea29ee688a201cce4a5f447be789a3881a9da3b6c491288e8f1091719032608b332e0410f4576597e17e0b5dde305f069be2e80d565bb979a3915488f88e3ebb90e81c264bcaddd72b8843af4a4ae31f723d50fa0995b027c334c351128913bb93e67b1b08f101f6b8dc8202b44fbc3d3dfb530f66e5a8f35e69725c86998c05ac87c561a4706e90fa095adab4a566da4fab82bff6b20076e5bdf62dbd6614245b6a6f8cb6bf60106f8d12b9c3e26f8127dc547e2181531ce980a3273f452892110cfe1ea834a30f99d66e026a9d22dc76fc3cec8fda2d7fea701deb84dd45c97dcde57a017693e90983a156f11c4d168d89c06d8a32dbfa590adadd16850854f24bba315b0bbf372f03711a20163afa0c137383b9120b26c59f5e9e7cd2ccaf0ef4e0d70d5a81748ad441ee5fe178e14317cab184fe178fb0cc0d82105d2f423467fdcda0f9871b9d84882609248356f3053a99866dad9f9b0f8c4a897a8cb8f30365a7ae5f3ca6e772d863d445e6d57c6a478e35d719d0e4e84f3a30b1816ddb55bcd79df21ea0e95da72a19cc1fe74fc576120bc108be3ed4cae3bea889fb4ddd67efe858a994237378eb623dab070d954ac780c1e6d2095383c98ba622cbdb18fb53260979fb2672c21a4600f4bf06583a112d303096d4e30e7e1060d869f386eba3cf7aec3052ca17593dcc9969fa9cd88179c262770211cf53f53f175037a5cd445d239cee48f7ed0aa1d715a22ac18a8aeecf191d415e4afd92b76c091803f4c757a9e89f696ab7b11ad6d5f24774e4a004dcb0e3f33705dd8150431f051016af37647b9e44b10bef114276d4b1055b634461c655a82a847639a038ec9f58876e84e9a2955b696e072d8054c3f81173473604d5fcc0a75b4a340dba0c375beb87b8b01a0f2de232bbb8371c3a9d27a0ce521c4c43dd3bdeebf92f42f87d88978d5b4e3e563cba0e5f59dd29c31096885b113ea5c57e66a3be015b703bc26d3fd1d51a7c14f85f65747ac909d7e30c8e800be27eebf4a62e42e538ae30b6883907cebb7fc5e150bc9da3a138f394e817df9a9e44420078f30d0d3d6981ca581791a097a5e3982c983d5cec239096c7d8cc55c87242026d769ef1d04eb96e5b5001e3358af88d417cc61f107659791a35d8b5f7a5767ae24d5b2ba7aa12230076db1f1b9b6f213dceea62949d98bc5db38743b23a59ea75dbe4231a285678f5f07facc053c2048022fcb01f15e8c100d64a877ecd56d196a6ac60ae35e0e09a517224ba409ba7b70d8f9fe65bc427b212a4e9b3cb17b0d332267cea4f3bea7c1e550f7ffe567b20e3057aa0ebb560d00d28e2f7aff718a9f2d4d044f0d20709bb9ad567c98cff7c4810e8c542370cf90a491bc1088f69998d59f344b74db6c1bdb61f284e99b517a11452ca0bb37c7bae77fca6514b341066086e600f098a32a92935380a173c9182a2513584c54ff67e580dfe16b508acf1729a3d649ff1eae286bffd688fe658612d6c8e69e6e7f7de4ba85ec54747cdc42b1f23546b7e490e31280f066e52fac117fd3b0792e4de62d5843ee98c7201529455c85b169fdb90cb05e3403cf2f737148bd20a53c73880880a14ffff37d62130e682e50bc7210ea6c1f0c27656cc1785a0d9ce93ff94dbc5b2877519d9bac4a339e98ec594a7cc76f4ddf994fee8070dd4b8e0fe0e51b93105fcf566f83d914dd862b4ce78de7e9e16f142234bd969ff8005dddc641dcd3c7cfbdd6113cd3ba34a9503a0f433899e90e158abde2ed4ed4b3711c991577c5aafeaa982bce80835f8e6d7c7975571fafb1499991646bc499ec32930367d4b1de76ff656442cab987bdecdbcc2b2bc35ce01816594bfa4b6e33080caa41dbdf8ebf2205649f98a2d3bf331fb16b9ecd1824eacbbc9f81297b115b4d36aa7496e05f7d40d4edd1886c1bac10cf3f97840a03277e6369e7a7e90d932050ab8720fce076de5c355fb17959bd75cfaeff325b0737f8f5b1160de0b0184ba04afcc30bca77a6a37e29662302d01858c0bc1d32b883011b7df5a387805296cd91bbc835a3e76152d017ee929d4cbf137eb78db89d71617dd76cb00707aacb8088ac77a1f52ed710331193edb29933a7efd8cc153e6adfc2c6637e88cd86b06036b8177847b4d086b0ff9b5dc91f3cbd1c08217023d7449253c25331594f0f16a3c5f2e122e0145c4ec94f096b45a1fd0b2dd3f1d51e58978471782a336eae49d7bc4e050d1c6a391658f71a1f752c0ec6302bc2dba9e3766359359ce34955a2db86740c90d09cc50e92dbb76e17a39955fa7108bddeaddaf860d1aff14acec8b609ac1d336270a940604209df91cf45be72edee04277d694a6f968ae6d8e065702f3d607f3baf8db4ab7637fa4c78bb0b7fe69937eb1dcb616fca564a5a521e12df71fefbc321187159bd6a47b066a3440ba634de9153a94546b63aa33aed9da2018e1f30628df37f5360ca4f2660a46ffd73e58183e8abffdea25f7bdf798a2b7cddeaa481bcc6e682a67e99143066963d96d4a928a478951dd6ec59b1be8cb23aa688e1867738aecdd9afade39c92c0b2572bdde84eb912ed990ac618834c412231216fdb84f1e01b3f8414fc6dd0f646fd0fa62bb0157b3535e1497c9272df1cc5dcd4e6ab9a8456222655c56ac73fe0d2aa8b599035daddf0986a45b1a59510abe19a11b6dba065c8bcf8a85d20a3681c2414dab7c036cc1358b1dba98d6ae62c5948c36b5b3e307a6f860c0c822ac724a5c917ed5f98ece548a7a741d366868e6c676394c3659f7f6786594196dde332543376f9ba0724b091d30f431f91d919417e5bf7ba1e9a21cb80f6c204c3a58d59d960a5788b5cba5abd7c7518f4c5170115125de97009a6c3fc4d5773e4f57fdd433eb7422c7c4dccee57a1679633ced3b5f08df763d4577983c5ca8b49bc4e08fa76f8bff36daf0fed068db47f0c87e0e45d518dffe37c129cc6e2f5f9e0430185723098e715284a42f302a6b8368a4f2dc16f534d1e5db9d0b86659fc4ba6f16c982774115d02a57684c7e5489b1f491584b0f0546e4194a6041f5e5be3bfff3852a4fc772d83491023a61a37228ef6260edc0d1cb972cba610d5ad1d92d554700771d8236ef55e983765ed8eb21e7de7c8bb51aee9368758454fee4a3f32179c1e54af1d069e0b9728cd0554351907e018146511e4d6f0450b57c8ebd21c71450116296bdfc779945da60b9192c5bb9a67b1f04d94992df4cbb3e30732dc8af2177fef17e0b7d01740b8a64db16bc29c1e589b6bdfc967edeb2ce8a649ba892bc856a929f0b837a838ca7f917a52436ea3d20e72afacc5b9d58a7fd0fefd96787c65ffa7f910d6d0ada63d64d5c4679960e7f06aeb8c70dfef954f8e39efdb629b72979be208d616071289cfaa0756a4bb5eea5c7baf8fe7a31501e7e2d67d708d461c0c93e85f03afd70bd9e16437171e01a34f475e4b5a58d13ce4e2fba72bbba93403f3f8981e0bbd6a8a6223327bf096c44b36e0ccbf7592a98c1fa67f198b628787ec80aaef848b4fea158c715799e6f458327f399e6420f0e7821f2dc4663bbea065c7bdfe830b6102e2e7193381b9dc7f2381ba808c43b8fdf3addab4b5fa81564716f7d46e0349d9b27b559710d723c7ef2f79eb55c3a9d75b99ae6fde6877b278b583f8ae3cae776b914b0cae0772397fd19b6a27676c7ca02cd07f4b4d49bbe1ec87f2ac7e39e5f7712319c31271dbbbaf4b826af8a9f4acab696c62719f7a6a032c4bcf90922a3c630647b7c1c7b78b10afbd863f07486561a0bc8d9b1ff5fc41998a7e3c604e24af1c1df2da1dd5d83eefa2e4012f7fb5959ef9339574367deff73723484b5a969c8c23dc251a3b887f34b9ea09c9a1838e8aaabb254445d7556dda257dfd5579737fe1dd6c67f3851ca68b011e7cb7b6958d588f143828f0bb24fceca31b47b77d1ce05e75ab05b55d6c9f9107f0c738f2cf8a1629f7e9b2694324e082503937ff8ca7c5098f770289af7d038dcedcf0ed77c8b82e2a9003a6f3db69e14131e144f6be7cf0bb5353ea96aebd78befbc6ceae9bdde97823cdbc5ca8ef8a993a9d9383aee9f2d6a18fc64ab92990672ea2dc9b89ed248aacf7f1a513da43fe5953335afe76d78867a066f226ae9c727c6c60671c50a50732698ef7a492d51998eb6da5368a667baf6d12b77eb36686ee0ca239dc6f3598be0bda79e47f0891fe4d8989df8c685480de11c148a2b44c8a6bea3a50b09be557c51f545a09a30e9362cf3080e6a6bee3dbad370ce24f6c5a6f8091007ca195057fa3af8f99703a601086c2a1ffe55fde4c2c4153dbff8d6601ab68743c0d50d021b0b3099535ba6c40f866ca3ff0df7c19d709a3f58b57b40ab5e43556a8c0c1938c875267bb39c0db6b45840e8ee7c22bf6b48798bd744f70e42fca343a8bdfbd7f55f275ca5d62c7288756d4861fba68d16d842c5b893c1d8171bb3c8b593387d3426f292ace5cee7753c9f9a12e6bb9af5a24192e4184f7d3d191d862d3c3dace7853eaa235b6369fd164e5a7bddd06daa3eec7fe4130e82478d36f88a0999cba1f251ffb3a7689ea2baf016073193898716a9f933448d7ba8e0968c669bdb7dd5e6e32fd84a6ce9e8632b393f9263532ec2107b4c0d2abdf3abb2de2d63511805eb58a70bc4ded040d76640af60ce7f03b9a682b8dd84ed8a47225a48e0b94ea47828f1c8974cd64e5027d8b13d43519875d2bbe4461a7f0f5b5b8d63a472765405ea9c994225806395e64dff88506f7f7f3b6368d769e6e550d4e3e81efb13771cf403e855f75312f1383ce4c2744d0b4e3735a0f1e1b99eb014fa60c0d1ca9035fbc4403330c2fefa8411fb7c3d6ede5b5c8f4736106bbe01923d483a84f031e9685a3b6a70646a2a5059ce35fa496b3f21fca6047471a5bdd33908cc9328de9fb032347c249bf7093390b750696124621dfa67fd9c7fe85d6e5a4d277ad8f8d169f8b5e8dbee280f8443518bd94abc5ca704e781e6cb1868ba2d6fbbaa850326fbfa5a20e4df6fb5f8ee2728e86a758763a8af21e1f7a8584d3f0b09a0b19fe8fcd37bc4fdf45084d7fd92b80544f29aba52496e2c9a0aa4adeb89820be321cfd2f0a53585a15d04c7fe4ec9be6eb5df419e20b71506c1f642df75c53a9e3b2414fe6102fa8af7be3f6c95de824c31fd6fe8ef9d49e26095a2674a33cb574e9e493939bdeaf5b309b4c51256ef71e95dbbcee0a11991693b533f916e1c82ce86d65d89b6d596017fae944ec364546e78abbcbe4322b83e2fcbb4c5d4ccb54d8642c7eb9e28c08598a356a5c46f8813e6b63ec2f3e3bb721b726361f85a734e0514f4e9c4732991ed3998b1ba8f618c2071d1b943eb0f8766fdb7f0492421429bd380deca3325c8d5c7b6ed16429539ae54f1eba39748f09aa44efb67d863cda304e8653ff7499cfad44dc27807779ef8e63be4b376ec403f3c84eda4e5af31c30f9807762e0980b4e5d9dc406cad4e888bfc3ec4186de8ccfcf631b0ba5831747a1c200d45ea06ac82c7952fd09aaae5dcdf5475da427cbc8c1f71ebe5132f2fcae15975ed6fa14a11b38766e1c446894f31c0496b0e5e96507d28e6e4549d6d78841e40630ef306491a1da60eaea3fb69bffcbf192610e2e07bc1124690fea61980e8ed654c5e796f67d26db5de35b4a2c67427833e360ac2a7d4fe7a5ce572144443ed62ac460c1b19402e85c79e3d80e1c143279b20a66d8dcf2bfe1cc44a0f5aa9b0d9b36c46c2cae148dd0f2ffe9a8e6e7274d1832e57aa39fb40553da6414094e838d613a20ce9307d49f97d904648d6460985b01af769800cff9a940f70729fe40e98feb64ff0a81c5b2b096b1a9d832e440c49e4e3684bd17a5169fe138d2544d9806fec027dd2a67f1856178e090f9bb2f9b314a202e7e95f2e41fa80dccf7b1810e9cbcaed2acc2445d60e26f7d63ee4b28e4299e60ea4fc659e7d6f0de91748bf1ede1fdb2acde9482bb76bf6716847eb2dd7517e0a94f0bbf20f248d2c79fa0f518b67a44d5c4c73a9bbc3816ba85ae8344b5f377649da75cf1857d6e4338a76446c48e52cc7bc7ce283d4252f8fac5e1427299edc33f84798316f77bad4a87849e91a1a23c0b7a86898046e278eaaa15ff33730a6d3f885dfe2d1dc0acda2a9e49a71cfecb7dcaa9e70eaa8fe15d4567a280e8960ba49d5289535907e9f277f96e8e652c21d89e81696dd821db5b7e1e53e160584477aa9e4c0e12160c9956df36cce6f4e724dd543827366010ed3d843cdf4319c1bf968a70e9b1b6bcd8af96c9eb0620c569716b7bc42e13251a6adf8201faa129844b5e1d699cafa1b66a674e732c7662b0410e5bca2704c5ebed7850d0ebb825cfb0627a183cc9643b709aedeac2c06700358400c389f99666ae97ccd37f265da7addeb07df9ccad6fa777d0da2fc47b6235179136bbbb409596841e921eb278142a19e6203c7f235bf8461ccadb4b47dd290d36ac27126c808b866f9531261f1e0f5c458a6bab6f064b4efc432e1c7379f9af19ac34c5c22e76e6e7651e48f9ce44eff542f018397889d896cc9001a63e8e455fbe4a9ee9a740edad894fe1af2bb21a1dd0318e28ba982c12ed69c08835ce17336ad1638af3cfe0ea892ab8e83d3f25e6bd98d5e4d36292992e2122c265a26cbb3931dd4c1b0d0ac5ee19974d0dd45777908bb416cbce52531820effcd7f28e1fb2d3d4d826e1b2673e834485a25af9f9d174f566abc3b36732ceefdd91a7c3885e1d10d51c321ff704d0883905b7539309ba5e7b7a2bfefd0494e90e9da7541ec37858ec05ea9a9ec5672b113cd5ad6ebfc5b8fe40ed7c3f17d8a73703dc89086b4d75c5eaf06b840bb2f5b4519a4fb17bfdca9605f17253f203efffc92da96fde023007d22cdad05d18aecb4bf08085c5ca5eecd21f2b611e7e8a0ef981fe7aa2014f5ac6862fab44011dfd33be8a1226943aa7ae5fee9221b0400d9ac2ce5241b09a68cde6b13c47d50bf310ecb37f25c32770a299020d8500d8a4b5d7621e4379dbd6ef34a9aceefd4055ea6144f54bbfedefb5b5b0fbd1d81c7a51a802072ec3d84f34585f22c1df84caca07849b1ef054cbef9b40848e9fd238761df5358cf55a79a53a1bc749e49ffab7c5bd9a28bf24ad5833facf43bcc3852c1e85cfe47929fc49c325c20d74588eb9833519f192243cf96625057899b70a7c93f8fdbfb60d8129d9c43c95f8782ed8293641ffd21d21d91a0b4db69d766f6d6497e9a414ceb04b65425d6ad6c8811da00639dce8d8030038f2d08330c75b0879aab81bfb3330b950e54c13780d308fceed2a103a1a8b77a923b66aba737654ba7995acd306aa7b80f632184412e2369c353c2132ae614553e626f0a3436959104ba6e0040dc597dfbc3602a49e401bf2249699375b2c722083489f54fcdc1f616a133ef6112a1754818158ff78f245b9046100b0e89407f74145fe336976af971c054f12d98002c68b3aa2bd699fbcd71bc4dc071e430bbf694595a951e01098aaa499be2f70611f248a694539ef8936b2e8b7a3c5de8662436fed1f7bc24a4e5c17a663d9a23b4692993301b08cb3bc10f518eca51081c717ec8dfbb0c2669f7987fe6aa0bd98231d8e8b58951b42537f12884a857e02d62de4fda6b88b6b754b1b27394c6a819e0f92f6b2b2473fe245678e252ed31477cc7ec6895bc361b718fcab3aa550fc9faeccfe77cdb5b151ab1db2e569b5bc923ee26f0b6113504d295112d47218140e44652a10af10a088f95c7cf2fccd040fc93980939122411ec643e26e7d69ced3178402e320fe156e774b75b5afc2f3d6b6ab828bb4993b1436faa5728cec34d66f520f59e82716ed6d1324944c3c91d04d5ffc5a921f4716c39de24768484d0096f7d8dbce35aeec22db11f899e5e7e3d57e7668f35d6c0db3542255d9262137d39ae6cf9bcde254dfccc54a6062fcf8982f781d9ffab2df4f49ec04a72eb9646d63bf9e1799bc0bec0ec7f0675ed9f8dc9b8be15d9f2175dfa1c8bc99071c70ad7bedb10a4143fa91c89f54777f84c9eae9361cf7f4c2b7ab873ee5785a5241db0af86f3c6d7f091623d6dc576d07550a42023633a09c8dfa21d7e70cce64c13f37663f75c47921c246f3f2d1d16a8283ce7697da4cb7e016971a2a1d0c59d6202bc18b7cee3828de597efdab53b33a9fb41aa7b49f1c964512901773bb396ac80e90ba1a94c408b2860065ae9aec64a41d76cf8842d299d0babf14d5840d647d075c34175e26a786f30091a24f1ce8db30137520dce1cfffb6318a0d0fdcac883eac603bf365efa2c806eb4f194cae8c16780342165222192f6ee2e103ae2a31dc08a84dfc89c64d2e9ada7ca1839dfff62ddfb7982c79684cfc821a098bc6bf09f87317209b16d14d45c6f38fc99f7bf9bb73460977bb323665d480c87c687cec052a5f08a2c6744c8e177a8a269b4a47a925b9123cd2c014313edae988f8aeaeb633ee5ba6be7f53fe36da3aa37ab2077f5fd75a82a55a0fe62af213b85e9e7694f78cc2b0e63a8c1b89db484722fc62c688678a511c474f0eff8eef1382946d26de00e5c626ec1d7079445c1b7c6f7f05073249b11fd1fb30257724a14cd7bbf451146bf366de2e826fdf1d25705587c4460040ab963e3bd504755b6aa5b18786b68efd3c8e59e8dbd172346fe7f4a18bac98164669d73984044f3c777368f965763742ab86a3720208c64801c796f6e3a1c4748b81e41ac58dcf6ecfa0453b18fad7e3473604f57f7da302e1fa81ad538d4a0280c4ad092007bb9a7a12907227a936871886c699db97d00a1966fdef64d9f3672f1b792c1edadc6781b391c91bea1bd7275f30859dbd1707b1f554e49ceb874ca06e92ab466efa7eeb6990667a27507a7ba789e24d593ea2af8eccb3862cce58daa63eaf212bdd86c01ed471cfc79b191c481ad773d20e821d18af85a7049034e5a9c660357a4c2808b9a6139f32c55c13282b8d98904f4f027d438189dc9487c96172e50dc1100ccc224e7374cf96ea6731032c43fbc9b367a4d1d0b31aa3fa8eb589672e69f1d9144114bbd508d56c2049ecdbfd7b43545375a099ad2885353d8c550d22dbb738e6fe3f104b444c89475a2cc24d7887daced8fa05006c02dfded01c00707e2ad04c41199c5decc1eae34b0c0abb5a5beee1b5253c3350e1a077682767a0b9124a4df2e8879366fd37fc04d4dbcf89883892f46a65ce3aec22123cbe6b3af6364df1f9f5f9751bc8179b6dcc5c126dd65feb7d11a85994e90ab6342834c79c5f82413e88198c73e932c66e3cb60b6e0c0cf438622e5dc5a1036c38afe9cf13559044a9e90f5fd72a3188ef6b1043f5f4e6b40ea51f6235dcb33b3099b2d8c2e02103235f0476ad51bce6d8a2934068549633e521a3ee4c62c22b042fb86c13c8da849233205a5e277aea1129678c31f5c379a71fe08b72fad9449cb923126dd465d1e0ae8a925374149b8248b3afb69f168f3ae701c00f6ea08fe07f1b5338ce6af2f3156ba6f300310114479f2f6119367c88c12c158b84be13b9c8c7b5dd7c90edb5b3ea1fa5927a25ad6d5596992dcd4877f58a134e05dcd80dde4fc2c2a680cc0ccf3084d3f4970e3603fa6bc5a180fcf1ca4241c0b8a1e7c607dc025016e297e2b0645de4ec2fc49851b9374f3ef99edd897c284a67b647ca8c96fcef935d541e9faf334043ea50b99fb8819ecce039227b624e52d8c20003b5a43808e4990da8e4398c4fc172b983351fd11a13dcd2aae5193d42d46e1b57c92e3e01d23fc968c729f3782d6c07dd5a17af2bda96735c12cc7d8023629fb0125e974425f7914690a7ed26508343ae58c8a439ebb6232049a194768d4594f5d65aca37a5686c2a86dd04bef35d74e0755937ac0ce3ebded1c00c8adabf030e5e4a5f44193b62fcf2f1bfa9dca2a25afaf2f1ec06c5d17ef3526d26d17af3e2f257ded24b177ba41c0ba64fd4fbd5042fbd5961a105e0e9f77f3db13c1b6c5bd9a9d04801a5c00a4c544218a21016c65bdff774a44b1d05256e0693e14d76605d67bd10048d3816caf31a6d10886c88c783538bd93e92bbc4484f3388b61adac4b92b911c76ebb1dd11b7b4e40be032bccff610068746f41e34a1fbfbfe5faf57c8a4331008e2c1cfd69f57e74379ac80eb6769f4ce4196795b835201ce4ec85ebcaf5eaaec242fe6695cbce1d53fde5b002e006bba8c8a1ee57da061ceed0d21bdd57ab0cab9e46bf3764d9a6c3ab19736d43b33f32eb955f9174ee4a54666e7f19cefeb49aac7a59b7370d9ae730b7bb4e08413222f0a66bfdac252fb61bcfa838f262312febfde8add8f6843f1d64ea3da42d4ef986498604d65737a44f5a099338520cdbdb65ce73b110dd4bcf8592a4adc3e0170b13404f99f0ec8f9fb225c1275a921f09369db165e9109dd5be472b9bc1901bfd882d264d9ed8d88b4c8f3b35f88b69e3e4b8ef5debb895be536a3af492d968dc1caf31879d672f70ad9869ea98335cf9e4a2760f955fd3e8099e4b2eb4269e354548f9de9921e50e49f3f5cbd63468b9db0cfdf17250c8f13535d4c0a1f21c87967cd798fe93b9b2960447401ef90db22c3adfba0f55f5585ad37040e8d6745184dd536d5a26edec365bd6edff1bcc616cdea3bfc8b9d98c0ef9a626054e361194cd05b2287612399f6d3d3be2f71555f14ad2893af6f60ab61adef663c3c2464ade671dd5ebc71935aad290573588fe6e11f48cd2b7db62e4b9932890d1b96e1b83eff70f026d199db75fb1e83197c937b672613c66ea131f485b4318e27c079b4018d4205484993bf50ce70275b244f2caf47cb47eb2a9ca59afbc78809a912eb56a4bb65cae4694f682c6329c690003a1c355f779b5857a60091b1c3685995a366cb43d753a704d3e59c5f5003c78feed877351e27334b3fdefe5907edd9eb25588a42248b9c4a93efa7cc63bad1e5900b95b70436c35eb85cc8251c4030fab9556920141cca24d6acd3122b92b7e868dc174bf071117958a4797fc90866aca685f1456fab397ae647ab9970348082bd74865bab7f248568db98ced7ed84e8360fa91afde3f23509e6b4caf948349ad9fb6a4efe0a0468302cae7a0f999195af1c19058669fc3b88b2780b9075dc180298498caeb7ba0cf8bd42eb36b1959d5ad3ca6fd1e85f76abd27ec5fb637ee38173ad7d86304d5708b6dc8817e099e77f5d43c1a70624cdb96e4e6103bb25e59eb51d894d1dc533a74005bb79cca35b66e10c61d06b5227fcb071457025d605a0862218ca252b871f8343ec231dbee15688aeb914c0f16ebabe6edb0a489b2bd10d4392c6f1863bb6a62181de7cef61997ab02f3bad0a893cc0cd8a99cd7b3f7773085f0929de36b5d124e3729140c375de9a2d0cd9a360cadf17b9e45b7f2adbdff9e75b743b62642ed67aa703b8ef33dcf51a50edc7dbab42d3d2b49badd2457a9f92847aa6a60ae2beae457a5fce1a9e485ecf907be22913893cd1350f20fc6c81c94be426eaf01864e813a03e4674491b61516bc95d8a77c15f03d0adfc4adc27f27a5ac4165ff6518eda1a5c408708f78a9e26b834179804a312148d4f75f21a77d78387139da40c0a6293c2a59d0162437d68504f189ed970c5abb9ffc6d8e1be2b0877c7f24b1dc273b1765bfc5ce6f4b8d99a96d5b1c92ee53a39f685b304313d909c1ba8130d20d51c824cec420b0315229df295f75b453a6c131afaae0c36d7c4fff70623638a4f7ded5eb7db58d95deb6249a29b171d8ce651556dee8037bf4ca74453a4a76aab7cc07ba44e55de57dbef8542c3851ea353fb8e259ee89bbecf9ce8d8bd6227afc0028afac48a7acd9b4e8cbe982eb1475917ad6be4cdca9cf6e7cddd971b2924f2bb730264801685d387485e41993c3fa0af9987e8b52c21688fd9a9595ad8d1b9f41e0457be18492aa09f69e64e2954d1ca3cc1d32b2915cd9cf6862ca79c80beb47347c4cceadf48a37b29b1d6de4e94717d60cdb4293fcf170bba388bddf7a9035a15d433f20fd697c3e4c8b8c5f590ab44aefdda94681407008ea48d03ff21e9bbb4ae7a9aa37c855fe3537c44106e8079f18c24d2584474bd4a99367660ce6f7e6d7c294961e174366e7babc569d5f80572a21a4bd7086629363e0c9ee2599c8b8863c96613ae6c32cc67ccafc66e1cce79654567ad08e62e9abc99e44d6a79ca4d8de15b7f8a763a4741676af0e1f3bd4e002c8fa1ebfbb3bd3a65ae68a80c230422f98f6e1e9837252e045eafd585ba389958297d59aea1e8e1f665fcbc5f7ff449996aa712dc0faf582cf3caf3dbae80594f9f07fc06de63d9d672d14d7ac4662b4a54f40d4aab2de766910be2fc7f6f679b5708790b5376498d3baf0463dca2f093b51bb7e9f3e7033ba0384af0174becc3bb477bc5e86959a12a5e8924adf0bffdf5e5b9c1cf24d232881ad5c05c5c0f50318ea83d8683339ca6a583c52198c00f7c1abbda282e7fd3b179297338ecf9c923a3a87a130dfc06164e9b4c1fe11d51b382643de44b30a6831dee119241d1b6f84f2484784fdf65e41f78c38e15fb4b00e45df1edc40e3467cdcda351a4c0a0185ac4649e91024377e1c331587a8586cc0a4dfe29e14004c3536d305f5dee0eeb8c2f216c1b8d27375b239f6458e08980badd6d82e9ee9e007578c0a3b48288d9ad0ec3c934a99a8c5741149af937dc82bdb545df26428b87fc935c05f1a4964a8408539f267e23de9bc498e2a4b0083cdb7c8e27de6252bfaf680a6d5b7ec1a6dac6d7d537334a95f1553324a0739414dbdb50445a767b0f589fd4c33b35905577ef5a53b0f097191f9cee4836a908748779941de2a78fe1bde0c2efd9f48cbf232ce101d9df93d3ed40d036ae7aedc3a5ff619abd1c159ca8d2dbda7de13b4ca62576c7f925c52925eae2d7500dc969fe14c0a335ff95a7df1d276a6f242765c781208d59edb5848d412b11638b27ce5a61b8209075976c2a6aae88f6e6d8704fe9e83b425dec4defeeb3cd311b8c5a818d51f917a8a4525361791d5c4fd5d70704d4b9fa9df1ea119882f400e682753a41931712c043c120a98f0fe786a600b47befefc9d64cc5bbe8a16c191490874e258760c9e4fd215bebf848e0b4d35521f53ec5f9308644b785171fc4cc3ff886e034bd833d59dbcacebdae8f00e43c151bcb24d1d226d1cc19ecf349361530a81ba3168af3df5536fbe52b3b93621f57959df298e5b4d3c14928d2ef7b9c977c7dda54242d17f8661978a62d94d565b00abc199790b9b25fbfd4a3ffc35c95ccafe35d9a138a2c24d17f06ae2cc376e822317f16fcbcd56e23f84ec135dc935e58c61b34cfbf5a36cb00350483b6bac786030e5c5045a6b61c9aba7dfaa4f7fb21897539863ee865ae061a77c0359915de3aacb3b5dc8cfe53c4d17b393c2b6bb23652f36390407922969d510cc97b99d1df4361530aef10707d7a021b2d9576b2d49ca88b3cc83ad1baa6d88ef8c81c08f8baaf515637b21ace9d5cc8fd9fe4ca6c3aa129caea7060791d566f4de8662b90f9e5d849cdadf9bd23cf6737b07ca105142663c30de27adcea11d64d433fe1ace84b0f6917c8b655f2a421602f07e0a7127e61ae9859c5e9f652ec82416fd2566f291f417ecdf99bf3231d02864e2e5a1cf34c13f59de9aa2760d8734bbda79576c62f566b8269990e9384a41c1634271acb4c7a8b768f276685c3a8c7f20872e56b683244b1af562c3e7dcf592a9915f44f886cc2ac5f679c07d5aa1fd69cf3a460f25c722073da336a310aa551062d92c7297002060072af2f3500b9310c239bedf45c5e985c2e0d60c7dd68522376dc7b560fb34d1b5089450c32ffcbff07b35a96bb6fe01259a06868d00af697f8bbb238d03d49570a109181c9576c1ea9d2ee02000cc23e63d6c93c6cf3050bbb15b6f73b09c25da62e5abd4c2bdb1110e1f25db39f04885595cd6a388c4726c8d4cdbad87d80d42fcaeae843e2e17f44c9aed25c8f6f9736c7ba1bbd3b839126de40a930024a65aacb872936e446114e706a868444cb140e53d976816983f3dd1d57eeca01eab8211b7aa8ae99d26e35c06ea4b226e0a6e52172a40e7f0df5f67759ae2ee026749ba10b8e33694c3e01a001526f9d75f6c419cdccece3ea3f78d69014e509c741214581034bbc7e2bbaf76db8421154abb2233117a1ffe2786b21424576e295c9baef262e80fa2edb69aff800b3ea436eb827e8adb73abc48d740b86c69d557b16e874038598b25f616afeb4f4a900be7dd0d38b5b6fb4259c51a3aaf4748d7a445f518485ed72b25c7df8ed0906b74bd29bd6a5724ac3a503c990f3697a5db484821f68718470810862728a80ce34599a41fc5bd8bb46dd845a4812ae1532c457ef4211d0e41835e5a6f030247614822571c930c727ba397e723d6b3aeba9244f054e331c82e65b74c9f6504c74b4301499a1a6f6269a3352aff57f88442d4eda42a82ebcf7776c5629f97d6160bffdd8282a40ce2e6375b161e4c22ee53bce7a45f4774aa827e2da657e1a1bc07445f0bbd770b7a5a25b1b469fd58715510dbf8d97af4e1b9459a20b08a8d3fa9d92feb32db95b22d36de0bc8b1c397b09970a6826392fd8392b2d790dcc1295888f42ac81ad213c7328b2324b28be7cc1f4fb8414a7785472f1dd3e11d66017b1756d1697be92490e15f056346d7e9126a1f35fd76cb016fe2841c8996a3507c4fffe7fc45026df10b03b86fb6cf26e8418926a030b5fa62748fbb728fa19dc2f8947468c1477750771e442e4a9d25b76d359211c05df788ade5b7824f8770b5dac0819737dec916ee59b28a49666ee8b7ca81386eec8049542f18a3207e51bdbc291470eeefecac385c096a
+MD = b70acba01bd715f542859a4224d035eb177fe7b34d5447e099acd1716ba6d00f515bd02021b5b3015d736b04687544de
+
+[L = 32]
+
+Len = 16
+Msg = 43cd
+MD = 7c5f9ed821a021ef1850dd4e0b179a656fbe27b104463720f467db32bbfab5a4
+
+Len = 104
+Msg = 5f75a437ce0698a7d8151c3fe0
+MD = 774782a9c3023dcef8b2cb83f7994324e3cca35323419b3914a9b6bc3ace5ce1
+
+Len = 352
+Msg = f88bac738d1e3e10f75e46e3fe026d7e423fdcf3d7e4028b33a291bb4aabca53f780fbf99e0346d610d4a38f
+MD = f114f1a390bfc30f34652751f3a38e8bdc9597625e363689459b80082eb34009
+
+Len = 488
+Msg = 832e5b78a73a1012ee62e00621db7f4d248893007c6e5d6e0e689c6b291baeebc72df9cf10b289fe20e7fab80a2399271d0ac63766049da875eed56264
+MD = 7d00fe393c308eadb8c0a4f771d409e17c9a796e63b45fc8e84c0cb2bdb62532
+
+Len = 13976
+Msg = deab57cdeb41974037a9bef5e292894038264eb4d8993d4d1501e6ef9c68fb0f571f57b0925640925deae9a6317e3bc4d6cdd5a0833e52fb48baca16a9ba9b6c8ca469a0555763b54f04c87d4e41aa549258f30eefe5a52d2ba06657a8773b0842e094857b6d8911d6a0636280025e56356fade362b4bf4c875cc19be0c6644b447be0454dbf390eb966c03e10e9de3487b90d0825d327c12495e3c89ad09c9d591e55c91376fb14c2fde9f7461fb25450df1a65806b65f3caf4d5c81ebc6e664871fcf915b9578bb70ee6776acc62205888dce2baa4024941209e81b4b35f0eda1bdcbd9ab1d6db6140bda4c41776fe675d5c681da5852d50c246dda4ddf9fdd7c5fdfeec85ff6c883c78689c2977584406a1ddef977606c182d6c33561c39c071668a2515e5aa6f4aa1faa392aed95b82ab32b79a15e3b5a07551ab068455131b72493126470f26c30b852e4415e1d8b719b3803ecc336e4facbcc5d1908851f4f39b776bec8b6b9794d47e5965458858560eed5a0305e260240c0849d93a19787b0f8c795eb5ba32be573845256ae6d0b0a3336e42a1beac8bdde6d1b6e0b6207903d4b105f4af2ef89bd099ded870daea2f170e03bd5f6f4490e60bc222d4876e16d4c58aeea6e6c400dbb9e9f4b2b142f0fc9bdeaf4132ded38a4a8366e107cac7210945fa2df4b124be37ef76290e5b9758aa3bfe0091bb0448206323584c2f833e0edfbdc0c33075fc9647a3404ca490bfab94302a0679a1a42fe9fec6af0cd98038b09ffbecd2832b579b2294f6ae5b96328fdc0a0b9b3a32cba04fa8bae3389c3951173bdc17caaefe526aa386f98670b177683d0b804c5875fe9c7afa233ee66349c9fd1b60bb0becf5e1d887e67fd3baf34b4f90d94699d18d6bb9d77d4af358f31edc254de2d6c5fe3ec07425c633b18c1b9e3606b78b40b543e1fd31fb578cf58c45744fc073fbf3c7d7d607e815379a5fc565892d81560eab8fb5f1ae6771b998c592e6d288014f13ab283d53fcbfa66e31a9d107308402191fac2cf2b799c7dae91b93a7676898b8a6e516a86eac58ed8f6d8ed2fd4d38031e4a4466dc8798b90c48e6adb6b4391d47872443cfaffa542b4b132f6c3408f0081af8692aadb4c9bbd55053ea56d8b82998f6b4b41d331891acfe6af1bb0d6679989978368ea463743b514866d2d01fb9950e8990867bc14f1db1142254adeccf3da812949cd03cd1d569e9d0bab7ca7405cc21096e3cd4d007cbb9629372e98584b4c6b97ad0bc314e1ab6ac71184ee555c01973570ed9b115bed956f9e4e349083013098b1e483f0fe44d5e9849f38a2f7ae152b36a266ea1faf263ea8c706632ba8629602187379546fc6b82e57ededd6d074c15c771754710731e07c207899eb47e8d7c72ffd768c36257d373375ffa06f9b3f0af11417f9ff9f9b44e1f1f96ae8aaa429af88b14da1da81c7bb38a0fe9372ed6a9ac6fb5e9e56b82593d94c5192904450227bf040b7ce0904789f979845e112a1f995c849ec3f7e49bd975a474e8201630f40fc0d80e76019f110ae158cd0f8da96ea4561f24237d8e795ebf52368218bff3e9d5b040ecd2caef4ab1e7127e53bfa2b3b4fb74829f9993ac703192aedef79dd9ad24c2c976638b4575afbce22ecacc273ba43379ed55ceeb51838b0adb80585bd1b5f2707ee16b67a7232adf7163415b24b9ff9dc94b7197fdc89e2a90d2b9eccde45e965edd064dc0d1eadabe11b8ec3aad2742b5d3323ebf913a92817749090c20758f98aef2544d4c8b48874e8936d7ee492d5585675c214deeb74fd67c4d170ac5e0aeefa607c6e37abd4f8238e776fde3921afab75cbd8f392d3e88da057903ce2e140797f4a85737bd89455e6aa27c7535687b78cd0ea59848e006c8de9c9c0cbc7a9f5e977be850adc710503ce4ba7c7bd0b042297f518abec6c8ef451c33e030251f506cbc3744228b6bb4dab86877d9e6019a0ea9f39ed37557b3b5527c171da5f013e0d3c480a038cff2c087d6e5d41b17e6c8f90c334b5e2b9ccbe9d4efd99fba1f907d00a49b71b5a08aedb644fed24bcf04e71be67b03cd20d53ccef8f854f5e9f7f28c1e98a8a53496646713bebe15a93f1ea336e6e8a4e68de5dab0fe880bf983eec75d1c5027357f6669e098411e0bc3ea2293138f5b34425f78b6508b94d4c0cc32ee9afaa409a26e5f2a1fddcd6d5ff42a89755a58b08f243957a2e208e24b055f51992ab447bc06876eba169c545fa71b88a0fc15d1e0be9d334a1dd0c86f44bd149b42c07608a9a30d0b7e13574f8d862f2ac72b2ed38904d7cab194fdb9e4dcb615f5610b24e202a36866baccac01fadb575df11dd43e00a3b92fcdd8c7702ea49d951e7dad2a56c075730b4af1ceda2bcb2310256f28312579fad40ff471336ea6a44143edfcffc297258d48bd2ea47efab8f0dc00f1e6dba1a55009ed627b7
+MD = 6e5905b22cb95e48b73c5a885f5463f554d81257bd26301c4393d57fff1c8323
+
+Len = 48824
+Msg = 5223e2fece634a95e1e7c83ad4a11a0478f4a41572bd66c2d7902cf4f94404cd80b1f58fbcb8eeba3984fd759410c12f8ee922865f363f684df5a8787c87ceb3086fb8535157f7f39653dbf5c66ae7219253838ec77cf1c6db518225c5ba0a8212e5911236474b8820ddcb8111b87320adb82ff553986324aa2a21c37ce4a083c89ce9931290d4c1fea933e31d014d7507a28e83aa917ccae10bed1a490e77fe501b299f8e3b78e659407ce1934d5d68c7980800746f26ffa9794ef1d23f793bd2eab7fe524e213e58280f441ba48b40162305335b3a480c2afeac11c27f8d817792fd7805d4b61224eb52d35c0fbf471bcaede505fbc9398b216f43bfd69b1a669a61d44fd21faae410af58ff95e1c3ff1528de1aba93cef56bff4d714d8c4cc88a4ddcda52444ec1208d99ab3fd9fde98c1ee6437d8d138f62c5f782eb4660c5eb28564b5b0d46e3a2546009148f3d02b837c5284e9f508290270b97b9b29e84445a0b4df662d9711e6b73c11cebcb7120dc427034b1ccf57d8e4f5bbdb84d2e1d4bc3862a2b51931d3c9a7a5fd6ee5f4c7327c338abd011af638d730141b6eafe63469eff50f473262e9fdce636eff4c5663acb6075a4fdb00c8b8a8d3322e1700a5b3e7db90b36c1a94991b8f51657121b442db6f890e208f312466778d73bfaa8cc0ead4edd0776155f3eddf9abb1bbfc0c94421adce83d7ee94f99f61e1f25a55fb596f8b40ccedbaa8e5e2cf629496f5ca60bc4cf36d917da4e2b973eb57869dddc409dd66d5061f22642743fe843defa0b19dfb2f56425abeb234181267b5c0d2ab4268c538510feb191bbcd1631b0af6c7451cd4c641025cd8bde2d9ab6e6b948f97c1ee6f35098d553e8e9da9b4d437125046864633f109d6a558b38b270a7dd1785d44d248a863a91e3db5c0a1d7ec133decb65e81c3402c98ee329f660a092172bf6b1a02491895394ebc506882805a6c93e767c0e58a5af717d950a206c0f0055cb39ed88816a9fe3613d15f608e486ac08bfa67d462d24e6a0a37716d3fbdaeb9c0e951c1e847fb884ebc1cfe707dc6e7269eed1c44331d5957bc4ac9dfeaed4b157204a3080fafb9df8917b8d15aff9c49cdc739b8fdc26a546794991c183fa523d14797e051894f48b0d62c2b70834467ff9c993b82fc1152c1f5479ec6144c7e8fb10d1bce26bd1cdbeec4e95ee073f3bcc3c7367328e30543d371b27509a577f5c79f14d5f687ce62b82f856695af9f7dd350543ec763de75b593f1859e44c2ac01ba65f98743cfddd8a89a38115badcb51a0ff5655f830c0122af6a830aec13ae5eb89a93755b3a5a6eca233f21cb12db545a24a5334becb8fa32c3d7f5805faeaaeea85a551fc62c94807faa6474c0d74cae79b5d8ddae07498fcc5b8b4f394867112ef5fad1c9da66765ecbc7fc0f3269d29c9c38817c77778f2c19b5a3c705fde9d76a4eb86aed4a7369a832ad267312903462397f7b8fecfa8b195cc2316cd53e48c3371ed2ecaa3e484b8ecd2e22b1aee910c51ed5d71198936266f5a00655d82c089f49295feda0a2bcc1a54ec8adf565acc3a8b2d74c30eafbbd843c59e67f293f6d8296cf7b611f01b57dafec6e2d4d411a633918068c38ef47b72ceff1fae772891141c3bc496824509d78165c1e4cd4b4989321a8722643eed69950dc120fa8da3e53c3181f252d7c4cd2cedf8f086f788ee77a98ab5b019828aa02108f49ea4a51f457f7adfd2220d3e59d5f4a29194e8f5eac40ff80312ff6888ff6393c3fc0914b08c1b9990d247ad80a441558db1ee1203e07353dd99a885a7ff5d791af2548815dde0ca1f56f89d39ef6b93dbcd0cd54b854173903c12649587433f0425fbcbddfb66ebce3eb4800dfddfe7fc44d9b23a3916b1db68c187da4dd13ff0157352814b1a792de7fff855761abc6fb7b93b48525fa90fbe3a51dea974069f3f5fdea86387eccee13f58a8eeb8abc6a43fd30e9788c3bd9ae1751b30a82d420225b2abdb1bc121b9073380be16107188d20be54f2e9c658d5b443869ea0e991c496104086290b6edcc1b656adf94f0d42458750fbd8d88040c518ebbb644f4dc4f7c6971d8d60eee0272df7b51a3d5248b4b264fb22195ad891fb6ac994ae5c0bc6714ae0b0b9a484edc576638b78ee89b568195a8f33ed8362128c30f9b0c7804b3ce1355abc96b15aa55c1e16a9e9ec90d1f580e7cb412a7e85d8585bfb950acd4de5865214ce4db7f6314d81784c588c1482d5f28c5fb62e7dd7aa8237ce9396ccde3a616754414cdf7b5a958c1eb7f25a48c2781b4e0dba220f8c350d7b02ece252b94f5e2e766189c4ac1a8e67f00acacead402316196a9b0a673e24a33f18b7cb6be4a066d33e1c93abd8252feb1c8d9cff134ac0c0861150a463264e316172d0b8e7d6043f2bbf71bf97fa7f9070ca3a21b93853ec55ab67a96db884c2113bea0822a70ea46f9ae5501eb55ec74eaa3179fa96d7842092d9e023844ed96f3c9fc35bbc8ee953d677c636fdd578fd5507719e0c55702fed2eaf4f32b35ec29a7a515bbc8bf61f9baf89a77aeb8bc6f247706c41d398cae5ec80b76abc3a5380001aea500eb31b10160139d5a8e8f1a976dd2dde5ce439a29dba24d370536a14bb87cf201e088e5e3397b3b61477c6a41e22a98af53cc34bc8c55f15d7924e7e32fed4d3c3ddc2ac8eb1dfc438218c08c6a6a8eea888b208f6092dd9f9df49e7ede8bf11051afd23b0b983a81bcc8d00f7d1f2b27cb04c03aeee59c7df23a17775ae5984eda788eb2015680ac5610fb1380b4e7d7a9cda6178dca98690449f5551b66ad2826cab2b662f56903fc95b4611bc86f7a834a34ddc3be7bf142c8baa096abaa3cd51ad0c0b6d15e590eab9e50a4c60c91061f1ed6373d91974c1ad9d263110a0d43fd8b596396cafc0ae70b7ac24a59bba090a6994ec483db7ed4c572f723670a11c724e8ffa2497d8fccae37eaa1d14ac1537eaf80efbd2e597b2ffac97f2bc3cd2c4017f170544dfbb0d9109478fddf06ec0981542bc8107a725be25070d2cab4716f4edfad75fddd582ebd363c49e8efaed9a76ee51f22304eebc232a4f67f865b04f610a628fdb317116666785fe8ca30619a07c83cc449855202d687f162b12d93b63af6e7ddfb7223d4ab998a5f450523c1d521ab76f4aa113cc2967e04a38dae07c51c2d0f44fdc8605c3c53ccee91a2c73dade5dae021cbc87d5cd6e5fbefb65335827311fe1e91921ecd66b2055a6102d7a976308a80c44e6d47a67718c84f2112d65486a558f1f269b91d9f47e3e11d09c0c748625bad2718e3674898abdb19d3644bcdc9317c09a3ac02f514b2a57e6a706362e5f6e8fb16cc83daea0eec85fdc8c367d84c9230730291440a4b109f7034d510a3f70a22dd4fa69e8b65e5fdf87045d560eec71f4e59531c7711d4f8917a96e22ad07346d2f92a13fb4569fa6a075da6e1acad1eac1cb2ef19ab452264de2357c927c6dfae6598cbc821eaf3b8da754ce91a96c702c95b2c308bf3a550cbf4d22d417745b5f17d36608feb826b862747c59d26a0e8eb96547a1852f9fbd095f1c5d20721804941d462f3ee2f0876ee2825c8df24c4f00f0844e50588ac688127013df8eba3c971362dd255420649245e880212cb3d732fb82f866dda090040f28e09cf1c86eea5dc4fbfc373eb69745b4afd841ca8e172d4a8510e7698345fd4cab9ec2ca0453a274720bb2d2e5468bf0d0f85919dd762fe3df969e6c071285e25c2e2a49659b8a78289aee655965bfa3cbca9b292a19a855ec40293185354ff4da9451ccf98abfda07f1137e79bc89d688963081dec641a99656b040637402890f185edb28e7e6a2f65848a6af158f90eea440aa6246a2e6c31f5d220b9846aae2027afe5a7caad6dc16b56463367cd9e73bf22a1d6172145de4565ee369c55e3b99ccbef70fb080a3748340fbe8f6b95ba46e8b76de5a3c4bedc37c55ae24ad02267da26769a3a732badac2e0f3a5393028dd54d78701647582cd04c8310e9f1ff1b433125229547130e1737a1f33604f0d670ea7221097c3eb9c7fa4b8293d7b429af76191ea8e481dc1da31344537a09b33404d782eda1d6f5775500c1d8efc615778baf0905d9fcba1806ef986c40b1c6a72335104376b58266c36f5939a8b95123e8635c0c95e80aaeb97379b1179d6332dc07539b595ec32eebd3a336a1128f3cf2e2924db6d8504a516b62f26d012b7f75cab765c8374a3824da5a405746023b51894649ab422d636513ee809fa181d5b6fbc63351e37a1b14efc8f739e86ca78ae3e280f1c9e4824b2976ec4dd308ede6171a7474c7f530128089bbd75e10f9e57ee17408b4384f99f886a5f63a2320a9b90eb9bf692e1fc449171eae3bb1bb17a6ed937ea57af3c82db84e073b5306683e1d63705b9742a085fb802cf5a1639818417fc2223f476c2566351f4b3b17a822e11255f3c3412dd39190e200727bcd3f9799519ef792ec7c2b0b9d0e2dccf013d436dee63483c2ce83c15c00a76c4d894a60cb90366ecf9e61221ee8bdaec66d715159876d8305b35c81f96ab2cd8f81f4769e9a6e439c08c329036f5d2591ac42f2747bc0e77d4e566358a3271819b6003b290211b9b847ab70e906aed9f86cc38aae27e1098fdc3bd5d84e66c45292183f198bc329cad794aa4e430534511b7d9a75104061b409676a16c1146af0a286e2de8bf51c4a35193581a902bd3224cb9257c961989042538092af92644a63d6d6f6872a29aceca39341ad29dd22354812c4b7c7068b039ac9ca7e6358e662a28be001d4aa697ace540cc3ed3c97b98d8c5a6fd3543ae9a7962c9229b14b0b646229807747064be3e83191cf24092dd67f675638d9f6510486379f47f5eeda870a3187946819ec9ed05e7b325bfd0eed5c9a0f4a2063d63c1a8a0a309f586c94d4a68bbe860ae9599ce204c92cf9d92cb460ff99cff9e5a8b3824786360e1e1861e71158395faeaebe7aa2f61f76190f174aab9a313f0bf4f1befbbb22768b8c22719cf3fa9ec908b576fa4bbc084b1ee5b5a7eddc89b58b45ae7b421d38215aa6e49304323eb4e202655f3c8b16ebd6b03058e75a907ee63fcf6aad5eb96c1e5faea81b88b5eee525c4663af52877c0f759432913b9d48030903e7f9f70e851cd4e20bc56aaf36cb02293d992b38b583b8f0b25a08c3303d8af5b1b37f5127f7021b13934645ef3020e5caadc5e7326ed4ff56f797e26cb986b6512b0cc76f1d8e7be44aaa88e12cbc644f14a7feb979d2ab66907063c51e052d0f8b25d827377fecc5111be0d365e08d17f559e3134cb9db294f1cac03150f4232f853ec15ecde55fd1023b58e83934869796400088e9177e85a2227ee45addd049c1d6b03e5b29dd570496fdb2fde7d8cc74fbb5fe76266ebd90a3b4d57e6e6cb9f0bbdb7ca03ae955915768011c714c909a27ee20135927af55d4feaf2c345d029a54af942da6f85f2103345d059f66864e6b0578111e2ddd5a1cd8bbf4ae35b60747b93f53ec8ec64c10cf4149909b102a2b88712ff3e5ba3611cf96585a6b36fffb64b8c37a114d6b16a53879136eb0b5e003a5a068e3e8422a4fc8d7c77227cce64ebafcde2437166b62ccf486660a7a2ef37012ebacca26ecd5bdf363feeb06aee39050974c25d6a564594c67f56fcf7ed48b07fab4e25ccffe002bbe460325abafe37f23dd9c145b4667f146a1635e462330f02470b35c5a2519f1350c02b263201ec9026cfc57d3659373910e878f2b6c1c5be774df8e01e775d476956c257bd0ccdec17ee939c46e5653d5813eda752ba7bbb245a99a5db1ae55d19692074c2e5820df97c502a4bd1b12929e1be8e9ce6d802347c3e9c4202de6046436c05ab55b2fcb2c227adade6c2046d98102cfd0d859a91f8104eb9f6f155da2acf93df2405bf2c083eafd3ec41d60b810e0bdef6298b21193642a9c0c646bc6771a5c61a25604d96bdb727abd5a7ebe4ddb2a56a6ddece26d8007b26043ad44279c3c8ffb7e6ffb3cd4e10ea2780f509a8a9bc31f99a7e66201195f1543a0a020f754d9a665a29a896faf673df6811379579891374c71b2234fc61e95d4d46f15d44bdb4d7c3b3be3f46410ca46827b8cca976d8866e8ca33c4945d5c87b705588b78015b529843af0b75a7e1e871fd276c1e947d896b92e6181ab7e3ccc7077bb57fe85a6958667d3d7a790f6cde1cebb494c2912478a0eca2bfaad62492e9f1caaa0cc520da08c0d2d910cd44255f4c2ca0646dc89e789a1cf9a28e2f99315d33accb1639cbaf0c94181b85fef648bb4cc7f66dc65b8e90bf5f3b763e58520098febfe7e47bddc2d9cdd5e40dbf4ddb8d51f51bde2e57432266d248d13ed09e62f66794d188f9861c50ec41f0eee30f76f4ece250956733ee97036098db41991a4a3eb7816196c8e447db3a2913bcd992174a7bde1f42d57c764b47f5bc09533760c1ba74943a0dca291f2746bc1fcc573f9a22c72a5eca347b1679683fbc8f32b08d381baf67b7266b14b3ba46a04a3ee45881ac452f64df1bf17f70f4cf9fa4dfed9ae70184679184784a0451d2f5c19c02031e0e4957b4df68b4a069a6f6f6458f6d773924a1841ba664a55c2c3187dd33416cd410e56e4bf8d3671cf737bf67df2a4cc4dcc786872b9e2dc4009fea0e48a749353ac053d80e36357d24d468dd595bc823017c015d7450fe38149370c5decf13b00b6b0e0a2567ac08b45f7b0c8a7c89d227219d051d17a706ccbea49a42035cb327381568eae23b5e2a3b7e8beef6f260d24ab224827ca8ee9d640dd23eee94ed02c9e26abb3053cbfaeadbb1f365a24d8769d92240da842e0b361524020b5c9c22a2fd8602dc9600aaf02b35344309f6bb018a94d4cbc9639ab7430657c4046f0b25df517e31626abeedd58c2e19aa0ae1a43ed2bacad91dc04a2fdf9cc33cc420f4f04379e95988ab36731d5d5402d89fb47e826f4243bb206124364d63564a0872f8d2826eebd9046c7c6f2e7c951e49d4b22a7eec89da1fbed890d63ef15f26422185143c89da3ee269f83e1de11a7467822146042be92295a585e3a09e720ec522e1cbdcb41acf5ac45ee892677ba3ff670d71339a76ed98237be252ae21268e756f05ba0b094a1803f9da84a8a05d0ec9456cf565e1b548cae95eafa0fb01f091935e6eff2413bcb15f605f15270408216fb5b41ed83dfa1454c522375e35bdefe54275f109d0ab450636ac4d8e4d9e27f2d81a15b8cc5e98549254a1c9162918db3e399118f5864774a9d6a2347e1315753071eb1204c8bf5f52b1a0da37e484ebbe545fdfe6b031215678c3b83a19a24d7b661f626beb01eb82b384f02f42bcad4f40addd48db8a92b90d2297e6143702056123286617f86fbef4fea940f648867d790b8f803abc5f4e0e3f4226954c296afd96e287e21b7243d05e743161810da578096521805edd81f68a45500f6a3a1885cb1f45cbd399dde024df65072eb973c827fca13eeaa3f140842016f509aa9ab4603d2457c92cc9aef24950697a0044e3d7c483b8d8391886cd50dff8c2f16de3d6caa7f864c1b3874750781b2b78b545a94b4da0b0036433c6561f5cfea50eae9f5645302eef18238473606e9b9931880d0f6368fa9970d1ffbe59c4454bf97f4a5e8091801b53ee4a209e0642d83605836f69742071aaebd9d813b10f4ccac03851ee9f20cd1351f8e68554c9bc5f58ad19d474ca128edbf561d195e52ddf3c19bee3bb597ac2f92143bafc98bc09fbda6d18dd4ff2a93cd2ba17f54f75c32d3f141468c2baef4e53b6a340286dc2599bf7bb002aa86688e26f5b51a6aaf32e48ffd539d4f3f4bbf0cde2d20138151c82384f9ff29a634ab4e0103d93340bb9a7b0caa108bc7fdc88d7de14abb17e9efdad2b0f304f0bfcbabaeb1b9db75959dbf54930e67aed3a9c8309aa90506b6b9ed4f1d06c4ced19746e206e1e9b8879663bf56bf6c5c920ac5e09e6579b780cb63e1875ef0a731b726864b7ae5705a2d6d343a4a213a05928b7337a59f900fd04472382610e2a8d25383c9ab5804d609e79a88d70eaef3ea22d3aa9100fa2a6e98e97684ade9fe90d6bfc59dc9dec3d3d8db8990bc2123ba92e64253235e9b4d682e8aa04e23fb9bb6248a77c065e93249de829bb2fc5ea9e396461090222816bb29bca37bf86698fb995f62c50110cf418bbe2078a56c5f1ec9fdf3d0b09a719ac253b5bcd00932ae058b86611aff51c8ca8448978615854b69b0216a6eb8050ce199fd9a13aa0fd652570a1b187f61e6831b3a960521c3705da8c5e6c64c7b196ed4a49c2912d77b670b177c6458a7a49ecc1ffd8c57c0978d2a05cd1f1c7ac9514dd14b7b0933a52cefd40b6452ca0903df1f55828025c7e18109a6e0f2ab25724cad2d6f57cb5d894a6a508134731e9b9c61254f64990941f4faf97394b634b91860cc6ec346aa666600d323c849ea4c4a0ef55acbc56495ca004f3fca42ff0ffb11b0e1164c95ab89bf1db3d4f575ff334d4e0d7d50e0c54c422eac5ef78c5a3be95f2e18872540fccfb597211ec79d9d47b6cf41e385b9c2e92122167fe584210f63bf919c620d
+MD = d7c901f0d92a868dced7e2659e90121108611dd7781325fc57e5c336c2279510
+
+[L = 28]
+
+Len = 16
+Msg = 3dd2
+MD = b7399529fe614af98f9ecd73e45790406883cb22e3bdcdf28fadd033
+
+Len = 104
+Msg = 3d232201038fe7d846ac1bd4c6
+MD = d0aee5482c509540a4ea4b902bf42fc8df3af6de42fb14e903d1b2e4
+
+Len = 352
+Msg = 44c98cfc71f82215dadf494d68d1d6b92bb4eb81fa0fbf945a659d9aa2c2302b5c93fd3eedba31e479e29d36
+MD = 56c22e6066cd4c4d6415c5a225257e7f888b317ba4e98eadb72b4be0
+
+Len = 504
+Msg = 02a5c7b1b749d6d49bed302d9439f23ab83020bd4d573906f4190e74216ad33aceab775f71cd31092bba5cfa42f0845bd16fc1b8bed6434dedc92f80b395aa
+MD = 33a84e66cf1ce6970c35807db25e05ca05809e53d4e34cda9bfc0045
+
+Len = 13976
+Msg = bd70deb2cafa75918308d703a6783fe9dc5e3d21de9bfeb6dbb1cd531ed5dafeec463a02abde302d4ae6ab3cdc2f0f94865e38339c88bde507ff71bbea6b30b9851cd8cf599e950b8c8e620c90adccba0033f934ca66ea0a936afdad575bb6235099beff1a632c9114a8045a0919fdc21083880eb05c0d8c489c7810aecef4a41766f67c37557e28a9db9a0d909c2b167ff7eba79693afd3ee3aeace38eb73a5a02a882cf89b123812cf2a0f6d5edd1d14362ce9c43257474def5cce3adbba8cb48e7af9a45e702a182dbf47e8869b3f99e953ba81628e502c60d4f8ffc551c31b3ad6ca85c52164839d5e9d493deee4d4b76604174bdb5655385d34ced2c1b09dd5a486e1f9ac501bc611f9d7aa5c748f496faecc14c6c18e1dfc6aee2991bd0207ea1701219955a751df43dbf66f57904675a0e9e6d7f9a0b8bb82a8f44951117ab2642d6671daf1e5d1639d48aff6a05781c2b5e8976653b0a164445872d393d30355acf0bb49bf2bed4265c9a3b786249afc7a438d706eadb6f90a7f93ad51bde6d2c8e6ff09dacb3dc67ba0d3030c54c8367e1e4280bb5903274191344610de61c3c770c6820a6cc9d826f7c743f88f13580ba23cfc00598fd733b5dd069bde7f10f2b8961c16b69761b0f308dd137f844a67f6054e065863f226141755b96645a291e3fa3fc853b2475fbe1d3b25ca22f4da4425dc95fc855e63d6699b311ebd5fec1c7753e6e81f747c808ec3f618f63eaeb1221075edff0532225c40ccadee304a8997c03920e7ce4e60e4df4d120611296786516dd4d9cdda2077ac52bce0fdf552e1ee89a0133f1f87a6f6f35f5c53958ed806465919a0a5fa42488bf29caf33a0dd469e13abae351d5c6fb1a800ee384da199c823c965d9d5457a3ef8292c4d9b142e3f1fb502da498eb44d95f8c85bcd6871bbdbf004bfdc09ab35758f5e8b6a0d0f366c3b255333c52c8fcd4ecb4536b5f6e72897649f3415443612d72c3436505249a344feeb04883f41f90ade40af119014b3c56fc108f1ab0a77087d9226665d416cd975e9e4605529c032e8926002a70924820c6c7e264a794b2a3beb63d69ae56e017294fad4d611cbd0d3847212a38f22d623eabe3b884a36464d8814286fff52c4dd366f6c2abfc2eb865e0dc9ec6e55ca9d81f1b8cc47e2629bb162e54655bf2a9e156ab0bafb4b8ce96858aeea6e6665607a3f268036f4890dad759486b15e3c9e791429ec8f11bae4ea7c490656fdb0551dcf0b0be017c08bc674bd97d9d701c3ac955e2941ba7d5f2ba122a6f0c1b164b1caf2d50df111fd4287e9e195d181f6f514d7dadbefdd4274edc234025b727680576046842a834b6ad89eccaff5c5209bb91d652357e3750d8bb0165572fb71d09fdfc60f6b1e5d868c67c0edead427e7aeb734e29b96e03ea174b6b1af523feacaf6bd745ceb1bdecec9251958b7f521182daddf62ff6c4f58977adeba81c616ff2e937ca4f16eb9c44e63f9e974709122083ae45524ff87d7a0cca33a90f09b660db0efeb393c61967de2564315827ef1cf42b71c0f822f471713c9d885a3c3281d7c95dbc96f1c6dde0af70ea11232b00a2d215ec8de8fcf84b6193b6ac9d46de660361aabed3371fa44a6f32107f3854262eac355f9ef98701f580b4649175cefc29950e7a0eec958f629999c4b0a98fd4bdaf5c0bd97c963b551f2220bd41ec00b8726836e949e818a49aa1ac5bf12c64fb9991111ce8be3e0cb9605f753dae1a4c84389416f17fb66cecba45d591b22d64e5a4edcde067a088d9ff7f5dbb9dbf324510000c55d50f480a640fb22da9b4862dd81080d61af9560b601edb5e3346263f5f193df97079a27e3f9876078b80ebdcdb17ca4c50aef0c8329c72a7f77584cd963e105eea9c28a2ad4e95c1d018e27d0e720ea59147f59ad796b80b6293da8a55ed47e8abdd37221db0a5eefff31688e2adc294654ab0fddf9c1ffafd4783f01eb539492cb35a77315d0ad19395f47b18298a7b353dcf5bab0b2f193ff73d99310478d2e5c4ff1c68a2493c138818edef73caec9977bd4eda6249c8933953e06d796b288f78b18c343ef561082fd03bf92b084afaaee741de3004abaf746350048294bc52450e31147173f2da13d6ffc5adc718e149f9df3702f414dd3ee88296ae8a0106b071b589e8696401da7993d58a9bf8e5bf417165498c96b4ff5fd2b45bbf88f551688425122a3737ca54b2992fdb4d60957a93097222c3cf4c45dabe18b9d6a69e6f27567d5adec489e4b6812c29a8fa52f1de642b7b0e749c16f54473ed5ca2fdf2199e885fed308fa62a3e0deb7e0b8e439e25b3e9f95d755fdcb7ebee9d73069dd57dd1cdc5145205882023b54f2c9dec6cced9e3f6d24e8cdbb8ef121b8f3eded574d81908e867af5ac82bfb8ed60848b4bfdc1d998bae3a9ca80c1c49601d11a40409c62b1536f01ca67
+MD = 60700d4ef068822d0fe6df450b4aa8e206b2790d6dcf973229a59889
+
+Len = 48824
+Msg = 5fd54472a44e4476d254c0940071ad42dc723354f76ba61f63fbb9df80d1ee56136f51b6982e66c1da83602fc08093506a9e2cf27cb92085ba5c627dd63f59f8850e91a1d86cb1d4ca38ad03160f3c584b128d9b21e935570e086d3815307ab8df396cfa0c100bf6cbfc0fd7a8258fa1a656bc178e02cfdc868540d8e5ad39dd46794a8bdc205e710555ee7421ca7475a4f3232e6a0cd55d4b5d4525f0bd7eb1e455931aeea6918b9fceb2a32706d31a6d7028a85e102f228417e2e7db68317ae155af70eda98c8dc1ecc32a62e294d92855354c1114c5735a3c81e551b63a81650107557f3237bf953989d17c65a0fafd2bb1e32c237f98f55389e8f8b0810e97e201914c487a68403c6d621a98ddc515780435564245d87ce462b8785def699f7f06ebfdf33dd1ed7dd5a3e781348298c7950a387bff7d1878731d7ac66ad9a6607f2c3a3b6843c2852a5e882a8d78ae9dce2a79d595cdf09626dfa6f1dba7d40ed21caa29e304e7dbd559a89bd1f07d84165dc259ef112dc6e2c5a3e82b1c50106983f6c4965c85073c5deddbe6323003d56abb0df590f69010981ab3407e43eeaa29c6156995c492c931fff1b686eda3741a0bfb9094747d1620b2580415d431ffd6c02245f6cb03e39f87e82834dcea59355b2ba663ce145d2514e15e2b2c60cf518ff510c6c3e2f16d2dc523832762ed8352a320462ddd4d6fe755350672038163d996b44ed3b85d64989291bdf39398cb996de785b9614ec5d4bd73efcfa37fd4470b17d6240b8e4c715759286b04c3d7d791e2689927c9f18320ff2e6bc7306c805e23a5de66eced5f1a630cb43dd46db515f837f6b824b99b86c10b6df7fcf22d97be05284edf0e0be597b3f9c63556db031339f79ac9e6c5f8a1cefdbb4b30f5bcd23c2a4dcf791cbfdd6460284c5af0621ab7c5571e40a87c87be459c85ec81d746930dea24f43bb11d6611ea83409d3bf4f987778d8eed1d5b246a2112ef78ef0252f9ae464810c13f02359441d289958b4766807d9a3be0054897d35b01830deec1151f9e3d42f92b80f4aeedd65c78c6e98afc562a3bcf6d72f238c6e94a38f2288ac7929a7a61c92875c1f115c0ed8d261a727f0794f17ceaa3dabc717478f6ce7f2e8b295f000241e154b4575bfac8483f6b62f9ef4e18f7d341a65faad5e2fc1ddaf2b09adebc155ff09e63d5aa5f95206e66c7f4ef2ae3aaf3ea7c93589efa8c552df8d203e0ea181c1703d7023b56e603f33b4adb9bf44f7af290d8081210f327a6c9b0785709346087fd090c42d2b8b2711b9a1a5173eb5e246320ee27867ad6c3eadc4407bada44561a12cf5d53bf0448308bb536a8a525eabc1410c3a34becee25fd6fda453251ec229b53751f2280e142c6b331daa659ab655b78cfb08bf18e40bb02b7f1650eb2dd4ba1707f0aafa219f21c29521581ce249e2e34f5656b0a04c00485079b040e13cbc038bb9f17f47cb8f908591b26bdc28538d8baffe4cc39b17d2ecffbb9698bc2b8b31b08424034c051b535e0cfdf07b7a0a54781e33ba739759991aeb72c0ed992cbe76eb8ec0ab12c182e8b049cbadd6e82e314f1bf15fef5ae95dc86bd64b8556766f8ff62c33492198e454e5ca59ea856d8e095c04da8045522abac865506096ee1cfa1082af08ca09b3533878ea3580b6c0c57a615e0ab768246b3eda96bb6caa01a2648068e21959f843d853e948588e8c0bfda364ef1f9fbd3235c27916562eb0214891eb55ae0e059f4bf7d1838b5942656c27899dec6d67b823a981d1e1e0aaff5323b0e3d69a7dddf9b12d7787ab763a3c7a2697ac65b655aefc4bae7e6444850ad2540d5193b378682c77a4dbf9aa22e517e68cedfd1ba32e3730ecaa2e3f6ae61a4f427d6e69071dd62a9bf6c860980c9d23ce1fa82a1937e6dc1ce3a2de096b680d23d89ee102912ac0bd769c1c02095678dbb00b4430428797cfb966b2f901480811e1b9cde358b6d499c9e93f0961f050465d7b0c70d4961e75a9fe40a24e36eaad27238231dae6d0a17f446c16bce7348e669be563649eba9f23be29adb8b10f462780a066ae573f74e51215a26097b02469c25180890e06acc53ab063c742e08d51359b0a39749b84b9f6be44f3ae3da8e5a2f340a8607d4eed08877d007928d332d6f49502bb5f416c46d866fc87477c58a22d3c5932a8d6298c1151daa032c84ad92f8f90b8053b5aa6f690d1bf682f314471cbf200f3d30959e07adc6488dd17b0be5279e727f3237b8b4b19b31a220dfe63882937f8d5ead677608c42a57217f2239614c521d94559290e3b0ed8055d5474e96564224f6ca6389b40a71337da11e1c307dead8e4eb43252cc2f1c49addb18781cf20acffd3db693b02e5c8ecc949b51b99005529e0149a13390615f5df6e0bcd68e1ca82b0173d25134dbf76dfe92daa085d3f6b1e4d18217df41b70c4c40101884c2886495f2ef8a473bf23cb47ab6533c93cb38c36c6dcf6837f1272fc91a6962b6e1386fb643e1f1d71fc75ab58d5800bf4081217cdce0c7ae9e3d25de543fc4444314f32067eeb147c08c55c5c8158ed11729837547f28a300eccc312260215f50e98c4e3d4170208a50a4a4def1243538f906df8476b0c46d3449be73866d463d422595300e160840daf8c906ae4aac13a64457853b0ea6d8c32f4efe3b48c0b1450250086d459648b0ab14fd3f341a4a803be77e56a811e7a26827eb0a1a9454f90bc6ece665904adaa3cdeb2c4847858fd1d79750e8cd45d8da9163784b8bd06629410502debfed5eca3cf8fef0fa6bdcef6efaaf35a1986d6fd68e0f436dca9442077a4818ebda4606a94a3c93fda46e7ef5ccfef656896a0d3d93566b02ed8c3f6174417cdcb99a415b0c6e9816d94e64b438c295b4bfd69e0d9ad52911de5509971b7370593160629b641d690eb2828bf363857983e3b9098fcd15e66448f786f196685d2ceaa251b17ad06dacd614d9fa78ce0a8b9c1c360b529d0bc1d17ba0b70ea8ac1b8d67f6e5770f0cbaee0b38109d26b09493060dc851f5fef121e83e30aab9c3efc2b8397e8362aefea1708f7ffa14d3656f7f7610f3a629bce14648a593250c6f309c02c6c552bb42984ac58db920dbc7d98f59295f37f3e9b99da55ef074ed65801b390366669b4c7aa1c483ffd23082793f9e5cbe30c34250f63fa3ea2cd097593dc67e8d27b7e4f07e73a9f7b33a5ef6962df1381a038d4f58fdbca9d71ccf640b917f631b75d4a2e8ba46c64a6223f99cee30f47c1a935dccc7f054fc39d3498c824e10cc3ee337e781a3971f0e98295aca611bde701c2359858914248f6bafc88232bbc27bd85883b00990bba7862fd7a7cbd4c86df049071fcd10d686613ec877758d83927cacc530bed9a596b5b21c6fb748c379d676de7e05719a867c9f934b5dad99ed97dcb4e70a9b6542ed5b2f086d9f56fc9752e788785ef8f7837a31e433438cf2f18f58be37fe8412f6d21a5c35000a5efb862926700079413f76ab2c3e79e20b516eba9d8c29897097bee55157936607cabaac41337ea4cc783c0809c875259f8020e16d5045fcc39ac796d11a82f25fcc9579bf0a010200f5745065175fdc15474ed514cc796672c59637c3c8f236cfc9c0978a3db1194680c58c27746090d76ca09f7c48ee4ee7e1d3cf0ea70dbbbd88e30e8814b57404dfd7c33727a0c84cb7bd468b0bcb3c89b526679c00fb0892d2a5e7a3d73698a3db53fd7d78460cdcf24ed22b5f39b8c00b3506541ae4a5b76fae29c1cd5b0f8c3ce142e0af7ae4efe3fa4c438a604bf4a9abb41e3fef1b9227a7dccc3f4d6026ca289b4b1366d9ed546abbbbd5677c8d582e79e2b544f18dc23809ab753313d84dd10fa3ed2f723f0b46277b8877d4f3e0665e88c50caf0f0708b746b736b00c8c83a7d18500384bd035996aebb7da8f09fd6af9b76fde7fbfc0ee854d7ec02950e76abd23ffb27a6ddf1772465016c79b98a61bd3940547b207b6507e32cb9761a5604f0f546834a8edac7ae06910045de218d761a4accea886188f947b57bd876491709028e2e24b075d6b022b51af1880ca16a8c65b7c69e51b2ad580ee058acc0606f0a3a9ea1cd4342bf4be602e941dc4bef1239bb9bccbc8098a6a17d63186c6fa75ec44b6e4fd38a3fe49c5eb995f0cb884e2f3ed6be02515fa605b98453ad935682c3bac6a2971bb68f4094cefeeaceda92dec803ccd3d346f8b40b48f8f489e118a17367801e85c79e9b3bb5d73ac44a8290cdbf83a154f2f125090d42e1a1cb72f5ebbd42da46c7a4d4b9fad9612a4c800de6467ceb74f831e1395dfbf5799a3429ba34754add4b34b5960a5fee8f752dae78450322a1ab3d7102b77e907fc1eec5355991e0c7d6c0866660e5436248edeb1a37c0e769a0764cfbb6354332d6e55103b9235c84eedaff918af3f0213c435c32ab409a4b5c7eed8ab6ca9e313dba459bcfa3ee92e7d669be0526856ac3c06a57fbecbba553a9cb4655a901d98af02b74098e478076655d325bd7639d73d7ae00c62fdc361a997ea4ff5b0eba33096b12f35cc7cc0eea62950b912b47c11b9fb386a47c4c15c0602d304b2541da889cff299a1fd415e7e25c70ee4cd83feea7e6a9c50c75d9b128458513d61ec5d0299ef8c090472fe0850f384938ed44d36f10cc2c1d31daee3f946a2fa18f9982a988fd6ac973b1569313ce3c8ff5746c4dd85a241f1e9dca0e904c091832ca028533a3e34c184edcc510bf22a27f530bdca3d057928a96f72dafc73a9aa6dbf2552598e468735cc5736c67a620e9455483e9cb2108045ad80569582ea93a53b491e528c8df336fb326ad74317bc1dfb8ec30a73af01a5dff3e437b7fe48ba5dbb3e8f01ae0c6fc28675a415f23a796bb6e0ef0efeb4b14cf20d4ad88ad1966da43a76b454dac8687bdd97b89b8f8eede91eb34ca4a0523ea65736ae39341fb32b9b716f25662a37382c16f3b9c346c84f03bef54acd6efb364c6401b07b3f7679e8e7f8c9b77b75e6e98b90f4df88460f1978d19744eecccb743a999aaedd00b5a94018e9d5a56bac9d5d55f6e93bad52e84aa7340cbbf98d56213d9dd3e1970867e3972dc98e61b3cff40b64ec49463ff79a41c82dbbcaa37a82b761f432849aa83a3d3c9a209e2207b87ae9ed9959ffced165fcb0d8873668c3cd8f18ba0f92f7acd2bf50416c22ce11692bf6132eb9f558dc789cf9776da94e48cf48607f19d9a11d5df4db11dbaa67a1d20e9f0c96f5956ee3f906e371c489efc88b0c1e56d881e7bf8dd5d6742622eb873e253dbe54f2e2e6d0e6136941de8c23e9a632727bb5f88c23170316c7aa0df28d8d07589dd6022828834f7ea9b4e5876a1704944aa3186dbf89e0e81767cfba03bfb38c55a9945209c4dfd88272c49d1745dce5ceb40f0a6713b5139dc2fb87a8a4888406d2610b7b910a9e5782ef0df719028d8e50a40a269dc9bee12157038522d06537bb31fc87d21af9ad4b2e7e127bbdb313e0a116010f65126cedadd4a122d15a71cbcccc346f55100e354b997154567fe3caccd50251d137c58fc3a2048dd5883b6af9248b51040c01a80c051b8a151a8878edf0304b5554746d6116b749221a1d0082ac925e6e140f0c3b6a180742ac8a50ce0e93e6399102f151d7c14000369ff52d0b537fdd51bec99e7271b1255c6fbc36d83408c417f6825a8e2a58b9054ab2c3ead69d97ea9947fec32d720653c123ecf51a9a3f0ed88743e3fb7b94aea59d0bf0219ee50825ef220554312cb907edb90e4d85f29e316ad57d3b90d859391fcfc63e6c0fd3ec27d4e1efd6e0b5ca8165cbd6af25ed8792d805f27fce308ca1d51335ed5d727558dafe05486a6f9149b8d3bc022026656714222830be582889e6800c0b170e48ebfd069e711210e4ac7acf07652a6f5051507de68aeffc9540cab5cdac84ceee46059ec23820c04b127266c0bf8df0d2b856be3377ab42592f495980baeddbeed3ba707a85dba64fe36941eefa8fd37204ec8c18df3852febd2b142b1c9a5cd0f9e424cd408ceb7788270899fd793db99ddb8f9ca8df550c513790d8bad37a1d1f4a62c4527bb64c677462c9b093582decea70c7bbe873095536728e7ce05d5cafb5d166a1f03055e918f787fb244c5857e3d7a1009bd37f30f165564a082c1510ed19bb1633811a76da70dac67641c2478c6b335f409ef54a2d0f370c9510d0aabae3cb998bd023778375cbf9cf5ef125afd584c11efbf40bb51839aacd3016e5e4d79f134245f952dbad617c78cb6f5712bd9c0c7e1303db5029640cf9b56e29329c3e6a9e0a2371aac1a437b9b1c4477ec9842aa80eaa22c5eac11b60c661de6ddbb088e844293ab8589c13d938765bbaa44301e4137148dd0257bd4c8c766c5d3bfe53671e9417cd1b52f622870ffd90f4e17b7a4ae1b5601a2edb032e353bca652fb565beea6fb0b2cdcadac71794c662677fb1dc81d116d94f5eced526b37c004b95284cb6aa2ac415754a1f14882595dcf4d3f1d905c6e8c12cf5a9d23d3ab55bdaf9f17d2f03f933e1bab89040753648c426b072b73aee8c2fc0d1c03fce2c656e20d4c96803fb2ef471b912267eecb4d6f342d3513894b94d77767823fe0c7438e51f21bcf16f0e98b94b23a10760271281cf843989824f7061bf834f93fd8d2090f70e939700dcb4d8964a19da39a9601a7e0ed9f55f567fc7d5682d55a9ba0e68861756bb549f2f17c10ff6bd2042a80477f89743d3d762f1dfaf230bb502eab6f4c46b26135ff3bef5faa179bdfbd288e3cadd3d88d8012706e19b7fcc6e9cc2699d3ba0e624e715599480d6b7dbc6eeea0d12a9236444b17285fc7794040dd40c2b2ef175f7f3641664fc9bb7ea6d7eb3489d504f8013d64a23aebcb5ce233405f5ade067dffff253f27e926431ad806703e8fab23656e0b7431916d8d4c72a7d831e3664e5f30839c76c8167b76f3b2dc75a6ef48df515e06ea54ca51de2fd9c5eeabb1610b7eef06a2f3167859cf82e1a5b76be8ed8beee2bba28c3b15af6890d7a37226834ec9f63306a0da11aff918753d8b83fe7220803c070db98195d6d18357233f5504a6e3bd6f30115d3987f93aa5d89aa0b8b577d1fed94da057a6f088233efc0f44f86798896eae9ad0b20c8c9cdd9d72a3f02213f6797800894b864cb44fed009440fa5b0197023929f9bad16f052cc2d87327788a68b9209f46fb4776b092d75713048b5453ccd699d19cafa8e9a93fdab0f0863711916efe3bd81ee71b8e0221e12e9ffe2f6ee1a4dc1a8de6e593480f3c05b3691e916a4a7ca51971eb2f0f693dd10f6b8468f8cf7bcce285938b5a0a76ef86acfa2990f88bdafdc39a065db17b845028ed2b7a9e331c44217de20440e406868f1eca818d0be20248c2948b8f4cb118b2e456e585949139270f57c54715f3297bf714aa7c5f72ed8ddf6a074703ffbf95e45bc81a02c42822c22d2b718f2de5e03d687a4b18d605ef5ae75f9d43c8cb4e77aaa0c0101d978120f29574b22f52783c667f7daab3e1f9cfacf2e68e94a24918e3fe2c4f061deeb64891b5217fe5908e7f389897751839982b7fb736fbfb1232684e93123611b7fc8fbeb74f8815b5ae13240051920f3b6ed34483ff673c467ed7f0a8fbf619796e485affbed0697415d2d0598ba34d5b9e44ffd12a5edc323883a2e28efe9baf860324f2d2016748503eac1888213926b0e0f0335a4b51820a2bd3b42d982ec6ce307b453b6385aed7a735a1e98479394147c40f01c532926e10e1b26a5b395bc150ec4b4daf5b1436bd0baa225583ffc9d9e9d8a354f60fded37b41c7c051daea04e689ab2d4e24d7d07c75c50ccfd6a527e024d1632246c6f40f06b86ffec0b29cf894b665d53d459226b93422d37a8da23587fe884dc3c0f2fb55dea296a9a5b9a0d101f186d9fa6288c912202547cdf958569d2cbf235740eed38d10b0025dbb6de31058e98780d22149c19d4bcaf06dd7353fd91cd1f47e47f45622e1472542be2f63f463d253617eafd4f2ad609f9020884905dd5c22fba53ccc619104b6c0203a7f6c8c26fc80ff6fceb8c0c51600c2e46b4b872e6d597511524545a76cb42278b519d911e6c1320e01682c551e204ccdf91290c52e0836167a5685cbb1af338eb794c10fac92950f3f7956acf28f1ca984e380bcff9876b0c71dc7ce4011d1d0f955da9ca885c6e7bb74c6194dadb0fb9146dd725c8a9574aaf3824b727c9be3fce59c35850b162c17d3013689fca858a0a51d81cf4f30d6a8705bbfe35ff03c34cc7c56aca32140d72c8e8121fc71353596b777b266d75b322c9a97fd2c5d4e2362f19c99de66da7bd9c495c03d9a15b28431a0c051e786fa80f5503a72519e6b419263d72d553d688349c0cf30918eba0622b953a0efce4415c29515c26ba15f00e548ef108afe3f8194aeb965e5e4be94f10df6c45ea5c133a8c3398d09fb80f950b83c1866a1637d2bcc195e05cc32a9233b244cc2b1d4930e66f032cb1163c37b3e58b576ab76de759569797fa9b8bb4fad66aaaa56f09c7a0ce4641d6799d7bb47cf684990ec1e08871458c211a353ccf1285e7429c7b8520180918f7
+MD = 85747c796a910421ecb364b4b4f0e68b49e9217944f6586eac4993ec
+
+[L = 20]
+
+Len = 16
+Msg = 8a61
+MD = 60bdeabf39efdf21ba9c0f94af6552d2ffe699e1
+
+Len = 104
+Msg = 37487aa02b03bdbc6bc62e7e26
+MD = f146072f92dc4a551721a10bf0b01564cc2b43df
+
+Len = 352
+Msg = 6ecd002568bae3bf1873993041bfa292eb94e9ad092d8eb3585be82e8a20cb36a47a06e7a57d301268a4a533
+MD = b0a2d6033cf1d8ff120a605b745d736ee4aa06d2
+
+Len = 504
+Msg = f6dc1d2f6b8e126d99939664693d8709513f97d730074ec2794e536d94ede79c81f2b2ecbff3c2c26ca2d181ada2c60050997f3bb087ce48d956c18dedb227
+MD = 395dd2989edc854746e384f339f0808c515747be
+
+Len = 13976
+Msg = 07a6372c863c7d7c6764e4f05addbbe161762735dfd2d23bf268e2d603cd28de9c369ac379390473e1d3fa7e37af1178cca54fa0f782dfbe68070952b93462ea46c640d43ffe71f5fba42df98f4c48ada0d8aca8753e0731508bc15dff283178ae5c10a6ff132eca5dde63a78d3ac94685152897828eb25a55fdf140fd33fd4e7b03f283e201a1baae8986d25603fb0b2566aab345fb48031d648144dddc2e3556c0ceb1104f348d96ae7dc0152e45c625d21b46e70c31f250c858aec4ab2cf5e79d8c79b0854e0abf5330b9f044113d306161968f4ad6f0973160c9dc296056d5a11523ea2b56fbce8387070fccc639ec1c65ec663b9dc49aa880dc4ddd3020c9d44ff7e8cab6266e436af19b4ecb82010a0f8f9469ef380034a02e3f50051a6a3f233dcfe9d553459dc1bebc538ae0183448c9405c351271dea808d908480e61e9793cca111b4cfb9874b799626a1bd9a0f6e0929ad51b97ad81b2438f5fc255db3a3dfec9f0d8393c6b245b03d3faeb58021db3ad391b17a91174a66db4feef1b4c889699bcbea7928f4d29be2d47f76455c8cb1dc7da9cda41962a28ad8cd7b39965b809e7c7eca1c6792c1ce1c8a4cad6290170e91fcc49fa5ff64ab433b4aa081c8da2d9bbb072f9f18ca455469b946c877e3006b34ffd2219335b30ba2e0980f43cebfb629d0b11fe70dff28883ca012c6ae4855fcefea20a08e189eaeed7eb36ed6db3835976f4e60053205805727c5eec15d0e9f155637a9e66268b9c1c302bcaae6ae88cbb8cf1668a487cc996c4662c4a4e195f094cb31c717165e0e13718f8388957dfe0bf69c70cd0bd763dc38c530b67b9c12244fcab8bd13f602de848a2937699f9ef77944e5f22e3b470601789e1838fbea9359c733aaee2c7082b02ee459b7684ef9bbc200da4b62d368351f5520a65ffa506dc9b097117bb7ae88d04d85fb525e91327689ec0fe86971480c0e864012b1e9f044c7d80a4e48c07320dd4292086e4c71d4c98dd826a9bfced112bfa2beb1ce85cad204451ec45703931bf637d4fe89fe8f485620b7f4b21e011a232ade7a8c92be77925e878ae0bea9723749528fe83cf89ecb9616dae6ca0e8d5754ec6c92abb21108c2f33cdc18c6887c430b72c5b193356494cddccc577bd4c2cd53188f352846edff0c2ac7869cb74bb16a77c0f0f194a7a9477ae15abb890bd0bcfeb0c39381a87f1d05319c7e971c10e9ef687f96450b400e25b4285032892b849fd5db8649cedfb03c88defea063ee144a1ab1f3bf05f59c7db364dc39c11a446c3ce16307d78d50315ba29f5bb9a57438564c8c7b3e367cd37d74b2375a4966f47489dc5448f4979428abd32193d3840aa983d3020a9f29d760fc7493ab2576c90b1934b799c1d0d55e4f2caa78f4ce61930c79dc017c2dea0c5085d73a3b0e4a6f341e9a5061a6658af11e5edf95bdad915ac3619969e39bee15788a8de667f92f4efc84f35082d52d562aa74e12cc7f22d3425b58f5056d74afcf162cd44e65b9ee510ff91af094c3d2d42c3b088536d62a98f1c689edcf3ea3fc228d711c109d76ae83d82d6a34dcfbad563cf3726519b519fd48b51741aa86720836494b7a589c778927047a25d73508adaa401e9a6c0767a675e31c5556cbe35fadc9671359b45e985c3c8af84113989b299ae4474b85e4b5d4b0578ab1e8a2915a8df97c4f52a639fe32272cb91bbfb721505dec46d51383cb8973425a714245c2e37d0577fbe0d66381d9239db1f08a380cf609dc699698e0fada2caeda44d58d766c4f8214b10642b80b8d7d8add7cc41d47108ab7d07dab71069a2d982cc900b331caec317942122158bac6eac9175c2dcba0c04443aa9188832b553f5ca8c336880824d6bc02486a2b4c086665d276aafe3b1b93729829adca50c44466fd5b5cb977aa78fbcf5c0f0da1b09216468a11493ffb39efdeda5d669ae92bee2f2fb250aa1b9cbb11c36c7a6c6dd26cdc3cfd572ffd8c1dd72a13c27a327a34c6b6b3d80fc6c67c72152eec0c8ecbdc1bd5cb829b811e7f29af6d786f4e93dd4c96fdda295a6aa258d7b2fcf291c2d68e0b1866032475964ec0c6f2fa8c2d6a3936ecb187350def4e818507bf157c0e9b33406be7660605af14cccc9c799b4e051d0d0899e53495bb8931a6e2984bc6dbe4e02ec8b4642fc2f1cb5fd5a5520b48cfcb49e1f9533838753554dd98b6a1b8a67409279df477330e5f37367e06247ca5c3ffefd00e693dcc0c9c30754121c9ee88a574915b9e77c104fd2f921c2c096573951407ba9b440423d76bdc6fc978237a6e302cede7f99038ec31500884775556941f1edc30e3a417b0e02cb6fb5bfbe5cdfacf4006411287bedc565fb06f1be987416407dc852254934df4ab59edce476f3506e65be6ce6ddf91038642291fb8e92ba5b1f0b105670905a2c14796110bac6f52455b430a47b8eff61
+MD = 1adccf11e5b7ce2a3ddf71e920138c8647ad699c
+
+Len = 48824
+Msg = cd8490c93613bdf1f284b94b330f6d6f45a39c651d2a160b340e2eb696fc6d1c35e88872845190d141c669de92a97daa5433b1d7b0b899fdef2ce74b8fe72a7296a5b5be26d1dc86520367c730c7400c2fa06f91ab4c48a7bf4ae35a5b9acd5296c4fdf7451b0ad9cc439b4e34f11e5d7ef2bdda376f8dd34d6f092b219dc085dd4c4a6308b8808f588eedbbc7af7f64e83182fc7ca7cf4741a341060a7969d31445834c982fa8739ded4555108acbea1666a83da17f77cc42ee73323eb53203e3b790f81c08e94c44678b6538096ab7b09916e6cf7ceb2af85987f8e4d982dff1ab59b0bdccaae1f405a73366b5c5935dd0b43e2d2894290ceb66a0246dc02de728c5bba30255fb56ce8107c3144246c5156a8fe40ada9126adf67227fa56b66c37be63f532516211ca012977b04a97916f201f1baa2629eda520b51508ab4229df2ceedce406dece0110e0a911464f69e7be38fb91deba0addcdb3161d2799c628f5a57fa1dc37357c947681bd9c36f4832c20ac466c0c245de3b250c33282ea1a02d007f03b34ed427631283eb614db4d521f555136e7e42b4cfbee8134c63dbe3bb79b5a8b9f9f5b9f5ac61cfab1c54d197f1e3ba613f251eed616df952d691b88a16466343ef2d0f63882ddd2d55b8a6786308b2257f5d7b38af166bd7f1339d2d8899c9eda8fa86215850ba547450c267eb3c9147d96c38161a69d1584e521ffa23384313a1debcd37f72ddad02adb3cadce7ee34b7c1f42a15d0d030487daf9488aa7562845a11ee7ffccdb38b300935caa31f78a4ff3dd93403cf0c6a16ca611b58c736aafd33d6dc56f0f47878211d26f6ab801b9453a7f74b44593dae0f047ddbbf2c902891111729edec44f69a05944b18e7a601f41ad24fd6833da3dbe3029bd390de7c9841b2ee2b079b2bd2737518fe1bbec88da64769dc36e4a8bf716c219b2fe059d7dd220c1ed2c59878db5bf8b198e0689edee921ebc0cd2d3853fcf57c363050ce58071c5fda6ebcfbc1bb62e9eb956286291a108bdd4191c4ff47900d6068e1ea26b487649af119b9bb15dfed804836f2196cbe12d8fc86e3d7ce89b52ad49dc9ddbce5b370f73f512bedd853039366612453733740586d1372143b09f21dd4dbe1a2bfc308db8e4098c5e4b0c1e16141ee50e85fafefc4e2529b3c7252af37aee6f86e19df28871686107d7d57dcc812bc077602642d2ecefdd5f694b8f336913210793e4068da2178600b1f41cffb5221c9b4b6298afb47e85701d7b1a44241679d8996f916c81ff437261cfc358b9ec42a2ce16ca3bacb8690d6c1d91cfb3e0bf1e7ba45bd01606df856fd03c7e946f7ab371a89e1fde86d05fdd97bd7b1c583b04c2ed2b5f6815a460645e4e1b4e950bf6bd81dd0352d1048df85266f1696534aff5b1cbc17f15d82cc8e0c0d4f0453f9439094f8e0f7f4bc045b654d9a2f1f44a9c57019f63ecc41021c05b5380675cb56ea8bb691d79ee204d2c4edacde3c1fb3f4996a11d84b035f965e74009e2ab80e2c7ea3c84a834d4971a1e9cf423e4ea67ee526eb3c3e4c2d7372c4290a0741e1fcca5ae4cf36705abe98ac81e98a5419baefcaf3093a7e0449ef1021f88ffb7ad21b2677e41cdda12025b06542c4b2564f15e0b99db43b7c7020028bd829372122cd910227cb07c53cb58fd9dc620c0491f3e2bf883fe6ee8cb1f5b73767977d857e4513e8b5612f6ae4b56014e6a3ad2a065b65472212e2f611743484cfaef860999d1dc5608c58412fab888ad72bb87dd9b55b692f31e252daf8944ec5c02a5a9c23903c50dbd845f2fcc3bc9806af13ca7b025cabe675195b1d56f3fe7d7bca12530bcc0af217efcb03a218bdb6f9726536ea902c8303b02e3ced22be59753588b5f0e2f3419fa5345a942dbcdf3010465384a225ba26cdd0f1d74999c69f336bb6d01fae5cf81cbb8c1a7a29c1eb83ca6b51113bde56b8cfb6a5d72557622a37f039d090a689accd02b57c691174338de8e05bb3620c079705c969c58e56b079dc9eb44eb0fcebe548f5a31f4072a5ed56a2f03107bf40a359b2601eddf53cade66f294cfeaa40a0d94b9c90d15f61852f295d3911f8ea914d015885c8c64540a83badf0021a416c3e37b78236a2ecd1fce4114033416bdd3a36c18ec13250ee9c74c0fc4dd564b3d24a825802d5ae402a53bacace115ae3bbb329be79d1e5e42dbaf0a6446431145fe49b86a8703c7c41f8985d54f12e314c16ff89351d8addf66ebba2783f2d1a11965182aa0b0dd2de53586c5a695c6265c2b173958da648611090557bdebf11a1e042f089fe98e049f4796c60d26be38356fe020d9ace9008410d53a1bb7db78b52ee44bac364213f5c59f1eac4e3314f3423b92fdd7a6156608111ac6ddf58385ec1f3df12061208db98816ac948d803fad10d5ece2018c60faa13de5e5a9033745c824932e53f4122a39f635813545c1b74732cd55642f19ed6deca1585ebf7242c849bde981572a2199066e9c912b2068c8f1c8b936c43ae95c6e22bd7b80dfea05f495d751107da5928e806d0af905c87b5a0795df146af6580d8f9c6a0e2645686d43822ce9b4be0bd5937c097917e048b5af71c7e7521d490f107e9231ee5bd9fbf0727ba87774ed24cd52f471ffb71849ebd55605996515bdcfe95bb1df3541e7c42da4166dd01ec3597634aa6455d15fe14af435e8d7a55ff1682d55a2da867ae63d11fb3fd987fa5d7032ecefc35d3fb9570940e779e13da18070e6df5292f97f2a281f9598101102c955fe4808a2319c85fdef3d55b19e05bb8c2d3da64bafb67a53491513a24f6f0804aa162c8a7db25b38089373fecc45a0eaef65dd9be3b4b7f9436a5423fdcdb5a9b60138fc6a2261225390d9ae0d8ab7f0f7ffff69dca06881d33a637d634358abebb333df41151f239add91abaafc89070cb2159ce3a31655c22e4696c9fa7a7211d1251d4bb21ea4a321a3dbebc29d97f526251e40e548dcd7ed07587719a266f006179dcd22e50b3705152817057b097b043ad63b8d867edc20aea9b4c959ef4ff70f47128cfcc21e31f17978ecacc366f459ac1cc459a3976e4173ca322675f84f18036119ec2f204c3fb554a0b72f7e9d8c882ab147b3d280ca9dff7b9160b1b437b901f03cbc05fe05c6f44824b48aa8da52ae7dda1653fd500f9ccd221843cf76513b3b74d094f14d93a00d7cb954bc4cf2f04f9a35e38edcb1e84f62057647dcb3571f1dd296ca1e049f1746a8a282e85138500e7649db756b2d2ad88f11c471c89dc6be2cd43481013b8d0ae83da2b855cea7be424f8b2325b1850d1fdef03e765458df4513d57c72ba9751e1edc3c4e7f97e3202bb46eec7be89871ba3704aa6c6fc08851e551a3f655fa1fb798d12f003faf31c56b6df399a5dd0ed29ef9e4139dbc254bc5d6051840a859eabaaad56324588fae881fd638d2b70fb3813402df61d941ab495588e5fc3823249bf9a03cf877902394f512de118edaf98843a5445e9073fcfa409df3db0221f1c77e2dd21e74f9e10c9e180dc4ed17010eb949c6d67a22bd5337b2c68f9eccdec778ece728e91353696b742c8f5a3a569f054efb8c1ed478ee9b75e26c768a5816aa6bd08a4c72e745fdb5deb34ecb86b3a84346c1c70f9c16fc45bc0421f0da2f630912d5079f390cc53b78e343310de722b53d2a3b4aa386caa0d7e91986e19c3363426ba30eb5284293af81d00158a3f5233327b40c3b989725ba7dd5b31ac7abf8d3e0b737e843065cd7316dc2f374a00bed4cf9caa0d6e232c854df1bc24c3d484bc6bcb14ec770d5745474dc6ac3b3ddbffc551c9fcc2c56a5e0ae17948457c01e701bf1554022bc2b7d9dd42b2b91172fd85e6874d2d61fc7b3bb3cee2a9bfec09f6d7e98279c6f511f4140b116c856c1438e34bca59fdca2409f025b896a52d68719bf93e82e7d89bbf798991fda0af8d06d17f39eba4bca09c1fe594b537ad4c9b94ab52c895539d639425f9146b24b016368a638e5bba391bc8763cae7c52ff9c496884f1d84e5e08ed451358ecb3c4919dd410e82cac35ae744078287c05c89b42999ea6b8b127d40d53a5722d45139e8bc507a11e7add7fa9ab12cc40afeec008a4668e3e6440f27bb5780936c0e3668ac51262390c79b3f21fd041cf36ba3522f3a552714ff188bfd554c60d0e7d11213cf7d3864a5175d4047c2f3284741f18ec22995a5b82bf62190151bc1529c6d9927f9b0c1dacebd9c2dc406f7f64a973f9a70cff6e3abeebeb46514bbf2ead382f7262d46bd43d88c1b91a9011d1f8ba81fa536a7162aee2b2ec6fc0f2d6efc87b98d2e41e0f946969da659c21053775ece415a34d42b6cfd5bc52259867b411dfb991461ca618052309ca9c96468c2da12dfab0e822ff3bbe7ba281982a239ac19c47024fe1f0e3550cf0975add1f680a9dac9b2c4ab0aed4f409ddda6765eb8a0a9d1e9d07458c69ac8195541219b18efcd06c0001f2ae7fee2d404666a18ca3cb3aa4f0623e86c5b1229f6c2ca28d951111294b91edc52730b6b2c46e000672a7c89b2f38045bd3e37dbb8a75e18687a514dcf740c87a34834d3c3cc8aadf6166ec0c42d2be92f90a3af49633ff23cd80848ceb57ac550eaf9ae496bdc6a2d7cf50fe107895b4a1ed014f78af24eccd6a07420f1dc0df1e7c44b4ba937dd43cab9c798371b148325578d61931766af02b45054bdc2d9fcab2f4b49092f6fff7c27886820739d6140a4a905f0020249e8ae8dd87da1a1e7b1851eb01045aaa72dc8a2bf68055e7aed41d85336648a3405195d2ab61b0e29a770461f32fd05e14c17d72c5252f026a7b9abe7ea9176d3c46f6ed9fb716758d97b41e4f5d81a24538f763d83eecafafc668422612b40cfc32b3354b24755fbe400a2bfed494fe6d0ba0051713b776e67e2f1915e94708e6dc74b398f2f526933aad8fe7dc32faf40022606aebb6e0756b994c3176fae7640ee06d6c67bd54764c4752f1bf831f43e0227cba101174c5554ce26400f333dd8e9f6db1cdf670ce407d7d06c3aef4c0724b62edc8f1ba3e04f0e394d15a73b9255abb4d6ac70303dcf9160d32dc02d4804219ed5c7e3b48402e58ab2f58305f9bb95d2a8759947de96328ed5234cfe7d0b2a9a014df7e4cd0ae48906315f139b8635d2e6bd4aba32e62b8906cdfe5622c411bf0373d0cb07d17bb2bb5b83eae4401c243605fd1df759fd0ddc704ccab5a9776c40fbf6bde0f11b9646c699f26063a9550ac228c9884c277bcadcc0a2c225dc203e28e253c4e464b23d2529d09c7b7dd3c984667372472b615645f294c4e3b0797f9d1c234015b78502d98bfc04f1fa2f16cf3e7221d5794d035e4b172a4d84e679cb1c82df2fb49d3c6668eb1661bed56705096c2371a19d668832808eedd9e5b1256c18fe7ccc494e5e29145d453c553ec86fb7f3a634d0d45661875f2f1005ba5e734c1a976f37cd23450e4606e32d027bc9ec2edd9395e14b2082179bd7b4f9b8caa2d00a2de71d48553f7d4153cb56a1b08f11925e4b11c9281744ae9171f3d6faa3ab3f88c5c34fd23e4f6efeceafdcbc07686ef56efa62c0ad62f1cdcb4d3b5bc508c1f05263bc347158fa5495828f34eb7fcde98fefaa82bafeefed3f4a58968d751c051b52e0047f066de5be533bc3b1e439ab1c8602f6c67503803c8fa113737cb8279f358dbacdf45432b7a654d0e1122cca93420e956661d7275181c75b0d9c20e84c7007dfc49f27bc00007cf4ffa631c892981fd70141d532fcd51de5c23fe0b7a186d0dc296362f235d61698740cc315891cc9342da17843bcde274c17e462263d0e8b4832dd9075a7bbb443d4b26b41e534ad5551ed5ada102175e695363fb48d6b99ac978a3aa6f405d87f983384ce35740e930491d75675337c5dc081e3d301228e61bde5cc169968e5b4350cca2b085f9f75cc4b88497a78cd0a0073d90246c7dc102c7cbf3516498e8a41aa85d8cc5bc285ff66e8338e85ca83fb6889e2bccff52059bb9e92e92c155a349952680ffd0a3c346061a53fdf074417fc90c4d1af7c2acc3ee4b080752cbc9455ba5931b7e910f1e4af0efce905d2cc9c685923ead387fa532c0e8ad92719c76c281cd010e1acce500ae1443838b8afb48af032069dd07aa4df0d56bcb70a64592633699c8658102f1fbca441325e27f1732a7a973d8cb3a0684d72943ef6f1892f2d7ccf39bb6dfe5801ab98653bdbcfbb787bf125253be2624f6cf44177d588bd7b780d9e3f4e3a4e50b8a253fa21abce6a94b9073289c76773b46140f5a6e46b9de9ec066c176f5d1a69f380e1901216617363362d13ebb26ad74fb008ec08841550ff14ca800a1ecf2e007ebaad9f4e0d9664448d60ac0d8544243129fb81c1723b9b4bc2ee971dff736d9fcde0afbfbf5c50a4cc06a4c363998326c17bdc9e2508651dedd9a2a52bd87f8693cfcff60753acf9716c526e8635f12377e36564ae55d0fdb3c7997ec4dbdaa5b4d18c7b660acd95060831795da7d299a5a8d8cf9e92537dbd3ef7f56aebe38fa97c41da6bf0572a0270be7e5a7dcc0be3529339464c811052b65a938e874ea6da469c7d8992ce0aff1c75e82d1621ecb967213c65f2de582cb41de3804c507ddfc708ef3f6096ba4491e431160f98de806d0f334e03cfb7a3bece601099bd971253f3aa0df845da8b478603d5d88533d0cab9c89f2dd9a1404cf8939ffdda652a94093865a85fce2bc3d7babcff7b9f3306bd76b9af80c78ad518f89ee73b7a710da604e72f4927be8d65d06be2e0732fa786a83e27597cfbed9bf98df445499e0746b9f2cb9659ac0a9cef433148521f33b1d78d13c8441c0d1e20fd93ac450a3787a2292bcbd68cd1f961d34937be9a21abaf26f361bf53aa0c095e53c51f3e04d567eabe6e40d96a17c2bcc9230b18f7e079bc549a314b4ae21d30a3341aa205bc75c7f1d21b0a49549c300faeda243d0ce18da5e66c5b663cd705005dd9fea0a9564174abb797d64c58fdab1fae44576d514b75eaa31c9278b15bf9b6df7c6c2873d7a56fb91ab77b83761a09f9e1ddae535622fb87f7462256a60dd39dd3ceb6690b0272920b635ea639daf24f95462c523e5bbd8d8407c61163ab38877d5edfa04c2a78d4d240523ba97c7d01c71783f8748e85164b4dd08c25506a4ed18300b42b7bc6e417f512ae456ceec2ffc83190991a06d4a58ede215babcd3688e1d61f1975016244e80c88ae2aec05c7eeb1c50caca72b3b415b6b870bf5e10bd1ac3ba6b4acb1d1afac554444d94c97e171005fa4ea9c651bb4e527ff58d0c2f90fb453a92d6546a26e9e98395b09e8471bdcf2a145aacb649708cf048a7856ce8cf390c107ff2c66efbf2a76c5b041860ea576103cd8c6b25e50eca9ff6a2fa88083fe9ac0d1fb639c516b9bcdf23c34c6145a705498ff9b9747f15e1c08c63da6efeda4eca02c3f00dfec06c82220c9de840040118dde76be788daf84e6a2f44c81fe6defcc474f99c51c4648d297cbc48f081e0809dbda505d020cbe865e430e0491644ec8c52bd3ab8ce8c4862990f49fe2588caf804ce9500ef42d5a50c057c257168e283e4a4aedbe4ccfaf3eeffb212f9e23d15434d60bf4f455f512e2b655aff3225d1b217c261110cec0400f54dd303d6231d028c2eb649bccc91d30a6391c88bff9d447c3cf35a3467be5957e0ea4d4dc237c9f2c68ce48f658f820a3d72d559b60f233ce538c92cb148808e34fedf2d648c21e7f2ea29a77270c393bda42d869351d6c085d965dc12cbfd0311b8bf604f4391d378781eea3b5f1e0da9d0d8f8de88e56fe47d362cd46f591d3ec0f7cccb85a21f21ddcd4107821ce0ca9ddf99dfdfd9b0c9cd45053e5b1b4385bd8f5b227ada31b5c23e9420014474e8b4494fde7c38edfe70994d97b8cbdfac588df49a49c472fcce78cccc051f31cbbc1e0422878d8d490f3aee28adf1587c38fb7e7d1be54abeaa83cf54b633803a5e669ff4295df8735231ce39631616bd05e0e31117c722c2fd6787003b0bc7fe422a089c89329544e085d71102c1813769450a9f66f160d1702cdb17bd2c6fdf0f722762d193ce83623eeffab17b01b10a31db6e2feb6eb3abdbb2e36320e1a56e44e48d26090afa7f65003a98cbfef590ac3ec89b3eb230557cf6aa566e841806aa2767b21bb26fe001f11ae039e0c9a4bf1bf3d271960f16158eb5bd9ebf0080abd8369d512cab2d1aaae2b14d0ff6ee705a38fb0c801a98b0624cc138fc24834fdf430f33e1760db913da3290f34415c9e3df3e97da1780545ab68ac5a24db89f24d62f4a399728e4144a8c89f47ac2d29e30c49b0bcf790a5e3d3fcd1943c6a28f37251d9dd827a69579e6c17b629c927473b5a07b0a29d9562708d6c8ce576109ad1a3473ffb2047eb069beeec24c114bef392c929038c92abd0e6a19b610e27881361824d57008b7373d0ab76379570ded76c9b8284fe2c247791073c29b2fc6fca05019220ab92856892d3c0dcc6da0b597fe559c162d060d71513ebca050d9638164b9ae271fba5575ade787ec5aee8fc253d1b234b1df561db3e36ac64b9b0100dd6b407043537b2b141f
+MD = 2cbc07b9b9c819b8fd38d8a614a8a9c3fa7e40ee
diff --git a/src/lib/libssl/src/test/SHAmix.req b/src/lib/libssl/src/test/SHAmix.req
new file mode 100644
index 0000000000..453fce20ce
--- /dev/null
+++ b/src/lib/libssl/src/test/SHAmix.req
@@ -0,0 +1,99 @@
+[L = 64]
+
+Len = 16
+Msg = 98a1
+
+Len = 104
+Msg = 35a37a46df4ccbadd815942249
+
+Len = 352
+Msg = a93aed0fa5e163a82c9a934aebaab8180edf7de0b32f0fe99f9c75ec305b24609334cefa372c7c758262dc8f
+
+Len = 1016
+Msg = 433e88eb2f8aba562d15c18126fbdffb81d5d6c9397fa052321f5f78cd629708ba099b540da5451e949eeab8687a8d6ac35c531411cb37144ab5ff6a7eb46f1ab28fbcd2ea0444cd87c57bf7d3c02952dba3d3987da07622c16e7c086d90e88ad3d9d4afee301d2bad915d868f54197b70b23c9fa385c443404fbc9abf7e6a
+
+Len = 13696
+Msg = 2c46a76a9dfbae1f5e59f085e9c3d4b600c24b2d404d062cf948e75a3d4ab5b137a31397be9eb34b2a03c78367e0b85448891b511ddee1f787cccd498b172cb7e656c044a03ffde8e42478330fbe9c34072a9e99ce31b41757cc820d98e7d564e06694b96b66f4be34c5eadd0ae4e61fe6abbe4d7ccee855104fedee8b451a7fcedb793d469b0094c0ed07c97fda00dd8c1662b44e3ee6775a5ef6368cb662d257be561a5967893433a4b63f97295036a37272176d081545df00852bc5c4162324161296cd51f76433f2df867a5840f2d0c8d5be00b4dc89443d82175bf69c3bdceb97facae2b2ed68e06ae74fef36d8bd1f75f130cba509341dd54079d45de22845cc8e77a022977c7540aa3e779cb1127f39f825d4d78e55a967ef45e7c1dfb02d9999fd15af2914ba47177177d94576f1091a0657d9e04fe81e6be7b631fc1baae66584c9c26ddbb568750d77555c927bcda1fbdc15c7cbe3e3fe88ca13ff12c59b383343c12976708c0e3dff78be0e286dd32eecf20b71a09fee50a9d0b13c85a15b320b162690f399282798aa3291fdd2f9c40ed873e829388466ddd1da42f2de16aaa9272ccf44790cf3c95382c304e25ae8cb2fc9d9869808f3ee7d42cb143bb0c3a55e03db6d1202ca1bdb744e448640c0aa60d3ebbda5c21e623bb080f4a073a48822725d764e51d415aad1d7c5a7f17433d15ac7d849f910c375ee0899f6a576dada42fd651343383f286009902bb62deeeb2514de6af7f09892c20d0b238f6021f03b62444b1e1f21beeb89acfcd7136416fe7bd8f202e76afaf5345311798be7cb25351add2bb044d2380221009c4d1cbbaba4cdc8631dc0144f2778a6aa1eb3d3c81df0b1b2142fce111af8214d049e40f536c5d462b9224a978e82cc6c420e70ecc3cdaffb726a183c793845315f730fa4dac9fe46e4180397107a6a051f7f0a58ceb9bf4df37e1a81c8e9569187228e8037df2e59c52ba815566768bedc8e09d5e7bdc9f2bff23aaaaf133bb5a3332750f6124ce185e29fda0851addfa2c3d52bb6dfb530fd4ee27dd5bfdce5dc2f41debe6740274bc651aecd4023b098a7d622e2296b50d51b79c4e3f521695a9d43f038e8f273405e26584d3db179e7c1758114a3d39970df674580bbf2884405974f0b9c4b0d8b3287a2314f3f81b6991812f354d655f62513c9551b378cc2efa4c3e08b313c56cada52217fb6112eb8299b28445aca8f72e7170a1cd8bbfee4d2145fbe8d49c6af8831c4d4fc7177a50ee55a7b484261504af946c6bd5e1d6b89092f3c487c0568fa07c356fae9b8e831b8320289039746a435b122cfbc4a0d316bf90d481d3b7d979cc50d98c1190af8dc58e0035557dd5e94f437f41fab513202643a77748f76c6b77302bf40c392cd18731da082c99bdedeb70e15cd68bff59619cabcc92adcf122753c55afde0817352bc247d1170b8ddba1ad1b0faadfe0efbfc5fe6334377fa372c3435691f53dfc2ad5e08966b2d3525b1eec2d993a5cd4ff34278bd40dd80313a0727d05e0a932156152f3e11a190d8d69726f5c57d20f811e1e8932e86409ffdac96c6251c2a2976b8757adcac5d2de94931d1cbea866ec8bcba5774f8a7fde792f6acfd0f01356fd66fdf54a416af6a9397e00f848a2e9831627cbcbb52b5a868ec174e69b4cfa1ed72cdf23f39d7eaf4bdb318c188b1f0fe75655e34ad71907cdb77a1a2b162cd7c22d93dc45321eafb17cd60282e83736267b3e1fb249c307d49509f50839942f0f493afd9ef37db053a918e3ec83d801bbdead07554a018b8ba348fe9b7dd92ea7c5fc0e65a644ba19aa1fb6c022ab768ec7cb249ba17b9dda2860bd4aaaa3dc70ec009804141ad5ebc61203658e57a0887ec0fded18d844a96e79ba7e879c4253056f23e205a80ab1471953438f85848f4ab31ab175c089e0bbb97ea0dd6a67385770356741966053735e2cc2ecdd2c8c75cc045181dd7267584b901674b553082b2c58fb8f8be0b99306194a6f069f684535423304d40a268d55784a14260fa9c9cb1306b82f91cbee3c9f43dea9e50903135cc1c6505605a100bfa28564a2057974eef0852b7b72ce264815026d0759f691db618ef760edde73ec888e181403834f7221bb27a69479ec9b28a3fb0c3f68d4467d25712fc48ad78763f9ea6e8a2e85260225ca1b1a38b720e589fafca29f07257c5467cb74ee53189b8c81b784c43e93f98abde1ed53af60b27b13df6ce45001c6e1813de3521028981086f7d88ba13f6fb1a800f312fbe2f842eebe847fd760c394668cfbfd353ec14ca0366eccd7b4cd63318116bdc42e20a632a0d2b8c5cddb37bfc0a239ebe3800a787d2ece077a7968036b3d9b31cd906f888e3ed742cd769033e2c24c5a9e3c10b6d300db5a17dd88
+
+Len = 100816
+Msg = f8ed40e878dc68ceec52cc8e2868722310fb117ca3a52e1839eb85d308b8aa00ed0bf0b76aec8a70eba4f0d14d2d85c5a0e876ce2c8ee59cb36947def6c40a587aa07b368ca8e8a08367018e45b984de0d7f1aa46b977cc18c0cd9b7bb897cbb2814aa0ce8f8c9843e03c86c19f2ba95dd2ac4a466a93aae4b3b05055ff148517ecf43e286c57744a3e10a14d0c26e139a503e7927aa688c78609170ebe3b54104390e5f6cf538093a67922e7210e77fcb584ec9b6844e829be246a266460cb442bad52ca47255fb8cfe276108c36e02f9acbd3d191d34b93d29ec40d80496d1c1bb5ef036221641200e905598c54bc4abb3527c5a5f6258e59d4bf54a0498c108a2725428efc2047e0096b32dfdc6ec69d5d72f81301f881ca62a66c22e5dab9fd9d90084c0a36b2f3a0123cc5327a3bc7a12fd947ab57169ac533e4b6a2cb80fc65b9b527cff9fba26994c7fafb5102a0acd8f9d246a3a54178c23eaa04c0fdfd3c0cd980d1fc7a72b25d74df9b95c3dedce8ca316870c654f9ebea9b806da9767cf40605a4b0c7fb06f6b3f197bae7d8cde9daf38530e25bc51b68f9aa23ec0e95199b14bca96c91f3db15bf8432f714dc46ac87218691bc66cb3a42f6865e1c30f8394c8e68c0ddf5851ab7c5906a1994a9af6ac1c44d0d6b95ff15d9f77825ccea40fb9e516d45888f2378e045d95d936d541cea9c8ca52fe5f7d0d919b2b1c59a42d06105ea4f2943c05178e59d67351c5b2c0051c93a4045e512884fa656b772cf398af89081546d920fd3d24ebd16310506a786ab33293027394c1bcb7b1efe46b550ac28529646e8d2a5ae65c59345e24b44cd7b06673f3ed3b9008aa568a739c26682fa596b7a655842cc6b2758b583487c78d14a76bdac7033806c5c210828ef313f8efc4072681f5fded748c31a58ac933b4665c445f07d603e0905e49b84aa55146eb1c1c99196413832a05efee2e64d6732fefc629b79b37bb9390fcbed7226b412204bda523b8b8af5c4a8bdb263ef9f3f6c7b9e1de3a1dc257c1f33b3d54a9101be5b4f2a9db319993c2cd137c41e35c434ce52e859afd1a635af4d8852252dc5e28c729b2b4c96a56d57f3f3854ded59fe612b9b3a51fee3fc1c83db673b0cc7433bff2472bc74a2eeb6706605e308690fd072a7042ca6474603711d8310909e47063f46f287260a26c4f11fe492298a0f98d28c45948a4899e08fcf443a6ba36457dd8329314d53ac0fd0819fcfc3357426c5bb8d3dfd706e205a81091cf08f31cd3459854f3d07e503991ba5f067e3c406c6c5396d8257496f4ba3703cb1ba25c2fe4aa54577af782cd57e85a88a2d75c54039e8b7bb559219edd6e81e41acb6d575d6f798afb2cbf7f00abd5c9c7b0fceec79f9a0fb040ebcbb7bff3602df7b71357efacd37aa57019350bb81213508a006160acde3dae5c42f03141887eaca22d7b33d6791febfb619d11ebabb13e6c5378e9a72e852ddccd31cc53a43275966b7042ddc51485ca20e1c456dcc7020cafb5407548b044d332229911fc74d7fb97de25abff7efb431da82de2ed7e25d0dcc06ffc74e57ca93a6a9f64d76a5c39776fe2266f88d6d0229b527525fd2e22a1407e26f94c5bc6adb1e7327f3c8bb8d4c983385c579dd8f5623df8cd6da569c7de73d9210e6b9253a177653a13ece075940fc81016d8c35fa4f6542df5120c174158ff32533476f4e059e35117081a24798fbdd1eb10f82809836f8dbefe755611347f75423dd8571695960c6f66cca71f0a01e8fecbe1183bee3335eff10b4ff8104132040e2145ec3164b2448f60c730887b9d7894e5f7df3f876cb17136c99cf32db1c02fba860937378dbd093c4c5112133781f06c8ca07c527c2c085e8ba5e52b399f2909e217aef6e3035ecafe2caeb1004069dea023af7eab873deb5ebcef2313c9827821bb9f89fd3d1570a569673d3ede86a4fb13dff242eb98450a8917fd8865c56e0a9f11d72394b79808b0429f3a83cf2465161596887fa2d557b367a1de9c7753666b0cca9c30cba9f0a749c03c55cdc7a6d45852c76ce2010de3e7f75d95228efdc79949b238d90b25f983868b7f07f585f7b00e45d9e132f3c09ee84f794d899759be3dabd46a256f4cf8da71270617cc2425b24cef25d1d2f3945afa6f81abfccc858cd02e05619649b1a5347650934105c02622d538447223d136a8a0455cf3c6f61f696b32266197b5cd1d936fd3ad4288520fb4a2f59bf95e659f33210446ef18debeb679dd99de0c3c74a6eb3dd783861f5db4e94a151c42ce27519d0bbbf1f3b1163563ec06c8bfd881d94a3b896fc07352fc97ada73685588a2242da1b718f81bb1077bc70fbd58b8b52163489ae403838b533851bec30ed0ecd97d72d1af534f3703db59f1f563bdc39d690a0e90e545506463a37e84974fd7b256bbb912cb4077d3e3f5bdd4bd2bab713b696c830b1f2185734c4d2dbd49d5372fe8b813ce73f5e01c36bddbb376ef4541033f2b0355613eeda8951ebf7377e08f967902eb7e23c0fa798c6ae52401721053f1095cacb1e9496500e83c412236fc21566090b3a3eee55aa402c0b774802fd81c9e8579761cfcfdfb1aa23786b2dc35dacd5ca8d8d283369f53e4a5db18060c2c6b0c303052aeeffe169fcaf7ecc63090a9ade245045ab9c8aebf738772297caaef5f857322a597846c7370083d409df27612e47b0cb240daa3cfa51c57108612ac0dddb0f59791289ccbdb3a2cb1fa9ac31a23dd5440682fb373bf0c1f41c4fe2185ad7c53eb69552807410053b0c2d40132250e637b8c425e6a35d93333b5b7d0557927b6179c848ec455fd1ab38348c0e96c60b2da49bd15118df64b6ce4fa48fbc555a4b2874141718e731a40b85382ae6e86ead31cea77f83bf5c063bf1febf71688a832d615e09d6f14badedeaeb6ffbfe343fc7274e78cd46a2aaec0a349c5f133291ee57cdcb65c5474e46294de6bb50886bce6c6f44dcb95f2a4761ed2e6c9e7bfed51e0964afab4e0f7e0b07960f2590baae66b1ec9a63ba0fb6c0d27e81508c51487dbbdc9beb8879fd58c188dfc774b3d0ddbd77ee8bdcdfa0ed8a9387728e12b13e8b3c10cc1c132bd822c2147c5ddf9a993aedbf78ec256db1be76644ca8ca7727208bf89732657152d34e948d73c47561d156f773136684d4162d02260300020123d13a95f4f835907c344942ddeccafe2abb7dc4792c4f1e39c24748c63cba933b16be0b8853e058c47a1ae2c4dfff39ec2339b345fe3557d03c1df91a0607a711636c4416ffdb73532aeeb74f237ed8bf971388a0659e4682a46b8327e751034cbf2c87c7828da9d24baf07a742ada34d1ef38ab1e8f2b4f801192c146600709533e61bc2665dc1e9e6441bf3c4f6643bc0c102a10f9a69da5b0e3d0a0c7cb694c682493032b5853f02953b5c2fc0e1348565389762fc2dcfbb34fd305f2d9df080e859396ffcbb7da78aae0a0d72e3de76c774bc6a81c87f2872b6afe97ced5269009304a4992c4add0bbe24e57632e19ad0fe37ae910193aab0aeae32cf6d618ab33eba59f6a04fad00b1d2403396e6fa661d31b695a1b349d62f56c08fe6c6eae7a482177adf341e51d03ea511d7959c721bd20bf371860ecd7fce1d25212891850b85648db0a039e6638d9c78bc958add3e41341536b5007be63fd1f7e3308876bcebcb97dc3b05a7b2eaadd00f8fcc8dcfa7b961bbe727c9aed1626ff786d6a0ffdbd1002cae8a7d047b6181962a686c152b2341c7c58c9f1dab5af424d183ed1c7d003165a1d04ea3683ff31a0f68615af6f91c21f736e67df641ed31b998445afadf9052bbe004d5dad08f62e5d353e42fc35a92242d8414d99dc4e7e81c8c027af686baa5c185e3f99abb3855b22cfdff0a62e2f47a632b7df8e00e0317af5c24ce7c64077bbb15ec27e062070cd3eb8e549ed9112469090ad9a96eb59294b021eed81987178cb2dcff67a9a2e930f6032c753e203380f8a7c987cea393234699de03a1d09ce204f0a8b6d5cf522b6887174fdbccb08f3e7c4fe2f778254465b32766c48812a45151ac37ae354dac87419f9476baa27e24b2f322b2da4ddf579750684a5881bae2269351fb7de59b9d5a4badd8951135f2713dafc57215dc626ee170fae7f20bff98e36b864e1fe0f0f9a300c903069bf0e0b6f2f8e78423cf6063e89dde6c81efcf26ef15510563c84730f611ac879a6628e55115e1a29de6945d37fbe4f803fcf2e344712d9e0d6f6c79f8773a9f199b705235e20a7830ee3357c5dca29d7a6c29a3d2628bf2c42c8f076cc4525301d8e1860729070dc53164d9fa08bf63cc889eed01b0130a7146d860bbc09ead3865a3082db0836a45f5506c3e46e452e298764939226cedfd06700e4e33c6b4a78add601140249596831e97f960b973a4e4dc3fe2813fa34eb47f998ce57270368fb81719a09298a223f7e3931ce5cdfab3f658649533354e982c87dc9e49eacebb5bb4af9a767b4f1c03d774431168cd4fec1b2726f1aae3f9a062a825f3295557eebf3af4784487b869fb049de44d03fee71194fc200af72103b157431935b5ab9bc122773ffd313d52d7acf1078386090fc011de695e71567cfd51c06317d4ff8841ceeb74ad35f4e5f4d20921123cb88bb2079674ad39e133cdfd6478d69c9bddc7a818be5d7b254bd9e0abdb030f52846fdfeae8ff370a51a9c5f6017af3c6c3db17c5c614ea18ab0e3ca0dd5de621217dffa36e5c5318fe191040a50cc3ca620683bc34da6c142e1c50afce28a86b8b66d189adcd755561a647080d93f3ede1cf54c3afb7e863fc8a82a2576d3f79e9b2bb634e598507a3d7d017e0176b7868bff3a3dfb4474b3ce03c401f33929364e727fbf8096b77eb351435c7a113b3215cc6246dd86f1517a7e550cf828900248f7c1754e40fed62477b296a37d3e53231360d012c4908b466e49b0e620c0a5031228009f259b030956ebd70e49357c3c3ac2842b6bd6e3ca5a3e985dc03f7105681fec03b320a7ca753b782ad3b52fd9c8e3bd980b48dd6ec8901dbf756108e85015821c880416e0693e0479cb31c0743450f6d9214afabc4feadb9bcee9def460a58d3a02d9e3039970068b8e3fd0a403a6ca7f2c71ae2b46ab3c731b1e65e2104c47fcb1f69e7c8c6df8c09b33f2e1cd4192faab316a44536dcac608832019f5765cc5240eabe3c87445c980c299a5e7ae0acc2c2ed19fdc8f011515bcb00476b03633c7669db1b44f97f6cd402778e9687c740dbe5686789b79d0b13f784a2a866eb91ab2d66f064c49e8df513ec348fd7272ee548ba08e1f9f99696ffb53677550d59c67f88404f6e610455a422d9cd987493ca5c366a397dccface2bba8e3e99719dafa768956cbf6fd8defc4104b8925878716a0514f70cbf3fa2c2bc2f66fabe654eed3076257e71117665703eb88c79e4c2b94e8e856e7a6ef90ee2a358409db78b98056ce1750eb80725d70e35507fdfa5933a61496ba48fbd5555717b33b59d4ef211fe096aefd478859ffc97a41372023ef114adcae5a8d5e03c21369baf1e7f417cb40326bc6db1cdf0904651dda3c1039a2f1755e7c329f7c03bf33f324206ce6e1638711c8c9a45f153aa1f847cca2a5d3af1d24fe7a1e1094819e8e712cbe10ead1012b7371b35cbcc2bd5b10505fb63bea20ac81d25e83ed0105e7595b6c28400f4d336791ce4a584323d0b455bbed44392c5f86c9d5287593f6986d4b0b8f9974a7a4157859ba801251d3b44b2bad84f29cb87dcf1680d6d10d1bfd59f0c95fb7bd07fdb3ea2fccd6e3ee80af438956ccfe31e750972f893ea5dcaa26d077fb3f09d990c2f41c8707368bba007803621ecd76540cdb8705435d74f4300eee04710a936f241c034709e625b0dd5dae1f6e86d034426819c365a05f5be420cdf4042bbff965a666a5756f67259448ebf742b6ea189fa17a4c3bfaf651d19a8a525f09d9cff637c8fac02eaa58d3ee3f7221da1e61833c0b183cd9f47686f09597e8115b435454acef80c079eafaa22b18927d07bf8b7c5ebfdec9c42a52b7824d45decef41e6184dc2db1505ca6f94172fafc10731706e79b9856dfede353d2eadeceaf72a302e3492d7dc81e3777e4e9e1f3d33cc4402833ffedb241a75a09e9495d671f80ad3acf06823bb04a92b815edd0ca7d01dcb3318c1ae5c62d3e99c0ec37908b45b51dd65f6b45b34ede2d6f553f60a45e20fafcb34ae4dbd375f52a5db9c62650deeee78e955087c2bea75ede7c304347b171fe0c1a2a033894be6e04605271307f307b2a9cf6ae24b8c87ce033a3fa4cf2bacdfcf54fcccb1f580476c7d00c631a8529a9eea2a713610341e0e25609dc8927e51c58a0a9197a54963b5cb95877354f4b8316df02ed2bea367704a12274d96bcbe0d0d728923a368bb8ab98d5db5401894c822632308ddfd309071fb4b477d8eac0ea5dbbc3e3606d8510d9051dfb5e4b7cdcf2c57c1b76902d864c3109c901da53019ed33cea84b407490486ad9f980a8a63df3d2e3921064afea137f35179130db3351f5bc3f5e7d590a5ab08b5415efbd345f9d57b71ade7dca939efa5a12d677b9af0af14468176a43712bde10cb15787c18bf066eaef8abcdea77d3a0c61d6c74ae7b54fe90940d0233e4b874c9a141dcc740d7fff43b9fbbc012a933d890232cf74fccb7ff7eac1148e203c7381b7f1d1429b1b1152ec25cbf7562596eb402a9328e43b5dc5cae36592da5523f0b9907a6817ecd395a7c778daae85bb11372b20641a04250b77b3a0ece885d07faf9622650259b874536d6d2b92181c834dc111b6fcba483167be40ecc922fb87006f63b9e8e632879563f37a8f712db9fa68c1a20ab239c0116fe022fad1279f3288b8e74a16d447e467b6381515814dd3aecab5c2a09c400b44e9100c04c720dc7e8c6d9460002da6c52004c16999975fef8752c2f9c229cbd9e6446b226cc454bd68cd665668a17328bb30f301e92ef5c7a2197a326df5c99b422096de8af231d1d8872e6e505bcfff026d4862f28d4bb3856a66ced22c9b0587451d8da4230a38561b5b1c69b523a4701a2001382aa82fcbd60733a14696a540227db44aef346d6c0a7ae5173604d59eb828614cafc1b8cfecda054dcc7306f73925e6d1af56ed74c51c6cdb66e9fee8d7a0078254fedb0c0f5dc85a4686870709b499eafbc8451aebadf848b0598ce8f955688bd2d6032abe10d1391d67c20a049841f95d2ee0c8deae2bc1baca0c098d8718cba1ddcd968981c47cd98d247aca4f838f3bf16d092eab8be8deb1f8d504d37cc44a8c96c9f22f2698036d4ad3bb48b31f109626565c147d20a4a7dfd61fb918f81548fb4f78875c1d138e819f6822651b93a3c92ad77793fba5222d870ea671f9cac967919d18f96e92778548415b2e170d90b201215354fc48a77e62823a2c2bb354782ad052732f08beb278f751529416f37d83ea26248517ae2ef2ead28c1077908995a2d25db0deaa957bcab39715283287fd626ea7388abccba2d90e364a7ff4284c84f70da68ce1aafb5be0401cb9d45e085aab41892a49e10cbd5baf2c34f5e0ca076f2772abea6f622b66020d546f8c2f134a87f96edbeb9b08394b585f2c2f98aa792f97b43b5f3aa9c34189804a9ecc2cfaeefbd0f967d85a25bf3136fd8132dec38aa82e4af6ff677682f3b62be27a180aeb22f918c24f23bf6f5954e0722324cccd06829fc32ae4fe3aee6e5a03b3651900e13fb0a759e544d033418b6ed40d037b4549a0404792c8fddc317b7f028493c4c91d6773932f8486417544f3d007e5f9e6fc02fadff175303f77f6b0e1f709bb3d3a93b38552ccf62688a39da1a602dd5e122e6f4e9171769ada5255cc5cf938dfefcbe3ab0faca434c42dc8c357e89a3d1488fa3df35c3580b124ba3bf6d0d203d586707eb692150ed05a01bf9de5c4e67bb948088784016394d47abb853f2b6b643a066ad81bcd1735aed4e108a8c1fcd025b548de874eb60de7f3c568728959147d1219e4b830e06ca2bee1f8a035e28a54ee6958d4821a84e5d1e41139905f7ec60fe67ce5f4eccdcc2c3d1e4a753a32dd3004970a4ff3824471822fe2b5010b9b6c6b01336dbf0181a95cba2624663215468519871cc39e8a7f4a151c8bd03363b402020f2fb98069b2cb8cc1b7e930938e7540d95d1d223e47865135793f9eb573660ff79f7ed2fae503e68ba44596ee745fbd8fa562c5c666d174cc01b1961736e18b8b517161ab9c8058026e0ddd6c94aed0086a26e1b959a5e05eb9d8c1ff5b2ef518ca23b4f265db61b499a48cc46bed28d23ffc1e8d9c9e345c06079ad47c88dd4e8e286575bd7f9420ab9c2d5c6685488b8b34d4c9ac04e1427ae0994cf789b48b01d1db9c2fe75fc5187727bb11119f82d0739ce4048467a08cd635bf78cc1b6cc9c28fdc199d351064a81456f81c9e56a43aef7332973804b06b18a26caa62523a7d0acc272ba49124b17bb68800d5756afd34ddb2b7e2dd8a118aac3fcf39d9f853c4d2c4fd3ed5bd25a6604d68d57db93d15aa1160f8a97e6c24238e84f272780966867f9c644ca2775cdac4af0ece036cfa6ebb1cd9d701dd7daec5763c9a4de0385db383a5647918e79c6a6de1f4ee1f6b722c561704c8d7efa4710d78dfce8ad2df0d3d82cbb59cef0bcb001f70bdc6e17af1a720b117fe02bb1dd527b18e6bce70e9447cd0cc85cbcf431fe7c006f5e4ef878a974a93b25f492847c9ae020583c9d412f4124246164d8f080b615e2eee267a7aeb5fa0974de52cefef23cdda7b305a33a91e9b50471ceb72dae337c485d636e28d6ee31f5705983808b1567d4d4ae820ec445c56e6a404cad6b408691475397c0dd6cfad232106ba96e5104052700a653e21f9ac6d79578a9f52548f426a1e81dd45bae30acdd4d22a2dafd633564d6b2f45e7d35413503c955cb0a9784b42ae8c2a5933a6729f3922f969a158540dcd201ecb6e32f88b5b4921914a2e8f424c8b031f115ea5d23a21e6f22439ffd7e5d11b08df729f65613b4f6ad3edbc9a066a5e712ecbddfa6fa764cdf170c0485f82d924a99b7e7ad8dc44c1f93e49b6469a9af3de5691944413f1417b753bcb84d5b7a34f362c383cbc802b0c88bd23a7ac471b9287571c42081b1134bfc8ce104a550942ab1f2a074cb00a90558d6e841ff15cfde6951f03e450a1bfc90dec6c513fcb2692ddccc31d22e5274d41036656183c72fce208e44920776f196193137ac67d6d65ce9cfaae774f23a86e6ee8ff3a4e9422a4667d971906e5496a4e80278774899c882708611bad282f6c1d666bc5e7c40082b43a6e98d494a18e9b3cf7f154fdbf90d786e59e83b72ad0ab893c49aca50ed37ea5202e650fda54f5c46ca2a35c476f4b009c5e6733232275abd1341199b63d22386c484cb95c43ea90e609c407bc79ddd00609cc2eb0d82848db239b249f164b7ea384d0239fe1e64d04955b9297472cafa2ff272c5c78100aaa86cdd8120556f25652a3c12da5853338e3be8f505d93ea03cd1cae7e78e95befdc0e26b760d11e05403c348e0523fe036381408033c009a8e1f117af5100a6eb91f08307df465c20bc1dd029875ef7e49338689f602d98f2dc690a57a6f2864e57098f8bd723574944ad3688b292db6d01387a16493912722ac8f91fd12b748899bdaeabdf0479df788eda440d7bf30d1c25d78d757f00b74bb556506637fc1ab87162f05d464e63a6272db3fe56e9357275035d6b6bee32bd92c4a1dc94778551e94ee1d8854f767bfac3811bd0287672aaa01ea18c25650f05a68cbacd9158e479b508e72df778589e1e03dc543b60bb3b10399e5c50de9e728e69774fb3f5fea757ddefccd0f9da75afe4b67f9c54aaaaf646e858fb001a6deed0a8a769ecef0689c988de566b6015fb8c40aeb5f2df7ea4bee60e8e69d15c4a4aa5411dbe63fbdd6418cf025d87f37362f15e22aba83abe1a3de9857c71c2234023b969eacc0bc526363b7f30b092ca114f2a6cefb34394d146866ac86a33fc497a8cb8e2a5bac398579ff7958878421fb08fff4f8f3deb8c9641b8de392647df3017a5467f9d7b23036935ec6e188dd6dbfb544b8a9e04a4b3c7fa1e4d1d9879daf69986b8083e6eb023a4b5eff80fef17f8f65433c882a21565a919448e6091d1b61013fdaf9fc3e45bbe827c9b4ab10b05600a1961e81d31c7404f8e0d32bfcac2937eaed811db167dfdc29286b0d51bad2bcdb9dea76eaf495a31a7fe717c1c98be374a36271cdd06ed06c02ef4c3c06cb42f73b3332ed488416010e6bf2f4dc4dade6e2e61f19e9306bf941868f59fa0939005743dd647f0a04b576a7e71d4c383c479453501e18ec56d7cb79fe31ff534afbd8609ed701ef163f9de31bc58114399fa0f22b62c66c380e8a10c34b7e731df2a8d39dcf36fbf3a66d67b973e3a94bf6ee0bd96f5c76baa76492032fdd2f59ecaee403d486f543f2cd7ae7b0dabe1b5566e681cd40d384a94349e9668650a6f2d2daf86c59a7b02ba466cd03ce1d50c3f0ca4c02dc4b3d1c0e7b9a77df9eae0bfcffa32117d7e05adc7195f4278c93497401629897a58d08ad7141ea52e0163f14992d7a284e7b875ce4640b4dd48ceedad1ea17d8ab1e760773044845e0899602f1bdfff4d42ab80c0765d1a8bde2ba0a830c050923956d06c80b182264ad19ae4f7c39e43195f7d421bdcda00e3eb5ec5ef2ec91d69df691ba7fe250352acf01fa92af5e2c634b9c7c97889e9147e869acc153d88cdc18908f882f371ba9c1e13c26e9cb8e3cbd4c5e1988080ca65a67b3a4c3460cfadbec904d853fddd2f5375b6070941fca53cc106b5748480213cfbdc1c34320a0478b05f76fd0454c75eca069cb1fa7b21704dab67dc40d041c8a1040db378e76655636ad725219c049e6536982d6ee9f11dd032280e622547c7ff44a938a1f233c356a98182d22d5770fbc871e20bb37483dd5d6ea1551993b95b30774a49b50d411ebe0e8c92834094e23ec2664d822c40e96fb42b8607b62b6949e05edcaa436d0ffac6a8ff384068acfc0220c0b098d368fb8113918a4f8c9de37cece74c8695cef2427e54a6e77ad092a9b7f1d94ac9f0836deff41b905b5dafc58ad6063759b0372a634f69a639e19521825d66a282f489c3172a3659264d0132af3571e637782bb6fe5c0afd24547612166fd3409d0991392fa054ea5bd07a4cd0921a13ad7b62a0b5e6d56cd8adb7f3eaa5c99576941c38aff311c49a8c9d8c755869302a2e5e40109c8365a551cd3f859b9421be189d3a0e9ed78830d5cd6a2414e9cc4c25814d94d98f8848e5386d6dbddd65d22b96c5d20020a5dd409c7e5344065871e57e01c91a443501dc8bf619890fe231319b5480c3879dee618d319962596539e2970513fb5c0c8eac3a71ff99962779cf1d7e916566d0e29d121c5cec5d7302a18ed00be9316f3de8c669a64c2a960a588f9c8a42690f6867cda7146e8ce27aa6a7fb27606eed9df6a235a42d17ce71627446e206e879de56025a66556263f06684dedcfd6f083d6a707e5fc8f8212d716e062f0f7fd0c2fc62bea93d68581265a803c31cac3f8ac8939c5f8c464ebd19df42c7e8998494af614c8383294f3f3883f2404ac10404759e182a038c97aea04a85530ec005e203807c5bc30fa9f5339b32fb0427e64915e29a25bb25ac60b92256470e7de5298d42c6b88995f8d2fb704e49d55b66b71e237af90fcbfd71d9093e1a543da2e9911ac4102346dc4704859cb33ac5f5dce2b3331a9dc9fb506461a5436c89bf90d39afcf93cbca4cfc35da6ddb112243928246ae0d1ba269b0fce0468d3ecabbdb925c9ea3241e2dbdc6b151fb4aa724a42f98b0248171fa01fa103f116d0e7deb65dc359b09126f9a420300fd209508ec7a50be56d5b470e387d0c52a1d104625f9571ce1404d1b7af3fb00475b95f752ab96610be112d33ded48624015781e7198f4dcdf917839471fbedb43c34efabe09941fab6b342cf672a29dbb1eed0db788dbfcfcc63bcfe80f7718571f691818dd6f839e3cc282f85f03fe0400171cdf1235049fa53de7450b4c40ed398d5a486f52124c1c63de2afc950e81839f52d17e2a7d32f82788465a65da6cd763c6360763561ed2bf47749080549b6e2db87514e1ee1c85a0bbd346eb6e3cc29267cbedcad67a287fc5be65ec59ba8b6854b31c83dfc5155187d4150685c5c2c342ed68b01ac9e44b60f0c100a347a0f93074dd37d8956fe2f43110dda66e9f9e6185c23dab74cfca21f3ede4bca87687549ea02662f45dfa0ad27f9959a120cacb7c419810e1b1a50fad31c12c47d5bbc61bad77044aa541d29faa6126c60ef088b82eead17a52843307d4bf798b853d90d14c5347ff10615381d85e964331b7a123d15a77a6790d93e920052ddb4db4baaac5e2b27b66ff955e53b8308151c81da4711189ccf0eb393c5bbccfa1f6c94a8d5f4bcd266fc6a12061967ce836ca042257368f567dc42de6ce0be84449234a6163b72069f25b7ead4b2003e1a7665e87ccf211abe94175d1c11bff2c0b6bc110194d34aab96934ef59804cd26e4434ba166d9833fb091be37b139cc10748b881c93690528a96ccccd2dbe024510b8da37dceab567dc52706461c486a0463369cbb99bcca2e8a4d2e005c45401964722a4b3ed37c351c9f21685e8992c9634349379f41796deebffc2928058c8ef6ea37c6e4970dedb78d1c2a00ea9e1ff1e7708470a6c60e6a2b1e966aa872776afdb238e97f716b3df8dfd42bf0f7ceb52bf9eb33731bdba5987b8f48b4599d67b383e77413107857e951ae0625059e5616ccb41131df9a480efd5beab3a9c99615921caedc53dbad675c00ba1030577db1d22731677914fa958b44792cc9c19e2ac71ebe61a05ee67ae7116e39e1c0d103f18bbc9d531164360d901da8234d29fb0b37cd2a60c7aa2adb2a4b297ea2fb14122ad95bd4592ef86c88fdae1e37dc8e44ad03c0fcdfa3801e93796771c5a2ec1e4ab12a64b3ffe48e7442c6224661ed5cc987aada6e778399941f7b20f16f94fb346b916be87f005c9c13789741602039d38270643cce3c347565eef5ee09139330301951c15756be47994de6f1802dc5131b9b011051b1d87d744756831a71cc8528487f032fee9dbffccc751e6a1ee6d07bb218b3a7ec6bf5740ead7a47b6907d7aa95b79aecedf4a637ead8fc6fb8654c93d13ee79f5d6258dcc61993aebc65e4fc14eea7d006e31f6e9f60e3bca8ce52ec559876fd20255e507daa99b185671ce1ac11d448c30bcdf97b9617195e0ccd2d15246308dd6cda74a8071114327fe203b1adbaa780f3243105c5111636a51dce966f5652e39d4f91abbbb4576234d6cacc3ec57cef2dd4dda49a6c33d12bb7595fd5ab5bb15b40301f34ddfb831a5dbf62218f496c003227fe6282e2ac054c45e7f3fc93e51b3ee8690f08612395095a0a12729d663eded879d9ffb325c62f2cb546a48bed51ae232fa6ce28a2494c132a6e09d98c2e3d478d5d2d15dce2e2665e4a3db448931068b99899c2bd8ba87349b0cf9e3c52cffdcf58a59b4fe0089b298b42ad7553f831bd60f5cfa3e09102fe773e4c05412973a678f3b3ed420433cd664dc7f218e816a17c5c9013ecb84abf2dd073557dbc41b92a91e0339d57b8b077a9a44d56427fec5748c47c1460b2e2412094db6d0ad06dea0aa0c1368592594bf0b2f590a9d6149e44dd4adc4cb42e5d9940d59397b83b33b88604c210694e3fbd84795c80c1b09ddb3b1ec8bef6e9dfc4d7f295e551a79436007ca48aa605ef5a89571e59cb26f2766e564e39d3bb441deaa0c8664549881d90a77256c0f6c77241fd6ab74b0e2890f78ff16fd2f9271ef96ebfbd0b878ba9c703900752b7447f4efaa60bd9dc9cd5673a36b39d49f54274caf03c0cf82b95141fa20ed3ce02ebf0dd74d9eff8eb9e2dd3a2976b244b12fd33ee75c1f1c459f86a1cefbc817f42d7f43ba406098165cbeab99df4fe751ae3382efce32af252e461652c7598161e74fd8eeca474fab6b1ede039935f2fd4d7562623b90a422a78941f47a76863d95857c33653d1b42b806bbafcfeccb7bb4a0c58acebf6104b2570afc3ca88e4fdf2719cf39c964a1ea7d2ae4a7fadc938abc95adac495093f6b959b1347501606b3f960b6d739291aa8c13eb49e98b0f78d2b91400b6d8961cb6165c8b684738e4d4db2f2ac30ddaa03a5e0cde4142b625e81907f08c60d7cb5729456806c89ff0efd08397423e44738ff38f8e88684f3a099dcda455521caca37ab4f4d9ed5d37975d4fdd778b97cc93babc804864a35e3a2db04598152e67a2f1f157681c3962d46ada23ea5d9a524f9cdbdd08a07a3a85b1f6fbde11d5a35c7743b83bbefd19aedf6d92241d16aeca7f33cc51839b75f111e8edaeaed808daf2f43fdb3c6f032ea45052ac31d4870c4d0d76aa75d0b88635ce449054013f234c4a16cffc58c95ba1cb8a0a0399861eecb1039bdedfab4d05f0270c6b16f03f6b8e629f687f133ebf2662c7f930530746679aac2791f54d6a95bfab5be0c33739074ed4e7ae88dde4a8036a7d6095cf41776366b6ae3f8f4a0734f48c275e129cfffff5e0abd042f99a957bf6f0f47fc7288750f4fe30198f8cad7067b36cd87ebca08abd3f9475e7443f83cca91a1ebfc42ef3494871f51f6d52a5524b9391c687571be5327c7c94ee2a096653acb410917fd51e56a92be4f24c1db6b97b465ca84c31c04c2f61eae07e952eb6554aa4d8a380d9ee81c1c462c360fcc3cdff2867a953b655562cd06162af8b99bbe662e0c27ce4d9a1c1a907def48a3231c2110c930a2f1498e32dbbfee0e5c5869332f3024fa5dfb0327a27c663cacd4e9902de34dd93529e90eb347bafa5035f56fc578e8386c7571d1f0ba335225ecd8be026b4544ad70f3af11501a53119ee39a8558ca0ed5b3d897ffb9cf0fcab55a0942d3bf7bc6b94ea27a6b748f2cfda431f35252c44610b7e843ed91ebf7e8fe10638f04f52d6d5a7752ec62350efcb7c473f80b1f2a26805151e8346d39d23551e92fbe372df7979c3f756bbb43f6bed09bbc6b65fe6fd241ae1c2f1a0d0b805c582853b85502968f9478e9a84895f9d4ef01ec4f3f571e57cd0bda68ee1f6f7e14fb6e0f4ef8c7dff6796472a935294fc27b16216966d5021339ded059687355b42b55926854bbfbd9f974a0c26eadbfca8a6183093996cf252894e6db910c71ca3ab2e82d90d371c36b92c9409cf7937bb266ea9b29c41d774aa522e103cb30bbabfe872b57beb027623742806aa7694a859ede9bc1fd7b9e32880b064b0030fce1a0e5cdf3ce558a5feaa32e323dbfab6661c5878c9377ee52a615b7c17bf1228e328aa20f92d070c71561969e1af532e76835fb0436810c3d87b982217edfb1143bfc3405ac9f6f3a50145608dfa8658b0ab642a347255c55b59cd1c5897b2cf625a0f0706c30ca1c1321e90cec57b7c3d1bd1af455e3732db80643383c41eaa6781f63da6233360ee720cc04d171ae2445b0c071e339d547f7ac32f407d29ec7abce0a9e1ef5276544877bab2f84bd2eef47ffa66f96e7170cd54d836c9badbc59435146031502c1a3cc744a470f693636d9050c5b894d2d6047df60eb0bac16d905d46cbf017ca69d66427cb88036eca4ea9d0e579f6bfd8a4a850703a0fe49d39c107c9358e98689fb62bd0475aab4b2031446b437c7f9e373caf0270a28d7b15c71f02079dde401e26175bb6e392106a9072021f0e5c5145a1db6f595b032faed8551f6e2ce318db1ab513db876a3eb42d225014949c19543e9c5dfd2290e28c5d72c87223f0195ffbcba1c02c7d0087721efd2af6881dee7dba7565e07abc35bc3fa41c6a4d6a313222ac6dbb117c69c62db2691c68869ac5fc5e987b0ae4335f815c73ea4235da2582dde81d6fdae5911617daef847be17f2bc09edd88830eac03977f89179fe03eb2dc3b38df43803ca2d38455232549110f4580ec3cc04c0d8cfe493013d2cde47c506ef6a8dfc42d998f70378fac5ce4709345926dc477e9e339d8c87ff6287ea6e2873e14d538cdc3f2a47e0e37a2601652f5b665b616a7d1ef3537a3327a76f93990f7694e6484e7a52a10e9eea2edc92b99406abfb2b11ec86667c7af4a333dfe900bf071d1bbcf4f0ad768fae4f450c53817c507d26e926e753e3395201d3ad89061f16706d841994abad283f0db74cada25beb5fe46f48669a62e0b849cb77097e1b4578b45062af4a071b04f0cfddf87519cf2bfa10ebb4b860239ff187e6dad73806ae968e6ac0f738baa88edb3ae4883a9e59be7a6b222c5f54818f95578daff9fc7a7aba8c4a41a699923e85ddf24a32bb71c808516f64d506058a70539276d57984d75161cba7d53a4a864c51a249a6b8fcad5738dd0055ba8468b56579ba5f102642df65c598490f3a0c9b1064f4eb1962c4c38bfb7d55d496a0b0f7b3f90b42f733d112c89176aaf937eea4bada845f3ca4e9b56b3a5a06b4c90fa4c1914ea47020c2f32531e270007ed389246906ecf2c4465f7cc5d6a347583dd73341ad97199021819be81100d867d628323ef7552db945e4c0be604cf6c4a8197958bcbd6c1879387d3286dff979632c54baba2a35ea84efd7726b662b94fae61464d069e0103692599fb86fdc3a06e01c6ae3deb3de6fdb21806c716e5f82b784e4ad3f0e2de629a18e3a2309003dfde9dde8e5101b83312f76e811277afc286b56879f4eb80468e58c60bc088284d05d725ddfe3185b7c51b472a7ff7db3930839142d4a452ddab628e07d43375801d7c6a711a55b452748d770b84ede35920c1ac74b595baef963d21df9418533fcf959593ccf5afccc753e86c4ae231eafe77a158c2472143faf169db29bf2b53c3288d8b3c9added65778095f85e2cb471ab58362041f0a27d874c42bbb06385a0403ca193cba67cf70029cdb7e73c7e2267b856fa0b8dd4c706b45e7174659b0ee2891df911724324f7ca5daf07c912b9b2abff762e62a1817688757492975db7185c4695f3a90895634b8d07453b36dd95197abc31d5d153dfb0d0ec92639540e99d6590f9b394f14c93a5e829fbb33616e810f59c502be44a13b700fd3009545e34c211abf9afe1bb8ced793c6f516d40010649f83a78ddbe9b71d8596582997d0aa54192e1200db61dade30500d72a184ca7dfcbfb80e5442f489d316cc8b75005564835d4b11c482e2c4d0d160f14a8b13ae0a0fb0ba5e3b782770aaca357df0e1c4d1c3b28b776a8b3e0da1abfd4f7190673fca1e1c5a31c688d6e8ddb21300e4178d07c4e854a718ac3f672b0120d6a54c16957c9ec8c444208e47737bc4eeb0bf2d801eb2fcb72f91fe988aa75f38e6cf26e858dc2a718580ff5d281d13e8fc3e3bc30c75c0193481c39c375a5b06b962d9491f3f1fb80f1cb27067f0709e0b0730573a9b5f5bdbee1708ad84b4ceb1a9a61e4c41e90655764057bfa07b8c81cc83a315be1aed6a49715479c0fd0f53f625fe6c7f36fadd001149ab978532e4d0de3d1a38934c74265b161899843704fad16ffc6189f42a5cadec98603e0f98c6889bd4a559079e074cb40678fad4690a20d988735280a1ee8ea71275069132101b35c18ecc9d3c6eceb4cfe9b165e4b6acc17d4f113ef8283c0fb6506f5635401e916d4f7e7bc3cf49aed166587a0c72cdbe673f467d81bc2e9cd08cd8dd16d90b353481df31e89b45e8b
+
+[L = 48]
+
+Len = 16
+Msg = 3a35
+
+Len = 104
+Msg = 7db15b3ee240b45d4610950996
+
+Len = 352
+Msg = d2a1efc725c46cd6a19760f49edf0bae823c1b4992ae2260085746cf65833bd008e56e64002383f51f960239
+
+Len = 1016
+Msg = d11ad1253592c094746da7b5c88d329bc3ce1929913b8be07e82d3f6b7a536a855f31ad197376eba6f2f4534413fc4e4e7673fdff8739f774a710754b568b7c61a473059a41c98aa4e86617aa66d2601d0f0d584cd9f132afeebdc0ce3da6a8b290059e6e4aa080c195c42ae7f7e1e99865223439929b0a3a0d79b46ca6419
+
+Len = 13696
+Msg = 2f7a9929dffaa4a4dcfeea1fc37b18e3cf935abbaa17cf9d834b3a8d61e9fabfb7683cfc387d6f46ece3f8bf845827c7ebe86a651d6dc1e83c5772cee1a9fee4b04453af2f68430bd87835126cfd1b3f8beea4d3822fb27864570e255cb65b414197480b6bc20a39c5450adf2474da93d72f6ecf8063899722d3755b7a19f71e93e782d89593ab19ddd3ddf053c54e0bf832311fbf132e8b9e540f38e4d9bcc3cdbf69de54e40ef348a9170ba2f65def167f568ce846889c0161448342fe907718a465e451bc1b0f2e4f21f9b911f186589f43dea305811473837c063b915d849c20deb43323bab4b64e61823f1df119e71962dd975700391b411f8778980a3080ba3c14a321d32c082d416ddd2345f0eb751a516d44ee55222395cfa11e7fc4edfbe7cd49bf4ebd4d7428843a2ad5538b3cd201ccd431aeafb146a65d28a4870a6948a7cc0413b0adac7e8dff3a898aeff5f4b65d10b28ceb749bd354c061c3008ec569d5f90a4d4f5caa51d35b49dc4028e738c8ff5939fef3fa202fed9ebef6f2c7dd0ba41cdb5c0c16985f96fd93a65d134fb4a90ffc0fb6cc5396b843c2151bb7c9170f2fa4fb44292a4af28df5481de0c3c917ba1c46467a35302738158493fbf6a0422cee558d4bce3d78e14b4fefb65bb05043e2cc2a6a8ea64565ff6ce2fd2c4f43fc02926ee44ee02fe1dce25cfde0115c9396c9ea06269f17b2caf58e2332cc1c8528d9705c70da1f76f22aeb1d1b93449180640fb5c4c4a708bc4621d7d2bed5b1a752191cfdd45086d34f247ed1df0f24e7c620de32bdfc4d1f882380d2cd7467c926f48abc75cbfac8788f88cd9dc5361517a5eb36311e6b39e21a85fba2038fd47d860f776697bb19cdb5a4d6746fae507e274399c91648537d905015e58910117e5914f44ebcb00e771d38b30c1473e1232d4e222cebceb4810c48e83e0fd4c852f4fffcd643c0ef9e4fae2d0ebc6f102f3f749b02a5e3a61517d53b539cc24120df3957a633d50369d46c0c226f8924cae51dcaf54d716f61385fd8cf38c2c311a32bcd6594d6930133dc18ef36a9671ba8b179abe95f588ef74e8558ebbc974dc73c26bb6eaae78ef464181e18b71f4b0f986ecc8495a9c4dc0b0b96be9806fbd3d32952ca3b4737a06ed6561e9c9581a33a720123fbaa2a70fc3233b83e56444f5aa0cfaf70fb24be6118404f3e11e6ea004cf2d079a3e93a8ac1d4e297cf4fc43851dd26314a7ed6a5a784b386daa26e50c64692f7db28c21d82234289bb45bad5042236667e6d70a24bc9525c3adcb793a6a5725d9b10911e3bc8e3fd604db7998346e7f7dd1815c0cbb735a977bd4b32b5b976932bc92ef3b56bcadc089045ec95f241cdb0a84c67f1f76353da6cb493bb27a881d37a2106b8b3010cf935eb3601ce4dce3e449eff8331e444ab117a20809a1010db4cf3be0c488f777b6532df908112e3d11592f04a0cc16232d62340cbb8b5268a662b8278d37c03d848a04f0ab498f5af43b0a20e310197b7e1395a65299fac29f051bcc5fcd09a5605bfee370ee8ea21f5807d9748acca815a44d81796d68b0014eed3bb6a94233fc51725de3809ac6f538beaacf8cbe3d96aca21a7a763a957f8892f22c6d086d9af2e5ac9d90321e186584f17e964c90739559ddd034df076c4aa38c2b78aab6dec8ef6be9adf33bfb66f159ec4826653ee6cb483539c47a4a1d95663e6cc7a42a3bf628623a4c9500a59a50a312aa104b198ce5f3e58952bb79ff1ccfa9ddba2fd4705e91b5acaddab9d6522d7666264ac5f533b6d8ac4512d8371c69c06b6d322b046ae2a0a20aec1c3bfb05f3d91b9044cabdd873abb5f2b0e3e19740df31e39828f9ff9bbb20b73541a7a70b8174ce4e43e0d356e629cdbc6c08d29bd7acb6a4347823075683ce9d7de4ab3ddda6572b175951f30a15263355fe9641b3322df7dd52077402a884cd472e6d0b6c34cd63ab63cec8760c7ebe384f7cc31066bbdb7a3417425e039c4d340166e4bba4839076ac9457c87459c57957d0a06dced2f7a18acd22b7295785dafa435a2a8a2c3a1fa05d115fe129d19fc44c5a29bf15b4d9c2b375bc8e591f92756cfc573a39b8fccb8395cad7617b11f14a60e2dbf69b897844cbbcb70363010f6e1bc0590ea594aa924597dbb32a868b55551789f82437180b85661809089d34a168d44b4d788dba23b13542715843eee797366d9ce7793e72331735bc78cd61b13421a568ba3e66926921c04e9d00888ba7ddeb474db63813756ea4a02c1823083e36ebd2d32d5c88cdebb98d511304cc276c7799cf84a1699ccac9569b13f530c762732e6bd0f8415001b2c02d11dff36660b717054b16df49ba38425e3764a56052ffddecdfc686aff22079897376cc15591e11579fe4feeccb55f
+
+Len = 100816
+Msg = 5f464d3301c5e0871d6b41b002dcd09abc80a805de3482d97f3fd7b9838745da1c0534168f76b93c3c53bbabd904541ffe5179cae619dea77446140b7400f47d242141c7f2e9894d88f44c9e066861498e7394f206f594a419790d697f6a11187f84bc6fb288186109343eb11172bec076d041a4c7306d7978c009fc2d2d62563614ed3555ba2d21c8fcd70e8389352dbe4ec808af3231ce990452eb05b1b0dc4fbb1b4265e69235cc3561dae4148c386cd770474863a84a822b2e5f905fc255d55f90bd6a760d441dc52240ba7d8c888a5283891a2c99963d1fe680549d6267cdea92cfead167f6c49663668f2bfdc61fa647f5abf3ce5ad2c6c175dbd456ba41436aa06f5f68f5c88e6b74ea86a79934bd05b486210d3d470a0967ad6d67f7385260578088d7e63197849354f651aad07e04ed301f1fe7a6d2047d50ce5dc6bbffbb1da6b47d740898f4eb54e3c5a1fbd18ec93254cc01f705fce04e6100ced132c519674b2345547804a372b5c925bd9ee9701527db33408d37b72f8d18b882d3c4744eb58f011d21fce336d426de1fcd5e09610216248b51fe2b79b96c2bd6ca0155e05a8a516b7a24d529a9a475284735bd9c4c437ddf399864b64fc5d0d6ffc4e5a7a3dbdd476bc39ed29a0a92e1f2b6b3506c2be5452d4f896db6eb4f895b554b2af64c4cb8dc2369b91022dc50b7291404cc9605c31569c32756a64ff8c4fbb0f1bca346c7b58a5c6774b2fc7f7fd50741d34c8564d92f396b97be782923ff3c855ea9757bde419f632c8399763003b58ee9140c2d62e914c1e1fa742661a9166d42267edc40905b35a25d5c3cb3fb457376b7422896df7bb19c23e8f764416731d2e20cf2c1beb8663c07edd8f105e078e2fed05c5e5897c430017fa2160f565a75a4c5c64a15dd7d644bf355d169ae2696ae5ed1a39e8f81055cdf315e5b0c6f9235515fc4dbf30281ef17b83a6ed604f89293904bf78c7183fcb0ab236cb1f8935e59c51559217efabc000b165d819b717118a03facb61a13a99b194f8b6c7ddfe5850127d79078397a56564c7ed6716a129409680434061b2a4782c9006587de927c1ae09d6778a5f1c39fc419fe10493eb0d4ad492fbd05485eee7913c59df82fe7182af2cf06a6e8edf06676200077bd1408f5c1cec537cb8566470cb44895826d04ec20f0aba4297c501add65c75d5767ad2ab63aa81b7b66f01b32590f1d55b7e50e6df1ee077a19c8c895f5ef62d452cc336e9aee171fa997ddcedd7af86e6cc37722fb5838a46c5e58e7f700edfb7c6bf832171d9581f660752867118e9535a6118635709d6f1c1cb21b938068958e956149d9bffc67f355cb88205d4894ba97c3e3c8be9fa2d20abe79f3f93a6a2f4f56fd075bb49a4b7dc83630e58c32a29d757fdbcaa607352f65483cf2cb4208a3bf94ca7a25e2a4e05279be31c33696c10fa4971d1b64ee938dd299f483e5c098845749a3b706a787529bf2ca56693d0a7a98243e6482a43e1f5d3086ca1b00368d8ead5ed2d0fb79b1e2f537ab9340809ca3a9b5eb2900390432293008ab7086c2811d33de0648be5597ef002c7c462b5e0f4e0b1720a98b2299ad7aa55eb78f0c77c2ab4371385f280107ae40ebf814a8223dc74f31483c63d9e4ed09fc7e5a51bac34d69d97163116a66c84ea9fe4263269b71fd228555ae3cf5109c4d6ced7b9049a2b8069bd2f71834d6c07fffbd7561939188bc07dcea08086bc7182a5270427c3199bf5fb5c4549861fd32a38ec81c4ab058c777dc01864787f0275f911a17838272cd65135f66baf06d8d93bc439eeb55d50b7c5adafed8eb8140b4b05f59871dacf954f4b096c30b7857774fcd319c096750bf605db8e31fe02cd1b9294eaf8bb009d4609f2cdb3a8657f650501b8553765de8f572fb91ac77b35db35f402453e5c58f60146f2906ff56b9c6b3a5d0bb6afb9e2201110919ac9c01a7e9750dfdb2f72afbf7a8d6f64b1c68b9de17a2c9abf289eef24074eee9b1649caf3693118165503a30200993d271aa31b8b92606a10a52612dd1fab495b82f9a98cade18b9d8a723a71ceb63fd1d27372bd281f9b40aa1839b0cc2f2177a09aa8e7b159ac118d7c145e7a4f032e788d21facde2b4dbc1d5d2238f530d9bf9bd2798f611d03ed8919f0c85bc2da99750b7a8d6322d2e66ff6ab9ebaf7424e8c1c3f4fe92be61f65359106395f5ef995e925be3868ad513f561f873acdbaf18590c903d64bd275121c11ea655124d091740887868544c5348664399d3da96e2e35fff34f062fb939d656bc072096e510b40b2f75ff010af68d64fd0acc778e2e13c9667de266b1816c4ac449521b02bbb217002c604be72e73051aa9048d192e3210a68769dd2693e5d44951711aed3a751240d42f8925844131daa36c51d7d59bbaf99623fddf1649db954705fd6f3405e63894f5258c9ffecf83208c2c90cc55b1a8d2972ea6b3a049ee54942b50526b7930953986e428b2c75e47ed870bba68dbfa624dd94112f3059da0a80c583baeb570fe8314f5c66501b34116c81148dd22396fcd6479da49f7e952c8084f97d6803ff85c3787222064ca368f596a1ebb6dab20a03916b3ab071c927d87fc10ecc4e7ab4a5761e3eadaea4de1a0dee30aa39a9e4dbee047201d7d8a4df1284cf668ae3ed7dc4cb2cc4b5cae9307353fd2ae4c105c5d9f3bb021535fc3ae9bf3ff54ddda8b2e1037cd9d69822df436dc1c750a9f557d1a3a63fbe73c64261dae0c70bba6edb57519f5b957f138d1aa5fefe01b73c1851aea42938147bac2762527a492cb85da43014c876e223b05597354d7c9b328df67f354d168a84ce86dff57d8a870db034196dbeff83ebef80bbe52425a8810f2c9fea29ee688a201cce4a5f447be789a3881a9da3b6c491288e8f1091719032608b332e0410f4576597e17e0b5dde305f069be2e80d565bb979a3915488f88e3ebb90e81c264bcaddd72b8843af4a4ae31f723d50fa0995b027c334c351128913bb93e67b1b08f101f6b8dc8202b44fbc3d3dfb530f66e5a8f35e69725c86998c05ac87c561a4706e90fa095adab4a566da4fab82bff6b20076e5bdf62dbd6614245b6a6f8cb6bf60106f8d12b9c3e26f8127dc547e2181531ce980a3273f452892110cfe1ea834a30f99d66e026a9d22dc76fc3cec8fda2d7fea701deb84dd45c97dcde57a017693e90983a156f11c4d168d89c06d8a32dbfa590adadd16850854f24bba315b0bbf372f03711a20163afa0c137383b9120b26c59f5e9e7cd2ccaf0ef4e0d70d5a81748ad441ee5fe178e14317cab184fe178fb0cc0d82105d2f423467fdcda0f9871b9d84882609248356f3053a99866dad9f9b0f8c4a897a8cb8f30365a7ae5f3ca6e772d863d445e6d57c6a478e35d719d0e4e84f3a30b1816ddb55bcd79df21ea0e95da72a19cc1fe74fc576120bc108be3ed4cae3bea889fb4ddd67efe858a994237378eb623dab070d954ac780c1e6d2095383c98ba622cbdb18fb53260979fb2672c21a4600f4bf06583a112d303096d4e30e7e1060d869f386eba3cf7aec3052ca17593dcc9969fa9cd88179c262770211cf53f53f175037a5cd445d239cee48f7ed0aa1d715a22ac18a8aeecf191d415e4afd92b76c091803f4c757a9e89f696ab7b11ad6d5f24774e4a004dcb0e3f33705dd8150431f051016af37647b9e44b10bef114276d4b1055b634461c655a82a847639a038ec9f58876e84e9a2955b696e072d8054c3f81173473604d5fcc0a75b4a340dba0c375beb87b8b01a0f2de232bbb8371c3a9d27a0ce521c4c43dd3bdeebf92f42f87d88978d5b4e3e563cba0e5f59dd29c31096885b113ea5c57e66a3be015b703bc26d3fd1d51a7c14f85f65747ac909d7e30c8e800be27eebf4a62e42e538ae30b6883907cebb7fc5e150bc9da3a138f394e817df9a9e44420078f30d0d3d6981ca581791a097a5e3982c983d5cec239096c7d8cc55c87242026d769ef1d04eb96e5b5001e3358af88d417cc61f107659791a35d8b5f7a5767ae24d5b2ba7aa12230076db1f1b9b6f213dceea62949d98bc5db38743b23a59ea75dbe4231a285678f5f07facc053c2048022fcb01f15e8c100d64a877ecd56d196a6ac60ae35e0e09a517224ba409ba7b70d8f9fe65bc427b212a4e9b3cb17b0d332267cea4f3bea7c1e550f7ffe567b20e3057aa0ebb560d00d28e2f7aff718a9f2d4d044f0d20709bb9ad567c98cff7c4810e8c542370cf90a491bc1088f69998d59f344b74db6c1bdb61f284e99b517a11452ca0bb37c7bae77fca6514b341066086e600f098a32a92935380a173c9182a2513584c54ff67e580dfe16b508acf1729a3d649ff1eae286bffd688fe658612d6c8e69e6e7f7de4ba85ec54747cdc42b1f23546b7e490e31280f066e52fac117fd3b0792e4de62d5843ee98c7201529455c85b169fdb90cb05e3403cf2f737148bd20a53c73880880a14ffff37d62130e682e50bc7210ea6c1f0c27656cc1785a0d9ce93ff94dbc5b2877519d9bac4a339e98ec594a7cc76f4ddf994fee8070dd4b8e0fe0e51b93105fcf566f83d914dd862b4ce78de7e9e16f142234bd969ff8005dddc641dcd3c7cfbdd6113cd3ba34a9503a0f433899e90e158abde2ed4ed4b3711c991577c5aafeaa982bce80835f8e6d7c7975571fafb1499991646bc499ec32930367d4b1de76ff656442cab987bdecdbcc2b2bc35ce01816594bfa4b6e33080caa41dbdf8ebf2205649f98a2d3bf331fb16b9ecd1824eacbbc9f81297b115b4d36aa7496e05f7d40d4edd1886c1bac10cf3f97840a03277e6369e7a7e90d932050ab8720fce076de5c355fb17959bd75cfaeff325b0737f8f5b1160de0b0184ba04afcc30bca77a6a37e29662302d01858c0bc1d32b883011b7df5a387805296cd91bbc835a3e76152d017ee929d4cbf137eb78db89d71617dd76cb00707aacb8088ac77a1f52ed710331193edb29933a7efd8cc153e6adfc2c6637e88cd86b06036b8177847b4d086b0ff9b5dc91f3cbd1c08217023d7449253c25331594f0f16a3c5f2e122e0145c4ec94f096b45a1fd0b2dd3f1d51e58978471782a336eae49d7bc4e050d1c6a391658f71a1f752c0ec6302bc2dba9e3766359359ce34955a2db86740c90d09cc50e92dbb76e17a39955fa7108bddeaddaf860d1aff14acec8b609ac1d336270a940604209df91cf45be72edee04277d694a6f968ae6d8e065702f3d607f3baf8db4ab7637fa4c78bb0b7fe69937eb1dcb616fca564a5a521e12df71fefbc321187159bd6a47b066a3440ba634de9153a94546b63aa33aed9da2018e1f30628df37f5360ca4f2660a46ffd73e58183e8abffdea25f7bdf798a2b7cddeaa481bcc6e682a67e99143066963d96d4a928a478951dd6ec59b1be8cb23aa688e1867738aecdd9afade39c92c0b2572bdde84eb912ed990ac618834c412231216fdb84f1e01b3f8414fc6dd0f646fd0fa62bb0157b3535e1497c9272df1cc5dcd4e6ab9a8456222655c56ac73fe0d2aa8b599035daddf0986a45b1a59510abe19a11b6dba065c8bcf8a85d20a3681c2414dab7c036cc1358b1dba98d6ae62c5948c36b5b3e307a6f860c0c822ac724a5c917ed5f98ece548a7a741d366868e6c676394c3659f7f6786594196dde332543376f9ba0724b091d30f431f91d919417e5bf7ba1e9a21cb80f6c204c3a58d59d960a5788b5cba5abd7c7518f4c5170115125de97009a6c3fc4d5773e4f57fdd433eb7422c7c4dccee57a1679633ced3b5f08df763d4577983c5ca8b49bc4e08fa76f8bff36daf0fed068db47f0c87e0e45d518dffe37c129cc6e2f5f9e0430185723098e715284a42f302a6b8368a4f2dc16f534d1e5db9d0b86659fc4ba6f16c982774115d02a57684c7e5489b1f491584b0f0546e4194a6041f5e5be3bfff3852a4fc772d83491023a61a37228ef6260edc0d1cb972cba610d5ad1d92d554700771d8236ef55e983765ed8eb21e7de7c8bb51aee9368758454fee4a3f32179c1e54af1d069e0b9728cd0554351907e018146511e4d6f0450b57c8ebd21c71450116296bdfc779945da60b9192c5bb9a67b1f04d94992df4cbb3e30732dc8af2177fef17e0b7d01740b8a64db16bc29c1e589b6bdfc967edeb2ce8a649ba892bc856a929f0b837a838ca7f917a52436ea3d20e72afacc5b9d58a7fd0fefd96787c65ffa7f910d6d0ada63d64d5c4679960e7f06aeb8c70dfef954f8e39efdb629b72979be208d616071289cfaa0756a4bb5eea5c7baf8fe7a31501e7e2d67d708d461c0c93e85f03afd70bd9e16437171e01a34f475e4b5a58d13ce4e2fba72bbba93403f3f8981e0bbd6a8a6223327bf096c44b36e0ccbf7592a98c1fa67f198b628787ec80aaef848b4fea158c715799e6f458327f399e6420f0e7821f2dc4663bbea065c7bdfe830b6102e2e7193381b9dc7f2381ba808c43b8fdf3addab4b5fa81564716f7d46e0349d9b27b559710d723c7ef2f79eb55c3a9d75b99ae6fde6877b278b583f8ae3cae776b914b0cae0772397fd19b6a27676c7ca02cd07f4b4d49bbe1ec87f2ac7e39e5f7712319c31271dbbbaf4b826af8a9f4acab696c62719f7a6a032c4bcf90922a3c630647b7c1c7b78b10afbd863f07486561a0bc8d9b1ff5fc41998a7e3c604e24af1c1df2da1dd5d83eefa2e4012f7fb5959ef9339574367deff73723484b5a969c8c23dc251a3b887f34b9ea09c9a1838e8aaabb254445d7556dda257dfd5579737fe1dd6c67f3851ca68b011e7cb7b6958d588f143828f0bb24fceca31b47b77d1ce05e75ab05b55d6c9f9107f0c738f2cf8a1629f7e9b2694324e082503937ff8ca7c5098f770289af7d038dcedcf0ed77c8b82e2a9003a6f3db69e14131e144f6be7cf0bb5353ea96aebd78befbc6ceae9bdde97823cdbc5ca8ef8a993a9d9383aee9f2d6a18fc64ab92990672ea2dc9b89ed248aacf7f1a513da43fe5953335afe76d78867a066f226ae9c727c6c60671c50a50732698ef7a492d51998eb6da5368a667baf6d12b77eb36686ee0ca239dc6f3598be0bda79e47f0891fe4d8989df8c685480de11c148a2b44c8a6bea3a50b09be557c51f545a09a30e9362cf3080e6a6bee3dbad370ce24f6c5a6f8091007ca195057fa3af8f99703a601086c2a1ffe55fde4c2c4153dbff8d6601ab68743c0d50d021b0b3099535ba6c40f866ca3ff0df7c19d709a3f58b57b40ab5e43556a8c0c1938c875267bb39c0db6b45840e8ee7c22bf6b48798bd744f70e42fca343a8bdfbd7f55f275ca5d62c7288756d4861fba68d16d842c5b893c1d8171bb3c8b593387d3426f292ace5cee7753c9f9a12e6bb9af5a24192e4184f7d3d191d862d3c3dace7853eaa235b6369fd164e5a7bddd06daa3eec7fe4130e82478d36f88a0999cba1f251ffb3a7689ea2baf016073193898716a9f933448d7ba8e0968c669bdb7dd5e6e32fd84a6ce9e8632b393f9263532ec2107b4c0d2abdf3abb2de2d63511805eb58a70bc4ded040d76640af60ce7f03b9a682b8dd84ed8a47225a48e0b94ea47828f1c8974cd64e5027d8b13d43519875d2bbe4461a7f0f5b5b8d63a472765405ea9c994225806395e64dff88506f7f7f3b6368d769e6e550d4e3e81efb13771cf403e855f75312f1383ce4c2744d0b4e3735a0f1e1b99eb014fa60c0d1ca9035fbc4403330c2fefa8411fb7c3d6ede5b5c8f4736106bbe01923d483a84f031e9685a3b6a70646a2a5059ce35fa496b3f21fca6047471a5bdd33908cc9328de9fb032347c249bf7093390b750696124621dfa67fd9c7fe85d6e5a4d277ad8f8d169f8b5e8dbee280f8443518bd94abc5ca704e781e6cb1868ba2d6fbbaa850326fbfa5a20e4df6fb5f8ee2728e86a758763a8af21e1f7a8584d3f0b09a0b19fe8fcd37bc4fdf45084d7fd92b80544f29aba52496e2c9a0aa4adeb89820be321cfd2f0a53585a15d04c7fe4ec9be6eb5df419e20b71506c1f642df75c53a9e3b2414fe6102fa8af7be3f6c95de824c31fd6fe8ef9d49e26095a2674a33cb574e9e493939bdeaf5b309b4c51256ef71e95dbbcee0a11991693b533f916e1c82ce86d65d89b6d596017fae944ec364546e78abbcbe4322b83e2fcbb4c5d4ccb54d8642c7eb9e28c08598a356a5c46f8813e6b63ec2f3e3bb721b726361f85a734e0514f4e9c4732991ed3998b1ba8f618c2071d1b943eb0f8766fdb7f0492421429bd380deca3325c8d5c7b6ed16429539ae54f1eba39748f09aa44efb67d863cda304e8653ff7499cfad44dc27807779ef8e63be4b376ec403f3c84eda4e5af31c30f9807762e0980b4e5d9dc406cad4e888bfc3ec4186de8ccfcf631b0ba5831747a1c200d45ea06ac82c7952fd09aaae5dcdf5475da427cbc8c1f71ebe5132f2fcae15975ed6fa14a11b38766e1c446894f31c0496b0e5e96507d28e6e4549d6d78841e40630ef306491a1da60eaea3fb69bffcbf192610e2e07bc1124690fea61980e8ed654c5e796f67d26db5de35b4a2c67427833e360ac2a7d4fe7a5ce572144443ed62ac460c1b19402e85c79e3d80e1c143279b20a66d8dcf2bfe1cc44a0f5aa9b0d9b36c46c2cae148dd0f2ffe9a8e6e7274d1832e57aa39fb40553da6414094e838d613a20ce9307d49f97d904648d6460985b01af769800cff9a940f70729fe40e98feb64ff0a81c5b2b096b1a9d832e440c49e4e3684bd17a5169fe138d2544d9806fec027dd2a67f1856178e090f9bb2f9b314a202e7e95f2e41fa80dccf7b1810e9cbcaed2acc2445d60e26f7d63ee4b28e4299e60ea4fc659e7d6f0de91748bf1ede1fdb2acde9482bb76bf6716847eb2dd7517e0a94f0bbf20f248d2c79fa0f518b67a44d5c4c73a9bbc3816ba85ae8344b5f377649da75cf1857d6e4338a76446c48e52cc7bc7ce283d4252f8fac5e1427299edc33f84798316f77bad4a87849e91a1a23c0b7a86898046e278eaaa15ff33730a6d3f885dfe2d1dc0acda2a9e49a71cfecb7dcaa9e70eaa8fe15d4567a280e8960ba49d5289535907e9f277f96e8e652c21d89e81696dd821db5b7e1e53e160584477aa9e4c0e12160c9956df36cce6f4e724dd543827366010ed3d843cdf4319c1bf968a70e9b1b6bcd8af96c9eb0620c569716b7bc42e13251a6adf8201faa129844b5e1d699cafa1b66a674e732c7662b0410e5bca2704c5ebed7850d0ebb825cfb0627a183cc9643b709aedeac2c06700358400c389f99666ae97ccd37f265da7addeb07df9ccad6fa777d0da2fc47b6235179136bbbb409596841e921eb278142a19e6203c7f235bf8461ccadb4b47dd290d36ac27126c808b866f9531261f1e0f5c458a6bab6f064b4efc432e1c7379f9af19ac34c5c22e76e6e7651e48f9ce44eff542f018397889d896cc9001a63e8e455fbe4a9ee9a740edad894fe1af2bb21a1dd0318e28ba982c12ed69c08835ce17336ad1638af3cfe0ea892ab8e83d3f25e6bd98d5e4d36292992e2122c265a26cbb3931dd4c1b0d0ac5ee19974d0dd45777908bb416cbce52531820effcd7f28e1fb2d3d4d826e1b2673e834485a25af9f9d174f566abc3b36732ceefdd91a7c3885e1d10d51c321ff704d0883905b7539309ba5e7b7a2bfefd0494e90e9da7541ec37858ec05ea9a9ec5672b113cd5ad6ebfc5b8fe40ed7c3f17d8a73703dc89086b4d75c5eaf06b840bb2f5b4519a4fb17bfdca9605f17253f203efffc92da96fde023007d22cdad05d18aecb4bf08085c5ca5eecd21f2b611e7e8a0ef981fe7aa2014f5ac6862fab44011dfd33be8a1226943aa7ae5fee9221b0400d9ac2ce5241b09a68cde6b13c47d50bf310ecb37f25c32770a299020d8500d8a4b5d7621e4379dbd6ef34a9aceefd4055ea6144f54bbfedefb5b5b0fbd1d81c7a51a802072ec3d84f34585f22c1df84caca07849b1ef054cbef9b40848e9fd238761df5358cf55a79a53a1bc749e49ffab7c5bd9a28bf24ad5833facf43bcc3852c1e85cfe47929fc49c325c20d74588eb9833519f192243cf96625057899b70a7c93f8fdbfb60d8129d9c43c95f8782ed8293641ffd21d21d91a0b4db69d766f6d6497e9a414ceb04b65425d6ad6c8811da00639dce8d8030038f2d08330c75b0879aab81bfb3330b950e54c13780d308fceed2a103a1a8b77a923b66aba737654ba7995acd306aa7b80f632184412e2369c353c2132ae614553e626f0a3436959104ba6e0040dc597dfbc3602a49e401bf2249699375b2c722083489f54fcdc1f616a133ef6112a1754818158ff78f245b9046100b0e89407f74145fe336976af971c054f12d98002c68b3aa2bd699fbcd71bc4dc071e430bbf694595a951e01098aaa499be2f70611f248a694539ef8936b2e8b7a3c5de8662436fed1f7bc24a4e5c17a663d9a23b4692993301b08cb3bc10f518eca51081c717ec8dfbb0c2669f7987fe6aa0bd98231d8e8b58951b42537f12884a857e02d62de4fda6b88b6b754b1b27394c6a819e0f92f6b2b2473fe245678e252ed31477cc7ec6895bc361b718fcab3aa550fc9faeccfe77cdb5b151ab1db2e569b5bc923ee26f0b6113504d295112d47218140e44652a10af10a088f95c7cf2fccd040fc93980939122411ec643e26e7d69ced3178402e320fe156e774b75b5afc2f3d6b6ab828bb4993b1436faa5728cec34d66f520f59e82716ed6d1324944c3c91d04d5ffc5a921f4716c39de24768484d0096f7d8dbce35aeec22db11f899e5e7e3d57e7668f35d6c0db3542255d9262137d39ae6cf9bcde254dfccc54a6062fcf8982f781d9ffab2df4f49ec04a72eb9646d63bf9e1799bc0bec0ec7f0675ed9f8dc9b8be15d9f2175dfa1c8bc99071c70ad7bedb10a4143fa91c89f54777f84c9eae9361cf7f4c2b7ab873ee5785a5241db0af86f3c6d7f091623d6dc576d07550a42023633a09c8dfa21d7e70cce64c13f37663f75c47921c246f3f2d1d16a8283ce7697da4cb7e016971a2a1d0c59d6202bc18b7cee3828de597efdab53b33a9fb41aa7b49f1c964512901773bb396ac80e90ba1a94c408b2860065ae9aec64a41d76cf8842d299d0babf14d5840d647d075c34175e26a786f30091a24f1ce8db30137520dce1cfffb6318a0d0fdcac883eac603bf365efa2c806eb4f194cae8c16780342165222192f6ee2e103ae2a31dc08a84dfc89c64d2e9ada7ca1839dfff62ddfb7982c79684cfc821a098bc6bf09f87317209b16d14d45c6f38fc99f7bf9bb73460977bb323665d480c87c687cec052a5f08a2c6744c8e177a8a269b4a47a925b9123cd2c014313edae988f8aeaeb633ee5ba6be7f53fe36da3aa37ab2077f5fd75a82a55a0fe62af213b85e9e7694f78cc2b0e63a8c1b89db484722fc62c688678a511c474f0eff8eef1382946d26de00e5c626ec1d7079445c1b7c6f7f05073249b11fd1fb30257724a14cd7bbf451146bf366de2e826fdf1d25705587c4460040ab963e3bd504755b6aa5b18786b68efd3c8e59e8dbd172346fe7f4a18bac98164669d73984044f3c777368f965763742ab86a3720208c64801c796f6e3a1c4748b81e41ac58dcf6ecfa0453b18fad7e3473604f57f7da302e1fa81ad538d4a0280c4ad092007bb9a7a12907227a936871886c699db97d00a1966fdef64d9f3672f1b792c1edadc6781b391c91bea1bd7275f30859dbd1707b1f554e49ceb874ca06e92ab466efa7eeb6990667a27507a7ba789e24d593ea2af8eccb3862cce58daa63eaf212bdd86c01ed471cfc79b191c481ad773d20e821d18af85a7049034e5a9c660357a4c2808b9a6139f32c55c13282b8d98904f4f027d438189dc9487c96172e50dc1100ccc224e7374cf96ea6731032c43fbc9b367a4d1d0b31aa3fa8eb589672e69f1d9144114bbd508d56c2049ecdbfd7b43545375a099ad2885353d8c550d22dbb738e6fe3f104b444c89475a2cc24d7887daced8fa05006c02dfded01c00707e2ad04c41199c5decc1eae34b0c0abb5a5beee1b5253c3350e1a077682767a0b9124a4df2e8879366fd37fc04d4dbcf89883892f46a65ce3aec22123cbe6b3af6364df1f9f5f9751bc8179b6dcc5c126dd65feb7d11a85994e90ab6342834c79c5f82413e88198c73e932c66e3cb60b6e0c0cf438622e5dc5a1036c38afe9cf13559044a9e90f5fd72a3188ef6b1043f5f4e6b40ea51f6235dcb33b3099b2d8c2e02103235f0476ad51bce6d8a2934068549633e521a3ee4c62c22b042fb86c13c8da849233205a5e277aea1129678c31f5c379a71fe08b72fad9449cb923126dd465d1e0ae8a925374149b8248b3afb69f168f3ae701c00f6ea08fe07f1b5338ce6af2f3156ba6f300310114479f2f6119367c88c12c158b84be13b9c8c7b5dd7c90edb5b3ea1fa5927a25ad6d5596992dcd4877f58a134e05dcd80dde4fc2c2a680cc0ccf3084d3f4970e3603fa6bc5a180fcf1ca4241c0b8a1e7c607dc025016e297e2b0645de4ec2fc49851b9374f3ef99edd897c284a67b647ca8c96fcef935d541e9faf334043ea50b99fb8819ecce039227b624e52d8c20003b5a43808e4990da8e4398c4fc172b983351fd11a13dcd2aae5193d42d46e1b57c92e3e01d23fc968c729f3782d6c07dd5a17af2bda96735c12cc7d8023629fb0125e974425f7914690a7ed26508343ae58c8a439ebb6232049a194768d4594f5d65aca37a5686c2a86dd04bef35d74e0755937ac0ce3ebded1c00c8adabf030e5e4a5f44193b62fcf2f1bfa9dca2a25afaf2f1ec06c5d17ef3526d26d17af3e2f257ded24b177ba41c0ba64fd4fbd5042fbd5961a105e0e9f77f3db13c1b6c5bd9a9d04801a5c00a4c544218a21016c65bdff774a44b1d05256e0693e14d76605d67bd10048d3816caf31a6d10886c88c783538bd93e92bbc4484f3388b61adac4b92b911c76ebb1dd11b7b4e40be032bccff610068746f41e34a1fbfbfe5faf57c8a4331008e2c1cfd69f57e74379ac80eb6769f4ce4196795b835201ce4ec85ebcaf5eaaec242fe6695cbce1d53fde5b002e006bba8c8a1ee57da061ceed0d21bdd57ab0cab9e46bf3764d9a6c3ab19736d43b33f32eb955f9174ee4a54666e7f19cefeb49aac7a59b7370d9ae730b7bb4e08413222f0a66bfdac252fb61bcfa838f262312febfde8add8f6843f1d64ea3da42d4ef986498604d65737a44f5a099338520cdbdb65ce73b110dd4bcf8592a4adc3e0170b13404f99f0ec8f9fb225c1275a921f09369db165e9109dd5be472b9bc1901bfd882d264d9ed8d88b4c8f3b35f88b69e3e4b8ef5debb895be536a3af492d968dc1caf31879d672f70ad9869ea98335cf9e4a2760f955fd3e8099e4b2eb4269e354548f9de9921e50e49f3f5cbd63468b9db0cfdf17250c8f13535d4c0a1f21c87967cd798fe93b9b2960447401ef90db22c3adfba0f55f5585ad37040e8d6745184dd536d5a26edec365bd6edff1bcc616cdea3bfc8b9d98c0ef9a626054e361194cd05b2287612399f6d3d3be2f71555f14ad2893af6f60ab61adef663c3c2464ade671dd5ebc71935aad290573588fe6e11f48cd2b7db62e4b9932890d1b96e1b83eff70f026d199db75fb1e83197c937b672613c66ea131f485b4318e27c079b4018d4205484993bf50ce70275b244f2caf47cb47eb2a9ca59afbc78809a912eb56a4bb65cae4694f682c6329c690003a1c355f779b5857a60091b1c3685995a366cb43d753a704d3e59c5f5003c78feed877351e27334b3fdefe5907edd9eb25588a42248b9c4a93efa7cc63bad1e5900b95b70436c35eb85cc8251c4030fab9556920141cca24d6acd3122b92b7e868dc174bf071117958a4797fc90866aca685f1456fab397ae647ab9970348082bd74865bab7f248568db98ced7ed84e8360fa91afde3f23509e6b4caf948349ad9fb6a4efe0a0468302cae7a0f999195af1c19058669fc3b88b2780b9075dc180298498caeb7ba0cf8bd42eb36b1959d5ad3ca6fd1e85f76abd27ec5fb637ee38173ad7d86304d5708b6dc8817e099e77f5d43c1a70624cdb96e4e6103bb25e59eb51d894d1dc533a74005bb79cca35b66e10c61d06b5227fcb071457025d605a0862218ca252b871f8343ec231dbee15688aeb914c0f16ebabe6edb0a489b2bd10d4392c6f1863bb6a62181de7cef61997ab02f3bad0a893cc0cd8a99cd7b3f7773085f0929de36b5d124e3729140c375de9a2d0cd9a360cadf17b9e45b7f2adbdff9e75b743b62642ed67aa703b8ef33dcf51a50edc7dbab42d3d2b49badd2457a9f92847aa6a60ae2beae457a5fce1a9e485ecf907be22913893cd1350f20fc6c81c94be426eaf01864e813a03e4674491b61516bc95d8a77c15f03d0adfc4adc27f27a5ac4165ff6518eda1a5c408708f78a9e26b834179804a312148d4f75f21a77d78387139da40c0a6293c2a59d0162437d68504f189ed970c5abb9ffc6d8e1be2b0877c7f24b1dc273b1765bfc5ce6f4b8d99a96d5b1c92ee53a39f685b304313d909c1ba8130d20d51c824cec420b0315229df295f75b453a6c131afaae0c36d7c4fff70623638a4f7ded5eb7db58d95deb6249a29b171d8ce651556dee8037bf4ca74453a4a76aab7cc07ba44e55de57dbef8542c3851ea353fb8e259ee89bbecf9ce8d8bd6227afc0028afac48a7acd9b4e8cbe982eb1475917ad6be4cdca9cf6e7cddd971b2924f2bb730264801685d387485e41993c3fa0af9987e8b52c21688fd9a9595ad8d1b9f41e0457be18492aa09f69e64e2954d1ca3cc1d32b2915cd9cf6862ca79c80beb47347c4cceadf48a37b29b1d6de4e94717d60cdb4293fcf170bba388bddf7a9035a15d433f20fd697c3e4c8b8c5f590ab44aefdda94681407008ea48d03ff21e9bbb4ae7a9aa37c855fe3537c44106e8079f18c24d2584474bd4a99367660ce6f7e6d7c294961e174366e7babc569d5f80572a21a4bd7086629363e0c9ee2599c8b8863c96613ae6c32cc67ccafc66e1cce79654567ad08e62e9abc99e44d6a79ca4d8de15b7f8a763a4741676af0e1f3bd4e002c8fa1ebfbb3bd3a65ae68a80c230422f98f6e1e9837252e045eafd585ba389958297d59aea1e8e1f665fcbc5f7ff449996aa712dc0faf582cf3caf3dbae80594f9f07fc06de63d9d672d14d7ac4662b4a54f40d4aab2de766910be2fc7f6f679b5708790b5376498d3baf0463dca2f093b51bb7e9f3e7033ba0384af0174becc3bb477bc5e86959a12a5e8924adf0bffdf5e5b9c1cf24d232881ad5c05c5c0f50318ea83d8683339ca6a583c52198c00f7c1abbda282e7fd3b179297338ecf9c923a3a87a130dfc06164e9b4c1fe11d51b382643de44b30a6831dee119241d1b6f84f2484784fdf65e41f78c38e15fb4b00e45df1edc40e3467cdcda351a4c0a0185ac4649e91024377e1c331587a8586cc0a4dfe29e14004c3536d305f5dee0eeb8c2f216c1b8d27375b239f6458e08980badd6d82e9ee9e007578c0a3b48288d9ad0ec3c934a99a8c5741149af937dc82bdb545df26428b87fc935c05f1a4964a8408539f267e23de9bc498e2a4b0083cdb7c8e27de6252bfaf680a6d5b7ec1a6dac6d7d537334a95f1553324a0739414dbdb50445a767b0f589fd4c33b35905577ef5a53b0f097191f9cee4836a908748779941de2a78fe1bde0c2efd9f48cbf232ce101d9df93d3ed40d036ae7aedc3a5ff619abd1c159ca8d2dbda7de13b4ca62576c7f925c52925eae2d7500dc969fe14c0a335ff95a7df1d276a6f242765c781208d59edb5848d412b11638b27ce5a61b8209075976c2a6aae88f6e6d8704fe9e83b425dec4defeeb3cd311b8c5a818d51f917a8a4525361791d5c4fd5d70704d4b9fa9df1ea119882f400e682753a41931712c043c120a98f0fe786a600b47befefc9d64cc5bbe8a16c191490874e258760c9e4fd215bebf848e0b4d35521f53ec5f9308644b785171fc4cc3ff886e034bd833d59dbcacebdae8f00e43c151bcb24d1d226d1cc19ecf349361530a81ba3168af3df5536fbe52b3b93621f57959df298e5b4d3c14928d2ef7b9c977c7dda54242d17f8661978a62d94d565b00abc199790b9b25fbfd4a3ffc35c95ccafe35d9a138a2c24d17f06ae2cc376e822317f16fcbcd56e23f84ec135dc935e58c61b34cfbf5a36cb00350483b6bac786030e5c5045a6b61c9aba7dfaa4f7fb21897539863ee865ae061a77c0359915de3aacb3b5dc8cfe53c4d17b393c2b6bb23652f36390407922969d510cc97b99d1df4361530aef10707d7a021b2d9576b2d49ca88b3cc83ad1baa6d88ef8c81c08f8baaf515637b21ace9d5cc8fd9fe4ca6c3aa129caea7060791d566f4de8662b90f9e5d849cdadf9bd23cf6737b07ca105142663c30de27adcea11d64d433fe1ace84b0f6917c8b655f2a421602f07e0a7127e61ae9859c5e9f652ec82416fd2566f291f417ecdf99bf3231d02864e2e5a1cf34c13f59de9aa2760d8734bbda79576c62f566b8269990e9384a41c1634271acb4c7a8b768f276685c3a8c7f20872e56b683244b1af562c3e7dcf592a9915f44f886cc2ac5f679c07d5aa1fd69cf3a460f25c722073da336a310aa551062d92c7297002060072af2f3500b9310c239bedf45c5e985c2e0d60c7dd68522376dc7b560fb34d1b5089450c32ffcbff07b35a96bb6fe01259a06868d00af697f8bbb238d03d49570a109181c9576c1ea9d2ee02000cc23e63d6c93c6cf3050bbb15b6f73b09c25da62e5abd4c2bdb1110e1f25db39f04885595cd6a388c4726c8d4cdbad87d80d42fcaeae843e2e17f44c9aed25c8f6f9736c7ba1bbd3b839126de40a930024a65aacb872936e446114e706a868444cb140e53d976816983f3dd1d57eeca01eab8211b7aa8ae99d26e35c06ea4b226e0a6e52172a40e7f0df5f67759ae2ee026749ba10b8e33694c3e01a001526f9d75f6c419cdccece3ea3f78d69014e509c741214581034bbc7e2bbaf76db8421154abb2233117a1ffe2786b21424576e295c9baef262e80fa2edb69aff800b3ea436eb827e8adb73abc48d740b86c69d557b16e874038598b25f616afeb4f4a900be7dd0d38b5b6fb4259c51a3aaf4748d7a445f518485ed72b25c7df8ed0906b74bd29bd6a5724ac3a503c990f3697a5db484821f68718470810862728a80ce34599a41fc5bd8bb46dd845a4812ae1532c457ef4211d0e41835e5a6f030247614822571c930c727ba397e723d6b3aeba9244f054e331c82e65b74c9f6504c74b4301499a1a6f6269a3352aff57f88442d4eda42a82ebcf7776c5629f97d6160bffdd8282a40ce2e6375b161e4c22ee53bce7a45f4774aa827e2da657e1a1bc07445f0bbd770b7a5a25b1b469fd58715510dbf8d97af4e1b9459a20b08a8d3fa9d92feb32db95b22d36de0bc8b1c397b09970a6826392fd8392b2d790dcc1295888f42ac81ad213c7328b2324b28be7cc1f4fb8414a7785472f1dd3e11d66017b1756d1697be92490e15f056346d7e9126a1f35fd76cb016fe2841c8996a3507c4fffe7fc45026df10b03b86fb6cf26e8418926a030b5fa62748fbb728fa19dc2f8947468c1477750771e442e4a9d25b76d359211c05df788ade5b7824f8770b5dac0819737dec916ee59b28a49666ee8b7ca81386eec8049542f18a3207e51bdbc291470eeefecac385c096a
+
+[L = 32]
+
+Len = 16
+Msg = 43cd
+
+Len = 104
+Msg = 5f75a437ce0698a7d8151c3fe0
+
+Len = 352
+Msg = f88bac738d1e3e10f75e46e3fe026d7e423fdcf3d7e4028b33a291bb4aabca53f780fbf99e0346d610d4a38f
+
+Len = 488
+Msg = 832e5b78a73a1012ee62e00621db7f4d248893007c6e5d6e0e689c6b291baeebc72df9cf10b289fe20e7fab80a2399271d0ac63766049da875eed56264
+
+Len = 13976
+Msg = deab57cdeb41974037a9bef5e292894038264eb4d8993d4d1501e6ef9c68fb0f571f57b0925640925deae9a6317e3bc4d6cdd5a0833e52fb48baca16a9ba9b6c8ca469a0555763b54f04c87d4e41aa549258f30eefe5a52d2ba06657a8773b0842e094857b6d8911d6a0636280025e56356fade362b4bf4c875cc19be0c6644b447be0454dbf390eb966c03e10e9de3487b90d0825d327c12495e3c89ad09c9d591e55c91376fb14c2fde9f7461fb25450df1a65806b65f3caf4d5c81ebc6e664871fcf915b9578bb70ee6776acc62205888dce2baa4024941209e81b4b35f0eda1bdcbd9ab1d6db6140bda4c41776fe675d5c681da5852d50c246dda4ddf9fdd7c5fdfeec85ff6c883c78689c2977584406a1ddef977606c182d6c33561c39c071668a2515e5aa6f4aa1faa392aed95b82ab32b79a15e3b5a07551ab068455131b72493126470f26c30b852e4415e1d8b719b3803ecc336e4facbcc5d1908851f4f39b776bec8b6b9794d47e5965458858560eed5a0305e260240c0849d93a19787b0f8c795eb5ba32be573845256ae6d0b0a3336e42a1beac8bdde6d1b6e0b6207903d4b105f4af2ef89bd099ded870daea2f170e03bd5f6f4490e60bc222d4876e16d4c58aeea6e6c400dbb9e9f4b2b142f0fc9bdeaf4132ded38a4a8366e107cac7210945fa2df4b124be37ef76290e5b9758aa3bfe0091bb0448206323584c2f833e0edfbdc0c33075fc9647a3404ca490bfab94302a0679a1a42fe9fec6af0cd98038b09ffbecd2832b579b2294f6ae5b96328fdc0a0b9b3a32cba04fa8bae3389c3951173bdc17caaefe526aa386f98670b177683d0b804c5875fe9c7afa233ee66349c9fd1b60bb0becf5e1d887e67fd3baf34b4f90d94699d18d6bb9d77d4af358f31edc254de2d6c5fe3ec07425c633b18c1b9e3606b78b40b543e1fd31fb578cf58c45744fc073fbf3c7d7d607e815379a5fc565892d81560eab8fb5f1ae6771b998c592e6d288014f13ab283d53fcbfa66e31a9d107308402191fac2cf2b799c7dae91b93a7676898b8a6e516a86eac58ed8f6d8ed2fd4d38031e4a4466dc8798b90c48e6adb6b4391d47872443cfaffa542b4b132f6c3408f0081af8692aadb4c9bbd55053ea56d8b82998f6b4b41d331891acfe6af1bb0d6679989978368ea463743b514866d2d01fb9950e8990867bc14f1db1142254adeccf3da812949cd03cd1d569e9d0bab7ca7405cc21096e3cd4d007cbb9629372e98584b4c6b97ad0bc314e1ab6ac71184ee555c01973570ed9b115bed956f9e4e349083013098b1e483f0fe44d5e9849f38a2f7ae152b36a266ea1faf263ea8c706632ba8629602187379546fc6b82e57ededd6d074c15c771754710731e07c207899eb47e8d7c72ffd768c36257d373375ffa06f9b3f0af11417f9ff9f9b44e1f1f96ae8aaa429af88b14da1da81c7bb38a0fe9372ed6a9ac6fb5e9e56b82593d94c5192904450227bf040b7ce0904789f979845e112a1f995c849ec3f7e49bd975a474e8201630f40fc0d80e76019f110ae158cd0f8da96ea4561f24237d8e795ebf52368218bff3e9d5b040ecd2caef4ab1e7127e53bfa2b3b4fb74829f9993ac703192aedef79dd9ad24c2c976638b4575afbce22ecacc273ba43379ed55ceeb51838b0adb80585bd1b5f2707ee16b67a7232adf7163415b24b9ff9dc94b7197fdc89e2a90d2b9eccde45e965edd064dc0d1eadabe11b8ec3aad2742b5d3323ebf913a92817749090c20758f98aef2544d4c8b48874e8936d7ee492d5585675c214deeb74fd67c4d170ac5e0aeefa607c6e37abd4f8238e776fde3921afab75cbd8f392d3e88da057903ce2e140797f4a85737bd89455e6aa27c7535687b78cd0ea59848e006c8de9c9c0cbc7a9f5e977be850adc710503ce4ba7c7bd0b042297f518abec6c8ef451c33e030251f506cbc3744228b6bb4dab86877d9e6019a0ea9f39ed37557b3b5527c171da5f013e0d3c480a038cff2c087d6e5d41b17e6c8f90c334b5e2b9ccbe9d4efd99fba1f907d00a49b71b5a08aedb644fed24bcf04e71be67b03cd20d53ccef8f854f5e9f7f28c1e98a8a53496646713bebe15a93f1ea336e6e8a4e68de5dab0fe880bf983eec75d1c5027357f6669e098411e0bc3ea2293138f5b34425f78b6508b94d4c0cc32ee9afaa409a26e5f2a1fddcd6d5ff42a89755a58b08f243957a2e208e24b055f51992ab447bc06876eba169c545fa71b88a0fc15d1e0be9d334a1dd0c86f44bd149b42c07608a9a30d0b7e13574f8d862f2ac72b2ed38904d7cab194fdb9e4dcb615f5610b24e202a36866baccac01fadb575df11dd43e00a3b92fcdd8c7702ea49d951e7dad2a56c075730b4af1ceda2bcb2310256f28312579fad40ff471336ea6a44143edfcffc297258d48bd2ea47efab8f0dc00f1e6dba1a55009ed627b7
+
+Len = 48824
+Msg = 5223e2fece634a95e1e7c83ad4a11a0478f4a41572bd66c2d7902cf4f94404cd80b1f58fbcb8eeba3984fd759410c12f8ee922865f363f684df5a8787c87ceb3086fb8535157f7f39653dbf5c66ae7219253838ec77cf1c6db518225c5ba0a8212e5911236474b8820ddcb8111b87320adb82ff553986324aa2a21c37ce4a083c89ce9931290d4c1fea933e31d014d7507a28e83aa917ccae10bed1a490e77fe501b299f8e3b78e659407ce1934d5d68c7980800746f26ffa9794ef1d23f793bd2eab7fe524e213e58280f441ba48b40162305335b3a480c2afeac11c27f8d817792fd7805d4b61224eb52d35c0fbf471bcaede505fbc9398b216f43bfd69b1a669a61d44fd21faae410af58ff95e1c3ff1528de1aba93cef56bff4d714d8c4cc88a4ddcda52444ec1208d99ab3fd9fde98c1ee6437d8d138f62c5f782eb4660c5eb28564b5b0d46e3a2546009148f3d02b837c5284e9f508290270b97b9b29e84445a0b4df662d9711e6b73c11cebcb7120dc427034b1ccf57d8e4f5bbdb84d2e1d4bc3862a2b51931d3c9a7a5fd6ee5f4c7327c338abd011af638d730141b6eafe63469eff50f473262e9fdce636eff4c5663acb6075a4fdb00c8b8a8d3322e1700a5b3e7db90b36c1a94991b8f51657121b442db6f890e208f312466778d73bfaa8cc0ead4edd0776155f3eddf9abb1bbfc0c94421adce83d7ee94f99f61e1f25a55fb596f8b40ccedbaa8e5e2cf629496f5ca60bc4cf36d917da4e2b973eb57869dddc409dd66d5061f22642743fe843defa0b19dfb2f56425abeb234181267b5c0d2ab4268c538510feb191bbcd1631b0af6c7451cd4c641025cd8bde2d9ab6e6b948f97c1ee6f35098d553e8e9da9b4d437125046864633f109d6a558b38b270a7dd1785d44d248a863a91e3db5c0a1d7ec133decb65e81c3402c98ee329f660a092172bf6b1a02491895394ebc506882805a6c93e767c0e58a5af717d950a206c0f0055cb39ed88816a9fe3613d15f608e486ac08bfa67d462d24e6a0a37716d3fbdaeb9c0e951c1e847fb884ebc1cfe707dc6e7269eed1c44331d5957bc4ac9dfeaed4b157204a3080fafb9df8917b8d15aff9c49cdc739b8fdc26a546794991c183fa523d14797e051894f48b0d62c2b70834467ff9c993b82fc1152c1f5479ec6144c7e8fb10d1bce26bd1cdbeec4e95ee073f3bcc3c7367328e30543d371b27509a577f5c79f14d5f687ce62b82f856695af9f7dd350543ec763de75b593f1859e44c2ac01ba65f98743cfddd8a89a38115badcb51a0ff5655f830c0122af6a830aec13ae5eb89a93755b3a5a6eca233f21cb12db545a24a5334becb8fa32c3d7f5805faeaaeea85a551fc62c94807faa6474c0d74cae79b5d8ddae07498fcc5b8b4f394867112ef5fad1c9da66765ecbc7fc0f3269d29c9c38817c77778f2c19b5a3c705fde9d76a4eb86aed4a7369a832ad267312903462397f7b8fecfa8b195cc2316cd53e48c3371ed2ecaa3e484b8ecd2e22b1aee910c51ed5d71198936266f5a00655d82c089f49295feda0a2bcc1a54ec8adf565acc3a8b2d74c30eafbbd843c59e67f293f6d8296cf7b611f01b57dafec6e2d4d411a633918068c38ef47b72ceff1fae772891141c3bc496824509d78165c1e4cd4b4989321a8722643eed69950dc120fa8da3e53c3181f252d7c4cd2cedf8f086f788ee77a98ab5b019828aa02108f49ea4a51f457f7adfd2220d3e59d5f4a29194e8f5eac40ff80312ff6888ff6393c3fc0914b08c1b9990d247ad80a441558db1ee1203e07353dd99a885a7ff5d791af2548815dde0ca1f56f89d39ef6b93dbcd0cd54b854173903c12649587433f0425fbcbddfb66ebce3eb4800dfddfe7fc44d9b23a3916b1db68c187da4dd13ff0157352814b1a792de7fff855761abc6fb7b93b48525fa90fbe3a51dea974069f3f5fdea86387eccee13f58a8eeb8abc6a43fd30e9788c3bd9ae1751b30a82d420225b2abdb1bc121b9073380be16107188d20be54f2e9c658d5b443869ea0e991c496104086290b6edcc1b656adf94f0d42458750fbd8d88040c518ebbb644f4dc4f7c6971d8d60eee0272df7b51a3d5248b4b264fb22195ad891fb6ac994ae5c0bc6714ae0b0b9a484edc576638b78ee89b568195a8f33ed8362128c30f9b0c7804b3ce1355abc96b15aa55c1e16a9e9ec90d1f580e7cb412a7e85d8585bfb950acd4de5865214ce4db7f6314d81784c588c1482d5f28c5fb62e7dd7aa8237ce9396ccde3a616754414cdf7b5a958c1eb7f25a48c2781b4e0dba220f8c350d7b02ece252b94f5e2e766189c4ac1a8e67f00acacead402316196a9b0a673e24a33f18b7cb6be4a066d33e1c93abd8252feb1c8d9cff134ac0c0861150a463264e316172d0b8e7d6043f2bbf71bf97fa7f9070ca3a21b93853ec55ab67a96db884c2113bea0822a70ea46f9ae5501eb55ec74eaa3179fa96d7842092d9e023844ed96f3c9fc35bbc8ee953d677c636fdd578fd5507719e0c55702fed2eaf4f32b35ec29a7a515bbc8bf61f9baf89a77aeb8bc6f247706c41d398cae5ec80b76abc3a5380001aea500eb31b10160139d5a8e8f1a976dd2dde5ce439a29dba24d370536a14bb87cf201e088e5e3397b3b61477c6a41e22a98af53cc34bc8c55f15d7924e7e32fed4d3c3ddc2ac8eb1dfc438218c08c6a6a8eea888b208f6092dd9f9df49e7ede8bf11051afd23b0b983a81bcc8d00f7d1f2b27cb04c03aeee59c7df23a17775ae5984eda788eb2015680ac5610fb1380b4e7d7a9cda6178dca98690449f5551b66ad2826cab2b662f56903fc95b4611bc86f7a834a34ddc3be7bf142c8baa096abaa3cd51ad0c0b6d15e590eab9e50a4c60c91061f1ed6373d91974c1ad9d263110a0d43fd8b596396cafc0ae70b7ac24a59bba090a6994ec483db7ed4c572f723670a11c724e8ffa2497d8fccae37eaa1d14ac1537eaf80efbd2e597b2ffac97f2bc3cd2c4017f170544dfbb0d9109478fddf06ec0981542bc8107a725be25070d2cab4716f4edfad75fddd582ebd363c49e8efaed9a76ee51f22304eebc232a4f67f865b04f610a628fdb317116666785fe8ca30619a07c83cc449855202d687f162b12d93b63af6e7ddfb7223d4ab998a5f450523c1d521ab76f4aa113cc2967e04a38dae07c51c2d0f44fdc8605c3c53ccee91a2c73dade5dae021cbc87d5cd6e5fbefb65335827311fe1e91921ecd66b2055a6102d7a976308a80c44e6d47a67718c84f2112d65486a558f1f269b91d9f47e3e11d09c0c748625bad2718e3674898abdb19d3644bcdc9317c09a3ac02f514b2a57e6a706362e5f6e8fb16cc83daea0eec85fdc8c367d84c9230730291440a4b109f7034d510a3f70a22dd4fa69e8b65e5fdf87045d560eec71f4e59531c7711d4f8917a96e22ad07346d2f92a13fb4569fa6a075da6e1acad1eac1cb2ef19ab452264de2357c927c6dfae6598cbc821eaf3b8da754ce91a96c702c95b2c308bf3a550cbf4d22d417745b5f17d36608feb826b862747c59d26a0e8eb96547a1852f9fbd095f1c5d20721804941d462f3ee2f0876ee2825c8df24c4f00f0844e50588ac688127013df8eba3c971362dd255420649245e880212cb3d732fb82f866dda090040f28e09cf1c86eea5dc4fbfc373eb69745b4afd841ca8e172d4a8510e7698345fd4cab9ec2ca0453a274720bb2d2e5468bf0d0f85919dd762fe3df969e6c071285e25c2e2a49659b8a78289aee655965bfa3cbca9b292a19a855ec40293185354ff4da9451ccf98abfda07f1137e79bc89d688963081dec641a99656b040637402890f185edb28e7e6a2f65848a6af158f90eea440aa6246a2e6c31f5d220b9846aae2027afe5a7caad6dc16b56463367cd9e73bf22a1d6172145de4565ee369c55e3b99ccbef70fb080a3748340fbe8f6b95ba46e8b76de5a3c4bedc37c55ae24ad02267da26769a3a732badac2e0f3a5393028dd54d78701647582cd04c8310e9f1ff1b433125229547130e1737a1f33604f0d670ea7221097c3eb9c7fa4b8293d7b429af76191ea8e481dc1da31344537a09b33404d782eda1d6f5775500c1d8efc615778baf0905d9fcba1806ef986c40b1c6a72335104376b58266c36f5939a8b95123e8635c0c95e80aaeb97379b1179d6332dc07539b595ec32eebd3a336a1128f3cf2e2924db6d8504a516b62f26d012b7f75cab765c8374a3824da5a405746023b51894649ab422d636513ee809fa181d5b6fbc63351e37a1b14efc8f739e86ca78ae3e280f1c9e4824b2976ec4dd308ede6171a7474c7f530128089bbd75e10f9e57ee17408b4384f99f886a5f63a2320a9b90eb9bf692e1fc449171eae3bb1bb17a6ed937ea57af3c82db84e073b5306683e1d63705b9742a085fb802cf5a1639818417fc2223f476c2566351f4b3b17a822e11255f3c3412dd39190e200727bcd3f9799519ef792ec7c2b0b9d0e2dccf013d436dee63483c2ce83c15c00a76c4d894a60cb90366ecf9e61221ee8bdaec66d715159876d8305b35c81f96ab2cd8f81f4769e9a6e439c08c329036f5d2591ac42f2747bc0e77d4e566358a3271819b6003b290211b9b847ab70e906aed9f86cc38aae27e1098fdc3bd5d84e66c45292183f198bc329cad794aa4e430534511b7d9a75104061b409676a16c1146af0a286e2de8bf51c4a35193581a902bd3224cb9257c961989042538092af92644a63d6d6f6872a29aceca39341ad29dd22354812c4b7c7068b039ac9ca7e6358e662a28be001d4aa697ace540cc3ed3c97b98d8c5a6fd3543ae9a7962c9229b14b0b646229807747064be3e83191cf24092dd67f675638d9f6510486379f47f5eeda870a3187946819ec9ed05e7b325bfd0eed5c9a0f4a2063d63c1a8a0a309f586c94d4a68bbe860ae9599ce204c92cf9d92cb460ff99cff9e5a8b3824786360e1e1861e71158395faeaebe7aa2f61f76190f174aab9a313f0bf4f1befbbb22768b8c22719cf3fa9ec908b576fa4bbc084b1ee5b5a7eddc89b58b45ae7b421d38215aa6e49304323eb4e202655f3c8b16ebd6b03058e75a907ee63fcf6aad5eb96c1e5faea81b88b5eee525c4663af52877c0f759432913b9d48030903e7f9f70e851cd4e20bc56aaf36cb02293d992b38b583b8f0b25a08c3303d8af5b1b37f5127f7021b13934645ef3020e5caadc5e7326ed4ff56f797e26cb986b6512b0cc76f1d8e7be44aaa88e12cbc644f14a7feb979d2ab66907063c51e052d0f8b25d827377fecc5111be0d365e08d17f559e3134cb9db294f1cac03150f4232f853ec15ecde55fd1023b58e83934869796400088e9177e85a2227ee45addd049c1d6b03e5b29dd570496fdb2fde7d8cc74fbb5fe76266ebd90a3b4d57e6e6cb9f0bbdb7ca03ae955915768011c714c909a27ee20135927af55d4feaf2c345d029a54af942da6f85f2103345d059f66864e6b0578111e2ddd5a1cd8bbf4ae35b60747b93f53ec8ec64c10cf4149909b102a2b88712ff3e5ba3611cf96585a6b36fffb64b8c37a114d6b16a53879136eb0b5e003a5a068e3e8422a4fc8d7c77227cce64ebafcde2437166b62ccf486660a7a2ef37012ebacca26ecd5bdf363feeb06aee39050974c25d6a564594c67f56fcf7ed48b07fab4e25ccffe002bbe460325abafe37f23dd9c145b4667f146a1635e462330f02470b35c5a2519f1350c02b263201ec9026cfc57d3659373910e878f2b6c1c5be774df8e01e775d476956c257bd0ccdec17ee939c46e5653d5813eda752ba7bbb245a99a5db1ae55d19692074c2e5820df97c502a4bd1b12929e1be8e9ce6d802347c3e9c4202de6046436c05ab55b2fcb2c227adade6c2046d98102cfd0d859a91f8104eb9f6f155da2acf93df2405bf2c083eafd3ec41d60b810e0bdef6298b21193642a9c0c646bc6771a5c61a25604d96bdb727abd5a7ebe4ddb2a56a6ddece26d8007b26043ad44279c3c8ffb7e6ffb3cd4e10ea2780f509a8a9bc31f99a7e66201195f1543a0a020f754d9a665a29a896faf673df6811379579891374c71b2234fc61e95d4d46f15d44bdb4d7c3b3be3f46410ca46827b8cca976d8866e8ca33c4945d5c87b705588b78015b529843af0b75a7e1e871fd276c1e947d896b92e6181ab7e3ccc7077bb57fe85a6958667d3d7a790f6cde1cebb494c2912478a0eca2bfaad62492e9f1caaa0cc520da08c0d2d910cd44255f4c2ca0646dc89e789a1cf9a28e2f99315d33accb1639cbaf0c94181b85fef648bb4cc7f66dc65b8e90bf5f3b763e58520098febfe7e47bddc2d9cdd5e40dbf4ddb8d51f51bde2e57432266d248d13ed09e62f66794d188f9861c50ec41f0eee30f76f4ece250956733ee97036098db41991a4a3eb7816196c8e447db3a2913bcd992174a7bde1f42d57c764b47f5bc09533760c1ba74943a0dca291f2746bc1fcc573f9a22c72a5eca347b1679683fbc8f32b08d381baf67b7266b14b3ba46a04a3ee45881ac452f64df1bf17f70f4cf9fa4dfed9ae70184679184784a0451d2f5c19c02031e0e4957b4df68b4a069a6f6f6458f6d773924a1841ba664a55c2c3187dd33416cd410e56e4bf8d3671cf737bf67df2a4cc4dcc786872b9e2dc4009fea0e48a749353ac053d80e36357d24d468dd595bc823017c015d7450fe38149370c5decf13b00b6b0e0a2567ac08b45f7b0c8a7c89d227219d051d17a706ccbea49a42035cb327381568eae23b5e2a3b7e8beef6f260d24ab224827ca8ee9d640dd23eee94ed02c9e26abb3053cbfaeadbb1f365a24d8769d92240da842e0b361524020b5c9c22a2fd8602dc9600aaf02b35344309f6bb018a94d4cbc9639ab7430657c4046f0b25df517e31626abeedd58c2e19aa0ae1a43ed2bacad91dc04a2fdf9cc33cc420f4f04379e95988ab36731d5d5402d89fb47e826f4243bb206124364d63564a0872f8d2826eebd9046c7c6f2e7c951e49d4b22a7eec89da1fbed890d63ef15f26422185143c89da3ee269f83e1de11a7467822146042be92295a585e3a09e720ec522e1cbdcb41acf5ac45ee892677ba3ff670d71339a76ed98237be252ae21268e756f05ba0b094a1803f9da84a8a05d0ec9456cf565e1b548cae95eafa0fb01f091935e6eff2413bcb15f605f15270408216fb5b41ed83dfa1454c522375e35bdefe54275f109d0ab450636ac4d8e4d9e27f2d81a15b8cc5e98549254a1c9162918db3e399118f5864774a9d6a2347e1315753071eb1204c8bf5f52b1a0da37e484ebbe545fdfe6b031215678c3b83a19a24d7b661f626beb01eb82b384f02f42bcad4f40addd48db8a92b90d2297e6143702056123286617f86fbef4fea940f648867d790b8f803abc5f4e0e3f4226954c296afd96e287e21b7243d05e743161810da578096521805edd81f68a45500f6a3a1885cb1f45cbd399dde024df65072eb973c827fca13eeaa3f140842016f509aa9ab4603d2457c92cc9aef24950697a0044e3d7c483b8d8391886cd50dff8c2f16de3d6caa7f864c1b3874750781b2b78b545a94b4da0b0036433c6561f5cfea50eae9f5645302eef18238473606e9b9931880d0f6368fa9970d1ffbe59c4454bf97f4a5e8091801b53ee4a209e0642d83605836f69742071aaebd9d813b10f4ccac03851ee9f20cd1351f8e68554c9bc5f58ad19d474ca128edbf561d195e52ddf3c19bee3bb597ac2f92143bafc98bc09fbda6d18dd4ff2a93cd2ba17f54f75c32d3f141468c2baef4e53b6a340286dc2599bf7bb002aa86688e26f5b51a6aaf32e48ffd539d4f3f4bbf0cde2d20138151c82384f9ff29a634ab4e0103d93340bb9a7b0caa108bc7fdc88d7de14abb17e9efdad2b0f304f0bfcbabaeb1b9db75959dbf54930e67aed3a9c8309aa90506b6b9ed4f1d06c4ced19746e206e1e9b8879663bf56bf6c5c920ac5e09e6579b780cb63e1875ef0a731b726864b7ae5705a2d6d343a4a213a05928b7337a59f900fd04472382610e2a8d25383c9ab5804d609e79a88d70eaef3ea22d3aa9100fa2a6e98e97684ade9fe90d6bfc59dc9dec3d3d8db8990bc2123ba92e64253235e9b4d682e8aa04e23fb9bb6248a77c065e93249de829bb2fc5ea9e396461090222816bb29bca37bf86698fb995f62c50110cf418bbe2078a56c5f1ec9fdf3d0b09a719ac253b5bcd00932ae058b86611aff51c8ca8448978615854b69b0216a6eb8050ce199fd9a13aa0fd652570a1b187f61e6831b3a960521c3705da8c5e6c64c7b196ed4a49c2912d77b670b177c6458a7a49ecc1ffd8c57c0978d2a05cd1f1c7ac9514dd14b7b0933a52cefd40b6452ca0903df1f55828025c7e18109a6e0f2ab25724cad2d6f57cb5d894a6a508134731e9b9c61254f64990941f4faf97394b634b91860cc6ec346aa666600d323c849ea4c4a0ef55acbc56495ca004f3fca42ff0ffb11b0e1164c95ab89bf1db3d4f575ff334d4e0d7d50e0c54c422eac5ef78c5a3be95f2e18872540fccfb597211ec79d9d47b6cf41e385b9c2e92122167fe584210f63bf919c620d
+
+[L = 28]
+
+Len = 16
+Msg = 3dd2
+
+Len = 104
+Msg = 3d232201038fe7d846ac1bd4c6
+
+Len = 352
+Msg = 44c98cfc71f82215dadf494d68d1d6b92bb4eb81fa0fbf945a659d9aa2c2302b5c93fd3eedba31e479e29d36
+
+Len = 504
+Msg = 02a5c7b1b749d6d49bed302d9439f23ab83020bd4d573906f4190e74216ad33aceab775f71cd31092bba5cfa42f0845bd16fc1b8bed6434dedc92f80b395aa
+
+Len = 13976
+Msg = bd70deb2cafa75918308d703a6783fe9dc5e3d21de9bfeb6dbb1cd531ed5dafeec463a02abde302d4ae6ab3cdc2f0f94865e38339c88bde507ff71bbea6b30b9851cd8cf599e950b8c8e620c90adccba0033f934ca66ea0a936afdad575bb6235099beff1a632c9114a8045a0919fdc21083880eb05c0d8c489c7810aecef4a41766f67c37557e28a9db9a0d909c2b167ff7eba79693afd3ee3aeace38eb73a5a02a882cf89b123812cf2a0f6d5edd1d14362ce9c43257474def5cce3adbba8cb48e7af9a45e702a182dbf47e8869b3f99e953ba81628e502c60d4f8ffc551c31b3ad6ca85c52164839d5e9d493deee4d4b76604174bdb5655385d34ced2c1b09dd5a486e1f9ac501bc611f9d7aa5c748f496faecc14c6c18e1dfc6aee2991bd0207ea1701219955a751df43dbf66f57904675a0e9e6d7f9a0b8bb82a8f44951117ab2642d6671daf1e5d1639d48aff6a05781c2b5e8976653b0a164445872d393d30355acf0bb49bf2bed4265c9a3b786249afc7a438d706eadb6f90a7f93ad51bde6d2c8e6ff09dacb3dc67ba0d3030c54c8367e1e4280bb5903274191344610de61c3c770c6820a6cc9d826f7c743f88f13580ba23cfc00598fd733b5dd069bde7f10f2b8961c16b69761b0f308dd137f844a67f6054e065863f226141755b96645a291e3fa3fc853b2475fbe1d3b25ca22f4da4425dc95fc855e63d6699b311ebd5fec1c7753e6e81f747c808ec3f618f63eaeb1221075edff0532225c40ccadee304a8997c03920e7ce4e60e4df4d120611296786516dd4d9cdda2077ac52bce0fdf552e1ee89a0133f1f87a6f6f35f5c53958ed806465919a0a5fa42488bf29caf33a0dd469e13abae351d5c6fb1a800ee384da199c823c965d9d5457a3ef8292c4d9b142e3f1fb502da498eb44d95f8c85bcd6871bbdbf004bfdc09ab35758f5e8b6a0d0f366c3b255333c52c8fcd4ecb4536b5f6e72897649f3415443612d72c3436505249a344feeb04883f41f90ade40af119014b3c56fc108f1ab0a77087d9226665d416cd975e9e4605529c032e8926002a70924820c6c7e264a794b2a3beb63d69ae56e017294fad4d611cbd0d3847212a38f22d623eabe3b884a36464d8814286fff52c4dd366f6c2abfc2eb865e0dc9ec6e55ca9d81f1b8cc47e2629bb162e54655bf2a9e156ab0bafb4b8ce96858aeea6e6665607a3f268036f4890dad759486b15e3c9e791429ec8f11bae4ea7c490656fdb0551dcf0b0be017c08bc674bd97d9d701c3ac955e2941ba7d5f2ba122a6f0c1b164b1caf2d50df111fd4287e9e195d181f6f514d7dadbefdd4274edc234025b727680576046842a834b6ad89eccaff5c5209bb91d652357e3750d8bb0165572fb71d09fdfc60f6b1e5d868c67c0edead427e7aeb734e29b96e03ea174b6b1af523feacaf6bd745ceb1bdecec9251958b7f521182daddf62ff6c4f58977adeba81c616ff2e937ca4f16eb9c44e63f9e974709122083ae45524ff87d7a0cca33a90f09b660db0efeb393c61967de2564315827ef1cf42b71c0f822f471713c9d885a3c3281d7c95dbc96f1c6dde0af70ea11232b00a2d215ec8de8fcf84b6193b6ac9d46de660361aabed3371fa44a6f32107f3854262eac355f9ef98701f580b4649175cefc29950e7a0eec958f629999c4b0a98fd4bdaf5c0bd97c963b551f2220bd41ec00b8726836e949e818a49aa1ac5bf12c64fb9991111ce8be3e0cb9605f753dae1a4c84389416f17fb66cecba45d591b22d64e5a4edcde067a088d9ff7f5dbb9dbf324510000c55d50f480a640fb22da9b4862dd81080d61af9560b601edb5e3346263f5f193df97079a27e3f9876078b80ebdcdb17ca4c50aef0c8329c72a7f77584cd963e105eea9c28a2ad4e95c1d018e27d0e720ea59147f59ad796b80b6293da8a55ed47e8abdd37221db0a5eefff31688e2adc294654ab0fddf9c1ffafd4783f01eb539492cb35a77315d0ad19395f47b18298a7b353dcf5bab0b2f193ff73d99310478d2e5c4ff1c68a2493c138818edef73caec9977bd4eda6249c8933953e06d796b288f78b18c343ef561082fd03bf92b084afaaee741de3004abaf746350048294bc52450e31147173f2da13d6ffc5adc718e149f9df3702f414dd3ee88296ae8a0106b071b589e8696401da7993d58a9bf8e5bf417165498c96b4ff5fd2b45bbf88f551688425122a3737ca54b2992fdb4d60957a93097222c3cf4c45dabe18b9d6a69e6f27567d5adec489e4b6812c29a8fa52f1de642b7b0e749c16f54473ed5ca2fdf2199e885fed308fa62a3e0deb7e0b8e439e25b3e9f95d755fdcb7ebee9d73069dd57dd1cdc5145205882023b54f2c9dec6cced9e3f6d24e8cdbb8ef121b8f3eded574d81908e867af5ac82bfb8ed60848b4bfdc1d998bae3a9ca80c1c49601d11a40409c62b1536f01ca67
+
+Len = 48824
+Msg = 5fd54472a44e4476d254c0940071ad42dc723354f76ba61f63fbb9df80d1ee56136f51b6982e66c1da83602fc08093506a9e2cf27cb92085ba5c627dd63f59f8850e91a1d86cb1d4ca38ad03160f3c584b128d9b21e935570e086d3815307ab8df396cfa0c100bf6cbfc0fd7a8258fa1a656bc178e02cfdc868540d8e5ad39dd46794a8bdc205e710555ee7421ca7475a4f3232e6a0cd55d4b5d4525f0bd7eb1e455931aeea6918b9fceb2a32706d31a6d7028a85e102f228417e2e7db68317ae155af70eda98c8dc1ecc32a62e294d92855354c1114c5735a3c81e551b63a81650107557f3237bf953989d17c65a0fafd2bb1e32c237f98f55389e8f8b0810e97e201914c487a68403c6d621a98ddc515780435564245d87ce462b8785def699f7f06ebfdf33dd1ed7dd5a3e781348298c7950a387bff7d1878731d7ac66ad9a6607f2c3a3b6843c2852a5e882a8d78ae9dce2a79d595cdf09626dfa6f1dba7d40ed21caa29e304e7dbd559a89bd1f07d84165dc259ef112dc6e2c5a3e82b1c50106983f6c4965c85073c5deddbe6323003d56abb0df590f69010981ab3407e43eeaa29c6156995c492c931fff1b686eda3741a0bfb9094747d1620b2580415d431ffd6c02245f6cb03e39f87e82834dcea59355b2ba663ce145d2514e15e2b2c60cf518ff510c6c3e2f16d2dc523832762ed8352a320462ddd4d6fe755350672038163d996b44ed3b85d64989291bdf39398cb996de785b9614ec5d4bd73efcfa37fd4470b17d6240b8e4c715759286b04c3d7d791e2689927c9f18320ff2e6bc7306c805e23a5de66eced5f1a630cb43dd46db515f837f6b824b99b86c10b6df7fcf22d97be05284edf0e0be597b3f9c63556db031339f79ac9e6c5f8a1cefdbb4b30f5bcd23c2a4dcf791cbfdd6460284c5af0621ab7c5571e40a87c87be459c85ec81d746930dea24f43bb11d6611ea83409d3bf4f987778d8eed1d5b246a2112ef78ef0252f9ae464810c13f02359441d289958b4766807d9a3be0054897d35b01830deec1151f9e3d42f92b80f4aeedd65c78c6e98afc562a3bcf6d72f238c6e94a38f2288ac7929a7a61c92875c1f115c0ed8d261a727f0794f17ceaa3dabc717478f6ce7f2e8b295f000241e154b4575bfac8483f6b62f9ef4e18f7d341a65faad5e2fc1ddaf2b09adebc155ff09e63d5aa5f95206e66c7f4ef2ae3aaf3ea7c93589efa8c552df8d203e0ea181c1703d7023b56e603f33b4adb9bf44f7af290d8081210f327a6c9b0785709346087fd090c42d2b8b2711b9a1a5173eb5e246320ee27867ad6c3eadc4407bada44561a12cf5d53bf0448308bb536a8a525eabc1410c3a34becee25fd6fda453251ec229b53751f2280e142c6b331daa659ab655b78cfb08bf18e40bb02b7f1650eb2dd4ba1707f0aafa219f21c29521581ce249e2e34f5656b0a04c00485079b040e13cbc038bb9f17f47cb8f908591b26bdc28538d8baffe4cc39b17d2ecffbb9698bc2b8b31b08424034c051b535e0cfdf07b7a0a54781e33ba739759991aeb72c0ed992cbe76eb8ec0ab12c182e8b049cbadd6e82e314f1bf15fef5ae95dc86bd64b8556766f8ff62c33492198e454e5ca59ea856d8e095c04da8045522abac865506096ee1cfa1082af08ca09b3533878ea3580b6c0c57a615e0ab768246b3eda96bb6caa01a2648068e21959f843d853e948588e8c0bfda364ef1f9fbd3235c27916562eb0214891eb55ae0e059f4bf7d1838b5942656c27899dec6d67b823a981d1e1e0aaff5323b0e3d69a7dddf9b12d7787ab763a3c7a2697ac65b655aefc4bae7e6444850ad2540d5193b378682c77a4dbf9aa22e517e68cedfd1ba32e3730ecaa2e3f6ae61a4f427d6e69071dd62a9bf6c860980c9d23ce1fa82a1937e6dc1ce3a2de096b680d23d89ee102912ac0bd769c1c02095678dbb00b4430428797cfb966b2f901480811e1b9cde358b6d499c9e93f0961f050465d7b0c70d4961e75a9fe40a24e36eaad27238231dae6d0a17f446c16bce7348e669be563649eba9f23be29adb8b10f462780a066ae573f74e51215a26097b02469c25180890e06acc53ab063c742e08d51359b0a39749b84b9f6be44f3ae3da8e5a2f340a8607d4eed08877d007928d332d6f49502bb5f416c46d866fc87477c58a22d3c5932a8d6298c1151daa032c84ad92f8f90b8053b5aa6f690d1bf682f314471cbf200f3d30959e07adc6488dd17b0be5279e727f3237b8b4b19b31a220dfe63882937f8d5ead677608c42a57217f2239614c521d94559290e3b0ed8055d5474e96564224f6ca6389b40a71337da11e1c307dead8e4eb43252cc2f1c49addb18781cf20acffd3db693b02e5c8ecc949b51b99005529e0149a13390615f5df6e0bcd68e1ca82b0173d25134dbf76dfe92daa085d3f6b1e4d18217df41b70c4c40101884c2886495f2ef8a473bf23cb47ab6533c93cb38c36c6dcf6837f1272fc91a6962b6e1386fb643e1f1d71fc75ab58d5800bf4081217cdce0c7ae9e3d25de543fc4444314f32067eeb147c08c55c5c8158ed11729837547f28a300eccc312260215f50e98c4e3d4170208a50a4a4def1243538f906df8476b0c46d3449be73866d463d422595300e160840daf8c906ae4aac13a64457853b0ea6d8c32f4efe3b48c0b1450250086d459648b0ab14fd3f341a4a803be77e56a811e7a26827eb0a1a9454f90bc6ece665904adaa3cdeb2c4847858fd1d79750e8cd45d8da9163784b8bd06629410502debfed5eca3cf8fef0fa6bdcef6efaaf35a1986d6fd68e0f436dca9442077a4818ebda4606a94a3c93fda46e7ef5ccfef656896a0d3d93566b02ed8c3f6174417cdcb99a415b0c6e9816d94e64b438c295b4bfd69e0d9ad52911de5509971b7370593160629b641d690eb2828bf363857983e3b9098fcd15e66448f786f196685d2ceaa251b17ad06dacd614d9fa78ce0a8b9c1c360b529d0bc1d17ba0b70ea8ac1b8d67f6e5770f0cbaee0b38109d26b09493060dc851f5fef121e83e30aab9c3efc2b8397e8362aefea1708f7ffa14d3656f7f7610f3a629bce14648a593250c6f309c02c6c552bb42984ac58db920dbc7d98f59295f37f3e9b99da55ef074ed65801b390366669b4c7aa1c483ffd23082793f9e5cbe30c34250f63fa3ea2cd097593dc67e8d27b7e4f07e73a9f7b33a5ef6962df1381a038d4f58fdbca9d71ccf640b917f631b75d4a2e8ba46c64a6223f99cee30f47c1a935dccc7f054fc39d3498c824e10cc3ee337e781a3971f0e98295aca611bde701c2359858914248f6bafc88232bbc27bd85883b00990bba7862fd7a7cbd4c86df049071fcd10d686613ec877758d83927cacc530bed9a596b5b21c6fb748c379d676de7e05719a867c9f934b5dad99ed97dcb4e70a9b6542ed5b2f086d9f56fc9752e788785ef8f7837a31e433438cf2f18f58be37fe8412f6d21a5c35000a5efb862926700079413f76ab2c3e79e20b516eba9d8c29897097bee55157936607cabaac41337ea4cc783c0809c875259f8020e16d5045fcc39ac796d11a82f25fcc9579bf0a010200f5745065175fdc15474ed514cc796672c59637c3c8f236cfc9c0978a3db1194680c58c27746090d76ca09f7c48ee4ee7e1d3cf0ea70dbbbd88e30e8814b57404dfd7c33727a0c84cb7bd468b0bcb3c89b526679c00fb0892d2a5e7a3d73698a3db53fd7d78460cdcf24ed22b5f39b8c00b3506541ae4a5b76fae29c1cd5b0f8c3ce142e0af7ae4efe3fa4c438a604bf4a9abb41e3fef1b9227a7dccc3f4d6026ca289b4b1366d9ed546abbbbd5677c8d582e79e2b544f18dc23809ab753313d84dd10fa3ed2f723f0b46277b8877d4f3e0665e88c50caf0f0708b746b736b00c8c83a7d18500384bd035996aebb7da8f09fd6af9b76fde7fbfc0ee854d7ec02950e76abd23ffb27a6ddf1772465016c79b98a61bd3940547b207b6507e32cb9761a5604f0f546834a8edac7ae06910045de218d761a4accea886188f947b57bd876491709028e2e24b075d6b022b51af1880ca16a8c65b7c69e51b2ad580ee058acc0606f0a3a9ea1cd4342bf4be602e941dc4bef1239bb9bccbc8098a6a17d63186c6fa75ec44b6e4fd38a3fe49c5eb995f0cb884e2f3ed6be02515fa605b98453ad935682c3bac6a2971bb68f4094cefeeaceda92dec803ccd3d346f8b40b48f8f489e118a17367801e85c79e9b3bb5d73ac44a8290cdbf83a154f2f125090d42e1a1cb72f5ebbd42da46c7a4d4b9fad9612a4c800de6467ceb74f831e1395dfbf5799a3429ba34754add4b34b5960a5fee8f752dae78450322a1ab3d7102b77e907fc1eec5355991e0c7d6c0866660e5436248edeb1a37c0e769a0764cfbb6354332d6e55103b9235c84eedaff918af3f0213c435c32ab409a4b5c7eed8ab6ca9e313dba459bcfa3ee92e7d669be0526856ac3c06a57fbecbba553a9cb4655a901d98af02b74098e478076655d325bd7639d73d7ae00c62fdc361a997ea4ff5b0eba33096b12f35cc7cc0eea62950b912b47c11b9fb386a47c4c15c0602d304b2541da889cff299a1fd415e7e25c70ee4cd83feea7e6a9c50c75d9b128458513d61ec5d0299ef8c090472fe0850f384938ed44d36f10cc2c1d31daee3f946a2fa18f9982a988fd6ac973b1569313ce3c8ff5746c4dd85a241f1e9dca0e904c091832ca028533a3e34c184edcc510bf22a27f530bdca3d057928a96f72dafc73a9aa6dbf2552598e468735cc5736c67a620e9455483e9cb2108045ad80569582ea93a53b491e528c8df336fb326ad74317bc1dfb8ec30a73af01a5dff3e437b7fe48ba5dbb3e8f01ae0c6fc28675a415f23a796bb6e0ef0efeb4b14cf20d4ad88ad1966da43a76b454dac8687bdd97b89b8f8eede91eb34ca4a0523ea65736ae39341fb32b9b716f25662a37382c16f3b9c346c84f03bef54acd6efb364c6401b07b3f7679e8e7f8c9b77b75e6e98b90f4df88460f1978d19744eecccb743a999aaedd00b5a94018e9d5a56bac9d5d55f6e93bad52e84aa7340cbbf98d56213d9dd3e1970867e3972dc98e61b3cff40b64ec49463ff79a41c82dbbcaa37a82b761f432849aa83a3d3c9a209e2207b87ae9ed9959ffced165fcb0d8873668c3cd8f18ba0f92f7acd2bf50416c22ce11692bf6132eb9f558dc789cf9776da94e48cf48607f19d9a11d5df4db11dbaa67a1d20e9f0c96f5956ee3f906e371c489efc88b0c1e56d881e7bf8dd5d6742622eb873e253dbe54f2e2e6d0e6136941de8c23e9a632727bb5f88c23170316c7aa0df28d8d07589dd6022828834f7ea9b4e5876a1704944aa3186dbf89e0e81767cfba03bfb38c55a9945209c4dfd88272c49d1745dce5ceb40f0a6713b5139dc2fb87a8a4888406d2610b7b910a9e5782ef0df719028d8e50a40a269dc9bee12157038522d06537bb31fc87d21af9ad4b2e7e127bbdb313e0a116010f65126cedadd4a122d15a71cbcccc346f55100e354b997154567fe3caccd50251d137c58fc3a2048dd5883b6af9248b51040c01a80c051b8a151a8878edf0304b5554746d6116b749221a1d0082ac925e6e140f0c3b6a180742ac8a50ce0e93e6399102f151d7c14000369ff52d0b537fdd51bec99e7271b1255c6fbc36d83408c417f6825a8e2a58b9054ab2c3ead69d97ea9947fec32d720653c123ecf51a9a3f0ed88743e3fb7b94aea59d0bf0219ee50825ef220554312cb907edb90e4d85f29e316ad57d3b90d859391fcfc63e6c0fd3ec27d4e1efd6e0b5ca8165cbd6af25ed8792d805f27fce308ca1d51335ed5d727558dafe05486a6f9149b8d3bc022026656714222830be582889e6800c0b170e48ebfd069e711210e4ac7acf07652a6f5051507de68aeffc9540cab5cdac84ceee46059ec23820c04b127266c0bf8df0d2b856be3377ab42592f495980baeddbeed3ba707a85dba64fe36941eefa8fd37204ec8c18df3852febd2b142b1c9a5cd0f9e424cd408ceb7788270899fd793db99ddb8f9ca8df550c513790d8bad37a1d1f4a62c4527bb64c677462c9b093582decea70c7bbe873095536728e7ce05d5cafb5d166a1f03055e918f787fb244c5857e3d7a1009bd37f30f165564a082c1510ed19bb1633811a76da70dac67641c2478c6b335f409ef54a2d0f370c9510d0aabae3cb998bd023778375cbf9cf5ef125afd584c11efbf40bb51839aacd3016e5e4d79f134245f952dbad617c78cb6f5712bd9c0c7e1303db5029640cf9b56e29329c3e6a9e0a2371aac1a437b9b1c4477ec9842aa80eaa22c5eac11b60c661de6ddbb088e844293ab8589c13d938765bbaa44301e4137148dd0257bd4c8c766c5d3bfe53671e9417cd1b52f622870ffd90f4e17b7a4ae1b5601a2edb032e353bca652fb565beea6fb0b2cdcadac71794c662677fb1dc81d116d94f5eced526b37c004b95284cb6aa2ac415754a1f14882595dcf4d3f1d905c6e8c12cf5a9d23d3ab55bdaf9f17d2f03f933e1bab89040753648c426b072b73aee8c2fc0d1c03fce2c656e20d4c96803fb2ef471b912267eecb4d6f342d3513894b94d77767823fe0c7438e51f21bcf16f0e98b94b23a10760271281cf843989824f7061bf834f93fd8d2090f70e939700dcb4d8964a19da39a9601a7e0ed9f55f567fc7d5682d55a9ba0e68861756bb549f2f17c10ff6bd2042a80477f89743d3d762f1dfaf230bb502eab6f4c46b26135ff3bef5faa179bdfbd288e3cadd3d88d8012706e19b7fcc6e9cc2699d3ba0e624e715599480d6b7dbc6eeea0d12a9236444b17285fc7794040dd40c2b2ef175f7f3641664fc9bb7ea6d7eb3489d504f8013d64a23aebcb5ce233405f5ade067dffff253f27e926431ad806703e8fab23656e0b7431916d8d4c72a7d831e3664e5f30839c76c8167b76f3b2dc75a6ef48df515e06ea54ca51de2fd9c5eeabb1610b7eef06a2f3167859cf82e1a5b76be8ed8beee2bba28c3b15af6890d7a37226834ec9f63306a0da11aff918753d8b83fe7220803c070db98195d6d18357233f5504a6e3bd6f30115d3987f93aa5d89aa0b8b577d1fed94da057a6f088233efc0f44f86798896eae9ad0b20c8c9cdd9d72a3f02213f6797800894b864cb44fed009440fa5b0197023929f9bad16f052cc2d87327788a68b9209f46fb4776b092d75713048b5453ccd699d19cafa8e9a93fdab0f0863711916efe3bd81ee71b8e0221e12e9ffe2f6ee1a4dc1a8de6e593480f3c05b3691e916a4a7ca51971eb2f0f693dd10f6b8468f8cf7bcce285938b5a0a76ef86acfa2990f88bdafdc39a065db17b845028ed2b7a9e331c44217de20440e406868f1eca818d0be20248c2948b8f4cb118b2e456e585949139270f57c54715f3297bf714aa7c5f72ed8ddf6a074703ffbf95e45bc81a02c42822c22d2b718f2de5e03d687a4b18d605ef5ae75f9d43c8cb4e77aaa0c0101d978120f29574b22f52783c667f7daab3e1f9cfacf2e68e94a24918e3fe2c4f061deeb64891b5217fe5908e7f389897751839982b7fb736fbfb1232684e93123611b7fc8fbeb74f8815b5ae13240051920f3b6ed34483ff673c467ed7f0a8fbf619796e485affbed0697415d2d0598ba34d5b9e44ffd12a5edc323883a2e28efe9baf860324f2d2016748503eac1888213926b0e0f0335a4b51820a2bd3b42d982ec6ce307b453b6385aed7a735a1e98479394147c40f01c532926e10e1b26a5b395bc150ec4b4daf5b1436bd0baa225583ffc9d9e9d8a354f60fded37b41c7c051daea04e689ab2d4e24d7d07c75c50ccfd6a527e024d1632246c6f40f06b86ffec0b29cf894b665d53d459226b93422d37a8da23587fe884dc3c0f2fb55dea296a9a5b9a0d101f186d9fa6288c912202547cdf958569d2cbf235740eed38d10b0025dbb6de31058e98780d22149c19d4bcaf06dd7353fd91cd1f47e47f45622e1472542be2f63f463d253617eafd4f2ad609f9020884905dd5c22fba53ccc619104b6c0203a7f6c8c26fc80ff6fceb8c0c51600c2e46b4b872e6d597511524545a76cb42278b519d911e6c1320e01682c551e204ccdf91290c52e0836167a5685cbb1af338eb794c10fac92950f3f7956acf28f1ca984e380bcff9876b0c71dc7ce4011d1d0f955da9ca885c6e7bb74c6194dadb0fb9146dd725c8a9574aaf3824b727c9be3fce59c35850b162c17d3013689fca858a0a51d81cf4f30d6a8705bbfe35ff03c34cc7c56aca32140d72c8e8121fc71353596b777b266d75b322c9a97fd2c5d4e2362f19c99de66da7bd9c495c03d9a15b28431a0c051e786fa80f5503a72519e6b419263d72d553d688349c0cf30918eba0622b953a0efce4415c29515c26ba15f00e548ef108afe3f8194aeb965e5e4be94f10df6c45ea5c133a8c3398d09fb80f950b83c1866a1637d2bcc195e05cc32a9233b244cc2b1d4930e66f032cb1163c37b3e58b576ab76de759569797fa9b8bb4fad66aaaa56f09c7a0ce4641d6799d7bb47cf684990ec1e08871458c211a353ccf1285e7429c7b8520180918f7
+
+[L = 20]
+
+Len = 16
+Msg = 8a61
+
+Len = 104
+Msg = 37487aa02b03bdbc6bc62e7e26
+
+Len = 352
+Msg = 6ecd002568bae3bf1873993041bfa292eb94e9ad092d8eb3585be82e8a20cb36a47a06e7a57d301268a4a533
+
+Len = 504
+Msg = f6dc1d2f6b8e126d99939664693d8709513f97d730074ec2794e536d94ede79c81f2b2ecbff3c2c26ca2d181ada2c60050997f3bb087ce48d956c18dedb227
+
+Len = 13976
+Msg = 07a6372c863c7d7c6764e4f05addbbe161762735dfd2d23bf268e2d603cd28de9c369ac379390473e1d3fa7e37af1178cca54fa0f782dfbe68070952b93462ea46c640d43ffe71f5fba42df98f4c48ada0d8aca8753e0731508bc15dff283178ae5c10a6ff132eca5dde63a78d3ac94685152897828eb25a55fdf140fd33fd4e7b03f283e201a1baae8986d25603fb0b2566aab345fb48031d648144dddc2e3556c0ceb1104f348d96ae7dc0152e45c625d21b46e70c31f250c858aec4ab2cf5e79d8c79b0854e0abf5330b9f044113d306161968f4ad6f0973160c9dc296056d5a11523ea2b56fbce8387070fccc639ec1c65ec663b9dc49aa880dc4ddd3020c9d44ff7e8cab6266e436af19b4ecb82010a0f8f9469ef380034a02e3f50051a6a3f233dcfe9d553459dc1bebc538ae0183448c9405c351271dea808d908480e61e9793cca111b4cfb9874b799626a1bd9a0f6e0929ad51b97ad81b2438f5fc255db3a3dfec9f0d8393c6b245b03d3faeb58021db3ad391b17a91174a66db4feef1b4c889699bcbea7928f4d29be2d47f76455c8cb1dc7da9cda41962a28ad8cd7b39965b809e7c7eca1c6792c1ce1c8a4cad6290170e91fcc49fa5ff64ab433b4aa081c8da2d9bbb072f9f18ca455469b946c877e3006b34ffd2219335b30ba2e0980f43cebfb629d0b11fe70dff28883ca012c6ae4855fcefea20a08e189eaeed7eb36ed6db3835976f4e60053205805727c5eec15d0e9f155637a9e66268b9c1c302bcaae6ae88cbb8cf1668a487cc996c4662c4a4e195f094cb31c717165e0e13718f8388957dfe0bf69c70cd0bd763dc38c530b67b9c12244fcab8bd13f602de848a2937699f9ef77944e5f22e3b470601789e1838fbea9359c733aaee2c7082b02ee459b7684ef9bbc200da4b62d368351f5520a65ffa506dc9b097117bb7ae88d04d85fb525e91327689ec0fe86971480c0e864012b1e9f044c7d80a4e48c07320dd4292086e4c71d4c98dd826a9bfced112bfa2beb1ce85cad204451ec45703931bf637d4fe89fe8f485620b7f4b21e011a232ade7a8c92be77925e878ae0bea9723749528fe83cf89ecb9616dae6ca0e8d5754ec6c92abb21108c2f33cdc18c6887c430b72c5b193356494cddccc577bd4c2cd53188f352846edff0c2ac7869cb74bb16a77c0f0f194a7a9477ae15abb890bd0bcfeb0c39381a87f1d05319c7e971c10e9ef687f96450b400e25b4285032892b849fd5db8649cedfb03c88defea063ee144a1ab1f3bf05f59c7db364dc39c11a446c3ce16307d78d50315ba29f5bb9a57438564c8c7b3e367cd37d74b2375a4966f47489dc5448f4979428abd32193d3840aa983d3020a9f29d760fc7493ab2576c90b1934b799c1d0d55e4f2caa78f4ce61930c79dc017c2dea0c5085d73a3b0e4a6f341e9a5061a6658af11e5edf95bdad915ac3619969e39bee15788a8de667f92f4efc84f35082d52d562aa74e12cc7f22d3425b58f5056d74afcf162cd44e65b9ee510ff91af094c3d2d42c3b088536d62a98f1c689edcf3ea3fc228d711c109d76ae83d82d6a34dcfbad563cf3726519b519fd48b51741aa86720836494b7a589c778927047a25d73508adaa401e9a6c0767a675e31c5556cbe35fadc9671359b45e985c3c8af84113989b299ae4474b85e4b5d4b0578ab1e8a2915a8df97c4f52a639fe32272cb91bbfb721505dec46d51383cb8973425a714245c2e37d0577fbe0d66381d9239db1f08a380cf609dc699698e0fada2caeda44d58d766c4f8214b10642b80b8d7d8add7cc41d47108ab7d07dab71069a2d982cc900b331caec317942122158bac6eac9175c2dcba0c04443aa9188832b553f5ca8c336880824d6bc02486a2b4c086665d276aafe3b1b93729829adca50c44466fd5b5cb977aa78fbcf5c0f0da1b09216468a11493ffb39efdeda5d669ae92bee2f2fb250aa1b9cbb11c36c7a6c6dd26cdc3cfd572ffd8c1dd72a13c27a327a34c6b6b3d80fc6c67c72152eec0c8ecbdc1bd5cb829b811e7f29af6d786f4e93dd4c96fdda295a6aa258d7b2fcf291c2d68e0b1866032475964ec0c6f2fa8c2d6a3936ecb187350def4e818507bf157c0e9b33406be7660605af14cccc9c799b4e051d0d0899e53495bb8931a6e2984bc6dbe4e02ec8b4642fc2f1cb5fd5a5520b48cfcb49e1f9533838753554dd98b6a1b8a67409279df477330e5f37367e06247ca5c3ffefd00e693dcc0c9c30754121c9ee88a574915b9e77c104fd2f921c2c096573951407ba9b440423d76bdc6fc978237a6e302cede7f99038ec31500884775556941f1edc30e3a417b0e02cb6fb5bfbe5cdfacf4006411287bedc565fb06f1be987416407dc852254934df4ab59edce476f3506e65be6ce6ddf91038642291fb8e92ba5b1f0b105670905a2c14796110bac6f52455b430a47b8eff61
+
+Len = 48824
+Msg = cd8490c93613bdf1f284b94b330f6d6f45a39c651d2a160b340e2eb696fc6d1c35e88872845190d141c669de92a97daa5433b1d7b0b899fdef2ce74b8fe72a7296a5b5be26d1dc86520367c730c7400c2fa06f91ab4c48a7bf4ae35a5b9acd5296c4fdf7451b0ad9cc439b4e34f11e5d7ef2bdda376f8dd34d6f092b219dc085dd4c4a6308b8808f588eedbbc7af7f64e83182fc7ca7cf4741a341060a7969d31445834c982fa8739ded4555108acbea1666a83da17f77cc42ee73323eb53203e3b790f81c08e94c44678b6538096ab7b09916e6cf7ceb2af85987f8e4d982dff1ab59b0bdccaae1f405a73366b5c5935dd0b43e2d2894290ceb66a0246dc02de728c5bba30255fb56ce8107c3144246c5156a8fe40ada9126adf67227fa56b66c37be63f532516211ca012977b04a97916f201f1baa2629eda520b51508ab4229df2ceedce406dece0110e0a911464f69e7be38fb91deba0addcdb3161d2799c628f5a57fa1dc37357c947681bd9c36f4832c20ac466c0c245de3b250c33282ea1a02d007f03b34ed427631283eb614db4d521f555136e7e42b4cfbee8134c63dbe3bb79b5a8b9f9f5b9f5ac61cfab1c54d197f1e3ba613f251eed616df952d691b88a16466343ef2d0f63882ddd2d55b8a6786308b2257f5d7b38af166bd7f1339d2d8899c9eda8fa86215850ba547450c267eb3c9147d96c38161a69d1584e521ffa23384313a1debcd37f72ddad02adb3cadce7ee34b7c1f42a15d0d030487daf9488aa7562845a11ee7ffccdb38b300935caa31f78a4ff3dd93403cf0c6a16ca611b58c736aafd33d6dc56f0f47878211d26f6ab801b9453a7f74b44593dae0f047ddbbf2c902891111729edec44f69a05944b18e7a601f41ad24fd6833da3dbe3029bd390de7c9841b2ee2b079b2bd2737518fe1bbec88da64769dc36e4a8bf716c219b2fe059d7dd220c1ed2c59878db5bf8b198e0689edee921ebc0cd2d3853fcf57c363050ce58071c5fda6ebcfbc1bb62e9eb956286291a108bdd4191c4ff47900d6068e1ea26b487649af119b9bb15dfed804836f2196cbe12d8fc86e3d7ce89b52ad49dc9ddbce5b370f73f512bedd853039366612453733740586d1372143b09f21dd4dbe1a2bfc308db8e4098c5e4b0c1e16141ee50e85fafefc4e2529b3c7252af37aee6f86e19df28871686107d7d57dcc812bc077602642d2ecefdd5f694b8f336913210793e4068da2178600b1f41cffb5221c9b4b6298afb47e85701d7b1a44241679d8996f916c81ff437261cfc358b9ec42a2ce16ca3bacb8690d6c1d91cfb3e0bf1e7ba45bd01606df856fd03c7e946f7ab371a89e1fde86d05fdd97bd7b1c583b04c2ed2b5f6815a460645e4e1b4e950bf6bd81dd0352d1048df85266f1696534aff5b1cbc17f15d82cc8e0c0d4f0453f9439094f8e0f7f4bc045b654d9a2f1f44a9c57019f63ecc41021c05b5380675cb56ea8bb691d79ee204d2c4edacde3c1fb3f4996a11d84b035f965e74009e2ab80e2c7ea3c84a834d4971a1e9cf423e4ea67ee526eb3c3e4c2d7372c4290a0741e1fcca5ae4cf36705abe98ac81e98a5419baefcaf3093a7e0449ef1021f88ffb7ad21b2677e41cdda12025b06542c4b2564f15e0b99db43b7c7020028bd829372122cd910227cb07c53cb58fd9dc620c0491f3e2bf883fe6ee8cb1f5b73767977d857e4513e8b5612f6ae4b56014e6a3ad2a065b65472212e2f611743484cfaef860999d1dc5608c58412fab888ad72bb87dd9b55b692f31e252daf8944ec5c02a5a9c23903c50dbd845f2fcc3bc9806af13ca7b025cabe675195b1d56f3fe7d7bca12530bcc0af217efcb03a218bdb6f9726536ea902c8303b02e3ced22be59753588b5f0e2f3419fa5345a942dbcdf3010465384a225ba26cdd0f1d74999c69f336bb6d01fae5cf81cbb8c1a7a29c1eb83ca6b51113bde56b8cfb6a5d72557622a37f039d090a689accd02b57c691174338de8e05bb3620c079705c969c58e56b079dc9eb44eb0fcebe548f5a31f4072a5ed56a2f03107bf40a359b2601eddf53cade66f294cfeaa40a0d94b9c90d15f61852f295d3911f8ea914d015885c8c64540a83badf0021a416c3e37b78236a2ecd1fce4114033416bdd3a36c18ec13250ee9c74c0fc4dd564b3d24a825802d5ae402a53bacace115ae3bbb329be79d1e5e42dbaf0a6446431145fe49b86a8703c7c41f8985d54f12e314c16ff89351d8addf66ebba2783f2d1a11965182aa0b0dd2de53586c5a695c6265c2b173958da648611090557bdebf11a1e042f089fe98e049f4796c60d26be38356fe020d9ace9008410d53a1bb7db78b52ee44bac364213f5c59f1eac4e3314f3423b92fdd7a6156608111ac6ddf58385ec1f3df12061208db98816ac948d803fad10d5ece2018c60faa13de5e5a9033745c824932e53f4122a39f635813545c1b74732cd55642f19ed6deca1585ebf7242c849bde981572a2199066e9c912b2068c8f1c8b936c43ae95c6e22bd7b80dfea05f495d751107da5928e806d0af905c87b5a0795df146af6580d8f9c6a0e2645686d43822ce9b4be0bd5937c097917e048b5af71c7e7521d490f107e9231ee5bd9fbf0727ba87774ed24cd52f471ffb71849ebd55605996515bdcfe95bb1df3541e7c42da4166dd01ec3597634aa6455d15fe14af435e8d7a55ff1682d55a2da867ae63d11fb3fd987fa5d7032ecefc35d3fb9570940e779e13da18070e6df5292f97f2a281f9598101102c955fe4808a2319c85fdef3d55b19e05bb8c2d3da64bafb67a53491513a24f6f0804aa162c8a7db25b38089373fecc45a0eaef65dd9be3b4b7f9436a5423fdcdb5a9b60138fc6a2261225390d9ae0d8ab7f0f7ffff69dca06881d33a637d634358abebb333df41151f239add91abaafc89070cb2159ce3a31655c22e4696c9fa7a7211d1251d4bb21ea4a321a3dbebc29d97f526251e40e548dcd7ed07587719a266f006179dcd22e50b3705152817057b097b043ad63b8d867edc20aea9b4c959ef4ff70f47128cfcc21e31f17978ecacc366f459ac1cc459a3976e4173ca322675f84f18036119ec2f204c3fb554a0b72f7e9d8c882ab147b3d280ca9dff7b9160b1b437b901f03cbc05fe05c6f44824b48aa8da52ae7dda1653fd500f9ccd221843cf76513b3b74d094f14d93a00d7cb954bc4cf2f04f9a35e38edcb1e84f62057647dcb3571f1dd296ca1e049f1746a8a282e85138500e7649db756b2d2ad88f11c471c89dc6be2cd43481013b8d0ae83da2b855cea7be424f8b2325b1850d1fdef03e765458df4513d57c72ba9751e1edc3c4e7f97e3202bb46eec7be89871ba3704aa6c6fc08851e551a3f655fa1fb798d12f003faf31c56b6df399a5dd0ed29ef9e4139dbc254bc5d6051840a859eabaaad56324588fae881fd638d2b70fb3813402df61d941ab495588e5fc3823249bf9a03cf877902394f512de118edaf98843a5445e9073fcfa409df3db0221f1c77e2dd21e74f9e10c9e180dc4ed17010eb949c6d67a22bd5337b2c68f9eccdec778ece728e91353696b742c8f5a3a569f054efb8c1ed478ee9b75e26c768a5816aa6bd08a4c72e745fdb5deb34ecb86b3a84346c1c70f9c16fc45bc0421f0da2f630912d5079f390cc53b78e343310de722b53d2a3b4aa386caa0d7e91986e19c3363426ba30eb5284293af81d00158a3f5233327b40c3b989725ba7dd5b31ac7abf8d3e0b737e843065cd7316dc2f374a00bed4cf9caa0d6e232c854df1bc24c3d484bc6bcb14ec770d5745474dc6ac3b3ddbffc551c9fcc2c56a5e0ae17948457c01e701bf1554022bc2b7d9dd42b2b91172fd85e6874d2d61fc7b3bb3cee2a9bfec09f6d7e98279c6f511f4140b116c856c1438e34bca59fdca2409f025b896a52d68719bf93e82e7d89bbf798991fda0af8d06d17f39eba4bca09c1fe594b537ad4c9b94ab52c895539d639425f9146b24b016368a638e5bba391bc8763cae7c52ff9c496884f1d84e5e08ed451358ecb3c4919dd410e82cac35ae744078287c05c89b42999ea6b8b127d40d53a5722d45139e8bc507a11e7add7fa9ab12cc40afeec008a4668e3e6440f27bb5780936c0e3668ac51262390c79b3f21fd041cf36ba3522f3a552714ff188bfd554c60d0e7d11213cf7d3864a5175d4047c2f3284741f18ec22995a5b82bf62190151bc1529c6d9927f9b0c1dacebd9c2dc406f7f64a973f9a70cff6e3abeebeb46514bbf2ead382f7262d46bd43d88c1b91a9011d1f8ba81fa536a7162aee2b2ec6fc0f2d6efc87b98d2e41e0f946969da659c21053775ece415a34d42b6cfd5bc52259867b411dfb991461ca618052309ca9c96468c2da12dfab0e822ff3bbe7ba281982a239ac19c47024fe1f0e3550cf0975add1f680a9dac9b2c4ab0aed4f409ddda6765eb8a0a9d1e9d07458c69ac8195541219b18efcd06c0001f2ae7fee2d404666a18ca3cb3aa4f0623e86c5b1229f6c2ca28d951111294b91edc52730b6b2c46e000672a7c89b2f38045bd3e37dbb8a75e18687a514dcf740c87a34834d3c3cc8aadf6166ec0c42d2be92f90a3af49633ff23cd80848ceb57ac550eaf9ae496bdc6a2d7cf50fe107895b4a1ed014f78af24eccd6a07420f1dc0df1e7c44b4ba937dd43cab9c798371b148325578d61931766af02b45054bdc2d9fcab2f4b49092f6fff7c27886820739d6140a4a905f0020249e8ae8dd87da1a1e7b1851eb01045aaa72dc8a2bf68055e7aed41d85336648a3405195d2ab61b0e29a770461f32fd05e14c17d72c5252f026a7b9abe7ea9176d3c46f6ed9fb716758d97b41e4f5d81a24538f763d83eecafafc668422612b40cfc32b3354b24755fbe400a2bfed494fe6d0ba0051713b776e67e2f1915e94708e6dc74b398f2f526933aad8fe7dc32faf40022606aebb6e0756b994c3176fae7640ee06d6c67bd54764c4752f1bf831f43e0227cba101174c5554ce26400f333dd8e9f6db1cdf670ce407d7d06c3aef4c0724b62edc8f1ba3e04f0e394d15a73b9255abb4d6ac70303dcf9160d32dc02d4804219ed5c7e3b48402e58ab2f58305f9bb95d2a8759947de96328ed5234cfe7d0b2a9a014df7e4cd0ae48906315f139b8635d2e6bd4aba32e62b8906cdfe5622c411bf0373d0cb07d17bb2bb5b83eae4401c243605fd1df759fd0ddc704ccab5a9776c40fbf6bde0f11b9646c699f26063a9550ac228c9884c277bcadcc0a2c225dc203e28e253c4e464b23d2529d09c7b7dd3c984667372472b615645f294c4e3b0797f9d1c234015b78502d98bfc04f1fa2f16cf3e7221d5794d035e4b172a4d84e679cb1c82df2fb49d3c6668eb1661bed56705096c2371a19d668832808eedd9e5b1256c18fe7ccc494e5e29145d453c553ec86fb7f3a634d0d45661875f2f1005ba5e734c1a976f37cd23450e4606e32d027bc9ec2edd9395e14b2082179bd7b4f9b8caa2d00a2de71d48553f7d4153cb56a1b08f11925e4b11c9281744ae9171f3d6faa3ab3f88c5c34fd23e4f6efeceafdcbc07686ef56efa62c0ad62f1cdcb4d3b5bc508c1f05263bc347158fa5495828f34eb7fcde98fefaa82bafeefed3f4a58968d751c051b52e0047f066de5be533bc3b1e439ab1c8602f6c67503803c8fa113737cb8279f358dbacdf45432b7a654d0e1122cca93420e956661d7275181c75b0d9c20e84c7007dfc49f27bc00007cf4ffa631c892981fd70141d532fcd51de5c23fe0b7a186d0dc296362f235d61698740cc315891cc9342da17843bcde274c17e462263d0e8b4832dd9075a7bbb443d4b26b41e534ad5551ed5ada102175e695363fb48d6b99ac978a3aa6f405d87f983384ce35740e930491d75675337c5dc081e3d301228e61bde5cc169968e5b4350cca2b085f9f75cc4b88497a78cd0a0073d90246c7dc102c7cbf3516498e8a41aa85d8cc5bc285ff66e8338e85ca83fb6889e2bccff52059bb9e92e92c155a349952680ffd0a3c346061a53fdf074417fc90c4d1af7c2acc3ee4b080752cbc9455ba5931b7e910f1e4af0efce905d2cc9c685923ead387fa532c0e8ad92719c76c281cd010e1acce500ae1443838b8afb48af032069dd07aa4df0d56bcb70a64592633699c8658102f1fbca441325e27f1732a7a973d8cb3a0684d72943ef6f1892f2d7ccf39bb6dfe5801ab98653bdbcfbb787bf125253be2624f6cf44177d588bd7b780d9e3f4e3a4e50b8a253fa21abce6a94b9073289c76773b46140f5a6e46b9de9ec066c176f5d1a69f380e1901216617363362d13ebb26ad74fb008ec08841550ff14ca800a1ecf2e007ebaad9f4e0d9664448d60ac0d8544243129fb81c1723b9b4bc2ee971dff736d9fcde0afbfbf5c50a4cc06a4c363998326c17bdc9e2508651dedd9a2a52bd87f8693cfcff60753acf9716c526e8635f12377e36564ae55d0fdb3c7997ec4dbdaa5b4d18c7b660acd95060831795da7d299a5a8d8cf9e92537dbd3ef7f56aebe38fa97c41da6bf0572a0270be7e5a7dcc0be3529339464c811052b65a938e874ea6da469c7d8992ce0aff1c75e82d1621ecb967213c65f2de582cb41de3804c507ddfc708ef3f6096ba4491e431160f98de806d0f334e03cfb7a3bece601099bd971253f3aa0df845da8b478603d5d88533d0cab9c89f2dd9a1404cf8939ffdda652a94093865a85fce2bc3d7babcff7b9f3306bd76b9af80c78ad518f89ee73b7a710da604e72f4927be8d65d06be2e0732fa786a83e27597cfbed9bf98df445499e0746b9f2cb9659ac0a9cef433148521f33b1d78d13c8441c0d1e20fd93ac450a3787a2292bcbd68cd1f961d34937be9a21abaf26f361bf53aa0c095e53c51f3e04d567eabe6e40d96a17c2bcc9230b18f7e079bc549a314b4ae21d30a3341aa205bc75c7f1d21b0a49549c300faeda243d0ce18da5e66c5b663cd705005dd9fea0a9564174abb797d64c58fdab1fae44576d514b75eaa31c9278b15bf9b6df7c6c2873d7a56fb91ab77b83761a09f9e1ddae535622fb87f7462256a60dd39dd3ceb6690b0272920b635ea639daf24f95462c523e5bbd8d8407c61163ab38877d5edfa04c2a78d4d240523ba97c7d01c71783f8748e85164b4dd08c25506a4ed18300b42b7bc6e417f512ae456ceec2ffc83190991a06d4a58ede215babcd3688e1d61f1975016244e80c88ae2aec05c7eeb1c50caca72b3b415b6b870bf5e10bd1ac3ba6b4acb1d1afac554444d94c97e171005fa4ea9c651bb4e527ff58d0c2f90fb453a92d6546a26e9e98395b09e8471bdcf2a145aacb649708cf048a7856ce8cf390c107ff2c66efbf2a76c5b041860ea576103cd8c6b25e50eca9ff6a2fa88083fe9ac0d1fb639c516b9bcdf23c34c6145a705498ff9b9747f15e1c08c63da6efeda4eca02c3f00dfec06c82220c9de840040118dde76be788daf84e6a2f44c81fe6defcc474f99c51c4648d297cbc48f081e0809dbda505d020cbe865e430e0491644ec8c52bd3ab8ce8c4862990f49fe2588caf804ce9500ef42d5a50c057c257168e283e4a4aedbe4ccfaf3eeffb212f9e23d15434d60bf4f455f512e2b655aff3225d1b217c261110cec0400f54dd303d6231d028c2eb649bccc91d30a6391c88bff9d447c3cf35a3467be5957e0ea4d4dc237c9f2c68ce48f658f820a3d72d559b60f233ce538c92cb148808e34fedf2d648c21e7f2ea29a77270c393bda42d869351d6c085d965dc12cbfd0311b8bf604f4391d378781eea3b5f1e0da9d0d8f8de88e56fe47d362cd46f591d3ec0f7cccb85a21f21ddcd4107821ce0ca9ddf99dfdfd9b0c9cd45053e5b1b4385bd8f5b227ada31b5c23e9420014474e8b4494fde7c38edfe70994d97b8cbdfac588df49a49c472fcce78cccc051f31cbbc1e0422878d8d490f3aee28adf1587c38fb7e7d1be54abeaa83cf54b633803a5e669ff4295df8735231ce39631616bd05e0e31117c722c2fd6787003b0bc7fe422a089c89329544e085d71102c1813769450a9f66f160d1702cdb17bd2c6fdf0f722762d193ce83623eeffab17b01b10a31db6e2feb6eb3abdbb2e36320e1a56e44e48d26090afa7f65003a98cbfef590ac3ec89b3eb230557cf6aa566e841806aa2767b21bb26fe001f11ae039e0c9a4bf1bf3d271960f16158eb5bd9ebf0080abd8369d512cab2d1aaae2b14d0ff6ee705a38fb0c801a98b0624cc138fc24834fdf430f33e1760db913da3290f34415c9e3df3e97da1780545ab68ac5a24db89f24d62f4a399728e4144a8c89f47ac2d29e30c49b0bcf790a5e3d3fcd1943c6a28f37251d9dd827a69579e6c17b629c927473b5a07b0a29d9562708d6c8ce576109ad1a3473ffb2047eb069beeec24c114bef392c929038c92abd0e6a19b610e27881361824d57008b7373d0ab76379570ded76c9b8284fe2c247791073c29b2fc6fca05019220ab92856892d3c0dcc6da0b597fe559c162d060d71513ebca050d9638164b9ae271fba5575ade787ec5aee8fc253d1b234b1df561db3e36ac64b9b0100dd6b407043537b2b141f
diff --git a/src/lib/libssl/src/test/maketests.com b/src/lib/libssl/src/test/maketests.com
index dfbfef7b1b..94621a655b 100644
--- a/src/lib/libssl/src/test/maketests.com
+++ b/src/lib/libssl/src/test/maketests.com
@@ -586,7 +586,7 @@ $ CCDEFS = "TCPIP_TYPE_''P3'"
$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
$ CCEXTRAFLAGS = ""
$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
$!
diff --git a/src/lib/libssl/src/test/tverify.com b/src/lib/libssl/src/test/tverify.com
index 2060184d1e..021d701d79 100644
--- a/src/lib/libssl/src/test/tverify.com
+++ b/src/lib/libssl/src/test/tverify.com
@@ -8,22 +8,22 @@ $ copy/concatenate [-.certs]*.pem certs.tmp
$
$ old_f :=
$ loop_certs:
-$ c := NO
+$ verify := NO
+$ more := YES
$ certs :=
$ loop_certs2:
$ f = f$search("[-.certs]*.pem")
$ if f .nes. "" .and. f .nes. old_f
$ then
$ certs = certs + " [-.certs]" + f$parse(f,,,"NAME") + ".pem"
-$ c := YES
+$ verify := YES
$ if f$length(certs) .lt. 180 then goto loop_certs2
+$ else
+$ more := NO
$ endif
$ certs = certs - " "
$
-$ if c
-$ then
-$ mcr 'exe_dir'openssl verify "-CAfile" certs.tmp 'certs'
-$ goto loop_certs
-$ endif
+$ if verify then mcr 'exe_dir'openssl verify "-CAfile" certs.tmp 'certs'
+$ if more then goto loop_certs
$
$ delete certs.tmp;*
diff --git a/src/lib/libssl/src/tools/Makefile b/src/lib/libssl/src/tools/Makefile
index 52a7970455..d675b5792c 100644
--- a/src/lib/libssl/src/tools/Makefile
+++ b/src/lib/libssl/src/tools/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/tools/Makefile
+# OpenSSL/tools/Makefile
#
DIR= tools
diff --git a/src/lib/libssl/src/util/checkhash.pl b/src/lib/libssl/src/util/checkhash.pl
new file mode 100644
index 0000000000..c61fa72178
--- /dev/null
+++ b/src/lib/libssl/src/util/checkhash.pl
@@ -0,0 +1,222 @@
+#!/usr/bin/env perl -w
+
+my $package = caller;
+
+if (!(defined $package))
+ {
+ my $retval = check_hashes(@ARGV);
+ exit $retval;
+ }
+
+1;
+
+sub check_hashes
+ {
+
+ my @args = @_;
+
+ my $change_dir = "";
+ my $check_program = "sha/fips_standalone_sha1";
+
+ my $verbose = 0;
+ my $badfiles = 0;
+ my $rebuild = 0;
+ my $force_rewrite = 0;
+ my $hash_file = "fipshashes.c";
+ my $recurse = 0;
+
+ my @fingerprint_files;
+
+ while (@args)
+ {
+ my $arg = $args[0];
+ if ($arg eq "-chdir")
+ {
+ shift @args;
+ $change_dir = shift @args;
+ }
+ elsif ($arg eq "-rebuild")
+ {
+ shift @args;
+ $rebuild = 1;
+ }
+ elsif ($arg eq "-verbose")
+ {
+ shift @args;
+ $verbose = 1;
+ }
+ elsif ($arg eq "-force-rewrite")
+ {
+ shift @args;
+ $force_rewrite = 1;
+ }
+ elsif ($arg eq "-hash_file")
+ {
+ shift @args;
+ $hash_file = shift @args;
+ }
+ elsif ($arg eq "-recurse")
+ {
+ shift @args;
+ $recurse = 1;
+ }
+ elsif ($arg eq "-program_path")
+ {
+ shift @args;
+ $check_program = shift @args;
+ }
+ else
+ {
+ print STDERR "Unknown Option $arg";
+ return 1;
+ }
+
+ }
+
+ chdir $change_dir if $change_dir ne "";
+
+ if ($recurse)
+ {
+ @fingerprint_files = ("fingerprint.sha1",
+ <*/fingerprint.sha1>);
+ }
+ else
+ {
+ push @fingerprint_files, $hash_file;
+ }
+
+ foreach $fp (@fingerprint_files)
+ {
+ if (!open(IN, "$fp"))
+ {
+ print STDERR "Can't open file $fp";
+ return 1;
+ }
+ print STDERR "Opening Fingerprint file $fp\n" if $verbose;
+ my $dir = $fp;
+ $dir =~ s/[^\/]*$//;
+ while (<IN>)
+ {
+ chomp;
+ if (!(($file, $hash) = /^\"HMAC-SHA1\((.*)\)\s*=\s*(\w*)\",$/))
+ {
+ /^\"/ || next;
+ print STDERR "FATAL: Invalid syntax in file $fp\n";
+ print STDERR "Line:\n$_\n";
+ fatal_error();
+ return 1;
+ }
+ if (!$rebuild && length($hash) != 40)
+ {
+ print STDERR "FATAL: Invalid hash length in $fp for file $file\n";
+ fatal_error();
+ return 1;
+ }
+ push @hashed_files, "$dir$file";
+ if (exists $hashes{"$dir$file"})
+ {
+ print STDERR "FATAL: Duplicate Hash file $dir$file\n";
+ fatal_error();
+ return 1;
+ }
+ if (! -r "$dir$file")
+ {
+ print STDERR "FATAL: Can't access $dir$file\n";
+ fatal_error();
+ return 1;
+ }
+ $hashes{"$dir$file"} = $hash;
+ }
+ close IN;
+ }
+
+ @checked_hashes = `$check_program @hashed_files`;
+
+ if ($? != 0)
+ {
+ print STDERR "Error running hash program $check_program\n";
+ fatal_error();
+ return 1;
+ }
+
+ if (@checked_hashes != @hashed_files)
+ {
+ print STDERR "FATAL: hash count incorrect\n";
+ fatal_error();
+ return 1;
+ }
+
+ foreach (@checked_hashes)
+ {
+ chomp;
+ if (!(($file, $hash) = /^HMAC-SHA1\((.*)\)\s*=\s*(\w*)$/))
+ {
+ print STDERR "FATAL: Invalid syntax in file $fp\n";
+ print STDERR "Line:\n$_\n";
+ fatal_error();
+ return 1;
+ }
+ if (length($hash) != 40)
+ {
+ print STDERR "FATAL: Invalid hash length for file $file\n";
+ fatal_error();
+ return 1;
+ }
+ if ($hash ne $hashes{$file})
+ {
+ if ($rebuild)
+ {
+ print STDERR "Updating hash on file $file\n";
+ $hashes{$file} = $hash;
+ }
+ else
+ {
+ print STDERR "Hash check failed for file $file\n";
+ }
+ $badfiles++;
+ }
+ elsif ($verbose)
+ { print "Hash Check OK for $file\n";}
+ }
+
+
+ if ($badfiles && !$rebuild)
+ {
+ print STDERR "FATAL: hash mismatch on $badfiles files\n";
+ fatal_error();
+ return 1;
+ }
+
+ if ($badfiles || $force_rewrite)
+ {
+ print "Updating Hash file $hash_file\n";
+ if (!open(OUT, ">$hash_file"))
+ {
+ print STDERR "Error rewriting $hash_file";
+ return 1;
+ }
+ print OUT "const char * const FIPS_source_hashes[] = {\n";
+ foreach (@hashed_files)
+ {
+ print OUT "\"HMAC-SHA1($_)= $hashes{$_}\",\n";
+ }
+ print OUT "};\n";
+ close OUT;
+ }
+
+ if (!$badfiles)
+ {
+ print "FIPS hash check successful\n";
+ }
+
+ return 0;
+
+ }
+
+
+sub fatal_error
+ {
+ print STDERR "*** Your source code does not match the FIPS validated source ***\n";
+ }
+
+
diff --git a/src/lib/libssl/src/util/fipslink.pl b/src/lib/libssl/src/util/fipslink.pl
new file mode 100644
index 0000000000..a893833c5c
--- /dev/null
+++ b/src/lib/libssl/src/util/fipslink.pl
@@ -0,0 +1,78 @@
+#!/usr/bin/perl
+
+sub check_env
+ {
+ my @ret;
+ foreach (@_)
+ {
+ die "Environment variable $_ not defined!\n" unless exists $ENV{$_};
+ push @ret, $ENV{$_};
+ }
+ return @ret;
+ }
+
+
+my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe)
+ = check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET",
+ "FIPSLIB_D", "FIPS_SHA1_EXE");
+
+
+
+if (exists $ENV{"PREMAIN_DSO_EXE"})
+ {
+ $fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"};
+ }
+ else
+ {
+ $fips_premain_dso = "";
+ }
+
+check_hash($sha1_exe, "fips_premain.c");
+check_hash($sha1_exe, "fipscanister.o");
+
+
+print "Integrity check OK\n";
+
+print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n";
+system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c";
+die "First stage Compile failure" if $? != 0;
+
+print "$fips_link @ARGV\n";
+system "$fips_link @ARGV";
+die "First stage Link failure" if $? != 0;
+
+
+print "$fips_premain_dso $fips_target\n";
+$fips_hash=`$fips_premain_dso $fips_target`;
+chomp $fips_hash;
+die "Get hash failure" if $? != 0;
+
+
+print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n";
+system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c";
+die "Second stage Compile failure" if $? != 0;
+
+
+print "$fips_link @ARGV\n";
+system "$fips_link @ARGV";
+die "Second stage Link failure" if $? != 0;
+
+sub check_hash
+ {
+ my ($sha1_exe, $filename) = @_;
+ my ($hashfile, $hashval);
+
+ open(IN, "${fips_libdir}/${filename}.sha1") || die "Cannot open file hash file ${fips_libdir}/${filename}.sha1";
+ $hashfile = <IN>;
+ close IN;
+ $hashval = `$sha1_exe ${fips_libdir}/$filename`;
+ chomp $hashfile;
+ chomp $hashval;
+ $hashfile =~ s/^.*=\s+//;
+ $hashval =~ s/^.*=\s+//;
+ die "Invalid hash syntax in file" if (length($hashfile) != 40);
+ die "Invalid hash received for file" if (length($hashval) != 40);
+ die "***HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile);
+ }
+
+
diff --git a/src/lib/libssl/src/util/libeay.num b/src/lib/libssl/src/util/libeay.num
index 56fb7446e0..4222bef6d6 100644
--- a/src/lib/libssl/src/util/libeay.num
+++ b/src/lib/libssl/src/util/libeay.num
@@ -2811,7 +2811,7 @@ EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES
FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION:
FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION:
EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES
-FIPS_allow_md5 3256 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_allow_md5 3256 NOEXIST::FUNCTION:
DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES
EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES
FIPS_rand_seeded 3259 EXIST:OPENSSL_FIPS:FUNCTION:
@@ -2837,7 +2837,7 @@ FIPS_dsa_check 3278 EXIST:OPENSSL_FIPS:FUNCTION:
AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES
EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES
FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_md5_allowed 3282 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_md5_allowed 3282 NOEXIST::FUNCTION:
FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION:
FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION:
sk_is_sorted 3285 EXIST::FUNCTION:
@@ -2867,3 +2867,41 @@ PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
PROXY_POLICY_free 3308 EXIST::FUNCTION:
PROXY_POLICY_new 3309 EXIST::FUNCTION:
+BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION:
+FIPS_selftest_rng 3311 EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_sha384 3312 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+EVP_sha512 3313 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+EVP_sha224 3314 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+EVP_sha256 3315 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+FIPS_selftest_hmac 3316 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_rng 3317 EXIST:OPENSSL_FIPS:FUNCTION:
+BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION:
+RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA
+RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA
+RSA_verify_PKCS1_PSS 3321 EXIST::FUNCTION:RSA
+RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA
+PKCS1_MGF1 3324 EXIST::FUNCTION:RSA
+BN_X931_generate_Xpq 3325 EXIST:OPENSSL_FIPS:FUNCTION:
+RSA_X931_generate_key 3326 EXIST:OPENSSL_FIPS:FUNCTION:RSA
+BN_X931_derive_prime 3327 EXIST:OPENSSL_FIPS:FUNCTION:
+BN_X931_generate_prime 3328 EXIST:OPENSSL_FIPS:FUNCTION:
+RSA_X931_derive 3329 EXIST:OPENSSL_FIPS:FUNCTION:RSA
+SHA512_Update 3356 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA256_Init 3479 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA224 3510 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA384_Update 3551 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA224_Final 3560 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA224_Update 3562 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA512_Final 3581 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA224_Init 3631 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA512_Init 3633 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA256 3654 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA256_Transform 3664 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA512 3669 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA512_Transform 3675 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA256_Final 3712 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA384_Init 3737 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA384_Final 3740 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA384 3745 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA256_Update 3765 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
diff --git a/src/lib/libssl/src/util/mk1mf.pl b/src/lib/libssl/src/util/mk1mf.pl
index 957264c6b5..05a6086164 100644
--- a/src/lib/libssl/src/util/mk1mf.pl
+++ b/src/lib/libssl/src/util/mk1mf.pl
@@ -10,6 +10,20 @@ $OPTIONS="";
$ssl_version="";
$banner="\t\@echo Building OpenSSL";
+local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic
+local $zlib_lib = "";
+
+my $fips_canister_path = "";
+my $fips_premain_dso_exe_path = "";
+my $fips_premain_c_path = "";
+my $fips_sha1_exe_path = "";
+
+my $fipslibdir = "";
+my $baseaddr = "";
+
+my $ex_l_libs = "";
+
+
open(IN,"<Makefile") || die "unable to open Makefile!\n";
while(<IN>) {
$ssl_version=$1 if (/^VERSION=(.*)$/);
@@ -24,6 +38,7 @@ $infile="MINFO";
%ops=(
"VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X",
+ "VC-WIN32-GMAKE", "Microsoft Visual C++ [4-6] - Windows NT or 9X, GNU make",
"VC-CE", "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY",
"VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY",
"VC-W31-16", "Microsoft Visual C++ 1.52 - Windows 3.1 - 286",
@@ -43,6 +58,7 @@ $infile="MINFO";
);
$platform="";
+my $xcflags="";
foreach (@ARGV)
{
if (!&read_options && !defined($ops{$_}))
@@ -104,8 +120,12 @@ $inc_def="outinc";
$tmp_def="tmp";
$mkdir="-mkdir";
+$mkcanister="ld -r -o";
+
+$ex_build_targets = "";
($ssl,$crypto)=("ssl","crypto");
+$cryptocompat = "";
$ranlib="echo ranlib";
$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
@@ -140,6 +160,10 @@ elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT"))
$NT = 1 if $platform eq "VC-NT";
require 'VC-32.pl';
}
+elsif ($platform eq "VC-WIN32-GMAKE")
+ {
+ require 'VC-32-GMAKE.pl';
+ }
elsif ($platform eq "VC-CE")
{
require 'VC-CE.pl';
@@ -210,6 +234,8 @@ $inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
+$cflags= "$xcflags$cflags" if $xcflags ne "";
+
$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea;
$cflags.=" -DOPENSSL_NO_AES" if $no_aes;
$cflags.=" -DOPENSSL_NO_RC2" if $no_rc2;
@@ -239,6 +265,9 @@ $cflags.=" -DOPENSSL_NO_HW" if $no_hw;
$cflags.=" -DOPENSSL_FIPS" if $fips;
#$cflags.=" -DRSAref" if $rsaref ne "";
+$cflags.= " -DZLIB" if $zlib_opt;
+$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
+
## if ($unix)
## { $cflags="$c_flags" if ($c_flags ne ""); }
##else
@@ -246,6 +275,7 @@ $cflags.=" -DOPENSSL_FIPS" if $fips;
$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
+
%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
"CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
@@ -262,6 +292,135 @@ $link="$bin_dir$link" if ($link !~ /^\$/);
$INSTALLTOP =~ s|/|$o|g;
+#############################################
+# We parse in input file and 'store' info for later printing.
+open(IN,"<$infile") || die "unable to open $infile:$!\n";
+$_=<IN>;
+for (;;)
+ {
+ chop;
+
+ ($key,$val)=/^([^=]+)=(.*)/;
+ if ($key eq "RELATIVE_DIRECTORY")
+ {
+ if ($lib ne "")
+ {
+ if ($fips && $dir =~ /^fips/)
+ {
+ $uc = "FIPS";
+ }
+ else
+ {
+ $uc=$lib;
+ $uc =~ s/^lib(.*)\.a/$1/;
+ $uc =~ tr/a-z/A-Z/;
+ }
+ if (($uc ne "FIPS") || $fips_canister_build)
+ {
+ $lib_nam{$uc}=$uc;
+ $lib_obj{$uc}.=$libobj." ";
+ }
+ }
+ last if ($val eq "FINISHED");
+ $lib="";
+ $libobj="";
+ $dir=$val;
+ }
+
+ if ($key eq "KRB5_INCLUDES")
+ { $cflags .= " $val";}
+
+ if ($key eq "ZLIB_INCLUDE")
+ { $cflags .= " $val" if $val ne "";}
+
+ if ($key eq "LIBZLIB")
+ { $zlib_lib = "$val" if $val ne "";}
+
+ if ($key eq "LIBKRB5")
+ { $ex_libs .= " $val" if $val ne "";}
+
+ if ($key eq "TEST")
+ { $test.=&var_add($dir,$val); }
+
+ if (($key eq "PROGS") || ($key eq "E_OBJ"))
+ { $e_exe.=&var_add($dir,$val); }
+
+ if ($key eq "LIB")
+ {
+ $lib=$val;
+ $lib =~ s/^.*\/([^\/]+)$/$1/;
+ }
+
+ if ($key eq "EXHEADER")
+ { $exheader.=&var_add($dir,$val); }
+
+ if ($key eq "HEADER")
+ { $header.=&var_add($dir,$val); }
+
+ if ($key eq "LIBOBJ")
+ { $libobj=&var_add($dir,$val); }
+
+ if ($key eq "FIPSLIBDIR")
+ { $fipslibdir=$val;}
+
+ if ($key eq "BASEADDR")
+ { $baseaddr=$val;}
+
+ if (!($_=<IN>))
+ { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
+ }
+close(IN);
+
+if ($fips_canister_path eq "")
+ {
+ $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.o";
+ }
+
+if ($fips_premain_c_path eq "")
+ {
+ $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c";
+ }
+
+if ($fips)
+ {
+ if ($fips_sha1_exe_path eq "")
+ {
+ $fips_sha1_exe_path =
+ "\$(BIN_D)${o}fips_standalone_sha1$exep";
+ }
+ }
+ else
+ {
+ $fips_sha1_exe_path = "";
+ }
+
+if ($fips_premain_dso_exe_path eq "")
+ {
+ $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep";
+ }
+
+# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips);
+
+if ($fips)
+ {
+ if (!$shlib)
+ {
+ $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
+ $ex_l_libs .= " \$(O_FIPSCANISTER)";
+ }
+ if ($fipslibdir eq "")
+ {
+ open (IN, "util/fipslib_path.txt") || fipslib_error();
+ $fipslibdir = <IN>;
+ chomp $fipslibdir;
+ close IN;
+ }
+ fips_check_files($fipslibdir,
+ "fipscanister.o", "fipscanister.o.sha1",
+ "fips_premain.c", "fips_premain.c.sha1");
+ }
+
+
$defs= <<"EOF";
# This makefile has been automatically generated from the OpenSSL distribution.
# This single makefile will build the complete OpenSSL distribution and
@@ -286,6 +445,7 @@ if ($platform eq "VC-CE")
!INCLUDE <\$(WCECOMPAT)/wcedefs.mak>
EOF
+ $ex_libs .= " $zlib_lib" if $zlib_opt == 1;
}
$defs.= <<"EOF";
@@ -308,6 +468,8 @@ EX_LIBS=$ex_libs
SRC_D=$src_dir
LINK=$link
+PERL=perl
+FIPSLINK=\$(PERL) util${o}fipslink.pl
LFLAGS=$lflags
BN_ASM_OBJ=$bn_asm_obj
@@ -339,6 +501,9 @@ TMP_D=$tmp_dir
INC_D=$inc_dir
INCO_D=$inc_dir${o}openssl
+# Directory containing FIPS module
+
+
CP=$cp
RM=$rm
RANLIB=$ranlib
@@ -346,6 +511,18 @@ MKDIR=$mkdir
MKLIB=$bin_dir$mklib
MLFLAGS=$mlflags
ASM=$bin_dir$asm
+MKCANISTER=$mkcanister
+
+# FIPS validated module and support file locations
+
+E_PREMAIN_DSO=fips_premain_dso
+
+FIPSLIB_D=$fipslibdir
+BASEADDR=$baseaddr
+FIPS_PREMAIN_SRC=$fips_premain_c_path
+O_FIPSCANISTER=$fips_canister_path
+FIPS_SHA1_EXE=$fips_sha1_exe_path
+PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
######################################################
# You should not need to touch anything below this point
@@ -377,7 +554,7 @@ SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp
L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp
-L_LIBS= \$(L_SSL) \$(L_CRYPTO)
+L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
######################################################
# Don't touch anything below this point
@@ -387,13 +564,13 @@ INC=-I\$(INC_D) -I\$(INCL_D)
APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
-LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
+LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep
#############################################
EOF
$rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets
banner:
$banner
@@ -479,57 +656,6 @@ printf OUT " #define DATE \"%s\"\n", scalar gmtime();
printf OUT "#endif\n";
close(OUT);
-#############################################
-# We parse in input file and 'store' info for later printing.
-open(IN,"<$infile") || die "unable to open $infile:$!\n";
-$_=<IN>;
-for (;;)
- {
- chop;
-
- ($key,$val)=/^([^=]+)=(.*)/;
- if ($key eq "RELATIVE_DIRECTORY")
- {
- if ($lib ne "")
- {
- $uc=$lib;
- $uc =~ s/^lib(.*)\.a/$1/;
- $uc =~ tr/a-z/A-Z/;
- $lib_nam{$uc}=$uc;
- $lib_obj{$uc}.=$libobj." ";
- }
- last if ($val eq "FINISHED");
- $lib="";
- $libobj="";
- $dir=$val;
- }
-
- if ($key eq "TEST")
- { $test.=&var_add($dir,$val); }
-
- if (($key eq "PROGS") || ($key eq "E_OBJ"))
- { $e_exe.=&var_add($dir,$val); }
-
- if ($key eq "LIB")
- {
- $lib=$val;
- $lib =~ s/^.*\/([^\/]+)$/$1/;
- }
-
- if ($key eq "EXHEADER")
- { $exheader.=&var_add($dir,$val); }
-
- if ($key eq "HEADER")
- { $header.=&var_add($dir,$val); }
-
- if ($key eq "LIBOBJ")
- { $libobj=&var_add($dir,$val); }
-
- if (!($_=<IN>))
- { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
- }
-close(IN);
-
# Strip of trailing ' '
foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }
$test=&clean_up_ws($test);
@@ -554,6 +680,29 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
+# Special case rules for fips_start and fips_end fips_premain_dso
+
+if ($fips)
+ {
+ if ($fips_canister_build)
+ {
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",
+ "fips-1.0${o}fips_canister.c",
+ "-DFIPS_START \$(SHLIB_CFLAGS)");
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",
+ "fips-1.0${o}fips_canister.c", "\$(SHLIB_CFLAGS)");
+ }
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
+ "fips-1.0${o}sha${o}fips_standalone_sha1.c",
+ "\$(SHLIB_CFLAGS)");
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_sha1dgst$obj",
+ "fips-1.0${o}sha${o}fips_sha1dgst.c",
+ "\$(SHLIB_CFLAGS)") unless $fips_canister_build;
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
+ "fips-1.0${o}fips_premain.c",
+ "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");
+ }
+
foreach (values %lib_nam)
{
$lib_obj=$lib_obj{$_};
@@ -630,16 +779,42 @@ foreach (split(/\s+/,$test))
}
$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
-$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
+
if ($fips)
{
- $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)","\$(BIN_D)$o.sha1","\$(BIN_D)$o\$(E_EXE)$exep");
+ if ($shlib)
+ {
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+ "\$(O_CRYPTO)",
+ "$crypto",
+ $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
+ }
+ else
+ {
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
+ "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+ "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+ }
}
-else
+ else
{
- $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
+ "\$(SO_CRYPTO)");
}
+
+
+if ($fips)
+ {
+ $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(FIPSLIB_D)${o}fips_standalone_sha1$exep", "") if $fips_canister_build;
+ $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
+
+ $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)","\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}fips_sha1dgst$obj","","", 1);
+ }
+
+ $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)",0);
+
print $defs;
if ($platform eq "linux-elf") {
@@ -935,6 +1110,24 @@ sub read_options
elsif (/^shlib$/) { $shlib=1; }
elsif (/^dll$/) { $shlib=1; }
elsif (/^shared$/) { } # We just need to ignore it for now...
+ elsif (/^zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 }
+ elsif (/^zlib-dynamic$/){ $zlib_opt = 2; }
+ elsif (/^--with-krb5-flavor=(.*)$/)
+ {
+ my $krb5_flavor = $1;
+ if ($krb5_flavor =~ /^force-[Hh]eimdal$/)
+ {
+ $xcflags="-DKRB5_HEIMDAL $xcflags";
+ }
+ elsif ($krb5_flavor =~ /^MIT/i)
+ {
+ $xcflags="-DKRB5_MIT $xcflags";
+ if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i)
+ {
+ $xcflags="-DKRB5_MIT_OLD11 $xcflags"
+ }
+ }
+ }
elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
elsif (/^-[lL].*$/) { $l_flags.="$_ "; }
elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
@@ -942,3 +1135,31 @@ sub read_options
else { return(0); }
return(1);
}
+
+sub fipslib_error
+ {
+ print STDERR "***FIPS module directory sanity check failed***\n";
+ print STDERR "FIPS module build failed, or was deleted\n";
+ print STDERR "Please rebuild FIPS module.\n";
+ exit 1;
+ }
+
+sub fips_check_files
+ {
+ my $dir = shift @_;
+ my $ret = 1;
+ if (!-d $dir)
+ {
+ print STDERR "FIPS module directory $dir does not exist\n";
+ fipslib_error();
+ }
+ foreach (@_)
+ {
+ if (!-f "$dir${o}$_")
+ {
+ print STDERR "FIPS module file $_ does not exist!\n";
+ $ret = 0;
+ }
+ }
+ fipslib_error() if ($ret == 0);
+ }
diff --git a/src/lib/libssl/src/util/mkdef.pl b/src/lib/libssl/src/util/mkdef.pl
index 9918c3d549..6c1e53bb14 100644
--- a/src/lib/libssl/src/util/mkdef.pl
+++ b/src/lib/libssl/src/util/mkdef.pl
@@ -83,7 +83,7 @@ my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
- "RIPEMD",
+ "SHA256", "SHA512", "RIPEMD",
"MDC2", "RSA", "DSA", "DH", "EC", "HMAC", "AES",
# Envelope "algorithms"
"EVP", "X509", "ASN1_TYPEDEFS",
@@ -267,7 +267,7 @@ $crypto.=" crypto/ocsp/ocsp.h";
$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
$crypto.=" crypto/krb5/krb5_asn.h";
$crypto.=" crypto/tmdiff.h";
-$crypto.=" fips/fips.h fips/rand/fips_rand.h";
+$crypto.=" fips-1.0/fips.h fips-1.0/rand/fips_rand.h fips-1.0/sha/fips_sha.h";
my $symhacks="crypto/symhacks.h";
@@ -864,6 +864,9 @@ sub do_defs
$a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
$a .= ",RSA" if($s =~ /RSAPrivateKey/);
$a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/);
+ # SHA2 algorithms only defined in FIPS mode for
+ # OpenSSL 0.9.7
+ $p .= "OPENSSL_FIPS" if($s =~ /SHA[235]/);
$platform{$s} =
&reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);
@@ -1011,7 +1014,7 @@ sub is_valid
{
my ($keywords_txt,$platforms) = @_;
my (@keywords) = split /,/,$keywords_txt;
- my ($falsesum, $truesum) = (0, !grep(/^[^!]/,@keywords));
+ my ($falsesum, $truesum) = (0, 1);
# Param: one keyword
sub recognise
@@ -1079,7 +1082,7 @@ sub is_valid
if ($k =~ /^!(.*)$/) {
$falsesum += &recognise($1,$platforms);
} else {
- $truesum += &recognise($k,$platforms);
+ $truesum *= &recognise($k,$platforms);
}
}
print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug;
diff --git a/src/lib/libssl/src/util/mkerr.pl b/src/lib/libssl/src/util/mkerr.pl
index 60e534807e..9678514604 100644
--- a/src/lib/libssl/src/util/mkerr.pl
+++ b/src/lib/libssl/src/util/mkerr.pl
@@ -9,6 +9,9 @@ my $reindex = 0;
my $dowrite = 0;
my $staticloader = "";
+my $pack_errcode;
+my $load_errcode;
+
while (@ARGV) {
my $arg = $ARGV[0];
if($arg eq "-conf") {
@@ -41,8 +44,8 @@ while (@ARGV) {
}
if($recurse) {
- @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <fips/*.c>,
- <fips/*/*.c>);
+ @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <fips-1.0/*.c>,
+ <fips-1.0/*/*.c>);
} else {
@source = @ARGV;
}
@@ -399,6 +402,20 @@ EOF
$hincf = "\"$hfile\"";
}
+ # If static we know the error code at compile time so use it
+ # in error definitions.
+
+ if ($static)
+ {
+ $pack_errcode = "ERR_LIB_${lib}";
+ $load_errcode = "0";
+ }
+ else
+ {
+ $pack_errcode = "0";
+ $load_errcode = "ERR_LIB_${lib}";
+ }
+
open (OUT,">$cfile") || die "Can't open $cfile for writing";
@@ -469,6 +486,10 @@ EOF
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0)
+#define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason)
+
static ERR_STRING_DATA ${lib}_str_functs[]=
{
EOF
@@ -480,7 +501,8 @@ EOF
if(exists $ftrans{$fn}) {
$fn = $ftrans{$fn};
}
- print OUT "{ERR_PACK(0,$i,0),\t\"$fn\"},\n";
+# print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n";
+ print OUT "{ERR_FUNC($i),\t\"$fn\"},\n";
}
print OUT <<"EOF";
{0,NULL}
@@ -492,6 +514,7 @@ EOF
# Add each reason code.
foreach $i (@reasons) {
my $rn;
+ my $rstr = "ERR_REASON($i)";
my $nspc = 0;
if (exists $err_reason_strings{$i}) {
$rn = $err_reason_strings{$i};
@@ -500,9 +523,9 @@ EOF
$rn = $1;
$rn =~ tr/_[A-Z]/ [a-z]/;
}
- $nspc = 40 - length($i) unless length($i) > 40;
+ $nspc = 40 - length($rstr) unless length($rstr) > 40;
$nspc = " " x $nspc;
- print OUT "{${i}${nspc},\"$rn\"},\n";
+ print OUT "{${rstr}${nspc},\"$rn\"},\n";
}
if($static) {
print OUT <<"EOF";
@@ -519,8 +542,8 @@ ${staticloader}void ERR_load_${lib}_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_${lib},${lib}_str_functs);
- ERR_load_strings(ERR_LIB_${lib},${lib}_str_reasons);
+ ERR_load_strings($load_errcode,${lib}_str_functs);
+ ERR_load_strings($load_errcode,${lib}_str_reasons);
#endif
}
diff --git a/src/lib/libssl/src/util/mkfiles.pl b/src/lib/libssl/src/util/mkfiles.pl
index 928a274303..bc78510f56 100644
--- a/src/lib/libssl/src/util/mkfiles.pl
+++ b/src/lib/libssl/src/util/mkfiles.pl
@@ -51,14 +51,15 @@ my @dirs = (
"crypto/ocsp",
"crypto/ui",
"crypto/krb5",
-"fips",
-"fips/aes",
-"fips/des",
-"fips/dsa",
-"fips/dh",
-"fips/rand",
-"fips/rsa",
-"fips/sha1",
+"fips-1.0",
+"fips-1.0/aes",
+"fips-1.0/des",
+"fips-1.0/dsa",
+"fips-1.0/dh",
+"fips-1.0/hmac",
+"fips-1.0/rand",
+"fips-1.0/rsa",
+"fips-1.0/sha",
"ssl",
"apps",
"test",
diff --git a/src/lib/libssl/src/util/mklink.pl b/src/lib/libssl/src/util/mklink.pl
index c8653cecc3..182732d959 100644
--- a/src/lib/libssl/src/util/mklink.pl
+++ b/src/lib/libssl/src/util/mklink.pl
@@ -14,13 +14,16 @@
# not contain symbolic links and that the parent of / is never referenced.
# Apart from this, this script should be able to handle even the most
# pathological cases.
+#
+
+use Cwd;
my $from = shift;
my @files = @ARGV;
my @from_path = split(/[\\\/]/, $from);
-my $pwd = `pwd`;
-chop($pwd);
+my $pwd = getcwd();
+chomp($pwd);
my @pwd_path = split(/[\\\/]/, $pwd);
my @to_path = ();
diff --git a/src/lib/libssl/src/util/pl/BC-32.pl b/src/lib/libssl/src/util/pl/BC-32.pl
index 897ae9d824..28869c868d 100644
--- a/src/lib/libssl/src/util/pl/BC-32.pl
+++ b/src/lib/libssl/src/util/pl/BC-32.pl
@@ -18,7 +18,7 @@ $out_def="out32";
$tmp_def="tmp32";
$inc_def="inc32";
#enable max error messages, disable most common warnings
-$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp ";
+$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ";
if ($debug)
{
$cflags.="-Od -y -v -vi- -D_DEBUG";
@@ -51,7 +51,7 @@ $lfile='';
$shlib_ex_obj="";
$app_ex_obj="c0x32.obj";
-$asm='nasmw -f obj';
+$asm='nasmw -f obj -d__omf__';
$asm.=" /Zi" if $debug;
$afile='-o';
@@ -106,9 +106,13 @@ sub do_lib_rule
$ret.="$target: $objs\n";
if (!$shlib)
{
- # $ret.="\t\$(RM) \$(O_$Name)\n";
- $ret.="\techo LIB $<\n";
- $ret.="\t&\$(MKLIB) $lfile$target -+\$**\n";
+ $ret.=<<___;
+ -\$(RM) $lfile$target
+ \$(MKLIB) $lfile$target \@&&!
++\$(**: = &^
++)
+!
+___
}
else
{
diff --git a/src/lib/libssl/src/util/pl/OS2-EMX.pl b/src/lib/libssl/src/util/pl/OS2-EMX.pl
index 75d72ebbcb..8dbeaa7a08 100644
--- a/src/lib/libssl/src/util/pl/OS2-EMX.pl
+++ b/src/lib/libssl/src/util/pl/OS2-EMX.pl
@@ -68,6 +68,7 @@ if (!$no_asm && !$fips)
$sha1_asm_src="crypto/sha/asm/s1-os2.asm";
$rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj";
$rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm";
+ $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
}
if ($shlib)
diff --git a/src/lib/libssl/src/util/pl/VC-32-GMAKE.pl b/src/lib/libssl/src/util/pl/VC-32-GMAKE.pl
new file mode 100644
index 0000000000..b5bbcac6c2
--- /dev/null
+++ b/src/lib/libssl/src/util/pl/VC-32-GMAKE.pl
@@ -0,0 +1,222 @@
+#!/usr/local/bin/perl
+# VCw32lib.pl - the file for Visual C++ 4.[01] for windows NT, static libraries
+#
+
+
+if ($fips && !$shlib)
+ {
+ $crypto="libeayfips32";
+ $crypto_compat = "libeaycompat32.lib";
+ }
+else
+ {
+ $crypto="libeay32";
+ }
+$ssl= "ssleay32";
+
+$o='/';
+#$cp='copy nul+'; # Timestamps get stuffed otherwise
+#$rm='del';
+
+$cp='cp';
+$rm='rm';
+
+$zlib_lib="zlib1.lib";
+
+# C compiler stuff
+$cc='cl';
+$cflags=' -MD -W3 -WX -Ox -O2 -Ob2 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
+$cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8
+$cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8
+$lflags="-nologo -subsystem:console -machine:I386 -opt:ref";
+$mlflags='';
+
+$out_def="gmout32";
+$tmp_def="gmtmp32";
+$inc_def="gminc32";
+
+if ($debug)
+ {
+ $cflags=" -MDd -W3 -WX -Zi -Yd -Od -nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
+ $lflags.=" -debug";
+ $mlflags.=' -debug';
+ }
+$cflags .= " -DOPENSSL_SYSNAME_WINNT" if $NT == 1;
+
+$obj='.obj';
+$ofile="-Fo";
+
+# EXE linking stuff
+$link="link";
+$efile="-out:";
+$exep='.exe';
+if ($no_sock)
+ { $ex_libs=""; }
+else { $ex_libs="wsock32.lib user32.lib gdi32.lib"; }
+
+# static library stuff
+$mklib='lib';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='-out:';
+
+$shlib_ex_obj="";
+$app_ex_obj="setargv.obj";
+if ($nasm) {
+ $asm='nasmw -f win32';
+ $afile='-o ';
+} else {
+ $asm='ml -Cp -coff -c -Cx';
+ $asm.=" -Zi" if $debug;
+ $afile='-Fo';
+}
+
+$bn_asm_obj='';
+$bn_asm_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+
+if (!$no_asm && !$fips)
+ {
+ $bn_asm_obj='crypto/bn/asm/bn_win32.obj';
+ $bn_asm_src='crypto/bn/asm/bn_win32.asm';
+ $des_enc_obj='crypto/des/asm/d_win32.obj crypto/des/asm/y_win32.obj';
+ $des_enc_src='crypto/des/asm/d_win32.asm crypto/des/asm/y_win32.asm';
+ $bf_enc_obj='crypto/bf/asm/b_win32.obj';
+ $bf_enc_src='crypto/bf/asm/b_win32.asm';
+ $cast_enc_obj='crypto/cast/asm/c_win32.obj';
+ $cast_enc_src='crypto/cast/asm/c_win32.asm';
+ $rc4_enc_obj='crypto/rc4/asm/r4_win32.obj';
+ $rc4_enc_src='crypto/rc4/asm/r4_win32.asm';
+ $rc5_enc_obj='crypto/rc5/asm/r5_win32.obj';
+ $rc5_enc_src='crypto/rc5/asm/r5_win32.asm';
+ $md5_asm_obj='crypto/md5/asm/m5_win32.obj';
+ $md5_asm_src='crypto/md5/asm/m5_win32.asm';
+ $sha1_asm_obj='crypto/sha/asm/s1_win32.obj';
+ $sha1_asm_src='crypto/sha/asm/s1_win32.asm';
+ $rmd160_asm_obj='crypto/ripemd/asm/rm_win32.obj';
+ $rmd160_asm_src='crypto/ripemd/asm/rm_win32.asm';
+ $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+ }
+
+if ($shlib)
+ {
+ $mlflags.=" $lflags -dll";
+# $cflags =~ s| -MD| -MT|;
+ $lib_cflag=" -D_WINDLL";
+ $out_def="gmout32dll";
+ $tmp_def="gmtmp32dll";
+ }
+
+$cflags.=" -Fd$out_def";
+
+sub do_lib_rule
+ {
+ local($objs,$target,$name,$shlib,$ign,$base_addr, $fips_get_sig, $fips_premain_src)=@_;
+ local($ret,$Name);
+
+ $taget =~ s/\//$o/g if $o ne '/';
+ ($Name=$name) =~ tr/a-z/A-Z/;
+ my $base_arg;
+ if ($base_addr ne "")
+ {
+ $base_arg= " -base:$base_addr";
+ }
+ else
+ {
+ $base_arg = "";
+ }
+
+
+# $target="\$(LIB_D)$o$target";
+ if (!$shlib)
+ {
+# $ret.="\t\$(RM) \$(O_$Name)\n";
+ $ret.="$target: $objs\n";
+ $ex =' advapi32.lib';
+ $ret.="\t\$(MKLIB) $lfile$target $objs $ex\n\n";
+ }
+ else
+ {
+ local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+ $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
+ $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
+ if (defined $fips_get_sig)
+ {
+ $ret.="$target: \$(O_FIPSCANISTER) $objs $fips_get_sig\n";
+ $ret.="\tFIPS_LINK=\$(LINK) ";
+ $ret.="FIPS_CC=\$(CC) ";
+ $ret.="FIPS_CC_ARGS=\"-Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\" ";
+ $ret.="FIPS_PREMAIN_DSO=$fips_get_sig ";
+ $ret.="FIPS_TARGET=$target ";
+ $ret.="FIPS_LIBDIR=\$(FIPSLIB_D) ";
+ $ret.="\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target ";
+ $ret.="-def:ms/${Name}.def \$(SHLIB_EX_OBJ) $objs ";
+ $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n\n";
+ }
+ else
+ {
+ $ret.="$target: $objs\n";
+ $ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def \$(SHLIB_EX_OBJ) $objs $ex\n\n";
+ }
+ }
+ $ret.="\n";
+ return($ret);
+ }
+
+sub do_link_rule
+ {
+ local($target,$files,$dep_libs,$libs,$standalone)=@_;
+ local($ret,$_);
+ $file =~ s/\//$o/g if $o ne '/';
+ $n=&bname($targer);
+ if ($standalone)
+ {
+ $ret.="$target: $files $dep_libs\n";
+ $ret.="\t\$(LINK) \$(LFLAGS) $efile$target ";
+ $ret.="$files $libs\n\n";
+ }
+ elsif ($fips && !$shlib)
+ {
+ $ret.="$target: \$(O_FIPSCANISTER) $files $dep_libs\n";
+ $ret.="\tFIPS_LINK=\$(LINK) ";
+ $ret.="FIPS_CC=\$(CC) ";
+ $ret.="FIPS_CC_ARGS=\"-Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\" ";
+ $ret.="FIPS_PREMAIN_DSO= ";
+ $ret.="FIPS_TARGET=$target ";
+ $ret.="FIPS_LIBDIR=\$(FIPSLIB_D) ";
+ $ret.=" \$(FIPSLINK) \$(LFLAGS) $efile$target ";
+ $ret.="\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n\n";
+ }
+ else
+ {
+ $ret.="$target: $files $dep_libs\n";
+ $ret.="\t\$(LINK) \$(LFLAGS) $efile$target ";
+ $ret.="\$(APP_EX_OBJ) $files $libs\n\n";
+ }
+ $ret.="\n";
+ return($ret);
+ }
+
+sub do_rlink_rule
+ {
+ local($target,$files,$check_hash, $deps)=@_;
+ local($ret,$_);
+
+ $file =~ s/\//$o/g if $o ne '/';
+ $n=&bname($targer);
+ $ret.="$target: $check_hash $files $deps\n";
+ $ret.="\t\$(PERL) util${o}checkhash.pl -chdir fips-1.0 -program_path ..$o$check_hash\n";
+ $ret.="\t\$(MKCANISTER) $target $files\n";
+ $ret.="\t$check_hash $target > $target.sha1\n";
+ $ret.="\t\$(CP) fips-1.0${o}fips_premain.c \$(FIPSLIB_D)\n";
+ $ret.="\t$check_hash \$(FIPSLIB_D)${o}fips_premain.c > \$(FIPSLIB_D)${o}fips_premain.c.sha1\n\n";
+ return($ret);
+ }
+
+
+1;
diff --git a/src/lib/libssl/src/util/pl/VC-32.pl b/src/lib/libssl/src/util/pl/VC-32.pl
index cf689b9feb..4e97dfa9af 100644
--- a/src/lib/libssl/src/util/pl/VC-32.pl
+++ b/src/lib/libssl/src/util/pl/VC-32.pl
@@ -3,15 +3,28 @@
#
$ssl= "ssleay32";
-$crypto="libeay32";
+
+if ($fips && !$shlib)
+ {
+ $crypto="libeayfips32";
+ $crypto_compat = "libeaycompat32.lib";
+ }
+else
+ {
+ $crypto="libeay32";
+ }
$o='\\';
$cp='copy nul+'; # Timestamps get stuffed otherwise
$rm='del';
+$zlib_lib="zlib1.lib";
+
# C compiler stuff
$cc='cl';
-$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
+$cflags=' /MD /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
+$cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8
+$cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8
$lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
$mlflags='';
@@ -100,25 +113,56 @@ $cflags.=" /Fd$out_def";
sub do_lib_rule
{
- local($objs,$target,$name,$shlib)=@_;
+ local($objs,$target,$name,$shlib,$ign,$base_addr) = @_;
local($ret,$Name);
$taget =~ s/\//$o/g if $o ne '/';
($Name=$name) =~ tr/a-z/A-Z/;
+ my $base_arg;
+ if ($base_addr ne "")
+ {
+ $base_arg= " /base:$base_addr";
+ }
+ else
+ {
+ $base_arg = "";
+ }
+
# $target="\$(LIB_D)$o$target";
- $ret.="$target: $objs\n";
if (!$shlib)
{
# $ret.="\t\$(RM) \$(O_$Name)\n";
+ $ret.="$target: $objs\n";
$ex =' advapi32.lib';
+ $ex.=" \$(FIPSLIB_D)${o}_chkstk.o" if $fips && $target =~ /O_CRYPTO/;
$ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n";
}
else
{
local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
- $ex.=' wsock32.lib gdi32.lib advapi32.lib';
- $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+ $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
+ $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
+ if ($fips && $target =~ /O_CRYPTO/)
+ {
+ $ex.=" \$(FIPSLIB_D)${o}_chkstk.o";
+ $ret.="$target: $objs \$(PREMAIN_DSO_EXE)\n";
+ $ret.="\tSET FIPS_LINK=\$(LINK)\n";
+ $ret.="\tSET FIPS_CC=\$(CC)\n";
+ $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+ $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
+ $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+ $ret.="\tSET FIPS_TARGET=$target\n";
+ $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+ $ret.="\t\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target ";
+ $ret.="/def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs ";
+ $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
+ }
+ else
+ {
+ $ret.="$target: $objs\n";
+ $ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+ }
}
$ret.="\n";
return($ret);
@@ -126,20 +170,51 @@ sub do_lib_rule
sub do_link_rule
{
- local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_;
+ local($target,$files,$dep_libs,$libs,$standalone)=@_;
local($ret,$_);
-
$file =~ s/\//$o/g if $o ne '/';
$n=&bname($targer);
$ret.="$target: $files $dep_libs\n";
- $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n";
- $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n";
- if (defined $sha1file)
+ if ($standalone)
+ {
+ $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
+ $ret.="\$(FIPSLIB_D)${o}_chkstk.o " if ($files =~ /O_FIPSCANISTER/);
+ $ret.="$files $libs\n<<\n";
+ }
+ elsif ($fips && !$shlib)
{
- $ret.=" $openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";
+ $ret.="\tSET FIPS_LINK=\$(LINK)\n";
+ $ret.="\tSET FIPS_CC=\$(CC)\n";
+ $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+ $ret.="\tSET PREMAIN_DSO_EXE=\n";
+ $ret.="\tSET FIPS_TARGET=$target\n";
+ $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+ $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+ $ret.=" \$(FIPSLINK) \$(LFLAGS) $efile$target @<<\n";
+ $ret.=" \$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
}
+ else
+ {
+ $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n";
+ $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n";
+ }
+ $ret.="\n";
+ return($ret);
+ }
+
+sub do_rlink_rule
+ {
+ local($target,$files,$dep_libs,$libs)=@_;
+ local($ret,$_);
+
+ $file =~ s/\//$o/g if $o ne '/';
+ $n=&bname($targer);
+ $ret.="$target: $files $dep_libs\n";
+ $ret.=" \$(MKCANISTER) $target <<\n";
+ $ret.="INPUT($files)\n<<\n";
$ret.="\n";
return($ret);
}
+
1;
diff --git a/src/lib/libssl/src/util/pod2man.pl b/src/lib/libssl/src/util/pod2man.pl
index 657e4e264e..546d1ec186 100644
--- a/src/lib/libssl/src/util/pod2man.pl
+++ b/src/lib/libssl/src/util/pod2man.pl
@@ -425,6 +425,7 @@ if ($name ne 'something') {
}
next if /^=cut\b/; # DB_File and Net::Ping have =cut before NAME
next if /^=pod\b/; # It is OK to have =pod before NAME
+ next if /^=for\s+comment\b/; # It is OK to have =for comment before NAME
die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax;
}
die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax;
diff --git a/src/lib/libssl/src/util/selftest.pl b/src/lib/libssl/src/util/selftest.pl
index e9d5aa8938..4778c5ab01 100644
--- a/src/lib/libssl/src/util/selftest.pl
+++ b/src/lib/libssl/src/util/selftest.pl
@@ -49,7 +49,7 @@ if (open(IN,"<Makefile")) {
}
$cversion=`$cc -v 2>&1`;
-$cversion=`$cc -V 2>&1` if $cversion =~ "usage";
+$cversion=`$cc -V 2>&1` if $cversion =~ "[Uu]sage";
$cversion=`$cc -V |head -1` if $cversion =~ "Error";
$cversion=`$cc --version` if $cversion eq "";
$cversion =~ s/Reading specs.*\n//;
@@ -130,15 +130,21 @@ if (system("make 2>&1 | tee make.log") > 255) {
goto err;
}
-$_=$options;
-s/no-asm//;
-s/no-shared//;
-s/no-krb5//;
-if (/no-/)
-{
- print OUT "Test skipped.\n";
- goto err;
-}
+# Not sure why this is here. The tests themselves can detect if their
+# particular feature isn't included, and should therefore skip themselves.
+# To skip *all* tests just because one algorithm isn't included is like
+# shooting mosquito with an elephant gun...
+# -- Richard Levitte, inspired by problem report 1089
+#
+#$_=$options;
+#s/no-asm//;
+#s/no-shared//;
+#s/no-krb5//;
+#if (/no-/)
+#{
+# print OUT "Test skipped.\n";
+# goto err;
+#}
print "Running make test...\n";
if (system("make test 2>&1 | tee maketest.log") > 255)
diff --git a/src/lib/libssl/test/Makefile b/src/lib/libssl/test/Makefile
index 6aeedf7fa3..189d14ed49 100644
--- a/src/lib/libssl/test/Makefile
+++ b/src/lib/libssl/test/Makefile
@@ -39,7 +39,7 @@ EXPTEST= exptest
IDEATEST= ideatest
SHATEST= shatest
SHA1TEST= sha1test
-FIPS_SHA1TEST= fips_sha1test
+FIPS_SHATEST= fips_shatest
MDC2TEST= mdc2test
RMDTEST= rmdtest
MD2TEST= md2test
@@ -64,32 +64,47 @@ RSATEST= rsa_test
ENGINETEST= enginetest
EVPTEST= evp_test
FIPS_AESTEST= fips_aesavs
+FIPS_HMACTEST= fips_hmactest
+FIPS_RSAVTEST= fips_rsavtest
+FIPS_RSASTEST= fips_rsastest
+FIPS_RSAGTEST= fips_rsagtest
+FIPS_DSSVS= fips_dssvs
+FIPS_RNGVS= fips_rngvs
+FIPS_TEST_SUITE=fips_test_suite
TESTS= alltests
EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) $(MD2TEST)$(EXE_EXT) $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) \
$(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \
- $(DESTEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(FIPS_SHA1TEST)$(EXE_EXT) $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \
+ $(DESTEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(FIPS_SHATEST)$(EXE_EXT) $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \
$(RANDTEST)$(EXE_EXT) $(FIPS_RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
$(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
- $(EVPTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT)
+ $(EVPTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) \
+ $(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) \
+ $(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \
+ $(FIPS_DSSVS)$(EXE_EXT) $(FIPS_RNGVS)$(EXE_EXT) \
+ $(FIPS_TEST_SUITE)$(EXE_EXT)
# $(METHTEST)$(EXE_EXT)
OBJ= $(BNTEST).o $(ECTEST).o $(IDEATEST).o $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
$(HMACTEST).o \
$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
- $(DESTEST).o $(FIPS_DESTEST).o $(SHATEST).o $(SHA1TEST).o $(FIPS_SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
+ $(DESTEST).o $(FIPS_DESTEST).o $(SHATEST).o $(SHA1TEST).o $(FIPS_SHATEST).o $(MDC2TEST).o $(RMDTEST).o \
$(RANDTEST).o $(FIPS_RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(FIPS_DSATEST).o $(EXPTEST).o $(RSATEST).o \
- $(EVPTEST).o $(FIPS_AESTEST).o
+ $(EVPTEST).o $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \
+ $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o $(FIPS_DSSVS).o $(FIPS_RNGVS).o \
+ $(FIPS_TEST_SUITE).o
SRC= $(BNTEST).c $(ECTEST).c $(IDEATEST).c $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
$(HMACTEST).c \
$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
- $(DESTEST).c $(FIPS_DESTEST).c $(SHATEST).c $(SHA1TEST).c $(FIPS_SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
+ $(DESTEST).c $(FIPS_DESTEST).c $(SHATEST).c $(SHA1TEST).c $(FIPS_SHATEST).c $(MDC2TEST).c $(RMDTEST).c \
$(RANDTEST).c $(FIPS_RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
$(BFTEST).c $(SSLTEST).c $(DSATEST).c $(FIPS_DSATEST).c $(EXPTEST).c $(RSATEST).c \
- $(EVPTEST).c $(FIPS_AESTEST).c
+ $(EVPTEST).c $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \
+ $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c $(FIPS_DSSVS).c $(FIPS_RNGVS).c \
+ $(FIPS_TEST_SUITE).c
EXHEADER=
HEADER= $(EXHEADER)
@@ -153,7 +168,7 @@ test_sha:
../util/shlib_wrap.sh ./$(SHATEST)
../util/shlib_wrap.sh ./$(SHA1TEST)
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- ../util/shlib_wrap.sh ./$(FIPS_SHA1TEST) sha1vectors.txt | sed s/Strings/Hashes/ | cmp sha1hashes.txt - ; \
+ ../util/shlib_wrap.sh ./$(FIPS_SHATEST) < SHAmix.req | diff -w SHAmix.fax - ; \
fi
test_mdc2:
@@ -311,20 +326,43 @@ $(DLIBSSL):
$(DLIBCRYPTO):
(cd ..; $(MAKE) DIRS=crypto all)
-BUILD_CMD=if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+BUILD_CMD=SHARED_LIBS="$(SHARED_LIBS)"; \
+ if [ "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+ SHARED_LIBS=""; \
+ fi; \
+ if [ -z "$$SHARED_LIBS" ]; then \
set -x; $${CC:-$(CC)} -o $$target$(EXE_EXT) $(CFLAGS) $$target.o $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
- elif [ -z "$(SHARED_LIBS)" ]; then \
- set -x; $${CC:-$(CC)} -o $$target$(EXE_EXT) $(CFLAGS) $$target.o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
- else \
- set -x; LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+ else set -x; LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
$(CC) -o $$target$(EXE_EXT) $(CFLAGS) $$target.o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
- fi;
+ fi
+
+FIPS_BUILD_CMD=if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
+ FIPSLD_CC=$(CC); CC=$(TOP)/fips-1.0/fipsld; export CC FIPSLD_CC; \
+ fi; $(BUILD_CMD)
$(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO)
- @target=$(FIPS_AESTEST); $(BUILD_CMD)
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_AESTEST); \
- fi
+ @target=$(FIPS_AESTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_HMACTEST)$(EXE_EXT): $(FIPS_HMACTEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_HMACTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_RSAVTEST)$(EXE_EXT): $(FIPS_RSAVTEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_RSAVTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_RSASTEST)$(EXE_EXT): $(FIPS_RSASTEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_RSASTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_RSAGTEST)$(EXE_EXT): $(FIPS_RSAGTEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_RSAGTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_DSSVS)$(EXE_EXT): $(FIPS_DSSVS).o $(DLIBCRYPTO)
+ @target=$(FIPS_DSSVS); $(FIPS_BUILD_CMD)
+
+$(FIPS_RNGVS)$(EXE_EXT): $(FIPS_RNGVS).o $(DLIBCRYPTO)
+ @target=$(FIPS_RNGVS); $(FIPS_BUILD_CMD)
+
+$(FIPS_TEST_SUITE)$(EXE_EXT): $(FIPS_TEST_SUITE).o $(DLIBCRYPTO)
+ @target=$(FIPS_TEST_SUITE); $(FIPS_BUILD_CMD)
$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
@target=$(RSATEST); $(BUILD_CMD)
@@ -350,11 +388,8 @@ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
$(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
@target=$(SHA1TEST); $(BUILD_CMD)
-$(FIPS_SHA1TEST)$(EXE_EXT): $(FIPS_SHA1TEST).o $(DLIBCRYPTO)
- @target=$(FIPS_SHA1TEST); $(BUILD_CMD)
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_SHA1TEST); \
- fi
+$(FIPS_SHATEST)$(EXE_EXT): $(FIPS_SHATEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_SHATEST); $(FIPS_BUILD_CMD)
$(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
@target=$(RMDTEST); $(BUILD_CMD)
@@ -390,19 +425,13 @@ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
@target=$(DESTEST); $(BUILD_CMD)
$(FIPS_DESTEST)$(EXE_EXT): $(FIPS_DESTEST).o $(DLIBCRYPTO)
- @target=$(FIPS_DESTEST); $(BUILD_CMD)
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_DESTEST); \
- fi
+ @target=$(FIPS_DESTEST); $(FIPS_BUILD_CMD)
$(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
@target=$(RANDTEST); $(BUILD_CMD)
$(FIPS_RANDTEST)$(EXE_EXT): $(FIPS_RANDTEST).o $(DLIBCRYPTO)
- @target=$(FIPS_RANDTEST); $(BUILD_CMD)
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_RANDTEST); \
- fi
+ @target=$(FIPS_RANDTEST); $(FIPS_BUILD_CMD)
$(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
@target=$(DHTEST); $(BUILD_CMD)
@@ -411,19 +440,13 @@ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
@target=$(DSATEST); $(BUILD_CMD)
$(FIPS_DSATEST)$(EXE_EXT): $(FIPS_DSATEST).o $(DLIBCRYPTO)
- @target=$(FIPS_DSATEST); $(BUILD_CMD)
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_DSATEST); \
- fi
+ @target=$(FIPS_DSATEST); $(FIPS_BUILD_CMD)
$(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
@target=$(METHTEST); $(BUILD_CMD)
$(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
- @target=$(SSLTEST); $(BUILD_CMD)
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(SSLTEST); \
- fi
+ @target=$(SSLTEST); $(FIPS_BUILD_CMD)
$(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
@target=$(ENGINETEST); $(BUILD_CMD)
@@ -587,6 +610,29 @@ fips_dsatest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
fips_dsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
fips_dsatest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
fips_dsatest.o: fips_dsatest.c
+fips_dssvs.o: ../include/openssl/opensslconf.h fips_dssvs.c
+fips_hmactest.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+fips_hmactest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+fips_hmactest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+fips_hmactest.o: ../include/openssl/cast.h ../include/openssl/conf.h
+fips_hmactest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+fips_hmactest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+fips_hmactest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+fips_hmactest.o: ../include/openssl/err.h ../include/openssl/evp.h
+fips_hmactest.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+fips_hmactest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+fips_hmactest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+fips_hmactest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+fips_hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+fips_hmactest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fips_hmactest.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+fips_hmactest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+fips_hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+fips_hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+fips_hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+fips_hmactest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+fips_hmactest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+fips_hmactest.o: ../include/openssl/x509v3.h fips_hmactest.c
fips_randtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h
fips_randtest.o: ../include/openssl/des.h ../include/openssl/des_old.h
fips_randtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
@@ -596,13 +642,117 @@ fips_randtest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
fips_randtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
fips_randtest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
fips_randtest.o: ../include/openssl/ui_compat.h fips_randtest.c
-fips_sha1test.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h
-fips_sha1test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-fips_sha1test.o: ../include/openssl/fips.h ../include/openssl/lhash.h
-fips_sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_sha1test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-fips_sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-fips_sha1test.o: fips_sha1test.c
+fips_rngvs.o: ../include/openssl/opensslconf.h fips_rngvs.c
+fips_rsagtest.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+fips_rsagtest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+fips_rsagtest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+fips_rsagtest.o: ../include/openssl/cast.h ../include/openssl/conf.h
+fips_rsagtest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+fips_rsagtest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+fips_rsagtest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+fips_rsagtest.o: ../include/openssl/err.h ../include/openssl/evp.h
+fips_rsagtest.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+fips_rsagtest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+fips_rsagtest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+fips_rsagtest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+fips_rsagtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+fips_rsagtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fips_rsagtest.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+fips_rsagtest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+fips_rsagtest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+fips_rsagtest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+fips_rsagtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+fips_rsagtest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+fips_rsagtest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+fips_rsagtest.o: ../include/openssl/x509v3.h fips_rsagtest.c
+fips_rsastest.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+fips_rsastest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+fips_rsastest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+fips_rsastest.o: ../include/openssl/cast.h ../include/openssl/conf.h
+fips_rsastest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+fips_rsastest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+fips_rsastest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+fips_rsastest.o: ../include/openssl/err.h ../include/openssl/evp.h
+fips_rsastest.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+fips_rsastest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+fips_rsastest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+fips_rsastest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+fips_rsastest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+fips_rsastest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fips_rsastest.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+fips_rsastest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+fips_rsastest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+fips_rsastest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+fips_rsastest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+fips_rsastest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+fips_rsastest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+fips_rsastest.o: ../include/openssl/x509v3.h fips_rsastest.c
+fips_rsavtest.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+fips_rsavtest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+fips_rsavtest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+fips_rsavtest.o: ../include/openssl/cast.h ../include/openssl/conf.h
+fips_rsavtest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+fips_rsavtest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+fips_rsavtest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+fips_rsavtest.o: ../include/openssl/err.h ../include/openssl/evp.h
+fips_rsavtest.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+fips_rsavtest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+fips_rsavtest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+fips_rsavtest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+fips_rsavtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+fips_rsavtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fips_rsavtest.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+fips_rsavtest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+fips_rsavtest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+fips_rsavtest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+fips_rsavtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+fips_rsavtest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+fips_rsavtest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+fips_rsavtest.o: ../include/openssl/x509v3.h fips_rsavtest.c
+fips_shatest.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+fips_shatest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+fips_shatest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+fips_shatest.o: ../include/openssl/cast.h ../include/openssl/conf.h
+fips_shatest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+fips_shatest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+fips_shatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+fips_shatest.o: ../include/openssl/err.h ../include/openssl/evp.h
+fips_shatest.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+fips_shatest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+fips_shatest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+fips_shatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+fips_shatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+fips_shatest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+fips_shatest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+fips_shatest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+fips_shatest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+fips_shatest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+fips_shatest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+fips_shatest.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+fips_shatest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
+fips_shatest.o: fips_shatest.c
+fips_test_suite.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+fips_test_suite.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+fips_test_suite.o: ../include/openssl/bn.h ../include/openssl/cast.h
+fips_test_suite.o: ../include/openssl/crypto.h ../include/openssl/des.h
+fips_test_suite.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+fips_test_suite.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+fips_test_suite.o: ../include/openssl/err.h ../include/openssl/evp.h
+fips_test_suite.o: ../include/openssl/fips.h ../include/openssl/fips_sha.h
+fips_test_suite.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+fips_test_suite.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+fips_test_suite.o: ../include/openssl/md4.h ../include/openssl/md5.h
+fips_test_suite.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+fips_test_suite.o: ../include/openssl/objects.h
+fips_test_suite.o: ../include/openssl/opensslconf.h
+fips_test_suite.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fips_test_suite.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+fips_test_suite.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+fips_test_suite.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+fips_test_suite.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+fips_test_suite.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+fips_test_suite.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+fips_test_suite.o: fips_test_suite.c
hmactest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
hmactest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
hmactest.o: ../include/openssl/bn.h ../include/openssl/cast.h
diff --git a/src/lib/libssl/test/SHAmix.fax b/src/lib/libssl/test/SHAmix.fax
new file mode 100644
index 0000000000..83bcb14126
--- /dev/null
+++ b/src/lib/libssl/test/SHAmix.fax
@@ -0,0 +1,129 @@
+[L = 64]
+
+Len = 16
+Msg = 98a1
+MD = 74d78642f70ca830bec75fc60a585917e388cfa4cd1d23daab1c4d9ff1010cac3e67275df64db5a6a7c7d0fda24f1fc3eb272678a7c8becff6743ee812129078
+
+Len = 104
+Msg = 35a37a46df4ccbadd815942249
+MD = 6f5589ea195e745654885d50de687d7fe682affc8da1fb09e681540525f04ecb93022361a27759b9e272c883564223c5e4ecafeb0daaf1abce6caa4bd4153379
+
+Len = 352
+Msg = a93aed0fa5e163a82c9a934aebaab8180edf7de0b32f0fe99f9c75ec305b24609334cefa372c7c758262dc8f
+MD = 66a16799d606c569d2fcd70d7d8321ec90ef61711481aaf7d747744ebfd08ec2e7aead49429af7b4ceec6d8e147ed018e034efbe07982699e818db5fc4b1d71a
+
+Len = 1016
+Msg = 433e88eb2f8aba562d15c18126fbdffb81d5d6c9397fa052321f5f78cd629708ba099b540da5451e949eeab8687a8d6ac35c531411cb37144ab5ff6a7eb46f1ab28fbcd2ea0444cd87c57bf7d3c02952dba3d3987da07622c16e7c086d90e88ad3d9d4afee301d2bad915d868f54197b70b23c9fa385c443404fbc9abf7e6a
+MD = 790bc4844e9aeef8938df0ccda17890556a4151817111a526a88919cfb172f0b03c216080c1b60210eb1942097f17b6d0691bf5b018b6d959198d6a694b922c9
+
+Len = 13696
+Msg = 2c46a76a9dfbae1f5e59f085e9c3d4b600c24b2d404d062cf948e75a3d4ab5b137a31397be9eb34b2a03c78367e0b85448891b511ddee1f787cccd498b172cb7e656c044a03ffde8e42478330fbe9c34072a9e99ce31b41757cc820d98e7d564e06694b96b66f4be34c5eadd0ae4e61fe6abbe4d7ccee855104fedee8b451a7fcedb793d469b0094c0ed07c97fda00dd8c1662b44e3ee6775a5ef6368cb662d257be561a5967893433a4b63f97295036a37272176d081545df00852bc5c4162324161296cd51f76433f2df867a5840f2d0c8d5be00b4dc89443d82175bf69c3bdceb97facae2b2ed68e06ae74fef36d8bd1f75f130cba509341dd54079d45de22845cc8e77a022977c7540aa3e779cb1127f39f825d4d78e55a967ef45e7c1dfb02d9999fd15af2914ba47177177d94576f1091a0657d9e04fe81e6be7b631fc1baae66584c9c26ddbb568750d77555c927bcda1fbdc15c7cbe3e3fe88ca13ff12c59b383343c12976708c0e3dff78be0e286dd32eecf20b71a09fee50a9d0b13c85a15b320b162690f399282798aa3291fdd2f9c40ed873e829388466ddd1da42f2de16aaa9272ccf44790cf3c95382c304e25ae8cb2fc9d9869808f3ee7d42cb143bb0c3a55e03db6d1202ca1bdb744e448640c0aa60d3ebbda5c21e623bb080f4a073a48822725d764e51d415aad1d7c5a7f17433d15ac7d849f910c375ee0899f6a576dada42fd651343383f286009902bb62deeeb2514de6af7f09892c20d0b238f6021f03b62444b1e1f21beeb89acfcd7136416fe7bd8f202e76afaf5345311798be7cb25351add2bb044d2380221009c4d1cbbaba4cdc8631dc0144f2778a6aa1eb3d3c81df0b1b2142fce111af8214d049e40f536c5d462b9224a978e82cc6c420e70ecc3cdaffb726a183c793845315f730fa4dac9fe46e4180397107a6a051f7f0a58ceb9bf4df37e1a81c8e9569187228e8037df2e59c52ba815566768bedc8e09d5e7bdc9f2bff23aaaaf133bb5a3332750f6124ce185e29fda0851addfa2c3d52bb6dfb530fd4ee27dd5bfdce5dc2f41debe6740274bc651aecd4023b098a7d622e2296b50d51b79c4e3f521695a9d43f038e8f273405e26584d3db179e7c1758114a3d39970df674580bbf2884405974f0b9c4b0d8b3287a2314f3f81b6991812f354d655f62513c9551b378cc2efa4c3e08b313c56cada52217fb6112eb8299b28445aca8f72e7170a1cd8bbfee4d2145fbe8d49c6af8831c4d4fc7177a50ee55a7b484261504af946c6bd5e1d6b89092f3c487c0568fa07c356fae9b8e831b8320289039746a435b122cfbc4a0d316bf90d481d3b7d979cc50d98c1190af8dc58e0035557dd5e94f437f41fab513202643a77748f76c6b77302bf40c392cd18731da082c99bdedeb70e15cd68bff59619cabcc92adcf122753c55afde0817352bc247d1170b8ddba1ad1b0faadfe0efbfc5fe6334377fa372c3435691f53dfc2ad5e08966b2d3525b1eec2d993a5cd4ff34278bd40dd80313a0727d05e0a932156152f3e11a190d8d69726f5c57d20f811e1e8932e86409ffdac96c6251c2a2976b8757adcac5d2de94931d1cbea866ec8bcba5774f8a7fde792f6acfd0f01356fd66fdf54a416af6a9397e00f848a2e9831627cbcbb52b5a868ec174e69b4cfa1ed72cdf23f39d7eaf4bdb318c188b1f0fe75655e34ad71907cdb77a1a2b162cd7c22d93dc45321eafb17cd60282e83736267b3e1fb249c307d49509f50839942f0f493afd9ef37db053a918e3ec83d801bbdead07554a018b8ba348fe9b7dd92ea7c5fc0e65a644ba19aa1fb6c022ab768ec7cb249ba17b9dda2860bd4aaaa3dc70ec009804141ad5ebc61203658e57a0887ec0fded18d844a96e79ba7e879c4253056f23e205a80ab1471953438f85848f4ab31ab175c089e0bbb97ea0dd6a67385770356741966053735e2cc2ecdd2c8c75cc045181dd7267584b901674b553082b2c58fb8f8be0b99306194a6f069f684535423304d40a268d55784a14260fa9c9cb1306b82f91cbee3c9f43dea9e50903135cc1c6505605a100bfa28564a2057974eef0852b7b72ce264815026d0759f691db618ef760edde73ec888e181403834f7221bb27a69479ec9b28a3fb0c3f68d4467d25712fc48ad78763f9ea6e8a2e85260225ca1b1a38b720e589fafca29f07257c5467cb74ee53189b8c81b784c43e93f98abde1ed53af60b27b13df6ce45001c6e1813de3521028981086f7d88ba13f6fb1a800f312fbe2f842eebe847fd760c394668cfbfd353ec14ca0366eccd7b4cd63318116bdc42e20a632a0d2b8c5cddb37bfc0a239ebe3800a787d2ece077a7968036b3d9b31cd906f888e3ed742cd769033e2c24c5a9e3c10b6d300db5a17dd88
+MD = a86e07bcd19080d4a83e1384bd8189f60a7dd7a6998406ade0bf03f805375bd823c7656dd51cd9d63e542f8ade41f16d73794d60d0906424133778156ee54b95
+
+Len = 100816
+Msg = f8ed40e878dc68ceec52cc8e2868722310fb117ca3a52e1839eb85d308b8aa00ed0bf0b76aec8a70eba4f0d14d2d85c5a0e876ce2c8ee59cb36947def6c40a587aa07b368ca8e8a08367018e45b984de0d7f1aa46b977cc18c0cd9b7bb897cbb2814aa0ce8f8c9843e03c86c19f2ba95dd2ac4a466a93aae4b3b05055ff148517ecf43e286c57744a3e10a14d0c26e139a503e7927aa688c78609170ebe3b54104390e5f6cf538093a67922e7210e77fcb584ec9b6844e829be246a266460cb442bad52ca47255fb8cfe276108c36e02f9acbd3d191d34b93d29ec40d80496d1c1bb5ef036221641200e905598c54bc4abb3527c5a5f6258e59d4bf54a0498c108a2725428efc2047e0096b32dfdc6ec69d5d72f81301f881ca62a66c22e5dab9fd9d90084c0a36b2f3a0123cc5327a3bc7a12fd947ab57169ac533e4b6a2cb80fc65b9b527cff9fba26994c7fafb5102a0acd8f9d246a3a54178c23eaa04c0fdfd3c0cd980d1fc7a72b25d74df9b95c3dedce8ca316870c654f9ebea9b806da9767cf40605a4b0c7fb06f6b3f197bae7d8cde9daf38530e25bc51b68f9aa23ec0e95199b14bca96c91f3db15bf8432f714dc46ac87218691bc66cb3a42f6865e1c30f8394c8e68c0ddf5851ab7c5906a1994a9af6ac1c44d0d6b95ff15d9f77825ccea40fb9e516d45888f2378e045d95d936d541cea9c8ca52fe5f7d0d919b2b1c59a42d06105ea4f2943c05178e59d67351c5b2c0051c93a4045e512884fa656b772cf398af89081546d920fd3d24ebd16310506a786ab33293027394c1bcb7b1efe46b550ac28529646e8d2a5ae65c59345e24b44cd7b06673f3ed3b9008aa568a739c26682fa596b7a655842cc6b2758b583487c78d14a76bdac7033806c5c210828ef313f8efc4072681f5fded748c31a58ac933b4665c445f07d603e0905e49b84aa55146eb1c1c99196413832a05efee2e64d6732fefc629b79b37bb9390fcbed7226b412204bda523b8b8af5c4a8bdb263ef9f3f6c7b9e1de3a1dc257c1f33b3d54a9101be5b4f2a9db319993c2cd137c41e35c434ce52e859afd1a635af4d8852252dc5e28c729b2b4c96a56d57f3f3854ded59fe612b9b3a51fee3fc1c83db673b0cc7433bff2472bc74a2eeb6706605e308690fd072a7042ca6474603711d8310909e47063f46f287260a26c4f11fe492298a0f98d28c45948a4899e08fcf443a6ba36457dd8329314d53ac0fd0819fcfc3357426c5bb8d3dfd706e205a81091cf08f31cd3459854f3d07e503991ba5f067e3c406c6c5396d8257496f4ba3703cb1ba25c2fe4aa54577af782cd57e85a88a2d75c54039e8b7bb559219edd6e81e41acb6d575d6f798afb2cbf7f00abd5c9c7b0fceec79f9a0fb040ebcbb7bff3602df7b71357efacd37aa57019350bb81213508a006160acde3dae5c42f03141887eaca22d7b33d6791febfb619d11ebabb13e6c5378e9a72e852ddccd31cc53a43275966b7042ddc51485ca20e1c456dcc7020cafb5407548b044d332229911fc74d7fb97de25abff7efb431da82de2ed7e25d0dcc06ffc74e57ca93a6a9f64d76a5c39776fe2266f88d6d0229b527525fd2e22a1407e26f94c5bc6adb1e7327f3c8bb8d4c983385c579dd8f5623df8cd6da569c7de73d9210e6b9253a177653a13ece075940fc81016d8c35fa4f6542df5120c174158ff32533476f4e059e35117081a24798fbdd1eb10f82809836f8dbefe755611347f75423dd8571695960c6f66cca71f0a01e8fecbe1183bee3335eff10b4ff8104132040e2145ec3164b2448f60c730887b9d7894e5f7df3f876cb17136c99cf32db1c02fba860937378dbd093c4c5112133781f06c8ca07c527c2c085e8ba5e52b399f2909e217aef6e3035ecafe2caeb1004069dea023af7eab873deb5ebcef2313c9827821bb9f89fd3d1570a569673d3ede86a4fb13dff242eb98450a8917fd8865c56e0a9f11d72394b79808b0429f3a83cf2465161596887fa2d557b367a1de9c7753666b0cca9c30cba9f0a749c03c55cdc7a6d45852c76ce2010de3e7f75d95228efdc79949b238d90b25f983868b7f07f585f7b00e45d9e132f3c09ee84f794d899759be3dabd46a256f4cf8da71270617cc2425b24cef25d1d2f3945afa6f81abfccc858cd02e05619649b1a5347650934105c02622d538447223d136a8a0455cf3c6f61f696b32266197b5cd1d936fd3ad4288520fb4a2f59bf95e659f33210446ef18debeb679dd99de0c3c74a6eb3dd783861f5db4e94a151c42ce27519d0bbbf1f3b1163563ec06c8bfd881d94a3b896fc07352fc97ada73685588a2242da1b718f81bb1077bc70fbd58b8b52163489ae403838b533851bec30ed0ecd97d72d1af534f3703db59f1f563bdc39d690a0e90e545506463a37e84974fd7b256bbb912cb4077d3e3f5bdd4bd2bab713b696c830b1f2185734c4d2dbd49d5372fe8b813ce73f5e01c36bddbb376ef4541033f2b0355613eeda8951ebf7377e08f967902eb7e23c0fa798c6ae52401721053f1095cacb1e9496500e83c412236fc21566090b3a3eee55aa402c0b774802fd81c9e8579761cfcfdfb1aa23786b2dc35dacd5ca8d8d283369f53e4a5db18060c2c6b0c303052aeeffe169fcaf7ecc63090a9ade245045ab9c8aebf738772297caaef5f857322a597846c7370083d409df27612e47b0cb240daa3cfa51c57108612ac0dddb0f59791289ccbdb3a2cb1fa9ac31a23dd5440682fb373bf0c1f41c4fe2185ad7c53eb69552807410053b0c2d40132250e637b8c425e6a35d93333b5b7d0557927b6179c848ec455fd1ab38348c0e96c60b2da49bd15118df64b6ce4fa48fbc555a4b2874141718e731a40b85382ae6e86ead31cea77f83bf5c063bf1febf71688a832d615e09d6f14badedeaeb6ffbfe343fc7274e78cd46a2aaec0a349c5f133291ee57cdcb65c5474e46294de6bb50886bce6c6f44dcb95f2a4761ed2e6c9e7bfed51e0964afab4e0f7e0b07960f2590baae66b1ec9a63ba0fb6c0d27e81508c51487dbbdc9beb8879fd58c188dfc774b3d0ddbd77ee8bdcdfa0ed8a9387728e12b13e8b3c10cc1c132bd822c2147c5ddf9a993aedbf78ec256db1be76644ca8ca7727208bf89732657152d34e948d73c47561d156f773136684d4162d02260300020123d13a95f4f835907c344942ddeccafe2abb7dc4792c4f1e39c24748c63cba933b16be0b8853e058c47a1ae2c4dfff39ec2339b345fe3557d03c1df91a0607a711636c4416ffdb73532aeeb74f237ed8bf971388a0659e4682a46b8327e751034cbf2c87c7828da9d24baf07a742ada34d1ef38ab1e8f2b4f801192c146600709533e61bc2665dc1e9e6441bf3c4f6643bc0c102a10f9a69da5b0e3d0a0c7cb694c682493032b5853f02953b5c2fc0e1348565389762fc2dcfbb34fd305f2d9df080e859396ffcbb7da78aae0a0d72e3de76c774bc6a81c87f2872b6afe97ced5269009304a4992c4add0bbe24e57632e19ad0fe37ae910193aab0aeae32cf6d618ab33eba59f6a04fad00b1d2403396e6fa661d31b695a1b349d62f56c08fe6c6eae7a482177adf341e51d03ea511d7959c721bd20bf371860ecd7fce1d25212891850b85648db0a039e6638d9c78bc958add3e41341536b5007be63fd1f7e3308876bcebcb97dc3b05a7b2eaadd00f8fcc8dcfa7b961bbe727c9aed1626ff786d6a0ffdbd1002cae8a7d047b6181962a686c152b2341c7c58c9f1dab5af424d183ed1c7d003165a1d04ea3683ff31a0f68615af6f91c21f736e67df641ed31b998445afadf9052bbe004d5dad08f62e5d353e42fc35a92242d8414d99dc4e7e81c8c027af686baa5c185e3f99abb3855b22cfdff0a62e2f47a632b7df8e00e0317af5c24ce7c64077bbb15ec27e062070cd3eb8e549ed9112469090ad9a96eb59294b021eed81987178cb2dcff67a9a2e930f6032c753e203380f8a7c987cea393234699de03a1d09ce204f0a8b6d5cf522b6887174fdbccb08f3e7c4fe2f778254465b32766c48812a45151ac37ae354dac87419f9476baa27e24b2f322b2da4ddf579750684a5881bae2269351fb7de59b9d5a4badd8951135f2713dafc57215dc626ee170fae7f20bff98e36b864e1fe0f0f9a300c903069bf0e0b6f2f8e78423cf6063e89dde6c81efcf26ef15510563c84730f611ac879a6628e55115e1a29de6945d37fbe4f803fcf2e344712d9e0d6f6c79f8773a9f199b705235e20a7830ee3357c5dca29d7a6c29a3d2628bf2c42c8f076cc4525301d8e1860729070dc53164d9fa08bf63cc889eed01b0130a7146d860bbc09ead3865a3082db0836a45f5506c3e46e452e298764939226cedfd06700e4e33c6b4a78add601140249596831e97f960b973a4e4dc3fe2813fa34eb47f998ce57270368fb81719a09298a223f7e3931ce5cdfab3f658649533354e982c87dc9e49eacebb5bb4af9a767b4f1c03d774431168cd4fec1b2726f1aae3f9a062a825f3295557eebf3af4784487b869fb049de44d03fee71194fc200af72103b157431935b5ab9bc122773ffd313d52d7acf1078386090fc011de695e71567cfd51c06317d4ff8841ceeb74ad35f4e5f4d20921123cb88bb2079674ad39e133cdfd6478d69c9bddc7a818be5d7b254bd9e0abdb030f52846fdfeae8ff370a51a9c5f6017af3c6c3db17c5c614ea18ab0e3ca0dd5de621217dffa36e5c5318fe191040a50cc3ca620683bc34da6c142e1c50afce28a86b8b66d189adcd755561a647080d93f3ede1cf54c3afb7e863fc8a82a2576d3f79e9b2bb634e598507a3d7d017e0176b7868bff3a3dfb4474b3ce03c401f33929364e727fbf8096b77eb351435c7a113b3215cc6246dd86f1517a7e550cf828900248f7c1754e40fed62477b296a37d3e53231360d012c4908b466e49b0e620c0a5031228009f259b030956ebd70e49357c3c3ac2842b6bd6e3ca5a3e985dc03f7105681fec03b320a7ca753b782ad3b52fd9c8e3bd980b48dd6ec8901dbf756108e85015821c880416e0693e0479cb31c0743450f6d9214afabc4feadb9bcee9def460a58d3a02d9e3039970068b8e3fd0a403a6ca7f2c71ae2b46ab3c731b1e65e2104c47fcb1f69e7c8c6df8c09b33f2e1cd4192faab316a44536dcac608832019f5765cc5240eabe3c87445c980c299a5e7ae0acc2c2ed19fdc8f011515bcb00476b03633c7669db1b44f97f6cd402778e9687c740dbe5686789b79d0b13f784a2a866eb91ab2d66f064c49e8df513ec348fd7272ee548ba08e1f9f99696ffb53677550d59c67f88404f6e610455a422d9cd987493ca5c366a397dccface2bba8e3e99719dafa768956cbf6fd8defc4104b8925878716a0514f70cbf3fa2c2bc2f66fabe654eed3076257e71117665703eb88c79e4c2b94e8e856e7a6ef90ee2a358409db78b98056ce1750eb80725d70e35507fdfa5933a61496ba48fbd5555717b33b59d4ef211fe096aefd478859ffc97a41372023ef114adcae5a8d5e03c21369baf1e7f417cb40326bc6db1cdf0904651dda3c1039a2f1755e7c329f7c03bf33f324206ce6e1638711c8c9a45f153aa1f847cca2a5d3af1d24fe7a1e1094819e8e712cbe10ead1012b7371b35cbcc2bd5b10505fb63bea20ac81d25e83ed0105e7595b6c28400f4d336791ce4a584323d0b455bbed44392c5f86c9d5287593f6986d4b0b8f9974a7a4157859ba801251d3b44b2bad84f29cb87dcf1680d6d10d1bfd59f0c95fb7bd07fdb3ea2fccd6e3ee80af438956ccfe31e750972f893ea5dcaa26d077fb3f09d990c2f41c8707368bba007803621ecd76540cdb8705435d74f4300eee04710a936f241c034709e625b0dd5dae1f6e86d034426819c365a05f5be420cdf4042bbff965a666a5756f67259448ebf742b6ea189fa17a4c3bfaf651d19a8a525f09d9cff637c8fac02eaa58d3ee3f7221da1e61833c0b183cd9f47686f09597e8115b435454acef80c079eafaa22b18927d07bf8b7c5ebfdec9c42a52b7824d45decef41e6184dc2db1505ca6f94172fafc10731706e79b9856dfede353d2eadeceaf72a302e3492d7dc81e3777e4e9e1f3d33cc4402833ffedb241a75a09e9495d671f80ad3acf06823bb04a92b815edd0ca7d01dcb3318c1ae5c62d3e99c0ec37908b45b51dd65f6b45b34ede2d6f553f60a45e20fafcb34ae4dbd375f52a5db9c62650deeee78e955087c2bea75ede7c304347b171fe0c1a2a033894be6e04605271307f307b2a9cf6ae24b8c87ce033a3fa4cf2bacdfcf54fcccb1f580476c7d00c631a8529a9eea2a713610341e0e25609dc8927e51c58a0a9197a54963b5cb95877354f4b8316df02ed2bea367704a12274d96bcbe0d0d728923a368bb8ab98d5db5401894c822632308ddfd309071fb4b477d8eac0ea5dbbc3e3606d8510d9051dfb5e4b7cdcf2c57c1b76902d864c3109c901da53019ed33cea84b407490486ad9f980a8a63df3d2e3921064afea137f35179130db3351f5bc3f5e7d590a5ab08b5415efbd345f9d57b71ade7dca939efa5a12d677b9af0af14468176a43712bde10cb15787c18bf066eaef8abcdea77d3a0c61d6c74ae7b54fe90940d0233e4b874c9a141dcc740d7fff43b9fbbc012a933d890232cf74fccb7ff7eac1148e203c7381b7f1d1429b1b1152ec25cbf7562596eb402a9328e43b5dc5cae36592da5523f0b9907a6817ecd395a7c778daae85bb11372b20641a04250b77b3a0ece885d07faf9622650259b874536d6d2b92181c834dc111b6fcba483167be40ecc922fb87006f63b9e8e632879563f37a8f712db9fa68c1a20ab239c0116fe022fad1279f3288b8e74a16d447e467b6381515814dd3aecab5c2a09c400b44e9100c04c720dc7e8c6d9460002da6c52004c16999975fef8752c2f9c229cbd9e6446b226cc454bd68cd665668a17328bb30f301e92ef5c7a2197a326df5c99b422096de8af231d1d8872e6e505bcfff026d4862f28d4bb3856a66ced22c9b0587451d8da4230a38561b5b1c69b523a4701a2001382aa82fcbd60733a14696a540227db44aef346d6c0a7ae5173604d59eb828614cafc1b8cfecda054dcc7306f73925e6d1af56ed74c51c6cdb66e9fee8d7a0078254fedb0c0f5dc85a4686870709b499eafbc8451aebadf848b0598ce8f955688bd2d6032abe10d1391d67c20a049841f95d2ee0c8deae2bc1baca0c098d8718cba1ddcd968981c47cd98d247aca4f838f3bf16d092eab8be8deb1f8d504d37cc44a8c96c9f22f2698036d4ad3bb48b31f109626565c147d20a4a7dfd61fb918f81548fb4f78875c1d138e819f6822651b93a3c92ad77793fba5222d870ea671f9cac967919d18f96e92778548415b2e170d90b201215354fc48a77e62823a2c2bb354782ad052732f08beb278f751529416f37d83ea26248517ae2ef2ead28c1077908995a2d25db0deaa957bcab39715283287fd626ea7388abccba2d90e364a7ff4284c84f70da68ce1aafb5be0401cb9d45e085aab41892a49e10cbd5baf2c34f5e0ca076f2772abea6f622b66020d546f8c2f134a87f96edbeb9b08394b585f2c2f98aa792f97b43b5f3aa9c34189804a9ecc2cfaeefbd0f967d85a25bf3136fd8132dec38aa82e4af6ff677682f3b62be27a180aeb22f918c24f23bf6f5954e0722324cccd06829fc32ae4fe3aee6e5a03b3651900e13fb0a759e544d033418b6ed40d037b4549a0404792c8fddc317b7f028493c4c91d6773932f8486417544f3d007e5f9e6fc02fadff175303f77f6b0e1f709bb3d3a93b38552ccf62688a39da1a602dd5e122e6f4e9171769ada5255cc5cf938dfefcbe3ab0faca434c42dc8c357e89a3d1488fa3df35c3580b124ba3bf6d0d203d586707eb692150ed05a01bf9de5c4e67bb948088784016394d47abb853f2b6b643a066ad81bcd1735aed4e108a8c1fcd025b548de874eb60de7f3c568728959147d1219e4b830e06ca2bee1f8a035e28a54ee6958d4821a84e5d1e41139905f7ec60fe67ce5f4eccdcc2c3d1e4a753a32dd3004970a4ff3824471822fe2b5010b9b6c6b01336dbf0181a95cba2624663215468519871cc39e8a7f4a151c8bd03363b402020f2fb98069b2cb8cc1b7e930938e7540d95d1d223e47865135793f9eb573660ff79f7ed2fae503e68ba44596ee745fbd8fa562c5c666d174cc01b1961736e18b8b517161ab9c8058026e0ddd6c94aed0086a26e1b959a5e05eb9d8c1ff5b2ef518ca23b4f265db61b499a48cc46bed28d23ffc1e8d9c9e345c06079ad47c88dd4e8e286575bd7f9420ab9c2d5c6685488b8b34d4c9ac04e1427ae0994cf789b48b01d1db9c2fe75fc5187727bb11119f82d0739ce4048467a08cd635bf78cc1b6cc9c28fdc199d351064a81456f81c9e56a43aef7332973804b06b18a26caa62523a7d0acc272ba49124b17bb68800d5756afd34ddb2b7e2dd8a118aac3fcf39d9f853c4d2c4fd3ed5bd25a6604d68d57db93d15aa1160f8a97e6c24238e84f272780966867f9c644ca2775cdac4af0ece036cfa6ebb1cd9d701dd7daec5763c9a4de0385db383a5647918e79c6a6de1f4ee1f6b722c561704c8d7efa4710d78dfce8ad2df0d3d82cbb59cef0bcb001f70bdc6e17af1a720b117fe02bb1dd527b18e6bce70e9447cd0cc85cbcf431fe7c006f5e4ef878a974a93b25f492847c9ae020583c9d412f4124246164d8f080b615e2eee267a7aeb5fa0974de52cefef23cdda7b305a33a91e9b50471ceb72dae337c485d636e28d6ee31f5705983808b1567d4d4ae820ec445c56e6a404cad6b408691475397c0dd6cfad232106ba96e5104052700a653e21f9ac6d79578a9f52548f426a1e81dd45bae30acdd4d22a2dafd633564d6b2f45e7d35413503c955cb0a9784b42ae8c2a5933a6729f3922f969a158540dcd201ecb6e32f88b5b4921914a2e8f424c8b031f115ea5d23a21e6f22439ffd7e5d11b08df729f65613b4f6ad3edbc9a066a5e712ecbddfa6fa764cdf170c0485f82d924a99b7e7ad8dc44c1f93e49b6469a9af3de5691944413f1417b753bcb84d5b7a34f362c383cbc802b0c88bd23a7ac471b9287571c42081b1134bfc8ce104a550942ab1f2a074cb00a90558d6e841ff15cfde6951f03e450a1bfc90dec6c513fcb2692ddccc31d22e5274d41036656183c72fce208e44920776f196193137ac67d6d65ce9cfaae774f23a86e6ee8ff3a4e9422a4667d971906e5496a4e80278774899c882708611bad282f6c1d666bc5e7c40082b43a6e98d494a18e9b3cf7f154fdbf90d786e59e83b72ad0ab893c49aca50ed37ea5202e650fda54f5c46ca2a35c476f4b009c5e6733232275abd1341199b63d22386c484cb95c43ea90e609c407bc79ddd00609cc2eb0d82848db239b249f164b7ea384d0239fe1e64d04955b9297472cafa2ff272c5c78100aaa86cdd8120556f25652a3c12da5853338e3be8f505d93ea03cd1cae7e78e95befdc0e26b760d11e05403c348e0523fe036381408033c009a8e1f117af5100a6eb91f08307df465c20bc1dd029875ef7e49338689f602d98f2dc690a57a6f2864e57098f8bd723574944ad3688b292db6d01387a16493912722ac8f91fd12b748899bdaeabdf0479df788eda440d7bf30d1c25d78d757f00b74bb556506637fc1ab87162f05d464e63a6272db3fe56e9357275035d6b6bee32bd92c4a1dc94778551e94ee1d8854f767bfac3811bd0287672aaa01ea18c25650f05a68cbacd9158e479b508e72df778589e1e03dc543b60bb3b10399e5c50de9e728e69774fb3f5fea757ddefccd0f9da75afe4b67f9c54aaaaf646e858fb001a6deed0a8a769ecef0689c988de566b6015fb8c40aeb5f2df7ea4bee60e8e69d15c4a4aa5411dbe63fbdd6418cf025d87f37362f15e22aba83abe1a3de9857c71c2234023b969eacc0bc526363b7f30b092ca114f2a6cefb34394d146866ac86a33fc497a8cb8e2a5bac398579ff7958878421fb08fff4f8f3deb8c9641b8de392647df3017a5467f9d7b23036935ec6e188dd6dbfb544b8a9e04a4b3c7fa1e4d1d9879daf69986b8083e6eb023a4b5eff80fef17f8f65433c882a21565a919448e6091d1b61013fdaf9fc3e45bbe827c9b4ab10b05600a1961e81d31c7404f8e0d32bfcac2937eaed811db167dfdc29286b0d51bad2bcdb9dea76eaf495a31a7fe717c1c98be374a36271cdd06ed06c02ef4c3c06cb42f73b3332ed488416010e6bf2f4dc4dade6e2e61f19e9306bf941868f59fa0939005743dd647f0a04b576a7e71d4c383c479453501e18ec56d7cb79fe31ff534afbd8609ed701ef163f9de31bc58114399fa0f22b62c66c380e8a10c34b7e731df2a8d39dcf36fbf3a66d67b973e3a94bf6ee0bd96f5c76baa76492032fdd2f59ecaee403d486f543f2cd7ae7b0dabe1b5566e681cd40d384a94349e9668650a6f2d2daf86c59a7b02ba466cd03ce1d50c3f0ca4c02dc4b3d1c0e7b9a77df9eae0bfcffa32117d7e05adc7195f4278c93497401629897a58d08ad7141ea52e0163f14992d7a284e7b875ce4640b4dd48ceedad1ea17d8ab1e760773044845e0899602f1bdfff4d42ab80c0765d1a8bde2ba0a830c050923956d06c80b182264ad19ae4f7c39e43195f7d421bdcda00e3eb5ec5ef2ec91d69df691ba7fe250352acf01fa92af5e2c634b9c7c97889e9147e869acc153d88cdc18908f882f371ba9c1e13c26e9cb8e3cbd4c5e1988080ca65a67b3a4c3460cfadbec904d853fddd2f5375b6070941fca53cc106b5748480213cfbdc1c34320a0478b05f76fd0454c75eca069cb1fa7b21704dab67dc40d041c8a1040db378e76655636ad725219c049e6536982d6ee9f11dd032280e622547c7ff44a938a1f233c356a98182d22d5770fbc871e20bb37483dd5d6ea1551993b95b30774a49b50d411ebe0e8c92834094e23ec2664d822c40e96fb42b8607b62b6949e05edcaa436d0ffac6a8ff384068acfc0220c0b098d368fb8113918a4f8c9de37cece74c8695cef2427e54a6e77ad092a9b7f1d94ac9f0836deff41b905b5dafc58ad6063759b0372a634f69a639e19521825d66a282f489c3172a3659264d0132af3571e637782bb6fe5c0afd24547612166fd3409d0991392fa054ea5bd07a4cd0921a13ad7b62a0b5e6d56cd8adb7f3eaa5c99576941c38aff311c49a8c9d8c755869302a2e5e40109c8365a551cd3f859b9421be189d3a0e9ed78830d5cd6a2414e9cc4c25814d94d98f8848e5386d6dbddd65d22b96c5d20020a5dd409c7e5344065871e57e01c91a443501dc8bf619890fe231319b5480c3879dee618d319962596539e2970513fb5c0c8eac3a71ff99962779cf1d7e916566d0e29d121c5cec5d7302a18ed00be9316f3de8c669a64c2a960a588f9c8a42690f6867cda7146e8ce27aa6a7fb27606eed9df6a235a42d17ce71627446e206e879de56025a66556263f06684dedcfd6f083d6a707e5fc8f8212d716e062f0f7fd0c2fc62bea93d68581265a803c31cac3f8ac8939c5f8c464ebd19df42c7e8998494af614c8383294f3f3883f2404ac10404759e182a038c97aea04a85530ec005e203807c5bc30fa9f5339b32fb0427e64915e29a25bb25ac60b92256470e7de5298d42c6b88995f8d2fb704e49d55b66b71e237af90fcbfd71d9093e1a543da2e9911ac4102346dc4704859cb33ac5f5dce2b3331a9dc9fb506461a5436c89bf90d39afcf93cbca4cfc35da6ddb112243928246ae0d1ba269b0fce0468d3ecabbdb925c9ea3241e2dbdc6b151fb4aa724a42f98b0248171fa01fa103f116d0e7deb65dc359b09126f9a420300fd209508ec7a50be56d5b470e387d0c52a1d104625f9571ce1404d1b7af3fb00475b95f752ab96610be112d33ded48624015781e7198f4dcdf917839471fbedb43c34efabe09941fab6b342cf672a29dbb1eed0db788dbfcfcc63bcfe80f7718571f691818dd6f839e3cc282f85f03fe0400171cdf1235049fa53de7450b4c40ed398d5a486f52124c1c63de2afc950e81839f52d17e2a7d32f82788465a65da6cd763c6360763561ed2bf47749080549b6e2db87514e1ee1c85a0bbd346eb6e3cc29267cbedcad67a287fc5be65ec59ba8b6854b31c83dfc5155187d4150685c5c2c342ed68b01ac9e44b60f0c100a347a0f93074dd37d8956fe2f43110dda66e9f9e6185c23dab74cfca21f3ede4bca87687549ea02662f45dfa0ad27f9959a120cacb7c419810e1b1a50fad31c12c47d5bbc61bad77044aa541d29faa6126c60ef088b82eead17a52843307d4bf798b853d90d14c5347ff10615381d85e964331b7a123d15a77a6790d93e920052ddb4db4baaac5e2b27b66ff955e53b8308151c81da4711189ccf0eb393c5bbccfa1f6c94a8d5f4bcd266fc6a12061967ce836ca042257368f567dc42de6ce0be84449234a6163b72069f25b7ead4b2003e1a7665e87ccf211abe94175d1c11bff2c0b6bc110194d34aab96934ef59804cd26e4434ba166d9833fb091be37b139cc10748b881c93690528a96ccccd2dbe024510b8da37dceab567dc52706461c486a0463369cbb99bcca2e8a4d2e005c45401964722a4b3ed37c351c9f21685e8992c9634349379f41796deebffc2928058c8ef6ea37c6e4970dedb78d1c2a00ea9e1ff1e7708470a6c60e6a2b1e966aa872776afdb238e97f716b3df8dfd42bf0f7ceb52bf9eb33731bdba5987b8f48b4599d67b383e77413107857e951ae0625059e5616ccb41131df9a480efd5beab3a9c99615921caedc53dbad675c00ba1030577db1d22731677914fa958b44792cc9c19e2ac71ebe61a05ee67ae7116e39e1c0d103f18bbc9d531164360d901da8234d29fb0b37cd2a60c7aa2adb2a4b297ea2fb14122ad95bd4592ef86c88fdae1e37dc8e44ad03c0fcdfa3801e93796771c5a2ec1e4ab12a64b3ffe48e7442c6224661ed5cc987aada6e778399941f7b20f16f94fb346b916be87f005c9c13789741602039d38270643cce3c347565eef5ee09139330301951c15756be47994de6f1802dc5131b9b011051b1d87d744756831a71cc8528487f032fee9dbffccc751e6a1ee6d07bb218b3a7ec6bf5740ead7a47b6907d7aa95b79aecedf4a637ead8fc6fb8654c93d13ee79f5d6258dcc61993aebc65e4fc14eea7d006e31f6e9f60e3bca8ce52ec559876fd20255e507daa99b185671ce1ac11d448c30bcdf97b9617195e0ccd2d15246308dd6cda74a8071114327fe203b1adbaa780f3243105c5111636a51dce966f5652e39d4f91abbbb4576234d6cacc3ec57cef2dd4dda49a6c33d12bb7595fd5ab5bb15b40301f34ddfb831a5dbf62218f496c003227fe6282e2ac054c45e7f3fc93e51b3ee8690f08612395095a0a12729d663eded879d9ffb325c62f2cb546a48bed51ae232fa6ce28a2494c132a6e09d98c2e3d478d5d2d15dce2e2665e4a3db448931068b99899c2bd8ba87349b0cf9e3c52cffdcf58a59b4fe0089b298b42ad7553f831bd60f5cfa3e09102fe773e4c05412973a678f3b3ed420433cd664dc7f218e816a17c5c9013ecb84abf2dd073557dbc41b92a91e0339d57b8b077a9a44d56427fec5748c47c1460b2e2412094db6d0ad06dea0aa0c1368592594bf0b2f590a9d6149e44dd4adc4cb42e5d9940d59397b83b33b88604c210694e3fbd84795c80c1b09ddb3b1ec8bef6e9dfc4d7f295e551a79436007ca48aa605ef5a89571e59cb26f2766e564e39d3bb441deaa0c8664549881d90a77256c0f6c77241fd6ab74b0e2890f78ff16fd2f9271ef96ebfbd0b878ba9c703900752b7447f4efaa60bd9dc9cd5673a36b39d49f54274caf03c0cf82b95141fa20ed3ce02ebf0dd74d9eff8eb9e2dd3a2976b244b12fd33ee75c1f1c459f86a1cefbc817f42d7f43ba406098165cbeab99df4fe751ae3382efce32af252e461652c7598161e74fd8eeca474fab6b1ede039935f2fd4d7562623b90a422a78941f47a76863d95857c33653d1b42b806bbafcfeccb7bb4a0c58acebf6104b2570afc3ca88e4fdf2719cf39c964a1ea7d2ae4a7fadc938abc95adac495093f6b959b1347501606b3f960b6d739291aa8c13eb49e98b0f78d2b91400b6d8961cb6165c8b684738e4d4db2f2ac30ddaa03a5e0cde4142b625e81907f08c60d7cb5729456806c89ff0efd08397423e44738ff38f8e88684f3a099dcda455521caca37ab4f4d9ed5d37975d4fdd778b97cc93babc804864a35e3a2db04598152e67a2f1f157681c3962d46ada23ea5d9a524f9cdbdd08a07a3a85b1f6fbde11d5a35c7743b83bbefd19aedf6d92241d16aeca7f33cc51839b75f111e8edaeaed808daf2f43fdb3c6f032ea45052ac31d4870c4d0d76aa75d0b88635ce449054013f234c4a16cffc58c95ba1cb8a0a0399861eecb1039bdedfab4d05f0270c6b16f03f6b8e629f687f133ebf2662c7f930530746679aac2791f54d6a95bfab5be0c33739074ed4e7ae88dde4a8036a7d6095cf41776366b6ae3f8f4a0734f48c275e129cfffff5e0abd042f99a957bf6f0f47fc7288750f4fe30198f8cad7067b36cd87ebca08abd3f9475e7443f83cca91a1ebfc42ef3494871f51f6d52a5524b9391c687571be5327c7c94ee2a096653acb410917fd51e56a92be4f24c1db6b97b465ca84c31c04c2f61eae07e952eb6554aa4d8a380d9ee81c1c462c360fcc3cdff2867a953b655562cd06162af8b99bbe662e0c27ce4d9a1c1a907def48a3231c2110c930a2f1498e32dbbfee0e5c5869332f3024fa5dfb0327a27c663cacd4e9902de34dd93529e90eb347bafa5035f56fc578e8386c7571d1f0ba335225ecd8be026b4544ad70f3af11501a53119ee39a8558ca0ed5b3d897ffb9cf0fcab55a0942d3bf7bc6b94ea27a6b748f2cfda431f35252c44610b7e843ed91ebf7e8fe10638f04f52d6d5a7752ec62350efcb7c473f80b1f2a26805151e8346d39d23551e92fbe372df7979c3f756bbb43f6bed09bbc6b65fe6fd241ae1c2f1a0d0b805c582853b85502968f9478e9a84895f9d4ef01ec4f3f571e57cd0bda68ee1f6f7e14fb6e0f4ef8c7dff6796472a935294fc27b16216966d5021339ded059687355b42b55926854bbfbd9f974a0c26eadbfca8a6183093996cf252894e6db910c71ca3ab2e82d90d371c36b92c9409cf7937bb266ea9b29c41d774aa522e103cb30bbabfe872b57beb027623742806aa7694a859ede9bc1fd7b9e32880b064b0030fce1a0e5cdf3ce558a5feaa32e323dbfab6661c5878c9377ee52a615b7c17bf1228e328aa20f92d070c71561969e1af532e76835fb0436810c3d87b982217edfb1143bfc3405ac9f6f3a50145608dfa8658b0ab642a347255c55b59cd1c5897b2cf625a0f0706c30ca1c1321e90cec57b7c3d1bd1af455e3732db80643383c41eaa6781f63da6233360ee720cc04d171ae2445b0c071e339d547f7ac32f407d29ec7abce0a9e1ef5276544877bab2f84bd2eef47ffa66f96e7170cd54d836c9badbc59435146031502c1a3cc744a470f693636d9050c5b894d2d6047df60eb0bac16d905d46cbf017ca69d66427cb88036eca4ea9d0e579f6bfd8a4a850703a0fe49d39c107c9358e98689fb62bd0475aab4b2031446b437c7f9e373caf0270a28d7b15c71f02079dde401e26175bb6e392106a9072021f0e5c5145a1db6f595b032faed8551f6e2ce318db1ab513db876a3eb42d225014949c19543e9c5dfd2290e28c5d72c87223f0195ffbcba1c02c7d0087721efd2af6881dee7dba7565e07abc35bc3fa41c6a4d6a313222ac6dbb117c69c62db2691c68869ac5fc5e987b0ae4335f815c73ea4235da2582dde81d6fdae5911617daef847be17f2bc09edd88830eac03977f89179fe03eb2dc3b38df43803ca2d38455232549110f4580ec3cc04c0d8cfe493013d2cde47c506ef6a8dfc42d998f70378fac5ce4709345926dc477e9e339d8c87ff6287ea6e2873e14d538cdc3f2a47e0e37a2601652f5b665b616a7d1ef3537a3327a76f93990f7694e6484e7a52a10e9eea2edc92b99406abfb2b11ec86667c7af4a333dfe900bf071d1bbcf4f0ad768fae4f450c53817c507d26e926e753e3395201d3ad89061f16706d841994abad283f0db74cada25beb5fe46f48669a62e0b849cb77097e1b4578b45062af4a071b04f0cfddf87519cf2bfa10ebb4b860239ff187e6dad73806ae968e6ac0f738baa88edb3ae4883a9e59be7a6b222c5f54818f95578daff9fc7a7aba8c4a41a699923e85ddf24a32bb71c808516f64d506058a70539276d57984d75161cba7d53a4a864c51a249a6b8fcad5738dd0055ba8468b56579ba5f102642df65c598490f3a0c9b1064f4eb1962c4c38bfb7d55d496a0b0f7b3f90b42f733d112c89176aaf937eea4bada845f3ca4e9b56b3a5a06b4c90fa4c1914ea47020c2f32531e270007ed389246906ecf2c4465f7cc5d6a347583dd73341ad97199021819be81100d867d628323ef7552db945e4c0be604cf6c4a8197958bcbd6c1879387d3286dff979632c54baba2a35ea84efd7726b662b94fae61464d069e0103692599fb86fdc3a06e01c6ae3deb3de6fdb21806c716e5f82b784e4ad3f0e2de629a18e3a2309003dfde9dde8e5101b83312f76e811277afc286b56879f4eb80468e58c60bc088284d05d725ddfe3185b7c51b472a7ff7db3930839142d4a452ddab628e07d43375801d7c6a711a55b452748d770b84ede35920c1ac74b595baef963d21df9418533fcf959593ccf5afccc753e86c4ae231eafe77a158c2472143faf169db29bf2b53c3288d8b3c9added65778095f85e2cb471ab58362041f0a27d874c42bbb06385a0403ca193cba67cf70029cdb7e73c7e2267b856fa0b8dd4c706b45e7174659b0ee2891df911724324f7ca5daf07c912b9b2abff762e62a1817688757492975db7185c4695f3a90895634b8d07453b36dd95197abc31d5d153dfb0d0ec92639540e99d6590f9b394f14c93a5e829fbb33616e810f59c502be44a13b700fd3009545e34c211abf9afe1bb8ced793c6f516d40010649f83a78ddbe9b71d8596582997d0aa54192e1200db61dade30500d72a184ca7dfcbfb80e5442f489d316cc8b75005564835d4b11c482e2c4d0d160f14a8b13ae0a0fb0ba5e3b782770aaca357df0e1c4d1c3b28b776a8b3e0da1abfd4f7190673fca1e1c5a31c688d6e8ddb21300e4178d07c4e854a718ac3f672b0120d6a54c16957c9ec8c444208e47737bc4eeb0bf2d801eb2fcb72f91fe988aa75f38e6cf26e858dc2a718580ff5d281d13e8fc3e3bc30c75c0193481c39c375a5b06b962d9491f3f1fb80f1cb27067f0709e0b0730573a9b5f5bdbee1708ad84b4ceb1a9a61e4c41e90655764057bfa07b8c81cc83a315be1aed6a49715479c0fd0f53f625fe6c7f36fadd001149ab978532e4d0de3d1a38934c74265b161899843704fad16ffc6189f42a5cadec98603e0f98c6889bd4a559079e074cb40678fad4690a20d988735280a1ee8ea71275069132101b35c18ecc9d3c6eceb4cfe9b165e4b6acc17d4f113ef8283c0fb6506f5635401e916d4f7e7bc3cf49aed166587a0c72cdbe673f467d81bc2e9cd08cd8dd16d90b353481df31e89b45e8b
+MD = be3cfa6c965b2ee4e6fb0236665b0b95f66c8da8b338375b7393672283b0e50b96112d7cb76fffaa6db8ea4a7687fc6234dc1ee52e764d69ba8ac40c0f51beba
+
+[L = 48]
+
+Len = 16
+Msg = 3a35
+MD = 87bea682792f6bb4977fe1b92e0cc7017413dd263732c3604f0ebd63c2817ce5ddc5d78c0137f614a06e72ab1cab2f4c
+
+Len = 104
+Msg = 7db15b3ee240b45d4610950996
+MD = 7311a6356ab38a690c0b3a1581c3e7b6de418996c05e79849891b061c51d53dffc0fff2b8ad1c1eff165aee5ef6e18ff
+
+Len = 352
+Msg = d2a1efc725c46cd6a19760f49edf0bae823c1b4992ae2260085746cf65833bd008e56e64002383f51f960239
+MD = adb1778360ec659e90609e74b6af219a01a024f216b68aa944841429ed5b03b139444b8b848f73fd5f350ef02d46b6ce
+
+Len = 1016
+Msg = d11ad1253592c094746da7b5c88d329bc3ce1929913b8be07e82d3f6b7a536a855f31ad197376eba6f2f4534413fc4e4e7673fdff8739f774a710754b568b7c61a473059a41c98aa4e86617aa66d2601d0f0d584cd9f132afeebdc0ce3da6a8b290059e6e4aa080c195c42ae7f7e1e99865223439929b0a3a0d79b46ca6419
+MD = 0cbec7be7299f48f043c3d1aacf833b4258c32190a21a8ac2471666b4a51b63cc77fff6e081aaf5ef21b1b7523d65763
+
+Len = 13696
+Msg = 2f7a9929dffaa4a4dcfeea1fc37b18e3cf935abbaa17cf9d834b3a8d61e9fabfb7683cfc387d6f46ece3f8bf845827c7ebe86a651d6dc1e83c5772cee1a9fee4b04453af2f68430bd87835126cfd1b3f8beea4d3822fb27864570e255cb65b414197480b6bc20a39c5450adf2474da93d72f6ecf8063899722d3755b7a19f71e93e782d89593ab19ddd3ddf053c54e0bf832311fbf132e8b9e540f38e4d9bcc3cdbf69de54e40ef348a9170ba2f65def167f568ce846889c0161448342fe907718a465e451bc1b0f2e4f21f9b911f186589f43dea305811473837c063b915d849c20deb43323bab4b64e61823f1df119e71962dd975700391b411f8778980a3080ba3c14a321d32c082d416ddd2345f0eb751a516d44ee55222395cfa11e7fc4edfbe7cd49bf4ebd4d7428843a2ad5538b3cd201ccd431aeafb146a65d28a4870a6948a7cc0413b0adac7e8dff3a898aeff5f4b65d10b28ceb749bd354c061c3008ec569d5f90a4d4f5caa51d35b49dc4028e738c8ff5939fef3fa202fed9ebef6f2c7dd0ba41cdb5c0c16985f96fd93a65d134fb4a90ffc0fb6cc5396b843c2151bb7c9170f2fa4fb44292a4af28df5481de0c3c917ba1c46467a35302738158493fbf6a0422cee558d4bce3d78e14b4fefb65bb05043e2cc2a6a8ea64565ff6ce2fd2c4f43fc02926ee44ee02fe1dce25cfde0115c9396c9ea06269f17b2caf58e2332cc1c8528d9705c70da1f76f22aeb1d1b93449180640fb5c4c4a708bc4621d7d2bed5b1a752191cfdd45086d34f247ed1df0f24e7c620de32bdfc4d1f882380d2cd7467c926f48abc75cbfac8788f88cd9dc5361517a5eb36311e6b39e21a85fba2038fd47d860f776697bb19cdb5a4d6746fae507e274399c91648537d905015e58910117e5914f44ebcb00e771d38b30c1473e1232d4e222cebceb4810c48e83e0fd4c852f4fffcd643c0ef9e4fae2d0ebc6f102f3f749b02a5e3a61517d53b539cc24120df3957a633d50369d46c0c226f8924cae51dcaf54d716f61385fd8cf38c2c311a32bcd6594d6930133dc18ef36a9671ba8b179abe95f588ef74e8558ebbc974dc73c26bb6eaae78ef464181e18b71f4b0f986ecc8495a9c4dc0b0b96be9806fbd3d32952ca3b4737a06ed6561e9c9581a33a720123fbaa2a70fc3233b83e56444f5aa0cfaf70fb24be6118404f3e11e6ea004cf2d079a3e93a8ac1d4e297cf4fc43851dd26314a7ed6a5a784b386daa26e50c64692f7db28c21d82234289bb45bad5042236667e6d70a24bc9525c3adcb793a6a5725d9b10911e3bc8e3fd604db7998346e7f7dd1815c0cbb735a977bd4b32b5b976932bc92ef3b56bcadc089045ec95f241cdb0a84c67f1f76353da6cb493bb27a881d37a2106b8b3010cf935eb3601ce4dce3e449eff8331e444ab117a20809a1010db4cf3be0c488f777b6532df908112e3d11592f04a0cc16232d62340cbb8b5268a662b8278d37c03d848a04f0ab498f5af43b0a20e310197b7e1395a65299fac29f051bcc5fcd09a5605bfee370ee8ea21f5807d9748acca815a44d81796d68b0014eed3bb6a94233fc51725de3809ac6f538beaacf8cbe3d96aca21a7a763a957f8892f22c6d086d9af2e5ac9d90321e186584f17e964c90739559ddd034df076c4aa38c2b78aab6dec8ef6be9adf33bfb66f159ec4826653ee6cb483539c47a4a1d95663e6cc7a42a3bf628623a4c9500a59a50a312aa104b198ce5f3e58952bb79ff1ccfa9ddba2fd4705e91b5acaddab9d6522d7666264ac5f533b6d8ac4512d8371c69c06b6d322b046ae2a0a20aec1c3bfb05f3d91b9044cabdd873abb5f2b0e3e19740df31e39828f9ff9bbb20b73541a7a70b8174ce4e43e0d356e629cdbc6c08d29bd7acb6a4347823075683ce9d7de4ab3ddda6572b175951f30a15263355fe9641b3322df7dd52077402a884cd472e6d0b6c34cd63ab63cec8760c7ebe384f7cc31066bbdb7a3417425e039c4d340166e4bba4839076ac9457c87459c57957d0a06dced2f7a18acd22b7295785dafa435a2a8a2c3a1fa05d115fe129d19fc44c5a29bf15b4d9c2b375bc8e591f92756cfc573a39b8fccb8395cad7617b11f14a60e2dbf69b897844cbbcb70363010f6e1bc0590ea594aa924597dbb32a868b55551789f82437180b85661809089d34a168d44b4d788dba23b13542715843eee797366d9ce7793e72331735bc78cd61b13421a568ba3e66926921c04e9d00888ba7ddeb474db63813756ea4a02c1823083e36ebd2d32d5c88cdebb98d511304cc276c7799cf84a1699ccac9569b13f530c762732e6bd0f8415001b2c02d11dff36660b717054b16df49ba38425e3764a56052ffddecdfc686aff22079897376cc15591e11579fe4feeccb55f
+MD = 70e1259106fc7a7c6be11d95fb673bfaf0074e342fdaefb458faf4619e7f0edbd68d509b9ca7243d2e5e039d42ee3b47
+
+Len = 100816
+Msg = 5f464d3301c5e0871d6b41b002dcd09abc80a805de3482d97f3fd7b9838745da1c0534168f76b93c3c53bbabd904541ffe5179cae619dea77446140b7400f47d242141c7f2e9894d88f44c9e066861498e7394f206f594a419790d697f6a11187f84bc6fb288186109343eb11172bec076d041a4c7306d7978c009fc2d2d62563614ed3555ba2d21c8fcd70e8389352dbe4ec808af3231ce990452eb05b1b0dc4fbb1b4265e69235cc3561dae4148c386cd770474863a84a822b2e5f905fc255d55f90bd6a760d441dc52240ba7d8c888a5283891a2c99963d1fe680549d6267cdea92cfead167f6c49663668f2bfdc61fa647f5abf3ce5ad2c6c175dbd456ba41436aa06f5f68f5c88e6b74ea86a79934bd05b486210d3d470a0967ad6d67f7385260578088d7e63197849354f651aad07e04ed301f1fe7a6d2047d50ce5dc6bbffbb1da6b47d740898f4eb54e3c5a1fbd18ec93254cc01f705fce04e6100ced132c519674b2345547804a372b5c925bd9ee9701527db33408d37b72f8d18b882d3c4744eb58f011d21fce336d426de1fcd5e09610216248b51fe2b79b96c2bd6ca0155e05a8a516b7a24d529a9a475284735bd9c4c437ddf399864b64fc5d0d6ffc4e5a7a3dbdd476bc39ed29a0a92e1f2b6b3506c2be5452d4f896db6eb4f895b554b2af64c4cb8dc2369b91022dc50b7291404cc9605c31569c32756a64ff8c4fbb0f1bca346c7b58a5c6774b2fc7f7fd50741d34c8564d92f396b97be782923ff3c855ea9757bde419f632c8399763003b58ee9140c2d62e914c1e1fa742661a9166d42267edc40905b35a25d5c3cb3fb457376b7422896df7bb19c23e8f764416731d2e20cf2c1beb8663c07edd8f105e078e2fed05c5e5897c430017fa2160f565a75a4c5c64a15dd7d644bf355d169ae2696ae5ed1a39e8f81055cdf315e5b0c6f9235515fc4dbf30281ef17b83a6ed604f89293904bf78c7183fcb0ab236cb1f8935e59c51559217efabc000b165d819b717118a03facb61a13a99b194f8b6c7ddfe5850127d79078397a56564c7ed6716a129409680434061b2a4782c9006587de927c1ae09d6778a5f1c39fc419fe10493eb0d4ad492fbd05485eee7913c59df82fe7182af2cf06a6e8edf06676200077bd1408f5c1cec537cb8566470cb44895826d04ec20f0aba4297c501add65c75d5767ad2ab63aa81b7b66f01b32590f1d55b7e50e6df1ee077a19c8c895f5ef62d452cc336e9aee171fa997ddcedd7af86e6cc37722fb5838a46c5e58e7f700edfb7c6bf832171d9581f660752867118e9535a6118635709d6f1c1cb21b938068958e956149d9bffc67f355cb88205d4894ba97c3e3c8be9fa2d20abe79f3f93a6a2f4f56fd075bb49a4b7dc83630e58c32a29d757fdbcaa607352f65483cf2cb4208a3bf94ca7a25e2a4e05279be31c33696c10fa4971d1b64ee938dd299f483e5c098845749a3b706a787529bf2ca56693d0a7a98243e6482a43e1f5d3086ca1b00368d8ead5ed2d0fb79b1e2f537ab9340809ca3a9b5eb2900390432293008ab7086c2811d33de0648be5597ef002c7c462b5e0f4e0b1720a98b2299ad7aa55eb78f0c77c2ab4371385f280107ae40ebf814a8223dc74f31483c63d9e4ed09fc7e5a51bac34d69d97163116a66c84ea9fe4263269b71fd228555ae3cf5109c4d6ced7b9049a2b8069bd2f71834d6c07fffbd7561939188bc07dcea08086bc7182a5270427c3199bf5fb5c4549861fd32a38ec81c4ab058c777dc01864787f0275f911a17838272cd65135f66baf06d8d93bc439eeb55d50b7c5adafed8eb8140b4b05f59871dacf954f4b096c30b7857774fcd319c096750bf605db8e31fe02cd1b9294eaf8bb009d4609f2cdb3a8657f650501b8553765de8f572fb91ac77b35db35f402453e5c58f60146f2906ff56b9c6b3a5d0bb6afb9e2201110919ac9c01a7e9750dfdb2f72afbf7a8d6f64b1c68b9de17a2c9abf289eef24074eee9b1649caf3693118165503a30200993d271aa31b8b92606a10a52612dd1fab495b82f9a98cade18b9d8a723a71ceb63fd1d27372bd281f9b40aa1839b0cc2f2177a09aa8e7b159ac118d7c145e7a4f032e788d21facde2b4dbc1d5d2238f530d9bf9bd2798f611d03ed8919f0c85bc2da99750b7a8d6322d2e66ff6ab9ebaf7424e8c1c3f4fe92be61f65359106395f5ef995e925be3868ad513f561f873acdbaf18590c903d64bd275121c11ea655124d091740887868544c5348664399d3da96e2e35fff34f062fb939d656bc072096e510b40b2f75ff010af68d64fd0acc778e2e13c9667de266b1816c4ac449521b02bbb217002c604be72e73051aa9048d192e3210a68769dd2693e5d44951711aed3a751240d42f8925844131daa36c51d7d59bbaf99623fddf1649db954705fd6f3405e63894f5258c9ffecf83208c2c90cc55b1a8d2972ea6b3a049ee54942b50526b7930953986e428b2c75e47ed870bba68dbfa624dd94112f3059da0a80c583baeb570fe8314f5c66501b34116c81148dd22396fcd6479da49f7e952c8084f97d6803ff85c3787222064ca368f596a1ebb6dab20a03916b3ab071c927d87fc10ecc4e7ab4a5761e3eadaea4de1a0dee30aa39a9e4dbee047201d7d8a4df1284cf668ae3ed7dc4cb2cc4b5cae9307353fd2ae4c105c5d9f3bb021535fc3ae9bf3ff54ddda8b2e1037cd9d69822df436dc1c750a9f557d1a3a63fbe73c64261dae0c70bba6edb57519f5b957f138d1aa5fefe01b73c1851aea42938147bac2762527a492cb85da43014c876e223b05597354d7c9b328df67f354d168a84ce86dff57d8a870db034196dbeff83ebef80bbe52425a8810f2c9fea29ee688a201cce4a5f447be789a3881a9da3b6c491288e8f1091719032608b332e0410f4576597e17e0b5dde305f069be2e80d565bb979a3915488f88e3ebb90e81c264bcaddd72b8843af4a4ae31f723d50fa0995b027c334c351128913bb93e67b1b08f101f6b8dc8202b44fbc3d3dfb530f66e5a8f35e69725c86998c05ac87c561a4706e90fa095adab4a566da4fab82bff6b20076e5bdf62dbd6614245b6a6f8cb6bf60106f8d12b9c3e26f8127dc547e2181531ce980a3273f452892110cfe1ea834a30f99d66e026a9d22dc76fc3cec8fda2d7fea701deb84dd45c97dcde57a017693e90983a156f11c4d168d89c06d8a32dbfa590adadd16850854f24bba315b0bbf372f03711a20163afa0c137383b9120b26c59f5e9e7cd2ccaf0ef4e0d70d5a81748ad441ee5fe178e14317cab184fe178fb0cc0d82105d2f423467fdcda0f9871b9d84882609248356f3053a99866dad9f9b0f8c4a897a8cb8f30365a7ae5f3ca6e772d863d445e6d57c6a478e35d719d0e4e84f3a30b1816ddb55bcd79df21ea0e95da72a19cc1fe74fc576120bc108be3ed4cae3bea889fb4ddd67efe858a994237378eb623dab070d954ac780c1e6d2095383c98ba622cbdb18fb53260979fb2672c21a4600f4bf06583a112d303096d4e30e7e1060d869f386eba3cf7aec3052ca17593dcc9969fa9cd88179c262770211cf53f53f175037a5cd445d239cee48f7ed0aa1d715a22ac18a8aeecf191d415e4afd92b76c091803f4c757a9e89f696ab7b11ad6d5f24774e4a004dcb0e3f33705dd8150431f051016af37647b9e44b10bef114276d4b1055b634461c655a82a847639a038ec9f58876e84e9a2955b696e072d8054c3f81173473604d5fcc0a75b4a340dba0c375beb87b8b01a0f2de232bbb8371c3a9d27a0ce521c4c43dd3bdeebf92f42f87d88978d5b4e3e563cba0e5f59dd29c31096885b113ea5c57e66a3be015b703bc26d3fd1d51a7c14f85f65747ac909d7e30c8e800be27eebf4a62e42e538ae30b6883907cebb7fc5e150bc9da3a138f394e817df9a9e44420078f30d0d3d6981ca581791a097a5e3982c983d5cec239096c7d8cc55c87242026d769ef1d04eb96e5b5001e3358af88d417cc61f107659791a35d8b5f7a5767ae24d5b2ba7aa12230076db1f1b9b6f213dceea62949d98bc5db38743b23a59ea75dbe4231a285678f5f07facc053c2048022fcb01f15e8c100d64a877ecd56d196a6ac60ae35e0e09a517224ba409ba7b70d8f9fe65bc427b212a4e9b3cb17b0d332267cea4f3bea7c1e550f7ffe567b20e3057aa0ebb560d00d28e2f7aff718a9f2d4d044f0d20709bb9ad567c98cff7c4810e8c542370cf90a491bc1088f69998d59f344b74db6c1bdb61f284e99b517a11452ca0bb37c7bae77fca6514b341066086e600f098a32a92935380a173c9182a2513584c54ff67e580dfe16b508acf1729a3d649ff1eae286bffd688fe658612d6c8e69e6e7f7de4ba85ec54747cdc42b1f23546b7e490e31280f066e52fac117fd3b0792e4de62d5843ee98c7201529455c85b169fdb90cb05e3403cf2f737148bd20a53c73880880a14ffff37d62130e682e50bc7210ea6c1f0c27656cc1785a0d9ce93ff94dbc5b2877519d9bac4a339e98ec594a7cc76f4ddf994fee8070dd4b8e0fe0e51b93105fcf566f83d914dd862b4ce78de7e9e16f142234bd969ff8005dddc641dcd3c7cfbdd6113cd3ba34a9503a0f433899e90e158abde2ed4ed4b3711c991577c5aafeaa982bce80835f8e6d7c7975571fafb1499991646bc499ec32930367d4b1de76ff656442cab987bdecdbcc2b2bc35ce01816594bfa4b6e33080caa41dbdf8ebf2205649f98a2d3bf331fb16b9ecd1824eacbbc9f81297b115b4d36aa7496e05f7d40d4edd1886c1bac10cf3f97840a03277e6369e7a7e90d932050ab8720fce076de5c355fb17959bd75cfaeff325b0737f8f5b1160de0b0184ba04afcc30bca77a6a37e29662302d01858c0bc1d32b883011b7df5a387805296cd91bbc835a3e76152d017ee929d4cbf137eb78db89d71617dd76cb00707aacb8088ac77a1f52ed710331193edb29933a7efd8cc153e6adfc2c6637e88cd86b06036b8177847b4d086b0ff9b5dc91f3cbd1c08217023d7449253c25331594f0f16a3c5f2e122e0145c4ec94f096b45a1fd0b2dd3f1d51e58978471782a336eae49d7bc4e050d1c6a391658f71a1f752c0ec6302bc2dba9e3766359359ce34955a2db86740c90d09cc50e92dbb76e17a39955fa7108bddeaddaf860d1aff14acec8b609ac1d336270a940604209df91cf45be72edee04277d694a6f968ae6d8e065702f3d607f3baf8db4ab7637fa4c78bb0b7fe69937eb1dcb616fca564a5a521e12df71fefbc321187159bd6a47b066a3440ba634de9153a94546b63aa33aed9da2018e1f30628df37f5360ca4f2660a46ffd73e58183e8abffdea25f7bdf798a2b7cddeaa481bcc6e682a67e99143066963d96d4a928a478951dd6ec59b1be8cb23aa688e1867738aecdd9afade39c92c0b2572bdde84eb912ed990ac618834c412231216fdb84f1e01b3f8414fc6dd0f646fd0fa62bb0157b3535e1497c9272df1cc5dcd4e6ab9a8456222655c56ac73fe0d2aa8b599035daddf0986a45b1a59510abe19a11b6dba065c8bcf8a85d20a3681c2414dab7c036cc1358b1dba98d6ae62c5948c36b5b3e307a6f860c0c822ac724a5c917ed5f98ece548a7a741d366868e6c676394c3659f7f6786594196dde332543376f9ba0724b091d30f431f91d919417e5bf7ba1e9a21cb80f6c204c3a58d59d960a5788b5cba5abd7c7518f4c5170115125de97009a6c3fc4d5773e4f57fdd433eb7422c7c4dccee57a1679633ced3b5f08df763d4577983c5ca8b49bc4e08fa76f8bff36daf0fed068db47f0c87e0e45d518dffe37c129cc6e2f5f9e0430185723098e715284a42f302a6b8368a4f2dc16f534d1e5db9d0b86659fc4ba6f16c982774115d02a57684c7e5489b1f491584b0f0546e4194a6041f5e5be3bfff3852a4fc772d83491023a61a37228ef6260edc0d1cb972cba610d5ad1d92d554700771d8236ef55e983765ed8eb21e7de7c8bb51aee9368758454fee4a3f32179c1e54af1d069e0b9728cd0554351907e018146511e4d6f0450b57c8ebd21c71450116296bdfc779945da60b9192c5bb9a67b1f04d94992df4cbb3e30732dc8af2177fef17e0b7d01740b8a64db16bc29c1e589b6bdfc967edeb2ce8a649ba892bc856a929f0b837a838ca7f917a52436ea3d20e72afacc5b9d58a7fd0fefd96787c65ffa7f910d6d0ada63d64d5c4679960e7f06aeb8c70dfef954f8e39efdb629b72979be208d616071289cfaa0756a4bb5eea5c7baf8fe7a31501e7e2d67d708d461c0c93e85f03afd70bd9e16437171e01a34f475e4b5a58d13ce4e2fba72bbba93403f3f8981e0bbd6a8a6223327bf096c44b36e0ccbf7592a98c1fa67f198b628787ec80aaef848b4fea158c715799e6f458327f399e6420f0e7821f2dc4663bbea065c7bdfe830b6102e2e7193381b9dc7f2381ba808c43b8fdf3addab4b5fa81564716f7d46e0349d9b27b559710d723c7ef2f79eb55c3a9d75b99ae6fde6877b278b583f8ae3cae776b914b0cae0772397fd19b6a27676c7ca02cd07f4b4d49bbe1ec87f2ac7e39e5f7712319c31271dbbbaf4b826af8a9f4acab696c62719f7a6a032c4bcf90922a3c630647b7c1c7b78b10afbd863f07486561a0bc8d9b1ff5fc41998a7e3c604e24af1c1df2da1dd5d83eefa2e4012f7fb5959ef9339574367deff73723484b5a969c8c23dc251a3b887f34b9ea09c9a1838e8aaabb254445d7556dda257dfd5579737fe1dd6c67f3851ca68b011e7cb7b6958d588f143828f0bb24fceca31b47b77d1ce05e75ab05b55d6c9f9107f0c738f2cf8a1629f7e9b2694324e082503937ff8ca7c5098f770289af7d038dcedcf0ed77c8b82e2a9003a6f3db69e14131e144f6be7cf0bb5353ea96aebd78befbc6ceae9bdde97823cdbc5ca8ef8a993a9d9383aee9f2d6a18fc64ab92990672ea2dc9b89ed248aacf7f1a513da43fe5953335afe76d78867a066f226ae9c727c6c60671c50a50732698ef7a492d51998eb6da5368a667baf6d12b77eb36686ee0ca239dc6f3598be0bda79e47f0891fe4d8989df8c685480de11c148a2b44c8a6bea3a50b09be557c51f545a09a30e9362cf3080e6a6bee3dbad370ce24f6c5a6f8091007ca195057fa3af8f99703a601086c2a1ffe55fde4c2c4153dbff8d6601ab68743c0d50d021b0b3099535ba6c40f866ca3ff0df7c19d709a3f58b57b40ab5e43556a8c0c1938c875267bb39c0db6b45840e8ee7c22bf6b48798bd744f70e42fca343a8bdfbd7f55f275ca5d62c7288756d4861fba68d16d842c5b893c1d8171bb3c8b593387d3426f292ace5cee7753c9f9a12e6bb9af5a24192e4184f7d3d191d862d3c3dace7853eaa235b6369fd164e5a7bddd06daa3eec7fe4130e82478d36f88a0999cba1f251ffb3a7689ea2baf016073193898716a9f933448d7ba8e0968c669bdb7dd5e6e32fd84a6ce9e8632b393f9263532ec2107b4c0d2abdf3abb2de2d63511805eb58a70bc4ded040d76640af60ce7f03b9a682b8dd84ed8a47225a48e0b94ea47828f1c8974cd64e5027d8b13d43519875d2bbe4461a7f0f5b5b8d63a472765405ea9c994225806395e64dff88506f7f7f3b6368d769e6e550d4e3e81efb13771cf403e855f75312f1383ce4c2744d0b4e3735a0f1e1b99eb014fa60c0d1ca9035fbc4403330c2fefa8411fb7c3d6ede5b5c8f4736106bbe01923d483a84f031e9685a3b6a70646a2a5059ce35fa496b3f21fca6047471a5bdd33908cc9328de9fb032347c249bf7093390b750696124621dfa67fd9c7fe85d6e5a4d277ad8f8d169f8b5e8dbee280f8443518bd94abc5ca704e781e6cb1868ba2d6fbbaa850326fbfa5a20e4df6fb5f8ee2728e86a758763a8af21e1f7a8584d3f0b09a0b19fe8fcd37bc4fdf45084d7fd92b80544f29aba52496e2c9a0aa4adeb89820be321cfd2f0a53585a15d04c7fe4ec9be6eb5df419e20b71506c1f642df75c53a9e3b2414fe6102fa8af7be3f6c95de824c31fd6fe8ef9d49e26095a2674a33cb574e9e493939bdeaf5b309b4c51256ef71e95dbbcee0a11991693b533f916e1c82ce86d65d89b6d596017fae944ec364546e78abbcbe4322b83e2fcbb4c5d4ccb54d8642c7eb9e28c08598a356a5c46f8813e6b63ec2f3e3bb721b726361f85a734e0514f4e9c4732991ed3998b1ba8f618c2071d1b943eb0f8766fdb7f0492421429bd380deca3325c8d5c7b6ed16429539ae54f1eba39748f09aa44efb67d863cda304e8653ff7499cfad44dc27807779ef8e63be4b376ec403f3c84eda4e5af31c30f9807762e0980b4e5d9dc406cad4e888bfc3ec4186de8ccfcf631b0ba5831747a1c200d45ea06ac82c7952fd09aaae5dcdf5475da427cbc8c1f71ebe5132f2fcae15975ed6fa14a11b38766e1c446894f31c0496b0e5e96507d28e6e4549d6d78841e40630ef306491a1da60eaea3fb69bffcbf192610e2e07bc1124690fea61980e8ed654c5e796f67d26db5de35b4a2c67427833e360ac2a7d4fe7a5ce572144443ed62ac460c1b19402e85c79e3d80e1c143279b20a66d8dcf2bfe1cc44a0f5aa9b0d9b36c46c2cae148dd0f2ffe9a8e6e7274d1832e57aa39fb40553da6414094e838d613a20ce9307d49f97d904648d6460985b01af769800cff9a940f70729fe40e98feb64ff0a81c5b2b096b1a9d832e440c49e4e3684bd17a5169fe138d2544d9806fec027dd2a67f1856178e090f9bb2f9b314a202e7e95f2e41fa80dccf7b1810e9cbcaed2acc2445d60e26f7d63ee4b28e4299e60ea4fc659e7d6f0de91748bf1ede1fdb2acde9482bb76bf6716847eb2dd7517e0a94f0bbf20f248d2c79fa0f518b67a44d5c4c73a9bbc3816ba85ae8344b5f377649da75cf1857d6e4338a76446c48e52cc7bc7ce283d4252f8fac5e1427299edc33f84798316f77bad4a87849e91a1a23c0b7a86898046e278eaaa15ff33730a6d3f885dfe2d1dc0acda2a9e49a71cfecb7dcaa9e70eaa8fe15d4567a280e8960ba49d5289535907e9f277f96e8e652c21d89e81696dd821db5b7e1e53e160584477aa9e4c0e12160c9956df36cce6f4e724dd543827366010ed3d843cdf4319c1bf968a70e9b1b6bcd8af96c9eb0620c569716b7bc42e13251a6adf8201faa129844b5e1d699cafa1b66a674e732c7662b0410e5bca2704c5ebed7850d0ebb825cfb0627a183cc9643b709aedeac2c06700358400c389f99666ae97ccd37f265da7addeb07df9ccad6fa777d0da2fc47b6235179136bbbb409596841e921eb278142a19e6203c7f235bf8461ccadb4b47dd290d36ac27126c808b866f9531261f1e0f5c458a6bab6f064b4efc432e1c7379f9af19ac34c5c22e76e6e7651e48f9ce44eff542f018397889d896cc9001a63e8e455fbe4a9ee9a740edad894fe1af2bb21a1dd0318e28ba982c12ed69c08835ce17336ad1638af3cfe0ea892ab8e83d3f25e6bd98d5e4d36292992e2122c265a26cbb3931dd4c1b0d0ac5ee19974d0dd45777908bb416cbce52531820effcd7f28e1fb2d3d4d826e1b2673e834485a25af9f9d174f566abc3b36732ceefdd91a7c3885e1d10d51c321ff704d0883905b7539309ba5e7b7a2bfefd0494e90e9da7541ec37858ec05ea9a9ec5672b113cd5ad6ebfc5b8fe40ed7c3f17d8a73703dc89086b4d75c5eaf06b840bb2f5b4519a4fb17bfdca9605f17253f203efffc92da96fde023007d22cdad05d18aecb4bf08085c5ca5eecd21f2b611e7e8a0ef981fe7aa2014f5ac6862fab44011dfd33be8a1226943aa7ae5fee9221b0400d9ac2ce5241b09a68cde6b13c47d50bf310ecb37f25c32770a299020d8500d8a4b5d7621e4379dbd6ef34a9aceefd4055ea6144f54bbfedefb5b5b0fbd1d81c7a51a802072ec3d84f34585f22c1df84caca07849b1ef054cbef9b40848e9fd238761df5358cf55a79a53a1bc749e49ffab7c5bd9a28bf24ad5833facf43bcc3852c1e85cfe47929fc49c325c20d74588eb9833519f192243cf96625057899b70a7c93f8fdbfb60d8129d9c43c95f8782ed8293641ffd21d21d91a0b4db69d766f6d6497e9a414ceb04b65425d6ad6c8811da00639dce8d8030038f2d08330c75b0879aab81bfb3330b950e54c13780d308fceed2a103a1a8b77a923b66aba737654ba7995acd306aa7b80f632184412e2369c353c2132ae614553e626f0a3436959104ba6e0040dc597dfbc3602a49e401bf2249699375b2c722083489f54fcdc1f616a133ef6112a1754818158ff78f245b9046100b0e89407f74145fe336976af971c054f12d98002c68b3aa2bd699fbcd71bc4dc071e430bbf694595a951e01098aaa499be2f70611f248a694539ef8936b2e8b7a3c5de8662436fed1f7bc24a4e5c17a663d9a23b4692993301b08cb3bc10f518eca51081c717ec8dfbb0c2669f7987fe6aa0bd98231d8e8b58951b42537f12884a857e02d62de4fda6b88b6b754b1b27394c6a819e0f92f6b2b2473fe245678e252ed31477cc7ec6895bc361b718fcab3aa550fc9faeccfe77cdb5b151ab1db2e569b5bc923ee26f0b6113504d295112d47218140e44652a10af10a088f95c7cf2fccd040fc93980939122411ec643e26e7d69ced3178402e320fe156e774b75b5afc2f3d6b6ab828bb4993b1436faa5728cec34d66f520f59e82716ed6d1324944c3c91d04d5ffc5a921f4716c39de24768484d0096f7d8dbce35aeec22db11f899e5e7e3d57e7668f35d6c0db3542255d9262137d39ae6cf9bcde254dfccc54a6062fcf8982f781d9ffab2df4f49ec04a72eb9646d63bf9e1799bc0bec0ec7f0675ed9f8dc9b8be15d9f2175dfa1c8bc99071c70ad7bedb10a4143fa91c89f54777f84c9eae9361cf7f4c2b7ab873ee5785a5241db0af86f3c6d7f091623d6dc576d07550a42023633a09c8dfa21d7e70cce64c13f37663f75c47921c246f3f2d1d16a8283ce7697da4cb7e016971a2a1d0c59d6202bc18b7cee3828de597efdab53b33a9fb41aa7b49f1c964512901773bb396ac80e90ba1a94c408b2860065ae9aec64a41d76cf8842d299d0babf14d5840d647d075c34175e26a786f30091a24f1ce8db30137520dce1cfffb6318a0d0fdcac883eac603bf365efa2c806eb4f194cae8c16780342165222192f6ee2e103ae2a31dc08a84dfc89c64d2e9ada7ca1839dfff62ddfb7982c79684cfc821a098bc6bf09f87317209b16d14d45c6f38fc99f7bf9bb73460977bb323665d480c87c687cec052a5f08a2c6744c8e177a8a269b4a47a925b9123cd2c014313edae988f8aeaeb633ee5ba6be7f53fe36da3aa37ab2077f5fd75a82a55a0fe62af213b85e9e7694f78cc2b0e63a8c1b89db484722fc62c688678a511c474f0eff8eef1382946d26de00e5c626ec1d7079445c1b7c6f7f05073249b11fd1fb30257724a14cd7bbf451146bf366de2e826fdf1d25705587c4460040ab963e3bd504755b6aa5b18786b68efd3c8e59e8dbd172346fe7f4a18bac98164669d73984044f3c777368f965763742ab86a3720208c64801c796f6e3a1c4748b81e41ac58dcf6ecfa0453b18fad7e3473604f57f7da302e1fa81ad538d4a0280c4ad092007bb9a7a12907227a936871886c699db97d00a1966fdef64d9f3672f1b792c1edadc6781b391c91bea1bd7275f30859dbd1707b1f554e49ceb874ca06e92ab466efa7eeb6990667a27507a7ba789e24d593ea2af8eccb3862cce58daa63eaf212bdd86c01ed471cfc79b191c481ad773d20e821d18af85a7049034e5a9c660357a4c2808b9a6139f32c55c13282b8d98904f4f027d438189dc9487c96172e50dc1100ccc224e7374cf96ea6731032c43fbc9b367a4d1d0b31aa3fa8eb589672e69f1d9144114bbd508d56c2049ecdbfd7b43545375a099ad2885353d8c550d22dbb738e6fe3f104b444c89475a2cc24d7887daced8fa05006c02dfded01c00707e2ad04c41199c5decc1eae34b0c0abb5a5beee1b5253c3350e1a077682767a0b9124a4df2e8879366fd37fc04d4dbcf89883892f46a65ce3aec22123cbe6b3af6364df1f9f5f9751bc8179b6dcc5c126dd65feb7d11a85994e90ab6342834c79c5f82413e88198c73e932c66e3cb60b6e0c0cf438622e5dc5a1036c38afe9cf13559044a9e90f5fd72a3188ef6b1043f5f4e6b40ea51f6235dcb33b3099b2d8c2e02103235f0476ad51bce6d8a2934068549633e521a3ee4c62c22b042fb86c13c8da849233205a5e277aea1129678c31f5c379a71fe08b72fad9449cb923126dd465d1e0ae8a925374149b8248b3afb69f168f3ae701c00f6ea08fe07f1b5338ce6af2f3156ba6f300310114479f2f6119367c88c12c158b84be13b9c8c7b5dd7c90edb5b3ea1fa5927a25ad6d5596992dcd4877f58a134e05dcd80dde4fc2c2a680cc0ccf3084d3f4970e3603fa6bc5a180fcf1ca4241c0b8a1e7c607dc025016e297e2b0645de4ec2fc49851b9374f3ef99edd897c284a67b647ca8c96fcef935d541e9faf334043ea50b99fb8819ecce039227b624e52d8c20003b5a43808e4990da8e4398c4fc172b983351fd11a13dcd2aae5193d42d46e1b57c92e3e01d23fc968c729f3782d6c07dd5a17af2bda96735c12cc7d8023629fb0125e974425f7914690a7ed26508343ae58c8a439ebb6232049a194768d4594f5d65aca37a5686c2a86dd04bef35d74e0755937ac0ce3ebded1c00c8adabf030e5e4a5f44193b62fcf2f1bfa9dca2a25afaf2f1ec06c5d17ef3526d26d17af3e2f257ded24b177ba41c0ba64fd4fbd5042fbd5961a105e0e9f77f3db13c1b6c5bd9a9d04801a5c00a4c544218a21016c65bdff774a44b1d05256e0693e14d76605d67bd10048d3816caf31a6d10886c88c783538bd93e92bbc4484f3388b61adac4b92b911c76ebb1dd11b7b4e40be032bccff610068746f41e34a1fbfbfe5faf57c8a4331008e2c1cfd69f57e74379ac80eb6769f4ce4196795b835201ce4ec85ebcaf5eaaec242fe6695cbce1d53fde5b002e006bba8c8a1ee57da061ceed0d21bdd57ab0cab9e46bf3764d9a6c3ab19736d43b33f32eb955f9174ee4a54666e7f19cefeb49aac7a59b7370d9ae730b7bb4e08413222f0a66bfdac252fb61bcfa838f262312febfde8add8f6843f1d64ea3da42d4ef986498604d65737a44f5a099338520cdbdb65ce73b110dd4bcf8592a4adc3e0170b13404f99f0ec8f9fb225c1275a921f09369db165e9109dd5be472b9bc1901bfd882d264d9ed8d88b4c8f3b35f88b69e3e4b8ef5debb895be536a3af492d968dc1caf31879d672f70ad9869ea98335cf9e4a2760f955fd3e8099e4b2eb4269e354548f9de9921e50e49f3f5cbd63468b9db0cfdf17250c8f13535d4c0a1f21c87967cd798fe93b9b2960447401ef90db22c3adfba0f55f5585ad37040e8d6745184dd536d5a26edec365bd6edff1bcc616cdea3bfc8b9d98c0ef9a626054e361194cd05b2287612399f6d3d3be2f71555f14ad2893af6f60ab61adef663c3c2464ade671dd5ebc71935aad290573588fe6e11f48cd2b7db62e4b9932890d1b96e1b83eff70f026d199db75fb1e83197c937b672613c66ea131f485b4318e27c079b4018d4205484993bf50ce70275b244f2caf47cb47eb2a9ca59afbc78809a912eb56a4bb65cae4694f682c6329c690003a1c355f779b5857a60091b1c3685995a366cb43d753a704d3e59c5f5003c78feed877351e27334b3fdefe5907edd9eb25588a42248b9c4a93efa7cc63bad1e5900b95b70436c35eb85cc8251c4030fab9556920141cca24d6acd3122b92b7e868dc174bf071117958a4797fc90866aca685f1456fab397ae647ab9970348082bd74865bab7f248568db98ced7ed84e8360fa91afde3f23509e6b4caf948349ad9fb6a4efe0a0468302cae7a0f999195af1c19058669fc3b88b2780b9075dc180298498caeb7ba0cf8bd42eb36b1959d5ad3ca6fd1e85f76abd27ec5fb637ee38173ad7d86304d5708b6dc8817e099e77f5d43c1a70624cdb96e4e6103bb25e59eb51d894d1dc533a74005bb79cca35b66e10c61d06b5227fcb071457025d605a0862218ca252b871f8343ec231dbee15688aeb914c0f16ebabe6edb0a489b2bd10d4392c6f1863bb6a62181de7cef61997ab02f3bad0a893cc0cd8a99cd7b3f7773085f0929de36b5d124e3729140c375de9a2d0cd9a360cadf17b9e45b7f2adbdff9e75b743b62642ed67aa703b8ef33dcf51a50edc7dbab42d3d2b49badd2457a9f92847aa6a60ae2beae457a5fce1a9e485ecf907be22913893cd1350f20fc6c81c94be426eaf01864e813a03e4674491b61516bc95d8a77c15f03d0adfc4adc27f27a5ac4165ff6518eda1a5c408708f78a9e26b834179804a312148d4f75f21a77d78387139da40c0a6293c2a59d0162437d68504f189ed970c5abb9ffc6d8e1be2b0877c7f24b1dc273b1765bfc5ce6f4b8d99a96d5b1c92ee53a39f685b304313d909c1ba8130d20d51c824cec420b0315229df295f75b453a6c131afaae0c36d7c4fff70623638a4f7ded5eb7db58d95deb6249a29b171d8ce651556dee8037bf4ca74453a4a76aab7cc07ba44e55de57dbef8542c3851ea353fb8e259ee89bbecf9ce8d8bd6227afc0028afac48a7acd9b4e8cbe982eb1475917ad6be4cdca9cf6e7cddd971b2924f2bb730264801685d387485e41993c3fa0af9987e8b52c21688fd9a9595ad8d1b9f41e0457be18492aa09f69e64e2954d1ca3cc1d32b2915cd9cf6862ca79c80beb47347c4cceadf48a37b29b1d6de4e94717d60cdb4293fcf170bba388bddf7a9035a15d433f20fd697c3e4c8b8c5f590ab44aefdda94681407008ea48d03ff21e9bbb4ae7a9aa37c855fe3537c44106e8079f18c24d2584474bd4a99367660ce6f7e6d7c294961e174366e7babc569d5f80572a21a4bd7086629363e0c9ee2599c8b8863c96613ae6c32cc67ccafc66e1cce79654567ad08e62e9abc99e44d6a79ca4d8de15b7f8a763a4741676af0e1f3bd4e002c8fa1ebfbb3bd3a65ae68a80c230422f98f6e1e9837252e045eafd585ba389958297d59aea1e8e1f665fcbc5f7ff449996aa712dc0faf582cf3caf3dbae80594f9f07fc06de63d9d672d14d7ac4662b4a54f40d4aab2de766910be2fc7f6f679b5708790b5376498d3baf0463dca2f093b51bb7e9f3e7033ba0384af0174becc3bb477bc5e86959a12a5e8924adf0bffdf5e5b9c1cf24d232881ad5c05c5c0f50318ea83d8683339ca6a583c52198c00f7c1abbda282e7fd3b179297338ecf9c923a3a87a130dfc06164e9b4c1fe11d51b382643de44b30a6831dee119241d1b6f84f2484784fdf65e41f78c38e15fb4b00e45df1edc40e3467cdcda351a4c0a0185ac4649e91024377e1c331587a8586cc0a4dfe29e14004c3536d305f5dee0eeb8c2f216c1b8d27375b239f6458e08980badd6d82e9ee9e007578c0a3b48288d9ad0ec3c934a99a8c5741149af937dc82bdb545df26428b87fc935c05f1a4964a8408539f267e23de9bc498e2a4b0083cdb7c8e27de6252bfaf680a6d5b7ec1a6dac6d7d537334a95f1553324a0739414dbdb50445a767b0f589fd4c33b35905577ef5a53b0f097191f9cee4836a908748779941de2a78fe1bde0c2efd9f48cbf232ce101d9df93d3ed40d036ae7aedc3a5ff619abd1c159ca8d2dbda7de13b4ca62576c7f925c52925eae2d7500dc969fe14c0a335ff95a7df1d276a6f242765c781208d59edb5848d412b11638b27ce5a61b8209075976c2a6aae88f6e6d8704fe9e83b425dec4defeeb3cd311b8c5a818d51f917a8a4525361791d5c4fd5d70704d4b9fa9df1ea119882f400e682753a41931712c043c120a98f0fe786a600b47befefc9d64cc5bbe8a16c191490874e258760c9e4fd215bebf848e0b4d35521f53ec5f9308644b785171fc4cc3ff886e034bd833d59dbcacebdae8f00e43c151bcb24d1d226d1cc19ecf349361530a81ba3168af3df5536fbe52b3b93621f57959df298e5b4d3c14928d2ef7b9c977c7dda54242d17f8661978a62d94d565b00abc199790b9b25fbfd4a3ffc35c95ccafe35d9a138a2c24d17f06ae2cc376e822317f16fcbcd56e23f84ec135dc935e58c61b34cfbf5a36cb00350483b6bac786030e5c5045a6b61c9aba7dfaa4f7fb21897539863ee865ae061a77c0359915de3aacb3b5dc8cfe53c4d17b393c2b6bb23652f36390407922969d510cc97b99d1df4361530aef10707d7a021b2d9576b2d49ca88b3cc83ad1baa6d88ef8c81c08f8baaf515637b21ace9d5cc8fd9fe4ca6c3aa129caea7060791d566f4de8662b90f9e5d849cdadf9bd23cf6737b07ca105142663c30de27adcea11d64d433fe1ace84b0f6917c8b655f2a421602f07e0a7127e61ae9859c5e9f652ec82416fd2566f291f417ecdf99bf3231d02864e2e5a1cf34c13f59de9aa2760d8734bbda79576c62f566b8269990e9384a41c1634271acb4c7a8b768f276685c3a8c7f20872e56b683244b1af562c3e7dcf592a9915f44f886cc2ac5f679c07d5aa1fd69cf3a460f25c722073da336a310aa551062d92c7297002060072af2f3500b9310c239bedf45c5e985c2e0d60c7dd68522376dc7b560fb34d1b5089450c32ffcbff07b35a96bb6fe01259a06868d00af697f8bbb238d03d49570a109181c9576c1ea9d2ee02000cc23e63d6c93c6cf3050bbb15b6f73b09c25da62e5abd4c2bdb1110e1f25db39f04885595cd6a388c4726c8d4cdbad87d80d42fcaeae843e2e17f44c9aed25c8f6f9736c7ba1bbd3b839126de40a930024a65aacb872936e446114e706a868444cb140e53d976816983f3dd1d57eeca01eab8211b7aa8ae99d26e35c06ea4b226e0a6e52172a40e7f0df5f67759ae2ee026749ba10b8e33694c3e01a001526f9d75f6c419cdccece3ea3f78d69014e509c741214581034bbc7e2bbaf76db8421154abb2233117a1ffe2786b21424576e295c9baef262e80fa2edb69aff800b3ea436eb827e8adb73abc48d740b86c69d557b16e874038598b25f616afeb4f4a900be7dd0d38b5b6fb4259c51a3aaf4748d7a445f518485ed72b25c7df8ed0906b74bd29bd6a5724ac3a503c990f3697a5db484821f68718470810862728a80ce34599a41fc5bd8bb46dd845a4812ae1532c457ef4211d0e41835e5a6f030247614822571c930c727ba397e723d6b3aeba9244f054e331c82e65b74c9f6504c74b4301499a1a6f6269a3352aff57f88442d4eda42a82ebcf7776c5629f97d6160bffdd8282a40ce2e6375b161e4c22ee53bce7a45f4774aa827e2da657e1a1bc07445f0bbd770b7a5a25b1b469fd58715510dbf8d97af4e1b9459a20b08a8d3fa9d92feb32db95b22d36de0bc8b1c397b09970a6826392fd8392b2d790dcc1295888f42ac81ad213c7328b2324b28be7cc1f4fb8414a7785472f1dd3e11d66017b1756d1697be92490e15f056346d7e9126a1f35fd76cb016fe2841c8996a3507c4fffe7fc45026df10b03b86fb6cf26e8418926a030b5fa62748fbb728fa19dc2f8947468c1477750771e442e4a9d25b76d359211c05df788ade5b7824f8770b5dac0819737dec916ee59b28a49666ee8b7ca81386eec8049542f18a3207e51bdbc291470eeefecac385c096a
+MD = b70acba01bd715f542859a4224d035eb177fe7b34d5447e099acd1716ba6d00f515bd02021b5b3015d736b04687544de
+
+[L = 32]
+
+Len = 16
+Msg = 43cd
+MD = 7c5f9ed821a021ef1850dd4e0b179a656fbe27b104463720f467db32bbfab5a4
+
+Len = 104
+Msg = 5f75a437ce0698a7d8151c3fe0
+MD = 774782a9c3023dcef8b2cb83f7994324e3cca35323419b3914a9b6bc3ace5ce1
+
+Len = 352
+Msg = f88bac738d1e3e10f75e46e3fe026d7e423fdcf3d7e4028b33a291bb4aabca53f780fbf99e0346d610d4a38f
+MD = f114f1a390bfc30f34652751f3a38e8bdc9597625e363689459b80082eb34009
+
+Len = 488
+Msg = 832e5b78a73a1012ee62e00621db7f4d248893007c6e5d6e0e689c6b291baeebc72df9cf10b289fe20e7fab80a2399271d0ac63766049da875eed56264
+MD = 7d00fe393c308eadb8c0a4f771d409e17c9a796e63b45fc8e84c0cb2bdb62532
+
+Len = 13976
+Msg = deab57cdeb41974037a9bef5e292894038264eb4d8993d4d1501e6ef9c68fb0f571f57b0925640925deae9a6317e3bc4d6cdd5a0833e52fb48baca16a9ba9b6c8ca469a0555763b54f04c87d4e41aa549258f30eefe5a52d2ba06657a8773b0842e094857b6d8911d6a0636280025e56356fade362b4bf4c875cc19be0c6644b447be0454dbf390eb966c03e10e9de3487b90d0825d327c12495e3c89ad09c9d591e55c91376fb14c2fde9f7461fb25450df1a65806b65f3caf4d5c81ebc6e664871fcf915b9578bb70ee6776acc62205888dce2baa4024941209e81b4b35f0eda1bdcbd9ab1d6db6140bda4c41776fe675d5c681da5852d50c246dda4ddf9fdd7c5fdfeec85ff6c883c78689c2977584406a1ddef977606c182d6c33561c39c071668a2515e5aa6f4aa1faa392aed95b82ab32b79a15e3b5a07551ab068455131b72493126470f26c30b852e4415e1d8b719b3803ecc336e4facbcc5d1908851f4f39b776bec8b6b9794d47e5965458858560eed5a0305e260240c0849d93a19787b0f8c795eb5ba32be573845256ae6d0b0a3336e42a1beac8bdde6d1b6e0b6207903d4b105f4af2ef89bd099ded870daea2f170e03bd5f6f4490e60bc222d4876e16d4c58aeea6e6c400dbb9e9f4b2b142f0fc9bdeaf4132ded38a4a8366e107cac7210945fa2df4b124be37ef76290e5b9758aa3bfe0091bb0448206323584c2f833e0edfbdc0c33075fc9647a3404ca490bfab94302a0679a1a42fe9fec6af0cd98038b09ffbecd2832b579b2294f6ae5b96328fdc0a0b9b3a32cba04fa8bae3389c3951173bdc17caaefe526aa386f98670b177683d0b804c5875fe9c7afa233ee66349c9fd1b60bb0becf5e1d887e67fd3baf34b4f90d94699d18d6bb9d77d4af358f31edc254de2d6c5fe3ec07425c633b18c1b9e3606b78b40b543e1fd31fb578cf58c45744fc073fbf3c7d7d607e815379a5fc565892d81560eab8fb5f1ae6771b998c592e6d288014f13ab283d53fcbfa66e31a9d107308402191fac2cf2b799c7dae91b93a7676898b8a6e516a86eac58ed8f6d8ed2fd4d38031e4a4466dc8798b90c48e6adb6b4391d47872443cfaffa542b4b132f6c3408f0081af8692aadb4c9bbd55053ea56d8b82998f6b4b41d331891acfe6af1bb0d6679989978368ea463743b514866d2d01fb9950e8990867bc14f1db1142254adeccf3da812949cd03cd1d569e9d0bab7ca7405cc21096e3cd4d007cbb9629372e98584b4c6b97ad0bc314e1ab6ac71184ee555c01973570ed9b115bed956f9e4e349083013098b1e483f0fe44d5e9849f38a2f7ae152b36a266ea1faf263ea8c706632ba8629602187379546fc6b82e57ededd6d074c15c771754710731e07c207899eb47e8d7c72ffd768c36257d373375ffa06f9b3f0af11417f9ff9f9b44e1f1f96ae8aaa429af88b14da1da81c7bb38a0fe9372ed6a9ac6fb5e9e56b82593d94c5192904450227bf040b7ce0904789f979845e112a1f995c849ec3f7e49bd975a474e8201630f40fc0d80e76019f110ae158cd0f8da96ea4561f24237d8e795ebf52368218bff3e9d5b040ecd2caef4ab1e7127e53bfa2b3b4fb74829f9993ac703192aedef79dd9ad24c2c976638b4575afbce22ecacc273ba43379ed55ceeb51838b0adb80585bd1b5f2707ee16b67a7232adf7163415b24b9ff9dc94b7197fdc89e2a90d2b9eccde45e965edd064dc0d1eadabe11b8ec3aad2742b5d3323ebf913a92817749090c20758f98aef2544d4c8b48874e8936d7ee492d5585675c214deeb74fd67c4d170ac5e0aeefa607c6e37abd4f8238e776fde3921afab75cbd8f392d3e88da057903ce2e140797f4a85737bd89455e6aa27c7535687b78cd0ea59848e006c8de9c9c0cbc7a9f5e977be850adc710503ce4ba7c7bd0b042297f518abec6c8ef451c33e030251f506cbc3744228b6bb4dab86877d9e6019a0ea9f39ed37557b3b5527c171da5f013e0d3c480a038cff2c087d6e5d41b17e6c8f90c334b5e2b9ccbe9d4efd99fba1f907d00a49b71b5a08aedb644fed24bcf04e71be67b03cd20d53ccef8f854f5e9f7f28c1e98a8a53496646713bebe15a93f1ea336e6e8a4e68de5dab0fe880bf983eec75d1c5027357f6669e098411e0bc3ea2293138f5b34425f78b6508b94d4c0cc32ee9afaa409a26e5f2a1fddcd6d5ff42a89755a58b08f243957a2e208e24b055f51992ab447bc06876eba169c545fa71b88a0fc15d1e0be9d334a1dd0c86f44bd149b42c07608a9a30d0b7e13574f8d862f2ac72b2ed38904d7cab194fdb9e4dcb615f5610b24e202a36866baccac01fadb575df11dd43e00a3b92fcdd8c7702ea49d951e7dad2a56c075730b4af1ceda2bcb2310256f28312579fad40ff471336ea6a44143edfcffc297258d48bd2ea47efab8f0dc00f1e6dba1a55009ed627b7
+MD = 6e5905b22cb95e48b73c5a885f5463f554d81257bd26301c4393d57fff1c8323
+
+Len = 48824
+Msg = 5223e2fece634a95e1e7c83ad4a11a0478f4a41572bd66c2d7902cf4f94404cd80b1f58fbcb8eeba3984fd759410c12f8ee922865f363f684df5a8787c87ceb3086fb8535157f7f39653dbf5c66ae7219253838ec77cf1c6db518225c5ba0a8212e5911236474b8820ddcb8111b87320adb82ff553986324aa2a21c37ce4a083c89ce9931290d4c1fea933e31d014d7507a28e83aa917ccae10bed1a490e77fe501b299f8e3b78e659407ce1934d5d68c7980800746f26ffa9794ef1d23f793bd2eab7fe524e213e58280f441ba48b40162305335b3a480c2afeac11c27f8d817792fd7805d4b61224eb52d35c0fbf471bcaede505fbc9398b216f43bfd69b1a669a61d44fd21faae410af58ff95e1c3ff1528de1aba93cef56bff4d714d8c4cc88a4ddcda52444ec1208d99ab3fd9fde98c1ee6437d8d138f62c5f782eb4660c5eb28564b5b0d46e3a2546009148f3d02b837c5284e9f508290270b97b9b29e84445a0b4df662d9711e6b73c11cebcb7120dc427034b1ccf57d8e4f5bbdb84d2e1d4bc3862a2b51931d3c9a7a5fd6ee5f4c7327c338abd011af638d730141b6eafe63469eff50f473262e9fdce636eff4c5663acb6075a4fdb00c8b8a8d3322e1700a5b3e7db90b36c1a94991b8f51657121b442db6f890e208f312466778d73bfaa8cc0ead4edd0776155f3eddf9abb1bbfc0c94421adce83d7ee94f99f61e1f25a55fb596f8b40ccedbaa8e5e2cf629496f5ca60bc4cf36d917da4e2b973eb57869dddc409dd66d5061f22642743fe843defa0b19dfb2f56425abeb234181267b5c0d2ab4268c538510feb191bbcd1631b0af6c7451cd4c641025cd8bde2d9ab6e6b948f97c1ee6f35098d553e8e9da9b4d437125046864633f109d6a558b38b270a7dd1785d44d248a863a91e3db5c0a1d7ec133decb65e81c3402c98ee329f660a092172bf6b1a02491895394ebc506882805a6c93e767c0e58a5af717d950a206c0f0055cb39ed88816a9fe3613d15f608e486ac08bfa67d462d24e6a0a37716d3fbdaeb9c0e951c1e847fb884ebc1cfe707dc6e7269eed1c44331d5957bc4ac9dfeaed4b157204a3080fafb9df8917b8d15aff9c49cdc739b8fdc26a546794991c183fa523d14797e051894f48b0d62c2b70834467ff9c993b82fc1152c1f5479ec6144c7e8fb10d1bce26bd1cdbeec4e95ee073f3bcc3c7367328e30543d371b27509a577f5c79f14d5f687ce62b82f856695af9f7dd350543ec763de75b593f1859e44c2ac01ba65f98743cfddd8a89a38115badcb51a0ff5655f830c0122af6a830aec13ae5eb89a93755b3a5a6eca233f21cb12db545a24a5334becb8fa32c3d7f5805faeaaeea85a551fc62c94807faa6474c0d74cae79b5d8ddae07498fcc5b8b4f394867112ef5fad1c9da66765ecbc7fc0f3269d29c9c38817c77778f2c19b5a3c705fde9d76a4eb86aed4a7369a832ad267312903462397f7b8fecfa8b195cc2316cd53e48c3371ed2ecaa3e484b8ecd2e22b1aee910c51ed5d71198936266f5a00655d82c089f49295feda0a2bcc1a54ec8adf565acc3a8b2d74c30eafbbd843c59e67f293f6d8296cf7b611f01b57dafec6e2d4d411a633918068c38ef47b72ceff1fae772891141c3bc496824509d78165c1e4cd4b4989321a8722643eed69950dc120fa8da3e53c3181f252d7c4cd2cedf8f086f788ee77a98ab5b019828aa02108f49ea4a51f457f7adfd2220d3e59d5f4a29194e8f5eac40ff80312ff6888ff6393c3fc0914b08c1b9990d247ad80a441558db1ee1203e07353dd99a885a7ff5d791af2548815dde0ca1f56f89d39ef6b93dbcd0cd54b854173903c12649587433f0425fbcbddfb66ebce3eb4800dfddfe7fc44d9b23a3916b1db68c187da4dd13ff0157352814b1a792de7fff855761abc6fb7b93b48525fa90fbe3a51dea974069f3f5fdea86387eccee13f58a8eeb8abc6a43fd30e9788c3bd9ae1751b30a82d420225b2abdb1bc121b9073380be16107188d20be54f2e9c658d5b443869ea0e991c496104086290b6edcc1b656adf94f0d42458750fbd8d88040c518ebbb644f4dc4f7c6971d8d60eee0272df7b51a3d5248b4b264fb22195ad891fb6ac994ae5c0bc6714ae0b0b9a484edc576638b78ee89b568195a8f33ed8362128c30f9b0c7804b3ce1355abc96b15aa55c1e16a9e9ec90d1f580e7cb412a7e85d8585bfb950acd4de5865214ce4db7f6314d81784c588c1482d5f28c5fb62e7dd7aa8237ce9396ccde3a616754414cdf7b5a958c1eb7f25a48c2781b4e0dba220f8c350d7b02ece252b94f5e2e766189c4ac1a8e67f00acacead402316196a9b0a673e24a33f18b7cb6be4a066d33e1c93abd8252feb1c8d9cff134ac0c0861150a463264e316172d0b8e7d6043f2bbf71bf97fa7f9070ca3a21b93853ec55ab67a96db884c2113bea0822a70ea46f9ae5501eb55ec74eaa3179fa96d7842092d9e023844ed96f3c9fc35bbc8ee953d677c636fdd578fd5507719e0c55702fed2eaf4f32b35ec29a7a515bbc8bf61f9baf89a77aeb8bc6f247706c41d398cae5ec80b76abc3a5380001aea500eb31b10160139d5a8e8f1a976dd2dde5ce439a29dba24d370536a14bb87cf201e088e5e3397b3b61477c6a41e22a98af53cc34bc8c55f15d7924e7e32fed4d3c3ddc2ac8eb1dfc438218c08c6a6a8eea888b208f6092dd9f9df49e7ede8bf11051afd23b0b983a81bcc8d00f7d1f2b27cb04c03aeee59c7df23a17775ae5984eda788eb2015680ac5610fb1380b4e7d7a9cda6178dca98690449f5551b66ad2826cab2b662f56903fc95b4611bc86f7a834a34ddc3be7bf142c8baa096abaa3cd51ad0c0b6d15e590eab9e50a4c60c91061f1ed6373d91974c1ad9d263110a0d43fd8b596396cafc0ae70b7ac24a59bba090a6994ec483db7ed4c572f723670a11c724e8ffa2497d8fccae37eaa1d14ac1537eaf80efbd2e597b2ffac97f2bc3cd2c4017f170544dfbb0d9109478fddf06ec0981542bc8107a725be25070d2cab4716f4edfad75fddd582ebd363c49e8efaed9a76ee51f22304eebc232a4f67f865b04f610a628fdb317116666785fe8ca30619a07c83cc449855202d687f162b12d93b63af6e7ddfb7223d4ab998a5f450523c1d521ab76f4aa113cc2967e04a38dae07c51c2d0f44fdc8605c3c53ccee91a2c73dade5dae021cbc87d5cd6e5fbefb65335827311fe1e91921ecd66b2055a6102d7a976308a80c44e6d47a67718c84f2112d65486a558f1f269b91d9f47e3e11d09c0c748625bad2718e3674898abdb19d3644bcdc9317c09a3ac02f514b2a57e6a706362e5f6e8fb16cc83daea0eec85fdc8c367d84c9230730291440a4b109f7034d510a3f70a22dd4fa69e8b65e5fdf87045d560eec71f4e59531c7711d4f8917a96e22ad07346d2f92a13fb4569fa6a075da6e1acad1eac1cb2ef19ab452264de2357c927c6dfae6598cbc821eaf3b8da754ce91a96c702c95b2c308bf3a550cbf4d22d417745b5f17d36608feb826b862747c59d26a0e8eb96547a1852f9fbd095f1c5d20721804941d462f3ee2f0876ee2825c8df24c4f00f0844e50588ac688127013df8eba3c971362dd255420649245e880212cb3d732fb82f866dda090040f28e09cf1c86eea5dc4fbfc373eb69745b4afd841ca8e172d4a8510e7698345fd4cab9ec2ca0453a274720bb2d2e5468bf0d0f85919dd762fe3df969e6c071285e25c2e2a49659b8a78289aee655965bfa3cbca9b292a19a855ec40293185354ff4da9451ccf98abfda07f1137e79bc89d688963081dec641a99656b040637402890f185edb28e7e6a2f65848a6af158f90eea440aa6246a2e6c31f5d220b9846aae2027afe5a7caad6dc16b56463367cd9e73bf22a1d6172145de4565ee369c55e3b99ccbef70fb080a3748340fbe8f6b95ba46e8b76de5a3c4bedc37c55ae24ad02267da26769a3a732badac2e0f3a5393028dd54d78701647582cd04c8310e9f1ff1b433125229547130e1737a1f33604f0d670ea7221097c3eb9c7fa4b8293d7b429af76191ea8e481dc1da31344537a09b33404d782eda1d6f5775500c1d8efc615778baf0905d9fcba1806ef986c40b1c6a72335104376b58266c36f5939a8b95123e8635c0c95e80aaeb97379b1179d6332dc07539b595ec32eebd3a336a1128f3cf2e2924db6d8504a516b62f26d012b7f75cab765c8374a3824da5a405746023b51894649ab422d636513ee809fa181d5b6fbc63351e37a1b14efc8f739e86ca78ae3e280f1c9e4824b2976ec4dd308ede6171a7474c7f530128089bbd75e10f9e57ee17408b4384f99f886a5f63a2320a9b90eb9bf692e1fc449171eae3bb1bb17a6ed937ea57af3c82db84e073b5306683e1d63705b9742a085fb802cf5a1639818417fc2223f476c2566351f4b3b17a822e11255f3c3412dd39190e200727bcd3f9799519ef792ec7c2b0b9d0e2dccf013d436dee63483c2ce83c15c00a76c4d894a60cb90366ecf9e61221ee8bdaec66d715159876d8305b35c81f96ab2cd8f81f4769e9a6e439c08c329036f5d2591ac42f2747bc0e77d4e566358a3271819b6003b290211b9b847ab70e906aed9f86cc38aae27e1098fdc3bd5d84e66c45292183f198bc329cad794aa4e430534511b7d9a75104061b409676a16c1146af0a286e2de8bf51c4a35193581a902bd3224cb9257c961989042538092af92644a63d6d6f6872a29aceca39341ad29dd22354812c4b7c7068b039ac9ca7e6358e662a28be001d4aa697ace540cc3ed3c97b98d8c5a6fd3543ae9a7962c9229b14b0b646229807747064be3e83191cf24092dd67f675638d9f6510486379f47f5eeda870a3187946819ec9ed05e7b325bfd0eed5c9a0f4a2063d63c1a8a0a309f586c94d4a68bbe860ae9599ce204c92cf9d92cb460ff99cff9e5a8b3824786360e1e1861e71158395faeaebe7aa2f61f76190f174aab9a313f0bf4f1befbbb22768b8c22719cf3fa9ec908b576fa4bbc084b1ee5b5a7eddc89b58b45ae7b421d38215aa6e49304323eb4e202655f3c8b16ebd6b03058e75a907ee63fcf6aad5eb96c1e5faea81b88b5eee525c4663af52877c0f759432913b9d48030903e7f9f70e851cd4e20bc56aaf36cb02293d992b38b583b8f0b25a08c3303d8af5b1b37f5127f7021b13934645ef3020e5caadc5e7326ed4ff56f797e26cb986b6512b0cc76f1d8e7be44aaa88e12cbc644f14a7feb979d2ab66907063c51e052d0f8b25d827377fecc5111be0d365e08d17f559e3134cb9db294f1cac03150f4232f853ec15ecde55fd1023b58e83934869796400088e9177e85a2227ee45addd049c1d6b03e5b29dd570496fdb2fde7d8cc74fbb5fe76266ebd90a3b4d57e6e6cb9f0bbdb7ca03ae955915768011c714c909a27ee20135927af55d4feaf2c345d029a54af942da6f85f2103345d059f66864e6b0578111e2ddd5a1cd8bbf4ae35b60747b93f53ec8ec64c10cf4149909b102a2b88712ff3e5ba3611cf96585a6b36fffb64b8c37a114d6b16a53879136eb0b5e003a5a068e3e8422a4fc8d7c77227cce64ebafcde2437166b62ccf486660a7a2ef37012ebacca26ecd5bdf363feeb06aee39050974c25d6a564594c67f56fcf7ed48b07fab4e25ccffe002bbe460325abafe37f23dd9c145b4667f146a1635e462330f02470b35c5a2519f1350c02b263201ec9026cfc57d3659373910e878f2b6c1c5be774df8e01e775d476956c257bd0ccdec17ee939c46e5653d5813eda752ba7bbb245a99a5db1ae55d19692074c2e5820df97c502a4bd1b12929e1be8e9ce6d802347c3e9c4202de6046436c05ab55b2fcb2c227adade6c2046d98102cfd0d859a91f8104eb9f6f155da2acf93df2405bf2c083eafd3ec41d60b810e0bdef6298b21193642a9c0c646bc6771a5c61a25604d96bdb727abd5a7ebe4ddb2a56a6ddece26d8007b26043ad44279c3c8ffb7e6ffb3cd4e10ea2780f509a8a9bc31f99a7e66201195f1543a0a020f754d9a665a29a896faf673df6811379579891374c71b2234fc61e95d4d46f15d44bdb4d7c3b3be3f46410ca46827b8cca976d8866e8ca33c4945d5c87b705588b78015b529843af0b75a7e1e871fd276c1e947d896b92e6181ab7e3ccc7077bb57fe85a6958667d3d7a790f6cde1cebb494c2912478a0eca2bfaad62492e9f1caaa0cc520da08c0d2d910cd44255f4c2ca0646dc89e789a1cf9a28e2f99315d33accb1639cbaf0c94181b85fef648bb4cc7f66dc65b8e90bf5f3b763e58520098febfe7e47bddc2d9cdd5e40dbf4ddb8d51f51bde2e57432266d248d13ed09e62f66794d188f9861c50ec41f0eee30f76f4ece250956733ee97036098db41991a4a3eb7816196c8e447db3a2913bcd992174a7bde1f42d57c764b47f5bc09533760c1ba74943a0dca291f2746bc1fcc573f9a22c72a5eca347b1679683fbc8f32b08d381baf67b7266b14b3ba46a04a3ee45881ac452f64df1bf17f70f4cf9fa4dfed9ae70184679184784a0451d2f5c19c02031e0e4957b4df68b4a069a6f6f6458f6d773924a1841ba664a55c2c3187dd33416cd410e56e4bf8d3671cf737bf67df2a4cc4dcc786872b9e2dc4009fea0e48a749353ac053d80e36357d24d468dd595bc823017c015d7450fe38149370c5decf13b00b6b0e0a2567ac08b45f7b0c8a7c89d227219d051d17a706ccbea49a42035cb327381568eae23b5e2a3b7e8beef6f260d24ab224827ca8ee9d640dd23eee94ed02c9e26abb3053cbfaeadbb1f365a24d8769d92240da842e0b361524020b5c9c22a2fd8602dc9600aaf02b35344309f6bb018a94d4cbc9639ab7430657c4046f0b25df517e31626abeedd58c2e19aa0ae1a43ed2bacad91dc04a2fdf9cc33cc420f4f04379e95988ab36731d5d5402d89fb47e826f4243bb206124364d63564a0872f8d2826eebd9046c7c6f2e7c951e49d4b22a7eec89da1fbed890d63ef15f26422185143c89da3ee269f83e1de11a7467822146042be92295a585e3a09e720ec522e1cbdcb41acf5ac45ee892677ba3ff670d71339a76ed98237be252ae21268e756f05ba0b094a1803f9da84a8a05d0ec9456cf565e1b548cae95eafa0fb01f091935e6eff2413bcb15f605f15270408216fb5b41ed83dfa1454c522375e35bdefe54275f109d0ab450636ac4d8e4d9e27f2d81a15b8cc5e98549254a1c9162918db3e399118f5864774a9d6a2347e1315753071eb1204c8bf5f52b1a0da37e484ebbe545fdfe6b031215678c3b83a19a24d7b661f626beb01eb82b384f02f42bcad4f40addd48db8a92b90d2297e6143702056123286617f86fbef4fea940f648867d790b8f803abc5f4e0e3f4226954c296afd96e287e21b7243d05e743161810da578096521805edd81f68a45500f6a3a1885cb1f45cbd399dde024df65072eb973c827fca13eeaa3f140842016f509aa9ab4603d2457c92cc9aef24950697a0044e3d7c483b8d8391886cd50dff8c2f16de3d6caa7f864c1b3874750781b2b78b545a94b4da0b0036433c6561f5cfea50eae9f5645302eef18238473606e9b9931880d0f6368fa9970d1ffbe59c4454bf97f4a5e8091801b53ee4a209e0642d83605836f69742071aaebd9d813b10f4ccac03851ee9f20cd1351f8e68554c9bc5f58ad19d474ca128edbf561d195e52ddf3c19bee3bb597ac2f92143bafc98bc09fbda6d18dd4ff2a93cd2ba17f54f75c32d3f141468c2baef4e53b6a340286dc2599bf7bb002aa86688e26f5b51a6aaf32e48ffd539d4f3f4bbf0cde2d20138151c82384f9ff29a634ab4e0103d93340bb9a7b0caa108bc7fdc88d7de14abb17e9efdad2b0f304f0bfcbabaeb1b9db75959dbf54930e67aed3a9c8309aa90506b6b9ed4f1d06c4ced19746e206e1e9b8879663bf56bf6c5c920ac5e09e6579b780cb63e1875ef0a731b726864b7ae5705a2d6d343a4a213a05928b7337a59f900fd04472382610e2a8d25383c9ab5804d609e79a88d70eaef3ea22d3aa9100fa2a6e98e97684ade9fe90d6bfc59dc9dec3d3d8db8990bc2123ba92e64253235e9b4d682e8aa04e23fb9bb6248a77c065e93249de829bb2fc5ea9e396461090222816bb29bca37bf86698fb995f62c50110cf418bbe2078a56c5f1ec9fdf3d0b09a719ac253b5bcd00932ae058b86611aff51c8ca8448978615854b69b0216a6eb8050ce199fd9a13aa0fd652570a1b187f61e6831b3a960521c3705da8c5e6c64c7b196ed4a49c2912d77b670b177c6458a7a49ecc1ffd8c57c0978d2a05cd1f1c7ac9514dd14b7b0933a52cefd40b6452ca0903df1f55828025c7e18109a6e0f2ab25724cad2d6f57cb5d894a6a508134731e9b9c61254f64990941f4faf97394b634b91860cc6ec346aa666600d323c849ea4c4a0ef55acbc56495ca004f3fca42ff0ffb11b0e1164c95ab89bf1db3d4f575ff334d4e0d7d50e0c54c422eac5ef78c5a3be95f2e18872540fccfb597211ec79d9d47b6cf41e385b9c2e92122167fe584210f63bf919c620d
+MD = d7c901f0d92a868dced7e2659e90121108611dd7781325fc57e5c336c2279510
+
+[L = 28]
+
+Len = 16
+Msg = 3dd2
+MD = b7399529fe614af98f9ecd73e45790406883cb22e3bdcdf28fadd033
+
+Len = 104
+Msg = 3d232201038fe7d846ac1bd4c6
+MD = d0aee5482c509540a4ea4b902bf42fc8df3af6de42fb14e903d1b2e4
+
+Len = 352
+Msg = 44c98cfc71f82215dadf494d68d1d6b92bb4eb81fa0fbf945a659d9aa2c2302b5c93fd3eedba31e479e29d36
+MD = 56c22e6066cd4c4d6415c5a225257e7f888b317ba4e98eadb72b4be0
+
+Len = 504
+Msg = 02a5c7b1b749d6d49bed302d9439f23ab83020bd4d573906f4190e74216ad33aceab775f71cd31092bba5cfa42f0845bd16fc1b8bed6434dedc92f80b395aa
+MD = 33a84e66cf1ce6970c35807db25e05ca05809e53d4e34cda9bfc0045
+
+Len = 13976
+Msg = bd70deb2cafa75918308d703a6783fe9dc5e3d21de9bfeb6dbb1cd531ed5dafeec463a02abde302d4ae6ab3cdc2f0f94865e38339c88bde507ff71bbea6b30b9851cd8cf599e950b8c8e620c90adccba0033f934ca66ea0a936afdad575bb6235099beff1a632c9114a8045a0919fdc21083880eb05c0d8c489c7810aecef4a41766f67c37557e28a9db9a0d909c2b167ff7eba79693afd3ee3aeace38eb73a5a02a882cf89b123812cf2a0f6d5edd1d14362ce9c43257474def5cce3adbba8cb48e7af9a45e702a182dbf47e8869b3f99e953ba81628e502c60d4f8ffc551c31b3ad6ca85c52164839d5e9d493deee4d4b76604174bdb5655385d34ced2c1b09dd5a486e1f9ac501bc611f9d7aa5c748f496faecc14c6c18e1dfc6aee2991bd0207ea1701219955a751df43dbf66f57904675a0e9e6d7f9a0b8bb82a8f44951117ab2642d6671daf1e5d1639d48aff6a05781c2b5e8976653b0a164445872d393d30355acf0bb49bf2bed4265c9a3b786249afc7a438d706eadb6f90a7f93ad51bde6d2c8e6ff09dacb3dc67ba0d3030c54c8367e1e4280bb5903274191344610de61c3c770c6820a6cc9d826f7c743f88f13580ba23cfc00598fd733b5dd069bde7f10f2b8961c16b69761b0f308dd137f844a67f6054e065863f226141755b96645a291e3fa3fc853b2475fbe1d3b25ca22f4da4425dc95fc855e63d6699b311ebd5fec1c7753e6e81f747c808ec3f618f63eaeb1221075edff0532225c40ccadee304a8997c03920e7ce4e60e4df4d120611296786516dd4d9cdda2077ac52bce0fdf552e1ee89a0133f1f87a6f6f35f5c53958ed806465919a0a5fa42488bf29caf33a0dd469e13abae351d5c6fb1a800ee384da199c823c965d9d5457a3ef8292c4d9b142e3f1fb502da498eb44d95f8c85bcd6871bbdbf004bfdc09ab35758f5e8b6a0d0f366c3b255333c52c8fcd4ecb4536b5f6e72897649f3415443612d72c3436505249a344feeb04883f41f90ade40af119014b3c56fc108f1ab0a77087d9226665d416cd975e9e4605529c032e8926002a70924820c6c7e264a794b2a3beb63d69ae56e017294fad4d611cbd0d3847212a38f22d623eabe3b884a36464d8814286fff52c4dd366f6c2abfc2eb865e0dc9ec6e55ca9d81f1b8cc47e2629bb162e54655bf2a9e156ab0bafb4b8ce96858aeea6e6665607a3f268036f4890dad759486b15e3c9e791429ec8f11bae4ea7c490656fdb0551dcf0b0be017c08bc674bd97d9d701c3ac955e2941ba7d5f2ba122a6f0c1b164b1caf2d50df111fd4287e9e195d181f6f514d7dadbefdd4274edc234025b727680576046842a834b6ad89eccaff5c5209bb91d652357e3750d8bb0165572fb71d09fdfc60f6b1e5d868c67c0edead427e7aeb734e29b96e03ea174b6b1af523feacaf6bd745ceb1bdecec9251958b7f521182daddf62ff6c4f58977adeba81c616ff2e937ca4f16eb9c44e63f9e974709122083ae45524ff87d7a0cca33a90f09b660db0efeb393c61967de2564315827ef1cf42b71c0f822f471713c9d885a3c3281d7c95dbc96f1c6dde0af70ea11232b00a2d215ec8de8fcf84b6193b6ac9d46de660361aabed3371fa44a6f32107f3854262eac355f9ef98701f580b4649175cefc29950e7a0eec958f629999c4b0a98fd4bdaf5c0bd97c963b551f2220bd41ec00b8726836e949e818a49aa1ac5bf12c64fb9991111ce8be3e0cb9605f753dae1a4c84389416f17fb66cecba45d591b22d64e5a4edcde067a088d9ff7f5dbb9dbf324510000c55d50f480a640fb22da9b4862dd81080d61af9560b601edb5e3346263f5f193df97079a27e3f9876078b80ebdcdb17ca4c50aef0c8329c72a7f77584cd963e105eea9c28a2ad4e95c1d018e27d0e720ea59147f59ad796b80b6293da8a55ed47e8abdd37221db0a5eefff31688e2adc294654ab0fddf9c1ffafd4783f01eb539492cb35a77315d0ad19395f47b18298a7b353dcf5bab0b2f193ff73d99310478d2e5c4ff1c68a2493c138818edef73caec9977bd4eda6249c8933953e06d796b288f78b18c343ef561082fd03bf92b084afaaee741de3004abaf746350048294bc52450e31147173f2da13d6ffc5adc718e149f9df3702f414dd3ee88296ae8a0106b071b589e8696401da7993d58a9bf8e5bf417165498c96b4ff5fd2b45bbf88f551688425122a3737ca54b2992fdb4d60957a93097222c3cf4c45dabe18b9d6a69e6f27567d5adec489e4b6812c29a8fa52f1de642b7b0e749c16f54473ed5ca2fdf2199e885fed308fa62a3e0deb7e0b8e439e25b3e9f95d755fdcb7ebee9d73069dd57dd1cdc5145205882023b54f2c9dec6cced9e3f6d24e8cdbb8ef121b8f3eded574d81908e867af5ac82bfb8ed60848b4bfdc1d998bae3a9ca80c1c49601d11a40409c62b1536f01ca67
+MD = 60700d4ef068822d0fe6df450b4aa8e206b2790d6dcf973229a59889
+
+Len = 48824
+Msg = 5fd54472a44e4476d254c0940071ad42dc723354f76ba61f63fbb9df80d1ee56136f51b6982e66c1da83602fc08093506a9e2cf27cb92085ba5c627dd63f59f8850e91a1d86cb1d4ca38ad03160f3c584b128d9b21e935570e086d3815307ab8df396cfa0c100bf6cbfc0fd7a8258fa1a656bc178e02cfdc868540d8e5ad39dd46794a8bdc205e710555ee7421ca7475a4f3232e6a0cd55d4b5d4525f0bd7eb1e455931aeea6918b9fceb2a32706d31a6d7028a85e102f228417e2e7db68317ae155af70eda98c8dc1ecc32a62e294d92855354c1114c5735a3c81e551b63a81650107557f3237bf953989d17c65a0fafd2bb1e32c237f98f55389e8f8b0810e97e201914c487a68403c6d621a98ddc515780435564245d87ce462b8785def699f7f06ebfdf33dd1ed7dd5a3e781348298c7950a387bff7d1878731d7ac66ad9a6607f2c3a3b6843c2852a5e882a8d78ae9dce2a79d595cdf09626dfa6f1dba7d40ed21caa29e304e7dbd559a89bd1f07d84165dc259ef112dc6e2c5a3e82b1c50106983f6c4965c85073c5deddbe6323003d56abb0df590f69010981ab3407e43eeaa29c6156995c492c931fff1b686eda3741a0bfb9094747d1620b2580415d431ffd6c02245f6cb03e39f87e82834dcea59355b2ba663ce145d2514e15e2b2c60cf518ff510c6c3e2f16d2dc523832762ed8352a320462ddd4d6fe755350672038163d996b44ed3b85d64989291bdf39398cb996de785b9614ec5d4bd73efcfa37fd4470b17d6240b8e4c715759286b04c3d7d791e2689927c9f18320ff2e6bc7306c805e23a5de66eced5f1a630cb43dd46db515f837f6b824b99b86c10b6df7fcf22d97be05284edf0e0be597b3f9c63556db031339f79ac9e6c5f8a1cefdbb4b30f5bcd23c2a4dcf791cbfdd6460284c5af0621ab7c5571e40a87c87be459c85ec81d746930dea24f43bb11d6611ea83409d3bf4f987778d8eed1d5b246a2112ef78ef0252f9ae464810c13f02359441d289958b4766807d9a3be0054897d35b01830deec1151f9e3d42f92b80f4aeedd65c78c6e98afc562a3bcf6d72f238c6e94a38f2288ac7929a7a61c92875c1f115c0ed8d261a727f0794f17ceaa3dabc717478f6ce7f2e8b295f000241e154b4575bfac8483f6b62f9ef4e18f7d341a65faad5e2fc1ddaf2b09adebc155ff09e63d5aa5f95206e66c7f4ef2ae3aaf3ea7c93589efa8c552df8d203e0ea181c1703d7023b56e603f33b4adb9bf44f7af290d8081210f327a6c9b0785709346087fd090c42d2b8b2711b9a1a5173eb5e246320ee27867ad6c3eadc4407bada44561a12cf5d53bf0448308bb536a8a525eabc1410c3a34becee25fd6fda453251ec229b53751f2280e142c6b331daa659ab655b78cfb08bf18e40bb02b7f1650eb2dd4ba1707f0aafa219f21c29521581ce249e2e34f5656b0a04c00485079b040e13cbc038bb9f17f47cb8f908591b26bdc28538d8baffe4cc39b17d2ecffbb9698bc2b8b31b08424034c051b535e0cfdf07b7a0a54781e33ba739759991aeb72c0ed992cbe76eb8ec0ab12c182e8b049cbadd6e82e314f1bf15fef5ae95dc86bd64b8556766f8ff62c33492198e454e5ca59ea856d8e095c04da8045522abac865506096ee1cfa1082af08ca09b3533878ea3580b6c0c57a615e0ab768246b3eda96bb6caa01a2648068e21959f843d853e948588e8c0bfda364ef1f9fbd3235c27916562eb0214891eb55ae0e059f4bf7d1838b5942656c27899dec6d67b823a981d1e1e0aaff5323b0e3d69a7dddf9b12d7787ab763a3c7a2697ac65b655aefc4bae7e6444850ad2540d5193b378682c77a4dbf9aa22e517e68cedfd1ba32e3730ecaa2e3f6ae61a4f427d6e69071dd62a9bf6c860980c9d23ce1fa82a1937e6dc1ce3a2de096b680d23d89ee102912ac0bd769c1c02095678dbb00b4430428797cfb966b2f901480811e1b9cde358b6d499c9e93f0961f050465d7b0c70d4961e75a9fe40a24e36eaad27238231dae6d0a17f446c16bce7348e669be563649eba9f23be29adb8b10f462780a066ae573f74e51215a26097b02469c25180890e06acc53ab063c742e08d51359b0a39749b84b9f6be44f3ae3da8e5a2f340a8607d4eed08877d007928d332d6f49502bb5f416c46d866fc87477c58a22d3c5932a8d6298c1151daa032c84ad92f8f90b8053b5aa6f690d1bf682f314471cbf200f3d30959e07adc6488dd17b0be5279e727f3237b8b4b19b31a220dfe63882937f8d5ead677608c42a57217f2239614c521d94559290e3b0ed8055d5474e96564224f6ca6389b40a71337da11e1c307dead8e4eb43252cc2f1c49addb18781cf20acffd3db693b02e5c8ecc949b51b99005529e0149a13390615f5df6e0bcd68e1ca82b0173d25134dbf76dfe92daa085d3f6b1e4d18217df41b70c4c40101884c2886495f2ef8a473bf23cb47ab6533c93cb38c36c6dcf6837f1272fc91a6962b6e1386fb643e1f1d71fc75ab58d5800bf4081217cdce0c7ae9e3d25de543fc4444314f32067eeb147c08c55c5c8158ed11729837547f28a300eccc312260215f50e98c4e3d4170208a50a4a4def1243538f906df8476b0c46d3449be73866d463d422595300e160840daf8c906ae4aac13a64457853b0ea6d8c32f4efe3b48c0b1450250086d459648b0ab14fd3f341a4a803be77e56a811e7a26827eb0a1a9454f90bc6ece665904adaa3cdeb2c4847858fd1d79750e8cd45d8da9163784b8bd06629410502debfed5eca3cf8fef0fa6bdcef6efaaf35a1986d6fd68e0f436dca9442077a4818ebda4606a94a3c93fda46e7ef5ccfef656896a0d3d93566b02ed8c3f6174417cdcb99a415b0c6e9816d94e64b438c295b4bfd69e0d9ad52911de5509971b7370593160629b641d690eb2828bf363857983e3b9098fcd15e66448f786f196685d2ceaa251b17ad06dacd614d9fa78ce0a8b9c1c360b529d0bc1d17ba0b70ea8ac1b8d67f6e5770f0cbaee0b38109d26b09493060dc851f5fef121e83e30aab9c3efc2b8397e8362aefea1708f7ffa14d3656f7f7610f3a629bce14648a593250c6f309c02c6c552bb42984ac58db920dbc7d98f59295f37f3e9b99da55ef074ed65801b390366669b4c7aa1c483ffd23082793f9e5cbe30c34250f63fa3ea2cd097593dc67e8d27b7e4f07e73a9f7b33a5ef6962df1381a038d4f58fdbca9d71ccf640b917f631b75d4a2e8ba46c64a6223f99cee30f47c1a935dccc7f054fc39d3498c824e10cc3ee337e781a3971f0e98295aca611bde701c2359858914248f6bafc88232bbc27bd85883b00990bba7862fd7a7cbd4c86df049071fcd10d686613ec877758d83927cacc530bed9a596b5b21c6fb748c379d676de7e05719a867c9f934b5dad99ed97dcb4e70a9b6542ed5b2f086d9f56fc9752e788785ef8f7837a31e433438cf2f18f58be37fe8412f6d21a5c35000a5efb862926700079413f76ab2c3e79e20b516eba9d8c29897097bee55157936607cabaac41337ea4cc783c0809c875259f8020e16d5045fcc39ac796d11a82f25fcc9579bf0a010200f5745065175fdc15474ed514cc796672c59637c3c8f236cfc9c0978a3db1194680c58c27746090d76ca09f7c48ee4ee7e1d3cf0ea70dbbbd88e30e8814b57404dfd7c33727a0c84cb7bd468b0bcb3c89b526679c00fb0892d2a5e7a3d73698a3db53fd7d78460cdcf24ed22b5f39b8c00b3506541ae4a5b76fae29c1cd5b0f8c3ce142e0af7ae4efe3fa4c438a604bf4a9abb41e3fef1b9227a7dccc3f4d6026ca289b4b1366d9ed546abbbbd5677c8d582e79e2b544f18dc23809ab753313d84dd10fa3ed2f723f0b46277b8877d4f3e0665e88c50caf0f0708b746b736b00c8c83a7d18500384bd035996aebb7da8f09fd6af9b76fde7fbfc0ee854d7ec02950e76abd23ffb27a6ddf1772465016c79b98a61bd3940547b207b6507e32cb9761a5604f0f546834a8edac7ae06910045de218d761a4accea886188f947b57bd876491709028e2e24b075d6b022b51af1880ca16a8c65b7c69e51b2ad580ee058acc0606f0a3a9ea1cd4342bf4be602e941dc4bef1239bb9bccbc8098a6a17d63186c6fa75ec44b6e4fd38a3fe49c5eb995f0cb884e2f3ed6be02515fa605b98453ad935682c3bac6a2971bb68f4094cefeeaceda92dec803ccd3d346f8b40b48f8f489e118a17367801e85c79e9b3bb5d73ac44a8290cdbf83a154f2f125090d42e1a1cb72f5ebbd42da46c7a4d4b9fad9612a4c800de6467ceb74f831e1395dfbf5799a3429ba34754add4b34b5960a5fee8f752dae78450322a1ab3d7102b77e907fc1eec5355991e0c7d6c0866660e5436248edeb1a37c0e769a0764cfbb6354332d6e55103b9235c84eedaff918af3f0213c435c32ab409a4b5c7eed8ab6ca9e313dba459bcfa3ee92e7d669be0526856ac3c06a57fbecbba553a9cb4655a901d98af02b74098e478076655d325bd7639d73d7ae00c62fdc361a997ea4ff5b0eba33096b12f35cc7cc0eea62950b912b47c11b9fb386a47c4c15c0602d304b2541da889cff299a1fd415e7e25c70ee4cd83feea7e6a9c50c75d9b128458513d61ec5d0299ef8c090472fe0850f384938ed44d36f10cc2c1d31daee3f946a2fa18f9982a988fd6ac973b1569313ce3c8ff5746c4dd85a241f1e9dca0e904c091832ca028533a3e34c184edcc510bf22a27f530bdca3d057928a96f72dafc73a9aa6dbf2552598e468735cc5736c67a620e9455483e9cb2108045ad80569582ea93a53b491e528c8df336fb326ad74317bc1dfb8ec30a73af01a5dff3e437b7fe48ba5dbb3e8f01ae0c6fc28675a415f23a796bb6e0ef0efeb4b14cf20d4ad88ad1966da43a76b454dac8687bdd97b89b8f8eede91eb34ca4a0523ea65736ae39341fb32b9b716f25662a37382c16f3b9c346c84f03bef54acd6efb364c6401b07b3f7679e8e7f8c9b77b75e6e98b90f4df88460f1978d19744eecccb743a999aaedd00b5a94018e9d5a56bac9d5d55f6e93bad52e84aa7340cbbf98d56213d9dd3e1970867e3972dc98e61b3cff40b64ec49463ff79a41c82dbbcaa37a82b761f432849aa83a3d3c9a209e2207b87ae9ed9959ffced165fcb0d8873668c3cd8f18ba0f92f7acd2bf50416c22ce11692bf6132eb9f558dc789cf9776da94e48cf48607f19d9a11d5df4db11dbaa67a1d20e9f0c96f5956ee3f906e371c489efc88b0c1e56d881e7bf8dd5d6742622eb873e253dbe54f2e2e6d0e6136941de8c23e9a632727bb5f88c23170316c7aa0df28d8d07589dd6022828834f7ea9b4e5876a1704944aa3186dbf89e0e81767cfba03bfb38c55a9945209c4dfd88272c49d1745dce5ceb40f0a6713b5139dc2fb87a8a4888406d2610b7b910a9e5782ef0df719028d8e50a40a269dc9bee12157038522d06537bb31fc87d21af9ad4b2e7e127bbdb313e0a116010f65126cedadd4a122d15a71cbcccc346f55100e354b997154567fe3caccd50251d137c58fc3a2048dd5883b6af9248b51040c01a80c051b8a151a8878edf0304b5554746d6116b749221a1d0082ac925e6e140f0c3b6a180742ac8a50ce0e93e6399102f151d7c14000369ff52d0b537fdd51bec99e7271b1255c6fbc36d83408c417f6825a8e2a58b9054ab2c3ead69d97ea9947fec32d720653c123ecf51a9a3f0ed88743e3fb7b94aea59d0bf0219ee50825ef220554312cb907edb90e4d85f29e316ad57d3b90d859391fcfc63e6c0fd3ec27d4e1efd6e0b5ca8165cbd6af25ed8792d805f27fce308ca1d51335ed5d727558dafe05486a6f9149b8d3bc022026656714222830be582889e6800c0b170e48ebfd069e711210e4ac7acf07652a6f5051507de68aeffc9540cab5cdac84ceee46059ec23820c04b127266c0bf8df0d2b856be3377ab42592f495980baeddbeed3ba707a85dba64fe36941eefa8fd37204ec8c18df3852febd2b142b1c9a5cd0f9e424cd408ceb7788270899fd793db99ddb8f9ca8df550c513790d8bad37a1d1f4a62c4527bb64c677462c9b093582decea70c7bbe873095536728e7ce05d5cafb5d166a1f03055e918f787fb244c5857e3d7a1009bd37f30f165564a082c1510ed19bb1633811a76da70dac67641c2478c6b335f409ef54a2d0f370c9510d0aabae3cb998bd023778375cbf9cf5ef125afd584c11efbf40bb51839aacd3016e5e4d79f134245f952dbad617c78cb6f5712bd9c0c7e1303db5029640cf9b56e29329c3e6a9e0a2371aac1a437b9b1c4477ec9842aa80eaa22c5eac11b60c661de6ddbb088e844293ab8589c13d938765bbaa44301e4137148dd0257bd4c8c766c5d3bfe53671e9417cd1b52f622870ffd90f4e17b7a4ae1b5601a2edb032e353bca652fb565beea6fb0b2cdcadac71794c662677fb1dc81d116d94f5eced526b37c004b95284cb6aa2ac415754a1f14882595dcf4d3f1d905c6e8c12cf5a9d23d3ab55bdaf9f17d2f03f933e1bab89040753648c426b072b73aee8c2fc0d1c03fce2c656e20d4c96803fb2ef471b912267eecb4d6f342d3513894b94d77767823fe0c7438e51f21bcf16f0e98b94b23a10760271281cf843989824f7061bf834f93fd8d2090f70e939700dcb4d8964a19da39a9601a7e0ed9f55f567fc7d5682d55a9ba0e68861756bb549f2f17c10ff6bd2042a80477f89743d3d762f1dfaf230bb502eab6f4c46b26135ff3bef5faa179bdfbd288e3cadd3d88d8012706e19b7fcc6e9cc2699d3ba0e624e715599480d6b7dbc6eeea0d12a9236444b17285fc7794040dd40c2b2ef175f7f3641664fc9bb7ea6d7eb3489d504f8013d64a23aebcb5ce233405f5ade067dffff253f27e926431ad806703e8fab23656e0b7431916d8d4c72a7d831e3664e5f30839c76c8167b76f3b2dc75a6ef48df515e06ea54ca51de2fd9c5eeabb1610b7eef06a2f3167859cf82e1a5b76be8ed8beee2bba28c3b15af6890d7a37226834ec9f63306a0da11aff918753d8b83fe7220803c070db98195d6d18357233f5504a6e3bd6f30115d3987f93aa5d89aa0b8b577d1fed94da057a6f088233efc0f44f86798896eae9ad0b20c8c9cdd9d72a3f02213f6797800894b864cb44fed009440fa5b0197023929f9bad16f052cc2d87327788a68b9209f46fb4776b092d75713048b5453ccd699d19cafa8e9a93fdab0f0863711916efe3bd81ee71b8e0221e12e9ffe2f6ee1a4dc1a8de6e593480f3c05b3691e916a4a7ca51971eb2f0f693dd10f6b8468f8cf7bcce285938b5a0a76ef86acfa2990f88bdafdc39a065db17b845028ed2b7a9e331c44217de20440e406868f1eca818d0be20248c2948b8f4cb118b2e456e585949139270f57c54715f3297bf714aa7c5f72ed8ddf6a074703ffbf95e45bc81a02c42822c22d2b718f2de5e03d687a4b18d605ef5ae75f9d43c8cb4e77aaa0c0101d978120f29574b22f52783c667f7daab3e1f9cfacf2e68e94a24918e3fe2c4f061deeb64891b5217fe5908e7f389897751839982b7fb736fbfb1232684e93123611b7fc8fbeb74f8815b5ae13240051920f3b6ed34483ff673c467ed7f0a8fbf619796e485affbed0697415d2d0598ba34d5b9e44ffd12a5edc323883a2e28efe9baf860324f2d2016748503eac1888213926b0e0f0335a4b51820a2bd3b42d982ec6ce307b453b6385aed7a735a1e98479394147c40f01c532926e10e1b26a5b395bc150ec4b4daf5b1436bd0baa225583ffc9d9e9d8a354f60fded37b41c7c051daea04e689ab2d4e24d7d07c75c50ccfd6a527e024d1632246c6f40f06b86ffec0b29cf894b665d53d459226b93422d37a8da23587fe884dc3c0f2fb55dea296a9a5b9a0d101f186d9fa6288c912202547cdf958569d2cbf235740eed38d10b0025dbb6de31058e98780d22149c19d4bcaf06dd7353fd91cd1f47e47f45622e1472542be2f63f463d253617eafd4f2ad609f9020884905dd5c22fba53ccc619104b6c0203a7f6c8c26fc80ff6fceb8c0c51600c2e46b4b872e6d597511524545a76cb42278b519d911e6c1320e01682c551e204ccdf91290c52e0836167a5685cbb1af338eb794c10fac92950f3f7956acf28f1ca984e380bcff9876b0c71dc7ce4011d1d0f955da9ca885c6e7bb74c6194dadb0fb9146dd725c8a9574aaf3824b727c9be3fce59c35850b162c17d3013689fca858a0a51d81cf4f30d6a8705bbfe35ff03c34cc7c56aca32140d72c8e8121fc71353596b777b266d75b322c9a97fd2c5d4e2362f19c99de66da7bd9c495c03d9a15b28431a0c051e786fa80f5503a72519e6b419263d72d553d688349c0cf30918eba0622b953a0efce4415c29515c26ba15f00e548ef108afe3f8194aeb965e5e4be94f10df6c45ea5c133a8c3398d09fb80f950b83c1866a1637d2bcc195e05cc32a9233b244cc2b1d4930e66f032cb1163c37b3e58b576ab76de759569797fa9b8bb4fad66aaaa56f09c7a0ce4641d6799d7bb47cf684990ec1e08871458c211a353ccf1285e7429c7b8520180918f7
+MD = 85747c796a910421ecb364b4b4f0e68b49e9217944f6586eac4993ec
+
+[L = 20]
+
+Len = 16
+Msg = 8a61
+MD = 60bdeabf39efdf21ba9c0f94af6552d2ffe699e1
+
+Len = 104
+Msg = 37487aa02b03bdbc6bc62e7e26
+MD = f146072f92dc4a551721a10bf0b01564cc2b43df
+
+Len = 352
+Msg = 6ecd002568bae3bf1873993041bfa292eb94e9ad092d8eb3585be82e8a20cb36a47a06e7a57d301268a4a533
+MD = b0a2d6033cf1d8ff120a605b745d736ee4aa06d2
+
+Len = 504
+Msg = f6dc1d2f6b8e126d99939664693d8709513f97d730074ec2794e536d94ede79c81f2b2ecbff3c2c26ca2d181ada2c60050997f3bb087ce48d956c18dedb227
+MD = 395dd2989edc854746e384f339f0808c515747be
+
+Len = 13976
+Msg = 07a6372c863c7d7c6764e4f05addbbe161762735dfd2d23bf268e2d603cd28de9c369ac379390473e1d3fa7e37af1178cca54fa0f782dfbe68070952b93462ea46c640d43ffe71f5fba42df98f4c48ada0d8aca8753e0731508bc15dff283178ae5c10a6ff132eca5dde63a78d3ac94685152897828eb25a55fdf140fd33fd4e7b03f283e201a1baae8986d25603fb0b2566aab345fb48031d648144dddc2e3556c0ceb1104f348d96ae7dc0152e45c625d21b46e70c31f250c858aec4ab2cf5e79d8c79b0854e0abf5330b9f044113d306161968f4ad6f0973160c9dc296056d5a11523ea2b56fbce8387070fccc639ec1c65ec663b9dc49aa880dc4ddd3020c9d44ff7e8cab6266e436af19b4ecb82010a0f8f9469ef380034a02e3f50051a6a3f233dcfe9d553459dc1bebc538ae0183448c9405c351271dea808d908480e61e9793cca111b4cfb9874b799626a1bd9a0f6e0929ad51b97ad81b2438f5fc255db3a3dfec9f0d8393c6b245b03d3faeb58021db3ad391b17a91174a66db4feef1b4c889699bcbea7928f4d29be2d47f76455c8cb1dc7da9cda41962a28ad8cd7b39965b809e7c7eca1c6792c1ce1c8a4cad6290170e91fcc49fa5ff64ab433b4aa081c8da2d9bbb072f9f18ca455469b946c877e3006b34ffd2219335b30ba2e0980f43cebfb629d0b11fe70dff28883ca012c6ae4855fcefea20a08e189eaeed7eb36ed6db3835976f4e60053205805727c5eec15d0e9f155637a9e66268b9c1c302bcaae6ae88cbb8cf1668a487cc996c4662c4a4e195f094cb31c717165e0e13718f8388957dfe0bf69c70cd0bd763dc38c530b67b9c12244fcab8bd13f602de848a2937699f9ef77944e5f22e3b470601789e1838fbea9359c733aaee2c7082b02ee459b7684ef9bbc200da4b62d368351f5520a65ffa506dc9b097117bb7ae88d04d85fb525e91327689ec0fe86971480c0e864012b1e9f044c7d80a4e48c07320dd4292086e4c71d4c98dd826a9bfced112bfa2beb1ce85cad204451ec45703931bf637d4fe89fe8f485620b7f4b21e011a232ade7a8c92be77925e878ae0bea9723749528fe83cf89ecb9616dae6ca0e8d5754ec6c92abb21108c2f33cdc18c6887c430b72c5b193356494cddccc577bd4c2cd53188f352846edff0c2ac7869cb74bb16a77c0f0f194a7a9477ae15abb890bd0bcfeb0c39381a87f1d05319c7e971c10e9ef687f96450b400e25b4285032892b849fd5db8649cedfb03c88defea063ee144a1ab1f3bf05f59c7db364dc39c11a446c3ce16307d78d50315ba29f5bb9a57438564c8c7b3e367cd37d74b2375a4966f47489dc5448f4979428abd32193d3840aa983d3020a9f29d760fc7493ab2576c90b1934b799c1d0d55e4f2caa78f4ce61930c79dc017c2dea0c5085d73a3b0e4a6f341e9a5061a6658af11e5edf95bdad915ac3619969e39bee15788a8de667f92f4efc84f35082d52d562aa74e12cc7f22d3425b58f5056d74afcf162cd44e65b9ee510ff91af094c3d2d42c3b088536d62a98f1c689edcf3ea3fc228d711c109d76ae83d82d6a34dcfbad563cf3726519b519fd48b51741aa86720836494b7a589c778927047a25d73508adaa401e9a6c0767a675e31c5556cbe35fadc9671359b45e985c3c8af84113989b299ae4474b85e4b5d4b0578ab1e8a2915a8df97c4f52a639fe32272cb91bbfb721505dec46d51383cb8973425a714245c2e37d0577fbe0d66381d9239db1f08a380cf609dc699698e0fada2caeda44d58d766c4f8214b10642b80b8d7d8add7cc41d47108ab7d07dab71069a2d982cc900b331caec317942122158bac6eac9175c2dcba0c04443aa9188832b553f5ca8c336880824d6bc02486a2b4c086665d276aafe3b1b93729829adca50c44466fd5b5cb977aa78fbcf5c0f0da1b09216468a11493ffb39efdeda5d669ae92bee2f2fb250aa1b9cbb11c36c7a6c6dd26cdc3cfd572ffd8c1dd72a13c27a327a34c6b6b3d80fc6c67c72152eec0c8ecbdc1bd5cb829b811e7f29af6d786f4e93dd4c96fdda295a6aa258d7b2fcf291c2d68e0b1866032475964ec0c6f2fa8c2d6a3936ecb187350def4e818507bf157c0e9b33406be7660605af14cccc9c799b4e051d0d0899e53495bb8931a6e2984bc6dbe4e02ec8b4642fc2f1cb5fd5a5520b48cfcb49e1f9533838753554dd98b6a1b8a67409279df477330e5f37367e06247ca5c3ffefd00e693dcc0c9c30754121c9ee88a574915b9e77c104fd2f921c2c096573951407ba9b440423d76bdc6fc978237a6e302cede7f99038ec31500884775556941f1edc30e3a417b0e02cb6fb5bfbe5cdfacf4006411287bedc565fb06f1be987416407dc852254934df4ab59edce476f3506e65be6ce6ddf91038642291fb8e92ba5b1f0b105670905a2c14796110bac6f52455b430a47b8eff61
+MD = 1adccf11e5b7ce2a3ddf71e920138c8647ad699c
+
+Len = 48824
+Msg = cd8490c93613bdf1f284b94b330f6d6f45a39c651d2a160b340e2eb696fc6d1c35e88872845190d141c669de92a97daa5433b1d7b0b899fdef2ce74b8fe72a7296a5b5be26d1dc86520367c730c7400c2fa06f91ab4c48a7bf4ae35a5b9acd5296c4fdf7451b0ad9cc439b4e34f11e5d7ef2bdda376f8dd34d6f092b219dc085dd4c4a6308b8808f588eedbbc7af7f64e83182fc7ca7cf4741a341060a7969d31445834c982fa8739ded4555108acbea1666a83da17f77cc42ee73323eb53203e3b790f81c08e94c44678b6538096ab7b09916e6cf7ceb2af85987f8e4d982dff1ab59b0bdccaae1f405a73366b5c5935dd0b43e2d2894290ceb66a0246dc02de728c5bba30255fb56ce8107c3144246c5156a8fe40ada9126adf67227fa56b66c37be63f532516211ca012977b04a97916f201f1baa2629eda520b51508ab4229df2ceedce406dece0110e0a911464f69e7be38fb91deba0addcdb3161d2799c628f5a57fa1dc37357c947681bd9c36f4832c20ac466c0c245de3b250c33282ea1a02d007f03b34ed427631283eb614db4d521f555136e7e42b4cfbee8134c63dbe3bb79b5a8b9f9f5b9f5ac61cfab1c54d197f1e3ba613f251eed616df952d691b88a16466343ef2d0f63882ddd2d55b8a6786308b2257f5d7b38af166bd7f1339d2d8899c9eda8fa86215850ba547450c267eb3c9147d96c38161a69d1584e521ffa23384313a1debcd37f72ddad02adb3cadce7ee34b7c1f42a15d0d030487daf9488aa7562845a11ee7ffccdb38b300935caa31f78a4ff3dd93403cf0c6a16ca611b58c736aafd33d6dc56f0f47878211d26f6ab801b9453a7f74b44593dae0f047ddbbf2c902891111729edec44f69a05944b18e7a601f41ad24fd6833da3dbe3029bd390de7c9841b2ee2b079b2bd2737518fe1bbec88da64769dc36e4a8bf716c219b2fe059d7dd220c1ed2c59878db5bf8b198e0689edee921ebc0cd2d3853fcf57c363050ce58071c5fda6ebcfbc1bb62e9eb956286291a108bdd4191c4ff47900d6068e1ea26b487649af119b9bb15dfed804836f2196cbe12d8fc86e3d7ce89b52ad49dc9ddbce5b370f73f512bedd853039366612453733740586d1372143b09f21dd4dbe1a2bfc308db8e4098c5e4b0c1e16141ee50e85fafefc4e2529b3c7252af37aee6f86e19df28871686107d7d57dcc812bc077602642d2ecefdd5f694b8f336913210793e4068da2178600b1f41cffb5221c9b4b6298afb47e85701d7b1a44241679d8996f916c81ff437261cfc358b9ec42a2ce16ca3bacb8690d6c1d91cfb3e0bf1e7ba45bd01606df856fd03c7e946f7ab371a89e1fde86d05fdd97bd7b1c583b04c2ed2b5f6815a460645e4e1b4e950bf6bd81dd0352d1048df85266f1696534aff5b1cbc17f15d82cc8e0c0d4f0453f9439094f8e0f7f4bc045b654d9a2f1f44a9c57019f63ecc41021c05b5380675cb56ea8bb691d79ee204d2c4edacde3c1fb3f4996a11d84b035f965e74009e2ab80e2c7ea3c84a834d4971a1e9cf423e4ea67ee526eb3c3e4c2d7372c4290a0741e1fcca5ae4cf36705abe98ac81e98a5419baefcaf3093a7e0449ef1021f88ffb7ad21b2677e41cdda12025b06542c4b2564f15e0b99db43b7c7020028bd829372122cd910227cb07c53cb58fd9dc620c0491f3e2bf883fe6ee8cb1f5b73767977d857e4513e8b5612f6ae4b56014e6a3ad2a065b65472212e2f611743484cfaef860999d1dc5608c58412fab888ad72bb87dd9b55b692f31e252daf8944ec5c02a5a9c23903c50dbd845f2fcc3bc9806af13ca7b025cabe675195b1d56f3fe7d7bca12530bcc0af217efcb03a218bdb6f9726536ea902c8303b02e3ced22be59753588b5f0e2f3419fa5345a942dbcdf3010465384a225ba26cdd0f1d74999c69f336bb6d01fae5cf81cbb8c1a7a29c1eb83ca6b51113bde56b8cfb6a5d72557622a37f039d090a689accd02b57c691174338de8e05bb3620c079705c969c58e56b079dc9eb44eb0fcebe548f5a31f4072a5ed56a2f03107bf40a359b2601eddf53cade66f294cfeaa40a0d94b9c90d15f61852f295d3911f8ea914d015885c8c64540a83badf0021a416c3e37b78236a2ecd1fce4114033416bdd3a36c18ec13250ee9c74c0fc4dd564b3d24a825802d5ae402a53bacace115ae3bbb329be79d1e5e42dbaf0a6446431145fe49b86a8703c7c41f8985d54f12e314c16ff89351d8addf66ebba2783f2d1a11965182aa0b0dd2de53586c5a695c6265c2b173958da648611090557bdebf11a1e042f089fe98e049f4796c60d26be38356fe020d9ace9008410d53a1bb7db78b52ee44bac364213f5c59f1eac4e3314f3423b92fdd7a6156608111ac6ddf58385ec1f3df12061208db98816ac948d803fad10d5ece2018c60faa13de5e5a9033745c824932e53f4122a39f635813545c1b74732cd55642f19ed6deca1585ebf7242c849bde981572a2199066e9c912b2068c8f1c8b936c43ae95c6e22bd7b80dfea05f495d751107da5928e806d0af905c87b5a0795df146af6580d8f9c6a0e2645686d43822ce9b4be0bd5937c097917e048b5af71c7e7521d490f107e9231ee5bd9fbf0727ba87774ed24cd52f471ffb71849ebd55605996515bdcfe95bb1df3541e7c42da4166dd01ec3597634aa6455d15fe14af435e8d7a55ff1682d55a2da867ae63d11fb3fd987fa5d7032ecefc35d3fb9570940e779e13da18070e6df5292f97f2a281f9598101102c955fe4808a2319c85fdef3d55b19e05bb8c2d3da64bafb67a53491513a24f6f0804aa162c8a7db25b38089373fecc45a0eaef65dd9be3b4b7f9436a5423fdcdb5a9b60138fc6a2261225390d9ae0d8ab7f0f7ffff69dca06881d33a637d634358abebb333df41151f239add91abaafc89070cb2159ce3a31655c22e4696c9fa7a7211d1251d4bb21ea4a321a3dbebc29d97f526251e40e548dcd7ed07587719a266f006179dcd22e50b3705152817057b097b043ad63b8d867edc20aea9b4c959ef4ff70f47128cfcc21e31f17978ecacc366f459ac1cc459a3976e4173ca322675f84f18036119ec2f204c3fb554a0b72f7e9d8c882ab147b3d280ca9dff7b9160b1b437b901f03cbc05fe05c6f44824b48aa8da52ae7dda1653fd500f9ccd221843cf76513b3b74d094f14d93a00d7cb954bc4cf2f04f9a35e38edcb1e84f62057647dcb3571f1dd296ca1e049f1746a8a282e85138500e7649db756b2d2ad88f11c471c89dc6be2cd43481013b8d0ae83da2b855cea7be424f8b2325b1850d1fdef03e765458df4513d57c72ba9751e1edc3c4e7f97e3202bb46eec7be89871ba3704aa6c6fc08851e551a3f655fa1fb798d12f003faf31c56b6df399a5dd0ed29ef9e4139dbc254bc5d6051840a859eabaaad56324588fae881fd638d2b70fb3813402df61d941ab495588e5fc3823249bf9a03cf877902394f512de118edaf98843a5445e9073fcfa409df3db0221f1c77e2dd21e74f9e10c9e180dc4ed17010eb949c6d67a22bd5337b2c68f9eccdec778ece728e91353696b742c8f5a3a569f054efb8c1ed478ee9b75e26c768a5816aa6bd08a4c72e745fdb5deb34ecb86b3a84346c1c70f9c16fc45bc0421f0da2f630912d5079f390cc53b78e343310de722b53d2a3b4aa386caa0d7e91986e19c3363426ba30eb5284293af81d00158a3f5233327b40c3b989725ba7dd5b31ac7abf8d3e0b737e843065cd7316dc2f374a00bed4cf9caa0d6e232c854df1bc24c3d484bc6bcb14ec770d5745474dc6ac3b3ddbffc551c9fcc2c56a5e0ae17948457c01e701bf1554022bc2b7d9dd42b2b91172fd85e6874d2d61fc7b3bb3cee2a9bfec09f6d7e98279c6f511f4140b116c856c1438e34bca59fdca2409f025b896a52d68719bf93e82e7d89bbf798991fda0af8d06d17f39eba4bca09c1fe594b537ad4c9b94ab52c895539d639425f9146b24b016368a638e5bba391bc8763cae7c52ff9c496884f1d84e5e08ed451358ecb3c4919dd410e82cac35ae744078287c05c89b42999ea6b8b127d40d53a5722d45139e8bc507a11e7add7fa9ab12cc40afeec008a4668e3e6440f27bb5780936c0e3668ac51262390c79b3f21fd041cf36ba3522f3a552714ff188bfd554c60d0e7d11213cf7d3864a5175d4047c2f3284741f18ec22995a5b82bf62190151bc1529c6d9927f9b0c1dacebd9c2dc406f7f64a973f9a70cff6e3abeebeb46514bbf2ead382f7262d46bd43d88c1b91a9011d1f8ba81fa536a7162aee2b2ec6fc0f2d6efc87b98d2e41e0f946969da659c21053775ece415a34d42b6cfd5bc52259867b411dfb991461ca618052309ca9c96468c2da12dfab0e822ff3bbe7ba281982a239ac19c47024fe1f0e3550cf0975add1f680a9dac9b2c4ab0aed4f409ddda6765eb8a0a9d1e9d07458c69ac8195541219b18efcd06c0001f2ae7fee2d404666a18ca3cb3aa4f0623e86c5b1229f6c2ca28d951111294b91edc52730b6b2c46e000672a7c89b2f38045bd3e37dbb8a75e18687a514dcf740c87a34834d3c3cc8aadf6166ec0c42d2be92f90a3af49633ff23cd80848ceb57ac550eaf9ae496bdc6a2d7cf50fe107895b4a1ed014f78af24eccd6a07420f1dc0df1e7c44b4ba937dd43cab9c798371b148325578d61931766af02b45054bdc2d9fcab2f4b49092f6fff7c27886820739d6140a4a905f0020249e8ae8dd87da1a1e7b1851eb01045aaa72dc8a2bf68055e7aed41d85336648a3405195d2ab61b0e29a770461f32fd05e14c17d72c5252f026a7b9abe7ea9176d3c46f6ed9fb716758d97b41e4f5d81a24538f763d83eecafafc668422612b40cfc32b3354b24755fbe400a2bfed494fe6d0ba0051713b776e67e2f1915e94708e6dc74b398f2f526933aad8fe7dc32faf40022606aebb6e0756b994c3176fae7640ee06d6c67bd54764c4752f1bf831f43e0227cba101174c5554ce26400f333dd8e9f6db1cdf670ce407d7d06c3aef4c0724b62edc8f1ba3e04f0e394d15a73b9255abb4d6ac70303dcf9160d32dc02d4804219ed5c7e3b48402e58ab2f58305f9bb95d2a8759947de96328ed5234cfe7d0b2a9a014df7e4cd0ae48906315f139b8635d2e6bd4aba32e62b8906cdfe5622c411bf0373d0cb07d17bb2bb5b83eae4401c243605fd1df759fd0ddc704ccab5a9776c40fbf6bde0f11b9646c699f26063a9550ac228c9884c277bcadcc0a2c225dc203e28e253c4e464b23d2529d09c7b7dd3c984667372472b615645f294c4e3b0797f9d1c234015b78502d98bfc04f1fa2f16cf3e7221d5794d035e4b172a4d84e679cb1c82df2fb49d3c6668eb1661bed56705096c2371a19d668832808eedd9e5b1256c18fe7ccc494e5e29145d453c553ec86fb7f3a634d0d45661875f2f1005ba5e734c1a976f37cd23450e4606e32d027bc9ec2edd9395e14b2082179bd7b4f9b8caa2d00a2de71d48553f7d4153cb56a1b08f11925e4b11c9281744ae9171f3d6faa3ab3f88c5c34fd23e4f6efeceafdcbc07686ef56efa62c0ad62f1cdcb4d3b5bc508c1f05263bc347158fa5495828f34eb7fcde98fefaa82bafeefed3f4a58968d751c051b52e0047f066de5be533bc3b1e439ab1c8602f6c67503803c8fa113737cb8279f358dbacdf45432b7a654d0e1122cca93420e956661d7275181c75b0d9c20e84c7007dfc49f27bc00007cf4ffa631c892981fd70141d532fcd51de5c23fe0b7a186d0dc296362f235d61698740cc315891cc9342da17843bcde274c17e462263d0e8b4832dd9075a7bbb443d4b26b41e534ad5551ed5ada102175e695363fb48d6b99ac978a3aa6f405d87f983384ce35740e930491d75675337c5dc081e3d301228e61bde5cc169968e5b4350cca2b085f9f75cc4b88497a78cd0a0073d90246c7dc102c7cbf3516498e8a41aa85d8cc5bc285ff66e8338e85ca83fb6889e2bccff52059bb9e92e92c155a349952680ffd0a3c346061a53fdf074417fc90c4d1af7c2acc3ee4b080752cbc9455ba5931b7e910f1e4af0efce905d2cc9c685923ead387fa532c0e8ad92719c76c281cd010e1acce500ae1443838b8afb48af032069dd07aa4df0d56bcb70a64592633699c8658102f1fbca441325e27f1732a7a973d8cb3a0684d72943ef6f1892f2d7ccf39bb6dfe5801ab98653bdbcfbb787bf125253be2624f6cf44177d588bd7b780d9e3f4e3a4e50b8a253fa21abce6a94b9073289c76773b46140f5a6e46b9de9ec066c176f5d1a69f380e1901216617363362d13ebb26ad74fb008ec08841550ff14ca800a1ecf2e007ebaad9f4e0d9664448d60ac0d8544243129fb81c1723b9b4bc2ee971dff736d9fcde0afbfbf5c50a4cc06a4c363998326c17bdc9e2508651dedd9a2a52bd87f8693cfcff60753acf9716c526e8635f12377e36564ae55d0fdb3c7997ec4dbdaa5b4d18c7b660acd95060831795da7d299a5a8d8cf9e92537dbd3ef7f56aebe38fa97c41da6bf0572a0270be7e5a7dcc0be3529339464c811052b65a938e874ea6da469c7d8992ce0aff1c75e82d1621ecb967213c65f2de582cb41de3804c507ddfc708ef3f6096ba4491e431160f98de806d0f334e03cfb7a3bece601099bd971253f3aa0df845da8b478603d5d88533d0cab9c89f2dd9a1404cf8939ffdda652a94093865a85fce2bc3d7babcff7b9f3306bd76b9af80c78ad518f89ee73b7a710da604e72f4927be8d65d06be2e0732fa786a83e27597cfbed9bf98df445499e0746b9f2cb9659ac0a9cef433148521f33b1d78d13c8441c0d1e20fd93ac450a3787a2292bcbd68cd1f961d34937be9a21abaf26f361bf53aa0c095e53c51f3e04d567eabe6e40d96a17c2bcc9230b18f7e079bc549a314b4ae21d30a3341aa205bc75c7f1d21b0a49549c300faeda243d0ce18da5e66c5b663cd705005dd9fea0a9564174abb797d64c58fdab1fae44576d514b75eaa31c9278b15bf9b6df7c6c2873d7a56fb91ab77b83761a09f9e1ddae535622fb87f7462256a60dd39dd3ceb6690b0272920b635ea639daf24f95462c523e5bbd8d8407c61163ab38877d5edfa04c2a78d4d240523ba97c7d01c71783f8748e85164b4dd08c25506a4ed18300b42b7bc6e417f512ae456ceec2ffc83190991a06d4a58ede215babcd3688e1d61f1975016244e80c88ae2aec05c7eeb1c50caca72b3b415b6b870bf5e10bd1ac3ba6b4acb1d1afac554444d94c97e171005fa4ea9c651bb4e527ff58d0c2f90fb453a92d6546a26e9e98395b09e8471bdcf2a145aacb649708cf048a7856ce8cf390c107ff2c66efbf2a76c5b041860ea576103cd8c6b25e50eca9ff6a2fa88083fe9ac0d1fb639c516b9bcdf23c34c6145a705498ff9b9747f15e1c08c63da6efeda4eca02c3f00dfec06c82220c9de840040118dde76be788daf84e6a2f44c81fe6defcc474f99c51c4648d297cbc48f081e0809dbda505d020cbe865e430e0491644ec8c52bd3ab8ce8c4862990f49fe2588caf804ce9500ef42d5a50c057c257168e283e4a4aedbe4ccfaf3eeffb212f9e23d15434d60bf4f455f512e2b655aff3225d1b217c261110cec0400f54dd303d6231d028c2eb649bccc91d30a6391c88bff9d447c3cf35a3467be5957e0ea4d4dc237c9f2c68ce48f658f820a3d72d559b60f233ce538c92cb148808e34fedf2d648c21e7f2ea29a77270c393bda42d869351d6c085d965dc12cbfd0311b8bf604f4391d378781eea3b5f1e0da9d0d8f8de88e56fe47d362cd46f591d3ec0f7cccb85a21f21ddcd4107821ce0ca9ddf99dfdfd9b0c9cd45053e5b1b4385bd8f5b227ada31b5c23e9420014474e8b4494fde7c38edfe70994d97b8cbdfac588df49a49c472fcce78cccc051f31cbbc1e0422878d8d490f3aee28adf1587c38fb7e7d1be54abeaa83cf54b633803a5e669ff4295df8735231ce39631616bd05e0e31117c722c2fd6787003b0bc7fe422a089c89329544e085d71102c1813769450a9f66f160d1702cdb17bd2c6fdf0f722762d193ce83623eeffab17b01b10a31db6e2feb6eb3abdbb2e36320e1a56e44e48d26090afa7f65003a98cbfef590ac3ec89b3eb230557cf6aa566e841806aa2767b21bb26fe001f11ae039e0c9a4bf1bf3d271960f16158eb5bd9ebf0080abd8369d512cab2d1aaae2b14d0ff6ee705a38fb0c801a98b0624cc138fc24834fdf430f33e1760db913da3290f34415c9e3df3e97da1780545ab68ac5a24db89f24d62f4a399728e4144a8c89f47ac2d29e30c49b0bcf790a5e3d3fcd1943c6a28f37251d9dd827a69579e6c17b629c927473b5a07b0a29d9562708d6c8ce576109ad1a3473ffb2047eb069beeec24c114bef392c929038c92abd0e6a19b610e27881361824d57008b7373d0ab76379570ded76c9b8284fe2c247791073c29b2fc6fca05019220ab92856892d3c0dcc6da0b597fe559c162d060d71513ebca050d9638164b9ae271fba5575ade787ec5aee8fc253d1b234b1df561db3e36ac64b9b0100dd6b407043537b2b141f
+MD = 2cbc07b9b9c819b8fd38d8a614a8a9c3fa7e40ee
diff --git a/src/lib/libssl/test/SHAmix.req b/src/lib/libssl/test/SHAmix.req
new file mode 100644
index 0000000000..453fce20ce
--- /dev/null
+++ b/src/lib/libssl/test/SHAmix.req
@@ -0,0 +1,99 @@
+[L = 64]
+
+Len = 16
+Msg = 98a1
+
+Len = 104
+Msg = 35a37a46df4ccbadd815942249
+
+Len = 352
+Msg = a93aed0fa5e163a82c9a934aebaab8180edf7de0b32f0fe99f9c75ec305b24609334cefa372c7c758262dc8f
+
+Len = 1016
+Msg = 433e88eb2f8aba562d15c18126fbdffb81d5d6c9397fa052321f5f78cd629708ba099b540da5451e949eeab8687a8d6ac35c531411cb37144ab5ff6a7eb46f1ab28fbcd2ea0444cd87c57bf7d3c02952dba3d3987da07622c16e7c086d90e88ad3d9d4afee301d2bad915d868f54197b70b23c9fa385c443404fbc9abf7e6a
+
+Len = 13696
+Msg = 2c46a76a9dfbae1f5e59f085e9c3d4b600c24b2d404d062cf948e75a3d4ab5b137a31397be9eb34b2a03c78367e0b85448891b511ddee1f787cccd498b172cb7e656c044a03ffde8e42478330fbe9c34072a9e99ce31b41757cc820d98e7d564e06694b96b66f4be34c5eadd0ae4e61fe6abbe4d7ccee855104fedee8b451a7fcedb793d469b0094c0ed07c97fda00dd8c1662b44e3ee6775a5ef6368cb662d257be561a5967893433a4b63f97295036a37272176d081545df00852bc5c4162324161296cd51f76433f2df867a5840f2d0c8d5be00b4dc89443d82175bf69c3bdceb97facae2b2ed68e06ae74fef36d8bd1f75f130cba509341dd54079d45de22845cc8e77a022977c7540aa3e779cb1127f39f825d4d78e55a967ef45e7c1dfb02d9999fd15af2914ba47177177d94576f1091a0657d9e04fe81e6be7b631fc1baae66584c9c26ddbb568750d77555c927bcda1fbdc15c7cbe3e3fe88ca13ff12c59b383343c12976708c0e3dff78be0e286dd32eecf20b71a09fee50a9d0b13c85a15b320b162690f399282798aa3291fdd2f9c40ed873e829388466ddd1da42f2de16aaa9272ccf44790cf3c95382c304e25ae8cb2fc9d9869808f3ee7d42cb143bb0c3a55e03db6d1202ca1bdb744e448640c0aa60d3ebbda5c21e623bb080f4a073a48822725d764e51d415aad1d7c5a7f17433d15ac7d849f910c375ee0899f6a576dada42fd651343383f286009902bb62deeeb2514de6af7f09892c20d0b238f6021f03b62444b1e1f21beeb89acfcd7136416fe7bd8f202e76afaf5345311798be7cb25351add2bb044d2380221009c4d1cbbaba4cdc8631dc0144f2778a6aa1eb3d3c81df0b1b2142fce111af8214d049e40f536c5d462b9224a978e82cc6c420e70ecc3cdaffb726a183c793845315f730fa4dac9fe46e4180397107a6a051f7f0a58ceb9bf4df37e1a81c8e9569187228e8037df2e59c52ba815566768bedc8e09d5e7bdc9f2bff23aaaaf133bb5a3332750f6124ce185e29fda0851addfa2c3d52bb6dfb530fd4ee27dd5bfdce5dc2f41debe6740274bc651aecd4023b098a7d622e2296b50d51b79c4e3f521695a9d43f038e8f273405e26584d3db179e7c1758114a3d39970df674580bbf2884405974f0b9c4b0d8b3287a2314f3f81b6991812f354d655f62513c9551b378cc2efa4c3e08b313c56cada52217fb6112eb8299b28445aca8f72e7170a1cd8bbfee4d2145fbe8d49c6af8831c4d4fc7177a50ee55a7b484261504af946c6bd5e1d6b89092f3c487c0568fa07c356fae9b8e831b8320289039746a435b122cfbc4a0d316bf90d481d3b7d979cc50d98c1190af8dc58e0035557dd5e94f437f41fab513202643a77748f76c6b77302bf40c392cd18731da082c99bdedeb70e15cd68bff59619cabcc92adcf122753c55afde0817352bc247d1170b8ddba1ad1b0faadfe0efbfc5fe6334377fa372c3435691f53dfc2ad5e08966b2d3525b1eec2d993a5cd4ff34278bd40dd80313a0727d05e0a932156152f3e11a190d8d69726f5c57d20f811e1e8932e86409ffdac96c6251c2a2976b8757adcac5d2de94931d1cbea866ec8bcba5774f8a7fde792f6acfd0f01356fd66fdf54a416af6a9397e00f848a2e9831627cbcbb52b5a868ec174e69b4cfa1ed72cdf23f39d7eaf4bdb318c188b1f0fe75655e34ad71907cdb77a1a2b162cd7c22d93dc45321eafb17cd60282e83736267b3e1fb249c307d49509f50839942f0f493afd9ef37db053a918e3ec83d801bbdead07554a018b8ba348fe9b7dd92ea7c5fc0e65a644ba19aa1fb6c022ab768ec7cb249ba17b9dda2860bd4aaaa3dc70ec009804141ad5ebc61203658e57a0887ec0fded18d844a96e79ba7e879c4253056f23e205a80ab1471953438f85848f4ab31ab175c089e0bbb97ea0dd6a67385770356741966053735e2cc2ecdd2c8c75cc045181dd7267584b901674b553082b2c58fb8f8be0b99306194a6f069f684535423304d40a268d55784a14260fa9c9cb1306b82f91cbee3c9f43dea9e50903135cc1c6505605a100bfa28564a2057974eef0852b7b72ce264815026d0759f691db618ef760edde73ec888e181403834f7221bb27a69479ec9b28a3fb0c3f68d4467d25712fc48ad78763f9ea6e8a2e85260225ca1b1a38b720e589fafca29f07257c5467cb74ee53189b8c81b784c43e93f98abde1ed53af60b27b13df6ce45001c6e1813de3521028981086f7d88ba13f6fb1a800f312fbe2f842eebe847fd760c394668cfbfd353ec14ca0366eccd7b4cd63318116bdc42e20a632a0d2b8c5cddb37bfc0a239ebe3800a787d2ece077a7968036b3d9b31cd906f888e3ed742cd769033e2c24c5a9e3c10b6d300db5a17dd88
+
+Len = 100816
+Msg = f8ed40e878dc68ceec52cc8e2868722310fb117ca3a52e1839eb85d308b8aa00ed0bf0b76aec8a70eba4f0d14d2d85c5a0e876ce2c8ee59cb36947def6c40a587aa07b368ca8e8a08367018e45b984de0d7f1aa46b977cc18c0cd9b7bb897cbb2814aa0ce8f8c9843e03c86c19f2ba95dd2ac4a466a93aae4b3b05055ff148517ecf43e286c57744a3e10a14d0c26e139a503e7927aa688c78609170ebe3b54104390e5f6cf538093a67922e7210e77fcb584ec9b6844e829be246a266460cb442bad52ca47255fb8cfe276108c36e02f9acbd3d191d34b93d29ec40d80496d1c1bb5ef036221641200e905598c54bc4abb3527c5a5f6258e59d4bf54a0498c108a2725428efc2047e0096b32dfdc6ec69d5d72f81301f881ca62a66c22e5dab9fd9d90084c0a36b2f3a0123cc5327a3bc7a12fd947ab57169ac533e4b6a2cb80fc65b9b527cff9fba26994c7fafb5102a0acd8f9d246a3a54178c23eaa04c0fdfd3c0cd980d1fc7a72b25d74df9b95c3dedce8ca316870c654f9ebea9b806da9767cf40605a4b0c7fb06f6b3f197bae7d8cde9daf38530e25bc51b68f9aa23ec0e95199b14bca96c91f3db15bf8432f714dc46ac87218691bc66cb3a42f6865e1c30f8394c8e68c0ddf5851ab7c5906a1994a9af6ac1c44d0d6b95ff15d9f77825ccea40fb9e516d45888f2378e045d95d936d541cea9c8ca52fe5f7d0d919b2b1c59a42d06105ea4f2943c05178e59d67351c5b2c0051c93a4045e512884fa656b772cf398af89081546d920fd3d24ebd16310506a786ab33293027394c1bcb7b1efe46b550ac28529646e8d2a5ae65c59345e24b44cd7b06673f3ed3b9008aa568a739c26682fa596b7a655842cc6b2758b583487c78d14a76bdac7033806c5c210828ef313f8efc4072681f5fded748c31a58ac933b4665c445f07d603e0905e49b84aa55146eb1c1c99196413832a05efee2e64d6732fefc629b79b37bb9390fcbed7226b412204bda523b8b8af5c4a8bdb263ef9f3f6c7b9e1de3a1dc257c1f33b3d54a9101be5b4f2a9db319993c2cd137c41e35c434ce52e859afd1a635af4d8852252dc5e28c729b2b4c96a56d57f3f3854ded59fe612b9b3a51fee3fc1c83db673b0cc7433bff2472bc74a2eeb6706605e308690fd072a7042ca6474603711d8310909e47063f46f287260a26c4f11fe492298a0f98d28c45948a4899e08fcf443a6ba36457dd8329314d53ac0fd0819fcfc3357426c5bb8d3dfd706e205a81091cf08f31cd3459854f3d07e503991ba5f067e3c406c6c5396d8257496f4ba3703cb1ba25c2fe4aa54577af782cd57e85a88a2d75c54039e8b7bb559219edd6e81e41acb6d575d6f798afb2cbf7f00abd5c9c7b0fceec79f9a0fb040ebcbb7bff3602df7b71357efacd37aa57019350bb81213508a006160acde3dae5c42f03141887eaca22d7b33d6791febfb619d11ebabb13e6c5378e9a72e852ddccd31cc53a43275966b7042ddc51485ca20e1c456dcc7020cafb5407548b044d332229911fc74d7fb97de25abff7efb431da82de2ed7e25d0dcc06ffc74e57ca93a6a9f64d76a5c39776fe2266f88d6d0229b527525fd2e22a1407e26f94c5bc6adb1e7327f3c8bb8d4c983385c579dd8f5623df8cd6da569c7de73d9210e6b9253a177653a13ece075940fc81016d8c35fa4f6542df5120c174158ff32533476f4e059e35117081a24798fbdd1eb10f82809836f8dbefe755611347f75423dd8571695960c6f66cca71f0a01e8fecbe1183bee3335eff10b4ff8104132040e2145ec3164b2448f60c730887b9d7894e5f7df3f876cb17136c99cf32db1c02fba860937378dbd093c4c5112133781f06c8ca07c527c2c085e8ba5e52b399f2909e217aef6e3035ecafe2caeb1004069dea023af7eab873deb5ebcef2313c9827821bb9f89fd3d1570a569673d3ede86a4fb13dff242eb98450a8917fd8865c56e0a9f11d72394b79808b0429f3a83cf2465161596887fa2d557b367a1de9c7753666b0cca9c30cba9f0a749c03c55cdc7a6d45852c76ce2010de3e7f75d95228efdc79949b238d90b25f983868b7f07f585f7b00e45d9e132f3c09ee84f794d899759be3dabd46a256f4cf8da71270617cc2425b24cef25d1d2f3945afa6f81abfccc858cd02e05619649b1a5347650934105c02622d538447223d136a8a0455cf3c6f61f696b32266197b5cd1d936fd3ad4288520fb4a2f59bf95e659f33210446ef18debeb679dd99de0c3c74a6eb3dd783861f5db4e94a151c42ce27519d0bbbf1f3b1163563ec06c8bfd881d94a3b896fc07352fc97ada73685588a2242da1b718f81bb1077bc70fbd58b8b52163489ae403838b533851bec30ed0ecd97d72d1af534f3703db59f1f563bdc39d690a0e90e545506463a37e84974fd7b256bbb912cb4077d3e3f5bdd4bd2bab713b696c830b1f2185734c4d2dbd49d5372fe8b813ce73f5e01c36bddbb376ef4541033f2b0355613eeda8951ebf7377e08f967902eb7e23c0fa798c6ae52401721053f1095cacb1e9496500e83c412236fc21566090b3a3eee55aa402c0b774802fd81c9e8579761cfcfdfb1aa23786b2dc35dacd5ca8d8d283369f53e4a5db18060c2c6b0c303052aeeffe169fcaf7ecc63090a9ade245045ab9c8aebf738772297caaef5f857322a597846c7370083d409df27612e47b0cb240daa3cfa51c57108612ac0dddb0f59791289ccbdb3a2cb1fa9ac31a23dd5440682fb373bf0c1f41c4fe2185ad7c53eb69552807410053b0c2d40132250e637b8c425e6a35d93333b5b7d0557927b6179c848ec455fd1ab38348c0e96c60b2da49bd15118df64b6ce4fa48fbc555a4b2874141718e731a40b85382ae6e86ead31cea77f83bf5c063bf1febf71688a832d615e09d6f14badedeaeb6ffbfe343fc7274e78cd46a2aaec0a349c5f133291ee57cdcb65c5474e46294de6bb50886bce6c6f44dcb95f2a4761ed2e6c9e7bfed51e0964afab4e0f7e0b07960f2590baae66b1ec9a63ba0fb6c0d27e81508c51487dbbdc9beb8879fd58c188dfc774b3d0ddbd77ee8bdcdfa0ed8a9387728e12b13e8b3c10cc1c132bd822c2147c5ddf9a993aedbf78ec256db1be76644ca8ca7727208bf89732657152d34e948d73c47561d156f773136684d4162d02260300020123d13a95f4f835907c344942ddeccafe2abb7dc4792c4f1e39c24748c63cba933b16be0b8853e058c47a1ae2c4dfff39ec2339b345fe3557d03c1df91a0607a711636c4416ffdb73532aeeb74f237ed8bf971388a0659e4682a46b8327e751034cbf2c87c7828da9d24baf07a742ada34d1ef38ab1e8f2b4f801192c146600709533e61bc2665dc1e9e6441bf3c4f6643bc0c102a10f9a69da5b0e3d0a0c7cb694c682493032b5853f02953b5c2fc0e1348565389762fc2dcfbb34fd305f2d9df080e859396ffcbb7da78aae0a0d72e3de76c774bc6a81c87f2872b6afe97ced5269009304a4992c4add0bbe24e57632e19ad0fe37ae910193aab0aeae32cf6d618ab33eba59f6a04fad00b1d2403396e6fa661d31b695a1b349d62f56c08fe6c6eae7a482177adf341e51d03ea511d7959c721bd20bf371860ecd7fce1d25212891850b85648db0a039e6638d9c78bc958add3e41341536b5007be63fd1f7e3308876bcebcb97dc3b05a7b2eaadd00f8fcc8dcfa7b961bbe727c9aed1626ff786d6a0ffdbd1002cae8a7d047b6181962a686c152b2341c7c58c9f1dab5af424d183ed1c7d003165a1d04ea3683ff31a0f68615af6f91c21f736e67df641ed31b998445afadf9052bbe004d5dad08f62e5d353e42fc35a92242d8414d99dc4e7e81c8c027af686baa5c185e3f99abb3855b22cfdff0a62e2f47a632b7df8e00e0317af5c24ce7c64077bbb15ec27e062070cd3eb8e549ed9112469090ad9a96eb59294b021eed81987178cb2dcff67a9a2e930f6032c753e203380f8a7c987cea393234699de03a1d09ce204f0a8b6d5cf522b6887174fdbccb08f3e7c4fe2f778254465b32766c48812a45151ac37ae354dac87419f9476baa27e24b2f322b2da4ddf579750684a5881bae2269351fb7de59b9d5a4badd8951135f2713dafc57215dc626ee170fae7f20bff98e36b864e1fe0f0f9a300c903069bf0e0b6f2f8e78423cf6063e89dde6c81efcf26ef15510563c84730f611ac879a6628e55115e1a29de6945d37fbe4f803fcf2e344712d9e0d6f6c79f8773a9f199b705235e20a7830ee3357c5dca29d7a6c29a3d2628bf2c42c8f076cc4525301d8e1860729070dc53164d9fa08bf63cc889eed01b0130a7146d860bbc09ead3865a3082db0836a45f5506c3e46e452e298764939226cedfd06700e4e33c6b4a78add601140249596831e97f960b973a4e4dc3fe2813fa34eb47f998ce57270368fb81719a09298a223f7e3931ce5cdfab3f658649533354e982c87dc9e49eacebb5bb4af9a767b4f1c03d774431168cd4fec1b2726f1aae3f9a062a825f3295557eebf3af4784487b869fb049de44d03fee71194fc200af72103b157431935b5ab9bc122773ffd313d52d7acf1078386090fc011de695e71567cfd51c06317d4ff8841ceeb74ad35f4e5f4d20921123cb88bb2079674ad39e133cdfd6478d69c9bddc7a818be5d7b254bd9e0abdb030f52846fdfeae8ff370a51a9c5f6017af3c6c3db17c5c614ea18ab0e3ca0dd5de621217dffa36e5c5318fe191040a50cc3ca620683bc34da6c142e1c50afce28a86b8b66d189adcd755561a647080d93f3ede1cf54c3afb7e863fc8a82a2576d3f79e9b2bb634e598507a3d7d017e0176b7868bff3a3dfb4474b3ce03c401f33929364e727fbf8096b77eb351435c7a113b3215cc6246dd86f1517a7e550cf828900248f7c1754e40fed62477b296a37d3e53231360d012c4908b466e49b0e620c0a5031228009f259b030956ebd70e49357c3c3ac2842b6bd6e3ca5a3e985dc03f7105681fec03b320a7ca753b782ad3b52fd9c8e3bd980b48dd6ec8901dbf756108e85015821c880416e0693e0479cb31c0743450f6d9214afabc4feadb9bcee9def460a58d3a02d9e3039970068b8e3fd0a403a6ca7f2c71ae2b46ab3c731b1e65e2104c47fcb1f69e7c8c6df8c09b33f2e1cd4192faab316a44536dcac608832019f5765cc5240eabe3c87445c980c299a5e7ae0acc2c2ed19fdc8f011515bcb00476b03633c7669db1b44f97f6cd402778e9687c740dbe5686789b79d0b13f784a2a866eb91ab2d66f064c49e8df513ec348fd7272ee548ba08e1f9f99696ffb53677550d59c67f88404f6e610455a422d9cd987493ca5c366a397dccface2bba8e3e99719dafa768956cbf6fd8defc4104b8925878716a0514f70cbf3fa2c2bc2f66fabe654eed3076257e71117665703eb88c79e4c2b94e8e856e7a6ef90ee2a358409db78b98056ce1750eb80725d70e35507fdfa5933a61496ba48fbd5555717b33b59d4ef211fe096aefd478859ffc97a41372023ef114adcae5a8d5e03c21369baf1e7f417cb40326bc6db1cdf0904651dda3c1039a2f1755e7c329f7c03bf33f324206ce6e1638711c8c9a45f153aa1f847cca2a5d3af1d24fe7a1e1094819e8e712cbe10ead1012b7371b35cbcc2bd5b10505fb63bea20ac81d25e83ed0105e7595b6c28400f4d336791ce4a584323d0b455bbed44392c5f86c9d5287593f6986d4b0b8f9974a7a4157859ba801251d3b44b2bad84f29cb87dcf1680d6d10d1bfd59f0c95fb7bd07fdb3ea2fccd6e3ee80af438956ccfe31e750972f893ea5dcaa26d077fb3f09d990c2f41c8707368bba007803621ecd76540cdb8705435d74f4300eee04710a936f241c034709e625b0dd5dae1f6e86d034426819c365a05f5be420cdf4042bbff965a666a5756f67259448ebf742b6ea189fa17a4c3bfaf651d19a8a525f09d9cff637c8fac02eaa58d3ee3f7221da1e61833c0b183cd9f47686f09597e8115b435454acef80c079eafaa22b18927d07bf8b7c5ebfdec9c42a52b7824d45decef41e6184dc2db1505ca6f94172fafc10731706e79b9856dfede353d2eadeceaf72a302e3492d7dc81e3777e4e9e1f3d33cc4402833ffedb241a75a09e9495d671f80ad3acf06823bb04a92b815edd0ca7d01dcb3318c1ae5c62d3e99c0ec37908b45b51dd65f6b45b34ede2d6f553f60a45e20fafcb34ae4dbd375f52a5db9c62650deeee78e955087c2bea75ede7c304347b171fe0c1a2a033894be6e04605271307f307b2a9cf6ae24b8c87ce033a3fa4cf2bacdfcf54fcccb1f580476c7d00c631a8529a9eea2a713610341e0e25609dc8927e51c58a0a9197a54963b5cb95877354f4b8316df02ed2bea367704a12274d96bcbe0d0d728923a368bb8ab98d5db5401894c822632308ddfd309071fb4b477d8eac0ea5dbbc3e3606d8510d9051dfb5e4b7cdcf2c57c1b76902d864c3109c901da53019ed33cea84b407490486ad9f980a8a63df3d2e3921064afea137f35179130db3351f5bc3f5e7d590a5ab08b5415efbd345f9d57b71ade7dca939efa5a12d677b9af0af14468176a43712bde10cb15787c18bf066eaef8abcdea77d3a0c61d6c74ae7b54fe90940d0233e4b874c9a141dcc740d7fff43b9fbbc012a933d890232cf74fccb7ff7eac1148e203c7381b7f1d1429b1b1152ec25cbf7562596eb402a9328e43b5dc5cae36592da5523f0b9907a6817ecd395a7c778daae85bb11372b20641a04250b77b3a0ece885d07faf9622650259b874536d6d2b92181c834dc111b6fcba483167be40ecc922fb87006f63b9e8e632879563f37a8f712db9fa68c1a20ab239c0116fe022fad1279f3288b8e74a16d447e467b6381515814dd3aecab5c2a09c400b44e9100c04c720dc7e8c6d9460002da6c52004c16999975fef8752c2f9c229cbd9e6446b226cc454bd68cd665668a17328bb30f301e92ef5c7a2197a326df5c99b422096de8af231d1d8872e6e505bcfff026d4862f28d4bb3856a66ced22c9b0587451d8da4230a38561b5b1c69b523a4701a2001382aa82fcbd60733a14696a540227db44aef346d6c0a7ae5173604d59eb828614cafc1b8cfecda054dcc7306f73925e6d1af56ed74c51c6cdb66e9fee8d7a0078254fedb0c0f5dc85a4686870709b499eafbc8451aebadf848b0598ce8f955688bd2d6032abe10d1391d67c20a049841f95d2ee0c8deae2bc1baca0c098d8718cba1ddcd968981c47cd98d247aca4f838f3bf16d092eab8be8deb1f8d504d37cc44a8c96c9f22f2698036d4ad3bb48b31f109626565c147d20a4a7dfd61fb918f81548fb4f78875c1d138e819f6822651b93a3c92ad77793fba5222d870ea671f9cac967919d18f96e92778548415b2e170d90b201215354fc48a77e62823a2c2bb354782ad052732f08beb278f751529416f37d83ea26248517ae2ef2ead28c1077908995a2d25db0deaa957bcab39715283287fd626ea7388abccba2d90e364a7ff4284c84f70da68ce1aafb5be0401cb9d45e085aab41892a49e10cbd5baf2c34f5e0ca076f2772abea6f622b66020d546f8c2f134a87f96edbeb9b08394b585f2c2f98aa792f97b43b5f3aa9c34189804a9ecc2cfaeefbd0f967d85a25bf3136fd8132dec38aa82e4af6ff677682f3b62be27a180aeb22f918c24f23bf6f5954e0722324cccd06829fc32ae4fe3aee6e5a03b3651900e13fb0a759e544d033418b6ed40d037b4549a0404792c8fddc317b7f028493c4c91d6773932f8486417544f3d007e5f9e6fc02fadff175303f77f6b0e1f709bb3d3a93b38552ccf62688a39da1a602dd5e122e6f4e9171769ada5255cc5cf938dfefcbe3ab0faca434c42dc8c357e89a3d1488fa3df35c3580b124ba3bf6d0d203d586707eb692150ed05a01bf9de5c4e67bb948088784016394d47abb853f2b6b643a066ad81bcd1735aed4e108a8c1fcd025b548de874eb60de7f3c568728959147d1219e4b830e06ca2bee1f8a035e28a54ee6958d4821a84e5d1e41139905f7ec60fe67ce5f4eccdcc2c3d1e4a753a32dd3004970a4ff3824471822fe2b5010b9b6c6b01336dbf0181a95cba2624663215468519871cc39e8a7f4a151c8bd03363b402020f2fb98069b2cb8cc1b7e930938e7540d95d1d223e47865135793f9eb573660ff79f7ed2fae503e68ba44596ee745fbd8fa562c5c666d174cc01b1961736e18b8b517161ab9c8058026e0ddd6c94aed0086a26e1b959a5e05eb9d8c1ff5b2ef518ca23b4f265db61b499a48cc46bed28d23ffc1e8d9c9e345c06079ad47c88dd4e8e286575bd7f9420ab9c2d5c6685488b8b34d4c9ac04e1427ae0994cf789b48b01d1db9c2fe75fc5187727bb11119f82d0739ce4048467a08cd635bf78cc1b6cc9c28fdc199d351064a81456f81c9e56a43aef7332973804b06b18a26caa62523a7d0acc272ba49124b17bb68800d5756afd34ddb2b7e2dd8a118aac3fcf39d9f853c4d2c4fd3ed5bd25a6604d68d57db93d15aa1160f8a97e6c24238e84f272780966867f9c644ca2775cdac4af0ece036cfa6ebb1cd9d701dd7daec5763c9a4de0385db383a5647918e79c6a6de1f4ee1f6b722c561704c8d7efa4710d78dfce8ad2df0d3d82cbb59cef0bcb001f70bdc6e17af1a720b117fe02bb1dd527b18e6bce70e9447cd0cc85cbcf431fe7c006f5e4ef878a974a93b25f492847c9ae020583c9d412f4124246164d8f080b615e2eee267a7aeb5fa0974de52cefef23cdda7b305a33a91e9b50471ceb72dae337c485d636e28d6ee31f5705983808b1567d4d4ae820ec445c56e6a404cad6b408691475397c0dd6cfad232106ba96e5104052700a653e21f9ac6d79578a9f52548f426a1e81dd45bae30acdd4d22a2dafd633564d6b2f45e7d35413503c955cb0a9784b42ae8c2a5933a6729f3922f969a158540dcd201ecb6e32f88b5b4921914a2e8f424c8b031f115ea5d23a21e6f22439ffd7e5d11b08df729f65613b4f6ad3edbc9a066a5e712ecbddfa6fa764cdf170c0485f82d924a99b7e7ad8dc44c1f93e49b6469a9af3de5691944413f1417b753bcb84d5b7a34f362c383cbc802b0c88bd23a7ac471b9287571c42081b1134bfc8ce104a550942ab1f2a074cb00a90558d6e841ff15cfde6951f03e450a1bfc90dec6c513fcb2692ddccc31d22e5274d41036656183c72fce208e44920776f196193137ac67d6d65ce9cfaae774f23a86e6ee8ff3a4e9422a4667d971906e5496a4e80278774899c882708611bad282f6c1d666bc5e7c40082b43a6e98d494a18e9b3cf7f154fdbf90d786e59e83b72ad0ab893c49aca50ed37ea5202e650fda54f5c46ca2a35c476f4b009c5e6733232275abd1341199b63d22386c484cb95c43ea90e609c407bc79ddd00609cc2eb0d82848db239b249f164b7ea384d0239fe1e64d04955b9297472cafa2ff272c5c78100aaa86cdd8120556f25652a3c12da5853338e3be8f505d93ea03cd1cae7e78e95befdc0e26b760d11e05403c348e0523fe036381408033c009a8e1f117af5100a6eb91f08307df465c20bc1dd029875ef7e49338689f602d98f2dc690a57a6f2864e57098f8bd723574944ad3688b292db6d01387a16493912722ac8f91fd12b748899bdaeabdf0479df788eda440d7bf30d1c25d78d757f00b74bb556506637fc1ab87162f05d464e63a6272db3fe56e9357275035d6b6bee32bd92c4a1dc94778551e94ee1d8854f767bfac3811bd0287672aaa01ea18c25650f05a68cbacd9158e479b508e72df778589e1e03dc543b60bb3b10399e5c50de9e728e69774fb3f5fea757ddefccd0f9da75afe4b67f9c54aaaaf646e858fb001a6deed0a8a769ecef0689c988de566b6015fb8c40aeb5f2df7ea4bee60e8e69d15c4a4aa5411dbe63fbdd6418cf025d87f37362f15e22aba83abe1a3de9857c71c2234023b969eacc0bc526363b7f30b092ca114f2a6cefb34394d146866ac86a33fc497a8cb8e2a5bac398579ff7958878421fb08fff4f8f3deb8c9641b8de392647df3017a5467f9d7b23036935ec6e188dd6dbfb544b8a9e04a4b3c7fa1e4d1d9879daf69986b8083e6eb023a4b5eff80fef17f8f65433c882a21565a919448e6091d1b61013fdaf9fc3e45bbe827c9b4ab10b05600a1961e81d31c7404f8e0d32bfcac2937eaed811db167dfdc29286b0d51bad2bcdb9dea76eaf495a31a7fe717c1c98be374a36271cdd06ed06c02ef4c3c06cb42f73b3332ed488416010e6bf2f4dc4dade6e2e61f19e9306bf941868f59fa0939005743dd647f0a04b576a7e71d4c383c479453501e18ec56d7cb79fe31ff534afbd8609ed701ef163f9de31bc58114399fa0f22b62c66c380e8a10c34b7e731df2a8d39dcf36fbf3a66d67b973e3a94bf6ee0bd96f5c76baa76492032fdd2f59ecaee403d486f543f2cd7ae7b0dabe1b5566e681cd40d384a94349e9668650a6f2d2daf86c59a7b02ba466cd03ce1d50c3f0ca4c02dc4b3d1c0e7b9a77df9eae0bfcffa32117d7e05adc7195f4278c93497401629897a58d08ad7141ea52e0163f14992d7a284e7b875ce4640b4dd48ceedad1ea17d8ab1e760773044845e0899602f1bdfff4d42ab80c0765d1a8bde2ba0a830c050923956d06c80b182264ad19ae4f7c39e43195f7d421bdcda00e3eb5ec5ef2ec91d69df691ba7fe250352acf01fa92af5e2c634b9c7c97889e9147e869acc153d88cdc18908f882f371ba9c1e13c26e9cb8e3cbd4c5e1988080ca65a67b3a4c3460cfadbec904d853fddd2f5375b6070941fca53cc106b5748480213cfbdc1c34320a0478b05f76fd0454c75eca069cb1fa7b21704dab67dc40d041c8a1040db378e76655636ad725219c049e6536982d6ee9f11dd032280e622547c7ff44a938a1f233c356a98182d22d5770fbc871e20bb37483dd5d6ea1551993b95b30774a49b50d411ebe0e8c92834094e23ec2664d822c40e96fb42b8607b62b6949e05edcaa436d0ffac6a8ff384068acfc0220c0b098d368fb8113918a4f8c9de37cece74c8695cef2427e54a6e77ad092a9b7f1d94ac9f0836deff41b905b5dafc58ad6063759b0372a634f69a639e19521825d66a282f489c3172a3659264d0132af3571e637782bb6fe5c0afd24547612166fd3409d0991392fa054ea5bd07a4cd0921a13ad7b62a0b5e6d56cd8adb7f3eaa5c99576941c38aff311c49a8c9d8c755869302a2e5e40109c8365a551cd3f859b9421be189d3a0e9ed78830d5cd6a2414e9cc4c25814d94d98f8848e5386d6dbddd65d22b96c5d20020a5dd409c7e5344065871e57e01c91a443501dc8bf619890fe231319b5480c3879dee618d319962596539e2970513fb5c0c8eac3a71ff99962779cf1d7e916566d0e29d121c5cec5d7302a18ed00be9316f3de8c669a64c2a960a588f9c8a42690f6867cda7146e8ce27aa6a7fb27606eed9df6a235a42d17ce71627446e206e879de56025a66556263f06684dedcfd6f083d6a707e5fc8f8212d716e062f0f7fd0c2fc62bea93d68581265a803c31cac3f8ac8939c5f8c464ebd19df42c7e8998494af614c8383294f3f3883f2404ac10404759e182a038c97aea04a85530ec005e203807c5bc30fa9f5339b32fb0427e64915e29a25bb25ac60b92256470e7de5298d42c6b88995f8d2fb704e49d55b66b71e237af90fcbfd71d9093e1a543da2e9911ac4102346dc4704859cb33ac5f5dce2b3331a9dc9fb506461a5436c89bf90d39afcf93cbca4cfc35da6ddb112243928246ae0d1ba269b0fce0468d3ecabbdb925c9ea3241e2dbdc6b151fb4aa724a42f98b0248171fa01fa103f116d0e7deb65dc359b09126f9a420300fd209508ec7a50be56d5b470e387d0c52a1d104625f9571ce1404d1b7af3fb00475b95f752ab96610be112d33ded48624015781e7198f4dcdf917839471fbedb43c34efabe09941fab6b342cf672a29dbb1eed0db788dbfcfcc63bcfe80f7718571f691818dd6f839e3cc282f85f03fe0400171cdf1235049fa53de7450b4c40ed398d5a486f52124c1c63de2afc950e81839f52d17e2a7d32f82788465a65da6cd763c6360763561ed2bf47749080549b6e2db87514e1ee1c85a0bbd346eb6e3cc29267cbedcad67a287fc5be65ec59ba8b6854b31c83dfc5155187d4150685c5c2c342ed68b01ac9e44b60f0c100a347a0f93074dd37d8956fe2f43110dda66e9f9e6185c23dab74cfca21f3ede4bca87687549ea02662f45dfa0ad27f9959a120cacb7c419810e1b1a50fad31c12c47d5bbc61bad77044aa541d29faa6126c60ef088b82eead17a52843307d4bf798b853d90d14c5347ff10615381d85e964331b7a123d15a77a6790d93e920052ddb4db4baaac5e2b27b66ff955e53b8308151c81da4711189ccf0eb393c5bbccfa1f6c94a8d5f4bcd266fc6a12061967ce836ca042257368f567dc42de6ce0be84449234a6163b72069f25b7ead4b2003e1a7665e87ccf211abe94175d1c11bff2c0b6bc110194d34aab96934ef59804cd26e4434ba166d9833fb091be37b139cc10748b881c93690528a96ccccd2dbe024510b8da37dceab567dc52706461c486a0463369cbb99bcca2e8a4d2e005c45401964722a4b3ed37c351c9f21685e8992c9634349379f41796deebffc2928058c8ef6ea37c6e4970dedb78d1c2a00ea9e1ff1e7708470a6c60e6a2b1e966aa872776afdb238e97f716b3df8dfd42bf0f7ceb52bf9eb33731bdba5987b8f48b4599d67b383e77413107857e951ae0625059e5616ccb41131df9a480efd5beab3a9c99615921caedc53dbad675c00ba1030577db1d22731677914fa958b44792cc9c19e2ac71ebe61a05ee67ae7116e39e1c0d103f18bbc9d531164360d901da8234d29fb0b37cd2a60c7aa2adb2a4b297ea2fb14122ad95bd4592ef86c88fdae1e37dc8e44ad03c0fcdfa3801e93796771c5a2ec1e4ab12a64b3ffe48e7442c6224661ed5cc987aada6e778399941f7b20f16f94fb346b916be87f005c9c13789741602039d38270643cce3c347565eef5ee09139330301951c15756be47994de6f1802dc5131b9b011051b1d87d744756831a71cc8528487f032fee9dbffccc751e6a1ee6d07bb218b3a7ec6bf5740ead7a47b6907d7aa95b79aecedf4a637ead8fc6fb8654c93d13ee79f5d6258dcc61993aebc65e4fc14eea7d006e31f6e9f60e3bca8ce52ec559876fd20255e507daa99b185671ce1ac11d448c30bcdf97b9617195e0ccd2d15246308dd6cda74a8071114327fe203b1adbaa780f3243105c5111636a51dce966f5652e39d4f91abbbb4576234d6cacc3ec57cef2dd4dda49a6c33d12bb7595fd5ab5bb15b40301f34ddfb831a5dbf62218f496c003227fe6282e2ac054c45e7f3fc93e51b3ee8690f08612395095a0a12729d663eded879d9ffb325c62f2cb546a48bed51ae232fa6ce28a2494c132a6e09d98c2e3d478d5d2d15dce2e2665e4a3db448931068b99899c2bd8ba87349b0cf9e3c52cffdcf58a59b4fe0089b298b42ad7553f831bd60f5cfa3e09102fe773e4c05412973a678f3b3ed420433cd664dc7f218e816a17c5c9013ecb84abf2dd073557dbc41b92a91e0339d57b8b077a9a44d56427fec5748c47c1460b2e2412094db6d0ad06dea0aa0c1368592594bf0b2f590a9d6149e44dd4adc4cb42e5d9940d59397b83b33b88604c210694e3fbd84795c80c1b09ddb3b1ec8bef6e9dfc4d7f295e551a79436007ca48aa605ef5a89571e59cb26f2766e564e39d3bb441deaa0c8664549881d90a77256c0f6c77241fd6ab74b0e2890f78ff16fd2f9271ef96ebfbd0b878ba9c703900752b7447f4efaa60bd9dc9cd5673a36b39d49f54274caf03c0cf82b95141fa20ed3ce02ebf0dd74d9eff8eb9e2dd3a2976b244b12fd33ee75c1f1c459f86a1cefbc817f42d7f43ba406098165cbeab99df4fe751ae3382efce32af252e461652c7598161e74fd8eeca474fab6b1ede039935f2fd4d7562623b90a422a78941f47a76863d95857c33653d1b42b806bbafcfeccb7bb4a0c58acebf6104b2570afc3ca88e4fdf2719cf39c964a1ea7d2ae4a7fadc938abc95adac495093f6b959b1347501606b3f960b6d739291aa8c13eb49e98b0f78d2b91400b6d8961cb6165c8b684738e4d4db2f2ac30ddaa03a5e0cde4142b625e81907f08c60d7cb5729456806c89ff0efd08397423e44738ff38f8e88684f3a099dcda455521caca37ab4f4d9ed5d37975d4fdd778b97cc93babc804864a35e3a2db04598152e67a2f1f157681c3962d46ada23ea5d9a524f9cdbdd08a07a3a85b1f6fbde11d5a35c7743b83bbefd19aedf6d92241d16aeca7f33cc51839b75f111e8edaeaed808daf2f43fdb3c6f032ea45052ac31d4870c4d0d76aa75d0b88635ce449054013f234c4a16cffc58c95ba1cb8a0a0399861eecb1039bdedfab4d05f0270c6b16f03f6b8e629f687f133ebf2662c7f930530746679aac2791f54d6a95bfab5be0c33739074ed4e7ae88dde4a8036a7d6095cf41776366b6ae3f8f4a0734f48c275e129cfffff5e0abd042f99a957bf6f0f47fc7288750f4fe30198f8cad7067b36cd87ebca08abd3f9475e7443f83cca91a1ebfc42ef3494871f51f6d52a5524b9391c687571be5327c7c94ee2a096653acb410917fd51e56a92be4f24c1db6b97b465ca84c31c04c2f61eae07e952eb6554aa4d8a380d9ee81c1c462c360fcc3cdff2867a953b655562cd06162af8b99bbe662e0c27ce4d9a1c1a907def48a3231c2110c930a2f1498e32dbbfee0e5c5869332f3024fa5dfb0327a27c663cacd4e9902de34dd93529e90eb347bafa5035f56fc578e8386c7571d1f0ba335225ecd8be026b4544ad70f3af11501a53119ee39a8558ca0ed5b3d897ffb9cf0fcab55a0942d3bf7bc6b94ea27a6b748f2cfda431f35252c44610b7e843ed91ebf7e8fe10638f04f52d6d5a7752ec62350efcb7c473f80b1f2a26805151e8346d39d23551e92fbe372df7979c3f756bbb43f6bed09bbc6b65fe6fd241ae1c2f1a0d0b805c582853b85502968f9478e9a84895f9d4ef01ec4f3f571e57cd0bda68ee1f6f7e14fb6e0f4ef8c7dff6796472a935294fc27b16216966d5021339ded059687355b42b55926854bbfbd9f974a0c26eadbfca8a6183093996cf252894e6db910c71ca3ab2e82d90d371c36b92c9409cf7937bb266ea9b29c41d774aa522e103cb30bbabfe872b57beb027623742806aa7694a859ede9bc1fd7b9e32880b064b0030fce1a0e5cdf3ce558a5feaa32e323dbfab6661c5878c9377ee52a615b7c17bf1228e328aa20f92d070c71561969e1af532e76835fb0436810c3d87b982217edfb1143bfc3405ac9f6f3a50145608dfa8658b0ab642a347255c55b59cd1c5897b2cf625a0f0706c30ca1c1321e90cec57b7c3d1bd1af455e3732db80643383c41eaa6781f63da6233360ee720cc04d171ae2445b0c071e339d547f7ac32f407d29ec7abce0a9e1ef5276544877bab2f84bd2eef47ffa66f96e7170cd54d836c9badbc59435146031502c1a3cc744a470f693636d9050c5b894d2d6047df60eb0bac16d905d46cbf017ca69d66427cb88036eca4ea9d0e579f6bfd8a4a850703a0fe49d39c107c9358e98689fb62bd0475aab4b2031446b437c7f9e373caf0270a28d7b15c71f02079dde401e26175bb6e392106a9072021f0e5c5145a1db6f595b032faed8551f6e2ce318db1ab513db876a3eb42d225014949c19543e9c5dfd2290e28c5d72c87223f0195ffbcba1c02c7d0087721efd2af6881dee7dba7565e07abc35bc3fa41c6a4d6a313222ac6dbb117c69c62db2691c68869ac5fc5e987b0ae4335f815c73ea4235da2582dde81d6fdae5911617daef847be17f2bc09edd88830eac03977f89179fe03eb2dc3b38df43803ca2d38455232549110f4580ec3cc04c0d8cfe493013d2cde47c506ef6a8dfc42d998f70378fac5ce4709345926dc477e9e339d8c87ff6287ea6e2873e14d538cdc3f2a47e0e37a2601652f5b665b616a7d1ef3537a3327a76f93990f7694e6484e7a52a10e9eea2edc92b99406abfb2b11ec86667c7af4a333dfe900bf071d1bbcf4f0ad768fae4f450c53817c507d26e926e753e3395201d3ad89061f16706d841994abad283f0db74cada25beb5fe46f48669a62e0b849cb77097e1b4578b45062af4a071b04f0cfddf87519cf2bfa10ebb4b860239ff187e6dad73806ae968e6ac0f738baa88edb3ae4883a9e59be7a6b222c5f54818f95578daff9fc7a7aba8c4a41a699923e85ddf24a32bb71c808516f64d506058a70539276d57984d75161cba7d53a4a864c51a249a6b8fcad5738dd0055ba8468b56579ba5f102642df65c598490f3a0c9b1064f4eb1962c4c38bfb7d55d496a0b0f7b3f90b42f733d112c89176aaf937eea4bada845f3ca4e9b56b3a5a06b4c90fa4c1914ea47020c2f32531e270007ed389246906ecf2c4465f7cc5d6a347583dd73341ad97199021819be81100d867d628323ef7552db945e4c0be604cf6c4a8197958bcbd6c1879387d3286dff979632c54baba2a35ea84efd7726b662b94fae61464d069e0103692599fb86fdc3a06e01c6ae3deb3de6fdb21806c716e5f82b784e4ad3f0e2de629a18e3a2309003dfde9dde8e5101b83312f76e811277afc286b56879f4eb80468e58c60bc088284d05d725ddfe3185b7c51b472a7ff7db3930839142d4a452ddab628e07d43375801d7c6a711a55b452748d770b84ede35920c1ac74b595baef963d21df9418533fcf959593ccf5afccc753e86c4ae231eafe77a158c2472143faf169db29bf2b53c3288d8b3c9added65778095f85e2cb471ab58362041f0a27d874c42bbb06385a0403ca193cba67cf70029cdb7e73c7e2267b856fa0b8dd4c706b45e7174659b0ee2891df911724324f7ca5daf07c912b9b2abff762e62a1817688757492975db7185c4695f3a90895634b8d07453b36dd95197abc31d5d153dfb0d0ec92639540e99d6590f9b394f14c93a5e829fbb33616e810f59c502be44a13b700fd3009545e34c211abf9afe1bb8ced793c6f516d40010649f83a78ddbe9b71d8596582997d0aa54192e1200db61dade30500d72a184ca7dfcbfb80e5442f489d316cc8b75005564835d4b11c482e2c4d0d160f14a8b13ae0a0fb0ba5e3b782770aaca357df0e1c4d1c3b28b776a8b3e0da1abfd4f7190673fca1e1c5a31c688d6e8ddb21300e4178d07c4e854a718ac3f672b0120d6a54c16957c9ec8c444208e47737bc4eeb0bf2d801eb2fcb72f91fe988aa75f38e6cf26e858dc2a718580ff5d281d13e8fc3e3bc30c75c0193481c39c375a5b06b962d9491f3f1fb80f1cb27067f0709e0b0730573a9b5f5bdbee1708ad84b4ceb1a9a61e4c41e90655764057bfa07b8c81cc83a315be1aed6a49715479c0fd0f53f625fe6c7f36fadd001149ab978532e4d0de3d1a38934c74265b161899843704fad16ffc6189f42a5cadec98603e0f98c6889bd4a559079e074cb40678fad4690a20d988735280a1ee8ea71275069132101b35c18ecc9d3c6eceb4cfe9b165e4b6acc17d4f113ef8283c0fb6506f5635401e916d4f7e7bc3cf49aed166587a0c72cdbe673f467d81bc2e9cd08cd8dd16d90b353481df31e89b45e8b
+
+[L = 48]
+
+Len = 16
+Msg = 3a35
+
+Len = 104
+Msg = 7db15b3ee240b45d4610950996
+
+Len = 352
+Msg = d2a1efc725c46cd6a19760f49edf0bae823c1b4992ae2260085746cf65833bd008e56e64002383f51f960239
+
+Len = 1016
+Msg = d11ad1253592c094746da7b5c88d329bc3ce1929913b8be07e82d3f6b7a536a855f31ad197376eba6f2f4534413fc4e4e7673fdff8739f774a710754b568b7c61a473059a41c98aa4e86617aa66d2601d0f0d584cd9f132afeebdc0ce3da6a8b290059e6e4aa080c195c42ae7f7e1e99865223439929b0a3a0d79b46ca6419
+
+Len = 13696
+Msg = 2f7a9929dffaa4a4dcfeea1fc37b18e3cf935abbaa17cf9d834b3a8d61e9fabfb7683cfc387d6f46ece3f8bf845827c7ebe86a651d6dc1e83c5772cee1a9fee4b04453af2f68430bd87835126cfd1b3f8beea4d3822fb27864570e255cb65b414197480b6bc20a39c5450adf2474da93d72f6ecf8063899722d3755b7a19f71e93e782d89593ab19ddd3ddf053c54e0bf832311fbf132e8b9e540f38e4d9bcc3cdbf69de54e40ef348a9170ba2f65def167f568ce846889c0161448342fe907718a465e451bc1b0f2e4f21f9b911f186589f43dea305811473837c063b915d849c20deb43323bab4b64e61823f1df119e71962dd975700391b411f8778980a3080ba3c14a321d32c082d416ddd2345f0eb751a516d44ee55222395cfa11e7fc4edfbe7cd49bf4ebd4d7428843a2ad5538b3cd201ccd431aeafb146a65d28a4870a6948a7cc0413b0adac7e8dff3a898aeff5f4b65d10b28ceb749bd354c061c3008ec569d5f90a4d4f5caa51d35b49dc4028e738c8ff5939fef3fa202fed9ebef6f2c7dd0ba41cdb5c0c16985f96fd93a65d134fb4a90ffc0fb6cc5396b843c2151bb7c9170f2fa4fb44292a4af28df5481de0c3c917ba1c46467a35302738158493fbf6a0422cee558d4bce3d78e14b4fefb65bb05043e2cc2a6a8ea64565ff6ce2fd2c4f43fc02926ee44ee02fe1dce25cfde0115c9396c9ea06269f17b2caf58e2332cc1c8528d9705c70da1f76f22aeb1d1b93449180640fb5c4c4a708bc4621d7d2bed5b1a752191cfdd45086d34f247ed1df0f24e7c620de32bdfc4d1f882380d2cd7467c926f48abc75cbfac8788f88cd9dc5361517a5eb36311e6b39e21a85fba2038fd47d860f776697bb19cdb5a4d6746fae507e274399c91648537d905015e58910117e5914f44ebcb00e771d38b30c1473e1232d4e222cebceb4810c48e83e0fd4c852f4fffcd643c0ef9e4fae2d0ebc6f102f3f749b02a5e3a61517d53b539cc24120df3957a633d50369d46c0c226f8924cae51dcaf54d716f61385fd8cf38c2c311a32bcd6594d6930133dc18ef36a9671ba8b179abe95f588ef74e8558ebbc974dc73c26bb6eaae78ef464181e18b71f4b0f986ecc8495a9c4dc0b0b96be9806fbd3d32952ca3b4737a06ed6561e9c9581a33a720123fbaa2a70fc3233b83e56444f5aa0cfaf70fb24be6118404f3e11e6ea004cf2d079a3e93a8ac1d4e297cf4fc43851dd26314a7ed6a5a784b386daa26e50c64692f7db28c21d82234289bb45bad5042236667e6d70a24bc9525c3adcb793a6a5725d9b10911e3bc8e3fd604db7998346e7f7dd1815c0cbb735a977bd4b32b5b976932bc92ef3b56bcadc089045ec95f241cdb0a84c67f1f76353da6cb493bb27a881d37a2106b8b3010cf935eb3601ce4dce3e449eff8331e444ab117a20809a1010db4cf3be0c488f777b6532df908112e3d11592f04a0cc16232d62340cbb8b5268a662b8278d37c03d848a04f0ab498f5af43b0a20e310197b7e1395a65299fac29f051bcc5fcd09a5605bfee370ee8ea21f5807d9748acca815a44d81796d68b0014eed3bb6a94233fc51725de3809ac6f538beaacf8cbe3d96aca21a7a763a957f8892f22c6d086d9af2e5ac9d90321e186584f17e964c90739559ddd034df076c4aa38c2b78aab6dec8ef6be9adf33bfb66f159ec4826653ee6cb483539c47a4a1d95663e6cc7a42a3bf628623a4c9500a59a50a312aa104b198ce5f3e58952bb79ff1ccfa9ddba2fd4705e91b5acaddab9d6522d7666264ac5f533b6d8ac4512d8371c69c06b6d322b046ae2a0a20aec1c3bfb05f3d91b9044cabdd873abb5f2b0e3e19740df31e39828f9ff9bbb20b73541a7a70b8174ce4e43e0d356e629cdbc6c08d29bd7acb6a4347823075683ce9d7de4ab3ddda6572b175951f30a15263355fe9641b3322df7dd52077402a884cd472e6d0b6c34cd63ab63cec8760c7ebe384f7cc31066bbdb7a3417425e039c4d340166e4bba4839076ac9457c87459c57957d0a06dced2f7a18acd22b7295785dafa435a2a8a2c3a1fa05d115fe129d19fc44c5a29bf15b4d9c2b375bc8e591f92756cfc573a39b8fccb8395cad7617b11f14a60e2dbf69b897844cbbcb70363010f6e1bc0590ea594aa924597dbb32a868b55551789f82437180b85661809089d34a168d44b4d788dba23b13542715843eee797366d9ce7793e72331735bc78cd61b13421a568ba3e66926921c04e9d00888ba7ddeb474db63813756ea4a02c1823083e36ebd2d32d5c88cdebb98d511304cc276c7799cf84a1699ccac9569b13f530c762732e6bd0f8415001b2c02d11dff36660b717054b16df49ba38425e3764a56052ffddecdfc686aff22079897376cc15591e11579fe4feeccb55f
+
+Len = 100816
+Msg = 5f464d3301c5e0871d6b41b002dcd09abc80a805de3482d97f3fd7b9838745da1c0534168f76b93c3c53bbabd904541ffe5179cae619dea77446140b7400f47d242141c7f2e9894d88f44c9e066861498e7394f206f594a419790d697f6a11187f84bc6fb288186109343eb11172bec076d041a4c7306d7978c009fc2d2d62563614ed3555ba2d21c8fcd70e8389352dbe4ec808af3231ce990452eb05b1b0dc4fbb1b4265e69235cc3561dae4148c386cd770474863a84a822b2e5f905fc255d55f90bd6a760d441dc52240ba7d8c888a5283891a2c99963d1fe680549d6267cdea92cfead167f6c49663668f2bfdc61fa647f5abf3ce5ad2c6c175dbd456ba41436aa06f5f68f5c88e6b74ea86a79934bd05b486210d3d470a0967ad6d67f7385260578088d7e63197849354f651aad07e04ed301f1fe7a6d2047d50ce5dc6bbffbb1da6b47d740898f4eb54e3c5a1fbd18ec93254cc01f705fce04e6100ced132c519674b2345547804a372b5c925bd9ee9701527db33408d37b72f8d18b882d3c4744eb58f011d21fce336d426de1fcd5e09610216248b51fe2b79b96c2bd6ca0155e05a8a516b7a24d529a9a475284735bd9c4c437ddf399864b64fc5d0d6ffc4e5a7a3dbdd476bc39ed29a0a92e1f2b6b3506c2be5452d4f896db6eb4f895b554b2af64c4cb8dc2369b91022dc50b7291404cc9605c31569c32756a64ff8c4fbb0f1bca346c7b58a5c6774b2fc7f7fd50741d34c8564d92f396b97be782923ff3c855ea9757bde419f632c8399763003b58ee9140c2d62e914c1e1fa742661a9166d42267edc40905b35a25d5c3cb3fb457376b7422896df7bb19c23e8f764416731d2e20cf2c1beb8663c07edd8f105e078e2fed05c5e5897c430017fa2160f565a75a4c5c64a15dd7d644bf355d169ae2696ae5ed1a39e8f81055cdf315e5b0c6f9235515fc4dbf30281ef17b83a6ed604f89293904bf78c7183fcb0ab236cb1f8935e59c51559217efabc000b165d819b717118a03facb61a13a99b194f8b6c7ddfe5850127d79078397a56564c7ed6716a129409680434061b2a4782c9006587de927c1ae09d6778a5f1c39fc419fe10493eb0d4ad492fbd05485eee7913c59df82fe7182af2cf06a6e8edf06676200077bd1408f5c1cec537cb8566470cb44895826d04ec20f0aba4297c501add65c75d5767ad2ab63aa81b7b66f01b32590f1d55b7e50e6df1ee077a19c8c895f5ef62d452cc336e9aee171fa997ddcedd7af86e6cc37722fb5838a46c5e58e7f700edfb7c6bf832171d9581f660752867118e9535a6118635709d6f1c1cb21b938068958e956149d9bffc67f355cb88205d4894ba97c3e3c8be9fa2d20abe79f3f93a6a2f4f56fd075bb49a4b7dc83630e58c32a29d757fdbcaa607352f65483cf2cb4208a3bf94ca7a25e2a4e05279be31c33696c10fa4971d1b64ee938dd299f483e5c098845749a3b706a787529bf2ca56693d0a7a98243e6482a43e1f5d3086ca1b00368d8ead5ed2d0fb79b1e2f537ab9340809ca3a9b5eb2900390432293008ab7086c2811d33de0648be5597ef002c7c462b5e0f4e0b1720a98b2299ad7aa55eb78f0c77c2ab4371385f280107ae40ebf814a8223dc74f31483c63d9e4ed09fc7e5a51bac34d69d97163116a66c84ea9fe4263269b71fd228555ae3cf5109c4d6ced7b9049a2b8069bd2f71834d6c07fffbd7561939188bc07dcea08086bc7182a5270427c3199bf5fb5c4549861fd32a38ec81c4ab058c777dc01864787f0275f911a17838272cd65135f66baf06d8d93bc439eeb55d50b7c5adafed8eb8140b4b05f59871dacf954f4b096c30b7857774fcd319c096750bf605db8e31fe02cd1b9294eaf8bb009d4609f2cdb3a8657f650501b8553765de8f572fb91ac77b35db35f402453e5c58f60146f2906ff56b9c6b3a5d0bb6afb9e2201110919ac9c01a7e9750dfdb2f72afbf7a8d6f64b1c68b9de17a2c9abf289eef24074eee9b1649caf3693118165503a30200993d271aa31b8b92606a10a52612dd1fab495b82f9a98cade18b9d8a723a71ceb63fd1d27372bd281f9b40aa1839b0cc2f2177a09aa8e7b159ac118d7c145e7a4f032e788d21facde2b4dbc1d5d2238f530d9bf9bd2798f611d03ed8919f0c85bc2da99750b7a8d6322d2e66ff6ab9ebaf7424e8c1c3f4fe92be61f65359106395f5ef995e925be3868ad513f561f873acdbaf18590c903d64bd275121c11ea655124d091740887868544c5348664399d3da96e2e35fff34f062fb939d656bc072096e510b40b2f75ff010af68d64fd0acc778e2e13c9667de266b1816c4ac449521b02bbb217002c604be72e73051aa9048d192e3210a68769dd2693e5d44951711aed3a751240d42f8925844131daa36c51d7d59bbaf99623fddf1649db954705fd6f3405e63894f5258c9ffecf83208c2c90cc55b1a8d2972ea6b3a049ee54942b50526b7930953986e428b2c75e47ed870bba68dbfa624dd94112f3059da0a80c583baeb570fe8314f5c66501b34116c81148dd22396fcd6479da49f7e952c8084f97d6803ff85c3787222064ca368f596a1ebb6dab20a03916b3ab071c927d87fc10ecc4e7ab4a5761e3eadaea4de1a0dee30aa39a9e4dbee047201d7d8a4df1284cf668ae3ed7dc4cb2cc4b5cae9307353fd2ae4c105c5d9f3bb021535fc3ae9bf3ff54ddda8b2e1037cd9d69822df436dc1c750a9f557d1a3a63fbe73c64261dae0c70bba6edb57519f5b957f138d1aa5fefe01b73c1851aea42938147bac2762527a492cb85da43014c876e223b05597354d7c9b328df67f354d168a84ce86dff57d8a870db034196dbeff83ebef80bbe52425a8810f2c9fea29ee688a201cce4a5f447be789a3881a9da3b6c491288e8f1091719032608b332e0410f4576597e17e0b5dde305f069be2e80d565bb979a3915488f88e3ebb90e81c264bcaddd72b8843af4a4ae31f723d50fa0995b027c334c351128913bb93e67b1b08f101f6b8dc8202b44fbc3d3dfb530f66e5a8f35e69725c86998c05ac87c561a4706e90fa095adab4a566da4fab82bff6b20076e5bdf62dbd6614245b6a6f8cb6bf60106f8d12b9c3e26f8127dc547e2181531ce980a3273f452892110cfe1ea834a30f99d66e026a9d22dc76fc3cec8fda2d7fea701deb84dd45c97dcde57a017693e90983a156f11c4d168d89c06d8a32dbfa590adadd16850854f24bba315b0bbf372f03711a20163afa0c137383b9120b26c59f5e9e7cd2ccaf0ef4e0d70d5a81748ad441ee5fe178e14317cab184fe178fb0cc0d82105d2f423467fdcda0f9871b9d84882609248356f3053a99866dad9f9b0f8c4a897a8cb8f30365a7ae5f3ca6e772d863d445e6d57c6a478e35d719d0e4e84f3a30b1816ddb55bcd79df21ea0e95da72a19cc1fe74fc576120bc108be3ed4cae3bea889fb4ddd67efe858a994237378eb623dab070d954ac780c1e6d2095383c98ba622cbdb18fb53260979fb2672c21a4600f4bf06583a112d303096d4e30e7e1060d869f386eba3cf7aec3052ca17593dcc9969fa9cd88179c262770211cf53f53f175037a5cd445d239cee48f7ed0aa1d715a22ac18a8aeecf191d415e4afd92b76c091803f4c757a9e89f696ab7b11ad6d5f24774e4a004dcb0e3f33705dd8150431f051016af37647b9e44b10bef114276d4b1055b634461c655a82a847639a038ec9f58876e84e9a2955b696e072d8054c3f81173473604d5fcc0a75b4a340dba0c375beb87b8b01a0f2de232bbb8371c3a9d27a0ce521c4c43dd3bdeebf92f42f87d88978d5b4e3e563cba0e5f59dd29c31096885b113ea5c57e66a3be015b703bc26d3fd1d51a7c14f85f65747ac909d7e30c8e800be27eebf4a62e42e538ae30b6883907cebb7fc5e150bc9da3a138f394e817df9a9e44420078f30d0d3d6981ca581791a097a5e3982c983d5cec239096c7d8cc55c87242026d769ef1d04eb96e5b5001e3358af88d417cc61f107659791a35d8b5f7a5767ae24d5b2ba7aa12230076db1f1b9b6f213dceea62949d98bc5db38743b23a59ea75dbe4231a285678f5f07facc053c2048022fcb01f15e8c100d64a877ecd56d196a6ac60ae35e0e09a517224ba409ba7b70d8f9fe65bc427b212a4e9b3cb17b0d332267cea4f3bea7c1e550f7ffe567b20e3057aa0ebb560d00d28e2f7aff718a9f2d4d044f0d20709bb9ad567c98cff7c4810e8c542370cf90a491bc1088f69998d59f344b74db6c1bdb61f284e99b517a11452ca0bb37c7bae77fca6514b341066086e600f098a32a92935380a173c9182a2513584c54ff67e580dfe16b508acf1729a3d649ff1eae286bffd688fe658612d6c8e69e6e7f7de4ba85ec54747cdc42b1f23546b7e490e31280f066e52fac117fd3b0792e4de62d5843ee98c7201529455c85b169fdb90cb05e3403cf2f737148bd20a53c73880880a14ffff37d62130e682e50bc7210ea6c1f0c27656cc1785a0d9ce93ff94dbc5b2877519d9bac4a339e98ec594a7cc76f4ddf994fee8070dd4b8e0fe0e51b93105fcf566f83d914dd862b4ce78de7e9e16f142234bd969ff8005dddc641dcd3c7cfbdd6113cd3ba34a9503a0f433899e90e158abde2ed4ed4b3711c991577c5aafeaa982bce80835f8e6d7c7975571fafb1499991646bc499ec32930367d4b1de76ff656442cab987bdecdbcc2b2bc35ce01816594bfa4b6e33080caa41dbdf8ebf2205649f98a2d3bf331fb16b9ecd1824eacbbc9f81297b115b4d36aa7496e05f7d40d4edd1886c1bac10cf3f97840a03277e6369e7a7e90d932050ab8720fce076de5c355fb17959bd75cfaeff325b0737f8f5b1160de0b0184ba04afcc30bca77a6a37e29662302d01858c0bc1d32b883011b7df5a387805296cd91bbc835a3e76152d017ee929d4cbf137eb78db89d71617dd76cb00707aacb8088ac77a1f52ed710331193edb29933a7efd8cc153e6adfc2c6637e88cd86b06036b8177847b4d086b0ff9b5dc91f3cbd1c08217023d7449253c25331594f0f16a3c5f2e122e0145c4ec94f096b45a1fd0b2dd3f1d51e58978471782a336eae49d7bc4e050d1c6a391658f71a1f752c0ec6302bc2dba9e3766359359ce34955a2db86740c90d09cc50e92dbb76e17a39955fa7108bddeaddaf860d1aff14acec8b609ac1d336270a940604209df91cf45be72edee04277d694a6f968ae6d8e065702f3d607f3baf8db4ab7637fa4c78bb0b7fe69937eb1dcb616fca564a5a521e12df71fefbc321187159bd6a47b066a3440ba634de9153a94546b63aa33aed9da2018e1f30628df37f5360ca4f2660a46ffd73e58183e8abffdea25f7bdf798a2b7cddeaa481bcc6e682a67e99143066963d96d4a928a478951dd6ec59b1be8cb23aa688e1867738aecdd9afade39c92c0b2572bdde84eb912ed990ac618834c412231216fdb84f1e01b3f8414fc6dd0f646fd0fa62bb0157b3535e1497c9272df1cc5dcd4e6ab9a8456222655c56ac73fe0d2aa8b599035daddf0986a45b1a59510abe19a11b6dba065c8bcf8a85d20a3681c2414dab7c036cc1358b1dba98d6ae62c5948c36b5b3e307a6f860c0c822ac724a5c917ed5f98ece548a7a741d366868e6c676394c3659f7f6786594196dde332543376f9ba0724b091d30f431f91d919417e5bf7ba1e9a21cb80f6c204c3a58d59d960a5788b5cba5abd7c7518f4c5170115125de97009a6c3fc4d5773e4f57fdd433eb7422c7c4dccee57a1679633ced3b5f08df763d4577983c5ca8b49bc4e08fa76f8bff36daf0fed068db47f0c87e0e45d518dffe37c129cc6e2f5f9e0430185723098e715284a42f302a6b8368a4f2dc16f534d1e5db9d0b86659fc4ba6f16c982774115d02a57684c7e5489b1f491584b0f0546e4194a6041f5e5be3bfff3852a4fc772d83491023a61a37228ef6260edc0d1cb972cba610d5ad1d92d554700771d8236ef55e983765ed8eb21e7de7c8bb51aee9368758454fee4a3f32179c1e54af1d069e0b9728cd0554351907e018146511e4d6f0450b57c8ebd21c71450116296bdfc779945da60b9192c5bb9a67b1f04d94992df4cbb3e30732dc8af2177fef17e0b7d01740b8a64db16bc29c1e589b6bdfc967edeb2ce8a649ba892bc856a929f0b837a838ca7f917a52436ea3d20e72afacc5b9d58a7fd0fefd96787c65ffa7f910d6d0ada63d64d5c4679960e7f06aeb8c70dfef954f8e39efdb629b72979be208d616071289cfaa0756a4bb5eea5c7baf8fe7a31501e7e2d67d708d461c0c93e85f03afd70bd9e16437171e01a34f475e4b5a58d13ce4e2fba72bbba93403f3f8981e0bbd6a8a6223327bf096c44b36e0ccbf7592a98c1fa67f198b628787ec80aaef848b4fea158c715799e6f458327f399e6420f0e7821f2dc4663bbea065c7bdfe830b6102e2e7193381b9dc7f2381ba808c43b8fdf3addab4b5fa81564716f7d46e0349d9b27b559710d723c7ef2f79eb55c3a9d75b99ae6fde6877b278b583f8ae3cae776b914b0cae0772397fd19b6a27676c7ca02cd07f4b4d49bbe1ec87f2ac7e39e5f7712319c31271dbbbaf4b826af8a9f4acab696c62719f7a6a032c4bcf90922a3c630647b7c1c7b78b10afbd863f07486561a0bc8d9b1ff5fc41998a7e3c604e24af1c1df2da1dd5d83eefa2e4012f7fb5959ef9339574367deff73723484b5a969c8c23dc251a3b887f34b9ea09c9a1838e8aaabb254445d7556dda257dfd5579737fe1dd6c67f3851ca68b011e7cb7b6958d588f143828f0bb24fceca31b47b77d1ce05e75ab05b55d6c9f9107f0c738f2cf8a1629f7e9b2694324e082503937ff8ca7c5098f770289af7d038dcedcf0ed77c8b82e2a9003a6f3db69e14131e144f6be7cf0bb5353ea96aebd78befbc6ceae9bdde97823cdbc5ca8ef8a993a9d9383aee9f2d6a18fc64ab92990672ea2dc9b89ed248aacf7f1a513da43fe5953335afe76d78867a066f226ae9c727c6c60671c50a50732698ef7a492d51998eb6da5368a667baf6d12b77eb36686ee0ca239dc6f3598be0bda79e47f0891fe4d8989df8c685480de11c148a2b44c8a6bea3a50b09be557c51f545a09a30e9362cf3080e6a6bee3dbad370ce24f6c5a6f8091007ca195057fa3af8f99703a601086c2a1ffe55fde4c2c4153dbff8d6601ab68743c0d50d021b0b3099535ba6c40f866ca3ff0df7c19d709a3f58b57b40ab5e43556a8c0c1938c875267bb39c0db6b45840e8ee7c22bf6b48798bd744f70e42fca343a8bdfbd7f55f275ca5d62c7288756d4861fba68d16d842c5b893c1d8171bb3c8b593387d3426f292ace5cee7753c9f9a12e6bb9af5a24192e4184f7d3d191d862d3c3dace7853eaa235b6369fd164e5a7bddd06daa3eec7fe4130e82478d36f88a0999cba1f251ffb3a7689ea2baf016073193898716a9f933448d7ba8e0968c669bdb7dd5e6e32fd84a6ce9e8632b393f9263532ec2107b4c0d2abdf3abb2de2d63511805eb58a70bc4ded040d76640af60ce7f03b9a682b8dd84ed8a47225a48e0b94ea47828f1c8974cd64e5027d8b13d43519875d2bbe4461a7f0f5b5b8d63a472765405ea9c994225806395e64dff88506f7f7f3b6368d769e6e550d4e3e81efb13771cf403e855f75312f1383ce4c2744d0b4e3735a0f1e1b99eb014fa60c0d1ca9035fbc4403330c2fefa8411fb7c3d6ede5b5c8f4736106bbe01923d483a84f031e9685a3b6a70646a2a5059ce35fa496b3f21fca6047471a5bdd33908cc9328de9fb032347c249bf7093390b750696124621dfa67fd9c7fe85d6e5a4d277ad8f8d169f8b5e8dbee280f8443518bd94abc5ca704e781e6cb1868ba2d6fbbaa850326fbfa5a20e4df6fb5f8ee2728e86a758763a8af21e1f7a8584d3f0b09a0b19fe8fcd37bc4fdf45084d7fd92b80544f29aba52496e2c9a0aa4adeb89820be321cfd2f0a53585a15d04c7fe4ec9be6eb5df419e20b71506c1f642df75c53a9e3b2414fe6102fa8af7be3f6c95de824c31fd6fe8ef9d49e26095a2674a33cb574e9e493939bdeaf5b309b4c51256ef71e95dbbcee0a11991693b533f916e1c82ce86d65d89b6d596017fae944ec364546e78abbcbe4322b83e2fcbb4c5d4ccb54d8642c7eb9e28c08598a356a5c46f8813e6b63ec2f3e3bb721b726361f85a734e0514f4e9c4732991ed3998b1ba8f618c2071d1b943eb0f8766fdb7f0492421429bd380deca3325c8d5c7b6ed16429539ae54f1eba39748f09aa44efb67d863cda304e8653ff7499cfad44dc27807779ef8e63be4b376ec403f3c84eda4e5af31c30f9807762e0980b4e5d9dc406cad4e888bfc3ec4186de8ccfcf631b0ba5831747a1c200d45ea06ac82c7952fd09aaae5dcdf5475da427cbc8c1f71ebe5132f2fcae15975ed6fa14a11b38766e1c446894f31c0496b0e5e96507d28e6e4549d6d78841e40630ef306491a1da60eaea3fb69bffcbf192610e2e07bc1124690fea61980e8ed654c5e796f67d26db5de35b4a2c67427833e360ac2a7d4fe7a5ce572144443ed62ac460c1b19402e85c79e3d80e1c143279b20a66d8dcf2bfe1cc44a0f5aa9b0d9b36c46c2cae148dd0f2ffe9a8e6e7274d1832e57aa39fb40553da6414094e838d613a20ce9307d49f97d904648d6460985b01af769800cff9a940f70729fe40e98feb64ff0a81c5b2b096b1a9d832e440c49e4e3684bd17a5169fe138d2544d9806fec027dd2a67f1856178e090f9bb2f9b314a202e7e95f2e41fa80dccf7b1810e9cbcaed2acc2445d60e26f7d63ee4b28e4299e60ea4fc659e7d6f0de91748bf1ede1fdb2acde9482bb76bf6716847eb2dd7517e0a94f0bbf20f248d2c79fa0f518b67a44d5c4c73a9bbc3816ba85ae8344b5f377649da75cf1857d6e4338a76446c48e52cc7bc7ce283d4252f8fac5e1427299edc33f84798316f77bad4a87849e91a1a23c0b7a86898046e278eaaa15ff33730a6d3f885dfe2d1dc0acda2a9e49a71cfecb7dcaa9e70eaa8fe15d4567a280e8960ba49d5289535907e9f277f96e8e652c21d89e81696dd821db5b7e1e53e160584477aa9e4c0e12160c9956df36cce6f4e724dd543827366010ed3d843cdf4319c1bf968a70e9b1b6bcd8af96c9eb0620c569716b7bc42e13251a6adf8201faa129844b5e1d699cafa1b66a674e732c7662b0410e5bca2704c5ebed7850d0ebb825cfb0627a183cc9643b709aedeac2c06700358400c389f99666ae97ccd37f265da7addeb07df9ccad6fa777d0da2fc47b6235179136bbbb409596841e921eb278142a19e6203c7f235bf8461ccadb4b47dd290d36ac27126c808b866f9531261f1e0f5c458a6bab6f064b4efc432e1c7379f9af19ac34c5c22e76e6e7651e48f9ce44eff542f018397889d896cc9001a63e8e455fbe4a9ee9a740edad894fe1af2bb21a1dd0318e28ba982c12ed69c08835ce17336ad1638af3cfe0ea892ab8e83d3f25e6bd98d5e4d36292992e2122c265a26cbb3931dd4c1b0d0ac5ee19974d0dd45777908bb416cbce52531820effcd7f28e1fb2d3d4d826e1b2673e834485a25af9f9d174f566abc3b36732ceefdd91a7c3885e1d10d51c321ff704d0883905b7539309ba5e7b7a2bfefd0494e90e9da7541ec37858ec05ea9a9ec5672b113cd5ad6ebfc5b8fe40ed7c3f17d8a73703dc89086b4d75c5eaf06b840bb2f5b4519a4fb17bfdca9605f17253f203efffc92da96fde023007d22cdad05d18aecb4bf08085c5ca5eecd21f2b611e7e8a0ef981fe7aa2014f5ac6862fab44011dfd33be8a1226943aa7ae5fee9221b0400d9ac2ce5241b09a68cde6b13c47d50bf310ecb37f25c32770a299020d8500d8a4b5d7621e4379dbd6ef34a9aceefd4055ea6144f54bbfedefb5b5b0fbd1d81c7a51a802072ec3d84f34585f22c1df84caca07849b1ef054cbef9b40848e9fd238761df5358cf55a79a53a1bc749e49ffab7c5bd9a28bf24ad5833facf43bcc3852c1e85cfe47929fc49c325c20d74588eb9833519f192243cf96625057899b70a7c93f8fdbfb60d8129d9c43c95f8782ed8293641ffd21d21d91a0b4db69d766f6d6497e9a414ceb04b65425d6ad6c8811da00639dce8d8030038f2d08330c75b0879aab81bfb3330b950e54c13780d308fceed2a103a1a8b77a923b66aba737654ba7995acd306aa7b80f632184412e2369c353c2132ae614553e626f0a3436959104ba6e0040dc597dfbc3602a49e401bf2249699375b2c722083489f54fcdc1f616a133ef6112a1754818158ff78f245b9046100b0e89407f74145fe336976af971c054f12d98002c68b3aa2bd699fbcd71bc4dc071e430bbf694595a951e01098aaa499be2f70611f248a694539ef8936b2e8b7a3c5de8662436fed1f7bc24a4e5c17a663d9a23b4692993301b08cb3bc10f518eca51081c717ec8dfbb0c2669f7987fe6aa0bd98231d8e8b58951b42537f12884a857e02d62de4fda6b88b6b754b1b27394c6a819e0f92f6b2b2473fe245678e252ed31477cc7ec6895bc361b718fcab3aa550fc9faeccfe77cdb5b151ab1db2e569b5bc923ee26f0b6113504d295112d47218140e44652a10af10a088f95c7cf2fccd040fc93980939122411ec643e26e7d69ced3178402e320fe156e774b75b5afc2f3d6b6ab828bb4993b1436faa5728cec34d66f520f59e82716ed6d1324944c3c91d04d5ffc5a921f4716c39de24768484d0096f7d8dbce35aeec22db11f899e5e7e3d57e7668f35d6c0db3542255d9262137d39ae6cf9bcde254dfccc54a6062fcf8982f781d9ffab2df4f49ec04a72eb9646d63bf9e1799bc0bec0ec7f0675ed9f8dc9b8be15d9f2175dfa1c8bc99071c70ad7bedb10a4143fa91c89f54777f84c9eae9361cf7f4c2b7ab873ee5785a5241db0af86f3c6d7f091623d6dc576d07550a42023633a09c8dfa21d7e70cce64c13f37663f75c47921c246f3f2d1d16a8283ce7697da4cb7e016971a2a1d0c59d6202bc18b7cee3828de597efdab53b33a9fb41aa7b49f1c964512901773bb396ac80e90ba1a94c408b2860065ae9aec64a41d76cf8842d299d0babf14d5840d647d075c34175e26a786f30091a24f1ce8db30137520dce1cfffb6318a0d0fdcac883eac603bf365efa2c806eb4f194cae8c16780342165222192f6ee2e103ae2a31dc08a84dfc89c64d2e9ada7ca1839dfff62ddfb7982c79684cfc821a098bc6bf09f87317209b16d14d45c6f38fc99f7bf9bb73460977bb323665d480c87c687cec052a5f08a2c6744c8e177a8a269b4a47a925b9123cd2c014313edae988f8aeaeb633ee5ba6be7f53fe36da3aa37ab2077f5fd75a82a55a0fe62af213b85e9e7694f78cc2b0e63a8c1b89db484722fc62c688678a511c474f0eff8eef1382946d26de00e5c626ec1d7079445c1b7c6f7f05073249b11fd1fb30257724a14cd7bbf451146bf366de2e826fdf1d25705587c4460040ab963e3bd504755b6aa5b18786b68efd3c8e59e8dbd172346fe7f4a18bac98164669d73984044f3c777368f965763742ab86a3720208c64801c796f6e3a1c4748b81e41ac58dcf6ecfa0453b18fad7e3473604f57f7da302e1fa81ad538d4a0280c4ad092007bb9a7a12907227a936871886c699db97d00a1966fdef64d9f3672f1b792c1edadc6781b391c91bea1bd7275f30859dbd1707b1f554e49ceb874ca06e92ab466efa7eeb6990667a27507a7ba789e24d593ea2af8eccb3862cce58daa63eaf212bdd86c01ed471cfc79b191c481ad773d20e821d18af85a7049034e5a9c660357a4c2808b9a6139f32c55c13282b8d98904f4f027d438189dc9487c96172e50dc1100ccc224e7374cf96ea6731032c43fbc9b367a4d1d0b31aa3fa8eb589672e69f1d9144114bbd508d56c2049ecdbfd7b43545375a099ad2885353d8c550d22dbb738e6fe3f104b444c89475a2cc24d7887daced8fa05006c02dfded01c00707e2ad04c41199c5decc1eae34b0c0abb5a5beee1b5253c3350e1a077682767a0b9124a4df2e8879366fd37fc04d4dbcf89883892f46a65ce3aec22123cbe6b3af6364df1f9f5f9751bc8179b6dcc5c126dd65feb7d11a85994e90ab6342834c79c5f82413e88198c73e932c66e3cb60b6e0c0cf438622e5dc5a1036c38afe9cf13559044a9e90f5fd72a3188ef6b1043f5f4e6b40ea51f6235dcb33b3099b2d8c2e02103235f0476ad51bce6d8a2934068549633e521a3ee4c62c22b042fb86c13c8da849233205a5e277aea1129678c31f5c379a71fe08b72fad9449cb923126dd465d1e0ae8a925374149b8248b3afb69f168f3ae701c00f6ea08fe07f1b5338ce6af2f3156ba6f300310114479f2f6119367c88c12c158b84be13b9c8c7b5dd7c90edb5b3ea1fa5927a25ad6d5596992dcd4877f58a134e05dcd80dde4fc2c2a680cc0ccf3084d3f4970e3603fa6bc5a180fcf1ca4241c0b8a1e7c607dc025016e297e2b0645de4ec2fc49851b9374f3ef99edd897c284a67b647ca8c96fcef935d541e9faf334043ea50b99fb8819ecce039227b624e52d8c20003b5a43808e4990da8e4398c4fc172b983351fd11a13dcd2aae5193d42d46e1b57c92e3e01d23fc968c729f3782d6c07dd5a17af2bda96735c12cc7d8023629fb0125e974425f7914690a7ed26508343ae58c8a439ebb6232049a194768d4594f5d65aca37a5686c2a86dd04bef35d74e0755937ac0ce3ebded1c00c8adabf030e5e4a5f44193b62fcf2f1bfa9dca2a25afaf2f1ec06c5d17ef3526d26d17af3e2f257ded24b177ba41c0ba64fd4fbd5042fbd5961a105e0e9f77f3db13c1b6c5bd9a9d04801a5c00a4c544218a21016c65bdff774a44b1d05256e0693e14d76605d67bd10048d3816caf31a6d10886c88c783538bd93e92bbc4484f3388b61adac4b92b911c76ebb1dd11b7b4e40be032bccff610068746f41e34a1fbfbfe5faf57c8a4331008e2c1cfd69f57e74379ac80eb6769f4ce4196795b835201ce4ec85ebcaf5eaaec242fe6695cbce1d53fde5b002e006bba8c8a1ee57da061ceed0d21bdd57ab0cab9e46bf3764d9a6c3ab19736d43b33f32eb955f9174ee4a54666e7f19cefeb49aac7a59b7370d9ae730b7bb4e08413222f0a66bfdac252fb61bcfa838f262312febfde8add8f6843f1d64ea3da42d4ef986498604d65737a44f5a099338520cdbdb65ce73b110dd4bcf8592a4adc3e0170b13404f99f0ec8f9fb225c1275a921f09369db165e9109dd5be472b9bc1901bfd882d264d9ed8d88b4c8f3b35f88b69e3e4b8ef5debb895be536a3af492d968dc1caf31879d672f70ad9869ea98335cf9e4a2760f955fd3e8099e4b2eb4269e354548f9de9921e50e49f3f5cbd63468b9db0cfdf17250c8f13535d4c0a1f21c87967cd798fe93b9b2960447401ef90db22c3adfba0f55f5585ad37040e8d6745184dd536d5a26edec365bd6edff1bcc616cdea3bfc8b9d98c0ef9a626054e361194cd05b2287612399f6d3d3be2f71555f14ad2893af6f60ab61adef663c3c2464ade671dd5ebc71935aad290573588fe6e11f48cd2b7db62e4b9932890d1b96e1b83eff70f026d199db75fb1e83197c937b672613c66ea131f485b4318e27c079b4018d4205484993bf50ce70275b244f2caf47cb47eb2a9ca59afbc78809a912eb56a4bb65cae4694f682c6329c690003a1c355f779b5857a60091b1c3685995a366cb43d753a704d3e59c5f5003c78feed877351e27334b3fdefe5907edd9eb25588a42248b9c4a93efa7cc63bad1e5900b95b70436c35eb85cc8251c4030fab9556920141cca24d6acd3122b92b7e868dc174bf071117958a4797fc90866aca685f1456fab397ae647ab9970348082bd74865bab7f248568db98ced7ed84e8360fa91afde3f23509e6b4caf948349ad9fb6a4efe0a0468302cae7a0f999195af1c19058669fc3b88b2780b9075dc180298498caeb7ba0cf8bd42eb36b1959d5ad3ca6fd1e85f76abd27ec5fb637ee38173ad7d86304d5708b6dc8817e099e77f5d43c1a70624cdb96e4e6103bb25e59eb51d894d1dc533a74005bb79cca35b66e10c61d06b5227fcb071457025d605a0862218ca252b871f8343ec231dbee15688aeb914c0f16ebabe6edb0a489b2bd10d4392c6f1863bb6a62181de7cef61997ab02f3bad0a893cc0cd8a99cd7b3f7773085f0929de36b5d124e3729140c375de9a2d0cd9a360cadf17b9e45b7f2adbdff9e75b743b62642ed67aa703b8ef33dcf51a50edc7dbab42d3d2b49badd2457a9f92847aa6a60ae2beae457a5fce1a9e485ecf907be22913893cd1350f20fc6c81c94be426eaf01864e813a03e4674491b61516bc95d8a77c15f03d0adfc4adc27f27a5ac4165ff6518eda1a5c408708f78a9e26b834179804a312148d4f75f21a77d78387139da40c0a6293c2a59d0162437d68504f189ed970c5abb9ffc6d8e1be2b0877c7f24b1dc273b1765bfc5ce6f4b8d99a96d5b1c92ee53a39f685b304313d909c1ba8130d20d51c824cec420b0315229df295f75b453a6c131afaae0c36d7c4fff70623638a4f7ded5eb7db58d95deb6249a29b171d8ce651556dee8037bf4ca74453a4a76aab7cc07ba44e55de57dbef8542c3851ea353fb8e259ee89bbecf9ce8d8bd6227afc0028afac48a7acd9b4e8cbe982eb1475917ad6be4cdca9cf6e7cddd971b2924f2bb730264801685d387485e41993c3fa0af9987e8b52c21688fd9a9595ad8d1b9f41e0457be18492aa09f69e64e2954d1ca3cc1d32b2915cd9cf6862ca79c80beb47347c4cceadf48a37b29b1d6de4e94717d60cdb4293fcf170bba388bddf7a9035a15d433f20fd697c3e4c8b8c5f590ab44aefdda94681407008ea48d03ff21e9bbb4ae7a9aa37c855fe3537c44106e8079f18c24d2584474bd4a99367660ce6f7e6d7c294961e174366e7babc569d5f80572a21a4bd7086629363e0c9ee2599c8b8863c96613ae6c32cc67ccafc66e1cce79654567ad08e62e9abc99e44d6a79ca4d8de15b7f8a763a4741676af0e1f3bd4e002c8fa1ebfbb3bd3a65ae68a80c230422f98f6e1e9837252e045eafd585ba389958297d59aea1e8e1f665fcbc5f7ff449996aa712dc0faf582cf3caf3dbae80594f9f07fc06de63d9d672d14d7ac4662b4a54f40d4aab2de766910be2fc7f6f679b5708790b5376498d3baf0463dca2f093b51bb7e9f3e7033ba0384af0174becc3bb477bc5e86959a12a5e8924adf0bffdf5e5b9c1cf24d232881ad5c05c5c0f50318ea83d8683339ca6a583c52198c00f7c1abbda282e7fd3b179297338ecf9c923a3a87a130dfc06164e9b4c1fe11d51b382643de44b30a6831dee119241d1b6f84f2484784fdf65e41f78c38e15fb4b00e45df1edc40e3467cdcda351a4c0a0185ac4649e91024377e1c331587a8586cc0a4dfe29e14004c3536d305f5dee0eeb8c2f216c1b8d27375b239f6458e08980badd6d82e9ee9e007578c0a3b48288d9ad0ec3c934a99a8c5741149af937dc82bdb545df26428b87fc935c05f1a4964a8408539f267e23de9bc498e2a4b0083cdb7c8e27de6252bfaf680a6d5b7ec1a6dac6d7d537334a95f1553324a0739414dbdb50445a767b0f589fd4c33b35905577ef5a53b0f097191f9cee4836a908748779941de2a78fe1bde0c2efd9f48cbf232ce101d9df93d3ed40d036ae7aedc3a5ff619abd1c159ca8d2dbda7de13b4ca62576c7f925c52925eae2d7500dc969fe14c0a335ff95a7df1d276a6f242765c781208d59edb5848d412b11638b27ce5a61b8209075976c2a6aae88f6e6d8704fe9e83b425dec4defeeb3cd311b8c5a818d51f917a8a4525361791d5c4fd5d70704d4b9fa9df1ea119882f400e682753a41931712c043c120a98f0fe786a600b47befefc9d64cc5bbe8a16c191490874e258760c9e4fd215bebf848e0b4d35521f53ec5f9308644b785171fc4cc3ff886e034bd833d59dbcacebdae8f00e43c151bcb24d1d226d1cc19ecf349361530a81ba3168af3df5536fbe52b3b93621f57959df298e5b4d3c14928d2ef7b9c977c7dda54242d17f8661978a62d94d565b00abc199790b9b25fbfd4a3ffc35c95ccafe35d9a138a2c24d17f06ae2cc376e822317f16fcbcd56e23f84ec135dc935e58c61b34cfbf5a36cb00350483b6bac786030e5c5045a6b61c9aba7dfaa4f7fb21897539863ee865ae061a77c0359915de3aacb3b5dc8cfe53c4d17b393c2b6bb23652f36390407922969d510cc97b99d1df4361530aef10707d7a021b2d9576b2d49ca88b3cc83ad1baa6d88ef8c81c08f8baaf515637b21ace9d5cc8fd9fe4ca6c3aa129caea7060791d566f4de8662b90f9e5d849cdadf9bd23cf6737b07ca105142663c30de27adcea11d64d433fe1ace84b0f6917c8b655f2a421602f07e0a7127e61ae9859c5e9f652ec82416fd2566f291f417ecdf99bf3231d02864e2e5a1cf34c13f59de9aa2760d8734bbda79576c62f566b8269990e9384a41c1634271acb4c7a8b768f276685c3a8c7f20872e56b683244b1af562c3e7dcf592a9915f44f886cc2ac5f679c07d5aa1fd69cf3a460f25c722073da336a310aa551062d92c7297002060072af2f3500b9310c239bedf45c5e985c2e0d60c7dd68522376dc7b560fb34d1b5089450c32ffcbff07b35a96bb6fe01259a06868d00af697f8bbb238d03d49570a109181c9576c1ea9d2ee02000cc23e63d6c93c6cf3050bbb15b6f73b09c25da62e5abd4c2bdb1110e1f25db39f04885595cd6a388c4726c8d4cdbad87d80d42fcaeae843e2e17f44c9aed25c8f6f9736c7ba1bbd3b839126de40a930024a65aacb872936e446114e706a868444cb140e53d976816983f3dd1d57eeca01eab8211b7aa8ae99d26e35c06ea4b226e0a6e52172a40e7f0df5f67759ae2ee026749ba10b8e33694c3e01a001526f9d75f6c419cdccece3ea3f78d69014e509c741214581034bbc7e2bbaf76db8421154abb2233117a1ffe2786b21424576e295c9baef262e80fa2edb69aff800b3ea436eb827e8adb73abc48d740b86c69d557b16e874038598b25f616afeb4f4a900be7dd0d38b5b6fb4259c51a3aaf4748d7a445f518485ed72b25c7df8ed0906b74bd29bd6a5724ac3a503c990f3697a5db484821f68718470810862728a80ce34599a41fc5bd8bb46dd845a4812ae1532c457ef4211d0e41835e5a6f030247614822571c930c727ba397e723d6b3aeba9244f054e331c82e65b74c9f6504c74b4301499a1a6f6269a3352aff57f88442d4eda42a82ebcf7776c5629f97d6160bffdd8282a40ce2e6375b161e4c22ee53bce7a45f4774aa827e2da657e1a1bc07445f0bbd770b7a5a25b1b469fd58715510dbf8d97af4e1b9459a20b08a8d3fa9d92feb32db95b22d36de0bc8b1c397b09970a6826392fd8392b2d790dcc1295888f42ac81ad213c7328b2324b28be7cc1f4fb8414a7785472f1dd3e11d66017b1756d1697be92490e15f056346d7e9126a1f35fd76cb016fe2841c8996a3507c4fffe7fc45026df10b03b86fb6cf26e8418926a030b5fa62748fbb728fa19dc2f8947468c1477750771e442e4a9d25b76d359211c05df788ade5b7824f8770b5dac0819737dec916ee59b28a49666ee8b7ca81386eec8049542f18a3207e51bdbc291470eeefecac385c096a
+
+[L = 32]
+
+Len = 16
+Msg = 43cd
+
+Len = 104
+Msg = 5f75a437ce0698a7d8151c3fe0
+
+Len = 352
+Msg = f88bac738d1e3e10f75e46e3fe026d7e423fdcf3d7e4028b33a291bb4aabca53f780fbf99e0346d610d4a38f
+
+Len = 488
+Msg = 832e5b78a73a1012ee62e00621db7f4d248893007c6e5d6e0e689c6b291baeebc72df9cf10b289fe20e7fab80a2399271d0ac63766049da875eed56264
+
+Len = 13976
+Msg = deab57cdeb41974037a9bef5e292894038264eb4d8993d4d1501e6ef9c68fb0f571f57b0925640925deae9a6317e3bc4d6cdd5a0833e52fb48baca16a9ba9b6c8ca469a0555763b54f04c87d4e41aa549258f30eefe5a52d2ba06657a8773b0842e094857b6d8911d6a0636280025e56356fade362b4bf4c875cc19be0c6644b447be0454dbf390eb966c03e10e9de3487b90d0825d327c12495e3c89ad09c9d591e55c91376fb14c2fde9f7461fb25450df1a65806b65f3caf4d5c81ebc6e664871fcf915b9578bb70ee6776acc62205888dce2baa4024941209e81b4b35f0eda1bdcbd9ab1d6db6140bda4c41776fe675d5c681da5852d50c246dda4ddf9fdd7c5fdfeec85ff6c883c78689c2977584406a1ddef977606c182d6c33561c39c071668a2515e5aa6f4aa1faa392aed95b82ab32b79a15e3b5a07551ab068455131b72493126470f26c30b852e4415e1d8b719b3803ecc336e4facbcc5d1908851f4f39b776bec8b6b9794d47e5965458858560eed5a0305e260240c0849d93a19787b0f8c795eb5ba32be573845256ae6d0b0a3336e42a1beac8bdde6d1b6e0b6207903d4b105f4af2ef89bd099ded870daea2f170e03bd5f6f4490e60bc222d4876e16d4c58aeea6e6c400dbb9e9f4b2b142f0fc9bdeaf4132ded38a4a8366e107cac7210945fa2df4b124be37ef76290e5b9758aa3bfe0091bb0448206323584c2f833e0edfbdc0c33075fc9647a3404ca490bfab94302a0679a1a42fe9fec6af0cd98038b09ffbecd2832b579b2294f6ae5b96328fdc0a0b9b3a32cba04fa8bae3389c3951173bdc17caaefe526aa386f98670b177683d0b804c5875fe9c7afa233ee66349c9fd1b60bb0becf5e1d887e67fd3baf34b4f90d94699d18d6bb9d77d4af358f31edc254de2d6c5fe3ec07425c633b18c1b9e3606b78b40b543e1fd31fb578cf58c45744fc073fbf3c7d7d607e815379a5fc565892d81560eab8fb5f1ae6771b998c592e6d288014f13ab283d53fcbfa66e31a9d107308402191fac2cf2b799c7dae91b93a7676898b8a6e516a86eac58ed8f6d8ed2fd4d38031e4a4466dc8798b90c48e6adb6b4391d47872443cfaffa542b4b132f6c3408f0081af8692aadb4c9bbd55053ea56d8b82998f6b4b41d331891acfe6af1bb0d6679989978368ea463743b514866d2d01fb9950e8990867bc14f1db1142254adeccf3da812949cd03cd1d569e9d0bab7ca7405cc21096e3cd4d007cbb9629372e98584b4c6b97ad0bc314e1ab6ac71184ee555c01973570ed9b115bed956f9e4e349083013098b1e483f0fe44d5e9849f38a2f7ae152b36a266ea1faf263ea8c706632ba8629602187379546fc6b82e57ededd6d074c15c771754710731e07c207899eb47e8d7c72ffd768c36257d373375ffa06f9b3f0af11417f9ff9f9b44e1f1f96ae8aaa429af88b14da1da81c7bb38a0fe9372ed6a9ac6fb5e9e56b82593d94c5192904450227bf040b7ce0904789f979845e112a1f995c849ec3f7e49bd975a474e8201630f40fc0d80e76019f110ae158cd0f8da96ea4561f24237d8e795ebf52368218bff3e9d5b040ecd2caef4ab1e7127e53bfa2b3b4fb74829f9993ac703192aedef79dd9ad24c2c976638b4575afbce22ecacc273ba43379ed55ceeb51838b0adb80585bd1b5f2707ee16b67a7232adf7163415b24b9ff9dc94b7197fdc89e2a90d2b9eccde45e965edd064dc0d1eadabe11b8ec3aad2742b5d3323ebf913a92817749090c20758f98aef2544d4c8b48874e8936d7ee492d5585675c214deeb74fd67c4d170ac5e0aeefa607c6e37abd4f8238e776fde3921afab75cbd8f392d3e88da057903ce2e140797f4a85737bd89455e6aa27c7535687b78cd0ea59848e006c8de9c9c0cbc7a9f5e977be850adc710503ce4ba7c7bd0b042297f518abec6c8ef451c33e030251f506cbc3744228b6bb4dab86877d9e6019a0ea9f39ed37557b3b5527c171da5f013e0d3c480a038cff2c087d6e5d41b17e6c8f90c334b5e2b9ccbe9d4efd99fba1f907d00a49b71b5a08aedb644fed24bcf04e71be67b03cd20d53ccef8f854f5e9f7f28c1e98a8a53496646713bebe15a93f1ea336e6e8a4e68de5dab0fe880bf983eec75d1c5027357f6669e098411e0bc3ea2293138f5b34425f78b6508b94d4c0cc32ee9afaa409a26e5f2a1fddcd6d5ff42a89755a58b08f243957a2e208e24b055f51992ab447bc06876eba169c545fa71b88a0fc15d1e0be9d334a1dd0c86f44bd149b42c07608a9a30d0b7e13574f8d862f2ac72b2ed38904d7cab194fdb9e4dcb615f5610b24e202a36866baccac01fadb575df11dd43e00a3b92fcdd8c7702ea49d951e7dad2a56c075730b4af1ceda2bcb2310256f28312579fad40ff471336ea6a44143edfcffc297258d48bd2ea47efab8f0dc00f1e6dba1a55009ed627b7
+
+Len = 48824
+Msg = 5223e2fece634a95e1e7c83ad4a11a0478f4a41572bd66c2d7902cf4f94404cd80b1f58fbcb8eeba3984fd759410c12f8ee922865f363f684df5a8787c87ceb3086fb8535157f7f39653dbf5c66ae7219253838ec77cf1c6db518225c5ba0a8212e5911236474b8820ddcb8111b87320adb82ff553986324aa2a21c37ce4a083c89ce9931290d4c1fea933e31d014d7507a28e83aa917ccae10bed1a490e77fe501b299f8e3b78e659407ce1934d5d68c7980800746f26ffa9794ef1d23f793bd2eab7fe524e213e58280f441ba48b40162305335b3a480c2afeac11c27f8d817792fd7805d4b61224eb52d35c0fbf471bcaede505fbc9398b216f43bfd69b1a669a61d44fd21faae410af58ff95e1c3ff1528de1aba93cef56bff4d714d8c4cc88a4ddcda52444ec1208d99ab3fd9fde98c1ee6437d8d138f62c5f782eb4660c5eb28564b5b0d46e3a2546009148f3d02b837c5284e9f508290270b97b9b29e84445a0b4df662d9711e6b73c11cebcb7120dc427034b1ccf57d8e4f5bbdb84d2e1d4bc3862a2b51931d3c9a7a5fd6ee5f4c7327c338abd011af638d730141b6eafe63469eff50f473262e9fdce636eff4c5663acb6075a4fdb00c8b8a8d3322e1700a5b3e7db90b36c1a94991b8f51657121b442db6f890e208f312466778d73bfaa8cc0ead4edd0776155f3eddf9abb1bbfc0c94421adce83d7ee94f99f61e1f25a55fb596f8b40ccedbaa8e5e2cf629496f5ca60bc4cf36d917da4e2b973eb57869dddc409dd66d5061f22642743fe843defa0b19dfb2f56425abeb234181267b5c0d2ab4268c538510feb191bbcd1631b0af6c7451cd4c641025cd8bde2d9ab6e6b948f97c1ee6f35098d553e8e9da9b4d437125046864633f109d6a558b38b270a7dd1785d44d248a863a91e3db5c0a1d7ec133decb65e81c3402c98ee329f660a092172bf6b1a02491895394ebc506882805a6c93e767c0e58a5af717d950a206c0f0055cb39ed88816a9fe3613d15f608e486ac08bfa67d462d24e6a0a37716d3fbdaeb9c0e951c1e847fb884ebc1cfe707dc6e7269eed1c44331d5957bc4ac9dfeaed4b157204a3080fafb9df8917b8d15aff9c49cdc739b8fdc26a546794991c183fa523d14797e051894f48b0d62c2b70834467ff9c993b82fc1152c1f5479ec6144c7e8fb10d1bce26bd1cdbeec4e95ee073f3bcc3c7367328e30543d371b27509a577f5c79f14d5f687ce62b82f856695af9f7dd350543ec763de75b593f1859e44c2ac01ba65f98743cfddd8a89a38115badcb51a0ff5655f830c0122af6a830aec13ae5eb89a93755b3a5a6eca233f21cb12db545a24a5334becb8fa32c3d7f5805faeaaeea85a551fc62c94807faa6474c0d74cae79b5d8ddae07498fcc5b8b4f394867112ef5fad1c9da66765ecbc7fc0f3269d29c9c38817c77778f2c19b5a3c705fde9d76a4eb86aed4a7369a832ad267312903462397f7b8fecfa8b195cc2316cd53e48c3371ed2ecaa3e484b8ecd2e22b1aee910c51ed5d71198936266f5a00655d82c089f49295feda0a2bcc1a54ec8adf565acc3a8b2d74c30eafbbd843c59e67f293f6d8296cf7b611f01b57dafec6e2d4d411a633918068c38ef47b72ceff1fae772891141c3bc496824509d78165c1e4cd4b4989321a8722643eed69950dc120fa8da3e53c3181f252d7c4cd2cedf8f086f788ee77a98ab5b019828aa02108f49ea4a51f457f7adfd2220d3e59d5f4a29194e8f5eac40ff80312ff6888ff6393c3fc0914b08c1b9990d247ad80a441558db1ee1203e07353dd99a885a7ff5d791af2548815dde0ca1f56f89d39ef6b93dbcd0cd54b854173903c12649587433f0425fbcbddfb66ebce3eb4800dfddfe7fc44d9b23a3916b1db68c187da4dd13ff0157352814b1a792de7fff855761abc6fb7b93b48525fa90fbe3a51dea974069f3f5fdea86387eccee13f58a8eeb8abc6a43fd30e9788c3bd9ae1751b30a82d420225b2abdb1bc121b9073380be16107188d20be54f2e9c658d5b443869ea0e991c496104086290b6edcc1b656adf94f0d42458750fbd8d88040c518ebbb644f4dc4f7c6971d8d60eee0272df7b51a3d5248b4b264fb22195ad891fb6ac994ae5c0bc6714ae0b0b9a484edc576638b78ee89b568195a8f33ed8362128c30f9b0c7804b3ce1355abc96b15aa55c1e16a9e9ec90d1f580e7cb412a7e85d8585bfb950acd4de5865214ce4db7f6314d81784c588c1482d5f28c5fb62e7dd7aa8237ce9396ccde3a616754414cdf7b5a958c1eb7f25a48c2781b4e0dba220f8c350d7b02ece252b94f5e2e766189c4ac1a8e67f00acacead402316196a9b0a673e24a33f18b7cb6be4a066d33e1c93abd8252feb1c8d9cff134ac0c0861150a463264e316172d0b8e7d6043f2bbf71bf97fa7f9070ca3a21b93853ec55ab67a96db884c2113bea0822a70ea46f9ae5501eb55ec74eaa3179fa96d7842092d9e023844ed96f3c9fc35bbc8ee953d677c636fdd578fd5507719e0c55702fed2eaf4f32b35ec29a7a515bbc8bf61f9baf89a77aeb8bc6f247706c41d398cae5ec80b76abc3a5380001aea500eb31b10160139d5a8e8f1a976dd2dde5ce439a29dba24d370536a14bb87cf201e088e5e3397b3b61477c6a41e22a98af53cc34bc8c55f15d7924e7e32fed4d3c3ddc2ac8eb1dfc438218c08c6a6a8eea888b208f6092dd9f9df49e7ede8bf11051afd23b0b983a81bcc8d00f7d1f2b27cb04c03aeee59c7df23a17775ae5984eda788eb2015680ac5610fb1380b4e7d7a9cda6178dca98690449f5551b66ad2826cab2b662f56903fc95b4611bc86f7a834a34ddc3be7bf142c8baa096abaa3cd51ad0c0b6d15e590eab9e50a4c60c91061f1ed6373d91974c1ad9d263110a0d43fd8b596396cafc0ae70b7ac24a59bba090a6994ec483db7ed4c572f723670a11c724e8ffa2497d8fccae37eaa1d14ac1537eaf80efbd2e597b2ffac97f2bc3cd2c4017f170544dfbb0d9109478fddf06ec0981542bc8107a725be25070d2cab4716f4edfad75fddd582ebd363c49e8efaed9a76ee51f22304eebc232a4f67f865b04f610a628fdb317116666785fe8ca30619a07c83cc449855202d687f162b12d93b63af6e7ddfb7223d4ab998a5f450523c1d521ab76f4aa113cc2967e04a38dae07c51c2d0f44fdc8605c3c53ccee91a2c73dade5dae021cbc87d5cd6e5fbefb65335827311fe1e91921ecd66b2055a6102d7a976308a80c44e6d47a67718c84f2112d65486a558f1f269b91d9f47e3e11d09c0c748625bad2718e3674898abdb19d3644bcdc9317c09a3ac02f514b2a57e6a706362e5f6e8fb16cc83daea0eec85fdc8c367d84c9230730291440a4b109f7034d510a3f70a22dd4fa69e8b65e5fdf87045d560eec71f4e59531c7711d4f8917a96e22ad07346d2f92a13fb4569fa6a075da6e1acad1eac1cb2ef19ab452264de2357c927c6dfae6598cbc821eaf3b8da754ce91a96c702c95b2c308bf3a550cbf4d22d417745b5f17d36608feb826b862747c59d26a0e8eb96547a1852f9fbd095f1c5d20721804941d462f3ee2f0876ee2825c8df24c4f00f0844e50588ac688127013df8eba3c971362dd255420649245e880212cb3d732fb82f866dda090040f28e09cf1c86eea5dc4fbfc373eb69745b4afd841ca8e172d4a8510e7698345fd4cab9ec2ca0453a274720bb2d2e5468bf0d0f85919dd762fe3df969e6c071285e25c2e2a49659b8a78289aee655965bfa3cbca9b292a19a855ec40293185354ff4da9451ccf98abfda07f1137e79bc89d688963081dec641a99656b040637402890f185edb28e7e6a2f65848a6af158f90eea440aa6246a2e6c31f5d220b9846aae2027afe5a7caad6dc16b56463367cd9e73bf22a1d6172145de4565ee369c55e3b99ccbef70fb080a3748340fbe8f6b95ba46e8b76de5a3c4bedc37c55ae24ad02267da26769a3a732badac2e0f3a5393028dd54d78701647582cd04c8310e9f1ff1b433125229547130e1737a1f33604f0d670ea7221097c3eb9c7fa4b8293d7b429af76191ea8e481dc1da31344537a09b33404d782eda1d6f5775500c1d8efc615778baf0905d9fcba1806ef986c40b1c6a72335104376b58266c36f5939a8b95123e8635c0c95e80aaeb97379b1179d6332dc07539b595ec32eebd3a336a1128f3cf2e2924db6d8504a516b62f26d012b7f75cab765c8374a3824da5a405746023b51894649ab422d636513ee809fa181d5b6fbc63351e37a1b14efc8f739e86ca78ae3e280f1c9e4824b2976ec4dd308ede6171a7474c7f530128089bbd75e10f9e57ee17408b4384f99f886a5f63a2320a9b90eb9bf692e1fc449171eae3bb1bb17a6ed937ea57af3c82db84e073b5306683e1d63705b9742a085fb802cf5a1639818417fc2223f476c2566351f4b3b17a822e11255f3c3412dd39190e200727bcd3f9799519ef792ec7c2b0b9d0e2dccf013d436dee63483c2ce83c15c00a76c4d894a60cb90366ecf9e61221ee8bdaec66d715159876d8305b35c81f96ab2cd8f81f4769e9a6e439c08c329036f5d2591ac42f2747bc0e77d4e566358a3271819b6003b290211b9b847ab70e906aed9f86cc38aae27e1098fdc3bd5d84e66c45292183f198bc329cad794aa4e430534511b7d9a75104061b409676a16c1146af0a286e2de8bf51c4a35193581a902bd3224cb9257c961989042538092af92644a63d6d6f6872a29aceca39341ad29dd22354812c4b7c7068b039ac9ca7e6358e662a28be001d4aa697ace540cc3ed3c97b98d8c5a6fd3543ae9a7962c9229b14b0b646229807747064be3e83191cf24092dd67f675638d9f6510486379f47f5eeda870a3187946819ec9ed05e7b325bfd0eed5c9a0f4a2063d63c1a8a0a309f586c94d4a68bbe860ae9599ce204c92cf9d92cb460ff99cff9e5a8b3824786360e1e1861e71158395faeaebe7aa2f61f76190f174aab9a313f0bf4f1befbbb22768b8c22719cf3fa9ec908b576fa4bbc084b1ee5b5a7eddc89b58b45ae7b421d38215aa6e49304323eb4e202655f3c8b16ebd6b03058e75a907ee63fcf6aad5eb96c1e5faea81b88b5eee525c4663af52877c0f759432913b9d48030903e7f9f70e851cd4e20bc56aaf36cb02293d992b38b583b8f0b25a08c3303d8af5b1b37f5127f7021b13934645ef3020e5caadc5e7326ed4ff56f797e26cb986b6512b0cc76f1d8e7be44aaa88e12cbc644f14a7feb979d2ab66907063c51e052d0f8b25d827377fecc5111be0d365e08d17f559e3134cb9db294f1cac03150f4232f853ec15ecde55fd1023b58e83934869796400088e9177e85a2227ee45addd049c1d6b03e5b29dd570496fdb2fde7d8cc74fbb5fe76266ebd90a3b4d57e6e6cb9f0bbdb7ca03ae955915768011c714c909a27ee20135927af55d4feaf2c345d029a54af942da6f85f2103345d059f66864e6b0578111e2ddd5a1cd8bbf4ae35b60747b93f53ec8ec64c10cf4149909b102a2b88712ff3e5ba3611cf96585a6b36fffb64b8c37a114d6b16a53879136eb0b5e003a5a068e3e8422a4fc8d7c77227cce64ebafcde2437166b62ccf486660a7a2ef37012ebacca26ecd5bdf363feeb06aee39050974c25d6a564594c67f56fcf7ed48b07fab4e25ccffe002bbe460325abafe37f23dd9c145b4667f146a1635e462330f02470b35c5a2519f1350c02b263201ec9026cfc57d3659373910e878f2b6c1c5be774df8e01e775d476956c257bd0ccdec17ee939c46e5653d5813eda752ba7bbb245a99a5db1ae55d19692074c2e5820df97c502a4bd1b12929e1be8e9ce6d802347c3e9c4202de6046436c05ab55b2fcb2c227adade6c2046d98102cfd0d859a91f8104eb9f6f155da2acf93df2405bf2c083eafd3ec41d60b810e0bdef6298b21193642a9c0c646bc6771a5c61a25604d96bdb727abd5a7ebe4ddb2a56a6ddece26d8007b26043ad44279c3c8ffb7e6ffb3cd4e10ea2780f509a8a9bc31f99a7e66201195f1543a0a020f754d9a665a29a896faf673df6811379579891374c71b2234fc61e95d4d46f15d44bdb4d7c3b3be3f46410ca46827b8cca976d8866e8ca33c4945d5c87b705588b78015b529843af0b75a7e1e871fd276c1e947d896b92e6181ab7e3ccc7077bb57fe85a6958667d3d7a790f6cde1cebb494c2912478a0eca2bfaad62492e9f1caaa0cc520da08c0d2d910cd44255f4c2ca0646dc89e789a1cf9a28e2f99315d33accb1639cbaf0c94181b85fef648bb4cc7f66dc65b8e90bf5f3b763e58520098febfe7e47bddc2d9cdd5e40dbf4ddb8d51f51bde2e57432266d248d13ed09e62f66794d188f9861c50ec41f0eee30f76f4ece250956733ee97036098db41991a4a3eb7816196c8e447db3a2913bcd992174a7bde1f42d57c764b47f5bc09533760c1ba74943a0dca291f2746bc1fcc573f9a22c72a5eca347b1679683fbc8f32b08d381baf67b7266b14b3ba46a04a3ee45881ac452f64df1bf17f70f4cf9fa4dfed9ae70184679184784a0451d2f5c19c02031e0e4957b4df68b4a069a6f6f6458f6d773924a1841ba664a55c2c3187dd33416cd410e56e4bf8d3671cf737bf67df2a4cc4dcc786872b9e2dc4009fea0e48a749353ac053d80e36357d24d468dd595bc823017c015d7450fe38149370c5decf13b00b6b0e0a2567ac08b45f7b0c8a7c89d227219d051d17a706ccbea49a42035cb327381568eae23b5e2a3b7e8beef6f260d24ab224827ca8ee9d640dd23eee94ed02c9e26abb3053cbfaeadbb1f365a24d8769d92240da842e0b361524020b5c9c22a2fd8602dc9600aaf02b35344309f6bb018a94d4cbc9639ab7430657c4046f0b25df517e31626abeedd58c2e19aa0ae1a43ed2bacad91dc04a2fdf9cc33cc420f4f04379e95988ab36731d5d5402d89fb47e826f4243bb206124364d63564a0872f8d2826eebd9046c7c6f2e7c951e49d4b22a7eec89da1fbed890d63ef15f26422185143c89da3ee269f83e1de11a7467822146042be92295a585e3a09e720ec522e1cbdcb41acf5ac45ee892677ba3ff670d71339a76ed98237be252ae21268e756f05ba0b094a1803f9da84a8a05d0ec9456cf565e1b548cae95eafa0fb01f091935e6eff2413bcb15f605f15270408216fb5b41ed83dfa1454c522375e35bdefe54275f109d0ab450636ac4d8e4d9e27f2d81a15b8cc5e98549254a1c9162918db3e399118f5864774a9d6a2347e1315753071eb1204c8bf5f52b1a0da37e484ebbe545fdfe6b031215678c3b83a19a24d7b661f626beb01eb82b384f02f42bcad4f40addd48db8a92b90d2297e6143702056123286617f86fbef4fea940f648867d790b8f803abc5f4e0e3f4226954c296afd96e287e21b7243d05e743161810da578096521805edd81f68a45500f6a3a1885cb1f45cbd399dde024df65072eb973c827fca13eeaa3f140842016f509aa9ab4603d2457c92cc9aef24950697a0044e3d7c483b8d8391886cd50dff8c2f16de3d6caa7f864c1b3874750781b2b78b545a94b4da0b0036433c6561f5cfea50eae9f5645302eef18238473606e9b9931880d0f6368fa9970d1ffbe59c4454bf97f4a5e8091801b53ee4a209e0642d83605836f69742071aaebd9d813b10f4ccac03851ee9f20cd1351f8e68554c9bc5f58ad19d474ca128edbf561d195e52ddf3c19bee3bb597ac2f92143bafc98bc09fbda6d18dd4ff2a93cd2ba17f54f75c32d3f141468c2baef4e53b6a340286dc2599bf7bb002aa86688e26f5b51a6aaf32e48ffd539d4f3f4bbf0cde2d20138151c82384f9ff29a634ab4e0103d93340bb9a7b0caa108bc7fdc88d7de14abb17e9efdad2b0f304f0bfcbabaeb1b9db75959dbf54930e67aed3a9c8309aa90506b6b9ed4f1d06c4ced19746e206e1e9b8879663bf56bf6c5c920ac5e09e6579b780cb63e1875ef0a731b726864b7ae5705a2d6d343a4a213a05928b7337a59f900fd04472382610e2a8d25383c9ab5804d609e79a88d70eaef3ea22d3aa9100fa2a6e98e97684ade9fe90d6bfc59dc9dec3d3d8db8990bc2123ba92e64253235e9b4d682e8aa04e23fb9bb6248a77c065e93249de829bb2fc5ea9e396461090222816bb29bca37bf86698fb995f62c50110cf418bbe2078a56c5f1ec9fdf3d0b09a719ac253b5bcd00932ae058b86611aff51c8ca8448978615854b69b0216a6eb8050ce199fd9a13aa0fd652570a1b187f61e6831b3a960521c3705da8c5e6c64c7b196ed4a49c2912d77b670b177c6458a7a49ecc1ffd8c57c0978d2a05cd1f1c7ac9514dd14b7b0933a52cefd40b6452ca0903df1f55828025c7e18109a6e0f2ab25724cad2d6f57cb5d894a6a508134731e9b9c61254f64990941f4faf97394b634b91860cc6ec346aa666600d323c849ea4c4a0ef55acbc56495ca004f3fca42ff0ffb11b0e1164c95ab89bf1db3d4f575ff334d4e0d7d50e0c54c422eac5ef78c5a3be95f2e18872540fccfb597211ec79d9d47b6cf41e385b9c2e92122167fe584210f63bf919c620d
+
+[L = 28]
+
+Len = 16
+Msg = 3dd2
+
+Len = 104
+Msg = 3d232201038fe7d846ac1bd4c6
+
+Len = 352
+Msg = 44c98cfc71f82215dadf494d68d1d6b92bb4eb81fa0fbf945a659d9aa2c2302b5c93fd3eedba31e479e29d36
+
+Len = 504
+Msg = 02a5c7b1b749d6d49bed302d9439f23ab83020bd4d573906f4190e74216ad33aceab775f71cd31092bba5cfa42f0845bd16fc1b8bed6434dedc92f80b395aa
+
+Len = 13976
+Msg = bd70deb2cafa75918308d703a6783fe9dc5e3d21de9bfeb6dbb1cd531ed5dafeec463a02abde302d4ae6ab3cdc2f0f94865e38339c88bde507ff71bbea6b30b9851cd8cf599e950b8c8e620c90adccba0033f934ca66ea0a936afdad575bb6235099beff1a632c9114a8045a0919fdc21083880eb05c0d8c489c7810aecef4a41766f67c37557e28a9db9a0d909c2b167ff7eba79693afd3ee3aeace38eb73a5a02a882cf89b123812cf2a0f6d5edd1d14362ce9c43257474def5cce3adbba8cb48e7af9a45e702a182dbf47e8869b3f99e953ba81628e502c60d4f8ffc551c31b3ad6ca85c52164839d5e9d493deee4d4b76604174bdb5655385d34ced2c1b09dd5a486e1f9ac501bc611f9d7aa5c748f496faecc14c6c18e1dfc6aee2991bd0207ea1701219955a751df43dbf66f57904675a0e9e6d7f9a0b8bb82a8f44951117ab2642d6671daf1e5d1639d48aff6a05781c2b5e8976653b0a164445872d393d30355acf0bb49bf2bed4265c9a3b786249afc7a438d706eadb6f90a7f93ad51bde6d2c8e6ff09dacb3dc67ba0d3030c54c8367e1e4280bb5903274191344610de61c3c770c6820a6cc9d826f7c743f88f13580ba23cfc00598fd733b5dd069bde7f10f2b8961c16b69761b0f308dd137f844a67f6054e065863f226141755b96645a291e3fa3fc853b2475fbe1d3b25ca22f4da4425dc95fc855e63d6699b311ebd5fec1c7753e6e81f747c808ec3f618f63eaeb1221075edff0532225c40ccadee304a8997c03920e7ce4e60e4df4d120611296786516dd4d9cdda2077ac52bce0fdf552e1ee89a0133f1f87a6f6f35f5c53958ed806465919a0a5fa42488bf29caf33a0dd469e13abae351d5c6fb1a800ee384da199c823c965d9d5457a3ef8292c4d9b142e3f1fb502da498eb44d95f8c85bcd6871bbdbf004bfdc09ab35758f5e8b6a0d0f366c3b255333c52c8fcd4ecb4536b5f6e72897649f3415443612d72c3436505249a344feeb04883f41f90ade40af119014b3c56fc108f1ab0a77087d9226665d416cd975e9e4605529c032e8926002a70924820c6c7e264a794b2a3beb63d69ae56e017294fad4d611cbd0d3847212a38f22d623eabe3b884a36464d8814286fff52c4dd366f6c2abfc2eb865e0dc9ec6e55ca9d81f1b8cc47e2629bb162e54655bf2a9e156ab0bafb4b8ce96858aeea6e6665607a3f268036f4890dad759486b15e3c9e791429ec8f11bae4ea7c490656fdb0551dcf0b0be017c08bc674bd97d9d701c3ac955e2941ba7d5f2ba122a6f0c1b164b1caf2d50df111fd4287e9e195d181f6f514d7dadbefdd4274edc234025b727680576046842a834b6ad89eccaff5c5209bb91d652357e3750d8bb0165572fb71d09fdfc60f6b1e5d868c67c0edead427e7aeb734e29b96e03ea174b6b1af523feacaf6bd745ceb1bdecec9251958b7f521182daddf62ff6c4f58977adeba81c616ff2e937ca4f16eb9c44e63f9e974709122083ae45524ff87d7a0cca33a90f09b660db0efeb393c61967de2564315827ef1cf42b71c0f822f471713c9d885a3c3281d7c95dbc96f1c6dde0af70ea11232b00a2d215ec8de8fcf84b6193b6ac9d46de660361aabed3371fa44a6f32107f3854262eac355f9ef98701f580b4649175cefc29950e7a0eec958f629999c4b0a98fd4bdaf5c0bd97c963b551f2220bd41ec00b8726836e949e818a49aa1ac5bf12c64fb9991111ce8be3e0cb9605f753dae1a4c84389416f17fb66cecba45d591b22d64e5a4edcde067a088d9ff7f5dbb9dbf324510000c55d50f480a640fb22da9b4862dd81080d61af9560b601edb5e3346263f5f193df97079a27e3f9876078b80ebdcdb17ca4c50aef0c8329c72a7f77584cd963e105eea9c28a2ad4e95c1d018e27d0e720ea59147f59ad796b80b6293da8a55ed47e8abdd37221db0a5eefff31688e2adc294654ab0fddf9c1ffafd4783f01eb539492cb35a77315d0ad19395f47b18298a7b353dcf5bab0b2f193ff73d99310478d2e5c4ff1c68a2493c138818edef73caec9977bd4eda6249c8933953e06d796b288f78b18c343ef561082fd03bf92b084afaaee741de3004abaf746350048294bc52450e31147173f2da13d6ffc5adc718e149f9df3702f414dd3ee88296ae8a0106b071b589e8696401da7993d58a9bf8e5bf417165498c96b4ff5fd2b45bbf88f551688425122a3737ca54b2992fdb4d60957a93097222c3cf4c45dabe18b9d6a69e6f27567d5adec489e4b6812c29a8fa52f1de642b7b0e749c16f54473ed5ca2fdf2199e885fed308fa62a3e0deb7e0b8e439e25b3e9f95d755fdcb7ebee9d73069dd57dd1cdc5145205882023b54f2c9dec6cced9e3f6d24e8cdbb8ef121b8f3eded574d81908e867af5ac82bfb8ed60848b4bfdc1d998bae3a9ca80c1c49601d11a40409c62b1536f01ca67
+
+Len = 48824
+Msg = 5fd54472a44e4476d254c0940071ad42dc723354f76ba61f63fbb9df80d1ee56136f51b6982e66c1da83602fc08093506a9e2cf27cb92085ba5c627dd63f59f8850e91a1d86cb1d4ca38ad03160f3c584b128d9b21e935570e086d3815307ab8df396cfa0c100bf6cbfc0fd7a8258fa1a656bc178e02cfdc868540d8e5ad39dd46794a8bdc205e710555ee7421ca7475a4f3232e6a0cd55d4b5d4525f0bd7eb1e455931aeea6918b9fceb2a32706d31a6d7028a85e102f228417e2e7db68317ae155af70eda98c8dc1ecc32a62e294d92855354c1114c5735a3c81e551b63a81650107557f3237bf953989d17c65a0fafd2bb1e32c237f98f55389e8f8b0810e97e201914c487a68403c6d621a98ddc515780435564245d87ce462b8785def699f7f06ebfdf33dd1ed7dd5a3e781348298c7950a387bff7d1878731d7ac66ad9a6607f2c3a3b6843c2852a5e882a8d78ae9dce2a79d595cdf09626dfa6f1dba7d40ed21caa29e304e7dbd559a89bd1f07d84165dc259ef112dc6e2c5a3e82b1c50106983f6c4965c85073c5deddbe6323003d56abb0df590f69010981ab3407e43eeaa29c6156995c492c931fff1b686eda3741a0bfb9094747d1620b2580415d431ffd6c02245f6cb03e39f87e82834dcea59355b2ba663ce145d2514e15e2b2c60cf518ff510c6c3e2f16d2dc523832762ed8352a320462ddd4d6fe755350672038163d996b44ed3b85d64989291bdf39398cb996de785b9614ec5d4bd73efcfa37fd4470b17d6240b8e4c715759286b04c3d7d791e2689927c9f18320ff2e6bc7306c805e23a5de66eced5f1a630cb43dd46db515f837f6b824b99b86c10b6df7fcf22d97be05284edf0e0be597b3f9c63556db031339f79ac9e6c5f8a1cefdbb4b30f5bcd23c2a4dcf791cbfdd6460284c5af0621ab7c5571e40a87c87be459c85ec81d746930dea24f43bb11d6611ea83409d3bf4f987778d8eed1d5b246a2112ef78ef0252f9ae464810c13f02359441d289958b4766807d9a3be0054897d35b01830deec1151f9e3d42f92b80f4aeedd65c78c6e98afc562a3bcf6d72f238c6e94a38f2288ac7929a7a61c92875c1f115c0ed8d261a727f0794f17ceaa3dabc717478f6ce7f2e8b295f000241e154b4575bfac8483f6b62f9ef4e18f7d341a65faad5e2fc1ddaf2b09adebc155ff09e63d5aa5f95206e66c7f4ef2ae3aaf3ea7c93589efa8c552df8d203e0ea181c1703d7023b56e603f33b4adb9bf44f7af290d8081210f327a6c9b0785709346087fd090c42d2b8b2711b9a1a5173eb5e246320ee27867ad6c3eadc4407bada44561a12cf5d53bf0448308bb536a8a525eabc1410c3a34becee25fd6fda453251ec229b53751f2280e142c6b331daa659ab655b78cfb08bf18e40bb02b7f1650eb2dd4ba1707f0aafa219f21c29521581ce249e2e34f5656b0a04c00485079b040e13cbc038bb9f17f47cb8f908591b26bdc28538d8baffe4cc39b17d2ecffbb9698bc2b8b31b08424034c051b535e0cfdf07b7a0a54781e33ba739759991aeb72c0ed992cbe76eb8ec0ab12c182e8b049cbadd6e82e314f1bf15fef5ae95dc86bd64b8556766f8ff62c33492198e454e5ca59ea856d8e095c04da8045522abac865506096ee1cfa1082af08ca09b3533878ea3580b6c0c57a615e0ab768246b3eda96bb6caa01a2648068e21959f843d853e948588e8c0bfda364ef1f9fbd3235c27916562eb0214891eb55ae0e059f4bf7d1838b5942656c27899dec6d67b823a981d1e1e0aaff5323b0e3d69a7dddf9b12d7787ab763a3c7a2697ac65b655aefc4bae7e6444850ad2540d5193b378682c77a4dbf9aa22e517e68cedfd1ba32e3730ecaa2e3f6ae61a4f427d6e69071dd62a9bf6c860980c9d23ce1fa82a1937e6dc1ce3a2de096b680d23d89ee102912ac0bd769c1c02095678dbb00b4430428797cfb966b2f901480811e1b9cde358b6d499c9e93f0961f050465d7b0c70d4961e75a9fe40a24e36eaad27238231dae6d0a17f446c16bce7348e669be563649eba9f23be29adb8b10f462780a066ae573f74e51215a26097b02469c25180890e06acc53ab063c742e08d51359b0a39749b84b9f6be44f3ae3da8e5a2f340a8607d4eed08877d007928d332d6f49502bb5f416c46d866fc87477c58a22d3c5932a8d6298c1151daa032c84ad92f8f90b8053b5aa6f690d1bf682f314471cbf200f3d30959e07adc6488dd17b0be5279e727f3237b8b4b19b31a220dfe63882937f8d5ead677608c42a57217f2239614c521d94559290e3b0ed8055d5474e96564224f6ca6389b40a71337da11e1c307dead8e4eb43252cc2f1c49addb18781cf20acffd3db693b02e5c8ecc949b51b99005529e0149a13390615f5df6e0bcd68e1ca82b0173d25134dbf76dfe92daa085d3f6b1e4d18217df41b70c4c40101884c2886495f2ef8a473bf23cb47ab6533c93cb38c36c6dcf6837f1272fc91a6962b6e1386fb643e1f1d71fc75ab58d5800bf4081217cdce0c7ae9e3d25de543fc4444314f32067eeb147c08c55c5c8158ed11729837547f28a300eccc312260215f50e98c4e3d4170208a50a4a4def1243538f906df8476b0c46d3449be73866d463d422595300e160840daf8c906ae4aac13a64457853b0ea6d8c32f4efe3b48c0b1450250086d459648b0ab14fd3f341a4a803be77e56a811e7a26827eb0a1a9454f90bc6ece665904adaa3cdeb2c4847858fd1d79750e8cd45d8da9163784b8bd06629410502debfed5eca3cf8fef0fa6bdcef6efaaf35a1986d6fd68e0f436dca9442077a4818ebda4606a94a3c93fda46e7ef5ccfef656896a0d3d93566b02ed8c3f6174417cdcb99a415b0c6e9816d94e64b438c295b4bfd69e0d9ad52911de5509971b7370593160629b641d690eb2828bf363857983e3b9098fcd15e66448f786f196685d2ceaa251b17ad06dacd614d9fa78ce0a8b9c1c360b529d0bc1d17ba0b70ea8ac1b8d67f6e5770f0cbaee0b38109d26b09493060dc851f5fef121e83e30aab9c3efc2b8397e8362aefea1708f7ffa14d3656f7f7610f3a629bce14648a593250c6f309c02c6c552bb42984ac58db920dbc7d98f59295f37f3e9b99da55ef074ed65801b390366669b4c7aa1c483ffd23082793f9e5cbe30c34250f63fa3ea2cd097593dc67e8d27b7e4f07e73a9f7b33a5ef6962df1381a038d4f58fdbca9d71ccf640b917f631b75d4a2e8ba46c64a6223f99cee30f47c1a935dccc7f054fc39d3498c824e10cc3ee337e781a3971f0e98295aca611bde701c2359858914248f6bafc88232bbc27bd85883b00990bba7862fd7a7cbd4c86df049071fcd10d686613ec877758d83927cacc530bed9a596b5b21c6fb748c379d676de7e05719a867c9f934b5dad99ed97dcb4e70a9b6542ed5b2f086d9f56fc9752e788785ef8f7837a31e433438cf2f18f58be37fe8412f6d21a5c35000a5efb862926700079413f76ab2c3e79e20b516eba9d8c29897097bee55157936607cabaac41337ea4cc783c0809c875259f8020e16d5045fcc39ac796d11a82f25fcc9579bf0a010200f5745065175fdc15474ed514cc796672c59637c3c8f236cfc9c0978a3db1194680c58c27746090d76ca09f7c48ee4ee7e1d3cf0ea70dbbbd88e30e8814b57404dfd7c33727a0c84cb7bd468b0bcb3c89b526679c00fb0892d2a5e7a3d73698a3db53fd7d78460cdcf24ed22b5f39b8c00b3506541ae4a5b76fae29c1cd5b0f8c3ce142e0af7ae4efe3fa4c438a604bf4a9abb41e3fef1b9227a7dccc3f4d6026ca289b4b1366d9ed546abbbbd5677c8d582e79e2b544f18dc23809ab753313d84dd10fa3ed2f723f0b46277b8877d4f3e0665e88c50caf0f0708b746b736b00c8c83a7d18500384bd035996aebb7da8f09fd6af9b76fde7fbfc0ee854d7ec02950e76abd23ffb27a6ddf1772465016c79b98a61bd3940547b207b6507e32cb9761a5604f0f546834a8edac7ae06910045de218d761a4accea886188f947b57bd876491709028e2e24b075d6b022b51af1880ca16a8c65b7c69e51b2ad580ee058acc0606f0a3a9ea1cd4342bf4be602e941dc4bef1239bb9bccbc8098a6a17d63186c6fa75ec44b6e4fd38a3fe49c5eb995f0cb884e2f3ed6be02515fa605b98453ad935682c3bac6a2971bb68f4094cefeeaceda92dec803ccd3d346f8b40b48f8f489e118a17367801e85c79e9b3bb5d73ac44a8290cdbf83a154f2f125090d42e1a1cb72f5ebbd42da46c7a4d4b9fad9612a4c800de6467ceb74f831e1395dfbf5799a3429ba34754add4b34b5960a5fee8f752dae78450322a1ab3d7102b77e907fc1eec5355991e0c7d6c0866660e5436248edeb1a37c0e769a0764cfbb6354332d6e55103b9235c84eedaff918af3f0213c435c32ab409a4b5c7eed8ab6ca9e313dba459bcfa3ee92e7d669be0526856ac3c06a57fbecbba553a9cb4655a901d98af02b74098e478076655d325bd7639d73d7ae00c62fdc361a997ea4ff5b0eba33096b12f35cc7cc0eea62950b912b47c11b9fb386a47c4c15c0602d304b2541da889cff299a1fd415e7e25c70ee4cd83feea7e6a9c50c75d9b128458513d61ec5d0299ef8c090472fe0850f384938ed44d36f10cc2c1d31daee3f946a2fa18f9982a988fd6ac973b1569313ce3c8ff5746c4dd85a241f1e9dca0e904c091832ca028533a3e34c184edcc510bf22a27f530bdca3d057928a96f72dafc73a9aa6dbf2552598e468735cc5736c67a620e9455483e9cb2108045ad80569582ea93a53b491e528c8df336fb326ad74317bc1dfb8ec30a73af01a5dff3e437b7fe48ba5dbb3e8f01ae0c6fc28675a415f23a796bb6e0ef0efeb4b14cf20d4ad88ad1966da43a76b454dac8687bdd97b89b8f8eede91eb34ca4a0523ea65736ae39341fb32b9b716f25662a37382c16f3b9c346c84f03bef54acd6efb364c6401b07b3f7679e8e7f8c9b77b75e6e98b90f4df88460f1978d19744eecccb743a999aaedd00b5a94018e9d5a56bac9d5d55f6e93bad52e84aa7340cbbf98d56213d9dd3e1970867e3972dc98e61b3cff40b64ec49463ff79a41c82dbbcaa37a82b761f432849aa83a3d3c9a209e2207b87ae9ed9959ffced165fcb0d8873668c3cd8f18ba0f92f7acd2bf50416c22ce11692bf6132eb9f558dc789cf9776da94e48cf48607f19d9a11d5df4db11dbaa67a1d20e9f0c96f5956ee3f906e371c489efc88b0c1e56d881e7bf8dd5d6742622eb873e253dbe54f2e2e6d0e6136941de8c23e9a632727bb5f88c23170316c7aa0df28d8d07589dd6022828834f7ea9b4e5876a1704944aa3186dbf89e0e81767cfba03bfb38c55a9945209c4dfd88272c49d1745dce5ceb40f0a6713b5139dc2fb87a8a4888406d2610b7b910a9e5782ef0df719028d8e50a40a269dc9bee12157038522d06537bb31fc87d21af9ad4b2e7e127bbdb313e0a116010f65126cedadd4a122d15a71cbcccc346f55100e354b997154567fe3caccd50251d137c58fc3a2048dd5883b6af9248b51040c01a80c051b8a151a8878edf0304b5554746d6116b749221a1d0082ac925e6e140f0c3b6a180742ac8a50ce0e93e6399102f151d7c14000369ff52d0b537fdd51bec99e7271b1255c6fbc36d83408c417f6825a8e2a58b9054ab2c3ead69d97ea9947fec32d720653c123ecf51a9a3f0ed88743e3fb7b94aea59d0bf0219ee50825ef220554312cb907edb90e4d85f29e316ad57d3b90d859391fcfc63e6c0fd3ec27d4e1efd6e0b5ca8165cbd6af25ed8792d805f27fce308ca1d51335ed5d727558dafe05486a6f9149b8d3bc022026656714222830be582889e6800c0b170e48ebfd069e711210e4ac7acf07652a6f5051507de68aeffc9540cab5cdac84ceee46059ec23820c04b127266c0bf8df0d2b856be3377ab42592f495980baeddbeed3ba707a85dba64fe36941eefa8fd37204ec8c18df3852febd2b142b1c9a5cd0f9e424cd408ceb7788270899fd793db99ddb8f9ca8df550c513790d8bad37a1d1f4a62c4527bb64c677462c9b093582decea70c7bbe873095536728e7ce05d5cafb5d166a1f03055e918f787fb244c5857e3d7a1009bd37f30f165564a082c1510ed19bb1633811a76da70dac67641c2478c6b335f409ef54a2d0f370c9510d0aabae3cb998bd023778375cbf9cf5ef125afd584c11efbf40bb51839aacd3016e5e4d79f134245f952dbad617c78cb6f5712bd9c0c7e1303db5029640cf9b56e29329c3e6a9e0a2371aac1a437b9b1c4477ec9842aa80eaa22c5eac11b60c661de6ddbb088e844293ab8589c13d938765bbaa44301e4137148dd0257bd4c8c766c5d3bfe53671e9417cd1b52f622870ffd90f4e17b7a4ae1b5601a2edb032e353bca652fb565beea6fb0b2cdcadac71794c662677fb1dc81d116d94f5eced526b37c004b95284cb6aa2ac415754a1f14882595dcf4d3f1d905c6e8c12cf5a9d23d3ab55bdaf9f17d2f03f933e1bab89040753648c426b072b73aee8c2fc0d1c03fce2c656e20d4c96803fb2ef471b912267eecb4d6f342d3513894b94d77767823fe0c7438e51f21bcf16f0e98b94b23a10760271281cf843989824f7061bf834f93fd8d2090f70e939700dcb4d8964a19da39a9601a7e0ed9f55f567fc7d5682d55a9ba0e68861756bb549f2f17c10ff6bd2042a80477f89743d3d762f1dfaf230bb502eab6f4c46b26135ff3bef5faa179bdfbd288e3cadd3d88d8012706e19b7fcc6e9cc2699d3ba0e624e715599480d6b7dbc6eeea0d12a9236444b17285fc7794040dd40c2b2ef175f7f3641664fc9bb7ea6d7eb3489d504f8013d64a23aebcb5ce233405f5ade067dffff253f27e926431ad806703e8fab23656e0b7431916d8d4c72a7d831e3664e5f30839c76c8167b76f3b2dc75a6ef48df515e06ea54ca51de2fd9c5eeabb1610b7eef06a2f3167859cf82e1a5b76be8ed8beee2bba28c3b15af6890d7a37226834ec9f63306a0da11aff918753d8b83fe7220803c070db98195d6d18357233f5504a6e3bd6f30115d3987f93aa5d89aa0b8b577d1fed94da057a6f088233efc0f44f86798896eae9ad0b20c8c9cdd9d72a3f02213f6797800894b864cb44fed009440fa5b0197023929f9bad16f052cc2d87327788a68b9209f46fb4776b092d75713048b5453ccd699d19cafa8e9a93fdab0f0863711916efe3bd81ee71b8e0221e12e9ffe2f6ee1a4dc1a8de6e593480f3c05b3691e916a4a7ca51971eb2f0f693dd10f6b8468f8cf7bcce285938b5a0a76ef86acfa2990f88bdafdc39a065db17b845028ed2b7a9e331c44217de20440e406868f1eca818d0be20248c2948b8f4cb118b2e456e585949139270f57c54715f3297bf714aa7c5f72ed8ddf6a074703ffbf95e45bc81a02c42822c22d2b718f2de5e03d687a4b18d605ef5ae75f9d43c8cb4e77aaa0c0101d978120f29574b22f52783c667f7daab3e1f9cfacf2e68e94a24918e3fe2c4f061deeb64891b5217fe5908e7f389897751839982b7fb736fbfb1232684e93123611b7fc8fbeb74f8815b5ae13240051920f3b6ed34483ff673c467ed7f0a8fbf619796e485affbed0697415d2d0598ba34d5b9e44ffd12a5edc323883a2e28efe9baf860324f2d2016748503eac1888213926b0e0f0335a4b51820a2bd3b42d982ec6ce307b453b6385aed7a735a1e98479394147c40f01c532926e10e1b26a5b395bc150ec4b4daf5b1436bd0baa225583ffc9d9e9d8a354f60fded37b41c7c051daea04e689ab2d4e24d7d07c75c50ccfd6a527e024d1632246c6f40f06b86ffec0b29cf894b665d53d459226b93422d37a8da23587fe884dc3c0f2fb55dea296a9a5b9a0d101f186d9fa6288c912202547cdf958569d2cbf235740eed38d10b0025dbb6de31058e98780d22149c19d4bcaf06dd7353fd91cd1f47e47f45622e1472542be2f63f463d253617eafd4f2ad609f9020884905dd5c22fba53ccc619104b6c0203a7f6c8c26fc80ff6fceb8c0c51600c2e46b4b872e6d597511524545a76cb42278b519d911e6c1320e01682c551e204ccdf91290c52e0836167a5685cbb1af338eb794c10fac92950f3f7956acf28f1ca984e380bcff9876b0c71dc7ce4011d1d0f955da9ca885c6e7bb74c6194dadb0fb9146dd725c8a9574aaf3824b727c9be3fce59c35850b162c17d3013689fca858a0a51d81cf4f30d6a8705bbfe35ff03c34cc7c56aca32140d72c8e8121fc71353596b777b266d75b322c9a97fd2c5d4e2362f19c99de66da7bd9c495c03d9a15b28431a0c051e786fa80f5503a72519e6b419263d72d553d688349c0cf30918eba0622b953a0efce4415c29515c26ba15f00e548ef108afe3f8194aeb965e5e4be94f10df6c45ea5c133a8c3398d09fb80f950b83c1866a1637d2bcc195e05cc32a9233b244cc2b1d4930e66f032cb1163c37b3e58b576ab76de759569797fa9b8bb4fad66aaaa56f09c7a0ce4641d6799d7bb47cf684990ec1e08871458c211a353ccf1285e7429c7b8520180918f7
+
+[L = 20]
+
+Len = 16
+Msg = 8a61
+
+Len = 104
+Msg = 37487aa02b03bdbc6bc62e7e26
+
+Len = 352
+Msg = 6ecd002568bae3bf1873993041bfa292eb94e9ad092d8eb3585be82e8a20cb36a47a06e7a57d301268a4a533
+
+Len = 504
+Msg = f6dc1d2f6b8e126d99939664693d8709513f97d730074ec2794e536d94ede79c81f2b2ecbff3c2c26ca2d181ada2c60050997f3bb087ce48d956c18dedb227
+
+Len = 13976
+Msg = 07a6372c863c7d7c6764e4f05addbbe161762735dfd2d23bf268e2d603cd28de9c369ac379390473e1d3fa7e37af1178cca54fa0f782dfbe68070952b93462ea46c640d43ffe71f5fba42df98f4c48ada0d8aca8753e0731508bc15dff283178ae5c10a6ff132eca5dde63a78d3ac94685152897828eb25a55fdf140fd33fd4e7b03f283e201a1baae8986d25603fb0b2566aab345fb48031d648144dddc2e3556c0ceb1104f348d96ae7dc0152e45c625d21b46e70c31f250c858aec4ab2cf5e79d8c79b0854e0abf5330b9f044113d306161968f4ad6f0973160c9dc296056d5a11523ea2b56fbce8387070fccc639ec1c65ec663b9dc49aa880dc4ddd3020c9d44ff7e8cab6266e436af19b4ecb82010a0f8f9469ef380034a02e3f50051a6a3f233dcfe9d553459dc1bebc538ae0183448c9405c351271dea808d908480e61e9793cca111b4cfb9874b799626a1bd9a0f6e0929ad51b97ad81b2438f5fc255db3a3dfec9f0d8393c6b245b03d3faeb58021db3ad391b17a91174a66db4feef1b4c889699bcbea7928f4d29be2d47f76455c8cb1dc7da9cda41962a28ad8cd7b39965b809e7c7eca1c6792c1ce1c8a4cad6290170e91fcc49fa5ff64ab433b4aa081c8da2d9bbb072f9f18ca455469b946c877e3006b34ffd2219335b30ba2e0980f43cebfb629d0b11fe70dff28883ca012c6ae4855fcefea20a08e189eaeed7eb36ed6db3835976f4e60053205805727c5eec15d0e9f155637a9e66268b9c1c302bcaae6ae88cbb8cf1668a487cc996c4662c4a4e195f094cb31c717165e0e13718f8388957dfe0bf69c70cd0bd763dc38c530b67b9c12244fcab8bd13f602de848a2937699f9ef77944e5f22e3b470601789e1838fbea9359c733aaee2c7082b02ee459b7684ef9bbc200da4b62d368351f5520a65ffa506dc9b097117bb7ae88d04d85fb525e91327689ec0fe86971480c0e864012b1e9f044c7d80a4e48c07320dd4292086e4c71d4c98dd826a9bfced112bfa2beb1ce85cad204451ec45703931bf637d4fe89fe8f485620b7f4b21e011a232ade7a8c92be77925e878ae0bea9723749528fe83cf89ecb9616dae6ca0e8d5754ec6c92abb21108c2f33cdc18c6887c430b72c5b193356494cddccc577bd4c2cd53188f352846edff0c2ac7869cb74bb16a77c0f0f194a7a9477ae15abb890bd0bcfeb0c39381a87f1d05319c7e971c10e9ef687f96450b400e25b4285032892b849fd5db8649cedfb03c88defea063ee144a1ab1f3bf05f59c7db364dc39c11a446c3ce16307d78d50315ba29f5bb9a57438564c8c7b3e367cd37d74b2375a4966f47489dc5448f4979428abd32193d3840aa983d3020a9f29d760fc7493ab2576c90b1934b799c1d0d55e4f2caa78f4ce61930c79dc017c2dea0c5085d73a3b0e4a6f341e9a5061a6658af11e5edf95bdad915ac3619969e39bee15788a8de667f92f4efc84f35082d52d562aa74e12cc7f22d3425b58f5056d74afcf162cd44e65b9ee510ff91af094c3d2d42c3b088536d62a98f1c689edcf3ea3fc228d711c109d76ae83d82d6a34dcfbad563cf3726519b519fd48b51741aa86720836494b7a589c778927047a25d73508adaa401e9a6c0767a675e31c5556cbe35fadc9671359b45e985c3c8af84113989b299ae4474b85e4b5d4b0578ab1e8a2915a8df97c4f52a639fe32272cb91bbfb721505dec46d51383cb8973425a714245c2e37d0577fbe0d66381d9239db1f08a380cf609dc699698e0fada2caeda44d58d766c4f8214b10642b80b8d7d8add7cc41d47108ab7d07dab71069a2d982cc900b331caec317942122158bac6eac9175c2dcba0c04443aa9188832b553f5ca8c336880824d6bc02486a2b4c086665d276aafe3b1b93729829adca50c44466fd5b5cb977aa78fbcf5c0f0da1b09216468a11493ffb39efdeda5d669ae92bee2f2fb250aa1b9cbb11c36c7a6c6dd26cdc3cfd572ffd8c1dd72a13c27a327a34c6b6b3d80fc6c67c72152eec0c8ecbdc1bd5cb829b811e7f29af6d786f4e93dd4c96fdda295a6aa258d7b2fcf291c2d68e0b1866032475964ec0c6f2fa8c2d6a3936ecb187350def4e818507bf157c0e9b33406be7660605af14cccc9c799b4e051d0d0899e53495bb8931a6e2984bc6dbe4e02ec8b4642fc2f1cb5fd5a5520b48cfcb49e1f9533838753554dd98b6a1b8a67409279df477330e5f37367e06247ca5c3ffefd00e693dcc0c9c30754121c9ee88a574915b9e77c104fd2f921c2c096573951407ba9b440423d76bdc6fc978237a6e302cede7f99038ec31500884775556941f1edc30e3a417b0e02cb6fb5bfbe5cdfacf4006411287bedc565fb06f1be987416407dc852254934df4ab59edce476f3506e65be6ce6ddf91038642291fb8e92ba5b1f0b105670905a2c14796110bac6f52455b430a47b8eff61
+
+Len = 48824
+Msg = cd8490c93613bdf1f284b94b330f6d6f45a39c651d2a160b340e2eb696fc6d1c35e88872845190d141c669de92a97daa5433b1d7b0b899fdef2ce74b8fe72a7296a5b5be26d1dc86520367c730c7400c2fa06f91ab4c48a7bf4ae35a5b9acd5296c4fdf7451b0ad9cc439b4e34f11e5d7ef2bdda376f8dd34d6f092b219dc085dd4c4a6308b8808f588eedbbc7af7f64e83182fc7ca7cf4741a341060a7969d31445834c982fa8739ded4555108acbea1666a83da17f77cc42ee73323eb53203e3b790f81c08e94c44678b6538096ab7b09916e6cf7ceb2af85987f8e4d982dff1ab59b0bdccaae1f405a73366b5c5935dd0b43e2d2894290ceb66a0246dc02de728c5bba30255fb56ce8107c3144246c5156a8fe40ada9126adf67227fa56b66c37be63f532516211ca012977b04a97916f201f1baa2629eda520b51508ab4229df2ceedce406dece0110e0a911464f69e7be38fb91deba0addcdb3161d2799c628f5a57fa1dc37357c947681bd9c36f4832c20ac466c0c245de3b250c33282ea1a02d007f03b34ed427631283eb614db4d521f555136e7e42b4cfbee8134c63dbe3bb79b5a8b9f9f5b9f5ac61cfab1c54d197f1e3ba613f251eed616df952d691b88a16466343ef2d0f63882ddd2d55b8a6786308b2257f5d7b38af166bd7f1339d2d8899c9eda8fa86215850ba547450c267eb3c9147d96c38161a69d1584e521ffa23384313a1debcd37f72ddad02adb3cadce7ee34b7c1f42a15d0d030487daf9488aa7562845a11ee7ffccdb38b300935caa31f78a4ff3dd93403cf0c6a16ca611b58c736aafd33d6dc56f0f47878211d26f6ab801b9453a7f74b44593dae0f047ddbbf2c902891111729edec44f69a05944b18e7a601f41ad24fd6833da3dbe3029bd390de7c9841b2ee2b079b2bd2737518fe1bbec88da64769dc36e4a8bf716c219b2fe059d7dd220c1ed2c59878db5bf8b198e0689edee921ebc0cd2d3853fcf57c363050ce58071c5fda6ebcfbc1bb62e9eb956286291a108bdd4191c4ff47900d6068e1ea26b487649af119b9bb15dfed804836f2196cbe12d8fc86e3d7ce89b52ad49dc9ddbce5b370f73f512bedd853039366612453733740586d1372143b09f21dd4dbe1a2bfc308db8e4098c5e4b0c1e16141ee50e85fafefc4e2529b3c7252af37aee6f86e19df28871686107d7d57dcc812bc077602642d2ecefdd5f694b8f336913210793e4068da2178600b1f41cffb5221c9b4b6298afb47e85701d7b1a44241679d8996f916c81ff437261cfc358b9ec42a2ce16ca3bacb8690d6c1d91cfb3e0bf1e7ba45bd01606df856fd03c7e946f7ab371a89e1fde86d05fdd97bd7b1c583b04c2ed2b5f6815a460645e4e1b4e950bf6bd81dd0352d1048df85266f1696534aff5b1cbc17f15d82cc8e0c0d4f0453f9439094f8e0f7f4bc045b654d9a2f1f44a9c57019f63ecc41021c05b5380675cb56ea8bb691d79ee204d2c4edacde3c1fb3f4996a11d84b035f965e74009e2ab80e2c7ea3c84a834d4971a1e9cf423e4ea67ee526eb3c3e4c2d7372c4290a0741e1fcca5ae4cf36705abe98ac81e98a5419baefcaf3093a7e0449ef1021f88ffb7ad21b2677e41cdda12025b06542c4b2564f15e0b99db43b7c7020028bd829372122cd910227cb07c53cb58fd9dc620c0491f3e2bf883fe6ee8cb1f5b73767977d857e4513e8b5612f6ae4b56014e6a3ad2a065b65472212e2f611743484cfaef860999d1dc5608c58412fab888ad72bb87dd9b55b692f31e252daf8944ec5c02a5a9c23903c50dbd845f2fcc3bc9806af13ca7b025cabe675195b1d56f3fe7d7bca12530bcc0af217efcb03a218bdb6f9726536ea902c8303b02e3ced22be59753588b5f0e2f3419fa5345a942dbcdf3010465384a225ba26cdd0f1d74999c69f336bb6d01fae5cf81cbb8c1a7a29c1eb83ca6b51113bde56b8cfb6a5d72557622a37f039d090a689accd02b57c691174338de8e05bb3620c079705c969c58e56b079dc9eb44eb0fcebe548f5a31f4072a5ed56a2f03107bf40a359b2601eddf53cade66f294cfeaa40a0d94b9c90d15f61852f295d3911f8ea914d015885c8c64540a83badf0021a416c3e37b78236a2ecd1fce4114033416bdd3a36c18ec13250ee9c74c0fc4dd564b3d24a825802d5ae402a53bacace115ae3bbb329be79d1e5e42dbaf0a6446431145fe49b86a8703c7c41f8985d54f12e314c16ff89351d8addf66ebba2783f2d1a11965182aa0b0dd2de53586c5a695c6265c2b173958da648611090557bdebf11a1e042f089fe98e049f4796c60d26be38356fe020d9ace9008410d53a1bb7db78b52ee44bac364213f5c59f1eac4e3314f3423b92fdd7a6156608111ac6ddf58385ec1f3df12061208db98816ac948d803fad10d5ece2018c60faa13de5e5a9033745c824932e53f4122a39f635813545c1b74732cd55642f19ed6deca1585ebf7242c849bde981572a2199066e9c912b2068c8f1c8b936c43ae95c6e22bd7b80dfea05f495d751107da5928e806d0af905c87b5a0795df146af6580d8f9c6a0e2645686d43822ce9b4be0bd5937c097917e048b5af71c7e7521d490f107e9231ee5bd9fbf0727ba87774ed24cd52f471ffb71849ebd55605996515bdcfe95bb1df3541e7c42da4166dd01ec3597634aa6455d15fe14af435e8d7a55ff1682d55a2da867ae63d11fb3fd987fa5d7032ecefc35d3fb9570940e779e13da18070e6df5292f97f2a281f9598101102c955fe4808a2319c85fdef3d55b19e05bb8c2d3da64bafb67a53491513a24f6f0804aa162c8a7db25b38089373fecc45a0eaef65dd9be3b4b7f9436a5423fdcdb5a9b60138fc6a2261225390d9ae0d8ab7f0f7ffff69dca06881d33a637d634358abebb333df41151f239add91abaafc89070cb2159ce3a31655c22e4696c9fa7a7211d1251d4bb21ea4a321a3dbebc29d97f526251e40e548dcd7ed07587719a266f006179dcd22e50b3705152817057b097b043ad63b8d867edc20aea9b4c959ef4ff70f47128cfcc21e31f17978ecacc366f459ac1cc459a3976e4173ca322675f84f18036119ec2f204c3fb554a0b72f7e9d8c882ab147b3d280ca9dff7b9160b1b437b901f03cbc05fe05c6f44824b48aa8da52ae7dda1653fd500f9ccd221843cf76513b3b74d094f14d93a00d7cb954bc4cf2f04f9a35e38edcb1e84f62057647dcb3571f1dd296ca1e049f1746a8a282e85138500e7649db756b2d2ad88f11c471c89dc6be2cd43481013b8d0ae83da2b855cea7be424f8b2325b1850d1fdef03e765458df4513d57c72ba9751e1edc3c4e7f97e3202bb46eec7be89871ba3704aa6c6fc08851e551a3f655fa1fb798d12f003faf31c56b6df399a5dd0ed29ef9e4139dbc254bc5d6051840a859eabaaad56324588fae881fd638d2b70fb3813402df61d941ab495588e5fc3823249bf9a03cf877902394f512de118edaf98843a5445e9073fcfa409df3db0221f1c77e2dd21e74f9e10c9e180dc4ed17010eb949c6d67a22bd5337b2c68f9eccdec778ece728e91353696b742c8f5a3a569f054efb8c1ed478ee9b75e26c768a5816aa6bd08a4c72e745fdb5deb34ecb86b3a84346c1c70f9c16fc45bc0421f0da2f630912d5079f390cc53b78e343310de722b53d2a3b4aa386caa0d7e91986e19c3363426ba30eb5284293af81d00158a3f5233327b40c3b989725ba7dd5b31ac7abf8d3e0b737e843065cd7316dc2f374a00bed4cf9caa0d6e232c854df1bc24c3d484bc6bcb14ec770d5745474dc6ac3b3ddbffc551c9fcc2c56a5e0ae17948457c01e701bf1554022bc2b7d9dd42b2b91172fd85e6874d2d61fc7b3bb3cee2a9bfec09f6d7e98279c6f511f4140b116c856c1438e34bca59fdca2409f025b896a52d68719bf93e82e7d89bbf798991fda0af8d06d17f39eba4bca09c1fe594b537ad4c9b94ab52c895539d639425f9146b24b016368a638e5bba391bc8763cae7c52ff9c496884f1d84e5e08ed451358ecb3c4919dd410e82cac35ae744078287c05c89b42999ea6b8b127d40d53a5722d45139e8bc507a11e7add7fa9ab12cc40afeec008a4668e3e6440f27bb5780936c0e3668ac51262390c79b3f21fd041cf36ba3522f3a552714ff188bfd554c60d0e7d11213cf7d3864a5175d4047c2f3284741f18ec22995a5b82bf62190151bc1529c6d9927f9b0c1dacebd9c2dc406f7f64a973f9a70cff6e3abeebeb46514bbf2ead382f7262d46bd43d88c1b91a9011d1f8ba81fa536a7162aee2b2ec6fc0f2d6efc87b98d2e41e0f946969da659c21053775ece415a34d42b6cfd5bc52259867b411dfb991461ca618052309ca9c96468c2da12dfab0e822ff3bbe7ba281982a239ac19c47024fe1f0e3550cf0975add1f680a9dac9b2c4ab0aed4f409ddda6765eb8a0a9d1e9d07458c69ac8195541219b18efcd06c0001f2ae7fee2d404666a18ca3cb3aa4f0623e86c5b1229f6c2ca28d951111294b91edc52730b6b2c46e000672a7c89b2f38045bd3e37dbb8a75e18687a514dcf740c87a34834d3c3cc8aadf6166ec0c42d2be92f90a3af49633ff23cd80848ceb57ac550eaf9ae496bdc6a2d7cf50fe107895b4a1ed014f78af24eccd6a07420f1dc0df1e7c44b4ba937dd43cab9c798371b148325578d61931766af02b45054bdc2d9fcab2f4b49092f6fff7c27886820739d6140a4a905f0020249e8ae8dd87da1a1e7b1851eb01045aaa72dc8a2bf68055e7aed41d85336648a3405195d2ab61b0e29a770461f32fd05e14c17d72c5252f026a7b9abe7ea9176d3c46f6ed9fb716758d97b41e4f5d81a24538f763d83eecafafc668422612b40cfc32b3354b24755fbe400a2bfed494fe6d0ba0051713b776e67e2f1915e94708e6dc74b398f2f526933aad8fe7dc32faf40022606aebb6e0756b994c3176fae7640ee06d6c67bd54764c4752f1bf831f43e0227cba101174c5554ce26400f333dd8e9f6db1cdf670ce407d7d06c3aef4c0724b62edc8f1ba3e04f0e394d15a73b9255abb4d6ac70303dcf9160d32dc02d4804219ed5c7e3b48402e58ab2f58305f9bb95d2a8759947de96328ed5234cfe7d0b2a9a014df7e4cd0ae48906315f139b8635d2e6bd4aba32e62b8906cdfe5622c411bf0373d0cb07d17bb2bb5b83eae4401c243605fd1df759fd0ddc704ccab5a9776c40fbf6bde0f11b9646c699f26063a9550ac228c9884c277bcadcc0a2c225dc203e28e253c4e464b23d2529d09c7b7dd3c984667372472b615645f294c4e3b0797f9d1c234015b78502d98bfc04f1fa2f16cf3e7221d5794d035e4b172a4d84e679cb1c82df2fb49d3c6668eb1661bed56705096c2371a19d668832808eedd9e5b1256c18fe7ccc494e5e29145d453c553ec86fb7f3a634d0d45661875f2f1005ba5e734c1a976f37cd23450e4606e32d027bc9ec2edd9395e14b2082179bd7b4f9b8caa2d00a2de71d48553f7d4153cb56a1b08f11925e4b11c9281744ae9171f3d6faa3ab3f88c5c34fd23e4f6efeceafdcbc07686ef56efa62c0ad62f1cdcb4d3b5bc508c1f05263bc347158fa5495828f34eb7fcde98fefaa82bafeefed3f4a58968d751c051b52e0047f066de5be533bc3b1e439ab1c8602f6c67503803c8fa113737cb8279f358dbacdf45432b7a654d0e1122cca93420e956661d7275181c75b0d9c20e84c7007dfc49f27bc00007cf4ffa631c892981fd70141d532fcd51de5c23fe0b7a186d0dc296362f235d61698740cc315891cc9342da17843bcde274c17e462263d0e8b4832dd9075a7bbb443d4b26b41e534ad5551ed5ada102175e695363fb48d6b99ac978a3aa6f405d87f983384ce35740e930491d75675337c5dc081e3d301228e61bde5cc169968e5b4350cca2b085f9f75cc4b88497a78cd0a0073d90246c7dc102c7cbf3516498e8a41aa85d8cc5bc285ff66e8338e85ca83fb6889e2bccff52059bb9e92e92c155a349952680ffd0a3c346061a53fdf074417fc90c4d1af7c2acc3ee4b080752cbc9455ba5931b7e910f1e4af0efce905d2cc9c685923ead387fa532c0e8ad92719c76c281cd010e1acce500ae1443838b8afb48af032069dd07aa4df0d56bcb70a64592633699c8658102f1fbca441325e27f1732a7a973d8cb3a0684d72943ef6f1892f2d7ccf39bb6dfe5801ab98653bdbcfbb787bf125253be2624f6cf44177d588bd7b780d9e3f4e3a4e50b8a253fa21abce6a94b9073289c76773b46140f5a6e46b9de9ec066c176f5d1a69f380e1901216617363362d13ebb26ad74fb008ec08841550ff14ca800a1ecf2e007ebaad9f4e0d9664448d60ac0d8544243129fb81c1723b9b4bc2ee971dff736d9fcde0afbfbf5c50a4cc06a4c363998326c17bdc9e2508651dedd9a2a52bd87f8693cfcff60753acf9716c526e8635f12377e36564ae55d0fdb3c7997ec4dbdaa5b4d18c7b660acd95060831795da7d299a5a8d8cf9e92537dbd3ef7f56aebe38fa97c41da6bf0572a0270be7e5a7dcc0be3529339464c811052b65a938e874ea6da469c7d8992ce0aff1c75e82d1621ecb967213c65f2de582cb41de3804c507ddfc708ef3f6096ba4491e431160f98de806d0f334e03cfb7a3bece601099bd971253f3aa0df845da8b478603d5d88533d0cab9c89f2dd9a1404cf8939ffdda652a94093865a85fce2bc3d7babcff7b9f3306bd76b9af80c78ad518f89ee73b7a710da604e72f4927be8d65d06be2e0732fa786a83e27597cfbed9bf98df445499e0746b9f2cb9659ac0a9cef433148521f33b1d78d13c8441c0d1e20fd93ac450a3787a2292bcbd68cd1f961d34937be9a21abaf26f361bf53aa0c095e53c51f3e04d567eabe6e40d96a17c2bcc9230b18f7e079bc549a314b4ae21d30a3341aa205bc75c7f1d21b0a49549c300faeda243d0ce18da5e66c5b663cd705005dd9fea0a9564174abb797d64c58fdab1fae44576d514b75eaa31c9278b15bf9b6df7c6c2873d7a56fb91ab77b83761a09f9e1ddae535622fb87f7462256a60dd39dd3ceb6690b0272920b635ea639daf24f95462c523e5bbd8d8407c61163ab38877d5edfa04c2a78d4d240523ba97c7d01c71783f8748e85164b4dd08c25506a4ed18300b42b7bc6e417f512ae456ceec2ffc83190991a06d4a58ede215babcd3688e1d61f1975016244e80c88ae2aec05c7eeb1c50caca72b3b415b6b870bf5e10bd1ac3ba6b4acb1d1afac554444d94c97e171005fa4ea9c651bb4e527ff58d0c2f90fb453a92d6546a26e9e98395b09e8471bdcf2a145aacb649708cf048a7856ce8cf390c107ff2c66efbf2a76c5b041860ea576103cd8c6b25e50eca9ff6a2fa88083fe9ac0d1fb639c516b9bcdf23c34c6145a705498ff9b9747f15e1c08c63da6efeda4eca02c3f00dfec06c82220c9de840040118dde76be788daf84e6a2f44c81fe6defcc474f99c51c4648d297cbc48f081e0809dbda505d020cbe865e430e0491644ec8c52bd3ab8ce8c4862990f49fe2588caf804ce9500ef42d5a50c057c257168e283e4a4aedbe4ccfaf3eeffb212f9e23d15434d60bf4f455f512e2b655aff3225d1b217c261110cec0400f54dd303d6231d028c2eb649bccc91d30a6391c88bff9d447c3cf35a3467be5957e0ea4d4dc237c9f2c68ce48f658f820a3d72d559b60f233ce538c92cb148808e34fedf2d648c21e7f2ea29a77270c393bda42d869351d6c085d965dc12cbfd0311b8bf604f4391d378781eea3b5f1e0da9d0d8f8de88e56fe47d362cd46f591d3ec0f7cccb85a21f21ddcd4107821ce0ca9ddf99dfdfd9b0c9cd45053e5b1b4385bd8f5b227ada31b5c23e9420014474e8b4494fde7c38edfe70994d97b8cbdfac588df49a49c472fcce78cccc051f31cbbc1e0422878d8d490f3aee28adf1587c38fb7e7d1be54abeaa83cf54b633803a5e669ff4295df8735231ce39631616bd05e0e31117c722c2fd6787003b0bc7fe422a089c89329544e085d71102c1813769450a9f66f160d1702cdb17bd2c6fdf0f722762d193ce83623eeffab17b01b10a31db6e2feb6eb3abdbb2e36320e1a56e44e48d26090afa7f65003a98cbfef590ac3ec89b3eb230557cf6aa566e841806aa2767b21bb26fe001f11ae039e0c9a4bf1bf3d271960f16158eb5bd9ebf0080abd8369d512cab2d1aaae2b14d0ff6ee705a38fb0c801a98b0624cc138fc24834fdf430f33e1760db913da3290f34415c9e3df3e97da1780545ab68ac5a24db89f24d62f4a399728e4144a8c89f47ac2d29e30c49b0bcf790a5e3d3fcd1943c6a28f37251d9dd827a69579e6c17b629c927473b5a07b0a29d9562708d6c8ce576109ad1a3473ffb2047eb069beeec24c114bef392c929038c92abd0e6a19b610e27881361824d57008b7373d0ab76379570ded76c9b8284fe2c247791073c29b2fc6fca05019220ab92856892d3c0dcc6da0b597fe559c162d060d71513ebca050d9638164b9ae271fba5575ade787ec5aee8fc253d1b234b1df561db3e36ac64b9b0100dd6b407043537b2b141f
diff --git a/src/lib/libssl/test/maketests.com b/src/lib/libssl/test/maketests.com
index dfbfef7b1b..94621a655b 100644
--- a/src/lib/libssl/test/maketests.com
+++ b/src/lib/libssl/test/maketests.com
@@ -586,7 +586,7 @@ $ CCDEFS = "TCPIP_TYPE_''P3'"
$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
$ CCEXTRAFLAGS = ""
$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
$!
diff --git a/src/lib/libssl/test/tverify.com b/src/lib/libssl/test/tverify.com
index 2060184d1e..021d701d79 100644
--- a/src/lib/libssl/test/tverify.com
+++ b/src/lib/libssl/test/tverify.com
@@ -8,22 +8,22 @@ $ copy/concatenate [-.certs]*.pem certs.tmp
$
$ old_f :=
$ loop_certs:
-$ c := NO
+$ verify := NO
+$ more := YES
$ certs :=
$ loop_certs2:
$ f = f$search("[-.certs]*.pem")
$ if f .nes. "" .and. f .nes. old_f
$ then
$ certs = certs + " [-.certs]" + f$parse(f,,,"NAME") + ".pem"
-$ c := YES
+$ verify := YES
$ if f$length(certs) .lt. 180 then goto loop_certs2
+$ else
+$ more := NO
$ endif
$ certs = certs - " "
$
-$ if c
-$ then
-$ mcr 'exe_dir'openssl verify "-CAfile" certs.tmp 'certs'
-$ goto loop_certs
-$ endif
+$ if verify then mcr 'exe_dir'openssl verify "-CAfile" certs.tmp 'certs'
+$ if more then goto loop_certs
$
$ delete certs.tmp;*
--
cgit v1.2.3-55-g6feb